public function testSetCurrentUser() { $this->assertEmpty($this->object->getGroups()); $this->assertEmpty($this->object->getUserId()); $this->assertEmpty($this->object->getUserName()); $this->object->setCurrentUser(1, 'test', array('x1', 'x2')); $this->assertEquals(1, $this->object->getUserId()); $this->assertEquals('test', $this->object->getUserName()); $this->assertEquals(array('x1', 'x2'), $this->object->getGroups()); $this->object->setCurrentUser(2, 'other test', array('a', 'b', 'c')); $this->assertEquals(2, $this->object->getUserId()); $this->assertEquals('other test', $this->object->getUserName()); $this->assertEquals(array('a', 'b', 'c'), $this->object->getGroups()); }
public static function Create($p_sessionId, &$p_objectId, $p_objectTypeId = null, $p_userId = null, $p_updateStats = false) { if (empty($p_sessionId)) { throw new SessionIdNotSet(); } $session = new Session($p_sessionId); if (!$session->exists()) { $sessionParams = array('start_time' => strftime("%Y-%m-%d %T")); if (!empty($p_userId)) { $sessionParams['user_id'] = $p_userId; } $session->create($sessionParams); } $sessionUserId = $session->getUserId(); if (!empty($p_userId) && !empty($sessionUserId) && $sessionUserId != $p_userId) { throw new InvalidUserId(); } $requestObject = new RequestObject($p_objectId); if (!$requestObject->exists()) { if (empty($p_objectTypeId)) { throw new ObjectTypeIdNotSet(); } $requestObject->create(array('object_type_id' => $p_objectTypeId)); $p_objectId = $requestObject->getObjectId(); } elseif (empty($p_objectId)) { throw new ObjectIdNotSet(); } if ($p_updateStats) { self::UpdateStats($p_sessionId, $p_objectId); } }
function new_form($params) { if (!$params['project_id']) { bail('Required parameter "project_id" is missing.'); } $project = new Project($params['project_id']); $this->options = array('project_id' => $project->id, 'title' => $project->getName()); $this->data = new Hour(); $this->data->set(array('staff_id' => Session::getUserId(), 'date' => date('Y-m-d'))); }
function show($params) { $params['id'] ? $this->data->contract = new SupportContract($params['id']) : Bail('required parameter $params["id"] missing.'); $this->data->new_hour = new Hour(); $this->data->new_hour->set(array('staff_id' => Session::getUserId(), 'date' => date('Y-m-d'), 'support_contract_id' => $params['id'])); $this->data->new_charge = new Charge(); $this->data->new_charge->set(array('date' => date('Y-m-d'), 'company_id' => $this->data->contract->get('company_id'))); $this->data->hours = $this->data->contract->getHours(array_merge(array('sort' => 'date DESC'), $this->search_params('hour_search'))); $this->data->total_hours_this_month = $this->data->contract->getTotalHours(array('date_range' => array('start_date' => Util::start_date_of_current_month(), 'end_date' => Util::end_date_of_current_month()))); $this->data->billable_hours_this_month = $this->data->contract->getBillableHours(array('date_range' => array('start_date' => Util::start_date_of_current_month(), 'end_date' => Util::end_date_of_current_month()))); }
function show($params) { if (!$params['id']) { bail('Required $params["id"] not present.'); } $d = $this->data; $d->hour = new Hour($params['id']); $d->support_contract = new SupportContract($d->hour->get('support_contract_id')); $d->support_hours = Hour::getMany(array('support_contract_id' => $d->support_contract->id, 'sort' => 'date DESC')); $d->new_hour = new Hour(); $d->new_hour->set(array('support_contract_id' => $d->support_contract->id, 'staff_id' => Session::getUserId(), 'date' => date('Y-m-d'))); }
public function isAuthorized() { $action = $this->request->param('action'); $role = Session::getUserRole(); $resource = "files"; //only for admins Permission::allow('admin', $resource, ['*']); //only for normal users Permission::allow('user', $resource, ['index', 'getAll', 'create']); Permission::allow('user', $resource, ['delete'], 'owner'); $fileId = Encryption::decryptIdWithDash($this->request->data("file_id")); $config = ["user_id" => Session::getUserId(), "table" => "files", "id" => $fileId]; return Permission::check($role, $resource, $action, $config); }
function show($params) { if (!$params['id']) { bail('Required parameter "id" is not present.'); } $d = $this->data; $d->estimate = new Estimate($params['id']); $d->project = new Project($d->estimate->get('project_id')); $d->new_hour = new Hour(); $d->new_hour->set(array('estimate_id' => $params['id'], 'staff_id' => Session::getUserId(), 'date' => date('Y-m-d'))); $d->new_estimate = new Estimate(); $d->new_estimate->set(array('project_id' => $d->project->id)); $d->estimates = $d->project->getEstimates(); $d->hours = getMany('Hour', array('estimate_id' => $params['id'], 'sort' => 'date DESC')); }
/** * Comprobar si el usuario tiene actualizada la clave maestra actual. * * @param string $login opcional con el login del usuario * @return bool */ public static function checkUserUpdateMPass($login = null) { $userId = !is_null($login) ? UserUtil::getUserIdByLogin($login) : Session::getUserId(); if ($userId === 0) { return false; } $configMPassTime = ConfigDB::getValue('lastupdatempass'); if ($configMPassTime === false) { return false; } $query = 'SELECT user_lastUpdateMPass FROM usrData WHERE user_id = :id LIMIT 1'; $data['id'] = $userId; $queryRes = DB::getResults($query, __FUNCTION__, $data); $ret = $queryRes !== false && $queryRes->user_lastUpdateMPass > $configMPassTime; return $ret; }
public function isAuthorized() { $action = $this->request->param('action'); $role = Session::getUserRole(); $resource = "todo"; // only for admins Permission::allow('admin', $resource, ['*']); // only for normal users Permission::allow('user', $resource, ['delete'], 'owner'); $todoId = $this->request->data("todo_id"); if (!empty($todoId)) { $todoId = Encryption::decryptIdWithDash($todoId); } $config = ["user_id" => Session::getUserId(), "table" => "todo", "id" => $todoId]; return Permission::check($role, $resource, $action, $config); }
function show($params = array()) { if (!isset($params['id']) || !$params['id']) { $staff_members = getAll('Staff'); if (!isset($params['start_date']) || !isset($params['end_date'])) { $hours_criteria = array('current_week' => true); $this->data->dates = array('start_date' => date('Y-m-d', strtotime('last Sunday')), 'end_date' => date('Y-m-d', strtotime('next Sunday'))); } else { $hours_criteria = array('hour_search' => array('start_date' => $params['start_date'], 'end_date' => $params['end_date'])); $this->data->dates = array('start_date' => $params['start_date'], 'end_date' => $params['end_date']); } foreach ($staff_members as $staff) { if (!$staff->get('active')) { continue; } if (!isset($this->data->billable_hours_this_week)) { $this->data->staff = array(); $this->data->billable_hours_this_week = array(); } if (!isset($this->data->total_hours_this_week)) { $this->data->staff = array(); $this->data->total_hours_this_week = array(); } $this->data->staff[$staff->get('id')] = $staff->getName(); $this->data->billable_hours_this_week[$staff->get('id')] = $staff->getBillableHoursTotal($hours_criteria); $this->data->total_hours_this_week[$staff->get('id')] = $staff->getHoursTotal($hours_criteria); } } else { $this->data->active_projects = getMany('Project', array('active' => true)); $staff = new Staff($params['id']); $this->data->staff = $staff; $this->data->staff_hours = $staff->getHours(); $hours_criteria = array('current_month' => true); $this->data->hours_this_month = $staff->getHoursTotal($hours_criteria); $this->data->billable_hours_this_month = $staff->getBillableHoursTotal($hours_criteria); $hours_criteria = array('current_week' => true); $this->data->hours_this_week = $staff->getHoursTotal($hours_criteria); $this->data->billable_hours_this_week = $staff->getBillableHoursTotal($hours_criteria); $this->data->new_project = new Project(); $this->data->new_project->set(array('staff_id' => Session::getUserId())); $this->data->new_support_hour = new Hour(); $this->data->new_support_hour->set(array('staff_id' => Session::getUserId(), 'date' => date('Y-m-d'))); $this->data->graph = array('staff' => $staff->id, 'call' => 'overview'); } }
function show($params) { if (empty($params['id'])) { bail('No company selected.'); } $this->data->company = new Company($params['id']); $user_id = Session::getUserId(); $p = new Project(); $p->set(array('company_id' => $params['id'], 'staff_id' => $user_id)); $this->data->new_project = $p; $this->data->new_note = new Note(); $this->data->new_note->set(array('date' => date('Y-m-d'), 'staff_id' => Session::getUserId(), 'company_id' => $params['id'])); $this->data->new_charge = new Charge(); $this->data->new_charge->set(array('date' => date('Y-m-d'), 'company_id' => $params['id'])); $this->data->new_payment = new Payment(); $this->data->new_payment->set(array('date' => date('Y-m-d'), 'company_id' => $params['id'])); $this->data->new_invoice = new Invoice(); $this->data->new_invoice->set(array('company_id' => $params['id'])); $this->data->new_contact = new Contact(); $this->data->new_contact->set(array('company_id' => $params['id'])); }
/** * Private constructor. Ensures there is always a owner group and user. * * @internal * * @param string $environment (optional) * @param array $context */ private function __construct($environment = '', array $context = []) { $this->setEnvironment($environment, $context); $this->handlers = Application::getAuthorizationHandlers(); foreach ($this->handlers as $handler) { $handler->handleContext($this->context); } // make sure, we always have user and group id of the owner if (!isset($this->context['request_user_id'])) { $this->context['request_user_id'] = Session::getUserId(); } if (isset($this->context['request_user_id'])) { $this->isLoggedIn = $this->context['request_user_id'] > 0; } if (!isset($this->context['owner_user_id'])) { $this->context['owner_user_id'] = -1; } if (!isset($this->context['owner_group_id'])) { $this->context['owner_group_id'] = -1; } }
<?php $notifications = $this->controller->user->getNotifications(Session::getUserId()); $newsfeed = $posts = $files = ""; foreach ($notifications as $notification) { if ($notification["count"] > 0) { // $$notification["target"] = $notification["count"]; // DEPRECATED IN PHP 7 ${$notification["target"]} = $notification["count"]; } } $info = $this->controller->user->getProfileInfo(Session::getUserId()); ?> <!-- Navigation --> <nav class="navbar navbar-default navbar-static-top" role="navigation" style="margin-bottom: 0"> <div class="navbar-header"> <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> </div> <!-- /.navbar-header --> <ul class="nav navbar-top-links navbar-right"> <li class="dropdown"> <a class="dropdown-toggle" data-toggle="dropdown" href="#"> Hello,<strong> <?php echo $info["name"];
/** * validate CSRF token * CSRF token can be passed with submitted forms and links associated with sensitive server-side operations. * * In case of GET request, you need to set 'validateCsrfToken' in $config to true. * * @param array $config configuration data * @return boolean */ public function CsrfToken($config = []) { $userToken = null; if ($this->request->isPost()) { $userToken = $this->request->data('csrf_token'); } else { $userToken = $this->request->query('csrf_token'); } if (empty($userToken) || $userToken !== Session::getCsrfToken()) { Logger::log("CSRF Attack", "User: "******" provided invalid CSRF Token " . $userToken, __FILE__, __LINE__); return false; } return $userToken === Session::getCsrfToken(); }
/** * logout * */ public function logOut() { $this->login->logOut(Session::getUserId()); Redirector::login(); }
public function isAuthorized() { $action = $this->request->param('action'); $role = Session::getUserRole(); $resource = "posts"; //only for admins Permission::allow('admin', $resource, ['*']); //only for normal users Permission::allow('user', $resource, ['index', 'view', 'newPost', 'getAll', 'getById', 'create']); Permission::allow('user', $resource, ['update', 'delete', 'getUpdateForm'], 'owner'); $postId = $this->request->data("post_id"); $config = ["user_id" => Session::getUserId(), "table" => "posts", "id" => $postId]; return Permission::check($role, $resource, $action, $config); }
/** * Obtener el tema visual del usuario * * @return string */ private function getUserTheme() { return Session::getUserId() > 0 ? UserPreferences::getPreferences(Session::getUserId())->getTheme() : ''; }
of the authors and should not be interpreted as representing official policies, either expressed or implied, of the NAS4Free Project. */ // Configure page permission $pgperm['allowuser'] = TRUE; require "auth.inc"; require "guiconfig.inc"; require "email.inc"; $pgtitle = array(gettext("System"), gettext("Password")); if (!isset($config['access']['user']) || !is_array($config['access']['user'])) { $config['access']['user'] = array(); } $a_user =& $config['access']['user']; // Get user configuration. Ensure current logged in user is available, // otherwise exit immediatelly. if (FALSE === ($cnid = array_search_ex(Session::getUserId(), $a_user, "id"))) { header('Location: logout.php'); exit; } if ($_POST) { unset($input_errors); $reqdfields = explode(" ", "password_old password_new password_confirm"); $reqdfieldsn = array(gettext("Old password"), gettext("Password"), gettext("Password (confirmed)")); $reqdfieldst = explode(" ", "password password password"); do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); do_input_validation_type($_POST, $reqdfields, $reqdfieldsn, $reqdfieldst, $input_errors); // Validate old password. if ($_POST['password_old'] !== $a_user[$cnid]['password']) { $input_errors[] = gettext("The old password is not correct."); } // Validate new password.
public function isAuthorized() { $action = $this->request->param('action'); $role = Session::getUserRole(); $resource = "posts"; // only for admins Permission::allow('admin', $resource, ['*']); // only for normal users Permission::allow('user', $resource, ['index', 'view', 'newPost', 'create']); Permission::allow('user', $resource, ['update', 'delete'], 'owner'); $postId = $action === "delete" ? $this->request->param("args")[0] : $this->request->data("post_id"); if (!empty($postId)) { $postId = Encryption::decryptId($postId); } $config = ["user_id" => Session::getUserId(), "table" => "posts", "id" => $postId]; return Permission::check($role, $resource, $action, $config); }
/** * send email to admin for reporting any bugs, features, or enhancement * */ public function reportBug() { $subject = $this->request->data("subject"); $label = $this->request->data("label"); $message = $this->request->data("message"); $result = $this->user->reportBug(Session::getUserId(), $subject, $label, $message); if (!$result) { echo $this->view->renderErrors($this->user->errors()); } else { echo $this->view->renderSuccess("Email has been sent successfully, We will consider your report."); } }
/** * Escribir un nuevo evento en el registro de eventos * * @param bool $resetDescription Restablecer la descripción * @return bool */ public function writeLog($resetDescription = false) { if (defined('IS_INSTALLER') && IS_INSTALLER === 1) { error_log('Action: ' . $this->getAction() . ' -- Description: ' . $this->getDescription()); } if (!Util::logIsEnabled()) { return false; } $query = 'INSERT INTO log SET ' . 'log_date = UNIX_TIMESTAMP(),' . 'log_login = :login,' . 'log_userId = :userId,' . 'log_ipAddress = :ipAddress,' . 'log_action = :action,' . 'log_description = :description'; $data['login'] = Session::getUserLogin(); $data['userId'] = Session::getUserId(); $data['ipAddress'] = $_SERVER['REMOTE_ADDR']; $data['action'] = $this->getAction(); $data['description'] = $this->getDescription(); if ($resetDescription === true) { $this->resetDescription(); } return DB::getQuery($query, __FUNCTION__, $data); }
/** * Migrar los usuarios desde desde phpPMS. * * @throws SPException * @return array resultado */ private static function migrateUsers() { $query = 'SELECT intUserId,' . 'vacUName,' . 'intUGroupFid,' . 'vacULogin,' . 'vacUPassword,' . 'vacUEmail,' . 'txtUNotes,' . 'intUCount,' . 'intUProfile,' . 'datULastLogin,' . 'blnIsAdminApp,' . 'blnIsAdminAcc,' . 'vacUserMPwd,' . 'vacUserMIv,' . 'datULastUpdate,' . 'datUserLastUpdateMPass,' . 'blnFromLdap,' . 'blnDisabled ' . 'FROM users ' . 'WHERE intUserId <> ' . Session::getUserId(); $totalRecords = 0; $num = 0; try { foreach (self::$_dbc->query($query) as $row) { if (self::insertUsers($row)) { $num++; } $totalRecords++; } } catch (\PDOException $e) { throw new SPException(SPException::SP_CRITICAL, _('Error al obtener los usuarios'), self::$_dbc->error); } $log = new Log(_('Importar Usuarios')); $log->addDescription('OK'); $log->addDescription(_('Registros') . ': ' . $num . '/' . $totalRecords); $log->writeLog(); }
<div dir='auto' class="panel-heading"> <?php if (Session::getUserId() === (int) $post["user_id"] || Session::getUserRole() === "admin") { ?> <div class="pull-right"> <a href="<?php echo PUBLIC_ROOT . "Posts/View/" . urlencode(Encryption::encryptId($post["id"])) . "?action=update"; ?> "> <button type="button" class="btn btn-default btn-circle edit"><i class="fa fa-pencil"></i></button> </a> <a href="<?php echo PUBLIC_ROOT . "Posts/delete/" . urlencode(Encryption::encryptId($post["id"])) . "?csrf_token=" . urlencode(Session::generateCsrfToken()); ?> "> <button type="button" class="btn btn-danger btn-circle delete"><i class="fa fa-times"></i></button> </a> </div> <?php } ?> <h5><?php echo $post["title"]; ?> </h5> </div> <div class="panel-body"> <div class="row"> <div class="col-lg-12">
function new_form($params) { $this->data->bookmark = new Bookmark(); $this->data->bookmark->set(array('staff_id' => Session::getUserId(), 'source' => $params['source'], 'description' => $params['description'])); }
/** * delete a user * */ public function deleteUser() { $userId = Encryption::decryptIdWithDash($this->request->data("user_id")); if (!$this->user->exists($userId)) { return $this->error(404); } $this->admin->deleteUser(Session::getUserId(), $userId); $this->view->renderJson(array("success" => true)); }
/** * Checks if user is logged in or not. * It uses Session and Cookies to validate the current user. * * @access public * @static static method * @return boolean * */ private function loggedIn() { if (Session::isSessionValid($this->request->clientIp(), $this->request->userAgent())) { return true; } if (Cookie::isCookieValid()) { //get role from user class, because cookies don't store roles $role = $this->controller->user->getProfileInfo(Cookie::getUserId())["role"]; Session::reset(["user_id" => Cookie::getUserId(), "role" => $role, "ip" => $this->request->clientIp(), "user_agent" => $this->request->userAgent()]); //reset cookie, Cookie token is usable only once Cookie::reset(Session::getUserId()); return true; } return false; }
/** * Añadir una cuenta desde un archivo importado. * * @return bool */ protected function addAccount() { if (is_null($this->getUserId()) || $this->getUserId() === 0) { $this->setUserId(Session::getUserId()); } if (is_null($this->getUserGroupId()) || $this->getUserGroupId() === 0) { $this->setUserGroupId(Session::getUserGroupId()); } $account = new Account(); $account->setAccountName($this->getAccountName()); $account->setAccountCustomerId($this->getCustomerId()); $account->setAccountCategoryId($this->getCategoryId()); $account->setAccountLogin($this->getAccountLogin()); $account->setAccountUrl($this->getAccountUrl()); $account->setAccountPass($this->getAccountPass()); $account->setAccountIV($this->getAccountPassIV()); $account->setAccountNotes($this->getAccountNotes()); $account->setAccountUserId($this->getUserId()); $account->setAccountUserGroupId($this->getUserGroupId()); return $account->createAccount(); }
public function isAuthorized() { $action = $this->request->param('action'); $role = Session::getUserRole(); $resource = "newsfeed"; // only for admins Permission::allow('admin', $resource, ['*']); // only for normal users Permission::allow('user', $resource, ['index', 'getAll', 'getById', 'create']); Permission::allow('user', $resource, ['update', 'delete', 'getUpdateForm'], 'owner'); $newsfeedId = $this->request->data("newsfeed_id"); if (!empty($newsfeedId)) { $newsfeedId = Encryption::decryptIdWithDash($newsfeedId); } $config = ["user_id" => Session::getUserId(), "table" => "newsfeed", "id" => $newsfeedId]; return Permission::check($role, $resource, $action, $config); }
/** * send email to admin for reporting any bugs, features, or enhancement * */ public function reportBug() { $subject = $this->request->data("subject"); $label = $this->request->data("label"); $message = $this->request->data("message"); $result = $this->user->reportBug(Session::getUserId(), $subject, $label, $message); if (!$result) { Session::set('report-bug-errors', $this->user->errors()); } else { Session::set('report-bug-success', "Email has been sent successfully, We will consider your report."); } return $this->redirector->root("User/Bugs"); }
/** * Crear el nodo con metainformación del archivo XML * * @throws SPException */ private function createMeta() { try { $nodeMeta = $this->_xml->createElement('Meta'); $metaGenerator = $this->_xml->createElement('Generator', 'sysPass'); $metaVersion = $this->_xml->createElement('Version', implode('.', Util::getVersion())); $metaTime = $this->_xml->createElement('Time', time()); $metaUser = $this->_xml->createElement('User', Session::getUserLogin()); $metaUser->setAttribute('id', Session::getUserId()); $metaGroup = $this->_xml->createElement('Group', Session::getUserGroupName()); $metaGroup->setAttribute('id', Session::getUserGroupId()); $nodeMeta->appendChild($metaGenerator); $nodeMeta->appendChild($metaVersion); $nodeMeta->appendChild($metaTime); $nodeMeta->appendChild($metaUser); $nodeMeta->appendChild($metaGroup); $this->_root->appendChild($nodeMeta); } catch (\DOMException $e) { throw new SPException(SPException::SP_WARNING, $e->getMessage(), __FUNCTION__); } }