$code = "";
$clen = strlen($chars) - 1;
while (strlen($code) < $length) {
$code .= $chars[mt_rand(0, $clen)];
}
return $code;
}
$sessionProvider = ProviderFactory::getSessions(null);
if ($action == "logoff") {
$sessionProvider->closeSession($ticket);
$ticket = '';
} else {
if ($action = "logon") {
$userProvider = new XmlUsersDB();
if ($userProvider->checkUser($usr, $psw)) {
$ticket = getUserHash();
$sessionProvider->setSession($usr, $ticket);
}
}
}
$_SESSION["ticket"] = $ticket;
$authorizedUser = $sessionProvider->getAuthorizedUser($ticket);
$userProvider = ProviderFactory::getUsers();
$authorizedUserName = $userProvider->getUserName($authorizedUser);
if ($ticket == '') {
?>
<div id="authorizationPanel">
<form action="logon.php" method="post">
<div><span class="local" ar-locale-id="login">Логин</span>: <input type="text" name="tbLogin"/></div>
<div><span class="local" ar-locale-id="password">Пароль</span>: <input type="password" name="tbPassword"/></div>
<?php
session_start();
require_once dirname(__FILE__) . DIRECTORY_SEPARATOR . '../../config/constants.php';
require_once dirname(__FILE__) . DS . '../../src/connection.php';
require_once dirname(__FILE__) . DS . '../../src/protectCSRF.php';
if ($_POST) {
extract($_POST);
$token = isset($token) ? $token : null;
$email = isset($email) ? $email : null;
$senha = isset($senha) ? $senha : null;
checkTokenIsValid($token);
$email = antiInjection($email);
$senha = antiInjection($senha);
//Recupera senha criptografada (HASH)
$hash = getUserHash($email);
//Verifica se senha digitada é válida no banco
//Tem que ser um array
$dataPasswordVerify = ['email' => $email, 'senha' => $senha, 'hash' => $hash];
if (passwordCheck($dataPasswordVerify) === false) {
header('Location: ' . SITE_URL . 'index.php');
} else {
header('Location: ' . SITE_URL . 'dashboard.php');
}
} else {
header('Location: ' . SITE_URL . 'index.php');
}
/**
* Função para verificar se a senha digitada é a correta
* e verifica se houve alteração no algoritmo de HASH do PHP
* Caso positívo altera o algoritmo de HASH
<?php
require_once 'functions.php';
if (!isset($_POST['submitted'])) {
echo "GET OUT!";
} else {
$userNameOrEmail = $_POST['userName'];
$userPass = $_POST['userPassword'];
$hash = getUserHash($userNameOrEmail);
$passwordMatch = password_verify($userPass, $hash);
if ($passwordMatch) {
$userData = getUserData($userNameOrEmail);
$token = array("user_id" => $userData['user_id'], "permissions" => $userData['group_id'], "iat" => time(), "exp" => time() + 14 * 24 * 60 * 60, "iss" => BASE_URL, "uip" => $_SERVER['REMOTE_ADDR']);
$key = getSessionKey();
$jwt = JWT::encode($token, $key, 'HS256');
setUserToken($userData['user_id'], $jwt);
$userData['session_token'] = $jwt;
$_SESSION['userData'] = $userData;
header("Location: .");
} else {
header("Location: ./login?err=invalid");
}
}
$params["user_id"] = $DB->sanitize($_REQUEST["user_id"]);
// End Parameters
// Get all Reports in range
$sql = "SELECT * from orders join contacts on orders.contact_id = contacts.contact_id where order_status_id = 5 AND DateCompleted >= '" . $params["startDate"] . "' AND DateCompleted <= '" . $params["endDate"] . "' ORDER BY order_id";
$result = $DB->query($sql);
if (!$result) {
$DB->close();
echo "No Sales Found in that Date Range";
exit;
}
$orders = array();
while ($orderRow = mysql_fetch_assoc($result)) {
$orders[$orderRow["order_id"]] = $orderRow;
}
// Get All Users
$users = getUserHash($DB);
$orderHash = buildOrdersByUsersHash($DB, $users, $orders);
$user_id = $params["user_id"];
// Build Order Hash by User
$highestEarned = 0;
foreach ($orderHash as $userHash) {
$commTotal = 0;
$bonusTotal = 0;
$adjustmentTotal = 0;
foreach ($userHash["commissions"] as $comm) {
$commTotal += $comm["commission"];
$adjustmentTotal += $comm["adjustment"];
}
$total = $commTotal + $bonusTotal + $adjustmentTotal;
$firephp->log("Total: " . $total . " Highest: " . $highestEarned);
if ($total > $highestEarned) {
function checkUserHash($username, $hash)
{
$stored_hash = getUserHash($username);
if ($hash == $stored_hash) {
return true;
} else {
return false;
}
}
