public function check_access_action($params)
{
$p = arr::extract($params, ['calling_date', 'shop']);
$p['user_id'] = usr::id();
$c = db::exec_count($this->db, "SELECT COUNT(*) FROM i_interview_meta WHERE calling_date = :calling_date AND shop = :shop AND user_id != :user_id", $p);
$this->view->render('json', !$c);
}
public static function beforeAction()
{
$usr = usr::getCurrentUser(1);
if (!isset($usr) || !Core::isAdministrator($usr)) {
header('Location: / ');
exit;
}
self::$user = $usr;
}
private static function get_notification_message($link)
{
$header = '<h1>' . Core::translateToCurrentLocale("Hello") . ', </h1>
<p class="lead">' . Core::translateToCurrentLocale("you have registered money withdraw from the Bitmonex exchange") . '.</p>';
$body = '<p>' . Core::translateToCurrentLocale("To confirm your withdrawing, please click on this link") . '. <a href="' . $link . '">' . Core::translateToCurrentLocale("Withdraw money") . '!</a></p>';
return usr::getMessage($header, $body);
}
$password2 = "";
$dbname2 = "pso_db";
/**
* Add SESSION variable to prevent main form to REDO the delete action
*/
$_SESSION['REDO'] = true;
/**
* Errors Management
*/
if ($_GET['error'] == 1) {
$notification = formatFormErrors($_SESSION['errorMsgs']);
}
$actScript = 'usr.form.php';
globalizeGet();
globalizePost();
$obj = new usr();
$title = getTitleFromMenuCaption('Usr');
// Update number values
// Remove the thousands seperator
$_REQUEST['us_id'] = str_replace(".", "", $_REQUEST['us_id']);
$_REQUEST['us_id'] = str_replace(",", ".", $_REQUEST['us_id']);
$_REQUEST['us_isactive'] = str_replace(".", "", $_REQUEST['us_isactive']);
$_REQUEST['us_isactive'] = str_replace(",", ".", $_REQUEST['us_isactive']);
$_REQUEST['us_gr_id'] = str_replace(".", "", $_REQUEST['us_gr_id']);
$_REQUEST['us_gr_id'] = str_replace(",", ".", $_REQUEST['us_gr_id']);
// Set value of checkbox = 0 if not passed in the request
$_REQUEST['us_isactive'] = isset($_REQUEST['us_isactive']) && $_REQUEST['us_isactive'] == "on" ? 1 : 0;
switch ($in2Action) {
case 'add':
$_REQUEST['us_cruser'] = $_SESSION['us_id'];
$_REQUEST['us_crdate'] = date('Y-m-d H:i:s');
if (isset($data['firstCurrency'])) {
$currentRate = $data;
} else {
if (isset($_GET['Data'])) {
$currentRate = $_GET['Data'];
}
}
if (isset($currentRate['firstCurrency'])) {
$rateInfo = api::rateInfo($currentRate['firstCurrency'], $currentRate['secondCurrency']);
$maxPrice = $rateInfo['bid'];
$minPrice = $rateInfo['ask'];
$totalPrice = $rateInfo['total_price'];
$totalVolume = $rateInfo['total_volume'];
$user = usr::getCurrentUser(1);
if ($user != null) {
$userFunds = usr::getCurrentUsersPurses();
$userFirstCurrFundsIndex = Core::array_search($userFunds, 'CurName', $currentRate['firstCurrency']);
$userFirstCurrFunds = $userFirstCurrFundsIndex == -1 ? 0 : $userFunds[$userFirstCurrFundsIndex]['Value'];
$userSecondCurrFundsIndex = Core::array_search($userFunds, 'CurName', $currentRate['secondCurrency']);
$userSecondCurrFunds = $userSecondCurrFundsIndex == -1 ? 0 : $userFunds[$userSecondCurrFundsIndex]['Value'];
} else {
$userFirstCurrFunds = 0;
$userSecondCurrFunds = 0;
}
if (isset($currentRate['limit'])) {
$depth = api::depth($currentRate['firstCurrency'], $currentRate['secondCurrency'], $currentRate['limit']);
} else {
$depth = api::depth($currentRate['firstCurrency'], $currentRate['secondCurrency']);
}
}
?>
<?php
include_once "conf/config.server.php";
include_once "cls/app_log.class.php";
include_once CLASS_PATH . 'usr.class.php';
$LoginStatus = '';
$obj = new usr();
switch ($_REQUEST['cAction']) {
case 'Logout':
session_destroy();
$oLog = new app_log();
$stmt = " UPDATE app_log SET log_upddte = NOW(), log_outdte = NOW(), log_islogged = 0 \n\tWHERE log_sessid = '{$_REQUEST['PHPSESSID']}'\n\tAND log_outdte IS NULL";
$oLog->execute($stmt, $isDebug);
goToURL("index.php");
break;
case 'AlreadyLoggedIn':
session_destroy();
goToURL("index.php?AlreadyLoggedIn=1");
break;
case 'InvalidCreds':
session_destroy();
goToURL("index.php?InvalidCreds=1");
break;
case 'RememberMe':
break;
case 'forgotpassword':
if ($_REQUEST['us_username'] && !$_REQUEST['us_password']) {
$obj->Select(array('us_id', 'us_fname', 'us_lname', 'us_email'), '', 'WHERE us_email = \'' . $_REQUEST['us_username'] . '\' Or us_username = \'' . $_REQUEST['us_username'] . '\'', 1, null, false);
$cntObj = $obj->RowCount();
if ($cntObj) {
while (!$obj->EOF()) {
<?php
$user = usr::getCurrentUser(1);
if (isset($data[0]['rate'])) {
$widgets = $data;
} else {
if (isset($_GET['Data'])) {
$page = $_GET['Data'];
if ($page != null) {
$widgets = widgetControl::getPageWidgets($page);
} else {
$widgets = widgetControl::getPageWidgets(0);
}
}
}
?>
<!-- DashBoard -->
<div id="dashboard" class="dashboard col-xs-9">
<div class="topHead" style="margin-bottom:0px;">
<span class="greenMark"><?php
print Core::translateToCurrentLocale("Dashboard");
?>
</span>
<div class="line"></div>
</div>
<div class="widgetPager">
<?php
$data = $widgets[0]['rate'];
print Core::runView('Shared/widgetpager', $data);
$currentRate = $widgets[0]['rate'];
public static function removeWidget()
{
$usr = usr::getCurrentUser(1);
if (!isset($usr)) {
return;
}
$widgetId = Core::validate(self::getVar('id'));
$widget = new Widget();
$result = $widget->findBy(array('UID' => $usr->getId(), 'id' => $widgetId));
if (count($result) <= 0) {
return;
}
$widget->setId($widgetId);
$widget->delete();
header('Location: / ');
}
public static function tradeHistory($firstCurrencyName = null, $secondCurrencyName = null, $count = null)
{
$user = usr::getCurrentUser(1);
$isAjax = 0;
if ($count == null) {
$count = Core::validate(self::getVar('count'));
}
$from_id = Core::validate(self::getVar('from_id'));
$end_id = Core::validate(self::getVar('end_id'));
$order = Core::validate(self::getVar('order'));
$since = Core::validate(self::getVar('since'));
$end = Core::validate(self::getVar('end'));
if ($firstCurrencyName == null) {
$firstCurrencyName = Core::validate(self::getVar('firstCurrency'));
$isAjax = 1;
}
if ($secondCurrencyName == null) {
$secondCurrencyName = Core::validate(self::getVar('secondCurrency'));
$isAjax = 1;
}
$rate = self::getRate($firstCurrencyName, $secondCurrencyName);
if ($rate != null) {
$params['RateId'] = $rate->getId();
}
$params['count'] = $count;
$params['from_id'] = $from_id;
$params['end_id'] = $end_id;
$params['order'] = $order;
$params['since'] = $since != null ? date("Y-m-d H:i:s", $since) : null;
$params['end'] = $end != null ? date("Y-m-d H:i:s", $end) : null;
$deals = Deal::getHistory($params);
$return = array();
$rate = new Rate();
$currency = new Currency();
foreach ($deals as $value) {
$rate->findById($value['RateId']);
$currency->findById($rate->getFirstCurrencyId());
$deal['pair'] = $currency->getName();
$currency->findById($rate->getSecondCurrencyId());
$deal['pair'] .= " - " . $currency->getName();
$deal['type'] = $value['Type'] == 0 ? "buy" : "sell";
$deal['amount'] = $value['Volume'];
$deal['rate'] = $value['Price'];
$deal['order_id'] = $value['OrderId'];
$deal['is_your_order'] = $user != null && $user->getId() == $value['UID'] ? 1 : 0;
$deal['timestamp'] = strtotime($value['Date']);
array_push($return, $deal);
}
$result['success'] = 1;
$result['return'] = $return;
if ($isAjax == 0) {
return $result;
}
print json_encode($result);
}
static function checkloginout($tkid)
{
if (1 == ($result = parent::checklogin($tkid))) {
return true;
} else {
return false;
}
}
public function get_current_action($params)
{
$result = db::exec_row($this->db, "SELECT id, name, role FROM i_users WHERE name = :name", [':name' => usr::name()]);
$this->view->render('json', $result);
}
<?php
include_once 'conf/config.php';
include_once 'lang/chgPassForm.lang.inc';
include_once CLASS_PATH . 'usr.class.php';
$actScript = 'chgPassForm.php';
globalizeGet();
globalizePost();
$obj = new usr();
$title = 'Change Password';
$id = $_SESSION['us_id'];
if (!$in2Action) {
$in2Action = 'editRecord';
}
// Update number values
// Remove the thousands seperator
$_REQUEST['us_id'] = str_replace(",", "", $_REQUEST['us_id']);
switch ($in2Action) {
case 'edit':
$obj->Select(array('us_password', 'us_username'), '', 'WHERE us_id = ' . $id, 1, null, false);
$cntObj = $obj->RowCount();
if ($cntObj) {
while (!$obj->EOF()) {
$rowObj = $obj->Row();
$oldPass = $rowObj->us_password;
$us_username = $rowObj->us_username;
}
}
if (md5($_REQUEST['us_oldpassword']) != $oldPass) {
$in2Action = 'editRecord';
$frmAction = 'nomatch';
<?php
include_once 'conf/config.php';
include_once 'lang/usr.lang.inc';
include_once CLASS_PATH . 'usr.class.php';
$actScript = 'usr.php';
globalizePost();
$obj = new usr();
$title = getTitleFromMenuCaption('User Management');
/**
* Delete Record
*/
if (!$_SESSION['REDO']) {
if ($us_id) {
$us_ids = split('__', $us_id);
foreach ($us_ids as $us_id) {
$_REQUEST['us_id'] = $us_id;
$obj->DeleteRequest(false);
}
}
}
unset($_SESSION['REDO']);
?>
<!DOCTYPE html>
<html lang="en">
<head><title>PSO | Dashboard</title>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="shortcut icon" href="images/icons/favicon.ico">
<?php
include_once 'conf/config.php';
include_once 'lang/usr.lang.inc';
include_once CLASS_PATH . 'usr.class.php';
globalizePost();
$obj = new usr();
/**
* Get query data
*/
$obj->Select(array('us_lname', 'us_fname', 'us_dob', 'us_img', 'us_address', 'us_phone', 'us_mobile', 'us_email', 'us_username', 'us_password', 'IF(us_isactive = 1, "' . $yesNo[$_SESSION['lang']][1] . '", "' . $yesNo[$_SESSION['lang']][0] . '") us_isactive', '(SELECT gr_title FROM grp parent WHERE usr.us_gr_id = parent.gr_id) us_gr_id', 'us_id'), '', $whereClause . ' ORDER BY ' . ($_POST['sort'] - 2) . ' ' . $_POST['dir'], $_POST['page'], $rows, false);
while (!$obj->EOF()) {
$row = $obj->Row();
print ' <td><input type="checkbox" name="chkRecord" id="chkRecord_' . $row->us_id . '" value="' . $row->us_id . '"/></td>';
print ' <td><img src="' . PROJECT_UPLOAD_BO_URL . $row->us_img . '" class="img-responsive img-circle"/></td>';
print ' <td>' . $row->us_lname . '</td>';
print ' <td>' . $row->us_fname . '</td>';
print ' <td>' . $row->us_email . '</td>';
print ' <td>' . $row->us_username . '</td>';
print ' <td>' . $row->us_isactive . '</td>';
print ' <td>' . $row->us_gr_id . '</td>';
print ' <td>
<div class="action-group btn-group pull-right mtm mbm">
<button type="button" class="btn btn-default" onclick="javascript:window.location.assign(\'usr.form.php?recordId=' . $row->us_id . '&in2Action=editRecord\');"><i class="fa fa-edit"></i></button>
<button type="button" class="btn btn-default" onclick="javascript:deleteRecord(\'us_id\', ' . $row->us_id . ');"><i class="fa fa-trash-o"></i></button>
</div>
</td>';
print '</tr>';
}
