mirror of
				https://github.com/Mibew/mibew.git
				synced 2025-10-25 15:56:52 +03:00 
			
		
		
		
	Rewrite Authentication Manager to keep the current operator within it
This commit is contained in:
		
							parent
							
								
									65a9e7c9e8
								
							
						
					
					
						commit
						1163023062
					
				| @ -0,0 +1,58 @@ | ||||
| <?php | ||||
| /* | ||||
|  * Copyright 2005-2014 the original author or authors. | ||||
|  * | ||||
|  * Licensed under the Apache License, Version 2.0 (the "License"); | ||||
|  * you may not use this file except in compliance with the License. | ||||
|  * You may obtain a copy of the License at | ||||
|  * | ||||
|  *     http://www.apache.org/licenses/LICENSE-2.0 | ||||
|  * | ||||
|  * Unless required by applicable law or agreed to in writing, software | ||||
|  * distributed under the License is distributed on an "AS IS" BASIS, | ||||
|  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||
|  * See the License for the specific language governing permissions and | ||||
|  * limitations under the License. | ||||
|  */ | ||||
| 
 | ||||
| namespace Mibew\AccessControl\Check; | ||||
| 
 | ||||
| use Mibew\Authentication\AuthenticationManagerAwareInterface; | ||||
| use Mibew\Authentication\AuthenticationManagerInterface; | ||||
| 
 | ||||
| /** | ||||
|  * Abstract check that provide an ability to use Authentication manager. | ||||
|  */ | ||||
| abstract class AbstractCheck implements AuthenticationManagerAwareInterface | ||||
| { | ||||
|     /** | ||||
|      * @var AuthenticationManagerInterface|null | ||||
|      */ | ||||
|     protected $authenticationManager = null; | ||||
| 
 | ||||
|     /** | ||||
|      * {@inheritdoc} | ||||
|      */ | ||||
|     public function getAuthenticationManager() | ||||
|     { | ||||
|         return $this->authenticationManager; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * {@inheritdoc} | ||||
|      */ | ||||
|     public function setAuthenticationManager(AuthenticationManagerInterface $manager) | ||||
|     { | ||||
|         $this->authenticationManager = $manager; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Returns the current operator. | ||||
|      * | ||||
|      * @return array Operator's data | ||||
|      */ | ||||
|     public function getOperator() | ||||
|     { | ||||
|         return $this->getAuthenticationManager()->getOperator(); | ||||
|     } | ||||
| } | ||||
| @ -17,10 +17,28 @@ | ||||
| 
 | ||||
| namespace Mibew\AccessControl\Check; | ||||
| 
 | ||||
| use Mibew\Authentication\AuthenticationManagerAwareInterface; | ||||
| use Mibew\Authentication\AuthenticationManagerInterface; | ||||
| use Symfony\Component\HttpFoundation\Request; | ||||
| 
 | ||||
| class CheckResolver | ||||
| { | ||||
|     /** | ||||
|      * @var AuthenticationManagerInterface|null | ||||
|      */ | ||||
|     protected $authenticationManager = null; | ||||
| 
 | ||||
|     /** | ||||
|      * Class contructor. | ||||
|      * | ||||
|      * @param AuthenticationManagerInterface $manager An instance of | ||||
|      * authentication manager. | ||||
|      */ | ||||
|     public function __construct(AuthenticationManagerInterface $manager) | ||||
|     { | ||||
|         $this->authenticationManager = $manager; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Resolves access check callable by request. | ||||
|      * | ||||
| @ -43,7 +61,12 @@ class CheckResolver | ||||
|         // directly
 | ||||
|         if (strpos($access_check, ':') === false) { | ||||
|             if (method_exists($access_check, '__invoke')) { | ||||
|                 return new $access_check(); | ||||
|                 $object = new $access_check(); | ||||
|                 if ($object instanceof AuthenticationManagerAwareInterface) { | ||||
|                     $object->setAuthenticationManager($this->authenticationManager); | ||||
|                 } | ||||
| 
 | ||||
|                 return $object; | ||||
|             } elseif (function_exists($access_check)) { | ||||
|                 return $access_check; | ||||
|             } else { | ||||
| @ -90,6 +113,11 @@ class CheckResolver | ||||
|             throw new \InvalidArgumentException(sprintf('Class "%s" does not exist.', $class)); | ||||
|         } | ||||
| 
 | ||||
|         return array(new $class(), $method); | ||||
|         $object = new $class(); | ||||
|         if ($object instanceof AuthenticationManagerAwareInterface) { | ||||
|             $object->setAuthenticationManager($this->authenticationManager); | ||||
|         } | ||||
| 
 | ||||
|         return array($object, $method); | ||||
|     } | ||||
| } | ||||
|  | ||||
| @ -22,10 +22,10 @@ use Symfony\Component\HttpFoundation\Request; | ||||
| /** | ||||
|  * Checks if operator from the request is logged in. | ||||
|  */ | ||||
| class LoggedInCheck | ||||
| class LoggedInCheck extends AbstractCheck | ||||
| { | ||||
|     public function __invoke(Request $request) | ||||
|     { | ||||
|         return (bool)$request->attributes->get('_operator'); | ||||
|         return (bool)$this->getOperator(); | ||||
|     } | ||||
| } | ||||
|  | ||||
| @ -39,7 +39,7 @@ class OperatorEditCheck extends LoggedInCheck | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
|         $target_operator_id = $request->attributes->getInt('operator_id', false); | ||||
| 
 | ||||
|         return is_capable(CAN_ADMINISTRATE, $operator) | ||||
|  | ||||
| @ -39,7 +39,7 @@ class OperatorViewCheck extends LoggedInCheck | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
|         $target_operator_id = $request->attributes->getInt('operator_id', false); | ||||
| 
 | ||||
|         return is_capable(CAN_ADMINISTRATE, $operator) | ||||
|  | ||||
| @ -51,7 +51,7 @@ class PermissionsCheck extends LoggedInCheck | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
|         $permissions = $request->attributes->get('_access_permissions', array()); | ||||
|         foreach ($permissions as $permission) { | ||||
|             if (!is_capable($this->resolvePermission($permission), $operator)) { | ||||
|  | ||||
| @ -74,9 +74,12 @@ class Application | ||||
|     { | ||||
|         $this->fileLocator = new FileLocator(array(MIBEW_FS_ROOT)); | ||||
|         $this->router = new Router(new RouteCollectionLoader($this->fileLocator)); | ||||
|         $this->controllerResolver = new ControllerResolver($this->router); | ||||
|         $this->accessCheckResolver = new CheckResolver(); | ||||
|         $this->authenticationManager = new AuthenticationManager(); | ||||
|         $this->controllerResolver = new ControllerResolver( | ||||
|             $this->router, | ||||
|             $this->authenticationManager | ||||
|         ); | ||||
|         $this->accessCheckResolver = new CheckResolver($this->authenticationManager); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
| @ -95,6 +98,7 @@ class Application | ||||
|         // Actualize cookie factory in the authentication manager.
 | ||||
|         $cookie_factory = CookieFactory::fromRequest($request); | ||||
|         $this->authenticationManager->setCookieFactory($cookie_factory); | ||||
|         $this->authenticationManager->setOperatorFromRequest($request); | ||||
| 
 | ||||
|         try { | ||||
|             // Try to match a route, check if the client can access it and add
 | ||||
| @ -102,10 +106,6 @@ class Application | ||||
|             try { | ||||
|                 $parameters = $this->router->matchRequest($request); | ||||
|                 $request->attributes->add($parameters); | ||||
|                 $request->attributes->set( | ||||
|                     '_operator', | ||||
|                     $this->authenticationManager->extractOperator($request) | ||||
|                 ); | ||||
| 
 | ||||
|                 // Check if the user can access the page
 | ||||
|                 $access_check = $this->accessCheckResolver->getCheck($request); | ||||
| @ -145,10 +145,9 @@ class Application | ||||
|             $response = new Response((string)$response); | ||||
|         } | ||||
| 
 | ||||
|         // Get modified operator from the request and attach authentication info
 | ||||
|         // to the response to distinguish him in the next requests.
 | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $this->authenticationManager->attachOperator($response, $operator); | ||||
|         // Attach operator's authentication info to the response to distinguish
 | ||||
|         // him in the next requests.
 | ||||
|         $this->authenticationManager->attachOperatorToResponse($response); | ||||
| 
 | ||||
|         return $response; | ||||
|     } | ||||
| @ -182,7 +181,7 @@ class Application | ||||
|             return $args['response']; | ||||
|         } | ||||
| 
 | ||||
|         if ($request->attributes->get('_operator')) { | ||||
|         if ($this->authenticationManager->getOperator()) { | ||||
|             // If the operator already logged in, display 403 page.
 | ||||
|             return new Response('Forbidden', 403); | ||||
|         } | ||||
|  | ||||
| @ -25,136 +25,37 @@ use Symfony\Component\HttpFoundation\Response; | ||||
| /** | ||||
|  * Controls operator's authentication. | ||||
|  */ | ||||
| class AuthenticationManager | ||||
| class AuthenticationManager implements AuthenticationManagerInterface | ||||
| { | ||||
|     /** | ||||
|      * Indicates if the operator is logged in. | ||||
|      * @var boolean | ||||
|      */ | ||||
|     protected $loggedIn = false; | ||||
| 
 | ||||
|     /** | ||||
|      * Indicates if the operator should be remembered after login. | ||||
|      * @var boolean | ||||
|      */ | ||||
|     protected $remember = false; | ||||
| 
 | ||||
|     /** | ||||
|      * Indicates if the current operator is logged out. | ||||
|      * @var boolean | ||||
|      */ | ||||
|     protected $loggedOut = false; | ||||
| 
 | ||||
|     /** | ||||
|      * The current operator. | ||||
|      * @var array|null | ||||
|      */ | ||||
|     protected $operator = null; | ||||
| 
 | ||||
|     /** | ||||
|      * @var CookieFactory|null | ||||
|      */ | ||||
|     protected $cookieFactory = null; | ||||
| 
 | ||||
|     /** | ||||
|      * Extracts operator's data from the passed in request object. | ||||
|      * | ||||
|      * Triggers 'operatorAuthenticate' event if operator is not authenticated by | ||||
|      * the system and pass to it an associative array with following items: | ||||
|      *  - 'operator': if a plugin has extracted operator from the request it | ||||
|      *    should set operator's data to this field. | ||||
|      *  - 'request': {@link Request}, incoming request. Can be used by a plugin | ||||
|      *    to extract an operator. | ||||
|      * | ||||
|      * @param Request $request A request to extract operator from. | ||||
|      * @return array|bool Associative array with operator's data or boolean | ||||
|      *   false if there is no operator related with the request. | ||||
|      */ | ||||
|     public function extractOperator(Request $request) | ||||
|     { | ||||
|         // Try to get operator from session.
 | ||||
|         if (isset($_SESSION[SESSION_PREFIX . 'operator'])) { | ||||
|             return $_SESSION[SESSION_PREFIX . 'operator']; | ||||
|         } | ||||
| 
 | ||||
|         // Check if operator had used "remember me" feature.
 | ||||
|         if ($request->cookies->has(REMEMBER_OPERATOR_COOKIE_NAME)) { | ||||
|             $cookie_value = $request->cookies->get(REMEMBER_OPERATOR_COOKIE_NAME); | ||||
|             list($login, $pwd) = preg_split('/\x0/', base64_decode($cookie_value), 2); | ||||
|             $op = operator_by_login($login); | ||||
|             $can_login = $op | ||||
|                 && isset($pwd) | ||||
|                 && isset($op['vcpassword']) | ||||
|                 && calculate_password_hash($op['vclogin'], $op['vcpassword']) == $pwd | ||||
|                 && !operator_is_disabled($op); | ||||
|             if ($can_login) { | ||||
|                 $_SESSION[SESSION_PREFIX . 'operator'] = $op; | ||||
| 
 | ||||
|                 return $op; | ||||
|             } | ||||
|         } | ||||
| 
 | ||||
|         // Provide an ability for plugins to authenticate operator
 | ||||
|         $args = array( | ||||
|             'operator' => false, | ||||
|             'request' => $request, | ||||
|         ); | ||||
|         $dispatcher = EventDispatcher::getInstance(); | ||||
|         $dispatcher->triggerEvent('operatorAuthenticate', $args); | ||||
| 
 | ||||
|         if (!empty($args['operator'])) { | ||||
|             $_SESSION[SESSION_PREFIX . 'operator'] = $args['operator']; | ||||
|             return $args['operator']; | ||||
|         } | ||||
| 
 | ||||
|         // Operator's data cannot be extracted from the request.
 | ||||
|         return false; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Attaches operator's token to the response, thus is can be used to extract | ||||
|      * operator in the next request. | ||||
|      * | ||||
|      * @param Response $response The response object which will be sent to the | ||||
|      * client. | ||||
|      * @param array $operator Operator's data. | ||||
|      * @return Response Updated response. | ||||
|      */ | ||||
|     public function attachOperator(Response $response, $operator) | ||||
|     { | ||||
|         if ($operator) { | ||||
|             // Calculate password hashes for operator in the request and for the
 | ||||
|             // operator in session. If the hashes are different then operator's
 | ||||
|             // password or login was changed.
 | ||||
|             $password_hash = calculate_password_hash( | ||||
|                 $operator['vclogin'], | ||||
|                 $operator['vcpassword'] | ||||
|             ); | ||||
| 
 | ||||
|             if (isset($_SESSION[SESSION_PREFIX . 'operator'])) { | ||||
|                 $old_operator = $_SESSION[SESSION_PREFIX . 'operator']; | ||||
|                 $old_password_hash = calculate_password_hash( | ||||
|                     $old_operator['vclogin'], | ||||
|                     $old_operator['vcpassword'] | ||||
|                 ); | ||||
|                 $credentials_changed = $password_hash != $old_password_hash; | ||||
|             } else { | ||||
|                 $credentials_changed = false; | ||||
|             } | ||||
| 
 | ||||
|             // Check if we need to remember the operator
 | ||||
|             if (isset($operator['remember_me'])) { | ||||
|                 $remember = $operator['remember_me']; | ||||
|                 unset($operator['remember_me']); | ||||
|             } else { | ||||
|                 $remember = false; | ||||
|             } | ||||
| 
 | ||||
|             // Update operator in the session
 | ||||
|             $_SESSION[SESSION_PREFIX . 'operator'] = $operator; | ||||
| 
 | ||||
|             // Set or update remember me cookie if needed
 | ||||
|             if ($remember || $credentials_changed) { | ||||
|                 $remember_cookie = $this->getCookieFactory()->createCookie( | ||||
|                     REMEMBER_OPERATOR_COOKIE_NAME, | ||||
|                     base64_encode($operator['vclogin'] . "\x0" . $password_hash), | ||||
|                     time() + 60 * 60 * 24 * 1000, | ||||
|                     true | ||||
|                 ); | ||||
| 
 | ||||
|                 $response->headers->setCookie($remember_cookie); | ||||
|             } | ||||
|         } else { | ||||
|             // Clean up session data
 | ||||
|             unset($_SESSION[SESSION_PREFIX . 'operator']); | ||||
|             unset($_SESSION['backpath']); | ||||
| 
 | ||||
|             // Clear remember cookie
 | ||||
|             $cookie_factory = $this->getCookieFactory(); | ||||
|             $response->headers->clearCookie( | ||||
|                 REMEMBER_OPERATOR_COOKIE_NAME, | ||||
|                 $cookie_factory->getPath(), | ||||
|                 $cookie_factory->getDomain() | ||||
|             ); | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Updates instance of cookie factory related with the manager. | ||||
|      * | ||||
| @ -178,4 +79,174 @@ class AuthenticationManager | ||||
| 
 | ||||
|         return $this->cookieFactory; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * {@inheritdoc} | ||||
|      * | ||||
|      * Triggers 'operatorAuthenticate' event if operator is not authenticated by | ||||
|      * the system and pass to it an associative array with following items: | ||||
|      *  - 'operator': if a plugin has extracted operator from the request it | ||||
|      *    should set operator's data to this field. | ||||
|      *  - 'request': {@link Request}, incoming request. Can be used by a plugin | ||||
|      *    to extract an operator. | ||||
|      */ | ||||
|     public function setOperatorFromRequest(Request $request) | ||||
|     { | ||||
|         // Try to get operator from session.
 | ||||
|         if (isset($_SESSION[SESSION_PREFIX . 'operator'])) { | ||||
|             $this->operator = $_SESSION[SESSION_PREFIX . 'operator']; | ||||
| 
 | ||||
|             return true; | ||||
|         } | ||||
| 
 | ||||
|         // Check if operator had used "remember me" feature.
 | ||||
|         if ($request->cookies->has(REMEMBER_OPERATOR_COOKIE_NAME)) { | ||||
|             $cookie_value = $request->cookies->get(REMEMBER_OPERATOR_COOKIE_NAME); | ||||
|             list($login, $pwd) = preg_split('/\x0/', base64_decode($cookie_value), 2); | ||||
|             $op = operator_by_login($login); | ||||
|             $can_login = $op | ||||
|                 && isset($pwd) | ||||
|                 && isset($op['vcpassword']) | ||||
|                 && calculate_password_hash($op['vclogin'], $op['vcpassword']) == $pwd | ||||
|                 && !operator_is_disabled($op); | ||||
|             if ($can_login) { | ||||
|                 // Cache operator in the session data
 | ||||
|                 $_SESSION[SESSION_PREFIX . 'operator'] = $op; | ||||
|                 $this->operator = $op; | ||||
| 
 | ||||
|                 return true; | ||||
|             } | ||||
|         } | ||||
| 
 | ||||
|         // Provide an ability for plugins to authenticate operator
 | ||||
|         $args = array( | ||||
|             'operator' => false, | ||||
|             'request' => $request, | ||||
|         ); | ||||
|         $dispatcher = EventDispatcher::getInstance(); | ||||
|         $dispatcher->triggerEvent('operatorAuthenticate', $args); | ||||
| 
 | ||||
|         if (!empty($args['operator'])) { | ||||
|             // Cache operator in the session
 | ||||
|             $_SESSION[SESSION_PREFIX . 'operator'] = $args['operator']; | ||||
|             $this->operator = $args['operator']; | ||||
| 
 | ||||
|             return true; | ||||
|         } | ||||
| 
 | ||||
|         // Operator's data cannot be extracted from the request.
 | ||||
|         return false; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * {@inheritdoc} | ||||
|      */ | ||||
|     public function attachOperatorToResponse(Response $response) | ||||
|     { | ||||
|         if ($this->loggedOut) { | ||||
|             // An operator is logged out. Clean up session data.
 | ||||
|             unset($_SESSION[SESSION_PREFIX . 'operator']); | ||||
|             unset($_SESSION['backpath']); | ||||
| 
 | ||||
|             // Clear remember cookie.
 | ||||
|             $cookie_factory = $this->getCookieFactory(); | ||||
|             $response->headers->clearCookie( | ||||
|                 REMEMBER_OPERATOR_COOKIE_NAME, | ||||
|                 $cookie_factory->getPath(), | ||||
|                 $cookie_factory->getDomain() | ||||
|             ); | ||||
|         } elseif ($this->loggedIn) { | ||||
|             // An operator is logged in. Update operator in the session.
 | ||||
|             $_SESSION[SESSION_PREFIX . 'operator'] = $this->operator; | ||||
| 
 | ||||
|             // Set remember me cookie if needed
 | ||||
|             if ($this->remember) { | ||||
|                 $password_hash = calculate_password_hash( | ||||
|                     $this->operator['vclogin'], | ||||
|                     $this->operator['vcpassword'] | ||||
|                 ); | ||||
|                 $remember_cookie = $this->getCookieFactory()->createCookie( | ||||
|                     REMEMBER_OPERATOR_COOKIE_NAME, | ||||
|                     base64_encode($this->operator['vclogin'] . "\x0" . $password_hash), | ||||
|                     time() + 60 * 60 * 24 * 1000, | ||||
|                     true | ||||
|                 ); | ||||
| 
 | ||||
|                 $response->headers->setCookie($remember_cookie); | ||||
|             } | ||||
|         } elseif ($this->operator) { | ||||
|             // Update the current operator.
 | ||||
|             $_SESSION[SESSION_PREFIX . 'operator'] = $this->operator; | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * {@inheritdoc} | ||||
|      */ | ||||
|     public function getOperator() | ||||
|     { | ||||
|         return $this->operator; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * {@inheritdoc} | ||||
|      */ | ||||
|     public function setOperator($operator) | ||||
|     { | ||||
|         $operator_updated = $operator | ||||
|             && $this->operator | ||||
|             && ($this->operator['operatorid'] == $operator['operatorid']); | ||||
|         if (!$operator_updated) { | ||||
|             // If the current operator is changed (not updated) we should
 | ||||
|             // reset all login/logout flags.
 | ||||
|             $this->loggedIn = false; | ||||
|             $this->loggedOut = false; | ||||
|             $this->remember = false; | ||||
|         } | ||||
| 
 | ||||
|         // Update the current operator
 | ||||
|         $this->operator = $operator; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * {@inheritdoc} | ||||
|      * | ||||
|      * Triggers 'operatorLogin' event after operator logged in and pass to it an | ||||
|      * associative array with following items: | ||||
|      *  - 'operator': array of the logged in operator info; | ||||
|      *  - 'remember': boolean, indicates if system should remember operator. | ||||
|      */ | ||||
|     public function loginOperator($operator, $remember) | ||||
|     { | ||||
|         $this->loggedIn = true; | ||||
|         $this->remember = $remember; | ||||
|         $this->loggedOut = false; | ||||
|         $this->operator = $operator; | ||||
| 
 | ||||
|         // Trigger login event
 | ||||
|         $args = array( | ||||
|             'operator' => $operator, | ||||
|             'remember' => $remember, | ||||
|         ); | ||||
|         $dispatcher = EventDispatcher::getInstance(); | ||||
|         $dispatcher->triggerEvent('operatorLogin', $args); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * {@inheritdoc} | ||||
|      * | ||||
|      * Triggers 'operatorLogout' event after operator logged out. | ||||
|      */ | ||||
|     public function logoutOperator() | ||||
|     { | ||||
|         $this->loggedOut = true; | ||||
|         $this->loggedIn = false; | ||||
|         $this->remember = false; | ||||
| 
 | ||||
|         $this->operator = null; | ||||
| 
 | ||||
|         // Trigger logout event
 | ||||
|         $dispatcher = EventDispatcher::getInstance(); | ||||
|         $dispatcher->triggerEvent('operatorLogout'); | ||||
|     } | ||||
| } | ||||
|  | ||||
| @ -0,0 +1,39 @@ | ||||
| <?php | ||||
| /* | ||||
|  * Copyright 2005-2014 the original author or authors. | ||||
|  * | ||||
|  * Licensed under the Apache License, Version 2.0 (the "License"); | ||||
|  * you may not use this file except in compliance with the License. | ||||
|  * You may obtain a copy of the License at | ||||
|  * | ||||
|  *     http://www.apache.org/licenses/LICENSE-2.0 | ||||
|  * | ||||
|  * Unless required by applicable law or agreed to in writing, software | ||||
|  * distributed under the License is distributed on an "AS IS" BASIS, | ||||
|  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||
|  * See the License for the specific language governing permissions and | ||||
|  * limitations under the License. | ||||
|  */ | ||||
| 
 | ||||
| namespace Mibew\Authentication; | ||||
| 
 | ||||
| /** | ||||
|  * Interface for all classes that knows about authentication manager. | ||||
|  */ | ||||
| interface AuthenticationManagerAwareInterface | ||||
| { | ||||
|     /** | ||||
|      * Sets internal instance of authentication manager. | ||||
|      * | ||||
|      * @param AuthenticationManagerInterface $manager An authentication manager | ||||
|      * instance. | ||||
|      */ | ||||
|     public function setAuthenticationManager(AuthenticationManagerInterface $manager); | ||||
| 
 | ||||
|     /** | ||||
|      * Gets authentication manager instance. | ||||
|      * | ||||
|      * @returns AuthenticationManagerInterface | ||||
|      */ | ||||
|     public function getAuthenticationManager(); | ||||
| } | ||||
| @ -0,0 +1,71 @@ | ||||
| <?php | ||||
| /* | ||||
|  * Copyright 2005-2014 the original author or authors. | ||||
|  * | ||||
|  * Licensed under the Apache License, Version 2.0 (the "License"); | ||||
|  * you may not use this file except in compliance with the License. | ||||
|  * You may obtain a copy of the License at | ||||
|  * | ||||
|  *     http://www.apache.org/licenses/LICENSE-2.0 | ||||
|  * | ||||
|  * Unless required by applicable law or agreed to in writing, software | ||||
|  * distributed under the License is distributed on an "AS IS" BASIS, | ||||
|  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||
|  * See the License for the specific language governing permissions and | ||||
|  * limitations under the License. | ||||
|  */ | ||||
| 
 | ||||
| namespace Mibew\Authentication; | ||||
| 
 | ||||
| use Symfony\Component\HttpFoundation\Request; | ||||
| use Symfony\Component\HttpFoundation\Response; | ||||
| 
 | ||||
| /** | ||||
|  * Base interface for all authentication managers. | ||||
|  */ | ||||
| interface AuthenticationManagerInterface | ||||
| { | ||||
|     /** | ||||
|      * Set the current operator using request to extract him. | ||||
|      * | ||||
|      * @param Request $request Incoming request. | ||||
|      * @return boolean true if an operator was extracted from the request and | ||||
|      *   false otherwise. | ||||
|      */ | ||||
|     public function setOperatorFromRequest(Request $request); | ||||
| 
 | ||||
|     /** | ||||
|      * Attaches some data to the response that are needed to identify operator | ||||
|      * in the next requests. | ||||
|      * | ||||
|      * @param Response $response A response which will be returned to the client. | ||||
|      */ | ||||
|     public function attachOperatorToResponse(Response $response); | ||||
| 
 | ||||
|     /** | ||||
|      * Returns the current operator. | ||||
|      * | ||||
|      * @return array Operator's data | ||||
|      */ | ||||
|     public function getOperator(); | ||||
| 
 | ||||
|     /** | ||||
|      * Sets the current operator. | ||||
|      * | ||||
|      * @param array $operator The current operator's data. | ||||
|      */ | ||||
|     public function setOperator($operator); | ||||
| 
 | ||||
|     /** | ||||
|      * Login specified operator into the system and use him as the current | ||||
|      * operator. | ||||
|      * | ||||
|      * @param array $operator An operator to login. | ||||
|      */ | ||||
|     public function loginOperator($operator, $remember); | ||||
| 
 | ||||
|     /** | ||||
|      * Logout the current operator from the system. | ||||
|      */ | ||||
|     public function logoutOperator(); | ||||
| } | ||||
| @ -17,6 +17,8 @@ | ||||
| 
 | ||||
| namespace Mibew\Controller; | ||||
| 
 | ||||
| use Mibew\Authentication\AuthenticationManagerAwareInterface; | ||||
| use Mibew\Authentication\AuthenticationManagerInterface; | ||||
| use Mibew\Routing\Router; | ||||
| use Mibew\Routing\RouterAwareInterface; | ||||
| use Mibew\Style\StyleInterface; | ||||
| @ -27,13 +29,18 @@ use Symfony\Component\HttpFoundation\RedirectResponse; | ||||
| /** | ||||
|  * A base class for all controllers. | ||||
|  */ | ||||
| abstract class AbstractController implements RouterAwareInterface | ||||
| abstract class AbstractController implements RouterAwareInterface, AuthenticationManagerAwareInterface | ||||
| { | ||||
|     /** | ||||
|      * @var Router|null | ||||
|      */ | ||||
|     protected $router = null; | ||||
| 
 | ||||
|     /** | ||||
|      * @var AuthenticationManagerInterface|null | ||||
|      */ | ||||
|     protected $authenticationManager = null; | ||||
| 
 | ||||
|     /** | ||||
|      * @var StyleInterface|null | ||||
|      */ | ||||
| @ -55,6 +62,22 @@ abstract class AbstractController implements RouterAwareInterface | ||||
|         return $this->router; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * {@inheritdoc} | ||||
|      */ | ||||
|     public function setAuthenticationManager(AuthenticationManagerInterface $manager) | ||||
|     { | ||||
|         $this->authenticationManager = $manager; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * {@inheritdoc} | ||||
|      */ | ||||
|     public function getAuthenticationManager() | ||||
|     { | ||||
|         return $this->authenticationManager; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Generates a URL from the given parameters. | ||||
|      * | ||||
| @ -121,4 +144,14 @@ abstract class AbstractController implements RouterAwareInterface | ||||
| 
 | ||||
|         return $this->style; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Returns the current operator. | ||||
|      * | ||||
|      * @return array Operator's data | ||||
|      */ | ||||
|     public function getOperator() | ||||
|     { | ||||
|         return $this->getAuthenticationManager()->getOperator(); | ||||
|     } | ||||
| } | ||||
|  | ||||
| @ -39,7 +39,7 @@ class BanController extends AbstractController | ||||
|         set_csrf_token(); | ||||
|         setlocale(LC_TIME, getstring('time.locale')); | ||||
| 
 | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
|         $page = array( | ||||
|             'errors' => array(), | ||||
|         ); | ||||
| @ -101,7 +101,7 @@ class BanController extends AbstractController | ||||
|     { | ||||
|         set_csrf_token(); | ||||
| 
 | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
| 
 | ||||
|         $page = array( | ||||
|             'banId' => '', | ||||
| @ -178,7 +178,7 @@ class BanController extends AbstractController | ||||
|     { | ||||
|         csrf_check_token($request); | ||||
| 
 | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
|         $errors = array(); | ||||
| 
 | ||||
|         $page = array( | ||||
|  | ||||
| @ -38,7 +38,7 @@ class ButtonCodeController extends AbstractController | ||||
|      */ | ||||
|     public function generateAction(Request $request) | ||||
|     { | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
| 
 | ||||
|         $page = array( | ||||
|             'errors' => array(), | ||||
|  | ||||
| @ -35,7 +35,7 @@ class CannedMessageController extends AbstractController | ||||
|     { | ||||
|         set_csrf_token(); | ||||
| 
 | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
|         $page = array( | ||||
|             'errors' => array(), | ||||
|         ); | ||||
| @ -144,7 +144,7 @@ class CannedMessageController extends AbstractController | ||||
|     { | ||||
|         set_csrf_token(); | ||||
| 
 | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
|         $message_id = $request->attributes->getInt('message_id'); | ||||
|         $page = array( | ||||
|             // Use errors list stored in the request. We need to do so to have
 | ||||
| @ -204,7 +204,7 @@ class CannedMessageController extends AbstractController | ||||
|     { | ||||
|         csrf_check_token($request); | ||||
| 
 | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
|         $message_id = $request->attributes->getInt('message_id'); | ||||
|         $errors = array(); | ||||
| 
 | ||||
|  | ||||
| @ -17,6 +17,8 @@ | ||||
| 
 | ||||
| namespace Mibew\Controller; | ||||
| 
 | ||||
| use Mibew\Authentication\AuthenticationManagerAwareInterface; | ||||
| use Mibew\Authentication\AuthenticationManagerInterface; | ||||
| use Mibew\Routing\RouterAwareInterface; | ||||
| use Symfony\Component\Routing\RouterInterface; | ||||
| use Symfony\Component\HttpFoundation\Request; | ||||
| @ -28,14 +30,22 @@ class ControllerResolver | ||||
|      */ | ||||
|     protected $router = null; | ||||
| 
 | ||||
|     /** | ||||
|      * @var AuthenticationManagerInterface|null | ||||
|      */ | ||||
|     protected $authenticationManager = null; | ||||
| 
 | ||||
|     /** | ||||
|      * Class constructor. | ||||
|      * | ||||
|      * @param RouterInterface $router Router instance. | ||||
|      * @param AuthenticationManagerInterface $manager Authentication manager | ||||
|      *   instance. | ||||
|      */ | ||||
|     public function __construct(RouterInterface $router) | ||||
|     public function __construct(RouterInterface $router, AuthenticationManagerInterface $manager) | ||||
|     { | ||||
|         $this->router = $router; | ||||
|         $this->authenticationManager = $manager; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
| @ -95,6 +105,10 @@ class ControllerResolver | ||||
|             $object->setRouter($this->router); | ||||
|         } | ||||
| 
 | ||||
|         if ($object instanceof AuthenticationManagerAwareInterface) { | ||||
|             $object->setAuthenticationManager($this->authenticationManager); | ||||
|         } | ||||
| 
 | ||||
|         return array($object, $method); | ||||
|     } | ||||
| } | ||||
|  | ||||
| @ -35,7 +35,7 @@ class ManagementController extends AbstractController | ||||
|     { | ||||
|         set_csrf_token(); | ||||
| 
 | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
|         $page = array( | ||||
|             'errors' => array(), | ||||
|         ); | ||||
|  | ||||
| @ -37,7 +37,7 @@ class MembersController extends AbstractController | ||||
|     { | ||||
|         set_csrf_token(); | ||||
| 
 | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
|         $group_id = $request->attributes->getInt('group_id'); | ||||
| 
 | ||||
|         $page = array( | ||||
|  | ||||
| @ -37,7 +37,7 @@ class SettingsController extends AbstractController | ||||
|     { | ||||
|         set_csrf_token(); | ||||
| 
 | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
|         $group_id = $request->attributes->getInt('group_id'); | ||||
| 
 | ||||
|         $page = array( | ||||
|  | ||||
| @ -39,7 +39,7 @@ class HistoryController extends AbstractController | ||||
|         setlocale(LC_TIME, getstring("time.locale")); | ||||
| 
 | ||||
|         $page = array(); | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
|         $query = $request->query->get('q', false); | ||||
| 
 | ||||
|         $search_type = $request->query->get('type'); | ||||
| @ -179,7 +179,7 @@ class HistoryController extends AbstractController | ||||
|     { | ||||
|         setlocale(LC_TIME, getstring("time.locale")); | ||||
| 
 | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
|         $page = array(); | ||||
| 
 | ||||
|         // Load thread info
 | ||||
| @ -218,7 +218,7 @@ class HistoryController extends AbstractController | ||||
|     { | ||||
|         setlocale(LC_TIME, getstring("time.locale")); | ||||
| 
 | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
|         $user_id = $request->attributes->get('user_id', ''); | ||||
|         $page = array(); | ||||
| 
 | ||||
|  | ||||
| @ -34,7 +34,7 @@ class InvitationController extends AbstractController | ||||
|      */ | ||||
|     public function inviteAction(Request $request) | ||||
|     { | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
| 
 | ||||
|         // Get visitor ID from the request and check it
 | ||||
|         $visitor_id = $request->query->get('visitor'); | ||||
|  | ||||
| @ -17,7 +17,6 @@ | ||||
| 
 | ||||
| namespace Mibew\Controller; | ||||
| 
 | ||||
| use Mibew\EventDispatcher; | ||||
| use Symfony\Component\HttpFoundation\Request; | ||||
| 
 | ||||
| /** | ||||
| @ -34,7 +33,7 @@ class LoginController extends AbstractController | ||||
|     public function showFormAction(Request $request) | ||||
|     { | ||||
|         // Check if the operator already logged in
 | ||||
|         if ($request->attributes->get('_operator')) { | ||||
|         if ($this->getOperator()) { | ||||
|             // Redirect the operator to home page.
 | ||||
|             // TODO: Use a route for URI generation.
 | ||||
|             return $this->redirect($request->getUriForPath('/operator')); | ||||
| @ -93,28 +92,14 @@ class LoginController extends AbstractController | ||||
|             && !operator_is_disabled($operator); | ||||
| 
 | ||||
|         if ($operator_can_login) { | ||||
|             if ($remember) { | ||||
|                 $operator['remember_me'] = true; | ||||
|             } | ||||
| 
 | ||||
|             // Update operator in the request. Doing so we tell the
 | ||||
|             // Authentication manager that operator should be associated with
 | ||||
|             // the session.
 | ||||
|             $request->attributes->set('_operator', $operator); | ||||
|             // Login the operator to the system
 | ||||
|             $this->getAuthenticationManager()->loginOperator($operator, $remember); | ||||
| 
 | ||||
|             // Redirect the current operator to the needed page.
 | ||||
|             $target = isset($_SESSION['backpath']) | ||||
|                 ? $_SESSION['backpath'] | ||||
|                 : $request->getUriForPath('/operator'); | ||||
| 
 | ||||
|             // Trigger login event
 | ||||
|             $args = array( | ||||
|                 'operator' => $operator, | ||||
|                 'remember' => $remember, | ||||
|             ); | ||||
|             $dispatcher = EventDispatcher::getInstance(); | ||||
|             $dispatcher->triggerEvent('operatorLogin', $args); | ||||
| 
 | ||||
|             return $this->redirect($target); | ||||
|         } else { | ||||
|             if (operator_is_disabled($operator)) { | ||||
|  | ||||
| @ -17,7 +17,6 @@ | ||||
| 
 | ||||
| namespace Mibew\Controller; | ||||
| 
 | ||||
| use Mibew\EventDispatcher; | ||||
| use Symfony\Component\HttpFoundation\Request; | ||||
| 
 | ||||
| /** | ||||
| @ -35,13 +34,8 @@ class LogoutController extends AbstractController | ||||
|      */ | ||||
|     public function logoutAction(Request $request) | ||||
|     { | ||||
|         // Detach operator's object from the request. This should tells
 | ||||
|         // authentication manager that operator session should be closed.
 | ||||
|         $request->attributes->remove('_operator'); | ||||
| 
 | ||||
|         // Trigger logout event
 | ||||
|         $dispatcher = EventDispatcher::getInstance(); | ||||
|         $dispatcher->triggerEvent('operatorLogout'); | ||||
|         // Login the operator from the system
 | ||||
|         $this->getAuthenticationManager()->logoutOperator(); | ||||
| 
 | ||||
|         // Redirect the current operator to the login page.
 | ||||
|         return $this->redirect($this->generateUrl('login')); | ||||
|  | ||||
| @ -38,7 +38,7 @@ class AvatarController extends AbstractController | ||||
|     { | ||||
|         set_csrf_token(); | ||||
| 
 | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
|         $op_id = $request->attributes->get('operator_id'); | ||||
|         $page = array( | ||||
|             'opid' => $op_id, | ||||
| @ -84,7 +84,7 @@ class AvatarController extends AbstractController | ||||
|     { | ||||
|         csrf_check_token($request); | ||||
| 
 | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
|         $op_id = $request->attributes->getInt('operator_id'); | ||||
|         $errors = array(); | ||||
| 
 | ||||
| @ -140,11 +140,11 @@ class AvatarController extends AbstractController | ||||
|         // Update path to avatar in the database
 | ||||
|         update_operator_avatar($op['operatorid'], $avatar); | ||||
| 
 | ||||
|         // Operator's data are cached in the request thus we need to update them
 | ||||
|         // manually.
 | ||||
|         // Operator's data are cached in the authentication manager thus we need
 | ||||
|         // to update them manually.
 | ||||
|         if ($avatar && $operator['operatorid'] == $op_id) { | ||||
|             $operator['vcavatar'] = $avatar; | ||||
|             $request->attributes->set('_operator', $operator); | ||||
|             $this->getAuthenticationManager()->setOperator($operator); | ||||
|         } | ||||
| 
 | ||||
|         // Redirect the operator to the same page using GET method.
 | ||||
| @ -168,7 +168,7 @@ class AvatarController extends AbstractController | ||||
|     { | ||||
|         csrf_check_token($request); | ||||
| 
 | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
|         $op_id = $request->attributes->getInt('operator_id'); | ||||
| 
 | ||||
|         // Try to load the target operator.
 | ||||
|  | ||||
| @ -37,7 +37,7 @@ class GroupsController extends AbstractController | ||||
|     { | ||||
|         set_csrf_token(); | ||||
| 
 | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
|         $operator_in_isolation = in_isolation($operator); | ||||
|         $op_id = $request->attributes->getInt('operator_id'); | ||||
| 
 | ||||
| @ -104,7 +104,7 @@ class GroupsController extends AbstractController | ||||
|     { | ||||
|         csrf_check_token($request); | ||||
| 
 | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
|         $operator_in_isolation = in_isolation($operator); | ||||
|         $op_id = $request->attributes->getInt('operator_id'); | ||||
| 
 | ||||
|  | ||||
| @ -37,7 +37,7 @@ class ManagementController extends AbstractController | ||||
|         set_csrf_token(); | ||||
|         setlocale(LC_TIME, getstring('time.locale')); | ||||
| 
 | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
|         $page = array( | ||||
|             // Use errors list stored in the request. We need to do so to have
 | ||||
|             // an ability to pass the request from the "submitMembersForm" action.
 | ||||
| @ -104,7 +104,7 @@ class ManagementController extends AbstractController | ||||
|     { | ||||
|         csrf_check_token($request); | ||||
| 
 | ||||
|         $current_operator = $request->attributes->get('_operator'); | ||||
|         $current_operator = $this->getOperator(); | ||||
|         $operator_id = $request->attributes->getInt('operator_id'); | ||||
|         $errors = array(); | ||||
| 
 | ||||
| @ -145,7 +145,7 @@ class ManagementController extends AbstractController | ||||
|     { | ||||
|         csrf_check_token($request); | ||||
| 
 | ||||
|         $current_operator = $request->attributes->get('_operator'); | ||||
|         $current_operator = $this->getOperator(); | ||||
|         $operator_id = $request->attributes->getInt('operator_id'); | ||||
|         $errors = array(); | ||||
| 
 | ||||
|  | ||||
| @ -37,7 +37,7 @@ class PermissionsController extends AbstractController | ||||
|     { | ||||
|         set_csrf_token(); | ||||
| 
 | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
|         $op_id = $request->attributes->get('operator_id'); | ||||
| 
 | ||||
|         $page = array( | ||||
| @ -94,7 +94,7 @@ class PermissionsController extends AbstractController | ||||
|     { | ||||
|         csrf_check_token($request); | ||||
| 
 | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
|         $op_id = $request->attributes->getInt('operator_id'); | ||||
| 
 | ||||
|         // Check if the target operator exists
 | ||||
| @ -113,13 +113,13 @@ class PermissionsController extends AbstractController | ||||
|             } | ||||
|         } | ||||
| 
 | ||||
|         // Update operator's permissions in the database and in cached request
 | ||||
|         // data if it is needed.
 | ||||
|         // Update operator's permissions in the database and in cached
 | ||||
|         // authentication manager data if it is needed.
 | ||||
|         update_operator_permissions($op['operatorid'], $new_permissions); | ||||
| 
 | ||||
|         if ($operator['operatorid'] == $op_id) { | ||||
|             $operator['iperm'] = $new_permissions; | ||||
|             $request->attributes->set('_operator', $operator); | ||||
|             $this->getAuthenticationManager()->setOperator($operator); | ||||
|         } | ||||
| 
 | ||||
|         // Redirect the current operator to the same page using GET method.
 | ||||
|  | ||||
| @ -37,7 +37,7 @@ class ProfileController extends AbstractController | ||||
|     { | ||||
|         set_csrf_token(); | ||||
| 
 | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
|         $page = array( | ||||
|             'opid' => false, | ||||
|             // Use errors list stored in the request. We need to do so to have
 | ||||
| @ -116,7 +116,7 @@ class ProfileController extends AbstractController | ||||
|         csrf_check_token($request); | ||||
| 
 | ||||
|         $errors = array(); | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
|         $op_id = $request->attributes->getInt('operator_id'); | ||||
| 
 | ||||
|         if (is_capable(CAN_ADMINISTRATE, $operator)) { | ||||
| @ -206,15 +206,15 @@ class ProfileController extends AbstractController | ||||
|         // Update existing operator
 | ||||
|         update_operator($op_id, $login, $email, $password, $local_name, $common_name, $code); | ||||
| 
 | ||||
|         // Operator data are cached in the request, thus we need to manually
 | ||||
|         // update them.
 | ||||
|         // Operator data are cached in the authentication manager, thus we need
 | ||||
|         // to manually update them.
 | ||||
|         if (!empty($password) && $op_id == $operator['operatorid']) { | ||||
|             // Check if the admin has set his password for the first time.
 | ||||
|             $to_dashboard = check_password_hash($login, '', $operator['vcpassword']) && $password != ''; | ||||
| 
 | ||||
|             // Update operator's password.
 | ||||
|             $operator['vcpassword'] = calculate_password_hash($login, $password); | ||||
|             $request->attributes->set('_operator', $operator); | ||||
|             $this->getAuthenticationManager()->setOperator($operator); | ||||
| 
 | ||||
|             // Redirect the admin to the home page if needed.
 | ||||
|             if ($to_dashboard) { | ||||
|  | ||||
| @ -35,7 +35,7 @@ class PasswordRecoveryController extends AbstractController | ||||
|      */ | ||||
|     public function indexAction(Request $request) | ||||
|     { | ||||
|         if ($request->attributes->get('_operator')) { | ||||
|         if ($this->getOperator()) { | ||||
|             // If the operator is logged in just redirect him to the home page.
 | ||||
|             return $this->redirect($request->getUriForPath('/operator')); | ||||
|         } | ||||
|  | ||||
| @ -40,7 +40,7 @@ class CommonController extends AbstractController | ||||
|     { | ||||
|         set_csrf_token(); | ||||
| 
 | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
| 
 | ||||
|         $page = array( | ||||
|             'agentId' => '', | ||||
|  | ||||
| @ -36,7 +36,7 @@ class FeaturesController extends AbstractController | ||||
|     { | ||||
|         set_csrf_token(); | ||||
| 
 | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
|         $page = array( | ||||
|             'agentId' => '', | ||||
|             'errors' => array(), | ||||
|  | ||||
| @ -36,7 +36,7 @@ class PerformanceController extends AbstractController | ||||
|     { | ||||
|         set_csrf_token(); | ||||
| 
 | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
|         $page = array( | ||||
|             'agentId' => '', | ||||
|             // Use errors list stored in the request. We need to do so to have
 | ||||
|  | ||||
| @ -38,7 +38,7 @@ class StatisticsController extends AbstractController | ||||
|      */ | ||||
|     public function indexAction(Request $request) | ||||
|     { | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
|         $statistics_type = $request->attributes->get('type'); | ||||
|         setlocale(LC_TIME, getstring("time.locale")); | ||||
| 
 | ||||
|  | ||||
| @ -32,7 +32,7 @@ class TranslationController extends AbstractController | ||||
|      */ | ||||
|     public function indexAction(Request $request) | ||||
|     { | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
| 
 | ||||
|         $source = $request->query->get('source'); | ||||
|         if (!preg_match("/^[\w-]{2,5}$/", $source)) { | ||||
| @ -150,7 +150,7 @@ class TranslationController extends AbstractController | ||||
|     { | ||||
|         set_csrf_token(); | ||||
| 
 | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
|         $string_id = $request->attributes->get('string_id'); | ||||
| 
 | ||||
|         $source = $request->query->get('source'); | ||||
| @ -209,7 +209,7 @@ class TranslationController extends AbstractController | ||||
|     { | ||||
|         csrf_check_token($request); | ||||
| 
 | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
|         $string_id = $request->attributes->get('string_id'); | ||||
|         $errors = array(); | ||||
| 
 | ||||
|  | ||||
| @ -32,7 +32,7 @@ class UpdatesController extends AbstractController | ||||
|      */ | ||||
|     public function indexAction(Request $request) | ||||
|     { | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
|         $default_extensions = array('mysql', 'gd', 'iconv'); | ||||
| 
 | ||||
|         $page = array( | ||||
|  | ||||
| @ -35,7 +35,7 @@ class UsersController extends AbstractController | ||||
|      */ | ||||
|     public function indexAction(Request $request) | ||||
|     { | ||||
|         $operator = $request->attributes->get('_operator'); | ||||
|         $operator = $this->getOperator(); | ||||
|         $status = $request->query->has('away') ? 1 : 0; | ||||
| 
 | ||||
|         notify_operator_alive($operator['operatorid'], $status); | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user