public function indexAction() { if ($this->getRequest()->getPost('user') == '' || $this->getRequest()->getPost('pass') == '') { $this->getResponse()->setStatus(0)->setBody(__('Enter username and password'))->toJson(); } /*if (!Core_LinkExploit::checkOnce($this->getRequest()->getPost('token'), 'login')) { $this->getResponse()->setStatus(0)->setBody(__('Invalid Data Submitted'))->toJson(); }*/ $user_rs = Admin_UsersModel::get(array('user' => $this->getRequest()->getPost('user'), 'password' => Core_Security::generate($this->getRequest()->getPost('pass')))); if (!$user_rs) { $this->getResponse()->setStatus(0)->setBody(__('Wrong username and/or password'))->toJson(); } // now login the user if (Admin_UsersHelper::login($user_rs->id)) { $this->getResponse()->setStatus(1)->toJson(); } }
public function createAction() { $email = strtolower($this->getRequest()->getPost('email')); if (!Core_Check::email($email)) { $this->getResponse()->setStatus(0)->setBody(__('invalid email'))->toJson(); } $pass = $this->getRequest()->getPost('pass'); if (!Core_Check::password($pass)) { $this->getResponse()->setStatus(0)->setBody(__('password must be at least %1$s characters long', cfg()->min_pass_lenght))->toJson(); } $user = $this->getRequest()->getPost('user'); if (!Core_Check::user($user)) { $this->getResponse()->setStatus(0)->setBody(__('invalid user'))->toJson(); } $all_roles = Admin_RolesModel::getAll(array()); $role_id = $this->getRequest()->getPost('role'); $valid_role = false; foreach ($all_roles as $role_row) { if ($role_id == $role_row->id) { $valid_role = true; } } if (!$valid_role) { $this->getResponse()->setStatus(0)->setBody(__('invalid role'))->toJson(); } $insert_data = array('user' => strip_tags(strtolower($this->getRequest()->getPost('user'))), 'email' => strip_tags(strtolower($this->getRequest()->getPost('email'))), 'role_id' => $this->getRequest()->getPost('role'), 'password' => Core_Security::generate($this->getRequest()->getPost('pass')), 'company' => $this->getRequest()->getPost('company')); if ($insert_data['user'] == '' || $insert_data['email'] == '' || $insert_data['role_id'] == '') { $this->getResponse()->setStatus(0)->setBody(__('invalid data submited. Username, Email and Role are mandatory'))->toJson(); } if (!Admin_UsersModel::tryAdd($insert_data)) { $this->getResponse()->setStatus(0)->setBody(__('duplicate user or email'))->toJson(); } $this->getResponse()->setStatus(1)->setBody(__('user added'))->toJson(); }