/**
* Called by index.php, this function is responsible for rendering the current
* page on the Frontend. One delegate is fired, FrontendInitialised
*
* @uses FrontendInitialised
* @see boot.getCurrentPage()
* @param string $page
* The result of getCurrentPage, which returns the $_GET['symphony-page']
* variable.
* @return string
* The HTML of the page to return
*/
public function display($page)
{
self::$_page = new FrontendPage($this);
/**
* @delegate FrontendInitialised
*/
Frontend::instance()->ExtensionManager->notifyMembers('FrontendInitialised', '/frontend/');
$output = self::$_page->generate($page);
return $output;
}
/**
* Called by index.php, this function is responsible for rendering the current
* page on the Frontend. One delegate is fired, `FrontendInitialised`
*
* @uses FrontendInitialised
* @see boot.getCurrentPage()
* @param string $page
* The result of getCurrentPage, which returns the `$_GET['symphony-page']`
* @return string
* The HTML of the page to return
*/
public function display($page)
{
self::$_page = new FrontendPage($this);
/**
* `FrontendInitialised` is fired just after the `$_page` variable has been
* created with an instance of the `FrontendPage` class. This delegate is
* fired just before the `FrontendPage->generate()`.
*
* @delegate FrontendInitialised
*/
Frontend::instance()->ExtensionManager->notifyMembers('FrontendInitialised', '/frontend/');
$output = self::$_page->generate($page);
return $output;
}
/**
* Default constructor
*
* @return void
*/
public function __construct()
{
// call parent
parent::__construct();
// get pageId for requested URL
$this->pageId = FrontendNavigation::getPageId(implode('/', $this->URL->getPages()));
// make the pageId accessible through a static method
self::$currentPageId = $this->pageId;
// set headers if this is a 404 page
if ($this->pageId == 404) {
$this->statusCode = 404;
}
// create header instance
$this->header = new FrontendHeader();
// get pagecontent
$this->getPageContent();
// process page
$this->processPage();
// store statistics
$this->storeStatistics();
// display
$this->display();
}
public function setPage($context)
{
// Check to see if the page has 'etf' page type
if (is_array($context['page_data']['type']) && in_array('etf', $context['page_data']['type'])) {
// Check to see that the page has been requested by someone who is logged in
// or someone who has passed the ETF header
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'EmailTemplateFilter' || Frontend::instance()->isLoggedIn() && Frontend::instance()->Author->isDeveloper()) {
// All good!
self::$page = $context['page'];
} else {
$row = Symphony::Database()->fetchRow(0, "\n\t\t\t\t\t\tSELECT `tbl_pages`.*\n\t\t\t\t\t\tFROM `tbl_pages`, `tbl_pages_types`\n\t\t\t\t\t\tWHERE `tbl_pages_types`.page_id = `tbl_pages`.id\n\t\t\t\t\t\tAND tbl_pages_types.`type` = '403'\n\t\t\t\t\t\tLIMIT 1\n\t\t\t\t\t");
if ($row) {
$row['type'] = FrontendPage::fetchPageTypes($row['id']);
$row['filelocation'] = FrontendPage::resolvePageFileLocation($row['path'], $row['handle']);
$context['page_data'] = $row;
return;
} else {
GenericExceptionHandler::$enabled = true;
throw new SymphonyErrorPage(__('Please <a href="%s">login</a> to view this page.', array(SYMPHONY_URL . '/login/')), __('Forbidden'), 'error', array('header' => 'HTTP/1.0 403 Forbidden'));
}
}
}
}
/**
* Get tags for current "page"
*/
private function getTags()
{
// get page id
$pageId = FrontendPage::getCurrentPageId();
// array of excluded records
$this->exclude[] = array('module' => 'pages', 'other_id' => $pageId);
// get tags for page
$tags = (array) FrontendTagsModel::getForItem('pages', $pageId);
foreach ($tags as $tag) {
$this->tags = array_merge((array) $this->tags, (array) $tag['name']);
}
// get page record
$record = (array) FrontendNavigation::getPageInfo($pageId);
// loop blocks
foreach ((array) $record['extra_blocks'] as $block) {
// set module class
$class = 'Frontend' . SpoonFilter::toCamelCase($block['module']) . 'Model';
// get record for module
$record = FrontendTagsModel::callFromInterface($block['module'], $class, 'getIdForTags', $this->URL);
// check if record exists
if (!$record) {
continue;
}
// add to excluded records
$this->exclude[] = array('module' => $block['module'], 'other_id' => $record['id']);
// get record's tags
$tags = (array) FrontendTagsModel::getForItem($block['module'], $record['id']);
foreach ($tags as $tag) {
$this->tags = array_merge((array) $this->tags, (array) $tag['name']);
}
}
}
/**
* This function attempts to resolve the given page in to it's Symphony page. If no
* page is given, it is assumed the 'index' is being requested. Before a page row is
* returned, it is checked to see that if it has the 'admin' type, that the requesting
* user is authenticated as a Symphony author. If they are not, the Symphony 403
* page is returned (whether that be set as a user defined page using the page type
* of 403, or just returning the Default Symphony 403 error page). Any URL parameters
* set on the page are added to the `$env` variable before the function returns an
* associative array of page details such as Title, Content Type etc.
*
* @uses FrontendPrePageResolve
* @see __isSchemaValid()
* @param string $page
* The URL of the current page that is being Rendered as returned by `getCurrentPage()`.
* If no URL is provided, Symphony assumes the Page with the type 'index' is being
* requested.
* @return array
* An associative array of page details
*/
public function resolvePage($page = null)
{
if ($page) {
$this->_page = $page;
}
$row = null;
/**
* Before page resolve. Allows manipulation of page without redirection
* @delegate FrontendPrePageResolve
* @param string $context
* '/frontend/'
* @param mixed $row
* @param FrontendPage $page
* An instance of this FrontendPage
*/
$this->ExtensionManager->notifyMembers('FrontendPrePageResolve', '/frontend/', array('row' => &$row, 'page' => &$this->_page));
## Default to the index page if no page has been specified
if ((!$this->_page || $this->_page == '//') && is_null($row)) {
$row = Symphony::Database()->fetchRow(0, "\n\t\t\t\t\tSELECT `tbl_pages`.* FROM `tbl_pages`, `tbl_pages_types`\n\t\t\t\t\tWHERE `tbl_pages_types`.page_id = `tbl_pages`.id\n\t\t\t\t\tAND tbl_pages_types.`type` = 'index'\n\t\t\t\t\t LIMIT 1\n\t\t\t\t");
} elseif (is_null($row)) {
$pathArr = preg_split('/\\//', trim($this->_page, '/'), -1, PREG_SPLIT_NO_EMPTY);
$prevPage = NULL;
$valid_page_path = array();
$page_extra_bits = array();
$handle = array_pop($pathArr);
do {
$path = implode('/', $pathArr);
$sql = sprintf("SELECT * FROM `tbl_pages` WHERE `path` %s AND `handle` = '%s' LIMIT 1", $path ? " = '" . Symphony::Database()->cleanValue($path) . "'" : 'IS NULL', Symphony::Database()->cleanValue($handle));
if ($row = Symphony::Database()->fetchRow(0, $sql)) {
array_push($pathArr, $handle);
$valid_page_path = $pathArr;
break 1;
} else {
$page_extra_bits[] = $handle;
}
} while ($handle = array_pop($pathArr));
if (empty($valid_page_path)) {
return false;
}
if (!$this->__isSchemaValid($row['params'], $page_extra_bits)) {
return false;
}
}
##Process the extra URL params
$url_params = preg_split('/\\//', $row['params'], -1, PREG_SPLIT_NO_EMPTY);
foreach ($url_params as $var) {
$this->_env['url'][$var] = NULL;
}
if (isset($page_extra_bits)) {
if (is_array($page_extra_bits) && !empty($page_extra_bits)) {
$page_extra_bits = array_reverse($page_extra_bits);
}
for ($ii = 0; $ii < count($page_extra_bits); $ii++) {
$this->_env['url'][$url_params[$ii]] = str_replace(' ', '+', $page_extra_bits[$ii]);
}
}
if (!is_array($row) || empty($row)) {
return false;
}
$row['type'] = FrontendPage::fetchPageTypes($row['id']);
## Make sure the user has permission to access this page
if (!$this->is_logged_in && in_array('admin', $row['type'])) {
$row = Symphony::Database()->fetchRow(0, "\n\t\t\t\t\tSELECT `tbl_pages`.*\n\t\t\t\t\tFROM `tbl_pages`, `tbl_pages_types`\n\t\t\t\t\tWHERE `tbl_pages_types`.page_id = `tbl_pages`.id\n\t\t\t\t\tAND tbl_pages_types.`type` = '403'\n\t\t\t\t\tLIMIT 1\n\t\t\t\t");
if (empty($row)) {
GenericExceptionHandler::$enabled = true;
throw new SymphonyErrorPage(__('Please <a href="%s">login</a> to view this page.', array(SYMPHONY_URL . '/login/')), __('Forbidden'), 'error', array('header' => 'HTTP/1.0 403 Forbidden'));
}
$row['type'] = FrontendPage::fetchPageTypes($row['id']);
}
$row['filelocation'] = FrontendPage::resolvePageFileLocation($row['path'], $row['handle']);
return $row;
}
public function frontendPageResolved($context)
{
if (!(int) ($page_id = $context['page_data']['id'])) {
return;
}
// Don't show prototype pages to normal visitors
if (!Frontend::instance()->isLoggedIn() && PagePrototypes::isPagePrototype($page_id)) {
$forbidden = PageManager::fetchPageByType('403');
// User has no access to this page, so look for a custom 403 page
if (!empty($forbidden)) {
$forbidden['type'] = FrontendPage::fetchPageTypes($forbidden['id']);
$forbidden['filelocation'] = FrontendPage::resolvePageFileLocation($forbidden['path'], $forbidden['handle']);
$context['page_data'] = $forbidden;
return;
} else {
GenericExceptionHandler::$enabled = true;
throw new SymphonyErrorPage(__('The page you have requested has restricted access permissions.'), __('Forbidden'), 'generic', array('header' => 'HTTP/1.0 403 Forbidden'));
}
}
// Override context if the page is connected to a prototype.
// This is not really necesary because when a prototype gets changed in the backend, the referenced pages get changed as well.
$prototype = PagePrototypes::fetchPrototypeOfPage($page_id);
if (!empty($prototype)) {
$context['page_data']['params'] = $prototype['params'];
$context['page_data']['data_sources'] = $prototype['data_sources'];
$context['page_data']['events'] = $prototype['events'];
$context['page_data']['type'] = $prototype['type'];
$context['page_data']['filelocation'] = PageManager::resolvePageFileLocation($prototype['path'], $prototype['handle']);
}
}
public function checkFrontendPagePermissions($context)
{
$isLoggedIn = false;
$errors = array();
// Checks $_REQUEST to see if a Member Action has been requested,
// member-action['login'] and member-action['logout']/?member-action=logout
// are the only two supported at this stage.
if (is_array($_REQUEST['member-action'])) {
list($action) = array_keys($_REQUEST['member-action']);
} else {
$action = $_REQUEST['member-action'];
}
// Check to see a Member is already logged in.
$isLoggedIn = $this->getMemberDriver()->isLoggedIn($errors);
// Logout
if (trim($action) == 'logout') {
/**
* Fired just before a member is logged out (and page redirection),
* this delegate provides the current Member ID
*
* @delegate MembersPreLogout
* @param string $context
* '/frontend/'
* @param integer $member_id
* The Member ID of the member who is about to logged out
*/
Symphony::ExtensionManager()->notifyMembers('MembersPreLogout', '/frontend/', array('member_id' => $this->getMemberDriver()->getMemberID()));
$this->getMemberDriver()->logout();
// If a redirect is provided, redirect to that, otherwise return the user
// to the index of the site. Issue #51 & #121
if (isset($_REQUEST['redirect'])) {
redirect($_REQUEST['redirect']);
}
redirect(URL);
} else {
if (trim($action) == 'login' && !is_null($_POST['fields'])) {
// If a Member is already logged in and another Login attempt is requested
// log the Member out first before trying to login with new details.
if ($isLoggedIn) {
$this->getMemberDriver()->logout();
}
if ($this->getMemberDriver()->login($_POST['fields'])) {
/**
* Fired just after a Member has successfully logged in, this delegate
* provides the current Member ID. This delegate is fired just before
* the page redirection (if it is provided)
*
* @delegate MembersPostLogin
* @param string $context
* '/frontend/'
* @param integer $member_id
* The Member ID of the member who just logged in.
* @param Entry $member
* The Entry object of the logged in Member.
*/
Symphony::ExtensionManager()->notifyMembers('MembersPostLogin', '/frontend/', array('member_id' => $this->getMemberDriver()->getMemberID(), 'member' => $this->getMemberDriver()->getMember()));
if (isset($_POST['redirect'])) {
redirect($_POST['redirect']);
}
} else {
self::$_failed_login_attempt = true;
}
}
}
$this->Member->initialiseMemberObject();
if ($isLoggedIn && $this->getMemberDriver()->getMember() instanceof Entry) {
$this->updateSystemTimezoneOffset($this->getMemberDriver()->getMemberID());
if (!is_null(extension_Members::getFieldHandle('role'))) {
$role_data = $this->getMemberDriver()->getMember()->getData(extension_Members::getField('role')->get('id'));
}
}
// If there is no role field, or a Developer is logged in, return, as Developers
// should be able to access every page.
if (is_null(extension_Members::getFieldHandle('role')) || Frontend::instance()->Author instanceof Author && Frontend::instance()->Author->isDeveloper()) {
return;
}
$role_id = $isLoggedIn ? $role_data['role_id'] : Role::PUBLIC_ROLE;
$role = RoleManager::fetch($role_id);
if ($role instanceof Role && !$role->canAccessPage((int) $context['page_data']['id'])) {
// User has no access to this page, so look for a custom 403 page
if ($row = Symphony::Database()->fetchRow(0, "\n\t\t\t\t\tSELECT `p`.*\n\t\t\t\t\tFROM `tbl_pages` as `p`\n\t\t\t\t\tLEFT JOIN `tbl_pages_types` AS `pt` ON(`p`.id = `pt`.page_id)\n\t\t\t\t\tWHERE `pt`.type = '403'\n\t\t\t\t")) {
$row['type'] = FrontendPage::fetchPageTypes($row['id']);
$row['filelocation'] = FrontendPage::resolvePageFileLocation($row['path'], $row['handle']);
$context['page_data'] = $row;
return;
} else {
// No custom 403, just throw default 403
GenericExceptionHandler::$enabled = true;
throw new SymphonyErrorPage(__('The page you have requested has restricted access permissions.'), __('Forbidden'), 'error', array('header' => 'HTTP/1.0 403 Forbidden'));
}
}
}
