function action_order() { session_start(); $model = $_SESSION['basket']; $login = $_SESSION["login"]; if (!is_null($_SESSION["login"])) { $account = AccountService::GetByName($login, true); $order = OrderHelper::PopulateOrderFromBasketViewModel($model, $account->account_id); $order = OrderService::Create($order); $products = $model->products; for ($i = 0; $i < count($products); $i++) { for ($j = 0; $j < $model->counts[$i]; $j++) { $orderlist = new OrderList(); $orderlist->order_id = $order->order_id; $orderlist->product_id = $products[$i]->Id; OrderListService::Create($orderlist); } } $_SESSION['basket'] = null; EmailService::SendNewOrderMessage($account, $order->order_id, $model->SumPrice()); $data = $order->order_id; $this->view->generate('Order_view.php', 'template_view.php', $data); } else { header('Location: /Account/login'); } }
public static function Verification($permission_name, $crud = __CanRead__) { session_start(); $account_name = $_SESSION['login']; if (!is_null($account_name)) { $account = AccountService::GetByName($account_name, true); if (!is_null($account)) { $roles = UserRoleService::GetByUserId($account->account_id); $permission = PermissionService::GetByName($permission_name); $res = false; for ($i = 0; $i < count($roles); $i++) { $rps = RolePermissionService::GetByRoleIdPermissionId($roles[$i]->role_id, $permission->permission_id); foreach ($rps as $value) { $rr = PermissionHelper::setPermissionFlag(__CanCreate__, $value->cancreate) | PermissionHelper::setPermissionFlag(__CanRead__, $value->canread) | PermissionHelper::setPermissionFlag(__CanUpdate__, $value->canupdate) | PermissionHelper::setPermissionFlag(__CanRemove__, $value->canremove); if (($rr & $crud) == $crud) { $res = true; } } } } } else { header('Location: /account/permission'); } if (!$res) { header('Location: /account/permission'); } }
public static function Get($accountName, $password) { $account = AccountService::GetByName($accountName, true); if ($account->passwordkey == hash_pbkdf2("sha256", $password, $account->passwordsalt, 1000, 20)) { return $account; } else { return null; } }
function action_newReview() { session_start(); $login = $_SESSION["login"]; if (!is_null($login)) { $tovarId = $_POST['tovarId']; $review = new Review(); $review->product_id = $tovarId; $review->account_id = AccountService::GetByName($login, true)->account_id; $review->value = $_POST['reviewText']; ReviewService::Create($review); header("Location: /Review/thanks"); } else { header("Location: /Account/Login"); } }