public function appLogin($params)
{
// Determine where to redirect to once logged in
$refererUrl = isset($_POST['refererUrl']) ? $_POST['refererUrl'] : (isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : "http://" . UrlCommand::createAbsoluteUrl('core'));
// Test
if (isset($_POST['password'])) {
if ($_POST['password'] == Config::get('app.password')) {
// Grant admin access
Core::setAdminAccess(TRUE);
// Redirect to referring URL
header("Location: {$refererUrl}");
exit;
} else {
SystemLog::add('Login incorrect.', SystemLog::WARNING);
}
}
// Prepare view
$view = new View();
$view->setSource(Config::get('core.dir.views') . '/core/app-login.tpl.php');
$view->rUrl = $refererUrl;
return $this->wrapper($view);
}
/**
* @param string $actionCommand Action to invoke (lower-hyphenated format, ie. action-command)
* @return View
*/
public final function invokeAction($actionCommand)
{
// Convert the action name to the format used for class method names
// (ie. ActionName)
$actionMethodName = Inflector::actionCommand_actionMethod($actionCommand);
// Disregard this invocation if the $actionMethodName is listed in the
// $allPrivateMethods array
if (in_array($actionMethodName, $this->allPrivateMethods)) {
return $this->unknown($this->params, $actionMethodName);
}
// Invoke the method (ensuring it's "public"), or the 'unknown' method
// if it doesn't exist
if (method_exists($this, $actionMethodName)) {
$r = new ReflectionClass($this);
$m = $r->getMethod($actionMethodName);
if (!$m->isPublic() || $m->getName() !== $actionMethodName) {
SystemLog::add(['Attempting to call a non-public action method: %s', $actionMethodName], SystemLog::FATAL);
return new View();
} else {
return $this->{$actionMethodName}($this->params);
}
} else {
return $this->unknown($this->params, $actionCommand);
}
}
/**
* This method allows you to execute any arbitrary SQL statement and the
* results are returned as a PDOStatement, or FALSE if the query failed.
*
* If you want to use numeric parameters (ie. SELECT * FROM x WHERE y=?)
* then pass $params as a normal 0-indexed array.
* However, if you want to use named parameters
* (ie. SELECT * FROM x WHERE y=:myparam), then send $params as a hash
* key=>value pairs of ":param"=>"value".
*
* Really, you could just as easily use the PDO functions directly in your
* code. This will give you more flexibilty with setting attributes, etc.
* Just try to keep all database code within your Model or ModelManager
* classes.
*
* @param string|\Buan\ModelCriteria The query to execute
* @param array Parameters to bind to the query
* @param string The DB connection through which the query will be executed
* @return \PDOStatement
* @throws \PDOException
*/
public static function sqlQuery($sql, $params = [], $connection = null)
{
// Get the database connection
if (is_null($connection)) {
try {
$connection = Database::getConnection('default');
} catch (Exception $e) {
SystemLog::add($e->getMessage(), SystemLog::WARNING);
return false;
}
}
// Execute the query
try {
if ($sql instanceof ModelCriteria) {
$sql = $sql->sql();
$stmt = $connection->prepare($sql->query);
foreach ($sql->bindings as $binding) {
$stmt->bindValue($binding->parameter, $binding->value, $binding->dataType);
}
$stmt->execute();
} else {
if (count($params) > 0) {
$stmt = $connection->prepare($sql);
$stmt->execute($params);
} else {
$stmt = $connection->query($sql);
}
}
return $stmt;
} catch (PDOException $e) {
$dbg = debug_backtrace();
$msg = $e->getMessage() . " (source: {$dbg[0]['file']} line {$dbg[0]['line']})";
throw new PDOException($msg);
return false;
}
}