Pre-processes global input data for security
/**
* Validate that the given username and password are valid
*
* @param string $user Username
* @param string $pass Password
* @param boolean $isMd5 Flag to indicate whether incoming password
* is plaintext or md5
*
* @return boolean
*/
public function validate($user, $userPass, $isMd5 = false, CI_Input $input = null)
{
$ret = $this->getUserByUsername($user);
// make sure we're using an md5 format, passwords are hashed md5s (yes, really)
$pass = $isMd5 ? $userPass : md5($userPass);
// did we get a row and do the passwords match?
if (isset($ret[0])) {
if (password_verify($pass, $ret[0]->password)) {
return true;
} else {
// may be the password in the database was stored when CI's
// global_xss_filtering was set to true. We can only test for
// this if the password passed in was not md5'd.
if (false === $isMd5) {
$pass = $input->xss_clean($userPass);
$pass = md5($pass);
if (password_verify($pass, $ret[0]->password)) {
// it was! Let's store the actually $userPass
$password = password_hash(md5($userPass), PASSWORD_DEFAULT);
$this->db->where('username', $user);
$this->db->update('user', array('password' => $password));
return true;
}
}
}
}
return false;
}
public function index()
{
$this->load->view('layout/header');
$error = $this->session->flashdata('message');
$this->load->view('element/message', ['success' => $error]);
$filter = $this->input->get(['from', 'till', 'groups']);
$from = $filter['from'] ?: date('Y-m-01', strtotime('-1 month'));
$till = $filter['till'] ?: date('Y-m-t');
$responseData = [];
$step = 500;
$offset = 0;
do {
$response = $this->moneyzaurus->transactionsList($offset, $step, $from, $till, null, null, null);
if ($response['code'] == 200 && $response['data']['success']) {
$count = $response['data']['count'];
$responseData = array_merge($responseData, $response['data']['data']);
$offset += $step;
} else {
break;
}
} while ($count >= $step);
$filterGroups = $filter['groups'] ?: [];
$data = $this->prepareChartData($responseData, $filterGroups, $from, $till);
$this->load->view('page/chart', ['data' => $data, 'from' => $from, 'till' => $till]);
$this->load->view('layout/footer');
}
public function __construct()
{
parent::__construct();
$this->load->model('user_model');
$this->load->helper('url_helper');
$input = new CI_Input();
$this->params = array_merge($input->get(), $input->post());
$this->checkLogin();
}
function employee_login(CI_Input $input)
{
$ci = get_instance();
$ci->load->model('Employees');
$result = $ci->Employees->employee_login($input->post('employeenumber'), $input->post('password'));
if (isset($result) && count($result) != 0) {
$ci->session->set_userdata(array('employeenumber' => $result[0]->EmployeeNumber, 'campaignid' => $result[0]->Campaignid, 'department' => $result[0]->Department, 'positionid' => $result[0]->PositionID));
employee_redirect($result[0]->Department);
} else {
return "Employee is either inactive or does not exist.";
}
}
public function __construct()
{
parent::__construct();
//$this->load = load_class('Loader', 'core');
//$this->load->initialize();
$this->load->model('user_model');
//$/this->load->helper('url_helper');
//$this->user_model = new User_Model();
//load_class('');
$input = new CI_Input();
$this->params = array_merge($input->get(), $input->post());
}
private function processResponseData(array $response)
{
if (!$this->input->is_ajax_request()) {
redirect('/');
}
$this->output->set_content_type('application/json');
if ($response['code'] == 200) {
if ($response['data']['success']) {
$this->output->set_output(json_encode($response['data']['data']));
}
}
}
public function index()
{
$items = $this->input->post('items');
$data = $this->vaola->prepareData($items);
try {
$this->vaola->sync($data);
$message = 'Saved';
} catch (\Exception $exc) {
$message = $exc->getMessage();
}
$args = ['message' => $message, 'boxes' => count($data)];
$this->load->view('layout/header.php');
$this->load->view('page/save', $args);
$this->load->view('layout/footer.php');
}
public function index()
{
$this->load->view('layout/header');
$error = $this->session->flashdata('message');
$this->load->view('element/message', ['success' => $error]);
$offset = 0;
$limit = 100;
$filter = $this->input->get(['item', 'group', 'price', 'from', 'till']);
$response = $this->moneyzaurus->transactionsList($offset, $limit, $filter['from'], $filter['till'], $filter['item'], $filter['group'], $filter['price'] * 100);
if ($response['code'] == 200) {
if ($response['data']['success']) {
$this->load->view('page/data', ['count' => $response['data']['count'], 'data' => $response['data']['data'], 'filter' => $filter]);
}
}
$this->load->view('layout/footer');
}
function MY_Controller()
{
parent::Controller();
//当前用户信息初始化
$this->load->library('User', null, 'userLib');
$userInfo = $this->userLib->getUserInfo();
$this->user = $userInfo;
if (!$this->user) {
showError($this->userLib->error, '/');
}
/* if (in_array($this->user['userId'], array(694,3767,3868))) {
showError('测试账号禁止进去正式地址');
} */
//加载菜单,全局使用
$this->load->library('Navbar', $this->user);
$this->navbarList = $this->navbar->getNavbarList();
//公告内容
$this->load->model('HelperNoticeModel');
$this->viewData['noticeData'] = $this->HelperNoticeModel->getLatest($this->user['userRole']);
if ($this->viewData['noticeData']) {
$this->navbarList[] = array('Help', 'noticeCheck', 'title' => '公告');
}
//当前选中菜单默认为当前控制器
$this->navbarFocus = $this->input->get('c');
//当前默认选中的菜单项
$this->navChildFocus = $this->input->get('c') . '_' . $this->input->get('m');
//当前主题
$this->theme = $this->config->item('theme');
//加载认证类,全局可以调用
$this->load->library('Auth', $this->user);
//面包屑导航
$this->viewData['breadcrumb'][] = array('url' => printUrl('Main', 'index'), 'title' => '首页');
//加载时段模型
$this->load->model('timeUnitModel');
}
function post($index = '', $xss_clean = FALSE)
{
if($index === '')
return ($_SERVER['REQUEST_METHOD'] === 'POST');
return parent::post($index, $xss_clean);
}
function post($index = '', $xss_clean = FALSE)
{
if ($index === '') {
$return = $_POST ? TRUE : FALSE;
return $return;
}
return parent::post($index, $xss_clean);
}
public function post($index = null, $xss_clean = TRUE)
{
if (!$xss_clean) {
//if asked for raw post data -eg. post('key', false)-, return raw data. Use with caution.
return $this->_POST_RAW[$index];
}
return parent::post($index, $xss_clean);
}
/**
* @param null $index
* @param bool $xss_clean
* @param null $default_value
* @return array|null|string
*/
function get($index = NULL, $xss_clean = FALSE, $default_value = NULL)
{
$ret_val = parent::get($index, $xss_clean);
if ($ret_val === false && isset($default_value)) {
$ret_val = $default_value;
}
return $ret_val;
}
public function register()
{
$data = $this->input->post(['email', 'password']);
$response = $this->moneyzaurus->userRegister($data['email'], $data['password']);
if ($response['code'] == 200) {
if (!$response['data']['success']) {
$this->session->set_flashdata('message', $response['data']['message']);
redirect('');
}
$message = sprintf('Hi %s', $response['data']['data']['email']);
$this->session->set_flashdata('message', $message);
if ($this->loginCustomer($data['email'], $data['password'])) {
redirect('/transaction');
}
}
redirect('');
}
public function post($index = NULL, $xss_clean = NULL, $default_value = NULL)
{
$value = parent::post($index, $xss_clean);
if (empty($value) && $default_value !== NULL) {
$value = $default_value;
}
return $value;
}
public function ajax($function)
{
if (!$this->input->is_ajax_request() || !method_exists($this, $function)) {
show_404();
return false;
}
$this->{$function}();
return true;
}
function post($index = '', $xss_clean = FALSE)
{
// this will be true if post() is called without arguments
if ($index === '') {
return $_SERVER['REQUEST_METHOD'] === 'POST';
}
// otherwise do as normally
return parent::post($index, $xss_clean);
}
function __construct()
{
parent::CI_Input();
/* allow $_GET */
$pos = strrpos($_SERVER['REQUEST_URI'], '?');
$qry = is_int($pos) ? substr($_SERVER['REQUEST_URI'], ++$pos) : '';
parse_str($qry, $_GET);
/* allow $_GET */
}
public function post($index = null, $xss_clean = TRUE)
{
if (!$xss_clean) {
// if asked for raw post data (eg. post('key', false) ) return the raw data.
// this is required for raw password strings that we need to output to the command line
// escaping these strings when they have unusual characters will break the funciton
return $this->_POST_RAW[$index];
}
return parent::post($index, $xss_clean);
}
function MY_Input()
{
parent::__construct();
if ($this->server('REQUEST_METHOD') == 'DELETE') {
parse_str(file_get_contents('php://input'), $this->delete);
$this->delete = $this->_clean_input_data($this->delete);
} elseif ($this->server('REQUEST_METHOD') == 'PUT') {
parse_str(file_get_contents('php://input'), $this->put);
$this->put = $this->_clean_input_data($this->put);
}
}
private function getAllTransactions($months)
{
$filter = $this->input->get(['from', 'till', 'groups']);
$from = $filter['from'] ?: date('Y-m-01', strtotime('-' . (int) $months . ' month'));
$till = $filter['till'] ?: date('Y-m-t');
$responseData = [];
$step = 500;
$offset = 0;
do {
$response = $this->moneyzaurus->transactionsList($offset, $step, $from, $till, null, null, null);
if ($response['code'] == 200 && $response['data']['success']) {
$count = $response['data']['count'];
$responseData = array_merge($responseData, $response['data']['data']);
$offset += $step;
} else {
break;
}
} while ($count >= $step);
return $responseData;
}
/**
* @param $object
* @param $fieldNames
*/
protected function setStringDataFromPost(&$object, $fieldNames)
{
if (isset($this->ModelName) && !is_null($this->ModelName) && $this->ModelName !== '') {
if (is_array($fieldNames) && count($fieldNames) > 0) {
foreach ($fieldNames as $fieldName) {
if (class_exists($this->ModelName) && property_exists($this->ModelName, $fieldName)) {
$value = addslashes($this->security->xss_clean($this->input->post(strtolower($fieldName))));
$object->{'set' . $fieldName}($value);
}
}
}
}
}
public function declineConnection()
{
$id = $this->input->post('id');
$response = $this->moneyzaurus->connectionReject($id);
if ($response['code'] == 200) {
if (!$response['data']['success']) {
$this->session->set_flashdata('message', $response['data']['message']);
} else {
$this->session->set_flashdata('message', 'Connection rejected');
}
}
redirect('/profile');
}
public function delete()
{
$id = $this->input->get('id');
$response = $this->moneyzaurus->transactionsRemove($id);
if ($response['code'] == 200) {
if (!$response['data']['success']) {
$this->session->set_flashdata('message', $response['data']['message']);
} else {
$this->session->set_flashdata('message', 'Deleted');
}
}
redirect('/data');
}
public function __construct()
{
parent::__construct();
$this->raw = file_get_contents('php://input');
if (!empty($this->raw)) {
if ($this->request_method() == 'DELETE') {
$this->delete = $this->_sanitize_request($this->raw);
} else {
if ($this->request_method() == 'put') {
$this->put = $this->_sanitize_request($this->raw);
}
}
}
}
function _sanitize_globals()
{
$ignore_csrf = config_item('csrf_ignore');
if (is_array($ignore_csrf) && count($ignore_csrf)) {
global $URI;
$haystack = $URI->uri_string();
foreach ($ignore_csrf as $needle) {
if (strlen($haystack) >= strlen($needle) && substr($haystack, 0, strlen($needle)) == $needle) {
$this->_enable_csrf = FALSE;
break;
}
}
}
parent::_sanitize_globals();
}
/**
* Added one condition from send $ajax_data parameter to page, if in page there $ajax_data, loaded script.
* This condition was added because script called 2 times, and will now be called 1 times
* @param boolean $ajax_data
* @return rendering page
* @author Max Kavelin
*/
protected function render($template = 'main')
{
$is_admin = $this->ion_auth->is_admin();
$uinfo = $this->users_model->getUsersData($this->ion_auth->get_user_id());
if ($is_admin) {
$this->data['is_admin'] = true;
} else {
$this->load->model('users_model');
if (!empty($uinfo[0]->is_supplier)) {
$this->data['is_supplier'] = true;
} else {
$this->data['is_supplier'] = false;
}
}
$this->data['user_email'] = $uinfo[0]->email;
//save the controller and action names in session
if ($this->save_previous_url) {
$this->session->set_flashdata('previous_controller_name', $this->previous_controller_name);
$this->session->set_flashdata('previous_action_name', $this->previous_action_name);
} else {
$this->session->set_flashdata('previous_controller_name', $this->controller_name);
$this->session->set_flashdata('previous_action_name', $this->action_name);
}
// difference old render and new render function is this condition
if ($this->input->get("ajax", false) == true) {
$this->data['ajax_data'] = true;
//send parameter ajax_data to view page
}
$view_path = $this->controller_name . '/' . $this->action_name . '.php';
//set the path off the view
if (file_exists(APPPATH . 'views/' . $view_path)) {
$this->data['content'] .= $this->load->view($view_path, $this->data, true);
//load the view
}
if ($this->input->get("ajax", false) == true) {
$this->load->view("layouts/ajax.tpl.php", $this->data);
//load the template
} else {
$this->load->view("layouts/{$template}.tpl.php", $this->data);
//load the template
}
}
/**
* parse query string and json in query string
*/
function get($index = NULL, $xss_clean = FALSE)
{
$get = parent::get($index, $xss_clean);
if (is_array($get)) {
array_walk($get, function (&$value) {
if (!is_string($value)) {
throw new Exception('URI params should be string, JSON is supported.', 400);
}
$decoded = json_decode($value, JSON_OBJECT_AS_ARRAY);
!is_null($decoded) && ($value = $decoded);
});
} else {
$decoded = json_decode($get, JSON_OBJECT_AS_ARRAY);
!is_null($decoded) && ($get = $decoded);
}
if (is_null($index) && $get === false) {
$get = array();
}
return $get;
}
/**
* 继承post方法,处理post数组
* 现可如下访问:
* $this->input->post('submit/newcase')
*/
function post($index = NULL, $xss_clean = FALSE)
{
if (is_null($index)) {
return parent::post($index, $xss_clean);
} else {
if (parent::post($index, $xss_clean) !== false) {
return parent::post($index, $xss_clean);
}
$index_array = explode('/', $index);
$post = parent::post($index_array[0], $xss_clean);
for ($i = 1; $i < count($index_array); $i++) {
if (isset($post[$index_array[$i]])) {
$post = $post[$index_array[$i]];
} else {
return false;
}
}
return $post;
}
}
function MY_Controller()
{
parent::Controller();
$this->load->model('timeUnitModel');
$this->load->library('User', null, 'userLib');
$this->user = $this->userLib->getUserInfo();
if (!$this->user) {
showError($this->userLib->error, '/');
}
//加载菜单,全局使用
$this->load->library('Navbar', $this->user);
$this->navbarList = $this->navbar->getNavbarList();
//当前选中菜单默认为当前控制器
$this->navbarFocus = $_GET['c'] . '_' . $_GET['m'];
//当前默认选中的菜单项
$this->navChildFocus = $this->input->get('c') . '_' . $this->input->get('m');
//当前主题
$this->theme = $this->config->item('theme');
//加载认证类,全局可以调用
$this->load->library('Auth', $this->user);
//面包屑导航
$this->viewData['breadcrumb'][] = array('url' => printUrl('Main', 'index'), 'title' => '首页');
}
