public function process()
 {
     Ozone::init();
     $runData = new RunData();
     $runData->init();
     Ozone::setRunData($runData);
     $runData->handleSessionStart();
     $user = $runData->getUser();
     $site = $this->siteFromHost($_SERVER['HTTP_HOST'], false, true);
     if (!$this->userAllowed($user, $site)) {
         $this->setContentTypeHeader("text/javascript");
         echo "window.location = '/local--auth/' + encodeURIComponent(window.location);";
     }
 }
 public function process()
 {
     Ozone::init();
     $runData = new RunData();
     $runData->init();
     Ozone::setRunData($runData);
     $url = $_GET["url"];
     $confirm = isset($_GET["confirm"]);
     $setie = isset($_GET["setiecookie"]);
     $siteHost = $_SERVER['HTTP_HOST'];
     $site = $this->siteFromHost($siteHost, true, true);
     if ($setie) {
         if ($siteHost != GlobalProperties::$URL_DOMAIN) {
             $this->siteNotExists();
         }
         $runData->handleSessionStart();
         if ($runData->getUser()) {
             setcookie(GlobalProperties::$SESSION_COOKIE_NAME_IE, $runData->getSessionId(), null, '/');
         } else {
             setcookie(GlobalProperties::$SESSION_COOKIE_NAME_IE, "ANONYMOUS", null, '/');
         }
         $this->redirect($url);
     } else {
         if (!$site) {
             $this->siteNotExists();
             return;
         }
         if (!$confirm) {
             $user_id = $_GET["user_id"];
             $skey = $_GET["skey"];
             $session = $runData->getSessionFromDomainHash($skey, $_SERVER['HTTP_HOST'], $user_id);
             if ($session) {
                 setcookie(GlobalProperties::$SESSION_COOKIE_NAME, "_domain_cookie_{$user_id}_{$skey}", null, '/', GlobalProperties::$SESSION_COOKIE_DOMAIN);
                 $this->redirectConfirm($url);
             } else {
                 $this->redirect($url);
             }
         } else {
             // checking if cookie exists
             $runData->handleSessionStart();
             if ($runData->getUser()) {
                 $this->redirect($url);
             } else {
                 $this->cookieError($url);
             }
         }
     }
 }
示例#3
0
 public function process()
 {
     Ozone::init();
     $runData = new RunData();
     $runData->init();
     Ozone::setRunData($runData);
     /* Get session cookie.*/
     $sessionId = $_COOKIE[GlobalProperties::$SESSION_COOKIE_NAME];
     if (!$sessionId) {
         throw new ProcessException('Please accept cookies in your browser.');
     }
     /* Make sure we are using http: protocol. */
     if ($_SERVER['HTTPS']) {
         throw new ProcessException('This controller should be invoked in the http: mode.');
     }
     $pl = $runData->getParameterList();
     $sessionHash = $pl->getParameterValue('sessionHash');
     /* Select session from the database. */
     $c = new Criteria();
     $c->add('session_id', $sessionId);
     $c->add("md5(session_id || '" . self::$secretSeed . "')", $sessionHash);
     $session = DB_OzoneSessionPeer::instance()->selectOne($c);
     if (!$session) {
         throw new ProcessException('No valid session found.');
     }
     /* Set IP strings. */
     /* Assume that the previous ip was obtained using the SSL proto. 
        If not, this controller should not be invoked at all. */
     $session->setIpAddressSsl($session->getIpAddress());
     $session->setIpAddress($runData->createIpString());
     $session->save();
     /* IMPORTANT: Also clear the session cache. */
     $mc = OZONE::$memcache;
     $key = 'session..' . $session->getSessionId();
     $mc->set($key, $session, 0, 600);
     /* If everything went well, redirect to the original URL. */
     $url = $pl->getParameterValue('origUrl');
     if (!$url) {
         $url = 'http://' . GlobalProperties::$URL_HOST;
     }
     //echo $url;
     header('HTTP/1.1 301 Moved Permanently');
     header("Location: {$url}");
 }
 public function process()
 {
     global $timeStart;
     // initialize logging service
     $logger = OzoneLogger::instance();
     $loggerFileOutput = new OzoneLoggerFileOutput();
     $loggerFileOutput->setLogFileName(WIKIDOT_ROOT . "/logs/ozone.log");
     $logger->addLoggerOutput($loggerFileOutput);
     $logger->setDebugLevel(GlobalProperties::$LOGGER_LEVEL);
     $logger->debug("AJAX module request processing started, logger initialized");
     Ozone::init();
     $runData = new RunData();
     /* processing an AJAX request! */
     $runData->setAjaxMode(true);
     $runData->init();
     // extra return array - just for ajax handling
     $runData->ajaxResponseAdd("status", "OK");
     Ozone::setRunData($runData);
     $logger->debug("RunData object created and initialized");
     // handle session at the begging of procession
     $runData->handleSessionStart();
     $template = $runData->getModuleTemplate();
     $classFile = $runData->getModuleClassPath();
     $className = $runData->getModuleClassName();
     $logger->debug("processing template: " . $runData->getModuleTemplate() . ", class: {$className}");
     require_once $classFile;
     $module = new $className();
     // module security check
     if (!$module->isAllowed($runData)) {
         if ($classFile == $runData->getModuleClassPath()) {
             $runData->setModuleTemplate("errors/NotAllowed");
         } else {
             // $module->isAllowed() should set the error template!!! if not -
             // default NotAllowed is used
             // reload the class again - we do not want the unsecure module to render!
             $classFile = $runData->getModuleClassPath();
             $className = $runData->getModuleClassName();
             $logger->debug("processing template: " . $runData->getModuleTemplate() . ", class: {$className}");
             require_once $classFile;
             $module = new $className();
             $runData->setAction(null);
         }
     }
     Ozone::initSmarty();
     $logger->debug("OZONE initialized");
     Ozone::initServices();
     $logger->debug("Smarty template services loaded");
     Ozone::parseMacros();
     $logger->debug("Smarty macros parsed");
     Ozone::updateSmartyPlain();
     $logger->debug("plain version of Smarty created");
     $logger->info("Ozone engines successfully initialized");
     // PROCESS ACTION
     $actionClass = $runData->getAction();
     $logger->debug("processing action {$actionClass}");
     while ($actionClass != null) {
         require_once PathManager::actionClass($actionClass);
         $tmpa1 = explode('/', $actionClass);
         $actionClassStripped = end($tmpa1);
         $action = new $actionClassStripped();
         // action security check
         $classFile = $runData->getModuleClassPath();
         if (!$action->isAllowed($runData)) {
             if ($classFile == $runData->getModuleClassPath()) {
                 $runData->setModuleTemplate("errors/NotAllowed");
             }
             // $action->isAllowed() should set the error template!!! if not -
             // default NotAllowed is used
             break;
         }
         $actionEvent = $runData->getActionEvent();
         if ($actionEvent != null) {
             $action->{$actionEvent}($runData);
             $logger->debug("processing action: {$actionClass}, event: {$actionEvent}");
         } else {
             $logger->debug("processing action: {$actionClass}");
             $action->perform($runData);
         }
         // this is in case action changes the action name so that
         // the next action can be executed.
         if ($runData->getNextAction() != null) {
             $actionClass = $runData->getNextAction();
             $runData->setAction($actionClass);
             $runData->setActionEvent($runData->getNextActionEvent());
         } else {
             $actionClass = null;
         }
     }
     // end action process
     // check if template has been changed by the module. if so...
     if ($template != $runData->getModuleTemplate) {
         $classFile = $runData->getModuleClassPath();
         $className = $runData->getModuleClassName();
         $logger->debug("processing template: " . $runData->getModuleTemplate() . ", class: {$className}");
         require_once $classFile;
         $module = new $className();
     }
     $module->setTemplate($template);
     $rendered = $module->render($runData);
     $rVars = $runData->getAjaxResponse();
     if ($rendered != null) {
         // process modules...
         $moduleProcessor = new ModuleProcessor($runData);
         $out = $moduleProcessor->process($rendered);
         $rVars['body'] = $out;
     }
     $json = new JSONService();
     $out = $json->encode($rVars);
     echo $out;
     $runData->handleSessionEnd();
 }
示例#5
0
    $npage->setMetadataId($nmeta->getMetadataId());
    $npage->setTitle($title);
    $npage->setUnixName($unixName);
    $npage->setDateLastEdited($now);
    $npage->setDateCreated($now);
    $npage->setLastEditUserId(1);
    $npage->setOwnerUserId(1);
    $npage->save();
    $nrev->setPageId($npage->getPageId());
    $nrev->save();
    $ncomp = new DB_PageCompiled();
    $ncomp->setPageId($npage->getPageId());
    $ncomp->setDateCompiled($now);
    $ncomp->save();
}
Ozone::init();
$db = Database::connection();
$db->begin();
$od = new Outdater();
$od->recompileWholeSite(DB_SitePeer::instance()->selectByPrimaryKey(1));
$db->commit();
$db->begin();
$c = new Criteria();
$c->add("name", "auth");
$c->add("site_id", 1);
if (DB_CategoryPeer::instance()->selectOne($c)) {
    die("The auth category already exists!\n\n");
}
$ncat = DB_CategoryPeer::instance()->selectByPrimaryKey(1);
$ncat->setNew(true);
$ncat->setCategoryId(null);
 public function process()
 {
     Ozone::init();
     $runData = new RunData();
     $runData->init();
     Ozone::setRunData($runData);
     $siteHost = $_SERVER['HTTP_HOST'];
     $site = $this->siteFromHost($siteHost, false, true);
     if (!$site) {
         $this->siteNotExists();
         return;
     }
     if ($site->getSettings()->getSslMode() == "ssl_only" && !$_SERVER['HTTPS']) {
         header("HTTP/1.1 301 Moved Permanently");
         header("Location: https://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}");
         return;
     }
     $file = urldecode($_SERVER['QUERY_STRING']);
     $file = preg_replace("/\\?[0-9]+\$/", "", $file);
     $file = preg_replace("|^/*|", "", $file);
     if (!$file) {
         $this->fileNotExists();
         return;
     }
     $path = $this->buildPath($site, $file);
     if ($this->isUploadDomain($siteHost) || !GlobalProperties::$USE_UPLOAD_DOMAIN) {
         if ($this->publicArea($site, $file)) {
             if ($this->isCodeRequest($file)) {
                 $this->serveCode($site, $file, GlobalProperties::$CACHE_FILES_FOR, GlobalProperties::$RESTRICT_HTML);
             } else {
                 $this->serveFileWithMime($path, GlobalProperties::$CACHE_FILES_FOR, GlobalProperties::$RESTRICT_HTML);
             }
             return;
         } else {
             /* NON PUBLIC AREA -- CHECK PERMISSION! */
             $runData->handleSessionStart();
             $user = $runData->getUser();
             if ($this->userAllowed($user, $site, $file)) {
                 if ($this->isCodeRequest($file)) {
                     $this->serveCode($site, $file, -3600);
                 } elseif ($this->isAuthRequest($file)) {
                     $this->serveAuthResponse($file);
                 } else {
                     $this->serveFileWithMime($path, -3600, GlobalProperties::$RESTRICT_HTML);
                 }
                 return;
             } else {
                 $url = $this->buildURL($site, GlobalProperties::$URL_DOMAIN, $file);
                 $this->redirect($url);
                 return;
             }
         }
     } else {
         /* NOT UPLOAD DOMAIN, so it's *.wikidot.com or a custom domain */
         if ($this->publicArea($site, $file)) {
             $url = $this->buildURL($site, GlobalProperties::$URL_UPLOAD_DOMAIN, $file);
             $this->redirect($url);
             return;
         } else {
             $runData->handleSessionStart();
             $user = $runData->getUser();
             if ($this->userAllowed($user, $site, $file)) {
                 $siteFilesDomain = $site->getUnixName() . "." . GlobalProperties::$URL_UPLOAD_DOMAIN;
                 $skey = $runData->generateSessionDomainHash($siteFilesDomain);
                 $user_id = $user->getUserId();
                 $file_url = $this->buildURL($site, GlobalProperties::$URL_UPLOAD_DOMAIN, $file);
                 $url = $siteFilesDomain . CustomDomainLoginFlowController::$controllerUrl;
                 $this->redirect($url, array("user_id" => $user_id, "skey" => $skey, "url" => $file_url), true);
                 return;
             }
         }
     }
     $this->forbidden();
 }
 public function process()
 {
     global $timeStart;
     // initialize logging service
     $logger = OzoneLogger::instance();
     $loggerFileOutput = new OzoneLoggerFileOutput();
     $loggerFileOutput->setLogFileName(WIKIDOT_ROOT . "/logs/ozone.log");
     $logger->addLoggerOutput($loggerFileOutput);
     $logger->setDebugLevel(GlobalProperties::$LOGGER_LEVEL);
     $logger->debug("AJAX module request processing started, logger initialized");
     Ozone::init();
     $runData = new RunData();
     /* processing an AJAX request! */
     $runData->setAjaxMode(true);
     $runData->init();
     // extra return array - just for ajax handling
     $runData->ajaxResponseAdd("status", "ok");
     Ozone::setRunData($runData);
     $logger->debug("RunData object created and initialized");
     try {
         // check security token
         if ($_COOKIE['wikidot_token7'] == null || $_COOKIE['wikidot_token7'] !== $runData->getParameterList()->getParameterValue('wikidot_token7', 'AMODULE')) {
             throw new ProcessException("no", "wrong_token7");
         }
         //remove token from parameter list!!!
         $runData->getParameterList()->delParameter('wikidot_token7');
         $callbackIndex = $runData->getParameterList()->getParameterValue('callbackIndex');
         $runData->getParameterList()->delParameter('callbackIndex');
         // check if site (wiki) exists!
         $siteHost = $_SERVER["HTTP_HOST"];
         $memcache = Ozone::$memcache;
         if (preg_match("/^([a-zA-Z0-9\\-]+)\\." . GlobalProperties::$URL_DOMAIN_PREG . "\$/", $siteHost, $matches) == 1) {
             $siteUnixName = $matches[1];
             // select site based on the unix name
             // check memcached first!
             // the memcache block is to avoid database connection if possible
             $mcKey = 'site..' . $siteUnixName;
             $site = $memcache->get($mcKey);
             if ($site == false) {
                 $c = new Criteria();
                 $c->add("unix_name", $siteUnixName);
                 $c->add("site.deleted", false);
                 $site = DB_SitePeer::instance()->selectOne($c);
                 $memcache->set($mcKey, $site, 0, 3600);
             }
         } else {
             // select site based on the custom domain
             $mcKey = 'site_cd..' . $siteHost;
             $site = $memcache->get($mcKey);
             if ($site == false) {
                 $c = new Criteria();
                 $c->add("custom_domain", $siteHost);
                 $c->add("site.deleted", false);
                 $site = DB_SitePeer::instance()->selectOne($c);
                 $memcache->set($mcKey, $site, 0, 3600);
             }
             GlobalProperties::$SESSION_COOKIE_DOMAIN = '.' . $siteHost;
         }
         if (!$site) {
             throw new ProcessException(_('The requested site does not exist.'));
         }
         $runData->setTemp("site", $site);
         //nasty global thing...
         $GLOBALS['siteId'] = $site->getSiteId();
         $GLOBALS['site'] = $site;
         // set language
         $runData->setLanguage($site->getLanguage());
         $GLOBALS['lang'] = $site->getLanguage();
         // and for gettext too:
         $lang = $site->getLanguage();
         switch ($lang) {
             case 'pl':
                 $glang = "pl_PL";
                 break;
             case 'en':
                 $glang = "en_US";
                 break;
         }
         putenv("LANG={$glang}");
         putenv("LANGUAGE={$glang}");
         setlocale(LC_ALL, $glang . '.UTF-8');
         // Set the text domain as 'messages'
         $gdomain = 'messages';
         bindtextdomain($gdomain, WIKIDOT_ROOT . '/locale');
         textdomain($gdomain);
         $settings = $site->getSettings();
         // handle SSL
         $sslMode = $settings->getSslMode();
         if ($_SERVER['HTTPS']) {
             if (!$sslMode) {
                 // not enabled, issue an errorr
                 throw new ProcessException(_("Secure access is not enabled for this Wiki."));
             } elseif ($sslMode == "ssl_only_paranoid") {
                 // use secure authentication cookie
                 // i.e. change authentication scheme
                 GlobalProperties::$SESSION_COOKIE_NAME = "WIKIDOT_SESSION_SECURE_ID";
                 GlobalProperties::$SESSION_COOKIE_SECURE = true;
             }
         } else {
             // page accessed via http (nonsecure)
             switch ($sslMode) {
                 case 'ssl':
                     //enabled, but nonsecure allowed too.
                     break;
                 case 'ssl_only_paranoid':
                 case 'ssl_only':
                     throw new ProcessException(_("Nonsecure access is not enabled for this Wiki."));
                     break;
             }
         }
         // handle session at the begging of procession
         $runData->handleSessionStart();
         // PRIVATE SITES: check if the site is private and if the user is its member
         if ($site->getPrivate()) {
             // check if not allow anyway
             $template = $runData->getModuleTemplate();
             $actionClass = $runData->getAction();
             $proceed = in_array($actionClass, array('', 'LoginAction', 'MembershipApplyAction', 'CreateAccountAction', 'PasswordRecoveryAction')) && ($template == '' || $template == 'Empty' || preg_match(';^createaccount/;', $template) || preg_match(';^login/;', $template) || preg_match(';^membership/;', $template) || preg_match(';^passwordrecovery/;', $template));
             if (!$proceed) {
                 $user = $runData->getUser();
                 if ($user && !$user->getSuperAdmin() && !$user->getSuperModerator()) {
                     // check if member
                     $c = new Criteria();
                     $c->add("site_id", $site->getSiteId());
                     $c->add("user_id", $user->getUserId());
                     $mem = DB_MemberPeer::instance()->selectOne($c);
                     if (!$mem) {
                         // check if a viewer
                         $c = new Criteria();
                         $c->add("site_id", $site->getSiteId());
                         $c->add("user_id", $user->getUserId());
                         $vi = DB_SiteViewerPeer::instance()->selectOne($c);
                         if (!$vi) {
                             $user = null;
                         }
                     }
                 }
                 if ($user == null) {
                     throw new ProcessException(_('This Site is private and accessible only to its members.'));
                 }
             }
         }
         $template = $runData->getModuleTemplate();
         $classFile = $runData->getModuleClassPath();
         $className = $runData->getModuleClassName();
         $logger->debug("processing template: " . $runData->getModuleTemplate() . ", class: {$className}");
         require_once $classFile;
         $module = new $className();
         // module security check
         if (!$module->isAllowed($runData)) {
             throw new WDPermissionException(_("Not allowed."));
         }
         Ozone::initSmarty();
         $logger->debug("OZONE initialized");
         $logger->info("Ozone engines successfully initialized");
         // PROCESS ACTION
         $actionClass = $runData->getAction();
         $logger->debug("processing action {$actionClass}");
         $runData->setTemp("jsInclude", array());
         $runData->setTemp("cssInclude", array());
         if ($actionClass) {
             require_once PathManager::actionClass($actionClass);
             $tmpa1 = explode('/', $actionClass);
             $actionClassStripped = end($tmpa1);
             $action = new $actionClassStripped();
             $classFile = $runData->getModuleClassPath();
             if (!$action->isAllowed($runData)) {
                 throw new WDPermissionException("Not allowed.");
             }
             $actionEvent = $runData->getActionEvent();
             /*try{*/
             if ($actionEvent != null) {
                 $action->{$actionEvent}($runData);
                 $logger->debug("processing action: {$actionClass}, event: {$actionEvent}");
             } else {
                 $logger->debug("processing action: {$actionClass}");
                 $action->perform($runData);
             }
         }
         // end action process
         // check if template has been changed by the module. if so...
         if ($template != $runData->getModuleTemplate()) {
             $classFile = $runData->getModuleClassPath();
             $className = $runData->getModuleClassName();
             $logger->debug("processing template: " . $runData->getModuleTemplate() . ", class: {$className}");
             require_once $classFile;
             $module = new $className();
         }
         $module->setTemplate($template);
         $rendered = $module->render($runData);
         $jsInclude = $runData->getTemp("jsInclude");
         $jsInclude = array_merge($jsInclude, $module->getExtraJs());
         $runData->setTemp("jsInclude", $jsInclude);
         $cssInclude = $runData->getTemp("cssInclude");
         $cssInclude = array_merge($cssInclude, $module->getExtraCss());
         $runData->setTemp("cssInclude", $cssInclude);
     } catch (ProcessException $e) {
         $db = Database::connection();
         $db->rollback();
         $runData->ajaxResponseAdd("message", $e->getMessage());
         $runData->ajaxResponseAdd("status", $e->getStatus());
         $runData->setModuleTemplate(null);
         $template = null;
     } catch (WDPermissionException $e) {
         $db = Database::connection();
         $db->rollback();
         $runData->ajaxResponseAdd("message", $e->getMessage());
         $runData->ajaxResponseAdd("status", "no_permission");
         $runData->setModuleTemplate(null);
         $template = null;
     } catch (Exception $e) {
         $db = Database::connection();
         $db->rollback();
         $runData->ajaxResponseAdd("message", _("An error occured while processing the request.") . ' ' . $e->getMessage());
         $runData->ajaxResponseAdd("status", "not_ok");
         $runData->setModuleTemplate(null);
         $template = null;
         // LOG ERROR TOO!!!
         $logger = OzoneLogger::instance();
         $logger->error("Exception caught while processing ajax module:\n\n" . $e->__toString());
     }
     $rVars = $runData->getAjaxResponse();
     if ($rendered != null) {
         // process modules...
         $moduleProcessor = new ModuleProcessor($runData);
         $out = $moduleProcessor->process($rendered);
         $rVars['body'] = $out;
         // check the javascript files for inclusion
     }
     if ($template != null && $template != "Empty") {
         $jsInclude = $runData->getTemp("jsInclude");
         if ($module->getIncludeDefaultJs()) {
             $file = WIKIDOT_ROOT . '/' . GlobalProperties::$MODULES_JS_PATH . '/' . $template . '.js';
             if (file_exists($file)) {
                 $url = GlobalProperties::$MODULES_JS_URL . '/' . $template . '.js';
                 $incl = $url;
                 $jsInclude[] = $incl;
             }
         }
         $rVars['jsInclude'] = $jsInclude;
         $cssInclude = $runData->getTemp("cssInclude");
         if ($module->getIncludeDefaultCss()) {
             $file = WIKIDOT_ROOT . '/' . GlobalProperties::$MODULES_CSS_PATH . '/' . $template . '.css';
             if (file_exists($file)) {
                 $url = GlobalProperties::$MODULES_CSS_URL . '/' . $template . '.css';
                 $incl = $url;
                 $cssInclude[] = $incl;
             }
         }
         $rVars['cssInclude'] = $cssInclude;
     }
     // specify (copy) jscallback. ugly, right? ;-)
     $rVars['callbackIndex'] = $callbackIndex;
     $json = new JSONService();
     $out = $json->encode($rVars);
     $runData->handleSessionEnd();
     echo $out;
 }
示例#8
0
 public function process()
 {
     global $timeStart;
     // quick fix to prevent recursive RSS access by Wikidot itself.
     if (strpos($_SERVER['HTTP_USER_AGENT'], 'MagpieRSS') !== false) {
         exit;
     }
     // initialize logging service
     $logger = OzoneLogger::instance();
     $loggerFileOutput = new OzoneLoggerFileOutput();
     $loggerFileOutput->setLogFileName(WIKIDOT_ROOT . "/logs/ozone.log");
     $logger->addLoggerOutput($loggerFileOutput);
     $logger->setDebugLevel(GlobalProperties::$LOGGER_LEVEL);
     $logger->debug("request processing started, logger initialized");
     Ozone::init();
     $runData = new RunData();
     $runData->init();
     Ozone::setRunData($runData);
     $logger->debug("RunData object created and initialized");
     // check if site (wiki) exists!
     $siteHost = $_SERVER["HTTP_HOST"];
     $memcache = Ozone::$memcache;
     if (preg_match("/^([a-zA-Z0-9\\-]+)\\." . GlobalProperties::$URL_DOMAIN_PREG . "\$/", $siteHost, $matches) == 1) {
         $siteUnixName = $matches[1];
         // select site based on the unix name
         // check memcached first!
         $mcKey = 'site..' . $siteUnixName;
         $site = $memcache->get($mcKey);
         if (!$site) {
             $c = new Criteria();
             $c->add("unix_name", $siteUnixName);
             $c->add("site.deleted", false);
             $site = DB_SitePeer::instance()->selectOne($c);
             if ($site) {
                 $memcache->set($mcKey, $site, 0, 864000);
             }
         }
     } else {
         // select site based on the custom domain
         $mcKey = 'site_cd..' . $siteHost;
         $site = $memcache->get($mcKey);
         if (!$site) {
             $c = new Criteria();
             $c->add("custom_domain", $siteHost);
             $c->add("site.deleted", false);
             $site = DB_SitePeer::instance()->selectOne($c);
             if ($site) {
                 $memcache->set($mcKey, $site, 0, 3600);
             }
         }
         if (!$site) {
             // check for redirects
             $c = new Criteria();
             $q = "SELECT site.* FROM site, domain_redirect WHERE domain_redirect.url='" . db_escape_string($siteHost) . "' " . "AND site.deleted = false AND site.site_id = domain_redirect.site_id LIMIT 1";
             $c->setExplicitQuery($q);
             $site = DB_SitePeer::instance()->selectOne($c);
             if ($site) {
                 $newUrl = 'http://' . $site->getDomain() . $_SERVER['REQUEST_URI'];
                 header("HTTP/1.1 301 Moved Permanently");
                 header("Location: " . $newUrl);
                 exit;
             }
         }
         GlobalProperties::$SESSION_COOKIE_DOMAIN = '.' . $siteHost;
     }
     if (!$site) {
         $content = file_get_contents(WIKIDOT_ROOT . "/files/site_not_exists.html");
         echo $content;
         return $content;
     }
     $runData->setTemp("site", $site);
     //nasty global thing...
     $GLOBALS['siteId'] = $site->getSiteId();
     $GLOBALS['site'] = $site;
     // set language
     $lang = $site->getLanguage();
     $runData->setLanguage($lang);
     $GLOBALS['lang'] = $lang;
     // and for gettext too:
     switch ($lang) {
         case 'pl':
             $glang = "pl_PL";
             break;
         case 'en':
             $glang = "en_US";
             break;
     }
     putenv("LANG={$glang}");
     putenv("LANGUAGE={$glang}");
     setlocale(LC_ALL, $glang . '.UTF-8');
     // Set the text domain as 'messages'
     $gdomain = 'messages';
     bindtextdomain($gdomain, WIKIDOT_ROOT . '/locale');
     textdomain($gdomain);
     $settings = $site->getSettings();
     // handle SSL
     $sslMode = $settings->getSslMode();
     if ($_SERVER['HTTPS']) {
         if (!$sslMode) {
             // not enabled, redirect to http:
             header("HTTP/1.1 301 Moved Permanently");
             header("Location: " . 'http://' . $_SERVER["HTTP_HOST"] . $_SERVER['REQUEST_URI']);
             exit;
         } elseif ($sslMode == "ssl_only_paranoid") {
             // use secure authentication cookie
             // i.e. change authentication scheme
             GlobalProperties::$SESSION_COOKIE_NAME = "WIKIDOT_SESSION_SECURE_ID";
             GlobalProperties::$SESSION_COOKIE_SECURE = true;
         }
     } else {
         // page accessed via http (nonsecure)
         switch ($sslMode) {
             case 'ssl':
                 //enabled, but nonsecure allowed too.
                 break;
             case 'ssl_only_paranoid':
             case 'ssl_only':
                 header("HTTP/1.1 301 Moved Permanently");
                 header("Location: " . 'https://' . $_SERVER["HTTP_HOST"] . $_SERVER['REQUEST_URI']);
                 exit;
                 break;
         }
     }
     // handle session at the begging of procession
     $runData->handleSessionStart();
     $template = $runData->getScreenTemplate();
     $classFile = $runData->getScreenClassPath();
     $className = $runData->getScreenClassName();
     $logger->debug("processing template: " . $runData->getScreenTemplate() . ", class: {$className}");
     require_once $classFile;
     $screen = new $className();
     $logger->debug("OZONE initialized");
     $logger->info("Ozone engines successfully initialized");
     $rendered = $screen->render($runData);
     if ($rendered != null) {
         $runData->setTemp("jsInclude", array());
         // process modules...
         $moduleProcessor = new ModuleProcessor($runData);
         //$moduleProcessor->setJavascriptInline(true); // embed associated javascript files in <script> tags
         $moduleProcessor->setCssInline(true);
         $rendered = $moduleProcessor->process($rendered);
         $jss = $runData->getTemp("jsInclude");
         $jss = array_unique($jss);
         $incl = '';
         foreach ($jss as $js) {
             $incl .= '<script type="text/javascript" src="' . $js . '"></script>';
         }
         $rendered = preg_replace(';</head>;', $incl . '</head>', $rendered);
     }
     $runData->handleSessionEnd();
     // one more thing - some url will need to be rewritten if using HTTPS
     if ($_SERVER['HTTPS']) {
         // ?
         // scripts
         $rendered = preg_replace(';<script(.*?)src="http://' . GlobalProperties::$URL_HOST_PREG . '(.*?)</script>;s', '<script\\1src="https://' . GlobalProperties::$URL_HOST . '\\2</script>', $rendered);
         $rendered = preg_replace(';<link(.*?)href="http://' . GlobalProperties::$URL_HOST_PREG . '(.*?)/>;s', '<link\\1href="https://' . GlobalProperties::$URL_HOST . '\\2/>', $rendered);
         $rendered = preg_replace(';(<img\\s+.*?src=")http(://' . GlobalProperties::$URL_HOST_PREG . '(.*?)/>);s', '\\1https\\2', $rendered);
         do {
             $renderedOld = $rendered;
             $rendered = preg_replace(';(<style\\s+[^>]*>.*?@import url\\()http(://' . GlobalProperties::$URL_HOST_PREG . '.*?</style>);si', '\\1https\\2', $rendered);
         } while ($renderedOld != $rendered);
     }
     if (GlobalProperties::$SEARCH_HIGHLIGHT) {
         $rendered = Wikidot_Search_Highlighter::highlightIfSuitable($rendered, $_SERVER["REQUEST_URI"], $_SERVER["HTTP_REFERER"]);
     }
     echo str_replace("%%%CURRENT_TIMESTAMP%%%", time(), $rendered);
     return $rendered;
 }
 public function process()
 {
     global $timeStart;
     // initialize logging service
     $logger = OzoneLogger::instance();
     $loggerFileOutput = new OzoneLoggerFileOutput();
     $loggerFileOutput->setLogFileName(WIKIDOT_ROOT . "/logs/ozone.log");
     $logger->addLoggerOutput($loggerFileOutput);
     $logger->setDebugLevel(GlobalProperties::$LOGGER_LEVEL);
     $logger->debug("request processing started, logger initialized");
     Ozone::init();
     $runData = new RunData();
     $runData->init();
     Ozone::setRunData($runData);
     $logger->debug("RunData object created and initialized");
     // handle session at the begging of procession
     $runData->handleSessionStart();
     $template = $runData->getScreenTemplate();
     $classFile = $runData->getScreenClassPath();
     $className = $runData->getScreenClassName();
     $logger->debug("processing template: " . $runData->getScreenTemplate() . ", class: {$className}");
     require_once $classFile;
     $screen = new $className();
     // screen security check
     if (!$screen->isAllowed($runData)) {
         if ($classFile == $runData->getScreenClassPath()) {
             $runData->setScreenTemplate("errors/NotAllowed");
         } else {
             // $screen->isAllowed() should set the error template!!! if not -
             // default NotAllowed is used
             // reload the class again - we do not want the unsecure screen to render!
             $classFile = $runData->getScreenClassPath();
             $className = $runData->getScreenClassName();
             $logger->debug("processing template: " . $runData->getScreenTemplate() . ", class: {$className}");
             require_once $classFile;
             $screen = new $className();
             $runData->setAction(null);
         }
     }
     $logger->info("Ozone engines successfully initialized");
     // caching of LAYOUT tasks should start here
     $cacheSettings = $screen->getScreenCacheSettings();
     $updateLayoutContentLater = false;
     if ($runData->getRequestMethod() == "GET" && $runData->getAction() == null && $cacheSettings != null && $cacheSettings->isLayoutCacheable($runData)) {
         $content = ScreenCacheManager::instance()->cachedLayout($runData, $screen->getScreenCacheSettings());
         if ($content != null && $content != "") {
             // process modules!!!
             // process modules...
             $moduleProcessor = new ModuleProcessor($runData);
             $out = $moduleProcessor->process($content);
             echo $out;
             $runData->handleSessionEnd();
             return;
         } else {
             $updateLayoutContentLater = true;
         }
     }
     // PROCESS ACTION
     $actionClass = $runData->getAction();
     $logger->debug("processing action {$actionClass}");
     while ($actionClass != null) {
         require_once PathManager::actionClass($actionClass);
         $tmpa1 = explode('/', $actionClass);
         $actionClassStripped = end($tmpa1);
         $action = new $actionClassStripped();
         $classFile = $runData->getScreenClassPath();
         if (!$action->isAllowed($runData)) {
             if ($classFile == $runData->getScreenClassPath()) {
                 $runData->setScreenTemplate("errors/NotAllowed");
             }
             // $action->isAllowed() should set the error template!!! if not -
             // default NotAllowed is used
             break;
         }
         $actionEvent = $runData->getActionEvent();
         if ($actionEvent != null) {
             $action->{$actionEvent}($runData);
             $logger->debug("processing action: {$actionClass}, event: {$actionEvent}");
         } else {
             $logger->debug("processing action: {$actionClass}");
             $action->perform($runData);
         }
         // this is in case action changes the action name so that
         // the next action can be executed.
         if ($runData->getNextAction() != null) {
             $actionClass = $runData->getNextAction();
             $runData->setAction($actionClass);
             $runData->setActionEvent($runData->getNextActionEvent());
         } else {
             $actionClass = null;
         }
     }
     // end action process
     // check if template has been changed by the action. if so...
     if ($template != $runData->getScreenTemplate) {
         $classFile = $runData->getScreenClassPath();
         $className = $runData->getScreenClassName();
         $logger->debug("processing template: " . $runData->getScreenTemplate() . ", class: {$className}");
         require_once $classFile;
         $screen = new $className();
     }
     $rendered = $screen->render($runData);
     if ($rendered != null) {
         // process modules...
         $moduleProcessor = new ModuleProcessor($runData);
         $out = $moduleProcessor->process($rendered);
     }
     if ($updateLayoutContentLater == true) {
         ScreenCacheManager::instance()->updateCachedLayout($runData, $rendered);
     }
     $runData->handleSessionEnd();
     echo $out;
 }
示例#10
0
 public function process()
 {
     // initialize logging service
     $logger = OzoneLogger::instance();
     $loggerFileOutput = new OzoneLoggerFileOutput();
     $loggerFileOutput->setLogFileName(WIKIDOT_ROOT . "/logs/ozone.log");
     $logger->addLoggerOutput($loggerFileOutput);
     $logger->setDebugLevel(GlobalProperties::$LOGGER_LEVEL);
     $logger->debug("Feed request processing started, logger initialized");
     Ozone::init();
     $runData = new RunData();
     $runData->init();
     Ozone::setRunData($runData);
     $logger->debug("RunData object created and initialized");
     // check if site (wiki) exists!
     $siteHost = $_SERVER["HTTP_HOST"];
     $memcache = Ozone::$memcache;
     if (preg_match("/^([a-zA-Z0-9\\-]+)\\." . GlobalProperties::$URL_DOMAIN . "\$/", $siteHost, $matches) == 1) {
         $siteUnixName = $matches[1];
         // select site based on the unix name
         // check memcached first!
         // the memcache block is to avoid database connection if possible
         $mcKey = 'site..' . $siteUnixName;
         $site = $memcache->get($mcKey);
         if ($site == false) {
             $c = new Criteria();
             $c->add("unix_name", $siteUnixName);
             $c->add("site.deleted", false);
             $site = DB_SitePeer::instance()->selectOne($c);
             $memcache->set($mcKey, $site, 0, 3600);
         }
     } else {
         // select site based on the custom domain
         $mcKey = 'site_cd..' . $siteHost;
         $site = $memcache->get($mcKey);
         if ($site == false) {
             $c = new Criteria();
             $c->add("custom_domain", $siteHost);
             $c->add("site.deleted", false);
             $site = DB_SitePeer::instance()->selectOne($c);
             $memcache->set($mcKey, $site, 0, 3600);
         }
         GlobalProperties::$SESSION_COOKIE_DOMAIN = '.' . $siteHost;
     }
     if ($site == null) {
         $content = file_get_contents(WIKIDOT_ROOT . "/files/site_not_exists.html");
         echo $content;
         return $content;
     }
     $runData->setTemp("site", $site);
     //nasty global thing...
     $GLOBALS['siteId'] = $site->getSiteId();
     $GLOBALS['site'] = $site;
     // set language
     $lang = $site->getLanguage();
     $runData->setLanguage($lang);
     $GLOBALS['lang'] = $lang;
     // and for gettext too:
     switch ($lang) {
         case 'pl':
             $glang = "pl_PL";
             break;
         case 'en':
             $glang = "en_US";
             break;
     }
     putenv("LANG={$glang}");
     putenv("LANGUAGE={$glang}");
     setlocale(LC_ALL, $glang . '.UTF-8');
     $settings = $site->getSettings();
     // handle SSL
     $sslMode = $settings->getSslMode();
     if ($_SERVER['HTTPS']) {
         if (!$sslMode) {
             // not enabled, redirect to http:
             echo _("Secure access is not enabled for this Wiki.");
             exit;
         }
     }
     $template = $runData->getScreenTemplate();
     $classFile = $runData->getScreenClassPath();
     $className = $runData->getScreenClassName();
     $logger->debug("processing template: " . $runData->getScreenTemplate() . ", class: {$className}");
     require_once $classFile;
     $screen = new $className();
     // check if requires authentication
     if ($screen->getRequiresAuthentication() || $site->getPrivate()) {
         $username = $_SERVER['PHP_AUTH_USER'];
         $password = $_SERVER['PHP_AUTH_PW'];
         $user = null;
         if ($username !== null && $password !== null) {
             $user = SecurityManager::getUserByName($username);
             if ($user) {
                 $upass = md5("feed_hashed_password_" . $user->getPassword());
                 $upass = substr($upass, 0, 15);
                 if ($upass !== $password) {
                     $user = null;
                 }
             }
         }
         if ($site->getPrivate()) {
             if ($user && !$user->getSuperAdmin() && !$user->getSuperModerator()) {
                 // check if member
                 $c = new Criteria();
                 $c->add("site_id", $site->getSiteId());
                 $c->add("user_id", $user->getUserId());
                 $mem = DB_MemberPeer::instance()->selectOne($c);
                 if (!$mem) {
                     // check if a viewer
                     $c = new Criteria();
                     $c->add("site_id", $site->getSiteId());
                     $c->add("user_id", $user->getUserId());
                     $vi = DB_SiteViewerPeer::instance()->selectOne($c);
                     if (!$vi) {
                         $user = null;
                     }
                 }
             }
         }
         if ($user == null) {
             header('WWW-Authenticate: Basic realm="Private"');
             header('HTTP/1.0 401 Unauthorized');
             header('Content-type: text/plain; charset=utf-8');
             echo _("This is a private feed. User authentication required via Basic HTTP Authentication. You can not access it. Please go to 'Account settings' -> 'Notifications' to get the password if you believe you should be allowed.");
             exit;
         }
         $runData->setTemp("user", $user);
     }
     $logger->debug("OZONE initialized");
     $logger->info("Ozone engines successfully initialized");
     $rendered = $screen->render($runData);
     echo str_replace("%%%CURRENT_TIMESTAMP%%%", time(), $rendered);
     return $rendered;
 }
示例#11
0
 public function process()
 {
     global $timeStart;
     // initialize logging service
     $logger = OzoneLogger::instance();
     $loggerFileOutput = new OzoneLoggerFileOutput();
     $loggerFileOutput->setLogFileName(WIKIDOT_ROOT . "/logs/ozone.log");
     $logger->addLoggerOutput($loggerFileOutput);
     $logger->setDebugLevel(GlobalProperties::$LOGGER_LEVEL);
     $logger->debug("request processing started, logger initialized");
     Ozone::init();
     $runData = new RunData();
     $runData->init();
     Ozone::setRunData($runData);
     $logger->debug("RunData object created and initialized");
     // check if site (wiki) exists!
     $siteHost = $_SERVER["HTTP_HOST"];
     $memcache = Ozone::$memcache;
     if (preg_match("/^([a-zA-Z0-9\\-]+)\\." . GlobalProperties::$URL_DOMAIN_PREG . "\$/", $siteHost, $matches) == 1) {
         $siteUnixName = $matches[1];
         // select site based on the unix name
         // check memcached first!
         // the memcache block is to avoid database connection if possible
         $mcKey = 'site..' . $siteUnixName;
         $site = $memcache->get($mcKey);
         if ($site == false) {
             $c = new Criteria();
             $c->add("unix_name", $siteUnixName);
             $c->add("site.deleted", false);
             $site = DB_SitePeer::instance()->selectOne($c);
             $memcache->set($mcKey, $site, 0, 3600);
         }
     } else {
         // select site based on the custom domain
         $mcKey = 'site_cd..' . $siteHost;
         $site = $memcache->get($mcKey);
         if ($site == false) {
             $c = new Criteria();
             $c->add("custom_domain", $siteHost);
             $c->add("site.deleted", false);
             $site = DB_SitePeer::instance()->selectOne($c);
             $memcache->set($mcKey, $site, 0, 3600);
         }
         GlobalProperties::$SESSION_COOKIE_DOMAIN = '.' . $siteHost;
     }
     if ($site == null) {
         $runData->setScreenTemplate("wiki/SiteNotFound");
         exit(1);
     } else {
         $runData->setTemp("site", $site);
         //nasty global thing...
         $GLOBALS['siteId'] = $site->getSiteId();
         $GLOBALS['site'] = $site;
     }
     // set language
     $runData->setLanguage($site->getLanguage());
     $GLOBALS['lang'] = $site->getLanguage();
     // and for gettext too:
     $lang = $site->getLanguage();
     switch ($lang) {
         case 'pl':
             $glang = "pl_PL";
             break;
         case 'en':
             $glang = "en_US";
             break;
     }
     putenv("LANG={$glang}");
     putenv("LANGUAGE={$glang}");
     setlocale(LC_ALL, $glang . '.UTF-8');
     // Set the text domain as 'messages'
     $gdomain = 'messages';
     bindtextdomain($gdomain, WIKIDOT_ROOT . '/locale');
     textdomain($gdomain);
     $settings = $site->getSettings();
     // handle SSL
     $sslMode = $settings->getSslMode();
     if ($_SERVER['HTTPS']) {
         if (!$sslMode) {
             // not enabled, issue an errorr
             throw new ProcessException(_("Secure access is not enabled for this Wiki."));
         } elseif ($sslMode == "ssl_only_paranoid") {
             // use secure authentication cookie
             // i.e. change authentication scheme
             GlobalProperties::$SESSION_COOKIE_NAME = "WIKIDOT_SESSION_SECURE_ID";
             GlobalProperties::$SESSION_COOKIE_SECURE = true;
         }
     } else {
         // page accessed via http (nonsecure)
         switch ($sslMode) {
             case 'ssl':
                 //enabled, but nonsecure allowed too.
                 break;
             case 'ssl_only_paranoid':
             case 'ssl_only':
                 throw new ProcessException(_("Nonsecure access is not enabled for this Wiki."));
                 break;
         }
     }
     // handle session at the begging of procession
     $runData->handleSessionStart();
     $template = $runData->getScreenTemplate();
     $classFile = $runData->getScreenClassPath();
     $className = $runData->getScreenClassName();
     $logger->debug("processing template: " . $runData->getScreenTemplate() . ", class: {$className}");
     require_once $classFile;
     $screen = new $className();
     // screen security check
     if (!$screen->isAllowed($runData)) {
         if ($classFile == $runData->getScreenClassPath()) {
             $runData->setScreenTemplate("errors/NotAllowed");
         } else {
             // $screen->isAllowed() should set the error template!!! if not -
             // default NotAllowed is used
             // reload the class again - we do not want the unsecure screen to render!
             $classFile = $runData->getScreenClassPath();
             $className = $runData->getScreenClassName();
             $logger->debug("processing template: " . $runData->getScreenTemplate() . ", class: {$className}");
             require_once $classFile;
             $screen = new $className();
             $runData->setAction(null);
         }
     }
     // PROCESS ACTION
     $actionClass = $runData->getAction();
     $logger->debug("processing action {$actionClass}");
     while ($actionClass != null) {
         require_once PathManager::actionClass($actionClass);
         $tmpa1 = explode('/', $actionClass);
         $actionClassStripped = end($tmpa1);
         $action = new $actionClassStripped();
         $classFile = $runData->getScreenClassPath();
         if (!$action->isAllowed($runData)) {
             if ($classFile == $runData->getScreenClassPath()) {
                 $runData->setScreenTemplate("errors/NotAllowed");
             }
             // $action->isAllowed() should set the error template!!! if not -
             // default NotAllowed is used
             break;
         }
         $actionEvent = $runData->getActionEvent();
         if ($actionEvent != null) {
             $action->{$actionEvent}($runData);
             $logger->debug("processing action: {$actionClass}, event: {$actionEvent}");
         } else {
             $logger->debug("processing action: {$actionClass}");
             $action->perform($runData);
         }
         // this is in case action changes the action name so that
         // the next action can be executed.
         if ($runData->getNextAction() != null) {
             $actionClass = $runData->getNextAction();
             $runData->setAction($actionClass);
             $runData->setActionEvent($runData->getNextActionEvent());
         } else {
             $actionClass = null;
         }
     }
     // end action process
     // check if template has been changed by the action. if so...
     if ($template != $runData->getScreenTemplate) {
         $classFile = $runData->getScreenClassPath();
         $className = $runData->getScreenClassName();
         $logger->debug("processing template: " . $runData->getScreenTemplate() . ", class: {$className}");
         require_once $classFile;
         $screen = new $className();
     }
     $rendered = $screen->render($runData);
     if ($rendered != null) {
         $moduleProcessor = new ModuleProcessor($runData);
         $moduleProcessor->setJavascriptInline(true);
         // embed associated javascript files in <script> tags
         $moduleProcessor->setCssInline(true);
         $rendered = $moduleProcessor->process($rendered);
     }
     $runData->handleSessionEnd();
     // one more thing - some url will need to be rewritten if using HTTPS
     if ($_SERVER['HTTPS']) {
         // ?
         // scripts
         $rendered = preg_replace(';<script(.*?)src="http://' . GlobalProperties::$URL_HOST_PREG . '(.*?)</script>;s', '<script\\1src="https://' . GlobalProperties::$URL_HOST . '\\2</script>', $rendered);
         $rendered = preg_replace(';<link(.*?)href="http://' . GlobalProperties::$URL_HOST_PREG . '(.*?)/>;s', '<link\\1href="https://' . GlobalProperties::$URL_HOST . '\\2/>', $rendered);
         $rendered = preg_replace(';(<img\\s+.*?src=")http(://' . GlobalProperties::$URL_HOST_PREG . '(.*?)/>);s', '\\1https\\2', $rendered);
         do {
             $renderedOld = $rendered;
             $rendered = preg_replace(';(<style\\s+[^>]*>.*?@import url\\()http(://' . GlobalProperties::$URL_HOST_PREG . '.*?</style>);si', '\\1https\\2', $rendered);
         } while ($renderedOld != $rendered);
     }
     echo $rendered;
 }