/** * This method handles the storage of the action in the database. * * @param string $action The action being performed * @param array $record The record on which the action is performed */ public function actionPerformed($action, $record) { $user = SecurityManager::atkGetUser(); $userid = $user[Config::getGlobal('auth_userpk')]; if ($userid == '') { $userid = 0; } // probably administrator $node = $this->m_node->atkNodeUri(); $db = $this->m_node->getDb(); $primarykey = $db->escapeSQL($this->m_node->primaryKey($record)); $db->query('INSERT INTO atkeventlog (id, userid, stamp, node, action, primarykey) VALUES(' . $db->nextid('atkeventlog') . ", {$userid}, " . $db->func_now() . ", '{$node}', '{$action}', '{$primarykey}')"); $db->commit(); }
/** * Recursively checks if a menuitem should be enabled or not. * * @param array $menuitem menuitem array * * @return bool enabled? */ public function isEnabled($menuitem) { $secManager = SecurityManager::getInstance(); $enable = $menuitem['enable']; if ((is_string($enable) || is_array($enable) && count($enable) == 2 && is_object(@$enable[0])) && is_callable($enable)) { $enable = call_user_func($enable); } else { if (is_array($enable)) { $enabled = false; for ($j = 0; $j < count($enable) / 2; ++$j) { $enabled = $enabled || $secManager->allowed($enable[2 * $j], $enable[2 * $j + 1]); } $enable = $enabled; } else { if (array_key_exists($menuitem['name'], $this->menuItems) && is_array($this->menuItems[$menuitem['name']])) { $enabled = false; foreach ($this->menuItems[$menuitem['name']] as $item) { $enabled = $enabled || $this->isEnabled($item); } $enable = $enabled; } } } return $enable; }
public function runCli() { Config::setGlobal('authentication', 'none'); Config::setGlobal('authorization', 'none'); $securityManager = SecurityManager::getInstance(); if ($securityManager->authenticate()) { $this->bootModules(); } }
/** * Handle the error. * * @param string $errorMessage * @param string $debugMessage */ public function handle($errorMessage, $debugMessage) { $sessionManager = SessionManager::getInstance(); $sessionData =& SessionManager::getSession(); $txt_app_title = Tools::atktext('app_title'); if ($this->params['mailto'] != '') { // only if enabled.. $atk = Atk::getInstance(); $subject = '[' . $_SERVER['SERVER_NAME'] . "] {$txt_app_title} error"; $defaultfrom = sprintf('%s <%s@%s>', $txt_app_title, Config::getGlobal('identifier', 'atk'), $_SERVER['SERVER_NAME']); $from = Config::getGlobal('mail_sender', $defaultfrom); $body = "Hello,\n\nAn error seems to have occurred in the atk application named '{$txt_app_title}'.\n"; $body .= "\nThe errormessage was:\n\n" . implode("\n", is_array($errorMessage) ? $errorMessage : array()) . "\n"; $body .= "\nA detailed report follows:\n"; $body .= "\nPHP Version: " . phpversion() . "\n\n"; $body .= "\nDEBUGMESSAGES\n" . str_repeat('-', 70) . "\n"; $lines = []; for ($i = 0, $_ = count($debugMessage); $i < $_; ++$i) { $lines[] = $this->_wordwrap(Tools::atk_html_entity_decode(preg_replace('(\\[<a.*</a>\\])', '', $debugMessage[$i]))); } $body .= implode("\n", $lines); if (is_array($_GET)) { $body .= "\n\n_GET\n" . str_repeat('-', 70) . "\n"; foreach ($_GET as $key => $value) { $body .= $this->_wordwrap($key . str_repeat(' ', max(1, 20 - strlen($key))) . ' = ' . var_export($value, 1)) . "\n"; } } if (function_exists('getallheaders')) { $request = getallheaders(); if (count($request) > 0) { $body .= "\n\nREQUEST INFORMATION\n" . str_repeat('-', 70) . "\n"; foreach ($request as $key => $value) { $body .= $this->_wordwrap($key . str_repeat(' ', max(1, 30 - strlen($key))) . ' = ' . var_export($value, 1)) . "\n"; } } } if (is_array($_POST)) { $body .= "\n\n_POST\n" . str_repeat('-', 70) . "\n"; foreach ($_POST as $key => $value) { $body .= $this->_wordwrap($key . str_repeat(' ', max(1, 20 - strlen($key))) . ' = ' . var_export($value, 1)) . "\n"; } } if (is_array($_COOKIE)) { $body .= "\n\n_COOKIE\n" . str_repeat('-', 70) . "\n"; foreach ($_COOKIE as $key => $value) { $body .= $this->_wordwrap($key . str_repeat(' ', max(1, 20 - strlen($key))) . ' = ' . var_export($value, 1)) . "\n"; } } $body .= "\n\nATK CONFIGURATION\n" . str_repeat('-', 70) . "\n"; foreach ($GLOBALS as $key => $value) { if (substr($key, 0, 7) == 'config_') { $body .= $this->_wordwrap($key . str_repeat(' ', max(1, 30 - strlen($key))) . ' = ' . var_export($value, 1)) . "\n"; } } $body .= "\n\nMODULE CONFIGURATION\n" . str_repeat('-', 70) . "\n"; foreach ($atk->g_modules as $modname => $modpath) { $modexists = file_exists($modpath) ? ' (path exists)' : ' (PATH DOES NOT EXIST!)'; $body .= $this->_wordwrap($modname . ':' . str_repeat(' ', max(1, 20 - strlen($modname))) . var_export($modpath, 1) . $modexists) . "\n"; } $body .= "\n\nCurrent User:\n" . str_repeat('-', 70) . "\n"; $user = SecurityManager::atkGetUser(); if (is_array($user) && count($user)) { foreach ($user as $key => $value) { $body .= $this->_wordwrap($key . str_repeat(' ', max(1, 30 - strlen($key))) . ' = ' . var_export($value, 1)) . "\n"; } } else { $body .= "Not known\n"; } if (is_object($sessionManager)) { $body .= "\n\nATK SESSION\n" . str_repeat('-', 70); $body .= "\nNamespace: " . $sessionManager->getNameSpace() . "\n"; if (isset($sessionData[$sessionManager->getNameSpace()]['stack'])) { $stack = $sessionData[$sessionManager->getNameSpace()]['stack']; for ($i = 0; $i < count($stack); ++$i) { $body .= "\nStack level {$i}:\n"; $item = isset($stack[$i]) ? $stack[$i] : null; if (is_array($item)) { foreach ($item as $key => $value) { $body .= $this->_wordwrap($key . str_repeat(' ', max(1, 30 - strlen($key))) . ' = ' . var_export($value, 1)) . "\n"; } } } } if (isset($sessionData[$sessionManager->getNameSpace()]['globals'])) { $ns_globals = $sessionData[$sessionManager->getNameSpace()]['globals']; if (count($ns_globals) > 0) { $body .= "\nNamespace globals:\n"; foreach ($ns_globals as $key => $value) { $body .= $this->_wordwrap($key . str_repeat(' ', max(1, 30 - strlen($key))) . ' = ' . var_export($value, 1)) . "\n"; } } } if (isset($sessionData['globals'])) { $globals = $sessionData['globals']; if (count($globals) > 0) { $body .= "\nGlobals:\n"; foreach ($globals as $key => $value) { $body .= $this->_wordwrap($key . str_repeat(' ', max(1, 30 - strlen($key))) . ' = ' . var_export($value, 1)) . "\n"; } } } } $body .= "\n\nSERVER INFORMATION\n" . str_repeat('-', 70) . "\n"; foreach ($_SERVER as $key => $value) { $body .= $this->_wordwrap($key . str_repeat(' ', max(1, 20 - strlen($key))) . ' = ' . var_export($value, 1)) . "\n"; } //TODO: replace with some mailer object mail($this->params['mailto'], $subject, $body, "From: {$from}"); } }
/** * Determine the export selections that should be displayed. * * @return array */ protected function getExportSelections() { $where = ' nodetype = "' . $this->m_postvars['atknodeuri'] . '"'; if ('none' !== strtolower(Config::getGlobal('authentication'))) { $user = SecurityManager::atkGetUser(); if ('administrator' !== strtolower($user['name'])) { $where .= ' AND user_id IN( 0, ' . (int) $user[Config::getGlobal('auth_userpk')] . ' )'; } } $db = Db::getInstance(); return $db->getRows($query = 'SELECT id, name FROM atk_exportcriteria WHERE ' . $where . ' ORDER BY name'); }
/** * This function determines if the user has the privilege to perform a certain * action on the node. * * @param string $action The action to be checked. * @param array $record The record on which the action is to be performed. * The standard implementation ignores this * parameter, but derived classes may override this * method to implement their own record based * security policy. Keep in mind that a record is not * passed in every occasion. The method is called * several times without a record, to just see if * the user has the privilege for the action * regardless of the record being processed. * * @return bool True if the action may be performed, false if not. */ public function allowed($action, $record = array()) { $secMgr = SecurityManager::getInstance(); $alias = $this->atkNodeUri(); $this->resolveNodeTypeAndAction($alias, $action); return $this->hasFlag(self::NF_NO_SECURITY) || in_array($action, $this->m_unsecuredActions) || $secMgr->allowed($alias, $action) || isset($this->m_securityImplied[$action]) && $secMgr->allowed($alias, $this->m_securityImplied[$action]); }
/** * Check if the currently logged-in user has the right to view, edit etc. * an attribute of a node. * * @param SecurityManager $securityMgr the security manager * @param Attribute $attr attribute reference * @param string $mode mode (add, edit, view etc.) * @param array $record record data * * @return bool true if access is granted, false if not. */ public function attribAllowed($securityMgr, $attr, $mode, $record = null) { $node = $attr->m_ownerInstance->atkNodeUri(); $attribute = $attr->fieldName(); // security disabled or user is superuser? (may do anything) if ($securityMgr->m_scheme == 'none' || !Config::getGlobal('security_attributes') || $securityMgr->hasLevel(-1) || strtolower($securityMgr->m_user['name']) == 'administrator') { $allowed = true; } else { if ($securityMgr->hasLevel(-2) || strtolower($securityMgr->m_user['name']) == 'guest') { $allowed = false; } else { // all other situations $required = $this->getAttribEntity($node, $attribute, $mode); if ($required == -1) { // No access restrictions found.. $allowed = true; } else { if ($securityMgr->m_scheme == 'level') { $allowed = $securityMgr->m_user['level'] >= $required; } else { if ($securityMgr->m_scheme == 'group') { $level = is_array($securityMgr->m_user['level']) ? $securityMgr->m_user['level'] : [$securityMgr->m_user['level']]; $required = is_array($required) ? $required : [$required]; $allowed = array_intersect($level, $required) ? true : false; if (Config::getGlobal('reverse_attributeaccess_logic', false)) { $allowed = !$allowed; } } else { // unknown scheme?? $allowed = false; } } } } } return $allowed; }
/** * Checks whether the current user has the 'grantall' privilege (if such a * privilege exists; this is determined by the application by setting * $config_auth_grantall_privilege. * * @return bool */ public function canGrantAll() { $privilege_setting = Config::getGlobal('auth_grantall_privilege'); if ($privilege_setting != '') { $securityManager = SecurityManager::getInstance(); list($mod, $node, $priv) = explode('.', $privilege_setting); return $securityManager->allowed($mod . '.' . $node, $priv); } return false; }
/** * This method is overridden to make sure that when a form is posted ('save' button), the * current record is refreshed so the output on screen is accurate. * * @return array Array with userinfo, or "" if no user is logged in. */ public function initialValue() { $fakeRecord = array($this->fieldName() => SecurityManager::atkGetUser()); $this->populate($fakeRecord); return $fakeRecord[$this->fieldName()]; }
/** * Get the selected language of the current user if he/she set one, * otherwise we try to get it from the browser settings and if even THAT * fails, we return the default language. * * @static * * @return string */ public static function getUserLanguage() { $supported = self::getSupportedLanguages(); $sessionmanager = SessionManager::getInstance(); if (!empty($sessionmanager)) { $userinfo = SecurityManager::atkGetUser(); $fieldname = Config::getGlobal('auth_languagefield'); if (isset($userinfo[$fieldname]) && in_array($userinfo[$fieldname], $supported)) { return $userinfo[$fieldname]; } } // Otherwise we check the headers if (Config::getGlobal('use_browser_language', false)) { $headerlng = self::getLanguageFromHeaders(); if ($headerlng && in_array($headerlng, $supported)) { return $headerlng; } } // We give up and just return the default language return Config::getGlobal('language'); }
/** * Does the actual loading of the dispatch page * And adds it to the page for the dispatch() method to render. * * @param array $postvars The request variables for the node. * @param Node $node */ public function loadDispatchPage($postvars, Node $node) { $node->m_postvars = $postvars; $node->m_action = $postvars['atkaction']; if (isset($postvars['atkpartial'])) { $node->m_partial = $postvars['atkpartial']; } $page = $node->getPage(); $page->setTitle(Tools::atktext('app_shorttitle') . ' - ' . $node->getUi()->title($node->m_module, $node->m_type, $node->m_action)); if ($node->allowed($node->m_action)) { $secMgr = SecurityManager::getInstance(); $secMgr->logAction($node->m_type, $node->m_action); $node->callHandler($node->m_action); $id = ''; if (isset($node->m_postvars['atkselector']) && is_array($node->m_postvars['atkselector'])) { $atkSelectorDecoded = []; foreach ($node->m_postvars['atkselector'] as $rowIndex => $selector) { list($selector, $pk) = explode('=', $selector); $atkSelectorDecoded[] = $pk; $id = implode(',', $atkSelectorDecoded); } } else { list(, $id) = explode('=', Tools::atkArrayNvl($node->m_postvars, 'atkselector', '=')); } $page->register_hiddenvars(array('atknodeuri' => $node->m_module . '.' . $node->m_type, 'atkselector' => str_replace("'", '', $id))); } else { $page->addContent($this->accessDeniedPage($node->getType())); } }