public function cbCheckFrontendPagePermissions($context) { $this->initialiseCookie(); ## Cookies only show up on page refresh. This flag helps in making sure the correct XML is being set $loggedin = false; $action = $_REQUEST['member-action']; if (trim($action) == 'logout') { $this->logout(); if (isset($_REQUEST['redirect'])) { redirect($_REQUEST['redirect']); } redirect(URL); } elseif (trim($action) == 'login') { $username = Symphony::Database()->cleanValue($_REQUEST['username']); $password = Symphony::Database()->cleanValue($_REQUEST['password']); if ($this->login($username, $password)) { if (isset($_REQUEST['redirect'])) { redirect($_REQUEST['redirect']); } redirect(URL); } self::$_failed_login_attempt = true; } else { $loggedin = $this->isLoggedIn(); } $this->initialiseMemberObject(); if ($loggedin && is_object($this->Member)) { $role_data = $this->Member->getData($this->roleField()); $this->__updateSystemTimezoneOffset(); } $role = $this->fetchRole($loggedin ? $role_data['role_id'] : 1, true); if (!$role->canAccessPage((int) $context['page_data']['id'])) { if ($row = Symphony::Database()->fetchRow(0, "SELECT `tbl_pages`.* FROM `tbl_pages`, `tbl_pages_types` \r\n\t\t\t\t\tWHERE `tbl_pages_types`.page_id = `tbl_pages`.id AND tbl_pages_types.`type` = '403' \r\n\t\t\t\t\tLIMIT 1")) { $row['type'] = Symphony::Database()->fetchCol('type', "SELECT `type` FROM `tbl_pages_types` WHERE `page_id` = '" . $row['id'] . "' "); $row['filelocation'] = PAGES . '/' . trim(str_replace('/', '_', $row['path'] . '_' . $row['handle']), '_') . '.xsl'; $context['page_data'] = $row; return; } throw new SymphonyErrorPage('Please <a href="' . URL . '/symphony/login/">login</a> to view this page.', 'Forbidden', 'error', array('header' => 'HTTP/1.0 403 Forbidden')); } }
public function checkFrontendPagePermissions($context) { $this->initialiseCookie(); ## Cookies only show up on page refresh. This flag helps in making sure the correct XML is being set $loggedin = false; $action = $_REQUEST['member-action']; if (trim($action) == 'logout') { $this->logout(); redirect(URL); } elseif (isset($action['login'])) { $username = Symphony::Database()->cleanValue($_REQUEST['username']); $password = Symphony::Database()->cleanValue($_REQUEST['password']); if ($this->login($username, $password)) { if (isset($_REQUEST['redirect'])) { redirect($_REQUEST['redirect']); } redirect(URL . $_SERVER['REQUEST_URI']); } self::$_failed_login_attempt = true; } elseif (isset($context['env']['url']['member-token']) && preg_match('/^[a-f0-9]{8}$/', $context['env']['url']['member-token'])) { $token = Symphony::Database()->fetchRow(0, "SELECT * FROM `tbl_members_login_tokens` WHERE `token` = '" . $context['env']['url']['member-token'] . "' LIMIT 1"); if (is_array($token) && !empty($token)) { $entry = $this->fetchMemberFromID($token['member_id']); $username_field_data = $entry->getData($this->usernameAndPasswordField()); $loggedin = $this->login($username_field_data['username'], $username_field_data['password'], true); self::purgeTokens($token['member_id']); } } else { $loggedin = $this->isLoggedIn(); } $this->initialiseMemberObject(); if ($loggedin && is_object($this->Member)) { $role_data = $this->Member->getData($this->roleField()); } $role = $this->fetchRole($loggedin ? $role_data['role_id'] : 1, true); if (!$role->canAccessPage((int) $context['page_data']['id'])) { /* Array ( [id] => 115 [parent] => 91 [title] => New [handle] => new [path] => downloads [params] => type [data_sources] => menu [events] => save_download [sortorder] => 13 [type] => Array ( ) [filelocation] => /Users/pointybeard/Sites/projects/overture/public/workspace/pages/downloads_new.xsl ) Array ( [id] => 136 [parent] => [title] => Forbidden [handle] => forbidden [path] => [params] => [data_sources] => menu [events] => [sortorder] => 37 ) */ if ($row = Symphony::Database()->fetchRow(0, "SELECT `tbl_pages`.* FROM `tbl_pages`, `tbl_pages_types`\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t WHERE `tbl_pages_types`.page_id = `tbl_pages`.id AND tbl_pages_types.`type` = '403'\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t LIMIT 1")) { //redirect(URL . '/' . $row['path'] . '/' . $row['handle']); //$page['filelocation'] = $this->resolvePageFileLocation($page['path'], $page['handle']); //$page['type'] = $this->__fetchPageTypes($page['id']); $row['type'] = Symphony::Database()->fetchCol('type', "SELECT `type` FROM `tbl_pages_types` WHERE `page_id` = '" . $row['id'] . "' "); $row['filelocation'] = PAGES . '/' . trim(str_replace('/', '_', $row['path'] . '_' . $row['handle']), '_') . '.xsl'; $context['page_data'] = $row; return; } $this->_Parent->customError(E_USER_ERROR, 'Forbidden', 'Please <a href="' . URL . '/symphony/login/">login</a> to view this page.', false, true, 'error', array('header' => 'HTTP/1.0 403 Forbidden')); } //$context['wrapper']->appendChild($this->buildXML()); }
public function checkFrontendPagePermissions($context) { $isLoggedIn = false; $errors = array(); $action = null; // Checks $_REQUEST to see if a Member Action has been requested, // member-action['login'] and member-action['logout']/?member-action=logout // are the only two supported at this stage. if (isset($_REQUEST['member-action']) && is_array($_REQUEST['member-action'])) { list($action) = array_keys($_REQUEST['member-action']); } else { if (isset($_REQUEST['member-action'])) { $action = $_REQUEST['member-action']; } } // Check to see a Member is already logged in. $isLoggedIn = $this->getMemberDriver()->isLoggedIn($errors); // Logout if (trim($action) == 'logout') { /** * Fired just before a member is logged out (and page redirection), * this delegate provides the current Member ID * * @delegate MembersPreLogout * @param string $context * '/frontend/' * @param integer $member_id * The Member ID of the member who is about to logged out */ Symphony::ExtensionManager()->notifyMembers('MembersPreLogout', '/frontend/', array('member_id' => $this->getMemberDriver()->getMemberID())); $this->getMemberDriver()->logout(); // If a redirect is provided, redirect to that, otherwise return the user // to the index of the site. Issue #51 & #121 if (isset($_REQUEST['redirect'])) { redirect($_REQUEST['redirect']); } redirect(URL); } else { if (trim($action) == 'login' && !is_null($_POST['fields'])) { // If a Member is already logged in and another Login attempt is requested // log the Member out first before trying to login with new details. if ($isLoggedIn) { $this->getMemberDriver()->logout(); } if ($this->getMemberDriver()->login($_POST['fields'])) { /** * Fired just after a Member has successfully logged in, this delegate * provides the current Member ID. This delegate is fired just before * the page redirection (if it is provided) * * @delegate MembersPostLogin * @param string $context * '/frontend/' * @param integer $member_id * The Member ID of the member who just logged in. * @param Entry $member * The Entry object of the logged in Member. */ Symphony::ExtensionManager()->notifyMembers('MembersPostLogin', '/frontend/', array('member_id' => $this->getMemberDriver()->getMemberID(), 'member' => $this->getMemberDriver()->getMember())); if (isset($_POST['redirect'])) { redirect($_POST['redirect']); } } else { self::$_failed_login_attempt = true; /** * A failed Member login attempt * * @delegate MembersLoginFailure * @param string $context * '/frontend/' * @param string $username * The username of the Member who attempted to login. */ Symphony::ExtensionManager()->notifyMembers('MembersLoginFailure', '/frontend/', array('username' => Symphony::Database()->cleanValue($_POST['fields'][extension_Members::getFieldHandle('identity')]))); } } } $this->Member->initialiseMemberObject(); $hasRoles = FieldManager::isFieldUsed(extension_Members::getFieldType('role')); if ($isLoggedIn && $this->getMemberDriver()->getMember() instanceof Entry) { $this->getMemberDriver()->updateSystemTimezoneOffset(); if ($hasRoles) { $role_field = extension_Members::getField('role'); if ($role_field) { $role_data = $this->getMemberDriver()->getMember()->getData($role_field->get('id')); } } } // If there is no role field, or a Developer is logged in, return, as Developers // should be able to access every page. Handles Symphony 2.4 or Symphony 2.5 $isDeveloper = method_exists(Symphony::Engine(), 'Author') ? Symphony::Engine()->Author() instanceof Author && Symphony::Engine()->Author()->isDeveloper() : Symphony::Engine()->Author instanceof Author && Symphony::Engine()->Author->isDeveloper(); if (!$hasRoles || $isDeveloper) { return; } $role_id = $isLoggedIn ? $role_data['role_id'] : Role::PUBLIC_ROLE; $role = RoleManager::fetch($role_id); if ($role instanceof Role && !$role->canAccessPage((int) $context['page_data']['id'])) { // User has no access to this page, so look for a custom 403 page if ($row = PageManager::fetchPageByType('403')) { $row['type'] = PageManager::fetchPageTypes($row['id']); $row['filelocation'] = PageManager::resolvePageFileLocation($row['path'], $row['handle']); $context['page_data'] = $row; return; } else { // No custom 403, just throw default 403 GenericExceptionHandler::$enabled = true; Frontend::instance()->throwCustomError(__('The page you have requested has restricted access permissions.'), __('Forbidden'), Page::HTTP_STATUS_FORBIDDEN); } } }
public function checkFrontendPagePermissions($context) { $isLoggedIn = false; $errors = array(); // Checks $_REQUEST to see if a Member Action has been requested, // member-action['login'] and member-action['logout']/?member-action=logout // are the only two supported at this stage. if (is_array($_REQUEST['member-action'])) { list($action) = array_keys($_REQUEST['member-action']); } else { $action = $_REQUEST['member-action']; } // Check to see a Member is already logged in. $isLoggedIn = $this->getMemberDriver()->isLoggedIn($errors); // Logout if (trim($action) == 'logout') { /** * Fired just before a member is logged out (and page redirection), * this delegate provides the current Member ID * * @delegate MembersPreLogout * @param string $context * '/frontend/' * @param integer $member_id * The Member ID of the member who is about to logged out */ Symphony::ExtensionManager()->notifyMembers('MembersPreLogout', '/frontend/', array('member_id' => $this->getMemberDriver()->getMemberID())); $this->getMemberDriver()->logout(); // If a redirect is provided, redirect to that, otherwise return the user // to the index of the site. Issue #51 & #121 if (isset($_REQUEST['redirect'])) { redirect($_REQUEST['redirect']); } redirect(URL); } else { if (trim($action) == 'login' && !is_null($_POST['fields'])) { // If a Member is already logged in and another Login attempt is requested // log the Member out first before trying to login with new details. if ($isLoggedIn) { $this->getMemberDriver()->logout(); } if ($this->getMemberDriver()->login($_POST['fields'])) { /** * Fired just after a Member has successfully logged in, this delegate * provides the current Member ID. This delegate is fired just before * the page redirection (if it is provided) * * @delegate MembersPostLogin * @param string $context * '/frontend/' * @param integer $member_id * The Member ID of the member who just logged in. * @param Entry $member * The Entry object of the logged in Member. */ Symphony::ExtensionManager()->notifyMembers('MembersPostLogin', '/frontend/', array('member_id' => $this->getMemberDriver()->getMemberID(), 'member' => $this->getMemberDriver()->getMember())); if (isset($_POST['redirect'])) { redirect($_POST['redirect']); } } else { self::$_failed_login_attempt = true; } } } $this->Member->initialiseMemberObject(); if ($isLoggedIn && $this->getMemberDriver()->getMember() instanceof Entry) { $this->updateSystemTimezoneOffset($this->getMemberDriver()->getMemberID()); if (!is_null(extension_Members::getFieldHandle('role'))) { $role_data = $this->getMemberDriver()->getMember()->getData(extension_Members::getField('role')->get('id')); } } // If there is no role field, or a Developer is logged in, return, as Developers // should be able to access every page. if (is_null(extension_Members::getFieldHandle('role')) || Frontend::instance()->Author instanceof Author && Frontend::instance()->Author->isDeveloper()) { return; } $role_id = $isLoggedIn ? $role_data['role_id'] : Role::PUBLIC_ROLE; $role = RoleManager::fetch($role_id); if ($role instanceof Role && !$role->canAccessPage((int) $context['page_data']['id'])) { // User has no access to this page, so look for a custom 403 page if ($row = Symphony::Database()->fetchRow(0, "\n\t\t\t\t\tSELECT `p`.*\n\t\t\t\t\tFROM `tbl_pages` as `p`\n\t\t\t\t\tLEFT JOIN `tbl_pages_types` AS `pt` ON(`p`.id = `pt`.page_id)\n\t\t\t\t\tWHERE `pt`.type = '403'\n\t\t\t\t")) { $row['type'] = FrontendPage::fetchPageTypes($row['id']); $row['filelocation'] = FrontendPage::resolvePageFileLocation($row['path'], $row['handle']); $context['page_data'] = $row; return; } else { // No custom 403, just throw default 403 GenericExceptionHandler::$enabled = true; throw new SymphonyErrorPage(__('The page you have requested has restricted access permissions.'), __('Forbidden'), 'error', array('header' => 'HTTP/1.0 403 Forbidden')); } } }