<?php
require_once '../includes/config.inc';
require_once '../includes/access.inc';
$requestedUrl = isset($_REQUEST['ref']) ? base64_decode(htmlentities($_REQUEST['ref'])) : $BASE_URL . '/dashboard.php';
$submitted = isset($_REQUEST['submitted']);
$username = isset($_REQUEST['username']) ? htmlentities($_REQUEST['username']) : false;
$password = isset($_REQUEST['password']) ? htmlentities($_REQUEST['password']) : false;
$smarty = new MySmarty($SMARTY_CONFIG);
if ($submitted) {
try {
$access = new Access();
if ($access->authenticate($username, $password)) {
header("Location: " . $requestedUrl);
exit;
} else {
$smarty->assign('errorMessage', 'Username or Password is incorrect. Please try logging in again.');
}
} catch (AccessDeniedException $e) {
header('HTTP/1.1 401 Access Denied');
echo "AccessDeniedException: " . $e->getMessage();
} catch (Exception $e) {
header('HTTP/1.1 500 Internal Server Error');
echo "Exception: " . $e->getMessage();
}
}
$smarty->assign('login', 'login');
$smarty->display('login.tpl');
<?php
require_once '../includes/config.inc';
require_once 'access.inc';
require_once 'accessdeniedexception.inc';
$smarty = new MySmarty($SMARTY_CONFIG);
try {
$access = new Access();
$access->authenticate(null, null, false);
$user = $access->getUser();
$smarty->assign('user', $user);
} catch (AccessDeniedException $e) {
// Don't need to do anything, This just means user is not logged in.
}
$smarty->assign('left_menu', true);
$smarty->assign('about', 'about');
$smarty->display('about.tpl');
<?php
require_once '../includes/config.inc';
require_once 'user.inc';
require_once 'access.inc';
require_once 'activity.inc';
require_once 'accessdeniedexception.inc';
require_once 'category.inc';
require_once 'transaction.inc';
$access = new Access();
$access->authenticate();
$user = $access->getUser();
$action = isset($_REQUEST['action']) ? htmlentities($_REQUEST['action']) : false;
$data = isset($_REQUEST['data']) ? $_REQUEST['data'] : false;
try {
if ($action) {
if ($data === false) {
throw new Exception("Missing required parameter data");
}
switch ($action) {
case 'edit':
$transaction = new Transaction(new MySqlDB());
$transaction->start();
$activity = Factory::getView(new ActivityKey($_POST['data']['id']));
$activity->setName($data['name']);
if ($data['category'] != null && trim($data['category']) && $data['category'] != 'null') {
$activity->setCategory(Factory::getView(new CategoryKey($data['category'])));
}
$activity->setTransactionDate(new Date($_POST['data']['transdate']));
$activity->setAmount($data['amount']);
$transaction->commit();
if (!preg_match("/((?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[^a-zA-Z0-9\\s]).{8,})/", $_POST['new_password'])) {
$smarty->assign('err_message', 'Password Invalid! Must be at least 8 characters and have one lowercase, one uppercase, one number, and one special character.');
$smarty->display('reset_password.tpl');
}
try {
$username = $_GET['username'];
$pid = $_GET['pid'];
$result = User::checkAuthentication($username, $pid, true);
if ($result) {
$transaction = new Transaction(new MySqlDB());
$transaction->start();
$user = User::getUserByUserName($username);
$user->setPassword($_POST['new_password'], false);
$transaction->commit();
$access = new Access();
if ($access->authenticate($username, $_POST['new_password'])) {
header("Location: dashboard.php");
exit;
}
} else {
echo 'fff';
}
} catch (Exception $e) {
if ($transaction && !$transaction->isComplete()) {
$transaction->rollback();
}
header('HTTP/1.1 500 Internal Server Error');
echo "Exception: " . $e->getMessage();
}
} else {
$username = $_GET['username'];