function action()
{
$auth =& owa_auth::get_instance();
$status = $auth->authenticateUser();
$go = $this->getParam('go');
// if authentication is successfull
if ($status['auth_status'] == true) {
if (!empty($go)) {
// redirect to url if present
$url = urldecode($go);
$this->e->debug("redirecting browser to...:" . $url);
owa_lib::redirectBrowser($url);
} else {
//else redirect to home page
// these need to be unset as they were set previously by the doAction method.
// need to refactor this out.
$this->set('auth_status', '');
$this->set('params', '');
$this->set('site_id', '');
$this->setRedirectAction($this->config['start_page']);
}
} else {
// return login form with error msg
$this->setView('base.loginForm');
$this->set('go', $go);
$this->set('error_code', 2002);
$this->set('user_id', $this->getParam('user_id'));
}
}
function action()
{
$s = owa_coreAPI::serviceSingleton();
// lookup method class
$do = $s->getApiMethodClass($this->getParam('do'));
if ($do) {
// check credentials
/* PERFORM AUTHENTICATION */
if (array_key_exists('required_capability', $do)) {
/* CHECK USER FOR CAPABILITIES */
if (!owa_coreAPI::isCurrentUserCapable($do['required_capability'])) {
// doesn't look like the currentuser has the necessary priviledges
owa_coreAPI::debug('User does not have capability required by this controller.');
// auth user
$auth =& owa_auth::get_instance();
$status = $auth->authenticateUser();
// if auth was not successful then return login view.
if ($status['auth_status'] != true) {
return 'This method requires authentication.';
} else {
//check for needed capability again now that they are authenticated
if (!owa_coreAPI::isCurrentUserCapable($do['required_capability'])) {
return 'Your user does not have privileges to access this method.';
}
}
}
}
//perform
$map = owa_coreAPI::getRequest()->getAllOwaParams();
echo owa_coreAPI::executeApiCommand($map);
}
}
function action()
{
$event = $this->getParam('event');
$auth =& owa_auth::get_instance();
$u = owa_coreAPI::entityFactory('base.user');
$u->getByColumn('email_address', $event->get('email_address'));
$u->set('temp_passkey', $auth->generateTempPasskey($u->get('user_id')));
$status = $u->update();
$this->e->debug('status: ' . $status);
if ($status === true) {
$this->setView('base.usersResetPassword');
$this->set('key', $u->get('temp_passkey'));
$this->set('email_address', $u->get('email_address'));
} else {
$this->e->debug("could not update password in db.");
}
return;
}
function action()
{
$auth =& owa_auth::get_instance();
$status = $auth->authenticateUserTempPasskey($this->params['k']);
// log to event queue
if ($status === true) {
$ed = owa_coreAPI::getEventDispatch();
$new_password = array('key' => $this->params['k'], 'password' => $auth->encryptPassword($this->params['password']), 'ip' => $_SERVER['REMOTE_ADDR']);
$ed->log($new_password, 'base.set_password');
$auth->deleteCredentials();
$this->setRedirectAction('base.loginForm');
$this->set('status_code', 3006);
} else {
$this->setRedirectAction('base.loginForm');
$this->set('error_code', 2011);
// can't find key in the db
}
}
function action()
{
$auth = owa_auth::get_instance();
$auth->deleteCredentials();
$this->setRedirectAction('base.loginForm');
}
/**
* @depricated
* @todo remove
*/
function getAuthStatus()
{
if (!class_exists('owa_auth')) {
require_once OWA_BASE_DIR . '/owa_auth.php';
}
$auth =& owa_auth::get_instance();
return $auth->auth_status;
}
/**
* Handles request from caller
*
*/
function doAction()
{
owa_coreAPI::debug('Performing Action: ' . get_class($this));
// check if the schema needs to be updated and force the update
// not sure this should go here...
if ($this->is_admin === true) {
// do not intercept if its the updatesApply action or a re-install else updates will never apply
$do = $this->getParam('do');
if ($do != 'base.updatesApply' && !defined('OWA_INSTALLING') && !defined('OWA_UPDATING')) {
if (owa_coreAPI::isUpdateRequired()) {
$this->e->debug('Updates Required. Redirecting action.');
$data = array();
$data['view_method'] = 'redirect';
$data['action'] = 'base.updates';
return $data;
}
}
}
/* Check validity of nonce */
if ($this->is_nonce_required == true) {
$nonce = $this->getParam('nonce');
if ($nonce) {
$is_nonce_valid = $this->verifyNonce($nonce);
}
if (!$nonce || !$is_nonce_valid) {
$this->e->debug('Nonce is not valid.');
$ret = $this->notAuthenticatedAction();
if (!empty($ret)) {
$this->post();
return $ret;
} else {
$this->post();
return $this->data;
}
}
}
/* CHECK USER FOR CAPABILITIES */
if (!owa_coreAPI::isCurrentUserCapable($this->getRequiredCapability())) {
owa_coreAPI::debug('User does not have capability required by this controller.');
// check to see if the user has already been authenticated
if (owa_coreAPI::isCurrentUserAuthenticated()) {
$this->authenticatedButNotCapableAction();
return $this->data;
}
/* PERFORM AUTHENTICATION */
$auth =& owa_auth::get_instance();
$status = $auth->authenticateUser();
// if auth was not successful then return login view.
if ($status['auth_status'] != true) {
$this->notAuthenticatedAction();
return $this->data;
} else {
//check for needed capability again now that they are authenticated
if (!owa_coreAPI::isCurrentUserCapable($this->getRequiredCapability())) {
$this->authenticatedButNotCapableAction();
//needed?
$this->set('go', urlencode(owa_lib::get_current_url()));
// needed? -- set auth status for downstream views
$this->set('auth_status', true);
return $this->data;
}
}
}
// TODO: These sets need to be removed and added to pre(), action() or post() methods
// in various concrete controller classes as they screw up things when
// redirecting from one controller to another.
// set auth status for downstream views
//$this->set('auth_status', true);
//set request params
$this->set('params', $this->params);
// set site_id
$this->set('site_id', $this->get('site_id'));
// set status msg - NEEDED HERE? doesnt owa_ view handle this?
if (array_key_exists('status_code', $this->params)) {
$this->set('status_code', $this->getParam('status_code'));
}
// get error msg from error code passed on the query string from a redirect.
if (array_key_exists('error_code', $this->params)) {
$this->set('error_code', $this->getParam('error_code'));
}
// check to see if the controller has created a validator
if (!empty($this->v)) {
// if so do the validations required
$this->v->doValidations();
//check for errors
if ($this->v->hasErrors === true) {
//print_r($this->v);
// if errors, do the errorAction instead of the normal action
$this->set('validation_errors', $this->getValidationErrorMsgs());
$ret = $this->errorAction();
if (!empty($ret)) {
$this->post();
return $ret;
} else {
$this->post();
return $this->data;
}
}
}
/* PERFORM PRE ACTION */
// often used by abstract descendant controllers to set various things
$this->pre();
/* PERFORM MAIN ACTION */
// need to check ret for backwards compatability with older
// controllers that donot use $this->data
$ret = $this->action();
if (!empty($ret)) {
$this->post();
return $ret;
} else {
$this->post();
return $this->data;
}
}
/**
* Checks if the current controller requires privileges and authenticates the user and checks for capabilities
* If the user is not allowed the correct error view is also initialized and the calling method should return
* @uses ->getRequiredCapability and ->getCurrentSiteId
* @param string $capability
* @return boolean
*/
protected function checkCapabilityAndAuthenticateUser($capability)
{
if (!empty($capability) && !owa_coreAPI::isEveryoneCapable($capability)) {
/* PERFORM AUTHENTICATION */
$auth = owa_auth::get_instance();
if (!owa_coreAPI::isCurrentUserAuthenticated()) {
$status = $auth->authenticateUser();
if ($status['auth_status'] != true) {
$this->notAuthenticatedAction();
return false;
}
}
$currentUser = owa_coreAPI::getCurrentUser();
if (!$currentUser->isCapable($this->getRequiredCapability(), $this->getCurrentSiteId())) {
owa_coreAPI::debug('User does not have capability required by this controller.');
$this->authenticatedButNotCapableAction();
//needed?
//$this->set('go', urlencode(owa_lib::get_current_url()));
// needed? -- set auth status for downstream views
//$this->set('auth_status', true);
return false;
}
}
return true;
}
