/** * Page のプロセス. * * @return void */ public function process() { parent::process(); $objView = new SiteView(); $objSess = new Session(); Utils::sfIsSuccess($objSess); if (isset($_SESSION['preview']) && $_SESSION['preview'] === 'ON') { // プレビュー用のレイアウトデザインを取得 /* @var $objLayout PageLayoutHelper */ $objLayout = Application::alias('eccube.helper.page_layout'); $objLayout->sfGetPageLayout($this, true); // 画面の表示 $objView->assignobj($this); $objView->display(SITE_FRAME); return; } Utils::sfDispSiteError(PAGE_ERROR); }
/** * プロダクトIDの正当性チェック * * @param string $admin_mode * @param int $product_id * @param Product $objProduct * @return integer */ public function lfCheckProductId($admin_mode, $product_id, Product $objProduct) { // 管理機能からの確認の場合は、非公開の商品も表示する。 if (isset($admin_mode) && $admin_mode == 'on' && Utils::sfIsSuccess(new Session(), false)) { $include_hidden = true; } else { $include_hidden = false; } if (!$objProduct->isValidProductId($product_id, $include_hidden)) { Utils::sfDispSiteError(PRODUCT_NOT_FOUND); } return $product_id; }
/** * オペレーションの実行権限をチェックする * * @param string オペレーション名 * @param array リクエストパラメータ * @return boolean 権限がある場合 true; 無い場合 false */ protected function checkOperationAuth($operation_name, &$arrParam, &$arrApiConfig) { if (Utils::isBlank($operation_name)) { return false; } $arrAuthTypes = explode('|', $arrApiConfig['auth_types']); $result = false; foreach ($arrAuthTypes as $auth_type) { $ret = false; switch ($auth_type) { case self::API_AUTH_TYPE_REFERER: $ret = static::checkReferer(); break; case self::API_AUTH_TYPE_SESSION_TOKEN: $ret = SessionHelper::isValidToken(false); break; case self::API_AUTH_TYPE_API_SIGNATURE: $ret = static::checkApiSignature($operation_name, $arrParam, $arrApiConfig); break; case self::API_AUTH_TYPE_CUSTOMER: $ret = static::checkCustomerAccount($arrParam['login_email'], $arrParam['login_password']); break; case self::API_AUTH_TYPE_MEMBER: $ret = static::checkMemberAccount($arrParam['member_id'], $arrParam['member_password']); break; case self::API_AUTH_TYPE_CUSTOMER_LOGIN_SESSION: /* @var $objCustomer Customer */ $objCustomer = Application::alias('eccube.customer'); $ret = $objCustomer->isLoginSuccess(); break; case self::API_AUTH_TYPE_MEMBER_LOGIN_SESSION: $ret = Utils::sfIsSuccess(new Session(), false); break; case self::API_AUTH_TYPE_IP: $ret = static::checkIp($operation_name); break; case self::API_AUTH_TYPE_HOST: $ret = static::checkHost($operation_name); break; case self::API_AUTH_TYPE_SSL: $ret = Utils::sfIsHTTPS(); break; case self::API_AUTH_TYPE_OPEN: $result = true; break 2; // foreachも抜ける // foreachも抜ける default: $ret = false; break; } if ($ret === true) { $result = true; } else { $result = false; break; // 1つでもfalseがあれば,その時点で終了 } } return $result; }
/** * 管理画面の認証を行う. * * mtb_auth_excludes へ登録されたページは, 認証を除外する. * * @return void */ public static function adminAuthorization() { $arrScriptPath = explode('/', str_replace('\\', '/', $_SERVER['SCRIPT_FILENAME'])); if (!GcUtils::isAdminFunction()) { return; } else { $masterData = Application::alias('eccube.db.master_data'); $arrExcludes = $masterData->getMasterData('mtb_auth_excludes'); foreach ($arrExcludes as $exclude) { $arrExcludesPath = explode('/', str_replace('\\', '/', realpath(HTML_REALDIR . ADMIN_DIR . $exclude))); $arrDiff = array_diff_assoc($arrExcludesPath, $arrScriptPath); if (count($arrDiff) === 0) { return; } } } Utils::sfIsSuccess(new Session()); }