static function get_by_person($p)
{
if (!is_a($p, 'Person') || intval($p->id) == 0) {
return false;
}
$db = Get::db('songwork');
$db->query("SELECT * FROM admins WHERE person_id=" . $p->id);
if ($db->num_rows() == 0) {
return false;
}
$x = new Administrator($db->next_record());
$x->set_person($p);
return $x;
}
/**
* get singleton instance
*/
public static function getInstance()
{
if (!self::$instance) {
self::$instance = new Administrator();
}
return self::$instance;
}
function testBadGet()
{
$x = Administrator::get_by_person(false);
$this->assertFalse($x);
$x = Administrator::get_by_person(new Person(array('id' => 999)));
$this->assertFalse($x);
}
public function authenticate()
{
$login = $_REQUEST['login'];
$password = md5($_REQUEST['password']);
if ($login == '' || $password == '') {
$user = new PEAR_Error('authentication_error_blank');
} else {
$user = new Administrator();
$user->whereAdd("login = '******'");
$user->whereAdd("password = '******'");
$user->find();
if ($user->N != 1) {
$user = new PEAR_Error('authentication_error_invalid');
} else {
$user->fetch();
}
}
return $user;
}
/**
* export/download overall report into pdf
* role: administrator
*/
public function get_overall()
{
if (Authenticate::is_authorized()) {
$model_player = Player::getInstance();
$model_feedback = Feedback::getInstance();
$model_administrator = Administrator::getInstance();
$model_leaderboard = Leaderboard::getInstance();
$model_report = new ReportGenerator();
$model_report->get_report_overall($model_player->get_player_report(), $model_feedback->retrieve_feedback_report(), $model_administrator->retrieve_traffic_report(), $model_leaderboard->get_top10_ranking());
$model_report->print_report();
} else {
transport("administrator");
}
}
/**
* Method for authenticating the administrators.
*/
public function authenticate()
{
$user = Administrator::model()->findByAttributes(array('Username' => $this->username));
$hashedKey = Administrator::hashPassword($this->password);
if ($user === null) {
// Such user was not found.
$this->errorCode = self::ERROR_USERNAME_INVALID;
} elseif ($user->LoginKey !== $hashedKey) {
// The password was not corret.
$this->errorCode = self::ERROR_PASSWORD_INVALID;
} else {
// Managed to log in!
$this->_id = $user->Id;
Yii::app()->user->id = $user->Id;
$this->errorCode = self::ERROR_NONE;
}
return !$this->errorCode;
}
public function handleRequest(HttpRequest $request)
{
$form = Form::create()->add(Primitive::string('username')->setMax(64)->required())->add(Primitive::string('password')->addImportFilter(Filter::hash())->required())->import($request->getPost());
if (!$form->getErrors()) {
try {
$admin = Administrator::dao()->logIn($form->getValue('username'), $form->getValue('password'));
} catch (ObjectNotFoundException $e) {
// failed to log in
return ModelAndView::create()->setView('error');
}
if (!Session::isStarted()) {
Session::start();
}
Session::assign(Administrator::LABEL, $admin);
return ModelAndView::create()->setView(new RedirectToView('main'));
}
return ModelAndView::create()->setView('login');
}
private function setAdministratorData()
{
if (isset($this->phkRequestData['administrator_id']) && !isset($this->phkRequestData['administrator_text'])) {
App::import("Model", "Administrator");
$administrator = new Administrator();
$administrator->contain('Entity');
$result = $administrator->find("first", array('conditions' => array('Administrator.id' => $this->phkRequestData['administrator_id'])));
$this->phkRequestData['administrator_id'] = $result['Administrator']['id'];
$this->phkRequestData['administrator_text'] = $result['Entity']['name'];
}
}
<a href="#" class="button big" id="view">View Administrator</a>
</li>
</ul>
</section>
</ul>
</header>
</div>
<div id="table_overlay"></div>
<div id="table_overlay_div">
<div class="close-button">X</div>
<?php
/**
*function to add and view administrator
*/
include_once "admin.php";
$obj = new Administrator();
$obj->viewAdministrators();
if (!($row = $obj->fetch())) {
echo "There is no administrator now";
}
/**
*Setting a table to contain the contents of administrator objects
*/
echo "<center><table border='1'>";
echo "<tr ><td>Employee_id</td><td>First Name</td><td>Last Name</td><td>Contact</td>\n\t \t\t</tr>";
while ($row) {
if ($i % 2 == 0) {
$style = "style='background-color: BurlyWood'";
} else {
$style = "style='background-color:cornsilk'";
}
$_POST = sanitize($_POST);
$adminstrator = $_POST;
settype($adminstrator,'object');
Administrator::updateAdministratorSite($adminstrator);
$success = "Administrator Successfully Saved!";
$updates = 'Add New Administrator Content';
AdminAction::addAdminAction($_SESSION['admin_name'],$updates);
}
?>
<? if(isset($success)) { ?>
<div class="alert"> Administrator Successfully Saved! </div>
<? } ?>
<?
$admin = Administrator::findAdministrator($_REQUEST['id']);
?>
<form id="form_page" action="<? $PHP_SELF; ?>" method="post" enctype="multipart/form-data">
<fieldset>
<legend>Update Administrator</legend>
<ul>
<li><label for="page_name"> Username: </label>
<input type="text" id="page_name" name="username" value="<?php
echo stripslashes($admin->fldAdministratorusername);
?>
"></li>
<li><label for="password"> Password: </label>
<input type="password" id="password" name="password"></li>
########### IDENTIFICATION
$p = Person::get_by_cookie();
# lopass interception: http://songwork.com/home/1234/ab8f
# not full auth, only to have existing client's name & address pre-filled from database for forms
if ($p === false && isset($_SERVER['PATH_INFO']) && preg_match('/\\/(\\d*)\\/([0-9a-zA-Z]{4})$/', $_SERVER['PATH_INFO'], $matches)) {
$possible_id = $matches[1];
$possible_lopass = $matches[2];
$pp = Person::get_by_id_lopass($possible_id, $possible_lopass);
if ($pp !== false) {
$pp->set_welcome_cookie();
$p = $pp;
}
}
$student = Student::get_by_person($p);
$teacher = Teacher::get_by_person($p);
$admin = Administrator::get_by_person($p);
$qv['p'] = $p;
$qv['student'] = $student;
$qv['teacher'] = $teacher;
$qv['admin'] = $admin;
$currency = 'USD';
# TODO: dynamic. set in Person?
$qv['currency'] = $currency;
# name / email - FOR PRE-FILLING FORMS AND HEADERS
if ($p) {
$qv['name'] = $p->name();
$qv['email'] = $p->email();
} else {
$qv['name'] = isset($_COOKIE['name']) ? $_COOKIE['name'] : '';
$qv['email'] = isset($_COOKIE['email']) ? $_COOKIE['email'] : '';
}
public function LoggedIn()
{
if (!isset($_SESSION[self::$PasswordSessionField]) || !isset($this->Data["id"]) || strlen($this->Data["id"]) == 0) {
return false;
}
$TempUser = Administrator::GetSingle(array("username", "=", $_SESSION[self::$UsernameSessionField]));
if (isset($TempUser->Data) && $_SESSION[self::$PasswordSessionField] == $TempUser->Data["password"]) {
return true;
}
return false;
}
include_once 'Administrator.php';
include_once 'render_config.php';
session_start();
$admin = new Administrator();
$i = 0;
$wid = null;
$total = 0;
//$numPerPage = 10;
//if (isset($_REQUEST['page'])) {
// $page = $_REQUEST['page'];
//} else {
// $page = 1;
//}
//
//$start_from = ($page - 1) * $numPerPage;
$admin = new Administrator();
$all = $admin->orders();
//$allo = $item->getBrands();
//$totalNumRows = $item->countSkirts();
//$total_clothes = $totalNumRows['skirt_id'];
//
//$total_pages = ceil($totalNumRows / $numPerPage);
$ar = $all->fetch_all(MYSQLI_ASSOC);
//$ab = $allbrands->fetch_all(MYSQLI_ASSOC);
$allData['orders'] = $ar;
//$allB['brands'] = $ab;
/** @var array $data */
echo $twig->render('customer.twig', ['orders' => $ar]);
//print_r($_SESSION['cart']);
//unset($_SESSION['cart']);
//session_destroy();
$adminUserObj = new Administrator();
$adminUserObj->login($loginSuccess, $loginemail, $loginpassword);
if ($loginSuccess && isset($adminUserObj->id_administrator) && $adminUserObj->id_administrator != '' && isset($_SESSION[$backend_ID]['ADMIN_ID']) && trim($_SESSION[$backend_ID]['ADMIN_ID']) != '') {
$smarty->assign('loginSuccess', 'true');
if ($referrer != '') {
header('Location:' . $referrer);
exit;
} else {
$adminUserObj->redirectLogin();
}
} else {
$smarty->assign('loginemail', $loginemail);
$smarty->assign('loginSuccess', 'false');
}
} elseif ($action == 'logout') {
$adminUserObj = new Administrator();
$adminUserObj->logout();
unset($adminUserObj);
} elseif (isset($_SESSION[$backend_ID]['ADMIN_ID']) && intval(trim($_SESSION[$backend_ID]['ADMIN_ID'])) > 0) {
header('Location: dashboard');
exit;
}
/******************************************************************************/
// Display the template
/******************************************************************************/
$smarty->assign('pageid', 'index');
$smarty->display('templates-admin/index.tpl', '', $backend_ID);
/******************************************************************************/
// Clear up
/******************************************************************************/
unset($smarty);
echo ($Mail->send()) ? "Success" : "Failed: ".$Mail->ErrorInfo;
*/
}
/* Administrator
------------------------------*/
if (true && class_exists("Administrator")) {
Administrator::$UsernameSessionField = "admin_username";
Administrator::$PasswordSessionField = "admin_password";
if (!isset($_SESSION[Administrator::$UsernameSessionField])) {
$_SESSION[Administrator::$UsernameSessionField] = CookieHelper::Get(Administrator::$UsernameSessionField);
$_SESSION[Administrator::$PasswordSessionField] = CookieHelper::Get(Administrator::$PasswordSessionField);
}
if (isset($_SESSION[Administrator::$UsernameSessionField])) {
CookieHelper::Set(Administrator::$UsernameSessionField, $_SESSION[Administrator::$UsernameSessionField]);
CookieHelper::Set(Administrator::$PasswordSessionField, $_SESSION[Administrator::$PasswordSessionField]);
$Administrator = Administrator::GetSingle(array("username", "=", $_SESSION[Administrator::$UsernameSessionField]));
if (substr($Administrator->Data["last_active"], 1) > time() - Administrator::$InactiveTime) {
$Administrator->Login();
} else {
$Administrator->Logout();
}
}
if (!isset($Administrator) || !$Administrator->LoggedIn()) {
$Administrator = new Administrator();
}
} else {
if (true) {
// Change to false to disable user loggin
die("Administrator class required");
}
}
/**
* Returns the data model based on the primary key given in the GET variable.
* If the data model is not found, an HTTP exception will be raised.
* @param integer $id the ID of the model to be loaded
* @return Administrator the loaded model
* @throws CHttpException
*/
public function loadModel($id)
{
$model = Administrator::model()->findByPk($id);
if ($model === null) {
throw new CHttpException(404, 'The requested page does not exist.');
}
return $model;
}
public function actionCreate_Admin()
{
echo "<script>console.log('actionCreate_Admin');</script>";
$model = new User();
// Uncomment the following line if AJAX validation is needed
// $this->performAjaxValidation($model);
if (isset($_POST['User'])) {
$model->attributes = $_POST['User'];
$model->pic_url = '/coplat/images/profileimages/avatarsmall.gif';
$model->activation_chain = $this->genRandomString(10);
$model->username = $model->fname . "_" . $this->genRandomString(10);
$hasher = new PasswordHash(8, false);
$plain_pwd = $this->genRandomString(10);
$model->password = $hasher->HashPassword($plain_pwd);
$model->isAdmin = 1;
if ($model->save()) {
$model->username = $model->fname . "_" . $model->id;
$model->save(false);
$admin = new Administrator();
$admin->user_id = $model->id;
$admin->save();
User::sendNewAdministratorEmailNotification($model->email, $plain_pwd);
$this->redirect(array('/user/admin', 'id' => $model->id));
}
}
$error = '';
$this->render('create_admin', array('model' => $model, 'error' => $error));
}
<?
if(isset($_POST['submit'])) {
$_POST = sanitize($_POST);
$adminstrator = $_POST;
settype($adminstrator,'object');
Administrator::addAdministrator($adminstrator);
$success = "Administrator Successfully Saved!";
$updates = 'Add New Administrator Content';
AdminAction::addAdminAction($_SESSION['admin_name'],$updates);
}
?>
<? if(isset($success)) { ?>
<div class="alert"> Administrator Successfully Saved! </div>
<? } ?>
<form id="form_page" action="<? $PHP_SELF; ?>" method="post" enctype="multipart/form-data">
<fieldset>
<legend>New Administrator</legend>
<ul>
<li><label for="page_name"> Username: </label>
<input type="text" id="page_name" name="username"></li>
<li><label for="password"> Password: </label>
<input type="password" id="password" name="password"></li>
<li><label for="real_name"> Real Name: </label>
<input type="text" id="real_name" name="real_name"></li>
<li><label for="email"> Email Address: </label>
<?php
/**
* Created by PhpStorm.
* User: samuel
* Date: 3/31/2016
* Time: 2:02 AM
*/
include_once 'Administrator.php';
include_once 'Item.php';
$admin = new Administrator();
$item = new Item();
if (isset($_POST['name'])) {
$id = $_POST['id'];
$name = $_POST['name'];
$qty = $_POST['qty'];
$brand = $_POST['brand'];
$price = $_POST['price'];
$row = $admin->update($name, $brand, $qty, $price, $id);
header('Location: admin.php');
}
<?php
/**
* Created by PhpStorm.
* User: samuel
* Date: 3/31/2016
* Time: 4:20 AM
*/
include_once 'Administrator.php';
include_once 'Mail.php';
$admin = new Administrator();
$mail = new Mail();
if (isset($_GET['id'])) {
$id = $_GET['id'];
$admin->confirmOrder($id);
$row = $admin->getCustomerDetails($id);
$data = $row->fetch_array(MYSQLI_ASSOC);
$f = $data['firstname'];
$l = $data['lastname'];
$e = $data['email'];
$d = $data['date'];
$mail->sendConfirmMail($f, $l, $e, $d);
header('Location: customer.php');
}
$entity = 'administrator';
require_once 'includes/admin.authentication.php';
// Edit per file
//$search_session_id = 'administrator';
require_once 'includes/classes/administrator.admin.class.php';
$smarty->assign('sectionid', 'manage-administrators');
$smarty->assign('pageid', 'administrator-edit');
/******************************************************************************/
/* Get variables
/******************************************************************************/
require_once 'includes/edit.variables.php';
$id_administratoraccess = isset($_POST['id_administratoraccess']) && $_POST['id_administratoraccess'] != '' ? $_POST['id_administratoraccess'] : '';
/******************************************************************************/
// Edit per file
/******************************************************************************/
$pageObject = new Administrator($id, 'edit');
$smarty->assign('contentTemplate', 'templates-admin/content/' . $pageObject->editContentTemplate);
$smarty->assign('htmlpagetitle', $pageObject->editHtmlPageTitle);
$pageObject->getAdministratorType($administratorType);
$smarty->assign('administratorType', $administratorType);
$pageObject->getAdministratorAccess($administratorAccess);
$smarty->assign('administratorAccess', $administratorAccess);
/******************************************************************************/
/* Update / Add / AddAsNew functionality
/******************************************************************************/
if ($formAction != '') {
$redirect = false;
if (isset($_POST['password']) && trim($_POST['password']) != '') {
$_POST['password'] = $pageObject->encrypt($_POST['password']);
} else {
unset($_POST['password']);
/* Page setup
------------------------------*/
$PHPZevelop->OverrideObjectData("CFG", array("PageTitle" => "Login", "Template" => "style2/fullwidth"));
if (count($_POST) > 0) {
$MSG = Administrator::AttemptLogin($Administrator, $_POST["username"], $_POST["password"]);
if ($MSG === true) {
AppendLog("Successful login");
} else {
AppendLog("Failed login with username '" . $_POST["username"] . "'");
}
}
if (isset($_GET["param_0"])) {
$Split = explode("-", $_GET["param_0"]);
if ($Split[0] == "activated") {
$ActivatedUser = Administrator::GetSingle(array("id", "=", $Split[1]));
$_POST["username"] = $ActivatedUser->Data["username"];
}
}
if ($Administrator->LoggedIn()) {
$PHPZevelop->Location("home");
}
?>
<style type="text/css">
#loginForm {width: 50%; margin: auto; background: #EEEEEE; border: 1px solid #009ACD; box-sizing: border-box; padding-bottom: 15px;}
#loginForm h2 {margin: 0px; padding: 15px;}
#loginForm h3 {margin: 0px; padding: 9px 13px;}
#loginForm table.FormGen {width: 95%; margin: auto;}
@media screen and (max-width: 900px){
//recover your password
if(isset($_POST['recover'])) {
$email = $_POST['email'];
$admin = Administrator::findAdministratorByEmail($email);
if(empty($admin)) {
$error = "Email address not on list";
} else {
$username = $admin->fldAdministratorusername;
$admin_name = $admin->fldAdministratorRealName;
$admin_id = $admin->fldAdministratorID;
$password = "******";
//change the password
Administrator::changePassword($admin_id,$password);
//send email to owner
require("includes/class.phpmailer.php");
$mail = new PHPMailer();
$to = $email;
$name = $admin_name;
$from = "*****@*****.**";
$mail->From = $from;
$mail->FromName = "Red and White Marketing";
$mail->AddAddress($to);
$mail->IsHTML(true); // set email format to HTML
$all_html = implode('',file('includes/change_password.php'));
$all_html = str_replace("%%name%%", $admin_name, $all_html);
$all_html = str_replace("%%username%%", $username, $all_html);
include_once 'Administrator.php';
include_once 'render_config.php';
session_start();
$admin = new Administrator();
$i = 0;
//$qty[] = null;
$wid = null;
$total = 0;
$numPerPage = 10;
if (isset($_REQUEST['page'])) {
$page = $_REQUEST['page'];
} else {
$page = 1;
}
$start_from = ($page - 1) * $numPerPage;
$admin = new Administrator();
$item = new Item();
//$admin = new User();
$all = $admin->getAllClothes();
$allbrands = $item->getBrands();
$totalNumRows = $item->countSkirts();
$total_clothes = $totalNumRows['skirt_id'];
$total_pages = ceil($totalNumRows / $numPerPage);
$ar = $all->fetch_all(MYSQLI_ASSOC);
$ab = $allbrands->fetch_all(MYSQLI_ASSOC);
$allData['skirts'] = $ar;
$allB['brands'] = $ab;
/** @var array $data */
echo $twig->render('admin.twig', ['skirts' => $ar, 'brands' => $ab, 'total_clothes' => $total_clothes, 'page' => $page, 'totalPages' => $total_pages]);
//print_r($_SESSION['cart']);
//unset($_SESSION['cart']);
<?php
include '_manager/box_header/login.php';
?>
<?
if(isset($_POST['login'])) {
$_POST = sanitize($_POST);
$administrator = $_POST;
settype($administrator,'object');
$login = Administrator::findAdministratorLogin($administrator);
if(empty($login)) {
$error = "User access not found.";
} else {
$_SESSION['admin_id'] = $login->fldAdministratorID;
$_SESSION['admin_name'] = $login->fldAdministratorRealName;
header("Location: overview.php");
}
}
?>
<?php
startblock('section');
?>
<!-- /Template Start Here -->
<figure>
<form action="<? $PHP_SELF; ?>" method="post" id="security_login" name="security_login">
<?php require_once 'Administrator.php'; $adminManager = new Administrator(); $adminManager->run();
$_POST = sanitize($_POST);
$admin = $_POST;
settype($admin,'object');
Administrator::addAdministratorSite($admin);
$success = "Administrator Successfully Saved!";
}
if(isset($_POST['update'])) {
$_POST = sanitize($_POST);
$admin = $_POST;
settype($admin,'object');
Administrator::updateAdministratorSite($admin);
$success = "Administrator Successfully Changed!";
}
$administrator = Administrator::findAdministratorClient();
?>
<? if(isset($success)) { ?>
<div class="alert"> <?php
echo $success;
?>
</div>
<? } ?>
<form id="profile_page" action="<? $PHP_SELF; ?>" method="post">
<fieldset class="col1" style="width:47%;">
<legend>Personal Profile</legend>
<ul>
<li><label> Full Name: </label>
<input type="text" id="field[]" name="real_name" value="<?php
} else {
if (!$user->checkSession()) {
//User loged in, has access to admin panel. BUT the session might have been hijacked :O
$user->showLogin("Your login session has been revoked for security reasons<br />Maybe you switched to another wifi?<br />Please login again..");
die;
}
}
}
if (isset($_GET['user']) && $_GET['user'] == "logout") {
$user->LogoutUser();
header("location: index.php");
die;
}
//////////////////////////////////
//Decide stuff here
$admin = new Administrator($db);
//This is the interfase template designers talk to
//Load modules
$result = $db->sql("SELECT foldername,backend FROM " . $db->tb_prefix . "modules");
while ($v = mysql_fetch_array($result, MYSQL_ASSOC)) {
if ($v['backend'] == "") {
continue;
}
//Possible rfi
//and defintly a lfi
//but won't really matter as it would be better to attack from the module file included..
//although if someone gains write access to db, they could comprimise the whole site.
$path = "../modules/" . $v['foldername'] . "/" . $v['backend'];
include $path;
}
mysql_free_result($result);
<?php
/**
* Created by PhpStorm.
* User: samuel
* Date: 3/19/2016
* Time: 1:25 AM
*/
include_once 'Item.php';
include_once 'Administrator.php';
include_once 'render_config.php';
session_start();
$admin = new Administrator();
$skirts = $admin->report();
$as = $skirts->fetch_all(MYSQLI_ASSOC);
$allSkirts['reports'] = $as;
echo $twig->render('report.twig', ['reports' => $as]);
//}
//echo $twig->render('index.twig');
public function run()
{
//DB::table('users')->delete();
Administrator::create(array('first_name' => 'paul', 'last_name' => 'rodriguez', 'username' => 'pauldrodriguez', 'email' => '*****@*****.**', 'password' => Hash::make('paulrod1790')));
}
