/**
* Method to return an access error for trespassing users. HTTP response header code will be 403.
*
* @return Alpha\Util\Http\Response
*
* @since 1.0
*/
public function accessError()
{
self::$logger->debug('>>accessError()');
if (method_exists($this, 'before_accessError_callback')) {
$this->before_accessError_callback();
}
$config = ConfigProvider::getInstance();
$sessionProvider = $config->get('session.provider.name');
$session = SessionProviderFactory::getInstance($sessionProvider);
if ($session->get('currentUser') !== false) {
self::$logger->warn('The user [' . $session->get('currentUser')->get('email') . '] attempted to access the resource [' . $this->request->getURI() . '] but was denied due to insufficient rights');
} else {
self::$logger->warn('An unknown user attempted to access the resource [' . $this->request->getURI() . '] but was denied due to insufficient rights');
}
$response = new Response(403);
$response->setBody(View::renderErrorPage(403, 'You do not have the correct access rights to view this page. If you have not logged in yet, try going back to the home page and logging in from there.'));
if (method_exists($this, 'after_accessError_callback')) {
$this->after_accessError_callback();
}
self::$logger->debug('<<accessError');
return $response;
}
use Alpha\Util\Http\Filter\ClientTempBlacklistFilter;
use Alpha\Util\Http\Request;
use Alpha\Util\Http\Response;
use Alpha\Exception\ResourceNotFoundException;
use Alpha\Exception\ResourceNotAllowedException;
use Alpha\View\View;
try {
$config = ConfigProvider::getInstance();
set_exception_handler('Alpha\\Util\\ErrorHandlers::catchException');
set_error_handler('Alpha\\Util\\ErrorHandlers::catchError', $config->get('php.error.log.level'));
$front = new FrontController();
if ($config->get('security.client.blacklist.filter.enabled')) {
$front->registerFilter(new ClientBlacklistFilter());
}
if ($config->get('security.ip.blacklist.filter.enabled')) {
$front->registerFilter(new IPBlacklistFilter());
}
if ($config->get('security.client.temp.blacklist.filter.enabled')) {
$front->registerFilter(new ClientTempBlacklistFilter());
}
$request = new Request();
$response = $front->process($request);
} catch (ResourceNotFoundException $rnfe) {
$response = new Response(404, View::renderErrorPage(404, $rnfe->getMessage(), array('Content-Type' => 'text/html')));
} catch (ResourceNotAllowedException $rnae) {
$response = new Response(403, View::renderErrorPage(403, $rnae->getMessage(), array('Content-Type' => 'text/html')));
}
if ($config->get('security.http.header.x.frame.options') != '' && $response->getHeader('X-Frame-Options') == null) {
$response->setHeader('X-Frame-Options', $config->get('security.http.header.x.frame.options'));
}
echo $response->send();
/**
* Handle GET requests.
*
* @param Alpha\Util\Http\Request
*
* @return Alpha\Util\Http\Response
*
* @throws Alpha\Exception\ResourceNotFoundException
*
* @since 1.0
*/
public function doGET($request)
{
self::$logger->debug('>>doGET($request=[' . var_export($request, true) . '])');
$config = ConfigProvider::getInstance();
$params = $request->getParams();
$body = '';
// handle requests for PDFs
if (isset($params['title']) && (isset($params['pdf']) || $request->getHeader('Accept') == 'application/pdf')) {
try {
$title = str_replace($config->get('cms.url.title.separator'), ' ', $params['title']);
if (isset($params['ActiveRecordType']) && class_exists($params['ActiveRecordType'])) {
$record = new $params['ActiveRecordType']();
} else {
$record = new Article();
}
$record->loadByAttribute('title', $title);
$this->record = $record;
ActiveRecord::disconnect();
$pdf = new TCPDFFacade($record);
$pdfData = $pdf->getPDFData();
$pdfDownloadName = str_replace(' ', '-', $record->get('title') . '.pdf');
$headers = array('Pragma' => 'public', 'Expires' => 0, 'Cache-Control' => 'must-revalidate, post-check=0, pre-check=0', 'Content-Transfer-Encoding' => 'binary', 'Content-Type' => 'application/pdf', 'Content-Length' => strlen($pdfData), 'Content-Disposition' => 'attachment; filename="' . $pdfDownloadName . '";');
return new Response(200, $pdfData, $headers);
} catch (IllegalArguementException $e) {
self::$logger->error($e->getMessage());
throw new ResourceNotFoundException($e->getMessage());
} catch (RecordNotFoundException $e) {
self::$logger->error($e->getMessage());
throw new ResourceNotFoundException($e->getMessage());
}
}
// view edit article requests
if (isset($params['view']) && $params['view'] == 'edit' && (isset($params['title']) || isset($params['ActiveRecordOID']))) {
if (isset($params['ActiveRecordType']) && class_exists($params['ActiveRecordType'])) {
$record = new $params['ActiveRecordType']();
} else {
$record = new Article();
}
try {
if (isset($params['title'])) {
$title = str_replace($config->get('cms.url.title.separator'), ' ', $params['title']);
$record->loadByAttribute('title', $title);
} else {
$record->load($params['ActiveRecordOID']);
}
} catch (RecordNotFoundException $e) {
self::$logger->warn($e->getMessage());
$body .= View::renderErrorPage(404, 'Failed to find the requested article!');
return new Response(404, $body, array('Content-Type' => 'text/html'));
}
ActiveRecord::disconnect();
$this->record = $record;
$view = View::getInstance($record);
// set up the title and meta details
$this->setTitle($record->get('title') . ' (editing)');
$this->setDescription('Page to edit ' . $record->get('title') . '.');
$this->setKeywords('edit,article');
$body .= View::displayPageHead($this);
$message = $this->getStatusMessage();
if (!empty($message)) {
$body .= $message;
}
$body .= $view->editView(array('URI' => $request->getURI()));
$body .= View::renderDeleteForm($request->getURI());
$body .= View::displayPageFoot($this);
self::$logger->debug('<<doGET');
return new Response(200, $body, array('Content-Type' => 'text/html'));
}
// handle requests for viewing articles
if (isset($params['title']) || isset($params['ActiveRecordOID'])) {
$KDP = new KPI('viewarticle');
if (isset($params['ActiveRecordType']) && class_exists($params['ActiveRecordType'])) {
$record = new $params['ActiveRecordType']();
} else {
$record = new Article();
}
try {
if (isset($params['title'])) {
$title = str_replace($config->get('cms.url.title.separator'), ' ', $params['title']);
$record->loadByAttribute('title', $title, false, array('OID', 'version_num', 'created_ts', 'updated_ts', 'title', 'author', 'published', 'content', 'headerContent'));
} else {
$record->load($params['ActiveRecordOID']);
}
if (!$record->get('published')) {
throw new RecordNotFoundException('Attempted to load an article which is not published yet');
}
$record->set('tags', $record->getOID());
} catch (IllegalArguementException $e) {
self::$logger->warn($e->getMessage());
throw new ResourceNotFoundException('The file that you have requested cannot be found!');
} catch (RecordNotFoundException $e) {
self::$logger->warn($e->getMessage());
throw new ResourceNotFoundException('The article that you have requested cannot be found!');
}
$this->record = $record;
$this->setTitle($record->get('title'));
$this->setDescription($record->get('description'));
$BOView = View::getInstance($record);
$body .= View::displayPageHead($this);
$message = $this->getStatusMessage();
if (!empty($message)) {
$body .= $message;
}
$body .= $BOView->markdownView();
$body .= View::displayPageFoot($this);
$KDP->log();
return new Response(200, $body, array('Content-Type' => 'text/html'));
}
// handle requests to view an article stored in a file
if (isset($params['file'])) {
try {
$record = new Article();
// just checking to see if the file path is absolute or not
if (mb_substr($params['file'], 0, 1) == '/') {
$record->loadContentFromFile($params['file']);
} else {
$record->loadContentFromFile($config->get('app.root') . 'docs/' . $params['file']);
}
} catch (IllegalArguementException $e) {
self::$logger->error($e->getMessage());
throw new ResourceNotFoundException($e->getMessage());
} catch (FileNotFoundException $e) {
self::$logger->warn($e->getMessage() . ' File path is [' . $params['file'] . ']');
throw new ResourceNotFoundException('Failed to load the requested article from the file system!');
}
$this->record = $record;
$this->setTitle($record->get('title'));
$BOView = View::getInstance($record);
$body .= View::displayPageHead($this, false);
$body .= $BOView->markdownView();
$body .= View::displayPageFoot($this);
return new Response(200, $body, array('Content-Type' => 'text/html'));
}
// handle requests to view a list of articles
if (isset($params['start'])) {
return parent::doGET($request);
}
// create a new article requests
$record = new Article();
$view = View::getInstance($record);
// set up the title and meta details
$this->setTitle('Creating article');
$this->setDescription('Page to create a new article.');
$this->setKeywords('create,article');
$body .= View::displayPageHead($this);
$message = $this->getStatusMessage();
if (!empty($message)) {
$body .= $message;
}
$fields = array('formAction' => $this->request->getURI());
$body .= $view->createView($fields);
$body .= View::displayPageFoot($this);
self::$logger->debug('<<doGET');
return new Response(200, $body, array('Content-Type' => 'text/html'));
}
