/** * Accept the last modified time of resource. * * The constructor for this class accepts The (local) time at which the * data that is being served was last modified. * * @param int $last_modified local time at which resource was last modified * @param T_Response_Filter $filter The prior filter object */ function __construct($last_modified, T_Environment $env, T_Response_Filter $filter = null) { parent::__construct($filter); $this->lm = (int) $last_modified; $server = $env->input('SERVER'); $this->server = $server ? $server : new T_Cage_Array(array()); }
/** * Create cookie auth driver. * * @param T_Db $db * @param T_Environment $env * @param string $key cookie name */ function __construct(T_Db $db, T_Environment $env, $key = 'auth') { $this->key = $key; $this->db = $db; $this->cookie = $env->input('COOKIE'); if (!$this->cookie) { throw new InvalidArgumentException("No COOKIE available in environment"); } }
/** * Create IP hammer lock protection. * * @param T_Db $db * @param T_Environment $env * @param int $threshold consecutive login failures before lock applied * @param int $lock_duration length of a lockdown in seconds */ function __construct(T_Db $db, T_Environment $env, $threshold = 15, $lock_duration = 3600) { $this->db = $db; $this->threshold = $threshold; $this->duration = $lock_duration; // parse out IP address. $s = $env->input('SERVER'); if ($s && $s->exists('REMOTE_ADDR')) { $this->ip = $s->asScalar('REMOTE_ADDR')->filter('ip2long')->uncage(); } }
/** * Pre-filter validates the form. * * @param T_Response $response encapsulated response to filter */ protected function doPreFilter(T_Response $response) { if ($this->form->isSubmitted($get = $this->env->input('GET'))) { $this->form->validate($get); } }
/** * Is the request an Ajax request? * * @return bool */ function isAjax() { return $this->env->isAjax(); }
/** * Pre-filter actions any submission, or prepares the form. * * @param T_Response $response encapsulated response to filter */ protected function doPreFilter(T_Response $response) { $t_field = $this->form->getAlias() . '_timeout'; $l_field = $this->form->getAlias() . '_thread_lock'; $s_field = $this->form->getAlias() . '_salt'; // prepare form: // (a) add thread lock if required // (b) add timeout $timeout = new T_Form_Hidden($t_field, $this->timeout + time()); $this->form->addChild($timeout); if ($this->lock_to) { $lock_to = new T_Form_Hidden($l_field, $this->lock_to); $this->form->addChild($lock_to); } // process form if is POST: if ($this->env->isMethod('POST')) { try { // create salt field and validate to get salt $salt = new T_Form_Hidden($s_field, null); if ($salt->isSubmitted($this->env->input('POST'))) { $salt->validate($this->env->input('POST')); } // salt form and validate if ($salt->isPresent() && $salt->isValid()) { $salt = $salt->getValue(); $this->form->setFieldnameSalt($salt, $this->hash); if ($this->form->isSubmitted($this->env->input('POST'))) { $this->form->validate($this->env->input('POST')); } } // check timeout and thread lock if ($this->form->isPresent() && $this->form->isValid()) { // check timeout $timeout = $this->form->search($t_field)->getValue(); if ($timeout < time()) { $msg = 'This form has expired. Please submit the form ' . 'again to complete your request.'; throw new T_Exception_Filter($msg); } // check lock thread if ($this->lock_to) { $lock_to = $this->form->search($l_field)->getValue(); if (strcmp($lock_to, $this->lock_to) !== 0) { $msg = 'A technical error occurred at our end, sorry. ' . 'Please submit the form again.'; throw new T_Exception_Filter($msg); } } } } catch (T_Exception_Filter $e) { $this->form->setError(new T_Form_Error($e->getMessage())); } } // ready form for redisplay (remember an error may be added in the POST // method so make even a valid form ready for display). // (a) Set form forward as same page // (b) Salt form and add salt hidden input // (c) Reset timeout from now $this->form->setForward($this->env->getRequestUrl()->setParameters($this->env->input('GET')->uncage())); $salt = uniqid(rand(), true); $this->form->setFieldnameSalt($salt, $this->hash); $this->form->addChild(new T_Form_Hidden($s_field, $salt)); // note that the salt hidden input is added *after* the form is // salted as this input needs to be plain. $this->form->search($t_field)->setValue($this->timeout + time()); }