/** * Check if user login is required. If so, use login handler to redirect user. * * @deprecated As of 4.4, moved to {@link eZUserLoginHandler::preCheck()} * @param array $siteBasics * @param eZURI $uri * @return array|true|false|null An associative array on redirect with 'module' and 'function' keys, true on successful * and false/null on #fail. */ function eZCheckUser(array &$siteBasics, eZURI $uri) { if (!$siteBasics['user-object-required']) { return null; } $ini = eZINI::instance(); $requireUserLogin = $ini->variable('SiteAccessSettings', 'RequireUserLogin') == 'true'; $forceLogin = false; if (eZSession::hasStarted()) { $http = eZHTTPTool::instance(); $forceLogin = $http->hasSessionVariable(eZUserLoginHandler::FORCE_LOGIN); } if (!$requireUserLogin && !$forceLogin) { return null; } return eZUserLoginHandler::checkUser($siteBasics, $uri); }
/** * Check if user login is required. If so, use login handler to redirect user. * * @deprecated As of 4.4, moved to {@link eZUserLoginHandler::preCheck()} * @param array $siteBasics * @param eZURI $uri * @return array|true|false|null An associative array on redirect with 'module' and 'function' keys, true on successful * and false/null on #fail. */ function eZCheckUser(array &$siteBasics, eZURI $uri) { eZDebug::writeStrict('Function eZCheckUser() has been deprecated in 4.4 in favor of eZUserLoginHandler::preCheck()', 'Deprecation'); if (!$siteBasics['user-object-required']) { return null; } $ini = eZINI::instance(); $requireUserLogin = $ini->variable('SiteAccessSettings', 'RequireUserLogin') == 'true'; $forceLogin = false; if (eZSession::hasStarted()) { $http = eZHTTPTool::instance(); $forceLogin = $http->hasSessionVariable(eZUserLoginHandler::FORCE_LOGIN); } if (!$requireUserLogin && !$forceLogin) { return null; } return eZUserLoginHandler::checkUser($siteBasics, $uri); }
/** * Returns a shared instance of the eZUser class pr $id value. * If user can not be fetched, then anonymous user is returned and * a warning trown, if anonymous user can not be fetched, then NoUser * is returned and another warning is thrown. * * @param int|false $id On false: Gets current user id from session * or from {@link eZUser::anonymousId()} if not set. * @return eZUser */ static function instance($id = false) { if (!empty($GLOBALS["eZUserGlobalInstance_{$id}"])) { return $GLOBALS["eZUserGlobalInstance_{$id}"]; } $userId = $id; $currentUser = null; $http = eZHTTPTool::instance(); $anonymousUserID = self::anonymousId(); $sessionHasStarted = eZSession::hasStarted(); // If not specified get the current user if ($userId === false) { if ($sessionHasStarted) { $userId = $http->sessionVariable('eZUserLoggedInID'); if (!is_numeric($userId)) { $userId = $anonymousUserID; eZSession::setUserID($userId); $http->setSessionVariable('eZUserLoggedInID', $userId); } } else { $userId = $anonymousUserID; eZSession::setUserID($userId); } } // Check user cache (this effectivly fetches user from cache) // user not found if !isset( isset( $userCache['info'][$userId] ) ) $userCache = self::getUserCacheByUserId($userId); if (isset($userCache['info'][$userId])) { $userArray = $userCache['info'][$userId]; if (is_numeric($userArray['contentobject_id'])) { $currentUser = new eZUser($userArray); $currentUser->setUserCache($userCache); } } $ini = eZINI::instance(); // Check if: // - the user has not logged out, // - the user is not logged in, // - and if a automatic single sign on plugin is enabled. if (!self::$userHasLoggedOut && is_object($currentUser) && !$currentUser->isRegistered()) { $ssoHandlerArray = $ini->variable('UserSettings', 'SingleSignOnHandlerArray'); if (!empty($ssoHandlerArray)) { $ssoUser = false; foreach ($ssoHandlerArray as $ssoHandler) { $className = 'eZ' . $ssoHandler . 'SSOHandler'; if (class_exists($className)) { $impl = new $className(); $ssoUser = $impl->handleSSOLogin(); // If a user was found via SSO, then use it if ($ssoUser !== false) { $currentUser = $ssoUser; $userId = $currentUser->attribute('contentobject_id'); $userInfo = array(); $userInfo[$userId] = array('contentobject_id' => $userId, 'login' => $currentUser->attribute('login'), 'email' => $currentUser->attribute('email'), 'password_hash' => $currentUser->attribute('password_hash'), 'password_hash_type' => $currentUser->attribute('password_hash_type')); eZSession::setUserID($userId); $http->setSessionVariable('eZUserLoggedInID', $userId); eZUser::updateLastVisit($userId); eZUser::setCurrentlyLoggedInUser($currentUser, $userId); eZHTTPTool::redirect(eZSys::wwwDir() . eZSys::indexFile(false) . eZSys::requestURI() . eZSys::queryString(), array(), 302); eZExecution::cleanExit(); } } else { eZDebug::writeError("Undefined ssoHandler class: {$className}", __METHOD__); } } } } if ($userId != $anonymousUserID) { $sessionInactivityTimeout = $ini->variable('Session', 'ActivityTimeout'); if (!isset($GLOBALS['eZSessionIdleTime'])) { eZUser::updateLastVisit($userId); } else { $sessionIdle = $GLOBALS['eZSessionIdleTime']; if ($sessionIdle > $sessionInactivityTimeout) { eZUser::updateLastVisit($userId); } } } if (!$currentUser) { $currentUser = eZUser::fetch(self::anonymousId()); eZDebug::writeWarning('User not found, returning anonymous'); } if (!$currentUser) { $currentUser = new eZUser(array('id' => -1, 'login' => 'NoUser')); eZDebug::writeWarning('Anonymous user not found, returning NoUser'); } $GLOBALS["eZUserGlobalInstance_{$id}"] = $currentUser; return $currentUser; }
/** * Removes the current session and resets session variables. * Note: implicit stops session as well! * * @since 4.1 * @return bool Depending on if session was removed. */ public static function remove() { if (!self::$hasStarted) { return false; } $_SESSION = array(); session_destroy(); self::$hasStarted = false; self::$handlerInstance = null; return true; }
/** * Figures out if current user should be protected or not * based on if (s)he has a session and is logged in. * * @return bool */ protected static function shouldProtectUser() { if (!self::$isEnabled) { return false; } if (!eZSession::hasStarted()) { return false; } if (!eZUser::isCurrentUserRegistered()) { return false; } return true; }
/** * Figures out if current user should be protected or not * based on if (s)he has a session and is logged in. * * @return bool */ protected static function shouldProtectUser() { if (!eZSession::hasStarted()) { return false; } if (!eZUser::currentUser()->isLoggedIn()) { return false; } return true; }
/** * Execution point for controller actions */ public function run() { ob_start(); $this->requestInit(); // send header information foreach (eZHTTPHeader::headerOverrideArray($this->uri) + array('Expires' => 'Mon, 26 Jul 1997 05:00:00 GMT', 'Last-Modified' => gmdate('D, d M Y H:i:s') . ' GMT', 'Cache-Control' => 'no-cache, must-revalidate', 'Pragma' => 'no-cache', 'X-Powered-By' => 'eZ Publish', 'Content-Type' => 'text/html; charset=' . $this->httpCharset, 'Served-by' => $_SERVER["SERVER_NAME"], 'Content-language' => $this->languageCode) as $key => $value) { header($key . ': ' . $value); } try { $moduleResult = $this->dispatchLoop(); } catch (Exception $e) { $this->shutdown(); throw $e; } $ini = eZINI::instance(); /** * Ouput an is_logged_in cookie when users are logged in for use by http cache solutions. * * @deprecated As of 4.5, since 4.4 added lazy session support (init on use) */ if ($ini->variable("SiteAccessSettings", "CheckValidity") !== 'true') { $currentUser = eZUser::currentUser(); $wwwDir = eZSys::wwwDir(); // On host based site accesses this can be empty, causing the cookie to be set for the current dir, // but we want it to be set for the whole eZ publish site $cookiePath = $wwwDir != '' ? $wwwDir : '/'; if ($currentUser->isLoggedIn()) { // Only set the cookie if it doesnt exist. This way we are not constantly sending the set request in the headers. if (!isset($_COOKIE['is_logged_in']) || $_COOKIE['is_logged_in'] !== 'true') { setcookie('is_logged_in', 'true', 0, $cookiePath); } } else { if (isset($_COOKIE['is_logged_in'])) { setcookie('is_logged_in', false, 0, $cookiePath); } } } if ($this->module->exitStatus() == eZModule::STATUS_REDIRECT) { $this->redirect(); } // Store the last URI for access history for login redirection // Only if user has session and only if there was no error or no redirects happen if (eZSession::hasStarted() && $this->module->exitStatus() == eZModule::STATUS_OK) { $currentURI = $this->completeRequestedURI; if (strlen($currentURI) > 0 && $currentURI[0] !== '/') { $currentURI = '/' . $currentURI; } $lastAccessedURI = ""; $lastAccessedViewURI = ""; $http = eZHTTPTool::instance(); // Fetched stored session variables if ($http->hasSessionVariable("LastAccessesURI")) { $lastAccessedViewURI = $http->sessionVariable("LastAccessesURI"); } if ($http->hasSessionVariable("LastAccessedModifyingURI")) { $lastAccessedURI = $http->sessionVariable("LastAccessedModifyingURI"); } // Update last accessed view page if ($currentURI != $lastAccessedViewURI && !in_array($this->module->uiContextName(), array('edit', 'administration', 'browse', 'authentication'))) { $http->setSessionVariable("LastAccessesURI", $currentURI); } // Update last accessed non-view page if ($currentURI != $lastAccessedURI) { $http->setSessionVariable("LastAccessedModifyingURI", $currentURI); } } eZDebug::addTimingPoint("Module end '" . $this->module->attribute('name') . "'"); if (!is_array($moduleResult)) { eZDebug::writeError('Module did not return proper result: ' . $this->module->attribute('name'), 'index.php'); $moduleResult = array(); $moduleResult['content'] = false; } if (!isset($moduleResult['ui_context'])) { $moduleResult['ui_context'] = $this->module->uiContextName(); } $moduleResult['ui_component'] = $this->module->uiComponentName(); $moduleResult['is_mobile_device'] = $this->mobileDeviceDetect->isMobileDevice(); $moduleResult['mobile_device_alias'] = $this->mobileDeviceDetect->getUserAgentAlias(); $templateResult = null; eZDebug::setUseExternalCSS($this->siteBasics['external-css']); if ($this->siteBasics['show-page-layout']) { $tpl = eZTemplate::factory(); if ($tpl->hasVariable('node')) { $tpl->unsetVariable('node'); } if (!isset($moduleResult['path'])) { $moduleResult['path'] = false; } $moduleResult['uri'] = eZSys::requestURI(); $tpl->setVariable("module_result", $moduleResult); $meta = $ini->variable('SiteSettings', 'MetaDataArray'); if (!isset($meta['description'])) { $metaDescription = ""; if (isset($moduleResult['path']) && is_array($moduleResult['path'])) { foreach ($moduleResult['path'] as $pathPart) { if (isset($pathPart['text'])) { $metaDescription .= $pathPart['text'] . " "; } } } $meta['description'] = $metaDescription; } $this->site['uri'] = $this->oldURI; $this->site['redirect'] = false; $this->site['meta'] = $meta; $this->site['version'] = eZPublishSDK::version(); $this->site['page_title'] = $this->module->title(); $tpl->setVariable("site", $this->site); if ($ini->variable('DebugSettings', 'DisplayDebugWarnings') === 'enabled') { // Make sure any errors or warnings are reported if (isset($GLOBALS['eZDebugError']) && $GLOBALS['eZDebugError']) { eZAppendWarningItem(array('error' => array('type' => 'error', 'number' => 1, 'count' => $GLOBALS['eZDebugErrorCount']), 'identifier' => 'ezdebug-first-error', 'text' => ezpI18n::tr('index.php', 'Some errors occurred, see debug for more information.'))); } if (isset($GLOBALS['eZDebugWarning']) && $GLOBALS['eZDebugWarning']) { eZAppendWarningItem(array('error' => array('type' => 'warning', 'number' => 1, 'count' => $GLOBALS['eZDebugWarningCount']), 'identifier' => 'ezdebug-first-warning', 'text' => ezpI18n::tr('index.php', 'Some general warnings occured, see debug for more information.'))); } } if ($this->siteBasics['user-object-required']) { $currentUser = eZUser::currentUser(); $tpl->setVariable("current_user", $currentUser); $tpl->setVariable("anonymous_user_id", $ini->variable('UserSettings', 'AnonymousUserID')); } else { $tpl->setVariable("current_user", false); $tpl->setVariable("anonymous_user_id", false); } $tpl->setVariable("access_type", $this->access); $tpl->setVariable('warning_list', !empty($this->warningList) ? $this->warningList : false); $resource = "design:"; if (is_string($this->siteBasics['show-page-layout'])) { if (strpos($this->siteBasics['show-page-layout'], ":") !== false) { $resource = ""; } } else { $this->siteBasics['show-page-layout'] = "pagelayout.tpl"; } // Set the navigation part // Check for navigation part settings $navigationPartString = 'ezcontentnavigationpart'; if (isset($moduleResult['navigation_part'])) { $navigationPartString = $moduleResult['navigation_part']; // Fetch the navigation part } $navigationPart = eZNavigationPart::fetchPartByIdentifier($navigationPartString); $tpl->setVariable('navigation_part', $navigationPart); $tpl->setVariable('uri_string', $this->uri->uriString()); if (isset($moduleResult['requested_uri_string'])) { $tpl->setVariable('requested_uri_string', $moduleResult['requested_uri_string']); } else { $tpl->setVariable('requested_uri_string', $this->actualRequestedURI); } // Set UI context and component $tpl->setVariable('ui_context', $moduleResult['ui_context']); $tpl->setVariable('ui_component', $moduleResult['ui_component']); $templateResult = $tpl->fetch($resource . $this->siteBasics['show-page-layout']); } else { $templateResult = $moduleResult['content']; } eZDebug::addTimingPoint("Script end"); $content = trim(ob_get_clean()); ob_start(); eZDB::checkTransactionCounter(); eZDisplayResult($templateResult); $content .= ob_get_clean(); $this->shutdown(); return new ezpKernelResult($content); }
$tpl = eZTemplate::factory(); if (empty($warningList)) { $warningList = false; } $tpl->setVariable('site', $site); $tpl->setVariable('warning_list', $warningList); $tpl->setVariable('redirect_uri', eZURI::encodeURL($redirectURI)); $templateResult = $tpl->fetch('design:redirect.tpl'); eZDebug::addTimingPoint("Script end"); eZDisplayResult($templateResult); } eZExecution::cleanExit(); } // Store the last URI for access history for login redirection // Only if user has session and only if there was no error or no redirects happen if (eZSession::hasStarted() && $module->exitStatus() == eZModule::STATUS_OK) { $currentURI = $completeRequestedURI; if (strlen($currentURI) > 0 and $currentURI[0] != '/') { $currentURI = '/' . $currentURI; } $lastAccessedURI = ""; $lastAccessedViewURI = ""; $http = eZHTTPTool::instance(); // Fetched stored session variables if ($http->hasSessionVariable("LastAccessesURI")) { $lastAccessedViewURI = $http->sessionVariable("LastAccessesURI"); } if ($http->hasSessionVariable("LastAccessedModifyingURI")) { $lastAccessedURI = $http->sessionVariable("LastAccessedModifyingURI"); } // Update last accessed view page
$tpl = eZTemplate::factory(); if (count($warningList) == 0) { $warningList = false; } $tpl->setVariable('site', $site); $tpl->setVariable('warning_list', $warningList); $tpl->setVariable('redirect_uri', eZURI::encodeURL($redirectURI)); $templateResult = $tpl->fetch('design:redirect.tpl'); eZDebug::addTimingPoint("End"); eZDisplayResult($templateResult); } eZExecution::cleanExit(); } // Store the last URI for access history for login redirection // Only if database is connected, user has session and only if there was no error or no redirects happen if (eZSession::hasStarted() && is_object($db) && $db->isConnected() && $module->exitStatus() == eZModule::STATUS_OK) { $currentURI = $completeRequestedURI; if (strlen($currentURI) > 0 and $currentURI[0] != '/') { $currentURI = '/' . $currentURI; } $lastAccessedURI = ""; $lastAccessedViewURI = ""; $http = eZHTTPTool::instance(); // Fetched stored session variables if ($http->hasSessionVariable("LastAccessesURI")) { $lastAccessedViewURI = $http->sessionVariable("LastAccessesURI"); } if ($http->hasSessionVariable("LastAccessedModifyingURI")) { $lastAccessedURI = $http->sessionVariable("LastAccessedModifyingURI"); } // Update last accessed view page
$tpl->setVariable( 'site', $site ); $tpl->setVariable( 'warning_list', $warningList ); $tpl->setVariable( 'redirect_uri', eZURI::encodeURL( $redirectURI ) ); $templateResult = $tpl->fetch( 'design:redirect.tpl' ); eZDebug::addTimingPoint( "End" ); eZDisplayResult( $templateResult ); } eZExecution::cleanExit(); } // Store the last URI for access history for login redirection // Only if user has session and only if there was no error or no redirects happen if ( eZSession::hasStarted() && $module->exitStatus() == eZModule::STATUS_OK ) { $currentURI = $completeRequestedURI; if ( strlen( $currentURI ) > 0 and $currentURI[0] != '/' ) $currentURI = '/' . $currentURI; $lastAccessedURI = ""; $lastAccessedViewURI = ""; $http = eZHTTPTool::instance(); // Fetched stored session variables if ( $http->hasSessionVariable( "LastAccessesURI" ) ) { $lastAccessedViewURI = $http->sessionVariable( "LastAccessesURI" );
/** * Removes the current session and resets session variables. * Note: implicit stops session as well! * * @since 4.1 * @return bool Depending on if session was removed. */ public static function remove() { // CLI scripts can use sessions and in that case session is forced to start. // However, Symfony does not handle sessions in CLI (which seems to be normal), so session is never started. // Hence check with session_id() if (!self::$hasStarted || session_id() === '') { return false; } $_SESSION = array(); session_destroy(); self::$hasStarted = false; self::$handlerInstance = null; return true; }
/** * Create a ezsrRatingDataObject by definition data (but do not store it, thats up to you!) * NOTE: you have to provide the following attributes: * contentobject_id * contentobject_attribute_id * rating (this is only requried if you plan to store the object) * * @param array $row * @return ezsrRatingDataObject */ static function create( $row = array() ) { if ( !isset( $row['session_key'] ) ) { $http = eZHTTPTool::instance(); if ( eZINI::instance()->variable( 'eZStarRating', 'UseUserSession' ) === 'enabled' && !eZSession::hasStarted() ) { // Creates a session for anonymous eZSession::start(); } $row['session_key'] = $http->sessionID(); } if ( !isset( $row['user_id'] ) ) { $row['user_id'] = eZUser::currentUserID(); } if ( !isset( $row['created_at'] ) ) { $row['created_at'] = time(); } if ( !isset( $row['contentobject_id'] ) ) { eZDebug::writeError( 'Missing \'contentobject_id\' parameter!', __METHOD__ ); } if ( !isset( $row['contentobject_attribute_id'] ) ) { eZDebug::writeError( 'Missing \'contentobject_attribute_id\' parameter!', __METHOD__ ); } $object = new self( $row ); return $object; }