static function validate() { $errors = array(); if (!isset($_POST["password"]) || !$_POST["password"]) { array_push($errors, 'Ingrese su contraseña actual'); } if (!isset($_POST["newPassword"]) || !$_POST["newPassword"]) { array_push($errors, 'Ingrese una nueva contraseña'); } if ($_POST["newPassword"] && strlen($_POST["newPassword"]) < 8) { array_push($errors, 'La contraseña debe contener un mínimo de 8 caracteres'); } if ($_POST["newPassword"] && strlen($_POST["newPassword"]) > 50) { array_push($errors, 'La contraseña debe contener un máximo de 50 caracteres'); } if (!isset($_POST["repeatPassword"]) || !$_POST["repeatPassword"]) { array_push($errors, 'Repita la contraseña'); } if ($_POST["newPassword"] != $_POST["repeatPassword"]) { array_push($errors, 'Las contraseñas ingresadas no coinciden'); } if (isset($_POST["password"])) { $user = SecurityAdmin::getUserByCredentials(SecurityManager::UserInfo()->nick, $_POST["password"]); if ($user == null) { array_push($errors, 'La contraseña actual es incorrecta'); } } return $errors; }
<?php if (!isset($_SESSION)) { session_start(); } $_SERVER["DOCUMENT_ROOT"] = $_SERVER["DOCUMENT_ROOT"] . '/turnos'; include_once $_SERVER["DOCUMENT_ROOT"] . '/common/Includes.php'; use admin\SecurityAdmin; use lib\ExportDataExcel; use security\SecurityManager; SecurityManager::authorize(array('admin')); $multicolumnSearchText = isset($_POST['multicolumnSearchText']) && $_POST['multicolumnSearchText'] ? $_POST['multicolumnSearchText'] : ''; $inactivos = isset($_POST['inactivos']) && $_POST['inactivos'] ? $_POST['inactivos'] : false; $data = SecurityAdmin::getUsersByFilter($multicolumnSearchText, $inactivos); $exporter = new ExportDataExcel('browser', 'Usuarios.xls'); $exporter->initialize(); $exporter->addRow(array("Id", "Nick", "Nombre", "Mail", "Tipo", "Activo", "FechaAlta")); foreach ($data as $user) { $exporter->addRow(array($user->id, $user->nick, $user->firstName, $user->mail, $user->type, $user->enabled ? 'Si' : 'No', $user->createDate)); } $exporter->finalize(); exit;
static function addEntry($form) { $transaction = NULL; $result = array(); $userId = null; $user = null; $newUser = false; $userExists = SecurityManager::isValidUser(); try { $transaction = GenericDao::beginTransaction(); if (!$userExists) { $step = Phinq::create($form->steps)->single(function ($item) { return isset($item->disabled) && $item->disabled == true; }); $mail = Phinq::create($step->controls)->single(function ($item) { return $item->columnName == 'mail'; })->value; $nombre = Phinq::create($step->controls)->single(function ($item) { return $item->columnName == 'nombre'; })->value; $apellido = Phinq::create($step->controls)->single(function ($item) { return $item->columnName == 'apellido'; })->value; $user = UserAdmin::getUserByMail($mail); if ($user != null) { $form->userId = $userId = $user->id; } else { $newUser = true; $password = substr(md5(uniqid()), 0, 8); $userDto = new \stdClass(); $userDto->firstName = $nombre; $userDto->lastName = $apellido; $userDto->mail = $mail; $userDto->type = UserType::client; $userDto->password = $password; $response = json_decode(SecurityAdmin::createUser($userDto, $transaction)); $form->userId = $userId = $response->data; } $form->confirmada = 'N'; } else { $form->userId = $userId = SecurityManager::UserInfo()->id; $form->confirmada = 'S'; } $form->ip = $_SERVER['REMOTE_ADDR']; $entryId = FormDao::addEntry($form, $transaction); $user = SecurityDao::getUserById($userId); $dwoo = new Core(); if (!$userExists) { if (!$newUser) { $user->logo = AppConfig::logoUrl; $user->producto = BaseAdmin::getProductoSimple($form->productoId)->nombre; $code = base64_encode($user->id . '|' . $user->createDate . '|' . $user->mail . '|' . $entryId . '|' . $form->productoId . '|' . $form->id); $link = 'http://' . getenv('HTTP_HOST') . APP_FOLDER . '/views/client/Confirmacion.php?c=' . $code; $user->link = $link; $template = $dwoo->get($_SERVER["DOCUMENT_ROOT"] . '/views/shared/templates/mails/userSolicitudRequestConfirm.tpl', (array) $user); Mail::Send($user->mail, 'Confirmación de solicitud', $template); } else { $subject = 'Aladinnus, proceso de activación'; $code = base64_encode($user->id . '|' . $user->createDate . '|' . $user->mail . '|' . $entryId . '|' . $form->productoId . '|' . $form->id); $link = 'http://' . getenv('HTTP_HOST') . APP_FOLDER . '/views/client/Activacion.php?c=' . $code; $user->link = $link; $userDto->logo = $user->logo = AppConfig::logoUrl; $template = $dwoo->get($_SERVER["DOCUMENT_ROOT"] . '/views/shared/templates/mails/userActivation.tpl', (array) $user); Mail::Send($user->mail, $subject, $template); } } else { //MAIL PROVEEDORES $usersProveedor = SecurityDao::getUsersProveedorByProductoId($form->productoId); foreach ($usersProveedor as $prov) { FormAdmin::addProveedorEntry($prov->id, $form->id, $entryId, $user->id); $prov->logo = AppConfig::logoUrl; $template = $dwoo->get($_SERVER["DOCUMENT_ROOT"] . '/views/shared/templates/mails/providerNewSolicitud.tpl', (array) $prov); Mail::Send($prov->mail, 'Nueva solicitud', $template); } //MAIL ADMINs $usersAdmin = SecurityDao::getUsersAdmin(); $usersAdmin = Phinq::create($usersAdmin)->where(function ($user) { return $user->enabled; })->toArray(); foreach ($usersAdmin as $admin) { $admin->logo = AppConfig::logoUrl; $template = $dwoo->get($_SERVER["DOCUMENT_ROOT"] . '/views/shared/templates/mails/userAdminRequest.tpl', (array) $admin); Mail::Send($admin->mail, 'Nueva solicitud', $template); } //MAIL USUARIO $user->logo = AppConfig::logoUrl; $user->producto = BaseAdmin::getProductoSimple($form->productoId)->nombre; $template = $dwoo->get($_SERVER["DOCUMENT_ROOT"] . '/views/shared/templates/mails/userRequest.tpl', (array) $user); Mail::Send($user->mail, 'Nueva solicitud', $template); } $transaction->commit(); } catch (\Exception $ex) { $transaction->rollBack(); $result = array($ex->getMessage()); } return $result; }
static function isValidUser() { if (!isset($_SESSION["user"])) { return false; } SecurityManager::refreshTimeout(); return !SecurityManager::isTimeout(); }
static function render() { $_SESSION["sitemap"] = null; if (!isset($_SESSION["sitemap"]) || !$_SESSION["sitemap"]) { SitemapManager::initialize(); } SitemapManager::open(); foreach ($_SESSION["sitemap"]->nodes as $node) { if (!SecurityManager::isUserInRoles($node->roles)) { continue; } SitemapManager::renderNode($node); } SitemapManager::close(); }
static function process() { if (!isset($_POST["submit"])) { return null; } $errors = LoginController::validate(); if (sizeof($errors) > 0) { return $errors; } $isValidUser = SecurityManager::login($_POST["userName"], $_POST["password"]); if ($isValidUser) { Utils::Redirect('https://' . getenv('HTTP_HOST') . APP_FOLDER . '/views/solicitudesEntrega/index.php', false); } return array('Usuario inválido'); }
<?php if (!isset($_SESSION)) { session_start(); } $_SERVER["DOCUMENT_ROOT"] = $_SERVER["DOCUMENT_ROOT"] . '/turnos'; include_once $_SERVER["DOCUMENT_ROOT"] . '/common/Includes.php'; use security\SecurityManager; SecurityManager::authorize(array('admin', 'Gestor')); ?> <?php include_once $_SERVER["DOCUMENT_ROOT"] . '/views/shared/masterTop.php'; ?> <div ng-app="diarco.usersAdmin"> <?php include 'bundle.php'; ?> <loading></loading> <div ng-view></div> </div> <script type="text/javascript" src="../../scripts/app/securityAdmin/usersModule.js?v=<?php echo rand(1, 1000000); ?> "> </script> <script type="text/javascript" src="../../scripts/app/securityAdmin/usersListCtrl.js?v=<?php echo rand(1, 1000000); ?>
<?php if (!isset($_SESSION)) { session_start(); } $_SERVER["DOCUMENT_ROOT"] = $_SERVER["DOCUMENT_ROOT"] . '/turnos'; include_once $_SERVER["DOCUMENT_ROOT"] . '/common/Includes.php'; use security\SecurityManager; use controllers\CambioContraseniaController; SecurityManager::authorize(); $errors = CambioContraseniaController::process(); ?> <?php include_once $_SERVER["DOCUMENT_ROOT"] . '/views/shared/masterTop.php'; ?> <div > <section id="widget-grid" class=""> <article class="col-xs-12 col-sm-12 col-md-12 col-lg-12"> <div class="jarviswidget" id="wid-id-1002" data-widget-colorbutton="false" data-widget-editbutton="false" data-widget-togglebutton="false" data-widget-deletebutton="false" data-widget-custombutton="false" data-widget-collapsed="false" data-widget-sortable="false"> <header role="heading"> <span class="widget-icon"> <i class="fa fa-edit"></i> </span> <span style="position: relative; left: 8px; top: -3px;;">Cambiar contraseña</span> </header> <div role="content"> <div class="widget-body"> <?php
<?php /** * Created by PhpStorm. * User: pzaborowski * Date: 07/01/2015 * Time: 10:53 AM */ session_start(); $_SERVER["DOCUMENT_ROOT"] = $_SERVER["DOCUMENT_ROOT"] . '/turnos'; include_once $_SERVER["DOCUMENT_ROOT"] . '/common/Includes.php'; use security\SecurityManager; SecurityManager::logout(); ?>
</div> </div> </header> <!-- END HEADER --> <aside id="left-panel"> <!-- User info --> <div class="login-info"> <span> <a href="javascript:void(0);" id="show-shortcut"> <span> <?php if (SecurityManager::isValidUser()) { $user = SecurityManager::UserInfo(); echo $user->firstName; } ?> </span> <i class="fa fa-angle-down"></i> </a> </span> </div> <?php SitemapManager::render(); ?> <span class="minifyme"> <i class="fa fa-arrow-circle-left hit"></i> </span>
<?php if (!isset($_SESSION)) { session_start(); } $_SERVER["DOCUMENT_ROOT"] = $_SERVER["DOCUMENT_ROOT"] . '/turnos'; include_once $_SERVER["DOCUMENT_ROOT"] . '/common/Includes.php'; use security\SecurityManager; SecurityManager::authorize(array('admin', 'Gestor', 'Proveedor', 'Consulta')); ?> <?php include_once $_SERVER["DOCUMENT_ROOT"] . '/views/shared/masterTop.php'; ?> <div ng-app="diarco.solicitudesEntrega"> <?php include 'bundle.php'; ?> <loading></loading> <div ng-view></div> </div> <script type="text/javascript" src="../../scripts/app/solicitudesEntrega/solicitudesEntregaModule.js?v=<?php echo rand(1, 1000000); ?> "> </script> <script type="text/javascript" src="../../scripts/app/solicitudesEntrega/solicitudesEntregaListCtrl.js?v=<?php echo rand(1, 1000000); ?> "> </script>
static function getDataEditInitBloqueos() { $data = new \stdClass(); $data->bloqueoTypes = array(); $data->user = SecurityManager::UserInfo(); $data->user->type = SecurityManager::UserInfo()->roles[0]->name; $data->sucursales = array(); if ($data->user->type == 'Gestor') { array_push($data->sucursales, ExternalDao::getSucursalById($data->user->sucursalId)); } else { $data->sucursales = ExternalDao::getAllSucursales(); } array_push($data->bloqueoTypes, BloqueoType::bloqueo); array_push($data->bloqueoTypes, BloqueoType::feriado); $result = new Response(new Result(), $data); return json_encode(Utils::utf8ize($result)); }
static function getDataReservasInit($id) { $data = new \stdClass(); $data->user = SecurityDao::getUserById($id); $data->user->reservas = SecurityDao::getReservasByUserId($id); $data->currentUser = SecurityManager::UserInfo(); $data->sucursales = ExternalDao::getAllSucursales(); $result = new Response(new Result(), $data); return json_encode(Utils::utf8ize($result)); }