예제 #1
0
파일: PDO.php 프로젝트: nabble/ajde-core
 public function query($query)
 {
     //$cache = Ajde_Db_Cache::getInstance();
     $log = array('query' => $query);
     $start = microtime(true);
     //if (!$cache->has($query)) {
     try {
         $result = parent::query($query);
     } catch (Exception $e) {
         if (Config::get('debug') === true) {
             if (isset($this->queryString)) {
                 dump($this->queryString);
             }
             dump('Go to ' . Config::get('site_root') . '?install=1 to install DB');
             throw new AjdeDbException($e->getMessage());
         } else {
             Log::logException($e);
             die('DB connection problem. <a href="?install=1">Install database?</a>');
         }
     }
     //$cache->set($query, serialize($result));
     //	$log['cache'] = false;
     //} else {
     //	$result = $cache->get($query);
     //	$log['cache'] = true;
     //}
     $time = microtime(true) - $start;
     $log['time'] = round($time * 1000, 0);
     self::$log[] = $log;
     return $result;
 }
예제 #2
0
 /**
  * @return Ajde_Http_Request
  */
 public static function fromGlobal()
 {
     $instance = new self();
     if (!empty($_POST) && self::requirePostToken() && !self::_isWhitelisted()) {
         // Measures against CSRF attacks
         $session = new Session('AC.Form');
         if (!isset($_POST['_token']) || !$session->has('formTime')) {
             // TODO:
             $exception = new Security('No form token received or no form time set, bailing out to prevent CSRF attack');
             if (Config::getInstance()->debug === true) {
                 Response::setResponseType(Response::RESPONSE_TYPE_FORBIDDEN);
                 throw $exception;
             } else {
                 // Prevent inf. loops
                 unset($_POST);
                 // Rewrite
                 Log::logException($exception);
                 Response::dieOnCode(Response::RESPONSE_TYPE_FORBIDDEN);
             }
         }
         $formToken = $_POST['_token'];
         if (!self::verifyFormToken($formToken) || !self::verifyFormTime()) {
             // TODO:
             if (!self::verifyFormToken($formToken)) {
                 $exception = new Security('No matching form token (got ' . self::_getHashFromSession($formToken) . ', expected ' . self::_tokenHash($formToken) . '), bailing out to prevent CSRF attack');
             } else {
                 $exception = new Security('Form token timed out, bailing out to prevent CSRF attack');
             }
             if (Config::getInstance()->debug === true) {
                 Response::setResponseType(Response::RESPONSE_TYPE_FORBIDDEN);
                 throw $exception;
             } else {
                 // Prevent inf. loops
                 unset($_POST);
                 // Rewrite
                 Log::logException($exception);
                 Response::dieOnCode(Response::RESPONSE_TYPE_FORBIDDEN);
             }
         }
     }
     // Security measure, protect $_POST
     //$global = array_merge($_GET, $_POST);
     $global = $_GET;
     foreach ($global as $key => $value) {
         $instance->set($key, $value);
     }
     $instance->_postData = $_POST;
     if (!empty($instance->_postData)) {
         Cache::getInstance()->disable();
     }
     return $instance;
 }
예제 #3
0
 public function __construct($dsn, $user, $password, $options)
 {
     $options = $options + array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION);
     try {
         $connection = new AjdeDbPDO($dsn, $user, $password, $options);
     } catch (Exception $e) {
         // Disable trace on this exception to prevent exposure of sensitive data
         // TODO: exception
         Log::logException($e);
         throw new AjdeException('Could not connect to database', 0, false);
     }
     $this->_connection = $connection;
 }
예제 #4
0
파일: Vimeo.php 프로젝트: nabble/ajde-core
 public function getThumbnail()
 {
     $vmid = $this->_getVimeoId();
     if ($vmid) {
         $response = Curl::get("http://vimeo.com/api/v2/video/{$vmid}.php");
         try {
             $hash = unserialize($response);
         } catch (Exception $e) {
             Log::logException(new AjdeException("Could not parse result from Vimeo"));
             return null;
         }
         return $hash[0]['thumbnail_large'];
     }
     return null;
 }
예제 #5
0
 public static function dieOnCode($code)
 {
     self::setResponseType($code);
     header("Content-type: text/html; charset=UTF-8");
     $_SERVER['REDIRECT_STATUS'] = $code;
     if (array_key_exists($code, Config::getInstance()->responseCodeRoute)) {
         try {
             self::dieOnRoute(Config::getInstance()->responseCodeRoute[$code]);
         } catch (Exception $e) {
             Log::logException($e);
         }
     }
     // fallback
     ob_get_clean();
     include Config::get('local_root') . '/errordocument.php';
     die;
 }
예제 #6
0
 public function publish()
 {
     $tweet = $this->getTitle();
     if ($url = $this->getUrl()) {
         $tweet = substr($tweet, 0, 140 - strlen($url) - 5) . '... ' . $url;
     }
     while ($curlength = iconv_strlen(htmlspecialchars($tweet, ENT_QUOTES, 'UTF-8'), 'UTF-8') >= 140) {
         $tweet = substr($tweet, 0, -1);
     }
     try {
         $response = $this->_twitter->post('statuses/update', array('status' => $tweet));
     } catch (Exception $e) {
         AjdeLog::log($response);
         AjdeExceptionLog::logException($e);
         return false;
     }
     if ($response->user && $response->user->id && $response->id_str) {
         return sprintf("http://twitter.com/%s/status/%s", $response->user->id, $response->id_str);
     } else {
         return false;
     }
 }
예제 #7
0
파일: Mollie.php 프로젝트: nabble/ajde-core
 public function updatePayment()
 {
     $payment = false;
     $mollie = new Client();
     $mollie->setApiKey($this->getApiKey());
     $transaction = new TransactionModel();
     $changed = false;
     // see if we are here for the webhook or user return url
     $mollie_id = Ajde::app()->getRequest()->getPostParam('id', false);
     // from webhook
     $order_id = Ajde::app()->getRequest()->getParam('order_id', false);
     // from user request
     if (!$mollie_id && $order_id) {
         // load from order_id
         $transaction->loadByField('secret', $order_id);
         $mollie_id = $transaction->payment_providerid;
         try {
             $payment = $mollie->payments->get($mollie_id);
         } catch (Exception $e) {
             AjdeExceptionLog::logException($e);
             $payment = false;
         }
     } else {
         if ($mollie_id) {
             // laod from mollie transaction id
             try {
                 $payment = $mollie->payments->get($mollie_id);
                 $order_id = $payment->metadata->order_id;
                 $transaction->loadByField('secret', $order_id);
             } catch (Exception $e) {
                 AjdeExceptionLog::logException($e);
                 $payment = false;
             }
         }
     }
     if (!$payment || !$mollie_id || !$order_id || !$transaction->hasLoaded()) {
         AjdeLog::log('Could not find transaction for Mollie payment for mollie id ' . $mollie_id . ' and transaction secret ' . $order_id);
         return array('success' => false, 'changed' => $changed, 'transaction' => $transaction);
     }
     // what to return?
     $paid = false;
     $payment_details = $payment->details;
     if (is_object($payment_details) || is_array($payment_details)) {
         $payment_details = json_encode($payment_details);
     }
     // save details
     $details = 'PAYMENT STATUS: ' . (string) $payment->status . PHP_EOL . 'PAYMENT AMOUNT: ' . (string) $payment->amount . PHP_EOL . 'PAYMENT AT: ' . (string) $payment->paidDatetime . PHP_EOL . 'CANCELLED AT: ' . (string) $payment->cancelledDatetime . PHP_EOL . 'EXPIRED AT: ' . (string) $payment->expiredDatetime . PHP_EOL . 'PAYER DETAILS: ' . (string) $payment_details;
     $transaction->payment_details = $details;
     switch ($payment->status) {
         case "open":
             if ($transaction->payment_status != 'requested') {
                 $transaction->payment_status = 'requested';
                 $transaction->save();
                 $changed = true;
             }
             break;
         case "paidout":
         case "paid":
             $paid = true;
             // update transaction only once
             if ($transaction->payment_status != 'completed') {
                 $transaction->paid();
                 $changed = true;
             }
             break;
         case "cancelled":
             // update transaction only once
             if ($transaction->payment_status != 'cancelled') {
                 $transaction->payment_status = 'cancelled';
                 $transaction->save();
                 $changed = true;
             }
             break;
         case "expired":
             // update transaction only once
             if ($transaction->payment_status != 'refused') {
                 $transaction->payment_status = 'refused';
                 $transaction->save();
                 $changed = true;
             }
             break;
     }
     return array('success' => $paid, 'changed' => $changed, 'transaction' => $transaction);
 }
예제 #8
0
 public function __bootstrap()
 {
     // Session name
     $sessionName = Config::get('ident') . '_session';
     session_name($sessionName);
     // Session lifetime
     $lifetime = Config::get("sessionLifetime");
     // Security garbage collector
     ini_set('session.gc_maxlifetime', $lifetime == 0 ? 180 * 60 : $lifetime * 60);
     // PHP session garbage collection timeout in minutes
     ini_set('session.gc_divisor', 100);
     // Set divisor and probability for cronjob Ubuntu/Debian
     //		ini_set('session.gc_probability', 1);	// @see http://www.php.net/manual/en/function.session-save-path.php#98106
     // Set session save path
     if (Config::get('sessionSavepath')) {
         ini_set('session.save_path', str_replace('~', Config::get('local_root'), Config::get('sessionSavepath')));
     }
     // Set sessions to use cookies
     ini_set('session.use_cookies', 1);
     ini_set('session.use_only_cookies', 1);
     // @see http://www.php.net/manual/en/session.configuration.php#ini.session.use-only-cookies
     // Session cookie parameter
     $path = Config::get('site_path');
     $domain = Config::get('cookieDomain');
     $secure = Config::get('cookieSecure');
     $httponly = Config::get('cookieHttponly');
     // Set cookie lifetime
     session_set_cookie_params($lifetime * 60, $path, $domain, $secure, $httponly);
     session_cache_limiter('private_no_expire');
     // Start the session!
     session_start();
     // Strengthen session security with REMOTE_ADDR and HTTP_USER_AGENT
     // @see http://shiflett.org/articles/session-hijacking
     // Removed REMOTE_ADDR, use HTTP_X_FORWARDED_FOR if available
     $remoteIp = Request::getClientIP();
     // Ignore Google Chrome frame as it has a split personality
     // @todo TODO: security issue!!
     // @see http://www.chromium.org/developers/how-tos/chrome-frame-getting-started/understanding-chrome-frame-user-agent
     if (isset($_SERVER['HTTP_USER_AGENT']) && substr_count($_SERVER['HTTP_USER_AGENT'], 'chromeframe/') === 0 && isset($_SESSION['client']) && $_SESSION['client'] !== md5($remoteIp . $_SERVER['HTTP_USER_AGENT'] . Config::get('secret'))) {
         // TODO: overhead to call session_regenerate_id? is it not required??
         //session_regenerate_id();
         // thoroughly destroy the current session
         session_destroy();
         unset($_SESSION);
         setcookie(session_name(), session_id(), time() - 3600, $path, $domain, $secure, $httponly);
         // TODO:
         $exception = new Security('Possible session hijacking detected. Bailing out.');
         if (Config::getInstance()->debug === true) {
             throw $exception;
         } else {
             // don't redirect/log for resource items, as they should have no side effect
             // this makes it possible for i.e. web crawlers/error pages to view resources
             $request = Request::fromGlobal();
             $route = $request->initRoute();
             Ajde::app()->setRequest($request);
             if (!in_array($route->getFormat(), array('css', 'js'))) {
                 Log::logException($exception);
                 Cache::getInstance()->disable();
                 // Just destroying the session should be enough
                 //					Ajde_Http_Response::dieOnCode(Ajde_Http_Response::RESPONSE_TYPE_FORBIDDEN);
             }
         }
     } else {
         $_SESSION['client'] = md5($remoteIp . issetor($_SERVER['HTTP_USER_AGENT']) . Config::get('secret'));
         if ($lifetime > 0) {
             // Force send new cookie with updated lifetime (forcing keep-alive)
             // @see http://www.php.net/manual/en/function.session-set-cookie-params.php#100672
             //session_regenerate_id();
             // Set cookie manually if session_start didn't just sent a cookie
             // @see http://www.php.net/manual/en/function.session-set-cookie-params.php#100657
             if (isset($_COOKIE[$sessionName])) {
                 setcookie(session_name(), session_id(), time() + $lifetime * 60, $path, $domain, $secure, $httponly);
             }
         }
     }
     // remove cache headers invoked by session_start();
     if (version_compare(PHP_VERSION, '5.3.0') >= 0) {
         header_remove('X-Powered-By');
     }
     return true;
 }
예제 #9
0
 public static function routingError(Exception $exception)
 {
     if (Config::get("debug") === true) {
         throw $exception;
     } else {
         if (Autoloader::exists('Ajde_Exception_Log')) {
             Log::logException($exception);
         }
         Response::redirectNotFound();
     }
 }