function ResourceServerAction($actionInfo, $request)
{
$this->Action($actionInfo, $request);
// keep the session for later use
$session = HttpVars::getSession();
$this->_session = $session['SessionInfo'];
$this->_config =& Config::getConfig();
}
/**
* Validate if everything is correct
*/
function validate()
{
// first of all, check if we have a valid blog id
$this->_blogId = $this->_request->getValue("blogId");
if ($this->_blogId == "" || $this->_blogId < 0) {
// check if the user really belongs to one or more blogs and if not, quit
$users = new Users();
$userBlogs = $users->getUsersBlogs($this->_userInfo->getId(), BLOG_STATUS_ACTIVE);
if (count($userBlogs) == 0) {
$this->_view = new AdminSimpleErrorView();
$this->_view->setValue("message", $this->_locale->tr("error_dont_belong_to_any_blog"));
return false;
}
// if everything went fine, then we can continue...
$this->_view = new AdminDashboardView($this->_userInfo, $userBlogs);
return false;
}
// load the blog
$blogs = new Blogs();
$this->_blogInfo = $blogs->getBlogInfo($this->_blogId);
// check if the blog really exists
if (!$this->_blogInfo) {
$this->_view = new AdminSimpleErrorView();
$this->_view->setValue("message", $this->_locale->tr("error_incorrect_blog_id"));
return false;
}
// if so, check that it is active
if ($this->_blogInfo->getStatus() != BLOG_STATUS_ACTIVE) {
$this->_view = new AdminSimpleErrorView();
$this->_view->setValue("message", $this->_locale->tr("error_incorrect_blog_id"));
return false;
}
// if the blog identifier is valid, now we should now check if the user belongs
// to that blog so that we know for sure that nobody has tried to forge the
// parameter in the meantime
$userPermissions = new UserPermissions();
$blogUserPermissions = $userPermissions->getUserPermissions($this->_userInfo->getId(), $this->_blogInfo->getId());
if (!$blogUserPermissions) {
$this->_view = new AdminSimpleErrorView();
$this->_view->setValue("message", $this->_locale->tr("error_no_permissions"));
return false;
}
// if all correct, we can now set the blogInfo object in the session for later
// use
$this->_session->setValue("blogInfo", $this->_blogInfo);
$session = HttpVars::getSession();
$session["SessionInfo"] = $this->_session;
HttpVars::setSession($session);
return true;
}
function sessionInfoAvailable()
{
$session = HttpVars::getSession();
if (isset($session["SessionInfo"])) {
$sessionInfo = $session["SessionInfo"];
$this->_blogInfo = $sessionInfo->getValue("blogInfo");
$this->_userInfo = $sessionInfo->getValue("userInfo");
if ($this->_blogInfo == "" || $this->_userInfo == "") {
return false;
} else {
return true;
}
} else {
return false;
}
}
function perform()
{
// check if the password is correct
$secretItems = new SecretItems();
// if not, show another error
if (!$secretItems->authenticateItem($this->_articleId, $this->_password)) {
$this->_view = new ErrorView($this->_blogInfo, "Sorry, better luck next time!");
$this->setCommonData();
return false;
}
// but if correct, put the information in the session and try again
$session = HttpVars::getSession();
$sessionKey = "article_" . $this->_articleId;
$session["{$sessionKey}"] = "OK";
HttpVars::setSession($session);
BlogController::setForwardAction("ViewArticle");
return true;
}
/**
* Carries out the specified action
*/
function perform()
{
$this->_view = new AdminDefaultView();
$this->notifyEvent(EVENT_PRE_LOGOUT);
// remove all the information from the session
$session = HttpVars::getSession();
$session["SessionInfo"] = null;
unset($session["SessionInfo"]);
$session = array();
HttpVars::setSession($session);
session_destroy();
// and pass the locale to the template
$config =& Config::getConfig();
$locale =& Locales::getLocale($config->getValue("default_locale"));
$url =& $this->_blogInfo->getBlogRequestGenerator();
$blogTitle = $this->_blogInfo->getBlog();
$logoutMessage = $this->_locale->tr("logout_message") . "<br/>" . $locale->pr("logout_message_2", $url->blogLink(), $blogTitle);
$this->_view->setSuccessMessage($logoutMessage);
$this->notifyEvent(EVENT_POST_LOGOUT);
// better to return true if everything fine
return true;
}
/**
* sets a value in the session
*
* @param key the key assigned to this vlaue
* @param value The value assigned
* @return always true
*/
function setSessionValue($key, $value)
{
// switch that informs whether the session manager has already been initialized or not
global $__sessionManagerInitialized;
// check if the session manager has already been initialized
if (!$__sessionManagerInitialized) {
throw new Exception("SessionManager::init() must be called before SessionManager::getSessionValue()");
die;
}
// get the session and SessionInfo object
$session = HttpVars::getSession();
$sessionInfo = $session["SessionInfo"];
// set the value and save it to the session
$sessionInfo->setValue($key, $value);
$session["SessionInfo"] = $sessionInfo;
HttpVars::setSession($session);
return true;
}
/**
* retrieves a parameter from the session
*
* @param param
* @param defaultValue
* @return The value associated to the parameter or empty if not
* found
*/
function getSessionValue($param, $defaultValue = "")
{
$session = HttpVars::getSession();
$viewName = $this->className();
$keyName = "{$viewName}_{$param}";
$value = "";
if (array_key_exists($keyName, $session)) {
$value = $session["{$keyName}"];
}
if ($value == "" && $defaultValue != "") {
$value = $defaultValue;
}
return $value;
}
function filter()
{
// get some info
$blogInfo = $this->_pipelineRequest->getBlogInfo();
$request = $this->_pipelineRequest->getHttpRequest();
$session = HttpVars::getSession();
// get the article id from the request, since if it is available, then we know
// that we have to ask for the password before we can let users watch it
$articleId = $request->getValue("articleId");
// If we use custom url mode, the article id is not available, we need to use
// - articleName
// - userId
// - categoryId
// - date
// and $articles->getBlogArticleByTitle() to find the value
if ($articleId == "") {
$articleName = $request->getValue("articleName");
$categoryId = $request->getValue("postCategoryId", -1);
$categoryName = $request->getValue("postCategoryName");
$userId = $request->getValue("userId", -1);
$userName = $request->getValue("userName");
$date = $request->getValue("Date", -1);
// If userName available, use it to find userId
if ($userName) {
$users =& new Users();
$user = $users->getUserInfoFromUsername($userName);
if (!$user) {
$result = new PipelineResult(true);
return $result;
}
// if there was a user, use his/her id
$userId = $user->getId();
}
// If categoryName available, use it to find categoryId
if ($categoryName) {
$categories =& new ArticleCategories();
$category = $categories->getCategoryByName($categoryName, $blogInfo->getId());
if (!$category) {
$result = new PipelineResult(true);
return $result;
}
// if there was a user, use his/her id
$categoryId = $category->getId();
}
// fetch the article
// the article identifier can be either its internal id number or its mangled topic
$articles =& new Articles();
$article = $articles->getBlogArticleByTitle($articleName, $blogInfo->getId(), false, $date, $categoryId, $userId, POST_STATUS_PUBLISHED);
if ($article) {
$articleId = $article->getId();
} else {
$result = new PipelineResult(true);
return $result;
}
}
// check if the article should be protected or not
$secretItems = new SecretItems();
if ($secretItems->articleIsSecret($articleId)) {
// if so, first check if the password does not already exist in the session
$itemPassword = $request->getValue("itemPassword");
// do we already have this information in the session?
$sessionKey = "article_" . $articleId . "_auth";
if ($session["{$sessionKey}"] != "") {
// check if the information is correct
if ($secretItems->authenticateItemHash($articleId, $session["{$sessionKey}"])) {
// if all correct, go ahead!
$result = new PipelineResult(true);
return $result;
}
}
// if not, check if we are authenticating now...
if ($itemPassword != "") {
// authenticate using the given password
if (!$secretItems->authenticateItem($articleId, $itemPassword)) {
$result = new PipelineResult(false, 500, "Better luck next time!");
} else {
// if the user authenticated correctly, then put the information in the session
_debug("authenticated correctly!");
$session = HttpVars::getSession();
$session["{$sessionKey}"] = md5($itemPassword);
$result = new PipelineResult(true);
HttpVars::setSession($session);
}
} else {
$ts = new TemplateService();
$t = $ts->PluginTemplate("secret", "passwordform");
$t->assign("locale", $blogInfo->getLocale());
$t->assign("params", $request->getAsArray());
$t->assign("articleId", $articleId);
$t->assign("url", RequestGenerator::getRequestGenerator($blogInfo));
$message = $t->fetch();
$result = new PipelineResult(false, 500, $message);
}
return $result;
}
// if everything went fine, we can say so by returning
// a positive PipelineResult object
$result = new PipelineResult(true);
return $result;
}
/**
* Saves the session data
* @private
*/
function saveSession()
{
$this->_session->setValue("blogInfo", $this->_blogInfo);
$this->_session->setValue("userInfo", $this->_userInfo);
//$_SESSION["SessionInfo"] = $this->_session;
$session = HttpVars::getSession();
$session["SessionInfo"] = $this->_session;
HttpVars::setSession($session);
}
/**
* Carries out the specified action
*/
function perform()
{
// get the parameters, which have already been validated
$this->_userName = Textfilter::filterAllHTML($this->_request->getValue("userName"));
$this->_userPassword = $this->_request->getValue("userPassword");
$this->_op = Textfilter::filterAllHTML($this->_request->getValue("op"));
// create a plugin manager
$pm =& PluginManager::getPluginManager();
// try to authenticate the user
$users = new Users();
if (!$users->authenticateUser($this->_userName, $this->_userPassword)) {
$this->_view = new AdminDefaultView();
$this->_view->setErrorMessage($this->_locale->tr("error_incorrect_username_or_password"));
$this->setCommonData();
$pm->notifyEvent(EVENT_LOGIN_FAILURE, array("user" => $this->_userName));
return false;
}
// if the user is correct, get and put his or her information in the session
$userInfo = $users->getUserInfo($this->_userName, $this->_userPassword);
if (!$userInfo) {
$this->_view = new AdminDefaultView();
$this->_view->setErrorMessage($this->_locale->tr("error_incorrect_username_or_password"));
$this->setCommonData();
$pm->notifyEvent(EVENT_LOGIN_FAILURE, array("user" => $this->_userName));
return false;
}
$pm->notifyEvent(EVENT_USER_LOADED, array("user" => &$userInfo, "from" => "Login"));
//$sessionInfo = $_SESSION["SessionInfo"];
$session = HttpVars::getSession();
$sessionInfo = $session["SessionInfo"];
$sessionInfo->setValue("userInfo", $userInfo);
$session["SessionInfo"] = $sessionInfo;
HttpVars::setSession($session);
// get the list of blogs to which the user belongs
$userBlogs = $users->getUsersBlogs($userInfo->getId(), BLOG_STATUS_ACTIVE);
// but if he or she does not belong to any yet, we quit
if (empty($userBlogs)) {
$this->_view = new AdminDefaultView();
$this->_view->setErrorMessage($this->_locale->tr("error_dont_belong_to_any_blog"));
$this->setCommonData();
return false;
}
$pm->notifyEvent(EVENT_BLOGS_LOADED, array("blogs" => &$userBlogs, "from" => "Login"));
// check if we are skipping the dashboard
if ($this->_config->getValue("skip_dashboard")) {
// get the first blog that came
$this->_blogInfo = end($userBlogs);
// set it in the session
$session = HttpVars::getSession();
$session["SessionInfo"]->setValue("blogInfo", $this->_blogInfo);
HttpVars::setSession($session);
// and then continue...
AdminController::setForwardAction("newPost");
} else {
$this->_view = new AdminDashboardView($userInfo, $userBlogs);
}
// better to return true if everything's fine
return true;
}
}
include_once PLOG_CLASS_PATH . "class/controller/controller.class.php";
include_once PLOG_CLASS_PATH . "class/net/http/session/sessioninfo.class.php";
include_once PLOG_CLASS_PATH . "class/net/http/session/sessionmanager.class.php";
include_once PLOG_CLASS_PATH . "class/net/http/httpvars.class.php";
include_once PLOG_CLASS_PATH . "class/plugin/pluginmanager.class.php";
// create our own action map
$actionMap = array("Default" => "RssAction");
$controller = new Controller($actionMap, "op");
$request =& HttpVars::getRequest();
if (isset($request["summary"])) {
$request["op"] = "rss";
include_once PLOG_CLASS_PATH . "summary.php";
die;
}
//
// if there is no session object, we better create one
//
SessionManager::Init();
$session = HttpVars::getSession();
if ($session["SessionInfo"] == "") {
$session["SessionInfo"] = new SessionInfo();
HttpVars::setSession($session);
}
// load the plugins, this needs to be done *before* we call the
// Controller::process() method, as some of the plugins _might_
// add new actions to the controller
$pluginManager =& PluginManager::getPluginManager();
$pluginManager->loadPlugins();
// and call the controller
$controller->process(HttpVars::getRequest());
/**
* Saves the information from the session
*/
function saveSession()
{
//$_SESSION['SessionInfo'] = $this->_session;
$session = HttpVars::getSession();
$session['SessionInfo'] = $this->_session;
HttpVars::setSession($session);
}