kit_cms 2.3.20 → 2.3.22

data/app/models/q_subscription.rb

@@ -0,0 +1,7 @@
+class QSubscription < ActiveRecord::Base
+
+  belongs_to :q_publisher
+  belongs_to :q_user
+
+  before_save { self.topic = self.topic.downcase }
+end

data/app/models/q_user.rb

@@ -0,0 +1,29 @@
+require 'bcrypt'
+require 'digest/md5'
+
+class QUser < ActiveRecord::Base
+  include BCrypt
+
+  has_many :q_users_publishers
+  has_many :q_publishers, :through=>:q_users_publishers
+  has_many :q_subscriptions, :dependent => :destroy
+  has_many :q_messages, :dependent=>:destroy
+  has_many :q_users_methods
+
+  def methods
+    self.q_users_methods.map { |m| m.method }.join ", "
+  end
+
+  def password
+    @password ||= Password.new(encrypted_password)
+  end
+
+  def password=(new_password)
+    @password = Password.create(new_password)
+    self.encrypted_password = @password
+  end
+
+  def generate_session_token
+    self.session_token = Digest::MD5.hexdigest(Time.now.to_s + rand(10000000).to_s)
+  end  
+end

data/app/models/q_users_method.rb

@@ -0,0 +1,6 @@
+class QUsersMethod < ActiveRecord::Base
+
+  belongs_to :q_user
+
+end
+

data/app/models/q_users_publisher.rb

@@ -0,0 +1,6 @@
+class QUsersPublisher < ActiveRecord::Base
+
+  belongs_to :q_user
+  belongs_to :q_publisher
+
+end

data/app/models/user.rb

@@ -1,4 +1,10 @@
 class User < KitIndexed
+  include BCrypt
+  include ActionView::Helpers
+
+  has_many :user_logins
+
+  after_initialize { self.skip_password = true }
 
   User.do_indexing :User, [
     {:name=>"id", :index=>:not_analyzed, :include_in_all=>false},
@@ -103,29 +109,30 @@ class User < KitIndexed
     "%d" % r rescue nil
   end
 
-  def active_for_authentication?
-    super && self.banned_at == nil
-  end
-
-  devise :database_authenticatable, :registerable,
-         :recoverable, :rememberable, :trackable, :lockable,
-         :maximum_attempts=>10, :unlock_strategy=>:time
-
-  if Rails.configuration.respond_to?(:use_rest_auth) && Rails.configuration.use_rest_auth
-    devise :encryptable, :encryptor => :restful_authentication_sha1
-  end
-
   after_create :welcome_message
 
-  validates :display_name, :uniqueness=>{:scope=>:system_id}, :allow_blank => true
-  validates :email, :presence=>true, :uniqueness=>{:scope=>:system_id}
-  validates :password, :presence=>true, :confirmation=>true, :on=>:create
-  validates_confirmation_of :password, :on=>:create
+  validates :display_name, :format=>{:with=>/\A[a-z0-9\-\_\ \.]+\z/i, :message=>"Invalid name (may only contain letters, numbers, spaces, hyphens and underscores"}, :presence=>{:message=>"You must enter a name"}, :uniqueness=>{:case_sensitive => false, :message=>"That name has already been used", :scope=>:system_id}, :if => Proc.new { |u| 
+    Preference.get_cached(u.system_id, "show_forum_nickname_on_signup")=='true' 
+  }
+
+  validates :email, :presence=>true, :uniqueness=>{:scope=>:system_id, :case_sensitive => false}, :email=>true
+  attr_accessor :skip_password
 
+  validates :password, :presence=>true, :confirmation=>true, :length=>{:minimum=>4, :maximum=>40}, :unless=>proc {self.skip_password==true}
+  validates :password_confirmation, :presence=>true, :unless=>proc {self.skip_password==true}
   attr_accessible :email, :password, :password_confirmation, :remember_me, :display_name, :subscribe_newsletter, :spam_points, :system_id
   
   attr_accessor :fave_pages
 
+  def password=(new_password)
+    @password = new_password
+    self.encrypted_password = Password.create(new_password)
+  end
+
+  def password
+    @password ||= Password.new(self.encrypted_password)
+  end
+
   def concatenated_groups
     self.groups.map {|g| g.name}.join(", ")
   end
@@ -142,11 +149,22 @@ class User < KitIndexed
     User.connection.execute("update users set last_heard_from=now() where id = #{self.id}")
   end
 
+  def unlock_access!
+    Activity.add(self.system.id, "UnLocking user <a href='/admin/user/#{self.id}'>#{self.email}</a>", 0, "Users")
+    self.locked_at = nil
+    self.save
+  end
+
   def lock_access!
     Activity.add(self.system.id, "Locking user <a href='/admin/user/#{self.id}'>#{self.email}</a> after #{self.failed_attempts} failed attempts", 0, "Users")
-    super   
+    self.locked_at = Time.now
+    self.save
   end 
 
+  def locked?
+    self.locked_at != nil
+  end
+
   def load_favourite_pages
     unless self.fave_pages
       self.fave_pages = Hash.new
@@ -230,7 +248,7 @@ class User < KitIndexed
   end
 
   def active?
-    super && self.not_banned?
+    self.not_banned?
   end
 
   def add_role(role, current_user_id = nil)
@@ -294,5 +312,95 @@ class User < KitIndexed
   def mailchimp_connection
     Gibbon.new(Preference.get_cached(self.system_id,'mailchimp_api_key'))
   end
-  
+
+  def self.authenticate(sid, email, password)
+    logger.debug "Authenticating #{email}"
+    u = User.sys(sid).where(:email=>email).first
+
+    unlock_hours = Preference.get_cached(sid, "account_unlock_after_hours")
+    if unlock_hours.not_blank?
+      unlock_hours = unlock_hours.to_i
+      if Time.now >= u.locked_at + unlock_hours.hours
+        u.unlock_access!
+      end
+    end
+
+    return nil unless u
+    return nil unless u.password==password
+    return nil unless u.not_banned?
+    return nil if u.locked?
+    return u
+  end
+
+  def self.cookie_authenticate(sid, token)
+    return nil unless token
+    User.sys(sid).where(:remember_token=>token).where("remember_token is not null and remember_token <> ''").first
+  end
+
+  def self.token_authenticate(sid, token)
+    if Preference.get_cached(sid, "account_token_auth")=="true" 
+      User.sys(sid).where("token is not null and token<>''").where(:token=>token).first rescue nil
+    else
+      nil
+    end
+  end
+
+  def status_display
+    status = []
+    roles = self.roles.collect {|r| r.name }.join(',  ')
+    status << "[#{roles}]" if roles.not_blank?
+    status << "Banned" if self.banned_at
+    status << "Locked" if self.locked_at
+    status << "Failures: #{self.failed_attempts}" if self.failed_attempts>0
+    status.join(", ")
+  end
+
+
+  def dont_remember
+    self.remember_created_at = nil
+    self.remember_token = nil
+    self.save
+  end
+
+  def record_signin(sid, request, method = 'e')
+    lh = UserLogin.new
+    lh.user_id = self.id
+    lh.ip = request.remote_ip
+    lh.method = method
+    lh.system_id = sid
+    lh.save
+    self.sign_in_count = (self.sign_in_count + 1) rescue 1
+    self.last_sign_in_at = self.current_sign_in_at
+    self.current_sign_in_at = Time.now
+    self.last_sign_in_ip = self.current_sign_in_ip
+    self.current_sign_in_ip = request.remote_ip
+    self.failed_attempts = 0
+    self.skip_password = true
+
+    if method=='c' || request.params[:remember_me]
+      self.remember_created_at = Time.now
+      self.remember_token ||= Digest::MD5.hexdigest(self.email + Time.now.to_s + rand(100000).to_s) 
+    else
+      self.remember_created_at = nil
+      self.remember_token = nil
+    end
+    self.save
+  end
+ 
+  def self.record_failed_signin(sid, request, method = 'e')
+    user = nil
+    email = request.params[:email] || request.params[:user][:email]
+    if email
+      user = User.sys(sid).where(:email=>email).first
+      if user
+        user.failed_attempts = (self.failed_attempts + 1) rescue 1
+        if user.failed_attempts >= (Preference.get_cached(sid, "account_lock_after_failures") || "10").to_i
+          user.lock_access!
+        end
+        user.save
+      end
+    end
+    return user
+  end 
+
 end

data/app/models/user_login.rb

@@ -0,0 +1,4 @@
+class UserLogin < ActiveRecord::Base
+
+    belongs_to :user
+end

data/app/validators/email_validator.rb

@@ -0,0 +1,14 @@
+require 'mail'
+class EmailValidator < ActiveModel::EachValidator
+  def validate_each(record,attribute,value)
+    begin
+      m = Mail::Address.new(value)
+      r = m.domain && m.address == value
+      t = m.__send__(:tree)
+      r &&= (t.domain.dot_atom_text.elements.size > 1)
+    rescue Exception => e   
+      r = false
+    end
+    record.errors[attribute] << (options[:message] || "is invalid") unless r
+  end
+end

data/app/views/account/_edit.html.haml

@@ -0,0 +1,40 @@
+#edit.users
+  %h2= t "account.edit_user_title"
+
+  - unless options[:dont_show_intro]
+    .intro
+      = render :partial=>"edit_intro"
+
+  
+  = form_tag "/users/edit" do |f|
+
+    - if user
+      = error_messages_for user
+    
+    - if options[:return_to]
+      = hidden_field_tag :return_to, options[:return_to]
+
+    - unless options[:must_change_password]==true || params[:must_change_password]=="1"
+      #email
+        %label= t "account.email_label"
+        = email_field_tag :email, user.email
+
+    - if options[:must_change_password]==true || params[:must_change_password]=="1"
+      = hidden_field_tag :must_change_password, 1
+  
+    #password 
+      = t "account.only_if_changing_password" unless options[:dont_show_leave_blank_passwords]==true
+      %label= t "account.password_label"
+      = password_field_tag :password
+
+    #password_confirmation
+      %label= t "account.password_confirmation_label"
+      = password_field_tag :password_confirmation
+
+    #submit
+      = submit_tag t("account.edit_user_label")
+  
+  - unless options[:dont_show_intro]
+    .outro
+      = render :partial=>"edit_intro"
+

data/app/views/account/_edit_intro.html.haml

@@ -0,0 +1,3 @@
+- if users_have_profiles?
+  .profile_link
+    = link_to t("account.edit_profile_link"), "/user/profile/edit"

data/app/views/account/_forgotten.html.haml

@@ -0,0 +1,20 @@
+#forgotten.users
+
+  %h2= t "account.forgotten_title"
+
+  .intro
+    = render :partial=>"account/forgotten_intro"
+
+  = form_tag "/users/forgotten" do |f|
+
+    #email
+      %label= t "account.email_label"
+      = text_field_tag :email, params[:email]
+
+    #submit
+      = submit_tag t("account.forgotten_label")
+
+  .outro
+    = render :partial=>"account/forgotten_intro"
+
+

data/app/views/account/_forgotten_intro.html.haml

@@ -0,0 +1,5 @@
+.already
+  = t "account.not_forgotten"
+  = link_to t("account.sign_in_link"), sign_in_url
+
+

data/app/views/account/_sign_in.html.haml

@@ -0,0 +1,31 @@
+#sign_in.users
+  %h2= t "account.sign_in_title"
+  
+  .intro
+    = render :partial=>"account/sign_in_intro"
+  
+  = form_tag "/users/sign_in" do |f|
+
+    - if options[:return_to]
+      = hidden_field_tag :return_to, options[:return_to]
+
+    #email
+      %label= t "account.email_label"
+      = email_field_tag :email, params[:email]
+
+    #password
+      %label= t "account.password_label"
+      = password_field_tag :password
+      .forgotten
+        = link_to t("account.forgotten_password"), forgotten_url
+
+    - unless sys_pref('account_no_remember')=='true'
+      #remember
+        %label= t "account.remember_label"
+        = check_box_tag :remember_me, params[:remember_me]
+
+    #submit
+      = submit_tag t("account.sign_in_label")
+
+  .outro
+    = render :partial=>"account/sign_in_intro"

data/app/views/account/_sign_in_intro.html.haml

@@ -0,0 +1,4 @@
+.already
+  Don't already have an account?
+  = link_to "Sign up", sign_up_url
+

data/app/views/account/_sign_up.html.haml

@@ -0,0 +1,51 @@
+#sign_up.users
+
+  %h2= t "account.sign_up_title"
+
+  .intro
+    = render :partial=>"account/sign_up_intro"
+
+  = form_tag "/users/sign_up" do |f|
+
+    - if @user
+      = error_messages_for @user
+
+    #email
+      %label= t "account.email_label"
+      = text_field_tag :email, params[:email]
+
+    #password
+      %label= t "account.password_label"
+      = password_field_tag :password
+
+    #password_confirmation
+      %label= t "account.password_confirmation_label"
+      = password_field_tag :password_confirmation
+
+    - if params[:groups]
+      = hidden_field_tag :groups, params[:groups]
+
+    - if sys_pref("show_forum_nickname_on_signup")=='true'
+      #forum_nickname
+        %label= t "account.forum_nickname"
+        = text_field_tag :display_name, params[:display_name]
+
+    - @attributes = UserAttribute.sys(_sid).where(:show_on_signup=>1).all
+
+    - if @attributes && @attributes.size>0
+      .attributes
+        - @attributes.each do |attr|
+          .attribute(class="#{attr.code_name}")
+            %label= attr.name
+
+            = render :partial=>"form/form_field", :locals=>{:type=>attr.form_field_type, :field=>attr, :value=>params["#{attr.code_name}"], :is_mandatory=>attr.is_mandatory?, :has_error=>@errors && @errors[attr.id], :show_options_editor=>false}
+
+            - if attr.description.not_blank?
+              .description
+                = attr.description
+    #submit
+      = submit_tag t("account.sign_up_label")
+
+  .outro
+    = render :partial=>"account/sign_up_intro"
+

data/app/views/account/_sign_up_intro.html.haml

@@ -0,0 +1,4 @@
+.already
+  = t "account.already_have_account"
+  = link_to "Sign in", sign_in_url
+

data/app/views/account/edit.html.haml

@@ -0,0 +1 @@
+= account_edit_form(@options)

data/app/views/account/forgotten.html.haml

@@ -0,0 +1 @@
+= account_forgotten

data/app/views/account/sign_in.html.haml

@@ -0,0 +1,2 @@
+= account_sign_in_form
+

data/app/views/account/sign_up.html.haml

@@ -0,0 +1 @@
+= account_sign_up_form

data/app/views/ad/_buy.html.haml

@@ -5,6 +5,7 @@
 
     = hidden_field_tag :options, options.to_json
 
+    = f.error_messages 
     %label(for="name") 
       Name
       = f.text_field :name, :class=>"required"
@@ -34,7 +35,7 @@
       Content
       = f.file_field :creative, :class=>"required"
       .help
-        The content of your ad - a GIF, JPG or PNG file, no larger than 100Kb in size.  It will automatically be resized to fit but for best results you should resize it to #{@zones.first.width}px (width) by #{@zones.first.height}px (height) before uploading.
+        The content of your ad - a GIF, JPG or PNG file, no larger than 100Kb in size.  It will automatically be resized to fit but for best results you should resize it to be the same size as the zone you're creating the ad for.
 
     %label(for="link")
       Link