public function query($query)
{
//$cache = Ajde_Db_Cache::getInstance();
$log = array('query' => $query);
$start = microtime(true);
//if (!$cache->has($query)) {
try {
$result = parent::query($query);
} catch (Exception $e) {
if (Config::get('debug') === true) {
if (isset($this->queryString)) {
dump($this->queryString);
}
dump('Go to ' . Config::get('site_root') . '?install=1 to install DB');
throw new AjdeDbException($e->getMessage());
} else {
Log::logException($e);
die('DB connection problem. <a href="?install=1">Install database?</a>');
}
}
//$cache->set($query, serialize($result));
// $log['cache'] = false;
//} else {
// $result = $cache->get($query);
// $log['cache'] = true;
//}
$time = microtime(true) - $start;
$log['time'] = round($time * 1000, 0);
self::$log[] = $log;
return $result;
}
/**
* @return Ajde_Http_Request
*/
public static function fromGlobal()
{
$instance = new self();
if (!empty($_POST) && self::requirePostToken() && !self::_isWhitelisted()) {
// Measures against CSRF attacks
$session = new Session('AC.Form');
if (!isset($_POST['_token']) || !$session->has('formTime')) {
// TODO:
$exception = new Security('No form token received or no form time set, bailing out to prevent CSRF attack');
if (Config::getInstance()->debug === true) {
Response::setResponseType(Response::RESPONSE_TYPE_FORBIDDEN);
throw $exception;
} else {
// Prevent inf. loops
unset($_POST);
// Rewrite
Log::logException($exception);
Response::dieOnCode(Response::RESPONSE_TYPE_FORBIDDEN);
}
}
$formToken = $_POST['_token'];
if (!self::verifyFormToken($formToken) || !self::verifyFormTime()) {
// TODO:
if (!self::verifyFormToken($formToken)) {
$exception = new Security('No matching form token (got ' . self::_getHashFromSession($formToken) . ', expected ' . self::_tokenHash($formToken) . '), bailing out to prevent CSRF attack');
} else {
$exception = new Security('Form token timed out, bailing out to prevent CSRF attack');
}
if (Config::getInstance()->debug === true) {
Response::setResponseType(Response::RESPONSE_TYPE_FORBIDDEN);
throw $exception;
} else {
// Prevent inf. loops
unset($_POST);
// Rewrite
Log::logException($exception);
Response::dieOnCode(Response::RESPONSE_TYPE_FORBIDDEN);
}
}
}
// Security measure, protect $_POST
//$global = array_merge($_GET, $_POST);
$global = $_GET;
foreach ($global as $key => $value) {
$instance->set($key, $value);
}
$instance->_postData = $_POST;
if (!empty($instance->_postData)) {
Cache::getInstance()->disable();
}
return $instance;
}
public function __construct($dsn, $user, $password, $options)
{
$options = $options + array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION);
try {
$connection = new AjdeDbPDO($dsn, $user, $password, $options);
} catch (Exception $e) {
// Disable trace on this exception to prevent exposure of sensitive data
// TODO: exception
Log::logException($e);
throw new AjdeException('Could not connect to database', 0, false);
}
$this->_connection = $connection;
}
public function getThumbnail()
{
$vmid = $this->_getVimeoId();
if ($vmid) {
$response = Curl::get("http://vimeo.com/api/v2/video/{$vmid}.php");
try {
$hash = unserialize($response);
} catch (Exception $e) {
Log::logException(new AjdeException("Could not parse result from Vimeo"));
return null;
}
return $hash[0]['thumbnail_large'];
}
return null;
}
public static function dieOnCode($code)
{
self::setResponseType($code);
header("Content-type: text/html; charset=UTF-8");
$_SERVER['REDIRECT_STATUS'] = $code;
if (array_key_exists($code, Config::getInstance()->responseCodeRoute)) {
try {
self::dieOnRoute(Config::getInstance()->responseCodeRoute[$code]);
} catch (Exception $e) {
Log::logException($e);
}
}
// fallback
ob_get_clean();
include Config::get('local_root') . '/errordocument.php';
die;
}
public function publish()
{
$tweet = $this->getTitle();
if ($url = $this->getUrl()) {
$tweet = substr($tweet, 0, 140 - strlen($url) - 5) . '... ' . $url;
}
while ($curlength = iconv_strlen(htmlspecialchars($tweet, ENT_QUOTES, 'UTF-8'), 'UTF-8') >= 140) {
$tweet = substr($tweet, 0, -1);
}
try {
$response = $this->_twitter->post('statuses/update', array('status' => $tweet));
} catch (Exception $e) {
AjdeLog::log($response);
AjdeExceptionLog::logException($e);
return false;
}
if ($response->user && $response->user->id && $response->id_str) {
return sprintf("http://twitter.com/%s/status/%s", $response->user->id, $response->id_str);
} else {
return false;
}
}
public function updatePayment()
{
$payment = false;
$mollie = new Client();
$mollie->setApiKey($this->getApiKey());
$transaction = new TransactionModel();
$changed = false;
// see if we are here for the webhook or user return url
$mollie_id = Ajde::app()->getRequest()->getPostParam('id', false);
// from webhook
$order_id = Ajde::app()->getRequest()->getParam('order_id', false);
// from user request
if (!$mollie_id && $order_id) {
// load from order_id
$transaction->loadByField('secret', $order_id);
$mollie_id = $transaction->payment_providerid;
try {
$payment = $mollie->payments->get($mollie_id);
} catch (Exception $e) {
AjdeExceptionLog::logException($e);
$payment = false;
}
} else {
if ($mollie_id) {
// laod from mollie transaction id
try {
$payment = $mollie->payments->get($mollie_id);
$order_id = $payment->metadata->order_id;
$transaction->loadByField('secret', $order_id);
} catch (Exception $e) {
AjdeExceptionLog::logException($e);
$payment = false;
}
}
}
if (!$payment || !$mollie_id || !$order_id || !$transaction->hasLoaded()) {
AjdeLog::log('Could not find transaction for Mollie payment for mollie id ' . $mollie_id . ' and transaction secret ' . $order_id);
return array('success' => false, 'changed' => $changed, 'transaction' => $transaction);
}
// what to return?
$paid = false;
$payment_details = $payment->details;
if (is_object($payment_details) || is_array($payment_details)) {
$payment_details = json_encode($payment_details);
}
// save details
$details = 'PAYMENT STATUS: ' . (string) $payment->status . PHP_EOL . 'PAYMENT AMOUNT: ' . (string) $payment->amount . PHP_EOL . 'PAYMENT AT: ' . (string) $payment->paidDatetime . PHP_EOL . 'CANCELLED AT: ' . (string) $payment->cancelledDatetime . PHP_EOL . 'EXPIRED AT: ' . (string) $payment->expiredDatetime . PHP_EOL . 'PAYER DETAILS: ' . (string) $payment_details;
$transaction->payment_details = $details;
switch ($payment->status) {
case "open":
if ($transaction->payment_status != 'requested') {
$transaction->payment_status = 'requested';
$transaction->save();
$changed = true;
}
break;
case "paidout":
case "paid":
$paid = true;
// update transaction only once
if ($transaction->payment_status != 'completed') {
$transaction->paid();
$changed = true;
}
break;
case "cancelled":
// update transaction only once
if ($transaction->payment_status != 'cancelled') {
$transaction->payment_status = 'cancelled';
$transaction->save();
$changed = true;
}
break;
case "expired":
// update transaction only once
if ($transaction->payment_status != 'refused') {
$transaction->payment_status = 'refused';
$transaction->save();
$changed = true;
}
break;
}
return array('success' => $paid, 'changed' => $changed, 'transaction' => $transaction);
}
public function __bootstrap()
{
// Session name
$sessionName = Config::get('ident') . '_session';
session_name($sessionName);
// Session lifetime
$lifetime = Config::get("sessionLifetime");
// Security garbage collector
ini_set('session.gc_maxlifetime', $lifetime == 0 ? 180 * 60 : $lifetime * 60);
// PHP session garbage collection timeout in minutes
ini_set('session.gc_divisor', 100);
// Set divisor and probability for cronjob Ubuntu/Debian
// ini_set('session.gc_probability', 1); // @see http://www.php.net/manual/en/function.session-save-path.php#98106
// Set session save path
if (Config::get('sessionSavepath')) {
ini_set('session.save_path', str_replace('~', Config::get('local_root'), Config::get('sessionSavepath')));
}
// Set sessions to use cookies
ini_set('session.use_cookies', 1);
ini_set('session.use_only_cookies', 1);
// @see http://www.php.net/manual/en/session.configuration.php#ini.session.use-only-cookies
// Session cookie parameter
$path = Config::get('site_path');
$domain = Config::get('cookieDomain');
$secure = Config::get('cookieSecure');
$httponly = Config::get('cookieHttponly');
// Set cookie lifetime
session_set_cookie_params($lifetime * 60, $path, $domain, $secure, $httponly);
session_cache_limiter('private_no_expire');
// Start the session!
session_start();
// Strengthen session security with REMOTE_ADDR and HTTP_USER_AGENT
// @see http://shiflett.org/articles/session-hijacking
// Removed REMOTE_ADDR, use HTTP_X_FORWARDED_FOR if available
$remoteIp = Request::getClientIP();
// Ignore Google Chrome frame as it has a split personality
// @todo TODO: security issue!!
// @see http://www.chromium.org/developers/how-tos/chrome-frame-getting-started/understanding-chrome-frame-user-agent
if (isset($_SERVER['HTTP_USER_AGENT']) && substr_count($_SERVER['HTTP_USER_AGENT'], 'chromeframe/') === 0 && isset($_SESSION['client']) && $_SESSION['client'] !== md5($remoteIp . $_SERVER['HTTP_USER_AGENT'] . Config::get('secret'))) {
// TODO: overhead to call session_regenerate_id? is it not required??
//session_regenerate_id();
// thoroughly destroy the current session
session_destroy();
unset($_SESSION);
setcookie(session_name(), session_id(), time() - 3600, $path, $domain, $secure, $httponly);
// TODO:
$exception = new Security('Possible session hijacking detected. Bailing out.');
if (Config::getInstance()->debug === true) {
throw $exception;
} else {
// don't redirect/log for resource items, as they should have no side effect
// this makes it possible for i.e. web crawlers/error pages to view resources
$request = Request::fromGlobal();
$route = $request->initRoute();
Ajde::app()->setRequest($request);
if (!in_array($route->getFormat(), array('css', 'js'))) {
Log::logException($exception);
Cache::getInstance()->disable();
// Just destroying the session should be enough
// Ajde_Http_Response::dieOnCode(Ajde_Http_Response::RESPONSE_TYPE_FORBIDDEN);
}
}
} else {
$_SESSION['client'] = md5($remoteIp . issetor($_SERVER['HTTP_USER_AGENT']) . Config::get('secret'));
if ($lifetime > 0) {
// Force send new cookie with updated lifetime (forcing keep-alive)
// @see http://www.php.net/manual/en/function.session-set-cookie-params.php#100672
//session_regenerate_id();
// Set cookie manually if session_start didn't just sent a cookie
// @see http://www.php.net/manual/en/function.session-set-cookie-params.php#100657
if (isset($_COOKIE[$sessionName])) {
setcookie(session_name(), session_id(), time() + $lifetime * 60, $path, $domain, $secure, $httponly);
}
}
}
// remove cache headers invoked by session_start();
if (version_compare(PHP_VERSION, '5.3.0') >= 0) {
header_remove('X-Powered-By');
}
return true;
}
public static function routingError(Exception $exception)
{
if (Config::get("debug") === true) {
throw $exception;
} else {
if (Autoloader::exists('Ajde_Exception_Log')) {
Log::logException($exception);
}
Response::redirectNotFound();
}
}
