function createtask_POST(Web &$w)
{
$w->Task->navigation($w, "Create Task");
// unserialise input from step I and store in array: arr_req
$arr_req = unserialize($w->request('formone'));
// set relevant dt variables with: Today.
$arr_req['dt_assigned'] = Date('c');
$arr_req['dt_first_assigned'] = Date('c');
// insert Task into database
$task = new Task($w);
$task->fill($arr_req);
$task->insert();
// if insert is successful, store additional fields as task data
// we do not want to store data from step I, the task_id (as a key=>value pair) nor the FLOW_SID
if ($task->id) {
foreach ($_POST as $name => $value) {
if ($name != "formone" && $name != "FLOW_SID" && $name != "task_id" && $name !== CSRF::getTokenID()) {
$tdata = new TaskData($w);
$arr = array("task_id" => $task->id, "key" => $name, "value" => $value);
$tdata->fill($arr);
$tdata->insert();
unset($arr);
}
}
// return to task dashboard
$w->msg("Task " . $task->title . " added", "/task/viewtask/" . $task->id);
} else {
// if task insert was unsuccessful, say as much
$w->msg("The Task could not be created. Please inform the IT Group", "/task/index/");
}
}
function configwidget_POST(Web $w)
{
$p = $w->pathMatch("origin", "id");
// "origin", "source", "widget");
// $widget = $w->Widget->getWidget($p["origin"], $p["source"], $p["widget"]);
$widget = $w->Widget->getWidgetById($p["id"]);
// $widgetname = $p["widget"];
if (empty($widget->id)) {
$w->error("Widget not found", "/{$p['origin']}");
}
$vars = $_POST;
unset($vars[CSRF::getTokenID()]);
$widget->custom_config = json_encode($vars);
$widget->update();
$w->msg("Widget updated", "/{$p['origin']}");
}
function editsettings_POST(Web $w)
{
$w->setLayout(null);
$p = $w->pathMatch("id");
$id = $p["id"];
if (!$id) {
$w->error("Missing parameter in request", "/channels/listprocessors");
}
// Remove CSRF token from request
$post = $_POST;
if (!empty($post[CSRF::getTokenID()])) {
unset($post[CSRF::getTokenID()]);
}
$processor = $w->Channel->getProcessor($id);
if (empty($processor->id)) {
$w->error("Invalid processor ID", "/channels/listprocessors");
}
$processor->settings = json_encode($post);
$processor->update();
$w->msg("Processor settings saved", "/channels/listprocessors");
}
function starttimelog_ALL(Web &$w)
{
$p = $w->pathMatch("id");
if (!empty($_POST['started']) && $_POST["started"] == "yes") {
// get time log
$log = $w->Task->getTimeLogEntry($_POST['logid']);
// update time log entry
$log->dt_end = date("Y-m-d G:i");
$log->update();
// set page variables
$start = date("Y-m-d G:i", $log->dt_start);
$end = $log->dt_end;
$taskid = $_POST['taskid'];
$tasktitle = $_POST['tasktitle'];
$logid = $_POST['logid'];
} else {
// get the task
$task = $w->Task->getTask($p['id']);
// set time log values
$arr["task_id"] = $task->id;
$arr["creator_id"] = $_SESSION["user_id"];
$arr["dt_created"] = date("d/m/Y");
$arr["user_id"] = $_SESSION["user_id"];
// format start and end times for database
$start = $arr["dt_start"] = date("Y-m-d G:i");
$end = $arr["dt_end"] = date("Y-m-d G:i");
// add time log entry
$log = new TaskTime($w);
$log->fill($arr);
$log->insert();
// set page variables
$taskid = $task->id;
$tasktitle = $task->title;
$logid = $log->id;
}
// create page
$html = "<html><head><title>Task Time Log - " . $task->title . "</title>" . "<style type=\"text/css\">" . "body { background-color: #8ad228; }" . "td { background-color: #ffffff; color: #000000; font-family: verdana, arial; font-weight: bold; font-size: .8em; }" . "td.startend { background-color: #d2efab; color: #000000; font-family: verdana, arial; font-weight: bold; font-size: .9em; }" . "td.timelog { background-color: #75ba4d; color: #000000; font-family: verdana, arial; font-weight: bold; font-size: .9em; }" . "td.tasktitle { background-color: #9fea72; color: #000000; font-family: verdana, arial; font-weight: bold; font-size: .8em; }" . "a { text-decoration: none; } " . "a:hover { color: #ffffff; } " . "</style>" . "<script language=\"javascript\">" . "var thedate = new Date();" . "thedate.setDate(thedate.getDate()+1);" . "document.cookie = \"thiswin=true;expires=\" + thedate.toGMTString() + \";path=/\";" . "function doUnLoading() {" . "\tvar thedate = new Date();" . "\tthedate.setDate(thedate.getDate()-1);" . "\tdocument.cookie = \"thiswin=true;expires=\" + thedate.toGMTString() + \";path=/\";" . "\tdocument.theForm.action = \"/task/endtimelog\";" . "\tdocument.theForm.submit();" . "}" . "function beforeUnLoading() {" . "\tdocument.theForm.restart.value = \"yes\";" . "\tdoUnLoading();" . "}" . "function goTask() {" . "\twindow.opener.location.href = \"/task/edit/" . $taskid . "\";" . "}" . "</script></head><body leftmargin=0 topmargin=0 marginwidth=0 marginheight=0 onbeforeunload=\"javascript: doUnLoading();\">" . "<form name=theForm action=\"/task/starttimelog\" method=POST>" . "<input type=\"hidden\" name=\"" . CSRF::getTokenID() . "\" value=\"" . CSRF::getTokenValue() . "\" />" . "<table cellpadding=2 cellspacing=2 border=0 width=100%>" . "<tr align=center><td colspan=2 class=timelog>Task Time Log</td></tr>" . "<tr align=center><td colspan=2 class=tasktitle><a title=\"View Task\" href=\"javascript: goTask();\">" . $tasktitle . "</a></td></tr>" . "<tr align=center><td width=50% class=startend>Start</td><td width=50% class=startend>Stop</td></tr>" . "<tr align=center><td>" . date("g:i a", strtotime($start)) . "</td><td>" . date("g:i a", strtotime($end)) . "</td></tr>" . "<tr align=center><td colspan=2 class=timelog> </td></tr>" . "<tr><td colspan=2 class=startend>Comments</td></tr>" . "<tr><td colspan=2 align=center><textarea name=comments rows=4 cols=40>" . (!empty($_POST['comments']) ? $_POST['comments'] : '') . "</textarea></td></tr>" . "<tr align=center>" . "<td class=timelog align=right><button id=end onClick=\"javascript: beforeUnLoading();\">Save Comments</button></td>" . "<td class=timelog align=left><button id=end onClick=\"javascript: doUnLoading();\">Stop Time Now</button></td>" . "</tr>" . "</table>" . "<input type=hidden name=started value=\"yes\">" . "<input type=hidden name=restart value=\"no\">" . "<input type=hidden name=taskid value=\"" . $taskid . "\">" . "<input type=hidden name=tasktitle value=\"" . $tasktitle . "\">" . "<input type=hidden name=logid value=\"" . $logid . "\">" . "</form>" . "<script language=javascript>" . "document.theForm.comments.focus();" . "var r = setTimeout('theForm.submit()',1000*60*5);" . "</script>" . "</body></html>";
// output page
$w->setLayout(null);
$w->out($html);
}
/**
* start processing of request
* 1. look at the request parameter if the action parameter was set
* 2. if not set, look at the pathinfo and use first
*/
function start()
{
$this->initDB();
// start the session
// $sess = new SessionManager($this);
session_name(SESSION_NAME);
session_start();
// Initialise the logger (needs to log "info" to include the request data, see LogService __call function)
$this->Log->info("info");
// Generate CSRF tokens and store them in the $_SESSION
CSRF::getTokenID();
CSRF::getTokenValue();
$_SESSION['last_request'] = time();
//$this->debug("Start processing: ".$_SERVER['REQUEST_URI']);
// find out which module to use
$module_found = false;
$action_found = false;
$this->_paths = $this->_getCommandPath();
// based on request domain we can route everything to a frontend module
// look into the domain routing and prepend the module
$routing = Config::get('domain.route');
$domainmodule = isset($routing[$_SERVER['HTTP_HOST']]) ? $routing[$_SERVER['HTTP_HOST']] : null;
if (!empty($domainmodule)) {
$this->_loginpath = "auth";
$this->_isFrontend = true;
// now we have to decide whether the path points to
// a) a single top level action
// b) an action on a submodule
// but we need to make sure not to mistake a path paramater for a submodule or an action!
$domainsubmodules = $this->getSubmodules($domainmodule);
$action_or_module = !empty($this->_paths[0]) ? $this->_paths[0] : null;
if (!empty($domainsubmodules) && !empty($action_or_module) && array_search($action_or_module, $domainsubmodules) !== false) {
// just add the module to the first path entry, eg. frontend-page/1
$this->_paths[0] = $domainmodule . "-" . $this->_paths[0];
} else {
// add the module as an entry to the front of paths, eg. frontent/index
array_unshift($this->_paths, $domainmodule);
}
}
// continue as usual
// first find the module file
if ($this->_paths && sizeof($this->_paths) > 0) {
$this->_module = array_shift($this->_paths);
}
// then find the action
if ($this->_paths && sizeof($this->_paths) > 0) {
$this->_action = array_shift($this->_paths);
}
if (!$this->_module) {
$this->_module = $this->_defaultHandler;
}
// see if the module is a sub module
// eg. /sales-report/showreport/1..
$hsplit = explode("-", $this->_module);
$this->_module = array_shift($hsplit);
$this->_submodule = array_shift($hsplit);
// Check to see if the module is active (protect against main disabling)
if (null !== Config::get("{$this->_module}.active") && !Config::get("{$this->_module}.active") && $this->_module !== "main") {
$this->error("The {$this->_module} module is not active, you can change it's active state in it's config file.", "/");
}
if (!$this->_action) {
$this->_action = $this->_defaultAction;
}
// try to load the action file
$reqpath = $this->getModuleDir($this->_module) . 'actions/' . ($this->_submodule ? $this->_submodule . '/' : '') . $this->_action . '.php';
if (!file_exists($reqpath)) {
$reqpath = $this->getModuleDir($this->_module) . $this->_module . ($this->_submodule ? '.' . $this->_submodule : '') . ".actions.php";
}
// try to find action for the request type
// using <module>_<action>_<type>()
// or just <action>_<type>()
$this->_requestMethod = $_SERVER['REQUEST_METHOD'];
$actionmethods[] = $this->_action . '_' . $this->_requestMethod;
$actionmethods[] = $this->_action . '_ALL';
// Check/validate CSRF token
$this->validateCSRF();
// Taking out the CSRF regeneration until more testing can be done
// if ($this->_requestMethod == 'post') {
// CSRF::regenerate();
// }
//
// if a module file for this url exists, then start processing
//
if (file_exists($reqpath)) {
$this->ctx('webroot', $this->_webroot);
$this->ctx('module', $this->_module);
$this->ctx('submodule', $this->_module);
$this->ctx('action', $this->_action);
// CHECK ACCESS!!
$this->checkAccess();
// will redirect if access denied!
// load the module file
require_once $reqpath;
} else {
$this->Log->error("System: No Action found for: " . $reqpath);
$this->notFoundPage();
}
foreach ($actionmethods as $action_method) {
if (function_exists($action_method)) {
$action_found = true;
$this->_actionMethod = $action_method;
break;
}
}
if ($action_found) {
$this->ctx("loggedIn", $this->Auth->loggedIn());
$this->ctx("error", $this->session('error'));
$this->sessionUnset('error');
$this->ctx("msg", $this->session('msg'));
$this->sessionUnset('msg');
$this->ctx("w", $this);
try {
// call hooks, generic to specific
$this->_callWebHooks("before");
// Execute the action
$method = $this->_actionMethod;
$this->_action_executed = true;
$method($this);
// call hooks, generic to specific
$this->_callWebHooks("after");
} catch (PermissionDeniedException $ex) {
$this->error($ex->getMessage());
}
// send headers first
if ($this->_headers) {
foreach ($this->_headers as $key => $val) {
header($key . ': ' . $val);
}
}
$body = null;
// evaluate template only when buffer is empty
if (sizeof($this->_buffer) == 0) {
$body = $this->fetchTemplate();
} else {
$body = $this->_buffer;
}
// but always check for layout
// if ajax call don't do the layout
if ($this->_layout && !$this->isAjax()) {
$this->_buffer = null;
$this->ctx($this->_layoutContentMarker, $body);
$this->templateOut($this->_layout);
} else {
$this->_buffer = $body;
}
echo $this->_buffer;
} else {
$this->notFoundPage();
}
exit;
}
<form method="POST" action="/auth/login">
<input type="hidden" name="<?php
echo CSRF::getTokenID();
?>
" value="<?php
echo CSRF::getTokenValue();
?>
" />
<label for="login">Login</label>
<input id="login" name="login" type="text" placeholder="Your login" />
<label for="password">Password</label>
<input id="password" name="password" type="password" placeholder="Your password" />
<button type="submit" class="button large-5 small-12">Login</button>
<button type="button" onclick="window.location.href='/auth/forgotpassword';" class="button alert large-5 small-12 right">Forgot Password</button>
</form>
function edit_POST($w)
{
$p = $w->pathMatch("id");
$task = !empty($p["id"]) ? $w->Task->getTask($p["id"]) : new Task($w);
$taskdata = null;
if (!empty($p["id"])) {
$taskdata = $w->Task->getTaskData($p['id']);
}
$task->fill($_POST['edit']);
$task->assignee_id = intval($_POST['edit']['assignee_id']);
if (empty($task->dt_due)) {
$task->dt_due = $w->Task->getNextMonth();
}
$task->insertOrUpdate();
// Tell the template what the task id is (this post action is being called via ajax)
$w->setLayout(null);
$w->out($task->id);
// Get existing task_data objects for this task and update them
$existing_task_data = $w->Task->getTaskData($task->id);
if (!empty($existing_task_data)) {
foreach ($existing_task_data as $e_task_data) {
foreach ($_POST["extra"] as $key => $data) {
if ($key == \CSRF::getTokenId()) {
unset($_POST["extra"][\CSRF::getTokenID()]);
continue;
}
if ($e_task_data->data_key == $key) {
$e_task_data->value = $data;
$e_task_data->update();
unset($_POST["extra"][$key]);
continue;
}
// If we get here then remove the existing data?
// $e_task_data->delete();
}
}
}
// Insert data that didn't exist above as new task_data objects
if (!empty($_POST["extra"])) {
foreach ($_POST["extra"] as $key => $data) {
$tdata = new TaskData($w);
$tdata->task_id = $task->id;
$tdata->data_key = $key;
$tdata->value = $data;
$tdata->insert();
}
}
}
public function open()
{
$buffer = "";
$buffer .= "<form ";
if (!empty($this->accept_charset)) {
$buffer .= "accept-charset='{$this->accept_charset}' ";
}
if (!empty($this->action)) {
$buffer .= "action='{$this->action}' ";
}
if (!empty($this->autocomplete)) {
$buffer .= "autocomplete='{$this->autocomplete}' ";
}
if (!empty($this->enctype)) {
$buffer .= "enctype='{$this->enctype}' ";
}
if (!empty($this->method)) {
$buffer .= "method='{$this->method}' ";
}
if (!empty($this->name)) {
$buffer .= "name='{$this->name}' ";
}
if (!empty($this->novalidate)) {
$buffer .= "novalidate='{$this->novalidate}' ";
}
if (!empty($this->target)) {
$buffer .= "target='{$this->target}' ";
}
if (!empty($this->id)) {
$buffer .= "id='{$this->id}' ";
}
if (!empty($this->_class)) {
$buffer .= "class='{$this->_class}' ";
}
$buffer .= " >";
// Automatically print CSRF token
if (class_exists("CSRF") && !empty($this->method) && $this->method == "POST") {
$buffer .= "<input type='hidden' name='" . \CSRF::getTokenID() . "' value='" . \CSRF::getTokenValue() . "' />";
}
return $buffer;
}
comment_section.append(replyForm);
$("#textarea_comment").focus();
$('#comment_reply_form').submit(function() {
$.ajax({
url : '/admin/ajaxSaveComment/' + comment_id,
type : 'POST',
data : {
'redirect': '<?php
echo $redirect;
?>
',
'comment': $('#textarea_comment').val(),
'<?php
echo \CSRF::getTokenID();
?>
': '<?php
echo \CSRF::getTokenValue();
?>
'
},
complete: function(comment_response) {
toggleModalLoading();
window.location.reload();
// cancelReply(replyForm);
// replyForm.remove();
// delete replyForm;
//
// comment_section.append(comment_response.responseText);
