dmBridge PHP API
DMCPAdminController.php
00001 <?php
00002 #
00003 # dmBridge: a data access framework for CONTENTdm(R)
00004 #
00005 # Copyright © 2009, 2010, 2011 Board of Regents of the Nevada System of Higher
00006 # Education, on behalf of the University of Nevada, Las Vegas
00007 #
00008 
00013 class DMCPAdminController extends DMAbstractController {
00014 
00018    protected $tpl_vars = array();
00019 
00023    protected function authorize() {
00024       if (!$this->getUser()) {
00025          DMHTTPRequest::redirectToParams("admin/login");
00026          die;
00027       }
00028    }
00029 
00033    public function preFlightCheck() {
00034       // don't want to call authorize() from self::login()
00035       $this->authorize();
00036       $path = DMConfigXML::getInstance()->getFullPath();
00037       if (!file_exists($path)) {
00038          throw new DMIOException(
00039             $path . ". " . DMLocalizedString::getString("CHECK_DATA_ROOT"));
00040       } else if (!is_readable(DMConfigXML::getInstance()->getFullPath())) {
00041          throw new DMIOException(sprintf(
00042                DMLocalizedString::getString("NOT_READABLE"), $path));
00043       } else if (!is_writable(DMConfigXML::getInstance()->getFullPath())) {
00044          throw new DMIOException(sprintf(
00045                DMLocalizedString::getString("NOT_WRITABLE"), $path));
00046       }
00047    }
00048 
00055    public function login() {
00056       $user = $params = null;
00057       $req = $this->getHTTPRequest();
00058       if ($req->getMethod() == DMHTTPMethod::POST) {
00059          try {
00060             $rep = $req->getRepresentation();
00061             $user = new DMUser($rep->getFormValue("username"));
00062             $as = DMAuthenticationServiceFactory::getService();
00063             $result = $as->authenticate(
00064                   $user, $rep->getFormValue("password"));
00065             if ($result) {
00066                $req->getSession()->setUser($user);
00067                $this->logSuccessfulLoginAttempt();
00068                $params = ($rep->getFormValue("dest_params"))
00069                   ? $rep->getFormValue("dest_params") : "admin";
00070                DMHTTPRequest::redirectToParams($params);
00071                $as->sendCookies();
00072                die;
00073             } else {
00074                $this->logFailedLoginAttempt();
00075                // mitigate brute-force attacks
00076                sleep(DMAbstractController::AUTHENTICATION_DELAY);
00077                header("HTTP/1.1 401 Unauthorized");
00078                $req->getSession()->setFlash(
00079                      new DMFlash(
00080                            DMLocalizedString::getString("LOGIN_FAILED"),
00081                            false));
00082             }
00083          } catch (DMException $e) {
00084             $req->getSession()->setFlash(
00085                   new DMFlash($e->getMessage(), false));
00086          }
00087       }
00088 
00089       $this->renderTemplate("/templates/admin/login.html.php");
00090       die;
00091    }
00092 
00100    public function logout() {
00101       $as = DMAuthenticationServiceFactory::getService();
00102       $user = $this->getUser();
00103       if ($user) {
00104          $as->logout($user);
00105          $this->getSession()->setFlash(new DMFlash(
00106                DMLocalizedString::getString("LOGOUT_SUCCESS")));
00107          DMHTTPRequest::redirectToParams("admin/login");
00108       } else {
00109          DMHTTPRequest::redirectToParams("admin/login");
00110       }
00111       die;
00112    }
00113 
00114    private function logFailedLoginAttempt() {
00115       $this->logLoginAttempt(
00116          sprintf(
00117             DMLocalizedString::getString("LOGIN_FAILED_LOG_ENTRY"),
00118             $this->getHTTPRequest()->getRepresentation()->getFormValue("username")));
00119    }
00120 
00121    private function logSuccessfulLoginAttempt() {
00122       $this->logLoginAttempt(
00123          sprintf(
00124             DMLocalizedString::getString("LOGIN_SUCCEEDED_LOG_ENTRY"),
00125             $this->getHTTPRequest()->getRepresentation()->getFormValue("username")));
00126    }
00127 
00128    private function logLoginAttempt($msg) {
00129       $entry = new DMLogEntry($msg, 3);
00130       $logger = new DMLogger();
00131       $logger->log($entry);
00132    }
00133 
00134    public function main() {
00135       $this->preFlightCheck();
00136       $this->renderTemplate("/templates/admin/main.html.php");
00137       die;
00138    }
00139 
00148    protected function renderModuleTemplate($abs_pathname) {
00149       $ts = new DMTemplateSet();
00150       $tpl = new DMTemplate($ts, "");
00151       $tpl->setAbsolutePathname($abs_pathname);
00152       $view = new DMControlPanelView($tpl, $this->getSession());
00153       $view->setTemplateVars($this->tpl_vars);
00154       include_once($abs_pathname);
00155    }
00156 
00167    protected function renderTemplate($pathname) {
00168       $ts = new DMTemplateSet();
00169       $ts->setName("admin");
00170       $tpl = new DMTemplate($ts, $pathname);
00171       $view = new DMControlPanelView($tpl, $this->getSession());
00172       $view->setTemplateVars($this->tpl_vars);
00173       include_once($tpl->getAbsolutePathname());
00174    }
00175 
00176 }
 All Data Structures Functions Variables