/**
* This method handles the storage of the action in the database.
*
* @param string $action The action being performed
* @param array $record The record on which the action is performed
*/
public function actionPerformed($action, $record)
{
$user = SecurityManager::atkGetUser();
$userid = $user[Config::getGlobal('auth_userpk')];
if ($userid == '') {
$userid = 0;
}
// probably administrator
$node = $this->m_node->atkNodeUri();
$db = $this->m_node->getDb();
$primarykey = $db->escapeSQL($this->m_node->primaryKey($record));
$db->query('INSERT INTO atkeventlog (id, userid, stamp, node, action, primarykey)
VALUES(' . $db->nextid('atkeventlog') . ", {$userid}, " . $db->func_now() . ", '{$node}', '{$action}', '{$primarykey}')");
$db->commit();
}
/**
* Recursively checks if a menuitem should be enabled or not.
*
* @param array $menuitem menuitem array
*
* @return bool enabled?
*/
public function isEnabled($menuitem)
{
$secManager = SecurityManager::getInstance();
$enable = $menuitem['enable'];
if ((is_string($enable) || is_array($enable) && count($enable) == 2 && is_object(@$enable[0])) && is_callable($enable)) {
$enable = call_user_func($enable);
} else {
if (is_array($enable)) {
$enabled = false;
for ($j = 0; $j < count($enable) / 2; ++$j) {
$enabled = $enabled || $secManager->allowed($enable[2 * $j], $enable[2 * $j + 1]);
}
$enable = $enabled;
} else {
if (array_key_exists($menuitem['name'], $this->menuItems) && is_array($this->menuItems[$menuitem['name']])) {
$enabled = false;
foreach ($this->menuItems[$menuitem['name']] as $item) {
$enabled = $enabled || $this->isEnabled($item);
}
$enable = $enabled;
}
}
}
return $enable;
}
public function runCli()
{
Config::setGlobal('authentication', 'none');
Config::setGlobal('authorization', 'none');
$securityManager = SecurityManager::getInstance();
if ($securityManager->authenticate()) {
$this->bootModules();
}
}
/**
* Handle the error.
*
* @param string $errorMessage
* @param string $debugMessage
*/
public function handle($errorMessage, $debugMessage)
{
$sessionManager = SessionManager::getInstance();
$sessionData =& SessionManager::getSession();
$txt_app_title = Tools::atktext('app_title');
if ($this->params['mailto'] != '') {
// only if enabled..
$atk = Atk::getInstance();
$subject = '[' . $_SERVER['SERVER_NAME'] . "] {$txt_app_title} error";
$defaultfrom = sprintf('%s <%s@%s>', $txt_app_title, Config::getGlobal('identifier', 'atk'), $_SERVER['SERVER_NAME']);
$from = Config::getGlobal('mail_sender', $defaultfrom);
$body = "Hello,\n\nAn error seems to have occurred in the atk application named '{$txt_app_title}'.\n";
$body .= "\nThe errormessage was:\n\n" . implode("\n", is_array($errorMessage) ? $errorMessage : array()) . "\n";
$body .= "\nA detailed report follows:\n";
$body .= "\nPHP Version: " . phpversion() . "\n\n";
$body .= "\nDEBUGMESSAGES\n" . str_repeat('-', 70) . "\n";
$lines = [];
for ($i = 0, $_ = count($debugMessage); $i < $_; ++$i) {
$lines[] = $this->_wordwrap(Tools::atk_html_entity_decode(preg_replace('(\\[<a.*</a>\\])', '', $debugMessage[$i])));
}
$body .= implode("\n", $lines);
if (is_array($_GET)) {
$body .= "\n\n_GET\n" . str_repeat('-', 70) . "\n";
foreach ($_GET as $key => $value) {
$body .= $this->_wordwrap($key . str_repeat(' ', max(1, 20 - strlen($key))) . ' = ' . var_export($value, 1)) . "\n";
}
}
if (function_exists('getallheaders')) {
$request = getallheaders();
if (count($request) > 0) {
$body .= "\n\nREQUEST INFORMATION\n" . str_repeat('-', 70) . "\n";
foreach ($request as $key => $value) {
$body .= $this->_wordwrap($key . str_repeat(' ', max(1, 30 - strlen($key))) . ' = ' . var_export($value, 1)) . "\n";
}
}
}
if (is_array($_POST)) {
$body .= "\n\n_POST\n" . str_repeat('-', 70) . "\n";
foreach ($_POST as $key => $value) {
$body .= $this->_wordwrap($key . str_repeat(' ', max(1, 20 - strlen($key))) . ' = ' . var_export($value, 1)) . "\n";
}
}
if (is_array($_COOKIE)) {
$body .= "\n\n_COOKIE\n" . str_repeat('-', 70) . "\n";
foreach ($_COOKIE as $key => $value) {
$body .= $this->_wordwrap($key . str_repeat(' ', max(1, 20 - strlen($key))) . ' = ' . var_export($value, 1)) . "\n";
}
}
$body .= "\n\nATK CONFIGURATION\n" . str_repeat('-', 70) . "\n";
foreach ($GLOBALS as $key => $value) {
if (substr($key, 0, 7) == 'config_') {
$body .= $this->_wordwrap($key . str_repeat(' ', max(1, 30 - strlen($key))) . ' = ' . var_export($value, 1)) . "\n";
}
}
$body .= "\n\nMODULE CONFIGURATION\n" . str_repeat('-', 70) . "\n";
foreach ($atk->g_modules as $modname => $modpath) {
$modexists = file_exists($modpath) ? ' (path exists)' : ' (PATH DOES NOT EXIST!)';
$body .= $this->_wordwrap($modname . ':' . str_repeat(' ', max(1, 20 - strlen($modname))) . var_export($modpath, 1) . $modexists) . "\n";
}
$body .= "\n\nCurrent User:\n" . str_repeat('-', 70) . "\n";
$user = SecurityManager::atkGetUser();
if (is_array($user) && count($user)) {
foreach ($user as $key => $value) {
$body .= $this->_wordwrap($key . str_repeat(' ', max(1, 30 - strlen($key))) . ' = ' . var_export($value, 1)) . "\n";
}
} else {
$body .= "Not known\n";
}
if (is_object($sessionManager)) {
$body .= "\n\nATK SESSION\n" . str_repeat('-', 70);
$body .= "\nNamespace: " . $sessionManager->getNameSpace() . "\n";
if (isset($sessionData[$sessionManager->getNameSpace()]['stack'])) {
$stack = $sessionData[$sessionManager->getNameSpace()]['stack'];
for ($i = 0; $i < count($stack); ++$i) {
$body .= "\nStack level {$i}:\n";
$item = isset($stack[$i]) ? $stack[$i] : null;
if (is_array($item)) {
foreach ($item as $key => $value) {
$body .= $this->_wordwrap($key . str_repeat(' ', max(1, 30 - strlen($key))) . ' = ' . var_export($value, 1)) . "\n";
}
}
}
}
if (isset($sessionData[$sessionManager->getNameSpace()]['globals'])) {
$ns_globals = $sessionData[$sessionManager->getNameSpace()]['globals'];
if (count($ns_globals) > 0) {
$body .= "\nNamespace globals:\n";
foreach ($ns_globals as $key => $value) {
$body .= $this->_wordwrap($key . str_repeat(' ', max(1, 30 - strlen($key))) . ' = ' . var_export($value, 1)) . "\n";
}
}
}
if (isset($sessionData['globals'])) {
$globals = $sessionData['globals'];
if (count($globals) > 0) {
$body .= "\nGlobals:\n";
foreach ($globals as $key => $value) {
$body .= $this->_wordwrap($key . str_repeat(' ', max(1, 30 - strlen($key))) . ' = ' . var_export($value, 1)) . "\n";
}
}
}
}
$body .= "\n\nSERVER INFORMATION\n" . str_repeat('-', 70) . "\n";
foreach ($_SERVER as $key => $value) {
$body .= $this->_wordwrap($key . str_repeat(' ', max(1, 20 - strlen($key))) . ' = ' . var_export($value, 1)) . "\n";
}
//TODO: replace with some mailer object
mail($this->params['mailto'], $subject, $body, "From: {$from}");
}
}
/**
* Determine the export selections that should be displayed.
*
* @return array
*/
protected function getExportSelections()
{
$where = ' nodetype = "' . $this->m_postvars['atknodeuri'] . '"';
if ('none' !== strtolower(Config::getGlobal('authentication'))) {
$user = SecurityManager::atkGetUser();
if ('administrator' !== strtolower($user['name'])) {
$where .= ' AND user_id IN( 0, ' . (int) $user[Config::getGlobal('auth_userpk')] . ' )';
}
}
$db = Db::getInstance();
return $db->getRows($query = 'SELECT id, name FROM atk_exportcriteria WHERE ' . $where . ' ORDER BY name');
}
/**
* This function determines if the user has the privilege to perform a certain
* action on the node.
*
* @param string $action The action to be checked.
* @param array $record The record on which the action is to be performed.
* The standard implementation ignores this
* parameter, but derived classes may override this
* method to implement their own record based
* security policy. Keep in mind that a record is not
* passed in every occasion. The method is called
* several times without a record, to just see if
* the user has the privilege for the action
* regardless of the record being processed.
*
* @return bool True if the action may be performed, false if not.
*/
public function allowed($action, $record = array())
{
$secMgr = SecurityManager::getInstance();
$alias = $this->atkNodeUri();
$this->resolveNodeTypeAndAction($alias, $action);
return $this->hasFlag(self::NF_NO_SECURITY) || in_array($action, $this->m_unsecuredActions) || $secMgr->allowed($alias, $action) || isset($this->m_securityImplied[$action]) && $secMgr->allowed($alias, $this->m_securityImplied[$action]);
}
/**
* Check if the currently logged-in user has the right to view, edit etc.
* an attribute of a node.
*
* @param SecurityManager $securityMgr the security manager
* @param Attribute $attr attribute reference
* @param string $mode mode (add, edit, view etc.)
* @param array $record record data
*
* @return bool true if access is granted, false if not.
*/
public function attribAllowed($securityMgr, $attr, $mode, $record = null)
{
$node = $attr->m_ownerInstance->atkNodeUri();
$attribute = $attr->fieldName();
// security disabled or user is superuser? (may do anything)
if ($securityMgr->m_scheme == 'none' || !Config::getGlobal('security_attributes') || $securityMgr->hasLevel(-1) || strtolower($securityMgr->m_user['name']) == 'administrator') {
$allowed = true;
} else {
if ($securityMgr->hasLevel(-2) || strtolower($securityMgr->m_user['name']) == 'guest') {
$allowed = false;
} else {
// all other situations
$required = $this->getAttribEntity($node, $attribute, $mode);
if ($required == -1) {
// No access restrictions found..
$allowed = true;
} else {
if ($securityMgr->m_scheme == 'level') {
$allowed = $securityMgr->m_user['level'] >= $required;
} else {
if ($securityMgr->m_scheme == 'group') {
$level = is_array($securityMgr->m_user['level']) ? $securityMgr->m_user['level'] : [$securityMgr->m_user['level']];
$required = is_array($required) ? $required : [$required];
$allowed = array_intersect($level, $required) ? true : false;
if (Config::getGlobal('reverse_attributeaccess_logic', false)) {
$allowed = !$allowed;
}
} else {
// unknown scheme??
$allowed = false;
}
}
}
}
}
return $allowed;
}
/**
* Checks whether the current user has the 'grantall' privilege (if such a
* privilege exists; this is determined by the application by setting
* $config_auth_grantall_privilege.
*
* @return bool
*/
public function canGrantAll()
{
$privilege_setting = Config::getGlobal('auth_grantall_privilege');
if ($privilege_setting != '') {
$securityManager = SecurityManager::getInstance();
list($mod, $node, $priv) = explode('.', $privilege_setting);
return $securityManager->allowed($mod . '.' . $node, $priv);
}
return false;
}
/**
* This method is overridden to make sure that when a form is posted ('save' button), the
* current record is refreshed so the output on screen is accurate.
*
* @return array Array with userinfo, or "" if no user is logged in.
*/
public function initialValue()
{
$fakeRecord = array($this->fieldName() => SecurityManager::atkGetUser());
$this->populate($fakeRecord);
return $fakeRecord[$this->fieldName()];
}
/**
* Get the selected language of the current user if he/she set one,
* otherwise we try to get it from the browser settings and if even THAT
* fails, we return the default language.
*
* @static
*
* @return string
*/
public static function getUserLanguage()
{
$supported = self::getSupportedLanguages();
$sessionmanager = SessionManager::getInstance();
if (!empty($sessionmanager)) {
$userinfo = SecurityManager::atkGetUser();
$fieldname = Config::getGlobal('auth_languagefield');
if (isset($userinfo[$fieldname]) && in_array($userinfo[$fieldname], $supported)) {
return $userinfo[$fieldname];
}
}
// Otherwise we check the headers
if (Config::getGlobal('use_browser_language', false)) {
$headerlng = self::getLanguageFromHeaders();
if ($headerlng && in_array($headerlng, $supported)) {
return $headerlng;
}
}
// We give up and just return the default language
return Config::getGlobal('language');
}
/**
* Does the actual loading of the dispatch page
* And adds it to the page for the dispatch() method to render.
*
* @param array $postvars The request variables for the node.
* @param Node $node
*/
public function loadDispatchPage($postvars, Node $node)
{
$node->m_postvars = $postvars;
$node->m_action = $postvars['atkaction'];
if (isset($postvars['atkpartial'])) {
$node->m_partial = $postvars['atkpartial'];
}
$page = $node->getPage();
$page->setTitle(Tools::atktext('app_shorttitle') . ' - ' . $node->getUi()->title($node->m_module, $node->m_type, $node->m_action));
if ($node->allowed($node->m_action)) {
$secMgr = SecurityManager::getInstance();
$secMgr->logAction($node->m_type, $node->m_action);
$node->callHandler($node->m_action);
$id = '';
if (isset($node->m_postvars['atkselector']) && is_array($node->m_postvars['atkselector'])) {
$atkSelectorDecoded = [];
foreach ($node->m_postvars['atkselector'] as $rowIndex => $selector) {
list($selector, $pk) = explode('=', $selector);
$atkSelectorDecoded[] = $pk;
$id = implode(',', $atkSelectorDecoded);
}
} else {
list(, $id) = explode('=', Tools::atkArrayNvl($node->m_postvars, 'atkselector', '='));
}
$page->register_hiddenvars(array('atknodeuri' => $node->m_module . '.' . $node->m_type, 'atkselector' => str_replace("'", '', $id)));
} else {
$page->addContent($this->accessDeniedPage($node->getType()));
}
}
