function show_signin()
{
if (is_auth()) {
redirect("home");
}
render("signin");
}
function show_home()
{
if (!is_auth()) {
redirect("user/signin");
}
render("home");
}
/**
* Responsable for auto load the model
* @return void
*/
public function __construct()
{
parent::__construct();
if (!is_auth()) {
redirect('admin/login');
}
}
function pageBody($mode)
{
$isAuth = is_auth();
$res = "";
if (!$isAuth) {
$res = auth_form();
} else {
$res = main_form() . get_orders_table($mode);
}
return $res;
}
function __construct()
{
parent::__construct();
// Check Auth Login
if (!is_login('Administrator')) {
redirect('users/admin/auth');
}
if (!is_auth()) {
redirect('users/admin/auth/fail');
}
$this->template->set_theme('admin');
// Set layout
$this->template->set_layout('layout');
// Load Langauge
$this->lang->load('admin');
// Set js
$this->template->append_metadata(js_notify());
}
echo include_css("bootstrap-wysihtml5.css");
?>
<?php
echo include_css("style.css");
?>
<?php
echo "<script>var PATH = '{$config["path"]}';</script>";
?>
</head>
<body>
<div class="container-narrow">
<div class="masthead">
<?php
if (is_auth()) {
?>
<ul class="nav nav-pills pull-right">
<li class="<?php
echo $controller == "home" ? "active" : "";
?>
">
<?php
echo link_to("home", "Home");
?>
</li>
<li class="<?php
echo $controller == "user" ? "active" : "";
?>
">
<?php
/**
* Этот метод будет запущен перед выполнением
* любого экшена
*/
public function _before()
{
if (!is_auth()) {
redirect(['controller' => 'index']);
}
}
/**
* invoke a controller based on the query arguments given
*
* this function does not return in case of an error.
* @param array $args query-arguments array
* @return mixed return value of controller that was called
*/
function invoke_controller($args)
{
global $controllers;
// change query-arguments so that we always have a arg0 and arg1
if (!isset($args[0])) {
$args[0] = array('', '');
} elseif (is_string($args[0])) {
$args[0] = array($args[0], '');
}
// load all modules
// TODO (later): fastpath for serving cached pages or files (the latter one
// is only doable when we store in the object file which module to load)
load_modules();
$match = false;
if (isset($controllers[$args[0][0] . '-' . $args[0][1]])) {
// foo/bar would match controller for "foo/bar"
$match = $controllers[$args[0][0] . '-' . $args[0][1]];
$reason = $args[0][0] . '/' . $args[0][1];
} elseif (isset($controllers[$args[0][0] . '-*'])) {
// foo/bar would match "foo/*"
$match = $controllers[$args[0][0] . '-*'];
$reason = $args[0][0] . '/*';
} elseif (isset($controllers['*-' . $args[0][1]])) {
// foo/bar would match "*/bar"
$match = $controllers['*-' . $args[0][1]];
$reason = '*/' . $args[0][1];
} elseif (isset($controllers['*-*'])) {
// foo/bar would match "*/*"
$match = $controllers['*-*'];
$reason = '*/*';
}
if ($match !== false) {
// check authentication for those controllers that require it
if (isset($match['auth']) && $match['auth']) {
if (!is_auth()) {
prompt_auth();
}
// also check the referer to prevent against cross site request
// forgery (xsrf)
// this is not really optimal, since proxies can filter the referer
// header, but as a first step..
if (!empty($_SERVER['HTTP_REFERER'])) {
$bu = base_url();
if (substr($_SERVER['HTTP_REFERER'], 0, strlen($bu)) != $bu) {
log_msg('warn', 'controller: possible xsrf detected, referer is ' . quot($_SERVER['HTTP_REFERER']) . ', arguments ' . var_dump_inl($args));
hotglue_error(400);
}
}
}
log_msg('info', 'controller: invoking controller ' . quot($reason) . ' => ' . $match['func']);
return $match['func']($args);
} else {
// normally we won't reach this as some default (*/*) controller will
// be present
log_msg('warn', 'controller: no match for ' . quot($args[0][0] . '/' . $args[0][1]));
hotglue_error(400);
}
}
$timetable["Manage Timetable"]["View Timetable"]["For a Branch"] = "student_select.php";
$timetable["Manage Timetable"]["View Timetable"]["For a Section (Firstyear)"] = "section_select.php";
} else {
if (is_auth("stu") || is_auth("ft")) {
$timetable["Manage Timetable"]["View Timetable"] = array();
if (is_auth("stu")) {
$timetable["Manage Timetable"]["View Timetable"]["For You"] = "student.php";
} else {
$timetable["Manage Timetable"]["View Timetable"]["For Firstyears"] = "view_firstyr_faculty.php";
$timetable["Manage Timetable"]["View Timetable"]["For Secondyear onwards"] = "view_faculty.php";
}
$timetable["Manage Timetable"]["View Timetable"]["For a Classroom"] = "classroom_select.php";
$timetable["Manage Timetable"]["View Timetable"]["For a Branch"] = "student_select.php";
$timetable["Manage Timetable"]["View Timetable"]["For a Section (firstyear)"] = "section_select.php";
} else {
if (is_auth("deo")) {
$timetable["Manage Timetable"]["View Timetable"] = array();
$timetable["Manage Timetable"]["View Timetable"]["For a Classroom"] = "classroom_select.php";
$timetable["Manage Timetable"]["View Timetable"]["For a Branch"] = "student_select.php";
$timetable["Manage Timetable"]["View Timetable"]["For a Section (firstyear)"] = "section_select.php";
$timetable["Manage Timetable"]["Enter Timetable for a Section (firstyear)"] = "dataoperator_enter_timetable.php";
$timetable["Manage Timetable"]["Assign Classroom to Class"] = array();
$timetable["Manage Timetable"]["Assign Classroom to Class"]["For Firstyears"] = "assign_classroom_firstyear.php";
$timetable["Manage Timetable"]["Assign Classroom to Class"]["For Secondyear onwards"] = "assign_classroom.php";
$timetable["Manage Timetable"]["Assign Subject to Faculty"] = "assign_subject.php";
//$timetable["Manage Timetable"]["Set Timelength to Period"]="set_time.php";
$timetable["Manage Timetable"]["Manage Classrooms"] = array();
$timetable["Manage Timetable"]["Manage Classrooms"]["Add classrooms"] = "adding_classrooms.php";
$timetable["Manage Timetable"]["Manage Classrooms"]["Block classrooms"] = array();
$timetable["Manage Timetable"]["Manage Classrooms"]["Block classrooms"]["Block Building"] = "block_building.php";
$timetable["Manage Timetable"]["Manage Classrooms"]["Block classrooms"]["Block Room"] = "block_room.php";
function gettoken()
{
if (is_auth() && isset($_SESSION["token"])) {
echo $_SESSION["token"];
return;
}
login("token");
}
<?php
if (false === ($user = is_auth())) {
?>
<a href="/registration/">Регистрация</a><br />
<a href="/authorization/">Вход</a>
<?php
} else {
?>
Привет, <?php
echo $user['login'];
?>
<br />
<a href="/cabinet/">Кабинет</a><br />
<a href="/out/">Выход</a>
<?php
}
} elseif (!$direct) {
$lnk .= 'source/campaign-ads';
}
echo $lnk;
exit;
}
if ($_REQUEST['ajax_act'] == 'sync_slaves') {
dmp(cache_rules_update());
dmp(cache_links_update());
exit;
}
// Страницы, на которые можно войти без авторизации
$open_pages = array('login', 'lostpassword', 'resetpassword');
// Authentification
if (!in_array($_REQUEST['page'], $open_pages)) {
$auth_info = is_auth();
if ($auth_info[0] == false) {
switch ($auth_info[1]) {
case 'register_new':
if ($_REQUEST['page'] != 'register') {
header('Location: ' . _HTML_ROOT_PATH . "/?page=register");
}
break;
default:
header('Location: ' . _HTML_ROOT_PATH . "/?page=login");
break;
}
}
}
if (isset($_REQUEST['csrfkey']) && $_REQUEST['csrfkey'] == CSRF_KEY) {
switch ($_REQUEST['ajax_act']) {
function download_serve_resource($args)
{
$obj = $args['obj'];
if (!isset($obj['type']) || $obj['type'] != 'download') {
return false;
}
$a = expl('.', $obj['name']);
// serve the resource only when it's public or we're logged in (i.e. editing)
if (isset($obj['download-public']) && $obj['download-public'] == 'public' || is_auth()) {
serve_file(CONTENT_DIR . '/' . $a[0] . '/shared/' . $obj['download-file'], $args['dl'], $obj['download-file-mime']);
} else {
if (!is_auth()) {
prompt_auth(true);
}
}
}
require_once "../Includes/ConfigSQL.php";
//to draw header drawHeader() is calling
drawHeader("TimeTable Info System");
//initialize the session if it is not initialized
if (!isset($_SESSION)) {
session_start();
}
//to redirect to logout.php page if user is not logged in
if (!isset($_SESSION['id'])) {
header("Location:../Logout.php");
}
if (isset($_GET['notification'])) {
drawNotification($_GET['notification'], $_GET['content'], $_GET['type']);
}
if (is_auth("stu")) {
header("Location:student.php");
} else {
if (is_auth("deo")) {
header("Location:dataoperator_timetable.php");
} else {
if (is_auth("ft") || is_auth("hod")) {
header("Location:view_faculty.php");
} else {
drawNotification("Error", "Sorry you are not allowed to access the page.", "error");
}
}
}
drawFooter();
?>
</body>
</html>
<?php
if (!defined('Sprinklers')) {
#Start session
if (!isset($_SESSION)) {
session_start();
}
#Tell main we are calling it
define('Sprinklers', TRUE);
#Required files
require_once "main.php";
}
#Redirect if not authenticated or grabbing page directly
if (!is_auth() || !isset($_SERVER['HTTP_X_REQUESTED_WITH']) || $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') {
header('Location: ' . $base_url);
exit;
}
#Get controller settings
$_SESSION["data"] = start_data();
#Include the main javascript file
echo "<script>";
include_once "js/main.js.php";
echo "</script>";
?>
<div data-role="page" id="sprinklers">
<div data-theme="b" data-role="header" data-position="fixed" data-tap-toggle="false">
<a data-icon="bars" data-iconpos="notext" href="#sprinklers-settings"></a>
<a data-icon="gear" data-iconpos="notext" href="#settings"><?php
echo _("Settings");
?>
function get_draft_json($draft_id)
{
// getting drafts requires an authenticated user
$AUTH_CODE = 1;
$auth = is_auth($_SESSION, $AUTH_CODE);
if (!$auth['authed']) {
echo 'false';
exit(0);
}
$con = connect_db('uedwardn_droll');
$query = "SELECT * FROM drafts WHERE draft_id={$draft_id};";
$result = mysqli_query($con, $query);
$err = mysqli_error($con);
if ($err) {
echo $err;
exit(0);
}
return result2json($result);
}
<?php
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/common/php/db.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/common/php/auth_lib.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/droll/php/get_post.php';
$auth = is_auth($_SESSION, 1);
// Provided 'draft_id' not supplied in $_GET or $_POST,
// default behavior gets the latest post
$post_id = get_var('draft_id');
if (is_null($post_id)) {
$show_type = 'post';
$post_id = get_cur_post_id();
// post_id from $_GET or latest post
// but if draft_id is set, we'll show that draft
} else {
$post_id = (int) $post_id;
$show_type = 'draft';
}
?>
<!DOCTYPE html>
<html>
<head>
<script type='text/javascript' src='../../common/js/deparam.js'>
</script>
<script type='text/javascript' src='../../common/js/jquery.js'>
</script>
<script type='text/javascript' src='../../common/js/utils.js'>
</script>
<script type='text/javascript' src='js/app_lib.js'></script>
<!doctype html>
<html>
<head>
<title>Наш блог</title>
<link rel="stylesheet" href="v/style.css">
</head>
<body>
<h1>Статьи нашего блога</h1>
<div>
<?php
$is_auth = is_auth();
$is_admin = is_admin($link);
foreach ($fullmessages as $id) {
?>
<div>
Статья: "<strong><?php
echo $id['name'];
?>
</strong>" Автор: <?php
echo $id['login'];
?>
<br><br>
<?php
echo "<a href=c/post.php?id={$id['id_new']}>Просмотр</a>";
if ($is_auth) {
if ($is_admin) {
echo "<a href=c/edit.php?id={$id['id_new']}>Редактирование</a>";
echo "<a href=c/edit.php?id={$id['id_new']}>Удалить</a>";
} else {
for ($i = 0; $i < 1; $i++) {
if ($messagesById[$i]['id_user'] == $id['id_user']) {
public function _before()
{
if (is_auth() && $this->router->getMethodName() != 'Signout') {
redirect();
}
}
<?php
include '../m/bd.php';
include '../m/news.php';
session_start();
if (!is_auth()) {
header('Location: login.php');
exit;
}
$link = connect();
if (!$link) {
echo "Не удалось подключиться: " . mysqli_connect_error();
exit;
}
$id = (int) $_GET['id'];
if ($id != '') {
$content = get_content($link, $id);
$content = $content['content'];
$messages = get_messages($link);
for ($i = 0; $i < count($messages); $i++) {
if ($messages[$i]['id_new'] == $id) {
$title = $messages[$i]['name'];
}
}
} else {
$content = 'Ошибка 404 - такой статьи нет!';
}
if (isset($_POST['Delete'])) {
delete_new($link, $id);
header('Location: ../index.php');
exit;
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . '/common/php/db.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/common/php/auth_lib.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/droll/php/app_lib.php';
$AUTH_CODE = 1;
$auth = is_auth($_SESSION, $AUTH_CODE);
$DEFAULT_NUM_POSTS = 10;
// the functions in this script will be invoked if there is a get variable
// named 'action' that is set.
if (isset($_GET['action'])) {
$action = $_GET['action'];
if ($action == 'get_latest_post') {
echo get_latest_post();
} else {
if ($action == 'get_post') {
if (!isset($_GET['post_id'])) {
echo get_latest_post();
} else {
$post_id = (int) $_GET['post_id'];
if ($post_id < 1) {
echo get_latest_post();
} else {
echo get_post($post_id);
}
}
} else {
if ($action == 'get_draft') {
$post_id = get_var('post_id');
echo get_draft_json($post_id);
} else {
<?php
#Start session
session_start();
#Tell main we are calling it
define('Sprinklers', TRUE);
#Source required files
require_once "main.php";
#Check if authenticated
is_auth();
?>
<!DOCTYPE html>
<html>
<head>
<title><?php
echo _("Sprinkler System");
?>
</title>
<meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=no">
<meta name="viewport" content="initial-scale=1.0,user-scalable=no,maximum-scale=1" media="(device-height: 568px)" />
<meta content="yes" name="apple-mobile-web-app-capable">
<meta name="apple-mobile-web-app-title" content="Sprinklers">
<meta name="apple-mobile-web-app-status-bar-style" content="black">
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rel="apple-touch-icon" href="img/icon.png">
<?php
if ($local_assets) {
echo '<link rel="stylesheet" type="text/css" href="css/jquery.mobile.min.css" id="theme" />';
} else {
echo '<link rel="stylesheet" type="text/css" href="//code.jquery.com/mobile/1.4.0/jquery.mobile-1.4.0.min.css" id="theme" />';
<li class="first<?php
if ($_SERVER['SCRIPT_NAME'] == '/pez/admin/profile.php') {
echo ' current';
}
?>
"><a href="profile.php">Profile</a></li>
<li class="<?php
if ($_SERVER['SCRIPT_NAME'] == '/pez/admin/web-sources.php') {
echo 'current';
}
?>
"><a href="web-sources.php">Web Data Sources</a></li>
<li class="<?php
if ($_SERVER['SCRIPT_NAME'] == '/pez/admin/settings.php') {
echo ' current';
}
?>
"><a href="settings.php">Settings</a></li>
<li class="<?php
if ($_SERVER['SCRIPT_NAME'] == '/pez/admin/style.php') {
echo ' current';
}
?>
"><a href="style.php">CSS Style</a></li>
<li class="last"><?php
echo is_auth() ? '<a href="login.php?logout=true">Logout</a>' : '<a href="login.php">Login</a>';
?>
</li>
</ul>
</div>
<div id="main">
function auth_redirect()
{
// Checks if a user is logged in, if not redirects them to the login page
if (!is_auth()) {
$location = './login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']);
header("Location: {$location}");
exit;
}
}
function get_token()
{
global $cfg;
$cookiename = $cfg['AuthCookieName'];
$cookie = @$_COOKIE[$cookiename];
if ($cookie) {
$name_token_array = is_auth($cookie);
if ($name_token_array) {
$token = urldecode($name_token_array[2]);
return $token;
}
} else {
return "";
}
}
function is_auth_and_redirect($redirect = null)
{
$is_auth = is_auth();
if (!empty($redirect) && true == $is_auth) {
header("Location: " . $redirect);
exit;
}
return $is_auth;
}
/**
* implements serve_resource
*/
function image_serve_resource($args)
{
$obj = $args['obj'];
if (!isset($obj['type']) || $obj['type'] != 'image') {
return false;
}
// we don't have to care about symlinks here as they are being resolved
// before this hook is called
$pn = array_shift(expl('.', $obj['name']));
if (!empty($obj['image-resized-file']) && !$args['dl']) {
// we have a resized file and don't want to download the original
$fn = CONTENT_DIR . '/' . $pn . '/shared/' . $obj['image-resized-file'];
$ext = filext($fn);
if ($ext == 'jpg' || $ext == 'jpeg') {
serve_file($fn, false, 'image/jpeg');
} else {
if ($ext == 'png') {
serve_file($fn, false, 'image/png');
} else {
log_msg('warn', 'image_serve_resource: unsupported image-resized-file ' . quot($fn));
}
}
// if we're still alive it means that the resized file has not been
// found
log_msg('warn', 'image_serve_resource: could not serve image-resized-file ' . quot($fn) . ', falling back to original');
$need_auth = false;
} elseif (empty($obj['image-resized-file'])) {
// we don't have a resized file
$need_auth = false;
} else {
// we really want to download the original
$need_auth = true;
}
if (!empty($obj['image-file'])) {
// we have the original file
if ($need_auth && !is_auth()) {
// require authentication
prompt_auth(true);
}
if (empty($obj['image-file-mime'])) {
$obj['image-file-mime'] = '';
}
serve_file(CONTENT_DIR . '/' . $pn . '/shared/' . $obj['image-file'], $args['dl'], $obj['image-file-mime']);
}
// if everything fails
return false;
}
/**
* 如果没有验证, 返回错误代码
*/
public function ajax_user_auth()
{
if (!is_auth()) {
jsonReturn(1022);
//未登录
exit;
}
return true;
}
public function profile()
{
if (!is_auth()) {
redirect('admin/login');
}
$id = $this->session->userdata('id');
//if save button was clicked, get the data sent via post
if ($this->input->server('REQUEST_METHOD') === 'POST') {
//form validation
$this->form_validation->set_rules('name', 'name', 'required');
$this->form_validation->set_error_delimiters('<div class="alert alert-error"><a class="close" data-dismiss="alert">×</a><strong>', '</strong></div>');
$this->form_validation->set_rules('name', 'Name', 'trim|required');
if (is_admin()) {
$this->form_validation->set_rules('email', 'Email Address', 'trim|required|valid_email');
}
$pass = $this->input->post('password');
if ($pass) {
$this->form_validation->set_rules('password', 'Password', 'trim|required|min_length[4]|max_length[32]');
}
//if the form has passed through the validation
if ($this->form_validation->run()) {
if (is_admin()) {
$data_to_store = array('email' => $this->input->post('email'), 'active' => $this->input->post('active'), 'is_admin' => $this->input->post('is_admin'));
}
$data_to_store['name'] = $this->input->post('name');
if ($pass) {
$data_to_store['password'] = $this->__encrip_password($this->input->post('password'));
}
//if the insert has returned true then we show the flash message
if ($this->vendors_model->update_vendor($id, $data_to_store) == true) {
$this->session->set_flashdata('flash_message', 'updated');
} else {
$this->session->set_flashdata('flash_message', 'not_updated');
}
redirect('admin/profile');
}
//validation run
}
//if we are updating, and the data did not pass trough the validation
//the code below wel reload the current data
//product data
$data['manufacture'] = $this->vendors_model->get_vendor_by_id($id);
//load the view
$data['main_content'] = 'admin/users/profile';
$this->load->view('includes/template', $data);
}
