+
-
-
Login mail
-
Login phone
+
+
-
diff --git a/js/vn/vn.js b/js/vn/vn.js
index ebfd652a..833db179 100644
--- a/js/vn/vn.js
+++ b/js/vn/vn.js
@@ -16,7 +16,7 @@ var Vn =
{
if (this._version === undefined)
{
- var re = /[; ]hedera_version=([^\\s;]*)/;
+ var re = /[; ]vn_version=([^\\s;]*)/;
var sMatch = (' '+ document.cookie).match (re);
this._version = (sMatch) ? '?'+ unescape (sMatch[1]) : '';
}
diff --git a/rest/core/log.php b/rest/core/log.php
index 0ee55b8d..4e7a19a7 100755
--- a/rest/core/log.php
+++ b/rest/core/log.php
@@ -4,23 +4,15 @@ require_once ('vn/web/json-request.php');
class Log extends Vn\Web\JsonRequest
{
+ const PARAMS = [
+ 'file'
+ ,'line'
+ ,'message'
+ ,'stack'
+ ];
+
function run ()
- {
- try {
- $this->login ();
- }
- catch (Exception $e) {}
-
- $params = [
- 'file'
- ,'line'
- ,'message'
- ,'stack'
- ];
-
- if (!$this->checkParams ($_REQUEST, $params))
- return FALSE;
-
+ {
$user = isset ($_SESSION['user']) ? $_SESSION['user'] : 'guest';
error_log (sprintf ("Javascript: User: %s: %s(%d): %s.\n%s"
,$user
diff --git a/rest/core/login.php b/rest/core/login.php
index bdd4862f..d078d4c3 100755
--- a/rest/core/login.php
+++ b/rest/core/login.php
@@ -6,7 +6,6 @@ class Login extends Vn\Web\JsonRequest
{
function run ()
{
- $this->login ();
$this->updateCredentials ();
return TRUE;
}
diff --git a/rest/core/logout.php b/rest/core/logout.php
index 707123f9..13497cf2 100755
--- a/rest/core/logout.php
+++ b/rest/core/logout.php
@@ -6,7 +6,6 @@ class Logout extends Vn\Web\JsonRequest
{
function run ()
{
- $this->login ();
$this->logout ();
return TRUE;
}
diff --git a/rest/core/query.php b/rest/core/query.php
index 31cd7bee..38cc048d 100755
--- a/rest/core/query.php
+++ b/rest/core/query.php
@@ -6,13 +6,10 @@ use Vn\Lib;
class Query extends Vn\Web\JsonRequest
{
- function run ()
- {
- $db = $this->login ();
-
- if (empty ($_REQUEST['sql']))
- throw new Lib\Exception (s('EmptyQuery'), 'emptyQuery');
+ const PARAMS = ['sql'];
+ function run ($db)
+ {
$results = [];
try {
@@ -23,101 +20,16 @@ class Query extends Vn\Web\JsonRequest
if ($result !== FALSE)
{
- $tableMap = [];
- $columns = $result->fetch_fields ();
-
- $resultMap =
- [
- 'data' => [],
- 'columns' => [],
- 'tables' => []
- ];
-
- for ($i = 0; $i < $result->field_count; $i++)
- {
- $column = $columns[$i];
-
- switch ($column->type)
- {
- case MYSQLI_TYPE_BIT:
- $type = TYPE_BOOLEAN;
- break;
- case MYSQLI_TYPE_TINY:
- case MYSQLI_TYPE_SHORT:
- case MYSQLI_TYPE_LONG:
- case MYSQLI_TYPE_LONGLONG:
- case MYSQLI_TYPE_INT24:
- case MYSQLI_TYPE_YEAR:
- $type = TYPE_INTEGER;
- break;
- case MYSQLI_TYPE_FLOAT:
- case MYSQLI_TYPE_DOUBLE:
- case MYSQLI_TYPE_DECIMAL:
- case MYSQLI_TYPE_NEWDECIMAL:
- $type = TYPE_DOUBLE;
- break;
- case MYSQLI_TYPE_DATE:
- $type = TYPE_DATE;
- break;
- case MYSQLI_TYPE_DATETIME:
- case MYSQLI_TYPE_TIMESTAMP:
- $type = TYPE_DATE_TIME;
- break;
- default;
- $type = TYPE_STRING;
- }
-
- if (!isset ($tableMap[$column->table]))
- {
- $resultMap['tables'][] =
- [
- 'name' => $column->table,
- 'orgname' => $column->orgtable,
- 'schema' => $column->db,
- 'pks' => []
- ];
- $tableIndex = count ($resultMap['tables']) - 1;
- $tableMap[$column->table] = $tableIndex;
- }
- else
- $tableIndex = $tableMap[$column->table];
-
- if ($column->flags & MYSQLI_PRI_KEY_FLAG)
- $resultMap['tables'][$tableIndex]['pks'][] = $i;
-
- $default = $this->castValue ($column->def, $type);
-
- $resultMap['columns'][] =
- [
- 'type' => $type,
- 'flags' => $column->flags,
- 'def' => $default,
- 'name' => $column->name,
- 'orgname' => $column->orgname,
- 'table' => $tableIndex
- ];
- }
-
- $columns = $resultMap['columns'];
-
- while ($row = $result->fetch_row ())
- {
- for ($j = 0; $j < $result->field_count; $j++)
- $this->castValue ($row[$j], $columns[$j]['type']);
-
- $resultMap['data'][] = $row;
- }
-
- $results[] = $resultMap;
+ $results[] = $this->transformResult ($result);
$result->free ();
}
else
$results[] = TRUE;
}
while ($db->moreResults () && $db->nextResult ());
-
+
// Checks for warnings
-
+
if ($db->checkWarnings ()
&& ($result = $db->query ('SHOW WARNINGS')))
{
@@ -133,7 +45,7 @@ class Query extends Vn\Web\JsonRequest
trigger_error ("${row['Code']}: ${row['Message']}", E_USER_WARNING);
}
}
-
+
// Checks for errors
$db->checkError ();
@@ -173,7 +85,103 @@ class Query extends Vn\Web\JsonRequest
return $results;
}
+
+ /**
+ * Transforms the database result into a JSON parseable array.
+ **/
+ function transformResult ($result)
+ {
+ $tableMap = [];
+ $columns = $result->fetch_fields ();
+
+ $resultMap =
+ [
+ 'data' => [],
+ 'columns' => [],
+ 'tables' => []
+ ];
+ for ($i = 0; $i < $result->field_count; $i++)
+ {
+ $column = $columns[$i];
+
+ switch ($column->type)
+ {
+ case MYSQLI_TYPE_BIT:
+ $type = TYPE_BOOLEAN;
+ break;
+ case MYSQLI_TYPE_TINY:
+ case MYSQLI_TYPE_SHORT:
+ case MYSQLI_TYPE_LONG:
+ case MYSQLI_TYPE_LONGLONG:
+ case MYSQLI_TYPE_INT24:
+ case MYSQLI_TYPE_YEAR:
+ $type = TYPE_INTEGER;
+ break;
+ case MYSQLI_TYPE_FLOAT:
+ case MYSQLI_TYPE_DOUBLE:
+ case MYSQLI_TYPE_DECIMAL:
+ case MYSQLI_TYPE_NEWDECIMAL:
+ $type = TYPE_DOUBLE;
+ break;
+ case MYSQLI_TYPE_DATE:
+ $type = TYPE_DATE;
+ break;
+ case MYSQLI_TYPE_DATETIME:
+ case MYSQLI_TYPE_TIMESTAMP:
+ $type = TYPE_DATE_TIME;
+ break;
+ default;
+ $type = TYPE_STRING;
+ }
+
+ if (!isset ($tableMap[$column->table]))
+ {
+ $resultMap['tables'][] =
+ [
+ 'name' => $column->table,
+ 'orgname' => $column->orgtable,
+ 'schema' => $column->db,
+ 'pks' => []
+ ];
+ $tableIndex = count ($resultMap['tables']) - 1;
+ $tableMap[$column->table] = $tableIndex;
+ }
+ else
+ $tableIndex = $tableMap[$column->table];
+
+ if ($column->flags & MYSQLI_PRI_KEY_FLAG)
+ $resultMap['tables'][$tableIndex]['pks'][] = $i;
+
+ $default = $this->castValue ($column->def, $type);
+
+ $resultMap['columns'][] =
+ [
+ 'type' => $type,
+ 'flags' => $column->flags,
+ 'def' => $default,
+ 'name' => $column->name,
+ 'orgname' => $column->orgname,
+ 'table' => $tableIndex
+ ];
+ }
+
+ $columns = $resultMap['columns'];
+
+ while ($row = $result->fetch_row ())
+ {
+ for ($j = 0; $j < $result->field_count; $j++)
+ $this->castValue ($row[$j], $columns[$j]['type']);
+
+ $resultMap['data'][] = $row;
+ }
+
+ return $resultMap;
+ }
+
+ /**
+ * Transforms the database value into a JSON parseable value.
+ **/
function castValue (&$value, $type)
{
if ($value !== NULL)
@@ -202,6 +210,7 @@ class Query extends Vn\Web\JsonRequest
break;
}
}
+
}
?>
diff --git a/rest/core/recover-password.php b/rest/core/recover-password.php
new file mode 100755
index 00000000..92e8a8b3
--- /dev/null
+++ b/rest/core/recover-password.php
@@ -0,0 +1,66 @@
+getValue (
+ 'SELECT active FROM account.user WHERE name = #',
+ [$_REQUEST['user']]);
+
+ if (!$isEnabled)
+ return TRUE;
+
+ $restrictions = $db->getRow (
+ 'SELECT length, nupper, ndigits, npunct FROM account.user_password');
+
+ $pass = [];
+ $newPass = '';
+
+ $nAlpha = $restrictions['length'] - (
+ $restrictions['nupper'] +
+ $restrictions['ndigits'] +
+ $restrictions['npunct']);
+
+ $this->genRands ($pass, self::LOWERS, $nAlpha);
+ $this->genRands ($pass, self::UPPERS, $restrictions['nupper']);
+ $this->genRands ($pass, self::DIGITS, $restrictions['ndigits']);
+ $this->genRands ($pass, self::SYMBOLS, $restrictions['npunct']);
+
+ for ($i = count ($pass) - 1; $i >= 0; $i--)
+ {
+ $rand = rand (0, $i);
+ $newPass .= $pass[$rand];
+ array_splice ($pass, $rand, 1);
+ }
+
+ // XXX: Debug
+ error_log ($newPass);
+ return TRUE;
+
+ $db->query (
+ 'UPDATE account.user SET password = # WHERE name = #',
+ [$randomPass, $_REQUEST['user']]);
+
+ return TRUE;
+ }
+
+ function genRands (&$pass, $chars, $max)
+ {
+ $len = strlen ($chars) - 1;
+
+ for ($i = 0; $i < $max; $i++)
+ $pass[] = $chars[rand (0, $len)];
+ }
+}
+
+?>
diff --git a/rest/dms/add.php b/rest/dms/add.php
index 37a0d08c..a5872d8c 100644
--- a/rest/dms/add.php
+++ b/rest/dms/add.php
@@ -14,7 +14,6 @@ class Add extends Vn\Web\JsonRequest
// XXX: Uncomment only to test the script
//$_REQUEST['description'] = 'description';
- $this->login ();
$db = $this->getSysConn ();
$description = empty ($_REQUEST['description']) ?
diff --git a/rest/dms/invoice.php b/rest/dms/invoice.php
index 65a726fc..979a8a73 100644
--- a/rest/dms/invoice.php
+++ b/rest/dms/invoice.php
@@ -5,13 +5,10 @@ require_once ('vn/web/util.php');
class Invoice extends Vn\Web\RestRequest
{
- function run ()
+ const PARAMS = ['invoice'];
+
+ function run ($db)
{
- $db = $this->login ();
-
- if (empty ($_REQUEST['invoice']))
- throw new Exception (s('Invoice id not sent'));
-
$pdfPath = $db->getValueFromFile (__DIR__ .'/invoice',
['invoice' => (int) $_GET['invoice']]);
diff --git a/rest/image/image.php b/rest/image/image.php
index 8fbd145d..c773aaac 100755
--- a/rest/image/image.php
+++ b/rest/image/image.php
@@ -24,10 +24,10 @@ class Image
$image = imagecreatefromgif ($srcFile);
break;
default:
- throw new Exception (s('Bad file format'), 'badFileFormat');
+ throw new Exception (s('Bad file format'));
}
else
- throw new Exception (s('Image open error'), 'openError');
+ throw new Exception (s('Image open error'));
return $image;
}
@@ -138,7 +138,7 @@ class Image
}
if (!$saved)
- throw new Exception (sprintf (s('File save error: %s'), $dstFile), 'saveError');
+ throw new Exception (sprintf (s('File save error: %s'), $dstFile));
}
}
diff --git a/rest/image/resize.php b/rest/image/resize.php
index ea42c18c..3092861d 100644
--- a/rest/image/resize.php
+++ b/rest/image/resize.php
@@ -14,21 +14,22 @@ require_once (__DIR__.'/lib.php');
**/
class Resize extends Vn\Lib\Method
{
+ const PARAMS = [
+ 'src_dir'
+ ,'dst_dir'
+ ,'max_height'
+ ,'max_Width'
+ ,'rewrite'
+ ,'crop'
+ ,'symbolic'
+ ];
+
function run ()
{
- $params = [
- 'src_dir'
- ,'dst_dir'
- ,'max_height'
- ,'max_Width'
- ,'rewrite'
- ,'crop'
- ,'symbolic'
- ];
$options = getopt ('', $params);
- if (!$this->checkParams ($options, $params)
+ if (!$this->checkParams ($options, self::PARAMS)
$this->usage ();
$srcDir = $options['src_dir'];
diff --git a/rest/image/upload.php b/rest/image/upload.php
index 28c03e20..7ab9a119 100755
--- a/rest/image/upload.php
+++ b/rest/image/upload.php
@@ -4,15 +4,15 @@ require_once ('vn/web/json-request.php');
require_once (__DIR__.'/util.php');
use Vn\Lib;
+use Vn\Lib\UserException;
/**
* Uploads a file creating its corresponding sizes.
**/
class Upload extends Vn\Web\JsonRequest
{
- function run ()
+ function run ($db)
{
- $db = $this->login ();
$util = new Util ($this->app);
// Checks schema.
@@ -20,13 +20,13 @@ class Upload extends Vn\Web\JsonRequest
$regexp = '/[^a-z0-9_]/';
if (empty ($_REQUEST['schema']) || preg_match ($regexp, $_REQUEST['schema']) !== 0)
- throw new Lib\UserException (s('BadSchemaName'), 'badSchemaName');
+ throw new UserException (s('BadSchemaName'), 'badSchemaName');
$schema = $_REQUEST['schema'];
$info = $util->loadInfo ($schema);
if (!$info)
- throw new Lib\UserException (s('SchemaNotExists'), 'schemaNotExists');
+ throw new UserException (s('SchemaNotExists'), 'schemaNotExists');
// Checks file name and identifier.
@@ -51,7 +51,7 @@ class Upload extends Vn\Web\JsonRequest
}
if (empty ($_REQUEST['name']) || preg_match ($regexp, $_REQUEST['name']) !== 0)
- throw new Lib\UserException (s('BadFileName'), 'badFileName');
+ throw new UserException (s('BadFileName'), 'badFileName');
// Checks permissions.
@@ -79,12 +79,12 @@ class Upload extends Vn\Web\JsonRequest
];
if (!$db->query ($query, $params))
- throw new Lib\UserException (s('PermissionDenied'), 'permissionDenied');
+ throw new UserException (s('PermissionDenied'), 'permissionDenied');
// Checks for file errors.
if (empty ($_FILES['image']['name']))
- throw new Lib\UserException (s('FileNotChoosed'), 'fileNotChoosed');
+ throw new UserException (s('FileNotChoosed'), 'fileNotChoosed');
if ($_FILES['image']['error'] != 0)
{
@@ -122,7 +122,7 @@ class Upload extends Vn\Web\JsonRequest
$maxSize = $db->getValue ('SELECT max_size FROM image_config');
if ($_FILES['image']['size'] > $maxSize * 1048576)
- throw new Lib\UserException (sprintf (s('FileSizeError'), $maxSize), 'fileSizeError');
+ throw new UserException (sprintf (s('FileSizeError'), $maxSize), 'fileSizeError');
// Resizes and saves the image.
diff --git a/rest/misc/contact.php b/rest/misc/contact.php
index 88e1e03f..55cc95a9 100755
--- a/rest/misc/contact.php
+++ b/rest/misc/contact.php
@@ -7,21 +7,16 @@ use Vn\Lib;
class Contact extends Vn\Web\JsonRequest
{
+ const PARAMS = [
+ 'name'
+ ,'pc'
+ ,'phone'
+ ,'email'
+ ,'message'
+ ];
+
function run ()
{
- // Verifies that sent data is valid
-
- $params = [
- 'name'
- ,'pc'
- ,'phone'
- ,'email'
- ,'message'
- ];
-
- if (!$this->checkParams ($_REQUEST, $params))
- throw new Lib\UserException (s('Missing parameters'), 'missingParams');
-
// Checks the antispam code
$lastCaptcha = $_SESSION['captcha'];
diff --git a/rest/misc/sms.php b/rest/misc/sms.php
index ecee919b..f5457101 100644
--- a/rest/misc/sms.php
+++ b/rest/misc/sms.php
@@ -6,18 +6,13 @@ use Vn\Lib;
class Sms extends Vn\Web\JsonRequest
{
- function run ()
+ const PARAMS = [
+ 'to'
+ ,'text'
+ ];
+
+ function run ($db)
{
- $db = $this->login ();
-
- $params = [
- 'text'
- ,'to'
- ];
-
- if (!$this->checkParams ($_REQUEST, $params))
- throw new Lib\UserException (s('Missing parameters'), 'missingParams');
-
$smsConfig = $db->getRow ('SELECT uri, user, password, title FROM sms_config');
$sClient = new SoapClient ($smsConfig['uri']);
@@ -25,12 +20,12 @@ class Sms extends Vn\Web\JsonRequest
$smsConfig['user']
,$smsConfig['password']
,$smsConfig['title']
- ,$_GET['to']
- ,$_GET['text']
+ ,$_REQUEST['to']
+ ,$_REQUEST['text']
);
$xmlResponse = new SimpleXMLElement ($xmlString);
- $customer = empty ($_GET['customer']) ? NULL : $_GET['customer'];
+ $customer = empty ($_REQUEST['customer']) ? NULL : $_REQUEST['customer'];
try {
$sms = $xmlResponse->sms;
@@ -38,9 +33,9 @@ class Sms extends Vn\Web\JsonRequest
'INSERT INTO vn2008.sms (Id_trabajador, `text`, `to`, `from`, sent, response, Id_Cliente)
VALUES (account.user_get_id(), #, #, #, #, #, #)',
[
- $_GET['text']
- ,$_GET['to']
- ,$_GET['to']
+ $_REQUEST['text']
+ ,$_REQUEST['to']
+ ,$_REQUEST['to']
,$sms->codigo
,$sms->descripcion
,$customer
diff --git a/rest/tpv/transaction.php b/rest/tpv/transaction.php
index 2e835b67..bc345e61 100755
--- a/rest/tpv/transaction.php
+++ b/rest/tpv/transaction.php
@@ -7,13 +7,10 @@ require_once ('vn/web/json-request.php');
**/
class Transaction extends Vn\Web\JsonRequest
{
- function run ()
+ const PARAMS = ['amount'];
+
+ function run ($db)
{
- $db = $this->login ();
-
- if (empty ($_REQUEST['amount']))
- throw new Exception ('Amount parameter not defined');
-
$amount = (int) $_REQUEST['amount'];
$companyId = empty ($_REQUEST['company']) ? NULL : $_REQUEST['company'];
diff --git a/vn/web/app.php b/vn/web/app.php
index 965f4385..b8651782 100644
--- a/vn/web/app.php
+++ b/vn/web/app.php
@@ -125,6 +125,8 @@ class App extends \Vn\Lib\App
if (!isset ($user))
throw new SessionExpiredException ();
+
+ $user = strtolower ($user);
try {
$db = $this->createConnection ($user, $password);
@@ -190,8 +192,8 @@ class App extends \Vn\Lib\App
if ($this->conn)
{
$this->conn->query (
- 'DELETE FROM user_session_view '
- .'WHERE connection_id = CONNECTION_ID()'
+ 'DELETE FROM user_session_view
+ WHERE connection_id = CONNECTION_ID()'
);
$this->conn->close ();
$this->conn = NULL;
diff --git a/vn/web/json-service.php b/vn/web/json-service.php
index 533cb299..17bf5466 100644
--- a/vn/web/json-service.php
+++ b/vn/web/json-service.php
@@ -34,7 +34,7 @@ class JsonService extends RestService
$method = $this->app->loadMethod (
$_REQUEST['method'], __NAMESPACE__.'\JsonRequest', './rest');
- $json = $method->run ();
+ $json = $method->runRest ();
$this->replyJson ($json);
}
diff --git a/vn/web/rest-request.php b/vn/web/rest-request.php
index c679b44e..43f09e2f 100644
--- a/vn/web/rest-request.php
+++ b/vn/web/rest-request.php
@@ -4,11 +4,33 @@ namespace Vn\Web;
require_once (__DIR__.'/rest-service.php');
+use Vn\Lib;
+
/**
* Base class for REST services.
**/
abstract class RestRequest extends \Vn\Lib\Method
{
+ const PARAMS = NULL;
+ const LOGIN_REQUIRED = TRUE;
+
+ function runRest ()
+ {
+ try {
+ $db = $this->login ();
+ }
+ catch (Exception $e)
+ {
+ if (self::LOGIN_REQUIRED)
+ throw $e;
+ }
+
+ if (self::PARAMS !== NULL && !$this->checkParams ($_REQUEST, self::PARAMS))
+ throw new Lib\UserException (s('Missing parameters'));
+
+ return $this->run ($db);
+ }
+
/**
* Authenticates the user agaisnt database and returns its associated
* database connection.
diff --git a/vn/web/rest-service.php b/vn/web/rest-service.php
index f768564e..d452763a 100644
--- a/vn/web/rest-service.php
+++ b/vn/web/rest-service.php
@@ -22,7 +22,7 @@ class RestService extends Service
$method = $this->app->loadMethod (
$_REQUEST['method'], __NAMESPACE__.'\RestRequest', './rest');
- $method->run ();
+ $method->runRest ();
}
/**
-
-
- 
-
-
- 
-
-
- 
-
+
+ 
+
+
+ 
+
+
+