/** * @return mixed */ public function pubpriv() { /** * Verify CSRF token. */ if ($_POST['_token'] !== Session::token()) { return Response::json(array('error' => true)); } /** * Session validation */ $session = Session::get('uber_profile'); if (!isset($session) || $session['utid'] !== $_POST['utid']) { return Response::json(array('error' => true)); } /** * Find Uber row and change public/private status. */ $uber = Uber::where('utid', $_POST['utid'])->first(); $status = $_POST['status'] == 1 ? false : true; $uber->public = $status; $uber->save(); /** * Respond with json success data. */ return Response::json(array('success' => true, 'dump' => $uber->public)); }
/** * 启用禁用状态切换 * @param $item * @return string */ public static function block_btn_status_select($item) { $url = URL::action(static::$action . '.edit.status'); if (Permission::checkMe(static::$action . '.edit.status')) { $disabled = ""; } else { $disabled = "disabled"; } $current = $item->getStatus(); $token = Session::token(); $li = ''; $allowedStatus = $item->getAvailableNextStatus(); if (isset(static::$allowedStatus) && is_array(static::$allowedStatus)) { $allowedStatus = array_intersect($allowedStatus, static::$allowedStatus); } foreach ($allowedStatus as $status) { $li .= <<<LI <li><a class="table-role-btn-switch" href="javascript:;" data-attr-id='{$item->id}' data-attr-token='{$token}' data-attr-url='{$url}' {$disabled}>{$status}</a></li> LI; } $button = <<<BUTTON <div class="btn-group" style="margin:0 auto;"> <button type="button" class="btn btn-xs btn-warning btn-current-status" {$disabled}>{$current}</button> <button type="button" class="btn btn-xs btn-warning dropdown-toggle" data-toggle="dropdown" {$disabled}> <span class="caret"></span> <span class="sr-only">Toggle Dropdown</span> </button> <ul class="dropdown-menu" role="menu"> {$li} </ul> </div> BUTTON; return $button; }
/** Save a naw post * @param Request $request * @return Response of the ajax request. */ public function store(Request $request) { //ajax storage. //1. check if its out form. if (Session::token() !== Input::get('_token')) { return response()->json(array('message' => 'unauthorized attempt to sent a post')); } //get the oldest post id. this will be used to append to the post ul. $old_post = DB::table('posts')->max('id'); //2. retreive the data in the form. $post = new Post(); $post->title = Input::get('title'); $post->body = Input::get('body'); $post->post_author_id = Auth::id(); if ($post->save()) { //get the profile image of the use. $profile_image_name = Profile::find(Auth::id())->pluck('profile_image_name'); // create a json response and return it. $response = array('title' => $post->title, 'body' => $post->body, 'post_author_id' => $post->post_author_id, 'user_id' => Auth::id(), 'profile_image_name' => $profile_image_name, 'post_id' => $post->id, 'old_post' => $old_post, 'nickname' => $request->user()->nickname, 'message' => 'Your message has been posted', 'status' => 'success'); return response()->json($response, 200); } else { //500 = Internal server error return response('Sorry, An Error Occurred. Please retry the request', 500); } }
public function postDeleteTipConstructie() { if (Request::ajax()) { if (Session::token() === Input::get('_token')) { $id = Input::get('id'); DB::table('tip_constructie')->where('id', $id)->update(array('logical_delete' => 1)); return $id; } } }
public function postDeleteBancaEntitate() { if (Request::ajax()) { if (Session::token() === Input::get('_token')) { $id = Input::get('id'); DB::table('banca_entitate')->where('id', $id)->update(array('logical_delete' => 1)); return $id; } } }
public function create() { // check if it's our form if (Session::token() !== Input::get('_token')) { return response()->json(array('msg' => 'Unauthorized attempt to create Setting')); } // retrieve the data $setting_name = Input::get('setting_name'); $setting_value = Input::get('setting_value'); //.................. //validate data and store in db here... $setting = new Setting(); $setting->setting_name = $setting_name; $setting->setting_value = $setting_value; $setting->save(); //.................. // create a response message and send it. $response = array('status' => 'success', 'msg' => 'setting created successfully'); return response()->json($response); }
/** * 启用禁用状态切换 * @param $item * @return string */ public static function block_btn_switch($item) { if (true == $item->trashed()) { return ''; } if (false == method_exists($item, 'switchOn') || false == method_exists($item, 'switchOff')) { return ''; } if ($item->switchIsOn()) { $action = static::$action . '.edit.switch.off'; $checked = 'checked'; } else { $action = static::$action . '.edit.switch.on'; $checked = ''; } $urlON = URL::action(static::$action . '.edit.switch.on'); $urlOFF = URL::action(static::$action . '.edit.switch.off'); if (Permission::checkMe($action)) { $readonly = ""; } else { $readonly = "readonly"; } $token = Session::token(); return "<input type='checkbox' data-on-text='启用' data-off-text='禁用' data-size='small' data-token='{$token}' data-item-id='{$item->id}' data-action-on='{$urlON}' data-action-off='{$urlOFF}' class='gofarms-admin-switch' {$checked} {$readonly}>"; }
function csrf_validate(&$data) { $session_token = Session::token(); if (is_array($data) and $this->session_id()) { foreach ($data as $k => $v) { if ($k == 'token' or $k == '_token') { if ($session_token === $v) { unset($data[$k]); return true; } } } } }
/** * Returns Javascript parameters for remote validated rules. * * @param $attribute * * @return array */ private function jsRemoteRule($attribute) { $token = Session::token(); $token = Crypt::encrypt($token); $params = [$attribute, $token]; return [$attribute, $params]; }
public function postDeleteLocatar() { if (Request::ajax()) { if (Session::token() === Input::get('_token')) { $id = Input::get('id'); DB::table('locatari_imobil')->where('id', $id)->update(array('logical_delete' => 1)); return $id; } } }
public function postAsociazaPersonal() { if (Request::ajax()) { if (Session::token() === Input::get('_token')) { $id = Input::get('id'); DB::table('personal_entitate')->insertGetId(array('id_entitate' => Input::get('id_entitate'), 'id_personal' => $id)); return $id; } } }
public function testFormSubmitAuthError() { $this->get('/login')->seeStatusCode(200)->see('Login'); $this->post('/login', ['email' => 'wrong', 'password' => '*****@*****.**', '_token' => Session::token()])->see('Redirecting to http://localhost/login'); }
public function createUserAndLogin() { $password = str_random(6); $user = factory(User::class)->create(['password' => bcrypt($password)]); $this->post('/login', ['email' => $user->getEmail(), 'password' => $password, '_token' => Session::token()])->see('<title>Redirecting to http://localhost/admin/article</title>'); }
/** * Run the csrf filter. * * We're protecting Cachet against cross-site request forgery attacks. If * our csrf token in the session does not match the one given sent to us in * this request, then we'll bail. * * @param \Illuminate\Routing\Route $route * @param \Illuminate\Http\Request $request * * @throws \Illuminate\Session\TokenMismatchException * * @return void */ public function filter(Route $route, Request $request) { if (Session::token() !== $request->input('_token')) { throw new TokenMismatchException(); } }