PHP security函数代码示例

 function index()
 {
     security($this);
     $this->session->set_userdata('page_title', 'Companydrivers');
     $data['userdetails'] = $this->session->userdata('alluserdata');
     $this->load->view('userprofile/dashboard', $data);
 }

 function __construct()
 {
     parent::Controller();
     $this->load->helper('kernel');
     $this->username = security($_REQUEST);
     $this->load->database();
 }

 function save_step1()
 {
     security($this);
     $urldata = $this->uri->uri_to_assoc(4, array('m', 'action'));
     $data = assign_to_data($urldata);
     # If a file has been uploaded, and there are no errors process it before continuing
     if (trim($_FILES['cashierphoto']['name']) != '' && $_FILES['cashierphoto']['error'] == '' && $this->input->post('editid')) {
         #The file name
         $file_stamp = 'cashierphoto' . $_POST['editid'];
         # Upload the file and return the results of the upload
         $processing_results = $this->acravfile->perfom_file_upload($this->libfileobj, $_FILES['cashierphoto'], $file_stamp, UPLOAD_DIRECTORY, $this->session->userdata('local_allowed_extensions'));
         $_FILES['cashierphoto']['error'] = $processing_results['errors'];
         # Will be saved in the database as the event's document file name
         $_POST['cashierphoto'] = $processing_results['filename'];
     }
     # Display appropriate message based on the results
     if ($this->input->post('save') && $this->process_form_data($urldata, $_POST, 'save')) {
         $data['msg'] = "The payment data was successfully saved.";
     } else {
         # For each error to be displayed as an error, it should start with "ERROR:"
         $data['msg'] = "ERROR: The payment data was not saved or may not be saved correctly. Please contact your administrator.";
     }
     $data['action'] = 'view';
     $data['id'] = $this->input->post('editid');
     # User is updating the company payment data
     if (isset($data['id'])) {
         $data['paymentdetails'] = $this->Query_reader->get_row_as_array('pick_payment_by_company_id', array('companyid' => $data['id']));
     }
     $this->load->view('companyprofile/managepayments', $data);
 }

 /**
  * POST | This handles the registration with validation.
  *
  * @return mixed
  */
 public function storeRegistrationForm()
 {
     $inputs = request()->get();
     $validator = new RegistrationValidator();
     $validation = $validator->validate($inputs);
     if (count($validation)) {
         session()->set('input', $inputs);
         return redirect()->to(url()->previous())->withError(RegistrationValidator::toHtml($validation));
     }
     $token = bin2hex(random_bytes(100));
     $connection = db()->connection();
     try {
         $connection->begin();
         $user = new User();
         $success = $user->create(['email' => $inputs['email'], 'password' => security()->hash($inputs['password']), 'token' => $token]);
         if ($success === false) {
             throw new Exception('It seems we can\'t create an account, ' . 'please check your access credentials!');
         }
         queue(\Components\Queue\Email::class, ['function' => 'registeredSender', 'template' => 'emails.registered-inlined', 'to' => $inputs['email'], 'url' => route('activateUser', ['token' => $token]), 'subject' => 'You are now registered, activation is required.']);
         $connection->commit();
     } catch (TransactionFailed $e) {
         $connection->rollback();
         throw $e;
     } catch (Exception $e) {
         $connection->rollback();
         throw $e;
     }
     return redirect()->to(route('showLoginForm'))->withSuccess(lang()->get('responses/register.creation_success'));
 }

 function manage_drivers()
 {
     security($this, 'isadmin');
     $urldata = $this->uri->uri_to_assoc(4, array('action'));
     $data = assign_to_data($urldata);
     $this->load->view('userprofile/drivers', $data);
 }

 public function testHelpersFacade()
 {
     $this->assertInstanceOf(\Clarity\Support\Auth\Auth::class, auth());
     $this->assertInstanceOf(\Phalcon\Config::class, config());
     $this->assertInstanceOf(\Phalcon\Mvc\Dispatcher::class, dispatcher());
     $this->assertInstanceOf(\Phalcon\Filter::class, filter());
     $this->assertInstanceOf(\Phalcon\Flash\Direct::class, flash()->direct());
     $this->assertInstanceOf(\Phalcon\Flash\Session::class, flash()->session());
     $this->assertInstanceOf(\League\Flysystem\Filesystem::class, flysystem());
     $this->assertInstanceOf(\League\Flysystem\MountManager::class, flysystem_manager());
     $this->assertInstanceOf(\Clarity\Support\Redirect\Redirect::class, redirect());
     $this->assertInstanceOf(\Clarity\Support\Phalcon\Http\Request::class, request());
     $this->assertInstanceOf(\Phalcon\Http\Response::class, response());
     $this->assertInstanceOf(\Phalcon\Mvc\Router::class, route());
     $this->assertInstanceOf(\Phalcon\Security::class, security());
     $this->assertInstanceOf(\Phalcon\Tag::class, tag());
     $this->assertInstanceOf(\Phalcon\Mvc\Url::class, url());
     $this->assertInstanceOf(\Phalcon\Mvc\View::class, view());
     # getting an error, will check later on
     $this->assertInstanceOf(\Monolog\Logger::class, logger());
     # adapter base functions
     // $this->assertInstanceOf(, cache());
     // $this->assertInstanceOf(, db());
     // $this->assertInstanceOf(, queue());
     // $this->assertInstanceOf(, session());
     $this->assertContains(url()->getBaseUri() . 'auth/login', route('showLoginForm'));
     $this->assertInstanceOf(\Phalcon\Mvc\View::class, view('welcome'));
 }

 function Users()
 {
     parent::Controller();
     security($this);
     $this->session->set_userdata('page_title', 'Company Profile');
     $this->load->model('reminder');
     #this->load->model('reminder');
     security($this);
 }

 public function execute($request, callable $next)
 {
     if ($request->isPost()) {
         if (security()->checkToken() === false) {
             # throw exception or redirect the user
             # or render a content using
             # View::take(<resources.view>);exit;
             throw new AccessNotAllowedException('Token mismatch, what are you doing?');
         }
     }
     return $next($request);
 }

 function music_upload($file_name, &$space_left)
 {
     global $database, $url, $user;
     // SET KEY VARIABLES
     $file_maxsize = $user->level_info['level_music_maxsize'];
     $file_exts = explode(",", str_replace(" ", "", strtolower($user->level_info['level_music_exts'])));
     $file_types = explode(",", str_replace(" ", "", strtolower($user->level_info['level_music_mimes'])));
     $new_music = new se_upload();
     $new_music->new_upload($file_name, $file_maxsize, $file_exts, $file_types);
     // CHECK SPACE LEFT
     if ($new_music->file_size > $space_left) {
         $new_music->is_error = 4000087;
     } else {
         $space_left = $space_left - $file_filesize;
     }
     if (!$new_music->is_error) {
         // GENERATE TITLE
         $myId3 = new ID3($file_dest);
         if ($myId3->getInfo()) {
             $id3_artist = trim($myId3->getArtist());
             $id3_title = trim($myId3->getTitle());
             if ($id3_artist && $id3_title) {
                 $music_title = $id3_artist . ' - ' . $id3_title;
             }
         }
         if (!trim($music_title)) {
             $music_title = $new_music->file_name;
         }
         $music_title = security(censor($music_title));
         // INSERT ROW INTO MUSIC TABLE
         $time = time();
         $track_num = $database->database_fetch_array($database->database_query("SELECT music_track_num as track FROM se_music WHERE music_user_id = '{$this->user_id}' ORDER BY music_track_num DESC LIMIT 1"));
         $track_num = $track_num['track'] + 1;
         $database->database_query("\r\n        INSERT INTO se_music\r\n        (\r\n          music_user_id,\r\n          music_track_num,\r\n          music_date,\r\n          music_title,\r\n          music_ext,\r\n          music_filesize\r\n        )\r\n        VALUES\r\n        (\r\n          '{$this->user_id}',\r\n          '{$track_num}',\r\n          '{$time}',\r\n          '{$music_title}',\r\n          '{$new_music->file_ext}',\r\n          '{$new_music->file_size}'\r\n        )\r\n      ");
         $music_id = $database->database_insert_id();
         // MOVE UPLOADED FILE
         $file_dest = $url->url_userdir($user->user_info[user_id]) . $music_id . "." . $new_music->file_ext;
         $new_music->upload_file($file_dest);
     }
     // RETURN AND DELETE FROM DATABASE IF ERROR
     if ($new_music->is_error) {
         if ($music_id) {
             $database->database_query("DELETE FROM se_music WHERE music_id='{$music_id}' && music_user_id='{$this->user_id}'");
         }
         if ($file_dest) {
             @unlink($file_dest);
         }
         return array('is_error' => $new_music->is_error);
     }
     // RETURN FILE STATS
     return array('music_id' => $music_id, 'music_ext' => $new_music->file_ext, 'music_filesize' => $new_music->file_size, 'music_title' => $music_title);
 }

 function Companyusers()
 {
     parent::Controller();
     $this->load->library('form_validation');
     $this->session->set_userdata('system', 'settings');
     $this->session->set_userdata('page_title', 'Company Users');
     $this->load->model('reminder');
     $this->load->model('email_handler');
     $this->load->model('users', 'user1');
     //$this->load->library('My_Email');
     //$this->load->library('email');
     security($this);
 }

 function selectWinner()
 {
     security($this);
     $data['userdetails'] = $this->session->userdata('alluserdata');
     #split posted value to get bid_reply_id and winner company_id
     $post_dets = explode("_", $_POST['chosen']);
     $bid_reply_id = $post_dets[0];
     $company_id = $post_dets[1];
     $posted_by = $post_dets[2];
     #get bid_request company for email purposes
     $this->db->where('bid_request_id', $_POST['bid_request']);
     $result = $this->db->get('company_bid_requests');
     $data['bid_request_info'] = $result->result_array();
     #get winner company details
     $this->db->where('id', $company_id);
     $result = $this->db->get('company');
     $data['company_info'] = $result->result_array();
     #email contents
     $email_details = array("company" => $data['company_info'][0]['companyname'], "bid_title" => $_POST['bid_title'], "request_company" => $data['bid_request_info'][0]['companyname']);
     #notify company via email
     $this->email->subject('ACRAV - BID SUCCESS CONFIRMATION');
     $this->email->message($this->generate_bid_winner_email($email_details));
     $this->email->from("admin@newwavetech.co.ug", 'administator');
     $this->email->to($data['company_info'][0]['emailaddress']);
     #associative array for update statement
     $setWinner = array("bid_winner" => 1);
     #execute update query and notify winner via email
     $this->db->where('reply_id', $bid_reply_id);
     if ($this->db->update('bid_replies', $setWinner)) {
         #send user system notification
         $msgTitle = "Bid Confirmation for " . $_POST['bid_title'];
         $userid = $data['userdetails']['userid'];
         $company_id = $data['userdetails']['compid']['id'];
         $noticeDetails = array("to_company_id" => $company_id, "from_company_id" => $company_id, "title" => $msgTitle, "content" => $this->generate_bid_winner_notice($email_details), "to_employee" => $posted_by, "from_employee" => $userid, "bid_reply_id" => $bid_reply_id, "bid_request_id" => $_POST['bid_request'], "notice_type" => "1");
         $submit_query = $this->Query_reader->db_submit_array($noticeDetails, "notices");
         $this->db->query($submit_query);
         #notify winner via email
         if ($this->email->send()) {
             $data['msg'] = $data['company_info'][0]['companyname'] . " has been selected as the winner of this bid and has been notified via email.";
         } else {
             $data['msg'] = $data['company_info'][0]['companyname'] . " has been selected as the winner of this bid but an Error occurred while sending the notification email.";
         }
     } else {
         #Query failed to execute
         $data['msg'] = "ERROR : An error occured while executing the query. Please try again.";
     }
     $data['curPage'] = 'bids';
     $this->load->view('companybids/bidwinner', $data);
 }

 function index()
 {
     security($this);
     $data['userdetails'] = $this->session->userdata('alluserdata');
     $query = $this->Query_reader->get_query_by_code('pick_company_info', array('id' => $this->userdata['companyid']));
     $result = $this->db->query($query);
     $company = $result->result_array();
     $data['company_details'] = $company[0];
     $this->db->where('to_employee', $data['userdetails']['userid']);
     $this->db->where('has_read', '0');
     $notices = $this->db->get('notice_details');
     $data['count_notices'] = $notices->num_rows();
     $data['notice_details'] = $notices->result_array();
     $data['curPage'] = 'company';
     $this->load->view('userprofile/register', $data);
 }

 function index()
 {
     security($this);
     $data['userdetails'] = $this->session->userdata('alluserdata');
     #get company cargo
     $this->db->where('company_id', $data['userdetails']['companyid']);
     $result = $this->db->get('containers');
     $data['company_cargo'] = $result->result_array();
     $this->db->where('to_employee', $data['userdetails']['userid']);
     $this->db->where('has_read', '0');
     $notices = $this->db->get('notice_details');
     $data['count_notices'] = $notices->num_rows();
     $data['notice_details'] = $notices->result_array();
     $data['curPage'] = 'bids';
     $this->load->view('userjobs/invitebids', $data);
 }

 function newBid()
 {
     security($this);
     $data['userdetails'] = $this->session->userdata('alluserdata');
     $this->db->where('bid_request_id', $this->uri->segment(4));
     $result = $this->db->get('company_bid_requests');
     $data['returned'] = $result->num_rows();
     $data['job_data'] = $result->result_array();
     #get bid replies to help checking if current company previously made a bid for this job
     $sql = 'select companyname from company_bid_requests where bid_request_id =' . $this->uri->segment(4) . ' and company_id = ' . $data['userdetails']['companyid'];
     $bid_replies_result = $this->db->query($sql);
     #company should not respond to its own bid request
     if ($data['userdetails']['companyid'] == $data['job_data'][0]['id']) {
         $data['msg'] = "ERROR : You are not allowed to submit a bid for your own bid request";
         #check if user has previously made a bid for this job
     } elseif ($bid_replies_result) {
         $data['msg'] = "ERROR : You are not allowed to bid MORE THAN ONCE for your a Job.";
     }
     $this->load->view('companybids/submitBids', $data);
 }

$Buying_Rate = buyrate($BTE);
$Selling_Rate = sellrate($BTE);
if (!$Buying_Rate) {
    $Buying_Rate = '0';
}
if (!$Selling_Rate) {
    $Selling_Rate = '0';
}
$login_attempts = $_SESSION['login_attempts'];
if (!$login_attempts) {
    $_SESSION['login_attempts'] = 0;
}
$myusername = security($_POST['username']);
$mypassword = security($_POST['password']);
$myrepeat = security($_POST['repeat']);
$form_action = security($_POST['action']);
if ($form_action == "login") {
    $_SESSION['login_attempts'] = $login_attempts + 1;
    if ($login_attempts <= 5) {
        if ($myusername) {
            if ($mypassword) {
                $mypassword2 = md5($mypassword);
                $sql = "SELECT * FROM users WHERE username='{$myusername}'";
                $result = mysql_query($sql);
                $count = mysql_num_rows($result);
                if ($count == 1) {
                    $Pass_Query = mysql_query("SELECT * FROM users WHERE username='{$myusername}'");
                    while ($Pass_Row = mysql_fetch_assoc($Pass_Query)) {
                        $db_Login_Pass_Check = $Pass_Row['password'];
                        if ($mypassword2 == $db_Login_Pass_Check) {
                            $return_error = "Logged in.";