static function get_by_person($p) { if (!is_a($p, 'Person') || intval($p->id) == 0) { return false; } $db = Get::db('songwork'); $db->query("SELECT * FROM admins WHERE person_id=" . $p->id); if ($db->num_rows() == 0) { return false; } $x = new Administrator($db->next_record()); $x->set_person($p); return $x; }
/** * get singleton instance */ public static function getInstance() { if (!self::$instance) { self::$instance = new Administrator(); } return self::$instance; }
function testBadGet() { $x = Administrator::get_by_person(false); $this->assertFalse($x); $x = Administrator::get_by_person(new Person(array('id' => 999))); $this->assertFalse($x); }
public function authenticate() { $login = $_REQUEST['login']; $password = md5($_REQUEST['password']); if ($login == '' || $password == '') { $user = new PEAR_Error('authentication_error_blank'); } else { $user = new Administrator(); $user->whereAdd("login = '******'"); $user->whereAdd("password = '******'"); $user->find(); if ($user->N != 1) { $user = new PEAR_Error('authentication_error_invalid'); } else { $user->fetch(); } } return $user; }
/** * export/download overall report into pdf * role: administrator */ public function get_overall() { if (Authenticate::is_authorized()) { $model_player = Player::getInstance(); $model_feedback = Feedback::getInstance(); $model_administrator = Administrator::getInstance(); $model_leaderboard = Leaderboard::getInstance(); $model_report = new ReportGenerator(); $model_report->get_report_overall($model_player->get_player_report(), $model_feedback->retrieve_feedback_report(), $model_administrator->retrieve_traffic_report(), $model_leaderboard->get_top10_ranking()); $model_report->print_report(); } else { transport("administrator"); } }
/** * Method for authenticating the administrators. */ public function authenticate() { $user = Administrator::model()->findByAttributes(array('Username' => $this->username)); $hashedKey = Administrator::hashPassword($this->password); if ($user === null) { // Such user was not found. $this->errorCode = self::ERROR_USERNAME_INVALID; } elseif ($user->LoginKey !== $hashedKey) { // The password was not corret. $this->errorCode = self::ERROR_PASSWORD_INVALID; } else { // Managed to log in! $this->_id = $user->Id; Yii::app()->user->id = $user->Id; $this->errorCode = self::ERROR_NONE; } return !$this->errorCode; }
public function handleRequest(HttpRequest $request) { $form = Form::create()->add(Primitive::string('username')->setMax(64)->required())->add(Primitive::string('password')->addImportFilter(Filter::hash())->required())->import($request->getPost()); if (!$form->getErrors()) { try { $admin = Administrator::dao()->logIn($form->getValue('username'), $form->getValue('password')); } catch (ObjectNotFoundException $e) { // failed to log in return ModelAndView::create()->setView('error'); } if (!Session::isStarted()) { Session::start(); } Session::assign(Administrator::LABEL, $admin); return ModelAndView::create()->setView(new RedirectToView('main')); } return ModelAndView::create()->setView('login'); }
private function setAdministratorData() { if (isset($this->phkRequestData['administrator_id']) && !isset($this->phkRequestData['administrator_text'])) { App::import("Model", "Administrator"); $administrator = new Administrator(); $administrator->contain('Entity'); $result = $administrator->find("first", array('conditions' => array('Administrator.id' => $this->phkRequestData['administrator_id']))); $this->phkRequestData['administrator_id'] = $result['Administrator']['id']; $this->phkRequestData['administrator_text'] = $result['Entity']['name']; } }
<a href="#" class="button big" id="view">View Administrator</a> </li> </ul> </section> </ul> </header> </div> <div id="table_overlay"></div> <div id="table_overlay_div"> <div class="close-button">X</div> <?php /** *function to add and view administrator */ include_once "admin.php"; $obj = new Administrator(); $obj->viewAdministrators(); if (!($row = $obj->fetch())) { echo "There is no administrator now"; } /** *Setting a table to contain the contents of administrator objects */ echo "<center><table border='1'>"; echo "<tr ><td>Employee_id</td><td>First Name</td><td>Last Name</td><td>Contact</td>\n\t \t\t</tr>"; while ($row) { if ($i % 2 == 0) { $style = "style='background-color: BurlyWood'"; } else { $style = "style='background-color:cornsilk'"; }
$_POST = sanitize($_POST); $adminstrator = $_POST; settype($adminstrator,'object'); Administrator::updateAdministratorSite($adminstrator); $success = "Administrator Successfully Saved!"; $updates = 'Add New Administrator Content'; AdminAction::addAdminAction($_SESSION['admin_name'],$updates); } ?> <? if(isset($success)) { ?> <div class="alert"> Administrator Successfully Saved! </div> <? } ?> <? $admin = Administrator::findAdministrator($_REQUEST['id']); ?> <form id="form_page" action="<? $PHP_SELF; ?>" method="post" enctype="multipart/form-data"> <fieldset> <legend>Update Administrator</legend> <ul> <li><label for="page_name"> Username: </label> <input type="text" id="page_name" name="username" value="<?php echo stripslashes($admin->fldAdministratorusername); ?> "></li> <li><label for="password"> Password: </label> <input type="password" id="password" name="password"></li>
########### IDENTIFICATION $p = Person::get_by_cookie(); # lopass interception: http://songwork.com/home/1234/ab8f # not full auth, only to have existing client's name & address pre-filled from database for forms if ($p === false && isset($_SERVER['PATH_INFO']) && preg_match('/\\/(\\d*)\\/([0-9a-zA-Z]{4})$/', $_SERVER['PATH_INFO'], $matches)) { $possible_id = $matches[1]; $possible_lopass = $matches[2]; $pp = Person::get_by_id_lopass($possible_id, $possible_lopass); if ($pp !== false) { $pp->set_welcome_cookie(); $p = $pp; } } $student = Student::get_by_person($p); $teacher = Teacher::get_by_person($p); $admin = Administrator::get_by_person($p); $qv['p'] = $p; $qv['student'] = $student; $qv['teacher'] = $teacher; $qv['admin'] = $admin; $currency = 'USD'; # TODO: dynamic. set in Person? $qv['currency'] = $currency; # name / email - FOR PRE-FILLING FORMS AND HEADERS if ($p) { $qv['name'] = $p->name(); $qv['email'] = $p->email(); } else { $qv['name'] = isset($_COOKIE['name']) ? $_COOKIE['name'] : ''; $qv['email'] = isset($_COOKIE['email']) ? $_COOKIE['email'] : ''; }
public function LoggedIn() { if (!isset($_SESSION[self::$PasswordSessionField]) || !isset($this->Data["id"]) || strlen($this->Data["id"]) == 0) { return false; } $TempUser = Administrator::GetSingle(array("username", "=", $_SESSION[self::$UsernameSessionField])); if (isset($TempUser->Data) && $_SESSION[self::$PasswordSessionField] == $TempUser->Data["password"]) { return true; } return false; }
include_once 'Administrator.php'; include_once 'render_config.php'; session_start(); $admin = new Administrator(); $i = 0; $wid = null; $total = 0; //$numPerPage = 10; //if (isset($_REQUEST['page'])) { // $page = $_REQUEST['page']; //} else { // $page = 1; //} // //$start_from = ($page - 1) * $numPerPage; $admin = new Administrator(); $all = $admin->orders(); //$allo = $item->getBrands(); //$totalNumRows = $item->countSkirts(); //$total_clothes = $totalNumRows['skirt_id']; // //$total_pages = ceil($totalNumRows / $numPerPage); $ar = $all->fetch_all(MYSQLI_ASSOC); //$ab = $allbrands->fetch_all(MYSQLI_ASSOC); $allData['orders'] = $ar; //$allB['brands'] = $ab; /** @var array $data */ echo $twig->render('customer.twig', ['orders' => $ar]); //print_r($_SESSION['cart']); //unset($_SESSION['cart']); //session_destroy();
$adminUserObj = new Administrator(); $adminUserObj->login($loginSuccess, $loginemail, $loginpassword); if ($loginSuccess && isset($adminUserObj->id_administrator) && $adminUserObj->id_administrator != '' && isset($_SESSION[$backend_ID]['ADMIN_ID']) && trim($_SESSION[$backend_ID]['ADMIN_ID']) != '') { $smarty->assign('loginSuccess', 'true'); if ($referrer != '') { header('Location:' . $referrer); exit; } else { $adminUserObj->redirectLogin(); } } else { $smarty->assign('loginemail', $loginemail); $smarty->assign('loginSuccess', 'false'); } } elseif ($action == 'logout') { $adminUserObj = new Administrator(); $adminUserObj->logout(); unset($adminUserObj); } elseif (isset($_SESSION[$backend_ID]['ADMIN_ID']) && intval(trim($_SESSION[$backend_ID]['ADMIN_ID'])) > 0) { header('Location: dashboard'); exit; } /******************************************************************************/ // Display the template /******************************************************************************/ $smarty->assign('pageid', 'index'); $smarty->display('templates-admin/index.tpl', '', $backend_ID); /******************************************************************************/ // Clear up /******************************************************************************/ unset($smarty);
echo ($Mail->send()) ? "Success" : "Failed: ".$Mail->ErrorInfo; */ } /* Administrator ------------------------------*/ if (true && class_exists("Administrator")) { Administrator::$UsernameSessionField = "admin_username"; Administrator::$PasswordSessionField = "admin_password"; if (!isset($_SESSION[Administrator::$UsernameSessionField])) { $_SESSION[Administrator::$UsernameSessionField] = CookieHelper::Get(Administrator::$UsernameSessionField); $_SESSION[Administrator::$PasswordSessionField] = CookieHelper::Get(Administrator::$PasswordSessionField); } if (isset($_SESSION[Administrator::$UsernameSessionField])) { CookieHelper::Set(Administrator::$UsernameSessionField, $_SESSION[Administrator::$UsernameSessionField]); CookieHelper::Set(Administrator::$PasswordSessionField, $_SESSION[Administrator::$PasswordSessionField]); $Administrator = Administrator::GetSingle(array("username", "=", $_SESSION[Administrator::$UsernameSessionField])); if (substr($Administrator->Data["last_active"], 1) > time() - Administrator::$InactiveTime) { $Administrator->Login(); } else { $Administrator->Logout(); } } if (!isset($Administrator) || !$Administrator->LoggedIn()) { $Administrator = new Administrator(); } } else { if (true) { // Change to false to disable user loggin die("Administrator class required"); } }
/** * Returns the data model based on the primary key given in the GET variable. * If the data model is not found, an HTTP exception will be raised. * @param integer $id the ID of the model to be loaded * @return Administrator the loaded model * @throws CHttpException */ public function loadModel($id) { $model = Administrator::model()->findByPk($id); if ($model === null) { throw new CHttpException(404, 'The requested page does not exist.'); } return $model; }
public function actionCreate_Admin() { echo "<script>console.log('actionCreate_Admin');</script>"; $model = new User(); // Uncomment the following line if AJAX validation is needed // $this->performAjaxValidation($model); if (isset($_POST['User'])) { $model->attributes = $_POST['User']; $model->pic_url = '/coplat/images/profileimages/avatarsmall.gif'; $model->activation_chain = $this->genRandomString(10); $model->username = $model->fname . "_" . $this->genRandomString(10); $hasher = new PasswordHash(8, false); $plain_pwd = $this->genRandomString(10); $model->password = $hasher->HashPassword($plain_pwd); $model->isAdmin = 1; if ($model->save()) { $model->username = $model->fname . "_" . $model->id; $model->save(false); $admin = new Administrator(); $admin->user_id = $model->id; $admin->save(); User::sendNewAdministratorEmailNotification($model->email, $plain_pwd); $this->redirect(array('/user/admin', 'id' => $model->id)); } } $error = ''; $this->render('create_admin', array('model' => $model, 'error' => $error)); }
<? if(isset($_POST['submit'])) { $_POST = sanitize($_POST); $adminstrator = $_POST; settype($adminstrator,'object'); Administrator::addAdministrator($adminstrator); $success = "Administrator Successfully Saved!"; $updates = 'Add New Administrator Content'; AdminAction::addAdminAction($_SESSION['admin_name'],$updates); } ?> <? if(isset($success)) { ?> <div class="alert"> Administrator Successfully Saved! </div> <? } ?> <form id="form_page" action="<? $PHP_SELF; ?>" method="post" enctype="multipart/form-data"> <fieldset> <legend>New Administrator</legend> <ul> <li><label for="page_name"> Username: </label> <input type="text" id="page_name" name="username"></li> <li><label for="password"> Password: </label> <input type="password" id="password" name="password"></li> <li><label for="real_name"> Real Name: </label> <input type="text" id="real_name" name="real_name"></li> <li><label for="email"> Email Address: </label>
<?php /** * Created by PhpStorm. * User: samuel * Date: 3/31/2016 * Time: 2:02 AM */ include_once 'Administrator.php'; include_once 'Item.php'; $admin = new Administrator(); $item = new Item(); if (isset($_POST['name'])) { $id = $_POST['id']; $name = $_POST['name']; $qty = $_POST['qty']; $brand = $_POST['brand']; $price = $_POST['price']; $row = $admin->update($name, $brand, $qty, $price, $id); header('Location: admin.php'); }
<?php /** * Created by PhpStorm. * User: samuel * Date: 3/31/2016 * Time: 4:20 AM */ include_once 'Administrator.php'; include_once 'Mail.php'; $admin = new Administrator(); $mail = new Mail(); if (isset($_GET['id'])) { $id = $_GET['id']; $admin->confirmOrder($id); $row = $admin->getCustomerDetails($id); $data = $row->fetch_array(MYSQLI_ASSOC); $f = $data['firstname']; $l = $data['lastname']; $e = $data['email']; $d = $data['date']; $mail->sendConfirmMail($f, $l, $e, $d); header('Location: customer.php'); }
$entity = 'administrator'; require_once 'includes/admin.authentication.php'; // Edit per file //$search_session_id = 'administrator'; require_once 'includes/classes/administrator.admin.class.php'; $smarty->assign('sectionid', 'manage-administrators'); $smarty->assign('pageid', 'administrator-edit'); /******************************************************************************/ /* Get variables /******************************************************************************/ require_once 'includes/edit.variables.php'; $id_administratoraccess = isset($_POST['id_administratoraccess']) && $_POST['id_administratoraccess'] != '' ? $_POST['id_administratoraccess'] : ''; /******************************************************************************/ // Edit per file /******************************************************************************/ $pageObject = new Administrator($id, 'edit'); $smarty->assign('contentTemplate', 'templates-admin/content/' . $pageObject->editContentTemplate); $smarty->assign('htmlpagetitle', $pageObject->editHtmlPageTitle); $pageObject->getAdministratorType($administratorType); $smarty->assign('administratorType', $administratorType); $pageObject->getAdministratorAccess($administratorAccess); $smarty->assign('administratorAccess', $administratorAccess); /******************************************************************************/ /* Update / Add / AddAsNew functionality /******************************************************************************/ if ($formAction != '') { $redirect = false; if (isset($_POST['password']) && trim($_POST['password']) != '') { $_POST['password'] = $pageObject->encrypt($_POST['password']); } else { unset($_POST['password']);
/* Page setup ------------------------------*/ $PHPZevelop->OverrideObjectData("CFG", array("PageTitle" => "Login", "Template" => "style2/fullwidth")); if (count($_POST) > 0) { $MSG = Administrator::AttemptLogin($Administrator, $_POST["username"], $_POST["password"]); if ($MSG === true) { AppendLog("Successful login"); } else { AppendLog("Failed login with username '" . $_POST["username"] . "'"); } } if (isset($_GET["param_0"])) { $Split = explode("-", $_GET["param_0"]); if ($Split[0] == "activated") { $ActivatedUser = Administrator::GetSingle(array("id", "=", $Split[1])); $_POST["username"] = $ActivatedUser->Data["username"]; } } if ($Administrator->LoggedIn()) { $PHPZevelop->Location("home"); } ?> <style type="text/css"> #loginForm {width: 50%; margin: auto; background: #EEEEEE; border: 1px solid #009ACD; box-sizing: border-box; padding-bottom: 15px;} #loginForm h2 {margin: 0px; padding: 15px;} #loginForm h3 {margin: 0px; padding: 9px 13px;} #loginForm table.FormGen {width: 95%; margin: auto;} @media screen and (max-width: 900px){
//recover your password if(isset($_POST['recover'])) { $email = $_POST['email']; $admin = Administrator::findAdministratorByEmail($email); if(empty($admin)) { $error = "Email address not on list"; } else { $username = $admin->fldAdministratorusername; $admin_name = $admin->fldAdministratorRealName; $admin_id = $admin->fldAdministratorID; $password = "******"; //change the password Administrator::changePassword($admin_id,$password); //send email to owner require("includes/class.phpmailer.php"); $mail = new PHPMailer(); $to = $email; $name = $admin_name; $from = "*****@*****.**"; $mail->From = $from; $mail->FromName = "Red and White Marketing"; $mail->AddAddress($to); $mail->IsHTML(true); // set email format to HTML $all_html = implode('',file('includes/change_password.php')); $all_html = str_replace("%%name%%", $admin_name, $all_html); $all_html = str_replace("%%username%%", $username, $all_html);
include_once 'Administrator.php'; include_once 'render_config.php'; session_start(); $admin = new Administrator(); $i = 0; //$qty[] = null; $wid = null; $total = 0; $numPerPage = 10; if (isset($_REQUEST['page'])) { $page = $_REQUEST['page']; } else { $page = 1; } $start_from = ($page - 1) * $numPerPage; $admin = new Administrator(); $item = new Item(); //$admin = new User(); $all = $admin->getAllClothes(); $allbrands = $item->getBrands(); $totalNumRows = $item->countSkirts(); $total_clothes = $totalNumRows['skirt_id']; $total_pages = ceil($totalNumRows / $numPerPage); $ar = $all->fetch_all(MYSQLI_ASSOC); $ab = $allbrands->fetch_all(MYSQLI_ASSOC); $allData['skirts'] = $ar; $allB['brands'] = $ab; /** @var array $data */ echo $twig->render('admin.twig', ['skirts' => $ar, 'brands' => $ab, 'total_clothes' => $total_clothes, 'page' => $page, 'totalPages' => $total_pages]); //print_r($_SESSION['cart']); //unset($_SESSION['cart']);
<?php include '_manager/box_header/login.php'; ?> <? if(isset($_POST['login'])) { $_POST = sanitize($_POST); $administrator = $_POST; settype($administrator,'object'); $login = Administrator::findAdministratorLogin($administrator); if(empty($login)) { $error = "User access not found."; } else { $_SESSION['admin_id'] = $login->fldAdministratorID; $_SESSION['admin_name'] = $login->fldAdministratorRealName; header("Location: overview.php"); } } ?> <?php startblock('section'); ?> <!-- /Template Start Here --> <figure> <form action="<? $PHP_SELF; ?>" method="post" id="security_login" name="security_login">
<?php require_once 'Administrator.php'; $adminManager = new Administrator(); $adminManager->run();
$_POST = sanitize($_POST); $admin = $_POST; settype($admin,'object'); Administrator::addAdministratorSite($admin); $success = "Administrator Successfully Saved!"; } if(isset($_POST['update'])) { $_POST = sanitize($_POST); $admin = $_POST; settype($admin,'object'); Administrator::updateAdministratorSite($admin); $success = "Administrator Successfully Changed!"; } $administrator = Administrator::findAdministratorClient(); ?> <? if(isset($success)) { ?> <div class="alert"> <?php echo $success; ?> </div> <? } ?> <form id="profile_page" action="<? $PHP_SELF; ?>" method="post"> <fieldset class="col1" style="width:47%;"> <legend>Personal Profile</legend> <ul> <li><label> Full Name: </label> <input type="text" id="field[]" name="real_name" value="<?php
} else { if (!$user->checkSession()) { //User loged in, has access to admin panel. BUT the session might have been hijacked :O $user->showLogin("Your login session has been revoked for security reasons<br />Maybe you switched to another wifi?<br />Please login again.."); die; } } } if (isset($_GET['user']) && $_GET['user'] == "logout") { $user->LogoutUser(); header("location: index.php"); die; } ////////////////////////////////// //Decide stuff here $admin = new Administrator($db); //This is the interfase template designers talk to //Load modules $result = $db->sql("SELECT foldername,backend FROM " . $db->tb_prefix . "modules"); while ($v = mysql_fetch_array($result, MYSQL_ASSOC)) { if ($v['backend'] == "") { continue; } //Possible rfi //and defintly a lfi //but won't really matter as it would be better to attack from the module file included.. //although if someone gains write access to db, they could comprimise the whole site. $path = "../modules/" . $v['foldername'] . "/" . $v['backend']; include $path; } mysql_free_result($result);
<?php /** * Created by PhpStorm. * User: samuel * Date: 3/19/2016 * Time: 1:25 AM */ include_once 'Item.php'; include_once 'Administrator.php'; include_once 'render_config.php'; session_start(); $admin = new Administrator(); $skirts = $admin->report(); $as = $skirts->fetch_all(MYSQLI_ASSOC); $allSkirts['reports'] = $as; echo $twig->render('report.twig', ['reports' => $as]); //} //echo $twig->render('index.twig');
public function run() { //DB::table('users')->delete(); Administrator::create(array('first_name' => 'paul', 'last_name' => 'rodriguez', 'username' => 'pauldrodriguez', 'email' => '*****@*****.**', 'password' => Hash::make('paulrod1790'))); }