Will strip the base path off and replace any double /'s.
It will not unify the casing and underscoring of the input value.
/**
* Calls a controller's method from any location. Can be used to connect controllers together
* or tie plugins into a main application. requestAction can be used to return rendered views
* or fetch the return value from controller actions.
*
* Under the hood this method uses Router::reverse() to convert the $url parameter into a string
* URL. You should use URL formats that are compatible with Router::reverse()
*
* #### Passing POST and GET data
*
* POST and GET data can be simulated in requestAction. Use `$extra['url']` for
* GET data. The `$extra['data']` parameter allows POST data simulation.
*
* @param string|array $url String or array-based url. Unlike other url arrays in CakePHP, this
* url will not automatically handle passed and named arguments in the $url parameter.
* @param array $extra if array includes the key "return" it sets the AutoRender to true. Can
* also be used to submit GET/POST data, and named/passed arguments.
* @return mixed Boolean true or false on success/failure, or contents
* of rendered action if 'return' is set in $extra.
*/
public function requestAction($url, $extra = array())
{
if (empty($url)) {
return false;
}
App::uses('Dispatcher', 'Routing');
if (($index = array_search('return', $extra)) !== false) {
$extra['return'] = 0;
$extra['autoRender'] = 1;
unset($extra[$index]);
}
if (is_array($url) && !isset($extra['url'])) {
$extra['url'] = array();
}
$extra = array_merge(array('autoRender' => 0, 'return' => 1, 'bare' => 1, 'requested' => 1), $extra);
$data = isset($extra['data']) ? $extra['data'] : null;
unset($extra['data']);
if (is_string($url) && strpos($url, FULL_BASE_URL) === 0) {
$url = Router::normalize(str_replace(FULL_BASE_URL, '', $url));
}
if (is_string($url)) {
$request = new CakeRequest($url);
} elseif (is_array($url)) {
$params = $url + array('pass' => array(), 'named' => array(), 'base' => false);
$params = array_merge($params, $extra);
$request = new CakeRequest(Router::reverse($params), false);
}
if (isset($data)) {
$request->data = $data;
}
$dispatcher = new Dispatcher();
$result = $dispatcher->dispatch($request, new CakeResponse(), $extra);
Router::popRequest();
return $result;
}
public function beforeSave($options = array())
{
if (isset($this->data[$this->alias]['url'])) {
$url = Router::normalize($this->data[$this->alias]['url']);
$this->data[$this->alias]['url'] = $url;
}
return true;
}
/**
* Convenience method to display a 403 page.
*
* @param array $params Parameters for controller
* @access public
*/
function error403($params)
{
extract($params, EXTR_OVERWRITE);
if (!isset($url)) {
$url = $this->controller->here;
}
$url = Router::normalize($url);
$this->controller->header("HTTP/1.0 403 Forbidden");
$this->controller->set(array('title_for_layout' => __t('Forbidden'), 'title' => __t('403 Forbidden'), 'url' => h($url)));
$this->_outputMessage('error403');
}
public function forbidden($params)
{
extract($params, EXTR_OVERWRITE);
if (!isset($url)) {
$url = $this->controller->here;
}
$url = Router::normalize($url);
$this->controller->header("HTTP/1.0 403 Forbidden");
$this->controller->set(array('code' => '403', 'name' => __('Forbidden', true), 'message' => h($url), 'base' => $this->controller->base));
$this->_outputMessage('forbidden');
}
/**
* reverse a request from the params
*/
public static function reverseParams($request)
{
// it's annoying that there's no way to get a url from params
unset($request['alias']);
// for backwards compatibility
$url = $request;
unset($url['pass']);
$passed = implode('/', $request['pass']);
$passed = !empty($passed) ? '/' . $passed : null;
unset($url['named']);
$named = str_replace(array('[]', '{"', '":"', '","', '"}'), array('', '/', ':', '/', ''), json_encode($request['named']));
return Router::normalize(implode('/', $url) . $passed . $named);
}
/**
* Allows/denies access to the action according to the permissions
* set. It only checks wheter it's a public action or controlled
* access action.
*
* @access public
* @param object $controller
* @return void
*/
function startup(&$controller)
{
if (isset($controller->JjAuth)) {
$allowAccess = empty($this->thisSection['permissions']) || $controller->JjAuth->can($this->thisSection['permissions']);
if ($allowAccess) {
$controller->JjAuth->allow($controller->params['action']);
} else {
if (Router::normalize($controller->here) == Router::normalize($controller->JjAuth->loginRedirect)) {
$controller->JjAuth->logout();
}
$controller->JjAuth->deny($controller->params['action']);
}
}
}
/**
* Log a user out.
*
* Returns the logout action to redirect to. Triggers the logout() method of
* all the authenticate objects, so they can perform custom logout logic.
* AuthComponent will remove the session data, so there is no need to do that
* in an authentication object. Logging out will also renew the session id.
* This helps mitigate issues with session replays.
*
* @return string AuthComponent::$logoutRedirect
* @see AuthComponent::$logoutRedirect
* @link http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#logging-users-out
*/
public function logout()
{
$this->_setDefaults();
if (empty($this->_authenticateObjects)) {
$this->constructAuthenticate();
}
$user = $this->user();
foreach ($this->_authenticateObjects as $auth) {
$auth->logout($user);
}
$this->Session->delete(static::$sessionKey);
$this->Session->delete('Auth.redirect');
$this->Session->renew();
return Router::normalize($this->logoutRedirect);
}
/**
* Convenience method to display a 500 page.
*
* @param array $params Parameters for controller
* @access public
*/
function error500($params) {
extract($params, EXTR_OVERWRITE);
if (!isset($url)) {
$url = $this->controller->here;
}
$url = Router::normalize($url);
$this->controller->header("HTTP/1.0 500 Internal Server Error");
$this->controller->set(array(
'code' => '500',
'name' => __('An Internal Error Has Occurred', true),
'message' => h($url),
'base' => $this->controller->base
));
$this->_outputMessage('error500');
}
/**
* Auth Login page
*/
public function admin_login()
{
if (Configure::read('Backend.Auth.enabled') !== true) {
if (isset($this->Auth)) {
$this->redirect($this->Auth->loginAction);
} else {
$this->redirect('/');
}
}
$this->layout = "Backend.auth";
$defaultRedirect = Configure::read('Backend.Dashboard.url') ? Configure::read('Backend.Dashboard.url') : array('plugin' => 'backend', 'controller' => 'backend', 'action' => 'dashboard');
$redirect = false;
if ($this->request->is('post')) {
if (!$this->Auth->login()) {
//Event Backend.Auth.onLoginFail
$eventData = array('user' => $this->request->data['BackendUser'], 'ip' => $this->request->clientIp());
// $event = new CakeEvent('Backend.Controller.Auth.onLoginFail', $this, $eventData);
// $this->getEventManager()->dispatch($event);
$this->Session->setFlash(__d('backend', 'Login failed'), 'error', array(), 'auth');
} else {
//Event Backend.Auth.onLogin
$event = new CakeEvent('Backend.Controller.Auth.onLogin', $this, $this->Auth->user());
//$this->getEventManager()->dispatch($event);
$this->Session->setFlash(__d('backend', 'Login successful'), 'success');
if ($this->Auth->user('lastlogin')) {
$this->Session->setFlash(__d('backend', 'Last login: %s', CakeTime::timeAgoInWords($this->Auth->user('last_login'))), 'default', array(), 'auth');
}
//TODO should the event result return an redirect url?
if ($event->result) {
$redirect = $event->result;
} else {
$redirect = $this->Auth->redirect();
}
$redirect = Router::normalize($redirect);
if ($redirect == '/' || !preg_match('/^\\/admin\\//', $redirect) || $redirect == '/admin/backend') {
$redirect = $defaultRedirect;
}
$this->redirect($redirect);
}
} elseif ($this->Auth->user()) {
$redirect = $this->referer($defaultRedirect, true);
$this->redirect($redirect);
}
$this->set(compact('redirect'));
}
public function beforeRender($viewFile)
{
if (isset($this->request->params['admin'])) {
return;
}
$url = Router::normalize($this->request->url);
$Url = ClassRegistry::init('Seolite.SeoLiteUrl');
$data = $Url->find('first', array('fields' => array('id', 'url'), 'recursive' => -1, 'contain' => 'Meta', 'conditions' => array('url' => $url, 'status' => true), 'cache' => array('name' => 'urlmeta_' . Inflector::slug($url), 'config' => 'seo_lite')));
if (isset($data['CustomFields'])) {
$metas = array();
foreach ($data['CustomFields'] as $key => $value) {
if (strpos($key, 'meta_') !== false) {
$metas[str_replace('meta_', '', $key)] = $value;
}
}
Configure::write('Meta', $metas);
}
}
function redirect($url = null)
{
// if (!is_null($url)) {
// $redir = $url;
// $this->Session->write('Auth.redirect', $redir);
// } elseif ($this->Session->check('Auth.redirect')) {
// $redir = $this->Session->read('Auth.redirect');
// $this->Session->delete('Auth.redirect');
//
// if (Router::normalize($redir) == Router::normalize($this->loginAction)) {
// $redir = $this->loginRedirect;
// }
// } else {
// $redir = $this->loginRedirect;
// }
$this->successedRedirect = array(Configure::read('Routing.admin') => true, 'controller' => 'dashboard', 'action' => 'index');
// var_dump($this->successedRedirect);
return Router::normalize($this->successedRedirect);
}
/**
* check method
*
* If they're trying to logout - delete the remember me cookie if it exists and disable further processing
* If there's already a user logged in, there's nothing this component needs to do so disable the component
* Else check for cookie data, and attempt to log in if found
*
* @return void
* @access public
*/
function check()
{
if (!isset($this->Controller)) {
return;
}
$url = Router::normalize($this->Controller->params['url']);
if ($url === Router::normalize($this->settings['auth']['logoutAction'])) {
$this->Controller->Auth->logout();
$this->_cookieDestroy();
$this->log('Disabling - logging out');
$this->enabled = false;
return;
}
if ($this->__authUserId) {
$this->log('Disabling - User already logged in');
$this->enabled = false;
return;
}
if ($this->Auth->Session->started() && $this->_cookieAuth()) {
$this->log('Disabling - Nothing else to do');
$this->enabled = false;
return;
}
if ($url === Router::normalize($this->settings['auth']['loginAction'])) {
$this->enabled = true;
return;
}
$this->enabled = false;
}
/**
* Test the user login
*
* @return void
*/
public function testUserLogin()
{
$this->Users->request->params['action'] = 'login';
$this->__setPost(array('User' => $this->usersData['admin']));
$this->Users->request->url = '/users/users/login';
$this->Collection = $this->getMock('ComponentCollection');
$this->Users->Auth = $this->getMock('AuthComponent', array('login', 'user', 'redirect'), array($this->Collection));
$this->Users->Auth->expects($this->once())->method('login')->will($this->returnValue(true));
$this->Users->Auth->staticExpects($this->at(0))->method('user')->with('id')->will($this->returnValue(1));
$this->Users->Auth->staticExpects($this->at(1))->method('user')->with('username')->will($this->returnValue('adminuser'));
$this->Users->Auth->expects($this->once())->method('redirect')->with(null)->will($this->returnValue(Router::normalize('/')));
$this->Users->Session = $this->getMock('SessionComponent', array('setFlash'), array($this->Collection));
$this->Users->Session->expects($this->any())->method('setFlash')->with(__d('users', 'adminuser you have successfully logged in'));
$this->Users->RememberMe = $this->getMock('RememberMeComponent', array(), array($this->Collection));
$this->Users->RememberMe->expects($this->any())->method('destroyCookie');
$this->Users->login();
$this->assertEqual(Router::normalize($this->Users->redirectUrl), Router::normalize(Router::url($this->Users->Auth->loginRedirect)));
}
/**
* testLoginRedirect method
*
* @access public
* @return void
*/
function testLoginRedirect()
{
if (isset($_SERVER['HTTP_REFERER'])) {
$backup = $_SERVER['HTTP_REFERER'];
} else {
$backup = null;
}
$_SERVER['HTTP_REFERER'] = false;
$this->Controller->Session->write('Auth', array('AuthUser' => array('id' => '1', 'username' => 'nate')));
$this->Controller->params = Router::parse('users/login');
$this->Controller->params['url']['url'] = 'users/login';
$this->Controller->Auth->initialize($this->Controller);
$this->Controller->Auth->userModel = 'AuthUser';
$this->Controller->Auth->loginRedirect = array('controller' => 'pages', 'action' => 'display', 'welcome');
$this->Controller->Auth->startup($this->Controller);
$expected = Router::normalize($this->Controller->Auth->loginRedirect);
$this->assertEqual($expected, $this->Controller->Auth->redirect());
$this->Controller->Session->del('Auth');
$this->Controller->params['url']['url'] = 'admin/';
$this->Controller->Auth->initialize($this->Controller);
$this->Controller->Auth->userModel = 'AuthUser';
$this->Controller->Auth->loginRedirect = null;
$this->Controller->Auth->startup($this->Controller);
$expected = Router::normalize('admin/');
$this->assertTrue($this->Controller->Session->check('Message.auth'));
$this->assertEqual($expected, $this->Controller->Auth->redirect());
$this->Controller->Session->del('Auth');
//empty referer no session
$_SERVER['HTTP_REFERER'] = false;
$_ENV['HTTP_REFERER'] = false;
putenv('HTTP_REFERER=');
$url = '/posts/view/1';
$this->Controller->Session->write('Auth', array('AuthUser' => array('id' => '1', 'username' => 'nate')));
$this->Controller->testUrl = null;
$this->Controller->params = Router::parse($url);
array_push($this->Controller->methods, 'view', 'edit', 'index');
$this->Controller->Auth->initialize($this->Controller);
$this->Controller->Auth->authorize = 'controller';
$this->Controller->params['testControllerAuth'] = true;
$this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
$this->Controller->Auth->userModel = 'AuthUser';
$this->Controller->Auth->startup($this->Controller);
$expected = Router::normalize('/');
$this->assertEqual($expected, $this->Controller->testUrl);
$this->Controller->Session->del('Auth');
$_SERVER['HTTP_REFERER'] = Router::url('/admin/', true);
$this->Controller->Session->write('Auth', array('AuthUser' => array('id' => '1', 'username' => 'nate')));
$this->Controller->params['url']['url'] = 'auth_test/login';
$this->Controller->Auth->initialize($this->Controller);
$this->Controller->Auth->loginAction = 'auth_test/login';
$this->Controller->Auth->userModel = 'AuthUser';
$this->Controller->Auth->loginRedirect = false;
$this->Controller->Auth->startup($this->Controller);
$expected = Router::normalize('/admin');
$this->assertEqual($expected, $this->Controller->Auth->redirect());
//Ticket #4750
//named params
$this->Controller->Session->del('Auth');
$url = '/posts/index/year:2008/month:feb';
$this->Controller->params = Router::parse($url);
$this->Controller->params['url']['url'] = Router::normalize($url);
$this->Controller->Auth->initialize($this->Controller);
$this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
$this->Controller->Auth->userModel = 'AuthUser';
$this->Controller->Auth->startup($this->Controller);
$expected = Router::normalize('posts/index/year:2008/month:feb');
$this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect'));
//passed args
$this->Controller->Session->del('Auth');
$url = '/posts/view/1';
$this->Controller->params = Router::parse($url);
$this->Controller->params['url']['url'] = Router::normalize($url);
$this->Controller->Auth->initialize($this->Controller);
$this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
$this->Controller->Auth->userModel = 'AuthUser';
$this->Controller->Auth->startup($this->Controller);
$expected = Router::normalize('posts/view/1');
$this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect'));
// QueryString parameters
$this->Controller->Session->del('Auth');
$url = '/posts/index/29?print=true&refer=menu';
$this->Controller->params = Router::parse($url);
$this->Controller->params['url']['url'] = Router::normalize($url);
$this->Controller->Auth->initialize($this->Controller);
$this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
$this->Controller->Auth->userModel = 'AuthUser';
$this->Controller->Auth->startup($this->Controller);
$expected = Router::normalize('posts/index/29?print=true&refer=menu');
$this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect'));
//external authed action
$_SERVER['HTTP_REFERER'] = 'http://webmail.example.com/view/message';
$this->Controller->Session->del('Auth');
$url = '/posts/edit/1';
$this->Controller->params = Router::parse($url);
$this->Controller->params['url']['url'] = Router::normalize($url);
$this->Controller->Auth->initialize($this->Controller);
$this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
$this->Controller->Auth->userModel = 'AuthUser';
$this->Controller->Auth->startup($this->Controller);
$expected = Router::normalize('/posts/edit/1');
$this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect'));
//external direct login link
$_SERVER['HTTP_REFERER'] = 'http://webmail.example.com/view/message';
$this->Controller->Session->del('Auth');
$url = '/AuthTest/login';
$this->Controller->params = Router::parse($url);
$this->Controller->params['url']['url'] = Router::normalize($url);
$this->Controller->Auth->initialize($this->Controller);
$this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
$this->Controller->Auth->userModel = 'AuthUser';
$this->Controller->Auth->startup($this->Controller);
$expected = Router::normalize('/');
$this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect'));
$_SERVER['HTTP_REFERER'] = $backup;
$this->Controller->Session->del('Auth');
}
/**
* test that the returned URL doesn't contain the base URL.
*
* @see https://cakephp.lighthouseapp.com/projects/42648/tickets/3922-authcomponentredirecturl-prepends-appbaseurl
*
* @return void This test method doesn't return anything.
*/
public function testRedirectUrlWithBaseSet()
{
$App = Configure::read('App');
Configure::write('App', array('dir' => APP_DIR, 'webroot' => WEBROOT_DIR, 'base' => false, 'baseUrl' => '/cake/index.php'));
$url = '/users/login';
$this->Auth->request = $this->Controller->request = new CakeRequest($url);
$this->Auth->request->addParams(Router::parse($url));
$this->Auth->request->url = Router::normalize($url);
Router::setRequestInfo($this->Auth->request);
$this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
$this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'home');
$result = $this->Auth->redirectUrl();
$this->assertEquals('/users/home', $result);
$this->assertFalse($this->Auth->Session->check('Auth.redirect'));
Configure::write('App', $App);
Router::reload();
}
/**
* beforeFilter後の動作
* @param AppController $controller
*/
function startup(&$controller)
{
$oauthStartAction = false;
if (isset($this->autoStartAction['oauthStart'])) {
$oauthStartAction = $this->autoStartAction['oauthStart'];
}
$oauthCallbackAction = false;
if (isset($this->autoStartAction['oauthCallback'])) {
$oauthCallbackAction = $this->autoStartAction['oauthCallback'];
}
if (!$oauthCallbackAction && !$oauthStartAction) {
return true;
}
$url = '';
if (isset($controller->params['url']['url'])) {
$url = Router::normalize($controller->params['url']['url']);
}
switch ($url) {
case $oauthStartAction:
$this->oauthStart();
break;
case $oauthCallbackAction:
$this->oauthCallback();
break;
}
}
function authorize_twitter()
{
if (!App::import('Lib', 'tmh_oauth')) {
$this->Session->setFlash(sprintf(__('Failed to load the %s library! Contact your system administrator.', true), 'Twitter OAuth'), 'default', array('class' => 'error'));
$this->redirect(array('action' => 'preferences'));
}
define('__DIR__', ROOT . DS . APP_DIR . DS . 'libs');
$tmhOAuth = new tmhOAuth(array('consumer_key' => Configure::read('twitter.consumer_key'), 'consumer_secret' => Configure::read('twitter.consumer_secret')));
if (!empty($this->params['url']['oauth_token'])) {
$response = $this->Session->read('Twitter.response');
$this->Session->delete('Twitter.response');
if ($this->params['url']['oauth_token'] !== $response['oauth_token']) {
$this->Session->setFlash(__('The oauth token you started with doesn\'t match the one you\'ve been redirected with. Do you have multiple tabs open?', true), 'default', array('class' => 'warning'));
$this->redirect(array('action' => 'preferences'));
}
if (!isset($this->params['url']['oauth_verifier'])) {
$this->Session->setFlash(__('The oauth verifier is missing so we cannot continue. Did you deny the appliction access?', true), 'default', array('class' => 'warning'));
$this->redirect(array('action' => 'preferences'));
}
// Update with the temporary token and secret
$tmhOAuth->reconfigure(array_merge($tmhOAuth->config, array('token' => $response['oauth_token'], 'secret' => $response['oauth_token_secret'])));
$code = $tmhOAuth->user_request(array('method' => 'POST', 'url' => $tmhOAuth->url('oauth/access_token', ''), 'params' => array('oauth_verifier' => trim($this->params['url']['oauth_verifier']))));
if ($code == 200) {
$oauth_creds = $tmhOAuth->extract_params($tmhOAuth->response['response']);
if ($this->Person->updateAll(array('twitter_token' => "'{$oauth_creds['oauth_token']}'", 'twitter_secret' => "'{$oauth_creds['oauth_token_secret']}'"), array('Person.id' => $this->UserCache->currentId()))) {
$this->Session->setFlash(sprintf(__('Your Twitter authorization has been completed. You can always revoke this at any time through the preferences page.', true), __('person', true)), 'default', array('class' => 'success'));
} else {
$this->Session->setFlash(sprintf(__('Twitter authorization was received, but the database failed to update.', true), __('person', true)), 'default', array('class' => 'warning'));
}
} else {
$this->Session->setFlash(__('There was an error communicating with Twitter.', true) . ' ' . $tmhOAuth->response['response'], 'default', array('class' => 'warning'));
}
$this->redirect(array('action' => 'preferences'));
} else {
$code = $tmhOAuth->apponly_request(array('without_bearer' => true, 'method' => 'POST', 'url' => $tmhOAuth->url('oauth/request_token', ''), 'params' => array('oauth_callback' => Router::url(Router::normalize($this->here), true))));
if ($code != 200) {
$this->Session->setFlash(__('There was an error communicating with Twitter.', true) . ' ' . $tmhOAuth->response['response'], 'default', array('class' => 'warning'));
$this->redirect(array('action' => 'preferences'));
}
// store the params into the session so they are there when we come back after the redirect
$response = $tmhOAuth->extract_params($tmhOAuth->response['response']);
// check the callback has been confirmed
if ($response['oauth_callback_confirmed'] !== 'true') {
$this->Session->setFlash(__('The callback was not confirmed by Twitter so we cannot continue.', true) . ' ' . $tmhOAuth->response['response'], 'default', array('class' => 'warning'));
$this->redirect(array('action' => 'preferences'));
} else {
$this->Session->write('Twitter.response', $response);
$this->redirect($tmhOAuth->url('oauth/authorize', '') . "?oauth_token={$response['oauth_token']}");
}
}
}
$ratings_newest = BRequest::getVar('s') == 'r' && BRequest::getVar('r') == 'n' ? 'active' : '';
$ratings_oldest = BRequest::getVar('s') == 'r' && BRequest::getVar('r') == 'o' && !BRequest::getVar('p', false) ? 'active' : '';
$ratings_rating = BRequest::getVar('s') == 'r' && !BRequest::getVar('r', false) ? 'active' : '';
$ratings_like = BRequest::getVar('s') == 'l' && BRequest::getVar('r') == 'o' ? 'active' : '';
$hight_low = BRequest::getVar('p') == 'h' && BRequest::getVar('s') == 'r' && BRequest::getVar('r') == 'o' ? 'active' : '';
$querystring = array();
$querystring['s'] = BRequest::getVar('s');
$querystring['p'] = BRequest::getVar('p');
$querystring['r'] = BRequest::getVar('r');
$parts = explode('?', $_SERVER['REQUEST_URI']);
$uri = $parts[0];
?>
<div class="index_filters">
<div style="width:80px;height:30px;position:relative;float:left;">
</div>
<div class="filters_buttons">
<div class="filter_button fbl"><a href="<?php
$querystring['ppage'] = BRequest::getInt('ppage') - 1;
echo Router::normalize($uri, $querystring);
?>
">Previous</a></div>
<div class="filter_button fbr"><a href="<?php
$querystring['ppage'] = BRequest::getInt('ppage') + 1;
echo Router::normalize($uri, $querystring);
?>
">Next</a></div>
</div>
</div>
/**
* 認証完了後処理
*
* @return boolean
*/
function isAuthorized()
{
$requestedPrefix = '';
$authPrefix = $this->getAuthPreifx($this->AuthEx->user('name'));
if (!$authPrefix) {
// 1.6.8 以下の場合は authPrefix が取得できないので true を返して終了
return true;
}
if (!empty($this->params['prefix'])) {
$requestedPrefix = $this->params['prefix'];
}
if ($requestedPrefix && $requestedPrefix != $authPrefix) {
// 許可されていないプレフィックスへのアクセスの場合、認証できなかったものとする
$ref = $this->referer();
$loginAction = Router::normalize($this->AuthEx->loginAction);
if ($ref == $loginAction) {
$this->Session->delete('Auth.User');
$this->Session->delete('Message.flash');
$this->AuthEx->authError = $this->AuthEx->loginError;
return false;
} else {
$this->Session->setFlash('指定されたページへのアクセスは許可されていません。');
$this->redirect($ref);
return;
}
}
return true;
}
/**
* create method
*
* Default the form to the current url. add a hidden field for the referer
*
* @param mixed $model
* @param array $options
* @return void
* @access public
*/
public function create($model = null, $options = array())
{
if (!isset($options['url']) && !isset($options['action'])) {
$options['url'] = '/' . ltrim($this->params['url']['url'], '/');
}
if (!empty($options['url'])) {
$getParams = array_diff_key($this->params['url'], array('ext' => true, 'url' => true));
if ($getParams) {
if (is_string($options['url'])) {
$options['url'] .= '?' . http_build_query($getParams);
} else {
$options['url']['?'] = $getParams;
}
}
}
$return = parent::create($model, $options);
if (!empty($options['noReferer'])) {
return $return;
}
if (!empty($this->data['App']['referer'])) {
$referer = $this->data['App']['referer'];
} else {
$referer = $this->Session->read('referer');
if (!$referer) {
$referer = AppController::referer('/', true);
if (Router::normalize($referer) == Router::normalize(array('admin' => false, 'controller' => 'users', 'action' => 'login'))) {
$referer = '/';
}
}
}
$referer = $this->hidden('App.referer', array('default' => $referer));
if (strpos('fieldset', $return)) {
return preg_replace('#</fieldset>#', $referer . '</fieldset>', $return);
}
return $return . '<div style="display:none;">' . $referer . '</div>';
}
/**
* Convenience method to display a 404 page.
*
* @param array $params Parameters for controller
* @access public
*/
function error404($params)
{
extract($params, EXTR_OVERWRITE);
if (!isset($url)) {
$url = $this->controller->here;
}
$url = Router::normalize($url);
header("HTTP/1.0 404 Not Found");
$this->controller->set(array('code' => '404', 'name' => __('Not Found', true), 'message' => h($url), 'base' => $this->controller->base));
$this->_outputMessage('error404');
}
/**
* Test allowed actions (via startup().)
*
* @return void
*/
public function testAllowedActionsSetWithAllowMethod()
{
$url = '/auth_test/action_name';
$this->Controller->request->addParams(Router::parse($url));
$this->Controller->request->query['url'] = Router::normalize($url);
$this->Component->initialize($this->Controller);
$this->Component->allow('action_name', 'anotherAction');
$this->assertEquals(array('action_name', 'anotherAction'), $this->Component->allowedActions);
}
/**
* If no parameter is passed, gets the authentication redirect URL.
*
* @param mixed $url Optional URL to write as the login redirect URL.
* @return string Redirect URL
* @access public
*/
function redirect($url = null)
{
if (!is_null($url)) {
$redir = $url;
$this->Session->write('Auth.redirect', $redir);
} elseif ($this->Session->check('Auth.redirect')) {
$redir = $this->Session->read('Auth.redirect');
$this->Session->delete('Auth.redirect');
if (Router::normalize($redir) == Router::normalize($this->loginAction)) {
$redir = $this->loginRedirect;
}
} else {
$redir = $this->loginRedirect;
}
return Router::normalize($redir);
}
/**
* testLoginRedirect method
*
* @return void
*/
public function testLoginRedirect()
{
$_SERVER['HTTP_REFERER'] = false;
$_ENV['HTTP_REFERER'] = false;
putenv('HTTP_REFERER=');
$this->Auth->Session->write('Auth', array('AuthUser' => array('id' => '1', 'username' => 'nate')));
$this->Auth->request->addParams(Router::parse('users/login'));
$this->Auth->request->url = 'users/login';
$this->Auth->initialize($this->Controller);
$this->Auth->loginRedirect = array('controller' => 'pages', 'action' => 'display', 'welcome');
$this->Auth->startup($this->Controller);
$expected = Router::normalize($this->Auth->loginRedirect);
$this->assertEquals($expected, $this->Auth->redirect());
$this->Auth->Session->delete('Auth');
// empty referer no session
$_SERVER['HTTP_REFERER'] = false;
$_ENV['HTTP_REFERER'] = false;
putenv('HTTP_REFERER=');
$url = '/posts/view/1';
$this->Auth->Session->write('Auth', array('AuthUser' => array('id' => '1', 'username' => 'nate')));
$this->Controller->testUrl = null;
$this->Auth->request->addParams(Router::parse($url));
array_push($this->Controller->methods, 'view', 'edit', 'index');
$this->Auth->initialize($this->Controller);
$this->Auth->authorize = 'controller';
$this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
$this->Auth->startup($this->Controller);
$expected = Router::normalize('/AuthTest/login');
$this->assertEquals($expected, $this->Controller->testUrl);
$this->Auth->Session->delete('Auth');
$_SERVER['HTTP_REFERER'] = $_ENV['HTTP_REFERER'] = Router::url('/admin', true);
$this->Auth->Session->write('Auth', array('AuthUser' => array('id' => '1', 'username' => 'nate')));
$this->Auth->request->params['action'] = 'login';
$this->Auth->request->url = 'auth_test/login';
$this->Auth->initialize($this->Controller);
$this->Auth->loginAction = 'auth_test/login';
$this->Auth->loginRedirect = false;
$this->Auth->startup($this->Controller);
$expected = Router::normalize('/admin');
$this->assertEquals($expected, $this->Auth->redirect());
// Ticket #4750
// Named Parameters
$this->Controller->request = $this->Auth->request;
$this->Auth->Session->delete('Auth');
$url = '/posts/index/year:2008/month:feb';
$this->Auth->request->addParams(Router::parse($url));
$this->Auth->request->url = $this->Auth->request->here = Router::normalize($url);
$this->Auth->initialize($this->Controller);
$this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
$this->Auth->startup($this->Controller);
$expected = Router::normalize('posts/index/year:2008/month:feb');
$this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect'));
// Passed Arguments
$this->Auth->Session->delete('Auth');
$url = '/posts/view/1';
$this->Auth->request->addParams(Router::parse($url));
$this->Auth->request->url = $this->Auth->request->here = Router::normalize($url);
$this->Auth->initialize($this->Controller);
$this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
$this->Auth->startup($this->Controller);
$expected = Router::normalize('posts/view/1');
$this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect'));
// QueryString parameters
$_back = $_GET;
$_GET = array('print' => 'true', 'refer' => 'menu');
$this->Auth->Session->delete('Auth');
$url = '/posts/index/29';
$this->Auth->request->addParams(Router::parse($url));
$this->Auth->request->url = $this->Auth->request->here = Router::normalize($url);
$this->Auth->request->query = $_GET;
$this->Auth->initialize($this->Controller);
$this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
$this->Auth->startup($this->Controller);
$expected = Router::normalize('posts/index/29?print=true&refer=menu');
$this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect'));
$_GET = $_back;
// External Authed Action
$_SERVER['HTTP_REFERER'] = 'http://webmail.example.com/view/message';
$this->Auth->Session->delete('Auth');
$url = '/posts/edit/1';
$request = new CakeRequest($url);
$request->query = array();
$this->Auth->request = $this->Controller->request = $request;
$this->Auth->request->addParams(Router::parse($url));
$this->Auth->request->url = $this->Auth->request->here = Router::normalize($url);
$this->Auth->initialize($this->Controller);
$this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
$this->Auth->startup($this->Controller);
$expected = Router::normalize('/posts/edit/1');
$this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect'));
// External Direct Login Link
$_SERVER['HTTP_REFERER'] = 'http://webmail.example.com/view/message';
$this->Auth->Session->delete('Auth');
$url = '/AuthTest/login';
$this->Auth->request = $this->Controller->request = new CakeRequest($url);
$this->Auth->request->addParams(Router::parse($url));
$this->Auth->request->url = Router::normalize($url);
$this->Auth->initialize($this->Controller);
$this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
$this->Auth->startup($this->Controller);
$expected = Router::normalize('/');
$this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect'));
$this->Auth->Session->delete('Auth');
}
/**
* Startup
*
* @param object Controller instance
* @return void
*/
public function startUp(Controller $Controller)
{
if (in_array($Controller->action, $this->actions)) {
if (empty($Controller->request->data) && $Controller->Session->check($this->sessionPath)) {
if ($this->directPost == true) {
$Controller->request->data = $Controller->Session->read($this->sessionPath);
$Controller->Session->delete($this->sessionPath);
}
} elseif (!empty($Controller->request->data) && !$Controller->Auth->user()) {
$this->preserve($Controller->request->data);
if (empty($this->loginAction) && !empty($Controller->Auth->loginAction)) {
$this->loginAction = $Controller->Auth->loginAction;
if (!empty($this->redirectMessage)) {
$Controller->Session->setFlash($this->redirectMessage);
}
// Code from AuthComponent to store the redirect url so the user get redirected
// to the correct location after a successful login
if (isset($Controller->Auth)) {
$url = '';
if (isset($Controller->params['url']['url'])) {
$url = $Controller->params['url']['url'];
}
$url = Router::normalize($url);
if (!empty($Controller->params['url']) && count($Controller->params['url']) >= 2) {
$query = $Controller->params['url'];
unset($query['url'], $query['ext']);
$url .= Router::queryString($query, array());
}
$this->Session->write('Auth.redirect', $url);
}
$Controller->redirect($this->loginAction);
}
}
}
}
/**
* Test the user login
*
* @return void
*/
public function testUserLogin()
{
$this->Users->request->params['action'] = 'login';
$this->Users->startupProcess();
$this->__setPost(array('User' => $this->usersData['admin']));
$this->Users->request->url = '/users/users/login';
$this->Users->startupProcess();
$this->Users->login();
$result = $this->Users->Session->read('Message.flash.message');
$expected = __d('users', 'adminuser you have successfully logged in');
$this->assertEqual($result, $expected);
$this->assertEqual(Router::normalize($this->Users->redirectUrl), Router::normalize(Router::url($this->Users->Auth->loginRedirect)));
}
/**
* Get the URL a user should be redirected to upon login.
*
* Pass a URL in to set the destination a user should be redirected to upon
* logging in.
*
* If no parameter is passed, gets the authentication redirect URL. The URL
* returned is as per following rules:
*
* - Returns the normalized URL from session Auth.redirect value if it is
* present and for the same domain the current app is running on.
* - If there is no session value and there is a $loginRedirect, the $loginRedirect
* value is returned.
* - If there is no session and no $loginRedirect, / is returned.
*
* @param string|array $url Optional URL to write as the login redirect URL.
* @return string Redirect URL
*/
public function redirectUrl($url = null)
{
if ($url !== null) {
$redir = $url;
$this->Session->write('Auth.redirect', $redir);
} elseif ($this->Session->check('Auth.redirect')) {
$redir = $this->Session->read('Auth.redirect');
$this->Session->delete('Auth.redirect');
if (Router::normalize($redir) === Router::normalize($this->loginAction)) {
$redir = $this->loginRedirect;
}
} elseif ($this->loginRedirect) {
$redir = $this->loginRedirect;
} else {
$redir = '/';
}
if (is_array($redir)) {
return Router::url($redir + array('base' => false));
}
return $redir;
}
/**
* Main execution method. Handles redirecting of invalid users, and processing
* of login form data.
*
* @param object $controller A reference to the instantiating controller object
* @return boolean
* @access public
*/
function startup(&$controller)
{
$methods = array_flip($controller->methods);
$isErrorOrTests = strtolower($controller->name) == 'cakeerror' || strtolower($controller->name) == 'tests' && Configure::read() > 0;
if ($isErrorOrTests) {
return true;
}
$isMissingAction = $controller->scaffold === false && !isset($methods[strtolower($controller->params['action'])]);
if ($isMissingAction) {
return true;
}
if (!$this->__setDefaults()) {
return false;
}
$url = '';
if (isset($controller->params['url']['url'])) {
$url = $controller->params['url']['url'];
}
$url = Router::normalize($url);
$loginAction = Router::normalize($this->loginAction);
$isAllowed = $this->allowedActions == array('*') || in_array($controller->params['action'], $this->allowedActions);
if ($loginAction != $url && $isAllowed) {
return true;
}
//get model registered
$this->ldap = $this->getModel($this->userModel);
# get global settings
$settings = $this->CommonTasks->getGlobalSettings();
if ($loginAction == $url) {
if (empty($controller->data) || !isset($controller->data[$this->userModel])) {
if (!$this->Session->check('Auth.redirect') && env('HTTP_REFERER')) {
$this->Session->write('Auth.redirect', $controller->referer(null, true));
}
return false;
}
$isValid = !empty($controller->data[$this->userModel][$this->fields['username']]) && !empty($controller->data[$this->userModel][$this->fields['password']]);
if ($isValid) {
$username = $controller->data[$this->userModel][$this->fields['username']];
$password = $controller->data[$this->userModel][$this->fields['password']];
if ($settings['auth_method_' . $this->userModel] == "ldap") {
$this->log("Using ldap auth", "debug");
//pr("Using ldap auth...");
if ($this->login($username, $password)) {
if ($this->autoRedirect) {
$controller->redirect($this->redirect(), null, true);
}
return true;
}
} else {
$this->log("Using internal auth", "debug");
//pr("Using internal auth...");
//pr($controller->data);
// hash password
$data = $this->hashPasswords($controller->data);
$username = $data[$this->userModel]['username'];
$password = $data[$this->userModel]['password'];
$data = array($this->userModel . '.' . $this->fields['username'] => $username, $this->userModel . '.' . $this->fields['password'] => $password);
//pr($data);
if (parent::login($data)) {
if ($this->autoRedirect) {
$controller->redirect($this->redirect(), null, true);
}
return true;
}
}
}
$this->Session->setFlash($this->loginError, 'default', array(), 'auth');
$controller->data[$this->userModel][$this->fields['password']] = null;
return false;
} else {
if (!$this->user()) {
if (!$this->RequestHandler->isAjax()) {
$this->Session->setFlash($this->authError, 'default', array(), 'auth');
$this->Session->write('Auth.redirect', $url);
$controller->redirect($loginAction);
return false;
} elseif (!empty($this->ajaxLogin)) {
$controller->viewPath = 'elements';
echo $controller->render($this->ajaxLogin, $this->RequestHandler->ajaxLayout);
$this->_stop();
return false;
} else {
$controller->redirect(null, 403);
}
}
}
if (!$this->authorize) {
return true;
}
extract($this->__authType());
switch ($type) {
case 'controller':
$this->object =& $controller;
break;
case 'crud':
case 'actions':
if (isset($controller->Acl)) {
$this->Acl =& $controller->Acl;
} else {
$err = 'Could not find AclComponent. Please include Acl in ';
$err .= 'Controller::$components.';
trigger_error(__($err, true), E_USER_WARNING);
}
break;
case 'model':
if (!isset($object)) {
$hasModel = isset($controller->{$controller->modelClass}) && is_object($controller->{$controller->modelClass});
$isUses = !empty($controller->uses) && isset($controller->{$controller->uses[0]}) && is_object($controller->{$controller->uses[0]});
if ($hasModel) {
$object = $controller->modelClass;
} elseif ($isUses) {
$object = $controller->uses[0];
}
}
$type = array('model' => $object);
break;
}
if ($this->isAuthorized($type)) {
return true;
}
$this->Session->setFlash($this->authError, 'default', array(), 'auth');
$controller->redirect($controller->referer(), null, true);
return false;
}
/**
* testUrlNormalization method
*
* @access public
* @return void
*/
function testUrlNormalization()
{
$expected = '/users/logout';
$result = Router::normalize('/users/logout/');
$this->assertEqual($result, $expected);
$result = Router::normalize('//users//logout//');
$this->assertEqual($result, $expected);
$result = Router::normalize('users/logout');
$this->assertEqual($result, $expected);
$result = Router::normalize(array('controller' => 'users', 'action' => 'logout'));
$this->assertEqual($result, $expected);
$result = Router::normalize('/');
$this->assertEqual($result, '/');
$result = Router::normalize('http://google.com/');
$this->assertEqual($result, 'http://google.com/');
$result = Router::normalize('http://google.com//');
$this->assertEqual($result, 'http://google.com//');
$result = Router::normalize('/users/login/scope://foo');
$this->assertEqual($result, '/users/login/scope:/foo');
$result = Router::normalize('/recipe/recipes/add');
$this->assertEqual($result, '/recipe/recipes/add');
Router::setRequestInfo(array(array(), array('base' => '/us')));
$result = Router::normalize('/us/users/logout/');
$this->assertEqual($result, '/users/logout');
Router::reload();
Router::setRequestInfo(array(array(), array('base' => '/cake_12')));
$result = Router::normalize('/cake_12/users/logout/');
$this->assertEqual($result, '/users/logout');
Router::reload();
$_back = Configure::read('App.baseUrl');
Configure::write('App.baseUrl', '/');
Router::setRequestInfo(array(array(), array('base' => '/')));
$result = Router::normalize('users/login');
$this->assertEqual($result, '/users/login');
Configure::write('App.baseUrl', $_back);
Router::reload();
Router::setRequestInfo(array(array(), array('base' => 'beer')));
$result = Router::normalize('beer/admin/beers_tags/add');
$this->assertEqual($result, '/admin/beers_tags/add');
$result = Router::normalize('/admin/beers_tags/add');
$this->assertEqual($result, '/admin/beers_tags/add');
}
/**
* setHere method
*
* Used internally to detect whether the current menu item links to the page currently
* being rendered and modify the url if appropriate
*
* @param mixed $section
* @param mixed $url
* @param mixed $activeMode
* @param mixed $hereMode
* @access private
* @return array($here, $markActive, $url)
*/
function __setHere($section, $url, $key, $activeMode, $hereMode, $options)
{
$view =& ClassRegistry::getObject('view');
if (isset($this->settings[$section]['hereKey']) || !$view) {
return array(false, false, $url);
}
$here = $markActive = false;
if (!empty($options['markActive'])) {
$here = true;
} elseif ($activeMode == 'url' && Router::normalize($url) == $this->__here) {
$here = true;
} elseif (is_array($url) && (!isset($url['controller']) || Inflector::underscore($url['controller']) == Inflector::underscore($view->name))) {
if ($activeMode == 'controller') {
$here = true;
} elseif ($activeMode == 'action' && (!isset($url['action']) || $url['action'] == Inflector::underscore($view->action))) {
$here = true;
}
}
if ($here) {
$this->settings[$section]['hereKey'] = $key;
if ($hereMode == 'text') {
$url = false;
} elseif ($hereMode == 'active') {
$markActive = true;
}
}
if ($here && $hereMode == 'active') {
$this->Tree->addItemAttribute('class', 'active');
if (isset($htmlAttributes['class'])) {
$htmlAttributes['class'] .= ' active';
} else {
$htmlAttributes['class'] = 'active';
}
}
return array($here, $markActive, $url);
}
