function checkPermision()
{
$user = $_SESSION["ExtDeskSession"]["username"];
$id = $_SESSION["ExtDeskSession"]["id"];
$module = null;
$option = null;
$action = null;
if (isset($_GET["Module"])) {
$module = $_GET["Module"];
}
if (isset($_GET["option"])) {
$option = $_GET["option"];
}
if (isset($_GET["action"])) {
$action = $_GET["action"];
}
if (isset($_POST["Module"])) {
$module = $_POST["Module"];
}
if (isset($_POST["option"])) {
$option = $_POST["option"];
}
if (isset($_POST["action"])) {
$action = $_POST["action"];
}
$sql = "select a.module, \n a.option, \n a.action,\n ug.idGroup,\n u.p_id\n from groups_actions ga, \n actions a, \n user_groups \n ug,modules m,\n groups g,\n users u\n where a.id=ga.idActions \n and ug.idGroup=ga.idGroups \n and m.js=a.module \n and ga.idgroups=g.id\n and ug.idUser=u.p_id\n and g.active=1 \n and u.active=1\n and u.P_id={$id}\n and a.module='{$module}'\n and a.option='{$option}'\n and a.action='{$action}'\n order by m.id";
/* $d = new debug();
$d->log($sql);*/
$stmt = $this->dbh->prepare($sql);
$stmt->execute();
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
$log = new log();
if (count($result) == 0) {
$log->save($user, "Access denied to module", $module, $option, $action);
return FALSE;
} else {
$log->save($user, "Granted access to the module", $module, $option, $action);
return TRUE;
}
}
/**
* hook telegram messages
* @param boolean $_save [description]
* @return [type] [description]
*/
public static function hook()
{
// if telegram is off then do not run
if (!\lib\utility\option::get('telegram', 'status')) {
return 'telegram is off!';
}
self::$hook = json_decode(file_get_contents('php://input'), true);
// if debug mode is enable give text from get parameter
if (!isset(self::$hook['message']['text']) && \lib\utility\option::get('telegram', 'meta', 'debug') && \lib\utility::get('text')) {
self::$hook['message']['text'] = \lib\utility::get('text');
}
// save log if allow
log::save(self::$hook, true);
// detect cmd and save it in static value
self::cmd(self::response('text'));
// if botan is set then save analytics with botan.io
self::botan();
}
/**
* 运行项目
*/
public static function run()
{
self::init();
//初始化运行环境
self::formatRequest();
//如果开启自动转义,去除转义
self::setAppGroupPath();
//设置应用路径
self::loadAppGroupConfig();
//载入应用组配置
self::setAppPath();
//设置PATH_APP
self::loadAppConfig();
//加载应用配置文件
self::loadUserFile();
//加载系统类文件数据
self::setPathConst();
//设置缓存目录常量
self::createDemoControl();
//创建应用目录
self::setTplConst();
//设置模板常量
self::language();
//加载语言包
self::ajaxCloseDebug();
//ajax时关闭调试
self::setCharset();
//设置字符集
self::createDir();
//创建项目缓存目录结构
self::session_set();
self::compileAppGroupFile();
//项目核心文件编译缓存
self::compileAppFile();
//模块核心文件编译缓存
debug::start("app_start");
//调试开启,需要打开配置文件调试开关
self::apprun();
//项目开始
debug::show("app_start", "app_end");
//显示调试结果
log::save();
//记录日志
}
/**
* TODO: update Log object to use static method
* @param string $method
* @return json
*/
protected function log($method)
{
$remote_addr = filter_input(INPUT_SERVER, "REMOTE_ADDR");
$user_agent = filter_input(INPUT_SERVER, "HTTP_USER_AGENT");
$data = $this->curl('http://ipinfo.io/' . $remote_addr);
if ($remote_addr != "::1" && 0 !== strpos($remote_addr, "192.168.")) {
$log = new log($this->template);
$log->created_on = date("Y-m-d h:i:s");
$log->viewed = $method;
$log->remote_addr = $remote_addr;
$log->user_agent = $user_agent;
$log->loc = $data->{"loc"};
$log->country = $data->{"country"};
$log->state = $data->{"region"};
$log->city = $data->{"city"};
$log->save();
}
return $data;
}
/**
* Updates an existing Product model.
* If update is successful, the browser will be redirected to the 'view' page.
* @param integer $id
* @return mixed
*/
public function actionMinius($id)
{
// echo Url::toRoute(['admin/product/minius', 'id' => $id]);
$searchModel = new ProductSearch();
$dataProvider = $searchModel->search(Yii::$app->request->queryParams);
$LogModel = new log();
$LogModel->product_id = $id;
$LogModel->number = -1;
$model = $this->findModel($id);
$LogModel->content = "đã bán sản phẩm " . $model->name . " với số lượng là ";
$LogModel->save();
if ($model->number != 0) {
$model->number--;
} else {
echo "<script>alert('không thể thực hiện vì số lượng đã bằng 0');</script>";
}
$model->save();
if ($model->load(Yii::$app->request->post()) && $model->save()) {
return $this->render('index', ['searchModel' => $searchModel, 'dataProvider' => $dataProvider]);
} else {
return $this->render('index', ['searchModel' => $searchModel, 'dataProvider' => $dataProvider]);
}
}
function openDefaultFuncGroups()
{
// 为新注册用户自动打开部分功能
$currTime = time();
$currUserFuncs = M('user_func_group')->where(array('user_id' => $this->websiteUserId))->select();
$basicOpenFGs = array();
$secondaryOpenFGs = array();
if ($currUserFuncs !== FALSE) {
$basicDefaultFuncGroups = C('DEFAULT_OPEN_FUNC_GROUPS');
foreach ($basicDefaultFuncGroups as $funcGroupId) {
// 检查该功能组是否已经存在
$existing = false;
foreach ($currUserFuncs as $currFunc) {
if ($currFunc['group_id'] == $funcGroupId) {
$existing = true;
break;
}
}
if (!$existing) {
$userFuncGroupData = array();
$userFuncGroupData['user_id'] = $this->websiteUserId;
$userFuncGroupData['group_id'] = $funcGroupId;
$userFuncGroupData['start_time'] = $currTime;
$openDuration = intval(C('DEFAULT_OPEN_FUNC_GROUPS_DAYS'));
if ($openDuration == -1) {
$expireTime = 2147483647;
} else {
$expireTime = $currTime + $openDuration * 24 * 60 * 60;
}
$userFuncGroupData['expire_time'] = $expireTime;
$userFuncGroupData['status'] = 1;
M('user_func_group')->add($userFuncGroupData);
array_push($basicOpenFGs, $funcGroupId);
}
}
// 自动开通辅助功能组列表:减少测试码的发送量
$secondaryFuncGroups = C('DEFAULT_OPEN_FUNC_GROUPS_SECONDARY');
foreach ($secondaryFuncGroups as $secondaryFG) {
// 检查该功能组是否已经存在
$existing = false;
foreach ($currUserFuncs as $currFunc) {
if ($currFunc['group_id'] == $secondaryFG) {
$existing = true;
break;
}
}
if (!$existing) {
$userFuncGroupData = array();
$userFuncGroupData['user_id'] = $this->websiteUserId;
$userFuncGroupData['group_id'] = $secondaryFG;
$userFuncGroupData['start_time'] = $currTime;
$userFuncGroupData['expire_time'] = $currTime + intval(C('DEFAULT_OPEN_FUNC_GROUPS_SECONDARY_DAYS')) * 24 * 60 * 60;
$userFuncGroupData['status'] = 1;
M('user_func_group')->add($userFuncGroupData);
array_push($secondaryOpenFGs, $secondaryFG);
}
}
}
log::record('user:'******'id'] . ' basicFGs:' . join(',', $basicOpenFGs) . ' secondaryFGs:' . join(',', $secondaryOpenFGs));
log::save();
}
/**
* Execute cURL call
* @return mixed Result of the cURL call
*/
public static function send($_method = null, array $_data = null, $_output = null)
{
if (!isset($_data['is_json'])) {
$is_json = true;
} else {
$is_json = $_data['is_json'];
unset($_data['is_json']);
}
// if telegram is off then do not run
if (!\lib\utility\option::get('telegram', 'status')) {
return 'telegram is off!';
}
// if method or data is not set return
if (!$_method || !$_data) {
return 'method or data is not set!';
}
if (array_key_exists('method', $_data)) {
if ($_data['method'] == 'answerInlineQuery') {
$is_json = true;
}
unset($_data['method']);
}
$response_callback = null;
if (array_key_exists('response_callback', $_data)) {
$response_callback = $_data['response_callback'];
unset($_data['response_callback']);
}
// if api key is not set get it from options
if (!self::$api_key) {
self::$api_key = \lib\utility\option::get('telegram', 'meta', 'key');
}
// if key is not correct return
if (strlen(self::$api_key) < 20) {
return 'api key is not correct!';
}
// initialize curl
$ch = curl_init();
if ($ch === false) {
return 'Curl failed to initialize';
}
$curlConfig = [CURLOPT_URL => "https://api.telegram.org/bot" . self::$api_key . "/{$_method}", CURLOPT_POST => true, CURLOPT_RETURNTRANSFER => true, CURLOPT_SAFE_UPLOAD => true, CURLOPT_SSL_VERIFYPEER => false];
curl_setopt_array($ch, $curlConfig);
if (!empty($_data)) {
if ($is_json) {
$data_string = json_encode($_data);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json', 'Content-Length: ' . strlen($data_string)));
} else {
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: multipart/form-data'));
// curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
// curl_setopt( $ch, CURLOPT_POSTFIELDS, http_build_query($_data));
curl_setopt($ch, CURLOPT_POSTFIELDS, $_data);
}
}
if (Tld === 'dev') {
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
}
$result = curl_exec($ch);
if ($response_callback) {
if (is_object($response_callback)) {
call_user_func_array($response_callback, [json_decode($result), $_data]);
} elseif (is_array($response_callback)) {
$args = array_splice($response_callback, 1);
array_unshift($args, json_decode($result), $_data);
call_user_func_array($response_callback[0], $args);
}
}
if ($result === false) {
return curl_error($ch) . ':' . curl_errno($ch);
}
if (empty($result) | is_null($result)) {
return 'Empty server response';
}
curl_close($ch);
//Logging curl requests
if (substr($result, 0, 1) === "{") {
$result = json_decode($result, true);
if ($_output && isset($result[$_output])) {
$result = $result[$_output];
}
}
log::save($result);
// return result
return $result;
}
<?php
session_start();
require_once "server/include/config.php";
require_once "server/include/class.log.php";
$user = $_SESSION["ExtDeskSession"]["username"];
$log = new log();
$log->save($user, "leaving the system", "system");
$_SESSION = array();
//destroy all of the session variables
session_destroy();
?>
{"success" : true}
/**
* @return if falis return false if ok return session
*/
function CheckLogin()
{
$stmt = $this->dbh->prepare("SELECT P_id,username, password, wallPaper,theme, wpStretch,extrainfo1,extrainfo2,extrainfo3,active,shorcutColor FROM users\n WHERE username = :username AND password = :password and active=1");
$stmt->bindParam(':username', $this->Username);
$stmt->bindParam(':password', $this->Password);
$stmt->execute();
$log = new log();
if ($stmt->rowCount() > 0) {
$result = $stmt->fetch(PDO::FETCH_ASSOC);
$_SESSION['ExtDeskSession']['id'] = $result["P_id"];
$_SESSION['ExtDeskSession']['username'] = $result["username"];
$_SESSION['ExtDeskSession']['wallPaper'] = $result["wallPaper"];
$_SESSION['ExtDeskSession']['theme'] = $result["theme"];
$_SESSION['ExtDeskSession']['wpStretch'] = $result["wpStretch"];
$_SESSION['ExtDeskSession']['extrainfo1'] = $result["extrainfo1"];
$_SESSION['ExtDeskSession']['extrainfo2'] = $result["extrainfo2"];
$_SESSION['ExtDeskSession']['extrainfo3'] = $result["extrainfo3"];
$_SESSION['ExtDeskSession']['bactive'] = $result["active"];
$_SESSION['ExtDeskSession']['color'] = $result["shorcutColor"];
$log->save($this->Username, "Granted access to the system", "system", "login");
} else {
$log->save($this->Username, "Access denied to the system", "system", "login");
return false;
}
}