function page_footer()
{
page_cleanup();
print "\n </div> <!-- END MAIN CONTENT -->\n </div> <!-- END MAIN PANEL-->\n <!-- including footer partial -->\n";
include $_SERVER['DOCUMENT_ROOT'] . "/templates/partials/footer-bar.php";
include $_SERVER['DOCUMENT_ROOT'] . "/templates/partials/footer.php";
}
function page()
{
global $logger, $session, $db, $user;
//handle the check
$postData = $_POST;
if (time() < $session->csrf_expire) {
if ($session->csrf_token === $postData['csrf_token']) {
$email = $postData['email'];
$password = $postData['password'];
if ($postData['remember']) {
$remember = true;
} else {
$remember = false;
}
//ok, we're going to search for the user based on the email
$result = $db->select("id, email, password, token, active")->from('users')->where('email', $email)->fetch_first();
//if we have a record...
if ($db->affected_rows > 0) {
//found a matching user, now lets check the password
if (password_verify($password, $result['password']) && $result['active']) {
//valid user!
//do we have a token? if not, create one and then initialize the user object
if ($result['token'] == '' || $result['token'] == Null) {
$token = generate_random_string(32);
$db->where('id', $result['id'])->update('users', array('token' => $token))->execute();
} else {
$token = $result['token'];
}
$session->setCookie('user', $token, $remember);
$session->user_token = $token;
$session->logged_in = true;
$redirect = '/pages/dashboard.php';
page_cleanup($redirect);
} else {
// passwords don't match, let's set a formError and return to the index page
$session->setFormError('email', 'That email/password combination was not found!');
page_cleanup("/index.php");
}
} else {
// user not found, let's set a formError and return to the index page
$session->setFormError('email', 'That email/password combination was not found.');
page_cleanup("/index.php");
}
} else {
$session->setFormError('email', 'There was a token mismatch. Hack attempt foiled.');
page_cleanup("/index.php");
}
} else {
$session->setFormError('email', 'Timed out. Please don\'t let the form sit so long.');
page_cleanup("/index.php");
}
//print "Session: ".$session->csrf_token."<br>Form: ".$_POST['csrf_token']."";
}
if (!function_exists('nav')) {
function nav()
{
}
}
if (!function_exists('page_footer')) {
function page_footer()
{
}
}
if (!function_exists('document_close')) {
function document_close()
{
}
}
//now we load the execute the page
template_init();
}
} elseif ($ajax) {
/* ajax request, we're just going to be responding with a json string */
page();
} elseif ($post) {
/* this is a POST */
page();
} elseif ($template == '') {
print "No template or page function defined for this url.";
} else {
die("Not sure how you got here.");
}
page_cleanup();
//
$lang = getlang();
if (isset($lang)) {
if (file_exists("{$configdir}/{$lang}/config.php")) {
require "{$configdir}/{$lang}/config.php";
}
}
//
//
$pageid = getpageid();
if (!isset($pageid)) {
$pageid = $defaultpage;
}
$page_include = "include/" . $pageid;
$config_include = $configdir . "/" . $pageid;
if (file_exists($page_include)) {
if (file_exists($config_include)) {
require $config_include;
}
if (autherized(getuserid(), $pageauth)) {
require $page_include;
$page_var = page_init();
page_html_header($page_var);
page_main($page_var);
page_html_footer($page_var);
page_cleanup($page_var);
} else {
login();
}
}
// That's all folks ...
public function processForm($table, $fillable = array(), $message = 'Record updated successfully')
{
global $db, $session;
if ($this->checkFields($fillable)) {
//ok, let's do a database update
if ($this->method == 'PATCH') {
//updating a record
$db->where('id', $this->recordID)->update($table, $this->posted);
} else {
//create a new record
$this->recordID = $db->insert($table, $this->posted);
}
$session->setFlashSuccess($message);
page_cleanup($this->successURL);
}
}
