/**
* @param Ajde_Core_Route $route
*
* @return Ajde_Controller
*/
public static function fromRoute(Ajde_Core_Route $route)
{
if ($controller = $route->getController()) {
$moduleController = ucfirst($route->getModule()) . ucfirst($controller) . 'Controller';
} else {
$moduleController = ucfirst($route->getModule()) . 'Controller';
}
if (!class_exists($moduleController)) {
// Prevent resursive 404 routing
$errorRoutes = config('routes.errors');
if (isset($errorRoutes[Ajde_Http_Response::RESPONSE_TYPE_NOTFOUND])) {
$notFoundRoute = new Ajde_Core_Route($errorRoutes[Ajde_Http_Response::RESPONSE_TYPE_NOTFOUND]);
if ($route->buildRoute() == $notFoundRoute->buildRoute()) {
Ajde_Http_Response::setResponseType(404);
die('<h2>Ouch, something broke.</h2><p>This is serious. We tried to give you a nice error page, but even that failed.</p><button onclick="location.href=\'' . config('app.rootUrl') . '\';">Go back to homepage</button>');
}
}
if (class_exists('Ajde_Exception')) {
$exception = new Ajde_Core_Exception_Routing("Controller {$moduleController} for module {$route->getModule()} not found", 90008);
} else {
// Normal exception here to prevent [Class 'Ajde_Exception' not found] errors...
$exception = new Exception("Controller {$moduleController} for module {$route->getModule()} not found");
}
Ajde::routingError($exception);
}
$controller = new $moduleController($route->getAction(), $route->getFormat());
$controller->_route = $route;
foreach ($route->values() as $part => $value) {
$controller->set($part, $value);
}
return $controller;
}
/**
* @throws Ajde_Core_Exception_Security
*
* @return Ajde_Http_Request
*/
public static function fromGlobal()
{
$instance = new self();
$post = self::globalPost();
if (!empty($post) && self::requirePostToken() && !self::_isWhitelisted()) {
// Measures against CSRF attacks
$session = new Ajde_Session('AC.Form');
if (!isset($post['_token']) || !$session->has('formTime')) {
$exception = new Ajde_Core_Exception_Security('No form token received or no form time set, bailing out to prevent CSRF attack');
if (config('app.debug') === true) {
Ajde_Http_Response::setResponseType(Ajde_Http_Response::RESPONSE_TYPE_FORBIDDEN);
throw $exception;
} else {
// Prevent inf. loops
unset($_POST);
unset($_REQUEST);
// Rewrite
Ajde_Exception_Log::logException($exception);
Ajde_Http_Response::dieOnCode(Ajde_Http_Response::RESPONSE_TYPE_FORBIDDEN);
}
}
$formToken = $post['_token'];
if (!self::verifyFormToken($formToken) || !self::verifyFormTime()) {
// TODO:
if (!self::verifyFormToken($formToken)) {
$exception = new Ajde_Core_Exception_Security('No matching form token (got ' . self::_getHashFromSession($formToken) . ', expected ' . self::_tokenHash($formToken) . '), bailing out to prevent CSRF attack');
} else {
$exception = new Ajde_Core_Exception_Security('Form token timed out, bailing out to prevent CSRF attack');
}
if (config('app.debug') === true) {
Ajde_Http_Response::setResponseType(Ajde_Http_Response::RESPONSE_TYPE_FORBIDDEN);
throw $exception;
} else {
// Prevent inf. loops
unset($_POST);
unset($_REQUEST);
// Rewrite
Ajde_Exception_Log::logException($exception);
Ajde_Http_Response::dieOnCode(Ajde_Http_Response::RESPONSE_TYPE_FORBIDDEN);
}
}
}
// Security measure, protect $_POST
$global = self::globalGet();
foreach ($global as $key => $value) {
$instance->set($key, $value);
}
$instance->_postData = self::globalPost();
if (!empty($instance->_postData)) {
Ajde_Cache::getInstance()->disable();
}
return $instance;
}
public function beforeInvoke()
{
Ajde_Cache::getInstance()->disable();
$this->_providername = Ajde::app()->getRequest()->getParam('provider', false);
$sso = config('ssoProviders');
if (!$this->_providername || !in_array($this->_providername, $sso)) {
Ajde_Http_Response::redirectNotFound();
}
$classname = 'Ajde_User_Sso_' . ucfirst($this->_providername);
$this->_provider = new $classname();
return parent::beforeInvoke();
}
function shutdown()
{
if (($error = error_get_last()) && in_array($error['type'], array(E_ERROR, E_CORE_ERROR, E_COMPILE_ERROR, E_USER_ERROR))) {
$exception = new ErrorException($error['message'], 0, $error['type'], $error['file'], $error['line']);
if (Config::get('debug') === true) {
echo Ajde_Exception_Handler::trace($exception);
} else {
// Use native PHP error log function, as Ajde_Exception_Log does not work
error_log($error['message'] . ', ' . $error['type'] . ', ' . $error['file'] . ', ' . $error['line']);
Ajde_Http_Response::dieOnCode(Ajde_Http_Response::RESPONSE_TYPE_SERVERERROR);
}
}
}
public function __bootstrap()
{
// Session name
session_name(Config::get('ident') . '_session');
// Security
ini_set('session.gc_maxlifetime', Config::get("gcLifetime") * 60);
// PHP session garbage collection timeout in minutes
ini_set('session.use_cookies', 1);
ini_set('session.use_only_cookies', 1);
// @see http://www.php.net/manual/en/session.configuration.php#ini.session.use-only-cookies
// Cookie parameter
$lifetime = Config::get("cookieLifetime");
$path = Config::get('site_path');
$domain = Config::get('cookieDomain');
$secure = Config::get('cookieSecure');
$httponly = Config::get('cookieHttponly');
session_set_cookie_params($lifetime * 60, $path, $domain, $secure, $httponly);
session_cache_limiter('private_no_expire');
// Start the session!
session_start();
// Force send new cookie with updated lifetime (forcing keep-alive)
// @see http://www.php.net/manual/en/function.session-set-cookie-params.php#100672
session_regenerate_id();
// Strengthen session security with REMOTE_ADDR and HTTP_USER_AGENT
// @see http://shiflett.org/articles/session-hijacking
if (isset($_SESSION['client']) && $_SESSION['client'] !== md5($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] . Config::get('secret'))) {
session_regenerate_id();
session_destroy();
// TODO:
$exception = new Ajde_Exception('Possible session hijacking detected. Bailing out.');
if (Config::getInstance()->debug === true) {
throw $exception;
} else {
Ajde_Exception_Log::logException($exception);
Ajde_Http_Response::dieOnCode(Ajde_Http_Response::RESPONSE_TYPE_FORBIDDEN);
}
} else {
$_SESSION['client'] = md5($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] . Config::get('secret'));
}
// remove cache headers invoked by session_start();
if (version_compare(PHP_VERSION, '5.3.0') >= 0) {
header_remove('X-Powered-By');
}
return true;
}
public static function handler(Exception $exception)
{
try {
if (Config::getInstance()->debug === true) {
if (!((get_class($exception) == 'Ajde_Exception' || is_subclass_of($exception, 'Ajde_Exception')) && !$exception->traceOnOutput())) {
Ajde_Exception_Log::logException($exception);
echo self::trace($exception);
} else {
Ajde_Exception_Log::logException($exception);
Ajde_Http_Response::redirectServerError();
}
} else {
Ajde_Exception_Log::logException($exception);
Ajde_Http_Response::redirectServerError();
}
} catch (Exception $exception) {
error_log(self::trace($exception, self::EXCEPTION_TRACE_LOG));
die("An uncatched exception occured within the error handler, see the server error_log for details");
}
}
/**
* @return Ajde_Model
*/
public function getItem()
{
if ($this->isNew()) {
$this->fireCrudLoadedOnModel($this->getModel());
return $this->getModel();
}
if (!$this->getModel()->getPK()) {
$model = $this->getModel();
if (!$model->loadByPK($this->getId())) {
Ajde_Http_Response::redirectNotFound();
} else {
if (!$model->getAutoloadParents()) {
$model->loadParents();
}
}
$this->fireCrudLoadedOnModel($this->getModel());
}
return $this->getModel();
}
public static function routingError(Exception $exception)
{
if (config('app.debug') === true) {
throw $exception;
} else {
if (class_exists('Ajde_Exception_Log')) {
Ajde_Exception_Log::logException($exception);
}
Ajde_Http_Response::redirectNotFound();
}
}
public function registerJson()
{
$user = new UserModel();
$returnto = Ajde::app()->getRequest()->getPostParam('returnto', false);
$username = Ajde::app()->getRequest()->getPostParam($user->usernameField);
$password = Ajde::app()->getRequest()->getPostParam('password', '');
$passwordCheck = Ajde::app()->getRequest()->getPostParam('passwordCheck', '');
$providername = Ajde::app()->getRequest()->getPostParam('provider', false);
$email = Ajde::app()->getRequest()->getPostParam('email', false);
$fullname = Ajde::app()->getRequest()->getPostParam('fullname', false);
$return = [false];
$shadowUser = new UserModel();
$provider = false;
if ($providername) {
$sso = config('user.sso.providers');
if (!in_array($providername, $sso)) {
Ajde_Http_Response::redirectNotFound();
}
$classname = 'Ajde_User_Sso_' . ucfirst($providername);
/* @var $provider Ajde_User_SSO_Interface */
$provider = new $classname();
}
if (empty($username)) {
$return = ['success' => false, 'message' => trans('Please provide a ' . $user->usernameField . '')];
} else {
if (!$provider && empty($password)) {
$return = ['success' => false, 'message' => trans('Please provide a password')];
} else {
if ($shadowUser->loadByField($shadowUser->usernameField, $username)) {
$return = ['success' => false, 'message' => trans(ucfirst($user->usernameField) . ' already exist')];
} else {
if (!$provider && $password !== $passwordCheck) {
$return = ['success' => false, 'message' => trans('Passwords do not match')];
} else {
if (empty($email)) {
$return = ['success' => false, 'message' => trans('Please provide an e-mail address')];
} else {
if (Ajde_Component_String::validEmail($email) === false) {
$return = ['success' => false, 'message' => trans('Please provide a valid e-mail address')];
} else {
if ($shadowUser->loadByField('email', $email)) {
$return = ['success' => false, 'message' => trans('A user with this e-mail address already exist')];
} else {
if (empty($fullname)) {
$return = ['success' => false, 'message' => trans('Please provide a full name')];
} else {
if ($provider && !$provider->getData()) {
$return = ['success' => false, 'message' => trans('Something went wrong with fetching your credentials from an external service')];
} else {
$user->set('email', $email);
$user->set('fullname', $fullname);
if ($user->add($username, $password)) {
if ($provider) {
$sso = new SsoModel();
$sso->populate(['user' => $user->getPK(), 'provider' => $providername, 'username' => $provider->getUsernameSuggestion(), 'avatar' => $provider->getAvatarSuggestion(), 'profile' => $provider->getProfileSuggestion(), 'uid' => $provider->getUidHash(), 'data' => serialize($provider->getData())]);
$sso->insert();
$user->copyAvatarFromSso($sso);
}
$user->login();
$user->storeCookie($this->includeDomain);
Ajde_Session_Flash::alert(sprintf(trans('Welcome %s, you are now logged in'), $fullname));
$return = ['success' => true, 'returnto' => $returnto];
} else {
$return = ['success' => false, 'message' => trans('Something went wrong')];
}
}
}
}
}
}
}
}
}
}
return $return;
}
public static function routingError(Ajde_Exception $exception)
{
if (Config::get("debug") === true) {
throw $exception;
} else {
Ajde_Exception_Log::logException($exception);
Ajde_Http_Response::redirectNotFound();
}
}
