/** * Parses a URL based on this rule. * @param CUrlManager $manager the URL manager * @param CHttpRequest $request the request object * @param string $pathInfo path info part of the URL (URL suffix is already removed based on {@link CUrlManager::urlSuffix}) * @param string $rawPathInfo path info that contains the potential URL suffix * @return mixed the route that consists of the controller ID and action ID. False if this rule does not apply. */ public function parseUrl($manager, $request, $pathInfo, $rawPathInfo) { $len = strlen($request->getBaseUrl()); $page = substr($request->getRequestUri(), $len); // /index.php?p=123 $tr = array(); if (preg_match_all('/<(\\w+):?(.*?)?>/', $this->pattern, $matches)) { $tokens = array_combine($matches[1], $matches[2]); foreach ($tokens as $name => $value) { if ($value === '') { $value = '[^\\/]+'; } $tr["<{$name}>"] = "(?P<{$name}>{$value})"; } } $this->pattern = str_replace('?', '\\?', $this->pattern); $p = trim(rtrim($this->pattern, '*'), '/'); $template = preg_replace('/<(\\w+):?.*?>/', '<$1>', $p); $this->pattern = '/^\\/' . strtr($template, $tr) . '/'; if (preg_match($this->pattern, $page, $matches)) { foreach ($_GET as $k => $v) { unset($_GET[$k]); } foreach ($tr as $k => $v) { $key = substr($k, 1, -1); if (isset($matches[$key])) { $_GET[$key] = $matches[$key]; } } return $this->route; } return false; }
/** * @param Payment $payment * @param CHttpRequest $request * @return bool */ public function processCheckout(Payment $payment, CHttpRequest $request) { $amount = $request->getParam('OutSum'); $orderId = (int) $request->getParam('InvId'); $crc = strtoupper($request->getParam('SignatureValue')); $order = Order::model()->findByPk($orderId); if (null === $order) { Yii::log(Yii::t('RobokassaModule.robokassa', 'Order with id = {id} not found!', ['{id}' => $orderId]), CLogger::LEVEL_ERROR, self::LOG_CATEGORY); return false; } if ($order->isPaid()) { Yii::log(Yii::t('RobokassaModule.robokassa', 'Order with id = {id} already payed!', ['{id}' => $orderId]), CLogger::LEVEL_ERROR, self::LOG_CATEGORY); return false; } $settings = $payment->getPaymentSystemSettings(); $myCrc = strtoupper(md5("{$amount}:{$orderId}:" . $settings['password2'])); if ($myCrc !== $crc) { Yii::log(Yii::t('RobokassaModule.robokassa', 'Error pay order with id = {id}! Bad crc!', ['{id}' => $orderId]), CLogger::LEVEL_ERROR, self::LOG_CATEGORY); return false; } if ($amount != Yii::app()->money->convert($order->total_price, $payment->currency_id)) { Yii::log(Yii::t('RobokassaModule.robokassa', 'Error pay order with id = {id}! Incorrect price!', ['{id}' => $orderId]), CLogger::LEVEL_ERROR, self::LOG_CATEGORY); return false; } if ($order->pay($payment)) { Yii::log(Yii::t('RobokassaModule.robokassa', 'Success pay order with id = {id}!', ['{id}' => $orderId]), CLogger::LEVEL_INFO, self::LOG_CATEGORY); return true; } else { Yii::log(Yii::t('RobokassaModule.robokassa', 'Error pay order with id = {id}! Error change status!', ['{id}' => $orderId]), CLogger::LEVEL_ERROR, self::LOG_CATEGORY); return false; } }
/** * * @param CHttpRequest $request * @param User $model */ private function respondIfAjaxRequest($request, $model) { $ajaxRequest = $request->getPost('ajax', false); if (!$ajaxRequest or $ajaxRequest !== 'signup-form') { return; } echo CActiveForm::validate($model, array('email', 'password', 'verifyCode')); Yii::app()->end(); }
/** * Gets the status of the current payment * * @param CHttpRequest $request * @return string|bool */ public function getPaymentStatus(CHttpRequest $request) { $data = ['key' => $this->key, 'order_id' => $request->getParam('order_id')]; $response = $this->sendRequest($data, 'GetStatus'); if (!isset($response['status'])) { return false; } return $response['status']; }
/** * @param Payment $payment * @param CHttpRequest $request */ public function processCheckout(Payment $payment, CHttpRequest $request) { $settings = $payment->getPaymentSystemSettings(); $params = ['action' => $request->getParam('action'), 'orderSumAmount' => $request->getParam('orderSumAmount'), 'orderSumCurrencyPaycash' => $request->getParam('orderSumCurrencyPaycash'), 'orderSumBankPaycash' => $request->getParam('orderSumBankPaycash'), 'shopId' => $settings['shopid'], 'invoiceId' => $request->getParam('invoiceId'), 'customerNumber' => $request->getParam('customerNumber'), 'password' => $settings['password']]; /* @var $order Order */ $order = Order::model()->findByPk($request->getParam('orderNumber')); if ($order === null) { $message = Yii::t('YandexMoneyModule.ymoney', 'The order doesn\'t exist.'); Yii::log($message, CLogger::LEVEL_ERROR); $this->showResponse($params, $message, 200); } if ($order->isPaid()) { $message = Yii::t('YandexMoneyModule.ymoney', 'The order #{n} is already payed.', $order->getPrimaryKey()); Yii::log($message, CLogger::LEVEL_ERROR); $this->showResponse($params, $message, 200); } if ($this->getOrderCheckSum($params) !== $request->getParam('md5')) { $message = Yii::t('YandexMoneyModule.ymoney', 'Wrong checksum'); Yii::log($message, CLogger::LEVEL_ERROR); $this->showResponse($params, $message, 200); } if ((double) $order->getTotalPriceWithDelivery() !== (double) $params['orderSumAmount']) { $message = Yii::t('YandexMoneyModule.ymoney', 'Wrong payment amount'); Yii::log($message, CLogger::LEVEL_ERROR); $this->showResponse($params, $message, 200); } if ($params['action'] === 'checkOrder') { $this->showResponse($params); } if ($params['action'] === 'paymentAviso' && $order->pay($payment)) { Yii::log(Yii::t('YandexMoneyModule.ymoney', 'The order #{n} has been payed successfully.', $order->getPrimaryKey()), CLogger::LEVEL_INFO); $this->showResponse($params); } }
/** * Parses a URL based on this rule. * @param CUrlManager $manager the URL manager * @param CHttpRequest $request the request object * @param string $pathInfo path info part of the URL (URL suffix is already removed based on {@link CUrlManager::urlSuffix}) * @param string $rawPathInfo path info that contains the potential URL suffix * @return mixed the route that consists of the controller ID and action ID. False if this rule does not apply. */ public function parseUrl($manager, $request, $pathInfo, $rawPathInfo) { $paths = explode('/', $pathInfo); if ($paths[0] != "api") { return false; } $controller = $paths[1]; if (array_search($controller, $this->restControllers) === false) { return false; } switch ($request->getRequestType()) { case 'GET': if (count($paths) == 2) { return $controller . "/restList"; } else { if (count($paths) > 2) { $_GET['id'] = $paths[2]; if (isset($paths[3])) { $_GET['var'] = $paths[3]; } if (isset($paths[4])) { $_GET['var2'] = $paths[4]; } return $controller . "/restView"; } } break; case 'PUT': if (count($paths) >= 3) { $_GET['id'] = $paths[2]; if (isset($paths[3])) { $_GET['var'] = $paths[3]; } return $controller . "/restUpdate"; } break; case 'POST': if (count($paths) >= 2) { if (isset($paths[2])) { $_GET['id'] = $paths[2]; } return $controller . "/restCreate"; } break; case 'DELETE': if (count($paths) == 2) { $_GET['id'] = $paths[2]; return $controller . "/restDelete"; } break; } return false; // this rule does not apply }
public function actionFeed() { $req = new CHttpRequest(); // retrieve the latest posts $posts = Post::model()->findAll(array('order' => 'create_time DESC', 'limit' => Yii::app()->params['postsPerFeedCount'])); // convert to the format needed by Zend_Feed $entries = array(); foreach ($posts as $post) { $entries[] = array('title' => CHtml::encode($post->title), 'link' => CHtml::encode($req->getHostInfo() . $post->url), 'description' => $post->content, 'lastUpdate' => $post->create_time); } // generate and render RSS feed $feed = Zend_Feed::importArray(array('title' => 'My Post Feed', 'link' => $this->createUrl(''), 'charset' => 'UTF-8', 'entries' => $entries), 'rss'); $feed->send(); }
/** * @param Payment $payment * @param CHttpRequest $request * @return bool|static */ public function processCheckout(Payment $payment, CHttpRequest $request) { $orderId = (int) $request->getPost('order'); if (!$orderId) { return false; } $order = Order::model()->findByPk($orderId); if (null === $order) { return false; } if ($order->pay($payment, Order::PAID_STATUS_NOT_PAID)) { return $order; } return false; }
/** * @see CHttpRequest::normalizeRequest() */ protected function normalizeRequest() { $this->normalizeEOL($_POST); $this->normalizeEOL($_GET); $this->normalizeEOL($_REQUEST); parent::normalizeRequest(); }
public function getRequestUri() { if ($this->_requestUri === null) $this->_requestUri = DMultilangHelper::processLangInUrl(parent::getRequestUri()); return $this->_requestUri; }
protected function _getIP($ip = null) { if ($ip === null) { $ip = CHttpRequest::getUserHostAddress(); } return $ip; }
protected function checkSign() { $keys = $this->application->app_keys; // If there's no config app keys, we ignore the sign . if (empty($keys)) { return; } $clientAppId = $this->request->getParam('app_id'); foreach ($keys as $app_key) { if ($app_key['app_id'] == $clientAppId) { $clientAppSecret = $app_key['app_secret']; } } if (!$this->request->getParam('timestamp')) { throw new CAPIException(500, 'Sorry, the timestamp param is required', self::STATUS_TIMESTAMP_REQUIRED); } if (empty($clientAppSecret)) { throw new CAPIException(500, "Sorry, the app id {$clientAppId} is missed or not found", self::STATUS_APPID_NOT_FOUND); } if ($this->request->isPostRequest || $this->request->isPutRequest) { $params = $_POST; } else { $params = $_GET; } $clientSign = $this->request->getParam('sign'); if (empty($clientSign)) { throw new CAPIException(500, 'Sorry, the sign is required', self::STATUS_SIGN_REQUIRED); } if ($clientSign != $this->makeSign($clientAppSecret, $params)) { throw new CAPIException(500, 'Sorry, the sign is not matched. ', self::STATUS_SIGN_NOT_MATCH); } }
/** * Normalizes the request data. * This method strips off slashes in request data if get_magic_quotes_gpc() returns true. * It also performs CSRF validation if {@link enableCsrfValidation} is true. */ protected function normalizeRequest() { parent::normalizeRequest(); if ($this->getIsPostRequest() && $this->enableCsrfValidation && $this->checkCurrentRoute()) { Yii::app()->detachEventHandler('onbeginRequest', array($this, 'validateCsrfToken')); } }
public function getUserHostAddress() { $headers = apache_request_headers(); if (!$this->useReverseProxyHeaders || !isset($headers['X-Forwarded-For'])) { return parent::getUserHostAddress(); } return $headers['X-Forwarded-For']; }
public function validateCsrfToken($event) { if (!$this->isTrustedRequest()) { return parent::validateCsrfToken($event); } else { return true; } }
/** * Parses the user request. * @param CHttpRequest $request The request application component. * @return string The route (controllerID/actionID) and perhaps GET parameters in path format. */ public function parseUrl($request) { $route = $request->getQuery('r'); if (is_null($route)) { $route = $request->getPathInfo(); } $app = Yii::app()->getModule('herbie')->application; try { $path = $app['urlMatcher']->match($route); } catch (Exception $ex) { // Don't catch exception } if (!empty($path)) { return 'herbie/page'; } return parent::parseUrl($request); }
/** * Logs current Request-Response using Yii::log * @param string $request * @param string $response * @param string $apiMethod */ public static function __($request, $response, $apiMethod = null) { $controller = Yii::app()->controller; $response = Response::get(); $status = $response[$controller::$configuration['statusKey']]; if ($status == $controller::$configuration['statusError']) { $level = 'error'; } else { $level = 'info'; } if (!$apiMethod) { $apiMethod = self::$apiMethod; } $http = new CHttpRequest(); $ip = $http->getUserHostAddress(); Yii::log('Request: ' . $request . ' ' . 'Response: ' . $response . ' ' . 'API Method: ' . $apiMethod . ' ' . 'API Version: ' . self::$apiVersion . ' ' . 'IP: ' . $ip . ' ' . 'Status: ' . $status . ' ', $level, 'webervice'); }
/** * Override parent method to prevent csrf token validation during whitelisted requests */ public function validateCsrfToken($event) { foreach ($this->csrfValidationWhitelist as $regex) { if (preg_match($regex, $this->pathInfo)) { return; } } return parent::validateCsrfToken($event); }
/** * Переделываем функцию проверки ip, * так как на некоторых серверах ip храниться не в $_SERVER['REMOTE_ADDR'] a в $_SERVER['HTTP_X_FORWARDED_FOR'] * @return [type] [description] */ public function getUserHostAddress() { $ip = parent::getUserHostAddress(); if ($ip == '127.0.0.1') { $newip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : false; $ip = $newip && $newip != '127.0.0.1' ? $newip : $ip; } return $ip; }
protected function normalizeRequest() { parent::normalizeRequest(); if ($this->enableCsrfValidation) { $url = Yii::app()->getUrlManager()->parseUrl($this); if (in_array($url, $this->noValidationRoutes)) { Yii::app()->detachEventHandler('onBeginRequest', array($this, 'validateCsrfToken')); } } }
/** * Returns whether this is an AJAX (XMLHttpRequest) request. * @return boolean whether this is an AJAX (XMLHttpRequest) request. */ public function getIsAjaxRequest() { if (!parent::getIsAjaxRequest()) { if (isset($_REQUEST['ajax'])) { return true; } return false; } return true; }
public function processCheckout(CHttpRequest $request) { $amount = $request->getParam('OutSum'); $orderId = (int) $request->getParam('InvId'); $crc = strtoupper($request->getParam('SignatureValue')); $subscription = Subscription::model()->findByPk($orderId); if (null === $subscription) { //echo Yii::t('site', 'Subscription with id = {id} not found!', array('{id}' => $orderId)); Yii::log(Yii::t('site', 'Subscription with id = {id} not found!', array('{id}' => $orderId)), CLogger::LEVEL_ERROR, self::LOG_CATEGORY); return false; } if ($subscription->type != Subscription::TYPE_FULL) { //echo Yii::t('site', 'Subscription with id = {id} is trial!', array('{id}' => $orderId)); Yii::log(Yii::t('site', 'Subscription with id = {id} is trial!', array('{id}' => $orderId)), CLogger::LEVEL_ERROR, self::LOG_CATEGORY); return false; } if ($subscription->isPaid()) { //echo Yii::t('site', 'Subscription with id = {id} already payed!', array('{id}' => $orderId)); Yii::log(Yii::t('site', 'Subscription with id = {id} already payed!', array('{id}' => $orderId)), CLogger::LEVEL_ERROR, self::LOG_CATEGORY); return false; } $settings = $this->_getSettings(); $myCrc = strtoupper(md5("{$amount}:{$orderId}:" . $settings['password2'])); if ($myCrc !== $crc) { //echo Yii::t('site', 'Error pay subscription with id = {id}! Bad crc!', array('{id}' => $orderId)); Yii::log(Yii::t('site', 'Error pay subscription with id = {id}! Bad crc!', array('{id}' => $orderId)), CLogger::LEVEL_ERROR, self::LOG_CATEGORY); return false; } if ($amount != $subscription->getTotalCost()) { //echo Yii::t('site', 'Error pay subscription with id = {id}! Incorrect price!', array('{id}' => $orderId)); Yii::log(Yii::t('site', 'Error pay subscription with id = {id}! Incorrect price!', array('{id}' => $orderId)), CLogger::LEVEL_ERROR, self::LOG_CATEGORY); return false; } if ($subscription->pay()) { echo "OK{$orderId}\n"; Yii::log(Yii::t('site', 'Success pay subscription with id = {id}!', array('{id}' => $orderId)), CLogger::LEVEL_INFO, self::LOG_CATEGORY); return true; } else { //echo Yii::t('site', 'Error pay subscription with id = {id}! Error change status!', array('{id}' => $orderId)); Yii::log(Yii::t('site', 'Error pay subscription with id = {id}! Error change status!', array('{id}' => $orderId)), CLogger::LEVEL_ERROR, self::LOG_CATEGORY); return false; } }
public function getUrlReferrer() { $referrer = parent::getUrlReferrer(); $host = UrlHelper::getHost($referrer); if ($host === $this->getServerName()) { return $referrer; } else { return UrlHelper::createAbsoluteUrl('/shop'); } }
public function login(LoginForm $form, IWebUser $user, CHttpRequest $request = null) { if ($form->hasErrors()) { return false; } $identity = new UserIdentity($form->email, $form->password); $duration = 0; //if ($form->remember_me) { $sessionTimeInWeeks = (int) Yii::app()->getModule('user')->sessionLifeTime; $duration = $sessionTimeInWeeks * 24 * 60 * 60; //} if ($identity->authenticate()) { $user->login($identity, $duration); Yii::log(Yii::t('UserModule.user', 'User with {email} was logined with IP-address {ip}!', array('{email}' => $form->email, '{ip}' => $request->getUserHostAddress())), CLogger::LEVEL_INFO, UserModule::$logCategory); return true; } Yii::log(Yii::t('UserModule.user', 'Authorization error with IP-address {ip}! email => {email}, Password => {password}!', array('{email}' => $form->email, '{password}' => $form->password, '{ip}' => $request->getUserHostAddress())), CLogger::LEVEL_ERROR, UserModule::$logCategory); return false; }
public function getRequestUri(){ if($this->_requestUri!==null)return $this->_requestUri; $this->_requestUri = parent::getRequestUri(); if(!Yii::app()->isWeb){ if(Yii::app()->isAjax){ $this->_requestUri = substr($this->_requestUri,5); }elseif(Yii::app()->isExt){ $this->_requestUri = substr($this->_requestUri,6); } } return $this->_requestUri;
protected function normalizeRequest() { //attach event handlers for CSRFin the parent parent::normalizeRequest(); //remove the event handler CSRF if this is a route we want skipped if ($this->enableCsrfValidation) { $url = Yii::app()->getUrlManager()->parseUrl($this); foreach ($this->noCsrfValidationRoutes as $route) { if (strpos($url, $route) === 0) { Yii::app()->detachEventHandler('onBeginRequest', array($this, 'validateCsrfToken')); } } } }
public function redirect($url, $terminate = true, $statusCode = 302) { if (Yii::app()->isMobileApp()) { $params = array(); if (isset($_GET['x2ajax'])) { $params['x2ajax'] = $_GET['x2ajax']; } if (isset($_GET['isMobileApp'])) { $params['isMobileApp'] = $_GET['isMobileApp']; } $url = UrlUtil::mergeParams($url, $params); } return parent::redirect($url, $terminate, $statusCode); }
/** * @param LoginForm $form * @param IWebUser $user * @param CHttpRequest|null $request * @return bool */ public function login(LoginForm $form, IWebUser $user, CHttpRequest $request = null) { if (false === $form->validate()) { Yii::app()->eventManager->fire(UserEvents::FAILURE_LOGIN, new UserLoginEvent($form, $user)); return false; } $identity = new UserIdentity($form->email, $form->password); $duration = 0; if ($form->remember_me) { $sessionTimeInWeeks = (int) Yii::app()->getModule('user')->sessionLifeTime; $duration = $sessionTimeInWeeks * 24 * 60 * 60; } if ($identity->authenticate()) { Yii::app()->eventManager->fire(UserEvents::BEFORE_LOGIN, new UserLoginEvent($form, $user, $identity)); $user->login($identity, $duration); Yii::log(Yii::t('UserModule.user', 'User with {email} was logined with IP-address {ip}!', ['{email}' => $form->email, '{ip}' => $request->getUserHostAddress()]), CLogger::LEVEL_INFO, UserModule::$logCategory); Yii::app()->eventManager->fire(UserEvents::SUCCESS_LOGIN, new UserLoginEvent($form, $user, $identity)); return true; } Yii::app()->eventManager->fire(UserEvents::FAILURE_LOGIN, new UserLoginEvent($form, $user, $identity)); Yii::log(Yii::t('UserModule.user', 'Authorization error with IP-address {ip}! email => {email}, Password => {password}!', ['{email}' => $form->email, '{password}' => $form->password, '{ip}' => $request->getUserHostAddress()]), CLogger::LEVEL_ERROR, UserModule::$logCategory); return false; }
protected function normalizeRequest() { //attach event handlers for CSRFin the parent parent::normalizeRequest(); //remove the event handler CSRF if this is a route we want skipped if ($this->enableCsrfValidation) { $url = Yii::app()->getUrlManager()->parseUrl($this); $t = strpos($url, "/"); if ($t !== FALSE) { $url = substr($url, 0, $t); if (in_array($url, $this->noCsrfValidationRoutes)) { Yii::app()->detachEventHandler('onBeginRequest', array($this, 'validateCsrfToken')); } } } }
/** * Cek Akses User dengan CDbAuthManager * @param type $action * @return boolean * @throws CHttpException */ protected function beforeAction($action) { if ($this->allowIp(CHttpRequest::getUserHostAddress())) { $superUser = Yii::app()->authManager->getAuthAssignment(Yii::app()->params['superuser'], Yii::app()->user->id) === null ? FALSE : TRUE; if ($superUser) { return true; } else { if (Yii::app()->user->checkAccess(Yii::app()->controller->id . '.' . Yii::app()->controller->action->id)) { return true; } else { throw new CHttpException(403, 'Akses ditolak - Anda tidak memiliki izin untuk mengakses halaman ini!'); } } } else { throw new CHttpException(403, 'Akses ditolak - Anda tidak memiliki izin untuk mengakses halaman ini!'); } }