/**
* Store submitted files to storeFolder
*/
function processSubmit($fieldName, $is_admin = true)
{
if (empty($_FILES[$fieldName])) {
return false;
}
if (is_array($_FILES[$fieldName]['tmp_name'])) {
$keys = array_keys($_FILES[$fieldName]['tmp_name']);
} else {
$keys = array(null);
}
foreach ($keys as $k) {
$upload[$k] = $this->getDi()->uploadRecord;
$upload[$k]->prefix = $this->prefix;
$upload[$k]->admin_id = $is_admin ? Am_Di::getInstance()->authAdmin->getUserId() : null;
$upload[$k]->user_id = $is_admin ? null : Am_Di::getInstance()->auth->getUserId();
$upload[$k]->session_id = !$is_admin && !Am_Di::getInstance()->auth->getUserId() ? Zend_Session::getId() : null;
$upload[$k]->setFrom_FILES($_FILES[$fieldName], $k);
}
foreach ($upload as $k => $file) {
if ($f = $this->checkFileAndMove($file)) {
$this->files[] = $f;
if (!$is_admin && !Am_Di::getInstance()->auth->getUserId()) {
if (!isset($this->getDi()->session->uploadNeedBind)) {
$this->getDi()->session->uploadNeedBind = array();
}
$this->getDi()->session->uploadNeedBind[] = $f->pk();
}
}
}
return $this;
}
protected function _getMainSection()
{
try {
$args = array(Sitengine_Env::PARAM_GREATANCESTORID => $this->_controller->getEntity()->getGreatAncestorSlug(), Sitengine_Env::PARAM_ANCESTORID => $this->_controller->getEntity()->getAncestorId());
$query = array(Sitengine_Env::PARAM_SESSIONID => Zend_Session::getId());
$route = $this->_controller->getFrontController()->getRouter()->getRoute(Sitengine_Blog_Frontend_Front::ROUTE_BLOGS_POSTS_FILES_UPLOAD);
$submitUri = $this->_controller->getRequest()->getBasePath() . '/' . $route->assemble($args, true);
$submitUri .= Sitengine_Controller_Request_Http::makeNameValueQuery($query);
require_once $this->_controller->getEnv()->getContribDir() . '/FlexUpload/class.flexupload.inc.php';
$flex = new FlexUpload($submitUri);
$flex->setWidth('100%');
#$flex->setHeight('100%');
$flex->setMaxFiles(20);
$flex->setMaxFileSize(15 * 1024 * 1024);
$type = $this->_controller->getEntity()->getAncestorType();
if ($type == Sitengine_Blog_Posts_Table::TYPE_GALLERY) {
$types = '*.gif;*.jpg;*.jpeg';
} else {
$types = '*.zip;*.mp3;*.wav;*.gif;*.jpg;*.jpeg;*.pdf;*.doc;*.xls';
}
$flex->setFileExtensions($types);
$flex->setPathToSWF($this->_controller->getEnv()->getContribRequestDir() . '/FlexUpload/');
$flex->setPathToSWFObject($this->_controller->getEnv()->getContribRequestDir() . '/FlexUpload/js/');
$flex->setLocale($this->_controller->getEnv()->getContribRequestDir() . '/FlexUpload/locale/en.xml');
return array('flex' => $flex->getHTML());
} catch (Exception $exception) {
require_once 'Sitengine/Blog/Frontend/Blogs/Posts/Files/Exception.php';
throw new Sitengine_Blog_Frontend_Blogs_Posts_Files_Exception('form page error', $exception);
}
}
public function log($entityId, $entityTable, $message = null, $preChangedData)
{
/*
fields in mst_user_log table
----------------------------
id
user_id
entity_table
entity_id
module_name
controller_name
action_name
timestamp
message
variables
session_id
ip
*/
$auth = Zend_Auth::getInstance();
$userid = 0;
//System user
if ($auth->hasIdentity()) {
$authArray = $auth->getIdentity();
$userid = $authArray['user_id'];
}
$module_name = Zend_Controller_Front::getInstance()->getRequest()->getModuleName();
$controller_name = Zend_Controller_Front::getInstance()->getRequest()->getControllerName();
$action_name = Zend_Controller_Front::getInstance()->getRequest()->getActionName();
$session_id = Zend_Session::getId();
$ip = Zend_Controller_Front::getInstance()->getRequest()->getServer('REMOTE_ADDR');
$table = new Application_Model_DbTable_MstUserLog();
$data = array('user_id' => $userid, 'entity_table' => $entityTable, 'entity_id' => $entityId, 'module_name' => $module_name, 'controller_name' => $controller_name, 'action_name' => $action_name, 'timestamp' => date('Y-m-d H:i:s'), 'message' => $message, 'variables' => $preChangedData, 'session_id' => $session_id, 'ip' => $ip);
$table->insert($data);
}
/**
*Upload File
*
*/
public function uploadAction()
{
$this->_loadParams();
$dir = $this->_fields[$this->_request->getParam('field_id')]['params']['dir'];
if (!Zend_Session::sessionExists() || !Zend_Session::isStarted()) {
Zend_Session::start();
}
$uniqueName = Zend_Session::getId();
$this->_genericFileHelper->createFieldDir($dir . DIRECTORY_SEPARATOR . stripcslashes($uniqueName), true);
$destination = $dir . DIRECTORY_SEPARATOR . stripcslashes($uniqueName);
$uploadSettings = $this->getParams($this->_request->getParam('field_id'));
if (!isset($uploadSettings)) {
//do something bcs there is no file types
}
$uploadSettings = array_merge($uploadSettings, array('dir' => $destination, 'field' => $this->_request->getParam('field_id')));
$result = $this->_genericFileHelper->upload($uploadSettings);
if ($result === false) {
$result = array('success' => false, 'files' => array());
$lastError = $this->_genericFileHelper->getLastErrorMessage();
if ($lastError != '') {
$result['error'] = $this->translate($lastError);
}
echo json_encode($result);
} else {
$result = array('success' => true, 'files' => array($result), 'path' => $result['path']);
$lastError = $this->_genericFileHelper->getLastErrorMessage();
if ($lastError != '') {
$result['error'] = $this->translate($lastError);
}
echo json_encode($result);
}
die;
}
protected function _getMainSection()
{
try {
$args = array(Sitengine_Env::PARAM_ANCESTORID => $this->_controller->getEntity()->getAncestorId());
$query = array(Sitengine_Env::PARAM_SESSIONID => Zend_Session::getId());
$route = $this->_controller->getFrontController()->getRouter()->getRoute(Sitengine_Newsletter_Backend_Front::ROUTE_CAMPAIGNS_ATTACHMENTS_UPLOAD);
$submitUri = $this->_controller->getRequest()->getBasePath() . '/' . $route->assemble($args, true);
$submitUri .= Sitengine_Controller_Request_Http::makeNameValueQuery($query);
#print $submitUri;
require_once $this->_controller->getEnv()->getContribDir() . '/FlexUpload/class.flexupload.inc.php';
$flex = new FlexUpload($submitUri);
$flex->setWidth('100%');
#$flex->setHeight('100%');
$flex->setMaxFiles(20);
$flex->setMaxFileSize(100 * 1024 * 1024);
$flex->setFileExtensions('*.zip;*.mp3;*.wav;*.gif;*.jpg;*.jpeg;*.pdf;*.doc;*.xls');
$flex->setPathToSWF($this->_controller->getEnv()->getContribRequestDir() . '/FlexUpload/');
$flex->setPathToSWFObject($this->_controller->getEnv()->getContribRequestDir() . '/FlexUpload/js/');
$flex->setLocale($this->_controller->getEnv()->getContribRequestDir() . '/FlexUpload/locale/en.xml');
return array('flex' => $flex->getHTML());
} catch (Exception $exception) {
require_once 'Sitengine/Newsletter/Backend/Campaigns/Attachments/Exception.php';
throw new Sitengine_Newsletter_Backend_Campaigns_Attachments_Exception('form page error', $exception);
}
}
/**
* Route shutdown hook -- Check for router exceptions
*
* @param Zend_Controller_Request_Abstract $request
*/
public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request)
{
try {
// Avoid error override! :S
if (count($this->getResponse()->getException())) {
return;
}
$auth = Zend_Auth::getInstance();
if (!$auth->hasIdentity()) {
$this->_forceLogout($request, "No session");
return;
}
$sessionId = Zend_Session::getId();
$sessMapper = Application\Model\Mapper\SessionMapper::getInstance();
$session = $sessMapper->findOneById($sessionId);
if (!$session) {
return;
}
if (isset($session['logout'])) {
$this->_forceLogout($request, isset($session['logout']['message']) ? $session['logout']['message'] : "External logout", isset($session['logout']['code']) ? $session['logout']['code'] : PermissionCodes::AUTH_ANOTHER_SESSION_STARTED);
return;
}
} catch (Exception $exc) {
\App::log()->err("MESSAGE BROADCAST: " . $exc->getMessage());
$this->_forceLogout($request, "Unexpected fatal error: " . $exc->getMessage(), 500);
return;
}
}
public function init()
{
$this->bootstrap = $this->getInvokeArg('bootstrap');
$this->options = $this->bootstrap->getOptions();
$this->_host = $this->_request->getServer('HTTP_HOST');
if (Zend_Session::sessionExists()) {
if (!$this->session) {
$singleton = !empty($this->options['unittest']) ? false : true;
$this->session = new Zend_Session_Namespace(self::SESSION_NAMESPACE, $singleton);
}
$this->_sessionId = Zend_Session::getId();
do {
// 登陆信息验证
$names = $this->options['cookies'];
if (!isset($this->session->auth) || !$this->_request->getCookie($names['username'])) {
break;
}
//var_dump($this->_request->getCookie($names['email']));exit();
if ($this->session->auth['username'] != $this->_request->getCookie($names['username'])) {
break;
}
$this->session->auth['lasttime'] = time();
$this->_user = Tudu_User::getInstance();
$this->_user->init($this->session->auth);
} while (false);
} else {
$authId = $this->_request->getCookie($this->options['cookies']['auth']);
if (!empty($authId)) {
$referer = PROTOCOL . '//' . $this->_request->getServer('HTTP_HOST') . '/frame';
return $this->_redirect($this->options['sites']['www'] . '/login/auto?referer=' . urlencode($referer));
}
}
}
public function calculationSettingsChangeAction()
{
$this->getHelper('viewRenderer')->setNoRender();
$request = $this->getRequest();
if ($request->isPost()) {
$post = $request->getPost();
if (!isset($post['changeSet']) || empty($post['changeSet'])) {
$this->ajaxException("Nieprawidłowa wartość parametrów");
return;
} else {
$data = Zend_Json::decode($post['changeSet']);
for ($i = 0; $i < $data['formsCount']; $i++) {
$form = $data[$i];
if (count($form['changes']) == 0) {
Logic_FormsTracker::invalidate(Zend_Session::getId() . '_' . $form['trackingName'], Zend_Auth::getInstance()->getIdentity()->id);
} else {
Logic_FormsTracker::store(Zend_Session::getId(), $form['trackingName'], $form['changes']);
}
}
echo Zend_Json::encode(array('result' => 'success', 'message' => 'ok'));
}
} else {
$this->ajaxException("Bad request");
return;
}
}
public function loginAction()
{
//$this->_helper->layout->disableLayout();
$this->_helper->layout()->setLayout('layout-front');
$r = $this->getRequest();
//$returnTo = $r->getParam('returnTo');
//$this->view->returnTo = urlencode($returnTo);
if ($r->isPost()) {
$returnTo = $r->getParam('returnTo');
$this->view->returnTo = $returnTo;
Zend_Session::start();
$username = $r->getParam('username');
$password = $r->getParam('password');
$authAdapterFactory = new Kutu_Auth_Adapter_Factory();
$authAdapter = $authAdapterFactory->getAdapter();
$authAdapter->setIdentity($username)->setCredential($password);
$auth = Zend_Auth::getInstance();
$authResult = $auth->authenticate($authAdapter);
if ($authResult->isValid()) {
Zend_Session::regenerateId();
// success : store database row to auth's storage
$data = $authAdapter->getResultRowObject();
$auth->getStorage()->write($data);
if (strpos($returnTo, '?')) {
$sAddition = '&';
} else {
$sAddition = '?';
}
header("location: " . $returnTo . $sAddition . "PHPSESSID=" . Zend_Session::getId());
} else {
if ($authResult->getCode() != -51) {
// failure : clear database row from session
Zend_Auth::getInstance()->clearIdentity();
}
$this->view->errorMessage = "Login GAGAL";
}
} else {
Zend_Session::start();
$returnTo = $r->getParam('returnTo');
if (!empty($returnTo)) {
$returnTo = urldecode($returnTo);
$this->view->returnTo = $returnTo;
} else {
$returnTo = KUTU_ROOT_URL . '/identity/account';
$this->view->returnTo = $returnTo;
}
//check sudah login belum
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
//echo "punya identitas";
if (strpos($returnTo, '?')) {
$sAddition = '&';
} else {
$sAddition = '?';
}
header("location: " . $returnTo . $sAddition . "PHPSESSID=" . Zend_Session::getId());
}
}
}
public function indexAction()
{
$registry = Zend_Registry::getInstance();
$auth = Zend_Auth::getInstance();
$config = $registry->get("config");
$sessionConfig = $config['resources']['session'];
Ml_Model_AntiAttack::loadRules();
$credential = Ml_Model_Credential::getInstance();
$logger = Ml_Model_Logger::getInstance();
if ($auth->hasIdentity()) {
return $this->_forward("goback");
}
$request = $this->getRequest();
$form = $credential->loginForm();
if (Ml_Model_AntiAttack::ensureHuman()) {
$ensureHuman = true;
} else {
$ensureHuman = false;
}
if ($request->isPost()) {
ignore_user_abort(true);
//A way to sign in only if captcha is right. This is a workaround to
//signout if the captcha is wrong.
//
//I've decided to put the sign in code in the validator itself,
//but couldn't find a way to make the password validator
//load after the captcha one (but to let it come first in code,
//and that's ugly on the screen) and get a result if the
//validation worked. Notice that it is only useful when
//the captcha is required.
if ($form->isValid($request->getPost())) {
//@see below
$session = Ml_Model_Session::getInstance();
//rememberMe and ForgetMe already regenerates the ID
if ($form->getElement("remember_me")->isChecked()) {
Zend_Session::rememberMe($sessionConfig['cookie_lifetime']);
} else {
Zend_Session::ForgetMe();
}
$session->associate($auth->getIdentity(), Zend_Session::getId());
$logger->log(array("action" => "login", "username" => $form->getValue("username")));
$this->_forward("goback");
} else {
//@see above
if ($auth->hasIdentity()) {
$auth->clearIdentity();
}
$logger->log(array("action" => "login_denied", "username" => $form->getValue("username")));
$this->view->errorlogin = true;
}
//@end of workaround
}
$challenge = $form->getElement("challenge");
//don't show missing value in the first time that asks for the captcha
if (!$ensureHuman && is_object($challenge)) {
$challenge->setErrorMessages(array("missingValue" => ''));
}
$this->view->loginform = $form;
}
public function indexAction()
{
if ($this->_user->initPassword) {
$this->jump('/frame/initpwd');
}
if (!isset($this->session->tips)) {
$this->session->tips = $this->_loadTips();
}
$labels = $this->getLabels(null);
if (!count($labels)) {
// 防止新用户点入左导航为空
$daoLabel = $this->getDao('Dao_Td_Tudu_Label');
foreach ($this->options['tudu']['label'] as $alias => $id) {
if (!isset($labels[$alias])) {
$daoLabel->createLabel(array('uniqueid' => $this->_user->uniqueId, 'labelalias' => $alias, 'labelid' => $id, 'isshow' => isset($this->_labelDefaultSetting[$alias]['isshow']) ? $this->_labelDefaultSetting[$alias]['isshow'] : 1, 'issystem' => true, 'ordernum' => $this->_labelDefaultSetting[$alias]['ordernum']));
$daoLabel->calculateLabel($this->_user->uniqueId, $id);
$reLoad = true;
}
}
$labels = $this->getLabels(null);
}
$mailboxes = array();
$access = array('skin' => $this->_user->getAccess()->isAllowed(Tudu_Access::PERM_CUSTOM_SKIN), 'flow' => $this->_user->getAccess()->isAllowed(Tudu_Access::PERM_CREATE_FLOW));
// 有权限创建工作流,但仍需判断是否为版主
if ($access['flow']) {
$boards = $this->getBoards(true, true);
// 若用户均不是某一板块的负责人或分区负责人,则无权限新建工作流
if (empty($boards)) {
$access['flow'] = false;
}
}
// 没有权限创建工作流,则读取该用户是否有使用的工作流
if (!$access['flow']) {
$flows = $this->_getFlows();
if (!empty($flows)) {
$access['flow'] = true;
}
}
$daoBoard = $this->getDao('Dao_Td_Board_Board');
$boards = $daoBoard->getAttentionBoards($this->_user->orgId, $this->_user->uniqueId);
$daoEmail = $this->getMdDao('Dao_Md_User_Email');
$mailBoxes = $daoEmail->getEmails(array('orgid' => $this->_user->orgId, 'userid' => $this->_user->userId), null, array('ordernum' => 'DESC'));
$upload = $this->options['upload'];
$upload['cgi']['upload'] .= '?' . session_name() . '=' . Zend_Session::getId() . '&email=' . $this->_user->address;
$daoOrg = $this->getMdDao('Dao_Md_Org_Org');
$org = $daoOrg->getOrg(array('orgid' => $this->_user->orgId));
$this->view->mailboxes = $mailBoxes->toArray();
$this->view->upload = $upload;
$this->view->im = $this->options['im'];
$this->view->access = $access;
$this->view->boards = $boards;
$this->view->labels = $labels;
$this->view->user = $this->_user->toArray();
$this->view->sid = Zend_Session::getId();
$this->view->LANG = $this->lang;
$this->view->org = $org->toArray();
$this->view->checklog = !empty($this->session->auth['loginlogid']);
$this->view->registFunction('format_label', array($this, 'formatLabels'));
}
/**
* Login user
*
*/
public function kloginAction()
{
$this->_helper->getHelper('viewRenderer')->setNoRender();
$this->_helper->getHelper('layout')->disableLayout();
$response = array();
$request = $this->getRequest();
/**
* Redirect to dashboard if user has logged in already
*/
if ($request->isPost()) {
$username = $request->getPost('u');
$password = $request->getPost('p');
$remember = $request->getPost('s');
$authMan = new Pandamp_Auth_Manager($username, $password);
$authResult = $authMan->authenticate();
$zendAuth = Zend_Auth::getInstance();
if ($zendAuth->hasIdentity()) {
if ($authResult->isValid()) {
$returnUrl = base64_decode($request->getPost('r'));
if (!empty($returnUrl)) {
if (strpos($returnUrl, '?')) {
$sAddition = '&';
} else {
$sAddition = '?';
}
$data = array('success' => true, 'msg' => 'Logging in', 'message' => "{$returnUrl}" . $sAddition . "PHPSESSID=" . Zend_Session::getId());
Pandamp_Lib_Formater::writeLog();
// to help thwart session fixation/hijacking
// @modifiedDate 2014-09-15 17:01
if (isset($remember) && $remember == 'yes') {
/*$hol = new Pandamp_Core_Hol_Auth();
$hol->user = $username;
$hol->user_pw = $password;
$hol->save_login = $remember;
$hol->login_saver();*/
// remember the session for 604800s = 7 days
Zend_Session::rememberMe(604800);
} else {
// do not remember the session
// Zend_Session::forgetMe();
}
$this->_helper->FlashMessenger('Successful authentication');
}
} else {
if ($authResult->getCode() != -51) {
Zend_Auth::getInstance()->clearIdentity();
}
$messages = $authResult->getMessages();
$data = array('error' => $messages[0], 'success' => false);
}
} else {
$messages = $authResult->getMessages();
$data = array('error' => $messages[0], 'failure' => true);
}
}
$this->getResponse()->setBody(Zend_Json::encode($data));
}
public function __construct()
{
$this->front = Zend_Controller_Front::getInstance();
$this->view = Zend_Controller_Action_HelperBroker::getStaticHelper('viewRenderer')->view;
$this->limit = (int) Zend_Registry::get('config')->get('sidebar_max_users');
$this->model = new LobbyModel();
$this->translator = Zend_Registry::get('Zend_Translate');
$this->uid = Zend_Auth::getInstance()->hasIdentity() ? Zend_Session::getId() : md5('APPLICATION_PATH');
}
/**
* Inicía o log de Relatório
*
* @param string $mapperView
* @param string $title
* @return \Log_Context_Relatorio
*/
public function start($mapperView, $title)
{
$this->_session = Zend_Session::getId();
if ($this->_session) {
$idUsuario = Zend_Auth::getInstance()->getStorage()->read()->getId();
$this->setArquivo($mapperView)->setTitulo($title)->setSessao($this->_session)->setIdUsuario($idUsuario)->setDhIniExec(ZendT_Type_Date::nowDateTime())->setImpresso('N')->insert();
}
return $this;
}
/**
* Return visitor row
*
* @return Zend_Db_Table_Row_Abstract
*/
public function getVisitor()
{
if (!isset(Axis::session()->visitorId) || !($row = $this->find(Axis::session()->visitorId)->current())) {
$row = $this->createRow(array('session_id' => Zend_Session::getId(), 'customer_id' => Axis::getCustomerId() ? Axis::getCustomerId() : new Zend_Db_Expr('NULL')));
$row->save();
Axis::session()->visitorId = $row->id;
//unset only on logout
}
return $row;
}
public function init()
{
$this->view->headScript()->appendFile($this->view->baseUrl('views/js/site/index.js'));
$session_id = Zend_Session::getId();
$modelSession = new Model_DbTable_Session();
$modelSession->save($session_id);
//Zend_Auth::getInstance()->clearIdentity(); Zend_Session::destroy();
$pluginMail = new Plugin_Mail();
//$pluginMail->send("salao-pre-cadastro.phtml", "Teste", "*****@*****.**");
}
protected function _initSession()
{
Zend_Session::start(true);
if (Zend_Session::sessionExists()) {
$phpSettings = $this->getOption('phpSettings');
$sessionConfig = $phpSettings['session'];
// Prorrogando o tempo de vida do cookie ;)
setcookie($sessionConfig['name'], Zend_Session::getId(), $sessionConfig['cookie_lifetime'] + time(), $sessionConfig['cookie_path'], $sessionConfig['cookie_domain'], $sessionConfig['cookie_secure'], $sessionConfig['cookie_httponly']);
}
}
public function generateAction()
{
$r = $this->getRequest();
$returnUrl = base64_decode($r->getParam('returnTo'));
if (strpos($returnUrl, '?')) {
$sAddition = '&';
} else {
$sAddition = '?';
}
header("location: {$returnUrl}" . $sAddition . "PHPSESSID=" . Zend_Session::getId());
}
public function indexAction()
{
//$this->_helper->layout ()->disableLayout ();
$auth = Zend_Auth::getInstance();
$authContent = $auth->getStorage()->read();
$authAcl = new Zend_Session_Namespace('authAcl');
$guestID = Authz_Resource_Acl_Guest::GUEST_ID;
if (is_array($authContent) and $authContent['identity'] != $guestID) {
return;
}
$loginForm = new Auth_Form_Auth_Login($_POST);
$authAdapter = null;
if ($this->getRequest()->isPost() and $loginForm->isValid($_POST)) {
$authService = 'DbTable';
switch (strtolower($authService)) {
case 'dbtable':
$db = $this->_getParam('db');
$authAdapter = new Zend_Auth_Adapter_DbTable($db, 'auth_user', 'user_id', 'sec_passwd');
$authAdapter->setIdentity($loginForm->getValue('username'));
$authAdapter->setCredential($loginForm->getValue('password'));
break;
case 'ldap':
/*TODO Implement LDAP auth */
break;
default:
throw new Zend_Exception('Unknown authentication service -> ' . $authService, Zend_Log::ALERT);
}
$result = Zend_Auth::getInstance()->authenticate($authAdapter);
//$this->_helper->logger->debug ( $result );
switch ($result->getCode()) {
case Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND:
case Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID:
break;
case Zend_Auth_Result::SUCCESS:
Zend_Session::regenerateId();
preg_match('/[^.]+\\.[^.]+$/', $_SERVER['SERVER_NAME'], $domain);
setcookie(self::AUTH_SID, Zend_Session::getId(), time() + 1200, self::AUTH_PATH, ".{$domain['0']}", null, true);
$last = time();
setcookie('last', $last, null, '/', ".{$domain['0']}", null, true);
$lastLogin = new Zend_Session_Namespace('last');
$lastLogin->lastLogin = $last;
$lastLogin->setExpirationHops(1, null, 1);
$authAcl = new Zend_Session_Namespace('authAcl');
$authAcl->authId = $loginForm->getValue('username');
$this->_helper->redirector('index', 'index');
return;
default:
/** do stuff for other failure **/
break;
}
}
$this->view->form = $loginForm;
}
function loadWidget3($widgetUrl)
{
Zend_Loader::loadClass('Zend_Http_Client');
Zend_Loader::loadClass('Zend_Session');
$client = new Zend_Http_Client($widgetUrl, array('keepalive' => true));
//$_SESSION['testaja'] = 'testaja';
$client->setUri($widgetUrl);
$client->setParameterGet(array('PHPSESSID' => Zend_Session::getId()));
$userAgent = $_SERVER['HTTP_USER_AGENT'];
$client->setHeaders("User-Agent: {$userAgent}");
$response = $client->request(Zend_Http_Client::GET);
return $response->getBody();
}
public function onSuccess()
{
$user = $this->getUser();
if ($user && $user->last_session != Zend_Session::getId()) {
$ip = $this->getDi()->request->getClientIp();
$user->last_ip = preg_replace('/[^0-9.]+/', '', $ip);
$user->last_login = $this->getDi()->sqlDateTime;
$user->last_session = Zend_Session::getId();
$user->updateSelectedFields(array('last_ip', 'last_login', 'last_session'));
}
$this->getDi()->adminLogTable->log('Logged in');
$this->session->setExpirationSeconds(3600 * 2);
}
/**
* Obtain the session token
*
* @return string
*/
public function getSessionToken()
{
if (NULL === $this->_sessionToken) {
// Resource option?
$opt = $this->getOptions('sessionToken');
if ($opt) {
$this->_sessionToken = $opt;
} else {
$this->_sessionToken = crc32(self::SALT . Zend_Session::getId());
$this->_sessionToken = base_convert($this->_sessionToken, 10, 36);
}
}
return $this->_sessionToken;
}
public function startAction()
{
$saveHandlerManager = new Kutu_Session_SaveHandler_Manager();
$saveHandlerManager->setSaveHandler();
Zend_Session::start();
$r = $this->getRequest();
$returnUrl = urldecode($r->getParam('returnTo'));
if (strpos($returnUrl, '?')) {
$sAddition = '&';
} else {
$sAddition = '?';
}
header("location: {$returnUrl}" . $sAddition . "PHPSESSID=" . Zend_Session::getId());
}
public function isValid($ignoreValue)
{
//Warning:
//$ignoreValue is not used because it's valid always
//due to unusual behavior of the Ml_Filter_MagicCookies filter
//this had to be done this way in this specific case
$value = filter_input(INPUT_POST, Ml_Model_MagicCookies::hash_name, FILTER_UNSAFE_RAW);
if (isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['HTTP_REFERER'])) {
$referer = Zend_Uri::factory($_SERVER['HTTP_REFERER']);
if (!in_array($referer->getHost(), $this->_options['allowed_referer_hosts'])) {
$this->_error(self::MSG_REFERER_HOST_INVALID);
return false;
}
}
$last = Ml_Model_MagicCookies::getLast();
$magicCookiesNamespace = new Zend_Session_Namespace('MagicCookies');
if ($last == $value) {
return true;
}
if (!ctype_xdigit($value)) {
$this->_error(self::MSG_MAGIC_COOKIE_INVALID_FORMAT);
return false;
}
$hexValue = preg_replace('/[^a-f0-9]/', '', $value);
//sanitizing
if ($hexValue != $value) {
$this->_error(self::MSG_MAGIC_COOKIE_ERROR);
return false;
}
if (mb_strlen($hexValue) != Ml_Model_MagicCookies::lenght) {
$this->_error(self::MSG_MAGIC_COOKIE_INVALID_SIZE);
return false;
}
$auth = Zend_Auth::getInstance();
$hashInfo = Ml_Model_MagicCookies::getHashInfo($hexValue);
if (!$hashInfo) {
$this->_error(self::MSG_MAGIC_COOKIE_INVALID);
return false;
}
if (!array_key_exists("uid", $hashInfo) || !array_key_exists("session_id", $hashInfo)) {
$this->_error(self::MSG_MAGIC_COOKIE_ERROR);
return false;
}
if (!is_null($hashInfo['uid']) && $hashInfo['uid'] == $auth->getIdentity() || Zend_Session::getId() == $hashInfo['session_id']) {
return true;
}
$this->_error(self::MSG_MAGIC_COOKIE_INVALID);
return false;
}
public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request)
{
parent::dispatchLoopStartup($request);
$id = Zend_Session::getId();
$cm = Zend_Controller_Front::getInstance()->getParam('bootstrap')->getResource('cachemanager');
$standard_cache = $cm->getCache('standardcache');
$rq = $standard_cache->load($id . '_cache');
if (is_array($rq)) {
$cm = Zend_Controller_Front::getInstance()->getParam('bootstrap')->getResource('cachemanager');
$request_cache = $cm->getCache('requestcache');
foreach ($rq as $cacheName) {
$request_cache->remove($cacheName);
}
}
}
/**
* Gets id and org id from the session
*/
public function indexAction()
{
$this->view->assign($_SESSION['Zend_Auth']['storage']);
$this->view->csrfToken = $_SESSION['csrf']['token'];
$this->view->userId = $this->view->id;
$this->view->id = Zend_Session::getId();
if (isset($this->view->impersonation)) {
$origOrgId = $this->view->orgId;
$origRole = $this->view->role;
$this->view->orgId = isset($this->view->impersonation['orgId']) ? $this->view->impersonation['orgId'] : $origOrgId;
$this->view->role = isset($this->view->impersonation['role']) ? $this->view->impersonation['role'] : 'admin';
$this->view->impersonation['orgId'] = $origOrgId;
$this->view->impersonation['role'] = $origRole;
}
}
public static function view($removefieldset = false)
{
if (!self::$_started) {
return;
}
self::$timeEnd = self::getmicrotime();
$time = sprintf('%.5f', self::$timeEnd - self::$timeStart);
$files = sprintf('%.5f', self::$filesTime);
$rapportSQL = sprintf('%.2f', 100 * self::$totalTime / $time);
$rapportPHP = 100 - $rapportSQL;
$memoryPeak = round(memory_get_peak_usage() / 1048576, 3);
$content = 'File ' . $_SERVER['SCRIPT_NAME'] . "\n" . 'Loaded in ' . $time . ' seconds' . "\n" . 'Loaded PHP files : ' . self::$filesLoaded . "\n" . 'SQL requests : ' . sprintf('%.5f', self::$totalTime) . ' seconds (' . self::$sqlNbRequests . ' requests)' . "\n" . '% SQL/PHP : ' . $rapportSQL . ' / ' . $rapportPHP . ' %' . "\n" . 'Memory Peak : ' . $memoryPeak . 'Mo' . "\n";
if (function_exists('xdebug_get_profiler_filename') && xdebug_get_profiler_filename()) {
$content .= 'XDebug Profile : ' . xdebug_get_profiler_filename() . "\n";
}
if (function_exists('xdebug_get_profiler_filename') && xdebug_get_tracefile_name()) {
$content .= 'XDebug Trace : ' . xdebug_get_tracefile_name() . "\n";
}
$content .= 'User : '******' (' . CMS_session::getUserId() . ')' : 'none') . "\n";
$content .= 'Session Id ' . Zend_Session::getId() . "\n";
//$content .= 'Current page '.CMS_session::getPageID()."\n";
if (VIEW_SQL && $_SERVER["SCRIPT_NAME"] != PATH_ADMIN_WR . '/stat.php') {
$stat = array('stat_time_start' => self::$timeStart, 'stat_time_end' => self::$timeEnd, 'stat_total_time' => self::$totalTime, 'stat_sql_nb_requests' => self::$sqlNbRequests, 'stat_sql_table' => self::$sqlTable, 'stat_content_name' => basename($_SERVER["SCRIPT_NAME"]), 'stat_files_table' => self::$filesTable, 'stat_memory_table' => self::$memoryTable, 'stat_memory_peak' => $memoryPeak, 'stat_files_loaded' => self::$filesLoaded);
$statName = 'stat_' . md5(rand());
//save stats to cache (for 10 min)
$cache = new CMS_cache($statName, 'atm-stats', 600, false);
if ($cache) {
$cache->save($stat);
}
}
$content = !$removefieldset ? '<fieldset style="width:200px;" class="atm-debug"><legend>Debug Statistics</legend><pre>' . $content . '</pre>' : 'Debug Statistics :' . "\n" . $content;
if (isset($statName)) {
$content .= '<a href="' . PATH_ADMIN_WR . '/stat.php?stat=' . $statName . '" target="_blank">View statistics detail</a>';
}
//end xhprof profiling
if (defined('APPLICATION_ENABLE_PROFILING') && APPLICATION_ENABLE_PROFILING && function_exists('xhprof_disable')) {
$xhprof_data = xhprof_disable();
include_once APPLICATION_XHPROF_ROOT_FS . "/xhprof_lib/utils/xhprof_lib.php";
include_once APPLICATION_XHPROF_ROOT_FS . "/xhprof_lib/utils/xhprof_runs.php";
$xhprof_runs = new XHProfRuns_Default();
$profileName = md5($_SERVER['REQUEST_URI']);
$run_id = $xhprof_runs->save_run($xhprof_data, md5($_SERVER['REQUEST_URI']));
$content .= '<br /><a href="' . APPLICATION_XHPROF_URI . 'xhprof_html/index.php?run=' . $run_id . '&source=' . $profileName . '" target="_blank">View profiling detail</a>';
}
$content .= !$removefieldset ? '</fieldset>' : '';
return $content;
}
function preDispatch()
{
parent::preDispatch();
$this->view->sessionId = Zend_Session::getId();
$this->oConfig = Zend_Registry::get('config');
$this->oDb = Zend_Registry::get('db');
$this->oSession = new Zend_Session_Namespace(Zend_Controller_Front::getInstance()->getParam('bootstrap')->getOption('applicationName'));
$this->oAcl = Zend_Auth::getInstance();
if (APPLICATION_ENV == 'development') {
$this->_activateFirebug();
}
$this->view->auth = $this->getUser();
$this->view->controller = $this->getRequest()->getControllerName();
$this->view->action = $this->getRequest()->getActionName();
$this->_aUserInfo = $this->getUser();
$this->view->userInfo = $this->_aUserInfo;
}
public function indexAction()
{
Zend_Loader::loadClass('Zend_Session_Namespace');
Zend_Loader::loadClass('Appcelerator_Request');
$req = $this->getRequest();
$session = new Zend_Session_Namespace('Appcelerator');
$sessionid = Zend_Session::getId();
$my_secret_key = "";
$shared_secret = is_null($my_secret_key) ? null : md5($my_secret_key);
// initialization just starts a session
if ($req->getParam("initial") == 1 || $req->getParam("init") == 1) {
return;
}
$auth = $req->getParam("auth");
$instanceid = $req->getParam("instanceid");
if (is_null($auth)) {
$this->badRequest("no auth token");
return;
}
if (is_null($instanceid)) {
$this->badRequest("no instanceid");
return;
}
if ($auth !== $shared_secret && md5($sessionid . $instanceid) !== $auth) {
$this->badRequest("invalid auth token");
return;
}
$request = new Appcelerator_Request($req, $sessionid);
// Only GET and POST are allowed
if ($request->isInvalidMethod()) {
$this->getResponse()->setHeader('HTTP/1.0', '405 Bad Request');
$this->getResponse()->setHeader('Allow', 'GET POST');
$this->view->content = "Invalid method\n";
return;
}
$request->processMessages();
if (count($request->getResponses()) > 0) {
$this->getResponse()->setHeader('Content-type', $request->getContentType());
$this->view->content = $request->getResponseText();
} else {
$this->getResponse()->setHeader('Content-Length', '0');
$this->getResponse()->setHeader('Content-type', 'text/plain');
$this->getResponse()->setHeader('HTTP/1.0', '202 Accepted');
}
}
public function testShouldAuthExistingUserAndReturnSessionId()
{
//GIVEN
Zend_Session::$_unitTestEnabled = true;
$oApiUser = new AM_Api_User();
//WHEN
$aResult = $oApiUser->login('john', 'password');
//THEN
$oExpectedUserObject = new stdClass();
$oExpectedUserObject->first_name = 'John';
$oExpectedUserObject->last_name = 'Doe';
$oExpectedUserObject->login = '******';
$oExpectedUserObject->email = '*****@*****.**';
$oExpectedUserObject->id = 1;
$oExpectedUserObject->client = 1;
$oExpectedUserObject->is_admin = 0;
$aExpectedResult = array('code' => 1, 'sessionId' => Zend_Session::getId(), 'userInfo' => $oExpectedUserObject);
$this->assertEquals($aExpectedResult, $aResult);
}