forked from verdnatura/hedera-web
359 lines
8.1 KiB
PHP
Executable File
359 lines
8.1 KiB
PHP
Executable File
<?php
|
|
|
|
namespace Vn\Web;
|
|
|
|
use Vn\Db;
|
|
use Vn\Lib\Locale;
|
|
use Vn\Lib\UserException;
|
|
|
|
const MIN = 60;
|
|
const HOUR = 60 * MIN;
|
|
const DAY = 24 * HOUR;
|
|
const WEEK = 7 * DAY;
|
|
|
|
/**
|
|
* Thrown when user credentials could not be fetched.
|
|
**/
|
|
class SessionExpiredException extends UserException {}
|
|
|
|
/**
|
|
* Thrown when user credentials are invalid.
|
|
**/
|
|
class BadLoginException extends UserException {}
|
|
|
|
/**
|
|
* Thrown when client version is outdated.
|
|
**/
|
|
class OutdatedVersionException extends UserException {}
|
|
|
|
/**
|
|
* Main class for web applications.
|
|
**/
|
|
abstract class Service
|
|
{
|
|
protected $app;
|
|
protected $db;
|
|
protected $userDb = NULL;
|
|
|
|
function __construct ($app)
|
|
{
|
|
$this->app = $app;
|
|
$this->db = $app->getSysConn ();
|
|
}
|
|
|
|
/**
|
|
* Starts the user session.
|
|
**/
|
|
function startSession ()
|
|
{
|
|
$db = $this->db;
|
|
|
|
ini_set ('session.cookie_secure', $this->isHttps ());
|
|
ini_set ('session.hash_function', 'sha256');
|
|
|
|
session_set_save_handler (new DbSessionHandler ($db));
|
|
session_start ();
|
|
|
|
// Setting the locale
|
|
|
|
if (isset ($_SERVER['HTTP_ACCEPT_LANGUAGE']))
|
|
if (!isset ($_SESSION['httpLanguage'])
|
|
|| $_SESSION['httpLanguage'] != $_SERVER['HTTP_ACCEPT_LANGUAGE'])
|
|
{
|
|
$_SESSION['httpLanguage'] = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
|
|
$regexp = '/([a-z]{1,4})(?:-[a-z]{1,4})?\s*(?:;\s*q\s*=\s*(?:1|0\.[0-9]+))?,?/i';
|
|
|
|
preg_match_all ($regexp, $_SERVER['HTTP_ACCEPT_LANGUAGE'], $languages);
|
|
|
|
foreach ($languages[1] as $lang)
|
|
if (TRUE || stream_resolve_include_path ("locale/$lang"))
|
|
{
|
|
$_SESSION['lang'] = $lang;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (!isset ($_SESSION['lang']))
|
|
$_SESSION['lang'] = NULL;
|
|
|
|
Locale::set ($_SESSION['lang']);
|
|
Locale::addPath ('vn/web');
|
|
|
|
// Registering the visit
|
|
|
|
if (isset ($_COOKIE['PHPSESSID'])
|
|
|| isset ($_SESSION['access'])
|
|
|| isset ($_SESSION['skipVisit']))
|
|
return;
|
|
|
|
$agent = $_SERVER['HTTP_USER_AGENT'];
|
|
$browser = get_browser ($agent, TRUE);
|
|
|
|
if (!empty ($browser['crawler']))
|
|
{
|
|
$_SESSION['skipVisit'] = TRUE;
|
|
return;
|
|
}
|
|
|
|
if (isset ($_SERVER['REMOTE_ADDR']))
|
|
$ip = ip2long ($_SERVER['REMOTE_ADDR']);
|
|
|
|
$row = $db->getRow (
|
|
'CALL visitRegister (#, #, #, #, #, #, #, #, #)',
|
|
[
|
|
nullIf ($_COOKIE, 'vnVisit')
|
|
,nullIf ($browser, 'platform')
|
|
,nullIf ($browser, 'browser')
|
|
,nullIf ($browser, 'version')
|
|
,nullIf ($browser, 'javascript')
|
|
,nullIf ($browser, 'cookies')
|
|
,isset ($agent) ? $agent : NULL
|
|
,isset ($ip) && $ip ? $ip : NULL
|
|
,nullIf ($_SERVER, 'HTTP_REFERER')
|
|
]
|
|
);
|
|
|
|
if (isset ($row['access']))
|
|
{
|
|
setcookie ('vnVisit', $row['visit'], time () + 31536000); // 1 Year
|
|
$_SESSION['access'] = $row['access'];
|
|
}
|
|
else
|
|
$_SESSION['skipVisit'] = TRUE;
|
|
}
|
|
|
|
/**
|
|
* Tries to retrieve user credentials from many sources such as POST,
|
|
* SESSION or COOKIES. If $_POST['remember'] is defined the user credentials
|
|
* are saved on the client brownser for future logins, cookies names are
|
|
* 'vn_user' for the user name and 'vn_pass' for user password, the
|
|
* password is encoded using base64_encode() function and should be decoded
|
|
* using base64_decode().
|
|
*
|
|
* return Db\Conn The database connection
|
|
**/
|
|
function login ()
|
|
{
|
|
$db = $this->db;
|
|
$anonymousUser = FALSE;
|
|
|
|
if (isset ($_POST['user']) && isset ($_POST['password']))
|
|
{
|
|
$user = strtolower ($_POST['user']);
|
|
|
|
try {
|
|
$db->query ('CALL account.userLogin (#, #)',
|
|
[$user, $_POST['password']]);
|
|
}
|
|
catch (Db\Exception $e)
|
|
{
|
|
if ($e->getMessage () == 'INVALID_CREDENTIALS')
|
|
throw new BadLoginException ();
|
|
else
|
|
throw $e;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if (isset ($_POST['token']) || isset ($_GET['token']))
|
|
{
|
|
if (isset ($_POST['token']))
|
|
$token = $_POST['token'];
|
|
if (isset ($_GET['token']))
|
|
$token = $_GET['token'];
|
|
|
|
$key = $db->getValue ('SELECT jwtKey FROM config');
|
|
|
|
try {
|
|
$jwtPayload = Jwt::decode ($token, $key);
|
|
}
|
|
catch (\Exception $e)
|
|
{
|
|
throw new BadLoginException ($e->getMessage ());
|
|
}
|
|
|
|
$expiration = $jwtPayload['exp'];
|
|
|
|
if (empty ($expiration) || $expiration <= time())
|
|
throw new SessionExpiredException ();
|
|
|
|
$user = $jwtPayload['sub'];
|
|
|
|
if (!empty ($jwtPayload['recover']))
|
|
$db->query (
|
|
'UPDATE account.user SET recoverPass = TRUE
|
|
WHERE name = #',
|
|
[$user]
|
|
);
|
|
}
|
|
else
|
|
{
|
|
$user = $db->getValue ('SELECT guest_user FROM config');
|
|
$anonymousUser = TRUE;
|
|
}
|
|
|
|
$db->query ('CALL account.userLoginWithName (#)', [$user]);
|
|
}
|
|
|
|
$userChanged = !$anonymousUser
|
|
&& (empty ($_SESSION['user']) || $_SESSION['user'] != $user);
|
|
|
|
$_SESSION['user'] = $user;
|
|
|
|
// Registering the user access
|
|
|
|
if (isset ($_SESSION['access']) && $userChanged)
|
|
$db->query (
|
|
'CALL visitUserNew (#, #)',
|
|
[$_SESSION['access'], session_id ()]
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Logouts the current user. Cleans the last saved used credentials.
|
|
**/
|
|
function logout ()
|
|
{
|
|
unset ($_SESSION['user']);
|
|
}
|
|
|
|
/**
|
|
* Creates or returns a database connection where the authenticated user
|
|
* is the current logged user.
|
|
*
|
|
* @return {Db\Conn} The database connection
|
|
**/
|
|
function getUserDb ($user)
|
|
{
|
|
if ($this->userDb)
|
|
return $this->userDb;
|
|
|
|
$password = $this->db->getValue (
|
|
'SELECT password FROM account.user WHERE name = #', [$user]);
|
|
return $this->userDb = $this->app->createConnection ($user, $password);
|
|
}
|
|
|
|
/**
|
|
* Generates a JWT authentication token for the specified $user.
|
|
*
|
|
* @param {string} $user The user name
|
|
* @param {boolean} $remember Wether to create long live token
|
|
* @param {boolean} $recover Wether to enable recovery mode on login
|
|
* @return {string} The JWT generated token
|
|
**/
|
|
function createToken ($user, $remember = FALSE, $recover = FALSE)
|
|
{
|
|
if ($remember)
|
|
$tokenLife = WEEK;
|
|
else
|
|
$tokenLife = 30 * MIN;
|
|
|
|
$payload = [
|
|
'sub' => $user,
|
|
'exp' => time () + $tokenLife
|
|
];
|
|
|
|
if ($recover)
|
|
$payload['recover'] = 'TRUE';
|
|
|
|
$key = $this->db->getValue ('SELECT jwtKey FROM config');
|
|
return Jwt::encode ($payload, $key);
|
|
}
|
|
|
|
/**
|
|
* Runs a method.
|
|
**/
|
|
function loadMethod ($class)
|
|
{
|
|
$db = $this->db;
|
|
$this->login ();
|
|
|
|
$method = $this->app->loadMethod (
|
|
$_REQUEST['method'], $class, './rest');
|
|
$method->service = $this;
|
|
|
|
if ($method::SECURITY == Security::DEFINER)
|
|
{
|
|
$isAuthorized = $db->getValue ('SELECT userCheckRestPriv (#)',
|
|
[$_REQUEST['method']]);
|
|
|
|
if (!$isAuthorized)
|
|
throw new UserException (s('You don\'t have enough privileges'));
|
|
|
|
$methodDb = $db;
|
|
}
|
|
else
|
|
$methodDb = $this->getUserDb ($_SESSION['user']);
|
|
|
|
if ($method::PARAMS !== NULL && !$method->checkParams ($_REQUEST, $method::PARAMS))
|
|
throw new UserException (s('Missing parameters'));
|
|
|
|
Locale::addPath ('rest/'. dirname ($_REQUEST['method']));
|
|
|
|
$res = NULL;
|
|
|
|
try {
|
|
$res = $method->run ($methodDb);
|
|
}
|
|
catch (Db\Exception $e)
|
|
{
|
|
if ($e->getCode () == 1644)
|
|
throw new UserException (s($e->getMessage ()));
|
|
}
|
|
|
|
$db->query ('CALL account.userLogout ()');
|
|
|
|
return $res;
|
|
}
|
|
|
|
/**
|
|
* Checks if the HTTP connection is secure.
|
|
*
|
|
* @return boolean Return %TRUE if its secure, %FALSE otherwise
|
|
**/
|
|
function isHttps ()
|
|
{
|
|
return isset ($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on';
|
|
}
|
|
|
|
/**
|
|
* Returns the current URL without the GET part.
|
|
*
|
|
* @return string The current URL
|
|
**/
|
|
function getUrl ()
|
|
{
|
|
$proto = $this->isHttps () ? 'https' : 'http';
|
|
return "$proto://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}";
|
|
}
|
|
|
|
/**
|
|
* Obtains the application version number. It is based on de last
|
|
* modification date of the main script.
|
|
*
|
|
* @return string The version number
|
|
**/
|
|
function getVersion ()
|
|
{
|
|
return (int) strftime ('%G%m%d%H%M%S',
|
|
filectime ($_SERVER['SCRIPT_FILENAME']));
|
|
}
|
|
|
|
/**
|
|
* Obtains the relative path to document root from an absolute path.
|
|
*
|
|
* @return string The relative path
|
|
**/
|
|
function getDir ($absoluteDir)
|
|
{
|
|
error_log ("Absolute: $absoluteDir");
|
|
error_log ("Root: {$_SERVER['DOCUMENT_ROOT']}");
|
|
error_log ("Script: {$_SERVER['SCRIPT_FILENAME']}");
|
|
error_log ("Self: {$_SERVER['PHP_SELF']}");
|
|
|
|
$rootLen = strlen ($_SERVER['DOCUMENT_ROOT']);
|
|
return substr ($absoluteDir, $rootLen);
|
|
}
|
|
}
|
|
|