/**
* When visiting any page on the site, check if the user is already logged in,
* or they are visiting a page that is allowed when logged out. Otherwise,
* redirect to the login page. If visiting the login page, check the browser
* supports cookies.
*/
public function check()
{
$uri = new URI();
// Skip check when accessing the data services, as it is redundant but would slow the services down.
// Also no need to login when running the scheduled tasks.
if ($uri->segment(1) == 'services' || $uri->segment(1) == 'scheduled_tasks') {
return;
}
// check for setup request
//
if ($uri->segment(1) == 'setup_check') {
// get kohana paths
//
$ipaths = Kohana::include_paths();
// check if indicia_setup module folder exists
//
clearstatcache();
foreach ($ipaths as $path) {
if (preg_match("/indicia_setup/", $path) && file_exists($path)) {
return;
}
}
}
// Always logged in
$auth = new Auth();
if (!$auth->logged_in() and !$auth->auto_login() and $uri->segment(1) != 'login' and $uri->segment(1) != 'logout' and $uri->segment(1) != 'new_password' and $uri->segment(1) != 'forgotten_password') {
$_SESSION['requested_page'] = $uri->string();
url::redirect('login');
} else {
if ($auth->logged_in() and is_null($_SESSION['auth_user']->password) and $uri->segment(1) != 'new_password' and $uri->segment(1) != 'logout' and $uri->segment(1) != 'setup_check') {
$_SESSION['requested_page'] = $uri->string();
url::redirect('new_password');
}
}
}
/**
* Custom validation for this model - complements the default validate()
*
* @param array array to validate
* @param Auth instance of Auth class; used for testing purposes
* @return bool TRUE if validation succeeds, FALSE otherwise
*/
public static function custom_validate(array &$post, Auth $auth = null)
{
// Initalize validation
$post = Validation::factory($post)->pre_filter('trim', TRUE);
if ($auth === null) {
$auth = new Auth();
}
$post->add_rules('username', 'required', 'length[3,100]', 'alpha_numeric');
$post->add_rules('name', 'required', 'length[3,100]');
$post->add_rules('email', 'required', 'email', 'length[4,64]');
// If user id is not specified, check if the username already exists
if (empty($post->user_id)) {
$post->add_callbacks('username', array('User_Model', 'unique_value_exists'));
$post->add_callbacks('email', array('User_Model', 'unique_value_exists'));
}
// Only check for the password if the user id has been specified
if (empty($post->user_id)) {
$post->add_rules('password', 'required', 'length[5,50]', 'alpha_numeric');
}
// If Password field is not blank
if (!empty($post->password) or empty($post->password) and !empty($post->password_again)) {
$post->add_rules('password', 'required', 'length[5,50]', 'alpha_numeric', 'matches[password_again]');
}
$post->add_rules('role', 'required', 'length[3,30]', 'alpha_numeric');
$post->add_rules('notify', 'between[0,1]');
if (!$auth->logged_in('superadmin')) {
$post->add_callbacks('role', array('User_Model', 'prevent_superadmin_modification'));
}
// Additional validation checks
Event::run('ushahidi_action.user_submit_admin', $post);
// Return
return $post->validate();
}
public function __construct()
{
parent::__construct();
$this->template->links = array('Home' => 'home', 'Browse' => 'folders', 'Search' => 'search', 'About' => 'about', 'Contact' => 'contact');
$this->db = Database::instance();
// makes database object available to all controllers
$this->session = Session::instance();
$authentic = new Auth();
if ($authentic->logged_in() || $authentic->auto_login()) {
$this->user = $authentic->get_user();
} else {
$this->session->set("requested_url", "/" . url::current());
// this will redirect from the login page back to this page
url::redirect('/auth/login');
}
// if ($authentic->auto_login()) {
// $this->user = $authentic->get_user();
// url::redirect('/document/view/1');
// }
// if (!$authentic->logged_in()) {
//
// $this->session->set("requested_url","/".url::current()); // this will redirect from the login page back to this page
// url::redirect('/auth/login');
// } else {
// $this->user = $authentic->get_user(); //now you have access to user information stored in the database
// }
}
public function action_login()
{
if ($this->_auth->logged_in()) {
$this->_message = __("Already logged in");
return;
}
$data = json_decode($this->request->body(), true);
$username = $data['username'];
$password = $data['password'];
$remember = Arr::get($data, 'remember', FALSE);
if (!$this->_auth->login($username, $password, $remember)) {
$this->_message = __("Username or password is wrong.");
return;
}
$this->_message = __("Login succeeded");
$this->_user = $this->_auth->get_user();
$this->_user->reload();
}
private function _redirectIfLoggedIn(Auth $authentic)
{
// See if the user is already logged in
if ($authentic->logged_in()) {
$this->user = $authentic->get_user();
// Load the user's info into the current class, in case it's needed
$this->_redirectPriorPage();
}
}
public function __construct()
{
parent::__construct();
$this->session = Session::instance();
$authentic = new Auth();
if (!$authentic->logged_in('admin')) {
// redirect from the login page back to this page
$this->session->set("requested_url", "/" . url::current());
url::redirect('/auth/login/');
} else {
//now you have access to user information stored in the database
$this->user = $authentic->get_user();
}
$this->template->title = $this->template->document_title = 'Site Admin';
}
public function __construct()
{
parent::__construct();
$this->session = Session::instance();
$this->cache = Cache::instance();
$authentic = new Auth();
if (!$authentic->logged_in()) {
$this->session->set("requested_url", "/" . url::current());
// this will redirect from the login page back to this page/
url::redirect('/auth');
} else {
$this->user = $authentic->get_user();
//now you have access to user information stored in the database
}
}
/**
* Osztály tulajdonságainak beállítása
*
*/
private static function set_attributes()
{
$registry = Registry::get_instance();
if ($registry->area == 'site') {
self::$expire_time = Config::get('session.expire_time_site', 3600);
self::$element_name = 'user_site_last_activity';
self::$logged_in = 'user_site_logged_in';
self::$target_url = '';
}
if ($registry->area == 'admin') {
self::$expire_time = Config::get('session.expire_time_admin', 3600);
self::$element_name = 'user_last_activity';
self::$logged_in = 'user_logged_in';
self::$target_url = 'login';
}
self::$site_url = $registry->site_url;
}
public function browse($parent_id = 0)
{
// foreach ($this->user->roles as $role) {
// echo Kohana::debug("kuken");
// }
# echo Kohana::debug($this->user->roles->as_array());
$folder = ORM::factory("Folder", $parent_id);
$this->template->title = "Browsing folder " . $folder->name;
$this->template->content = new View('pages/browse');
$this->template->content->folders = $folder->children;
$this->template->content->documents = $folder->documents;
$authentic = new Auth();
if ($authentic->logged_in('login')) {
$this->template->content->admin = array();
$this->template->content->admin[] = 'hej';
}
// echo Kohana::debug(ORM::factory("Folder", $parent_id)->children->as_array());
// echo Kohana::debug(ORM::factory("Folder", 3)->parent->name);
}
/**
* Méthode : récuperer les informations utilisateur
*/
public function __construct()
{
parent::__construct();
if (!request::is_ajax()) {
cookie::set('urlAdminUrl', url::current());
}
$authentic = new Auth();
if ($authentic->logged_in()) {
$this->user = $authentic->get_user();
$this->role->name = $this->user->roles->select_list('id', 'name');
$this->role->description = $this->user->roles->select_list('id', 'description');
if (Kohana::config('game.debug') && !in_array('admin', $this->role->name)) {
$authentic = Auth::instance();
if ($authentic->logged_in()) {
$authentic->logout(TRUE);
}
return url::redirect('auth?msg=' . urlencode(Kohana::lang('form.maintenance')));
} elseif (!in_array('login', $this->role->name)) {
return url::redirect('auth');
}
}
}
/**
* If debugging is enabled, append profiler stats for non-production environments.
*
* @return void
*/
public function after()
{
if ($this->auto_render && $this->bare == FALSE) {
// Controller name as the default page id if none set
empty($this->_page_id) and $this->_page_id = $this->request->controller();
// Load left and right sidebars if available
$this->_set_sidebars();
// Set appropriate column css class
$this->_set_column_class();
// Do some CSS magic to page class
$classes = array(I18n::$lang, $this->request->controller(), $this->request->action(), $this->request->controller() . '-' . $this->request->action(), $this->template->column_class, $this->_page_class, $this->_auth->logged_in() ? 'logged-in' : 'not-logged-in');
// Special check for frontpage and frontpage title
if ($this->is_frontpage()) {
// Set front variable true for themers
$this->template->front = TRUE;
// Don't show title on homepage
$this->template->title = FALSE;
// Don't show title on homepage
$this->title = FALSE;
$this->template->mission = __($this->_config->get('site_mission', ''));
}
View::set_global(array('is_front' => $this->template->front, 'is_admin' => $this->template->_admin));
$classes[] = $this->template->_admin ? 'backend' : 'frontend';
$classes[] = $this->template->front ? 'front' : 'not-front';
$page_class = implode(' ', array_unique(array_map('trim', $classes)));
// Construct Head Section Page title
$this->_set_head_title();
// Allow module and theme developers to override
Module::event('template', $this);
// Set primary menu
$primary_menu = Menu::links('main-menu', array('class' => 'menus nav navbar-nav'));
// Bind the generic page variables
$this->template->set('lang', I18n::$lang)->set('page_id', $this->_page_id)->set('page_class', $page_class)->set('primary_menu', $primary_menu)->set('title', $this->title)->set('subtitle', $this->subtitle)->set('icon', $this->icon)->set('schemaType', $this->schemaType)->set('mission', $this->template->mission)->set('content', $this->response->body())->set('messages', Message::display())->set('profiler', FALSE);
if (count($this->_tabs) > 0) {
$this->template->tabs = View::factory('tabs')->set('tabs', $this->_tabs);
}
if (count($this->_subtabs) > 0) {
$this->template->subtabs = View::factory('tabs')->set('tabs', $this->_subtabs);
}
if (count($this->_actions) > 0) {
$this->template->actions = View::factory('actions')->set('actions', $this->_actions);
}
// And profiler if debug is true
if (Kohana::$environment !== Kohana::PRODUCTION and $this->debug) {
$this->template->profiler = View::factory('profiler/stats');
}
// And finally the profiler stats
$this->_set_profiler_stats();
// Assign the template as the request response and render it
$this->response->body($this->template);
} elseif ($this->_ajax && $this->bare == FALSE) {
$output = $this->response->body();
$this->process_ajax();
if ($this->_response_format === 'application/json') {
// Check for dataTables request
if ($this->request->query('draw') !== NULL) {
return;
}
$output = $this->_json['Data'];
}
$this->response->body($output);
} elseif ($this->_internal && $this->bare == FALSE) {
$output = $this->response->body();
$this->response->body($output);
}
if ($this->bare == FALSE) {
if (isset($this->_benchmark)) {
// Stop the benchmark
Profiler::stop($this->_benchmark);
}
// Set header content-type to response format with utf-8
$this->response->headers('Content-Type', $this->_response_format . '; charset=' . Kohana::$charset);
}
parent::after();
}
protected function require_login()
{
if ($this->auth->logged_in() == 0) {
throw new Kadmium_Exception_NoPermission();
}
}
/**
* Before a request is accepted, this method ensures that the POST data contains the
* correct digest token so we know the request was from the website.
*
* @param string $mode Whether the authentication token is required to have read or write access.
* Possible values are 'read' and 'write'. Defaults to 'write'.
*/
protected function authenticate($mode = 'write')
{
// Read calls are done using get values, so we merge the two arrays
$array = array_merge($_POST, $_GET);
$authentic = FALSE;
// default
if (array_key_exists('nonce', $array) && array_key_exists('auth_token', $array)) {
$nonce = $array['nonce'];
$this->cache = new Cache();
// get all cache entries that match this nonce
$paths = $this->cache->exists($nonce);
foreach ($paths as $path) {
// Find the parts of each file name, which is the cache entry ID, then the mode.
$tokens = explode('~', basename($path));
// check this cached nonce is for the correct read or write operation.
if ($mode == $tokens[1]) {
$id = $this->cache->get($tokens[0]);
if ($id > 0) {
// normal state, the ID is positive, which means we are authenticating a remote website
$website = ORM::factory('website', $id);
if ($website->id) {
$password = $website->password;
}
} else {
$password = kohana::config('indicia.private_key');
}
// calculate the auth token from the nonce and the password. Does it match the request's auth token?
if (isset($password) && sha1("{$nonce}:{$password}") == $array['auth_token']) {
Kohana::log('info', "Authentication successful.");
// cache website_password for subsequent use by controllers
$this->website_password = $password;
$authentic = true;
}
if ($authentic) {
if ($id > 0) {
$this->website_id = $id;
if (isset($_REQUEST['user_id']) && $_REQUEST['user_id']) {
$this->user_id = $_REQUEST['user_id'];
// if the request included a user ID, put it in the global var so all ORM saves can use it
global $remoteUserId;
$remoteUserId = $this->user_id;
}
} else {
$this->in_warehouse = true;
$this->website_id = 0;
// the Warehouse
$this->user_id = 0 - $id;
// user id was passed as a negative number to differentiate from a website id
// get a list of the websites this user can see
$user = ORM::Factory('user', $this->user_id);
$this->user_is_core_admin = $user->core_role_id === 1;
if (!$this->user_is_core_admin) {
$this->user_websites = array();
$userWebsites = ORM::Factory('users_website')->where(array('user_id' => $this->user_id, 'site_role_id is not' => null, 'banned' => 'f'))->find_all();
foreach ($userWebsites as $userWebsite) {
$this->user_websites[] = $userWebsite->website_id;
}
}
}
// reset the nonce if requested. Doing it here will mean only gets reset if not already timed out.
if (array_key_exists('reset_timeout', $array) && $array['reset_timeout'] == 'true') {
Kohana::log('info', "Nonce timeout reset.");
$this->cache->set($nonce, $id, $mode);
}
}
}
}
} else {
$auth = new Auth();
$authentic = $auth->logged_in() || $auth->auto_login();
$this->in_warehouse = $authentic;
$this->user_is_core_admin = $auth->logged_in('CoreAdmin');
}
if (!$authentic) {
Kohana::log('info', "Unable to authenticate.");
throw new AuthenticationError("unauthorised", 1);
}
}
/**
* Is the player logged in?
*
* @return boolean
*/
public function logged_in()
{
return $this->_auth->logged_in();
}
public static function require_user()
{
if (Auth::logged_in() == false) {
die(include_once $_SERVER['DOCUMENT_ROOT'] . '/xtracks-access-denied.php');
}
}
public static function current_user()
{
$user = Auth::logged_in();
//$user = new User(2);
if ($user) {
$_SESSION['current_user'] = $user;
//todo: is this a good idea?
return $user;
} else {
return false;
}
}
public function __construct()
{
parent::__construct();
// Load cache
$this->cache = new Cache();
// Load session
$this->session = new Session();
// Load database
$this->db = new Database();
$this->session = Session::instance();
$this->auth = Auth::instance();
// Themes Helper
$this->themes = new Themes();
$this->themes->admin = TRUE;
// Admin is not logged in, or this is a member (not admin)
if (!$this->auth->logged_in('login')) {
url::redirect('login');
}
// Check if user has the right to see the admin panel
if (!$this->auth->admin_access()) {
// This user isn't allowed in the admin panel
url::redirect('/');
}
// Get the authenticated user
$this->user = $this->auth->get_user();
// Set Table Prefix
$this->table_prefix = Kohana::config('database.default.table_prefix');
// Get the no. of items to display setting
$this->items_per_page = (int) Kohana::config('settings.items_per_page_admin');
$this->template->admin_name = $this->user->name;
// Retrieve Default Settings
$this->template->site_name = Kohana::config('settings.site_name');
$this->template->mapstraction = Kohana::config('settings.mapstraction');
$this->themes->api_url = Kohana::config('settings.api_url');
// Javascript Header
$this->themes->map_enabled = FALSE;
$this->themes->datepicker_enabled = FALSE;
$this->themes->flot_enabled = FALSE;
$this->themes->treeview_enabled = FALSE;
$this->themes->protochart_enabled = FALSE;
$this->themes->colorpicker_enabled = FALSE;
$this->themes->editor_enabled = FALSE;
$this->themes->tablerowsort_enabled = FALSE;
$this->themes->json2_enabled = FALSE;
$this->themes->hovertip_enabled = TRUE;
$this->themes->slider_enabled = TRUE;
$this->themes->js = '';
$this->template->form_error = FALSE;
// Initialize some variables for raphael impact charts
$this->themes->raphael_enabled = FALSE;
$this->themes->impact_json = '';
// Generate main tab navigation list.
$this->template->main_tabs = admin::main_tabs();
// Generate sub navigation list (in default layout, sits on right side).
$this->template->main_right_tabs = admin::main_right_tabs($this->user);
$this->template->this_page = "";
// Header Nav
$header_nav = new View('header_nav');
$this->template->header_nav = $header_nav;
$this->template->header_nav->loggedin_user = $this->user;
$this->template->header_nav->loggedin_role = $this->user->dashboard();
$this->template->header_nav->site_name = Kohana::config('settings.site_name');
// Language switcher
$this->template->languages = $this->themes->languages();
Event::add('ushahidi_filter.view_pre_render.admin_layout', array($this, '_pre_render'));
}
/**
* Custom validation for this model - complements the default validate()
*
* @param array array to validate
* @param Auth instance of Auth class; used for testing purposes
* @return bool TRUE if validation succeeds, FALSE otherwise
*/
public static function custom_validate(array &$post, Auth $auth = NULL)
{
// Initalize validation
$post = Validation::factory($post)->pre_filter('trim', TRUE);
if ($auth === NULL) {
$auth = new Auth();
}
$post->add_rules('username', 'required', 'length[3,100]', 'alpha_numeric');
$post->add_rules('name', 'required', 'length[3,100]');
$post->add_rules('email', 'required', 'email', 'length[4,64]');
// If user id is not specified, check if the username already exists
if (empty($post->user_id)) {
$post->add_callbacks('username', array('User_Model', 'unique_value_exists'));
$post->add_callbacks('email', array('User_Model', 'unique_value_exists'));
}
// Make sure we have a value for password length to avoid PHP error for missing length[] function
$password_length = Kohana::config('auth.password_length');
$password_length = !empty($password_length) ? $password_length : '1,127';
// Only check for the password if the user id has been specified and we are passing a pw
if (isset($post->user_id) and isset($post->password)) {
$post->add_rules('password', 'required', 'alpha_dash', 'length[' . $password_length . ']');
$post->add_callbacks('password', 'User_Model::validate_password');
}
// If Password field is not blank and is being passed
if (isset($post->password) and (!empty($post->password) or empty($post->password) and !empty($post->password_again))) {
$post->add_rules('password', 'required', 'alpha_dash', 'length[' . $password_length . ']', 'matches[password_again]');
$post->add_callbacks('password', 'User_Model::validate_password');
}
$post->add_rules('role', 'required', 'length[3,30]', 'alpha_numeric');
$post->add_rules('notify', 'between[0,1]');
if (!$auth->logged_in('superadmin')) {
$post->add_callbacks('role', array('User_Model', 'prevent_superadmin_modification'));
}
// Additional validation checks
Event::run('ushahidi_action.user_submit_admin', $post);
// Return
return $post->validate();
}
