/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param Closure|\Closure $next * @param $permissions * @return mixed * @internal param $roles * @internal param null|string $guard */ public function handle(Request $request, Closure $next, $permissions) { if (Auth::guest() || !$request->user()->can(explode('|', $permissions))) { abort(403); } return $next($request); }
public function __costruct() { $auth = auth()->guard('admin'); if (!$auth->check()) { abort(403, "Anda tidak memiliki hak akses ke halaman ini"); } }
public function getCallback() { $fb = App::make('SammyK\\LaravelFacebookSdk\\LaravelFacebookSdk'); // Obtain an access token. try { $token = $fb->getAccessTokenFromRedirect(); } catch (Facebook\Exceptions\FacebookSDKException $e) { dd($e->getMessage()); } // Access token will be null if the user denied the request // or if someone just hit this URL outside of the OAuth flow. if (!$token) { // Get the redirect helper $helper = $fb->getRedirectLoginHelper(); if (!$helper->getError()) { abort(403, 'Unauthorized action.'); } // User denied the request dd($helper->getError(), $helper->getErrorCode(), $helper->getErrorReason(), $helper->getErrorDescription()); } if (!$token->isLongLived()) { // OAuth 2.0 client handler $oauth_client = $fb->getOAuth2Client(); // Extend the access token. try { $token = $oauth_client->getLongLivedAccessToken($token); } catch (Facebook\Exceptions\FacebookSDKException $e) { dd($e->getMessage()); } } $fb->setDefaultAccessToken($token); // Save for later Session::put('fb_user_access_token', (string) $token); // Get basic info on the user from Facebook. try { $response = $fb->get('/me?fields=id,name,email,picture.type(large)'); } catch (Facebook\Exceptions\FacebookSDKException $e) { dd($e->getMessage()); } // Convert the response to a `Facebook/GraphNodes/GraphUser` collection $facebook_user = $response->getGraphUser(); // Create the user if it does not exist or update the existing entry. // This will only work if you've added the SyncableGraphNodeTrait to your User model. $user = User::createOrUpdateGraphNode($facebook_user); $arrContextOptions = array("ssl" => array("verify_peer" => false, "verify_peer_name" => false)); $img = ImageIntervention::make(file_get_contents($user->url, false, stream_context_create($arrContextOptions))); $img->fit(100); $img->save(base_path() . '/public/images/profilePhotos/thumb_100_' . md5($user->id) . '.jpg', 100); $img = ImageIntervention::make(file_get_contents($user->url, false, stream_context_create($arrContextOptions))); $img->fit(50); $img->save(base_path() . '/public/images/profilePhotos/thumb_50_' . md5($user->id) . '.jpg', 100); // Log the user into Laravel Auth::login($user); //maybe this need to redirect back to the originating page if (Session::has('profileId')) { return redirect('/profile/index/' . Session::get('profileId')); } else { return redirect('/register'); } }
/** * {@inheritdoc} */ static function processCreateForm($request, $video) { $mmc = new MediamosaConnector(); $user = Auth::user(); $response = $mmc->createAsset($user->id); if (empty($response['data']['items']['item'][0]['asset_id'])) { abort(500, 'Mediamosa: Failed creating asset'); } $asset_id = $response['data']['items']['item'][0]['asset_id']; $data = array('isprivate' => 'true'); $response = $mmc->updateAsset($asset_id, $user->id, $data); if (empty($response)) { abort(500, 'Mediamosa: Failed updating asset'); } $response = $mmc->createMediafile($asset_id, $user->id); if (empty($response['data']['items']['item'][0]['mediafile_id'])) { abort(500, 'Mediamosa: Failed creating mediafile'); } $mediafile_id = $response['data']['items']['item'][0]['mediafile_id']; $response = $mmc->createUploadTicket($mediafile_id, $user->id, $_SERVER['HTTP_REFERER']); if (empty($response['data']['items']['item'][0]['action'])) { abort(500, 'Mediamosa: Failed creating upload ticket'); } $action = $response['data']['items']['item'][0]['action']; $uploadprogress_url = $response['data']['items']['item'][0]['uploadprogress_url']; $ticket_id = $response['data']['items']['item'][0]['ticket_id']; $progress_id = $response['data']['items']['item'][0]['progress_id']; if (!empty($_SERVER['HTTPS'])) { $uploadprogress_url = str_replace("http://", "https://", $uploadprogress_url); $action = str_replace("http://", "https://", $action); } $random_id = $mmc->generateRandomString(8); $video->data = array('status' => 'uploadticket', 'asset_id' => $asset_id, 'mediafile_id' => $mediafile_id, 'uploadticket_data' => array('action' => $action, 'uploadprogress_url' => $uploadprogress_url, 'ticket_id' => $ticket_id, 'progress_id' => $progress_id, 'random_id' => $random_id)); }
/** * Show a documentation page. * * @param string $version * @param string|null $page * @return Response */ public function show($version, $page = null) { if (!$this->isVersion($version)) { return redirect('docs/' . DEFAULT_VERSION . '/' . $version, 301); } if (!defined('CURRENT_VERSION')) { define('CURRENT_VERSION', $version); } $sectionPage = $page ?: 'installation'; $content = $this->docs->get($version, $sectionPage); if (is_null($content)) { abort(404); } $title = (new Crawler($content))->filterXPath('//h1'); $section = ''; if ($this->docs->sectionExists($version, $page)) { $section .= '/' . $page; } elseif (!is_null($page)) { return redirect('/docs/' . $version); } $canonical = null; if ($this->docs->sectionExists(DEFAULT_VERSION, $sectionPage)) { $canonical = 'docs/' . DEFAULT_VERSION . '/' . $sectionPage; } return view('docs', ['title' => count($title) ? $title->text() : null, 'index' => $this->docs->getIndex($version), 'content' => $content, 'currentVersion' => $version, 'versions' => Documentation::getDocVersions(), 'currentSection' => $section, 'canonical' => $canonical]); }
/** * Display the specified resource. * * @param int $id * @return Response */ public function show($id) { if (!Auth::check()) { return redirect('home')->with('message', "Veuillez d'abord vous connecter"); } $question = Question::find($id); if (is_null($question)) { abort(404); } $total_questions = Question::count(); $user = Auth::user(); $total_questions_replied = $user->questionsReplied()->count(); $total_questions_replied_percent = round($total_questions_replied / $total_questions * 100); // Get the current user that will be the origin of our operations // Get ID of a User whose autoincremented ID is less than the current user, but because some entries might have been deleted we need to get the max available ID of all entries whose ID is less than current user's $previousQuestionID = Question::where('id', '<', $question->id)->max('id'); // Same for the next user's id as previous user's but in the other direction $nextQuestionID = Question::where('id', '>', $question->id)->min('id'); $replies = $question->getChoices(); // if user already replied to this particular question if ($question->getAnswer()) { $replies[$question->getAnswer()]['checked'] = true; $question->replied = true; } return view('questions.show', compact('question', 'previousQuestionID', 'nextQuestionID', 'replies', 'total_questions', 'total_questions_replied', 'total_questions_replied_percent')); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { if (strtolower(Auth::staff()->get()->role->id) != 1 and strtolower(Auth::staff()->get()->role->id) != 2) { abort('404'); } return $next($request); }
/** * Display a user. * * @return Response */ public function show(User $user) { if (Request::ajax()) { return $user; } abort(404); }
private function renderArticle($article) { if (!$article) { abort(404); } return view('article', compact('article')); }
/** * Abort if request is not ajax * @param Request $request */ public function __construct(Request $request) { if (!$request->ajax() || !Datatable::shouldHandle()) { abort(403, 'Forbidden'); } parent::__construct(); }
/** * Ensure the app is running in the enviorment provided as parameter. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @param string * @return mixed */ public function handle($request, Closure $next, $enviorment) { if (app()->environment($enviorment)) { return $next($request); } return abort(404); }
function detail($imgtitle, $id) { // get single image $image = DB::table('wallpaper')->find($id); // find the title, if not match return 404 if ($imgtitle !== $image->wallslug) { abort(404); } $short_title = str_slug($this->shortTitle($image->walltitle), '-'); $vav = DB::table('wallpaper')->orderByRaw("RAND()")->take(mt_rand(3, 5))->get(); // get related images (abal2) $relateds1 = DB::table('wallpaper')->orderBy('id', 'DESC')->skip(1)->take(3)->get(); $relateds2 = DB::table('wallpaper')->orderBy('id', 'DESC')->skip(4)->take(3)->get(); $relateds3 = DB::table('wallpaper')->orderBy('id', 'DESC')->skip(7)->take(3)->get(); $recents = DB::table('wallpaper')->orderBy('id', 'DESC')->take(5)->get(); $randimg = DB::table('wallpaper')->orderByRaw("RAND()")->take(3)->get(); $randimg1 = DB::table('wallpaper')->orderByRaw("RAND()")->take(3)->skip(3)->get(); $images = DB::table('wallpaper')->orderBy('wallview', 'DESC')->take(7)->get(); $tags = DB::table('wallpaper')->orderByRaw("RAND()")->take(mt_rand(7, 11))->get(); $alp = range('A', 'Z'); $num = range(0, 9); // get categories $categories = $this->getCategory(); return view('arkitekt.detail', compact('image', 'vav', 'vavsqq', 'short_title', 'short_title1', 'relateds1', 'relateds2', 'relateds3', 'recents', 'randimg', 'randimg1', 'images', 'tags', 'categories', 'alp', 'num')); }
public function validate_fields() { if (!$this->form_validation->run($this->router->class)) { back_to_top(); abort(validation_errors()); } }
/** * Show the form for creating a new resource. * * @return \Illuminate\Http\Response */ public function create() { if (Gate::denies('addClient', new Client())) { abort(403, 'Not allowed'); } return View::make('client.create'); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { if (Auth::admin()->check()) { return $next($request); } abort(404); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { if (Gate::denies('contributor')) { abort(403); } return $next($request); }
/** * Authorize the page. * * @param PageInterface $page */ public function authorize(PageInterface $page) { /* @var UserInterface $user */ $user = $this->guard->user(); /** * If the page is not enabled and we * are not logged in then 404. */ if (!$page->isEnabled() && !$user) { abort(404); } /** * If the page is not enabled and we are * logged in then make sure we have permission. */ if (!$page->isEnabled()) { $this->authorizer->authorize('anomaly.module.pages::view_drafts'); } /** * If the page is restricted to specific * roles then make sure our user is one of them. */ $allowed = $page->getAllowedRoles(); if (!$allowed->isEmpty() && (!$user || !$user->hasAnyRole($allowed))) { $page->setResponse($this->response->redirectTo('login')); } }
public function mass(Request $request) { if (!$request->ajax()) { abort(404); } $semester = Semester::get_active_semester()->id; if (!($prevSemester = Semester::get_previous_semester())) { return response("Semester sebelumnya tidak dapat ditemukan.", 422); } $prevSemester = $prevSemester->id; if ($request->input('type') == 2) { $backup = null; try { $backup = Mengajar::reset($semester); } catch (Exception $e) { return response("Penghapusan aturan asosiasi gagal dilakukan.", 422); } return response("Penghapusan berhasil.", 200); } if ($request->input('type') == 1) { $copy = null; try { $copy = Mengajar::copy($prevSemester, $semester); } catch (Exception $e) { return response("Penyalinan aturan asosiasi dari semester sebelumnya gagal dilakukan.", 422); } return response("Proses penyamaan selesai. {$copy['success']} entri asosiasi berhasil disamakan." . ($copy['fail'] > 0 ? " {$copy['fail']} entri gagal disamakan karena entri sudah ada atau tidak ditemukannya kelas." : ""), 200); } }
/** * Register/login user via social network app. * * @param AuthenticateUser $authenticateUser * @param SocialiteProvider $socialiteProvider * @param Request $request * @param $provider Socialite provider name. * @return mixed */ public function loginWithProvider(AuthenticateUser $authenticateUser, SocialiteProvider $socialiteProvider, Request $request, $provider) { if (!$socialiteProvider->isValid($provider)) { abort(404); } return $authenticateUser->execute($request->has('code') || $request->has('oauth_token'), $provider, $this); }
public function patchIndex(Role $role) { if (!$this->user->canAdminRoles() || !$this->user->canAdminPermissions()) { return abort(403); } $input = Input::all(); $permissions = Permission::all(); $rolePermissions = []; $nullPermissions = []; foreach ($permissions as $permission) { if ($this->user->can($permission->permission_id)) { $nullPermissions[] = $permission->permission_id; foreach ($input as $permission_id => $permission_value) { $permission_id = str_replace("_", ".", $permission_id); if ($permission->permission_id == $permission_id) { switch ($permission_value) { case "allow": case "deny": $rolePermissions[] = ['role_id' => $role->role_id, 'permission_id' => $permission_id, 'value' => $permission_value == "allow"]; break; } break; } } } } RolePermission::where(['role_id' => $role->role_id])->whereIn('permission_id', $nullPermissions)->delete(); RolePermission::insert($rolePermissions); return $this->view(static::VIEW_PERMISSIONS, ['role' => $role, 'permissions' => Permission::all()]); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { if ($request->user()->role !== 'admin') { abort(404); } return $next($request); }
public function download($slug, Request $request) { $file = Laralum::document('slug', $slug); if ($file) { # Check if disabled if ($file->disabled) { abort(404); } # Check Auth if ($file->authorization_required) { if (!Auth::check()) { return redirect('/login'); } } # Check password if ($file->password) { if (Crypt::decrypt($file->password) == $request->input('password')) { return $this->fileDownload($file->name); } else { return redirect(Laralum::downloadLink($file->name))->with('error', trans('laralum.password_not_correct')); } } else { return $this->fileDownload($file->name); } } else { abort(404); } }
/** * Update the specified resource in storage. * * @param int $id * @return Response */ public function update(Request $request, $userId, $id) { if (Auth::user()->id != $userId) { abort(403); } return Auth::user()->updateCard($request->get('token')); }
protected function download(Request $request, $prefix, $attachment = false) { $path = $request->path(); // trim prefix if (starts_with($path, $prefix)) { $path = substr($path, strlen($prefix)); } debug_log('File Download[File Path]', $path); // make absolute file path $path = wordpress_path($path); // ERROR: file not found if (!is_file($path)) { debug_log('File Download: [Abort]: not found'); abort(404); } $extension = pathinfo($path, PATHINFO_EXTENSION); // ERROR: file extension is .php if ($extension == 'php') { debug_log('File Download: [Abort]: .php'); abort(404); } debug_log('File Download[Content Type]', $this->getMimeType($path, $extension)); $headers = ['Content-Type' => $this->getMimeType($path, $extension)]; if ($attachment === false) { return response()->make(file_get_contents($path), 200, $headers); } return response()->download($path, 200, $headers); }
public function performRedirect(Request $request, $short_url, $secret_key = false) { $link = Link::where('short_url', $short_url)->first(); if ($link == null) { return abort(404); } $link_secret_key = $link->secret_key; if ($link->is_disabled == 1) { return view('error', ['message' => 'Sorry, but this link has been disabled by an administrator.']); } if ($link_secret_key) { if (!$secret_key) { // if we do not receieve a secret key // when we are expecting one, return a 404 return abort(404); } else { if ($link_secret_key != $secret_key) { // a secret key is provided, but it is incorrect return abort(404); } } } $long_url = $link->long_url; $clicks = intval($link->clicks); if (is_int($clicks)) { $clicks += 1; } $link->clicks = $clicks; $link->save(); LinkHelper::processPostClick($link); return redirect()->to($long_url); }
protected static function ensureAdmin() { if (!self::currIsAdmin()) { abort(401, 'User not admin.'); } return true; }
public function handle($request, Closure $next) { if ($request->ajax()) { return $next($request); } abort(404); }
/** * @return array * @throws Exception * @SuppressWarnings(PHPMD.CyclomaticComplexity) */ public function rules() { $what = Input::get('what'); $rules = ['description' => 'required|min:1,max:255', 'what' => 'required|in:withdrawal,deposit,transfer', 'amount' => 'numeric|required|min:0.01', 'date' => 'required|date', 'amount_currency_id_amount' => 'required|exists:transaction_currencies,id']; switch ($what) { case strtolower(TransactionType::WITHDRAWAL): $rules['account_id'] = 'required|exists:accounts,id|belongsToUser:accounts'; $rules['expense_account'] = 'between:1,255'; $rules['category'] = 'between:1,255'; if (intval(Input::get('budget_id')) != 0) { $rules['budget_id'] = 'exists:budgets,id|belongsToUser:budgets'; } break; case strtolower(TransactionType::DEPOSIT): $rules['category'] = 'between:1,255'; $rules['account_id'] = 'required|exists:accounts,id|belongsToUser:accounts'; $rules['revenue_account'] = 'between:1,255'; break; case strtolower(TransactionType::TRANSFER): $rules['account_from_id'] = 'required|exists:accounts,id|belongsToUser:accounts|different:account_to_id'; $rules['account_to_id'] = 'required|exists:accounts,id|belongsToUser:accounts|different:account_from_id'; $rules['category'] = 'between:1,255'; break; default: abort(500, 'Cannot handle ' . $what); break; } return $rules; }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { if (Admin::notAdmin()) { abort(403); } return $next($request); }
public function getPromotionItem() { $filter = input::get(); $promotionInfo = app::get('topc')->rpcCall('promotion.promotion.get', array('promotion_id' => $filter['promotion_id'])); if ($promotionInfo['valid']) { if (!$filter['pages']) { $filter['pages'] = 1; } $pageSize = 20; $params = array('page_no' => $pageSize * ($filter['pages'] - 1), 'page_size' => $pageSize, 'fields' => 'item_id,shop_id,title,image_default_id,price'); //获取促销商品列表 $promotionItem = $this->__promotionItemList($promotionInfo, $params); //echo '<pre>';print_r($promotionItem);exit(); $count = $promotionItem['total_found']; $promotionItemList = $promotionItem['list']; //处理翻页数据 $current = $filter['pages'] ? $filter['pages'] : 1; $filter['pages'] = time(); if ($count > 0) { $total = ceil($count / $pageSize); } $pagedata['pagers'] = array('link' => url::action('topc_ctl_promotion@getPromotionItem', $filter), 'current' => $current, 'total' => $total, 'token' => $filter['pages']); $pagedata['promotionItemList'] = $promotionItemList; $pagedata['count'] = $count; $pagedata['promotionInfo'] = $promotionItem['promotionInfo']; $pagedata['promotiontype'] = $promotionInfo['promotion_type']; } else { return abort(404); } return $this->page("topc/promotion/promotion.html", $pagedata); }