* @author Dvir Weininger * @copyright Copyright (c) 2017 ShoomSoft LTD. (http://www.cloudhiro.com) * @version 1.3 - 2018-03-11 * @link http://www.cloudhiro.com/AWSPage.php */ /** * Version 1.0 * replace the exdends class from AZBase to AWSBase (in LightInfra file) and use the SetPage public function * * Version 1.1 * replace php redirect code (header location) with AZInfra redirect code * * Version 1.2 * replace 'logged_in' session value with customer email instead of customer id * * Version 1.3 == 2018/03/09 == DW * if the URL is for specific domains, add a check that the logged domain is allowed */ // March 12, 2018 - Sam Babad - Reverse the order in the if that checks login & the check before the if & add anchor support for login redirect require_once 'CHI/CHIModel.php'; class BasePage extends AWSBase { public function DoGet() { DebugPrint(D_FLOW); global $out, $msg; $keys = null; if ($this->page->MustLogin) { // do not add! && isset($_SESSION['logged_in'] $customer = new CHICustomer(); if (isset($_SESSION['logged_in'])) { $customer->SetQueryIn('Email', [$_SESSION['logged_in']]); // email as a filter } if (!isset($_SESSION['logged_in']) || !$customer->Next()) { // there is no customer match for the requested email // $out->SetBuf('redirect'); $url = "/AWS/AWSLogin.php?act={$this->page->PageID}"; if (isset($_GET['anchor'])) $url .= '&anchor=' . $_GET['anchor']; $out->Link($msg->Get('REDIRECT'), $url); $out->RedirectFrame($url); // $content = $out->GetBuf('redirect'); // $out->PrevBuf(); // $out->ClearBuf('redirect'); // $vars['content'] = $content; return; } if(isset($_GET['anchor'])) { // there is no need to && $page->PageID == '4 //AWSList $url = str_replace('?anchor=', '#', PageURL()); // $out->SetBuf('redirect'); $out->Link($msg->Get('REDIRECT'), $url); $out->RedirectFrame($url); // $content = $out->GetBuf('redirect'); // $out->PrevBuf(); // $out->ClearBuf('redirect'); // $vars['content'] = $content; return; } // we allow access to 'AWSAdminList' page only from selected domains if ($this->page->PageID == 'AWSAdminList') { // Is this domain allowed to see this virtual page? Start // List of allowed domains comes from AZ.ini // Clean the logged in email to find the domain if (!isEmailInAcceptedDomain($_SESSION['logged_in'], explode(";", GetAZini('allowPageAWSAdminList')))) { // $out->SetBuf('redirect'); $url = '/AWS/AWSList.php'; $out->Link($msg->Get('REDIRECT'), $url); $out->RedirectFrame($url); // $content = $out->GetBuf('redirect'); // $out->PrevBuf(); // $out->ClearBuf('redirect'); // $vars['content'] = $content; return; } } // if ($page->PageID == 'AWSAdminList') { $keys['region'] = $customer->Region; $keys['customerId'] = $customer->CustomerId; // Add keys to session, allow us to implement ajax easily $_SESSION['key'] = $keys['key']; $_SESSION['secret'] = $keys['secret']; $_SESSION['region'] = $keys['region']; $_SESSION['accontId'] = $customer->AccountId; } // end if $page->MustLogin == true code block $this->page->SetContent($keys); // Call function that creates page and fill Content variable } function DoPost() { $this->DoGet(); } } // start session anyway... session_start(); $obj = new BasePage(''); if (!$obj->isSSL()) { $obj->RedirectTo($_SERVER['REQUEST_URI']); // '/AWS/AWSLogin.php?act=login' return; } $obj->Execute(); ?>