/** * Determine whether or not the request is cacheable. * @return boolean */ function isCacheable() { if (defined('SESSION_DISABLE_INIT')) { return false; } if (!Config::getVar('general', 'installed')) { return false; } if (!empty($_POST) || Validation::isLoggedIn()) { return false; } if (!PKPRequest::isPathInfoEnabled()) { $ok = array('journal', 'page', 'op', 'path'); if (!empty($_GET) && count(array_diff(array_keys($_GET), $ok)) != 0) { return false; } } else { if (!empty($_GET)) { return false; } } if (in_array(PKPRequest::getRequestedPage(), array('about', 'announcement', 'help', 'index', 'information', 'rt', 'issue', ''))) { return true; } return false; }
/** * Used by subclasses to validate access keys when they are allowed. * @param $userId int The user this key refers to * @param $reviewId int The ID of the review this key refers to * @param $newKey string The new key name, if one was supplied; otherwise, the existing one (if it exists) is used * @return object Valid user object if the key was valid; otherwise NULL. */ function &validateAccessKey($userId, $reviewId, $newKey = null) { $press =& Request::getPress(); if (!$press || !$press->getSetting('reviewerAccessKeysEnabled')) { $accessKey = false; return $accessKey; } define('REVIEWER_ACCESS_KEY_SESSION_VAR', 'ReviewerAccessKey'); import('lib.pkp.classes.security.AccessKeyManager'); $accessKeyManager = new AccessKeyManager(); $session =& Request::getSession(); // Check to see if a new access key is being used. if (!empty($newKey)) { if (Validation::isLoggedIn()) { Validation::logout(); } $keyHash = $accessKeyManager->generateKeyHash($newKey); $session->setSessionVar(REVIEWER_ACCESS_KEY_SESSION_VAR, $keyHash); } else { $keyHash = $session->getSessionVar(REVIEWER_ACCESS_KEY_SESSION_VAR); } // Now that we've gotten the key hash (if one exists), validate it. $accessKey =& $accessKeyManager->validateKey('ReviewerContext', $userId, $keyHash, $reviewId); if ($accessKey) { $userDao =& DAORegistry::getDAO('UserDAO'); $user =& $userDao->getUser($accessKey->getUserId(), false); return $user; } // No valid access key -- return NULL. return $accessKey; }
/** * Determine whether or not the request is cacheable. * @param $request PKPRequest * @param $testOnly boolean required for unit test to * bypass session check. * @return boolean */ function isCacheable($request, $testOnly = false) { if (defined('SESSION_DISABLE_INIT') && !$testOnly) { return false; } if (!Config::getVar('general', 'installed')) { return false; } if (!empty($_POST) || Validation::isLoggedIn()) { return false; } if ($request->isPathInfoEnabled()) { if (!empty($_GET)) { return false; } } else { $application = $this->getApplication(); $ok = array_merge($application->getContextList(), array('page', 'op', 'path')); if (!empty($_GET) && count(array_diff(array_keys($_GET), $ok)) != 0) { return false; } } if (in_array($this->getRequestedPage($request), $this->getCacheablePages())) { return true; } return false; }
/** * Validate that user is logged in. * Redirects to login form if not logged in. * @param $loginCheck boolean check if user is logged in */ function validate($loginCheck = true) { parent::validate(); if ($loginCheck && !Validation::isLoggedIn()) { Validation::redirectLogin(); } }
public function __construct() { // Get paths to system base directories $this->baseDir = dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname($_SERVER['SCRIPT_FILENAME'])))))))))); // Load and execute initialization code chdir($this->baseDir); define('INDEX_FILE_LOCATION', $this->baseDir . '/index.php'); require $this->baseDir . '/lib/pkp/includes/bootstrap.inc.php'; $publicDir = Config::getVar('files', 'public_files_dir'); $this->baseUrl = Config::getVar('general', 'base_url'); // Load user variables $sessionManager =& SessionManager::getManager(); $userSession =& $sessionManager->getUserSession(); $user =& $userSession->getUser(); if (isset($user)) { // User is logged in $siteDir = $this->baseDir . '/' . $publicDir . '/site/'; if (!file_exists($siteDir . '/images/')) { import('classes.file.FileManager'); // Check that the public/site/ directory exists and is writeable if (!file_exists($siteDir) || !is_writeable($siteDir)) { die(__('installer.installFilesDirError')); } // Create the images directory if (!FileManager::mkdir($siteDir . '/images/')) { die(__('installer.installFilesDirError')); } } //Check if user's image directory exists, else create it if (Validation::isLoggedIn() && !file_exists($siteDir . '/images/' . $user->getUsername())) { import('classes.file.FileManager'); // Check that the public/site/images/ directory exists and is writeable if (!file_exists($siteDir . '/images/') || !is_writeable($siteDir . '/images/')) { die(__('installer.installFilesDirError')); } // Create the directory to store the user's images if (!FileManager::mkdir($siteDir . '/images/' . $user->getUsername())) { die(__('installer.installFilesDirError')); } $this->imageDir = $publicDir . '/site/images/' . $user->getUsername(); } else { if (Validation::isLoggedIn()) { // User's image directory already exists $this->imageDir = $publicDir . '/site/images/' . $user->getUsername(); } } } else { // Not logged in; Do not allow images to be uploaded $this->imageDir = null; } // Set the base directory back to its original location chdir(dirname($_SERVER['SCRIPT_FILENAME'])); }
/** * Validate user registration information and register new user. * @param $args array * @param $request PKPRequest */ function registerUser($args, &$request) { $this->validate($request); $this->setupTemplate($request, true); import('classes.user.form.RegistrationForm'); if (checkPhpVersion('5.0.0')) { // WARNING: This form needs $this in constructor $regForm = new RegistrationForm(); } else { $regForm =& new RegistrationForm(); } $regForm->readInputData(); if ($regForm->validate()) { $regForm->execute(); $reason = null; if (Config::getVar('security', 'implicit_auth')) { Validation::login('', '', $reason); } else { Validation::login($regForm->getData('username'), $regForm->getData('password'), $reason); } if (!Validation::isLoggedIn()) { if (Config::getVar('email', 'require_validation')) { // Inform the user that they need to deal with the // registration email. $this->setupTemplate($request, true); $templateMgr =& TemplateManager::getManager(); $templateMgr->assign('pageTitle', 'user.register.emailValidation'); $templateMgr->assign('errorMsg', 'user.register.emailValidationDescription'); $templateMgr->assign('backLink', $request->url(null, 'login')); $templateMgr->assign('backLinkLabel', 'user.login'); return $templateMgr->display('common/error.tpl'); } } if ($reason !== null) { $this->setupTemplate($request, true); $templateMgr =& TemplateManager::getManager(); $templateMgr->assign('pageTitle', 'user.login'); $templateMgr->assign('errorMsg', $reason == '' ? 'user.login.accountDisabled' : 'user.login.accountDisabledWithReason'); $templateMgr->assign('errorParams', array('reason' => $reason)); $templateMgr->assign('backLink', $request->url(null, 'login')); $templateMgr->assign('backLinkLabel', 'user.login'); return $templateMgr->display('common/error.tpl'); } if ($source = $request->getUserVar('source')) { $request->redirectUrl($source); } else { $request->redirect(null, 'login'); } } else { $regForm->display(); } }
/** * @see AuthorizationPolicy::effect() */ function effect() { if (is_a($this->_router, 'PKPPageRouter')) { $page = $this->_router->getRequestedPage($this->_request); } else { $page = null; } if (Validation::isLoggedIn() || in_array($page, $this->_getLoginExemptions())) { return AUTHORIZATION_PERMIT; } else { return AUTHORIZATION_DENY; } }
function index($args) { import('classes.payment.ojs.OJSPaymentManager'); $paymentManager =& OJSPaymentManager::getManager(); $journal =& Request::getJournal(); if (!Validation::isLoggedIn()) { Validation::redirectLogin("payment.loginRequired.forDonation"); } $user =& Request::getUser(); $queuedPayment =& $paymentManager->createQueuedPayment($journal->getId(), PAYMENT_TYPE_DONATION, $user->getId(), 0, 0); $queuedPaymentId = $paymentManager->queuePayment($queuedPayment); $paymentManager->displayPaymentForm($queuedPaymentId, $queuedPayment); }
/** * Perform request access validation based on security settings. * @param $requiresJournal boolean */ function validate($requiresJournal = false) { if (Config::getVar('security', 'force_ssl') && Request::getProtocol() != 'https') { // Force SSL connections site-wide Request::redirectSSL(); } $journal = Request::getJournal(); if ($requiresJournal && $journal == null) { // Requested page is only allowed for journals Request::redirect(null, 'about'); } $page = Request::getRequestedPage(); if ($journal != null && !Validation::isLoggedIn() && !in_array($page, Handler::getLoginExemptions()) && $journal->getSetting('restrictSiteAccess')) { Request::redirect(null, 'login'); } }
/** * Initialize the template manager. */ function initialize() { $locale = AppLocale::getLocale(); $application = PKPApplication::getApplication(); $router = $this->_request->getRouter(); assert(is_a($router, 'PKPRouter')); $currentContext = $this->_request->getContext(); $this->assign(array('defaultCharset' => Config::getVar('i18n', 'client_charset'), 'basePath' => $this->_request->getBasePath(), 'baseUrl' => $this->_request->getBaseUrl(), 'requiresFormRequest' => $this->_request->isPost(), 'currentUrl' => $this->_request->getCompleteUrl(), 'dateFormatTrunc' => Config::getVar('general', 'date_format_trunc'), 'dateFormatShort' => Config::getVar('general', 'date_format_short'), 'dateFormatLong' => Config::getVar('general', 'date_format_long'), 'datetimeFormatShort' => Config::getVar('general', 'datetime_format_short'), 'datetimeFormatLong' => Config::getVar('general', 'datetime_format_long'), 'timeFormat' => Config::getVar('general', 'time_format'), 'currentContext' => $currentContext, 'currentLocale' => $locale, 'pageTitle' => $application->getNameKey(), 'applicationName' => __($application->getNameKey()))); if (is_a($router, 'PKPPageRouter')) { $this->assign(array('requestedPage' => $router->getRequestedPage($this->_request), 'requestedOp' => $router->getRequestedOp($this->_request))); // Register the jQuery script $min = Config::getVar('general', 'enable_minified') ? '.min' : ''; if (Config::getVar('general', 'enable_cdn')) { $jquery = '//ajax.googleapis.com/ajax/libs/jquery/' . CDN_JQUERY_VERSION . '/jquery' . $min . '.js'; $jqueryUI = '//ajax.googleapis.com/ajax/libs/jqueryui/' . CDN_JQUERY_UI_VERSION . '/jquery-ui' . $min . '.js'; } else { $jquery = $this->_request->getBaseUrl() . '/lib/pkp/lib/components/jquery/jquery' . $min . '.js'; $jqueryUI = $this->_request->getBaseUrl() . '/lib/pkp/lib/components/jquery-ui/jquery-ui' . $min . '.js'; } $this->addJavaScript('jquery', $jquery, array('priority' => STYLE_SEQUENCE_CORE, 'contexts' => 'backend')); $this->addJavaScript('jqueryUI', $jqueryUI, array('priority' => STYLE_SEQUENCE_CORE, 'contexts' => 'backend')); // Register the pkp-lib JS library $this->registerJSLibraryData(); $this->registerJSLibrary(); // Load Noto Sans font from Google Font CDN // To load extended latin or other character sets, see: // https://www.google.com/fonts#UsePlace:use/Collection:Noto+Sans if (Config::getVar('general', 'enable_cdn')) { $this->addStyleSheet('pkpLibNotoSans', '//fonts.googleapis.com/css?family=Noto+Sans:400,400italic,700,700italic', array('priority' => STYLE_SEQUENCE_CORE, 'contexts' => 'backend')); } // Register the primary backend stylesheet if ($dispatcher = $this->_request->getDispatcher()) { $this->addStyleSheet('pkpLib', $dispatcher->url($this->_request, ROUTE_COMPONENT, null, 'page.PageHandler', 'css'), array('priority' => STYLE_SEQUENCE_CORE, 'contexts' => 'backend')); } // Add reading language flag based on locale $this->assign('currentLocaleLangDir', AppLocale::getLocaleDirection($locale)); // If there's a locale-specific stylesheet, add it. if (($localeStyleSheet = AppLocale::getLocaleStyleSheet($locale)) != null) { $this->addStyleSheet('pkpLibLocale', $this->_request->getBaseUrl() . '/' . $localeStyleSheet, array('contexts' => array('frontend', 'backend'))); } // Register colour picker assets on the appearance page $this->addJavaScript('spectrum', $this->_request->getBaseUrl() . '/lib/pkp/js/lib/jquery/plugins/spectrum/spectrum.js', array('contexts' => array('backend-management-settings', 'backend-admin-settings', 'backend-admin-contexts'))); $this->addStyleSheet('spectrum', $this->_request->getBaseUrl() . '/lib/pkp/js/lib/jquery/plugins/spectrum/spectrum.css', array('contexts' => array('backend-management-settings', 'backend-admin-settings', 'backend-admin-contexts'))); // Register recaptcha on relevant pages if (Config::getVar('captcha', 'recaptcha') && Config::getVar('captcha', 'captcha_on_register')) { $this->addJavaScript('recaptcha', 'https://www.google.com/recaptcha/api.js', array('contexts' => array('frontend-user-register', 'frontend-user-registerUser'))); } // Register meta tags if (Config::getVar('general', 'installed')) { if (($this->_request->getRequestedPage() == '' || $this->_request->getRequestedPage() == 'index') && $currentContext && $currentContext->getLocalizedSetting('searchDescription')) { $this->addHeader('searchDescription', '<meta name="description" content="' . $currentContext->getLocalizedSetting('searchDescription') . '">'); } $this->addHeader('generator', '<meta name="generator" content="' . __($application->getNameKey()) . ' ' . $application->getCurrentVersion()->getVersionString(false) . '">', array('contexts' => array('frontend', 'backend'))); if ($currentContext) { $customHeaders = $currentContext->getLocalizedSetting('customHeaders'); if (!empty($customHeaders)) { $this->addHeader('customHeaders', $customHeaders); } } } if ($currentContext && !$currentContext->getEnabled()) { $this->addHeader('noindex', '<meta name="robots" content="noindex,nofollow">', array('contexts' => array('frontend', 'backend'))); } } // Register custom functions $this->register_modifier('translate', array('AppLocale', 'translate')); $this->register_modifier('strip_unsafe_html', array('PKPString', 'stripUnsafeHtml')); $this->register_modifier('String_substr', array('PKPString', 'substr')); $this->register_modifier('dateformatPHP2JQueryDatepicker', array('PKPString', 'dateformatPHP2JQueryDatepicker')); $this->register_modifier('to_array', array($this, 'smartyToArray')); $this->register_modifier('compare', array($this, 'smartyCompare')); $this->register_modifier('concat', array($this, 'smartyConcat')); $this->register_modifier('strtotime', array($this, 'smartyStrtotime')); $this->register_modifier('explode', array($this, 'smartyExplode')); $this->register_modifier('assign', array($this, 'smartyAssign')); $this->register_function('csrf', array($this, 'smartyCSRF')); $this->register_function('translate', array($this, 'smartyTranslate')); $this->register_function('null_link_action', array($this, 'smartyNullLinkAction')); $this->register_function('help', array($this, 'smartyHelp')); $this->register_function('flush', array($this, 'smartyFlush')); $this->register_function('call_hook', array($this, 'smartyCallHook')); $this->register_function('html_options_translate', array($this, 'smartyHtmlOptionsTranslate')); $this->register_block('iterate', array($this, 'smartyIterate')); $this->register_function('page_links', array($this, 'smartyPageLinks')); $this->register_function('page_info', array($this, 'smartyPageInfo')); $this->register_function('pluck_files', array($this, 'smartyPluckFiles')); // Modified vocabulary for creating forms $fbv = $this->getFBV(); $this->register_block('fbvFormSection', array($fbv, 'smartyFBVFormSection')); $this->register_block('fbvFormArea', array($fbv, 'smartyFBVFormArea')); $this->register_function('fbvFormButtons', array($fbv, 'smartyFBVFormButtons')); $this->register_function('fbvElement', array($fbv, 'smartyFBVElement')); $this->assign('fbvStyles', $fbv->getStyles()); $this->register_function('fieldLabel', array($fbv, 'smartyFieldLabel')); // register the resource name "core" $coreResource = new PKPTemplateResource($this->core_template_dir); $this->register_resource('core', array(array($coreResource, 'fetch'), array($coreResource, 'fetchTimestamp'), array($coreResource, 'getSecure'), array($coreResource, 'getTrusted'))); $appResource = new PKPTemplateResource($this->app_template_dir); $this->register_resource('app', array(array($appResource, 'fetch'), array($appResource, 'fetchTimestamp'), array($appResource, 'getSecure'), array($appResource, 'getTrusted'))); $this->register_function('url', array($this, 'smartyUrl')); // ajax load into a div or any element $this->register_function('load_url_in_el', array($this, 'smartyLoadUrlInEl')); $this->register_function('load_url_in_div', array($this, 'smartyLoadUrlInDiv')); // load stylesheets/scripts/headers from a given context $this->register_function('load_stylesheet', array($this, 'smartyLoadStylesheet')); $this->register_function('load_script', array($this, 'smartyLoadScript')); $this->register_function('load_header', array($this, 'smartyLoadHeader')); /** * Kludge to make sure no code that tries to connect to the * database is executed (e.g., when loading installer pages). */ if (!defined('SESSION_DISABLE_INIT')) { $application = PKPApplication::getApplication(); $this->assign(array('isUserLoggedIn' => Validation::isLoggedIn(), 'isUserLoggedInAs' => Validation::isLoggedInAs(), 'itemsPerPage' => Config::getVar('interface', 'items_per_page'), 'numPageLinks' => Config::getVar('interface', 'page_links'))); $user = $this->_request->getUser(); $hasSystemNotifications = false; if ($user) { $notificationDao = DAORegistry::getDAO('NotificationDAO'); $notifications = $notificationDao->getByUserId($user->getId(), NOTIFICATION_LEVEL_TRIVIAL); if ($notifications->getCount() > 0) { $this->assign('hasSystemNotifications', true); } // Assign the user name to be used in the sitenav $this->assign(array('loggedInUsername' => $user->getUserName(), 'initialHelpState' => (int) $user->getInlineHelp())); } } // Load enabled block plugins and setup active sidebar variables PluginRegistry::loadCategory('blocks', true); $sidebarHooks = HookRegistry::getHooks('Templates::Common::Sidebar'); $this->assign(array('hasSidebar' => !empty($sidebarHooks))); }
/** * Log a user out. */ function signOut() { $this->validate(); $this->setupTemplate(); if (Validation::isLoggedIn()) { Validation::logout(); } $source = Request::getUserVar('source'); if (isset($source) && !empty($source)) { PKPRequest::redirectUrl(Request::getProtocol() . '://' . Request::getServerHost() . $source, false); } else { PKPRequest::redirect(null, Request::getRequestedPage()); } }
/** * Check if a user is authorized to access the specified role in the specified press. * @param $roleId int * @param $pressId optional (e.g., for global site admin role), the ID of the press * @return boolean */ function isAuthorized($roleId, $pressId = 0) { if (!Validation::isLoggedIn()) { return false; } if ($pressId === -1) { // Get press ID from request $press =& Request::getPress(); $pressId = $press == null ? 0 : $press->getId(); } $sessionManager =& SessionManager::getManager(); $session =& $sessionManager->getUserSession(); $user =& $session->getUser(); $roleDAO =& DAORegistry::getDAO('RoleDAO'); return $roleDAO->userHasRole($pressId, $user->getId(), $roleId); }
/** * Initialize the template manager. */ function initialize() { // Retrieve the router $router = $this->_request->getRouter(); assert(is_a($router, 'PKPRouter')); $this->assign('defaultCharset', Config::getVar('i18n', 'client_charset')); $this->assign('basePath', $this->_request->getBasePath()); $this->assign('baseUrl', $this->_request->getBaseUrl()); $this->assign('requiresFormRequest', $this->_request->isPost()); if (is_a($router, 'PKPPageRouter')) { $this->assign('requestedPage', $router->getRequestedPage($this->_request)); } $this->assign('currentUrl', $this->_request->getCompleteUrl()); $this->assign('dateFormatTrunc', Config::getVar('general', 'date_format_trunc')); $this->assign('dateFormatShort', Config::getVar('general', 'date_format_short')); $this->assign('dateFormatLong', Config::getVar('general', 'date_format_long')); $this->assign('datetimeFormatShort', Config::getVar('general', 'datetime_format_short')); $this->assign('datetimeFormatLong', Config::getVar('general', 'datetime_format_long')); $this->assign('timeFormat', Config::getVar('general', 'time_format')); $this->assign('allowCDN', Config::getVar('general', 'enable_cdn')); $this->assign('useMinifiedJavaScript', Config::getVar('general', 'enable_minified')); $this->assign('toggleHelpOnText', __('help.toggleInlineHelpOn')); $this->assign('toggleHelpOffText', __('help.toggleInlineHelpOff')); $this->assign('currentContext', $this->_request->getContext()); $locale = AppLocale::getLocale(); $this->assign('currentLocale', $locale); // Add uncompilable styles $this->addStyleSheet($this->_request->getBaseUrl() . '/styles/lib.css', STYLE_SEQUENCE_CORE); $dispatcher = $this->_request->getDispatcher(); if ($dispatcher) { $this->addStyleSheet($dispatcher->url($this->_request, ROUTE_COMPONENT, null, 'page.PageHandler', 'css'), STYLE_SEQUENCE_CORE); } // If there's a locale-specific stylesheet, add it. if (($localeStyleSheet = AppLocale::getLocaleStyleSheet($locale)) != null) { $this->addStyleSheet($this->_request->getBaseUrl() . '/' . $localeStyleSheet); } $application = PKPApplication::getApplication(); $this->assign('pageTitle', $application->getNameKey()); $this->assign('applicationName', __($application->getNameKey())); $this->assign('exposedConstants', $application->getExposedConstants()); $this->assign('jsLocaleKeys', $application->getJSLocaleKeys()); // Register custom functions $this->register_modifier('translate', array('AppLocale', 'translate')); $this->register_modifier('strip_unsafe_html', array('String', 'stripUnsafeHtml')); $this->register_modifier('String_substr', array('String', 'substr')); $this->register_modifier('to_array', array($this, 'smartyToArray')); $this->register_modifier('compare', array($this, 'smartyCompare')); $this->register_modifier('concat', array($this, 'smartyConcat')); $this->register_modifier('escape', array($this, 'smartyEscape')); $this->register_modifier('strtotime', array($this, 'smartyStrtotime')); $this->register_modifier('explode', array($this, 'smartyExplode')); $this->register_modifier('assign', array($this, 'smartyAssign')); $this->register_function('translate', array($this, 'smartyTranslate')); $this->register_function('null_link_action', array($this, 'smartyNullLinkAction')); $this->register_function('flush', array($this, 'smartyFlush')); $this->register_function('call_hook', array($this, 'smartyCallHook')); $this->register_function('html_options_translate', array($this, 'smartyHtmlOptionsTranslate')); $this->register_block('iterate', array($this, 'smartyIterate')); $this->register_function('page_links', array($this, 'smartyPageLinks')); $this->register_function('page_info', array($this, 'smartyPageInfo')); $this->register_function('icon', array($this, 'smartyIcon')); $this->register_modifier('truncate', array($this, 'smartyTruncate')); // Modified vocabulary for creating forms $fbv = $this->getFBV(); $this->register_block('fbvFormSection', array($fbv, 'smartyFBVFormSection')); $this->register_block('fbvFormArea', array($fbv, 'smartyFBVFormArea')); $this->register_function('fbvFormButtons', array($fbv, 'smartyFBVFormButtons')); $this->register_function('fbvElement', array($fbv, 'smartyFBVElement')); $this->assign('fbvStyles', $fbv->getStyles()); $this->register_function('fieldLabel', array($fbv, 'smartyFieldLabel')); // register the resource name "core" $this->register_resource('core', array(array($this, 'smartyResourceCoreGetTemplate'), array($this, 'smartyResourceCoreGetTimestamp'), array($this, 'smartyResourceCoreGetSecure'), array($this, 'smartyResourceCoreGetTrusted'))); $this->register_function('url', array($this, 'smartyUrl')); // ajax load into a div $this->register_function('load_url_in_div', array($this, 'smartyLoadUrlInDiv')); if (!defined('SESSION_DISABLE_INIT')) { /** * Kludge to make sure no code that tries to connect to * the database is executed (e.g., when loading * installer pages). */ $this->assign('isUserLoggedIn', Validation::isLoggedIn()); $this->assign('isUserLoggedInAs', Validation::isLoggedInAs()); $application = PKPApplication::getApplication(); $currentVersion = $application->getCurrentVersion(); $this->assign('currentVersionString', $currentVersion->getVersionString(false)); $this->assign('itemsPerPage', Config::getVar('interface', 'items_per_page')); $this->assign('numPageLinks', Config::getVar('interface', 'page_links')); } // Load enabled block plugins. PluginRegistry::loadCategory('blocks', true); if (!defined('SESSION_DISABLE_INIT')) { $user = $this->_request->getUser(); $hasSystemNotifications = false; if ($user) { // Assign the user name to be used in the sitenav $this->assign('loggedInUsername', $user->getUserName()); $notificationDao = DAORegistry::getDAO('NotificationDAO'); $notifications = $notificationDao->getByUserId($user->getId(), NOTIFICATION_LEVEL_TRIVIAL); if ($notifications->getCount() > 0) { $hasSystemNotifications = true; } $this->assign('initialHelpState', (int) $user->getInlineHelp()); } $this->assign('hasSystemNotifications', $hasSystemNotifications); } }
/** * Validation * @param $request PKPRequest * @param $articleId int */ function validate(&$request, $articleId) { parent::validate(); $journal =& $request->getJournal(); $journalId = $journal->getId(); $journalSettingsDao =& DAORegistry::getDAO('JournalSettingsDAO'); $publishedArticleDao =& DAORegistry::getDAO('PublishedArticleDAO'); $article =& $publishedArticleDao->getPublishedArticleByArticleId($articleId); // Bring in comment constants $commentDao =& DAORegistry::getDAO('CommentDAO'); $enableComments = $journal->getSetting('enableComments'); if (!Validation::isLoggedIn() && $journalSettingsDao->getSetting($journalId, 'restrictArticleAccess') || $article && !$article->getEnableComments() || $enableComments != COMMENTS_ANONYMOUS && $enableComments != COMMENTS_AUTHENTICATED && $enableComments != COMMENTS_UNAUTHENTICATED) { Validation::redirectLogin(); } // Subscription Access $issueDao =& DAORegistry::getDAO('IssueDAO'); $issue =& $issueDao->getIssueByArticleId($articleId); if (isset($issue) && isset($article)) { import('classes.issue.IssueAction'); $subscriptionRequired = IssueAction::subscriptionRequired($issue); $subscribedUser = IssueAction::subscribedUser($journal, $issue->getId(), $articleId); if (!(!$subscriptionRequired || $article->getAccessStatus() == ARTICLE_ACCESS_OPEN || $subscribedUser)) { $request->redirect(null, 'index'); } } else { $request->redirect(null, 'index'); } $this->issue =& $issue; $this->article =& $article; return true; }
/** * Validation * @see lib/pkp/classes/handler/PKPHandler#validate() * @param $request Request * @param $issueId int * @param $galleyId int */ function validate($request, $issueId = null, $galleyId = null) { $returner = parent::validate(null, $request); // Validate requests that don't specify an issue or galley if (!$issueId && !$galleyId) { return $returner; } // Require an issue id to continue if (!$issueId) { $request->redirect(null, 'index'); } import('classes.issue.IssueAction'); $journal =& $request->getJournal(); $journalId = $journal->getId(); $user =& $request->getUser(); $userId = $user ? $user->getId() : 0; $issue = null; $galley = null; // Get the issue $issueDao =& DAORegistry::getDAO('IssueDAO'); if ($journal->getSetting('enablePublicIssueId')) { $issue =& $issueDao->getIssueByBestIssueId($issueId, $journalId); } else { $issue =& $issueDao->getIssueById((int) $issueId, null, true); } // Invalid issue id, redirect to current issue if (!$issue || !$this->_isVisibleIssue($issue, $journalId)) { $request->redirect(null, null, 'current'); } $this->setIssue($issue); // If no issue galley id provided, then we're done if (!$galleyId) { return true; } // Get the issue galley $galleyDao =& DAORegistry::getDAO('IssueGalleyDAO'); if ($journal->getSetting('enablePublicGalleyId')) { $galley =& $galleyDao->getGalleyByBestGalleyId($galleyId, $issue->getId()); } else { $galley =& $galleyDao->getGalley($galleyId, $issue->getId()); } // Invalid galley id, redirect to issue page if (!$galley) { $request->redirect(null, null, 'view', $issueId); } $this->setGalley($galley); // If this is an editorial user who can view unpublished issue galleys, // bypass further validation if (IssueAction::allowedIssuePrePublicationAccess($journal)) { return true; } // Ensure reader has rights to view the issue galley if ($issue->getPublished()) { $subscriptionRequired = IssueAction::subscriptionRequired($issue); $isSubscribedDomain = IssueAction::subscribedDomain($journal, $issueId); // Check if login is required for viewing. if (!$isSubscribedDomain && !Validation::isLoggedIn() && $journal->getSetting('restrictArticleAccess')) { Validation::redirectLogin(); } // If no domain/ip subscription, check if user has a valid subscription // or if the user has previously purchased the issue if (!$isSubscribedDomain && $subscriptionRequired) { // Check if user has a valid subscription $subscribedUser = IssueAction::subscribedUser($journal, $issueId); if (!$subscribedUser) { // Check if payments are enabled, import('classes.payment.ojs.OJSPaymentManager'); $paymentManager = new OJSPaymentManager($request); if ($paymentManager->purchaseIssueEnabled() || $paymentManager->membershipEnabled()) { // If only pdf files are being restricted, then approve all non-pdf galleys // and continue checking if it is a pdf galley if ($paymentManager->onlyPdfEnabled() && !$galley->isPdfGalley()) { return true; } if (!Validation::isLoggedIn()) { Validation::redirectLogin("payment.loginRequired.forIssue"); } // If the issue galley has been purchased, then allow reader access $completedPaymentDao =& DAORegistry::getDAO('OJSCompletedPaymentDAO'); $dateEndMembership = $user->getSetting('dateEndMembership', 0); if ($completedPaymentDao->hasPaidPurchaseIssue($userId, $issueId) || !is_null($dateEndMembership) && $dateEndMembership > time()) { return true; } else { // Otherwise queue an issue purchase payment and display payment form $queuedPayment =& $paymentManager->createQueuedPayment($journalId, PAYMENT_TYPE_PURCHASE_ISSUE, $userId, $issueId, $journal->getSetting('purchaseIssueFee')); $queuedPaymentId = $paymentManager->queuePayment($queuedPayment); $templateMgr =& TemplateManager::getManager(); $paymentManager->displayPaymentForm($queuedPaymentId, $queuedPayment); exit; } } if (!Validation::isLoggedIn()) { Validation::redirectLogin("reader.subscriptionRequiredLoginText"); } $request->redirect(null, 'about', 'subscriptions'); } } } else { $request->redirect(null, 'index'); } return true; }
/** * A landing page once users complete registration * @param $args array * @param $request PKPRequest */ function registrationComplete($args, $request) { if (!Validation::isLoggedIn()) { $request->redirect(null, 'login'); } $this->setupTemplate($request); $templateMgr = TemplateManager::getManager($request); $templateMgr->assign('pageTitle', 'user.login.registrationComplete'); return $templateMgr->fetch('frontend/pages/userRegisterComplete.tpl'); }
/** * Constructor. * Initialize template engine and assign basic template variables. * @param $request PKPRequest FIXME: is optional for backwards compatibility only - make mandatory */ function PKPTemplateManager($request = null) { // FIXME: for backwards compatibility only - remove if (!isset($request)) { if (Config::getVar('debug', 'deprecation_warnings')) { trigger_error('Deprecated function call.'); } $request =& Registry::get('request'); } assert(is_a($request, 'PKPRequest')); // Retrieve the router $router =& $request->getRouter(); assert(is_a($router, 'PKPRouter')); parent::Smarty(); // Set up Smarty configuration $baseDir = Core::getBaseDir(); $cachePath = CacheManager::getFileCachePath(); // Set the default template dir (app's template dir) $this->app_template_dir = $baseDir . DIRECTORY_SEPARATOR . 'templates'; // Set fallback template dir (core's template dir) $this->core_template_dir = $baseDir . DIRECTORY_SEPARATOR . 'lib' . DIRECTORY_SEPARATOR . 'pkp' . DIRECTORY_SEPARATOR . 'templates'; $this->template_dir = array($this->app_template_dir, $this->core_template_dir); $this->compile_dir = $cachePath . DIRECTORY_SEPARATOR . 't_compile'; $this->config_dir = $cachePath . DIRECTORY_SEPARATOR . 't_config'; $this->cache_dir = $cachePath . DIRECTORY_SEPARATOR . 't_cache'; // Assign common variables $this->styleSheets = array(); $this->assign_by_ref('stylesheets', $this->styleSheets); $this->javaScripts = array(); $this->cacheability = CACHEABILITY_NO_STORE; // Safe default $this->assign('defaultCharset', Config::getVar('i18n', 'client_charset')); $this->assign('basePath', $request->getBasePath()); $this->assign('baseUrl', $request->getBaseUrl()); $this->assign('requiresFormRequest', $request->isPost()); if (is_a($router, 'PKPPageRouter')) { $this->assign('requestedPage', $router->getRequestedPage($request)); } $this->assign('currentUrl', $request->getCompleteUrl()); $this->assign('dateFormatTrunc', Config::getVar('general', 'date_format_trunc')); $this->assign('dateFormatShort', Config::getVar('general', 'date_format_short')); $this->assign('dateFormatLong', Config::getVar('general', 'date_format_long')); $this->assign('datetimeFormatShort', Config::getVar('general', 'datetime_format_short')); $this->assign('datetimeFormatLong', Config::getVar('general', 'datetime_format_long')); $this->assign('timeFormat', Config::getVar('general', 'time_format')); $this->assign('allowCDN', Config::getVar('general', 'enable_cdn')); $this->assign('useMinifiedJavaScript', Config::getVar('general', 'enable_minified')); $locale = Locale::getLocale(); $this->assign('currentLocale', $locale); // If there's a locale-specific stylesheet, add it. if (($localeStyleSheet = Locale::getLocaleStyleSheet($locale)) != null) { $this->addStyleSheet($request->getBaseUrl() . '/' . $localeStyleSheet); } $application =& PKPApplication::getApplication(); $this->assign('pageTitle', $application->getNameKey()); // Register custom functions $this->register_modifier('translate', array('Locale', 'translate')); $this->register_modifier('get_value', array(&$this, 'smartyGetValue')); $this->register_modifier('strip_unsafe_html', array('String', 'stripUnsafeHtml')); $this->register_modifier('String_substr', array('String', 'substr')); $this->register_modifier('to_array', array(&$this, 'smartyToArray')); $this->register_modifier('concat', array(&$this, 'smartyConcat')); $this->register_modifier('escape', array(&$this, 'smartyEscape')); $this->register_modifier('strtotime', array(&$this, 'smartyStrtotime')); $this->register_modifier('explode', array(&$this, 'smartyExplode')); $this->register_modifier('assign', array(&$this, 'smartyAssign')); $this->register_function('translate', array(&$this, 'smartyTranslate')); $this->register_function('flush', array(&$this, 'smartyFlush')); $this->register_function('call_hook', array(&$this, 'smartyCallHook')); $this->register_function('html_options_translate', array(&$this, 'smartyHtmlOptionsTranslate')); $this->register_block('iterate', array(&$this, 'smartyIterate')); $this->register_function('call_progress_function', array(&$this, 'smartyCallProgressFunction')); $this->register_function('page_links', array(&$this, 'smartyPageLinks')); $this->register_function('page_info', array(&$this, 'smartyPageInfo')); $this->register_function('get_help_id', array(&$this, 'smartyGetHelpId')); $this->register_function('icon', array(&$this, 'smartyIcon')); $this->register_function('help_topic', array(&$this, 'smartyHelpTopic')); $this->register_function('sort_heading', array(&$this, 'smartySortHeading')); $this->register_function('sort_search', array(&$this, 'smartySortSearch')); $this->register_function('get_debug_info', array(&$this, 'smartyGetDebugInfo')); $this->register_function('assign_mailto', array(&$this, 'smartyAssignMailto')); $this->register_function('display_template', array(&$this, 'smartyDisplayTemplate')); $this->register_modifier('truncate', array(&$this, 'smartyTruncate')); // JS UI components $this->register_function('modal', array(&$this, 'smartyModal')); $this->register_function('confirm', array(&$this, 'smartyConfirm')); $this->register_function('confirm_submit', array(&$this, 'smartyConfirmSubmit')); $this->register_function('init_tabs', array(&$this, 'smartyInitTabs')); $this->register_function('modal_title', array(&$this, 'smartyModalTitle')); // register the resource name "core" $this->register_resource("core", array(array(&$this, 'smartyResourceCoreGetTemplate'), array(&$this, 'smartyResourceCoreGetTimestamp'), array(&$this, 'smartyResourceCoreGetSecure'), array(&$this, 'smartyResourceCoreGetTrusted'))); $this->register_function('url', array(&$this, 'smartyUrl')); // ajax load into a div $this->register_function('load_url_in_div', array(&$this, 'smartyLoadUrlInDiv')); if (!defined('SESSION_DISABLE_INIT')) { /** * Kludge to make sure no code that tries to connect to * the database is executed (e.g., when loading * installer pages). */ $this->assign('isUserLoggedIn', Validation::isLoggedIn()); $application =& PKPApplication::getApplication(); $currentVersion =& $application->getCurrentVersion(); $this->assign('currentVersionString', $currentVersion->getVersionString()); $this->assign('itemsPerPage', Config::getVar('interface', 'items_per_page')); $this->assign('numPageLinks', Config::getVar('interface', 'page_links')); $user =& $request->getUser(); if ($user) { $notificationDao =& DAORegistry::getDAO('NotificationDAO'); $notifications =& $notificationDao->getNotificationsByUserId($user->getId(), NOTIFICATION_LEVEL_TRIVIAL); $notificationsArray =& $notifications->toArray(); unset($notifications); foreach ($notificationsArray as $notification) { $notificationDao->deleteNotificationById($notification->getId()); } $this->assign('systemNotifications', $notificationsArray); } } $this->initialized = false; }
import('file.FileManager'); if (!FileManager::mkdir($init['baseDir'] . '/' . $init['publicDir'] . '/site/images/')) { $this->setError(INSTALLER_ERROR_GENERAL, 'installer.installFilesDirError'); return false; } } //Check if user's image directory exists, else create it if (Validation::isLoggedIn() && !file_exists($init['baseDir'] . '/' . $init['publicDir'] . '/site/images/' . $user->getUsername())) { import('file.FileManager'); if (!FileManager::mkdir($init['baseDir'] . '/' . $init['publicDir'] . '/site/images/' . $user->getUsername())) { $this->setError(INSTALLER_ERROR_GENERAL, 'installer.installFilesDirError'); return false; } array_push($cfg['ilibs'], array('value' => '/' . $init['publicDir'] . '/site/images/' . $user->getUsername() . '/', 'text' => 'Your images')); } else { if (Validation::isLoggedIn()) { array_push($cfg['ilibs'], array('value' => '/' . $init['publicDir'] . '/site/images/' . $user->getUsername() . '/', 'text' => 'Your images')); } } //------------------------------------------------------------------------- // use dynamic image libraries - if $cfg['ilibs_inc'] is set, static image libraries above are ignored // image directories to be scanned // $cfg['ilibs_dir'] = array('/public/site/images/public'); // image library path with slashes; absolute to root directory - please make sure that the directories have write permissions // $cfg['ilibs_dir_show'] = true; // show main library (true) or only sub-dirs (false) // $cfg['ilibs_inc'] = realpath(dirname(__FILE__) . '/../scripts/init.php'); // file to include in ibrowser.php (useful for setting $cfg['ilibs] dynamically //------------------------------------------------------------------------- // you shouldn't need to make any changes to the config variable beyond this line! //------------------------------------------------------------------------- $osslash = strtoupper(substr(PHP_OS, 0, 3)) == 'WIN' ? '\\' : '/'; $cfg['ver'] = '1.3.7 - build 10052006'; // iBrowser version
/** * Check if a user is authorized to access the specified role in the specified journal. * @param $roleId int * @param $journalId optional (e.g., for global site admin role), the ID of the journal * @return boolean */ function isAuthorized($roleId, $journalId = 0) { if (!Validation::isLoggedIn()) { return false; } if ($journalId === -1) { // Get journal ID from request $journal =& Request::getJournal(); $journalId = $journal == null ? 0 : $journal->getJournalId(); } $sessionManager =& SessionManager::getManager(); $session =& $sessionManager->getUserSession(); $user =& $session->getUser(); $roleDao =& DAORegistry::getDAO('RoleDAO'); return $roleDao->roleExists($journalId, $user->getUserId(), $roleId); }
/** * Validation */ function validate($articleId, $galleyId = null) { parent::validate(true); import('issue.IssueAction'); $journal =& Request::getJournal(); $journalId = $journal->getJournalId(); $article = $publishedArticle = $issue = null; $publishedArticleDao =& DAORegistry::getDAO('PublishedArticleDAO'); if ($journal->getSetting('enablePublicArticleId')) { $publishedArticle =& $publishedArticleDao->getPublishedArticleByBestArticleId($journalId, $articleId); } else { $publishedArticle =& $publishedArticleDao->getPublishedArticleByArticleId((int) $articleId, $journalId); } $issueDao =& DAORegistry::getDAO('IssueDAO'); if (isset($publishedArticle)) { $issue =& $issueDao->getIssueByArticleId($publishedArticle->getArticleId(), $journalId); } else { $articleDao =& DAORegistry::getDAO('ArticleDAO'); $article =& $articleDao->getArticle((int) $articleId, $journalId); } // If this is an editorial user who can view unpublished/unscheduled // articles, bypass further validation. if (($article || $publishedArticle) && IssueAction::allowedPrePublicationAccess($journal)) { return array($journal, $issue, $publishedArticle ? $publishedArticle : $article); } // Make sure the reader has rights to view the article/issue. if ($issue && $issue->getPublished()) { $subscriptionRequired = IssueAction::subscriptionRequired($issue); $isSubscribedDomain = IssueAction::subscribedDomain($journal, $issue->getIssueId(), $articleId); // Check if login is required for viewing. if (!$isSubscribedDomain && !Validation::isLoggedIn() && $journal->getSetting('restrictArticleAccess') && isset($galleyId) && $galleyId != 0) { Validation::redirectLogin(); } // bypass all validation if subscription based on domain or ip is valid // or if the user is just requesting the abstract if (!$isSubscribedDomain && $subscriptionRequired && (isset($galleyId) && $galleyId != 0)) { // Subscription Access $subscribedUser = IssueAction::subscribedUser($journal, $issue->getIssueId(), $articleId); if (!(!$subscriptionRequired || $publishedArticle->getAccessStatus() || $subscribedUser)) { // if payment information is enabled, import('payment.ojs.OJSPaymentManager'); $paymentManager =& OJSPaymentManager::getManager(); if ($paymentManager->purchaseArticleEnabled() || $paymentManager->membershipEnabled()) { /* if only pdf files are being restricted, then approve all non-pdf galleys * and continue checking if it is a pdf galley */ if ($paymentManager->onlyPdfEnabled()) { $galleyDAO =& DAORegistry::getDAO('ArticleGalleyDAO'); $galley =& $galleyDAO->getGalley($galleyId, $articleId); if ($galley && !$galley->isPdfGalley()) { return array($journal, $issue, $publishedArticle); } } if (!Validation::isLoggedIn()) { Validation::redirectLogin("payment.loginRequired.forArticle"); } $user =& Request::getUser(); $userId = $user->getUserId(); /* if the article has been paid for then forget about everything else * and just let them access the article */ $completedPaymentDAO =& DAORegistry::getDAO('OJSCompletedPaymentDAO'); if ($completedPaymentDAO->hasPaidPerViewArticle($userId, $articleId) || !is_null($user->getDateEndMembership()) && strtotime($user->getDateEndMembership()) > time()) { return array($journal, $issue, $publishedArticle); } else { $queuedPayment =& $paymentManager->createQueuedPayment($journalId, PAYMENT_TYPE_PURCHASE_ARTICLE, $user->getUserId(), $articleId, $journal->getSetting('purchaseArticleFee')); $queuedPaymentId = $paymentManager->queuePayment($queuedPayment); $templateMgr =& TemplateManager::getManager(); $paymentManager->displayPaymentForm($queuedPaymentId, $queuedPayment); exit; } } if (!isset($galleyId) || $galleyId) { if (!Validation::isLoggedIn()) { Validation::redirectLogin("reader.subscriptionRequiredLoginText"); } Request::redirect(null, 'about', 'subscriptions'); } } } } else { Request::redirect(null, 'index'); } return array($journal, $issue, $publishedArticle); }
public function __construct() { // Get paths to system base directories $this->baseDir = $_SERVER['SCRIPT_FILENAME']; for ($i = 0; $i < 10; $i++) { $this->baseDir = dirname($this->baseDir); } // Load and execute initialization code chdir($this->baseDir); define('INDEX_FILE_LOCATION', $this->baseDir . '/index.php'); require $this->baseDir . '/lib/pkp/includes/bootstrap.inc.php'; $publicDir = Config::getVar('files', 'public_files_dir'); $this->baseUrl = Config::getVar('general', 'base_url'); // Skip locale detection define('SESSION_DISABLE_INIT', 1); // Register locale files in the registry $locale = LOCALE_DEFAULT; $localeFile = new LocaleFile($locale, $this->baseDir . "/lib/pkp/locale/{$locale}/installer.xml"); Registry::get('localeFiles', true, array($locale => array($localeFile))); // Load user variables $sessionManager = SessionManager::getManager(); $userSession = $sessionManager->getUserSession(); $user = $userSession->getUser(); if (isset($user)) { // User is logged in $siteDir = $this->baseDir . '/' . $publicDir . '/site/'; if (!file_exists($siteDir . '/images/')) { import('lib.pkp.classes.file.FileManager'); $fileManager = new FileManager(); // Check that the public/site/ directory exists and is writeable if (!file_exists($siteDir) || !is_writeable($siteDir)) { die(__('installer.installFilesDirError')); } // Create the images directory if (!$fileManager->mkdir($siteDir . '/images/')) { die(__('installer.installFilesDirError')); } } //Check if user's image directory exists, else create it if (Validation::isLoggedIn() && !file_exists($siteDir . '/images/' . $user->getUsername())) { import('lib.pkp.classes.file.FileManager'); $fileManager = new FileManager(); // Check that the public/site/images/ directory exists and is writeable if (!file_exists($siteDir . '/images/') || !is_writeable($siteDir . '/images/')) { die(__('installer.installFilesDirError')); } // Create the directory to store the user's images if (!$fileManager->mkdir($siteDir . '/images/' . $user->getUsername())) { die(__('installer.installFilesDirError')); } $this->imageDir = $publicDir . '/site/images/' . $user->getUsername(); } else { if (Validation::isLoggedIn()) { // User's image directory already exists $this->imageDir = $publicDir . '/site/images/' . $user->getUsername(); } } } else { // Not logged in; Do not allow images to be uploaded $this->imageDir = null; } // Set the base directory back to its original location chdir(dirname($_SERVER['SCRIPT_FILENAME'])); }
/** * Determines whether or not a user can view an issue galley. * @param $request Request */ function userCanViewGalley($request) { import('classes.issue.IssueAction'); $issueAction = new IssueAction(); $journal = $request->getJournal(); $user = $request->getUser(); $userId = $user ? $user->getId() : 0; $issue = $this->getAuthorizedContextObject(ASSOC_TYPE_ISSUE); $galley = $this->getGalley(); // If this is an editorial user who can view unpublished issue galleys, // bypass further validation if ($issueAction->allowedIssuePrePublicationAccess($journal)) { return true; } // Ensure reader has rights to view the issue galley if ($issue->getPublished()) { $subscriptionRequired = $issueAction->subscriptionRequired($issue); $isSubscribedDomain = $issueAction->subscribedDomain($journal, $issue->getId()); // Check if login is required for viewing. if (!$isSubscribedDomain && !Validation::isLoggedIn() && $journal->getSetting('restrictArticleAccess')) { Validation::redirectLogin(); } // If no domain/ip subscription, check if user has a valid subscription // or if the user has previously purchased the issue if (!$isSubscribedDomain && $subscriptionRequired) { // Check if user has a valid subscription $subscribedUser = $issueAction->subscribedUser($journal, $issue->getId()); if (!$subscribedUser) { // Check if payments are enabled, import('classes.payment.ojs.OJSPaymentManager'); $paymentManager = new OJSPaymentManager($request); if ($paymentManager->purchaseIssueEnabled() || $paymentManager->membershipEnabled()) { // If only pdf files are being restricted, then approve all non-pdf galleys // and continue checking if it is a pdf galley if ($paymentManager->onlyPdfEnabled() && !$galley->isPdfGalley()) { return true; } if (!Validation::isLoggedIn()) { Validation::redirectLogin("payment.loginRequired.forIssue"); } // If the issue galley has been purchased, then allow reader access $completedPaymentDao = DAORegistry::getDAO('OJSCompletedPaymentDAO'); $dateEndMembership = $user->getSetting('dateEndMembership', 0); if ($completedPaymentDao->hasPaidPurchaseIssue($userId, $issue->getId()) || !is_null($dateEndMembership) && $dateEndMembership > time()) { return true; } else { // Otherwise queue an issue purchase payment and display payment form $queuedPayment =& $paymentManager->createQueuedPayment($journal->getId(), PAYMENT_TYPE_PURCHASE_ISSUE, $userId, $issue->getId(), $journal->getSetting('purchaseIssueFee')); $queuedPaymentId = $paymentManager->queuePayment($queuedPayment); $paymentManager->displayPaymentForm($queuedPaymentId, $queuedPayment); exit; } } if (!Validation::isLoggedIn()) { Validation::redirectLogin("reader.subscriptionRequiredLoginText"); } $request->redirect(null, 'about', 'subscriptions'); } } } else { $request->redirect(null, 'index'); } return true; }
/** * Handle submission of the user registration form */ function register() { $this->addCheck(new HandlerValidatorSchedConf($this)); $this->validate(); $conference =& Request::getConference(); $schedConf =& Request::getSchedConf(); $paymentManager =& OCSPaymentManager::getManager(); if (!$paymentManager->isConfigured()) { Request::redirect(null, null, 'index'); } $user =& Request::getUser(); $registrationDao =& DAORegistry::getDAO('RegistrationDAO'); if ($user && ($registrationId = $registrationDao->getRegistrationIdByUser($user->getId(), $schedConf->getId()))) { // This user has already registered. $registration =& $registrationDao->getRegistration($registrationId); if (!$registration || $registration->getDatePaid()) { // And they have already paid. Redirect to a message explaining. Request::redirect(null, null, null, 'registration'); } else { // Allow them to resubmit the form to change type or pay again. $registrationDao->deleteRegistrationById($registrationId); } } $templateMgr =& TemplateManager::getManager(); $templateMgr->assign('pageHierarchy', array(array(Request::url(null, 'index', 'index'), $conference->getConferenceTitle(), true), array(Request::url(null, null, 'index'), $schedConf->getSchedConfTitle(), true))); SchedConfHandler::setupTemplate($conference, $schedConf); import('registration.form.UserRegistrationForm'); $typeId = (int) Request::getUserVar('registrationTypeId'); if (checkPhpVersion('5.0.0')) { // WARNING: This form needs $this in constructor $form = new UserRegistrationForm($typeId); } else { $form =& new UserRegistrationForm($typeId); } $form->readInputData(); if ($form->validate()) { if (($registrationError = $form->execute()) != REGISTRATION_SUCCESSFUL) { $templateMgr->assign('isUserLoggedIn', Validation::isLoggedIn()); // In case a user was just created, make sure they appear logged in if ($registrationError == REGISTRATION_FAILED) { // User not created $templateMgr->assign('message', 'schedConf.registration.failed'); $templateMgr->assign('backLinkLabel', 'common.back'); $templateMgr->assign('backLink', Request::url(null, null, 'index')); $templateMgr->display('common/message.tpl'); } elseif ($registrationError == REGISTRATION_NO_PAYMENT) { // Automatic payment failed; display a generic // "you will be contacted" message. $templateMgr->assign('message', 'schedConf.registration.noPaymentMethodAvailable'); $templateMgr->assign('backLinkLabel', 'common.back'); $templateMgr->assign('backLink', Request::url(null, null, 'index')); $templateMgr->display('common/message.tpl'); } elseif ($registrationError == REGISTRATION_FREE) { // Registration successful; no payment required (free) $templateMgr->assign('message', 'schedConf.registration.free'); $templateMgr->assign('backLinkLabel', 'common.back'); $templateMgr->assign('backLink', Request::url(null, null, 'index')); $templateMgr->display('common/message.tpl'); } } // Otherwise, payment is handled for us. } else { $templateMgr->assign('isUserLoggedIn', Validation::isLoggedIn()); // In case a user was just created, make sure they appear logged in $form->display(); } }
/** * Validation */ function validate($paperId) { parent::validate(); $conference =& Request::getConference(); $schedConf =& Request::getSchedConf(); $publishedPaperDao =& DAORegistry::getDAO('PublishedPaperDAO'); $paper =& $publishedPaperDao->getPublishedPaperByPaperId($paperId, $schedConf->getId(), $schedConf->getSetting('previewAbstracts')); $this->paper =& $paper; if ($paper == null) { Request::redirect(null, null, 'index'); } // Bring in comment and view constants $commentDao =& DAORegistry::getDAO('CommentDAO'); $enableComments = $conference->getSetting('enableComments'); if (!$enableComments || !$paper->getEnableComments()) { Request::redirect(null, null, 'index'); } $restrictPaperAccess = $conference->getSetting('restrictPaperAccess'); if ($restrictPaperAccess && !Validation::isLoggedIn()) { Validation::redirectLogin(); } return true; }
/** * Display an authorization denied message. * @param $args array * @param $request Request */ function authorizationDenied($args, $request) { if (!Validation::isLoggedIn()) { Validation::redirectLogin(); } // Get message with sanity check (for XSS or phishing) $authorizationMessage = $request->getUserVar('message'); if (!preg_match('/^[a-zA-Z0-9.]+$/', $authorizationMessage)) { fatalError('Invalid locale key for auth message.'); } $this->setupTemplate($request); AppLocale::requireComponents(LOCALE_COMPONENT_PKP_USER); $templateMgr = TemplateManager::getManager($request); $templateMgr->assign('message', $authorizationMessage); return $templateMgr->display('common/message.tpl'); }
/** * Check if a user is authorized to access the specified role in the specified conference. * @param $roleId int * @param $conferenceId optional (e.g., for global site admin role), the ID of the conference * @return boolean */ function isAuthorized($roleId, $conferenceId = 0, $schedConfId = 0) { if (!Validation::isLoggedIn()) { return false; } if ($conferenceId === -1) { // Get conference ID from request $conference =& Request::getConference(); $conferenceId = $conference ? $conference->getId() : 0; } if ($schedConfId === -1) { // Get scheduled conference ID from request $schedConf =& Request::getSchedConf(); $schedConfId = $schedConf ? $schedConf->getId() : 0; } $sessionManager =& SessionManager::getManager(); $session =& $sessionManager->getUserSession(); $user =& $session->getUser(); $roleDao =& DAORegistry::getDAO('RoleDAO'); return $roleDao->roleExists($conferenceId, $schedConfId, $user->getId(), $roleId); }
/** * Determines whether a user can view this article galley or not. * @param $request Request * @param $articleId string * @param $galleyId int or string */ function userCanViewGalley($request, $articleId, $galleyId = null) { import('classes.issue.IssueAction'); $issueAction = new IssueAction(); $journal = $request->getJournal(); $publishedArticle = $this->article; $issue = $this->issue; $journalId = $journal->getId(); $user = $request->getUser(); $userId = $user ? $user->getId() : 0; // If this is an editorial user who can view unpublished/unscheduled // articles, bypass further validation. Likewise for its author. if ($publishedArticle && $issueAction->allowedPrePublicationAccess($journal, $publishedArticle)) { return true; } // Make sure the reader has rights to view the article/issue. if ($issue && $issue->getPublished() && $publishedArticle->getStatus() == STATUS_PUBLISHED) { $subscriptionRequired = $issueAction->subscriptionRequired($issue); $isSubscribedDomain = $issueAction->subscribedDomain($journal, $issue->getId(), $publishedArticle->getId()); // Check if login is required for viewing. if (!$isSubscribedDomain && !Validation::isLoggedIn() && $journal->getSetting('restrictArticleAccess') && isset($galleyId) && $galleyId) { Validation::redirectLogin(); } // bypass all validation if subscription based on domain or ip is valid // or if the user is just requesting the abstract if (!$isSubscribedDomain && $subscriptionRequired && (isset($galleyId) && $galleyId)) { // Subscription Access $subscribedUser = $issueAction->subscribedUser($journal, $issue->getId(), $publishedArticle->getId()); import('classes.payment.ojs.OJSPaymentManager'); $paymentManager = new OJSPaymentManager($request); $purchasedIssue = false; if (!$subscribedUser && $paymentManager->purchaseIssueEnabled()) { $completedPaymentDao = DAORegistry::getDAO('OJSCompletedPaymentDAO'); $purchasedIssue = $completedPaymentDao->hasPaidPurchaseIssue($userId, $issue->getId()); } if (!(!$subscriptionRequired || $publishedArticle->getAccessStatus() == ARTICLE_ACCESS_OPEN || $subscribedUser || $purchasedIssue)) { if ($paymentManager->purchaseArticleEnabled() || $paymentManager->membershipEnabled()) { /* if only pdf files are being restricted, then approve all non-pdf galleys * and continue checking if it is a pdf galley */ if ($paymentManager->onlyPdfEnabled()) { if ($this->galley && !$this->galley->isPdfGalley()) { $this->issue = $issue; $this->article = $publishedArticle; return true; } } if (!Validation::isLoggedIn()) { Validation::redirectLogin("payment.loginRequired.forArticle"); } /* if the article has been paid for then forget about everything else * and just let them access the article */ $completedPaymentDao = DAORegistry::getDAO('OJSCompletedPaymentDAO'); $dateEndMembership = $user->getSetting('dateEndMembership', 0); if ($completedPaymentDao->hasPaidPurchaseArticle($userId, $publishedArticle->getId()) || !is_null($dateEndMembership) && $dateEndMembership > time()) { $this->issue = $issue; $this->article = $publishedArticle; return true; } else { $queuedPayment = $paymentManager->createQueuedPayment($journalId, PAYMENT_TYPE_PURCHASE_ARTICLE, $user->getId(), $publishedArticle->getId(), $journal->getSetting('purchaseArticleFee')); $queuedPaymentId = $paymentManager->queuePayment($queuedPayment); $paymentManager->displayPaymentForm($queuedPaymentId, $queuedPayment); exit; } } if (!isset($galleyId) || $galleyId) { if (!Validation::isLoggedIn()) { Validation::redirectLogin('reader.subscriptionRequiredLoginText'); } $request->redirect(null, 'about', 'subscriptions'); } } } } else { $request->redirect(null, 'search'); } return true; }
/** * Log a user out. */ function signOut($args, &$request) { $this->validate(); $this->setupTemplate($request); if (Validation::isLoggedIn()) { Validation::logout(); } $source = $request->getUserVar('source'); if (isset($source) && !empty($source)) { $request->redirectUrl($request->getProtocol() . '://' . $request->getServerHost() . $source, false); } else { $request->redirect(null, $request->getRequestedPage()); } }
function survey() { if (Validation::isLoggedIn() === FALSE) { Validation::redirectLogin(); } $this->addCheck(new HandlerValidatorSchedConf($this)); $this->validate(); $conference =& Request::getConference(); $schedConf =& Request::getSchedConf(); $id = Request::getUserVar('id'); $navItems = $conference->getLocalizedSetting('navItems'); $navItem = $navItems[intval($id)]; $title = $navItem["name"]; $templateMgr =& TemplateManager::getManager(); //$templateMgr->assign('pageHierarchy', array( // array(Request::url(null, 'index', 'index'), $conference->getConferenceTitle(), true), // array(Request::url(null, null, 'index'), $schedConf->getSchedConfTitle(), true))); SchedConfHandler::setupTemplate($conference, $schedConf); //AppLocale::requireComponents(array(LOCALE_COMPONENT_OCS_DIRECTOR)); // FIXME: director.allTracks $templateMgr->assign('pageHierarchyRoot', true); $templateMgr->assign('pageHierarchy', array(array(Request::url(null, $conference->getSetting('path'), 'index'), AppLocale::Translate('navigation.home'), true), array(Request::url(null, null, 'index'), $title, true))); //$data = Request::getUserVar('data'); $user = Request::getUser(); if ($user) { $settingKey = 'survey_' . $conference->getId() . "_" . $id; if (Request::getUserVar('save') !== null) { $data = Request::getUserVar('data'); $user->updateSetting($settingKey, $data, 'string', $conference->getId()); } else { $data = $user->getSetting($settingKey); } } if (!$data) { $data = '{}'; } $templateMgr->assign('title', $title); $templateMgr->assign('survey', $navItem["survey"]); $templateMgr->assign('data', $data); $templateMgr->assign('helpTopicId', 'conference.currentConferences.survey'); $templateMgr->display('schedConf/survey.tpl'); }
/** * Validation * @see lib/pkp/classes/handler/PKPHandler#validate() * @param $request Request * @param $paperId integer * @param $galleyId integer */ function validate(&$request, $paperId, $galleyId = null) { $router =& $request->getRouter(); parent::validate(null, $request); $conference =& $router->getContext($request, CONTEXT_CONFERENCE); $schedConf =& $router->getContext($request, CONTEXT_SCHED_CONF); $conferenceId = $conference->getId(); $publishedPaperDao = DAORegistry::getDAO('PublishedPaperDAO'); if ($schedConf->getSetting('enablePublicPaperId')) { $paper =& $publishedPaperDao->getPublishedPaperByBestPaperId($schedConf->getId(), $paperId, $schedConf->getSetting('previewAbstracts') ? true : false); } else { $paper =& $publishedPaperDao->getPublishedPaperByPaperId((int) $paperId, $schedConf->getId(), $schedConf->getSetting('previewAbstracts') ? true : false); } // if paper does not exist, is not published, or is not part of // the right conference & sched conf, redirect to index. if (isset($schedConf) && isset($paper) && isset($conference) && $paper->getSchedConfId() == $schedConf->getId() && $schedConf->getConferenceId() == $conference->getId()) { // Check if login is required for viewing. if (!Validation::isLoggedIn() && $schedConf->getSetting('restrictPaperAccess')) { Validation::redirectLogin(); } import('classes.schedConf.SchedConfAction'); $mayViewPaper = SchedConfAction::mayViewPapers($schedConf, $conference); if (isset($galleyId) && $galleyId != 0 && !$mayViewPaper || (!isset($galleyId) || $galleyId == 0) && !SchedConfAction::mayViewProceedings($schedConf)) { $this->setupTemplate($request); $templateMgr =& TemplateManager::getManager($request); $templateMgr->assign_by_ref('paper', $paper); $templateMgr->assign_by_ref('schedConf', $schedConf); $templateMgr->assign_by_ref('conference', $conference); $templateMgr->display('paper/accessDenied.tpl'); exit; } } else { $request->redirect(null, null, 'index'); } $this->paper =& $paper; return true; }