1: <?php
  2: /*****************************************************************************************
  3:  * X2Engine Open Source Edition is a customer relationship management program developed by
  4:  * X2Engine, Inc. Copyright (C) 2011-2016 X2Engine Inc.
  5:  * 
  6:  * This program is free software; you can redistribute it and/or modify it under
  7:  * the terms of the GNU Affero General Public License version 3 as published by the
  8:  * Free Software Foundation with the addition of the following permission added
  9:  * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
 10:  * IN WHICH THE COPYRIGHT IS OWNED BY X2ENGINE, X2ENGINE DISCLAIMS THE WARRANTY
 11:  * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
 12:  * 
 13:  * This program is distributed in the hope that it will be useful, but WITHOUT
 14:  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 15:  * FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
 16:  * details.
 17:  * 
 18:  * You should have received a copy of the GNU Affero General Public License along with
 19:  * this program; if not, see http://www.gnu.org/licenses or write to the Free
 20:  * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 21:  * 02110-1301 USA.
 22:  * 
 23:  * You can contact X2Engine, Inc. P.O. Box 66752, Scotts Valley,
 24:  * California 95067, USA. or at email address contact@x2engine.com.
 25:  * 
 26:  * The interactive user interfaces in modified source and object code versions
 27:  * of this program must display Appropriate Legal Notices, as required under
 28:  * Section 5 of the GNU Affero General Public License version 3.
 29:  * 
 30:  * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
 31:  * these Appropriate Legal Notices must retain the display of the "Powered by
 32:  * X2Engine" logo. If the display of the logo is not reasonably feasible for
 33:  * technical reasons, the Appropriate Legal Notices must display the words
 34:  * "Powered by X2Engine".
 35:  *****************************************************************************************/
 36: 
 37: Yii::import ('application.modules.mobile.controllers.MobileController');
 38: 
 39: /**
 40:  * @package application.modules.mobile.components 
 41:  */
 42: class MobileController extends X2Controller {
 43: 
 44:     const APP_VERSION_COOKIE_NAME = 'phoneGapAppVersionNumber';
 45: 
 46:     public $layout = 'application.modules.mobile.views.layouts.main';
 47: 
 48:     /**
 49:      * @var array context menu items. This property will be assigned to {@link CMenu::items}.
 50:      */
 51:     public $menu=array();
 52:     /**
 53:      * @var array the breadcrumbs of the current page. The value of this property will
 54:      * be assigned to {@link CBreadcrumbs::links}. Please refer to {@link CBreadcrumbs::links}
 55:      * for more details on how to specify this property.
 56:      */
 57:     public $breadcrumbs=array();
 58: 
 59:     public $modelClass = 'Admin';
 60: 
 61:     public function behaviors() {
 62:         return array_merge (parent::behaviors (), array(
 63:             'CommonSiteControllerBehavior' => array('class' => 'application.components.CommonSiteControllerBehavior'),
 64:             'CommonControllerBehavior' => array(
 65:                 'class' => 'application.components.CommonControllerBehavior'),
 66:             'X2MobileControllerBehavior' => array(
 67:                 'class' => 
 68:                     'application.modules.mobile.components.behaviors.X2MobileControllerBehavior')
 69:         ));
 70:     }
 71: 
 72:     /**
 73:      * override to allow user loginUrl to be reset for mobile
 74:      * @return void
 75:      */
 76:     public function filterAccessControl($filterChain){
 77:         $user = Yii::app()->getUser();
 78:         if ($user != null)
 79:             $user->loginUrl=$this->createAbsoluteUrl('login');
 80:         parent::filterAccessControl($filterChain);
 81:     }
 82: 
 83:     /**
 84:      * @return array action filters
 85:      */
 86:     public function filters() {
 87:         return array(
 88:             'accessControl', // perform access control for CRUD operations
 89:         );
 90:     }
 91: 
 92:     /**
 93:      * Specifies the access control rules.
 94:      * This method is used by the 'accessControl' filter.
 95:      * @return array access control rules
 96:      */
 97:     public function accessRules() {
 98:         return array(
 99:             array('allow', // allow authenticated user to perform 'create' and 'update' actions
100:                 'actions' => array('chat', 'logout', 'home', 'getMessages', 'newMessage','contact',
101:                 'home2','more','online', 'activity', 'people', 'profile', 'recentItems', 'error',
102:                 'about', 'settings', 'license'),
103:                 'users' => array('@'),
104:             ),
105:             array('allow', // allow admin user to perform 'admin' and 'delete' actions
106:                 'actions' => array('ping', 'index', 'login', 'forgetMe', 'captcha'),
107:                 'users' => array('*'),
108:             ),
109:             array('deny', // deny all users
110:                 'users' => array('*'),
111:             ),
112:         );
113:     }
114: 
115:     public function actions() {
116:         return array_merge (parent::actions (), array(
117:             // captcha action renders the CAPTCHA image displayed on the contact page
118:             'captcha'=>array(
119:                 'class'=>'CCaptchaAction',
120:                 'backColor'=>0xFFFFFF,
121:                 'testLimit'=>1,
122:             ),
123:         ));
124:     }
125: 
126:     public function actionSettings () {
127:         $profile = Yii::app()->params->profile;
128:         if (isset ($_POST['Profile'])) {
129:             $attrs = array_intersect_key (
130:                 $_POST['Profile'],
131:                 array_flip (array ('language'))
132:             );
133:             $profile->setAttributes ($attrs);
134:             if ($profile->save ()) {
135:                 $this->redirect ('settings');
136:             }
137:         }
138:         $this->headerTitle = Yii::t('mobile', 'Settings');
139:         $this->render ('settings', array (
140:             'profile' => $profile,
141:         ));
142:     }
143: 
144:     public function actionLicense () {
145:         $this->headerTitle = Yii::t('mobile', 'License');
146:         $basePath = Yii::getRootPath ();
147:         $filename = implode (DIRECTORY_SEPARATOR, array ($basePath, 'LICENSE.txt'));
148:         $fh = fopen ($filename, 'r');
149:         $license = fread ($fh, filesize ($filename));
150:         $license = preg_replace ('/\n/', '<br>', $license);
151:         fclose ($fh);
152:         $this->render ('license', array (
153:             'license' => $license,
154:         ));
155:     }
156: 
157:     public function actionAbout () {
158:         $this->headerTitle = Yii::t('mobile', 'About');
159:         $viewParams = array ();
160:         if (Yii::app()->params->isPhoneGap) {
161:             if (isset (Yii::app()->request->cookies[self::APP_VERSION_COOKIE_NAME])) {
162:                 $phoneGapAppVersion = Yii::app()->request->cookies[self::APP_VERSION_COOKIE_NAME];
163:                 $viewParams['phoneGapAppVersion'] = $phoneGapAppVersion;
164:             }
165:         } else {
166:         }
167:         $this->render ('about', $viewParams);
168:     }
169: 
170:     /**
171:      * Used by PhoneGap mobile app to validate installation URL and ensure mutual app compatibility
172:      */
173:     public function actionPing ($version) {
174:         // for phonegap testing
175:         //if (YII_DEBUG) header('Access-Control-Allow-Origin: *'); 
176: 
177:         $response = array ();
178:         $requiresVersion = '0.0.2';
179:         if (Yii::app()->edition === 'opensource') {
180:             $response['error'] = 'wrongEdition';
181:             $response['requiresEdition'] = 'pro';
182:         }  
183:         echo CJSON::encode ($response);
184:     }
185: 
186:     public function actionRecentItems () {
187:         $recentItems = MobileRecentItems::getDataProvider (null);
188:         $this->render ('recentItems', array (
189:             'dataProvider' => $recentItems,
190:         ));
191:     }
192: 
193:     /**
194:      * This is the default 'index' action that is invoked
195:      * when an action is not explicitly requested by users.
196:      */
197:     public function actionIndex() {
198:         $user = Yii::app()->user;
199:         if ($user == null || $user->isGuest)
200:             $this->redirect($this->createAbsoluteUrl('login'));
201:         else
202:             $this->redirect ($this->createAbsoluteUrl ('/profile/mobileActivity'));
203:     }
204:     
205: //    /**
206: //     * This is the action to handle external exceptions.
207: //     */
208: //    public function actionError() {
209: //        if ($error = Yii::app()->errorHandler->error) {
210: //            if ($this->isAjaxRequest ()) {
211: //                echo $error['message'];
212: //            else
213: //                $this->render('error', $error);
214: //        }
215: //    }
216: 
217:     /**
218:      * Obtain the IP address of the current web client.
219:      * @return string
220:      */
221:     public function getRealIp() {
222:         foreach(array(
223:             'HTTP_CLIENT_IP',
224:             'HTTP_X_FORWARDED_FOR',
225:             'HTTP_X_FORWARDED',
226:             'HTTP_X_CLUSTER_CLIENT_IP',
227:             'HTTP_FORWARDED_FOR',
228:             'HTTP_FORWARDED',
229:             'REMOTE_ADDR'
230:         ) as $var) {
231:             if(array_key_exists($var,$_SERVER)){
232:                 foreach(explode(',',$_SERVER[$var]) as $ip) {
233:                     $ip = trim($ip);
234:                     if(filter_var($ip,FILTER_VALIDATE_IP,FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false)
235:                         return $ip;
236:                 }
237:             }
238:         }
239:         return false;
240:     }
241: 
242:     /**
243:      * Clears remember me cookies and redirects to login page. 
244:      */
245:     public function actionForgetMe () {
246:         $loginForm = new LoginForm;
247:         foreach(array('username','rememberMe') as $attr) {
248:             // Remove the cookie if they unchecked the box
249:             AuxLib::clearCookie(CHtml::resolveName($loginForm, $attr));
250:         }
251:         $this->redirect($this->createAbsoluteUrl('/mobile/site/login'));
252:     }
253: 
254:     /**
255:      * Displays the login page
256:      */
257:     public function actionLogin() {
258:         if (Yii::app()->user->isInitialized && !Yii::app()->user->isGuest) {
259:             $this->redirect ($this->createAbsoluteUrl ('home'));
260:             return;
261:         }
262: 
263:         // allows client to detect login page redirect
264:         if ($this->isAjaxRequest ()) { 
265:             header ('X2-Requested-Url: '.AuxLib::getRequestUrl ());
266:         }
267: 
268:         $model = new LoginForm;
269:         $model->useCaptcha = false;
270:         if ($this->loginRequiresCaptcha()) {
271:             $model->useCaptcha = true;
272:             $model->setScenario ('loginWithCaptcha');
273:         }
274:         
275:         // if it is ajax validation request
276:         /* this would bypass captcha. commented out to prevent security vulnerability */
277:         /*if (isset($_POST['ajax']) && $_POST['ajax'] === 'login-form') {
278:             echo CActiveForm::validate($model);
279:             Yii::app()->end();
280:         }*/
281:         
282:         // collect user input data
283:         if(isset($_POST['LoginForm'])) {
284:             $this->login ($model, true);
285:         }
286: 
287:         // display the login form
288:         $this->render('login', array('model' => $model));
289:     }
290: 
291:     /**
292:      * Displays the home page
293:      */
294:     public function actionHome() {
295:         // display the home page
296:         $this->redirect ($this->createAbsoluteUrl ('/profile/mobileActivity'));
297:         //$this->redirect ($this->createAbsoluteUrl ('/accounts/mobileCreate'));
298:         //$this->render('dashboard', array());
299:     }
300:     
301:     /**
302:      * Logs out the current user and redirect to homepage.
303:      */
304:     public function actionLogout() {
305:         $user = User::model()->findByPk(Yii::app()->user->getId());
306:         if (isset($user)) {
307:             $user->lastLogin = time();
308:             $user->save();
309: 
310:             if (isset($_SESSION['sessionId'])) {
311:                 SessionLog::logSession($user->username, $_SESSION['sessionId'], 'logout');
312:                 X2Model::model('Session')->deleteByPk($_SESSION['sessionId']);
313:             } else {
314:                 X2Model::model('Session')->deleteAllByAttributes(array('IP' => $this->getRealIp()));
315:             }
316:         }
317:         if (isset($_SESSION['access_token']))
318:             unset($_SESSION['access_token']);
319: 
320:         $this->redirect($this->createAbsoluteUrl('login'));
321:     }
322: 
323:     /**
324:      * Allow special PhoneGap parameters to persist across redirects
325:      */
326:     public function redirect($url,$terminate=true,$statusCode=302) {
327:         $params = array ();
328:         if (isset ($_GET['x2ajax'])) $params['x2ajax'] = $_GET['x2ajax'];
329:         if (isset ($_GET['isMobileApp'])) $params['isMobileApp'] = $_GET['isMobileApp'];
330:           
331:         $url = UrlUtil::mergeParams ($url, $params);
332:         return parent::redirect ($url, $terminate, $statusCode);
333:     }
334: 
335: 
336: 
337: }
338: