{ $this->orderModel = new ViewCorporateOrders($models, $orderData); } public function setOrders() { $this->orders = $this->orderModel->setOrders(); } public function getOrders() { return $this->orders; } } if (isset($_POST['submit']) || isset($_GET['submit'])) { extract($_POST); extract($_GET); $auth = new Authenticate(); $isAjax = isset($isAjax) && $auth->isAjax() ? true : false; $pdo = new PDOSingleton(PDOSingleton::ADMINUSER); $errorRunner = new ErrorRunner(); $logger = new FullLog('Corporate Viewing Orders'); $logger->serverData(); $checkAuth = new CheckAuth($logger); $errors = []; $orderID = !empty($orderid) ? $auth->cInt($orderid) : null; $isCorporate = $checkAuth->isCorporate(); $employeeID = !empty($_SESSION['employeeid']) ? $auth->cInt($_SESSION['employeeid']) : null; $employeeID || ($errors[] = "No customer id. You have most likely timed out. Log out and log back in."); $isCorporate || ($errors[] = "You are not authenticated as a corporate user."); $models = new stdClass(); $models->pdo = $pdo; $models->errorRunner = $errorRunner;
private $models; private $orderData; public function __construct(stdClass $models, stdClass $orderData) { parent::__construct($models); $this->order = new RemoveOrder($models, $orderData); } public function removeOrder() { $this->data = $this->order->removeOrder(); } } if (isset($_POST['submit']) || isset($_GET['submit'])) { extract($_POST); extract($_GET); $auth = new Authenticate(); $isAjax = isset($isAjax) && $auth->isAjax() ? true : false; $pdo = new PDOSingleton(PDOSingleton::ADMINUSER); $errorRunner = new ErrorRunner(); $logger = new FullLog('Customer Remove Order'); $logger->serverData(); $checkAuth = new CheckAuth($logger); $errors = []; $action = !empty($action) ? $action : null; $orderID = !empty($id) ? $auth->cInt($id) : null; $isCustomer = $checkAuth->isCustomer(); $customerID = !empty($_SESSION['customerid']) ? $auth->cInt($_SESSION['customerid']) : null; $orderID || ($errors[] = "No orderid was specified on this request."); $customerID || ($errors[] = "No customer id. You have most likely timed out. Log out and log back in."); $isCustomer || ($errors[] = "You are not authenticated as a customer."); $csrf = !empty($csrf) ? $csrf : null;
private $customerData = []; private $models; private $newCustomer; public function __construct(stdClass $models, stdClass $customer) { $this->newCustomer = new AddNewCustomer($models, $customer); } public function addNewCustomer() { $this->data = $this->newCustomer->addNewCustomer(); } } if (isset($_POST['submit']) || isset($_GET['submit'])) { extract($_POST); extract($_GET); $auth = new Authenticate(); $isAjax = isset($isAjax) && $auth->isAjax() ? true : false; $pdo = new PDOSingleton(PDOSingleton::CUSTOMERUSER); $errorRunner = new ErrorRunner(); $logger = new FullLog('Add New Customer Form'); $logger->serverData(); $checkAuth = new CheckAuth($logger); $redis = new RedisSingleton(); $blackList = new BlackLister($redis); $error = error_get_last(); $errors = []; $files = null; if ($numFiles) { for ($i = 0; $i < intval($numFiles); $i += 1) { $files = $_FILES; }
private $orderData; private $orderModel; public function __construct(stdClass $models, stdClass $orderData) { parent::__construct($models); $this->orderModel = new AddNewCorporateOrder($models, $orderData); } public function addOrder() { $this->data = $this->orderModel->addOrder(); } } if (isset($_POST['submit']) || isset($_GET['submit'])) { extract($_POST); extract($_GET); $auth = new Authenticate(); $isAjax = isset($isAjax) && $auth->isAjax() ? true : false; $pdo = new PDOSingleton(PDOSingleton::ADMINUSER); $errorRunner = new ErrorRunner(); $logger = new FullLog('Employee Add New Order'); $logger->serverData(); $checkAuth = new CheckAuth($logger); $errors = []; $action = !empty($action) ? $action : null; $isAdmin = $checkAuth->isAdmin(); $customerID = !empty($customerID) ? $auth->cInt($customerID) : null; $totalOrdered = !empty($totalOrdered) ? $auth->cInt($totalOrdered) : null; $csrf = !empty($csrf) ? $csrf : null; $groupID = !empty($_SESSION['groupid']) ? $_SESSION['groupid'] : null; $customerID || ($errors[] = "No customer id was sent over on the request."); $isAdmin || ($errors[] = "You are not authenticated as an admin.");
private $models; private $orderData; public function __construct(stdClass $models, stdClass $orderData) { parent::__construct($models); $this->order = new RemoveOrderCorporate($models, $orderData); } public function removeOrder() { $this->data = $this->order->removeOrder(); } } if (isset($_POST['submit']) || isset($_GET['submit'])) { extract($_POST); extract($_GET); $auth = new Authenticate(); $isAjax = isset($isAjax) && $auth->isAjax() ? true : false; $pdo = new PDOSingleton(PDOSingleton::ADMINUSER); $errorRunner = new ErrorRunner(); $logger = new FullLog('Corporate Remove Order'); $logger->serverData(); $checkAuth = new CheckAuth($logger); $errors = []; $orderID = !empty($id) ? $auth->cInt($id) : null; $isAdmin = $checkAuth->isAdmin(); $groupID = !empty($_SESSION['groupid']) ? $auth->cInt($_SESSION['groupid']) : null; $orderID || ($errors[] = "No orderid was specified on this request."); $groupID || ($errors[] = "No group id. You have most likely timed out. Log out and log back in."); $isAdmin || ($errors[] = "You are not an admin and cannot perform this action."); $csrf = !empty($csrf) ? $csrf : null; if (!isset($_SESSION['csrf_token']) || $_SESSION['csrf_token'] !== $csrf) {
$this->customerLogin = new BadCustomerLogin($models, $customerLoginData); } public function verifyLogin() { $this->data = $this->customerLogin->checkCustomerLogin(); } public function jsonSerialize() { return $this->data; } } if (isset($_POST['submit']) || isset($_GET['submit'])) { extract($_GET); extract($_POST); $errors = []; $auth = new Authenticate(); $errorRunner = new ErrorRunner(); $redis = new RedisSingleton(); $blackList = new BlackLister($redis); $isAjax = isset($isAjax) && $auth->isAjax() ? true : false; $pdo = new PDOSingleton(); $userName = !empty($userName) ? $userName : null; $password = !empty($password) ? $password : null; $userName || ($errors[] = "No username was sent over."); $password || ($errors[] = "No password was sent over."); if (empty($errors)) { $models = new stdClass(); $models->pdo = $pdo; $models->redis = $redis; $models->errorRunner = $errorRunner; $models->blackList = $blackList;
<?php require_once dirname(dirname(__DIR__)) . DIRECTORY_SEPARATOR . "partials/header.php"; use security\Controllers\Corporate\ViewCorporateOrdersController; use security\Models\Authenticator\Authenticate; use security\Models\Authenticator\BlackLister; use security\Models\Authenticator\CheckAuth; use security\Models\ErrorRunner; use security\Models\PDOSingleton; use security\Models\RedisSingleton; use security\Models\Router\Router; use security\Models\SiteLogger\FullLog; $router = new Router(__DIR__); $rootPath = $router->rootPath; $auth = new Authenticate(); $redis = new RedisSingleton(); $errorRunner = new ErrorRunner(); $logger = new FullLog('Corporate View Page'); $checkAuth = new CheckAuth($logger); $blackList = new BlackLister($redis); $isCorporate = $checkAuth->isCorporate(); $router = new Router(__DIR__); $rootPath = $router->rootPath; $userType = PDOSingleton::CORPORATEUSER; if ($checkAuth->isAdmin()) { $userType = PDOSingleton::ADMINUSER; } $pdo = new PDOSingleton($userType); $orderID = !empty($_GET['order']) ? $auth->cInt($_GET['order']) : null; $employeeID = !empty($_SESSION['employeeid']) ? $auth->cInt($_SESSION['employeeid']) : null; if (!$isCorporate) {
$this->model = new CorporateLogin($models); } public function checkUser() { $this->data = $this->model->checkUser($this->userName, $this->password); } public function jsonSerialize() { return $this->data; } } if (isset($_POST['submit']) || isset($_GET['submit'])) { extract($_POST); extract($_GET); $errors = []; $auth = new Authenticate(); $errorRunner = new ErrorRunner(); $redis = new RedisSingleton(); $blackList = new BlackLister($redis); $isAjax = isset($isAjax) && $auth->isAjax() ? true : false; $pdo = new PDOSingleton(PDOSingleton::CORPORATEUSER); $logger = new FullLog('Corporate Login'); $logger->serverData(); $userName = !empty($userName) ? $auth->cleanString($userName) : null; $password = !empty($password) ? $password : null; $action = !empty($action) ? $auth->cleanString($action) : null; $userName || ($errors[] = "No email was sent over."); $password || ($errors[] = "No password was sent over."); if (empty($errors)) { $modelObjects = new StdClass(); $modelObjects->pdo = $pdo;
private $orderID; private $orderModel; private $orderData; public function __construct(stdClass $models, stdClass $orderData) { $this->orderModel = new CorporateEditOrder($models, $orderData); } public function updateOrder() { $this->data = $this->orderModel->updateOrder(); } } if (isset($_POST['submit']) || isset($_GET['submit'])) { extract($_POST); extract($_GET); $auth = new Authenticate(); $isAjax = isset($isAjax) && $auth->isAjax() ? true : false; $errors = []; $logger = new FullLog('Corporate Viewing Orders'); $logger->serverData(); $checkAuth = new CheckAuth($logger); $isAdmin = $checkAuth->isAdmin(); $pdo = null; if ($isAdmin) { $pdo = new PDOSingleton(PDOSingleton::ADMINUSER); } if (!$isAdmin) { $errors[] = "Only an admin can update orders."; } $errorRunner = new ErrorRunner(); $orderID = !empty($_SESSION['orderID']) ? $auth->cInt($_SESSION['orderID']) : null;
private $customerData; public function __construct(stdClass $models, stdClass $customer) { parent::__construct($models); $this->customer = new EditCustomer($models, $customer); } public function editCustomer() { $this->data = $this->customer->editCustomer($this->editData); } } if (isset($_POST['submit']) || isset($_GET['submit'])) { // Add a PDOSingleton User here. extract($_GET); extract($_POST); $auth = new Authenticate(); $isAjax = isset($isAjax) && $auth->isAjax() ? true : false; $pdo = new PDOSingleton(); $errorRunner = new ErrorRunner(); $logger = new FullLog('Customer Editing Account'); $logger->serverData(); $checkAuth = new CheckAuth($logger); $redis = new RedisSingleton(); $errors = []; extract($_POST); $username = !empty($username) ? $auth->cleanString($username) : null; $password = !empty($password) ? $password : null; $newpassword = !empty($newpassword) ? $newpassword : null; $newpasswordConfirm = !empty($newpasswordConfirm) ? $newpasswordConfirm : null; $email = !empty($email) ? $auth->vEmail($email) : null; $address = !empty($address) ? $auth->cleanString($address) : null;