/**
* Handle GET requests.
*
* @param Alpha\Util\Http\Request $request
*
* @return Alpha\Util\Http\Response
*
* @since 1.0
*/
public function doGET($request)
{
self::$logger->debug('>>doGET(request=[' . var_export($request, true) . '])');
$config = ConfigProvider::getInstance();
if ($config->get('app.check.installed') && !ActiveRecord::isInstalled()) {
$response = new Response(301);
$response->redirect($config->get('app.url') . '/install');
self::$logger->warn('App not installed so re-directing to the install controller');
self::$logger->debug('<<doGET');
return $response;
}
$params = $request->getParams();
$body = View::loadTemplateFragment('html', 'head.phtml', array('title' => $config->get('app.title'), 'description' => 'Welcome to our site', 'allowCSSOverrides' => true));
$body .= View::loadTemplateFragment('html', 'index.phtml');
$body .= View::loadTemplateFragment('html', 'footer.phtml');
self::$logger->debug('<<doGET');
return new Response(200, $body, array('Content-Type' => 'text/html'));
}
/**
* {@inheritdoc}
*/
public static function displayPageHead($controller)
{
if (self::$logger == null) {
self::$logger = new Logger('RendererProviderHTML');
}
self::$logger->debug('>>displayPageHead(controller=[' . var_export($controller, true) . '])');
$config = ConfigProvider::getInstance();
$sessionProvider = $config->get('session.provider.name');
$session = SessionProviderFactory::getInstance($sessionProvider);
if (!class_exists(get_class($controller))) {
throw new IllegalArguementException('The controller provided [' . get_class($controller) . '] is not defined anywhere!');
}
$allowCSSOverrides = true;
$request = new Request(array('method' => 'GET'));
if ($session->get('currentUser') != null && ActiveRecord::isInstalled() && $session->get('currentUser')->inGroup('Admin') && mb_strpos($request->getURI(), '/tk/') !== false) {
$allowCSSOverrides = false;
}
$html = View::loadTemplateFragment('html', 'head.phtml', array('title' => $controller->getTitle(), 'description' => $controller->getDescription(), 'allowCSSOverrides' => $allowCSSOverrides));
if (method_exists($controller, 'during_displayPageHead_callback')) {
$html .= $controller->during_displayPageHead_callback();
}
$html .= '</head>';
try {
if ($controller->getRecord() != null) {
$html .= '<body' . ($controller->getRecord()->get('bodyOnload') != '' ? ' onload="' . $controller->getRecord()->get('bodyOnload') . '"' : '') . '>';
} else {
$html .= '<body>';
}
} catch (AlphaException $e) {
$html .= '<body>';
}
$html .= '<div class="container">';
if (method_exists($controller, 'insert_CMSDisplayStandardHeader_callback')) {
$html .= $controller->insert_CMSDisplayStandardHeader_callback();
}
self::$logger->debug('<<displayPageHead [HTML]');
return $html;
}
/**
* The constructor.
*
* @throws Alpha\Exception\FailedLookupCreateException
* @throws Alpha\Exception\IllegalArguementException
*
* @since 1.0
*/
public function __construct($leftClassName, $rightClassName)
{
self::$logger = new Logger('RelationLookup');
self::$logger->debug('>>__construct(leftClassName=[' . $leftClassName . '], rightClassName=[' . $rightClassName . '])');
// ensure to call the parent constructor
parent::__construct();
if (empty($leftClassName) || empty($rightClassName)) {
throw new IllegalArguementException('Cannot create RelationLookup object without providing the left and right class names!');
}
$this->leftClassName = $leftClassName;
$this->rightClassName = $rightClassName;
$this->leftID = new Integer();
$this->rightID = new Integer();
$this->markTransient('leftClassName');
$this->markTransient('rightClassName');
$this->markTransient('helper');
$this->markTransient('TABLE_NAME');
// add a unique composite key to these fields
$this->markUnique('leftID', 'rightID');
// make sure the lookup table exists
if (!$this->checkTableExists() && ActiveRecord::isInstalled()) {
// first make sure that the two BO tables exist before relating them with a lookup table
if (ActiveRecord::checkBOTableExists($leftClassName) && ActiveRecord::checkBOTableExists($rightClassName)) {
$this->makeTable();
} else {
throw new FailedLookupCreateException('Error trying to create a lookup table [' . $this->getTableName() . '], as tables for BOs [' . $leftClassName . '] or [' . $rightClassName . '] don\'t exist!');
}
}
self::$logger->debug('<<__construct');
}
/**
* Custom version of the check rights method that only checks for a session for the config admin username/password,
* when the system database is not set-up.
*
* @return bool
*
* @since 1.0
*/
public function checkRights()
{
self::$logger->debug('>>checkRights()');
$config = ConfigProvider::getInstance();
$sessionProvider = $config->get('session.provider.name');
$session = SessionProviderFactory::getInstance($sessionProvider);
if ($this->getVisibility() == 'Public') {
self::$logger->debug('<<checkRights [true]');
return true;
}
if (ActiveRecord::isInstalled()) {
self::$logger->debug('<<checkRights [false]');
return false;
}
// the person is logged in?
if ($session->get('currentUser') !== false) {
if ($session->get('currentUser')->get('email') == $config->get('app.install.username')) {
self::$logger->debug('<<checkRights [true]');
return true;
}
}
}
/**
* Handle POST requests (adds $currentUser Person to the session).
*
* @param Alpha\Util\Http\Request $request
*
* @return Alpha\Util\Http\Response
*
* @throws Alpha\Exception\IllegalArguementException
*
* @since 1.0
*/
public function doPOST($request)
{
self::$logger->debug('>>doPOST($request=[' . var_export($request, true) . '])');
$params = $request->getParams();
if (!is_array($params)) {
throw new IllegalArguementException('Bad $params [' . var_export($params, true) . '] passed to doPOST method!');
}
$config = ConfigProvider::getInstance();
$body = '';
try {
// check the hidden security fields before accepting the form POST data
if (!$this->checkSecurityFields()) {
throw new SecurityException('This page cannot accept post data from remote servers!');
}
if (isset($params['loginBut'])) {
// if the database has not been set up yet, accept a login from the config admin username/password
if (!ActiveRecord::isInstalled()) {
if ($params['email'] == $config->get('app.install.username') && password_verify($params['password'], password_hash($config->get('app.install.password'), PASSWORD_DEFAULT, ['cost' => 12]))) {
self::$logger->info('Logging in [' . $params['email'] . '] at [' . date('Y-m-d H:i:s') . ']');
$admin = new Person();
$admin->set('displayName', 'Admin');
$admin->set('email', $params['email']);
$admin->set('password', password_hash($params['password'], PASSWORD_DEFAULT, ['cost' => 12]));
$admin->set('OID', '00000000001');
$sessionProvider = $config->get('session.provider.name');
$session = SessionProviderFactory::getInstance($sessionProvider);
$session->set('currentUser', $admin);
$response = new Response(301);
if ($this->getNextJob() != '') {
$response->redirect(FrontController::generateSecureURL('act=' . $this->getNextJob()));
$this->clearUnitOfWorkAttributes();
} else {
$response->redirect(FrontController::generateSecureURL('act=InstallController'));
}
return $response;
} else {
throw new ValidationException('Failed to login user ' . $params['email'] . ', the password is incorrect!');
}
} else {
// here we are attempting to load the person from the email address
$this->personObject->loadByAttribute('email', $params['email'], true);
ActiveRecord::disconnect();
// checking to see if the account has been disabled
if (!$this->personObject->isTransient() && $this->personObject->get('state') == 'Disabled') {
throw new SecurityException('Failed to login user ' . $params['email'] . ', that account has been disabled!');
}
// check the password
return $this->doLoginAndRedirect($params['password']);
}
$body .= View::displayPageHead($this);
$body .= $this->personView->displayLoginForm();
}
if (isset($params['resetBut'])) {
// here we are attempting to load the person from the email address
$this->personObject->loadByAttribute('email', $params['email']);
ActiveRecord::disconnect();
// generate a new random password
$newPassword = $this->personObject->generatePassword();
// now encrypt and save the new password, then e-mail the user
$this->personObject->set('password', password_hash($newPassword, PASSWORD_DEFAULT, ['cost' => 12]));
$this->personObject->save();
$message = 'The password for your account has been reset to ' . $newPassword . ' as you requested. You can now login to the site using your ' . 'e-mail address and this new password as before.';
$subject = 'Password change request';
$this->personObject->sendMail($message, $subject);
$body .= View::displayUpdateMessage('The password for the user <strong>' . $params['email'] . '</strong> has been reset, and the new password ' . 'has been sent to that e-mail address.');
$body .= '<a href="' . $config->get('app.url') . '">Home Page</a>';
}
} catch (ValidationException $e) {
$body .= View::displayPageHead($this);
$body .= View::displayErrorMessage($e->getMessage());
if (isset($params['reset'])) {
$body .= $this->personView->displayResetForm();
} else {
$body .= $this->personView->displayLoginForm();
}
self::$logger->warn($e->getMessage());
} catch (SecurityException $e) {
$body .= View::displayPageHead($this);
$body .= View::displayErrorMessage($e->getMessage());
self::$logger->warn($e->getMessage());
} catch (RecordNotFoundException $e) {
$body .= View::displayPageHead($this);
$body .= View::displayErrorMessage('Failed to find the user \'' . $params['email'] . '\'');
if (isset($params['reset'])) {
$body .= $this->personView->displayResetForm();
} else {
$body .= $this->personView->displayLoginForm();
}
self::$logger->warn($e->getMessage());
}
$body .= View::displayPageFoot($this);
self::$logger->debug('<<doPOST');
return new Response(200, $body, array('Content-Type' => 'text/html'));
}
