function run() { $sError = false; $this->setTitle($this->t_('title')); if (AnwEnv::_POST("submit")) { $sLogin = AnwEnv::_POST("login", ""); $sPassword = AnwEnv::_POST("password", ""); $bRememberMe = AnwSessions::isResumeEnabled() && AnwEnv::_POST("remember") ? true : false; $sUrlRedirect = AnwEnv::_POST("redirect", ""); try { //try to authenticate and open the session AnwCurrentSession::login($sLogin, $sPassword, $bRememberMe); $this->redirectInfo($sUrlRedirect, $this->t_("t_loggedin"), $this->t_("p_loggedin")); } catch (AnwAuthException $e) { $sError = $this->g_("err_auth"); } catch (AnwBadLoginException $e) { $sError = $this->g_("err_badlogin"); } catch (AnwBadPasswordException $e) { $sError = $this->g_("err_badpassword"); } //error occurred, display again the login form $this->showLoginForm($sLogin, $sUrlRedirect, $bRememberMe, $sError); } else { //arriving on the form $this->showLoginForm("", AnwEnv::_GET("redirect", ""), false); } }
protected function createAndGrant($sLogin, $sDisplayName, $sEmail, $sPassword) { try { //try to register $sLang = AnwCurrentSession::getLang(); $nTimezone = AnwCurrentSession::getTimezone(); $oUser = AnwUsers::createUser($sLogin, $sDisplayName, $sEmail, $sLang, $nTimezone, $sPassword); $this->grantUserAdmin($oUser); return; } catch (AnwLoginAlreadyTakenException $e) { $sError = $this->g_("err_loginalreadytaken"); } catch (AnwBadLoginException $e) { $sError = $this->g_("err_badlogin"); } catch (AnwDisplayNameAlreadyTakenException $e) { $sError = $this->g_("err_displaynamealreadytaken"); } catch (AnwBadDisplayNameException $e) { $sError = $this->g_("err_baddisplayname"); } catch (AnwEmailAlreadyTakenException $e) { $sError = $this->g_("err_emailalreadytaken"); } catch (AnwBadEmailException $e) { $sError = $this->g_("err_bademail"); } catch (AnwBadPasswordException $e) { $sError = $this->g_("err_badpassword"); } catch (AnwBadCaptchaException $e) { $sError = $this->g_("err_badcaptcha"); } $this->showChooseGrant($sLogin, $sDisplayName, $sEmail, "", $sError); }
private function doRename($sNewName, $sComment, $bUpdateLinks) { $nTime = time(); try { if (!AnwCurrentSession::isActionAllowed($sNewName, 'create', $this->getoPage()->getLang())) { throw new AnwAclException("permission create denied"); } $oPageTest = new AnwPageByName($sNewName); $oPageTest->setSkipLoadingContent(true); if ($oPageTest->exists()) { throw new AnwPageAlreadyExistsException(); } $sOldName = $this->getoPage()->getName(); //rename page $this->getoPage()->rename($sNewName, $bUpdateLinks); //unlock $this->unlockPageForEdition(); //redirect AnwUtils::redirect(AnwUtils::link($sNewName)); } catch (AnwBadPageNameException $e) { $sError = $this->g_("err_badpagename"); $this->renameForm($sNewName, $sComment, $sError); } catch (AnwBadCommentException $e) { $sError = $this->g_("err_badcomment"); $this->renameForm($sNewName, $sComment, $sError); } catch (AnwPageAlreadyExistsException $e) { $sError = $this->g_("err_pagealreadyexists"); $this->renameForm($sNewName, $sComment, $sError); } catch (AnwAclException $e) { $sError = $this->g_("err_nopermission"); $this->renameForm($sNewName, $sComment, $sError); } }
private function getOutput() { if (!AnwEnv::_GET("outputname") || !AnwEnv::_GET("outputlang")) { return self::ERR_BADCALL; } $sOutput = ""; try { //fake current page $_GET[AnwActionPage::GET_PAGENAME] = AnwEnv::_GET("outputcurrent"); $sPageName = AnwEnv::_GET("outputname"); if (substr($sPageName, 0, 1) == '/') { $sPageName = substr($sPageName, 1); } $sPageLang = AnwEnv::_GET("outputlang"); //additionnal permissions check if (!AnwCurrentSession::isActionAllowed($sPageName, 'output', $sPageLang)) { return self::ERR_ACLS; } //get page execution result $bAutoLoadTranslatedPage = true; $bUseCache = false; //TODO? $sCacheKey = ""; //"currentpage-".AnwActionPage::getCurrentPageName(); $sOutput = AnWiki::includePage($sPageName, $sPageLang, $bAutoLoadTranslatedPage, $bUseCache, $sCacheKey); } catch (AnwPageNotFoundException $e) { $sOutput = self::ERR_NOTFOUND; } catch (AnwAclException $e) { $sOutput = self::ERR_ACLS; } catch (AnwException $e) { $sOutput = self::ERR_UNKNOWN; } return $sOutput; }
protected function doPing($bAddInDirectory) { //here, url is passed in any case for verification purpose //but don't worry, it's stored on server side only when 'addindirectory' is true $sPingTarget = ANWIKI_WEBPING . 'newinstall?' . 'siteurl=' . urlencode(AnwComponent::globalCfgUrlRoot()) . '&sitelang=' . urlencode(AnwComponent::globalCfgLangDefault()) . '&lang=' . urlencode(AnwCurrentSession::getLang()) . '&addindirectory=' . ($bAddInDirectory ? '1' : '0') . '&versionid=' . urlencode(ANWIKI_VERSION_ID) . '&nocache=' . time(); $this->out .= $this->tpl()->doPing($sPingTarget, $this->linkMe() . '&pingdone=1'); }
protected function pagenotfound() { if (AnwCurrentSession::isActionAllowed($this->getoPage()->getName(), 'create', -1)) { AnwPlugins::hook('action_view_pagenotfound_create', $this->getoPage()); AnwUtils::redirect(AnwUtils::link($this->getoPage(), "create")); } else { AnwPlugins::hook('action_view_pagenotfound_404', $this->getoPage()); $this->error404(); } }
static function time($nTimestamp = false, $nTimezone = false) { if ($nTimestamp === false) { $nTimestamp = time(); } if ($nTimezone === false) { $nTimezone = AnwCurrentSession::getTimezone(); } $nTimestamp += $nTimezone * 3600 - intval(date('Z')); return $nTimestamp; }
private function saveTranslation() { try { $asAvailableLangs = $this->getoPage()->getPageGroup()->getAvailableLangs(); //check permissions : translate foreach ($asAvailableLangs as $sLang) { if (AnwEnv::_POST($this->getChkName($sLang))) { $sTranslationName = AnwEnv::_POST($this->getInputName($sLang), ""); if (!AnwCurrentSession::isActionAllowed($sTranslationName, 'translate', $sLang)) { throw new AnwAclException("permission translate denied"); } } } $oPageTranslation = null; AnwStorage::transactionStart(); try { foreach ($asAvailableLangs as $sLang) { if (AnwEnv::_POST($this->getChkName($sLang))) { $sTranslationName = AnwEnv::_POST($this->getInputName($sLang), ""); //create translation $oPageTranslation = $this->getoPage()->createNewTranslation($sTranslationName, $sLang); } } AnwStorage::transactionCommit(); } catch (AnwException $e) { AnwStorage::transactionRollback(); throw $e; } if ($oPageTranslation) { // redirect to last created translation AnwUtils::redirect(AnwUtils::link($oPageTranslation)); } else { // no translation was created, show form again $this->showForm(); } } catch (AnwBadPageNameException $e) { $this->showForm($this->g_("err_badpagename")); } catch (AnwBadLangException $e) { $this->showForm($this->g_("err_badlang")); } catch (AnwPageAlreadyExistsException $e) { $this->showForm($this->g_("err_pagealreadyexists")); } catch (AnwAclException $e) { $this->showForm($this->g_("err_nopermission")); } catch (AnwLangExistsForPageGroupException $e) { $this->showForm($this->g_("err_langexistsforpagegroup")); } }
function run() { if (!self::globalCfgUsersRegisterEnabled()) { AnwUtils::redirect(); } $this->setTitle($this->t_('title')); $sError = false; $sLogin = ""; $sDisplayName = ""; $sEmail = ""; if (AnwEnv::_POST("submit")) { $sLogin = AnwEnv::_POST("login", ""); $sDisplayName = AnwEnv::_POST("displayname", ""); $sEmail = AnwEnv::_POST("email", ""); $sPassword = AnwEnv::_POST("password", ""); //try to register try { $this->checkCaptcha(); $sLang = AnwCurrentSession::getLang(); $nTimezone = AnwCurrentSession::getTimezone(); $oUser = AnwUsers::createUser($sLogin, $sDisplayName, $sEmail, $sLang, $nTimezone, $sPassword); AnwCurrentSession::login($sLogin, $sPassword, false); //open a public time-limited session $this->redirectInfo(false, $this->t_("t_created"), $this->t_("p_created")); } catch (AnwLoginAlreadyTakenException $e) { $sError = $this->g_("err_loginalreadytaken"); } catch (AnwBadLoginException $e) { $sError = $this->g_("err_badlogin"); } catch (AnwDisplayNameAlreadyTakenException $e) { $sError = $this->g_("err_displaynamealreadytaken"); } catch (AnwBadDisplayNameException $e) { $sError = $this->g_("err_baddisplayname"); } catch (AnwEmailAlreadyTakenException $e) { $sError = $this->g_("err_emailalreadytaken"); } catch (AnwBadEmailException $e) { $sError = $this->g_("err_bademail"); } catch (AnwBadPasswordException $e) { $sError = $this->g_("err_badpassword"); } catch (AnwBadCaptchaException $e) { $sError = $this->g_("err_badcaptcha"); } } //display register form $this->out .= $this->tpl()->registerForm(AnwUtils::alink("register"), $sLogin, $sDisplayName, $sEmail, $sError); }
static function includePage($sPageName, $sCurrentLang, $bAutoLoadTranslatedPage = true, $bUseCache = true, $sCacheKey = "") { //$oPage = new AnwPageByName($sPageName); $oPage = AnwStorage::getPageByName($sPageName, false, false, $sCurrentLang); //load translation if available if ($bAutoLoadTranslatedPage && $oPage->getLang() != $sCurrentLang) { $oPage = $oPage->getPageGroup()->getPreferedPage($sCurrentLang); } //check ACL if (!AnwCurrentSession::isActionAllowed($oPage->getName(), 'view', $oPage->getLang())) { throw new AnwAclException(); } $oOutputHtml = $oPage->toHtml($bUseCache, $sCacheKey); $sReturn = $oOutputHtml->runBody(); //$sContentHtmlDir = AnwComponent::g_("local_html_dir", array(), $oPage->getLang()); //$sReturn = '<div dir="'.$sContentHtmlDir.'">'.$sReturn.'</div>'; return $sReturn; }
private function doChangeLang($sLang, $sComment) { try { if (!AnwCurrentSession::isActionAllowed($this->getoPage()->getName(), 'create', $sLang)) { throw new AnwAclException("permission create denied"); } //change page lang $this->getoPage()->changeLang($sLang, $sComment); //unlock $this->unlockPageForEdition(); //redirect AnwUtils::redirect(AnwUtils::link($this->getoPage())); } catch (AnwBadLangException $e) { $sError = $this->g_("err_badlang"); $this->changeLangForm($sLang, $sComment, $sError); } catch (AnwBadCommentException $e) { $sError = $this->g_("err_badcomment"); $this->changeLangForm($sLang, $sComment, $sError); } catch (AnwLangExistsForPageGroupException $e) { $sError = $this->g_("err_langexistsforpagegroup"); $this->changeLangForm($sLang, $sComment, $sError); } }
private static function loadTranslationsFromFile($sFileName, $sLang, $sPrefix, $sTranslationName) { $lang = array(); //$lang is defined in the translation file AnwDebug::log("Loading translation file : " . $sFileName); (require_once $sFileName) or die("Unable to load language file : " . $sFileName); foreach ($lang as $sTranslationId => $sTranslationValue) { if ($sLang == AnwCurrentSession::getLang()) { //we store ANY translationid for session lang self::$translations[$sLang][$sPrefix][$sTranslationId] = $sTranslationValue; } else { //for other langs, we only store LOCAL translations if (self::isLocalTranslation($sTranslationId)) { self::$translations[$sLang][$sPrefix][$sTranslationId] = $sTranslationValue; } else { if (!isset(self::$translations[AnwCurrentSession::getLang()][$sPrefix][$sTranslationId])) { self::$translations[$sLang][$sPrefix][$sTranslationId] = $sTranslationValue; } } } } }
protected function checkCaptcha() { if (!AnwCurrentSession::testCaptcha()) { throw new AnwBadCaptchaException(); } }
private function exportData($aaExportPageGroups) { $oDoc = new DOMDocument("1.0", "UTF-8"); //put information as comment $sComment = ""; $sComment .= $this->t_("xmlcomment_info") . "\n"; $sComment .= ANWIKI_WEBSITE . "\n\n"; $sComment .= $this->t_("xmlcomment_time", array("time" => Anwi18n::dateTime(time()))) . "\n"; $sComment .= $this->t_("xmlcomment_version", array("version" => ANWIKI_VERSION_NAME)) . "\n"; $sComment .= $this->t_("xmlcomment_user", array("user" => AnwCurrentSession::getUser()->getLogin())) . "\n"; $sComment .= $this->t_("xmlcomment_from", array("url" => self::globalCfgUrlRoot())) . "\n\n"; $sComment .= $this->t_("xmlcomment_contents") . "\n"; //list exported contents as comment foreach ($aaExportPageGroups as $amPageGroup) { foreach ($amPageGroup['PAGES'] as $oPage) { $sPageTime = Anwi18n::dateTime($oPage->getTime()); $sComment .= ' * ' . $oPage->getName() . " (" . $oPage->getLang() . ") (" . $sPageTime . ")\n"; } } $sCommentSeparator = "\n**************************************************\n"; $sComment = " " . $sCommentSeparator . $sComment . $sCommentSeparator . " "; $oCommentNode = $oDoc->createComment($sComment); $oDoc->appendChild($oCommentNode); //end comment //<anwexport time="" origin=""> $oRootNode = $oDoc->createElement(self::XMLTAG_ROOT); $oRootNode->setAttribute("time", time()); $oRootNode->setAttribute("from", AnwXml::xmlFileAttributeEncode(self::globalCfgUrlRoot())); $oRootNode->setAttribute("version_id", ANWIKI_VERSION_ID); $oRootNode->setAttribute("version_name", AnwXml::xmlFileAttributeEncode(ANWIKI_VERSION_NAME)); $oDoc->appendChild($oRootNode); foreach ($aaExportPageGroups as $amPageGroup) { $oPageGroup = $amPageGroup['GROUP']; $sContentClassName = $oPageGroup->getContentClass()->getName(); //<anwpagegroup> $oPageGroupNode = $oDoc->createElement(self::XMLTAG_PAGEGROUP); $oPageGroupNode->setAttribute("contentclass", AnwXml::xmlFileAttributeEncode($sContentClassName)); foreach ($amPageGroup['PAGES'] as $oPage) { //add comment $sPageTime = Anwi18n::dateTime($oPage->getTime()); $sComment = $oPage->getName() . " (" . $oPage->getLang() . ") (" . $sPageTime . ") (" . $oPageGroup->getContentClass()->getLabel() . "/" . $sContentClassName . ")"; //$sComment = " \n*\n* ".$sComment."\n*\n "; $sCommentSeparator = "\n**************************************************\n"; $sComment = " \n\n" . $sCommentSeparator . $sComment . $sCommentSeparator . " "; $oCommentNode = $oDoc->createComment($sComment); $oPageGroupNode->appendChild($oCommentNode); //end comment //using a CDATA node to preserve source breaklines :-) //$sPageContent = $oPage->getContent()->toXml(); //$oPageContentNode = $oDoc->createCDATASection($sPageContent); $oContentNodeDoc = $oPage->getContent()->toXml()->documentElement; //here we got a <doc> node $oPageContentNodeDoc = $oDoc->importNode($oContentNodeDoc, true); //<anwpage name="" lang="" time=""> $oPageNode = $oDoc->createElement(self::XMLTAG_PAGE); $oPageNode->setAttribute("name", AnwXml::xmlFileAttributeEncode($oPage->getName())); $oPageNode->setAttribute("lang", AnwXml::xmlFileAttributeEncode($oPage->getLang())); $oPageNode->setAttribute("time", $oPage->getTime()); //we need to do this to squeeze the unwanted <doc> node in //WARNING - special loop ! childs are getting modified... while ($oChildNode = $oPageContentNodeDoc->childNodes->item(0)) { $oPageNode->appendChild($oChildNode); } $oPageGroupNode->appendChild($oPageNode); } $oRootNode->appendChild($oPageGroupNode); } $sReturn = AnwUtils::xmlDumpNode($oRootNode); // even if final XML structure may be broken due to undeclared namespaces used in content, // we let raw content as it is for better compatibility in later versions. // $sReturn = AnwXml::prepareXmlValueToXml($sReturn); return $sReturn; }
function run() { AnwCurrentSession::logout(); $sUrlRedirect = AnwEnv::_GET("redirect", false); $this->redirectInfo($sUrlRedirect, $this->t_("t_loggedout"), $this->t_("p_loggedout")); }
/** * Warning! This function may call overloaded functions by contentfields with tests consomming high cpu time * (such as connecting to a database for checking that valid user/pwd have been edited). * This function should be only called when it's really needed, and should never be called more than one time. * This function performs ALL possible tests for checking contentfields values validity. * * @param $oContentParent content for which fieldValues/subcontents will be set if the test is success */ final function testContentFieldValues($amFieldValuesOrSubContents, $oContentParent) { AnwUtils::checkFriendAccess(array("AnwStructuredContent", "AnwStructuredContentField")); //test multiplicity $this->testContentFieldMultiplicity($amFieldValuesOrSubContents); if ($this instanceof AnwStructuredContentField_atomic) { //test each value foreach ($amFieldValuesOrSubContents as $sFieldValue) { if (is_array($sFieldValue) || is_object($sFieldValue)) { throw new AnwUnexpectedException("testContentFieldValues on atomic: not a string"); } //here we don't return a simple 'AnwInvalidContentFieldValueException' to prevent unauthorized users to access PHP source //this will display a big ACL error page instead of edit form... if (AnwUtils::contentHasPhpCode($sFieldValue)) { AnwCurrentSession::getUser()->checkPhpEditionAllowed(); } //check JS permission if (AnwUtils::contentHasJsCode($sFieldValue) && !AnwCurrentSession::getUser()->isJsEditionAllowed()) { $sError = AnwComponent::g_editcontent("err_contentfield_acl_js"); throw new AnwInvalidContentFieldValueException($sError); } //specific tests for atomic fields $this->testContentFieldValueAtomic($sFieldValue); } //if no error, test all atomic values together $this->testAllContentFieldValuesAtomic($amFieldValuesOrSubContents); } else { //test each subcontents occurence foreach ($amFieldValuesOrSubContents as $oContent) { if (!$oContent instanceof AnwStructuredContent) { throw new AnwUnexpectedException("testContentFieldValues on composed: not a subcontent"); } //test subsubcontents $aoSubContentFields = $this->getContentFields(); foreach ($aoSubContentFields as $oSubContentField) { //recursive test $amSubValuesOrSubContents = null; $sSubContentFieldName = $oSubContentField->getName(); if ($oSubContentField instanceof AnwStructuredContentField_atomic) { $amSubValuesOrSubContents = $oContent->getContentFieldValues($sSubContentFieldName); } else { $amSubValuesOrSubContents = $oContent->getSubContents($sSubContentFieldName); } $oSubContentField->testContentFieldValues($amSubValuesOrSubContents, $oContent); } //specific tests for composed fields - at last $this->testContentFieldValueComposed($oContent); } //if no error, test all subcontents together $this->testAllContentFieldValuesComposed($amFieldValuesOrSubContents); } }
private function showFormRevert($oPageGroup, $aaRevertPlan, $nRevToChangeId) { $aoChanges = array(); $aoChangesUnfiltered = AnwStorage::getLastChanges(false, 0, null, null, null, null, $oPageGroup); foreach ($aoChangesUnfiltered as $oChange) { // only keep "revertable" changes if ($oChange->isRevertAvailable()) { $aoChanges[] = $oChange; } } $sHistoryPageGroupLink = false; if (AnwCurrentSession::isActionGlobalAllowed("lastchanges")) { $sHistoryPageGroupLink = AnwUtils::aLink("lastchanges", array("pagegroup" => $oPageGroup->getId())); } $this->out .= $this->tpl()->formRevert($this->linkMe(array("pagegroup" => $oPageGroup->getId())), $aoChanges, $nRevToChangeId, $sHistoryPageGroupLink); foreach ($aaRevertPlan['DELETE'] as $oPageForDelete) { $this->out .= $this->tpl()->simulateDelete($oPageForDelete->getLang(), $oPageForDelete->getName()); } foreach ($aaRevertPlan['REVERT'] as $aoRevertPages) { $oPageCurrent = $aoRevertPages[0]; $oPageForRevert = $aoRevertPages[1]; if ($oPageCurrent->isGlobalAndViewActionAllowed('diff')) { $sImgDiff = AnwUtils::xQuote(AnwUtils::pathImg("diff.gif")); $sAltDiff = AnwUtils::xQuote(self::g_("change_diff_link")); $sLnkDiff = AnwUtils::xQuote(AnwUtils::link($oPageCurrent, "diff", array("page" => $oPageCurrent->getId(), "revfrom" => $oPageCurrent->getChangeId(), "revto" => $oPageForRevert->getChangeId()))); $sLnkDiff = <<<EOF <a href="{$sLnkDiff}" title="{$sAltDiff}" target="_blank"><img src="{$sImgDiff}" alt="{$sAltDiff}"/></a> EOF; } else { $sLnkDiff = ''; } $this->out .= $this->tpl()->simulateRevert($oPageCurrent->getLang(), $oPageCurrent->getName(), $oPageForRevert, $sLnkDiff); } foreach ($aaRevertPlan['RESTORE'] as $oPageForRestore) { $this->out .= $this->tpl()->simulateCreate($oPageForRestore); } foreach ($aaRevertPlan['KEEP'] as $oPageForKeep) { $this->out .= $this->tpl()->simulateKeep($oPageForKeep->getLang(), $oPageForKeep->getName()); } $this->out .= $this->tpl()->end(); }
private function saveTranslations($sAddLang) { try { if (!Anwi18n::langExists($sAddLang)) { throw new AnwBadLangException(); } $this->out .= $this->tpl()->startProcess(); $bSomethingDone = false; $aoPageGroups = AnwStorage::getPageGroups(false, null, null); AnwStorage::transactionStart(); try { foreach ($aoPageGroups as $oPageGroup) { $aoPages = $oPageGroup->getPages(); $bChecked = AnwEnv::_POST($this->getChkName($oPageGroup)); if (!isset($aoPages[$sAddLang]) && $bChecked) { $sTranslationName = AnwEnv::_POST($this->getInputName($oPageGroup)); //check permissions : translate if (!AnwCurrentSession::isActionAllowed($sTranslationName, 'translate', $sAddLang)) { throw new AnwAclException("permission translate denied"); } //find PageRef $nPageRefId = (int) AnwEnv::_POST($this->getInputRef($oPageGroup)); $oPageRef = new AnwPageById($nPageRefId); if (isset($aoPages[$oPageRef->getLang()]) && $oPageRef->getId() == $aoPages[$oPageRef->getLang()]->getId()) { //create translation $oPageTranslation = $oPageRef->createNewTranslation($sTranslationName, $sAddLang); $this->out .= $this->tpl()->newTranslationCreated($sAddLang, $oPageTranslation->link()); $bSomethingDone = true; } } } AnwStorage::transactionCommit(); } catch (AnwException $e) { AnwStorage::transactionRollback(); throw $e; } $sUrlContinue = $this->linkMe(array("addlang" => $sAddLang)); if (!$bSomethingDone) { AnwUtils::redirect($sUrlContinue); } $this->out .= $this->tpl()->endProcess($sUrlContinue); } catch (AnwBadPageNameException $e) { $this->showForm($sAddLang, $this->g_("err_badpagename")); } catch (AnwBadLangException $e) { $this->showForm($sAddLang, $this->g_("err_badlang")); } catch (AnwPageAlreadyExistsException $e) { $this->showForm($sAddLang, $this->g_("err_pagealreadyexists")); } catch (AnwAclException $e) { $this->showForm($sAddLang, $this->g_("err_nopermission")); } catch (AnwLangExistsForPageGroupException $e) { $this->showForm($sAddLang, $this->g_("err_langexistsforpagegroup")); } }
private function saveSession($oSession, $bCreateSessionIfNotExists = false) { $sSessionId = $oSession->getId(); if ($oSession->isLoggedIn()) { //purge the old sessions from database (needed for the update/insert test) $this->purgeExpiredSessionsFromDatabase(); //try to update session in database (if it already exists) $sSessionIdentifier = AnwEnv::calculateSessionIdentifier(); $sSessionCode = self::generateSessionCode(); //a new code is generated (even if session already exists) to prevent session stealing $nSessionUser = $oSession->getUser()->getId(); $sSessionResume = $oSession->isResume() ? 1 : 0; $nSessionTimeSeen = time(); $asData = array("SessionIdentifier" => $this->db()->strtosql($sSessionIdentifier), "SessionCode" => $this->db()->strtosql($sSessionCode), "SessionUser" => $this->db()->inttosql($nSessionUser), "SessionResume" => $this->db()->strtosql($sSessionResume), "SessionTimeSeen" => $this->db()->inttosql($nSessionTimeSeen)); $this->db()->do_update($asData, "session", "WHERE SessionId=" . $this->db()->strtosql($sSessionId)); //otherwise, we may need to INSERT this new session or to kill it if ($this->db()->affected_rows() != 1) { if ($bCreateSessionIfNotExists) { //user is logging in, it's normal that the session doesn't exist in database. $asData["SessionId"] = $this->db()->strtosql($sSessionId); $asData["SessionTimeStart"] = $this->db()->inttosql(time()); $asData["SessionTimeAuth"] = $this->db()->inttosql(time()); $this->db()->do_insert($asData, "session"); } else { //here, the session is supposed to exist in database, but isn't found. //this can happend in the following situations: // - The session has expired (DurationIdle or DurationMax) // - An user was using a session, when someone tried to steal it. The session was killed for security reasons. // - An administrator has killed the session. // - The session has expired. //In both situations, the current session is no longer safe and must be closed. self::debug("WARNING: Session doesn't exist in database, but session creation is NOT expected. Logging out."); AnwCurrentSession::logout(); return; } } //remember current session in cookies $nCookieExpires = AnwSessions::isResumeEnabled() && $oSession->isResume() ? time() + $this->cfgResumeDelayMax() : 0; AnwEnv::putCookie(self::COOKIE_SESSION_ID, $sSessionId, $nCookieExpires); AnwEnv::putCookie(self::COOKIE_SESSION_CODE, $sSessionCode, $nCookieExpires); AnwEnv::putSession(self::SESSION_CODE, $sSessionCode); } else { //unset cookies AnwEnv::unsetCookie(self::COOKIE_SESSION_ID); AnwEnv::unsetCookie(self::COOKIE_SESSION_CODE); } }
function selectLang($langs = null, $selectedlang = null) { $HTML = ''; if (!$langs) { $langs = AnwComponent::globalCfgLangs(); } if (!$selectedlang) { $selectedlang = AnwCurrentSession::getLang(); } foreach ($langs as $lang) { $selected = $lang == $selectedlang ? ' selected="selected"' : ""; $sSrcFlag = Anwi18n::srcFlag($lang); $HTML .= "<option value=\"" . $this->xQuote($lang) . "\"{$selected} style=\"background-image:url('{$sSrcFlag}');\">{$this->g_('lang_' . $lang)}</option>"; } return $HTML; }
private static function loadCurrentSession() { AnwDebug::startbench("Current session load"); try { self::$oSession = AnwSessions::getCurrentSession(); //keepalive $nElapsedTimeSinceKeepalive = time() - self::getLastKeepAlive(); $nKeepAliveInterval = AnwComponent::globalCfgKeepaliveDelay(); AnwDebug::log('(AnwSessions) Time elapsed since last keepalive: ' . $nElapsedTimeSinceKeepalive . '/' . $nKeepAliveInterval . 's'); if ($nElapsedTimeSinceKeepalive > $nKeepAliveInterval) { AnwDebug::log('(AnwSessions) Running keepalive...'); $nTime = time(); self::resetLastKeepAlive(); //keepalive session AnwSessions::keepAlive(); //run hooks $oSessionUser = self::$oSession->getUser(); AnwPlugins::hook("session_keepalive_any", $oSessionUser); if (self::$oSession->isLoggedIn()) { AnwPlugins::hook("session_keepalive_loggedin", $oSessionUser); } else { AnwPlugins::hook("session_keepalive_loggedout", $oSessionUser); } } } catch (AnwUserNotFoundException $e) { //current user doesn't exist anymore self::$oSession = new AnwSession(); self::logout(); } AnwDebug::stopbench("Current session load"); }
function run() { try { $nPageId = (int) AnwEnv::_GET("page"); if ($nPageId <= 0) { throw new AnwBadCallException(); } //find TO revision $nRevToChangeId = (int) AnwEnv::_GET("revto"); if ($nRevToChangeId <= 0) { throw new AnwBadCallException(); } else { $oPageRevTo = AnwPage::getPageByChangeId($nPageId, $nRevToChangeId); } //find FROM revision $nRevFromChangeId = (int) AnwEnv::_GET("revfrom"); if ($nRevFromChangeId <= 0) { try { $oPageRevFrom = $oPageRevTo->getPreviousArchive(); } catch (AnwArchiveNotFoundException $e) { //if TO revision is already the last... $oPageRevFrom = $oPageRevTo; } } else { $oPageRevFrom = AnwPage::getPageByChangeId($nPageId, $nRevFromChangeId); } if (!$oPageRevTo) { throw new AnwBadCallException("page revision TO not found :" . $nRevToChangeId); } if (!$oPageRevTo->getContent() instanceof AnwContentPage) { throw new AnwUnexpectedException("error getcontent for page revision TO :" . $nRevToChangeId); } if (!$oPageRevFrom) { throw new AnwBadCallException("page revision FROM not found :" . $nRevFromChangeId); } if (!$oPageRevFrom->getContent() instanceof AnwContentPage) { throw new AnwUnexpectedException("error getcontent for page revision FROM :" . $nRevFromChangeId); } // check permissions $oPageRevFrom->checkGlobalAndViewActionAllowed($this->getName()); $oPageRevTo->checkGlobalAndViewActionAllowed($this->getName()); $oContentXmlFrom = $oPageRevFrom->getContent()->toXml(); $oContentXmlTo = $oPageRevTo->getContent()->toXml(); } catch (AnwBadPageNameException $e) { $this->error($this->g_("err_badcall")); } catch (AnwBadCallException $e) { $this->error($this->g_("err_badcall")); } catch (AnwPageNotFoundException $e) { $this->error($this->g_("err_badcall")); } catch (AnwArchiveNotFoundException $e) { $this->error($this->g_("err_badcall")); } $this->setTitle($this->t_("title", array("pagename" => $oPageRevTo->getName()))); $oDiffs = new AnwDiffs($oContentXmlFrom, $oContentXmlTo); if (!AnwCurrentSession::getUser()->isPhpEditionAllowed()) { $oDiffs->hidePhpCode(); } else { $oDiffs->showPhpCode(); } $this->out .= $this->tpl()->beforeDiffs($this->linkMe(), $oPageRevFrom, $oPageRevTo, $oPageRevTo->getActivePage()); if ($oPageRevFrom->getChangeId() == $oPageRevTo->getChangeId()) { $this->out .= $this->tpl()->drawNotice($this->t_("notice_same")); } if ($oPageRevFrom->getChangeId() > $oPageRevTo->getChangeId()) { $this->out .= $this->tpl()->drawNotice($this->t_("notice_reverse")); } $this->renderDiffs($oDiffs); }
private function checkPermissions($sPageName, $sPageLang, $sPageContent) { $asNotices = array(); //check that page don't exist if (!AnwPage::isAvailablePageName($sPageName)) { $asNotices[] = $this->t_("notice_exists"); } //check PHP permission if (AnwUtils::contentHasPhpCode($sPageContent) && !AnwCurrentSession::getUser()->isPhpEditionAllowed()) { $asNotices[] = $this->t_("notice_php"); } //check JS permission if (AnwUtils::contentHasJsCode($sPageContent) && !AnwCurrentSession::getUser()->isJsEditionAllowed()) { $asNotices[] = $this->t_("notice_js"); } //check ACL permission : create and edit if (!AnwCurrentSession::isActionAllowed($sPageName, "create", $sPageLang) || !AnwCurrentSession::isActionAllowed($sPageName, "edit", $sPageLang)) { $asNotices[] = $this->t_("notice_acl"); } return $asNotices; }
function writeSettingsOverride() { //just to be sure, we check again content validity just before writing it $this->checkContentValidity(); $sConfigDefaultFile = "none"; try { $sConfigDefaultFile = $this->getComponent()->getConfigurableFileDefault(); } catch (AnwFileNotFoundException $e) { } //no default config $cfg = $this->toOverrideCfgArray(); $sPhpCode = '<?php ' . "\n"; $sPhpCode .= ' /**' . "\n"; $sPhpCode .= ' * Anwiki override file.' . "\n"; $sPhpCode .= ' * This file can be edited directly from file system, or from Anwiki web interface.' . "\n"; $sPhpCode .= ' * ' . "\n"; $sPhpCode .= ' * Overridden file: ' . $sConfigDefaultFile . "\n"; $sPhpCode .= ' * Generated on: ' . Anwi18n::datetime(time()) . "\n"; $sPhpCode .= ' * By: ' . AnwCurrentSession::getUser()->getLogin() . "\n"; $sPhpCode .= ' * Using version: ' . ANWIKI_VERSION_NAME . ' (' . ANWIKI_VERSION_ID . ')' . "\n"; $sPhpCode .= ' */' . "\n"; $sPhpCode .= "\n"; $sPhpCode .= '$cfg = ' . AnwUtils::arrayToPhp($cfg) . "\n"; $sPhpCode .= '?>'; $sFileOverride = $this->getComponent()->getConfigurableFileOverride(); AnwUtils::file_put_contents($sFileOverride, $sPhpCode, LOCK_EX); // clear component's cache for configurableContent $this->getComponent()->___notifyConfigurableContentChanged(); }
protected function unlockPageForEdition() { AnwStorage::unlockPage($this->getoPage(), AnwCurrentSession::getSession()); }
protected function checkActionAllowed() { if (!AnwCurrentSession::isActionGlobalAllowed($this->getName())) { throw new AnwAclException("You are not allowed to execute this action"); } }
private function updateSettings() { //update prefs $asErrorsPrefs = array(); try { $sLang = AnwEnv::_POST("lang", ""); AnwCurrentSession::setLang($sLang); $nTimezone = AnwEnv::_POST("timezone", 0); AnwCurrentSession::setTimezone($nTimezone); } catch (AnwBadLangException $e) { $asErrorsPrefs[] = $this->g_("err_badlang"); } catch (AnwBadTimezoneException $e) { $asErrorsPrefs[] = $this->g_("err_badtimezone"); } catch (AnwException $e) { $asErrorsPrefs[] = $this->g_("err_unkn"); } $asErrorsAccount = array(); if (AnwCurrentSession::isLoggedIn() && AnwUsers::isDriverInternal()) { //update account try { //displayname change requested ? if (self::globalCfgUsersChangeDisplayname()) { $sDisplayname = AnwEnv::_POST("displayname", ""); if (AnwCurrentSession::getUser()->getDisplayName() != $sDisplayname) { AnwCurrentSession::getUser()->changeDisplayName($sDisplayname); } } //email change requested ? $sEmail = AnwEnv::_POST("email", ""); if (AnwCurrentSession::getUser()->getEmail() != $sEmail) { AnwCurrentSession::getUser()->changeEmail($sEmail); } //password change requested ? $sNewPassword = AnwEnv::_POST("newpassword"); $sNewPasswordRepeat = AnwEnv::_POST("newpassword_repeat"); $sCurrentPassword = AnwEnv::_POST("currentpassword", ""); if ($sNewPassword) { if ($sNewPassword == $sNewPasswordRepeat) { try { //authenticate with current password AnwCurrentSession::getUser()->authenticate($sCurrentPassword); //authentication ok, change the password try { AnwCurrentSession::getUser()->changePassword($sNewPassword); } catch (AnwBadPasswordException $e) { $asErrorsAccount[] = $this->t_("err_badnewpassword"); } } catch (AnwBadPasswordException $e) { $asErrorsAccount[] = $this->g_("err_incorrectpassword"); } catch (AnwAuthException $e) { $asErrorsAccount[] = $this->g_("err_incorrectpassword"); } } else { $asErrorsAccount[] = $this->g_("err_passwordsmatch"); } } } catch (AnwDisplayNameAlreadyTakenException $e) { $asErrorsAccount[] = $this->g_("err_displaynamealreadytaken"); } catch (AnwBadDisplayNameException $e) { $asErrorsAccount[] = $this->g_("err_baddisplayname"); } catch (AnwEmailAlreadyTakenException $e) { $asErrorsAccount[] = $this->g_("err_emailalreadytaken"); } catch (AnwBadEmailException $e) { $asErrorsAccount[] = $this->g_("err_bademail"); } catch (AnwException $e) { $asErrorsAccount[] = $this->g_("err_unkn"); } } if (count($asErrorsPrefs) > 0 || count($asErrorsAccount) > 0) { $this->formSettings(false, $asErrorsPrefs, $asErrorsAccount); } else { AnwUtils::redirect($this->linkMe(array("done" => 1))); } }
function showHtml($aoChanges, $amAllChangeTypes, $amDisplayChangeTypes, $asAllLangs, $asDisplayLangs, $asAllClasses, $asDisplayClasses, $nStartPrev, $nStartNext, $sTitle, $bGrouped, $oPage, $oPageGroup) { $this->out .= $this->tpl()->lastchangesHeader($sTitle); $sUrl = AnwEnv::_SERVER('REQUEST_URI'); $sUrl = preg_replace("/&s=([0-9]*)/", "", $sUrl); //rss link $sRssLink = $sUrl; $sRssLink .= '&feed=rss2'; //without start $this->head($this->tpl()->headRss($sRssLink)); $this->out .= $this->tpl()->filterBefore($this->linkMe()); $nPageId = $oPage ? $oPage->getId() : null; $nPageGroupId = $oPageGroup ? $oPageGroup->getId() : null; $bShowHistoryColumn = $oPage ? false : true; //disable filters if a page is selected if (!$nPageId) { //filter lang $this->out .= $this->tpl()->filterLangs($asAllLangs, $asDisplayLangs); } if (!$nPageId && !$nPageGroupId) { //filter contentclass $this->out .= $this->tpl()->filterClass($asAllClasses, $asDisplayClasses); } //filter changes types $this->out .= $this->tpl()->filterChangeTypes($amAllChangeTypes, $amDisplayChangeTypes); //display mode $sHistoryPageGroupLink = false; if ($oPage && AnwCurrentSession::isActionGlobalAllowed($this->getName())) { $sHistoryPageGroupLink = AnwEnv::_SERVER('REQUEST_URI'); $sHistoryPageGroupLink = preg_replace("\$&page=([0-9]*)\$", "", $sHistoryPageGroupLink); $sHistoryPageGroupLink = preg_replace("\$&pagegroup=([0-9]*)\$", "", $sHistoryPageGroupLink); $sHistoryPageGroupLink .= '&pagegroup=' . $oPage->getPageGroup()->getId(); } $this->out .= $this->tpl()->filterAfter($bGrouped, $nPageId, $nPageGroupId, $sRssLink, $sHistoryPageGroupLink); //nav $sLatestLink = ""; $sPrevLink = ""; if ($nStartPrev >= 0) { $sPrevLink = $sUrl . '&s=' . $nStartPrev; if ($nStartPrev > 0) { $sLatestLink = $sUrl . '&s=0'; } } $sNextLink = $sUrl . '&s=' . $nStartNext; $this->out .= $this->tpl()->nav($sLatestLink, $sPrevLink, $sNextLink, $bShowHistoryColumn); foreach ($aoChanges as $i => $oChange) { $sType = AnwChange::changeTypei18n($oChange->getType()); //links $sLnkPage = '<span class="pageid">#' . $oChange->getPageId() . '</span>'; $sLnkDiff = '-'; if ($oChange->activePageExists()) { $sLnkPage = $oChange->getActivePage()->link(); //active link, if it exists } //diffs link if ($oChange->isGlobalAndViewActionAllowed('diff')) { if ($oChange->isDiffAvailable()) { $sImgDiff = AnwUtils::xQuote(AnwUtils::pathImg("diff.gif")); $sAltDiff = AnwUtils::xQuote(self::g_("change_diff_link")); $sLnkDiff = AnwUtils::xQuote(AnwUtils::alink("diff", array("page" => $oChange->getPageId(), "revto" => $oChange->getChangeId()))); $sLnkDiff = <<<EOF <a href="{$sLnkDiff}" title="{$sAltDiff}"><img src="{$sImgDiff}" alt="{$sAltDiff}"/></a> EOF; } } //history link $sLnkHistory = false; if ($bShowHistoryColumn) { $sLnkHistory = " - "; if ($oChange->isActionAllowed('history')) { $sImgHistory = AnwUtils::xQuote(AnwUtils::pathImg("history.gif")); $sAltHistory = AnwUtils::xQuote($this->t_("change_history_link")); $sLnkHistory = AnwUtils::xQuote(AnwUtils::alink("lastchanges", array("page" => $oChange->getPageId()))); $sLnkHistory = <<<EOF <a href="{$sLnkHistory}" title="{$sAltHistory}"><img src="{$sImgHistory}" alt="{$sAltHistory}"/></a> EOF; } } //revert link $sLnkRevert = " - "; if ($oChange->isGlobalAndViewActionAllowed('revert')) { if ($oChange->isRevertAvailable()) { $sImgRevert = AnwUtils::xQuote(AnwUtils::pathImg("revert.gif")); $sAltRevert = AnwUtils::xQuote(self::t_("change_revert_link")); $sLnkRevert = AnwUtils::xQuote(AnwUtils::alink("revert", array("page" => $oChange->getPageId(), "revto" => $oChange->getChangeId()))); //we pass pageid instead of pagegroupid for better performances... $sLnkRevert = <<<EOF <a href="{$sLnkRevert}" title="{$sAltRevert}"><img src="{$sImgRevert}" alt="{$sAltRevert}"/></a> EOF; } } //output $this->out .= $this->tpl()->lastchangesLine(Anwi18n::dateTime($oChange->getTime()), $sType, $oChange->getComment(), $oChange->getInfo(), $oChange->getUser()->getDisplayName(), $sLnkPage, $sLnkDiff, $sLnkHistory, $sLnkRevert, $oChange->getPageName(), $oChange->getPageLang()); } $this->out .= $this->tpl()->lastchangesFooter(); }
function needsCaptcha() { return AnwCurrentSession::isLoggedIn() ? false : true; }
private function createPageProcess($sLang, $sContentClass) { $sPageName = $this->getPageName(); if (!AnwCurrentSession::isActionAllowed($sPageName, 'create', $sLang)) { throw new AnwAclException("permission create denied"); } $oContentClass = AnwContentClasses::getContentClass($sContentClass); AnwStorage::transactionStart(); try { //create page $oPage = AnwPage::createNewPage($oContentClass, $sPageName, $sLang); //should we create translations for this new page? $asAvailableLangs = $oPage->getPageGroup()->getAvailableLangs(); //check permissions : translate foreach ($asAvailableLangs as $sLang) { if (AnwEnv::_POST($this->getChkName($sLang))) { $sTranslationName = AnwEnv::_POST($this->getInputName($sLang), ""); if (!AnwCurrentSession::isActionAllowed($sTranslationName, 'translate', $sLang)) { throw new AnwAclException("permission translate denied"); } } } foreach ($asAvailableLangs as $sLang) { if (AnwEnv::_POST($this->getChkName($sLang))) { $sTranslationName = AnwEnv::_POST($this->getInputName($sLang), ""); //create translation $oPageTranslation = $oPage->createNewTranslation($sTranslationName, $sLang); } } AnwStorage::transactionCommit(); } catch (AnwException $e) { AnwStorage::transactionRollback(); throw $e; } AnwUtils::redirect(AnwUtils::link($oPage, "edit")); }