/**
* Configures the in-built session.
*
* A value of 'private' for the cache limiter prevents 'page has expired'
* warnings and enables client caching of session pages. However, it should
* not be used with POST forms or other content that should not be cached
* by the client. The default is to disallow all caching.
*
* @see http://shiflett.org/articles/how-to-avoid-page-has-expired-warnings
* @param string $name session name
* @param string $dir directory to save session files in
* @param bool $https_only maintain session for https requests only
* @param T_Url $url root url for session (if on shared host)
* @param string $cache_limiter caching type ('nocache' by default)
* @param int $cache_expire cache expiry (mins)
*/
function __construct($name = 'sid', $dir = null, $https_only = false, T_Url $url = null, $cache_limiter = 'nocache', $cache_expire = 30)
{
// use cookies only
ini_set('session.use_only_cookies', 1);
ini_set('session.cookie_httponly', 1);
// set session name
session_name($name);
// setup cookie parameters
if ($url) {
$path = '/';
if (count($url->getPath()) > 0) {
$path .= implode('/', $url->getPath()) . '/';
}
$domain = $url->getHost();
// remove any 'www.' prefix subdomain as not relevant, and take off
// any port information.
if (strncasecmp('www.', $domain, 4) === 0) {
$domain = substr($domain, 4);
}
if (($pos = strpos($domain, ':')) !== false) {
$domain = substr($domain, 0, $pos);
}
if (strpos($domain, '.') === false) {
$domain = null;
// HTTP protocol doesn't allow setting top level domains like
// 'localhost' for security reasons
} else {
$domain = '.' . $domain;
// prefix domain with dot to make sure it is
// available on all sub-domains
}
} else {
$path = '/';
$domain = null;
}
session_set_cookie_params(null, $path, $domain, $https_only);
// set save path
if ($dir) {
session_save_path($dir);
} else {
$default = new T_File_Dir(T_CACHE_DIR . 'session');
session_save_path($default->__toString());
// it is not safe on shared hosts to store session files in shared
// temporary dirs. Therefore by default store session files in
// cache directory.
}
// configure caching
session_cache_limiter($cache_limiter);
session_cache_expire($cache_expire);
}
/**
* Create controller from previous context.
*
* This default controller action clones URL and subspace from the previous
* controller context. If it is consuming the URL path (as is normal), it
* shifts a single value out from the subspace and moves it onto its own URL.
* Sometimes, the request is "delegated" sideways in the controller stack, and
* in this case the controller simply takes over from the parent and does not
* pop any bits off the pathname.
*
* @param T_Controller_Context $context context
*/
function __construct(T_Controller_Context $context)
{
$this->context = $context;
$this->url = clone $context->getUrl();
$this->subspace = $context->getSubspace();
if (!$context->isDelegated()) {
$name = array_shift($this->subspace);
if (strlen($name) == 0) {
throw new T_Exception_Controller('no subspace stack');
}
$this->url->appendPath($name);
}
$this->coerceScheme($context->getCoerceScheme());
// inherit any scheme coerce
}
/**
* Prepare-filter forwards to get if form was present and valid.
*
* At this point, the request has not been sent, but has been created and is about to be.
* If the request is valid, we want to skip out *before* the form is sent and simply
* redirect.
*
* @param T_Response $response encapsulated response to filter
*/
protected function doPrepareFilter(T_Response $response)
{
if ($this->form->isPresent() && $this->form->isValid() && $this->forward) {
// POST request is successful, therefore redirect to GET so the
// back button cannot be used to repeat the request.
$response->abort();
throw new T_Response_Redirect($this->forward->getUrl());
}
}
/**
* Render an embedded resource.
*
* At the moment, this renderer is setup to assume that all embedded resources are
* images. However, this could be easily extended to handle video, and so on.
*
* @param T_Text_EmbeddedLink $element
*/
function visitTextResource(T_Text_Resource $node)
{
$escape = new T_Filter_Xhtml();
if ($node->isInternal()) {
$url = $this->root_url->getUrl($escape) . $node->getUrl($escape);
} else {
$url = $node->getUrl($escape);
}
$this->xhtml .= '<img src="' . $url . '" alt="' . $node->getContent($this->filter) . '" />' . EOL;
}
/**
* Set a cookie.
*
* @param string $name cookie name
* @param string $value cookie value
* @param int $expires expiry time (UNIX time)
* @param string $path path on which the cookie is available
* @param string $domain domain on which cookie is available
* @param bool $secure whether to only send the cookie over https
*/
function set($name, $value, $expires = null, $path = null, $domain = null, $secure = null)
{
// if domain/path is default (null), and a server document root value is
// available, then we use that as these parameters.
if (is_null($path) && is_null($domain) && $this->root) {
$path = '/';
if (count($this->root->getPath()) > 0) {
$path .= implode('/', $this->root->getPath()) . '/';
}
$domain = $this->root->getHost();
// remove any 'www.' prefix subdomain as not relevant, and take off
// any port information.
if (strncasecmp('www.', $domain, 4) === 0) {
$domain = substr($domain, 4);
}
if (($pos = strpos($domain, ':')) !== false) {
$domain = substr($domain, 0, $pos);
}
if (strpos($domain, '.') === false) {
$domain = null;
// HTTP protocol doesn't allow setting top level domains like
// 'localhost' for security reasons
} else {
$domain = '.' . $domain;
// prefix domain with dot to make sure it is
// available on all sub-domains
}
} elseif (strlen($domain) > 0 && strpos($domain, '.') === false) {
$msg = "{$domain} is a TLD which HTTP protocol forbids in a cookie";
throw new InvalidArgumentException($msg);
}
if ($expires > time() || !is_int($expires)) {
$this->data[$name] = $value;
} else {
// deleting cookie
unset($this->data[$name]);
$value = null;
}
$this->doCookieSet($name, $value, $expires, $path, $domain, $secure);
return $this;
}
/**
* Create a URL.
*
* @param string $title title of the URL link
* @param string $scheme URL scheme (e.g. http,https,etc.)
* @param string $host URL host (e.g. subdomain.domain:port)
* @param array $path URL path as a segment array
* @param array $parameters URL parameters as name=>value pair array
* @param string $fragment URL fragment (e.g. HTTP anchor value)
*/
function __construct($title, $scheme, $host, array $path = array(), array $parameters = array(), $fragment = null)
{
parent::__construct($scheme, $host, $path, $parameters, $fragment);
$this->title = (string) $title;
}
