PHP Core_Security Examples

Example #1

File: Session.php Project: bozhich/PHP-on-Rails

 public function indexAction()
 {
     if ($this->getRequest()->getPost('user') == '' || $this->getRequest()->getPost('pass') == '') {
         $this->getResponse()->setStatus(0)->setBody(__('Enter username and password'))->toJson();
     }
     /*if (!Core_LinkExploit::checkOnce($this->getRequest()->getPost('token'), 'login')) {
     			$this->getResponse()->setStatus(0)->setBody(__('Invalid Data Submitted'))->toJson();
     		}*/
     $user_rs = Admin_UsersModel::get(array('user' => $this->getRequest()->getPost('user'), 'password' => Core_Security::generate($this->getRequest()->getPost('pass'))));
     if (!$user_rs) {
         $this->getResponse()->setStatus(0)->setBody(__('Wrong username and/or password'))->toJson();
     }
     // now login the user
     if (Admin_UsersHelper::login($user_rs->id)) {
         $this->getResponse()->setStatus(1)->toJson();
     }
 }

Example #2

File: Users.php Project: bozhich/PHP-on-Rails

 public function createAction()
 {
     $email = strtolower($this->getRequest()->getPost('email'));
     if (!Core_Check::email($email)) {
         $this->getResponse()->setStatus(0)->setBody(__('invalid email'))->toJson();
     }
     $pass = $this->getRequest()->getPost('pass');
     if (!Core_Check::password($pass)) {
         $this->getResponse()->setStatus(0)->setBody(__('password must be at least %1$s characters long', cfg()->min_pass_lenght))->toJson();
     }
     $user = $this->getRequest()->getPost('user');
     if (!Core_Check::user($user)) {
         $this->getResponse()->setStatus(0)->setBody(__('invalid user'))->toJson();
     }
     $all_roles = Admin_RolesModel::getAll(array());
     $role_id = $this->getRequest()->getPost('role');
     $valid_role = false;
     foreach ($all_roles as $role_row) {
         if ($role_id == $role_row->id) {
             $valid_role = true;
         }
     }
     if (!$valid_role) {
         $this->getResponse()->setStatus(0)->setBody(__('invalid role'))->toJson();
     }
     $insert_data = array('user' => strip_tags(strtolower($this->getRequest()->getPost('user'))), 'email' => strip_tags(strtolower($this->getRequest()->getPost('email'))), 'role_id' => $this->getRequest()->getPost('role'), 'password' => Core_Security::generate($this->getRequest()->getPost('pass')), 'company' => $this->getRequest()->getPost('company'));
     if ($insert_data['user'] == '' || $insert_data['email'] == '' || $insert_data['role_id'] == '') {
         $this->getResponse()->setStatus(0)->setBody(__('invalid data submited. Username, Email and Role are mandatory'))->toJson();
     }
     if (!Admin_UsersModel::tryAdd($insert_data)) {
         $this->getResponse()->setStatus(0)->setBody(__('duplicate user or email'))->toJson();
     }
     $this->getResponse()->setStatus(1)->setBody(__('user added'))->toJson();
 }