本文整理汇总了PHP中SecurityUtil::generateCsrfToken方法的典型用法代码示例。如果您正苦于以下问题:PHP SecurityUtil::generateCsrfToken方法的具体用法?PHP SecurityUtil::generateCsrfToken怎么用?PHP SecurityUtil::generateCsrfToken使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类SecurityUtil
的用法示例。
在下文中一共展示了SecurityUtil::generateCsrfToken方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: __construct
/**
* Constructor.
*
* @param mixed $message Response status/error message, may be string or array.
* @param mixed $payload Payload.
*/
public function __construct($message, $payload = null)
{
$this->messages = (array) $message;
$this->payload = $payload;
if ($this->newCsrfToken) {
$this->authid = SecurityUtil::generateAuthKey(ModUtil::getName());
$this->csrfToken = SecurityUtil::generateCsrfToken();
}
}
示例2: __construct
/**
* Constructor.
*
* @param mixed $message Response status/error message, may be string or array.
* @param mixed $payload Payload.
*/
public function __construct($message, $payload = null)
{
$this->messages = (array) $message;
$this->payload = $payload;
if ($this->newCsrfToken) {
$this->csrfToken = \SecurityUtil::generateCsrfToken();
}
parent::__construct('', $this->statusCode);
}
示例3: __construct
/**
* Constructor.
*
* @param mixed $payload Application data.
* @param mixed $message Response status/error message, may be string or array.
* @param array $options Options.
*/
public function __construct($payload, $message = null, array $options = array())
{
$this->payload = $payload;
$this->messages = (array) $message;
$this->options = $options;
if ($this->newCsrfToken) {
if (System::isLegacyMode()) {
$this->authid = SecurityUtil::generateAuthKey(ModUtil::getName());
}
$this->csrfToken = SecurityUtil::generateCsrfToken();
}
}
示例4: __construct
/**
* Constructor.
*
* @param mixed $payload Application data.
* @param mixed $message Response status/error message, may be string or array.
* @param array $options Options.
*/
public function __construct($payload, $message = null, array $options = array())
{
$this->payload = $payload;
$this->messages = (array) $message;
$this->options = $options;
if ($this->newCsrfToken) {
$this->csrfToken = \SecurityUtil::generateCsrfToken();
}
if (\System::isLegacyMode()) {
$this->authid = \SecurityUtil::generateAuthKey(\ModUtil::getName());
}
parent::__construct('', $this->statusCode);
}
示例5: main
/**
* Show the manage module site
* @author: Sara Arjona Téllez (sarjona@xtec.cat)
* @return The configuration information
*/
public function main() {
// Security check
if (!SecurityUtil::checkPermission('IWqv::', "::", ACCESS_ADMIN)) {
throw new Zikula_Exception_Forbidden();
}
// Get module vars
$skins = ModUtil::getVar('IWqv', 'skins');
$langs = ModUtil::getVar('IWqv', 'langs');
$maxdelivers = ModUtil::getVar('IWqv', 'maxdelivers');
$basedisturl = ModUtil::getVar('IWqv', 'basedisturl');
return $this->view->assign('security', SecurityUtil::generateCsrfToken())
->assign('skins', $skins)
->assign('langs', $langs)
->assign('maxdelivers', $maxdelivers)
->assign('basedisturl', $basedisturl)
->fetch('IWqv_admin_conf.htm');
}
示例6: smarty_function_userlogin
/**
* Zikula_View function to display the login box
*
* Example
* {userlogin size=14 maxlength=25 maxlengthpass=20}
*
* Parameters:
* size Size of text boxes (default=14)
* maxlength Maximum length of text box for unamees (default=25)
* maxlengthpass Maximum length of text box for password (default=20)
* class Name of class assigned to the login form
* value The default value of the username input box
* js Use javascript to automatically clear the default value (defaults to true)
*
* @param array $params All attributes passed to this function from the template.
* @param Zikula_View $view Reference to the Zikula_View object.
*
* @see function.userlogin.php::smarty_function_userlogin()
*
* @return string The welcome message.
*/
function smarty_function_userlogin($params, Zikula_View $view)
{
$assign = isset($params['assign']) ? $params['assign'] : false;
if (!UserUtil::isLoggedIn()) {
// set some defaults
$size = isset($params['size']) ? $params['size'] : 14;
$maxlength = isset($params['maxlength']) ? $params['maxlength'] : 25;
$maxlengthpass = isset($params['maxlenthpass']) ? $params['maxlenthpass'] : 20;
$class = isset($params['class']) ? ' class="' . $params['class'] . '"' : '';
if (ModUtil::getVar(Users_Constant::MODNAME, Users_Constant::MODVAR_LOGIN_METHOD, Users_Constant::LOGIN_METHOD_UNAME) == Users_Constant::LOGIN_METHOD_EMAIL) {
$value = isset($params['value']) ? DataUtil::formatForDisplay($params['value']) : __('E-mail address');
$userNameLabel = __('E-mail address');
$methodName = 'email';
} else {
$value = isset($params['value']) ? DataUtil::formatForDisplay($params['value']) : __('User name');
$userNameLabel = __('User name');
$methodName = 'uname';
}
if (!isset($params['js']) || $params['js']) {
$js = ' onblur="if (this.value==\'\')this.value=\'' . $value . '\';" onfocus="if (this.value==\'' . $value . '\')this.value=\'\';"';
} else {
$js = '';
}
// determine the current url so we can return the user to the correct place after login
$returnurl = System::getCurrentUri();
$csrftoken = SecurityUtil::generateCsrfToken();
$loginbox = '<form' . $class . ' style="display:inline" action="' . DataUtil::formatForDisplay(ModUtil::url('Users', 'user', 'login')) . '" method="post"><div>' . "\n" . '<input type="hidden" name="csrftoken" value="' . $csrftoken . '" />' . "\n" . '<input type="hidden" name="authentication_method[modname]" value="Users" />' . "\n" . '<input type="hidden" name="authentication_method[method]" value="' . $methodName . '" />' . "\n" . '<label for="userlogin_plugin_uname">' . $userNameLabel . '</label> ' . "\n" . '<input type="text" name="authentication_info[login_id]" id="userlogin_plugin_uname" size="' . $size . '" maxlength="' . $maxlength . '" value="' . $value . '"' . $js . ' />' . "\n" . '<label for="userlogin_plugin_pass">' . __('Password') . '</label> ' . "\n" . '<input type="password" name="authentication_info[pass]" id="userlogin_plugin_pass" size="' . $size . '" maxlength="' . $maxlengthpass . '" />' . "\n";
if (System::getVar('seclevel') != 'high') {
$loginbox .= '<input type="checkbox" value="1" name="rememberme" id="userlogin_plugin_rememberme" />' . "\n" . '<label for="userlogin_plugin_rememberme">' . __('Remember me') . '</label> ' . "\n";
}
$loginbox .= '<input type="hidden" name="returnurl" value="' . DataUtil::formatForDisplay($returnurl) . '" />' . "\n" . '<input type="submit" value="' . __('Log in') . '" />' . "\n" . '</div></form>' . "\n";
} else {
$loginbox = '';
}
if ($assign) {
$view->assign($assign, $loginbox);
} else {
return $loginbox;
}
}
示例7: smarty_insert_csrftoken
/**
* Insert a CSRF protection nonce.
*
* Available parameters:
* - assign: Assign rather the output.
*
* Example:
* <input type="hidden" name="csrftoken" value="{insert name='csrftoken'}" />
*
* @param array $params All attributes passed to this function from the template.
* @param Zikula_View $view Reference to the Zikula_View object.
*
* @return string
*/
function smarty_insert_csrftoken($params, $view)
{
// NOTE: assign parameter is handled by the smarty_core_run_insert_handler(...) function in lib/vendor/Smarty/internals/core.run_insert_handler.php
return SecurityUtil::generateCsrfToken($view->getContainer());
}
示例8: loginUsing
/**
* Authenticate a user's credentials against an authentication module, logging him into the Zikula system.
*
* If the user is already logged in, then this function should behave as if {@link authenticateUserUsing()} was called.
*
* This function is used to check that a user is who he says he is, and that he has a valid user account with the
* Zikula system. If so, the user is logged in to the Zikula system (if he is not already logged in). This function
* should be used only to log a user into the Zikula system.
*
* This function differs from {@link checkPasswordUsing()} in that it attempts to look up a Zikula account
* record for the user, and takes the user's account status into account when returning a value. Additionally,
* the user is logged into the Zikula system if his credentials are verified with the authentication module specified.
*
* This function differs from {@link authenticateUserUsing()} in that it attempts to log the user into the Zikula system,
* if he is not already logged in. If he is already logged in, then it should behave similarly to authenticateUserUsing().
*
* ATTENTION: The authentication module function(s) called during this process may redirect the user to an external server
* to perform authorization and/or authentication. The function calling loginUsing must already have anticipated
* the reentrant nature of this process, must already have saved pertinent user state, must have supplied a
* reentrant URL pointing to a function that will handle reentry into the login process silently, and must clear
* any save user state immediately following the return of this function.
*
* @param array $authenticationMethod Auth module name.
* @param array $authenticationInfo Auth info array.
* @param boolean $rememberMe Whether or not to remember login.
* @param string $reentrantURL If the authentication module needs to redirect to an external authentication server (e.g., OpenID), then
* this is the URL to return to in order to re-enter the log-in process. The pertinent user
* state must have already been saved by the function calling loginUsing(), and the URL must
* point to a Zikula_AbstractController function that is equipped to detect reentry, restore the
* saved user state, and get the user back to the point where loginUsing is re-executed. This
* is only optional if the authentication module identified by $authenticationMethod reports that it is not
* reentrant (e.g., Users is guaranteed to not be reentrant), or if $checkPassword is false.
* @param boolean $checkPassword Whether or not to check the password.
* @param boolean $preauthenticatedUser Whether ot not is a preauthenticated user.
*
* @return array|bool The user account record of the user that has logged in successfully, otherwise false
*/
public static function loginUsing(array $authenticationMethod, array $authenticationInfo, $rememberMe = false, $reentrantURL = null, $checkPassword = true, $preauthenticatedUser = null)
{
$userObj = false;
if (self::preAuthenticationValidation($authenticationMethod, $authenticationInfo, $reentrantURL)) {
// Authenticate the loginID and userEnteredPassword against the specified authentication module.
// This should return the uid of the user logging in. Note that there are two routes here, both get a uid.
// We do the authentication check first, before checking any account status information, because if the
// person logging in cannot supply the proper credentials, then we should not show any detailed account status
// to them. Instead they should just get the generic "no such user found or bad password" message.
if ($checkPassword) {
$authenticatedUid = self::internalAuthenticateUserUsing($authenticationMethod, $authenticationInfo, $reentrantURL, true);
} elseif (isset($preauthenticatedUser)) {
if (is_numeric($preauthenticatedUser)) {
$authenticatedUid = $preauthenticatedUser;
} elseif (is_array($preauthenticatedUser)) {
$authenticatedUid = $preauthenticatedUser['uid'];
$userObj = $preauthenticatedUser;
} else {
throw new Zikula_Exception_Fatal();
}
} else {
$authArgs = array('authentication_info' => $authenticationInfo, 'authentication_method' => $authenticationMethod);
$authenticatedUid = ModUtil::apiFunc($authenticationMethod['modname'], 'Authentication', 'getUidForAuththenticationInfo', $authArgs, 'Zikula_Api_AbstractAuthentication');
}
$session = ServiceUtil::get('request')->getSession();
$userObj = self::internalUserAccountValidation($authenticatedUid, true, isset($userObj) ? $userObj : null);
if ($userObj && is_array($userObj)) {
// BEGIN ACTUAL LOGIN
// Made it through all the checks. We can actually log in now.
// Give any interested module one last chance to prevent the login from happening.
$eventArgs = array('authentication_method' => $authenticationMethod, 'uid' => $userObj['uid']);
$event = new GenericEvent($userObj, $eventArgs);
$event = EventUtil::dispatch('user.login.veto', $event);
if ($event->isPropagationStopped()) {
// The login attempt has been vetoed by one or more modules.
$eventData = $event->getData();
if (isset($eventData['retry']) && $eventData['retry']) {
$sessionVarName = 'Users_Controller_User_login';
$sessionNamespace = 'Zikula_Users';
$redirectURL = ModUtil::url('Users', 'user', 'login', array('csrftoken' => SecurityUtil::generateCsrfToken()));
} elseif (isset($eventData['redirect_func'])) {
if (isset($eventData['redirect_func']['session'])) {
$sessionVarName = $eventData['redirect_func']['session']['var'];
$sessionNamespace = isset($eventData['redirect_func']['session']['namespace']) ? $eventData['redirect_func']['session']['namespace'] : '';
}
$redirectURL = ModUtil::url($eventData['redirect_func']['modname'], $eventData['redirect_func']['type'], $eventData['redirect_func']['func'], $eventData['redirect_func']['args']);
}
if (isset($redirectURL)) {
if (isset($sessionVarName)) {
SessionUtil::requireSession();
$sessionVars = $session->get('users/Users_User_Controller_login', array());
$sessionVars = array('returnpage' => isset($sessionVars['returnpage']) ? $sessionVars['returnpage'] : '', 'authentication_info' => $authenticationInfo, 'authentication_method' => $authenticationMethod, 'rememberme' => $rememberMe, 'user_obj' => $userObj);
$session->set("{$sessionNamespace}/{$sessionVarName}", $sessionVars);
}
$userObj = false;
throw new Zikula_Exception_Redirect($redirectURL);
} else {
throw new Zikula_Exception_Forbidden();
}
} else {
// The login has not been vetoed
// This is what really does the Zikula login
self::setUserByUid($userObj['uid'], $rememberMe, $authenticationMethod);
//.........这里部分代码省略.........
示例9: modifyconfig
/**
* Modify Theme settings.
*/
public function modifyconfig()
{
// Security check
if (!SecurityUtil::checkPermission('Theme::', '::', ACCESS_EDIT)) {
return LogUtil::registerPermissionError();
}
// assign a list of modules suitable for html_options
$usermods = ModUtil::getUserMods();
$mods = array();
foreach ($usermods as $usermod) {
$mods[$usermod['name']] = $usermod['displayname'];
}
// register the renderer object allow access to various view values
$this->view->register_object('render', $this->view);
// check for a .htaccess file
if (file_exists('.htaccess')) {
$this->view->assign('htaccess', 1);
} else {
$this->view->assign('htaccess', 0);
}
// assign the output variables and fetch the template
return $this->view->assign('mods', $mods)
// assign all module vars
->assign($this->getVars())
// assign an csrftoken for the clear cache/compile links
->assign('csrftoken', SecurityUtil::generateCsrfToken($this->serviceManager, true))
// assign the core config var
->assign('theme_change', System::getVar('theme_change'))
// extracted list of non-cached mods
->assign('modulesnocache', array_flip(explode(',', $this->getVar('modulesnocache'))))
->fetch('theme_admin_modifyconfig.tpl');
}
示例10: view
/**
* View all blocks.
*
* @return string HTML output string.
*/
public function view()
{
// Security check
if (!SecurityUtil::checkPermission('Blocks::', '::', ACCESS_EDIT)) {
return LogUtil::registerPermissionError();
}
$sfilter = SessionUtil::getVar('filter', array(), '/Blocks');
$filter = FormUtil::getPassedValue('filter', $sfilter);
$clear = FormUtil::getPassedValue('clear', 0);
if ($clear) {
$filter = array();
SessionUtil::setVar('filter', $filter, '/Blocks');
}
// sort and sortdir GET parameters override filter values
$sort = isset($filter['sort']) && !empty($filter['sort']) ? strtolower($filter['sort']) : 'bid';
$sortdir = isset($filter['sortdir']) && !empty($filter['sortdir']) ? strtoupper($filter['sortdir']) : 'ASC';
$filter['sort'] = FormUtil::getPassedValue('sort', $sort, 'GET');
$filter['sortdir'] = FormUtil::getPassedValue('sortdir', $sortdir, 'GET');
if ($filter['sortdir'] != 'ASC' && $filter['sortdir'] != 'DESC') {
$filter['sortdir'] = 'ASC';
}
$filter['blockposition_id'] = isset($filter['blockposition_id']) ? $filter['blockposition_id'] : 0;
$filter['modid'] = isset($filter['modid']) ? $filter['modid'] : 0;
$filter['language'] = isset($filter['language']) ? $filter['language'] : '';
$filter['active_status'] = isset($filter['active_status']) ? $filter['active_status'] : 0;
// generate an authorisation key for the links
$token = SecurityUtil::generateCsrfToken($this->serviceManager, true);
// set some default variables
$rownum = 1;
$lastpos = '';
// Get all blocks
$blocks = ModUtil::apiFunc('Blocks', 'user', 'getall', $filter);
// we can easily count the number of blocks using count() rather than
// calling the api function
$numrows = count($blocks);
// create an empty arrow to hold the processed items
$blockitems = array();
// get all possible block positions
$blockspositions = ModUtil::apiFunc('Blocks', 'user', 'getallpositions');
// build assoc array for easier usage later on
foreach ($blockspositions as $blocksposition) {
$allbposarray[$blocksposition['pid']] = $blocksposition['name'];
}
// loop round each item calculating the additional information
$blocksitems = array();
foreach ($blocks as $key => $block) {
// set the module that holds the block
$modinfo = ModUtil::getInfo($block['mid']);
$block['modname'] = $modinfo['displayname'];
// set the blocks language
if (empty($block['language'])) {
$block['language'] = $this->__('All');
} else {
$block['language'] = ZLanguage::getLanguageName($block['language']);
}
$thisblockspositions = ModUtil::apiFunc('Blocks', 'user', 'getallblockspositions', array('bid' => $block['bid']));
$bposarray = array();
foreach ($thisblockspositions as $singleblockposition) {
$bposarray[] = $allbposarray[$singleblockposition['pid']];
}
$block['positions'] = implode(', ', $bposarray);
unset($bposarray);
// calculate what options the user has over this block
$block['options'] = array();
if ($block['active']) {
$block['options'][] = array('url' => ModUtil::url('Blocks', 'admin', 'deactivate', array('bid' => $block['bid'], 'csrftoken' => $token)), 'image' => 'folder_grey.png', 'title' => $this->__f('Deactivate \'%s\'', $block['title']), 'noscript' => true);
} else {
$block['options'][] = array('url' => ModUtil::url('Blocks', 'admin', 'activate', array('bid' => $block['bid'], 'csrftoken' => $token)), 'image' => 'folder_green.png', 'title' => $this->__f('Activate \'%s\'', $block['title']), 'noscript' => true);
}
$block['options'][] = array('url' => ModUtil::url('Blocks', 'admin', 'modify', array('bid' => $block['bid'])), 'image' => 'xedit.png', 'title' => $this->__f('Edit \'%s\'', $block['title']), 'noscript' => false);
$block['options'][] = array('url' => ModUtil::url('Blocks', 'admin', 'delete', array('bid' => $block['bid'])), 'image' => '14_layer_deletelayer.png', 'title' => $this->__f('Delete \'%s\'', $block['title']), 'noscript' => false);
$blocksitems[] = $block;
}
$this->view->assign('blocks', $blocksitems);
// get the block positions
$items = ModUtil::apiFunc('Blocks', 'user', 'getallpositions');
// Loop through each returned item adding in the options that the user has over the item
foreach ($items as $key => $item) {
if (SecurityUtil::checkPermission('Blocks::', "{$item['name']}::", ACCESS_READ)) {
$options = array();
if (SecurityUtil::checkPermission('Blocks::', "{$item['name']}::\$", ACCESS_EDIT)) {
$options[] = array('url' => ModUtil::url('Blocks', 'admin', 'modifyposition', array('pid' => $item['pid'])), 'image' => 'xedit.png', 'title' => $this->__f('Edit blockposition \'%s\'', $item['name']));
if (SecurityUtil::checkPermission('Blocks::', "{$item['name']}::", ACCESS_DELETE)) {
$options[] = array('url' => ModUtil::url('Blocks', 'admin', 'deleteposition', array('pid' => $item['pid'])), 'image' => '14_layer_deletelayer.png', 'title' => $this->__f('Delete blockposition \'%s\'', $item['name']));
}
}
// Add the calculated menu options to the item array
$items[$key]['options'] = $options;
}
}
// Assign the items to the template
ksort($items);
$this->view->assign('positions', $items);
$this->view->assign('filter', $filter)->assign('sort', $filter['sort'])->assign('sortdir', $filter['sortdir']);
// Return the output that has been generated by this function
//.........这里部分代码省略.........
示例11: view
/**
* view permissions
* @return string HTML string
*/
public function view()
{
// Security check
if (!SecurityUtil::checkPermission('Permissions::', '::', ACCESS_ADMIN)) {
return LogUtil::registerPermissionError();
}
// Get parameters from whatever input we need.
$permgrp = FormUtil::getPassedValue('permgrp', -1, 'REQUEST');
$testuser = FormUtil::getPassedValue('test_user', null, 'POST');
$testcomponent = FormUtil::getPassedValue('test_component', null, 'POST');
$testinstance = FormUtil::getPassedValue('test_instance', null, 'POST');
$testlevel = FormUtil::getPassedValue('test_level', null, 'POST');
$testresult = '';
if (!empty($testuser) &&
!empty($testcomponent) &&
!empty($testinstance)
) {
// we have everything we need for an effective permission check
$testuid = UserUtil::getIdFromName($testuser);
if ($testuid <> false) {
if (SecurityUtil::checkPermission($testcomponent, $testinstance, $testlevel, $testuid)) {
$testresult = '<span id="permissiontestinfogreen">' . $this->__('permission granted.') . '</span>';
} else {
$testresult = '<span id="permissiontestinfored">' . $this->__('permission not granted.') . '</span>';
}
} else {
$testresult = '<span id="permissiontestinfored">' . $this->__('unknown user.') . '</span>';
}
}
$this->view->assign('testuser', $testuser)
->assign('testcomponent', $testcomponent)
->assign('testinstance', $testinstance)
->assign('testlevel', $testlevel)
->assign('testresult', $testresult);
// decide the default view
$enableFilter = $this->getVar('filter', 1);
$rowview = $this->getVar('rowview', 25);
// Work out which tables to operate against, and
// various other bits and pieces
$dbtable = DBUtil::getTables();
$permcolumn = $dbtable['group_perms_column'];
$ids = $this->getGroupsInfo();
$where = '';
if ($enableFilter == 1) {
$permgrpparts = explode('+', $permgrp);
if ($permgrpparts[0] == 'g') {
if (is_array($permgrpparts) && $permgrpparts[1] != SecurityUtil::PERMS_ALL) {
$where = "WHERE (" . $permcolumn['gid'] . "='" . SecurityUtil::PERMS_ALL . "' OR " . $permcolumn['gid'] . "='" . DataUtil::formatForStore($permgrpparts[1]) . "')";
$permgrp = $permgrpparts[1];
$this->view->assign('filtertype', 'group');
} else {
$permgrp = SecurityUtil::PERMS_ALL;
$where = '';
}
} elseif ($permgrpparts[0] == 'c') {
if (is_array($permgrpparts) && $permgrpparts[1] != SecurityUtil::PERMS_ALL) {
$where = "WHERE (" . $permcolumn['component'] . "='.*' OR " . $permcolumn['component'] . " LIKE '" . DataUtil::formatForStore($permgrpparts[1]) . "%')";
$permgrp = $permgrpparts[1];
$this->view->assign('filtertype', 'component');
} else {
$permgrp = SecurityUtil::PERMS_ALL;
$where = '';
}
} else {
$this->view->assign('filtertype', '');
}
$this->view->assign('permgrps', $ids);
$this->view->assign('permgrp', $permgrp);
$this->view->assign('enablefilter', true);
} else {
$this->view->assign('enablefilter', false);
$this->view->assign('filtertype', '');
$this->view->assign('permgrp', SecurityUtil::PERMS_ALL);
}
$accesslevels = SecurityUtil::accesslevelnames();
$orderBy = "ORDER BY $permcolumn[sequence]";
$objArray = DBUtil::selectObjectArray('group_perms', $where, $orderBy, -1, -1, false);
$numrows = DBUtil::_getFetchedObjectCount();
$permissions = array();
$components = array(-1 => $this->__('All components'));
if ($numrows > 0) {
$csrftoken = SecurityUtil::generateCsrfToken($this->serviceManager, true);
$rownum = 1;
$ak = array_keys($objArray);
foreach ($ak as $v) {
$obj = $objArray[$v];
$id = $obj['gid'];
//.........这里部分代码省略.........
示例12: viewPlugins
/**
* Lists all plugins.
* @return string HTML output string
*/
public function viewPlugins()
{
// Security check
if (!SecurityUtil::checkPermission('Extensions::', '::', ACCESS_ADMIN)) {
return LogUtil::registerPermissionError();
}
$state = FormUtil::getPassedValue('state', -1, 'GETPOST');
$sort = FormUtil::getPassedValue('sort', null, 'GETPOST');
$module = FormUtil::getPassedValue('bymodule', null, 'GETPOST');
$systemplugins = FormUtil::getPassedValue('systemplugins', false, 'GETPOST')? true : null;
$this->view->assign('state', $state);
// generate an auth key to use in urls
$csrfToken = SecurityUtil::generateCsrfToken($this->serviceManager, true);
$plugins = array();
$pluginClasses = ($systemplugins) ? PluginUtil::loadAllSystemPlugins() : PluginUtil::loadAllModulePlugins();
foreach ($pluginClasses as $className) {
$instance = PluginUtil::loadPlugin($className);
$pluginstate = PluginUtil::getState($instance->getServiceId(), PluginUtil::getDefaultState());
// Tweak UI if the plugin is AlwaysOn
if ($instance instanceof Zikula_Plugin_AlwaysOnInterface) {
$pluginstate['state'] = PluginUtil::ENABLED;
$pluginstate['version'] = $instance->getMetaVersion();
}
// state filer
if ($state >= 0 && $pluginstate['state'] != $state) {
continue;
}
// module filter
if (!empty($module) && $instance->getModuleName() != $module) {
continue;
}
$actions = array();
// Translate state
switch ($pluginstate['state']) {
case PluginUtil::NOTINSTALLED:
$status = $this->__('Not installed');
$statusimage = 'redled.png';
$actions[] = array('url' => ModUtil::url('Extensions', 'admin', 'initialisePlugin',
array('plugin' => $className,
'state' => $state,
'bymodule' => $module,
'sort' => $sort,
'systemplugins' => $systemplugins,
'csrftoken' => $csrfToken)
),
'image' => 'folder_new.png',
'title' => $this->__('Install'));
break;
case PluginUtil::ENABLED:
$status = $this->__('Active');
$statusimage = 'greenled.png';
$pluginLink = array();
if (!$systemplugins) {
$pluginLink['_module'] = $instance->getModuleName();
}
$pluginLink['_plugin'] = $instance->getPluginName();
$pluginLink['_action'] = 'configure';
if ($instance instanceof Zikula_Plugin_ConfigurableInterface) {
$actions[] = array('url' => ModUtil::url('Extensions', 'adminplugin', 'dispatch', $pluginLink),
'image' => 'configure.png',
'title' => $this->__('Configure plugin'));
}
// Dont allow to disable/uninstall plugins that are AlwaysOn
if (!$instance instanceof Zikula_Plugin_AlwaysOnInterface) {
$actions[] = array('url' => ModUtil::url('Extensions', 'admin', 'deactivatePlugin',
array('plugin' => $className,
'state' => $state,
'bymodule' => $module,
'sort' => $sort,
'systemplugins' => $systemplugins,
'csrftoken' => $csrfToken)
),
'image' => 'folder_red.png',
'title' => $this->__('Deactivate'));
$actions[] = array('url' => ModUtil::url('Extensions', 'admin', 'removePlugin',
array('plugin' => $className,
'state' => $state,
'bymodule' => $module,
'sort' => $sort,
'systemplugins' => $systemplugins,
'csrftoken' => $csrfToken)
),
'image' => '14_layer_deletelayer.png',
'title' => $this->__('Remove plugin'));
//.........这里部分代码省略.........
示例13: getCsrfTokenHtml
/**
* CSRF protection
*
* @return string HTML input field.
*/
public function getCsrfTokenHtml()
{
$key = SecurityUtil::generateCsrfToken($this->serviceManager);
$html = "<input type=\"hidden\" name=\"csrftoken\" value=\"{$key}\" id=\"FormCsrfToken_{$this->formId}\" />";
return $html;
}
示例14: smarty_function_bt_adminlinks
//.........这里部分代码省略.........
/* Common Utils */
$linkoptions = array(
array(null, __("Edit default theme", $dom), ModUtil::url('Theme', 'admin', 'modify', array('themename' => $theme)))
);
// File handling
if (ModUtil::available('Files')) {
$linkoptions[] = array(null, __('File manager', $dom), ModUtil::url('Files', 'admin', 'main'));
}
// WYSIWYG handling
if (ModUtil::available('Scribite') || ModUtil::available('LuMicuLa')) {
$subopt = array();
if (ModUtil::available('Scribite')) {
$subopt[] = array(null, 'Scribite', ModUtil::url('Scribite', 'admin', 'main'));
}
if (ModUtil::available('LuMicuLa')) {
$subopt[] = array(null, 'LuMicuLa', ModUtil::url('LuMicuLa', 'admin', 'main'));
}
}
if (isset($subopt)) {
$linkoptions[] = array(null, __('WYSIWYG editors', $dom), '#', $subopt);
}
// Thumbnails handling
if (ModUtil::available('Thumbnail')) {
$linkoptions[] = array(null, __('Thumbnails', $dom), ModUtil::url('Thumbnail', 'admin', 'main'));
}
$menu[] = array('utils', __('Utils', $dom), '#', $linkoptions);
/* Common Routines links */
$token = SecurityUtil::generateCsrfToken(null, true);
$linkoptions = array(
array(null, __('Template engine', $dom), ModUtil::url('Theme', 'admin', 'modifyconfig', array(), null, 'render_compile_dir'),
array(
array(null, __('Delete compiled render templates', $dom), ModUtil::url('Theme', 'admin', 'render_clear_compiled', array('csrftoken' => $token))),
array(null, __('Delete cached render templates', $dom), ModUtil::url('Theme', 'admin', 'render_clear_cache', array('csrftoken' => $token)))
)
),
array(null, __('Theme engine', $dom), ModUtil::url('Theme', 'admin', 'modifyconfig'),
array(
array(null, __('Delete compiled theme templates', $dom), ModUtil::url('Theme', 'admin', 'clear_compiled', array('csrftoken' => $token))),
array(null, __('Delete cached theme templates', $dom), ModUtil::url('Theme', 'admin', 'clear_cache', array('csrftoken' => $token)))
)
),
array(null, __('Clear combination cache', $dom), ModUtil::url('Theme', 'admin', 'clear_cssjscombinecache', array('csrftoken' => $token))),
array(null, __('Delete theme configurations', $dom), ModUtil::url('Theme', 'admin', 'clear_config', array('csrftoken' => $token)))
);
if (ModUtil::available('SysInfo')) {
$linkoptions[] = array(null, __('Filesystem check', $dom), ModUtil::url('SysInfo', 'admin', 'filesystem'));
$linkoptions[] = array(null, __('Temporary folder check', $dom), ModUtil::url('SysInfo', 'admin', 'ztemp'));
}
$menu[] = array('routines', __('Routines', $dom), '#', $linkoptions);
}
/* Permission Admin:: | :: | ACCESS_EDIT ends here */
/* Create content menu */
$linkoptions = array();
// Content Modules
if (ModUtil::available('Clip') && SecurityUtil::checkPermission('Clip::', '::', ACCESS_EDIT)) {
$suboptions = array(
示例15: generateCsrfToken
/**
* {@inheritdoc}
*/
public function generateCsrfToken($intention)
{
return \SecurityUtil::generateCsrfToken();
}