hedera-web/vn/web/app.php

205 lines
4.6 KiB
PHP

<?php
namespace Vn\Web;
require_once ('vn/lib/app.php');
/**
* Main class for web applications.
*
* Format for $_REQUEST['srv'] variable:
* - [serviceName]:[requestDir]/[requestFile]
**/
class App extends \Vn\Lib\App
{
protected $conn = NULL;
private $allowedServices =
[
'html',
'rest',
'json'
];
function run ()
{
$this->init ();
$srv = empty ($_REQUEST['srv']) ? '' : $_REQUEST['srv'];
$explode = explode (':', $srv, 2);
if (count ($explode) > 0)
$_REQUEST['service'] = $explode[0];
if (count ($explode) > 1)
$_REQUEST['method'] = $explode[1];
$service = empty ($_REQUEST['service']) ? 'html' : $_REQUEST['service'];
if (in_array ($service, $this->allowedServices, TRUE))
{
$includeFile = __DIR__."/$service-service.php";
require_once ($includeFile);
$className = __NAMESPACE__ .'\\'. hyphenToCamelCase ($service, TRUE) .'Service';
$service = new $className ($this);
$service->run ();
}
else
http_response_code (400);
}
/**
* Gets the configuration file name associated to the current vhost
* or the default config file if isn't defined a file for the vhost.
**/
function getConfigFile ()
{
if (!empty ($_SERVER['SERVER_NAME'])
&& preg_match ('/^[\w\-\.]+$/', $_SERVER['SERVER_NAME']))
{
$hostSplit = explode ('.', $_SERVER['SERVER_NAME']);
$configDir = _CONFIG_DIR .'/'. $this->name;
$hostFile = $configDir .'/config.'. $hostSplit[0] .'.php';
}
if (isset ($hostFile) && file_exists ($hostFile))
return $hostFile;
else
return parent::getConfigFile ();
}
/**
* Tries to retrieve user credentials from many sources such as POST,
* SESSION or COOKIES. If $_POST['remember'] is defined the user credentials
* are saved on the client brownser for future logins, cookies names are
* 'vn_user' for the user name and 'vn_pass' for user password, the
* password is encoded using base64_encode() function and should be decoded
* using base64_decode().
*
* return Db\Conn The database connection
**/
function login ()
{
if ($this->conn)
return $this->conn;
$user = NULL;
$password = NULL;
$rememberUser = TRUE;
$rememberPass = FALSE;
$credentialsChanged = TRUE;
$wasLoged = isset ($_SESSION['user']);
if (isset ($_POST['guest']))
{
$sysConn = $this->getSysConn ();
$row = $sysConn->getRow (
'SELECT guest_user, guest_pass FROM config');
if ($row)
{
$user = $row['guest_user'];
$password = base64_decode ($row['guest_pass']);
$rememberUser = FALSE;
}
}
elseif (isset ($_POST['user']) && isset ($_POST['password']))
{
$user = $_POST['user'];
$password = $_POST['password'];
if (isset ($_POST['remember']) && $_POST['remember'])
$rememberPass = TRUE;
}
elseif (isset ($_SESSION['user']))
{
$user = $_SESSION['user'];
$password = $_SESSION['password'];
$credentialsChanged = FALSE;
}
elseif (isset ($_COOKIE['vn_user']) && isset ($_COOKIE['vn_pass']))
{
$user = $_COOKIE['vn_user'];
$password = base64_decode ($_COOKIE['vn_pass']);
$rememberPass = TRUE;
}
if (!isset ($user))
throw new SessionExpiredException ();
$user = strtolower ($user);
try {
$db = $this->createConnection ($user, $password);
$db->query ('CALL user_session_start (#)', [session_id ()]);
$this->conn = $db;
if ($rememberUser)
{
$cookieLife = time () + 7 * 86400; // 7 Days
setcookie ('vn_user', $user, $cookieLife);
if ($rememberPass)
setcookie ('vn_pass',
base64_encode ($password), $cookieLife);
}
$_SESSION['user'] = $user;
$_SESSION['password'] = $password;
}
catch (\Exception $e)
{
$this->conn = NULL;
throw new BadLoginException ();
}
// Registering the user access
if (!$wasLoged)
unset ($_SESSION['visitUser']);
if (isset ($_SESSION['access'])
&& !isset ($_SESSION['visitUser']))
{
$sysConn = $this->getSysConn ();
$_SESSION['visitUser'] = $sysConn->getValue (
'CALL visit_user_new (#, #, #)',
[
$_SESSION['access']
,nullIf ($_SESSION, 'visitUser')
,session_id ()
]
);
if (!isset ($_SESSION['visitUnknown']))
$_SESSION['visitUnknown'] = $_SESSION['visitUser'];
}
return $db;
}
/**
* Logouts the current user. Cleans the last saved used credentials.
**/
function logout ()
{
$_SESSION['visitUser'] = nullIf ($_SESSION, 'visitUnknown');
setcookie ('vn_pass', '', -1);
unset ($_COOKIE['vn_pass']);
unset ($_SESSION['user']);
unset ($_SESSION['password']);
if ($this->conn)
{
$this->conn->query (
'DELETE FROM user_session_view
WHERE connection_id = CONNECTION_ID()'
);
$this->conn->close ();
$this->conn = NULL;
}
}
}
?>