/** * Calls a controller's method from any location. Can be used to connect controllers together * or tie plugins into a main application. requestAction can be used to return rendered views * or fetch the return value from controller actions. * * Under the hood this method uses Router::reverse() to convert the $url parameter into a string * URL. You should use URL formats that are compatible with Router::reverse() * * #### Passing POST and GET data * * POST and GET data can be simulated in requestAction. Use `$extra['url']` for * GET data. The `$extra['data']` parameter allows POST data simulation. * * @param string|array $url String or array-based url. Unlike other url arrays in CakePHP, this * url will not automatically handle passed and named arguments in the $url parameter. * @param array $extra if array includes the key "return" it sets the AutoRender to true. Can * also be used to submit GET/POST data, and named/passed arguments. * @return mixed Boolean true or false on success/failure, or contents * of rendered action if 'return' is set in $extra. */ public function requestAction($url, $extra = array()) { if (empty($url)) { return false; } App::uses('Dispatcher', 'Routing'); if (($index = array_search('return', $extra)) !== false) { $extra['return'] = 0; $extra['autoRender'] = 1; unset($extra[$index]); } if (is_array($url) && !isset($extra['url'])) { $extra['url'] = array(); } $extra = array_merge(array('autoRender' => 0, 'return' => 1, 'bare' => 1, 'requested' => 1), $extra); $data = isset($extra['data']) ? $extra['data'] : null; unset($extra['data']); if (is_string($url) && strpos($url, FULL_BASE_URL) === 0) { $url = Router::normalize(str_replace(FULL_BASE_URL, '', $url)); } if (is_string($url)) { $request = new CakeRequest($url); } elseif (is_array($url)) { $params = $url + array('pass' => array(), 'named' => array(), 'base' => false); $params = array_merge($params, $extra); $request = new CakeRequest(Router::reverse($params), false); } if (isset($data)) { $request->data = $data; } $dispatcher = new Dispatcher(); $result = $dispatcher->dispatch($request, new CakeResponse(), $extra); Router::popRequest(); return $result; }
public function beforeSave($options = array()) { if (isset($this->data[$this->alias]['url'])) { $url = Router::normalize($this->data[$this->alias]['url']); $this->data[$this->alias]['url'] = $url; } return true; }
/** * Convenience method to display a 403 page. * * @param array $params Parameters for controller * @access public */ function error403($params) { extract($params, EXTR_OVERWRITE); if (!isset($url)) { $url = $this->controller->here; } $url = Router::normalize($url); $this->controller->header("HTTP/1.0 403 Forbidden"); $this->controller->set(array('title_for_layout' => __t('Forbidden'), 'title' => __t('403 Forbidden'), 'url' => h($url))); $this->_outputMessage('error403'); }
public function forbidden($params) { extract($params, EXTR_OVERWRITE); if (!isset($url)) { $url = $this->controller->here; } $url = Router::normalize($url); $this->controller->header("HTTP/1.0 403 Forbidden"); $this->controller->set(array('code' => '403', 'name' => __('Forbidden', true), 'message' => h($url), 'base' => $this->controller->base)); $this->_outputMessage('forbidden'); }
/** * reverse a request from the params */ public static function reverseParams($request) { // it's annoying that there's no way to get a url from params unset($request['alias']); // for backwards compatibility $url = $request; unset($url['pass']); $passed = implode('/', $request['pass']); $passed = !empty($passed) ? '/' . $passed : null; unset($url['named']); $named = str_replace(array('[]', '{"', '":"', '","', '"}'), array('', '/', ':', '/', ''), json_encode($request['named'])); return Router::normalize(implode('/', $url) . $passed . $named); }
/** * Allows/denies access to the action according to the permissions * set. It only checks wheter it's a public action or controlled * access action. * * @access public * @param object $controller * @return void */ function startup(&$controller) { if (isset($controller->JjAuth)) { $allowAccess = empty($this->thisSection['permissions']) || $controller->JjAuth->can($this->thisSection['permissions']); if ($allowAccess) { $controller->JjAuth->allow($controller->params['action']); } else { if (Router::normalize($controller->here) == Router::normalize($controller->JjAuth->loginRedirect)) { $controller->JjAuth->logout(); } $controller->JjAuth->deny($controller->params['action']); } } }
/** * Log a user out. * * Returns the logout action to redirect to. Triggers the logout() method of * all the authenticate objects, so they can perform custom logout logic. * AuthComponent will remove the session data, so there is no need to do that * in an authentication object. Logging out will also renew the session id. * This helps mitigate issues with session replays. * * @return string AuthComponent::$logoutRedirect * @see AuthComponent::$logoutRedirect * @link http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#logging-users-out */ public function logout() { $this->_setDefaults(); if (empty($this->_authenticateObjects)) { $this->constructAuthenticate(); } $user = $this->user(); foreach ($this->_authenticateObjects as $auth) { $auth->logout($user); } $this->Session->delete(static::$sessionKey); $this->Session->delete('Auth.redirect'); $this->Session->renew(); return Router::normalize($this->logoutRedirect); }
/** * Convenience method to display a 500 page. * * @param array $params Parameters for controller * @access public */ function error500($params) { extract($params, EXTR_OVERWRITE); if (!isset($url)) { $url = $this->controller->here; } $url = Router::normalize($url); $this->controller->header("HTTP/1.0 500 Internal Server Error"); $this->controller->set(array( 'code' => '500', 'name' => __('An Internal Error Has Occurred', true), 'message' => h($url), 'base' => $this->controller->base )); $this->_outputMessage('error500'); }
/** * Auth Login page */ public function admin_login() { if (Configure::read('Backend.Auth.enabled') !== true) { if (isset($this->Auth)) { $this->redirect($this->Auth->loginAction); } else { $this->redirect('/'); } } $this->layout = "Backend.auth"; $defaultRedirect = Configure::read('Backend.Dashboard.url') ? Configure::read('Backend.Dashboard.url') : array('plugin' => 'backend', 'controller' => 'backend', 'action' => 'dashboard'); $redirect = false; if ($this->request->is('post')) { if (!$this->Auth->login()) { //Event Backend.Auth.onLoginFail $eventData = array('user' => $this->request->data['BackendUser'], 'ip' => $this->request->clientIp()); // $event = new CakeEvent('Backend.Controller.Auth.onLoginFail', $this, $eventData); // $this->getEventManager()->dispatch($event); $this->Session->setFlash(__d('backend', 'Login failed'), 'error', array(), 'auth'); } else { //Event Backend.Auth.onLogin $event = new CakeEvent('Backend.Controller.Auth.onLogin', $this, $this->Auth->user()); //$this->getEventManager()->dispatch($event); $this->Session->setFlash(__d('backend', 'Login successful'), 'success'); if ($this->Auth->user('lastlogin')) { $this->Session->setFlash(__d('backend', 'Last login: %s', CakeTime::timeAgoInWords($this->Auth->user('last_login'))), 'default', array(), 'auth'); } //TODO should the event result return an redirect url? if ($event->result) { $redirect = $event->result; } else { $redirect = $this->Auth->redirect(); } $redirect = Router::normalize($redirect); if ($redirect == '/' || !preg_match('/^\\/admin\\//', $redirect) || $redirect == '/admin/backend') { $redirect = $defaultRedirect; } $this->redirect($redirect); } } elseif ($this->Auth->user()) { $redirect = $this->referer($defaultRedirect, true); $this->redirect($redirect); } $this->set(compact('redirect')); }
public function beforeRender($viewFile) { if (isset($this->request->params['admin'])) { return; } $url = Router::normalize($this->request->url); $Url = ClassRegistry::init('Seolite.SeoLiteUrl'); $data = $Url->find('first', array('fields' => array('id', 'url'), 'recursive' => -1, 'contain' => 'Meta', 'conditions' => array('url' => $url, 'status' => true), 'cache' => array('name' => 'urlmeta_' . Inflector::slug($url), 'config' => 'seo_lite'))); if (isset($data['CustomFields'])) { $metas = array(); foreach ($data['CustomFields'] as $key => $value) { if (strpos($key, 'meta_') !== false) { $metas[str_replace('meta_', '', $key)] = $value; } } Configure::write('Meta', $metas); } }
function redirect($url = null) { // if (!is_null($url)) { // $redir = $url; // $this->Session->write('Auth.redirect', $redir); // } elseif ($this->Session->check('Auth.redirect')) { // $redir = $this->Session->read('Auth.redirect'); // $this->Session->delete('Auth.redirect'); // // if (Router::normalize($redir) == Router::normalize($this->loginAction)) { // $redir = $this->loginRedirect; // } // } else { // $redir = $this->loginRedirect; // } $this->successedRedirect = array(Configure::read('Routing.admin') => true, 'controller' => 'dashboard', 'action' => 'index'); // var_dump($this->successedRedirect); return Router::normalize($this->successedRedirect); }
/** * check method * * If they're trying to logout - delete the remember me cookie if it exists and disable further processing * If there's already a user logged in, there's nothing this component needs to do so disable the component * Else check for cookie data, and attempt to log in if found * * @return void * @access public */ function check() { if (!isset($this->Controller)) { return; } $url = Router::normalize($this->Controller->params['url']); if ($url === Router::normalize($this->settings['auth']['logoutAction'])) { $this->Controller->Auth->logout(); $this->_cookieDestroy(); $this->log('Disabling - logging out'); $this->enabled = false; return; } if ($this->__authUserId) { $this->log('Disabling - User already logged in'); $this->enabled = false; return; } if ($this->Auth->Session->started() && $this->_cookieAuth()) { $this->log('Disabling - Nothing else to do'); $this->enabled = false; return; } if ($url === Router::normalize($this->settings['auth']['loginAction'])) { $this->enabled = true; return; } $this->enabled = false; }
/** * Test the user login * * @return void */ public function testUserLogin() { $this->Users->request->params['action'] = 'login'; $this->__setPost(array('User' => $this->usersData['admin'])); $this->Users->request->url = '/users/users/login'; $this->Collection = $this->getMock('ComponentCollection'); $this->Users->Auth = $this->getMock('AuthComponent', array('login', 'user', 'redirect'), array($this->Collection)); $this->Users->Auth->expects($this->once())->method('login')->will($this->returnValue(true)); $this->Users->Auth->staticExpects($this->at(0))->method('user')->with('id')->will($this->returnValue(1)); $this->Users->Auth->staticExpects($this->at(1))->method('user')->with('username')->will($this->returnValue('adminuser')); $this->Users->Auth->expects($this->once())->method('redirect')->with(null)->will($this->returnValue(Router::normalize('/'))); $this->Users->Session = $this->getMock('SessionComponent', array('setFlash'), array($this->Collection)); $this->Users->Session->expects($this->any())->method('setFlash')->with(__d('users', 'adminuser you have successfully logged in')); $this->Users->RememberMe = $this->getMock('RememberMeComponent', array(), array($this->Collection)); $this->Users->RememberMe->expects($this->any())->method('destroyCookie'); $this->Users->login(); $this->assertEqual(Router::normalize($this->Users->redirectUrl), Router::normalize(Router::url($this->Users->Auth->loginRedirect))); }
/** * testLoginRedirect method * * @access public * @return void */ function testLoginRedirect() { if (isset($_SERVER['HTTP_REFERER'])) { $backup = $_SERVER['HTTP_REFERER']; } else { $backup = null; } $_SERVER['HTTP_REFERER'] = false; $this->Controller->Session->write('Auth', array('AuthUser' => array('id' => '1', 'username' => 'nate'))); $this->Controller->params = Router::parse('users/login'); $this->Controller->params['url']['url'] = 'users/login'; $this->Controller->Auth->initialize($this->Controller); $this->Controller->Auth->userModel = 'AuthUser'; $this->Controller->Auth->loginRedirect = array('controller' => 'pages', 'action' => 'display', 'welcome'); $this->Controller->Auth->startup($this->Controller); $expected = Router::normalize($this->Controller->Auth->loginRedirect); $this->assertEqual($expected, $this->Controller->Auth->redirect()); $this->Controller->Session->del('Auth'); $this->Controller->params['url']['url'] = 'admin/'; $this->Controller->Auth->initialize($this->Controller); $this->Controller->Auth->userModel = 'AuthUser'; $this->Controller->Auth->loginRedirect = null; $this->Controller->Auth->startup($this->Controller); $expected = Router::normalize('admin/'); $this->assertTrue($this->Controller->Session->check('Message.auth')); $this->assertEqual($expected, $this->Controller->Auth->redirect()); $this->Controller->Session->del('Auth'); //empty referer no session $_SERVER['HTTP_REFERER'] = false; $_ENV['HTTP_REFERER'] = false; putenv('HTTP_REFERER='); $url = '/posts/view/1'; $this->Controller->Session->write('Auth', array('AuthUser' => array('id' => '1', 'username' => 'nate'))); $this->Controller->testUrl = null; $this->Controller->params = Router::parse($url); array_push($this->Controller->methods, 'view', 'edit', 'index'); $this->Controller->Auth->initialize($this->Controller); $this->Controller->Auth->authorize = 'controller'; $this->Controller->params['testControllerAuth'] = true; $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); $this->Controller->Auth->userModel = 'AuthUser'; $this->Controller->Auth->startup($this->Controller); $expected = Router::normalize('/'); $this->assertEqual($expected, $this->Controller->testUrl); $this->Controller->Session->del('Auth'); $_SERVER['HTTP_REFERER'] = Router::url('/admin/', true); $this->Controller->Session->write('Auth', array('AuthUser' => array('id' => '1', 'username' => 'nate'))); $this->Controller->params['url']['url'] = 'auth_test/login'; $this->Controller->Auth->initialize($this->Controller); $this->Controller->Auth->loginAction = 'auth_test/login'; $this->Controller->Auth->userModel = 'AuthUser'; $this->Controller->Auth->loginRedirect = false; $this->Controller->Auth->startup($this->Controller); $expected = Router::normalize('/admin'); $this->assertEqual($expected, $this->Controller->Auth->redirect()); //Ticket #4750 //named params $this->Controller->Session->del('Auth'); $url = '/posts/index/year:2008/month:feb'; $this->Controller->params = Router::parse($url); $this->Controller->params['url']['url'] = Router::normalize($url); $this->Controller->Auth->initialize($this->Controller); $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); $this->Controller->Auth->userModel = 'AuthUser'; $this->Controller->Auth->startup($this->Controller); $expected = Router::normalize('posts/index/year:2008/month:feb'); $this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect')); //passed args $this->Controller->Session->del('Auth'); $url = '/posts/view/1'; $this->Controller->params = Router::parse($url); $this->Controller->params['url']['url'] = Router::normalize($url); $this->Controller->Auth->initialize($this->Controller); $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); $this->Controller->Auth->userModel = 'AuthUser'; $this->Controller->Auth->startup($this->Controller); $expected = Router::normalize('posts/view/1'); $this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect')); // QueryString parameters $this->Controller->Session->del('Auth'); $url = '/posts/index/29?print=true&refer=menu'; $this->Controller->params = Router::parse($url); $this->Controller->params['url']['url'] = Router::normalize($url); $this->Controller->Auth->initialize($this->Controller); $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); $this->Controller->Auth->userModel = 'AuthUser'; $this->Controller->Auth->startup($this->Controller); $expected = Router::normalize('posts/index/29?print=true&refer=menu'); $this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect')); //external authed action $_SERVER['HTTP_REFERER'] = 'http://webmail.example.com/view/message'; $this->Controller->Session->del('Auth'); $url = '/posts/edit/1'; $this->Controller->params = Router::parse($url); $this->Controller->params['url']['url'] = Router::normalize($url); $this->Controller->Auth->initialize($this->Controller); $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); $this->Controller->Auth->userModel = 'AuthUser'; $this->Controller->Auth->startup($this->Controller); $expected = Router::normalize('/posts/edit/1'); $this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect')); //external direct login link $_SERVER['HTTP_REFERER'] = 'http://webmail.example.com/view/message'; $this->Controller->Session->del('Auth'); $url = '/AuthTest/login'; $this->Controller->params = Router::parse($url); $this->Controller->params['url']['url'] = Router::normalize($url); $this->Controller->Auth->initialize($this->Controller); $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); $this->Controller->Auth->userModel = 'AuthUser'; $this->Controller->Auth->startup($this->Controller); $expected = Router::normalize('/'); $this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect')); $_SERVER['HTTP_REFERER'] = $backup; $this->Controller->Session->del('Auth'); }
/** * test that the returned URL doesn't contain the base URL. * * @see https://cakephp.lighthouseapp.com/projects/42648/tickets/3922-authcomponentredirecturl-prepends-appbaseurl * * @return void This test method doesn't return anything. */ public function testRedirectUrlWithBaseSet() { $App = Configure::read('App'); Configure::write('App', array('dir' => APP_DIR, 'webroot' => WEBROOT_DIR, 'base' => false, 'baseUrl' => '/cake/index.php')); $url = '/users/login'; $this->Auth->request = $this->Controller->request = new CakeRequest($url); $this->Auth->request->addParams(Router::parse($url)); $this->Auth->request->url = Router::normalize($url); Router::setRequestInfo($this->Auth->request); $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login'); $this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'home'); $result = $this->Auth->redirectUrl(); $this->assertEquals('/users/home', $result); $this->assertFalse($this->Auth->Session->check('Auth.redirect')); Configure::write('App', $App); Router::reload(); }
/** * beforeFilter後の動作 * @param AppController $controller */ function startup(&$controller) { $oauthStartAction = false; if (isset($this->autoStartAction['oauthStart'])) { $oauthStartAction = $this->autoStartAction['oauthStart']; } $oauthCallbackAction = false; if (isset($this->autoStartAction['oauthCallback'])) { $oauthCallbackAction = $this->autoStartAction['oauthCallback']; } if (!$oauthCallbackAction && !$oauthStartAction) { return true; } $url = ''; if (isset($controller->params['url']['url'])) { $url = Router::normalize($controller->params['url']['url']); } switch ($url) { case $oauthStartAction: $this->oauthStart(); break; case $oauthCallbackAction: $this->oauthCallback(); break; } }
function authorize_twitter() { if (!App::import('Lib', 'tmh_oauth')) { $this->Session->setFlash(sprintf(__('Failed to load the %s library! Contact your system administrator.', true), 'Twitter OAuth'), 'default', array('class' => 'error')); $this->redirect(array('action' => 'preferences')); } define('__DIR__', ROOT . DS . APP_DIR . DS . 'libs'); $tmhOAuth = new tmhOAuth(array('consumer_key' => Configure::read('twitter.consumer_key'), 'consumer_secret' => Configure::read('twitter.consumer_secret'))); if (!empty($this->params['url']['oauth_token'])) { $response = $this->Session->read('Twitter.response'); $this->Session->delete('Twitter.response'); if ($this->params['url']['oauth_token'] !== $response['oauth_token']) { $this->Session->setFlash(__('The oauth token you started with doesn\'t match the one you\'ve been redirected with. Do you have multiple tabs open?', true), 'default', array('class' => 'warning')); $this->redirect(array('action' => 'preferences')); } if (!isset($this->params['url']['oauth_verifier'])) { $this->Session->setFlash(__('The oauth verifier is missing so we cannot continue. Did you deny the appliction access?', true), 'default', array('class' => 'warning')); $this->redirect(array('action' => 'preferences')); } // Update with the temporary token and secret $tmhOAuth->reconfigure(array_merge($tmhOAuth->config, array('token' => $response['oauth_token'], 'secret' => $response['oauth_token_secret']))); $code = $tmhOAuth->user_request(array('method' => 'POST', 'url' => $tmhOAuth->url('oauth/access_token', ''), 'params' => array('oauth_verifier' => trim($this->params['url']['oauth_verifier'])))); if ($code == 200) { $oauth_creds = $tmhOAuth->extract_params($tmhOAuth->response['response']); if ($this->Person->updateAll(array('twitter_token' => "'{$oauth_creds['oauth_token']}'", 'twitter_secret' => "'{$oauth_creds['oauth_token_secret']}'"), array('Person.id' => $this->UserCache->currentId()))) { $this->Session->setFlash(sprintf(__('Your Twitter authorization has been completed. You can always revoke this at any time through the preferences page.', true), __('person', true)), 'default', array('class' => 'success')); } else { $this->Session->setFlash(sprintf(__('Twitter authorization was received, but the database failed to update.', true), __('person', true)), 'default', array('class' => 'warning')); } } else { $this->Session->setFlash(__('There was an error communicating with Twitter.', true) . ' ' . $tmhOAuth->response['response'], 'default', array('class' => 'warning')); } $this->redirect(array('action' => 'preferences')); } else { $code = $tmhOAuth->apponly_request(array('without_bearer' => true, 'method' => 'POST', 'url' => $tmhOAuth->url('oauth/request_token', ''), 'params' => array('oauth_callback' => Router::url(Router::normalize($this->here), true)))); if ($code != 200) { $this->Session->setFlash(__('There was an error communicating with Twitter.', true) . ' ' . $tmhOAuth->response['response'], 'default', array('class' => 'warning')); $this->redirect(array('action' => 'preferences')); } // store the params into the session so they are there when we come back after the redirect $response = $tmhOAuth->extract_params($tmhOAuth->response['response']); // check the callback has been confirmed if ($response['oauth_callback_confirmed'] !== 'true') { $this->Session->setFlash(__('The callback was not confirmed by Twitter so we cannot continue.', true) . ' ' . $tmhOAuth->response['response'], 'default', array('class' => 'warning')); $this->redirect(array('action' => 'preferences')); } else { $this->Session->write('Twitter.response', $response); $this->redirect($tmhOAuth->url('oauth/authorize', '') . "?oauth_token={$response['oauth_token']}"); } } }
$ratings_newest = BRequest::getVar('s') == 'r' && BRequest::getVar('r') == 'n' ? 'active' : ''; $ratings_oldest = BRequest::getVar('s') == 'r' && BRequest::getVar('r') == 'o' && !BRequest::getVar('p', false) ? 'active' : ''; $ratings_rating = BRequest::getVar('s') == 'r' && !BRequest::getVar('r', false) ? 'active' : ''; $ratings_like = BRequest::getVar('s') == 'l' && BRequest::getVar('r') == 'o' ? 'active' : ''; $hight_low = BRequest::getVar('p') == 'h' && BRequest::getVar('s') == 'r' && BRequest::getVar('r') == 'o' ? 'active' : ''; $querystring = array(); $querystring['s'] = BRequest::getVar('s'); $querystring['p'] = BRequest::getVar('p'); $querystring['r'] = BRequest::getVar('r'); $parts = explode('?', $_SERVER['REQUEST_URI']); $uri = $parts[0]; ?> <div class="index_filters"> <div style="width:80px;height:30px;position:relative;float:left;"> </div> <div class="filters_buttons"> <div class="filter_button fbl"><a href="<?php $querystring['ppage'] = BRequest::getInt('ppage') - 1; echo Router::normalize($uri, $querystring); ?> ">Previous</a></div> <div class="filter_button fbr"><a href="<?php $querystring['ppage'] = BRequest::getInt('ppage') + 1; echo Router::normalize($uri, $querystring); ?> ">Next</a></div> </div> </div>
/** * 認証完了後処理 * * @return boolean */ function isAuthorized() { $requestedPrefix = ''; $authPrefix = $this->getAuthPreifx($this->AuthEx->user('name')); if (!$authPrefix) { // 1.6.8 以下の場合は authPrefix が取得できないので true を返して終了 return true; } if (!empty($this->params['prefix'])) { $requestedPrefix = $this->params['prefix']; } if ($requestedPrefix && $requestedPrefix != $authPrefix) { // 許可されていないプレフィックスへのアクセスの場合、認証できなかったものとする $ref = $this->referer(); $loginAction = Router::normalize($this->AuthEx->loginAction); if ($ref == $loginAction) { $this->Session->delete('Auth.User'); $this->Session->delete('Message.flash'); $this->AuthEx->authError = $this->AuthEx->loginError; return false; } else { $this->Session->setFlash('指定されたページへのアクセスは許可されていません。'); $this->redirect($ref); return; } } return true; }
/** * create method * * Default the form to the current url. add a hidden field for the referer * * @param mixed $model * @param array $options * @return void * @access public */ public function create($model = null, $options = array()) { if (!isset($options['url']) && !isset($options['action'])) { $options['url'] = '/' . ltrim($this->params['url']['url'], '/'); } if (!empty($options['url'])) { $getParams = array_diff_key($this->params['url'], array('ext' => true, 'url' => true)); if ($getParams) { if (is_string($options['url'])) { $options['url'] .= '?' . http_build_query($getParams); } else { $options['url']['?'] = $getParams; } } } $return = parent::create($model, $options); if (!empty($options['noReferer'])) { return $return; } if (!empty($this->data['App']['referer'])) { $referer = $this->data['App']['referer']; } else { $referer = $this->Session->read('referer'); if (!$referer) { $referer = AppController::referer('/', true); if (Router::normalize($referer) == Router::normalize(array('admin' => false, 'controller' => 'users', 'action' => 'login'))) { $referer = '/'; } } } $referer = $this->hidden('App.referer', array('default' => $referer)); if (strpos('fieldset', $return)) { return preg_replace('#</fieldset>#', $referer . '</fieldset>', $return); } return $return . '<div style="display:none;">' . $referer . '</div>'; }
/** * Convenience method to display a 404 page. * * @param array $params Parameters for controller * @access public */ function error404($params) { extract($params, EXTR_OVERWRITE); if (!isset($url)) { $url = $this->controller->here; } $url = Router::normalize($url); header("HTTP/1.0 404 Not Found"); $this->controller->set(array('code' => '404', 'name' => __('Not Found', true), 'message' => h($url), 'base' => $this->controller->base)); $this->_outputMessage('error404'); }
/** * Test allowed actions (via startup().) * * @return void */ public function testAllowedActionsSetWithAllowMethod() { $url = '/auth_test/action_name'; $this->Controller->request->addParams(Router::parse($url)); $this->Controller->request->query['url'] = Router::normalize($url); $this->Component->initialize($this->Controller); $this->Component->allow('action_name', 'anotherAction'); $this->assertEquals(array('action_name', 'anotherAction'), $this->Component->allowedActions); }
/** * If no parameter is passed, gets the authentication redirect URL. * * @param mixed $url Optional URL to write as the login redirect URL. * @return string Redirect URL * @access public */ function redirect($url = null) { if (!is_null($url)) { $redir = $url; $this->Session->write('Auth.redirect', $redir); } elseif ($this->Session->check('Auth.redirect')) { $redir = $this->Session->read('Auth.redirect'); $this->Session->delete('Auth.redirect'); if (Router::normalize($redir) == Router::normalize($this->loginAction)) { $redir = $this->loginRedirect; } } else { $redir = $this->loginRedirect; } return Router::normalize($redir); }
/** * testLoginRedirect method * * @return void */ public function testLoginRedirect() { $_SERVER['HTTP_REFERER'] = false; $_ENV['HTTP_REFERER'] = false; putenv('HTTP_REFERER='); $this->Auth->Session->write('Auth', array('AuthUser' => array('id' => '1', 'username' => 'nate'))); $this->Auth->request->addParams(Router::parse('users/login')); $this->Auth->request->url = 'users/login'; $this->Auth->initialize($this->Controller); $this->Auth->loginRedirect = array('controller' => 'pages', 'action' => 'display', 'welcome'); $this->Auth->startup($this->Controller); $expected = Router::normalize($this->Auth->loginRedirect); $this->assertEquals($expected, $this->Auth->redirect()); $this->Auth->Session->delete('Auth'); // empty referer no session $_SERVER['HTTP_REFERER'] = false; $_ENV['HTTP_REFERER'] = false; putenv('HTTP_REFERER='); $url = '/posts/view/1'; $this->Auth->Session->write('Auth', array('AuthUser' => array('id' => '1', 'username' => 'nate'))); $this->Controller->testUrl = null; $this->Auth->request->addParams(Router::parse($url)); array_push($this->Controller->methods, 'view', 'edit', 'index'); $this->Auth->initialize($this->Controller); $this->Auth->authorize = 'controller'; $this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); $this->Auth->startup($this->Controller); $expected = Router::normalize('/AuthTest/login'); $this->assertEquals($expected, $this->Controller->testUrl); $this->Auth->Session->delete('Auth'); $_SERVER['HTTP_REFERER'] = $_ENV['HTTP_REFERER'] = Router::url('/admin', true); $this->Auth->Session->write('Auth', array('AuthUser' => array('id' => '1', 'username' => 'nate'))); $this->Auth->request->params['action'] = 'login'; $this->Auth->request->url = 'auth_test/login'; $this->Auth->initialize($this->Controller); $this->Auth->loginAction = 'auth_test/login'; $this->Auth->loginRedirect = false; $this->Auth->startup($this->Controller); $expected = Router::normalize('/admin'); $this->assertEquals($expected, $this->Auth->redirect()); // Ticket #4750 // Named Parameters $this->Controller->request = $this->Auth->request; $this->Auth->Session->delete('Auth'); $url = '/posts/index/year:2008/month:feb'; $this->Auth->request->addParams(Router::parse($url)); $this->Auth->request->url = $this->Auth->request->here = Router::normalize($url); $this->Auth->initialize($this->Controller); $this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); $this->Auth->startup($this->Controller); $expected = Router::normalize('posts/index/year:2008/month:feb'); $this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect')); // Passed Arguments $this->Auth->Session->delete('Auth'); $url = '/posts/view/1'; $this->Auth->request->addParams(Router::parse($url)); $this->Auth->request->url = $this->Auth->request->here = Router::normalize($url); $this->Auth->initialize($this->Controller); $this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); $this->Auth->startup($this->Controller); $expected = Router::normalize('posts/view/1'); $this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect')); // QueryString parameters $_back = $_GET; $_GET = array('print' => 'true', 'refer' => 'menu'); $this->Auth->Session->delete('Auth'); $url = '/posts/index/29'; $this->Auth->request->addParams(Router::parse($url)); $this->Auth->request->url = $this->Auth->request->here = Router::normalize($url); $this->Auth->request->query = $_GET; $this->Auth->initialize($this->Controller); $this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); $this->Auth->startup($this->Controller); $expected = Router::normalize('posts/index/29?print=true&refer=menu'); $this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect')); $_GET = $_back; // External Authed Action $_SERVER['HTTP_REFERER'] = 'http://webmail.example.com/view/message'; $this->Auth->Session->delete('Auth'); $url = '/posts/edit/1'; $request = new CakeRequest($url); $request->query = array(); $this->Auth->request = $this->Controller->request = $request; $this->Auth->request->addParams(Router::parse($url)); $this->Auth->request->url = $this->Auth->request->here = Router::normalize($url); $this->Auth->initialize($this->Controller); $this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); $this->Auth->startup($this->Controller); $expected = Router::normalize('/posts/edit/1'); $this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect')); // External Direct Login Link $_SERVER['HTTP_REFERER'] = 'http://webmail.example.com/view/message'; $this->Auth->Session->delete('Auth'); $url = '/AuthTest/login'; $this->Auth->request = $this->Controller->request = new CakeRequest($url); $this->Auth->request->addParams(Router::parse($url)); $this->Auth->request->url = Router::normalize($url); $this->Auth->initialize($this->Controller); $this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); $this->Auth->startup($this->Controller); $expected = Router::normalize('/'); $this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect')); $this->Auth->Session->delete('Auth'); }
/** * Startup * * @param object Controller instance * @return void */ public function startUp(Controller $Controller) { if (in_array($Controller->action, $this->actions)) { if (empty($Controller->request->data) && $Controller->Session->check($this->sessionPath)) { if ($this->directPost == true) { $Controller->request->data = $Controller->Session->read($this->sessionPath); $Controller->Session->delete($this->sessionPath); } } elseif (!empty($Controller->request->data) && !$Controller->Auth->user()) { $this->preserve($Controller->request->data); if (empty($this->loginAction) && !empty($Controller->Auth->loginAction)) { $this->loginAction = $Controller->Auth->loginAction; if (!empty($this->redirectMessage)) { $Controller->Session->setFlash($this->redirectMessage); } // Code from AuthComponent to store the redirect url so the user get redirected // to the correct location after a successful login if (isset($Controller->Auth)) { $url = ''; if (isset($Controller->params['url']['url'])) { $url = $Controller->params['url']['url']; } $url = Router::normalize($url); if (!empty($Controller->params['url']) && count($Controller->params['url']) >= 2) { $query = $Controller->params['url']; unset($query['url'], $query['ext']); $url .= Router::queryString($query, array()); } $this->Session->write('Auth.redirect', $url); } $Controller->redirect($this->loginAction); } } } }
/** * Test the user login * * @return void */ public function testUserLogin() { $this->Users->request->params['action'] = 'login'; $this->Users->startupProcess(); $this->__setPost(array('User' => $this->usersData['admin'])); $this->Users->request->url = '/users/users/login'; $this->Users->startupProcess(); $this->Users->login(); $result = $this->Users->Session->read('Message.flash.message'); $expected = __d('users', 'adminuser you have successfully logged in'); $this->assertEqual($result, $expected); $this->assertEqual(Router::normalize($this->Users->redirectUrl), Router::normalize(Router::url($this->Users->Auth->loginRedirect))); }
/** * Get the URL a user should be redirected to upon login. * * Pass a URL in to set the destination a user should be redirected to upon * logging in. * * If no parameter is passed, gets the authentication redirect URL. The URL * returned is as per following rules: * * - Returns the normalized URL from session Auth.redirect value if it is * present and for the same domain the current app is running on. * - If there is no session value and there is a $loginRedirect, the $loginRedirect * value is returned. * - If there is no session and no $loginRedirect, / is returned. * * @param string|array $url Optional URL to write as the login redirect URL. * @return string Redirect URL */ public function redirectUrl($url = null) { if ($url !== null) { $redir = $url; $this->Session->write('Auth.redirect', $redir); } elseif ($this->Session->check('Auth.redirect')) { $redir = $this->Session->read('Auth.redirect'); $this->Session->delete('Auth.redirect'); if (Router::normalize($redir) === Router::normalize($this->loginAction)) { $redir = $this->loginRedirect; } } elseif ($this->loginRedirect) { $redir = $this->loginRedirect; } else { $redir = '/'; } if (is_array($redir)) { return Router::url($redir + array('base' => false)); } return $redir; }
/** * Main execution method. Handles redirecting of invalid users, and processing * of login form data. * * @param object $controller A reference to the instantiating controller object * @return boolean * @access public */ function startup(&$controller) { $methods = array_flip($controller->methods); $isErrorOrTests = strtolower($controller->name) == 'cakeerror' || strtolower($controller->name) == 'tests' && Configure::read() > 0; if ($isErrorOrTests) { return true; } $isMissingAction = $controller->scaffold === false && !isset($methods[strtolower($controller->params['action'])]); if ($isMissingAction) { return true; } if (!$this->__setDefaults()) { return false; } $url = ''; if (isset($controller->params['url']['url'])) { $url = $controller->params['url']['url']; } $url = Router::normalize($url); $loginAction = Router::normalize($this->loginAction); $isAllowed = $this->allowedActions == array('*') || in_array($controller->params['action'], $this->allowedActions); if ($loginAction != $url && $isAllowed) { return true; } //get model registered $this->ldap = $this->getModel($this->userModel); # get global settings $settings = $this->CommonTasks->getGlobalSettings(); if ($loginAction == $url) { if (empty($controller->data) || !isset($controller->data[$this->userModel])) { if (!$this->Session->check('Auth.redirect') && env('HTTP_REFERER')) { $this->Session->write('Auth.redirect', $controller->referer(null, true)); } return false; } $isValid = !empty($controller->data[$this->userModel][$this->fields['username']]) && !empty($controller->data[$this->userModel][$this->fields['password']]); if ($isValid) { $username = $controller->data[$this->userModel][$this->fields['username']]; $password = $controller->data[$this->userModel][$this->fields['password']]; if ($settings['auth_method_' . $this->userModel] == "ldap") { $this->log("Using ldap auth", "debug"); //pr("Using ldap auth..."); if ($this->login($username, $password)) { if ($this->autoRedirect) { $controller->redirect($this->redirect(), null, true); } return true; } } else { $this->log("Using internal auth", "debug"); //pr("Using internal auth..."); //pr($controller->data); // hash password $data = $this->hashPasswords($controller->data); $username = $data[$this->userModel]['username']; $password = $data[$this->userModel]['password']; $data = array($this->userModel . '.' . $this->fields['username'] => $username, $this->userModel . '.' . $this->fields['password'] => $password); //pr($data); if (parent::login($data)) { if ($this->autoRedirect) { $controller->redirect($this->redirect(), null, true); } return true; } } } $this->Session->setFlash($this->loginError, 'default', array(), 'auth'); $controller->data[$this->userModel][$this->fields['password']] = null; return false; } else { if (!$this->user()) { if (!$this->RequestHandler->isAjax()) { $this->Session->setFlash($this->authError, 'default', array(), 'auth'); $this->Session->write('Auth.redirect', $url); $controller->redirect($loginAction); return false; } elseif (!empty($this->ajaxLogin)) { $controller->viewPath = 'elements'; echo $controller->render($this->ajaxLogin, $this->RequestHandler->ajaxLayout); $this->_stop(); return false; } else { $controller->redirect(null, 403); } } } if (!$this->authorize) { return true; } extract($this->__authType()); switch ($type) { case 'controller': $this->object =& $controller; break; case 'crud': case 'actions': if (isset($controller->Acl)) { $this->Acl =& $controller->Acl; } else { $err = 'Could not find AclComponent. Please include Acl in '; $err .= 'Controller::$components.'; trigger_error(__($err, true), E_USER_WARNING); } break; case 'model': if (!isset($object)) { $hasModel = isset($controller->{$controller->modelClass}) && is_object($controller->{$controller->modelClass}); $isUses = !empty($controller->uses) && isset($controller->{$controller->uses[0]}) && is_object($controller->{$controller->uses[0]}); if ($hasModel) { $object = $controller->modelClass; } elseif ($isUses) { $object = $controller->uses[0]; } } $type = array('model' => $object); break; } if ($this->isAuthorized($type)) { return true; } $this->Session->setFlash($this->authError, 'default', array(), 'auth'); $controller->redirect($controller->referer(), null, true); return false; }
/** * testUrlNormalization method * * @access public * @return void */ function testUrlNormalization() { $expected = '/users/logout'; $result = Router::normalize('/users/logout/'); $this->assertEqual($result, $expected); $result = Router::normalize('//users//logout//'); $this->assertEqual($result, $expected); $result = Router::normalize('users/logout'); $this->assertEqual($result, $expected); $result = Router::normalize(array('controller' => 'users', 'action' => 'logout')); $this->assertEqual($result, $expected); $result = Router::normalize('/'); $this->assertEqual($result, '/'); $result = Router::normalize('http://google.com/'); $this->assertEqual($result, 'http://google.com/'); $result = Router::normalize('http://google.com//'); $this->assertEqual($result, 'http://google.com//'); $result = Router::normalize('/users/login/scope://foo'); $this->assertEqual($result, '/users/login/scope:/foo'); $result = Router::normalize('/recipe/recipes/add'); $this->assertEqual($result, '/recipe/recipes/add'); Router::setRequestInfo(array(array(), array('base' => '/us'))); $result = Router::normalize('/us/users/logout/'); $this->assertEqual($result, '/users/logout'); Router::reload(); Router::setRequestInfo(array(array(), array('base' => '/cake_12'))); $result = Router::normalize('/cake_12/users/logout/'); $this->assertEqual($result, '/users/logout'); Router::reload(); $_back = Configure::read('App.baseUrl'); Configure::write('App.baseUrl', '/'); Router::setRequestInfo(array(array(), array('base' => '/'))); $result = Router::normalize('users/login'); $this->assertEqual($result, '/users/login'); Configure::write('App.baseUrl', $_back); Router::reload(); Router::setRequestInfo(array(array(), array('base' => 'beer'))); $result = Router::normalize('beer/admin/beers_tags/add'); $this->assertEqual($result, '/admin/beers_tags/add'); $result = Router::normalize('/admin/beers_tags/add'); $this->assertEqual($result, '/admin/beers_tags/add'); }
/** * setHere method * * Used internally to detect whether the current menu item links to the page currently * being rendered and modify the url if appropriate * * @param mixed $section * @param mixed $url * @param mixed $activeMode * @param mixed $hereMode * @access private * @return array($here, $markActive, $url) */ function __setHere($section, $url, $key, $activeMode, $hereMode, $options) { $view =& ClassRegistry::getObject('view'); if (isset($this->settings[$section]['hereKey']) || !$view) { return array(false, false, $url); } $here = $markActive = false; if (!empty($options['markActive'])) { $here = true; } elseif ($activeMode == 'url' && Router::normalize($url) == $this->__here) { $here = true; } elseif (is_array($url) && (!isset($url['controller']) || Inflector::underscore($url['controller']) == Inflector::underscore($view->name))) { if ($activeMode == 'controller') { $here = true; } elseif ($activeMode == 'action' && (!isset($url['action']) || $url['action'] == Inflector::underscore($view->action))) { $here = true; } } if ($here) { $this->settings[$section]['hereKey'] = $key; if ($hereMode == 'text') { $url = false; } elseif ($hereMode == 'active') { $markActive = true; } } if ($here && $hereMode == 'active') { $this->Tree->addItemAttribute('class', 'active'); if (isset($htmlAttributes['class'])) { $htmlAttributes['class'] .= ' active'; } else { $htmlAttributes['class'] = 'active'; } } return array($here, $markActive, $url); }