Example #1
0
    }
    public function getOrders()
    {
        return $this->orders;
    }
}
if (isset($_POST['submit']) || isset($_GET['submit'])) {
    extract($_POST);
    extract($_GET);
    $auth = new Authenticate();
    $isAjax = isset($isAjax) && $auth->isAjax() ? true : false;
    $pdo = new PDOSingleton(PDOSingleton::ADMINUSER);
    $errorRunner = new ErrorRunner();
    $logger = new FullLog('Corporate Viewing Orders');
    $logger->serverData();
    $checkAuth = new CheckAuth($logger);
    $errors = [];
    $orderID = !empty($orderid) ? $auth->cInt($orderid) : null;
    $isCorporate = $checkAuth->isCorporate();
    $employeeID = !empty($_SESSION['employeeid']) ? $auth->cInt($_SESSION['employeeid']) : null;
    $employeeID || ($errors[] = "No customer id.  You have most likely timed out.  Log out and log back in.");
    $isCorporate || ($errors[] = "You are not authenticated as a corporate user.");
    $models = new stdClass();
    $models->pdo = $pdo;
    $models->errorRunner = $errorRunner;
    $models->logger = $logger;
    $orderData = new stdClass();
    $orderData->orderID = $orderID;
    $orderData->employeeID = $employeeID;
    $orderData->session = $_SESSION;
    if (empty($errors)) {
Example #2
0
    }
    public function removeOrder()
    {
        $this->data = $this->order->removeOrder();
    }
}
if (isset($_POST['submit']) || isset($_GET['submit'])) {
    extract($_POST);
    extract($_GET);
    $auth = new Authenticate();
    $isAjax = isset($isAjax) && $auth->isAjax() ? true : false;
    $pdo = new PDOSingleton(PDOSingleton::ADMINUSER);
    $errorRunner = new ErrorRunner();
    $logger = new FullLog('Customer Remove Order');
    $logger->serverData();
    $checkAuth = new CheckAuth($logger);
    $errors = [];
    $action = !empty($action) ? $action : null;
    $orderID = !empty($id) ? $auth->cInt($id) : null;
    $isCustomer = $checkAuth->isCustomer();
    $customerID = !empty($_SESSION['customerid']) ? $auth->cInt($_SESSION['customerid']) : null;
    $orderID || ($errors[] = "No orderid was specified on this request.");
    $customerID || ($errors[] = "No customer id.  You have most likely timed out.  Log out and log back in.");
    $isCustomer || ($errors[] = "You are not authenticated as a customer.");
    $csrf = !empty($csrf) ? $csrf : null;
    if (!isset($_SESSION['csrf_token']) || $_SESSION['csrf_token'] !== $csrf) {
        $errors[] = "This form does not appear to have originated from our site.";
    }
    $orderData = new stdClass();
    $orderData->action = $action;
    $orderData->orderID = $orderID;
Example #3
0
require_once dirname(dirname(__DIR__)) . DIRECTORY_SEPARATOR . "partials/header.php";
use security\Controllers\Corporate\EmployeeGroupsOrdersController;
use security\Models\Authenticator\BlackLister;
use security\Models\Authenticator\CheckAuth;
use security\Models\ErrorRunner;
use security\Models\PDOSingleton;
use security\Models\RedisSingleton;
use security\Models\Router\Router;
use security\Models\SiteLogger\FullLog;
$router = new Router(__DIR__);
$rootPath = $router->rootPath;
$redis = new RedisSingleton();
$errorRunner = new ErrorRunner();
$pdo = new PDOSingleton(PDOSingleton::CORPORATEUSER);
$logger = new FullLog('Corporate View Orders Page');
$checkAuth = new CheckAuth($logger);
$blackList = new BlackLister($redis);
$isCorporate = $checkAuth->isCorporate();
$isAdmin = $checkAuth->isAdmin();
$router = new Router(__DIR__);
$rootPath = $router->rootPath;
if (!$isCorporate) {
    $logger->serverData();
    $logger->addWarning("User attempted to access unauthorized location.");
    $error = rawurlencode('Not an authenticated corporate user.');
    die(header("Location:{$rootPath}goodsite/corporate/corporatelogin.php?errors={$error}"));
}
$models = new stdClass();
$models->redis = $redis;
$models->errorRunner = $errorRunner;
$models->pdo = $pdo;
Example #4
0
    }
    public function removeOrder()
    {
        $this->data = $this->order->removeOrder();
    }
}
if (isset($_POST['submit']) || isset($_GET['submit'])) {
    extract($_POST);
    extract($_GET);
    $auth = new Authenticate();
    $isAjax = isset($isAjax) && $auth->isAjax() ? true : false;
    $pdo = new PDOSingleton(PDOSingleton::ADMINUSER);
    $errorRunner = new ErrorRunner();
    $logger = new FullLog('Corporate Remove Order');
    $logger->serverData();
    $checkAuth = new CheckAuth($logger);
    $errors = [];
    $orderID = !empty($id) ? $auth->cInt($id) : null;
    $isAdmin = $checkAuth->isAdmin();
    $groupID = !empty($_SESSION['groupid']) ? $auth->cInt($_SESSION['groupid']) : null;
    $orderID || ($errors[] = "No orderid was specified on this request.");
    $groupID || ($errors[] = "No group id.  You have most likely timed out.  Log out and log back in.");
    $isAdmin || ($errors[] = "You are not an admin and cannot perform this action.");
    $csrf = !empty($csrf) ? $csrf : null;
    if (!isset($_SESSION['csrf_token']) || $_SESSION['csrf_token'] !== $csrf) {
        $errors[] = "This form does not appear to have originated from our site.";
    }
    $orderData = new stdClass();
    $orderData->action = $action;
    $orderData->orderID = $orderID;
    $orderData->groupID = $groupID;
Example #5
0
use security\Controllers\Corporate\ViewCorporateOrdersController;
use security\Models\Authenticator\Authenticate;
use security\Models\Authenticator\BlackLister;
use security\Models\Authenticator\CheckAuth;
use security\Models\ErrorRunner;
use security\Models\PDOSingleton;
use security\Models\RedisSingleton;
use security\Models\Router\Router;
use security\Models\SiteLogger\FullLog;
$router = new Router(__DIR__);
$rootPath = $router->rootPath;
$auth = new Authenticate();
$redis = new RedisSingleton();
$errorRunner = new ErrorRunner();
$logger = new FullLog('Corporate View Page');
$checkAuth = new CheckAuth($logger);
$blackList = new BlackLister($redis);
$isCorporate = $checkAuth->isCorporate();
$router = new Router(__DIR__);
$rootPath = $router->rootPath;
$userType = PDOSingleton::CORPORATEUSER;
if ($checkAuth->isAdmin()) {
    $userType = PDOSingleton::ADMINUSER;
}
$pdo = new PDOSingleton($userType);
$orderID = !empty($_GET['order']) ? $auth->cInt($_GET['order']) : null;
$employeeID = !empty($_SESSION['employeeid']) ? $auth->cInt($_SESSION['employeeid']) : null;
if (!$isCorporate) {
    $logger->serverData();
    $logger->addWarning("User attempted to access unauthorized location.");
    $error = rawurlencode('Not an authenticated corporate user.');
Example #6
0
    {
        $this->data['loggedout'] = $this->destroy->destroySession();
    }
    public function jsonSerialize()
    {
        return $this->data;
    }
}
if (isset($_POST['submit']) || isset($_GET)) {
    extract($_POST);
    extract($_GET);
    $auth = new Authenticate();
    $isAjax = isset($isAjax) && $auth->isAjax() ? true : false;
    $errorRunner = new ErrorRunner();
    $logger = new FullLog('User Logging out');
    $checkAuth = new CheckAuth($logger);
    $init = new SessionInitializers();
    $errors = [];
    $isUser = $checkAuth->isAuth();
    $csrf = !empty($csrf) ? $csrf : null;
    $session = isset($_SESSION) ? $_SESSION : null;
    $csrf || ($errors[] = "There is no token for this account.  You have most likely timed out.");
    $isUser || ($errors[] = "You are not authenticated as an user.");
    $session || ($errors[] = "You do not have a session identifier.");
    if (!isset($_SESSION['csrf_token']) || $_SESSION['csrf_token'] !== $csrf) {
        $errors[] = "You do not have permission to perform that action.";
    }
    $userData = new stdClass();
    $userData->session = $session;
    $modelObjects = new stdClass();
    $modelObjects->init = $init;
Example #7
0
        $this->data = $this->orderModel->addOrder();
    }
    public function getOrder()
    {
        return $this->data;
    }
}
if (isset($_POST['submit']) || isset($_GET['submit'])) {
    extract($_POST);
    extract($_GET);
    $auth = new Authenticate();
    $isAjax = isset($isAjax) && $auth->isAjax() ? true : false;
    $errorRunner = new ErrorRunner();
    $logger = new FullLog('Customer Add New Order');
    $logger->serverData();
    $checkAuth = new CheckAuth($logger);
    $errors = [];
    $isValidUser = $checkAuth->isAuth();
    $isAdmin = $checkAuth->isAdmin();
    $isCustomer = $checkAuth->isCustomer();
    // We need admin privileges to assign a group to this.
    // For demo purposes, this assignment will be random,
    // but in a real app, this order would be pending until
    // someone could assign it.
    if ($isAdmin || $isCustomer) {
        $pdo = new PDOSingleton(PDOSingleton::ADMINUSER);
    }
    if (!$isAdmin && !$isCustomer) {
        $errors[] = "Not a privileged account. Cannot perform action.";
    }
    if ($isAdmin) {
Example #8
0
    public function getCustomerList()
    {
        return $this->model->getCustomerList();
    }
}
if (isset($_POST['submit']) || isset($_GET['submit'])) {
    extract($_POST);
    extract($_GET);
    $auth = new Authenticate();
    $errors = [];
    $isAjax = isset($isAjax) && $auth->isAjax() ? true : false;
    $pdo = new PDOSingleton(PDOSingleton::CORPORATEUSER);
    $errorRunner = new ErrorRunner();
    $logger = new FullLog('Employee Initializers');
    $logger->serverData();
    $checkAuth = new CheckAuth($logger);
    $models = new stdClass();
    $models->logger = $logger;
    $models->errorRunner = $errorRunner;
    $models->auth = $auth;
    $models->pdo = $pdo;
    $models->checkAuth = $checkAuth;
    $isAuth = $checkAuth->isAuth();
    $isCorporate = $checkAuth->isCorporate();
    $isGroup = $checkAuth->isGroup();
    $isAuth || ($errors[] = "Not authenticated");
    $isGroup || ($errors[] = "Not valid group member");
    $isCorporate || ($errors[] = "Incorrect user type.");
    isset($_SESSION) || ($errors[] = "No customer is available.");
    $order = new stdClass();
    $order->session = $_SESSION;