/** * Pipes a PDF to the end user, with some agent-specific injected content. */ public function agentFormAction() { $this->_helper->layout->disableLayout(); $this->_helper->viewRenderer->setNoRender(true); $request = $this->getRequest(); if ($request->isGet() && !is_null($request->getParam('form'))) { $formName = $request->getParam('form'); /* // This is the correct code, but over HTTPS IE doesn't like it. $this->getResponse() ->setHeader('Pragma', 'public') // required ->setHeader('Expires', '0') ->setHeader('Cache-Control', 'must-revalidate, post-check=0, pre-check=0') ->setHeader('Cache-Control', 'private', false) // required for certain browsers ->setHeader('Content-Disposition', 'inline; filename=' . $formName . '.pdf') ->setHeader('Content-type', 'application/pdf'); */ // This is the dirty way of doing it, but it works in IE. IE sucks. header('Pragma: public'); // required header('Expires: 0'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Cache-Control: private', false); // required for certain browsers header('Content-Disposition: inline; filename=' . $formName . '.pdf'); header('Content-type: application/pdf'); // Check if there's a refno, used only to populate the guarantor // form from the referencing summary page with tenant and property // to let info. Sanity check that refno is valid and belongs to // ASN happens in manager $refno = !is_null($request->getParam('refno')) ? $request->getParam('refno') : null; $agentFormManager = new Manager_Connect_AgentForm(); $agentFormManager->populateAndOuput($formName, $this->_agentSchemeNumber, $this->_agentId, 'browser', $refno); } }
public function sendPdfAction() { // Check user is logged in to get ASN from $auth = Zend_Auth::getInstance(); $auth->setStorage(new Zend_Auth_Storage_Session('hl_connect')); if ($auth->hasIdentity()) { // Fetch ASN and agent user ID $asn = $auth->getStorage()->read()->agentschemeno; $userId = $auth->getStorage()->read()->agentid; $request = $this->getRequest(); if (!is_null($request->getParam('filename'))) { $filename = $request->getParam('filename'); // Is this a special agent application form that requires content injection and is sent to a specific agent user? if (preg_match('/agent-form\\?form=([\\w\\-]+)$/i', $filename, $matches) > 0) { // Yes, requires agent content injection and sending $formName = $matches[1]; $agentFormManager = new Manager_Connect_AgentForm(); $agentFormManager->populateAndOuput($formName, $asn, $userId, 'email'); echo "{\"successMessage\":\"Email sent\"}\n"; exit; } else { // Standard PDF, load and send as-is $filters = array('*' => array('StringTrim', 'HtmlEntities', 'StripTags')); // Check e-mail present and valid $formInput['to'] = htmlentities($request->getParam('to')); $formInput['message'] = htmlentities($request->getParam('message')); $formInput['filename'] = htmlentities($request->getParam('filename')); $emailValidator = new Zend_Validate_EmailAddress(); $emailValidator->setMessages(array(Zend_Validate_EmailAddress::INVALID_HOSTNAME => 'Domain name invalid in email address', Zend_Validate_EmailAddress::INVALID_FORMAT => 'Invalid email address')); $validators = array('*' => array('allowEmpty' => true), 'email' => $emailValidator); $validate = new Zend_Filter_Input($filters, $validators, $formInput); if ($validate->isValid()) { // Security - ensure PDF can only be requested from public webspace $params = Zend_Registry::get('params'); $realpath = realpath($params->connect->basePublicPath . $validate->filename); if (strpos($realpath, $params->connect->safePublicRealPathContains) !== false && strtolower(substr($realpath, -4, 4)) == '.pdf') { // Generate e-mail $mailer = new Application_Core_Mail(); $mailer->setTo($validate->to, $validate->to); // TODO: Parameterise: $mailer->setFrom('*****@*****.**', 'HomeLet'); $mailer->setSubject("{$validate->filename} sent by HomeLet"); $mailer->setBodyText($validate->message); $mailer->addAttachment($realpath, $validate->filename); $mailer->send(); echo "{\"successMessage\":\"Email sent\"}\n"; exit; } } else { echo "{\"errorMessage\":\"Invalid e-mail address\"}\n"; exit; } } } else { echo "{\"errorMessage\":\"No PDF specified\"}\n"; exit; } } echo "{\"errorMessage\":\"There was an error, please try again later\"}\n"; }