/** * Construct this object by extending the basic Controller class. */ public function __construct() { parent::__construct(); // VERY IMPORTANT: All controllers/areas that should only be usable by logged-in users // need this line! Otherwise not-logged in users could do actions. Auth::checkAuthentication(); }
/** * Construct this object by extending the basic Controller class */ public function __construct() { parent::__construct(); // VERY IMPORTANT: All controllers/areas that should only be usable by logged-in users // need this line! Otherwise not-logged in users could do actions. If all of your pages should only // be usable by logged-in users: Put this line into libs/Controller->__construct Auth::checkAuthentication(); }
public static function updateConference(int $confId) : bool { Auth::checkAuthentication(); $conferenceTitle = Request::post("conference_title", true); $conferenceVenueName = Request::post("conference_venue", true); if (!self::validateConference($conferenceTitle, $conferenceVenueName)) { return false; } $venue = VenueModel::getVenueByName($conferenceVenueName); return self::updateConferenceInDb($confId, $conferenceTitle, (int) $venue->venue_id, (int) Session::get('user_id')); }
public static function createLecture(int $confId) : bool { Auth::checkAuthentication(); $startTime = Request::post('datetime_start', true); $endTime = Request::post('datetime_end', true); $lectureTitle = Request::post('lecture_title', true); if (!self::validateLecture($lectureTitle, $startTime, $endTime)) { return false; } $must_visit = 0; if (Request::post('must_visit')) { $must_visit = 1; } $startTimestamp = strtotime($startTime, time()); $endTimestamp = strtotime($endTime, time()); return self::createLectureInDb($confId, $lectureTitle, $startTimestamp, $endTimestamp, $must_visit); }
/** * Password Change Page * Show the password form if user is logged in, otherwise redirect to login page */ public function changePassword() { Auth::checkAuthentication(); $this->View->render('login/changePassword'); }
/** * Construct this object by extending the basic Controller class */ public function __construct() { parent::__construct(); Auth::checkAuthentication(); }
// | it under the terms of the GNU General Public License as published by | // | the Free Software Foundation; either version 2 of the License, or | // | (at your option) any later version. | // | | // | This program is distributed in the hope that it will be useful, | // | but WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // | | // | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to: | // | | // | Free Software Foundation, Inc. | // | 51 Franklin Street, Suite 330 | // | Boston, MA 02110-1301, USA. | // +----------------------------------------------------------------------+ // | Authors: João Prado Maia <*****@*****.**> | // +----------------------------------------------------------------------+ require_once dirname(__FILE__) . '/../init.php'; $tpl = new Template_Helper(); $tpl->setTemplate('removed_emails.tpl.html'); Auth::checkAuthentication(APP_COOKIE, null, true); if (@$_POST['cat'] == 'restore') { $res = Support::restoreEmails(); $tpl->assign('result_msg', $res); } elseif (@$_POST['cat'] == 'remove') { $res = Support::expungeEmails($_POST['item']); $tpl->assign('result_msg', $res); } $tpl->assign('list', Support::getRemovedList()); $tpl->displayTemplate();
// | GNU General Public License for more details. | // | | // | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to: | // | | // | Free Software Foundation, Inc. | // | 59 Temple Place - Suite 330 | // | Boston, MA 02111-1307, USA. | // +----------------------------------------------------------------------+ // | Authors: João Prado Maia <*****@*****.**> | // +----------------------------------------------------------------------+ // // @(#) $Id: s.removed_emails.php 1.2 03/01/21 04:06:59-00:00 jpm $ // include_once "config.inc.php"; include_once APP_INC_PATH . "class.template.php"; include_once APP_INC_PATH . "class.auth.php"; include_once APP_INC_PATH . "class.support.php"; include_once APP_INC_PATH . "db_access.php"; $tpl = new Template_API(); $tpl->setTemplate("removed_emails.tpl.html"); Auth::checkAuthentication(APP_COOKIE, NULL, true); if (@$HTTP_POST_VARS["cat"] == "restore") { $res = Support::restoreEmails(); $tpl->assign("result_msg", $res); } elseif (@$HTTP_POST_VARS["cat"] == "remove") { $res = Support::expungeEmails($HTTP_POST_VARS["item"]); $tpl->assign("result_msg", $res); } $tpl->assign("list", Support::getRemovedList()); $tpl->displayTemplate();
<?php /* * This file is part of the Eventum (Issue Tracking System) package. * * @copyright (c) Eventum Team * @license GNU General Public License, version 2 or later (GPL-2+) * * For the full copyright and license information, * please see the COPYING and AUTHORS files * that were distributed with this source code. */ require_once __DIR__ . '/../../init.php'; $tpl = new Template_Helper(); $tpl->setTemplate('manage/email_alias.tpl.html'); Auth::checkAuthentication(null, true); $role_id = Auth::getCurrentRole(); if ($role_id < User::ROLE_MANAGER) { $tpl->setTemplate('permission_denied.tpl.html'); $tpl->displayTemplate(); exit; } $usr_id = $_REQUEST['id']; if (@$_POST['cat'] == 'save') { $res = User::addAlias($usr_id, trim($_POST['alias'])); Misc::mapMessages($res, array(true => array(ev_gettext('Thank you, the alias was added successfully.'), Misc::MSG_INFO), false => array(ev_gettext('An error occurred while trying to add the alias.'), Misc::MSG_ERROR))); } elseif (@$_POST['cat'] == 'remove') { foreach ($_POST['item'] as $aliastmp) { $res = User::removeAlias($usr_id, $aliastmp); } Misc::mapMessages($res, array(true => array(ev_gettext('Thank you, the alias was removed successfully.'), Misc::MSG_INFO), false => array(ev_gettext('An error occurred while trying to remove the alias.'), Misc::MSG_ERROR)));
<?php /* * This file is part of the Eventum (Issue Tracking System) package. * * @copyright (c) Eventum Team * @license GNU General Public License, version 2 or later (GPL-2+) * * For the full copyright and license information, * please see the COPYING and AUTHORS files * that were distributed with this source code. */ require_once __DIR__ . '/../../init.php'; Auth::checkAuthentication(); if (!empty($_REQUEST['iss_id'])) { $fields = Custom_Field::getListByIssue(Auth::getCurrentProject(), $_REQUEST['iss_id']); } else { $fields = Custom_Field::getListByProject(Auth::getCurrentProject(), $_REQUEST['form_type']); } $data = array(); foreach ($fields as $field) { $backend = Custom_Field::getBackend($field['fld_id']); if (is_object($backend) && is_subclass_of($backend, 'Dynamic_Custom_Field_Backend')) { $field['structured_data'] = $backend->getStructuredData(); $data[] = $field; } } header('Content-Type: text/javascript; charset=UTF-8'); $tpl = new Template_Helper(); $tpl->setTemplate('js/dynamic_custom_field.tpl.js'); $tpl->assign('fields', $data);
public function editUserZip_action() { Auth::checkAuthentication(); EditModel::editUserZip(Request::post('user_zip')); Redirect::to('user/index'); }
/** * Show user profile * Auth::checkAuthentication() makes sure that only logged in users can use this action and see this page */ public function showProfile() { Auth::checkAuthentication(); $this->view->render('login/showProfile', array('user_name' => Session::get('user_name'), 'user_email' => Session::get('user_email'), 'user_account_type' => Session::get('user_account_type'))); }
/** * This method controls what happens when you move to /dashboard/create in your app. * Creates a new Short. This is usually the target of form submit actions. * POST request. */ public function create() { Auth::checkAuthentication(); ShortModel::createShort(Request::post('url')); Redirect::to('short/index'); }
/** * Perform the account-type changing * Auth::checkAuthentication() makes sure that only logged in users can use this action * POST-request */ public function changeUserRole_action() { Auth::checkAuthentication(); if (Request::post('user_account_upgrade')) { // "2" is quick & dirty account type 2, something like "premium user" maybe. you got the idea :) UserRoleModel::changeUserRole(2); } if (Request::post('user_account_downgrade')) { // "1" is quick & dirty account type 1, something like "basic user" maybe. UserRoleModel::changeUserRole(1); } Redirect::to('login/changeUserRole'); }
// | Boston, MA 02111-1307, USA. | // +----------------------------------------------------------------------+ // | Authors: João Prado Maia <*****@*****.**> | // +----------------------------------------------------------------------+ // // @(#) $Id$ // include_once "config.inc.php"; include_once APP_INC_PATH . "class.template.php"; include_once APP_INC_PATH . "class.auth.php"; include_once APP_INC_PATH . "class.user.php"; include_once APP_INC_PATH . "class.note.php"; include_once APP_INC_PATH . "db_access.php"; $tpl = new Template_API(); $tpl->setTemplate("post_note.tpl.html"); Auth::checkAuthentication(APP_COOKIE, 'index.php?err=5', true); $prj_id = Auth::getCurrentProject(); $usr_id = Auth::getUserID(); @($issue_id = $HTTP_GET_VARS["issue_id"] ? $HTTP_GET_VARS["issue_id"] : $HTTP_POST_VARS["issue_id"]); $details = Issue::getDetails($issue_id); $tpl->assign("issue_id", $issue_id); $tpl->assign("issue", $details); if (!Issue::canAccess($issue_id, $usr_id)) { $tpl->setTemplate("permission_denied.tpl.html"); $tpl->displayTemplate(); exit; } if (@$HTTP_POST_VARS["cat"] == "post_note") { // change status if (!@empty($HTTP_POST_VARS['new_status'])) { $res = Issue::setStatus($issue_id, $HTTP_POST_VARS['new_status']);
// | | // | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to: | // | | // | Free Software Foundation, Inc. | // | 59 Temple Place - Suite 330 | // | Boston, MA 02111-1307, USA. | // +----------------------------------------------------------------------+ // | Authors: João Prado Maia <*****@*****.**> | // +----------------------------------------------------------------------+ // // @(#) $Id: s.csv.php 1.4 03/01/16 01:47:31-00:00 jpm $ // include_once "config.inc.php"; include_once APP_INC_PATH . "class.auth.php"; include_once APP_INC_PATH . "db_access.php"; Auth::checkAuthentication(APP_COOKIE); $csv = base64_decode($HTTP_POST_VARS["csv_data"]); header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified header("Pragma: no-cache"); header("Content-Type: application/vnd.ms-excel"); header("Content-Disposition: attachment; filename=" . uniqid('') . '.xls'); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0,pre-check=0"); header("Content-Type: application/vnd.ms-excel"); header("Content-Disposition: \"inline\""); header("Content-Length: " . strlen($csv)); echo $csv;
/** * Delete the current user's avatar * Auth::checkAuthentication() makes sure that only logged in users can use this action and see this page */ public function deleteAvatar_action() { Auth::checkAuthentication(); AvatarModel::deleteAvatar(Session::get("user_id")); Redirect::to('login/editAvatar'); }
/** * Construct this object by extending the basic Controller class */ public function __construct() { parent::__construct(); // this entire controller should only be visible/usable by logged in users, so we put authentication-check here Auth::checkAuthentication(); }
/** * Construct this object by extending the basic Controller class */ public function __construct() { parent::__construct(); // special authentication check for the entire controller: Note the check-ADMIN-authentication! Auth::checkAuthentication(); }