/** * Returns an instance of an RPG_Auth subclass, given the username, * password, and an adapter class name. If the adapter is not given, * it will use the authAdapter setting as defined in config.php. * * @param string $username * @param string $password * @param string $adapter * @return RPG_Auth subclass */ public static function factory($username, $password, $adapter = null) { if ($adapter === null) { $adapter = RPG::config('authAdapter'); } if (is_string($adapter) and class_exists($adapter) and is_subclass_of($adapter, 'RPG_Auth')) { return new $adapter($username, $password); } }
/** * Initializes the session instance. Sets up the save handler, proper * cookie params, and starts the session. */ public function __construct() { // use sha1 hashing, 5 bits per character (160/5 = 32 bytes) ini_set('session.hash_function', '1'); ini_set('session.hash_bits_per_character', '5'); session_name('rpgsess'); // open, close, read, write, destroy, gc session_set_save_handler(array($this, 'open'), array($this, 'close'), array($this, 'read'), array($this, 'write'), array($this, 'destroy'), array($this, 'gc')); $params = session_get_cookie_params(); // lifetime, path, domain, secure, httponly session_set_cookie_params(RPG::config('sessionLifetime'), RPG::config('baseUrl') . '/', $params['domain'], $params['secure'], true); session_start(); $this->checkHash(); }
/** * Displays the source code of the given action name. * * @param string $actionName Name of the controller's action method. */ public function doDebugViewAction($actionName) { if (RPG::config('debug') === true and strpos($actionName, 'do') === 0) { $method = new ReflectionMethod($this, $actionName); $out = '<h2>' . $method->getDeclaringClass()->getName() . "::{$actionName}()</h2>\n" . '<a href="' . RPG::url('*/debug-list-actions') . '">« Action List</a><br /><br />'; $start = $method->getStartLine() - 1; $end = $method->getEndLine(); $file = file($method->getFileName()); $lines = array_slice($file, $start, $end - $start); $out .= "<pre>\n " . str_replace("\t", ' ', $method->getDocComment()) . "\n"; foreach ($lines as $line) { $out .= htmlentities(str_replace("\t", ' ', $line)); } $out .= '</pre>'; RPG::view()->setLayout('layouts/empty.php')->setContent($out); } }
/** * Logs the user out of the system. * * GET Parameters * - hash: string * - returnto: string */ public function doLogout() { $user = RPG::user(); $hash = RPG::input()->get('hash', 'string'); if ($hash === sha1($user->id . sha1($user->salt) . sha1($user->name) . sha1(RPG::config('cookieSalt')))) { $user->clearAutoLogin(); RPG::session()->regenerateId(); RPG::session()->loggedIn = false; RPG::session()->userId = 0; $user->setupGuest(); RPG::session()->setFlash('frontend_message', 'Logged out successfully.'); } else { RPG::session()->setFlash('frontend_error', 'Invalid logout hash.'); } $returnTo = urldecode(RPG::input()->get('returnto', 'string')); $query = array(); if (strpos($returnTo, '?') !== false) { list($path, $queryString) = explode('?', $returnTo); parse_str($queryString, $query); } else { $path = $returnTo; } RPG::view()->redirect($path, $query); }
/** * Generates a new autologin key, saves it to the database, and updates * the user's cookie. */ public function refreshAutoLogin() { $loginKey = sha1($this->_model->generateSalt(20)); $this->_model->updateAutoLogin($this->id, $loginKey, RPG_NOW); // set httponly cookie for 30 days $this->_input->setCookie('autologin', sha1($loginKey . RPG::config('cookieSalt')), 86400 * 30, true); $this->_input->setCookie('userid', $this->id, 86400 * 30, true); }
/** * Outputs the page to the browser. * * @todo In the future, have multiple output formats? XML, JSON, etc. */ public function render() { // set the styles/css/javascript, and render to $output $output = $this->getLayout()->set(array('styleSheets' => $this->_styleSheets, 'inlineCss' => $this->_inlineCss, 'scriptFiles' => $this->_scriptFiles, 'inlineScript' => $this->_inlineScript, 'navigation' => $this->_navigation, 'subNavigation' => $this->_subNavigation, 'navbits' => $this->_navbits))->render(); $gzworked = false; // gzip the output if we can. // headers can't be sent or else we won't be able to set content-encoding. // only gzipping if output is >1kb, make this configurable? if (RPG::config('usegzip') and !RPG::isRegistered('nogzip') and isset($_SERVER['HTTP_ACCEPT_ENCODING']) and strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== false and !headers_sent() and strlen($output) > 1024) { $output = $this->getGzippedText($output, $gzworked); } if (!headers_sent()) { // send encoding headers if gzip worked if ($gzworked) { header('Content-Encoding: gzip'); header('Vary: Accept-Encoding', false); } header('Content-Length: ' . strlen($output)); header('Cache-Control: private'); header('Pragma: private'); } echo $output; }
?> ">Admin CP</a> <a href="<?php echo $this->url('home'); ?> ">Home</a> <a href="#top">Top</a> </div> Crindigan Version <?php echo RPG_VERSION; ?> , Copyright © 2009-2010 Steven Harris </div> <?php if (RPG::config('debug') and !empty(RPG::$debugMessages)) { ?> <br /> <div class="block"> <div class="block-header">Debugging Output</div> <div class="block-body"> <ul> <?php foreach (RPG::$debugMessages as $__debug_msg) { echo '<li>', nl2br($__debug_msg), "</li>\n"; } ?> <li><a href="<?php echo $this->url('*/debug-list-actions'); ?> ">View Controller Actions</a></li>
/** * Returns the path info for the request. * * @param bool $includeQuery If true, does not remove the query string * @param bool $includeBase If true, does not remove the base path * @return string */ public function getPath($includeQuery = false, $includeBase = false) { // First we'll need a request URI $path = $_SERVER['REQUEST_URI']; if (isset($_SERVER['HTTP_HOST']) and strpos($path, $_SERVER['HTTP_HOST']) !== false) { $path = preg_replace('#^[^:]*://[^/]*/#', '/', $path); } // Remove the query string if it's present if (!$includeQuery and ($query = strpos($path, '?')) !== false) { $path = substr($path, 0, $query); } // Remove the base URL $baseUrl = RPG::config('baseUrl'); if (!$includeBase and !empty($baseUrl)) { $baseUrl = rtrim($baseUrl, '/'); $path = substr($path, strlen($baseUrl)); } $this->_path = $path; return $path; }
/** * Returns the path to the temporary file for the given session ID, using * the session path configured in the config file as a base. * * @param string $sessionId * @return string Path to temporary file: {$sessionPath}/sess_{$sessionId} */ protected function _getFile($sessionId) { return RPG::config('sessionPath') . '/sess_' . $sessionId; }