コード例 #1
0
/**
 * Insert/Update Group
 *
 * Controller for the Group module.
 *
 * @param \Slim\Route $route The route data array
 * @return void
 */
function insert_update_group(\Slim\Route $route)
{
    $app = \Slim\Slim::getInstance();
    $final_global_template_vars = $app->config('final_global_template_vars');
    require_once $final_global_template_vars["absolute_path_to_this_module"] . "/models/group.class.php";
    require_once $_SERVER["PATH_TO_VENDOR"] . "wixel/gump/gump.class.php";
    // URL parameters matched in the route.
    $params = $route->getParams();
    $group_id = isset($params["group_id"]) ? $params["group_id"] : false;
    $db_conn = new \PHPSkeleton\models\db($final_global_template_vars["db_connection"]);
    $db_resource = $db_conn->get_resource();
    $group = new \PHPSkeleton\Group($db_resource, $final_global_template_vars["session_key"]);
    $gump = new GUMP();
    $rules = array("name" => "required", "abbreviation" => "required|alpha_numeric", "state" => "alpha_numeric", "zip" => "numeric|exact_len,5", "group_parent" => "numeric");
    $validated = $gump->validate($app->request()->post(), $rules);
    $errors = array();
    if ($validated !== true) {
        $errors = \phpskeleton\models\utility::gump_parse_errors($validated);
    }
    if (!$errors) {
        $group->insert_update_group($app->request()->post(), $group_id);
        // If group_id is true, then the group was modified. Otherwise, it was created.
        if ($group_id) {
            $app->flash('message', 'The group has been successfully modified.');
        } else {
            $app->flash('message', 'New group has been successfully created.');
        }
        $app->redirect($final_global_template_vars["path_to_this_module"]);
    } else {
        $env = $app->environment();
        $env["default_validation_errors"] = $errors;
    }
}
コード例 #2
0
function authenticate(\Slim\Route $route)
{
    $app = \Slim\Slim::getInstance();
    $query = new QueryHandler();
    $auth = new HashGenerator();
    // Getting request headers
    $headers = apache_request_headers();
    $requestURI = $_SERVER['REQUEST_URI'];
    $requestMethod = $app->request->getMethod();
    $params = $route->getParams();
    try {
        $userId = intval($params['userId']);
        if (!$userId > 0) {
            $userId = DEFAULT_USER;
        }
    } catch (Exception $e) {
        $userId = DEFAULT_USER;
    }
    // TEST CODE ****************************
    $testParams = implode(',', getRequestParams());
    echo "<h3>{$testParams}</h3>";
    // END TEST CODE ************************
    // Get Handshake KEY
    if (!isset($headers['Authorization'])) {
        // api key is missing in header
        exitApp(BAD_REQUEST, "Authorization key is misssing");
    }
    // Get User Access Key
    if (!isset($headers['AccessKey']) && $userId !== DEFAULT_USER) {
        // api key is missing in header
        exitApp(BAD_REQUEST, "Access key is misssing");
    }
    $auth_key = $headers['Authorization'];
    @($accessKey = $headers['AccessKey']);
    $stringParams = implode(',', getRequestParams());
    // AUTHORIZE ADMIN OPERATION
    $adminData = "admin" . $requestURI . "#" . $stringParams;
    $adminHash = $auth->getAuthHash($adminData);
    $userData = $userId . $requestURI . "#" . $stringParams;
    // 		echo $userData;
    $userHash = $auth->getAuthHash($userData);
    // route the authorization for USER or ADMIN
    switch ($auth_key) {
        case $adminHash:
            // check if admin is valid
            $admin = $query->getAdmin($accessKey);
            if (empty($admin)) {
                exitApp(UNAUTHORIZED, "Admin not found!");
            }
            //Check admin access level
            if ($admin[ADMIN_FIELDS::ACCESS_LEVEL == "read"] && $requestMethod != "GET") {
                exitApp(UNAUTHORIZED, "Limited admin access !");
            }
            // admin is verified
            break;
        case $userHash:
            //non-user operation
            if ($userId == DEFAULT_USER) {
                break;
            }
            // UserOperatoin: check if user is valid
            $user_array = $query->getUser(array(USER_FIELDS::ACCESS_KEY => $accessKey));
            if (empty($user_array)) {
                exitApp(UNAUTHORIZED, "Invalid access key!");
            }
            if ($user_array[USER_FIELDS::IS_ACTIVE] == false) {
                // if requesting login
                if (strpos($requestURI, 'login') !== false) {
                    $message = "Please activate your account";
                }
                // for other operation
                $message = "Your account has been deactivated.";
                exitApp(UNAUTHORIZED, $message);
            }
            if ($user_array[USER_FIELDS::USER_ID] != $userId) {
                exitApp(UNAUTHORIZED, "You are not authorized to access others data");
            }
            break;
        default:
            exitApp(UNAUTHORIZED, "Invalid authorization key !");
    }
}
コード例 #3
0
ファイル: Router.php プロジェクト: sydorenkovd/Rest-slim-news
 /**
  * Dispatch route
  *
  * This method invokes the route object's callable. If middleware is
  * registered for the route, each callable middleware is invoked in
  * the order specified.
  *
  * This method is smart about trailing slashes on the route pattern.
  * If the route's pattern is defined with a trailing slash, and if the
  * current request URI does not have a trailing slash but otherwise
  * matches the route's pattern, a Slim_Exception_RequestSlash
  * will be thrown triggering an HTTP 301 Permanent Redirect to the same
  * URI _with_ a trailing slash. This Exception is caught in the
  * `Slim::call` loop. If the route's pattern is defined without a
  * trailing slash, and if the current request URI does have a trailing
  * slash, the route will not be matched and a 404 Not Found
  * response will be sent if no subsequent matching routes are found.
  *
  * @param  \Slim\Route                  $route  The route object
  * @return bool                         Was route callable invoked successfully?
  * @throws \Slim\Exception\RequestSlash
  */
 public function dispatch(\Slim\Route $route)
 {
     if (substr($route->getPattern(), -1) === '/' && substr($this->resourceUri, -1) !== '/') {
         throw new Exception\RequestSlash();
     }
     //Invoke middleware
     foreach ($route->getMiddleware() as $mw) {
         if (is_callable($mw)) {
             call_user_func_array($mw, array($route));
         }
     }
     //Invoke callable
     if (is_callable($route->getCallable())) {
         call_user_func_array($route->getCallable(), array_values($route->getParams()));
         return true;
     }
     return false;
 }
コード例 #4
0
 /**
  * Dispatch route
  *
  * This method invokes the route object's callable. If middleware is
  * registered for the route, each callable middleware is invoked in
  * the order specified.
  *
  * @param  \Slim\Route                  $route  The route object
  * @return bool                         Was route callable invoked successfully?
  */
 public function dispatch(\Slim\Route $route)
 {
     $this->currentRoute = $route;
     //Invoke middleware
     foreach ($route->getMiddleware() as $mw) {
         call_user_func_array($mw, array($route));
     }
     //Invoke callable
     call_user_func_array($route->getCallable(), array_values($route->getParams()));
     return true;
 }
コード例 #5
0
ファイル: Router.php プロジェクト: dannykopping/spore
 /**
  * Override Slim's default `dispatch` function
  *
  * @param \Slim\Route $route
  *
  * @return bool
  */
 public function dispatch(\Slim\Route $route)
 {
     $app = $this->getApp();
     $params = $route->getParams();
     $callable = $route->getCallable();
     // check for a matching autoroute based on the request URI
     $autoroute = null;
     if (count($app->routes) > 0) {
         foreach ($app->routes as $testRoute) {
             if (!empty($callable) && $callable === $testRoute->getCallback()) {
                 $autoroute = $testRoute;
                 break;
             }
         }
     }
     // build Request and Response objects to be passed to callable
     $req = $this->getRequestData($route, $params);
     $resp = $this->getResponseData();
     if (!is_callable($callable)) {
         return false;
     }
     $passParams = $app->config("pass-params") == true;
     if ($passParams) {
         // call the autoroute's callback function and pass in the Request and Response objects
         $result = call_user_func_array($callable, array($req, &$resp));
     } else {
         $app->applyHook("spore.autoroute.before", array("request" => &$req, "response" => &$resp, "autoroute" => &$autoroute));
         $result = call_user_func_array($callable, array());
     }
     $outputEmpty = ob_get_length() <= 0;
     $output = "";
     // if the output buffer is empty, we can return our own response
     if ($outputEmpty) {
         // if there is no response data, return a blank response
         if ($result === null && $result !== false) {
             return true;
         }
         if ($autoroute && $autoroute->getTemplate()) {
             $output = $this->getTemplateOutput($autoroute, $app, $result);
         } else {
             $output = Serializer::getSerializedData($app, $result);
         }
         if (empty($output)) {
             return true;
         }
     } else {
         $output = ob_get_clean();
     }
     // return gzip-encoded data if gzip is enabled
     $gzipEnabled = $app->config("gzip");
     $env = $app->environment();
     if (substr_count($env["ACCEPT_ENCODING"], "gzip") && extension_loaded("zlib") && $gzipEnabled) {
         $app->response()->header("Content-Encoding", "gzip");
         $app->response()->header("Vary", "Accept-Encoding");
         $output = gzencode($output, 9, FORCE_GZIP);
     }
     // set the HTTP status
     $app->status($resp->status);
     // set the response body
     $app->response()->body($output);
     return true;
 }
コード例 #6
0
/**
 * Insert/Update User Account
 *
 * Controller for the User Account module.
 *
 * @author      Goran Halusa <*****@*****.**>
 * @since       0.1.0
 * @param       array  $route  The route data array
 */
function insert_update_user_account(\Slim\Route $route)
{
    $app = \Slim\Slim::getInstance();
    $final_global_template_vars = $app->config('final_global_template_vars');
    require_once $final_global_template_vars["absolute_path_to_this_module"] . "/models/user_account.class.php";
    require_once $final_global_template_vars["default_module_list"]["group"]["absolute_path_to_this_module"] . "/models/group.class.php";
    require_once $final_global_template_vars["default_module_list"]["authenticate"]["absolute_path_to_this_module"] . "/models/authenticate.class.php";
    require_once $_SERVER["PATH_TO_VENDOR"] . "wixel/gump/gump.class.php";
    // URL parameters matched in the route.
    $params = $route->getParams();
    $user_account_id = isset($params["user_account_id"]) ? $params["user_account_id"] : false;
    $db_conn = new \PHPSkeleton\models\db($final_global_template_vars["db_connection"]);
    $db_resource = $db_conn->get_resource();
    $useraccount = new \PHPSkeleton\UserAccount($db_resource, $final_global_template_vars["session_key"]);
    $group = new \PHPSkeleton\Group($db_resource, $final_global_template_vars["session_key"]);
    $authenticate = new \PHPSkeleton\Authenticate($db_resource, $final_global_template_vars["session_key"]);
    $post = $app->request()->post();
    $errors = false;
    $gump = new GUMP();
    $rules_password = array();
    $rules = array("first_name" => "required|alpha_numeric", "last_name" => "required|alpha_numeric", "user_account_email" => "required|valid_email");
    if (isset($post["user_account_password"]) && !empty($post["user_account_password"])) {
        $rules_password = array("user_account_password" => "max_len,100|min_len,6", "password_check" => "required|max_len,100|min_len,6");
    }
    $rules = array_merge($rules, $rules_password);
    $validated = $gump->validate($post, $rules);
    if ($post["user_account_password"] != $post["password_check"]) {
        $validated_password_check = array("field" => "user_account_password_check", "value" => null, "rule" => "validate_required");
        if (is_array($validated)) {
            array_push($validated, $validated_password_check);
        } else {
            $validated = array($validated_password_check);
        }
    }
    $errors = array();
    if ($validated !== true) {
        $errors = \phpskeleton\models\utility::gump_parse_errors($validated);
    }
    if (isset($errors["user_account_password_check"])) {
        $errors["user_account_password_check"] = "Passwords did not match.";
    }
    $has_permission = array_intersect($_SESSION[$final_global_template_vars["session_key"]]["user_role_list"], $final_global_template_vars["role_perm_manage_all_accounts_access"]);
    $role_perm_manage_all_accounts_access = empty($has_permission) ? false : true;
    if (!empty($post) && $role_perm_manage_all_accounts_access) {
        $current_group_values = $useraccount->get_user_group_roles_map($user_account_id, $final_global_template_vars["proxy_id"]);
        $proposed_group_value = json_decode($post["group_data"], true);
        $changes = array();
        $current_group_role_array = array();
        $proposed_group_role_array = array();
        foreach ($proposed_group_value as $single_group_info) {
            foreach ($single_group_info["roles"] as $single_role_id) {
                $tmp_array = array("group_id" => $single_group_info["group_id"], "role_id" => $single_role_id);
                $proposed_group_role_array[] = json_encode($tmp_array);
            }
        }
        if (is_array($current_group_values) && !empty($current_group_values)) {
            foreach ($current_group_values as $single_group_info) {
                foreach ($single_group_info["roles"] as $single_role_id) {
                    $tmp_array = array("group_id" => $single_group_info["group_id"], "role_id" => $single_role_id);
                    $current_group_role_array[] = json_encode($tmp_array);
                }
            }
        }
        $changes = array_diff($proposed_group_role_array, $current_group_role_array);
        $changes = array_merge($changes, array_diff($current_group_role_array, $proposed_group_role_array));
        /**
         * Check to see if the user is trying to hack the system and add a role they are not able to.
         **/
        foreach ($changes as $single_change) {
            $single_change_array = json_decode($single_change, true);
            $show_all = array_intersect($_SESSION[$final_global_template_vars["session_key"]]["user_role_list"], $final_global_template_vars["role_perm_assign_user_account_to_any_group"]);
            if (!empty($show_all)) {
                // This user can add any group to any user.
            } else {
                $group_roles = $useraccount->has_role($_SESSION[$final_global_template_vars["session_key"]]["user_account_id"], $final_global_template_vars["administrator_id"], $single_change_array["group_id"]);
                if (empty($group_roles)) {
                    $failed_group = $group->get_group_record($single_change_array["group_id"]);
                    $errors[] = "You are not able to administor group: " . $failed_group["name"];
                }
            }
        }
        // Check to see if the user is trying to add a role to a group they are not able to.
        foreach ($changes as $single_change) {
            $single_change_array = json_decode($single_change, true);
            if (in_array($single_change_array["role_id"], $final_global_template_vars["exclude_ids_from_selector"])) {
                $errors[] = "You are not able to administer that role.";
            }
        }
    }
    if (!$errors) {
        // Hash the incoming password (with some salt).
        if (!empty($post["user_account_password"])) {
            $post["user_account_password"] = $authenticate->generate_hashed_password($post["user_account_password"]);
        }
        $useraccount->insert_update_user_account($post, $user_account_id, true, $final_global_template_vars["proxy_id"], $role_perm_manage_all_accounts_access);
        $useraccount->insert_addresses($post, $user_account_id, $_SESSION[$final_global_template_vars["session_key"]]["user_account_id"]);
        $app->flash('message', 'Account successfully updated.');
        if ($role_perm_manage_all_accounts_access) {
            $app->redirect($final_global_template_vars["path_to_this_module"]);
        } else {
            $app->redirect($final_global_template_vars["path_to_this_module"] . "/manage/" . $user_account_id);
        }
    } else {
        $env = $app->environment();
        $env["default_validation_errors"] = $errors;
    }
}
コード例 #7
-1
function not_same_user(\Slim\Route $route)
{
    $params = $route->getParams();
    if (intval($params["userid"]) === intval($_SESSION['user']['meetup_id'])) {
        $data = array('status' => 'error', 'message' => 'You are not' . $params["userid"]);
        die(json_encode($data));
    }
}