/** * Handle GET requests. * * @param Alpha\Util\Http\Request $request * * @return Alpha\Util\Http\Response * * @since 1.0 */ public function doGET($request) { self::$logger->debug('>>doGET(request=[' . var_export($request, true) . '])'); $config = ConfigProvider::getInstance(); if ($config->get('app.check.installed') && !ActiveRecord::isInstalled()) { $response = new Response(301); $response->redirect($config->get('app.url') . '/install'); self::$logger->warn('App not installed so re-directing to the install controller'); self::$logger->debug('<<doGET'); return $response; } $params = $request->getParams(); $body = View::loadTemplateFragment('html', 'head.phtml', array('title' => $config->get('app.title'), 'description' => 'Welcome to our site', 'allowCSSOverrides' => true)); $body .= View::loadTemplateFragment('html', 'index.phtml'); $body .= View::loadTemplateFragment('html', 'footer.phtml'); self::$logger->debug('<<doGET'); return new Response(200, $body, array('Content-Type' => 'text/html')); }
/** * {@inheritdoc} */ public static function displayPageHead($controller) { if (self::$logger == null) { self::$logger = new Logger('RendererProviderHTML'); } self::$logger->debug('>>displayPageHead(controller=[' . var_export($controller, true) . '])'); $config = ConfigProvider::getInstance(); $sessionProvider = $config->get('session.provider.name'); $session = SessionProviderFactory::getInstance($sessionProvider); if (!class_exists(get_class($controller))) { throw new IllegalArguementException('The controller provided [' . get_class($controller) . '] is not defined anywhere!'); } $allowCSSOverrides = true; $request = new Request(array('method' => 'GET')); if ($session->get('currentUser') != null && ActiveRecord::isInstalled() && $session->get('currentUser')->inGroup('Admin') && mb_strpos($request->getURI(), '/tk/') !== false) { $allowCSSOverrides = false; } $html = View::loadTemplateFragment('html', 'head.phtml', array('title' => $controller->getTitle(), 'description' => $controller->getDescription(), 'allowCSSOverrides' => $allowCSSOverrides)); if (method_exists($controller, 'during_displayPageHead_callback')) { $html .= $controller->during_displayPageHead_callback(); } $html .= '</head>'; try { if ($controller->getRecord() != null) { $html .= '<body' . ($controller->getRecord()->get('bodyOnload') != '' ? ' onload="' . $controller->getRecord()->get('bodyOnload') . '"' : '') . '>'; } else { $html .= '<body>'; } } catch (AlphaException $e) { $html .= '<body>'; } $html .= '<div class="container">'; if (method_exists($controller, 'insert_CMSDisplayStandardHeader_callback')) { $html .= $controller->insert_CMSDisplayStandardHeader_callback(); } self::$logger->debug('<<displayPageHead [HTML]'); return $html; }
/** * The constructor. * * @throws Alpha\Exception\FailedLookupCreateException * @throws Alpha\Exception\IllegalArguementException * * @since 1.0 */ public function __construct($leftClassName, $rightClassName) { self::$logger = new Logger('RelationLookup'); self::$logger->debug('>>__construct(leftClassName=[' . $leftClassName . '], rightClassName=[' . $rightClassName . '])'); // ensure to call the parent constructor parent::__construct(); if (empty($leftClassName) || empty($rightClassName)) { throw new IllegalArguementException('Cannot create RelationLookup object without providing the left and right class names!'); } $this->leftClassName = $leftClassName; $this->rightClassName = $rightClassName; $this->leftID = new Integer(); $this->rightID = new Integer(); $this->markTransient('leftClassName'); $this->markTransient('rightClassName'); $this->markTransient('helper'); $this->markTransient('TABLE_NAME'); // add a unique composite key to these fields $this->markUnique('leftID', 'rightID'); // make sure the lookup table exists if (!$this->checkTableExists() && ActiveRecord::isInstalled()) { // first make sure that the two BO tables exist before relating them with a lookup table if (ActiveRecord::checkBOTableExists($leftClassName) && ActiveRecord::checkBOTableExists($rightClassName)) { $this->makeTable(); } else { throw new FailedLookupCreateException('Error trying to create a lookup table [' . $this->getTableName() . '], as tables for BOs [' . $leftClassName . '] or [' . $rightClassName . '] don\'t exist!'); } } self::$logger->debug('<<__construct'); }
/** * Custom version of the check rights method that only checks for a session for the config admin username/password, * when the system database is not set-up. * * @return bool * * @since 1.0 */ public function checkRights() { self::$logger->debug('>>checkRights()'); $config = ConfigProvider::getInstance(); $sessionProvider = $config->get('session.provider.name'); $session = SessionProviderFactory::getInstance($sessionProvider); if ($this->getVisibility() == 'Public') { self::$logger->debug('<<checkRights [true]'); return true; } if (ActiveRecord::isInstalled()) { self::$logger->debug('<<checkRights [false]'); return false; } // the person is logged in? if ($session->get('currentUser') !== false) { if ($session->get('currentUser')->get('email') == $config->get('app.install.username')) { self::$logger->debug('<<checkRights [true]'); return true; } } }
/** * Handle POST requests (adds $currentUser Person to the session). * * @param Alpha\Util\Http\Request $request * * @return Alpha\Util\Http\Response * * @throws Alpha\Exception\IllegalArguementException * * @since 1.0 */ public function doPOST($request) { self::$logger->debug('>>doPOST($request=[' . var_export($request, true) . '])'); $params = $request->getParams(); if (!is_array($params)) { throw new IllegalArguementException('Bad $params [' . var_export($params, true) . '] passed to doPOST method!'); } $config = ConfigProvider::getInstance(); $body = ''; try { // check the hidden security fields before accepting the form POST data if (!$this->checkSecurityFields()) { throw new SecurityException('This page cannot accept post data from remote servers!'); } if (isset($params['loginBut'])) { // if the database has not been set up yet, accept a login from the config admin username/password if (!ActiveRecord::isInstalled()) { if ($params['email'] == $config->get('app.install.username') && password_verify($params['password'], password_hash($config->get('app.install.password'), PASSWORD_DEFAULT, ['cost' => 12]))) { self::$logger->info('Logging in [' . $params['email'] . '] at [' . date('Y-m-d H:i:s') . ']'); $admin = new Person(); $admin->set('displayName', 'Admin'); $admin->set('email', $params['email']); $admin->set('password', password_hash($params['password'], PASSWORD_DEFAULT, ['cost' => 12])); $admin->set('OID', '00000000001'); $sessionProvider = $config->get('session.provider.name'); $session = SessionProviderFactory::getInstance($sessionProvider); $session->set('currentUser', $admin); $response = new Response(301); if ($this->getNextJob() != '') { $response->redirect(FrontController::generateSecureURL('act=' . $this->getNextJob())); $this->clearUnitOfWorkAttributes(); } else { $response->redirect(FrontController::generateSecureURL('act=InstallController')); } return $response; } else { throw new ValidationException('Failed to login user ' . $params['email'] . ', the password is incorrect!'); } } else { // here we are attempting to load the person from the email address $this->personObject->loadByAttribute('email', $params['email'], true); ActiveRecord::disconnect(); // checking to see if the account has been disabled if (!$this->personObject->isTransient() && $this->personObject->get('state') == 'Disabled') { throw new SecurityException('Failed to login user ' . $params['email'] . ', that account has been disabled!'); } // check the password return $this->doLoginAndRedirect($params['password']); } $body .= View::displayPageHead($this); $body .= $this->personView->displayLoginForm(); } if (isset($params['resetBut'])) { // here we are attempting to load the person from the email address $this->personObject->loadByAttribute('email', $params['email']); ActiveRecord::disconnect(); // generate a new random password $newPassword = $this->personObject->generatePassword(); // now encrypt and save the new password, then e-mail the user $this->personObject->set('password', password_hash($newPassword, PASSWORD_DEFAULT, ['cost' => 12])); $this->personObject->save(); $message = 'The password for your account has been reset to ' . $newPassword . ' as you requested. You can now login to the site using your ' . 'e-mail address and this new password as before.'; $subject = 'Password change request'; $this->personObject->sendMail($message, $subject); $body .= View::displayUpdateMessage('The password for the user <strong>' . $params['email'] . '</strong> has been reset, and the new password ' . 'has been sent to that e-mail address.'); $body .= '<a href="' . $config->get('app.url') . '">Home Page</a>'; } } catch (ValidationException $e) { $body .= View::displayPageHead($this); $body .= View::displayErrorMessage($e->getMessage()); if (isset($params['reset'])) { $body .= $this->personView->displayResetForm(); } else { $body .= $this->personView->displayLoginForm(); } self::$logger->warn($e->getMessage()); } catch (SecurityException $e) { $body .= View::displayPageHead($this); $body .= View::displayErrorMessage($e->getMessage()); self::$logger->warn($e->getMessage()); } catch (RecordNotFoundException $e) { $body .= View::displayPageHead($this); $body .= View::displayErrorMessage('Failed to find the user \'' . $params['email'] . '\''); if (isset($params['reset'])) { $body .= $this->personView->displayResetForm(); } else { $body .= $this->personView->displayLoginForm(); } self::$logger->warn($e->getMessage()); } $body .= View::displayPageFoot($this); self::$logger->debug('<<doPOST'); return new Response(200, $body, array('Content-Type' => 'text/html')); }