<?php
/* The basic logic behind logging in. Nothing exceptional, the user's password is hashed using MD5 and then checked against the database.
If a match is found, session variables are initialized and the user is redirected to the admin homepage. */
$rule = array('loginname' => array('required' => true), 'password' => array('required' => true));
if (Atomik::filter($_POST, $rule) === false) {
Atomik::flash(A('app/filters/messages'), 'error');
return;
}
$loginname = $_POST['loginname'];
$password = md5($_POST['password']);
$searchresult = A("db:select * from admin where adminnick='{$loginname}'");
$datarow = $searchresult->fetch();
if (empty($datarow)) {
Atomik::flash('Invalid login', 'loginfail');
return;
} elseif ($password != $datarow['adminpassword']) {
Atomik::flash('Invalid login', 'loginfail');
return;
} else {
$_SESSION['adminlogin'] = true;
$_SESSION['loginname'] = $loginname;
$_SESSION['password'] = $password;
$_SESSION['adminid'] = $datarow['adminid'];
Atomik::redirect('adminhome');
}
Atomik::needed('logincheck');
allowed();
if ($_POST['add']) {
$rule = array('adminnick' => array('required' => true), 'adminpassword' => array('required' => true));
if (($data = Atomik::filter($_POST, $rule)) === false) {
Atomik::flash('Invalid form', 'error');
Atomik::redirect('loginmanagement');
}
$hashpassword = md5($data['adminpassword']);
$data['adminpassword'] = $hashpassword;
$searchresult = A('db: select adminid from admin where adminnick=\'' . $data['adminnick'] . '\'');
$datarow = $searchresult->fetch();
if (empty($datarow)) {
Atomik_DB::insert('admin', $data);
Atomik::redirect('loginmanagement');
}
Atomik::flash('Admin with similar username already exists', 'error');
Atomik::redirect('loginmanagement');
} elseif ($_POST['delete']) {
$rule = array('adminid' => array('required' => true));
if (($data = Atomik::filter($_POST, $rule)) === false) {
Atomik::flash('Invalid form', 'error');
Atomik::redirect('loginmanagement');
}
if ($data['adminid'] == $_SESSION['adminid']) {
Atomik::flash("Can't delete a session you are currently logged in as", 'error');
Atomik::redirect('loginmanagement');
}
Atomik_DB::delete('admin', $data);
Atomik::redirect('loginmanagement');
}
<?php
/* The page for handling adding and removing cars from the database. After login check, the POST array is examined for input.
Depending on the input a new car is either added to the database or removed from the database. Notable is that also the comments
about the car are deleted, something which didn't happen in early versions :) */
Atomik::needed('logincheck');
allowed();
if ($_POST['add']) {
$rule = array('name' => array('required' => true), 'manufacturerkey' => array('required' => true), 'imagename' => array('required' => true));
if (($data = Atomik::filter($_POST, $rule)) === false) {
Atomik::flash('Invalid form', 'error');
Atomik::redirect('carmanagement');
}
Atomik_DB::insert('car', $data);
} elseif ($_POST['delete']) {
$rule = array('carid' => array('required' => true));
if (($data = Atomik::filter($_POST, $rule)) === false) {
Atomik::flash('Invalid form', 'error');
Atomik::redirect('carmanagement');
}
echo "Trying to delete carid";
Atomik_DB::delete('car', $data);
Atomik_DB::delete('carcomment', $data);
}
Atomik::redirect('carmanagement');
<?php
/* Just some database searches using the GET parameter. The basic information of the car as well as the comments
associated with the car are fetched from the database using the carid */
if ($_GET['carid']) {
$search = A('db:select * from carpage where carid = ' . $_GET['carid']);
$car = $search->fetch();
if (empty($car)) {
Atomik::flash('No such car', 'error');
Atomik::redirect('home');
}
$search = A('db:select * from carcomment_ordered where carid = ' . $car['carid']);
$comments = $search->fetchAll();
} else {
Atomik::redirect('home');
}
<?php
if (!Atomik::has('request/name') || !Atomik::has('request/id')) {
Atomik::redirect('index');
}
$modelName = Atomik::get('request/name');
$returnUrl = Atomik::get('request/returnUrl', Atomik::url('models/list', array('name' => $modelName)));
$model = Atomik_Model::find($modelName, Atomik::get('request/id'));
$title = (string) $model;
if (!$model->delete()) {
Atomik::flash(__('An error occured while deleting %s %s', strtolower($modelName), $title), 'error');
} else {
Atomik::flash(__('%s %s successfully deleted', $modelName, $title), 'success');
Backend_Activity::create('Models', __('%s %s has been deleted', $modelName, $title), __('Deleted by') . ' %s');
}
Atomik::redirect($returnUrl, false);
}
$modelName = Atomik::get('request/name');
$returnUrl = Atomik::get('request/returnUrl', Atomik::url('models/list', array('name' => $modelName)));
$builder = Atomik_Backend_Models::getModelBuilder($modelName);
$actionString = 'created';
$title = __('Create a new') . ' %s';
$message = __('A %s has been created', strtolower($modelName));
$model = $modelName;
if (Atomik::has('request/id')) {
$model = Atomik_Model::find($builder, Atomik::get('request/id'));
$actionString = 'modified';
$title = __('Edit') . ' %s: ' . $model;
$message = __('%s %s has been modified', $modelName, $model);
}
$form = new Atomik_Model_Form($model, array('form-', 'admin-form-'));
$form->setAction(Atomik::url());
$form->setOption('cancel-url', $returnUrl);
if ($form->hasData()) {
if ($form->isValid()) {
$model = $form->getModel();
$model->save();
Backend_Activity::create('Models', $message, __(ucfirst($actionString) . ' by') . ' %s');
Atomik::redirect($returnUrl, false);
}
Atomik::flash($form->getValidationMessages(), 'error');
}
<?php
/* Exactly the same as carpage.php, only for manufacturers. How surprising! */
if ($_GET['manufacturerid']) {
$search = A('db:select * from manufacturer where manufacturerid = ' . $_GET['manufacturerid']);
$man = $search->fetch();
if (empty($man)) {
Atomik::flash('No such manufacturer', 'error');
Atomik::redirect('home');
}
$search = A('db:select * from manufacturercomment_ordered where manufacturerid = ' . $man['manufacturerid']);
$comments = $search->fetchAll();
} else {
Atomik::redirect('home');
}
