YaWK  24.1
Yet another WebKit
Public Member Functions | Static Public Member Functions | Public Attributes | List of all members
YAWK\controller Class Reference

The controller function returns filtered filename as string (or null). More...

Public Member Functions

 __construct ()
 

Static Public Member Functions

static filterfilename ($db, $lang, $filename)
 Main filter controller: checks GET params and lead to corresponding actions. More...
 
static frontEndInit ($db, $currentpage, $user, $template)
 

Public Attributes

 $filename
 

Detailed Description

The controller function returns filtered filename as string (or null).

The Controller Class.

Controller filter and return filename

Author
Daniel Retzl danie.nosp@m.lret.nosp@m.zl@gm.nosp@m.ail..nosp@m.com
Copyright
2009-2016 Daniel Retzl yawk.io @license https://opensource.org/licenses/MIT
Version
1.0.0

Definition at line 14 of file controller.php.

Constructor & Destructor Documentation

◆ __construct()

YAWK\controller::__construct ( )

Definition at line 33 of file controller.php.

35  {

Member Function Documentation

◆ filterfilename()

static YAWK\controller::filterfilename (   $db,
  $lang,
  $filename 
)
static

Main filter controller: checks GET params and lead to corresponding actions.

Parameters
$db
$lang
$filename
Returns
false|string

This is used whether to detect that users wants to reset password, load a page or delegate any other action

Definition at line 46 of file controller.php.

48  {
49  // check if user wants to reset password
50  if (isset($_GET['resetPassword']) && ($_GET['resetPassword']) == true)
51  {
52  if (isset($_GET['token']) && (is_string($_GET['token'])))
53  {
54  // check if tokens match and returns the uid
55  $uid = user::checkResetToken($db, $_GET['token']);
56  // no uid
57  if ($uid == false)
58  {
59  // display password changing form...
60  echo "<div class=\"container-fluid\">
61  <div class=\"row text-center\">
62  <div class=\"col-md-12\"><b class=\"text-danger\"><br><br<b>$lang[PASSWORD_RESET_ERROR]</b>
63  <br><i>$lang[PASSWORD_RESET_ERROR_UID]</i>
64  <br><br></div></div>";
65  exit;
66  }
67  else
68  {
69  // display password changing form...
70  echo "<div class=\"container-fluid\">
71  <div class=\"row text-center\">
72  <div class=\"col-md-4\">&nbsp;</div>
73  <div class=\"col-md-4\"><br><br><h3>$lang[PASSWORD_RESET]<br>
74  <p class=\"small text-gray\">$lang[PASSWORD_REQUIREMENTS]</small></h3><hr>";
75  user::drawPasswordResetForm($db, $lang, $uid);
76  echo "<hr><br><br></div>
77  <div class=\"col-md-4\">&nbsp;</div></div>";
78  exit;
79  }
80  }
81  else
82  {
83  die ($lang['PASSWORD_RESET_ERROR_TOKEN']);
84  }
85  }
86 
87  // check if new user password should be set
88  if (isset($_GET['setNewPassword']) && ($_GET['setNewPassword'] == true))
89  {
90  // check if newPassword1 + newPassword2 are set, valid and equal...
91  if (isset($_POST['newPassword1']) && (!empty($_POST['newPassword1']) && (is_string($_POST['newPassword1']))
92  && (isset($_POST['newPassword2']) && (!empty($_POST['newPassword2']) && (is_string($_POST['newPassword2']))
93  && ($_POST['newPassword1'] == $_POST['newPassword2'])))))
94  {
95  // trim passwords
96  $_POST['newPassword1'] = trim($_POST['newPassword1']);
97  $_POST['newPassword2'] = trim($_POST['newPassword2']);
98  // strip html tags
99  $_POST['newPassword1'] = strip_tags($_POST['newPassword1']);
100  $_POST['newPassword2'] = strip_tags($_POST['newPassword2']);
101 
102  // check if uid is set and valid
103  if (isset($_POST['uid']) && (!empty($_POST['uid']) && (is_numeric($_POST['uid']))))
104  {
105  // set new password
106  if (user::setNewPassword($db, $_POST['newPassword1'], $_POST['uid']) == true)
107  { // password change successful...
108  // get username to pre-fill out the login form
109  $user = user::getUserNameFromID($db, $_POST['uid']);
110  // if username is NOT set correctly
111  if (!isset($user) || (empty($user)) || (!is_string($user)))
112  { // no form pre-fill out
113  $user = '';
114  }
115 
116  // display password changing form...
117  echo "<div class=\"container-fluid\">
118  <div class=\"row text-center\">
119  <div class=\"col-md-4\">&nbsp;</div>
120  <div class=\"col-md-4\"><br><br><h3>$lang[PASSWORD_CHANGED]<br>
121  <p class=\"small text-gray\">$lang[PASSWORD_CHANGED_LOGIN]</small></h3><hr></div></div>";
122  echo user::drawLoginBox("$user", $_POST['newPassword1']);
123  echo "<hr><br><br><br><br>";
124  exit;
125  }
126  else
127  {
128  // password could not be changed...
129  echo "<div class=\"container-fluid\">
130  <div class=\"row text-center\">
131  <div class=\"col-md-4\">&nbsp;</div>
132  <div class=\"col-md-4\"><br><br><h3>$lang[PASSWORD_CHANGED_ERROR]<br>
133  <p class=\"small text-gray\">$lang[PLEASE_TRY_AGAIN]</small></h3><hr>";
134  // draw reset form again
135  user::drawPasswordResetForm($db, $lang, $_POST['uid']);
136  echo "<br><br></div>
137  <div class=\"col-md-4\">&nbsp;</div></div>";
138  exit;
139  }
140  }
141  else
142  { // user unknown, due this it is unable to handle this request
143  return false;
144  }
145  }
146  else
147  {
148  // show reset form again if user enters no password
149  echo "<div class=\"container-fluid\">
150  <div class=\"row\">
151  <div class=\"col-md-4\">&nbsp;</div>
152  <div class=\"col-md-4 text-center\"><br><br><h3>$lang[PASSWORD_CHANGED_ERROR]<br>
153  <p class=\"small text-gray\">$lang[PLEASE_TRY_AGAIN]</small></h3><hr>
154  <br><br></div>
155  <div class=\"col-md-4\">&nbsp;</div></div>";
156  exit;
157  }
158  }
159 
160  // lower cases
161  $filename = mb_strtolower($filename);
162  // just numbers + chars are allowed, replace special chares,
163  $filename = preg_replace("/[^.a-z0-9\-\/]/i", "", $filename);
164  // trim filename and check if its empty
165  if (trim($filename) === "")
166  { // if filename is empty, set index as default page
167  $filename = "index";
168  }
169  if ($filename[0] === "/")
170  {
171  // remove prefix slash
172  $filename = substr($filename, 1);
173  }
174 
175  // append file extension
176  $filename .= ".php";
177 
178  if ($filename == "content/pages/.php"){
179  echo "<br><br><br><br>";
180  die("Unable to display page - filename not set. output of \$filename: $filename");
181  }
182 
183  // what if file not exists...
184  if (!file_exists($filename))
185  {
186  // file does not exist, load 404 page
187  $notfound = $filename." not found!";
188  $filename = "content/errors/404.php";
189  // check if call comes from frontend or backend
190  if (file_exists($filename))
191  { // frontend success
192  return $filename;
193  }
194  else
195  {
196  // call from backend, set path correctly
197  if (!isset($db)) { $db = new db(); }
198  sys::setSyslog($db, 4, 1, "404 ERROR $notfound", 0, 0, 0, 0);
199  return $filename;
200  }
201  }
202  // return file
203  return $filename;
$uid
if(!isset($db)) $uid
Definition: accept-friend.php:13
$lang
print $lang['FILEMAN_UPLOAD']
Definition: filemanager.php:385
die
die
Definition: block-user.php:27
YAWK\user\setNewPassword
static setNewPassword($db, $newPassword, $uid)
Set a new user password.
Definition: user.php:189
YAWK\user\drawLoginBox
static drawLoginBox($username, $password)
return the html for a default login box
Definition: user.php:2001
YAWK\user\drawPasswordResetForm
static drawPasswordResetForm($db, $lang, $uid)
Draw the form where users can reset their password.
Definition: user.php:171
YAWK\user\checkResetToken
static checkResetToken($db, $token)
Check if password reset token matches and return uid.
Definition: user.php:131
exit
exit
Definition: message-fetch.php:17
$_GET
print $_GET['id']
Definition: page-edit.php:357

References $_GET, $db, YAWK\controller\$filename, $lang, $uid, YAWK\user\checkResetToken(), die, YAWK\user\drawLoginBox(), YAWK\user\drawPasswordResetForm(), exit, and YAWK\user\setNewPassword().

Referenced by YAWK\BACKEND\AdminLTE\drawHtmlContent(), and YAWK\page\getContent().

◆ frontEndInit()

static YAWK\controller::frontEndInit (   $db,
  $currentpage,
  $user,
  $template 
)
static

Definition at line 23 of file controller.php.

25  {
26 
27  // check whether the system is actually in maintenance mode
28 

Member Data Documentation

◆ $filename

YAWK\controller::$filename
  • Parameters
    stringthe filename to filter

Definition at line 31 of file controller.php.

Referenced by YAWK\controller\filterfilename().

The documentation for this class was generated from the following file: