function secure_redirect($uri = '', $method = 'location', $http_response_code = 302)
{
switch ($method) {
case 'refresh':
header("Refresh:0;url=" . secure_site_url($uri));
break;
default:
header("Location: " . secure_site_url($uri), TRUE, $http_response_code);
break;
}
exit;
}
/**
* List all the polls
*/
public function index()
{
if ($this->require_role('admin,super-agent')) {
if ($this->is_role('agent')) {
//if it's an agent so we redirect him
redirect(secure_site_url('polls/select'));
}
$polls = array();
$polls_list = $this->main_model->getPollsWithSheetsNumber();
foreach ($polls_list as $poll) {
$poll->sheets_count = $poll->sheets_number . '/' . $poll->max_surveys_number;
$polls[] = $poll;
}
$data = array('content' => 'polls/index', 'title' => "Liste des sondages", 'js_to_load' => array('polls.js'), 'polls' => $polls);
$this->load->view('global/layout', $data);
}
}
/**
* Reset password
* @return [type] [description]
*/
public function password()
{
if (!$this->auth_role) {
// Load resources
$this->load->model('examples_model');
/// If IP or posted email is on hold, display message
if ($on_hold = $this->authentication->current_hold_status(TRUE)) {
$view_data['disabled'] = 1;
} else {
// If the form post looks good
if ($this->tokens->match && $this->input->post('user_email')) {
if ($user_data = $this->examples_model->get_recovery_data($this->input->post('user_email'))) {
// Check if user is banned
if ($user_data->user_banned == '1') {
// Log an error if banned
$this->authentication->log_error($this->input->post('user_email', TRUE));
// Show special message for banned user
$view_data['user_banned'] = 1;
} else {
/**
* Use the string generator to create a random string
* that will be hashed and stored as the password recovery key.
*/
$this->load->library('generate_string');
$recovery_code = $this->generate_string->set_options(array('exclude' => array('char')))->random_string(64)->show();
$hashed_recovery_code = $this->_hash_recovery_code($user_data->user_salt, $recovery_code);
// Update user record with recovery code and time
$this->examples_model->update_user_raw_data($user_data->user_id, array('passwd_recovery_code' => $hashed_recovery_code, 'passwd_recovery_date' => date('Y-m-d H:i:s')));
$view_data['special_link'] = secure_anchor('user/verification/' . $user_data->user_id . '/' . $recovery_code, secure_site_url('user/verification/' . $user_data->user_id . '/' . $recovery_code), 'target ="_blank"');
$view_data['confirmation'] = 1;
}
} else {
// Log the error
$this->authentication->log_error($this->input->post('user_email', TRUE));
$view_data['no_match'] = 1;
}
}
}
$data['title'] = "Forgot Password";
$data['content'] = $this->load->view('forgot', isset($view_data) ? $view_data : NULL, TRUE);
$this->load->view('html_anon', $data);
} else {
//Render access denied page
show_error('You are not authorized to view this page', '403');
}
}
function secure_anchor_popup($uri = '', $title = '', $attributes = FALSE)
{
$title = (string) $title;
$secure_site_url = !preg_match('!^\\w+://! i', $uri) ? secure_site_url($uri) : $uri;
if ($title == '') {
$title = $site_url;
}
if ($attributes === FALSE) {
return "<a href='javascript:void(0);' onclick=\"window.open('" . $secure_site_url . "', '_blank');\">" . $title . "</a>";
}
if (!is_array($attributes)) {
$attributes = array();
}
foreach (array('width' => '800', 'height' => '600', 'scrollbars' => 'yes', 'status' => 'yes', 'resizable' => 'yes', 'screenx' => '0', 'screeny' => '0') as $key => $val) {
$atts[$key] = !isset($attributes[$key]) ? $val : $attributes[$key];
unset($attributes[$key]);
}
if ($attributes != '') {
$attributes = _parse_attributes($attributes);
}
return "<a href='javascript:void(0);' onclick=\"window.open('" . $secure_site_url . "', '_blank', '" . _parse_attributes($atts, TRUE) . "');\"{$attributes}>" . $title . "</a>";
}
?>
" />
<input type="hidden" id="allowed_types" value="<?php
echo $upload_config['allowed_types'];
?>
" />
<input type="hidden" id="ci_csrf_token_name" value="<?php
echo config_item('csrf_token_name');
?>
" />
<input type="hidden" id="upload_url" value="<?php
echo secure_site_url('uploads_manager/bridge_' . $upload_destination . '/profile_image');
?>
" />
<input type="hidden" id="delete_url" value="<?php
echo secure_site_url('user/delete_profile_image');
?>
" />
</div>
</fieldset>
<div class="form-row">
<div id="submit_box">
<?php
// SUBMIT BUTTON ***********************
$input_data = array('name' => 'submit', 'id' => 'submit_button', 'value' => 'Update');
echo form_submit($input_data);
?>
</div>
</div>
/**
* Delete a user
*
* @param int the user_id of the user to delete.
* @param int the pagination page number to redirect back to.
*/
public function delete_user($user_to_delete = FALSE, $page = FALSE)
{
// Make sure admin or manager is logged in
if ($this->require_role('admin,manager')) {
// Load resources
$this->load->model('user_model');
// Must not be a user trying to delete themeselves
if (is_numeric($user_to_delete) && $user_to_delete != $this->auth_user_id) {
// If an ajax request
if ($this->input->is_ajax_request()) {
// Must pass token match and delete_user must return TRUE
if ($this->tokens->match && $this->user_model->delete_user($user_to_delete, $this->auth_level)) {
// Send success message back
$response = array('test' => 'success', 'token' => $this->tokens->token(), 'ci_csrf_token' => $this->security->get_csrf_hash());
} else {
// CSRF token mismatch or delete_user was FALSE
$response = array('test' => 'error', 'message' => 'No Token Match - Please Reload Page');
}
echo json_encode($response);
} else {
$test = $this->user_model->delete_user($user_to_delete, $this->auth_level);
$page = $page ? '/' . $page : '';
header("Location: " . secure_site_url('administration/manage_users' . $page));
exit;
}
}
}
}
<?php
if (config_item('allow_remember_me')) {
?>
<br />
<label for="remember_me" class="form_label">Remember Me</label>
<input type="checkbox" id="remember_me" name="remember_me" value="yes" />
<?php
}
?>
<p>
<a href="<?php
echo secure_site_url('recover');
?>
">
Can't access your account?
</a>
</p>
<input type="submit" name="submit" value="Login" id="submit_button" />
</div>
</form>
<?php
} else {
// EXCESSIVE LOGIN ATTEMPTS ERROR MESSAGE
?>
" />
<input type="hidden" id="allowed_types" value="<?php
echo $uploader_settings['allowed_types'];
?>
" />
<input type="hidden" id="update_image_order_url" value="<?php
echo secure_site_url('custom_uploader/update_image_order');
?>
" />
<input type="hidden" id="delete_image_url" value="<?php
echo secure_site_url('custom_uploader/delete_image');
?>
" />
<input type="hidden" id="upload_image_url" value="<?php
echo secure_site_url('uploads_manager/bridge_filesystem/custom_uploader');
?>
" />
</form>
</p>
<div id="status-bar"></div>
</div>
<div id="image-list">
<?php
// If there are images
if (!empty($images->images_data)) {
// Unserialize the images
$images = unserialize($images->images_data);
// If the unserialized data is not empty
if (!empty($images)) {
// Start the image list
/**
* Setup session, HTTP user cookie, and remember me cookie
* during a successful login attempt. Redirect is specified here.
*
* @param obj the user record
* @return void
*/
private function _maintain_state($auth_data)
{
// Redirect to specified page, or home page if none provided
$redirect = $this->CI->input->get('redirect') ? urldecode($this->CI->input->get('redirect')) : '';
$url = USE_SSL === 1 ? secure_site_url($redirect) : site_url($redirect);
header("Location: " . $url, TRUE, 302);
// Store login time in database and cookie
$login_time = time();
/**
* Since the session cookie needs to be able to use
* the secure flag, we want to hold some of the user's
* data in another cookie.
*/
$http_user_cookie = array('name' => config_item('http_user_cookie_name'), 'domain' => config_item('cookie_domain'), 'path' => config_item('cookie_path'), 'prefix' => config_item('cookie_prefix'), 'secure' => FALSE);
// Initialize the HTTP user cookie data
$http_user_cookie_data['_user_name'] = $auth_data->user_name;
// Get the array of selected profile columns
$selected_profile_columns = config_item('selected_profile_columns');
// If selected profile columns are to be added to the HTTP user cookie
if (!empty($selected_profile_columns)) {
// Loop through the auth data
foreach ((array) $auth_data as $k => $v) {
// If a selected profile column
if (in_array($k, $selected_profile_columns)) {
$http_user_cookie_data['_' . $k] = $v;
}
}
}
// Serialize the HTTP user cookie data
$http_user_cookie['value'] = $this->CI->session->serialize_data($http_user_cookie_data);
// Check if remember me requested, and set cookie if yes
if (config_item('allow_remember_me') && $this->CI->input->post('remember_me')) {
$remember_me_cookie = array('name' => config_item('remember_me_cookie_name'), 'value' => config_item('remember_me_expiration') + time(), 'expire' => config_item('remember_me_expiration'), 'domain' => config_item('cookie_domain'), 'path' => config_item('cookie_path'), 'prefix' => config_item('cookie_prefix'), 'secure' => FALSE);
$this->CI->input->set_cookie($remember_me_cookie);
// Make sure the CI session cookie doesn't expire on close
$this->CI->session->sess_expire_on_close = FALSE;
$this->CI->session->sess_expiration = config_item('remember_me_expiration');
// Set the expiration of the http user cookie
$http_user_cookie['expire'] = config_item('remember_me_expiration') + time();
} else {
// Unless remember me is requested, the http user cookie expires when the browser closes.
$http_user_cookie['expire'] = 0;
}
$this->CI->input->set_cookie($http_user_cookie);
// Set CI session cookie
$this->CI->session->set_userdata('auth_identifier', $this->create_auth_identifier($auth_data->user_id, $auth_data->user_modified, $login_time));
// For security, force regenerate the session ID
$session_id = $this->CI->session->sess_update(TRUE);
// Update user record in database
$this->CI->auth_model->login_update($auth_data->user_id, $login_time, $session_id);
}
function anchor($uri = '', $title = '', $attributes = '', $secure = FALSE)
{
$title = (string) $title;
if (!is_array($uri)) {
$site_url = !preg_match('!^\\w+://! i', $uri) ? $secure ? secure_site_url($uri) : site_url($uri) : $uri;
} else {
$site_url = $secure ? secure_site_url($uri) : site_url($uri);
}
if ($title == '') {
$title = $site_url;
}
if ($attributes != '') {
$attributes = _parse_attributes($attributes);
}
return "<a href=\"{$site_url}\"{$attributes}>{$title}</a>";
}
/**
* Setup session, HTTP user cookie, and remember me cookie
* during a successful login attempt. Redirect is specified here.
*
* @param obj the user record
* @return void
*/
private function _maintain_state($auth_data)
{
// Redirect to specified page, or home page if none provided
$redirect = $this->CI->input->get('redirect') ? urldecode($this->CI->input->get('redirect')) : '';
$url = secure_site_url($redirect);
header("Location: " . $url, TRUE, 302);
// Store login time in database and cookie
$login_time = date('Y-m-d H:i:s');
/**
* Since the session cookie needs to be able to use
* the secure flag, we want to hold some of the user's
* data in another cookie.
*/
$http_user_cookie = array('name' => config_item('http_user_cookie_name'), 'domain' => config_item('cookie_domain'), 'path' => config_item('cookie_path'), 'prefix' => config_item('cookie_prefix'), 'secure' => FALSE);
// Initialize the HTTP user cookie data
$http_user_cookie_elements = config_item('http_user_cookie_elements');
if (is_array($http_user_cookie_elements) && !empty($http_user_cookie_elements)) {
foreach ($http_user_cookie_elements as $element) {
if (isset($auth_data->{$element})) {
$http_user_cookie_data[$element] = $auth_data->{$element};
}
}
}
// Serialize the HTTP user cookie data
if (isset($http_user_cookie_data)) {
$http_user_cookie['value'] = serialize_data($http_user_cookie_data);
}
// Check if remember me requested, and set cookie if yes
if (config_item('allow_remember_me') && $this->CI->input->post('remember_me')) {
$remember_me_cookie = array('name' => config_item('remember_me_cookie_name'), 'value' => config_item('remember_me_expiration') + time(), 'expire' => config_item('remember_me_expiration'), 'domain' => config_item('cookie_domain'), 'path' => config_item('cookie_path'), 'prefix' => config_item('cookie_prefix'), 'secure' => FALSE);
$this->CI->input->set_cookie($remember_me_cookie);
// Make sure the CI session cookie doesn't expire on close
$this->CI->session->sess_expire_on_close = FALSE;
$this->CI->session->sess_expiration = config_item('remember_me_expiration');
// Set the expiration of the http user cookie
$http_user_cookie['expire'] = config_item('remember_me_expiration') + time();
} else {
// Unless remember me is requested, the http user cookie expires when the browser closes.
$http_user_cookie['expire'] = 0;
}
// Only set the HTTP user cookie is there is data to set.
if (isset($http_user_cookie_data)) {
$this->CI->input->set_cookie($http_user_cookie);
}
// Create the auth identifier
$auth_identifiers = serialize(array('user_id' => $auth_data->user_id, 'login_time' => $login_time));
// Encrypt the auth identifier if necessary
if (config_item('encrypt_auth_identifiers')) {
$auth_identifiers = $this->CI->encryption->encrypt($auth_identifiers);
}
// Set CI session cookie
$this->CI->session->set_userdata('auth_identifiers', $auth_identifiers);
// For security, force regenerate the session ID
$session_id = $this->CI->session->sess_regenerate(TRUE);
// Update user record in database
$this->CI->{$this->auth_model}->login_update($auth_data->user_id, $login_time, $session_id);
}
<tr>
<th class="icon-column delete-column"></th>
<th class="icon-column"></th>
<th>username</th>
<th>email address</th>
<th>role</th>
</tr>
</thead>
<tbody>
<?php
echo $table_content;
?>
</tbody>
</table>
</div>
<?php
echo form_open();
?>
<input type="hidden" id="ci_csrf_token_name" value="<?php
echo config_item('csrf_token_name');
?>
" />
<input type="hidden" id="buttons_url" value="<?php
echo secure_site_url('administration/manage_users');
?>
" />
</form>
<?php
/* End of file manage_users.php */
/* Location: /application/views/administration/manage_users.php */
<div><label for="login_string">Email address</label><br>
<input type="text" id="login_string" name="login_string" size="60" /></div>
<div><label for="login_pass">Password</label><br>
<input type="password" id="login_pass" name="login_pass" maxlength="<?php
echo config_item('max_chars_for_password');
?>
" /></div>
<?php
if (config_item('allow_remember_me')) {
?>
<div></div><label for="remember_me" class="form_label">Remember Me</label><br>
<input type="checkbox" id="remember_me" name="remember_me" value="yes" /></div>
<?php
}
?>
<div><input type="submit" id="submit_button" name="submit" value="Login" /></div>
</form>
<p><a href="<?php
echo secure_site_url('auth/recover');
?>
">Can't access your account?</a><br>
<a href="<?php
echo site_url('welcome');
?>
">Home</a></p>
</div>
</div>
</section>
<?php
}
if (config_item('allow_remember_me')) {
?>
<div class="form-row">
<label for="remember_me" class="form_label">Remember Me</label>
<input type="checkbox" id="remember_me" name="remember_me" value="yes" />
</div>
<?php
}
?>
<div class="form-row">
<p>
<a href="<?php
echo secure_site_url('user/recover');
?>
">
Can't access your account?
</a>
</p>
</div>
<div class="form-row">
<div id="submit_box">
<input type="submit" name="submit" value="Login" id="submit_button" />
</div>
</div>
</div>
</form>
<?php
/**
* Secure Anchor Link
*
* Creates a secure anchor based on the local URL, and if USE_SSL is 'on'.
*
* @param string the URL
* @param string the link title
* @param mixed any attributes
*/
function secure_anchor($uri = '', $title = '', $attributes = '')
{
$title = (string) $title;
if (!is_array($uri)) {
$site_url = !preg_match('!^\\w+://! i', $uri) ? secure_site_url($uri) : $uri;
} else {
$site_url = secure_site_url($uri);
}
if ($title == '') {
$title = $site_url;
}
if ($attributes != '') {
$attributes = _parse_attributes($attributes);
}
return '<a href="' . $site_url . '"' . $attributes . '>' . $title . '</a>';
}
<?php
if (config_item('allow_remember_me')) {
?>
<br />
<label for="remember_me" class="form_label">Ghi nhớ phiên đăng nhập</label>
<input type="checkbox" id="remember_me" name="remember_me" value="yes" />
<?php
}
?>
<p>
<a href="<?php
echo secure_site_url('examples/recover');
?>
">
Bạn đã quên mật khẩu?
</a>
</p>
<div class="form-actions">
<!--<label class="checkbox">
<input type="checkbox" name="remember" value="1"/> Tự động đăng nhập lần sau
</label>-->
<button type="submit" name="submit" class="btn blue pull-right" id="submit_button">
Đăng nhập <i class="m-icon-swapright m-icon-white"></i>
</button>
</div>
</div>
/**
* Secure Anchor Link
*
* Creates a secure anchor based on the local URL, and if USE_SSL is 'on'.
*
* @param string the URL
* @param string the link title
* @param mixed any attributes
*/
function secure_anchor($uri = '', $title = '', $attributes = '')
{
$title = (string) $title;
$site_url = is_array($uri) ? secure_site_url($uri) : preg_match('#^(\\w+:)?//#i', $uri) ? $uri : secure_site_url($uri);
if ($title === '') {
$title = $site_url;
}
if ($attributes !== '') {
$attributes = _stringify_attributes($attributes);
}
return '<a href="' . $site_url . '"' . $attributes . '>' . $title . '</a>';
}
<?php
defined('BASEPATH') or exit('No direct script access allowed');
?>
<div id="container">
<h1>Welcome to CodeIgniter!</h1>
<div id="body">
<p>The page you are looking at is being generated dynamically by CodeIgniter.</p>
<p>If you would like to edit this page you'll find it located at:</p>
<code>application/views/welcome_message.php</code>
<p>The corresponding controller for this page is found at:</p>
<code>application/controllers/Welcome.php</code>
<p>If you are exploring CodeIgniter for the very first time, you should start by reading the <a href="user_guide/">User Guide</a>.</p>
<p><a href="<?php
echo secure_site_url('login');
?>
">Log In</a></p>
</div>
<p class="footer">Page rendered in <strong>{elapsed_time}</strong> seconds. <?php
echo ENVIRONMENT === 'development' ? 'CodeIgniter Version <strong>' . CI_VERSION . '</strong>' : '';
?>
</p>
</div>
/**
* Force the request to be redirected to HTTPS, or optionally show 404.
* A strong security policy does not allow for redirection.
*/
protected function force_ssl()
{
// Force SSL if available
if (USE_SSL !== 0 && $this->protocol == 'http') {
// Allow redirect to the HTTPS page
if (REDIRECT_TO_HTTPS !== 0) {
// Load string helper for trim_slashes function
$this->load->helper('string');
// 301 Redirect to the secure page
header("Location: " . secure_site_url(trim_slashes($this->uri->uri_string())), TRUE, 301);
} else {
show_404();
}
exit;
}
}
<?php
if (!defined('BASEPATH')) {
exit('No direct script access allowed');
}
/**
* Community Auth - Pagination Config for User Management
*
* Community Auth is an open source authentication application for CodeIgniter 2.2.2
*
* @package Community Auth
* @author Robert B Gottier
* @copyright Copyright (c) 2011 - 2015, Robert B Gottier. (http://brianswebdesign.com/)
* @license BSD - http://www.opensource.org/licenses/BSD-3-Clause
* @link http://community-auth.com
*/
$config['manage_users_pagination_settings'] = array('base_url' => secure_site_url('administration/manage_users'), 'per_page' => 8, 'use_page_numbers' => TRUE, 'anchor_class' => 'class="std-link" ', 'cur_tag_open' => ' <span id="active-set">', 'cur_tag_close' => '</span>', 'first_link' => FALSE, 'last_link' => FALSE, 'num_links' => 3);
$config['manage_users_search_options'] = array('u.user_name' => 'username', 'u.user_email' => 'email address');
/* End of file manage_users_pagination.php */
/* Location: /application/config/pagination/administration/manage_users_pagination.php */
/**
* User recovery form
*/
public function recover()
{
// Load resources
$this->load->model('examples_model');
/// If IP or posted email is on hold, display message
if ($on_hold = $this->authentication->current_hold_status(TRUE)) {
$view_data['disabled'] = 1;
} else {
// If the form post looks good
if ($this->tokens->match && $this->input->post('user_email')) {
if ($user_data = $this->examples_model->get_recovery_data($this->input->post('user_email'))) {
// Check if user is banned
if ($user_data->user_banned == '1') {
// Log an error if banned
$this->authentication->log_error($this->input->post('user_email', TRUE));
// Show special message for banned user
$view_data['user_banned'] = 1;
} else {
/**
* Use the string generator to create a random string
* that will be hashed and stored as the password recovery key.
*/
$this->load->library('generate_string');
$recovery_code = $this->generate_string->set_options(array('exclude' => array('char')))->random_string(64)->show();
// Update user record with recovery code and time
$this->examples_model->update_user_raw_data($user_data->user_id, array('passwd_recovery_code' => $this->authentication->hash_passwd($recovery_code), 'passwd_recovery_date' => date('Y-m-d H:i:s')));
$view_data['special_link'] = secure_anchor('examples/recovery_verification/' . $user_data->user_id . '/' . $recovery_code, secure_site_url('examples/recovery_verification/' . $user_data->user_id . '/' . $recovery_code), 'target ="_blank"');
$view_data['confirmation'] = 1;
}
} else {
// Log the error
$this->authentication->log_error($this->input->post('user_email', TRUE));
$view_data['no_match'] = 1;
}
}
}
echo $this->load->view('examples/page_header', '', TRUE);
echo $this->load->view('examples/recover_form', isset($view_data) ? $view_data : '', TRUE);
echo $this->load->view('examples/page_footer', '', TRUE);
}
/**
* Log out
*/
public function logout()
{
$this->authentication->logout();
redirect(secure_site_url(LOGIN_PAGE . '?logout=1'));
}
public function index()
{
if ($this->require_role('admin,super-agent,agent')) {
$settings = array();
foreach ($this->settings_model->getDataList() as $setting) {
$settings[$setting->key] = $setting->value;
}
if ($this->is_role('agent')) {
//if it's an agent we redirect him to start creating a sheet
redirect(secure_site_url('polls/select'));
} elseif ($this->is_role('super-agent')) {
//if it's an super-agent we redirect him to the Poll module
redirect(secure_site_url('polls'));
}
$this->config->load('pms_config');
$polls = $this->polls_model->getActivePolls(false);
foreach ($polls as $poll) {
$poll->sheets_count = $this->polls_model->countSheets($poll);
$color = $poll->sheets_count == $poll->max_surveys_number ? 'red' : 'green';
$poll->show_count = "<span style='color:{$color}'> (<span id='sheet_number_" . $poll->id . "'>" . $poll->sheets_count . '</span>/' . $poll->max_surveys_number . ')</span>';
}
$data = array('title' => "Fiche du répondant", 'content' => 'dashboard/index', 'js_to_load' => array('tracking.js', 'map_utilities.js'), 'map_key' => $this->config->item('pms_google_map_key'), 'map_refresh' => $settings['map_update_interval'], 'idle_time' => $settings['map_idle_interval'], 'polls' => $polls, 'sheets' => $this->sheets_model->getSheetsWithPollAndUser(10), 'geolocations' => $this->geolocations_model->getErrors(10), 'data_url' => base_url("sheets/get_sheets/"));
$this->load->view('global/layout', $data);
}
}
