/** * Add the user's token to the template * @access public * @return array */ public function addUserToken() { $dotAuth = Dot_Auth::getInstance(); $user = $dotAuth->getIdentity('user'); $this->setVar('USERTOKEN', Dot_Auth::generateUserToken($user->password)); }
* If we do not have the token, it will be marked with NULL * * NULL - user does not have a token * '' - user have an empty token * Any other (string) value - the token * * See Dot_Auth::checkUserToken() */ $userToken = isset($_POST['userToken']) ? $_POST['userToken'] : null; /** * From this point , the control is taken by the Action specific controller * call the Action specific file, but check first if exists */ $actionControllerPath = CONTROLLERS_PATH . '/' . $registry->requestModule . '/' . $registry->requestControllerProcessed . 'Controller.php'; if (file_exists($actionControllerPath)) { $dotAuth = Dot_Auth::getInstance(); $dotAuth->checkIdentity('user'); require $actionControllerPath; } else { Dot_Route::pageNotFound(); } // set menus $tpl->setMenu(); // set SEO html tags from dots/seo.xml file $tpl->setSeoValues($pageTitle); // display message (error, warning, info) $tpl->displayMessage(); // parse the main content block $tpl->parse('MAIN_CONTENT', 'tpl_main'); // show debugbar $debug = new Dot_Debug($tpl);
/** * Get any warnings to display in the dashboard * Each array element returned is an array with two strings: type and description * @access public * @return array */ public function getWarnings() { // warning "categories" $warnings = array('Security Warning' => array(), 'Debug Email' => array(), 'Delete Files' => array(), 'Make Writable' => array(), 'Make Unwritable' => array(), 'Cache Test Failed' => array(), 'Plugin Check' => array()); // check that the default admin user isn't enabled $dotAuth = Dot_Auth::getInstance(); $defaultAdminValid = $dotAuth->process('admin', array("username" => "admin", "password" => "dot"), $storeInSession = false); if ($defaultAdminValid) { $warnings["Security Warning"][] = "Please change the password of the oldest admin user or deactivate him"; } // if the oldest admin have the same email team@dotkernel.com $select = $this->db->select()->from('admin', 'email')->where('isActive = ?', '1')->order('dateCreated asc')->limit(1); $emailAdmin = $this->db->fetchOne($select); if ('*****@*****.**' == $emailAdmin) { $warnings["Debug Email"][] = "Please change the email of the default admin user or deactivate him."; } //if the devEmails is the default one : team@dotkernel.com // why query db when we have it in the Dot_Model if (stripos($this->settings->devEmails, '*****@*****.**') !== false) { $warnings["Debug Email"][] = "Update the setting.devEmails value to reflect your debug email."; } // check for files that should be deleted $filesToDelete = array("dot_kernel.sql", "readme.txt", "dk.php"); foreach ($filesToDelete as $file) { if (file_exists(APPLICATION_PATH . "/" . $file)) { $warnings['Delete Files'][] = $file; } } //ignore permission warning if OS is Windows if (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') { // warning if application.ini is writable if (is_writable(APPLICATION_PATH . "/configs/application.ini")) { $warnings["Make Unwritable"][] = 'configs/application.ini'; } // only the folders set in application.ini (folders.permission[]) should be writable $folderException = $this->config->folders->permission->toArray(); // go through all folders in the tree $folders = $this->_listDirectory(APPLICATION_PATH); foreach ($folders as $path) { // exceptions are configured in application.ini. they should be writable $isException = false; foreach ($folderException as $exception) { if (strpos($path, $exception) !== false) { $isException = true; break; } } if ($isException) { if (!is_writable($path) && $path === $exception) { $warnings["Make Writable"][] = $path; } } else { if (is_writable($path)) { $warnings["Make Unwritable"][] = $path; } } } // info about how to add exception if (count($warnings["Make Unwritable"])) { $warnings["Make Unwritable"][] = '** <em>It is possible to add your writable folders to the exclude list by adding it as folders.permission[] exception in application.ini</em>'; } } if (Dot_Cache::testCache() == false) { $warnings['Cache Test Failed'][] = 'Cache is not working or disabled'; $warnings['Cache Test Failed'][] = 'Check cache settings or if cache module is supported'; $warnings['Cache Test Failed'][] = '' . 'More info: <a href="http://www.dotkernel.com/dotkernel/caching-in-dotkernel-using-zend-framework/"> Caching in DotKernel</a>'; } if (Dot_Cache::testTags() == false) { $warnings['Cache Test Failed'][] = 'Cache does not support tags'; $warnings['Cache Test Failed'][] = 'Check cache provider in application.ini'; $warnings['Cache Test Failed'][] = '' . 'More info: <a href="http://framework.zend.com/manual/1.12/en/zend.cache.backends.html"> ZF Cache Backends </a>'; } // plugin check $pluginHandler = Plugin_Loader::getInstance(); $pluginData = $pluginHandler->getAllPlugins(); foreach ($pluginData as $plugin) { // check if the class is missing if (!$pluginHandler->pluginExists($plugin['vendor'], $plugin['pluginName'])) { $warnings['Plugin Check'][] = 'Plugin ' . $plugin['pluginName'] . ' (by ' . $plugin['vendor'] . ') is missing'; } // check if the plugin is enabled if (!$plugin['enabled']) { $warnings['Plugin Check'][] = 'Plugin ' . $plugin['pluginName'] . ' (by ' . $plugin['vendor'] . ') is not enabled'; } } return $warnings; }
/** * Authorize user login * @access public * @param array $validData * @return void */ public function authorizeLogin($validData) { $session = Zend_Registry::get('session'); unset($session->admin); // login info are VALID, we can see if is a valid user now $dotAuth = Dot_Auth::getInstance(); $validAuth = $dotAuth->process('admin', $validData); if ($validAuth) { //prepare data for register the login $dataLogin = array('ip' => Dot_Kernel::getUserIp(), 'adminId' => $session->admin->id, 'referer' => $this->_httpReferer, 'userAgent' => $this->_userAgent); $this->registerLogin($dataLogin); header('Location: ' . $this->config->website->params->url . '/' . Zend_Registry::get('requestModule')); exit; } else { // failed admin login - send email to valid admin account $this->sendEmailFailedLogin($validData); // check if account is inactive $adminTmp = $this->getUserBy('username', $validData['username']); 1 == $adminTmp['isActive'] ? $session->message['txt'] = $this->option->errorMessage->wrongCredentials : ($session->message['txt'] = $this->option->errorMessage->inactiveAcount); $session->message['type'] = 'error'; } }
/** * Check if a user's token is set and is correct * * @access public * @static * @param string $userToken * @param string $type - the identity that is checked (i.e. admin) * @return bool */ public static function checkUserToken($userToken, $type = 'admin') { if (is_null($userToken) || $userToken == '') { return false; } $dotAuth = Dot_Auth::getInstance(); $user = $dotAuth->getIdentity($type); if (Dot_Auth::generateUserToken($user->password) != $userToken) { return false; } return true; }
/** * Authorize user login * @access public * @param array $validData * @return void */ public function authorizeLogin($validData) { $session = Zend_Registry::get('session'); unset($session->user); // login info are VALID, we can see if is a valid user now $dotAuth = Dot_Auth::getInstance(); $validAuth = $dotAuth->process('user', $validData); if ($validAuth) { //prepare data for register the login $dotGeoip = new Dot_Geoip(); $userIp = Dot_Kernel::getUserIp(); $userCountry = $dotGeoip->getCountryByIp($userIp); $dataLogin = array('ip' => $userIp, 'userId' => $session->user->id, 'referer' => $this->_httpReferer, 'userAgent' => $this->_userAgent, 'country' => $userCountry[1]); $this->registerLogin($dataLogin); $link = isset($session->wantUrl) ? $session->wantUrl : $this->config->website->params->url . '/user/account'; header('location: ' . $link); exit; } else { $session->message['txt'] = $this->option->errorMessage->login; $session->message['type'] = 'error'; } }