1: <?php
2:
3: // include the config file
4: if(!isset($config)) {
5: require_once '../util/AlphaConfig.inc';
6: $config = AlphaConfig::getInstance();
7:
8: require_once $config->get('app.root').'alpha/util/AlphaAutoLoader.inc';
9: }
10:
11: /**
12: *
13: * Controller used to generate secure URLs from the query strings provided
14: *
15: * @package alpha::controller
16: * @since 1.0
17: * @author John Collins <dev@alphaframework.org>
18: * @version $Id: GenSecureQueryStrings.php 1667 2013-09-12 20:21:40Z alphadevx $
19: * @license http://www.opensource.org/licenses/bsd-license.php The BSD License
20: * @copyright Copyright (c) 2013, John Collins (founder of Alpha Framework).
21: * All rights reserved.
22: *
23: * <pre>
24: * Redistribution and use in source and binary forms, with or
25: * without modification, are permitted provided that the
26: * following conditions are met:
27: *
28: * * Redistributions of source code must retain the above
29: * copyright notice, this list of conditions and the
30: * following disclaimer.
31: * * Redistributions in binary form must reproduce the above
32: * copyright notice, this list of conditions and the
33: * following disclaimer in the documentation and/or other
34: * materials provided with the distribution.
35: * * Neither the name of the Alpha Framework nor the names
36: * of its contributors may be used to endorse or promote
37: * products derived from this software without specific
38: * prior written permission.
39: *
40: * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
41: * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
42: * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
43: * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
44: * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
45: * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
46: * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
47: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
48: * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
49: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
50: * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
51: * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
52: * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
53: * </pre>
54: *
55: */
56: class GenSecureQueryStrings extends AlphaController implements AlphaControllerInterface {
57: /**
58: * Trace logger
59: *
60: * @var Logger
61: * @since 1.0
62: */
63: private static $logger = null;
64:
65: /**
66: * Constructor
67: *
68: * @since 1.0
69: */
70: public function __construct() {
71: self::$logger = new Logger('CacheManager');
72: self::$logger->debug('>>__construct()');
73:
74: global $config;
75:
76: // ensure that the super class constructor is called, indicating the rights group
77: parent::__construct('Admin');
78:
79: $this->setTitle('Generate Secure Query Strings');
80:
81: self::$logger->debug('<<__construct');
82: }
83:
84: /**
85: * Handle GET requests
86: *
87: * @param array $params
88: * @since 1.0
89: */
90: public function doGET($params) {
91: self::$logger->debug('>>doGET($params=['.var_export($params, true).'])');
92:
93: echo AlphaView::displayPageHead($this);
94:
95: echo $this->renderForm();
96:
97: echo AlphaView::displayPageFoot($this);
98:
99: self::$logger->debug('<<doGET');
100: }
101:
102: /**
103: * Handle POST requests
104: *
105: * @param array $params
106: * @since 1.0
107: */
108: public function doPOST($params) {
109: self::$logger->debug('>>doPOST($params=['.var_export($params, true).'])');
110:
111: global $config;
112:
113: echo AlphaView::displayPageHead($this);
114:
115: echo '<p style="width:90%; overflow:scroll;">';
116: if(isset($params['QS'])) {
117: echo FrontController::generateSecureURL($params['QS']);
118: self::$logger->action('Generated the secure URL in admin: '.FrontController::generateSecureURL($params['QS']));
119: }
120: echo '</p>';
121:
122: echo $this->renderForm();
123:
124: echo AlphaView::displayPageFoot($this);
125:
126: self::$logger->debug('<<doPOST');
127: }
128:
129: /**
130: * Renders the HTML form for generating secure URLs
131: *
132: * @return string
133: * @since 1.0
134: */
135: private function renderForm() {
136: global $config;
137:
138: $html = '<p>Use this form to generate secure (encrypted) URLs which make use of the Front Controller. Always be sure to specify an action controller'.
139: ' (act) at a minimum.</p>';
140: $html .= '<p>Example 1: to generate a secure URL for viewing article object 00000000001, enter <em>act=ViewArticle&oid=00000000001</em></p>';
141: $html .= '<p>Example 2: to generate a secure URL for viewing an Atom news feed of the articles, enter'.
142: ' <em>act=ViewFeed&bo=ArticleObject&type=Atom</em</p>';
143:
144: $html .= '<form action="'.$_SERVER['REQUEST_URI'].'" method="post">';
145: $html .= '<input type="text" name="QS" size="100"/>';
146: $fieldname = ($config->get('security.encrypt.http.fieldnames') ? base64_encode(AlphaSecurityUtils::encrypt('saveBut')) : 'saveBut');
147: $temp = new Button('submit', 'Generate', $fieldname);
148: $html .= $temp->render();
149: $html .= '</form>';
150:
151: return $html;
152: }
153:
154: /**
155: * Use this callback to inject in the admin menu template fragment
156: *
157: * @since 1.2
158: */
159: public function after_displayPageHead_callback() {
160: $menu = AlphaView::loadTemplateFragment('html', 'adminmenu.phtml', array());
161:
162: return $menu;
163: }
164: }
165:
166: // now build the new controller if this file is called directly
167: if ('GenSecureQueryStrings.php' == basename($_SERVER['PHP_SELF'])) {
168: $controller = new GenSecureQueryStrings();
169:
170: if(!empty($_POST)) {
171: $controller->doPOST($_QUERY);
172: }else{
173: $controller->doGET($_GET);
174: }
175: }
176:
177: ?>