/**
* On s'assure que pour ces tâche ce soit bien un administrateur
*/
public function beforeAction()
{
CopixAuth::getCurrentUser()->assertCredential('basic:admin');
if (!CopixConfig::instance()->copixauth_isRegisteredCredentialHandler('auth|dbdynamiccredentialhandler')) {
throw new CopixException(_i18n('auth.dynamicHandlerNotRegister'));
}
}
/** The connect function
* @param array $pParams
*/
public function connect($pParams)
{
$arParams = array();
foreach ($pParams->item as $item) {
$arParams[$item->key] = $item->value;
}
CopixAuth::getCurrentUser()->login($arParams);
}
/**
* Création de la zone de login
*/
public function _createContent(&$toReturn)
{
$ppo = new CopixPPO();
$ppo->user = CopixAuth::getCurrentUser()->isConnected() ? CopixAuth::getCurrentUser() : null;
$ppo->auth_url_return = $this->getParam('auth_url_return', _url('#'));
$ppo->createUser = CopixConfig::get('auth|createUser');
$ppo->ask_remember = false;
$toReturn = $this->_usePPO($ppo, $this->getParam('template', 'login.form.php'));
}
/**
* Vérifie que l'on est bien administrateur
*
* @param string $actionName Nom de l'action.
*/
public function beforeAction($actionName)
{
switch (strtolower($actionName)) {
case 'done':
case 'checkinstallframework':
return;
default:
CopixAuth::getCurrentUser()->assertCredential('basic:admin');
}
}
public function beforeProcess(&$action)
{
if (CopixConfig::get('conf_Saml_actif') != 1) {
return;
}
require_once COPIX_UTILS_PATH . '../../simplesamlphp/lib/_autoload.php';
$asId = 'iconito-sql';
if (CopixConfig::exists('default|conf_Saml_authSource') && CopixConfig::get('default|conf_Saml_authSource')) {
$asId = CopixConfig::get('default|conf_Saml_authSource');
}
$as = new SimpleSAML_Auth_Simple($asId);
$ppo->user = _currentUser();
if ($as->isAuthenticated() && !$ppo->user->isConnected()) {
$attributes = $as->getAttributes();
$uidAttribute = 'login_dbuser';
if (CopixConfig::exists('default|conf_Saml_uidAttribute') && CopixConfig::get('default|conf_Saml_uidAttribute')) {
$uidAttribute = CopixConfig::get('default|conf_Saml_uidAttribute');
}
$ppo->saml_user = null;
if (isset($attributes[$uidAttribute]) && isset($attributes[$uidAttribute][0])) {
$ppo->saml_user = $attributes[$uidAttribute][0];
}
if ($ppo->saml_user) {
$ppo->iconito_user = Kernel::getUserInfo("LOGIN", $ppo->saml_user);
if ($ppo->iconito_user['login']) {
_currentUser()->login(array('login' => $ppo->iconito_user['login'], 'assistance' => true));
$url_return = CopixUrl::get('kernel||doSelectHome');
// $url_return = CopixUrl::get ('assistance||users');
return new CopixActionReturn(COPIX_AR_REDIRECT, $url_return);
} else {
$ppo->cas_error = 'no-iconito-user';
return _arPpo($ppo, 'cas.tpl');
}
}
}
if (!$as->isAuthenticated() && $ppo->user->isConnected()) {
$ppo->user = _currentUser();
if ($ppo->user->isConnected()) {
CopixAuth::getCurrentUser()->logout(array());
CopixEventNotifier::notify('logout', array('login' => CopixAuth::getCurrentUser()->getLogin()));
CopixAuth::destroyCurrentUser();
CopixSession::destroyNamespace('default');
}
}
}
/**
* Ajout d'un commentaire dans la base après vérification des droits d'écriture
* et que l'on a bien la bonne session
*/
public function processAddComment()
{
//Vérifie que l'on a bien un paramètre id
CopixRequest::assert('id');
if (($informations = _ioClass('commentsservices')->getEnabled(_request('id'))) === false) {
throw new Exception(_i18n('comments.error.badidsession'));
}
//_log ('FROMPAGE: '.$informations['fromPage']);
//_log ('POUR ID: '._request ('id'));
//vérifie les droits d'écriture
if ($informations['writeCredential'] != "") {
CopixAuth::getCurrentUser()->assertCredential($informations['writeCredential']);
}
//Ajout du commentaire
$objComment = _record('comments');
$objComment->content_comment = _request('content');
$objComment->format_comment = 'TEXT';
//aujourd'hui on ne supporte que le format text pour les commentaires
$objComment->authorlogin_comment = _request('author');
$objComment->authoremail_comment = _request('mail');
$objComment->authorsite_comment = _request('site');
$objComment->page_comment = $informations['id'];
$objComment->date_comment = date('YmdHis');
if (CopixConfig::get('comments|captcha') != 0) {
$objComment->captcha_id = _request('captcha_id');
$objComment->captcha_answer = _request('captcha_answer');
}
try {
if (_request('preview') === null) {
_ioDAO('comments')->insert($objComment);
_ioClass('commentsservices')->removeEnabled($informations['id']);
_notify('Content', array('id' => $informations['id'], 'kind' => 'comment', 'keywords' => null, 'title' => $informations['id'], 'summary' => null, 'content' => $objComment->content_comment, 'url' => $informations['fromPage']));
return _arRedirect($informations['fromPage']);
} else {
_ioClass('commentsservices')->updateEnabled($objComment);
return _arRedirect(_url($informations['fromPage'], array('preview' => 1, 'comments' => 'list')));
}
} catch (CopixDAOCheckException $e) {
_ioClass('commentsservices')->updateEnabled($objComment);
return _arRedirect(_url($informations['fromPage'], array('errors' => 1, 'comments' => 'list')));
}
}
/**
* Plugin smarty type modifier
* Purpose: test credential
* Input: var
* Output : CopixAuth::getCurrentUser()->testCredential (var)
*/
function smarty_modifier_testCredential($string)
{
return CopixAuth::getCurrentUser()->testCredential($string);
}
/**
* Affiche le PHPInfo
*/
public function processPHPInfo()
{
CopixAuth::getCurrentUser()->assertCredential('basic:admin');
$ppo = new CopixPPO();
$ppo->TITLE_PAGE = 'PHPInfo';
$ppo->CopixVersion = COPIX_VERSION;
ob_start();
phpinfo();
$info = ob_get_contents();
ob_end_clean();
$ppo->phpinfo = preg_replace('%^.*<body>(.*)</body>.*$%ms', '$1', $info);
return _arPpo($ppo, 'phpinfo.tpl');
}
public function processLogout()
{
require_once COPIX_UTILS_PATH . '../../simplesamlphp/lib/_autoload.php';
$asId = 'iconito-sql';
if (CopixConfig::exists('default|conf_Saml_authSource') && CopixConfig::get('default|conf_Saml_authSource')) {
$asId = CopixConfig::get('default|conf_Saml_authSource');
}
$as = new SimpleSAML_Auth_Simple($asId);
$ppo = new CopixPPO();
$ppo->user = _currentUser();
if ($ppo->user->isConnected()) {
CopixAuth::getCurrentUser()->logout(array());
CopixEventNotifier::notify('logout', array('login' => CopixAuth::getCurrentUser()->getLogin()));
CopixAuth::destroyCurrentUser();
CopixSession::destroyNamespace('default');
}
$as->logout(_url() . 'simplesaml/saml2/idp/initSLO.php?RelayState=' . urlencode(_url('auth|saml|logout_cas')));
// $as->logout(_url ().'simplesaml/saml2/idp/initSLO.php?RelayState='.urlencode(_url() . 'logout.php'));
}
public function testCredentials()
{
$this->assertTrue(CopixAuth::getCurrentUser()->login(array('login' => 'CopixTest', 'password' => 'CopixTestPassword')));
try {
$this->assertFalse(CopixAuth::getCurrentUser()->assertCredential("nodroits"));
$this->assertTrue(false);
} catch (Exception $e) {
$this->assertTrue(true);
}
}
/**
* Vérifie que l'on est bien administrateur
*/
public function beforeAction()
{
CopixAuth::getCurrentUser()->assertCredential('basic:admin');
}
/**
* Recupère les droits de edit pour le champs $pId
* @param $pId string le champ a tester
*/
private function _getFieldEdit()
{
if ($this->getParams('getedit') !== null) {
if (is_bool($this->getParams('getedit'))) {
return $this->getParams('getedit');
}
return CopixAuth::getCurrentUser()->testCredential($this->getParams('getedit'));
}
return true;
}
/**
* Alias pour CopixAuth::getCurrentUser ()
* @return CopixUser
*/
function _currentUser()
{
return CopixAuth::getCurrentUser();
}
public function processLogout()
{
include_once COPIX_UTILS_PATH . '../../CAS-1.2.2/CAS.php';
$ppo = new CopixPPO();
$ppo->user = _currentUser();
if ($ppo->user->isConnected()) {
CopixAuth::getCurrentUser()->logout(array());
CopixEventNotifier::notify('logout', array('login' => CopixAuth::getCurrentUser()->getLogin()));
CopixAuth::destroyCurrentUser();
CopixSession::destroyNamespace('default');
}
phpCAS::setDebug();
$conf_Cas_host = CopixConfig::get('default|conf_Cas_host');
$conf_Cas_port = CopixConfig::get('default|conf_Cas_port');
$conf_Cas_path = CopixConfig::get('default|conf_Cas_path');
phpCAS::client(CAS_VERSION_2_0, $conf_Cas_host, (int) $conf_Cas_port, $conf_Cas_path, false);
phpCAS::setNoCasServerValidation();
phpCAS::forceAuthentication();
phpCAS::logout();
return _arRedirect(CopixRequest::get('auth_url_return', _url('||')));
}
/**
* Fonction appelée avant l'action pour vérifier les droits
*
* @param string nom de l'action
*/
public function beforeAction($actionName)
{
// verification si l'utilisateur est connecte
CopixAuth::getCurrentUser()->assertCredential('basic:admin');
}
public function _createContent(&$toReturn)
{
CopixHtmlHeader::addCSSLink(_resource('styles/comments.css'));
//Si pas d'éléments d'identifiant donné, alors on utilise l'ensemble des paramètres de la requête
if (($id = $this->getParam('id')) == "") {
$id = array_keys(CopixRequest::asArray());
}
if (($mode = $this->getParam('mode')) == "" || $mode == "request") {
if (($mode = _request('comments')) == "") {
$mode = "summary";
}
}
if (($newUrl = $this->getParam('moreUrl')) == "") {
$newUrl = _url('#', array('comments' => 'list'));
}
$tpl = new CopixTpl();
$tpl->assign('mode', $mode);
$tpl->assign('newUrl', $newUrl);
// On teste si nous sommes dans l'actions de prévisualisation
if (_request('preview') !== null) {
$tpl->assign('preview', 1);
$tpl->assign('previewDate', date('YmdHis'));
}
if (CopixAuth::getCurrentUser()->testCredential('basic:admin')) {
$tpl->assign('isAdmin', 1);
} else {
$tpl->assign('isAdmin', 0);
}
$idComment = _ioClass('commentsservices')->getId($id);
// On vérifie si les commentaires sont ouvert
$tpl->assign('locked', _dao('commentslocked')->countBy(_daoSp()->addCondition('locked_page_comment', '=', $idComment)));
if ($informations = _ioClass('commentsservices')->getEnabled($idComment)) {
$tpl->assign('newComment', $informations['object']);
if (_request('errors') !== null) {
$tpl->assign('errors', _ioDAO('comments')->check($informations['object']));
}
}
_ioClass('commentsservices')->addEnabled(array('fromPage' => _url('#'), 'writeCredential' => $this->getParam('credentialWrite'), 'id' => $idComment));
$tpl->assign('idComment', $idComment);
switch ($mode) {
case "list":
if ($this->getParam('credentialRead') != "") {
CopixAuth::getCurrentUser()->assertCredential($this->getParam('credentialRead'));
}
$tpl->assign('arrComments', _dao('comments')->findBy(_daoSp()->addCondition('page_comment', '=', $idComment)));
break;
case "summary":
$tpl->assign('nbComments', _dao('comments')->countBy(_daoSp()->addCondition('page_comment', '=', $idComment)));
break;
}
// Mise en place du captcha si besoin :
if (CopixConfig::get('comments|captcha') != 0) {
$arrCaptchaMax = _ioDao('commentscaptcha')->findBy(_daoSp()->orderBy(array('captcha_id', 'DESC'))->setLimit(0, 1));
$arrCaptchaMin = _ioDao('commentscaptcha')->findBy(_daoSp()->orderBy('captcha_id')->setLimit(0, 1));
$captcha = false;
while (!$captcha || is_null($captcha)) {
srand();
$rand = rand($arrCaptchaMin[0]->captcha_id, $arrCaptchaMax[0]->captcha_id);
$captcha = _ioDao('commentscaptcha')->get($rand);
}
$tpl->assign('captcha', $captcha);
}
$toReturn = $tpl->fetch('zone.comment.tpl');
//_log ('URL: '._url('#'));
//_log ('ID: ' . $idComment);
return true;
}
/**
* Ecran de connexion
*/
public function processForm()
{
$ppo = new CopixPPO();
$ppo->TITLE_PAGE = _i18n('auth.connect');
if (CopixAuth::getCurrentUser()->isConnected()) {
$ppo->user = CopixAuth::getCurrentUser();
return _arRedirect(_url('kernel||getHome'));
}
$config = CopixConfig::instance();
if (count($config->copixauth_getRegisteredUserHandlers()) > 1 && CopixConfig::get('auth|multipleConnectionHandler')) {
$ppo->noCredential = true;
}
$ppo->auth_url_return = CopixRequest::get('auth_url_return', _url('#'));
$ppo->failed = array();
if (CopixRequest::getInt('noCredential', 0)) {
$ppo->failed[] = _i18n('auth.error.noCredentials');
}
if (CopixRequest::getInt('failed', 0)) {
$ppo->failed[] = _i18n('auth.error.failedLogin');
}
$ppo->createUser = Copixconfig::get('auth|createUser');
$ppo->conf_Saml_actif = CopixConfig::exists('default|conf_Saml_actif') ? CopixConfig::get('default|conf_Saml_actif') : 0;
return _arPPO($ppo, 'login.form.php');
}
/**
* Saisie des informations supplémentaires si besoin
* @param array $pArExtra tableau des informations de log actuel
* @return void
*/
private static function _fillExtra(&$pArExtra)
{
$arTrace = CopixDebug::debug_backtrace(2, array(__FILE__), true);
$trace = reset($arTrace);
while ($trace && (isset($trace['class']) && in_array($trace['class'], array('CopixLog', 'CopixErrorHandler')) || $trace['function'] == '_log')) {
$trace = next($arTrace);
}
$info = array();
$info['file'] = !empty($trace['file']) ? $trace['file'] : '';
$info['line'] = !empty($trace['line']) ? $trace['line'] : '';
//$trace = next($arTrace);
$info['classname'] = isset($trace['class']) ? $trace['class'] : '';
$info['functionname'] = isset($trace['function']) ? $trace['function'] : '';
$info['request_uri'] = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '';
$pArExtra = array_merge($info, $pArExtra);
//Détermine l'utilisateur si pas donné
if (!isset($pArExtra['user'])) {
$pArExtra['user'] = CopixAuth::getCurrentUser()->getLogin();
}
}
/**
* Supression de la session (pour éviter de femer le navigateur, c'est mieux)
*/
public function processSessionDestroy()
{
CopixAuth::getCurrentUser()->assertCredential('basic:admin');
session_destroy();
return _arRedirect(_url(CopixRequest::get('popup') ? 'admin|session|popup' : 'admin|session|'));
}