/** * Given the request, returns what user is performing the request by * looking at the auth_token * * @param Request $r * @throws InvalidDatabaseOperationException * @throws UnauthorizedException */ protected static function authenticateRequest(Request $r) { $session = SessionController::apiCurrentSession($r); if (!$session['valid'] || $session['user'] == null) { throw new UnauthorizedException(); } $r['current_user'] = $session['user']; $r['current_user_id'] = $session['user']->user_id; }
<?php require_once '../server/bootstrap.php'; UITools::redirectToLoginIfNotLoggedIn(); UITools::setProfile($smarty); $ses = SessionController::apiCurrentSession(); if (isset($ses['needs_basic_info']) && $ses['needs_basic_info']) { $smarty->display('../templates/user.basicedit.tpl'); } else { $smarty->display('../templates/user.edit.tpl'); }
/** * Parses the URI from $_SERVER and determines which controller and * function to call. * * @return Request * @throws NotFoundException */ private static function parseUrl() { $apiAsUrl = $_SERVER['REQUEST_URI']; // Spliting only by '/' results in URIs with parameters like this: // /api/problem/list/?page=1 // ^^ // Adding '?' as a separator results in URIs like this: // /api/problem/list?page=1 // ^ $args = preg_split('/[\\/?]/', $apiAsUrl); if ($args === false || count($args) < 2) { self::$log->error('Api called with URI with less args than expected: ' . count($args)); throw new NotFoundException('apiNotFound'); } $controllerName = ucfirst($args[2]); // Removing NULL bytes $controllerName = str_replace(chr(0), '', $controllerName); $methodName = str_replace(chr(0), '', $args[3]); $controllerName = $controllerName . 'Controller'; if (!class_exists($controllerName)) { self::$log->error('Controller name was not found: ' . $controllerName); throw new NotFoundException('apiNotFound'); } // Create request $request = new Request($_REQUEST); // Prepend api $methodName = 'api' . $methodName; // Check the method if (!method_exists($controllerName, $methodName)) { self::$log->error('Method name was not found: ' . $controllerName . '::' . $methodName); throw new NotFoundException('apiNotFound'); } // Get the auth_token and user data from cookies $cs = SessionController::apiCurrentSession(); // If we got an auth_token from cookies, replace it if (!is_null($cs['auth_token'])) { $request['auth_token'] = $cs['auth_token']; } for ($i = 4; $i + 1 < sizeof($args); $i += 2) { $request[$args[$i]] = urldecode($args[$i + 1]); } $request->method = $controllerName . '::' . $methodName; return $request; }
<?php require_once '../../server/bootstrap.php'; $r = new Request($_REQUEST); $session = SessionController::apiCurrentSession($r); $r['statement_type'] = 'html'; $r['show_solvers'] = true; try { $result = ProblemController::apiDetails($r); $problem = ProblemsDAO::GetByAlias($result['alias']); } catch (ApiException $e) { header('HTTP/1.1 404 Not Found'); die(file_get_contents('../404.html')); } $smarty->assign('problem_statement', $result['problem_statement']); $smarty->assign('problem_statement_language', $result['problem_statement_language']); $smarty->assign('problem_alias', $result['alias']); $smarty->assign('public', $result['public']); $smarty->assign('source', $result['source']); $smarty->assign('title', $result['title']); $smarty->assign('points', $result['points']); $smarty->assign('validator', $result['validator']); $smarty->assign('time_limit', $result['time_limit'] / 1000 . 's'); $smarty->assign('validator_time_limit', $result['validator_time_limit'] / 1000 . 's'); $smarty->assign('overall_wall_time_limit', $result['overall_wall_time_limit'] / 1000 . 's'); $smarty->assign('memory_limit', $result['memory_limit'] / 1024 . 'MB'); $smarty->assign('solvers', $result['solvers']); $smarty->assign('karel_problem', count(array_intersect(explode(',', $result['languages']), array('kp', 'kj'))) == 2); if (isset($result['sample_input'])) { $smarty->assign('sample_input', $result['sample_input']); }
$smarty->assign("CURRENT_USER_IS_ADMIN", 0); if (defined("SMARTY_CACHE_DIR")) { $smarty->setCacheDir(SMARTY_CACHE_DIR)->setCompileDir(SMARTY_CACHE_DIR); } $smarty->assign("GOOGLECLIENTID", OMEGAUP_GOOGLE_CLIENTID); $smarty->assign("LOGGED_IN", "0"); UITools::$IsLoggedIn = false; $smarty->assign("FB_URL", SessionController::getFacebookLoginUrl()); if (defined("OMEGAUP_GA_TRACK") && OMEGAUP_GA_TRACK) { $smarty->assign("OMEGAUP_GA_TRACK", 1); $smarty->assign("OMEGAUP_GA_ID", OMEGAUP_GA_ID); } else { $smarty->assign("OMEGAUP_GA_TRACK", 0); } $userRequest = new Request($_REQUEST); $session = SessionController::apiCurrentSession($userRequest); if ($session['valid']) { $smarty->assign("LOGGED_IN", "1"); UITools::$IsLoggedIn = true; $smarty->assign("CURRENT_USER_USERNAME", $session["username"]); $smarty->assign("CURRENT_USER_EMAIL", $session["email"]); $smarty->assign("CURRENT_USER_IS_EMAIL_VERIFIED", $session["is_email_verified"]); $smarty->assign("CURRENT_USER_IS_ADMIN", $session["is_admin"]); $smarty->assign("CURRENT_USER_PRIVATE_CONTESTS_COUNT", $session["private_contests_count"]); $smarty->assign("CURRENT_USER_PRIVATE_PROBLEMS_COUNT", $session["private_problems_count"]); $smarty->assign("CURRENT_USER_AUTH_TOKEN", $session["auth_token"]); $smarty->assign("CURRENT_USER_GRAVATAR_URL_128", '<img src="https://secure.gravatar.com/avatar/' . md5($session["email"]) . '?s=92">'); $smarty->assign("CURRENT_USER_GRAVATAR_URL_16", '<img src="https://secure.gravatar.com/avatar/' . md5($session["email"]) . '?s=16">'); $smarty->assign("CURRENT_USER_GRAVATAR_URL_32", '<img src="https://secure.gravatar.com/avatar/' . md5($session["email"]) . '?s=32">'); UITools::$isAdmin = $session["is_admin"]; $userRequest["username"] = $session["username"];
/** * Show the contest intro unless you are admin, or you * already started this contest. */ public static function showContestIntro(Request $r) { try { $r["contest"] = ContestsDAO::getByAlias($r["contest_alias"]); } catch (Exception $e) { throw new NotFoundException("contestNotFound"); } if (is_null($r['contest'])) { throw new NotFoundException("contestNotFound"); } try { // Half-authenticate, in case there is no session in place. $session = SessionController::apiCurrentSession($r); if ($session['valid'] && !is_null($session['user'])) { $r["current_user"] = $session['user']; $r["current_user_id"] = $session['user']->user_id; } self::canAccessContest($r); } catch (Exception $e) { // Could not access contest. Private contests must not be leaked, so // unless they were manually added beforehand, show them a 404 error. if (!ContestController::isInvitedToContest($r)) { throw $e; } self::$log->error("Exception while trying to verify access: " . $e); return ContestController::SHOW_INTRO; } $cs = SessionController::apiCurrentSession(); // You already started the contest. $contestOpened = ContestsUsersDAO::getByPK($r['current_user_id'], $r["contest"]->getContestId()); if (!is_null($contestOpened) && $contestOpened->access_time != "0000-00-00 00:00:00") { self::$log->debug("Not intro because you already started the contest"); return !ContestController::SHOW_INTRO; } return ContestController::SHOW_INTRO; }
/** * Test SessionController::apiCurrentSession private_problems_count * when there's 0 problems */ public function testSessionControlerPrivateProblemsCountWithNoProblems() { $user = UserFactory::createUser(); $this->mockSessionManager(); // Login $auth_token = $this->login($user); // Prepare COOKIE as SessionMannager->getCookie expects $_COOKIE[OMEGAUP_AUTH_TOKEN_COOKIE_NAME] = $auth_token; // Call CurrentSession api $response = SessionController::apiCurrentSession(); $this->assertEquals(0, $response['private_problems_count']); }
/** * Show the contest intro unless you are admin, or you * already started this contest. */ public static function showContestIntro(Request $r) { try { $r["contest"] = ContestsDAO::getByAlias($r["contest_alias"]); } catch (Exception $e) { throw new NotFoundException("contestNotFound"); } try { // Half-authenticate, in case there is no session in place. $session = SessionController::apiCurrentSession($r); if ($session['valid'] && $session['user'] != null) { $r["current_user"] = $session['user']; $r["current_user_id"] = $session['user']->user_id; } self::canAccessContest($r); } catch (Exception $e) { self::$log->error("Exception while trying to verify access: " . $e); return ContestController::SHOW_INTRO; } // You are admin if (!is_null($r['current_user_id']) && Authorization::IsContestAdmin($r["current_user_id"], $r["contest"])) { self::$log->debug("Not intro because you are admin"); return !ContestController::SHOW_INTRO; } $cs = SessionController::apiCurrentSession(); // You already started the contest. $contestOpened = null; if (!is_null($clarificationEmailBody = ContestsUsersDAO::getByPK($cs["id"], $r["contest"]->getContestId())) && $contestOpened->access_time != "0000-00-00 00:00:00") { self::$log->debug("Not intro because you already started the contest"); return !ContestController::SHOW_INTRO; } return ContestController::SHOW_INTRO; }