fix session problem(use authorization_token(session[:_csrf])) and login problem

2020-02-03 21:14:03 +08:00 · 2020-02-03 21:14:03 +08:00 · 97d4e79d80
parent 35fc18f501
commit 97d4e79d80
3 changed files with 287 additions and 13 deletions
--- a/app/controllers/olympiamanagements_controller.rb
+++ b/app/controllers/olympiamanagements_controller.rb
@ -1,13 +1,45 @@
-class OlympiamanagementsController < PagesController
+class OlympiamanagementsController < ApplicationController
 	include ActionView::Context #vary important (only add this can access @@session from view)
-	include ApplicationHelper
 	before_action :set_sign_up_setting
+	prepend_view_path "app/templates" #for_render_pages
+	layout :get_layout  #for_render_pages
+	before_action :check_login, except: :login
 	#include "#{Rails.root}/app/helpers/application_helper.rb"
+	def check_login
+		begin
+			@@error
+		rescue
+			@@error = nil
+		end
+		if request.session[:olympia_login_id].to_s.blank?
+			render_contents_in_index_page(render_to_string(:formats=> [:html] ,:partial=>'login',:locals=>{:@error=>@@error})) and return
+		end
+	end
+	def login
+		@@error = nil
+		if !params[:login_id].to_s.blank?
+			if OlympiaSchoolDataFields.where(:account_number=>params[:login_id]).length == 0
+				@@error = "no_account"
+			else
+				if OlympiaSchoolDataFields.where(:account_number=>params[:login_id]).first.password != params[:login_pw]
+					@@error = "password_error"
+				else
+					session[:olympia_login_id] = params[:login_id]
+				end
+			end
+		end
+		if params[:PreviousPage].to_s.blank?
+			redirect_to :back
+		else
+			redirect_to params[:PreviousPage].to_s
+		end
+	end
 	def initialize
 		super
 		@app_title = "olympiamanagement"
 	end
 	def set_sign_up_setting
+		@key = Site.first.template rescue ""  #for_render_pages
 		@sign_up_setting = SignUpSetting.last
 		data_arr = [{:url=>'/olympiamanagements/school_connection_data',:name=>t('olympiamanagement.school_connection_data')},
 								{:url=>'/olympiamanagements/add_sign_up_student_data',:name=>t('olympiamanagement.add_sign_up_student_data')},
@ -72,7 +104,7 @@ class OlympiamanagementsController < PagesController
 				@newpage.name_translations = @instructions_name
 				@newpage.save
 			end
-			@error = nil
+			@error = @@error rescue nil
 			@page_content
 			if !(time_now_str <= end_time_str && time_now_str >= start_time_str)
 				if @instructions_pages.empty?
@ -83,22 +115,22 @@ class OlympiamanagementsController < PagesController
 				elsif @instructions_pages.length != 1
 					@instructions_pages.slice(1,@instructions_pages.length).each{|page| page.destroy}
 				end
-				if !OrbitHelper.params[:login_id].to_s.blank?
-					if OlympiaSchoolDataFields.where(:account_number=>OrbitHelper.params[:login_id]).length == 0
+				if !(OrbitHelper.params || params)[:login_id].to_s.blank? && @@session[:olympia_login_id].to_s.blank?
+					if OlympiaSchoolDataFields.where(:account_number=>(OrbitHelper.params || params)[:login_id]).length == 0
 						@error = "no_account"
 					else
-						if OlympiaSchoolDataFields.where(:account_number=>OrbitHelper.params[:login_id]).first.password != OrbitHelper.params[:login_pw]
+						if OlympiaSchoolDataFields.where(:account_number=>(OrbitHelper.params || params)[:login_id]).first.password != (OrbitHelper.params || params)[:login_pw]
 							@error = "password_error"
 						else
-							@@session[:olympia_login_id] = OrbitHelper.params[:login_id]
+							@@session[:olympia_login_id] = (OrbitHelper.params || params)[:login_id]
 						end
 					end
 				end
 				if @@session[:olympia_login_id].to_s.blank?
-					@page_content = render_to_string(:formats=> [:html] ,:partial=>'login')
+					@page_content = render_to_string(:formats=> [:html] ,:partial=>'login',:locals=>{:@error=>@error})
 				else
+					@@error = nil
 					@page_content = @breadcumb
-					
 				end
 			else
 				if !@instructions_pages.empty?
@ -144,6 +176,9 @@ class OlympiamanagementsController < PagesController
 		start_time_str = @time_arr.map{|t| @sign_up_setting["start_"+t]}.join(' ')
 		end_time_str = @time_arr.map{|t| @sign_up_setting["end_"+t]}.join(' ')
 		time_now_str = Time.now.strftime("%Y %m %d %H %M")
+		#@request = Rack::Request.new((OrbitHelper.request.env rescue nil) || (request.env rescue env))
+		#@session = @request.session
+		#render :html => session.to_hash and return
 		if !(!(time_now_str <= end_time_str && time_now_str >= start_time_str) || session[:olympia_login_id].to_s.blank?)	
 			redirect_to :back
 		else
@ -236,6 +271,243 @@ class OlympiamanagementsController < PagesController
 		viewarea.inner_html = contents
 		render :html => doc.to_html.html_safe
 	end
+	def change_to_language(final_html)  #for_render_pages
+		if session[:zh_cn]
+			final_html =  ZhConv.convert("zh-cn", final_html,false)
+			final_html.gsub!('/zh_tw/','/zh_cn/')
+			final_html.sub!('<a accesskey="t" href="'+request.path+'">繁体中文</a>','<a accesskey="t" href="'+(request.path.sub('/zh_cn/','/zh_tw/'))+'">繁体中文</a>')
+		end
+		final_html
+	end
+	def get_layout  #for_render_pages
+		if request[:action] == "edit_view"
+		 page = Page.find(params[:id])
+		  if page.page_id == "" || page.page_id == nil
+			false
+		  else
+			File.join("../../templates", "#{@key}", "/home/page.html.erb")
+		  end
+		# elsif request[:action] == "show" || request[:action] == "moduleShow"
+		#    File.join("../../templates", "themes", "#{@key}", '/home/page.html.erb')
+		else
+		  false
+		end
+	end
+	def render_final_page(original_view=get_view,page,layout)  #for_render_pages
+		final_html_for_render = ""
+		OrbitHelper.set_css_to_render_to_empty
+		if layout
+		  parts = $mobile.blank? ? (page.page_parts rescue []) : (page.mobile_page_parts rescue [])
+		  @part_partials = {}
+		  parts.each do |part|
+			subparts = part.sub_parts.asc(:created_at)
+			partials = []
+			subparts.each do |subpart|
+			  if subpart.kind == "module_widget"
+				OrbitHelper.set_current_widget subpart
+				OrbitHelper.set_widget_data_count subpart.data_count
+				OrbitHelper.set_widget_module_app subpart.module
+				OrbitHelper.set_widget_item_url subpart
+				OrbitHelper.render_meta_tags []
+				OrbitHelper.set_widget_title subpart.title
+				OrbitHelper.set_widget_categories subpart.categories || ["all"]
+				OrbitHelper.set_widget_tags subpart.tags || ["all"]
+				custom_value = subpart.custom_string_field || subpart.custom_array_field rescue nil
+				if !custom_value.nil?
+				   OrbitHelper.set_widget_custom_value custom_value
+				end
+				if @editmode
+				   partials << "<div class='editmode-ps' title='#{subpart.module}'> " + render_widget_for_frontend(subpart.module,subpart.widget_method,subpart.widget_type,subpart.id.to_s) + "<a href='/page_parts/edit_sub_part?page_id=#{page.id.to_s}&part_id=#{part.id.to_s}&sub_part_id=#{subpart.id.to_s}#{(!$mobile.blank? ? '&mobile_view=1' : '')}'> </a></div>"
+				else
+				  # widget_html = Rails.cache.fetch("subpart_#{subpart.module}_#{subpart.id.to_s}_"+I18n.locale.to_s,{ race_condition_ttl: 2, expires_in: 5.minutes}) do
+				  #   render_widget_for_frontend(subpart.module,subpart.widget_method,subpart.widget_type,subpart.id.to_s)
+				  # end
+				  widget_html = render_widget_for_frontend(subpart.module,subpart.widget_method,subpart.widget_type,subpart.id.to_s)
+				  partials << widget_html
+				end
+			  elsif subpart.kind == "text"
+				  if @editmode
+					partials << "<div class='editmode-ps' title='text'> " + subpart.content + "<a href='/page_parts/edit_sub_part?page_id=#{part.page_id.to_s}&part_id=#{part.id.to_s}&sub_part_id=#{subpart.id.to_s}#{(!$mobile.blank? ? '&mobile_view=1' : '')}'> </a></div>"
+				  else
+					#  change from px and pt and cm to em #start 
+					have_change = false
+					if Site.all.first.page_sets.last.auto_convert_flag
+					  if subpart.content.include? 'px'
+						have_change = true
+						inner_text = subpart.content
+						get_px = inner_text.enum_for(:scan,/:.*[+-]?(\d*[.])?\d+px[;\" ]/).map{Regexp.last_match.to_s}
+						get_px = get_px.uniq.sort_by(&:length).reverse!
+						get_px.each do |child_px|
+						  convert_em =  child_px.enum_for(:scan,/[+-]?(\d*[.])?\d+px/).map{Regexp.last_match.to_s}.sort_by(&:length).reverse!
+						  calc_em = convert_em.collect{|v| "#{Float(v[0...v.length-2])/16}em"}
+						  cp_child = child_px
+						  (0...convert_em.length).each do |i|
+							cp_child = cp_child.gsub(convert_em[i],calc_em[i])
+						  end
+						  inner_text = inner_text.gsub(child_px,cp_child)
+						end
+						subpart.content = inner_text
+					  end
+					  if subpart.content.include? 'pt'
+						have_change = true
+						inner_text = subpart.content
+						get_pt = inner_text.enum_for(:scan,/:.*[+-]?(\d*[.])?\d+pt[;\" ]/).map{Regexp.last_match.to_s}
+						get_pt = get_pt.uniq.sort_by(&:length).reverse!
+						get_pt.each do |child_pt|
+						  convert_em =  child_pt.enum_for(:scan,/[+-]?(\d*[.])?\d+pt/).map{Regexp.last_match.to_s}.sort_by(&:length).reverse!
+						  calc_em = convert_em.collect{|v| "#{Float(v[0...v.length-2])/12}em"}
+						  cp_child = child_pt
+						  (0...convert_em.length).each do |i|
+							cp_child = cp_child.gsub(convert_em[i],calc_em[i])
+						  end
+						  inner_text = inner_text.gsub(child_pt,cp_child)
+						end
+						subpart.content = inner_text
+					  end
+					  if subpart.content.include? 'cm'
+						have_change = true
+						inner_text = subpart.content
+						get_cm = inner_text.enum_for(:scan,/:.*[+-]?(\d*[.])?\d+cm[;\" ]/).map{Regexp.last_match.to_s}
+						get_cm = get_cm.uniq.sort_by(&:length).reverse!
+						get_cm.each do |child_cm|
+						  convert_em =  child_cm.enum_for(:scan,/[+-]?(\d*[.])?\d+cm/).map{Regexp.last_match.to_s}.sort_by(&:length).reverse!
+						  calc_em = convert_em.collect{|v| "#{Float(v[0...v.length-2])*6/2.54}em"}
+						  cp_child = child_cm
+						  (0...convert_em.length).each do |i|
+							cp_child = cp_child.gsub(convert_em[i],calc_em[i])
+						  end
+						  inner_text = inner_text.gsub(child_cm,cp_child)
+						end
+						subpart.content = inner_text
+					  end
+					  #  change from px and pt and cm to em #end
+					  if have_change
+						subpart.save
+					  end
+					end
+					partials << subpart.content
+				  end
+			  end
+			end
+			@part_partials["data-pp='#{part.part_id}'"] = partials
+		  end
+		  @file = nil
+		  @layout_html = nil
+		  if original_view == "home"
+			@file = File.join("#{@key}", "/home/index.html.erb")
+		  else
+			@file = File.join("#{@key}", "/home/page.html.erb")
+		  end
+		  @layout_html = render_to_string(@file , :formats => :html)
+		  doc = Nokogiri::HTML(@layout_html, nil, "UTF-8")
+		  head = doc.css("head")
+		  @part_partials.each do |key, partial|
+			html_string = ""
+			partial.each do |p|
+			  if !p.nil?
+				html_string = html_string + p
+			  end
+			end
+			pp = doc.css("*[#{key}]")
+			if !pp.blank?
+			  pp = pp[0]
+			  pp.inner_html = html_string
+			end
+		  end
+		  if @editmode
+			pps = doc.css("*[data-pp]")
+			pps.each do |pp|
+			  number = pp.attributes["data-pp"].value
+			  if pp.inner_html.strip == ""
+				  pp.inner_html = "<a href='/page_parts/new?part=#{number}&page_id=#{page.id.to_s}#{(!$mobile.blank? ? '&mobile_view=1' : '')}'> </a>"
+			  else
+				inner_html = pp.inner_html
+				pp.inner_html = inner_html + "<a href='/page_parts/#{number}/edit?page_id=#{page.id.to_s}#{(!$mobile.blank? ? '&mobile_view=1' : '')}'> </a>"
+			  end
+			end
+		  end
+		  if original_view != "home"
+			viewarea = doc.css("*[data-content='true']")[0]
+		if params["target_controller"].to_s == "page_contents"
+		  viewarea_id = Page.where("page_id"=>params["page_id"].to_s).first.id.to_s
+		  @page_contents = PageContext.where("page_id" => viewarea_id).last
+		  viewarea.inner_html = @page_contents.content.to_s rescue ""
+		  #  change from px and pt and cm to em #start
+		  have_change = false
+		  if Site.all.first.page_sets.last.auto_convert_flag
+			if viewarea.inner_html.include? 'px'
+			  have_change = true
+			  inner_text = viewarea.inner_html
+			  get_px = inner_text.enum_for(:scan,/:.*[+-]?(\d*[.])?\d+px[;\" ]/).map{Regexp.last_match.to_s}
+			  get_px = get_px.uniq.sort_by(&:length).reverse!
+			  get_px.each do |child_px|
+				convert_em =  child_px.enum_for(:scan,/[+-]?(\d*[.])?\d+px/).map{Regexp.last_match.to_s}.sort_by(&:length).reverse!
+				calc_em = convert_em.collect{|v| "#{Float(v[0...v.length-2])/16}em"}
+				cp_child = child_px
+				(0...convert_em.length).each do |i|
+				  cp_child = cp_child.gsub(convert_em[i],calc_em[i])
+				end
+				inner_text = inner_text.gsub(child_px,cp_child)
+			  end
+			  viewarea.inner_html = inner_text
+			end
+			if viewarea.inner_html.include? 'pt'
+			  have_change = true
+			  inner_text = viewarea.inner_html
+			  get_pt = inner_text.enum_for(:scan,/:.*[+-]?(\d*[.])?\d+pt[;\" ]/).map{Regexp.last_match.to_s}
+			  get_pt = get_pt.uniq.sort_by(&:length).reverse!
+			  get_pt.each do |child_pt|
+				convert_em =  child_pt.enum_for(:scan,/[+-]?(\d*[.])?\d+pt/).map{Regexp.last_match.to_s}.sort_by(&:length).reverse!
+				calc_em = convert_em.collect{|v| "#{Float(v[0...v.length-2])/12}em"}
+				cp_child = child_pt
+				(0...convert_em.length).each do |i|
+				  cp_child = cp_child.gsub(convert_em[i],calc_em[i])
+				end
+				inner_text = inner_text.gsub(child_pt,cp_child)
+			  end
+			  viewarea.inner_html = inner_text
+			end
+			if viewarea.inner_html.include? 'cm'
+			  have_change = true
+			  inner_text = viewarea.inner_html
+			  get_cm = inner_text.enum_for(:scan,/:.*[+-]?(\d*[.])?\d+cm[;\" ]/).map{Regexp.last_match.to_s}
+			  get_cm = get_cm.uniq.sort_by(&:length).reverse!
+			  get_cm.each do |child_cm|
+				convert_em =  child_cm.enum_for(:scan,/[+-]?(\d*[.])?\d+cm/).map{Regexp.last_match.to_s}.sort_by(&:length).reverse!
+				calc_em = convert_em.collect{|v| "#{Float(v[0...v.length-2])*6/2.54}em"}
+				cp_child = child_cm
+				(0...convert_em.length).each do |i|
+				  cp_child = cp_child.gsub(convert_em[i],calc_em[i])
+				end
+				inner_text = inner_text.gsub(child_cm,cp_child)
+			  end
+			  viewarea.inner_html = inner_text
+			end
+			#  change from px and pt and cm to em #end
+			if have_change && (viewarea.inner_html != "")
+			  @page_contents.content = viewarea.inner_html
+			  @page_contents.save
+			end
+		  end
+		  viewarea.inner_html = render_to_string(original_view) rescue "<div></div>"
+		else
+		  viewarea.inner_html = render_to_string(original_view) rescue "<div></div>"
+		end
+			head[0].inner_html = OrbitHelper.meta_tags_html + head.inner_html
+		  end
+		  head[0].inner_html = head.inner_html + OrbitHelper.get_css_to_render_in_head
+		  link = doc.css("link")[0]
+		  link.attributes["href"].value = current_site.favicon.url.nil? ? "/assets/favicon.ico" : current_site.favicon.url
+		  final_html_for_render = doc.to_html
+		else
+			final_html_for_render = render_to_string(original_view) rescue "<div></div>"
+		end
+		final_html_for_render = change_to_language(final_html_for_render)
+		if @editmode
+		  session[:mobile] = $temp_mobile
+		end
+		format_date(final_html_for_render,(original_view == "home" ? "home" : page.module)) rescue final_html_for_render
+	end
 	def updata_school_data
 		@readonly_fields = ['account_number','password','school_name','school_code','school_address','class_number','enrollment_limited']
 		@olympia_school_data_field = OlympiaSchoolDataFields.where(:account_number=>params[:olympia_user_name]).first
--- a/app/views/olympiamanagements/_login.html.erb
+++ b/app/views/olympiamanagements/_login.html.erb
@ -1,5 +1,5 @@
 <div id="loginstyle">
-<form name="login_form" id="login_form" method="get">
+<form name="login_form" id="login_form" method="post" action="/olympiamanagements/login">
    <p align="center">
 	<label for="login_id"><%=t('olympiamanagement.account_number')%>:</label><input name="login_id" type="text" id="login_id" size="12" value="">
 		<br>
@ -8,7 +8,9 @@
    
    <p align="center">
 	<input class="loginbutton" type="submit" name="login_Submit" value="<%=t('olympiamanagement.submit')%>">
-	<input type="hidden" name="PreviousPage" value="<%= OrbitHelper.request.original_url.split(OrbitHelper.request.env["HTTP_HOST"]).last.split('?').first rescue "/"%>">
+	<input type="hidden" name="PreviousPage" value="<%= (params.nil? rescue true) ? (OrbitHelper.request.url rescue "") : (request.url rescue "") %>">
+	<input type="hidden" name="authenticity_token" value="<%= (OrbitHelper.request || request).session[:_csrf_token] %>">
+	<input type="hidden" name="utf8" value="✓">
 	</p>
 </form>
 </div>
--- a/auto_create_Class_Setting.js
+++ b/auto_create_Class_Setting.js
@ -1,12 +1,12 @@
 for(var i=1;i<=133;i+=4){
 	var class_number_range = [i,i+3];
 	var enrollment_available = (i+3)/4;
-	var params_to_send = {'type':'add_school_data','class_number_range':class_number_range,'enrollment_available':enrollment_available};
+	var params_to_send = {'type':'class_setting','class_number_range':class_number_range,'enrollment_available':enrollment_available};
 	var post_data = $.post('/admin/olympiamanagements/update_school_data',params_to_send);
 }
 var class_number_range = [137,200];
 var enrollment_available = 35;
-var params_to_send = {'type':'add_school_data','class_number_range':class_number_range,'enrollment_available':enrollment_available};
+var params_to_send = {'type':'class_setting','class_number_range':class_number_range,'enrollment_available':enrollment_available};
 var post_data = $.post('/admin/olympiamanagements/update_school_data',params_to_send);
 post_data.done(function(){
 	console.log('done');