/**
* @return mixed
*/
public function pubpriv()
{
/**
* Verify CSRF token.
*/
if ($_POST['_token'] !== Session::token()) {
return Response::json(array('error' => true));
}
/**
* Session validation
*/
$session = Session::get('uber_profile');
if (!isset($session) || $session['utid'] !== $_POST['utid']) {
return Response::json(array('error' => true));
}
/**
* Find Uber row and change public/private status.
*/
$uber = Uber::where('utid', $_POST['utid'])->first();
$status = $_POST['status'] == 1 ? false : true;
$uber->public = $status;
$uber->save();
/**
* Respond with json success data.
*/
return Response::json(array('success' => true, 'dump' => $uber->public));
}
/**
* 启用禁用状态切换
* @param $item
* @return string
*/
public static function block_btn_status_select($item)
{
$url = URL::action(static::$action . '.edit.status');
if (Permission::checkMe(static::$action . '.edit.status')) {
$disabled = "";
} else {
$disabled = "disabled";
}
$current = $item->getStatus();
$token = Session::token();
$li = '';
$allowedStatus = $item->getAvailableNextStatus();
if (isset(static::$allowedStatus) && is_array(static::$allowedStatus)) {
$allowedStatus = array_intersect($allowedStatus, static::$allowedStatus);
}
foreach ($allowedStatus as $status) {
$li .= <<<LI
<li><a class="table-role-btn-switch" href="javascript:;" data-attr-id='{$item->id}' data-attr-token='{$token}' data-attr-url='{$url}' {$disabled}>{$status}</a></li>
LI;
}
$button = <<<BUTTON
<div class="btn-group" style="margin:0 auto;">
<button type="button" class="btn btn-xs btn-warning btn-current-status" {$disabled}>{$current}</button>
<button type="button" class="btn btn-xs btn-warning dropdown-toggle" data-toggle="dropdown" {$disabled}>
<span class="caret"></span>
<span class="sr-only">Toggle Dropdown</span>
</button>
<ul class="dropdown-menu" role="menu">
{$li}
</ul>
</div>
BUTTON;
return $button;
}
/** Save a naw post
* @param Request $request
* @return Response of the ajax request.
*/
public function store(Request $request)
{
//ajax storage.
//1. check if its out form.
if (Session::token() !== Input::get('_token')) {
return response()->json(array('message' => 'unauthorized attempt to sent a post'));
}
//get the oldest post id. this will be used to append to the post ul.
$old_post = DB::table('posts')->max('id');
//2. retreive the data in the form.
$post = new Post();
$post->title = Input::get('title');
$post->body = Input::get('body');
$post->post_author_id = Auth::id();
if ($post->save()) {
//get the profile image of the use.
$profile_image_name = Profile::find(Auth::id())->pluck('profile_image_name');
// create a json response and return it.
$response = array('title' => $post->title, 'body' => $post->body, 'post_author_id' => $post->post_author_id, 'user_id' => Auth::id(), 'profile_image_name' => $profile_image_name, 'post_id' => $post->id, 'old_post' => $old_post, 'nickname' => $request->user()->nickname, 'message' => 'Your message has been posted', 'status' => 'success');
return response()->json($response, 200);
} else {
//500 = Internal server error
return response('Sorry, An Error Occurred. Please retry the request', 500);
}
}
public function postDeleteTipConstructie()
{
if (Request::ajax()) {
if (Session::token() === Input::get('_token')) {
$id = Input::get('id');
DB::table('tip_constructie')->where('id', $id)->update(array('logical_delete' => 1));
return $id;
}
}
}
public function postDeleteBancaEntitate()
{
if (Request::ajax()) {
if (Session::token() === Input::get('_token')) {
$id = Input::get('id');
DB::table('banca_entitate')->where('id', $id)->update(array('logical_delete' => 1));
return $id;
}
}
}
public function create()
{
// check if it's our form
if (Session::token() !== Input::get('_token')) {
return response()->json(array('msg' => 'Unauthorized attempt to create Setting'));
}
// retrieve the data
$setting_name = Input::get('setting_name');
$setting_value = Input::get('setting_value');
//..................
//validate data and store in db here...
$setting = new Setting();
$setting->setting_name = $setting_name;
$setting->setting_value = $setting_value;
$setting->save();
//..................
// create a response message and send it.
$response = array('status' => 'success', 'msg' => 'setting created successfully');
return response()->json($response);
}
/**
* 启用禁用状态切换
* @param $item
* @return string
*/
public static function block_btn_switch($item)
{
if (true == $item->trashed()) {
return '';
}
if (false == method_exists($item, 'switchOn') || false == method_exists($item, 'switchOff')) {
return '';
}
if ($item->switchIsOn()) {
$action = static::$action . '.edit.switch.off';
$checked = 'checked';
} else {
$action = static::$action . '.edit.switch.on';
$checked = '';
}
$urlON = URL::action(static::$action . '.edit.switch.on');
$urlOFF = URL::action(static::$action . '.edit.switch.off');
if (Permission::checkMe($action)) {
$readonly = "";
} else {
$readonly = "readonly";
}
$token = Session::token();
return "<input type='checkbox' data-on-text='启用' data-off-text='禁用' data-size='small' data-token='{$token}' data-item-id='{$item->id}' data-action-on='{$urlON}' data-action-off='{$urlOFF}' class='gofarms-admin-switch' {$checked} {$readonly}>";
}
function csrf_validate(&$data)
{
$session_token = Session::token();
if (is_array($data) and $this->session_id()) {
foreach ($data as $k => $v) {
if ($k == 'token' or $k == '_token') {
if ($session_token === $v) {
unset($data[$k]);
return true;
}
}
}
}
}
/**
* Returns Javascript parameters for remote validated rules.
*
* @param $attribute
*
* @return array
*/
private function jsRemoteRule($attribute)
{
$token = Session::token();
$token = Crypt::encrypt($token);
$params = [$attribute, $token];
return [$attribute, $params];
}
public function postDeleteLocatar()
{
if (Request::ajax()) {
if (Session::token() === Input::get('_token')) {
$id = Input::get('id');
DB::table('locatari_imobil')->where('id', $id)->update(array('logical_delete' => 1));
return $id;
}
}
}
public function postAsociazaPersonal()
{
if (Request::ajax()) {
if (Session::token() === Input::get('_token')) {
$id = Input::get('id');
DB::table('personal_entitate')->insertGetId(array('id_entitate' => Input::get('id_entitate'), 'id_personal' => $id));
return $id;
}
}
}
public function testFormSubmitAuthError()
{
$this->get('/login')->seeStatusCode(200)->see('Login');
$this->post('/login', ['email' => 'wrong', 'password' => '*****@*****.**', '_token' => Session::token()])->see('Redirecting to http://localhost/login');
}
public function createUserAndLogin()
{
$password = str_random(6);
$user = factory(User::class)->create(['password' => bcrypt($password)]);
$this->post('/login', ['email' => $user->getEmail(), 'password' => $password, '_token' => Session::token()])->see('<title>Redirecting to http://localhost/admin/article</title>');
}
/**
* Run the csrf filter.
*
* We're protecting Cachet against cross-site request forgery attacks. If
* our csrf token in the session does not match the one given sent to us in
* this request, then we'll bail.
*
* @param \Illuminate\Routing\Route $route
* @param \Illuminate\Http\Request $request
*
* @throws \Illuminate\Session\TokenMismatchException
*
* @return void
*/
public function filter(Route $route, Request $request)
{
if (Session::token() !== $request->input('_token')) {
throw new TokenMismatchException();
}
}
