private void KillInvalidMemberCookies() { //WB updated as in 4.7 RC the member cookie merged into one cookie now /* * string UmbracoMemberIdCookieKey = "umbracoMemberId"; * string UmbracoMemberGuidCookieKey = "umbracoMemberGuid"; * string UmbracoMemberLoginCookieKey = "umbracoMemberLogin"; */ string umbracoMemberCookieKey = "UMB_MEMBER"; string umbracoMemberCookieValue = StateHelper.GetCookieValue(umbracoMemberCookieKey); if (HasCookieValue(umbracoMemberCookieKey)) { //WB split the cookie values with 4.7 RC cookie change string[] umbracoMemberCookieValueSplit = umbracoMemberCookieValue.Split(new Char[] { '+' }); string UmbracoMemberIdCookieValue = umbracoMemberCookieValueSplit[0].ToString(); string UmbracoMemberGuidCookieValue = umbracoMemberCookieValueSplit[1].ToString(); string UmbracoMemberLoginCookieValue = umbracoMemberCookieValueSplit[2].ToString(); int currentMemberId = 0; string currentGuid = ""; /* * int.TryParse(StateHelper.GetCookieValue(UmbracoMemberIdCookieKey), out currentMemberId); * currentGuid = StateHelper.GetCookieValue(UmbracoMemberGuidCookieKey); */ int.TryParse(UmbracoMemberIdCookieValue, out currentMemberId); currentGuid = UmbracoMemberGuidCookieValue; if (currentMemberId > 0 && !memberValid(currentMemberId, currentGuid)) { /* * //not valid * KillCookie(UmbracoMemberGuidCookieKey,"umbraco.com"); * KillCookie(UmbracoMemberLoginCookieKey, "umbraco.com"); * KillCookie(UmbracoMemberIdCookieKey,"umbraco.com"); */ //WB updated as in 4.7 RC the member cookie merged into one cookie now KillCookie(umbracoMemberCookieKey, "umbraco.com"); KillCookie(FormsAuthentication.FormsCookieName, "umbraco.com"); FormsAuthentication.SignOut(); Response.Redirect("/", true); } } }
private bool validateAccess(XmlNode node) { // check if this area should be shown at all string onlyOnceValue = StateHelper.GetCookieValue(generateCookieKey(node)); if (!String.IsNullOrEmpty(onlyOnceValue)) { return(false); } // the root user can always see everything if (CurrentUser.IsRoot()) { return(true); } else if (node != null) { XmlNode accessRules = node.SelectSingleNode("access"); bool retVal = true; if (accessRules != null && accessRules.HasChildNodes) { string currentUserType = CurrentUser.UserType.Alias.ToLower(); string allowedSections = ","; foreach (BusinessLogic.Application app in CurrentUser.Applications) { allowedSections += app.alias.ToLower() + ","; } XmlNodeList grantedTypes = accessRules.SelectNodes("grant"); XmlNodeList grantedBySectionTypes = accessRules.SelectNodes("grantBySection"); XmlNodeList deniedTypes = accessRules.SelectNodes("deny"); // if there's a grant type, everyone who's not granted is automatically denied if (grantedTypes.Count > 0 || grantedBySectionTypes.Count > 0) { retVal = false; if (grantedBySectionTypes.Count > 0 && accessRules.SelectSingleNode(String.Format("grantBySection [contains('{0}', concat(',',.,','))]", allowedSections)) != null) { retVal = true; } else if (grantedTypes.Count > 0 && accessRules.SelectSingleNode(String.Format("grant [. = '{0}']", currentUserType)) != null) { retVal = true; } } // if the current type of user is denied we'll say nay if (deniedTypes.Count > 0 && accessRules.SelectSingleNode(String.Format("deny [. = '{0}']", currentUserType)) != null) { retVal = false; } } return(retVal); } return(false); }
/// <summary> /// Gets the current visitors memberid /// </summary> /// <returns>The current visitors members id, if the visitor is not logged in it returns 0</returns> public static int CurrentMemberId() { int _currentMemberId = 0; if (StateHelper.HasCookieValue(UmbracoMemberIdCookieKey) && StateHelper.HasCookieValue(UmbracoMemberGuidCookieKey) && StateHelper.HasCookieValue(UmbracoMemberLoginCookieKey)) { int.TryParse(StateHelper.GetCookieValue(UmbracoMemberIdCookieKey), out _currentMemberId); } return(_currentMemberId); }
/// <summary> /// This method will parse the attribute value to look for some special syntax such as /// [@requestKey] /// [%sessionKey] /// [#pageElement] /// [$recursiveValue] /// </summary> /// <param name="pageElements"></param> /// <param name="attributeValue"></param> /// <returns></returns> /// <remarks> /// You can even apply fallback's separated by comma's like: /// /// [@requestKey],[%sessionKey] /// /// </remarks> public static string parseAttribute(IDictionary pageElements, string attributeValue) { // Check for potential querystring/cookie variables // SD: not sure why we are checking for len 3 here? if (attributeValue.Length > 3 && attributeValue.StartsWith("[")) { var attributeValueSplit = (attributeValue).Split(','); attributeValueSplit = attributeValueSplit.Select(x => x.Trim()).ToArray(); // before proceeding, we don't want to process anything here unless each item starts/ends with a [ ] // this is because the attribute value could actually just be a json array like [1,2,3] which we don't want to parse // // however, the last one can be a literal, must take care of this! // so here, don't check the last one, which can be just anything if (attributeValueSplit.Take(attributeValueSplit.Length - 1).All(x => //must end with [ x.EndsWith("]") && //must start with [ and a special char (x.StartsWith("[@") || x.StartsWith("[%") || x.StartsWith("[#") || x.StartsWith("[$"))) == false) { return(attributeValue); } foreach (var attributeValueItem in attributeValueSplit) { attributeValue = attributeValueItem; var trimmedValue = attributeValue.Trim(); // Check for special variables (always in square-brackets like [name]) if (trimmedValue.StartsWith("[") && trimmedValue.EndsWith("]")) { attributeValue = trimmedValue; // find key name var keyName = attributeValue.Substring(2, attributeValue.Length - 3); var keyType = attributeValue.Substring(1, 1); switch (keyType) { case "@": attributeValue = HttpContext.Current.Request[keyName]; break; case "%": attributeValue = StateHelper.GetSessionValue <string>(keyName); if (String.IsNullOrEmpty(attributeValue)) { attributeValue = StateHelper.GetCookieValue(keyName); } break; case "#": if (pageElements == null) { pageElements = GetPageElements(); } if (pageElements[keyName] != null) { attributeValue = pageElements[keyName].ToString(); } else { attributeValue = ""; } break; case "$": if (pageElements == null) { pageElements = GetPageElements(); } if (pageElements[keyName] != null && pageElements[keyName].ToString() != string.Empty) { attributeValue = pageElements[keyName].ToString(); } else { // reset attribute value in case no value has been found on parents attributeValue = String.Empty; XmlDocument umbracoXML = presentation.UmbracoContext.Current.GetXml(); String[] splitpath = (String[])pageElements["splitpath"]; for (int i = 0; i < splitpath.Length - 1; i++) { XmlNode element = umbracoXML.GetElementById(splitpath[splitpath.Length - i - 1].ToString()); if (element == null) { continue; } string xpath = UmbracoConfig.For.UmbracoSettings().Content.UseLegacyXmlSchema ? "./data [@alias = '{0}']" : "{0}"; XmlNode currentNode = element.SelectSingleNode(string.Format(xpath, keyName)); if (currentNode != null && currentNode.FirstChild != null && !string.IsNullOrEmpty(currentNode.FirstChild.Value) && !string.IsNullOrEmpty(currentNode.FirstChild.Value.Trim())) { HttpContext.Current.Trace.Write("parameter.recursive", "Item loaded from " + splitpath[splitpath.Length - i - 1]); attributeValue = currentNode.FirstChild.Value; break; } } } break; } if (attributeValue != null) { attributeValue = attributeValue.Trim(); if (attributeValue != string.Empty) { break; } } else { attributeValue = string.Empty; } } } } return(attributeValue); }
public static string parseAttribute(IDictionary pageElements, string attributeValue) { // Check for potential querystring/cookie variables if (attributeValue.Length > 3 && attributeValue.Substring(0, 1) == "[") { string[] attributeValueSplit = (attributeValue).Split(','); foreach (string attributeValueItem in attributeValueSplit) { attributeValue = attributeValueItem; // Check for special variables (always in square-brackets like [name]) if (attributeValueItem.Substring(0, 1) == "[" && attributeValueItem.Substring(attributeValueItem.Length - 1, 1) == "]") { // find key name string keyName = attributeValueItem.Substring(2, attributeValueItem.Length - 3); string keyType = attributeValueItem.Substring(1, 1); switch (keyType) { case "@": attributeValue = HttpContext.Current.Request[keyName]; break; case "%": attributeValue = StateHelper.GetSessionValue <string>(keyName); if (String.IsNullOrEmpty(attributeValue)) { attributeValue = StateHelper.GetCookieValue(keyName); } break; case "#": if (pageElements[keyName] != null) { attributeValue = pageElements[keyName].ToString(); } else { attributeValue = ""; } break; case "$": if (pageElements[keyName] != null && pageElements[keyName].ToString() != string.Empty) { attributeValue = pageElements[keyName].ToString(); } else { // reset attribute value in case no value has been found on parents attributeValue = String.Empty; XmlDocument umbracoXML = presentation.UmbracoContext.Current.GetXml(); String[] splitpath = (String[])pageElements["splitpath"]; for (int i = 0; i < splitpath.Length - 1; i++) { XmlNode element = umbracoXML.GetElementById(splitpath[splitpath.Length - i - 1].ToString()); if (element == null) { continue; } string xpath = UmbracoSettings.UseLegacyXmlSchema ? "./data [@alias = '{0}']" : "{0}"; XmlNode currentNode = element.SelectSingleNode(string.Format(xpath, keyName)); if (currentNode != null && currentNode.FirstChild != null && !string.IsNullOrEmpty(currentNode.FirstChild.Value) && !string.IsNullOrEmpty(currentNode.FirstChild.Value.Trim())) { HttpContext.Current.Trace.Write("parameter.recursive", "Item loaded from " + splitpath[splitpath.Length - i - 1]); attributeValue = currentNode.FirstChild.Value; break; } } } break; } if (attributeValue != null) { attributeValue = attributeValue.Trim(); if (attributeValue != string.Empty) { break; } } else { attributeValue = string.Empty; } } } } return(attributeValue); }