/**
* Authentication & authorization middleware for routes
*
* Checks if User is signed in & has required privileges. Otherwise redirects to login page
*
* @param int $minRole Minimum required User role
*
* @return callable
*/
function authForRole($minRole)
{
return function () use($minRole) {
$app = Slim\Slim::getInstance();
$auth = new Auth();
$signedIn = $auth->checkSession();
if (!$signedIn) {
$app->flash('error', 'Sign in required');
$app->redirect('/signin');
} else {
$user = unserialize($_SESSION['User']);
switch ($minRole) {
case User::ADMIN:
if (in_array($user['role'], [User::ADMIN])) {
return;
}
break;
case User::EXTENDED:
if (in_array($user['role'], [User::ADMIN, User::EXTENDED])) {
return;
}
break;
case User::NORMAL:
if (in_array($user['role'], [User::ADMIN, User::EXTENDED, User::NORMAL])) {
return;
}
break;
}
$app->flash('error', 'You are not authorized to view this page');
$app->redirect('/signin');
}
};
}
public function getLinkAttribute()
{
$name = 'shw' . substr($this->attributes['contenible_type'], 0, 7);
$attr = ['id' . substr($this->attributes['contenible_type'], 0, 3) => $this->attributes['contenible_id']];
$app = Slim\Slim::getInstance();
return $app->request->getUrl() . $app->urlFor($name, $attr);
}
function updateGroup($id)
{
$app = Slim\Slim::getInstance();
$json = decodeJsonOrFail($app->request->getBody());
$group = Group::findOrFail($id);
$group->update($json);
echo $group->toJson();
}
function createUser()
{
$app = Slim\Slim::getInstance();
$json = decodeJsonOrFail($app->request->getBody());
$user = new User($json);
$user->save();
echo $user->toJson();
}
function showError(Exception $e)
{
$app = Slim\Slim::getInstance();
if (is_a($e, 'Illuminate\\Database\\Eloquent\\ModelNotFoundException')) {
$app->halt(404, json_encode(array('message' => 'Not found')));
}
$app->halt(500, json_encode(array('message' => $e->getMessage())));
}
function get_slug($id = 0)
{
if ($id == 0) {
$app = Slim\Slim::getInstance();
return $app->request()->getResourceUri();
}
$page = api\Controller\PageController::getPage($id);
return $page->slug;
}
function addBook()
{
$request = Slim\Slim::getInstance()->request();
$body = $request->getBody();
$newBook = json_decode($body);
$db = getConnection();
$books = $db->books;
$books->insert($newBook);
}
public function getObjetoLinkAttribute()
{
if ($this->attributes['objeto_id']) {
$name = 'shw' . substr($this->attributes['objeto_type'], 0, 7);
$attr = ['id' . substr($this->attributes['objeto_type'], 0, 3) => $this->attributes['objeto_id']];
$app = Slim\Slim::getInstance();
return $app->request->getUrl() . $app->urlFor($name, $attr);
} else {
return '';
}
}
public function avatarUrlFunction($type, $hash, $size)
{
switch ($type) {
case 1:
return 'http://www.gravatar.com/avatar/' . $hash . '?d=identicon&s=' . $size;
case 2:
return 'http://graph.facebook.com/' . $hash . '/picture?width=' . $size;
default:
return Slim\Slim::getInstance()->request()->getRootUri() . '/img/usuario/' . $hash . '/' . $size . '.png';
}
}
function error()
{
$app = Slim\Slim::getInstance();
dbConn::close_connection();
// Close the connection to the MySQL database
mongoConn::close_connection();
// Close the connection to the NoSQL database
// remove all session variables
session_unset();
// destroy the session
session_destroy();
// Show the error
$error = array("error" => "Unauthorised Access. Please Login to use this site.");
$app->render('../api/resources/error.php', array('myerror' => $error));
}
function sendMessageToGroup($id)
{
$app = Slim\Slim::getInstance();
$group = Group::findOrFail($id);
$json = decodeJsonOrFail($app->request->getBody());
if (!isset($json['from'])) {
$json['from'] = null;
}
if (!isset($json['from_user_id'])) {
$json['from_user_id'] = null;
}
$message = new Message($json);
$message->group()->associate($group);
$message->save();
echo $message->toJson();
}
public function __construct()
{
$this->app = Slim\Slim::getInstance();
$this->data = array();
/** default title */
$this->data['title'] = '';
/** meta tag and information */
$this->data['meta'] = array();
/** queued css files */
$this->data['css'] = array('internal' => array(), 'external' => array());
/** queued js files */
$this->data['js'] = array('internal' => array(), 'external' => array());
/** prepared message info */
$this->data['message'] = array('error' => array(), 'info' => array(), 'debug' => array());
/** global javascript var */
$this->data['global'] = array();
/** base dir for asset file */
$this->data['baseUrl'] = $this->baseUrl();
$this->data['assetUrl'] = $this->data['baseUrl'] . 'assets/';
$this->loadBaseCss();
$this->loadBaseJs();
}
function resetPassword()
{
// Globals:
global $db;
global $noerrors;
global $user;
// Errors:
if ($noerrors != 0) {
echo json_encode(array("result" => "failed", "message" => "Database Connection"));
return;
}
$request = Slim\Slim::getInstance()->request();
$body = $request->getBody();
$jsonData = json_decode($request->getBody());
$hashcode = '';
$newPassword = '';
if (isset($jsonData->hashcode)) {
$hashcode = $jsonData->hashcode;
}
if (isset($jsonData->newPassword)) {
$newPassword = $jsonData->newPassword;
}
// Is email valid
// Server Side Validation
$errors = array();
if ($hashcode == '') {
$errors[] = "Hashcode Required";
}
if ($newPassword == '') {
$errors[] = "Password Required";
}
if (strlen($newPassword) < 6) {
$errors[] = "Password must be at least 6 characters";
}
// If validation errors exist - display errors
if (COUNT($errors) > 0) {
$errorMessage = array();
$errorMessage["result"] = 'Failed';
$errorMessage["message"] = 'validation';
$errorMessage["errorsFound"] = COUNT($errors);
$errorMessage["errors"] = array();
foreach ($errors as $error) {
$errorMessage["errors"][] = $error;
}
echo json_encode($errorMessage);
return;
}
// Find account
$findAccount = $db->prepare("SELECT * FROM `users` a INNER JOIN `hash_codes` b ON b.userID = a.userID WHERE b.code = :hashcode AND b.type= 'password'");
$findAccount->bindParam(":hashcode", $hashcode);
$findAccount->execute();
// If account does not exist
if ($findAccount->rowCount() != 1) {
echo json_encode(array("result" => "failed", "message" => "Account doesn't exist"));
return;
}
// Create hash code
$fetchAccount = $findAccount->fetch();
$userID = $fetchAccount['userID'];
$password = $newPassword;
$salt = bin2hex(openssl_random_pseudo_bytes(24, $cstrong));
$securePassword = hash('sha256', $salt . $password, false);
// Update account and delete hashcodes
$db->beginTransaction();
$sqlErrors = 0;
// Update User
$updateAccount = $db->prepare("UPDATE `users` SET `password`= :password, `salt` = :salt WHERE `userID` = :userID");
$updateAccount->bindParam(":password", $securePassword);
$updateAccount->bindParam(":salt", $salt);
$updateAccount->bindParam(":userID", $userID);
if (!$updateAccount->execute()) {
$sqlErrors++;
}
//Remove hashcodes password only
$removeCodes = $db->prepare("DELETE FROM `hash_codes` WHERE `userID` = :userID AND `type` ='password'");
$removeCodes->bindParam(":userID", $userID);
if (!$removeCodes->execute()) {
$sqlErrors++;
}
if ($sqlErrors == 0) {
$db->commit();
echo json_encode(array("result" => "Successful"));
return;
} else {
$db->rollBack();
echo json_encode(array("result" => "Failed", "message" => "Database Error"));
return;
}
}
<?php
$app = Slim\Slim::getInstance();
if (isset($_SESSION['role'])) {
if ($_SESSION['role'] == 1) {
$pagename = "Reports - Top Region";
include 'view/header_dash.php';
?>
<!doctype html>
<body>
<header id="header">
<hgroup>
<h1 class="site_title">Bank of Rory - <a href="../../dashboard/admin/<?php
echo $_SESSION['user_id'];
?>
">Dashboard</a></h1>
<h2 class="section_title"> </h2><div class="btn_view_site"><a href="../../dashboard/user_details/<?php
echo $_SESSION['user_id'];
?>
"><?php
echo $_SESSION['fname'] . ' ' . $_SESSION['lname'];
?>
</a></div>
</h2><div class="btn_view_site"><a href="../../logout">Log Out</a></div>
</hgroup>
</header> <!-- end of header bar -->
<section id="secondary_bar">
<div class="user">
</div>
<div class="breadcrumbs_container">
<?php
include 'db.php';
require 'vendor/autoload.php';
$app = new \Slim\Slim();
$app->get('/hello/:name', function ($name) {
echo "Hello, {$name}";
});
$app->post("/insertUser", function () use($app) {
$request = Slim\Slim::getInstance()->request();
$data = $request->params();
insertUser($data);
$response['status'] = "success";
$response['message'] = "Record Inserted Successfully";
echo json_encode($response);
});
function insertUser($data)
{
$name = $data['name'];
$mobile = $data['mobile'];
$email = $data['email'];
$message = $data['message'];
$sql = "INSERT INTO user (name, mobile, email, message) VALUES ('{$name}','{$mobile}','{$email}','{$message}')";
try {
$db = getDB();
$stmt = $db->prepare($sql);
$stmt->bindParam("name", $name);
$stmt->bindParam("mobile", $mobile);
$stmt->bindParam("email", $email);
$stmt->bindParam("message", $message);
$stmt->execute();
function postDelete($value)
{
$app = Slim\Slim::getInstance();
$db = dbConn::getConnection();
$user_details = getAccount($value);
$request = $app->request();
$ticket_id = $request->post('ticket_id');
$db_mongo_coll = mongoConn::getConnection();
// remove a ticket with a chosen id
$db_mongo_coll->remove(array('_id' => new MongoId($ticket_id)), true);
$user_tickets = $db_mongo_coll->find()->sort(array('_id' => -1));
$app->render('../api/resources/view_all_tickets.php', array('user' => $user_details, 'tickets' => $user_tickets));
}
function getSlimRequest()
{
$app = Slim\Slim::getInstance();
$util = new web_util();
$value = $util->readContentFormRequest($app->request());
return $value;
}
function addUser()
{
global $db;
global $noerrors;
// If database connect details are incorrect
if ($noerrors != 0) {
echo json_encode(array("result" => "Failed", "error" => "No connection"));
return;
}
$request = Slim\Slim::getInstance()->request();
$body = $request->getBody();
$jsonData = json_decode($request->getBody());
// Store values from JSON OBject
if (isset($jsonData->first_name)) {
$firstName = $jsonData->first_name;
} else {
$firstName = '';
}
if (isset($jsonData->last_name)) {
$lastName = $jsonData->last_name;
} else {
$lastName = '';
}
if (isset($jsonData->email)) {
$email = $jsonData->email;
} else {
$email = '';
}
if (isset($jsonData->username)) {
$username = $jsonData->username;
} else {
$username = '';
}
if (isset($jsonData->password)) {
$password = $jsonData->password;
} else {
$password = '';
}
// Server Side Validation
$errors = array();
if ($firstName == '') {
$errors[] = "First Name Required";
}
if ($lastName == '') {
$errors[] = "Last Name Required";
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$errors[] = "Valid Email Required";
}
if ($username == '') {
$errors[] = "Username Required";
}
if ($password == '') {
$errors[] = "Password Required";
}
// If validation errors exist - display errors
if (COUNT($errors) > 0) {
$errorMessage = array();
$errorMessage["result"] = "Failed";
$errorMessage["message"] = "Failed validation";
$errorMessage["errorsFound"] = COUNT($errors);
$errorMessage["errors"] = array();
foreach ($errors as $error) {
$errorMessage["errors"][] = $error;
}
echo json_encode($errorMessage);
return;
}
// Check if email already exists
$emailQ = $db->prepare("SELECT * FROM `users` WHERE `email` = :email");
$emailQ->bindParam(':email', $email);
$emailQ->execute();
if ($emailQ->rowCount() > 0) {
echo json_encode(array("result" => "Failed", "message" => "Email already exists"));
return;
}
// Check if username already exists
$usernameQ = $db->prepare("SELECT * FROM `users` WHERE `username` = :username");
$usernameQ->bindParam(':username', $username);
$usernameQ->execute();
if ($usernameQ->rowCount() > 0) {
echo json_encode(array("result" => "Failed", "message" => "Username already exists"));
return;
}
/* ALL VALIDATION HAS PASSED*/
// Generate Salt and Hash Password
$insecurepassword = $jsonData->password;
$salt = bin2hex(openssl_random_pseudo_bytes(24, $cstrong));
$password = hash('sha256', $salt . $insecurepassword, false);
// INSERT SQL STATEMENT
$insertQuery = "INSERT INTO `users`(`dateJoined`, `first_name`, `last_name`, `email`, `username`, `password`, `salt`) VALUES (CURDATE(), :first_name, :last_name, :email, :username, :password, :salt)";
$q = $db->prepare($insertQuery);
$q->bindParam(':first_name', $firstName);
$q->bindParam(':last_name', $lastName);
$q->bindParam(':email', $email);
$q->bindParam(':username', $username);
$q->bindParam(':password', $password);
$q->bindParam(':salt', $salt);
// JSON Message Array
$jsonMessage = array();
// If insert execute is successful
if ($q->execute()) {
// Get Last Insert ID
$userID = $db->lastInsertId();
/* Create and store hash code and email activation link to new user*/
// Create Hash code and store in hash_codes Table
$hashcode = bin2hex(openssl_random_pseudo_bytes(16, $cstrong));
$h = $db->prepare("INSERT INTO `hash_codes`(`type`, `code`, `userID`) VALUES ('activation',:code,:userID)");
$h->bindParam(':userID', $userID);
$h->bindParam(':code', $hashcode);
$h->execute();
$subject = 'Activate your account';
/* Body of Email */
$body = "<p>Dear " . $firstName . "</p><p>Thank you for signing up for Managers Companion. Before you get started you will need to confirm your email. To do this click the link below.</p>";
$body .= '<p><a href="https://192.169.1.2/scripts/activate/' . $hashcode . '">Activate My Account</a></p>';
$body .= '<p>All the best and good luck<br><br>Managers Companion</p>';
// Send Activation Email
//$html = generateEmailHTML($subject,$subject,$body);
sendEmail($jsonData->email, $subject, $body);
// Return Success Message
$jsonMessage["result"] = "successful";
$jsonMessage["userID"] = $userID;
// SET SESSION STORAGE
$_SESSION['userID'] = $userID;
} else {
// Return unsuccessful json message
$jsonMessage["result"] = "Failed";
$jsonMessage["message"] = "Database Failed";
}
// echo JSON Message
echo json_encode($jsonMessage);
}
/**
* Initialize with Slim framework instance
*/
public function __construct()
{
$this->slim = Slim\Slim::getInstance();
}
<meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="description" content="<?php echo Slim\Slim::getInstance()->getName(); ?> "> <meta name="author" content="Sarfraz Ahmed"> <title><?php echo $title; ?> </title> <link rel="shortcut icon" href="/favicon.ico"/> <link rel="shortcut icon" href="<?php echo $root; ?> /favicon.ico"/> <link href="<?php echo $root; ?> /assets/css/bootstrap.min.css" rel="stylesheet"> <link href="<?php echo $root; ?> /assets/font-awesome-4.1.0/css/font-awesome.min.css" rel="stylesheet"> <link href="<?php echo $root; ?>
function updateWashingTime($car_id, $id)
{
$request = Slim\Slim::getInstance()->request();
$washing_time = WashingTime::find($id);
$washing_time_getbody = json_decode($request->getBody());
$washing_time->dateWT = $washing_time_getbody->dateWT;
$washing_time->timeWT = $washing_time_getbody->timeWT;
$washing_time->locationWT = $washing_time_getbody->locationWT;
$washing_time->statusWT = $washing_time_getbody->statusWT;
$washing_time->washing_categories_idWC = $washing_time_getbody->washing_categories_idWC;
$washing_time->cars_idC = $washing_time_getbody->cars_idC;
$washing_time->save();
echo $washing_time;
}
function dmdHeaderRDF(){
$app = Slim\Slim::getInstance();
ob_start();
$project = $_SESSION['project'];
$format = $_SESSION['format'];
$mimeType = array(
'xml' => 'text/xml',
'rdfxml' => 'application/rdf+xml',
'jsonld' => 'application/ld+json',
'turtle' => 'text/turtle',
'ntriples' => 'application/n-triples'
);
if(!array_key_exists($format, $mimeType)){
$app->flash('error', '指定された出力形式が不正です。');
throw new RuntimeException('指定された出力形式が不正です。');
}
$created = getYmd($project['dct:created']);
if(!empty($project['dct:license'])){
$license_uri = getLincenseURI($project['dct:license'], $app->config('license'));
}else{
$license_uri = '';
}
$dataName = 'convertedData.' . $format;
$dataType = $mimeType[$format];
?>
@prefix owl: <http://www.w3.org/2002/07/owl#>.
@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>.
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>.
@prefix xsd: <http://www.w3.org/2001/XMLSchema#>.
@prefix dcterms: <http://purl.org/dc/terms/>.
@prefix adms: <http://www.w3.org/ns/adms#>.
@prefix dcat: <http://www.w3.org/ns/dcat#>.
@prefix dmd: <http://imi.ipa.go.jp/ns/dmd#>.
<http://example.org/imins/<?php echo $project['_id']; ?>> a adms:Asset ;
dcterms:type dmd:DataModelDescription ;
dcterms:issued "<?php echo $created; ?>"^^xsd:date ;
dcterms:description "<?php if(!empty($project['dct:description'])){ echo htmlspecialchars($project['dct:description']); }?>"@ja ;
dcterms:publisher "<?php echo htmlspecialchars($project['dct:creator']); ?>"@ja ;
dcterms:title "<?php echo htmlspecialchars($project['rdfs:label']); ?>"@ja ;
dcterms:license <<?php echo $license_uri; ?>> ;
dcat:distribution <header.ttl> ;
dcat:distribution <header.xml> ;
dcat:distribution <schema.xsd> ;
dcat:distribution <mapping.json> ;
dcat:distribution <<?php echo $dataName; ?>> .
<header.ttl> a adms:AssetDistribution ;
dcat:mediaType "text/turtle" .
<header.xml> a adms:AssetDistribution ;
dcat:mediaType "text/xml" .
<schema.xsd> a adms:AssetDistribution ;
dcat:mediaType "text/xml" .
<mapping.json> a adms:AssetDistribution ;
dcat:mediaType "application.json" .
<<?php echo $dataName; ?>> a adms:AssetDistribution ;
dcat:mediaType "<?php echo $dataType; ?>" .
<?php
$rdf = ob_get_contents();
ob_end_clean();
return $rdf;
}
function wakeWatchdog($url)
{
$parts = parse_url($url);
$fp = fsockopen($parts['host'], isset($parts['port']) ? $parts['port'] : 80, $errno, $errstr, 30);
if ($fp == 0) {
$app = Slim\Slim::getInstance();
$log = $app->getLog();
$log->warn("Couldn't open a socket to " . $url);
return;
}
$out = "GET " . $parts['path'] . " HTTP/1.1\r\n";
$out .= "Host: " . $parts['host'] . "\r\n";
$out .= "Content-Type: application/json\r\n";
$out .= "Connection: Close\r\n\r\n";
//$log->info("Sending " . $out);
fwrite($fp, $out);
fclose($fp);
}
function removeFromFavourite($id)
{
$request = Slim\Slim::getInstance()->request();
$id = intval($id);
$contact = array(CONTACTS::IS_FAVOURITE => false);
$query = new QueryHandler();
$response = $query->updateContact($id, $contact);
echoRespnse($response);
}
