YaWK  24.1
Yet another WebKit
controller.php
Go to the documentation of this file.
1 <?php
2 namespace YAWK
3 {
4  /**
5  * @details The Controller Class.
6  *
7  * <p>Controller filter and return filename</p>
8  *
9  * @author Daniel Retzl <[email protected]>
10  * @copyright 2009-2016 Daniel Retzl yawk.io
11  * @license https://opensource.org/licenses/MIT
12  * @version 1.0.0
13  * @brief The controller function returns filtered filename as string (or null).
14  */
15  class controller
16  {
17  /**
18  * @details TODO: outdated try to outsource the frontend init from admin/index.php (failed)
19  * @details this could be deleted.
20  * @param $db db
21  * @param $currentpage \YAWK\page
22  * @brief INIT FRONTEND STARTS HERE
23  */
24  public static function frontEndInit($db, $currentpage, $user, $template)
25  {
26 
27  // check whether the system is actually in maintenance mode
28 
29  }
30 
31  /** * @param string the filename to filter */
32  public $filename;
33 
34  function __construct()
35  {
36  }
37 
38 
39  /**
40  * @brief Main filter controller: checks GET params and lead to corresponding actions
41  * @param $db
42  * @param $lang
43  * @param $filename
44  * @return false|string
45  * @details This is used whether to detect that users wants to reset password, load a page or delegate any other action
46  */
47  public static function filterfilename($db, $lang, $filename)
48  {
49  // check if user wants to reset password
50  if (isset($_GET['resetPassword']) && ($_GET['resetPassword']) == true)
51  {
52  if (isset($_GET['token']) && (is_string($_GET['token'])))
53  {
54  // check if tokens match and returns the uid
55  $uid = user::checkResetToken($db, $_GET['token']);
56  // no uid
57  if ($uid == false)
58  {
59  // display password changing form...
60  echo "<div class=\"container-fluid\">
61  <div class=\"row text-center\">
62  <div class=\"col-md-12\"><b class=\"text-danger\"><br><br<b>$lang[PASSWORD_RESET_ERROR]</b>
63  <br><i>$lang[PASSWORD_RESET_ERROR_UID]</i>
64  <br><br></div></div>";
65  exit;
66  }
67  else
68  {
69  // display password changing form...
70  echo "<div class=\"container-fluid\">
71  <div class=\"row text-center\">
72  <div class=\"col-md-4\">&nbsp;</div>
73  <div class=\"col-md-4\"><br><br><h3>$lang[PASSWORD_RESET]<br>
74  <p class=\"small text-gray\">$lang[PASSWORD_REQUIREMENTS]</small></h3><hr>";
75  user::drawPasswordResetForm($db, $lang, $uid);
76  echo "<hr><br><br></div>
77  <div class=\"col-md-4\">&nbsp;</div></div>";
78  exit;
79  }
80  }
81  else
82  {
83  die ($lang['PASSWORD_RESET_ERROR_TOKEN']);
84  }
85  }
86 
87  // check if new user password should be set
88  if (isset($_GET['setNewPassword']) && ($_GET['setNewPassword'] == true))
89  {
90  // check if newPassword1 + newPassword2 are set, valid and equal...
91  if (isset($_POST['newPassword1']) && (!empty($_POST['newPassword1']) && (is_string($_POST['newPassword1']))
92  && (isset($_POST['newPassword2']) && (!empty($_POST['newPassword2']) && (is_string($_POST['newPassword2']))
93  && ($_POST['newPassword1'] == $_POST['newPassword2'])))))
94  {
95  // trim passwords
96  $_POST['newPassword1'] = trim($_POST['newPassword1']);
97  $_POST['newPassword2'] = trim($_POST['newPassword2']);
98  // strip html tags
99  $_POST['newPassword1'] = strip_tags($_POST['newPassword1']);
100  $_POST['newPassword2'] = strip_tags($_POST['newPassword2']);
101 
102  // check if uid is set and valid
103  if (isset($_POST['uid']) && (!empty($_POST['uid']) && (is_numeric($_POST['uid']))))
104  {
105  // set new password
106  if (user::setNewPassword($db, $_POST['newPassword1'], $_POST['uid']) == true)
107  { // password change successful...
108  // get username to pre-fill out the login form
109  $user = user::getUserNameFromID($db, $_POST['uid']);
110  // if username is NOT set correctly
111  if (!isset($user) || (empty($user)) || (!is_string($user)))
112  { // no form pre-fill out
113  $user = '';
114  }
115 
116  // display password changing form...
117  echo "<div class=\"container-fluid\">
118  <div class=\"row text-center\">
119  <div class=\"col-md-4\">&nbsp;</div>
120  <div class=\"col-md-4\"><br><br><h3>$lang[PASSWORD_CHANGED]<br>
121  <p class=\"small text-gray\">$lang[PASSWORD_CHANGED_LOGIN]</small></h3><hr></div></div>";
122  echo user::drawLoginBox("$user", $_POST['newPassword1']);
123  echo "<hr><br><br><br><br>";
124  exit;
125  }
126  else
127  {
128  // password could not be changed...
129  echo "<div class=\"container-fluid\">
130  <div class=\"row text-center\">
131  <div class=\"col-md-4\">&nbsp;</div>
132  <div class=\"col-md-4\"><br><br><h3>$lang[PASSWORD_CHANGED_ERROR]<br>
133  <p class=\"small text-gray\">$lang[PLEASE_TRY_AGAIN]</small></h3><hr>";
134  // draw reset form again
135  user::drawPasswordResetForm($db, $lang, $_POST['uid']);
136  echo "<br><br></div>
137  <div class=\"col-md-4\">&nbsp;</div></div>";
138  exit;
139  }
140  }
141  else
142  { // user unknown, due this it is unable to handle this request
143  return false;
144  }
145  }
146  else
147  {
148  // show reset form again if user enters no password
149  echo "<div class=\"container-fluid\">
150  <div class=\"row\">
151  <div class=\"col-md-4\">&nbsp;</div>
152  <div class=\"col-md-4 text-center\"><br><br><h3>$lang[PASSWORD_CHANGED_ERROR]<br>
153  <p class=\"small text-gray\">$lang[PLEASE_TRY_AGAIN]</small></h3><hr>
154  <br><br></div>
155  <div class=\"col-md-4\">&nbsp;</div></div>";
156  exit;
157  }
158  }
159 
160  // lower cases
161  $filename = mb_strtolower($filename);
162  // just numbers + chars are allowed, replace special chares,
163  $filename = preg_replace("/[^.a-z0-9\-\/]/i", "", $filename);
164  // trim filename and check if its empty
165  if (trim($filename) === "")
166  { // if filename is empty, set index as default page
167  $filename = "index";
168  }
169  if ($filename[0] === "/")
170  {
171  // remove prefix slash
172  $filename = substr($filename, 1);
173  }
174 
175  // append file extension
176  $filename .= ".php";
177 
178  if ($filename == "content/pages/.php"){
179  echo "<br><br><br><br>";
180  die("Unable to display page - filename not set. output of \$filename: $filename");
181  }
182 
183  // what if file not exists...
184  if (!file_exists($filename))
185  {
186  // file does not exist, load 404 page
187  $notfound = $filename." not found!";
188  $filename = "content/errors/404.php";
189  // check if call comes from frontend or backend
190  if (file_exists($filename))
191  { // frontend success
192  return $filename;
193  }
194  else
195  {
196  // call from backend, set path correctly
197  if (!isset($db)) { $db = new db(); }
198  sys::setSyslog($db, 4, 1, "404 ERROR $notfound", 0, 0, 0, 0);
199  return $filename;
200  }
201  }
202  // return file
203  return $filename;
204  }
205  } // ./ class controller
206 } // ./ namespace
$uid
if(!isset($db)) $uid
Definition: accept-friend.php:13
$lang
print $lang['FILEMAN_UPLOAD']
Definition: filemanager.php:385
die
die
Definition: block-user.php:27
YAWK\controller
The controller function returns filtered filename as string (or null).
Definition: controller.php:15
YAWK\controller\filterfilename
static filterfilename($db, $lang, $filename)
Main filter controller: checks GET params and lead to corresponding actions.
Definition: controller.php:46
YAWK\controller\frontEndInit
static frontEndInit($db, $currentpage, $user, $template)
Definition: controller.php:23
YAWK\db
Mysqli database class; returns db connection object.
Definition: db.php:16
YAWK\user\setNewPassword
static setNewPassword($db, $newPassword, $uid)
Set a new user password.
Definition: user.php:189
YAWK\user\drawLoginBox
static drawLoginBox($username, $password)
return the html for a default login box
Definition: user.php:2001
YAWK\user\drawPasswordResetForm
static drawPasswordResetForm($db, $lang, $uid)
Draw the form where users can reset their password.
Definition: user.php:171
YAWK\user\checkResetToken
static checkResetToken($db, $token)
Check if password reset token matches and return uid.
Definition: user.php:131
exit
exit
Definition: message-fetch.php:17
YAWK
This class serves methods to create backup from files.
Definition: AdminLTE.php:2
$_GET
print $_GET['id']
Definition: page-edit.php:357