/**
* Handle GET requests.
*
* @param Alpha\Util\Http\Request $request
*
* @return Alpha\Util\Http\Response
*
* @since 1.0
*/
public function doGET($request)
{
self::$logger->debug('>>doGET(request=[' . var_export($request, true) . '])');
$config = ConfigProvider::getInstance();
if ($config->get('app.check.installed') && !ActiveRecord::isInstalled()) {
$response = new Response(301);
$response->redirect($config->get('app.url') . '/install');
self::$logger->warn('App not installed so re-directing to the install controller');
self::$logger->debug('<<doGET');
return $response;
}
$params = $request->getParams();
$body = View::loadTemplateFragment('html', 'head.phtml', array('title' => $config->get('app.title'), 'description' => 'Welcome to our site', 'allowCSSOverrides' => true));
$body .= View::loadTemplateFragment('html', 'index.phtml');
$body .= View::loadTemplateFragment('html', 'footer.phtml');
self::$logger->debug('<<doGET');
return new Response(200, $body, array('Content-Type' => 'text/html'));
}
/**
* Handle GET requests.
*
* @param Alpha\Util\Http\Request $request
*
* @since 1.0
*
* @throws Alpha\Exception\ResourceNotFoundException
*/
public function doGET($request)
{
self::$logger->debug('>>doGET($request=[' . var_export($request, true) . '])');
$config = ConfigProvider::getInstance();
$params = $request->getParams();
try {
if (isset($params['articleOID']) && isset($params['filename'])) {
if (!Validator::isInteger($params['articleOID'])) {
throw new IllegalArguementException('The articleOID [' . $params['articleOID'] . '] provided is invalid');
}
$article = new Article();
$article->setOID($params['articleOID']);
$filePath = $article->getAttachmentsLocation() . '/' . $params['filename'];
if (file_exists($filePath)) {
self::$logger->info('Downloading the file [' . $params['filename'] . '] from the folder [' . $article->getAttachmentsLocation() . ']');
$pathParts = pathinfo($filePath);
$mimeType = FileUtils::getMIMETypeByExtension($pathParts['extension']);
$response = new Response(200, file_get_contents($filePath));
$response->setHeader('Content-Type', $mimeType);
$response->setHeader('Content-Disposition', 'attachment; filename="' . $pathParts['basename'] . '"');
$response->setHeader('Content-Length', filesize($filePath));
self::$logger->debug('<<doGET');
return $response;
} else {
self::$logger->error('Could not access article attachment file [' . $filePath . '] as it does not exist!');
throw new IllegalArguementException('File not found');
}
} else {
self::$logger->error('Could not access article attachment as articleOID and/or filename were not provided!');
throw new IllegalArguementException('File not found');
}
} catch (IllegalArguementException $e) {
self::$logger->error($e->getMessage());
throw new ResourceNotFoundException($e->getMessage());
}
self::$logger->debug('<<doGET');
}
use Alpha\Util\Http\Filter\ClientTempBlacklistFilter;
use Alpha\Util\Http\Request;
use Alpha\Util\Http\Response;
use Alpha\Exception\ResourceNotFoundException;
use Alpha\Exception\ResourceNotAllowedException;
use Alpha\View\View;
try {
$config = ConfigProvider::getInstance();
set_exception_handler('Alpha\\Util\\ErrorHandlers::catchException');
set_error_handler('Alpha\\Util\\ErrorHandlers::catchError', $config->get('php.error.log.level'));
$front = new FrontController();
if ($config->get('security.client.blacklist.filter.enabled')) {
$front->registerFilter(new ClientBlacklistFilter());
}
if ($config->get('security.ip.blacklist.filter.enabled')) {
$front->registerFilter(new IPBlacklistFilter());
}
if ($config->get('security.client.temp.blacklist.filter.enabled')) {
$front->registerFilter(new ClientTempBlacklistFilter());
}
$request = new Request();
$response = $front->process($request);
} catch (ResourceNotFoundException $rnfe) {
$response = new Response(404, View::renderErrorPage(404, $rnfe->getMessage(), array('Content-Type' => 'text/html')));
} catch (ResourceNotAllowedException $rnae) {
$response = new Response(403, View::renderErrorPage(403, $rnae->getMessage(), array('Content-Type' => 'text/html')));
}
if ($config->get('security.http.header.x.frame.options') != '' && $response->getHeader('X-Frame-Options') == null) {
$response->setHeader('X-Frame-Options', $config->get('security.http.header.x.frame.options'));
}
echo $response->send();
/**
* Method to handle DELETE requests.
*
* @param Alpha\Util\Http\Request $request
*
* @throws Alpha\Exception\IllegalArguementException
* @throws Alpha\Exception\SecurityException
*
* @return Alpha\Util\Http\Response
*
* @since 2.0
*/
public function doDELETE($request)
{
self::$logger->debug('>>doDELETE(request=[' . var_export($request, true) . '])');
$config = ConfigProvider::getInstance();
$params = $request->getParams();
$accept = $request->getAccept();
try {
// check the hidden security fields before accepting the form data
if (!$this->checkSecurityFields()) {
throw new SecurityException('This page cannot accept data from remote servers!');
}
if (isset($params['ActiveRecordType'])) {
$ActiveRecordType = urldecode($params['ActiveRecordType']);
} else {
throw new IllegalArguementException('No ActiveRecord available to edit!');
}
if (class_exists($ActiveRecordType)) {
$record = new $ActiveRecordType();
} else {
throw new IllegalArguementException('No ActiveRecord [' . $ActiveRecordType . '] available to edit!');
}
// check the hidden security fields before accepting the form POST data
if (!$this->checkSecurityFields()) {
throw new SecurityException('This page cannot accept post data from remote servers!');
}
$record->load($params['ActiveRecordOID']);
ActiveRecord::begin();
$record->delete();
ActiveRecord::commit();
ActiveRecord::disconnect();
self::$logger->action('Deleted ' . $ActiveRecordType . ' instance with OID ' . $params['ActiveRecordOID']);
if ($accept == 'application/json') {
$response = new Response(200);
$response->setHeader('Content-Type', 'application/json');
$response->setBody(json_encode(array('message' => 'deleted')));
} else {
$response = new Response(301);
if (isset($params['statusMessage'])) {
$this->setStatusMessage(View::displayUpdateMessage($params['statusMessage']));
} else {
$this->setStatusMessage(View::displayUpdateMessage('Deleted'));
}
if ($this->getNextJob() != '') {
$response->redirect($this->getNextJob());
} else {
if ($this->request->isSecureURI()) {
$response->redirect(FrontController::generateSecureURL('act=Alpha\\Controller\\ActiveRecordController&ActiveRecordType=' . $ActiveRecordType . '&start=0&limit=' . $config->get('app.list.page.amount')));
} else {
$response->redirect($config->get('app.url') . '/records/' . $params['ActiveRecordType']);
}
}
}
} catch (SecurityException $e) {
self::$logger->warn($e->getMessage());
throw new ResourceNotAllowedException($e->getMessage());
} catch (RecordNotFoundException $e) {
self::$logger->warn($e->getMessage());
throw new ResourceNotFoundException('The item that you have requested cannot be found!');
} catch (AlphaException $e) {
self::$logger->error($e->getMessage());
ActiveRecord::rollback();
}
self::$logger->debug('<<doDELETE');
return $response;
}
/**
* Loads the BO indicated in the GET request and handles the conversion to Excel.
*
* @param Alpha\Util\Http\Request $request
*
* @return Alpha\Util\Http\Response
*
* @throws Alpha\Exception\ResourceNotFoundException
*
* @since 1.0
*/
public function doGet($request)
{
self::$logger->debug('>>doGet(request=[' . var_export($request, true) . '])');
$params = $request->getParams();
$body = '';
try {
if (isset($params['ActiveRecordType'])) {
$ActiveRecordType = $params['ActiveRecordType'];
$className = "Alpha\\Model\\{$ActiveRecordType}";
if (class_exists($className)) {
$this->BO = new $className();
} else {
throw new IllegalArguementException('No ActiveRecord available to render!');
}
// the name of the file download
if (isset($params['ActiveRecordOID'])) {
$fileName = $this->BO->getTableName() . '-' . $params['ActiveRecordOID'];
} else {
$fileName = $this->BO->getTableName();
}
$response = new Response(200);
// header info for browser
$response->setHeader('Content-Type', 'application/vnd.ms-excel');
$response->setHeader('Content-Disposition', 'attachment; filename=' . $fileName . '.xls');
$response->setHeader('Pragma', 'no-cache');
$response->setHeader('Expires', '0');
// handle a single BO
if (isset($params['ActiveRecordOID'])) {
$this->BO->load($params['ActiveRecordOID']);
ActiveRecord::disconnect();
$convertor = new ActiveRecord2Excel($this->BO);
$body .= $convertor->render();
} else {
// handle all BOs of this type
$BOs = $BO->loadAll();
ActiveRecord::disconnect();
$first = true;
foreach ($BOs as $BO) {
$convertor = new ActiveRecord2Excel($BO);
if ($first) {
$body .= $convertor->render(true);
$first = false;
} else {
$body .= $convertor->render(false);
}
}
}
} else {
throw new IllegalArguementException('No ActiveRecordType parameter available for ViewExcel controller!');
}
} catch (RecordNotFoundException $e) {
self::$logger->error($e->getMessage());
throw new ResourceNotFoundException($e->getMessage());
} catch (IllegalArguementException $e) {
self::$logger->error($e->getMessage());
throw new ResourceNotFoundException($e->getMessage());
}
self::$logger->debug('<<__doGet');
$response->setBody($body);
return $response;
}
/**
* Login the user and re-direct to the defined destination.
*
* @param string $password The password supplied by the user logging in
*
* @throws Alpha\Exception\ValidationException
*
* @return Alpha\Util\Http\Response
*
* @since 1.0
*/
protected function doLoginAndRedirect($password)
{
self::$logger->debug('>>doLoginAndRedirect(password=[' . $password . '])');
$config = ConfigProvider::getInstance();
if (!$this->personObject->isTransient() && $this->personObject->get('state') == 'Active') {
if (password_verify($password, $this->personObject->get('password'))) {
$sessionProvider = $config->get('session.provider.name');
$session = SessionProviderFactory::getInstance($sessionProvider);
$session->set('currentUser', $this->personObject);
self::$logger->debug('Logging in [' . $this->personObject->get('email') . '] at [' . date('Y-m-d H:i:s') . ']');
self::$logger->action('Login');
$response = new Response(301);
if ($this->getNextJob() != '') {
$response->redirect(FrontController::generateSecureURL('act=' . $this->getNextJob()));
$this->clearUnitOfWorkAttributes();
} else {
$response->redirect($config->get('app.url'));
}
return $response;
} else {
throw new ValidationException('Failed to login user ' . $this->personObject->get('email') . ', the password is incorrect!');
self::$logger->debug('<<doLoginAndRedirect');
}
}
}
/**
* Handle GET requests.
*
* @param Alpha\Util\Http\Request $request
*
* @return Alpha\Util\Http\Response
*
* @since 1.0
*
* @throws Alpha\Exception\ResourceNotFoundException
*/
public function doGET($request)
{
self::$logger->debug('>>doGET($request=[' . var_export($request, true) . '])');
$config = ConfigProvider::getInstance();
$params = $request->getParams();
$response = new Response(200);
try {
if (isset($params['ActiveRecordType'])) {
$ActiveRecordType = urldecode($params['ActiveRecordType']);
} else {
throw new IllegalArguementException('ActiveRecordType not specified to generate feed!');
}
if (isset($params['type'])) {
$type = $params['type'];
} else {
throw new IllegalArguementException('No feed type specified to generate feed!');
}
if (class_exists($ActiveRecordType)) {
$this->ActiveRecordType = $ActiveRecordType;
} else {
throw new IllegalArguementException('No ActiveRecord available to render!');
}
$this->type = $type;
$this->setup();
switch ($type) {
case 'RSS2':
$feed = new RSS2($this->ActiveRecordType, $this->title, str_replace('&', '&', $request->getURI()), $this->description);
$feed->setFieldMappings($this->fieldMappings[0], $this->fieldMappings[1], $this->fieldMappings[2], $this->fieldMappings[3]);
$response->setHeader('Content-Type', 'application/rss+xml');
break;
case 'RSS':
$feed = new RSS($this->ActiveRecordType, $this->title, str_replace('&', '&', $request->getURI()), $this->description);
$feed->setFieldMappings($this->fieldMappings[0], $this->fieldMappings[1], $this->fieldMappings[2], $this->fieldMappings[3]);
$response->setHeader('Content-Type', 'application/rss+xml');
break;
case 'Atom':
$feed = new Atom($this->ActiveRecordType, $this->title, str_replace('&', '&', $request->getURI()), $this->description);
$feed->setFieldMappings($this->fieldMappings[0], $this->fieldMappings[1], $this->fieldMappings[2], $this->fieldMappings[3], $this->fieldMappings[4]);
if ($config->get('feeds.atom.author') != '') {
$feed->addAuthor($config->get('feeds.atom.author'));
}
$response->setHeader('Content-Type', 'application/atom+xml');
break;
}
// now add the twenty last items (from newest to oldest) to the feed, and render
$feed->loadBOs(20, $this->sortBy);
$response->setBody($feed->render());
// log the request for this news feed
$feedLog = new LogProviderFile();
$feedLog->setPath($config->get('app.file.store.dir') . 'logs/feeds.log');
$feedLog->writeLine(array($this->ActiveRecordType, $this->type, date('Y-m-d H:i:s'), $request->getUserAgent(), $request->getIP()));
} catch (IllegalArguementException $e) {
self::$logger->error($e->getMessage());
throw new ResourceNotFoundException($e->getMessage());
}
self::$logger->debug('<<doGet');
return $response;
}
/**
* Testing the redirect method.
*/
public function testRedirect()
{
$response = new Response(301);
try {
$response->redirect('notreallythere');
$this->fail('Testing the redirect method');
} catch (IllegalArguementException $e) {
$this->assertEquals('Unable to redirect to URL [notreallythere] as it is invalid', $e->getMessage());
}
$response->redirect('http://alphaframework.org/');
$this->assertEquals('http://alphaframework.org/', $response->getHeader('Location'), 'Testing the redirect method');
$this->assertEquals(1, count($response->getHeaders()), 'Testing the redirect method');
}
/**
* {@inheritdoc}
*
* @since 2.0.2
*/
public function doTRACE($request)
{
$HTTPMethods = array('HEAD', 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS');
$supported = array();
foreach ($HTTPMethods as $HTTPMethod) {
$reflector = new \ReflectionMethod($this, 'do' . $HTTPMethod);
$isOverridden = $reflector->getDeclaringClass()->getName() === get_class($this);
if ($isOverridden) {
$supported[] = $HTTPMethod;
}
}
$supported = implode(',', $supported);
$response = new Response(405);
$response->setHeader('Allow', $supported);
return $response;
}
/**
* Method to handle PUT requests.
*
* @param Alpha\Util\Http\Request
*
* @return Alpha\Util\Http\Response
*
* @since 1.0
*/
public function doPUT($request)
{
self::$logger->debug('>>doPUT($request=[' . var_export($request, true) . '])');
$config = ConfigProvider::getInstance();
$params = $request->getParams();
try {
// check the hidden security fields before accepting the form POST data
if (!$this->checkSecurityFields()) {
throw new SecurityException('This page cannot accept post data from remote servers!');
self::$logger->debug('<<doPUT');
}
if (isset($params['markdownTextBoxRows']) && $params['markdownTextBoxRows'] != '') {
$viewState = ViewState::getInstance();
$viewState->set('markdownTextBoxRows', $params['markdownTextBoxRows']);
}
if (isset($params['title']) || isset($params['ActiveRecordOID'])) {
if (isset($params['ActiveRecordType']) && class_exists($params['ActiveRecordType'])) {
$record = new $params['ActiveRecordType']();
} else {
$record = new Article();
}
if (isset($params['title'])) {
$title = str_replace($config->get('cms.url.title.separator'), ' ', $params['title']);
$record->loadByAttribute('title', $title, false, array('OID', 'version_num', 'created_ts', 'updated_ts', 'title', 'author', 'published', 'content', 'headerContent'));
} else {
$record->load($params['ActiveRecordOID']);
}
// uploading an article attachment
if (isset($params['uploadBut'])) {
$source = $request->getFile('userfile')['tmp_name'];
$dest = $record->getAttachmentsLocation() . '/' . $request->getFile('userfile')['name'];
// upload the file to the attachments directory
FileUtils::copy($source, $dest);
if (!file_exists($dest)) {
throw new AlphaException('Could not move the uploaded file [' . $request->getFile('userfile')['name'] . ']');
}
// set read/write permissions on the file
$success = chmod($dest, 0666);
if (!$success) {
throw new AlphaException('Unable to set read/write permissions on the uploaded file [' . $dest . '].');
}
if ($success) {
self::$logger->action('File ' . $source . ' uploaded to ' . $dest);
$this->setStatusMessage(View::displayUpdateMessage('File ' . $source . ' uploaded to ' . $dest));
}
} elseif (isset($params['deletefile']) && $params['deletefile'] != '') {
$success = unlink($record->getAttachmentsLocation() . '/' . $params['deletefile']);
if (!$success) {
throw new AlphaException('Could not delete the file [' . $params['deletefile'] . ']');
}
if ($success) {
self::$logger->action('File ' . $record->getAttachmentsLocation() . '/' . $params['deletefile'] . ' deleted');
$this->setStatusMessage(View::displayUpdateMessage('File ' . $record->getAttachmentsLocation() . '/' . $params['deletefile'] . ' deleted'));
}
} else {
self::$logger->debug('<<doPUT');
return parent::doPUT($request);
}
} else {
throw new IllegalArguementException('No valid article ID provided!');
}
} catch (SecurityException $e) {
$this->setStatusMessage(View::displayErrorMessage($e->getMessage()));
self::$logger->warn($e->getMessage());
} catch (IllegalArguementException $e) {
$this->setStatusMessage(View::displayErrorMessage($e->getMessage()));
self::$logger->error($e->getMessage());
} catch (RecordNotFoundException $e) {
self::$logger->warn($e->getMessage());
$this->setStatusMessage(View::displayErrorMessage('Failed to load the requested article from the database!'));
} catch (AlphaException $e) {
$this->setStatusMessage(View::displayErrorMessage($e->getMessage()));
self::$logger->error($e->getMessage());
}
$response = new Response(301);
if ($this->getNextJob() != '') {
$response->redirect($this->getNextJob());
} else {
if ($this->request->isSecureURI()) {
$response->redirect(FrontController::generateSecureURL('act=Alpha\\Controller\\ActiveRecordController&ActiveRecordType=Alpha\\Model\\Article&ActiveRecordOID=' . $record->getOID() . '&view=edit'));
} else {
$title = str_replace(' ', $config->get('cms.url.title.separator'), $record->get('title'));
$response->redirect($config->get('app.url') . '/a/' . $title . '/edit');
}
}
self::$logger->debug('<<doPUT');
return $response;
}
