/** * Purpose: To block access to core files and LOG ACCESS ATTEMPTS */ public function deny() { $IP = cx\app\main_functions::get_real_ip_address(); $log = "Folder: " . $this->request->get_var('f') . ", "; if (strstr($IP, ', ')) { $ips = explode(', ', $IP); $i = 0; foreach ($ips as $ip_address) { $i++; $host = cx\app\main_functions::get_host($ip_address); $log .= "IP Address[{$i}]: {$ip_address}, HOST: {$host} \r\n"; } } else { $host = cx\app\main_functions::get_host($IP); $log .= "IP Address: {$IP}, HOST: {$host} \r\n"; } $log .= str_repeat("-=", 10); $filename = "denied_access.log.txt"; $logger = $this->load_class('cx\\common\\log', $filename); $logger->write($log); unset($logger); // save now cx\app\main_functions::set_message('Attempt to access core files has been logged with your IP!', 'danger'); $this->error404($ignore = true); }
public function edit_user() { $id = cx\app\static_request::init('get', 'id'); if ($id->is_not_set()) { echo "Invalid id!"; exit; } if ($id->to_int() !== $this->session->get_int(CX_LOGIN . 'id')) { $this->auth(array('user' => 'admin_check')); $lock_rights_controls = false; // Admin } elseif ($this->auth(array('user' => 'is_admin')) === true) { $lock_rights_controls = false; // Admin can modify self, as they can create any user... } else { $lock_rights_controls = true; // User must not be able to grant self more rights! } $this->load_model(); $db_options = array('table' => 'users', 'key' => 'id'); $edit_user = new cx\database\model($db_options); if ($id->is_not_valid_id()) { // no existing data $model = array(); $model['new'] = true; } else { $edit_user->load($id->to_int()); $model = $edit_user->get_members(); if ($model == array()) { echo "Invalid id!"; exit; } $s_pwd = $model['password']; // Save Pwd unset($model['password']); // Remove scrambled DB password, so user does not see it! $model['new'] = false; } $model['lock_rights_controls'] = $lock_rights_controls; $model['rights_statuses'] = array('admin' => 'Administrator', 'staff' => 'Staff', 'cus' => 'Customer', 'api' => 'API client'); if (cx\app\static_request::init('post', 'save')->is_set()) { $edit_user->auto_set_members(); // Set all post vars to DB $confirm = $this->request->post_var('confirm'); $pwd = $this->request->post_var('password'); if (cx\app\static_request::init('post', 'username')->is_empty() || cx\app\static_request::init('post', 'fname')->is_empty() || cx\app\static_request::init('post', 'lname')->is_empty()) { cx\app\main_functions::set_message('First/Last name or username is missing.'); $saveme = false; } elseif ($model['new'] === false && $this->request->is_empty($confirm) && $this->request->is_empty($pwd)) { $edit_user->set_member('password', $s_pwd); // Keep current password! $saveme = true; } elseif ($this->request->is_not_empty($confirm) && $pwd === $confirm && strlen($pwd) > 6) { $this->load_model('users' . DS . 'users'); $db_options = array('api' => false); $users = new cx\model\users($db_options); $edit_user->set_member('password', $users->get_pwd_hash($pwd)); // Assign new pwd $saveme = true; } else { cx\app\main_functions::set_message('Password not strong/does not match.'); $saveme = false; } if ($saveme === true) { $success = $edit_user->save(); $id = $edit_user->get_member('id'); if ($success === true && $id > 0) { cx_redirect_url($this->get_url('/app/users', 'edit_user', 'id=' . $id)); } } } $frm = $this->load_class('cx\\form\\form', array('name' => 'edit_user', 'defaults' => array('readonly' => false))); $frm->grab_form('app' . DS . 'users' . DS . 'edit_user', $model); $frm->end_form(); $this->add_js('./assets/pwd-meter.min.js'); $this->add_css('./assets/login.css'); $index = $this->get_url('app/users', 'index'); $this->breadcrumb = array($index => "List Users"); $this->active_crumb = "Edit User"; $this->do_view($frm->get_html()); }