public function execute($filterChain)
{
// execute this filter only once
if ($this->isFirstCall()) {
$user = sfContext::getInstance()->getUser();
if (!$user->isAuthenticated()) {
$cookie = $this->getContext()->getRequest()->getCookie('rayku');
if ($cookie) {
$value = unserialize(base64_decode($cookie));
$c = new Criteria();
$c->add(UserPeer::COOKIE_KEY, $value[0]);
$c->add(UserPeer::USERNAME, $value[1]);
$raykuUser = UserPeer::doSelectOne($c);
if ($raykuUser instanceof User) {
// sign in
StatsD::increment("login.remember_me_success");
$user->signIn($raykuUser);
} else {
StatsD::increment("login.remember_me_failure");
}
}
}
}
// Execute next filter
$filterChain->execute();
}
/**
* @param string $query
* @param array $parameters
* @param int $duration
*/
public function logQuery($query, $parameters = array(), $duration = 0)
{
$this->statsd->increment('website_queryCount');
// Don't log queries taking less than 10 seconds.
if ($duration < 10000) {
return;
}
$baseAddr = '';
foreach ($parameters as $k => $v) {
$query = str_replace($k, "'" . $v . "'", $query);
}
$uri = isset($_SERVER['REQUEST_URI']) ? "Query page: https://{$baseAddr}" . $_SERVER['REQUEST_URI'] . "\n" : '';
$this->app->Logging->log('INFO', ($duration != 0 ? number_format($duration / 1000, 3) . 's ' : '') . " Query: \n{$query};\n{$uri}");
}
public function login()
{
$this->assign('columns', Table::factory('Users')->getColumns());
if ($this->request->isPost()) {
$user = Table::factory('Users')->login($this->request->getVar('email'), $this->request->getVar('password'));
if ($user) {
$user->addToSession();
StatsD::increment("login.success");
return $this->redirectAction("index");
}
// tut tut
StatsD::increment("login.failure");
Log::warn("Invalid admin login attempt from IP [" . $this->request->getIp() . "] for email [" . $this->request->getVar('email') . "]");
$this->addError('Invalid login details');
}
}
/**
* Converts a Zotero_Item object to a SimpleXMLElement Atom object
*
* Note: Increment Z_CONFIG::$CACHE_VERSION_ATOM_ENTRY when changing
* the response.
*
* @param object $item Zotero_Item object
* @param string $content
* @return SimpleXMLElement Item data as SimpleXML element
*/
public static function convertItemToAtom(Zotero_Item $item, $queryParams, $permissions, $sharedData = null)
{
$t = microtime(true);
// Uncached stuff or parts of the cache key
$version = $item->version;
$parent = $item->getSource();
$isRegularItem = !$parent && $item->isRegularItem();
$downloadDetails = $permissions->canAccess($item->libraryID, 'files') ? Zotero_Storage::getDownloadDetails($item) : false;
if ($isRegularItem) {
$numChildren = $permissions->canAccess($item->libraryID, 'notes') ? $item->numChildren() : $item->numAttachments();
}
// <id> changes based on group visibility in v1
if ($queryParams['v'] < 2) {
$id = Zotero_URI::getItemURI($item, false, true);
} else {
$id = Zotero_URI::getItemURI($item);
}
$libraryType = Zotero_Libraries::getType($item->libraryID);
// Any query parameters that have an effect on the output
// need to be added here
$allowedParams = array('content', 'style', 'css', 'linkwrap');
$cachedParams = Z_Array::filterKeys($queryParams, $allowedParams);
$cacheVersion = 2;
$cacheKey = "atomEntry_" . $item->libraryID . "/" . $item->id . "_" . md5($version . json_encode($cachedParams) . ($downloadDetails ? 'hasFile' : '') . ($libraryType == 'group' ? 'id' . $id : '')) . "_" . $queryParams['v'] . "_" . $cacheVersion . (isset(Z_CONFIG::$CACHE_VERSION_ATOM_ENTRY) ? "_" . Z_CONFIG::$CACHE_VERSION_ATOM_ENTRY : "") . (in_array('bib', $queryParams['content']) && isset(Z_CONFIG::$CACHE_VERSION_BIB) ? "_" . Z_CONFIG::$CACHE_VERSION_BIB : "");
$xmlstr = Z_Core::$MC->get($cacheKey);
if ($xmlstr) {
try {
// TEMP: Strip control characters
$xmlstr = Zotero_Utilities::cleanString($xmlstr, true);
$doc = new DOMDocument();
$doc->loadXML($xmlstr);
$xpath = new DOMXpath($doc);
$xpath->registerNamespace('atom', Zotero_Atom::$nsAtom);
$xpath->registerNamespace('zapi', Zotero_Atom::$nsZoteroAPI);
$xpath->registerNamespace('xhtml', Zotero_Atom::$nsXHTML);
// Make sure numChildren reflects the current permissions
if ($isRegularItem) {
$xpath->query('/atom:entry/zapi:numChildren')->item(0)->nodeValue = $numChildren;
}
// To prevent PHP from messing with namespace declarations,
// we have to extract, remove, and then add back <content>
// subelements. Otherwise the subelements become, say,
// <default:span xmlns="http://www.w3.org/1999/xhtml"> instead
// of just <span xmlns="http://www.w3.org/1999/xhtml">, and
// xmlns:default="http://www.w3.org/1999/xhtml" gets added to
// the parent <entry>. While you might reasonably think that
//
// echo $xml->saveXML();
//
// and
//
// $xml = new SimpleXMLElement($xml->saveXML());
// echo $xml->saveXML();
//
// would be identical, you would be wrong.
$multiFormat = !!$xpath->query('/atom:entry/atom:content/zapi:subcontent')->length;
$contentNodes = array();
if ($multiFormat) {
$contentNodes = $xpath->query('/atom:entry/atom:content/zapi:subcontent');
} else {
$contentNodes = $xpath->query('/atom:entry/atom:content');
}
foreach ($contentNodes as $contentNode) {
$contentParts = array();
while ($contentNode->hasChildNodes()) {
$contentParts[] = $doc->saveXML($contentNode->firstChild);
$contentNode->removeChild($contentNode->firstChild);
}
foreach ($contentParts as $part) {
if (!trim($part)) {
continue;
}
// Strip the namespace and add it back via SimpleXMLElement,
// which keeps it from being changed later
if (preg_match('%^<[^>]+xmlns="http://www.w3.org/1999/xhtml"%', $part)) {
$part = preg_replace('%^(<[^>]+)xmlns="http://www.w3.org/1999/xhtml"%', '$1', $part);
$html = new SimpleXMLElement($part);
$html['xmlns'] = "http://www.w3.org/1999/xhtml";
$subNode = dom_import_simplexml($html);
$importedNode = $doc->importNode($subNode, true);
$contentNode->appendChild($importedNode);
} else {
if (preg_match('%^<[^>]+xmlns="http://zotero.org/ns/transfer"%', $part)) {
$part = preg_replace('%^(<[^>]+)xmlns="http://zotero.org/ns/transfer"%', '$1', $part);
$html = new SimpleXMLElement($part);
$html['xmlns'] = "http://zotero.org/ns/transfer";
$subNode = dom_import_simplexml($html);
$importedNode = $doc->importNode($subNode, true);
$contentNode->appendChild($importedNode);
} else {
$docFrag = $doc->createDocumentFragment();
$docFrag->appendXML($part);
$contentNode->appendChild($docFrag);
}
}
}
}
$xml = simplexml_import_dom($doc);
StatsD::timing("api.items.itemToAtom.cached", (microtime(true) - $t) * 1000);
StatsD::increment("memcached.items.itemToAtom.hit");
// Skip the cache every 10 times for now, to ensure cache sanity
if (Z_Core::probability(10)) {
$xmlstr = $xml->saveXML();
} else {
return $xml;
}
} catch (Exception $e) {
error_log($xmlstr);
error_log("WARNING: " . $e);
}
}
$content = $queryParams['content'];
$contentIsHTML = sizeOf($content) == 1 && $content[0] == 'html';
$contentParamString = urlencode(implode(',', $content));
$style = $queryParams['style'];
$entry = '<?xml version="1.0" encoding="UTF-8"?>' . '<entry xmlns="' . Zotero_Atom::$nsAtom . '" xmlns:zapi="' . Zotero_Atom::$nsZoteroAPI . '"/>';
$xml = new SimpleXMLElement($entry);
$title = $item->getDisplayTitle(true);
$title = $title ? $title : '[Untitled]';
$xml->title = $title;
$author = $xml->addChild('author');
$createdByUserID = null;
$lastModifiedByUserID = null;
switch (Zotero_Libraries::getType($item->libraryID)) {
case 'group':
$createdByUserID = $item->createdByUserID;
// Used for zapi:lastModifiedByUser below
$lastModifiedByUserID = $item->lastModifiedByUserID;
break;
}
if ($createdByUserID) {
$author->name = Zotero_Users::getUsername($createdByUserID);
$author->uri = Zotero_URI::getUserURI($createdByUserID);
} else {
$author->name = Zotero_Libraries::getName($item->libraryID);
$author->uri = Zotero_URI::getLibraryURI($item->libraryID);
}
$xml->id = $id;
$xml->published = Zotero_Date::sqlToISO8601($item->dateAdded);
$xml->updated = Zotero_Date::sqlToISO8601($item->dateModified);
$link = $xml->addChild("link");
$link['rel'] = "self";
$link['type'] = "application/atom+xml";
$href = Zotero_API::getItemURI($item);
if (!$contentIsHTML) {
$href .= "?content={$contentParamString}";
}
$link['href'] = $href;
if ($parent) {
// TODO: handle group items?
$parentItem = Zotero_Items::get($item->libraryID, $parent);
$link = $xml->addChild("link");
$link['rel'] = "up";
$link['type'] = "application/atom+xml";
$href = Zotero_API::getItemURI($parentItem);
if (!$contentIsHTML) {
$href .= "?content={$contentParamString}";
}
$link['href'] = $href;
}
$link = $xml->addChild('link');
$link['rel'] = 'alternate';
$link['type'] = 'text/html';
$link['href'] = Zotero_URI::getItemURI($item, true);
// If appropriate permissions and the file is stored in ZFS, get file request link
if ($downloadDetails) {
$details = $downloadDetails;
$link = $xml->addChild('link');
$link['rel'] = 'enclosure';
$type = $item->attachmentMIMEType;
if ($type) {
$link['type'] = $type;
}
$link['href'] = $details['url'];
if (!empty($details['filename'])) {
$link['title'] = $details['filename'];
}
if (isset($details['size'])) {
$link['length'] = $details['size'];
}
}
$xml->addChild('zapi:key', $item->key, Zotero_Atom::$nsZoteroAPI);
$xml->addChild('zapi:version', $item->version, Zotero_Atom::$nsZoteroAPI);
if ($lastModifiedByUserID) {
$xml->addChild('zapi:lastModifiedByUser', Zotero_Users::getUsername($lastModifiedByUserID), Zotero_Atom::$nsZoteroAPI);
}
$xml->addChild('zapi:itemType', Zotero_ItemTypes::getName($item->itemTypeID), Zotero_Atom::$nsZoteroAPI);
if ($isRegularItem) {
$val = $item->creatorSummary;
if ($val !== '') {
$xml->addChild('zapi:creatorSummary', htmlspecialchars($val), Zotero_Atom::$nsZoteroAPI);
}
$val = $item->getField('date', true, true, true);
if ($val !== '') {
if ($queryParams['v'] < 3) {
$val = substr($val, 0, 4);
if ($val !== '0000') {
$xml->addChild('zapi:year', $val, Zotero_Atom::$nsZoteroAPI);
}
} else {
$sqlDate = Zotero_Date::multipartToSQL($val);
if (substr($sqlDate, 0, 4) !== '0000') {
$xml->addChild('zapi:parsedDate', Zotero_Date::sqlToISO8601($sqlDate), Zotero_Atom::$nsZoteroAPI);
}
}
}
$xml->addChild('zapi:numChildren', $numChildren, Zotero_Atom::$nsZoteroAPI);
}
if ($queryParams['v'] < 3) {
$xml->addChild('zapi:numTags', $item->numTags(), Zotero_Atom::$nsZoteroAPI);
}
$xml->content = '';
//
// DOM XML from here on out
//
$contentNode = dom_import_simplexml($xml->content);
$domDoc = $contentNode->ownerDocument;
$multiFormat = sizeOf($content) > 1;
// Create a root XML document for multi-format responses
if ($multiFormat) {
$contentNode->setAttribute('type', 'application/xml');
/*$multicontent = $domDoc->createElementNS(
Zotero_Atom::$nsZoteroAPI, 'multicontent'
);
$contentNode->appendChild($multicontent);*/
}
foreach ($content as $type) {
// Set the target to either the main <content>
// or a <multicontent> <content>
if (!$multiFormat) {
$target = $contentNode;
} else {
$target = $domDoc->createElementNS(Zotero_Atom::$nsZoteroAPI, 'subcontent');
$contentNode->appendChild($target);
}
$target->setAttributeNS(Zotero_Atom::$nsZoteroAPI, "zapi:type", $type);
if ($type == 'html') {
if (!$multiFormat) {
$target->setAttribute('type', 'xhtml');
}
$div = $domDoc->createElementNS(Zotero_Atom::$nsXHTML, 'div');
$target->appendChild($div);
$html = $item->toHTML(true);
$subNode = dom_import_simplexml($html);
$importedNode = $domDoc->importNode($subNode, true);
$div->appendChild($importedNode);
} else {
if ($type == 'citation') {
if (!$multiFormat) {
$target->setAttribute('type', 'xhtml');
}
if (isset($sharedData[$type][$item->libraryID . "/" . $item->key])) {
$html = $sharedData[$type][$item->libraryID . "/" . $item->key];
} else {
if ($sharedData !== null) {
//error_log("Citation not found in sharedData -- retrieving individually");
}
$html = Zotero_Cite::getCitationFromCiteServer($item, $queryParams);
}
$html = new SimpleXMLElement($html);
$html['xmlns'] = Zotero_Atom::$nsXHTML;
$subNode = dom_import_simplexml($html);
$importedNode = $domDoc->importNode($subNode, true);
$target->appendChild($importedNode);
} else {
if ($type == 'bib') {
if (!$multiFormat) {
$target->setAttribute('type', 'xhtml');
}
if (isset($sharedData[$type][$item->libraryID . "/" . $item->key])) {
$html = $sharedData[$type][$item->libraryID . "/" . $item->key];
} else {
if ($sharedData !== null) {
//error_log("Bibliography not found in sharedData -- retrieving individually");
}
$html = Zotero_Cite::getBibliographyFromCitationServer(array($item), $queryParams);
}
$html = new SimpleXMLElement($html);
$html['xmlns'] = Zotero_Atom::$nsXHTML;
$subNode = dom_import_simplexml($html);
$importedNode = $domDoc->importNode($subNode, true);
$target->appendChild($importedNode);
} else {
if ($type == 'json') {
if ($queryParams['v'] < 2) {
$target->setAttributeNS(Zotero_Atom::$nsZoteroAPI, "zapi:etag", $item->etag);
}
$textNode = $domDoc->createTextNode($item->toJSON(false, $queryParams, true));
$target->appendChild($textNode);
} else {
if ($type == 'csljson') {
$arr = $item->toCSLItem();
$json = Zotero_Utilities::formatJSON($arr);
$textNode = $domDoc->createTextNode($json);
$target->appendChild($textNode);
} else {
if (in_array($type, Zotero_Translate::$exportFormats)) {
$export = Zotero_Translate::doExport(array($item), $type);
$target->setAttribute('type', $export['mimeType']);
// Insert XML into document
if (preg_match('/\\+xml$/', $export['mimeType'])) {
// Strip prolog
$body = preg_replace('/^<\\?xml.+\\n/', "", $export['body']);
$subNode = $domDoc->createDocumentFragment();
$subNode->appendXML($body);
$target->appendChild($subNode);
} else {
$textNode = $domDoc->createTextNode($export['body']);
$target->appendChild($textNode);
}
}
}
}
}
}
}
}
// TEMP
if ($xmlstr) {
$uncached = $xml->saveXML();
if ($xmlstr != $uncached) {
$uncached = str_replace('<zapi:year></zapi:year>', '<zapi:year/>', $uncached);
$uncached = str_replace('<content zapi:type="none"></content>', '<content zapi:type="none"/>', $uncached);
$uncached = str_replace('<zapi:subcontent zapi:type="coins" type="text/html"></zapi:subcontent>', '<zapi:subcontent zapi:type="coins" type="text/html"/>', $uncached);
$uncached = str_replace('<title></title>', '<title/>', $uncached);
$uncached = str_replace('<note></note>', '<note/>', $uncached);
$uncached = str_replace('<path></path>', '<path/>', $uncached);
$uncached = str_replace('<td></td>', '<td/>', $uncached);
if ($xmlstr != $uncached) {
error_log("Cached Atom item entry does not match");
error_log(" Cached: " . $xmlstr);
error_log("Uncached: " . $uncached);
Z_Core::$MC->set($cacheKey, $uncached, 3600);
// 1 hour for now
}
}
} else {
$xmlstr = $xml->saveXML();
Z_Core::$MC->set($cacheKey, $xmlstr, 3600);
// 1 hour for now
StatsD::timing("api.items.itemToAtom.uncached", (microtime(true) - $t) * 1000);
StatsD::increment("memcached.items.itemToAtom.miss");
}
return $xml;
}
public function init($extra)
{
$this->startTime = microtime(true);
if (!Z_CONFIG::$API_ENABLED) {
$this->e503(Z_CONFIG::$MAINTENANCE_MESSAGE);
}
set_exception_handler(array($this, 'handleException'));
// TODO: Throw error on some notices but allow DB/Memcached/etc. failures?
//set_error_handler(array($this, 'handleError'), E_ALL | E_USER_ERROR | E_RECOVERABLE_ERROR);
set_error_handler(array($this, 'handleError'), E_USER_ERROR | E_RECOVERABLE_ERROR);
require_once '../model/Error.inc.php';
// On testing sites, include notifications in headers
if (Z_CONFIG::$TESTING_SITE) {
Zotero_NotifierObserver::addMessageReceiver(function ($topic, $msg) {
$header = "Zotero-Debug-Notifications";
if (!empty($this->headers[$header])) {
$notifications = json_decode(base64_decode($this->headers[$header]));
} else {
$notifications = [];
}
$notifications[] = $msg;
$this->headers[$header] = base64_encode(json_encode($notifications));
});
}
register_shutdown_function(array($this, 'checkDBTransactionState'));
register_shutdown_function(array($this, 'logTotalRequestTime'));
register_shutdown_function(array($this, 'checkForFatalError'));
register_shutdown_function(array($this, 'addHeaders'));
$this->method = $_SERVER['REQUEST_METHOD'];
if (!in_array($this->method, array('HEAD', 'OPTIONS', 'GET', 'PUT', 'POST', 'DELETE', 'PATCH'))) {
$this->e501();
}
StatsD::increment("api.request.method." . strtolower($this->method), 0.25);
// There doesn't seem to be a way for PHP to start processing the request
// before the entire body is sent, so an Expect: 100 Continue will,
// depending on the client, either fail or cause a delay while the client
// waits for the 100 response. To make this explicit, we return an error.
if (!empty($_SERVER['HTTP_EXPECT'])) {
header("HTTP/1.1 417 Expectation Failed");
die("Expect header is not supported");
}
// CORS
if (isset($_SERVER['HTTP_ORIGIN'])) {
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: HEAD, GET, POST, PUT, PATCH, DELETE");
header("Access-Control-Allow-Headers: Content-Type, If-Match, If-None-Match, If-Modified-Since-Version, If-Unmodified-Since-Version, Zotero-API-Version, Zotero-Write-Token");
header("Access-Control-Expose-Headers: Backoff, ETag, Last-Modified-Version, Link, Retry-After, Total-Results, Zotero-API-Version");
}
if ($this->method == 'OPTIONS') {
$this->end();
}
if (in_array($this->method, array('POST', 'PUT', 'PATCH'))) {
$this->ifUnmodifiedSince = isset($_SERVER['HTTP_IF_UNMODIFIED_SINCE']) ? strtotime($_SERVER['HTTP_IF_UNMODIFIED_SINCE']) : false;
$this->body = file_get_contents("php://input");
if ($this->body == "" && !in_array($this->action, array('clear', 'laststoragesync', 'removestoragefiles', 'itemContent'))) {
$this->e400("{$this->method} data not provided");
}
}
if ($this->profile) {
Zotero_DB::profileStart();
}
// If HTTP Basic Auth credentials provided, authenticate
if (isset($_SERVER['PHP_AUTH_USER'])) {
$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
if ($username == Z_CONFIG::$API_SUPER_USERNAME && $password == Z_CONFIG::$API_SUPER_PASSWORD) {
$this->userID = 0;
$this->permissions = new Zotero_Permissions();
$this->permissions->setSuper();
} else {
if (!empty($extra['allowHTTP']) || !empty($extra['auth'])) {
$userID = Zotero_Users::authenticate('password', array('username' => $username, 'password' => $password));
if (!$userID) {
$this->e401('Invalid login');
}
$this->httpAuth = true;
$this->userID = $userID;
$this->grantUserPermissions($userID);
}
}
}
if (!isset($this->userID)) {
$key = false;
// Allow Zotero-API-Key header
if (!empty($_SERVER['HTTP_ZOTERO_API_KEY'])) {
$key = $_SERVER['HTTP_ZOTERO_API_KEY'];
}
// Allow ?key=<apikey>
if (isset($_GET['key'])) {
if (!$key) {
$key = $_GET['key'];
} else {
if ($_GET['key'] !== $key) {
$this->e400("Zotero-API-Key header and 'key' parameter differ");
}
}
}
// If neither of the above passed, allow "Authorization: Bearer <apikey>"
//
// Apache/mod_php doesn't seem to make Authorization available for auth schemes
// other than Basic/Digest, so use an Apache-specific method to get the header
if (!$key && function_exists('apache_request_headers')) {
$headers = apache_request_headers();
if (isset($headers['Authorization'])) {
// Look for "Authorization: Bearer" from OAuth 2.0, and ignore everything else
if (preg_match('/^bearer/i', $headers['Authorization'], $matches)) {
if (preg_match('/^bearer +([a-z0-9]+)$/i', $headers['Authorization'], $matches)) {
$key = $matches[1];
} else {
$this->e400("Invalid Authorization header format");
}
}
}
}
if ($key) {
$keyObj = Zotero_Keys::authenticate($key);
if (!$keyObj) {
$this->e403('Invalid key');
}
$this->apiKey = $key;
$this->userID = $keyObj->userID;
$this->permissions = $keyObj->getPermissions();
// Check Zotero-Write-Token if it exists to make sure
// this isn't a duplicate request
if ($this->isWriteMethod()) {
if ($cacheKey = $this->getWriteTokenCacheKey()) {
if (Z_Core::$MC->get($cacheKey)) {
$this->e412("Write token already used");
}
}
}
} else {
if (!empty($_GET['session']) && ($this->userID = Zotero_Users::getUserIDFromSessionID($_GET['session']))) {
// Users who haven't synced may not exist in our DB
if (!Zotero_Users::exists($this->userID)) {
Zotero_Users::add($this->userID);
}
$this->grantUserPermissions($this->userID);
$this->cookieAuth = true;
} else {
if (!empty($_GET['auth']) || !empty($extra['auth'])) {
$this->e401();
}
// Explicit auth request or not a GET request
//
// /users/<id>/keys is an exception, since the key is embedded in the URL
if ($this->method != "GET" && $this->action != 'keys') {
$this->e403('An API key is required for write requests.');
}
// Anonymous request
$this->permissions = new Zotero_Permissions();
$this->permissions->setAnonymous();
}
}
}
$this->uri = Z_CONFIG::$API_BASE_URI . substr($_SERVER["REQUEST_URI"], 1);
// Get object user
if (isset($this->objectUserID)) {
if (!$this->objectUserID) {
$this->e400("Invalid user ID", Z_ERROR_INVALID_INPUT);
}
try {
$this->objectLibraryID = Zotero_Users::getLibraryIDFromUserID($this->objectUserID);
} catch (Exception $e) {
if ($e->getCode() == Z_ERROR_USER_NOT_FOUND) {
try {
Zotero_Users::addFromWWW($this->objectUserID);
} catch (Exception $e) {
if ($e->getCode() == Z_ERROR_USER_NOT_FOUND) {
$this->e404("User {$this->objectUserID} not found");
}
throw $e;
}
$this->objectLibraryID = Zotero_Users::getLibraryIDFromUserID($this->objectUserID);
} else {
throw $e;
}
}
// Make sure user isn't banned
if (!Zotero_Users::isValidUser($this->objectUserID)) {
$this->e404();
}
} else {
if (isset($this->objectGroupID)) {
if (!$this->objectGroupID) {
$this->e400("Invalid group ID", Z_ERROR_INVALID_INPUT);
}
// Make sure group exists
$group = Zotero_Groups::get($this->objectGroupID);
if (!$group) {
$this->e404();
}
// Don't show groups owned by banned users
if (!Zotero_Users::isValidUser($group->ownerUserID)) {
$this->e404();
}
$this->objectLibraryID = Zotero_Groups::getLibraryIDFromGroupID($this->objectGroupID);
}
}
$apiVersion = !empty($_SERVER['HTTP_ZOTERO_API_VERSION']) ? (int) $_SERVER['HTTP_ZOTERO_API_VERSION'] : false;
// Serve v1 to ZotPad 1.x, at Mikko's request
if (!$apiVersion && !empty($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'], 'ZotPad 1') === 0) {
$apiVersion = 1;
}
// For publications URLs (e.g., /users/:userID/publications/items), swap in
// objectLibraryID of user's publications library
if (!empty($extra['publications'])) {
// Query parameters not yet parsed, so check version parameter
if ($apiVersion && $apiVersion < 3 || !empty($_REQUEST['v']) && $_REQUEST['v'] < 3 || !empty($_REQUEST['version']) && $_REQUEST['version'] == 1) {
$this->e404();
}
$userLibraryID = $this->objectLibraryID;
$this->objectLibraryID = Zotero_Users::getLibraryIDFromUserID($this->objectUserID, 'publications');
// If one doesn't exist, for write requests create a library if the key
// has write permission to the user library. For read requests, just
// return a 404.
if (!$this->objectLibraryID) {
if ($this->isWriteMethod()) {
if (!$this->permissions->canAccess($userLibraryID) || !$this->permissions->canWrite($userLibraryID)) {
$this->e403();
}
$this->objectLibraryID = Zotero_Publications::add($this->objectUserID);
} else {
$this->objectLibraryID = 0;
}
}
}
// Return 409 if target library is locked
switch ($this->method) {
case 'POST':
case 'PUT':
case 'DELETE':
switch ($this->action) {
// Library lock doesn't matter for some admin requests
case 'keys':
case 'storageadmin':
break;
default:
if ($this->objectLibraryID && Zotero_Libraries::isLocked($this->objectLibraryID)) {
$this->e409("Target library is locked");
}
break;
}
}
$this->scopeObject = !empty($extra['scopeObject']) ? $extra['scopeObject'] : $this->scopeObject;
$this->subset = !empty($extra['subset']) ? $extra['subset'] : $this->subset;
$this->fileMode = !empty($extra['file']) ? !empty($_GET['info']) ? 'info' : 'download' : false;
$this->fileView = !empty($extra['view']);
$this->singleObject = $this->objectKey && !$this->subset;
$this->checkLibraryIfModifiedSinceVersion($this->action);
// If Accept header includes application/atom+xml, send Atom, as long as there's no 'format'
$atomAccepted = false;
if (!empty($_SERVER['HTTP_ACCEPT'])) {
$accept = preg_split('/\\s*,\\s*/', $_SERVER['HTTP_ACCEPT']);
$atomAccepted = in_array('application/atom+xml', $accept);
}
$this->queryParams = Zotero_API::parseQueryParams($_SERVER['QUERY_STRING'], $this->action, $this->singleObject, $apiVersion, $atomAccepted);
// Sorting by Item Type or Added By currently require writing to shard tables, so don't
// send those to the read replicas
if ($this->queryParams['sort'] == 'itemType' || $this->queryParams['sort'] == 'addedBy') {
Zotero_DB::readOnly(false);
}
$this->apiVersion = $version = $this->queryParams['v'];
header("Zotero-API-Version: " . $version);
StatsD::increment("api.request.version.v" . $version, 0.25);
}
public function toResponseJSON($requestParams = [], Zotero_Permissions $permissions, $sharedData = null)
{
$t = microtime(true);
if (!$this->loaded['primaryData']) {
$this->loadPrimaryData();
}
if (!$this->loaded['itemData']) {
$this->loadItemData();
}
// Uncached stuff or parts of the cache key
$version = $this->version;
$parent = $this->getSource();
$isRegularItem = !$parent && $this->isRegularItem();
$downloadDetails = $permissions->canAccess($this->libraryID, 'files') ? Zotero_Storage::getDownloadDetails($this) : false;
if ($isRegularItem) {
$numChildren = $permissions->canAccess($this->libraryID, 'notes') ? $this->numChildren() : $this->numAttachments();
}
$libraryType = Zotero_Libraries::getType($this->libraryID);
// Any query parameters that have an effect on the output
// need to be added here
$allowedParams = ['include', 'style', 'css', 'linkwrap'];
$cachedParams = Z_Array::filterKeys($requestParams, $allowedParams);
$cacheVersion = 1;
$cacheKey = "jsonEntry_" . $this->libraryID . "/" . $this->id . "_" . md5($version . json_encode($cachedParams) . ($downloadDetails ? 'hasFile' : '') . ($libraryType == 'group' ? Zotero_URI::getItemURI($this, true) : '')) . "_" . $requestParams['v'] . "_" . $cacheVersion . (isset(Z_CONFIG::$CACHE_VERSION_RESPONSE_JSON_ITEM) ? "_" . Z_CONFIG::$CACHE_VERSION_RESPONSE_JSON_ITEM : "") . (in_array('bib', $requestParams['include']) && isset(Z_CONFIG::$CACHE_VERSION_BIB) ? "_" . Z_CONFIG::$CACHE_VERSION_BIB : "");
$cached = Z_Core::$MC->get($cacheKey);
if (false && $cached) {
// Make sure numChildren reflects the current permissions
if ($isRegularItem) {
$cached['meta']->numChildren = $numChildren;
}
StatsD::timing("api.items.itemToResponseJSON.cached", (microtime(true) - $t) * 1000);
StatsD::increment("memcached.items.itemToResponseJSON.hit");
// Skip the cache every 10 times for now, to ensure cache sanity
if (!Z_Core::probability(10)) {
return $cached;
}
}
$json = ['key' => $this->key, 'version' => $version, 'library' => Zotero_Libraries::toJSON($this->libraryID)];
$json['links'] = ['self' => ['href' => Zotero_API::getItemURI($this), 'type' => 'application/json'], 'alternate' => ['href' => Zotero_URI::getItemURI($this, true), 'type' => 'text/html']];
if ($parent) {
$parentItem = Zotero_Items::get($this->libraryID, $parent);
$json['links']['up'] = ['href' => Zotero_API::getItemURI($parentItem), 'type' => 'application/json'];
}
// If appropriate permissions and the file is stored in ZFS, get file request link
if ($downloadDetails) {
$details = $downloadDetails;
$type = $this->attachmentMIMEType;
if ($type) {
$json['links']['enclosure'] = ['type' => $type];
}
$json['links']['enclosure']['href'] = $details['url'];
if (!empty($details['filename'])) {
$json['links']['enclosure']['title'] = $details['filename'];
}
if (isset($details['size'])) {
$json['links']['enclosure']['length'] = $details['size'];
}
}
// 'meta'
$json['meta'] = new stdClass();
if (Zotero_Libraries::getType($this->libraryID) == 'group') {
$createdByUserID = $this->createdByUserID;
$lastModifiedByUserID = $this->lastModifiedByUserID;
if ($createdByUserID) {
$json['meta']->createdByUser = Zotero_Users::toJSON($createdByUserID);
}
if ($lastModifiedByUserID && $lastModifiedByUserID != $createdByUserID) {
$json['meta']->lastModifiedByUser = Zotero_Users::toJSON($lastModifiedByUserID);
}
}
if ($isRegularItem) {
$val = $this->getCreatorSummary();
if ($val !== '') {
$json['meta']->creatorSummary = $val;
}
$val = $this->getField('date', true, true, true);
if ($val !== '') {
$sqlDate = Zotero_Date::multipartToSQL($val);
if (substr($sqlDate, 0, 4) !== '0000') {
$json['meta']->parsedDate = Zotero_Date::sqlToISO8601($sqlDate);
}
}
$json['meta']->numChildren = $numChildren;
}
// 'include'
$include = $requestParams['include'];
foreach ($include as $type) {
if ($type == 'html') {
$json[$type] = trim($this->toHTML());
} else {
if ($type == 'citation') {
if (isset($sharedData[$type][$this->libraryID . "/" . $this->key])) {
$html = $sharedData[$type][$this->libraryID . "/" . $this->key];
} else {
if ($sharedData !== null) {
//error_log("Citation not found in sharedData -- retrieving individually");
}
$html = Zotero_Cite::getCitationFromCiteServer($this, $requestParams);
}
$json[$type] = $html;
} else {
if ($type == 'bib') {
if (isset($sharedData[$type][$this->libraryID . "/" . $this->key])) {
$html = $sharedData[$type][$this->libraryID . "/" . $this->key];
} else {
if ($sharedData !== null) {
//error_log("Bibliography not found in sharedData -- retrieving individually");
}
$html = Zotero_Cite::getBibliographyFromCitationServer([$this], $requestParams);
// Strip prolog
$html = preg_replace('/^<\\?xml.+\\n/', "", $html);
$html = trim($html);
}
$json[$type] = $html;
} else {
if ($type == 'data') {
$json[$type] = $this->toJSON(true, $requestParams, true);
} else {
if ($type == 'csljson') {
$json[$type] = $this->toCSLItem();
} else {
if (in_array($type, Zotero_Translate::$exportFormats)) {
$export = Zotero_Translate::doExport([$this], $type);
$json[$type] = $export['body'];
unset($export);
}
}
}
}
}
}
}
// TEMP
if ($cached) {
$cachedStr = Zotero_Utilities::formatJSON($cached);
$uncachedStr = Zotero_Utilities::formatJSON($json);
if ($cachedStr != $uncachedStr) {
error_log("Cached JSON item entry does not match");
error_log(" Cached: " . $cachedStr);
error_log("Uncached: " . $uncachedStr);
//Z_Core::$MC->set($cacheKey, $uncached, 3600); // 1 hour for now
}
} else {
/*Z_Core::$MC->set($cacheKey, $json, 10);
StatsD::timing("api.items.itemToResponseJSON.uncached", (microtime(true) - $t) * 1000);
StatsD::increment("memcached.items.itemToResponseJSON.miss");*/
}
return $json;
}
private static function processDownloadInternal($userID, $lastsync, DOMDocument $doc, $syncDownloadQueueID = null, $syncDownloadProcessID = null, $params = [])
{
$apiVersion = (int) $doc->documentElement->getAttribute('version');
if ($lastsync == 1) {
StatsD::increment("sync.process.download.full");
}
// TEMP
$cacheKeyExtra = (!empty($params['ft']) ? json_encode($params['ft']) : "") . (!empty($params['ftkeys']) ? json_encode($params['ftkeys']) : "");
try {
$cached = Zotero_Sync::getCachedDownload($userID, $lastsync, $apiVersion, $cacheKeyExtra);
if ($cached) {
$doc->loadXML($cached);
StatsD::increment("sync.process.download.cache.hit");
return;
}
} catch (Exception $e) {
$msg = $e->getMessage();
if (strpos($msg, "Too many connections") !== false) {
$msg = "'Too many connections' from MySQL";
} else {
$msg = "'{$msg}'";
}
Z_Core::logError("Warning: {$msg} getting cached download");
StatsD::increment("sync.process.download.cache.error");
}
set_time_limit(1800);
$profile = false;
if ($profile) {
$shardID = Zotero_Shards::getByUserID($userID);
Zotero_DB::profileStart(0);
}
if ($syncDownloadQueueID) {
self::addDownloadProcess($syncDownloadQueueID, $syncDownloadProcessID);
}
$updatedNode = $doc->createElement('updated');
$doc->documentElement->appendChild($updatedNode);
$userLibraryID = Zotero_Users::getLibraryIDFromUserID($userID);
$updatedCreators = array();
try {
Zotero_DB::beginTransaction();
// Blocks until any upload processes are done
$updateTimes = Zotero_Libraries::getUserLibraryUpdateTimes($userID);
$timestamp = Zotero_DB::getTransactionTimestampUnix();
$doc->documentElement->setAttribute('timestamp', $timestamp);
$doc->documentElement->setAttribute('userID', $userID);
$doc->documentElement->setAttribute('defaultLibraryID', $userLibraryID);
$updateKey = Zotero_Users::getUpdateKey($userID);
$doc->documentElement->setAttribute('updateKey', $updateKey);
// Get libraries with update times >= $timestamp
$updatedLibraryIDs = array();
foreach ($updateTimes as $libraryID => $timestamp) {
if ($timestamp >= $lastsync) {
$updatedLibraryIDs[] = $libraryID;
}
}
// Add new and updated groups
$joinedGroups = Zotero_Groups::getJoined($userID, (int) $lastsync);
$updatedIDs = array_unique(array_merge($joinedGroups, Zotero_Groups::getUpdated($userID, (int) $lastsync)));
if ($updatedIDs) {
$node = $doc->createElement('groups');
$showGroups = false;
foreach ($updatedIDs as $id) {
$group = new Zotero_Group();
$group->id = $id;
$xmlElement = $group->toXML($userID);
$newNode = dom_import_simplexml($xmlElement);
$newNode = $doc->importNode($newNode, true);
$node->appendChild($newNode);
$showGroups = true;
}
if ($showGroups) {
$updatedNode->appendChild($node);
}
}
// If there's updated data in any library or
// there are any new groups (in which case we need all their data)
$hasData = $updatedLibraryIDs || $joinedGroups;
if ($hasData) {
foreach (Zotero_DataObjects::$classicObjectTypes as $syncObject) {
$Name = $syncObject['singular'];
// 'Item'
$Names = $syncObject['plural'];
// 'Items'
$name = strtolower($Name);
// 'item'
$names = strtolower($Names);
// 'items'
$className = 'Zotero_' . $Names;
$updatedIDsByLibraryID = call_user_func(array($className, 'getUpdated'), $userID, $lastsync, $updatedLibraryIDs);
if ($updatedIDsByLibraryID) {
$node = $doc->createElement($names);
foreach ($updatedIDsByLibraryID as $libraryID => $ids) {
if ($name == 'creator') {
$updatedCreators[$libraryID] = $ids;
}
foreach ($ids as $id) {
if ($name == 'item') {
$obj = call_user_func(array($className, 'get'), $libraryID, $id);
$data = array('updatedCreators' => isset($updatedCreators[$libraryID]) ? $updatedCreators[$libraryID] : array());
$xmlElement = Zotero_Items::convertItemToXML($obj, $data, $apiVersion);
} else {
$instanceClass = 'Zotero_' . $Name;
$obj = new $instanceClass();
if (method_exists($instanceClass, '__construct')) {
$obj->__construct();
}
$obj->libraryID = $libraryID;
if ($name == 'setting') {
$obj->name = $id;
} else {
$obj->id = $id;
}
if ($name == 'tag') {
$xmlElement = call_user_func(array($className, "convert{$Name}ToXML"), $obj, true);
} else {
if ($name == 'creator') {
$xmlElement = call_user_func(array($className, "convert{$Name}ToXML"), $obj, $doc);
if ($xmlElement->getAttribute('libraryID') == $userLibraryID) {
$xmlElement->removeAttribute('libraryID');
}
$node->appendChild($xmlElement);
} else {
if ($name == 'relation') {
// Skip new-style related items
if ($obj->predicate == 'dc:relation') {
continue;
}
$xmlElement = call_user_func(array($className, "convert{$Name}ToXML"), $obj);
if ($apiVersion <= 8) {
unset($xmlElement['libraryID']);
}
} else {
if ($name == 'setting') {
$xmlElement = call_user_func(array($className, "convert{$Name}ToXML"), $obj, $doc);
$node->appendChild($xmlElement);
} else {
$xmlElement = call_user_func(array($className, "convert{$Name}ToXML"), $obj);
}
}
}
}
}
if ($xmlElement instanceof SimpleXMLElement) {
if ($xmlElement['libraryID'] == $userLibraryID) {
unset($xmlElement['libraryID']);
}
$newNode = dom_import_simplexml($xmlElement);
$newNode = $doc->importNode($newNode, true);
$node->appendChild($newNode);
}
}
}
if ($node->hasChildNodes()) {
$updatedNode->appendChild($node);
}
}
}
}
// Add full-text content if the client supports it
if (isset($params['ft'])) {
$libraries = Zotero_Libraries::getUserLibraries($userID);
$fulltextNode = false;
foreach ($libraries as $libraryID) {
if (!empty($params['ftkeys']) && $params['ftkeys'] === 'all') {
$ftlastsync = 1;
} else {
$ftlastsync = $lastsync;
}
if (!empty($params['ftkeys'][$libraryID])) {
$keys = $params['ftkeys'][$libraryID];
} else {
$keys = [];
}
$data = Zotero_FullText::getNewerInLibraryByTime($libraryID, $ftlastsync, $keys);
if ($data) {
if (!$fulltextNode) {
$fulltextNode = $doc->createElement('fulltexts');
}
foreach ($data as $itemData) {
if ($params['ft']) {
$empty = $itemData['empty'];
} else {
$empty = true;
}
$first = false;
$node = Zotero_FullText::itemDataToXML($itemData, $doc, $empty);
$fulltextNode->appendChild($node);
}
}
}
if ($fulltextNode) {
$updatedNode->appendChild($fulltextNode);
}
}
// Get earliest timestamp
$earliestModTime = Zotero_Users::getEarliestDataTimestamp($userID);
$doc->documentElement->setAttribute('earliest', $earliestModTime ? $earliestModTime : 0);
// Deleted objects
$deletedKeys = $hasData ? self::getDeletedObjectKeys($userID, $lastsync, true) : false;
$deletedIDs = self::getDeletedObjectIDs($userID, $lastsync, true);
if ($deletedKeys || $deletedIDs) {
$deletedNode = $doc->createElement('deleted');
// Add deleted data objects
if ($deletedKeys) {
foreach (Zotero_DataObjects::$classicObjectTypes as $syncObject) {
$Name = $syncObject['singular'];
// 'Item'
$Names = $syncObject['plural'];
// 'Items'
$name = strtolower($Name);
// 'item'
$names = strtolower($Names);
// 'items'
if (empty($deletedKeys[$names])) {
continue;
}
$typeNode = $doc->createElement($names);
foreach ($deletedKeys[$names] as $row) {
$node = $doc->createElement($name);
if ($row['libraryID'] != $userLibraryID || $name == 'setting') {
$node->setAttribute('libraryID', $row['libraryID']);
}
$node->setAttribute('key', $row['key']);
$typeNode->appendChild($node);
}
$deletedNode->appendChild($typeNode);
}
}
// Add deleted groups
if ($deletedIDs) {
$name = "group";
$names = "groups";
$typeNode = $doc->createElement($names);
$ids = $doc->createTextNode(implode(' ', $deletedIDs[$names]));
$typeNode->appendChild($ids);
$deletedNode->appendChild($typeNode);
}
$updatedNode->appendChild($deletedNode);
}
Zotero_DB::commit();
} catch (Exception $e) {
Zotero_DB::rollback(true);
if ($syncDownloadQueueID) {
self::removeDownloadProcess($syncDownloadProcessID);
}
throw $e;
}
function relaxNGErrorHandler($errno, $errstr)
{
Zotero_Sync::$validationError = $errstr;
}
set_error_handler('relaxNGErrorHandler');
$valid = $doc->relaxNGValidate(Z_ENV_MODEL_PATH . 'relax-ng/updated.rng');
restore_error_handler();
if (!$valid) {
if ($syncDownloadQueueID) {
self::removeDownloadProcess($syncDownloadProcessID);
}
throw new Exception(self::$validationError . "\n\nXML:\n\n" . $doc->saveXML());
}
// Cache response if response isn't empty
try {
if ($doc->documentElement->firstChild->hasChildNodes()) {
self::cacheDownload($userID, $updateKey, $lastsync, $apiVersion, $doc->saveXML(), $cacheKeyExtra);
}
} catch (Exception $e) {
Z_Core::logError("WARNING: " . $e);
}
if ($syncDownloadQueueID) {
self::removeDownloadProcess($syncDownloadProcessID);
}
if ($profile) {
$shardID = Zotero_Shards::getByUserID($userID);
Zotero_DB::profileEnd(0);
}
}
/**
* Action to check login credentials
*/
public function executeLoginCheck()
{
$connection = RaykuCommon::getDatabaseConnection();
$sEmail = trim($this->getRequestParameter('name'));
$sPassword = trim($this->getRequestParameter('pass'));
if ($sEmail == '' && $sPassword == '') {
StatsD::increment("login.failure");
$this->redirect('login/index');
}
//Check the user credentials
$this->user = UserPeer::checkLogin($sEmail, $sPassword);
if (!$this->user) {
StatsD::increment("login.failure");
$_SESSION['loginErrorMsg'] = 'Your username or password was incorrect.';
} else {
StatsD::increment("login.success");
}
/**
* @todo - check if we ever got a chance to hit this place with recaptch - it looks like no so either lets remove it or make it working
*/
if (isset($_SESSION['loginWrongPass']) && $_SESSION['loginWrongPass'] >= 5) {
require_once $_SERVER['DOCUMENT_ROOT'] . '/recaptcha/recaptchalib.php';
// Get a key from https://www.google.com/recaptcha/admin/create
$publickey = "6Lc_mscSAAAAAE0Bxon37XRl56V_l3Ba0sqib2Zm";
$privatekey = "6Lc_mscSAAAAAKG3YnU2l3uHYqcBDB6R31XlVTW8";
# the response from reCAPTCHA
$resp = null;
# the error code from reCAPTCHA, if any
$error = null;
# was there a reCAPTCHA response?
$resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if ($resp->is_valid) {
$_SESSION['loginWrongPass'] = 0;
$_SESSION['recaptchaError'] = '';
} else {
# set the error code so that we can display it
$_SESSION['recaptchaError'] = $resp->error;
$this->user = false;
}
}
if (!$this->user) {
$this->msg = 'Your username or password was incorrect.';
/////incrementing session value plus one if the password is wrong
$_SESSION['loginWrongPass'] = @$_SESSION['loginWrongPass'] + 1;
if ($_SESSION['loginWrongPass'] >= 5) {
$this->redirect("/login");
}
return sfView::ERROR;
}
//If the user hasn't confirmed their account, display a message
if ($this->user->isTypeUnconfirmed()) {
$this->msg = 'You have not confirmed your account yet. Please go to your email inbox and click on the link in the confirmation email.';
return sfView::ERROR;
}
//If the user is banned, display a message
if ($this->user->getHidden()) {
$this->msg = 'You are currently banned.';
return sfView::ERROR;
}
$this->getUser()->signIn($this->user, $this->getRequestParameter('remember', false));
/**
* Invisible in practice means "invisible until next login"
* On each login this flag is set either to 0 or 1
* There is no possibility to change invisible status while being logged in
*/
$this->user->setInvisible($this->getRequestParameter('invisible', false));
$_SESSION[$this->user->getUsername()] = time();
$this->user->save();
$currentUser = $this->getUser()->getRaykuUser();
$userId = $currentUser->getId();
if (!empty($userId)) {
mysql_query("delete from popup_close where user_id=" . $userId, $connection) or die(mysql_error());
mysql_query("delete from sendmessage where asker_id =" . $userId, $connection) or die(mysql_error());
mysql_query("delete from user_expert where checked_id=" . $userId, $connection) or die(mysql_error());
}
if (isset($_SESSION['modelPopupOpen'])) {
unset($_SESSION['modelPopupOpen']);
if ($_SESSION['popup_session']) {
unset($_SESSION['popup_session']);
}
}
if ($this->getRequestParameter('referer') != 'http://' . RaykuCommon::getCurrentHttpDomain() . '/login') {
if ($this->getRequestParameter('referer') != NULL) {
return $this->redirect($this->getRequestParameter('referer'));
}
} else {
return sfView::SUCCESS;
}
}
public function toResponseJSON($requestParams = [])
{
$t = microtime(true);
// Child collections and items can't be cached (easily)
$numCollections = $this->numCollections();
$numItems = $this->numItems();
if (!$requestParams['uncached']) {
$cacheKey = $this->getCacheKey($requestParams);
$cached = Z_Core::$MC->get($cacheKey);
if ($cached) {
Z_Core::debug("Using cached JSON for {$this->libraryKey}");
$cached['meta']->numCollections = $numCollections;
$cached['meta']->numItems = $numItems;
StatsD::timing("api.collections.toResponseJSON.cached", (microtime(true) - $t) * 1000);
StatsD::increment("memcached.collections.toResponseJSON.hit");
return $cached;
}
}
$json = ['key' => $this->key, 'version' => $this->version, 'library' => Zotero_Libraries::toJSON($this->libraryID)];
// 'links'
$json['links'] = ['self' => ['href' => Zotero_API::getCollectionURI($this), 'type' => 'application/json'], 'alternate' => ['href' => Zotero_URI::getCollectionURI($this, true), 'type' => 'text/html']];
$parentID = $this->getParentID();
if ($parentID) {
$parentCol = Zotero_Collections::get($this->libraryID, $parentID);
$json['links']['up'] = ['href' => Zotero_API::getCollectionURI($parentCol), 'type' => "application/atom+xml"];
}
// 'meta'
$json['meta'] = new stdClass();
$json['meta']->numCollections = $numCollections;
$json['meta']->numItems = $numItems;
// 'include'
$include = $requestParams['include'];
foreach ($include as $type) {
if ($type == 'data') {
$json[$type] = $this->toJSON($requestParams);
}
}
if (!$requestParams['uncached']) {
Z_Core::$MC->set($cacheKey, $json);
StatsD::timing("api.collections.toResponseJSON.uncached", (microtime(true) - $t) * 1000);
StatsD::increment("memcached.collections.toResponseJSON.miss");
}
return $json;
}
public function clear()
{
$this->sessionCheck();
if (Zotero_Sync::userIsReadLocked($this->userID) || Zotero_Sync::userIsWriteLocked($this->userID)) {
$message = "You cannot reset server data while one of your libraries " . "is locked for syncing. Please wait for all related syncs to complete.";
$this->error(400, 'SYNC_LOCKED', $message);
}
StatsD::increment("sync.clear");
Zotero_Users::clearAllData($this->userID);
$this->responseXML->addChild('cleared');
$this->end();
}
/**
* @todo Implement testIncrement().
*/
public function testIncrement()
{
$this->statsd->updateStats("test.increment", "5", "1");
$this->statsd->increment("test.increment", 12);
}
/**
* Handle S3 request
*
* Permission-checking provided by items()
*/
private function _handleFileRequest($item)
{
if (!$this->permissions->canAccess($this->objectLibraryID, 'files')) {
$this->e403();
}
$this->allowMethods(array('HEAD', 'GET', 'POST', 'PATCH'));
if (!$item->isAttachment()) {
$this->e400("Item is not an attachment");
}
// File info for 4.0 client sync
//
// Use of HEAD method was discontinued after 2.0.8/2.1b1 due to
// compatibility problems with proxies and security software
if ($this->method == 'GET' && $this->fileMode == 'info') {
$info = Zotero_Storage::getLocalFileItemInfo($item);
if (!$info) {
$this->e404();
}
StatsD::increment("storage.info", 1);
/*
header("Last-Modified: " . gmdate('r', $info['uploaded']));
header("Content-Type: " . $info['type']);
*/
header("Content-Length: " . $info['size']);
header("ETag: " . $info['hash']);
header("X-Zotero-Filename: " . $info['filename']);
header("X-Zotero-Modification-Time: " . $info['mtime']);
header("X-Zotero-Compressed: " . ($info['zip'] ? 'Yes' : 'No'));
header_remove("X-Powered-By");
$this->end();
} else {
if ($this->method == 'GET') {
$info = Zotero_Storage::getLocalFileItemInfo($item);
if (!$info) {
$this->e404();
}
// File viewing
if ($this->fileView) {
$url = Zotero_Attachments::getTemporaryURL($item, !empty($_GET['int']));
if (!$url) {
$this->e500();
}
StatsD::increment("storage.view", 1);
$this->redirect($url);
exit;
}
// File download
$url = Zotero_Storage::getDownloadURL($item, 60);
if (!$url) {
$this->e404();
}
// Provide some headers to let 5.0 client skip download
header("Zotero-File-Modification-Time: {$info['mtime']}");
header("Zotero-File-MD5: {$info['hash']}");
header("Zotero-File-Size: {$info['size']}");
header("Zotero-File-Compressed: " . ($info['zip'] ? 'Yes' : 'No'));
StatsD::increment("storage.download", 1);
Zotero_Storage::logDownload($item, $this->userID, IPAddress::getIP());
$this->redirect($url);
exit;
} else {
if ($this->method == 'POST' || $this->method == 'PATCH') {
if (!$item->isImportedAttachment()) {
$this->e400("Cannot upload file for linked file/URL attachment item");
}
$libraryID = $item->libraryID;
$type = Zotero_Libraries::getType($libraryID);
if ($type == 'group') {
$groupID = Zotero_Groups::getGroupIDFromLibraryID($libraryID);
$group = Zotero_Groups::get($groupID);
if (!$group->userCanEditFiles($this->userID)) {
$this->e403("You do not have file editing access");
}
} else {
$group = null;
}
// If not the client, require If-Match or If-None-Match
if (!$this->httpAuth) {
if (empty($_SERVER['HTTP_IF_MATCH']) && empty($_SERVER['HTTP_IF_NONE_MATCH'])) {
$this->e428("If-Match/If-None-Match header not provided");
}
if (!empty($_SERVER['HTTP_IF_MATCH'])) {
if (!preg_match('/^"?([a-f0-9]{32})"?$/', $_SERVER['HTTP_IF_MATCH'], $matches)) {
$this->e400("Invalid ETag in If-Match header");
}
if (!$item->attachmentStorageHash) {
$this->e412("ETag set but file does not exist");
}
if ($item->attachmentStorageHash != $matches[1]) {
$this->libraryVersion = $item->version;
$this->libraryVersionOnFailure = true;
$this->e412("ETag does not match current version of file");
}
} else {
if ($_SERVER['HTTP_IF_NONE_MATCH'] != "*") {
$this->e400("Invalid value for If-None-Match header");
}
if (Zotero_Storage::getLocalFileItemInfo($item)) {
$this->libraryVersion = $item->version;
$this->libraryVersionOnFailure = true;
$this->e412("If-None-Match: * set but file exists");
}
}
}
//
// Upload authorization
//
if (!isset($_POST['update']) && !isset($_REQUEST['upload'])) {
$info = new Zotero_StorageFileInfo();
// Validate upload metadata
if (empty($_REQUEST['md5'])) {
$this->e400('MD5 hash not provided');
}
if (!preg_match('/[abcdefg0-9]{32}/', $_REQUEST['md5'])) {
$this->e400('Invalid MD5 hash');
}
if (!isset($_REQUEST['filename']) || $_REQUEST['filename'] === "") {
$this->e400('Filename not provided');
}
// Multi-file upload
//
// For ZIP files, the filename and hash of the ZIP file are different from those
// of the main file. We use the former for S3, and we store the latter in the
// upload log to set the attachment metadata with them on file registration.
if (!empty($_REQUEST['zipMD5'])) {
if (!preg_match('/[abcdefg0-9]{32}/', $_REQUEST['zipMD5'])) {
$this->e400('Invalid ZIP MD5 hash');
}
if (empty($_REQUEST['zipFilename'])) {
$this->e400('ZIP filename not provided');
}
$info->zip = true;
$info->hash = $_REQUEST['zipMD5'];
$info->filename = $_REQUEST['zipFilename'];
$info->itemFilename = $_REQUEST['filename'];
$info->itemHash = $_REQUEST['md5'];
} else {
if (!empty($_REQUEST['zipFilename'])) {
$this->e400('ZIP MD5 hash not provided');
} else {
$info->zip = !empty($_REQUEST['zip']);
$info->filename = $_REQUEST['filename'];
$info->hash = $_REQUEST['md5'];
}
}
if (empty($_REQUEST['mtime'])) {
$this->e400('File modification time not provided');
}
$info->mtime = $_REQUEST['mtime'];
if (!isset($_REQUEST['filesize'])) {
$this->e400('File size not provided');
}
$info->size = $_REQUEST['filesize'];
if (!is_numeric($info->size)) {
$this->e400("Invalid file size");
}
$info->contentType = isset($_REQUEST['contentType']) ? $_REQUEST['contentType'] : null;
if (!preg_match("/^[a-zA-Z0-9\\-\\/]+\$/", $info->contentType)) {
$info->contentType = null;
}
$info->charset = isset($_REQUEST['charset']) ? $_REQUEST['charset'] : null;
if (!preg_match("/^[a-zA-Z0-9\\-]+\$/", $info->charset)) {
$info->charset = null;
}
$contentTypeHeader = $info->contentType . ($info->contentType && $info->charset ? "; charset=" . $info->charset : "");
// Reject file if it would put account over quota
if ($group) {
$quota = Zotero_Storage::getEffectiveUserQuota($group->ownerUserID);
$usage = Zotero_Storage::getUserUsage($group->ownerUserID);
} else {
$quota = Zotero_Storage::getEffectiveUserQuota($this->objectUserID);
$usage = Zotero_Storage::getUserUsage($this->objectUserID);
}
$total = $usage['total'];
$fileSizeMB = round($info->size / 1024 / 1024, 1);
if ($total + $fileSizeMB > $quota) {
StatsD::increment("storage.upload.quota", 1);
$this->e413("File would exceed quota ({$total} + {$fileSizeMB} > {$quota})");
}
Zotero_DB::query("SET TRANSACTION ISOLATION LEVEL SERIALIZABLE");
Zotero_DB::beginTransaction();
// See if file exists with this filename
$localInfo = Zotero_Storage::getLocalFileInfo($info);
if ($localInfo) {
$storageFileID = $localInfo['storageFileID'];
// Verify file size
if ($localInfo['size'] != $info->size) {
throw new Exception("Specified file size incorrect for existing file " . $info->hash . "/" . $info->filename . " ({$localInfo['size']} != {$info->size})");
}
} else {
$oldStorageFileID = Zotero_Storage::getFileByHash($info->hash, $info->zip);
if ($oldStorageFileID) {
// Verify file size
$localInfo = Zotero_Storage::getFileInfoByID($oldStorageFileID);
if ($localInfo['size'] != $info->size) {
throw new Exception("Specified file size incorrect for duplicated file " . $info->hash . "/" . $info->filename . " ({$localInfo['size']} != {$info->size})");
}
// Create new file on S3 with new name
$storageFileID = Zotero_Storage::duplicateFile($oldStorageFileID, $info->filename, $info->zip, $contentTypeHeader);
}
}
// If we already have a file, add/update storageFileItems row and stop
if (!empty($storageFileID)) {
Zotero_Storage::updateFileItemInfo($item, $storageFileID, $info, $this->httpAuth);
Zotero_DB::commit();
StatsD::increment("storage.upload.existing", 1);
if ($this->httpAuth) {
$this->queryParams['format'] = null;
header('Content-Type: application/xml');
echo "<exists/>";
} else {
$this->queryParams['format'] = null;
header('Content-Type: application/json');
$this->libraryVersion = $item->version;
echo json_encode(array('exists' => 1));
}
$this->end();
}
Zotero_DB::commit();
// Add request to upload queue
$uploadKey = Zotero_Storage::queueUpload($this->userID, $info);
// User over queue limit
if (!$uploadKey) {
header('Retry-After: ' . Zotero_Storage::$uploadQueueTimeout);
if ($this->httpAuth) {
$this->e413("Too many queued uploads");
} else {
$this->e429("Too many queued uploads");
}
}
StatsD::increment("storage.upload.new", 1);
// Output XML for client requests (which use HTTP Auth)
if ($this->httpAuth) {
$params = Zotero_Storage::generateUploadPOSTParams($item, $info, true);
$this->queryParams['format'] = null;
header('Content-Type: application/xml');
$xml = new SimpleXMLElement('<upload/>');
$xml->url = Zotero_Storage::getUploadBaseURL();
$xml->key = $uploadKey;
foreach ($params as $key => $val) {
$xml->params->{$key} = $val;
}
echo $xml->asXML();
} else {
if (!empty($_REQUEST['params']) && $_REQUEST['params'] == "1") {
$params = array("url" => Zotero_Storage::getUploadBaseURL(), "params" => array());
foreach (Zotero_Storage::generateUploadPOSTParams($item, $info) as $key => $val) {
$params['params'][$key] = $val;
}
} else {
$params = Zotero_Storage::getUploadPOSTData($item, $info);
}
$params['uploadKey'] = $uploadKey;
$this->queryParams['format'] = null;
header('Content-Type: application/json');
echo json_encode($params);
}
exit;
}
//
// API partial upload and post-upload file registration
//
if (isset($_REQUEST['upload'])) {
$uploadKey = $_REQUEST['upload'];
if (!$uploadKey) {
$this->e400("Upload key not provided");
}
$info = Zotero_Storage::getUploadInfo($uploadKey);
if (!$info) {
$this->e400("Upload key not found");
}
// Partial upload
if ($this->method == 'PATCH') {
if (empty($_REQUEST['algorithm'])) {
throw new Exception("Algorithm not specified", Z_ERROR_INVALID_INPUT);
}
$storageFileID = Zotero_Storage::patchFile($item, $info, $_REQUEST['algorithm'], $this->body);
} else {
$remoteInfo = Zotero_Storage::getRemoteFileInfo($info);
if (!$remoteInfo) {
error_log("Remote file {$info->hash}/{$info->filename} not found");
$this->e400("Remote file not found");
}
if ($remoteInfo->size != $info->size) {
error_log("Uploaded file size does not match " . "({$remoteInfo->size} != {$info->size}) " . "for file {$info->hash}/{$info->filename}");
}
}
// Set an automatic shared lock in getLocalFileInfo() to prevent
// two simultaneous transactions from adding a file
Zotero_DB::query("SET TRANSACTION ISOLATION LEVEL SERIALIZABLE");
Zotero_DB::beginTransaction();
if (!isset($storageFileID)) {
// Check if file already exists, which can happen if two identical
// files are uploaded simultaneously
$fileInfo = Zotero_Storage::getLocalFileInfo($info);
if ($fileInfo) {
$storageFileID = $fileInfo['storageFileID'];
} else {
$storageFileID = Zotero_Storage::addFile($info);
}
}
Zotero_Storage::updateFileItemInfo($item, $storageFileID, $info);
Zotero_Storage::logUpload($this->userID, $item, $uploadKey, IPAddress::getIP());
Zotero_DB::commit();
header("HTTP/1.1 204 No Content");
header("Last-Modified-Version: " . $item->version);
exit;
}
//
// Client post-upload file registration
//
if (isset($_POST['update'])) {
$this->allowMethods(array('POST'));
if (empty($_POST['mtime'])) {
throw new Exception('File modification time not provided');
}
$uploadKey = $_POST['update'];
$info = Zotero_Storage::getUploadInfo($uploadKey);
if (!$info) {
$this->e400("Upload key not found");
}
$remoteInfo = Zotero_Storage::getRemoteFileInfo($info);
if (!$remoteInfo) {
$this->e400("Remote file not found");
}
if (!isset($info->size)) {
throw new Exception("Size information not available");
}
$info->mtime = $_POST['mtime'];
// Set an automatic shared lock in getLocalFileInfo() to prevent
// two simultaneous transactions from adding a file
Zotero_DB::query("SET TRANSACTION ISOLATION LEVEL SERIALIZABLE");
Zotero_DB::beginTransaction();
// Check if file already exists, which can happen if two identical
// files are uploaded simultaneously
$fileInfo = Zotero_Storage::getLocalFileInfo($info);
if ($fileInfo) {
$storageFileID = $fileInfo['storageFileID'];
} else {
$storageFileID = Zotero_Storage::addFile($info);
}
Zotero_Storage::updateFileItemInfo($item, $storageFileID, $info, true);
Zotero_Storage::logUpload($this->userID, $item, $uploadKey, IPAddress::getIP());
Zotero_DB::commit();
header("HTTP/1.1 204 No Content");
exit;
}
throw new Exception("Invalid request", Z_ERROR_INVALID_INPUT);
}
}
}
exit;
}
public static function statsdIncrement($stat, $prefix = false)
{
$_prefix = $prefix ? $prefix : self::statsdPrefix(false, false);
StatsD::increment($_prefix . $stat);
}
fwrite($fp, "{$stat}:{$value}");
}
$content = fread($fp, "100");
var_dump($content);
echo "<hr color='red'/>";
fclose($fp);
} catch (Exception $ex) {
error_log("StatsD Exception: " . $ex->getMessage());
}
}
}
$hostname = "127.0.0.1";
$port_number = 11109;
$statsd = new StatsD($hostname, $port_number);
for ($i = 0; $i < 180; $i++) {
//<game>.<topic>.<counter_name>
$statsd->increment('high_level_topic.test.test_counter');
if ($i % 100 == 0) {
printf("#");
sleep(2);
} else {
if ($i % 101 == 0) {
printf("*");
sleep(2);
} else {
printf(".");
sleep(0.8);
}
}
}
printf("\n");
public function executeConnect()
{
$this->count = $this->getRequestParameter('count');
StatsD::increment("whiteboard.session.create");
}
public function executeConnect()
{
StatsD::increment("whiteboard.session.create");
}
