/**
* 打卡签到接口
*/
public function pageSignIn()
{
$model = new model_kaoqin();
$mdl_user = new model_user();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$info = $GLOBALS['HTTP_RAW_POST_DATA'];
$data = json_decode($info, true);
$user_id = $condition['user_id'] = $data['user_id'];
if ($this->verifySignIn($user_id, $data['status'])) {
$res = $mdl_user->selectOne($user_id, 'username,nickname');
$condition['username'] = $res['username'];
$condition['nickname'] = $res['nickname'];
$condition['status'] = $data['status'];
$condition['createtime'] = $this->_time;
$condition['createymd'] = $this->_date;
$model->insert($condition);
$lastInsertId = $model->lastInsertId();
if ($lastInsertId) {
$msg = '上班打卡成功';
lib_BaseUtils::jsonp($msg, 1, 0);
} else {
$msg = '上班打卡失败';
lib_BaseUtils::jsonp($msg, 1, 0);
}
} else {
$msg = '抱歉,您已经打过卡了';
lib_BaseUtils::jsonp($msg, 1, 1);
}
}
}
function hapus($var)
{
cek_keamanan(array("admin"));
$this->model("model_user");
$this->model_user->delete($var[model_user::pk()]);
$this->redirect();
}
function new_page()
{
if (isset($_POST) && !empty($_POST)) {
$id = model::factory('page')->add_page($_POST['title'], $_POST['body'], model_user::instance()->getId(), $sim);
header('location: ' . model::factory('renderer')->url('/admin/page/edit/' . $id));
}
$renderer = model::factory('renderer', 'page');
model::factory('renderer')->add_css('/css/form.css');
return model::factory('renderer')->admin_content = $renderer->render('template/admin/page/edit.php');
}
function new_file()
{
// If a form was posted, add a file to the site.
if (isset($_POST) && !empty($_POST)) {
$id = model::factory('file')->add_file($_FILES['file']['name'], $_POST['title'], $_FILES['file']['type'], file_get_contents($_FILES['file']['tmp_name']), model_user::instance()->getId());
// and send user to file list
header('location: ' . model::factory('renderer')->url('/admin/file/'));
}
// if not render an addition form
$renderer = model::factory('renderer', 'post');
model::factory('renderer')->add_css('/css/form.css');
model::factory('renderer')->admin_content = $renderer->render('template/admin/file/edit.php', true);
}
public static function create($request)
{
$firstName = $request['firstName'];
$lastName = $request['lastName'];
$emailId = $request['emailId'];
$facebookId = $request['facebookId'];
$dateOfBirth = $request['dateOfBirth'];
$result = model_user::saveUser($firstName, $lastName, $emailId, $facebookId, $dateOfBirth);
$resultObj = new stdClass();
$resultObj->id = $result['id'];
$resultObj->result = "Success";
return $resultObj;
}
function pageAddUser()
{
$model = new model_user();
$model->set('nickname', '李四');
$model->set('username', 'lisi');
$model->set('pwd', '123456');
$model->set('status', '1');
$model->set('createtime', $this->_time);
$model->set('createymd', $this->_date);
$res = $model->save();
if ($res) {
$this->ShowMsg("用户添加成功");
} else {
$this->ShowMsg("用户添加失败");
}
}
function login()
{
// Check to see if there are any login-attempts
if (isset($_POST) && !empty($_POST)) {
// If there is, initialize a user-model and check username and password against the database.
$user = model_user::instance();
$user->login_by_username_and_password($_POST['username'], $_POST['password']);
//Are we logged in?
if ($user->logged_in()) {
// Yes! Ship the user to adminpanel!
header('location: ' . model::factory('renderer')->url('/admin'));
} else {
// Ha! You wish. Back to where you came from!
header('location: ' . $_SERVER['HTTP_REFERER']);
}
}
// If no login attempt do some cosmetic stuff.
// Set page title using pagename from database.
model::factory('renderer')->title = 'Logga in - ' . model::factory('conf')->get_value('site_name');
// Also provide a short text to tell whether or not the user is logged in or not.
model::factory('renderer')->logged_in = model_user::instance()->logged_in() ? 'inloggad' : 'INTE inloggad';
}
/**
* creates a new ad
* @param array $data
* @param model_user $user
* @return array
*/
public static function new_ad($data, $user)
{
$return_message = '';
$checkout_url = '';
//akismet spam filter
if (isset($data['title']) and isset($data['description']) and core::akismet($data['title'], $user->email, $data['description']) == TRUE) {
// is user marked as spammer? Make him one :)
if (core::config('general.black_list')) {
$user->user_spam();
}
return array('error' => __('This post has been considered as spam! We are sorry but we can not publish this advertisement.'), 'error_type' => Alert::ALERT);
}
//akismet
$ad = new Model_Ad();
$ad->id_user = $user->id_user;
$ad->values($data);
$ad->seotitle = $ad->gen_seo_title($ad->title);
$ad->created = Date::unix2mysql();
try {
$ad->save();
} catch (ORM_Validation_Exception $e) {
return array('validation_errors' => $e->errors('ad'));
} catch (Exception $e) {
return array('error' => $e->getMessage(), 'error_type' => Alert::ALERT);
}
/////////// NOTIFICATION Emails,messages to user and Status of the ad
// depending on user flow (moderation mode), change usecase
$moderation = core::config('general.moderation');
//calculate how much he needs to pay in case we have payment on
if ($moderation == Model_Ad::PAYMENT_ON or $moderation == Model_Ad::PAYMENT_MODERATION) {
// check category price, if 0 check parent
if ($ad->category->price == 0) {
$cat_parent = new Model_Category($ad->category->id_category_parent);
//category without price
if ($cat_parent->price == 0) {
//swapping moderation since theres no price :(
if ($moderation == Model_Ad::PAYMENT_ON) {
$moderation = Model_Ad::POST_DIRECTLY;
} elseif ($moderation == Model_Ad::PAYMENT_MODERATION) {
$moderation = Model_Ad::MODERATION_ON;
}
} else {
$amount = $cat_parent->price;
}
} else {
$amount = $ad->category->price;
}
}
//where and what we say to the user depending ont he moderation
switch ($moderation) {
case Model_Ad::PAYMENT_ON:
case Model_Ad::PAYMENT_MODERATION:
$ad->status = Model_Ad::STATUS_NOPUBLISHED;
$order = Model_Order::new_order($ad, $user, Model_Order::PRODUCT_CATEGORY, $amount, NULL, Model_Order::product_desc(Model_Order::PRODUCT_CATEGORY) . ' ' . $ad->category->name);
// redirect to invoice
$return_message = __('Please pay before we publish your advertisement.');
$checkout_url = Route::url('default', array('controller' => 'ad', 'action' => 'checkout', 'id' => $order->id_order));
break;
case Model_Ad::EMAIL_MODERATION:
case Model_Ad::EMAIL_CONFIRMATION:
$ad->status = Model_Ad::STATUS_UNCONFIRMED;
$url_ql = $user->ql('oc-panel', array('controller' => 'myads', 'action' => 'confirm', 'id' => $ad->id_ad));
$user->email('ads-confirm', array('[URL.QL]' => $url_ql, '[AD.NAME]' => $ad->title));
$return_message = __('Advertisement is posted but first you need to activate. Please check your email!');
break;
case Model_Ad::MODERATION_ON:
$ad->status = Model_Ad::STATUS_NOPUBLISHED;
$url_ql = $user->ql('oc-panel', array('controller' => 'myads', 'action' => 'update', 'id' => $ad->id_ad));
$user->email('ads-notify', array('[URL.QL]' => $url_ql, '[AD.NAME]' => $ad->title));
// email to notify user of creating, but it is in moderation currently
$return_message = __('Advertisement is received, but first administrator needs to validate. Thank you for being patient!');
break;
case Model_Ad::POST_DIRECTLY:
default:
$ad->status = Model_Ad::STATUS_PUBLISHED;
$ad->published = $ad->created;
$url_cont = $user->ql('contact');
$url_ad = $user->ql('ad', array('category' => $ad->category->seoname, 'seotitle' => $ad->seotitle));
$user->email('ads-user-check', array('[URL.CONTACT]' => $url_cont, '[URL.AD]' => $url_ad, '[AD.NAME]' => $ad->title));
Model_Subscribe::notify($ad);
$return_message = __('Advertisement is posted. Congratulations!');
break;
}
//save the last changes on status
$ad->save();
//notify admins new ad
$ad->notify_admins();
return array('message' => $return_message, 'checkout_url' => $checkout_url, 'ad' => $ad);
}
$params = explode('/', $parts[3]);
} else {
$params = array();
}
// Instantiate the class
$class_name = 'controller_' . $parts[0] . '_' . $parts[1];
$class = new $class_name();
// And finish with the method
$method = isset($parts[2]) && !empty($parts[2]) ? $parts[2] : 'index';
} else {
// if parts is empty, use the default welcome-controller
if ($parts[0] == '') {
$parts[0] = 'welcome';
}
// Prepare the parameters
if (isset($parts[2])) {
$params = explode('/', $parts[2]);
} else {
$params = array();
}
// Instantiate the class
$class_name = 'controller_' . $parts[0];
$class = new $class_name();
// And finish with the method
$method = isset($parts[1]) && !empty($parts[1]) ? $parts[1] : 'index';
}
// Once done. return an array with the stuff
return array('class' => $class, 'params' => $params, 'method' => $method);
}
model_user::instance();
/**
* Проверка подлинности сессии
*/
private function check_session() : bool
{
$check = false;
$login = self::$session->read('login');
$action_time = self::$session->read('action_time');
$hash = self::$session->read('hash');
$sid = self::$session->read('sid');
$row = self::$db->selectOne('SELECT `user`, `sid`,`action_time` FROM `Auth` WHERE `user` = :login AND `sid` = :hash AND `action_time` = :action_time', ['login' => $login, 'action_time' => $action_time, 'hash' => $hash]);
if (!empty($row) && $row['sid'] === $hash) {
$row = self::$db->selectOne('SELECT `login`, `user_group`, `sid`, `control_ip`, `action_time` FROM Users WHERE `login` = :login', ['login' => $login]);
if (!empty($row) && $row['sid'] === self::hash($sid, $row['action_time'], $row['control_ip'])) {
if (self::$config['tech_work'] && !$row['user_group'] < 5) {
if ($action_time < self::mtime()) {
self::$session->recreate($login, $sid);
self::$db->runQuery('UPDATE Auth SET `sid` = :sid, `action_time` = :action_time WHERE `user` = :login LIMIT 1', ['login' => $login, 'sid' => self::$session->read('hash'), 'action_time' => self::$session->read('action_time')]);
$check = true;
} else {
$check = true;
}
} else {
$check = false;
}
} else {
$check = false;
}
} else {
$check = false;
}
if ($check) {
self::$login = $row['login'];
self::$user_group = $row['user_group'];
return true;
} else {
return false;
}
}
die;
}
// was the ROOT trying to log in?
if ($name == 'mwaroot' && $rootPasswd != "" && $password == $rootPasswd) {
// match, create root userdata.
$userdata = array();
$userdata['id'] = 0;
$userdata['name'] = "mwaroot";
$userdata['groups'] = "root";
} else {
// are there any user models?
$mdl = sprintf("%s/model/user.php", ROOT);
if (!file_exists($mdl)) {
// no user model, asumming only root user.
http_response::redir('/admin');
die;
}
// try login
$mdlUser = new model_user();
$userdata = $mdlUser->login($name, $password);
}
if ($userdata == null) {
http_response::redir('/admin');
die;
}
// init login session
$user = user::getInstance();
$user->login($userdata['id'], $userdata['name'], $userdata['groups'], $remember);
// enter admin
http_response::redir('/admin/index');
die;
<div class="page-header">
<h1><?php
echo $judul;
?>
</h1>
</div>
<form <?php
form_properties("user", $aksi, $data[model_user::pk()], true);
?>
>
<table border="0">
<tr>
<td>Nama</td>
<td><?php
input("nama", $data);
?>
</td>
</tr>
<tr>
<td>Email</td>
<td><?php
input("email", $data);
?>
</td>
</tr>
<tr>
<td>Handphone</td>
<td><?php
input("hp", $data);
?>
</td>
define('key', '');
}
// Include init.php if not already included earlier.
require_once 'init.php';
// Change the session-timeout to something from the database.
ini_set("session.cookie_lifetime", $conf['session_timeout']);
// and start it
session_start();
// Initialize a new global rendering object accessible from model::factory('renderer')
$renderer = new model_renderer();
// Do some magic with the url
$parts = model::factory('url')->get_parts();
switch ($parts[0]) {
case 'admin':
// Admin? are you sure you are admin?
if (model_user::instance()->isAdmin()) {
// Seems like it.
$parts = resolv($_GET);
// Which controller do you want? Ah yes! That one.
$class = new $parts['class']();
// Run the before part if there is one.
if (method_exists($class, 'before')) {
$class->before();
}
// Alright, enough foreplay. Call the class already and its method. And don't forget the parameters!
call_user_func_array(array($class, $parts['method']), $parts['params']);
// Echo back the results.
echo model::factory('renderer')->render('template/admin/main.html');
break;
}
case 'login':