public function actionPost()
{
$data = $this->getData('user');
if (!isset($data['username'])) {
throw new BadRequest("USERNAME_REQUIRED");
}
if (!isset($data['password'])) {
throw new BadRequest("PASSWORD_REQUIRED");
}
$username = $data['username'];
$md5Password = md5($data['password']);
$user = User::model($this->getManager()->getComponent('db'));
$where = "`username`='{$username}' AND `password`='{$md5Password}'";
$userinfo = $user->where($where)->find();
if ($userinfo != null) {
session_start();
$roleId = $userinfo['role_id'];
$role = Role::model($this->getManager()->getComponent('db'));
$roleinfo = $role->where("`id`={$userinfo['role_id']}")->find();
$_SESSION['userid'] = $userinfo['id'];
$_SESSION['username'] = $userinfo['username'];
$_SESSION['authtype'] = $userinfo['authtype'];
$_SESSION['userrole'] = $roleinfo['name'];
$_SESSION['permission'] = Json::toArray($roleinfo['permission']);
return array('result' => array('success' => true, 'key' => base64_encode($username . ',' . $md5Password . ',' . session_id())));
} else {
throw new BadRequest('USERNAME_PASSWORD_INCORRECT');
}
}
public function validate()
{
// $except中指定的资源不需要认证
$rName = $this->getManager()->getRequest()->getResource();
if (!in_array($rName, $this->except)) {
// 验证HTTP_KEY是否有效
if (!isset($_SERVER['HTTP_KEY'])) {
throw new Unauthorized();
}
$keygen = explode(',', base64_decode($_SERVER['HTTP_KEY']));
list($username, $md5Password, $sessionId) = $keygen;
$sessionPath = session_save_path() == '' ? '/SmartGrid/tmp' : session_save_path();
$sessionFile = rtrim($sessionPath, '/') . '/sess_' . $sessionId;
if (!file_exists($sessionFile)) {
$user = User::model($this->getManager()->getComponent('db'));
$where = "`username`='{$username}' AND `password`='{$md5Password}'";
$userinfo = $user->where($where)->find();
if ($userinfo == null) {
throw new Unauthorized();
}
session_id($sessionId);
session_start();
$_SESSION['userid'] = $userinfo['id'];
$_SESSION['username'] = $userinfo['username'];
$_SESSION['userrole'] = $userinfo['userrole'];
$_SESSION['authtype'] = $userinfo['authtype'];
$_SESSION['permission'] = json_decode($userinfo['permission']);
}
session_id($sessionId);
session_start();
}
}
public function action_addMessage()
{
if (Request::current()->is_ajax()) {
$sender_id = \Registry::getCurrentUser()->id;
$user = \Model\User::model()->findByPk($sender_id);
$receiver_id = $this->request->post('receiver_id');
$message = $this->request->post('message');
$session = \Model\Chat::model()->findByAttributes(['session' => $receiver_id . "#" . $sender_id]);
if ($session) {
$sess_send = $receiver_id . "#" . $sender_id;
} else {
$sess_send = $sender_id . "#" . $receiver_id;
}
$user_send_message = new \Model\Chat();
$user_send_message->sender_id = $sender_id;
$user_send_message->receiver_id = $receiver_id;
$user_send_message->message = $message;
$user_send_message->session = $sess_send;
$user_send_message->save();
$tplObj = \smarty\View::factory('chat' . DS . 'message_ajax');
$tplObj->assign(['item' => $user_send_message, 'session' => $sess_send, 'user' => $user]);
$this->response->body($tplObj);
return true;
}
}
public function findImages($search)
{
$user_id = \Registry::getCurrentUser()->iduser;
$user = \Model\User::model()->findByPk($user_id);
$criteria = new \DBCriteria(array('condition' => " description LIKE :match OR\n main_text LIKE :match OR\n title LIKE :match OR ", 'params' => array(':match' => "%{$search}%")));
$criteria->limit = $this->limit;
$data = \Model\Pages::model()->with('idpageType')->findAll($criteria);
$this->template->assign(['results' => $data, 'count_find' => count($data)]);
}
public function action_Edit()
{
if ($item_id = \Utils\Protect::Validate($this->request->param('id'), 'int')) {
\Assets::js('sight', base_UI . 'js/admin/Payments/Edit.js');
$this->addCKEditor();
$this->addBootstrapModal();
$this->addSelect2();
//Alerts BootBox
\Assets::js('BootBox', base_UI . 'libs/BootBox/bootbox.js');
//Item Data
$data = \Model\UserPayment::model()->with('iduser0', 'iduserCredit')->findByPk($item_id);
$userCredit = \Model\UserCredit::model()->findAll();
$users = \Model\User::model()->findAll();
$this->template->assign(['data' => $data, 'userCredit' => $userCredit, 'users' => $users]);
$this->response->body($this->template->fetch('admin/payments/edit.tpl'));
}
}
public function action_delete()
{
if (\Request::current()->is_ajax()) {
$user_id = \Registry::getCurrentUser()->id;
$value = $this->request->post('value');
$status = false;
if ((int) $value == 1) {
$User = \Model\User::model()->findByPk($user_id);
if ($User->delete()) {
$status = true;
}
if ($status) {
$this->response->body(json_encode(['code' => 1]));
} else {
$this->response->body(json_encode(['code' => 0]));
}
} else {
$User = \Model\User::model()->findByPk($user_id);
$User->access_level = 0;
// Deleted
if ($User->save()) {
$this->response->body(json_encode(['code' => 1]));
} else {
$this->response->body(json_encode(['code' => 0]));
}
}
}
}
public function action_register()
{
if (!\Request::current()->is_ajax()) {
\Assets::js('register', base_UI . 'js/Auth/register.js');
$this->response->body($this->template->fetch('Auth/register.tpl'));
} else {
$attrs = ['email', 'pass', 'pass2', 'first_name', 'bdate'];
foreach ($attrs as $item) {
if (!isset($_POST[$item])) {
$this->response->body(json_encode(['code' => -3]));
return;
}
}
if ($userInfo = User::model()->findByAttributes(['email' => $_POST['email']])) {
$this->response->body(json_encode(['code' => -4]));
return;
}
if ($_POST['pass'] !== $_POST['pass2']) {
$this->response->body(json_encode(['code' => -1]));
return;
}
//Create new account
$_POST['last_login'] = time();
$user_id = \Auth\Base::create($_POST);
if ($user_id == false) {
$this->response->body(json_encode(['code' => -2]));
return true;
} else {
$this->response->body(json_encode(['code' => true]));
return true;
}
}
}
public function chatInit()
{
// Init Current Chat Session
$sender_id = \Registry::getCurrentUser()->id;
$receiver_id = $this->request->post('receiver_id');
$user = \Model\User::model()->findByPk($sender_id);
if (!$user) {
$this->response->body(json_encode(['status' => -777, 'error' => 'Access Denied!']));
return true;
}
if ($receiver_id) {
if ($receiver_id > $sender_id) {
$this->chat_session = $receiver_id . "#" . $sender_id;
} else {
$this->chat_session = $sender_id . "#" . $receiver_id;
}
}
}
public function action_GetJson()
{
$data = User::model()->findAll();
$access = new \Auth\Access(\Registry::getCurrentUser()->access_level);
if ($access->get(\Auth\Access::User_Is_Admin)) {
$aoColumnsData = [];
/** @var $item User */
foreach ($data as $item) {
$currentUserAccess = new \Auth\Access($item->access_level);
$tmp = ['id' => $item->iduser, 'fio' => $item->first_name, 'email' => $item->email, 'Access' => $currentUserAccess->get(\Auth\Access::User_Login) ? 'Yes' : 'No'];
$aoColumnsData[] = $tmp;
}
$this->response->body(json_encode(['aaData' => $aoColumnsData]));
} else {
throw new \HTTP_Exception_403('Admin Only');
}
}
/**
* @param $mail
* @param $pass
* @return bool|int
*/
public static function createSession($mail, $pass)
{
/** @var $userInfo User */
if (!($userInfo = User::model()->findByAttributes(['email' => $mail]))) {
return -1;
}
//$pass = Protect::Crypt($pass.\Cookie::$salt,$userInfo->salt);
$pass = Protect::Crypt($pass . $userInfo->salt, $userInfo->salt);
//Если пароли не совпадают
if ($pass != $userInfo->pass) {
return -2;
}
$access = new \Auth\Access($userInfo->access_level);
$isAdmin = $access->get(\Auth\Access::User_Is_Admin);
$isModerator = $access->get(\Auth\Access::User_Is_Moderator);
//Если юзверю не разрешено логинится
/*if( !$isAdmin && !$isModerator )
{
return -3;
}*/
return self::startSession($userInfo);
}
/**
* @return bool|\Model\UserSession
*/
public function isGuest()
{
$status = \Auth\Base::Check();
if ($status == false) {
return true;
} else {
$data = User::model()->findByPk($status->iduser);
\Registry::setCurrentUser($data);
return false;
}
}
