authorize.inc 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334
  1. <?php
  2. /**
  3. * @file
  4. * Helper functions and form handlers used for the authorize.php script.
  5. */
  6. /**
  7. * Form constructor for the file transfer authorization form.
  8. *
  9. * Allows the user to choose a FileTransfer type and supply credentials.
  10. *
  11. * @see authorize_filetransfer_form_validate()
  12. * @see authorize_filetransfer_form_submit()
  13. * @ingroup forms
  14. */
  15. function authorize_filetransfer_form($form, &$form_state) {
  16. global $base_url, $is_https;
  17. $form = array();
  18. // If possible, we want to post this form securely via HTTPS.
  19. $form['#https'] = TRUE;
  20. // CSS we depend on lives in modules/system/maintenance.css, which is loaded
  21. // via the default maintenance theme.
  22. $form['#attached']['js'][] = $base_url . '/misc/authorize.js';
  23. // Get all the available ways to transfer files.
  24. if (empty($_SESSION['authorize_filetransfer_info'])) {
  25. drupal_set_message(t('Unable to continue, no available methods of file transfer'), 'error');
  26. return array();
  27. }
  28. $available_backends = $_SESSION['authorize_filetransfer_info'];
  29. if (!$is_https) {
  30. $form['information']['https_warning'] = array(
  31. '#prefix' => '<div class="messages error">',
  32. '#markup' => t('WARNING: You are not using an encrypted connection, so your password will be sent in plain text. <a href="@https-link">Learn more</a>.', array('@https-link' => 'http://drupal.org/https-information')),
  33. '#suffix' => '</div>',
  34. );
  35. }
  36. // Decide on a default backend.
  37. if (isset($form_state['values']['connection_settings']['authorize_filetransfer_default'])) {
  38. $authorize_filetransfer_default = $form_state['values']['connection_settings']['authorize_filetransfer_default'];
  39. }
  40. elseif ($authorize_filetransfer_default = variable_get('authorize_filetransfer_default', NULL));
  41. else {
  42. $authorize_filetransfer_default = key($available_backends);
  43. }
  44. $form['information']['main_header'] = array(
  45. '#prefix' => '<h3>',
  46. '#markup' => t('To continue, provide your server connection details'),
  47. '#suffix' => '</h3>',
  48. );
  49. $form['connection_settings']['#tree'] = TRUE;
  50. $form['connection_settings']['authorize_filetransfer_default'] = array(
  51. '#type' => 'select',
  52. '#title' => t('Connection method'),
  53. '#default_value' => $authorize_filetransfer_default,
  54. '#weight' => -10,
  55. );
  56. /*
  57. * Here we create two submit buttons. For a JS enabled client, they will
  58. * only ever see submit_process. However, if a client doesn't have JS
  59. * enabled, they will see submit_connection on the first form (when picking
  60. * what filetransfer type to use, and submit_process on the second one (which
  61. * leads to the actual operation).
  62. */
  63. $form['submit_connection'] = array(
  64. '#prefix' => "<br style='clear:both'/>",
  65. '#name' => 'enter_connection_settings',
  66. '#type' => 'submit',
  67. '#value' => t('Enter connection settings'),
  68. '#weight' => 100,
  69. );
  70. $form['submit_process'] = array(
  71. '#name' => 'process_updates',
  72. '#type' => 'submit',
  73. '#value' => t('Continue'),
  74. '#weight' => 100,
  75. '#attributes' => array('style' => 'display:none'),
  76. );
  77. // Build a container for each connection type.
  78. foreach ($available_backends as $name => $backend) {
  79. $form['connection_settings']['authorize_filetransfer_default']['#options'][$name] = $backend['title'];
  80. $form['connection_settings'][$name] = array(
  81. '#type' => 'container',
  82. '#attributes' => array('class' => array("filetransfer-$name", 'filetransfer')),
  83. );
  84. // We can't use #prefix on the container itself since then the header won't
  85. // be hidden and shown when the containers are being manipulated via JS.
  86. $form['connection_settings'][$name]['header'] = array(
  87. '#markup' => '<h4>' . t('@backend connection settings', array('@backend' => $backend['title'])) . '</h4>',
  88. );
  89. $form['connection_settings'][$name] += _authorize_filetransfer_connection_settings($name);
  90. // Start non-JS code.
  91. if (isset($form_state['values']['connection_settings']['authorize_filetransfer_default']) && $form_state['values']['connection_settings']['authorize_filetransfer_default'] == $name) {
  92. // If the user switches from JS to non-JS, Drupal (and Batch API) will
  93. // barf. This is a known bug: http://drupal.org/node/229825.
  94. setcookie('has_js', '', time() - 3600, '/');
  95. unset($_COOKIE['has_js']);
  96. // Change the submit button to the submit_process one.
  97. $form['submit_process']['#attributes'] = array();
  98. unset($form['submit_connection']);
  99. // Activate the proper filetransfer settings form.
  100. $form['connection_settings'][$name]['#attributes']['style'] = 'display:block';
  101. // Disable the select box.
  102. $form['connection_settings']['authorize_filetransfer_default']['#disabled'] = TRUE;
  103. // Create a button for changing the type of connection.
  104. $form['connection_settings']['change_connection_type'] = array(
  105. '#name' => 'change_connection_type',
  106. '#type' => 'submit',
  107. '#value' => t('Change connection type'),
  108. '#weight' => -5,
  109. '#attributes' => array('class' => array('filetransfer-change-connection-type')),
  110. );
  111. }
  112. // End non-JS code.
  113. }
  114. return $form;
  115. }
  116. /**
  117. * Generates the Form API array for a given connection backend's settings.
  118. *
  119. * @param $backend
  120. * The name of the backend (e.g. 'ftp', 'ssh', etc).
  121. *
  122. * @return
  123. * Form API array of connection settings for the given backend.
  124. *
  125. * @see hook_filetransfer_backends()
  126. */
  127. function _authorize_filetransfer_connection_settings($backend) {
  128. $defaults = variable_get('authorize_filetransfer_connection_settings_' . $backend, array());
  129. $form = array();
  130. // Create an instance of the file transfer class to get its settings form.
  131. $filetransfer = authorize_get_filetransfer($backend);
  132. if ($filetransfer) {
  133. $form = $filetransfer->getSettingsForm();
  134. }
  135. // Fill in the defaults based on the saved settings, if any.
  136. _authorize_filetransfer_connection_settings_set_defaults($form, NULL, $defaults);
  137. return $form;
  138. }
  139. /**
  140. * Sets the default settings on a file transfer connection form recursively.
  141. *
  142. * The default settings for the file transfer connection forms are saved in
  143. * the database. The settings are stored as a nested array in the case of a
  144. * settings form that has fieldsets or otherwise uses a nested structure.
  145. * Therefore, to properly add defaults, we need to walk through all the
  146. * children form elements and process those defaults recursively.
  147. *
  148. * @param $element
  149. * Reference to the Form API form element we're operating on.
  150. * @param $key
  151. * The key for our current form element, if any.
  152. * @param array $defaults
  153. * The default settings for the file transfer backend we're operating on.
  154. */
  155. function _authorize_filetransfer_connection_settings_set_defaults(&$element, $key, array $defaults) {
  156. // If we're operating on a form element which isn't a fieldset, and we have
  157. // a default setting saved, stash it in #default_value.
  158. if (!empty($key) && isset($defaults[$key]) && isset($element['#type']) && $element['#type'] != 'fieldset') {
  159. $element['#default_value'] = $defaults[$key];
  160. }
  161. // Now, we walk through all the child elements, and recursively invoke
  162. // ourself on each one. Since the $defaults settings array can be nested
  163. // (because of #tree, any values inside fieldsets will be nested), if
  164. // there's a subarray of settings for the form key we're currently
  165. // processing, pass in that subarray to the recursive call. Otherwise, just
  166. // pass on the whole $defaults array.
  167. foreach (element_children($element) as $child_key) {
  168. _authorize_filetransfer_connection_settings_set_defaults($element[$child_key], $child_key, ((isset($defaults[$key]) && is_array($defaults[$key])) ? $defaults[$key] : $defaults));
  169. }
  170. }
  171. /**
  172. * Form validation handler for authorize_filetransfer_form().
  173. *
  174. * @see authorize_filetransfer_form()
  175. * @see authorize_filetransfer_submit()
  176. */
  177. function authorize_filetransfer_form_validate($form, &$form_state) {
  178. // Only validate the form if we have collected all of the user input and are
  179. // ready to proceed with updating or installing.
  180. if ($form_state['triggering_element']['#name'] != 'process_updates') {
  181. return;
  182. }
  183. if (isset($form_state['values']['connection_settings'])) {
  184. $backend = $form_state['values']['connection_settings']['authorize_filetransfer_default'];
  185. $filetransfer = authorize_get_filetransfer($backend, $form_state['values']['connection_settings'][$backend]);
  186. try {
  187. if (!$filetransfer) {
  188. throw new Exception(t('Error, this type of connection protocol (%backend) does not exist.', array('%backend' => $backend)));
  189. }
  190. $filetransfer->connect();
  191. }
  192. catch (Exception $e) {
  193. // The format of this error message is similar to that used on the
  194. // database connection form in the installer.
  195. form_set_error('connection_settings', t('Failed to connect to the server. The server reports the following message: !message For more help installing or updating code on your server, see the <a href="@handbook_url">handbook</a>.', array(
  196. '!message' => '<p class="error">' . $e->getMessage() . '</p>',
  197. '@handbook_url' => 'http://drupal.org/documentation/install/modules-themes',
  198. )));
  199. }
  200. }
  201. }
  202. /**
  203. * Form submission handler for authorize_filetransfer_form().
  204. *
  205. * @see authorize_filetransfer_form()
  206. * @see authorize_filetransfer_validate()
  207. */
  208. function authorize_filetransfer_form_submit($form, &$form_state) {
  209. global $base_url;
  210. switch ($form_state['triggering_element']['#name']) {
  211. case 'process_updates':
  212. // Save the connection settings to the DB.
  213. $filetransfer_backend = $form_state['values']['connection_settings']['authorize_filetransfer_default'];
  214. // If the database is available then try to save our settings. We have
  215. // to make sure it is available since this code could potentially (will
  216. // likely) be called during the installation process, before the
  217. // database is set up.
  218. try {
  219. $connection_settings = array();
  220. foreach ($form_state['values']['connection_settings'][$filetransfer_backend] as $key => $value) {
  221. // We do *not* want to store passwords in the database, unless the
  222. // backend explicitly says so via the magic #filetransfer_save form
  223. // property. Otherwise, we store everything that's not explicitly
  224. // marked with #filetransfer_save set to FALSE.
  225. if (!isset($form['connection_settings'][$filetransfer_backend][$key]['#filetransfer_save'])) {
  226. if ($form['connection_settings'][$filetransfer_backend][$key]['#type'] != 'password') {
  227. $connection_settings[$key] = $value;
  228. }
  229. }
  230. // The attribute is defined, so only save if set to TRUE.
  231. elseif ($form['connection_settings'][$filetransfer_backend][$key]['#filetransfer_save']) {
  232. $connection_settings[$key] = $value;
  233. }
  234. }
  235. // Set this one as the default authorize method.
  236. variable_set('authorize_filetransfer_default', $filetransfer_backend);
  237. // Save the connection settings minus the password.
  238. variable_set('authorize_filetransfer_connection_settings_' . $filetransfer_backend, $connection_settings);
  239. $filetransfer = authorize_get_filetransfer($filetransfer_backend, $form_state['values']['connection_settings'][$filetransfer_backend]);
  240. // Now run the operation.
  241. authorize_run_operation($filetransfer);
  242. }
  243. catch (Exception $e) {
  244. // If there is no database available, we don't care and just skip
  245. // this part entirely.
  246. }
  247. break;
  248. case 'enter_connection_settings':
  249. $form_state['rebuild'] = TRUE;
  250. break;
  251. case 'change_connection_type':
  252. $form_state['rebuild'] = TRUE;
  253. unset($form_state['values']['connection_settings']['authorize_filetransfer_default']);
  254. break;
  255. }
  256. }
  257. /**
  258. * Runs the operation specified in $_SESSION['authorize_operation'].
  259. *
  260. * @param $filetransfer
  261. * The FileTransfer object to use for running the operation.
  262. */
  263. function authorize_run_operation($filetransfer) {
  264. $operation = $_SESSION['authorize_operation'];
  265. unset($_SESSION['authorize_operation']);
  266. if (!empty($operation['page_title'])) {
  267. drupal_set_title($operation['page_title']);
  268. }
  269. require_once DRUPAL_ROOT . '/' . $operation['file'];
  270. call_user_func_array($operation['callback'], array_merge(array($filetransfer), $operation['arguments']));
  271. }
  272. /**
  273. * Gets a FileTransfer class for a specific transfer method and settings.
  274. *
  275. * @param $backend
  276. * The FileTransfer backend to get the class for.
  277. * @param $settings
  278. * Array of settings for the FileTransfer.
  279. *
  280. * @return
  281. * An instantiated FileTransfer object for the requested method and settings,
  282. * or FALSE if there was an error finding or instantiating it.
  283. */
  284. function authorize_get_filetransfer($backend, $settings = array()) {
  285. $filetransfer = FALSE;
  286. if (!empty($_SESSION['authorize_filetransfer_info'][$backend])) {
  287. $backend_info = $_SESSION['authorize_filetransfer_info'][$backend];
  288. if (!empty($backend_info['file'])) {
  289. $file = $backend_info['file path'] . '/' . $backend_info['file'];
  290. require_once $file;
  291. }
  292. if (class_exists($backend_info['class'])) {
  293. // PHP 5.2 doesn't support $class::factory() syntax, so we have to
  294. // use call_user_func_array() until we can require PHP 5.3.
  295. $filetransfer = call_user_func_array(array($backend_info['class'], 'factory'), array(DRUPAL_ROOT, $settings));
  296. }
  297. }
  298. return $filetransfer;
  299. }