public function action_Department($Kid) { //CSRF対策 $this->data['token_key'] = Config::get('security.csrf_token_key'); $this->data['token'] = Security::fetch_token(); //カテゴリごとの投稿件数を取得 $count = Model_Post::query()->where('Kid', '=', $Kid)->count(); //ページネーションの設定(カテゴリごとの投稿表示仕様) $config = array('pagination_url' => 'noteshare/list/' . $Kid, 'uri_segment' => 3, 'num_links' => 3, 'per_page' => $this->per_page, 'total_items' => $count, 'show_first' => true, 'show_last' => true); $pagination = Pagination::forge('post_pagination', $config); $this->data['posts'] = Model_Post::query()->where('Kid', '=', $Kid)->order_by('Ptime', 'desc')->limit($this->per_page)->offset($pagination->offset)->get(); $this->data['department'] = Model_Category::query()->where('Kid', '=', $Kid)->get(); $this->action_categorize(); //homeのビューオブジェクトを生成 if (!$count) { $this->data['error'] = true; $view = View::forge('list/DepartmentList', $this->data); $view->set_safe('pagination', $pagination); //メッセージの定義 } else { $view = View::forge('list/DepartmentList', $this->data); $view->set_safe('pagination', $pagination); } return $view; }
public function action_send() { $data['token_key'] = Config::get('security.csrf_token_key'); $data['token'] = Security::fetch_token(); $error = array(); if (Security::check_token()) { $val = Validation::forge(); $val->add_field('username', 'ユーザID', 'required|max_length[9]'); $val->add_field('mail', 'メールアドレス', 'required|valid_email'); if ($val->run()) { //受信データの整理 $username = Input::post('username'); $email = Input::post('mail'); //登録ユーザの有無の確認 $user_count = Model_Users::query()->where('username', $username)->where('email', $email)->count(); //該当ユーザがいれば if ($user_count > 0) { //Authのインスタンス化 $auth = Auth::instance(); //新しいパスワードの自動発行 $repass = $auth->reset_password($username); //送信データの整理 $data['fullname'] = Model_Users::query()->select('fullname')->where('username', $username)->get(); $data['repass'] = $repass; $data['email'] = $email; $data['anchor'] = 'login'; $body = View::forge('login/email/autorepass', $data); //Eメールのインスタンス化 $sendmail = Email::forge(); //メール情報の設定 $sendmail->from('*****@*****.**', ''); $sendmail->to($email, $username); $sendmail->subject('パスワードの再発行'); $sendmail->html_body($body); //メールの送信 $sendmail->send(); $view = View::forge('login/success', $data); //該当者0のとき } else { $view = View::forge('login/contact', $data); $msg = '該当者が存在しませんでした。'; $view->set('msg', $msg); } //バリデーションエラー } else { $error = $val->error(); $view = View::forge('login/contact', $data); $view->set_global('error', $error, false); } //CSRF対策 } else { $view = View::forge('login/contact', $data); $msg = 'CSRF対策です'; $view->set('msg', $msg); } return $view; }
<?php echo \Form::open(array('action' => \Uri::current(), 'method' => 'post', 'id' => 'cart_form')); ?> <?php echo \Form::hidden('product_id', $product->id); ?> <?php echo \Form::hidden('attributeid', '', array('class' => 'attributeid')); ?> <?php if (isset($attr_obj)) { echo \Form::hidden('product_attribute_id', $attr_obj->id, array('class' => 'product_attribute_id')); } ?> <?php echo \Form::hidden(\Config::get('security.csrf_token_key'), \Security::fetch_token()); ?> <?php echo \Form::hidden('quantity', 1); ?> <span class="product-action add_to_cart"> <i class="icon icon-plus"></i> </span> <?php echo \Form::close(); ?> <?php } else { ?> <span class="product-action"> <i class="icon icon-search"></i>
/** * Add a CSRF token and a validation rule to check it */ public function add_csrf() { $this->add(\Config::get('security.csrf_token_key', 'fuel_csrf_token'), 'CSRF Token')->set_type('hidden')->set_value(\Security::fetch_token())->add_rule(array('Security', 'check_token')); return $this; }
/** * 掲示板新規登録・修正用フォーム作成 * @param type $board * @return type */ public function makeBBSRegistForm($board = null) { //Modelから投稿用フォームを取得 $bd = Model_Board::forge(); $postFormFieldSet = Fieldset::forge('newBBSForm'); $postFormFieldSet->add_model($bd); if ($board != null) { $postFormFieldSet->populate($board); } //処理内容追加 if ($board != null) { $postFormFieldSet->add('kind', '処理内容', array('type' => 'select', 'options' => array('修正' => ' 修正 ', '削除' => ' 削除 '))); } //CSRF対策用 $postFormFieldSet->add(Config::get('security.csrf_token_key'), '', array('type' => 'hidden', 'value' => Security::fetch_token())); //送信ボタン追加 $postFormFieldSet->add('submit', '<BR>', array('type' => 'submit', 'width' => 80, 'value' => '送信')); return $postFormFieldSet; }
<?php $token = Form::hidden(Config::get('security.csrf_token_key'), Security::fetch_token()); ?> <div id="contents-wrap"> <div id="main"> <?php if ($is_chenged) { ?> <p>Update success.</p> <?php } ?> <h3>Email</h3> <section class="content-wrap"> <form action="" method="post" enctype="multipart/form-data"> <ul class="forms"> <li> <h4>Reservation email</h4> <div> <label for="reservation-on"> <input <?php if (Input::post("need_reservation_email", $user->need_reservation_email) == 1) { echo "checked"; } ?> id="reservation-on" name="need_reservation_email" type="radio" value="1">On </label> <label for="reservation-off"> <input <?php if (Input::post("need_reservation_email", $user->need_reservation_email) == 0) {
public function action_csrf() { $this->data['token_key'] = Config::get('security.csrf_token_key'); $this->data['token'] = Security::fetch_token(); }
<td><?php echo $item->name; ?> </td> <td><?php echo $item->nb_posts; ?> </td> <td> <div class="btn-toolbar"> <div class="btn-group pull-right"> <?php echo Html::anchor('blog/admin/category/edit/' . $item->id, 'Edit', array('class' => 'btn btn-default btn-sm')); ?> <?php echo Html::anchor('blog/admin/category/delete/' . $item->id . '?' . \Config::get('security.csrf_token_key') . '=' . \Security::fetch_token(), 'Delete', array('onclick' => "return confirm('Are you sure?')", 'class' => 'btn btn-sm btn-danger')); ?> </div> </div> </td> </tr> <?php } ?> </tbody> </table> <?php } else { ?> <p>No Categories.</p>
public function action_newRegist() { $msg = Session::get('errorMsg'); Session::delete('errorMsg'); $loginFieldSet = Fieldset::forge('loginForm'); $loginFieldSet->add('username', 'ユーザー名', array('type' => 'text', 'size' => 20)); $loginFieldSet->add('password', 'パスワード', array('type' => 'text', 'size' => 20)); $loginFieldSet->add('email_', 'E-Mail', array('type' => 'text', 'width' => 80)); $loginFieldSet->repopulate(); $this->setBoardTitle(); $dsc2 = <<<END <BR>\t\t\t\t <div id = 'article'> 新規ユーザー登録を行います。<BR> フォームに入力後、登録したメールアドレス宛てに確認メールが届きます。<BR> メールの文中のリンクをクリックすると、登録完了となります。<BR> </div> END; $this->template->set('boardDescription2', $dsc2, false); //CSRF対策用 $loginFieldSet->add(Config::get('security.csrf_token_key'), '', array('type' => 'hidden', 'value' => Security::fetch_token())); //送信ボタン追加 $loginFieldSet->add('submit', '投稿', array('type' => 'submit', 'width' => 80, 'value' => ' 送信 ')); $content = View::forge('index/newregist'); $content->set('loginForm', $loginFieldSet->build('index/newUser'), false); //エラーメッセージ設定 if ($msg != null) { $content->set('msg', $msg, false); } //no follow $this->template->nofollow = true; $this->template->content = $content; }
<BR> <?php if (Auth::check()) { ?> <p style="margin-left:30px;"><a href ="/bbsadmin/index">掲示板管理・作成</a></p> <?php } else { ?> <form action="/index/login" method="post"> UserName<input type="text" name="username" size="10"> PassWord<input type="password" name="password" size="10"> <input type="hidden" name="<?php echo \Config::get('security.csrf_token_key'); ?> " value="<?php echo \Security::fetch_token(); ?> " /> <input type="submit" value="ログイン"> <a href ="/index/newRegist" rel="nofollow">新規ユーザー登録</a> </form> <?php } ?> </div> <?php if (isset($msg)) { echo $msg; }
/** * Create a CSRF hidden field * * @return string */ public static function csrf() { return static::hidden(\Config::get('security.csrf_token_key', 'fuel_csrf_token'), \Security::fetch_token()); }
/** * Gets form by platform * * @access private * @param $platform platform of database * @return Fieldset */ private static function _get_form($platform) { Model_Dbdocs::set_properties($platform); $fieldset = Fieldset::forge()->add_model(Model_Dbdocs::forge()); $fieldset->add('submit', '', array('type' => 'submit', 'value' => 'Generate')); $fieldset->add(Config::get('security.csrf_token_key'), Config::get('security.csrf_token_key'), array('type' => 'hidden', 'value' => Security::fetch_token())); return $fieldset; }
public function action_Adetail($Pid = 0) { //トークンの生成 $this->data['token_key'] = Config::get('security.csrf_token_key'); $this->data['token'] = Security::fetch_token(); //投稿内容取得 $this->data['posts'] = Model_Post::query()->where('Pid', '=', $Pid)->get(); $is_record = count($this->data['posts']); //投稿IDが存在し、そのレコードが取得されているか if ($is_record) { $this->data['comments'] = Model_Comment::query()->where('Pid', '=', $Pid)->get(); $this->action_categorize(); $view = View::forge('post/PostsDetail_2', $this->data); $view->set_global('error', $this->error, false); return $view; } else { Response::redirect('_404_'); } }
public function build($data = array(), $edit_mode = false) { if ($this->check_csrf) { $this->add_field(static::$csrf_token_key, 'CSRF Token', \Security::fetch_token(), array('type' => 'hidden'), array('Security', 'check_token')); } $form_open = \Form::open($this->attributes); $form_close = \Form::close(); $fields = ''; is_null($this->sequence) and $this->sequence = array_keys($this->fields); foreach ($this->sequence as $f) { if ($f[0] == '<') { $fields .= $f; continue; } $props = $this->fields[$f]; if ($f == static::$csrf_token_key) { $value = ''; } else { $value = \Input::post($f, !empty($data) ? $data->{$f} : ''); } $label = $props['label']; $form = $props['form']; $type = isset($form['type']) ? $form['type'] : 'input'; $options = isset($form['options']) ? $form['options'] : array(); $attr = isset($form['attr']) ? $form['attr'] : array(); $errors = $this->error(); if ($edit_mode and !$form['editable'] and !array_key_exists('readonly', $attr)) { $attr['readonly'] = 'readonly'; } switch ($type) { case false: continue; case 'hidden': $fields .= \Form::hidden($f, $value); break; case 'textarea': $fields .= static::textarea($f, $value, $attr, $label, $errors); break; case 'password': $fields .= static::password($f, $value, $attr, $label, $errors); break; case 'radio': $fields .= static::radio_group($f, $options, $value, false, $attr, $label, $errors); break; case 'checkbox': $fields .= static::checkbox_group($f, $options, $value, false, $attr, $label, $errors); break; case 'select': $fields .= static::select($f, $value, $options, $attr, $label, $errors); break; case 'lookup': default: $fields .= static::input($f, $value, $attr, $label, $errors); } $fields .= PHP_EOL; } $form_actions = static::render_buttons($this->buttons); return static::template('form', array('{open}', '{fields}', '{form_buttons}', '{close}'), array($form_open, $fields, $form_actions, $form_close)); }
public function action_category($Kid = 0) { //CSRF対策 $this->data['token_key'] = Config::get('security.csrf_token_key'); $this->data['token'] = Security::fetch_token(); //カテゴリごとの投稿件数を取得 $count = Model_Post::query()->where('Kid', '=', $Kid)->count(); //ページネーションの設定(カテゴリごとの投稿表示仕様) $config = array('pagination_url' => 'noteshare/home/category/' . $Kid, 'uri_segment' => 4, 'num_links' => 3, 'per_page' => $this->per_page, 'total_items' => $count, 'show_first' => true, 'show_last' => true); $pagination = Pagination::forge('post_pagination', $config); //記事とカテゴリの情報を取得する $this->data['rows'] = Model_Post::query()->where('Kid', '=', $Kid)->order_by('Ptime', 'desc')->limit($this->per_page)->offset($pagination->offset)->get(); $this->action_categorize(); //homeのビューオブジェクトを生成 if (!$count) { $view = View::forge('home/home', $this->data); $view->set_safe('pagination', $pagination); //メッセージの定義 $this->msg = '現在このカテゴリの投稿はありません。'; $view->set_global('error', $this->error, FALSE); $view->set_global('csrmsg', $this->csrmsg, false); $view->set_global('msg', $this->msg, false); } else { $view = View::forge('home/home', $this->data); $view->set_safe('pagination', $pagination); //メッセージの定義 $view->set_global('error', $this->error, FALSE); $view->set_global('csrmsg', $this->csrmsg, false); $view->set_global('msg', $this->msg, false); } return $view; }
/** * 投稿用フォームを作成 * @param type $board Model_Boardオブジェクト * @return type */ public function makePostFormFieldSet($board, $article = null) { //Modelから投稿用フォームを取得 $ar = Model_Article::forge(); $postFormFieldSet = Fieldset::forge('postForm'); $postFormFieldSet->add_model($ar); if ($article != null) { $postFormFieldSet->populate($article); } else { $postFormFieldSet->repopulate(); } //レスの場合、タイトルはつかないのでhiddenにする if ($article != null) { if ($article->commentOf != 0) { $postFormFieldSet->field('title')->set_type('hidden'); } } //画像送信用フィールド追加 if ($board->allowAttach == true) { if ($article == null) { $postFormFieldSet->set_config('form_attributes', array('enctype' => 'multipart/form-data')); $postFormFieldSet->add('Image1', '画像1', array('type' => 'file')); $postFormFieldSet->add('Image2', '画像2', array('type' => 'file')); $postFormFieldSet->add('Image3', '画像3', array('type' => 'file')); } } //2ch型掲示板では、書き込み者の情報を簡略化 if ($board->type == 2) { $postFormFieldSet->field('authorAge')->set_type('hidden'); $postFormFieldSet->field('authorPrefecture')->set_type('hidden'); $postFormFieldSet->field('authorAge')->set_type('hidden'); $postFormFieldSet->field('authorIsMale')->set_type('hidden'); $postFormFieldSet->field('authorProfile')->set_type('hidden'); } if ($board->allowXvideos != true) { $postFormFieldSet->field('xvideosURL')->set_type('hidden'); } //送信ボタン追加 if ($article != null) { $postFormFieldSet->add('submit', '修正', array('type' => 'submit', 'width' => 80, 'value' => '送信')); } else { $postFormFieldSet->add('submit', '投稿', array('type' => 'submit', 'width' => 80, 'value' => '送信')); } //CSRF対策用 $postFormFieldSet->add(Config::get('security.csrf_token_key'), '', array('type' => 'hidden', 'value' => Security::fetch_token())); //BBSのIDをHiddenでフォームに仕込む(bbsidはModel_Articleに含まれるのでbbsId_にする) $postFormFieldSet->add('bbsId_', '', array('type' => 'hidden', 'value' => $board->id)); return $postFormFieldSet; }