function starttimelog_ALL(Web &$w) { $p = $w->pathMatch("id"); if (!empty($_POST['started']) && $_POST["started"] == "yes") { // get time log $log = $w->Task->getTimeLogEntry($_POST['logid']); // update time log entry $log->dt_end = date("Y-m-d G:i"); $log->update(); // set page variables $start = date("Y-m-d G:i", $log->dt_start); $end = $log->dt_end; $taskid = $_POST['taskid']; $tasktitle = $_POST['tasktitle']; $logid = $_POST['logid']; } else { // get the task $task = $w->Task->getTask($p['id']); // set time log values $arr["task_id"] = $task->id; $arr["creator_id"] = $_SESSION["user_id"]; $arr["dt_created"] = date("d/m/Y"); $arr["user_id"] = $_SESSION["user_id"]; // format start and end times for database $start = $arr["dt_start"] = date("Y-m-d G:i"); $end = $arr["dt_end"] = date("Y-m-d G:i"); // add time log entry $log = new TaskTime($w); $log->fill($arr); $log->insert(); // set page variables $taskid = $task->id; $tasktitle = $task->title; $logid = $log->id; } // create page $html = "<html><head><title>Task Time Log - " . $task->title . "</title>" . "<style type=\"text/css\">" . "body { background-color: #8ad228; }" . "td { background-color: #ffffff; color: #000000; font-family: verdana, arial; font-weight: bold; font-size: .8em; }" . "td.startend { background-color: #d2efab; color: #000000; font-family: verdana, arial; font-weight: bold; font-size: .9em; }" . "td.timelog { background-color: #75ba4d; color: #000000; font-family: verdana, arial; font-weight: bold; font-size: .9em; }" . "td.tasktitle { background-color: #9fea72; color: #000000; font-family: verdana, arial; font-weight: bold; font-size: .8em; }" . "a { text-decoration: none; } " . "a:hover { color: #ffffff; } " . "</style>" . "<script language=\"javascript\">" . "var thedate = new Date();" . "thedate.setDate(thedate.getDate()+1);" . "document.cookie = \"thiswin=true;expires=\" + thedate.toGMTString() + \";path=/\";" . "function doUnLoading() {" . "\tvar thedate = new Date();" . "\tthedate.setDate(thedate.getDate()-1);" . "\tdocument.cookie = \"thiswin=true;expires=\" + thedate.toGMTString() + \";path=/\";" . "\tdocument.theForm.action = \"/task/endtimelog\";" . "\tdocument.theForm.submit();" . "}" . "function beforeUnLoading() {" . "\tdocument.theForm.restart.value = \"yes\";" . "\tdoUnLoading();" . "}" . "function goTask() {" . "\twindow.opener.location.href = \"/task/edit/" . $taskid . "\";" . "}" . "</script></head><body leftmargin=0 topmargin=0 marginwidth=0 marginheight=0 onbeforeunload=\"javascript: doUnLoading();\">" . "<form name=theForm action=\"/task/starttimelog\" method=POST>" . "<input type=\"hidden\" name=\"" . CSRF::getTokenID() . "\" value=\"" . CSRF::getTokenValue() . "\" />" . "<table cellpadding=2 cellspacing=2 border=0 width=100%>" . "<tr align=center><td colspan=2 class=timelog>Task Time Log</td></tr>" . "<tr align=center><td colspan=2 class=tasktitle><a title=\"View Task\" href=\"javascript: goTask();\">" . $tasktitle . "</a></td></tr>" . "<tr align=center><td width=50% class=startend>Start</td><td width=50% class=startend>Stop</td></tr>" . "<tr align=center><td>" . date("g:i a", strtotime($start)) . "</td><td>" . date("g:i a", strtotime($end)) . "</td></tr>" . "<tr align=center><td colspan=2 class=timelog> </td></tr>" . "<tr><td colspan=2 class=startend>Comments</td></tr>" . "<tr><td colspan=2 align=center><textarea name=comments rows=4 cols=40>" . (!empty($_POST['comments']) ? $_POST['comments'] : '') . "</textarea></td></tr>" . "<tr align=center>" . "<td class=timelog align=right><button id=end onClick=\"javascript: beforeUnLoading();\">Save Comments</button></td>" . "<td class=timelog align=left><button id=end onClick=\"javascript: doUnLoading();\">Stop Time Now</button></td>" . "</tr>" . "</table>" . "<input type=hidden name=started value=\"yes\">" . "<input type=hidden name=restart value=\"no\">" . "<input type=hidden name=taskid value=\"" . $taskid . "\">" . "<input type=hidden name=tasktitle value=\"" . $tasktitle . "\">" . "<input type=hidden name=logid value=\"" . $logid . "\">" . "</form>" . "<script language=javascript>" . "document.theForm.comments.focus();" . "var r = setTimeout('theForm.submit()',1000*60*5);" . "</script>" . "</body></html>"; // output page $w->setLayout(null); $w->out($html); }
<form method="POST" action="/auth/login"> <input type="hidden" name="<?php echo CSRF::getTokenID(); ?> " value="<?php echo CSRF::getTokenValue(); ?> " /> <label for="login">Login</label> <input id="login" name="login" type="text" placeholder="Your login" /> <label for="password">Password</label> <input id="password" name="password" type="password" placeholder="Your password" /> <button type="submit" class="button large-5 small-12">Login</button> <button type="button" onclick="window.location.href='/auth/forgotpassword';" class="button alert large-5 small-12 right">Forgot Password</button> </form>
/** * start processing of request * 1. look at the request parameter if the action parameter was set * 2. if not set, look at the pathinfo and use first */ function start() { $this->initDB(); // start the session // $sess = new SessionManager($this); session_name(SESSION_NAME); session_start(); // Initialise the logger (needs to log "info" to include the request data, see LogService __call function) $this->Log->info("info"); // Generate CSRF tokens and store them in the $_SESSION CSRF::getTokenID(); CSRF::getTokenValue(); $_SESSION['last_request'] = time(); //$this->debug("Start processing: ".$_SERVER['REQUEST_URI']); // find out which module to use $module_found = false; $action_found = false; $this->_paths = $this->_getCommandPath(); // based on request domain we can route everything to a frontend module // look into the domain routing and prepend the module $routing = Config::get('domain.route'); $domainmodule = isset($routing[$_SERVER['HTTP_HOST']]) ? $routing[$_SERVER['HTTP_HOST']] : null; if (!empty($domainmodule)) { $this->_loginpath = "auth"; $this->_isFrontend = true; // now we have to decide whether the path points to // a) a single top level action // b) an action on a submodule // but we need to make sure not to mistake a path paramater for a submodule or an action! $domainsubmodules = $this->getSubmodules($domainmodule); $action_or_module = !empty($this->_paths[0]) ? $this->_paths[0] : null; if (!empty($domainsubmodules) && !empty($action_or_module) && array_search($action_or_module, $domainsubmodules) !== false) { // just add the module to the first path entry, eg. frontend-page/1 $this->_paths[0] = $domainmodule . "-" . $this->_paths[0]; } else { // add the module as an entry to the front of paths, eg. frontent/index array_unshift($this->_paths, $domainmodule); } } // continue as usual // first find the module file if ($this->_paths && sizeof($this->_paths) > 0) { $this->_module = array_shift($this->_paths); } // then find the action if ($this->_paths && sizeof($this->_paths) > 0) { $this->_action = array_shift($this->_paths); } if (!$this->_module) { $this->_module = $this->_defaultHandler; } // see if the module is a sub module // eg. /sales-report/showreport/1.. $hsplit = explode("-", $this->_module); $this->_module = array_shift($hsplit); $this->_submodule = array_shift($hsplit); // Check to see if the module is active (protect against main disabling) if (null !== Config::get("{$this->_module}.active") && !Config::get("{$this->_module}.active") && $this->_module !== "main") { $this->error("The {$this->_module} module is not active, you can change it's active state in it's config file.", "/"); } if (!$this->_action) { $this->_action = $this->_defaultAction; } // try to load the action file $reqpath = $this->getModuleDir($this->_module) . 'actions/' . ($this->_submodule ? $this->_submodule . '/' : '') . $this->_action . '.php'; if (!file_exists($reqpath)) { $reqpath = $this->getModuleDir($this->_module) . $this->_module . ($this->_submodule ? '.' . $this->_submodule : '') . ".actions.php"; } // try to find action for the request type // using <module>_<action>_<type>() // or just <action>_<type>() $this->_requestMethod = $_SERVER['REQUEST_METHOD']; $actionmethods[] = $this->_action . '_' . $this->_requestMethod; $actionmethods[] = $this->_action . '_ALL'; // Check/validate CSRF token $this->validateCSRF(); // Taking out the CSRF regeneration until more testing can be done // if ($this->_requestMethod == 'post') { // CSRF::regenerate(); // } // // if a module file for this url exists, then start processing // if (file_exists($reqpath)) { $this->ctx('webroot', $this->_webroot); $this->ctx('module', $this->_module); $this->ctx('submodule', $this->_module); $this->ctx('action', $this->_action); // CHECK ACCESS!! $this->checkAccess(); // will redirect if access denied! // load the module file require_once $reqpath; } else { $this->Log->error("System: No Action found for: " . $reqpath); $this->notFoundPage(); } foreach ($actionmethods as $action_method) { if (function_exists($action_method)) { $action_found = true; $this->_actionMethod = $action_method; break; } } if ($action_found) { $this->ctx("loggedIn", $this->Auth->loggedIn()); $this->ctx("error", $this->session('error')); $this->sessionUnset('error'); $this->ctx("msg", $this->session('msg')); $this->sessionUnset('msg'); $this->ctx("w", $this); try { // call hooks, generic to specific $this->_callWebHooks("before"); // Execute the action $method = $this->_actionMethod; $this->_action_executed = true; $method($this); // call hooks, generic to specific $this->_callWebHooks("after"); } catch (PermissionDeniedException $ex) { $this->error($ex->getMessage()); } // send headers first if ($this->_headers) { foreach ($this->_headers as $key => $val) { header($key . ': ' . $val); } } $body = null; // evaluate template only when buffer is empty if (sizeof($this->_buffer) == 0) { $body = $this->fetchTemplate(); } else { $body = $this->_buffer; } // but always check for layout // if ajax call don't do the layout if ($this->_layout && !$this->isAjax()) { $this->_buffer = null; $this->ctx($this->_layoutContentMarker, $body); $this->templateOut($this->_layout); } else { $this->_buffer = $body; } echo $this->_buffer; } else { $this->notFoundPage(); } exit; }
public function open() { $buffer = ""; $buffer .= "<form "; if (!empty($this->accept_charset)) { $buffer .= "accept-charset='{$this->accept_charset}' "; } if (!empty($this->action)) { $buffer .= "action='{$this->action}' "; } if (!empty($this->autocomplete)) { $buffer .= "autocomplete='{$this->autocomplete}' "; } if (!empty($this->enctype)) { $buffer .= "enctype='{$this->enctype}' "; } if (!empty($this->method)) { $buffer .= "method='{$this->method}' "; } if (!empty($this->name)) { $buffer .= "name='{$this->name}' "; } if (!empty($this->novalidate)) { $buffer .= "novalidate='{$this->novalidate}' "; } if (!empty($this->target)) { $buffer .= "target='{$this->target}' "; } if (!empty($this->id)) { $buffer .= "id='{$this->id}' "; } if (!empty($this->_class)) { $buffer .= "class='{$this->_class}' "; } $buffer .= " >"; // Automatically print CSRF token if (class_exists("CSRF") && !empty($this->method) && $this->method == "POST") { $buffer .= "<input type='hidden' name='" . \CSRF::getTokenID() . "' value='" . \CSRF::getTokenValue() . "' />"; } return $buffer; }