1. /var/www/src/Eccube
  2. Controller
  3. Admin
  4. Setting
  5. System
  6. SecurityController.php
 
Code Coverage
 
Classes and Traits
Functions and Methods
Lines
Total
0.00% covered (danger)
0.00%
0 / 1
0.00% covered (danger)
0.00%
0 / 1
 CRAP
82.00% covered (warning)
82.00%
41 / 50
SecurityController
0.00% covered (danger)
0.00%
0 / 1
0.00% covered (danger)
0.00%
0 / 1
 17.49
82.00% covered (warning)
82.00%
41 / 50
 index
0.00% covered (danger)
0.00%
0 / 1
 17.49
82.00% covered (warning)
82.00%
41 / 50
<?php
/*
 * This file is part of EC-CUBE
 *
 * Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved.
 *
 * http://www.lockon.co.jp/
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */
namespace Eccube\Controller\Admin\Setting\System;
use Eccube\Application;
use Eccube\Common\Constant;
use Eccube\Controller\AbstractController;
use Eccube\Util\Str;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Yaml\Yaml;
class SecurityController extends AbstractController
{
    public function index(Application $app, Request $request)
    {
        $builder = $app['form.factory']->createBuilder('admin_security');
        $form = $builder->getForm();
        if ('POST' === $request->getMethod()) {
            $form->handleRequest($request);
            if ($form->isValid()) {
                $data = $form->getData();
                // 現在のセキュリティ情報を更新
                $adminRoot = $app['config']['admin_route'];
                $configFile = $app['config']['root_dir'].'/app/config/eccube/config';
                if (file_exists($configFile.'.php')) {
                    $config = require $configFile.'.php';
                } elseif (file_exists($configFile.'.yml')) {
                    $config = Yaml::parse(file_get_contents($configFile.'.yml'));
                }
                // trim処理
                $allowHost = Str::convertLineFeed($data['admin_allow_host']);
                if (empty($allowHost)) {
                    $config['admin_allow_host'] = null;
                } else {
                    $config['admin_allow_host'] = explode("\n", $allowHost);
                }
                if ($data['force_ssl']) {
                    // SSL制限にチェックをいれた場合、https経由で接続されたか確認
                    if ($request->isSecure()) {
                        // httpsでアクセスされたらSSL制限をチェック
                        $config['force_ssl'] = Constant::ENABLED;
                    } else {
                        // httpから変更されたらfalseのまま
                        $config['force_ssl'] = Constant::DISABLED;
                        $data['force_ssl'] = (bool) Constant::DISABLED;
                    }
                } else {
                    $config['force_ssl'] = Constant::DISABLED;
                }
                $form = $builder->getForm();
                $form->setData($data);
                if (file_exists($configFile.'.php')) {
                    file_put_contents($configFile.'.php', sprintf('<?php return %s', var_export($config, true)).';');
                }
                if (file_exists($configFile.'.yml')) {
                    file_put_contents($configFile.'.yml', Yaml::dump($config));
                }
                if ($adminRoot != $data['admin_route_dir']) {
                    // admin_routeが変更されればpath.(yml|php)を更新
                    $pathFile = $app['config']['root_dir'].'/app/config/eccube/path';
                    if (file_exists($pathFile.'.php')) {
                        $config = require $pathFile.'.php';
                    } elseif (file_exists($pathFile.'.yml')) {
                        $config = Yaml::parse(file_get_contents($pathFile.'.yml'));
                    }
                    $config['admin_route'] = $data['admin_route_dir'];
                    if (file_exists($pathFile.'.php')) {
                        file_put_contents($pathFile.'.php', sprintf('<?php return %s', var_export($config, true)).';');
                    }
                    if (file_exists($pathFile.'.yml')) {
                        file_put_contents($pathFile.'.yml', Yaml::dump($config));
                    }
                    $app->addSuccess('admin.system.security.route.dir.complete', 'admin');
                    // ログアウト
                    $this->getSecurity($app)->setToken(null);
                    // 管理者画面へ再ログイン
                    return $app->redirect($request->getBaseUrl().'/'.$config['admin_route']);
                }
                $app->addSuccess('admin.system.security.save.complete', 'admin');
            }
        } else {
            // セキュリティ情報の取得
            $form->get('admin_route_dir')->setData($app['config']['admin_route']);
            $allowHost = $app['config']['admin_allow_host'];
            if (count($allowHost) > 0) {
                $form->get('admin_allow_host')->setData(Str::convertLineFeed(implode("\n", $allowHost)));
            }
            $form->get('force_ssl')->setData((bool)$app['config']['force_ssl']);
        }
        return $app->render('Setting/System/security.twig', array(
            'form' => $form->createView(),
        ));
    }
}