PageRenderTime 65ms CodeModel.GetById 27ms RepoModel.GetById 0ms app.codeStats 0ms

/fuel/modules/fuel/libraries/Fuel_base_controller.php

http://github.com/daylightstudio/FUEL-CMS
PHP | 220 lines | 85 code | 30 blank | 105 comment | 7 complexity | c9ad0cd4a3c69e596042535b97dada5a MD5 | raw file
Possible License(s): LGPL-2.1, MPL-2.0-no-copyleft-exception
  1. <?php if (!defined('BASEPATH')) exit('No direct script access allowed');
  2. /**
  3. * FUEL CMS
  4. * http://www.getfuelcms.com
  5. *
  6. * An open source Content Management System based on the
  7. * Codeigniter framework (http://codeigniter.com)
  8. *
  9. * @package FUEL CMS
  10. * @author David McReynolds @ Daylight Studio
  11. * @copyright Copyright (c) 2018, Daylight Studio LLC.
  12. * @license http://docs.getfuelcms.com/general/license
  13. * @link http://www.getfuelcms.com
  14. * @filesource
  15. */
  16. // ------------------------------------------------------------------------
  17. /**
  18. * FUEL base controller object
  19. *
  20. * @package FUEL CMS
  21. * @subpackage Libraries
  22. * @category Libraries
  23. * @author David McReynolds @ Daylight Studio
  24. * @link http://docs.getfuelcms.com/libraries/fuel_base_controller
  25. * @autodoc FALSE
  26. */
  27. // --------------------------------------------------------------------
  28. define('FUEL_ADMIN', TRUE);
  29. class Fuel_base_controller extends CI_Controller {
  30. public $js_controller = 'fuel.controller.BaseFuelController'; // The default jQX controller
  31. public $js_controller_params = array(); // jQX controller parameters
  32. public $js_controller_path = ''; // The path to the jQX controllers. If blank it will load from the fuel/modules/fuel/assets/js/jqx/ directory
  33. public $nav_selected; // the navigation item in the left menu to show selected
  34. public $fuel; // the FUEL master object
  35. // --------------------------------------------------------------------
  36. /**
  37. * Constructor
  38. *
  39. * @access public
  40. * @param boolean Determines whether to validate the user or not (optional)
  41. * @return void
  42. */
  43. public function __construct($validate = TRUE)
  44. {
  45. parent::__construct();
  46. $this->fuel->admin->initialize(array('validate' => $validate));
  47. if (method_exists($this, '_init'))
  48. {
  49. $this->_init();
  50. }
  51. }
  52. // --------------------------------------------------------------------
  53. /**
  54. * Resets the page state for the current page by default
  55. *
  56. * @access public
  57. * @param string (optional)
  58. * @return void
  59. */
  60. public function reset_page_state($state_key = NULL)
  61. {
  62. if (empty($state_key))
  63. {
  64. $state_key = $this->fuel->admin->get_state_key();
  65. }
  66. if (!empty($state_key))
  67. {
  68. $session_key = $this->fuel->auth->get_session_namespace();
  69. $user_data = $this->fuel->auth->user_data();
  70. $user_data['page_state'] = array();
  71. $this->session->set_userdata($session_key, $user_data);
  72. redirect(fuel_url($state_key));
  73. }
  74. }
  75. // --------------------------------------------------------------------
  76. /**
  77. * Validates that the currently logged in user has the proper permissions to view the current page
  78. *
  79. * @access protected
  80. * @param string The name of the permission to check for the currently logged in user
  81. * @param string The type of permission (e.g. publish, edit, delete) (optional)
  82. * @param boolean Determines whether to show a 404 error or to just exit. Default is to show a 404 error(optional)
  83. * @return void
  84. */
  85. protected function _validate_user($permission, $type = '', $show_error = TRUE)
  86. {
  87. if (!$this->fuel->auth->has_permission($permission, $type))
  88. {
  89. if ($show_error)
  90. {
  91. show_error(lang('error_no_access', fuel_url()));
  92. }
  93. else
  94. {
  95. exit();
  96. }
  97. }
  98. }
  99. // --------------------------------------------------------------------
  100. /**
  101. * Generates a CSRF token in case xss is not turned on in CI
  102. *
  103. * @access protected
  104. * @return void
  105. */
  106. protected function _generate_csrf_token()
  107. {
  108. return $this->security->xss_hash();
  109. }
  110. // --------------------------------------------------------------------
  111. /**
  112. * Generates a CSRF token in case xss is not turned on in CI
  113. *
  114. * @access protected
  115. * @return void
  116. */
  117. protected function _get_csrf_token_name()
  118. {
  119. return $this->security->get_csrf_token_name().'_FUEL';
  120. }
  121. // --------------------------------------------------------------------
  122. /**
  123. * Sets an XSS session variable to be able to check on posts
  124. *
  125. * @access protected
  126. * @return void
  127. */
  128. protected function _prep_csrf()
  129. {
  130. // The session CSRF is only created once otherwise we'll
  131. // have issues with inline module editing and elsewhere
  132. if (!$this->_has_session_csrf())
  133. {
  134. $hash = $this->_generate_csrf_token();
  135. $this->_set_session_csrf($hash);
  136. }
  137. else
  138. {
  139. $hash = $this->_session_csrf();
  140. }
  141. $this->form_builder->key_check_name = $this->_get_csrf_token_name();
  142. $this->form_builder->key_check = $hash;
  143. }
  144. // --------------------------------------------------------------------
  145. /**
  146. * Determines if the session CSRF exists
  147. *
  148. * @access protected
  149. * @return void
  150. */
  151. protected function _has_session_csrf()
  152. {
  153. return isset($_SESSION[$this->fuel->auth->get_session_namespace()][$this->_get_csrf_token_name()]);
  154. }
  155. // --------------------------------------------------------------------
  156. /**
  157. * Sets the session CSRF
  158. *
  159. * @access protected
  160. * @return void
  161. */
  162. protected function _set_session_csrf($hash)
  163. {
  164. $_SESSION[$this->fuel->auth->get_session_namespace()][$this->_get_csrf_token_name()] = $hash;
  165. }
  166. // --------------------------------------------------------------------
  167. /**
  168. * Returns the session CSRF
  169. *
  170. * @access protected
  171. * @return void
  172. */
  173. protected function _session_csrf()
  174. {
  175. return !empty($_SESSION[$this->fuel->auth->get_session_namespace()][$this->_get_csrf_token_name()]) ? $_SESSION[$this->fuel->auth->get_session_namespace()][$this->_get_csrf_token_name()] : NULL;
  176. }
  177. // --------------------------------------------------------------------
  178. /**
  179. * Validates a submission based on the CSRF token
  180. *
  181. * @access protected
  182. * @return void
  183. */
  184. protected function _is_valid_csrf()
  185. {
  186. return $this->_session_csrf() AND $this->_session_csrf() === $this->input->post($this->_get_csrf_token_name());
  187. }
  188. }
  189. /* End of file Fuel_base_controller.php */
  190. /* Location: ./modules/fuel/libraries/Fuel_base_controller.php */