/**
* Generate a url based on a route
*
* @param string $name The route key
* @param array $params key=>value pairs of route parameters
* @param boolean $relative Whether to generate an url relative to web root or an absolute
*
* @return string
*/
public function generate($name, $params = array(), $relative = true, $querydiv = '/', $divider = '/', $equals = '/')
{
if (mb_substr($name, 0, 1) == '@') {
$name = mb_substr($name, 1);
$details = explode('?', $name);
$name = array_shift($details);
if (count($details)) {
$param_details = array_shift($details);
$param_details = explode('&', $param_details);
foreach ($param_details as $detail) {
$param_detail = explode('=', $detail);
if (count($param_detail) > 1) {
$params[$param_detail[0]] = $param_detail[1];
}
}
}
}
if (!isset($this->routes[$name])) {
TBGLogging::log("The route '{$name}' does not exist", 'routing', TBGLogging::LEVEL_FATAL);
throw new Exception("The route '{$name}' does not exist");
}
list($url, $regexp, $names, $names_hash, $action, $module, $defaults, $csrf_enabled) = $this->routes[$name];
$defaults = array('action' => $action, 'module' => $module);
// all params must be given
foreach ($names as $tmp) {
if (!isset($params[$tmp]) && !isset($defaults[$tmp])) {
throw new Exception(sprintf('Route named "%s" have a mandatory "%s" parameter', $name, $tmp));
}
}
$params = self::arrayDeepMerge($defaults, $params);
if ($csrf_enabled) {
$params['csrf_token'] = TBGContext::generateCSRFtoken();
}
// in PHP 5.5, preg_replace with /e modifier is deprecated; preg_replace_callback is recommended
$callback = function ($matches) use($params) {
return array_key_exists($matches[1], $params) ? urlencode($params[$matches[1]]) : $matches[0];
};
$real_url = preg_replace_callback('/\\:([^\\/]+)/', $callback, $url);
// we add all other params if *
if (mb_strpos($real_url, '*')) {
$tmp = array();
foreach ($params as $key => $value) {
if (isset($names_hash[$key]) || isset($defaults[$key])) {
continue;
}
if (is_array($value)) {
foreach ($value as $k => $v) {
if (is_array($v)) {
foreach ($v as $vk => $vv) {
if (is_array($vv)) {
foreach ($vv as $vvk => $vvv) {
$tmp[] = "{$key}[{$k}][{$vk}][{$vvk}]" . $equals . urlencode($vvv);
}
} else {
$tmp[] = "{$key}[{$k}][{$vk}]" . $equals . urlencode($vv);
}
}
} else {
$tmp[] = "{$key}[{$k}]" . $equals . urlencode($v);
}
}
} else {
$tmp[] = urlencode($key) . $equals . urlencode($value);
}
}
$tmp = implode($divider, $tmp);
if (mb_strlen($tmp) > 0) {
$tmp = $querydiv . $tmp;
}
$real_url = preg_replace('/\\/\\*(\\/|$)/', "{$tmp}\$1", $real_url);
}
// strip off last divider character
if (mb_strlen($real_url) > 1) {
$real_url = rtrim($real_url, $divider);
}
if (!$relative) {
return TBGContext::getURLhost() . TBGContext::getStrippedTBGPath() . $real_url;
}
return TBGContext::getStrippedTBGPath() . $real_url;
}
/**
* Do login (AJAX call)
*
* @param TBGRequest $request
*/
public function runDoLogin(TBGRequest $request)
{
$i18n = TBGContext::getI18n();
$options = $request->getParameters();
$forward_url = TBGContext::getRouting()->generate('home');
if ($request->hasParameter('persona') && $request['persona'] == 'true') {
$url = 'https://verifier.login.persona.org/verify';
$assert = filter_input(INPUT_POST, 'assertion', FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
//Use the $_POST superglobal array for PHP < 5.2 and write your own filter
$params = 'assertion=' . urlencode($assert) . '&audience=' . urlencode(TBGContext::getURLhost() . ':80');
$ch = curl_init();
$options = array(CURLOPT_URL => $url, CURLOPT_RETURNTRANSFER => TRUE, CURLOPT_POST => 2, CURLOPT_POSTFIELDS => $params);
curl_setopt_array($ch, $options);
$result = curl_exec($ch);
curl_close($ch);
$details = json_decode($result);
$user = null;
if ($details->status == 'okay') {
$user = TBGUser::getByEmail($details->email);
if ($user instanceof TBGUser) {
TBGContext::getResponse()->setCookie('tbg3_password', $user->getPassword());
TBGContext::getResponse()->setCookie('tbg3_username', $user->getUsername());
TBGContext::getResponse()->setCookie('tbg3_persona_session', true);
return $this->renderJSON(array('status' => 'login ok', 'redirect' => in_array($request['referrer_route'], array('home', 'login'))));
}
}
if (!$user instanceof TBGUser) {
$this->getResponse()->setHttpStatus(401);
$this->renderJSON(array('message' => $this->getI18n()->__('Invalid login')));
}
return;
}
if (TBGSettings::isOpenIDavailable()) {
$openid = new LightOpenID(TBGContext::getRouting()->generate('login_page', array(), false));
}
if (TBGSettings::isOpenIDavailable() && !$openid->mode && $request->isPost() && $request->hasParameter('openid_identifier')) {
$openid->identity = $request->getRawParameter('openid_identifier');
$openid->required = array('contact/email');
$openid->optional = array('namePerson/first', 'namePerson/friendly');
return $this->forward($openid->authUrl());
} elseif (TBGSettings::isOpenIDavailable() && $openid->mode == 'cancel') {
$this->error = TBGContext::getI18n()->__("OpenID authentication cancelled");
} elseif (TBGSettings::isOpenIDavailable() && $openid->mode) {
try {
if ($openid->validate()) {
if ($this->getUser()->isAuthenticated() && !$this->getUser()->isGuest()) {
if (TBGOpenIdAccountsTable::getTable()->getUserIDfromIdentity($openid->identity)) {
TBGContext::setMessage('openid_used', true);
throw new Exception('OpenID already in use');
}
$user = $this->getUser();
} else {
$user = TBGUser::getByOpenID($openid->identity);
}
if ($user instanceof TBGUser) {
$attributes = $openid->getAttributes();
$email = array_key_exists('contact/email', $attributes) ? $attributes['contact/email'] : null;
if (!$user->getEmail()) {
if (array_key_exists('contact/email', $attributes)) {
$user->setEmail($attributes['contact/email']);
}
if (array_key_exists('namePerson/first', $attributes)) {
$user->setRealname($attributes['namePerson/first']);
}
if (array_key_exists('namePerson/friendly', $attributes)) {
$user->setBuddyname($attributes['namePerson/friendly']);
}
if (!$user->getNickname() || $user->isOpenIdLocked()) {
$user->setBuddyname($user->getEmail());
}
if (!$user->getRealname()) {
$user->setRealname($user->getBuddyname());
}
$user->save();
}
if (!$user->hasOpenIDIdentity($openid->identity)) {
TBGOpenIdAccountsTable::getTable()->addIdentity($openid->identity, $email, $user->getID());
}
TBGContext::getResponse()->setCookie('tbg3_password', $user->getPassword());
TBGContext::getResponse()->setCookie('tbg3_username', $user->getUsername());
if ($this->checkScopeMembership($user)) {
return true;
}
return $this->forward(TBGContext::getRouting()->generate(TBGSettings::get('returnfromlogin')));
} else {
$this->error = TBGContext::getI18n()->__("Didn't recognize this OpenID. Please log in using your username and password, associate it with your user account in your account settings and try again.");
}
} else {
$this->error = TBGContext::getI18n()->__("Could not validate against the OpenID provider");
}
} catch (Exception $e) {
$this->error = TBGContext::getI18n()->__("Could not validate against the OpenID provider: %message", array('%message' => htmlentities($e->getMessage(), ENT_COMPAT, TBGContext::getI18n()->getCharset())));
}
} elseif ($request->getMethod() == TBGRequest::POST) {
try {
if ($request->hasParameter('tbg3_username') && $request->hasParameter('tbg3_password') && $request['tbg3_username'] != '' && $request['tbg3_password'] != '') {
$user = TBGUser::loginCheck($request, $this);
TBGContext::setUser($user);
if ($this->checkScopeMembership($user)) {
return true;
}
if ($request->hasParameter('return_to')) {
$forward_url = $request['return_to'];
} else {
if (TBGSettings::get('returnfromlogin') == 'referer') {
$forward_url = $request->getParameter('tbg3_referer', TBGContext::getRouting()->generate('dashboard'));
} else {
$forward_url = TBGContext::getRouting()->generate(TBGSettings::get('returnfromlogin'));
}
}
$forward_url = htmlentities($forward_url, ENT_COMPAT, TBGContext::getI18n()->getCharset());
} else {
throw new Exception('Please enter a username and password');
}
} catch (Exception $e) {
if ($request->isAjaxCall()) {
$this->getResponse()->setHttpStatus(401);
TBGLogging::log($e->getMessage(), 'openid', TBGLogging::LEVEL_WARNING_RISK);
return $this->renderJSON(array("error" => $i18n->__("Invalid login details")));
} else {
$this->forward403($e->getMessage());
}
}
} else {
if ($request->isAjaxCall()) {
$this->getResponse()->setHttpStatus(401);
return $this->renderJSON(array("error" => $i18n->__('Please enter a username and password')));
} else {
$this->forward403($i18n->__('Please enter a username and password'));
}
}
if ($this->checkScopeMembership($user)) {
return true;
}
if ($request->isAjaxCall()) {
return $this->renderJSON(array('forward' => $forward_url));
} else {
$this->forward($this->getRouting()->generate('account'));
}
}