/**
* Vote action (Vote a post action)
*
* @throws \Modules\Core\Exceptions\HTTPException
* @return int Votes after the vote
*/
public function vote()
{
//Check if user is authorized
\Modules\Core\Library\Authorize::isAuthorized();
$post = new Posts();
$vote = new Votes();
$filter = new Filter();
$filter->add('vote', function ($value) {
if ($value > 0) {
return 1;
}
if ($value < 0) {
return -1;
}
return 0;
});
$params = array('id' => $this->getDI()->get('requestBody')->id, 'uid' => \Modules\Core\Library\Authorize::getUid(), 'vote' => $filter->sanitize((int) $this->getDI()->get('requestBody')->vote, 'vote'));
$userVote = Votes::find("id = 0x" . $params['id'] . " AND uid = 0x" . $params['uid']);
$oldVote = 0;
if (isset($userVote->getFirst()->vote)) {
$oldVote = $userVote->getFirst()->vote;
}
if ((int) $oldVote == (int) $params['vote']) {
$params['vote'] = 0;
}
$vote->save($params);
return $post->getVotes($this->getDI()->get('requestBody')->id);
}
private function getUserSessionData()
{
$filter = new Filter();
$user = $this->cookies->get('user');
$keyValue = $filter->sanitize($user->getValue(), 'string');
return sessions::findFirst(array(array('key' => (string) $keyValue)));
}
/**
* Add a filter to the element
*
* @param string|\Engine\Filter\FilterInterface|array
* @return \Engine\Crud\Tools\Filters
*/
public function addFilter($filter)
{
if ($filter instanceof FilterInterface) {
$parts = explode("\\", get_class($filter));
$origName = strtolower(end($parts));
$this->_filter->add($origName, $filter);
} elseif (is_array($filter)) {
$origName = strtolower($filter['filter']);
if ($class = $this->getFilterClassName($origName)) {
if (empty($filter['options'])) {
$filter = new $class();
} else {
$r = new \ReflectionClass($class);
if ($r->hasMethod('__construct')) {
$filter = $r->newInstanceArgs((array) $filter['options']);
} else {
$filter = $r->newInstance();
}
}
$this->_filter->add($origName, $filter);
}
} elseif (is_string($filter)) {
$origName = strtolower($filter);
if ($class = $this->getFilterClassName($origName)) {
$filter = new $class();
$this->_filter->add($origName, $filter);
}
} else {
throw new \Engine\Exception("Invalid filter passed to addFilter");
}
$this->_sanitize[] = $origName;
return $this;
}
public function colourSquare($name)
{
$filter = new Filter();
$name = strtolower($filter->sanitize($name, "alphanum"));
$colour = new Colour();
return '<div class="colour-square" style="background-color: ' . $colour->selectColour($name) . ';"></div>';
}
public function generateUrl($string, $id, $tipo)
{
$filter = new Filter();
$url = $filter->sanitize($string, "lower");
$url = $this->sanitizeString($string);
$url = str_replace(' ', '-', $url);
return $this->url_base . $tipo . '/' . $url . '/' . $id;
}
/**
* @param Filter $filter
*/
public static function install($filter)
{
foreach (get_class_methods(get_called_class()) as $method) {
if ($method != __METHOD__) {
$filter->add(Text::uncamelize($method), function ($value) use($method) {
return call_user_func([get_called_class(), $method], $value);
});
}
}
}
public function testSignInAction()
{
//首先验证captcha
$this->security->checkToken();
$this->service->captcha()->check($captcha);
//验证用户信息,并过滤数据
$filter = new Filter();
$user = $filter->sanitize($this->request->getPost('user'), 'email');
$password = $this->request->getPost('password', 'trim');
$result = $this->service->user()->signIn($user, $password);
$result == true ? $this->response->setJsonContent('100', '登录成功') : $this->response->setJsonContent('101', '用户或密码错误');
}
/**
* Signin action (Login), data came from HTTP Body as JSON
*
* @throws \Modules\Core\Exceptions\HTTPException
* @return array(Access token) This will be converted to JSON format
*/
public function login()
{
$this->validateRequireFields(array('username', 'password'));
$isUsernameEmail = true;
if (filter_var($this->getDI()->get('requestBody')->username, FILTER_VALIDATE_EMAIL) === false) {
$isUsernameEmail = false;
}
$filter = new Filter();
$params = array('username' => $filter->sanitize($this->getDI()->get('requestBody')->username, $isUsernameEmail ? 'email' : 'string'), 'password' => $this->security->hash($this->getDI()->get('requestBody')->password));
$user = new Users();
$users = Users::find("username = '******'username'] . "'");
if ($users->count() <= 0) {
$msg = 'User not found';
throw new \Modules\Core\Exceptions\HTTPException($msg, 404);
}
if ($this->security->checkHash($params['password'], $users->getFirst()->password)) {
$msg = 'Wrong credentials to login';
throw new \Modules\Core\Exceptions\HTTPException($msg, 403);
}
return array('access_token' => \Modules\Core\Library\Authorize::createToken($users->getFirst()));
}
public function testSanitizeArrayMultipleFilters()
{
$filter = new PhFilter();
$expected = array('1', '2', '3');
$actual = $filter->sanitize(array(' <a href="a">1</a> ', ' <h1>2</h1>', '<p>3</p> '), array('trim', 'striptags'));
$this->assertEquals($expected, $actual, 'Filter an array with multiples filters is not correct');
}
/**
* Tests Email
*
* @dataProvider providerSanitizeEmail
* @author Nikos Dimopoulos <*****@*****.**>
* @since 2012-11-30
*/
public function testSanitizeEmail($source, $expected)
{
$filter = new \Phalcon\Filter();
$reference = filter_var(str_replace("'", '', $source), FILTER_SANITIZE_EMAIL);
$actual = $filter->sanitize($source, 'email');
$this->assertEquals($reference, $actual, 'Actual and reference values do not match');
$this->assertEquals($expected, $actual, 'Email is not correct');
}
/**
* @param null $fileid unique template id (fileid field)
* @return mixed
* @throws \Exception
*/
public function getTemplateAction($fileid = null)
{
// get template name
$paramfilter = new Filter();
if ($fileid != null) {
$templateFileId = $paramfilter->sanitize($fileid, 'alphanum');
} else {
$templateFileId = 'default';
}
// request template data and output result (zipfile)
$backend = new Backend();
$response = $backend->configdpRun("captiveportal fetch_template", array($templateFileId));
$result = json_decode($response, true);
if ($result != null) {
$response = $result['payload'];
$this->response->setContentType('application/octet-stream', 'UTF-8');
$this->response->setHeader('Content-Disposition:', "Attachment; filename=\"template_" . $templateFileId . ".zip\"");
$this->response->setHeader('Content-Type:', 'application/zip');
return base64_decode($response);
} else {
// return empty response on error
return "";
}
}
/**
* Check package dependencies.
*
* @param Config $manifest Package manifest.
*
* @throws PackageException
* @return void
*/
private function _checkDependencies($manifest)
{
// Check dependencies.
if (!$manifest->get('dependencies')) {
return;
}
$filter = new PhalconFilter();
$missingDependencies = [];
$wrongVersionDependencies = [];
$dependencies = $manifest->get('dependencies');
foreach ($dependencies as $dependency) {
if (!isset($this->_packagesVersions[$dependency['type']][$dependency['name']])) {
$missingDependencies[] = $dependency;
continue;
}
$installedVersion = $filter->sanitize($this->_packagesVersions[$dependency['type']][$dependency['name']], 'int');
$packageDependecyVersion = $filter->sanitize($dependency['version'], 'int');
if ($installedVersion < $packageDependecyVersion) {
$wrongVersionDependencies[] = $dependency;
}
}
if (!empty($missingDependencies)) {
$msg = 'This package requires the presence of the following modules:<br/>';
foreach ($missingDependencies as $dependency) {
$msg .= sprintf('- %s "%s" (v.%s)<br/>', $dependency['type'], $dependency['name'], $dependency['version']);
}
throw new PackageException($msg);
}
if (!empty($wrongVersionDependencies)) {
$msg = 'To install this package you need update:<br/>';
foreach ($wrongVersionDependencies as $dependency) {
$msg .= sprintf('- %s "%s" up to: v.%s. Current version: v.%s <br/>', $dependency['type'], $dependency['name'], $dependency['version'], $this->_packagesVersions[$dependency['type']][$dependency['name']]);
}
throw new PackageException($msg);
}
}
/**
* Returns the value of an parameter received.
*
* @param string $name Option name.
* @param null|array $filter Filters array.
* @param null|mixed $default Default value if option doesn't exists.
*
* @return mixed
*/
public function getParameter($name, $filter = null, $default = null)
{
if (!isset($this->_parameters[$name])) {
return $default;
}
if ($filter) {
$filterObject = new Filter();
return $filterObject->sanitize($this->_parameters[$name], $filter);
}
return $this->_parameters[$name];
}
public function getFilters()
{
return parent::getFilters();
}
/**
* Filters a value
*
* @param $paramValue
* @param $filters
*
* @return mixed
*/
protected function filter($paramValue, $filters)
{
$filter = new Filter();
return $filter->sanitize($paramValue, $filters);
}
<?php
use Phalcon\Filter;
$filter = new Filter();
/*
* Users Filters
*/
$filter->add('login', function ($value) {
return preg_replace('/[^0-9a-fA-Z]/', '', $value);
});
// 8 chars min, any type, any order
$filter->add('pwd', function ($value) {
return preg_replace('/([a-zA-Z0-9.*!?_-]){8,}\\w+/', '', $value);
});
$filter->add('email', function ($value) {
return preg_replace('/[^0-9a-f]/', '', $value);
});
$filter->add('phone', function ($value) {
return preg_replace('/[^0-9a-f]/', '', $value);
});
$filter->add('team', function ($value) {
return preg_replace('/[^0-9a-f]/', '', $value);
});
echo $t->_("workingtime");
?>
</th>
<th><?php
echo $t->_("overtime");
?>
</th>
<th><?php
echo $t->_("location");
?>
</th>
</tr>
</thead>
<tbody style="display: none;">
<?php
$filter = new Filter();
foreach ($attlist as $result) {
//print_r($result);exit;
?>
<tr>
<td><?php
echo $result->attendances->att_date;
?>
</td>
<td><?php
echo $filter->sanitize($result->core->member_login_name, "string");
?>
</td>
<!-- check in time-->
<td><?php
$checkintime = $result->attendances->checkin_time;
/**
* search installed ids rules
* @return array
*/
public function searchInstalledRulesAction()
{
if ($this->request->isPost()) {
$this->sessionClose();
// create filter to sanitize input data
$filter = new Filter();
$filter->add('query', new QueryFilter());
// fetch query parameters
$itemsPerPage = $this->request->getPost('rowCount', 'int', 9999);
$currentPage = $this->request->getPost('current', 'int', 1);
if ($this->request->hasPost('sort') && is_array($this->request->getPost("sort"))) {
$sortStr = '';
$sortBy = array_keys($this->request->getPost("sort"));
if ($this->request->getPost("sort")[$sortBy[0]] == "desc") {
$sortOrd = 'desc';
} else {
$sortOrd = 'asc';
}
foreach ($sortBy as $sortKey) {
if ($sortStr != '') {
$sortStr .= ',';
}
$sortStr .= $filter->sanitize($sortKey, "query") . ' ' . $sortOrd . ' ';
}
} else {
$sortStr = 'sid';
}
if ($this->request->getPost('searchPhrase', 'string', '') != "") {
$searchTag = $filter->sanitize($this->request->getPost('searchPhrase'), "query");
$searchPhrase = 'msg,source,sid/"*' . $searchTag . '"';
} else {
$searchPhrase = '';
}
// add filter for classtype
if ($this->request->getPost("classtype", "string", '') != "") {
$searchTag = $filter->sanitize($this->request->getPost('classtype'), "query");
$searchPhrase .= " classtype/" . $searchTag . ' ';
}
// request list of installed rules
$backend = new Backend();
$response = $backend->configdpRun("ids query rules", array($itemsPerPage, ($currentPage - 1) * $itemsPerPage, $searchPhrase, $sortStr));
$data = json_decode($response, true);
if ($data != null && array_key_exists("rows", $data)) {
$result = array();
$result['rows'] = $data['rows'];
// update rule status with own administration
foreach ($result['rows'] as &$row) {
$row['enabled_default'] = $row['enabled'];
$row['enabled'] = $this->getModel()->getRuleStatus($row['sid'], $row['enabled']);
}
$result['rowCount'] = count($result['rows']);
$result['total'] = $data['total_rows'];
$result['parameters'] = $data['parameters'];
$result['current'] = (int) $currentPage;
return $result;
} else {
return array();
}
} else {
return array();
}
}
$di->setShared('auth', function () {
return new AuthComponent();
});
$di->setShared('security', function () {
return new Security();
});
$di->setShared('cookies', function () {
$cookies = new Cookies();
$cookies->useEncryption(false);
return $cookies;
});
$di->setShared('activation', function () {
return new ActivationComponent();
});
$di->setShared('filter', function () {
$filter = new Filter();
$filter->add('hash', function ($value) {
var_dump(password_hash($value, PASSWORD_BCRYPT));
die;
return password_hash($value, PASSWORD_BCRYPT);
});
return $filter;
});
$di->setShared('translate', function () use($di) {
$cookies = $di->get('cookies');
$language = $cookies->has('language') ? $cookies->get('language') : 'en';
$file = APP_DIR . '/messages/' . $language . '.php';
//Check if we have a translation file for that lang
if (file_exists($file)) {
require_once $file;
} else {
/**
* fetch alert detailed info
* @param $alertId alert id, position in log file
* @return array alert info
*/
public function getAlertInfoAction($alertId)
{
$backend = new Backend();
$filter = new Filter();
$id = $filter->sanitize($alertId, "int");
$response = $backend->configdpRun("ids query alerts", array(1, 0, "filepos/" . $id));
$result = json_decode($response, true);
if ($result != null && count($result['rows']) > 0) {
return $result['rows'][0];
} else {
return array();
}
}
</center></th>
<th><center><?php
echo $t->_("ssc_emp");
?>
</center></th>
<th><center><?php
echo $t->_("total");
?>
</center></th>
<th width="30px"></th>
</tr>
</thead>
<tbody>
<?php
$filter = new Filter();
$month = $this->request->get('month');
$year = $this->request->get('year');
$i = 1;
$totalresult = "";
echo '<form id ="frm1">';
foreach ($getsalarylists as $getsalarylist) {
?>
<tr>
<td><input type="checkbox" class='case' name='chk[]' value="<?php
echo $getsalarylist['member_id'];
?>
" ></td>
<td><?php
echo $filter->sanitize($getsalarylist['full_name'], "string");
?>