/** * @param int $applicationId * @return bool */ public static function hasCurrentUserAccessToApp($applicationId) { $userId = MMUsers::getCurrentUserId(); $authorizedUsers = self::fetchAllowedUsersByApplication($applicationId); return in_array($userId, $authorizedUsers); }
/** * @param $token * @return bool */ public static function isUserTokenValid($token) { //get secret seed and add date (20140703) $secretSeed = self::getFormSecretSeed(); //get user id (anonymous or current logged user) $userId = MMUsers::getCurrentUserId() != -1 ? MMUsers::getCurrentUserId() : MMUsers::getAnonymousUserId(); //cluster identifier $clusterIdentifier = ClusterTool::clusterIdentifier(); if(sha1($secretSeed . date('Ymd') . $userId . $clusterIdentifier) == $token) { return true; } //yesterday date else if(sha1($secretSeed . date('Ymd', time() - 60 * 60 * 24) . $userId . $clusterIdentifier) == $token) { return true; } else { return false; } }
/** * @return bool */ public function canRead(array $params) { $isPublic = $params['isPublic']; $isFull = $params['isFull']; $restrictionLevel = $this->applicationLocalized->restrictionLevel(); if( $restrictionLevel == ApplicationObject::RESTRICTION_LEVEL_LIMITED) { $id = MMUsers::getCurrentUserId(); $authorizedUsers = MMLimitedApplicationsAllowedUsers::fetchAllowedUsersByApplication($this->applicationLocalized->application_id); if(empty($authorizedUsers) || !in_array($id, $authorizedUsers)){ return false; } else { return true; } } $allowsPublicView = $this->getApplicationCustomParamater('allowsPublicView'); if( $isPublic && $allowsPublicView && MMUserHeader::tokenExists( isset( $_GET['t'] ) ? $_GET['t'] : false ) != null) { return true; } elseif( $isPublic ) { return false; } if( !BlockDefault::user() || // or if ToU not validated ( (bool)BlockDefault::user() && !BlockDefault::user()->toUValidated() && BlockDefault::iniMerck()->hasVariable( 'LoginSettings', 'ToUCheck' ) && BlockDefault::iniMerck()->variable( 'LoginSettings', 'ToUCheck') != 'disabled' ) ) { return !$isFull; } return null; }
/** * @return String */ public function calculate() { //check if canRead if($this->canRead()) { //get current user id $userId = MMUsers::getCurrentUserId(); //check if current user is logged if(!MMUsers::isAnonymous($userId)) { //not json encode return $this->outputAsJson = false; //set XML header header('Content-Type: text/xml; charset=utf-8'); //construct request $request = 'http://www.shef.ac.uk/FRAX/result.aspx?'; foreach ($_REQUEST as $key => $value) { if( in_array($key, self::$whiteList)) $request .= $key . '=' . $value . '&'; } //add ID value $request .= 'ID=8376972874'; $curl = curl_init(); //set URL curl_setopt($curl, CURLOPT_URL, $request); //not display page content curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); //allow cookie session curl_setopt($curl, CURLOPT_COOKIESESSION, true); //exec and return curl request return curl_exec($curl); } } }
/** * @return string */ protected function startCourseOverWsdl() { $courseId = ( isset( $_POST['courseid'] ) && filter_var($_POST['courseid'], FILTER_VALIDATE_REGEXP, SecurityTool::$ELEARNING_COURSEID_REGEXP) ) ? $_POST['courseid'] : null; $soapUrl = SolrSafeOperatorHelper::feature('OnlineVortrageSettings', 'WsdlUrl'); $credentialLogin = SolrSafeOperatorHelper::feature('OnlineVortrageSettings', 'WsdlLogin'); $credentialPassword = SolrSafeOperatorHelper::feature('OnlineVortrageSettings', 'WsdlPassword'); $useLocale = SolrSafeOperatorHelper::feature('OnlineVortrageSettings', 'UseLocale'); $locale = SolrSafeOperatorHelper::feature('OnlineVortrageSettings', 'Locale'); $credentials = array( 'login' => $credentialLogin, 'password' => $credentialPassword, ); $params = array( array( 'username' => MMUsers::getCurrentUserId(), 'courseID' => $courseId, ) ); if ( $useLocale ) { $params[0]['locale'] = $locale; } try { $soap = new SoapClientAuth( $soapUrl, $credentials ); $result = $soap->__soapCall( 'UnivadisEncrypt', $params ); if ( isset($result) && isset($result->return) ) { $url = $result->return; if ( strpos($url, 'http') !== 0 || strpos($url, 'https') !== 0) { $url = 'http://' . $url; } if ( !ContextTool::instance()->isMobile() ) { $url = urlencode( urlencode( $url ) ); $url = '/external/deeplink?deeplink=' . $url . '&exit_strategy=0'; } return $url; } } catch ( SoapFault $f ) { } return false; }
<?php /* @type $Params string[] */ $nodeID = $Params['nodeID']; $node = eZContentObjectTreeNode::fetch($nodeID); header('Pragma: no-cache'); header('cache-Control: no-cache, must-revalidate'); header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); //TODO add context to login if(MMUsers::isAnonymous(MMUsers::getCurrentUserId())) { $host = eZSys::serverURL(); $siteIni = eZINI::instance( 'site.ini' ); $loginUrl = preg_replace('#^https?//[^/]+#', '', $siteIni->variable('SiteSettings', 'LoginPage')); $context = $host . '/esibuild/download/' . $nodeID; header( 'Location: ' . $loginUrl . '?context='.urlencode($context) ); eZExecution::cleanExit(); } //test if application allow download if(!SecurityTool::getFileApplicationCanRead($node)) { header('HTTP/1.1 403 Forbidden'); echo "<h1>Forbidden access</h1>\n"; eZExecution::cleanExit(); } if($node) {
$value = 'de_CH'; break; case 'fre-CA': $value = 'fr_CA'; break; case 'eng-CA': $value = 'en_CA'; break; } if( $value ) setcookie( substr($value, -2) . '_Login', $value, 0, '/', CookieTool::getCookieDomain() ); } $userId = MMUsers::getCurrentUserId(); if ( !MMUsers::isAnonymous($userId) ) { if ( SolrSafeOperatorHelper::featureIsActive( 'ToUPPPopin' ) ) { if ( ( !ContextTool::instance()->isMobile() && SolrSafeOperatorHelper::feature( 'ToUPPPopin', 'useDedicatedPage' ) ) || ( ContextTool::instance()->isMobile() && SolrSafeOperatorHelper::feature('ToUPPPopin','showOnMobile') && SolrSafeOperatorHelper::feature('ToUPPPopin','useDedicatedPageMobile') ) ) { $serviceLogin = ESBFactory::getLoginService( ServiceLoginBase::ESB_METHOD_AUTOLOGIN, $_REQUEST ); if ( $serviceLogin->checkTouPPPopin( ESBFactory::getUserService()->form() ) ) { CookieTool::destroyCookie( 'displayToUPPPopin' ); CookieTool::destroyCookie( 'displayToUPPPopin', '/', null );
public static function setCookie() { $country = self::country(); CookieTool::setCookie( self::COOKIE_KEY, self::countTotalFromUserSelection( MMUsers::getCurrentUserId(), $country ) ); }
/** * @return array */ public static function applicationList() { # Hotfix #23450 note-8 if ( !isset($_COOKIE['remember_me']) ) { $cookieExpiration = time() + eZINI::instance('merck.ini')->variable('TIBCOCookieSettings', 'TIBCOCookieExpiration'); $uuid = MMUsers::getCurrentUserId(); setcookie('remember_me', MMUserLogin::encryptText(json_encode($uuid)), $cookieExpiration, '/', CookieTool::getCookieDomain()); } $out = array('applicationList' => array()); $host = 'http://' . self::host(); if ( isset($_POST['application']) ) { $applicationIdList = array((int) $_POST['application']); } else { $applicationIdList = AppBarControl::instance()->applicationIds(); } foreach ( $applicationIdList as $applicationId ) { if ( !is_numeric($applicationId) ) { continue; } $applicationLocalized = CacheApplicationTool::buildLocalizedApplicationByApplication($applicationId); $application = ($applicationLocalized) ? $applicationLocalized->applicationObject() : null; if ( $applicationLocalized ) { $application = $applicationLocalized->applicationObject(); } if ( isset($application) ) { $applicationType = $application->applicationType(); $icons = array( 'icon' => array( 'path' => '', 'md5' => '', 'file' => 'ico.png', ), 'icon_hd' => array( 'path' => '', 'md5' => '', 'file' => 'ico_notext_hd.png', ), 'icon_active' => array( 'path' => '', 'md5' => '', 'file' => 'ico_notext_active.png', ), 'icon_active_hd' => array( 'path' => '', 'md5' => '', 'file' => 'ico_notext_active_hd.png' ), ); foreach($icons as $key => $iconData) { $path = sprintf('apps/%s/%s', $application->attribute('identifier'), $iconData['file']); $fullPath = StaticData::clusterFilePath(ClusterTool::clusterIdentifier(), $path); if ($fullPath) { $icons[$key]['path'] = StaticData::externalUrl(ClusterTool::clusterIdentifier(), $path); $icons[$key]['md5'] = md5_file($fullPath); } } $path = '/' . $applicationLocalized->attribute('url'); $url = $host . $path; if ( $application->isPureExternal() ) { $url = $applicationLocalized->attribute("external_url"); } $outApplicationListArray = array( 'id' => $applicationId, 'identifier' => $application->attribute('identifier'), 'name' => $applicationLocalized->attribute('name'), 'headline' => $applicationLocalized->attribute('headline'), 'type' => $applicationType->attribute('internal_type'), 'url' => $url, 'path' => $path, 'javascript' => self::getJavascript($application->attribute('identifier'), 'application')); foreach($icons as $key => $icon) { $outApplicationListArray[$key] = array( '100' => array('path' => $icon['path'], $icon['md5']), ); } $out['applicationList'][] = $outApplicationListArray; } } return $out; }
public function addInfo($campaignCode, $data) { if (MMUsers::getCurrentUserObject() instanceof MMUsers == false) { return null; } $userId = MMUsers::getCurrentUserId(); $data = array( 'data' => array( 'additionalInfo' => array( 'userId' => $userId, 'campaignCode' => $campaignCode, 'headers' => $data, ) ) ); // $data = json_encode($data); return $this->callWSHandler($this->getEsbInterface('addinfo'), $data); }
/** * * @return eZTemplate */ public function tpl() { $tpl = parent::tpl(); // test if user is logged $userId = MMUsers::getCurrentUserId(); $currentUser = MMUsers::fetchById( $userId ); $isLogged = !empty($currentUser); $salt = eZINI::instance( 'merck.ini' )->variable( 'TicketLogin', 'DESKey' ); $hash = sha1($this->getApplicationId() . $salt); $tpl->setVariable('application_id', $this->getApplicationId()); $tpl->setVariable('is_logged' , $isLogged); $tpl->setVariable('hash' , $hash); // applications for anonymous users $applications_anonymous = array(); if( !$isLogged ) { $ids = CountryAppsBar::fetchAppsBarApplicationIds(); // convert ids in string $applications_anonymous = explode(',', implode(',', $ids)); } $tpl->setVariable('applications_anonymous', $applications_anonymous); if( $isLogged && SolrSafeOperatorHelper::featureIsActive( 'GoogleAnalytics' ) ) { $gtmVariables = array( 'visitorSpecialtyLabel' => SolrSafeOperatorHelper::getTaxoTranslation( 'user_specialty', $this->user()->userSpecialityId() ), 'visitorTypeLabel' => SolrSafeOperatorHelper::getTaxoTranslation( 'customer_type', $this->user()->customerTypeId() ) ); $gtmToPush = isset( $this->_result['gtm_variables'] ) ? array_merge( $this->_result['gtm_variables'], $gtmVariables ) : $gtmVariables; $tpl->setVariable( 'gtm_visitorvariables', $gtmToPush ); } return $tpl; }
public function r() { $userId = MMUsers::getCurrentUserId(); if (!empty($userId)) { $params = array( 'uuid' => $userId, 'h' => sha1( eZINI::instance( 'merck.ini' )->variable( 'TicketLogin', 'DESKey' ) . $userId ), 'context' => '/', ); $url = '/service/relog?' . http_build_query($params); return array( 'errorCode' => 0, 'redirectUrl' => $url, ); } else { return array( 'errorCode' => 0, 'redirectUrl' => '/', ); } }
/** * @param int $courseId */ public static function redirectCertificateGeneratedUrl( $courseId ) { if( is_null($courseId) || !($user = MMUsers::getCurrentUserObject()) ) { return false; } $userData = self::readUserData(); $countryId = self::getProperCountryId( $user ); $parameters = array( 'UserID' => $user->attribute('uuid'), 'CourseID' => $courseId, 'CountryID' => $countryId, 'FirstName' => $userData['FirstName'], 'LastName' => $userData['LastName'], 'UserAddress' => $userData['UserAddress'], ); eZLog::write('userId: ' . $user->attribute('uuid'), 'mycertificates.log'); eZLog::write('currentUserId: ' . MMUsers::getCurrentUserId(), 'mycertificates.log'); eZLog::write('courseId: ' . $courseId, 'mycertificates.log'); eZLog::write('readUsersData: ' . var_export($userData,true), 'mycertificates.log'); eZLog::write('countryId: ' . $countryId); eZLog::write('sentParams: ' . var_export($parameters,true), 'mycertificates.log'); try { $command = self::getWebserviceClient()->getCommand('GenerateCertificateURL', $parameters); $command->prepare(); $redirectUrl = self::extractDataGeneratedUrl($command->getResponse()->xml()); eZLog::write('redirectUrl: ' . $redirectUrl, 'mycertificates.log'); header( "Location: $redirectUrl" ); } catch (Exception $e) { echo $e->getMessage(); } eZExecution::cleanExit(); }