/**
* Page のプロセス.
*
* @return void
*/
public function process()
{
parent::process();
$objView = new SiteView();
$objSess = new Session();
Utils::sfIsSuccess($objSess);
if (isset($_SESSION['preview']) && $_SESSION['preview'] === 'ON') {
// プレビュー用のレイアウトデザインを取得
/* @var $objLayout PageLayoutHelper */
$objLayout = Application::alias('eccube.helper.page_layout');
$objLayout->sfGetPageLayout($this, true);
// 画面の表示
$objView->assignobj($this);
$objView->display(SITE_FRAME);
return;
}
Utils::sfDispSiteError(PAGE_ERROR);
}
/**
* プロダクトIDの正当性チェック
*
* @param string $admin_mode
* @param int $product_id
* @param Product $objProduct
* @return integer
*/
public function lfCheckProductId($admin_mode, $product_id, Product $objProduct)
{
// 管理機能からの確認の場合は、非公開の商品も表示する。
if (isset($admin_mode) && $admin_mode == 'on' && Utils::sfIsSuccess(new Session(), false)) {
$include_hidden = true;
} else {
$include_hidden = false;
}
if (!$objProduct->isValidProductId($product_id, $include_hidden)) {
Utils::sfDispSiteError(PRODUCT_NOT_FOUND);
}
return $product_id;
}
/**
* オペレーションの実行権限をチェックする
*
* @param string オペレーション名
* @param array リクエストパラメータ
* @return boolean 権限がある場合 true; 無い場合 false
*/
protected function checkOperationAuth($operation_name, &$arrParam, &$arrApiConfig)
{
if (Utils::isBlank($operation_name)) {
return false;
}
$arrAuthTypes = explode('|', $arrApiConfig['auth_types']);
$result = false;
foreach ($arrAuthTypes as $auth_type) {
$ret = false;
switch ($auth_type) {
case self::API_AUTH_TYPE_REFERER:
$ret = static::checkReferer();
break;
case self::API_AUTH_TYPE_SESSION_TOKEN:
$ret = SessionHelper::isValidToken(false);
break;
case self::API_AUTH_TYPE_API_SIGNATURE:
$ret = static::checkApiSignature($operation_name, $arrParam, $arrApiConfig);
break;
case self::API_AUTH_TYPE_CUSTOMER:
$ret = static::checkCustomerAccount($arrParam['login_email'], $arrParam['login_password']);
break;
case self::API_AUTH_TYPE_MEMBER:
$ret = static::checkMemberAccount($arrParam['member_id'], $arrParam['member_password']);
break;
case self::API_AUTH_TYPE_CUSTOMER_LOGIN_SESSION:
/* @var $objCustomer Customer */
$objCustomer = Application::alias('eccube.customer');
$ret = $objCustomer->isLoginSuccess();
break;
case self::API_AUTH_TYPE_MEMBER_LOGIN_SESSION:
$ret = Utils::sfIsSuccess(new Session(), false);
break;
case self::API_AUTH_TYPE_IP:
$ret = static::checkIp($operation_name);
break;
case self::API_AUTH_TYPE_HOST:
$ret = static::checkHost($operation_name);
break;
case self::API_AUTH_TYPE_SSL:
$ret = Utils::sfIsHTTPS();
break;
case self::API_AUTH_TYPE_OPEN:
$result = true;
break 2;
// foreachも抜ける
// foreachも抜ける
default:
$ret = false;
break;
}
if ($ret === true) {
$result = true;
} else {
$result = false;
break;
// 1つでもfalseがあれば,その時点で終了
}
}
return $result;
}
/**
* 管理画面の認証を行う.
*
* mtb_auth_excludes へ登録されたページは, 認証を除外する.
*
* @return void
*/
public static function adminAuthorization()
{
$arrScriptPath = explode('/', str_replace('\\', '/', $_SERVER['SCRIPT_FILENAME']));
if (!GcUtils::isAdminFunction()) {
return;
} else {
$masterData = Application::alias('eccube.db.master_data');
$arrExcludes = $masterData->getMasterData('mtb_auth_excludes');
foreach ($arrExcludes as $exclude) {
$arrExcludesPath = explode('/', str_replace('\\', '/', realpath(HTML_REALDIR . ADMIN_DIR . $exclude)));
$arrDiff = array_diff_assoc($arrExcludesPath, $arrScriptPath);
if (count($arrDiff) === 0) {
return;
}
}
}
Utils::sfIsSuccess(new Session());
}