public function index(SS_HTTPRequest $request) { if ($request->isPOST()) { $update = json_decode($request->getBody()); $joblog = TranscodeJob::get()->filter('JobID', (int) $update->id)->first(); // return if status already is done (some protection) if ($joblog->JobStatus !== "started") { return "Error: job status not started"; } // save full update into log object -- no, may contain passwords etc. -- well, fixed but still... //format_id // load files into appropriate relations $transcodable = $joblog->Transcodable(); $transcodable->loadTranscodedFiles(); if (count(get_object_vars($update->errors))) { $joblog->JobErrorMessage = json_encode($update->errors); $joblog->JobStatus = "error"; } else { if ($transcodable->transcodingComplete()) { // set status to done when complete... $joblog->JobErrorMessage = ""; $joblog->JobStatus = "done"; } } // write logfile $joblog->write(); } else { // this shouldn't happen return "Well hello there..."; } return "Updated"; }
/** * @param \SS_HTTPRequest $request * @return array * @throws RestSystemException * @throws RestUserException */ public function post($request) { $data = json_decode($request->getBody(), true); if (!$data) { throw new RestUserException("No data for session provided.", 401, 401); } try { $validated = \Injector::inst()->get('SessionValidator')->validate($data); $user = \Injector::inst()->get('ApiMemberAuthenticator')->authenticate($validated); $session = $user ? AuthFactory::createAuth()->createSession($user) : null; if (!$session) { throw new RestUserException("Login incorrect", 401, 401); } } catch (\ValidationException $e) { throw new RestUserException($e->getMessage(), 422, 422); } catch (RestUserException $e) { throw $e; } catch (\Exception $e) { throw new RestSystemException($e->getMessage(), $e->getCode() ?: 500); } $meta = ['timestamp' => time()]; $result = ['session' => SessionFormatter::format($session)]; $result['meta'] = $meta; return $result; }
/** * This method passes through an HTTP request to another webserver. * This proxy is used to avoid any cross domain issues. The proxy * uses a white-list of domains to minimize security risks. * * @param SS_HTTPRequest $data array of parameters * * $data['u']: URL (complete request string) * $data['no_header']: set to '1' to avoid sending header information * directly. * @return the CURL response */ public function dorequest($data) { $headers = array(); $vars = $data->requestVars(); $no_header = false; if (!isset($vars['u'])) { return "Invalid request: unknown proxy destination."; } $url = $vars['u']; if (isset($vars['no_header']) && $vars['no_header'] == '1') { $no_header = true; } $checkUrl = explode("/", $url); if (!in_array($checkUrl[2], self::get_allowed_host())) { return "Access denied to ({$url})."; } // Open the Curl session $session = curl_init($url); // If it's a POST, put the POST data in the body $isPost = $data->isPOST(); if ($isPost) { $postvars = ''; $vars = $data->getBody(); if ($vars) { $postvars = "body=" . $vars; } else { $vars = $data->postVars(); if ($vars) { foreach ($vars as $k => $v) { $postvars .= $k . '=' . $v . '&'; } } } $headers[] = 'Content-type: text/xml'; curl_setopt($session, CURLOPT_HTTPHEADER, $headers); curl_setopt($session, CURLOPT_POST, true); curl_setopt($session, CURLOPT_POSTFIELDS, $postvars); } // Don't return HTTP headers. Do return the contents of the call curl_setopt($session, CURLOPT_HEADER, false); curl_setopt($session, CURLOPT_RETURNTRANSFER, true); // Make the call $xml = curl_exec($session); // The web service returns XML. Set the Content-Type appropriately if ($no_header == false) { header("Content-Type: text/xml"); } curl_close($session); return $xml; }
public function newEventAction(SS_HTTPRequest $request) { $data = json_decode($request->getBody(), true); $eventForm = new NewEventForm($this, __FUNCTION__); $eventForm->loadDataFrom($data); if ($eventForm->validate()) { // Valid $submittedEvent = UserSubmittedEvent::create()->update($eventForm->getData()); $submittedEvent->write(); return $this->sendResponse(array('success' => true)); } else { // Invalid $errors = $eventForm->getValidator()->getErrors(); return $this->sendResponse(array('success' => false, 'errors' => $errors)); } }
/** * @param SS_HTTPRequest $request * @return array * @throws RestUserException */ public function post($request) { $data = json_decode($request->getBody(), true); if (!$data) { throw new RestUserException("No data for session provided.", 404); } try { $validated = SessionValidator::validate($data); $session = AuthFactory::createAuth()->authenticate($validated['Email'], $validated['Password']); if (!$session) { throw new RestUserException("Login incorrect", 404); } } catch (ValidationException $e) { throw new RestUserException($e->getMessage(), 404); } catch (Exception $e) { error_log($e->getMessage()); throw new RestUserException($e->getMessage(), 404); } $meta = ['timestamp' => time()]; $result = ['session' => SessionFormatter::format($session)]; $result['meta'] = $meta; return $result; }
/** * Applies edits to the file bound to this controller * * @param SS_HTTPRequest $r * @return SS_HTTPResponse */ public function handleUpdate(SS_HTTPRequest $r) { if (!$this->file->canEdit()) { return $this->httpError(403); } parse_str($r->getBody(), $vars); if (isset($vars['parentID'])) { $this->file->ParentID = $vars['parentID']; $this->file->write(); } $this->file->Title = $vars['title']; if (isset($vars['filename']) && !empty($vars['filename'])) { $this->file->Filename = $this->file->Parent()->Filename . '/' . $vars['filename']; } $this->file->write(); return $this->JSONResponse($this->buildJSON()); }
/** * @param SS_HTTPRequest $r * @return SS_HTTPResponse|void * @throws SS_HTTPResponse_Exception */ public function handleUpdatePresentation(SS_HTTPRequest $r) { if (!Member::currentUser()) { return $this->httpError(403, 'You must be logged in to vote'); } $presentation = $this->getFromFilename($r->param('ID'), 'Presentation'); if (!$presentation) { return $this->httpError(404); } if (!$presentation->Summit()->isVotingOpen()) { return $this->httpError(403, 'Voting is closed'); } $vars = Convert::json2array($r->getBody()); if (isset($vars['vote'])) { $presentation->setUserVote((int) $vars['vote']); return new SS_HTTPResponse('OK', 200); } if (isset($vars['comment'])) { if ($userVote = $presentation->getUserVote()) { $userVote->Content = $vars['comment']; $userVote->write(); return new SS_HTTPResponse('OK', 200); } return new SS_HTTPResponse('No vote found', 403); } return $this->httpError(400); }
public function handleDeleteChair(SS_HTTPRequest $r) { parse_str($r->getBody(), $vars); if (!isset($vars['chairID']) || !isset($vars['categoryID'])) { return $this->httpError(400, 'You must provide a chairID and categoryID param'); } $category = PresentationCategory::get()->byID($vars['categoryID']); $chair = SummitTrackChair::get()->byID($vars['chairID']); if (!$category) { return $this->httpError(404, 'Category not found'); } if (!$chair) { return $this->httpError(404, 'Chair not found'); } $category->TrackChairs()->remove($chair); return new SS_HTTPResponse("Chair {$chair->Member()->getName()} removed from {$category->Title}", 200); }
/** * Generates a fake request for the field * @param {SS_HTTPRequest} $request Source Request to base the fake request off of * @param {Widget} $sourceWidget Source widget * @param {string} $baseLink Base URL to be truncated off of the form * @return {SS_HTTPRequest} Fake HTTP Request used to fool the form field into thinking the request was made to it directly */ protected function getFakeRequest(SS_HTTPRequest $request, Widget $sourceWidget, $baseLink) { $fieldName = rawurldecode($request->param('FieldName')); $objID = preg_replace('/Widget\\[(.*?)\\]\\[(.*?)\\]\\[(.*?)\\]$/', '$2', $fieldName); $finalPostVars = array(); if ($request->isPOST()) { $postVars = $request->postVars(); //Pull the post data for the widget if (isset($postVars['Widget'][$this->getName()][$objID])) { $finalPostVars = $postVars['Widget'][$this->getName()][$objID]; } else { $finalPostVars = array(); } $finalPostVars = array_merge($finalPostVars, $postVars); unset($finalPostVars['Widget']); //Workaround for UploadField's and GridFields confusing the request $fields = $sourceWidget->getCMSFields(); $uploadFields = array(); $gridFields = array(); foreach ($fields as $field) { if ($field instanceof UploadField) { $uploadFields[] = $field->getName(); } else { if ($field instanceof GridField) { $gridFields[] = $field->getName(); } } } //Re-orgazine the upload field data if (count($uploadFields)) { foreach ($uploadFields as $field) { $formFieldName = 'Widget[' . $this->getName() . '][' . $objID . '][' . $field . ']'; $fieldData = array($formFieldName => array('name' => array('Uploads' => array()), 'type' => array('Uploads' => array()), 'tmp_name' => array('Uploads' => array()), 'error' => array('Uploads' => array()), 'size' => array('Uploads' => array()))); if (isset($postVars['Widget']['name'][$this->getName()][$objID][$field]['Uploads'])) { for ($i = 0; $i < count($postVars['Widget']['name'][$this->getName()][$objID][$field]['Uploads']); $i++) { $fieldData[$formFieldName]['name']['Uploads'][] = $postVars['Widget']['name'][$this->getName()][$objID][$field]['Uploads'][$i]; $fieldData[$formFieldName]['type']['Uploads'][] = $postVars['Widget']['type'][$this->getName()][$objID][$field]['Uploads'][$i]; $fieldData[$formFieldName]['tmp_name']['Uploads'][] = $postVars['Widget']['tmp_name'][$this->getName()][$objID][$field]['Uploads'][$i]; $fieldData[$formFieldName]['error']['Uploads'][] = $postVars['Widget']['error'][$this->getName()][$objID][$field]['Uploads'][$i]; $fieldData[$formFieldName]['size']['Uploads'][] = $postVars['Widget']['size'][$this->getName()][$objID][$field]['Uploads'][$i]; } } $finalPostVars = array_merge_recursive($finalPostVars, $fieldData); } } //Reorganize the gridfield data if (count($gridFields) && isset($postVars['Widget'][$this->getName()][$objID])) { foreach ($gridFields as $field) { $formFieldName = 'Widget[' . $this->getName() . '][' . $objID . '][' . $field . ']'; $fieldData = array($formFieldName => $postVars['Widget'][$this->getName()][$objID][$field]); } $finalPostVars = array_merge_recursive($finalPostVars, $fieldData); } } $headers = $request->getHeaders(); $request = new SS_HTTPRequest($_SERVER['REQUEST_METHOD'], str_replace(rtrim($baseLink, '/'), '', rtrim($request->getURL(), '/')) . '/', $request->getVars(), $finalPostVars, $request->getBody()); $request->match('$Action/$ID/$OtherID'); //Merge in the headers foreach ($headers as $header => $value) { $request->addHeader($header, $value); } return $request; }