forked from verdnatura/hedera-web
292 lines
6.6 KiB
PHP
Executable File
292 lines
6.6 KiB
PHP
Executable File
<?php
|
|
|
|
namespace Vn\Web;
|
|
|
|
require_once ('vn/lib/app.php');
|
|
require_once ('vn/lib/util.php');
|
|
|
|
use Vn\Lib;
|
|
use Vn\Lib\Locale;
|
|
use Vn\Db\Conn;
|
|
|
|
/**
|
|
* Thrown when user credentials could not be fetched.
|
|
**/
|
|
class SessionExpiredException extends \Exception {}
|
|
|
|
/**
|
|
* Thrown when user credentials are invalid.
|
|
**/
|
|
class BadLoginException extends \Exception {}
|
|
|
|
/**
|
|
* Thrown when client version is outdated.
|
|
**/
|
|
class OutdatedVersionException extends \Exception {}
|
|
|
|
/**
|
|
* Main class for web applications.
|
|
**/
|
|
abstract class App extends Lib\App
|
|
{
|
|
/**
|
|
* Starts the user session.
|
|
**/
|
|
function startSession ()
|
|
{
|
|
if ($this->isHttps ())
|
|
ini_set ('session.cookie_secure', TRUE);
|
|
|
|
session_start ();
|
|
|
|
// Setting the locale
|
|
|
|
if (isset ($_SERVER['HTTP_ACCEPT_LANGUAGE']))
|
|
if (!isset ($_SESSION['http_language'])
|
|
|| $_SESSION['http_language'] != $_SERVER['HTTP_ACCEPT_LANGUAGE'])
|
|
{
|
|
$_SESSION['http_language'] = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
|
|
$regexp = '/([a-z]{1,4})(?:-[a-z]{1,4})?\s*(?:;\s*q\s*=\s*(?:1|0\.[0-9]+))?,?/i';
|
|
|
|
preg_match_all ($regexp, $_SERVER['HTTP_ACCEPT_LANGUAGE'], $languages);
|
|
|
|
foreach ($languages[1] as $lang)
|
|
if (stream_resolve_include_path ("locale/$lang"))
|
|
{
|
|
$_SESSION['lang'] = $lang;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (!isset ($_SESSION['lang']))
|
|
$_SESSION['lang'] = NULL;
|
|
|
|
Locale::set ($_SESSION['lang']);
|
|
|
|
// Registering the visit
|
|
|
|
if (!isset ($_COOKIE['PHPSESSID'])
|
|
|| isset ($_SESSION['access'])
|
|
|| isset ($_SESSION['skipVisit']))
|
|
return;
|
|
|
|
$agent = $_SERVER['HTTP_USER_AGENT'];
|
|
$browser = get_browser ($agent, TRUE);
|
|
|
|
if (isset ($browser['crawler']) && $browser['crawler'])
|
|
{
|
|
$_SESSION['skipVisit'] = TRUE;
|
|
return;
|
|
}
|
|
|
|
if (isset ($_SERVER['REMOTE_ADDR']))
|
|
$ip = ip2long ($_SERVER['REMOTE_ADDR']);
|
|
|
|
$sysConn = $this->getSysConn ();
|
|
$row = $sysConn->getRow (
|
|
'CALL visit_register (#, #, #, #, #, #, #, #, #)',
|
|
[
|
|
nullIf ($_COOKIE, 'vn_visit')
|
|
,nullIf ($browser, 'platform')
|
|
,nullIf ($browser, 'browser')
|
|
,nullIf ($browser, 'version')
|
|
,nullIf ($browser, 'javascript')
|
|
,nullIf ($browser, 'cookies')
|
|
,isset ($agent) ? $agent : NULL
|
|
,isset ($ip) && $ip ? $ip : NULL
|
|
,nullIf ($_SERVER, 'HTTP_REFERER')
|
|
]
|
|
);
|
|
|
|
if (isset ($row['access']))
|
|
{
|
|
setcookie ('vn_visit', $row['visit'], time () + 31536000); // 1 Year
|
|
$_SESSION['access'] = $row['access'];
|
|
}
|
|
else
|
|
$_SESSION['skipVisit'] = TRUE;
|
|
}
|
|
|
|
/**
|
|
* Checks if the HTTP connection is secure.
|
|
*
|
|
* @return boolean Return %TRUE if its secure, %FALSE otherwise
|
|
**/
|
|
function isHttps ()
|
|
{
|
|
return isset ($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on';
|
|
}
|
|
|
|
/**
|
|
* Obtains the application version number. It is based on de last
|
|
* modification date of the main script.
|
|
**/
|
|
function getVersion ()
|
|
{
|
|
return (int) strftime ('%G%m%d%H%M%S',
|
|
filectime ($_SERVER['SCRIPT_FILENAME']));
|
|
}
|
|
|
|
/**
|
|
* Gets the configuration file name.
|
|
**/
|
|
function getConfigFile ()
|
|
{
|
|
if (!empty ($_SERVER['SERVER_NAME'])
|
|
&& preg_match ('/^[\w\-\.]+$/', $_SERVER['SERVER_NAME']))
|
|
{
|
|
$hostSplit = explode ('.', $_SERVER['SERVER_NAME']);
|
|
$configDir = _CONFIG_DIR .'/'. $this->name;
|
|
$hostFile = $configDir .'/config.'. $hostSplit[0] .'.php';
|
|
}
|
|
|
|
if (isset ($hostFile) && file_exists ($hostFile))
|
|
return $hostFile;
|
|
else
|
|
return parent::getConfigFile ();
|
|
}
|
|
|
|
/**
|
|
* Tries to retrieve user credentials from many sources such as POST,
|
|
* SESSION or COOKIES. If $_POST['remember'] is defined the user credentials
|
|
* are saved on the client brownser for future logins, cookies names are
|
|
* 'vn_user' for the user name and 'vn_pass' for user password, the
|
|
* password is encoded using base64_encode() function and should be decoded
|
|
* using base64_decode().
|
|
**/
|
|
function login ()
|
|
{
|
|
if ($this->conn)
|
|
return $this->conn;
|
|
|
|
$user = NULL;
|
|
$password = NULL;
|
|
$rememberUser = TRUE;
|
|
$rememberPass = FALSE;
|
|
$credentialsChanged = TRUE;
|
|
$wasLoged = isset ($_SESSION['user']);
|
|
|
|
if (isset ($_POST['guest']))
|
|
{
|
|
$sysConn = $this->getSysConn ();
|
|
$row = $sysConn->getRow (
|
|
'SELECT guest_user, guest_pass FROM config');
|
|
|
|
if ($row)
|
|
{
|
|
$user = $row['guest_user'];
|
|
$password = base64_decode ($row['guest_pass']);
|
|
$rememberUser = FALSE;
|
|
}
|
|
}
|
|
elseif (isset ($_POST['user']) && isset ($_POST['password']))
|
|
{
|
|
$user = $_POST['user'];
|
|
$password = $_POST['password'];
|
|
|
|
if (isset ($_POST['remember']) && $_POST['remember'])
|
|
$rememberPass = TRUE;
|
|
}
|
|
elseif (isset ($_SESSION['user']))
|
|
{
|
|
$user = $_SESSION['user'];
|
|
$password = $_SESSION['password'];
|
|
$credentialsChanged = FALSE;
|
|
}
|
|
elseif (isset ($_COOKIE['vn_user']) && isset ($_COOKIE['vn_pass']))
|
|
{
|
|
$user = $_COOKIE['vn_user'];
|
|
$password = base64_decode ($_COOKIE['vn_pass']);
|
|
$rememberPass = TRUE;
|
|
}
|
|
|
|
if (!isset ($user))
|
|
throw new SessionExpiredException ();
|
|
|
|
try {
|
|
$db = $this->createConnection ($user, $password);
|
|
$db->query ('CALL user_session_start (#)', [session_id ()]);
|
|
$this->conn = $db;
|
|
|
|
if ($rememberUser)
|
|
{
|
|
$cookieLife = time () + 7 * 86400; // 7 Days
|
|
setcookie ('vn_user', $user, $cookieLife);
|
|
|
|
if ($rememberPass)
|
|
setcookie ('vn_pass',
|
|
base64_encode ($password), $cookieLife);
|
|
}
|
|
|
|
$_SESSION['user'] = $user;
|
|
$_SESSION['password'] = $password;
|
|
}
|
|
catch (\Exception $e)
|
|
{
|
|
$this->conn = NULL;
|
|
throw new BadLoginException ();
|
|
}
|
|
|
|
// Registering the user access
|
|
|
|
if (!$wasLoged)
|
|
unset ($_SESSION['visitUser']);
|
|
|
|
if (isset ($_SESSION['access'])
|
|
&& !isset ($_SESSION['visitUser']))
|
|
{
|
|
$sysConn = $this->getSysConn ();
|
|
$_SESSION['visitUser'] = $sysConn->getValue (
|
|
'CALL visit_user_new (#, #, #)',
|
|
[
|
|
$_SESSION['access']
|
|
,nullIf ($_SESSION, 'visitUser')
|
|
,session_id ()
|
|
]
|
|
);
|
|
|
|
if (!isset ($_SESSION['visitUnknown']))
|
|
$_SESSION['visitUnknown'] = $_SESSION['visitUser'];
|
|
}
|
|
|
|
return $db;
|
|
}
|
|
|
|
/**
|
|
* Cleans the last saved used credentials.
|
|
**/
|
|
function logout ()
|
|
{
|
|
$_SESSION['visitUser'] = nullIf ($_SESSION, 'visitUnknown');
|
|
|
|
setcookie ('vn_pass', '', -1);
|
|
unset ($_COOKIE['vn_pass']);
|
|
unset ($_SESSION['user']);
|
|
unset ($_SESSION['password']);
|
|
|
|
if ($this->conn)
|
|
{
|
|
$this->conn->query (
|
|
'DELETE FROM user_session_view '
|
|
.'WHERE connection_id = CONNECTION_ID()'
|
|
);
|
|
$this->conn->close ();
|
|
$this->conn = NULL;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Deinitializes the Application. When init method is called, this
|
|
* function is called automatically at the end of the script .
|
|
**/
|
|
function deinit ()
|
|
{
|
|
if ($this->conn)
|
|
$this->conn->query ('CALL user_session_end ()');
|
|
|
|
parent::deinit ();
|
|
}
|
|
}
|
|
|
|
?>
|