public function upload_sell_order()
{
$display = true;
if (isset($_POST['sell_order_file_submit']) && trim($_POST['sell_order_file_submit']) !== '') {
try {
$this->form_validation->set_rules('upload_type', 'Sell Order File Type', 'trim|required|numeric');
if ($this->form_validation->run() === false) {
throw new Exception(validation_errors());
}
$validFile = $this->_validateSellOrderFile();
if ($_POST['upload_type'] == FILE_UPLOAD_TYPE_EBAY) {
$output = $this->uploader->uploadEbaySellOrderFile($_FILES['sell_order_file']);
$this->load->view('smart_view', array('header' => true, 'footer' => true, 'source' => 'admin/upload_file_result', 'data' => array('output' => $output)));
$display = false;
}
} catch (Exception $ex) {
setSessionData('view_error_message', $ex->getMessage());
}
}
if ($display) {
$param = array('source' => 'admin/upload_file', 'header' => true, 'footer' => true);
$fileUploadTypeArray = array(FILE_UPLOAD_TYPE_EBAY => 'eBay File Upload', FILE_UPLOAD_TYPE_WEBSITE => 'Website File Upload', FILE_UPLOAD_TYPE_OTHER => 'Other File Upload');
$param['data'] = array();
$param['data']['fileUploadTypeArray'] = $fileUploadTypeArray;
$this->load->view('smart_view', $param);
}
}
public function create()
{
//$this->product->releaseUnusedBookedProducts();
//die();
if (isset($_POST['sell_order_create_submit']) && trim($_POST['sell_order_create_submit']) !== '') {
try {
/// first check the form inputs ///
$validData = $this->_validateInputForCreate();
/// now gather the customer infos and try to find/create customer ///
$customerOption['first_name'] = $_POST['txt_first_name'];
$customerOption['last_name'] = $_POST['txt_last_name'];
$customerOption['ebay_id'] = $_POST['txt_ebay_id'];
$customerOption['email'] = $_POST['txt_email'];
$customerOption['phone'] = $_POST['txt_contact_no'];
$customerOption['address_line_1'] = $_POST['txt_address_line_1'];
$customerOption['address_line_2'] = $_POST['txt_address_line_2'];
$customerOption['address_suburb'] = $_POST['txt_suburb'];
$customerOption['address_postcode'] = $_POST['txt_postcode'];
$customerOption['address_state_id'] = $_POST['select_state'];
/////////////////////////////////////////////////////////////
/// now gather infos for sell order ///
$sellOrderOption['consignment_no'] = $_POST['txt_consignment_no'];
$sellOrderOption['delivery_method_id'] = $_POST['select_delivery_method'];
$sellOrderOption['sell_order_status_id'] = $_POST['select_sell_order_status'];
$sellOrderOption['additional_comments'] = $_POST['txt_additional_comments'];
$sellOrderOption['order_total_inc'] = $_POST['txt_price_inc'];
$sellOrderOption['sell_source_id'] = $_POST['select_sell_source'];
$sellOrderOption['payment_method_id'] = $_POST['select_payment_method'];
$sellOrderOption['payment_reference_no'] = $_POST['txt_payment_reference'];
$sellOrderOption['product_instances'] = $piArray = json_decode(trim($_POST['hdn_pi_ids']));
/////////////////////////////////////////////////////////////////////////
$sellOrderId = $this->sell_order->createSellOrder($customerOption, $sellOrderOption);
setSessionData('view_success_message', "A new Sell order created successfully");
redirect('sell/create');
} catch (Exception $ex) {
setSessionData('view_error_message', $ex->getMessage());
}
}
$stateArray = $this->customer->getStates();
$productArray = $this->product->getProductsWithSOHCount(false, array(PRODUCT_AVAILABLE));
$statusArray = $this->sell_order->getSellOrderStatuses();
$sourceArray = $this->sell_order->getSellSources();
$deliveryArray = $this->sell_order->getDeliveryMethods();
$paymentMethodArray = $this->sell_order->getPaymentMethods();
$data = array('productArray' => $productArray, 'stateArray' => $stateArray, 'statusArray' => $statusArray, 'sourceArray' => $sourceArray, 'deliveryArray' => $deliveryArray, 'paymentMethodArray' => $paymentMethodArray);
$param = array('header' => true, 'footer' => true, 'source' => 'order/create_order', 'data' => $data);
$this->load->view('smart_view', $param);
}
function checkPassword($login, $password)
{
$passwordFile = file('passwords.txt');
foreach ($passwordFile as $string) {
$usersData[explode('=', $string)[0]] = trim(explode('=', $string)[1]);
}
if (array_key_exists($login, $usersData)) {
if ($usersData[$login] == $password) {
setSessionData();
} else {
header('Location:/auth.php?action=errorWrongUserData');
}
} else {
header('Location:/auth.php?action=errorWrongUserData');
}
}
/**
* Login processor for admin panel
*/
function login()
{
$this->set("title", "Sevasetu | Login Processor");
initiateSession();
$username = sqlSafe($_POST['username']);
$password = sqlSafe($_POST['password']);
$adminData = $this->Admin->getAdminByUsername($username);
if ($adminData == false) {
$this->set("message", "Database error");
return;
}
if (generateHash($password . $adminData['admins_salt']) == $adminData['admins_password']) {
setSessionData("admin_hash", md5($adminData['admins_salt']));
$this->set("message", "Login Successful. You will be redirected in a moment... If not then click here");
} else {
$this->set("message", "Username/Password Incorrect");
}
}
function checkLoginPassword($login, $password)
{
// Проверяем наличие логина в БД
if (checkLoginExistence($login)) {
// Логины хранятся в БД в нижнем регистре
$login = mb_strtolower($login);
// Получаем пароль для указаного пользователя
$query = "SELECT password FROM users WHERE login = '******'";
$result = mysqli_fetch_array(executeQuery($query, "get"))[0];
// Сверяем пароль и устанавливаем данные сессии, в случае успешной проверки. В случае неудачи возвращаем ошибку
if (password_verify($password, $result)) {
setSessionData($login, $result);
} else {
header('Location:/?action=authentication&message=errorWrongUserData');
}
} else {
header('Location:/?action=authentication&message=errorWrongUserData');
}
}
public function view_stock_count()
{
$param = $dataArray = array();
if (isset($_POST['view_stock_count_submit']) && trim($_POST['view_stock_count_submit']) !== '') {
try {
$this->form_validation->set_rules('product_id', 'Product', 'trim');
$this->form_validation->set_rules('warehouse_id', 'Warehouse', 'trim');
$this->_validateStockCountReportInput($_POST);
//if($this->form_validation->run() === false)
// throw new Exception(validation_errors());
$whProductArray = $this->product->getStockCountReportForProduct($_POST);
if (($productId = trim($_POST['product_id'])) !== '') {
if (($product = $this->product->getProduct($productId)) !== false) {
$dataArray['searchProduct'] = $product;
}
}
$dataArray['result'] = $whProductArray;
} catch (Exception $ex) {
setSessionData('view_error_message', $ex->getMessage());
}
}
$param['header'] = true;
$param['footer'] = true;
$param['source'] = 'product/view_stock_count';
$param['data'] = $dataArray;
$this->load->view('smart_view', $param);
}
header("Location:?");
}
if ($_SESSION["installType"] == "BASIC") {
header("Location:?page=3");
}
/*********************************************************
This script is used to autogenerate the ADVANCE pages
*********************************************************/
include "lib/parameters.inc";
$group = isset($_POST["group"]) && $_POST["group"] > 0 && $_POST["group"] < sizeof($parameters) ? $_POST["group"] : 0;
$msg = "";
getSessionData($parameters[$group]["parameters"]);
if (isset($_POST['option']) && $_POST['option'] != "") {
if ($_POST['option'] != 'Back') {
getPostVariables($parameters[$group - 1]["parameters"]);
setSessionData($parameters[$group - 1]["parameters"]);
if ($_POST['option'] == "Finish") {
header("Location:?page=3");
}
}
}
$withAdvanced = 0;
while (!$withAdvanced) {
$estruct = $parameters[$group]["parameters"];
$title = $GLOBALS["I18N"]->get($parameters[$group]['name']);
$HTMLElements = getHTMLElements($estruct, "ADVANCED");
$JSElements = getJSValidations($estruct, "ADVANCED");
if (is_bool($HTMLElements) && !$HTMLElements) {
$withAdvanced = 0;
} else {
$withAdvanced = 1;
/**
* Pure FileMaker login function to authenticate user with login form and FileMaker
* @param $dbHandle -- FileMaker DB connection handle
* @param $post -- $_POST[] array
* @param $site_prefix -- Site prefix to include port type SSL or 80
*/
function authenticateFMOnly($dbHandle, $post, $site_prefix)
{
global $log, $bypassPassword;
$loginLayout = '[WEB] Login';
$log->debug("Now entering FileMaker Authentication processing");
$ePassword = encryptPassowrdKey($post['password']);
$searchHandle = $dbHandle->newFindCommand($loginLayout);
$searchHandle->addFindCriterion('User_Name_ct', "==" . $post['username']);
$loginResult = $searchHandle->execute();
if (FileMaker::isError($loginResult)) {
$error = "Authentication Failure";
$log->error("authenticateFMOnly - Login Error: " . $loginResult->getMessage() . " username " . $post['username']);
header("location: " . $site_prefix . "login.php?error=" . $error);
exit;
}
//More than one user record with the same username value is a serious error
//TODO: redirect this error to the access error page as this is not something the user can correct on their own
if ($loginResult->getFoundSetCount() > 1) {
$error = "Contact System Adminstrator";
$log->error("authenticateFMOnly - More than 1 username Error: " . $error . " username: "******"location: " . $site_prefix . "login.php?error=" . $error);
exit;
}
$userRecord = $loginResult->getFirstRecord();
$log->debug("Now have user record check if Pin or password matches");
//TODO revisit this once the LDAP issuer is resolved at FOX this is temporary to bypass the validation
//TODO the bypass flag should be removed once the LDAP is resolved
if ($bypassPassword || isPasswordPinMatch($userRecord->getField('User_Password_Hash_t'), $ePassword) || isPasswordPinMatch($userRecord->getField('User_Pin_Hash_t'), $ePassword)) {
$log->debug("Now call session creation for FM full authentication");
setSessionData($userRecord, $site_prefix);
} else {
$error = "Authentication Failure";
$log->info("loginProcessing.php - processLogin() - Last Check Authentication Error: " . $error . " username: "******"location: " . $site_prefix . "login.php?error=" . $error);
exit;
}
}
/**
* Log in processor
*
* Starts the session if the user is validated
*/
function loginauth()
{
$this->set("title", "IEEE NIEC | User Login");
$username = sqlSafe($_POST['username']);
$password = sqlSafe($_POST['password']);
$salt = $this->User->getUserSalt($username);
if ($salt == false) {
$this->set("message", "Username/Password Invalid");
} else {
$inPass = $this->User->getUserPassword($username);
if ($inPass == generateHash($password . $salt) && $this->User->getUserStatus($username) == 1) {
$userID = $this->User->getUserID($username);
initiateSession();
setSessionData("user_id", md5($userID));
setSessionData("user_username", $username);
setSessionData("user_identifier", md5($_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR']));
$this->set("message", "Login successful");
header("LOCATION: /indexs/home");
} else {
$this->set("message", "Username/Password Invalid or Account not activate.");
}
}
}
function checkLoginPassword($login, $password)
{
// Проверяем наличие логина в БД
if (checkLoginExistence($login)) {
// Логины хранятся в БД в нижнем регистре
$login = mb_strtolower($login);
// Создаем подключени е БД и проверяем его. Если подключения нет прекращаем всю работу и выводим ошибку
$galleryDbConnect = mysqli_connect('localhost', 'root', '', 'gallery_db');
if (!$galleryDbConnect) {
die(mysqli_connect_error());
}
// Получаем пароль для указаного пользователя
$query = "SELECT password FROM users WHERE login = '******'";
$result = mysqli_fetch_array(mysqli_query($galleryDbConnect, $query))[0];
// Сверяем пароль и устанавливаем данные сессии, в случае успешной проверки. В случае неудачи возвращаем ошибку
if (password_verify($password, $result)) {
setSessionData($login);
} else {
header('Location:/auth.php?action=errorWrongUserData');
}
} else {
header('Location:/auth.php?action=errorWrongUserData');
}
}
if ($submited) {
/* The code above take the mission to check some mail data
enter by the user in the Step 1.
*/
echo "<!-- " . __FILE__ . " -->\n";
getPostVariables($bounce_def);
$mail_test = processPopTest($message_envelope, $bounce_mailbox_host, $bounce_mailbox_user, $bounce_mailbox_password);
echo "<!-- mail test: " . __FILE__ . " -->\n";
if (!$mail_test) {
echo "<!-- getting HTML elements: " . __FILE__ . " -->\n";
$HTMLElements = getHTMLElements($bounce_def);
$inTheSame = 1;
echo "<!-- AFTER getting HTML elements: " . __FILE__ . " -->\n";
$msg = $GLOBALS["I18N"]->get("Connection refused, check your host, user or password");
} else {
setSessionData($bounce_def);
//$_SESSION["bounce_envelope"] = $bm_mail;
//$_SESSION["bounce_host"] = $bm_host;
//$_SESSION["bounce_user"] = $bm_user;
//$_SESSION["bounce_pass"] = $bm_pass;
$inTheSame = 0;
header("Location:?page=" . ($page + 1));
}
} else {
$msg = "";
$inTheSame = 1;
getSessionData($bounce_def);
$HTMLElements = getHTMLElements($bounce_def);
$JSElements = getJSValidations($bounce_def, $_SESSION["installType"]);
}
include "installer/lib/js_nextPage.inc";
include "lib/parameters.inc";
genPHPVariables($database_def, "BASIC");
if ($submited) {
/* The code above take the mission to validate the database data
enter by the user in the Step 0.
*/
getPostVariables($database_def);
$errno = check_connection($database_host, $database_user, $database_password, $database_name);
$errno_arr = explode("|", $errno);
$msg = $errno_arr[1];
$_SESSION['dbCreatedSuccesfully'] = $errno_arr[2];
if ($errno_arr[0] > 0) {
$HTMLElements = getHTMLElements($database_def);
$inTheSame = 1;
} else {
setSessionData($database_def);
$inTheSame = 0;
header("Location:?page=" . ($page + 1));
}
} else {
$msg = "";
$inTheSame = 1;
getSessionData($database_def);
$HTMLElements = getHTMLElements($database_def, "BASIC");
}
include "installer/lib/js_nextPage.inc";
$dbname = $GLOBALS["I18N"]->get($GLOBALS['strJsDbName']);
$dbhost = $GLOBALS["I18N"]->get($GLOBALS['strJsDbHost']);
$dbuser = $GLOBALS["I18N"]->get($GLOBALS['strJsDbUser']);
$dbpass = $GLOBALS["I18N"]->get($GLOBALS['strJsDbPass']);
?>
<?php
require_once '../include/share.php';
if ($_GET["func"] == "login") {
$db = connectDB();
$userid = $_POST["user_id"];
$password = $_POST["password"];
$userinfo = login($db, $userid, $password);
if ($userinfo != null) {
setSessionData("userinfo", $userinfo);
header("Location: index.php");
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>SYSTEM MANAGEMENT LOGIN PAGE</title>
<link rel="stylesheet" type="text/css" href="css/styles.css" />
<script language="JavaScript">
function onCompletedLoad()
{
document.getElementById('user_id').focus();
document.getElementById('user_id').select();
}
</script>
} else {
$item["type" . $no] = "channel-stop";
}
// check if abi is constant
$session_abi_key = "abi_" . $row["channelid"] . "_" . $row["serverid"];
if ($session_abi != null && $session_abi[$session_abi_key . 'time'] != null && time() - $session_abi[$session_abi_key . 'time'] > ABI_CHECK_TIMEOUT && $session_abi[$session_abi_key] != null && $session_abi[$session_abi_key] == $row["abi"] && $row["abi"] != '' && $item["type" . $no] == "channel-play" && $item["grouptype"] != 2) {
$item["type" . $no] = "channel-alert";
}
if ($session_abi == null || $session_abi[$session_abi_key] != $row["abi"] || $session_abi[$session_abi_key . 'time'] == null) {
$session_new_abi[$session_abi_key . 'time'] = time();
} else {
$session_new_abi[$session_abi_key . 'time'] = $session_abi[$session_abi_key . 'time'];
}
$session_new_abi[$session_abi_key] = $row["abi"];
}
setSessionData('abi_list', $session_new_abi);
if ($item != null) {
$data[] = $item;
}
responseData(true, null, $data);
break;
case 'get_server_setting':
$id = getQueryData('serverid');
$sql = "select name, ip, memo from tbl_server where delete_flag=0 and id=" . $id;
$result = querySQL($db, $sql);
$data = array();
$row = mysql_fetch_assoc($result);
if ($row) {
/*
$req = array('func' => 'get_server_setting');
$ret = SendSocketRequest($row["ip"], STREAMSERVERPORT, $req);
function checkPassword($login, $password)
{
// Считываем строки из файла с паролями, разбиваем на имя пользователя и пароль
$passwordFile = file('passwords.txt');
foreach ($passwordFile as $string) {
$usersData[explode('=', $string)[0]] = trim(explode('=', $string)[1]);
}
// Проверяем наличие логина в файле паролей, если такого логина нет, возвращаем на страницу авторизациис оповещением об ошибке
if (array_key_exists($login, $usersData)) {
// Проверяем совпадение сочетания логина и пароля, если не совпадает, возвращаем на страницу авторизациис оповещением об ошибке
if ($usersData[$login] == $password) {
// Вызываем функцию установки параметров сессии
setSessionData();
} else {
header('Location:/auth.php?action=errorWrongUserData');
}
} else {
header('Location:/auth.php?action=errorWrongUserData');
}
}