ONE PIECE HACKING

Ngiler SH3LL 360
: / home / tbf / membrubackend / app / Http / Controllers / Api /

Information Server
MySQL : OFF Perl : OFF CURL : ON WGET : OFF PKEXEC : OFF

Directive	Local Value
IP Address	89.40.16.97
System	Linux server.atelieruldeit.ro 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64
User	tbf
PHP Version	7.3.33
Software	Apache
Doc root	Writable

Edit File : UserController.php \| Size : 8.85 KB
<?php namespace App\Http\Controllers\Api; use Illuminate\Http\Request; use App\Http\Controllers\Controller; use App\Models\User; use App\Http\Requests\UserFormRequest; use App\Http\Resources\UserCollection; use App\Http\Resources\UserExtendedResource; use App\Http\Resources\EditUserResource; use App\Http\Resources\TimelineResource; use App\Http\Resources\TodayPromiseResource; use App\Http\Resources\YesterdayPromiseResource; use App\Models\Package; use App\Models\Role; use App\Models\Instance; use App\Models\KeyResult; use App\Models\CronjobMail; use Carbon\Carbon; use Session; use Str; use Arr; use Auth; use App; class UserController extends Controller { public function index(Instance $instance, Request $request) { $users = $instance->users()->latest()->get(); // search users after tags $tagIds = $request->tags; if($tagIds){ $users = $instance->users->filter(function ($user) use ($tagIds) { return !empty(array_intersect($user->tags->pluck('id')->toArray(), $tagIds)); }); } return new UserCollection( $users ); } public function store(UserFormRequest $request) { $data = $request->validated(); $authUser = Auth::user(); $randPassword = Str::random(6); $data['password'] = bcrypt($randPassword); $data['working_days'] = !empty($data['working_days']) ? implode(',', $data['working_days']) : null; $data['first_name'] = ucfirst($data['first_name']); $data['last_name'] = ucfirst($data['last_name']); $data['language'] = isset($data['language']) ? $data['language'] : $authUser->language; $user = User::create($data); $user->tags()->sync(isset($data['tags']) ? $data['tags'] : []); // get all objectives that are private $privateObjectiveIds = $user->instance->objectives->where('is_private', 1)->pluck('id')->toArray(); // Send email to new user created with password newUserCreatedMail($user, $randPassword); // Send email to new user created with his promise time newUserCreatedPromiseTimeMail($user); // add user with tag in active campaign createCronjobActiveCampaign($user, 'tbf_digital'); // change the language according to user language App::setLocale($user->language); // start first mail employee sequence exactly after registration $subject = __('general.sequence_employee_0.subject'); $data = [ 'body' => 'general.sequence_employee_0.body', ]; createCronjobMail($user->email, $subject, $data, CronjobMail::SEQUENCE_MAIL, $user->language); $user->update([ 'mail_sequence_day' => 1, 'private_objective_ids' => $privateObjectiveIds ? implode(',', $privateObjectiveIds) : null, ]); return response()->json([ 'status' => 'success', 'data' => $user ], 200); } public function show(User $user) { return new UserExtendedResource( $user ); } public function edit(User $user) { return new EditUserResource( $user ); } public function update(UserFormRequest $request, User $user) { $data = $request->validated(); $data['first_name'] = ucfirst($data['first_name']); $data['last_name'] = ucfirst($data['last_name']); $data['working_days'] = !empty($data['working_days']) ? implode(',', $data['working_days']) : null; // check if the role changes remove all links with manager rights if($data['role_id'] != $user->role_id){ $user->master_goals()->sync([]); $data['manager_master_goal_ids'] = null; // set all private objectives ids, without those where he is responsible for key results or objectives $privateObjectiveIds = $user->instance->objectives()->where([['is_private', 1], ['user_id', '!=', $user->id]])->get()->map(function ($objective) use ($user) { if(!in_array($user->id, $objective->key_results->pluck('user_id')->toArray())){ return $objective->id; } })->filter()->toArray(); $data['private_objective_ids'] = $privateObjectiveIds ? implode(',', $privateObjectiveIds) : null; } $user->update($data); $user->tags()->sync(isset($data['tags']) ? $data['tags'] : []); return response()->json([ 'status' => 'success' ], 200); } public function destroy(User $user) { // add user with tag in active campaign createCronjobActiveCampaign($user, 'tbf_digital_deleted'); $user->email = now()->timestamp.$user->email; $user->save(); $user->delete(); return response()->json([ 'status' => 'success' ], 200); } public function languages() { $languages = []; foreach(config('constants.languages') as $language){ $languages[] = [ 'name' => $language['name'], 'image' => config('app.url').$language['image'], ]; } return response()->json([ 'status' => 'success', 'data' => $languages, ], 200); } public function canRegister(Request $request){ $package = Package::where('token', $request->package_token)->first(); Session::put('locale', $request->lang); if(!$request->package_token \|\| $package){ return response()->json([ 'status' => 'success', 'data' => true, ], 200); }else{ return response()->json([ 'status' => 'error', 'message' => 'invalid_token', ], 500); } } public function validateEmail(Request $request){ if($request->user_id){ $user = User::where([['email', $request->email], ['id',$request->user_id]])->first(); $isValid = $user ? true : false; if(!$isValid){ $user = User::where('email', $request->email)->first(); $isValid = $user ? false : true; } }else{ $user = User::where('email', $request->email)->first(); if($user){ $user->email = time().$user->email; $user->save(); } $isValid = true; } $email = $request->email; $blacklisted = [ 'emails' => ['ruben.marian@gmail.com', 'liviu.z@darch.ro', 'zarnoveanu@gmail.com', 'ingrid.z@darch.ro', 'bogdan.happyphone@gmail.com'], 'emails_containg' => ['utilben', 'upriserz', 'edukiwi', 'nusco', 'pinum', 'simigeriapetru', 'unitedcom.org'] ]; if(in_array($email, $blacklisted['emails'])){ $isValid = false; } foreach ($blacklisted['emails_containg'] as $value) { if(strpos($email, $value) !== false){ $isValid = false; } } return response()->json([ 'status' => 'success', 'data' => ['is_valid' => $isValid] ], 200); } public function changeLanguage(Request $request){ $request->validate([ 'language' => 'required', ]); Session::put('locale', $request->language); return response()->json([ 'status' => 'success' ], 200); } public function showAll(Request $request){ $authUser = Auth::user(); // check if the request is to assign a manager to a master goal or to list users if($request->manager_master_goals){ $users = $authUser->instance->users->where('role_id', Role::ROLE_MANAGER); }else{ $users = $authUser->instance->users; } $users = $users->map(function ($user){ return [ 'id' => $user->id, 'first_name' => $user->first_name, 'last_name' => $user->last_name, 'email' => $user->email, 'avatar' => $user->avatar, 'key_results_count' => $user->key_results->count(), 'objectives_count' => $user->objectives->count(), 'working_days' => $user->working_days ? explode(',', $user->working_days) : [], ]; }); return response()->json([ 'status' => 'success', 'data' => $users ], 200); } public function todayPromise(){ return new TodayPromiseResource(Auth::user()); } public function yesterdayPromise(){ return new YesterdayPromiseResource(Auth::user()); } public function timeline(Request $request, User $user){ return new TimelineResource($user, $request->offset); } } Back

Edit File : UserController.php | Size : 8.85 KB

<?php

namespace App\Http\Controllers\Api;

use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use App\Models\User;
use App\Http\Requests\UserFormRequest;
use App\Http\Resources\UserCollection;
use App\Http\Resources\UserExtendedResource;
use App\Http\Resources\EditUserResource;
use App\Http\Resources\TimelineResource;
use App\Http\Resources\TodayPromiseResource;
use App\Http\Resources\YesterdayPromiseResource;
use App\Models\Package;
use App\Models\Role;
use App\Models\Instance;
use App\Models\KeyResult;
use App\Models\CronjobMail;
use Carbon\Carbon;
use Session;
use Str;
use Arr;
use Auth;
use App;

class UserController extends Controller
{
    public function index(Instance $instance, Request $request) {
        $users = $instance->users()->latest()->get();
        // search users after tags
        $tagIds = $request->tags;
        if($tagIds){
            $users = $instance->users->filter(function ($user) use ($tagIds) {
                return !empty(array_intersect($user->tags->pluck('id')->toArray(), $tagIds));
            });
        }

return new UserCollection(
            $users
        );
    }

public function store(UserFormRequest $request) {
        $data = $request->validated();
        $authUser = Auth::user();

$randPassword = Str::random(6);
        $data['password'] = bcrypt($randPassword);
        $data['working_days'] = !empty($data['working_days']) ? implode(',', $data['working_days']) : null;
        $data['first_name'] = ucfirst($data['first_name']);
        $data['last_name'] = ucfirst($data['last_name']);
        $data['language'] = isset($data['language']) ? $data['language'] : $authUser->language;

$user = User::create($data);
        $user->tags()->sync(isset($data['tags']) ? $data['tags'] : []);

// get all objectives that are private
        $privateObjectiveIds = $user->instance->objectives->where('is_private', 1)->pluck('id')->toArray();

// Send email to new user created with password
        newUserCreatedMail($user, $randPassword);
        // Send email to new user created with his promise time
        newUserCreatedPromiseTimeMail($user);
        // add user with tag in active campaign
        createCronjobActiveCampaign($user, 'tbf_digital');

// change the language according to user language
        App::setLocale($user->language);
        // start first mail employee sequence exactly after registration
        $subject = __('general.sequence_employee_0.subject');
        $data = [
            'body' => 'general.sequence_employee_0.body',
        ];
        createCronjobMail($user->email, $subject, $data, CronjobMail::SEQUENCE_MAIL, $user->language);

$user->update([
            'mail_sequence_day' => 1,
            'private_objective_ids' => $privateObjectiveIds ? implode(',', $privateObjectiveIds) : null,
        ]);

return response()->json([
            'status'    => 'success',
            'data'      => $user
        ], 200);
    }

public function show(User $user) {
        return new UserExtendedResource(
            $user
        );
    }

public function edit(User $user) {
        return new EditUserResource(
            $user
        );
    }

public function update(UserFormRequest $request, User $user) {
        $data = $request->validated();

$data['first_name'] = ucfirst($data['first_name']);
        $data['last_name'] = ucfirst($data['last_name']);
        $data['working_days'] = !empty($data['working_days']) ? implode(',', $data['working_days']) : null;

// check if the role changes remove all links with manager rights
        if($data['role_id'] != $user->role_id){
            $user->master_goals()->sync([]);
            $data['manager_master_goal_ids'] = null;

// set all private objectives ids, without those where he is responsible for key results or objectives
            $privateObjectiveIds = $user->instance->objectives()->where([['is_private', 1], ['user_id', '!=', $user->id]])->get()->map(function ($objective) use ($user) {
                if(!in_array($user->id, $objective->key_results->pluck('user_id')->toArray())){
                    return $objective->id;
                }
            })->filter()->toArray();
            $data['private_objective_ids'] =  $privateObjectiveIds ? implode(',', $privateObjectiveIds) : null;
        }

$user->update($data);
        $user->tags()->sync(isset($data['tags']) ? $data['tags'] : []);

return response()->json([
            'status' => 'success'
        ], 200);
    }

public function destroy(User $user) {
        // add user with tag in active campaign
        createCronjobActiveCampaign($user, 'tbf_digital_deleted');
        $user->email = now()->timestamp.$user->email;
        $user->save();
        $user->delete();

return response()->json([
            'status' => 'success'
        ], 200);
    }

public function languages() {
        $languages = [];
        foreach(config('constants.languages') as $language){
            $languages[] = [
                'name'  => $language['name'],
                'image' => config('app.url').$language['image'],
            ];

}

return response()->json([
            'status'    => 'success',
            'data'      => $languages,
        ], 200);
    }

public function canRegister(Request $request){
    	$package = Package::where('token', $request->package_token)->first();
        Session::put('locale', $request->lang);

if(!$request->package_token || $package){
            return response()->json([
                'status'    => 'success',
                'data'		=> true,
            ], 200);
        }else{
            return response()->json([
                'status'    => 'error',
                'message'   => 'invalid_token',
            ], 500);
        }
    }

public function validateEmail(Request $request){
        if($request->user_id){
            $user = User::where([['email', $request->email], ['id',$request->user_id]])->first();
            $isValid = $user ? true : false;
            if(!$isValid){
                $user = User::where('email', $request->email)->first();
                $isValid = $user ? false : true;
            }
        }else{
            $user = User::where('email', $request->email)->first();
            if($user){
                $user->email = time().$user->email;
                $user->save();   
            }
            $isValid = true;
        }

$email = $request->email;

$blacklisted = [
                'emails'            => ['ruben.marian@gmail.com', 'liviu.z@darch.ro', 'zarnoveanu@gmail.com', 'ingrid.z@darch.ro', 'bogdan.happyphone@gmail.com'],
                'emails_containg'   => ['utilben', 'upriserz', 'edukiwi', 'nusco', 'pinum', 'simigeriapetru', 'unitedcom.org']
            ];
        
        if(in_array($email, $blacklisted['emails'])){
            $isValid = false;
        }
        foreach ($blacklisted['emails_containg'] as $value) {
            if(strpos($email, $value) !== false){
                $isValid = false;
            }
        }

return response()->json([
            'status'    => 'success',
            'data'      => ['is_valid' => $isValid]
        ], 200);
    }

public function changeLanguage(Request $request){
        $request->validate([
            'language' => 'required',
        ]);

Session::put('locale', $request->language);
        
        return response()->json([
            'status' => 'success'
        ], 200);
    }

public function showAll(Request $request){
        $authUser = Auth::user();
        // check if the request is to assign a manager to a master goal or to list users
        if($request->manager_master_goals){
            $users = $authUser->instance->users->where('role_id', Role::ROLE_MANAGER);
        }else{
            $users = $authUser->instance->users;
        }

$users = $users->map(function ($user){
            return [
                'id'                => $user->id,
                'first_name'        => $user->first_name,
                'last_name'         => $user->last_name,
                'email'             => $user->email,
                'avatar'            => $user->avatar,
                'key_results_count' => $user->key_results->count(),
                'objectives_count'  => $user->objectives->count(),
                'working_days'      => $user->working_days ? explode(',', $user->working_days) : [],
            ];
        });

return response()->json([
            'status'    => 'success',
            'data'      => $users
        ], 200);
    }

public function todayPromise(){
        return new TodayPromiseResource(Auth::user());
    }

public function yesterdayPromise(){
        return new YesterdayPromiseResource(Auth::user());
    }

public function timeline(Request $request, User $user){
        return new TimelineResource($user, $request->offset);
    }

}

Back