/** * Gets content panel for the Debugbar * * @return string */ public function getPanel() { $this->_request = Zend_Controller_Front::getInstance()->getRequest(); $viewRenderer = Zend_Controller_Action_HelperBroker::getStaticHelper('viewRenderer'); if ($viewRenderer->view && method_exists($viewRenderer->view, 'getVars')) { $viewVars = $this->_cleanData($viewRenderer->view->getVars()); } else { $viewVars = "No 'getVars()' method in view class"; } $vars = '<div style="width:50%;float:left;">'; $vars .= '<h4>View variables</h4>' . '<div id="ZFDebug_vars" style="margin-left:-22px">' . $viewVars . '</div>' . '<h4>Request parameters</h4>' . '<div id="ZFDebug_requests" style="margin-left:-22px">' . $this->_cleanData($this->_request->getParams()) . '</div>'; $vars .= '</div><div style="width:45%;float:left;">'; if ($this->_request->isPost()) { $vars .= '<h4>Post variables</h4>' . '<div id="ZFDebug_post" style="margin-left:-22px">' . $this->_cleanData($this->_request->getPost()) . '</div>'; } $vars .= '<h4>Constants</h4>'; $constants = get_defined_constants(true); ksort($constants['user']); $vars .= '<div id="ZFDebug_constants" style="margin-left:-22px">' . $this->_cleanData($constants['user']) . '</div>'; $registry = Zend_Registry::getInstance(); $vars .= '<h4>Zend Registry</h4>'; $registry->ksort(); $vars .= '<div id="ZFDebug_registry" style="margin-left:-22px">' . $this->_cleanData($registry) . '</div>'; $cookies = $this->_request->getCookie(); $vars .= '<h4>Cookies</h4>' . '<div id="ZFDebug_cookie" style="margin-left:-22px">' . $this->_cleanData($cookies) . '</div>'; $vars .= '</div><div style="clear:both"> </div>'; return $vars; }
/** * Authenticate a user. * @param Zend_Controller_Request_Abstract $request The current request * @param Zend_Controller_Response_Abstract $response The current response * @return Array|Boolean User data, or FALSE */ public function authenticate(Zend_Controller_Request_Abstract $request, Zend_Controller_Response_Abstract $response) { $authVars = new Garp_Util_Configuration($this->_getAuthVars()->toArray()); $authVars->obligate('model')->obligate('identityColumn')->obligate('credentialColumn')->setDefault('hashMethod', 'MD5')->setDefault('salt', ''); if (!$request->getPost($authVars['identityColumn']) || !$request->getPost($authVars['credentialColumn'])) { $this->_addError('Insufficient data received'); return false; } $identityValue = $request->getPost($authVars['identityColumn']); $credentialValue = $request->getPost($authVars['credentialColumn']); $ini = Zend_Registry::get('config'); $sessionColumns = null; if (!empty($ini->auth->login->sessionColumns)) { $sessionColumns = $ini->auth->login->sessionColumns; $sessionColumns = explode(',', $sessionColumns); } $model = new Model_AuthLocal(); try { $result = $model->tryLogin($identityValue, $credentialValue, $authVars, $sessionColumns); return $result->toArray(); } catch (Garp_Auth_Adapter_Db_UserNotFoundException $e) { $this->_addError('The email address is not found'); } catch (Garp_Auth_Adapter_Db_InvalidPasswordException $e) { $this->_addError('The password is invalid'); } return false; }
public function process(Zend_Controller_Request_Abstract $request) { //echo "<br/>here at process."; $this->name = $this->sanitize($request->getPost('name')); $this->name = substr($this->name, 0, 255); if (strlen($this->name) == 0) { $this->addError('name', 'Please enter a name for this general membership due'); //this is a giving FormProcessor.php function. } $this->price = $this->sanitize(trim($request->getPost('price'))); //echo "<br/>your ticket_price is: ".$this->ticket_price; if ($this->price == 'FREE') { //echo "<br/>after ticket_price"; $this->price = (int) 0; //echo "<br/>after ticket_price is: ".$this->ticket_price; } if (!is_numeric($this->price)) { $this->addError('price', 'Please enter a valid product price'); } $this->content = FormProcessor_BlogPost::cleanHtml($request->getPost('content')); //echo "<br/>you are at after clean HTML"; if (!$this->hasError()) { echo "<br/>you are at no error"; $this->objects->profile->name = $this->name; $this->objects->profile->price = $this->price; $this->objects->profile->content = $this->content; //echo "<br/>you are at before save()"; $this->objects->Save(); } //echo "<br/>you are at before return"; return !$this->hasError(); }
public function process(Zend_Controller_Request_Abstract $request) { //validate the user's name $this->product_types_id = $this->sanitize($request->getPost('id')); //sanitize uses FormProcessor's zend_filter funciton to clean strings. if (strlen($this->product_types_id) == 0) { echo 'length is: ' . strlen($this->product_types_id); //echo 'request measurmrent-name is: '.$request->getPost('size_name'); $this->addError('product_types_id', 'Please enter the beginning size'); echo 'here at size_name errorasdfasdf'; } else { $this->colors->product_types_id = $this->product_types_id; } $this->name_of_color = $this->sanitize($request->getPost('name_of_color')); //sanitize uses FormProcessor's zend_filter funciton to clean strings. if (strlen($this->name_of_color) == 0) { echo 'length is: ' . strlen($this->name_of_color); //echo 'request measurmrent-name is: '.$request->getPost('size_name'); $this->addError('name_of_color', 'Please enter the beginning size'); echo 'here at size_name errorasdfasdf'; } else { $this->colors->name_of_color = $this->name_of_color; } $this->price_of_product = $this->sanitize($request->getPost('price_of_product')); //sanitize uses FormProcessor's zend_filter funciton to clean strings. if (strlen($this->price_of_product) == 0) { echo 'length is: ' . strlen($this->price_of_product); //echo 'request measurmrent-name is: '.$request->getPost('size_name'); $this->addError('price_of_product', 'Please enter the beginning size'); echo 'here at size_name errorasdfasdf'; } else { $this->colors->price_of_product = $this->price_of_product; } $this->discount_price = $this->sanitize($request->getPost('discount_price')); //sanitize uses FormProcessor's zend_filter funciton to clean strings. if (strlen($this->discount_price) == 0) { echo 'length is: ' . strlen($this->discount_price); //echo 'request measurmrent-name is: '.$request->getPost('size_name'); $this->addError('discount_price', 'Please enter the beginning size'); echo 'here at size_name errorasdfasdf'; } else { $this->colors->discount_price = $this->discount_price; } $this->multiple_price = $this->sanitize($request->getPost('multiple_price')); //sanitize uses FormProcessor's zend_filter funciton to clean strings. if (strlen($this->multiple_price) == 0) { echo 'length is: ' . strlen($this->multiple_price); //echo 'request measurmrent-name is: '.$request->getPost('size_name'); $this->addError('multiple_price', 'Please enter the beginning size'); echo 'here at size_name errorasdfasdf'; } else { $this->colors->multiple_price = $this->multiple_price; } if (!$this->_validateOnly && !$this->hasError()) { $this->productType->save(); } //return true if no errors have occurred return !$this->hasError(); }
/** * Enter description here... * * @param Zend_Controller_Request_Abstract $request */ public function preDispatch(Zend_Controller_Request_Abstract $request) { // ziskame instanci redirector helperu, ktery ma starosti presmerovani $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector'); $auth = Zend_Auth::getInstance(); // Stav o autentifikaci uzivatele (prihlaseni) se musi nekde udrzovat, vychozi zpusob je session // u session lze nastavit namespace, vychozi je Zend_Auth //$auth->setStorage(new Zend_Auth_Storage_Session('My_Auth')); if ($request->getParam('logout')) { // detekovano odhlaseni $auth->clearIdentity(); // kvuli bezpecnosti provedeme presmerovani $redirector->gotoSimpleAndExit($this->failedAction, $this->failedController); } if ($request->getPost('login')) { $db = Zend_Db_Table::getDefaultAdapter(); // Vytvarime instance adapteru pro autentifikaci // nastavime parametry podle naseho nazvu tabulky a sloupcu // treatment obsahuje pripadne pouzitou hashovaci funkci pro heslo, napr. SHA1 $adapter = new Zend_Auth_Adapter_DbTable($db, $this->tableName, $this->identityColumn, $this->credentialColumn, $this->treatment); $form = new LoginForm(); // validace se nezdari, napr. prazdny formular if (!$form->isValid($request->getPost())) { // FlashMessenger slouzi k uchovani zprav v session $flash = Zend_Controller_Action_HelperBroker::getStaticHelper('FlashMessenger'); $flash->clearMessages(); $flash->addMessage('Please fill the login form'); $redirector->gotoSimpleAndExit($this->failedAction, $this->failedController, null, array('login-failed' => 1)); } $username = $form->getValue($this->loginField); $password = $form->getValue($this->passwordField); // přidáme salt $password = "******" . $password; // jmeno a heslo predame adapteru $adapter->setIdentity($username); $adapter->setCredential($password); // obecny proces autentifikace s libovolnym adapterem $result = $auth->authenticate($adapter); if ($auth->hasIdentity()) { // Uzivatel byl uspesne overen a je prihlasen // identity obsahuje v nasem pripade ID uzivatele z databaze $identity = $auth->getIdentity(); // presmerujeme $redirector->gotoSimpleAndExit($this->successAction, $this->successController); } else { // autentifikace byla neuspesna // FlashMessenger slouzi k uchovani zprav v session $flash = Zend_Controller_Action_HelperBroker::getStaticHelper('FlashMessenger'); // vlozime do session rovnou chybove hlasky, ktere pak predame do view foreach ($result->getMessages() as $msg) { $flash->addMessage($msg); } $redirector->gotoSimpleAndExit($this->failedAction, $this->failedController, null, array('login-failed' => 1)); } } }
/** * Get post data in a form of array ... */ public function getPostData() { $data = array(); foreach ($_POST as $key => $value) { if (!in_array($key, $this->_skipFields)) { $data[$key] = $this->_request->getPost($key); } } return $data; }
public function process(Zend_Controller_Request_Abstract $request) { // validate the username $this->username = trim($request->getPost('username')); if (strlen($this->username) == 0) { $this->addError('username', 'Please enter a username'); } else { if (!DatabaseObject_User::IsValidUsername($this->username)) { $this->addError('username', 'Please enter a valid username'); } else { if ($this->user->usernameExists($this->username)) { $this->addError('username', 'The selected username already exists'); } else { $this->user->username = $this->username; } } } // validate first and last name $this->first_name = $this->sanitize($request->getPost('first_name')); if (strlen($this->first_name) == 0) { $this->addError('first_name', 'Please enter your first name'); } else { $this->user->profile->first_name = $this->first_name; } $this->last_name = $this->sanitize($request->getPost('last_name')); if (strlen($this->last_name) == 0) { $this->addError('last_name', 'Please enter your last name'); } else { $this->user->profile->last_name = $this->last_name; } // validate the e-mail address $this->email = $this->sanitize($request->getPost('email')); $validator = new Zend_Validate_EmailAddress(); if (strlen($this->email) == 0) { $this->addError('email', 'Please enter your e-mail address'); } else { if (!$validator->isValid($this->email)) { $this->addError('email', 'Please enter a valid e-mail address'); } else { $this->user->profile->email = $this->email; } } // validate CAPTCHA phrase $session = new Zend_Session_Namespace('captcha'); $this->captcha = $this->sanitize($request->getPost('captcha')); if ($this->captcha != $session->phrase) { $this->addError('captcha', 'Please enter the correct phrase'); } if (!$this->_validateOnly && !$this->hasError()) { $this->user->save(); unset($session->phrase); } return !$this->hasError(); }
/** * Gets content panel for the Debugbar * * @return string */ public function getPanel() { $this->_request = Zend_Controller_Front::getInstance()->getRequest(); $viewRenderer = Zend_Controller_Action_HelperBroker::getStaticHelper('viewRenderer'); $viewVars = $viewRenderer->view->getVars(); $vars = ''; if ($this->_request->isPost()) { $vars .= '<h4>$_POST</h4>' . '<div id="Centurion_ZFDebug_post">' . $this->_cleanData($this->_request->getPost()) . '</div>'; } $vars .= '<h4>$_COOKIE</h4>' . '<div id="Centurion_ZFDebug_cookie">' . $this->_cleanData($this->_request->getCookie()) . '</div>' . '<h4>Request</h4>' . '<div id="Centurion_ZFDebug_requests">' . $this->_cleanData($this->_request->getParams()) . '</div>' . '<h4>View vars</h4>' . '<div id="Centurion_ZFDebug_vars">' . $this->_cleanData($viewVars) . '</div>'; return $vars; }
/** * Called before Zend_Controller_Front begins evaluating the * request against its routes. * * @param AbstractRequest $request * @return void */ public function routeStartup(AbstractRequest $request) { if (!$request instanceof HttpRequest) { return; } if ($request->getQuery('monitor') === 'x' && $request->isXmlHttpRequest()) { $message = "A javascript error was detected.\n" . "================================\n" . 'Message: ' . $request->getPost('message', '') . "\n" . 'URI: ' . $request->getPost('errorUrl', 'unknown') . "\n" . 'Line: ' . $request->getPost('errorLine', 'unknown') . "\n"; Zend_Registry::get('monitor')->writeLog($message, Zend_Log::WARN, 'javascript-error'); // Immediately return empty response $this->getResponse()->setBody('')->sendResponse(); exit; } }
public function process(Zend_Controller_Request_Abstract $request) { $this->description = $this->sanitize($request->getPost('description')); $this->longitude = $request->getPost('longitude'); $this->latitude = $request->getPost('latitude'); if (!$this->hasError()) { $this->location->description = $this->description; $this->location->longitude = $this->longitude; $this->location->latitude = $this->latitude; $this->location->save(); } return !$this->hasError(); }
public function process(Zend_Controller_Request_Abstract $request) { //echo "<br/>here at process."; $this->title = $this->sanitize($request->getPost('username')); $this->title = substr($this->title, 0, 255); if (strlen($this->title) == 0) { $this->addError('title', 'Please enter a title for this post'); //this is a giving FormProcessor.php function. } $this->title_link = $this->sanitize($request->getPost('title_link')); //echo "the current year is: ".$request->getPost('ts_createdYear'); //echo "the current month is: ".$request->getPost('ts_createdMonth'); $date = array('y' => (int) $request->getPost('ts_createdYear'), 'm' => (int) $request->getPost('ts_createdMonth'), 'd' => (int) $request->getPost('ts_createdDay')); $time = array('h' => (int) $request->getPost('ts_createdHour'), 'm' => (int) $request->getPost('ts_createdMinute')); $time['h'] = max(1, min(12, $time['h'])); $time['m'] = max(0, min(59, $time['m'])); $meridian = strtolower($request->getPost('ts_createdMeridian')); if ($meridian != 'pm') { $meridian = 'am'; } //conver the hour into 23 hour time if ($time['h'] < 12 && $meridian == 'pm') { $time['h'] += 12; } else { if ($time['h'] == 12 && $meridian == 'am') { $time['h'] = 0; } } if (!checkDate($date['m'], $date['d'], $date['y'])) { $this->addError('ts_created', 'Please select a valid date'); } $this->ts_created = mktime($time['h'], $time['m'], 0, $date['m'], $date['d'], $date['y']); //echo "the time that is created is: ".date('Y-m-d', $this->ts_created); $this->content = self::cleanHtml($request->getPost('content')); //echo "<br/>here before there is error()."; if (!$this->hasError()) { $this->post->profile->title = $this->title; $this->post->ts_created = $this->ts_created; $this->post->profile->content = $this->content; $this->post->profile->title_link = $this->title_link; $preview = !is_null($request->getPost('preview')); if (!$preview) { $this->post->sendLive(); } $this->post->save(); } return !$this->hasError(); }
/** * Authenticate a user. * @param Zend_Controller_Request_Abstract $request The current request * @param Zend_Controller_Response_Abstract $response The current response * @return Array|Boolean User data, or FALSE */ public function authenticate(Zend_Controller_Request_Abstract $request, Zend_Controller_Response_Abstract $response) { if ($request->getPost('openid_identifier') || $request->getParam('openid_mode')) { $sreg = $this->getSreg(); $openIdAdapter = new Zend_Auth_Adapter_OpenId($request->getPost('openid_identifier'), null, null, null, $sreg); $result = $openIdAdapter->authenticate(); if ($result->isValid()) { return $this->_getUserData($result->getIdentity(), $sreg->getProperties()); } else { $errors = $result->getMessages(); array_walk($errors, array($this, '_addError')); } } $this->_addError('Insufficient data received'); return false; }
/** * Gets content panel for the Debugbar * * @return string */ public function getPanel() { $this->_request = Zend_Controller_Front::getInstance()->getRequest(); $viewRenderer = Zend_Controller_Action_HelperBroker::getStaticHelper('viewRenderer'); if ($viewRenderer->view && method_exists($viewRenderer->view, 'getVars')) { $viewVars = $this->_cleanData($viewRenderer->view->getVars()); } else { $viewVars = "Pas de méthode 'getVars()' dans l\\'objet vue"; } $vars = ''; if ($this->_request->isPost()) { $vars .= '<h4>Superglobale $_POST</h4>' . '<div id="ZFDebug_post">' . $this->_cleanData($this->_request->getPost()) . '</div>'; } $vars .= '<h4>Superglobale $_COOKIE</h4>' . '<div id="ZFDebug_cookie">' . $this->_cleanData($this->_request->getCookie()) . '</div>' . '<h4>Paramètres de l\'objet Request</h4>' . '<div id="ZFDebug_requests">' . $this->_cleanData($this->_request->getParams()) . '</div>' . '<h4>Variables de vue (Zend_View)</h4>' . '<div id="ZFDebug_vars">' . $viewVars . '</div>'; return $vars; }
/** * editAction * @author Cornelius Hansjakob <*****@*****.**> * @version 1.0 */ public function editAction() { $this->core->logger->debug('propterties->controllers->CategoryController->editAction()'); $this->getForm($this->core->sysConfig->generic->actions->edit); /** * get form title */ $this->view->formtitle = $this->objForm->Setup()->getFormTitle(); $this->view->languageOptions = HtmlOutput::getOptionsOfSQL($this->core, 'SELECT id AS VALUE, languageCode AS DISPLAY FROM languages', $this->objForm->Setup()->getLanguageId()); if ($this->objRequest->isPost() && $this->objRequest->isXmlHttpRequest()) { $arrFormData = $this->objRequest->getPost(); $this->objForm->Setup()->setFieldValues($arrFormData); /** * set action */ $this->objForm->setAction('/zoolu/properties/category/edit'); /** * prepare form (add fields and region to the Zend_Form) */ $this->objForm->prepareForm(); if ($this->objForm->isValid($arrFormData)) { $this->objForm->saveFormData(); $this->view->blnShowFormAlert = true; } } $this->view->form = $this->objForm; $this->renderScript('category/form.phtml'); }
/** * Called before Zend_Controller_Front calls on the router to evaluate the * request against the registered routes * * @param Zend_Controller_Request_Abstract $request */ public function routeStartup(Zend_Controller_Request_Abstract $request) { if ($request instanceof Zend_Controller_Request_Http) { if ($request->isPost() || $request->isPut()) { $post = $request->getPost(); if (empty($post) && empty($_FILES)) { // Get maximum size and meassurement unit $max = ini_get('post_max_size'); $unit = substr($max, -1); if (!is_numeric($unit)) { $max = substr($max, 0, -1); } // Convert to bytes switch (strtoupper($unit)) { case 'G': $max *= 1024; case 'M': $max *= 1024; case 'K': $max *= 1024; } $length = $request->getServer('CONTENT_LENGTH'); if ($max < $length) { if (!empty($this->_callback)) { call_user_func($this->_callback, $request); } else { $e = new Zend_Controller_Exception('Maximum content length size (' . $max . ') exceeded', 1000); $this->getResponse()->setException($e); } } } } } }
protected function _login(Zend_Controller_Request_Abstract $request) { $userLogin = $request->getPost('login'); $userName = trim($userLogin['alias']); $userPass = trim($userLogin['pass']); if ($userName == '') { $this->_exceptions[] = self::NO_USERNAME; return false; } if ($userPass == '') { $this->_exceptions[] = self::NO_PASSWORD; return false; } $auth = Zend_Auth::getInstance(); $adapter = new Showcase_Auth_Adapter($userName, $userPass); $result = $auth->authenticate($adapter); if ($result) { if ($result->getCode() !== Zend_Auth_Result::SUCCESS) { // Let form know that login has failed... $this->_exceptions[] = self::LOGIN_FAILED; return false; } // YAY! Authentication was a success return true; } return false; }
/** * Authenticate a user. * * @param Zend_Controller_Request_Abstract $request The current request * @param Zend_Controller_Response_Abstract $response The current response * @return array|bool User data, * or FALSE when no user is logged in yet */ public function authenticate(Zend_Controller_Request_Abstract $request, Zend_Controller_Response_Abstract $response) { if (!$request->isPost()) { return $this->acceptToken($request->getParam('token'), $request->getParam('uid')); } $this->requestToken($request->getPost()); return false; }
/** * Gets content panel for the Debugbar * * @return string */ public function getPanel() { $this->_request = Zend_Controller_Front::getInstance()->getRequest(); $viewRenderer = Zend_Controller_Action_HelperBroker::getStaticHelper('viewRenderer'); if ($viewRenderer->view && method_exists($viewRenderer->view, 'getVars')) { $viewVars = $this->_cleanData($viewRenderer->view->getVars()); } else { $viewVars = "No 'getVars()' method in view class"; } // $front = Zend_Controller_Front::getInstance(); $vars = ''; if ($this->_request->isPost()) { $vars .= '<h4>$_POST</h4>' . '<div id="ZFDebug_post">' . $this->_cleanData($this->_request->getPost()) . '</div>'; } $vars .= '<h4>$_COOKIE</h4>' . '<div id="ZFDebug_cookie">' . $this->_cleanData($this->_request->getCookie()) . '</div>' . '<h4>Request</h4>' . '<div id="ZFDebug_requests">' . $this->_cleanData($this->_request->getParams()) . '</div>' . '<h4>View vars</h4>' . '<div id="ZFDebug_vars">' . $viewVars . '</div>'; return $vars; }
public function preDispatch(Zend_Controller_Request_Abstract $request) { $req = array('GET' => $request->getQuery(), 'POST' => $request->getPost(), 'COOKIE' => $request->getCookie(), 'PARAMS' => $request->getUserParams()); $init = IDS_Init::init(APPLICATION_PATH . '/configs/phpids.ini'); $ids = new IDS_Monitor($req, $init); $result = $ids->run(); if (!$result->isEmpty()) { $compositeLog = new IDS_Log_Composite(); $compositeLog->addLogger(IDS_Log_File::getInstance($init)); $compositeLog->execute($result); } }
public function process(Zend_Controller_Request_Abstract $request) { //validate the user's name $this->attribute_name = $this->sanitize($request->getPost('attribute_name')); //sanitize uses FormProcessor's zend_filter funciton to clean strings. if (strlen($this->attribute_name) == 0) { echo 'length is: ' . strlen($this->attribute_name); //echo 'request measurmrent-name is: '.$request->getPost('size_name'); $this->addError('size_name', 'Please enter the beginning size'); echo 'here at size_name errorasdfasdf'; } else { $this->SizeAttribute->attribute_name = $this->attribute_name; } $this->size_name = $this->sanitize($request->getPost('size_name')); //sanitize uses FormProcessor's zend_filter funciton to clean strings. if (strlen($this->size_name) == 0) { echo 'length is: ' . strlen($this->size_name); //echo 'request measurmrent-name is: '.$request->getPost('size_name'); $this->addError('size_name', 'Please enter the beginning size'); echo 'here at size_name errorasdfasdf'; } else { $this->SizeAttribute->size_name = $this->size_name; } $this->price_adjustment = $this->sanitize($request->getPost('price_adjustment')); //sanitize uses FormProcessor's zend_filter funciton to clean strings. if (strlen($this->price_adjustment) == 0) { $this->addError('price_adjustment', 'Please enter the price_adjustment'); echo 'here at price_adjustment error'; } else { $this->SizeAttribute->price_adjustment = $this->price_adjustment; } //echo $request->getPost('clubAdmin'); //$this->user->user_type = $request->getPost('clubAdmin'); //if no erros have occured, save the user if (!$this->_validateOnly && !$this->hasError()) { $this->SizeAttribute->save(); } //return true if no errors have occurred return !$this->hasError(); }
/** * Validate every call against CSRF if it's a POST call * and there's an available token on the session. * */ public function routeShutdown(Zend_Controller_Request_Abstract $request) { // Avoid error override! :S if (count($this->getResponse()->getException())) { return; } $auth = Zend_Auth::getInstance(); $identity = $auth->getIdentity(); $byPassMethods = array(App_Controller_Plugin_Auth::AUTH_TYPE_LOST_PASSWORD, App_Controller_Plugin_Auth::AUTH_TYPE_ASYNC, App_Controller_Plugin_Auth::AUTH_TYPE_EXTERNAL, App_Controller_Plugin_Auth::AUTH_TYPE_THIRD_PARTY); $byPassModules = array('async', 'external', 'externalr12', 'thirdparty'); //Bypass some auth methods if (in_array($request->module, $byPassModules) || $identity['authType'] && in_array($identity['authType'], $byPassMethods)) { return; } $session = new Zend_Session_Namespace('csrf'); if (empty($session->token)) { // Generate a new CSRF token and save it on the session \App::log()->info("Session token empty, generating new CSRF token..."); $session->token = $this->_generateToken(); } // Return the token on an HTTP header $resp = $this->getResponse(); $resp->setHeader('X-CSRF-Token', $session->token); // Don't do anything if it's a GET request if ($request->isGet()) { return; } $post = $request->getPost(); if (empty($post) && empty($_FILES)) { $max = ini_get('post_max_size'); $length = $request->getServer('CONTENT_LENGTH'); if ($max < $length) { return; } } // Try to get the CSRF token from frontend if (!($csrfToken = $this->_getFrontendToken($request))) { $message = 'Possible CSRF attack: CSRF token not found on request'; $this->_throwError($request, $message); return; } // Disable plugin for dev environment if (App::config('csrf.disabled', false) && $csrfToken == 'dev') { return true; } // If tokens don't match log a possible CSRF attack a throw an exception if ($session->token != $csrfToken) { $message = 'Possible CSRF attack: BE and FE tokens don\'t match'; $this->_throwError($request, $message); return; } }
/** * Performs CSRF protection checks before dispatching occurs * @param Zend_Controller_Request_Abstract $request */ public function preDispatch(Zend_Controller_Request_Abstract $request) { $this->_initializeTokens(); if ($request->isPost() === true && $this->_autoProtect) { if (empty($this->_previousToken)) { throw new RuntimeException('A possible CSRF attack detected - no token received'); } $value = $request->getPost($this->_keyName); if (!$this->isValidToken($value)) { throw new RuntimeException('A possible CSRF attack detected - tokens do not match'); } } }
/** * deleteAction * @author Daniel Rotter <*****@*****.**> * @version 1.0 */ public function deleteAction() { $this->core->logger->debug('widgets->blog->CommentController->deleteAction'); $this->_helper->viewRenderer->setNoRender(); try { if ($this->objRequest->getPost() && $this->objRequest->isXmlHttpRequest()) { $this->getModelBlogEntryComment()->deleteBlogEntryComment($this->objRequest->getParam('id')); } } catch (Exception $exc) { $this->core->logger->err($exc); exit; } }
/** * editAction * @author Cornelius Hansjakob <*****@*****.**> * @version 1.0 */ public function editAction() { $this->core->logger->debug('core->controllers->FolderController->editAction()'); $this->getForm($this->core->sysConfig->generic->actions->edit); $this->addFolderSpecificFormElements(); /** * get form title */ $this->view->formtitle = $this->objForm->Setup()->getFormTitle(); if ($this->objRequest->isPost() && $this->objRequest->isXmlHttpRequest()) { $arrFormData = $this->objRequest->getPost(); $this->objForm->Setup()->setFieldValues($arrFormData); /** * prepare form (add fields and region to the Zend_Form) */ $this->objForm->prepareForm(); /** * set action */ $this->objForm->setAction('/zoolu/core/folder/edit'); if ($this->objForm->isValid($arrFormData)) { $this->objForm->saveFormData(); /** * update start page */ if (array_key_exists("rootLevelTypeId", $arrFormData) && $arrFormData["rootLevelTypeId"] == $this->core->sysConfig->root_level_types->portals) { $intFolderId = $this->objForm->Setup()->getElementId(); $intUserId = Zend_Auth::getInstance()->getIdentity()->id; $arrProperties = array('idUsers' => $intUserId, 'creator' => $this->objForm->Setup()->getCreatorId(), 'idStatus' => $this->objForm->Setup()->getStatusId(), 'showInNavigation' => $this->objForm->Setup()->getShowInNavigation(), 'changed' => date('Y-m-d H:i:s')); $arrTitle = array('idUsers' => $intUserId, 'creator' => $this->objForm->Setup()->getCreatorId(), 'title' => $this->objForm->Setup()->getCoreField('title')->getValue(), 'idLanguages' => $this->objForm->Setup()->getLanguageId(), 'changed' => date('Y-m-d H:i:s')); $this->getModelPages()->updateStartPageMainData($intFolderId, $arrProperties, $arrTitle); //$this->view->assign('selectNavigationItemNow', true); //$this->view->assign('itemId', 'folder'.$intFolderId); } $this->view->assign('blnShowFormAlert', true); } else { $this->view->assign('blnShowFormAlert', false); } } else { /** * prepare form (add fields and region to the Zend_Form) */ $this->objForm->prepareForm(); } /** * output of metainformation to hidden div */ $this->setViewMetaInfos(); $this->view->form = $this->objForm; $this->renderScript('folder/form.phtml'); }
/** * @access public * @param Zend_Controller_Request_Abstract $request * @return boolean|null */ public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request) { if (!$request->isPost()) { return null; } $formHelperToken = $this->getHelper(); $token = $request->getPost($formHelperToken->getTokenKey()); if (!empty($token) && $formHelperToken->hasToken($token)) { $formHelperToken->removeToken($token); return true; } $this->_checkFailed($request); return false; }
public function process(Zend_Controller_Request_Abstract $request) { //$this->product_id = $request->getPost('id'); foreach ($request->getPost() as $key => $value) { echo 'key: ' . $key . ' value: ' . $value . '<br/>'; $v = $this->sanitize($value); if (substr($key, 0, 4) == 'sys_' && $key != 'generalImages' && $key != 'id') { $this->{$key} = $v; $this->inventoryProduct->{$key} = $v; } elseif ($key != 'generalImages' && $key != 'id') { $this->inventoryProduct->profile->{$key} = $v; } else { $this->{$key} = $value; } } $this->inventoryProduct->product_id = $request->getPost('id'); $this->inventoryProduct->uploader_id = $this->userID; if (!$this->_validateOnly && !$this->hasError()) { $this->inventoryProduct->save(); } //return true if no errors have occurred return !$this->hasError(); }
public function onSubmit(Zend_Controller_Request_Abstract $request) { // Form was valid if ($this->getForm()->isValid($request->getPost())) { $this->getSession()->data = $this->getForm()->getProcessedValues(); $this->getSession()->active = false; $this->onSubmitIsValid(); return true; } else { $this->getSession()->active = true; $this->onSubmitNotIsValid(); return false; } }
/** * editAction * @author Thomas Schedler <*****@*****.**> * @version 1.0 */ public function editAction() { $this->core->logger->debug('global->controllers->ElementController->editAction()'); try { $this->getForm($this->core->sysConfig->generic->actions->edit); $this->addGlobalSpecificFormElements(); /** * get form title */ $this->view->formtitle = $this->objForm->Setup()->getFormTitle(); if ($this->objRequest->isPost() && $this->objRequest->isXmlHttpRequest()) { $arrFormData = $this->objRequest->getPost(); $this->objForm->Setup()->setFieldValues($arrFormData); /** * prepare form (add fields and region to the Zend_Form) */ $this->objForm->prepareForm(); if ($this->objForm->isValid($arrFormData)) { $this->objForm->saveFormData(); $this->view->assign('blnShowFormAlert', true); } else { $this->view->assign('blnShowFormAlert', false); } } else { /** * prepare form (add fields and region to the Zend_Form) */ $this->objForm->prepareForm(); } /** * update special field values */ $this->objForm->updateSpecificFieldValues(); /** * set action */ $this->objForm->setAction('/zoolu/global/element/edit'); /** * output of metainformation to hidden div */ $this->setViewMetaInfos(); $this->view->form = $this->objForm; $this->renderScript('element/form.phtml'); } catch (Exception $exc) { $this->core->logger->err($exc); exit; } }
public function process(Zend_Controller_Request_Abstract $request) { //validate the user's name $this->address_one = $this->sanitize($request->getPost('address_one')); //sanitize uses FormProcessor's zend_filter funciton to clean strings. if (strlen($this->address_one) == 0) { $this->addError('address_one', 'Please enter this address'); } else { $this->shippingAddress->address_one = $this->address_one; } $this->address_two = $this->sanitize($request->getPost('address_two')); $this->shippingAddress->address_two = $this->address_two; $this->zip = $this->sanitize($request->getPost('zip')); if (strlen($this->zip) == 0) { $this->addError('zip', 'Please enter you zip'); } else { $this->shippingAddress->zip = strtolower($this->zip); } $this->city = $this->sanitize($request->getPost('city')); if (strlen($this->city) == 0) { $this->addError('city', 'Please enter you city'); } else { $this->shippingAddress->city = strtolower($this->city); } $this->state = $this->sanitize($request->getPost('state')); if (strlen($this->state) == 0) { $this->addError('state', 'Please enter your state'); } else { $this->shippingAddress->state = strtolower($this->state); } $this->country = $this->sanitize($request->getPost('country')); if (strlen($this->country) == 0) { $this->addError('country', 'Please enter your country'); } else { $this->shippingAddress->country = strtolower($this->country); } //validating the correct password //if no erros have occured, save the user if (!$this->hasError()) { $this->shippingAddress->save(); //echo 'here at save'; $this->shippingId = $this->shippingAddress->getId(); } $this->defaultShipping = $this->sanitize($request->getPost('defaultShipping')); if ($this->defaultShipping != 'on') { $this->defaultShipping = 'off'; } //return true if no errors have occurredd return !$this->hasError(); }
/** * Performs CSRF protection checks before dispatching occurs * @param Zend_Controller_Request_Abstract $request */ public function preDispatch(Zend_Controller_Request_Abstract $request) { $this->_initializeTokens(); if ($request->isPost() === true) { $this->_error->message = null; if (empty($this->_previousToken)) { $this->_error->message = Zend_Registry::get('t')->_('No token received, please re-submit the form'); } //A possible CSRF attack detected - no token received $value = $request->getPost($this->_keyName); if (!$this->isValidToken($value)) { $this->_error->message = Zend_Registry::get('t')->_('Tokens do not match, please re-submit the form'); } //A possible CSRF attack detected - tokens do not match } }