Projekt

Obecné

Profil

« Předchozí | Další » 

Revize 584

Přidáno uživatelem Jiří Sviták před téměř 15 roky(ů)

Optimalizace funkce cancel v presmerovani - nepatrne zlepseni rychlosti. Opravena klimova chyba, ktera znemoznovala pouziti Freenetisu v pripade vypadku DNS. Opravy bezpecnostnich chyb v kontrolerech.

Zobrazit rozdíly:

freenetis/trunk/kohana/application/i18n/cs_CZ/texts.php
'wrong password' => 'Špatné heslo',
'year' => 'Rok',
'yes' => 'ano',
'you are in debt' => 'Máte dluh',
'you have been successfully logged out' => 'Byl jste úspěšně odhlášen.',
'you have no permission to access redirection' => 'Nemáte práva k zobrazení přesměrování',
'you have no permission to delete redirection' => 'Nemáte práva ke smazání přesměrování',
freenetis/trunk/kohana/application/models/member.php
}
/**
* Function gets fee information of member. Member is specified by his credit account id.
* Fee information is needed for member fee deducting.
* @param $account_id
* @return unknown_type
*/
// absolete
/*
public function get_fee_information($account_id)
{
return self::$db->query('SELECT entrance_date, leaving_date, type
FROM members m
JOIN accounts a ON a.member_id = m.id
WHERE a.id = '.$account_id
)->current();
}
*/
/**
* Function sets redirection to members, who have to pay their member fee soon
* or their's credit account will be negative. Used in scheduler/run.
* @author Jiri Svitak
* @param $low_amount low boundary of interval
* @param $high_amount high boundary of interval
* @return unknown_type
*/
public function update_payment_notice($lower_amount, $upper_amount)
public function update_payment_notice($low_amount, $high_amount)
{
// preparation
self::$db->query("UPDATE members SET redirect = redirect & ~4;");
......
GROUP BY q2.aid
) q3
SET m.redirect = m.redirect | 4
WHERE m.id = q3.mid AND $lower_amount < (q3.inbound - q3.outbound) AND (q3.inbound - q3.outbound) < $upper_amount
WHERE m.id = q3.mid AND $low_amount < (q3.inbound - q3.outbound) AND (q3.inbound - q3.outbound) < $high_amount
");
}
freenetis/trunk/kohana/application/controllers/members.php
Controller::warning(PARAMETER);
if(!$this->acl_check_view(get_class($this),'members',$member_id))
Controller::error(ACCESS);
if (!is_numeric($member_id))
Controller::error(RECORD);
$model_members = new Member_Model();
if (count($model_members->get_member($member_id)) == 0)
Controller::error(RECORD);
freenetis/trunk/kohana/application/controllers/device_engineers.php
Controller::error(ACCESS);
if (!isset($device_id))
Controller::warning(PARAMETER);
$ssDevice_id = $this->session->get('ssDevice_id');
$device = new Device_Model($device_id);
if ($device->id == 0)
Controller::error(RECORD);
$user_model = new User_Model();
$Device_engineer_Model = new Device_engineer_Model();
if($ssDevice_id)
$engineers = $Device_engineer_Model->find_all_by_device_id($device_id);
else
$engineers = array();
$de_model = new Device_engineer_Model();
$engineers = $de_model->find_all_by_device_id($device_id);
$users = $user_model->find_all();
foreach($users as $user)
{
......
Controller::error(ACCESS);
if (!isset($rel_id))
Controller::warning(PARAMETER);
$ssDevice_id = $this->session->get('ssDevice_id');
if (!is_numeric($rel_id))
Controller::error(RECORD);
$device_engineer_model = new Device_engineer_Model($rel_id);
if ($device_engineer_model->id == 0)
Controller::error(RECORD);
$device_id = $device_engineer_model->device_id;
$linkback = url_lang::base()."devices/show/$device_id";
$relations = $device_engineer_model->get_device_engineers($device_id);
freenetis/trunk/kohana/application/controllers/transfers.php
{
if (!isset($transfer_id))
Controller::warning(PARAMETER);
//$account_model = new Account_Model();
if (!is_numeric($transfer_id))
Controller::error(RECORD);
$transfer_model = new Transfer_Model();
$transfer = $transfer_model->get_transfer($transfer_id);
if (!is_object($transfer))
freenetis/trunk/kohana/application/controllers/subnets.php
* @param $subnet_id
* @return unknown_type
*/
function show($subnet_id)
function show($subnet_id = NULL)
{
if (!isset($subnet_id))
Controller::warning(PARAMETER);
freenetis/trunk/kohana/application/controllers/device_admins.php
<?php
class Device_admins_Controller extends Controller {
class Device_admins_Controller extends Controller
{
function edit($device_id = NULL)
{
function edit($device_id = NULL)
{
if (!$this->acl_check_new('Devices_Controller', 'admin'))
Controller::error(ACCESS);
Controller::error(ACCESS);
if (!isset($device_id))
Controller::warning(PARAMETER);
//kontrola jestli je paramets cislo
if (!is_numeric($device_id))
Controller::error(4);
Controller::warning(PARAMETER);
//kontrola jestli je paramets cislo
if (!is_numeric($device_id))
Controller::error(RECORD);
//kontrola existence cisla zarizeni
$device = new Device_Model($device_id);
if ($device->id == 0)
Controller::error(4);
//kontrola existence cisla zarizeni
$device = new Device_Model($device_id);
if ($device->id == 0)
Controller::error(RECORD);
$model_aro = new Aro_Model();
$model_aro = new Aro_Model();
//po zmacknuti tlacitka X se nastavi filtr na NULL
if ($this->input->post('search_system_clear'))
$search_system_input = NULL;
else
$search_system_input = $this->input->post('search_system_input');
//po zmacknuti tlacitka X se nastavi filtr na NULL
if ($this->input->post('search_system_clear'))
$search_system_input = NULL;
else
$search_system_input = $this->input->post('search_system_input');
//po zmacknuti tlacitka X se nastavi filtr na NULL
if ($this->input->post('search_group_clear'))
$search_group_input = NULL;
else
$search_group_input = $this->input->post('search_group_input');
//po zmacknuti tlacitka X se nastavi filtr na NULL
if ($this->input->post('search_group_clear'))
$search_group_input = NULL;
else
$search_group_input = $this->input->post('search_group_input');
//pridani uzivatele do skupiny
if ($this->input->post('add') != NULL && $this->input->post('system_users') != NULL)
{
$aro_id = implode("" ,$this->input->post('system_users'));
//pridani uzivatele do skupiny
if ($this->input->post('add') != NULL && $this->input->post('system_users') != NULL)
{
$aro_id = implode("" ,$this->input->post('system_users'));
$device_admin = ORM::factory('device_admin')->where(array('device_id' => $device_id, 'user_id' => $aro_id))->find();
if ($device_admin->id == 0)
{
if ($device_admin->id == 0)
{
$device_admin = ORM::factory('device_admin');
$device_admin->device_id = $device_id;
$device_admin->user_id = $aro_id;
$device_admin->save();
}
}
}
//odebrani uzivatele ze skupiny
if ($this->input->post('remove') != NULL && $this->input->post('group_users') != NULL)
{
$aro_id = implode("" ,$this->input->post('group_users'));
//odebrani uzivatele ze skupiny
if ($this->input->post('remove') != NULL && $this->input->post('group_users') != NULL)
{
$aro_id = implode("" ,$this->input->post('group_users'));
$device_admin = ORM::factory('device_admin')->where(array('device_id' => $device_id, 'user_id' => $aro_id))->find();
if ($device_admin->id != 0)
{
if ($device_admin->id != 0)
{
$device_admin->delete();
}
}
}
//nacteni dat z databaze a filtrem nebo bez
if ($search_system_input != NULL)
$users1 = $model_aro->get_all_not_in_from_device_admins_by_aro_group_id($device_id, $search_system_input);
else
$users1 = $model_aro->get_all_not_in_from_device_admins_by_aro_group_id($device_id);
//nacteni dat z databaze a filtrem nebo bez
if ($search_system_input != NULL)
$users1 = $model_aro->get_all_not_in_from_device_admins_by_aro_group_id($device_id, $search_system_input);
else
$users1 = $model_aro->get_all_not_in_from_device_admins_by_aro_group_id($device_id);
//nacteni dat z databaze a filtrem nebo bez
if ($search_group_input != NULL)
$users2 = $model_aro->get_all_from_device_admins_by_aro_group_id($device_id, $search_group_input);
else
$users2 = $model_aro->get_all_from_device_admins_by_aro_group_id($device_id);
//nacteni dat z databaze a filtrem nebo bez
if ($search_group_input != NULL)
$users2 = $model_aro->get_all_from_device_admins_by_aro_group_id($device_id, $search_group_input);
else
$users2 = $model_aro->get_all_from_device_admins_by_aro_group_id($device_id);
//osetruje stav kdy v zadne skupine neni zadny uzivatel. Teoreticky nikdy nenastane
//if (($users1->count() == 0) && ($users2->count() == 0))
// Controller::error(4);
//osetruje stav kdy v zadne skupine neni zadny uzivatel. Teoreticky nikdy nenastane
//if (($users1->count() == 0) && ($users2->count() == 0))
// Controller::error(4);
//generovani system dropboxu
if ($users1->count() == 0)
{
$system_users_select = form::dropdown(array('name' => 'system_users[]','size' => 20, 'style'=>'width:250px'));
}
else
{
foreach($users1 as $user1)
{
$system_users[$user1->id] = $user1->name;
}
$system_users_select = form::dropdown(array('name' => 'system_users[]','size' => 20, 'style'=>'width:250px'), $system_users);
//generovani system dropboxu
if ($users1->count() == 0)
{
$system_users_select = form::dropdown(array('name' => 'system_users[]','size' => 20, 'style'=>'width:250px'));
}
else
{
foreach($users1 as $user1)
{
$system_users[$user1->id] = $user1->name;
}
$system_users_select = form::dropdown(array('name' => 'system_users[]','size' => 20, 'style'=>'width:250px'), $system_users);
}
}
//generovani system searchboxu
$system_users_search_box = '<table><tr><td>'.form::input('search_system_input', $search_system_input, 'style="width:175px;"').'</td><td>'.form::submit('search_system_submit', url_lang::lang('texts.Search'), 'style="width:50px;"').'</td><td>'.(($search_system_input == NULL )?'':form::submit('search_system_clear', 'X', 'style="width:18px;"')).'</td></tr></table>';
//generovani system searchboxu
$system_users_search_box = '<table><tr><td>'.form::input('search_system_input', $search_system_input, 'style="width:175px;"').'</td><td>'.form::submit('search_system_submit', url_lang::lang('texts.Search'), 'style="width:50px;"').'</td><td>'.(($search_system_input == NULL )?'':form::submit('search_system_clear', 'X', 'style="width:18px;"')).'</td></tr></table>';
//generovani group dropboxu
if ($users2->count()==0)
{
$group_users_select = form::dropdown(array('name' => 'group_users[]','size' => 20, 'style'=>'width:250px'));
}
else
{
foreach($users2 as $user2)
{
$group_users[$user2->id] = $user2->name;
}
//generovani group dropboxu
if ($users2->count()==0)
{
$group_users_select = form::dropdown(array('name' => 'group_users[]','size' => 20, 'style'=>'width:250px'));
}
else
{
foreach($users2 as $user2)
{
$group_users[$user2->id] = $user2->name;
}
$group_users_select = form::dropdown(array('name' => 'group_users[]','size' => 20, 'style'=>'width:250px'), $group_users);
}
$group_users_select = form::dropdown(array('name' => 'group_users[]','size' => 20, 'style'=>'width:250px'), $group_users);
}
//generovani group searchboxu
$group_users_search_box = '<table><tr><td>'.form::input('search_group_input', $search_group_input, 'style="width:175px;"').'</td><td>'.form::submit('search_group_submit', url_lang::lang('texts.Search'), 'style="width:50px;"').'</td><td>'.(($search_group_input == NULL )?'':form::submit('search_group_clear', 'X', 'style="width:18px;"')).'</td></tr></table>';
//generovani group searchboxu
$group_users_search_box = '<table><tr><td>'.form::input('search_group_input', $search_group_input, 'style="width:175px;"').'</td><td>'.form::submit('search_group_submit', url_lang::lang('texts.Search'), 'style="width:50px;"').'</td><td>'.(($search_group_input == NULL )?'':form::submit('search_group_clear', 'X', 'style="width:18px;"')).'</td></tr></table>';
//tlacitka pro manipulaci
$add_button = form::submit('add', url_lang::lang('texts.Add').' ►', 'style="width:80px;"');
//tlacitka pro manipulaci
$add_button = form::submit('add', url_lang::lang('texts.Add').' ►', 'style="width:80px;"');
$remove_button = form::submit('remove', '◄ '.url_lang::lang('texts.Remove'), 'style="width:80px;"');
$remove_button = form::submit('remove', '◄ '.url_lang::lang('texts.Remove'), 'style="width:80px;"');
$headline = url_lang::lang('texts.Edit device admin').': '.url_lang::lang('texts.'.$device->name);
$view = new View('main');
$headline = url_lang::lang('texts.Edit device admin').': '.url_lang::lang('texts.'.$device->name);
$view = new View('main');
$view->title = $headline;
$view->content = new View('device_admins/edit_device_admins');
$view->content->headline = $headline;
$view->content->headline = $headline;
$view->content->device_id = $device_id;
$view->content->system_users_select = $system_users_select;
$view->content->system_users_search_box = $system_users_search_box;
$view->content->group_users_select = $group_users_select;
$view->content->group_users_search_box = $group_users_search_box;
$view->content->add_button = $add_button;
$view->content->remove_button = $remove_button;
$view->render(TRUE);
}
$view->content->system_users_select = $system_users_select;
$view->content->system_users_search_box = $system_users_search_box;
$view->content->group_users_select = $group_users_select;
$view->content->group_users_search_box = $group_users_search_box;
$view->content->add_button = $add_button;
$view->content->remove_button = $remove_button;
$view->render(TRUE);
}
}
?>
freenetis/trunk/kohana/application/controllers/redirect.php
// member can cancel optional message and payment notice
if ($redir == 8 || $redir == 4)
{
// previous version
/*
$ip_address = ORM::factory('ip_address')->find_by_ip_address(server::remote_addr());
$member = new Member_Model($ip_address->iface->device->user->member_id);
$member->redirect &= ~(int) $redir;
$member->redirect &= 15;
$member->save();
*/
// other possible solution
/*
$db = new Database();
$db->query("
UPDATE members m,
(
SELECT m2.id FROM members m2
JOIN users u ON u.member_id = m2.id
JOIN devices d ON d.user_id = u.id
JOIN ifaces i ON i.device_id = d.id
JOIN ip_addresses ip ON ip.iface_id = i.id
WHERE ip.ip_address = '".server::remote_addr()."'
) q
SET m.redirect = m.redirect & ~$redir
WHERE q.id = m.id
");
*/
// fastest query, found out by apache benchmark
$db->query("
UPDATE members m,
(
SELECT member_id
FROM users
WHERE id =
(
SELECT user_id
FROM devices
WHERE id =
(
SELECT device_id
FROM ifaces
WHERE id =
(
SELECT iface_id
FROM ip_addresses
WHERE ip_address = '".server::remote_addr()."'
)
)
)
) q
SET m.redirect = m.redirect & ~$redir
WHERE q.id = m.id
");
url::redirect(url_lang::base().'redirect');
}
else
......
echo "$subnet->range\n";
}
break;
// special list of ip addresses - some ip addresses are never redirected
// now it is useless - whitelisted ip addresses can be added to allowed ip addresses
case 'partners':
break;
// pokus
case 'pokus':
echo "10.243.128.2\n10.243.128.3\n";
break;
}
}
freenetis/trunk/kohana/application/controllers/bank_transfers.php
Controller::error(ACCESS);
if (!isset($trans_id))
Controller::warning(PARAMETER);
if (!is_numeric($trans_id))
Controller::error(RECORD);
$accounts = ORM::factory('account')->find_all_by_account_attribute_id(Account_attribute_Model::$credit);
foreach ($accounts as $account)
{
......
$bt_model = new Bank_transfer_Model();
$bt = $bt_model->get_bank_transfer($trans_id);
if (!is_object($bt))
Controller::error(RECORD);
$fee_model = new Fee_Model();
// penalty
$fee1 = $fee_model->get_by_date_type($bt->datetime, 'penalty');
freenetis/trunk/kohana/application/controllers/ip_addresses.php
$ip_address = new ip_address_Model($ip_address_id);
if ($ip_address->iface_id)
$member_id = $ip_address->iface->device->user->member_id;
elseif ($ip_address->vlan_iface_id)
$member_id = $ip_address->vlan_iface->iface->device->user->member_id;
else
$member_id = $ip_address->vlan_iface->iface->device->user->member_id;
Controller::error(RECORD);
if ($ip_address->id == 0)
Controller::warning(RECORD);
if (!$this->acl_check_view('Devices_Controller','ip_address',$member_id))
freenetis/trunk/kohana/application/controllers/bank_accounts.php
// adding bank account
if ($this->acl_check_new('Accounts_Controller', 'bank_accounts'))
$baa_grid->add_new_button(url_lang::base().'bank_accounts/add/1', url_lang::lang('texts.Add new bank account of association'));
// csv file templates for bank listings
// csv file templates for bank listings - not finished yet
/*
if ($this->acl_check_view('Accounts_Controller', 'bank_transfers'))
$baa_grid->add_new_button(url_lang::base().'bank_templates/show_all', url_lang::lang('texts.CSV file templates'));
$baa_grid->add_new_button(url_lang::base().'bank_templates/show_all', url_lang::lang('texts.CSV file templates'));
*/
$baa_grid->field('id')->label(url_lang::lang('texts.ID'));
$baa_grid->field('baname')->label(url_lang::lang('texts.Account name'));
$baa_grid->field('account_number')->label(url_lang::lang('texts.Account number'));
freenetis/trunk/kohana/application/controllers/scheduler.php
*/
public function run()
{
$ip = server::remote_addr();
echo $ip;
if ($ip != '212.111.30.120')
// script needs to be run from its server machine
if (server::remote_addr() != server::server_addr())
die();
$member_model = new Member_Model();
......
echo $this->profiler->render(true);
*/
// redirection of 'should-pay' members
// monday nine o'clock and wednesday nine o'clock
if ((date('w') == '1' && date('H:i') == '09:00') ||
(date('w') == '3' && date('H:i') == '09:00'))
// automatic redirection of 'should-pay' members
// tuesday nine o'clock and thursday nine o'clock (0 - sunday, 1 - monday, etc.)
if ((date('w') == '2' && date('H:i') == '09:00') ||
(date('w') == '4' && date('H:i') == '09:00'))
{
/*
$fee_model = new Fee_Model();
freenetis/trunk/kohana/application/controllers/invoices.php
{
// access rights
if (!$this->acl_check_view('Accounts_Controller','invoices'))
Controller::Error(1);
Controller::Error(ACCESS);
// gets new selector
if (is_numeric($this->input->get('record_per_page')))
......
{
// access rights
if (!$this->acl_check_new('Accounts_Controller','invoices'))
Controller::Error(1);
Controller::Error(ACCESS);
// types of supported formats
$types = array('ed' => url_lang::lang('texts.ED invoice in XML'), 'pohoda' => 'Pohoda invoice in HTML');
......
{
// access rights
if (!$this->acl_check_new('Accounts_Controller','invoices'))
Controller::Error(1);
Controller::Error(ACCESS);
$member_model = new Member_Model();
$members = $member_model->find_all();
......
// access rights
if (!$this->acl_check_edit('Accounts_Controller','invoices'))
Controller::Error(1);
Controller::Error(ACCESS);
$invoice = new Invoice_Model($invoice_id);
freenetis/trunk/kohana/application/views/members_show.php
if (!$former && $this->acl_check_edit('Members_Controller', 'redirect', $member_data->member_id))
$links[] = html::anchor(url_lang::base().'redirect/member/'.$member_data->member_id, url_lang::lang('texts.Redirection'));
$links[] = html::anchor(url_lang::base().'members/registration_export/'.$member_data->member_id, url_lang::lang('texts.Export of registration'));
$links[] = html::anchor(url_lang::base().'members/registration_export/'.$member_data->member_id, url_lang::lang('texts.Registration'));
echo implode (' | ', $links)
?>
freenetis/trunk/kohana/application/views/main.php
</tr>
<tr>
<td class="orange"><?php echo url_lang::lang('texts.IP address').':' ?></td>
<td class="bold">&nbsp;<?php echo server::remote_addr() ?><?php echo ($ptr_record = dns::get_ptr_record(server::remote_addr()))!='' ? ' <i>('.$ptr_record.')</i>' : '' ?></td>
<td class="bold">&nbsp;
<?php echo server::remote_addr() ?>
<?php
// v pripade vypadku dns nefunguje kvuli tomuto cely freenetis, domenove jmena stejne neni nutne zobrazovat
// echo ($ptr_record = dns::get_ptr_record(server::remote_addr()))!='' ? ' <i>('.$ptr_record.')</i>' : ''
?>
</td>
</tr>
</table>
</div>

Také k dispozici: Unified diff