/**
* export/download top 10 player into pdf
* role: administrator
*/
public function get_player_top_10()
{
if (authenticate::is_authorized()) {
$model_report = new ReportGenerator();
$model_leaderboard = Leaderboard::getInstance();
$model_report->get_report_top_10($model_leaderboard->get_top10_ranking());
$model_report->print_report();
} else {
transport("administrator");
}
}
/**
* Форма фхода в админку
* @access protected
*/
public function admin()
{
$args = request::get(array('user', 'secret'));
$data = array('LC' => LC::get());
try {
if (!empty($args)) {
authenticate::login();
}
} catch (Exception $e) {
dbg::write($e->getMessage(), LOG_PATH . 'adm_access.log');
$data['errors'] = $e->getMessage();
}
if (!authenticate::is_logged()) {
$tmpl = new tmpl($this->pwd() . 'login.html');
response::send($tmpl->parse($data), 'html');
} else {
response::redirect('/xxx/');
}
}
if (!value_present($password)) {
$message['password'] = "******";
}
//if no message found
if (empty($message)) {
$message['activate'] = '';
$query = "SELECT * from user WHERE user_name = '{$user_name}'";
$result = mysqli_query($connection, $query);
if ($row = mysqli_fetch_assoc($result)) {
//encrypting password
$password = md5($password . md5($row['user_name']));
if ($password == $row["password"] && isset($row['activate'])) {
// Decalring session id which is used to track user information.
$_SESSION['id'] = $row['id'];
$_SESSION['role_id'] = $row['role_id'];
$acl = new authenticate();
// Storing action ids and resource ids of the current user.
$_SESSION['data'] = $acl->privilege_assigned($row['role_id']);
$message['login'] = '******';
if (0 == $row['admin']) {
$message['login_as_user'] = '******';
} else {
$_SESSION['admin'] = 'yes';
}
} else {
if ($password != $row["password"]) {
$message['password'] = "******";
} else {
if ($password == $row["password"] && !isset($row['activate'])) {
$message['activate'] = " Account not activated";
}
<?php
// NOTE: Инициализация базовой части CMS
define('AUTH_MODE', 'public');
define('AUTH_DI', 'user');
include_once 'base.php';
$args = request::get(array('user', 'secret'));
try {
if (!empty($args)) {
authenticate::login();
}
} catch (Exception $e) {
dbg::write($e->getMessage(), LOG_PATH . 'access.log');
$data['errors'] = $e->getMessage();
}
try {
if (authenticate::is_logged() && request::get('logout') == 'yes') {
authenticate::logout();
}
} catch (Exception $e) {
}
//exit();
$Email = new VTSMail();
$Email->setName($user_name);
//To name
$Email->setMail($email);
//To e-mail
$Email->setSubject("Registration");
//Subject
$Email->setMessage("Password Reset Successful\n Your Passcode:{$string}");
$Email->sendMail();
$this->display('Password reset successful');
}
}
function random_string()
{
$character_set_array = array();
$character_set_array[] = array('count' => 7, 'characters' => 'abcdefghijklmnopqrstuvwxyz');
$character_set_array[] = array('count' => 1, 'characters' => '0123456789');
$temp_array = array();
foreach ($character_set_array as $character_set) {
for ($i = 0; $i < $character_set['count']; $i++) {
$temp_array[] = $character_set['characters'][rand(0, strlen($character_set['characters']) - 1)];
}
}
shuffle($temp_array);
return implode('', $temp_array);
}
}
$forgot = new authenticate();
$forgot->forgotPassword($email);
//var_dump($forgot);
<?php
session_start();
require_once 'acl_class_authentication.php';
$acl = new authenticate();
$current_url = pathinfo($_SERVER['REQUEST_URI']);
$file_name = $current_url['filename'];
$type = $acl->get_name_from_url($file_name);
$current_action_id = $acl->get_id('action', 'operation', $type['action']);
$current_resource_id = $acl->get_id('resource', 'resource', $type['resource']);
$allow = 0;
foreach ($_SESSION['data'] as $value) {
if ($value['resource_id'] == $current_resource_id && $value['action_id'] == $current_action_id) {
$allow = 1;
break;
} else {
$allow = 0;
}
}
if ($allow == 1) {
// Displaying allowed actions on th view page.
foreach ($_SESSION['data'] as $value) {
if ($value['resource_id'] == $current_resource_id) {
$action_id_allowed[] = $value['action_id'];
}
}
sort($action_id_allowed);
$display_action = '';
foreach ($action_id_allowed as $value) {
$action_name_allowed = $acl->get_name('action', 'operation', $value);
$page_name = $type['resource'] . '_' . $action_name_allowed . '.php';
<?php
/**
* The data interface initialization code
*
* @author Litvinenko S. Anthon <*****@*****.**>
* @version 2.0
* @access public
* @package SBIN Diesel
*/
try {
// NOTE: If defined authentication data interface and user not logged in
/* 9* старый вариант не рубил отдачу файлов по сслке /files/?id=6 например в случае если юзер не залогинен
и вот потому дополнительно условие если аутх мое публик то на pub_ не будем руибить доступ ибо это публик по дефолту
if (defined('AUTH_DI') && !authenticate::is_logged())
*/
if (defined('AUTH_DI') && !authenticate::is_logged() && AUTH_MODE != 'public') {
// Then send error
response::send('Session closed. Authorization needed.', 'error');
}
$di = data_interface::get_instance(request::get('di'));
// If return FALSE then access denied
if (!$di->call(request::get('cll'), request::get())) {
response::send('Access denied.', 'error');
}
} catch (Exception $e) {
dbg::write("UID: " . UID . "\nREQUEST_URI: {$_SERVER['REQUEST_URI']}\n" . $e->getMessage() . "\n" . $e->getTraceAsString(), LOG_PATH . 'di_errors.log');
response::send('Error while process request.', 'error');
}
<?php
/**
* The user interface initialization code
*
* @author Litvinenko S. Anthon <*****@*****.**>
* @version 2.0
* @access public
* @package CFsCMS2(PE)
*/
try {
// NOTE: If defined authentication data interface and user not logged in
if (defined('AUTH_DI') && !authenticate::is_logged()) {
// Then redicrect to login form
response::redirect('login/');
}
// Call user interface
$ui = user_interface::get_instance(request::get('ui', UI_DEFAULT));
if (($content = $ui->call(request::get('cll', UI_CLL_DEFAULT), request::get())) === FALSE) {
response::header('404');
} else {
response::send($content, 'html');
}
} catch (Exception $e) {
dbg::write($e->getMessage() . "\n" . $e->getTraceAsString(), LOG_PATH . 'ui_errors.log');
response::header('404');
}
