/** * Ensure that this page is available to the user. */ function validate() { parent::validate(true); if (!Validation::isJournalManager()) { Validation::redirectLogin(); } }
/** * Validate that user has admin privileges and is not trying to access the admin module with a journal selected. * Redirects to the user index page if not properly authenticated. */ function validate() { parent::validate(); if (!Validation::isSiteAdmin() || Request::getRequestedJournalPath() != 'index') { Validation::redirectLogin(); } }
/** * @see ReportPlugin::display() */ function display(&$args, &$request) { parent::display($args, $request); $journal =& $request->getJournal(); if (!Validation::isSiteAdmin()) { Validation::redirectLogin(); } $this->setBreadcrumbs(); if ($request->getUserVar('type')) { $oldStats = (bool) $request->getUserVar('useOldCounterStats'); $year = (string) $request->getUserVar('year'); $type = (string) $request->getUserVar('type'); switch ($type) { case 'report': $this->_report($request, $year, $oldStats); break; case 'reportxml': $this->_reportXml($request, $year, $oldStats); break; case 'sushixml': $this->_sushiXML($oldStats); break; } } else { $years = $this->_getYears(); $legacyYears = $this->_getYears(true); $templateManager =& TemplateManager::getManager(); $templateManager->assign('years', $years); if (!empty($legacyYears)) { $templateManager->assign('legacyYears', $legacyYears); } $templateManager->display($this->getTemplatePath() . 'index.tpl'); } }
/** * Validate that user is logged in. * Redirects to login form if not logged in. * @param $loginCheck boolean check if user is logged in */ function validate($loginCheck = true) { parent::validate(); if ($loginCheck && !Validation::isLoggedIn()) { Validation::redirectLogin(); } }
/** * Validate that user is a copyeditor in the selected journal. * Redirects to user index page if not properly authenticated. */ function validate() { parent::validate(); $journal =& Request::getJournal(); if (!isset($journal) || !Validation::isCopyeditor($journal->getJournalId())) { Validation::redirectLogin(); } }
/** * Validate that user has author permissions in the selected journal. * Redirects to user index page if not properly authenticated. */ function validate($reason = null) { parent::validate(); $journal =& Request::getJournal(); if (!isset($journal) || !Validation::isAuthor($journal->getJournalId())) { Validation::redirectLogin($reason); } return array(&$journal); }
function index($args) { import('classes.payment.ojs.OJSPaymentManager'); $paymentManager =& OJSPaymentManager::getManager(); $journal =& Request::getJournal(); if (!Validation::isLoggedIn()) { Validation::redirectLogin("payment.loginRequired.forDonation"); } $user =& Request::getUser(); $queuedPayment =& $paymentManager->createQueuedPayment($journal->getId(), PAYMENT_TYPE_DONATION, $user->getId(), 0, 0); $queuedPaymentId = $paymentManager->queuePayment($queuedPayment); $paymentManager->displayPaymentForm($queuedPaymentId, $queuedPayment); }
/** * If no conference is selected, display list of conferences. * Otherwise, display the index page for the selected conference. */ function index() { $this->validate(); $conference = Request::getConference(); $user = Request::getUser(); if ($conference) { $rtDao =& DAORegistry::getDAO('RTDAO'); $rt = $rtDao->getConferenceRTByConference($conference); if (isset($rt)) { $version = $rtDao->getVersion($rt->getVersion(), $conference->getId()); } // Display the administration menu for this conference. $this->setupTemplate(); $templateMgr =& TemplateManager::getManager(); $templateMgr->assign('helpTopicId', 'conference.generalManagement.readingTools'); $templateMgr->assign('versionTitle', isset($version) ? $version->getTitle() : null); $templateMgr->assign('enabled', $rt->getEnabled()); $templateMgr->display('rtadmin/index.tpl'); } elseif ($user) { // Display a list of conferences. $conferenceDao =& DAORegistry::getDAO('ConferenceDAO'); $roleDao =& DAORegistry::getDAO('RoleDAO'); $conferences = array(); $allConferences =& $conferenceDao->getConferences(); $allConferences =& $allConferences->toArray(); foreach ($allConferences as $conference) { if ($roleDao->roleExists($conference->getId(), 0, $user->getId(), ROLE_ID_CONFERENCE_MANAGER)) { $conferences[] = $conference; } } $this->setupTemplate(); $templateMgr =& TemplateManager::getManager(); $templateMgr->assign_by_ref('conferences', $conferences); $templateMgr->assign('helpTopicId', 'conference.generalManagement.readingTools'); $templateMgr->display('rtadmin/conferences.tpl'); } else { // Not logged in. Validation::redirectLogin(); } }
/** * If no journal is selected, display list of journals. * Otherwise, display the index page for the selected journal. */ function index() { $this->validate(); $journal = Request::getJournal(); $user = Request::getUser(); if ($journal) { $rtDao =& DAORegistry::getDAO('RTDAO'); $rt = $rtDao->getJournalRTByJournal($journal); if (isset($rt)) { $version = $rtDao->getVersion($rt->getVersion(), $journal->getId()); } // Display the administration menu for this journal. $this->setupTemplate(); $templateMgr =& TemplateManager::getManager(); $templateMgr->assign('helpTopicId', 'journal.managementPages.readingTools'); $templateMgr->assign('versionTitle', isset($version) ? $version->getTitle() : null); $templateMgr->assign('enabled', $rt->getEnabled()); $templateMgr->display('rtadmin/index.tpl'); } elseif ($user) { // Display a list of journals. $journalDao =& DAORegistry::getDAO('JournalDAO'); $roleDao =& DAORegistry::getDAO('RoleDAO'); $journals = array(); $allJournals =& $journalDao->getJournals(); $allJournals =& $allJournals->toArray(); foreach ($allJournals as $journal) { if ($roleDao->roleExists($journal->getId(), $user->getId(), ROLE_ID_JOURNAL_MANAGER)) { $journals[] = $journal; } } $this->setupTemplate(); $templateMgr =& TemplateManager::getManager(); $templateMgr->assign_by_ref('journals', $journals); $templateMgr->assign('helpTopicId', 'journal.managementPages.readingTools'); $templateMgr->display('rtadmin/journals.tpl'); } else { // Not logged in. Validation::redirectLogin(); } }
/** * If no journal is selected, display list of journals. * Otherwise, display the index page for the selected journal. */ function index($args, $request) { $this->validate(); $journal = $request->getJournal(); $user = $request->getUser(); if ($journal) { $rtDao = DAORegistry::getDAO('RTDAO'); $rt = $rtDao->getJournalRTByJournal($journal); if (isset($rt)) { $version = $rtDao->getVersion($rt->getVersion(), $journal->getId()); } // Display the administration menu for this journal. $this->setupTemplate($request); $templateMgr = TemplateManager::getManager($request); $templateMgr->assign('versionTitle', isset($version) ? $version->getTitle() : null); $templateMgr->assign('enabled', $rt->getEnabled()); $templateMgr->display('rtadmin/index.tpl'); } elseif ($user) { // Display a list of journals. $journalDao = DAORegistry::getDAO('JournalDAO'); $roleDao = DAORegistry::getDAO('RoleDAO'); $journals = array(); $allJournals = $journalDao->getAll(); $allJournals = $allJournals->toArray(); foreach ($allJournals as $journal) { if ($roleDao->userHasRole($journal->getId(), $user->getId(), ROLE_ID_MANAGER)) { $journals[] = $journal; } } $this->setupTemplate($request); $templateMgr = TemplateManager::getManager($request); $templateMgr->assign('journals', $journals); $templateMgr->display('rtadmin/journals.tpl'); } else { // Not logged in. Validation::redirectLogin(); } }
/** * Validate that user is a section editor in the selected journal. * Redirects to user index page if not properly authenticated. */ function validate() { parent::validate(); $journal =& Request::getJournal(); // FIXME This is kind of evil $page = Request::getRequestedPage(); if (!isset($journal) || $page == 'sectionEditor' && !Validation::isSectionEditor($journal->getJournalId()) || $page == 'editor' && !Validation::isEditor($journal->getJournalId())) { Validation::redirectLogin(); } }
/** * Validate that user is a track director in the selected conference. * Redirects to user index page if not properly authenticated. */ function validate($request) { parent::validate(); $conference =& $request->getConference(); $schedConf =& $request->getSchedConf(); $page = $request->getRequestedPage(); if (!isset($conference) || !isset($schedConf)) { Validation::redirectLogin(); } if ($page == ROLE_PATH_TRACK_DIRECTOR && !Validation::isTrackDirector($conference->getId(), $schedConf->getId())) { Validation::redirectLogin(); } if ($page == ROLE_PATH_DIRECTOR && !Validation::isDirector($conference->getId(), $schedConf->getId())) { Validation::redirectLogin(); } }
/** * Ensure that we have a journal, plugin is enabled, and user is editor. */ function authorize(&$request, &$args, $roleAssignments) { $journal =& $request->getJournal(); if (!isset($journal)) { return false; } $bfrPlugin =& PluginRegistry::getPlugin('generic', BOOKS_FOR_REVIEW_PLUGIN_NAME); if (!isset($bfrPlugin)) { return false; } if (!$bfrPlugin->getEnabled()) { return false; } if (!Validation::isEditor($journal->getId())) { Validation::redirectLogin(); } return parent::authorize($request, $args, $roleAssignments); }
/** * Display an authorization denied message. * @param $args array * @param $request Request */ function authorizationDenied($args, $request) { if (!Validation::isLoggedIn()) { Validation::redirectLogin(); } // Get message with sanity check (for XSS or phishing) $authorizationMessage = $request->getUserVar('message'); if (!preg_match('/^[a-zA-Z0-9.]+$/', $authorizationMessage)) { fatalError('Invalid locale key for auth message.'); } $this->setupTemplate($request); AppLocale::requireComponents(LOCALE_COMPONENT_PKP_USER); $templateMgr = TemplateManager::getManager($request); $templateMgr->assign('message', $authorizationMessage); return $templateMgr->display('common/message.tpl'); }
/** * Validate that user has permissions to manage the selected journal. * Redirects to user index page if not properly authenticated. */ function validate() { parent::validate(); $journal =& Request::getJournal(); if (!$journal || !Validation::isJournalManager() && !Validation::isSiteAdmin()) { Validation::redirectLogin(); } }
/** * Determines whether or not a user can view an issue galley. * @param $request Request */ function userCanViewGalley($request) { import('classes.issue.IssueAction'); $issueAction = new IssueAction(); $journal = $request->getJournal(); $user = $request->getUser(); $userId = $user ? $user->getId() : 0; $issue = $this->getAuthorizedContextObject(ASSOC_TYPE_ISSUE); $galley = $this->getGalley(); // If this is an editorial user who can view unpublished issue galleys, // bypass further validation if ($issueAction->allowedIssuePrePublicationAccess($journal)) { return true; } // Ensure reader has rights to view the issue galley if ($issue->getPublished()) { $subscriptionRequired = $issueAction->subscriptionRequired($issue); $isSubscribedDomain = $issueAction->subscribedDomain($journal, $issue->getId()); // Check if login is required for viewing. if (!$isSubscribedDomain && !Validation::isLoggedIn() && $journal->getSetting('restrictArticleAccess')) { Validation::redirectLogin(); } // If no domain/ip subscription, check if user has a valid subscription // or if the user has previously purchased the issue if (!$isSubscribedDomain && $subscriptionRequired) { // Check if user has a valid subscription $subscribedUser = $issueAction->subscribedUser($journal, $issue->getId()); if (!$subscribedUser) { // Check if payments are enabled, import('classes.payment.ojs.OJSPaymentManager'); $paymentManager = new OJSPaymentManager($request); if ($paymentManager->purchaseIssueEnabled() || $paymentManager->membershipEnabled()) { // If only pdf files are being restricted, then approve all non-pdf galleys // and continue checking if it is a pdf galley if ($paymentManager->onlyPdfEnabled() && !$galley->isPdfGalley()) { return true; } if (!Validation::isLoggedIn()) { Validation::redirectLogin("payment.loginRequired.forIssue"); } // If the issue galley has been purchased, then allow reader access $completedPaymentDao = DAORegistry::getDAO('OJSCompletedPaymentDAO'); $dateEndMembership = $user->getSetting('dateEndMembership', 0); if ($completedPaymentDao->hasPaidPurchaseIssue($userId, $issue->getId()) || !is_null($dateEndMembership) && $dateEndMembership > time()) { return true; } else { // Otherwise queue an issue purchase payment and display payment form $queuedPayment =& $paymentManager->createQueuedPayment($journal->getId(), PAYMENT_TYPE_PURCHASE_ISSUE, $userId, $issue->getId(), $journal->getSetting('purchaseIssueFee')); $queuedPaymentId = $paymentManager->queuePayment($queuedPayment); $paymentManager->displayPaymentForm($queuedPaymentId, $queuedPayment); exit; } } if (!Validation::isLoggedIn()) { Validation::redirectLogin("reader.subscriptionRequiredLoginText"); } $request->redirect(null, 'about', 'subscriptions'); } } } else { $request->redirect(null, 'index'); } return true; }
/** * @copydoc PKPRouter::handleAuthorizationFailure() */ function handleAuthorizationFailure($request, $authorizationMessage) { // Redirect to the authorization denied page. if (!$request->getUser()) { Validation::redirectLogin(); } $request->redirect(null, 'user', 'authorizationDenied', null, array('message' => $authorizationMessage)); }
/** * Perform data integrity checks. * * This method will be called once for every request only. * * NB: Any kind of authorization check is now deprecated * within this method. This method is purely meant for data * integrity checks that do not lead to denial of access * to resources (e.g. via redirect) like handler operations * or data objects. * * @param $requiredContexts array * @param $request Request */ function validate($requiredContexts = null, $request = null) { // FIXME: for backwards compatibility only - remove when request/router refactoring complete if (!isset($request)) { // FIXME: Trigger a deprecation warning when enough instances of this // call have been fixed to not clutter the error log. $request =& Registry::get('request'); } foreach ($this->_checks as $check) { // Using authorization checks in the validate() method is deprecated // FIXME: Trigger a deprecation warning. // WARNING: This line is for PHP4 compatibility when // instantiating handlers without reference. Should not // be removed or otherwise used. // See <http://pkp.sfu.ca/wiki/index.php/Information_for_Developers#Use_of_.24this_in_the_constructor> // for a similar problem. $check->_setHandler($this); // check should redirect on fail and continue on pass // default action is to redirect to the index page on fail if (!$check->isValid()) { if ($check->redirectToLogin) { Validation::redirectLogin(); } else { // An unauthorized page request will be re-routed // to the index page. $request->redirect(null, 'index'); } } } return true; }
/** * Validation * @see lib/pkp/classes/handler/PKPHandler#validate() * @param $request Request * @param $issueId int * @param $galleyId int */ function validate($request, $issueId = null, $galleyId = null) { $returner = parent::validate(null, $request); // Validate requests that don't specify an issue or galley if (!$issueId && !$galleyId) { return $returner; } // Require an issue id to continue if (!$issueId) { $request->redirect(null, 'index'); } import('classes.issue.IssueAction'); $journal =& $request->getJournal(); $journalId = $journal->getId(); $user =& $request->getUser(); $userId = $user ? $user->getId() : 0; $issue = null; $galley = null; // Get the issue $issueDao =& DAORegistry::getDAO('IssueDAO'); if ($journal->getSetting('enablePublicIssueId')) { $issue =& $issueDao->getIssueByBestIssueId($issueId, $journalId); } else { $issue =& $issueDao->getIssueById((int) $issueId, null, true); } // Invalid issue id, redirect to current issue if (!$issue || !$this->_isVisibleIssue($issue, $journalId)) { $request->redirect(null, null, 'current'); } $this->setIssue($issue); // If no issue galley id provided, then we're done if (!$galleyId) { return true; } // Get the issue galley $galleyDao =& DAORegistry::getDAO('IssueGalleyDAO'); if ($journal->getSetting('enablePublicGalleyId')) { $galley =& $galleyDao->getGalleyByBestGalleyId($galleyId, $issue->getId()); } else { $galley =& $galleyDao->getGalley($galleyId, $issue->getId()); } // Invalid galley id, redirect to issue page if (!$galley) { $request->redirect(null, null, 'view', $issueId); } $this->setGalley($galley); // If this is an editorial user who can view unpublished issue galleys, // bypass further validation if (IssueAction::allowedIssuePrePublicationAccess($journal)) { return true; } // Ensure reader has rights to view the issue galley if ($issue->getPublished()) { $subscriptionRequired = IssueAction::subscriptionRequired($issue); $isSubscribedDomain = IssueAction::subscribedDomain($journal, $issueId); // Check if login is required for viewing. if (!$isSubscribedDomain && !Validation::isLoggedIn() && $journal->getSetting('restrictArticleAccess')) { Validation::redirectLogin(); } // If no domain/ip subscription, check if user has a valid subscription // or if the user has previously purchased the issue if (!$isSubscribedDomain && $subscriptionRequired) { // Check if user has a valid subscription $subscribedUser = IssueAction::subscribedUser($journal, $issueId); if (!$subscribedUser) { // Check if payments are enabled, import('classes.payment.ojs.OJSPaymentManager'); $paymentManager = new OJSPaymentManager($request); if ($paymentManager->purchaseIssueEnabled() || $paymentManager->membershipEnabled()) { // If only pdf files are being restricted, then approve all non-pdf galleys // and continue checking if it is a pdf galley if ($paymentManager->onlyPdfEnabled() && !$galley->isPdfGalley()) { return true; } if (!Validation::isLoggedIn()) { Validation::redirectLogin("payment.loginRequired.forIssue"); } // If the issue galley has been purchased, then allow reader access $completedPaymentDao =& DAORegistry::getDAO('OJSCompletedPaymentDAO'); $dateEndMembership = $user->getSetting('dateEndMembership', 0); if ($completedPaymentDao->hasPaidPurchaseIssue($userId, $issueId) || !is_null($dateEndMembership) && $dateEndMembership > time()) { return true; } else { // Otherwise queue an issue purchase payment and display payment form $queuedPayment =& $paymentManager->createQueuedPayment($journalId, PAYMENT_TYPE_PURCHASE_ISSUE, $userId, $issueId, $journal->getSetting('purchaseIssueFee')); $queuedPaymentId = $paymentManager->queuePayment($queuedPayment); $templateMgr =& TemplateManager::getManager(); $paymentManager->displayPaymentForm($queuedPaymentId, $queuedPayment); exit; } } if (!Validation::isLoggedIn()) { Validation::redirectLogin("reader.subscriptionRequiredLoginText"); } $request->redirect(null, 'about', 'subscriptions'); } } } else { $request->redirect(null, 'index'); } return true; }
/** * Validation * @see lib/pkp/classes/handler/PKPHandler#validate() * @param $request Request * @param $paperId integer * @param $galleyId integer */ function validate(&$request, $paperId, $galleyId = null) { $router =& $request->getRouter(); parent::validate(null, $request); $conference =& $router->getContext($request, CONTEXT_CONFERENCE); $schedConf =& $router->getContext($request, CONTEXT_SCHED_CONF); $conferenceId = $conference->getId(); $publishedPaperDao = DAORegistry::getDAO('PublishedPaperDAO'); if ($schedConf->getSetting('enablePublicPaperId')) { $paper =& $publishedPaperDao->getPublishedPaperByBestPaperId($schedConf->getId(), $paperId, $schedConf->getSetting('previewAbstracts') ? true : false); } else { $paper =& $publishedPaperDao->getPublishedPaperByPaperId((int) $paperId, $schedConf->getId(), $schedConf->getSetting('previewAbstracts') ? true : false); } // if paper does not exist, is not published, or is not part of // the right conference & sched conf, redirect to index. if (isset($schedConf) && isset($paper) && isset($conference) && $paper->getSchedConfId() == $schedConf->getId() && $schedConf->getConferenceId() == $conference->getId()) { // Check if login is required for viewing. if (!Validation::isLoggedIn() && $schedConf->getSetting('restrictPaperAccess')) { Validation::redirectLogin(); } import('classes.schedConf.SchedConfAction'); $mayViewPaper = SchedConfAction::mayViewPapers($schedConf, $conference); if (isset($galleyId) && $galleyId != 0 && !$mayViewPaper || (!isset($galleyId) || $galleyId == 0) && !SchedConfAction::mayViewProceedings($schedConf)) { $this->setupTemplate($request); $templateMgr =& TemplateManager::getManager($request); $templateMgr->assign_by_ref('paper', $paper); $templateMgr->assign_by_ref('schedConf', $schedConf); $templateMgr->assign_by_ref('conference', $conference); $templateMgr->display('paper/accessDenied.tpl'); exit; } } else { $request->redirect(null, null, 'index'); } $this->paper =& $paper; return true; }
function implicitAuth($hookname, $args) { // Set retuser to point to the user that was passed by reference $retuser =& $args[0]; // Get the name of the field to use a UIN (primary key) from config file $uin = Config::getVar('security', 'implicit_auth_header_uin'); // For TDL this is HTTP_TDL_TDLUID if ($uin == "") { die("Implicit Auth enabled in config file - but implicit_auth_uin not defined."); } // If we can't find the user's UIN - this is a problem - send back to login screen (for the lack of something better to do) if (!isset($_SERVER[$uin])) { syslog(LOG_ERR, "Implicit Auth enabled in config file - but expected header variables not found."); Validation::logout(); Validation::redirectLogin(); } // Get the header variable indicated by the config variable $uid = $_SERVER[$uin]; // If we dont have a UIN in the header then we can't continue - so send them back to the login screen. if ($uid == null) { Validation::logout(); Validation::redirectLogin(); } // Get email from header -- after consulting the map $email_key = Config::getVar('security', 'implicit_auth_header_email'); if ($email_key == "") { die("Implicit Auth enabled in config file - but email is not defined."); } $email = $_SERVER[$email_key]; // Get the user dao - so we can look up the user $userDao =& DAORegistry::getDAO('UserDAO'); // Get user by auth string $user =& $userDao->getUserByAuthStr($uid, true); if (isset($user)) { syslog(LOG_ERR, "Found user by uid: " . $uid . " Returning user."); syslog(LOG_ERR, "Users UID: " . $user->getAuthStr()); // Go see if this user should be an admin ShibAuthPlugin::implicitAuthAdmin($user->getId(), $user->getAuthStr()); $retuser = $user; syslog(LOG_ERR, " In ShibAuthPlugin username: "******"") { unset($user); die("Implicit Auth: New email with existing UID"); } $user->setAuthStr($uid); $userDao->updateObject($user); // Go see if this user should be made an admin ShibAuthPlugin::implicitAuthAdmin($user->getId(), $user->getAuthStr()); $retuser = $user; return true; } // User not found via UID or by email - so they are new - so just create them $user = $this->registerUserFromShib(); // Go see if this new user should be made an admin ShibAuthPlugin::implicitAuthAdmin($user->getId(), $user->getAuthStr()); $retuser = $user; return true; }
/** * Validation */ function validate($articleId, $galleyId = null) { parent::validate(true); import('issue.IssueAction'); $journal =& Request::getJournal(); $journalId = $journal->getJournalId(); $article = $publishedArticle = $issue = null; $publishedArticleDao =& DAORegistry::getDAO('PublishedArticleDAO'); if ($journal->getSetting('enablePublicArticleId')) { $publishedArticle =& $publishedArticleDao->getPublishedArticleByBestArticleId($journalId, $articleId); } else { $publishedArticle =& $publishedArticleDao->getPublishedArticleByArticleId((int) $articleId, $journalId); } $issueDao =& DAORegistry::getDAO('IssueDAO'); if (isset($publishedArticle)) { $issue =& $issueDao->getIssueByArticleId($publishedArticle->getArticleId(), $journalId); } else { $articleDao =& DAORegistry::getDAO('ArticleDAO'); $article =& $articleDao->getArticle((int) $articleId, $journalId); } // If this is an editorial user who can view unpublished/unscheduled // articles, bypass further validation. if (($article || $publishedArticle) && IssueAction::allowedPrePublicationAccess($journal)) { return array($journal, $issue, $publishedArticle ? $publishedArticle : $article); } // Make sure the reader has rights to view the article/issue. if ($issue && $issue->getPublished()) { $subscriptionRequired = IssueAction::subscriptionRequired($issue); $isSubscribedDomain = IssueAction::subscribedDomain($journal, $issue->getIssueId(), $articleId); // Check if login is required for viewing. if (!$isSubscribedDomain && !Validation::isLoggedIn() && $journal->getSetting('restrictArticleAccess') && isset($galleyId) && $galleyId != 0) { Validation::redirectLogin(); } // bypass all validation if subscription based on domain or ip is valid // or if the user is just requesting the abstract if (!$isSubscribedDomain && $subscriptionRequired && (isset($galleyId) && $galleyId != 0)) { // Subscription Access $subscribedUser = IssueAction::subscribedUser($journal, $issue->getIssueId(), $articleId); if (!(!$subscriptionRequired || $publishedArticle->getAccessStatus() || $subscribedUser)) { // if payment information is enabled, import('payment.ojs.OJSPaymentManager'); $paymentManager =& OJSPaymentManager::getManager(); if ($paymentManager->purchaseArticleEnabled() || $paymentManager->membershipEnabled()) { /* if only pdf files are being restricted, then approve all non-pdf galleys * and continue checking if it is a pdf galley */ if ($paymentManager->onlyPdfEnabled()) { $galleyDAO =& DAORegistry::getDAO('ArticleGalleyDAO'); $galley =& $galleyDAO->getGalley($galleyId, $articleId); if ($galley && !$galley->isPdfGalley()) { return array($journal, $issue, $publishedArticle); } } if (!Validation::isLoggedIn()) { Validation::redirectLogin("payment.loginRequired.forArticle"); } $user =& Request::getUser(); $userId = $user->getUserId(); /* if the article has been paid for then forget about everything else * and just let them access the article */ $completedPaymentDAO =& DAORegistry::getDAO('OJSCompletedPaymentDAO'); if ($completedPaymentDAO->hasPaidPerViewArticle($userId, $articleId) || !is_null($user->getDateEndMembership()) && strtotime($user->getDateEndMembership()) > time()) { return array($journal, $issue, $publishedArticle); } else { $queuedPayment =& $paymentManager->createQueuedPayment($journalId, PAYMENT_TYPE_PURCHASE_ARTICLE, $user->getUserId(), $articleId, $journal->getSetting('purchaseArticleFee')); $queuedPaymentId = $paymentManager->queuePayment($queuedPayment); $templateMgr =& TemplateManager::getManager(); $paymentManager->displayPaymentForm($queuedPaymentId, $queuedPayment); exit; } } if (!isset($galleyId) || $galleyId) { if (!Validation::isLoggedIn()) { Validation::redirectLogin("reader.subscriptionRequiredLoginText"); } Request::redirect(null, 'about', 'subscriptions'); } } } } else { Request::redirect(null, 'index'); } return array($journal, $issue, $publishedArticle); }
/** * Perform request access validation based on security settings. * * This method will be called once for every request only. * * NB (non-page controllers only): The component router will call * this method automatically thereby enforcing validation. This * method will be call directly before the initialize() method. * * @param $requiredContexts array * @param $request Request */ function validate($requiredContexts = null, $request = null) { // FIXME: for backwards compatibility only - remove when request/router refactoring complete if (!isset($request)) { if (Config::getVar('debug', 'deprecation_warnings')) { trigger_error('Deprecated function call.'); } $request =& Registry::get('request'); } foreach ($this->_checks as $check) { // WARNING: This line is for PHP4 compatibility when // instantiating handlers without reference. Should not // be removed or otherwise used. // See <http://pkp.sfu.ca/wiki/index.php/Information_for_Developers#Use_of_.24this_in_the_constructor> // for a similar proplem. $check->_setHandler($this); // check should redirect on fail and continue on pass // default action is to redirect to the index page on fail if (!$check->isValid()) { $router =& $request->getRouter(); if (is_a($router, 'PKPPageRouter')) { if ($check->redirectToLogin) { Validation::redirectLogin(); } else { // An unauthorized page request will be re-routed // to the index page. $request->redirect(null, 'index'); } } else { // Sub-controller requests should always be sufficiently // authorized and valid when being called from a // page. Otherwise we either hit a development error // or somebody is trying to fake component calls. // In both cases raising a fatal error is appropriate. // NB: The check's redirection flag will be ignored // for sub-controller requests. if (!empty($check->message)) { fatalError($check->message); } else { fatalError('Unauthorized access!'); } } } } return true; }
/** * Validation */ function validate($paperId) { parent::validate(); $conference =& Request::getConference(); $schedConf =& Request::getSchedConf(); $publishedPaperDao =& DAORegistry::getDAO('PublishedPaperDAO'); $paper =& $publishedPaperDao->getPublishedPaperByPaperId($paperId, $schedConf->getId(), $schedConf->getSetting('previewAbstracts')); $this->paper =& $paper; if ($paper == null) { Request::redirect(null, null, 'index'); } // Bring in comment and view constants $commentDao =& DAORegistry::getDAO('CommentDAO'); $enableComments = $conference->getSetting('enableComments'); if (!$enableComments || !$paper->getEnableComments()) { Request::redirect(null, null, 'index'); } $restrictPaperAccess = $conference->getSetting('restrictPaperAccess'); if ($restrictPaperAccess && !Validation::isLoggedIn()) { Validation::redirectLogin(); } return true; }
/** * Validate that user is an editor in the selected journal and if the issue id is valid * Redirects to issue create issue page if not properly authenticated. * NOTE: As of OJS 2.2, Layout Editors are allowed if specified in args. */ function validate($issueId = null, $allowLayoutEditor = false) { $issue = null; $journal =& Request::getJournal(); if (!isset($journal)) { Validation::redirectLogin(); } if (isset($issueId)) { $issueDao =& DAORegistry::getDAO('IssueDAO'); $issue = $issueDao->getIssueById($issueId, $journal->getJournalId()); if (!$issue) { Request::redirect(null, null, 'createIssue'); } } if (!Validation::isEditor($journal->getJournalId())) { if (isset($journal) && $allowLayoutEditor && Validation::isLayoutEditor($journal->getJournalId())) { // We're a Layout Editor. If specified, make sure that the issue is not published. if ($issue && !$issue->getPublished()) { Validation::redirectLogin(); } } else { Validation::redirectLogin(); } } return $issue; }
/** * Validate that user has site admin privileges or journal manager priveleges. * Redirects to the user index page if not properly authenticated. * @param $canRedirect boolean Whether or not to redirect if the user cannot be validated; if not, the script simply terminates. */ function validate($canRedirect = true) { parent::validate(); $journal =& Request::getJournal(); if (!Validation::isSiteAdmin()) { if ($canRedirect) { Validation::redirectLogin(); } else { exit; } } $plugin =& Registry::get('plugin'); $this->plugin =& $plugin; return true; }
/** * Determines whether a user can view this article galley or not. * @param $request Request * @param $articleId string * @param $galleyId int or string */ function userCanViewGalley($request, $articleId, $galleyId = null) { import('classes.issue.IssueAction'); $issueAction = new IssueAction(); $journal = $request->getJournal(); $publishedArticle = $this->article; $issue = $this->issue; $journalId = $journal->getId(); $user = $request->getUser(); $userId = $user ? $user->getId() : 0; // If this is an editorial user who can view unpublished/unscheduled // articles, bypass further validation. Likewise for its author. if ($publishedArticle && $issueAction->allowedPrePublicationAccess($journal, $publishedArticle)) { return true; } // Make sure the reader has rights to view the article/issue. if ($issue && $issue->getPublished() && $publishedArticle->getStatus() == STATUS_PUBLISHED) { $subscriptionRequired = $issueAction->subscriptionRequired($issue); $isSubscribedDomain = $issueAction->subscribedDomain($journal, $issue->getId(), $publishedArticle->getId()); // Check if login is required for viewing. if (!$isSubscribedDomain && !Validation::isLoggedIn() && $journal->getSetting('restrictArticleAccess') && isset($galleyId) && $galleyId) { Validation::redirectLogin(); } // bypass all validation if subscription based on domain or ip is valid // or if the user is just requesting the abstract if (!$isSubscribedDomain && $subscriptionRequired && (isset($galleyId) && $galleyId)) { // Subscription Access $subscribedUser = $issueAction->subscribedUser($journal, $issue->getId(), $publishedArticle->getId()); import('classes.payment.ojs.OJSPaymentManager'); $paymentManager = new OJSPaymentManager($request); $purchasedIssue = false; if (!$subscribedUser && $paymentManager->purchaseIssueEnabled()) { $completedPaymentDao = DAORegistry::getDAO('OJSCompletedPaymentDAO'); $purchasedIssue = $completedPaymentDao->hasPaidPurchaseIssue($userId, $issue->getId()); } if (!(!$subscriptionRequired || $publishedArticle->getAccessStatus() == ARTICLE_ACCESS_OPEN || $subscribedUser || $purchasedIssue)) { if ($paymentManager->purchaseArticleEnabled() || $paymentManager->membershipEnabled()) { /* if only pdf files are being restricted, then approve all non-pdf galleys * and continue checking if it is a pdf galley */ if ($paymentManager->onlyPdfEnabled()) { if ($this->galley && !$this->galley->isPdfGalley()) { $this->issue = $issue; $this->article = $publishedArticle; return true; } } if (!Validation::isLoggedIn()) { Validation::redirectLogin("payment.loginRequired.forArticle"); } /* if the article has been paid for then forget about everything else * and just let them access the article */ $completedPaymentDao = DAORegistry::getDAO('OJSCompletedPaymentDAO'); $dateEndMembership = $user->getSetting('dateEndMembership', 0); if ($completedPaymentDao->hasPaidPurchaseArticle($userId, $publishedArticle->getId()) || !is_null($dateEndMembership) && $dateEndMembership > time()) { $this->issue = $issue; $this->article = $publishedArticle; return true; } else { $queuedPayment = $paymentManager->createQueuedPayment($journalId, PAYMENT_TYPE_PURCHASE_ARTICLE, $user->getId(), $publishedArticle->getId(), $journal->getSetting('purchaseArticleFee')); $queuedPaymentId = $paymentManager->queuePayment($queuedPayment); $paymentManager->displayPaymentForm($queuedPaymentId, $queuedPayment); exit; } } if (!isset($galleyId) || $galleyId) { if (!Validation::isLoggedIn()) { Validation::redirectLogin('reader.subscriptionRequiredLoginText'); } $request->redirect(null, 'about', 'subscriptions'); } } } } else { $request->redirect(null, 'search'); } return true; }
/** * Validation * @param $request PKPRequest * @param $articleId int */ function validate(&$request, $articleId) { parent::validate(); $journal =& $request->getJournal(); $journalId = $journal->getId(); $journalSettingsDao =& DAORegistry::getDAO('JournalSettingsDAO'); $publishedArticleDao =& DAORegistry::getDAO('PublishedArticleDAO'); $article =& $publishedArticleDao->getPublishedArticleByArticleId($articleId); // Bring in comment constants $commentDao =& DAORegistry::getDAO('CommentDAO'); $enableComments = $journal->getSetting('enableComments'); if (!Validation::isLoggedIn() && $journalSettingsDao->getSetting($journalId, 'restrictArticleAccess') || $article && !$article->getEnableComments() || $enableComments != COMMENTS_ANONYMOUS && $enableComments != COMMENTS_AUTHENTICATED && $enableComments != COMMENTS_UNAUTHENTICATED) { Validation::redirectLogin(); } // Subscription Access $issueDao =& DAORegistry::getDAO('IssueDAO'); $issue =& $issueDao->getIssueByArticleId($articleId); if (isset($issue) && isset($article)) { import('classes.issue.IssueAction'); $subscriptionRequired = IssueAction::subscriptionRequired($issue); $subscribedUser = IssueAction::subscribedUser($journal, $issue->getId(), $articleId); if (!(!$subscriptionRequired || $article->getAccessStatus() == ARTICLE_ACCESS_OPEN || $subscribedUser)) { $request->redirect(null, 'index'); } } else { $request->redirect(null, 'index'); } $this->issue =& $issue; $this->article =& $article; return true; }
function survey() { if (Validation::isLoggedIn() === FALSE) { Validation::redirectLogin(); } $this->addCheck(new HandlerValidatorSchedConf($this)); $this->validate(); $conference =& Request::getConference(); $schedConf =& Request::getSchedConf(); $id = Request::getUserVar('id'); $navItems = $conference->getLocalizedSetting('navItems'); $navItem = $navItems[intval($id)]; $title = $navItem["name"]; $templateMgr =& TemplateManager::getManager(); //$templateMgr->assign('pageHierarchy', array( // array(Request::url(null, 'index', 'index'), $conference->getConferenceTitle(), true), // array(Request::url(null, null, 'index'), $schedConf->getSchedConfTitle(), true))); SchedConfHandler::setupTemplate($conference, $schedConf); //AppLocale::requireComponents(array(LOCALE_COMPONENT_OCS_DIRECTOR)); // FIXME: director.allTracks $templateMgr->assign('pageHierarchyRoot', true); $templateMgr->assign('pageHierarchy', array(array(Request::url(null, $conference->getSetting('path'), 'index'), AppLocale::Translate('navigation.home'), true), array(Request::url(null, null, 'index'), $title, true))); //$data = Request::getUserVar('data'); $user = Request::getUser(); if ($user) { $settingKey = 'survey_' . $conference->getId() . "_" . $id; if (Request::getUserVar('save') !== null) { $data = Request::getUserVar('data'); $user->updateSetting($settingKey, $data, 'string', $conference->getId()); } else { $data = $user->getSetting($settingKey); } } if (!$data) { $data = '{}'; } $templateMgr->assign('title', $title); $templateMgr->assign('survey', $navItem["survey"]); $templateMgr->assign('data', $data); $templateMgr->assign('helpTopicId', 'conference.currentConferences.survey'); $templateMgr->display('schedConf/survey.tpl'); }
/** * Perform data integrity checks. * * This method will be called once for every request only. * * NB: Any kind of authorization check is now deprecated * within this method. This method is purely meant for data * integrity checks that do not lead to denial of access * to resources (e.g. via redirect) like handler operations * or data objects. * * @param $requiredContexts array * @param $request Request */ function validate($requiredContexts = null, $request = null) { // FIXME: for backwards compatibility only - remove when request/router refactoring complete if (!isset($request)) { $request =& Registry::get('request'); if (Config::getVar('debug', 'deprecation_warnings')) { trigger_error('Deprecated call without request object.'); } } foreach ($this->_checks as $check) { // Using authorization checks in the validate() method is deprecated // FIXME: Trigger a deprecation warning. // check should redirect on fail and continue on pass // default action is to redirect to the index page on fail if (!$check->isValid()) { if ($check->redirectToLogin) { Validation::redirectLogin(); } else { // An unauthorized page request will be re-routed // to the index page. $request->redirect(null, 'index'); } } } return true; }