public function actionAuthenticate()
{
$model = new Authenticate();
$authenticate_json = http_get_request_body();
//$authenticate_json = json_encode(array("username"=>"kailesh","password"=>"1c3dd8b850b055bb7b6fb0fb59a7cd4","deviceID"=>"90:C1:15:BC:97:4F"));
$model->verifyDetails($authenticate_json);
$verification = $model->getAccess();
$responseMsg = $model->generateJsonResponse();
//var_dump($responseMsg);
/*HttpResponse::status(200);
HttpResponse::setContentType('text/HTML');
HttpResponse::setData("Orders Recieved");
HttpResponse::send();*/
//var_dump($responseMsg);
if ($verification === true) {
HttpResponse::status(200);
HttpResponse::setContentType('application/json');
HttpResponse::setData($responseMsg);
HttpResponse::send();
} else {
HttpResponse::status(200);
HttpResponse::setContentType('application/json');
HttpResponse::setData($responseMsg);
HttpResponse::send();
}
}
/**
* Default method
* @return [type] [description]
*/
public function index()
{
if (Session::get('logined') !== null) {
if (Session::get('logined')) {
$this->getUserLogin();
exit;
}
}
$auth = new Authenticate();
if (isset($_POST['user_id']) && isset($_POST['id_token'])) {
$user_id = $_POST['user_id'];
$id_token = $_POST['id_token'];
if ($auth->checkLogin($user_id, $id_token)) {
Session::init();
Session::set('id_token', $id_token);
Session::set('user_id', $user_id);
Session::set('logined', true);
echo json_encode('success');
exit;
} else {
echo json_encode('need login with google ID');
exit;
}
} else {
echo json_encode('need login with google ID');
exit;
}
}
function CreateNav($token, $skin)
{
global $defined;
$auth = new Authenticate();
$level = new AccessLevels();
if (empty($token)) {
$data->menu = 'menu.default.tpl';
} else {
if ($auth->AuthUser(NULL, NULL, $token) === -1 || $auth->AuthUser(NULL, NULL, $token) === -2) {
// $data->menu = $msg;
$data->menu = 'menu.default.tpl';
} else {
if ($level->ChkLevel($token) === "admin") {
$data->menu = 'menu.admin.tpl';
} elseif ($level->ChkLevel($token) === "user") {
$data->menu = 'menu.user.tpl';
} elseif ($level->ChkLevel($token) === "view") {
$data->menu = 'menu.view.tpl';
} else {
$data->menu = 'menu.default.tpl';
}
}
}
return $data->menu;
}
public function testUnknownUser()
{
$authenticate = new Authenticate();
$authenticate_json = json_encode(array("username" => "bob", "password" => "1c3dd8b823we055bb7b6fb0fb59a7cd04", "deviceID" => "85:D5:76:AA:97:4F"));
$authenticate->verifyDetails($authenticate_json);
$expected_response = json_encode(array("access" => false, "reason" => "RMB-01", "balance" => "0"));
$returned_response = $authenticate->generateJsonResponse();
$this->assertEquals($expected_response, $returned_response);
}
/**
* destroy administrator session
* role: administrator
*/
public function logout()
{
$auth = new Authenticate();
if ($auth->logout(Authenticate::SUPERUSER)) {
transport("administrator");
} else {
transport("dashboard");
}
}
function addToDatabase($rname, $rsize, $rtype, $rname_usr, $rtype_usr, $rdesc, $extension, $rprio)
{
$auth = new Authenticate();
$con = new Connection();
$link = $con->getConnection();
$query = "INSERT INTO `resources`(`ID`, `name`,`rNameUsr`,`rsize`, `rtype`, `format`, `doc_by`,`user_r_type`,`rDescription`,`rprio`, `when`, `approved`) VALUES (NULL,?,?,?,?,?,?,?,?,?,?,?)";
//$query = "INSERT INTO `categories`(`cat_id`,`cat_name`,`cat_description`,`cat_by`) VALUES (NULL,?,?,?)";
$stmt = $link->prepare($query);
$stmt->execute(array($rname, $rname_usr, $rsize, $rtype, $extension, $auth->getFullName($_SESSION['user_id']), $rtype_usr, $rdesc, $rprio, date("Y-m-d H:i:m", time()), 0));
$stmt = null;
return TRUE;
}
public function pre()
{
$this->user = Authenticate::session();
if (!is_a($this->user, 'Kadmin')) {
throw new Exception('Not Authorized', 401);
}
}
function preprocess()
{
$me = CoreLocal::get('CashierNo');
$this->security = Authenticate::getPermission($me);
if (isset($_REQUEST['selectlist'])) {
if (!FormLib::validateToken()) {
return false;
}
if (empty($_REQUEST['selectlist'])) {
$this->change_page($this->page_url . "gui-modules/pos2.php");
return False;
} elseif ($_REQUEST['selectlist'] == 'SUSPEND') {
Database::getsubtotals();
if (CoreLocal::get("LastID") == 0) {
CoreLocal::set("boxMsg", _("no transaction in progress"));
CoreLocal::set('boxMsgButtons', array('Dismiss [clear]' => '$(\'#reginput\').val(\'CL\');submitWrapper();'));
$this->change_page($this->page_url . "gui-modules/boxMsg2.php");
return False;
} else {
// ajax call to end transaction
// and print receipt
$ref = SuspendLib::suspendorder();
$this->add_onload_command("\$.ajax({\n type:'post',\n url:'{$this->page_url}ajax-callbacks/ajax-end.php',\n cache: false,\n data: 'receiptType=suspended&ref={$ref}',\n dataType: 'json',\n success: function(data){\n \$.ajax({\n type:'post',\n url:'{$this->page_url}ajax-callbacks/ajax-transaction-sync.php',\n cache: false,\n success: function(data){\n location='{$this->page_url}gui-modules/pos2.php';\n },\n error: function(e1){\n location='{$this->page_url}gui-modules/pos2.php';\n }\n });\n },\n error: function(e1){\n location='{$this->page_url}gui-modules/pos2.php';\n }\n });");
return True;
}
} else {
if ($_REQUEST['selectlist'] == 'RESUME') {
Database::getsubtotals();
if (CoreLocal::get("LastID") != 0) {
CoreLocal::set("boxMsg", _("transaction in progress"));
CoreLocal::set('boxMsgButtons', array('Dismiss [clear]' => '$(\'#reginput\').val(\'CL\');submitWrapper();'));
$this->change_page($this->page_url . "gui-modules/boxMsg2.php");
} elseif (SuspendLib::checksuspended() == 0) {
CoreLocal::set("boxMsg", _("no suspended transaction"));
CoreLocal::set('boxMsgButtons', array('Dismiss [clear]' => '$(\'#reginput\').val(\'CL\');submitWrapper();'));
CoreLocal::set("strRemembered", "");
$this->change_page($this->page_url . "gui-modules/boxMsg2.php");
} else {
$this->change_page($this->page_url . "gui-modules/suspendedlist.php");
}
return False;
} else {
if ($_REQUEST['selectlist'] == 'TR') {
TenderReport::printReport();
$this->change_page($this->page_url . "gui-modules/pos2.php");
return False;
} else {
if ($_REQUEST['selectlist'] == 'OTR' && $this->security >= 30) {
$this->change_page($this->page_url . 'gui-modules/requestInfo.php?class=AnyTenderReportRequest');
return False;
} elseif ($_REQUEST['selectlist'] == 'UNDO' && $this->security >= 30) {
$this->change_page($this->page_url . 'gui-modules/undo.php');
return false;
}
}
}
}
}
return True;
}
public function validUserSession($app_id, $user_id, $access_token)
{
if ($app_id && $user_id && $access_token) {
$check = $this->_db->select("user_session us", "us.session_id,us.device_token,us.mac_id,us.platform,us.user_id,u.name,u.email", "join user u on u.user_id=us.user_id", "where us.app_id='{$app_id}' and us.user_id='{$user_id}' and access_token='{$access_token}' and login_status='1'");
if ($check) {
if ($this->_db->getNumRows() == 1) {
self::$session_id = $this->_db->getFirst()['session_id'];
self::$session_user_id = $this->_db->getFirst()['user_id'];
self::$device_token = $this->_db->getFirst()['device_token'];
self::$mac_id = $this->_db->getFirst()['mac_id'];
self::$platform = $this->_db->getFirst()['platform'];
self::$session_user_name = $this->_db->getFirst()['name'];
self::$session_user_email = $this->_db->getFirst()['email'];
self::$session_user_type = "user";
return true;
} else {
self::$VALIDATION["error"] = 1;
self::$VALIDATION['status'] = 401;
self::$VALIDATION['message'] = "Invalid access token.";
}
} else {
self::$VALIDATION["error"] = 1;
self::$VALIDATION['status'] = 401;
self::$VALIDATION['message'] = "Invalid access parameters.";
}
} else {
self::$VALIDATION["error"] = 1;
self::$VALIDATION['status'] = 400;
self::$VALIDATION['message'] = "Access parameters not given.";
}
return false;
}
/**
* PAGE: index
* This method handles what happens when you move to http://yourproject/home/index (which is the default page btw)
*/
public function index()
{
// check if user has an active menu
Authenticate::menuIsActive();
// header
require APP_PATH . 'views/templates/header_alt.php';
// navbar
// <body>
// <container>
// <navbar></navbar>
require APP_PATH . 'views/templates/navbar_alt.php';
// sidebar
// <row>
// <col-sm-3></end-col>
require APP_PATH . 'views/recipes/default/sidebar.php';
// content
// <col-sm-9></end-col>
require APP_PATH . 'views/recipes/default/content.php';
// footer
// <footer></footer>
// </container>
// </body>
// </html>
require APP_PATH . 'views/templates/footer.php';
}
public function pre()
{
$this->user = Authenticate::me();
if (!is_a($this->user, 'Kadmin') || $this->user->getType() != 'admin') {
throw new Exception('Not Authorized', 401);
}
}
public function preprocess()
{
$this->box_css_class = 'coloredArea';
$this->msg = _('please enter your password');
$this->body_class = '';
if (isset($_REQUEST['reginput']) || isset($_REQUEST['userPassword'])) {
$passwd = '';
if (isset($_REQUEST['reginput']) && !empty($_REQUEST['reginput'])) {
$passwd = $_REQUEST['reginput'];
UdpComm::udpSend('goodBeep');
} elseif (isset($_REQUEST['userPassword']) && !empty($_REQUEST['userPassword'])) {
$passwd = $_REQUEST['userPassword'];
}
if (Authenticate::checkPassword($passwd)) {
Database::testremote();
$sd = MiscLib::scaleObject();
if (is_object($sd)) {
$sd->ReadReset();
}
/**
Find a drawer for the cashier
*/
$my_drawer = ReceiptLib::currentDrawer();
if ($my_drawer == 0) {
$available = ReceiptLib::availableDrawers();
if (count($available) > 0) {
ReceiptLib::assignDrawer(CoreLocal::get('CashierNo'), $available[0]);
$my_drawer = $available[0];
}
} else {
ReceiptLib::assignDrawer(CoreLocal::get('CashierNo'), $my_drawer);
}
TransRecord::addLogRecord(array('upc' => 'SIGNIN', 'description' => 'Sign In Emp#' . CoreLocal::get('CashierNo')));
/**
Use Kicker object to determine whether the drawer should open
The first line is just a failsafe in case the setting has not
been configured.
*/
if (session_id() != '') {
session_write_close();
}
$kicker_class = CoreLocal::get("kickerModule") == "" ? 'Kicker' : CoreLocal::get('kickerModule');
$kicker_object = new $kicker_class();
if ($kicker_object->kickOnSignIn()) {
ReceiptLib::drawerKick();
}
if ($my_drawer == 0) {
$this->change_page($this->page_url . "gui-modules/drawerPage.php");
} else {
$this->change_page($this->page_url . "gui-modules/pos2.php");
}
return false;
} else {
$this->box_css_class = 'errorColoredArea';
$this->msg = _('password invalid, please re-enter');
}
}
return true;
}
function preprocess()
{
$this->my_drawer = ReceiptLib::currentDrawer();
$this->available = ReceiptLib::availableDrawers();
$this->is_admin = false;
$db = Database::pDataConnect();
$sec = Authenticate::getPermission(CoreLocal::get('CashierNo'));
if ($sec >= 30) {
$this->is_admin = true;
}
if (isset($_REQUEST['selectlist'])) {
if (empty($_REQUEST['selectlist'])) {
if (empty($this->available) && !$this->is_admin && $this->my_drawer == 0) {
// no drawer available and not admin
// sign out and go back to main login screen
Database::setglobalvalue("LoggedIn", 0);
CoreLocal::set("LoggedIn", 0);
CoreLocal::set("training", 0);
CoreLocal::set("gui-scale", "no");
$this->change_page($this->page_url . "gui-modules/login2.php");
} else {
$this->change_page($this->page_url . "gui-modules/pos2.php");
}
return False;
}
if (substr($_REQUEST['selectlist'], 0, 2) == 'TO' && $this->is_admin) {
// take over a drawer
$new_drawer = substr($_REQUEST['selectlist'], 2);
if ($this->my_drawer != 0) {
// free up the current drawer if it exists
ReceiptLib::drawerKick();
ReceiptLib::freeDrawer($this->my_drawer);
}
// switch to the requested drawer
ReceiptLib::assignDrawer(CoreLocal::get('CashierNo'), $new_drawer);
ReceiptLib::drawerKick();
$this->my_drawer = $new_drawer;
} elseif (substr($_REQUEST['selectlist'], 0, 2) == 'SW') {
// switch to available drawer
$new_drawer = substr($_REQUEST['selectlist'], 2);
foreach ($this->available as $id) {
// verify the requested drawer is available
if ($new_drawer == $id) {
if ($this->my_drawer != 0) {
// free up the current drawer if it exists
ReceiptLib::drawerKick();
ReceiptLib::freeDrawer($this->my_drawer);
}
// switch to the requested drawer
ReceiptLib::assignDrawer(CoreLocal::get('CashierNo'), $new_drawer);
ReceiptLib::drawerKick();
$this->my_drawer = $new_drawer;
break;
}
}
}
}
return True;
}
public static function getUser()
{
$session = self::getSession();
$user = $session->get('user');
if (empty($user)) {
$user = Authenticate::set_public_user();
}
return $user;
}
function preprocess()
{
// check for posts before drawing anything, so we can redirect
if (isset($_REQUEST['reginput'])) {
$input = strtoupper(trim($_REQUEST['reginput']));
// CL always exits
if ($input == "CL") {
PaycardLib::paycard_reset();
CoreLocal::set("msgrepeat", 1);
CoreLocal::set("strRemembered", 'TO');
CoreLocal::set("toggletax", 0);
CoreLocal::set("togglefoodstamp", 0);
$this->change_page($this->page_url . "gui-modules/pos2.php");
return False;
}
$continue = false;
// when voiding tenders, the input must be an FEC's passcode
if (CoreLocal::get("paycard_mode") == PaycardLib::PAYCARD_MODE_VOID && $input != "" && substr($input, -2) != "CL") {
$db = Database::pDataConnect();
if (Authenticate::checkPermission($input, 11)) {
CoreLocal::set("adminP", $input);
$continue = true;
}
}
// when voiding items, no code is necessary, only confirmation
if (CoreLocal::get("paycard_mode") != PaycardLib::PAYCARD_MODE_VOID && $input == "") {
$continue = true;
}
// go?
if ($continue) {
// send the request, then disable the form
$this->add_onload_command('paycard_submitWrapper();');
$this->action = "onsubmit=\"return false;\"";
}
// if we're still here, display prompt again
} else {
if (CoreLocal::get("paycard_mode") == PaycardLib::PAYCARD_MODE_AUTH) {
// call paycard_void on first load to set up
// transaction and check for problems
$id = CoreLocal::get("paycard_id");
foreach (CoreLocal::get("RegisteredPaycardClasses") as $rpc) {
$myObj = new $rpc();
if ($myObj->handlesType(CoreLocal::get("paycard_type"))) {
$ret = $myObj->paycard_void($id);
if (isset($ret['output']) && !empty($ret['output'])) {
CoreLocal::set("boxMsg", $ret['output']);
$this->change_page($this->page_url . "gui-modules/boxMsg2.php");
return False;
}
break;
}
}
}
}
return True;
}
public function pre()
{
$this->user = Authenticate::session();
if (!is_a($this->user, 'Kadmin') || $this->user->getType() != 'admin') {
throw new Exception('Not Authorized', 401);
}
if (is_string($this->param2) && !empty($this->param2)) {
$this->block = Block::getById($this->param2);
}
}
public function pre()
{
$this->user = Authenticate::session();
if (!is_a($this->user, 'Kadmin')) {
throw new Exception('Not Authorized', 401);
}
if (MongoId::isValid($this->param2)) {
$this->page = KLib\instance::of('Page', $this->param2);
}
}
public function pre()
{
$this->user = Authenticate::session();
if (!is_a($this->user, 'Kadmin') || $this->user->getType() != 'admin') {
throw new Exception('Not Authorized', 401);
}
$this->targetLanguage = 'en';
C::s('LANG_DIR', realpath(ROOTDIR . '../locale/'));
$this->path = C::g('LANG_DIR') . '/' . C::g('LANG_AVAILABLE', $this->targetLanguage) . '/LC_MESSAGES/';
}
public static function CheckSuper()
{
if (!Authenticate::IsSuperUser()) {
if (defined('TUBEX_AJAX')) {
JSON::Error('Only superuser control panel accounts can access this function');
} else {
include_once 'cp-superuser-only.php';
}
exit;
}
}
public function __construct($title)
{
parent::__construct($title);
// Session::init();
// $logged = Session::get('loggedIn');
// $role = Session::get('role');
// if($logged ==false||$role != 'owner'){
// Session::destroy();
// header('location: ./login');
// exit;
// }
Authenticate::handleLogin();
}
/**
* show feedback management page on administrator feature.
* role: administrator
*/
public function index()
{
if (Authenticate::is_authorized()) {
$model_player = Player::getInstance();
$model_player->get_total_player();
$model_player->unread_new_player();
$this->framework->view->page = "feedback";
$this->framework->view->content = "/backend/pages/feedback";
$this->framework->view->show("backend/template");
} else {
transport("administrator");
}
}
public function login()
{
if (!$this->input->post('username')) {
Authenticate::showForm("No Username given, Please enter a Username.");
}
$quary = $this->Auth->getUserData($this->input->post('username'));
if (password_verify($this->input->post('password'), $quary['password'])) {
$this->Auth->setSession($quary);
redirect('/admin');
} else {
Authenticate::showForm("Invalid Login attempt");
}
}
/**
* export/download overall report into pdf
* role: administrator
*/
public function get_overall()
{
if (Authenticate::is_authorized()) {
$model_player = Player::getInstance();
$model_feedback = Feedback::getInstance();
$model_administrator = Administrator::getInstance();
$model_leaderboard = Leaderboard::getInstance();
$model_report = new ReportGenerator();
$model_report->get_report_overall($model_player->get_player_report(), $model_feedback->retrieve_feedback_report(), $model_administrator->retrieve_traffic_report(), $model_leaderboard->get_top10_ranking());
$model_report->print_report();
} else {
transport("administrator");
}
}
/**
* Authenticates a user.
* The example implementation makes sure if the username and password
* are both 'demo'.
* In practical applications, this should be changed to authenticate
* against some persistent user identity storage (e.g. database).
* @return boolean whether authentication succeeds.
*/
public function authenticate()
{
$username = $this->username;
$password = $this->password;
$user = Authenticate::model()->find(array('condition' => "username='******'"));
if (!empty($user)) {
if ($password == $user->password) {
$this->errorCode = self::ERROR_NONE;
} else {
$this->errorCode = self::ERROR_PASSWORD_INVALID;
}
} else {
$this->errorCode = self::ERROR_USERNAME_INVALID;
}
return !$this->errorCode;
}
/**
* update product price.
*
* role: player
*/
public function update_product_price()
{
if (Authenticate::is_player()) {
if (isset($_POST['token']) && Authenticate::is_valid_token($_POST['token'])) {
$this->model_product = Product::getInstance();
$product = $_POST['product_data'];
$result = $this->model_product->update_player_product($product);
$binding = array("result_var" => "session_ready", "status_var" => $result);
binding_data($binding);
} else {
transport("error404");
}
} else {
$binding = array("result_var" => "no_session");
binding_data($binding);
}
}
/**
* retrieve player ranking and global ranking.
* route : player
*/
public function retrieve_leaderboard()
{
if (Authenticate::is_player()) {
if (isset($_POST['token']) && Authenticate::is_valid_token($_POST['token'])) {
$this->model_leaderboard = Leaderboard::getInstance();
$player_ranking = $this->model_leaderboard->get_player_ranking();
$global_ranking = $this->model_leaderboard->get_global_ranking();
$binding = array("result_var" => "session_ready", "leaderboard_player_var" => json_encode($player_ranking), "leaderboard_global_var" => json_encode($global_ranking));
binding_data($binding);
} else {
transport("error404");
}
} else {
$binding = array("result_var" => "no_session");
binding_data($binding);
}
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, \Closure $next)
{
if ($this->auth->guest()) {
return parent::handle($request, $next);
}
// Last segment of the route name is the action, the rest is the resource
$routeName = $request->route()->getName();
$pivot = strrpos($routeName, '.');
$resource = substr($routeName, 0, $pivot);
$action = substr($routeName, $pivot + 1);
if ($this->auth->user()->can($action, $resource)) {
return $next($request);
}
$error = sprintf(_("Your user is not authorized to perform action '%s' on resource '%s'"), $action, $resource);
if ($request->ajax()) {
return response($error, 401);
}
\Session::flash('error', $error);
return redirect()->route('home');
}
function preprocess()
{
$this->color = "coloredArea";
$this->heading = _("enter password");
$this->msg = _("confirm no sales");
if (isset($_REQUEST['reginput']) || isset($_REQUEST['userPassword'])) {
$passwd = '';
if (isset($_REQUEST['reginput']) && !empty($_REQUEST['reginput'])) {
$passwd = $_REQUEST['reginput'];
} elseif (isset($_REQUEST['userPassword']) && !empty($_REQUEST['userPassword'])) {
$passwd = $_REQUEST['userPassword'];
}
if (strtoupper($passwd) == "CL") {
$this->change_page($this->page_url . "gui-modules/pos2.php");
return False;
} elseif (Authenticate::checkPassword($passwd)) {
ReceiptLib::drawerKick();
if (CoreLocal::get('LoudLogins') == 1) {
UdpComm::udpSend('twoPairs');
}
$this->change_page($this->page_url . "gui-modules/pos2.php");
return false;
} else {
$this->color = "errorColoredArea";
$this->heading = _("re-enter password");
$this->msg = _("invalid password");
if (CoreLocal::get('LoudLogins') == 1) {
UdpComm::udpSend('errorBeep');
}
}
} else {
// beep on initial page load
if (CoreLocal::get('LoudLogins') == 1) {
UdpComm::udpSend('twoPairs');
}
}
return true;
}
/**
* save new achievement via REST.
* role: player
*/
public function unlock_achievement()
{
if (Authenticate::is_player()) {
if (isset($_POST['token']) && Authenticate::is_valid_token($_POST['token'])) {
$this->model_achievement = Achievement::getInstance();
/*
* populate type of achievement.
* invoke method to unlock the achievement.
* log this event about achievement earning.
*/
$achievement = $_POST["achievement"];
$result = $this->model_achievement->unlock_achievement($achievement);
$log = Log::getInstance();
$log->logging_game_earn_achievement("Achievement id {$achievement}");
$binding = array("result_var" => "session_ready", "unlock_status" => $result);
binding_data($binding);
} else {
transport("error404");
}
} else {
$binding = array("result_var" => "no_session");
binding_data($binding);
}
}
function preprocess()
{
$this->color = "coloredArea";
$this->img = $this->page_url . "graphics/key-icon.png";
$this->msg = _("please enter password");
if (isset($_REQUEST['reginput']) || isset($_REQUEST['scannerInput'])) {
$passwd = '';
if (isset($_REQUEST['reginput']) && !empty($_REQUEST['reginput'])) {
$passwd = $_REQUEST['reginput'];
} elseif (isset($_REQUEST['scannerInput']) && !empty($_REQUEST['scannerInput'])) {
$passwd = $_REQUEST['scannerInput'];
UdpComm::udpSend('goodBeep');
}
if (Authenticate::checkPassword($passwd, 4)) {
$this->change_page($this->page_url . "gui-modules/pos2.php");
return False;
} else {
$this->color = "errorColoredArea";
$this->img = $this->page_url . "graphics/redkey4.gif";
$this->msg = _("Password Invalid, Please Re-Enter");
}
}
return True;
}
