Beispiel #1
0
 /**
  * Confirm an authorisation key is valid
  *
  * See description of xarSecGenAuthKey for information on
  * this function
  *
  * @access public
  * @param string authIdVarName
  * @return bool true if the key is valid, false if it is not
  * @throws FORBIDDEN_OPERATION
  * @todo bring back possibility of time authorized keys
  */
 function confirmAuthKey($modName = NULL, $authIdVarName = 'authid')
 {
     if (!isset($modName)) {
         list($modName) = wbRequest::getController();
     }
     $authid = wbRequest::getVar($authIdVarName);
     $rands = wbSession::getVar('rand');
     $now = time();
     srand((double) microtime() * 1000000);
     // convert single rand to array of "timestamp-rand()" strings
     if (!is_array($rands)) {
         $rands = array();
         // session integrity: only keep most recent 64 values
         $rands = array_slice($rands, -64);
         wbSession::setVar('rand', $rands);
     }
     // needed in foreach to expire old rand values
     $age = wbConfig::get('Session.InactivityTimeout') * 60;
     // convert minutes to seconds
     // loop through the rands array to find a match
     foreach ($rands as $r => $rnd) {
         list($timestamp, $rndval) = explode('-', $rnd, 2);
         // ignore and get rid of random values older than session activity timeout
         if ($now - $age > $timestamp) {
             unset($rands[$r]);
             continue;
         }
         // Regenerate static part of key
         $partkey = $rndval . strtolower($modName);
         if (md5($partkey) == $authid) {
             // Match - get rid of it and leave happy
             unset($rands[$r]);
             // session integrity: only keep most recent 64 values
             $rands = array_slice($rands, -64);
             wbSession::setVar('rand', $rands);
             return true;
         }
     }
     throw new Exception("<p>Operasi yang anda coba lakukan tidak diperkenankan dalam kondisi ini.</p>Anda mungkin telah menekan tombol Back atau Reload pada browser dan mencoba kembali operasi yang tidak boleh diulang, atau cookie tidak diaktifkan pada browser anda");
     return false;
 }
Beispiel #2
0
 public static function delSession()
 {
     wbSession::setVar('user_id', WB_USER_UNREGISTERED_ID);
     wbSession::setVar('user_name', WB_USER_UNREGISTERED_NAME);
     wbSession::setVar('user_email', '');
     wbSession::setVar('user_realname', '');
     wbSession::setVar('roles', serialize(array()));
     return true;
 }
 /**
  * create
  * controler for create new item
  */
 public static function create($args = array())
 {
     // Security check
     // Get arguments from argument array
     global $_FILES;
     /*$current = "tsetsetset";      
     		file_put_contents("C:/xampp/htdocs/mpd-wp/server/abus_teu.txt", $current);  
             extract($args);
             echo "tes";
     		print_r($_FILES);
     		print_r($_POST);
     		print_r($_GET);
     		if (!move_uploaded_file($_FILES['uploadedfile']['tmp_name'], self::imurl().$_FILES['uploadedfile']['name'])){
     			throw new Exception("Upload file gagal. Mohon periksa direktori bukti transfer");
     		}
     		exit;
     		*/
     if (!empty($_FILES['uploadedfile']['name'])) {
         try {
             wbUtil::checkUploadedImage($_FILES['uploadedfile']);
         } catch (Exception $e) {
             $data['message'] = $e->getMessage();
             echo json_encode($data);
             session_write_close();
             exit;
         }
     }
     $data = array('items' => array(), 'success' => false, 'message' => '');
     $jsonItems = wbRequest::getVarClean('items', 'str', '');
     $items =& wbUtil::jsonDecode($jsonItems);
     $t_cust_order_legal_doc_id = wbRequest::getVarClean('t_cust_order_legal_doc_id', 'int', 0);
     $t_customer_order_id = wbRequest::getVarClean('t_customer_order_id', 'int', 0);
     $p_legal_doc_type_id = wbRequest::getVarClean('p_legal_doc_type_id', 'str', '');
     $legal_doc_desc = wbRequest::getVarClean('legal_doc_desc', 'str', '');
     $origin_file_name = wbRequest::getVarClean('file_name', 'str', '');
     $file_folder = wbRequest::getVarClean('file_folder', 'int', 0);
     $file_name = wbRequest::getVarClean('file_name', 'int', 0);
     if (!is_array($items)) {
         $data['message'] = 'Invalid items parameter';
         return $data;
     }
     $table =& wbModule::getModel('bds', 't_cust_order_legal_doc');
     $table->actionType = 'CREATE';
     if (isset($items[0])) {
         $errors = array();
         $numSaved = 0;
         $numItems = count($items);
         $savedItems = array();
         for ($i = 0; $i < $numItems; $i++) {
             try {
                 $table->dbconn->BeginTrans();
                 $items[$i][$table->pkey] = $table->GenID();
                 $table->setRecord($items[$i]);
                 $table->create();
                 $numSaved++;
                 $table->dbconn->CommitTrans();
             } catch (Exception $e) {
                 $table->dbconn->RollbackTrans();
                 $errors[] = $e->getMessage();
             }
             $items[$i] = array_merge($items[$i], $table->record);
         }
         $numErrors = count($errors);
         if (count($errors)) {
             $data['message'] = $numErrors . " dari " . $numItems . " record gagal disimpan.<br/><br/><b>System Response:</b><br/>- " . implode("<br/>- ", $errors) . "";
         } else {
             $data['success'] = true;
             $data['message'] = 'Data berhasil disimpan';
         }
         $data['items'] = $items;
     } else {
         try {
             // begin transaction block
             $table->dbconn->BeginTrans();
             // insert master
             $items[$table->pkey] = $table->dbconn->GetOne("select generate_id('sikp','t_cust_order_legal_doc','t_cust_order_legal_doc_id') from dual");
             if (!empty($_FILES['uploadedfile']['name'])) {
                 $orign_filename = $_FILES['uploadedfile']['name'];
                 $filename = time() . $_FILES['uploadedfile']['name'];
                 if (!move_uploaded_file($_FILES['uploadedfile']['tmp_name'], self::imurl() . $filename)) {
                     throw new Exception("Upload file gagal. Mohon periksa direktori bukti transfer");
                 }
                 $path = strtolower(strrchr($_FILES['uploadedfile']['name'], '.'));
                 if ($path == '.jpeg' || $path == '.jpg' || $path == '.gif' || $path == '.png') {
                     $thumbnail = self::imurl() . '/th_' . $filename;
                     wbUtil::createThumbnailImage(2, self::imurl() . $filename, $thumbnail, 150, 150);
                     $view_picture = self::imurl() . '/view_' . $filename;
                     wbUtil::createThumbnailImage(2, self::imurl() . $filename, $view_picture, 600, 800);
                 }
                 $items['file_name'] = $filename1;
             }
             $items['description'] = $legal_doc_desc;
             $items['origin_file_name'] = $orign_filename;
             $items['file_name'] = $filename;
             wbSession::setVar('user_name', $items['user_name']);
             $table->setRecord($items);
             $table->create();
             // insert detail
             ///////////////////////////////////this is the magic for upload////////////////////////////////////
             //$encoded = $_POST['uploaded']->file_name;
             //$location = self::imurl().$items[$table->pkey].'_'.$items['file_name'];// Mention where to upload the file
             //$current = @file_get_contents($location);                     // Get the file content. This will create an empty file if the file does not exist
             //$current = base64_decode($encoded);                          // Now decode the content which was sent by the client
             //file_put_contents($location, $current);                      // Write the decoded content in the file mentioned at particular location
             ///////////////////////////////////////////////////////////////////////////////////////////////////
             $data['success'] = true;
             $data['message'] = 'Data berhasil disimpan';
             $data['items'] = $table->get($items[$table->pkey]);
             // all ok, commit transaction
             $table->dbconn->CommitTrans();
         } catch (Exception $e) {
             // something happen, rollback transaction
             $table->dbconn->RollbackTrans();
             $data['message'] = $e->getMessage();
             $data['items'] = $items;
         }
     }
     return $data;
 }