public static function issrt($key, $destroy = false) { return self::issr($key); $token = Form::token($key); if ($token && InPost::issr($token->key) == $token->value) { return isset($_POST[$key]) && $_POST[$key] ? $_POST[$key] : false; } return false; }
public function action_message() { Controller::$full_width = TRUE; if ($this->request->param('id') !== NULL and is_numeric($id_msg_thread = $this->request->param('id'))) { $messages = Model_Message::get_thread($id_msg_thread, $this->user->id_user); if ($messages !== FALSE) { $msg_thread = new Model_Message(); $msg_thread = $msg_thread->where('id_message', '=', $this->request->param('id'))->find(); // send reply message if ($this->request->post() and Form::token('reply_message', TRUE)) { $validation = Validation::factory($this->request->post())->rule('message', 'not_empty'); if ($validation->check()) { $ret = Model_Message::reply(core::post('message'), $this->user->id_user, $id_msg_thread, NULL); if ($ret !== FALSE) { //who is who? if from is the same then send to TO, else to from if ($msg_thread->id_user_from == $this->user->id_user) { $user_to = $msg_thread->to; $user_from = $msg_thread->from; } else { $user_to = $msg_thread->from; $user_from = $msg_thread->to; } //email title if ($msg_thread->id_ad !== NULL) { $email_title = $msg_thread->ad->title; } else { $email_title = sprintf(__('Direct message from %s'), $user_from->name); } $user_to->email('messaging-reply', array('[TITLE]' => $email_title, '[DESCRIPTION]' => core::post('message'), '[URL.QL]' => $user_to->ql('oc-panel', array('controller' => 'messages', 'action' => 'message', 'id' => $this->request->param('id'))))); Alert::set(Alert::SUCCESS, __('Reply created.')); $this->redirect(Route::url('oc-panel', array('controller' => 'messages', 'action' => 'message', 'id' => Request::current()->param('id')))); } else { Alert::set(Alert::ERROR, __('Message not sent')); } } else { $errors = $validation->errors('message'); } } Breadcrumbs::add(Breadcrumb::factory()->set_title(__('Messaging'))->set_url(Route::url('oc-panel', array('controller' => 'messages', 'action' => 'index')))); if ($msg_thread->id_ad !== NULL) { Breadcrumbs::add(Breadcrumb::factory()->set_title($msg_thread->ad->title)); } else { Breadcrumbs::add(Breadcrumb::factory()->set_title(__('Direct Message'))); } $this->template->styles = array('css/jquery.sceditor.default.theme.min.css' => 'screen'); $this->template->scripts['footer'] = array('js/jquery.sceditor.bbcode.min.js', 'js/messages.js'); $this->template->content = View::factory('oc-panel/pages/messages/message', array('msg_thread' => $msg_thread, 'messages' => $messages, 'user' => $this->user)); } else { Alert::set(Alert::ERROR, __('Message not found')); $this->redirect(Route::url('oc-panel', array('controller' => 'messages', 'action' => 'index'))); } } else { Alert::set(Alert::ERROR, __('Message not found')); $this->redirect(Route::url('oc-panel', array('controller' => 'messages', 'action' => 'index'))); } }
public function render() { $url = $this->getUrl(); $label = $this->getLabel(); $onclick = null; if ($this->isConfirm()) { $onclick = 'onclick="return confirm(\'' . $this->getConfirmMessage() . '\')"'; } return sprintf('<form action="%s" method="post" class="form-inline"> <input type="submit" name="grid-view-submit" value="%s" class="%s" %s> <input type="hidden" name="_method" value="DELETE"> %s </form>', $url, $label, $this->getCss(), $onclick, \Form::token()); }
public function render() { $url = $this->getUrl(); $label = $this->getLabel(); $onclick = null; if (strtolower($this->method) == 'put') { $this->hiddenFields['_method'] = 'PUT'; } if ($this->isConfirm()) { $onclick = 'onclick="return confirm(\'' . $this->getConfirmMessage() . '\')"'; } return sprintf('<form action="%s" method="%s" class="form-inline"> <input type="submit" name="grid-view-submit" value="%s" class="%s" %s> %s %s </form>', $url, $this->method, $label, $this->getCss(), $onclick, $this->buildHiddenFields(), \Form::token()); }
public function action_message() { Controller::$full_width = TRUE; if ($this->request->param('id') !== NULL and is_numeric($id_msg_thread = $this->request->param('id'))) { $messages = Model_Message::get_thread($id_msg_thread, $this->user); if ($messages !== FALSE) { $msg_thread = new Model_Message(); $msg_thread = $msg_thread->where('id_message', '=', $id_msg_thread)->where('id_message_parent', '=', $id_msg_thread)->find(); // send reply message if ($this->request->post() and Form::token('reply_message', TRUE)) { $validation = Validation::factory($this->request->post())->rule('message', 'not_empty'); if ($validation->check()) { $ret = Model_Message::reply(core::post('message'), $this->user, $id_msg_thread, NULL); if ($ret !== FALSE) { Alert::set(Alert::SUCCESS, __('Reply created.')); $this->redirect(Route::url('oc-panel', array('controller' => 'messages', 'action' => 'message', 'id' => Request::current()->param('id')))); } else { Alert::set(Alert::ERROR, __('Message not sent')); } } else { $errors = $validation->errors('message'); } } Breadcrumbs::add(Breadcrumb::factory()->set_title(__('Messaging'))->set_url(Route::url('oc-panel', array('controller' => 'messages', 'action' => 'index')))); if ($msg_thread->id_ad !== NULL) { Breadcrumbs::add(Breadcrumb::factory()->set_title($msg_thread->ad->title)); } else { Breadcrumbs::add(Breadcrumb::factory()->set_title(__('Direct Message'))); } $this->template->styles = array('css/jquery.sceditor.default.theme.min.css' => 'screen', '//cdn.jsdelivr.net/sweetalert/0.1.2/sweet-alert.min.css' => 'screen'); $this->template->scripts['footer'] = array('js/jquery.sceditor.bbcode.min.js', '//cdn.jsdelivr.net/sweetalert/0.1.2/sweet-alert.min.js', 'js/messages.js'); $this->template->content = View::factory('oc-panel/pages/messages/message', array('msg_thread' => $msg_thread, 'messages' => $messages, 'user' => $this->user)); } else { Alert::set(Alert::ERROR, __('Message not found')); $this->redirect(Route::url('oc-panel', array('controller' => 'messages', 'action' => 'index'))); } } else { Alert::set(Alert::ERROR, __('Message not found')); $this->redirect(Route::url('oc-panel', array('controller' => 'messages', 'action' => 'index'))); } }
<?php echo Form::open(Route::get('backend')->uri(array('controller' => 'layout', 'action' => $action, 'id' => $layout->name)), array('id' => 'layoutEditForm', 'class' => 'form-horizontal panel')); ?> <?php echo Form::token('token'); ?> <?php echo Form::hidden('layout_name', $layout->name); ?> <div class="panel-heading"> <div class="form-group form-group-lg"> <label for="layout-input-name" class="col-sm-2 control-label"><?php echo __('Layout name'); ?> </label> <div class="col-sm-10"> <div class="input-group"> <?php echo Form::input('name', $layout->name, array('class' => 'slug form-control', 'id' => 'layout-input-name', 'tabindex' => 1, 'placeholder' => __('Layout name'))); ?> <span class="input-group-addon"><?php echo EXT; ?> </span> </div> </div> </div> </div>
public static function getAllConversationList() { $user_ID = Session::get("account_id"); $conversations = "<div id='gridForm' class='gridContent' style='display:none'></div><div id='loadingAdd' style='display:none'></div>"; $conversations .= '<div class="table-responsive"> <!-- THE MESSAGES --> ' . Form::token() . '<table class="table table-mailbox" id="report" title="conversations">'; $rs = Conversation::getConversationList($user_ID, true); $conversations .= "<tr title=''>\n <td colspan='5'>\n </td>\n </tr>"; if (count($rs['records']) > 0) { foreach ($rs['records'] as $conv) { $conversations .= '<tr ' . (Conversation::getMsgStatus($conv->message_hash) == 0 ? 'class="unread"' : 'class="read"') . ' title="' . $conv->message_hash . '" > <td class="small-col"></td> <td>' . (Conversation::getMsgStatus($conv->message_hash) == 0 ? '<i class="fa fa-star"></i>' : '<i class="fa fa-star-o"></i>') . '</td> <td colspan="3"><b>' . $conv->recipient . '</b> (' . $conv->recipient_email . ') & <b>' . $conv->sender . '</b> (' . $conv->sender_email . ')</td> </tr>'; $conversations .= "<tr title='" . $conv->message_hash . "'>\n <td colspan='5'>\n <div id='loading" . $conv->message_hash . "' class='loadingview'></div>\n <div id='ajaxcontent" . $conv->message_hash . "'>\n </div>\n </td>\n </tr>"; } } else { $conversations .= "<tr title='d'>\n <td colspan='5' style='text-align:center'>\n No conversations \n </td>\n </tr>"; } $pagination = Paginator::make($rs['records'], $rs['total_pages'], Session::get('rec_per_page')); $paginationString = $pagination->links(); $conversations .= '</table> <div class="box-footer clearfix"> <div class="pull-right"> ' . $paginationString . ' </div> </div><!-- box-footer --> </div><!-- /.table-responsive -->'; return $conversations; }
<div class="form-group"> <label class="col-md-2"><?php echo __("Reply"); ?> :</label> <div class="col-md-9 col-sm-9 col-xs-12"> <textarea name="description" rows="10" class="form-control" required><?php echo core::post('description'); ?> </textarea> </div> </div> <?php echo Form::token('reply_ticket'); ?> <div class="form-actions"> <a href="<?php echo Route::url('oc-panel', array('controller' => 'support', 'action' => 'index')); ?> " class="btn btn-default"><?php echo __('Cancel'); ?> </a> <button type="submit" class="btn btn-primary"><?php echo __('Reply'); ?> </button> </div> </form>
/** * Helper to generate hidden html input field with embedded csrf token * * @return string */ function csrf_html() { return Form::token(); }
{!! Form::open(array('method' => 'post', 'class'=>'form-horizontal', 'role'=>'form')) !!} {!! Form::setModel($address); !!} <?php \Form::token(); ?> @include('addresses::fields') <button type="submit" class="btn btn-primary">Save Address</button> {!! Form::close() !!}
/** * Outputs Session and Cookie data in various forms. * Used to understand how Sessions and Cookies are working */ public function getSessionsAndCookies() { # Log in check if (Auth::check()) { echo "You are logged in: " . Auth::user(); } else { echo "You are not logged in."; } echo "<br><br>"; # Cookies echo "<h1>Your Raw, encrypted Cookies</h1>"; echo Paste\Pre::render($_COOKIE, ''); # Decrypted cookies echo "<h1>Your Decrypted Cookies</h1>"; echo Paste\Pre::render(Cookie::get(), ''); echo "<br><br>"; # All Session files echo "<h1>All Session Files</h1>"; $files = File::files(app_path() . '/storage/sessions'); foreach ($files as $file) { if (strstr($file, Cookie::get('laravel_session'))) { echo "<div style='background-color:yellow'><strong>YOUR SESSION FILE:</strong><br>"; } else { echo "<div>"; } echo "<strong>" . $file . "</strong>:<br>" . File::get($file) . "<br>"; echo "</div><br>"; } echo "<br><br>"; # Your Session Data $data = Session::all(); echo "<h1>Your Session Data</h1>"; echo Paste\Pre::render($data, 'Session data'); echo "<br><br>"; # Token echo "<h1>Your CSRF Token</h1>"; echo Form::token(); echo "<script>document.querySelector('[name=_token]').type='text'</script>"; echo "<br><br>"; }
public function testToken() { $form = $this->Form->withToken()->make(array('name' => 'Test')); $this->assertContains(Form::token(), $form); $this->assertTrue(Form::validToken(Form::token())); }
public function action_ticket() { $this->template->scripts['footer'] = array('js/oc-panel/ticket.js'); //after creating the reply we redirect to the ticket view $errors = NULL; $user = Auth::instance()->get_user(); $ticket_id = $this->request->param('id', 0); //getting the parent ticket $ticket = new Model_Ticket(); if (!$user->has_access('supportadmin')) { $ticket->where('id_user', '=', $user->id_user); } $ticket->where('id_ticket', '=', $ticket_id)->where('id_ticket_parent', 'IS', NULL)->limit(1)->find(); if (!$ticket->loaded()) { Alert::set(Alert::ERROR, __('Not your ticket.')); $this->redirect(Route::url('oc-panel', array('controller' => 'support', 'action' => 'index'))); } //marking it as read if was not assign we assign an agent. if ($ticket->status == Model_Ticket::STATUS_CREATED and $user->has_access('supportadmin') and !is_numeric($ticket->id_user_support)) { //modify status of parent ticket $ticket->id_user_support = $user->id_user; $ticket->read_date = Date::unix2mysql(); $ticket->status = Model_Ticket::STATUS_READ; $ticket->save(); } //Change the agent assigned to this ticket if (core::post('agent') and $user->has_access('supportadmin')) { //modify ticket $ticket->id_user_support = core::post('agent'); $ticket->status = Model_Ticket::STATUS_CREATED; $ticket->save(); //send notification to agent $agent = new Model_User(core::post('agent')); $agent->email('assign-agent', array('[TITLE]' => $ticket->title, '[DESCRIPTION]' => $ticket->description, '[URL.QL]' => $agent->ql('oc-panel', array('controller' => 'support', 'action' => 'ticket', 'id' => $ticket->id_ticket)))); Alert::set(Alert::SUCCESS, __('Agent assigned.')); $this->redirect(Route::url('oc-panel', array('controller' => 'support', 'action' => 'index', 'id' => 'admin'))); } //create new reply if ($this->request->post() and Form::token('reply_ticket', TRUE)) { $validation = Validation::factory($this->request->post())->rule('description', 'not_empty')->rule('description', 'min_length', array(':value', 5))->rule('description', 'max_length', array(':value', 1000)); if ($validation->check()) { //creates the answer ticket $ticketr = new Model_Ticket(); $ticketr->id_user = $user->id_user; $ticketr->id_order = $ticket->id_order; $ticketr->id_ticket_parent = $ticket->id_ticket; $ticketr->description = core::post('description'); $ticketr->ip_address = ip2long(Request::$client_ip); $ticketr->save(); unset($_POST['description']); //modify status of parent ticket $ticket->status = Model_Ticket::STATUS_CREATED; $ticket->save(); //an admin answer so we send email to owner of ticket if ($user->has_access('supportadmin')) { $ticket->id_user_support = $user->id_user; $ticket->read_date = Date::unix2mysql(); $ticket->status = Model_Ticket::STATUS_HOLD; $ticket->save(); //send email to creator of the ticket $ticket->user->email('new-reply', array('[TITLE]' => $ticket->title, '[DESCRIPTION]' => $user->signature, '[URL.QL]' => $ticket->user->ql('oc-panel', array('controller' => 'support', 'action' => 'ticket', 'id' => $ticket->id_ticket)))); } elseif (is_numeric($ticket->id_user_support)) { //send notification to agent $agent = new Model_User($ticket->id_user_support); $agent->email('new-reply', array('[TITLE]' => $ticket->title, '[DESCRIPTION]' => $ticketr->description, '[URL.QL]' => $agent->ql('oc-panel', array('controller' => 'support', 'action' => 'ticket', 'id' => $ticket->id_ticket)))); } elseif (core::config('email.new_sale_notify')) { Email::content(core::config('email.notify_email'), NULL, NULL, NULL, 'new-reply', array('[TITLE]' => $ticket->title, '[DESCRIPTION]' => $ticketr->description, '[URL.QL]' => Route::url('oc-panel', array('controller' => 'support', 'action' => 'ticket', 'id' => $ticket->id_ticket)))); } //set empty since they already replied Request::current()->post('description', ''); Alert::set(Alert::SUCCESS, __('Reply created.')); } else { $errors = $validation->errors('ad'); } } //getting all the ticket replies $replies = new Model_Ticket(); $replies = $replies->where('id_ticket_parent', '=', $ticket->id_ticket)->order_by('created', 'asc')->find_all(); Breadcrumbs::add(Breadcrumb::factory()->set_title(__('Ticket'))); $this->template->title = $ticket->title . ' - ' . __('Ticket'); //loading agents/admins $users = NULL; if ($user->has_access('supportadmin')) { //getting the roles that have access to the supportadmin since are the agents ;) $support_roles = array(Model_Role::ROLE_ADMIN); $access = new Model_Access(); $access = $access->where('access', '=', 'supportadmin.*')->find_all(); foreach ($access as $a) { $support_roles[] = $a->id_role; } //getting agents ;) $users_db = DB::select('u.id_user')->select('u.name')->from(array('users', 'u'))->where('id_role', 'in', $support_roles)->as_object()->execute(); foreach ($users_db as $key => $value) { $users[$value->id_user] = $value->name; } } $this->template->bind('content', $content); $this->template->content = View::factory('oc-panel/pages/support/ticket', array('replies' => $replies, 'ticket' => $ticket, 'users' => $users)); $content->errors = $errors; }
$method_string = substr($field->options, 5); $method_parts = explode(',', $method_string); $method = $method_parts['0']; unset($method_parts['0']); if (is_callable($method)) { if (count($method_parts) > 1) { $params = implode(',', $method_parts); $field->options = call_user_func($method, $params); } else { $field->options = call_user_func($method); } } } } if ($type == 'token') { return Form::token(); } elseif ($type == 'password') { return Form::password($field->slug, array('name' => $field->slug)); } elseif ($type == 'textarea') { return Form::textarea($field->slug, $field->value, array('name' => $field->slug)); } elseif ($type == 'select') { $options_lang = array(); if (is_array($field->options)) { foreach ($field->options as $key => $value) { $options_lang[$key] = Lang::line($bundle . '::lang.' . $value)->get(ADM_LANG); } } else { $options = json_decode($field->options, true); if (isset($options) and !empty($options)) { foreach ($options as $key => $value) { $options_lang[$key] = Lang::line($bundle . '::lang.' . $value)->get(ADM_LANG);
<label class="col-sm-3 control-label" for="content"><strong>回覆內容</strong></label> <div class="col-sm-5"> <textarea class="form-control" id="content" name="content" style="width: 650px; min-height: 150px;"><?php echo Arr::get($reply, 'content', ''); ?> </textarea> </div> </div> <!-- title --> <div class="form-group"> <div style="margin-top: 10px;"> <button class="btn" type="button" onclick="history.back();">取消</button> <button class="btn btn-inverse btn-submit">回覆</button> </div> </div> <?php echo Form::token(); ?> <input type="hidden" name="board_id" value="<?php echo $board['id']; ?> " /> </form> @stop @section('bottom') {{ HTML::script(asset('js/admin/widgets/labels/js_widget_labels.js')) }} {{ HTML::script(asset('js/admin/board/js_reply.js')) }} @stop
?> </ul> </div> <?php } ?> <div class="form-group control-group pad_10"> <textarea name="message" rows="7" class="form-control input-xxlarge disable-bbcode" placeholder="Type reply here...." data-editor="html" required><?php echo core::post('message'); ?> </textarea> </div> <div class="form-group"> <?php echo Form::token('reply_message'); ?> </div> </div> </div> <div class="panel-footer text-center"> <a href="<?php echo Route::url('oc-panel', array('controller' => 'messages', 'action' => 'index')); ?> " class="btn btn-default"><?php echo __('Cancel'); ?> </a> <button type="submit" class="btn btn-success"><?php echo __('Reply'); ?>
}); /* * ------------------------------------------------------------------------------------- * Application Routes * ------------------------------------------------------------------------------------- */ Route::get('login', 'LoginController@show'); Route::post('login', 'LoginController@login'); Route::get('logout', 'LoginController@logout'); Route::group(array('prefix' => 'app', 'before' => 'auth'), function () { Route::get('/', function () { return View::make('layouts.application', array('content' => '')); }); Route::resource('teachers', 'AppTeachersController'); }); Route::group(array('prefix' => 'admin', 'before' => 'auth'), function () { Route::get('/', 'AppTeachersController@index'); Route::resource('teachers', 'AppTeachersController'); Route::resource('students', 'AppStudentsController'); Route::resource('careers', 'AppCareersController'); }); // Route::get('api', function(){ // $uri = 'https://github.com/api/v2/xml/user/show/nategood'; // $res = HttpfulReq::get($uri)->send(); // return "bien"; // }); Route::get('test', array('before' => 'api.type:json'), function () { $sess_token = Session::token(); $form_token = Form::token(); return Response::make("Sess token: {$sess_token} <br>Form token: {$form_token}", 200); });