} public function getOrders() { return $this->orders; } } if (isset($_POST['submit']) || isset($_GET['submit'])) { extract($_POST); extract($_GET); $auth = new Authenticate(); $isAjax = isset($isAjax) && $auth->isAjax() ? true : false; $pdo = new PDOSingleton(PDOSingleton::ADMINUSER); $errorRunner = new ErrorRunner(); $logger = new FullLog('Corporate Viewing Orders'); $logger->serverData(); $checkAuth = new CheckAuth($logger); $errors = []; $orderID = !empty($orderid) ? $auth->cInt($orderid) : null; $isCorporate = $checkAuth->isCorporate(); $employeeID = !empty($_SESSION['employeeid']) ? $auth->cInt($_SESSION['employeeid']) : null; $employeeID || ($errors[] = "No customer id. You have most likely timed out. Log out and log back in."); $isCorporate || ($errors[] = "You are not authenticated as a corporate user."); $models = new stdClass(); $models->pdo = $pdo; $models->errorRunner = $errorRunner; $models->logger = $logger; $orderData = new stdClass(); $orderData->orderID = $orderID; $orderData->employeeID = $employeeID; $orderData->session = $_SESSION; if (empty($errors)) {
} public function removeOrder() { $this->data = $this->order->removeOrder(); } } if (isset($_POST['submit']) || isset($_GET['submit'])) { extract($_POST); extract($_GET); $auth = new Authenticate(); $isAjax = isset($isAjax) && $auth->isAjax() ? true : false; $pdo = new PDOSingleton(PDOSingleton::ADMINUSER); $errorRunner = new ErrorRunner(); $logger = new FullLog('Customer Remove Order'); $logger->serverData(); $checkAuth = new CheckAuth($logger); $errors = []; $action = !empty($action) ? $action : null; $orderID = !empty($id) ? $auth->cInt($id) : null; $isCustomer = $checkAuth->isCustomer(); $customerID = !empty($_SESSION['customerid']) ? $auth->cInt($_SESSION['customerid']) : null; $orderID || ($errors[] = "No orderid was specified on this request."); $customerID || ($errors[] = "No customer id. You have most likely timed out. Log out and log back in."); $isCustomer || ($errors[] = "You are not authenticated as a customer."); $csrf = !empty($csrf) ? $csrf : null; if (!isset($_SESSION['csrf_token']) || $_SESSION['csrf_token'] !== $csrf) { $errors[] = "This form does not appear to have originated from our site."; } $orderData = new stdClass(); $orderData->action = $action; $orderData->orderID = $orderID;
require_once dirname(dirname(__DIR__)) . DIRECTORY_SEPARATOR . "partials/header.php"; use security\Controllers\Corporate\EmployeeGroupsOrdersController; use security\Models\Authenticator\BlackLister; use security\Models\Authenticator\CheckAuth; use security\Models\ErrorRunner; use security\Models\PDOSingleton; use security\Models\RedisSingleton; use security\Models\Router\Router; use security\Models\SiteLogger\FullLog; $router = new Router(__DIR__); $rootPath = $router->rootPath; $redis = new RedisSingleton(); $errorRunner = new ErrorRunner(); $pdo = new PDOSingleton(PDOSingleton::CORPORATEUSER); $logger = new FullLog('Corporate View Orders Page'); $checkAuth = new CheckAuth($logger); $blackList = new BlackLister($redis); $isCorporate = $checkAuth->isCorporate(); $isAdmin = $checkAuth->isAdmin(); $router = new Router(__DIR__); $rootPath = $router->rootPath; if (!$isCorporate) { $logger->serverData(); $logger->addWarning("User attempted to access unauthorized location."); $error = rawurlencode('Not an authenticated corporate user.'); die(header("Location:{$rootPath}goodsite/corporate/corporatelogin.php?errors={$error}")); } $models = new stdClass(); $models->redis = $redis; $models->errorRunner = $errorRunner; $models->pdo = $pdo;
} public function removeOrder() { $this->data = $this->order->removeOrder(); } } if (isset($_POST['submit']) || isset($_GET['submit'])) { extract($_POST); extract($_GET); $auth = new Authenticate(); $isAjax = isset($isAjax) && $auth->isAjax() ? true : false; $pdo = new PDOSingleton(PDOSingleton::ADMINUSER); $errorRunner = new ErrorRunner(); $logger = new FullLog('Corporate Remove Order'); $logger->serverData(); $checkAuth = new CheckAuth($logger); $errors = []; $orderID = !empty($id) ? $auth->cInt($id) : null; $isAdmin = $checkAuth->isAdmin(); $groupID = !empty($_SESSION['groupid']) ? $auth->cInt($_SESSION['groupid']) : null; $orderID || ($errors[] = "No orderid was specified on this request."); $groupID || ($errors[] = "No group id. You have most likely timed out. Log out and log back in."); $isAdmin || ($errors[] = "You are not an admin and cannot perform this action."); $csrf = !empty($csrf) ? $csrf : null; if (!isset($_SESSION['csrf_token']) || $_SESSION['csrf_token'] !== $csrf) { $errors[] = "This form does not appear to have originated from our site."; } $orderData = new stdClass(); $orderData->action = $action; $orderData->orderID = $orderID; $orderData->groupID = $groupID;
use security\Controllers\Corporate\ViewCorporateOrdersController; use security\Models\Authenticator\Authenticate; use security\Models\Authenticator\BlackLister; use security\Models\Authenticator\CheckAuth; use security\Models\ErrorRunner; use security\Models\PDOSingleton; use security\Models\RedisSingleton; use security\Models\Router\Router; use security\Models\SiteLogger\FullLog; $router = new Router(__DIR__); $rootPath = $router->rootPath; $auth = new Authenticate(); $redis = new RedisSingleton(); $errorRunner = new ErrorRunner(); $logger = new FullLog('Corporate View Page'); $checkAuth = new CheckAuth($logger); $blackList = new BlackLister($redis); $isCorporate = $checkAuth->isCorporate(); $router = new Router(__DIR__); $rootPath = $router->rootPath; $userType = PDOSingleton::CORPORATEUSER; if ($checkAuth->isAdmin()) { $userType = PDOSingleton::ADMINUSER; } $pdo = new PDOSingleton($userType); $orderID = !empty($_GET['order']) ? $auth->cInt($_GET['order']) : null; $employeeID = !empty($_SESSION['employeeid']) ? $auth->cInt($_SESSION['employeeid']) : null; if (!$isCorporate) { $logger->serverData(); $logger->addWarning("User attempted to access unauthorized location."); $error = rawurlencode('Not an authenticated corporate user.');
{ $this->data['loggedout'] = $this->destroy->destroySession(); } public function jsonSerialize() { return $this->data; } } if (isset($_POST['submit']) || isset($_GET)) { extract($_POST); extract($_GET); $auth = new Authenticate(); $isAjax = isset($isAjax) && $auth->isAjax() ? true : false; $errorRunner = new ErrorRunner(); $logger = new FullLog('User Logging out'); $checkAuth = new CheckAuth($logger); $init = new SessionInitializers(); $errors = []; $isUser = $checkAuth->isAuth(); $csrf = !empty($csrf) ? $csrf : null; $session = isset($_SESSION) ? $_SESSION : null; $csrf || ($errors[] = "There is no token for this account. You have most likely timed out."); $isUser || ($errors[] = "You are not authenticated as an user."); $session || ($errors[] = "You do not have a session identifier."); if (!isset($_SESSION['csrf_token']) || $_SESSION['csrf_token'] !== $csrf) { $errors[] = "You do not have permission to perform that action."; } $userData = new stdClass(); $userData->session = $session; $modelObjects = new stdClass(); $modelObjects->init = $init;
$this->data = $this->orderModel->addOrder(); } public function getOrder() { return $this->data; } } if (isset($_POST['submit']) || isset($_GET['submit'])) { extract($_POST); extract($_GET); $auth = new Authenticate(); $isAjax = isset($isAjax) && $auth->isAjax() ? true : false; $errorRunner = new ErrorRunner(); $logger = new FullLog('Customer Add New Order'); $logger->serverData(); $checkAuth = new CheckAuth($logger); $errors = []; $isValidUser = $checkAuth->isAuth(); $isAdmin = $checkAuth->isAdmin(); $isCustomer = $checkAuth->isCustomer(); // We need admin privileges to assign a group to this. // For demo purposes, this assignment will be random, // but in a real app, this order would be pending until // someone could assign it. if ($isAdmin || $isCustomer) { $pdo = new PDOSingleton(PDOSingleton::ADMINUSER); } if (!$isAdmin && !$isCustomer) { $errors[] = "Not a privileged account. Cannot perform action."; } if ($isAdmin) {
public function getCustomerList() { return $this->model->getCustomerList(); } } if (isset($_POST['submit']) || isset($_GET['submit'])) { extract($_POST); extract($_GET); $auth = new Authenticate(); $errors = []; $isAjax = isset($isAjax) && $auth->isAjax() ? true : false; $pdo = new PDOSingleton(PDOSingleton::CORPORATEUSER); $errorRunner = new ErrorRunner(); $logger = new FullLog('Employee Initializers'); $logger->serverData(); $checkAuth = new CheckAuth($logger); $models = new stdClass(); $models->logger = $logger; $models->errorRunner = $errorRunner; $models->auth = $auth; $models->pdo = $pdo; $models->checkAuth = $checkAuth; $isAuth = $checkAuth->isAuth(); $isCorporate = $checkAuth->isCorporate(); $isGroup = $checkAuth->isGroup(); $isAuth || ($errors[] = "Not authenticated"); $isGroup || ($errors[] = "Not valid group member"); $isCorporate || ($errors[] = "Incorrect user type."); isset($_SESSION) || ($errors[] = "No customer is available."); $order = new stdClass(); $order->session = $_SESSION;