public function __construct($name, $style = 'default', $format = null)
{
$this->setName($name);
$this->setStyle($style);
$base = LAYOUT_DIR . $this->getName() . '/';
$action = $this->getStyle();
if (!$format) {
$format = Ajde_Http_Request::isAjax() && $this->exist($base, $action, 'ajax') || Ajde::app()->getDocument()->getFormat() === 'ajax' ? 'ajax' : 'html';
}
parent::__construct($base, $action, $format);
}
public function run()
{
// For debugger
$this->addTimer('<i>Application</i>');
// Create fresh response
$timer = $this->addTimer('Create response');
$response = new Ajde_Http_Response();
$this->setResponse($response);
$this->endTimer($timer);
// Bootstrap init
$timer = $this->addTimer('Run bootstrap cue');
$bootstrap = new Ajde_Core_Bootstrap();
$bootstrap->run();
$this->endTimer($timer);
// Get request
$timer = $this->addTimer('Read in global request');
$request = Ajde_Http_Request::fromGlobal();
$this->setRequest($request);
$this->endTimer($timer);
// Get route
$timer = $this->addTimer('Initialize route');
$route = $request->initRoute();
$this->setRoute($route);
$this->endTimer($timer);
// Load document
$timer = $this->addTimer('Create document');
$document = Ajde_Document::fromRoute($route);
$this->setDocument($document);
$this->endTimer($timer);
// Load controller
$timer = $this->addTimer('Load controller');
$controller = Ajde_Controller::fromRoute($route);
$this->setController($controller);
$this->endTimer($timer);
// Invoke controller action
$timer = $this->addTimer('Invoke controller');
$actionResult = $controller->invoke();
$document->setBody($actionResult);
$this->endTimer($timer);
// Get document contents
$timer = $this->addTimer('Render document');
$contents = $document->render();
$this->endTimer($timer);
// Let the cache handle the contents and have it saved to the response
$timer = $this->addTimer('Save to response');
$cache = Ajde_Cache::getInstance();
$cache->setContents($contents);
$cache->saveResponse();
$this->endTimer($timer);
// Output the buffer
$response->send();
}
public function logoff()
{
if ($user = $this->getLoggedInUser()) {
$user->logout();
}
if ($returnto = Ajde::app()->getRequest()->getParam('returnto', false)) {
$this->redirect($returnto);
} elseif (substr_count(Ajde_Http_Request::getRefferer(), 'logoff') > 0 || !Ajde_Http_Request::getRefferer()) {
$this->redirect('user');
} else {
$this->redirect(Ajde_Http_Response::REDIRECT_REFFERER);
}
}
public function __construct($name, $style = 'default', $format = null)
{
$this->setName($name);
$this->setStyle($style);
$base = LAYOUT_DIR . $this->getName() . DIRECTORY_SEPARATOR;
$action = $this->getStyle();
if (!$format) {
if (Ajde_Http_Request::isAjax() && $this->exist($base, $action, 'ajax') || Ajde::app()->getDocument()->getFormat() === 'ajax') {
$format = 'ajax';
} else {
if (Ajde::app()->getDocument()->getFormat() === 'crud') {
$format = 'crud';
} else {
$format = 'html';
}
}
}
parent::__construct($base, $action, $format);
}
private function submission($crudId, $id)
{
$session = new Ajde_Session('AC.Crud');
/* @var $crud Ajde_Crud */
$crud = $session->getModel($crudId);
// verify that we have a valid crud model
if (!$crud) {
return ['success' => false];
}
/* @var $model FormModel */
$model = $crud->getModel();
$model->setOptions($crud->getOptions('model'));
// Get POST params
$post = Ajde_Http_Request::globalPost();
$id = issetor($post['id']);
// verify that we have a valid form model
if (!$id) {
return ['success' => false];
}
// load form
$model->loadByPK($id);
$model->populate($post);
// validate form
Ajde_Event::trigger($model, 'beforeCrudSave', [$crud]);
if (!$model->validate($crud->getOptions('fields'))) {
return ['operation' => 'save', 'success' => false, 'errors' => $model->getValidationErrors()];
}
// prepare submission
$values = [];
foreach ($post as $key => $value) {
if (substr($key, 0, 5) === 'meta_') {
$metaId = str_replace('meta_', '', $key);
$metaName = MetaModel::getNameFromId($metaId);
$values[$metaName] = $value;
}
}
$entryText = '';
foreach ($values as $k => $v) {
$entryText .= $k . ': ' . $v . PHP_EOL;
}
$submission = new SubmissionModel();
$submission->form = $id;
$submission->ip = $_SERVER['REMOTE_ADDR'];
$submission->user = Ajde_User::getLoggedIn();
$submission->entry = json_encode($values);
$submission->entry_text = $entryText;
$success = $submission->insert();
if ($success === true) {
// Destroy reference to crud instance
$session->destroy($crudId);
// set message for next page
Ajde_Session_Flash::alert(trans('Form submitted successfully'));
$mailer = new Ajde_Mailer();
// send email to administrator
$body = 'Form: ' . $model->displayField() . '<br/><br/>' . nl2br($entryText);
$mailer->SendQuickMail(config('app.email'), config('app.email'), config('app.title'), 'New form submission', $body);
// send email to user
$email = $model->getEmail();
/* @var $email EmailModel */
$email_to = $model->getEmailTo();
/* @var $email MetaModel */
$email_address = issetor($post['meta_' . $email_to->getPK()]);
if ($email->hasLoaded() && $email_to->hasLoaded() && $email_address) {
$mailer->sendUsingModel($email->getIdentifier(), $email_address, $email_address, ['entry' => nl2br($entryText)]);
}
}
return ['operation' => 'save', 'id' => $model->getPK(), 'displayField' => $model->get($model->getDisplayField()), 'success' => $success];
}
public function updatePayment()
{
// PHP 4.1
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
$post = Ajde_Http_Request::globalPost();
foreach ($post as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&{$key}={$value}";
}
// post back to PayPal system to validate
$header = '';
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= 'Content-Length: ' . strlen($req) . "\r\n\r\n";
$fp = fsockopen($this->isSandbox() ? 'ssl://www.sandbox.paypal.com' : 'ssl://www.paypal.com', 443, $errno, $errstr, 30);
// assign posted variables to local variables
$item_name = issetor($post['item_name']);
$item_number = issetor($post['item_number']);
$payment_status = issetor($post['payment_status']);
$payment_amount = issetor($post['mc_gross']);
$payment_currency = issetor($post['mc_currency']);
$txn_id = issetor($post['txn_id']);
$receiver_email = issetor($post['receiver_email']);
$payer_email = issetor($post['payer_email']);
$secret = issetor($post['custom']);
$transaction = new TransactionModel();
$changed = false;
if (!$fp) {
// HTTP ERROR
} else {
fwrite($fp, $header . $req);
while (!feof($fp)) {
$res = fgets($fp, 1024);
if (strcmp($res, 'VERIFIED') == 0) {
if (!$transaction->loadByField('secret', $secret)) {
Ajde_Log::log('Could not find transaction for PayPal payment with txn id ' . $txn_id . ' and transaction secret ' . $secret);
return ['success' => false, 'transaction' => null];
}
// check the payment_status is Completed
// accept Pending from PayPal (eChecks?)
$acceptPending = true;
if ($payment_status == 'Completed' || $acceptPending && $payment_status == 'Pending') {
$details = 'AMOUNT: ' . $payment_amount . PHP_EOL . 'CURRENCY: ' . $payment_currency . PHP_EOL . 'PAYER_EMAIL: ' . $payer_email . PHP_EOL . 'RECEIVER_EMAIL: ' . $receiver_email . PHP_EOL . 'TXN_ID: ' . $txn_id . PHP_EOL;
// update transaction only once
if ($transaction->payment_status != 'completed') {
$transaction->payment_details = $details;
$transaction->payment_status = 'completed';
$transaction->save();
$changed = true;
}
// Write pending to Log
if ($payment_status == 'Pending') {
Ajde_Log::log('Status is Pending but accepting now. PayPal payment with txn id ' . $txn_id . ' and transaction secret ' . $secret);
}
return ['success' => true, 'changed' => $changed, 'transaction' => $transaction];
} else {
if ($transaction->payment_status != 'refused') {
$transaction->payment_status = 'refused';
$transaction->save();
$changed = true;
}
Ajde_Log::log('Status is not Completed but ' . $payment_status . ' for PayPal payment with txn id ' . $txn_id . ' and transaction secret ' . $secret);
}
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment
} else {
if (strcmp($res, 'INVALID') == 0) {
if (!$transaction->loadByField('secret', $secret)) {
// secret not found anyway
$transaction = null;
Ajde_Log::log('Could not find transaction for PayPal payment with txn id ' . $txn_id . ' and transaction secret ' . $secret);
} else {
// log for manual investigation
if ($transaction->payment_status != 'refused') {
$transaction->payment_status = 'refused';
$transaction->save();
$changed = true;
}
Ajde_Log::log('Validation failed for PayPal payment with txn id ' . $txn_id);
}
}
}
}
fclose($fp);
}
return ['success' => false, 'changed' => $changed, 'transaction' => $transaction];
}
public function setRedirect($url = self::REDIRECT_SELF)
{
if ($url === true || $url === self::REDIRECT_HOMEPAGE) {
$this->addHeader('Location', config('app.rootUrl'));
} elseif ($url === self::REDIRECT_REFFERER) {
$this->addHeader('Location', Ajde_Http_Request::getRefferer());
} elseif ($url === self::REDIRECT_SELF || empty($url)) {
$route = (string) Ajde::app()->getRoute();
$this->addHeader('Location', config('app.rootUrl') . $route);
} elseif (substr($url, 0, 7) == 'http://' || substr($url, 0, 8) == 'https://') {
$this->addHeader('Location', $url);
} elseif ($url) {
$this->addHeader('Location', config('app.rootUrl') . $url);
}
// Don't load any content after Location header is set
Ajde::app()->getDocument()->setLayout(new Ajde_Layout('empty'));
}
public function loadRequest()
{
$request = Ajde_Http_Request::fromGlobal();
$this->setRequest($request);
return $request;
}
public function __bootstrap()
{
// Session name
$sessionName = config('app.id') . '_session';
session_name($sessionName);
// Session lifetime
$lifetime = config('session.lifetime');
// Security garbage collector
ini_set('session.gc_maxlifetime', $lifetime == 0 ? 180 * 60 : $lifetime * 60);
// PHP session garbage collection timeout in minutes
ini_set('session.gc_divisor', 100);
// Set divisor and probability for cronjob Ubuntu/Debian
// ini_set('session.gc_probability', 1); // @see http://www.php.net/manual/en/function.session-save-path.php#98106
// Set session save path
if (config('session.savepath')) {
ini_set('session.save_path', str_replace('~', LOCAL_ROOT, config('session.savepath')));
}
// Set sessions to use cookies
ini_set('session.use_cookies', 1);
ini_set('session.use_only_cookies', 1);
// @see http://www.php.net/manual/en/session.configuration.php#ini.session.use-only-cookies
// Session cookie parameter
$path = config('app.path');
$domain = config('security.cookie.domain');
$secure = config('security.cookie.secure');
$httponly = config('security.cookie.httponly');
// Set cookie lifetime
session_set_cookie_params($lifetime * 60, $path, $domain, $secure, $httponly);
session_cache_limiter('private_no_expire');
// Start the session!
session_start();
// Strengthen session security with REMOTE_ADDR and HTTP_USER_AGENT
// @see http://shiflett.org/articles/session-hijacking
// Removed REMOTE_ADDR, use HTTP_X_FORWARDED_FOR if available
$remoteIp = Ajde_Http_Request::getClientIP();
// Ignore Google Chrome frame as it has a split personality
// @todo TODO: security issue!!
// @see http://www.chromium.org/developers/how-tos/chrome-frame-getting-started/understanding-chrome-frame-user-agent
if (isset($_SERVER['HTTP_USER_AGENT']) && substr_count($_SERVER['HTTP_USER_AGENT'], 'chromeframe/') === 0 && isset($_SESSION['client']) && $_SESSION['client'] !== md5($remoteIp . $_SERVER['HTTP_USER_AGENT'] . config('security.secret'))) {
// TODO: overhead to call session_regenerate_id? is it not required??
//session_regenerate_id();
// thoroughly destroy the current session
session_destroy();
unset($_SESSION);
setcookie(session_name(), session_id(), time() - 3600, $path, $domain, $secure, $httponly);
// TODO:
$exception = new Ajde_Core_Exception_Security('Possible session hijacking detected. Bailing out.');
if (config('app.debug') === true) {
throw $exception;
} else {
// don't redirect/log for resource items, as they should have no side effect
// this makes it possible for i.e. web crawlers/error pages to view resources
$request = Ajde_Http_Request::fromGlobal();
$route = $request->initRoute();
Ajde::app()->setRequest($request);
if (!in_array($route->getFormat(), ['css', 'js'])) {
Ajde_Exception_Log::logException($exception);
Ajde_Cache::getInstance()->disable();
// Just destroying the session should be enough
// Ajde_Http_Response::dieOnCode(Ajde_Http_Response::RESPONSE_TYPE_FORBIDDEN);
}
}
} else {
$_SESSION['client'] = md5($remoteIp . issetor($_SERVER['HTTP_USER_AGENT']) . config('security.secret'));
if ($lifetime > 0) {
// Force send new cookie with updated lifetime (forcing keep-alive)
// @see http://www.php.net/manual/en/function.session-set-cookie-params.php#100672
//session_regenerate_id();
// Set cookie manually if session_start didn't just sent a cookie
// @see http://www.php.net/manual/en/function.session-set-cookie-params.php#100657
if (isset($_COOKIE[$sessionName])) {
setcookie(session_name(), session_id(), time() + $lifetime * 60, $path, $domain, $secure, $httponly);
}
}
}
// remove cache headers invoked by session_start();
if (version_compare(PHP_VERSION, '5.3.0') >= 0) {
header_remove('X-Powered-By');
}
return true;
}
