/** * Before exception is happening. * * @param Event $event Event object. * @param Dispatcher $dispatcher Dispatcher object. * @param PhalconException $exception Exception object. * * @throws \Phalcon\Exception * @return bool */ public function beforeException($event, $dispatcher, $exception) { // Handle 404 exceptions. if ($exception instanceof PhDispatchException) { $dispatcher->forward(['module' => EngineApplication::SYSTEM_DEFAULT_MODULE, 'namespace' => ucfirst(EngineApplication::SYSTEM_DEFAULT_MODULE) . '\\Controller', 'controller' => 'Error', 'action' => 'show404']); return false; } if (ENV == ENV_DEVELOPMENT) { throw $exception; } else { EngineException::logException($exception); } // Handle other exceptions. $dispatcher->forward(['module' => EngineApplication::SYSTEM_DEFAULT_MODULE, 'namespace' => ucfirst(EngineApplication::SYSTEM_DEFAULT_MODULE) . '\\Controller', 'controller' => 'Error', 'action' => 'show500']); return $event->isStopped(); }
/** * This method forward to the action. * * @param object $Router the instance of the Router class. */ public static function dispatch($Router) { $moduleName = $Router->getModuleName(); $params = $Router->getParams(); $controllerName = $Router->getControllerName(); //the name without 'Controller' $actionName = $Router->getActionName(); session_start(); Dispatcher::forward($moduleName, $controllerName, $actionName, $params); session_write_close(); }
/** * This action is executed before execute any action in the application * * @param Event $event * @param Dispatcher $dispatcher */ public function beforeDispatch(Event $event, Dispatcher $dispatcher) { $auth = $this->session->get('auth'); if (!$auth) { $role = 'Guests'; } else { $role = 'Users'; } $controller = $dispatcher->getControllerName(); $action = $dispatcher->getActionName(); $acl = $this->getAcl(); $allowed = $acl->isAllowed($role, $controller, $action); if ($allowed != Acl::ALLOW) { $dispatcher->forward(array('controller' => 'errors', 'action' => 'show401')); $this->session->destroy(); return false; } }
/** * The signIn method - check with the database table with uid, pwd and mapping table * and dispatch to the responding action after login. * * @param string $uid * @param string $pwd * @param string $mapTbl */ public function signIn($moduleName = null, $controllerName = null, $actionName = null) { $moduleName = is_null($moduleName) ? MvcReg::getModuleName() : $moduleName; $controllerName = is_null($controllerName) ? MvcReg::getControllerName() : $controllerName; $actionName = is_null($actionName) ? MvcReg::getActionName() : $actionName; $acl = AclUtility::getInstance(); $tbl_id = $acl->getTableIdByModule($moduleName); //if the module is not from MvcReg or different from MvcReg, need to get the mapDbId again for reset the acDb if (!is_null($moduleName) || $moduleName == MvcReg::getModuleName()) { $mapDbId = $acl->getMapDatabaseId($tbl_id); $this->setDb($mapDbId); } $tableName = $acl->getTableById($tbl_id); $mapFields = $acl->getMappingFieldByTbl($tbl_id); //prepare encryption setting $encrytionArray = $acl->getEncrytion(); $encrytion = $encrytionArray[$tbl_id]; $useEcryption = isset($encrytion['use_pwd_encryption']) ? $encrytion['use_pwd_encryption'] : NULL; //This sets the default method to PHP MD5 encryption $encrytionOption = isset($encrytion['encrytion_option']) ? $encrytion['encrytion_option'] : "PHP"; $encrytionMethod = isset($encrytion['encrytion_method']) ? $encrytion['encrytion_method'] : "MD5"; $dbUid = $mapFields["user_id"]; $dbPwd = isset($mapFields["pwd"]) ? $mapFields["pwd"] : null; $dbSalt = isset($mapFields["pwd_encrypt"]) ? $mapFields["pwd_encrypt"] : null; $dbIsdelete = isset($mapFields["is_delete"]) ? $mapFields["is_delete"] : null; $dbIsdeleteValue = isset($mapFields["is_delete_value"]) && !is_null($dbIsdelete) ? $mapFields["is_delete_value"] : null; $params = Parameter::getParams(); if (isset($params["{$dbUid}"]) && isset($params["{$dbPwd}"])) { $uid = $params["{$dbUid}"]; $pwd = $params["{$dbPwd}"]; } else { throw new AiryException("Not passing the user id and password from the login form"); } $mysql_results = null; //determine use encryption for password or not if (!is_null($useEcryption) && ($useEcryption == 1 || strtoupper($useEcryption) == "TRUE")) { $salt = ""; if (strtoupper($encrytionOption) == "PHP") { /** * Currently, only support MD5 */ if (strtoupper($encrytionMethod) == self::MD5) { $salt = md5(trim($pwd)); } } else { $encryObj = new $encrytionOption(); $salt = $encryObj->{$encrytionMethod}(trim($pwd)); } $mysql_results = $this->getUserByUid($tableName, $dbUid, $uid, $dbIsdelete, $dbIsdeleteValue); } else { $mysql_results = $this->getUserByUid($tableName, $dbUid, $uid, $dbIsdelete, $dbIsdeleteValue); } $rows = mysql_fetch_array($mysql_results, MYSQL_ASSOC); $bLogin = false; if (is_array($rows)) { if (!is_null($useEcryption) && ($useEcryption == 1 || strtoupper($useEcryption) == "TRUE")) { if ($rows[$dbSalt] == $salt) { $bLogin = true; } } else { if ($rows[$dbPwd] == $pwd) { $bLogin = true; } } } if ($bLogin) { $_SESSION[$moduleName][Authentication::UID] = $uid; $_SESSION[$moduleName][Authentication::ENCRYPT_UID] = Base64UrlCode::encrypt($uid); $_SESSION[$moduleName][Authentication::IS_LOGIN] = true; $_SESSION[Authentication::UID]['module'] = $moduleName; foreach ($rows as $key => $value) { $_SESSION[$moduleName]['user'][$key] = $value; } $successfulArray = $acl->getSuccessfulDispatch(); $successfulController = $successfulArray[$moduleName]['controller']; $successfulAction = $successfulArray[$moduleName]['action']; //forward to login sucessful action - this is set in the act.xml Dispatcher::forward($moduleName, $successfulController, $successfulAction, $params); } else { $authArray = $acl->getAuthentications(); $loginErrorActionName = "loginErrorAction"; if (isset($authArray[$moduleName]['login_error_action'])) { $loginErrorActionName = $authArray[$moduleName]['login_error_action']; } //forward to login error action Dispatcher::forward($moduleName, $controllerName, $loginErrorActionName, $params); } }