/**
* Purpose: To block access to core files and LOG ACCESS ATTEMPTS
*/
public function deny()
{
$IP = cx\app\main_functions::get_real_ip_address();
$log = "Folder: " . $this->request->get_var('f') . ", ";
if (strstr($IP, ', ')) {
$ips = explode(', ', $IP);
$i = 0;
foreach ($ips as $ip_address) {
$i++;
$host = cx\app\main_functions::get_host($ip_address);
$log .= "IP Address[{$i}]: {$ip_address}, HOST: {$host} \r\n";
}
} else {
$host = cx\app\main_functions::get_host($IP);
$log .= "IP Address: {$IP}, HOST: {$host} \r\n";
}
$log .= str_repeat("-=", 10);
$filename = "denied_access.log.txt";
$logger = $this->load_class('cx\\common\\log', $filename);
$logger->write($log);
unset($logger);
// save now
cx\app\main_functions::set_message('Attempt to access core files has been logged with your IP!', 'danger');
$this->error404($ignore = true);
}
public function edit_user()
{
$id = cx\app\static_request::init('get', 'id');
if ($id->is_not_set()) {
echo "Invalid id!";
exit;
}
if ($id->to_int() !== $this->session->get_int(CX_LOGIN . 'id')) {
$this->auth(array('user' => 'admin_check'));
$lock_rights_controls = false;
// Admin
} elseif ($this->auth(array('user' => 'is_admin')) === true) {
$lock_rights_controls = false;
// Admin can modify self, as they can create any user...
} else {
$lock_rights_controls = true;
// User must not be able to grant self more rights!
}
$this->load_model();
$db_options = array('table' => 'users', 'key' => 'id');
$edit_user = new cx\database\model($db_options);
if ($id->is_not_valid_id()) {
// no existing data
$model = array();
$model['new'] = true;
} else {
$edit_user->load($id->to_int());
$model = $edit_user->get_members();
if ($model == array()) {
echo "Invalid id!";
exit;
}
$s_pwd = $model['password'];
// Save Pwd
unset($model['password']);
// Remove scrambled DB password, so user does not see it!
$model['new'] = false;
}
$model['lock_rights_controls'] = $lock_rights_controls;
$model['rights_statuses'] = array('admin' => 'Administrator', 'staff' => 'Staff', 'cus' => 'Customer', 'api' => 'API client');
if (cx\app\static_request::init('post', 'save')->is_set()) {
$edit_user->auto_set_members();
// Set all post vars to DB
$confirm = $this->request->post_var('confirm');
$pwd = $this->request->post_var('password');
if (cx\app\static_request::init('post', 'username')->is_empty() || cx\app\static_request::init('post', 'fname')->is_empty() || cx\app\static_request::init('post', 'lname')->is_empty()) {
cx\app\main_functions::set_message('First/Last name or username is missing.');
$saveme = false;
} elseif ($model['new'] === false && $this->request->is_empty($confirm) && $this->request->is_empty($pwd)) {
$edit_user->set_member('password', $s_pwd);
// Keep current password!
$saveme = true;
} elseif ($this->request->is_not_empty($confirm) && $pwd === $confirm && strlen($pwd) > 6) {
$this->load_model('users' . DS . 'users');
$db_options = array('api' => false);
$users = new cx\model\users($db_options);
$edit_user->set_member('password', $users->get_pwd_hash($pwd));
// Assign new pwd
$saveme = true;
} else {
cx\app\main_functions::set_message('Password not strong/does not match.');
$saveme = false;
}
if ($saveme === true) {
$success = $edit_user->save();
$id = $edit_user->get_member('id');
if ($success === true && $id > 0) {
cx_redirect_url($this->get_url('/app/users', 'edit_user', 'id=' . $id));
}
}
}
$frm = $this->load_class('cx\\form\\form', array('name' => 'edit_user', 'defaults' => array('readonly' => false)));
$frm->grab_form('app' . DS . 'users' . DS . 'edit_user', $model);
$frm->end_form();
$this->add_js('./assets/pwd-meter.min.js');
$this->add_css('./assets/login.css');
$index = $this->get_url('app/users', 'index');
$this->breadcrumb = array($index => "List Users");
$this->active_crumb = "Edit User";
$this->do_view($frm->get_html());
}