projects / platal.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Do not add empty job address in vcard.
[platal.git] / classes / platal.php
1 <?php
2 /***************************************************************************
3 * Copyright (C) 2003-2011 Polytechnique.org *
4 * http://opensource.polytechnique.org/ *
5 * *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
10 * *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
15 * *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
18 * Foundation, Inc., *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
21
22 // Return values for handlers and hooks. This defines the behavior of both the
23 // plat/al engine, and the invidivual hooks.
24 define('PL_DO_AUTH', 300); // User should be redirected to the login page.
25 define('PL_BAD_REQUEST', 400); // Request is not valid, and could not be interpreted.
26 define('PL_FORBIDDEN', 403); // User is not allowed to view page (auth or permission error).
27 define('PL_NOT_FOUND', 404); // Page doesn't not exist. Engine will try to offer suggestions.
28 define('PL_WIKI', 500); // Page is a wiki page, plat/al engine should yield to the wiki engine.
29 define('PL_JSON', 501); // Page is valid, but result should be JSON-encoded, not HTML-encoded.
30
31 abstract class PlHook
32 {
33 protected $auth;
34 protected $perms;
35 protected $type;
36
37 protected function __construct($auth = AUTH_PUBLIC, $perms = 'user', $type = DO_AUTH)
38 {
39 $this->auth = $auth;
40 $this->perms = $perms;
41 $this->type = $type;
42 }
43
44 public function checkPerms()
45 {
46 // Don't check permissions if there are no permission requirement
47 // (either no requested group membership, or public auth is allowed).
48 return !$this->perms || $this->auth == AUTH_PUBLIC ||
49 Platal::session()->checkPerms($this->perms);
50 }
51
52 public function hasType($type)
53 {
54 return ($this->type & $type) == $type;
55 }
56
57 abstract protected function run(PlPage $page, array $args);
58
59 public function call(PlPage $page, array $args)
60 {
61 global $globals, $session, $platal;
62 if (!$session->checkAuth($this->auth)) {
63 if ($this->hasType(DO_AUTH)) {
64 if (!$session->start($this->auth)) {
65 $platal->force_login($page);
66 return PL_FORBIDDEN;
67 }
68 } else {
69 return PL_FORBIDDEN;
70 }
71 }
72 if (!$this->checkPerms()) {
73 if (Platal::notAllowed()) {
74 return PL_FORBIDDEN;
75 }
76 }
77 return $this->run($page, $args);
78 }
79 }
80
81 /** The standard plat/al hook, for interactive requests.
82 * It optionally does active authentication (DO_AUTH). The handler is invoked
83 * with the PlPage object, and with each of the remaining path components.
84 */
85 class PlStdHook extends PlHook
86 {
87 private $callback;
88
89 public function __construct($callback, $auth = AUTH_PUBLIC, $perms = 'user', $type = DO_AUTH)
90 {
91 parent::__construct($auth, $perms, $type);
92 $this->callback = $callback;
93 }
94
95 protected function run(PlPage $page, array $args)
96 {
97 global $session, $platal;
98
99 $args[0] = $page;
100 $val = call_user_func_array($this->callback, $args);
101 if ($val == PL_DO_AUTH) {
102 if (!$session->start($session->loggedLevel())) {
103 $platal->force_login($page);
104 }
105 $val = call_user_func_array($this->callback, $args);
106 }
107 return $val;
108 }
109 }
110
111 /** A specialized hook for API requests.
112 * It is intended to be used for passive API requests, authenticated either by
113 * an existing session (with a valid XSRF token), or by an alternative single
114 * request auth mechanism implemented by PlSession::apiAuth.
115 *
116 * This hook is suitable for read-write requests against the website, provided
117 * $auth is set appropriately. Note that the auth level is only checked for
118 * session-authenticated users, as "apiAuth" users are assumed to always have
119 * the requested level (use another hook otherwise).
120 *
121 * The callback will be passed as arguments the PlPage, the authenticated
122 * PlUser, the JSON decoded payload, and the remaining path components, as with
123 * any other hook.
124 *
125 * If the callback intends to JSON-encode its returned value, it is advised to
126 * use PlPage::jsonAssign, and return PL_JSON to enable automatic encoding.
127 */
128 class PlApiHook extends PlHook
129 {
130 private $actualAuth;
131 private $callback;
132
133 public function __construct($callback, $auth = AUTH_PUBLIC, $perms = 'user', $type = NO_AUTH)
134 {
135 // As mentioned above, $auth is only applied for session-based auth
136 // (as opposed to token-based). PlHook is initialized to AUTH_PUBLIC to
137 // avoid it refusing to approve requests; this is important as the user
138 // is not yet authenticated at that point (see below for the actual
139 // permissions check).
140 parent::__construct(AUTH_PUBLIC, $perms, $type);
141 $this->actualAuth = $auth;
142 $this->callback = $callback;
143 }
144
145 private function getEncodedPayload($method)
146 {
147 return $method == "GET" ? "" : file_get_contents("php://input");
148 }
149
150 private function decodePayload($encodedPayload)
151 {
152 return empty($encodedPayload) ? array() : json_decode($encodedPayload, true);
153 }
154
155 protected function run(PlPage $page, array $args)
156 {
157 $method = $_SERVER['REQUEST_METHOD'];
158 $encodedPayload = $this->getEncodedPayload($method);
159 $jsonPayload = $this->decodePayload($encodedPayload);
160 $resource = '/' . implode('/', $args);
161
162 // If the payload wasn't a valid JSON encoded object, bail out early.
163 if (is_null($jsonPayload)) {
164 $page->trigError("Could not decode the JSON-encoded payload sent with the request.");
165 return PL_BAD_REQUEST;
166 }
167
168 // Authenticate the request. Try first with the existing session (which
169 // is less expensive to check), by veryfing that the XSRF token is
170 // valid; otherwise fallbacks to API-type authentication from PlSession.
171 if (S::logged() && S::has_xsrf_token() && Platal::session()->checkAuth($this->actualAuth)) {
172 $user = S::user();
173 } else {
174 $user = Platal::session()->apiAuth($method, $resource, $encodedPayload);
175 }
176
177 // Check the permissions, unless the handler is fully public.
178 if ($this->actualAuth > AUTH_PUBLIC) {
179 if (is_null($user) || !$user->checkPerms($this->perms)) {
180 return PL_FORBIDDEN;
181 }
182 }
183
184 // Invoke the callback, whose signature is (PlPage, PlUser, jsonPayload).
185 array_shift($args);
186 array_unshift($args, $page, $user, $jsonPayload);
187 return call_user_func_array($this->callback, $args);
188 }
189 }
190
191 /** A specialized hook for token-based requests.
192 * It is intended for purely passive requests (typically for serving CSV or RSS
193 * content outside the browser), and can fallback to regular session-based
194 * authentication when the token is not valid/available.
195 *
196 * Note that $auth is only applied for session-backed authentication; it is
197 * assumed that token-based auth is always enough for the hook (otherwise, just
198 * use PlStdHook above).
199 *
200 * Also, this hook requires that the first two unmatched path components are the
201 * user and token (for instance /<matched path>/<user>/<token>/....). They will
202 * be popped before being passed to the handler, and replaced by the request's
203 * PlUser object.
204 */
205 class PlTokenHook extends PlHook
206 {
207 private $actualAuth;
208 private $callback;
209
210 public function __construct($callback, $auth = AUTH_PUBLIC, $perms = 'user', $type = NO_AUTH)
211 {
212 // See PlApiHook::__construct.
213 parent::__construct(AUTH_PUBLIC, $perms, $type);
214 $this->actualAuth = $auth;
215 $this->callback = $callback;
216 }
217
218 protected function run(PlPage $page, array $args)
219 {
220 // Retrieve the user, either from the session (less expensive, as it is
221 // already there), or from the in-path (user, token) pair.
222 if (S::logged() && Platal::session()->checkAuth($this->actualAuth)) {
223 $user = S::user();
224 } else {
225 $user = Platal::session()->tokenAuth(@$args[1], @$args[2]);
226 }
227
228 // Check the permissions, unless the handler is fully public.
229 if ($this->actualAuth > AUTH_PUBLIC) {
230 if (is_null($user) || !$user->checkPerms($this->perms)) {
231 return PL_FORBIDDEN;
232 }
233 }
234
235 // Replace the first three remaining elements of the path with the
236 // PlPage and PlUser objects.
237 array_shift($args);
238 $args[0] = $page;
239 $args[1] = $user;
240 return call_user_func_array($this->callback, $args);
241 }
242 }
243
244 /** A specialized plat/al hook for serving wiki pages.
245 */
246 class PlWikiHook extends PlHook
247 {
248 public function __construct($auth = AUTH_PUBLIC, $perms = 'user', $type = DO_AUTH)
249 {
250 parent::__construct($auth, $perms, $type);
251 }
252
253 protected function run(PlPage $page, array $args)
254 {
255 return PL_WIKI;
256 }
257 }
258
259 class PlHookTree
260 {
261 public $hook = null;
262 public $aliased = null;
263 public $children = array();
264
265 public function addChildren(array $hooks)
266 {
267 global $platal;
268 foreach ($hooks as $path=>$hook) {
269 $path = explode('/', $path);
270 $element = $this;
271 foreach ($path as $next) {
272 $alias = null;
273 if ($next{0} == '%') {
274 $alias = $next;
275 $next = $platal->hook_map(substr($next, 1));
276 }
277 if (!isset($element->children[$next])) {
278 $child = new PlHookTree();
279 $child->aliased = $alias;
280 $element->children[$next] = $child;
281 } else {
282 $child = $element->children[$next];
283 }
284 $element = $child;
285 }
286 $element->hook = $hook;
287 }
288 }
289
290 public function findChild(array $path)
291 {
292 $remain = $path;
293 $matched = array();
294 $aliased = array();
295 $element = $this;
296 while (true)
297 {
298 $next = @$remain[0];
299 if ($element->aliased) {
300 $aliased = $matched;
301 }
302 if (empty($next) || !isset($element->children[$next])) {
303 break;
304 }
305 $element = $element->children[$next];
306 array_shift($remain);
307 $matched[] = $next;
308 }
309 return array($element->hook, $matched, $remain, $aliased);
310 }
311
312 private function findNearestChildAux(array $remain, array $matched, array $aliased)
313 {
314 $next = @$remain[0];
315 if ($this->aliased) {
316 $aliased = $matched;
317 }
318 if (!empty($next)) {
319 $child = @$this->children[$next];
320 if (!$child) {
321 $nearest_lev = 50;
322 $nearest_sdx = 50;
323 $match = null;
324 foreach ($this->children as $path=>$hook) {
325 $lev = levenshtein($next, $path);
326 if ($lev <= $nearest_lev
327 && ($lev < strlen($next) / 2 || strpos($next, $path) !== false
328 || strpos($path, $next) !== false)) {
329 $sdx = levenshtein(soundex($next), soundex($path));
330 if ($lev == $nearest_lev || $sdx < $nearest_sdx) {
331 $child = $hook;
332 $nearest_lev = $lev;
333 $nearest_sdx = $sdx;
334 $match = $path;
335 }
336 }
337 }
338 $next = $match;
339 }
340 if ($child) {
341 array_shift($remain);
342 $matched[] = $next;
343 return $child->findNearestChildAux($remain, $matched, $aliased);
344 }
345 if (($pos = strpos($next, '.php')) !== false) {
346 $remain[0] = substr($next, 0, $pos);
347 return $this->findNearestChildAux($remain, $matched, $aliased);
348 }
349 }
350 return array($this->hook, $matched, $remain, $aliased);
351 }
352
353 public function findNearestChild(array $path)
354 {
355 return $this->findNearestChildAux($path, array(), array());
356 }
357 }
358
359 abstract class Platal
360 {
361 private $mods;
362 private $hooks;
363
364 protected $https;
365
366 public $ns;
367 public $path;
368 public $argv = array();
369
370 static private $_page = null;
371
372 public function __construct()
373 {
374 global $platal, $session, $globals;
375 $platal = $this;
376
377 /* Assign globals first, then call init: init must be used for operations
378 * that requires access to the content of $globals (e.g. XDB requires
379 * $globals to be assigned.
380 */
381 $globals = $this->buildGlobals();
382 $globals->init();
383
384 /* Get the current session: assign first, then activate the session.
385 */
386 $session = $this->buildSession();
387 if (!$session->startAvailableAuth()) {
388 Platal::page()->trigError("Données d'authentification invalides.");
389 }
390
391 $modules = func_get_args();
392 if (isset($modules[0]) && is_array($modules[0])) {
393 $modules = $modules[0];
394 }
395 $this->path = trim(Get::_get('n', null), '/');
396
397 $this->mods = array();
398 $this->hooks = new PlHookTree();
399
400 array_unshift($modules, 'core');
401 foreach ($modules as $module) {
402 $module = strtolower($module);
403 $this->mods[$module] = $m = PLModule::factory($module);
404 $this->hooks->addChildren($m->handlers());
405 }
406
407 if ($globals->mode == '') {
408 pl_redirect('index.html');
409 }
410 }
411
412 public function pl_self($n = null)
413 {
414 if (is_null($n))
415 return $this->path;
416
417 if ($n >= 0)
418 return join('/', array_slice($this->argv, 0, $n + 1));
419
420 if ($n <= -count($this->argv))
421 return $this->argv[0];
422
423 return join('/', array_slice($this->argv, 0, $n));
424 }
425
426 public static function wiki_hook($auth = AUTH_PUBLIC, $perms = 'user', $type = DO_AUTH)
427 {
428 return new PlWikiHook($auth, $perms, $type);
429 }
430
431 public function hook_map($name)
432 {
433 return null;
434 }
435
436 protected function find_hook()
437 {
438 $p = explode('/', $this->path);
439 list($hook, $matched, $remain, $aliased) = $this->hooks->findChild($p);
440 if (empty($hook)) {
441 return null;
442 }
443 $this->argv = $remain;
444 array_unshift($this->argv, implode('/', $matched));
445 if (!empty($aliased)) {
446 $this->ns = implode('/', $aliased) . '/';
447 }
448 $this->https = !$hook->hasType(NO_HTTPS);
449 return $hook;
450 }
451
452 public function near_hook()
453 {
454 $p = explode('/', $this->path);
455 list($hook, $matched, $remain, $aliased) = $this->hooks->findNearestChild($p);
456 if (empty($hook)) {
457 return null;
458 }
459 $url = implode('/', $matched);
460 if (!empty($remain)) {
461 $url .= '/' . implode('/', $remain);
462 }
463 if ($url == $this->path || levenshtein($url, $this->path) > strlen($url) / 3
464 || !$hook->checkPerms()) {
465 return null;
466 }
467 return $url;
468 }
469
470 private function call_hook(PlPage $page)
471 {
472 $hook = $this->find_hook();
473 if (empty($hook)) {
474 return PL_NOT_FOUND;
475 }
476 global $globals, $session;
477 if ($this->https && !@$_SERVER['HTTPS'] && $globals->core->secure_domain) {
478 http_redirect('https://' . $globals->core->secure_domain . $_SERVER['REQUEST_URI']);
479 }
480
481 return $hook->call($page, $this->argv);
482 }
483
484 /** Show the authentication form.
485 */
486 abstract public function force_login(PlPage $page);
487
488 public function run()
489 {
490 $page =& self::page();
491
492 if (empty($this->path)) {
493 $this->path = 'index';
494 }
495
496 try {
497 $page->assign('platal', $this);
498 $res = $this->call_hook($page);
499 switch ($res) {
500 case PL_BAD_REQUEST:
501 $this->mods['core']->handler_400($page);
502 break;
503
504 case PL_FORBIDDEN:
505 $this->mods['core']->handler_403($page);
506 break;
507
508 case PL_NOT_FOUND:
509 $this->mods['core']->handler_404($page);
510 break;
511
512 case PL_WIKI:
513 return PL_WIKI;
514 }
515 } catch (Exception $e) {
516 header($_SERVER['SERVER_PROTOCOL'] . ' 500 Internal Server Error');
517 PlErrorReport::report($e);
518 if (self::globals()->debug) {
519 $page->kill(pl_entities($e->getMessage())
520 . '<pre>' . pl_entities("" . $e) . '</pre>');
521 } else {
522 $page->kill(pl_entities($e->getMessage()));
523 }
524 }
525
526 $page->assign('platal', $this);
527 if ($res == PL_JSON) {
528 $page->runJSon();
529 } else {
530 $page->run();
531 }
532 }
533
534 public function error403()
535 {
536 $page =& self::page();
537
538 $this->mods['core']->handler_403($page);
539 $page->assign('platal', $this);
540 $page->run();
541 }
542
543 public function error404()
544 {
545 $page =& self::page();
546
547 $this->mods['core']->handler_404($page);
548 $page->assign('platal', $this);
549 $page->run();
550 }
551
552 public static function notAllowed()
553 {
554 if (S::admin()) {
555 self::page()->trigWarning('Tu accèdes à cette page car tu es administrateur du site.');
556 return false;
557 } else {
558 return true;
559 }
560 }
561
562 public static function load($modname, $include = null)
563 {
564 global $platal;
565 $modname = strtolower($modname);
566 if (isset($platal->mods[$modname])) {
567 if (is_null($include)) {
568 return;
569 }
570 $platal->mods[$modname]->load($include);
571 } else {
572 if (is_null($include)) {
573 require_once PLModule::path($modname) . '.php';
574 } else {
575 require_once PLModule::path($modname) . '/' . $include;
576 }
577 }
578 }
579
580 public static function assert($cond, $error, $userfriendly = null)
581 {
582 if ($cond === false) {
583 if ($userfriendly == null) {
584 $userfriendly = "Une erreur interne s'est produite.
585 Merci de réessayer la manipulation qui a déclenché l'erreur ;
586 si cela ne fonctionne toujours pas, merci de nous signaler le problème rencontré.";
587 }
588 throw new PlException($userfriendly, $error);
589 }
590 }
591
592 public function &buildLogger($uid, $suid = 0)
593 {
594 if (defined('PL_LOGGER_CLASS')) {
595 $class = PL_LOGGER_CLASS;
596 $logger = new $class($uid, $suid);
597 return $logger;
598 } else {
599 return PlLogger::dummy($uid, $suid);
600 }
601 }
602
603 protected function &buildPage()
604 {
605 $pageclass = PL_PAGE_CLASS;
606 $page = new $pageclass();
607 return $page;
608 }
609
610 static public function &page()
611 {
612 if (is_null(self::$_page)) {
613 global $platal;
614 self::$_page = $platal->buildPage();
615 }
616 return self::$_page;
617 }
618
619 protected function &buildSession()
620 {
621 $sessionclass = PL_SESSION_CLASS;
622 $session = new $sessionclass();
623 return $session;
624 }
625
626 static public function &session()
627 {
628 global $session;
629 return $session;
630 }
631
632 protected function &buildGlobals()
633 {
634 $globalclass = PL_GLOBALS_CLASS;
635 $globals = new $globalclass();
636 return $globals;
637 }
638
639 static public function &globals()
640 {
641 global $globals;
642 return $globals;
643 }
644 }
645
646 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
647 ?>
plat/al