opensupports/server/libs/Controller.php

<?php
require_once 'libs/Validator.php';
require_once 'models/Session.php';

use RedBeanPHP\Facade as RedBean;

abstract class Controller {
    private static $dataRequester;

    /**
     * Instance-related stuff
    */
    abstract public function handler();
    abstract public function validations();

    public function getHandler() {
        return function () {
            try {
                if(RedBean::testConnection() && !Setting::isTableEmpty()) {
                    Session::getInstance()->setSessionPrefix(Setting::getSetting('session-prefix')->getValue());
                }
                $this->validate();
                $this->handler();
            } catch (\Exception $exception) {
                Response::respondError($exception->getMessage());
                return;
            }
        };
    }

    public function validate() {
        $validator = new Validator();

        $validator->validate($this->validations());
    }

    public static function init() {
        self::$dataRequester = function ($key) {
            $app = self::getAppInstance();

            if (Controller::getAppInstance()->request()->isGet()) {
                $value = $app->request()->get($key);
            } else {
                $value = $app->request()->post($key);
            }

            return $value;
        };
    }

    public static function setDataRequester($dataRequester) {
        self::$dataRequester = $dataRequester;
    }

    public static function request($key, $secure = false) {
        $result = call_user_func(self::$dataRequester, $key);

        if($key === 'email' || $key === 'newEmail') {
            return strtolower($result);
        }

        if($secure) {
            $config = HTMLPurifier_Config::createDefault();
            $purifier = new HTMLPurifier($config);
            return $purifier->purify($result);
        } else {
            return $result;
        }
    }

    public static function getLoggedUser() {
        $session = Session::getInstance();

        if ($session->isStaffLogged()) {
            return Staff::getUser($session->getUserId());
        } else {
            return User::getUser($session->getUserId());
        }
    }

    public static function isUserLogged() {
        $session = Session::getInstance();

        return $session->checkAuthentication(array(
            'userId' => Controller::request('csrf_userid'),
            'token' => Controller::request('csrf_token')
        ));
    }

    public static function isStaffLogged($level = 1) {
        return Controller::isUserLogged() && (Controller::getLoggedUser()->level >= $level);
    }

    public static function getAppInstance() {
        return \Slim\Slim::getInstance();
    }

    public function uploadImages() {
        $allowAttachments = Setting::getSetting('allow-attachments')->getValue();
        $totalImages = Controller::request('images') * 1;

        if(!$totalImages || (!$allowAttachments && !$forceUpload)) return '';

        $maxSize = Setting::getSetting('max-size')->getValue();
        $fileGap = Setting::getSetting('file-gap')->getValue();
        $fileFirst = Setting::getSetting('file-first-number')->getValue();
        $fileQuantity = Setting::getSetting('file-quantity');

        $fileUploader = FileUploader::getInstance();
        $fileUploader->setMaxSize($maxSize);

        $imagePaths = [];
        $url = Setting::getSetting('url')->getValue();
        for($i=0;$i<$totalImages;$i++) {
            $fileUploader->setGeneratorValues($fileGap, $fileFirst, $fileQuantity->getValue());
            $fileUploader->upload($_FILES["image_$i"]);
            $imagePaths[] = $url . '/api/system/download?file=' . $fileUploader->getFileName();
            $fileQuantity->value++;
        }

        $fileQuantity->store();
        return $imagePaths;
    }

    public function uploadFile($forceUpload = false) {
        $allowAttachments = Setting::getSetting('allow-attachments')->getValue();

        if(!isset($_FILES['file']) || (!$allowAttachments && !$forceUpload)) return '';

        $maxSize = Setting::getSetting('max-size')->getValue();
        $fileGap = Setting::getSetting('file-gap')->getValue();
        $fileFirst = Setting::getSetting('file-first-number')->getValue();
        $fileQuantity = Setting::getSetting('file-quantity');

        $fileUploader = FileUploader::getInstance();
        $fileUploader->setMaxSize($maxSize);
        $fileUploader->setGeneratorValues($fileGap, $fileFirst, $fileQuantity->getValue());

        if($fileUploader->upload($_FILES['file'])) {
            $fileQuantity->value++;
            $fileQuantity->store();

            return $fileUploader;
        } else {
            throw new Exception(ERRORS::INVALID_FILE);
        }
    }

    public function replaceWithImagePaths($imagePaths, $content) {
        if(!is_array($imagePaths)) return $content;
        return str_replace(array_map(function($index) { return "IMAGE_PATH_$index"; }, array_keys($imagePaths)), $imagePaths, $content);
    }

    public static function isUserSystemEnabled() {
        return Setting::getSetting('user-system-enabled')->getValue();
    }
}
[Ivan Diaz] - Create libraries Controller and Session 2016-01-15 03:45:22 +01:00			`<?php`
Ivan - Implement respect/validation for validation [skip ci] 2016-07-04 20:57:00 +02:00			`require_once 'libs/Validator.php';`
Ivan - Add ruby api testing for comment/create 2016-08-04 20:18:29 +02:00			`require_once 'models/Session.php';`
[Ivan Diaz] - Create libraries Controller and Session 2016-01-15 03:45:22 +01:00
Ivan - Fix installation with session-prefix 2017-06-25 01:00:50 +02:00			`use RedBeanPHP\Facade as RedBean;`

[Ivan Diaz] - Add controllers group class architecture 2016-03-05 00:36:11 +01:00			`abstract class Controller {`
Guillermo - csv import [skip ci] 2017-01-14 22:19:21 +01:00			`private static $dataRequester;`
[Ivan Diaz] - Add controllers group class architecture 2016-03-05 00:36:11 +01:00
			`/**`
			`* Instance-related stuff`
			`*/`
			`abstract public function handler();`
Ivan - Implement respect/validation for validation [skip ci] 2016-07-04 20:57:00 +02:00			`abstract public function validations();`
[Ivan Diaz] - Add controllers group class architecture 2016-03-05 00:36:11 +01:00
			`public function getHandler() {`
			`return function () {`
Ivan - Implement respect/validation for validation [skip ci] 2016-07-04 20:57:00 +02:00			`try {`
Ivan - Fix installation with session-prefix 2017-06-25 01:00:50 +02:00			`if(RedBean::testConnection() && !Setting::isTableEmpty()) {`
			`Session::getInstance()->setSessionPrefix(Setting::getSetting('session-prefix')->getValue());`
			`}`
Ivan - Implement respect/validation for validation [skip ci] 2016-07-04 20:57:00 +02:00			`$this->validate();`
Ivan - Fix master issues. Improve error handling 2016-11-24 22:02:18 +01:00			`$this->handler();`
			`} catch (\Exception $exception) {`
Ivan - Implement respect/validation for validation [skip ci] 2016-07-04 20:57:00 +02:00			`Response::respondError($exception->getMessage());`
			`return;`
			`}`
[Ivan Diaz] - Add controllers group class architecture 2016-03-05 00:36:11 +01:00			`};`
			`}`
Ivan - Fix linear congruential generator 2017-10-31 22:31:14 +01:00
Ivan - Implement respect/validation for validation [skip ci] 2016-07-04 20:57:00 +02:00			`public function validate() {`
			`$validator = new Validator();`
Ivan - Fix linear congruential generator 2017-10-31 22:31:14 +01:00
Ivan - Implement respect/validation for validation [skip ci] 2016-07-04 20:57:00 +02:00			`$validator->validate($this->validations());`
			`}`
[Ivan Diaz] - Add controllers group class architecture 2016-03-05 00:36:11 +01:00
Guillermo - csv import [skip ci] 2017-01-14 22:19:21 +01:00			`public static function init() {`
			`self::$dataRequester = function ($key) {`
			`$app = self::getAppInstance();`

Ivan - Fix uploading of files 2017-02-18 19:28:23 +01:00			`if (Controller::getAppInstance()->request()->isGet()) {`
Ivan - Fix download get 2017-02-15 20:14:27 +01:00			`$value = $app->request()->get($key);`
Ivan - Fix uploading of files 2017-02-18 19:28:23 +01:00			`} else {`
			`$value = $app->request()->post($key);`
Ivan - Fix download get 2017-02-15 20:14:27 +01:00			`}`

			`return $value;`
Guillermo - csv import [skip ci] 2017-01-14 22:19:21 +01:00			`};`
			`}`
[Ivan Diaz] - Create libraries Controller and Session 2016-01-15 03:45:22 +01:00
Guillermo - csv import [skip ci] 2017-01-14 22:19:21 +01:00			`public static function setDataRequester($dataRequester) {`
			`self::$dataRequester = $dataRequester;`
			`}`

Ivan - Add XSS protection backend [skip ci] 2017-03-02 06:56:42 +01:00			`public static function request($key, $secure = false) {`
			`$result = call_user_func(self::$dataRequester, $key);`
Ivan - Fix linear congruential generator 2017-10-31 22:31:14 +01:00
Fix assigment issues, login widget issues, recover password issues. Emails always on lowercase. 2018-08-14 20:21:36 +02:00			`if($key === 'email' \|\| $key === 'newEmail') {`
			`return strtolower($result);`
			`}`

Ivan - Add XSS protection backend [skip ci] 2017-03-02 06:56:42 +01:00			`if($secure) {`
			`$config = HTMLPurifier_Config::createDefault();`
			`$purifier = new HTMLPurifier($config);`
			`return $purifier->purify($result);`
			`} else {`
			`return $result;`
			`}`
[Ivan Diaz] - Create libraries Controller and Session 2016-01-15 03:45:22 +01:00			`}`
Ivan - Fix linear congruential generator 2017-10-31 22:31:14 +01:00
[Ivan Diaz] - Create libraries Controller and Session 2016-01-15 03:45:22 +01:00			`public static function getLoggedUser() {`
Ivan - STAFF LOGIN - Add Staff login to backend [skip ci] 2016-09-25 06:16:10 +02:00			`$session = Session::getInstance();`

			`if ($session->isStaffLogged()) {`
Ivan - Fix uploading of files 2017-02-18 19:28:23 +01:00			`return Staff::getUser($session->getUserId());`
Ivan - STAFF LOGIN - Add Staff login to backend [skip ci] 2016-09-25 06:16:10 +02:00			`} else {`
Ivan - Fix uploading of files 2017-02-18 19:28:23 +01:00			`return User::getUser($session->getUserId());`
Ivan - STAFF LOGIN - Add Staff login to backend [skip ci] 2016-09-25 06:16:10 +02:00			`}`
[Ivan Diaz] - Create libraries Controller and Session 2016-01-15 03:45:22 +01:00			`}`

Ivan - Add ruby api testing for comment/create 2016-08-04 20:18:29 +02:00			`public static function isUserLogged() {`
			`$session = Session::getInstance();`

			`return $session->checkAuthentication(array(`
			`'userId' => Controller::request('csrf_userid'),`
			`'token' => Controller::request('csrf_token')`
			`));`
			`}`

Ivan - STAFF LOGIN - Add Staff login to backend [skip ci] 2016-09-25 06:16:10 +02:00			`public static function isStaffLogged($level = 1) {`
			`return Controller::isUserLogged() && (Controller::getLoggedUser()->level >= $level);`
Ivan - Add ruby api testing for comment/create 2016-08-04 20:18:29 +02:00			`}`

[Ivan Diaz] - Add controllers group class architecture 2016-03-05 00:36:11 +01:00			`public static function getAppInstance() {`
			`return \Slim\Slim::getInstance();`
			`}`
Ivan - Fix linear congruential generator 2017-10-31 22:31:14 +01:00
Fix TextEditor, improve image uploading 2018-09-14 06:14:15 +02:00			`public function uploadImages() {`
			`$allowAttachments = Setting::getSetting('allow-attachments')->getValue();`
			`$totalImages = Controller::request('images') * 1;`

			`if(!$totalImages \|\| (!$allowAttachments && !$forceUpload)) return '';`

			`$maxSize = Setting::getSetting('max-size')->getValue();`
			`$fileGap = Setting::getSetting('file-gap')->getValue();`
			`$fileFirst = Setting::getSetting('file-first-number')->getValue();`
			`$fileQuantity = Setting::getSetting('file-quantity');`

			`$fileUploader = FileUploader::getInstance();`
			`$fileUploader->setMaxSize($maxSize);`

			`$imagePaths = [];`
			`$url = Setting::getSetting('url')->getValue();`
			`for($i=0;$i<$totalImages;$i++) {`
			`$fileUploader->setGeneratorValues($fileGap, $fileFirst, $fileQuantity->getValue());`
			`$fileUploader->upload($_FILES["image_$i"]);`
			`$imagePaths[] = $url . '/api/system/download?file=' . $fileUploader->getFileName();`
			`$fileQuantity->value++;`
			`}`

			`$fileQuantity->store();`
			`return $imagePaths;`
			`}`

Ivan - Fix csv import, remove sql import, add i18h keys for advanced settings [skip ci] 2017-03-04 22:38:49 +01:00			`public function uploadFile($forceUpload = false) {`
Ivan - Fix AreYouSure design, fix stats, rename get-api-keys, use allow-attachment, fix login verificationToken, fix deletion, fix ticket view permission, fix last events when empty, fix configuration in frontend, fix system preferences and my account 2017-02-24 07:56:25 +01:00			`$allowAttachments = Setting::getSetting('allow-attachments')->getValue();`

Ivan - Fix csv import, remove sql import, add i18h keys for advanced settings [skip ci] 2017-03-04 22:38:49 +01:00			`if(!isset($_FILES['file']) \|\| (!$allowAttachments && !$forceUpload)) return '';`
Ivan - Add validations before download and upload on comment [skip ci] 2017-01-13 00:30:44 +01:00
			`$maxSize = Setting::getSetting('max-size')->getValue();`
			`$fileGap = Setting::getSetting('file-gap')->getValue();`
			`$fileFirst = Setting::getSetting('file-first-number')->getValue();`
			`$fileQuantity = Setting::getSetting('file-quantity');`

			`$fileUploader = FileUploader::getInstance();`
			`$fileUploader->setMaxSize($maxSize);`
			`$fileUploader->setGeneratorValues($fileGap, $fileFirst, $fileQuantity->getValue());`

			`if($fileUploader->upload($_FILES['file'])) {`
			`$fileQuantity->value++;`
			`$fileQuantity->store();`

Guillermo - csv import [skip ci] 2017-01-15 21:33:33 +01:00			`return $fileUploader;`
Ivan - Add validations before download and upload on comment [skip ci] 2017-01-13 00:30:44 +01:00			`} else {`
			`throw new Exception(ERRORS::INVALID_FILE);`
			`}`
			`}`
Ivan - Fix linear congruential generator 2017-10-31 22:31:14 +01:00
Fix TextEditor, improve image uploading 2018-09-14 06:14:15 +02:00			`public function replaceWithImagePaths($imagePaths, $content) {`
Add test for image upload 2018-09-20 19:50:44 +02:00			`if(!is_array($imagePaths)) return $content;`
Fix TextEditor, improve image uploading 2018-09-14 06:14:15 +02:00			`return str_replace(array_map(function($index) { return "IMAGE_PATH_$index"; }, array_keys($imagePaths)), $imagePaths, $content);`
			`}`

Guillermo - disable-user-system [skip ci] 2017-01-16 20:07:53 +01:00			`public static function isUserSystemEnabled() {`
			`return Setting::getSetting('user-system-enabled')->getValue();`
			`}`
Ivan - Fix linear congruential generator 2017-10-31 22:31:14 +01:00			`}`