/** * Update a user's session activity. * * @param mixed $controllerResponse The response from the controller. Generally, a XenForo_ControllerResponse_Abstract object. * @param string $controllerName * @param string $action */ public function updateSessionActivity($controllerResponse, $controllerName, $action) { if (!XenForo_Application::isRegistered('session')) { return; } if ($controllerResponse instanceof XenForo_ControllerResponse_Abstract) { switch (get_class($controllerResponse)) { case 'XenForo_ControllerResponse_Redirect': case 'XenForo_ControllerResponse_Reroute': return; // don't update anything, assume the next page will do it // don't update anything, assume the next page will do it case 'XenForo_ControllerResponse_Message': case 'XenForo_ControllerResponse_View': $newState = 'valid'; break; default: $newState = 'error'; } } else { $newState = 'error'; } if ($this->canUpdateSessionActivity($controllerName, $action, $newState)) { $this->getModelFromCache('XenForo_Model_User')->updateSessionActivity(XenForo_Visitor::getUserId(), $this->_request->getClientIp(false), $controllerName, $action, $newState, $this->_request->getUserParams()); } }
/** * Redirect to startup page after logging in if request contains any params (except security key) * * @param Mage_Admin_Model_User $user * @param Zend_Controller_Request_Http $request * @param string|null $alternativeUrl * @return null|string */ public function getRedirectUrl(Mage_Admin_Model_User $user, Zend_Controller_Request_Http $request = null, $alternativeUrl = null) { if (empty($request)) { return; } $countRequiredParams = $this->_urlModel->useSecretKey() && $request->getParam(Mage_Adminhtml_Model_Url::SECRET_KEY_PARAM_NAME) ? 1 : 0; $countGetParams = count($request->getUserParams()) + count($request->getQuery()); return $countGetParams > $countRequiredParams ? $this->_urlModel->getUrl($user->getStartupPageUrl()) : $alternativeUrl; }
/** * Update a user's session activity. * * @param mixed $controllerResponse The response from the controller. Generally, a XenForo_ControllerResponse_Abstract object. * @param string $controllerName * @param string $action */ public function updateSessionActivity($controllerResponse, $controllerName, $action) { if (!XenForo_Application::isRegistered('session')) { return; } if ($this->_request->getServer('HTTP_X_MOZ') == 'prefetch') { return; } if ($controllerResponse instanceof XenForo_ControllerResponse_Abstract) { switch (get_class($controllerResponse)) { case 'XenForo_ControllerResponse_Redirect': case 'XenForo_ControllerResponse_Reroute': case 'XenForo_ControllerResponse_ReroutePath': return; // don't update anything, assume the next page will do it // don't update anything, assume the next page will do it case 'XenForo_ControllerResponse_Message': case 'XenForo_ControllerResponse_View': $newState = 'valid'; break; default: $newState = 'error'; } if ($controllerResponse->responseCode && $controllerResponse->responseCode >= 400) { $newState = 'error'; } } else { $newState = 'error'; } $session = XenForo_Application::getSession(); if ($this->canUpdateSessionActivity($controllerName, $action, $newState)) { /** @var $userModel XenForo_Model_User */ $userModel = $this->getModelFromCache('XenForo_Model_User'); $userModel->updateSessionActivity(XenForo_Visitor::getUserId(), $this->_request->getClientIp(false), $controllerName, $action, $newState, $this->_request->getUserParams(), null, $session->isRegistered('robotId') ? $session->get('robotId') : ''); } }
/** * Called before an action is dispatched by Zend_Controller_Dispatcher. * * This callback allows for proxy or filter behavior. The * $action must be returned for the Zend_Controller_Dispatcher_Token to be dispatched. * To abort the dispatch, return FALSE. * * @param Zend_Controller_Request_Http $action * @return Zend_Controller_Request_Http */ public function preDispatch($action) { /*@var $action Zend_Controller_Request_Http */ $controllerName = strtolower($action->getControllerName()); $actionName = strtolower($action->getActionName()); $moduleName = strtolower($action->getModuleName()); // Check for authorization. $app = NovemberApplication::getInstance(); $currentUser = $app->getUser(); if ($currentUser->getRole() == User::ROLE_LOCKED) { $action->setControllerName(ifset($this->config, 'login_controller', 'user')); $action->setActionName(ifset($this->config, 'login_action', 'login')); return $action; } // Get the restrictions for the current request (if any) $conf = ifset($this->config, $moduleName); $roles = ''; if (is_string($conf)) { $roles = $conf; } else { if (is_array($conf)) { // check for a default $roles = ifset($conf, 'default_roles', ''); // If there's something in the controllername entry... $controllerConf = ifset($conf, $controllerName, $roles); if (is_array($controllerConf)) { $roles = ifset($controllerConf, $actionName, $roles); } else { $roles = $controllerConf; } } } // Are there required roles to authenticate? $loginRequired = false; za()->log(__CLASS__ . ':' . __LINE__ . " - Authorizing " . $currentUser->getUsername() . " for roles {$roles}"); if ($roles != '') { $loginRequired = true; $roles = explode(',', $roles); // If the user has any of the roles, let them in foreach ($roles as $role) { if ($currentUser->hasRole($role)) { return $action; } } } // If we've got this far, then we should ask the DB if the current user has // access to the current module and controller // We're expecting user_access => // user_role // OR array (controller => user_role) $userAccess = ifset($conf, 'user_access'); if ($userAccess != null) { $loginRequired = true; // if it's a string, just get the access for the module $accessService = za()->getService('AccessService'); // See if they have access to this module $access = $accessService->getAccessList($currentUser->getUsername(), $moduleName); if (count($access)) { // okay, they have access, so we're all cool return $action; } } if ($loginRequired) { $url = build_url($controllerName, $actionName, $action->getUserParams(), false, $moduleName); $_SESSION[NovemberController::RETURN_URL] = $url; // $action->setModuleName(ifset($this->config, 'login_module', 'default')); $action->setControllerName($this->config['login_controller']); $action->setActionName($this->config['login_action']); } return $action; }