/**
* Log an action carried out by a person to the ActionLog table.
*
* @param string $message
*
* @since 1.1
*/
public function action($message)
{
$config = ConfigProvider::getInstance();
$sessionProvider = $config->get('session.provider.name');
$session = SessionProviderFactory::getInstance($sessionProvider);
if ($session->get('currentUser') != null) {
$action = new ActionLog();
$action->set('client', $this->request->getUserAgent());
$action->set('IP', $this->request->getIP());
$action->set('message', $message);
$action->save();
}
}
/**
* {@inheritdoc}
*/
public function renderDefaultField($name, $label, $mode, $value = '')
{
self::$logger->debug('>>renderDefaultField(name=[' . $name . '], label=[' . $label . '], mode=[' . $mode . '], value=[' . $value . '])');
$config = ConfigProvider::getInstance();
if ($config->get('security.encrypt.http.fieldnames')) {
$fieldname = base64_encode(SecurityUtils::encrypt($name));
} else {
$fieldname = $name;
}
$html = '';
$request = new Request(array('method' => 'GET'));
if ($mode == 'create') {
$html .= '<textarea cols="100" rows="3" name="' . $fieldname . '">' . $request->getParam($name, '') . '</textarea>';
}
if ($mode == 'edit') {
$html .= '<textarea cols="100" rows="3" name="' . $fieldname . '">' . $value . '</textarea>';
}
if ($mode == 'view') {
$html .= '<p><strong>' . $label . ':</strong> ' . $value . '</p>';
}
self::$logger->debug('<<renderDefaultField [' . $html . ']');
return $html;
}
/**
* Method to render the user registration form.
*
* @return string
*
* @since 1.0
*/
public function displayRegisterForm()
{
$config = ConfigProvider::getInstance();
$request = new Request(array('method' => 'GET'));
$html = '<p>In order to access this site, you will need to create a user account. In order to do so, please provide a valid email address below and a password will be sent to your inbox shortly (you can change your password once you log in).</p>';
$html .= '<table cols="2">';
$html .= '<form action="' . $request->getURI() . '?reset=true" method="POST" accept-charset="UTF-8">';
$html .= '<tr>';
if ($config->get('security.encrypt.http.fieldnames')) {
$fieldname = base64_encode(SecurityUtils::encrypt('displayname'));
} else {
$fieldname = 'displayname';
}
$html .= ' <td>Forum name</td> <td><input type="text" name="' . $fieldname . '" size="50" value="' . $request->getParam($fieldname, '') . '"/></td>';
$html .= '</tr>';
$html .= '<tr>';
if ($config->get('security.encrypt.http.fieldnames')) {
$fieldname = base64_encode(SecurityUtils::encrypt('email'));
} else {
$fieldname = 'email';
}
$html .= ' <td>E-mail Address</td> <td><input type="text" name="' . $fieldname . '" size="50" value="' . $request->getParam($fieldname, '') . '"/></td>';
$html .= '</tr>';
$html .= '<tr><td colspan="2">';
$temp = new Button('submit', 'Register', 'registerBut');
$html .= $temp->render();
$html .= ' ';
$temp = new Button("document.location.replace('" . $config->get('app.url') . "')", 'Cancel', 'cancelBut');
$html .= $temp->render();
$html .= '</td></tr>';
$html .= $this->renderSecurityFields();
$html .= '</form>';
$html .= '</table>';
return $html;
}
/**
* Renders the HTML and javascript for the string box.
*
* @param bool $readOnly set to true to make the text box readonly (defaults to false)
*
* @return string
*
* @since 1.0
*/
public function render($readOnly = false)
{
$request = new Request(array('method' => 'GET'));
$html = '<div class="form-group">';
$html .= ' <label for="' . $this->name . '">' . $this->label . '</label>';
$html .= ' <input ' . ($this->stringObject->checkIsPassword() ? 'type="password"' : 'type="text"') . ($this->size == 0 ? ' style="width:100%;"' : ' size="' . $this->size . '"') . ' maxlength="' . String::MAX_SIZE . '" name="' . $this->name . '" id="' . $this->name . '" value="' . ($request->getParam($this->name, false) && $this->stringObject->getValue() == '' && !$this->stringObject->checkIsPassword() ? $request->getParam($this->name) : $this->stringObject->getValue()) . '" class="form-control"' . ($readOnly ? ' disabled="disabled"' : '') . '/>';
if ($this->stringObject->getRule() != '') {
$html .= ' <input type="hidden" id="' . $this->name . '_msg" value="' . $this->stringObject->getHelper() . '"/>';
$html .= ' <input type="hidden" id="' . $this->name . '_rule" value="' . $this->stringObject->getRule() . '"/>';
}
$html .= '</div>';
return $html;
}
/**
* Renders the text boxes and buttons for the widget, that will appear in user forms.
*
* @param bool $expanded Render the related fields in expanded format or not (optional)
* @param bool $buttons Render buttons for expanding/contacting the related fields (optional)
*
* @return string
*
* @since 1.0
*/
public function render($expanded = false, $buttons = true)
{
self::$logger->debug('>>render(expanded=[' . $expanded . '], buttons=[' . $buttons . '])');
$config = ConfigProvider::getInstance();
$sessionProvider = $config->get('session.provider.name');
$session = SessionProviderFactory::getInstance($sessionProvider);
$fieldname = $config->get('security.encrypt.http.fieldnames') ? base64_encode(SecurityUtils::encrypt($this->name)) : $this->name;
$html = '';
// render text-box for many-to-one relations
if ($this->relationObject->getRelationType() == 'MANY-TO-ONE') {
// value to appear in the text-box
$inputBoxValue = $this->relationObject->getRelatedClassDisplayFieldValue();
$html .= '<div class="form-group">';
$html .= '<label for="' . $this->name . '_display">' . $this->label . '</label>';
$html .= '<input type="text" size="70" class="form-control" name="' . $this->name . '_display" id="' . $this->name . '_display" value="' . $inputBoxValue . '" disabled/>';
$js = " if(window.jQuery) {\n window.jQuery.dialog = new BootstrapDialog({\n title: 'Please select',\n message: 'Loading...',\n onshow: function(dialogRef){\n dialogRef.getModalBody().load('" . $config->get('app.url') . "/recordselector/12m/'+document.getElementById('" . $fieldname . "').value+'/" . $this->name . '/' . urlencode($this->relationObject->getRelatedClass()) . '/' . $this->relationObject->getRelatedClassField() . '/' . $this->relationObject->getRelatedClassDisplayField() . "');\n },\n buttons: [\n {\n icon: 'glyphicon glyphicon-remove',\n label: 'Cancel',\n cssClass: 'btn btn-default btn-xs',\n action: function(dialogItself){\n dialogItself.close();\n }\n }\n ]\n });\n window.jQuery.dialog.open();\n }";
$tmp = new Button($js, 'Select', 'relBut', '', 'glyphicon-check');
$html .= '<div class="centered lower">' . $tmp->render() . '</div>';
// hidden field to store the actual value of the relation
$html .= '<input type="hidden" name="' . $fieldname . '" id="' . $fieldname . '" value="' . $this->relationObject->getValue() . '"/>';
if ($this->relationObject->getRule() != '') {
$html .= '<input type="hidden" id="' . $fieldname . '_msg" value="' . $this->relationObject->getHelper() . '"/>';
$html .= '<input type="hidden" id="' . $fieldname . '_rule" value="' . $this->relationObject->getRule() . '"/>';
}
$html .= '</div>';
}
// render read-only list for one-to-many relations
if ($this->relationObject->getRelationType() == 'ONE-TO-MANY') {
$objects = $this->relationObject->getRelatedObjects();
if (count($objects) > 0) {
// render tags differently
if ($this->name == 'tags' && $this->relationObject->getRelatedClass() == 'TagObject') {
$html .= '<p><strong>' . $this->label . ':</strong>';
foreach ($objects as $tag) {
$html .= ' <a href="' . $config->get('app.url') . '/search/' . $tag->get('content') . '">' . $tag->get('content') . '</a>';
}
$html .= '</p>';
} else {
$html .= '<div><strong>' . $this->label . ':</strong>';
if ($buttons) {
$html .= '<div class="spread">';
$tmp = new Button("document.getElementById('relation_field_" . $this->name . "').style.display = '';", 'Show', $this->name . 'DisBut', '', 'glyphicon-list');
$html .= $tmp->render();
$tmp = new Button("document.getElementById('relation_field_" . $this->name . "').style.display = 'none';", 'Hide', $this->name . 'HidBut', '', 'glyphicon-minus');
$html .= $tmp->render();
$html .= '</div>';
}
$html .= '</div>';
$html .= '<div id="relation_field_' . $this->name . '" style="display:' . ($expanded ? '' : 'none') . ';">';
$customViewControllerName = Controller::getCustomControllerName(get_class($objects[0]), 'view');
$customEditControllerName = Controller::getCustomControllerName(get_class($objects[0]), 'edit');
$request = new Request(array('method' => 'GET'));
$URI = $request->getURI();
foreach ($objects as $obj) {
// check to see if we are in the admin back-end
if (mb_strpos($URI, '/tk/') !== false) {
$viewURL = FrontController::generateSecureURL('act=Alpha\\Controller\\ActiveRecordController&ActiveRecordType=' . get_class($obj) . '&ActiveRecordOID=' . $obj->getOID());
$editURL = FrontController::generateSecureURL('act=Alpha\\Controller\\ActiveRecordController&ActiveRecordType=' . get_class($obj) . '&ActiveRecordOID=' . $obj->getOID() . '&view=edit');
} else {
if (isset($customViewControllerName)) {
if ($config->get('app.use.mod.rewrite')) {
$viewURL = $config->get('app.url') . $customViewControllerName . '/oid/' . $obj->getOID();
} else {
$viewURL = $config->get('app.url') . 'controller/' . $customViewControllerName . '.php?oid=' . $obj->getOID();
}
} else {
$viewURL = $config->get('app.url') . 'alpha/controller/Detail.php?bo=' . get_class($obj) . '&oid=' . $obj->getOID();
}
if (isset($customEditControllerName)) {
if ($config->get('app.use.mod.rewrite')) {
$editURL = $config->get('app.url') . $customEditControllerName . '/oid/' . $obj->getOID();
} else {
$editURL = $config->get('app.url') . 'controller/' . $customEditControllerName . '.php?oid=' . $obj->getOID();
}
} else {
$editURL = $config->get('app.url') . 'alpha/controller/Edit.php?bo=' . get_class($obj) . '&oid=' . $obj->getOID();
}
}
/*
* If any display headers were set with setRelatedClassHeaderFields, use them otherwise
* use the OID of the related class as the only header.
*/
$headerFields = $this->relationObject->getRelatedClassHeaderFields();
if (count($headerFields) > 0) {
foreach ($headerFields as $field) {
$label = $obj->getDataLabel($field);
$value = $obj->get($field);
if ($field == 'created_by' || $field == 'updated_by') {
$person = new PersonObject();
$person->load($value);
$value = $person->getDisplayName();
}
$html .= '<em>' . $label . ': </em>' . $value . ' ';
}
// if the related BO has been updated, render the update time
if ($obj->getCreateTS() != $obj->getUpdateTS()) {
try {
$html .= '<em>' . $obj->getDataLabel('updated_ts') . ': </em>' . $obj->get('updated_ts');
} catch (IllegalArguementException $e) {
$html .= '<em>Updated: </em>' . $obj->get('updated_ts');
}
}
} else {
$html .= '<em>' . $obj->getDataLabel('OID') . ': </em>' . $obj->get('OID');
}
// ensures that line returns are rendered
$value = str_replace("\n", '<br>', $obj->get($this->relationObject->getRelatedClassDisplayField()));
$html .= '<p>' . $value . '</p>';
$html .= '<div class="centered">';
$html .= '<a href="' . $viewURL . '">View</a>';
// if the current user owns it, they get the edit link
if ($session->get('currentUser') != null && $session->get('currentUser')->getOID() == $obj->getCreatorId()) {
$html .= ' <a href="' . $editURL . '">Edit</a>';
}
$html .= '</div>';
}
$html .= '</div>';
}
}
}
// render text-box for many-to-many relations
if ($this->relationObject->getRelationType() == 'MANY-TO-MANY') {
// value to appear in the text-box
$inputBoxValue = $this->relationObject->getRelatedClassDisplayFieldValue($this->accessingClassName);
// replace commas with line returns
$inputBoxValue = str_replace(',', "\n", $inputBoxValue);
$html .= '<div class="form-group">';
$html .= '<label for="' . $this->name . '_display">' . $this->label . '</label>';
$html .= '<textarea id="' . $this->name . '_display" class="form-control" rows="5" readonly>';
$html .= $inputBoxValue;
$html .= '</textarea>';
$fieldname1 = $config->get('security.encrypt.http.fieldnames') ? base64_encode(SecurityUtils::encrypt($this->name)) : $this->name;
$fieldname2 = $config->get('security.encrypt.http.fieldnames') ? base64_encode(SecurityUtils::encrypt($this->name . '_OID')) : $this->name . '_OID';
$js = "if(window.jQuery) {\n BootstrapDialog.show({\n title: 'Please select',\n message: 'Loading...',\n onshow: function(dialogRef){\n dialogRef.getModalBody().load('" . $config->get('app.url') . "/recordselector/m2m/'+document.getElementById('" . $fieldname2 . "').value+'/" . $this->name . '/' . urlencode($this->relationObject->getRelatedClass('left')) . '/' . $this->relationObject->getRelatedClassDisplayField('left') . '/' . urlencode($this->relationObject->getRelatedClass('right')) . '/' . $this->relationObject->getRelatedClassDisplayField('right') . '/' . urlencode($this->accessingClassName) . "/'+document.getElementById('" . $fieldname1 . "').value);\n },\n buttons: [\n {\n icon: 'glyphicon glyphicon-remove',\n label: 'Cancel',\n cssClass: 'btn btn-default btn-xs',\n action: function(dialogItself){\n dialogItself.close();\n }\n },\n {\n icon: 'glyphicon glyphicon-ok',\n label: 'Okay',\n cssClass: 'btn btn-default btn-xs',\n action: function(dialogItself) {\n setParentFieldValues();\n \$('[id=\\'" . $this->name . "_display\\']').blur();\n dialogItself.close();\n }\n }\n ]\n });\n }";
$tmp = new Button($js, 'Select', 'relBut', '', 'glyphicon-check');
$html .= '<div class="centered lower">' . $tmp->render() . '</div>';
$html .= '</div>';
// hidden field to store the OID of the current BO
$html .= '<input type="hidden" name="' . $fieldname2 . '" id="' . $fieldname2 . '" value="' . $this->relationObject->getValue() . '"/>';
// hidden field to store the OIDs of the related BOs on the other side of the rel (this is what we check for when saving)
if ($this->relationObject->getSide($this->accessingClassName) == 'left') {
$lookupOIDs = $this->relationObject->getLookup()->loadAllFieldValuesByAttribute('leftID', $this->relationObject->getValue(), 'rightID', 'DESC');
} else {
$lookupOIDs = $this->relationObject->getLookup()->loadAllFieldValuesByAttribute('rightID', $this->relationObject->getValue(), 'leftID', 'DESC');
}
$html .= '<input type="hidden" name="' . $fieldname1 . '" id="' . $fieldname1 . '" value="' . implode(',', $lookupOIDs) . '"/>';
}
self::$logger->debug('<<__render [html]');
return $html;
}
/**
* Generates the two security fields to prevent remote form processing.
*
* @return array An array containing the two fields
*
* @since 1.0
*/
public static function generateSecurityFields()
{
if (self::$logger == null) {
self::$logger = new Logger('Controller');
}
self::$logger->debug('>>generateSecurityFields()');
$request = new Request(array('method' => 'GET'));
$host = $request->getHost();
$ip = $request->getIP();
// the server hostname + today's date
$var1 = rtrim(strtr(base64_encode(SecurityUtils::encrypt($host . date('Ymd'))), '+/', '-_'), '=');
// the server's IP plus $var1
$var2 = rtrim(strtr(base64_encode(SecurityUtils::encrypt($ip . $var1)), '+/', '-_'), '=');
self::$logger->debug('<<generateSecurityFields [array(' . $var1 . ', ' . $var2 . ')]');
return array($var1, $var2);
}
/**
* Use this callback to inject in the admin menu template fragment.
*
* @return string
*
* @since 1.2
*/
public function after_displayPageHead_callback()
{
$accept = $this->request->getAccept();
if ($accept != 'application/json' && $this->checkIfAccessingFromSecureURL()) {
$viewState = ViewState::getInstance();
if ($viewState->get('renderAdminMenu') === true) {
$config = ConfigProvider::getInstance();
$sessionProvider = $config->get('session.provider.name');
$session = SessionProviderFactory::getInstance($sessionProvider);
if ($session->get('currentUser') !== false) {
$passwordResetRequired = SecurityUtils::checkAdminPasswordIsDefault($session->get('currentUser')->get('password'));
$menu = View::loadTemplateFragment('html', 'adminmenu.phtml', array('passwordResetRequired' => $passwordResetRequired));
} else {
$menu = '';
}
return $menu;
}
} else {
return '';
}
}
/**
* Testing that we can override the HTTP method via X-HTTP-Method-Override or _METHOD.
*/
public function testHTTPMethodOverride()
{
$_POST['_METHOD'] = 'HEAD';
$request = new Request();
$this->assertEquals('HEAD', $request->getMethod(), 'Testing that we can override the HTTP method via _METHOD');
$_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'] = 'HEAD';
$request = new Request();
$this->assertEquals('HEAD', $request->getMethod(), 'Testing that we can override the HTTP method via X-HTTP-Method-Override');
}
