Пример #1
0
 public function __construct($name, $style = 'default', $format = null)
 {
     $this->setName($name);
     $this->setStyle($style);
     $base = LAYOUT_DIR . $this->getName() . '/';
     $action = $this->getStyle();
     if (!$format) {
         $format = Ajde_Http_Request::isAjax() && $this->exist($base, $action, 'ajax') || Ajde::app()->getDocument()->getFormat() === 'ajax' ? 'ajax' : 'html';
     }
     parent::__construct($base, $action, $format);
 }
Пример #2
0
 public function run()
 {
     // For debugger
     $this->addTimer('<i>Application</i>');
     // Create fresh response
     $timer = $this->addTimer('Create response');
     $response = new Ajde_Http_Response();
     $this->setResponse($response);
     $this->endTimer($timer);
     // Bootstrap init
     $timer = $this->addTimer('Run bootstrap cue');
     $bootstrap = new Ajde_Core_Bootstrap();
     $bootstrap->run();
     $this->endTimer($timer);
     // Get request
     $timer = $this->addTimer('Read in global request');
     $request = Ajde_Http_Request::fromGlobal();
     $this->setRequest($request);
     $this->endTimer($timer);
     // Get route
     $timer = $this->addTimer('Initialize route');
     $route = $request->initRoute();
     $this->setRoute($route);
     $this->endTimer($timer);
     // Load document
     $timer = $this->addTimer('Create document');
     $document = Ajde_Document::fromRoute($route);
     $this->setDocument($document);
     $this->endTimer($timer);
     // Load controller
     $timer = $this->addTimer('Load controller');
     $controller = Ajde_Controller::fromRoute($route);
     $this->setController($controller);
     $this->endTimer($timer);
     // Invoke controller action
     $timer = $this->addTimer('Invoke controller');
     $actionResult = $controller->invoke();
     $document->setBody($actionResult);
     $this->endTimer($timer);
     // Get document contents
     $timer = $this->addTimer('Render document');
     $contents = $document->render();
     $this->endTimer($timer);
     // Let the cache handle the contents and have it saved to the response
     $timer = $this->addTimer('Save to response');
     $cache = Ajde_Cache::getInstance();
     $cache->setContents($contents);
     $cache->saveResponse();
     $this->endTimer($timer);
     // Output the buffer
     $response->send();
 }
Пример #3
0
 public function logoff()
 {
     if ($user = $this->getLoggedInUser()) {
         $user->logout();
     }
     if ($returnto = Ajde::app()->getRequest()->getParam('returnto', false)) {
         $this->redirect($returnto);
     } elseif (substr_count(Ajde_Http_Request::getRefferer(), 'logoff') > 0 || !Ajde_Http_Request::getRefferer()) {
         $this->redirect('user');
     } else {
         $this->redirect(Ajde_Http_Response::REDIRECT_REFFERER);
     }
 }
Пример #4
0
 public function __construct($name, $style = 'default', $format = null)
 {
     $this->setName($name);
     $this->setStyle($style);
     $base = LAYOUT_DIR . $this->getName() . DIRECTORY_SEPARATOR;
     $action = $this->getStyle();
     if (!$format) {
         if (Ajde_Http_Request::isAjax() && $this->exist($base, $action, 'ajax') || Ajde::app()->getDocument()->getFormat() === 'ajax') {
             $format = 'ajax';
         } else {
             if (Ajde::app()->getDocument()->getFormat() === 'crud') {
                 $format = 'crud';
             } else {
                 $format = 'html';
             }
         }
     }
     parent::__construct($base, $action, $format);
 }
Пример #5
0
 private function submission($crudId, $id)
 {
     $session = new Ajde_Session('AC.Crud');
     /* @var $crud Ajde_Crud */
     $crud = $session->getModel($crudId);
     // verify that we have a valid crud model
     if (!$crud) {
         return ['success' => false];
     }
     /* @var $model FormModel */
     $model = $crud->getModel();
     $model->setOptions($crud->getOptions('model'));
     // Get POST params
     $post = Ajde_Http_Request::globalPost();
     $id = issetor($post['id']);
     // verify that we have a valid form model
     if (!$id) {
         return ['success' => false];
     }
     // load form
     $model->loadByPK($id);
     $model->populate($post);
     // validate form
     Ajde_Event::trigger($model, 'beforeCrudSave', [$crud]);
     if (!$model->validate($crud->getOptions('fields'))) {
         return ['operation' => 'save', 'success' => false, 'errors' => $model->getValidationErrors()];
     }
     // prepare submission
     $values = [];
     foreach ($post as $key => $value) {
         if (substr($key, 0, 5) === 'meta_') {
             $metaId = str_replace('meta_', '', $key);
             $metaName = MetaModel::getNameFromId($metaId);
             $values[$metaName] = $value;
         }
     }
     $entryText = '';
     foreach ($values as $k => $v) {
         $entryText .= $k . ': ' . $v . PHP_EOL;
     }
     $submission = new SubmissionModel();
     $submission->form = $id;
     $submission->ip = $_SERVER['REMOTE_ADDR'];
     $submission->user = Ajde_User::getLoggedIn();
     $submission->entry = json_encode($values);
     $submission->entry_text = $entryText;
     $success = $submission->insert();
     if ($success === true) {
         // Destroy reference to crud instance
         $session->destroy($crudId);
         // set message for next page
         Ajde_Session_Flash::alert(trans('Form submitted successfully'));
         $mailer = new Ajde_Mailer();
         // send email to administrator
         $body = 'Form: ' . $model->displayField() . '<br/><br/>' . nl2br($entryText);
         $mailer->SendQuickMail(config('app.email'), config('app.email'), config('app.title'), 'New form submission', $body);
         // send email to user
         $email = $model->getEmail();
         /* @var $email EmailModel */
         $email_to = $model->getEmailTo();
         /* @var $email MetaModel */
         $email_address = issetor($post['meta_' . $email_to->getPK()]);
         if ($email->hasLoaded() && $email_to->hasLoaded() && $email_address) {
             $mailer->sendUsingModel($email->getIdentifier(), $email_address, $email_address, ['entry' => nl2br($entryText)]);
         }
     }
     return ['operation' => 'save', 'id' => $model->getPK(), 'displayField' => $model->get($model->getDisplayField()), 'success' => $success];
 }
Пример #6
0
 public function updatePayment()
 {
     // PHP 4.1
     // read the post from PayPal system and add 'cmd'
     $req = 'cmd=_notify-validate';
     $post = Ajde_Http_Request::globalPost();
     foreach ($post as $key => $value) {
         $value = urlencode(stripslashes($value));
         $req .= "&{$key}={$value}";
     }
     // post back to PayPal system to validate
     $header = '';
     $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
     $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
     $header .= 'Content-Length: ' . strlen($req) . "\r\n\r\n";
     $fp = fsockopen($this->isSandbox() ? 'ssl://www.sandbox.paypal.com' : 'ssl://www.paypal.com', 443, $errno, $errstr, 30);
     // assign posted variables to local variables
     $item_name = issetor($post['item_name']);
     $item_number = issetor($post['item_number']);
     $payment_status = issetor($post['payment_status']);
     $payment_amount = issetor($post['mc_gross']);
     $payment_currency = issetor($post['mc_currency']);
     $txn_id = issetor($post['txn_id']);
     $receiver_email = issetor($post['receiver_email']);
     $payer_email = issetor($post['payer_email']);
     $secret = issetor($post['custom']);
     $transaction = new TransactionModel();
     $changed = false;
     if (!$fp) {
         // HTTP ERROR
     } else {
         fwrite($fp, $header . $req);
         while (!feof($fp)) {
             $res = fgets($fp, 1024);
             if (strcmp($res, 'VERIFIED') == 0) {
                 if (!$transaction->loadByField('secret', $secret)) {
                     Ajde_Log::log('Could not find transaction for PayPal payment with txn id ' . $txn_id . ' and transaction secret ' . $secret);
                     return ['success' => false, 'transaction' => null];
                 }
                 // check the payment_status is Completed
                 // accept Pending from PayPal (eChecks?)
                 $acceptPending = true;
                 if ($payment_status == 'Completed' || $acceptPending && $payment_status == 'Pending') {
                     $details = 'AMOUNT: ' . $payment_amount . PHP_EOL . 'CURRENCY: ' . $payment_currency . PHP_EOL . 'PAYER_EMAIL: ' . $payer_email . PHP_EOL . 'RECEIVER_EMAIL: ' . $receiver_email . PHP_EOL . 'TXN_ID: ' . $txn_id . PHP_EOL;
                     // update transaction only once
                     if ($transaction->payment_status != 'completed') {
                         $transaction->payment_details = $details;
                         $transaction->payment_status = 'completed';
                         $transaction->save();
                         $changed = true;
                     }
                     // Write pending to Log
                     if ($payment_status == 'Pending') {
                         Ajde_Log::log('Status is Pending but accepting now. PayPal payment with txn id ' . $txn_id . ' and transaction secret ' . $secret);
                     }
                     return ['success' => true, 'changed' => $changed, 'transaction' => $transaction];
                 } else {
                     if ($transaction->payment_status != 'refused') {
                         $transaction->payment_status = 'refused';
                         $transaction->save();
                         $changed = true;
                     }
                     Ajde_Log::log('Status is not Completed but ' . $payment_status . ' for PayPal payment with txn id ' . $txn_id . ' and transaction secret ' . $secret);
                 }
                 // check that txn_id has not been previously processed
                 // check that receiver_email is your Primary PayPal email
                 // check that payment_amount/payment_currency are correct
                 // process payment
             } else {
                 if (strcmp($res, 'INVALID') == 0) {
                     if (!$transaction->loadByField('secret', $secret)) {
                         // secret not found anyway
                         $transaction = null;
                         Ajde_Log::log('Could not find transaction for PayPal payment with txn id ' . $txn_id . ' and transaction secret ' . $secret);
                     } else {
                         // log for manual investigation
                         if ($transaction->payment_status != 'refused') {
                             $transaction->payment_status = 'refused';
                             $transaction->save();
                             $changed = true;
                         }
                         Ajde_Log::log('Validation failed for PayPal payment with txn id ' . $txn_id);
                     }
                 }
             }
         }
         fclose($fp);
     }
     return ['success' => false, 'changed' => $changed, 'transaction' => $transaction];
 }
Пример #7
0
 public function setRedirect($url = self::REDIRECT_SELF)
 {
     if ($url === true || $url === self::REDIRECT_HOMEPAGE) {
         $this->addHeader('Location', config('app.rootUrl'));
     } elseif ($url === self::REDIRECT_REFFERER) {
         $this->addHeader('Location', Ajde_Http_Request::getRefferer());
     } elseif ($url === self::REDIRECT_SELF || empty($url)) {
         $route = (string) Ajde::app()->getRoute();
         $this->addHeader('Location', config('app.rootUrl') . $route);
     } elseif (substr($url, 0, 7) == 'http://' || substr($url, 0, 8) == 'https://') {
         $this->addHeader('Location', $url);
     } elseif ($url) {
         $this->addHeader('Location', config('app.rootUrl') . $url);
     }
     // Don't load any content after Location header is set
     Ajde::app()->getDocument()->setLayout(new Ajde_Layout('empty'));
 }
Пример #8
0
 public function loadRequest()
 {
     $request = Ajde_Http_Request::fromGlobal();
     $this->setRequest($request);
     return $request;
 }
Пример #9
0
 public function __bootstrap()
 {
     // Session name
     $sessionName = config('app.id') . '_session';
     session_name($sessionName);
     // Session lifetime
     $lifetime = config('session.lifetime');
     // Security garbage collector
     ini_set('session.gc_maxlifetime', $lifetime == 0 ? 180 * 60 : $lifetime * 60);
     // PHP session garbage collection timeout in minutes
     ini_set('session.gc_divisor', 100);
     // Set divisor and probability for cronjob Ubuntu/Debian
     //		ini_set('session.gc_probability', 1);	// @see http://www.php.net/manual/en/function.session-save-path.php#98106
     // Set session save path
     if (config('session.savepath')) {
         ini_set('session.save_path', str_replace('~', LOCAL_ROOT, config('session.savepath')));
     }
     // Set sessions to use cookies
     ini_set('session.use_cookies', 1);
     ini_set('session.use_only_cookies', 1);
     // @see http://www.php.net/manual/en/session.configuration.php#ini.session.use-only-cookies
     // Session cookie parameter
     $path = config('app.path');
     $domain = config('security.cookie.domain');
     $secure = config('security.cookie.secure');
     $httponly = config('security.cookie.httponly');
     // Set cookie lifetime
     session_set_cookie_params($lifetime * 60, $path, $domain, $secure, $httponly);
     session_cache_limiter('private_no_expire');
     // Start the session!
     session_start();
     // Strengthen session security with REMOTE_ADDR and HTTP_USER_AGENT
     // @see http://shiflett.org/articles/session-hijacking
     // Removed REMOTE_ADDR, use HTTP_X_FORWARDED_FOR if available
     $remoteIp = Ajde_Http_Request::getClientIP();
     // Ignore Google Chrome frame as it has a split personality
     // @todo TODO: security issue!!
     // @see http://www.chromium.org/developers/how-tos/chrome-frame-getting-started/understanding-chrome-frame-user-agent
     if (isset($_SERVER['HTTP_USER_AGENT']) && substr_count($_SERVER['HTTP_USER_AGENT'], 'chromeframe/') === 0 && isset($_SESSION['client']) && $_SESSION['client'] !== md5($remoteIp . $_SERVER['HTTP_USER_AGENT'] . config('security.secret'))) {
         // TODO: overhead to call session_regenerate_id? is it not required??
         //session_regenerate_id();
         // thoroughly destroy the current session
         session_destroy();
         unset($_SESSION);
         setcookie(session_name(), session_id(), time() - 3600, $path, $domain, $secure, $httponly);
         // TODO:
         $exception = new Ajde_Core_Exception_Security('Possible session hijacking detected. Bailing out.');
         if (config('app.debug') === true) {
             throw $exception;
         } else {
             // don't redirect/log for resource items, as they should have no side effect
             // this makes it possible for i.e. web crawlers/error pages to view resources
             $request = Ajde_Http_Request::fromGlobal();
             $route = $request->initRoute();
             Ajde::app()->setRequest($request);
             if (!in_array($route->getFormat(), ['css', 'js'])) {
                 Ajde_Exception_Log::logException($exception);
                 Ajde_Cache::getInstance()->disable();
                 // Just destroying the session should be enough
                 //					Ajde_Http_Response::dieOnCode(Ajde_Http_Response::RESPONSE_TYPE_FORBIDDEN);
             }
         }
     } else {
         $_SESSION['client'] = md5($remoteIp . issetor($_SERVER['HTTP_USER_AGENT']) . config('security.secret'));
         if ($lifetime > 0) {
             // Force send new cookie with updated lifetime (forcing keep-alive)
             // @see http://www.php.net/manual/en/function.session-set-cookie-params.php#100672
             //session_regenerate_id();
             // Set cookie manually if session_start didn't just sent a cookie
             // @see http://www.php.net/manual/en/function.session-set-cookie-params.php#100657
             if (isset($_COOKIE[$sessionName])) {
                 setcookie(session_name(), session_id(), time() + $lifetime * 60, $path, $domain, $secure, $httponly);
             }
         }
     }
     // remove cache headers invoked by session_start();
     if (version_compare(PHP_VERSION, '5.3.0') >= 0) {
         header_remove('X-Powered-By');
     }
     return true;
 }