request.php
7.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
<?php
/**
* @package Joomla.Site
* @subpackage com_privacy
*
* @copyright Copyright (C) 2005 - 2019 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
defined('_JEXEC') or die;
use Joomla\CMS\Router\Route;
/**
* Request model class.
*
* @since 3.9.0
*/
class PrivacyModelRequest extends JModelAdmin
{
/**
* Creates an information request.
*
* @param array $data The data expected for the form.
*
* @return mixed Exception | JException | boolean
*
* @since 3.9.0
*/
public function createRequest($data)
{
// Creating requests requires the site's email sending be enabled
if (!JFactory::getConfig()->get('mailonline', 1))
{
$this->setError(JText::_('COM_PRIVACY_ERROR_CANNOT_CREATE_REQUEST_WHEN_SENDMAIL_DISABLED'));
return false;
}
// Get the form.
$form = $this->getForm();
$data['email'] = JStringPunycode::emailToPunycode($data['email']);
// Check for an error.
if ($form instanceof Exception)
{
return $form;
}
// Filter and validate the form data.
$data = $form->filter($data);
$return = $form->validate($data);
// Check for an error.
if ($return instanceof Exception)
{
return $return;
}
// Check the validation results.
if ($return === false)
{
// Get the validation messages from the form.
foreach ($form->getErrors() as $formError)
{
$this->setError($formError->getMessage());
}
return false;
}
// Search for an open information request matching the email and type
$db = $this->getDbo();
$query = $db->getQuery(true)
->select('COUNT(id)')
->from('#__privacy_requests')
->where('email = ' . $db->quote($data['email']))
->where('request_type = ' . $db->quote($data['request_type']))
->where('status IN (0, 1)');
try
{
$result = (int) $db->setQuery($query)->loadResult();
}
catch (JDatabaseException $exception)
{
// Can't check for existing requests, so don't create a new one
$this->setError(JText::_('COM_PRIVACY_ERROR_CHECKING_FOR_EXISTING_REQUESTS'));
return false;
}
if ($result > 0)
{
$this->setError(JText::_('COM_PRIVACY_ERROR_PENDING_REQUEST_OPEN'));
return false;
}
// Everything is good to go, create the request
$token = JApplicationHelper::getHash(JUserHelper::genRandomPassword());
$hashedToken = JUserHelper::hashPassword($token);
$data['confirm_token'] = $hashedToken;
$data['confirm_token_created_at'] = JFactory::getDate()->toSql();
if (!$this->save($data))
{
// The save function will set the error message, so just return here
return false;
}
// Push a notification to the site's super users, deliberately ignoring if this process fails so the below message goes out
JModelLegacy::addIncludePath(JPATH_ADMINISTRATOR . '/components/com_messages/models', 'MessagesModel');
JTable::addIncludePath(JPATH_ADMINISTRATOR . '/components/com_messages/tables');
/** @var MessagesModelMessage $messageModel */
$messageModel = JModelLegacy::getInstance('Message', 'MessagesModel');
$messageModel->notifySuperUsers(
JText::_('COM_PRIVACY_ADMIN_NOTIFICATION_USER_CREATED_REQUEST_SUBJECT'),
JText::sprintf('COM_PRIVACY_ADMIN_NOTIFICATION_USER_CREATED_REQUEST_MESSAGE', $data['email'])
);
// The mailer can be set to either throw Exceptions or return boolean false, account for both
try
{
$app = JFactory::getApplication();
$linkMode = $app->get('force_ssl', 0) == 2 ? Route::TLS_FORCE : Route::TLS_IGNORE;
$substitutions = array(
'[SITENAME]' => $app->get('sitename'),
'[URL]' => JUri::root(),
'[TOKENURL]' => JRoute::link('site', 'index.php?option=com_privacy&view=confirm&confirm_token=' . $token, false, $linkMode, true),
'[FORMURL]' => JRoute::link('site', 'index.php?option=com_privacy&view=confirm', false, $linkMode, true),
'[TOKEN]' => $token,
'\\n' => "\n",
);
switch ($data['request_type'])
{
case 'export':
$emailSubject = JText::_('COM_PRIVACY_EMAIL_REQUEST_SUBJECT_EXPORT_REQUEST');
$emailBody = JText::_('COM_PRIVACY_EMAIL_REQUEST_BODY_EXPORT_REQUEST');
break;
case 'remove':
$emailSubject = JText::_('COM_PRIVACY_EMAIL_REQUEST_SUBJECT_REMOVE_REQUEST');
$emailBody = JText::_('COM_PRIVACY_EMAIL_REQUEST_BODY_REMOVE_REQUEST');
break;
default:
$this->setError(JText::_('COM_PRIVACY_ERROR_UNKNOWN_REQUEST_TYPE'));
return false;
}
foreach ($substitutions as $k => $v)
{
$emailSubject = str_replace($k, $v, $emailSubject);
$emailBody = str_replace($k, $v, $emailBody);
}
$mailer = JFactory::getMailer();
$mailer->setSubject($emailSubject);
$mailer->setBody($emailBody);
$mailer->addRecipient($data['email']);
$mailResult = $mailer->Send();
if ($mailResult instanceof JException)
{
// JError was already called so we just need to return now
return false;
}
elseif ($mailResult === false)
{
$this->setError($mailer->ErrorInfo);
return false;
}
/** @var PrivacyTableRequest $table */
$table = $this->getTable();
if (!$table->load($this->getState($this->getName() . '.id')))
{
$this->setError($table->getError());
return false;
}
// Log the request's creation
JModelLegacy::addIncludePath(JPATH_ADMINISTRATOR . '/components/com_actionlogs/models', 'ActionlogsModel');
$message = array(
'action' => 'request-created',
'requesttype' => $table->request_type,
'subjectemail' => $table->email,
'id' => $table->id,
'itemlink' => 'index.php?option=com_privacy&view=request&id=' . $table->id,
);
/** @var ActionlogsModelActionlog $model */
$model = JModelLegacy::getInstance('Actionlog', 'ActionlogsModel');
$model->addLog(array($message), 'COM_PRIVACY_ACTION_LOG_CREATED_REQUEST', 'com_privacy.request');
// The email sent and the record is saved, everything is good to go from here
return true;
}
catch (phpmailerException $exception)
{
$this->setError($exception->getMessage());
return false;
}
}
/**
* Method for getting the form from the model.
*
* @param array $data Data for the form.
* @param boolean $loadData True if the form is to load its own data (default case), false if not.
*
* @return JForm|boolean A JForm object on success, false on failure
*
* @since 3.9.0
*/
public function getForm($data = array(), $loadData = true)
{
return $this->loadForm('com_privacy.request', 'request', array('control' => 'jform'));
}
/**
* Method to get a table object, load it if necessary.
*
* @param string $name The table name. Optional.
* @param string $prefix The class prefix. Optional.
* @param array $options Configuration array for model. Optional.
*
* @return JTable A JTable object
*
* @since 3.9.0
* @throws \Exception
*/
public function getTable($name = 'Request', $prefix = 'PrivacyTable', $options = array())
{
return parent::getTable($name, $prefix, $options);
}
/**
* Method to auto-populate the model state.
*
* Note. Calling getState in this method will result in recursion.
*
* @return void
*
* @since 3.9.0
*/
protected function populateState()
{
// Get the application object.
$params = JFactory::getApplication()->getParams('com_privacy');
// Load the parameters.
$this->setState('params', $params);
}
}