Exemplo n.º 1
0
 /**
  * Set the headers for the request
  * @param array $options
  * @return array $headers
  */
 private function setHeaders(array $options)
 {
     $format = $options['format'];
     $authToken = $this->session->getToken();
     $accessToken = $authToken['access_token'];
     $tokenType = $authToken['token_type'];
     $this->headers['Authorization'] = "{$tokenType} {$accessToken}";
     $this->setRequestFormat($options['format']);
     $this->setCompression($options);
 }
Exemplo n.º 2
0
 public function getGroups($value = '')
 {
     /* supply data=======================================================-============================*/
     $groups_all = $this->groupRepository->all();
     // dd(count($groups));
     $perPage = 10;
     $currentPage = Input::get('page') - 1;
     $pagedData = array_slice($groups_all, $currentPage * $perPage, $perPage);
     $groups = new Paginator($pagedData, $perPage, $currentPage);
     $rows = [];
     foreach ($groups as $i => $group) {
         $permissions = $group->getPermissions();
         $keys = array_keys($permissions);
         $last_key = end($keys);
         $v_permisson = '';
         // dd($permissions);
         foreach ($permissions as $key => $value) {
             // dd($key);
             $v_permisson .= ucfirst($key) . ($key == $last_key ? '' : ', ');
         }
         $rows[$i]['id'] = $group->hash;
         $rows[$i]['name'] = $group->name;
         $rows[$i]['permission'] = $v_permisson;
         $rows[$i]['token'] = \Session::getToken();
         $i++;
     }
     /* return for view =======================================================1*/
     $total = count($groups_all);
     $data['rows'] = $rows;
     $data['total'] = $total;
     return $data;
 }
 /**
  * Testing redirect with logged in user.
  */
 public function testLoginShouldRedirectUser()
 {
     $credentials = array('email' => '*****@*****.**', 'password' => 'admin', 'csrf_token' => Session::getToken());
     $this->withInput($credentials)->requestAction('POST', 'UserController@postLogin');
     $this->requestAction('GET', 'UserController@getLogin');
     $this->assertRedirection(URL::to('/'));
 }
Exemplo n.º 4
0
 public static function checkToken($token)
 {
     $tokenName = Session::getToken('tokenName');
     //var_dump($tokenName);
     if ($tokenName === $token) {
         Session::destroySession('tokenName');
         return true;
     }
     return false;
 }
Exemplo n.º 5
0
 public function run()
 {
     # vars to _always_ send to templates
     $this->defaultVars = array('referer' => $this->referer, 'view' => $this->view, 'poche_url' => Tools::getPocheUrl(), 'title' => _('wallabag, a read it later open source system'), 'token' => \Session::getToken(), 'theme' => $this->wallabag->tpl->getTheme());
     $this->_launchAction();
     $this->_defineTplInformation();
     # because messages can be added in $poche->action(), we have to add this entry now (we can add it before)
     $this->vars = array_merge($this->vars, array('messages' => $this->wallabag->messages->display('all', FALSE)));
     $this->_render($this->file, $this->vars);
 }
Exemplo n.º 6
0
 /**
  * Make sure the CSRF token exists and is valid.
  * This should be checked on most forms and get methods that manipulate state.
  */
 public static function checkToken()
 {
     // Check to see if the token is what it needs to be
     if (Input::exists('_token') && Input::get('_token') == Session::getToken()) {
         return;
     }
     // Check to see if it's the secret development token
     if (Input::exists('_token') && Input::get('_token') === DEVELOPMENT_KEY) {
         return;
     }
     // Throw a token mismatch error
     throw new Exception('Token mismatch.');
 }
 /**
  * Test testFormOpen()
  *
  * @return void
  */
 public function testFormOpen()
 {
     // Instantiate api helper
     $api = new \App\Helpers\ApiHelper();
     // Grab an event from
     $event = $api->index('events');
     $event = $event['data']['events'][0];
     // Set event id
     $eventId = $event['id'];
     // Set token to pass with form
     $token = Session::getToken();
     // Post schedule with data
     $result = $this->call('POST', 'events/schedules/create/' . $eventId, ['_token' => $token, 'startDate' => '2018-11-11', 'startTime' => '20:00:00', 'endDate' => '2018-11-11', 'endTime' => '21:00:00', 'timeZoneId' => '6']);
     // Check Response for post to be a 302
     $this->assertResponseStatus(302);
 }
Exemplo n.º 8
0
        return Redirect::action('AuthController@getLogin');
    }
    //    if ( Auth::check() ) return Redirect::action('AuthController@getLogin');
});
/*
|--------------------------------------------------------------------------
| CSRF Protection Filter
|--------------------------------------------------------------------------
|
| The CSRF filter is responsible for protecting your application against
| cross-site request forgery attacks. If this special token in a user
| session does not match the one given in this request, we'll bail.
|
*/
Route::filter('csrf', function () {
    if (Session::getToken() !== Input::get('_token')) {
        throw new Illuminate\Session\TokenMismatchException();
    }
});
Route::filter('Moderator', function () {
    if (!(Entrust::hasRole('admin') || Entrust::hasRole('moderator'))) {
        return Redirect::to('forbidden')->with('error', 'Sorry You Do not have access to this page');
    }
});
Route::filter('Admin', function () {
    if (!Entrust::hasRole('admin')) {
        return Redirect::to('forbidden')->with('errors', 'Sorry You Do not have access to this page');
    }
});
Route::filter('owner', function ($route, $request) {
    if (Auth::check()) {
Exemplo n.º 9
0
                $hashView = 'Folder (' . $kf->getFolderTitle($currentHash) . '): <span id="nb-unread">' . $unread . '</span><span class="hidden-phone"> ' . Intl::msg('unread items') . '</span>';
                break;
            default:
                $hashView = '<span id="nb-unread">' . $unread . '</span><span class="hidden-phone"> ' . Intl::msg('unread items') . '</span>';
                break;
        }
        $menu = $kfc->getMenu();
        $paging = $kfc->getPaging();
        $pb->assign('menu', $menu);
        $pb->assign('paging', $paging);
        $pb->assign('currentHashType', $currentHashType);
        $pb->assign('currentHashView', $hashView);
        $pb->assign('currentPage', (int) $currentPage);
        $pb->assign('maxPage', (int) $maxPage);
        $pb->assign('currentItemHash', $currentItemHash);
        $pb->assign('nbItems', $nbItems);
        $pb->assign('items', $listItems);
        if ($listFeeds == 'show') {
            $pb->assign('feedsView', $kf->getFeedsView());
        }
        $pb->assign('pagetitle', strip_tags($kfc->title));
        $pb->renderPage('index');
    } else {
        $pb->assign('pagetitle', Intl::msg('Sign in') . ' - ' . strip_tags($kfc->title));
        if (!empty($_SERVER['QUERY_STRING'])) {
            $pb->assign('referer', MyTool::getUrl() . '?' . $_SERVER['QUERY_STRING']);
        }
        $pb->assign('token', Session::getToken());
        $pb->renderPage('login');
    }
}
'">Ban</button>
                            <?php 
    } else {
        ?>
                                <button class="btn btn-default" type="button" onClick="location.href='<?php 
        echo e(route('sentinel.users.unban', array($user->hash)));
        ?>
'">Un-Ban</button>
                            <?php 
    }
    ?>
                            <button class="btn btn-default action_confirm" href="<?php 
    echo e(route('sentinel.users.destroy', array($user->hash)));
    ?>
" data-token="<?php 
    echo e(Session::getToken());
    ?>
" data-method="delete">Delete</button>
                        </td>
                    </tr>
                <?php 
}
?>
                </tbody>
            </table>
        </div>
    </div>
    <div class="row">
        <?php 
echo $users->render();
?>
Exemplo n.º 11
0
<?php

$items = $class::where('username', 'like', "%{$pattern}%")->orWhere('mobile', 'like', "%{$pattern}%")->orWhere('email', 'like', "%{$pattern}%")->paginate(20);
foreach ($items as $item) {
    $item->_modal_field = $field;
}
$table = new KTable();
$table->th('姓名')->functional(function ($user) {
    return e($user->username);
})->th('邮件')->functional(function ($user) {
    return e($user->email);
})->th('手机')->functional(function ($user) {
    return e($user->mobile);
})->th('选择')->functional(function ($user) use($action) {
    $url = URL::action($action);
    $token = Session::getToken();
    $btn = <<<BTN
        <a class="btn btn-sm btn-success" onclick="javascript:modal_select_this_one_btn(this)" data-attr-id="{$user->id}" data-attr-url="{$url}" data-csrf-token="{$token}" href="javascript:;"><span class="glyphicon glyphicon-plus"></span></a>
BTN;
    return $btn;
});
$table->itemsToTbody($items);
echo $table->draw();
Exemplo n.º 12
0
 function __construct()
 {
     parent::__construct('_token', \Session::getToken());
     $this->attributes['type'] = 'hidden';
 }
Exemplo n.º 13
0
 /**
  * Generate a hidden field containing the current CSRF token.
  *
  * @return string
  */
 public function token()
 {
     $csrf = $this->session->getToken();
     return (string) $this->app['former']->hidden('_token', $csrf);
 }
Exemplo n.º 14
0
}
# Start session
Session::$sessionName = 'poche';
Session::init();
# Start Poche
$poche = new Poche();
$notInstalledMessage = $poche->getNotInstalledMessage();
# Parse GET & REFERER vars
$referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
$view = Tools::checkVar('view', 'home');
$action = Tools::checkVar('action');
$id = Tools::checkVar('id');
$_SESSION['sort'] = Tools::checkVar('sort', 'id');
$url = new Url(isset($_GET['url']) ? $_GET['url'] : '');
# vars to _always_ send to templates
$tpl_vars = array('referer' => $referer, 'view' => $view, 'poche_url' => Tools::getPocheUrl(), 'title' => _('wallabag, a read it later open source system'), 'token' => Session::getToken(), 'theme' => $poche->getTheme());
if (!empty($notInstalledMessage)) {
    if (!Poche::$canRenderTemplates || !Poche::$configFileAvailable) {
        # We cannot use Twig to display the error message
        echo '<h1>Errors</h1><ol>';
        foreach ($notInstalledMessage as $message) {
            echo '<li>' . $message . '</li>';
        }
        echo '</ol>';
        die;
    } else {
        # Twig is installed, put the error message in the template
        $tpl_file = Tools::getTplFile('error');
        $tpl_vars = array_merge($tpl_vars, array('msg' => $poche->getNotInstalledMessage()));
        echo $poche->tpl->render($tpl_file, $tpl_vars);
        exit;
Exemplo n.º 15
0
<script type="text/ng-template" id="tickets.html">

    <div class="tickets" id="ticketsRoot" data-token="<?php 
echo Session::getToken();
?>
" ng-controller="TicketController">

        <div class="no-tickettypes" ng-hide="!$root.promoter_events.length || $root.promoter_events[$root.event_ndx].ticket_types.length">
            <div class="row">
                <div class="col-xs-12">
                    <h4 class="text-center">There are no ticket types defined for the current Event</h4>
                    <p><a href="mailto:andre@eenvoudmedia.nl?subject=No Ticket Types">Contact Alda</a></p>
                </div>
            </div>
        </div>

        <div class="container tickets-wrapper" ng-show="$root.promoter_events.length && $root.promoter_events[$root.event_ndx].ticket_types.length">

            <div class="row">
                <div class="col-xs-10 col-xs-offset-1 col-sm-offset-0">

                    <button title="Dashboard" class="details-btn-sel" ng-click="selectEventView('form.dashboard');$root.active_dashboard_btn=true;" ng-class="$root.active_dashboard_btn ? 'active' : ''">
                        <span class="fa fa-list"></span>
                    </button>
                    <button title="Venue Details" class="details-btn-sel" ng-click="selectEventView('form.event_venue');$root.active_venue_btn=true;" ng-class="$root.active_venue_btn ? 'active' : ''">
                        <span class="fa fa-institution"></span>
                    </button>
                    <button title="Event Details" class="details-btn-sel" ng-click="selectEventView('form.event_hospitality');$root.active_event_btn=true;" ng-class="$root.active_event_btn ? 'active' : ''">
                        <span class="fa fa-plane"></span>
                    </button>
                    <button title="Event Ticket Sales" class="details-btn-sel" ng-click="selectEventView('form.tickets');$root.active_tickets_btn=true;" ng-show="$root.promoter_events[$root.event_ndx].ticket_types.length" ng-class="$root.active_tickets_btn ? 'active' : ''">
Exemplo n.º 16
0
/*
|--------------------------------------------------------------------------
| CSRF Protection Filter
|--------------------------------------------------------------------------
|
| The CSRF filter is responsible for protecting your application against
| cross-site request forgery attacks. If this special token in a user
| session does not match the one given in this request, we'll bail.
|
*/
Route::filter('csrf', function () {
    // Check ajax requests for token validity via the header.
    // app.js has the code to grab form tokens and put it in
    // a header, well validate it here if its a post AJAX
    if (Request::ajax() && Request::getMethod() == 'POST') {
        if (Session::getToken() != Request::header('X-CSRF-Token')) {
            throw new Illuminate\Session\TokenMismatchException();
        }
    } else {
        if (Request::getMethod() == 'POST' && Session::token() != Input::get('_token')) {
            throw new Illuminate\Session\TokenMismatchException();
        }
    }
});
/*
|--------------------------------------------------------------------------
| Key Required Filter
|--------------------------------------------------------------------------
|
| The following filters is used to ensure that routes that require a key
| to have usefull information have valid keys to show information for
Exemplo n.º 17
0
 function parrainer()
 {
     if (!$this->session->islogged()) {
         $this->redirect("?membre/login");
     }
     $erreurs = array();
     $notifications = array();
     $soumis = $this->request->data ? $this->request->data : null;
     $form = array('mail' => '');
     if (Session::getToken('parrainage') === false) {
         Session::addToken(array('name' => 'parrainage', 'limit_time' => 10 * 60, 'time' => time()));
     }
     $token = Session::getToken('parrainage');
     if ($soumis) {
         // à ce niveau, le formulaire a été envoyé.
         /* Si la requete provient d'un autre site ou n'a pas de http_referer (a été directement écrite dans l'url)
          * on la rejette illico
          */
         //on rejette les requetes extérieures ou tapées dans l'url ou par un autre moyen que post
         if ($this->request->is('no-origin') || !Session::isValidToken('parrainage')) {
             $message = conf::DEBUG ? 'Erreur [MEM ' . __LINE__ . '] : La requête a échouée. Veuillez réactualiser la page.' : 'Le jeton CRSF a expiré. Veuillez réactualiser la page.';
             $this->error($message);
             return false;
         }
         //on vérifie aussi que le token enregistré et celui envoyé sont les mêmes
         if ($token['value'] !== $soumis['token']) {
             $this->redirect('?membre/parrainer/');
         }
         if (empty($erreurs)) {
             $_SESSION['saveform'] = $soumis;
             unset($soumis);
             $this->redirect('?membre/parrainer/');
         }
     }
     if (isset($_SESSION['saveform'])) {
         $soumis = $_SESSION['saveform'];
         unset($_SESSION['saveform']);
         if (!Session::isValidToken('parrainage')) {
             $this->error("Le temps de soumission est dépassé. Veuillez recharger la page.");
             return false;
         }
         $form = array('mail' => PregFucntions::sanitize_string($soumis['mail']));
         //on s'assure que le mail est inexistant dans la table des membres
         $find = $this->membre->find(array('conditions' => 'mem_mail = ' . $form['mail'], 'fecthMethod' => PDO::FETCH_ASSOC));
         if ($find) {
             $erreurs[] = "Le mail est déjà utilisé.";
         }
         if (!(substr($form['mail'], strrpos($form['mail'], '@')) === '@eleves.ec-nantes.fr')) {
             $erreurs[] = "Vous n'êtes pas de l'école Centrale. Il vous faut un mail du type xxx@eleves.ec-nantes.fr";
         }
         if (empty($erreurs)) {
             // ajout à la table parrainage
             $token_de_validation = Session::genereToken();
             $this->membre->add(array('tables' => ' parrainage ', 'values' => " " . Functions::squote($_SESSION['membre']['mem_id']) . ",'-1'" . "," . Functions::squote($form['mail']) . "," . "NOW()" . ",'0'" . "," . Functions::squote($token_de_validation)));
             //Envoyer le mail au fillot
             if ($this->mail(array('config' => 'nacder.net', 'destinataire' => $form['mail'], 'expediteur' => Conf::$mail['default']['no-reply'], 'aliasExpediteur' => constant('site_i_name'), 'objet' => "[" . constant('site_i_name') . "] - Confirmez votre parrainage", 'message' => Mail::_messageParrainage(array('parrain_login' => $_SESSION['membre']['mem_login'], 'parrain_mail' => $_SESSION['membre']['mem_mail'], 'fillot_mail' => $form['mail'], 'mem_token' => $token_de_validation, 'logo' => Conf::$mail['default']['logo']))))) {
                 $notifications[] = "Votre requête a été transmise.";
             } else {
                 $erreurs[] = "La requête n'a pas pu être envoyée à l'adresse donnée.";
             }
         }
         Session::addToken(array('name' => 'parrainage', 'limit_time' => 10 * 60, 'time' => time()));
     }
     $variables['soumis'] = $soumis;
     $variables['erreurs'] = $erreurs;
     $variables['notifications'] = $notifications;
     $form['token'] = $token['value'];
     $variables['form'] = $form;
     $this->myrender(array('menu' => 'menu', 'title' => 'Espace Parrainage', 'view' => 'parrainage', 'variables' => $variables));
 }
Exemplo n.º 18
0
 /**
  * Compiles a view given a view name and context. Does not print to the screen.
  * 
  * The context for the page will be user the "page" key.
  * So for example a "user" array passed as the context will
  * be available as {{ page.user }}
  * 
  * @param string $name The name of the view.
  * @param mixed $context The context to use in compilation.
  */
 public static function compileView($name, $context = null)
 {
     self::initialize();
     if ($context == null) {
         $context = array();
     }
     $context = array_merge(array('_token' => Session::getToken(), 'app' => array('alerts' => Log::getAlerts(), 'notices' => Log::getNotices())), array('page' => $context));
     return self::$twig->render($name . '.html.twig', $context);
 }
Exemplo n.º 19
0
<?php

/*
|--------------------------------------------------------------------------
| Application Routes
|--------------------------------------------------------------------------
|
| Here is where you can register all of the routes for an application.
| It's a breeze. Simply tell Laravel the URIs it should respond to
| and give it the Closure to execute when that URI is requested.
|
*/
Route::get('registration/company', function () {
    return Response::JSON(['test' => Session::getToken()]);
});
Route::get('/test', function () {
    $event_date = '2015-10-13';
    $task = (object) ['deadline_days_gap' => -2];
    $new_deadline = strtotime(-$task->deadline_days_gap . ' days', strtotime($event_date));
    echo date('Y-m-d', $new_deadline);
    return;
    $hotel = Hotel::find(4);
    Debugbar::info($hotel);
    $venue = Venue::find(77);
    $hospitality = $venue->hospitality;
    Debugbar::info($hospitality);
    $first_hotel = $hospitality->first_hotel_option()->associate($hotel);
    $first_hotel = $hospitality->first_hotel_option()->get();
    Debugbar::info($first_hotel);
    echo 'test';
});
Exemplo n.º 20
0
            $error_message = $errors->first($name, ':message');
        }
    }
    return $error_message;
}
function have_error($form, $name)
{
    $errors = $form->get_errors();
    if (!is_null($errors) && is_object($errors)) {
        return $errors->has($name);
    }
    return false;
}
Xform::include_all(function () {
    return Xform::template('div', function ($form) {
        $form->hidden('csrf_token')->value(Session::getToken());
        $form->setClass('token');
    });
});
Xform::macro('show_input_error', function ($name, $message = null) {
    return Xform::template('span', function ($form) use($name, $message) {
        $error_message = get_form_error_message($form, $name);
        if (!is_null($error_message)) {
            $form->putText($error_message);
            //$form->setRootAttr('data-title',$error_message);
            $form->setClass('help-block text-error');
        } else {
            $form->putText($message);
            $form->setClass('help-block');
        }
    });
Exemplo n.º 21
0
    public static function importTpl()
    {
        extract(FeedPage::$var);
        ?>
<!DOCTYPE html>
<html>
  <head>
<?php 
        FeedPage::includesTpl();
        ?>
  </head>
  <body>
    <div class="container-fluid">
      <div class="row-fluid">
        <div class="span4 offset4">
          <?php 
        FeedPage::statusTpl();
        ?>
          <?php 
        FeedPage::navTpl();
        ?>
          <form class="form-horizontal" method="post" action="?import" enctype="multipart/form-data" name="importform">
            <fieldset>
              <legend><?php 
        echo Intl::msg('Import opml file');
        ?>
</legend>
              <div class="control-group">
                <label class="control-label" for="filetoupload"><?php 
        echo Intl::msg('Opml file:');
        ?>
</label>
                <div class="controls">
                  <input tabindex="1" class="btn" type="file" id="filetoupload" name="filetoupload">
                  <span class="help-block"><?php 
        echo Intl::msg('Size max:');
        ?>
 <?php 
        echo MyTool::humanBytes(MyTool::getMaxFileSize());
        ?>
                    </span>
                </div>
              </div>

              <div class="control-group">
                <div class="controls">
                  <label for="overwrite">
                    <input type="checkbox" name="overwrite" id="overwrite">
                    <?php 
        echo Intl::msg('Overwrite existing feeds');
        ?>
                  </label>
                </div>
              </div>

              <div class="control-group">
                <div class="controls">
                  <input class="btn" type="submit" name="import" value="<?php 
        echo Intl::msg('Import opml file');
        ?>
">
                  <input class="btn" type="submit" name="cancel" value="<?php 
        echo Intl::msg('Cancel');
        ?>
">
                </div>
              </div>

              <input type="hidden" name="MAX_FILE_SIZE" value="<?php 
        echo MyTool::getMaxFileSize();
        ?>
">
              <input type="hidden" name="returnurl" value="<?php 
        echo $referer;
        ?>
" />
              <input type="hidden" name="token" value="<?php 
        echo Session::getToken();
        ?>
">
            </fieldset>
          </form>
        </div>
      </div>
    </div>
  </body>
</html> 
<?php 
    }
Exemplo n.º 22
0
 private function install()
 {
     Tools::logm('poche still not installed');
     echo $this->tpl->render('install.twig', array('token' => Session::getToken(), 'theme' => $this->getTheme(), 'poche_url' => Tools::getPocheUrl()));
     if (isset($_GET['install'])) {
         if ($_POST['password'] == $_POST['password_repeat'] && $_POST['password'] != "" && $_POST['login'] != "") {
             # let's rock, install poche baby !
             if ($this->store->install($_POST['login'], Tools::encodeString($_POST['password'] . $_POST['login']))) {
                 Session::logout();
                 Tools::logm('poche is now installed');
                 Tools::redirect();
             }
         } else {
             Tools::logm('error during installation');
             Tools::redirect();
         }
     }
     exit;
 }
Exemplo n.º 23
0
<?php

$datas = $dsp->var['param']['datas'];
$param = $dsp->var['param'];
?>

{{ openContent($param['titre']) }}

<?php 
// Open Form
Xform::form('route', 'domaine.create');
// Hidden
Xform::startRow('hidden');
Xform::addText('_token', 'x', Session::getToken(), 2);
Xform::addText('id', 'ID', $datas->id, 2);
Xform::addText('backUrl', '', $param['backUrl']);
Xform::addText('user_id', 'USER_ID', Auth::user()->id, 1);
Xform::endRow();
// Get Fields
Xform::startRow();
Xform::addText('nom', 'Nom du domaine', $datas->nom, 5);
Xform::endRow();
Xform::startRow();
Xform::addText('url', 'Url', $datas->url, 5);
Xform::endRow();
Xform::startRow();
Xform::addSelect('typedomaine_id', Typedomaine::lists('libelle', 'id'), 'Type', $datas->typedomaine_id, 2);
Xform::endRow();
// Buttons
Xform::addSubmit();
Xform::addCancel($param['backUrl']);
Exemplo n.º 24
0
 private function _install()
 {
     if (!empty($_POST['setlogin']) && !empty($_POST['setpassword'])) {
         $this->setSalt(sha1(uniqid('', true) . '_' . mt_rand()));
         $this->setLogin($_POST['setlogin']);
         $this->setHash($_POST['setpassword']);
         $this->write();
         FeedPage::$pb->assign('pagetitle', 'KrISS feed installation');
         FeedPage::$pb->assign('class', 'text-success');
         FeedPage::$pb->assign('message', Intl::msg('Your simple and smart (or stupid) feed reader is now configured.'));
         FeedPage::$pb->assign('referer', MyTool::getUrl() . '?import');
         FeedPage::$pb->assign('button', Intl::msg('Continue'));
         FeedPage::$pb->renderPage('message');
     } else {
         FeedPage::$pb->assign('pagetitle', Intl::msg('KrISS feed installation'));
         FeedPage::$pb->assign('token', Session::getToken());
         FeedPage::$pb->renderPage('install');
     }
     exit;
 }
Exemplo n.º 25
0
?>
            <option style="color:brown; font-weight: bold; background-color: lightgrey" value=""  disabled>EI3</option> 
            <?php 
foreach ($list_ue['ei3'] as $u) {
    if ($u) {
        echo "<option value='" . $u['net_nom'] . "' class='centered' >" . strtoupper($u['net_nom']) . " - " . $u['net_description'] . "</option>";
    }
}
?>
        </select>	
        <select class="form-control" name="catg" required > 
            <option value="" disabled >Catégorie</option> 
            <?php 
foreach ($list_catg as $k => $v) {
    echo "<option value='" . $k . "' >" . strtoupper($k) . " - " . $v . "</option>";
}
?>
        </select>
        <input class="form-control" name="fichier" type="file"  required  />  
		<?php 
$t = Session::getToken('uploadDefichier');
?>
        <input name="token" type="hidden" value="<?php 
echo $t['value'];
?>
" />  
         <br/> 
        <input class="btn btn-md btn-primary btn-block" name="submitted" type="submit" value="Envoyer"/>

    </form> 
</div>
Exemplo n.º 26
0
 function view($age, $eix, $ue, $dir = null)
 {
     if (!$this->session->islogged()) {
         $this->redirect("?membre/login");
     }
     $thisDir = $age . DS . $eix . DS . $ue . DS . $dir;
     $dir = isset($dir) ? $dir : '';
     $dir = urldecode(trim(str_replace('~', '/', $dir), '/'));
     $path = $age == 'a' ? 'filesOld' : 'files';
     //a ancien
     $path .= strtolower(DS . 'ei' . $eix . DS . $ue . DS . (!empty($dir) ? $dir . DS : ''));
     $directory = array();
     $files = array();
     $link_switch = '?download/view' . DS . (strtolower($age) == 'a' ? 'n' : 'a') . DS . $eix . DS . $ue;
     $link_hyper_racine = '?download/view' . DS . $age . DS . $eix . DS . $ue;
     //$n = strrpos(substr($dir,0,strlen($dir)-1),'/');  // Ex : dir= sds'/'dsds/ ==> n=3
     switch (strtolower($age)) {
         case 'a':
             $link_racine = $link_hyper_racine . DS;
             $link_racine .= str_replace('/', '~', $dir) . '~';
             //($n) ? substr($dir,0,$n) : '';
             $m = strrpos(trim($dir, '/'), '/');
             $link_up = $link_hyper_racine . DS . substr(trim($dir, '/'), 0, $m);
             $link_download = '?download/view' . DS . $age . DS . $eix . DS . $ue;
             $path = '../' . $path;
             // Répertoire pour l'ancienne version du kit
             $ispath = is_dir($path);
             //echo $path.' '.$ispath;
             //var_dump($ispath); var_dump($path);
             if ($ispath) {
                 $ret = array();
                 $ret_files = array();
                 $dossier = opendir($path);
                 while (false !== ($fichier = readdir($dossier))) {
                     if ($fichier != '.' && $fichier != '..' && $fichier != 'index.php') {
                         if (is_dir($path . $fichier)) {
                             array_push($ret, array("doc_path" => $fichier));
                         } else {
                             //création du tokken
                             Session::addToken($fichier);
                             $token = Session::getToken($fichier);
                             //récupération des infos sur le fichier (vielle version => table oldfiles)
                             $tmpFile = $this->document->findFirst(array('tables' => " openu_oldfiles ", 'conditions' => " path LIKE '%" . $path . $fichier . "%'", 'fecthMethod' => PDO::FETCH_ASSOC));
                             array_push($ret_files, array("doc_id" => !empty($tmpFile['id']) ? $tmpFile['id'] : 0, "doc_name" => utf8_encode($fichier), "doc_path" => $path, "doc_date" => date('d m Y ', filemtime($path . $fichier)), "doc_size" => Functions::human_filesize(filesize($path . $fichier)), "doc_year" => $eix, "doc_ue" => $ue, "doc_catg" => '', "doc_url" => '?download/load/' . $age . DS . $eix . DS . $ue . DS . (!empty($dir) ? str_replace('/', '~', $dir) : 'dir') . DS . $token['value'], "doc_code" => '', "doc_valid" => '', "doc_av_plus" => !empty($tmpFile['av_plus']) ? $tmpFile['av_plus'] : 0, "doc_av_moins" => !empty($tmpFile['av_moins']) ? $tmpFile['av_moins'] : 0, "doc_hits" => !empty($tmpFile['hits']) ? $tmpFile['hits'] : 0));
                         }
                     }
                 }
                 $directory = $ret;
                 $i = 0;
                 foreach ($directory as $d) {
                     if ($d) {
                         $directory[$i]['doc_path'] = str_replace($path, "", $d['doc_path']);
                         $t = explode('/', $directory[$i]['doc_path']);
                         $directory[$i]['dir'] = $t[0];
                         $i++;
                     }
                 }
                 $files = $ret_files;
             }
             break;
         case 'n':
             if (!($ok = $this->document->findFirst(array('tables' => 'reseau', 'conditions' => "net_niveau = " . $eix . " AND net_nom = " . Functions::squote($ue))))) {
                 $message = Conf::DEBUG ? "Erreur [" . get_class($this) . " " . __LINE__ . "] : Un des paramètres n'est pas configuré." : "Le répertoire de cours n'existe pas ou n'a pas encore été créé.";
                 $this->error($message);
                 exit;
             }
             $link_racine = $link_hyper_racine . DS;
             //$link_racine .= $dir;
             $m = strrpos(trim($dir, '/'), '/');
             $link_up = $link_hyper_racine . DS . substr(trim($dir, '/'), 0, $m);
             $directory = $this->document->find(array('tables' => " openu_files ", 'champs' => " DISTINCT catg ", 'conditions' => " year =  " . $eix . " AND ue = " . Functions::squote($ue) . (!empty($dir) ? " AND catg != " . Functions::squote($dir) : ""), 'order' => " name ASC ", 'fecthMethod' => PDO::FETCH_ASSOC));
             $i = 0;
             foreach ($directory as $d) {
                 if ($d) {
                     $directory[$i]['dir'] = $directory[$i]['catg'];
                     $i++;
                 }
             }
             $files = $this->document->find(array('tables' => " openu_files ", 'conditions' => " year =  " . $eix . " AND ue = " . Functions::squote($ue) . " AND catg = " . Functions::squote($dir), 'order' => " name ASC ", 'fecthMethod' => PDO::FETCH_ASSOC));
             $j = 0;
             foreach ($files as $d) {
                 if ($d) {
                     $files[$j]['doc_size'] = Functions::human_filesize($d['size']);
                     $files[$j]['doc_url'] = '?download/downloadFinished/' . $files[$j]['id'] . '/0/0';
                     // le controller download a besoin de 3 parametres par defaut pour fonctionner
                     //$files[$j]['doc_url'] = OPENUPLOADDIR.DS.'?action=d&id='.$files[$j]['id'];
                     $j++;
                 }
             }
             break;
         default:
             $message = Conf::DEBUG ? "Erreur [" . get_class($this) . " " . __LINE__ . "] : Un des paramètres n'est pas configuré." : "Le répertoire de cours n'existe pas ou n'a pas encore été créé.";
             $this->error($message);
             exit;
             break;
     }
     $variables['thisDir'] = $thisDir;
     $variables['link_up'] = $link_up;
     $variables['link_switch'] = $link_switch;
     $variables['link_hyper_racine'] = $link_hyper_racine;
     $variables['link_racine'] = $link_racine;
     $variables['age'] = $age;
     $variables['directory'] = $directory;
     $variables['files'] = $files;
     //informations sur le cours (= réseau)
     $t = $this->reseau->find(array('conditions' => " net_nom = '" . strtolower($ue) . "'"));
     $variables['ue_nom_for_layout'] = $ue;
     $variables['ue_description_for_layout'] = $t[0]->net_description;
     //on vérifie si l'utilisateur est déjà inscrit à ce cours
     $reseau_membre = $this->reseau->findFirst(array('tables' => " reseau_membre ", 'conditions' => " net_id = '" . $t[0]->net_id . "' AND mem_id = " . $_SESSION['membre']['mem_id']));
     $variables['est_inscrit'] = $reseau_membre !== false && !empty($reseau_membre);
     //liste des inscrits à ce cours
     $listeInscrits = $this->reseau->find(array('tables' => " reseau_membre rm NATURAL JOIN membre m", 'champs' => ' DISTINCT m.mem_id, m.mem_login ', 'conditions' => " rm.net_id = " . $t[0]->net_id . "", 'fecthMethod' => PDO::FETCH_ASSOC));
     $variables['listeInscrits'] = $listeInscrits !== false && !empty($listeInscrits) ? $listeInscrits : null;
     $list = Script::_multi_script(array(array('type' => '_query', 'action' => 'click', 'element' => '#modal_inscription', 'name' => 'modal_inscription', 'parameters' => 'id', 'code' => 'setTimeout("window.location.reload()",1000);', 'toReload' => '#rien', 'query' => urlencode($t[0]->net_id . ':' . $_SESSION['membre']['mem_id']), 'reponse' => '#reponse_modal_inscription', 'method' => 'GET', 'url' => '?ajax/inscription_reseau/', 'time' => '3000')));
     /*Les champs obligatoires pour le type _query : toReload, "query, #element, #reponse , "method, "url*/
     $variables['mesScripts'] = $list['s'];
     //définitions des fonctions => dans le header
     $variables['mesScriptsFunc'] = $list['d'];
     // appels des fonctions définis => dans le footer
     $this->myrender(array('menu' => 'menu', 'title' => strtoupper($ue), 'view' => 'view', 'variables' => $variables));
 }
Exemplo n.º 27
0
    return Auth::basic();
});
Route::filter('guest', function () {
    if (Auth::check()) {
        return Redirect::to('user/login/');
    }
});
Entrust::routeNeedsRole('admin*', array('admin'), Redirect::to('/nopermission'));
Entrust::routeNeedsPermission('admin/slugs*', 'manage_blogs', Redirect::to('/admin'));
Entrust::routeNeedsPermission('admin/comments*', 'manage_comments', Redirect::to('/admin'));
Entrust::routeNeedsPermission('admin/users*', 'manage_users', Redirect::to('/admin'));
Entrust::routeNeedsPermission('admin/roles*', 'manage_roles', Redirect::to('/admin'));
Entrust::routeNeedsPermission('admin/settings*', 'manage_settings', Redirect::to('/admin'));
Entrust::routeNeedsPermission('admin/search*', 'site_search', Redirect::to('/admin'));
Entrust::routeNeedsPermission('admin/todos*', 'manage_todos', Redirect::to('/admin'));
Route::filter('csrf', function () {
    if (Session::getToken() != Input::get('csrf_token') && Session::getToken() != Input::get('_token')) {
        return Redirect::to('invalidtoken');
    }
});
Route::filter('detectLang', function ($route, $request, $lang = 'auto') {
    if ($lang != "auto" && in_array($lang, Config::get('app.available_language'))) {
        Config::set('app.locale', $lang);
    } else {
        $browser_lang = !empty($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? strtok(strip_tags($_SERVER['HTTP_ACCEPT_LANGUAGE']), ',') : '';
        $browser_lang = substr($browser_lang, 0, 2);
        $userLang = in_array($browser_lang, Config::get('app.available_language')) ? $browser_lang : Config::get('app.locale');
        Config::set('app.locale', $userLang);
        App::setLocale($userLang);
    }
});
Exemplo n.º 28
0
 function index()
 {
     if (!$this->session->islogged()) {
         $this->redirect("?membre/login");
     }
     //on crée le jeton s'il n'existe pas
     if (Session::getToken('uploadDefichier') === false) {
         Session::addToken(array('name' => 'uploadDefichier', 'limit_time' => 10 * 60, 'time' => time()));
     }
     $soumis = null;
     $erreurs = array();
     $notifications = array();
     /* petite manipulation pour éviter les soumissions multiples de formulaire ...
      * le souci avec cette méthode c'est qu'elle ne préserve pas le fichier téléchargé après la redirection
      * il faut donc le sauvegarder avant de rediriger. La sauvegarde s'effectue dans un fichier temporaire
      * sous condition que le fichier soit valide
      */
     if ($this->request->data) {
         $soumis = $this->request->data;
         $soumisfile = $this->request->datafile;
         /* à ce niveau, le formulaire a été envoyé.
          * Si la requete provient d'un autre site ou n'a pas de http_referer (a été directement écrite dans l'url)
          * on la rejette illico
          */
         if ($this->request->is('external') || $this->request->is('no-origin') || !Session::isValidToken('uploadDefichier')) {
             $message = 'Erreur [DLU ' . __LINE__ . '] : La requête a échouée. Veuillez réactualiser la page.';
             $this->error($message);
             return false;
         }
         $t = Session::getToken('uploadDefichier');
         if ($t['value'] !== $soumis['token']) {
             $erreurs[] = "Le formulaire n'est plus valide.";
         }
         // on sauvegarde le fichier avec les seuls droits de lecture si la taille est bonne et aucune erreur détectée
         $upload_max_file = PregFucntions::return_bytes(ini_get('upload_max_filesize'));
         $size = filesize($soumisfile['fichier']['tmp_name']);
         if (empty($erreurs) && $size <= $upload_max_file) {
             $valid = $this->anyErrorFile($soumisfile['fichier']['error']);
             if ($valid) {
                 $name = $soumisfile['fichier']['name'];
                 $path = UPLOADS . DS . $soumisfile['fichier']['name'];
                 if ($this->moveFile($soumisfile['fichier']['tmp_name'], $path, 0444)) {
                     $_SESSION['saveform'] = $soumis;
                     $_SESSION['saveformfile'] = $path;
                     unset($soumis);
                     unset($soumisfile);
                     header('Location: ' . Router::url('?upload/index/'));
                     exit;
                 } else {
                     $erreurs[] = "Une erreur est survenue.";
                     $erreurs[] = "Il se pourrait que votre fichier ne respecte pas les règles de sécurité.";
                 }
             } else {
                 $erreurs[] = $valid;
             }
         } else {
             $erreurs[] = "La limite autorisée est de " . ini_get('upload_max_filesize') . "o";
         }
     }
     // ... suite de la manipulation et déplacement du fichier vers sa destination finale
     if (isset($_SESSION['saveform'])) {
         // à ce niveau, il ne sert à rien de continuer si le jeton est invalide. D'ailleurs on le supprime
         if (!Session::isValidToken('uploadDefichier')) {
             $message = "Le temps de soumission est dépassé. Veuillez recharger la page.";
             $this->error($message);
             return false;
         }
         //récupération des données et suppression des varibles de session
         $soumis = $_SESSION['saveform'];
         $soumisfile = $_SESSION['saveformfile'];
         unset($_SESSION['saveform']);
         unset($_SESSION['saveformfile']);
         //on récupère les données du formulaire
         $form = array('year' => $soumis['year'], 'ue' => $soumis['ue'], 'catg' => strtolower($soumis['catg']), 'name' => basename($soumisfile), 'size' => filesize($soumisfile), 'path' => 'files/ei' . $soumis['year'] . '/' . $soumis['ue'] . '/' . $soumis['catg'] . '/', 'code' => Session::genereToken(), 'valid' => 0);
         // On s'assure que le token généré est unique dans la base de données
         while ($this->document->find(array('conditions' => 'doc_code=\'' . $form['code'] . '\'', 'fecthMethod' => PDO::FETCH_ASSOC))) {
             $form['code'] = Session::genereToken();
         }
         //on s'assure que le cours corrsepond à l'année Ex: algpr => ei1
         $find = $this->reseau->find(array('conditions' => 'net_niveau = ' . $form['year'] . ' AND net_nom = ' . Functions::squote($form['ue']) . ' ', 'fecthMethod' => PDO::FETCH_ASSOC));
         if ($find) {
             //On place les fichiers au bon endroit
             $path = DWLOADS_short . DS . $form['path'] . $form['name'];
             if ($this->renameFile($soumisfile, $path)) {
                 /* Puisque le fichier a déjà été contrôlé, on l'ajoute aisément dans la base de données puis dans le 
                  * bon répertoire, mais avec le statut non approuvé par l'admin, soit mem_etat = 0 
                  */
                 if ($this->document->add(array('values' => " ''," . Functions::squote($form['name']) . "," . Functions::squote($form['path']) . "," . $form['size'] . "," . $form['year'] . "," . Functions::squote($form['ue']) . "," . Functions::squote($form['catg']) . "," . Functions::squote($form['code']) . ",0,NOW()")) === true) {
                     $notifications[] = "Votre fichier a bien été uploadé sous le nom : " . $form['name'];
                     $notifications[] = "Votre fichier a bien été uploadé et attend d'être validé. ";
                 } else {
                     $erreurs[] = "[1] Une erreur est survenue lors de la migration des fichiers.";
                 }
             } else {
                 $erreurs[] = "[2] Une erreur est survenue lors de la migration des fichiers.";
             }
         } else {
             $erreurs[] = "Le module mentionné ne correspond pas à l'année choisie.";
             chmod($soumisfile, 0777);
             unlink($soumisfile);
         }
         //Une fois le formulaire soumis, on génère un nouveau jeton, et ce quelque soit l'issue (formulaire validé ou non, envoyé ou non)
         Session::addToken(array('name' => 'uploadDefichier', 'limit_time' => 10 * 60, 'time' => time(), 'erase' => true));
     }
     $list_ue['ei1'] = $this->reseau->find(array('conditions' => 'net_niveau=1', 'fecthMethod' => PDO::FETCH_ASSOC));
     $list_ue['ei2'] = $this->reseau->find(array('conditions' => 'net_niveau=2', 'fecthMethod' => PDO::FETCH_ASSOC));
     $list_ue['ei3'] = $this->reseau->find(array('conditions' => 'net_niveau=3', 'fecthMethod' => PDO::FETCH_ASSOC));
     $list_catg = array('ds' => 'Enoncés de Devoirs Surveillés', 'dsc' => 'Corrigés de Devoirs Surveillés', 'ta' => 'Travaux en Autonomie', 'tp' => 'Travaux Pratiques');
     if (empty($list_ue)) {
         $message = Conf::DEBUG ? "Erreur [" . get_class($this) . " " . __LINE__ . "]." : "Erreur [ DLU " . __LINE__ . " ] : un problème est survenu lors du chargement de la page.";
         $this->error($message);
     }
     $variables['soumis'] = $soumis;
     $variables['erreurs'] = $erreurs;
     $variables['notifications'] = $notifications;
     $variables['list_ue'] = $list_ue;
     $variables['list_catg'] = $list_catg;
     $this->myrender(array('menu' => 'menu', 'title' => 'Espace Upload', 'view' => 'index', 'variables' => $variables));
     unset($soumis);
     unset($soumisfile);
 }