/** * Handle POST requests. * * @param alpha\Util\Http\Request $request * * @return alpha\Util\Http\Response * * @since 1.0 */ public function doPOST($request) { self::$logger->debug('>>doPOST($request=[' . var_export($request, true) . '])'); $params = $request->getParams(); $config = ConfigProvider::getInstance(); $body = View::displayPageHead($this); try { // check the hidden security fields before accepting the form POST data if (!$this->checkSecurityFields()) { throw new SecurityException('This page cannot accept post data from remote servers!'); } if (isset($params['createTableBut'])) { try { $classname = $params['createTableClass']; $BO = new $classname(); $BO->makeTable(); self::$logger->action('Created the table for class ' . $classname); $body .= View::displayUpdateMessage('The table for the class ' . $classname . ' has been successfully created.'); } catch (AlphaException $e) { self::$logger->error($e->getMessage()); $body .= View::displayErrorMessage('Error creating the table for the class ' . $classname . ', check the log!'); } } if (isset($params['createHistoryTableBut'])) { try { $classname = $params['createTableClass']; $BO = new $classname(); $BO->makeHistoryTable(); self::$logger->action('Created the history table for class ' . $classname); $body .= View::displayUpdateMessage('The history table for the class ' . $classname . ' has been successfully created.'); } catch (AlphaException $e) { self::$logger->error($e->getMessage()); $body .= View::displayErrorMessage('Error creating the history table for the class ' . $classname . ', check the log!'); } } if (isset($params['recreateTableClass']) && $params['admin_' . stripslashes($params['recreateTableClass']) . '_button_pressed'] == 'recreateTableBut') { try { $classname = $params['recreateTableClass']; $BO = new $classname(); $BO->rebuildTable(); self::$logger->action('Recreated the table for class ' . $classname); $body .= View::displayUpdateMessage('The table for the class ' . $classname . ' has been successfully recreated.'); } catch (AlphaException $e) { self::$logger->error($e->getMessage()); $body .= View::displayErrorMessage('Error recreating the table for the class ' . $classname . ', check the log!'); } } if (isset($params['updateTableClass']) && $params['admin_' . stripslashes($params['updateTableClass']) . '_button_pressed'] == 'updateTableBut') { try { $classname = $params['updateTableClass']; $BO = new $classname(); $missingFields = $BO->findMissingFields(); $count = count($missingFields); for ($i = 0; $i < $count; ++$i) { $BO->addProperty($missingFields[$i]); } self::$logger->action('Updated the table for class ' . $classname); $body .= View::displayUpdateMessage('The table for the class ' . $classname . ' has been successfully updated.'); } catch (AlphaException $e) { self::$logger->error($e->getMessage()); $body .= View::displayErrorMessage('Error updating the table for the class ' . $classname . ', check the log!'); } } } catch (SecurityException $e) { $body .= View::displayErrorMessage($e->getMessage()); self::$logger->warn($e->getMessage()); } $body .= $this->displayBodyContent(); $body .= View::displayPageFoot($this); self::$logger->debug('<<doPOST'); return new Response(200, $body, array('Content-Type' => 'text/html')); }
/** * Handle GET requests. * * @param Alpha\Util\Http\Request $request * * @return Alpha\Util\Http\Response * * @throws Alpha\Exception\IllegalArguementException * * @since 1.0 */ public function doGET($request) { self::$logger->debug('>>doGET($request=[' . var_export($request, true) . '])'); $params = $request->getParams(); $body = ''; try { // load the business object (BO) definition if (isset($params['logPath']) && file_exists(urldecode($params['logPath']))) { $logPath = urldecode($params['logPath']); } else { throw new IllegalArguementException('No log file available to view!'); } $this->logPath = $logPath; $body .= View::displayPageHead($this); $log = new LogProviderFile(); $log->setPath($this->logPath); if (preg_match('/alpha.*/', basename($this->logPath))) { $body .= $log->renderLog(array('Date/time', 'Level', 'Class', 'Message', 'Client', 'IP', 'Server hostname', 'URI')); } if (preg_match('/search.*/', basename($this->logPath))) { $body .= $log->renderLog(array('Search query', 'Search date', 'Client Application', 'Client IP')); } if (preg_match('/feeds.*/', basename($this->logPath))) { $body .= $log->renderLog(array('Business object', 'Feed type', 'Request date', 'Client Application', 'Client IP')); } if (preg_match('/tasks.*/', basename($this->logPath))) { $body .= $log->renderLog(array('Date/time', 'Level', 'Class', 'Message')); } $body .= View::displayPageFoot($this); } catch (IllegalArguementException $e) { self::$logger->warn($e->getMessage()); $body .= View::displayPageHead($this); $body .= View::displayErrorMessage($e->getMessage()); $body .= View::displayPageFoot($this); } self::$logger->debug('<<doGET'); return new Response(200, $body, array('Content-Type' => 'text/html')); }
/** * Handle GET requests. * * @param Alpha\Util\Http\Request $request * * @return Alpha\Util\Http\Response * * @since 1.0 */ public function doGET($request) { self::$logger->debug('>>doGET($request=[' . var_export($request, true) . '])'); $params = $request->getParams(); $config = ConfigProvider::getInstance(); if ($this->record instanceof Person) { self::$logger->debug('Logging out [' . $this->record->get('email') . '] at [' . date('Y-m-d H:i:s') . ']'); self::$logger->action('Logout'); } $sessionProvider = $config->get('session.provider.name'); $session = SessionProviderFactory::getInstance($sessionProvider); $session->destroy(); $body = View::displayPageHead($this); $body .= View::displayUpdateMessage('You have successfully logged out of the system.'); $body .= '<div align="center"><a href="' . $config->get('app.url') . '">Home Page</a></div>'; $body .= View::displayPageFoot($this); self::$logger->debug('<<doGET'); return new Response(200, $body, array('Content-Type' => 'text/html')); }
/** * Handle POST requests. * * @param Alpha\Util\Http\Response $request * * @throws Alpha\Exception\SecurityException * @throws Alpha\Exception\IllegalArguementException * * @return Alpha\Util\Http\Response * * @since 1.0 */ public function doPOST($request) { self::$logger->debug('>>doPOST($request=[' . var_export($request, true) . '])'); $params = $request->getParams(); try { // check the hidden security fields before accepting the form POST data if (!$this->checkSecurityFields()) { throw new SecurityException('This page cannot accept post data from remote servers!'); } if (!is_array($params)) { throw new IllegalArguementException('Bad $params [' . var_export($params, true) . '] passed to doPOST method!'); } if (isset($params['clearCache']) && $params['clearCache'] == 'true') { try { FileUtils::deleteDirectoryContents($this->dataDir, array('.htaccess', 'html', 'images', 'pdf', 'xls')); $this->setStatusMessage(View::displayUpdateMessage('Cache contents deleted successfully.')); $config = ConfigProvider::getInstance(); $sessionProvider = $config->get('session.provider.name'); $session = SessionProviderFactory::getInstance($sessionProvider); self::$logger->info('Cache contents deleted successfully by user [' . $session->get('currentUser')->get('displayName') . '].'); } catch (AlphaException $e) { self::$logger->error($e->getMessage()); $this->setStatusMessage(View::displayErrorMessage($e->getMessage())); } } return $this->doGET($request); } catch (SecurityException $e) { $this->setStatusMessage(View::displayErrorMessage($e->getMessage())); self::$logger->warn($e->getMessage()); } catch (IllegalArguementException $e) { self::$logger->error($e->getMessage()); $this->setStatusMessage(View::displayErrorMessage($e->getMessage())); } $body = View::displayPageHead($this); $message = $this->getStatusMessage(); if (!empty($message)) { $body .= $message; } $body .= View::displayPageFoot($this); self::$logger->debug('<<doPOST'); return new Response(200, $body, array('Content-Type' => 'text/html')); }
/** * Handle GET requests. * * @param Alpha\Util\Http\Request $request * * @return Alpha\Util\Http\Response * * @since 1.0 * * @throws Alpha\Exception\IllegalArguementException */ public function doGET($request) { self::$logger->debug('>>doGET($request=[' . var_export($request, true) . '])'); $params = $request->getParams(); if (isset($params['start']) ? $this->startPoint = $params['start'] : ($this->startPoint = 0)) { } $config = ConfigProvider::getInstance(); $KPI = new KPI('search'); $body = ''; if (isset($params['query'])) { $this->query = $params['query']; // replace any %20 on the URL with spaces $params['query'] = str_replace('%20', ' ', $params['query']); $this->setTitle('Search results - ' . $params['query']); $body .= View::displayPageHead($this); // log the user's search query in a log file $log = new LogProviderFile(); $log->setPath($config->get('app.file.store.dir') . 'logs/search.log'); $log->writeLine(array($params['query'], date('Y-m-d H:i:s'), $request->getUserAgent(), $request->getIP())); $KPI->logStep('log search query'); $provider = SearchProviderFactory::getInstance('Alpha\\Util\\Search\\SearchProviderTags'); // if a BO name is provided, only search tags on that class, otherwise search all BOs if (isset($params['ActiveRecordType'])) { $results = $provider->search($params['query'], $params['bo'], $this->startPoint); } else { $results = $provider->search($params['query'], 'all', $this->startPoint); } $this->resultCount = $provider->getNumberFound(); $KPI->logStep('search completed using SearchProviderTags provider'); $body .= $this->renderResultList($results, $params['query']); } else { $this->setTitle('Search results'); $body .= View::displayPageHead($this); self::$logger->debug('No search query provided!'); } $body .= View::displayPageFoot($this); $KPI->log(); self::$logger->debug('<<doGET'); return new Response(200, $body, array('Content-Type' => 'text/html')); }
/** * Handle POST requests. * * @param Alpha\Util\Http\Request $request * * @return Alpha\Util\Http\Response * * @since 1.0 */ public function doPOST($request) { self::$logger->debug('>>doPOST($request=[' . var_export($request, true) . '])'); $config = ConfigProvider::getInstance(); $params = $request->getParams(); $body = View::displayPageHead($this); $body .= '<p class="alert alert-success">'; if (isset($params['QS'])) { $body .= FrontController::generateSecureURL($params['QS']); self::$logger->action('Generated the secure URL in admin: ' . FrontController::generateSecureURL($params['QS'])); } $body .= '</p>'; $body .= $this->renderForm(); $body .= View::displayPageFoot($this); self::$logger->debug('<<doPOST'); return new Response(200, $body, array('Content-Type' => 'text/html')); }
/** * Handle GET requests. * * @param Alpha\Util\Http\Request $request * * @return Alpha\Util\Http\Response * * @since 1.0 */ public function doGET($request) { self::$logger->debug('>>doGET($request=[' . var_export($request, true) . '])'); $config = ConfigProvider::getInstance(); $sessionProvider = $config->get('session.provider.name'); $session = SessionProviderFactory::getInstance($sessionProvider); // if there is nobody logged in, we will send them off to the Login controller to do so before coming back here if ($session->get('currentUser') === false) { self::$logger->info('Nobody logged in, invoking Login controller...'); $controller = new LoginController(); $controller->setName('LoginController'); $controller->setRequest($request); $controller->setUnitOfWork(array('Alpha\\Controller\\LoginController', 'Alpha\\Controller\\InstallController')); self::$logger->debug('<<__construct'); return $controller->doGET($request); } $params = $request->getParams(); $sessionProvider = $config->get('session.provider.name'); $session = SessionProviderFactory::getInstance($sessionProvider); $body = View::displayPageHead($this); $body .= '<h1>Installing the ' . $config->get('app.title') . ' application</h1>'; try { $body .= $this->createApplicationDirs(); } catch (\Exception $e) { $body .= View::displayErrorMessage($e->getMessage()); $body .= View::displayErrorMessage('Aborting.'); return new Response(500, $body, array('Content-Type' => 'text/html')); } // start a new database transaction ActiveRecord::begin(); /* * Create DEnum tables */ $DEnum = new DEnum(); $DEnumItem = new DEnumItem(); try { $body .= '<p>Attempting to create the DEnum tables...'; if (!$DEnum->checkTableExists()) { $DEnum->makeTable(); } self::$logger->info('Created the [' . $DEnum->getTableName() . '] table successfully'); if (!$DEnumItem->checkTableExists()) { $DEnumItem->makeTable(); } self::$logger->info('Created the [' . $DEnumItem->getTableName() . '] table successfully'); // create a default article DEnum category $DEnum = new DEnum('Alpha\\Model\\Article::section'); $DEnumItem = new DEnumItem(); $DEnumItem->set('value', 'Main'); $DEnumItem->set('DEnumID', $DEnum->getID()); $DEnumItem->save(); $body .= View::displayUpdateMessage('DEnums set up successfully.'); } catch (\Exception $e) { $body .= View::displayErrorMessage($e->getMessage()); $body .= View::displayErrorMessage('Aborting.'); self::$logger->error($e->getMessage()); ActiveRecord::rollback(); return new Response(500, $body, array('Content-Type' => 'text/html')); } /* * Loop over each business object in the system, and create a table for it */ $classNames = ActiveRecord::getBOClassNames(); $loadedClasses = array(); foreach ($classNames as $classname) { array_push($loadedClasses, $classname); } foreach ($loadedClasses as $classname) { try { $body .= '<p>Attempting to create the table for the class [' . $classname . ']...'; try { $BO = new $classname(); if (!$BO->checkTableExists()) { $BO->makeTable(); } else { if ($BO->checkTableNeedsUpdate()) { $missingFields = $BO->findMissingFields(); $count = count($missingFields); for ($i = 0; $i < $count; ++$i) { $BO->addProperty($missingFields[$i]); } } } } catch (FailedIndexCreateException $eice) { // this are safe to ignore for now as they will be auto-created later once all of the tables are in place self::$logger->warn($eice->getMessage()); } catch (FailedLookupCreateException $elce) { // this are safe to ignore for now as they will be auto-created later once all of the tables are in place self::$logger->warn($elce->getMessage()); } self::$logger->info('Created the [' . $BO->getTableName() . '] table successfully'); $body .= View::displayUpdateMessage('Created the [' . $BO->getTableName() . '] table successfully'); } catch (\Exception $e) { $body .= View::displayErrorMessage($e->getMessage()); $body .= View::displayErrorMessage('Aborting.'); self::$logger->error($e->getMessage()); ActiveRecord::rollback(); return new Response(500, $body, array('Content-Type' => 'text/html')); } } $body .= View::displayUpdateMessage('All business object tables created successfully!'); /* * Create the Admin and Standard groups */ $adminGroup = new Rights(); $adminGroup->set('name', 'Admin'); $standardGroup = new Rights(); $standardGroup->set('name', 'Standard'); try { try { $body .= '<p>Attempting to create the Admin and Standard groups...'; $adminGroup->save(); $standardGroup->save(); self::$logger->info('Created the Admin and Standard rights groups successfully'); $body .= View::displayUpdateMessage('Created the Admin and Standard rights groups successfully'); } catch (FailedIndexCreateException $eice) { // this are safe to ignore for now as they will be auto-created later once all of the tables are in place self::$logger->warn($eice->getMessage()); } catch (FailedLookupCreateException $elce) { // this are safe to ignore for now as they will be auto-created later once all of the tables are in place self::$logger->warn($elce->getMessage()); } } catch (\Exception $e) { $body .= View::displayErrorMessage($e->getMessage()); $body .= View::displayErrorMessage('Aborting.'); self::$logger->error($e->getMessage()); ActiveRecord::rollback(); return new Response(500, $body, array('Content-Type' => 'text/html')); } /* * Save the admin user to the database in the right group */ try { try { $body .= '<p>Attempting to save the Admin account...'; $admin = new Person(); $admin->set('displayName', 'Admin'); $admin->set('email', $session->get('currentUser')->get('email')); $admin->set('password', $session->get('currentUser')->get('password')); $admin->save(); self::$logger->info('Created the admin user account [' . $session->get('currentUser')->get('email') . '] successfully'); $adminGroup->loadByAttribute('name', 'Admin'); $lookup = $adminGroup->getMembers()->getLookup(); $lookup->setValue(array($admin->getID(), $adminGroup->getID())); $lookup->save(); self::$logger->info('Added the admin account to the Admin group successfully'); $body .= View::displayUpdateMessage('Added the admin account to the Admin group successfully'); } catch (FailedIndexCreateException $eice) { // this are safe to ignore for now as they will be auto-created later once all of the tables are in place self::$logger->warn($eice->getMessage()); } catch (FailedLookupCreateException $elce) { // this are safe to ignore for now as they will be auto-created later once all of the tables are in place self::$logger->warn($elce->getMessage()); } } catch (\Exception $e) { $body .= View::displayErrorMessage($e->getMessage()); $body .= View::displayErrorMessage('Aborting.'); self::$logger->error($e->getMessage()); ActiveRecord::rollback(); return new Response(500, $body, array('Content-Type' => 'text/html')); } $body .= '<br><p align="center"><a href="' . FrontController::generateSecureURL('act=Alpha\\Controller\\ListActiveRecordsController') . '">Administration Home Page</a></p><br>'; $body .= View::displayPageFoot($this); // commit ActiveRecord::commit(); self::$logger->info('Finished installation!'); self::$logger->action('Installed the application'); self::$logger->debug('<<doGET'); return new Response(200, $body, array('Content-Type' => 'text/html')); }
/** * Handle GET requests. * * @param Alpha\Util\Http\Request $request * * @return Alpha\Util\Http\Response * * @since 1.0 */ public function doGET($request) { self::$logger->debug('>>doGET($request=[' . var_export($request, true) . '])'); $params = $request->getParams(); $body = View::displayPageHead($this); $sequence = new Sequence(); // make sure that the Sequence tables exist if (!$sequence->checkTableExists()) { $body .= View::displayErrorMessage('Warning! The Sequence table do not exist, attempting to create it now...'); $sequence->makeTable(); } // set the start point for the list pagination if (isset($params['start']) ? $this->startPoint = $params['start'] : ($this->startPoint = 1)) { } $records = $sequence->loadAll($this->startPoint); ActiveRecord::disconnect(); $this->BOCount = $sequence->getCount(); $body .= View::renderDeleteForm($this->request->getURI()); foreach ($records as $record) { $view = View::getInstance($record); $body .= $view->listView(array('URI' => $request->getURI())); } $body .= View::displayPageFoot($this); self::$logger->debug('<<doGET'); return new Response(200, $body, array('Content-Type' => 'text/html')); }
/** * Handle GET requests. * * @param Alpha\Util\Http\Request $request * * @return Alpha\Util\Http\Response * * @since 2.0.3 */ public function doGET($request) { self::$logger->debug('>>doGET($request=[' . var_export($request, true) . '])'); if ($request->getParam('displayphpinfo') != null) { ob_start(); phpinfo(); $body = ob_get_contents(); } else { $body = View::displayPageHead($this); $url = FrontController::generateSecureURL('act=Alpha\\Controller\\PhpinfoController&displayphpinfo=true'); $body .= '<iframe src="' . $url . '" style="border:none; overflow-x: scroll; overflow-y: scroll; width:100%; height:100vh;"></iframe>'; $body .= View::displayPageFoot($this); } self::$logger->debug('<<doGET'); return new Response(200, $body, array('Content-Type' => 'text/html', 'X-Frame-Options' => 'SAMEORIGIN')); }
/** * Handle GET requests. * * @param Alpha\Util\Http\Request $request * * @throws Alpha\Exception\ResourceNotFoundException * @throws Alpha\Exception\IllegalArguementException * * @return Alpha\Util\Http\Response * * @since 2.0 */ public function doGET($request) { self::$logger->debug('>>doGET(request=[' . var_export($request, true) . '])'); $config = ConfigProvider::getInstance(); $params = $request->getParams(); $accept = $request->getAccept(); $body = ''; try { // get a single record if (isset($params['ActiveRecordType']) && isset($params['ActiveRecordOID'])) { if (!Validator::isInteger($params['ActiveRecordOID'])) { throw new IllegalArguementException('Invalid oid [' . $params['ActiveRecordOID'] . '] provided on the request!'); } $ActiveRecordType = urldecode($params['ActiveRecordType']); if (class_exists($ActiveRecordType)) { $record = new $ActiveRecordType(); } else { throw new IllegalArguementException('No ActiveRecord available to view!'); } // set up the title and meta details if (isset($params['view']) && $params['view'] == 'edit') { if (!isset($this->title)) { $this->setTitle('Editing a ' . $record->getFriendlyClassName()); } if (!isset($this->description)) { $this->setDescription('Page to edit a ' . $record->getFriendlyClassName() . '.'); } if (!isset($this->keywords)) { $this->setKeywords('edit,' . $record->getFriendlyClassName()); } } else { if (!isset($this->title)) { $this->setTitle('Viewing a ' . $record->getFriendlyClassName()); } if (!isset($this->description)) { $this->setDescription('Page to view a ' . $record->getFriendlyClassName() . '.'); } if (!isset($this->keywords)) { $this->setKeywords('view,' . $record->getFriendlyClassName()); } } $record->load($params['ActiveRecordOID']); ActiveRecord::disconnect(); $view = View::getInstance($record, false, $accept); $body .= View::displayPageHead($this); $message = $this->getStatusMessage(); if (!empty($message)) { $body .= $message; } $body .= View::renderDeleteForm($request->getURI()); if (isset($params['view']) && $params['view'] == 'edit') { $fields = array('formAction' => $this->request->getURI()); $body .= $view->editView($fields); } else { $body .= $view->detailedView(); } } elseif (isset($params['ActiveRecordType']) && isset($params['start'])) { // list all records of this type $ActiveRecordType = urldecode($params['ActiveRecordType']); if (class_exists($ActiveRecordType)) { $record = new $ActiveRecordType(); } else { throw new IllegalArguementException('No ActiveRecord available to view!'); } // set up the title and meta details if (!isset($this->title)) { $this->setTitle('Listing all ' . $record->getFriendlyClassName()); } if (!isset($this->description)) { $this->setDescription('Listing all ' . $record->getFriendlyClassName()); } if (!isset($this->keywords)) { $this->setKeywords('list,all,' . $record->getFriendlyClassName()); } if (isset($this->filterField) && isset($this->filterValue)) { if (isset($this->sort) && isset($this->order)) { $records = $record->loadAllByAttribute($this->filterField, $this->filterValue, $params['start'], $params['limit'], $this->sort, $this->order); } else { $records = $record->loadAllByAttribute($this->filterField, $this->filterValue, $params['start'], $params['limit']); } $this->recordCount = $record->getCount(array($this->filterField), array($this->filterValue)); } else { if (isset($this->sort) && isset($this->order)) { $records = $record->loadAll($params['start'], $params['limit'], $this->sort, $this->order); } else { $records = $record->loadAll($params['start'], $params['limit']); } $this->recordCount = $record->getCount(); } ActiveRecord::disconnect(); $view = View::getInstance($record, false, $accept); $body .= View::displayPageHead($this); $message = $this->getStatusMessage(); if (!empty($message)) { $body .= $message; } $body .= View::renderDeleteForm($this->request->getURI()); foreach ($records as $record) { $view = View::getInstance($record, false, $accept); $fields = array('formAction' => $this->request->getURI()); $body .= $view->listView($fields); } if ($accept == 'application/json') { $body = rtrim($body, ','); } } elseif (isset($params['ActiveRecordType'])) { // create a new record of this type $ActiveRecordType = urldecode($params['ActiveRecordType']); if (class_exists($ActiveRecordType)) { $record = new $ActiveRecordType(); } else { throw new IllegalArguementException('No ActiveRecord available to create!'); } // set up the title and meta details if (!isset($this->title)) { $this->setTitle('Create a new ' . $record->getFriendlyClassName()); } if (!isset($this->description)) { $this->setDescription('Create a new ' . $record->getFriendlyClassName() . '.'); } if (!isset($this->keywords)) { $this->setKeywords('create,new,' . $record->getFriendlyClassName()); } $view = View::getInstance($record, false, $accept); $body .= View::displayPageHead($this); $fields = array('formAction' => $this->request->getURI()); $body .= $view->createView($fields); } else { throw new IllegalArguementException('No ActiveRecord available to display!'); } } catch (IllegalArguementException $e) { self::$logger->warn($e->getMessage()); throw new ResourceNotFoundException('The record that you have requested cannot be found!'); } catch (RecordNotFoundException $e) { self::$logger->warn($e->getMessage()); throw new ResourceNotFoundException('The record that you have requested cannot be found!'); } $body .= View::displayPageFoot($this); self::$logger->debug('<<doGET'); return new Response(200, $body, array('Content-Type' => $accept == 'application/json' ? 'application/json' : 'text/html')); }
/** * Handle POST requests. * * @param Alpha\Util\Http\Request $request * * @return Alpha\Util\Http\Response * * @throws Alpha\Exception\SecurityException * * @since 1.0 */ public function doPOST($request) { self::$logger->debug('>>doPOST($request=[' . var_export($request, true) . '])'); $params = $request->getParams(); try { // check the hidden security fields before accepting the form POST data if (!$this->checkSecurityFields()) { throw new SecurityException('This page cannot accept post data from remote servers!'); self::$logger->debug('<<doPOST'); } // ensure that a OID is provided if (isset($params['denumOID'])) { $BOoid = $params['denumOID']; } else { throw new IllegalArguementException('Could not load the DEnum object as an denumOID was not supplied!'); } if (isset($params['saveBut'])) { try { $this->BO->load($BOoid); // update the object from post data $this->BO->populateFromArray($params); ActiveRecord::begin(); $this->BO->save(); self::$logger->action('DEnum ' . $this->BO->getOID() . ' saved'); // now save the DEnumItems $tmp = new DEnumItem(); $denumItems = $tmp->loadItems($this->BO->getID()); foreach ($denumItems as $item) { $item->set('value', $params['value_' . $item->getID()]); $item->save(); self::$logger->action('DEnumItem ' . $item->getOID() . ' saved'); } // handle new DEnumItem if posted if (isset($params['new_value']) && trim($params['new_value']) != '') { $newItem = new DEnumItem(); $newItem->set('value', $params['new_value']); $newItem->set('DEnumID', $this->BO->getID()); $newItem->save(); self::$logger->action('DEnumItem ' . $newItem->getOID() . ' created'); } ActiveRecord::commit(); $this->setStatusMessage(View::displayUpdateMessage(get_class($this->BO) . ' ' . $this->BO->getID() . ' saved successfully.')); return $this->doGET($request); } catch (FailedSaveException $e) { self::$logger->error('Unable to save the DEnum of id [' . $params['oid'] . '], error was [' . $e->getMessage() . ']'); ActiveRecord::rollback(); } ActiveRecord::disconnect(); } } catch (SecurityException $e) { $this->setStatusMessage(View::displayErrorMessage($e->getMessage())); self::$logger->warn($e->getMessage()); } catch (IllegalArguementException $e) { $this->setStatusMessage(View::displayErrorMessage($e->getMessage())); self::$logger->error($e->getMessage()); } catch (RecordNotFoundException $e) { self::$logger->warn($e->getMessage()); $this->setStatusMessage(View::displayErrorMessage('Failed to load the requested item from the database!')); } $body = View::displayPageHead($this); $message = $this->getStatusMessage(); if (!empty($message)) { $body .= $message; } $body .= View::displayPageFoot($this); self::$logger->debug('<<doPOST'); return new Response(200, $body, array('Content-Type' => 'text/html')); }
/** * Handle POST requests (adds $currentUser Person to the session). * * @param Alpha\Util\Http\Request $request * * @return Alpha\Util\Http\Response * * @throws Alpha\Exception\IllegalArguementException * * @since 1.0 */ public function doPOST($request) { self::$logger->debug('>>doPOST($request=[' . var_export($request, true) . '])'); $params = $request->getParams(); if (!is_array($params)) { throw new IllegalArguementException('Bad $params [' . var_export($params, true) . '] passed to doPOST method!'); } $config = ConfigProvider::getInstance(); $body = ''; try { // check the hidden security fields before accepting the form POST data if (!$this->checkSecurityFields()) { throw new SecurityException('This page cannot accept post data from remote servers!'); } if (isset($params['loginBut'])) { // if the database has not been set up yet, accept a login from the config admin username/password if (!ActiveRecord::isInstalled()) { if ($params['email'] == $config->get('app.install.username') && password_verify($params['password'], password_hash($config->get('app.install.password'), PASSWORD_DEFAULT, ['cost' => 12]))) { self::$logger->info('Logging in [' . $params['email'] . '] at [' . date('Y-m-d H:i:s') . ']'); $admin = new Person(); $admin->set('displayName', 'Admin'); $admin->set('email', $params['email']); $admin->set('password', password_hash($params['password'], PASSWORD_DEFAULT, ['cost' => 12])); $admin->set('OID', '00000000001'); $sessionProvider = $config->get('session.provider.name'); $session = SessionProviderFactory::getInstance($sessionProvider); $session->set('currentUser', $admin); $response = new Response(301); if ($this->getNextJob() != '') { $response->redirect(FrontController::generateSecureURL('act=' . $this->getNextJob())); $this->clearUnitOfWorkAttributes(); } else { $response->redirect(FrontController::generateSecureURL('act=InstallController')); } return $response; } else { throw new ValidationException('Failed to login user ' . $params['email'] . ', the password is incorrect!'); } } else { // here we are attempting to load the person from the email address $this->personObject->loadByAttribute('email', $params['email'], true); ActiveRecord::disconnect(); // checking to see if the account has been disabled if (!$this->personObject->isTransient() && $this->personObject->get('state') == 'Disabled') { throw new SecurityException('Failed to login user ' . $params['email'] . ', that account has been disabled!'); } // check the password return $this->doLoginAndRedirect($params['password']); } $body .= View::displayPageHead($this); $body .= $this->personView->displayLoginForm(); } if (isset($params['resetBut'])) { // here we are attempting to load the person from the email address $this->personObject->loadByAttribute('email', $params['email']); ActiveRecord::disconnect(); // generate a new random password $newPassword = $this->personObject->generatePassword(); // now encrypt and save the new password, then e-mail the user $this->personObject->set('password', password_hash($newPassword, PASSWORD_DEFAULT, ['cost' => 12])); $this->personObject->save(); $message = 'The password for your account has been reset to ' . $newPassword . ' as you requested. You can now login to the site using your ' . 'e-mail address and this new password as before.'; $subject = 'Password change request'; $this->personObject->sendMail($message, $subject); $body .= View::displayUpdateMessage('The password for the user <strong>' . $params['email'] . '</strong> has been reset, and the new password ' . 'has been sent to that e-mail address.'); $body .= '<a href="' . $config->get('app.url') . '">Home Page</a>'; } } catch (ValidationException $e) { $body .= View::displayPageHead($this); $body .= View::displayErrorMessage($e->getMessage()); if (isset($params['reset'])) { $body .= $this->personView->displayResetForm(); } else { $body .= $this->personView->displayLoginForm(); } self::$logger->warn($e->getMessage()); } catch (SecurityException $e) { $body .= View::displayPageHead($this); $body .= View::displayErrorMessage($e->getMessage()); self::$logger->warn($e->getMessage()); } catch (RecordNotFoundException $e) { $body .= View::displayPageHead($this); $body .= View::displayErrorMessage('Failed to find the user \'' . $params['email'] . '\''); if (isset($params['reset'])) { $body .= $this->personView->displayResetForm(); } else { $body .= $this->personView->displayLoginForm(); } self::$logger->warn($e->getMessage()); } $body .= View::displayPageFoot($this); self::$logger->debug('<<doPOST'); return new Response(200, $body, array('Content-Type' => 'text/html')); }
/** * Handle GET requests. * * @param Alpha\Util\Http\Request $request * * @return Alpha\Util\Http\Response * * @since 1.0 */ public function doGET($request) { self::$logger->debug('>>doGET($request=[' . var_export($request, true) . '])'); $config = ConfigProvider::getInstance(); $body = View::displayPageHead($this); if ($request->getParam('dir')) { $dir = $request->getParam('dir'); } else { $dir = $config->get('app.root'); } $metrics = new Inspector($dir); $metrics->calculateLOC(); $body .= $metrics->resultsToHTML(); $body .= View::displayPageFoot($this); self::$logger->debug('<<doGET'); return new Response(200, $body, array('Content-Type' => 'text/html')); }
/** * Handle GET requests. * * @param Alpha\Util\Http\Request $request * * @return Alpha\Util\Http\Response * * @throws Alpha\Exception\IllegalArguementException * @throws Alpha\Exception\FileNotFoundException * * @since 1.0 */ public function doGET($request) { self::$logger->debug('>>doGET($request=[' . var_export($request, true) . '])'); $params = $request->getParams(); $config = ConfigProvider::getInstance(); $body = ''; // render the tag manager screen if (!isset($params['ActiveRecordType']) && !isset($params['ActiveRecordOID'])) { $body .= View::displayPageHead($this); $message = $this->getStatusMessage(); if (!empty($message)) { $body .= $message; } $body .= '<h3>Listing active record which are tagged</h3>'; $ActiveRecordTypes = ActiveRecord::getBOClassNames(); foreach ($ActiveRecordTypes as $ActiveRecordType) { $record = new $ActiveRecordType(); if ($record->isTagged()) { $tag = new Tag(); $count = count($tag->loadAllByAttribute('taggedClass', $ActiveRecordType)); $body .= '<h4>' . $record->getFriendlyClassName() . ' record type is tagged (' . $count . ' tags found)</h4>'; $fieldname = $config->get('security.encrypt.http.fieldnames') ? base64_encode(SecurityUtils::encrypt('clearTaggedClass')) : 'clearTaggedClass'; $js = "if(window.jQuery) {\n BootstrapDialog.show({\n title: 'Confirmation',\n message: 'Are you sure you want to delete all tags attached to the " . $record->getFriendlyClassName() . " class, and have them re-created?',\n buttons: [\n {\n icon: 'glyphicon glyphicon-remove',\n label: 'Cancel',\n cssClass: 'btn btn-default btn-xs',\n action: function(dialogItself){\n dialogItself.close();\n }\n },\n {\n icon: 'glyphicon glyphicon-ok',\n label: 'Okay',\n cssClass: 'btn btn-default btn-xs',\n action: function(dialogItself) {\n \$('[id=\"" . $fieldname . "\"]').attr('value', '" . addslashes($ActiveRecordType) . "');\n \$('#clearForm').submit();\n dialogItself.close();\n }\n }\n ]\n });\n }"; $button = new Button($js, 'Re-create tags', 'clearBut' . stripslashes($ActiveRecordType)); $body .= $button->render(); } } ActiveRecord::disconnect(); $body .= '<form action="' . $request->getURI() . '" method="POST" id="clearForm">'; $body .= '<input type="hidden" name="' . $fieldname . '" id="' . $fieldname . '"/>'; $body .= View::renderSecurityFields(); $body .= '</form>'; } elseif (isset($params['ActiveRecordType']) && $params['ActiveRecordType'] != 'Alpha\\Model\\Tag' && isset($params['ActiveRecordOID'])) { // render screen for managing individual tags on a given active record $body .= View::displayPageHead($this); $message = $this->getStatusMessage(); if (!empty($message)) { $body .= $message; } $ActiveRecordType = urldecode($params['ActiveRecordType']); $ActiveRecordOID = $params['ActiveRecordOID']; if (class_exists($ActiveRecordType)) { $record = new $ActiveRecordType(); } else { throw new IllegalArguementException('No ActiveRecord available to display tags for!'); } try { $record->load($ActiveRecordOID); $tags = $record->getPropObject('tags')->getRelatedObjects(); ActiveRecord::disconnect(); $body .= '<form action="' . $request->getURI() . '" method="POST" accept-charset="UTF-8">'; $body .= '<h3>The following tags were found:</h3>'; foreach ($tags as $tag) { $labels = $tag->getDataLabels(); $temp = new StringBox($tag->getPropObject('content'), $labels['content'], 'content_' . $tag->getID(), ''); $body .= $temp->render(false); $js = "if(window.jQuery) {\n BootstrapDialog.show({\n title: 'Confirmation',\n message: 'Are you sure you wish to delete this tag?',\n buttons: [\n {\n icon: 'glyphicon glyphicon-remove',\n label: 'Cancel',\n cssClass: 'btn btn-default btn-xs',\n action: function(dialogItself){\n dialogItself.close();\n }\n },\n {\n icon: 'glyphicon glyphicon-ok',\n label: 'Okay',\n cssClass: 'btn btn-default btn-xs',\n action: function(dialogItself) {\n \$('[id=\"" . ($config->get('security.encrypt.http.fieldnames') ? base64_encode(SecurityUtils::encrypt('ActiveRecordOID')) : 'ActiveRecordOID') . "\"]').attr('value', '" . $tag->getID() . "');\n \$('#deleteForm').submit();\n dialogItself.close();\n }\n }\n ]\n });\n }"; $button = new Button($js, 'Delete', 'delete' . $tag->getID() . 'But'); $body .= $button->render(); } $body .= '<h3>Add a new tag:</h3>'; $temp = new StringBox(new String(), 'New tag', 'NewTagValue', ''); $body .= $temp->render(false); $temp = new Button('submit', 'Save', 'saveBut'); $body .= $temp->render(); $body .= ' '; if ($params['ActiveRecordType'] = 'Alpha\\Model\\Article') { $temp = new Button("document.location = '" . FrontController::generateSecureURL('act=Alpha\\Controller\\ArticleController&ActiveRecordType=' . $params['ActiveRecordType'] . '&ActiveRecordOID=' . $params['ActiveRecordOID'] . '&view=edit') . "'", 'Back to record', 'cancelBut'); } else { $temp = new Button("document.location = '" . FrontController::generateSecureURL('act=Alpha\\Controller\\ActiveRecordController&ActiveRecordType=' . $params['ActiveRecordType'] . '&ActiveRecordOID=' . $params['ActiveRecordOID'] . '&view=edit') . "'", 'Back to record', 'cancelBut'); } $body .= $temp->render(); $body .= View::renderSecurityFields(); $body .= '</form>'; $body .= View::renderDeleteForm($request->getURI()); } catch (RecordNotFoundException $e) { $msg = 'Unable to load the ActiveRecord of id [' . $params['ActiveRecordOID'] . '], error was [' . $e->getMessage() . ']'; self::$logger->error($msg); throw new FileNotFoundException($msg); } } else { return parent::doGET($request); } $body .= View::displayPageFoot($this); self::$logger->debug('<<doGET'); return new Response(200, $body, array('Content-Type' => 'text/html')); }
/** * Handle GET requests. * * @param Alpha\Util\Http\Request * * @return Alpha\Util\Http\Response * * @throws Alpha\Exception\ResourceNotFoundException * * @since 1.0 */ public function doGET($request) { self::$logger->debug('>>doGET($request=[' . var_export($request, true) . '])'); $config = ConfigProvider::getInstance(); $params = $request->getParams(); $body = ''; // handle requests for PDFs if (isset($params['title']) && (isset($params['pdf']) || $request->getHeader('Accept') == 'application/pdf')) { try { $title = str_replace($config->get('cms.url.title.separator'), ' ', $params['title']); if (isset($params['ActiveRecordType']) && class_exists($params['ActiveRecordType'])) { $record = new $params['ActiveRecordType'](); } else { $record = new Article(); } $record->loadByAttribute('title', $title); $this->record = $record; ActiveRecord::disconnect(); $pdf = new TCPDFFacade($record); $pdfData = $pdf->getPDFData(); $pdfDownloadName = str_replace(' ', '-', $record->get('title') . '.pdf'); $headers = array('Pragma' => 'public', 'Expires' => 0, 'Cache-Control' => 'must-revalidate, post-check=0, pre-check=0', 'Content-Transfer-Encoding' => 'binary', 'Content-Type' => 'application/pdf', 'Content-Length' => strlen($pdfData), 'Content-Disposition' => 'attachment; filename="' . $pdfDownloadName . '";'); return new Response(200, $pdfData, $headers); } catch (IllegalArguementException $e) { self::$logger->error($e->getMessage()); throw new ResourceNotFoundException($e->getMessage()); } catch (RecordNotFoundException $e) { self::$logger->error($e->getMessage()); throw new ResourceNotFoundException($e->getMessage()); } } // view edit article requests if (isset($params['view']) && $params['view'] == 'edit' && (isset($params['title']) || isset($params['ActiveRecordOID']))) { if (isset($params['ActiveRecordType']) && class_exists($params['ActiveRecordType'])) { $record = new $params['ActiveRecordType'](); } else { $record = new Article(); } try { if (isset($params['title'])) { $title = str_replace($config->get('cms.url.title.separator'), ' ', $params['title']); $record->loadByAttribute('title', $title); } else { $record->load($params['ActiveRecordOID']); } } catch (RecordNotFoundException $e) { self::$logger->warn($e->getMessage()); $body .= View::renderErrorPage(404, 'Failed to find the requested article!'); return new Response(404, $body, array('Content-Type' => 'text/html')); } ActiveRecord::disconnect(); $this->record = $record; $view = View::getInstance($record); // set up the title and meta details $this->setTitle($record->get('title') . ' (editing)'); $this->setDescription('Page to edit ' . $record->get('title') . '.'); $this->setKeywords('edit,article'); $body .= View::displayPageHead($this); $message = $this->getStatusMessage(); if (!empty($message)) { $body .= $message; } $body .= $view->editView(array('URI' => $request->getURI())); $body .= View::renderDeleteForm($request->getURI()); $body .= View::displayPageFoot($this); self::$logger->debug('<<doGET'); return new Response(200, $body, array('Content-Type' => 'text/html')); } // handle requests for viewing articles if (isset($params['title']) || isset($params['ActiveRecordOID'])) { $KDP = new KPI('viewarticle'); if (isset($params['ActiveRecordType']) && class_exists($params['ActiveRecordType'])) { $record = new $params['ActiveRecordType'](); } else { $record = new Article(); } try { if (isset($params['title'])) { $title = str_replace($config->get('cms.url.title.separator'), ' ', $params['title']); $record->loadByAttribute('title', $title, false, array('OID', 'version_num', 'created_ts', 'updated_ts', 'title', 'author', 'published', 'content', 'headerContent')); } else { $record->load($params['ActiveRecordOID']); } if (!$record->get('published')) { throw new RecordNotFoundException('Attempted to load an article which is not published yet'); } $record->set('tags', $record->getOID()); } catch (IllegalArguementException $e) { self::$logger->warn($e->getMessage()); throw new ResourceNotFoundException('The file that you have requested cannot be found!'); } catch (RecordNotFoundException $e) { self::$logger->warn($e->getMessage()); throw new ResourceNotFoundException('The article that you have requested cannot be found!'); } $this->record = $record; $this->setTitle($record->get('title')); $this->setDescription($record->get('description')); $BOView = View::getInstance($record); $body .= View::displayPageHead($this); $message = $this->getStatusMessage(); if (!empty($message)) { $body .= $message; } $body .= $BOView->markdownView(); $body .= View::displayPageFoot($this); $KDP->log(); return new Response(200, $body, array('Content-Type' => 'text/html')); } // handle requests to view an article stored in a file if (isset($params['file'])) { try { $record = new Article(); // just checking to see if the file path is absolute or not if (mb_substr($params['file'], 0, 1) == '/') { $record->loadContentFromFile($params['file']); } else { $record->loadContentFromFile($config->get('app.root') . 'docs/' . $params['file']); } } catch (IllegalArguementException $e) { self::$logger->error($e->getMessage()); throw new ResourceNotFoundException($e->getMessage()); } catch (FileNotFoundException $e) { self::$logger->warn($e->getMessage() . ' File path is [' . $params['file'] . ']'); throw new ResourceNotFoundException('Failed to load the requested article from the file system!'); } $this->record = $record; $this->setTitle($record->get('title')); $BOView = View::getInstance($record); $body .= View::displayPageHead($this, false); $body .= $BOView->markdownView(); $body .= View::displayPageFoot($this); return new Response(200, $body, array('Content-Type' => 'text/html')); } // handle requests to view a list of articles if (isset($params['start'])) { return parent::doGET($request); } // create a new article requests $record = new Article(); $view = View::getInstance($record); // set up the title and meta details $this->setTitle('Creating article'); $this->setDescription('Page to create a new article.'); $this->setKeywords('create,article'); $body .= View::displayPageHead($this); $message = $this->getStatusMessage(); if (!empty($message)) { $body .= $message; } $fields = array('formAction' => $this->request->getURI()); $body .= $view->createView($fields); $body .= View::displayPageFoot($this); self::$logger->debug('<<doGET'); return new Response(200, $body, array('Content-Type' => 'text/html')); }