Symfony Profiler

<?php
namespace ApplicationBundle\Listener;
use ApplicationBundle\Interfaces\LoginInterface;
use ApplicationBundle\Interfaces\SessionCheckInterface;
use ApplicationBundle\Interfaces\SystemInterface;
use ApplicationBundle\Modules\Authentication\Constants\UserConstants;
use ApplicationBundle\Modules\System\MiscActions;
use ApplicationBundle\Modules\System\System;
use Symfony\Component\HttpFoundation\Cookie;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpKernel\Event\FilterControllerEvent;
use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
use Symfony\Component\HttpKernel\Event\ExceptionEvent;
use Symfony\Component\HttpFoundation\JsonResponse;
class SessionListener
{
public $secretKey = "";
private $em;
private $em_goc;
private $dm;
private $router;
private $session;
private $resolver;
private $applicationConnector;
private $kernelRootDir;
private $container;
protected $urlEncryptor;
public function __construct($kernelRootDir, $container, $resolver, $applicationConnector, $router, $session, $db_credentials, $db_credentials_company_group, $secret, \Nzo\UrlEncryptorBundle\UrlEncryptor\UrlEncryptor $urlEncryptor)
{
$this->secretKey = $secret;
$this->em = $db_credentials;
$this->em_goc = $db_credentials_company_group;
// $this->dm=$odm_credentials;
$this->router = $router;
$this->resolver = $resolver;
$this->container = $container;
$this->applicationConnector = $applicationConnector;
$this->kernelRootDir = $kernelRootDir;
$this->session = $session;
$this->urlEncryptor = $urlEncryptor;
}
public function onKernelController(FilterControllerEvent $event)
{
$controller = $event->getController();
/*
* $controller passed can be either a class or a Closure.
* This is not usual in Symfony but it may happen.
* If it is a class, it comes in array format
*/
if (!is_array($controller)) {
return;
}
$hbeeErrorCode = UserConstants::ERROR_USER_EXISTS_ALREADY;
$request = $event->getRequest();
$devAdminMode = '_UNCHANGED_';
if ($request->request->has('devAdminOn') || $request->query->has('devAdminOn')) {
$devAdminMode = $request->request->has('devAdminOn') ? $request->request->get('devAdminOn') : $request->query->get('devAdminOn');
}
// if ($request->request->has('devAdminOff')|| $request->query->has('devAdminOff')) {
// $devAdminMode=0;
//
// }
$permissionOverride = 0;
if ($request->query->has('OVP'))
$permissionOverride = 1;
$authTokenInHeader = $event->getRequest()->headers->get('auth-token');
if ($authTokenInHeader) {
$request->request->set('hbeeSessionToken', $authTokenInHeader);
}
if ($request->query->has('tvp')) {
$tvp = json_decode($this->urlEncryptor->decrypt($request->query->get('tvp')), true);
$request->request->set('TVP', json_encode($tvp));
if (isset($tvp['timeout'])) {
$currentDateTime = new \DateTime();
$currTs = $currentDateTime->format('U');
if ($tvp['timeout'] > $currTs || $tvp['timeout'] == 0) {
if (isset($tvp['token']))
$request->request->set('hbeeSessionToken', $tvp['token']);
} else {
$url = $this->router->generate('permission_denied_page');
$event->setController(function () use ($url) {
return new RedirectResponse($url);
});
}
}
}
//check if mobile
$session = $this->session;
if (empty($session->get('appValiditySeconds'))) { //how many sevonds is valid
$session->set('appValiditySeconds', '_UNSET_');
}
if (empty($session->get('devAdminMode'))) { //how many sevonds is valid
$session->set('devAdminMode', 0);
}
if ($devAdminMode != '_UNCHANGED_')
$session->set('devAdminMode', $devAdminMode);
$to_set_session_data = [];
$CurrentRoute = $event->getRequest()->attributes->get('_route');
if ($CurrentRoute == 'switch_app' || $CurrentRoute == 'app_switch_app_api') {
if ($request->query->has('hbeeSessionToken')) {
$em_goc = $this->em_goc;
$to_set_session_data = MiscActions::GetSessionDataFromToken($em_goc, $request->query->get('hbeeSessionToken'))['sessionData'];
if ($to_set_session_data != null) {
foreach ($to_set_session_data as $k => $d) {
//check if mobile
$session->set($k, $d);
}
} else {
$hbeeErrorCode = UserConstants::ERROR_TOKEN_EXPIRED;
}
} else {
$url = $this->router->generate('user_login');
if ($CurrentRoute == 'app_switch_app_api')
$url .= ("?csToken=" . $request->query->get('csToken', '') . "&spd=" . $request->query->get('spd', '') . "&remoteVerify=1");
else
$url .= ("?csToken=" . $request->query->get('csToken', '') . "&spd=" . $request->query->get('spd', '') . "&remoteVerify=" . $request->query->get('remoteVerify', 0));
$session->clear();
$session->set('CLEARLOGIN', 1);
$event->setController(function () use ($url) {
return new RedirectResponse($url);
});
}
}
// if ($CurrentRoute == 'select_second_layer_api' ) {
//
// if ($request->query->has('hbeeSessionToken')) {
//
// $em_goc = $this->em_goc;
//
//
// $to_set_session_data = MiscActions::GetSessionDataFromToken($em_goc, $request->query->get('hbeeSessionToken'))['sessionData'];
// if ($to_set_session_data != null) {
// foreach ($to_set_session_data as $k => $d) {
//
// //check if mobile
// $session->set($k, $d);
// }
//
// } else {
// $hbeeErrorCode = UserConstants::ERROR_TOKEN_EXPIRED;
// }
//
// } else {
//
//
// }
// }
if (!$session->has(UserConstants::USER_ID)) {
if ($request->request->has('token')) {
$em_goc = $this->em_goc;
$to_set_session_data = MiscActions::GetSessionDataFromToken($em_goc, $request->request->get('token'))['sessionData'];
if ($to_set_session_data != null) {
foreach ($to_set_session_data as $k => $d) {
//check if mobile
$session->set($k, $d);
}
} else {
$hbeeErrorCode = UserConstants::ERROR_TOKEN_EXPIRED;
}
} else if ($request->request->has('hbeeSessionToken')) {
$em_goc = $this->em_goc;
$to_set_session_data = MiscActions::GetSessionDataFromToken($em_goc, $request->request->get('hbeeSessionToken'))['sessionData'];
if ($to_set_session_data != null) {
foreach ($to_set_session_data as $k => $d) {
//check if mobile
$session->set($k, $d);
}
} else {
$hbeeErrorCode = UserConstants::ERROR_TOKEN_EXPIRED;
}
} else if ($request->query->has('hbeeSessionToken')) {
$em_goc = $this->em_goc;
$to_set_session_data = MiscActions::GetSessionDataFromToken($em_goc, $request->query->get('hbeeSessionToken'))['sessionData'];
if ($to_set_session_data != null) {
foreach ($to_set_session_data as $k => $d) {
//check if mobile
$session->set($k, $d);
}
} else {
$hbeeErrorCode = UserConstants::ERROR_TOKEN_EXPIRED;
}
} else if ($request->request->has('sessionData')) {
$to_set_session_data = $request->request->get('sessionData');
foreach ($to_set_session_data as $k => $d) {
//check if mobile
$session->set($k, $d);
}
} else if ($request->request->has('sessionDataString')) {
$to_set_session_data = json_decode($request->request->get('sessionDataString'), true);
if ($to_set_session_data != null) {
foreach ($to_set_session_data as $k => $d) {
//check if mobile
$session->set($k, $d);
}
}
}
if ($request->query->has('iFrameData')) {
$session->set(UserConstants::USER_ID, $request->query->get('uId'));
$session->set(UserConstants::USER_NAME, $request->query->get('uName'));
$session->set(UserConstants::USER_LOGIN_ID, $request->query->get('loginId'));
$session->set(UserConstants::APPLICATION_SECRET, $request->query->get('sKey'));
$session->set(UserConstants::USER_GOC_ID, $request->query->get('gocId'));
$session->set(UserConstants::USER_DB_NAME, $request->query->get('gocDb'));
$session->set(UserConstants::USER_DB_USER, $request->query->get('gocUsr'));
$session->set(UserConstants::USER_DB_PASS, $request->query->get('gocPass'));
$session->set(UserConstants::USER_DB_HOST, $request->query->get('gocDh'));
$session->set(UserConstants::USER_TYPE, $request->query->get('uType'));
$session->set(UserConstants::USER_CURRENT_POSITION, $request->query->get('currPos'));
$session->set(UserConstants::USER_COMPANY_ID, $request->query->get('cmpId'));
$session->set(UserConstants::USER_APP_ID, $request->query->get('uAId'));
$session->set(UserConstants::USER_IMAGE, "");
$session->set('productNameDisplayType', 0);
$cmpImg = $request->query->get('cmpIm');
$cmpName = $request->query->get('cmpN');
$app_cid = $request->query->get('uAId') . "_" . $request->query->get('cmpId');
$cid = $request->query->get('cmpId');
$session->set('userCompanyDarkVibrantList', json_encode(array(
$cid => ""
)));
$cmpNameListStr = json_encode(array(
$cid => $cmpName
));
$cmpImageListStr = json_encode(array(
$cid => $cmpImg
));
$session->set(UserConstants::USER_COMPANY_NAME_LIST, $cmpNameListStr);
$session->set(UserConstants::USER_COMPANY_IMAGE_LIST, $cmpImageListStr);
$session->set(UserConstants::USER_PROHIBIT_LIST, "[]");
$session->set(UserConstants::ALL_MODULE_ACCESS_FLAG, 1);
}
}
// $path=$this->kernelRootDir. '/gifnoc/invdata.json';
// file_put_contents($path, json_encode(array(
// 'sessionDataString'=>$request->request->get('sessionDataString'),
// 'productCode'=>$request->request->get('productCode'),
// 'userId'=>$session->get(UserConstants::USER_ID),
// 'sessionData'=>json_decode($request->request->get('sessionDataString'),true),
// 'to_set_session_data'=>$to_set_session_data,
//// 'invData'=>$data_searched,
//
// )));//overwrite
if (!$session->has('isMobile')) {
// if
$useragent = $event->getRequest()->headers->get('User-Agent');
if (!$useragent) {
return false;
}
$isMobile = (
preg_match('/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|mobile.+firefox|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows ce|xda|xiino/i', $useragent) ||
preg_match('/1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-/i', substr($useragent, 0, 4))
);
$session->set('isMobile', $isMobile);
}
if ($controller[0] instanceof SessionCheckInterface) {
if (!empty($session->get(UserConstants::USER_ID))) {
if ($session->get(UserConstants::APPLICATION_SECRET) == $this->secretKey) {
//if session check variable is more than 1 hour from now, update app validity but if already disabled then check on every call
$lastCheckDateTime = null;
$appValid = 1;
$currentDateTime = new \DateTime();
$currentTime = strtotime($currentDateTime->format('Y-m-d h:i:s'));
$appIsValidTillTime = $currentTime;
$appIsValidTillDateTime = $currentDateTime;
// $session->set('appIsValidTillTime', $appIsValidTillDateTime->format('Y-m-d h:i:s'));
if (!empty($session->get('lastCheckAppValidityTime'))) {
$lastCheckDateTime = strtotime($session->get('lastCheckAppValidityTime'));
} else {
$lastCheckDateTime = strtotime('2022-01-01 00:00:00');
}
if (!empty($session->get('appIsValidTillTime'))) {
$appIsValidTillTime = strtotime($session->get('appIsValidTillTime'));
$appIsValidTillDateTime = new \DateTime($session->get('appIsValidTillTime'));
} else {
// $appIsValidTillTime=$currentDateTime;
// $session->set('appIsValidTillTime', $appIsValidTillTime->format('Y-m-d h:i:s'));
}
if (!empty($session->get('appValid'))) {
$appValid = $session->get('appValid');
}
$secondsTillLastCheck = abs($currentTime - $lastCheckDateTime);
// $session->set('secondsTillLastCheck',$secondsTillLastCheck);
// $session->set('lastCheckAppValiditySecond', abs($currentTime - $lastCheckDateTime));
if ($secondsTillLastCheck > 7200 || $appValid == 0) {
$appValiditySeconds = $session->get('appValiditySeconds');
$appDataJson = System::getAppDataByCurl();
// $session->set('appDataJson',$appDataJson);
$appData = json_decode($appDataJson, true);
// $appIsValidTillTime=$currentDateTime;
if ($appData == null)
$appData = [];
if (isset($appData[$session->get(UserConstants::USER_APP_ID)])) {
$session->set('appDataCurl', $appData[$session->get(UserConstants::USER_APP_ID)]);
if ($appData[$session->get(UserConstants::USER_APP_ID)]['expired'] == 1) {
$appValid = 0;
$appValiditySeconds = 0;
} else {
$appIsValidTillTime = strtotime($appData[$session->get(UserConstants::USER_APP_ID)]['suspensionDate']);
$appIsValidTillDateTime = new \DateTime($appData[$session->get(UserConstants::USER_APP_ID)]['suspensionDate']);
$appValiditySeconds = $appIsValidTillTime - $currentTime;
if ($appValiditySeconds < 0)
$appValid = 0;
else
$appValid = 1;
}
} else {
}
$session->set('appValiditySeconds', $appValiditySeconds);
$session->set('appIsValidTillTime', $appIsValidTillDateTime->format('Y-m-d h:i:s'));
$session->set('lastCheckAppValidityTime', $currentDateTime->format('Y-m-d h:i:s'));
$session->set('appValid', $appValid);
}
$session->set('appIsValidTillTime', $appIsValidTillDateTime->format('Y-m-d h:i:s'));
if ($appValid != 1) {
$url = $this->router->generate('user_logout');
if (strripos($request->server->get('REQUEST_URI'), 'select_data') === false) {
if ($request->server->get('REQUEST_URI') != '/' && $request->server->get('REQUEST_URI') != '') {
$session->set('LAST_REQUEST_URI_BEFORE_LOGIN', $request->server->get('REQUEST_URI'));
}
} else {
$session->set('LAST_REQUEST_URI_BEFORE_LOGIN', '');
}
// if ($request->server->has("REQUEST_URI")) {
// if ($request->server->get('REQUEST_URI') != '/' && $request->server->get('REQUEST_URI') != '') {
//// return $this->redirect($request->request->get('HTTP_REFERER'));
// $session->set('LAST_REQUEST_URI_BEFORE_LOGIN', $request->server->get('REQUEST_URI'));
// }
// }
// $request->headers->setCookie(Cookie::create('CLEARLOGINCOOKIE', 1));
$event->setController(function () use ($url) {
return new RedirectResponse($url);
});
}
$gocId = $session->get(UserConstants::USER_GOC_ID);
if ($gocId != 0 && $gocId != "") {
$gocDbName = $session->get(UserConstants::USER_DB_NAME);
$gocDbUser = $session->get(UserConstants::USER_DB_USER);
$gocDbPass = $session->get(UserConstants::USER_DB_PASS);
$gocDbHost = $session->get(UserConstants::USER_DB_HOST);
// $connector = $this->container->get('application_connector');
$connector = $this->applicationConnector;
$connector->resetConnection(
'default',
$gocDbName,
$gocDbUser,
$gocDbPass,
$gocDbHost,
$reset = false);
}
// User already have logged in. lets check its type
if (
$session->get(UserConstants::USER_TYPE) == UserConstants::USER_TYPE_SYSTEM ||
$session->get(UserConstants::USER_TYPE) == UserConstants::USER_TYPE_GENERAL ||
$session->get(UserConstants::USER_TYPE) == UserConstants::USER_TYPE_SUPPLIER ||
$session->get(UserConstants::USER_TYPE) == UserConstants::USER_TYPE_ENTITY_USER_GENERAL_USER ||
$session->get(UserConstants::USER_TYPE) == UserConstants::USER_TYPE_ENTITY_USER_GROUP_OWNER ||
$session->get(UserConstants::USER_TYPE) == UserConstants::USER_TYPE_CLIENT ||
$session->get(UserConstants::USER_TYPE) == UserConstants::USER_TYPE_APPLICANT
) {
if (!empty($session->get('TRIGGER_RESET_PASSWORD')) || $session->get('IS_EMAIL_VERIFIED', 0) == 0) {
if (!empty($session->get('TRIGGER_RESET_PASSWORD'))) {
if ($session->get('TRIGGER_RESET_PASSWORD') == 1 && !$authTokenInHeader) {
$red = $this->router->generate('reset_password_new_password');
if (!$request->request->has('remoteVerify')) {
$session->set('TRIGGER_RESET_PASSWORD', 0);
$event->setController(function () use ($red) {
return new RedirectResponse($red);
});
}
}
}
if ($session->get('IS_EMAIL_VERIFIED') == 0 && !$authTokenInHeader) {
$red = $this->router->generate('verify_email');
if (!$request->request->has('remoteVerify')) {
$event->setController(function () use ($red) {
return new RedirectResponse($red);
});
}
}
} else if (!empty($session->get('LAST_REQUEST_URI_BEFORE_LOGIN'))) {
if (strripos($session->get('LAST_REQUEST_URI_BEFORE_LOGIN'), 'select_data') === false) {
if ($session->get('LAST_REQUEST_URI_BEFORE_LOGIN') != '' && $session->get('LAST_REQUEST_URI_BEFORE_LOGIN') != null) {
$red = $session->get('LAST_REQUEST_URI_BEFORE_LOGIN');
$session->set('LAST_REQUEST_URI_BEFORE_LOGIN', '');
if (!$request->request->has('remoteVerify')) {
$event->setController(function () use ($red) {
return new RedirectResponse($red);
});
}
}
} else {
$session->set('LAST_REQUEST_URI_BEFORE_LOGIN', '');
}
}
} else {
$message = "Session Not Found";
if ($request->request->has('remoteVerify') || $request->request->has('returnJson') || $request->query->has('returnJson')) {
} else {
if ($request->server->has("REQUEST_URI")) {
if (strripos($request->server->get('REQUEST_URI'), 'select_data') === false) {
if ($request->server->get('REQUEST_URI') != '/' && $request->server->get('REQUEST_URI') != '') {
$session->set('LAST_REQUEST_URI_BEFORE_LOGIN', $request->server->get('REQUEST_URI'));
}
} else {
$session->set('LAST_REQUEST_URI_BEFORE_LOGIN', '');
}
}
}
if ($request->request->has('remoteVerify') || $request->request->has('returnJson') || $request->query->has('returnJson')) {
$session->set('jsonStrForListenerData', json_encode(array(
'uid' => 0,
'session' => [],
'success' => false,
'sessionExists' => false,
'hbeeErrorCode' => $hbeeErrorCode,
'errorStr' => $message,
'session_data' => [],
// 'session2' => $_SESSION,
)));
$url = $this->router->generate('return_json_for_listener');
// $request->headers->setCookie(Cookie::create('CLEARLOGINCOOKIE', 1));
$event->getRequest()->attributes->set('_controller', 'ApplicationBundle:PublicPages:ReturnJsonForListener');
$event->setController($this->resolver->getController($request));
// $event->setController(function () use ($url) {
// return new RedirectResponse($url);
// });
} else {
$url = $this->router->generate('user_logout');
$event->setController(function () use ($url) {
return new RedirectResponse($url);
});
}
}
} else {
$message = "Session Not Found";
if ($request->request->has('remoteVerify') || $request->request->has('returnJson') || $request->query->has('returnJson')) {
} else {
if ($request->server->has("REQUEST_URI")) {
if (strripos($request->server->get('REQUEST_URI'), 'select_data') === false) {
if ($request->server->get('REQUEST_URI') != '/' && $request->server->get('REQUEST_URI') != '') {
$session->set('LAST_REQUEST_URI_BEFORE_LOGIN', $request->server->get('REQUEST_URI'));
}
} else {
$session->set('LAST_REQUEST_URI_BEFORE_LOGIN', '');
}
// if ($request->server->get('REQUEST_URI') != '/' && $request->server->get('REQUEST_URI') != '') {
//// return $this->redirect($request->request->get('HTTP_REFERER'));
// $session->set('LAST_REQUEST_URI_BEFORE_LOGIN', $request->server->get('REQUEST_URI'));
// }
}
}
if ($request->request->has('remoteVerify') || $request->request->has('returnJson') || $request->query->has('returnJson')) {
$session->set('jsonStrForListenerData', json_encode(array(
'uid' => 0,
'session' => [],
'success' => false,
'sessionExists' => false,
'hbeeErrorCode' => $hbeeErrorCode,
'errorStr' => $message,
'session_data' => [],
// 'session2' => $_SESSION,
)));
$url = $this->router->generate('return_json_for_listener');
// $request->headers->setCookie(Cookie::create('CLEARLOGINCOOKIE', 1));
$event->getRequest()->attributes->set('_controller', 'ApplicationBundle:PublicPages:ReturnJsonForListener');
$event->setController($this->resolver->getController($request));
// $event->setController(function () use ($url) {
// return new RedirectResponse($url);
// });
} else {
$url = $this->router->generate('user_logout');
$event->setController(function () use ($url) {
return new RedirectResponse($url);
});
}
}
} else {
// User can't see this page until do a login. let him/her login first.
$message = "Session Not Found";
$hbeeErrorCode = UserConstants::ERROR_TOKEN_EXPIRED;
if ($authTokenInHeader || $request->request->has('remoteVerify') || $request->request->has('returnJson') || $request->query->has('returnJson')) {
} else {
if ($request->server->has("REQUEST_URI")) {
if (strripos($request->server->get('REQUEST_URI'), 'select_data') === false) {
if ($request->server->get('REQUEST_URI') != '/' && $request->server->get('REQUEST_URI') != '') {
$session->set('LAST_REQUEST_URI_BEFORE_LOGIN', $request->server->get('REQUEST_URI'));
}
} else {
$session->set('LAST_REQUEST_URI_BEFORE_LOGIN', '');
}
// if ($request->server->get('REQUEST_URI') != '/' && $request->server->get('REQUEST_URI') != '') {
//// return $this->redirect($request->request->get('HTTP_REFERER'));
// $session->set('LAST_REQUEST_URI_BEFORE_LOGIN', $request->server->get('REQUEST_URI'));
// }
}
}
$session->set('jsonStrForListenerData', json_encode([]));
if ($authTokenInHeader || $request->request->has('remoteVerify') || $request->request->has('returnJson') || $request->query->has('returnJson')) {
$session->set('jsonStrForListenerData', json_encode(array(
'uid' => 0,
'session' => [],
'success' => false,
'sessionExists' => false,
'hbeeErrorCode' => $hbeeErrorCode,
'errorStr' => $message,
'session_data' => [],
// 'session2' => $_SESSION,
)));
$url = $this->router->generate('return_json_for_listener');
// $request->headers->setCookie(Cookie::create('CLEARLOGINCOOKIE', 1));
$event->getRequest()->attributes->set('_controller', 'ApplicationBundle:PublicPages:ReturnJsonForListener');
$event->setController($this->resolver->getController($request));
// $event->setController(function () use ($url) {
// return new RedirectResponse($url);
// });
// return new JsonResponse();
} else {
$url = $this->router->generate('user_login');
// $request->headers->setCookie(Cookie::create('CLEARLOGINCOOKIE', 1));
$event->setController(function () use ($url) {
return new RedirectResponse($url);
});
}
}
$em = $this->em;
// if ($CurrentRoute != "update_database_schema")
// MiscActions::decryptTrans($em, '_ALL_', 0);
// Here we got a general user who have all the right things. Let see if he/she have permission to tre current route.
// $ROUTE_LIST=json_decode($session->get(UserConstants::USER_ROUTE_LIST), true);
$PROHIBIT_LIST = json_decode($session->get(UserConstants::USER_PROHIBIT_LIST), true);
$CurrentRoute = $event->getRequest()->attributes->get('_route');
$PL_unfiltered = json_decode($session->get(UserConstants::USER_POSITION_LIST), true);
if ($PL_unfiltered == null)
$PL_unfiltered = [];
$PL = [];
foreach ($PL_unfiltered as $PLU) {
if ($PLU != '' && $PLU != " " && $PLU != 0 && $PLU != null)
$PL[] = $PLU;
}
if (!empty($PL) && $session->get(UserConstants::USER_CURRENT_POSITION) == 0) {
$url = $this->router->generate('user_login_position');
$event->setController(function () use ($url) {
return new RedirectResponse($url);
});
}
if ($CurrentRoute == "user_login_position") {
if (!empty($session->get(UserConstants::USER_ID))) {
// This is an system user. send him to system dashboard
if ($session->get(UserConstants::USER_TYPE) == UserConstants::USER_TYPE_SYSTEM) {
// This is an system user. send him to system dashboard
$url = $this->router->generate('system_admin_dashboard');
$event->setController(function () use ($url) {
return new RedirectResponse($url);
});
} else {
if (!empty($session->get(UserConstants::USER_CURRENT_POSITION)) && $session->get(UserConstants::USER_CURRENT_POSITION) != 0) {
// user position got set up. send him to the normal dashboard.
$PL = json_decode($session->get(UserConstants::USER_POSITION_LIST), true);
if ($PL == null) $PL = [];
if (count($PL) <= 1) {
$url = $this->router->generate('dashboard');
$event->setController(function () use ($url) {
return new RedirectResponse($url);
});
}
}
}
} else {
// User can't see this page until do a login. let him/her login first.
$url = $this->router->generate('user_login');
$event->setController(function () use ($url) {
return new RedirectResponse($url);
});
}
}
if ($permissionOverride == 0 && $CurrentRoute != "dashboard" && $CurrentRoute != $session->get(UserConstants::USER_DEFAULT_ROUTE)) {
if ($PROHIBIT_LIST != null or $PROHIBIT_LIST != []) {
if (in_array($CurrentRoute, $PROHIBIT_LIST)) {
// User is not authorized. send him to dashboard
// $controller->addFlash(
// 'error',
// 'Sorry Couldnot insert Data.'
// );
$url = $this->router->generate('permission_denied_page');
$event->setController(function () use ($url) {
return new RedirectResponse($url);
});
}
}
}
}
if ($controller[0] instanceof LoginInterface) {
$session = $this->session;
// Three situation here
// 1. Have no session
// 2. Have session but no position
// 3. Have session and position
$route = $event->getRequest()->attributes->get('_route');
$systemType = '_ERP';//default
$systemType = $this->container->hasParameter('system_type') ? $this->container->getParameter('system_type') : '_ERP_';
if ($route == "user_login") {
if ($request->request->get('remoteVerify', $request->query->get('remoteVerify', 0)) == 1) {
$session->clear();
} else if (!empty($session->get(UserConstants::USER_ID))) {
// User already have logged in. lets check its type
if ($systemType == '_ERP_') {
if ($session->get(UserConstants::USER_TYPE) == UserConstants::USER_TYPE_SYSTEM) {
// This is an system user. send him to system dashboard
$url = $this->router->generate('system_admin_dashboard');
$event->setController(function () use ($url) {
return new RedirectResponse($url);
});
} else {
// This user is a normal user. Check if its login position got set.
if (!empty($session->get(UserConstants::USER_CURRENT_POSITION))) {
// user position got set up. send him to the normal dashboard.
$url = $this->router->generate('dashboard');
if ($request->request->has('remoteVerify')) {
$session->set('remoteVerified', 1);
$url = $this->router->generate('get_session_data_for_app');
$event->setController(function () use ($url) {
return new RedirectResponse($url);
});
}
$event->setController(function () use ($url) {
return new RedirectResponse($url);
});
} else {
// user position have not set up. send it to the position page
$url = $this->router->generate('user_login_position');
$event->setController(function () use ($url) {
return new RedirectResponse($url);
});
}
}
//do nothing its default to dashboard index
} else if ($systemType == '_BUDDYBEE_') {
// $event->getRequest()->attributes->set('_controller', 'ApplicationBundle:BuddybeePublic:ConsultancyHomePage');
// $event->setController($this->resolver->getController($request));
}
} else {
if ($systemType == '_ERP_') {
//do nothing its default to dashboard index
} else if ($systemType == '_BUDDYBEE_' && $request->isMethod('GET')) {
if ($request->request->has('oAuthData') || $request->query->has('oAuthData') || $request->query->has('code')) {
} else {
$event->getRequest()->attributes->set('_controller', 'ApplicationBundle\Modules\Authentication\Controller\UserLoginController::applicantLoginAction');
$event->setController($this->resolver->getController($request));
}
}
// if ($systemType == '_BUDDYBEE_' && $request->isMethod('POST')) {
//
// $event->getRequest()->attributes->set('_controller', 'ApplicationBundle:UserLogin:applicantLogin');
// $event->setController($this->resolver->getController($request));
// }
}
}
}
// Checking if its a system url request.
if ($controller[0] instanceof SystemInterface) {
// System controller.
$session = $this->session;
if (!empty($session->get(UserConstants::USER_ID))) {
if ($session->get(UserConstants::USER_TYPE) != UserConstants::USER_TYPE_SYSTEM) {
// Kick the idiot out from here. If possible, keep a track
$url = $this->router->generate('user_logout');
$event->setController(function () use ($url) {
return new RedirectResponse($url);
});
} else {
$lastCheckDateTime = null;
$appValid = 1;
$currentDateTime = new \DateTime();
$currentTime = strtotime($currentDateTime->format('Y-m-d h:i:s'));
$appIsValidTillTime = $currentTime;
$appIsValidTillDateTime = $currentDateTime;
// $session->set('appIsValidTillTime', $appIsValidTillDateTime->format('Y-m-d h:i:s'));
if (!empty($session->get('lastCheckAppValidityTime'))) {
$lastCheckDateTime = strtotime($session->get('lastCheckAppValidityTime'));
} else {
$lastCheckDateTime = strtotime('2022-01-01 00:00:00');
}
if (!empty($session->get('appIsValidTillTime'))) {
$appIsValidTillTime = strtotime($session->get('appIsValidTillTime'));
$appIsValidTillDateTime = new \DateTime($session->get('appIsValidTillTime'));
} else {
// $appIsValidTillTime=$currentDateTime;
// $session->set('appIsValidTillTime', $appIsValidTillTime->format('Y-m-d h:i:s'));
}
if (!empty($session->get('appValid'))) {
$appValid = $session->get('appValid');
}
$secondsTillLastCheck = abs($currentTime - $lastCheckDateTime);
// $session->set('lastCheckAppValiditySecond', abs($currentTime - $lastCheckDateTime));
if ($secondsTillLastCheck > 7200 || $appValid == 0) {
$appValiditySeconds = $session->get('appValiditySeconds');
$appDataJson = System::getAppDataByCurl();
$appData = json_decode($appDataJson, true);
// $appIsValidTillTime=$currentDateTime;
if ($appData == null)
$appData = [];
if (isset($appData[$session->get(UserConstants::USER_APP_ID)])) {
$session->set('appDataCurl', $appData[$session->get(UserConstants::USER_APP_ID)]);
if ($appData[$session->get(UserConstants::USER_APP_ID)]['expired'] == 1) {
$appValid = 0;
$appValiditySeconds = 0;
} else {
$appIsValidTillTime = strtotime($appData[$session->get(UserConstants::USER_APP_ID)]['suspensionDate']);
$appIsValidTillDateTime = new \DateTime($appData[$session->get(UserConstants::USER_APP_ID)]['suspensionDate']);
$appValiditySeconds = $appIsValidTillTime - $currentTime;
if ($appValiditySeconds < 0)
$appValid = 0;
else
$appValid = 1;
}
}
$session->set('appValiditySeconds', $appValiditySeconds);
$session->set('appIsValidTillTime', $appIsValidTillDateTime->format('Y-m-d h:i:s'));
$session->set('lastCheckAppValidityTime', $currentDateTime->format('Y-m-d h:i:s'));
$session->set('appValid', $appValid);
}
$session->set('appIsValidTillTime', $appIsValidTillDateTime->format('Y-m-d h:i:s'));
if ($appValid != 1) {
$url = $this->router->generate('user_logout');
// $request->headers->setCookie(Cookie::create('CLEARLOGINCOOKIE', 1));
$event->setController(function () use ($url) {
return new RedirectResponse($url);
});
}
$gocId = $session->get(UserConstants::USER_GOC_ID);
if ($gocId != 0 && $gocId != "") {
$gocDbName = $session->get(UserConstants::USER_DB_NAME);
$gocDbUser = $session->get(UserConstants::USER_DB_USER);
$gocDbPass = $session->get(UserConstants::USER_DB_PASS);
$gocDbHost = $session->get(UserConstants::USER_DB_HOST);
// $connector = $this->container->get('application_connector');
$connector = $this->applicationConnector;
$connector->resetConnection(
'default',
$gocDbName,
$gocDbUser,
$gocDbPass,
$gocDbHost,
$reset = true);
}
}
} else {
// Seriously !! How did this person get this url. Track the pc if possible.
$url = $this->router->generate('user_login');
$event->setController(function () use ($url) {
return new RedirectResponse($url);
});
}
}
//dashboard for diff aspects
if ($event->getRequest()->attributes->get('_route') == 'dashboard') {
$systemType = '_ERP';//default
$systemType = $this->container->hasParameter('system_type') ? $this->container->getParameter('system_type') : '_ERP_';
if ($systemType == '_ERP_') {
//do nothing its default to dashboard index
} else if ($systemType == '_BUDDYBEE_') {
$event->getRequest()->attributes->set('_controller', 'ApplicationBundle\Modules\Buddybee\Controller\BuddybeePublicController:ConsultancyHomePageAction');
$event->setController($this->resolver->getController($request));
} else if ($systemType == '_CENTRAL_') {
$event->getRequest()->attributes->set('_controller', 'ApplicationBundle\Modules\HoneybeeWeb\Controller\HoneybeeWebPublicController:CentralHomePageAction');
$event->setController($this->resolver->getController($request));
}
// $event->setController(function() use ($url) {
// return new RedirectResponse($url);
// });
// $event->setController((\ApplicationBundle\Controller\BuddybeePublicController())->ConsultancyHomePageAction() );
}
}
public function onKernelResponse(FilterResponseEvent $event)
{
$session = $this->session;
$request = $event->getRequest();
$response = $event->getResponse();
//temp debug
$em = $this->em;
$currRoute = $request->attributes->get('_route');
// if ($currRoute != "update_database_schema")
// MiscActions::encryptTrans($em, '_ALL_', 0);
if ($currRoute=='zkteco_handshake' ||
$currRoute=='zkteco_get_request' ||
$currRoute=='zkteco_device_cmd'
) {
$response->headers->remove('Date');
$response->headers->remove('date');
$response->setStatusCode(200);
// Remove headers Symfony adds automatically
$response->headers->remove('Cache-Control');
$response->headers->remove('Last-Modified');
$response->headers->remove('Expires');
} else {
if (
($request->request->has('returnJson') || $request->request->has('remoteVerify')) &&
$request->request->has('token') &&
!in_array($currRoute, [
'select_data_ajax',
'select_data_api',
'select_data_ajax_public',
])
) {
$currDate = new \DateTime();
$to_write = '';
$to_write .= "\nToken--" . $request->request->get('token', 'NONE') . ' : ' . $currDate->format('F d Y H:i:s');
$to_write .= "\nResponse:\n
";
if (is_string($response->getContent()))
$to_write .= $response->getContent();
else
$to_write .= json_encode($response->getContent());
// System::log_it($this->container->getParameter('kernel.root_dir'), $to_write, $currRoute, 1);
}
if ($session->has('remoteVerified')) {
$lifetime = 86400; // 1 day
// $response->headers->setCookie(Cookie::create('PHPSESSID', $event->getRequest()->cookies->get('PHPSESSID'),time()+$lifetime));
$response->headers->set('Access-Control-Allow-Origin', $event->getRequest()->headers->get('origin'));
$response->headers->set('Access-Control-Allow-Credentials', 'true');
// $response->headers->setCookie(Cookie::create('PIKAMASTER', $event->getRequest()->cookies->get('PHPSESSID'),time()+$lifetime));
} else {
// create a hash and set it as a response header
// $hash = sha1($response->getContent().$token);
// $response->headers->set('Access-Control-Allow-Origin', '*');
// $response->headers->set('Access-Control-Allow-Credentials', 'true');
$response->headers->set('Access-Control-Allow-Origin', $event->getRequest()->headers->get('origin'));
$response->headers->set('Access-Control-Allow-Credentials', 'true');
// $response->headers->setCookie(Cookie::create('honeybeeCAuthId', $session->get(UserConstants::USER_ID)));
// $response->headers->setCookie(Cookie::create('honeybeeCAuthId2', $event->getRequest()->cookies->get('PHPSESSID')));
}
// if($session->has(UserConstants::USER_ID)) {
// if ($session->get(UserConstants::USER_ID) == '' || $session->get(UserConstants::USER_ID) == '') {
// $response->headers->setCookie(Cookie::create('USRCKIE', ''));
// $response->headers->setCookie(Cookie::create('REMEMBERME', ''));
// $response->headers->setCookie(Cookie::create('CLEARLOGINCOOKIE', ''));
// }
// }
// else
// {
// $response->headers->setCookie(Cookie::create('USRCKIE', ''));
// $response->headers->setCookie(Cookie::create('REMEMBERME', ''));
// $response->headers->setCookie(Cookie::create('CLEARLOGINCOOKIE', ''));
// }
if ($session->has('CLEARLOGIN')) {
if ($session->get('CLEARLOGIN') == 1) {
if (version_compare(PHP_VERSION, '7.0.0', '>=')) {
$response->headers->setCookie(Cookie::create('USRCKIE', ''));
$response->headers->setCookie(Cookie::create('REMEMBERME', ''));
$response->headers->setCookie(Cookie::create('CLEARLOGINCOOKIE', ''));
} else {
$response->headers->setCookie(new Cookie('USRCKIE', ''));
$response->headers->setCookie(new Cookie('REMEMBERME', ''));
$response->headers->setCookie(new Cookie('CLEARLOGINCOOKIE', ''));
}
}
$session->set('CLEARLOGIN', 0);
} else {
}
if ($session->has('REMEMBERME')) {
if ($session->get('REMEMBERME') == 1) {
$lifetime = 86400; // 1 day
if (version_compare(PHP_VERSION, '7.0.0', '>=')) {
$response->headers->setCookie(Cookie::create('USRCKIE', json_encode(array(
'uid' => $session->get(UserConstants::USER_ID),
'ut' => $session->get(UserConstants::USER_TYPE),
'companyId' => $session->get(UserConstants::USER_COMPANY_ID),
'gocId' => $session->get(UserConstants::USER_GOC_ID),
)
), time() + $lifetime
)
);
$response->headers->setCookie(Cookie::create('REMEMBERMEACTIVATED', 'PIKA'));
} else {
$response->headers->setCookie(new Cookie('USRCKIE', json_encode(array(
'uid' => $session->get(UserConstants::USER_ID),
'ut' => $session->get(UserConstants::USER_TYPE),
'companyId' => $session->get(UserConstants::USER_COMPANY_ID),
'gocId' => $session->get(UserConstants::USER_GOC_ID),
)
), time() + $lifetime
)
);
$response->headers->setCookie(new Cookie('REMEMBERMEACTIVATED', 'PIKA'));
}
} else {
if (version_compare(PHP_VERSION, '7.0.0', '>=')) {
$response->headers->setCookie(Cookie::create('USRCKIE', json_encode(array(
'uid' => $session->get(UserConstants::USER_ID),
'ut' => $session->get(UserConstants::USER_TYPE),
'companyId' => $session->get(UserConstants::USER_COMPANY_ID),
'gocId' => $session->get(UserConstants::USER_GOC_ID),
)
)
)
);
$response->headers->setCookie(Cookie::create('REMEMBERMEACTIVATED', 'MASTER'));
} else {
$response->headers->setCookie(new Cookie('USRCKIE', json_encode(array(
'uid' => $session->get(UserConstants::USER_ID),
'ut' => $session->get(UserConstants::USER_TYPE),
'companyId' => $session->get(UserConstants::USER_COMPANY_ID),
'gocId' => $session->get(UserConstants::USER_GOC_ID),
)
)
)
);
$response->headers->setCookie(new Cookie('REMEMBERMEACTIVATED', 'MASTER'));
}
}
} else {
if (version_compare(PHP_VERSION, '7.0.0', '>='))
$response->headers->setCookie(Cookie::create('REMEMBERMEACTIVATED', 'CHU'));
else
$response->headers->setCookie(new Cookie('REMEMBERMEACTIVATED', 'CHU'));
}
}
}
public function onKernelException(ExceptionEvent $event)
{
$exception = $event->getThrowable();
$session = $this->session;
$request = $event->getRequest();
$response = $event->getResponse();
//temp debug
$em = $this->em;
$currRoute = $request->attributes->get('_route');
// if ($currRoute != "update_database_schema")
// MiscActions::encryptTrans($em, '_ALL_', 0);
if (
(
$request->query->has('returnJson') ||
$request->request->has('returnJson') ||
$request->query->has('remoteVerify') ||
$request->request->has('remoteVerify') ||
$event->getRequest()->headers->get('auth-token'))
) {
$response = new JsonResponse([
'success' => false,
'error' => 'server_error',
'message' => $exception->getMessage(),
], 500);
$event->setResponse($response);
$event->stopPropagation();
if ($origin = $event->getRequest()->headers->get('Origin')) {
$response->headers->set('Access-Control-Allow-Origin', $origin);
$response->headers->set('Access-Control-Allow-Credentials', 'true');
}
}
}
}

src/ApplicationBundle/Listener/SessionListener.php line 887