Exemple #1
0
 public function cbCheckFrontendPagePermissions($context)
 {
     $this->initialiseCookie();
     ## Cookies only show up on page refresh. This flag helps in making sure the correct XML is being set
     $loggedin = false;
     $action = $_REQUEST['member-action'];
     if (trim($action) == 'logout') {
         $this->logout();
         if (isset($_REQUEST['redirect'])) {
             redirect($_REQUEST['redirect']);
         }
         redirect(URL);
     } elseif (trim($action) == 'login') {
         $username = Symphony::Database()->cleanValue($_REQUEST['username']);
         $password = Symphony::Database()->cleanValue($_REQUEST['password']);
         if ($this->login($username, $password)) {
             if (isset($_REQUEST['redirect'])) {
                 redirect($_REQUEST['redirect']);
             }
             redirect(URL);
         }
         self::$_failed_login_attempt = true;
     } else {
         $loggedin = $this->isLoggedIn();
     }
     $this->initialiseMemberObject();
     if ($loggedin && is_object($this->Member)) {
         $role_data = $this->Member->getData($this->roleField());
         $this->__updateSystemTimezoneOffset();
     }
     $role = $this->fetchRole($loggedin ? $role_data['role_id'] : 1, true);
     if (!$role->canAccessPage((int) $context['page_data']['id'])) {
         if ($row = Symphony::Database()->fetchRow(0, "SELECT `tbl_pages`.* FROM `tbl_pages`, `tbl_pages_types` \r\n\t\t\t\t\tWHERE `tbl_pages_types`.page_id = `tbl_pages`.id AND tbl_pages_types.`type` = '403' \r\n\t\t\t\t\tLIMIT 1")) {
             $row['type'] = Symphony::Database()->fetchCol('type', "SELECT `type` FROM `tbl_pages_types` WHERE `page_id` = '" . $row['id'] . "' ");
             $row['filelocation'] = PAGES . '/' . trim(str_replace('/', '_', $row['path'] . '_' . $row['handle']), '_') . '.xsl';
             $context['page_data'] = $row;
             return;
         }
         throw new SymphonyErrorPage('Please <a href="' . URL . '/symphony/login/">login</a> to view this page.', 'Forbidden', 'error', array('header' => 'HTTP/1.0 403 Forbidden'));
     }
 }
 public function checkFrontendPagePermissions($context)
 {
     $this->initialiseCookie();
     ## Cookies only show up on page refresh. This flag helps in making sure the correct XML is being set
     $loggedin = false;
     $action = $_REQUEST['member-action'];
     if (trim($action) == 'logout') {
         $this->logout();
         redirect(URL);
     } elseif (isset($action['login'])) {
         $username = Symphony::Database()->cleanValue($_REQUEST['username']);
         $password = Symphony::Database()->cleanValue($_REQUEST['password']);
         if ($this->login($username, $password)) {
             if (isset($_REQUEST['redirect'])) {
                 redirect($_REQUEST['redirect']);
             }
             redirect(URL . $_SERVER['REQUEST_URI']);
         }
         self::$_failed_login_attempt = true;
     } elseif (isset($context['env']['url']['member-token']) && preg_match('/^[a-f0-9]{8}$/', $context['env']['url']['member-token'])) {
         $token = Symphony::Database()->fetchRow(0, "SELECT * FROM `tbl_members_login_tokens` WHERE `token` = '" . $context['env']['url']['member-token'] . "' LIMIT 1");
         if (is_array($token) && !empty($token)) {
             $entry = $this->fetchMemberFromID($token['member_id']);
             $username_field_data = $entry->getData($this->usernameAndPasswordField());
             $loggedin = $this->login($username_field_data['username'], $username_field_data['password'], true);
             self::purgeTokens($token['member_id']);
         }
     } else {
         $loggedin = $this->isLoggedIn();
     }
     $this->initialiseMemberObject();
     if ($loggedin && is_object($this->Member)) {
         $role_data = $this->Member->getData($this->roleField());
     }
     $role = $this->fetchRole($loggedin ? $role_data['role_id'] : 1, true);
     if (!$role->canAccessPage((int) $context['page_data']['id'])) {
         /*
         	Array
         	(
         	    [id] => 115
         	    [parent] => 91
         	    [title] => New
         	    [handle] => new
         	    [path] => downloads
         	    [params] => type
         	    [data_sources] => menu
         	    [events] => save_download
         	    [sortorder] => 13
         	    [type] => Array
         	        (
         	        )
         
         	    [filelocation] => /Users/pointybeard/Sites/projects/overture/public/workspace/pages/downloads_new.xsl
         	)
         
         	Array
         	(
         	    [id] => 136
         	    [parent] =>
         	    [title] => Forbidden
         	    [handle] => forbidden
         	    [path] =>
         	    [params] =>
         	    [data_sources] => menu
         	    [events] =>
         	    [sortorder] => 37
         	)
         */
         if ($row = Symphony::Database()->fetchRow(0, "SELECT `tbl_pages`.* FROM `tbl_pages`, `tbl_pages_types`\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t  WHERE `tbl_pages_types`.page_id = `tbl_pages`.id AND tbl_pages_types.`type` = '403'\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t  LIMIT 1")) {
             //redirect(URL . '/' . $row['path'] . '/' . $row['handle']);
             //$page['filelocation'] = $this->resolvePageFileLocation($page['path'], $page['handle']);
             //$page['type'] = $this->__fetchPageTypes($page['id']);
             $row['type'] = Symphony::Database()->fetchCol('type', "SELECT `type` FROM `tbl_pages_types` WHERE `page_id` = '" . $row['id'] . "' ");
             $row['filelocation'] = PAGES . '/' . trim(str_replace('/', '_', $row['path'] . '_' . $row['handle']), '_') . '.xsl';
             $context['page_data'] = $row;
             return;
         }
         $this->_Parent->customError(E_USER_ERROR, 'Forbidden', 'Please <a href="' . URL . '/symphony/login/">login</a> to view this page.', false, true, 'error', array('header' => 'HTTP/1.0 403 Forbidden'));
     }
     //$context['wrapper']->appendChild($this->buildXML());
 }
 public function checkFrontendPagePermissions($context)
 {
     $isLoggedIn = false;
     $errors = array();
     $action = null;
     // Checks $_REQUEST to see if a Member Action has been requested,
     // member-action['login'] and member-action['logout']/?member-action=logout
     // are the only two supported at this stage.
     if (isset($_REQUEST['member-action']) && is_array($_REQUEST['member-action'])) {
         list($action) = array_keys($_REQUEST['member-action']);
     } else {
         if (isset($_REQUEST['member-action'])) {
             $action = $_REQUEST['member-action'];
         }
     }
     // Check to see a Member is already logged in.
     $isLoggedIn = $this->getMemberDriver()->isLoggedIn($errors);
     // Logout
     if (trim($action) == 'logout') {
         /**
          * Fired just before a member is logged out (and page redirection),
          * this delegate provides the current Member ID
          *
          * @delegate MembersPreLogout
          * @param string $context
          *  '/frontend/'
          * @param integer $member_id
          *  The Member ID of the member who is about to logged out
          */
         Symphony::ExtensionManager()->notifyMembers('MembersPreLogout', '/frontend/', array('member_id' => $this->getMemberDriver()->getMemberID()));
         $this->getMemberDriver()->logout();
         // If a redirect is provided, redirect to that, otherwise return the user
         // to the index of the site. Issue #51 & #121
         if (isset($_REQUEST['redirect'])) {
             redirect($_REQUEST['redirect']);
         }
         redirect(URL);
     } else {
         if (trim($action) == 'login' && !is_null($_POST['fields'])) {
             // If a Member is already logged in and another Login attempt is requested
             // log the Member out first before trying to login with new details.
             if ($isLoggedIn) {
                 $this->getMemberDriver()->logout();
             }
             if ($this->getMemberDriver()->login($_POST['fields'])) {
                 /**
                  * Fired just after a Member has successfully logged in, this delegate
                  * provides the current Member ID. This delegate is fired just before
                  * the page redirection (if it is provided)
                  *
                  * @delegate MembersPostLogin
                  * @param string $context
                  *  '/frontend/'
                  * @param integer $member_id
                  *  The Member ID of the member who just logged in.
                  * @param Entry $member
                  *  The Entry object of the logged in Member.
                  */
                 Symphony::ExtensionManager()->notifyMembers('MembersPostLogin', '/frontend/', array('member_id' => $this->getMemberDriver()->getMemberID(), 'member' => $this->getMemberDriver()->getMember()));
                 if (isset($_POST['redirect'])) {
                     redirect($_POST['redirect']);
                 }
             } else {
                 self::$_failed_login_attempt = true;
                 /**
                  * A failed Member login attempt
                  *
                  * @delegate MembersLoginFailure
                  * @param string $context
                  *  '/frontend/'
                  * @param string $username
                  *  The username of the Member who attempted to login.
                  */
                 Symphony::ExtensionManager()->notifyMembers('MembersLoginFailure', '/frontend/', array('username' => Symphony::Database()->cleanValue($_POST['fields'][extension_Members::getFieldHandle('identity')])));
             }
         }
     }
     $this->Member->initialiseMemberObject();
     $hasRoles = FieldManager::isFieldUsed(extension_Members::getFieldType('role'));
     if ($isLoggedIn && $this->getMemberDriver()->getMember() instanceof Entry) {
         $this->getMemberDriver()->updateSystemTimezoneOffset();
         if ($hasRoles) {
             $role_field = extension_Members::getField('role');
             if ($role_field) {
                 $role_data = $this->getMemberDriver()->getMember()->getData($role_field->get('id'));
             }
         }
     }
     // If there is no role field, or a Developer is logged in, return, as Developers
     // should be able to access every page. Handles Symphony 2.4 or Symphony 2.5
     $isDeveloper = method_exists(Symphony::Engine(), 'Author') ? Symphony::Engine()->Author() instanceof Author && Symphony::Engine()->Author()->isDeveloper() : Symphony::Engine()->Author instanceof Author && Symphony::Engine()->Author->isDeveloper();
     if (!$hasRoles || $isDeveloper) {
         return;
     }
     $role_id = $isLoggedIn ? $role_data['role_id'] : Role::PUBLIC_ROLE;
     $role = RoleManager::fetch($role_id);
     if ($role instanceof Role && !$role->canAccessPage((int) $context['page_data']['id'])) {
         // User has no access to this page, so look for a custom 403 page
         if ($row = PageManager::fetchPageByType('403')) {
             $row['type'] = PageManager::fetchPageTypes($row['id']);
             $row['filelocation'] = PageManager::resolvePageFileLocation($row['path'], $row['handle']);
             $context['page_data'] = $row;
             return;
         } else {
             // No custom 403, just throw default 403
             GenericExceptionHandler::$enabled = true;
             Frontend::instance()->throwCustomError(__('The page you have requested has restricted access permissions.'), __('Forbidden'), Page::HTTP_STATUS_FORBIDDEN);
         }
     }
 }
Exemple #4
0
 public function checkFrontendPagePermissions($context)
 {
     $isLoggedIn = false;
     $errors = array();
     // Checks $_REQUEST to see if a Member Action has been requested,
     // member-action['login'] and member-action['logout']/?member-action=logout
     // are the only two supported at this stage.
     if (is_array($_REQUEST['member-action'])) {
         list($action) = array_keys($_REQUEST['member-action']);
     } else {
         $action = $_REQUEST['member-action'];
     }
     // Check to see a Member is already logged in.
     $isLoggedIn = $this->getMemberDriver()->isLoggedIn($errors);
     // Logout
     if (trim($action) == 'logout') {
         /**
          * Fired just before a member is logged out (and page redirection),
          * this delegate provides the current Member ID
          *
          * @delegate MembersPreLogout
          * @param string $context
          *  '/frontend/'
          * @param integer $member_id
          *  The Member ID of the member who is about to logged out
          */
         Symphony::ExtensionManager()->notifyMembers('MembersPreLogout', '/frontend/', array('member_id' => $this->getMemberDriver()->getMemberID()));
         $this->getMemberDriver()->logout();
         // If a redirect is provided, redirect to that, otherwise return the user
         // to the index of the site. Issue #51 & #121
         if (isset($_REQUEST['redirect'])) {
             redirect($_REQUEST['redirect']);
         }
         redirect(URL);
     } else {
         if (trim($action) == 'login' && !is_null($_POST['fields'])) {
             // If a Member is already logged in and another Login attempt is requested
             // log the Member out first before trying to login with new details.
             if ($isLoggedIn) {
                 $this->getMemberDriver()->logout();
             }
             if ($this->getMemberDriver()->login($_POST['fields'])) {
                 /**
                  * Fired just after a Member has successfully logged in, this delegate
                  * provides the current Member ID. This delegate is fired just before
                  * the page redirection (if it is provided)
                  *
                  * @delegate MembersPostLogin
                  * @param string $context
                  *  '/frontend/'
                  * @param integer $member_id
                  *  The Member ID of the member who just logged in.
                  * @param Entry $member
                  *  The Entry object of the logged in Member.
                  */
                 Symphony::ExtensionManager()->notifyMembers('MembersPostLogin', '/frontend/', array('member_id' => $this->getMemberDriver()->getMemberID(), 'member' => $this->getMemberDriver()->getMember()));
                 if (isset($_POST['redirect'])) {
                     redirect($_POST['redirect']);
                 }
             } else {
                 self::$_failed_login_attempt = true;
             }
         }
     }
     $this->Member->initialiseMemberObject();
     if ($isLoggedIn && $this->getMemberDriver()->getMember() instanceof Entry) {
         $this->updateSystemTimezoneOffset($this->getMemberDriver()->getMemberID());
         if (!is_null(extension_Members::getFieldHandle('role'))) {
             $role_data = $this->getMemberDriver()->getMember()->getData(extension_Members::getField('role')->get('id'));
         }
     }
     // If there is no role field, or a Developer is logged in, return, as Developers
     // should be able to access every page.
     if (is_null(extension_Members::getFieldHandle('role')) || Frontend::instance()->Author instanceof Author && Frontend::instance()->Author->isDeveloper()) {
         return;
     }
     $role_id = $isLoggedIn ? $role_data['role_id'] : Role::PUBLIC_ROLE;
     $role = RoleManager::fetch($role_id);
     if ($role instanceof Role && !$role->canAccessPage((int) $context['page_data']['id'])) {
         // User has no access to this page, so look for a custom 403 page
         if ($row = Symphony::Database()->fetchRow(0, "\n\t\t\t\t\tSELECT `p`.*\n\t\t\t\t\tFROM `tbl_pages` as `p`\n\t\t\t\t\tLEFT JOIN `tbl_pages_types` AS `pt` ON(`p`.id = `pt`.page_id)\n\t\t\t\t\tWHERE `pt`.type = '403'\n\t\t\t\t")) {
             $row['type'] = FrontendPage::fetchPageTypes($row['id']);
             $row['filelocation'] = FrontendPage::resolvePageFileLocation($row['path'], $row['handle']);
             $context['page_data'] = $row;
             return;
         } else {
             // No custom 403, just throw default 403
             GenericExceptionHandler::$enabled = true;
             throw new SymphonyErrorPage(__('The page you have requested has restricted access permissions.'), __('Forbidden'), 'error', array('header' => 'HTTP/1.0 403 Forbidden'));
         }
     }
 }