/**
* Before exception is happening.
*
* @param Event $event Event object.
* @param Dispatcher $dispatcher Dispatcher object.
* @param PhalconException $exception Exception object.
*
* @throws \Phalcon\Exception
* @return bool
*/
public function beforeException($event, $dispatcher, $exception)
{
// Handle 404 exceptions.
if ($exception instanceof PhDispatchException) {
$dispatcher->forward(['module' => EngineApplication::SYSTEM_DEFAULT_MODULE, 'namespace' => ucfirst(EngineApplication::SYSTEM_DEFAULT_MODULE) . '\\Controller', 'controller' => 'Error', 'action' => 'show404']);
return false;
}
if (ENV == ENV_DEVELOPMENT) {
throw $exception;
} else {
EngineException::logException($exception);
}
// Handle other exceptions.
$dispatcher->forward(['module' => EngineApplication::SYSTEM_DEFAULT_MODULE, 'namespace' => ucfirst(EngineApplication::SYSTEM_DEFAULT_MODULE) . '\\Controller', 'controller' => 'Error', 'action' => 'show500']);
return $event->isStopped();
}
/**
* This method forward to the action.
*
* @param object $Router the instance of the Router class.
*/
public static function dispatch($Router)
{
$moduleName = $Router->getModuleName();
$params = $Router->getParams();
$controllerName = $Router->getControllerName();
//the name without 'Controller'
$actionName = $Router->getActionName();
session_start();
Dispatcher::forward($moduleName, $controllerName, $actionName, $params);
session_write_close();
}
/**
* This action is executed before execute any action in the application
*
* @param Event $event
* @param Dispatcher $dispatcher
*/
public function beforeDispatch(Event $event, Dispatcher $dispatcher)
{
$auth = $this->session->get('auth');
if (!$auth) {
$role = 'Guests';
} else {
$role = 'Users';
}
$controller = $dispatcher->getControllerName();
$action = $dispatcher->getActionName();
$acl = $this->getAcl();
$allowed = $acl->isAllowed($role, $controller, $action);
if ($allowed != Acl::ALLOW) {
$dispatcher->forward(array('controller' => 'errors', 'action' => 'show401'));
$this->session->destroy();
return false;
}
}
/**
* The signIn method - check with the database table with uid, pwd and mapping table
* and dispatch to the responding action after login.
*
* @param string $uid
* @param string $pwd
* @param string $mapTbl
*/
public function signIn($moduleName = null, $controllerName = null, $actionName = null)
{
$moduleName = is_null($moduleName) ? MvcReg::getModuleName() : $moduleName;
$controllerName = is_null($controllerName) ? MvcReg::getControllerName() : $controllerName;
$actionName = is_null($actionName) ? MvcReg::getActionName() : $actionName;
$acl = AclUtility::getInstance();
$tbl_id = $acl->getTableIdByModule($moduleName);
//if the module is not from MvcReg or different from MvcReg, need to get the mapDbId again for reset the acDb
if (!is_null($moduleName) || $moduleName == MvcReg::getModuleName()) {
$mapDbId = $acl->getMapDatabaseId($tbl_id);
$this->setDb($mapDbId);
}
$tableName = $acl->getTableById($tbl_id);
$mapFields = $acl->getMappingFieldByTbl($tbl_id);
//prepare encryption setting
$encrytionArray = $acl->getEncrytion();
$encrytion = $encrytionArray[$tbl_id];
$useEcryption = isset($encrytion['use_pwd_encryption']) ? $encrytion['use_pwd_encryption'] : NULL;
//This sets the default method to PHP MD5 encryption
$encrytionOption = isset($encrytion['encrytion_option']) ? $encrytion['encrytion_option'] : "PHP";
$encrytionMethod = isset($encrytion['encrytion_method']) ? $encrytion['encrytion_method'] : "MD5";
$dbUid = $mapFields["user_id"];
$dbPwd = isset($mapFields["pwd"]) ? $mapFields["pwd"] : null;
$dbSalt = isset($mapFields["pwd_encrypt"]) ? $mapFields["pwd_encrypt"] : null;
$dbIsdelete = isset($mapFields["is_delete"]) ? $mapFields["is_delete"] : null;
$dbIsdeleteValue = isset($mapFields["is_delete_value"]) && !is_null($dbIsdelete) ? $mapFields["is_delete_value"] : null;
$params = Parameter::getParams();
if (isset($params["{$dbUid}"]) && isset($params["{$dbPwd}"])) {
$uid = $params["{$dbUid}"];
$pwd = $params["{$dbPwd}"];
} else {
throw new AiryException("Not passing the user id and password from the login form");
}
$mysql_results = null;
//determine use encryption for password or not
if (!is_null($useEcryption) && ($useEcryption == 1 || strtoupper($useEcryption) == "TRUE")) {
$salt = "";
if (strtoupper($encrytionOption) == "PHP") {
/**
* Currently, only support MD5
*/
if (strtoupper($encrytionMethod) == self::MD5) {
$salt = md5(trim($pwd));
}
} else {
$encryObj = new $encrytionOption();
$salt = $encryObj->{$encrytionMethod}(trim($pwd));
}
$mysql_results = $this->getUserByUid($tableName, $dbUid, $uid, $dbIsdelete, $dbIsdeleteValue);
} else {
$mysql_results = $this->getUserByUid($tableName, $dbUid, $uid, $dbIsdelete, $dbIsdeleteValue);
}
$rows = mysql_fetch_array($mysql_results, MYSQL_ASSOC);
$bLogin = false;
if (is_array($rows)) {
if (!is_null($useEcryption) && ($useEcryption == 1 || strtoupper($useEcryption) == "TRUE")) {
if ($rows[$dbSalt] == $salt) {
$bLogin = true;
}
} else {
if ($rows[$dbPwd] == $pwd) {
$bLogin = true;
}
}
}
if ($bLogin) {
$_SESSION[$moduleName][Authentication::UID] = $uid;
$_SESSION[$moduleName][Authentication::ENCRYPT_UID] = Base64UrlCode::encrypt($uid);
$_SESSION[$moduleName][Authentication::IS_LOGIN] = true;
$_SESSION[Authentication::UID]['module'] = $moduleName;
foreach ($rows as $key => $value) {
$_SESSION[$moduleName]['user'][$key] = $value;
}
$successfulArray = $acl->getSuccessfulDispatch();
$successfulController = $successfulArray[$moduleName]['controller'];
$successfulAction = $successfulArray[$moduleName]['action'];
//forward to login sucessful action - this is set in the act.xml
Dispatcher::forward($moduleName, $successfulController, $successfulAction, $params);
} else {
$authArray = $acl->getAuthentications();
$loginErrorActionName = "loginErrorAction";
if (isset($authArray[$moduleName]['login_error_action'])) {
$loginErrorActionName = $authArray[$moduleName]['login_error_action'];
}
//forward to login error action
Dispatcher::forward($moduleName, $controllerName, $loginErrorActionName, $params);
}
}
