-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathAjax.php
More file actions
115 lines (94 loc) · 3.41 KB
/
Ajax.php
File metadata and controls
115 lines (94 loc) · 3.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
<?php
namespace MerapiPanel\Module\Setting;
use MerapiPanel\Box;
use MerapiPanel\Box\Module\__Fragment;
use MerapiPanel\Database\DB;
use MerapiPanel\Utility\AES;
use MerapiPanel\Utility\Http\Request;
use MerapiPanel\Utility\Util;
class Ajax extends __Fragment
{
protected $module;
function onCreate(\MerapiPanel\Box\Module\Entity\Module $module)
{
$this->module = $module;
}
function saveConfig()
{
if (!$this->module->getRoles()->isAllowed(1)) {
throw new \Exception('Permission denied');
}
$req = Request::getInstance();
$token = $req->setting_token();
$aes = AES::getInstance();
if (!$token || !($data = $aes->decrypt($token))) {
throw new \Exception("Invalid token");
}
$entry = unserialize($data);
if (!isset($entry['module']) || !$entry['input']) {
throw new \Exception("Invalid data");
}
$module_name = $entry['module'];
$input = $entry['input'];
$module = Box::module(ucfirst($module_name));
$config = $module->getConfig();
$stack = [];
// Fetch values from request, check required
foreach ($input as $name) {
// Request query name must be in snake case
$queryName = preg_replace("/\./", "_", $name);
$value = $req->$queryName();
if (empty($value) && $config->isRequired($name)) {
if (str_contains($name, ".") && count(explode(".", $name)) > 1) {
$names = explode(".", $name);
$parentName = implode(".", array_slice($names, 0, count($names) - 1));
if ($req->$parentName() == true || $req->$parentName() == 1) {
throw new \Exception("Missing required parameter: $name");
}
}
}
$stack[$name] = $value;
}
foreach ($stack as $name => $value) {
$config->set($name, $value);
}
return true;
}
function updateRole($role, $name, $value)
{
if (!$this->module->getRoles()->isAllowed(2)) {
throw new \Exception('Permission denied');
}
$roleNames = Util::getRoles();
if (!in_array($role, $roleNames)) {
throw new \Exception("Invalid role");
}
if (empty($name) || !str_contains($name, ".")) {
throw new \Exception("Missing required parameter: name");
}
if (!in_array($value, [0, 1])) {
throw new \Exception("Invalid value");
}
$SQL = "SELECT * FROM roles WHERE role = :role AND name = :name";
$stmt = DB::instance()->prepare($SQL);
$stmt->execute([':role' => $role, ':name' => $name]);
$row = $stmt->fetch(\PDO::FETCH_ASSOC);
if (!$row) {
$SQL = "INSERT INTO roles (role, name, value) VALUES (:role, :name, :value)";
$stmt = DB::instance()->prepare($SQL);
$stmt->execute([
':role' => $role,
':name' => $name,
':value' => $value
]);
} else {
$SQL = "UPDATE roles SET value = :value WHERE role = :role AND name = :name";
$stmt = DB::instance()->prepare($SQL);
$stmt->execute([
':role' => $role,
':name' => $name,
':value' => $value
]);
}
}
}