public function index(SS_HTTPRequest $request) { if ($request->isPOST()) { $update = json_decode($request->getBody()); $joblog = TranscodeJob::get()->filter('JobID', (int) $update->id)->first(); // return if status already is done (some protection) if ($joblog->JobStatus !== "started") { return "Error: job status not started"; } // save full update into log object -- no, may contain passwords etc. -- well, fixed but still... //format_id // load files into appropriate relations $transcodable = $joblog->Transcodable(); $transcodable->loadTranscodedFiles(); if (count(get_object_vars($update->errors))) { $joblog->JobErrorMessage = json_encode($update->errors); $joblog->JobStatus = "error"; } else { if ($transcodable->transcodingComplete()) { // set status to done when complete... $joblog->JobErrorMessage = ""; $joblog->JobStatus = "done"; } } // write logfile $joblog->write(); } else { // this shouldn't happen return "Well hello there..."; } return "Updated"; }
public function register(SS_HTTPRequest $request) { if ($request->isPOST()) { try { if (Customer::get()->filter('Email', $request->postVar('Email'))->count()) { throw new ValidationException("Sorry a member with that email address already exists"); } $password = Customer::create_new_password(); /** @var Customer $member */ $member = Injector::inst()->create('ProfiledMemberClass'); $member->changePassword($password); // update member with cleansed posted variables $updateData = array_merge(ProfiledMemberForm::update_models('register', array_merge($request->postVars(), ['Password' => $password]), $member)); /** @var CryptofierImplementation $crypto */ $crypto = Injector::inst()->get('CryptofierService'); $token = $crypto->friendly($crypto->encrypt($member->Email)); $member->{ProfiledMemberExtension::VerificationFieldName} = $token; $member->write(); $member->addToGroupByCode(self::CustomerGroupCode); // add verification link and HasRegisteredFlag $updateData = array_merge(['Password' => $password, 'VerificationLink' => Controller::join_links(Director::absoluteBaseURL(), $this()->ActionLink("verify/{$token}"))], $updateData); $this->sendEmail('Register', $member, $updateData); Session::set(self::SessionEmailKey, $member->Email); $url = CrackerjackModule::get_config_setting(__CLASS__, 'post_register_url') ?: $this()->ActionLink('thanks'); return $this()->redirect($url); } catch (ValidationException $e) { ProfiledMemberForm::set_form_message($e->getMessage(), CrackerjackForm::Bad); return $this()->redirectBack(); } } else { return array(); } }
public function index(SS_HTTPRequest $request) { if ($request->isPOST()) { return $this->generateLinks($request); } else { return $this->show($request); } }
/** * This method passes through an HTTP request to another webserver. * This proxy is used to avoid any cross domain issues. The proxy * uses a white-list of domains to minimize security risks. * * @param SS_HTTPRequest $data array of parameters * * $data['u']: URL (complete request string) * $data['no_header']: set to '1' to avoid sending header information * directly. * @return the CURL response */ public function dorequest($data) { $headers = array(); $vars = $data->requestVars(); $no_header = false; if (!isset($vars['u'])) { return "Invalid request: unknown proxy destination."; } $url = $vars['u']; if (isset($vars['no_header']) && $vars['no_header'] == '1') { $no_header = true; } $checkUrl = explode("/", $url); if (!in_array($checkUrl[2], self::get_allowed_host())) { return "Access denied to ({$url})."; } // Open the Curl session $session = curl_init($url); // If it's a POST, put the POST data in the body $isPost = $data->isPOST(); if ($isPost) { $postvars = ''; $vars = $data->getBody(); if ($vars) { $postvars = "body=" . $vars; } else { $vars = $data->postVars(); if ($vars) { foreach ($vars as $k => $v) { $postvars .= $k . '=' . $v . '&'; } } } $headers[] = 'Content-type: text/xml'; curl_setopt($session, CURLOPT_HTTPHEADER, $headers); curl_setopt($session, CURLOPT_POST, true); curl_setopt($session, CURLOPT_POSTFIELDS, $postvars); } // Don't return HTTP headers. Do return the contents of the call curl_setopt($session, CURLOPT_HEADER, false); curl_setopt($session, CURLOPT_RETURNTRANSFER, true); // Make the call $xml = curl_exec($session); // The web service returns XML. Set the Content-Type appropriately if ($no_header == false) { header("Content-Type: text/xml"); } curl_close($session); return $xml; }
public function testHttpMethodOverrides() { $request = new SS_HTTPRequest('GET', 'admin/crm'); $this->assertTrue($request->isGET(), 'GET with no method override'); $request = new SS_HTTPRequest('POST', 'admin/crm'); $this->assertTrue($request->isPOST(), 'POST with no method override'); $request = new SS_HTTPRequest('GET', 'admin/crm', array('_method' => 'DELETE')); $this->assertTrue($request->isGET(), 'GET with invalid POST method override'); $request = new SS_HTTPRequest('POST', 'admin/crm', array(), array('_method' => 'DELETE')); $this->assertTrue($request->isDELETE(), 'POST with valid method override to DELETE'); $request = new SS_HTTPRequest('POST', 'admin/crm', array(), array('_method' => 'put')); $this->assertTrue($request->isPUT(), 'POST with valid method override to PUT'); $request = new SS_HTTPRequest('POST', 'admin/crm', array(), array('_method' => 'head')); $this->assertTrue($request->isHEAD(), 'POST with valid method override to HEAD '); $request = new SS_HTTPRequest('POST', 'admin/crm', array(), array('_method' => 'head')); $this->assertTrue($request->isHEAD(), 'POST with valid method override to HEAD'); $request = new SS_HTTPRequest('POST', 'admin/crm', array('_method' => 'head')); $this->assertTrue($request->isPOST(), 'POST with invalid method override by GET parameters to HEAD'); }
/** * Retrieves details for files that this field wishes to attache to the * client-side form * * @param SS_HTTPRequest $request * @return SS_HTTPResponse */ public function attach(SS_HTTPRequest $request) { if (!$request->isPOST()) { return $this->httpError(403); } if (!$this->canAttachExisting()) { return $this->httpError(403); } // Retrieve file attributes required by front end $return = array(); $files = File::get()->byIDs($request->postVar('ids')); foreach ($files as $file) { $return[] = $this->encodeFileAttributes($file); } $response = new SS_HTTPResponse(Convert::raw2json($return)); $response->addHeader('Content-Type', 'application/json'); return $response; }
/** * Update the order form cart, called via AJAX with current order form data. * Renders the cart and sends that back for displaying on the order form page. * * @param SS_HTTPRequest $data Form data sent via AJAX POST. * @return String Rendered cart for the order form, template include 'CheckoutFormOrder'. */ function updateOrderFormCart(SS_HTTPRequest $data) { if ($data->isPOST()) { $fields = array(); $validator = new OrderFormValidator(); $member = Customer::currentUser() ? Customer::currentUser() : singleton('Customer'); $order = CartControllerExtension::get_current_order(); //Update the Order $order->addAddressesAtCheckout($data->postVars()); $order->addModifiersAtCheckout($data->postVars()); //TODO update personal details, notes and payment type? //Create the part of the form that displays the Order $this->addItemFields($fields, $validator, $order); $this->addModifierFields($fields, $validator, $order); //This is going to go through and add modifiers based on current Form DATA //TODO This should be constructed for non-dropdown fields as well //Update modifier form fields so that the dropdown values are correct $newModifierData = array(); $subTotalModifiers = isset($fields['SubTotalModifiers']) ? $fields['SubTotalModifiers'] : array(); $totalModifiers = isset($fields['Modifiers']) ? $fields['Modifiers'] : array(); $modifierFields = array_merge($subTotalModifiers, $totalModifiers); foreach ($modifierFields as $field) { if (method_exists($field, 'updateValue')) { $field->updateValue($order); } $modifierClassName = get_class($field->getModifier()); $newModifierData['Modifiers'][$modifierClassName] = $field->Value(); } //Add modifiers to the order again so that the new values are used $order->addModifiersAtCheckout($newModifierData); $actions = new FieldSet(new FormAction('ProcessOrder', _t('CheckoutPage.PROCEED_TO_PAY', "Proceed to pay"))); $form = new CheckoutForm($this, 'OrderForm', $fields, $actions, $validator, $order); $form->disableSecurityToken(); $form->validate(); return $form->renderWith('CheckoutFormOrder'); } }
/** * - setup session in checkfront * - add package to session * - add items to session * - call the 'book' endpoint to make the booking * * @param SS_HTTPRequest $request * * @return CheckfrontForm */ protected function book(SS_HTTPRequest $request) { $message = ''; $messageType = ''; $result = array(); // only post request should route here $postVars = $request->postVars(); try { $this->clearCheckfrontSession(); $packageID = $this->getTokenInfo(CheckfrontModule::TokenItemIDIndex, $postVars[CheckfrontForm::AccessKeyFieldName]); if ($request->isPOST()) { $startDate = $request->postVar('StartDate'); $endDate = $request->postVar('EndDate'); $ratedPackageResponse = $this->api()->fetchPackage($packageID, $startDate, $endDate); if ($ratedPackageResponse->isValid()) { $package = $ratedPackageResponse->getPackage(); $this->api()->addPackageToSession($package); foreach ($postVars['ItemID'] as $index => $itemID) { if (isset($postVars['Quantity'][$index])) { if ($quantity = $postVars['Quantity'][$index]) { /** * CheckfrontAPIItemResponse */ $response = $this->api()->fetchItem($itemID, $quantity, $startDate, $endDate); if ($response->isValid()) { if ($item = $response->getItem()) { $this->api()->addItemToSession($item); } } else { throw new CheckfrontBookingException($response->getMessage(), CheckfrontException::TypeError); } } } } $bookingResponse = $this->api()->makeBooking(CheckfrontBookingModel::create_from_checkfront($postVars, 'from-form')); if ($bookingResponse->isValid()) { $paymentMethod = $this->getTokenInfo(CheckfrontModule::TokenPaymentTypeIndex, $postVars[CheckfrontForm::AccessKeyFieldName]); if ($paymentMethod == CheckfrontModule::PaymentPayNow) { $message = 'Thanks for booking, please click the link below to complete payment on your booking'; $messageType = CheckfrontException::TypeOK; if ($paymentURL = $bookingResponse->getPaymentURL()) { $result = array('PaymentURL' => $paymentURL); $this()->redirect($paymentURL); } } else { $message = 'Thanks for booking, you will receive email confirmation shortly'; $messageType = CheckfrontException::TypeOK; $result = array('CurrentPackage' => $package, 'Booking' => $bookingResponse->getBooking(), 'Items' => $bookingResponse->getItems()); } } else { throw new CheckfrontBookingException($bookingResponse->getMessage(), CheckfrontException::TypeError); } } } } catch (CheckfrontException $e) { $message = $e->getMessage(); $messageType = $e->getType(); $this->api()->clearSession(); Session::setFormMessage(CheckfrontPackageBookingForm::FormName, $message, 'bad'); $result = $this->buildBookingForm($request); } return array_merge(array(self::MessageKey => $message, self::MessageTypeKey => $messageType), $result); }
/** * Generates a fake request for the field * @param {SS_HTTPRequest} $request Source Request to base the fake request off of * @param {Widget} $sourceWidget Source widget * @param {string} $baseLink Base URL to be truncated off of the form * @return {SS_HTTPRequest} Fake HTTP Request used to fool the form field into thinking the request was made to it directly */ protected function getFakeRequest(SS_HTTPRequest $request, Widget $sourceWidget, $baseLink) { $fieldName = rawurldecode($request->param('FieldName')); $objID = preg_replace('/Widget\\[(.*?)\\]\\[(.*?)\\]\\[(.*?)\\]$/', '$2', $fieldName); $finalPostVars = array(); if ($request->isPOST()) { $postVars = $request->postVars(); //Pull the post data for the widget if (isset($postVars['Widget'][$this->getName()][$objID])) { $finalPostVars = $postVars['Widget'][$this->getName()][$objID]; } else { $finalPostVars = array(); } $finalPostVars = array_merge($finalPostVars, $postVars); unset($finalPostVars['Widget']); //Workaround for UploadField's and GridFields confusing the request $fields = $sourceWidget->getCMSFields(); $uploadFields = array(); $gridFields = array(); foreach ($fields as $field) { if ($field instanceof UploadField) { $uploadFields[] = $field->getName(); } else { if ($field instanceof GridField) { $gridFields[] = $field->getName(); } } } //Re-orgazine the upload field data if (count($uploadFields)) { foreach ($uploadFields as $field) { $formFieldName = 'Widget[' . $this->getName() . '][' . $objID . '][' . $field . ']'; $fieldData = array($formFieldName => array('name' => array('Uploads' => array()), 'type' => array('Uploads' => array()), 'tmp_name' => array('Uploads' => array()), 'error' => array('Uploads' => array()), 'size' => array('Uploads' => array()))); if (isset($postVars['Widget']['name'][$this->getName()][$objID][$field]['Uploads'])) { for ($i = 0; $i < count($postVars['Widget']['name'][$this->getName()][$objID][$field]['Uploads']); $i++) { $fieldData[$formFieldName]['name']['Uploads'][] = $postVars['Widget']['name'][$this->getName()][$objID][$field]['Uploads'][$i]; $fieldData[$formFieldName]['type']['Uploads'][] = $postVars['Widget']['type'][$this->getName()][$objID][$field]['Uploads'][$i]; $fieldData[$formFieldName]['tmp_name']['Uploads'][] = $postVars['Widget']['tmp_name'][$this->getName()][$objID][$field]['Uploads'][$i]; $fieldData[$formFieldName]['error']['Uploads'][] = $postVars['Widget']['error'][$this->getName()][$objID][$field]['Uploads'][$i]; $fieldData[$formFieldName]['size']['Uploads'][] = $postVars['Widget']['size'][$this->getName()][$objID][$field]['Uploads'][$i]; } } $finalPostVars = array_merge_recursive($finalPostVars, $fieldData); } } //Reorganize the gridfield data if (count($gridFields) && isset($postVars['Widget'][$this->getName()][$objID])) { foreach ($gridFields as $field) { $formFieldName = 'Widget[' . $this->getName() . '][' . $objID . '][' . $field . ']'; $fieldData = array($formFieldName => $postVars['Widget'][$this->getName()][$objID][$field]); } $finalPostVars = array_merge_recursive($finalPostVars, $fieldData); } } $headers = $request->getHeaders(); $request = new SS_HTTPRequest($_SERVER['REQUEST_METHOD'], str_replace(rtrim($baseLink, '/'), '', rtrim($request->getURL(), '/')) . '/', $request->getVars(), $finalPostVars, $request->getBody()); $request->match('$Action/$ID/$OtherID'); //Merge in the headers foreach ($headers as $header => $value) { $request->addHeader($header, $value); } return $request; }
public function update(SS_HTTPRequest $request) { if ($request->isPOST()) { $member = Customer::currentUser() ? Customer::currentUser() : singleton('Customer'); $order = Cart::get_current_order(); //Update the Order $order->update($request->postVars()); $order->updateModifications($request->postVars())->write(); $form = OrderForm::create($this->controller, 'OrderForm')->disableSecurityToken(); // $form->validate(); return $form->renderWith('OrderFormCart'); } }