Example #1
0
 /**
  * Log an action carried out by a person to the ActionLog table.
  *
  * @param string $message
  *
  * @since 1.1
  */
 public function action($message)
 {
     $config = ConfigProvider::getInstance();
     $sessionProvider = $config->get('session.provider.name');
     $session = SessionProviderFactory::getInstance($sessionProvider);
     if ($session->get('currentUser') != null) {
         $action = new ActionLog();
         $action->set('client', $this->request->getUserAgent());
         $action->set('IP', $this->request->getIP());
         $action->set('message', $message);
         $action->save();
     }
 }
Example #2
0
 /**
  * Method to check the validity of the two hidden form security
  * fields which aim to ensure that a post to the controller is being sent from
  * the same server that is hosting it.
  *
  * @return bool
  *
  * @since 1.0
  */
 public function checkSecurityFields()
 {
     self::$logger->debug('>>checkSecurityFields()');
     $host = $this->request->getHost();
     $ip = $this->request->getIP();
     // the server hostname + today's date
     $var1 = rtrim(strtr(base64_encode(SecurityUtils::encrypt($host . date('Ymd'))), '+/', '-_'), '=');
     // the server's IP plus $var1
     $var2 = rtrim(strtr(base64_encode(SecurityUtils::encrypt($ip . $var1)), '+/', '-_'), '=');
     if ($this->request->getParam('var1') === null || $this->request->getParam('var2') === null) {
         self::$logger->warn('The required var1/var2 params where not provided on the HTTP request');
         self::$logger->debug('<<checkSecurityFields [false]');
         return false;
     }
     if ($var1 == $this->request->getParam('var1') && $var2 == $this->request->getParam('var2')) {
         self::$logger->debug('<<checkSecurityFields [true]');
         return true;
     } else {
         /*
          * Here we are implementing a "grace period" of one hour if the time is < 1:00AM, we will accept
          * a match for yesterday's date in the security fields
          *
          */
         // the server hostname + today's date less 1 hour (i.e. yesterday where time is < 1:00AM)
         $var1 = rtrim(strtr(base64_encode(SecurityUtils::encrypt($host . date('Ymd', time() - 3600))), '+/', '-_'), '=');
         // the server's IP plus $var1
         $var2 = rtrim(strtr(base64_encode(SecurityUtils::encrypt($ip . $var1)), '+/', '-_'), '=');
         if ($var1 == $this->request->getParam('var1') && $var2 == $this->request->getParam('var2')) {
             self::$logger->debug('<<checkSecurityFields [true]');
             return true;
         } else {
             self::$logger->warn('The var1/var2 params provided are invalid, values: var1=[' . $this->request->getParam('var1') . '] var2=[' . $this->request->getParam('var2') . ']');
             self::$logger->debug('<<checkSecurityFields [false]');
             return false;
         }
     }
 }
Example #3
0
 /**
  * Generates the two security fields to prevent remote form processing.
  *
  * @return array An array containing the two fields
  *
  * @since 1.0
  */
 public static function generateSecurityFields()
 {
     if (self::$logger == null) {
         self::$logger = new Logger('Controller');
     }
     self::$logger->debug('>>generateSecurityFields()');
     $request = new Request(array('method' => 'GET'));
     $host = $request->getHost();
     $ip = $request->getIP();
     // the server hostname + today's date
     $var1 = rtrim(strtr(base64_encode(SecurityUtils::encrypt($host . date('Ymd'))), '+/', '-_'), '=');
     // the server's IP plus $var1
     $var2 = rtrim(strtr(base64_encode(SecurityUtils::encrypt($ip . $var1)), '+/', '-_'), '=');
     self::$logger->debug('<<generateSecurityFields [array(' . $var1 . ', ' . $var2 . ')]');
     return array($var1, $var2);
 }
Example #4
0
 /**
  * Testing that the client IP can be set from overrides or super-globals during object construction.
  */
 public function testSetIP()
 {
     $request = new Request(array('method' => 'GET', 'IP' => '127.0.0.1'));
     $this->assertEquals('127.0.0.1', $request->getIP(), 'Testing that the client IP can be set from overrides or super-globals during object construction');
     $_SERVER['REQUEST_METHOD'] = 'GET';
     $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
     $request = new Request();
     $this->assertEquals('127.0.0.1', $request->getIP(), 'Testing that the client IP can be set from overrides or super-globals during object construction');
 }