/**
* Parses a URL based on this rule.
* @param CUrlManager $manager the URL manager
* @param CHttpRequest $request the request object
* @param string $pathInfo path info part of the URL (URL suffix is already removed based on {@link CUrlManager::urlSuffix})
* @param string $rawPathInfo path info that contains the potential URL suffix
* @return mixed the route that consists of the controller ID and action ID. False if this rule does not apply.
*/
public function parseUrl($manager, $request, $pathInfo, $rawPathInfo)
{
$len = strlen($request->getBaseUrl());
$page = substr($request->getRequestUri(), $len);
// /index.php?p=123
$tr = array();
if (preg_match_all('/<(\\w+):?(.*?)?>/', $this->pattern, $matches)) {
$tokens = array_combine($matches[1], $matches[2]);
foreach ($tokens as $name => $value) {
if ($value === '') {
$value = '[^\\/]+';
}
$tr["<{$name}>"] = "(?P<{$name}>{$value})";
}
}
$this->pattern = str_replace('?', '\\?', $this->pattern);
$p = trim(rtrim($this->pattern, '*'), '/');
$template = preg_replace('/<(\\w+):?.*?>/', '<$1>', $p);
$this->pattern = '/^\\/' . strtr($template, $tr) . '/';
if (preg_match($this->pattern, $page, $matches)) {
foreach ($_GET as $k => $v) {
unset($_GET[$k]);
}
foreach ($tr as $k => $v) {
$key = substr($k, 1, -1);
if (isset($matches[$key])) {
$_GET[$key] = $matches[$key];
}
}
return $this->route;
}
return false;
}
/**
* @param Payment $payment
* @param CHttpRequest $request
* @return bool
*/
public function processCheckout(Payment $payment, CHttpRequest $request)
{
$amount = $request->getParam('OutSum');
$orderId = (int) $request->getParam('InvId');
$crc = strtoupper($request->getParam('SignatureValue'));
$order = Order::model()->findByPk($orderId);
if (null === $order) {
Yii::log(Yii::t('RobokassaModule.robokassa', 'Order with id = {id} not found!', ['{id}' => $orderId]), CLogger::LEVEL_ERROR, self::LOG_CATEGORY);
return false;
}
if ($order->isPaid()) {
Yii::log(Yii::t('RobokassaModule.robokassa', 'Order with id = {id} already payed!', ['{id}' => $orderId]), CLogger::LEVEL_ERROR, self::LOG_CATEGORY);
return false;
}
$settings = $payment->getPaymentSystemSettings();
$myCrc = strtoupper(md5("{$amount}:{$orderId}:" . $settings['password2']));
if ($myCrc !== $crc) {
Yii::log(Yii::t('RobokassaModule.robokassa', 'Error pay order with id = {id}! Bad crc!', ['{id}' => $orderId]), CLogger::LEVEL_ERROR, self::LOG_CATEGORY);
return false;
}
if ($amount != Yii::app()->money->convert($order->total_price, $payment->currency_id)) {
Yii::log(Yii::t('RobokassaModule.robokassa', 'Error pay order with id = {id}! Incorrect price!', ['{id}' => $orderId]), CLogger::LEVEL_ERROR, self::LOG_CATEGORY);
return false;
}
if ($order->pay($payment)) {
Yii::log(Yii::t('RobokassaModule.robokassa', 'Success pay order with id = {id}!', ['{id}' => $orderId]), CLogger::LEVEL_INFO, self::LOG_CATEGORY);
return true;
} else {
Yii::log(Yii::t('RobokassaModule.robokassa', 'Error pay order with id = {id}! Error change status!', ['{id}' => $orderId]), CLogger::LEVEL_ERROR, self::LOG_CATEGORY);
return false;
}
}
/**
*
* @param CHttpRequest $request
* @param User $model
*/
private function respondIfAjaxRequest($request, $model)
{
$ajaxRequest = $request->getPost('ajax', false);
if (!$ajaxRequest or $ajaxRequest !== 'signup-form') {
return;
}
echo CActiveForm::validate($model, array('email', 'password', 'verifyCode'));
Yii::app()->end();
}
/**
* Gets the status of the current payment
*
* @param CHttpRequest $request
* @return string|bool
*/
public function getPaymentStatus(CHttpRequest $request)
{
$data = ['key' => $this->key, 'order_id' => $request->getParam('order_id')];
$response = $this->sendRequest($data, 'GetStatus');
if (!isset($response['status'])) {
return false;
}
return $response['status'];
}
/**
* @param Payment $payment
* @param CHttpRequest $request
*/
public function processCheckout(Payment $payment, CHttpRequest $request)
{
$settings = $payment->getPaymentSystemSettings();
$params = ['action' => $request->getParam('action'), 'orderSumAmount' => $request->getParam('orderSumAmount'), 'orderSumCurrencyPaycash' => $request->getParam('orderSumCurrencyPaycash'), 'orderSumBankPaycash' => $request->getParam('orderSumBankPaycash'), 'shopId' => $settings['shopid'], 'invoiceId' => $request->getParam('invoiceId'), 'customerNumber' => $request->getParam('customerNumber'), 'password' => $settings['password']];
/* @var $order Order */
$order = Order::model()->findByPk($request->getParam('orderNumber'));
if ($order === null) {
$message = Yii::t('YandexMoneyModule.ymoney', 'The order doesn\'t exist.');
Yii::log($message, CLogger::LEVEL_ERROR);
$this->showResponse($params, $message, 200);
}
if ($order->isPaid()) {
$message = Yii::t('YandexMoneyModule.ymoney', 'The order #{n} is already payed.', $order->getPrimaryKey());
Yii::log($message, CLogger::LEVEL_ERROR);
$this->showResponse($params, $message, 200);
}
if ($this->getOrderCheckSum($params) !== $request->getParam('md5')) {
$message = Yii::t('YandexMoneyModule.ymoney', 'Wrong checksum');
Yii::log($message, CLogger::LEVEL_ERROR);
$this->showResponse($params, $message, 200);
}
if ((double) $order->getTotalPriceWithDelivery() !== (double) $params['orderSumAmount']) {
$message = Yii::t('YandexMoneyModule.ymoney', 'Wrong payment amount');
Yii::log($message, CLogger::LEVEL_ERROR);
$this->showResponse($params, $message, 200);
}
if ($params['action'] === 'checkOrder') {
$this->showResponse($params);
}
if ($params['action'] === 'paymentAviso' && $order->pay($payment)) {
Yii::log(Yii::t('YandexMoneyModule.ymoney', 'The order #{n} has been payed successfully.', $order->getPrimaryKey()), CLogger::LEVEL_INFO);
$this->showResponse($params);
}
}
/**
* Parses a URL based on this rule.
* @param CUrlManager $manager the URL manager
* @param CHttpRequest $request the request object
* @param string $pathInfo path info part of the URL (URL suffix is already removed based on {@link CUrlManager::urlSuffix})
* @param string $rawPathInfo path info that contains the potential URL suffix
* @return mixed the route that consists of the controller ID and action ID. False if this rule does not apply.
*/
public function parseUrl($manager, $request, $pathInfo, $rawPathInfo)
{
$paths = explode('/', $pathInfo);
if ($paths[0] != "api") {
return false;
}
$controller = $paths[1];
if (array_search($controller, $this->restControllers) === false) {
return false;
}
switch ($request->getRequestType()) {
case 'GET':
if (count($paths) == 2) {
return $controller . "/restList";
} else {
if (count($paths) > 2) {
$_GET['id'] = $paths[2];
if (isset($paths[3])) {
$_GET['var'] = $paths[3];
}
if (isset($paths[4])) {
$_GET['var2'] = $paths[4];
}
return $controller . "/restView";
}
}
break;
case 'PUT':
if (count($paths) >= 3) {
$_GET['id'] = $paths[2];
if (isset($paths[3])) {
$_GET['var'] = $paths[3];
}
return $controller . "/restUpdate";
}
break;
case 'POST':
if (count($paths) >= 2) {
if (isset($paths[2])) {
$_GET['id'] = $paths[2];
}
return $controller . "/restCreate";
}
break;
case 'DELETE':
if (count($paths) == 2) {
$_GET['id'] = $paths[2];
return $controller . "/restDelete";
}
break;
}
return false;
// this rule does not apply
}
public function actionFeed()
{
$req = new CHttpRequest();
// retrieve the latest posts
$posts = Post::model()->findAll(array('order' => 'create_time DESC', 'limit' => Yii::app()->params['postsPerFeedCount']));
// convert to the format needed by Zend_Feed
$entries = array();
foreach ($posts as $post) {
$entries[] = array('title' => CHtml::encode($post->title), 'link' => CHtml::encode($req->getHostInfo() . $post->url), 'description' => $post->content, 'lastUpdate' => $post->create_time);
}
// generate and render RSS feed
$feed = Zend_Feed::importArray(array('title' => 'My Post Feed', 'link' => $this->createUrl(''), 'charset' => 'UTF-8', 'entries' => $entries), 'rss');
$feed->send();
}
/**
* @param Payment $payment
* @param CHttpRequest $request
* @return bool|static
*/
public function processCheckout(Payment $payment, CHttpRequest $request)
{
$orderId = (int) $request->getPost('order');
if (!$orderId) {
return false;
}
$order = Order::model()->findByPk($orderId);
if (null === $order) {
return false;
}
if ($order->pay($payment, Order::PAID_STATUS_NOT_PAID)) {
return $order;
}
return false;
}
/**
* @see CHttpRequest::normalizeRequest()
*/
protected function normalizeRequest()
{
$this->normalizeEOL($_POST);
$this->normalizeEOL($_GET);
$this->normalizeEOL($_REQUEST);
parent::normalizeRequest();
}
public function getRequestUri()
{
if ($this->_requestUri === null)
$this->_requestUri = DMultilangHelper::processLangInUrl(parent::getRequestUri());
return $this->_requestUri;
}
protected function _getIP($ip = null)
{
if ($ip === null) {
$ip = CHttpRequest::getUserHostAddress();
}
return $ip;
}
protected function checkSign()
{
$keys = $this->application->app_keys;
// If there's no config app keys, we ignore the sign .
if (empty($keys)) {
return;
}
$clientAppId = $this->request->getParam('app_id');
foreach ($keys as $app_key) {
if ($app_key['app_id'] == $clientAppId) {
$clientAppSecret = $app_key['app_secret'];
}
}
if (!$this->request->getParam('timestamp')) {
throw new CAPIException(500, 'Sorry, the timestamp param is required', self::STATUS_TIMESTAMP_REQUIRED);
}
if (empty($clientAppSecret)) {
throw new CAPIException(500, "Sorry, the app id {$clientAppId} is missed or not found", self::STATUS_APPID_NOT_FOUND);
}
if ($this->request->isPostRequest || $this->request->isPutRequest) {
$params = $_POST;
} else {
$params = $_GET;
}
$clientSign = $this->request->getParam('sign');
if (empty($clientSign)) {
throw new CAPIException(500, 'Sorry, the sign is required', self::STATUS_SIGN_REQUIRED);
}
if ($clientSign != $this->makeSign($clientAppSecret, $params)) {
throw new CAPIException(500, 'Sorry, the sign is not matched. ', self::STATUS_SIGN_NOT_MATCH);
}
}
/**
* Normalizes the request data.
* This method strips off slashes in request data if get_magic_quotes_gpc() returns true.
* It also performs CSRF validation if {@link enableCsrfValidation} is true.
*/
protected function normalizeRequest()
{
parent::normalizeRequest();
if ($this->getIsPostRequest() && $this->enableCsrfValidation && $this->checkCurrentRoute()) {
Yii::app()->detachEventHandler('onbeginRequest', array($this, 'validateCsrfToken'));
}
}
public function getUserHostAddress()
{
$headers = apache_request_headers();
if (!$this->useReverseProxyHeaders || !isset($headers['X-Forwarded-For'])) {
return parent::getUserHostAddress();
}
return $headers['X-Forwarded-For'];
}
public function validateCsrfToken($event)
{
if (!$this->isTrustedRequest()) {
return parent::validateCsrfToken($event);
} else {
return true;
}
}
/**
* Parses the user request.
* @param CHttpRequest $request The request application component.
* @return string The route (controllerID/actionID) and perhaps GET parameters in path format.
*/
public function parseUrl($request)
{
$route = $request->getQuery('r');
if (is_null($route)) {
$route = $request->getPathInfo();
}
$app = Yii::app()->getModule('herbie')->application;
try {
$path = $app['urlMatcher']->match($route);
} catch (Exception $ex) {
// Don't catch exception
}
if (!empty($path)) {
return 'herbie/page';
}
return parent::parseUrl($request);
}
/**
* Logs current Request-Response using Yii::log
* @param string $request
* @param string $response
* @param string $apiMethod
*/
public static function __($request, $response, $apiMethod = null)
{
$controller = Yii::app()->controller;
$response = Response::get();
$status = $response[$controller::$configuration['statusKey']];
if ($status == $controller::$configuration['statusError']) {
$level = 'error';
} else {
$level = 'info';
}
if (!$apiMethod) {
$apiMethod = self::$apiMethod;
}
$http = new CHttpRequest();
$ip = $http->getUserHostAddress();
Yii::log('Request: ' . $request . ' ' . 'Response: ' . $response . ' ' . 'API Method: ' . $apiMethod . ' ' . 'API Version: ' . self::$apiVersion . ' ' . 'IP: ' . $ip . ' ' . 'Status: ' . $status . ' ', $level, 'webervice');
}
/**
* Override parent method to prevent csrf token validation during whitelisted requests
*/
public function validateCsrfToken($event)
{
foreach ($this->csrfValidationWhitelist as $regex) {
if (preg_match($regex, $this->pathInfo)) {
return;
}
}
return parent::validateCsrfToken($event);
}
/**
* Переделываем функцию проверки ip,
* так как на некоторых серверах ip храниться не в $_SERVER['REMOTE_ADDR'] a в $_SERVER['HTTP_X_FORWARDED_FOR']
* @return [type] [description]
*/
public function getUserHostAddress()
{
$ip = parent::getUserHostAddress();
if ($ip == '127.0.0.1') {
$newip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : false;
$ip = $newip && $newip != '127.0.0.1' ? $newip : $ip;
}
return $ip;
}
protected function normalizeRequest()
{
parent::normalizeRequest();
if ($this->enableCsrfValidation) {
$url = Yii::app()->getUrlManager()->parseUrl($this);
if (in_array($url, $this->noValidationRoutes)) {
Yii::app()->detachEventHandler('onBeginRequest', array($this, 'validateCsrfToken'));
}
}
}
/**
* Returns whether this is an AJAX (XMLHttpRequest) request.
* @return boolean whether this is an AJAX (XMLHttpRequest) request.
*/
public function getIsAjaxRequest()
{
if (!parent::getIsAjaxRequest()) {
if (isset($_REQUEST['ajax'])) {
return true;
}
return false;
}
return true;
}
public function processCheckout(CHttpRequest $request)
{
$amount = $request->getParam('OutSum');
$orderId = (int) $request->getParam('InvId');
$crc = strtoupper($request->getParam('SignatureValue'));
$subscription = Subscription::model()->findByPk($orderId);
if (null === $subscription) {
//echo Yii::t('site', 'Subscription with id = {id} not found!', array('{id}' => $orderId));
Yii::log(Yii::t('site', 'Subscription with id = {id} not found!', array('{id}' => $orderId)), CLogger::LEVEL_ERROR, self::LOG_CATEGORY);
return false;
}
if ($subscription->type != Subscription::TYPE_FULL) {
//echo Yii::t('site', 'Subscription with id = {id} is trial!', array('{id}' => $orderId));
Yii::log(Yii::t('site', 'Subscription with id = {id} is trial!', array('{id}' => $orderId)), CLogger::LEVEL_ERROR, self::LOG_CATEGORY);
return false;
}
if ($subscription->isPaid()) {
//echo Yii::t('site', 'Subscription with id = {id} already payed!', array('{id}' => $orderId));
Yii::log(Yii::t('site', 'Subscription with id = {id} already payed!', array('{id}' => $orderId)), CLogger::LEVEL_ERROR, self::LOG_CATEGORY);
return false;
}
$settings = $this->_getSettings();
$myCrc = strtoupper(md5("{$amount}:{$orderId}:" . $settings['password2']));
if ($myCrc !== $crc) {
//echo Yii::t('site', 'Error pay subscription with id = {id}! Bad crc!', array('{id}' => $orderId));
Yii::log(Yii::t('site', 'Error pay subscription with id = {id}! Bad crc!', array('{id}' => $orderId)), CLogger::LEVEL_ERROR, self::LOG_CATEGORY);
return false;
}
if ($amount != $subscription->getTotalCost()) {
//echo Yii::t('site', 'Error pay subscription with id = {id}! Incorrect price!', array('{id}' => $orderId));
Yii::log(Yii::t('site', 'Error pay subscription with id = {id}! Incorrect price!', array('{id}' => $orderId)), CLogger::LEVEL_ERROR, self::LOG_CATEGORY);
return false;
}
if ($subscription->pay()) {
echo "OK{$orderId}\n";
Yii::log(Yii::t('site', 'Success pay subscription with id = {id}!', array('{id}' => $orderId)), CLogger::LEVEL_INFO, self::LOG_CATEGORY);
return true;
} else {
//echo Yii::t('site', 'Error pay subscription with id = {id}! Error change status!', array('{id}' => $orderId));
Yii::log(Yii::t('site', 'Error pay subscription with id = {id}! Error change status!', array('{id}' => $orderId)), CLogger::LEVEL_ERROR, self::LOG_CATEGORY);
return false;
}
}
public function getUrlReferrer()
{
$referrer = parent::getUrlReferrer();
$host = UrlHelper::getHost($referrer);
if ($host === $this->getServerName()) {
return $referrer;
} else {
return UrlHelper::createAbsoluteUrl('/shop');
}
}
public function login(LoginForm $form, IWebUser $user, CHttpRequest $request = null)
{
if ($form->hasErrors()) {
return false;
}
$identity = new UserIdentity($form->email, $form->password);
$duration = 0;
//if ($form->remember_me) {
$sessionTimeInWeeks = (int) Yii::app()->getModule('user')->sessionLifeTime;
$duration = $sessionTimeInWeeks * 24 * 60 * 60;
//}
if ($identity->authenticate()) {
$user->login($identity, $duration);
Yii::log(Yii::t('UserModule.user', 'User with {email} was logined with IP-address {ip}!', array('{email}' => $form->email, '{ip}' => $request->getUserHostAddress())), CLogger::LEVEL_INFO, UserModule::$logCategory);
return true;
}
Yii::log(Yii::t('UserModule.user', 'Authorization error with IP-address {ip}! email => {email}, Password => {password}!', array('{email}' => $form->email, '{password}' => $form->password, '{ip}' => $request->getUserHostAddress())), CLogger::LEVEL_ERROR, UserModule::$logCategory);
return false;
}
public function getRequestUri(){
if($this->_requestUri!==null)return $this->_requestUri;
$this->_requestUri = parent::getRequestUri();
if(!Yii::app()->isWeb){
if(Yii::app()->isAjax){
$this->_requestUri = substr($this->_requestUri,5);
}elseif(Yii::app()->isExt){
$this->_requestUri = substr($this->_requestUri,6);
}
}
return $this->_requestUri;
protected function normalizeRequest()
{
//attach event handlers for CSRFin the parent
parent::normalizeRequest();
//remove the event handler CSRF if this is a route we want skipped
if ($this->enableCsrfValidation) {
$url = Yii::app()->getUrlManager()->parseUrl($this);
foreach ($this->noCsrfValidationRoutes as $route) {
if (strpos($url, $route) === 0) {
Yii::app()->detachEventHandler('onBeginRequest', array($this, 'validateCsrfToken'));
}
}
}
}
public function redirect($url, $terminate = true, $statusCode = 302)
{
if (Yii::app()->isMobileApp()) {
$params = array();
if (isset($_GET['x2ajax'])) {
$params['x2ajax'] = $_GET['x2ajax'];
}
if (isset($_GET['isMobileApp'])) {
$params['isMobileApp'] = $_GET['isMobileApp'];
}
$url = UrlUtil::mergeParams($url, $params);
}
return parent::redirect($url, $terminate, $statusCode);
}
/**
* @param LoginForm $form
* @param IWebUser $user
* @param CHttpRequest|null $request
* @return bool
*/
public function login(LoginForm $form, IWebUser $user, CHttpRequest $request = null)
{
if (false === $form->validate()) {
Yii::app()->eventManager->fire(UserEvents::FAILURE_LOGIN, new UserLoginEvent($form, $user));
return false;
}
$identity = new UserIdentity($form->email, $form->password);
$duration = 0;
if ($form->remember_me) {
$sessionTimeInWeeks = (int) Yii::app()->getModule('user')->sessionLifeTime;
$duration = $sessionTimeInWeeks * 24 * 60 * 60;
}
if ($identity->authenticate()) {
Yii::app()->eventManager->fire(UserEvents::BEFORE_LOGIN, new UserLoginEvent($form, $user, $identity));
$user->login($identity, $duration);
Yii::log(Yii::t('UserModule.user', 'User with {email} was logined with IP-address {ip}!', ['{email}' => $form->email, '{ip}' => $request->getUserHostAddress()]), CLogger::LEVEL_INFO, UserModule::$logCategory);
Yii::app()->eventManager->fire(UserEvents::SUCCESS_LOGIN, new UserLoginEvent($form, $user, $identity));
return true;
}
Yii::app()->eventManager->fire(UserEvents::FAILURE_LOGIN, new UserLoginEvent($form, $user, $identity));
Yii::log(Yii::t('UserModule.user', 'Authorization error with IP-address {ip}! email => {email}, Password => {password}!', ['{email}' => $form->email, '{password}' => $form->password, '{ip}' => $request->getUserHostAddress()]), CLogger::LEVEL_ERROR, UserModule::$logCategory);
return false;
}
protected function normalizeRequest()
{
//attach event handlers for CSRFin the parent
parent::normalizeRequest();
//remove the event handler CSRF if this is a route we want skipped
if ($this->enableCsrfValidation) {
$url = Yii::app()->getUrlManager()->parseUrl($this);
$t = strpos($url, "/");
if ($t !== FALSE) {
$url = substr($url, 0, $t);
if (in_array($url, $this->noCsrfValidationRoutes)) {
Yii::app()->detachEventHandler('onBeginRequest', array($this, 'validateCsrfToken'));
}
}
}
}
/**
* Cek Akses User dengan CDbAuthManager
* @param type $action
* @return boolean
* @throws CHttpException
*/
protected function beforeAction($action)
{
if ($this->allowIp(CHttpRequest::getUserHostAddress())) {
$superUser = Yii::app()->authManager->getAuthAssignment(Yii::app()->params['superuser'], Yii::app()->user->id) === null ? FALSE : TRUE;
if ($superUser) {
return true;
} else {
if (Yii::app()->user->checkAccess(Yii::app()->controller->id . '.' . Yii::app()->controller->action->id)) {
return true;
} else {
throw new CHttpException(403, 'Akses ditolak - Anda tidak memiliki izin untuk mengakses halaman ini!');
}
}
} else {
throw new CHttpException(403, 'Akses ditolak - Anda tidak memiliki izin untuk mengakses halaman ini!');
}
}
