public function testFlashMessage()
{
$h = new App($this->container);
$s = new Session();
$this->assertEmpty($h->flashMessage());
$s->flash('test & test');
$this->assertEquals('<div class="alert alert-success alert-fade-out">test & test</div>', $h->flashMessage());
$this->assertEmpty($h->flashMessage());
$this->assertEmpty($h->flashMessage());
$s->flashError('test & test');
$this->assertEquals('<div class="alert alert-error">test & test</div>', $h->flashMessage());
$this->assertEmpty($h->flashMessage());
}
/**
* Send the email notifications
*
* @access public
* @param string $template Template name
* @param array $users List of users
* @param array $data Template data
*/
public function sendEmails($template, array $users, array $data)
{
try {
$author = '';
if (Session::isOpen() && $this->userSession->isLogged()) {
$author = e('%s via Kanboard', $this->user->getFullname($this->session['user']));
}
$mailer = Swift_Mailer::newInstance($this->container['mailer']);
foreach ($users as $user) {
$this->container['logger']->debug('Send email notification to ' . $user['username'] . ' lang=' . $user['language']);
$start_time = microtime(true);
// Use the user language otherwise use the application language (do not use the session language)
if (!empty($user['language'])) {
Translator::load($user['language']);
} else {
Translator::load($this->config->get('application_language', 'en_US'));
}
// Send the message
$message = Swift_Message::newInstance()->setSubject($this->getMailSubject($template, $data))->setFrom(array(MAIL_FROM => $author ?: 'Kanboard'))->setBody($this->getMailContent($template, $data), 'text/html')->setTo(array($user['email'] => $user['name'] ?: $user['username']));
$mailer->send($message);
$this->container['logger']->debug('Email sent in ' . round(microtime(true) - $start_time, 6) . ' seconds');
}
} catch (Swift_TransportException $e) {
$this->container['logger']->error($e->getMessage());
}
// Restore locales
$this->config->setupTranslations();
}
function logout($module, $interface, $date, $start_time, $offset, $count)
{
$response = \Core\Response::getInstance()->response();
$session = \Core\Session::getInstance($response);
$session->delete();
include ST_ROOT . '/Views/login.tpl.php';
}
/**
* 退出登录
*/
public function out()
{
$admin = \Model\Authorize\Admin::login_admin();
\Db\Log::message('退出', '退出系统', $admin->admin_name);
\Core\Session::destory();
redirect(\Core\URI::a2p(array('main' => 'index')));
}
public function __construct()
{
//turn on output buffering
ob_start();
//site address
define('DIR', 'http://localhost/private/seanmin/');
//set default controller and method for legacy calls
define('DEFAULT_CONTROLLER', 'welcome');
define('DEFAULT_METHOD', 'index');
//set the default template
define('TEMPLATE', 'default');
//set a default language
define('LANGUAGE_CODE', 'en');
//database details ONLY NEEDED IF USING A DATABASE
define('DB_TYPE', 'mysql');
define('DB_HOST', 'seanmincom.ipagemysql.com');
define('DB_NAME', 'seanmin');
define('DB_USER', 'sean');
define('DB_PASS', '*86868686*');
define('PREFIX', '');
//set prefix for sessions
define('SESSION_PREFIX', 'smvc_');
//optionall create a constant for the name of the site
define('SITETITLE', 'SEANMIN');
//optionall set a site email address
//define('SITEEMAIL', '');
//turn on custom error handling
set_exception_handler('Core\\Logger::ExceptionHandler');
set_error_handler('Core\\Logger::ErrorHandler');
//set timezone
date_default_timezone_set('America/Toronto');
//start sessions
Session::init();
}
/**
* 检查是否登录
*/
function check_auth()
{
// 如果配置中管理员用户名密码为空则说明不用验证
if (Config\Config::$adminName == '' && Config\Config::$adminPassword == '') {
return true;
}
// 进入验证流程
$response = \Core\Response::getInstance()->response();
$session = \Core\Session::getInstance($response);
$session->start();
if (!isset($_SESSION['admin'])) {
if (!isset($_POST['admin_name']) || !isset($_POST['admin_password'])) {
include ST_ROOT . '/Views/login.tpl.php';
return _exit();
} else {
$admin_name = $_POST['admin_name'];
$admin_password = $_POST['admin_password'];
if ($admin_name != Config\Config::$adminName || $admin_password != Config\Config::$adminPassword) {
$msg = "用户名或者密码不正确";
include ST_ROOT . '/Views/login.tpl.php';
return _exit();
}
$_SESSION['admin'] = $admin_name;
$_GET['fn'] = 'main';
}
}
$session->save();
return true;
}
/**
* @test
* 已经登陆的Seesion状态
*/
public function user_has_login()
{
$request = new Simple('Get', 'Index', 'Login', 'Status');
\Core\Session::getInstance()->login = 1;
$this->getApplication()->getDispatcher()->dispatch($request);
$this->assertEquals(1, $this->getView()->login);
}
public static function login()
{
if (\Core\Session::authenticated()) {
header('Location: ' . \Config::$base) || exit;
}
$vars = array('js' => array('https://login.persona.org/include.js', 'public/js/auth/' . __FUNCTION__ . '.js'));
\Core\View::show('auth/' . __FUNCTION__, $vars);
}
/**
* Gets the CSRF token of the current session
*
* @return string Returns the token
*/
public static function getSessionToken() : string
{
try {
$token = Session::get(self::CSRF_TOKEN_LABEL);
} catch (\Exception $e) {
$token = false;
}
return $token;
}
/**
* Main controller interceptor for all multi upload methods with this utility.
*/
public function index()
{
$request = $this->getPageRequest();
$view = $this->getView();
// This page is ALWAYS json.
$view->contenttype = View::CTYPE_JSON;
$view->mode = View::MODE_AJAX;
if (!is_array(\Core\Session::Get('multifileinputobjects'))) {
return View::ERROR_BADREQUEST;
}
// Whatever the method, it should have a matching key that identifies which form it came from,
// (since that form element has the metadata attached to it)
// This can either be in the POST (for full uploads), or in the headers.
$key = false;
if (isset($_POST['key'])) {
$key = $_POST['key'];
}
if (isset($_SERVER['HTTP_X_KEY'])) {
$key = $_SERVER['HTTP_X_KEY'];
}
if (!$key) {
return View::ERROR_BADREQUEST;
}
// The key also must exist!
if (!isset(\Core\Session::Get('multifileinputobjects')[$key])) {
return View::ERROR_BADREQUEST;
}
$this->_formelement = unserialize(\Core\Session::Get('multifileinputobjects')[$key]['obj']);
if ($request->method == View::METHOD_POST) {
//var_dump($_SERVER);die();
// Damn browsers that don't support DELETE...
if (isset($_REQUEST['_method']) && $_REQUEST['_method'] === 'DELETE') {
$view->jsondata = $this->_doDelete();
} elseif (sizeof($_FILES)) {
$view->jsondata = $this->_doPost();
} elseif (isset($_SERVER['HTTP_CONTENT_DISPOSITION'])) {
$view->jsondata = $this->_doStream();
} else {
// NO COOKIE FOR YOU!
return View::ERROR_BADREQUEST;
}
/*fix for IE not handling XMLHTTPRequest file uploads correctly */
header('Vary: Accept');
if (isset($_SERVER['HTTP_ACCEPT']) && strpos($_SERVER['HTTP_ACCEPT'], 'application/json') !== false) {
$view->contenttype = "application/json";
} else {
//$view->contenttype = "text/plain";
$view->mode = View::MODE_NOOUTPUT;
echo json_decode($view->jsondata);
}
/*end IE fix*/
} else {
// What, it's not a post even?
return View::ERROR_BADREQUEST;
}
}
/**
* Common method to get a project
*
* @access protected
* @param integer $project_id Default project id
* @return array
*/
protected function getProject($project_id = 0)
{
$project_id = $this->request->getIntegerParam('project_id', $project_id);
$project = $this->project->getById($project_id);
if (!$project) {
$this->session->flashError(t('Project not found.'));
$this->response->redirect('?controller=project');
}
$this->checkProjectPermissions($project['id']);
return $project;
}
public static function login_admin()
{
static $admin = NULL;
if (empty($admin)) {
$admin_id = \Core\Session::get('admin_id');
if (!empty($admin_id)) {
$admin = \DB\Authorize\Admin::row(array('admin_id' => $admin_id));
}
}
return $admin;
}
public function __construct()
{
require_once 'config.php';
try {
/** @var mixed $db2 Data Base settings from config.php */
$this->connection = new PDO("mysql:host=" . $db2['host'] . ";dbname=" . $db2['name'], $db2['user'], $db2['password']);
$this->connection->exec("SET NAMES utf8");
} catch (PDOException $e) {
echo $e->getMessage();
}
$this->cashier = Session::get('cashier');
}
/**
* Save user session and render the final layout template
*/
public function send()
{
\Core\Session::save();
headers_sent() or header('Content-Type: text/html; charset=utf-8');
$layout = new \Core\View($this->template);
$layout->set((array) $this);
print $layout;
$layout = NULL;
if (config()->debug_mode) {
print new \Core\View('System/Debug');
}
}
public function setValue($value)
{
if (!$value) {
$this->_error = $this->get('title') . ' is required.';
return false;
}
if ($value != \Core\Session::Get('captcha')) {
$this->_error = $this->get('title') . ' does not match image.';
return false;
}
parent::setValue('');
}
public static function login_user($user_id = null)
{
static $user = NULL;
if (empty($user)) {
if (is_null($user_id)) {
$user_id = \Core\Session::get('user_id');
}
if (!empty($user_id)) {
$user = \DB\Account\User::row(array('user_id' => $user_id));
}
}
return $user;
}
/**
* Get a config variable from the session or the database
*
* @access public
* @param string $name Parameter name
* @param string $default_value Default value of the parameter
* @return string
*/
public function get($name, $default_value = '')
{
if (!Session::isOpen()) {
$value = $this->db->table(self::TABLE)->eq('option', $name)->findOneColumn('value');
return $value ?: $default_value;
}
if (!isset($_SESSION['config'][$name])) {
$_SESSION['config'] = $this->getAll();
}
if (!empty($_SESSION['config'][$name])) {
return $_SESSION['config'][$name];
}
return $default_value;
}
public function render()
{
if (!$this->get('basedir')) {
throw new Exception('MultiFileInput cannot be rendered without a basedir attribute!');
}
// Make sure it ends with a trailing slash.
if (substr($this->get('basedir'), -1) != '/') {
$this->_attributes['basedir'] .= '/';
}
//var_dump($_SESSION['multifileinputobjects'], serialize($this->_attributes)); die();
// This is a slightly different element than the traditional form system, as it must be able to be called without
// the rest of the form system on submit.
// This is because this system will do an ajax submit to do the actual upload.
if (!is_array(\Core\Session::Get('multifileinputobjects'))) {
\Core\Session::Set('multifileinputobjects', []);
}
// I don't need this key to be cryptographically secure, just generally unique.
$key = md5(serialize($this->_attributes));
foreach (\Core\Session::Get('multifileinputobjects') as $obj) {
if (!isset($obj['key'])) {
continue;
}
if ($obj['key'] == $key) {
$this->set('id', $obj['id']);
}
}
if (!isset($this->_attributes['id'])) {
// This system requires a valid id.
$this->set('id', 'multifileinput-' . Core::RandomHex('2'));
}
$this->set('key', $key);
$this->set('uploadkey', $key);
// Convert the string representation of a filesize to the raw bytes.
$size = strtoupper(str_replace(' ', '', ini_get('upload_max_filesize')));
if (strpos($size, 'G') !== false) {
$size = preg_replace('/[^0-9]/', '', $size);
$size = $size * (1024 * 1024 * 1024);
} elseif (strpos($size, 'M') !== false) {
$size = preg_replace('/[^0-9]/', '', $size);
$size = $size * (1024 * 1024);
} elseif (strpos($size, 'K') !== false) {
$size = preg_replace('/[^0-9]/', '', $size);
$size = $size * 1024;
}
$this->set('maxsize', $size);
// Now that the session variable has been initialized, the traditional session variable is reliable.
$_SESSION['multifileinputobjects'][$key] = array('obj' => serialize($this), 'key' => $key, 'id' => $this->_attributes['id']);
return parent::render();
}
/**
* 初始化
* @return void
*/
public static function boot()
{
// 目录定义
self::structure();
// 初始化环境
self::environment();
// 加载配置
Config::configure(CONFIG);
// 数据检查
Validate::validity();
// session初始化
Session::start();
// 调度程序
Dispatcher::dispatch();
}
/**
*
* Cria um link
*
* @param string $label
* @param string $url
* @param array $options
* @return string
*/
public function linkPermissao($label, $url, $options = [])
{
if (!is_array($url)) {
return $this->link($label, $url, $options);
}
$defautl = ['action' => $this->request->action, 'controller' => $this->request->controller, 'path' => $this->request->path];
$url = array_merge($defautl, $url);
$_url = $this->request->prepareUrl($url);
$Menu = new \App\Model\Table\MenusTable();
$find = $Menu->where('path', $_url['path'])->where('controller', $_url['controller'])->where('action', $_url['action'])->where(\Core\Session::read('Auth.User.tipo') == 1 ? 'administrador' : 'tosador', 1)->find();
if (!empty($find)) {
return $this->link($label, $url, $options);
}
return null;
}
public function testGetWithSession()
{
$this->container['session'] = new Session();
$c = new Config($this->container);
session_id('test');
$this->assertTrue(Session::isOpen());
$this->assertEquals('', $c->get('board_columns'));
$this->assertEquals('test', $c->get('board_columns', 'test'));
$this->container['session']['config'] = array('board_columns' => 'foo', 'empty_value' => 0);
$this->assertEquals('foo', $c->get('board_columns'));
$this->assertEquals('foo', $c->get('board_columns', 'test'));
$this->assertEquals('test', $c->get('empty_value', 'test'));
session_id('');
unset($this->container['session']);
}
public function __construct(Request $request, &$session = null)
{
// Attempt to load a Person object from the session cookie
if ($accessToken = $request->cookie(self::COOKIE)) {
$person = new Model\Person();
if ($person->loadByAccess_Token($accessToken)) {
// Cache the logged in user object
$this->user = $person;
}
}
parent::__construct($request, $session);
// Set backto from querystring
if ($backto = $this->request->get('backto')) {
$this->set('backto', $backto);
}
}
/**
* Get the list of users to send the notification for a given project
*
* @access public
* @param integer $project_id Project id
* @param array $exlude_users List of user_id to exclude
* @return array
*/
public function getUsersList($project_id, array $exclude_users = array())
{
// Exclude the connected user
if (Session::isOpen()) {
$exclude_users[] = $this->acl->getUserId();
}
$users = $this->getUsersWithNotification($project_id, $exclude_users);
foreach ($users as $index => $user) {
$projects = $this->db->table(self::TABLE)->eq('user_id', $user['id'])->findAllByColumn('project_id');
// The user have selected only some projects
if (!empty($projects)) {
// If the user didn't select this project we remove that guy from the list
if (!in_array($project_id, $projects)) {
unset($users[$index]);
}
}
}
return $users;
}
public static function start()
{
try {
$url_path = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
$uri_parts = explode('/', trim($url_path, ' /'));
$module = array_shift($uri_parts);
empty($uri_parts[0]) ? $controllerName = 'Main' : ($controllerName = $uri_parts[0]);
empty($uri_parts[1]) ? $action = 'index' : ($action = $uri_parts[1]);
if (count($uri_parts) % 2) {
throw new Exception('Неверное количество параметров запроса');
}
$params = null;
for ($i = 2; $i < count($uri_parts); $i++) {
$params[$uri_parts[$i]] = $uri_parts[++$i];
}
if ($params !== null) {
$_REQUEST = array_merge($_REQUEST, $params);
}
Session::start();
if (!array_key_exists('isAuthorize', $_SESSION)) {
Session::set('isAuthorize', false);
}
if (!Session::get('isAuthorize')) {
$controllerName = 'Login';
$action = 'login';
$_SERVER['REQUEST_URI'] = '/kassa/login';
}
$controllerName = 'controllers\\' . $controllerName . 'Controller';
$action = $action . '_action';
if (!class_exists($controllerName)) {
throw new Exception('Запрашеваемой страницы не существует: ' . $controllerName);
}
$controller = new $controllerName();
if (!method_exists($controller, $action)) {
throw new Exception('Указаного действия не существует:' . $action);
}
$controller->{$action}();
} catch (Exception $e) {
echo $e->getMessage();
}
}
public function changepw()
{
$password = \Core\URI::kv('password');
$new_password = \Core\URI::kv('new_password');
$repeat_password = \Core\URI::kv('repeat_password');
$v = new \Core\Validation();
$v->required($password)->message('密码');
$v->required($new_password)->message('新密码不能为空');
$v->filter_var($new_password == $repeat_password)->message('重复新密码不正确');
if (!$v->has_error()) {
$authorize_id = \Core\Session::get('authorize_id');
$row = \DB\Authorize::row(array('authorize_id' => $authorize_id));
$gen_password = \DB\Authorize::gen_password($password);
if ($gen_password == $row->authorize_password) {
$row->authorize_password = \DB\Authorize::gen_password($new_password);
$row->save();
$v->required(false)->message('密码修改成功,退出当前登录生效');
} else {
$v->required(false)->message('原始密码不正确');
}
}
echo json_encode($v->get_error());
exit;
}
public function wuchao()
{
$user_id = \Core\URI::kv('user_id', 5);
\Core\Session::set('user_id', $user_id);
echo "设置测试帐号:{$user_id}";
}
/**
* Modify a new user
*
* @access public
* @param array $values Form values
* @return array
*/
public function update(array $values)
{
$this->prepare($values);
$result = $this->db->table(self::TABLE)->eq('id', $values['id'])->update($values);
// If the user is connected refresh his session
if (Session::isOpen() && $this->userSession->getId() == $values['id']) {
$this->userSession->refresh();
}
return $result;
}
/**
* Redirection when there is no project in the database
*
* @access protected
*/
protected function redirectNoProject()
{
$this->session->flash(t('There is no active project, the first step is to create a new project.'));
$this->response->redirect('?controller=project&action=create');
}
public static function get()
{
return static::findById(Session::get('id'));
}
/**
* Internal function to parse and handle the configs in the theme.xml file.
* This is used for installations and upgrades.
*
* Returns false if nothing changed, else will return the configuration options changed.
*
* @param boolean $install Set to false to force uninstall/disable mode.
* @param int $verbosity (default 0) 0: standard output, 1: real-time, 2: real-time verbose output.
*
* @return false | array
*
* @throws \InstallerException
*/
public function _parseConfigs($install = true, $verbosity = 0)
{
// Keep track of if this changed anything.
$changes = array();
$action = $install ? 'Installing' : 'Uninstalling';
$set = $install ? 'Set' : 'Unset';
\Core\Utilities\Logger\write_debug($action . ' configs for ' . $this->getName());
// I need to get the schema definitions first.
$node = $this->_xmlloader->getElement('configs');
//$prefix = $node->getAttribute('prefix');
// Now, get every table under this node.
foreach ($node->getElementsByTagName('config') as $confignode) {
/** @var \DOMElement $confignode */
$key = $confignode->getAttribute('key');
$options = $confignode->getAttribute('options');
$type = $confignode->getAttribute('type');
$default = $confignode->getAttribute('default');
$title = $confignode->getAttribute('title');
$description = $confignode->getAttribute('description');
$mapto = $confignode->getAttribute('mapto');
$encrypted = $confignode->getAttribute('encrypted');
$formAtts = $confignode->getAttribute('form-attributes');
if ($encrypted === null || $encrypted === '') {
$encrypted = '0';
}
if ($verbosity == 2) {
CLI::PrintActionStart($action . ' config ' . $key);
}
// Themes only allow for keys starting with "/theme/"!
// This is to encourage that all themes share a common subset of configuration options.
// EG: if the end user sees: "Site Logo", "Business Address", "Business Phone" on one theme,
// they would be expecting to see those same options with the same values if they change the theme,
// (and the new theme supports those same options).
if (strpos($key, '/theme/') !== 0) {
trigger_error('Please ensure that all config options in themes start with "/theme/"! (Mismatched config found in ' . $this->getName() . ':' . $key, E_USER_NOTICE);
continue;
}
// Default if omitted.
if (!$type) {
$type = 'string';
}
$m = \ConfigHandler::GetConfig($key);
$m->set('options', $options);
$m->set('type', $type);
$m->set('default_value', $default);
$m->set('title', $title);
$m->set('description', $description);
$m->set('mapto', $mapto);
$m->set('encrypted', $encrypted);
$m->set('form_attributes', $formAtts);
// Default from the xml, only if it's not already set.
if ($m->get('value') === null || !$m->exists()) {
$m->set('value', $confignode->getAttribute('default'));
}
// Allow configurations to overwrite any value. This is useful on the initial installation.
if (is_array(\Core\Session::Get('configs')) && isset(\Core\Session::Get('configs')[$key])) {
$m->set('value', \Core\Session::Get('configs')[$key]);
}
if ($m->save()) {
$changes[] = $set . ' configuration [' . $m->get('key') . '] to [' . $m->get('value') . ']';
if ($verbosity == 2) {
CLI::PrintActionStatus(true);
}
} else {
if ($verbosity == 2) {
CLI::PrintActionStatus('skip');
}
}
// Make it available immediately
\ConfigHandler::CacheConfig($m);
}
return sizeof($changes) ? $changes : false;
}
