/**
* Given the request, returns what user is performing the request by
* looking at the auth_token
*
* @param Request $r
* @throws InvalidDatabaseOperationException
* @throws UnauthorizedException
*/
protected static function authenticateRequest(Request $r)
{
$session = SessionController::apiCurrentSession($r);
if (!$session['valid'] || $session['user'] == null) {
throw new UnauthorizedException();
}
$r['current_user'] = $session['user'];
$r['current_user_id'] = $session['user']->user_id;
}
<?php
require_once '../server/bootstrap.php';
UITools::redirectToLoginIfNotLoggedIn();
UITools::setProfile($smarty);
$ses = SessionController::apiCurrentSession();
if (isset($ses['needs_basic_info']) && $ses['needs_basic_info']) {
$smarty->display('../templates/user.basicedit.tpl');
} else {
$smarty->display('../templates/user.edit.tpl');
}
/**
* Parses the URI from $_SERVER and determines which controller and
* function to call.
*
* @return Request
* @throws NotFoundException
*/
private static function parseUrl()
{
$apiAsUrl = $_SERVER['REQUEST_URI'];
// Spliting only by '/' results in URIs with parameters like this:
// /api/problem/list/?page=1
// ^^
// Adding '?' as a separator results in URIs like this:
// /api/problem/list?page=1
// ^
$args = preg_split('/[\\/?]/', $apiAsUrl);
if ($args === false || count($args) < 2) {
self::$log->error('Api called with URI with less args than expected: ' . count($args));
throw new NotFoundException('apiNotFound');
}
$controllerName = ucfirst($args[2]);
// Removing NULL bytes
$controllerName = str_replace(chr(0), '', $controllerName);
$methodName = str_replace(chr(0), '', $args[3]);
$controllerName = $controllerName . 'Controller';
if (!class_exists($controllerName)) {
self::$log->error('Controller name was not found: ' . $controllerName);
throw new NotFoundException('apiNotFound');
}
// Create request
$request = new Request($_REQUEST);
// Prepend api
$methodName = 'api' . $methodName;
// Check the method
if (!method_exists($controllerName, $methodName)) {
self::$log->error('Method name was not found: ' . $controllerName . '::' . $methodName);
throw new NotFoundException('apiNotFound');
}
// Get the auth_token and user data from cookies
$cs = SessionController::apiCurrentSession();
// If we got an auth_token from cookies, replace it
if (!is_null($cs['auth_token'])) {
$request['auth_token'] = $cs['auth_token'];
}
for ($i = 4; $i + 1 < sizeof($args); $i += 2) {
$request[$args[$i]] = urldecode($args[$i + 1]);
}
$request->method = $controllerName . '::' . $methodName;
return $request;
}
<?php
require_once '../../server/bootstrap.php';
$r = new Request($_REQUEST);
$session = SessionController::apiCurrentSession($r);
$r['statement_type'] = 'html';
$r['show_solvers'] = true;
try {
$result = ProblemController::apiDetails($r);
$problem = ProblemsDAO::GetByAlias($result['alias']);
} catch (ApiException $e) {
header('HTTP/1.1 404 Not Found');
die(file_get_contents('../404.html'));
}
$smarty->assign('problem_statement', $result['problem_statement']);
$smarty->assign('problem_statement_language', $result['problem_statement_language']);
$smarty->assign('problem_alias', $result['alias']);
$smarty->assign('public', $result['public']);
$smarty->assign('source', $result['source']);
$smarty->assign('title', $result['title']);
$smarty->assign('points', $result['points']);
$smarty->assign('validator', $result['validator']);
$smarty->assign('time_limit', $result['time_limit'] / 1000 . 's');
$smarty->assign('validator_time_limit', $result['validator_time_limit'] / 1000 . 's');
$smarty->assign('overall_wall_time_limit', $result['overall_wall_time_limit'] / 1000 . 's');
$smarty->assign('memory_limit', $result['memory_limit'] / 1024 . 'MB');
$smarty->assign('solvers', $result['solvers']);
$smarty->assign('karel_problem', count(array_intersect(explode(',', $result['languages']), array('kp', 'kj'))) == 2);
if (isset($result['sample_input'])) {
$smarty->assign('sample_input', $result['sample_input']);
}
$smarty->assign("CURRENT_USER_IS_ADMIN", 0);
if (defined("SMARTY_CACHE_DIR")) {
$smarty->setCacheDir(SMARTY_CACHE_DIR)->setCompileDir(SMARTY_CACHE_DIR);
}
$smarty->assign("GOOGLECLIENTID", OMEGAUP_GOOGLE_CLIENTID);
$smarty->assign("LOGGED_IN", "0");
UITools::$IsLoggedIn = false;
$smarty->assign("FB_URL", SessionController::getFacebookLoginUrl());
if (defined("OMEGAUP_GA_TRACK") && OMEGAUP_GA_TRACK) {
$smarty->assign("OMEGAUP_GA_TRACK", 1);
$smarty->assign("OMEGAUP_GA_ID", OMEGAUP_GA_ID);
} else {
$smarty->assign("OMEGAUP_GA_TRACK", 0);
}
$userRequest = new Request($_REQUEST);
$session = SessionController::apiCurrentSession($userRequest);
if ($session['valid']) {
$smarty->assign("LOGGED_IN", "1");
UITools::$IsLoggedIn = true;
$smarty->assign("CURRENT_USER_USERNAME", $session["username"]);
$smarty->assign("CURRENT_USER_EMAIL", $session["email"]);
$smarty->assign("CURRENT_USER_IS_EMAIL_VERIFIED", $session["is_email_verified"]);
$smarty->assign("CURRENT_USER_IS_ADMIN", $session["is_admin"]);
$smarty->assign("CURRENT_USER_PRIVATE_CONTESTS_COUNT", $session["private_contests_count"]);
$smarty->assign("CURRENT_USER_PRIVATE_PROBLEMS_COUNT", $session["private_problems_count"]);
$smarty->assign("CURRENT_USER_AUTH_TOKEN", $session["auth_token"]);
$smarty->assign("CURRENT_USER_GRAVATAR_URL_128", '<img src="https://secure.gravatar.com/avatar/' . md5($session["email"]) . '?s=92">');
$smarty->assign("CURRENT_USER_GRAVATAR_URL_16", '<img src="https://secure.gravatar.com/avatar/' . md5($session["email"]) . '?s=16">');
$smarty->assign("CURRENT_USER_GRAVATAR_URL_32", '<img src="https://secure.gravatar.com/avatar/' . md5($session["email"]) . '?s=32">');
UITools::$isAdmin = $session["is_admin"];
$userRequest["username"] = $session["username"];
/**
* Show the contest intro unless you are admin, or you
* already started this contest.
*/
public static function showContestIntro(Request $r)
{
try {
$r["contest"] = ContestsDAO::getByAlias($r["contest_alias"]);
} catch (Exception $e) {
throw new NotFoundException("contestNotFound");
}
if (is_null($r['contest'])) {
throw new NotFoundException("contestNotFound");
}
try {
// Half-authenticate, in case there is no session in place.
$session = SessionController::apiCurrentSession($r);
if ($session['valid'] && !is_null($session['user'])) {
$r["current_user"] = $session['user'];
$r["current_user_id"] = $session['user']->user_id;
}
self::canAccessContest($r);
} catch (Exception $e) {
// Could not access contest. Private contests must not be leaked, so
// unless they were manually added beforehand, show them a 404 error.
if (!ContestController::isInvitedToContest($r)) {
throw $e;
}
self::$log->error("Exception while trying to verify access: " . $e);
return ContestController::SHOW_INTRO;
}
$cs = SessionController::apiCurrentSession();
// You already started the contest.
$contestOpened = ContestsUsersDAO::getByPK($r['current_user_id'], $r["contest"]->getContestId());
if (!is_null($contestOpened) && $contestOpened->access_time != "0000-00-00 00:00:00") {
self::$log->debug("Not intro because you already started the contest");
return !ContestController::SHOW_INTRO;
}
return ContestController::SHOW_INTRO;
}
/**
* Test SessionController::apiCurrentSession private_problems_count
* when there's 0 problems
*/
public function testSessionControlerPrivateProblemsCountWithNoProblems()
{
$user = UserFactory::createUser();
$this->mockSessionManager();
// Login
$auth_token = $this->login($user);
// Prepare COOKIE as SessionMannager->getCookie expects
$_COOKIE[OMEGAUP_AUTH_TOKEN_COOKIE_NAME] = $auth_token;
// Call CurrentSession api
$response = SessionController::apiCurrentSession();
$this->assertEquals(0, $response['private_problems_count']);
}
/**
* Show the contest intro unless you are admin, or you
* already started this contest.
*/
public static function showContestIntro(Request $r)
{
try {
$r["contest"] = ContestsDAO::getByAlias($r["contest_alias"]);
} catch (Exception $e) {
throw new NotFoundException("contestNotFound");
}
try {
// Half-authenticate, in case there is no session in place.
$session = SessionController::apiCurrentSession($r);
if ($session['valid'] && $session['user'] != null) {
$r["current_user"] = $session['user'];
$r["current_user_id"] = $session['user']->user_id;
}
self::canAccessContest($r);
} catch (Exception $e) {
self::$log->error("Exception while trying to verify access: " . $e);
return ContestController::SHOW_INTRO;
}
// You are admin
if (!is_null($r['current_user_id']) && Authorization::IsContestAdmin($r["current_user_id"], $r["contest"])) {
self::$log->debug("Not intro because you are admin");
return !ContestController::SHOW_INTRO;
}
$cs = SessionController::apiCurrentSession();
// You already started the contest.
$contestOpened = null;
if (!is_null($clarificationEmailBody = ContestsUsersDAO::getByPK($cs["id"], $r["contest"]->getContestId())) && $contestOpened->access_time != "0000-00-00 00:00:00") {
self::$log->debug("Not intro because you already started the contest");
return !ContestController::SHOW_INTRO;
}
return ContestController::SHOW_INTRO;
}
