/**
* Attempt to authenticate the current user. Throws exception if login fails.
*
* @param \Zend\Http\PhpEnvironment\Request $request Request object containing
* account credentials.
*
* @throws AuthException
* @return \VuFind\Db\Row\User Object representing logged-in user.
*/
public function authenticate($request)
{
$target = trim($request->getPost()->get('target'));
$username = trim($request->getPost()->get('username'));
$password = trim($request->getPost()->get('password'));
if ($username == '' || $password == '') {
throw new AuthException('authentication_error_blank');
}
// We should have target either separately or already embedded into username
if ($target) {
$username = "******";
}
// Connect to catalog:
try {
$patron = $this->getCatalog()->patronLogin($username, $password);
} catch (AuthException $e) {
// Pass Auth exceptions through
throw $e;
} catch (\Exception $e) {
throw new AuthException('authentication_error_technical');
}
// Did the patron successfully log in?
if ($patron) {
return $this->processILSUser($patron);
}
// If we got this far, we have a problem:
throw new AuthException('authentication_error_invalid');
}
public function DoPost()
{
$request = new Request();
$login = $request->getPost("login");
$password = $request->getPost("password");
$repo = CommonController::$EntityManager->getRepository('user');
$user = $repo->findOneBy(["pseudo" => $login, "password" => $password]);
if ($user === null) {
return 'false';
}
return json_encode(['jwt' => $this->GetJsonWebToken($user->getIdUser(), $_POST['login']), 'id' => $user->getIdUser()]);
}
/**
* Attempt to authenticate the current user. Throws exception if login fails.
*
* @param \Zend\Http\PhpEnvironment\Request $request Request object containing
* account credentials.
*
* @throws AuthException
* @return \VuFind\Db\Row\User Object representing logged-in user.
*/
public function authenticate($request)
{
$username = trim($request->getPost()->get('username', ''));
$password = trim($request->getPost()->get('password', ''));
if ($username == '' || $password == '') {
throw new AuthException('authentication_error_blank');
}
// Attempt SIP2 Authentication
$mysip = new \sip2();
$config = $this->getConfig();
if (isset($config->SIP2)) {
$mysip->hostname = $config->SIP2->host;
$mysip->port = $config->SIP2->port;
}
if (!$mysip->connect()) {
throw new AuthException('authentication_error_technical');
}
//send selfcheck status message
$in = $mysip->msgSCStatus();
$msg_result = $mysip->get_message($in);
// Make sure the response is 98 as expected
if (!preg_match("/^98/", $msg_result)) {
$mysip->disconnect();
throw new AuthException('authentication_error_technical');
}
$result = $mysip->parseACSStatusResponse($msg_result);
// Use result to populate SIP2 setings
$mysip->AO = $result['variable']['AO'][0];
$mysip->AN = $result['variable']['AN'][0];
$mysip->patron = $username;
$mysip->patronpwd = $password;
$in = $mysip->msgPatronStatusRequest();
$msg_result = $mysip->get_message($in);
// Make sure the response is 24 as expected
if (!preg_match("/^24/", $msg_result)) {
$mysip->disconnect();
throw new AuthException('authentication_error_technical');
}
$result = $mysip->parsePatronStatusResponse($msg_result);
$mysip->disconnect();
if ($result['variable']['BL'][0] == 'Y' and $result['variable']['CQ'][0] == 'Y') {
// Success!!!
$user = $this->processSIP2User($result, $username, $password);
// Set login cookie for 1 hour
$user->password = $password;
// Need this for Metalib
} else {
throw new AuthException('authentication_error_invalid');
}
return $user;
}
public function uploadImageAction()
{
$this->checkAuth();
$request = $this->getRequest();
if ($request->isPost()) {
// File upload input
$file = new FileInput('avatar');
// Special File Input type
$file->getValidatorChain()->attach(new Validator\File\UploadFile());
$file->getFilterChain()->attach(new Filter\File\RenameUpload(array('target' => './public/files/users/avatar/origin/', 'use_upload_name' => true, 'randomize' => true)));
// Merge $_POST and $_FILES data together
$request = new Request();
$postData = array_merge_recursive($request->getPost()->toArray(), $request->getFiles()->toArray());
$inputFilter = new InputFilter();
$inputFilter->add($file)->setData($postData);
if ($inputFilter->isValid()) {
// FileInput validators are run, but not the filters...
$data = $inputFilter->getValues();
// This is when the FileInput filters are run.
$avatar = basename($data['avatar']['tmp_name']);
$this->databaseService->updateAvatar($this->user->id, $avatar);
$this->user->avatar = $avatar;
} else {
// error
}
}
return $this->redirect()->toRoute('profile');
}
/**
* Attempt to authenticate the current user. Throws exception if login fails.
*
* @param \Zend\Http\PhpEnvironment\Request $request Request object containing
* account credentials.
*
* @throws AuthException
* @return \VuFind\Db\Row\User Object representing logged-in user.
*/
public function authenticate($request)
{
// Make sure the credentials are non-blank:
$this->username = trim($request->getPost()->get('username'));
$this->password = trim($request->getPost()->get('password'));
if ($this->username == '' || $this->password == '') {
throw new AuthException('authentication_error_blank');
}
// Validate the credentials:
$user = $this->getUserTable()->getByUsername($this->username, false);
if (!is_object($user) || !$this->checkPassword($this->password, $user)) {
throw new AuthException('authentication_error_invalid');
}
// If we got this far, the login was successful:
return $user;
}
/**
* @param string $name
* @param mixed $default
* @return mixed
*/
public function request($name, $default = null)
{
//The RequestInterface expects this method to return values from a form submission or from
//the decoded JSON body
if ($this->data === null) {
/* @var $contentType ContentType */
$mediaType = $this->httpRequest->getHeaders('Content-type') ? $this->httpRequest->getHeaders('Content-type')->getFieldValue() : null;
if ($mediaType == 'application/x-www-form-urlencoded' && ($this->httpRequest->isPut() || $this->httpRequest->isDelete())) {
parse_str($this->httpRequest->getContent(), $this->data);
} else {
if ($mediaType == 'application/json' && ($this->httpRequest->isPost() || $this->httpRequest->isPut() || $this->httpRequest->isDelete())) {
$this->data = json_decode($this->httpRequest->getContent(), true);
} else {
$this->data = $this->httpRequest->getPost()->toArray();
}
}
}
return isset($this->data[$name]) ? $this->data[$name] : $default;
}
/**
* Attempt to authenticate the current user. Throws exception if login fails.
*
* @param \Zend\Http\PhpEnvironment\Request $request Request object containing
* account credentials.
*
* @throws AuthException
* @return \VuFind\Db\Row\User Object representing logged-in user.
*/
public function authenticate($request)
{
$username = trim($request->getPost()->get('username'));
$password = trim($request->getPost()->get('password'));
if ($username == '' || $password == '') {
throw new AuthException('authentication_error_blank');
}
// Connect to catalog:
try {
$patron = $this->getCatalog()->patronLogin($username, $password);
} catch (\Exception $e) {
throw new AuthException('authentication_error_technical');
}
// Did the patron successfully log in?
if ($patron) {
return $this->processILSUser($patron);
}
// If we got this far, we have a problem:
throw new AuthException('authentication_error_invalid');
}
/**
* @param \Zend\Http\PhpEnvironment\Request $request
* @return string|null
*/
protected function getSessionIdFromRequest($request)
{
$ssid = $request->getPost(static::SESSION_ID_ALIAS);
if (!$ssid) {
$ssid = $request->getQuery(static::SESSION_ID_ALIAS);
}
if (!$ssid) {
return null;
}
return $ssid;
}
public function saveAction(Request $request, Create $createService, Form $form, View $view, Redirect $redirect)
{
if ($request->isPost()) {
$form->setData($request->getPost());
if ($form->isValid()) {
$createService->create($form->getData());
return $redirect->toRoute('admin-translate-words');
}
}
$view->setForm($form);
$view->setTemplate('translate/admin/word/edit');
return $view;
}
public function DoPost()
{
$request = new Request();
$id = $request->getPost("id");
$label = $request->getPost("label");
$description = $request->getPost("description");
if (!(is_null($id) || is_null($label) || is_null($description))) {
/** @var EntityManager $em */
$em = CommonController::$EntityManager;
/** @var \Collection $collection */
$collection = $em->find("collection", $id);
if (!is_null($collection)) {
$collection->setDescription($description);
$collection->setLabel($label);
$collection->setUpdateOn(new \DateTime("now"));
$em->persist($collection);
$em->flush();
return "true";
}
}
return "false";
}
public function Edit()
{
if (CommonController::IsAuthentified()) {
$request = new Request();
if ($request->isGet()) {
$data = json_decode($this->GetCurrentCollection(), true);
if (!is_null($data)) {
CommonController::SetView("collection", "edit", array_merge($data, array('url' => array('edit' => CommonController::GetLink("Collection", "edit", $data['collection']['id'])))));
return;
}
} else {
if ($request->isPost()) {
$label = $request->getPost('label');
$description = $request->getPost('description');
$id = $request->getPost('id');
if (!is_null($label) && !is_null($description)) {
if (!is_null($id)) {
$WSCtrl = new WebServicesController();
$return = $WSCtrl->Call("Collection", "POST", array("id" => $id, "label" => $label, "description" => $description));
var_dump($return);
if ($return == "true") {
CommonController::Redirect("Collection", "Index", $id);
} else {
$data = json_decode($this->GetCurrentCollection(), true);
if (!is_null($data)) {
CommonController::SetView("collection", "index", array_merge($data, array('url' => array('edit' => CommonController::GetLink("Collection", "edit", $data['collection']['id']), 'delete' => CommonController::GetLink("Collection", "delete", $data['collection']['id'])), 'error' => 'Impossible de sauver la collection')));
return;
}
}
} else {
//Create
}
}
}
}
}
CommonController::Redirect("home");
}
public static function createFromRequest(BaseRequest $request)
{
$new = static::fromString($request->toString());
$new->setQuery($request->getQuery());
$new->setPost($request->getPost());
$new->setCookies($request->getCookie());
$new->setFiles($request->getFiles());
$new->setServer($request->getServer());
$new->setContent($request->getContent());
$new->setEnv($request->getEnv());
$headers = $request->getHeaders();
$new->setHeaders($headers);
return $new;
}
/**
* Attempt to authenticate the current user. Throws exception if login fails.
*
* @param \Zend\Http\PhpEnvironment\Request $request Request object containing
* account credentials.
*
* @throws AuthException
* @return \VuFind\Db\Row\User Object representing logged-in user.
*/
public function authenticate($request)
{
$assertion = $request->getPost('assertion');
if ($assertion === null) {
throw new AuthException('authentication_missing_assertion');
}
$protocol = $request->getServer('HTTPS');
$audience = (empty($protocol) ? 'http://' : 'https://') . $request->getServer('SERVER_NAME') . ':' . $request->getServer('SERVER_PORT');
$client = $this->httpService->createClient('https://verifier.login.persona.org/verify', \Zend\Http\Request::METHOD_POST);
$client->setParameterPost(['assertion' => $assertion, 'audience' => $audience]);
$response = $client->send();
$result = json_decode($response->getContent());
if ($result->status !== 'okay') {
throw new AuthException('authentication_error_invalid');
}
$username = $result->email;
$user = $this->getUserTable()->getByUsername($username, false);
if ($user === false) {
$user = $this->createPersonaUser($username, $result->email);
}
return $user;
}
public function editAction()
{
$this->accessRights(17);
//Accept Parent Module, Return Main Menu Lists with Active Menu Indicator
$this->childModuleAccessRights(17, 'edit');
//Accept Child Module ID & it's Actions: add, edit, view, disable
//$msgs means message, it will show if data had been changed.
$msgs = '';
//get the id from parameter
$id = (int) $this->params()->fromRoute('id', 0);
if (!$id) {
return $this->redirect()->toRoute('media_profile', array('action' => 'add', 'access_rights' => $this->getSubModuleAccessRights(17)));
}
try {
$media_profile = $this->getMediaProfileTable()->getMediaProfile($this->serviceLocator(), $id);
$media_profile_education = $this->getMediaProfileTable()->getMediaProfileEducation($this->serviceLocator(), $id);
$media_profile_career = $this->getMediaProfileTable()->getMediaProfileCareer($this->serviceLocator(), $id);
} catch (\Exception $ex) {
return $this->redirect()->toRoute('media_profile', array('action' => 'index', 'access_rights' => $this->getSubModuleAccessRights(17)));
}
//instantiate the Media Profile's Form
//populate the data
$form_media_profile = new MediaProfileForm($this->serviceLocator());
$form_media_profile->get('relation_id')->setAttribute('options', $this->optionRelations());
$form_media_profile->get('additional_position_id[]')->setAttribute('options', $this->optionPositions());
$form_media_profile->get('additional_beat_id[]')->setAttribute('options', $this->optionBeats());
$form_media_profile->get('additional_section_id[]')->setAttribute('options', $this->optionSections());
$form_media_profile->get('additional_radio_station_id[]')->setAttribute('options', $this->optionRadioStations());
$form_media_profile->get('additional_tv_channel_id[]')->setAttribute('options', $this->optionTVChannels());
$form_media_profile->get('additional_source_id[]')->setAttribute('options', $this->optionSources());
$form_media_profile->get('submit')->setAttribute('value', 'Save');
$form_media_profile->setData($media_profile);
//remove inputfilter for select element due to conflict
$formInputFilter = $form_media_profile->getInputFilter();
$formInputFilter->remove('year[]');
$formInputFilter->remove('educ_course[]');
$formInputFilter->remove('educ_school[]');
$formInputFilter->remove('additional_year[]');
$formInputFilter->remove('additional_educ_course[]');
$formInputFilter->remove('additional_educ_school[]');
//remove inputfilter for select element due to conflict
//CAREER
$formInputFilter = $form_media_profile->getInputFilter();
$formInputFilter->remove('from[]');
$formInputFilter->remove('to[]');
$formInputFilter->remove('position_id[]');
$formInputFilter->remove('beat_id[]');
$formInputFilter->remove('section_id[]');
$formInputFilter->remove('source_id[]');
$formInputFilter->remove('circulation[]');
$formInputFilter->remove('other_affiliation[]');
$formInputFilter->remove('additional_from[]');
$formInputFilter->remove('additional_to[]');
$formInputFilter->remove('additional_position_id[]');
$formInputFilter->remove('additional_beat_id[]');
$formInputFilter->remove('additional_section_id[]');
$formInputFilter->remove('additional_source_id[]');
$formInputFilter->remove('additional_circulation[]');
$formInputFilter->remove('additional_other_affiliation[]');
//check if the data request is post
//update the data
$request = $this->getRequest();
if ($request->isPost()) {
//prepare audit trail parameters
$from = (array) $media_profile;
$to = $this->getRequest()->getPost()->toArray();
$diff = array_diff_assoc($to, $from);
unset($diff['submit'], $diff['media_profles_id'], $diff['media_profile_careers_id'], $diff['media_profile_educations_id'], $diff['year'], $diff['educ_course'], $diff['educ_school'], $diff['additional_year'], $diff['additional_educ_course'], $diff['additional_educ_school'], $diff['from'], $diff['to'], $diff['media_profile_type'], $diff['position_id'], $diff['beat_id'], $diff['section_id'], $diff['circulation'], $diff['source_id'], $diff['other_affiliation'], $diff['additional_from'], $diff['additional_to'], $diff['additional_media_profile_type'], $diff['additional_position_id'], $diff['additional_beat_id'], $diff['additional_section_id'], $diff['additional_circulation'], $diff['additional_source_id'], $diff['additional_other_affiliation']);
$changes = $this->prepare_modified_data($from, $to, $diff);
//end audit trail parameters
$media_profile = new MediaProfile();
$post = array_merge_recursive($request->getPost()->toArray(), $request->getFiles()->toArray());
$form_media_profile->setData($post);
//uploading file
$request = new Request();
//request to get the file
$files = $request->getFiles();
//get the details of uploading file
if ($files['photo']['name']) {
$filter = new \Zend\Filter\File\Rename(array("target" => "./public/img/" . $files['photo']['name'], "overwrite" => true));
$filter->filter($files['photo']);
//resize image
$imagine = $this->getImagineService();
$size = new \Imagine\Image\Box(150, 150);
$mode = \Imagine\Image\ImageInterface::THUMBNAIL_INSET;
$image = $imagine->open('./public/img/' . $files['photo']['name']);
$image->thumbnail($size, $mode)->save('./public/img/' . $files['photo']['name']);
//resize image
$imagine = $this->getImagineService();
$image = $imagine->open('./public/img/' . $files['photo']['name']);
$image->resize(new Box(150, 150))->save('./public/img/' . $files['photo']['name']);
}
$media_profile->exchangeArray($post);
if (isset($_POST['year']) || isset($_POST['educ_course']) || isset($_POST['educ_school']) || isset($_POST['additional_year']) || isset($_POST['additional_educ_course']) || !empty($to) || isset($_POST['additional_educ_school'])) {
$this->getMediaProfileTable()->saveProfileEducation($this->serviceLocator());
}
if (isset($_POST['from']) || isset($_POST['to']) || isset($_POST['media_profile_type']) || isset($_POST['position_id']) || isset($_POST['beat_id']) || isset($_POST['section_id']) || isset($_POST['source_id']) || isset($_POST['circulation']) || isset($_POST['other_affiliation']) || isset($_POST['additional_from']) || isset($_POST['additional_to']) || isset($_POST['additional_media_profile_type']) || isset($_POST['additional_position_id']) || isset($_POST['additional_beat_id']) || isset($_POST['additional_section_id']) || isset($_POST['additional_source_id']) || isset($_POST['additional_circulation']) || isset($_POST['additional_other_affiliation'])) {
$this->getMediaProfileTable()->saveProfileCareer($this->serviceLocator());
}
$this->getMediaProfileTable()->saveMediaProfile($media_profile);
$this->save_to_audit_trail($to['first_name'] . ' ' . $to['last_name'], $changes['pre'], $changes['post'], 'edit', 17);
//flash message
$this->flashMessenger()->addMessage(['content' => $request->getPost('first_name') . ' ' . $request->getPost('last_name') . ' Media profile updated!', 'type' => 'success']);
return $this->redirect()->toRoute('media_profile');
}
//return the form after saving new article type.
return new ViewModel(array('form_media_profile' => $form_media_profile, 'media_profile_id' => $id, 'access_rights' => $this->getSubModuleAccessRights(17), 'media_profile_education' => $media_profile_education, 'media_profile_career' => $media_profile_career, 'positions' => $this->getMediaProfileTable()->fetchPositions($this->serviceLocator()), 'beats' => $this->getMediaProfileTable()->fetchbeats($this->serviceLocator()), 'sections' => $this->getMediaProfileTable()->fetchSections($this->serviceLocator()), 'sources' => $this->getMediaProfileTable()->fetchSources($this->serviceLocator()), 'radio_stations' => $this->getMediaProfileTable()->fetchRadioStations($this->serviceLocator()), 'tv_channels' => $this->getMediaProfileTable()->fetchTVChannels($this->serviceLocator())));
}
/**
* Test successful account creation
*
* @return void
*/
public function testCreate()
{
$request = new Request();
$request->getPost()->set('auth_method', 'Database');
$user = $this->getMockUser();
$pm = $this->getMockPluginManager();
$db = $pm->get('Database');
$db->expects($this->once())->method('create')->with($this->equalTo($request))->will($this->returnValue($user));
$ca = $this->getChoiceAuth($pm);
$this->assertEquals($user, $ca->create($request));
$this->assertEquals('Database', $ca->getSelectedAuthOption());
}
/**
* Set the active strategy based on the auth_method value in the request,
* if found.
*
* @param Request $request Request object to check.
*
* @return void
*/
protected function setStrategyFromRequest($request)
{
// Set new strategy; fall back to old one if there is a problem:
$defaultStrategy = $this->strategy;
$this->strategy = trim($request->getPost()->get('auth_method'));
if (empty($this->strategy)) {
$this->strategy = trim($request->getQuery()->get('auth_method'));
}
if (empty($this->strategy)) {
$this->strategy = $defaultStrategy;
if (empty($this->strategy)) {
throw new AuthException('authentication_error_technical');
}
}
}
public function prepareParams(\Zend\Http\PhpEnvironment\Request $params, $method = 'GET')
{
$_params = array();
switch ($method) {
case 'PUT':
case 'DELETE':
parse_str(file_get_contents('php://input'), $_params);
array_merge($_params, $params->getPost()->toArray());
break;
case 'POST':
$_params = $params->getPost()->toArray();
break;
default:
$_params = $params->getQuery()->toArray();
break;
}
return $_params;
}
/**
* Attempt to authenticate the current user. Throws exception if login fails.
*
* @param \Zend\Http\PhpEnvironment\Request $request Request object containing
* account credentials.
*
* @throws AuthException
* @return \VuFind\Db\Row\User Object representing logged-in user.
*/
public function authenticate($request)
{
$username = trim($request->getPost()->get('username'));
$password = trim($request->getPost()->get('password'));
if ($username == '' || $password == '') {
throw new AuthException('authentication_error_blank');
}
return $this->checkLdap($username, $password);
}
/**
* Create a new user account from the request.
*
* @param \Zend\Http\PhpEnvironment\Request $request Request object containing
* new account details.
*
* @throws AuthException
* @return \VuFind\Db\Row\User New user row.
*/
public function create($request)
{
// Ensure that all expected parameters are populated to avoid notices
// in the code below.
$params = array('firstname' => '', 'lastname' => '', 'username' => '', 'password' => '', 'password2' => '', 'email' => '');
foreach ($params as $param => $junk) {
$params[$param] = $request->getPost()->get($param, '');
}
// Validate Input
// Needs a username
if (trim($params['username']) == '') {
throw new AuthException('Username cannot be blank');
}
// Needs a password
if (trim($params['password']) == '') {
throw new AuthException('Password cannot be blank');
}
// Passwords don't match
if ($params['password'] != $params['password2']) {
throw new AuthException('Passwords do not match');
}
// Invalid Email Check
$validator = new \Zend\Validator\EmailAddress();
if (!$validator->isValid($params['email'])) {
throw new AuthException('Email address is invalid');
}
// Make sure we have a unique username
$table = $this->getUserTable();
if ($table->getByUsername($params['username'], false)) {
throw new AuthException('That username is already taken');
}
// Make sure we have a unique email
if ($table->getByEmail($params['email'])) {
throw new AuthException('That email address is already used');
}
// If we got this far, we're ready to create the account:
$data = array('username' => $params['username'], 'password' => $params['password'], 'firstname' => $params['firstname'], 'lastname' => $params['lastname'], 'email' => $params['email'], 'created' => date('Y-m-d h:i:s'));
// Create the row and send it back to the caller:
$table->insert($data);
return $table->getByUsername($params['username'], false);
}
/**
* Update a user's password from the request.
*
* @param \Zend\Http\PhpEnvironment\Request $request Request object containing
* new account details.
*
* @throws AuthException
* @return \VuFind\Db\Row\User New user row.
*/
public function updatePassword($request)
{
// Ensure that all expected parameters are populated to avoid notices
// in the code below.
$params = [];
foreach (['oldpwd', 'password', 'password2'] as $param) {
$params[$param] = $request->getPost()->get($param, '');
}
// Connect to catalog:
if (!($patron = $this->authenticator->storedCatalogLogin())) {
throw new AuthException('authentication_error_technical');
}
// Validate Input
$this->validatePasswordUpdate($params);
$result = $this->getCatalog()->changePassword(['patron' => $patron, 'oldPassword' => $params['oldpwd'], 'newPassword' => $params['password']]);
if (!$result['success']) {
throw new AuthException($result['status']);
}
// Update the user and send it back to the caller:
$user = $this->getUserTable()->getByUsername($patron['cat_username']);
$user->saveCredentials($patron['cat_username'], $params['password']);
return $user;
}
public function addfileAction()
{
$this->checkAuth();
$request = $this->getRequest();
if ($request->isPost()) {
$file_attach = new FileAttachment();
$file_attach->user_create = $this->auth->getIdentity()->id;
$file_attach->date_create = date('Y-m-d H:i:s');
$file_attach->last_date = $file_attach->date_create;
$file_attach->last_user = $this->auth->getIdentity()->id;
// info pay
$file_attach->task_id = $request->getPost('task_id');
$file_attach->permission_option = $request->getPost('permission_option');
if ($this->isLevel2() != true) {
$permission = $this->databaseService->getPermissionUser($file_attach->task_id, $file_attach->user_create);
if ($permission == Config::FILE_PERMISSION_ERROR) {
return new JsonModel(array());
}
if ($permission == Config::FILE_PERMISSION_CUSTUMER) {
$file_attach->permission_option = Config::FILE_PERMISSION_CUSTUMER;
}
if ($permission == Config::FILE_PERMISSION_PROVIDER) {
$file_attach->permission_option = Config::FILE_PERMISSION_PROVIDER;
}
}
// File upload input
$file = new FileInput('file_name');
// Special File Input type
$file->getValidatorChain()->attach(new Validator\File\UploadFile());
$file->getFilterChain()->attach(new Filter\File\RenameUpload(array('target' => '.' . Config::FILE_ATTACHMENT_PATH . $file_attach->task_id, 'use_upload_name' => true, 'randomize' => true)));
if (!file_exists('.' . Config::FILE_ATTACHMENT_PATH . $file_attach->task_id)) {
mkdir('.' . Config::FILE_ATTACHMENT_PATH . $file_attach->task_id, 0700, true);
}
// Merge $_POST and $_FILES data together
$request = new Request();
$postData = array_merge_recursive($request->getPost()->toArray(), $request->getFiles()->toArray());
$inputFilter = new InputFilter();
$inputFilter->add($file)->setData($postData);
if ($inputFilter->isValid()) {
// FileInput validators are run, but not the filters...
$data = $inputFilter->getValues();
// This is when the FileInput filters are run.
$file_attach->real_name = basename($data['file_name']['tmp_name']);
$file_attach->file_name = basename($data['file_name']['name']);
$result = $this->databaseService->addFileAttachment($file_attach);
$file_attach->id = $result->getGeneratedValue();
$this->databaseService->addFileLog($this->auth->getIdentity()->id, $file_attach, Config::PAY_INFO_COMMON);
}
}
return new JsonModel(array());
}
/**
* Delete record based on passed id and return result
*
* @param Request $request
* @param $fieldName
*
* @return array
*/
public function deleteSubgridRow(Request $request, $fieldName)
{
$id = $request->getPost('id');
$mapping = $this->getEntityManager()->getClassMetadata($this->getEntity());
$target = $mapping->associationMappings[$fieldName]['targetEntity'];
$model = $this->getModel($target);
try {
$retv = $model->remove($id);
$message = sprintf('Row #%d successfully deleted', $id);
} catch (\Exception $e) {
$message = 'Unable to delete record. ' . $e->getMessage();
$retv = false;
}
return array('error' => $retv ? false : true, 'message' => $message);
}
/**
* QueryStringをパースし、$_GETに上書き
* @return void
*/
public static function parseArguments()
{
global $cookie, $get, $post, $method;
global $defaultpage;
$request = new Request();
// GET, POST, COOKIE
$get = $request->getQuery();
$post = $request->getPost();
$cookie = $request->getCookie();
$method = $request->getMethod();
$vars = array();
if (strlen($get->toString()) > self::MAX_QUERY_STRING_LENGTH) {
// Something nasty attack?
self::dump('suspicious');
self::dieMessage(_('Query string is too long.'));
}
if (count($get) === 0) {
// Queryがない場合
$get->set('page', $defaultpage);
} else {
if (count($get) === 1 && empty(array_values((array) $get)[0])) {
// 配列の長さが1で最初の配列に値が存在しない場合はキーをページ名とする。
$k = trim(array_keys((array) $get)[0]);
$get->set('page', rawurldecode($_SERVER['QUERY_STRING']));
unset($get[$k]);
}
}
// 外部からの変数を$vars配列にマージする
if (empty($post)) {
$vars = (array) $get;
// Major pattern: Read-only access via GET
} else {
if (empty($get)) {
$vars = (array) $post;
// Minor pattern: Write access via POST etc.
} else {
$vars = array_merge((array) $get, (array) $post);
// Considered reliable than $_REQUEST
}
}
// var_dump($vars);
// die;
if (!isset($vars['cmd'])) {
$vars['cmd'] = 'read';
}
if (isset($vars['page']) && is_string($vars['page']) && preg_match(Wiki::INVALIED_PAGENAME_PATTERN, $vars['page']) === false) {
// ページ名チェック
self::dump('suspicious');
die('Invalid page name.');
}
if (is_string($vars['cmd']) && preg_match(PluginRenderer::PLUGIN_NAME_PATTERN, $vars['cmd']) === false) {
// 入力チェック: cmdの文字列は英数字以外ありえない
self::dump('suspicious');
die(sprintf('Plugin name %s is invalied or too long! (less than 64 chars)', $vars['cmd']));
}
// 文字コード変換
// <form> で送信された文字 (ブラウザがエンコードしたデータ) のコードを変換
// POST method は常に form 経由なので、必ず変換する
if (isset($vars['encode_hint']) && !empty($vars['encode_hint'])) {
// do_plugin_xxx() の中で、<form> に encode_hint を仕込んでいるので、
// encode_hint を用いてコード検出する。
// 全体を見てコード検出すると、機種依存文字や、妙なバイナリ
// コードが混入した場合に、コード検出に失敗する恐れがある。
$encode = mb_detect_encoding($vars['encode_hint']);
mb_convert_variables(SOURCE_ENCODING, $encode, $vars);
} else {
// 全部まとめて、自動検出/変換
mb_convert_variables(SOURCE_ENCODING, 'auto', $vars);
}
// 環境変数のチェック
self::checkEnv($request->getEnv());
switch ($method) {
case Request::METHOD_POST:
self::spamCheck($vars['cmd']);
break;
case Request::METHOD_OPTIONS:
case Request::METHOD_PROPFIND:
case Request::METHOD_DELETE:
case 'MOVE':
case 'COPY':
case 'PROPPATCH':
case 'MKCOL':
case 'LOCK':
case 'UNLOCK':
// WebDAV
$matches = array();
foreach (self::$ua_dav as $pattern) {
if (preg_match('/' . $pattern . '/', $log_ua, $matches)) {
PluginRenderer::executePluginAction('dav');
exit;
}
}
break;
}
return $vars;
}
/**
* Load credentials into the object and apply internal filter settings to them.
*
* @param \Zend\Http\PhpEnvironment\Request $request Request object containing
* account credentials.
*
* @return void
*/
protected function filterCredentials($request)
{
$this->username = $request->getPost()->get('username');
$this->password = $request->getPost()->get('password');
foreach ($this->filters as $filter) {
$parts = explode(':', $filter);
$property = trim($parts[0]);
if (isset($this->{$property})) {
$this->{$property} = call_user_func(trim($parts[1]), $this->{$property});
}
}
}
/**
* Parse request and prepare filter parameters
*
* @param Request $request
*
* @return array
*/
protected function _getFilterParams(Request $request)
{
$filters = array();
// Multiple field filtering
if ($request->getPost('filters')) {
$filter = Json::decode($request->getPost('filters'), Json::TYPE_ARRAY);
if (count($filter['rules']) > 0) {
foreach ($filter['rules'] as $rule) {
$filters['field'][] = $rule['field'];
$filters['value'][] = $rule['data'];
$filters['expression'][] = $this->_expression[$rule['op']];
}
$filters['options']['multiple'] = true;
$filters['options']['boolean'] = isset($filter['groupOp']) ? $filter['groupOp'] : 'AND';
return $filters;
}
}
// Single field filtering
return array('field' => $request->getPost('searchField'), 'value' => trim($request->getPost('searchString')), 'expression' => $this->_expression[$request->getPost('searchOper', 'eq')], 'options' => array());
}
/**
* Try to log in the user using current query parameters; return User object
* on success, throws exception on failure.
*
* @param \Zend\Http\PhpEnvironment\Request $request Request object containing
* account credentials.
*
* @throws AuthException
* @return UserRow Object representing logged-in user.
*/
public function login($request)
{
// Validate CSRF for form-based authentication methods:
if (!$this->getAuth()->getSessionInitiator(null) && !$this->csrf->isValid($request->getPost()->get('csrf'))) {
throw new AuthException('authentication_error_technical');
}
// Perform authentication:
try {
$user = $this->getAuth()->authenticate($request);
} catch (AuthException $e) {
// Pass authentication exceptions through unmodified
throw $e;
} catch (\VuFind\Exception\PasswordSecurity $e) {
// Pass password security exceptions through unmodified
throw $e;
} catch (\Exception $e) {
// Catch other exceptions, log verbosely, and treat them as technical
// difficulties
error_log("Exception in " . get_class($this) . "::login: " . $e->getMessage());
error_log($e);
throw new AuthException('authentication_error_technical');
}
// Store the user in the session and send it back to the caller:
$this->updateSession($user);
return $user;
}
/**
* Update a user's password from the request.
*
* @param \Zend\Http\PhpEnvironment\Request $request Request object containing
* new account details.
*
* @throws AuthException
* @return \VuFind\Db\Row\User New user row.
*/
public function updatePassword($request)
{
// Ensure that all expected parameters are populated to avoid notices
// in the code below.
$params = ['username' => '', 'password' => '', 'password2' => ''];
foreach ($params as $param => $default) {
$params[$param] = $request->getPost()->get($param, $default);
}
// Validate Input
$this->validateUsernameAndPassword($params);
// Create the row and send it back to the caller:
$table = $this->getUserTable();
$user = $table->getByUsername($params['username'], false);
if ($this->passwordHashingEnabled()) {
$bcrypt = new Bcrypt();
$user->pass_hash = $bcrypt->create($params['password']);
} else {
$user->password = $params['password'];
}
$user->save();
return $user;
}
/**
* Attempt to authenticate the current user. Throws exception if login fails.
*
* @param \Zend\Http\PhpEnvironment\Request $request Request object containing
* account credentials.
*
* @throws AuthException
* @return \VuFind\Db\Row\User Object representing logged-in user.
*/
public function authenticate($request)
{
$this->username = trim($request->getPost()->get('username'));
$this->password = trim($request->getPost()->get('password'));
if ($this->username == '' || $this->password == '') {
throw new AuthException('authentication_error_blank');
}
return $this->bindUser();
}
public function testRetrievingASingleValueForParameters()
{
$request = new Request();
$p = new \Zend\Stdlib\Parameters(array('foo' => 'bar'));
$request->setQuery($p);
$request->setPost($p);
$request->setFiles($p);
$request->setServer($p);
$request->setEnv($p);
$this->assertSame('bar', $request->getQuery('foo'));
$this->assertSame('bar', $request->getPost('foo'));
$this->assertSame('bar', $request->getFiles('foo'));
$this->assertSame('bar', $request->getServer('foo'));
$this->assertSame('bar', $request->getEnv('foo'));
$headers = new Headers();
$h = new GenericHeader('foo', 'bar');
$headers->addHeader($h);
$request->setHeaders($headers);
$this->assertSame($headers, $request->getHeaders());
$this->assertSame($h, $request->getHeaders()->get('foo'));
$this->assertSame($h, $request->getHeader('foo'));
}
/**
* Handles a given form for the add and edit action
* @return array Array for the view, containing the form and maybe id and errors
*/
private function handleForm(Request &$request, NewsCategoryForm &$form, NewsCategory &$nc, $id = 0)
{
$form->setInputFilter($nc->getInputFilter());
$post = array_merge_recursive($request->getPost()->toArray(), $request->getFiles()->toArray());
$form->setData($post);
if ($form->isValid()) {
$nc->exchangeArray($post);
$old = $this->getNewsCategoryTable()->getNewsCategoryBy(['id' => $id]);
if ($this->getNewsCategoryTable()->getNewsCategoryBy(['name' => $nc->getName()]) && ($id === 0 || $nc->getName() !== $old->getName())) {
$errors['name'] = ['exists' => 'A category with this name already exists'];
$form->get('name')->setMessages($errors);
if (!$id) {
return ['form' => $form, 'errors' => $errors];
}
return ['form' => $form, 'errors' => $errors, 'id' => $id];
}
$size = new Size(['min' => 20, 'max' => 20000]);
$adapter = new Http();
$adapter->setValidators([$size], $post['path']);
//Only throw error if a new category is created. New Categories need an image
if (!$adapter->isValid() && $id === 0) {
$errors = $adapter->getMessages();
return ['form' => $form, 'errors' => $errors];
}
$dir = getcwd() . '/public/news_cat/';
//A file was given, so it will be saved on the server
if ($adapter->isValid()) {
if (!file_exists($dir)) {
mkdir($dir);
}
$pic = $post['path'];
$file = file_get_contents($pic['tmp_name']);
file_put_contents($dir . $nc->getName() . '.png', $file);
} else {
//No new file was given, so update the filename to the new name
rename($dir . $old->getName() . '.png', $dir . $nc->getName() . '.png');
}
$this->getNewsCategoryTable()->saveNewsCategory($nc);
return $this->redirect()->toRoute('newscategory');
}
$errors = $form->getMessages();
if ($id) {
return ['form' => $form, 'errors' => $errors, 'id' => $id];
}
return ['form' => $form, 'errors' => $errors];
}
