public function process($parameters) { $activation = new Activation(); $csfr = new Csrf(); $userId = $parameters[0]; if (!$activation->checkIfIsAdminOfUser($_SESSION['id_user'], $userId)) { $this->redirect('error'); } if (isset($_POST['sent'])) { if (!Csrf::validateCsrfRequest($_POST['csrf'])) { $this->messages[] = ['s' => 'error', 'cs' => 'Možný CSRF útok! Zkuste prosím aktivaci znovu', 'en' => 'Possible CSRF attack! Please try activation again']; $this->redirect('error'); } $tariffId = $activation->sanitize($_POST['tariff']); $startDate = $activation->sanitize($_POST['startDate']); $result = $activation->validateForceActivationData($tariffId, $startDate); if ($result['s'] == 'success') { $result = $activation->forceActivateUser($activation->getUserEmailFromId($userId), $tariffId, $startDate); } $this->messages[] = $result; if ($result['s'] == 'success') { $this->redirect('payments/' . $userId); } } $this->data['csrf'] = $csfr->getCsrfToken(); $this->data['tariffs'] = $activation->returnTariffsData($this->language); $this->header['title'] = ['cs' => 'Aktivace uživatele', 'en' => 'User activation']; $this->view = 'forceActivation'; }
public function process($parameters) { $deactivation = new Activation(); $userId = $parameters[0]; if (!$deactivation->checkIfIsAdminOfUser($_SESSION['id_user'], $userId)) { $this->redirect('error'); } $csrfToken = $parameters[1]; if (!Csrf::validateCsrfRequest($csrfToken)) { $this->messages[] = ['s' => 'error', 'cs' => 'Možný CSRF útok! Zkuste prosím deaktivaci znovu', 'en' => 'Possible CSRF attack! Please try deactivation again']; } else { $email = $deactivation->getUserEmailFromId($userId); $result = $deactivation->deactivateUser($email); $this->messages[] = $result; } $this->redirect('checkUsers'); }
function process($parameters) { $changePersonals = new ChangePersonals(); if (!$changePersonals->checkLogin()) { $this->redirect('error'); } //if empty parameter, add the current user if (isset($parameters[0])) { $userId = $parameters[0]; } else { $userId = $_SESSION['id_user']; } //if not admin of the right place, throw error if ($userId != $_SESSION['id_user'] && !$changePersonals->checkIfIsAdminOfUser($_SESSION['id_user'], $userId)) { $this->redirect('error'); } //if form is sent if (isset($_POST['sent'])) { $data = $changePersonals->sanitize(['firstname' => $_POST['firstname'], 'surname' => $_POST['surname'], 'telephone' => $_POST['telephone'], 'address' => $_POST['address'], 'ic' => $_POST['ic'], 'p' => $_POST['p'], 'csrf' => $_POST['csrf']]); if (!Csrf::validateCsrfRequest($data['csrf'])) { $this->messages[] = ['s' => 'error', 'cs' => 'Možný CSRF útok! Zkuste prosím změnit údaje znovu', 'en' => 'Possible CSRF attack! Please try to change your personals again']; } else { $result = $changePersonals->validateData($data); if ($result['s'] == 'success') { $fakturoid = new FakturoidWrapper(); //add fakturoid_id into data $data['fakturoid_id'] = $fakturoid->getFakturoidIdFromUserId($userId); if ($fakturoid->updateCustomer($data) == false) { $result = ['s' => 'error', 'cs' => 'Bohužel se nepovedlo uložit data do Faktuoidu; zkus to prosím za pár minut', 'en' => 'Sorry, we didn\'n safe your data into Fakturoid; try it again after a couple of minutes please']; } else { $result = $changePersonals->changePersonalData($data, $userId); } } $this->messages[] = $result; } } //data for form $userData = $changePersonals->getUserData($userId); $this->data = $userData['user']; $this->data['csrf'] = Csrf::getCsrfToken(); $this->header['title'] = ['cs' => 'Změna osobních údajů', 'en' => 'Change personal information']; $this->view = 'changePersonals'; }
function process($parameters) { $changePersonals = new ChangePersonals(); if (!$changePersonals->checkLogin()) { $this->redirect('error'); } //if empty parameter, add there current user if (isset($parameters[0])) { $userId = $parameters[0]; } else { $userId = $_SESSION['id_user']; } //if not admin of the right place, throw error if ($userId != $_SESSION['id_user'] && !$changePersonals->checkIfIsAdminOfUser($_SESSION['id_user'], $userId)) { $this->redirect('error'); } //if form is sent if (isset($_POST['sent'])) { $data = $changePersonals->sanitize(['firstname' => $_POST['firstname'], 'surname' => $_POST['surname'], 'telephone' => $_POST['telephone'], 'address' => $_POST['address'], 'ic' => $_POST['ic'], 'p' => $_POST['p'], 'csrf' => $_POST['csrf']]); if (!Csrf::validateCsrfRequest($data['csrf'])) { $this->messages[] = ['s' => 'error', 'cs' => 'Možný CSRF útok! Zkuste prosím změnit údaje znovu', 'en' => 'Possible CSRF attack! Please try change your personals again']; } else { $result = $changePersonals->validateData($data); if ($result['s'] == 'success') { $result = $changePersonals->changePersonalData($data, $userId); } $this->messages[] = $result; } } //data for form $user = $changePersonals->getUserData($userId, $this->language); $this->data = $user['user']; $this->data['csrf'] = Csrf::getCsrfToken(); $this->header['title'] = ['cs' => 'Změna osobních údajů', 'en' => 'Change Personal info']; $this->view = 'changePersonals'; }