mirror of
https://github.com/opensourcepos/opensourcepos.git
synced 2026-04-16 21:08:59 -04:00
6fec2464f8
- Merge Config and Core File Changes 4.6.3 > 4.6.4 - Merge Config and Core File Changes 4.6.4 > 4.7.0 - Added app\Config\WorkerMode.php - Merge Config and Core File Changes Not previously merged - Added app\Config\Hostnames.php - Corrected incorrect CSS property used in invoice.php view. - Corrected unknown CSS properties used in register.php view. - Used shorthand CSS in debug.css - Corrected indentation in barcode_sheet.php view. - Corrected indentation in footer.php view. - Corrected indentation in invoice_email.php view. - Replaced obsolete attributes with CSS style attributes in barcode_sheet.php - Replaced obsolete attribute in error_exception.php - Replaced obsolete attribute in invoice_email.php - Replaced obsolete attribute in quote_email.php - Replaced obsolete attributes in work_order_email.php - Fixed indentation in system_info.php - Replaced <strong> tag outside <p> tags, which isn't allowed, with style attributes. - Simplified js return logic and indentation fixes in tax_categories.php - Simplified js return logic in tax_codes.php - Simplified js return logic in tax_jurisdictions.php - Removed unnecessary labels in manage views. - Rewrite JavaScript function and PHP to be more readable in bar.php, hbar.php, line.php and pie.php - Added type declarations, return types and an import to app\Config\Services - Updated Attribute.php parameter type - Updated Receiving_lib.php parameter type - Updated Receivings.php parameter types and updated PHPdocs - Updated tabular_helper.php parameter types and updated PHPdocs - Added type declarations and corrected PHPdocs in url_helper.php - Added return types to functions - Revert $objectSrc value in ContentSecurityPolicy.php - Correct return type in Customer->get_stats() - Correct return type in Item->get_info_by_id_or_number() - Correct misspelling in border-spacing - Added missing css style semicolons - Resolve operator precedence ambiguity. - Resolve column mismatch. - Added missing escaping in view. - Updated requirement for PHP 8.2 - Resolve unresolved conflicts - Added PHP 8.2 requirement to the README.md - Fixed bugs in display of UI - Fixed duplicated `>` in app\Views\Expenses\manage.php - Removed excess whitespace at the end of some lines in table_filter_persistence.php - Added missing `>` in app\Views\Expenses\manage.php - Corrected grammar in PHPdoc in table_filter_persistence.php - Remove bug causing `\` to be injected into the new giftcard value - Fix bug causing DROPDOWN Attribute Values to not save correctly - Added check for null in $normalizedItemId - Removing < PHP 8.2 from linting and tests - Update Linter to not include PHP 8.2 and 8.1 - Remove PHP 8.1 unit test cycle. - Update Bug Report Template - Update Composer files for CodeIgniter 4.7.2 - Updated INSTALL.md to reflect changes. --------- Signed-off-by: objec <objecttothis@gmail.com>
129 lines
4.4 KiB
PHP
129 lines
4.4 KiB
PHP
<?php
|
|
|
|
namespace App\Controllers;
|
|
|
|
use App\Libraries\MY_Migration;
|
|
use CodeIgniter\HTTP\RedirectResponse;
|
|
use CodeIgniter\HTTP\ResponseInterface;
|
|
|
|
class Home extends Secure_Controller
|
|
{
|
|
public function __construct()
|
|
{
|
|
parent::__construct('home', null, 'home');
|
|
}
|
|
|
|
/**
|
|
* @return string
|
|
*/
|
|
public function getIndex(): string
|
|
{
|
|
$logged_in = $this->employee->is_logged_in();
|
|
return view('home/home');
|
|
}
|
|
|
|
/**
|
|
* Logs the currently logged in employee out of the system. Used in app/Views/partial/header.php
|
|
*
|
|
* @return RedirectResponse
|
|
* @noinspection PhpUnused
|
|
*/
|
|
public function getLogout(): RedirectResponse
|
|
{
|
|
$this->employee->logout();
|
|
return redirect()->to('login');
|
|
}
|
|
|
|
/**
|
|
* Load the "change employee password" form
|
|
*
|
|
* @param int $employeeId
|
|
* @return ResponseInterface|string
|
|
*/
|
|
public function getChangePassword(int $employeeId = NEW_ENTRY): ResponseInterface|string
|
|
{
|
|
$loggedInEmployee = $this->employee->get_logged_in_employee_info();
|
|
$currentPersonId = $loggedInEmployee->person_id;
|
|
|
|
$employeeId = $employeeId === NEW_ENTRY ? $currentPersonId : $employeeId;
|
|
|
|
if (!$this->employee->isAdmin($currentPersonId) && $employeeId !== $currentPersonId) {
|
|
return $this->response->setStatusCode(403)->setBody(lang('Employees.unauthorized_modify'));
|
|
}
|
|
|
|
$person_info = $this->employee->get_info($employeeId);
|
|
foreach (get_object_vars($person_info) as $property => $value) {
|
|
$person_info->$property = $value;
|
|
}
|
|
$data['person_info'] = $person_info;
|
|
|
|
return view('home/form_change_password', $data);
|
|
}
|
|
|
|
/**
|
|
* Change employee password
|
|
*
|
|
* @return ResponseInterface
|
|
*/
|
|
public function postSave(int $employeeId = NEW_ENTRY): ResponseInterface
|
|
{
|
|
$currentUser = $this->employee->get_logged_in_employee_info();
|
|
|
|
$employeeId = $employeeId === NEW_ENTRY ? $currentUser->person_id : $employeeId;
|
|
|
|
if (!$this->employee->isAdmin($currentUser->person_id) && $employeeId !== $currentUser->person_id) {
|
|
return $this->response->setStatusCode(403)->setJSON([
|
|
'success' => false,
|
|
'message' => lang('Employees.unauthorized_modify')
|
|
]);
|
|
}
|
|
|
|
if (!empty($this->request->getPost('current_password')) && $employeeId != NEW_ENTRY) {
|
|
if ($this->employee->check_password($this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $this->request->getPost('current_password'))) {
|
|
// Validate password length BEFORE hashing
|
|
$new_password = $this->request->getPost('password');
|
|
|
|
if (strlen($new_password) < 8) {
|
|
return $this->response->setJSON([
|
|
'success' => false,
|
|
'message' => lang('Employees.password_minlength'),
|
|
'id' => NEW_ENTRY
|
|
]);
|
|
}
|
|
|
|
$employee_data = [
|
|
'username' => $this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
|
'password' => password_hash($new_password, PASSWORD_DEFAULT),
|
|
'hash_version' => 2
|
|
];
|
|
|
|
if ($this->employee->change_password($employee_data, $employeeId)) {
|
|
return $this->response->setJSON([
|
|
'success' => true,
|
|
'message' => lang('Employees.successful_change_password'),
|
|
'id' => $employeeId
|
|
]);
|
|
} else {
|
|
return $this->response->setJSON([
|
|
'success' => false,
|
|
'message' => lang('Employees.unsuccessful_change_password'),
|
|
'id' => NEW_ENTRY
|
|
]);
|
|
}
|
|
} else {
|
|
return $this->response->setJSON([
|
|
'success' => false,
|
|
'message' => lang('Employees.current_password_invalid'),
|
|
'id' => NEW_ENTRY
|
|
]);
|
|
}
|
|
} else {
|
|
return $this->response->setJSON([
|
|
'success' => false,
|
|
'message' => lang('Employees.current_password_invalid'),
|
|
'id' => NEW_ENTRY
|
|
]);
|
|
}
|
|
}
|
|
}
|