Esempio n. 1
0
 /**
  * Store submitted files to storeFolder
  */
 function processSubmit($fieldName, $is_admin = true)
 {
     if (empty($_FILES[$fieldName])) {
         return false;
     }
     if (is_array($_FILES[$fieldName]['tmp_name'])) {
         $keys = array_keys($_FILES[$fieldName]['tmp_name']);
     } else {
         $keys = array(null);
     }
     foreach ($keys as $k) {
         $upload[$k] = $this->getDi()->uploadRecord;
         $upload[$k]->prefix = $this->prefix;
         $upload[$k]->admin_id = $is_admin ? Am_Di::getInstance()->authAdmin->getUserId() : null;
         $upload[$k]->user_id = $is_admin ? null : Am_Di::getInstance()->auth->getUserId();
         $upload[$k]->session_id = !$is_admin && !Am_Di::getInstance()->auth->getUserId() ? Zend_Session::getId() : null;
         $upload[$k]->setFrom_FILES($_FILES[$fieldName], $k);
     }
     foreach ($upload as $k => $file) {
         if ($f = $this->checkFileAndMove($file)) {
             $this->files[] = $f;
             if (!$is_admin && !Am_Di::getInstance()->auth->getUserId()) {
                 if (!isset($this->getDi()->session->uploadNeedBind)) {
                     $this->getDi()->session->uploadNeedBind = array();
                 }
                 $this->getDi()->session->uploadNeedBind[] = $f->pk();
             }
         }
     }
     return $this;
 }
Esempio n. 2
0
 protected function _getMainSection()
 {
     try {
         $args = array(Sitengine_Env::PARAM_GREATANCESTORID => $this->_controller->getEntity()->getGreatAncestorSlug(), Sitengine_Env::PARAM_ANCESTORID => $this->_controller->getEntity()->getAncestorId());
         $query = array(Sitengine_Env::PARAM_SESSIONID => Zend_Session::getId());
         $route = $this->_controller->getFrontController()->getRouter()->getRoute(Sitengine_Blog_Frontend_Front::ROUTE_BLOGS_POSTS_FILES_UPLOAD);
         $submitUri = $this->_controller->getRequest()->getBasePath() . '/' . $route->assemble($args, true);
         $submitUri .= Sitengine_Controller_Request_Http::makeNameValueQuery($query);
         require_once $this->_controller->getEnv()->getContribDir() . '/FlexUpload/class.flexupload.inc.php';
         $flex = new FlexUpload($submitUri);
         $flex->setWidth('100%');
         #$flex->setHeight('100%');
         $flex->setMaxFiles(20);
         $flex->setMaxFileSize(15 * 1024 * 1024);
         $type = $this->_controller->getEntity()->getAncestorType();
         if ($type == Sitengine_Blog_Posts_Table::TYPE_GALLERY) {
             $types = '*.gif;*.jpg;*.jpeg';
         } else {
             $types = '*.zip;*.mp3;*.wav;*.gif;*.jpg;*.jpeg;*.pdf;*.doc;*.xls';
         }
         $flex->setFileExtensions($types);
         $flex->setPathToSWF($this->_controller->getEnv()->getContribRequestDir() . '/FlexUpload/');
         $flex->setPathToSWFObject($this->_controller->getEnv()->getContribRequestDir() . '/FlexUpload/js/');
         $flex->setLocale($this->_controller->getEnv()->getContribRequestDir() . '/FlexUpload/locale/en.xml');
         return array('flex' => $flex->getHTML());
     } catch (Exception $exception) {
         require_once 'Sitengine/Blog/Frontend/Blogs/Posts/Files/Exception.php';
         throw new Sitengine_Blog_Frontend_Blogs_Posts_Files_Exception('form page error', $exception);
     }
 }
Esempio n. 3
0
 public function log($entityId, $entityTable, $message = null, $preChangedData)
 {
     /*
     fields in mst_user_log table
     ----------------------------
     id
     user_id
     entity_table
     entity_id
     module_name
     controller_name
     action_name
     timestamp
     message
     variables
     session_id
     ip
     */
     $auth = Zend_Auth::getInstance();
     $userid = 0;
     //System user
     if ($auth->hasIdentity()) {
         $authArray = $auth->getIdentity();
         $userid = $authArray['user_id'];
     }
     $module_name = Zend_Controller_Front::getInstance()->getRequest()->getModuleName();
     $controller_name = Zend_Controller_Front::getInstance()->getRequest()->getControllerName();
     $action_name = Zend_Controller_Front::getInstance()->getRequest()->getActionName();
     $session_id = Zend_Session::getId();
     $ip = Zend_Controller_Front::getInstance()->getRequest()->getServer('REMOTE_ADDR');
     $table = new Application_Model_DbTable_MstUserLog();
     $data = array('user_id' => $userid, 'entity_table' => $entityTable, 'entity_id' => $entityId, 'module_name' => $module_name, 'controller_name' => $controller_name, 'action_name' => $action_name, 'timestamp' => date('Y-m-d H:i:s'), 'message' => $message, 'variables' => $preChangedData, 'session_id' => $session_id, 'ip' => $ip);
     $table->insert($data);
 }
 /**
  *Upload File
  *
  */
 public function uploadAction()
 {
     $this->_loadParams();
     $dir = $this->_fields[$this->_request->getParam('field_id')]['params']['dir'];
     if (!Zend_Session::sessionExists() || !Zend_Session::isStarted()) {
         Zend_Session::start();
     }
     $uniqueName = Zend_Session::getId();
     $this->_genericFileHelper->createFieldDir($dir . DIRECTORY_SEPARATOR . stripcslashes($uniqueName), true);
     $destination = $dir . DIRECTORY_SEPARATOR . stripcslashes($uniqueName);
     $uploadSettings = $this->getParams($this->_request->getParam('field_id'));
     if (!isset($uploadSettings)) {
         //do something bcs there is no file types
     }
     $uploadSettings = array_merge($uploadSettings, array('dir' => $destination, 'field' => $this->_request->getParam('field_id')));
     $result = $this->_genericFileHelper->upload($uploadSettings);
     if ($result === false) {
         $result = array('success' => false, 'files' => array());
         $lastError = $this->_genericFileHelper->getLastErrorMessage();
         if ($lastError != '') {
             $result['error'] = $this->translate($lastError);
         }
         echo json_encode($result);
     } else {
         $result = array('success' => true, 'files' => array($result), 'path' => $result['path']);
         $lastError = $this->_genericFileHelper->getLastErrorMessage();
         if ($lastError != '') {
             $result['error'] = $this->translate($lastError);
         }
         echo json_encode($result);
     }
     die;
 }
Esempio n. 5
0
 protected function _getMainSection()
 {
     try {
         $args = array(Sitengine_Env::PARAM_ANCESTORID => $this->_controller->getEntity()->getAncestorId());
         $query = array(Sitengine_Env::PARAM_SESSIONID => Zend_Session::getId());
         $route = $this->_controller->getFrontController()->getRouter()->getRoute(Sitengine_Newsletter_Backend_Front::ROUTE_CAMPAIGNS_ATTACHMENTS_UPLOAD);
         $submitUri = $this->_controller->getRequest()->getBasePath() . '/' . $route->assemble($args, true);
         $submitUri .= Sitengine_Controller_Request_Http::makeNameValueQuery($query);
         #print $submitUri;
         require_once $this->_controller->getEnv()->getContribDir() . '/FlexUpload/class.flexupload.inc.php';
         $flex = new FlexUpload($submitUri);
         $flex->setWidth('100%');
         #$flex->setHeight('100%');
         $flex->setMaxFiles(20);
         $flex->setMaxFileSize(100 * 1024 * 1024);
         $flex->setFileExtensions('*.zip;*.mp3;*.wav;*.gif;*.jpg;*.jpeg;*.pdf;*.doc;*.xls');
         $flex->setPathToSWF($this->_controller->getEnv()->getContribRequestDir() . '/FlexUpload/');
         $flex->setPathToSWFObject($this->_controller->getEnv()->getContribRequestDir() . '/FlexUpload/js/');
         $flex->setLocale($this->_controller->getEnv()->getContribRequestDir() . '/FlexUpload/locale/en.xml');
         return array('flex' => $flex->getHTML());
     } catch (Exception $exception) {
         require_once 'Sitengine/Newsletter/Backend/Campaigns/Attachments/Exception.php';
         throw new Sitengine_Newsletter_Backend_Campaigns_Attachments_Exception('form page error', $exception);
     }
 }
 /**
  * Route shutdown hook -- Check for router exceptions
  *
  * @param Zend_Controller_Request_Abstract $request
  */
 public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request)
 {
     try {
         // Avoid error override! :S
         if (count($this->getResponse()->getException())) {
             return;
         }
         $auth = Zend_Auth::getInstance();
         if (!$auth->hasIdentity()) {
             $this->_forceLogout($request, "No session");
             return;
         }
         $sessionId = Zend_Session::getId();
         $sessMapper = Application\Model\Mapper\SessionMapper::getInstance();
         $session = $sessMapper->findOneById($sessionId);
         if (!$session) {
             return;
         }
         if (isset($session['logout'])) {
             $this->_forceLogout($request, isset($session['logout']['message']) ? $session['logout']['message'] : "External logout", isset($session['logout']['code']) ? $session['logout']['code'] : PermissionCodes::AUTH_ANOTHER_SESSION_STARTED);
             return;
         }
     } catch (Exception $exc) {
         \App::log()->err("MESSAGE BROADCAST: " . $exc->getMessage());
         $this->_forceLogout($request, "Unexpected fatal error: " . $exc->getMessage(), 500);
         return;
     }
 }
Esempio n. 7
0
 public function init()
 {
     $this->bootstrap = $this->getInvokeArg('bootstrap');
     $this->options = $this->bootstrap->getOptions();
     $this->_host = $this->_request->getServer('HTTP_HOST');
     if (Zend_Session::sessionExists()) {
         if (!$this->session) {
             $singleton = !empty($this->options['unittest']) ? false : true;
             $this->session = new Zend_Session_Namespace(self::SESSION_NAMESPACE, $singleton);
         }
         $this->_sessionId = Zend_Session::getId();
         do {
             // 登陆信息验证
             $names = $this->options['cookies'];
             if (!isset($this->session->auth) || !$this->_request->getCookie($names['username'])) {
                 break;
             }
             //var_dump($this->_request->getCookie($names['email']));exit();
             if ($this->session->auth['username'] != $this->_request->getCookie($names['username'])) {
                 break;
             }
             $this->session->auth['lasttime'] = time();
             $this->_user = Tudu_User::getInstance();
             $this->_user->init($this->session->auth);
         } while (false);
     } else {
         $authId = $this->_request->getCookie($this->options['cookies']['auth']);
         if (!empty($authId)) {
             $referer = PROTOCOL . '//' . $this->_request->getServer('HTTP_HOST') . '/frame';
             return $this->_redirect($this->options['sites']['www'] . '/login/auto?referer=' . urlencode($referer));
         }
     }
 }
Esempio n. 8
0
 public function calculationSettingsChangeAction()
 {
     $this->getHelper('viewRenderer')->setNoRender();
     $request = $this->getRequest();
     if ($request->isPost()) {
         $post = $request->getPost();
         if (!isset($post['changeSet']) || empty($post['changeSet'])) {
             $this->ajaxException("Nieprawidłowa wartość parametrów");
             return;
         } else {
             $data = Zend_Json::decode($post['changeSet']);
             for ($i = 0; $i < $data['formsCount']; $i++) {
                 $form = $data[$i];
                 if (count($form['changes']) == 0) {
                     Logic_FormsTracker::invalidate(Zend_Session::getId() . '_' . $form['trackingName'], Zend_Auth::getInstance()->getIdentity()->id);
                 } else {
                     Logic_FormsTracker::store(Zend_Session::getId(), $form['trackingName'], $form['changes']);
                 }
             }
             echo Zend_Json::encode(array('result' => 'success', 'message' => 'ok'));
         }
     } else {
         $this->ajaxException("Bad request");
         return;
     }
 }
 public function loginAction()
 {
     //$this->_helper->layout->disableLayout();
     $this->_helper->layout()->setLayout('layout-front');
     $r = $this->getRequest();
     //$returnTo = $r->getParam('returnTo');
     //$this->view->returnTo = urlencode($returnTo);
     if ($r->isPost()) {
         $returnTo = $r->getParam('returnTo');
         $this->view->returnTo = $returnTo;
         Zend_Session::start();
         $username = $r->getParam('username');
         $password = $r->getParam('password');
         $authAdapterFactory = new Kutu_Auth_Adapter_Factory();
         $authAdapter = $authAdapterFactory->getAdapter();
         $authAdapter->setIdentity($username)->setCredential($password);
         $auth = Zend_Auth::getInstance();
         $authResult = $auth->authenticate($authAdapter);
         if ($authResult->isValid()) {
             Zend_Session::regenerateId();
             // success : store database row to auth's storage
             $data = $authAdapter->getResultRowObject();
             $auth->getStorage()->write($data);
             if (strpos($returnTo, '?')) {
                 $sAddition = '&';
             } else {
                 $sAddition = '?';
             }
             header("location: " . $returnTo . $sAddition . "PHPSESSID=" . Zend_Session::getId());
         } else {
             if ($authResult->getCode() != -51) {
                 // failure : clear database row from session
                 Zend_Auth::getInstance()->clearIdentity();
             }
             $this->view->errorMessage = "Login GAGAL";
         }
     } else {
         Zend_Session::start();
         $returnTo = $r->getParam('returnTo');
         if (!empty($returnTo)) {
             $returnTo = urldecode($returnTo);
             $this->view->returnTo = $returnTo;
         } else {
             $returnTo = KUTU_ROOT_URL . '/identity/account';
             $this->view->returnTo = $returnTo;
         }
         //check sudah login belum
         $auth = Zend_Auth::getInstance();
         if ($auth->hasIdentity()) {
             //echo "punya identitas";
             if (strpos($returnTo, '?')) {
                 $sAddition = '&';
             } else {
                 $sAddition = '?';
             }
             header("location: " . $returnTo . $sAddition . "PHPSESSID=" . Zend_Session::getId());
         }
     }
 }
Esempio n. 10
0
 public function indexAction()
 {
     $registry = Zend_Registry::getInstance();
     $auth = Zend_Auth::getInstance();
     $config = $registry->get("config");
     $sessionConfig = $config['resources']['session'];
     Ml_Model_AntiAttack::loadRules();
     $credential = Ml_Model_Credential::getInstance();
     $logger = Ml_Model_Logger::getInstance();
     if ($auth->hasIdentity()) {
         return $this->_forward("goback");
     }
     $request = $this->getRequest();
     $form = $credential->loginForm();
     if (Ml_Model_AntiAttack::ensureHuman()) {
         $ensureHuman = true;
     } else {
         $ensureHuman = false;
     }
     if ($request->isPost()) {
         ignore_user_abort(true);
         //A way to sign in only if captcha is right. This is a workaround to
         //signout if the captcha is wrong.
         //
         //I've decided to put the sign in code in the validator itself,
         //but couldn't find a way to make the password validator
         //load after the captcha one (but to let it come first in code,
         //and that's ugly on the screen) and get a result if the
         //validation worked. Notice that it is only useful when
         //the captcha is required.
         if ($form->isValid($request->getPost())) {
             //@see below
             $session = Ml_Model_Session::getInstance();
             //rememberMe and ForgetMe already regenerates the ID
             if ($form->getElement("remember_me")->isChecked()) {
                 Zend_Session::rememberMe($sessionConfig['cookie_lifetime']);
             } else {
                 Zend_Session::ForgetMe();
             }
             $session->associate($auth->getIdentity(), Zend_Session::getId());
             $logger->log(array("action" => "login", "username" => $form->getValue("username")));
             $this->_forward("goback");
         } else {
             //@see above
             if ($auth->hasIdentity()) {
                 $auth->clearIdentity();
             }
             $logger->log(array("action" => "login_denied", "username" => $form->getValue("username")));
             $this->view->errorlogin = true;
         }
         //@end of workaround
     }
     $challenge = $form->getElement("challenge");
     //don't show missing value in the first time that asks for the captcha
     if (!$ensureHuman && is_object($challenge)) {
         $challenge->setErrorMessages(array("missingValue" => ''));
     }
     $this->view->loginform = $form;
 }
Esempio n. 11
0
 public function indexAction()
 {
     if ($this->_user->initPassword) {
         $this->jump('/frame/initpwd');
     }
     if (!isset($this->session->tips)) {
         $this->session->tips = $this->_loadTips();
     }
     $labels = $this->getLabels(null);
     if (!count($labels)) {
         // 防止新用户点入左导航为空
         $daoLabel = $this->getDao('Dao_Td_Tudu_Label');
         foreach ($this->options['tudu']['label'] as $alias => $id) {
             if (!isset($labels[$alias])) {
                 $daoLabel->createLabel(array('uniqueid' => $this->_user->uniqueId, 'labelalias' => $alias, 'labelid' => $id, 'isshow' => isset($this->_labelDefaultSetting[$alias]['isshow']) ? $this->_labelDefaultSetting[$alias]['isshow'] : 1, 'issystem' => true, 'ordernum' => $this->_labelDefaultSetting[$alias]['ordernum']));
                 $daoLabel->calculateLabel($this->_user->uniqueId, $id);
                 $reLoad = true;
             }
         }
         $labels = $this->getLabels(null);
     }
     $mailboxes = array();
     $access = array('skin' => $this->_user->getAccess()->isAllowed(Tudu_Access::PERM_CUSTOM_SKIN), 'flow' => $this->_user->getAccess()->isAllowed(Tudu_Access::PERM_CREATE_FLOW));
     // 有权限创建工作流,但仍需判断是否为版主
     if ($access['flow']) {
         $boards = $this->getBoards(true, true);
         // 若用户均不是某一板块的负责人或分区负责人,则无权限新建工作流
         if (empty($boards)) {
             $access['flow'] = false;
         }
     }
     // 没有权限创建工作流,则读取该用户是否有使用的工作流
     if (!$access['flow']) {
         $flows = $this->_getFlows();
         if (!empty($flows)) {
             $access['flow'] = true;
         }
     }
     $daoBoard = $this->getDao('Dao_Td_Board_Board');
     $boards = $daoBoard->getAttentionBoards($this->_user->orgId, $this->_user->uniqueId);
     $daoEmail = $this->getMdDao('Dao_Md_User_Email');
     $mailBoxes = $daoEmail->getEmails(array('orgid' => $this->_user->orgId, 'userid' => $this->_user->userId), null, array('ordernum' => 'DESC'));
     $upload = $this->options['upload'];
     $upload['cgi']['upload'] .= '?' . session_name() . '=' . Zend_Session::getId() . '&email=' . $this->_user->address;
     $daoOrg = $this->getMdDao('Dao_Md_Org_Org');
     $org = $daoOrg->getOrg(array('orgid' => $this->_user->orgId));
     $this->view->mailboxes = $mailBoxes->toArray();
     $this->view->upload = $upload;
     $this->view->im = $this->options['im'];
     $this->view->access = $access;
     $this->view->boards = $boards;
     $this->view->labels = $labels;
     $this->view->user = $this->_user->toArray();
     $this->view->sid = Zend_Session::getId();
     $this->view->LANG = $this->lang;
     $this->view->org = $org->toArray();
     $this->view->checklog = !empty($this->session->auth['loginlogid']);
     $this->view->registFunction('format_label', array($this, 'formatLabels'));
 }
Esempio n. 12
0
 /**
  * Login user
  *
  */
 public function kloginAction()
 {
     $this->_helper->getHelper('viewRenderer')->setNoRender();
     $this->_helper->getHelper('layout')->disableLayout();
     $response = array();
     $request = $this->getRequest();
     /**
      * Redirect to dashboard if user has logged in already
      */
     if ($request->isPost()) {
         $username = $request->getPost('u');
         $password = $request->getPost('p');
         $remember = $request->getPost('s');
         $authMan = new Pandamp_Auth_Manager($username, $password);
         $authResult = $authMan->authenticate();
         $zendAuth = Zend_Auth::getInstance();
         if ($zendAuth->hasIdentity()) {
             if ($authResult->isValid()) {
                 $returnUrl = base64_decode($request->getPost('r'));
                 if (!empty($returnUrl)) {
                     if (strpos($returnUrl, '?')) {
                         $sAddition = '&';
                     } else {
                         $sAddition = '?';
                     }
                     $data = array('success' => true, 'msg' => 'Logging in', 'message' => "{$returnUrl}" . $sAddition . "PHPSESSID=" . Zend_Session::getId());
                     Pandamp_Lib_Formater::writeLog();
                     // to help thwart session fixation/hijacking
                     // @modifiedDate 2014-09-15 17:01
                     if (isset($remember) && $remember == 'yes') {
                         /*$hol = new Pandamp_Core_Hol_Auth();
                         		$hol->user = $username;
                         		$hol->user_pw = $password;
                         		$hol->save_login = $remember;
                         		$hol->login_saver();*/
                         // remember the session for 604800s = 7 days
                         Zend_Session::rememberMe(604800);
                     } else {
                         // do not remember the session
                         // Zend_Session::forgetMe();
                     }
                     $this->_helper->FlashMessenger('Successful authentication');
                 }
             } else {
                 if ($authResult->getCode() != -51) {
                     Zend_Auth::getInstance()->clearIdentity();
                 }
                 $messages = $authResult->getMessages();
                 $data = array('error' => $messages[0], 'success' => false);
             }
         } else {
             $messages = $authResult->getMessages();
             $data = array('error' => $messages[0], 'failure' => true);
         }
     }
     $this->getResponse()->setBody(Zend_Json::encode($data));
 }
Esempio n. 13
0
 public function __construct()
 {
     $this->front = Zend_Controller_Front::getInstance();
     $this->view = Zend_Controller_Action_HelperBroker::getStaticHelper('viewRenderer')->view;
     $this->limit = (int) Zend_Registry::get('config')->get('sidebar_max_users');
     $this->model = new LobbyModel();
     $this->translator = Zend_Registry::get('Zend_Translate');
     $this->uid = Zend_Auth::getInstance()->hasIdentity() ? Zend_Session::getId() : md5('APPLICATION_PATH');
 }
Esempio n. 14
0
 /**
  * Inicía o log de Relatório
  *
  * @param string $mapperView
  * @param string $title
  * @return \Log_Context_Relatorio 
  */
 public function start($mapperView, $title)
 {
     $this->_session = Zend_Session::getId();
     if ($this->_session) {
         $idUsuario = Zend_Auth::getInstance()->getStorage()->read()->getId();
         $this->setArquivo($mapperView)->setTitulo($title)->setSessao($this->_session)->setIdUsuario($idUsuario)->setDhIniExec(ZendT_Type_Date::nowDateTime())->setImpresso('N')->insert();
     }
     return $this;
 }
Esempio n. 15
0
 /**
  * Return visitor row
  *
  * @return Zend_Db_Table_Row_Abstract
  */
 public function getVisitor()
 {
     if (!isset(Axis::session()->visitorId) || !($row = $this->find(Axis::session()->visitorId)->current())) {
         $row = $this->createRow(array('session_id' => Zend_Session::getId(), 'customer_id' => Axis::getCustomerId() ? Axis::getCustomerId() : new Zend_Db_Expr('NULL')));
         $row->save();
         Axis::session()->visitorId = $row->id;
         //unset only on logout
     }
     return $row;
 }
Esempio n. 16
0
 public function init()
 {
     $this->view->headScript()->appendFile($this->view->baseUrl('views/js/site/index.js'));
     $session_id = Zend_Session::getId();
     $modelSession = new Model_DbTable_Session();
     $modelSession->save($session_id);
     //Zend_Auth::getInstance()->clearIdentity(); Zend_Session::destroy();
     $pluginMail = new Plugin_Mail();
     //$pluginMail->send("salao-pre-cadastro.phtml", "Teste", "*****@*****.**");
 }
Esempio n. 17
0
 protected function _initSession()
 {
     Zend_Session::start(true);
     if (Zend_Session::sessionExists()) {
         $phpSettings = $this->getOption('phpSettings');
         $sessionConfig = $phpSettings['session'];
         // Prorrogando o tempo de vida do cookie ;)
         setcookie($sessionConfig['name'], Zend_Session::getId(), $sessionConfig['cookie_lifetime'] + time(), $sessionConfig['cookie_path'], $sessionConfig['cookie_domain'], $sessionConfig['cookie_secure'], $sessionConfig['cookie_httponly']);
     }
 }
Esempio n. 18
0
 public function generateAction()
 {
     $r = $this->getRequest();
     $returnUrl = base64_decode($r->getParam('returnTo'));
     if (strpos($returnUrl, '?')) {
         $sAddition = '&';
     } else {
         $sAddition = '?';
     }
     header("location: {$returnUrl}" . $sAddition . "PHPSESSID=" . Zend_Session::getId());
 }
 public function indexAction()
 {
     //$this->_helper->layout ()->disableLayout ();
     $auth = Zend_Auth::getInstance();
     $authContent = $auth->getStorage()->read();
     $authAcl = new Zend_Session_Namespace('authAcl');
     $guestID = Authz_Resource_Acl_Guest::GUEST_ID;
     if (is_array($authContent) and $authContent['identity'] != $guestID) {
         return;
     }
     $loginForm = new Auth_Form_Auth_Login($_POST);
     $authAdapter = null;
     if ($this->getRequest()->isPost() and $loginForm->isValid($_POST)) {
         $authService = 'DbTable';
         switch (strtolower($authService)) {
             case 'dbtable':
                 $db = $this->_getParam('db');
                 $authAdapter = new Zend_Auth_Adapter_DbTable($db, 'auth_user', 'user_id', 'sec_passwd');
                 $authAdapter->setIdentity($loginForm->getValue('username'));
                 $authAdapter->setCredential($loginForm->getValue('password'));
                 break;
             case 'ldap':
                 /*TODO Implement LDAP auth */
                 break;
             default:
                 throw new Zend_Exception('Unknown authentication service -> ' . $authService, Zend_Log::ALERT);
         }
         $result = Zend_Auth::getInstance()->authenticate($authAdapter);
         //$this->_helper->logger->debug ( $result );
         switch ($result->getCode()) {
             case Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND:
             case Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID:
                 break;
             case Zend_Auth_Result::SUCCESS:
                 Zend_Session::regenerateId();
                 preg_match('/[^.]+\\.[^.]+$/', $_SERVER['SERVER_NAME'], $domain);
                 setcookie(self::AUTH_SID, Zend_Session::getId(), time() + 1200, self::AUTH_PATH, ".{$domain['0']}", null, true);
                 $last = time();
                 setcookie('last', $last, null, '/', ".{$domain['0']}", null, true);
                 $lastLogin = new Zend_Session_Namespace('last');
                 $lastLogin->lastLogin = $last;
                 $lastLogin->setExpirationHops(1, null, 1);
                 $authAcl = new Zend_Session_Namespace('authAcl');
                 $authAcl->authId = $loginForm->getValue('username');
                 $this->_helper->redirector('index', 'index');
                 return;
             default:
                 /** do stuff for other failure **/
                 break;
         }
     }
     $this->view->form = $loginForm;
 }
Esempio n. 20
0
 function loadWidget3($widgetUrl)
 {
     Zend_Loader::loadClass('Zend_Http_Client');
     Zend_Loader::loadClass('Zend_Session');
     $client = new Zend_Http_Client($widgetUrl, array('keepalive' => true));
     //$_SESSION['testaja'] = 'testaja';
     $client->setUri($widgetUrl);
     $client->setParameterGet(array('PHPSESSID' => Zend_Session::getId()));
     $userAgent = $_SERVER['HTTP_USER_AGENT'];
     $client->setHeaders("User-Agent: {$userAgent}");
     $response = $client->request(Zend_Http_Client::GET);
     return $response->getBody();
 }
Esempio n. 21
0
 public function onSuccess()
 {
     $user = $this->getUser();
     if ($user && $user->last_session != Zend_Session::getId()) {
         $ip = $this->getDi()->request->getClientIp();
         $user->last_ip = preg_replace('/[^0-9.]+/', '', $ip);
         $user->last_login = $this->getDi()->sqlDateTime;
         $user->last_session = Zend_Session::getId();
         $user->updateSelectedFields(array('last_ip', 'last_login', 'last_session'));
     }
     $this->getDi()->adminLogTable->log('Logged in');
     $this->session->setExpirationSeconds(3600 * 2);
 }
Esempio n. 22
0
 /**
  * Obtain the session token
  *
  * @return string
  */
 public function getSessionToken()
 {
     if (NULL === $this->_sessionToken) {
         // Resource option?
         $opt = $this->getOptions('sessionToken');
         if ($opt) {
             $this->_sessionToken = $opt;
         } else {
             $this->_sessionToken = crc32(self::SALT . Zend_Session::getId());
             $this->_sessionToken = base_convert($this->_sessionToken, 10, 36);
         }
     }
     return $this->_sessionToken;
 }
Esempio n. 23
0
 public function startAction()
 {
     $saveHandlerManager = new Kutu_Session_SaveHandler_Manager();
     $saveHandlerManager->setSaveHandler();
     Zend_Session::start();
     $r = $this->getRequest();
     $returnUrl = urldecode($r->getParam('returnTo'));
     if (strpos($returnUrl, '?')) {
         $sAddition = '&';
     } else {
         $sAddition = '?';
     }
     header("location: {$returnUrl}" . $sAddition . "PHPSESSID=" . Zend_Session::getId());
 }
Esempio n. 24
0
 public function isValid($ignoreValue)
 {
     //Warning:
     //$ignoreValue is not used because it's valid always
     //due to unusual behavior of the Ml_Filter_MagicCookies filter
     //this had to be done this way in this specific case
     $value = filter_input(INPUT_POST, Ml_Model_MagicCookies::hash_name, FILTER_UNSAFE_RAW);
     if (isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['HTTP_REFERER'])) {
         $referer = Zend_Uri::factory($_SERVER['HTTP_REFERER']);
         if (!in_array($referer->getHost(), $this->_options['allowed_referer_hosts'])) {
             $this->_error(self::MSG_REFERER_HOST_INVALID);
             return false;
         }
     }
     $last = Ml_Model_MagicCookies::getLast();
     $magicCookiesNamespace = new Zend_Session_Namespace('MagicCookies');
     if ($last == $value) {
         return true;
     }
     if (!ctype_xdigit($value)) {
         $this->_error(self::MSG_MAGIC_COOKIE_INVALID_FORMAT);
         return false;
     }
     $hexValue = preg_replace('/[^a-f0-9]/', '', $value);
     //sanitizing
     if ($hexValue != $value) {
         $this->_error(self::MSG_MAGIC_COOKIE_ERROR);
         return false;
     }
     if (mb_strlen($hexValue) != Ml_Model_MagicCookies::lenght) {
         $this->_error(self::MSG_MAGIC_COOKIE_INVALID_SIZE);
         return false;
     }
     $auth = Zend_Auth::getInstance();
     $hashInfo = Ml_Model_MagicCookies::getHashInfo($hexValue);
     if (!$hashInfo) {
         $this->_error(self::MSG_MAGIC_COOKIE_INVALID);
         return false;
     }
     if (!array_key_exists("uid", $hashInfo) || !array_key_exists("session_id", $hashInfo)) {
         $this->_error(self::MSG_MAGIC_COOKIE_ERROR);
         return false;
     }
     if (!is_null($hashInfo['uid']) && $hashInfo['uid'] == $auth->getIdentity() || Zend_Session::getId() == $hashInfo['session_id']) {
         return true;
     }
     $this->_error(self::MSG_MAGIC_COOKIE_INVALID);
     return false;
 }
Esempio n. 25
0
 public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request)
 {
     parent::dispatchLoopStartup($request);
     $id = Zend_Session::getId();
     $cm = Zend_Controller_Front::getInstance()->getParam('bootstrap')->getResource('cachemanager');
     $standard_cache = $cm->getCache('standardcache');
     $rq = $standard_cache->load($id . '_cache');
     if (is_array($rq)) {
         $cm = Zend_Controller_Front::getInstance()->getParam('bootstrap')->getResource('cachemanager');
         $request_cache = $cm->getCache('requestcache');
         foreach ($rq as $cacheName) {
             $request_cache->remove($cacheName);
         }
     }
 }
 /**
  * Gets id and org id from the session
  */
 public function indexAction()
 {
     $this->view->assign($_SESSION['Zend_Auth']['storage']);
     $this->view->csrfToken = $_SESSION['csrf']['token'];
     $this->view->userId = $this->view->id;
     $this->view->id = Zend_Session::getId();
     if (isset($this->view->impersonation)) {
         $origOrgId = $this->view->orgId;
         $origRole = $this->view->role;
         $this->view->orgId = isset($this->view->impersonation['orgId']) ? $this->view->impersonation['orgId'] : $origOrgId;
         $this->view->role = isset($this->view->impersonation['role']) ? $this->view->impersonation['role'] : 'admin';
         $this->view->impersonation['orgId'] = $origOrgId;
         $this->view->impersonation['role'] = $origRole;
     }
 }
Esempio n. 27
0
 public static function view($removefieldset = false)
 {
     if (!self::$_started) {
         return;
     }
     self::$timeEnd = self::getmicrotime();
     $time = sprintf('%.5f', self::$timeEnd - self::$timeStart);
     $files = sprintf('%.5f', self::$filesTime);
     $rapportSQL = sprintf('%.2f', 100 * self::$totalTime / $time);
     $rapportPHP = 100 - $rapportSQL;
     $memoryPeak = round(memory_get_peak_usage() / 1048576, 3);
     $content = 'File ' . $_SERVER['SCRIPT_NAME'] . "\n" . 'Loaded in ' . $time . ' seconds' . "\n" . 'Loaded PHP files : ' . self::$filesLoaded . "\n" . 'SQL requests : ' . sprintf('%.5f', self::$totalTime) . ' seconds (' . self::$sqlNbRequests . ' requests)' . "\n" . '% SQL/PHP : ' . $rapportSQL . ' / ' . $rapportPHP . ' %' . "\n" . 'Memory Peak : ' . $memoryPeak . 'Mo' . "\n";
     if (function_exists('xdebug_get_profiler_filename') && xdebug_get_profiler_filename()) {
         $content .= 'XDebug Profile : ' . xdebug_get_profiler_filename() . "\n";
     }
     if (function_exists('xdebug_get_profiler_filename') && xdebug_get_tracefile_name()) {
         $content .= 'XDebug Trace : ' . xdebug_get_tracefile_name() . "\n";
     }
     $content .= 'User : '******' (' . CMS_session::getUserId() . ')' : 'none') . "\n";
     $content .= 'Session Id ' . Zend_Session::getId() . "\n";
     //$content .= 'Current page '.CMS_session::getPageID()."\n";
     if (VIEW_SQL && $_SERVER["SCRIPT_NAME"] != PATH_ADMIN_WR . '/stat.php') {
         $stat = array('stat_time_start' => self::$timeStart, 'stat_time_end' => self::$timeEnd, 'stat_total_time' => self::$totalTime, 'stat_sql_nb_requests' => self::$sqlNbRequests, 'stat_sql_table' => self::$sqlTable, 'stat_content_name' => basename($_SERVER["SCRIPT_NAME"]), 'stat_files_table' => self::$filesTable, 'stat_memory_table' => self::$memoryTable, 'stat_memory_peak' => $memoryPeak, 'stat_files_loaded' => self::$filesLoaded);
         $statName = 'stat_' . md5(rand());
         //save stats to cache (for 10 min)
         $cache = new CMS_cache($statName, 'atm-stats', 600, false);
         if ($cache) {
             $cache->save($stat);
         }
     }
     $content = !$removefieldset ? '<fieldset style="width:200px;" class="atm-debug"><legend>Debug Statistics</legend><pre>' . $content . '</pre>' : 'Debug Statistics :' . "\n" . $content;
     if (isset($statName)) {
         $content .= '<a href="' . PATH_ADMIN_WR . '/stat.php?stat=' . $statName . '" target="_blank">View statistics detail</a>';
     }
     //end xhprof profiling
     if (defined('APPLICATION_ENABLE_PROFILING') && APPLICATION_ENABLE_PROFILING && function_exists('xhprof_disable')) {
         $xhprof_data = xhprof_disable();
         include_once APPLICATION_XHPROF_ROOT_FS . "/xhprof_lib/utils/xhprof_lib.php";
         include_once APPLICATION_XHPROF_ROOT_FS . "/xhprof_lib/utils/xhprof_runs.php";
         $xhprof_runs = new XHProfRuns_Default();
         $profileName = md5($_SERVER['REQUEST_URI']);
         $run_id = $xhprof_runs->save_run($xhprof_data, md5($_SERVER['REQUEST_URI']));
         $content .= '<br /><a href="' . APPLICATION_XHPROF_URI . 'xhprof_html/index.php?run=' . $run_id . '&amp;source=' . $profileName . '" target="_blank">View profiling detail</a>';
     }
     $content .= !$removefieldset ? '</fieldset>' : '';
     return $content;
 }
Esempio n. 28
0
 function preDispatch()
 {
     parent::preDispatch();
     $this->view->sessionId = Zend_Session::getId();
     $this->oConfig = Zend_Registry::get('config');
     $this->oDb = Zend_Registry::get('db');
     $this->oSession = new Zend_Session_Namespace(Zend_Controller_Front::getInstance()->getParam('bootstrap')->getOption('applicationName'));
     $this->oAcl = Zend_Auth::getInstance();
     if (APPLICATION_ENV == 'development') {
         $this->_activateFirebug();
     }
     $this->view->auth = $this->getUser();
     $this->view->controller = $this->getRequest()->getControllerName();
     $this->view->action = $this->getRequest()->getActionName();
     $this->_aUserInfo = $this->getUser();
     $this->view->userInfo = $this->_aUserInfo;
 }
 public function indexAction()
 {
     Zend_Loader::loadClass('Zend_Session_Namespace');
     Zend_Loader::loadClass('Appcelerator_Request');
     $req = $this->getRequest();
     $session = new Zend_Session_Namespace('Appcelerator');
     $sessionid = Zend_Session::getId();
     $my_secret_key = "";
     $shared_secret = is_null($my_secret_key) ? null : md5($my_secret_key);
     // initialization just starts a session
     if ($req->getParam("initial") == 1 || $req->getParam("init") == 1) {
         return;
     }
     $auth = $req->getParam("auth");
     $instanceid = $req->getParam("instanceid");
     if (is_null($auth)) {
         $this->badRequest("no auth token");
         return;
     }
     if (is_null($instanceid)) {
         $this->badRequest("no instanceid");
         return;
     }
     if ($auth !== $shared_secret && md5($sessionid . $instanceid) !== $auth) {
         $this->badRequest("invalid auth token");
         return;
     }
     $request = new Appcelerator_Request($req, $sessionid);
     // Only GET and POST are allowed
     if ($request->isInvalidMethod()) {
         $this->getResponse()->setHeader('HTTP/1.0', '405 Bad Request');
         $this->getResponse()->setHeader('Allow', 'GET POST');
         $this->view->content = "Invalid method\n";
         return;
     }
     $request->processMessages();
     if (count($request->getResponses()) > 0) {
         $this->getResponse()->setHeader('Content-type', $request->getContentType());
         $this->view->content = $request->getResponseText();
     } else {
         $this->getResponse()->setHeader('Content-Length', '0');
         $this->getResponse()->setHeader('Content-type', 'text/plain');
         $this->getResponse()->setHeader('HTTP/1.0', '202 Accepted');
     }
 }
Esempio n. 30
0
 public function testShouldAuthExistingUserAndReturnSessionId()
 {
     //GIVEN
     Zend_Session::$_unitTestEnabled = true;
     $oApiUser = new AM_Api_User();
     //WHEN
     $aResult = $oApiUser->login('john', 'password');
     //THEN
     $oExpectedUserObject = new stdClass();
     $oExpectedUserObject->first_name = 'John';
     $oExpectedUserObject->last_name = 'Doe';
     $oExpectedUserObject->login = '******';
     $oExpectedUserObject->email = '*****@*****.**';
     $oExpectedUserObject->id = 1;
     $oExpectedUserObject->client = 1;
     $oExpectedUserObject->is_admin = 0;
     $aExpectedResult = array('code' => 1, 'sessionId' => Zend_Session::getId(), 'userInfo' => $oExpectedUserObject);
     $this->assertEquals($aExpectedResult, $aResult);
 }