public static function generate($customerId)
{
$tan = new Tan();
$tan->customerId = $customerId;
$tan->value = Helper::randomString(15);
return $tan;
}
/**
* @return void
*/
public function createAction()
{
if ($this->isAJAX() && $this->isRequestMethod('POST')) {
$status = 400;
$data = array("error" => 'bad_request');
$request = json_decode(file_get_contents('php://input'));
if (filter_var($request->{'_csrf_token_register'}, FILTER_SANITIZE_STRING) && filter_var($request->{'_username'}, FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => '/^[a-zA-Z0-9]{3,15}$/'))) && filter_var($request->{'_password'}, FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => '/^[a-zA-Z0-9]{6,20}$/')))) {
$status = 400;
$data = array("error" => 'bad_request');
$csrf_token_register = htmlspecialchars($request->{'_csrf_token_register'}, ENT_QUOTES);
if ($csrf_token_register == hash('sha256', Security::getCSRFToken('csrf_token_register'))) {
$username = htmlspecialchars($request->{'_username'}, ENT_QUOTES);
$password = htmlspecialchars($request->{'_password'}, ENT_QUOTES);
$user = $this->loadModel('User');
$user->Username = $username;
$user->Password = $password;
$status = 409;
$data = array('error' => 'username_is_taken');
if (!$user->isUsernameTaken()) {
$id = $user->Save(array('username' => $username, 'password' => $user->Password));
if ($id > 0) {
$role = $this->loadModel('Role');
$role->Save(array('user_id' => $id, 'role_id' => 1));
$status = 201;
$data = array('id' => $id);
}
}
}
}
http_response_code($status);
echo json_encode($data);
} else {
Helper::redirectTo(WEB . 'register');
}
}
/**
* @access public
* @param string $name
* @param int $length
* @return string
*/
public static function generateCSRFToken($name, $length = 100)
{
$token = Helper::random($length);
Session::Start();
Session::Set($name, $token);
return hash('sha256', $token);
}
/**
* @return void
*/
public function indexAction()
{
if ($this->isAJAX() && $this->isRequestMethod('POST')) {
$status = 400;
$data = array('error' => 'bad_request');
if (filter_has_var(INPUT_POST, "_csrf_token_login") && filter_has_var(INPUT_POST, "_username") && filter_has_var(INPUT_POST, "_password")) {
$status = 403;
$data = array('error' => 'bad_request');
$csrf_token_login = htmlspecialchars($_POST['_csrf_token_login'], ENT_QUOTES);
if ($csrf_token_login == hash('sha256', Security::getCSRFToken('csrf_token_login'))) {
$status = 204;
$data = array('error' => 'no_content');
$username = htmlspecialchars($_POST['_username'], ENT_QUOTES);
$password = htmlspecialchars($_POST['_password'], ENT_QUOTES);
$user = $this->loadModel('User');
$user->Username = $username;
$user->Password = $password;
$id = $user->isAuthorized();
if ($id > 0) {
Security::loggedIn($id, $user->Role);
Security::destroyCSRFToken('csrf_token_login');
$status = 200;
$data = array('id' => $id, 'role' => $user->Role);
}
}
}
http_response_code($status);
echo json_encode($data);
} else {
Helper::redirectTo(WEB . 'register');
}
}
public function register(Request $request)
{
$employeeRepository = $this->getEmployeeRepository();
$employee = new Employee();
//check for all request parameters
if (!isset($request->request['email']) || !isset($request->request['password']) || !isset($request->request['passwordRep']) || !isset($request->request['firstname']) || !isset($request->request['lastname'])) {
return JsonErrorResponse::fromKey(JsonErrorResponse::INVALID_REQUEST_PARAMETER);
}
if (strcmp($request->request['password'], $request->request['passwordRep']) != 0) {
return JsonErrorResponse::fromKey(JsonErrorResponse::UNEQUAL_PASSWORD_ERROR);
}
if (!Helper::checkPasswordConstraints($request->request['password'])) {
return JsonErrorResponse::fromKey(JsonErrorResponse::PASSWORD_REQUIREMENTS_ERROR);
}
$salt = Helper::randomString(5);
$password = $request->request['password'];
$hash = Helper::hashPassword($password, $salt);
//---- validation ---
$email = $request->request['email'];
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
if (!is_null($employeeRepository->getEmployeeByEmail($email)) || !is_null($this->getCustomerRepository()->getCustomerByEmail($email))) {
return new JsonResponse(array('success' => true));
}
$employee->email = $email;
} else {
return JsonErrorResponse::fromKey(JsonErrorResponse::INVALID_REQUEST_EMAIL);
}
$employee->firstname = filter_var($request->request['firstname'], FILTER_SANITIZE_STRING);
$employee->lastname = filter_var($request->request['lastname'], FILTER_SANITIZE_STRING);
if ($employeeRepository->createEmployeeAccount($employee, $salt, $hash)) {
return new JsonResponse(array('success' => true));
} else {
return JsonErrorResponse::fromKey(JsonErrorResponse::UNEXPECTED_ERROR);
}
}
public function indexAction()
{
if ($this->isAJAX() && $this->isRequestMethod('POST')) {
Security::loggedOut();
http_response_code(200);
echo json_encode(array('success' => true));
} else {
Helper::redirectTo(WEB . DEFAULT_ROUTE);
}
}
public function crudAction()
{
if (Security::getUserRole() === 'ROLE_ADMIN') {
$css = [STYLES . 'grid.css'];
$js = [SCRIPTS . 'category.js', SCRIPTS . 'category-crud.js', SCRIPTS . 'categories.js'];
$this->loadView(LAYOUT, 'Category/Admin/index', 'Categories', $css, $js, ['csrf_token_category' => Security::generateCSRFToken('csrf_token_category')]);
} else {
Helper::redirectTo(WEB . 'categories');
}
}
public function crudAction()
{
if (Security::getUserRole() === 'ROLE_ADMIN') {
$comments = $this->loadModel('Comment')->loadAll();
$css = [STYLES . 'comments.css'];
$js = [SCRIPTS . 'comment.js', SCRIPTS . 'comment-crud.js'];
$this->loadView(LAYOUT, 'Comments/Admin/index', 'Comments', $css, $js, ['comments' => $comments, 'csrf_token_comment' => Security::generateCSRFToken('csrf_token_comment')]);
} else {
Helper::redirectTo(WEB . 'comments');
}
}
public function __construct()
{
$this->app = App::instance();
if (!$this->templatePath) {
$this->templatePath = $this->app->get('templatePath');
}
if (!$this->viewPath) {
$fullClass = get_called_class();
$pos = strrpos($fullClass, '\\');
$nsp = false === $pos ? '/' : substr($fullClass, 0, $pos);
$this->viewPath = Helper::fixSlashes(dirname(dirname(__DIR__)) . '/' . $nsp . '/view/');
}
}
/**
* @access public
* @return void
*/
public function run()
{
$bootstrap = new Bootstrap();
$bootstrap->setCurrentController(DEFAULT_CONTROLLER);
$bootstrap->setCurrentAction(DEFAULT_ACTION);
$bootstrap->parseUrl();
$route = $bootstrap->getRoute();
if (!empty($this->routes[$route]['isOauthRequired']) && !Security::isUserLoggedIn()) {
Helper::redirectTo(WEB . DEFAULT_ROUTE);
} else {
if (!empty($this->routes[$route]['controller'])) {
$controller = $this->routes[$route]['controller'];
$bootstrap->setController($controller);
}
$bootstrap->loadControllerFile();
$bootstrap->initControllerClass();
$bootstrap->runControllerAction($bootstrap->getAction(), $bootstrap->getParams());
}
}
public function account(User $user, Database $db, Request $request)
{
$fields = ['username' => $request->get('username', $user->get('username')), 'password' => $request->get('password', $user->get('password')), 'new_password' => $request->get('new_password', $user->get('new_password')), 'name' => $request->get('name', $user->get('name'))];
$error = null;
$selfUrl = $this->homeUrl . '/account';
$labels = $this->app->load('app/config/translations/user-labels.php');
if ($request->isPost()) {
$old_password = $user->get('password');
$rules = ['name,username' => 'required', 'password' => 'required,Password saat ini tidak boleh kosong', '-password' => "equal({$old_password}),Password saat ini tidak valid", 'new_password' => 'minLength(4,allowEmpty)'];
$error = $this->validation->setData($fields)->setRules($rules)->setLabels($labels)->validate()->getError();
if (!$error) {
// handle file
$filename = $request->baseDir() . 'asset/avatars/user-' . $user->get('id');
if (Helper::handleFileUpload('avatar', $filename, $this->app->get('imageTypes'))) {
$fields['avatar'] = basename($filename);
}
if ($fields['new_password']) {
$fields['password'] = $fields['new_password'];
}
unset($fields['new_password']);
$filter = ['id = ?', $user->get('id')];
$saved = $db->update('user', $fields, $filter);
if ($saved) {
$user->register($fields);
$user->message('success', 'Data sudah diupdate');
return $this->redirect($selfUrl);
} else {
$error = 'Data gagal disimpan!';
}
}
$user->message('error', $error);
}
$avatar = $user->get('avatar');
$avatar = $this->app->asset($avatar ? 'asset/avatars/' . $avatar : 'asset/images/avatar.png');
$form = $this->form->setData($fields)->setLabels($labels)->setAttrs(['class' => 'form-horizontal', 'enctype' => 'multipart/form-data'])->setDefaultControlAttrs(['class' => 'form-control'])->setDefaultLabelAttrs(['class' => 'form-label col-md-4']);
return $this->render('profil', ['form' => $form, 'avatar' => $avatar, 'backUrl' => 'index']);
}
public function __construct()
{
$this->data['templatePath'] = Helper::fixSlashes(dirname(__DIR__) . '/template');
}
$method = $defaultMethod;
}
// check method visibility
$mref = new ReflectionMethod($class, $method);
if (false === $mref->isPublic() || '_' === $method[0] || method_exists($class, '_' . $method)) {
// invalid method
$class = $errorHandler;
$method = 'notAllowed';
}
$mref = null;
// current handler info
$app->set('controller', $class)->set('method', $method);
$segments = [];
} else {
$last = array_pop($segments);
$pMethod = Helper::fixRouteToClassMap($last);
array_unshift($args, $last);
}
}
}
unset($current_path, $namespace, $suffix, $defaultController, $defaultMethod, $errorHandler, $segments, $pMethod, $clone, $pClass, $pNamespace, $mref);
// controller construction
$instance = $app->service($class);
$response = null;
if (method_exists($instance, '_beforeRoute')) {
$response = $app->call($instance, '_beforeRoute', $args);
}
if (false === $response || null === $response) {
$response = $app->call($instance, $method, $args);
}
if ($response instanceof Response) {
public function approveRegistration(Request $request, $customerId)
{
if (!isset($request->request['amount'])) {
return JsonErrorResponse::fromKey(JsonErrorResponse::INVALID_REQUEST_PARAMETER);
}
$amount = $request->request['amount'];
if (!filter_var($amount, FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => "/^\\d*(\$|\\.\\d\\d\$)/")))) {
return JsonErrorResponse::fromKey(JsonErrorResponse::INVALID_AMOUNT);
}
$amount = floatval($amount);
$customerRepository = $this->getCustomerRepository();
$customer = $customerRepository->getCustomerById($customerId);
if (is_null($customer)) {
return JsonErrorResponse::fromKey(JsonErrorResponse::INVALID_CUSTOMER_ID);
}
if ($customer->status == 'pending') {
$credentials = $customerRepository->getCustomerCredentials($customer);
if (is_null($credentials['scs_pin'])) {
$password = Helper::randomString(5);
$message = "Dear {$customer->firstname} {$customer->lastname}," . PHP_EOL . "your Account was successfully approved!" . "You can now login and make transactions with your tan list" . $password . PHP_EOL . PHP_EOL . "Best Regards," . PHP_EOL . "SitzBank";
$mail = Helper::getPhpMailer();
$mail->addAddress($customer->email, $customer->firstname . ' ' . $customer->lastname);
$mail->Subject = "Account approved!";
$mail->Body = $message;
if (!$mail->send()) {
return JsonErrorResponse::fromKey(JsonErrorResponse::MAIL_ERROR);
}
} else {
// using the scs generator
$message = "Dear {$customer->firstname} {$customer->lastname}," . PHP_EOL . "your Account was successfully approved! You chose to use the scs tan generator." . PHP_EOL . "You can download the generator in the logged in area (make a transfer section)." . PHP_EOL . "Your scs pin is " . $credentials['scs_pin'] . PHP_EOL . "Best Regards," . PHP_EOL . "SitzBank";
$mail = Helper::getPhpMailer();
$mail->addAddress($customer->email, $customer->firstname . ' ' . $customer->lastname);
$mail->Subject = "Welcome to Sitzbank!";
$mail->Body = $message;
if (!$mail->send()) {
return JsonErrorResponse::fromKey(JsonErrorResponse::MAIL_ERROR);
}
}
}
if ($customerRepository->approveRegistration($customerId)) {
if ($amount > 0) {
$transaction = Transaction::withData(1, $customer->id, $amount, "Initial Account Balance", 'approved');
$this->getTransactionRepository()->createTransaction($transaction);
}
return new JsonResponse(array('success' => true));
}
return JsonErrorResponse::fromKey(JsonErrorResponse::UNEXPECTED_ERROR);
}
public function resetPassword(Request $request)
{
if (!isset($request->request['token']) || !isset($request->request['password']) || !isset($request->request['passwordRep'])) {
return JsonErrorResponse::fromKey(JsonErrorResponse::INVALID_REQUEST_PARAMETER);
}
//Validate token
$token = filter_var($request->request['token'], FILTER_SANITIZE_STRING);
$customer = $this->getCustomerRepository()->getCustomerByPasswordResetToken($token);
if (is_null($customer)) {
return JsonErrorResponse::fromKey(JsonErrorResponse::INVALID_PW_RESET_TOKEN);
}
//Validate password
if (strcmp($request->request['password'], $request->request['passwordRep']) != 0) {
return JsonErrorResponse::fromKey(JsonErrorResponse::UNEQUAL_PASSWORD_ERROR);
}
if (!Helper::checkPasswordConstraints($request->request['password'])) {
return JsonErrorResponse::fromKey(JsonErrorResponse::PASSWORD_REQUIREMENTS_ERROR);
}
$password = $request->request['password'];
$salt = Helper::randomString(5);
$hash = Helper::hashPassword($password, $salt);
if ($this->getCustomerRepository()->updateCustomerCredentials($customer, $salt, $hash)) {
$this->getCustomerRepository()->removePassworReset($customer->id);
return new JsonResponse(array('message' => 'Your password has been reseted. You can now login in with your new password.'));
}
return JsonErrorResponse::fromKey(JsonErrorResponse::UNEXPECTED_ERROR);
}
public function saveAction()
{
if ($this->isAJAX() && $this->isRequestMethod('POST')) {
$this->status = 400;
$this->data = array("error" => 'bad_request');
if (filter_has_var(INPUT_POST, '_csrf_token_news')) {
$csrf_token_news = htmlspecialchars($_POST['_csrf_token_news'], ENT_QUOTES);
if ($csrf_token_news == hash('sha256', Security::getCSRFToken('csrf_token_news'))) {
if (filter_has_var(INPUT_POST, '_id')) {
if (is_numeric($_POST['_id'])) {
$id = $_POST['_id'];
if ($id == 0) {
$this->create();
} else {
$this->update($id);
}
}
}
}
}
http_response_code($this->status);
echo json_encode($this->data);
} else {
if (!$this->isAJAX()) {
Helper::redirectTo(WEB . 'news/category');
}
}
}