public function RequestMethod()
{
/*
* Page de connexion, elle dois recevoir
* $_POST['sLogin'] et $_POST['sPass'] ;
*/
$this->bAjaxMethod = true;
$oAuth = new AuthModel();
echo $oAuth->AjaxAuth();
$oAuth->oPDO = NULL;
}
public function indexAction()
{
header('content-type: application/json');
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST');
$valid = true;
$errors = [];
$username = trim(ucwords(strtolower(htmlentities($_POST['username']))));
$password = hash('sha256', strrev(ProfileModel::getTimestamp($this->pdo, $username)) . htmlentities($_POST['password']) . '\\Rand0msalT/');
if (!isset($username) || empty($username)) {
$errors['username'] = '******';
$valid = false;
} elseif (SigninModel::checkUsername($this->pdo, $username) !== $username) {
$errors['username'] = '******'existe pas</span>';
$valid = false;
} elseif (!isset($password) || empty($password)) {
$errors['password'] = '******';
$valid = false;
} elseif (SigninModel::getPassword($this->pdo, $username) !== $password) {
$errors['password'] = '******';
$valid = false;
}
$errors['valid'] = $valid;
if ($valid) {
if (isset($_POST['remember'])) {
CookieController::create($this->pdo, $username, $password);
}
AuthModel::authUser($this->pdo, $username, $password);
}
echo json_encode($errors);
}
function channel_authenticate()
{
if (empty($_POST['unikey']) || empty($_POST['u_ID']) || empty($_POST['c_ID'])) {
forbidden_page("Authentication failed, wrong parameters.");
} else {
$auth = new AuthModel();
$unikey = $_POST['unikey'];
$ID = $_POST['u_ID'];
$c_ID = $_POST['c_ID'];
if (!$auth->channel_authentication($unikey, $ID, $c_ID)) {
forbidden_page("Authentication failed");
} else {
return true;
}
}
}
function getLineOwners($page = '')
{
$data['ownerList'] = $this->LineOwnerModel->getAllWithPayments();
$refid = $this->AffiliateModel->getreferrerid($this->session->userdata(USER_ID));
$data['sumOfReceivableAmount'] = $this->CreditcardModel->sumOfAmountofReceivable($refid);
$data['sumOfCollectableAmount'] = $this->CreditcardModel->sumOfAmountofCollectable($refid);
$data['allowed'] = $this->allowed;
$data['error'] = $this->errors;
$data['usertype'] = checkUserType();
$data['title1'] = "Add Line Owner";
$data['title'] = "List of Line Owners";
$masterauth = new AuthModel();
$data['mas_auth'] = $masterauth->getAllAuth();
$data['title'] = "Add User";
$data['main_content'] = ADMIN_PATH . "lineowner_view";
$this->load->view(ADMIN_PATH . 'inc/template', $data);
}
public function install()
{
// check install status
$installed = false;
try {
$qres = $this->db->_db->query("SELECT 1 FROM `auth` LIMIT 1");
if ($qres !== false) {
$installed = true;
}
$qres->closeCursor();
} catch (Exception $ex) {
}
// Check docs template
$this->checkStorageTemplate();
if ($installed) {
return "Database detected, skipping full installation.";
}
// Install database
$schemapath = $_SERVER['DOCUMENT_ROOT'] . $_SERVER['APP_ROOT'] . "library/installer/schemas/install.sql";
if (!file_exists($schemapath)) {
return "Schema does not exist";
}
$sql = file_get_contents($schemapath);
try {
$result = $this->db->_db->exec($sql);
if ($result !== false) {
// use setup var provided in request
if (isset($_REQUEST['setupvars'])) {
$setupvars = json_decode($_REQUEST['setupvars']);
// set admin hash and disable staff user
$authMdl = new AuthModel();
$authMdl->setDisabled(2, true);
$authMdl->edit(1, null, $setupvars->adminhash);
// Setup general info
echo "Setup variables processed.\n";
}
// start node server (restart to be safe)
$socket = new WposSocketControl();
$socket->restartSocketServer(['error' => 'OK']);
}
} catch (Exception $e) {
return $e->getMessage();
}
return "Setup Completed Successfully!";
}
/**
* Generate a new token and auth_hash, save the token in the database
* @param $id
* @param $password_hash
*/
private function setNewSessionToken($id, $password_hash)
{
// create unique token
$tokens = ['token' => WposAdminUtilities::getToken()];
// create auth_hash
$tokens['auth_hash'] = hash('sha256', $password_hash . $tokens['token']);
// save tokens
$this->authMdl->setAuthToken($id, $tokens['token']);
$this->authTokens = $tokens;
}
public function listAction()
{
if (Request::isAjax() && Request::isPost()) {
$user = UsersPDO::get(AuthModel::getUserName());
$receiverId = $_POST['receiverId'];
$model = new ChatModel($user['Id']);
$result = $model->getChat($receiverId);
$this->renderJSON($result);
}
}
private function clean_old_tokens()
{
$tokens = AuthModel::find_all();
$to_remove = array();
foreach ($tokens as $token) {
if ($token->timeexpires < time()) {
$to_remove[] = $token->id;
}
}
$sql = "DELETE FROM presence_auth\n\t\tWHERE id IN(" . implode(',', $to_remove) . ")";
DB::runSQL($sql, array());
}
public function indexAction()
{
// Login by cookie
if (isset($_COOKIE['auth'])) {
$auth = htmlentities($_COOKIE['auth']);
if (!empty($auth)) {
$auth = explode('ce28', $auth);
AuthModel::authCookie($this->pdo, $auth[0], $auth[1]);
}
}
include '../app/views/home.php';
return;
}
public function infoAction()
{
$model = new UserModel(AuthModel::getUserName());
if (Request::isPost()) {
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$birthDate = $_POST['birthDate'];
try {
$model->setPersonalInfo($firstName, $lastName, $birthDate);
} catch (SiteException $ex) {
$this->errors = $ex->getErrors();
}
}
$this->personalInfo = $model->getPersonalInfo();
$this->view('personal_info');
}
public function loginAction()
{
if (Request::isPost()) {
$userName = $_POST['userName'];
$password = $_POST['password'];
$errors = [];
if (AuthModel::login($userName, $password)) {
header("Location: /");
return;
} else {
$errors[] = 'Login failed';
}
$this->errors = $errors;
}
$this->title = 'Login page';
$this->view("login");
}
public function listAction()
{
if (!AuthModel::isLogin()) {
header('Location: /auth/login/');
return;
}
$number = 10;
$page = isset($_GET['page']) ? $_GET['page'] : 1;
$limitOffset = ($page - 1) * $number;
$this->page = $page;
$this->pageCount = ceil(UsersPDO::count() / $number);
$this->users = UsersPDO::getAllLimit($limitOffset, $number);
if (Request::isAjax()) {
$this->partialView('user_list_partial');
} else {
$this->title = 'Users list';
$this->view('user_list');
}
}
/**
* Retrieve users
* @return array|bool
*/
private function getUsers()
{
$authMdl = new AuthModel();
$users = $authMdl->get();
if ($users === false) {
return false;
}
$result = [];
foreach ($users as $user) {
unset($user['password']);
unset($user['permissions']);
$result[$user['id']] = $user;
}
return $result;
}
public function indexAction()
{
header('content-type: application/json');
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST');
$valid = true;
$errors = [];
$username = trim(ucwords(strtolower(htmlentities($_POST['username']))));
$first_name = trim(ucwords(strtolower(htmlentities($_POST['first-name']))));
$last_name = trim(ucwords(strtolower(htmlentities($_POST['last-name']))));
$mail = trim(htmlentities(strtolower($_POST['mail'])));
$password = trim(htmlentities($_POST['password']));
$password2 = trim(htmlentities($_POST['password2']));
$old_username = $_SESSION['auth']['username'];
$id = ProfileModel::getID($this->pdo, $old_username);
$timestamp = ProfileModel::getTimestamp($this->pdo, $old_username);
if (!isset($username) || empty($username)) {
$errors['username'] = '******';
$valid = false;
} elseif (strlen($username) < 6) {
$errors['username'] = '******';
$valid = false;
} elseif (strlen($username) > 24) {
$errors['username'] = '******';
$valid = false;
}
if (!isset($first_name) || empty($first_name)) {
$errors['firstName'] = '<span class="errors">Non saisi</span>';
$valid = false;
} elseif (strlen($first_name) < 2) {
$errors['firstName'] = '<span class="errors">2 caractères min</span>';
$valid = false;
} elseif (strlen($first_name) > 32) {
$errors['firstName'] = '<span class="errors">32 caractères max</span>';
$valid = false;
}
if (!isset($last_name) || empty($last_name)) {
$errors['lastName'] = '<span class="errors">Non saisi</span>';
$valid = false;
} elseif (strlen($last_name) < 2) {
$errors['lastName'] = '<span class="errors">2 caractères min</span>';
$valid = false;
} elseif (strlen($last_name) > 32) {
$errors['lastName'] = '<span class="errors">32 caractères max</span>';
$valid = false;
}
if (!isset($mail) || empty($mail)) {
$errors['mail'] = '<span class="errors">Non saisi</span>';
$valid = false;
} elseif (!filter_var($mail, FILTER_VALIDATE_EMAIL)) {
$errors['mail'] = '<span class="errors">Format incorrect</span>';
$valid = false;
}
if (!isset($password) || empty($password)) {
$password = SigninModel::getPassword($this->pdo, $old_username);
$hash = $password;
$empty_pass = true;
} elseif (strlen($password) < 8) {
$errors['password'] = '******';
$valid = false;
} else {
$hash = hash('sha256', strrev($timestamp) . $password . '\\Rand0msalT/');
}
if (!isset($password2) || empty($password2)) {
if (isset($empty_pass)) {
$password2 = $password;
} else {
$errors['password2'] = '<span class="errors">Non saisi</span>';
$valid = false;
}
} elseif ($password2 !== $password) {
$errors['password2'] = '<span class="errors">Non identiques</span>';
$valid = false;
}
$errors['valid'] = $valid;
if ($valid) {
ProfileModel::editUser($this->pdo, $id, $old_username, $username, $first_name, $last_name, $mail, $hash);
// Update session variables
unset($_SESSION);
session_destroy();
setcookie('auth', '', time() - 3600, '/', null, null, true);
session_start();
AuthModel::authUser($this->pdo, $username, $hash);
}
echo json_encode($errors);
}
/**
* Set user disabled
* @param $result
* @return mixed
*/
public function setUserDisabled($result)
{
// validate input
if (!is_numeric($this->data->id)) {
$result['error'] = "A valid id must be supplied";
return $result;
}
// prevent updating of master admin username
if ($this->data->id == 1 && !isset($this->data->pass)) {
$result['error'] = "The master admin user cannot be disabled";
return $result;
}
$userMdl = new AuthModel();
if ($userMdl->setDisabled($this->data->id, boolval($this->data->disable)) === false) {
$result['error'] = "Could not enable/disable the user";
}
// log data
Logger::write("User " . ($this->data->disable == true ? "disabled" : "enabled") . " with id:" . $this->data->id, "USER");
return $result;
}
function updateAction($id, $offset)
{
$masterauth = new AuthModel();
$data['error'] = $this->errors;
$data['photoRecord'] = $this->CartoonStripModel->getPhotoDetails($id);
$data['title'] = "Update Cartoon";
$data['id'] = $id;
$data['offset'] = $offset;
$data['main_content'] = ADMIN_PATH . "cartoon_update_view";
$data['mas_auth'] = $masterauth->getAllAuth();
$this->load->view(ADMIN_PATH . 'incs/template', $data);
}
/**
* @param $result
* @return mixed an array of users without their password hash
*/
public function getUsers($result)
{
$authMdl = new AuthModel();
$users = $authMdl->get();
$data = [];
foreach ($users as $user) {
unset($user['password']);
$user['permissions'] = json_decode($user['permissions']);
$data[$user['id']] = $user;
}
$result['data'] = $data;
return $result;
}
function updateAction($id, $offset)
{
$masterauth = new AuthModel();
$data['error'] = $this->errors;
$data['photoRecord'] = $this->Pub_home_slider_model->getPhotoDetails($id);
$data['title'] = "Update Recent Publication";
$data['pub_id'] = $id;
$data['offset'] = $offset;
$data['main_content'] = ADMIN_PATH . "publication_photo_update_view";
$data['mas_auth'] = $masterauth->getAllAuth();
$this->load->view(ADMIN_PATH . 'incs/template', $data);
}
<?php
require '../modelo/AuthModel.php';
require '../../../assets/libs/password_hash_lib/passwordLib.php';
extract($_POST);
if (empty($user) || empty($pass)) {
echo "<script>alert('Por favor ingrese el usuario o contraseña');</script>";
echo "<script>location.href='../vista/form_login.php';</script>";
} else {
AuthModel::login($user, $pass);
}
// end view setup
// start events list
$app->get('/events', function () use($app) {
$db = $app->config('container')['db'];
$data = array();
$model = new EventModel($db);
$data['events'] = $model->getSomeEvents();
$app->render("foo.php", array("mydata" => $data));
});
// end events list
// start one event
$app->get('/events/:event_id', function ($event_id) use($app) {
$db = $app->config('container')['db'];
$data = array();
$model = new EventModel($db);
$data['events'] = $model->getOneEvent($event_id);
$app->render("foo.php", array("mydata" => $data));
});
// end one event
// start auth
$app->post('/authorizations', function () use($app) {
$db = $app->config('container')['db'];
$data = array();
// horribly assuming JSON. Real code checks first
$in = json_decode(file_get_contents("php://input"), true);
$model = new AuthModel($db);
$data['access_token'] = $model->getAccessTokenFromCreds($in['username'], $in['password']);
$app->render("foo.php", array("mydata" => $data));
});
// end auth
$app->run();
private function getRecords()
{
// get items
$itemMdl = new StoredItemsModel();
$this->items = $itemMdl->get();
// get items
$authMdl = new AuthModel();
$this->users = $authMdl->get(null, null, null, false);
// get locations
$devMdl = new WposPosData();
$this->devices = $devMdl->getPosDevices([])['data'];
}
/**
* API:用户登陆
*
* @access public
* @param 无
* @return JsonView 响应json
*/
public function exeUserLogin()
{
$requestParam = $this->getAllParameters();
Logger::debug('requestParam:' . print_r($requestParam, true));
$requestJsonParam = $this->getDecodedJsonRequest();
Logger::debug('requestJsonParam:' . print_r($requestJsonParam, true));
// 获取用户id
$user_id = AuthModel::getUserID($requestJsonParam['account'], $requestJsonParam['password'], $pdo);
if (!$user_id) {
$view = new JsonView();
$messageArr['error'] = "密码不正确,请重新输入";
return $this->getViewByJson($view, $messageArr, 0, "auth/user_login");
}
// 初始化缓存
$userInfo = UserAction::iniUserInfo($user_id);
$loginInfo = UserAction::getUserLoginInfo($userInfo['s_login_info']);
if ($loginInfo != false) {
$taskInfo = TaskAndAchieveAction::randTask($user_id);
$updateArr['s_login_info'] = serialize($loginInfo);
$updateArr['s_task_info'] = serialize($taskInfo);
UserCache::setByKey($user_id, 's_login_info', $loginInfo);
UserCache::setByKey($user_id, 's_task_info', $taskInfo);
$userInfo['s_login_info'] = $loginInfo;
$userInfo['s_task_info'] = $taskInfo;
UserModel::update($updateArr, $user = array('n_id' => $user_id), $pdo);
//清零合体次数
FriendModel::clearFitNum($user_id);
// // 成就
// $statisticArr['login_day'] = 1;
// TaskAndAchieveAction::achieveStatistic( $user_id, $statisticArr );
}
//$user_id = $requestParam['user_id'];
//$userInfo = AuthModel::getUserInfo( $user_id, $pdo );
// 生成缓存
$newSessionKey = Util::generateSessionKey($user_id);
$oldSessionKey = $requestParam['session_key'];
Logger::debug('SessionKey1:' . $oldSessionKey);
Logger::debug('SessionKey2:' . $newSessionKey);
UserCache::setByKey($user_id, Constants::PREVIOUS_SESSION_KEY, $oldSessionKey);
UserCache::setByKey($user_id, Constants::CURRENT_SESSION_KEY, $newSessionKey);
//UserCache::setByKey($user_id, 'userInfo', $userInfo);
//$messageArr['user'] = $userInfo;
$messageArr['n_id'] = $user_id;
$messageArr['total_day'] = $userInfo['s_login_info']['total_day'];
$messageArr['session_key'] = $newSessionKey;
$view = new JsonView();
return $this->getViewByJson($view, $messageArr, 1, "auth/user_login");
}
function _actionAuth()
{
$model = new AuthModel();
echo json_encode($model->Login($this->post['username'], $this->post['password']));
}
function updateAction($id)
{
$masterauth = new AuthModel();
$data['error'] = $this->errors;
$data['modules'] = $this->ModuleModel->getDetails($id);
$data['title'] = "Update Module";
$data['main_content'] = ADMIN_PATH . "moduleupdate_view";
$data['mas_auth'] = $masterauth->getAllAuth();
$this->load->view(ADMIN_PATH . 'incs/template', $data);
}
/**
* 检查登录,如果未登录则输出status code 401,退出。
*/
public function checkLogin()
{
$auth = self::$input['auth'];
$is_auth_valid = AuthModel::isAuthValid($auth);
if ($is_auth_valid === false) {
throw new ExceptionLib('401');
}
self::$decoded_auth = AuthModel::decodeAuth($auth);
return true;
}
function updateAction($user_id, $offset)
{
$masterauth = new AuthModel();
$data['error'] = $this->errors;
$data['usersTypes'] = $this->PublicationModel->getAdminDetails($user_id);
$data['title'] = "Update Publication";
$data['main_content'] = ADMIN_PATH . "publicationupdate_view";
$data['offset'] = $offset;
$data['mas_auth'] = $masterauth->getAllAuth();
$this->load->view(ADMIN_PATH . 'incs/template', $data);
}
function updateAction($id)
{
$masterauth = new AuthModel();
$data['error'] = $this->errors;
$data['photoRecord'] = $this->AlbumModel->getDetails($id);
$data['title'] = "Update Album";
$data['album_id'] = $id;
$data['main_content'] = ADMIN_PATH . "albumupdate_view";
$data['mas_auth'] = $masterauth->getAllAuth();
$this->load->view(ADMIN_PATH . 'incs/template', $data);
}
function updateNews($id, $offset)
{
$masterauth = new AuthModel();
$data['newsRecord'] = $this->NewsModel->getNewsDetails($id);
$data['title'] = "Update News";
$data['main_content'] = ADMIN_PATH . "news_update_view";
$data['offset'] = $offset;
$data['mas_auth'] = $masterauth->getAllAuth();
$this->load->view(ADMIN_PATH . 'incs/template', $data);
}
function addStory($id, $offset)
{
$masterauth = new AuthModel();
$data['error'] = $this->errors;
$titledata = $this->CartoonModel->getSingleCartoon($id);
$data['cartoon'] = $titledata->title;
$data['photoRecord'] = $this->CartoonModel->getAdminDetails($id);
$data['photos'] = $this->CartoonStripModel->getAllCartoonStrips($id);
$data['title'] = "Upload Cartoon Story";
$data['id'] = $id;
$data['offset'] = $offset;
$data['main_content'] = ADMIN_PATH . "cartoon_story_view";
$data['mas_auth'] = $masterauth->getAllAuth();
$this->load->view(ADMIN_PATH . 'incs/template', $data);
}