function Q_response_notices() { $result = ""; $notices = Q_Response::getNotices(); // Get any notices that we should know about if (!empty($notices)) { $result .= "<ul class='Q_notices'>"; foreach ($notices as $k => $n) { $key = Q_Html::text($k); $result .= "<li data-key='{$key}'>{$n}</li>\n"; } $result .= "</ul>"; } // Get any errors that we should display $errors = Q_Response::getErrors(); if (!empty($errors)) { $result .= "<ul class='Q_errors'>"; foreach ($errors as $e) { $field = ''; if ($e instanceof Q_Exception and $fields = $e->inputFields()) { $field .= '<div class="Q_field_name">' . Q_Html::text(reset($fields)) . '</div>'; } $result .= "<li>" . $e->getMessage() . "{$field}</li>"; } $result .= "</ul>"; } return $result ? "<div id='notices'>{$result}</div>" : ''; }
/** * We are going to implement a subset of the OAuth 1.0a functionality for now, * and later we can expand it to match the full OAuth specification. */ function Users_authorize_response() { if (Q_Response::getErrors()) { Q_Dispatcher::showErrors(); } $response_type = 'token'; $token_type = 'bearer'; $client_id = $_REQUEST['client_id']; $state = $_REQUEST['state']; $skip = Q::ifset($_REQUEST, 'skip', false); $scope = Users_OAuth::requestedScope(true, $scopes); $client = Users_User::fetch($client_id, true); if (!$client) { throw new Q_Exception_MissingRow(array('table' => 'client user', 'criteria' => "id = '{$client_id}'"), 'client_id'); } if (empty($client->url)) { throw new Q_Exception("Client app needs to register url", 'client_id'); } $redirect_uri = Q::ifset($_REQUEST, 'redirect_uri', $client->url); $user = Users::loggedInUser(); $oa = null; if (isset(Users::$cache['oAuth'])) { $oa = Users::$cache['oAuth']; } else { if ($user) { $oa = new Users_OAuth(); $oa->client_id = $client_id; $oa->userId = $user->id; $oa->state = $state; $oa = $oa->retrieve(); } } $remaining = $scope; if ($oa and $oa->wasRetrieved()) { // User is logged in and already has a token for this client_id and state $paths = Q_Config::get('Users', 'authorize', 'clients', Q::app(), 'redirectPaths', false); $path = substr($redirect_uri, strlen($client->url) + 1); $p = array('response_type' => $response_type, 'token_type' => $token_type, 'access_token' => $oa->access_token, 'expires_in' => $oa->token_expires_seconds, 'scope' => implode(' ', $scope), 'state' => $oa->state); $p = Q_Utils::sign($p, 'Q.Users.oAuth'); // the redirect uri could be a native app url scheme $s = strpos($redirect_uri, '#') === false ? '#' : '&'; $redirect_uri = Q_Uri::from($redirect_uri . $s . http_build_query($p), false)->toUrl(); if (!Q::startsWith($redirect_uri, $client->url) or is_array($paths) and !in_array($path, $paths)) { throw new Users_Exception_Redirect(array('uri' => $redirect_uri)); } Q_Response::redirect($redirect_uri); return false; } $terms_label = Users::termsLabel('authorize'); Q_Response::setScriptData('Q.Users.authorize', compact('client_id', 'redirect_uri', 'scope', 'scopes', 'remaining', 'state', 'response_type', 'skip')); $content = Q::view('Users/content/authorize.php', compact('client', 'user', 'redirect_uri', 'scope', 'scopes', 'remaining', 'state', 'terms_label', 'response_type', 'skip')); Q_Response::setSlot('content', $content); Q_Response::setSlot('column0', $content); return true; }
function Q_response_errors() { $errors = Q_Response::getErrors(); if (empty($errors)) { return ''; } $result = "<ul class='Q_errors'>"; foreach ($errors as $e) { $result .= "<li>" . $e->getMessage() . "</li>"; } $result .= "</ul>"; return $result; }
/** * We are going to implement a subset of the OAuth 1.0a functionality for now, * and later we can expand it to match the full OAuth specification. */ function Users_authorize_response() { if (Q_Response::getErrors()) { Q_Dispatcher::showErrors(); } $client_id = $_REQUEST['client_id']; $redirect_url = $_REQUEST['redirect_uri']; $state = $_REQUEST['state']; $client = Users_User::fetch($client_id); if (!$client) { throw new Q_Exception_MissingRow(array('table' => 'user', 'criteria' => "id = '{$client_id}'"), 'client_id'); } if (empty($client->url)) { throw new Q_Exception("Client app needs to register url", 'client_id'); } if (substr($redirect_url, 0, strlen($client->url)) !== $client->url) { throw new Q_Exception_WrongValue(array('field' => 'redirect_uri', 'range' => "a url prefixed by client user's url")); } $user = Users::loggedInUser(); $oa = null; if (isset(Users::$cache['oAuth'])) { $oa = Users::$cache['oAuth']; } else { if ($user) { $oa = new Users_OAuth(); $oa->client_id = $client_id; $oa->userId = $user->id; $oa->state = $state; $oa->retrieve(); } } if ($oa and $oa->wasRetrieved()) { // User is logged in and already has a token for this client_id and state $separator = strpos($redirect_url, '?') === false ? '?' : '&'; $url = $redirect_url . $separator . http_build_query(array('access_token' => $oa->access_token, 'token_type' => 'bearer', 'expires_in' => $oa->token_expires_seconds, 'scope' => 'user', 'state' => $oa->state)); Q_Response::redirect(Q_Uri::from($url, false)); return false; } $terms_label = Users::termsLabel('authorize'); $content = Q::view('Users/content/authorize.php', compact('client', 'redirect_url', 'user', 'state', 'terms_label')); Q_Response::setSlot('content', $content); Q_Response::setSlot('column0', $content); return true; }
function Streams_basic_validate() { Q_Valid::nonce(true); if (Q_Request::method() !== 'POST') { return; } $fields = array('firstName' => 'First name', 'lastName' => 'Last name', 'gender' => 'Gender', 'birthday_month' => 'Month', 'birthday_day' => 'Day', 'birthday_year' => 'Year'); if (isset($_REQUEST['fullName'])) { $length_min = Q_Config::get('Streams', 'inputs', 'fullName', 'lengthMin', 5); $length_max = Q_Config::get('Streams', 'inputs', 'fullName', 'lengthMax', 30); if (strlen($_REQUEST['fullName']) < $length_min) { Q_Response::addError(new Q_Exception("Your full name can't be that short.", 'fullName')); } if (strlen($_REQUEST['fullName']) > $length_max) { Q_Response::addError(new Q_Exception("Your full name can't be that long.", 'fullName')); } } if (Q_Response::getErrors()) { return; } if (!empty($_REQUEST['birthday_month']) or !empty($_REQUEST['birthday_day']) or !empty($_REQUEST['birthday_year'])) { foreach (array('birthday_month', 'birthday_day', 'birthday_year') as $field) { if (empty($_REQUEST[$field]) or !trim($_REQUEST[$field])) { throw new Q_Exception_RequiredField(compact('field'), $field); } } if (!checkdate($_REQUEST['birthday_month'], $_REQUEST['birthday_day'], $_REQUEST['birthday_year'])) { Q_Response::addError(new Q_Exception("Not a valid date", "birthday_day")); } if ($_REQUEST['birthday_year'] > date('Y') - 13) { // compliance with COPPA Q_Response::addError(new Q_Exception("You're still a kid.", "birthday_year")); } if ($_REQUEST['birthday_year'] < date('Y') - 100) { Q_Response::addError(new Q_Exception("A world record? Really?", "birthday_year")); } } if (!empty($_REQUEST['gender'])) { if (!in_array($_REQUEST['gender'], array('male', 'female'))) { Q_Response::addError(new Q_Exception("Please enter male or female", "gender")); } } }
/** * @method errors * @static * @protected * @param {Exception} $exception * @param {string} $module * @param {string} [$partial_response=null] */ protected static function errors($exception, $module, $partial_response = null) { self::$errors_occurred = true; $response_started = self::$response_started; $errors = Q_Response::getErrors(); Q::$toolWasRendered = array(); try { if (self::$handling_errors) { // We need to handle errors, but we // have already tried to do it. // Just show the errors view. Q::event('Q/errors/native', compact('errors', 'exception', 'partial_response', 'response_started')); return; } self::$handling_errors = true; if (Q::canHandle("{$module}/errors")) { /** * @event $module/errors * @param {Exception} exception * @param {string} module * @param {string} partial_response */ Q::event("{$module}/errors", compact('errors', 'exception', 'partial_response', 'response_started')); } else { /** * @event Q/errors * @param {Exception} exception * @param {string} module * @param {string} partial_response */ Q::event("Q/errors", compact('errors', 'exception', 'partial_response', 'response_started')); } } catch (Exception $e) { Q_Exception::rethrow($e, ''); // may be for forwarding /** * @event Q/exception * @param {Exception} exception */ Q::event('Q/exception', compact('exception')); // the original exception } }
/** * The default implementation. */ function Q_errors($params) { extract($params); /** * @var Exception $exception * @var boolean $startedResponse */ if (!empty($exception)) { Q_Response::addError($exception); } $errors = Q_Response::getErrors(); $errors_array = Q_Exception::toArray($errors); // Simply return the errors, if this was an AJAX request if ($is_ajax = Q_Request::isAjax()) { try { $errors_json = @Q::json_encode($errors_array); } catch (Exception $e) { $errors_array = array_slice($errors_array, 0, 1); unset($errors_array[0]['trace']); $errors_json = @Q::json_encode($errors_array); } $json = "{\"errors\": {$errors_json}}"; $callback = Q_Request::callback(); switch (strtolower($is_ajax)) { case 'iframe': if (!Q_Response::$batch) { header("Content-type: text/html"); } echo <<<EOT <!doctype html><html lang=en> <head><meta charset=utf-8><title>Q Result</title></head> <body> <script type="text/javascript"> window.result = function () { return {$json} }; </script> </body> </html> EOT; break; case 'json': default: header("Content-type: " . ($callback ? "application/javascript" : "application/json")); echo $callback ? "{$callback}({$json})" : $json; } return; } // Forward internally, if it was requested if ($onErrors = Q_Request::special('onErrors', null)) { $uri1 = Q_Dispatcher::uri(); $uri2 = Q_Uri::from($onErrors); $url2 = $uri2->toUrl(); if (!isset($uri2)) { throw new Q_Exception_WrongValue(array('field' => 'onErrors', 'range' => 'an internal URI reachable from a URL')); } if ($uri1->toUrl() !== $url2) { Q_Dispatcher::forward($uri2); return; // we don't really need this, but it's here anyway } } $params2 = compact('errors', 'exception', 'errors_array', 'exception_array'); if (Q::eventStack('Q/response')) { // Errors happened while rendering response. Just render errors view. return Q::view('Q/errors.php', $params2); } if (!$startedResponse) { try { // Try rendering the response, expecting it to // display the errors along with the rest. $ob = new Q_OutputBuffer(); Q::event('Q/response', $params2); $ob->endFlush(); return; } catch (Exception $e) { if (get_class($e) === 'Q_Exception_DispatcherForward') { throw $e; // if forwarding was requested, do it // for all other errors, continue trying other things } $output = $ob->getClean(); } } if ($errors) { // Try rendering the app's errors response, if any. $app = Q::app(); if (Q::canHandle("{$app}/errors/response/content")) { Q_Dispatcher::forward("{$app}/errors"); } else { echo Q::view("Q/errors.php", compact('errors')); } } if (!empty($e)) { return Q::event('Q/exception', array('exception' => $e)); } }
/** * Default Q/response handler. * 1. Gets some slots, depending on what was requested. * 2. Renders them in a layout * The layout expects "title", "dashboard" and "contents" slots to be filled. */ function Q_response($params) { extract($params); /** * @var Exception $exception * @var array $errors */ if (empty($errors)) { $errors = Q_Response::getErrors(); } if (!empty($_GET['Q_ct'])) { Q_Response::setCookie('Q_ct', $_GET['Q_ct']); } // If output is set, use that $output = Q_Response::output(); if (isset($output)) { if ($output === true) { return; } if (is_string($output)) { echo $output; } return; } // Redirect to success page, if requested. $isAjax = Q_Request::isAjax(); if (empty($errors) and empty($exception)) { if (!$isAjax and null !== Q_Request::special('onSuccess', null)) { $onSuccess = Q_Request::special('onSuccess', null); if (Q_Config::get('Q', 'response', 'onSuccessShowFrom', true)) { $onSuccess = Q_Uri::url($onSuccess . '?Q.fromSuccess=' . Q_Dispatcher::uri()); } Q_Response::redirect($onSuccess); return; } } // Get the requested module $uri = Q_Dispatcher::uri(); if (!isset($module)) { $module = $uri->module; if (!isset($module)) { $module = 'Q'; Q_Dispatcher::uri()->module = 'Q'; } } if (!$isAjax || Q_Request::isLoadExtras()) { Q::event('Q/responseExtras', array(), 'before'); } // Get the main module (the app) $app = Q_Config::expect('Q', 'app'); $action = $uri->action; if (Q::canHandle("{$module}/{$action}/response")) { if (false === Q::event("{$module}/{$action}/response") and !$isAjax) { return; } } $slotNames = Q_Request::slotNames(true); $idPrefixes = array(); if ($temp = Q_Request::special('idPrefixes', null)) { foreach (explode(',', $temp) as $i => $prefix) { if (!isset($slotNames[$i])) { throw new Q_Exception("More id prefixes than slot names", "Q.idPrefixes"); } $idPrefixes[$slotNames[$i]] = $prefix; } } // What to do if this is an AJAX request if ($isAjax) { $to_encode = array(); if (Q_Response::$redirected) { // We already called Q_Response::redirect $to_encode['redirect']['url'] = Q_Uri::url(Q_Response::$redirected); try { $to_encode['redirect']['uri'] = Q_Uri::from(Q_Response::$redirected)->toArray(); } catch (Exception $e) { // couldn't get internal URI } } else { if (is_array($slotNames)) { foreach ($slotNames as $slotName) { Q_Response::fillSlot($slotName, 'default', Q::ifset($idPrefixes, $slotName, null)); } // Go through the slots again, because other handlers may have overwritten // their contents using Q_Response::setSlot() foreach ($slotNames as $sn) { Q_Response::fillSlot($sn, 'default', Q::ifset($idPrefixes, $slotName, null)); } if (Q_Response::$redirected) { // While rendering the slots we called Q_Redirect $to_encode['redirect']['url'] = Q_Uri::url(Q_Response::$redirected); try { $to_encode['redirect']['uri'] = Q_Uri::from(Q_Response::$redirected)->toArray(); } catch (Exception $e) { // couldn't get internal URI } } else { if (Q_Request::isLoadExtras()) { $to_encode['slots'] = Q_Response::slots(true); // add stylesheets, stylesinline, scripts, scriptlines, scriptdata, templates foreach (array_merge(array(''), $slotNames) as $slotName) { $temp = Q_Response::stylesheetsArray($slotName); if ($temp) { $to_encode['stylesheets'][$slotName] = $temp; } $temp = Q_Response::stylesInline($slotName); if ($temp) { $to_encode['stylesInline'][$slotName] = $temp; } $temp = Q_Response::scriptsArray($slotName); if ($temp) { $to_encode['scripts'][$slotName] = $temp; } $temp = Q_Response::scriptLines($slotName, true, "\n", false); if ($temp) { $to_encode['scriptLines'][$slotName] = $temp; } $temp = Q_Response::scriptData($slotName); if ($temp) { $to_encode['scriptData'][$slotName] = $temp; } $temp = Q_Response::templateData($slotName); if ($temp) { $to_encode['templates'][$slotName] = $temp; } } } else { $to_encode['slots'] = Q_Response::slots(true); // add stylesinline, scriptlines, scriptdata, templates foreach (array_merge(array(''), $slotNames) as $slotName) { $temp = Q_Response::stylesInline($slotName); if ($temp) { $to_encode['stylesInline'][$slotName] = $temp; } $temp = Q_Response::scriptData($slotName); if ($temp) { $to_encode['scriptData'][$slotName] = $temp; } $temp = Q_Response::scriptLines($slotName, true, "\n", false); if ($temp) { $to_encode['scriptLines'][$slotName] = $temp; } } } } } } $to_encode['timestamp'] = microtime(true); $echo = Q_Request::contentToEcho(); if (isset($echo)) { $to_encode['echo'] = $echo; } $json = Q::json_encode(Q::cutoff($to_encode)); $callback = Q_Request::callback(); switch (strtolower($isAjax)) { case 'iframe': if (!Q_Response::$batch) { header("Content-type: text/html"); } echo <<<EOT <!doctype html><html lang=en> <head><meta charset=utf-8><title>Q Result</title></head> <body> <script type="text/javascript"> window.result = function () { return {$json} }; </script> </body> </html> EOT; break; case 'json': default: if (!Q_Response::$batch) { header("Content-type: " . ($callback ? "application/javascript" : "application/json")); } echo $callback ? "{$callback}({$json})" : $json; } return; } // If this is a request for a regular webpage, // fill the usual slots and render a layout. if (Q_Response::$redirected) { return; // If already set a redirect header, simply return -- no reason to output all this HTML } static $added_Q_init = false; if (!$added_Q_init) { Q_Response::addScriptLine("\n// Now, initialize Q\nQ.init();\n", null, 'Q'); $added_Q_init = true; } // Get all the usual slots for a webpage $slots = array(); foreach ($slotNames as $sn) { Q_Response::fillSlot($sn, 'default', Q::ifset($idPrefixes, $sn, null)); } // Go through the slots again, because other handlers may have overwritten // their contents using Q_Response::setSlot() foreach ($slotNames as $sn) { Q_Response::fillSlot($sn, 'default', Q::ifset($idPrefixes, $sn, null)); } $output = Q_Response::output(); if (isset($output)) { if ($output === true) { return; } if (is_string($output)) { echo $output; } return; } if (!$isAjax or Q_Request::isLoadExtras()) { Q::event('Q/responseExtras', array(), 'after'); } $slots = Q_Response::slots(false); // Render a full HTML layout $layout_view = Q_Response::layoutView(); echo Q::view($layout_view, $slots); }