Rev 5766 | Rev 6749 | Ir a la última revisión | Autoría | Comparar con el anterior | Ultima modificación | Ver Log |
<?phpdeclare(strict_types=1);namespace LeadersLinked\Controller;use Nullix\CryptoJsAes\CryptoJsAes;use GeoIp2\Database\Reader As GeoIp2Reader;use Laminas\Authentication\AuthenticationService;use Laminas\Authentication\Result as AuthResult;use Laminas\Db\Adapter\AdapterInterface;use Laminas\Cache\Storage\Adapter\AbstractAdapter;use Laminas\Http\Header\SetCookie;use Laminas\Mvc\Controller\AbstractActionController;use Laminas\Log\LoggerInterface;use Laminas\View\Model\ViewModel;use Laminas\View\Model\JsonModel;use LeadersLinked\Form\Auth\SigninForm;use LeadersLinked\Form\Auth\ResetPasswordForm;use LeadersLinked\Form\Auth\ForgotPasswordForm;use LeadersLinked\Form\Auth\SignupForm;use LeadersLinked\Mapper\ConnectionMapper;use LeadersLinked\Mapper\EmailTemplateMapper;use LeadersLinked\Mapper\NetworkMapper;use LeadersLinked\Mapper\UserMapper;use LeadersLinked\Model\User;use LeadersLinked\Model\UserType;use LeadersLinked\Library\QueueEmail;use LeadersLinked\Library\Functions;use LeadersLinked\Model\EmailTemplate;use LeadersLinked\Mapper\UserPasswordMapper;use LeadersLinked\Model\UserBrowser;use LeadersLinked\Mapper\UserBrowserMapper;use LeadersLinked\Mapper\UserIpMapper;use LeadersLinked\Model\UserIp;use LeadersLinked\Form\Auth\MoodleForm;use LeadersLinked\Library\Rsa;use LeadersLinked\Library\Image;use LeadersLinked\Authentication\AuthAdapter;use LeadersLinked\Authentication\AuthEmailAdapter;use LeadersLinked\Model\UserPassword;use LeadersLinked\Model\Connection;use LeadersLinked\Authentication\AuthImpersonateAdapter;use LeadersLinked\Model\Network;use LeadersLinked\Mapper\EmailMapper;class AuthController extends AbstractActionController{/**** @var AdapterInterface*/private $adapter;/**** @var AbstractAdapter*/private $cache;/**** @var LoggerInterface*/private $logger;/**** @var array*/private $config;/**** @param AdapterInterface $adapter* @param AbstractAdapter $cache* @param LoggerInterface $logger* @param array $config*/public function __construct($adapter, $cache , $logger, $config){$this->adapter = $adapter;$this->cache = $cache;$this->logger = $logger;$this->config = $config;}public function signinAction(){$currentNetworkPlugin = $this->plugin('currentNetworkPlugin');$currentNetwork = $currentNetworkPlugin->getNetwork();$request = $this->getRequest();if($request->isPost()) {$currentNetworkPlugin = $this->plugin('currentNetworkPlugin');$currentNetwork = $currentNetworkPlugin->getNetwork();$form = new SigninForm($this->config);$dataPost = $request->getPost()->toArray();if(empty($_SESSION['aes'])) {return new JsonModel(['success' => false,'data' => 'ERROR_WEBSERVICE_ENCRYPTION_KEYS_NOT_FOUND']);}if(!empty( $dataPost['email'])) {$dataPost['email'] = CryptoJsAes::decrypt( $dataPost['email'], $_SESSION['aes']);}if(!empty( $dataPost['password'])) {$dataPost['password'] = CryptoJsAes::decrypt( $dataPost['password'], $_SESSION['aes']);}$form->setData($dataPost);if($form->isValid()) {$dataPost = (array) $form->getData();$email = $dataPost['email'];$password = $dataPost['password'];$remember = $dataPost['remember'];$authAdapter = new AuthAdapter($this->adapter, $this->logger);$authAdapter->setData($email, $password, $currentNetwork->id);$authService = new AuthenticationService();$result = $authService->authenticate($authAdapter);if($result->getCode() == AuthResult::SUCCESS) {$userMapper = UserMapper::getInstance($this->adapter);$user = $userMapper->fetchOneByEmail($email);$navigator = get_browser(null, true);$device_type = isset($navigator['device_type']) ? $navigator['device_type'] : '';$platform = isset($navigator['platform']) ? $navigator['platform'] : '';$browser = isset($navigator['browser']) ? $navigator['browser'] : '';$istablet = isset($navigator['istablet']) ? intval( $navigator['istablet']) : 0;$ismobiledevice = isset($navigator['ismobiledevice']) ? intval( $navigator['ismobiledevice']) : 0;$version = isset($navigator['version']) ? $navigator['version'] : '';$userBrowserMapper = UserBrowserMapper::getInstance($this->adapter);$userBrowser = $userBrowserMapper->fetch($user->id, $device_type, $platform, $browser);if($userBrowser) {$userBrowserMapper->update($userBrowser);} else {$userBrowser = new UserBrowser();$userBrowser->user_id = $user->id;$userBrowser->browser = $browser;$userBrowser->platform = $platform;$userBrowser->device_type = $device_type;$userBrowser->is_tablet = $istablet;$userBrowser->is_mobile_device = $ismobiledevice;$userBrowser->version = $version;$userBrowserMapper->insert($userBrowser);}//$ip = Functions::getUserIP();$ip = $ip == '127.0.0.1' ? '148.240.211.148' : $ip;$userIpMapper = UserIpMapper::getInstance($this->adapter);$userIp = $userIpMapper->fetch($user->id, $ip);if(empty($userIp)) {if($this->config['leaderslinked.runmode.sandbox']) {$filename = $this->config['leaderslinked.geoip2.production_database'];} else {$filename = $this->config['leaderslinked.geoip2.sandbox_database'];}$reader = new GeoIp2Reader($filename); //GeoIP2-City.mmdb');$record = $reader->city($ip);if($record) {$userIp = new UserIp();$userIp->user_id = $user->id;$userIp->city = !empty($record->city->name) ? utf8_decode($record->city->name) : '';$userIp->state_code = !empty($record->mostSpecificSubdivision->isoCode) ? utf8_decode($record->mostSpecificSubdivision->isoCode) : '';$userIp->state_name = !empty($record->mostSpecificSubdivision->name) ? utf8_decode($record->mostSpecificSubdivision->name) : '';$userIp->country_code = !empty($record->country->isoCode) ? utf8_decode($record->country->isoCode) : '';$userIp->country_name = !empty($record->country->name) ? utf8_decode($record->country->name) : '';$userIp->ip = $ip;$userIp->latitude = !empty($record->location->latitude) ? $record->location->latitude : 0;$userIp->longitude = !empty($record->location->longitude) ? $record->location->longitude : 0;$userIp->postal_code = !empty($record->postal->code) ? $record->postal->code : '';$userIpMapper->insert($userIp);}} else {$userIpMapper->update($userIp);}if($remember) {$expired = time() + 365 * 24 * 60 * 60;$cookieEmail = new SetCookie('email', $email, $expired);} else {$expired = time() - 7200;$cookieEmail = new SetCookie('email', '', $expired);}$response = $this->getResponse();$response->getHeaders()->addHeader($cookieEmail);$this->logger->info('Ingreso a LeadersLiked', ['user_id' => $user->id, 'ip' => Functions::getUserIP()]);$user_share_invitation = $this->cache->getItem('user_share_invitation');if($user_share_invitation) {$userRedirect = $userMapper->fetchOneByUuid($user_share_invitation);if($userRedirect && $userRedirect->status == User::STATUS_ACTIVE && $user->id != $userRedirect->id) {$connectionMapper = ConnectionMapper::getInstance($this->adapter);$connection = $connectionMapper->fetchOneByUserId1AndUserId2($user->id, $userRedirect->id);if($connection) {if($connection->status != Connection::STATUS_ACCEPTED) {$connectionMapper->approve($connection);}} else {$connection = new Connection();$connection->request_from = $user->id;$connection->request_to = $userRedirect->id;$connection->status = Connection::STATUS_ACCEPTED;$connectionMapper->insert($connection);}}}$data = ['success' => true,'data' => $this->url()->fromRoute('dashboard'),];$this->cache->removeItem('user_share_invitation');} else {$message = $result->getMessages()[0];if(!in_array($message, ['ERROR_USER_NOT_FOUND', 'ERROR_USER_EMAIL_HASNT_BEEN_VARIFIED', 'ERROR_USER_IS_BLOCKED','ERROR_USER_IS_INACTIVE', 'ERROR_ENTERED_PASS_INCORRECT_USER_IS_BLOCKED', 'ERROR_ENTERED_PASS_INCORRECT_2','ERROR_ENTERED_PASS_INCORRECT_1', 'ERROR_USER_REQUEST_ACCESS_IS_PENDING', 'ERROR_USER_REQUEST_ACCESS_IS_REJECTED'])) {}switch($message){case 'ERROR_USER_NOT_FOUND' :$this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - Email no existe', ['ip' => Functions::getUserIP()]);break;case 'ERROR_USER_EMAIL_HASNT_BEEN_VARIFIED' :$this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - Email no verificado', ['ip' => Functions::getUserIP()]);break;case 'ERROR_USER_IS_BLOCKED' :$this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - Usuario bloqueado', ['ip' => Functions::getUserIP()]);break;case 'ERROR_USER_IS_INACTIVE' :$this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - Usuario inactivo', ['ip' => Functions::getUserIP()]);break;case 'ERROR_ENTERED_PASS_INCORRECT_USER_IS_BLOCKED':$this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - 3er Intento Usuario bloqueado', ['ip' => Functions::getUserIP()]);break;case 'ERROR_ENTERED_PASS_INCORRECT_2' :$this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - 1er Intento', ['ip' => Functions::getUserIP()]);break;case 'ERROR_ENTERED_PASS_INCORRECT_1' :$this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - 2do Intento', ['ip' => Functions::getUserIP()]);break;case 'ERROR_USER_REQUEST_ACCESS_IS_PENDING' :$this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - Falta verificar que pertence a la Red Privada', ['ip' => Functions::getUserIP()]);break;case 'ERROR_USER_REQUEST_ACCESS_IS_REJECTED' :$this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - Rechazado por no pertence a la Red Privada', ['ip' => Functions::getUserIP()]);break;default :$message = 'ERROR_UNKNOWN';$this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - Error desconocido', ['ip' => Functions::getUserIP()]);break;}$data = ['success' => false,'data' => $message];}return new JsonModel($data);} else {$messages = [];$form_messages = (array) $form->getMessages();foreach($form_messages as $fieldname => $field_messages){$messages[$fieldname] = array_values($field_messages);}return new JsonModel(['success' => false,'data' => $messages]);}} else if($request->isGet()) {if(empty($_SESSION['aes'])) {$_SESSION['aes'] = Functions::generatePassword(16);}if($this->config['leaderslinked.runmode.sandbox']) {$site_key = $this->config['leaderslinked.google_captcha.sandbox_site_key'];} else {$site_key = $this->config['leaderslinked.google_captcha.production_site_key'];}$headers = $request->getHeaders();$isJson = false;if($headers->has('Accept')) {$accept = $headers->get('Accept');$prioritized = $accept->getPrioritized();foreach($prioritized as $key => $value) {$raw = trim($value->getRaw());if(!$isJson) {$isJson = strpos($raw, 'json');}}}$email = isset($_COOKIE['email']) ? $_COOKIE['email'] : '';$remember = $email ? true : false;$access_usign_social_networks = $this->config['leaderslinked.runmode.access_usign_social_networks'];if($isJson) {$data = ['email' => $email,'remember' => $remember,'site_key' => $site_key,'aes' => $_SESSION['aes'],'defaultNetwork' => $currentNetwork->default,'access_usign_social_networks' => $access_usign_social_networks && $currentNetwork->default == Network::DEFAULT_YES ? 'y' : 'n','logo_url' => $this->url()->fromRoute('storage-network', ['type' => 'logo']),'navbar_url' => $this->url()->fromRoute('storage-network', ['type' => 'navbar']),'favico_url' => $this->url()->fromRoute('storage-network', ['type' => 'favico']),'intro' => $currentNetwork->intro];} else {$form = new SigninForm($this->config);$form->setData(['email' => $email,'remember' => $remember,]);$this->layout()->setTemplate('layout/auth.phtml');$viewModel = new ViewModel();$viewModel->setTemplate('leaders-linked/auth/signin.phtml');$viewModel->setVariables(['form' => $form,'site_key' => $site_key,'aes' => $_SESSION['aes'],'defaultNetwork' => $currentNetwork->default,'access_usign_social_networks' => $access_usign_social_networks && $currentNetwork->default == Network::DEFAULT_YES ? 'y' : 'n',]);return $viewModel ;}} else {$data = ['success' => false,'data' => 'ERROR_METHOD_NOT_ALLOWED'];return new JsonModel($data);}return new JsonModel($data);}public function facebookAction(){$request = $this->getRequest();if($request->isGet()) {try {$app_id = $this->config['leaderslinked.facebook.app_id'];$app_password = $this->config['leaderslinked.facebook.app_password'];$app_graph_version = $this->config['leaderslinked.facebook.app_graph_version'];//$app_url_auth = $this->config['leaderslinked.facebook.app_url_auth'];//$redirect_url = $this->config['leaderslinked.facebook.app_redirect_url'];$fb = new \Facebook\Facebook(['app_id' => $app_id,'app_secret' => $app_password,'default_graph_version' => $app_graph_version,]);$app_url_auth = $this->url()->fromRoute('oauth/facebook', [], ['force_canonical' => true]);$helper = $fb->getRedirectLoginHelper();$permissions = ['email', 'public_profile']; // Optional permissions$facebookUrl = $helper->getLoginUrl($app_url_auth, $permissions);return new JsonModel(['success' => false,'data' => $facebookUrl]);} catch (\Throwable $e) {return new JsonModel(['success' => false,'data' => 'ERROR_WE_COULD_NOT_CONNECT_TO_FACEBOOK']);}} else {return new JsonModel(['success' => false,'data' => 'ERROR_METHOD_NOT_ALLOWED']);}}public function twitterAction(){$request = $this->getRequest();if($request->isGet()) {try {if($this->config['leaderslinked.runmode.sandbox']) {$twitter_api_key = $this->config['leaderslinked.twitter.sandbox_api_key'];$twitter_api_secret = $this->config['leaderslinked.twitter.sandbox_api_secret'];} else {$twitter_api_key = $this->config['leaderslinked.twitter.production_api_key'];$twitter_api_secret = $this->config['leaderslinked.twitter.production_api_secret'];}/*echo '$twitter_api_key = ' . $twitter_api_key . PHP_EOL;echo '$twitter_api_secret = ' . $twitter_api_secret . PHP_EOL;exit;*///$redirect_url = $this->url()->fromRoute('oauth/twitter', [], ['force_canonical' => true]);$redirect_url = $this->config['leaderslinked.twitter.app_redirect_url'];$twitter = new \Abraham\TwitterOAuth\TwitterOAuth($twitter_api_key, $twitter_api_secret);$request_token = $twitter->oauth('oauth/request_token', ['oauth_callback' => $redirect_url ]);$twitterUrl = $twitter->url('oauth/authorize', [ 'oauth_token' => $request_token['oauth_token'] ]);$twitterSession = new \Laminas\Session\Container('twitter');$twitterSession->oauth_token = $request_token['oauth_token'];$twitterSession->oauth_token_secret = $request_token['oauth_token_secret'];return new JsonModel(['success' => true,'data' => $twitterUrl]);} catch (\Throwable $e) {return new JsonModel(['success' => false,'data' => 'ERROR_WE_COULD_NOT_CONNECT_TO_TWITTER']);}} else {return new JsonModel(['success' => false,'data' => 'ERROR_METHOD_NOT_ALLOWED']);}}public function googleAction(){$request = $this->getRequest();if($request->isGet()) {try {$google = new \Google_Client();$google->setAuthConfig('data/google/auth-leaderslinked/apps.google.com_secreto_cliente.json');$google->setAccessType("offline"); // offline access$google->setIncludeGrantedScopes(true); // incremental auth$google->addScope('profile');$google->addScope('email');// $redirect_url = $this->url()->fromRoute('oauth/google', [], ['force_canonical' => true]);$redirect_url = $this->config['leaderslinked.google_auth.app_redirect_url'];$google->setRedirectUri($redirect_url);$googleUrl = $google->createAuthUrl();return new JsonModel(['success' => true,'data' => $googleUrl]);} catch (\Throwable $e) {return new JsonModel(['success' => false,'data' => 'ERROR_WE_COULD_NOT_CONNECT_TO_GOOGLE']);}} else {return new JsonModel(['success' => false,'data' => 'ERROR_METHOD_NOT_ALLOWED']);}}public function signoutAction(){$currentUserPlugin = $this->plugin('currentUserPlugin');$currentUser = $currentUserPlugin->getRawUser();if($currentUserPlugin->hasImpersonate()) {$userMapper = UserMapper::getInstance($this->adapter);$userMapper->leaveImpersonate($currentUser->id);$networkMapper = NetworkMapper::getInstance($this->adapter);$network = $networkMapper->fetchOne($currentUser->network_id);if(!$currentUser->one_time_password) {$one_time_password = Functions::generatePassword(25);$currentUser->one_time_password = $one_time_password;$userMapper = UserMapper::getInstance($this->adapter);$userMapper->updateOneTimePassword($currentUser, $one_time_password);}$sandbox = $this->config['leaderslinked.runmode.sandbox'];if($sandbox) {$salt = $this->config['leaderslinked.backend.sandbox_salt'];} else {$salt = $this->config['leaderslinked.backend.production_salt'];}$rand = 1000 + mt_rand(1, 999);$timestamp = time();$password = md5($currentUser->one_time_password . '-' . $rand . '-' . $timestamp . '-' . $salt);$params = ['user_uuid' => $currentUser->uuid,'password' => $password,'rand' => $rand,'time' => $timestamp,];$currentUserPlugin->clearIdentity();$url = 'https://'. $network->main_hostname . '/signin/impersonate' . '?' . http_build_query($params);return $this->redirect()->toUrl($url);} else {if($currentUserPlugin->hasIdentity()) {$this->logger->info('Desconexión de LeadersLinked', ['user_id' => $currentUserPlugin->getUserId(), 'ip' => Functions::getUserIP()]);}$currentUserPlugin->clearIdentity();return $this->redirect()->toRoute('home');}}public function resetPasswordAction(){$currentNetworkPlugin = $this->plugin('currentNetworkPlugin');$currentNetwork = $currentNetworkPlugin->getNetwork();$flashMessenger = $this->plugin('FlashMessenger');$code = filter_var($this->params()->fromRoute('code', ''), FILTER_SANITIZE_STRING);$userMapper = UserMapper::getInstance($this->adapter);$user = $userMapper->fetchOneByPasswordResetKeyAndNetworkId($code, $currentNetwork->id);if(!$user) {$this->logger->err('Restablecer contraseña - Error código no existe', ['ip' => Functions::getUserIP()]);$flashMessenger->addErrorMessage('ERROR_PASSWORD_RECOVER_CODE_IS_INVALID');return $this->redirect()->toRoute('forgot-password');}$password_generated_on = strtotime($user->password_generated_on);$expiry_time = $password_generated_on + $this->config['leaderslinked.security.reset_password_expired'];if (time() > $expiry_time) {$this->logger->err('Restablecer contraseña - Error código expirado', ['ip' => Functions::getUserIP()]);$flashMessenger->addErrorMessage('ERROR_PASSWORD_RECOVER_CODE_HAS_EXPIRED');return $this->redirect()->toRoute('forgot-password');}$request = $this->getRequest();if($request->isPost()) {$dataPost = $request->getPost()->toArray();if(empty($_SESSION['aes'])) {return new JsonModel(['success' => false,'data' => 'ERROR_WEBSERVICE_ENCRYPTION_KEYS_NOT_FOUND']);}if(!empty( $dataPost['password'])) {$dataPost['password'] = CryptoJsAes::decrypt( $dataPost['password'], $_SESSION['aes']);}if(!empty( $dataPost['confirmation'])) {$dataPost['confirmation'] = CryptoJsAes::decrypt( $dataPost['confirmation'], $_SESSION['aes']);}$form = new ResetPasswordForm($this->config);$form->setData($dataPost);if($form->isValid()) {$data = (array) $form->getData();$password = $data['password'];$userPasswordMapper = UserPasswordMapper::getInstance($this->adapter);$userPasswords = $userPasswordMapper->fetchAllByUserId($user->id);$oldPassword = false;foreach($userPasswords as $userPassword){if(password_verify($password, $userPassword->password) || (md5($password) == $userPassword->password)){$oldPassword = true;break;}}if($oldPassword) {$this->logger->err('Restablecer contraseña - Error contraseña ya utilizada anteriormente', ['user_id' => $user->id, 'ip' => Functions::getUserIP()]);return new JsonModel(['success' => false,'data' => 'ERROR_PASSWORD_HAS_ALREADY_BEEN_USED']);} else {$password_hash = password_hash($password, PASSWORD_DEFAULT);$result = $userMapper->updatePassword($user, $password_hash);if($result) {$userPassword = new UserPassword();$userPassword->user_id = $user->id;$userPassword->password = $password_hash;$userPasswordMapper->insert($userPassword);$this->logger->info('Restablecer contraseña realizado', ['user_id' => $user->id, 'ip' => Functions::getUserIP()]);$flashMessenger->addSuccessMessage('LABEL_YOUR_PASSWORD_HAS_BEEN_UPDATED');return new JsonModel(['success' => true,'data' => $this->url()->fromRoute('home')]);} else {$this->logger->err('Restablecer contraseña - Error desconocido', ['user_id' => $user->id, 'ip' => Functions::getUserIP()]);return new JsonModel(['success' => true,'data' => 'ERROR_THERE_WAS_AN_ERROR']);}}} else {$form_messages = $form->getMessages('captcha');if(!empty($form_messages)) {return new JsonModel(['success' => false,'data' => 'ERROR_RECAPTCHA_EMPTY']);}$messages = [];$form_messages = (array) $form->getMessages();foreach($form_messages as $fieldname => $field_messages){$messages[$fieldname] = array_values($field_messages);}return new JsonModel(['success' => false,'data' => $messages]);}}if($request->isGet()) {if(empty($_SESSION['aes'])) {$_SESSION['aes'] = Functions::generatePassword(16);}if($this->config['leaderslinked.runmode.sandbox']) {$site_key = $this->config['leaderslinked.google_captcha.sandbox_site_key'];} else {$site_key = $this->config['leaderslinked.google_captcha.production_site_key'];}$form = new ResetPasswordForm($this->config);$this->layout()->setTemplate('layout/auth.phtml');$viewModel = new ViewModel();$viewModel->setTemplate('leaders-linked/auth/reset-password.phtml');$viewModel->setVariables(['code' => $code,'form' => $form,'site_key' => $site_key,'aes' => $_SESSION['aes'],'defaultNetwork' => $currentNetwork->default,]);return $viewModel;}return new JsonModel(['success' => false,'data' => 'ERROR_METHOD_NOT_ALLOWED']);}public function forgotPasswordAction(){$currentNetworkPlugin = $this->plugin('currentNetworkPlugin');$currentNetwork = $currentNetworkPlugin->getNetwork();$request = $this->getRequest();if($request->isPost()) {$dataPost = $request->getPost()->toArray();if(empty($_SESSION['aes'])) {return new JsonModel(['success' => false,'data' => 'ERROR_WEBSERVICE_ENCRYPTION_KEYS_NOT_FOUND']);}if(!empty( $dataPost['email'])) {$dataPost['email'] = CryptoJsAes::decrypt( $dataPost['email'], $_SESSION['aes']);}$form = new ForgotPasswordForm($this->config);$form->setData($dataPost);if($form->isValid()) {$dataPost = (array) $form->getData();$email = $dataPost['email'];$userMapper = UserMapper::getInstance($this->adapter);$user = $userMapper->fetchOneByEmailAndNetworkId($email, $currentNetwork->id);if(!$user) {$this->logger->err('Olvidó contraseña ' . $email . '- Email no existe ', ['ip' => Functions::getUserIP()]);return new JsonModel(['success' => false,'data' => 'ERROR_EMAIL_IS_NOT_REGISTERED']);} else {if($user->status == User::STATUS_INACTIVE) {return new JsonModel(['success' => false,'data' => 'ERROR_USER_IS_INACTIVE']);} else if ($user->email_verified == User::EMAIL_VERIFIED_NO) {$this->logger->err('Olvidó contraseña - Email no verificado ', ['user_id' => $user->id, 'ip' => Functions::getUserIP()]);return new JsonModel(['success' => false,'data' => 'ERROR_EMAIL_HAS_NOT_BEEN_VERIFIED']);} else {$password_reset_key = md5($user->email. time());$userMapper->updatePasswordResetKey((int) $user->id, $password_reset_key);$emailTemplateMapper = EmailTemplateMapper::getInstance($this->adapter);$emailTemplate = $emailTemplateMapper->fetchOneByCodeAndNetworkId(EmailTemplate::CODE_RESET_PASSWORD, $currentNetwork->id);if($emailTemplate) {$arrayCont = ['firstname' => $user->first_name,'lastname' => $user->last_name,'other_user_firstname' => '','other_user_lastname' => '','company_name' => '','group_name' => '','content' => '','code' => '','link' => $this->url()->fromRoute('reset-password', ['code' => $password_reset_key], ['force_canonical' => true])];$email = new QueueEmail($this->adapter);$email->processEmailTemplate($emailTemplate, $arrayCont, $user->email, trim($user->first_name . ' ' . $user->last_name));}$flashMessenger = $this->plugin('FlashMessenger');$flashMessenger->addSuccessMessage('LABEL_RECOVERY_LINK_WAS_SENT_TO_YOUR_EMAIL');$this->logger->info('Olvidó contraseña - Se envio link de recuperación ', ['user_id' => $user->id, 'ip' => Functions::getUserIP()]);return new JsonModel(['success' => true,]);}}} else {$form_messages = $form->getMessages('captcha');if(!empty($form_messages)) {return new JsonModel(['success' => false,'data' => 'ERROR_RECAPTCHA_EMPTY']);}$messages = [];$form_messages = (array) $form->getMessages();foreach($form_messages as $fieldname => $field_messages){$messages[$fieldname] = array_values($field_messages);}return new JsonModel(['success' => false,'data' => $messages]);}}/*if($request->isGet()) {if(empty($_SESSION['aes'])) {$_SESSION['aes'] = Functions::generatePassword(16);}if($this->config['leaderslinked.runmode.sandbox']) {$site_key = $this->config['leaderslinked.google_captcha.sandbox_site_key'];} else {$site_key = $this->config['leaderslinked.google_captcha.production_site_key'];}$form = new ForgotPasswordForm($this->config);$this->layout()->setTemplate('layout/auth.phtml');$viewModel = new ViewModel();$viewModel->setTemplate('leaders-linked/auth/signin.phtml');$viewModel->setVariables(['form' => $form,'site_key' => $site_key,'aes' => $_SESSION['aes'],]);return $viewModel ;}*/if($request->isGet()) {if(empty($_SESSION['aes'])) {$_SESSION['aes'] = Functions::generatePassword(16);}if($this->config['leaderslinked.runmode.sandbox']) {$site_key = $this->config['leaderslinked.google_captcha.sandbox_site_key'];} else {$site_key = $this->config['leaderslinked.google_captcha.production_site_key'];}$email = isset($_COOKIE['email']) ? $_COOKIE['email'] : '';$remember = $email ? true : false;$form = new SigninForm($this->config);$form->setData(['email' => $email,'remember' => $remember,]);$this->layout()->setTemplate('layout/auth.phtml');$viewModel = new ViewModel();$viewModel->setTemplate('leaders-linked/auth/signin.phtml');$viewModel->setVariables(['form' => $form,'site_key' => $site_key,'aes' => $_SESSION['aes'],'defaultNetwork' => $currentNetwork->default,]);return $viewModel ;}return new JsonModel(['success' => false,'data' => 'ERROR_METHOD_NOT_ALLOWED']);}public function signupAction(){$currentNetworkPlugin = $this->plugin('currentNetworkPlugin');$currentNetwork = $currentNetworkPlugin->getNetwork();$request = $this->getRequest();if($request->isPost()) {$dataPost = $request->getPost()->toArray();if(empty($_SESSION['aes'])) {return new JsonModel(['success' => false,'data' => 'ERROR_WEBSERVICE_ENCRYPTION_KEYS_NOT_FOUND']);}if(!empty( $dataPost['email'])) {$dataPost['email'] = CryptoJsAes::decrypt( $dataPost['email'], $_SESSION['aes']);}if(!empty( $dataPost['password'])) {$dataPost['password'] = CryptoJsAes::decrypt( $dataPost['password'], $_SESSION['aes']);}if(!empty( $dataPost['confirmation'])) {$dataPost['confirmation'] = CryptoJsAes::decrypt( $dataPost['confirmation'], $_SESSION['aes']);}if(empty($dataPost['is_adult'])) {$dataPost['is_adult'] = User::IS_ADULT_NO;} else {$dataPost['is_adult'] = $dataPost['is_adult'] == User::IS_ADULT_YES ? User::IS_ADULT_YES : User::IS_ADULT_NO;}$form = new SignupForm($this->config);$form->setData($dataPost);if($form->isValid()) {$dataPost = (array) $form->getData();$email = $dataPost['email'];$userMapper = UserMapper::getInstance($this->adapter);$user = $userMapper->fetchOneByEmailAndNetworkId($email, $currentNetwork->id);if($user) {$this->logger->err('Registro ' . $email . '- Email ya existe ', ['ip' => Functions::getUserIP()]);return new JsonModel(['success' => false,'data' => 'ERROR_EMAIL_IS_REGISTERED']);} else {$user_share_invitation = $this->cache->getItem('user_share_invitation');if($user_share_invitation) {$userRedirect = $userMapper->fetchOneByUuid($user_share_invitation);if($userRedirect && $userRedirect->status == User::STATUS_ACTIVE) {$password_hash = password_hash($dataPost['password'], PASSWORD_DEFAULT);$user = new User();$user->network_id = $currentNetwork->id;$user->email = $dataPost['email'];$user->first_name = $dataPost['first_name'];$user->last_name = $dataPost['last_name'];$user->usertype_id = UserType::USER;$user->password = $password_hash;$user->password_updated_on = date('Y-m-d H:i:s');$user->status = User::STATUS_ACTIVE;$user->blocked = User::BLOCKED_NO;$user->email_verified = User::EMAIL_VERIFIED_YES;$user->login_attempt = 0;$user->is_adult = $dataPost['is_adult'];$user->request_access = User::REQUEST_ACCESS_APPROVED;if($userMapper->insert($user)) {$userPassword = new UserPassword();$userPassword->user_id = $user->id;$userPassword->password = $password_hash;$userPasswordMapper = UserPasswordMapper::getInstance($this->adapter);$userPasswordMapper->insert($userPassword);$connectionMapper = ConnectionMapper::getInstance($this->adapter);$connection = $connectionMapper->fetchOneByUserId1AndUserId2($user->id, $userRedirect->id);if($connection) {if($connection->status != Connection::STATUS_ACCEPTED) {$connectionMapper->approve($connection);}} else {$connection = new Connection();$connection->request_from = $user->id;$connection->request_to = $userRedirect->id;$connection->status = Connection::STATUS_ACCEPTED;$connectionMapper->insert($connection);}$this->cache->removeItem('user_share_invitation');$data = ['success' => true,'data' => $this->url()->fromRoute('home'),];$this->logger->info('Registro con Exito ', ['user_id' => $user->id, 'ip' => Functions::getUserIP()]);return new JsonModel($data);}}}$timestamp = time();$activation_key = sha1($dataPost['email'] . uniqid() . $timestamp);$password_hash = password_hash($dataPost['password'], PASSWORD_DEFAULT);$user = new User();$user->network_id = $currentNetwork->id;$user->email = $dataPost['email'];$user->first_name = $dataPost['first_name'];$user->last_name = $dataPost['last_name'];$user->usertype_id = UserType::USER;$user->password = $password_hash;$user->password_updated_on = date('Y-m-d H:i:s');$user->activation_key = $activation_key;$user->status = User::STATUS_INACTIVE;$user->blocked = User::BLOCKED_NO;$user->email_verified = User::EMAIL_VERIFIED_NO;$user->login_attempt = 0;if($currentNetwork->default == Network::DEFAULT_YES) {$user->request_access = User::REQUEST_ACCESS_APPROVED;} else {$user->request_access = User::REQUEST_ACCESS_PENDING;}if($userMapper->insert($user)) {$userPassword = new UserPassword();$userPassword->user_id = $user->id;$userPassword->password = $password_hash;$userPasswordMapper = UserPasswordMapper::getInstance($this->adapter);$userPasswordMapper->insert($userPassword);$emailTemplateMapper = EmailTemplateMapper::getInstance($this->adapter);$emailTemplate = $emailTemplateMapper->fetchOneByCodeAndNetworkId(EmailTemplate::CODE_USER_REGISTER, $currentNetwork->id);if($emailTemplate) {$arrayCont = ['firstname' => $user->first_name,'lastname' => $user->last_name,'other_user_firstname' => '','other_user_lastname' => '','company_name' => '','group_name' => '','content' => '','code' => '','link' => $this->url()->fromRoute('activate-account', ['code' => $user->activation_key], ['force_canonical' => true])];$email = new QueueEmail($this->adapter);$email->processEmailTemplate($emailTemplate, $arrayCont, $user->email, trim($user->first_name . ' ' . $user->last_name));}$flashMessenger = $this->plugin('FlashMessenger');$flashMessenger->addSuccessMessage('LABEL_REGISTRATION_DONE');$this->logger->info('Registro con Exito ', ['user_id' => $user->id, 'ip' => Functions::getUserIP()]);return new JsonModel(['success' => true,]);} else {$this->logger->err('Registro ' . $email . '- Ha ocurrido un error ', ['ip' => Functions::getUserIP()]);return new JsonModel(['success' => false,'data' => 'ERROR_THERE_WAS_AN_ERROR']);}}} else {$form_messages = $form->getMessages('captcha');if(!empty($form_messages)) {return new JsonModel(['success' => false,'data' => 'ERROR_RECAPTCHA_EMPTY']);}$messages = [];$form_messages = (array) $form->getMessages();foreach($form_messages as $fieldname => $field_messages){$messages[$fieldname] = array_values($field_messages);}return new JsonModel(['success' => false,'data' => $messages]);}}/*if($request->isGet()) {if(empty($_SESSION['aes'])) {$_SESSION['aes'] = Functions::generatePassword(16);}if($this->config['leaderslinked.runmode.sandbox']) {$site_key = $this->config['leaderslinked.google_captcha.sandbox_site_key'];} else {$site_key = $this->config['leaderslinked.google_captcha.production_site_key'];}$form = new SignupForm($this->config);$this->layout()->setTemplate('layout/auth.phtml');$viewModel = new ViewModel();$viewModel->setTemplate('leaders-linked/auth/signup.phtml');$viewModel->setVariables(['form' => $form,'site_key' => $site_key,'aes' => $_SESSION['aes'],]);return $viewModel ;} */if($request->isGet()) {if(empty($_SESSION['aes'])) {$_SESSION['aes'] = Functions::generatePassword(16);}if($this->config['leaderslinked.runmode.sandbox']) {$site_key = $this->config['leaderslinked.google_captcha.sandbox_site_key'];} else {$site_key = $this->config['leaderslinked.google_captcha.production_site_key'];}$email = isset($_COOKIE['email']) ? $_COOKIE['email'] : '';$remember = $email ? true : false;$form = new SigninForm($this->config);$form->setData(['email' => $email,'remember' => $remember,]);$this->layout()->setTemplate('layout/auth.phtml');$viewModel = new ViewModel();$viewModel->setTemplate('leaders-linked/auth/signin.phtml');$viewModel->setVariables(['form' => $form,'site_key' => $site_key,'aes' => $_SESSION['aes'],'defaultNetwork' => $currentNetwork->default,]);return $viewModel ;}return new JsonModel(['success' => false,'data' => 'ERROR_METHOD_NOT_ALLOWED']);}public function activateAccountAction(){$currentNetworkPlugin = $this->plugin('currentNetworkPlugin');$currentNetwork = $currentNetworkPlugin->getNetwork();$request = $this->getRequest();if($request->isGet()) {$code = filter_var($this->params()->fromRoute('code'), FILTER_SANITIZE_STRING);$userMapper = UserMapper::getInstance($this->adapter);$user = $userMapper->fetchOneByActivationKeyAndNetworkId($code, $currentNetwork->id);$flashMessenger = $this->plugin('FlashMessenger');if($user) {if(User::EMAIL_VERIFIED_YES == $user->email_verified) {$this->logger->err('Verificación email - El código ya habia sido verificao ', ['user_id' => $user->id, 'ip' => Functions::getUserIP()]);$flashMessenger->addErrorMessage('ERROR_EMAIL_HAS_BEEN_PREVIOUSLY_VERIFIED');} else {if($userMapper->activateAccount((int) $user->id)) {$this->logger->info('Verificación email realizada ', ['user_id' => $user->id, 'ip' => Functions::getUserIP()]);$user_share_invitation = $this->cache->getItem('user_share_invitation');if($user_share_invitation) {$userRedirect = $userMapper->fetchOneByUuid($user_share_invitation);if($userRedirect && $userRedirect->status == User::STATUS_ACTIVE && $user->id != $userRedirect->id) {$connectionMapper = ConnectionMapper::getInstance($this->adapter);$connection = $connectionMapper->fetchOneByUserId1AndUserId2($user->id, $userRedirect->id);if($connection) {if($connection->status != Connection::STATUS_ACCEPTED) {$connectionMapper->approve($connection);}} else {$connection = new Connection();$connection->request_from = $user->id;$connection->request_to = $userRedirect->id;$connection->status = Connection::STATUS_ACCEPTED;$connectionMapper->insert($connection);}}}$this->cache->removeItem('user_share_invitation');if($currentNetwork->default == Network::DEFAULT_YES) {$flashMessenger->addSuccessMessage('LABEL_YOUR_EMAIL_HAS_BEEN_VERIFIED');} else {$emailTemplateMapper = EmailTemplateMapper::getInstance($this->adapter);$emailTemplate = $emailTemplateMapper->fetchOneByCodeAndNetworkId(EmailTemplate::CODE_REQUEST_ACCESS_PENDING, $currentNetwork->id);if($emailTemplate) {$arrayCont = ['firstname' => $user->first_name,'lastname' => $user->last_name,'other_user_firstname' => '','other_user_lastname' => '','company_name' => '','group_name' => '','content' => '','code' => '','link' => '',];$email = new QueueEmail($this->adapter);$email->processEmailTemplate($emailTemplate, $arrayCont, $user->email, trim($user->first_name . ' ' . $user->last_name));}$flashMessenger->addSuccessMessage('LABEL_YOUR_EMAIL_HAS_BEEN_VERIFIED_WE_ARE_VERIFYING_YOUR_INFORMATION');}} else {$this->logger->err('Verificación email - Ha ocurrido un error ', ['user_id' => $user->id, 'ip' => Functions::getUserIP()]);$flashMessenger->addErrorMessage('ERROR_THERE_WAS_AN_ERROR');}}} else {$this->logger->err('Verificación email - El código no existe ', ['ip' => Functions::getUserIP()]);$flashMessenger->addErrorMessage('ERROR_ACTIVATION_CODE_IS_NOT_VALID');}return $this->redirect()->toRoute('home');} else {$response = ['success' => false,'data' => 'ERROR_METHOD_NOT_ALLOWED'];}return new JsonModel($response);}public function onroomAction(){$currentNetworkPlugin = $this->plugin('currentNetworkPlugin');$currentNetwork = $currentNetworkPlugin->getNetwork();$request = $this->getRequest();if($request->isPost()) {$dataPost = $request->getPost()->toArray();$form = new MoodleForm();$form->setData($dataPost);if($form->isValid()) {$dataPost = (array) $form->getData();$username = $dataPost['username'];$password = $dataPost['password'];$timestamp = $dataPost['timestamp'];$rand = $dataPost['rand'];$data = $dataPost['data'];$config_username = $this->config['leaderslinked.moodle.username'];$config_password = $this->config['leaderslinked.moodle.password'];$config_rsa_n = $this->config['leaderslinked.moodle.rsa_n'];$config_rsa_d = $this->config['leaderslinked.moodle.rsa_d'];$config_rsa_e = $this->config['leaderslinked.moodle.rsa_e'];if(empty($username) || empty($password) || empty($timestamp) || empty($rand) || !is_integer($rand)) {echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY1']) ;exit;}if($username != $config_username) {echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY2']) ;exit;}$dt = \DateTime::createFromFormat('Y-m-d\TH:i:s', $timestamp);if(!$dt) {echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY3']) ;exit;}$t0 = $dt->getTimestamp();$t1 = strtotime('-5 minutes');$t2 = strtotime('+5 minutes');if($t0 < $t1 || $t0 > $t2) {//echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY4']) ;//exit;}if(!password_verify( $username.'-'. $config_password . '-' . $rand. '-' . $timestamp, $password)) {echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY5']) ;exit;}if(empty($data)) {echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS1']) ;exit;}$data = base64_decode($data);if(empty($data)) {echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS2']) ;exit;}try {$rsa = Rsa::getInstance();$data = $rsa->decrypt($data, $config_rsa_d, $config_rsa_n);} catch (\Throwable $e){echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS3']) ;exit;}$data = (array) json_decode($data);if(empty($data)) {echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS4']) ;exit;}$email = trim(isset($data['email']) ? filter_var($data['email'], FILTER_SANITIZE_EMAIL) : '');$first_name = trim(isset($data['first_name']) ? filter_var($data['first_name'], FILTER_SANITIZE_STRING) : '');$last_name = trim(isset($data['last_name']) ? filter_var($data['last_name'], FILTER_SANITIZE_STRING) : '');if(!filter_var($email, FILTER_VALIDATE_EMAIL) || empty($first_name) || empty($last_name)) {echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS5']) ;exit;}$userMapper = UserMapper::getInstance($this->adapter);$user = $userMapper->fetchOneByEmail($email);if(!$user) {$user = new User();$user->network_id = $currentNetwork->id;$user->blocked = User::BLOCKED_NO;$user->email = $email;$user->email_verified = User::EMAIL_VERIFIED_YES;$user->first_name = $first_name;$user->last_name = $last_name;$user->login_attempt = 0;$user->password = '-NO-PASSWORD-';$user->usertype_id = UserType::USER;$user->status = User::STATUS_ACTIVE;$user->show_in_search = User::SHOW_IN_SEARCH_YES;if($userMapper->insert($user)) {echo json_encode(['success' => false, 'data' => $userMapper->getError()]) ;exit;}$filename = trim(isset($data['avatar_filename']) ? filter_var($data['avatar_filename'], FILTER_SANITIZE_EMAIL) : '');$content = trim(isset($data['avatar_content']) ? filter_var($data['avatar_content'], FILTER_SANITIZE_STRING) : '');if($filename && $content) {$source = sys_get_temp_dir() . DIRECTORY_SEPARATOR . $filename;try {file_put_contents($source, base64_decode($content));if (file_exists($source)) {$target_path = $this->config['leaderslinked.fullpath.user'] . $user->uuid;list( $target_width, $target_height ) = explode('x', $this->config['leaderslinked.image_sizes.user_size']);$target_filename = 'user-' . uniqid() . '.png';$crop_to_dimensions = true;if(!Image::uploadImage($source, $target_path, $target_filename, $target_width, $target_height, $crop_to_dimensions)) {return new JsonModel(['success' => false,'data' => 'ERROR_THERE_WAS_AN_ERROR']);}$user->image = $target_filename;$userMapper->updateImage($user);}} catch(\Throwable $e) {} finally {if(file_exists($source)) {unlink($source);}}}}$auth = new AuthEmailAdapter($this->adapter);$auth->setData($email);$result = $auth->authenticate();if($result->getCode() == AuthResult::SUCCESS) {return $this->redirect()->toRoute('dashboard');} else {$message = $result->getMessages()[0];if(!in_array($message, ['ERROR_USER_NOT_FOUND', 'ERROR_USER_EMAIL_HASNT_BEEN_VARIFIED', 'ERROR_USER_IS_BLOCKED','ERROR_USER_IS_INACTIVE', 'ERROR_ENTERED_PASS_INCORRECT_USER_IS_BLOCKED', 'ERROR_ENTERED_PASS_INCORRECT_2','ERROR_ENTERED_PASS_INCORRECT_1'])) {}switch($message){case 'ERROR_USER_NOT_FOUND' :$this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - Email no existe', ['ip' => Functions::getUserIP()]);break;case 'ERROR_USER_EMAIL_HASNT_BEEN_VARIFIED' :$this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - Email no verificado', ['ip' => Functions::getUserIP()]);break;case 'ERROR_USER_IS_BLOCKED' :$this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - Usuario bloqueado', ['ip' => Functions::getUserIP()]);break;case 'ERROR_USER_IS_INACTIVE' :$this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - Usuario inactivo', ['ip' => Functions::getUserIP()]);break;case 'ERROR_ENTERED_PASS_INCORRECT_USER_IS_BLOCKED':$this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - 3er Intento Usuario bloqueado', ['ip' => Functions::getUserIP()]);break;case 'ERROR_ENTERED_PASS_INCORRECT_2' :$this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - 1er Intento', ['ip' => Functions::getUserIP()]);break;case 'ERROR_ENTERED_PASS_INCORRECT_1' :$this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - 2do Intento', ['ip' => Functions::getUserIP()]);break;default :$message = 'ERROR_UNKNOWN';$this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - Error desconocido', ['ip' => Functions::getUserIP()]);break;}return new JsonModel( ['success' => false,'data' => $message]);}} else {$messages = [];$form_messages = (array) $form->getMessages();foreach($form_messages as $fieldname => $field_messages){$messages[$fieldname] = array_values($field_messages);}return new JsonModel(['success' => false,'data' => $messages]);}} else {$data = ['success' => false,'data' => 'ERROR_METHOD_NOT_ALLOWED'];return new JsonModel($data);}return new JsonModel($data);}public function csrfAction(){$request = $this->getRequest();if($request->isGet()) {$token = md5(uniqid('CSFR-' . mt_rand(), true));$_SESSION['token'] = $token;return new JsonModel(['success' => true,'data' => $token]);} else {return new JsonModel(['success' => false,'data' => 'ERROR_METHOD_NOT_ALLOWED']);}}public function impersonateAction(){$request = $this->getRequest();if($request->isGet()) {$user_uuid = filter_var($this->params()->fromQuery('user_uuid'), FILTER_SANITIZE_STRING);$rand = filter_var($this->params()->fromQuery('rand'), FILTER_SANITIZE_NUMBER_INT);$timestamp = filter_var($this->params()->fromQuery('time'), FILTER_SANITIZE_NUMBER_INT);$password = filter_var($this->params()->fromQuery('password'), FILTER_SANITIZE_STRING);if(!$user_uuid || !$rand || !$timestamp || !$password ) {throw new \Exception('ERROR_PARAMETERS_ARE_INVALID');}$currentUserPlugin = $this->plugin('currentUserPlugin');$currentUserPlugin->clearIdentity();$authAdapter = new AuthImpersonateAdapter($this->adapter, $this->config);$authAdapter->setDataAdmin($user_uuid, $password, $timestamp, $rand);$authService = new AuthenticationService();$result = $authService->authenticate($authAdapter);if($result->getCode() == AuthResult::SUCCESS) {return $this->redirect()->toRoute('dashboard');} else {throw new \Exception($result->getMessages()[0]);}}return new JsonModel(['success' => false,'data' => 'ERROR_METHOD_NOT_ALLOWED']);}}