public function execute()
{
$ksStr = $this->getP("ks");
if ($ksStr) {
$ksObj = null;
try {
$ksObj = ks::fromSecureString($ksStr);
} catch (Exception $e) {
}
if ($ksObj) {
$partner = PartnerPeer::retrieveByPK($ksObj->partner_id);
if (!$partner) {
KExternalErrors::dieError(KExternalErrors::PARTNER_NOT_FOUND);
}
if (!$partner->validateApiAccessControl()) {
KExternalErrors::dieError(KExternalErrors::SERVICE_ACCESS_CONTROL_RESTRICTED);
}
$ksObj->kill();
}
KalturaLog::info("Killing session with ks - [{$ksStr}], decoded - [" . base64_decode($ksStr) . "]");
} else {
KalturaLog::err('logoutAction called with no KS');
}
setcookie('pid', "", 0, "/");
setcookie('subpid', "", 0, "/");
setcookie('kmcks', "", 0, "/");
return sfView::NONE;
//redirection to kmc/kmc is done from java script
}
/**
* @param ks $v
*/
public function setKs($v)
{
if (is_string($v)) {
$v = ks::fromSecureString($v);
}
$this->ks = $v;
}
/**
* KS from Secure String
* @action fromSecureString
* @param string $str
* @return KalturaInternalToolsSession
*
*/
public function fromSecureStringAction($str)
{
$ks = ks::fromSecureString($str);
$ksFromSecureString = new KalturaInternalToolsSession();
$ksFromSecureString->fromObject($ks, $this->getResponseProfile());
return $ksFromSecureString;
}
/**
* KS from Secure String
* @action fromSecureString
* @param string $str
* @return KalturaInternalToolsSession
*
*/
public static function fromSecureStringAction($str)
{
$ks = ks::fromSecureString($str);
$ksFromSecureString = new KalturaInternalToolsSession();
$ksFromSecureString->fromObject($ks);
return $ksFromSecureString;
}
public function executeImpl($partner_id, $subp_id, $puser_id, $partner_prefix, $puser_kuser, $create_cachekey = false)
{
myDbHelper::$use_alternative_con = myDbHelper::DB_HELPER_CONN_PROPEL3;
// TODO - verify permissions for viewing lists
$detailed = $this->getP("detailed", false);
if (!$detailed) {
$detailed = false;
}
$playlist_id = $this->getPM("playlist_id");
if ($create_cachekey) {
if ($this->isAdmin()) {
return null;
}
$ks_partner_id = null;
$privileges = null;
$ks = ks::fromSecureString(kCurrentContext::$ks);
if ($ks) {
$ks_partner_id = $ks->getPartnerId();
$privileges = $ks->getPrivileges();
}
$cache_key_arr = array("playlist_id" => $playlist_id, "partner_id" => $partner_id, "ks_partner_id" => $ks_partner_id, "detailed" => $detailed, "user" => kCurrentContext::$ks_uid, "privileges" => $privileges, "is_admin" => $this->isAdmin(), "protocol" => infraRequestUtils::getProtocol());
$cahce_key = new executionCacheKey();
$cahce_key->expiry = 600;
$cahce_key->key = md5(print_r($cache_key_arr, true));
return $cahce_key;
}
// this service is executed twice! (first time for the cache key, second time for the execution)
if (is_null($this->playlist)) {
$playlist = entryPeer::retrieveByPK($playlist_id);
if (!$playlist) {
throw new APIException(APIErrors::INVALID_ENTRY_ID, "Playlist", $playlist_id);
}
myPartnerUtils::addPartnerToCriteria('accessControl', $playlist->getPartnerId(), $this->getPrivatePartnerData(), $this->partnerGroup2(), null);
$this->playlist = $playlist;
}
if ($this->isAdmin()) {
myPlaylistUtils::setIsAdminKs(true);
}
$entry_list = myPlaylistUtils::executePlaylistById($partner_id, $playlist_id, null, $detailed);
myEntryUtils::updatePuserIdsForEntries($entry_list);
$level = $detailed ? objectWrapperBase::DETAIL_LEVEL_DETAILED : objectWrapperBase::DETAIL_LEVEL_REGULAR;
$wrapper = objectWrapperBase::getWrapperClass($entry_list, $level);
$this->addMsg("count", count($entry_list));
$this->addMsg($this->getObjectPrefix(), $wrapper);
}
public function execute()
{
$this->forceSystemAuthentication();
$secret = "";
$str = $this->getP("str");
$algo = $this->getP("algo", "wiki_decode");
$res = "";
$key = null;
if ($algo == "wiki_encode") {
$res = str_replace(array("|", "/"), array("|01", "|02"), base64_encode(serialize($str)));
} elseif ($algo == "wiki_decode") {
$res = @unserialize(base64_decode(str_replace(array("|02", "|01"), array("/", "|"), $str)));
} elseif ($algo == "wiki_decode_no_serialize") {
$res = base64_decode(str_replace(array("|02", "|01"), array("/", "|"), $str));
} elseif ($algo == "base64_encode") {
$res = base64_encode($str);
} elseif ($algo == "base64_decode") {
$res = base64_decode($str);
} elseif ($algo == "base64_3des_encode") {
$key = $this->getP("des_key");
echo "[{$key}]";
$input = $str;
$td = mcrypt_module_open('tripledes', '', 'ecb', '');
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
$key = substr($key, 0, mcrypt_enc_get_key_size($td));
mcrypt_generic_init($td, $key, $iv);
$encrypted_data = mcrypt_generic($td, $input);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
$res = base64_encode($encrypted_data);
$this->des_key = $key;
} elseif ($algo == "base64_3des_decode") {
$key = $this->getP("des_key");
echo "[{$key}]";
$input = base64_decode($str);
$td = mcrypt_module_open('tripledes', '', 'ecb', '');
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
$key = substr($key, 0, mcrypt_enc_get_key_size($td));
mcrypt_generic_init($td, $key, $iv);
$encrypted_data = mdecrypt_generic($td, $input);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
$res = $encrypted_data;
$this->des_key = $key;
} elseif ($algo == "ks") {
$ks = ks::fromSecureString($str);
$res = print_r($ks, true);
if ($ks != null) {
$expired = $ks->valid_until;
$expired_str = self::formatThisData($expired);
$now = time();
$now_str = self::formatThisData($now);
$res .= "<br>" . "valid until: " . $expired_str . "<br>now: {$now} ({$now_str})";
}
} elseif ($algo == "kwid") {
$kwid_str = @base64_decode($str);
if (!$kwid_str) {
// invalid string
return "";
}
/* $kwid = new kwid();
list ( $kwid->kshow_id , $kwid->partner_id , $kwid->subp_id ,$kwid->article_name ,$kwid->widget_id , $kwid->hash ) =
@explode ( self::KWID_SEPARATOR , $str );
*/
$cracked = @explode("|", $kwid_str);
$names = array("kshow_id", "partner_id", "subp_id", "article_name", "widget_id", "hash");
$combined = array_combine($names, $cracked);
$secret = $this->getP("secret");
$md5 = md5($combined["kshow_id"] . $combined["partner_id"] . $combined["subp_id"] . $combined["article_name"] . $combined["widget_id"] . $secret);
$combined["secret"] = $secret;
$combined["calculated hash"] = substr($md5, 1, 10);
$res = print_r($combined, true);
} elseif ($algo == "ip") {
$ip_geo = new myIPGeocoder();
if ($str) {
$remote_addr = $str;
} else {
$remote_addr = requestUtils::getRemoteAddress();
}
$res = $ip_geo->iptocountry($remote_addr);
}
$this->key = $key;
$this->secret = $secret;
$this->str = $str;
$this->res = $res;
$this->algo = $algo;
}
public function executeImpl($partner_id, $subp_id, $puser_id, $partner_prefix, $puser_kuser, $create_cachekey = false)
{
myDbHelper::$use_alternative_con = myDbHelper::DB_HELPER_CONN_PROPEL3;
// TODO - verify permissions for viewing lists
$detailed = $this->getP("detailed", false);
if (!$detailed) {
$detailed = false;
}
$limit = $this->getP("page_size", 10);
$limit = $this->maxPageSize($limit);
$page = $this->getP("page", 1);
$user_filter_prefix = $this->getP("fp", "filter");
$offset = ($page - 1) * $limit;
// TODO - should limit search to partner ??
// kuserPeer::setUseCriteriaFilter( false );
// entryPeer::setUseCriteriaFilter( false );
$playlist_id = $this->getPM("playlist_id");
$input_params = $this->getInputParams();
$extra_filters = array();
for ($i = 1; $i < self::MAX_FILTER_COUNT; $i++) {
// filter
$extra_filter = new entryFilter();
$fields_set = $extra_filter->fillObjectFromRequest($input_params, "{$user_filter_prefix}{$i}_", null);
if ($fields_set) {
$extra_filters[$i] = $extra_filter;
}
}
if ($create_cachekey) {
if ($this->isAdmin()) {
return null;
}
$ks_partner_id = null;
$privileges = null;
$ks = ks::fromSecureString(kCurrentContext::$ks);
if ($ks) {
$ks_partner_id = $ks->getPartnerId();
$privileges = $ks->getPrivileges();
}
$cache_key_arr = array("playlist_id" => $playlist_id, "filters" => $extra_filters, "partner_id" => $partner_id, "ks_partner_id" => $ks_partner_id, "detailed" => $detailed, "user" => kCurrentContext::$ks_uid, "privileges" => $privileges, "is_admin" => $this->isAdmin());
$cahce_key = new executionCacheKey();
$cahce_key->expiry = 600;
$cahce_key->key = md5(print_r($cache_key_arr, true));
return $cahce_key;
}
// this service is executed twice! (first time for the cache key, second time for the execution)
if (is_null($this->playlist)) {
$playlist = entryPeer::retrieveByPK($playlist_id);
if (!$playlist) {
throw new APIException(APIErrors::INVALID_ENTRY_ID, "Playlist", $playlist_id);
}
myPartnerUtils::addPartnerToCriteria(new accessControlPeer(), $playlist->getPartnerId(), $this->getPrivatePartnerData(), $this->partnerGroup2(), null);
$this->playlist = $playlist;
}
if ($this->isAdmin()) {
myPlaylistUtils::setIsAdminKs(true);
}
$entry_list = myPlaylistUtils::executePlaylistById($partner_id, $playlist_id, $extra_filters, $detailed);
myEntryUtils::updatePuserIdsForEntries($entry_list);
$level = $detailed ? objectWrapperBase::DETAIL_LEVEL_DETAILED : objectWrapperBase::DETAIL_LEVEL_REGULAR;
$wrapper = objectWrapperBase::getWrapperClass($entry_list, $level);
$this->addMsg("count", count($entry_list));
$this->addMsg($this->getObjectPrefix(), $wrapper);
}
public static function setDefaultCriteriaFilter()
{
if (self::$s_criteria_filter == null) {
self::$s_criteria_filter = new criteriaFilter();
}
$c = KalturaCriteria::create(entryPeer::OM_CLASS);
$c->addAnd(entryPeer::STATUS, entryStatus::DELETED, Criteria::NOT_EQUAL);
$critEntitled = null;
$ks = ks::fromSecureString(kCurrentContext::$ks);
//when entitlement is enable and admin session or user session with list:* privilege
if (kEntitlementUtils::getEntitlementEnforcement() && (kCurrentContext::$is_admin_session || !self::$userContentOnly)) {
$privacyContexts = kEntitlementUtils::getPrivacyContextSearch();
$critEntitled = $c->getNewCriterion(self::PRIVACY_BY_CONTEXTS, $privacyContexts, KalturaCriteria::IN_LIKE);
$critEntitled->addTag(KalturaCriterion::TAG_ENTITLEMENT_ENTRY);
if (kCurrentContext::getCurrentKsKuserId()) {
//ENTITLED_KUSERS field includes $this->entitledUserEdit, $this->entitledUserEdit, and users on work groups categories.
$entitledKuserByPrivacyContext = kEntitlementUtils::getEntitledKuserByPrivacyContext();
$critEntitledKusers = $c->getNewCriterion(self::ENTITLED_KUSERS, $entitledKuserByPrivacyContext, KalturaCriteria::IN_LIKE);
$critEntitledKusers->addTag(KalturaCriterion::TAG_ENTITLEMENT_ENTRY);
$categoriesIds = array();
$categoriesIds = categoryPeer::retrieveEntitledAndNonIndexedByKuser(kCurrentContext::getCurrentKsKuserId(), kConf::get('category_search_limit'));
if (count($categoriesIds) >= kConf::get('category_search_limit')) {
self::$kuserBlongToMoreThanMaxCategoriesForSearch = true;
}
if (count($categoriesIds)) {
$critCategories = $c->getNewCriterion(self::CATEGORIES_IDS, $categoriesIds, KalturaCriteria::IN_LIKE);
$critCategories->addTag(KalturaCriterion::TAG_ENTITLEMENT_ENTRY);
$critEntitled->addOr($critCategories);
}
$critEntitled->addOr($critEntitledKusers);
}
//user should be able to get all entries s\he uploaded - outside the privacy context
$kuser = kCurrentContext::getCurrentKsKuserId();
if ($kuser !== 0) {
$critKuser = $c->getNewCriterion(entryPeer::KUSER_ID, $kuser, Criteria::EQUAL);
$critKuser->addTag(KalturaCriterion::TAG_ENTITLEMENT_ENTRY);
$critEntitled->addOr($critKuser);
}
} elseif (self::$userContentOnly) {
$critEntitled = $c->getNewCriterion(entryPeer::KUSER_ID, kCurrentContext::getCurrentKsKuserId(), Criteria::EQUAL);
$critEntitled->addTag(KalturaCriterion::TAG_WIDGET_SESSION);
}
if ($ks && count($ks->getDisableEntitlementForEntry())) {
$entryCrit = $c->getNewCriterion(entryPeer::ENTRY_ID, $ks->getDisableEntitlementForEntry(), Criteria::IN);
$entryCrit->addTag(KalturaCriterion::TAG_ENTITLEMENT_ENTRY);
if ($critEntitled) {
$critEntitled->addOr($entryCrit);
} else {
$critEntitled = $entryCrit;
}
}
if ($critEntitled) {
$c->addAnd($critEntitled);
}
self::$s_criteria_filter->setFilter($c);
}
public static function killKSession($ks)
{
try {
$ksObj = ks::fromSecureString($ks);
if ($ksObj) {
$ksObj->kill();
}
} catch (Exception $e) {
}
}
public static function getRoleIds(Partner $operatingPartner = null, kuser $kuser = null)
{
$roleIds = null;
$ksString = kCurrentContext::$ks;
$isAdminSession = !self::isEmpty(kCurrentContext::$is_admin_session) ? kCurrentContext::$is_admin_session : false;
if (!$ksString || !$operatingPartner && kCurrentContext::$ks_partner_id != Partner::BATCH_PARTNER_ID) {
$roleId = UserRolePeer::getIdByStrId(UserRoleId::NO_SESSION_ROLE);
if ($roleId) {
return array($roleId);
}
return null;
}
$ks = ks::fromSecureString($ksString);
$ksSetRoleId = $ks->getSetRole();
if ($ksSetRoleId) {
if ($ksSetRoleId == 'null') {
return null;
}
$ksPartnerId = !self::isEmpty(kCurrentContext::$ks_partner_id) ? kCurrentContext::$ks_partner_id : null;
//check if role exists
$c = new Criteria();
$c->addAnd(is_numeric($ksSetRoleId) ? UserRolePeer::ID : UserRolePeer::SYSTEM_NAME, $ksSetRoleId, Criteria::EQUAL);
$partnerIds = array_map('strval', array($ksPartnerId, PartnerPeer::GLOBAL_PARTNER));
$c->addAnd(UserRolePeer::PARTNER_ID, $partnerIds, Criteria::IN);
$roleId = UserRolePeer::doSelectOne($c);
if ($roleId) {
$roleIds = $roleId->getId();
} else {
KalturaLog::debug("Role id [{$ksSetRoleId}] does not exists");
throw new kCoreException("Unknown role Id [{$ksSetRoleId}]", kCoreException::ID_NOT_FOUND);
}
}
// if user is defined -> get his role IDs
if (!$roleIds && $kuser) {
$roleIds = $kuser->getRoleIds();
}
// if user has no defined roles or no user is defined -> get default role IDs according to session type (admin/not)
if (!$roleIds) {
if (!$operatingPartner) {
// use system default roles
if ($ks->isWidgetSession()) {
$strId = UserRoleId::WIDGET_SESSION_ROLE;
} elseif ($isAdminSession) {
$strId = UserRoleId::PARTNER_ADMIN_ROLE;
} else {
$strId = UserRoleId::BASE_USER_SESSION_ROLE;
}
$roleIds = UserRolePeer::getIdByStrId($strId);
} else {
if ($ks->isWidgetSession()) {
//there is only one partner widget role defined in the system
$roleIds = $operatingPartner->getWidgetSessionRoleId();
} elseif ($isAdminSession) {
// there is only one partner admin role defined in the system
$roleIds = $operatingPartner->getAdminSessionRoleId();
} else {
// a partner may have special defined user session roles - get them from partner object
$roleIds = $operatingPartner->getUserSessionRoleId();
}
}
}
if ($roleIds) {
$roleIds = explode(',', trim($roleIds, ','));
}
return $roleIds;
}
/**
* Parse session key and return its info
*
* @action get
* @param string $session The KS to be parsed, keep it empty to use current session.
* @return KalturaSessionInfo
*
* @throws APIErrors::START_SESSION_ERROR
*/
function getAction($session = null)
{
if (!$session) {
$session = kCurrentContext::$ks;
}
$ks = ks::fromSecureString($session);
$sessionInfo = new KalturaSessionInfo();
$sessionInfo->ks = $session;
$sessionInfo->partnerId = $ks->partner_id;
$sessionInfo->userId = $ks->user;
$sessionInfo->expiry = $ks->valid_until;
$sessionInfo->sessionType = $ks->type;
$sessionInfo->privileges = $ks->privileges;
return $sessionInfo;
}
public static function getKsPrivacyContext()
{
$partnerId = kCurrentContext::$ks_partner_id ? kCurrentContext::$ks_partner_id : kCurrentContext::$partner_id;
$ks = ks::fromSecureString(kCurrentContext::$ks);
if (!$ks) {
return array(self::DEFAULT_CONTEXT . $partnerId);
}
$ksPrivacyContexts = $ks->getPrivacyContext();
if (is_null($ksPrivacyContexts) || $ksPrivacyContexts == '') {
return array(self::DEFAULT_CONTEXT . $partnerId);
}
return explode(',', $ksPrivacyContexts);
}
private static function initRoleIds()
{
$roleIds = null;
if (!self::$operatingPartner || !self::$ksString) {
// no partner or session -> no role
$roleIds = null;
} else {
$ks = ks::fromSecureString(self::$ksString);
$ksSetRoleId = $ks->getSetRole();
if ($ksSetRoleId) {
//check if role exists
$c = new Criteria();
$c->addAnd(is_numeric($ksSetRoleId) ? UserRolePeer::ID : UserRolePeer::SYSTEM_NAME, $ksSetRoleId, Criteria::EQUAL);
$c->addAnd(UserRolePeer::PARTNER_ID, array(self::$ksPartnerId, PartnerPeer::GLOBAL_PARTNER), Criteria::IN);
$roleId = UserRolePeer::doSelectOne($c);
if ($roleId) {
$roleIds = $roleId->getId();
} else {
KalturaLog::debug("Role id [{$ksSetRoleId}] does not exists");
throw new KalturaAPIException(APIErrors::UNKNOWN_ROLE_ID, $ksSetRoleId);
}
}
// if user is defined -> get his role IDs
if (!$roleIds && self::$kuser) {
$roleIds = self::$kuser->getRoleIds();
}
// if user has no defined roles or no user is defined -> get default role IDs according to session type (admin/not)
if (!$roleIds) {
if ($ks->isWidgetSession()) {
//there is only one partner widget role defined in the system
$roleIds = self::$operatingPartner->getWidgetSessionRoleId();
} elseif (self::$adminSession) {
// there is only one partner admin role defined in the system
$roleIds = self::$operatingPartner->getAdminSessionRoleId();
} else {
// a partner may have special defined user session roles - get them from partner object
$roleIds = self::$operatingPartner->getUserSessionRoleId();
}
}
if ($roleIds) {
$roleIds = explode(',', trim($roleIds, ','));
}
}
self::$roleIds = $roleIds;
}
/**
* Parse session key and return its info
*
* @action get
* @param string $session The KS to be parsed, keep it empty to use current session.
* @return KalturaSessionInfo
*
* @throws APIErrors::START_SESSION_ERROR
*/
function getAction($session = null)
{
KalturaResponseCacher::disableCache();
if (!$session) {
$session = kCurrentContext::$ks;
}
$ks = ks::fromSecureString($session);
if (!myPartnerUtils::allowPartnerAccessPartner($this->getPartnerId(), $this->partnerGroup(), $ks->partner_id)) {
throw new KalturaAPIException(APIErrors::PARTNER_ACCESS_FORBIDDEN, $this->getPartnerId(), $ks->partner_id);
}
$sessionInfo = new KalturaSessionInfo();
$sessionInfo->partnerId = $ks->partner_id;
$sessionInfo->userId = $ks->user;
$sessionInfo->expiry = $ks->valid_until;
$sessionInfo->sessionType = $ks->type;
$sessionInfo->privileges = $ks->privileges;
return $sessionInfo;
}
