public function __construct($pagina, $naam) { $taal = new Taal(); $auth = new Auth(false); echo "<div id='topbar'> <div id='language'><ul class='swapUnderline'>"; if (!$auth->isLoggedIn() || $auth->isLoggedIn() && !$auth->getUser()->isPersoneel()) { if ($taal->getTaal() == "nl") { echo "<li class='selected'> NL</li>"; echo "<li class='last-child'><a href='veranderTaal.php?vorige=" . $_SERVER['PHP_SELF'] . "?" . $_SERVER['QUERY_STRING'] . "'>EN</a></li>"; } else { echo "<li><a href='veranderTaal.php?vorige=" . $_SERVER['PHP_SELF'] . "?" . $_SERVER['QUERY_STRING'] . "'>NL</a></li>"; echo "<li class='selected last-child'> EN</li>"; } } echo "</ul></div><div id='user'><ul class='swapUnderline'>"; if (!$auth->isLoggedIn()) { echo "<li class='last-child'><a class='Logintext advanced' href='" . Auth::getLoginURL() . "'> " . $taal->msg('aanmelden') . "</a></li>"; } else { echo "<li class='last-child member'>" . $auth->getUser()->getGebruikersnaam() . " - <a class='Logintext' href='logout.php'' title='uitloggen'' >" . $taal->msg('afmelden') . "</a></li>"; } echo "</ul> \n\t\t\t</div> \n\t\t</div> "; echo "<div id='header'> \n\t\t\t<div id='headerleft'> \n\t\t\t\t<h1> <a href='http://www.ugent.be/nl' title='Universiteit Gent'><img src='images/universiteit_gent.gif' alt='Universiteit Gent'/> </a> </h1> \n\t\t\t\t<h2> <a href='index.php'>Online Herstelformulier</a></h2>\n\t\t\t</div> \n\t\t\t<div id='headerright'> </div> \n\t\t</div> "; echo "<div id='breadcrumb' class='swapUnderline'>\n\t\t\t<span>" . $taal->msg('u_bent_hier') . "</span>"; $r = ""; foreach ($pagina as $key => $value) { $r .= " <a class='br-act' href='{$value}'>" . $taal->msg($naam[$key]) . "</a> >"; } echo substr($r, 0, -2); echo "</div> "; }
public function download__download() { $file = Request::get('file'); $filename = Path::fromAsset($file); $as = Request::get('as', $file); $logged_in = filter_var(Request::get('logged_in', true), FILTER_VALIDATE_BOOLEAN); $override = Request::get('override'); if (!$logged_in) { // first make sure there's an override in the config $override_config = $this->fetchConfig('override'); if (!$override_config) { die('No override key configured'); } // now see if there's an override param if (!$override) { die('No override param'); } if ($override_config != $override) { die("Override key & param don't match"); } } elseif (!Auth::isLoggedIn()) { // if the user has to be logged in, see if they are die('Must be logged in'); } if (!$this->download($filename, $as)) { die('File doesn\'t exist'); } }
function __construct() { parent::__construct(); //pagination area $config['full_tag_open'] = '<ul class="pagination pagination-sm no-margin pull-right">'; $config['full_tag_close'] = '</ul>'; $config['first_link'] = '<i class="fa fa-angle-left"></i><i class="fa fa-angle-left"></i>'; $config['first_tag_open'] = '<li class="prev">'; $config['first_tag_close'] = '</li>'; $config['last_link'] = '<i class="fa fa-angle-right"></i><i class="fa fa-angle-right"></i>'; $config['last_tag_open'] = '<li class="next">'; $config['last_tag_close'] = '</li>'; $config['next_link'] = '<i class="fa fa-angle-right"></i>'; $config['next_tag_open'] = '<li class="next">'; $config['next_tag_close'] = '</li>'; $config['prev_link'] = '<i class="fa fa-angle-left"></i>'; $config['prev_tag_open'] = '<li class="prev">'; $config['prev_tag_close'] = '</li>'; $config['cur_tag_open'] = '<li class="active"><a href="javascript:void()">'; $config['cur_tag_close'] = '</a></li>'; $config['num_tag_open'] = '<li>'; $config['num_tag_close'] = '</li>'; $this->configpagination = $config; unset($config); if (!Auth::isLoggedIn()) { redirect('login'); } }
function pageController() { $errors = []; if (!Auth::isLoggedIn()) { header('Location: users.create.php'); exit; } $userObject = UserModel::find($_SESSION['user_id']); if (!empty($_POST)) { try { $userObject->first_name = Input::getString('firstName'); } catch (Exception $e) { $errors[] = $e->getMessage(); } try { $userObject->last_name = Input::getString('lastName'); } catch (Exception $e) { $errors[] = $e->getMessage(); } if (Input::get('password1') == Input::get('password2')) { try { $userObject->password = Input::getPassword('password1', $userObject->first_name, $userObject->last_name, $userObject->email); } catch (Exception $e) { $errors[] = $e->getMessage(); } } $userObject->save(); } return ['user' => $userObject, 'errors' => $errors]; }
public function __construct() { parent::__construct(); if (Auth::isLoggedIn()) { redirect('home'); } }
function pageController() { if (Auth::isLoggedIn()) { header("Location: index.php"); exit; } try { $email = Input::getString('email'); } catch (Exception $e) { $email = ''; } try { $password = Input::getString('password'); } catch (Exception $e) { $password = ''; } $user = UserModel::findByEmail($email); // if(empty($user)) // { // header("Location: users.create.php"); // exit(); // } if (Auth::attempt($user, $password)) { Auth::setSessionVariables($user); header("Location: index.php"); exit; } return array('email' => $email, 'loggedIn' => Auth::isLoggedIn()); }
public function pagereorder_redux__reorder() { $response = array('linkage' => null, 'message' => 'No order data received. Please try again.', 'status' => 'error'); // Get current user, to check if we're logged in. if (!Auth::isLoggedIn()) { exit('Invalid Request'); } // Get POST data from request. $order = Request::post('order', false); $entry_folder = Request::post('entry_folder', false); // Make sure we've got a response. if (!$order || !$entry_folder) { Log::error($response['message'], 'pagereorder_redux'); echo json_encode($response); return false; } // Array of page order objects. $page_order = json_decode($order); if (isset($page_order[0]->url) && $page_order[0]->url != '') { $response = $this->order_set($page_order, $entry_folder); } else { $response['message'] = "The data submitted was invalid"; } echo json_encode($response); return true; }
public function userIsAuthorized($action) { // Dafür sorgen, dass eine Anfrage ggf. auf das Login weitergeleitet wird, // wenn die Session abgelaufen ist und nach erfolgtem Login nahtlos auf // die angeforderte Seite weitergeleitet wird if ($this->module_name != 'login' && !Auth::isLoggedIn()) { $_SESSION['pixelmanager_temp_login_redirect']['uri'] = $_SERVER['REQUEST_URI']; $_SESSION['pixelmanager_temp_login_redirect']['get'] = $_GET; $_SESSION['pixelmanager_temp_login_redirect']['post'] = $_POST; $_SESSION['pixelmanager_temp_login_redirect']['request'] = $_REQUEST; Helpers::redirect(Config::get()->baseUrl . 'admin/html-output/login'); } else { if ($this->module_name != 'login') { if (isset($_SESSION['pixelmanager_temp_login_redirect'])) { $_GET = $_SESSION['pixelmanager_temp_login_redirect']['get']; $_POST = $_SESSION['pixelmanager_temp_login_redirect']['post']; $_REQUEST = $_SESSION['pixelmanager_temp_login_redirect']['request']; unset($_SESSION['pixelmanager_temp_login_redirect']); } } } // Wenn es sich um ein Zusatzmodul handelt, ggf. auf Zugangsberechtigung prüfen if ($this->isCustomBackendModule()) { $can_user_access = $this->canUserAccessCustomBackendModule(); if ($can_user_access === false) { $this->accessDenied(); } return $can_user_access; } // Anfrage wurde bis jetzt nicht abgefangen, also erstmal annehmen, dass der Zugriff erlaubt ist return true; }
public function __construct($categorie) { $this->huidigePagina = basename($_SERVER['REQUEST_URI']); $this->categorie = $categorie; try{ $a = new Auth(false); $taal = new Taal(); echo("<div id='navigationhome'><div id='mainnav'><ul>"); echo self::generateItem("index.php", $taal->msg('Index')); if($a->isLoggedIn()){//zijn we ingelogd? if($a->getUser()->isPersoneel()){//zijn we personeel? echo self::generateItem("personeelMeldingToevoegen.php", "Defect Melden"); echo self::generateItem("personeelAdmin.php", "Beheer", true, true); if($categorie == "Beheer"){//submenu beheer echo"<ul>"; echo(self::generateItem("personeelAdminHomes.php","Beheer Homes")); echo(self::generateItem("personeelAdminBeheerders.php","Beheer Beheerders")); echo(self::generateItem("personeelAdminCategorie.php","Beheer Categorieën")); $lijst = $a->getUser()->getHomesLijst(); foreach($lijst as $home){ echo(self::generateItem("personeelAdmin.php?homeId=".$home->getId(),"Home ".$home->getKorteNaam(), false, true)); } echo"</ul></li>"; } echo self::generateItem("personeelStatistiek.php", "Statistieken"); echo self::generateItem("personeelOverzicht.php", "Overzicht", true); if($categorie == "Overzicht"){//submenu beheer echo"<ul>"; echo(self::generateItem("personeelMeldingInformatie.php","Formulier")); echo"</ul></li>"; } if($a->getUser()->getGebruikersnaam()=="bmesuere" || $a->getUser()->getGebruikersnaam()=="bevdeghi"){ echo self::generateItem("errorlog.php", "Errorlog"); echo self::generateItem("ldapSearch.php", "LDAP"); } } else{//we zijn student echo self::generateItem("studentOverzicht.php", $taal->msg('Overzicht')); echo self::generateItem("studentMeldingToevoegen.php", $taal->msg('defect_melden')); } } else{//we zijn niet ingelogd echo self::generateItem(Auth::getLoginURL(), $taal->msg('aanmelden')); echo self::generateItem("studentMeldingToevoegen.php", $taal->msg('defect_melden')); } echo("</ul></div><div class='visualClear'></div></div>"); } catch (Exception $e){ //doe niets, anders krijgen we een error lus (Error.php genereert ook een menu...) } }
public function userIsAuthorized($action) { if ($this->module_name != 'login' && !Auth::isLoggedIn()) { // Kein Benutzer eingeloggt, das Ausf�hren der angeforderten Action verhindern $this->error(self::RESULT_ERROR_NOT_LOGGED_IN); return false; } else { if (Auth::isLoggedIn()) { // Wenn es sich um ein Zusatzmodul handelt, ggf. auf Zugangsberechtigung pr�fen if ($this->isCustomBackendModule()) { $can_user_access = $this->canUserAccessCustomBackendModule(); if ($can_user_access === false) { $this->error(self::RESULT_ERROR_NOT_AUHTORIZED); } return $can_user_access; } } } // Anfrage wurde bis jetzt nicht abgefangen, also erstmal annehmen, dass der Zugriff erlaubt ist return true; }
public function run() { $authenticated = Auth::isLoggedIn(); $controller = ucfirst(strtolower(static::$request['controller'])) . 'Controller'; // some router logic / protection if ($authenticated) { if (isset(static::$request['params']['logout']) && Auth::logout()) { $this->redirect('/'); } if (isset(static::$request['params']['switchuser'])) { $url = Auth::switchUser((int) static::$request['params']['switchuser']); $this->redirect($url); } if (empty($controller) || $controller === 'FrontController' || $controller === 'JoinController' && Auth::$profile->profileSet()) { $this->redirect('/central'); } if ($controller !== 'JoinController' && !Auth::$profile->profileSet()) { $this->redirect('/join'); } if ($controller === 'AdminController' && !Auth::isAdmin()) { $this->redirect('/errors/view/401'); } } else { if (!static::$request['public']) { $this->redirect('/'); } } if (class_exists($controller, true)) { $props = !empty(Auth::$profile) ? ['profile' => Auth::$profile] : []; $invoke = new $controller(); return $invoke(static::$request, $props); // invoke controller } else { $this->redirect('/errors/view/404'); } }
<span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="navbar-brand" href="<?php echo Config::get("custom.admin_base_url"); ?> ">LA1:TV CMS</a> </div> <div class="collapse navbar-collapse"> <ul class="nav navbar-nav"> @yield('navbarList', '') </ul> <a class="btn btn-info navbar-btn navbar-right" href="<?php echo e(URL::to(Auth::isLoggedIn() ? "/admin/login/logout" : "/admin/login")); ?> "><?php echo !Auth::isLoggedIn() ? "Login" : "Log Out"; ?> </a> </div> </div> </div> @yield('content') <div id="footer"> <div class="container"> <p class="text-muted footer-txt">The custom built content management system for LA1:TV.</p> </div> </div> @stop
public function upgrade($version) { $auth = new Auth(); if (!$auth->isLoggedIn() || !$auth->isAdmin()) { return "Must be logged in as admin"; } $path = $_SERVER['DOCUMENT_ROOT'] . $_SERVER['APP_ROOT'] . "library/installer/schemas/update" . $version . ".sql"; if (!file_exists($path)) { return "Schema does not exist"; } $settings = WposAdminSettings::getSettingsObject('general'); if (floatval($settings->version) >= floatval($version)) { return "Db already at the latest version"; } $sql = file_get_contents($path); try { $result = $this->db->_db->exec($sql); if ($result !== false) { switch ($version) { case "1.0": // set sales type & channel $sql = "UPDATE `sales` SET `type`='sale', `channel`='pos';"; if ($this->db->_db->exec($sql) === false) { return $this->db->_db->errorInfo()[0]; } // set payment dt to process dt and update sales json with extra params $sql = "SELECT * FROM `sales`;"; $sales = $this->db->select($sql, []); foreach ($sales as $sale) { $data = json_decode($sale['data']); $data->id = $sale['id']; $data->balance = 0.0; $data->dt = $sale['dt']; $data->status = $sale['status']; if ($data == false) { die("Prevented null data entry"); } $sql = "UPDATE `sales` SET `data`=:data WHERE `id`=:saleid"; $this->db->update($sql, [":data" => json_encode($data), ":saleid" => $sale['id']]); $sql = "UPDATE `sale_payments` SET `processdt=:processdt WHERE `saleid`=:saleid"; $this->db->update($sql, [":processdt" => $sale['processdt'], ":saleid" => $sale['id']]); } // update config, add google keys WposAdminSettings::putValue('general', 'version', '1.0'); WposAdminSettings::putValue('general', 'gcontact', 0); WposAdminSettings::putValue('general', 'gcontacttoken', ''); WposAdminSettings::putValue('pos', 'priceedit', 'blank'); // copy new templates copy($_SERVER['DOCUMENT_ROOT'] . $_SERVER['APP_ROOT'] . 'docs-template/templates', $_SERVER['DOCUMENT_ROOT'] . $_SERVER['APP_ROOT'] . 'docs/'); break; case "1.1": WposAdminSettings::putValue('general', 'version', '1.1'); } return true; } else { return $this->db->_db->errorInfo()[0]; } } catch (Exception $e) { return $e->getMessage(); } }
<?php require_once __DIR__ . '/../../includes/helpers.php'; require_once __DIR__ . '/../../loader.php'; Session::checkSession(); $a = new Auth(); if (!$a->isLoggedIn()) { redirect_to('login.php'); exit; } $u = User::getUser(); ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags --> <!--<link rel="icon" href="../../favicon.ico"> --> <title>Photolia</title> <!-- Bootstrap core CSS --> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css"> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" crossorigin="anonymous"> <!-- Custom styles for this template --> <link href="../css/style.css" rel="stylesheet"> <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries --> <!--[if lt IE 9]> <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script> <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
public function profile_form() { if (!Auth::isLoggedIn()) { // not logged in return false; } $attr_string = ''; $member = Auth::getCurrentMember(); $site_root = Config::getSiteRoot(); $username = $this->fetchParam('username', $member->get('username')); $return = $this->fetchParam('return', $site_root, null, false, false); $attr = $this->fetchParam('attr', false); // get old values $old_values = $this->flash->get('update_profile_old_values', array()) + Member::getProfile($username); array_walk_recursive($old_values, function (&$item, $key) { $item = htmlspecialchars($item); }); // set up any data to be parsed into content $data = array('error' => $this->flash->get('update_profile_error', ''), 'success' => $this->flash->get('update_profile_success', ''), 'field_errors' => $this->flash->get('update_profile_field_errors', array()), 'old_values' => $old_values); // set up attributes if ($attr) { $attributes_array = Helper::explodeOptions($attr, true); foreach ($attributes_array as $key => $value) { $attr_string .= ' ' . $key . '="' . $value . '"'; } } // set username in flash $this->flash->set('update_username', $username); // set up form HTML $html = '<form method="post" action="' . Path::tidy($site_root . "/TRIGGER/member/update_profile") . '" ' . $attr_string . '>'; $html .= '<input type="hidden" name="return" value="' . $return . '">'; $html .= '<input type="hidden" name="token" value="' . $this->tokens->create() . '">'; // are we editing someone other than the current user? // security note, the hook for this form will check that the current // user has permissions to edit this user's information if ($username !== $member->get('username')) { $html .= '<input type="hidden" name="username" value="' . $username . '">'; } $html .= Parse::template($this->content, $data); $html .= '</form>'; // return that HTML return $html; }
<?php //login check session_start(); require_once '../classes/Config.class.php'; require_once 'Auth.class.php'; require_once 'AccessException.php'; require_once 'Herstelformulier.class.php'; require_once 'DB.class.php'; $auth = new Auth(false); if (!$auth->isLoggedIn() || !$auth->getUser()->isPersoneel()) { throw new AccessException(); } //aantal per pagina $AANTAL_PER_PAGINA = 20; //paginering stuff $pagina = $_GET['page'] == "" ? 1 : $_GET['page']; $vanaf = ($pagina - 1) * $AANTAL_PER_PAGINA; $paginering = array(); $paginering['current_page'] = $pagina; if ($_GET['waarden'] == "") { $q = "SELECT id FROM herstelformulier"; } else { $velden = json_decode(stripslashes($_GET["velden"])); $waarden = json_decode(stripslashes($_GET["waarden"])); //query opbouwen $q = "SELECT DISTINCT herstelformulier.id FROM herstelformulier INNER JOIN user ON (herstelformulier.userId=user.id) INNER JOIN home ON (herstelformulier.homeId=home.id) LEFT JOIN relatie_herstelformulier_velden ON (herstelformulier.id=relatie_herstelformulier_velden.herstelformulierId)WHERE "; foreach ($waarden as $key => $value) { if (sizeof(explode("|", $velden[$key])) > 1) { $e = explode("|", $velden[$key]); $q .= "(" . $e[0] . " LIKE '%" . $value . "%' OR " . $e[1] . " LIKE '%" . $value . "%') AND ";
public function reset_password_form() { $data = array(); $errors = array(); // parse parameters and vars $attr_string = ''; $site_root = Config::getSiteRoot(); $logged_in_redirect = $this->fetchParam('logged_in_redirect', $this->fetchConfig('member_home', $site_root), null, false, false); $attr = $this->fetchParam('attr', false); $hash = filter_input(INPUT_GET, 'H', FILTER_SANITIZE_URL); // is user already logged in? forward as needed if (Auth::isLoggedIn()) { URL::redirect($logged_in_redirect, 302); } // no hash in URL? if (!$hash) { $errors[] = Localization::fetch('reset_password_url_invalid'); $data['url_invalid'] = true; } if (count($errors) == 0) { // cache file doesn't exist or is too old if (!$this->cache->exists($hash) || $this->cache->getAge($hash) > $this->fetchConfig('reset_password_age_limit') * 60) { $errors[] = Localization::fetch('reset_password_url_expired'); $data['expired'] = true; } // flash errors if ($flash_error = $this->flash->get('reset_password_error')) { $errors[] = $flash_error; } } // set up attributes if ($attr) { $attributes_array = Helper::explodeOptions($attr, true); foreach ($attributes_array as $key => $value) { $attr_string .= ' ' . $key . '="' . $value . '"'; } } // errors $data['errors'] = $errors; // set up form HTML $html = '<form method="post" action="' . Path::tidy($site_root . "/TRIGGER/member/reset_password") . '" ' . $attr_string . '>'; $html .= '<input type="hidden" name="token" value="' . $this->tokens->create() . '">'; $html .= '<input type="hidden" name="hash" value="' . $hash . '">'; $html .= Parse::template($this->content, $data); $html .= '</form>'; // return that HTML return $html; }
<div id="main"> <?new Menu(""); ?> <div id="content" class="normal"> <div class="documentActions"> <ul> <li><a href="javascript:this.print();"><img src="images/print_icon.gif" alt="<?php echo $taal->msg('afdrukken'); ?> " title="<?php echo $taal->msg('afdrukken'); ?> " id="icon-print"/></a></li> </ul> </div> <? if($auth->isLoggedIn()){ //we zijn ingelogd if ($auth->getUser()->isPersoneel()) { // personeel ?> <h1>Statistieken</h1> <p class="disclaimer">Hier vindt u binnenkort de statistieken over deze applicatie.</p> <img src='graphs/tijd_formulier.php' alt='grafiekje'/> <? } } ?> </div> </div> </div> <div class="visualClear"></div> <? new Footer(); ?> </body>
?> </div> <div id="error" style="display:none"><h1><?php echo $taal->msg('fout'); ?> </h1><?php echo $taal->msg('error_melding_evalueren'); ?> </div> <div id="opmerkingvertaling" style="display:none"><?php echo $taal->msg('opmerking'); ?> </div> <div id='beforecontent'> <? if($auth->isLoggedIn()) { if($auth->getUser()->isStudent()) { // Toon listing van alle formulieren die als "gedaan" gemarkeerd zijn en die geevalueerd moeten worden $list = Herstelformulier::getEvaluationList($auth->getUser()->getId()); ?> <h1><?php echo $taal->msg('evaluatie_titel'); ?> </h1> <p class="disclaimer"><?php echo $taal->msg('disclaimer_evaluatie_melding'); ?> </p> <table> <tbody> <tr class="legende">
<script src="js/bootstrap.min.js"></script> </head> <body> <div class="container"> <div class="row"> <h3>Crud Php Pdo + Login</h3> </div> <?php require 'Database.php'; require 'Auth.php'; $pdo = Database::connect(); $auth = new Auth($pdo); ?> <div class="<?php echo $auth->isLoggedIn() ? "loggedIn" : "loggedOut"; ?> "> <?php require 'loginForm.php'; ?> </div> <?php if ($auth->isLoggedIn()) { ?> <div class="row"> <p align="right"> <a href="?logout" class="btn btn-info">Logout</a> </p> <p> <a href="create.php" class="btn btn-success">Create User</a>
<?php require_once 'classes/Taal.class.php'; require_once 'classes/Auth.class.php'; session_start(); $auth = new Auth(false); $taal = $_SESSION['taal']; if ($taal == "nl") { $_SESSION['taal'] = "en"; if ($auth->isLoggedIn() && $auth->getUser()->isStudent()) { $auth->getUser()->setTaal("en"); $auth->getUser()->save(); } } else { $_SESSION['taal'] = "nl"; if ($auth->isLoggedIn() && $auth->getUser()->isStudent()) { $auth->getUser()->setTaal("nl"); $auth->getUser()->save(); } } $vorige = $_GET['vorige']; echo "<meta http-equiv=\"Refresh\" content=\"0; URL=" . $vorige . "\">";
$product = $_REQUEST['f']['product_id']; } $entity = EntityFactory::loadEntity('MeasureRates'); $ratedShippedValue = $entity->getRatedValue($_REQUEST['f']['measure_id'], KG_MEASURE, $product, $_REQUEST['f']['quantity']); } // Проверяем текущий остаток. Обновляем, если есть нужное кол-во товара. $entity = EntityFactory::loadEntity('ProductStored'); $storedProduct = $entity->getOneItem($_REQUEST['f']['id']); $currentReminder = $storedProduct['remainder']; if ($currentReminder < $ratedShippedValue) { $data['is_error'] = true; $data['messages'][] = 'На складе нет столько товара. Текущий остаток: ' . $currentReminder . ' кг.'; } else { $entity->edit(array('id' => $_REQUEST['f']['id'], 'datetime_modified' => strtotime('now'), 'remainder' => $currentReminder - $ratedShippedValue)); // Сохраняем информацию об отгрузке $_REQUEST['f']['user_id'] = Auth::isLoggedIn(); $_REQUEST['f']['datetime'] = strtotime('now'); $_REQUEST['f']['stored_product_id'] = $_REQUEST['f']['id']; $entity = EntityFactory::loadEntity('ProductShipped'); $result = $entity->shipProduct($_REQUEST['f']); if (!$result || is_string($result)) { $errors++; $msg = 'Ошибка отгрузки'; if (is_string($result)) { $msg .= ': ' . $result; } $msg .= '.'; } else { $msg = 'Товар успешно отгружен.'; } if ($errors > 0) {
<?php session_start(); require_once '../classes/Config.class.php'; require_once 'exceptions/BadParameterException.class.php'; require_once 'exceptions/AccessException.php'; require_once 'DB.class.php'; require_once 'Auth.class.php'; $auth = new Auth(false); if (!$auth->isLoggedIn() || !$auth->getUser()->isStudent()) { throw new AccessException(); } $formid = $_POST['formid']; //if (!is_numeric($formid) || $formid < 1) throw new BadParameterException(); $db = DB::getDB(); $statement = $db->prepare("DELETE FROM herstelformulier WHERE id = ?"); $statement->bind_param('i', $formid); $statement->execute(); $statement->close();
/** * Target for the member:profile_form form * * @return void */ public function member__update_profile() { $site_root = Config::getSiteRoot(); $referrer = $_SERVER['HTTP_REFERER']; $return = filter_input(INPUT_POST, 'return', FILTER_SANITIZE_URL); // is user logged in? if (!Auth::isLoggedIn()) { URL::redirect($this->fetchConfig('login_url', $site_root, null, false, false)); } // get current user $member = Auth::getCurrentMember(); // get configurations $allowed_fields = array_get($this->loadConfigFile('fields'), 'fields', array()); $role_definitions = $this->fetchConfig('role_definitions'); // who are we editing? $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING); $username = !$username ? $member->get('username') : $username; // if the user isn't the current user, ensure that's allowed if ($username !== $member->get('username')) { // username is different from current user if (!array_get($role_definitions, 'edit_other_users', null) || !$member->hasRole($role_definitions['edit_other_users'])) { // this user does not have permission to do this $this->flash->set('update_profile_error', 'You are not allowed to edit another member’s profile.'); URL::redirect($referrer); } else { // all set, update member $member = Member::load($username); } } // get old values $old_values = $member->export(); // set up iterators and flags $submission = array(); // loop through allowed fields, validating and updating foreach ($allowed_fields as $field => $options) { if (!isset($_POST[$field])) { // was this username? that can be included separately if ($field === 'username') { $value = $username; } else { // field wasn't set, skip it continue; } } else { // set value $value = filter_input(INPUT_POST, $field, FILTER_SANITIZE_STRING); } // set value $old_values[$field] = $value; // don't store this value if `save_value` is set to `false` if (array_get($options, 'save_value', true)) { $member->set($field, $value); } // add to submissions, including non-save_value fields because this // is the list that will be validated $submission[$field] = $value; } // validate $errors = $this->tasks->validate($submission); if (count($errors)) { // errors were found, set a flash message and redirect $this->flash->set('update_profile_error', 'Member profile not updated.'); $this->flash->set('update_profile_field_errors', $errors); $this->flash->set('update_profile_old_values', $old_values); URL::redirect($referrer); } else { // save member $member->save(); // trigger a hook $this->runHook('profile_update', 'call', null, $member); // user saved $this->flash->set('update_profile_success', 'Member profile updated.'); if ($return) { URL::redirect($return); } else { URL::redirect($referrer); } } }
public function upgrade($version, $authneeded = true) { if ($authneeded) { $auth = new Auth(); if (!$auth->isLoggedIn() || !$auth->isAdmin()) { return "Must be logged in as admin"; } } $path = $_SERVER['DOCUMENT_ROOT'] . $_SERVER['APP_ROOT'] . "library/installer/schemas/update" . $version . ".sql"; if (!file_exists($path)) { return "Schema does not exist"; } $settings = WposAdminSettings::getSettingsObject('general'); if (floatval($settings->version) >= floatval($version)) { return "Db already at the latest version"; } $sql = file_get_contents($path); try { $result = $this->db->_db->exec($sql); /*if ($result===false){ echo $this->db->_db->errorInfo()[0]; }*/ switch ($version) { case "1.0": // set sales type & channel $sql = "UPDATE `sales` SET `type`='sale', `channel`='pos';"; if ($this->db->_db->exec($sql) === false) { return $this->db->_db->errorInfo()[0]; } // set payment dt to process dt and update sales json with extra params $sql = "SELECT * FROM `sales`;"; $sales = $this->db->select($sql, []); foreach ($sales as $sale) { $data = json_decode($sale['data']); $data->id = $sale['id']; $data->balance = 0.0; $data->dt = $sale['dt']; $data->status = $sale['status']; if ($data == false) { die("Prevented null data entry"); } $sql = "UPDATE `sales` SET `data`=:data WHERE `id`=:saleid"; $this->db->update($sql, [":data" => json_encode($data), ":saleid" => $sale['id']]); $sql = "UPDATE `sale_payments` SET `processdt=:processdt WHERE `saleid`=:saleid"; $this->db->update($sql, [":processdt" => $sale['processdt'], ":saleid" => $sale['id']]); } // update config, add google keys WposAdminSettings::putValue('general', 'version', '1.0'); WposAdminSettings::putValue('general', 'gcontact', 0); WposAdminSettings::putValue('general', 'gcontacttoken', ''); WposAdminSettings::putValue('pos', 'priceedit', 'blank'); // copy new templates copy($_SERVER['DOCUMENT_ROOT'] . $_SERVER['APP_ROOT'] . 'docs-template/templates', $_SERVER['DOCUMENT_ROOT'] . $_SERVER['APP_ROOT'] . 'docs/'); break; case "1.1": WposAdminSettings::putValue('general', 'version', '1.1'); break; case "1.2": // update item tax values $sql = "SELECT * FROM `sale_items`;"; $items = $this->db->select($sql, []); foreach ($items as $item) { if (is_numeric($item['tax'])) { $taxdata = new stdClass(); $taxdata->values = new stdClass(); $taxdata->inclusive = true; if ($item['tax'] > 0) { $taxdata->values->{"1"} = $item['tax']; $taxdata->total = $item['tax']; } else { $taxdata->total = 0; } $sql = "UPDATE `sale_items` SET `tax`=:tax WHERE `id`=:id"; $this->db->update($sql, [":tax" => json_encode($taxdata), ":id" => $item['id']]); } else { echo "Item record " . $item['id'] . " already updated, skipping item table update...<br/>"; } } // remove the "notax taxdata field, update gst to id=1" $sql = "SELECT * FROM `sales`;"; $sales = $this->db->select($sql, []); foreach ($sales as $sale) { $needsupdate = false; $data = json_decode($sale['data']); if ($data == false) { die("Prevented null data entry"); } if (isset($data->taxdata->{"1"}) && $data->taxdata->{"1"} == 0) { if (isset($data->taxdata->{"2"})) { $data->taxdata->{"1"} = $data->taxdata->{"2"}; unset($data->taxdata->{"2"}); } else { unset($data->taxdata->{"1"}); } $needsupdate = true; } else { echo "Record " . $sale['id'] . " already updated, skipping sale taxdata update...<br/>"; } foreach ($data->items as $skey => $sitem) { if (is_numeric($sitem->tax)) { $taxdata = new stdClass(); $taxdata->values = new stdClass(); $taxdata->inclusive = true; if ($sitem->tax > 0) { $taxdata->values->{"1"} = $sitem->tax; $taxdata->total = $sitem->tax; } else { $taxdata->total = 0; } $data->items[$skey]->tax = $taxdata; $needsupdate = true; } else { echo "Item record " . $sale['id'] . " already updated, skipping sale itemdata update...<br/>"; } } if ($needsupdate) { $sql = "UPDATE `sales` SET `data`=:data WHERE `id`=:saleid"; $this->db->update($sql, [":data" => json_encode($data), ":saleid" => $sale['id']]); } } // update stored item schema $sql = "SELECT * FROM `stored_items`;"; $items = $this->db->select($sql, []); $error = false; foreach ($items as $item) { if ($item['data'] == "") { $id = $item['id']; unset($item['id']); $item['type'] = "general"; $item['modifiers'] = new stdClass(); $data = json_encode($item); if ($data != false) { $sql = "UPDATE `stored_items` SET `data`=:data WHERE `id`=:id"; if (!$this->db->update($sql, [":data" => $data, ":id" => $id])) { $error = true; } } } } if (!$error) { $sql = "ALTER TABLE `stored_items` DROP `qty`, DROP `description`, DROP `taxid`;"; $this->db->update($sql, []); } // update devices schema $sql = "SELECT * FROM `devices`;"; $devices = $this->db->select($sql, []); foreach ($devices as $device) { if ($device['data'] == "") { $data = new stdClass(); $data->name = $device['name']; $data->locationid = $device['locationid']; $data->type = "general_register"; $data->ordertype = "terminal"; $data->orderdisplay = 1; $data->kitchenid = 0; $data = json_encode($data); if ($data != false) { $sql = "UPDATE `devices` SET `data`=:data WHERE `id`=:id"; $this->db->update($sql, [":data" => $data, ":id" => $device['id']]); } } else { echo "Device record " . $device['id'] . " already updated, skipping sale itemdata update...<br/>"; } } WposAdminSettings::putValue('general', 'currencyformat', '$~2~.~,~0'); WposAdminSettings::putValue('general', 'version', '1.2'); } // restart node server $socket = new WposSocketControl(); $socket->restartSocketServer(['error' => 'OK']); return "Update Completed Successfully!"; } catch (Exception $e) { echo $this->db->_db->errorInfo()[0]; return $e->getMessage(); } }
/** * Does the current member have access to a given $url? * * @param string $url URL to check * @return boolean * @throws Exception */ public function hasAccess($url = null) { // load data for the given $url $data = Content::get($url); if (!isset($data['_protect']) || !$data['_protect']) { return true; } // grab the protection scheme $scheme = $data['_protect']; // determine URLs $login_url = URL::prependSiteRoot(array_get($scheme, 'login_url', $this->fetchConfig('login_url', '/', null, false, false))); $no_access_url = URL::prependSiteRoot(array_get($scheme, 'no_access_url', $this->fetchConfig('no_access_url', '/', null, false, false))); $password_url = URL::prependSiteRoot(array_get($scheme, 'password_form_url', $this->fetchConfig('password_url', '/', null, false, false))); // support external log-in systems $require_member = array_get($scheme, 'require_member', $this->fetchConfig('require_member', true, null, true, false)); $return_variable = array_get($scheme, 'return_variable', $this->fetchConfig('return_variable', 'return', null, false, false)); $use_full_url = array_get($scheme, 'use_full_url', $this->fetchConfig('use_full_url', false, null, true, false)); // get the current URL $current_url = $use_full_url ? URL::tidy(Config::getSiteURL() . '/' . URL::getCurrent()) : URL::getCurrent(); // append query string if (!empty($_GET)) { $current_url .= '?' . http_build_query($_GET, '', '&'); } // store if we've matched $match = false; if (isset($scheme['password'])) { // this is a password-check // get the form URL $form_url = array_get($scheme['password'], 'form_url', Helper::pick($password_url, $no_access_url)); // check for passwords if (!$this->evaluatePassword($url)) { URL::redirect(URL::appendGetVariable($form_url, $return_variable, $current_url), 302); exit; } // we're good return true; } elseif (isset($scheme['ip_address'])) { // this is an IP-address-check if (!$this->evaluateIP($url)) { URL::redirect($no_access_url, 302); exit; } } else { try { // are we going to allow or deny people? if (isset($scheme['allow']) && is_array($scheme['allow'])) { $type = 'allow'; $rules = $scheme['allow']; } elseif (isset($scheme['deny']) && is_array($scheme['deny'])) { $type = 'deny'; $rules = $scheme['deny']; } else { throw new Exception('The `_protect` field is set for [' . $data['url'] . '](' . $data['url'] . '), but the configuration given could not be parsed. For caution’s sake, *everyone* is being blocked from this content.'); } // if $require_member is true, do a check up-front to see if // this user is currently logged in if ($require_member && !Auth::isLoggedIn()) { URL::redirect(URL::appendGetVariable($login_url, $return_variable, $current_url), 302); exit; } // parse the rules foreach ($rules as $key => $value) { if ($this->tasks->evaluateRule($key, $value)) { $match = true; break; } } // send to no access page if user didn't match and needed to, or did and shouldn't have if (!$match && $type === 'allow' || $match && $type === 'deny') { URL::redirect($no_access_url, 302); exit; } } catch (\Slim\Exception\Stop $e) { throw $e; } catch (Exception $e) { // something has gone wrong, log the message Log::error($e->getMessage(), "api", "security"); // always return false URL::redirect($no_access_url, 302); } } }
/** * Evaluates a rule * * @param string $rule Type of rule * @param mixed $value Value to evaluate for the rule * @return bool */ public function evaluateRule($rule, $value) { $member = Auth::isLoggedIn() ? Auth::getCurrentMember() : new Member(array()); if ($rule === '_any') { // this is an "any" grouping foreach ($value as $sub_rule) { reset($sub_rule); $key = key($sub_rule); if ($this->evaluateRule(key($sub_rule), $sub_rule[$key])) { return true; } } return false; } elseif ($rule === '_none') { // this is a "none" grouping foreach ($value as $sub_rule) { reset($sub_rule); $key = key($sub_rule); if ($this->evaluateRule(key($sub_rule), $sub_rule[$key])) { return false; } } return true; } elseif ($rule === '_all') { // this is an "all" grouping foreach ($value as $sub_rule) { reset($sub_rule); $key = key($sub_rule); if (!$this->evaluateRule(key($sub_rule), $sub_rule[$key])) { return false; } } return true; } elseif ($rule === '_addon') { // this is an add-on API call // grab add-on definition $method = array_get($value, 'method', null); $comparison = array_get($value, 'comparison', '=='); $parameters = array_get($value, 'parameters', array()); $error = array_get($value, 'error', null); $value = array_get($value, 'value', null); // split method $method_parts = explode(':', $method, 2); // were definitions valid? if (!$method || count($method_parts) !== 2 || !is_array($parameters)) { return false; } // load API try { $api = Resource::loadAPI($method_parts[0]); // can this method be called? if (!is_callable(array($api, $method_parts[1]), false)) { return false; } // get the result of calling the method $result_value = call_user_func_array(array($api, $method_parts[1]), $parameters); // now compare the expected value with the actual value $result = $this->compareValues($value, $result_value, $comparison); // set optional user error if (!$result && $error) { $this->flash->set('error', $error); } return $result; } catch (Exception $e) { // something went wrong, this fails rd($e->getMessage()); return false; } } elseif ($rule === '_field') { // this is a complex field match // grab field definitions $field = array_get($value, 'field', null); $comparison = array_get($value, 'comparison', '=='); $value = array_get($value, 'value', null); // were definitions valid? if (!$field) { return false; } return $this->compareValues($value, $member->get($field, null), $comparison); } elseif ($rule === '_logged_in') { // this is checking if member is logged in return Auth::isLoggedIn() === $value; } elseif ($rule === '_ip_address') { // this is one or more IP address return $this->compareValues(Helper::ensureArray($value), Request::getIP(), '=='); } else { // this is a simple field match return $this->compareValues($value, $member->get($rule, null), '=='); } }
<?php if (!Auth::isLoggedIn()) { // user is not logged in ?> <aside class="wrapper-signin hidden-xs"> <div class="remove-signin"> <span class="glyphicon glyphicon-remove" aria-hidden="true"></span> </div> <button id="switch-signin" class="btn btn-sm btn-default"><?php echo I18n::t('text.signin'); ?> </button> <form class="form-signin" action="<?php echo ROOT_DIR; ?> login" method="post"> <h2 class="form-signin-heading"><?php echo I18n::t('text.signin'); ?> </h2> <label for="inputEmail" class="sr-only"><?php echo I18n::t('text.email'); ?> </label> <input name="email" type="email" id="inputEmail" class="form-control" placeholder="<?php echo I18n::t('text.email'); ?> " required="" autofocus=""> <label for="inputPassword" class="sr-only"><?php
//SCRIPT FILES declarations define('SPT_FUNCTION_BASE', DIR_AJAX_INC . 'function.base.php'); //include different config base file according to query string "config" $configBaseFileName = 'config.base.php'; if (CONFIG_QUERY_STRING_ENABLE && !empty($_GET['config']) && file_exists(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'config.' . secureFileName($_GET['config']) . ".php") { $configBaseFileName = 'config.' . secureFileName($_GET['config']) . ".php"; } require_once dirname(__FILE__) . DIRECTORY_SEPARATOR . $configBaseFileName; require_once DIR_AJAX_LANGS . CONFIG_LANG_DEFAULT . ".php"; require_once DIR_AJAX_INC . "function.base.php"; require_once dirname(__FILE__) . DIRECTORY_SEPARATOR . "class.session.php"; $session = new Session(); $auth = new Auth(); if (CONFIG_ACCESS_CONTROL_MODE == 1) { //access control enabled if (!$auth->isLoggedIn() && strtolower(basename($_SERVER['PHP_SELF']) != strtolower(basename(CONFIG_LOGIN_PAGE)))) { // header('Location: ' . appendQueryString(CONFIG_LOGIN_PAGE, makeQueryString())); exit; } } addNoCacheHeaders(); //URL Declartions define('CONFIG_URL_IMAGE_PREVIEW', 'ajax_image_preview.php'); define('CONFIG_URL_CREATE_FOLDER', 'ajax_create_folder.php'); define('CONFIG_URL_DELETE', 'ajax_delete_file.php'); define('CONFIG_URL_HOME', 'ajaxfilemanager.php'); define("CONFIG_URL_UPLOAD", 'ajax_file_upload.php'); define('CONFIG_URL_PREVIEW', 'ajax_preview.php'); define('CONFIG_URL_SAVE_NAME', 'ajax_save_name.php'); define('CONFIG_URL_IMAGE_EDITOR', 'ajax_image_editor.php');
public function moveToDcCells($request) { $data = array(); foreach ($request['products'] as $moveProduct) { $errors = 0; $moveProduct['user_id'] = Auth::isLoggedIn(); $entity = EntityFactory::loadEntity('ProductsFactored'); $moveProduct['product_factored_id'] = $entity->getFactoredProduct($moveProduct['product_id'], $moveProduct['products_part']); // Пересчитываем кол-во в килограммы. Все остатки хранятся в кг. $entity = EntityFactory::loadEntity('MeasureRates'); $quantityKg = $moveProduct['quantity']; if ($moveProduct['measure_id'] != KG_MEASURE) { if ($moveProduct['measure_id'] == GM_MEASURE || $moveProduct['measure_id'] == TN_MEASURE) { $product = 0; } else { $product = $moveProduct['product_id']; } $quantityKg = $entity->getRatedValue($moveProduct['measure_id'], KG_MEASURE, $product, $moveProduct['quantity']); } $entity = EntityFactory::loadEntity('Remainders', 'dc'); $currentRemainder = $entity->getCurrentRemainder($moveProduct['product_factored_id'], $moveProduct['dc_id']); if ($currentRemainder < $quantityKg) { $errors++; $msg = 'Ошибка перемещения. Доступный остаток: ' . $currentRemainder . 'кг.'; } if ($errors == 0) { $entity = EntityFactory::loadEntity('DcCells'); $freeArea = $entity->getCellFreeArea($moveProduct['dc_cell_id']); // Получаем кол-во поддонов на основании остатков. Остаток всегда в кг $entity = EntityFactory::loadEntity('MeasureRates'); $m2 = ceil($entity->getRatedValue(KG_MEASURE, P_MEASURE, $moveProduct['product_id'], $quantityKg)); if ($freeArea < $m2) { $errors++; $msg = 'Ошибка перемещения. Недостаточно свободного места. (Свободно: ' . $freeArea . 'м²)'; } } if ($errors == 0) { $entity = EntityFactory::loadEntity('Remainders', 'dc'); $result = $entity->decreaseReminder($moveProduct); if (!$result) { $errors++; $msg = 'Ошибка перемещения.'; } else { $entity = EntityFactory::loadEntity('Remainders', 'dcCells'); $result = $entity->increaseReminder($moveProduct); if (!$result) { $errors++; $msg = 'Ошибка перемещения.'; } else { $msg = $moveProduct['quantity'] . ' '; $msg .= $moveProduct['measure_short_title'] . ' '; $msg .= $moveProduct['product_title'] . ' [' . $moveProduct['group_title'] . '] '; $msg .= 'успешно перемещено в '; $cellTitle = substr($moveProduct['dc_cell_title'], 0, strpos($moveProduct['dc_cell_title'], ' (')); $msg .= $cellTitle . ' [' . $moveProduct['dc_store_title'] . '] '; } } } if ($errors > 0) { $data['is_error'] = true; } else { $data['is_error'] = false; } $data['messages'][] = $msg; } return $data; }