private SmtpClient GetClient() { string mailserver = SprocketSettings.GetValue("MailServer"); int port; int.TryParse(SprocketSettings.GetValue("MailServerPort"), out port); string useAuthentication = SprocketSettings.GetValue("MailServerAuthentication"); string authUsername = SprocketSettings.GetValue("MailServerUsername"); string authPassword = SprocketSettings.GetValue("MailServerPassword"); SmtpClient client = new SmtpClient(); if (mailserver != null) { client.Host = mailserver; } else { client.Host = "localhost"; } if (port > 0) { client.Port = port; } if (useAuthentication != null && authUsername != null && authPassword != null) { if (Utilities.MatchesAny(useAuthentication.ToLower(), "true", "yes", "1")) { client.Credentials = new NetworkCredential(authUsername, authPassword); } } return(client); }
void Settings_OnCheckingSettings(SprocketSettings.SettingsErrors errors) { if (!IntegrationEnabled) { return; } if (TestMode) { if (SprocketSettings.GetValue("PayPalTestIdentityToken") == null) { errors.Add("PayPal", "PayPalTestMode setting has been specified, thus a value is required for PayPalTestIdentityToken. This is the PayPal-supplied identity token for use with the PayPal Sandbox development environment. See developer.paypal.com for more info."); errors.SetCriticalError(); } if (SprocketSettings.GetValue("PayPalTestAccountAddress") == null) { errors.Add("PayPal", "PayPalTestMode setting has been specified, thus a value is required for PayPalTestAccountAddress. This is a test PayPal account address for use with the PayPal Sandbox development environment. See developer.paypal.com for more info."); errors.SetCriticalError(); } } else { if (SprocketSettings.GetValue("PayPalIdentityToken") == null) { errors.Add("PayPal", "The PayPalTestMode setting is disabled and the PayPalIntegration setting is enabled, thus a value is required for PayPalIdentityToken. This is the PayPal-supplied identity token for authenticating PayPal responses. See developer.paypal.com for more info."); errors.SetCriticalError(); } if (SprocketSettings.GetValue("PayPalAccountAddress") == null) { errors.Add("PayPal", "The PayPalTestMode setting is disabled and the PayPalIntegration setting is enabled, thus a value is required for PayPalAccountAddress. This is the PayPal account address that is to receive transaction payments. See developer.paypal.com for more info."); errors.SetCriticalError(); } } }
public void LoadDefaultDatabase() { Database db = Database.Create(defaultEngine); db.ConnectionString = SprocketSettings.GetValue("ConnectionString"); Database.Add("DEFAULT", db, true); }
public void LoadConnectionString(string appSettingsKeyName) { if (SprocketSettings.GetValue(appSettingsKeyName) == null) { throw new SprocketException("The application settings file does not contain a connection string for the key \"" + appSettingsKeyName + "\"."); } ConnectionString = SprocketSettings.GetValue(appSettingsKeyName); }
private string PassKeyFromPasswordHash(string passwordHash) { string startIP = HttpContext.Current.Request.UserHostAddress; startIP = startIP.Substring(0, startIP.LastIndexOf('.')); string encKey = SprocketSettings.GetValue("EncryptionKeyWord"); return(StringUtilities.HexStringFromBytes(Crypto.RC2Encrypt(passwordHash, encKey, startIP))); }
internal static string DecryptCAPTCHAKey(string encryptedCaptcha) { string key = SprocketSettings.GetValue("EncryptionKeyWord"); string vector = HttpContext.Current.Request.UserHostAddress; vector = vector.Substring(0, vector.LastIndexOf('.')); return(Crypto.RC2Decrypt(StringUtilities.BytesFromHexString(encryptedCaptcha), key, vector)); }
void Instance_OnBeforeLoadExistingFile(HttpApplication app, string sprocketPath, string[] pathSections, HandleFlag handled) { if (sprocketPath.EndsWith(".js")) { if (SprocketSettings.GetBooleanValue("CompressJavaScript")) { HttpContext.Current.Response.Write(WebUtility.CacheTextFile(sprocketPath, true)); handled.Set(); } } }
private string PasswordHashFromPassKey(string passKey) { string startIP = HttpContext.Current.Request.UserHostAddress; startIP = startIP.Substring(0, startIP.LastIndexOf('.')); string encKey = SprocketSettings.GetValue("EncryptionKeyWord"); if (encKey == null) { throw new Exception("Please add a kay named \"EncryptionKeyWord\" to your Web.Config file. This is a secret keyword or phrase of your choice."); } return(Crypto.RC2Decrypt(StringUtilities.BytesFromHexString(passKey), encKey, startIP)); }
void OnAdminRequest(AdminInterface admin, string sprocketPath, string[] pathSections, HandleFlag handled) { // build the "current user" block WebAuthentication auth = (WebAuthentication)Core.Instance["WebAuthentication"]; SecurityProvider.User user = SecurityProvider.User.Load(WebsiteClientID, auth.CurrentUsername); string block = "<div id=\"currentuser-block\">" + "You are currently logged in as <b>{0}</b>." + "</div>"; admin.AddLeftColumnSection(new RankedString( string.Format(block, (user.FirstName + " " + user.Surname).Trim()), -100)); admin.WebsiteName = WebsiteClient.Name; if (!CurrentUser.HasPermission(SecurityProvider.PermissionTypeCodes.UserAdministrator)) { return; } admin.AddMainMenuLink(new AdminMenuLink("Users and Roles", WebUtility.MakeFullPath("admin/security"), 0)); // build the security interface if it has been requested if (sprocketPath.StartsWith("admin/security")) { handled.Set(); int defaultMaxFilterMatches; try { defaultMaxFilterMatches = int.Parse(SprocketSettings.GetValue("WebSecurityDefaultUserFilterMatches")); } catch { defaultMaxFilterMatches = 50; } admin.AddInterfaceScript(WebControlScript.TabStrip); admin.AddInterfaceScript(WebControlScript.Fader); admin.AddInterfaceScript(WebControlScript.AjaxForm); string scr = ResourceLoader.LoadTextResource("Sprocket.Web.CMS.Security.security.js") .Replace("50,//{defaultMaxFilterMatches}", defaultMaxFilterMatches.ToString() + ",") .Replace("if(true)//{ifUserCanAccessRoleManagement}", CurrentUser.HasPermission("ROLEADMINISTRATOR") ? "" : "if(false)"); admin.AddInterfaceScript(new RankedString(scr, 0)); admin.AddBodyOnLoadScript(new RankedString("SecurityInterface.Run()", 0)); admin.ContentHeading = "Users and Roles"; SecurityProvider security = (SecurityProvider)Core.Instance["SecurityProvider"]; string html = "<div id=\"user-admin-container\"></div>"; admin.AddContentSection(new RankedString(html, 0)); admin.AddHeadSection(new RankedString("<link rel=\"stylesheet\" type=\"text/css\" href=\"" + WebUtility.MakeFullPath("resources/admin/security.css") + "\" />", 0)); } }
void OnCheckSettings(SprocketSettings.SettingsErrors errors) { if (SprocketSettings.GetValue("ConnectionString") == null) { errors.Add("DatabaseManager", "The application settings (.config) file requires a valid value for \"ConnectionString\"."); errors.SetCriticalError(); } if (SprocketSettings.GetValue("DatabaseEngine") == null) { errors.Add("DatabaseManager", "The application settings (.config) file requires a valid value for \"DatabaseEngine\"."); errors.SetCriticalError(); } if (errors.HasCriticalError) { return; } DatabaseEngine engType; try { engType = Database.ParseEngineName(SprocketSettings.GetValue("DatabaseEngine")); } catch (SprocketException) { errors.Add("DatabaseManager", "The value for \"DatabaseEngine\" is not valid."); errors.SetCriticalError(); return; } Database db = Database.Create(engType); db.ConnectionString = SprocketSettings.GetValue("ConnectionString"); string errorMessage; if (!db.TestConnectionString(out errorMessage)) { string msg = errorMessage; //if (msg.ToLower().Contains("password") // || msg.ToLower().Contains("pwd") // || msg.ToLower().Contains("pass") // || msg.ToLower().Contains("pword")) // msg = "[error message hidden because it contains password information]"; errors.Add("DatabaseManager", "The supplied connection string didn't work. The error was: " + msg); errors.SetCriticalError(); return; } defaultConnectionString = db.ConnectionString; defaultEngine = db.DatabaseEngine; }
void OnCheckingSprocketSettings(SprocketSettings.SettingsErrors errors) { string psl = SprocketSettings.GetValue("PreventSimultaneousLogins"); if (psl == null) { errors.Add(this, "The Web.config file is missing a value for \"PreventSimultaneousLogins\". The value should be \"True\" or \"False\"."); errors.SetCriticalError(); return; } if (psl.ToLower() != "true" && psl.ToLower() != "false") { errors.Add(this, "The Web.config file value for \"PreventSimultaneousLogins\" is invalid. The value should be \"True\" or \"False\"."); errors.SetCriticalError(); return; } }
void Core_OnInitialise(Dictionary <Type, List <Type> > interfaceImplementations) { // need to check web.config to see which database registration name to use // instantiate that Type, if found, or throw an error // raise a notification event specifying the ISqlDatabase object we're using // add an event to this module OnCheckDatabaseStructure, which will eliminate the need for IDataHandlerModule if (interfaceImplementations.ContainsKey(typeof(IDatabaseHandler))) { string databaseEngine = SprocketSettings.GetValue("DatabaseEngine"); if (databaseEngine == null) { return; } foreach (Type t in interfaceImplementations[typeof(IDatabaseHandler)]) { if (t.Name == databaseEngine) { dbHandler = (IDatabaseHandler)Activator.CreateInstance(t); Result result = dbHandler.CheckConfiguration(); if (!result.Succeeded) { SprocketSettings.Errors.Add(this, result.Message); SprocketSettings.Errors.SetCriticalError(); return; } if (OnDatabaseHandlerLoaded != null) { OnDatabaseHandlerLoaded(dbHandler); } return; } } List <string> list = new List <string>(); foreach (Type t in interfaceImplementations[typeof(IDatabaseHandler)]) { list.Add(t.Name); } SprocketSettings.Errors.Add(this, "The application settings (.config) file requires a valid value for \"DatabaseEngine\"."); SprocketSettings.Errors.Add(this, "Current valid values for DatabaseEngine are: " + StringUtilities.CommaJoin(list)); SprocketSettings.Errors.SetCriticalError(); } }
void OnAdminRequest(AdminInterface admin, PageEntry page, HandleFlag handled) { // build the "current user" block User user = User.Select(SecurityProvider.ClientSpaceID, WebAuthentication.Instance.CurrentUsername); string block = "<div id=\"currentuser-block\">" + "You are currently logged in as <b>{0}</b>." + "</div>"; admin.AddLeftColumnSection(new AdminSection( string.Format(block, (user.FirstName + " " + user.Surname).Trim()), ObjectRank.First)); if (!WebAuthentication.VerifyAccess(PermissionType.UserAdministrator)) { return; } admin.AddMainMenuLink(new AdminMenuLink("Users and Roles", WebUtility.MakeFullPath("admin/security"), ObjectRank.Normal)); // build the security interface if it has been requested if (SprocketPath.Value.StartsWith("admin/security")) { //handled.Set(); int defaultMaxFilterMatches; try { defaultMaxFilterMatches = int.Parse(SprocketSettings.GetValue("WebSecurityDefaultUserFilterMatches")); } catch { defaultMaxFilterMatches = 50; } admin.AddInterfaceScript(WebControlScript.TabStrip); admin.AddInterfaceScript(WebControlScript.Fader); admin.AddInterfaceScript(WebControlScript.AjaxForm); string scr = ResourceLoader.LoadTextResource("Sprocket.Security.CMS.security.js") .Replace("50,//{defaultMaxFilterMatches}", defaultMaxFilterMatches.ToString() + ",") .Replace("if(true)//{ifUserCanAccessRoleManagement}", WebAuthentication.VerifyAccess(PermissionType.RoleAdministrator) ? "" : "if(false)"); admin.AddInterfaceScript(new AdminSection(scr, 0)); admin.AddBodyOnLoadScript(new AdminSection("SecurityInterface.Run()", 0)); string html = "<div id=\"user-admin-container\"></div>"; admin.AddPreContentSection(new AdminSection(html, 0)); admin.AddHeadSection(new AdminSection("<link rel=\"stylesheet\" type=\"text/css\" href=\"" + WebUtility.MakeFullPath("resources/admin/security.css") + "\" />", 0)); } }
public static SprocketFile Upload(HttpPostedFile upload, Guid?clientID, Guid?ownerID, Guid?parentFileID, string sprocketPath, string categoryCode, string moduleRegCode, string description) { if (upload.ContentLength > int.Parse(SprocketSettings.GetValue("FileManagerMaxUploadSizeBytes"))) { return(null); } SprocketFile file = new SprocketFile(); file.sprocketFileID = Guid.NewGuid(); file.clientID = clientID; file.ownerID = ownerID; file.parentFileID = parentFileID; file.sprocketPath = (sprocketPath.Trim('/') + "/" + Path.GetFileName(upload.FileName)).Trim('/'); file.categoryCode = categoryCode; file.moduleRegCode = moduleRegCode; file.description = description; file.contentType = upload.ContentType; file.uploadDate = DateTime.Now; file.FileTypeExtension = Path.GetExtension(upload.FileName); upload.SaveAs(file.PhysicalPath); if (Database.Main.IsTransactionActive) { file.Save(); } else { Database.Main.BeginTransaction(); try { file.Save(); } catch (Exception ex) { Database.Main.RollbackTransaction(); file.EnsureFileDeleted(); throw ex; } Database.Main.CommitTransaction(); } return(file); }
public Result CheckConfiguration() { connectionString = SprocketSettings.GetValue("ConnectionString"); if (connectionString == null) { return(new Result("No value exists in Web.config for ConnectionString. SqlServer2005Database requires a valid connection string.")); } try { SqlConnection conn = new SqlConnection(connectionString); conn.Open(); conn.Close(); conn.Dispose(); } catch (Exception ex) { return(new Result("The ConnectionString value was unable to be used to open the database. The error was: " + ex.Message)); } return(new Result()); }
public static string EncryptNewCAPTCHAKey() { Random r = new Random(); int n1 = Convert.ToInt32('a'); int n2 = Convert.ToInt32('z') + 1; string str = ""; while (str == "" || Instance.expiredCaptchaKeys.Contains(str)) { str = ""; while (str.Length < 6) { str += Convert.ToChar(r.Next(n1, n2)); } } string key = SprocketSettings.GetValue("EncryptionKeyWord"); string vector = HttpContext.Current.Request.UserHostAddress; vector = vector.Substring(0, vector.LastIndexOf('.')); return(StringUtilities.HexStringFromBytes(Crypto.RC2Encrypt(str.ToUpper(), key, vector))); }
/// <summary> /// Writes all registered scripts into a single string surrounded by html script tags /// </summary> /// <returns>HTML script tags with containing javascript</returns> public string CreateScriptTags() { StringBuilder sb = new StringBuilder(); foreach (KeyValuePair <string, string> script in scripts) { string js = script.Value; foreach (KeyValuePair <string, object> key in keys) { js = js.Replace(key.Key, key.Value.ToString()); } sb.Append("<script language=\"JavaScript\">"); sb.Append(Environment.NewLine); if (SprocketSettings.GetBooleanValue("CompressJavaScript")) { js = JavaScriptCondenser.Condense(js); } sb.Append(js); sb.Append(Environment.NewLine); sb.Append("</script>"); sb.Append(Environment.NewLine); } return(sb.ToString()); }
/// <summary> /// Sprocket calls this method in response to ASP.Net's AcquireRequestState event. /// </summary> /// <param name="sender"></param> /// <param name="e"></param> internal void FireAcquireRequestState(object sender, EventArgs e) { if (OnRequestStateLoaded != null) // as always, let the other modules know where we are... { OnRequestStateLoaded(); } if (HttpContext.Current.Request.Form != null) { if (HttpContext.Current.Request.Form.Count > 0) { foreach (FormPostAction action in formPostActions) { if (action.PostFromPath != null) { if (action.PostFromPath != SprocketPath.ExtractSprocketPath(HttpContext.Current.Request.UrlReferrer.ToString())) { continue; } } if (action.PostToPath != null) { if (action.PostToPath.ToLower() != SprocketPath.Value) { continue; } } if (action.FieldName != null) { string s = HttpContext.Current.Request.Form[action.FieldName]; if (s == null) { continue; } if (action.FieldValue != null) { if (s != action.FieldValue) { continue; } } } action.PostHandler(); } } } // this is our flag so that request event handlers can let us know if they handled this request. HandleFlag flag = new HandleFlag(); if (OnLoadRequestedPath != null) { OnLoadRequestedPath(flag); if (flag.Handled) { // stop the browser from caching the page // HttpContext.Current.Response.Cache.SetCacheability(HttpCacheability.NoCache); if (OnRequestedPathProcessed != null) { OnRequestedPathProcessed(); } // if one of the modules handled the request event, then we can stop // doing stuff now. The OnEndRequest event will still be called though. HttpContext.Current.Response.End(); return; } } // if we've reached this point and none of our modules have volunteered to handle // the request, we can check to see if the requested path actually exists (gasp!) // and if so, serve up that file! This is handy if we insist on using the Standard // ASP.Net Page framework (yuck) or want to serve up other things like plain html // files. if (!flag.Handled && File.Exists(HttpContext.Current.Request.PhysicalPath)) { // here we provide a last chance opportunity to alter the response before the // file is served. if (OnBeforeLoadExistingFile != null) { OnBeforeLoadExistingFile(flag); if (flag.Handled) { HttpContext.Current.Response.End(); return; } } HttpContext.Current.RewritePath(HttpContext.Current.Request.Path); return; } // at this point we know that no file matching the exists, so we can check to see // if a directory of the specified name exists. If it does, we can see if there are // any default pages inside the folder that should execute. This requires the a key // to be configured for appSettings in the Web.config file: // <add key="DefaultPageFilenames" value="default.aspx,default.asp,default.htm,index.htm" /> if (Directory.Exists(HttpContext.Current.Request.PhysicalPath)) { string dpgstr = SprocketSettings.GetValue("DefaultPageFilenames"); if (dpgstr != null) { string[] pgarr = dpgstr.Split(','); foreach (string pgname in pgarr) { string pgpath = "/" + HttpContext.Current.Request.Path.Trim('/') + "/" + pgname; string physpath = HttpContext.Current.Request.PhysicalPath + "\\" + pgname; if (File.Exists(physpath)) { HttpContext.Current.Response.Redirect(pgpath); return; } } } } // if we've reached this point and still havent found anything that wants to handle // the current request, we offer up a final chance to respond to this fact... if (OnPathNotFound != null) { OnPathNotFound(flag); if (flag.Handled) { if (OnRequestedPathProcessed != null) { OnRequestedPathProcessed(); } HttpContext.Current.Response.End(); return; } } // if we got this far, sorry folks, but you're about to get a boring ASP.Net 404 page. }
private static string _ppsetting(string suffix) { return(SprocketSettings.GetValue((TestMode ? "PayPalTest" : "PayPal") + suffix)); }
/// <summary> /// Sprocket calls this method in response to ASP.Net's AcquireRequestState event. /// </summary> /// <param name="sender"></param> /// <param name="e"></param> internal void FireAcquireRequestState(object sender, EventArgs e) { if (OnRequestStateLoaded != null) // as always, let the other modules know where we are... { OnRequestStateLoaded((HttpApplication)sender); } HttpContext pg = HttpContext.Current; // The SprocketPath refers to the bit after the application base path and before the // querystring, minus any leading and trailing forward-slashes. (/) For example if the // full URL is "http://www.sprocketcms.com/myapp/admin/users/?edit" and the subdirectory // "myapp" is a virtual directory (IIS application) then the SprocketPath would be // "admin/users". string sprocketPath = null; string appPath = pg.Request.Path.ToLower(); // check to see if there's a trailing slash and if there isn't, redirect to stick a trailing // slash onto the path. This is to keep pathing consistent because otherwise relative paths // (such as to images and css files) aren't pathed as expected. We DON'T do this if a form // has been posted however, because otherwise we lose the contents of the posted form. It is // assumed that if you forget to post to a path with a trailing slash, that once you finish // processing the form that you'll redirect off to a secondary page anyway, which means // sticking a slash on the end of this URL is unnecessary anyway. if (!appPath.EndsWith("/") && !appPath.Contains(".") && HttpContext.Current.Request.Form.Count == 0) { pg.Response.Redirect(appPath + "/"); pg.Response.End(); return; } // changes (e.g.) "http://www.sprocketcms.com/myapp/admin/users/?edit" into "admin/users" sprocketPath = appPath.Remove(0, pg.Request.ApplicationPath.Length).Trim('/'); // split up the path sections to make things even easier for request event handlers string[] pathSections = sprocketPath.Split('/'); // this is our flag so that request event handlers can let us know if they handled this request. HandleFlag flag = new HandleFlag(); if (OnLoadRequestedPath != null) { OnLoadRequestedPath((HttpApplication)sender, sprocketPath, pathSections, flag); if (flag.Handled) { // stop the browser from caching the page // HttpContext.Current.Response.Cache.SetCacheability(HttpCacheability.NoCache); // if one of the modules handled the request event, then we can stop // doing stuff now. The OnEndRequest event will still be called though. pg.Response.End(); return; } } // if we've reached this point and none of our modules have volunteered to handle // the request, we can check to see if the requested path actually exists (gasp!) // and if so, serve up that file! This is handy if we insist on using the Standard // ASP.Net Page framework (yuck) or want to serve up other things like plain html // files. if (!flag.Handled && File.Exists(pg.Request.PhysicalPath)) { // here we provide a last chance opportunity to alter the response before the // file is served. if (OnBeforeLoadExistingFile != null) { OnBeforeLoadExistingFile((HttpApplication)sender, sprocketPath, pathSections, flag); if (flag.Handled) { pg.Response.End(); return; } } HttpContext.Current.RewritePath(pg.Request.Path); return; } // at this point we know that no file matching the exists, so we can check to see // if a directory of the specified name exists. If it does, we can see if there are // any default pages inside the folder that should execute. This requires the a key // to be configured for appSettings in the Web.config file: // <add key="DefaultPageFilenames" value="default.aspx,default.asp,default.htm,index.htm" /> if (Directory.Exists(pg.Request.PhysicalPath)) { string dpgstr = SprocketSettings.GetValue("DefaultPageFilenames"); if (dpgstr != null) { string[] pgarr = dpgstr.Split(','); foreach (string pgname in pgarr) { string pgpath = "/" + pg.Request.Path.Trim('/') + "/" + pgname; string physpath = pg.Request.PhysicalPath + "\\" + pgname; if (File.Exists(physpath)) { HttpContext.Current.Response.Redirect(pgpath); return; } } } } // if we've reached this point and still havent found anything that wants to handle // the current request, we offer up a final chance to respond to this fact... if (OnPathNotFound != null) { OnPathNotFound((HttpApplication)sender, sprocketPath, pathSections, flag); if (flag.Handled) { pg.Response.End(); return; } } // if we got this far, sorry folks, but you're about to get a boring ASP.Net 404 page. }
void OnLoadRequestedPath(HttpApplication app, string path, string[] pathSections, HandleFlag handled) { if (pathSections.Length == 0) { return; } if (pathSections[0] != "admin") { return; } bool processed = false; string lastchunk = pathSections[pathSections.Length - 1]; switch (lastchunk) { case "admin.css": HttpContext.Current.Response.TransmitFile("~/resources/admin/admin.css"); HttpContext.Current.Response.ContentType = "text/css"; processed = true; break; default: WebAuthentication auth = WebAuthentication.Instance; HttpResponse Response = HttpContext.Current.Response; HttpServerUtility Server = HttpContext.Current.Server; switch (path) { case "admin/login": ShowLoginScreen(); processed = true; break; case "admin/logout": auth.ClearAuthenticationCookie(); Response.Redirect(WebUtility.MakeFullPath("admin/login")); processed = true; break; case "admin/login/process": if (auth.ProcessLoginForm("SprocketUsername", "SprocketPassword", "SprocketPreserveLogin")) { Response.Redirect(WebUtility.MakeFullPath("admin")); } else { ShowLoginScreen("Invalid Username and/or Password."); } processed = true; break; default: if (!auth.IsLoggedIn) { GotoLoginScreen(); processed = true; } else if (OnCMSAdminAuthenticationSuccess != null) { Result result = new Result(); OnCMSAdminAuthenticationSuccess(auth.CurrentUsername, result); if (!result.Succeeded) { ShowLoginScreen(result.Message); processed = true; } } break; } break; } if (processed) { handled.Set(); return; } if (OnAdminRequest != null) { AdminInterface admin = new AdminInterface(); OnAdminRequest(admin, path, pathSections, handled); if (handled.Handled) { WebClientScripts scripts = WebClientScripts.Instance; admin.AddMainMenuLink(new AdminMenuLink("Current Overview", WebUtility.MakeFullPath("admin"), -100)); admin.AddMainMenuLink(new AdminMenuLink("Log Out", WebUtility.MakeFullPath("admin/logout"), 100)); admin.AddFooterLink(new AdminMenuLink("© 2005-" + DateTime.Now.Year + " " + SprocketSettings.GetValue("WebsiteName"), "", 100)); string powered = SprocketSettings.GetValue("ShowPoweredBySprocket"); if (powered != null) { if (StringUtilities.MatchesAny(powered.ToLower(), "true", "yes")) { admin.AddFooterLink(new AdminMenuLink("Powered by Sprocket", "http://www.sprocketcms.com", 1000)); } } admin.AddHeadSection(new RankedString(scripts.BuildStandardScriptsBlock(), 1)); HttpContext.Current.Response.Write(admin.Render(path)); } } }
void OnCheckingSprocketSettings(SprocketSettings.SettingsErrors errors) { string psl = SprocketSettings.GetValue("PreventSimultaneousLogins"); if (psl == null) { errors.Add(RegistrationCode, "The Web.config file is missing a value for \"PreventSimultaneousLogins\". The value should be \"True\" or \"False\"."); errors.SetCriticalError(); return; } if (psl.ToLower() != "true" && psl.ToLower() != "false") { errors.Add(RegistrationCode, "The Web.config file value for \"PreventSimultaneousLogins\" is invalid. The value should be \"True\" or \"False\"."); errors.SetCriticalError(); return; } }
/// <summary> /// This method is called in response to any request where the URL ends with a .ajax /// extension, which Sprocket uses to designate an Ajax request from an XmlHttpRequest /// call in the browser. The posted data contains information that this method uses to /// find the correct ISprocketModule implementation. It then uses reflection to get /// the requested method from the module, converts the javascript arguments into native /// CLR types and passes them to the method, after which it takes the returned data and /// writes it to the output stream ready for the XmlHttpRequest object to complete its /// call. Note that data transport uses JSON encoding. See the JSON class in the /// Sprocket.System namespace for information. /// </summary> /// <param name="context">The current HttpContext object.</param> internal void ProcessRequest(HttpContext context) { isAjaxRequest = true; System.Diagnostics.Debug.WriteLine("Start of AJAX page request..."); Dictionary <string, object> responseData = new Dictionary <string, object>(); try { // load the post data from the http stream byte[] posted = new byte[context.Request.InputStream.Length]; context.Request.InputStream.Read(posted, 0, posted.Length); // interpret the stream as a JSON string and parse it into a dictionary string strData = System.Text.Encoding.ASCII.GetString(posted); IDictionary <string, object> data = (IDictionary <string, object>)JSON.Parse(strData); // extract the base page time stamp //pageTimeStamp = new DateTime(long.Parse(data["LoadTimeStamp"].ToString())); //System.Diagnostics.Debug.WriteLine("Extracted page time stamp of " + pageTimeStamp.Ticks.ToString()); //if (OnAjaxRequestTimeStampCheck != null) //{ // Result result = new Result(); // OnAjaxRequestTimeStampCheck(pageTimeStamp, result); // if (!result.Succeeded) // throw new AjaxSessionExpiredException(result.Message); //} // extract the module and method name string fullname; try { fullname = data["ModuleName"].ToString(); } catch (Exception ex) { throw; } int n = fullname.LastIndexOf("."); if (n == -1) { throw new AjaxException("Method name specified incorrectly. Expected format ModuleNamespace.MethodName.\nThe following incorrect format was supplied: " + data["ModuleName"]); } string moduleNamespace = fullname.Substring(0, n); string methodName = fullname.Substring(n + 1, fullname.Length - (n + 1)); // extract the authentication key if (data["AuthKey"].ToString() != WebAuthentication.AuthKeyPlaceholder) { authKey = new Guid(data["AuthKey"].ToString()); } // extract the source URL SprocketPath.Parse(data["SourceURL"].ToString()); // extract the arguments List <object> parsedArguments = (List <object>)data["MethodArgs"]; // find and verify the module/method that should handle this request ISprocketModule module = Core.Instance[moduleNamespace].Module; if (module == null) { throw new AjaxException("The specified module \"" + moduleNamespace + "\" was not found."); } if (Attribute.GetCustomAttribute(module.GetType(), typeof(AjaxMethodHandlerAttribute), false) == null) { throw new SprocketException("The specified module is not marked with AjaxMethodHandlerAttribute. (" + data["ModuleName"] + ")"); } MethodInfo info = module.GetType().GetMethod(methodName); if (info == null) { throw new AjaxException("Failed to find an instance of the specified method. (" + data["ModuleName"] + ")"); } Attribute ajaxMethodAttr = Attribute.GetCustomAttribute(info, typeof(AjaxMethodAttribute)); if (ajaxMethodAttr == null) { throw new AjaxException("Specified method is not marked with AjaxMethodAttribute. (" + data["ModuleName"] + ")"); } AjaxMethodAttribute attr = (AjaxMethodAttribute)ajaxMethodAttr; if (attr.RequiresAuthentication) { if (!WebAuthentication.IsLoggedIn) { AjaxRequestHandler.AbortAjaxCall("You're not currently logged in. Please refresh the page."); } if (AjaxAuthenticate != null) { Result result = AjaxAuthenticate(info); if (!result.Succeeded) { throw new AjaxException(result.Message); } } } // get all of the parameters that the method requires ParameterInfo[] methodParamInfos = info.GetParameters(); // funcinfo is a string representation of the method format and is used for displaying meaningful errors string funcinfo = data["ModuleName"] + "("; if (methodParamInfos.Length > 0) { funcinfo += methodParamInfos[0].ParameterType.Name + " " + methodParamInfos[0].Name; } for (int j = 1; j < methodParamInfos.Length; j++) { funcinfo += ", " + methodParamInfos[j].ParameterType.Name + " " + methodParamInfos[j].Name; } funcinfo += ")"; if (methodParamInfos.Length != parsedArguments.Count) { throw new AjaxException("Method expects " + methodParamInfos.Length + " argument(s) but instead received " + (parsedArguments.Count) + ". Expected format is:\n" + funcinfo); } // create the parameter array and convert each supplied value to its native type object[] prmValuesForMethod = new object[methodParamInfos.Length]; for (int i = 0; i < prmValuesForMethod.Length; i++) { Type t = methodParamInfos[i].ParameterType; try { if (parsedArguments[i] == null) { prmValuesForMethod[i] = null; } else if (t.Name == "Object") { prmValuesForMethod[i] = parsedArguments[i]; } else if (t.Name == "DateTime") { prmValuesForMethod[i] = DateTime.Parse(parsedArguments[i].ToString()); } else if (t.IsArray || t.IsSubclassOf(typeof(IList))) { int elementCount = ((List <object>)parsedArguments[i]).Count; Type arrType = t.GetElementType().MakeArrayType(elementCount); object arr = Array.CreateInstance(t.GetElementType(), ((List <object>)parsedArguments[i]).Count); for (int k = 0; k < ((IList <object>)parsedArguments[i]).Count; k++) { ((IList)arr)[k] = ((IList <object>)parsedArguments[i])[k]; } prmValuesForMethod[i] = arr; } else if (t.GetInterface("IJSONReader") != null) { object obj = Activator.CreateInstance(t); ((IJSONReader)obj).LoadJSON(parsedArguments[i]); prmValuesForMethod[i] = obj; } else if (t.IsAssignableFrom(typeof(Guid)) || t.IsAssignableFrom(typeof(Guid?))) { prmValuesForMethod[i] = parsedArguments[i] == null ? (Guid?)null : new Guid(parsedArguments[i].ToString()); } else if (t.IsAssignableFrom(typeof(long)) || t.IsAssignableFrom(typeof(long?))) { prmValuesForMethod[i] = parsedArguments[i] == null ? (long?)null : long.Parse(parsedArguments[i].ToString()); } else { prmValuesForMethod[i] = Convert.ChangeType(parsedArguments[i], t); } } catch (Exception ex) { string err = "Error converting parameter {0} to type {1}. Expected format is:\n{2}\nReceived Value:\n{3}\nException message:\n{4}"; throw new AjaxException(string.Format(err, i, methodParamInfos[i].ParameterType.Name, funcinfo, parsedArguments[i], ex)); } } // invoke the method if (info.ReturnType == typeof(void)) { info.Invoke(module, prmValuesForMethod); } else { object returnVal = info.Invoke(module, prmValuesForMethod); responseData["Data"] = returnVal; } //context.Response.Write(JSON.Encode(responseData)); } catch (Exception e) { if (!(e is AjaxUserMessageException) && SprocketSettings.GetBooleanValue("CatchExceptions")) { if (e.InnerException != null) { throw e.InnerException; } throw e; } else if (e.InnerException != null) { e = e.InnerException; } responseData["__error"] = e; responseData["__exceptionType"] = e.GetType().FullName; } if (!responseData.ContainsKey("Data")) { responseData["Data"] = null; } //responseData["__timeStamp"] = pageTimeStamp.Ticks; context.Response.Write(JSON.Encode(responseData)); }
void WebEvents_OnLoadRequestedPath(HandleFlag handled) { if (handled.Handled) { return; } if (!IsAdminRequest) { return; } PageEntry page = pages.FromPath(SprocketPath.Value); if (page == null) { return; } KeyValuePair <string, object>[] vars; if (!SprocketPath.StartsWith("admin", "login")) { if (!WebAuthentication.VerifyAccess(PermissionType.AccessAdminArea)) { WebUtility.Redirect("admin/login"); return; } AdminInterface admin = new AdminInterface(); WebClientScripts scripts = WebClientScripts.Instance; admin.AddMainMenuLink(new AdminMenuLink("Website Home", WebUtility.MakeFullPath(""), ObjectRank.Last, "website_home")); admin.AddMainMenuLink(new AdminMenuLink("Overview", WebUtility.MakeFullPath("admin"), ObjectRank.First, "website_overview")); admin.AddMainMenuLink(new AdminMenuLink("Log Out", WebUtility.MakeFullPath("admin/logout"), ObjectRank.Last, "log_out")); admin.AddFooterLink(new AdminMenuLink("Log Out", WebUtility.MakeFullPath("admin/logout"), ObjectRank.Early)); admin.AddFooterLink(new AdminMenuLink("© 2005-" + DateTime.UtcNow.Year + " " + SprocketSettings.GetValue("WebsiteName"), "", ObjectRank.Late)); admin.AddFooterLink(new AdminMenuLink("Powered by Sprocket", "http://www.sprocketcms.com", ObjectRank.Last)); admin.AddHeadSection(new AdminSection(scripts.BuildStandardScriptsBlock(), ObjectRank.Late)); admin.WebsiteName = GetWebsiteName(); if (OnLoadAdminPage != null) { OnLoadAdminPage(admin, page, handled); if (handled.Handled) { return; } } vars = admin.GetScriptVariables(); } else { vars = new KeyValuePair <string, object> [1]; vars[0] = new KeyValuePair <string, object>("_admin_websitename", GetWebsiteName()); } ContentManager.RequestedPage = page; if (pagePreProcessors.ContainsKey(page.PageCode)) { foreach (PagePreprocessorHandler method in pagePreProcessors[page.PageCode]) { method(page); } } string txt = page.Render(vars); Response.ContentType = page.ContentType; Response.Write(txt); handled.Set(); }