Beispiel #1
0
 /**
  * Adds a backend routes
  * @param $appInstance
  * @return void
  */
 public static function addRouteDefinitions(Slim $appInstance)
 {
     $appInstance->group('/admin', function () use($appInstance) {
         $appInstance->get('/', function () {
             print '<h1>A Simple Backend</h1>';
         });
         $appInstance->map("/chpass", function () use($appInstance) {
             if (EMA_ADMIN_CHPASS) {
                 AdminPasswordChange_controller::process();
             } else {
                 $appInstance->pass();
             }
         })->via('GET', 'POST');
         $appInstance->map("/update", function () use($appInstance) {
             ClassAndMethodsDispatcher::updateGPMethods();
         })->via('GET', 'POST');
         $appInstance->post("/login", function () use($appInstance) {
             $appInstance->response->headers->set('Cache-Control', 'no-store');
             if (isset($_POST['username']) && is_string($_POST['username']) && (isset($_POST['password']) && is_string($_POST['password']))) {
                 try {
                     try {
                         $user = new UserAuth();
                     } catch (SessionExpired $e) {
                         $user = new UserAuth();
                     }
                     $user->userLogin($_POST['username'], $_POST['password']);
                     if (!$user->isAdmin()) {
                         $user->logout();
                         throw new LoginIncorrect('You are not allowed to login here');
                     }
                     $appInstance->response->headers->set('Content-Type', 'application/json');
                     print json_encode($user->getSessionAuthData());
                 } catch (LoginIncorrect $e) {
                     $appInstance->response->headers->set('Content-Type', 'text/plain');
                     $appInstance->response->setStatus(400);
                     print $e->getMessage();
                 }
             } else {
                 $appInstance->response->headers->set('Content-Type', 'text/plain');
                 $appInstance->response->setStatus(400);
                 print 'Bad request';
             }
         });
         $appInstance->map('/logout', function () use($appInstance) {
             try {
                 $user = new UserAuth();
                 if ($user->isUserLoggedInSimple()) {
                     $user->logout();
                 }
             } catch (SessionExpired $e) {
             }
         })->via('GET', 'POST');
     });
 }
Beispiel #2
0
 public function logout()
 {
     if ($this->isUserLoggedInSimple()) {
         $this->removeUniqueIp($this->sessionAuthData['memberid']);
     }
     return parent::logout();
 }
Beispiel #3
0
 public function __construct()
 {
     try {
         parent::__construct();
     } catch (\Exception $e) {
         // Skipping any errors
     }
 }
Beispiel #4
0
 private static function otherCalls()
 {
     switch ($_POST['action']) {
         case "getXMLModel":
             if (isset($_POST['class']) === true && is_string($_POST['class'])) {
                 self::getXMLModel($_POST['class']);
             }
             return self::APP_XML_TYPE;
             break;
         case 'getAjaxMethods':
             self::getAjaxMethods($_POST['class']);
             return self::APP_JSON_TYPE;
             break;
         case 'getViewModelData':
             if (!is_array($_POST['class'])) {
                 throw new RuntimeException("Invalid Argument");
             }
             self::getViewModels($_POST['class']);
             return self::APP_JSON_TYPE;
             break;
         case 'sessionCheck':
             try {
                 if ($_POST['class'] === 'member') {
                     $user = new MembersAuth();
                 } else {
                     $user = new UserAuth();
                 }
                 $result = false;
                 if ($user->isUserLoggedInSimple()) {
                     $result = $user->getSessionAuthData();
                 }
             } catch (SessionExpired $e) {
                 $result = false;
             }
             print json_encode($result);
             return self::APP_JSON_TYPE;
             break;
         default:
             throw new Exception("Action not defined");
     }
 }
Beispiel #5
0
 public static function rpcCheckAndRun(RpcCall $rpc, Slim $slim)
 {
     $localization = $slim->request->headers->get('Ema-Localization');
     if ($localization) {
         $rpc->setLocalization($localization);
     }
     $user = new UserAuth();
     $isValidCsrfToken = $user->checkCsrfToken($slim->request->headers->get('X-Ema-Csrftoken'));
     if (!$isValidCsrfToken) {
         throw new InputError('CSRF token not valid');
     }
     $result = $rpc->run();
     if (self::$isAddition) {
         self::$additionRouteBase .= $result;
     }
     if (self::$isGettingItem && empty($result)) {
         throw new NotFound('Item not found');
     }
     return $result;
 }
Beispiel #6
0
 /**
  * @param $policyPattern
  * @param bool $isExternalCall
  * @return bool
  */
 protected static function isAccessible($policyPattern, $isExternalCall = false)
 {
     if (empty($policyPattern)) {
         return false;
     }
     $isExternalCall = (bool) $isExternalCall;
     $policy = self::parseGpPolicy($policyPattern);
     if (count($policy) === 0) {
         return false;
     }
     $checkAccessModifier = function ($accessModifier) use($isExternalCall) {
         if ($accessModifier === 'a') {
             return true;
         } else {
             if ($isExternalCall === true && $accessModifier === 'e') {
                 return true;
             } elseif ($isExternalCall === false && $accessModifier === 'i') {
                 return true;
             } else {
                 return false;
             }
         }
     };
     $allowedForAll = false;
     if (array_key_exists('ALL', $policy)) {
         $allowedForAll = $checkAccessModifier($policy['ALL']);
     }
     $user = new UserAuth();
     if ($user->isUserLoggedInSimple()) {
         $gpId = $user->getGroup();
         if ($user->isAdmin()) {
             return true;
         }
         $allowedForUser = false;
         if (array_key_exists($gpId, $policy)) {
             $allowedForUser = $checkAccessModifier($policy[$gpId]);
         }
         return $allowedForUser || $allowedForAll;
     } else {
         return $allowedForAll;
     }
 }