public function doExecute() { // if supplied in url, use that (for future API use) $username = $this->request->getProperty("username"); if (!$username) { // default to logged in user $username = $this->request->getSession("username"); } // default names for if we have to create a new category. // can be sent with HTTP request, otherwise we have hard coded defaults. $strNewSubject = $this->registry->getConfig("default_collection_name", false, "My Saved Databases"); $strNormalizedSubject = Xerxes_Data_Category::normalize($strNewSubject); // we can only do this if we have a real user (not temp user) if ($username == null || !Xerxes_Framework_Restrict::isAuthenticatedUser($this->request)) { throw new Xerxes_Exception_AccessDenied("text_collections_error_not_logged_in"); } $objData = new Xerxes_DataMap(); //$arrResults = $objData->getUserCreatedCategories($username, "id"); $arrResults = $objData->getUserCreatedCategories($username); // find the default one, if present. $redirectCategory = null; for ($i = 0; $i < count($arrResults); $i++) { $iCat = $arrResults[$i]; if ($iCat->normalized == $strNormalizedSubject) { $redirectCategory = $iCat; break; } } // Couldn't find it? Have to make one. if (empty($redirectCategory)) { //Create one $redirectCategory = $this->addDefaultCollection($objData, $username); } /* This doesn't work right yet, although it's a nice idea. else { // Okay, let's make sure our default category has at least one // section, which it always ought to, but data corruption sometimes, // and we can fix it up. Got to refetch it to get it's subcategories. $redirectCategory = $objData->getSubject( $redirectCategory->normalized, null, Xerxes_DataMap::userCreatedMode, $redirectCategory->username); if ( count($redirectCategory->subcategories) == 0) { // add the default one $this->addDefaultSubcategory($objData, $redirectCategory); } }*/ // and redirect $url = $this->request->url_for(array('base' => 'collections', 'action' => 'subject', 'username' => $username, 'subject' => $redirectCategory->normalized)); $this->request->setRedirect($url); return 1; }
public function doExecute() { // If supplied in URL, use that (for future API use). // Nevermind, this is a privacy problem until we right access // controls for that future API use. //$username = $this->request->getProperty("username"); //if ( ! $username ) { // default to logged in user $username = $this->request->getSession("username"); //} // we can only do this if we have a real user (not temp user), otherwise // just add no XML. if ($username == null || !Xerxes_Framework_Restrict::isAuthenticatedUser($this->request)) { return 0; } $objXml = new DOMDOcument(); $objData = new Xerxes_DataMap(); $arrResults = $objData->getUserCreatedCategories($username); $x = 1; if (count($arrResults) > 0) { $objXml->loadXML("<userCategories />"); foreach ($arrResults as $objCategoryData) { $objCategory = $objXml->createElement("category"); $objCategory->setAttribute("position", $x); foreach ($objCategoryData->properties() as $key => $value) { if ($value != null) { $objElement = $objXml->createElement("{$key}", Xerxes_Framework_Parser::escapeXml($value)); $objCategory->appendChild($objElement); } } // add the url for the category $arrParams = array("base" => "collections", "action" => "subject", "username" => $username, "subject" => $objCategoryData->normalized); $url = Xerxes_Framework_Parser::escapeXml($this->request->url_for($arrParams)); $objElement = $objXml->createElement("url", $url); $objCategory->appendChild($objElement); $objXml->documentElement->appendChild($objCategory); $x++; } } $this->request->addDocument($objXml); return 1; }
/** * Determines if the database is searchable by user * * @param Xerxes_Data_Database $db * @param Xerxes_Framework_Request $objRequest Xerxes request object * @param Xerxes_Framework_Registry $objRegistry Xerxes registry object * @return unknown */ public static function dbSearchableForUser(Xerxes_Data_Database $db, $objRequest, $objRegistry) { $allowed = ""; if ($db->searchable != 1) { //nobody can search it! $allowed = false; } elseif ($db->guest_access != "") { //anyone can search it! $allowed = true; } elseif (count($db->group_restrictions) > 0) { // they have to be authenticated, and in a group that is included // in the restrictions, or in an ip address associated with a // restricted group. $allowed = Xerxes_Framework_Restrict::isAuthenticatedUser($objRequest) && array_intersect($_SESSION["user_groups"], $db->group_restrictions); if (!$allowed) { // not by virtue of a login, but now check for ip address $ranges = array(); foreach ($db->get("group_restrictions") as $group) { $ranges[] = $objRegistry->getGroupLocalIpRanges($group); } $allowed = Xerxes_Framework_Restrict::isIpAddrInRanges($objRequest->getServer('REMOTE_ADDR'), implode(",", $ranges)); } } else { // ordinary generally restricted resource. they need to be // an authenticated user, or in the local ip range. if (Xerxes_Framework_Restrict::isAuthenticatedUser($objRequest) || Xerxes_Framework_Restrict::isIpAddrInRanges($objRequest->getServer('REMOTE_ADDR'), $objRegistry->getConfig("LOCAL_IP_RANGE"))) { $allowed = true; } } return $allowed; }
/** * Retrieve master XML and all request paramaters * * @param bool $bolHideServer [optional] true will exclude the server variables from the response, default false * * @return DOMDocument */ public function toXML($bolHideServer = false) { $objRegistry = Xerxes_Framework_Registry::getInstance(); // add the url parameters and session and server global arrays // to the master xml document $objXml = new DOMDocument(); $objXml->loadXML("<request />"); // session and server global arrays will have parent elements // but querystring and cookie params will be at the root of request $this->addElement($objXml, $objXml->documentElement, $this->arrParams); // add the session global array $objSession = $objXml->createElement("session"); $objXml->documentElement->appendChild($objSession); $this->addElement($objXml, $objSession, $_SESSION); // we might add some calculated thigns to xml that aren't actually // stored in session. // okay, yeah, we already have group memberships listed from the session, // but it doesn't have all the data we need, plus we need to stick // group memberships by virtue of IP address. $objAuth = $objXml->createElement("authorization_info"); $objXml->documentElement->appendChild($objAuth); // are they an affiliated user at all, meaning either logged in or // ip recognized? $authUser = Xerxes_Framework_Restrict::isAuthenticatedUser($this); $authIP = Xerxes_Framework_Restrict::isIpAddrInRanges($this->getServer('REMOTE_ADDR'), $objRegistry->getConfig("local_ip_range")); $objElement = $objXml->createElement("affiliated", $authUser || $authIP ? "true" : "false"); $objElement->setAttribute("user_account", $authUser ? "true" : "false"); $objElement->setAttribute("ip_addr", $authIP ? "true" : "false"); $objAuth->appendChild($objElement); // now each group $arrGroups = $objRegistry->userGroups(); if ($arrGroups != null) { foreach ($objRegistry->userGroups() as $group) { $authUser = array_key_exists("user_groups", $_SESSION) && is_array($_SESSION["user_groups"]) && in_array($group, $_SESSION["user_groups"]); $authIP = Xerxes_Framework_Restrict::isIpAddrInRanges($this->getServer('REMOTE_ADDR'), $objRegistry->getGroupLocalIpRanges($group)); $objElement = $objXml->createElement("group", $authUser || $authIP ? "true" : "false"); $objElement->setAttribute("id", $group); $objElement->setAttribute("display_name", $objRegistry->getGroupDisplayName($group)); $objElement->setAttribute("user_account", $authUser ? "true" : "false"); $objElement->setAttribute("ip_addr", $authIP ? "true" : "false"); $objAuth->appendChild($objElement); } } // add the server global array, but only if the request // asks for it, for security purposes if ($bolHideServer == true) { $objServer = $objXml->createElement("server"); $objXml->documentElement->appendChild($objServer); $this->addElement($objXml, $objServer, $_SERVER); } // add to the master xml document $this->addDocument($objXml); // once added, now return the master xml document return $this->xml; }
public function doExecute() { $objXml = new DOMDocument(); $objXml->loadXML("<navbar />"); ### saved records link $arrLink = array("base" => "folder"); // make sure there is no return if coming from login to prevent a spider // from thinking this is a different page if ($this->request->getProperty("base") != "authenticate") { $arrLink["return"] = $this->request->getServer("REQUEST_URI"); } $savedRecordsLink = $this->addNavbarElement($objXml, "saved_records", $arrLink); // add numSavedRecords and sessionSavedRecords for proper icon display $objData = new Xerxes_DataMap(); $num = $objData->totalRecords($this->request->getSession("username")); $savedRecordsLink->setAttribute("numSavedRecords", (string) $num); $savedRecordsLink->setAttribute("numSessionSavedRecords", Xerxes_Helper::numMarkedSaved()); ### my collections (i.e., databases) $arrCollectionUrl = array("base" => "collections", "action" => "list"); if (Xerxes_Framework_Restrict::isAuthenticatedUser($this->request)) { $arrCollectionUrl["username"] = $this->request->getSession("username"); } $this->addNavbarElement($objXml, "saved_collections", $arrCollectionUrl); ### authentication // tell it to force an https url if so configured. $force_secure_login = false; if ($this->registry->getConfig("secure_login", false) == "true") { $force_secure_login = true; } // login $this->addNavbarElement($objXml, "login", array("base" => "authenticate", "action" => "login", "return" => $this->request->getServer("REQUEST_URI")), $force_secure_login); // logout $this->addNavbarElement($objXml, "logout", array("base" => "authenticate", "action" => "logout", "return" => $this->request->getServer("REQUEST_URI"))); ### db alphabetical list $this->addNavbarElement($objXml, "database_list", array("base" => "databases", "action" => "alphabetical")); ### languages $languages = $this->registry->getConfig("LANGUAGES", false); if ($languages != null) { // map locales to language codes foreach ($languages as $language) { $order = NULL; $code = NULL; foreach ($language->attributes() as $name => $val) { if ($name == "code") { $code = (string) $val; } if ($name == "locale") { $locale = (string) $val; if ($locale == '') { $locale = 'C'; } } } $locales[$code] = $locale; } $languages_xml = $objXml->createElement("languages"); $objXml->documentElement->appendChild($languages_xml); $language_names = Xerxes_Framework_Languages::getInstance(); foreach ($languages->language as $language) { $code = (string) $language["code"]; $readable_name = $language_names->getNameFromCode("iso_639_2B_code", $code, $locales[$code]); $native_name = $language_names->getNameFromCode("iso_639_2B_code", $code); $language_node = $objXml->createElement("language"); $languages_xml->appendChild($language_node); $language_node->setAttribute("code", $code); $language_node->setAttribute("name", $readable_name); $language_node->setAttribute("native_name", $native_name); $language_node->setAttribute("locale", $locales[$code]); // link back to home page $current_params = $this->request->getURIProperties(); // this page // this is necessary on the home page if (!array_key_exists("base", $current_params)) { $current_params["base"] = ""; } // subject pages can't support a swap, so send user back to home page if (($current_params["base"] == "databases" || $current_params["base"] == "embed") && array_key_exists("subject", $current_params)) { $current_params = array(); $current_params["base"] = ""; } // add the languages $current_params["lang"] = $code; // with language set $url = $this->request->url_for($current_params); $language_node->setAttribute("url", $url); } } $this->request->addDocument($objXml); return 1; }