1: <?php
  2: 
  3: namespace Alpha\Controller;
  4: 
  5: use Alpha\Exception\ResourceNotFoundException;
  6: use Alpha\Exception\IllegalArguementException;
  7: use Alpha\View\Widget\Image;
  8: use Alpha\Util\Config\ConfigProvider;
  9: use Alpha\Util\Logging\Logger;
 10: use Alpha\Util\Http\Request;
 11: use Alpha\Util\Http\Response;
 12: use Alpha\Model\Type\Boolean;
 13: 
 14: /**
 15:  * Controller for viewing an image rendered with the Image widget.
 16:  *
 17:  * @since 1.0
 18:  *
 19:  * @author John Collins <dev@alphaframework.org>
 20:  * @license http://www.opensource.org/licenses/bsd-license.php The BSD License
 21:  * @copyright Copyright (c) 2015, John Collins (founder of Alpha Framework).
 22:  * All rights reserved.
 23:  *
 24:  * <pre>
 25:  * Redistribution and use in source and binary forms, with or
 26:  * without modification, are permitted provided that the
 27:  * following conditions are met:
 28:  *
 29:  * * Redistributions of source code must retain the above
 30:  *   copyright notice, this list of conditions and the
 31:  *   following disclaimer.
 32:  * * Redistributions in binary form must reproduce the above
 33:  *   copyright notice, this list of conditions and the
 34:  *   following disclaimer in the documentation and/or other
 35:  *   materials provided with the distribution.
 36:  * * Neither the name of the Alpha Framework nor the names
 37:  *   of its contributors may be used to endorse or promote
 38:  *   products derived from this software without specific
 39:  *   prior written permission.
 40:  *
 41:  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
 42:  * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
 43:  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 44:  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 45:  * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
 46:  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 47:  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 48:  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 49:  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 50:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 51:  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 52:  * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 53:  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 54:  * </pre>
 55:  */
 56: class ImageController extends Controller implements ControllerInterface
 57: {
 58:     /**
 59:      * Trace logger.
 60:      *
 61:      * @var Alpha\Util\Logging\Logger
 62:      *
 63:      * @since 1.0
 64:      */
 65:     private static $logger = null;
 66: 
 67:     /**
 68:      * Constructor.
 69:      *
 70:      * @param string $visibility The name of the rights group that can access this controller.
 71:      *
 72:      * @since 1.0
 73:      */
 74:     public function __construct($visibility = 'Public')
 75:     {
 76:         self::$logger = new Logger('ImageController');
 77:         self::$logger->debug('>>__construct()');
 78: 
 79:         // ensure that the super class constructor is called, indicating the rights group
 80:         parent::__construct($visibility);
 81: 
 82:         self::$logger->debug('<<__construct');
 83:     }
 84: 
 85:     /**
 86:      * Handles get requests.
 87:      *
 88:      * @param Alpha\Util\Http\Request $request
 89:      *
 90:      * @return Alpha\Util\Http\Response
 91:      *
 92:      * @since 1.0
 93:      *
 94:      * @throws Alpha\Exception\ResourceNotFoundException
 95:      * @throws Alpha\Exception\ResourceNotAllowedException
 96:      */
 97:     public function doGet($request)
 98:     {
 99:         self::$logger->debug('>>doGet(request=['.var_export($request, true).'])');
100: 
101:         $config = ConfigProvider::getInstance();
102: 
103:         $params = $request->getParams();
104: 
105:         try {
106:             $imgSource = urldecode($params['source']);
107:             $imgWidth = $params['width'];
108:             $imgHeight = $params['height'];
109:             $imgType = $params['type'];
110:             $imgQuality = (double) $params['quality'];
111:             $imgScale = new Boolean($params['scale']);
112:             $imgSecure = new Boolean($params['secure']);
113:         } catch (\Exception $e) {
114:             self::$logger->error('Required param missing for ImageController controller['.$e->getMessage().']');
115:             throw new ResourceNotFoundException('File not found');
116:         }
117: 
118:         $modified = filemtime($imgSource);
119: 
120:         $responseHeaders = array();
121: 
122:         $responseHeaders['Last-Modified'] = date('D, d M Y H:i:s', $modified).' GMT';
123:         $responseHeaders['Cache-Control'] = 'max-age=1800';
124: 
125:         // exit if not modified
126:         if ($request->getHeader('If-Modified-Since') != null) {
127:             if (strtotime($request->getHeader('If-Modified-Since')) == $modified) {
128:                 return new Response(304, '', $responseHeaders);
129:             }
130:         }
131: 
132:         // handle secure tokens
133:         if ($imgSecure->getBooleanValue() && $config->get('cms.images.widget.secure')) {
134:             $valid = $this->checkSecurityFields();
135: 
136:             // if not valid, just return a blank black image of the same dimensions
137:             if (!$valid) {
138:                 $im = imagecreatetruecolor($imgWidth, $imgHeight);
139:                 $bgc = imagecolorallocate($im, 0, 0, 0);
140:                 imagefilledrectangle($im, 0, 0, $imgWidth, $imgHeight, $bgc);
141: 
142:                 if ($imgSource == 'png' && $config->get('cms.images.perserve.png')) {
143:                     ob_start();
144:                     imagepng($im);
145:                     $body = ob_get_contents();
146:                     $contentType = 'image/png';
147:                     ob_end_clean();
148:                 } else {
149:                     ob_start();
150:                     imagejpeg($im);
151:                     $body = ob_get_contents();
152:                     $contentType = 'image/jpeg';
153:                     ob_end_clean();
154:                 }
155: 
156:                 imagedestroy($im);
157: 
158:                 self::$logger->warn('The client ['.$request->getUserAgent().'] was blocked from accessing the file ['.$imgSource.'] due to bad security tokens being provided');
159: 
160:                 $responseHeaders['Content-Type'] = $contentType;
161: 
162:                 return new Response(200, $body, $responseHeaders);
163:             }
164:         }
165: 
166:         try {
167:             $image = new Image($imgSource, $imgWidth, $imgHeight, $imgType, $imgQuality, $imgScale->getBooleanValue(), $imgSecure->getBooleanValue());
168:             ob_start();
169:             $image->renderImage();
170:             $body = ob_get_contents();
171:             ob_end_clean();
172:         } catch (IllegalArguementException $e) {
173:             self::$logger->error($e->getMessage());
174:             throw new ResourceNotFoundException('File not found');
175:         }
176: 
177:         self::$logger->debug('<<__doGet');
178: 
179:         if ($imgSource == 'png' && $config->get('cms.images.perserve.png')) {
180:             $responseHeaders['Content-Type'] = 'image/png';
181:         } else {
182:             $responseHeaders['Content-Type'] = 'image/jpeg';
183:         }
184: 
185:         return new Response(200, $body, $responseHeaders);
186:     }
187: }
188: