public function action_detail($id = 0) { $data["forum"] = Model_Forum::find($id); if ($data["forum"] == null) { Response::redirect("/teachers/forum/"); } if (Input::get("del_id", null) != null) { $del_comment = Model_Comment::find(Input::get("del_id", 0)); if ($del_comment->user_id == $this->user->id) { $del_comment->deleted_at = time(); $del_comment->save(); } } // add if (Input::post("body", "") != "" and Security::check_token()) { // save $comment = Model_Comment::forge(); $comment->body = Input::post("body", ""); $comment->forum_id = $id; $comment->user_id = $this->user->id; $comment->save(); } $data["user"] = $this->user; $view = View::forge("teachers/forum/detail", $data); $this->template->content = $view; }
public function action_detail($id = 0) { $data['pasts'] = Model_Lessontime::find("all", ["where" => [["student_id", $this->user->id], ["status", 2], ["language", Input::get("course", 0)], ["deleted_at", 0]]]); $data["donetrial"] = Model_Lessontime::find("all", ["where" => [["student_id", $this->user->id], ["status", 2], ["language", Input::get("course", -1)], ["deleted_at", 0]]]); $data["forum"] = Model_Contactforum::find($id); if ($data["forum"] == null) { Response::redirect("/students/contactforum/"); } if (Input::get("del_id", null) != null) { $del_comment = Model_Contactcomment::find(Input::get("del_id", 0)); if ($del_comment->user_id == $this->user->id) { $del_comment->deleted_at = time(); $del_comment->save(); } } // add if (Input::post("body", "") != "" and Security::check_token()) { // save $comment = Model_Contactcomment::forge(); $comment->body = Input::post("body", ""); $comment->contactforum_id = $id; $comment->user_id = $this->user->id; $comment->save(); $data["forum"]->is_read = 0; $data["forum"]->save(); } $data["user"] = $this->user; $view = View::forge("students/contacts/forum/detail", $data); $this->template->content = $view; }
public function action_edit($id = null, $one = null, $two = null) { $redirect = $two ? $one . '/' . $two : $one; $auction = Model_Auction::find($id); $val = Model_Auction::validate_edit(); if ($val->run()) { $auction->item_count = Input::post('item_count'); $auction->price = Input::post('price'); $auction->memo = Input::post('memo'); if (\Security::check_token() && $auction->save()) { Session::set_flash('success', e('Updated auction #' . $auction->auc_id)); Response::redirect('admin/' . $redirect); } else { Session::set_flash('error', e('Could not update auction #' . $auction->auc_id)); } } else { if (Input::method() == 'POST') { $auction->item_count = $val->validated('item_count'); $auction->price = $val->validated('price'); $auction->memo = $val->validated('memo'); Session::set_flash('error', $val->error()); } $this->template->set_global('auction', $auction, false); } $this->template->set_global('redirect', $redirect, false); $this->template->title = $auction->title; $this->template->content = View::forge('admin/auction/edit'); }
public function action_change() { //トークンの生成 $this->action_csrf(); //バリデーション定義 $val = Validation::forge(); $val->add('password', '「現在のパスワード」')->add_rule('required')->add_rule('min_length', 8)->add_rule('max_length', 12); $val->add('newpassword', '「新しいパスワード」または、「(新)パスワード再入力」')->add_rule('required')->add_rule('min_length', 8)->add_rule('max_length', 12); $this->action_category(); if (Input::post()) { if (Security::check_token()) { if ($val->run()) { $username = Auth::get_screen_name(); //現在のパスワード $old_password = Input::post('password'); //新しいパスワード $new_password = Input::post('newpassword'); //パスワードを変更するメソッド Auth::change_password($old_password, $new_password, $username); $this->message = 'パスワードが変更されました。'; $view = View::forge('changepass/ChangePass', $this->data); $view->set_global('message', $this->message, false); $view->set_global('error', $this->error, false); } else { $this->error = $val->error(); $view = View::forge('changepass/ChangePass', $this->data); $view->set_global('message', $this->message, false); $view->set_global('error', $this->error, false); } } else { Profiler::mark('CSRF攻撃'); } } return $view; }
public function action_submit() { if (!Security::check_token()) { Response::redirect('_404_'); } if (Session::get_flash('name')) { $contact = Model_Contact::forge(); $contact->title = Session::get_flash("title"); $contact->body = Session::get_flash("body"); $body = View::forge("email/contact"); $body->set("name", Session::get_flash('name')); $body->set("email", Session::get_flash('email')); $body->set("body", Session::get_flash('body')); $sendmail = Email::forge("JIS"); $sendmail->from(Config::get("statics.info_email"), Config::get("statics.info_name")); $sendmail->to(Config::get("statics.info_email")); $sendmail->subject("We got contact/ Game-bootcamp"); $sendmail->body($body); $sendmail->send(); } $this->template->title = "Contact"; $this->template->sub = "How can we help you?"; $view = View::forge("contacts/send"); $this->template->content = $view; }
public function action_send() { // CSRF対策 if (!Security::check_token()) { throw new HttpInvalidInputException('ページ遷移が正しくありません'); } $val = $this->forge_validation()->add_callable('MyValidationRules'); if (!$val->run()) { $this->template->title = 'コンタクトフォーム: エラー'; $this->template->content = View::forge('form/index'); $this->template->content->set_safe('html_error', $val->show_errors()); return; } $post = $val->validated(); $data = $this->build_mail($post); // メールの送信 try { $this->sendmail($data); $this->template->title = 'コンタクトフォーム: 送信完了'; $this->template->content = View::forge('form/send'); return; } catch (EmailValidationFailedException $e) { Log::error('メール検証エラー: ' . $e->getMessage(), __METHOD__); $html_error = '<p>メールアドレスに誤りがあります。</p>'; } catch (EmailSendingFailedException $e) { Log::error('メール送信エラー: ' . $e->getMessage(), __METHOD__); $html_error = '<p>メールを送信できませんでした。</p>'; } $this->template->title = 'コンタクトフォーム: 送信エラー'; $this->template->content = View::forge('form/index'); $this->template->content->set_safe('html_error', $html_error); }
public function action_index() { $is_chenged = false; $data["password_error"] = ""; if (Input::post("timezone", null) !== null and Security::check_token()) { $this->user->timezone = Input::post("timezone", ""); $this->user->save(); $is_chenged = true; } if (Input::post("need_reservation_email", null) !== null and Security::check_token()) { $this->user->need_reservation_email = Input::post("need_reservation_email", 1); $this->user->need_news_email = Input::post("need_news_email", 1); $this->user->save(); $is_chenged = true; } if (Input::post("password", null) != null and Security::check_token()) { $val = Validation::forge(); $val->add_callable('passwordvalidation'); $val->add_field("password", Lang::get('forgotpassword.password'), "required|match_field[password2]|password"); $val->add_field("password2", Lang::get('forgotpassword.password'), "required|match_field[password]|password"); if ($val->run()) { $this->user->password = Auth::instance()->hash_password(Input::post('password', "")); $this->user->save(); $is_chenged = true; } else { $data["password_error"] = "password does not matched."; } } $data["user"] = $this->user; $data["is_chenged"] = $is_chenged; $view = View::forge("teachers/setting", $data); $this->template->content = $view; }
public function action_send() { if (!\Security::check_token()) { \Log::error('CSRF: ' . \Input::uri() . ' ' . \Input::ip() . ' "' . \Input::user_agent() . '"'); throw new HttpInvalidInputException('Invalid input data'); } $val = $this->form()->validation(); $val->add_callable('myvalidation'); if ($val->run()) { $post = $val->validated(); \Config::load('contact', true); $data = array(); $data['email'] = $post['email']; $data['name'] = $post['name']; $data['to'] = \Config::get('contact.admin_email'); $data['to_name'] = \Config::get('contact.admin_name'); $data['subject'] = \Config::get('contact.mail_subject'); $data['ip'] = \Input::ip(); $data['ua'] = \Input::user_agent(); $langs = implode(' ', $post['lang']); $data['body'] = <<<END ==================== 名前: {$post['name']} メールアドレス: {$post['email']} IPアドレス: {$data['ip']} ブラウザ: {$data['ua']} ==================== コメント: {$post['comment']} 性別: {$post['gender']} 問い合わせの種類: {$post['kind']} 好きな鳥: {$langs} ==================== END; try { $this->sendmail($data); $this->save($data); $this->template->title = 'コンタクトフォーム: 送信完了'; $this->template->content = View::forge('contact/send'); } catch (EmailValidationFailedException $e) { $this->template->title = 'コンタクトフォーム: 送信エラー'; $this->template->content = View::forge('contact/error'); \Log::error(__METHOD__ . ' email validation error: ' . $e->getMessage()); } catch (EmailSendingFailedException $e) { $this->template->title = 'コンタクトフォーム: 送信エラー'; $this->template->content = View::forge('contact/error'); \Log::error(__METHOD__ . ' email sending error: ' . $e->getMessage()); } catch (EmailSavingFailedException $e) { $this->template->title = 'コンタクトフォーム: 送信エラー'; $this->template->content = View::forge('contact/error'); \Log::error(__METHOD__ . ' email saving error: ' . $e->getMessage()); } } else { $this->template->title = 'コンタクトフォーム: エラー'; $this->template->content = View::forge('contact/index'); $this->template->content->set_safe('html_error', $val->show_errors()); } }
protected function checkCsrf($token = null) { if (!Security::check_token($token)) { Logger::error(new Exception('CSRF Error')); // Controller_Auth::logout(); return Response::redirect(); } }
/** * ユーザ登録 * * @access public * @return View */ public function action_signup() { //認証チェック if (\Auth::check()) { Response::redirect('mypage'); } $view = View::forge('auth/signup'); //フォーム生成 $form = Formparts::signup(); //入力有り if (\Input::post()) { if (!\Security::check_token()) { $view->set_global('massage', array('css' => 'warning', 'content' => '再読み込みは無効な操作です。')); } else { // if (\Input::post('password') != \Input::post('re-password')) { $form->repopulate(); $view->set_global('massage', array('css' => 'warning', 'content' => 'パスワードが一致していません。')); } else { $val = $form->validation(); if ($val->run()) { try { $result = \Auth::create_user(\Input::post('username'), \Input::post('password'), \Input::post('email'), 1, array('firstname' => \Input::post('firstname'), 'lastname' => \Input::post('lastname'))); if ($result) { if (\Auth::instance()->login(\Input::post('username'), \Input::post('password'))) { // ログインしマイページに移動 return \Response::redirect('mypage'); } else { $view->set_global('massage', array('css' => 'danger', 'content' => '予期せぬエラーです。')); } } } catch (\SimpleUserUpdateException $e) { switch ($e->getCode()) { case 2: // メールアドレスが重複 $view->set_global('massage', array('css' => 'warning', 'content' => 'メールアドレスが重複しています。')); break; case 3: // ユーザー名が重複 $view->set_global('massage', array('css' => 'warning', 'content' => 'ユーザ名が重複しています。')); break; default: // これは起こり得ないが、ずっとそうとは限らない... $view->set_global('massage', array('css' => 'danger', 'content' => '予期せぬエラーです。')); } } } else { $form->repopulate(); $view->set_global('errors', $val->error()); } } } } // $form->build(); $view->set_safe('form', $form); return $view; }
public function action_send() { $data['token_key'] = Config::get('security.csrf_token_key'); $data['token'] = Security::fetch_token(); $error = array(); if (Security::check_token()) { $val = Validation::forge(); $val->add_field('username', 'ユーザID', 'required|max_length[9]'); $val->add_field('mail', 'メールアドレス', 'required|valid_email'); if ($val->run()) { //受信データの整理 $username = Input::post('username'); $email = Input::post('mail'); //登録ユーザの有無の確認 $user_count = Model_Users::query()->where('username', $username)->where('email', $email)->count(); //該当ユーザがいれば if ($user_count > 0) { //Authのインスタンス化 $auth = Auth::instance(); //新しいパスワードの自動発行 $repass = $auth->reset_password($username); //送信データの整理 $data['fullname'] = Model_Users::query()->select('fullname')->where('username', $username)->get(); $data['repass'] = $repass; $data['email'] = $email; $data['anchor'] = 'login'; $body = View::forge('login/email/autorepass', $data); //Eメールのインスタンス化 $sendmail = Email::forge(); //メール情報の設定 $sendmail->from('*****@*****.**', ''); $sendmail->to($email, $username); $sendmail->subject('パスワードの再発行'); $sendmail->html_body($body); //メールの送信 $sendmail->send(); $view = View::forge('login/success', $data); //該当者0のとき } else { $view = View::forge('login/contact', $data); $msg = '該当者が存在しませんでした。'; $view->set('msg', $msg); } //バリデーションエラー } else { $error = $val->error(); $view = View::forge('login/contact', $data); $view->set_global('error', $error, false); } //CSRF対策 } else { $view = View::forge('login/contact', $data); $msg = 'CSRF対策です'; $view->set('msg', $msg); } return $view; }
public function action_index() { $is_chenged = false; if ($this->user->bank == null) { $this->user->bank = Model_Bank::forge(); $this->user->bank->user_id = $this->user->id; $this->user->bank->save(); } if (Input::post("firstname", null) != null and Security::check_token()) { $email = Input::post("email", null); if ($email != $this->user->email) { $check_user = Model_User::find("first", ["where" => [["email" => $email]]]); if ($check_user == null) { $this->email = $email; } else { $data["error"] = "This email is already in use."; } } $config = ["path" => DOCROOT . "assets/img/pictures/", 'randomize' => true, 'auto_rename' => true, 'ext_whitelist' => array('img', 'jpg', 'jpeg', 'gif', 'png')]; Upload::process($config); if (Upload::is_valid()) { Upload::save(); $saved_result = Upload::get_files(); $file_name = $saved_result[0]['saved_as']; $image = Image::load($config["path"] . $file_name); $image->crop_resize(200, 200)->save($config["path"] . "m_" . $file_name); $image->crop_resize(86, 86)->save($config["path"] . "s_" . $file_name); $this->user->img_path = $file_name; } else { $error = Upload::get_errors(); } if (!isset($data["error"])) { $this->user->firstname = Input::post("firstname", ""); $this->user->middlename = Input::post("middlename", ""); $this->user->lastname = Input::post("lastname", ""); $this->user->google_account = Input::post("google_account", ""); $this->user->pr = Input::post("pr", ""); $this->user->educational_background = Input::post("educational_background", ""); $this->user->enchantJS = Input::post("enchantJS", 0); $this->user->trial = Input::post("trial", 0); $this->user->save(); $this->user->bank->name = Input::post("bank_name", ""); $this->user->bank->branch = Input::post("bank_branch", ""); $this->user->bank->account = Input::post("bank_account", ""); $this->user->bank->number = Input::post("bank_number", ""); $this->user->bank->etc = Input::post("bank_etc", ""); $this->user->bank->type = Input::post("bank_type", 0); $this->user->bank->save(); $is_chenged = true; } } $data["user"] = $this->user; $data["is_chenged"] = $is_chenged; $view = View::forge("teachers/profile", $data); $this->template->content = $view; }
public function before() { parent::before(); $this->template->active = ''; if (Input::method() != 'GET') { if (!Security::check_token()) { throw new Exception('Security token is bad.'); } } }
function get_action() { $result = Request::get(self::PARAM_ACTION, self::ACTION_DEFAULT); if ($result != self::ACTION_DEFAULT) { $passed = Security::check_token('get'); Security::clear_token(); $result = $passed ? $result : self::ACTION_SECURITY_FAILED; } return $result; }
public function action_send() { // CSRF対策 if (!Security::check_token()) { throw new HttpInvalidInputException('ページ遷移が正しくありません'); } $form = $this->forge_form(); $val = $form->validation()->add_callable('MyValidationRules'); if (!$val->run()) { $form->repopulate(); $this->template->title = 'コンタクトフォーム: エラー'; $this->template->content = View::forge('form/index'); $this->template->content->set_safe('html_error', $val->show_errors()); $this->template->content->set_safe('html_form', $form->build('form/confirm')); return; } $post = $val->validated(); $post['ip_address'] = Input::ip(); $post['user_agent'] = Input::user_agent(); unset($post['submit']); // データベースへ保存 $model_form = Model_Form::forge($post); $ret = $model_form->save(); if (!$ret) { Log::error('データベース保存エラー', __METHOD__); $form->repopulate(); $this->template->title = 'コンタクトフォーム: サーバエラー'; $this->template->content = View::forge('form/index'); $html_error = '<p>サーバでエラーが発生しました。</p>'; $this->template->content->set_safe('html_error', $html_error); $this->template->content->set_safe('html_form', $form->build('form/confirm')); return; } // メールの送信 try { $mail = new Model_Mail(); $mail->send($post); $this->template->title = 'コンタクトフォーム: 送信完了'; $this->template->content = View::forge('form/send'); return; } catch (EmailValidationFailedException $e) { Log::error('メール検証エラー: ' . $e->getMessage(), __METHOD__); $html_error = '<p>メールアドレスに誤りがあります。</p>'; } catch (EmailSendingFailedException $e) { Log::error('メール送信エラー: ' . $e->getMessage(), __METHOD__); $html_error = '<p>メールを送信できませんでした。</p>'; } $form->repopulate(); $this->template->title = 'コンタクトフォーム: 送信エラー'; $this->template->content = View::forge('form/index'); $this->template->content->set_safe('html_error', $html_error); $this->template->content->set_safe('html_form', $form->build('form/confirm')); }
public function action_index() { $this->template = View::forge("students/template"); // login if (Input::post("email", null) !== null and Security::check_token()) { $email = Input::post('email', null); $password = Input::post('password', null); $where = [["email", $email], ["deleted_at", 0]]; $gameUser = Model_User::find("all", ["where" => $where]); if (count($gameUser) >= 1) { if ($this->auth->login($email, $password)) { if (Input::post('remember_me', null) == 1) { $this->auth->remember_me(); } $type = Input::post('type', 0); if (Input::post('pay', 0) != 1 && Input::post('doc', 0) != 1) { Response::redirect('/students/top'); } else { if (Input::post('pay') != 0 || Input::post('pay') != NULL) { if (Input::post('method', 0) == 1) { Response::redirect('/coursefee/cash/?g=1#upload'); } elseif (Input::post('method', 0) == 2) { Response::redirect('/coursefee/remit/?g=2#done'); } elseif (Input::post('method', 0) == 3) { Response::redirect('/students/courses'); } elseif (Input::post('method', 0) == 4) { Response::redirect('/coursefee/cash/?g=4#upload'); } } if (Input::post('doc', 0) != 0 || Input::post('doc') != NULL) { $user = Model_User::query()->where('email', $email)->where('deleted_at', 0)->limit(1)->get_one(); $query = Model_User::find($user->id); $place = $query->place; if ($place == 1) { Response::redirect('/join/?open=2'); } else { Response::redirect('/join/?open=1'); } } } } else { Response::redirect('/students/signin?e=1'); } } else { Response::redirect('/students/signin?e=1'); } } $view = View::forge("students/signin"); $this->template->content = $view; $this->template->title = "Signin"; $this->template->auth_status = false; }
public function action_delete($id = null) { if ($category = Model_Category::find($id) and \Security::check_token()) { $category->delete(); Session::set_flash('success', e('Deleted category #' . $id)); } else { if (!\Security::check_token()) { Session::set_flash('error', e('Could not delete category #' . $id . ', CSRF token not valid!')); } else { Session::set_flash('error', e('Could not delete category #' . $id)); } } Response::redirect('blog/admin/category'); }
public function action_delete($id = null) { if ($comment = Model_Comment::find($id) and \Security::check_token()) { $comment->delete(); Session::set_flash('success', e('Deleted comment #' . $id)); } else { if (!\Security::check_token()) { Session::set_flash('error', e('Could not delete comment #' . $id . ', CSRF token not valid!')); } else { Session::set_flash('error', e('Could not delete comment #' . $id)); } } Response::redirect('admin/comment'); }
public function action_delete($id = null, $one = null, $two = null) { $redirect = $two ? $one . '/' . $two : $one; if ($part = \Model_Part::find($id) and \Security::check_token()) { foreach ($part->auctions as $auction) { $auction->part_id = null; $auction->save(); } $part->delete(); Session::set_flash('success', e('Deleted part #' . $id)); } else { Session::set_flash('error', e('Could not delete part #' . $id)); } Response::redirect('admin/' . $redirect); }
public function action_submit() { if (!Security::check_token()) { Response::redirect('_404_'); } if (Session::get_flash('title')) { $contact = Model_Contact::forge(); $contact->title = Session::get_flash("title"); $contact->body = Session::get_flash("body"); $contact->user_id = $this->user->id; $contact->save(); } else { Response::redirect('_404_'); } $this->template->content = View::forge('teachers/contact/finish'); }
public function action_submit() { if (!Security::check_token()) { Response::redirect('_404_'); } if (Session::get_flash('email')) { $email = Session::get_flash("email"); try { Auth::create_user($email, Session::get_flash("password"), $email, 10); $user = Model_User::find("first", ["where" => [["email", $email]]]); if ($user != null) { $user->sex = Session::get_flash("sex"); $user->firstname = Session::get_flash("firstname"); $user->middlename = Session::get_flash("middlename"); $user->lastname = Session::get_flash("lastname"); $user->birthday = Session::get_flash("year") . "-" . Session::get_flash("month") . "-" . Session::get_flash("day"); $user->google_account = Session::get_flash("google_account"); $user->need_reservation_email = Session::get_flash("need_reservation_email"); $user->need_news_email = Session::get_flash("need_news_email"); $user->timezone = Session::get_flash("timezone"); $user->pr = Session::get_flash("pr"); $user->educational_background = Session::get_flash("educational_background"); $user->trial = Session::get_flash("trial"); $user->enchantJS = Session::get_flash("enchantJS"); $user->save(); // send mail $body = View::forge("email/teachers/signup"); $body->set("name", $user->firstname); $body->set("user", $user); $body->set("ymd", explode("-", $user->birthday)); $sendmail = Email::forge("JIS"); $sendmail->from(Config::get("statics.info_email"), Config::get("statics.info_name")); $sendmail->to($user->email); $sendmail->subject("Welcome Aboard! / Game-bootcamp"); $sendmail->html_body(htmlspecialchars_decode($body)); $sendmail->send(); } else { Response::redirect('_404_'); } } catch (Exception $e) { Response::redirect('_404_'); } } else { Response::redirect('_404_'); } $this->template->content = View::forge('teachers/signup/finish'); }
public function action_submit() { if (!Security::check_token()) { Response::redirect('_404_'); } if (Session::get_flash('email')) { $email = Session::get_flash("email"); Auth::create_user($email, Session::get_flash("password"), $email, 1); $user = Model_User::find("first", ["where" => [["email", $email]]]); if ($user != null) { $user->sex = Session::get_flash("sex"); $user->firstname = Session::get_flash("firstname"); $user->middlename = Session::get_flash("middlename"); $user->lastname = Session::get_flash("lastname"); $user->birthday = Session::get_flash("year") . "-" . Session::get_flash("month") . "-" . Session::get_flash("day"); $user->google_account = Session::get_flash("google_account"); $user->need_reservation_email = Session::get_flash("need_reservation_email"); $user->need_news_email = Session::get_flash("need_news_email"); $user->timezone = Session::get_flash("timezone"); $user->place = Session::get_flash("grameen"); $user->grameen_student = Session::get_flash("grameen_student"); $user->nationality = Session::get_flash("nationality"); $user->save(); // send mail $body = View::forge("email/students/signup"); $body->set("name", $user->firstname); $body->set("user", $user); $body->set("ymd", explode("-", $user->birthday)); $sendmail = Email::forge("JIS"); $sendmail->from(Config::get("statics.info_email"), Config::get("statics.info_name")); $sendmail->to($user->email); $sendmail->subject("Welcome Aboard! / Game-BootCamp"); $sendmail->html_body(htmlspecialchars_decode($body)); $documents = Model_Document::query()->where('type', 1)->where('deleted_at', 0)->limit(1)->get_one(); if (count($documents) > 0) { $query = Model_Document::find($documents->id); $sendmail->attach(DOCROOT . '/contents/' . $query->path); } $sendmail->send(); } else { Response::redirect('_404_/?hehe'); } } else { Response::redirect('_404_'); } $this->template->content = View::forge('students/signup/finish'); }
public function action_done() { if (!Security::check_token()) { throw new HttpInvalidInputException('正しいルートからアクセスしてください。'); } $val = $this->regist_validation()->add_callable('MyValidationRules'); if (!$val->run()) { $this->template->title = '入力エラー | ReviewBook'; $this->template->content = View::forge('regist_form/form'); $this->template->content->set_safe('html_error', $val->show_errors()); return; } Auth::create_user(Input::post('username'), Input::post('password'), Input::post('email')); // Auth::create_user( 'test','test123','*****@*****.**' ); $this->template->title = '登録完了 | ReviewBook'; $this->template->content = View::forge('regist_form/done'); }
/** * CSRF対策のトークンをチェックする。 * 異常時はログに書き込む * @return boolean */ static function chkCSRFToken($file = null, $line = null) { if (ENABLE_CSRF == TRUE) { return true; } if ($_POST) { // CSRF トークンが正しいかチェック if (\Security::check_token()) { return true; } } $msg2 = 'Invalid CSRF Token'; // Log::error($msg2); $log = new Logging(); $log->writeLog_Warning($msg2, $file, $line); return false; }
public function action_index() { $is_chenged = false; $data["password_error"] = ""; if (Input::post("place", null) !== null and Security::check_token()) { $this->user->place = Input::post("place", ""); $this->user->save(); $is_chenged = true; } if (Input::post("grameen_student", null) !== null and Security::check_token()) { $this->user->grameen_student = Input::post("grameen_student", ""); $this->user->save(); $is_chenged = true; } if (Input::post("timezone", null) !== null and Security::check_token()) { $this->user->timezone = Input::post("timezone", ""); $this->user->save(); $is_chenged = true; } if (Input::post("need_reservation_email", null) !== null and Security::check_token()) { $this->user->need_reservation_email = Input::post("need_reservation_email", 1); $this->user->need_news_email = Input::post("need_news_email", 1); $this->user->save(); $is_chenged = true; } if (Input::post("password", null) != null and Security::check_token()) { $val = Validation::forge(); $val->add_callable('passwordvalidation'); $val->add_field("password", Lang::get('forgotpassword.password'), "required|match_field[password2]|password"); $val->add_field("password2", Lang::get('forgotpassword.password'), "required|match_field[password]|password"); if ($val->run()) { $this->user->password = Auth::instance()->hash_password(Input::post('password', "")); $this->user->save(); $is_chenged = true; } else { $data["password_error"] = "password does not matched."; } } $data['pasts'] = Model_Lessontime::find("all", ["where" => [["student_id", $this->user->id], ["status", 2], ["language", Input::get("course", 0)], ["deleted_at", 0]]]); $data["donetrial"] = Model_Lessontime::find("all", ["where" => [["student_id", $this->user->id], ["status", 2], ["language", Input::get("course", -1)], ["deleted_at", 0]]]); $data["user"] = $this->user; $data["is_chenged"] = $is_chenged; $view = View::forge("students/setting", $data); $this->template->content = $view; }
public function action_index() { $this->template = View::forge("admin/template"); // login if (Input::post("email", null) !== null and Security::check_token()) { $email = Input::post('email', null); $password = Input::post('password', null); if ($this->auth->login($email, $password)) { Response::redirect('/admin/top'); } else { Response::redirect('/admin/signin?e=1'); } } $view = View::forge("admin/signin"); $this->template->content = $view; $this->template->title = "Signin"; $this->template->auth_status = false; }
/** * 仮登録完了画面 * ユーザ登録実行後、アクティベートURLを含む認証メールをユーザに送付します * ユーザ作成箇所につきこの箇所のみCSRFチェックを実行いたします。 * * @todo エラーメッセージのview側への組み込み * @todo 検討: emailにunique制約が入っており、ここで中途半端にページを閉じると同じIDで登録できない * @todo confirmでリロードした後にこの画面に遷移すると、passwordがとれずユーザが発行されない * @todo ユーザの作成からトークン発行までをtransaction処理にする * @author shimma * @access public * @return void */ public function post_verify() { if (!Security::check_token()) { throw new SystemException(\Model_Error::ER00301); } $fieldset = self::createFieldset(); $properties = array_filter($fieldset->validation()->validated(), 'strlen'); try { $new_user = Model_User::createNewUser($properties['email'], $properties['password'], $properties); $new_token = Model_Token::generate($new_user->user_id); $email_template_params = array('nick_name' => $new_user->nick_name, 'activate_url' => $new_token->getActivationUrl()); $new_user->sendmail('signup/verify', $email_template_params); } catch (Exception $e) { throw $e; } $this->template->content = View::forge('signup/verify'); $this->template->content->set('user_input', $properties); }
public function action_send($Pid = 0) { $this->action_csrf(); $val = Validation::forge(); $val->add('sentence', '通報内容')->add_rule('required'); $username = Auth::get_screen_name(); $address = Auth::get_email(); $problem = Input::post('problem'); $email = Email::forge(); $email->from('*****@*****.**'); $email->to($address); $email->subject('投稿ID ' . $Pid . '番に対する「' . $problem . '」の通報がありました。'); $body = Input::post('sentence'); $email->body($body); if ($val->run()) { if (Security::check_token()) { try { $email->send(); $view = View::forge('problemreport/success'); return $view; } catch (\EmailValidationFailedException $e) { $view = View::forge('welcome/404'); return $view; } catch (\EmailSendingFailedException $e) { } } else { $this->error['csrf'] = '「CSRFエラー」です。<br>もう一度最初からアクセスし直してください。。'; $this->action_csrf(); $this->action_post($Pid); $this->data['categorize'] = Model_Category::query()->where('df', '=', '0')->get(); $view = View::forge('problemreport/ProblemReport', $this->data); $view->set_global('error', $this->error, false); return $view; } } else { $this->error = $val->error(); $this->action_csrf(); $this->action_post($Pid); $this->data['categorize'] = Model_Category::query()->where('df', '=', '0')->get(); $view = View::forge('problemreport/ProblemReport', $this->data); $view->set_global('error', $this->error, false); return $view; } }
/** * 完了画面 * * @access public * @return void */ public function post_thanks() { if (!Security::check_token()) { throw new SystemException(\Model_Error::ER00602); } $view = View::forge('inquiry/thanks'); $this->setMetaTag('inquiry/thanks'); $this->template->content = $view; try { $contact = $this->registerContact(); } catch (Exception $e) { throw new SystemException(\Model_Error::ER00601); } try { $this->sendMailToUserAndAdmin($contact); } catch (Exception $e) { throw new SystemException(\Model_Error::ER00602); } }
public function action_login() { // already logged in? if (\Auth::check()) { // yes, so go back to the page the user came from, or the // application dashboard if no previous page can be detected \Messages::info(__('user.login.already-logged-in')); \Response::redirect_back(); } // was the login form posted? if (\Input::method() == 'POST') { // check for a valid CSRF token if (!\Security::check_token()) { // CSRF attack or expired CSRF token // login failed, show an error message \Messages::error(__('user.login.failure')); \Response::redirect_back(); } else { // token is valid, you can process the form input //// check the credentials. if (\Auth::instance()->login(\Input::param('username'), \Input::param('password'))) { $user = \Input::param('username'); \Messages::info("Welcome back {$user}"); /* * FIxes loop problem after redirect * ( Input::referrer() === $main_login_forms or Input::referrer() === $main_registration_forms ) */ $main_login_forms = Uri::base(false) . $this->selfReferrerLogin; $main_registration_forms = Uri::base(false) . $this->selfReferrerRegistration; if (Input::referrer() === $main_login_forms or Input::referrer() === $main_registration_forms) { \Response::redirect('/'); } \Response::redirect_back(); } else { // login failed, show an error message \Messages::error(__('user.login.failure')); \Response::redirect_back(); } } } // display the login page $this->template->content = View::forge('user/login'); }