Elgg  Version 2.2
 All Classes Namespaces Files Functions Variables Pages
actions.php
Go to the documentation of this file.
1 <?php
19 function _elgg_action_handler(array $segments) {
20  _elgg_services()->actions->execute(implode('/', $segments));
21 }
22 
47 function action($action, $forwarder = "") {
48  _elgg_services()->actions->execute($action, $forwarder);
49 }
50 
85 function elgg_register_action($action, $filename = "", $access = 'logged_in') {
86  return _elgg_services()->actions->register($action, $filename, $access);
87 }
88 
96 function elgg_unregister_action($action) {
97  return _elgg_services()->actions->unregister($action);
98 }
99 
107 function elgg_build_hmac($data) {
108  return _elgg_services()->crypto->getHmac($data);
109 }
110 
127 function validate_action_token($visible_errors = true, $token = null, $ts = null) {
128  return _elgg_services()->actions->validateActionToken($visible_errors, $token, $ts);
129 }
130 
145 function action_gatekeeper($action) {
146  return _elgg_services()->actions->gatekeeper($action);
147 }
148 
166 function generate_action_token($timestamp) {
167  return _elgg_services()->actions->generateActionToken($timestamp);
168 }
169 
181 function init_site_secret() {
182  return _elgg_services()->siteSecret->init();
183 }
184 
194 function get_site_secret() {
195  return _elgg_services()->siteSecret->get();
196 }
197 
204 function _elgg_get_site_secret_strength() {
205  return _elgg_services()->siteSecret->getStrength();
206 }
207 
216 function elgg_action_exists($action) {
217  return _elgg_services()->actions->exists($action);
218 }
219 
226 function elgg_is_xhr() {
227  return _elgg_services()->request->isXmlHttpRequest();
228 }
229 
256 function ajax_forward_hook($hook, $type, $reason, $params) {
257  _elgg_services()->actions->ajaxForwardHook($hook, $type, $reason, $params);
258 }
259 
265 function ajax_action_hook() {
266  _elgg_services()->actions->ajaxActionHook();
267 }
268 
274 function _elgg_csrf_token_refresh() {
275  if (!elgg_is_xhr()) {
276  return false;
277  }
278 
279  $actions = _elgg_services()->actions;
280 
281  // the page's session_token might have expired (not matching __elgg_session in the session), but
282  // we still allow it to be given to validate the tokens in the page.
283  $session_token = get_input('session_token', null, false);
284  $pairs = (array)get_input('pairs', array(), false);
285  $valid_tokens = (object)array();
286  foreach ($pairs as $pair) {
287  list($ts, $token) = explode(',', $pair, 2);
288  if ($actions->validateTokenOwnership($token, $ts, $session_token)) {
289  $valid_tokens->{$token} = true;
290  }
291  }
292 
293  $ts = time();
294  $token = generate_action_token($ts);
295  $data = array(
296  'token' => array(
297  '__elgg_ts' => $ts,
298  '__elgg_token' => $token,
299  'logged_in' => elgg_is_logged_in(),
300  ),
301  'valid_tokens' => $valid_tokens,
302  'session_token' => elgg_get_session()->get('__elgg_session'),
303  'user_guid' => elgg_get_logged_in_user_guid(),
304  );
305 
306  header("Content-Type: application/json;charset=utf-8");
307  echo json_encode($data);
308 
309  return true;
310 }
311 
316 function actions_init() {
317  elgg_register_page_handler('action', '_elgg_action_handler');
318  elgg_register_page_handler('refresh_token', '_elgg_csrf_token_refresh');
319 
320  elgg_register_simplecache_view('languages/en.js');
321 
322  elgg_register_plugin_hook_handler('action', 'all', 'ajax_action_hook', 600);
323  elgg_register_plugin_hook_handler('forward', 'all', 'ajax_forward_hook', 600);
324 }
325 
326 return function(\Elgg\EventsService $events, \Elgg\HooksRegistrationService $hooks) {
327  $events->registerHandler('init', 'system', 'actions_init');
328 };
elgg_is_logged_in
elgg_is_logged_in()
Returns whether or not the user is currently logged in.
Definition: sessions.php:51
$action
$action
Definition: full.php:125
elgg_is_xhr
elgg_is_xhr()
Checks whether the request was requested via ajax.
Definition: actions.php:226
action
action($action, $forwarder="")
Perform an action.
Definition: actions.php:47
action_gatekeeper
action_gatekeeper($action)
Validates the presence of action tokens.
Definition: actions.php:145
elgg_action_exists
elgg_action_exists($action)
Check if an action is registered and its script exists.
Definition: actions.php:216
elgg_register_simplecache_view
elgg_register_simplecache_view($view_name)
Registers a view to simple cache.
Definition: cache.php:108
elgg_get_session
elgg_get_session()
Gets Elgg's session object.
Definition: sessions.php:23
$data
$data
Definition: opendd.php:13
init_site_secret
init_site_secret()
Initialise the site secret (32 bytes: "z" to indicate format + 186-bit key in Base64 URL)...
Definition: actions.php:181
elgg_register_plugin_hook_handler
elgg_register_plugin_hook_handler($hook, $type, $callback, $priority=500)
Definition: elgglib.php:715
$timestamp
$timestamp
Definition: date.php:34
$actions
$actions
Definition: user_hover.php:12
$params
$params
Definition: login.php:72
generate_action_token
generate_action_token($timestamp)
Generate an action token.
Definition: actions.php:166
actions_init
actions_init()
Initialize some ajaxy actions features private.
Definition: actions.php:316
get_input
get_input($variable, $default=null, $filter_result=true)
Get some input from variables passed submitted through GET or POST.
Definition: input.php:27
elgg_build_hmac
elgg_build_hmac($data)
Get an HMAC token builder/validator object.
Definition: actions.php:107
ajax_forward_hook
ajax_forward_hook($hook, $type, $reason, $params)
Catch calls to forward() in ajax request and force an exit.
Definition: actions.php:256
get_site_secret
get_site_secret()
Returns the site secret.
Definition: actions.php:194
_elgg_services
_elgg_services(\Elgg\Di\ServiceProvider $services=null)
Get the global service provider.
Definition: autoloader.php:17
$token
$token
Definition: securitytoken.php:12
_elgg_action_handler
_elgg_action_handler(array $segments)
Handle a request for an action.
Definition: actions.php:19
validate_action_token
validate_action_token($visible_errors=true, $token=null, $ts=null)
Validate an action token.
Definition: actions.php:127
_elgg_get_site_secret_strength
_elgg_get_site_secret_strength()
Get the strength of the site secret.
Definition: actions.php:204
$filename
$filename
Definition: plugin_text_file.php:6
_elgg_csrf_token_refresh
_elgg_csrf_token_refresh()
Send an updated CSRF token, provided the page's current tokens were not fake.
Definition: actions.php:274
elgg_register_action
elgg_register_action($action, $filename="", $access= 'logged_in')
Registers an action.
Definition: actions.php:85
elgg_get_logged_in_user_guid
elgg_get_logged_in_user_guid()
Return the current logged in user by guid.
Definition: sessions.php:42
$access
$access
Definition: save.php:15
ajax_action_hook
ajax_action_hook()
Buffer all output echo'd directly in the action for inclusion in the returned JSON.
Definition: actions.php:265
$type
if(!$display_name) $type
Definition: delete.php:27
elgg_unregister_action
elgg_unregister_action($action)
Unregisters an action.
Definition: actions.php:96
Generated on Thu Aug 17 2017 00:00:45 for Elgg by   doxygen 1.8.6