public function updateUrlInfo($contextscript) { $haschanges = false; $script = ContextScript::getContextScript($contextscript); if ($script === null || intval($script->id) <= 0) { return true; } //Check ownership if ($this->ownsScript($script) === false) { throw new Exception("Cannot remove contextualization script of a different software appliance"); } //URL checking $data = ContextScript::checkUrl($script->url); if (is_string($data)) { throw new Exception($data); } else { if (trim($script->checksum) !== trim($data["md5"])) { $haschanges = true; } $script->name = $data["name"]; $script->size = $data["size"]; $script->checksum = $data["md5"]; $script->checksumfunc = "md5"; } //Save context script entry if ($this->user) { $script->lastupdatedByID = $this->user->id; } $script->lastupdatedon = "NOW()"; $script->save(); if ($haschanges === true) { //remove old script from storage ContextualizationStorage::remove($script, $this->entry, $this->user->id); //Store context script file $script->guid = generate_uuid_v4(); $script->save(); } $stored = ContextualizationStorage::store($script, $this->swappliance, $this->entry, $data["data"]); if (is_string($stored)) { throw new Exception($stored); } $this->save(); }
public function authenticationAction() { $this->_helper->layout->disableLayout(); $this->_helper->viewRenderer->setNoRender(); $uid = $this->session->userid; header("Content-Type:text/xml"); echo "<" . "?xml version='1.0'?" . ">"; //Check if user is logged in if ($_SERVER['HTTPS'] != "on") { header("HTTP/1.0 403 Forbidden"); return; } if ($uid == null) { header("HTTP/1.0 403 Forbidden"); echo "<apikeys error='Not logged in' ></apikeys>"; return; } if ($_SERVER['REQUEST_METHOD'] == 'DELETE') { header("HTTP/1.0 400 Bad Request"); return; } if ($_SERVER['REQUEST_METHOD'] == "PUT") { parse_str(file_get_contents("php://input"), $post_vars); $keyid = null; $passwd = null; $displayname = null; if (isset($post_vars["key"])) { $keyid = $post_vars["key"]; } if (isset($post_vars["pwd"])) { $passwd = $post_vars["pwd"]; } if (isset($post_vars["name"])) { $displayname = $post_vars["name"]; } if ($keyid === null) { header("HTTP/1.0 400 Bad Request"); return; } if ($passwd === null) { header("HTTP/1.0 400 Bad Request"); return; } if ($displayname === null) { header("HTTP/1.0 400 Bad Request"); return; } $apikeys = new Default_Model_APIKeys(); $apikeys->filter->id->equals($keyid)->and($apikeys->filter->ownerid->equals($uid)); if (count($apikeys->items) == 0) { header("HTTP/1.0 404 Not Found"); echo "<apikeys error='Could not retrieve key' ></apikeys>"; return; } $apikey = $apikeys->items[0]; if ($apikey->ownerid != $uid) { header("HTTP/1.0 404 Not Found"); echo "<apikeys error='Could not retrieve key for user' ></apikeys>"; return; } if ($apikey->sysaccountid != null) { header("HTTP/1.0 405 Method Not Allowed"); echo "<apikeys error='Api key is already associated with a system user account' ></apikeys>"; return; } $users = new Default_Model_Researchers(); $users->filter->id->equals($uid); if (count($users->items) == 0) { header("HTTP/1.0 404 Not Found"); echo "<apikeys error='Session user not found' ></apikeys>"; return; } $usercountryid = $users->items[0]->countryid; $user = new Default_Model_Researcher(); $uname = "appdb-" . generate_uuid_v4(); $user->firstname = ""; $user->lastname = $displayname; $user->institution = ""; $user->username = $uname; $user->password = md5($passwd); $user->accountType = 1; $user->countryid = $usercountryid; $user->positionTypeId = 4; $user->save(); $apikeys = new Default_Model_APIKeys(); $apikeys->filter->id->equals($keyid); $apikeys = $apikeys->items[0]; $apikeys->sysaccountid = $user->id; $apikeys->authmethods = 2; $apikeys->save(); } else { if ($_SERVER['REQUEST_METHOD'] == 'POST') { $data = json_decode($_POST["data"]); $keyid = $data->keyid; //Check if api key exists $apikeys = new Default_Model_APIKeys(); $apikeys->filter->id->equals($keyid)->and($apikeys->filter->ownerid->equals($uid)); if (count($apikeys->items) == 0) { header("HTTP/1.0 404 Not Found"); echo "<apikeys error='Could not retrieve key' ></apikeys>"; return; } //Check if sys account exists $apikey = $apikeys->items[0]; $sysid = $apikey->sysaccountid; $rs = new Default_Model_Researchers(); $rs->filter->id->equals($sysid); if (count($rs->items) == 0) { header("HTTP/1.0 404 Not Found"); echo "<apikeys error='Could not retrieve system user account.' ></apikeys>"; return; } //Check request type if (isset($data->sysdisplayname)) { //update system user name if (trim($data->sysdisplayname) == "") { header("HTTP/1.0 400 Bad Request"); echo "<apikeys error='Empty names are not allowed.' ></apikeys>"; return; } $s = $rs->items[0]; $s->firstname = ""; $s->lastname = $data->sysdisplayname; $s->save(); } else { if (isset($data->old)) { //change password $s = $rs->items[0]; if (!$data->new || trim($data->new) == "") { header("HTTP/1.0 400 Bad Request"); echo "<apikeys error='Empty value for the new password is not allowed.' ></apikeys>"; return; } if ($s->password != md5($data->old)) { header("HTTP/1.0 400 Bad Request"); echo "<apikeys error='The provided value for the old password is incorrect.' ></apikeys>"; return; } $s->password = md5($data->new); $s->save(); } else { if (isset($data->msg)) { $msg = base64_decode($data->msg); if (trim($msg) == '') { header("HTTP/1.0 400 Bad Request"); echo "<apikeys error='Empty message is not allowed' ></apikeys>"; return; } $res = APIKeyRequests::sendPermissionsRequest($uid, $keyid, $msg); if ($res !== true && trim($res) !== '') { header("HTTP/1.0 400 Bad Request"); echo "<apikeys error='" . $res . "' ></apikeys>"; return; } } else { header("HTTP/1.0 400 Bad Request"); return; } } } } } //Return xml representation of API keys for the current user $apikeys = new Default_Model_APIKeys(); $apikeys->filter->ownerid->equals($uid)->and($apikeys->filter->authmethods->notequals(0)); $apikeys = $apikeys->items; echo "<apikeys count='" . count($apikeys) . "' >"; if (count($apikeys) > 0) { foreach ($apikeys as $apikey) { echo "<apikey id='" . $apikey->id . "' key='" . $apikey->key . "' ownerid='" . $apikey->ownerid . "' createdon='" . $apikey->createdon . "' authmethods='" . $apikey->authmethods . "' "; if ($apikey->sysaccountid != null) { echo "sysaccount='" . $apikey->sysaccountid . "' "; $rscs = new Default_Model_Researchers(); $rscs->filter->id->equals($apikey->sysaccountid); if (count($rscs->items) > 0) { echo "sysusername='******' "; echo "sysdisplayname='" . $rscs->items[0]->lastname . "' "; } } $netfilters = new Default_Model_APIKeyNetfilters(); $netfilters->filter->keyid->equals($apikey->id); $netfilters = $netfilters->items; if (count($netfilters) > 0) { echo "netfilters='" . count($netfilters) . "' >"; foreach ($netfilters as $netfilter) { echo "<netfilter value='" . $netfilter->netfilter . "' ></netfilter>"; } } else { echo "netfilters='0'>"; } echo "</apikey>"; } } echo "</apikeys>"; }