protected function _output_request($params, $redirect_url = '', $ajax = FALSE)
{
if ($ajax) {
@header('Content-Type: application/json');
echo json_encode($params);
exit;
}
if ($this->input->is_ajax_request()) {
@header('Content-Type: application/json');
echo json_encode($params);
exit;
} else {
set_flash_data($params['status'], $params['message']);
redirect($redirect_url, 'refresh');
}
}
public function update()
{
$new_file_name = "";
$this->form_validation->set_rules('first_name', 'First Name', 'required|xss_clean');
$this->form_validation->set_rules('last_name', 'Last Name', 'required|xss_clean');
$this->form_validation->set_rules('phone', 'Phone Number', 'trim|xss_clean');
if ($this->input->post('password')) {
$this->form_validation->set_rules('password', 'Password', 'required|min_length[' . $this->config->item('min_password_length', 'ion_auth') . ']|max_length[' . $this->config->item('max_password_length', 'ion_auth') . ']|matches[password_confirm]');
$this->form_validation->set_rules('password_confirm', 'Password Confirmation', 'required');
}
if ($this->form_validation->run() == TRUE) {
$gmt_offset = $this->current_user->group_id == GROUP_ADMIN ? $this->current_user->gmt_offset : $this->current_user->company_settings->gmt_offset;
$input = array('first_name' => $this->_post_args('first_name', ARGS_TYPE_STRING), 'last_name' => $this->_post_args('last_name', ARGS_TYPE_STRING), 'phone' => $this->_post_args('phone', ARGS_TYPE_STRING), 'gmt_offset' => $this->_post_args('gmt_offset', ARGS_TYPE_STRING, $gmt_offset, array('override' => TRUE)));
if (($user_avatar = $this->upload_avatar()) && empty($user_avatar['error']) && !empty($user_avatar['file_name'])) {
$input['avatar'] = $user_avatar['file_name'];
}
if (isset($new_file_name) && $new_file_name != "") {
$input['avatar'] = $new_file_name;
}
if ($this->input->post('password')) {
$input['password'] = $this->_post_args('password', ARGS_TYPE_STRING);
}
if ($this->ion_auth->update($this->current_user->user_id, $input)) {
$this->user_m->clear_user_profile_cache(array('user_id' => $this->current_user->user_id, 'company_id' => $this->current_user->company_id, 'old_company_id' => $this->current_user->company_id));
set_flash_data(SUCCESS_MESSAGE, 'Profile Saved');
//die();
//redirect("profile", 'refresh');
//exit;
?>
<script>
window.location="<?php
echo base_url();
?>
profile";
</script>
<?php
die;
}
}
$this->index();
}
public function login()
{
$this->form_validation->set_rules('identity', 'Identity', 'required');
$this->form_validation->set_rules('password', 'Password', 'required');
if ($this->form_validation->run() == true) {
$remember = TRUE;
/*(bool) $this->input->post('remember');*/
if ($this->ion_auth->login($this->input->post('identity'), $this->input->post('password'), $remember)) {
$this->session->set_flashdata('message', $this->ion_auth->messages());
$redirect_to = is_mobile() ? 'sites/survey' : 'dashboard';
redirect($redirect_to, 'refresh');
} else {
set_flash_data(ERROR_MESSAGE, $this->ion_auth->errors());
redirect('auth/login', 'refresh');
//use redirects instead of loading views for compatibility with MY_Controller libraries
}
} else {
$data['message'] = validation_errors() ? strip_tags(validation_errors()) : $this->session->flashdata('message');
}
$doc_key = $this->input->post('doc_key') ? $this->input->post('doc_key') : keygen();
$data = array('page' => 'login/form', 'title' => 'Login', 'identity' => $this->form_validation->set_value('identity'), 'password' => '', 'scripts' => array('login/form.js'), 'hiddenvars' => array(), 'doc_key' => $doc_key);
if ($this->input->is_ajax_request()) {
$html = $this->template->raw_view('pages/login/form_modal', $data, TRUE);
if ($method == "ajax") {
$output['html'] = $html;
$this->_output_request($output, 'auth/login');
} else {
echo $html;
}
} else {
if (!empty($output['status'])) {
set_flash_data($output['status'], $output['message'], FALSE);
}
$this->template->load('login', $data);
}
}
$flashdb[$id] = array('src' => $src, 'url' => $_POST['img_url'], 'text' => $_POST['img_text']);
put_flash_xml($flashdb);
set_flash_data($_CFG['flash_theme'], $error_msg = '');
$links[] = array('text' => $_LANG['go_url'], 'href' => 'flashplay.php?act=list');
sys_msg($_LANG['edit_ok'], 0, $links);
}
} elseif ($_REQUEST['act'] == 'install') {
check_authz_json('flash_manage');
$flash_theme = trim($_GET['flashtpl']);
if ($_CFG['flash_theme'] != $flash_theme) {
$sql = "UPDATE " . $GLOBALS['ecs']->table('shop_config') . " SET value = '{$flash_theme}' WHERE code = 'flash_theme'";
if ($db->query($sql, 'SILENT')) {
clear_all_files();
//清除模板编译文件
$error_msg = '';
if (set_flash_data($flash_theme, $error_msg)) {
make_json_error($error_msg);
} else {
make_json_result($flash_theme, $_LANG['install_success']);
}
} else {
make_json_error($db->error());
}
} else {
make_json_result($flash_theme, $_LANG['install_success']);
}
}
function get_flash_xml()
{
$flashdb = array();
if (file_exists(ROOT_PATH . DATA_DIR . '/flash_data.xml')) {
public function delete($pkey, $method = "echo")
{
_has_user_access_permission(TRUE, array('admin', 'management_company', 'user_company'));
$params = ($params = unserialize_object($pkey)) && is_array($params) ? $params : array();
$company_id = $this->current_user->group_id == 1 ? $this->_post_args('company_id', ARGS_TYPE_INT, array_key_exists(SYS_COMPANY_ID, $params) && gtzero_integer($params[SYS_COMPANY_ID]) ? to_int($params[SYS_COMPANY_ID]) : 0) : $this->current_user->company_id;
$client_id = isset($params[SYS_CLIENT_ID]) && gtzero_integer($params[SYS_CLIENT_ID]) ? (int) $params[SYS_CLIENT_ID] : 0;
$redirect_url = $this->_post_args('redirect_url', ARGS_TYPE_STRING, $this->agent->referrer());
$client_info = $this->client_m->details($client_id, $company_id);
if (!$client_info || _has_company_group_access($this->current_user->group_id) && $client_info->company_id != $this->current_user->company_id) {
$this->show_permission_denied_error($method);
}
$company_id = $this->current_user->group_id == 1 ? $this->_post_args('company_id', ARGS_TYPE_INT, $client_info->company_id) : $this->current_user->company_id;
$this->form_validation->set_rules('confirm', 'confirm', 'trim|required');
$output = array('message' => "", 'status' => "");
if ($this->form_validation->run() == TRUE) {
$is_record_updated = $this->client_m->delete($client_id);
if ($is_record_updated) {
$output['message'] = sprintf('The client "%s" has been deleted.', $client_info->full_name);
$output['status'] = SUCCESS_MESSAGE;
$output['client_id'] = $client_id;
/*trigger_trip("client_deleted", $details->company_id, array('client_id' => $client_id, 'deleted_by' => $this->current_user->user_id));*/
} else {
$output['message'] = sprintf('Unable to delete client "%s". Please report the issue to %s', $client_info->full_name, $this->cfg->contact_email);
$output['status'] = ERROR_MESSAGE;
}
$this->_output_request($output, $redirect_url);
} else {
if (validation_errors()) {
$output['message'] = validation_errors();
$output['status'] = ERROR_MESSAGE;
}
}
$csrf = _get_csrf_nonce();
$data = array('form_action' => site_url('clients/delete/' . $pkey), 'cancel_url' => $redirect_url, 'page' => 'clients/delete', 'title' => 'Delete Client', "display_message" => sprintf('Are you sure you want to delete client "%s"?', $client_info->full_name), "display_heading" => sprintf('Delete Client', $client_info->full_name), "submit_btn_text" => "Save Changes", 'hiddenvars' => array_merge($csrf, array('redirect_url' => $redirect_url, 'confirm' => 1)));
if ($this->input->is_ajax_request()) {
$html = $this->template->raw_view('pages/clients/delete_modal', $data, TRUE);
if ($method == "ajax") {
$output['html'] = $html;
$this->_output_request($output, $redirect_url);
} else {
echo $html;
}
} else {
if (!empty($output['status'])) {
set_flash_data($output['status'], $output['message'], FALSE);
}
$this->template->load('default', $data);
}
}
public function delete($pkey, $method = "echo")
{
_has_user_access_permission(TRUE, array('admin', 'location_manager', 'user_company'));
$params = ($params = unserialize_object($pkey)) && is_array($params) ? $params : array();
$type_id = isset($params[SYS_CONTACT_TYPE_ID]) && gtzero_integer($params[SYS_CONTACT_TYPE_ID]) ? to_int($params[SYS_CONTACT_TYPE_ID]) : 0;
$ref_id = isset($params[SYS_REF_ID]) && gtzero_integer($params[SYS_REF_ID]) ? to_int($params[SYS_REF_ID]) : 0;
$contact_id = isset($params[SYS_CONTACT_ID]) && gtzero_integer($params[SYS_CONTACT_ID]) ? to_int($params[SYS_CONTACT_ID]) : 0;
$redirect_url = $this->_post_args('redirect_url', ARGS_TYPE_STRING, $this->agent->referrer());
$contact_info = $this->contact_m->details($contact_id, $ref_id, $type_id);
if (!$contact_info) {
$this->show_permission_denied_error($method);
}
$this->form_validation->set_rules('confirm', 'confirm', 'trim|required');
$output = array('message' => "", 'status' => "");
if ($this->form_validation->run() == TRUE) {
$is_record_updated = $this->contact_m->delete($contact_id);
if ($is_record_updated) {
$output['message'] = sprintf('The contact "%s" has been deleted.', $contact_info->contact_name);
$output['status'] = SUCCESS_MESSAGE;
$output['contact_id'] = $contact_id;
} else {
$output['message'] = sprintf('Error occurred while trying to delete contact "%s".', $contact_info->contact_name);
$output['status'] = ERROR_MESSAGE;
}
$this->_output_request($output, $redirect_url);
} else {
if (validation_errors()) {
$output['message'] = validation_errors();
$output['status'] = ERROR_MESSAGE;
}
}
$doc_key = $this->_post_args('doc_key', ARGS_TYPE_STRING) ? $this->_post_args('doc_key', ARGS_TYPE_STRING) : keygen();
$csrf = _get_csrf_nonce();
$data = array('form_action' => site_url('contacts/delete/' . $pkey), 'cancel_url' => $redirect_url, 'page' => 'contacts/delete', 'title' => 'Contact "' . $contact_info->contact_name . '"', "display_message" => sprintf('Are you sure you want to delete contact "%s"?', $contact_info->contact_name), "display_heading" => sprintf('Delete contact', $contact_info->contact_name), "submit_btn_text" => "Save Changes", 'hiddenvars' => array_merge($csrf, array('redirect_url' => $redirect_url)), 'doc_key' => $doc_key);
if ($this->input->is_ajax_request()) {
$html = $this->template->raw_view('pages/contacts/delete_modal', $data, TRUE);
if ($method == "ajax") {
$output['html'] = $html;
$this->_output_request($output, $redirect_url);
} else {
echo $html;
}
} else {
if (!empty($output['status'])) {
set_flash_data($output['status'], $output['message'], FALSE);
}
$this->template->load('default', $data);
}
}
public function sfstatus($pkey, $method = "echo")
{
_has_user_access_permission(TRUE, array('admin'));
$params = ($params = unserialize_object($pkey)) && is_array($params) ? $params : array();
$company_id = in_array($this->current_user->group_id, array(GROUP_ADMIN, GROUP_STAFF, GROUP_ENGINEER)) ? $this->_post_args('company_id', ARGS_TYPE_INT, array_key_exists(SYS_COMPANY_ID, $params) && gtzero_integer($params[SYS_COMPANY_ID]) ? to_int($params[SYS_COMPANY_ID]) : 0) : $this->current_user->company_id;
$site_form_id = isset($params[SYS_SITE_FORM_ID]) && gtzero_integer($params[SYS_SITE_FORM_ID]) ? to_int($params[SYS_SITE_FORM_ID]) : 0;
$site_id = isset($params[SYS_SITE_ID]) && gtzero_integer($params[SYS_SITE_ID]) ? to_int($params[SYS_SITE_ID]) : 0;
$form_type_id = isset($params[SYS_FORM_TYPE_ID]) && gtzero_integer($params[SYS_FORM_TYPE_ID]) ? to_int($params[SYS_FORM_TYPE_ID]) : 0;
$redirect_url = $this->_post_args('redirect_url', ARGS_TYPE_STRING, $this->agent->referrer());
$doc_key = $this->input->post('doc_key') ? $this->input->post('doc_key') : keygen();
$csrf = _get_csrf_nonce();
$site_info = $this->site_m->details($site_id, $company_id);
$site_form_info = $this->site_m->site_form_detail($site_form_id);
if (!$site_info || _has_company_group_access($this->current_user->group_id) && $site_info->company_id != $this->current_user->company_id) {
$this->show_permission_denied_error($method);
}
$company_id = in_array($this->current_user->group_id, array(GROUP_ADMIN, GROUP_STAFF, GROUP_ENGINEER)) ? $this->_post_args('company_id', ARGS_TYPE_INT, $site_info->company_id) : $this->current_user->company_id;
$this->form_validation->set_rules('confirm', 'confirm', 'trim|required');
$output = array('message' => "", 'status' => "");
if ($this->form_validation->run() == TRUE) {
$is_record_updated = $this->site_m->update_site_form(array('completed_on' => curr_timestamp(), 'completed_by' => $this->current_user->user_id, 'status' => 3), $site_form_id, $site_id, $form_type_id);
if ($is_record_updated) {
$output['message'] = sprintf('The site form "%s" for site "%s" has been marked as completed.', $site_form_info->form_name, $site_info->site_code);
$output['status'] = SUCCESS_MESSAGE;
$output['site_form_info'] = $site_form_info;
} else {
$output['message'] = sprintf('Unable to mark form "%s" for site "%s" as completed. Please report the issue to %s', $site_form_info->form_name, $site_info->site_code, $this->cfg->contact_email);
$output['status'] = ERROR_MESSAGE;
}
$this->_output_request($output, $redirect_url);
} else {
if (validation_errors()) {
$output['message'] = validation_errors();
$output['status'] = ERROR_MESSAGE;
}
}
$csrf = _get_csrf_nonce();
$data = array('form_action' => site_url('sites/sfstatus/' . $pkey), 'cancel_url' => $redirect_url, 'page' => 'sites/delete', 'title' => $site_info->site_code . '(' . $site_form_info->form_name . ')', "display_message" => sprintf('Are you sure you want mark form "%s" for site "%s" as completed?', $site_form_info->form_name, $site_info->site_code), "display_heading" => sprintf($site_info->site_code . '(' . $site_form_info->form_name . ')'), "submit_btn_text" => "Save Changes", 'hiddenvars' => array_merge($csrf, array('redirect_url' => $redirect_url, 'confirm' => 1)));
if ($this->input->is_ajax_request()) {
$html = $this->template->raw_view('pages/sites/delete_modal', $data, TRUE);
if ($method == "ajax") {
$output['html'] = $html;
$this->_output_request($output, $redirect_url);
} else {
echo $html;
}
} else {
if (!empty($output['status'])) {
set_flash_data($output['status'], $output['message'], FALSE);
}
$this->template->load('default', $data);
}
}
public function deactivate($pkey, $method = "echo")
{
_has_user_access_permission(TRUE, array('admin', 'management_company'));
$params = ($params = unserialize_object($pkey)) && is_array($params) ? $params : array();
$company_id = $this->current_user->group_id == GROUP_ADMIN ? 0 : $this->current_user->company_id;
$user_id = isset($params[SYS_USER_ID]) && gtzero_integer($params[SYS_USER_ID]) ? to_int($params[SYS_USER_ID]) : 0;
$code = isset($params['code']) && !empty($params['code']) ? $params['code'] : FALSE;
$redirect_url = $this->_post_args('redirect_url', ARGS_TYPE_STRING, $this->agent->referrer());
$user_info = $this->user_m->details($user_id);
if (!$user_info || _has_company_group_access($this->current_user->group_id) && $user_info->company_id != $this->current_user->company_id || $this->current_user->user_id == $user_id) {
$this->show_permission_denied_error($method);
}
$company_id = $user_info->company_id;
$this->form_validation->set_rules('confirm', 'confirm', 'trim|required');
$output = array('message' => "", 'status' => "");
if ($this->form_validation->run() == TRUE) {
/*if ($this->_valid_csrf_nonce() === FALSE || $user_id != $this->input->post('id'))
{
show_error('This form post did not pass our security checks.');
}*/
$is_record_updated = $this->ion_auth->deactivate($user_id);
if ($is_record_updated) {
$output['message'] = sprintf('The user "%s" has been deactivated.', $user_info->full_name);
$output['status'] = SUCCESS_MESSAGE;
$output['user_id'] = $user_id;
/*trigger_trip("user_activated", $user_info->company_id, array('user_id' => $user_id, 'updated_by' => $this->current_user->user_id));*/
} else {
$output['message'] = sprintf('Error occurred while trying to deactivated user "%s".', $user_info->full_name);
$output['status'] = ERROR_MESSAGE;
}
$this->_output_request($output, $redirect_url);
} else {
if (validation_errors()) {
$output['message'] = validation_errors();
$output['status'] = ERROR_MESSAGE;
}
}
$csrf = _get_csrf_nonce();
$data = array('form_action' => site_url('users/deactivate/' . $pkey), 'cancel_url' => $redirect_url, 'page' => 'user/confirm', 'title' => 'Deactivate User', 'display_message' => sprintf('Are you sure you want to deactivate user "%s"?', $user_info->full_name), 'display_heading' => sprintf('Deactivate User', $user_info->full_name), 'submit_btn_text' => "Save Changes", 'hiddenvars' => array_merge($csrf, array('redirect_url' => $redirect_url)));
if ($this->input->is_ajax_request()) {
$html = $this->template->raw_view('pages/user/confirm_modal', $data, TRUE);
if ($method == "ajax") {
$output['html'] = $html;
$this->_output_request($output, $redirect_url);
} else {
echo $html;
}
} else {
if (!empty($output['status'])) {
set_flash_data($output['status'], $output['message'], FALSE);
}
$this->template->load('default', $data);
}
}
public function qdelete($pkey, $method = "echo")
{
_has_user_access_permission(TRUE, array('admin'));
$params = ($params = unserialize_object($pkey)) && is_array($params) ? $params : array();
$form_type_id = isset($params[SYS_FORM_TYPE_ID]) && gtzero_integer($params[SYS_FORM_TYPE_ID]) ? to_int($params[SYS_FORM_TYPE_ID]) : 0;
$question_id = isset($params[SYS_QUESTION_ID]) && gtzero_integer($params[SYS_QUESTION_ID]) ? to_int($params[SYS_QUESTION_ID]) : 0;
$redirect_url = $this->_post_args('redirect_url', ARGS_TYPE_STRING, $this->agent->referrer());
$form_info = $this->survey_m->form_type_details($form_type_id);
$question_info = $this->survey_m->get_question_detail($question_id, $form_type_id);
if (!$form_info) {
$this->show_permission_denied_error($method);
}
$this->form_validation->set_rules('confirm', 'confirm', 'trim|required');
$output = array('message' => "", 'status' => "");
if ($this->form_validation->run() == TRUE) {
$is_record_updated = $this->survey_m->delete_question($question_id);
if ($is_record_updated) {
$output['message'] = sprintf('The question "%s" has been deleted.', $question_info->description);
$output['status'] = SUCCESS_MESSAGE;
$output['question_id'] = $question_id;
} else {
$output['message'] = sprintf('Unable to delete question "%s". Please report the issue to %s', $question_info->description, $this->cfg->contact_email);
$output['status'] = ERROR_MESSAGE;
}
$this->_output_request($output, $redirect_url);
} else {
if (validation_errors()) {
$output['message'] = validation_errors();
$output['status'] = ERROR_MESSAGE;
}
}
$csrf = _get_csrf_nonce();
$data = array('form_action' => site_url('survey/qdelete/' . $pkey), 'cancel_url' => $redirect_url, 'page' => 'survey/delete', 'title' => 'Delete Question', "display_message" => sprintf('Are you sure you want to delete question "%s"?', $question_info->description), "display_heading" => sprintf('Delete Question', $question_info->description), "submit_btn_text" => "Save Changes", 'hiddenvars' => array_merge($csrf, array('redirect_url' => $redirect_url, 'confirm' => 1)));
if ($this->input->is_ajax_request()) {
$html = $this->template->raw_view('pages/survey/delete_modal', $data, TRUE);
if ($method == "ajax") {
$output['html'] = $html;
$this->_output_request($output, $redirect_url);
} else {
echo $html;
}
} else {
if (!empty($output['status'])) {
set_flash_data($output['status'], $output['message'], FALSE);
}
$this->template->load('default', $data);
}
}
