public function __construct($pagina, $naam)
{
$taal = new Taal();
$auth = new Auth(false);
echo "<div id='topbar'> <div id='language'><ul class='swapUnderline'>";
if (!$auth->isLoggedIn() || $auth->isLoggedIn() && !$auth->getUser()->isPersoneel()) {
if ($taal->getTaal() == "nl") {
echo "<li class='selected'> NL</li>";
echo "<li class='last-child'><a href='veranderTaal.php?vorige=" . $_SERVER['PHP_SELF'] . "?" . $_SERVER['QUERY_STRING'] . "'>EN</a></li>";
} else {
echo "<li><a href='veranderTaal.php?vorige=" . $_SERVER['PHP_SELF'] . "?" . $_SERVER['QUERY_STRING'] . "'>NL</a></li>";
echo "<li class='selected last-child'> EN</li>";
}
}
echo "</ul></div><div id='user'><ul class='swapUnderline'>";
if (!$auth->isLoggedIn()) {
echo "<li class='last-child'><a class='Logintext advanced' href='" . Auth::getLoginURL() . "'> " . $taal->msg('aanmelden') . "</a></li>";
} else {
echo "<li class='last-child member'>" . $auth->getUser()->getGebruikersnaam() . " - <a class='Logintext' href='logout.php'' title='uitloggen'' >" . $taal->msg('afmelden') . "</a></li>";
}
echo "</ul> \n\t\t\t</div> \n\t\t</div> ";
echo "<div id='header'> \n\t\t\t<div id='headerleft'> \n\t\t\t\t<h1> <a href='http://www.ugent.be/nl' title='Universiteit Gent'><img src='images/universiteit_gent.gif' alt='Universiteit Gent'/> </a> </h1> \n\t\t\t\t<h2> <a href='index.php'>Online Herstelformulier</a></h2>\n\t\t\t</div> \n\t\t\t<div id='headerright'> </div> \n\t\t</div> ";
echo "<div id='breadcrumb' class='swapUnderline'>\n\t\t\t<span>" . $taal->msg('u_bent_hier') . "</span>";
$r = "";
foreach ($pagina as $key => $value) {
$r .= " <a class='br-act' href='{$value}'>" . $taal->msg($naam[$key]) . "</a> >";
}
echo substr($r, 0, -2);
echo "</div> ";
}
public function download__download()
{
$file = Request::get('file');
$filename = Path::fromAsset($file);
$as = Request::get('as', $file);
$logged_in = filter_var(Request::get('logged_in', true), FILTER_VALIDATE_BOOLEAN);
$override = Request::get('override');
if (!$logged_in) {
// first make sure there's an override in the config
$override_config = $this->fetchConfig('override');
if (!$override_config) {
die('No override key configured');
}
// now see if there's an override param
if (!$override) {
die('No override param');
}
if ($override_config != $override) {
die("Override key & param don't match");
}
} elseif (!Auth::isLoggedIn()) {
// if the user has to be logged in, see if they are
die('Must be logged in');
}
if (!$this->download($filename, $as)) {
die('File doesn\'t exist');
}
}
function __construct()
{
parent::__construct();
//pagination area
$config['full_tag_open'] = '<ul class="pagination pagination-sm no-margin pull-right">';
$config['full_tag_close'] = '</ul>';
$config['first_link'] = '<i class="fa fa-angle-left"></i><i class="fa fa-angle-left"></i>';
$config['first_tag_open'] = '<li class="prev">';
$config['first_tag_close'] = '</li>';
$config['last_link'] = '<i class="fa fa-angle-right"></i><i class="fa fa-angle-right"></i>';
$config['last_tag_open'] = '<li class="next">';
$config['last_tag_close'] = '</li>';
$config['next_link'] = '<i class="fa fa-angle-right"></i>';
$config['next_tag_open'] = '<li class="next">';
$config['next_tag_close'] = '</li>';
$config['prev_link'] = '<i class="fa fa-angle-left"></i>';
$config['prev_tag_open'] = '<li class="prev">';
$config['prev_tag_close'] = '</li>';
$config['cur_tag_open'] = '<li class="active"><a href="javascript:void()">';
$config['cur_tag_close'] = '</a></li>';
$config['num_tag_open'] = '<li>';
$config['num_tag_close'] = '</li>';
$this->configpagination = $config;
unset($config);
if (!Auth::isLoggedIn()) {
redirect('login');
}
}
function pageController()
{
$errors = [];
if (!Auth::isLoggedIn()) {
header('Location: users.create.php');
exit;
}
$userObject = UserModel::find($_SESSION['user_id']);
if (!empty($_POST)) {
try {
$userObject->first_name = Input::getString('firstName');
} catch (Exception $e) {
$errors[] = $e->getMessage();
}
try {
$userObject->last_name = Input::getString('lastName');
} catch (Exception $e) {
$errors[] = $e->getMessage();
}
if (Input::get('password1') == Input::get('password2')) {
try {
$userObject->password = Input::getPassword('password1', $userObject->first_name, $userObject->last_name, $userObject->email);
} catch (Exception $e) {
$errors[] = $e->getMessage();
}
}
$userObject->save();
}
return ['user' => $userObject, 'errors' => $errors];
}
public function __construct()
{
parent::__construct();
if (Auth::isLoggedIn()) {
redirect('home');
}
}
function pageController()
{
if (Auth::isLoggedIn()) {
header("Location: index.php");
exit;
}
try {
$email = Input::getString('email');
} catch (Exception $e) {
$email = '';
}
try {
$password = Input::getString('password');
} catch (Exception $e) {
$password = '';
}
$user = UserModel::findByEmail($email);
// if(empty($user))
// {
// header("Location: users.create.php");
// exit();
// }
if (Auth::attempt($user, $password)) {
Auth::setSessionVariables($user);
header("Location: index.php");
exit;
}
return array('email' => $email, 'loggedIn' => Auth::isLoggedIn());
}
public function pagereorder_redux__reorder()
{
$response = array('linkage' => null, 'message' => 'No order data received. Please try again.', 'status' => 'error');
// Get current user, to check if we're logged in.
if (!Auth::isLoggedIn()) {
exit('Invalid Request');
}
// Get POST data from request.
$order = Request::post('order', false);
$entry_folder = Request::post('entry_folder', false);
// Make sure we've got a response.
if (!$order || !$entry_folder) {
Log::error($response['message'], 'pagereorder_redux');
echo json_encode($response);
return false;
}
// Array of page order objects.
$page_order = json_decode($order);
if (isset($page_order[0]->url) && $page_order[0]->url != '') {
$response = $this->order_set($page_order, $entry_folder);
} else {
$response['message'] = "The data submitted was invalid";
}
echo json_encode($response);
return true;
}
public function userIsAuthorized($action)
{
// Dafür sorgen, dass eine Anfrage ggf. auf das Login weitergeleitet wird,
// wenn die Session abgelaufen ist und nach erfolgtem Login nahtlos auf
// die angeforderte Seite weitergeleitet wird
if ($this->module_name != 'login' && !Auth::isLoggedIn()) {
$_SESSION['pixelmanager_temp_login_redirect']['uri'] = $_SERVER['REQUEST_URI'];
$_SESSION['pixelmanager_temp_login_redirect']['get'] = $_GET;
$_SESSION['pixelmanager_temp_login_redirect']['post'] = $_POST;
$_SESSION['pixelmanager_temp_login_redirect']['request'] = $_REQUEST;
Helpers::redirect(Config::get()->baseUrl . 'admin/html-output/login');
} else {
if ($this->module_name != 'login') {
if (isset($_SESSION['pixelmanager_temp_login_redirect'])) {
$_GET = $_SESSION['pixelmanager_temp_login_redirect']['get'];
$_POST = $_SESSION['pixelmanager_temp_login_redirect']['post'];
$_REQUEST = $_SESSION['pixelmanager_temp_login_redirect']['request'];
unset($_SESSION['pixelmanager_temp_login_redirect']);
}
}
}
// Wenn es sich um ein Zusatzmodul handelt, ggf. auf Zugangsberechtigung prüfen
if ($this->isCustomBackendModule()) {
$can_user_access = $this->canUserAccessCustomBackendModule();
if ($can_user_access === false) {
$this->accessDenied();
}
return $can_user_access;
}
// Anfrage wurde bis jetzt nicht abgefangen, also erstmal annehmen, dass der Zugriff erlaubt ist
return true;
}
public function __construct($categorie) {
$this->huidigePagina = basename($_SERVER['REQUEST_URI']);
$this->categorie = $categorie;
try{
$a = new Auth(false);
$taal = new Taal();
echo("<div id='navigationhome'><div id='mainnav'><ul>");
echo self::generateItem("index.php", $taal->msg('Index'));
if($a->isLoggedIn()){//zijn we ingelogd?
if($a->getUser()->isPersoneel()){//zijn we personeel?
echo self::generateItem("personeelMeldingToevoegen.php", "Defect Melden");
echo self::generateItem("personeelAdmin.php", "Beheer", true, true);
if($categorie == "Beheer"){//submenu beheer
echo"<ul>";
echo(self::generateItem("personeelAdminHomes.php","Beheer Homes"));
echo(self::generateItem("personeelAdminBeheerders.php","Beheer Beheerders"));
echo(self::generateItem("personeelAdminCategorie.php","Beheer Categorieën"));
$lijst = $a->getUser()->getHomesLijst();
foreach($lijst as $home){
echo(self::generateItem("personeelAdmin.php?homeId=".$home->getId(),"Home ".$home->getKorteNaam(), false, true));
}
echo"</ul></li>";
}
echo self::generateItem("personeelStatistiek.php", "Statistieken");
echo self::generateItem("personeelOverzicht.php", "Overzicht", true);
if($categorie == "Overzicht"){//submenu beheer
echo"<ul>";
echo(self::generateItem("personeelMeldingInformatie.php","Formulier"));
echo"</ul></li>";
}
if($a->getUser()->getGebruikersnaam()=="bmesuere" || $a->getUser()->getGebruikersnaam()=="bevdeghi"){
echo self::generateItem("errorlog.php", "Errorlog");
echo self::generateItem("ldapSearch.php", "LDAP");
}
}
else{//we zijn student
echo self::generateItem("studentOverzicht.php", $taal->msg('Overzicht'));
echo self::generateItem("studentMeldingToevoegen.php", $taal->msg('defect_melden'));
}
}
else{//we zijn niet ingelogd
echo self::generateItem(Auth::getLoginURL(), $taal->msg('aanmelden'));
echo self::generateItem("studentMeldingToevoegen.php", $taal->msg('defect_melden'));
}
echo("</ul></div><div class='visualClear'></div></div>");
}
catch (Exception $e){
//doe niets, anders krijgen we een error lus (Error.php genereert ook een menu...)
}
}
public function userIsAuthorized($action)
{
if ($this->module_name != 'login' && !Auth::isLoggedIn()) {
// Kein Benutzer eingeloggt, das Ausf�hren der angeforderten Action verhindern
$this->error(self::RESULT_ERROR_NOT_LOGGED_IN);
return false;
} else {
if (Auth::isLoggedIn()) {
// Wenn es sich um ein Zusatzmodul handelt, ggf. auf Zugangsberechtigung pr�fen
if ($this->isCustomBackendModule()) {
$can_user_access = $this->canUserAccessCustomBackendModule();
if ($can_user_access === false) {
$this->error(self::RESULT_ERROR_NOT_AUHTORIZED);
}
return $can_user_access;
}
}
}
// Anfrage wurde bis jetzt nicht abgefangen, also erstmal annehmen, dass der Zugriff erlaubt ist
return true;
}
public function run()
{
$authenticated = Auth::isLoggedIn();
$controller = ucfirst(strtolower(static::$request['controller'])) . 'Controller';
// some router logic / protection
if ($authenticated) {
if (isset(static::$request['params']['logout']) && Auth::logout()) {
$this->redirect('/');
}
if (isset(static::$request['params']['switchuser'])) {
$url = Auth::switchUser((int) static::$request['params']['switchuser']);
$this->redirect($url);
}
if (empty($controller) || $controller === 'FrontController' || $controller === 'JoinController' && Auth::$profile->profileSet()) {
$this->redirect('/central');
}
if ($controller !== 'JoinController' && !Auth::$profile->profileSet()) {
$this->redirect('/join');
}
if ($controller === 'AdminController' && !Auth::isAdmin()) {
$this->redirect('/errors/view/401');
}
} else {
if (!static::$request['public']) {
$this->redirect('/');
}
}
if (class_exists($controller, true)) {
$props = !empty(Auth::$profile) ? ['profile' => Auth::$profile] : [];
$invoke = new $controller();
return $invoke(static::$request, $props);
// invoke controller
} else {
$this->redirect('/errors/view/404');
}
}
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="<?php
echo Config::get("custom.admin_base_url");
?>
">LA1:TV CMS</a>
</div>
<div class="collapse navbar-collapse">
<ul class="nav navbar-nav">
@yield('navbarList', '')
</ul>
<a class="btn btn-info navbar-btn navbar-right" href="<?php
echo e(URL::to(Auth::isLoggedIn() ? "/admin/login/logout" : "/admin/login"));
?>
"><?php
echo !Auth::isLoggedIn() ? "Login" : "Log Out";
?>
</a>
</div>
</div>
</div>
@yield('content')
<div id="footer">
<div class="container">
<p class="text-muted footer-txt">The custom built content management system for LA1:TV.</p>
</div>
</div>
@stop
public function upgrade($version)
{
$auth = new Auth();
if (!$auth->isLoggedIn() || !$auth->isAdmin()) {
return "Must be logged in as admin";
}
$path = $_SERVER['DOCUMENT_ROOT'] . $_SERVER['APP_ROOT'] . "library/installer/schemas/update" . $version . ".sql";
if (!file_exists($path)) {
return "Schema does not exist";
}
$settings = WposAdminSettings::getSettingsObject('general');
if (floatval($settings->version) >= floatval($version)) {
return "Db already at the latest version";
}
$sql = file_get_contents($path);
try {
$result = $this->db->_db->exec($sql);
if ($result !== false) {
switch ($version) {
case "1.0":
// set sales type & channel
$sql = "UPDATE `sales` SET `type`='sale', `channel`='pos';";
if ($this->db->_db->exec($sql) === false) {
return $this->db->_db->errorInfo()[0];
}
// set payment dt to process dt and update sales json with extra params
$sql = "SELECT * FROM `sales`;";
$sales = $this->db->select($sql, []);
foreach ($sales as $sale) {
$data = json_decode($sale['data']);
$data->id = $sale['id'];
$data->balance = 0.0;
$data->dt = $sale['dt'];
$data->status = $sale['status'];
if ($data == false) {
die("Prevented null data entry");
}
$sql = "UPDATE `sales` SET `data`=:data WHERE `id`=:saleid";
$this->db->update($sql, [":data" => json_encode($data), ":saleid" => $sale['id']]);
$sql = "UPDATE `sale_payments` SET `processdt=:processdt WHERE `saleid`=:saleid";
$this->db->update($sql, [":processdt" => $sale['processdt'], ":saleid" => $sale['id']]);
}
// update config, add google keys
WposAdminSettings::putValue('general', 'version', '1.0');
WposAdminSettings::putValue('general', 'gcontact', 0);
WposAdminSettings::putValue('general', 'gcontacttoken', '');
WposAdminSettings::putValue('pos', 'priceedit', 'blank');
// copy new templates
copy($_SERVER['DOCUMENT_ROOT'] . $_SERVER['APP_ROOT'] . 'docs-template/templates', $_SERVER['DOCUMENT_ROOT'] . $_SERVER['APP_ROOT'] . 'docs/');
break;
case "1.1":
WposAdminSettings::putValue('general', 'version', '1.1');
}
return true;
} else {
return $this->db->_db->errorInfo()[0];
}
} catch (Exception $e) {
return $e->getMessage();
}
}
<?php
require_once __DIR__ . '/../../includes/helpers.php';
require_once __DIR__ . '/../../loader.php';
Session::checkSession();
$a = new Auth();
if (!$a->isLoggedIn()) {
redirect_to('login.php');
exit;
}
$u = User::getUser();
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
<!--<link rel="icon" href="../../favicon.ico"> -->
<title>Photolia</title>
<!-- Bootstrap core CSS -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" crossorigin="anonymous">
<!-- Custom styles for this template -->
<link href="../css/style.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
public function profile_form()
{
if (!Auth::isLoggedIn()) {
// not logged in
return false;
}
$attr_string = '';
$member = Auth::getCurrentMember();
$site_root = Config::getSiteRoot();
$username = $this->fetchParam('username', $member->get('username'));
$return = $this->fetchParam('return', $site_root, null, false, false);
$attr = $this->fetchParam('attr', false);
// get old values
$old_values = $this->flash->get('update_profile_old_values', array()) + Member::getProfile($username);
array_walk_recursive($old_values, function (&$item, $key) {
$item = htmlspecialchars($item);
});
// set up any data to be parsed into content
$data = array('error' => $this->flash->get('update_profile_error', ''), 'success' => $this->flash->get('update_profile_success', ''), 'field_errors' => $this->flash->get('update_profile_field_errors', array()), 'old_values' => $old_values);
// set up attributes
if ($attr) {
$attributes_array = Helper::explodeOptions($attr, true);
foreach ($attributes_array as $key => $value) {
$attr_string .= ' ' . $key . '="' . $value . '"';
}
}
// set username in flash
$this->flash->set('update_username', $username);
// set up form HTML
$html = '<form method="post" action="' . Path::tidy($site_root . "/TRIGGER/member/update_profile") . '" ' . $attr_string . '>';
$html .= '<input type="hidden" name="return" value="' . $return . '">';
$html .= '<input type="hidden" name="token" value="' . $this->tokens->create() . '">';
// are we editing someone other than the current user?
// security note, the hook for this form will check that the current
// user has permissions to edit this user's information
if ($username !== $member->get('username')) {
$html .= '<input type="hidden" name="username" value="' . $username . '">';
}
$html .= Parse::template($this->content, $data);
$html .= '</form>';
// return that HTML
return $html;
}
<?php
//login check
session_start();
require_once '../classes/Config.class.php';
require_once 'Auth.class.php';
require_once 'AccessException.php';
require_once 'Herstelformulier.class.php';
require_once 'DB.class.php';
$auth = new Auth(false);
if (!$auth->isLoggedIn() || !$auth->getUser()->isPersoneel()) {
throw new AccessException();
}
//aantal per pagina
$AANTAL_PER_PAGINA = 20;
//paginering stuff
$pagina = $_GET['page'] == "" ? 1 : $_GET['page'];
$vanaf = ($pagina - 1) * $AANTAL_PER_PAGINA;
$paginering = array();
$paginering['current_page'] = $pagina;
if ($_GET['waarden'] == "") {
$q = "SELECT id FROM herstelformulier";
} else {
$velden = json_decode(stripslashes($_GET["velden"]));
$waarden = json_decode(stripslashes($_GET["waarden"]));
//query opbouwen
$q = "SELECT DISTINCT herstelformulier.id FROM herstelformulier INNER JOIN user ON (herstelformulier.userId=user.id) INNER JOIN home ON (herstelformulier.homeId=home.id) LEFT JOIN relatie_herstelformulier_velden ON (herstelformulier.id=relatie_herstelformulier_velden.herstelformulierId)WHERE ";
foreach ($waarden as $key => $value) {
if (sizeof(explode("|", $velden[$key])) > 1) {
$e = explode("|", $velden[$key]);
$q .= "(" . $e[0] . " LIKE '%" . $value . "%' OR " . $e[1] . " LIKE '%" . $value . "%') AND ";
public function reset_password_form()
{
$data = array();
$errors = array();
// parse parameters and vars
$attr_string = '';
$site_root = Config::getSiteRoot();
$logged_in_redirect = $this->fetchParam('logged_in_redirect', $this->fetchConfig('member_home', $site_root), null, false, false);
$attr = $this->fetchParam('attr', false);
$hash = filter_input(INPUT_GET, 'H', FILTER_SANITIZE_URL);
// is user already logged in? forward as needed
if (Auth::isLoggedIn()) {
URL::redirect($logged_in_redirect, 302);
}
// no hash in URL?
if (!$hash) {
$errors[] = Localization::fetch('reset_password_url_invalid');
$data['url_invalid'] = true;
}
if (count($errors) == 0) {
// cache file doesn't exist or is too old
if (!$this->cache->exists($hash) || $this->cache->getAge($hash) > $this->fetchConfig('reset_password_age_limit') * 60) {
$errors[] = Localization::fetch('reset_password_url_expired');
$data['expired'] = true;
}
// flash errors
if ($flash_error = $this->flash->get('reset_password_error')) {
$errors[] = $flash_error;
}
}
// set up attributes
if ($attr) {
$attributes_array = Helper::explodeOptions($attr, true);
foreach ($attributes_array as $key => $value) {
$attr_string .= ' ' . $key . '="' . $value . '"';
}
}
// errors
$data['errors'] = $errors;
// set up form HTML
$html = '<form method="post" action="' . Path::tidy($site_root . "/TRIGGER/member/reset_password") . '" ' . $attr_string . '>';
$html .= '<input type="hidden" name="token" value="' . $this->tokens->create() . '">';
$html .= '<input type="hidden" name="hash" value="' . $hash . '">';
$html .= Parse::template($this->content, $data);
$html .= '</form>';
// return that HTML
return $html;
}
<div id="main">
<?new Menu(""); ?>
<div id="content" class="normal">
<div class="documentActions">
<ul>
<li><a href="javascript:this.print();"><img src="images/print_icon.gif" alt="<?php
echo $taal->msg('afdrukken');
?>
" title="<?php
echo $taal->msg('afdrukken');
?>
" id="icon-print"/></a></li>
</ul>
</div>
<? if($auth->isLoggedIn()){ //we zijn ingelogd
if ($auth->getUser()->isPersoneel()) { // personeel
?>
<h1>Statistieken</h1>
<p class="disclaimer">Hier vindt u binnenkort de statistieken over deze applicatie.</p>
<img src='graphs/tijd_formulier.php' alt='grafiekje'/>
<?
}
}
?>
</div>
</div>
</div>
<div class="visualClear"></div>
<? new Footer(); ?>
</body>
?>
</div>
<div id="error" style="display:none"><h1><?php
echo $taal->msg('fout');
?>
</h1><?php
echo $taal->msg('error_melding_evalueren');
?>
</div>
<div id="opmerkingvertaling" style="display:none"><?php
echo $taal->msg('opmerking');
?>
</div>
<div id='beforecontent'>
<?
if($auth->isLoggedIn()) {
if($auth->getUser()->isStudent()) {
// Toon listing van alle formulieren die als "gedaan" gemarkeerd zijn en die geevalueerd moeten worden
$list = Herstelformulier::getEvaluationList($auth->getUser()->getId());
?>
<h1><?php
echo $taal->msg('evaluatie_titel');
?>
</h1>
<p class="disclaimer"><?php
echo $taal->msg('disclaimer_evaluatie_melding');
?>
</p>
<table>
<tbody>
<tr class="legende">
<script src="js/bootstrap.min.js"></script>
</head>
<body>
<div class="container">
<div class="row">
<h3>Crud Php Pdo + Login</h3>
</div>
<?php
require 'Database.php';
require 'Auth.php';
$pdo = Database::connect();
$auth = new Auth($pdo);
?>
<div class="<?php
echo $auth->isLoggedIn() ? "loggedIn" : "loggedOut";
?>
">
<?php
require 'loginForm.php';
?>
</div>
<?php
if ($auth->isLoggedIn()) {
?>
<div class="row">
<p align="right">
<a href="?logout" class="btn btn-info">Logout</a>
</p>
<p>
<a href="create.php" class="btn btn-success">Create User</a>
<?php
require_once 'classes/Taal.class.php';
require_once 'classes/Auth.class.php';
session_start();
$auth = new Auth(false);
$taal = $_SESSION['taal'];
if ($taal == "nl") {
$_SESSION['taal'] = "en";
if ($auth->isLoggedIn() && $auth->getUser()->isStudent()) {
$auth->getUser()->setTaal("en");
$auth->getUser()->save();
}
} else {
$_SESSION['taal'] = "nl";
if ($auth->isLoggedIn() && $auth->getUser()->isStudent()) {
$auth->getUser()->setTaal("nl");
$auth->getUser()->save();
}
}
$vorige = $_GET['vorige'];
echo "<meta http-equiv=\"Refresh\" content=\"0; URL=" . $vorige . "\">";
$product = $_REQUEST['f']['product_id'];
}
$entity = EntityFactory::loadEntity('MeasureRates');
$ratedShippedValue = $entity->getRatedValue($_REQUEST['f']['measure_id'], KG_MEASURE, $product, $_REQUEST['f']['quantity']);
}
// Проверяем текущий остаток. Обновляем, если есть нужное кол-во товара.
$entity = EntityFactory::loadEntity('ProductStored');
$storedProduct = $entity->getOneItem($_REQUEST['f']['id']);
$currentReminder = $storedProduct['remainder'];
if ($currentReminder < $ratedShippedValue) {
$data['is_error'] = true;
$data['messages'][] = 'На складе нет столько товара. Текущий остаток: ' . $currentReminder . ' кг.';
} else {
$entity->edit(array('id' => $_REQUEST['f']['id'], 'datetime_modified' => strtotime('now'), 'remainder' => $currentReminder - $ratedShippedValue));
// Сохраняем информацию об отгрузке
$_REQUEST['f']['user_id'] = Auth::isLoggedIn();
$_REQUEST['f']['datetime'] = strtotime('now');
$_REQUEST['f']['stored_product_id'] = $_REQUEST['f']['id'];
$entity = EntityFactory::loadEntity('ProductShipped');
$result = $entity->shipProduct($_REQUEST['f']);
if (!$result || is_string($result)) {
$errors++;
$msg = 'Ошибка отгрузки';
if (is_string($result)) {
$msg .= ': ' . $result;
}
$msg .= '.';
} else {
$msg = 'Товар успешно отгружен.';
}
if ($errors > 0) {
<?php
session_start();
require_once '../classes/Config.class.php';
require_once 'exceptions/BadParameterException.class.php';
require_once 'exceptions/AccessException.php';
require_once 'DB.class.php';
require_once 'Auth.class.php';
$auth = new Auth(false);
if (!$auth->isLoggedIn() || !$auth->getUser()->isStudent()) {
throw new AccessException();
}
$formid = $_POST['formid'];
//if (!is_numeric($formid) || $formid < 1) throw new BadParameterException();
$db = DB::getDB();
$statement = $db->prepare("DELETE FROM herstelformulier WHERE id = ?");
$statement->bind_param('i', $formid);
$statement->execute();
$statement->close();
/**
* Target for the member:profile_form form
*
* @return void
*/
public function member__update_profile()
{
$site_root = Config::getSiteRoot();
$referrer = $_SERVER['HTTP_REFERER'];
$return = filter_input(INPUT_POST, 'return', FILTER_SANITIZE_URL);
// is user logged in?
if (!Auth::isLoggedIn()) {
URL::redirect($this->fetchConfig('login_url', $site_root, null, false, false));
}
// get current user
$member = Auth::getCurrentMember();
// get configurations
$allowed_fields = array_get($this->loadConfigFile('fields'), 'fields', array());
$role_definitions = $this->fetchConfig('role_definitions');
// who are we editing?
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$username = !$username ? $member->get('username') : $username;
// if the user isn't the current user, ensure that's allowed
if ($username !== $member->get('username')) {
// username is different from current user
if (!array_get($role_definitions, 'edit_other_users', null) || !$member->hasRole($role_definitions['edit_other_users'])) {
// this user does not have permission to do this
$this->flash->set('update_profile_error', 'You are not allowed to edit another member’s profile.');
URL::redirect($referrer);
} else {
// all set, update member
$member = Member::load($username);
}
}
// get old values
$old_values = $member->export();
// set up iterators and flags
$submission = array();
// loop through allowed fields, validating and updating
foreach ($allowed_fields as $field => $options) {
if (!isset($_POST[$field])) {
// was this username? that can be included separately
if ($field === 'username') {
$value = $username;
} else {
// field wasn't set, skip it
continue;
}
} else {
// set value
$value = filter_input(INPUT_POST, $field, FILTER_SANITIZE_STRING);
}
// set value
$old_values[$field] = $value;
// don't store this value if `save_value` is set to `false`
if (array_get($options, 'save_value', true)) {
$member->set($field, $value);
}
// add to submissions, including non-save_value fields because this
// is the list that will be validated
$submission[$field] = $value;
}
// validate
$errors = $this->tasks->validate($submission);
if (count($errors)) {
// errors were found, set a flash message and redirect
$this->flash->set('update_profile_error', 'Member profile not updated.');
$this->flash->set('update_profile_field_errors', $errors);
$this->flash->set('update_profile_old_values', $old_values);
URL::redirect($referrer);
} else {
// save member
$member->save();
// trigger a hook
$this->runHook('profile_update', 'call', null, $member);
// user saved
$this->flash->set('update_profile_success', 'Member profile updated.');
if ($return) {
URL::redirect($return);
} else {
URL::redirect($referrer);
}
}
}
public function upgrade($version, $authneeded = true)
{
if ($authneeded) {
$auth = new Auth();
if (!$auth->isLoggedIn() || !$auth->isAdmin()) {
return "Must be logged in as admin";
}
}
$path = $_SERVER['DOCUMENT_ROOT'] . $_SERVER['APP_ROOT'] . "library/installer/schemas/update" . $version . ".sql";
if (!file_exists($path)) {
return "Schema does not exist";
}
$settings = WposAdminSettings::getSettingsObject('general');
if (floatval($settings->version) >= floatval($version)) {
return "Db already at the latest version";
}
$sql = file_get_contents($path);
try {
$result = $this->db->_db->exec($sql);
/*if ($result===false){
echo $this->db->_db->errorInfo()[0];
}*/
switch ($version) {
case "1.0":
// set sales type & channel
$sql = "UPDATE `sales` SET `type`='sale', `channel`='pos';";
if ($this->db->_db->exec($sql) === false) {
return $this->db->_db->errorInfo()[0];
}
// set payment dt to process dt and update sales json with extra params
$sql = "SELECT * FROM `sales`;";
$sales = $this->db->select($sql, []);
foreach ($sales as $sale) {
$data = json_decode($sale['data']);
$data->id = $sale['id'];
$data->balance = 0.0;
$data->dt = $sale['dt'];
$data->status = $sale['status'];
if ($data == false) {
die("Prevented null data entry");
}
$sql = "UPDATE `sales` SET `data`=:data WHERE `id`=:saleid";
$this->db->update($sql, [":data" => json_encode($data), ":saleid" => $sale['id']]);
$sql = "UPDATE `sale_payments` SET `processdt=:processdt WHERE `saleid`=:saleid";
$this->db->update($sql, [":processdt" => $sale['processdt'], ":saleid" => $sale['id']]);
}
// update config, add google keys
WposAdminSettings::putValue('general', 'version', '1.0');
WposAdminSettings::putValue('general', 'gcontact', 0);
WposAdminSettings::putValue('general', 'gcontacttoken', '');
WposAdminSettings::putValue('pos', 'priceedit', 'blank');
// copy new templates
copy($_SERVER['DOCUMENT_ROOT'] . $_SERVER['APP_ROOT'] . 'docs-template/templates', $_SERVER['DOCUMENT_ROOT'] . $_SERVER['APP_ROOT'] . 'docs/');
break;
case "1.1":
WposAdminSettings::putValue('general', 'version', '1.1');
break;
case "1.2":
// update item tax values
$sql = "SELECT * FROM `sale_items`;";
$items = $this->db->select($sql, []);
foreach ($items as $item) {
if (is_numeric($item['tax'])) {
$taxdata = new stdClass();
$taxdata->values = new stdClass();
$taxdata->inclusive = true;
if ($item['tax'] > 0) {
$taxdata->values->{"1"} = $item['tax'];
$taxdata->total = $item['tax'];
} else {
$taxdata->total = 0;
}
$sql = "UPDATE `sale_items` SET `tax`=:tax WHERE `id`=:id";
$this->db->update($sql, [":tax" => json_encode($taxdata), ":id" => $item['id']]);
} else {
echo "Item record " . $item['id'] . " already updated, skipping item table update...<br/>";
}
}
// remove the "notax taxdata field, update gst to id=1"
$sql = "SELECT * FROM `sales`;";
$sales = $this->db->select($sql, []);
foreach ($sales as $sale) {
$needsupdate = false;
$data = json_decode($sale['data']);
if ($data == false) {
die("Prevented null data entry");
}
if (isset($data->taxdata->{"1"}) && $data->taxdata->{"1"} == 0) {
if (isset($data->taxdata->{"2"})) {
$data->taxdata->{"1"} = $data->taxdata->{"2"};
unset($data->taxdata->{"2"});
} else {
unset($data->taxdata->{"1"});
}
$needsupdate = true;
} else {
echo "Record " . $sale['id'] . " already updated, skipping sale taxdata update...<br/>";
}
foreach ($data->items as $skey => $sitem) {
if (is_numeric($sitem->tax)) {
$taxdata = new stdClass();
$taxdata->values = new stdClass();
$taxdata->inclusive = true;
if ($sitem->tax > 0) {
$taxdata->values->{"1"} = $sitem->tax;
$taxdata->total = $sitem->tax;
} else {
$taxdata->total = 0;
}
$data->items[$skey]->tax = $taxdata;
$needsupdate = true;
} else {
echo "Item record " . $sale['id'] . " already updated, skipping sale itemdata update...<br/>";
}
}
if ($needsupdate) {
$sql = "UPDATE `sales` SET `data`=:data WHERE `id`=:saleid";
$this->db->update($sql, [":data" => json_encode($data), ":saleid" => $sale['id']]);
}
}
// update stored item schema
$sql = "SELECT * FROM `stored_items`;";
$items = $this->db->select($sql, []);
$error = false;
foreach ($items as $item) {
if ($item['data'] == "") {
$id = $item['id'];
unset($item['id']);
$item['type'] = "general";
$item['modifiers'] = new stdClass();
$data = json_encode($item);
if ($data != false) {
$sql = "UPDATE `stored_items` SET `data`=:data WHERE `id`=:id";
if (!$this->db->update($sql, [":data" => $data, ":id" => $id])) {
$error = true;
}
}
}
}
if (!$error) {
$sql = "ALTER TABLE `stored_items` DROP `qty`, DROP `description`, DROP `taxid`;";
$this->db->update($sql, []);
}
// update devices schema
$sql = "SELECT * FROM `devices`;";
$devices = $this->db->select($sql, []);
foreach ($devices as $device) {
if ($device['data'] == "") {
$data = new stdClass();
$data->name = $device['name'];
$data->locationid = $device['locationid'];
$data->type = "general_register";
$data->ordertype = "terminal";
$data->orderdisplay = 1;
$data->kitchenid = 0;
$data = json_encode($data);
if ($data != false) {
$sql = "UPDATE `devices` SET `data`=:data WHERE `id`=:id";
$this->db->update($sql, [":data" => $data, ":id" => $device['id']]);
}
} else {
echo "Device record " . $device['id'] . " already updated, skipping sale itemdata update...<br/>";
}
}
WposAdminSettings::putValue('general', 'currencyformat', '$~2~.~,~0');
WposAdminSettings::putValue('general', 'version', '1.2');
}
// restart node server
$socket = new WposSocketControl();
$socket->restartSocketServer(['error' => 'OK']);
return "Update Completed Successfully!";
} catch (Exception $e) {
echo $this->db->_db->errorInfo()[0];
return $e->getMessage();
}
}
/**
* Does the current member have access to a given $url?
*
* @param string $url URL to check
* @return boolean
* @throws Exception
*/
public function hasAccess($url = null)
{
// load data for the given $url
$data = Content::get($url);
if (!isset($data['_protect']) || !$data['_protect']) {
return true;
}
// grab the protection scheme
$scheme = $data['_protect'];
// determine URLs
$login_url = URL::prependSiteRoot(array_get($scheme, 'login_url', $this->fetchConfig('login_url', '/', null, false, false)));
$no_access_url = URL::prependSiteRoot(array_get($scheme, 'no_access_url', $this->fetchConfig('no_access_url', '/', null, false, false)));
$password_url = URL::prependSiteRoot(array_get($scheme, 'password_form_url', $this->fetchConfig('password_url', '/', null, false, false)));
// support external log-in systems
$require_member = array_get($scheme, 'require_member', $this->fetchConfig('require_member', true, null, true, false));
$return_variable = array_get($scheme, 'return_variable', $this->fetchConfig('return_variable', 'return', null, false, false));
$use_full_url = array_get($scheme, 'use_full_url', $this->fetchConfig('use_full_url', false, null, true, false));
// get the current URL
$current_url = $use_full_url ? URL::tidy(Config::getSiteURL() . '/' . URL::getCurrent()) : URL::getCurrent();
// append query string
if (!empty($_GET)) {
$current_url .= '?' . http_build_query($_GET, '', '&');
}
// store if we've matched
$match = false;
if (isset($scheme['password'])) {
// this is a password-check
// get the form URL
$form_url = array_get($scheme['password'], 'form_url', Helper::pick($password_url, $no_access_url));
// check for passwords
if (!$this->evaluatePassword($url)) {
URL::redirect(URL::appendGetVariable($form_url, $return_variable, $current_url), 302);
exit;
}
// we're good
return true;
} elseif (isset($scheme['ip_address'])) {
// this is an IP-address-check
if (!$this->evaluateIP($url)) {
URL::redirect($no_access_url, 302);
exit;
}
} else {
try {
// are we going to allow or deny people?
if (isset($scheme['allow']) && is_array($scheme['allow'])) {
$type = 'allow';
$rules = $scheme['allow'];
} elseif (isset($scheme['deny']) && is_array($scheme['deny'])) {
$type = 'deny';
$rules = $scheme['deny'];
} else {
throw new Exception('The `_protect` field is set for [' . $data['url'] . '](' . $data['url'] . '), but the configuration given could not be parsed. For caution’s sake, *everyone* is being blocked from this content.');
}
// if $require_member is true, do a check up-front to see if
// this user is currently logged in
if ($require_member && !Auth::isLoggedIn()) {
URL::redirect(URL::appendGetVariable($login_url, $return_variable, $current_url), 302);
exit;
}
// parse the rules
foreach ($rules as $key => $value) {
if ($this->tasks->evaluateRule($key, $value)) {
$match = true;
break;
}
}
// send to no access page if user didn't match and needed to, or did and shouldn't have
if (!$match && $type === 'allow' || $match && $type === 'deny') {
URL::redirect($no_access_url, 302);
exit;
}
} catch (\Slim\Exception\Stop $e) {
throw $e;
} catch (Exception $e) {
// something has gone wrong, log the message
Log::error($e->getMessage(), "api", "security");
// always return false
URL::redirect($no_access_url, 302);
}
}
}
/**
* Evaluates a rule
*
* @param string $rule Type of rule
* @param mixed $value Value to evaluate for the rule
* @return bool
*/
public function evaluateRule($rule, $value)
{
$member = Auth::isLoggedIn() ? Auth::getCurrentMember() : new Member(array());
if ($rule === '_any') {
// this is an "any" grouping
foreach ($value as $sub_rule) {
reset($sub_rule);
$key = key($sub_rule);
if ($this->evaluateRule(key($sub_rule), $sub_rule[$key])) {
return true;
}
}
return false;
} elseif ($rule === '_none') {
// this is a "none" grouping
foreach ($value as $sub_rule) {
reset($sub_rule);
$key = key($sub_rule);
if ($this->evaluateRule(key($sub_rule), $sub_rule[$key])) {
return false;
}
}
return true;
} elseif ($rule === '_all') {
// this is an "all" grouping
foreach ($value as $sub_rule) {
reset($sub_rule);
$key = key($sub_rule);
if (!$this->evaluateRule(key($sub_rule), $sub_rule[$key])) {
return false;
}
}
return true;
} elseif ($rule === '_addon') {
// this is an add-on API call
// grab add-on definition
$method = array_get($value, 'method', null);
$comparison = array_get($value, 'comparison', '==');
$parameters = array_get($value, 'parameters', array());
$error = array_get($value, 'error', null);
$value = array_get($value, 'value', null);
// split method
$method_parts = explode(':', $method, 2);
// were definitions valid?
if (!$method || count($method_parts) !== 2 || !is_array($parameters)) {
return false;
}
// load API
try {
$api = Resource::loadAPI($method_parts[0]);
// can this method be called?
if (!is_callable(array($api, $method_parts[1]), false)) {
return false;
}
// get the result of calling the method
$result_value = call_user_func_array(array($api, $method_parts[1]), $parameters);
// now compare the expected value with the actual value
$result = $this->compareValues($value, $result_value, $comparison);
// set optional user error
if (!$result && $error) {
$this->flash->set('error', $error);
}
return $result;
} catch (Exception $e) {
// something went wrong, this fails
rd($e->getMessage());
return false;
}
} elseif ($rule === '_field') {
// this is a complex field match
// grab field definitions
$field = array_get($value, 'field', null);
$comparison = array_get($value, 'comparison', '==');
$value = array_get($value, 'value', null);
// were definitions valid?
if (!$field) {
return false;
}
return $this->compareValues($value, $member->get($field, null), $comparison);
} elseif ($rule === '_logged_in') {
// this is checking if member is logged in
return Auth::isLoggedIn() === $value;
} elseif ($rule === '_ip_address') {
// this is one or more IP address
return $this->compareValues(Helper::ensureArray($value), Request::getIP(), '==');
} else {
// this is a simple field match
return $this->compareValues($value, $member->get($rule, null), '==');
}
}
<?php
if (!Auth::isLoggedIn()) {
// user is not logged in
?>
<aside class="wrapper-signin hidden-xs">
<div class="remove-signin">
<span class="glyphicon glyphicon-remove" aria-hidden="true"></span>
</div>
<button id="switch-signin" class="btn btn-sm btn-default"><?php
echo I18n::t('text.signin');
?>
</button>
<form class="form-signin" action="<?php
echo ROOT_DIR;
?>
login" method="post">
<h2 class="form-signin-heading"><?php
echo I18n::t('text.signin');
?>
</h2>
<label for="inputEmail" class="sr-only"><?php
echo I18n::t('text.email');
?>
</label>
<input name="email" type="email" id="inputEmail" class="form-control" placeholder="<?php
echo I18n::t('text.email');
?>
" required="" autofocus="">
<label for="inputPassword" class="sr-only"><?php
//SCRIPT FILES declarations
define('SPT_FUNCTION_BASE', DIR_AJAX_INC . 'function.base.php');
//include different config base file according to query string "config"
$configBaseFileName = 'config.base.php';
if (CONFIG_QUERY_STRING_ENABLE && !empty($_GET['config']) && file_exists(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'config.' . secureFileName($_GET['config']) . ".php") {
$configBaseFileName = 'config.' . secureFileName($_GET['config']) . ".php";
}
require_once dirname(__FILE__) . DIRECTORY_SEPARATOR . $configBaseFileName;
require_once DIR_AJAX_LANGS . CONFIG_LANG_DEFAULT . ".php";
require_once DIR_AJAX_INC . "function.base.php";
require_once dirname(__FILE__) . DIRECTORY_SEPARATOR . "class.session.php";
$session = new Session();
$auth = new Auth();
if (CONFIG_ACCESS_CONTROL_MODE == 1) {
//access control enabled
if (!$auth->isLoggedIn() && strtolower(basename($_SERVER['PHP_SELF']) != strtolower(basename(CONFIG_LOGIN_PAGE)))) {
//
header('Location: ' . appendQueryString(CONFIG_LOGIN_PAGE, makeQueryString()));
exit;
}
}
addNoCacheHeaders();
//URL Declartions
define('CONFIG_URL_IMAGE_PREVIEW', 'ajax_image_preview.php');
define('CONFIG_URL_CREATE_FOLDER', 'ajax_create_folder.php');
define('CONFIG_URL_DELETE', 'ajax_delete_file.php');
define('CONFIG_URL_HOME', 'ajaxfilemanager.php');
define("CONFIG_URL_UPLOAD", 'ajax_file_upload.php');
define('CONFIG_URL_PREVIEW', 'ajax_preview.php');
define('CONFIG_URL_SAVE_NAME', 'ajax_save_name.php');
define('CONFIG_URL_IMAGE_EDITOR', 'ajax_image_editor.php');
public function moveToDcCells($request)
{
$data = array();
foreach ($request['products'] as $moveProduct) {
$errors = 0;
$moveProduct['user_id'] = Auth::isLoggedIn();
$entity = EntityFactory::loadEntity('ProductsFactored');
$moveProduct['product_factored_id'] = $entity->getFactoredProduct($moveProduct['product_id'], $moveProduct['products_part']);
// Пересчитываем кол-во в килограммы. Все остатки хранятся в кг.
$entity = EntityFactory::loadEntity('MeasureRates');
$quantityKg = $moveProduct['quantity'];
if ($moveProduct['measure_id'] != KG_MEASURE) {
if ($moveProduct['measure_id'] == GM_MEASURE || $moveProduct['measure_id'] == TN_MEASURE) {
$product = 0;
} else {
$product = $moveProduct['product_id'];
}
$quantityKg = $entity->getRatedValue($moveProduct['measure_id'], KG_MEASURE, $product, $moveProduct['quantity']);
}
$entity = EntityFactory::loadEntity('Remainders', 'dc');
$currentRemainder = $entity->getCurrentRemainder($moveProduct['product_factored_id'], $moveProduct['dc_id']);
if ($currentRemainder < $quantityKg) {
$errors++;
$msg = 'Ошибка перемещения. Доступный остаток: ' . $currentRemainder . 'кг.';
}
if ($errors == 0) {
$entity = EntityFactory::loadEntity('DcCells');
$freeArea = $entity->getCellFreeArea($moveProduct['dc_cell_id']);
// Получаем кол-во поддонов на основании остатков. Остаток всегда в кг
$entity = EntityFactory::loadEntity('MeasureRates');
$m2 = ceil($entity->getRatedValue(KG_MEASURE, P_MEASURE, $moveProduct['product_id'], $quantityKg));
if ($freeArea < $m2) {
$errors++;
$msg = 'Ошибка перемещения. Недостаточно свободного места. (Свободно: ' . $freeArea . 'м²)';
}
}
if ($errors == 0) {
$entity = EntityFactory::loadEntity('Remainders', 'dc');
$result = $entity->decreaseReminder($moveProduct);
if (!$result) {
$errors++;
$msg = 'Ошибка перемещения.';
} else {
$entity = EntityFactory::loadEntity('Remainders', 'dcCells');
$result = $entity->increaseReminder($moveProduct);
if (!$result) {
$errors++;
$msg = 'Ошибка перемещения.';
} else {
$msg = $moveProduct['quantity'] . ' ';
$msg .= $moveProduct['measure_short_title'] . ' ';
$msg .= $moveProduct['product_title'] . ' [' . $moveProduct['group_title'] . '] ';
$msg .= 'успешно перемещено в ';
$cellTitle = substr($moveProduct['dc_cell_title'], 0, strpos($moveProduct['dc_cell_title'], ' ('));
$msg .= $cellTitle . ' [' . $moveProduct['dc_store_title'] . '] ';
}
}
}
if ($errors > 0) {
$data['is_error'] = true;
} else {
$data['is_error'] = false;
}
$data['messages'][] = $msg;
}
return $data;
}
