diff --git a/application/controllers/Barcode.php b/application/controllers/Barcode.php
deleted file mode 100644
index 10574a4fc..000000000
--- a/application/controllers/Barcode.php
+++ /dev/null
@@ -1,16 +0,0 @@
-load->view('barcode');
- }
-}
-?>
\ No newline at end of file
diff --git a/application/controllers/Home.php b/application/controllers/Home.php
index ed78c8161..e6078d4ae 100644
--- a/application/controllers/Home.php
+++ b/application/controllers/Home.php
@@ -8,12 +8,12 @@ class Home extends Secure_area
parent::__construct();
}
- function index()
+ public function index()
{
$this->load->view("home");
}
- function logout()
+ public function logout()
{
$this->Employee->logout();
}
diff --git a/application/controllers/Languagecheck.php b/application/controllers/Languagecheck.php
deleted file mode 100644
index c0d4eff59..000000000
--- a/application/controllers/Languagecheck.php
+++ /dev/null
@@ -1,192 +0,0 @@
-load->helper('directory');
-
- // for simplicity, we don't use views
- $this->output('h1', 'Open Source Point of Sale - Language file checking and validation');
-
- // determine the language file path
- if ( ! is_dir($this->lang_path) )
- {
- $this->lang_path = APPPATH . $this->lang_path;
-
- if ( ! is_dir($this->lang_path) )
- {
- $this->output('h2', 'Defined language path "'.$this->lang_path.'" not found!', TRUE);
- exit;
- }
- }
-
- // fetch the languages directory map
- $languages = directory_map( $this->lang_path, TRUE );
-
- // is our reference language present?
- if ( ! in_array($this->reference, $languages ) )
- {
- $this->output('h2', 'Reference language "'.$this->reference.'" not found!', TRUE);
- exit;
- }
-
- // load the list of language files for the reference language
- $references = directory_map( $this->lang_path . '/' . $this->reference, TRUE );
-
- // now process the list
- foreach( $references as $reference )
- {
- // skip non-language files in the language directory
- if ( strpos($reference, '_lang.php') === FALSE )
- {
- continue;
- }
-
- // process it
- $this->output('h2', 'Processing '.$this->reference . ' » ' .$reference);
-
- // load the language file
- include $this->lang_path . '/' . $this->reference . '/' . $reference;
-
- // did the file contain any language strings?
- if ( empty($lang) )
- {
- // language file was empty or not properly defined
- $this->output('h3', 'Language file doesn\'t contain any language strings. Skipping file!', TRUE);
- continue;
- }
-
- // store the loaded language strings
- $lang_ref = $lang;
- unset($lang);
-
- // now loop through the available languages
- foreach ( $languages as $language )
- {
- // skip the reference language
- if ( $language == $this->reference )
- {
- continue;
- }
-
- // language file to check
- $file = $this->lang_path . '/' . $language . '/' . $reference;
-
- // check if the language file exists for this language
- if ( ! file_exists( $file ) )
- {
- // file not found
- $this->output('h3', 'Language file doesn\'t exist for the language '.$language.'!', TRUE);
- }
- else
- {
- // load the file to compare
- include $file;
-
- // did the file contain any language strings?
- if ( empty($lang) )
- {
- // language file was empty or not properly defined
- $this->output('h3', 'Language file for the language '.$language.' doesn\'t contain any language strings!', TRUE);
- }
- else
- {
- // start comparing
- $this->output('h3', 'Comparing with the '.$language.' version:');
-
- // assume all goes well
- $failures = 0;
-
- // start comparing language keys
- foreach( $lang_ref as $key => $value )
- {
- if ( ! isset($lang[$key]) )
- {
- // report the missing key
- $this->output('', 'Missing language string "'.$key.'"', TRUE);
-
- // increment the failure counter
- $failures++;
- }
- }
-
- if ( ! $failures )
- {
- $this->output('', 'The two language files have matching strings.');
- }
- }
-
- // make sure the lang array is deleted before the next check
- if ( isset($lang) )
- {
- unset($lang);
- }
- }
- }
-
- }
-
- $this->output('h2', 'Language file checking and validation completed');
- }
-
- // -----------------------------------------------------------------
-
- private function output($type = '', $line = '', $highlight = FALSE)
- {
- switch ($type)
- {
- case 'h1':
- $html = "{line}
\n
\n";
- break;
-
- case 'h2':
- $html = "{line}
\n";
- break;
-
- case 'h3':
- $html = " {line}
\n";
- break;
-
- default:
- $html = " » {line}
";
- break;
- }
-
- if ( $highlight )
- {
- $line = '' . $line . '';
- }
-
- echo str_replace('{line}', $line, $html);
- }
- // -----------------------------------------------------------------
-
-}
-
-/* End of file languagecheck.php */
-/* Location: ./application/controllers/languagecheck.php */
diff --git a/application/controllers/Login.php b/application/controllers/Login.php
index 4ed96794a..2839280eb 100644
--- a/application/controllers/Login.php
+++ b/application/controllers/Login.php
@@ -6,7 +6,7 @@ class Login extends CI_Controller
parent::__construct();
}
- function index()
+ public function index()
{
if($this->Employee->is_logged_in())
{
@@ -28,7 +28,7 @@ class Login extends CI_Controller
}
}
- function login_check($username)
+ public function login_check($username)
{
$password = $this->input->post('password');
@@ -36,10 +36,10 @@ class Login extends CI_Controller
{
$this->form_validation->set_message('login_check', $this->lang->line('login_invalid_username_and_password'));
- return false;
+ return FALSE;
}
- return true;
+ return TRUE;
}
}
?>
\ No newline at end of file
diff --git a/application/controllers/Messages.php b/application/controllers/Messages.php
index f64b6ace6..b12c77393 100644
--- a/application/controllers/Messages.php
+++ b/application/controllers/Messages.php
@@ -1,6 +1,6 @@
-get_controller_name();
-
$this->load->view('messages/sms');
}
- function view($person_id=-1)
+ public function view($person_id = -1)
{
- $data['person_info'] = $this->Person->get_info($person_id);
+ $info = $this->Person->get_info($person_id);
+ foreach(get_object_vars($info) as $property => $value)
+ {
+ $info->$property = $this->security->xss_clean($value);
+ }
+ $data['person_info'] = $info;
$this->load->view('messages/form_sms', $data);
}
- function send()
+ public function send()
{
- $username = $this->config->item('msg_uid');
- $password = $this->config->item('msg_pwd');
- $phone = $this->input->post('phone');
- $message = $this->input->post('message');
+ $username = $this->config->item('msg_uid');
+ $password = $this->config->item('msg_pwd');
+ $phone = $this->input->post('phone');
+ $message = $this->input->post('message');
$originator = $this->config->item('msg_src');
$response = $this->sms->sendSMS($username, $password, $phone, $message, $originator);
+
+ $phone = $this->security->xss_clean($phone);
if($response)
{
- echo json_encode(array('success'=>true, 'message'=>$this->lang->line('messages_successfully_sent') . ' ' . $phone));
+ echo json_encode(array('success' => TRUE, 'message' => $this->lang->line('messages_successfully_sent') . ' ' . $phone));
}
else
{
- echo json_encode(array('success'=>false, 'message'=>$this->lang->line('messages_unsuccessfully_sent') . ' ' . $phone));
+ echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('messages_unsuccessfully_sent') . ' ' . $phone));
}
}
- function send_form($person_id=-1)
+ public function send_form($person_id = -1)
{
- $username = $this->config->item('msg_uid');
- $password = $this->config->item('msg_pwd');
- $phone = $this->input->post('phone');
- $message = $this->input->post('message');
+ $username = $this->config->item('msg_uid');
+ $password = $this->config->item('msg_pwd');
+ $phone = $this->input->post('phone');
+ $message = $this->input->post('message');
$originator = $this->config->item('msg_src');
$response = $this->sms->sendSMS($username, $password, $phone, $message, $originator);
+
+ $phone = $this->security->xss_clean($phone);
+ $person_id = $this->security->xss_clean($person_id);
if($response)
{
- echo json_encode(array('success'=>true, 'message'=>$this->lang->line('messages_successfully_sent') . ' ' . $phone, 'person_id'=>$person_id));
+ echo json_encode(array('success' => TRUE, 'message' => $this->lang->line('messages_successfully_sent') . ' ' . $phone, 'person_id' => $person_id));
}
else
{
- echo json_encode(array('success'=>false, 'message'=>$this->lang->line('messages_unsuccessfully_sent') . ' ' . $phone, 'person_id'=>-1));
+ echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('messages_unsuccessfully_sent') . ' ' . $phone, 'person_id' => -1));
}
}
}
diff --git a/application/controllers/No_access.php b/application/controllers/No_access.php
index 9761c02af..7db021fa8 100644
--- a/application/controllers/No_access.php
+++ b/application/controllers/No_access.php
@@ -6,11 +6,14 @@ class No_Access extends CI_Controller
parent::__construct();
}
- function index($module_id='',$permission_id='')
+ public function index($module_id = '', $permission_id = '')
{
- $data['module_name']=$this->Module->get_module_name($module_id);
- $data['permission_id']=$permission_id;
- $this->load->view('no_access',$data);
+ $data['module_name'] = $this->Module->get_module_name($module_id);
+ $data['permission_id'] = $permission_id;
+
+ $data = $this->security->xss_clean($data);
+
+ $this->load->view('no_access', $data);
}
}
?>
\ No newline at end of file
diff --git a/application/controllers/Secure_area.php b/application/controllers/Secure_area.php
index 6484655f3..c8bd3ecea 100644
--- a/application/controllers/Secure_area.php
+++ b/application/controllers/Secure_area.php
@@ -7,59 +7,41 @@ class Secure_area extends CI_Controller
Controllers that are considered secure extend Secure_area, optionally a $module_id can
be set to also check if a user can access a particular module in the system.
*/
- function __construct($module_id=null,$submodule_id=null)
+ function __construct($module_id = null, $submodule_id = null)
{
- parent::__construct();
+ parent::__construct();
+
$this->load->model('Employee');
+
if(!$this->Employee->is_logged_in())
{
redirect('login');
}
- $employee_id=$this->Employee->get_logged_in_employee_info()->person_id;
+ $employee_id = $this->Employee->get_logged_in_employee_info()->person_id;
if(!$this->Employee->has_module_grant($module_id,$employee_id) ||
(isset($submodule_id) && !$this->Employee->has_module_grant($submodule_id,$employee_id)))
{
- redirect('no_access/'.$module_id.'/'.$submodule_id);
+ redirect('no_access/' . $module_id . '/' . $submodule_id);
}
//load up global data
- $logged_in_employee_info=$this->Employee->get_logged_in_employee_info();
- $data['allowed_modules']=$this->Module->get_allowed_modules($logged_in_employee_info->person_id);
- $data['backup_allowed']=false;
+ $logged_in_employee_info = $this->Employee->get_logged_in_employee_info();
+ $data['allowed_modules'] = $this->Module->get_allowed_modules($logged_in_employee_info->person_id);
+ $data['backup_allowed'] = false;
foreach($data['allowed_modules']->result_array() as $module)
{
- $data['backup_allowed']|=$module['module_id']==='config';
+ $data['backup_allowed'] |= $module['module_id'] === 'config';
}
- $data['user_info']=$logged_in_employee_info;
- $data['controller_name']=$module_id;
- $this->controller_name=$module_id;
+ $data['user_info'] = $logged_in_employee_info;
+ $data['controller_name'] = $module_id;
+ $this->controller_name = $module_id;
+
$this->load->vars($data);
}
- function get_controller_name()
+ public function get_controller_name()
{
return strtolower($this->controller_name);
}
-
- function _initialize_pagination($object, $lines_per_page, $limit_from = 0, $total_rows = -1, $function='index', $filter='')
- {
- $this->load->library('pagination');
-
- $config['base_url'] = site_url($this->get_controller_name() . "/$function/" . $filter);
- $config['total_rows'] = $total_rows > -1 ? $total_rows : call_user_func(array($object, 'get_total_rows'));
- $config['per_page'] = $lines_per_page;
- $config['num_links'] = 2;
- $config['last_link'] = $this->lang->line('common_last_page');
- $config['first_link'] = $this->lang->line('common_first_page');
- // page is calculated here instead of in pagination lib
- $config['cur_page'] = $limit_from > 0 ? $limit_from : 0;
- $config['page_query_string'] = FALSE;
- $config['uri_segment'] = 0;
-
- $this->pagination->initialize($config);
-
- return $this->pagination->create_links();
- }
-
}
?>
\ No newline at end of file