<!--<p class="button"><a href="<?php echo get_url('fnb/add'); ?> "><img src="<?php echo URI_PUBLIC; ?> wolf/admin/images/user.png" align="middle" alt="user icon" /> <?php echo __('New Menu'); ?> </a></p>--> <?php } if (Dispatcher::getAction() == 'edit') { foreach (Dispatcher::getParams() as $id) { $fnbid = $id; break; } ?> <!--<p class="button"><a href="#upload-file-popup" class="popupLink"><img src="<?php echo URL_PUBLIC; ?> wolf/admin/images/icon-img-upload.png" align="middle" alt="upload icon" /><?php echo __('Upload Menu Image'); ?> </a></p> <p class="button"><a href="#upload-location-popup" class="popupLink"><img src="<?php echo URL_PUBLIC;
/** * Add new elements in breadcrumbs corresponding to request dispatcher : controllerName, actionName, parameters * @param Dispatcher $dispatcher the request dispatcher * @return \Ajax\bootstrap\html\HtmlBreadcrumbs */ public function fromDispatcher($dispatcher, $startIndex = 0) { $this->startIndex = $startIndex; $params = $dispatcher->getParams(); $action = $dispatcher->getActionName(); $items = array($dispatcher->getControllerName()); if (\sizeof($params) > 0 || \strtolower($action) != "index") { $items[] = $action; foreach ($params as $p) { if (\is_object($p) === false) { $items[] = $p; } } } return $this->addItems($items); }
/** * before routing event. * Handles authentication and authentication of user requests * In case of API calls, also prevalidates if request can be executed to return a more readable response * to the user. * @param Dispatcher $dispatcher * @return null|bool */ public function beforeExecuteRoute($dispatcher) { // handle authentication / authorization if (!empty($this->request->getHeader('Authorization'))) { // Authorization header send, handle API request $authHeader = explode(' ', $this->request->getHeader('Authorization')); if (count($authHeader) > 1) { $key_secret_hash = $authHeader[1]; $key_secret = explode(':', base64_decode($key_secret_hash)); if (count($key_secret) > 1) { $apiKey = $key_secret[0]; $apiSecret = $key_secret[1]; $authFactory = new AuthenticationFactory(); $authenticator = $authFactory->get("Local API"); if ($authenticator->authenticate($apiKey, $apiSecret)) { $authResult = $authenticator->getLastAuthProperties(); if (array_key_exists('username', $authResult)) { // check ACL if user is returned by the Authenticator object $acl = new ACL(); if (!$acl->isPageAccessible($authResult['username'], $_SERVER['REQUEST_URI'])) { $this->getLogger()->error("uri " . $_SERVER['REQUEST_URI'] . " not accessible for user " . $authResult['username'] . " using api key " . $apiKey); } else { // authentication + authorization successful. // pre validate request and communicate back to the user on errors $callMethodName = $dispatcher->getActionName() . 'Action'; $dispatchError = null; // check number of parameters using reflection $object_info = new \ReflectionObject($this); $req_c = $object_info->getMethod($callMethodName)->getNumberOfRequiredParameters(); if ($req_c > count($dispatcher->getParams())) { $dispatchError = 'action ' . $dispatcher->getActionName() . ' expects at least ' . $req_c . ' parameter(s)'; } else { // if body is send as json data, parse to $_POST first $dispatchError = $this->parseJsonBodyData(); } if ($dispatchError != null) { // send error to client $this->response->setStatusCode(400, "Bad Request"); $this->response->setContentType('application/json', 'UTF-8'); $this->response->setJsonContent(array('message' => $dispatchError, 'status' => 400)); $this->response->send(); return false; } return true; } } } } } // not authenticated $this->response->setStatusCode(401, "Unauthorized"); $this->response->setContentType('application/json', 'UTF-8'); $this->response->setJsonContent(array('status' => 401, 'message' => 'Authentication Failed')); $this->response->send(); return false; } else { // handle UI ajax requests // use session data and ACL to validate request. if (!$this->doAuth()) { return false; } // check for valid csrf on post requests $csrf_tokenkey = $this->request->getHeader('X_CSRFTOKENKEY'); $csrf_token = $this->request->getHeader('X_CSRFTOKEN'); $csrf_valid = $this->security->checkToken($csrf_tokenkey, $csrf_token, false); if (($this->request->isPost() || $this->request->isPut() || $this->request->isDelete()) && !$csrf_valid) { // missing csrf, exit. $this->getLogger()->error("no matching csrf found for request"); return false; } } }
/** * set the active page corresponding to request dispatcher : controllerName, actionName, parameters and $urlMask * @param Dispatcher $dispatcher the request dispatcher * @return \Ajax\bootstrap\html\HtmlPagination */ public function fromDispatcher($dispatcher) { $items = array($dispatcher->getControllerName(), $dispatcher->getActionName()); $items = array_merge($items, $dispatcher->getParams()); $url = implode("/", $items); if ($this->urlMask === "%page%") { $this->urlMask = preg_replace("/[0-9]/", "%page%", $url); } for ($index = $this->from; $index <= $this->to; $index++) { if ($this->getUrl($index) == $url) { $this->setActive($index); break; } } return $this; }