function action()
{
$auth = owa_auth::get_instance();
$status = $auth->authenticateUser();
$go = owa_sanitize::cleanUrl($this->getParam('go'));
// if authentication is successfull
if ($status['auth_status'] == true) {
if (!empty($go)) {
// redirect to url if present
$url = urldecode($go);
$this->e->debug("redirecting browser to...:" . $url);
owa_lib::redirectBrowser($url);
} else {
//else redirect to home page
// these need to be unset as they were set previously by the doAction method.
// need to refactor this out.
$this->set('auth_status', '');
$this->set('params', '');
$this->set('site_id', '');
$this->setRedirectAction($this->config['start_page']);
}
} else {
// return login form with error msg
$this->setView('base.loginForm');
$this->set('go', $go);
$this->set('error_code', 2002);
$this->set('user_id', $this->getParam('user_id'));
}
}
function construct($data)
{
$this->setTitle("Login");
$this->t->set_template('wrapper_public.tpl');
$this->body->set_template('login_form.tpl');
$this->body->set('headline', 'Please login using the from below');
$this->body->set('user_id', $this->get('user_id'));
$this->body->set('go', owa_sanitize::cleanUrl($this->get('go')));
$this->setJs("owa", "base/js/owa.js");
}
static function setDataType($var, $type = 'string')
{
switch ($type) {
case "integer":
$var = $var + 0;
break;
case "string":
$var = owa_sanitize::cleanInput($var, array('remove_html' => true));
}
return $var;
}
/**
* Outputs data into the template
*
* @param string $output The String to be output into the template
* @param bool $sanitize Flag that will sanitize the output for display
*/
function out($output, $sanitize = true, $decode_special_entities = false)
{
if ($sanitize) {
$output = owa_sanitize::escapeForDisplay($output);
if ($decode_special_entities) {
$output = strtr($output, array('&' => '&'));
}
}
echo $output;
}
public static function cleanUserId($user_id)
{
$illegals = owa_coreAPI::getSetting('base', 'user_id_illegal_chars');
foreach ($illegals as $k => $char) {
if (strpos($user_id, $char)) {
$user_id = str_replace($char, "", $user_id);
}
}
return owa_sanitize::cleanInput($user_id, array());
}
public static function inputFilter($input, $options = array())
{
return owa_sanitize::cleanInput($input, $options);
}
/**
* Constructor
*
*/
function __construct()
{
$this->timestamp = time();
$this->guid = owa_lib::generateRandomUid();
// php's server variables
$this->server = $_SERVER;
// files
if (!empty($_FILES)) {
$this->files = $_FILES;
}
// setup cookies
$this->cookies = array();
// look for access to the raw HTTP cookie string. This is needed becuause OWA can set settings cookies
// with the same name under different subdomains. Multiple cookies with the same name are not
// available under $_COOKIE. Therefor OWA's cookie conainter must be an array of arrays.
if (isset($_SERVER['HTTP_COOKIE']) && strpos($_SERVER['HTTP_COOKIE'], ';')) {
$raw_cookie_array = explode(';', $_SERVER['HTTP_COOKIE']);
foreach ($raw_cookie_array as $raw_cookie) {
$nvp = explode('=', trim($raw_cookie));
$this->cookies[$nvp[0]][] = urldecode($nvp[1]);
}
} else {
// just use the normal cookie global
if ($_COOKIE && is_array($_COOKIE)) {
foreach ($_COOKIE as $n => $v) {
// hack against other frameworks sanitizing cookie data and blowing away our '>' delimiter
// this should be removed once all cookies are using json format.
if (strpos($v, '>')) {
$v = str_replace(">", ">", $v);
}
$cookies[$n][] = $v;
}
}
}
// populate owa_cookie container with just the cookies that have the owa namespace.
$this->owa_cookies = owa_lib::stripParams($this->cookies, owa_coreAPI::getSetting('base', 'ns'));
// session
if (!empty($_SESSION)) {
$this->session = $_SESSION;
}
/* STATE CONTAINER */
// state
$this->state = owa_coreAPI::supportClassFactory('base', 'state');
// merges session
if (!empty($this->session)) {
$this->state->addStores(owa_lib::stripParams($this->session, owa_coreAPI::getSetting('base', 'ns')));
}
// merges cookies
foreach ($this->owa_cookies as $k => $owa_cookie) {
$this->state->setInitialState($k, $owa_cookie);
}
// create request params from GET or POST or CLI args
$params = array();
// use GET vars as the base for the request
if (isset($_GET) && !empty($_GET)) {
// get params from _GET
$params = $_GET;
$this->request_type = 'get';
}
// merge in POST vars. GET and POST can occure on the same request.
if (isset($_POST) && !empty($_POST)) {
// get params from _GET
$params = array_merge($params, $_POST);
$this->request_type = 'post';
}
// look for command line arguments in the 'argv' index.
if (!$this->request_type && isset($_SERVER['argv'])) {
$this->cli_args = $_SERVER['argv'];
// parse arguments into key value pairs
for ($i = 1; $i < count($this->cli_args); $i++) {
$it = explode("=", $this->cli_args[$i]);
if (isset($it[1])) {
$params[$it[0]] = $it[1];
} else {
$params[$it[0]] = '';
}
}
$this->request_type = 'cli';
}
if ($this->request_type === 'get' || $this->request_type === 'post') {
$this->current_url = owa_lib::get_current_url();
}
// Clean Input arrays
if ($params) {
$params = owa_sanitize::cleanInput($params, array('remove_html' => true));
if (is_array($params) && !empty($params)) {
$this->request = $params;
}
}
// get namespace
$ns = owa_coreAPI::getSetting('base', 'ns');
// strip action and do params of nasty include exploits.
if (array_key_exists($ns . 'action', $this->request)) {
$this->request[$ns . 'action'] = owa_lib::fileInclusionFilter($this->request[$ns . 'action']);
}
if (array_key_exists($ns . 'do', $this->request)) {
$this->request[$ns . 'do'] = owa_lib::fileInclusionFilter($this->request[$ns . 'do']);
}
// strip owa namespace
$this->owa_params = owa_lib::stripParams($this->request, $ns);
// translate certain request variables that are reserved in javascript
$this->owa_params = owa_lib::rekeyArray($this->owa_params, array_flip(owa_coreAPI::getSetting('base', 'reserved_words')));
// set https flag
if (isset($_SERVER['HTTPS'])) {
$this->is_https = true;
}
}
/**
* Sanitizes for safe input. Takes an array of options:
*
* - hidden_spaces - removes any non space whitespace characters
* - escape_html - Encode any html entities. Encode must be true for the `remove_html` to work.
* - dollar - Escape `$` with `\$`
* - carriage - Remove `\r`
* - unicode
* - backslash -
* - remove_html - Strip HTML with strip_tags. `encode` must be true for this option to work.
*
* @param mixed $data Data to sanitize
* @param array $options
* @return mixed Sanitized data
* @access public
* @static
*/
function cleanInput($input, $options = array())
{
if (empty($input)) {
return;
}
$options = array_merge(array('hidden_spaces' => true, 'remove_html' => false, 'encode' => true, 'dollar' => true, 'carriage' => true, 'unicode' => true, 'escape_html' => true, 'backslash' => true), $options);
if (is_array($input)) {
$output = array();
foreach ($input as $k => $v) {
$output[$k] = owa_sanitize::cleanInput($v, $options);
}
return $output;
} else {
if ($options['hidden_spaces']) {
$output = owa_sanitize::removeHiddenSpaces($input);
}
if ($options['remove_html']) {
$output = owa_sanitize::stripAllTags($output);
}
if ($options['dollar']) {
$output = owa_sanitize::escapeDollarSigns($output);
}
if ($options['carriage']) {
$output = owa_sanitize::stripCarriageReturns($output);
}
if ($options['unicode']) {
$output = owa_sanitize::escapeUnicode($output);
}
if ($options['escape_html']) {
$output = owa_sanitize::escapeForDisplay($output);
}
if ($options['backslash']) {
$output = owa_sanitize::escapeBackslash($output);
}
return $output;
}
}
/**
* Authenticates user by a passkey
*
* @param unknown_type $key
* @return unknown
*/
function authenticateUserByUrlPasskey($user_id, $passkey)
{
$passkey = owa_sanitize::cleanMd5($passkey);
if ($passkey) {
// set credentials
$this->credentials['user_id'] = $user_id;
$this->credentials['passkey'] = $passkey;
// fetch user obj
$this->getUser();
// generate a new passkey from its components in the db
$key = $this->generateUrlPasskey($this->u->get('user_id'), $this->u->get('password'));
// see if it matches the key on the url
if ($key == $passkey) {
return true;
} else {
return false;
}
} else {
return false;
}
}