public function _check($subject, $controller, $action)
{
$decision = false;
$object = Zend_Registry::get('userid');
$user = Evil_Structure::getObject('user', $object);
Zend_Registry::set('userData', $user->data());
$role = $user->getValue('role');
$logger = Zend_Registry::get('logger');
// Роль для гостя - незарег. пользователя
$role = $object == -1 ? 'guest' : $role;
// По 3-м возможным вариантам: все, роль пользователя, ID пользователя
$check = array('all', $role, $object);
foreach ($check as $__user_role) {
if (!isset(self::$_rules[$__user_role][$controller])) {
continue;
} else {
$current = self::$_rules[$__user_role][$controller];
}
if (is_array($current)) {
if (empty($current)) {
// пустой массив - все методы - разрешаем
$decision = true;
break;
} elseif (in_array($action, $current)) {
// есть в списке - разрешаем
$decision = true;
break;
}
}
}
return $decision;
}
public function doAuth($controller)
{
if (!isset($_GET['userid']) && !isset($_GET['password'])) {
throw new Exception("Mailformed request", 403);
exit;
} else {
$user = Evil_Structure::getObject('user');
$user->where('nickname', '=', $_GET['userid']);
if ($user->load()) {
if ($user->getValue('password') == md5($_GET['password'])) {
$apiSession = Evil_Structure::getObject('api-sessions');
$apiSession->where('userid', '=', $user->getId());
if ($apiSession->load()) {
//Existing record
Zend_Debug::dump($apiSession);
} else {
//new record, insert data
}
return $user->getId();
} else {
throw new Exception('Password Incorrect');
}
} else {
throw new Exception('Unknown user');
}
}
}
public function where($key, $selector, $value = null, $offset = 0, $count = 500, $orderBy = 'id DESC')
{
switch ($selector) {
case '=':
case '<':
case '>':
case '<=':
case '>=':
case '!=':
if (in_array($key, $this->_fixedschema)) {
$this->_lastQuery = $this->_fixed->select()->from($this->_fixed)->where($key . ' ' . $selector . ' ?', $value);
$rows = $this->_fixed->fetchAll($this->_lastQuery);
$ids = $rows->toArray();
}
break;
case ':':
foreach ($value as &$cvalue) {
$cvalue = '"' . $cvalue . '"';
}
if (in_array($key, $this->_fixedschema)) {
$this->_lastQuery = $this->_fixed->select()->from($this->_fixed)->where($key . ' IN (' . implode(',', $value) . ')');
$rows = $this->_fixed->fetchAll($this->_lastQuery);
}
break;
case '*':
case '@':
switch ($key) {
case 'all':
$this->_lastQuery = $this->_fixed->select()->limitPage($offset, $count)->order($orderBy);
$rows = $this->_fixed->fetchAll($this->_lastQuery);
break;
}
break;
case 'multi':
$this->_lastQuery = $this->_fixed->select()->from($this->_fixed);
foreach ($value as $fieldName => $fieldParams) {
foreach ($fieldParams as $selector => $val) {
$this->_lastQuery->where($fieldName . ' ' . $selector . ' ?', $val);
}
}
$rows = $this->_fixed->fetchAll($this->_lastQuery);
break;
default:
throw new Evil_Exception('Unknown selector ' . $selector);
break;
}
$ids = $rows->toArray();
foreach ($ids as $data) {
$id = $data['id'];
$this->_items[$id] = Evil_Structure::getObject($this->_type, $id, $data);
}
return $this;
}
public static function get($type, $source)
{
$sensors = Evil_Structure::getComposite('sensor');
$sensors->where('src', '=', $source);
$srcFiltered = $sensors->data('id');
$sensors->where('type', '=', $type);
$typeFiltered = $sensors->data('id');
$sensors->load(array_intersect($srcFiltered, $typeFiltered));
$Output = array();
foreach ($sensors->_items as $item) {
$Output[] = array((int) $item->getValue('time') * 1000, (double) $item->getValue('value'));
}
return $Output;
}
public function track($source, $args = null)
{
$sales = Evil_Structure::getComposite('transfer');
$sales->where('src', '=', $source);
$filteredByType = $sales->data('type');
$filteredByType = array_keys($filteredByType, 'billSale');
$filteredByPayed = $sales->data('isPayed');
$filteredByPayed = array_keys($filteredByPayed, Score_Money_Core::PAYED);
$sales->load(array_intersect($filteredByPayed, $filteredByType));
$sum = 0;
$sales = $sales->data();
foreach ($sales as $sale) {
$sum += $sale['sum'];
}
return $sum;
}
/**
* @description show all comments for current object
* @param array $params
* @param object $table
* @param object $config
* @param object $controller
* @return object|array
* @author Se#
* @version 0.0.1
*/
public function _actionDefault($justFetch = false)
{
$params = self::$_info['params'];
$table = self::$_info['table'];
$controller = self::$_info['controller'];
$object = Evil_Structure::getObject('comment');
if (!$justFetch) {
$controller->view->headLink()->appendStylesheet($controller->view->baseUrl() . '/css/comments.css');
}
if (!isset($params['id'])) {
$controller->_redirect('/');
}
$db = Zend_Registry::get('db');
$controller->view->comments = $db->fetchAll($db->select()->from(Evil_DB::scope2table('comment'))->where('objectId=?', $params['id'])->where('objectTable=?', Evil_DB::scope2table($params['controller'])));
$objectData = $table->fetchRow($table->select()->from($table)->where('id=?', $params['id']));
$this->_commentsForm($justFetch, $objectData);
return $objectData;
}
public function doAuth($controller)
{
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="Login"');
header('HTTP/1.0 401 Unauthorized');
exit;
} else {
$user = Evil_Structure::getObject('user');
$user->where('nickname', '=', $_SERVER['PHP_AUTH_USER']);
if ($user->load()) {
if ($user->getValue('password') == md5($_SERVER['PHP_AUTH_PW'])) {
return $user->getId();
} else {
throw new Exception('Password Incorrect');
}
} else {
throw new Exception('Unknown user');
}
}
}
/**
* @description do auth (:
* @throws Evil_Exception|Exception
* @param $controller
* @param array $login
* @param array $password
* @param string $tableName
* @return int
* @author BreathLess, Se#
* @version 0.0.2
* @changeLog
* 0.0.2 login and password variabled, tableName is dynamic
*/
public function doAuth($controller, $login = array(), $password = array(), $formConfig = array(), $tableName = 'user')
{
// Support custom views for auth form
$config = Zend_Registry::get('config');
$config = is_object($config) ? $config->toArray() : $config;
if (isset($config['evil']['auth']['native']['view']) && !empty($config['evil']['auth']['native']['view'])) {
return $this->_doCustomAuth($controller, $config['evil']['auth']['native']['view']);
} else {
if (empty($formConfig)) {
$form = new Evil_Auth_Form_Native();
} else {
$form = new Zend_Form($formConfig);
}
$controller->view->form = $form;
if ($controller->getRequest()->isPost()) {
if ($form->isValid($_POST)) {
$data = $form->getValues();
$login = empty($login) ? array('field' => 'nickname', 'value' => 'username') : $login;
$password = empty($password) ? array('field' => 'password', 'value' => 'password') : $password;
if (!isset($data[$login['value']]) || !isset($data[$password['value']])) {
throw new Exception(' Missed "' . $login['value'] . '" or "' . $password['value'] . '" field');
}
$user = Evil_Structure::getObject($tableName);
$user->where($login['field'], '=', $data[$login['value']]);
if ($user->load()) {
if ($user->getValue($password['field']) == md5($data[$password['value']])) {
return $user->getId();
} else {
throw new Evil_Exception('Password Incorrect', 4042);
}
} else {
throw new Evil_Exception('Unknown user', 4044);
}
}
}
}
return -1;
}
public function doAuth($controller)
{
if (!isset($_SERVER['PHP_AUTH_USER'])) {
$realm = 'SCORE';
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Digest realm="' . $realm . '",qop="auth",nonce="' . uniqid() . '",opaque="' . md5($realm) . '"');
exit;
} else {
if ($data = $this->_http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) {
$user = Evil_Structure::getObject('user');
$user->where('nickname', '=', $data['username']);
if ($user->load()) {
$A1 = md5($data['username'] . ':' . $realm . ':' . $user->getValue('password'));
$A2 = md5($_SERVER['REQUEST_METHOD'] . ':' . $data['uri']);
$valid_response = md5($A1 . ':' . $data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $A2);
if ($data['response'] == $valid_response) {
return $user->getId();
}
} else {
throw new Exception('Unknown user');
}
}
}
}
/**
* @todo make more normal name
* Unauth user
* @param Zend_Controller_Action $controller
*/
public function doUnAuth($controller)
{
$uid = Zend_Registry::get('userid');
// var_dump($uid);
if (!isset($uid)) {
return -1;
}
$evilUser = Evil_Structure::getObject('user');
$evilUser->where('id', '=', $uid);
if (!$evilUser->load()) {
return -1;
}
$key = $evilUser->getValue('password');
$login = $evilUser->getValue('nickname');
// var_dump($key, $login);
if (!empty($key) && !empty($login)) {
$call = array('service' => 'Auth', 'method' => 'keyBreak', 'data' => array('key' => $key));
$result = $this->_makeSOACall($call);
// FIXME if result is not Success must we remove row from users?
// if (isset($result['result'][0])
// && $result['result'][0] == 'Success')
// {}
// Note method erase do not return status of erase operation
$evilUser->erase();
return $evilUser->getId();
}
return -1;
}
public function load($ids = null)
{
$data = array();
if ($ids !== null) {
$this->_ids = $ids;
}
$this->_items = array();
$this->_data = array();
$ids = (array) $this->_ids;
foreach ($ids as &$id) {
// Se#: WTF?
$id = '"' . $id . '"';
}
// old-school
// die('`id` IN (' . implode (',', $ids) . ')');
$fixedRows = $this->_fixed->fetchAll($this->_fixed->select()->from($this->_fixed)->where('`id` IN (' . implode(',', $ids) . ')'));
$fluidRows = $this->_fluid->fetchAll($this->_fluid->select()->from($this->_fluid)->where('`i` IN (' . implode(',', $ids) . ')'));
$fluidRows = $fluidRows->toArray();
$fixedRows = $fixedRows->toArray();
foreach ($fluidRows as $row) {
$data[$row['i']][$row['k']] = $row['v'];
}
foreach ($fixedRows as $row) {
$data[$row['id']] = array_merge($data[$row['id']], $row);
}
foreach ($data as $id => $data) {
$this->_items[$id] = Evil_Structure::getObject($this->_type, $id, $data);
}
}
/**
*
* @param string $key
* @throws Evil_Exception
* return userID on success
*/
public function verifyAPIKey($key)
{
$ticket = Evil_Structure::getObject('ticket', $key);
if ($ticket->load()) {
$userId = $ticket->getValue('user');
Zend_Registry::set('userid', $userId);
$this->attach($userId);
$this->register();
return $userId;
} else {
return false;
}
}
