From ac930607adcaeae93fb6836760d19d1e8f7a8973 Mon Sep 17 00:00:00 2001
From: drigato <denise.rigato@sourcefabric.org>
Date: Thu, 3 Jul 2014 11:08:54 -0400
Subject: [PATCH 1/2] Redirect index action to upgrade action

---
 airtime_mvc/application/controllers/BillingController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/airtime_mvc/application/controllers/BillingController.php b/airtime_mvc/application/controllers/BillingController.php
index 696c69319..3d9ad8588 100644
--- a/airtime_mvc/application/controllers/BillingController.php
+++ b/airtime_mvc/application/controllers/BillingController.php
@@ -15,7 +15,7 @@ class BillingController extends Zend_Controller_Action {
     
     public function indexAction()
     {
-        
+        $this->_redirect('billing/upgrade');
     }
 
     public function upgradeAction()

From a5822aa07ae890359f58f31ee542b5c086425adf Mon Sep 17 00:00:00 2001
From: Albert Santoni <albert.santoni@sourcefabric.org>
Date: Thu, 3 Jul 2014 12:26:09 -0400
Subject: [PATCH 2/2] CORS refactoring

---
 airtime_mvc/application/common/CORSHelper.php | 26 +++++++++++++++++++
 .../controllers/LoginController.php           | 23 ++++------------
 .../controllers/ShowbuilderController.php     |  9 ++++++-
 airtime_mvc/public/index.php                  |  3 +++
 4 files changed, 42 insertions(+), 19 deletions(-)
 create mode 100644 airtime_mvc/application/common/CORSHelper.php

diff --git a/airtime_mvc/application/common/CORSHelper.php b/airtime_mvc/application/common/CORSHelper.php
new file mode 100644
index 000000000..09ab45b33
--- /dev/null
+++ b/airtime_mvc/application/common/CORSHelper.php
@@ -0,0 +1,26 @@
+<?php
+
+
+class CORSHelper
+{
+    public static function enableATProCrossOriginRequests(&$request, &$response)
+    {
+        //Allow AJAX requests from www.airtime.pro. We use this to automatically login users
+        //after they sign up from the microsite.
+        //Chrome sends the Origin header for all requests, so we whitelist the webserver's hostname as well.
+        $response = $response->setHeader('Access-Control-Allow-Origin', '*');
+        $origin = $request->getHeader('Origin');
+        if (($origin != "") &&
+        (!in_array($origin,
+                array("http://www.airtime.pro",
+                        "https://www.airtime.pro",
+                        "http://" . $_SERVER['SERVER_NAME'],
+                        "https://" . $_SERVER['SERVER_NAME']
+                ))
+        ))
+        {
+            //Don't allow CORS from other domains to prevent XSS.
+            throw new Zend_Controller_Action_Exception('Forbidden', 403);
+        }
+    }
+}
\ No newline at end of file
diff --git a/airtime_mvc/application/controllers/LoginController.php b/airtime_mvc/application/controllers/LoginController.php
index 7c18f5dc6..c3d9e0d89 100644
--- a/airtime_mvc/application/controllers/LoginController.php
+++ b/airtime_mvc/application/controllers/LoginController.php
@@ -1,6 +1,7 @@
 <?php
 
 require_once('WhmcsLoginController.php');
+require_once('CORSHelper.php');
 
 class LoginController extends Zend_Controller_Action
 {
@@ -14,25 +15,11 @@ class LoginController extends Zend_Controller_Action
         $CC_CONFIG = Config::getConfig();
         
         $request = $this->getRequest();
+        $response = $this->getResponse();
         
-        //Allow AJAX requests from www.airtime.pro. We use this to automatically login users
-        //after they sign up from the microsite.
-        //Chrome sends the Origin header for all requests, so we whitelist the webserver's hostname as well.
-        $response = $this->getResponse()->setHeader('Access-Control-Allow-Origin', '*');
-        $origin = $request->getHeader('Origin');
-        if (($origin != "") && 
-            (!in_array($origin, 
-                    array("http://www.airtime.pro", 
-                          "https://www.airtime.pro",
-                          "http://" . $_SERVER['SERVER_NAME'],
-                          "https://" . $_SERVER['SERVER_NAME']
-                ))
-            ))
-        {
-            //Don't allow CORS from other domains to prevent XSS.
-            throw new Zend_Controller_Action_Exception('Forbidden', 403);
-        }
-        
+        //Enable AJAX requests from www.airtime.pro for the sign-in process.
+        CORSHelper::enableATProCrossOriginRequests($request, $response);
+                
         Application_Model_Locale::configureLocalization($request->getcookie('airtime_locale', 'en_CA'));
         if (Zend_Auth::getInstance()->hasIdentity())
         {
diff --git a/airtime_mvc/application/controllers/ShowbuilderController.php b/airtime_mvc/application/controllers/ShowbuilderController.php
index 7df1bb7ad..fa6c5b636 100644
--- a/airtime_mvc/application/controllers/ShowbuilderController.php
+++ b/airtime_mvc/application/controllers/ShowbuilderController.php
@@ -1,5 +1,7 @@
 <?php
 
+require_once('CORSHelper.php');
+
 class ShowbuilderController extends Zend_Controller_Action
 {
 
@@ -22,7 +24,12 @@ class ShowbuilderController extends Zend_Controller_Action
         $CC_CONFIG = Config::getConfig();
 
         $request = $this->getRequest();
-
+        $response = $this->getResponse();
+        
+        //Enable AJAX requests from www.airtime.pro because the autologin during the seamless sign-up follows
+        //a redirect here.
+        CORSHelper::enableATProCrossOriginRequests($request, $response);
+        
         $baseUrl = Application_Common_OsPath::getBaseDir();
 
         $user = Application_Model_User::GetCurrentUser();
diff --git a/airtime_mvc/public/index.php b/airtime_mvc/public/index.php
index 548b3d1fc..955555676 100644
--- a/airtime_mvc/public/index.php
+++ b/airtime_mvc/public/index.php
@@ -47,6 +47,9 @@ if (file_exists('/usr/share/php/libzend-framework-php')) {
 //Upgrade directory
 set_include_path(APPLICATION_PATH . '/upgrade/' . PATH_SEPARATOR . get_include_path());
 
+//Common directory
+set_include_path(APPLICATION_PATH . '/common/' . PATH_SEPARATOR . get_include_path());
+
 
 /** Zend_Application */
 require_once 'Zend/Application.php';