Merge pull request #2 from userfrosting/master

update to current UF version

.gitignore

@@ -3,3 +3,5 @@
 _meta/*
 public/test/*
 userfrosting/config-userfrosting.php
+public/js/min/*
+public/css/min/*

CHANGELOG.md

@@ -1,5 +1,29 @@
 # Change Log
 
+## v0.1.3.9
+
+Revert to loose comparison for `user_id`s because of issues with Ubuntu's PDO driver (see http://stackoverflow.com/questions/5323146/mysql-integer-field-is-returned-as-string-in-php#comment41836471_5323169)
+
+## v0.1.3.8
+
+- Finish replacing all usages of `*Loader` classes with Eloquent syntax
+- Installer warning for missing `imagepng`
+- Fix bug in CSV generation for user table
+
+## v0.3.1.7
+
+- Change "default theme" to "guest theme" and fix loading issues (#463).  What used to be called "default theme" is now base theme, i.e. the theme to fall back to when a template file cannot be found in the current theme (user group or guest theme)
+- New public template for "nyx" theme
+- Remove trailing slash from configuration JS/CSS paths to make uniform with site.uri.public
+- Make routes for config.js and theme.css dynamically generated from configuration variables (#461)
+- Make cookie name for "remember me" use session name
+- Fix potential bug in configuration user_id's for guest, master accounts
+
+## v0.3.1.6
+
+- Fix exception-handling for mail server errors
+- Notify if account creation was successful, even if mail server failed.
+
 ## v0.3.1.5
 
 - Add Romanian translation

README.md

@@ -75,6 +75,9 @@ UserFrosting seeks to balance modern programming principles, like DRY and MVC, w
 - When a user creates another user, they don't need to set a password.  Instead, an email is sent out to the new user, with a token allowing them to set their own password.
 - Admins can manually generate a password reset request for another user, or directly change the user's password.
 - .htaccess redirect trailing slash: change to only redirect GET requests
+- Change "default theme" to "guest theme" and fix loading issues (#463).  What used to be called "default theme" is now base theme, i.e. the theme to fall back to when a template file cannot be found in the current theme (user group or guest theme)
+- New public template for "nyx" theme
+- Make routes for config.js and theme.css dynamically generated from configuration variables (#461)
 
 ### Migrating from UF's classic data model to Eloquent:
 

public/index.php

@@ -83,6 +83,9 @@
 
         $controller = new UF\AccountController($app);
 
+        $twig = $app->view()->getEnvironment();   
+        $loader = $twig->getLoader();
+
         switch ($action) {
             case "login":               return $controller->pageLogin();
             case "logout":              return $controller->logout(true); 
@@ -278,7 +281,7 @@
             $app->notFound();
         }
 
-        $app->schema->build();
+        $app->schema->build(true);
         $app->alerts->addMessageTranslated("success", "MINIFICATION_SUCCESS");
         $app->redirect($app->urlFor('uri_settings'));
     });    
@@ -397,13 +400,13 @@
     });
 
     // JS Config
-    $app->get('/js/config.js', function () use ($app) {
+    $app->get($app->config('uri')['js-relative'] . '/config.js', function () use ($app) {
         $controller = new UF\BaseController($app);
         $controller->configJS();
     });
 
     // Theme CSS
-    $app->get('/css/theme.css', function () use ($app) {
+    $app->get($app->config('uri')['css-relative'] . '/theme.css', function () use ($app) {
         $controller = new UF\BaseController($app);
         $controller->themeCSS();
     });

userfrosting/config-userfrosting-example.php

@@ -21,7 +21,7 @@
     $uri_public_root = $environment['slim.url_scheme'] . "://" . $environment['SERVER_NAME'] . $serverport . $environment['SCRIPT_NAME'];
 
     /********* DEVELOPMENT SETTINGS *********/
-    $app->configureMode('dev', function () use ($app, $public_path, $uri_public_root) {
+    $app->configureMode('dev', function () use ($app, $public_path, $uri_public_root) {   
         $app->config([
             'log.enable' => true,
             'debug' => false,
@@ -33,8 +33,8 @@
             'locales.path' =>   __DIR__ . '/locale',
             'log.path' =>   __DIR__ . '/log',
             'public.path' => $public_path,
-            'js.path' => $public_path . "/js",
-            'css.path' => $public_path . "/css",
+            'js.path.relative' => "/js",
+            'css.path.relative' => "/css", 
             'session' => [
                 'name' => 'UserFrosting',
                 'cache_limiter' => false
@@ -56,19 +56,21 @@
                 'pass' => 'password'
             ],
             'uri' => [
-                'public' =>    $uri_public_root,
-                'js' =>        $uri_public_root . "/js/",
-                'css' =>       $uri_public_root . "/css/",        
-                'favicon' =>   $uri_public_root . "/css/favicon.ico",
-                'image' =>     $uri_public_root . "/images/"
+                'public'            => $uri_public_root,
+                'js-relative'       => "/js",            
+                'css-relative'      => "/css",        
+                'favicon-relative'  => "/css/favicon.ico",
+                'image-relative'    => "/images"
             ],
             'user_id_guest'  => 0,
-            'user_id_master' => 1
+            'user_id_master' => 1,
+            'theme-base'     => "default",
+            'theme-root'     => "root"
         ]);
     });    
 
     /********* PRODUCTION SETTINGS *********/    
-    $app->configureMode('production', function () use ($app, $public_path, $uri_public_root) {
+    $app->configureMode('production', function () use ($app, $public_path, $uri_public_root) {  
         $app->config([
             'log.enable' => true,
             'debug' => false,
@@ -80,8 +82,8 @@
             'locales.path' =>   __DIR__ . '/locale',
             'log.path' =>   __DIR__ . '/log',
             'public.path' => $public_path,
-            'js.path' => $public_path . "/js",
-            'css.path' => $public_path . "/css",
+            'js.path.relative' => "/js",
+            'css.path.relative' => "/css", 
             'session' => [
                 'name' => 'UserFrosting',
                 'cache_limiter' => false
@@ -103,14 +105,28 @@
                 'pass' => 'password'
             ],
             'uri' => [
-                'public' =>    $uri_public_root,
-                'js' =>        $uri_public_root . "/js/",
-                'css' =>       $uri_public_root . "/css/",        
-                'favicon' =>   $uri_public_root . "/css/favicon.ico",
-                'image' =>     $uri_public_root . "/images/"
-            ],            
+                'public'            => $uri_public_root,
+                'js-relative'       => "/js",            
+                'css-relative'      => "/css",        
+                'favicon-relative'  => "/css/favicon.ico",
+                'image-relative'    => "/images"
+            ],
             'user_id_guest'  => 0,
-            'user_id_master' => 1
+            'user_id_master' => 1,
+            'theme-base'     => "default",
+            'theme-root'     => "root"
         ]);
     });
-
+
+    // Set up derived configuration values
+    $app->config([
+        'js.path' =>  $app->config('public.path') . $app->config('js.path.relative'),
+        'css.path' => $app->config('public.path') . $app->config('css.path.relative'),
+        'uri' => [
+            'js' =>        $app->config('uri')['public'] . $app->config('uri')['js-relative'],
+            'css' =>       $app->config('uri')['public'] . $app->config('uri')['css-relative'],
+            'favicon' =>   $app->config('uri')['public'] . $app->config('uri')['favicon-relative'],
+            'image' =>     $app->config('uri')['public'] . $app->config('uri')['image-relative'],
+        ]
+    ], true);
+

userfrosting/controllers/AccountController.php

@@ -69,7 +69,7 @@ public function pageRegister($can_register = false){
         }
 
         // Security measure: do not allow registering new users until the master account has been created.        
-        if (!UserLoader::exists($this->_app->config('user_id_master'))){
+        if (!User::find($this->_app->config('user_id_master'))){
             $ms->addMessageTranslated("danger", "MASTER_ACCOUNT_NOT_EXISTS");
             $this->_app->redirect($this->_app->urlFor('uri_install'));
         }
@@ -236,14 +236,14 @@ public function login(){
 
         // Load user by email address
         if($isEmail){
-            $user = UserLoader::fetch($data['user_name'], 'email');
+            $user = User::where('email', $data['user_name'])->first();
             if (!$user){
                 $ms->addMessageTranslated("danger", "ACCOUNT_USER_OR_PASS_INVALID");
                 $this->_app->halt(403);         
             }
         // Load user by user name    
         } else {
-            $user = UserLoader::fetch($data['user_name'], 'user_name');
+            $user = User::where('user_name', $data['user_name'])->first();
             if (!$user) {
                 $ms->addMessageTranslated("danger", "ACCOUNT_USER_OR_PASS_INVALID");
                 $this->_app->halt(403);
@@ -328,7 +328,7 @@ public function register(){
         $rf = new \Fortress\HTTPRequestFortress($ms, $requestSchema, $post);        
 
         // Security measure: do not allow registering new users until the master account has been created.        
-        if (!UserLoader::exists($this->_app->config('user_id_master'))){
+        if (!User::find($this->_app->config('user_id_master'))){
             $ms->addMessageTranslated("danger", "MASTER_ACCOUNT_NOT_EXISTS");
             $this->_app->halt(403);
         }
@@ -375,12 +375,12 @@ public function register(){
             $data['flag_verified'] = 1;
 
         // Check if username or email already exists
-        if (UserLoader::exists($data['user_name'], 'user_name')){
+        if (User::where('user_name', $data['user_name'])->first()){
             $ms->addMessageTranslated("danger", "ACCOUNT_USERNAME_IN_USE", $data);
             $error = true;
         }
 
-        if (UserLoader::exists($data['email'], 'email')){
+        if (User::where('email', $data['email'])->first()){
             $ms->addMessageTranslated("danger", "ACCOUNT_EMAIL_IN_USE", $data);
             $error = true;
         }
@@ -391,7 +391,7 @@ public function register(){
         }
 
         // Get default primary group (is_default = GROUP_DEFAULT_PRIMARY)
-        $primaryGroup = GroupLoader::fetch(GROUP_DEFAULT_PRIMARY, "is_default");
+        $primaryGroup = Group::where('is_default', GROUP_DEFAULT_PRIMARY)->first();
 
         // Check that a default primary group is actually set
         if (!$primaryGroup){
@@ -410,10 +410,10 @@ public function register(){
         $user = new User($data);
 
         // Add user to default groups, including default primary group
-        $defaultGroups = GroupLoader::fetchAll(GROUP_DEFAULT, "is_default");
+        $defaultGroups = Group::where('is_default', GROUP_DEFAULT)->get();
         $user->addGroup($primaryGroup->id);
-        foreach ($defaultGroups as $group_id => $group)
-            $user->addGroup($group_id);    
+        foreach ($defaultGroups as $group)
+            $user->addGroup($group->id);    
 
         // Create sign-up event
         $user->newEventSignUp();
@@ -450,11 +450,11 @@ public function register(){
     } 
 
     /**
-     * Processes an new account activation request.
+     * Processes an new email verification request.
      *
-     * Processes the request from the account activation link that was emailed to the user, checking that:
+     * Processes the request from the email verification link that was emailed to the user, checking that:
      * 1. The token provided matches a user in the database;
-     * 2. The user account is not already active;
+     * 2. The user account is not already verified;
      * This route is "public access".
      * Request type: GET     
      */          
@@ -475,10 +475,11 @@ public function activate(){
             $this->_app->redirect($this->_app->urlFor('uri_home'));
         }    
 
-        // Ok, try to find a user with the specified secret token
-        $user = UserLoader::fetch($data['secret_token'], 'secret_token');
+        // Ok, try to find an unverified user with the specified secret token
+        $user = User::where('secret_token', $data['secret_token'])
+                    ->where('flag_verified', '0')->first();
 
-        if (!$user || $user->flag_verified == "1"){
+        if (!$user){
             $ms->addMessageTranslated("danger", "ACCOUNT_TOKEN_NOT_FOUND");
             $this->_app->redirect($this->_app->urlFor('uri_home'));
         }
@@ -677,8 +678,9 @@ public function denyResetPassword(){
             $this->_app->redirect($this->_app->urlFor('uri_home'));
         }
 
-        // Fetch the user, by looking up the submitted activation token
-        $user = UserLoader::fetch($data['secret_token'], 'secret_token');
+        // Fetch the user with the specified secret token and who has a pending password reset request
+        $user = User::where('secret_token', $data['secret_token'])
+                    ->where('flag_password_reset', "1")->first();
 
         if (!$user){
             $ms->addMessageTranslated("danger", "FORGOTPASS_INVALID_TOKEN");
@@ -724,15 +726,15 @@ public function resendActivation(){
             $this->_app->halt(400);
         }    
 
+        // Load the user, by username
+        $user = User::where('user_name', $data['user_name'])->first();        
+
         // Check that the username exists
-        if(!UserLoader::exists($data['user_name'], 'user_name')) {
+        if(!$user) {
             $ms->addMessageTranslated("danger", "ACCOUNT_INVALID_USERNAME");
             $this->_app->halt(400);
         }
 
-        // Load the user, by username
-        $user = UserLoader::fetch($data['user_name'], 'user_name');
-
         // Check that the specified email is correct
         if (strtolower($user->email) != strtolower($data['email'])){
             $ms->addMessageTranslated("danger", "ACCOUNT_USER_OR_EMAIL_INVALID");
@@ -827,7 +829,7 @@ public function accountSettings(){
                 $this->_app->halt(403);
             }
             // Check if address is in use
-            if (UserLoader::exists($data['email'], 'email')){
+            if (User::where('email', $data['email'])->first()){
                 $ms->addMessageTranslated("danger", "ACCOUNT_EMAIL_IN_USE", $data);
                 $this->_app->halt(400);
             }            

userfrosting/controllers/ApiController.php

@@ -30,11 +30,8 @@ public function __construct($app){
      * Generates a list of users, optionally paginated, sorted and/or filtered.
      * This page requires authentication.
      * Request type: GET
-     * @param int $page optional.  For paging, the page number to start with.
-     * @param int $size optional.  For paging, the number of results per page.
-     * @param string $primary_group_name optional.  If specified, will only display users in that particular primary group.
      */        
-    public function listUsers($page = 0, $size = 10, $primary_group_name = null){
+    public function listUsers(){
         $get = $this->_app->request->get();
 
         $size = isset($get['size']) ? $get['size'] : null;
@@ -43,9 +40,8 @@ public function listUsers($page = 0, $size = 10, $primary_group_name = null){
         $sort_order = isset($get['sort_order']) ? $get['sort_order'] : "asc";
         $filters = isset($get['filters']) ? $get['filters'] : [];
         $format = isset($get['format']) ? $get['format'] : "json";
-        $primary_group_name = isset($get['primary_group']) ? $get['primary_group'] : null;
+        $primary_group_name = isset($get['primary_group']) ? $get['primary_group'] : null;  
 
-
         // Optional filtering by primary group
         if ($primary_group_name){
             $primary_group = Group::where('name', $primary_group_name)->first();

userfrosting/controllers/BaseController.php

@@ -151,11 +151,11 @@ public function generateCaptcha(){
         $x = ( 150 - 0 - imagefontwidth( 5 ) * strlen( $security_code ) ) / 2 + 0 + 5;
 
         //write string twice
-        ImageString($image,5, $x, 7, $security_code, $black);
-        ImageString($image,5, $x, 7, $security_code, $black);
+        imagestring($image,5, $x, 7, $security_code, $black);
+        imagestring($image,5, $x, 7, $security_code, $black);
         //start ob
         ob_start();
-        ImagePng($image);
+        imagepng($image);
 
         //get binary image data
         $data = ob_get_clean();