Merge branch 'saas-dev' into saas-dev-publishing
Conflicts: airtime_mvc/application/Bootstrap.php airtime_mvc/application/controllers/plugins/Acl_plugin.php
This commit is contained in:
Duncan Sommerville
commit
12f6536e74
32 changed files with 4672 additions and 326 deletions
|
|
@ -109,9 +109,10 @@ class Zend_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
|
|||
public function preDispatch(Zend_Controller_Request_Abstract $request)
|
||||
{
|
||||
$controller = strtolower($request->getControllerName());
|
||||
Application_Model_Auth::pinSessionToClient(Zend_Auth::getInstance());
|
||||
|
||||
if (in_array($controller, array(
|
||||
"index",
|
||||
"login",
|
||||
"api",
|
||||
"auth",
|
||||
"error",
|
||||
|
|
@ -124,7 +125,10 @@ class Zend_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
|
|||
)))
|
||||
{
|
||||
$this->setRoleName("G");
|
||||
} elseif (!Zend_Auth::getInstance()->hasIdentity()) {
|
||||
}
|
||||
elseif (Zend_Session::isStarted() && !Zend_Auth::getInstance()->hasIdentity()) {
|
||||
|
||||
//The controller uses sessions but we don't have an identity yet.
|
||||
|
||||
// If we don't have an identity and we're making a RESTful request,
|
||||
// we need to do API key verification
|
||||
|
|
@ -166,6 +170,7 @@ class Zend_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
|
|||
}
|
||||
}
|
||||
} else { //We have a session/identity.
|
||||
|
||||
// If we have an identity and we're making a RESTful request,
|
||||
// we need to check the CSRF token
|
||||
if ($_SERVER['REQUEST_METHOD'] != "GET" && $request->getModuleName() == "rest") {
|
||||
|
|
@ -230,10 +235,7 @@ class Zend_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
|
|||
}
|
||||
|
||||
private function verifyCSRFToken($token) {
|
||||
$current_namespace = new Zend_Session_Namespace('csrf_namespace');
|
||||
$observed_csrf_token = $token;
|
||||
$expected_csrf_token = $current_namespace->authtoken;
|
||||
return ($observed_csrf_token == $expected_csrf_token);
|
||||
return SecurityHelper::verifyCSRFToken($token);
|
||||
}
|
||||
|
||||
private function verifyAPIKey() {
|
||||
|
|
|
|||
|
|
@ -4,6 +4,10 @@ class Zend_Controller_Plugin_ConversionTracking extends Zend_Controller_Plugin_A
|
|||
{
|
||||
public function preDispatch(Zend_Controller_Request_Abstract $request)
|
||||
{
|
||||
if (!Zend_Session::isStarted()) {
|
||||
return;
|
||||
}
|
||||
|
||||
//If user is a super admin and old plan level is set to trial....
|
||||
if (Application_Common_GoogleAnalytics::didPaidConversionOccur($request))
|
||||
{
|
||||
|
|
|
|||
|
|
@ -0,0 +1,241 @@
|
|||
<?php
|
||||
|
||||
/** Our standard page layout initialization has to be done via a plugin
|
||||
* because some of it requires session variables, and some of the routes
|
||||
* run without a session (like API calls). This is an optimization because
|
||||
* starting the session adds a fair amount of overhead.
|
||||
*/
|
||||
class PageLayoutInitPlugin extends Zend_Controller_Plugin_Abstract
|
||||
{
|
||||
protected $_bootstrap = null;
|
||||
|
||||
public function __construct($boostrap) {
|
||||
$this->_bootstrap = $boostrap;
|
||||
}
|
||||
|
||||
/**
|
||||
* Start the session depending on which controller your request is going to.
|
||||
* We start the session explicitly here so that we can avoid starting sessions
|
||||
* needlessly for (stateless) requests to the API.
|
||||
* @param Zend_Controller_Request_Abstract $request
|
||||
* @throws Zend_Session_Exception
|
||||
*/
|
||||
public function routeShutdown(Zend_Controller_Request_Abstract $request)
|
||||
{
|
||||
$controller = strtolower($request->getControllerName());
|
||||
$action = strtolower($request->getActionName());
|
||||
|
||||
//List of controllers where we don't need a session, and we don't need
|
||||
//all the standard HTML / JS boilerplate.
|
||||
if (!in_array($controller, array(
|
||||
"index", //Radio Page
|
||||
"api",
|
||||
"auth",
|
||||
"error",
|
||||
"locale",
|
||||
"upgrade",
|
||||
'whmcs-login',
|
||||
"provisioning",
|
||||
"embed"
|
||||
))
|
||||
) {
|
||||
//Start the session
|
||||
Zend_Session::start();
|
||||
Application_Model_Auth::pinSessionToClient(Zend_Auth::getInstance());
|
||||
|
||||
//localization configuration
|
||||
Application_Model_Locale::configureLocalization();
|
||||
|
||||
$this->_initGlobals();
|
||||
$this->_initCsrfNamespace();
|
||||
$this->_initHeadLink();
|
||||
$this->_initHeadScript();
|
||||
$this->_initTitle();
|
||||
$this->_initTranslationGlobals();
|
||||
$this->_initViewHelpers();
|
||||
}
|
||||
}
|
||||
|
||||
protected function _initGlobals()
|
||||
{
|
||||
if (!Zend_Session::isStarted()) {
|
||||
return;
|
||||
}
|
||||
|
||||
$view = $this->_bootstrap->getResource('view');
|
||||
$baseUrl = Application_Common_OsPath::getBaseDir();
|
||||
|
||||
$view->headScript()->appendScript("var baseUrl = '$baseUrl';");
|
||||
$this->_initTranslationGlobals($view);
|
||||
|
||||
$user = Application_Model_User::GetCurrentUser();
|
||||
if (!is_null($user)) {
|
||||
$userType = $user->getType();
|
||||
} else {
|
||||
$userType = "";
|
||||
}
|
||||
$view->headScript()->appendScript("var userType = '$userType';");
|
||||
|
||||
// Dropzone also accept file extensions and doesn't correctly extract certain mimetypes (eg. FLAC - try it),
|
||||
// so we append the file extensions to the list of mimetypes and that makes it work.
|
||||
$mimeTypes = FileDataHelper::getAudioMimeTypeArray();
|
||||
$fileExtensions = array_values($mimeTypes);
|
||||
foreach($fileExtensions as &$extension) {
|
||||
$extension = '.' . $extension;
|
||||
}
|
||||
$view->headScript()->appendScript("var acceptedMimeTypes = " . json_encode(array_merge(array_keys($mimeTypes), $fileExtensions)) . ";");
|
||||
}
|
||||
|
||||
/**
|
||||
* Create a global namespace to hold a session token for CSRF prevention
|
||||
*/
|
||||
protected function _initCsrfNamespace()
|
||||
{
|
||||
/*
|
||||
if (!Zend_Session::isStarted()) {
|
||||
return;
|
||||
}*/
|
||||
|
||||
$csrf_namespace = new Zend_Session_Namespace('csrf_namespace');
|
||||
// Check if the token exists
|
||||
if (!$csrf_namespace->authtoken) {
|
||||
// If we don't have a token, regenerate it and set a 1 week timeout
|
||||
// Should we log the user out here if the token is expired?
|
||||
$csrf_namespace->authtoken = sha1(uniqid(rand(), 1));
|
||||
$csrf_namespace->setExpirationSeconds(168 * 60 * 60);
|
||||
}
|
||||
|
||||
//Here we are closing the session for writing because otherwise no requests
|
||||
//in this session will be handled in parallel. This gives a major boost to the perceived performance
|
||||
//of the application (page load times are more consistent, no lock contention).
|
||||
session_write_close();
|
||||
//Zend_Session::writeClose(true);
|
||||
}
|
||||
|
||||
/**
|
||||
* Ideally, globals should be written to a single js file once
|
||||
* from a php init function. This will save us from having to
|
||||
* reinitialize them every request
|
||||
*/
|
||||
private function _initTranslationGlobals()
|
||||
{
|
||||
$view = $this->_bootstrap->getResource('view');
|
||||
$view->headScript()->appendScript("var PRODUCT_NAME = '" . PRODUCT_NAME . "';");
|
||||
$view->headScript()->appendScript("var USER_MANUAL_URL = '" . USER_MANUAL_URL . "';");
|
||||
$view->headScript()->appendScript("var COMPANY_NAME = '" . COMPANY_NAME . "';");
|
||||
}
|
||||
|
||||
protected function _initHeadLink()
|
||||
{
|
||||
$CC_CONFIG = Config::getConfig();
|
||||
|
||||
$view = $this->_bootstrap->getResource('view');
|
||||
|
||||
$baseUrl = Application_Common_OsPath::getBaseDir();
|
||||
|
||||
$view->headLink(array('rel' => 'icon', 'href' => $baseUrl . 'favicon.ico?' . $CC_CONFIG['airtime_version'], 'type' => 'image/x-icon'), 'PREPEND')
|
||||
->appendStylesheet($baseUrl . 'css/bootstrap.css?' . $CC_CONFIG['airtime_version'])
|
||||
->appendStylesheet($baseUrl . 'css/redmond/jquery-ui-1.8.8.custom.css?' . $CC_CONFIG['airtime_version'])
|
||||
->appendStylesheet($baseUrl . 'css/pro_dropdown_3.css?' . $CC_CONFIG['airtime_version'])
|
||||
->appendStylesheet($baseUrl . 'css/qtip/jquery.qtip.min.css?' . $CC_CONFIG['airtime_version'])
|
||||
->appendStylesheet($baseUrl . 'css/styles.css?' . $CC_CONFIG['airtime_version'])
|
||||
->appendStylesheet($baseUrl . 'css/masterpanel.css?' . $CC_CONFIG['airtime_version'])
|
||||
->appendStylesheet($baseUrl . 'css/tipsy/jquery.tipsy.css?' . $CC_CONFIG['airtime_version']);
|
||||
}
|
||||
|
||||
protected function _initHeadScript()
|
||||
{
|
||||
if (!Zend_Session::isStarted()) {
|
||||
return;
|
||||
}
|
||||
|
||||
$CC_CONFIG = Config::getConfig();
|
||||
|
||||
$view = $this->_bootstrap->getResource('view');
|
||||
|
||||
$baseUrl = Application_Common_OsPath::getBaseDir();
|
||||
|
||||
$view->headScript()->appendFile($baseUrl . 'js/libs/jquery-1.8.3.min.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
|
||||
->appendFile($baseUrl . 'js/libs/jquery-ui-1.8.24.min.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
|
||||
->appendFile($baseUrl . 'js/bootstrap/bootstrap.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
|
||||
->appendFile($baseUrl . 'js/libs/underscore-min.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
|
||||
|
||||
// ->appendFile($baseUrl . 'js/libs/jquery.stickyPanel.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
|
||||
->appendFile($baseUrl . 'js/qtip/jquery.qtip.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
|
||||
->appendFile($baseUrl . 'js/jplayer/jquery.jplayer.min.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
|
||||
->appendFile($baseUrl . 'js/sprintf/sprintf-0.7-beta1.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
|
||||
->appendFile($baseUrl . 'js/cookie/jquery.cookie.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
|
||||
->appendFile($baseUrl . 'js/i18n/jquery.i18n.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
|
||||
->appendFile($baseUrl . 'locale/general-translation-table?' . $CC_CONFIG['airtime_version'], 'text/javascript')
|
||||
->appendFile($baseUrl . 'locale/datatables-translation-table?' . $CC_CONFIG['airtime_version'], 'text/javascript')
|
||||
|
||||
->appendScript("$.i18n.setDictionary(general_dict)")
|
||||
->appendScript("var baseUrl='$baseUrl'");
|
||||
|
||||
//These timezones are needed to adjust javascript Date objects on the client to make sense to the user's set timezone
|
||||
//or the server's set timezone.
|
||||
$serverTimeZone = new DateTimeZone(Application_Model_Preference::GetDefaultTimezone());
|
||||
$now = new DateTime("now", $serverTimeZone);
|
||||
$offset = $now->format("Z") * -1;
|
||||
$view->headScript()->appendScript("var serverTimezoneOffset = {$offset}; //in seconds");
|
||||
|
||||
if (class_exists("Zend_Auth", false) && Zend_Auth::getInstance()->hasIdentity()) {
|
||||
$userTimeZone = new DateTimeZone(Application_Model_Preference::GetUserTimezone());
|
||||
$now = new DateTime("now", $userTimeZone);
|
||||
$offset = $now->format("Z") * -1;
|
||||
$view->headScript()->appendScript("var userTimezoneOffset = {$offset}; //in seconds");
|
||||
}
|
||||
|
||||
//scripts for now playing bar
|
||||
$view->headScript()->appendFile($baseUrl . 'js/airtime/airtime_bootstrap.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
|
||||
->appendFile($baseUrl . 'js/airtime/dashboard/helperfunctions.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
|
||||
->appendFile($baseUrl . 'js/airtime/dashboard/dashboard.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
|
||||
->appendFile($baseUrl . 'js/airtime/dashboard/versiontooltip.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
|
||||
->appendFile($baseUrl . 'js/tipsy/jquery.tipsy.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
|
||||
|
||||
->appendFile($baseUrl . 'js/airtime/common/common.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
|
||||
->appendFile($baseUrl . 'js/airtime/common/audioplaytest.js?' . $CC_CONFIG['airtime_version'], 'text/javascript');
|
||||
|
||||
$user = Application_Model_User::getCurrentUser();
|
||||
if (!is_null($user)) {
|
||||
$userType = $user->getType();
|
||||
} else {
|
||||
$userType = "";
|
||||
}
|
||||
|
||||
$view->headScript()->appendScript("var userType = '$userType';");
|
||||
if (array_key_exists('REQUEST_URI', $_SERVER) //Doesn't exist for unit tests
|
||||
&& strpos($_SERVER['REQUEST_URI'], 'Dashboard/stream-player') === false
|
||||
&& strpos($_SERVER['REQUEST_URI'], 'audiopreview') === false
|
||||
&& $_SERVER['REQUEST_URI'] != "/") {
|
||||
$plan_level = strval(Application_Model_Preference::GetPlanLevel());
|
||||
// Since the Hobbyist plan doesn't come with Live Chat support, don't enable it
|
||||
if (Application_Model_Preference::GetLiveChatEnabled() && $plan_level !== 'hobbyist') {
|
||||
$client_id = strval(Application_Model_Preference::GetClientId());
|
||||
$station_url = $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
|
||||
$view->headScript()->appendScript("var livechat_client_id = '$client_id';\n" .
|
||||
"var livechat_plan_type = '$plan_level';\n" .
|
||||
"var livechat_station_url = 'http://$station_url';");
|
||||
$view->headScript()->appendFile($baseUrl . 'js/airtime/common/livechat.js?' . $CC_CONFIG['airtime_version'], 'text/javascript');
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
if (isset($CC_CONFIG['demo']) && $CC_CONFIG['demo'] == 1) {
|
||||
$view->headScript()->appendFile($baseUrl.'js/libs/google-analytics.js?'.$CC_CONFIG['airtime_version'],'text/javascript');
|
||||
}*/
|
||||
}
|
||||
|
||||
protected function _initViewHelpers()
|
||||
{
|
||||
$view = $this->_bootstrap->getResource('view');
|
||||
$view->addHelperPath(APPLICATION_PATH . 'views/helpers', 'Airtime_View_Helper');
|
||||
$view->assign('suspended', (Application_Model_Preference::getProvisioningStatus() == PROVISIONING_STATUS_SUSPENDED));
|
||||
}
|
||||
|
||||
protected function _initTitle()
|
||||
{
|
||||
$view = $this->_bootstrap->getResource('view');
|
||||
$view->headTitle(Application_Model_Preference::GetHeadTitle());
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue