/** * Set the headers for the request * @param array $options * @return array $headers */ private function setHeaders(array $options) { $format = $options['format']; $authToken = $this->session->getToken(); $accessToken = $authToken['access_token']; $tokenType = $authToken['token_type']; $this->headers['Authorization'] = "{$tokenType} {$accessToken}"; $this->setRequestFormat($options['format']); $this->setCompression($options); }
public function getGroups($value = '') { /* supply data=======================================================-============================*/ $groups_all = $this->groupRepository->all(); // dd(count($groups)); $perPage = 10; $currentPage = Input::get('page') - 1; $pagedData = array_slice($groups_all, $currentPage * $perPage, $perPage); $groups = new Paginator($pagedData, $perPage, $currentPage); $rows = []; foreach ($groups as $i => $group) { $permissions = $group->getPermissions(); $keys = array_keys($permissions); $last_key = end($keys); $v_permisson = ''; // dd($permissions); foreach ($permissions as $key => $value) { // dd($key); $v_permisson .= ucfirst($key) . ($key == $last_key ? '' : ', '); } $rows[$i]['id'] = $group->hash; $rows[$i]['name'] = $group->name; $rows[$i]['permission'] = $v_permisson; $rows[$i]['token'] = \Session::getToken(); $i++; } /* return for view =======================================================1*/ $total = count($groups_all); $data['rows'] = $rows; $data['total'] = $total; return $data; }
/** * Testing redirect with logged in user. */ public function testLoginShouldRedirectUser() { $credentials = array('email' => '*****@*****.**', 'password' => 'admin', 'csrf_token' => Session::getToken()); $this->withInput($credentials)->requestAction('POST', 'UserController@postLogin'); $this->requestAction('GET', 'UserController@getLogin'); $this->assertRedirection(URL::to('/')); }
public static function checkToken($token) { $tokenName = Session::getToken('tokenName'); //var_dump($tokenName); if ($tokenName === $token) { Session::destroySession('tokenName'); return true; } return false; }
public function run() { # vars to _always_ send to templates $this->defaultVars = array('referer' => $this->referer, 'view' => $this->view, 'poche_url' => Tools::getPocheUrl(), 'title' => _('wallabag, a read it later open source system'), 'token' => \Session::getToken(), 'theme' => $this->wallabag->tpl->getTheme()); $this->_launchAction(); $this->_defineTplInformation(); # because messages can be added in $poche->action(), we have to add this entry now (we can add it before) $this->vars = array_merge($this->vars, array('messages' => $this->wallabag->messages->display('all', FALSE))); $this->_render($this->file, $this->vars); }
/** * Make sure the CSRF token exists and is valid. * This should be checked on most forms and get methods that manipulate state. */ public static function checkToken() { // Check to see if the token is what it needs to be if (Input::exists('_token') && Input::get('_token') == Session::getToken()) { return; } // Check to see if it's the secret development token if (Input::exists('_token') && Input::get('_token') === DEVELOPMENT_KEY) { return; } // Throw a token mismatch error throw new Exception('Token mismatch.'); }
/** * Test testFormOpen() * * @return void */ public function testFormOpen() { // Instantiate api helper $api = new \App\Helpers\ApiHelper(); // Grab an event from $event = $api->index('events'); $event = $event['data']['events'][0]; // Set event id $eventId = $event['id']; // Set token to pass with form $token = Session::getToken(); // Post schedule with data $result = $this->call('POST', 'events/schedules/create/' . $eventId, ['_token' => $token, 'startDate' => '2018-11-11', 'startTime' => '20:00:00', 'endDate' => '2018-11-11', 'endTime' => '21:00:00', 'timeZoneId' => '6']); // Check Response for post to be a 302 $this->assertResponseStatus(302); }
return Redirect::action('AuthController@getLogin'); } // if ( Auth::check() ) return Redirect::action('AuthController@getLogin'); }); /* |-------------------------------------------------------------------------- | CSRF Protection Filter |-------------------------------------------------------------------------- | | The CSRF filter is responsible for protecting your application against | cross-site request forgery attacks. If this special token in a user | session does not match the one given in this request, we'll bail. | */ Route::filter('csrf', function () { if (Session::getToken() !== Input::get('_token')) { throw new Illuminate\Session\TokenMismatchException(); } }); Route::filter('Moderator', function () { if (!(Entrust::hasRole('admin') || Entrust::hasRole('moderator'))) { return Redirect::to('forbidden')->with('error', 'Sorry You Do not have access to this page'); } }); Route::filter('Admin', function () { if (!Entrust::hasRole('admin')) { return Redirect::to('forbidden')->with('errors', 'Sorry You Do not have access to this page'); } }); Route::filter('owner', function ($route, $request) { if (Auth::check()) {
$hashView = 'Folder (' . $kf->getFolderTitle($currentHash) . '): <span id="nb-unread">' . $unread . '</span><span class="hidden-phone"> ' . Intl::msg('unread items') . '</span>'; break; default: $hashView = '<span id="nb-unread">' . $unread . '</span><span class="hidden-phone"> ' . Intl::msg('unread items') . '</span>'; break; } $menu = $kfc->getMenu(); $paging = $kfc->getPaging(); $pb->assign('menu', $menu); $pb->assign('paging', $paging); $pb->assign('currentHashType', $currentHashType); $pb->assign('currentHashView', $hashView); $pb->assign('currentPage', (int) $currentPage); $pb->assign('maxPage', (int) $maxPage); $pb->assign('currentItemHash', $currentItemHash); $pb->assign('nbItems', $nbItems); $pb->assign('items', $listItems); if ($listFeeds == 'show') { $pb->assign('feedsView', $kf->getFeedsView()); } $pb->assign('pagetitle', strip_tags($kfc->title)); $pb->renderPage('index'); } else { $pb->assign('pagetitle', Intl::msg('Sign in') . ' - ' . strip_tags($kfc->title)); if (!empty($_SERVER['QUERY_STRING'])) { $pb->assign('referer', MyTool::getUrl() . '?' . $_SERVER['QUERY_STRING']); } $pb->assign('token', Session::getToken()); $pb->renderPage('login'); } }
'">Ban</button> <?php } else { ?> <button class="btn btn-default" type="button" onClick="location.href='<?php echo e(route('sentinel.users.unban', array($user->hash))); ?> '">Un-Ban</button> <?php } ?> <button class="btn btn-default action_confirm" href="<?php echo e(route('sentinel.users.destroy', array($user->hash))); ?> " data-token="<?php echo e(Session::getToken()); ?> " data-method="delete">Delete</button> </td> </tr> <?php } ?> </tbody> </table> </div> </div> <div class="row"> <?php echo $users->render(); ?>
<?php $items = $class::where('username', 'like', "%{$pattern}%")->orWhere('mobile', 'like', "%{$pattern}%")->orWhere('email', 'like', "%{$pattern}%")->paginate(20); foreach ($items as $item) { $item->_modal_field = $field; } $table = new KTable(); $table->th('姓名')->functional(function ($user) { return e($user->username); })->th('邮件')->functional(function ($user) { return e($user->email); })->th('手机')->functional(function ($user) { return e($user->mobile); })->th('选择')->functional(function ($user) use($action) { $url = URL::action($action); $token = Session::getToken(); $btn = <<<BTN <a class="btn btn-sm btn-success" onclick="javascript:modal_select_this_one_btn(this)" data-attr-id="{$user->id}" data-attr-url="{$url}" data-csrf-token="{$token}" href="javascript:;"><span class="glyphicon glyphicon-plus"></span></a> BTN; return $btn; }); $table->itemsToTbody($items); echo $table->draw();
function __construct() { parent::__construct('_token', \Session::getToken()); $this->attributes['type'] = 'hidden'; }
/** * Generate a hidden field containing the current CSRF token. * * @return string */ public function token() { $csrf = $this->session->getToken(); return (string) $this->app['former']->hidden('_token', $csrf); }
} # Start session Session::$sessionName = 'poche'; Session::init(); # Start Poche $poche = new Poche(); $notInstalledMessage = $poche->getNotInstalledMessage(); # Parse GET & REFERER vars $referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']; $view = Tools::checkVar('view', 'home'); $action = Tools::checkVar('action'); $id = Tools::checkVar('id'); $_SESSION['sort'] = Tools::checkVar('sort', 'id'); $url = new Url(isset($_GET['url']) ? $_GET['url'] : ''); # vars to _always_ send to templates $tpl_vars = array('referer' => $referer, 'view' => $view, 'poche_url' => Tools::getPocheUrl(), 'title' => _('wallabag, a read it later open source system'), 'token' => Session::getToken(), 'theme' => $poche->getTheme()); if (!empty($notInstalledMessage)) { if (!Poche::$canRenderTemplates || !Poche::$configFileAvailable) { # We cannot use Twig to display the error message echo '<h1>Errors</h1><ol>'; foreach ($notInstalledMessage as $message) { echo '<li>' . $message . '</li>'; } echo '</ol>'; die; } else { # Twig is installed, put the error message in the template $tpl_file = Tools::getTplFile('error'); $tpl_vars = array_merge($tpl_vars, array('msg' => $poche->getNotInstalledMessage())); echo $poche->tpl->render($tpl_file, $tpl_vars); exit;
<script type="text/ng-template" id="tickets.html"> <div class="tickets" id="ticketsRoot" data-token="<?php echo Session::getToken(); ?> " ng-controller="TicketController"> <div class="no-tickettypes" ng-hide="!$root.promoter_events.length || $root.promoter_events[$root.event_ndx].ticket_types.length"> <div class="row"> <div class="col-xs-12"> <h4 class="text-center">There are no ticket types defined for the current Event</h4> <p><a href="mailto:andre@eenvoudmedia.nl?subject=No Ticket Types">Contact Alda</a></p> </div> </div> </div> <div class="container tickets-wrapper" ng-show="$root.promoter_events.length && $root.promoter_events[$root.event_ndx].ticket_types.length"> <div class="row"> <div class="col-xs-10 col-xs-offset-1 col-sm-offset-0"> <button title="Dashboard" class="details-btn-sel" ng-click="selectEventView('form.dashboard');$root.active_dashboard_btn=true;" ng-class="$root.active_dashboard_btn ? 'active' : ''"> <span class="fa fa-list"></span> </button> <button title="Venue Details" class="details-btn-sel" ng-click="selectEventView('form.event_venue');$root.active_venue_btn=true;" ng-class="$root.active_venue_btn ? 'active' : ''"> <span class="fa fa-institution"></span> </button> <button title="Event Details" class="details-btn-sel" ng-click="selectEventView('form.event_hospitality');$root.active_event_btn=true;" ng-class="$root.active_event_btn ? 'active' : ''"> <span class="fa fa-plane"></span> </button> <button title="Event Ticket Sales" class="details-btn-sel" ng-click="selectEventView('form.tickets');$root.active_tickets_btn=true;" ng-show="$root.promoter_events[$root.event_ndx].ticket_types.length" ng-class="$root.active_tickets_btn ? 'active' : ''">
/* |-------------------------------------------------------------------------- | CSRF Protection Filter |-------------------------------------------------------------------------- | | The CSRF filter is responsible for protecting your application against | cross-site request forgery attacks. If this special token in a user | session does not match the one given in this request, we'll bail. | */ Route::filter('csrf', function () { // Check ajax requests for token validity via the header. // app.js has the code to grab form tokens and put it in // a header, well validate it here if its a post AJAX if (Request::ajax() && Request::getMethod() == 'POST') { if (Session::getToken() != Request::header('X-CSRF-Token')) { throw new Illuminate\Session\TokenMismatchException(); } } else { if (Request::getMethod() == 'POST' && Session::token() != Input::get('_token')) { throw new Illuminate\Session\TokenMismatchException(); } } }); /* |-------------------------------------------------------------------------- | Key Required Filter |-------------------------------------------------------------------------- | | The following filters is used to ensure that routes that require a key | to have usefull information have valid keys to show information for
function parrainer() { if (!$this->session->islogged()) { $this->redirect("?membre/login"); } $erreurs = array(); $notifications = array(); $soumis = $this->request->data ? $this->request->data : null; $form = array('mail' => ''); if (Session::getToken('parrainage') === false) { Session::addToken(array('name' => 'parrainage', 'limit_time' => 10 * 60, 'time' => time())); } $token = Session::getToken('parrainage'); if ($soumis) { // à ce niveau, le formulaire a été envoyé. /* Si la requete provient d'un autre site ou n'a pas de http_referer (a été directement écrite dans l'url) * on la rejette illico */ //on rejette les requetes extérieures ou tapées dans l'url ou par un autre moyen que post if ($this->request->is('no-origin') || !Session::isValidToken('parrainage')) { $message = conf::DEBUG ? 'Erreur [MEM ' . __LINE__ . '] : La requête a échouée. Veuillez réactualiser la page.' : 'Le jeton CRSF a expiré. Veuillez réactualiser la page.'; $this->error($message); return false; } //on vérifie aussi que le token enregistré et celui envoyé sont les mêmes if ($token['value'] !== $soumis['token']) { $this->redirect('?membre/parrainer/'); } if (empty($erreurs)) { $_SESSION['saveform'] = $soumis; unset($soumis); $this->redirect('?membre/parrainer/'); } } if (isset($_SESSION['saveform'])) { $soumis = $_SESSION['saveform']; unset($_SESSION['saveform']); if (!Session::isValidToken('parrainage')) { $this->error("Le temps de soumission est dépassé. Veuillez recharger la page."); return false; } $form = array('mail' => PregFucntions::sanitize_string($soumis['mail'])); //on s'assure que le mail est inexistant dans la table des membres $find = $this->membre->find(array('conditions' => 'mem_mail = ' . $form['mail'], 'fecthMethod' => PDO::FETCH_ASSOC)); if ($find) { $erreurs[] = "Le mail est déjà utilisé."; } if (!(substr($form['mail'], strrpos($form['mail'], '@')) === '@eleves.ec-nantes.fr')) { $erreurs[] = "Vous n'êtes pas de l'école Centrale. Il vous faut un mail du type xxx@eleves.ec-nantes.fr"; } if (empty($erreurs)) { // ajout à la table parrainage $token_de_validation = Session::genereToken(); $this->membre->add(array('tables' => ' parrainage ', 'values' => " " . Functions::squote($_SESSION['membre']['mem_id']) . ",'-1'" . "," . Functions::squote($form['mail']) . "," . "NOW()" . ",'0'" . "," . Functions::squote($token_de_validation))); //Envoyer le mail au fillot if ($this->mail(array('config' => 'nacder.net', 'destinataire' => $form['mail'], 'expediteur' => Conf::$mail['default']['no-reply'], 'aliasExpediteur' => constant('site_i_name'), 'objet' => "[" . constant('site_i_name') . "] - Confirmez votre parrainage", 'message' => Mail::_messageParrainage(array('parrain_login' => $_SESSION['membre']['mem_login'], 'parrain_mail' => $_SESSION['membre']['mem_mail'], 'fillot_mail' => $form['mail'], 'mem_token' => $token_de_validation, 'logo' => Conf::$mail['default']['logo']))))) { $notifications[] = "Votre requête a été transmise."; } else { $erreurs[] = "La requête n'a pas pu être envoyée à l'adresse donnée."; } } Session::addToken(array('name' => 'parrainage', 'limit_time' => 10 * 60, 'time' => time())); } $variables['soumis'] = $soumis; $variables['erreurs'] = $erreurs; $variables['notifications'] = $notifications; $form['token'] = $token['value']; $variables['form'] = $form; $this->myrender(array('menu' => 'menu', 'title' => 'Espace Parrainage', 'view' => 'parrainage', 'variables' => $variables)); }
/** * Compiles a view given a view name and context. Does not print to the screen. * * The context for the page will be user the "page" key. * So for example a "user" array passed as the context will * be available as {{ page.user }} * * @param string $name The name of the view. * @param mixed $context The context to use in compilation. */ public static function compileView($name, $context = null) { self::initialize(); if ($context == null) { $context = array(); } $context = array_merge(array('_token' => Session::getToken(), 'app' => array('alerts' => Log::getAlerts(), 'notices' => Log::getNotices())), array('page' => $context)); return self::$twig->render($name . '.html.twig', $context); }
<?php /* |-------------------------------------------------------------------------- | Application Routes |-------------------------------------------------------------------------- | | Here is where you can register all of the routes for an application. | It's a breeze. Simply tell Laravel the URIs it should respond to | and give it the Closure to execute when that URI is requested. | */ Route::get('registration/company', function () { return Response::JSON(['test' => Session::getToken()]); }); Route::get('/test', function () { $event_date = '2015-10-13'; $task = (object) ['deadline_days_gap' => -2]; $new_deadline = strtotime(-$task->deadline_days_gap . ' days', strtotime($event_date)); echo date('Y-m-d', $new_deadline); return; $hotel = Hotel::find(4); Debugbar::info($hotel); $venue = Venue::find(77); $hospitality = $venue->hospitality; Debugbar::info($hospitality); $first_hotel = $hospitality->first_hotel_option()->associate($hotel); $first_hotel = $hospitality->first_hotel_option()->get(); Debugbar::info($first_hotel); echo 'test'; });
$error_message = $errors->first($name, ':message'); } } return $error_message; } function have_error($form, $name) { $errors = $form->get_errors(); if (!is_null($errors) && is_object($errors)) { return $errors->has($name); } return false; } Xform::include_all(function () { return Xform::template('div', function ($form) { $form->hidden('csrf_token')->value(Session::getToken()); $form->setClass('token'); }); }); Xform::macro('show_input_error', function ($name, $message = null) { return Xform::template('span', function ($form) use($name, $message) { $error_message = get_form_error_message($form, $name); if (!is_null($error_message)) { $form->putText($error_message); //$form->setRootAttr('data-title',$error_message); $form->setClass('help-block text-error'); } else { $form->putText($message); $form->setClass('help-block'); } });
public static function importTpl() { extract(FeedPage::$var); ?> <!DOCTYPE html> <html> <head> <?php FeedPage::includesTpl(); ?> </head> <body> <div class="container-fluid"> <div class="row-fluid"> <div class="span4 offset4"> <?php FeedPage::statusTpl(); ?> <?php FeedPage::navTpl(); ?> <form class="form-horizontal" method="post" action="?import" enctype="multipart/form-data" name="importform"> <fieldset> <legend><?php echo Intl::msg('Import opml file'); ?> </legend> <div class="control-group"> <label class="control-label" for="filetoupload"><?php echo Intl::msg('Opml file:'); ?> </label> <div class="controls"> <input tabindex="1" class="btn" type="file" id="filetoupload" name="filetoupload"> <span class="help-block"><?php echo Intl::msg('Size max:'); ?> <?php echo MyTool::humanBytes(MyTool::getMaxFileSize()); ?> </span> </div> </div> <div class="control-group"> <div class="controls"> <label for="overwrite"> <input type="checkbox" name="overwrite" id="overwrite"> <?php echo Intl::msg('Overwrite existing feeds'); ?> </label> </div> </div> <div class="control-group"> <div class="controls"> <input class="btn" type="submit" name="import" value="<?php echo Intl::msg('Import opml file'); ?> "> <input class="btn" type="submit" name="cancel" value="<?php echo Intl::msg('Cancel'); ?> "> </div> </div> <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo MyTool::getMaxFileSize(); ?> "> <input type="hidden" name="returnurl" value="<?php echo $referer; ?> " /> <input type="hidden" name="token" value="<?php echo Session::getToken(); ?> "> </fieldset> </form> </div> </div> </div> </body> </html> <?php }
private function install() { Tools::logm('poche still not installed'); echo $this->tpl->render('install.twig', array('token' => Session::getToken(), 'theme' => $this->getTheme(), 'poche_url' => Tools::getPocheUrl())); if (isset($_GET['install'])) { if ($_POST['password'] == $_POST['password_repeat'] && $_POST['password'] != "" && $_POST['login'] != "") { # let's rock, install poche baby ! if ($this->store->install($_POST['login'], Tools::encodeString($_POST['password'] . $_POST['login']))) { Session::logout(); Tools::logm('poche is now installed'); Tools::redirect(); } } else { Tools::logm('error during installation'); Tools::redirect(); } } exit; }
<?php $datas = $dsp->var['param']['datas']; $param = $dsp->var['param']; ?> {{ openContent($param['titre']) }} <?php // Open Form Xform::form('route', 'domaine.create'); // Hidden Xform::startRow('hidden'); Xform::addText('_token', 'x', Session::getToken(), 2); Xform::addText('id', 'ID', $datas->id, 2); Xform::addText('backUrl', '', $param['backUrl']); Xform::addText('user_id', 'USER_ID', Auth::user()->id, 1); Xform::endRow(); // Get Fields Xform::startRow(); Xform::addText('nom', 'Nom du domaine', $datas->nom, 5); Xform::endRow(); Xform::startRow(); Xform::addText('url', 'Url', $datas->url, 5); Xform::endRow(); Xform::startRow(); Xform::addSelect('typedomaine_id', Typedomaine::lists('libelle', 'id'), 'Type', $datas->typedomaine_id, 2); Xform::endRow(); // Buttons Xform::addSubmit(); Xform::addCancel($param['backUrl']);
private function _install() { if (!empty($_POST['setlogin']) && !empty($_POST['setpassword'])) { $this->setSalt(sha1(uniqid('', true) . '_' . mt_rand())); $this->setLogin($_POST['setlogin']); $this->setHash($_POST['setpassword']); $this->write(); FeedPage::$pb->assign('pagetitle', 'KrISS feed installation'); FeedPage::$pb->assign('class', 'text-success'); FeedPage::$pb->assign('message', Intl::msg('Your simple and smart (or stupid) feed reader is now configured.')); FeedPage::$pb->assign('referer', MyTool::getUrl() . '?import'); FeedPage::$pb->assign('button', Intl::msg('Continue')); FeedPage::$pb->renderPage('message'); } else { FeedPage::$pb->assign('pagetitle', Intl::msg('KrISS feed installation')); FeedPage::$pb->assign('token', Session::getToken()); FeedPage::$pb->renderPage('install'); } exit; }
?> <option style="color:brown; font-weight: bold; background-color: lightgrey" value="" disabled>EI3</option> <?php foreach ($list_ue['ei3'] as $u) { if ($u) { echo "<option value='" . $u['net_nom'] . "' class='centered' >" . strtoupper($u['net_nom']) . " - " . $u['net_description'] . "</option>"; } } ?> </select> <select class="form-control" name="catg" required > <option value="" disabled >Catégorie</option> <?php foreach ($list_catg as $k => $v) { echo "<option value='" . $k . "' >" . strtoupper($k) . " - " . $v . "</option>"; } ?> </select> <input class="form-control" name="fichier" type="file" required /> <?php $t = Session::getToken('uploadDefichier'); ?> <input name="token" type="hidden" value="<?php echo $t['value']; ?> " /> <br/> <input class="btn btn-md btn-primary btn-block" name="submitted" type="submit" value="Envoyer"/> </form> </div>
function view($age, $eix, $ue, $dir = null) { if (!$this->session->islogged()) { $this->redirect("?membre/login"); } $thisDir = $age . DS . $eix . DS . $ue . DS . $dir; $dir = isset($dir) ? $dir : ''; $dir = urldecode(trim(str_replace('~', '/', $dir), '/')); $path = $age == 'a' ? 'filesOld' : 'files'; //a ancien $path .= strtolower(DS . 'ei' . $eix . DS . $ue . DS . (!empty($dir) ? $dir . DS : '')); $directory = array(); $files = array(); $link_switch = '?download/view' . DS . (strtolower($age) == 'a' ? 'n' : 'a') . DS . $eix . DS . $ue; $link_hyper_racine = '?download/view' . DS . $age . DS . $eix . DS . $ue; //$n = strrpos(substr($dir,0,strlen($dir)-1),'/'); // Ex : dir= sds'/'dsds/ ==> n=3 switch (strtolower($age)) { case 'a': $link_racine = $link_hyper_racine . DS; $link_racine .= str_replace('/', '~', $dir) . '~'; //($n) ? substr($dir,0,$n) : ''; $m = strrpos(trim($dir, '/'), '/'); $link_up = $link_hyper_racine . DS . substr(trim($dir, '/'), 0, $m); $link_download = '?download/view' . DS . $age . DS . $eix . DS . $ue; $path = '../' . $path; // Répertoire pour l'ancienne version du kit $ispath = is_dir($path); //echo $path.' '.$ispath; //var_dump($ispath); var_dump($path); if ($ispath) { $ret = array(); $ret_files = array(); $dossier = opendir($path); while (false !== ($fichier = readdir($dossier))) { if ($fichier != '.' && $fichier != '..' && $fichier != 'index.php') { if (is_dir($path . $fichier)) { array_push($ret, array("doc_path" => $fichier)); } else { //création du tokken Session::addToken($fichier); $token = Session::getToken($fichier); //récupération des infos sur le fichier (vielle version => table oldfiles) $tmpFile = $this->document->findFirst(array('tables' => " openu_oldfiles ", 'conditions' => " path LIKE '%" . $path . $fichier . "%'", 'fecthMethod' => PDO::FETCH_ASSOC)); array_push($ret_files, array("doc_id" => !empty($tmpFile['id']) ? $tmpFile['id'] : 0, "doc_name" => utf8_encode($fichier), "doc_path" => $path, "doc_date" => date('d m Y ', filemtime($path . $fichier)), "doc_size" => Functions::human_filesize(filesize($path . $fichier)), "doc_year" => $eix, "doc_ue" => $ue, "doc_catg" => '', "doc_url" => '?download/load/' . $age . DS . $eix . DS . $ue . DS . (!empty($dir) ? str_replace('/', '~', $dir) : 'dir') . DS . $token['value'], "doc_code" => '', "doc_valid" => '', "doc_av_plus" => !empty($tmpFile['av_plus']) ? $tmpFile['av_plus'] : 0, "doc_av_moins" => !empty($tmpFile['av_moins']) ? $tmpFile['av_moins'] : 0, "doc_hits" => !empty($tmpFile['hits']) ? $tmpFile['hits'] : 0)); } } } $directory = $ret; $i = 0; foreach ($directory as $d) { if ($d) { $directory[$i]['doc_path'] = str_replace($path, "", $d['doc_path']); $t = explode('/', $directory[$i]['doc_path']); $directory[$i]['dir'] = $t[0]; $i++; } } $files = $ret_files; } break; case 'n': if (!($ok = $this->document->findFirst(array('tables' => 'reseau', 'conditions' => "net_niveau = " . $eix . " AND net_nom = " . Functions::squote($ue))))) { $message = Conf::DEBUG ? "Erreur [" . get_class($this) . " " . __LINE__ . "] : Un des paramètres n'est pas configuré." : "Le répertoire de cours n'existe pas ou n'a pas encore été créé."; $this->error($message); exit; } $link_racine = $link_hyper_racine . DS; //$link_racine .= $dir; $m = strrpos(trim($dir, '/'), '/'); $link_up = $link_hyper_racine . DS . substr(trim($dir, '/'), 0, $m); $directory = $this->document->find(array('tables' => " openu_files ", 'champs' => " DISTINCT catg ", 'conditions' => " year = " . $eix . " AND ue = " . Functions::squote($ue) . (!empty($dir) ? " AND catg != " . Functions::squote($dir) : ""), 'order' => " name ASC ", 'fecthMethod' => PDO::FETCH_ASSOC)); $i = 0; foreach ($directory as $d) { if ($d) { $directory[$i]['dir'] = $directory[$i]['catg']; $i++; } } $files = $this->document->find(array('tables' => " openu_files ", 'conditions' => " year = " . $eix . " AND ue = " . Functions::squote($ue) . " AND catg = " . Functions::squote($dir), 'order' => " name ASC ", 'fecthMethod' => PDO::FETCH_ASSOC)); $j = 0; foreach ($files as $d) { if ($d) { $files[$j]['doc_size'] = Functions::human_filesize($d['size']); $files[$j]['doc_url'] = '?download/downloadFinished/' . $files[$j]['id'] . '/0/0'; // le controller download a besoin de 3 parametres par defaut pour fonctionner //$files[$j]['doc_url'] = OPENUPLOADDIR.DS.'?action=d&id='.$files[$j]['id']; $j++; } } break; default: $message = Conf::DEBUG ? "Erreur [" . get_class($this) . " " . __LINE__ . "] : Un des paramètres n'est pas configuré." : "Le répertoire de cours n'existe pas ou n'a pas encore été créé."; $this->error($message); exit; break; } $variables['thisDir'] = $thisDir; $variables['link_up'] = $link_up; $variables['link_switch'] = $link_switch; $variables['link_hyper_racine'] = $link_hyper_racine; $variables['link_racine'] = $link_racine; $variables['age'] = $age; $variables['directory'] = $directory; $variables['files'] = $files; //informations sur le cours (= réseau) $t = $this->reseau->find(array('conditions' => " net_nom = '" . strtolower($ue) . "'")); $variables['ue_nom_for_layout'] = $ue; $variables['ue_description_for_layout'] = $t[0]->net_description; //on vérifie si l'utilisateur est déjà inscrit à ce cours $reseau_membre = $this->reseau->findFirst(array('tables' => " reseau_membre ", 'conditions' => " net_id = '" . $t[0]->net_id . "' AND mem_id = " . $_SESSION['membre']['mem_id'])); $variables['est_inscrit'] = $reseau_membre !== false && !empty($reseau_membre); //liste des inscrits à ce cours $listeInscrits = $this->reseau->find(array('tables' => " reseau_membre rm NATURAL JOIN membre m", 'champs' => ' DISTINCT m.mem_id, m.mem_login ', 'conditions' => " rm.net_id = " . $t[0]->net_id . "", 'fecthMethod' => PDO::FETCH_ASSOC)); $variables['listeInscrits'] = $listeInscrits !== false && !empty($listeInscrits) ? $listeInscrits : null; $list = Script::_multi_script(array(array('type' => '_query', 'action' => 'click', 'element' => '#modal_inscription', 'name' => 'modal_inscription', 'parameters' => 'id', 'code' => 'setTimeout("window.location.reload()",1000);', 'toReload' => '#rien', 'query' => urlencode($t[0]->net_id . ':' . $_SESSION['membre']['mem_id']), 'reponse' => '#reponse_modal_inscription', 'method' => 'GET', 'url' => '?ajax/inscription_reseau/', 'time' => '3000'))); /*Les champs obligatoires pour le type _query : toReload, "query, #element, #reponse , "method, "url*/ $variables['mesScripts'] = $list['s']; //définitions des fonctions => dans le header $variables['mesScriptsFunc'] = $list['d']; // appels des fonctions définis => dans le footer $this->myrender(array('menu' => 'menu', 'title' => strtoupper($ue), 'view' => 'view', 'variables' => $variables)); }
return Auth::basic(); }); Route::filter('guest', function () { if (Auth::check()) { return Redirect::to('user/login/'); } }); Entrust::routeNeedsRole('admin*', array('admin'), Redirect::to('/nopermission')); Entrust::routeNeedsPermission('admin/slugs*', 'manage_blogs', Redirect::to('/admin')); Entrust::routeNeedsPermission('admin/comments*', 'manage_comments', Redirect::to('/admin')); Entrust::routeNeedsPermission('admin/users*', 'manage_users', Redirect::to('/admin')); Entrust::routeNeedsPermission('admin/roles*', 'manage_roles', Redirect::to('/admin')); Entrust::routeNeedsPermission('admin/settings*', 'manage_settings', Redirect::to('/admin')); Entrust::routeNeedsPermission('admin/search*', 'site_search', Redirect::to('/admin')); Entrust::routeNeedsPermission('admin/todos*', 'manage_todos', Redirect::to('/admin')); Route::filter('csrf', function () { if (Session::getToken() != Input::get('csrf_token') && Session::getToken() != Input::get('_token')) { return Redirect::to('invalidtoken'); } }); Route::filter('detectLang', function ($route, $request, $lang = 'auto') { if ($lang != "auto" && in_array($lang, Config::get('app.available_language'))) { Config::set('app.locale', $lang); } else { $browser_lang = !empty($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? strtok(strip_tags($_SERVER['HTTP_ACCEPT_LANGUAGE']), ',') : ''; $browser_lang = substr($browser_lang, 0, 2); $userLang = in_array($browser_lang, Config::get('app.available_language')) ? $browser_lang : Config::get('app.locale'); Config::set('app.locale', $userLang); App::setLocale($userLang); } });
function index() { if (!$this->session->islogged()) { $this->redirect("?membre/login"); } //on crée le jeton s'il n'existe pas if (Session::getToken('uploadDefichier') === false) { Session::addToken(array('name' => 'uploadDefichier', 'limit_time' => 10 * 60, 'time' => time())); } $soumis = null; $erreurs = array(); $notifications = array(); /* petite manipulation pour éviter les soumissions multiples de formulaire ... * le souci avec cette méthode c'est qu'elle ne préserve pas le fichier téléchargé après la redirection * il faut donc le sauvegarder avant de rediriger. La sauvegarde s'effectue dans un fichier temporaire * sous condition que le fichier soit valide */ if ($this->request->data) { $soumis = $this->request->data; $soumisfile = $this->request->datafile; /* à ce niveau, le formulaire a été envoyé. * Si la requete provient d'un autre site ou n'a pas de http_referer (a été directement écrite dans l'url) * on la rejette illico */ if ($this->request->is('external') || $this->request->is('no-origin') || !Session::isValidToken('uploadDefichier')) { $message = 'Erreur [DLU ' . __LINE__ . '] : La requête a échouée. Veuillez réactualiser la page.'; $this->error($message); return false; } $t = Session::getToken('uploadDefichier'); if ($t['value'] !== $soumis['token']) { $erreurs[] = "Le formulaire n'est plus valide."; } // on sauvegarde le fichier avec les seuls droits de lecture si la taille est bonne et aucune erreur détectée $upload_max_file = PregFucntions::return_bytes(ini_get('upload_max_filesize')); $size = filesize($soumisfile['fichier']['tmp_name']); if (empty($erreurs) && $size <= $upload_max_file) { $valid = $this->anyErrorFile($soumisfile['fichier']['error']); if ($valid) { $name = $soumisfile['fichier']['name']; $path = UPLOADS . DS . $soumisfile['fichier']['name']; if ($this->moveFile($soumisfile['fichier']['tmp_name'], $path, 0444)) { $_SESSION['saveform'] = $soumis; $_SESSION['saveformfile'] = $path; unset($soumis); unset($soumisfile); header('Location: ' . Router::url('?upload/index/')); exit; } else { $erreurs[] = "Une erreur est survenue."; $erreurs[] = "Il se pourrait que votre fichier ne respecte pas les règles de sécurité."; } } else { $erreurs[] = $valid; } } else { $erreurs[] = "La limite autorisée est de " . ini_get('upload_max_filesize') . "o"; } } // ... suite de la manipulation et déplacement du fichier vers sa destination finale if (isset($_SESSION['saveform'])) { // à ce niveau, il ne sert à rien de continuer si le jeton est invalide. D'ailleurs on le supprime if (!Session::isValidToken('uploadDefichier')) { $message = "Le temps de soumission est dépassé. Veuillez recharger la page."; $this->error($message); return false; } //récupération des données et suppression des varibles de session $soumis = $_SESSION['saveform']; $soumisfile = $_SESSION['saveformfile']; unset($_SESSION['saveform']); unset($_SESSION['saveformfile']); //on récupère les données du formulaire $form = array('year' => $soumis['year'], 'ue' => $soumis['ue'], 'catg' => strtolower($soumis['catg']), 'name' => basename($soumisfile), 'size' => filesize($soumisfile), 'path' => 'files/ei' . $soumis['year'] . '/' . $soumis['ue'] . '/' . $soumis['catg'] . '/', 'code' => Session::genereToken(), 'valid' => 0); // On s'assure que le token généré est unique dans la base de données while ($this->document->find(array('conditions' => 'doc_code=\'' . $form['code'] . '\'', 'fecthMethod' => PDO::FETCH_ASSOC))) { $form['code'] = Session::genereToken(); } //on s'assure que le cours corrsepond à l'année Ex: algpr => ei1 $find = $this->reseau->find(array('conditions' => 'net_niveau = ' . $form['year'] . ' AND net_nom = ' . Functions::squote($form['ue']) . ' ', 'fecthMethod' => PDO::FETCH_ASSOC)); if ($find) { //On place les fichiers au bon endroit $path = DWLOADS_short . DS . $form['path'] . $form['name']; if ($this->renameFile($soumisfile, $path)) { /* Puisque le fichier a déjà été contrôlé, on l'ajoute aisément dans la base de données puis dans le * bon répertoire, mais avec le statut non approuvé par l'admin, soit mem_etat = 0 */ if ($this->document->add(array('values' => " ''," . Functions::squote($form['name']) . "," . Functions::squote($form['path']) . "," . $form['size'] . "," . $form['year'] . "," . Functions::squote($form['ue']) . "," . Functions::squote($form['catg']) . "," . Functions::squote($form['code']) . ",0,NOW()")) === true) { $notifications[] = "Votre fichier a bien été uploadé sous le nom : " . $form['name']; $notifications[] = "Votre fichier a bien été uploadé et attend d'être validé. "; } else { $erreurs[] = "[1] Une erreur est survenue lors de la migration des fichiers."; } } else { $erreurs[] = "[2] Une erreur est survenue lors de la migration des fichiers."; } } else { $erreurs[] = "Le module mentionné ne correspond pas à l'année choisie."; chmod($soumisfile, 0777); unlink($soumisfile); } //Une fois le formulaire soumis, on génère un nouveau jeton, et ce quelque soit l'issue (formulaire validé ou non, envoyé ou non) Session::addToken(array('name' => 'uploadDefichier', 'limit_time' => 10 * 60, 'time' => time(), 'erase' => true)); } $list_ue['ei1'] = $this->reseau->find(array('conditions' => 'net_niveau=1', 'fecthMethod' => PDO::FETCH_ASSOC)); $list_ue['ei2'] = $this->reseau->find(array('conditions' => 'net_niveau=2', 'fecthMethod' => PDO::FETCH_ASSOC)); $list_ue['ei3'] = $this->reseau->find(array('conditions' => 'net_niveau=3', 'fecthMethod' => PDO::FETCH_ASSOC)); $list_catg = array('ds' => 'Enoncés de Devoirs Surveillés', 'dsc' => 'Corrigés de Devoirs Surveillés', 'ta' => 'Travaux en Autonomie', 'tp' => 'Travaux Pratiques'); if (empty($list_ue)) { $message = Conf::DEBUG ? "Erreur [" . get_class($this) . " " . __LINE__ . "]." : "Erreur [ DLU " . __LINE__ . " ] : un problème est survenu lors du chargement de la page."; $this->error($message); } $variables['soumis'] = $soumis; $variables['erreurs'] = $erreurs; $variables['notifications'] = $notifications; $variables['list_ue'] = $list_ue; $variables['list_catg'] = $list_catg; $this->myrender(array('menu' => 'menu', 'title' => 'Espace Upload', 'view' => 'index', 'variables' => $variables)); unset($soumis); unset($soumisfile); }