function login_POST(Web &$w) { if ($_POST['login'] && $_POST['password']) { $client_timezone = "Australia/Sydney"; //$_POST['user_timezone']; $user = $w->Auth->login($_POST['login'], $_POST['password'], $client_timezone); if ($user) { if ($w->session('orig_path') != "auth/login") { $url = $w->session('orig_path'); $w->Log->debug("Original path: " . $url); // If no url specified, go to the users defined url if (empty($url) || $url == "/") { $url = $user->redirect_url; } $w->sessionUnset('orig_path'); $w->redirect($w->localUrl($url)); } else { $w->redirect(!empty($user->redirect_url) ? $w->localUrl($user->redirect_url) : $w->localUrl()); } } else { $w->error("Login or Password incorrect", "/auth/login"); } } else { $w->error("Please enter your login and password", "/auth/login"); } }
function attach_POST(Web &$w) { $table = $w->request('table'); $id = $w->request('id'); $title = $w->request('title'); $description = $w->request('description'); $type_code = $w->request('type_code'); $url = str_replace(" ", "/", $w->request('url')); $object = $w->Auth->getObject($table, $id); if (!$object) { $w->error("Nothing to attach to.", $url); } $aid = $w->service("File")->uploadAttachment("file", $object, $title, $description, $type_code); if ($aid) { $w->ctx('attach_id', $aid); $w->ctx('attach_table', $table); $w->ctx('attach_table_id', $id); $w->ctx('attach_title', $title); $w->ctx('attach_description', $description); $w->ctx('attach_type_code', $type_code); $w->msg("File attached.", $url); } else { $w->error("There was an error. Attachment could not be saved.", $url); } }
function edit_POST(Web $w) { $p = $w->pathMatch("id"); $processor_id = $p["id"]; // Break the selected processor up into module and class $processor_class = $w->request("processor_class"); $processor_expl = explode(".", $processor_class); // Make sure we only have two values if (count($processor_expl) !== 2) { $w->error("Missing Processor values", "/channels/listprocessors"); exit; } // make sure the selected class exists in config if (!in_array($processor_expl[1], $w->moduleConf($processor_expl[0], "processors"))) { $w->error("Could not find processor in config", "/channels/listprocessors"); exit; } $processor_object = $processor_id ? $w->Channel->getProcessor($processor_id) : new ChannelProcessor($w); $processor_object->fill($_POST); $processor_object->channel_id = $w->request("channel_id"); $processor_object->module = $processor_expl[0]; $processor_object->class = $processor_expl[1]; $processor_object->insertOrUpdate(); $w->msg("Processor " . ($processor_id ? "updated" : "created"), "/channels/listprocessors"); }
function editworkentry_POST(Web $w) { list($workentry_id) = $w->pathMatch("id"); if (empty($workentry_id)) { $w->error("Missing an ID"); } $we = $w->Bend->getWorkEntryForId($workentry_id); if (empty($we)) { $w->error("No work entry found for this id: " . $workentry_id); } $we->fill($_POST); if (empty($we->user_id)) { $we->user_id = $w->Auth->user()->id; } // now get the category if (!empty($_POST['category_3'])) { $we->bend_work_category_id = $_POST['category_3']; } else { if (!empty($_POST['category_2'])) { $we->bend_work_category_id = $_POST['category_2']; } else { if (!empty($_POST['category_1'])) { $we->bend_work_category_id = $_POST['category_1']; } } } // TODO check work period, etc. $we->update(); $w->msg("Work hours recorded", "/bend-workhours/list"); }
function delete_ALL(Web $w) { $p = $w->pathMatch("id"); if (empty($p['id'])) { $w->error("Group not found", "/admin-groups"); } $group = $w->Auth->getUser($p['id']); if (empty($group->id)) { $w->error("Group not found", "/admin-groups"); } $group->delete(); $roles = $group->getRoles(); if (!empty($roles)) { foreach ($roles as $role) { $group->removeRole($role); } } $members = $w->Auth->getGroupMembers($option['group_id']); if ($members) { foreach ($members as $member) { $member->delete(); } } $w->msg("Group deleted", "/admin-groups"); }
function delete_GET(Web $w) { $p = $w->pathMatch("id"); if (empty($p['id'])) { $w->error("Report template not found", "/report-templates"); } $report_template = $w->Report->getReportTemplate($p['id']); if (empty($report_template->id)) { $w->error("Report template not found", "/report-templates"); } $report_template->delete(); $w->msg("Report template removed", "/reports/edit/{$report_template->report_id}#templates"); }
function delete_GET(Web $w) { $p = $w->pathMatch("id"); if (empty($p["id"])) { $w->error("No connection ID specified", "/report-connections"); } $connection = $w->Report->getConnection($p["id"]); if (empty($connection->id)) { $w->error("Connection could not be found", "/report-connections"); } $connection->delete(); $w->msg("Connection deleted", "/report-connections"); }
function deleteoccupant_GET(Web $w) { list($householdid, $occupantid) = $w->pathMatch("a", "b"); $household = $w->Bend->getHouseholdForId($householdid); if (empty($household)) { $w->error("Household not found"); } $occupant = $w->Bend->getHouseholdOccupantForId($occupantid); if (empty($occupant)) { $w->error("Occupant not found"); } $occupant->delete(); $w->msg("Occupant deleted", "/bend-household/show/{$householdid}"); }
/** * Handle User Edit form submission * * @param <type> $w */ function useredit_POST(Web &$w) { $w->pathMatch("id"); $errors = $w->validate(array(array("login", ".+", "Login is mandatory"))); if ($_REQUEST['password'] && $_REQUEST['password'] != $_REQUEST['password2']) { $error[] = "Passwords don't match"; } $user = $w->Auth->getObject("User", $w->ctx('id')); if (!$user) { $errors[] = "User does not exist"; } if (sizeof($errors) != 0) { $w->error(implode("<br/>\n", $errors), "/admin/useredit/" . $w->ctx("id")); } $user->login = $_REQUEST['login']; $user->fill($_REQUEST); if ($_REQUEST['password']) { $user->setPassword($_REQUEST['password']); } else { $user->password = null; } $user->is_admin = isset($_REQUEST['is_admin']) ? 1 : 0; $user->is_active = isset($_REQUEST['is_active']) ? 1 : 0; $user->update(); $contact = $user->getContact(); if ($contact) { $contact->fill($_REQUEST); $contact->private_to_user_id = null; $contact->update(); } $w->callHook("admin", "account_changed", $user); $w->msg("User " . $user->login . " updated.", "/admin/users"); }
function editlookup_POST(Web &$w) { $p = $w->pathMatch("id", "type"); $err = ""; if ($_REQUEST['type'] == "") { $err = "Please add select a TYPE<br>"; } if ($_REQUEST['code'] == "") { $err .= "Please enter a KEY<br>"; } if ($_REQUEST['title'] == "") { $err .= "Please enter a VALUE<br>"; } if ($err != "") { $w->error($err, "/admin/lookup/?type=" . $p['type']); } else { $lookup = $w->Admin->getLookupbyId($p['id']); if ($lookup) { $lookup->fill($_REQUEST); $lookup->update(); $msg = "Lookup Item edited"; } else { $msg = "Could not find item?"; } $w->msg($msg, "/admin/lookup/?type=" . $p['type']); } }
function showlot_GET(Web $w) { list($id) = $w->pathMatch("id"); if (empty($id)) { $w->error("Need a Lot ID"); } $lot = $w->Bend->getLotForId($id); if (empty($lot)) { $w->error("Lot {$id} does not exist"); } History::add("Bend Lot: " . $lot->lot_number); $lotTable = array(); $lotTable["Lot"] = array(array(array("Lot Number", "static", "", $lot->lot_number), array("Occupancy", "static", "", $lot->occupancy))); $w->ctx("lot", $lot); $w->ctx("lotTable", Html::multiColTable($lotTable)); $w->ctx("owners", $lot->getAllOwners()); $w->ctx("households", $lot->getAllHouseholds()); }
function deletelotowner_GET(Web $w) { list($lotid, $ownerid) = $w->pathMatch("lotid", "ownerid"); if (!empty($lotid)) { $lot = $w->Bend->getLotForId($lotid); } if (empty($lot)) { $w->error("lot not found"); } if (!empty($ownerid)) { $owner = $w->Bend->getBendLotOwnerForId($ownerid); } if (empty($owner)) { $w->error("lot owner not found"); } $owner->delete(); $w->msg("Owner removed.", "bend-lot/showlot/{$lotid}"); }
function deletehousehold_GET(Web $w) { list($lotid, $householdid) = $w->pathMatch("lotid", "housholdid"); if (!empty($lotid)) { $lot = $w->Bend->getLotForId($lotid); } if (empty($lot)) { $w->error("lot not found"); } if (!empty($householdid)) { $household = $w->Bend->getHouseholdForId($householdid); } if (empty($household)) { $w->error("lot owner not found"); } $household->delete(); $w->msg("Household removed.", "bend-lot/showlot/{$lotid}"); }
function deleteprintfile_GET(Web $w) { $filename = strip_tags($_GET["filename"]); if (file_exists($filename)) { unlink($filename); $w->Log->info("File {$filename} deleted"); $w->msg("File deleted", "/admin/printqueue"); } $w->error("Missing filename", "/admin/printqueue"); }
function editcategory_POST(Web $w) { list($id) = $w->pathMatch("a"); $cat = $w->Bend->getWorkCategoryForId($id); if (empty($cat)) { $w->error("no category found", "/bend-workhours/admin"); } $cat->fill($_POST); $cat->update(); $w->msg("Category updated", "/bend-workhours/admin"); }
function deleteprinter_ALL(Web $w) { $p = $w->pathMatch("id"); if (!empty($p["id"])) { $printer = $w->Printer->getPrinter($p["id"]); if (!empty($printer->id)) { $printer->delete(); $w->msg("Printer deleted", "/admin"); } } $w->error("Could not find printer", "/admin"); }
function delete_GET(Web $w) { $p = $w->pathMatch("id"); $id = $p["id"]; if ($id) { $channel = $w->Channel->getEmailChannel($id); $channel->delete(); $w->msg("Channel deleted", "/channels/listchannels"); } else { $w->error("Could not find channel"); } }
function editsettings_POST(Web $w) { $w->setLayout(null); $p = $w->pathMatch("id"); $id = $p["id"]; if (!$id) { $w->error("Missing parameter in request", "/channels/listprocessors"); } // Remove CSRF token from request $post = $_POST; if (!empty($post[CSRF::getTokenID()])) { unset($post[CSRF::getTokenID()]); } $processor = $w->Channel->getProcessor($id); if (empty($processor->id)) { $w->error("Invalid processor ID", "/channels/listprocessors"); } $processor->settings = json_encode($post); $processor->update(); $w->msg("Processor settings saved", "/channels/listprocessors"); }
function editoccupant_GET(Web $w) { list($householdid, $occupantid) = $w->pathMatch("a", "b"); if (empty($householdid)) { $w->error("Need a household ID"); } $household = $w->Bend->getHouseholdForId($householdid); if (empty($household)) { $w->error("Household not found"); } $oc = new BendHouseholdOccupant($w); $contact = new Contact($w); if (!empty($occupantid)) { $oc = $w->Bend->getHouseholdOccupantForId($occupantid); $contact = $oc->getContact(); } $form["Household"] = array(array(array("Street Number", "static", "", $household->streetnumber), array("Is CHL?", "static", "", $household->is_chl ? "yes" : "no"), array("Is Occupied?", "static", "", $household->is_occupied ? "yes" : "no"))); $form["Occupant"] = array(array(array("Occupant From", "date", "d_start", !empty($oc->d_start) ? formatDate($oc->d_start) : ""), array("Occupant To", "date", "d_end", !empty($oc->d_end) ? formatDate($oc->d_end) : "")), array(array("Pays Electricity?", "select", "pays_electricity", $oc->pays_electricity, lookupForSelect($w, "YesNo")), array("Does Workhours?", "select", "does_workhours", $oc->does_workhours, lookupForSelect($w, "YesNo")))); $form["Occupant Contact"] = array(array(empty($oc->user_id) ? array("Select Existing User", "select", "user_id", null, $w->Auth->getUsers()) : array("User", "static", "", $oc->getFullName())), array(array("First Name", "text", "firstname", $contact->firstname), array("Last Name", "text", "lastname", $contact->lastname), array("Email", "text", "email", $contact->email)), array(array("Home Phone", "text", "homephone", $contact->homephone), array("Work Phone", "text", "workphone", $contact->workphone), array("Mobile Phone", "text", "mobile", $contact->mobile))); $w->ctx("form", Html::multiColForm($form, "/bend-household/editoccupant/{$householdid}/{$occupantid}", "POST", "Save")); }
function removewidget_ALL(Web $w) { $p = $w->pathMatch("origin", "id"); // "source", "widget"); $widget = $w->Widget->getWidgetById($p["id"]); //, $p["source"], $p["widget"]); if (empty($widget->id)) { $w->error("Widget not found", "/{$p['origin']}"); } $widget->delete(); $w->msg("Widget removed", "/{$p['origin']}"); }
function showperiod_GET(Web $w) { list($id) = $w->pathMatch("a"); $wp = $w->Bend->getWorkperiodForId($id); if (empty($wp)) { $w->error("Workperiod does not exist", "/bend-workhours/admin"); } History::add("Work Period: " . formatDate($wp->d_start)); $w->ctx("workperiod", $wp); $w->ctx("categories", $w->Bend->getTopLevelWorkCategories()); $w->ctx("households", $w->Bend->getAllHouseholds()); }
function delete_GET(Web $w) { $p = $w->pathMatch("id"); $id = $p["id"]; if ($id) { $processor = $w->Channel->getProcessor($id); $processor->delete(); $w->msg("Processor deleted", "/channels/listprocessors"); } else { $w->error("Could not find processor"); } }
function gitpull_POST(Web $w) { $git = $_POST["git"]; if (empty($_POST["branch"])) { $w->error("Branch missing", "/admin/gitpull"); } if (empty($git)) { $git = "git"; } chdir(ROOT_PATH); echo "<pre>"; echo trim(shell_exec(escapeshellarg($git) . " pull origin " . escapeshellarg($_POST["branch"]))); echo "</pre>"; }
function forgotpassword_POST(Web $w) { $support_email = Config::get('main.company_support_email'); if (empty($support_email)) { $w->Log->error("Cannot send recovery email. This site has not been configured with a default email address. Th project config needs a main.company_support_email record."); $w->error("Cannot send recovery email. This site has not been configured with a default email address", "/auth/login"); } $login = $w->request("login"); $user = $w->Auth->getUserForLogin($login); $responseString = "If this account exists then a password reset email has been just sent to the associated email address."; // For someone trying to gain access to a system, this is one of the // easiest ways to find a valid login, using the security through obscurity // principle, we dont tell them if it was a valid user or not, and we can log if they get it wrong // Note the previous message was "Could not find your account" if (!$user) { $w->msg($responseString, "/auth/login"); } $user_contact = $user->getContact(); // Generate password reset token // We can use the cstrong to check that a cryptographically secure token was generated $token = sha1(openssl_random_pseudo_bytes(40, $cstrong)); $user->password_reset_token = $token; $user->dt_password_reset_at = $user->time2Dt(); $user->update(); // Send email $message = "Hello {$user->getFullName()},\n<br/>"; $message .= "Please go to this link to reset your password:<br/>\n"; $message .= "<a href=\"http://" . $_SERVER["HTTP_HOST"] . "/auth/resetpassword?email={$user_contact->email}&token={$token}\">http://" . $_SERVER["HTTP_HOST"] . "/auth/resetpassword?email={$user_contact->email}&token={$token}</a>\n<br/>You have 24 hours to reset your password.<br/><br/>"; $message .= "Thank you,\n<br/>cmfive support"; $result = $w->Mail->sendMail($user_contact->email, $support_email, Config::get("main.application_name") . " password reset", $message); if ($result !== 0) { $w->msg($responseString, "/auth/login"); } else { $w->error("There was a problem sending an email, check your settings.", "/auth/login"); } // explain }
function test_ALL(Web $w) { $p = $w->pathMatch("id"); if (empty($p["id"])) { $w->error("No connection ID specified", "/report-connections"); } $connection = $w->Report->getConnection($p["id"]); if (empty($connection->id)) { $w->error("Connection could not be found", "/report-connections"); } // Decrypt is called in getDb(), which reencrypts it // $connection->decrypt(); // var_dumP($connection); try { $dbo = $connection->getDb(); echo "Connected to DB<br/>Fetching databases to test connection...<br/>"; $results; switch ($connection->db_driver) { case "pgsql": $results = $dbo->query("SELECT datname FROM pg_database")->fetchAll(); break; case "mysql": $results = $dbo->query("show databases")->fetchAll(); break; } if (!empty($results)) { foreach (array_values($results) as $r) { echo "\t{$r[0]}<br/>"; } } else { echo "No results found"; } } catch (Exception $e) { echo $e->getMessage(); } }
function delete_ALL(Web &$w) { $p = $w->pathMatch("id"); // task is to get updated so gather relevant data $task = $w->Task->getTask($p['id']); // if task exists, continue if (!empty($task->id)) { $task->is_closed = 1; $task->is_deleted = 1; $task->update(); $w->msg("Task: " . $task->title . " has been deleted.", "/task/tasklist/"); } else { $w->error("Task could not be found.", "/task/tasklist/"); } }
function atdel_GET(Web &$w) { $p = $w->pathMatch("id", "url"); $att = $w->service("File")->getAttachment($p['id']); if ($att) { $w->ctx('attach_id', $att->id); $w->ctx('attach_table', $att->parent_table); $w->ctx('attach_table_id', $att->parent_id); $w->ctx('attach_title', $att->title); $w->ctx('attach_description', $att->description); $att->delete(); $w->msg("Attachment deleted.", "/" . str_replace(" ", "/", $p['url'])); } else { $w->error("Attachment does not exist.", "/" . str_replace(" ", "/", $p['url'])); } }
function configwidget_POST(Web $w) { $p = $w->pathMatch("origin", "id"); // "origin", "source", "widget"); // $widget = $w->Widget->getWidget($p["origin"], $p["source"], $p["widget"]); $widget = $w->Widget->getWidgetById($p["id"]); // $widgetname = $p["widget"]; if (empty($widget->id)) { $w->error("Widget not found", "/{$p['origin']}"); } $vars = $_POST; unset($vars[CSRF::getTokenID()]); $widget->custom_config = json_encode($vars); $widget->update(); $w->msg("Widget updated", "/{$p['origin']}"); }
function resetpassword_POST(Web $w) { $email = $w->request('email'); // email $token = $w->request('token'); // token $password = $w->request('password'); // password $password_confirm = $w->request('password_confirm'); if ($password !== $password_confirm) { $w->error("Passwords do not match", "/auth/resetpassword?email={$email}&token={$token}"); return; } $user = $w->Auth->getUserForToken($token); //getObject("User", array("password_reset_token", $token)); $validData = false; if (!empty($user->id)) { // Check that the password reset hasn't expired if (time() - strtotime($user->dt_password_reset_at) < 0) { $w->msg("Your token has expired (max 24 hours), please submit for a new one", "/admin/forgotpassword"); return; } $user_contact = $user->getContact(); if (!empty($user_contact)) { if ($user_contact->email == $email) { $user->setPassword($password); $user->password_reset_token = null; $user->dt_password_reset_at = null; $user->update(true); // Precautionary logout if ($w->Auth->loggedIn()) { $w->sessionDestroy(); } $validData = true; } } } if (!$validData) { $w->Log->warn("Password reset attempt failed with email: {$email}, token: {$token}"); $w->out("Invalid email or token, this incident has been logged"); } else { $w->msg("Your password has been reset", "/auth/login"); } }
function addwidget_POST(Web $w) { $p = $w->pathMatch("module"); $module = $p["module"]; // $id = $p["id"]; // $widget = $w->Widget->getWidget($_POST["destination_module"], $_POST["source_module"], $_POST["widget_name"]); // $widget = $w->Widget->getWidgetByID($) // if (null !== $widget) { // $w->error("This entry already exists!", "/{$module}/index"); // } $widget = new WidgetConfig($w); $widget->destination_module = $module; $widget->fill($_POST); $widget->user_id = $w->Auth->user()->id; $response = $widget->insert(); if ($response === true) { $w->msg("Widget Added", "/{$module}/index"); } else { $w->error("Could not add widget", "/{$module}/index"); } }