/**
* Update a user's session activity.
*
* @param mixed $controllerResponse The response from the controller. Generally, a XenForo_ControllerResponse_Abstract object.
* @param string $controllerName
* @param string $action
*/
public function updateSessionActivity($controllerResponse, $controllerName, $action)
{
if (!XenForo_Application::isRegistered('session')) {
return;
}
if ($controllerResponse instanceof XenForo_ControllerResponse_Abstract) {
switch (get_class($controllerResponse)) {
case 'XenForo_ControllerResponse_Redirect':
case 'XenForo_ControllerResponse_Reroute':
return;
// don't update anything, assume the next page will do it
// don't update anything, assume the next page will do it
case 'XenForo_ControllerResponse_Message':
case 'XenForo_ControllerResponse_View':
$newState = 'valid';
break;
default:
$newState = 'error';
}
} else {
$newState = 'error';
}
if ($this->canUpdateSessionActivity($controllerName, $action, $newState)) {
$this->getModelFromCache('XenForo_Model_User')->updateSessionActivity(XenForo_Visitor::getUserId(), $this->_request->getClientIp(false), $controllerName, $action, $newState, $this->_request->getUserParams());
}
}
/**
* Redirect to startup page after logging in if request contains any params (except security key)
*
* @param Mage_Admin_Model_User $user
* @param Zend_Controller_Request_Http $request
* @param string|null $alternativeUrl
* @return null|string
*/
public function getRedirectUrl(Mage_Admin_Model_User $user, Zend_Controller_Request_Http $request = null, $alternativeUrl = null)
{
if (empty($request)) {
return;
}
$countRequiredParams = $this->_urlModel->useSecretKey() && $request->getParam(Mage_Adminhtml_Model_Url::SECRET_KEY_PARAM_NAME) ? 1 : 0;
$countGetParams = count($request->getUserParams()) + count($request->getQuery());
return $countGetParams > $countRequiredParams ? $this->_urlModel->getUrl($user->getStartupPageUrl()) : $alternativeUrl;
}
/**
* Update a user's session activity.
*
* @param mixed $controllerResponse The response from the controller. Generally, a XenForo_ControllerResponse_Abstract object.
* @param string $controllerName
* @param string $action
*/
public function updateSessionActivity($controllerResponse, $controllerName, $action)
{
if (!XenForo_Application::isRegistered('session')) {
return;
}
if ($this->_request->getServer('HTTP_X_MOZ') == 'prefetch') {
return;
}
if ($controllerResponse instanceof XenForo_ControllerResponse_Abstract) {
switch (get_class($controllerResponse)) {
case 'XenForo_ControllerResponse_Redirect':
case 'XenForo_ControllerResponse_Reroute':
case 'XenForo_ControllerResponse_ReroutePath':
return;
// don't update anything, assume the next page will do it
// don't update anything, assume the next page will do it
case 'XenForo_ControllerResponse_Message':
case 'XenForo_ControllerResponse_View':
$newState = 'valid';
break;
default:
$newState = 'error';
}
if ($controllerResponse->responseCode && $controllerResponse->responseCode >= 400) {
$newState = 'error';
}
} else {
$newState = 'error';
}
$session = XenForo_Application::getSession();
if ($this->canUpdateSessionActivity($controllerName, $action, $newState)) {
/** @var $userModel XenForo_Model_User */
$userModel = $this->getModelFromCache('XenForo_Model_User');
$userModel->updateSessionActivity(XenForo_Visitor::getUserId(), $this->_request->getClientIp(false), $controllerName, $action, $newState, $this->_request->getUserParams(), null, $session->isRegistered('robotId') ? $session->get('robotId') : '');
}
}
/**
* Called before an action is dispatched by Zend_Controller_Dispatcher.
*
* This callback allows for proxy or filter behavior. The
* $action must be returned for the Zend_Controller_Dispatcher_Token to be dispatched.
* To abort the dispatch, return FALSE.
*
* @param Zend_Controller_Request_Http $action
* @return Zend_Controller_Request_Http
*/
public function preDispatch($action)
{
/*@var $action Zend_Controller_Request_Http */
$controllerName = strtolower($action->getControllerName());
$actionName = strtolower($action->getActionName());
$moduleName = strtolower($action->getModuleName());
// Check for authorization.
$app = NovemberApplication::getInstance();
$currentUser = $app->getUser();
if ($currentUser->getRole() == User::ROLE_LOCKED) {
$action->setControllerName(ifset($this->config, 'login_controller', 'user'));
$action->setActionName(ifset($this->config, 'login_action', 'login'));
return $action;
}
// Get the restrictions for the current request (if any)
$conf = ifset($this->config, $moduleName);
$roles = '';
if (is_string($conf)) {
$roles = $conf;
} else {
if (is_array($conf)) {
// check for a default
$roles = ifset($conf, 'default_roles', '');
// If there's something in the controllername entry...
$controllerConf = ifset($conf, $controllerName, $roles);
if (is_array($controllerConf)) {
$roles = ifset($controllerConf, $actionName, $roles);
} else {
$roles = $controllerConf;
}
}
}
// Are there required roles to authenticate?
$loginRequired = false;
za()->log(__CLASS__ . ':' . __LINE__ . " - Authorizing " . $currentUser->getUsername() . " for roles {$roles}");
if ($roles != '') {
$loginRequired = true;
$roles = explode(',', $roles);
// If the user has any of the roles, let them in
foreach ($roles as $role) {
if ($currentUser->hasRole($role)) {
return $action;
}
}
}
// If we've got this far, then we should ask the DB if the current user has
// access to the current module and controller
// We're expecting user_access =>
// user_role
// OR array (controller => user_role)
$userAccess = ifset($conf, 'user_access');
if ($userAccess != null) {
$loginRequired = true;
// if it's a string, just get the access for the module
$accessService = za()->getService('AccessService');
// See if they have access to this module
$access = $accessService->getAccessList($currentUser->getUsername(), $moduleName);
if (count($access)) {
// okay, they have access, so we're all cool
return $action;
}
}
if ($loginRequired) {
$url = build_url($controllerName, $actionName, $action->getUserParams(), false, $moduleName);
$_SESSION[NovemberController::RETURN_URL] = $url;
// $action->setModuleName(ifset($this->config, 'login_module', 'default'));
$action->setControllerName($this->config['login_controller']);
$action->setActionName($this->config['login_action']);
}
return $action;
}
