function can_upload($session)
{
if ($session['authenticator']) {
$auth = $session['authenticator'];
$reason_session =& get_reason_session();
$username = $reason_session->get("username");
if (isset($_REQUEST['user_id']) && !empty($_REQUEST['user_id'])) {
$username = $reason_session->get('username');
$param_cleanup_rules = array('user_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => 'true')));
$cleanRequest = array_merge($_REQUEST, carl_clean_vars($_REQUEST, $param_cleanup_rules));
$nametag = $cleanRequest['user_id'];
$id = get_user_id($username);
if (reason_user_has_privs($id, 'pose_as_other_user')) {
$user = new Entity($nametag);
$username = $user->get_value("name");
}
}
if ($auth['file']) {
require_once $auth['file'];
}
$args = array_merge(array($username), $auth['arguments']);
if (!call_user_func_array($auth['callback'], $args)) {
return false;
}
}
return true;
}
/**
* Returns the current user's netID from the session, or false if the user is not logged in.
* @return string user_netID
* @access private
*/
function get_authentication_from_session()
{
$this->session =& get_reason_session();
if ($this->session->exists()) {
force_secure_if_available();
if (!$this->session->has_started()) {
$this->session->start();
}
$this->user_netID = $this->session->get('username');
return $this->user_netID;
} else {
return false;
}
}
function get_popup_alert_pref()
{
$sess =& get_reason_session();
$popup_alert = 'false';
if (DEFAULT_TO_POPUP_ALERT) {
$popup_alert = 'true';
}
if ($sess->exists()) {
if (!$sess->has_started()) {
$sess->start();
}
if ($sess->get('_user_popup_alert_pref') == 'yes') {
$popup_alert = 'true';
} elseif ($sess->get('_user_popup_alert_pref') == 'no') {
$popup_alert = 'false';
}
}
return $popup_alert;
}
/**
* Returns the current user's netID, or false if the user does not have an active reason session.
* @return string user's netID.
*/
function get_authentication_from_session()
{
$session =& get_reason_session();
if($session->exists())
{
if( !$session->has_started() )
{
$session->start();
}
$username = $session->get( 'username' );
return $username;
}
else
{
return false;
}
}
/**
* Set up the template
*
* @var integer $site_id
* @var integer $page_id
* @todo page_id should not have a default value -- this makes it seem like you could initialize
* the template without providing a page_id, but that would result in a 404.
*/
function initialize( $site_id, $page_id = '' ) // {{{
{
$this->sess =& get_reason_session();
if( $this->sess->exists() )
{
// if a session exists and the server supports https, pop over to the secure
// site so we have access to the secure session information
force_secure_if_available();
if(!$this->sess->has_started())
$this->sess->start();
}
$this->site_id = $site_id;
$this->page_id = $page_id;
$this->site_info = new entity( $site_id );
$this->page_info = new entity( $page_id );
$this->head_items = new HeadItems();
// make sure that the page exists or that the page's state is Live
// if not, redirect to the 404
if( !$this->page_info->get_values() OR $this->page_info->get_value( 'state' ) != 'Live' )
{
//trigger_error( 'page does not exist', WARNING );
$this->display_404_page();
die();
}
if ($this->use_navigation_cache)
{
$cache = new ReasonObjectCache($this->site_id . '_navigation_cache', 3600); // lifetime of 1 hour
$page_object_cache =& $cache->fetch();
if ($page_object_cache && is_array($page_object_cache) && isset($page_object_cache[$this->nav_class]))
{
$this->pages = $page_object_cache[$this->nav_class];
}
elseif ($page_object_cache && is_object($page_object_cache)) // old format
{
// lets use our cache and also update it
$this->pages = $page_object_cache;
$new_page_object_cache[$this->nav_class] = $this->pages;
$cache->set($new_page_object_cache); // replace with our array keyed cache
}
}
// lets check the persistent cache
if (empty($this->pages) || !isset($this->pages->values[$this->page_info->id()]))
{
// lets setup $this->pages and place in the persistent cache
$this->pages = new $this->nav_class;
// small kludge - just give the tree view access to the site info. used in the show_item function to show the root node of the navigation
$this->pages->site_info =& $this->site_info;
$this->pages->order_by = 'sortable.sort_order';
$this->pages->init( $this->site_id, id_of('minisite_page') );
if ($this->use_navigation_cache)
{
$page_object_cache[$this->nav_class] = $this->pages;
$cache->set($page_object_cache);
}
}
else // if pages came from cache refresh the request variables and set site_info and order_by
{
$this->pages->grab_request();
$this->pages->site_info =& $this->site_info;
$this->pages->order_by = 'sortable.sort_order'; // in case it was changed in the request
}
$this->_handle_access_auth_check();
$this->textonly = '';
if( $this->pages->values )
{
if( !$this->page_id )
$this->page_id = $this->pages->root_node();
$this->pages->cur_page_id = $this->page_id;
$this->pages->force_open( $this->page_id );
$this->cur_page = new entity($this->page_id);
$this->title = $this->cur_page->get_value('name');
$this->get_css_files();
$this->get_meta_information();
if( $this->sess->exists() )
{
if (USE_JS_LOGOUT_TIMER)
{
$this->head_items->add_stylesheet(REASON_HTTP_BASE_PATH.'css/timer.css');
$this->head_items->add_javascript(JQUERY_URL, true);
$this->head_items->add_javascript(WEB_JAVASCRIPT_PATH . 'timer/timer.js');
}
// we know that someone is logged in if the session exists
$this->logged_in = true;
}
// hook for any actions to take prior to loading modules
$this->pre_load_modules();
// load the modules
$this->load_modules();
}
else
{
trigger_error('Page requested not able to be displayed... no pages on site');
$this->_display_403_page();
die();
}
} // }}}
/** @access private */
function _get_disco_async_upload_hidden_fields($upload_sid)
{
if ($GLOBALS['_disco_upload_session_sent']) {
return '';
}
$session =& get_reason_session();
$user_id = isset($_REQUEST['user_id']) ? $_REQUEST['user_id'] : 0;
// IMPORTANT NOTE: Keep this list of fields in sync with the list in
// _get_disco_async_upload_internal_field_names() above.
$fields = array('user_session' => $session->get_id(), 'transfer_session' => $upload_sid, 'receiver' => reason_get_async_upload_script_uri('receive'), 'remover' => reason_get_async_upload_script_uri('destroy'), 'user_id' => turn_into_int($user_id));
$html = array();
foreach ($fields as $name => $value) {
$html[] = '<input type="hidden" name="_reason_upload_' . $name . '" ' . 'value="' . $value . '" />';
}
$GLOBALS['_disco_upload_session_sent'] = true;
return implode("\n", $html);
}
$cache->set_site_id($site_id);
$cache->set_page_id($page_id);
if ($cache->is_cached(get_current_url()) || ($site = get_validated_site($site_id, $page_id)) && $site->get_value('use_page_caching')) {
$use_cache = true;
} else {
$use_cache = false;
$no_cache_reasons[] = 'unsupported site';
}
//-----------------------------------------------------------
// CONDITION UNDER WHICH WE SHOULD NOT USE PAGE CACHING
// - if visitor is a listed developer who is not testing the cache
// - if something was _POSTed
// - if there is an active reason session
// - ** future ** if a module tells us not to use caching
//-----------------------------------------------------------
$sess = get_reason_session();
$requested_api = !empty($_REQUEST['module_api']) && check_against_regexp($_REQUEST['module_api'], array('safechars')) ? $_REQUEST['module_api'] : false;
$requested_identifier = !empty($_REQUEST['module_identifier']) && check_against_regexp($_REQUEST['module_identifier'], array('safechars')) ? $_REQUEST['module_identifier'] : false;
if (is_developer() && empty($_REQUEST['test_cache'])) {
$use_cache = false;
$no_cache_reasons[] = 'developer';
}
if (!empty($_POST)) {
$use_cache = false;
$no_cache_reasons[] = '_POST';
}
if ($requested_api) {
$use_cache = false;
$no_cache_reasons[] = 'api_request';
}
if ($sess->exists()) {
public function init($args = array())
{
$head_items =& $this->parent->head_items;
$head_items->add_javascript(JQUERY_URL, true);
// do we need to do this?
$head_items->add_javascript(WEB_JAVASCRIPT_PATH . 'login/focus.js');
// Search engines should not be indexing versions of the index page with specific destinations
if (isset($this->request['dest_page'])) {
$head_items->add_head_item('meta', array('name' => 'robots', 'content' => 'none'));
}
$this->current_url = get_current_url();
$this->on_secure_page_if_available = !HTTPS_AVAILABLE || on_secure_page();
$this->set_dest_page();
if (isset($this->request['redir_link_text'])) {
$this->redir_link_text = $this->request['redir_link_text'];
}
$this->dest_page = $this->localize_destination_page();
$this->sess =& get_reason_session();
$this->logged_in = false;
// A session exists
if ($this->sess->exists()) {
if ($this->verbose_logging) {
error_log('LOGIN: Session exists');
}
if (!$this->sess->has_started()) {
$this->sess->start();
if ($this->verbose_logging) {
error_log('LOGIN: Session started');
}
}
// user is logging out
if (isset($this->request['logout'])) {
if ($this->verbose_logging) {
error_log('LOGIN: do_logout');
}
// Set the test cookie here, so they can log back in again
$this->set_test_cookie();
$this->do_logout();
} elseif (!$this->sess->get('username')) {
if ($this->verbose_logging) {
error_log('LOGIN: Destroying bad session');
}
$this->sess->destroy();
header('Location: ' . get_current_url());
exit;
} else {
if ($this->verbose_logging) {
error_log('LOGIN: do_logged_in');
}
$this->do_logged_in();
}
} else {
if ($this->verbose_logging) {
error_log('LOGIN: No Session');
}
// In the process of logging in
if ($this->login_in_progress()) {
if ($this->verbose_logging) {
error_log('LOGIN: Login in progress');
}
if ($this->test_cookie_exists()) {
if ($this->verbose_logging) {
error_log('LOGIN: Test cookie exists');
}
$this->do_login();
} else {
if ($this->verbose_logging) {
error_log('LOGIN: NO test cookie');
}
$this->status_msg = 'It appears that you do not have cookies enabled. Please enable cookies and try logging in again';
}
} else {
if ($this->verbose_logging) {
error_log('LOGIN: No login in progress');
}
$this->set_test_cookie();
if (isset($this->request['code'])) {
$s =& get_reason_session();
$this->msg = $s->get_error_msg($this->request['code']);
}
if (isset($this->request['msg_uname'])) {
$this->set_message_from_unique_name($this->request['msg_uname']);
}
}
}
}
function save_submitted_data_to_session()
{
$values =& $this->get_values_for_submitter_view();
$session =& get_reason_session();
if (!$session->has_started()) $session->start();
$session->set('form_confirm', $values);
}
function init($args = array())
{
$head_items =& $this->parent->head_items;
$head_items->add_javascript(JQUERY_URL, true);
$head_items->add_javascript(WEB_JAVASCRIPT_PATH . 'login/focus.js');
$this->current_url = get_current_url();
$this->on_secure_page_if_available = !HTTPS_AVAILABLE || on_secure_page();
if (empty($this->request['dest_page'])) {
// in standalone mode, once the user has successfully logged in, they will be bounced back to the page
// they came from if there was one. otherwise, they will see a successful login message
if ($this->params['login_mode'] == 'standalone') {
if (empty($this->request['popup'])) {
// we have a referer. remember for later.
if (isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['HTTP_REFERER'])) {
$this->dest_page = $_SERVER['HTTP_REFERER'];
} else {
// we have no valid information on where to go back to. this will happen if a user goes
// directly to the login page without clicking on a link. in this case, there will be no
// jumping and a message saying you are logged in will appear along side the logout link.
}
}
} else {
$this->dest_page = $this->current_url;
}
} else {
// Search engines should not be indexing versions of the index page with specific destinations
$head_items->add_head_item('meta', array('name' => 'robots', 'content' => 'none'));
$this->dest_page = $this->request['dest_page'];
}
if (!empty($this->request['redir_link_text'])) {
$this->redir_link_text = $this->request['redir_link_text'];
}
$this->dest_page = $this->localize_destination_page();
$this->sess =& get_reason_session();
$this->logged_in = false;
// A session exists
if ($this->sess->exists()) {
if (!$this->sess->has_started()) {
$this->sess->start();
}
// user is logging out
if (!empty($this->request['logout'])) {
$username = $this->sess->get('username');
$this->sess->destroy();
$this->msg = 'You are now logged out';
$this->log_authentication_event('logout succeeded', $username);
if (empty($this->request['noredirect'])) {
$parts = parse_url($this->dest_page);
$port = isset($parts['port']) && !empty($parts['port']) ? ":" . $parts['port'] : '';
$query = isset($parts['query']) && !empty($parts['query']) ? '?' . $parts['query'] : '';
$fragment = isset($parts['fragment']) ? '#' . $parts['fragment'] : '';
$loc = 'http://' . $parts['host'] . $port . $parts['path'] . $query . $fragment;
header('Location: ' . $loc);
exit;
}
} elseif (!$this->sess->get('username')) {
$this->sess->destroy();
header('Location: ' . get_current_url());
exit;
} else {
$this->logged_in = true;
$this->msg = 'You are logged in as ' . $this->sess->get('username') . '.';
if (!empty($this->dest_page)) {
if ($this->dest_page != get_current_url()) {
$dest_txt = $this->_get_dest_page_text();
$cleaned_dest_page = htmlspecialchars($this->dest_page);
$this->msg_extra = '<p>Proceed to <a href="' . $cleaned_dest_page . '" title="' . $cleaned_dest_page . '">' . htmlspecialchars($dest_txt) . '</a></p>';
}
}
}
} else {
// trying to login
if (!empty($this->request['username']) and !empty($this->request['password'])) {
if ($this->test_cookie_exists()) {
$auth = new directory_service($this->params['auth_service']);
// succesful login
if ($auth->authenticate($this->request['username'], $this->request['password'])) {
$this->sess->start();
$this->logged_in = true;
$this->sess->set('username', trim($this->request['username']));
$this->log_authentication_event('login succeeded', $this->request['username']);
// pop user back to the top of the page. this makes sure that the session
// info is available to all modules
if (!empty($this->dest_page)) {
$parts = parse_url($this->dest_page);
$port = isset($parts['port']) && !empty($parts['port']) ? ":" . $parts['port'] : '';
$query = isset($parts['query']) && !empty($parts['query']) ? '?' . $parts['query'] : '';
$fragment = isset($parts['fragment']) ? '#' . $parts['fragment'] : '';
$loc = securest_available_protocol() . '://' . $parts['host'] . $port . $parts['path'] . $query . $fragment;
header('Location: ' . $loc);
exit;
}
if (!empty($this->request['popup'])) {
$this->close_window = true;
$this->msg = 'You are now logged in. Please close this window.';
}
} else {
$this->log_authentication_event('login failed', $this->request['username']);
$this->msg = 'The username and password you provided do not match. Please try again.';
}
} else {
$this->msg = 'It appears that you do not have cookies enabled. Please enable cookies and try logging in again';
}
} else {
$this->set_test_cookie();
if (!empty($this->request['code'])) {
$s =& get_reason_session();
$this->msg = $s->get_error_msg($this->request['code']);
}
if (!empty($this->request['msg_uname'])) {
$msg_id = id_of($this->request['msg_uname'], true, false);
if (!empty($msg_id)) {
$msg_ent = new entity($msg_id);
if ($msg_ent->get_value('type') == id_of('text_blurb')) {
$this->msg .= $msg_ent->get_value('content');
}
}
}
}
}
}
/**
* Gets information about a specific file, whether it was uploaded in the POST
* body of the current request or in the asynchronous upload session identified
* by the given ID.
*
* If no such file was received, if an empty file was received, or if there was
* an error in receiving or storing the file or if it was rejected by PHP,
* <code>null</code> will be returned.
*
* If an asynchronous upload session ID is given, but no session with that ID
* actually exists, a notice is triggered.
*
* @param string $name the form field name under which the file was submitted
* @param string $async_session_id the ID for the asynchronous upload session
* @param boolean $clear if true, and the uploaded file is found in the
* asynchronous session, the file's record will be removed from the
* session
* @return UploadedFile information about the uploaded file, or
* <code>null</code> if no such file was uploaded or if there was an
* error in uploading it
*/
function reason_get_uploaded_file($name, $async_session_id = null, $clear = false)
{
if ($async_session_id) {
$async_session = _get_async_upload_session($async_session_id);
if ($async_session) {
if (isset($async_session['files'][$name])) {
$records = $async_session['files'][$name];
if (is_array($records) && count($records) > 0) {
$keys = array_keys($records);
$key = $keys[count($keys) - 1];
$async_file = $records[$key];
$file = _uploaded_file_from_async($async_file);
if (!$file || $clear) {
unset($async_session['files'][$name][$key]);
$session =& get_reason_session();
$id = $async_session_id;
$session->set(_async_upload_session_key($id), $async_session);
}
if ($file) {
return $file;
}
}
}
} else {
trigger_warning("tried to get the file {$name} from asynchronous " . 'upload session ' . var_export($async_session_id, true) . ', but ' . 'no such session exists');
}
}
return isset($_FILES[$name]) ? _uploaded_file_from_php($_FILES[$name]) : null;
}
/**
* Disable inline editing - sets session value inline_editing to disabled.
*
* @return boolean success or failure
*/
function disable()
{
if (!$this->reason_allows_inline_editing()) {
return false;
}
$session =& get_reason_session();
if ($session->exists() && $session->has_started()) {
$session->set('inline_editing', "disabled");
return true;
}
return false;
}
