/** * Attempt to authenticate the current user. Throws exception if login fails. * * @param \Zend\Http\PhpEnvironment\Request $request Request object containing * account credentials. * * @throws AuthException * @return \VuFind\Db\Row\User Object representing logged-in user. */ public function authenticate($request) { $target = trim($request->getPost()->get('target')); $username = trim($request->getPost()->get('username')); $password = trim($request->getPost()->get('password')); if ($username == '' || $password == '') { throw new AuthException('authentication_error_blank'); } // We should have target either separately or already embedded into username if ($target) { $username = "******"; } // Connect to catalog: try { $patron = $this->getCatalog()->patronLogin($username, $password); } catch (AuthException $e) { // Pass Auth exceptions through throw $e; } catch (\Exception $e) { throw new AuthException('authentication_error_technical'); } // Did the patron successfully log in? if ($patron) { return $this->processILSUser($patron); } // If we got this far, we have a problem: throw new AuthException('authentication_error_invalid'); }
public function DoPost() { $request = new Request(); $login = $request->getPost("login"); $password = $request->getPost("password"); $repo = CommonController::$EntityManager->getRepository('user'); $user = $repo->findOneBy(["pseudo" => $login, "password" => $password]); if ($user === null) { return 'false'; } return json_encode(['jwt' => $this->GetJsonWebToken($user->getIdUser(), $_POST['login']), 'id' => $user->getIdUser()]); }
/** * Attempt to authenticate the current user. Throws exception if login fails. * * @param \Zend\Http\PhpEnvironment\Request $request Request object containing * account credentials. * * @throws AuthException * @return \VuFind\Db\Row\User Object representing logged-in user. */ public function authenticate($request) { $username = trim($request->getPost()->get('username', '')); $password = trim($request->getPost()->get('password', '')); if ($username == '' || $password == '') { throw new AuthException('authentication_error_blank'); } // Attempt SIP2 Authentication $mysip = new \sip2(); $config = $this->getConfig(); if (isset($config->SIP2)) { $mysip->hostname = $config->SIP2->host; $mysip->port = $config->SIP2->port; } if (!$mysip->connect()) { throw new AuthException('authentication_error_technical'); } //send selfcheck status message $in = $mysip->msgSCStatus(); $msg_result = $mysip->get_message($in); // Make sure the response is 98 as expected if (!preg_match("/^98/", $msg_result)) { $mysip->disconnect(); throw new AuthException('authentication_error_technical'); } $result = $mysip->parseACSStatusResponse($msg_result); // Use result to populate SIP2 setings $mysip->AO = $result['variable']['AO'][0]; $mysip->AN = $result['variable']['AN'][0]; $mysip->patron = $username; $mysip->patronpwd = $password; $in = $mysip->msgPatronStatusRequest(); $msg_result = $mysip->get_message($in); // Make sure the response is 24 as expected if (!preg_match("/^24/", $msg_result)) { $mysip->disconnect(); throw new AuthException('authentication_error_technical'); } $result = $mysip->parsePatronStatusResponse($msg_result); $mysip->disconnect(); if ($result['variable']['BL'][0] == 'Y' and $result['variable']['CQ'][0] == 'Y') { // Success!!! $user = $this->processSIP2User($result, $username, $password); // Set login cookie for 1 hour $user->password = $password; // Need this for Metalib } else { throw new AuthException('authentication_error_invalid'); } return $user; }
public function uploadImageAction() { $this->checkAuth(); $request = $this->getRequest(); if ($request->isPost()) { // File upload input $file = new FileInput('avatar'); // Special File Input type $file->getValidatorChain()->attach(new Validator\File\UploadFile()); $file->getFilterChain()->attach(new Filter\File\RenameUpload(array('target' => './public/files/users/avatar/origin/', 'use_upload_name' => true, 'randomize' => true))); // Merge $_POST and $_FILES data together $request = new Request(); $postData = array_merge_recursive($request->getPost()->toArray(), $request->getFiles()->toArray()); $inputFilter = new InputFilter(); $inputFilter->add($file)->setData($postData); if ($inputFilter->isValid()) { // FileInput validators are run, but not the filters... $data = $inputFilter->getValues(); // This is when the FileInput filters are run. $avatar = basename($data['avatar']['tmp_name']); $this->databaseService->updateAvatar($this->user->id, $avatar); $this->user->avatar = $avatar; } else { // error } } return $this->redirect()->toRoute('profile'); }
/** * Attempt to authenticate the current user. Throws exception if login fails. * * @param \Zend\Http\PhpEnvironment\Request $request Request object containing * account credentials. * * @throws AuthException * @return \VuFind\Db\Row\User Object representing logged-in user. */ public function authenticate($request) { // Make sure the credentials are non-blank: $this->username = trim($request->getPost()->get('username')); $this->password = trim($request->getPost()->get('password')); if ($this->username == '' || $this->password == '') { throw new AuthException('authentication_error_blank'); } // Validate the credentials: $user = $this->getUserTable()->getByUsername($this->username, false); if (!is_object($user) || !$this->checkPassword($this->password, $user)) { throw new AuthException('authentication_error_invalid'); } // If we got this far, the login was successful: return $user; }
/** * @param string $name * @param mixed $default * @return mixed */ public function request($name, $default = null) { //The RequestInterface expects this method to return values from a form submission or from //the decoded JSON body if ($this->data === null) { /* @var $contentType ContentType */ $mediaType = $this->httpRequest->getHeaders('Content-type') ? $this->httpRequest->getHeaders('Content-type')->getFieldValue() : null; if ($mediaType == 'application/x-www-form-urlencoded' && ($this->httpRequest->isPut() || $this->httpRequest->isDelete())) { parse_str($this->httpRequest->getContent(), $this->data); } else { if ($mediaType == 'application/json' && ($this->httpRequest->isPost() || $this->httpRequest->isPut() || $this->httpRequest->isDelete())) { $this->data = json_decode($this->httpRequest->getContent(), true); } else { $this->data = $this->httpRequest->getPost()->toArray(); } } } return isset($this->data[$name]) ? $this->data[$name] : $default; }
/** * Attempt to authenticate the current user. Throws exception if login fails. * * @param \Zend\Http\PhpEnvironment\Request $request Request object containing * account credentials. * * @throws AuthException * @return \VuFind\Db\Row\User Object representing logged-in user. */ public function authenticate($request) { $username = trim($request->getPost()->get('username')); $password = trim($request->getPost()->get('password')); if ($username == '' || $password == '') { throw new AuthException('authentication_error_blank'); } // Connect to catalog: try { $patron = $this->getCatalog()->patronLogin($username, $password); } catch (\Exception $e) { throw new AuthException('authentication_error_technical'); } // Did the patron successfully log in? if ($patron) { return $this->processILSUser($patron); } // If we got this far, we have a problem: throw new AuthException('authentication_error_invalid'); }
/** * @param \Zend\Http\PhpEnvironment\Request $request * @return string|null */ protected function getSessionIdFromRequest($request) { $ssid = $request->getPost(static::SESSION_ID_ALIAS); if (!$ssid) { $ssid = $request->getQuery(static::SESSION_ID_ALIAS); } if (!$ssid) { return null; } return $ssid; }
public function saveAction(Request $request, Create $createService, Form $form, View $view, Redirect $redirect) { if ($request->isPost()) { $form->setData($request->getPost()); if ($form->isValid()) { $createService->create($form->getData()); return $redirect->toRoute('admin-translate-words'); } } $view->setForm($form); $view->setTemplate('translate/admin/word/edit'); return $view; }
public function DoPost() { $request = new Request(); $id = $request->getPost("id"); $label = $request->getPost("label"); $description = $request->getPost("description"); if (!(is_null($id) || is_null($label) || is_null($description))) { /** @var EntityManager $em */ $em = CommonController::$EntityManager; /** @var \Collection $collection */ $collection = $em->find("collection", $id); if (!is_null($collection)) { $collection->setDescription($description); $collection->setLabel($label); $collection->setUpdateOn(new \DateTime("now")); $em->persist($collection); $em->flush(); return "true"; } } return "false"; }
public function Edit() { if (CommonController::IsAuthentified()) { $request = new Request(); if ($request->isGet()) { $data = json_decode($this->GetCurrentCollection(), true); if (!is_null($data)) { CommonController::SetView("collection", "edit", array_merge($data, array('url' => array('edit' => CommonController::GetLink("Collection", "edit", $data['collection']['id']))))); return; } } else { if ($request->isPost()) { $label = $request->getPost('label'); $description = $request->getPost('description'); $id = $request->getPost('id'); if (!is_null($label) && !is_null($description)) { if (!is_null($id)) { $WSCtrl = new WebServicesController(); $return = $WSCtrl->Call("Collection", "POST", array("id" => $id, "label" => $label, "description" => $description)); var_dump($return); if ($return == "true") { CommonController::Redirect("Collection", "Index", $id); } else { $data = json_decode($this->GetCurrentCollection(), true); if (!is_null($data)) { CommonController::SetView("collection", "index", array_merge($data, array('url' => array('edit' => CommonController::GetLink("Collection", "edit", $data['collection']['id']), 'delete' => CommonController::GetLink("Collection", "delete", $data['collection']['id'])), 'error' => 'Impossible de sauver la collection'))); return; } } } else { //Create } } } } } CommonController::Redirect("home"); }
public static function createFromRequest(BaseRequest $request) { $new = static::fromString($request->toString()); $new->setQuery($request->getQuery()); $new->setPost($request->getPost()); $new->setCookies($request->getCookie()); $new->setFiles($request->getFiles()); $new->setServer($request->getServer()); $new->setContent($request->getContent()); $new->setEnv($request->getEnv()); $headers = $request->getHeaders(); $new->setHeaders($headers); return $new; }
/** * Attempt to authenticate the current user. Throws exception if login fails. * * @param \Zend\Http\PhpEnvironment\Request $request Request object containing * account credentials. * * @throws AuthException * @return \VuFind\Db\Row\User Object representing logged-in user. */ public function authenticate($request) { $assertion = $request->getPost('assertion'); if ($assertion === null) { throw new AuthException('authentication_missing_assertion'); } $protocol = $request->getServer('HTTPS'); $audience = (empty($protocol) ? 'http://' : 'https://') . $request->getServer('SERVER_NAME') . ':' . $request->getServer('SERVER_PORT'); $client = $this->httpService->createClient('https://verifier.login.persona.org/verify', \Zend\Http\Request::METHOD_POST); $client->setParameterPost(['assertion' => $assertion, 'audience' => $audience]); $response = $client->send(); $result = json_decode($response->getContent()); if ($result->status !== 'okay') { throw new AuthException('authentication_error_invalid'); } $username = $result->email; $user = $this->getUserTable()->getByUsername($username, false); if ($user === false) { $user = $this->createPersonaUser($username, $result->email); } return $user; }
public function editAction() { $this->accessRights(17); //Accept Parent Module, Return Main Menu Lists with Active Menu Indicator $this->childModuleAccessRights(17, 'edit'); //Accept Child Module ID & it's Actions: add, edit, view, disable //$msgs means message, it will show if data had been changed. $msgs = ''; //get the id from parameter $id = (int) $this->params()->fromRoute('id', 0); if (!$id) { return $this->redirect()->toRoute('media_profile', array('action' => 'add', 'access_rights' => $this->getSubModuleAccessRights(17))); } try { $media_profile = $this->getMediaProfileTable()->getMediaProfile($this->serviceLocator(), $id); $media_profile_education = $this->getMediaProfileTable()->getMediaProfileEducation($this->serviceLocator(), $id); $media_profile_career = $this->getMediaProfileTable()->getMediaProfileCareer($this->serviceLocator(), $id); } catch (\Exception $ex) { return $this->redirect()->toRoute('media_profile', array('action' => 'index', 'access_rights' => $this->getSubModuleAccessRights(17))); } //instantiate the Media Profile's Form //populate the data $form_media_profile = new MediaProfileForm($this->serviceLocator()); $form_media_profile->get('relation_id')->setAttribute('options', $this->optionRelations()); $form_media_profile->get('additional_position_id[]')->setAttribute('options', $this->optionPositions()); $form_media_profile->get('additional_beat_id[]')->setAttribute('options', $this->optionBeats()); $form_media_profile->get('additional_section_id[]')->setAttribute('options', $this->optionSections()); $form_media_profile->get('additional_radio_station_id[]')->setAttribute('options', $this->optionRadioStations()); $form_media_profile->get('additional_tv_channel_id[]')->setAttribute('options', $this->optionTVChannels()); $form_media_profile->get('additional_source_id[]')->setAttribute('options', $this->optionSources()); $form_media_profile->get('submit')->setAttribute('value', 'Save'); $form_media_profile->setData($media_profile); //remove inputfilter for select element due to conflict $formInputFilter = $form_media_profile->getInputFilter(); $formInputFilter->remove('year[]'); $formInputFilter->remove('educ_course[]'); $formInputFilter->remove('educ_school[]'); $formInputFilter->remove('additional_year[]'); $formInputFilter->remove('additional_educ_course[]'); $formInputFilter->remove('additional_educ_school[]'); //remove inputfilter for select element due to conflict //CAREER $formInputFilter = $form_media_profile->getInputFilter(); $formInputFilter->remove('from[]'); $formInputFilter->remove('to[]'); $formInputFilter->remove('position_id[]'); $formInputFilter->remove('beat_id[]'); $formInputFilter->remove('section_id[]'); $formInputFilter->remove('source_id[]'); $formInputFilter->remove('circulation[]'); $formInputFilter->remove('other_affiliation[]'); $formInputFilter->remove('additional_from[]'); $formInputFilter->remove('additional_to[]'); $formInputFilter->remove('additional_position_id[]'); $formInputFilter->remove('additional_beat_id[]'); $formInputFilter->remove('additional_section_id[]'); $formInputFilter->remove('additional_source_id[]'); $formInputFilter->remove('additional_circulation[]'); $formInputFilter->remove('additional_other_affiliation[]'); //check if the data request is post //update the data $request = $this->getRequest(); if ($request->isPost()) { //prepare audit trail parameters $from = (array) $media_profile; $to = $this->getRequest()->getPost()->toArray(); $diff = array_diff_assoc($to, $from); unset($diff['submit'], $diff['media_profles_id'], $diff['media_profile_careers_id'], $diff['media_profile_educations_id'], $diff['year'], $diff['educ_course'], $diff['educ_school'], $diff['additional_year'], $diff['additional_educ_course'], $diff['additional_educ_school'], $diff['from'], $diff['to'], $diff['media_profile_type'], $diff['position_id'], $diff['beat_id'], $diff['section_id'], $diff['circulation'], $diff['source_id'], $diff['other_affiliation'], $diff['additional_from'], $diff['additional_to'], $diff['additional_media_profile_type'], $diff['additional_position_id'], $diff['additional_beat_id'], $diff['additional_section_id'], $diff['additional_circulation'], $diff['additional_source_id'], $diff['additional_other_affiliation']); $changes = $this->prepare_modified_data($from, $to, $diff); //end audit trail parameters $media_profile = new MediaProfile(); $post = array_merge_recursive($request->getPost()->toArray(), $request->getFiles()->toArray()); $form_media_profile->setData($post); //uploading file $request = new Request(); //request to get the file $files = $request->getFiles(); //get the details of uploading file if ($files['photo']['name']) { $filter = new \Zend\Filter\File\Rename(array("target" => "./public/img/" . $files['photo']['name'], "overwrite" => true)); $filter->filter($files['photo']); //resize image $imagine = $this->getImagineService(); $size = new \Imagine\Image\Box(150, 150); $mode = \Imagine\Image\ImageInterface::THUMBNAIL_INSET; $image = $imagine->open('./public/img/' . $files['photo']['name']); $image->thumbnail($size, $mode)->save('./public/img/' . $files['photo']['name']); //resize image $imagine = $this->getImagineService(); $image = $imagine->open('./public/img/' . $files['photo']['name']); $image->resize(new Box(150, 150))->save('./public/img/' . $files['photo']['name']); } $media_profile->exchangeArray($post); if (isset($_POST['year']) || isset($_POST['educ_course']) || isset($_POST['educ_school']) || isset($_POST['additional_year']) || isset($_POST['additional_educ_course']) || !empty($to) || isset($_POST['additional_educ_school'])) { $this->getMediaProfileTable()->saveProfileEducation($this->serviceLocator()); } if (isset($_POST['from']) || isset($_POST['to']) || isset($_POST['media_profile_type']) || isset($_POST['position_id']) || isset($_POST['beat_id']) || isset($_POST['section_id']) || isset($_POST['source_id']) || isset($_POST['circulation']) || isset($_POST['other_affiliation']) || isset($_POST['additional_from']) || isset($_POST['additional_to']) || isset($_POST['additional_media_profile_type']) || isset($_POST['additional_position_id']) || isset($_POST['additional_beat_id']) || isset($_POST['additional_section_id']) || isset($_POST['additional_source_id']) || isset($_POST['additional_circulation']) || isset($_POST['additional_other_affiliation'])) { $this->getMediaProfileTable()->saveProfileCareer($this->serviceLocator()); } $this->getMediaProfileTable()->saveMediaProfile($media_profile); $this->save_to_audit_trail($to['first_name'] . ' ' . $to['last_name'], $changes['pre'], $changes['post'], 'edit', 17); //flash message $this->flashMessenger()->addMessage(['content' => $request->getPost('first_name') . ' ' . $request->getPost('last_name') . ' Media profile updated!', 'type' => 'success']); return $this->redirect()->toRoute('media_profile'); } //return the form after saving new article type. return new ViewModel(array('form_media_profile' => $form_media_profile, 'media_profile_id' => $id, 'access_rights' => $this->getSubModuleAccessRights(17), 'media_profile_education' => $media_profile_education, 'media_profile_career' => $media_profile_career, 'positions' => $this->getMediaProfileTable()->fetchPositions($this->serviceLocator()), 'beats' => $this->getMediaProfileTable()->fetchbeats($this->serviceLocator()), 'sections' => $this->getMediaProfileTable()->fetchSections($this->serviceLocator()), 'sources' => $this->getMediaProfileTable()->fetchSources($this->serviceLocator()), 'radio_stations' => $this->getMediaProfileTable()->fetchRadioStations($this->serviceLocator()), 'tv_channels' => $this->getMediaProfileTable()->fetchTVChannels($this->serviceLocator()))); }
/** * Test successful account creation * * @return void */ public function testCreate() { $request = new Request(); $request->getPost()->set('auth_method', 'Database'); $user = $this->getMockUser(); $pm = $this->getMockPluginManager(); $db = $pm->get('Database'); $db->expects($this->once())->method('create')->with($this->equalTo($request))->will($this->returnValue($user)); $ca = $this->getChoiceAuth($pm); $this->assertEquals($user, $ca->create($request)); $this->assertEquals('Database', $ca->getSelectedAuthOption()); }
/** * Set the active strategy based on the auth_method value in the request, * if found. * * @param Request $request Request object to check. * * @return void */ protected function setStrategyFromRequest($request) { // Set new strategy; fall back to old one if there is a problem: $defaultStrategy = $this->strategy; $this->strategy = trim($request->getPost()->get('auth_method')); if (empty($this->strategy)) { $this->strategy = trim($request->getQuery()->get('auth_method')); } if (empty($this->strategy)) { $this->strategy = $defaultStrategy; if (empty($this->strategy)) { throw new AuthException('authentication_error_technical'); } } }
public function prepareParams(\Zend\Http\PhpEnvironment\Request $params, $method = 'GET') { $_params = array(); switch ($method) { case 'PUT': case 'DELETE': parse_str(file_get_contents('php://input'), $_params); array_merge($_params, $params->getPost()->toArray()); break; case 'POST': $_params = $params->getPost()->toArray(); break; default: $_params = $params->getQuery()->toArray(); break; } return $_params; }
/** * Attempt to authenticate the current user. Throws exception if login fails. * * @param \Zend\Http\PhpEnvironment\Request $request Request object containing * account credentials. * * @throws AuthException * @return \VuFind\Db\Row\User Object representing logged-in user. */ public function authenticate($request) { $username = trim($request->getPost()->get('username')); $password = trim($request->getPost()->get('password')); if ($username == '' || $password == '') { throw new AuthException('authentication_error_blank'); } return $this->checkLdap($username, $password); }
/** * Create a new user account from the request. * * @param \Zend\Http\PhpEnvironment\Request $request Request object containing * new account details. * * @throws AuthException * @return \VuFind\Db\Row\User New user row. */ public function create($request) { // Ensure that all expected parameters are populated to avoid notices // in the code below. $params = array('firstname' => '', 'lastname' => '', 'username' => '', 'password' => '', 'password2' => '', 'email' => ''); foreach ($params as $param => $junk) { $params[$param] = $request->getPost()->get($param, ''); } // Validate Input // Needs a username if (trim($params['username']) == '') { throw new AuthException('Username cannot be blank'); } // Needs a password if (trim($params['password']) == '') { throw new AuthException('Password cannot be blank'); } // Passwords don't match if ($params['password'] != $params['password2']) { throw new AuthException('Passwords do not match'); } // Invalid Email Check $validator = new \Zend\Validator\EmailAddress(); if (!$validator->isValid($params['email'])) { throw new AuthException('Email address is invalid'); } // Make sure we have a unique username $table = $this->getUserTable(); if ($table->getByUsername($params['username'], false)) { throw new AuthException('That username is already taken'); } // Make sure we have a unique email if ($table->getByEmail($params['email'])) { throw new AuthException('That email address is already used'); } // If we got this far, we're ready to create the account: $data = array('username' => $params['username'], 'password' => $params['password'], 'firstname' => $params['firstname'], 'lastname' => $params['lastname'], 'email' => $params['email'], 'created' => date('Y-m-d h:i:s')); // Create the row and send it back to the caller: $table->insert($data); return $table->getByUsername($params['username'], false); }
/** * Update a user's password from the request. * * @param \Zend\Http\PhpEnvironment\Request $request Request object containing * new account details. * * @throws AuthException * @return \VuFind\Db\Row\User New user row. */ public function updatePassword($request) { // Ensure that all expected parameters are populated to avoid notices // in the code below. $params = []; foreach (['oldpwd', 'password', 'password2'] as $param) { $params[$param] = $request->getPost()->get($param, ''); } // Connect to catalog: if (!($patron = $this->authenticator->storedCatalogLogin())) { throw new AuthException('authentication_error_technical'); } // Validate Input $this->validatePasswordUpdate($params); $result = $this->getCatalog()->changePassword(['patron' => $patron, 'oldPassword' => $params['oldpwd'], 'newPassword' => $params['password']]); if (!$result['success']) { throw new AuthException($result['status']); } // Update the user and send it back to the caller: $user = $this->getUserTable()->getByUsername($patron['cat_username']); $user->saveCredentials($patron['cat_username'], $params['password']); return $user; }
public function addfileAction() { $this->checkAuth(); $request = $this->getRequest(); if ($request->isPost()) { $file_attach = new FileAttachment(); $file_attach->user_create = $this->auth->getIdentity()->id; $file_attach->date_create = date('Y-m-d H:i:s'); $file_attach->last_date = $file_attach->date_create; $file_attach->last_user = $this->auth->getIdentity()->id; // info pay $file_attach->task_id = $request->getPost('task_id'); $file_attach->permission_option = $request->getPost('permission_option'); if ($this->isLevel2() != true) { $permission = $this->databaseService->getPermissionUser($file_attach->task_id, $file_attach->user_create); if ($permission == Config::FILE_PERMISSION_ERROR) { return new JsonModel(array()); } if ($permission == Config::FILE_PERMISSION_CUSTUMER) { $file_attach->permission_option = Config::FILE_PERMISSION_CUSTUMER; } if ($permission == Config::FILE_PERMISSION_PROVIDER) { $file_attach->permission_option = Config::FILE_PERMISSION_PROVIDER; } } // File upload input $file = new FileInput('file_name'); // Special File Input type $file->getValidatorChain()->attach(new Validator\File\UploadFile()); $file->getFilterChain()->attach(new Filter\File\RenameUpload(array('target' => '.' . Config::FILE_ATTACHMENT_PATH . $file_attach->task_id, 'use_upload_name' => true, 'randomize' => true))); if (!file_exists('.' . Config::FILE_ATTACHMENT_PATH . $file_attach->task_id)) { mkdir('.' . Config::FILE_ATTACHMENT_PATH . $file_attach->task_id, 0700, true); } // Merge $_POST and $_FILES data together $request = new Request(); $postData = array_merge_recursive($request->getPost()->toArray(), $request->getFiles()->toArray()); $inputFilter = new InputFilter(); $inputFilter->add($file)->setData($postData); if ($inputFilter->isValid()) { // FileInput validators are run, but not the filters... $data = $inputFilter->getValues(); // This is when the FileInput filters are run. $file_attach->real_name = basename($data['file_name']['tmp_name']); $file_attach->file_name = basename($data['file_name']['name']); $result = $this->databaseService->addFileAttachment($file_attach); $file_attach->id = $result->getGeneratedValue(); $this->databaseService->addFileLog($this->auth->getIdentity()->id, $file_attach, Config::PAY_INFO_COMMON); } } return new JsonModel(array()); }
/** * Delete record based on passed id and return result * * @param Request $request * @param $fieldName * * @return array */ public function deleteSubgridRow(Request $request, $fieldName) { $id = $request->getPost('id'); $mapping = $this->getEntityManager()->getClassMetadata($this->getEntity()); $target = $mapping->associationMappings[$fieldName]['targetEntity']; $model = $this->getModel($target); try { $retv = $model->remove($id); $message = sprintf('Row #%d successfully deleted', $id); } catch (\Exception $e) { $message = 'Unable to delete record. ' . $e->getMessage(); $retv = false; } return array('error' => $retv ? false : true, 'message' => $message); }
/** * QueryStringをパースし、$_GETに上書き * @return void */ public static function parseArguments() { global $cookie, $get, $post, $method; global $defaultpage; $request = new Request(); // GET, POST, COOKIE $get = $request->getQuery(); $post = $request->getPost(); $cookie = $request->getCookie(); $method = $request->getMethod(); $vars = array(); if (strlen($get->toString()) > self::MAX_QUERY_STRING_LENGTH) { // Something nasty attack? self::dump('suspicious'); self::dieMessage(_('Query string is too long.')); } if (count($get) === 0) { // Queryがない場合 $get->set('page', $defaultpage); } else { if (count($get) === 1 && empty(array_values((array) $get)[0])) { // 配列の長さが1で最初の配列に値が存在しない場合はキーをページ名とする。 $k = trim(array_keys((array) $get)[0]); $get->set('page', rawurldecode($_SERVER['QUERY_STRING'])); unset($get[$k]); } } // 外部からの変数を$vars配列にマージする if (empty($post)) { $vars = (array) $get; // Major pattern: Read-only access via GET } else { if (empty($get)) { $vars = (array) $post; // Minor pattern: Write access via POST etc. } else { $vars = array_merge((array) $get, (array) $post); // Considered reliable than $_REQUEST } } // var_dump($vars); // die; if (!isset($vars['cmd'])) { $vars['cmd'] = 'read'; } if (isset($vars['page']) && is_string($vars['page']) && preg_match(Wiki::INVALIED_PAGENAME_PATTERN, $vars['page']) === false) { // ページ名チェック self::dump('suspicious'); die('Invalid page name.'); } if (is_string($vars['cmd']) && preg_match(PluginRenderer::PLUGIN_NAME_PATTERN, $vars['cmd']) === false) { // 入力チェック: cmdの文字列は英数字以外ありえない self::dump('suspicious'); die(sprintf('Plugin name %s is invalied or too long! (less than 64 chars)', $vars['cmd'])); } // 文字コード変換 // <form> で送信された文字 (ブラウザがエンコードしたデータ) のコードを変換 // POST method は常に form 経由なので、必ず変換する if (isset($vars['encode_hint']) && !empty($vars['encode_hint'])) { // do_plugin_xxx() の中で、<form> に encode_hint を仕込んでいるので、 // encode_hint を用いてコード検出する。 // 全体を見てコード検出すると、機種依存文字や、妙なバイナリ // コードが混入した場合に、コード検出に失敗する恐れがある。 $encode = mb_detect_encoding($vars['encode_hint']); mb_convert_variables(SOURCE_ENCODING, $encode, $vars); } else { // 全部まとめて、自動検出/変換 mb_convert_variables(SOURCE_ENCODING, 'auto', $vars); } // 環境変数のチェック self::checkEnv($request->getEnv()); switch ($method) { case Request::METHOD_POST: self::spamCheck($vars['cmd']); break; case Request::METHOD_OPTIONS: case Request::METHOD_PROPFIND: case Request::METHOD_DELETE: case 'MOVE': case 'COPY': case 'PROPPATCH': case 'MKCOL': case 'LOCK': case 'UNLOCK': // WebDAV $matches = array(); foreach (self::$ua_dav as $pattern) { if (preg_match('/' . $pattern . '/', $log_ua, $matches)) { PluginRenderer::executePluginAction('dav'); exit; } } break; } return $vars; }
/** * Load credentials into the object and apply internal filter settings to them. * * @param \Zend\Http\PhpEnvironment\Request $request Request object containing * account credentials. * * @return void */ protected function filterCredentials($request) { $this->username = $request->getPost()->get('username'); $this->password = $request->getPost()->get('password'); foreach ($this->filters as $filter) { $parts = explode(':', $filter); $property = trim($parts[0]); if (isset($this->{$property})) { $this->{$property} = call_user_func(trim($parts[1]), $this->{$property}); } } }
/** * Parse request and prepare filter parameters * * @param Request $request * * @return array */ protected function _getFilterParams(Request $request) { $filters = array(); // Multiple field filtering if ($request->getPost('filters')) { $filter = Json::decode($request->getPost('filters'), Json::TYPE_ARRAY); if (count($filter['rules']) > 0) { foreach ($filter['rules'] as $rule) { $filters['field'][] = $rule['field']; $filters['value'][] = $rule['data']; $filters['expression'][] = $this->_expression[$rule['op']]; } $filters['options']['multiple'] = true; $filters['options']['boolean'] = isset($filter['groupOp']) ? $filter['groupOp'] : 'AND'; return $filters; } } // Single field filtering return array('field' => $request->getPost('searchField'), 'value' => trim($request->getPost('searchString')), 'expression' => $this->_expression[$request->getPost('searchOper', 'eq')], 'options' => array()); }
/** * Try to log in the user using current query parameters; return User object * on success, throws exception on failure. * * @param \Zend\Http\PhpEnvironment\Request $request Request object containing * account credentials. * * @throws AuthException * @return UserRow Object representing logged-in user. */ public function login($request) { // Validate CSRF for form-based authentication methods: if (!$this->getAuth()->getSessionInitiator(null) && !$this->csrf->isValid($request->getPost()->get('csrf'))) { throw new AuthException('authentication_error_technical'); } // Perform authentication: try { $user = $this->getAuth()->authenticate($request); } catch (AuthException $e) { // Pass authentication exceptions through unmodified throw $e; } catch (\VuFind\Exception\PasswordSecurity $e) { // Pass password security exceptions through unmodified throw $e; } catch (\Exception $e) { // Catch other exceptions, log verbosely, and treat them as technical // difficulties error_log("Exception in " . get_class($this) . "::login: " . $e->getMessage()); error_log($e); throw new AuthException('authentication_error_technical'); } // Store the user in the session and send it back to the caller: $this->updateSession($user); return $user; }
/** * Update a user's password from the request. * * @param \Zend\Http\PhpEnvironment\Request $request Request object containing * new account details. * * @throws AuthException * @return \VuFind\Db\Row\User New user row. */ public function updatePassword($request) { // Ensure that all expected parameters are populated to avoid notices // in the code below. $params = ['username' => '', 'password' => '', 'password2' => '']; foreach ($params as $param => $default) { $params[$param] = $request->getPost()->get($param, $default); } // Validate Input $this->validateUsernameAndPassword($params); // Create the row and send it back to the caller: $table = $this->getUserTable(); $user = $table->getByUsername($params['username'], false); if ($this->passwordHashingEnabled()) { $bcrypt = new Bcrypt(); $user->pass_hash = $bcrypt->create($params['password']); } else { $user->password = $params['password']; } $user->save(); return $user; }
/** * Attempt to authenticate the current user. Throws exception if login fails. * * @param \Zend\Http\PhpEnvironment\Request $request Request object containing * account credentials. * * @throws AuthException * @return \VuFind\Db\Row\User Object representing logged-in user. */ public function authenticate($request) { $this->username = trim($request->getPost()->get('username')); $this->password = trim($request->getPost()->get('password')); if ($this->username == '' || $this->password == '') { throw new AuthException('authentication_error_blank'); } return $this->bindUser(); }
public function testRetrievingASingleValueForParameters() { $request = new Request(); $p = new \Zend\Stdlib\Parameters(array('foo' => 'bar')); $request->setQuery($p); $request->setPost($p); $request->setFiles($p); $request->setServer($p); $request->setEnv($p); $this->assertSame('bar', $request->getQuery('foo')); $this->assertSame('bar', $request->getPost('foo')); $this->assertSame('bar', $request->getFiles('foo')); $this->assertSame('bar', $request->getServer('foo')); $this->assertSame('bar', $request->getEnv('foo')); $headers = new Headers(); $h = new GenericHeader('foo', 'bar'); $headers->addHeader($h); $request->setHeaders($headers); $this->assertSame($headers, $request->getHeaders()); $this->assertSame($h, $request->getHeaders()->get('foo')); $this->assertSame($h, $request->getHeader('foo')); }
/** * Handles a given form for the add and edit action * @return array Array for the view, containing the form and maybe id and errors */ private function handleForm(Request &$request, NewsCategoryForm &$form, NewsCategory &$nc, $id = 0) { $form->setInputFilter($nc->getInputFilter()); $post = array_merge_recursive($request->getPost()->toArray(), $request->getFiles()->toArray()); $form->setData($post); if ($form->isValid()) { $nc->exchangeArray($post); $old = $this->getNewsCategoryTable()->getNewsCategoryBy(['id' => $id]); if ($this->getNewsCategoryTable()->getNewsCategoryBy(['name' => $nc->getName()]) && ($id === 0 || $nc->getName() !== $old->getName())) { $errors['name'] = ['exists' => 'A category with this name already exists']; $form->get('name')->setMessages($errors); if (!$id) { return ['form' => $form, 'errors' => $errors]; } return ['form' => $form, 'errors' => $errors, 'id' => $id]; } $size = new Size(['min' => 20, 'max' => 20000]); $adapter = new Http(); $adapter->setValidators([$size], $post['path']); //Only throw error if a new category is created. New Categories need an image if (!$adapter->isValid() && $id === 0) { $errors = $adapter->getMessages(); return ['form' => $form, 'errors' => $errors]; } $dir = getcwd() . '/public/news_cat/'; //A file was given, so it will be saved on the server if ($adapter->isValid()) { if (!file_exists($dir)) { mkdir($dir); } $pic = $post['path']; $file = file_get_contents($pic['tmp_name']); file_put_contents($dir . $nc->getName() . '.png', $file); } else { //No new file was given, so update the filename to the new name rename($dir . $old->getName() . '.png', $dir . $nc->getName() . '.png'); } $this->getNewsCategoryTable()->saveNewsCategory($nc); return $this->redirect()->toRoute('newscategory'); } $errors = $form->getMessages(); if ($id) { return ['form' => $form, 'errors' => $errors, 'id' => $id]; } return ['form' => $form, 'errors' => $errors]; }