useSession() public static method

public static useSession ( $func, string $namespace = "pimcore_admin" ) : mixed
$func
$namespace string
return mixed
示例#1
0
 public function updateCurrentUserAction()
 {
     $this->protectCSRF();
     $user = $this->getUser();
     if ($user != null) {
         if ($user->getId() == $this->getParam("id")) {
             $values = \Zend_Json::decode($this->getParam("data"));
             unset($values["name"]);
             unset($values["id"]);
             unset($values["admin"]);
             unset($values["permissions"]);
             unset($values["roles"]);
             unset($values["active"]);
             if (!empty($values["new_password"])) {
                 $oldPasswordCheck = false;
                 if (empty($values["old_password"])) {
                     // if the user want to reset the password, the old password isn't required
                     $oldPasswordCheck = Tool\Session::useSession(function ($adminSession) use($oldPasswordCheck) {
                         if ($adminSession->password_reset) {
                             return true;
                         }
                         return false;
                     });
                 } else {
                     // the password has to match
                     $checkUser = Tool\Authentication::authenticatePlaintext($user->getName(), $values["old_password"]);
                     if ($checkUser) {
                         $oldPasswordCheck = true;
                     }
                 }
                 if ($oldPasswordCheck && $values["new_password"] == $values["retype_password"]) {
                     $values["password"] = Tool\Authentication::getPasswordHash($user->getName(), $values["new_password"]);
                 } else {
                     $this->_helper->json(["success" => false, "message" => "password_cannot_be_changed"]);
                 }
             }
             $user->setValues($values);
             $user->save();
             $this->_helper->json(["success" => true]);
         } else {
             \Logger::warn("prevented save current user, because ids do not match. ");
             $this->_helper->json(false);
         }
     } else {
         $this->_helper->json(false);
     }
 }
 public function copyRewriteIdsAction()
 {
     $transactionId = $this->getParam("transactionId");
     $idStore = Tool\Session::useSession(function ($session) use($transactionId) {
         return $session->{$transactionId};
     }, "pimcore_copy");
     if (!array_key_exists("rewrite-stack", $idStore)) {
         $idStore["rewrite-stack"] = array_values($idStore["idMapping"]);
     }
     $id = array_shift($idStore["rewrite-stack"]);
     $object = Object::getById($id);
     // create rewriteIds() config parameter
     $rewriteConfig = array("object" => $idStore["idMapping"]);
     $object = Object\Service::rewriteIds($object, $rewriteConfig);
     $object->setUserModification($this->getUser()->getId());
     $object->save();
     // write the store back to the session
     Tool\Session::useSession(function ($session) use($transactionId, $idStore) {
         $session->{$transactionId} = $idStore;
     }, "pimcore_copy");
     $this->_helper->json(array("success" => true, "id" => $id));
 }
示例#3
0
 public function logoutAction()
 {
     $controller = $this;
     // clear open edit locks for this session
     \Pimcore\Model\Element\Editlock::clearSession(session_id());
     Tool\Session::useSession(function ($adminSession) use($controller) {
         if ($adminSession->user instanceof User) {
             \Pimcore::getEventManager()->trigger("admin.login.logout", $controller, ["user" => $adminSession->user]);
             $adminSession->user = null;
         }
         \Zend_Session::destroy();
     });
     // cleanup pimcore-cookies => 315554400 => strtotime('1980-01-01')
     setcookie("pimcore_opentabs", false, 315554400, "/");
     $this->redirect("/admin/login/");
 }
示例#4
0
 /**
  *
  */
 protected function protectCSRF()
 {
     $csrfToken = Session::useSession(function ($adminSession) {
         return $adminSession->csrfToken;
     });
     if ($csrfToken != $_SERVER["HTTP_X_PIMCORE_CSRF_TOKEN"]) {
         die("Detected CSRF Attack! Do not do evil things with pimcore ... ;-)");
     }
 }
示例#5
0
 /**
  *
  */
 public function removeFromSessionAction()
 {
     $key = "document_" . $this->getParam("id");
     Session::useSession(function ($session) use($key) {
         $session->{$key} = null;
     }, "pimcore_documents");
     $this->_helper->json(array("success" => true));
 }
示例#6
0
 public function indexAction()
 {
     // IE compatibility
     //$this->getResponse()->setHeader("X-UA-Compatible", "IE=8; IE=9", true);
     // clear open edit locks for this session (in the case of a reload, ...)
     \Pimcore\Model\Element\Editlock::clearSession(session_id());
     // check maintenance
     $maintenance_enabled = false;
     $manager = Model\Schedule\Manager\Factory::getManager("maintenance.pid");
     $lastExecution = $manager->getLastExecution();
     if ($lastExecution) {
         if (time() - $lastExecution < 610) {
             // maintenance script should run at least every 10 minutes + a little tolerance
             $maintenance_enabled = true;
         }
     }
     $this->view->maintenance_enabled = \Zend_Json::encode($maintenance_enabled);
     // configuration
     $sysConfig = Config::getSystemConfig();
     $this->view->config = $sysConfig;
     //mail settings
     $mailIncomplete = false;
     if ($sysConfig->email) {
         if (!$sysConfig->email->debug->emailaddresses) {
             $mailIncomplete = true;
         }
         if (!$sysConfig->email->sender->email) {
             $mailIncomplete = true;
         }
         if ($sysConfig->email->method == "smtp" && !$sysConfig->email->smtp->host) {
             $mailIncomplete = true;
         }
     }
     $this->view->mail_settings_complete = \Zend_Json::encode(!$mailIncomplete);
     // report configuration
     $this->view->report_config = Config::getReportConfig();
     // customviews config
     $cvConfig = Tool::getCustomViewConfig();
     $cvData = array();
     if ($cvConfig) {
         foreach ($cvConfig as $node) {
             $tmpData = $node;
             $rootNode = Model\Object::getByPath($tmpData["rootfolder"]);
             if ($rootNode) {
                 $tmpData["rootId"] = $rootNode->getId();
                 $tmpData["allowedClasses"] = explode(",", $tmpData["classes"]);
                 $tmpData["showroot"] = (bool) $tmpData["showroot"];
                 $cvData[] = $tmpData;
             }
         }
     }
     $this->view->customview_config = $cvData;
     // upload limit
     $max_upload = filesize2bytes(ini_get("upload_max_filesize") . "B");
     $max_post = filesize2bytes(ini_get("post_max_size") . "B");
     $upload_mb = min($max_upload, $max_post);
     $this->view->upload_max_filesize = $upload_mb;
     // csrf token
     $user = $this->getUser();
     $this->view->csrfToken = Tool\Session::useSession(function ($adminSession) use($user) {
         if (!isset($adminSession->csrfToken) && !$adminSession->csrfToken) {
             $adminSession->csrfToken = sha1(microtime() . $user->getName() . uniqid());
         }
         return $adminSession->csrfToken;
     });
     if (\Pimcore\Tool\Admin::isExtJS6()) {
         $this->forward("index6");
     }
 }
 public function copyInfoAction()
 {
     $transactionId = time();
     $pasteJobs = array();
     Tool\Session::useSession(function ($session) use($transactionId) {
         $session->{$transactionId} = array();
     }, "pimcore_copy");
     if ($this->getParam("type") == "recursive") {
         $asset = Asset::getById($this->getParam("sourceId"));
         // first of all the new parent
         $pasteJobs[] = array(array("url" => "/admin/asset/copy", "params" => array("sourceId" => $this->getParam("sourceId"), "targetId" => $this->getParam("targetId"), "type" => "child", "transactionId" => $transactionId, "saveParentId" => true)));
         if ($asset->hasChilds()) {
             // get amount of childs
             $list = new Asset\Listing();
             $list->setCondition("path LIKE '" . $asset->getFullPath() . "/%'");
             $list->setOrderKey("LENGTH(path)", false);
             $list->setOrder("ASC");
             $childIds = $list->loadIdList();
             if (count($childIds) > 0) {
                 foreach ($childIds as $id) {
                     $pasteJobs[] = array(array("url" => "/admin/asset/copy", "params" => array("sourceId" => $id, "targetParentId" => $this->getParam("targetId"), "sourceParentId" => $this->getParam("sourceId"), "type" => "child", "transactionId" => $transactionId)));
                 }
             }
         }
     } else {
         if ($this->getParam("type") == "child" || $this->getParam("type") == "replace") {
             // the object itself is the last one
             $pasteJobs[] = array(array("url" => "/admin/asset/copy", "params" => array("sourceId" => $this->getParam("sourceId"), "targetId" => $this->getParam("targetId"), "type" => $this->getParam("type"), "transactionId" => $transactionId)));
         }
     }
     $this->_helper->json(array("pastejobs" => $pasteJobs));
 }
示例#8
0
 public function indexAction()
 {
     // clear open edit locks for this session (in the case of a reload, ...)
     \Pimcore\Model\Element\Editlock::clearSession(session_id());
     // check maintenance
     $maintenance_enabled = false;
     $manager = Model\Schedule\Manager\Factory::getManager("maintenance.pid");
     $lastExecution = $manager->getLastExecution();
     if ($lastExecution) {
         if (time() - $lastExecution < 610) {
             // maintenance script should run at least every 10 minutes + a little tolerance
             $maintenance_enabled = true;
         }
     }
     $this->view->maintenance_enabled = \Zend_Json::encode($maintenance_enabled);
     // configuration
     $sysConfig = Config::getSystemConfig();
     $this->view->config = $sysConfig;
     //mail settings
     $mailIncomplete = false;
     if ($sysConfig->email) {
         if (!$sysConfig->email->debug->emailaddresses) {
             $mailIncomplete = true;
         }
         if (!$sysConfig->email->sender->email) {
             $mailIncomplete = true;
         }
         if ($sysConfig->email->method == "smtp" && !$sysConfig->email->smtp->host) {
             $mailIncomplete = true;
         }
     }
     $this->view->mail_settings_complete = \Zend_Json::encode(!$mailIncomplete);
     // report configuration
     $this->view->report_config = Config::getReportConfig();
     $cvData = [];
     // still needed when publishing objects
     $cvConfig = Tool::getCustomViewConfig();
     if ($cvConfig) {
         foreach ($cvConfig as $node) {
             $tmpData = $node;
             // backwards compatibility
             $treeType = $tmpData["treetype"] ? $tmpData["treetype"] : "object";
             $rootNode = Model\Element\Service::getElementByPath($treeType, $tmpData["rootfolder"]);
             if ($rootNode) {
                 $tmpData["rootId"] = $rootNode->getId();
                 $tmpData["allowedClasses"] = $tmpData["classes"] ? explode(",", $tmpData["classes"]) : null;
                 $tmpData["showroot"] = (bool) $tmpData["showroot"];
                 // Check if a user has privileges to that node
                 if ($rootNode->isAllowed("list")) {
                     $cvData[] = $tmpData;
                 }
             }
         }
     }
     $this->view->customview_config = $cvData;
     // upload limit
     $max_upload = filesize2bytes(ini_get("upload_max_filesize") . "B");
     $max_post = filesize2bytes(ini_get("post_max_size") . "B");
     $upload_mb = min($max_upload, $max_post);
     $this->view->upload_max_filesize = $upload_mb;
     // session lifetime (gc)
     $session_gc_maxlifetime = ini_get("session.gc_maxlifetime");
     if (empty($session_gc_maxlifetime)) {
         $session_gc_maxlifetime = 120;
     }
     $this->view->session_gc_maxlifetime = $session_gc_maxlifetime;
     // csrf token
     $user = $this->getUser();
     $this->view->csrfToken = Tool\Session::useSession(function ($adminSession) use($user) {
         if (!isset($adminSession->csrfToken) && !$adminSession->csrfToken) {
             $adminSession->csrfToken = sha1(microtime() . $user->getName() . uniqid());
         }
         return $adminSession->csrfToken;
     });
     if (\Pimcore\Tool\Admin::isExtJS6()) {
         $this->forward("index6");
     }
 }
 public function copyRewriteIdsAction()
 {
     $transactionId = $this->getParam("transactionId");
     $idStore = Session::useSession(function ($session) use($transactionId) {
         return $session->{$transactionId};
     }, "pimcore_copy");
     if (!array_key_exists("rewrite-stack", $idStore)) {
         $idStore["rewrite-stack"] = array_values($idStore["idMapping"]);
     }
     $id = array_shift($idStore["rewrite-stack"]);
     $document = Document::getById($id);
     if ($document) {
         // create rewriteIds() config parameter
         $rewriteConfig = array("document" => $idStore["idMapping"]);
         $document = Document\Service::rewriteIds($document, $rewriteConfig, array("enableInheritance" => $this->getParam("enableInheritance") == "true" ? true : false));
         $document->setUserModification($this->getUser()->getId());
         $document->save();
     }
     // write the store back to the session
     Session::useSession(function ($session) use($transactionId, $idStore) {
         $session->{$transactionId} = $idStore;
     }, "pimcore_copy");
     $this->_helper->json(array("success" => true, "id" => $id));
 }
示例#10
0
 public function saveAction()
 {
     try {
         if ($this->getParam("id")) {
             $page = Document\Page::getById($this->getParam("id"));
             // check if there's a document in session which should be used as data-source
             // see also self::clearEditableDataAction() | this is necessary to reset all fields and to get rid of
             // outdated and unused data elements in this document (eg. entries of area-blocks)
             $pageSession = Session::useSession(function ($session) use($page) {
                 if (isset($session->{"document_" . $page->getId()}) && isset($session->{"document_" . $page->getId() . "_useForSave"})) {
                     if ($session->{"document_" . $page->getId() . "_useForSave"}) {
                         // only use the page from the session once
                         unset($session->{"document_" . $page->getId() . "_useForSave"});
                         return $session->{"document_" . $page->getId()};
                     }
                 }
                 return null;
             }, "pimcore_documents");
             if ($pageSession) {
                 $page = $pageSession;
             } else {
                 $page = $this->getLatestVersion($page);
             }
             $page->setUserModification($this->getUser()->getId());
             if ($this->getParam("task") == "unpublish") {
                 $page->setPublished(false);
             }
             if ($this->getParam("task") == "publish") {
                 $page->setPublished(true);
             }
             $settings = [];
             if ($this->getParam("settings")) {
                 $settings = \Zend_Json::decode($this->getParam("settings"));
             }
             // check for redirects
             if ($this->getUser()->isAllowed("redirects") && $this->getParam("settings")) {
                 if (is_array($settings)) {
                     $redirectList = new Redirect\Listing();
                     $redirectList->setCondition("target = ?", $page->getId());
                     $existingRedirects = $redirectList->load();
                     $existingRedirectIds = [];
                     foreach ($existingRedirects as $existingRedirect) {
                         $existingRedirectIds[$existingRedirect->getId()] = $existingRedirect->getId();
                     }
                     for ($i = 1; $i < 100; $i++) {
                         if (array_key_exists("redirect_url_" . $i, $settings)) {
                             // check for existing
                             if ($settings["redirect_id_" . $i]) {
                                 $redirect = Redirect::getById($settings["redirect_id_" . $i]);
                                 unset($existingRedirectIds[$redirect->getId()]);
                             } else {
                                 // create new one
                                 $redirect = new Redirect();
                             }
                             $redirect->setSource($settings["redirect_url_" . $i]);
                             $redirect->setTarget($page->getId());
                             $redirect->setStatusCode(301);
                             $redirect->save();
                         }
                     }
                     // remove existing redirects which were delete
                     foreach ($existingRedirectIds as $existingRedirectId) {
                         $redirect = Redirect::getById($existingRedirectId);
                         $redirect->delete();
                     }
                 }
             }
             // check if settings exist, before saving meta data
             if ($this->getParam("settings") && is_array($settings)) {
                 $metaData = [];
                 for ($i = 1; $i < 30; $i++) {
                     if (array_key_exists("metadata_" . $i, $settings)) {
                         $metaData[] = $settings["metadata_" . $i];
                     }
                 }
                 $page->setMetaData($metaData);
             }
             // only save when publish or unpublish
             if ($this->getParam("task") == "publish" && $page->isAllowed("publish") or $this->getParam("task") == "unpublish" && $page->isAllowed("unpublish")) {
                 $this->setValuesToDocument($page);
                 try {
                     $page->save();
                     $this->saveToSession($page);
                     $this->_helper->json(["success" => true]);
                 } catch (\Exception $e) {
                     if (\Pimcore\Tool\Admin::isExtJS6() && $e instanceof Element\ValidationException) {
                         throw $e;
                     }
                     Logger::err($e);
                     $this->_helper->json(["success" => false, "message" => $e->getMessage()]);
                 }
             } else {
                 if ($page->isAllowed("save")) {
                     $this->setValuesToDocument($page);
                     try {
                         $page->saveVersion();
                         $this->saveToSession($page);
                         $this->_helper->json(["success" => true]);
                     } catch (\Exception $e) {
                         Logger::err($e);
                         $this->_helper->json(["success" => false, "message" => $e->getMessage()]);
                     }
                 }
             }
         }
     } catch (\Exception $e) {
         Logger::log($e);
         if (\Pimcore\Tool\Admin::isExtJS6() && $e instanceof Element\ValidationException) {
             $this->_helper->json(["success" => false, "type" => "ValidationException", "message" => $e->getMessage(), "stack" => $e->getTraceAsString(), "code" => $e->getCode()]);
         }
         throw $e;
     }
     $this->_helper->json(false);
 }