/**
* Confirm an authorisation key is valid
*
* See description of xarSecGenAuthKey for information on
* this function
*
* @access public
* @param string authIdVarName
* @return bool true if the key is valid, false if it is not
* @throws FORBIDDEN_OPERATION
* @todo bring back possibility of time authorized keys
*/
function confirmAuthKey($modName = NULL, $authIdVarName = 'authid')
{
if (!isset($modName)) {
list($modName) = wbRequest::getController();
}
$authid = wbRequest::getVar($authIdVarName);
$rands = wbSession::getVar('rand');
$now = time();
srand((double) microtime() * 1000000);
// convert single rand to array of "timestamp-rand()" strings
if (!is_array($rands)) {
$rands = array();
// session integrity: only keep most recent 64 values
$rands = array_slice($rands, -64);
wbSession::setVar('rand', $rands);
}
// needed in foreach to expire old rand values
$age = wbConfig::get('Session.InactivityTimeout') * 60;
// convert minutes to seconds
// loop through the rands array to find a match
foreach ($rands as $r => $rnd) {
list($timestamp, $rndval) = explode('-', $rnd, 2);
// ignore and get rid of random values older than session activity timeout
if ($now - $age > $timestamp) {
unset($rands[$r]);
continue;
}
// Regenerate static part of key
$partkey = $rndval . strtolower($modName);
if (md5($partkey) == $authid) {
// Match - get rid of it and leave happy
unset($rands[$r]);
// session integrity: only keep most recent 64 values
$rands = array_slice($rands, -64);
wbSession::setVar('rand', $rands);
return true;
}
}
throw new Exception("<p>Operasi yang anda coba lakukan tidak diperkenankan dalam kondisi ini.</p>Anda mungkin telah menekan tombol Back atau Reload pada browser dan mencoba kembali operasi yang tidak boleh diulang, atau cookie tidak diaktifkan pada browser anda");
return false;
}
public static function delSession()
{
wbSession::setVar('user_id', WB_USER_UNREGISTERED_ID);
wbSession::setVar('user_name', WB_USER_UNREGISTERED_NAME);
wbSession::setVar('user_email', '');
wbSession::setVar('user_realname', '');
wbSession::setVar('roles', serialize(array()));
return true;
}
/**
* create
* controler for create new item
*/
public static function create($args = array())
{
// Security check
// Get arguments from argument array
global $_FILES;
/*$current = "tsetsetset";
file_put_contents("C:/xampp/htdocs/mpd-wp/server/abus_teu.txt", $current);
extract($args);
echo "tes";
print_r($_FILES);
print_r($_POST);
print_r($_GET);
if (!move_uploaded_file($_FILES['uploadedfile']['tmp_name'], self::imurl().$_FILES['uploadedfile']['name'])){
throw new Exception("Upload file gagal. Mohon periksa direktori bukti transfer");
}
exit;
*/
if (!empty($_FILES['uploadedfile']['name'])) {
try {
wbUtil::checkUploadedImage($_FILES['uploadedfile']);
} catch (Exception $e) {
$data['message'] = $e->getMessage();
echo json_encode($data);
session_write_close();
exit;
}
}
$data = array('items' => array(), 'success' => false, 'message' => '');
$jsonItems = wbRequest::getVarClean('items', 'str', '');
$items =& wbUtil::jsonDecode($jsonItems);
$t_cust_order_legal_doc_id = wbRequest::getVarClean('t_cust_order_legal_doc_id', 'int', 0);
$t_customer_order_id = wbRequest::getVarClean('t_customer_order_id', 'int', 0);
$p_legal_doc_type_id = wbRequest::getVarClean('p_legal_doc_type_id', 'str', '');
$legal_doc_desc = wbRequest::getVarClean('legal_doc_desc', 'str', '');
$origin_file_name = wbRequest::getVarClean('file_name', 'str', '');
$file_folder = wbRequest::getVarClean('file_folder', 'int', 0);
$file_name = wbRequest::getVarClean('file_name', 'int', 0);
if (!is_array($items)) {
$data['message'] = 'Invalid items parameter';
return $data;
}
$table =& wbModule::getModel('bds', 't_cust_order_legal_doc');
$table->actionType = 'CREATE';
if (isset($items[0])) {
$errors = array();
$numSaved = 0;
$numItems = count($items);
$savedItems = array();
for ($i = 0; $i < $numItems; $i++) {
try {
$table->dbconn->BeginTrans();
$items[$i][$table->pkey] = $table->GenID();
$table->setRecord($items[$i]);
$table->create();
$numSaved++;
$table->dbconn->CommitTrans();
} catch (Exception $e) {
$table->dbconn->RollbackTrans();
$errors[] = $e->getMessage();
}
$items[$i] = array_merge($items[$i], $table->record);
}
$numErrors = count($errors);
if (count($errors)) {
$data['message'] = $numErrors . " dari " . $numItems . " record gagal disimpan.<br/><br/><b>System Response:</b><br/>- " . implode("<br/>- ", $errors) . "";
} else {
$data['success'] = true;
$data['message'] = 'Data berhasil disimpan';
}
$data['items'] = $items;
} else {
try {
// begin transaction block
$table->dbconn->BeginTrans();
// insert master
$items[$table->pkey] = $table->dbconn->GetOne("select generate_id('sikp','t_cust_order_legal_doc','t_cust_order_legal_doc_id') from dual");
if (!empty($_FILES['uploadedfile']['name'])) {
$orign_filename = $_FILES['uploadedfile']['name'];
$filename = time() . $_FILES['uploadedfile']['name'];
if (!move_uploaded_file($_FILES['uploadedfile']['tmp_name'], self::imurl() . $filename)) {
throw new Exception("Upload file gagal. Mohon periksa direktori bukti transfer");
}
$path = strtolower(strrchr($_FILES['uploadedfile']['name'], '.'));
if ($path == '.jpeg' || $path == '.jpg' || $path == '.gif' || $path == '.png') {
$thumbnail = self::imurl() . '/th_' . $filename;
wbUtil::createThumbnailImage(2, self::imurl() . $filename, $thumbnail, 150, 150);
$view_picture = self::imurl() . '/view_' . $filename;
wbUtil::createThumbnailImage(2, self::imurl() . $filename, $view_picture, 600, 800);
}
$items['file_name'] = $filename1;
}
$items['description'] = $legal_doc_desc;
$items['origin_file_name'] = $orign_filename;
$items['file_name'] = $filename;
wbSession::setVar('user_name', $items['user_name']);
$table->setRecord($items);
$table->create();
// insert detail
///////////////////////////////////this is the magic for upload////////////////////////////////////
//$encoded = $_POST['uploaded']->file_name;
//$location = self::imurl().$items[$table->pkey].'_'.$items['file_name'];// Mention where to upload the file
//$current = @file_get_contents($location); // Get the file content. This will create an empty file if the file does not exist
//$current = base64_decode($encoded); // Now decode the content which was sent by the client
//file_put_contents($location, $current); // Write the decoded content in the file mentioned at particular location
///////////////////////////////////////////////////////////////////////////////////////////////////
$data['success'] = true;
$data['message'] = 'Data berhasil disimpan';
$data['items'] = $table->get($items[$table->pkey]);
// all ok, commit transaction
$table->dbconn->CommitTrans();
} catch (Exception $e) {
// something happen, rollback transaction
$table->dbconn->RollbackTrans();
$data['message'] = $e->getMessage();
$data['items'] = $items;
}
}
return $data;
}
