function login() { $referer = isset($_POST['referer']) ? $_POST['referer'] : _BASE_URL_ . "/posts/view_all"; if (!trim($_POST['user_id']) || !trim($_POST['password'])) { msg_page("Required fields are missing."); } $data = array("user_id" => trim(strval($_POST['user_id'])), "password" => SHA1($_POST['password'] . SALT)); $user = $this->User->getUser("*", $data); if ($this->User->count > 0) { $_SESSION['LOGIN_NO'] = $user["id"]; $_SESSION['LOGIN_ID'] = $user["user_id"]; $_SESSION['LOGIN_NAME'] = $user["name"]; $_SESSION['LOGIN_EMAIL'] = $user["email"]; $_SESSION['LOGIN_LEVEL'] = $user["level"]; /*check is save id */ $is_save_id = isset($_POST['is_save_id']) ? trim(strval($_POST['is_save_id'])) : "N"; if ($is_save_id == "Y") { setcookie("is_save_id", "Y", time() + 60 * 60 * 24 * 365, "/"); setcookie("LOGIN_ID", $user['user_id'], time() + 60 * 60 * 24 * 365, "/"); } else { setcookie("is_save_id", "", time() + 60 * 60 * 24 * 365, "/"); } } else { msg_page("information does not match.", $referer); } redirect($referer); }
function del($id = null) { if ($this->Category->del($id)) { msg_page('Success delete post.', _BASE_URL_ . "/manager/categories/view_all"); exit; } else { msg_page('Cannot delete this post.'); exit; } }
function del($id) { if (!is_login()) { msg_page('After login you can use.', _BASE_URL_ . "/users/loginForm"); exit; } if ($this->Comment->del($id)) { msg_page('Success delete post.'); exit; } else { msg_page('Cannot delete this post.'); exit; } }
function editForm($id = null) { if (!is_login()) { msg_page('After login you can use.', _BASE_URL_ . "/users/loginForm"); exit; } $this->set('title', 'Edit Post - GJboard App'); $post = $this->Post->getPost("*", array("id" => $id)); $category = new Category(); $categories = $category->getList(array('register_date' => 'asc'), "1000"); if ($_SESSION['LOGIN_ID'] != $post['user_id']) { msg_page('You do not have permission to access.', _BASE_URL_ . "/posts/view/" . $id); exit; } $this->set('categories', $categories); $this->set('post', $post); }