Bug Fixes

- Properly reference Cookie and Security settings values.
- Instantiate IncomingRequest Instance in view.
- Added return value of Login::index().
- Added missing return statement to Secure_Controller::is_logged_in()
This commit is contained in:
objecttothis
2023-01-30 16:31:58 +04:00
committed by Steve Ireland
parent d7a3bc2259
commit 936ccb93bf
4 changed files with 21 additions and 16 deletions

View File

@@ -4,6 +4,7 @@ namespace App\Controllers;
use App\Libraries\MY_Migration;
use App\Models\Employee;
use CodeIgniter\HTTP\RedirectResponse;
use Config\Migrations;
use Config\Services;
@@ -14,7 +15,7 @@ class Login extends BaseController
{
protected $helpers = ['form'];
public function index()
public function index(): RedirectResponse
{
$this->employee = model('Employee');
@@ -39,10 +40,10 @@ class Login extends BaseController
// }
}
// return redirect()->to('home');
return redirect()->to('home');
}
/* public function login_check(string $username): bool
public function login_check(string $username): bool
{
if(!$this->installation_check())
{
@@ -127,5 +128,5 @@ class Login extends BaseController
}
return $result;
}*/
}
}

View File

@@ -26,15 +26,15 @@ class Secure_Controller extends BaseController
if(!$this->employee->is_logged_in())
{
redirect()->to('login');
return redirect()->to('login');
}
$logged_in_employee_info = $this->employee->get_logged_in_employee_info();
// if(!$this->employee->has_module_grant($module_id, $logged_in_employee_info->person_id)
// || (isset($submodule_id) && !$this->employee->has_module_grant($submodule_id, $logged_in_employee_info->person_id)))
// {
if(!$this->employee->has_module_grant($module_id, $logged_in_employee_info->person_id)
|| (isset($submodule_id) && !$this->employee->has_module_grant($submodule_id, $logged_in_employee_info->person_id)))
{
redirect("no_access/$module_id/$submodule_id");
// }
}
// load up global data visible to all the loaded views
$this->session = session();

View File

@@ -2,10 +2,14 @@
/**
* @var object $user_info
* @var array $allowed_modules
* @var CodeIgniter\HTTP\IncomingRequest $request
*/
$request = \Config\Services::request();
helper('cookie');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="<?php echo $this->request->getLocale() ?>">
<html xmlns="http://www.w3.org/1999/xhtml" lang="<?php echo $request->getLocale() ?>">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<base href="<?php echo base_url() ?>" />
@@ -13,7 +17,7 @@
<link rel="shortcut icon" type="image/x-icon" href="<?php echo base_url() ?>favicon.ico">
<link rel="stylesheet" type="text/css" href="<?php echo 'dist/bootswatch/' . (empty(config('OSPOS')->settings['theme']) ? 'flatly' : esc(config('OSPOS')->settings['theme'])) . '/bootstrap.min.css' ?>"/>
<?php if ($this->request->cookie('debug') == 'true' || $this->request->getGet('debug') == 'true') : ?>
<?php if (get_cookie('debug') == 'true' || $request->getGet('debug') == 'true') : ?>
<!-- bower:css -->
<link rel="stylesheet" href="bower_components/jquery-ui/themes/base/jquery-ui.css" />
<link rel="stylesheet" href="bower_components/bootstrap3-dialog/dist/css/bootstrap-dialog.min.css" />
@@ -115,7 +119,7 @@
<div class="navbar-right" style="margin:0">
<?php echo anchor(esc("home/change_password/$user_info->person_id", 'url'), esc("$user_info->first_name $user_info->last_name", 'attr'), ['class' => 'modal-dlg', 'data-btn-submit' => lang('Common.submit'), 'title' => lang('Employees.change_password')]) ?>
<?php echo ' | ' . ($this->request->getGet('debug') == 'true' ? $this->session->get('session_sha1') . ' | ' : '') ?>
<?php echo ' | ' . ($request->getGet('debug') == 'true' ? $this->session->get('session_sha1') . ' | ' : '') ?>
<?php echo anchor('home/logout', lang('Login.logout')) ?>
</div>

View File

@@ -16,18 +16,18 @@
from: "<?php echo esc(config('OSPOS')->settings['notify_vertical_position'], 'js') ?>"
}});
var cookie_name = "<?php echo esc(config('OSPOS')->settings['cookie_prefix'], 'js') . esc(config('OSPOS')->settings['csrf_cookie_name'], 'js') ?>";
var cookie_name = "<?php echo esc(config('Cookie')->prefix, 'js') . esc(config('Security')->cookieName, 'js') ?>";
var csrf_token = function() {
return Cookies.get(cookie_name);
};
var csrf_form_base = function() {
return { <?php echo esc($this->security->get_csrf_token_name(), 'js') ?> : function () { return csrf_token() } }
return { <?php echo esc(config('Security')->tokenName, 'js') ?> : function () { return csrf_token() } }
};
var setup_csrf_token = function() {
$('input[name="<?php echo esc($this->security->get_csrf_token_name(), 'js') ?>"]').val(csrf_token());
$('input[name="<?php echo esc(config('Security')->tokenName, 'js') ?>"]').val(csrf_token());
};
var ajax = $.ajax;
@@ -55,7 +55,7 @@
$.ajax({
url: "<?php echo site_url('home/logout'); ?>",
data: {
"<?php echo $this->security->get_csrf_token_name(); ?>": csrf_token()
"<?php echo esc(config('Security')->tokenName, 'js'); ?>": csrf_token()
},
success: function() {
window.location.href = '<?php echo site_url(); ?>';