Example #1
0
 public function GetSqliteFile()
 {
     if (Config::GetInstance()->sdrive) {
         return Config::GetInstance()->sdrive['sdrive_account_datastore_path'] . WRITEDB;
     }
     return '';
 }
Example #2
0
 function __construct($cfg_section)
 {
     parent::__construct($cfg_section);
     $sqlite_folder = Config::GetInstance()->GetStorageFolder(2);
     $db = Config::GetInstance()->GetConfig('settings', 'data_settings', $cfg_section);
     if (!$db) {
         writeErrorLog('Failed to get configuration data in ' . __CLASS__ . ' for section: ', $cfg_section);
         $this->errors[] = array('err' => _T('Failed to open database.'));
         return;
     }
     // database names longer than 248 chars won't work
     // (it seems sqlite has no problem with table names in excess of 450 chars)
     if (strlen($db->database) > 200) {
         $dbname = substr($db->database, 0, 200) . md5($db->database);
     } else {
         $dbname = $db->database;
     }
     try {
         try {
             $this->db = new PDO('sqlite:' . $sqlite_folder . $dbname);
         } catch (PDOException $e) {
             if (file_exists($sqlite_folder) || !mkdir($sqlite_folder, 0755, true)) {
                 throw $e;
             }
             $this->db = new PDO('sqlite:' . $sqlite_folder . $dbname);
         }
     } catch (PDOException $e) {
         // Something happened and couldn't connect to SQLLite
         writeErrorLog('Problems connecting to SQLite ' . $sqlite_folder . $dbname . ': [' . $e->getCode() . ']', $e->getMessage());
         $this->errors[] = array('err' => _T('Failed to open database [%s] %s', array($e->getCode(), $e->getMessage())));
     }
 }
Example #3
0
/**
 * CoffeeCup Software's Web Form Builder.
 *
 * Create product definitions from form fields that the SCC cart accepts.
 *
 *
 * @version $Revision: 2456 $
 * @author Cees de Gruijter
 * @category FB
 * @copyright Copyright (c) 2011 CoffeeCup Software, Inc. (http://www.coffeecup.com/)
 */
function makeprices($checkoutctr)
{
    $pricer = new FieldPricer();
    $pricer->setDecimals(Config::GetInstance()->GetConfig('settings', 'payment_settings', 'decimals'));
    // first get the fixed form price
    $descr = Config::GetInstance()->GetConfig('settings', 'payment_settings', 'invoicelabel');
    $price = Config::GetInstance()->GetConfig('settings', 'payment_settings', 'fixedprice');
    if ($price > 0) {
        $prd = new Prod();
        $prd->productid = 'formid_' . $checkoutctr->GetFormName();
        // name and description should be the same unless the descr really adds info
        $prd->name = empty($descr) ? $prd->productid : $descr;
        $prd->shortdescription = '';
        $prd->yourprice = $price;
        $prd->quantity = 1;
        $pricer->addProduct($prd);
    }
    $payrules = Config::GetInstance()->GetConfig('payment_rules');
    $rules = Config::GetInstance()->GetConfig('rules');
    foreach ($checkoutctr->getFormPost() as $name => $value) {
        if (isset($payrules->{$name}) && isset($rules->{$name})) {
            // create method name like: "field_type"_"payment_type"
            $fieldtype = $rules->{$name}->fieldtype . '_' . $payrules->{$name}->type;
            if (method_exists('FieldPricer', $fieldtype)) {
                $pricer->{$fieldtype}(Config::GetInstance()->GetOriginalPostKey($name), $value, $payrules->{$name});
            } else {
                writeErrorLog('Missing pricer method:', $fieldtype);
            }
        }
    }
    return $pricer->getProducts();
}
Example #4
0
 private function _Connect()
 {
     // connect to the database
     if ($this->db === false) {
         if (Config::GetInstance()->sdrive) {
             $this->db = new DataAccessSQLite('save_sqlite');
             // attach the transaction database if the form uses payments
             if (Config::GetInstance()->UsePayments()) {
                 $dbfile = TransactionLogger::GetInstance()->GetSqliteFile();
                 if (empty($dbfile) || !file_exists($dbfile)) {
                     writeErrorLog('Tried to attach transaction log, but file is not defined or doesn\'t exist:', $dbfile);
                 } else {
                     $this->transacts = $this->db->AttachTransActions($dbfile);
                 }
             }
         } else {
             $this->db = new DataAccessMySQL('save_database');
         }
     }
 }
Example #5
0
 /**
  * default action of this controller: proxy media data
  */
 public function index_action()
 {
     $url = Request::get('url');
     $media_proxy = new MediaProxy();
     $config = Config::GetInstance();
     $modified_since = NULL;
     if (!Seminar_Session::is_current_session_authenticated() || $config->getValue('LOAD_EXTERNAL_MEDIA') != 'proxy') {
         throw new AccessDeniedException();
     }
     if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
         $modified_since = strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']);
     }
     ini_set('default_socket_timeout', 5);
     $this->render_nothing();
     //stop output buffering started in Trails_Dispatcher::dispatch()
     while (ob_get_level()) {
         ob_end_clean();
     }
     try {
         $media_proxy->readURL($url, $modified_since);
     } catch (MediaProxyException $ex) {
         header($ex->getMessage());
     }
 }
Example #6
0
/**
 * CoffeeCup Software's Web Form Builder.
 *
 * Functions to merge posted data into the HTML form definition.
 *
 *
 * @version $Revision: 2456 $
 * @author Cees de Gruijter
 * @category FB
 * @copyright Copyright (c) 2011 CoffeeCup Software, Inc. (http://www.coffeecup.com/)
 */
function MergeFormPost($post = false)
{
    if (!$post) {
        $post =& $_POST;
    }
    $dom = new DOMDocument('1.0', 'UTF-8');
    if (!$dom->loadHTML(FormPage::GetInstance()->source)) {
        writeErrorLog('Failed to parse HTML form.');
        return;
    }
    $errors = FormPage::GetInstance()->GetErrors(true);
    $processed_names = array();
    $display_max_error = Config::GetInstance()->GetConfig('special', 'maxnumerrors');
    if ($display_max_error === false) {
        $display_max_error = 1000;
    }
    // some ridiculously large number
    // get all input nodes with a name
    $xpath = new DOMXpath($dom);
    foreach ($xpath->query('//input[@name]') as $e) {
        $tagname = $e->getAttribute('name');
        $tagname_stripped = str_replace('[]', '', $tagname);
        // checkboxes have a names like "check1[]", but only "check1" is present in $post
        if (isset($post[$tagname]) || isset($post[$tagname_stripped])) {
            switch ($e->getAttribute('type')) {
                case 'radio':
                    if ($e->getAttribute('value') == $post[$tagname]) {
                        $e->setAttributeNode(new DOMAttr('checked', 'checked'));
                    }
                    break;
                case 'checkbox':
                    if (isset($post[$tagname_stripped]) && is_array($post[$tagname_stripped]) && in_array($e->getAttribute('value'), $post[$tagname_stripped])) {
                        $e->setAttributeNode(new DOMAttr('checked', 'checked'));
                    }
                    break;
                case 'file':
                    break;
                default:
                    $e->setAttributeNode(new DOMAttr('value', $post[$tagname]));
            }
        }
        if (!empty($tagname_stripped) && !in_array($tagname_stripped, $processed_names)) {
            if ($display_max_error > 0) {
                InserErrorLabel($dom, $e, $errors);
                --$display_max_error;
            }
            $processed_names[] = $tagname_stripped;
        }
    }
    // get all select nodes with a name
    foreach ($xpath->query('//select[@name]') as $e) {
        // findout if the name is defined as an array[] or as a scalar
        $name = $e->getAttribute('name');
        $is_array = false;
        if (($p = strpos($name, '[]')) !== false) {
            $name = substr($name, 0, -2);
            $is_array = true;
        }
        if (isset($post[$name])) {
            foreach ($e->getElementsByTagName('option') as $child) {
                // set or unset the selected attribute
                if ($is_array) {
                    if (in_array($child->getAttribute('value'), $post[$name]) && !$child->hasAttribute('selected')) {
                        $child->setAttributeNode(new DOMAttr('selected', 'selected'));
                    } else {
                        if ($child->hasAttribute('selected')) {
                            $child->removeAttribute('selected');
                        }
                    }
                } else {
                    if ($child->getAttribute('value') == $post[$name] && !$child->hasAttribute('selected')) {
                        $child->setAttributeNode(new DOMAttr('selected', 'selected'));
                    } else {
                        if ($child->hasAttribute('selected')) {
                            $child->removeAttribute('selected');
                        }
                    }
                }
            }
        }
        if (!empty($name) && !in_array($name, $processed_names)) {
            InserErrorLabel($dom, $e, $errors);
            $processed_names[] = $name;
        }
    }
    // get all textarea nodes with a name
    foreach ($xpath->query('//textarea[@name]') as $e) {
        $name = $e->getAttribute('name');
        if (isset($post[$name])) {
            $e->appendChild($dom->createTextNode($post[$name]));
        }
        if (!in_array($name, $processed_names)) {
            InserErrorLabel($dom, $e, $errors);
            $processed_names[] = $name;
        }
    }
    // reCaptcha error should also be placed underneath the field
    if (isset($errors['reCaptcha'])) {
        $node = $dom->createElement('label', $errors['reCaptcha']);
        $node->setAttributeNode(new DOMAttr('for', 'fb-captcha_control'));
        $node->setAttributeNode(new DOMAttr('class', 'error'));
        $dom->getElementById('fb-captcha_control')->appendChild($node);
        $processed_names[] = 'reCaptcha';
    }
    // add errors from fields that we haven't processed yet to the error div
    MakeErrorNode($dom, $errors, $processed_names);
    return $dom->saveHTML();
}
Example #7
0
    // on S-Drive the cart scripts are taken directly from the resources
    $buildnum = Config::GetInstance()->GetConfig('resource_version');
    if (!$buildnum) {
        writeErrorLog('Parameter missing or empty in form.cfg.dat', 'resource_version');
    }
    $cartpath = CC_HOSTING_RESOURCES . DIRECTORY_SEPARATOR . 'FB' . DIRECTORY_SEPARATOR . $buildnum . DIRECTORY_SEPARATOR . 'fb';
    set_include_path(get_include_path() . PATH_SEPARATOR . $cartpath);
    // add this constant to the file names to include instead of adding it to the include path
    // as a type of name spacing
    define('CARTREVISION', 'cartapp');
} else {
    // A version number is added to the folder name for forward compatibility. FB increments this
    // number if changes are NOT backward compatible. FB must also create the corrresponding
    // folder (leaving the old folder for forms made and uploaded with a previous version).
    define('CARTREVISION', 'cartapp_v1');
    Config::GetInstance()->LoadConfig();
}
// catch warnings with our own error handler to ignore them as appropriate
set_error_handler('myErrorHandler', E_WARNING);
/*** end of global config ***/
/*********** utility functions ************/
// define our auto-loader for classes
function __autoload($class_name)
{
    global $scriptpath;
    include $scriptpath . '/fbapp/php/' . strtolower($class_name) . '.cls.php';
}
// shows warning more user-friendly
function myErrorHandler($errno, $errstr, $errfile, $errline)
{
    // some fopen() may fail because the files are optional
Example #8
0
 /**
  * Adding Stud.IP formatted code to the current page of the pdf.
  * Remember to call addPage first.
  * @param string $content Stud.IP formatted code
  */
 public function addContent($content)
 {
     preg_match_all("#\\[comment(=.*)?\\](.*)\\[/comment\\]#msU", $content, $matches);
     if (count($matches[0])) {
         $endnote .= "<br><br>" . _("Kommentare") . "<hr>";
         for ($i = 0; $i < count($matches[0]); $i++) {
             $endnote .= $i + 1 . ") " . htmlReady(substr($matches[1][$i], 1)) . ": " . htmlReady($matches[2][$i]) . "<br>";
         }
     }
     $content = preg_replace("#\\[comment(=.*)?\\](.*)\\[/comment\\]#emsU", '$this->addEndnote("//1", "//2")', $content);
     $content = formatReady($content, true, true, true, null);
     $content = str_replace("<table", "<table border=\"1\"", $content);
     // Since TCPDF cannot handle missing images at all, the content needs
     // to be cleaned from those (see tickets #2957, #3329 and #3688)
     $content = preg_replace_callback('/<img[^>]+src="(.*?)"[^>]*>/', function ($match) {
         $url = $match[1];
         // Detect possible html entities in url and remove them
         if (strpos($url, '&amp;') !== false) {
             $url = html_entity_decode($url);
         }
         // Handle optional media proxy
         if (Config::GetInstance()->LOAD_EXTERNAL_MEDIA) {
             $parsed = parse_url($url);
             // Detect media proxy
             if (strpos($parsed['path'], 'media_proxy') !== false && strpos($parsed['query'], 'url=') !== false) {
                 // Remove media proxy
                 parse_str($parsed['query'], $parameters);
                 $url = $parameters['url'];
             }
         }
         // Fetch headers from url, handle possible redirects
         do {
             $headers = get_headers($url, true);
             list(, $status) = explode(' ', $headers[0]);
             $url = $header['Location'] ?: $header['location'] ?: $url;
         } while (in_array($status, array(300, 301, 302, 303, 305, 307)));
         $status = $status ?: 404;
         // Replace image with link on error (and not internal), otherwise return sainitized
         // url
         return (!is_internal_url($url) || $status == 404) && $status >= 400 ? sprintf('[<a href="%s">%s</a>]', $url, basename($url)) : str_replace($match[1], $url, $match[0]);
     }, $content);
     $this->writeHTML($content . $endnote);
 }
Example #9
0
 public function required($name, $rules)
 {
     if (!isset($rules->required) || !$rules->required) {
         return true;
     }
     $error = false;
     if ($rules->fieldtype == 'fileupload') {
         $name = Config::GetInstance()->GetOriginalPostKey($name);
         $error = !isset($_FILES[$name]) || $_FILES[$name]['size'] == 0 || $_FILES[$name]['error'] == UPLOAD_ERR_NO_FILE;
     } else {
         $tmp = isset($this->input[$name]) ? $this->input[$name] : '';
         if (is_array($tmp)) {
             $error = empty($tmp);
         } else {
             $error = empty($tmp) && strlen($tmp) == 0;
         }
     }
     if ($error) {
         $this->_errormsg($name, $rules, _T('"%s" is a required field and cannot be empty.', empty($rules->label) ? $name : $rules->label));
     }
     return !$error;
 }
 /**
  * Upgrade the application code to the latest version.
  * @throws Exception
  * @param bool $verify_updatable Whether or not to verify if installation is updatable, defaults to false
  * @return array Backup file information
  */
 public function runUpdate($file_path, $verify_updatable = false)
 {
     $app_dir = preg_replace("/\\/_lib\\/controller/", '', $file_path);
     // do we have the disk space we need?
     $disk_util = new AppUpgraderDiskUtil($app_dir);
     $disk_space_megs = $disk_util->getAvailableDiskSpace();
     // do we have the perms to do what we need?
     $disk_util->validateUpdatePermissions($app_dir);
     // do we need to update?
     $update_client = new AppUpgraderClient();
     $update_info = $update_client->getLatestVersionInfo();
     require dirname(__FILE__) . '/../../install/version.php';
     $version = Config::GetInstance()->getvalue('THINKUP_VERSION');
     if ($update_info['version'] < $version) {
         throw new Exception("You are running the latest version of ThinkUp.");
     }
     if ($verify_updatable == true) {
         return array('latest_version' => $update_info['version']);
     }
     // download zip...
     $update_zip_data = $update_client->getLatestVersionZip($update_info['url']);
     $update_zip = $disk_util->writeZip($update_zip_data);
     $zip = new ZipArchive();
     $open_result = $zip->open($update_zip);
     if ($open_result !== true) {
         unlink($update_zip);
         throw new Exception("Unable to extract " . $update_zip . ". ZipArchive::open failed with error code " . $open_result);
     }
     $num_files = $zip->numFiles;
     if ($num_files < 1) {
         unlink($update_zip);
         throw new Exception("Unable to extract " . $update_zip . ". ZipArchive->numFiles is " . $num_files);
     }
     $backup_file_info = array();
     $backup_file_info = $disk_util->backupInstall();
     $disk_util->deleteOldInstall();
     $data_path = FileDataManager::getDataPath();
     if ($zip->extractTo($data_path) !== true) {
         throw new Exception("Unable to extract new files into {$app_dir}: " . $zip->getStatusString());
     } else {
         $new_version_dir = $data_path . 'thinkup';
         $disk_util->recurseCopy($new_version_dir, $app_dir);
         // delete install files
         $disk_util->deleteDir($new_version_dir);
         unlink($update_zip);
     }
     //replace config file
     copy($backup_file_info['config'], "{$app_dir}/config.inc.php");
     return $backup_file_info;
 }
Example #11
0
 private function _GooglePay()
 {
     Config::GetInstance()->InitSession();
     $payment = new CheckoutController();
     $msg = $payment->DoGoogleCheckout();
     if (!empty($msg)) {
         FormPage::GetInstance()->SetErrors(array(array('field' => 'Form', 'err' => $msg)));
     }
 }
Example #12
0
 function _SubstituteAddress($name)
 {
     $matches = array();
     $r = preg_match_all('\'\\[([^\\]]+)\\]\'', $name, $matches, PREG_PATTERN_ORDER);
     if ($r === false) {
         writeErrorLog('Error in regex parsing:', $name);
     }
     if (!$r) {
         return trim($name);
     }
     foreach ($matches[1] as $match) {
         // check if this is an email field and get its value if it is
         $match = strtolower($match);
         if ((Config::GetInstance()->GetConfig('rules', $match, 'fieldtype') == 'email' || Config::GetInstance()->GetConfig('rules', $match, 'contactList')) && isset(FormPage::GetInstance()->post[$match])) {
             $name = str_ireplace('[' . $match . ']', FormPage::GetInstance()->post[$match], $name);
         }
     }
     return trim($name);
 }
 /**
  * @return bool|string
  */
 function auth_doregister()
 {
     global $_language_path;
     $this->error_msg = "";
     // check for direct link to register2.php
     if (!$_SESSION['_language'] || $_SESSION['_language'] == "") {
         $_SESSION['_language'] = get_accepted_languages();
     }
     $_language_path = init_i18n($_SESSION['_language']);
     $this->auth["uname"] = Request::username('username');
     // This provides access for "crcregister.ihtml"
     $validator = new email_validation_class();
     // Klasse zum Ueberpruefen der Eingaben
     $validator->timeout = 10;
     // Wie lange warten wir auf eine Antwort des Mailservers?
     if (!Seminar_Session::check_ticket(Request::option('login_ticket'))) {
         return false;
     }
     $username = trim(Request::get('username'));
     $Vorname = trim(Request::get('Vorname'));
     $Nachname = trim(Request::get('Nachname'));
     // accept only registered domains if set
     $cfg = Config::GetInstance();
     $email_restriction = $cfg->getValue('EMAIL_DOMAIN_RESTRICTION');
     if ($email_restriction) {
         $Email = trim(Request::get('Email')) . '@' . trim(Request::get('emaildomain'));
     } else {
         $Email = trim(Request::get('Email'));
     }
     if (!$validator->ValidateUsername($username)) {
         $this->error_msg = $this->error_msg . _("Der gewählte Benutzername ist zu kurz!") . "<br>";
         return false;
     }
     // username syntaktisch falsch oder zu kurz
     // auf doppelte Vergabe wird weiter unten getestet.
     if (!$validator->ValidatePassword(Request::quoted('password'))) {
         $this->error_msg = $this->error_msg . _("Das Passwort ist zu kurz!") . "<br>";
         return false;
     }
     if (!$validator->ValidateName($Vorname)) {
         $this->error_msg = $this->error_msg . _("Der Vorname fehlt oder ist unsinnig!") . "<br>";
         return false;
     }
     // Vorname nicht korrekt oder fehlend
     if (!$validator->ValidateName($Nachname)) {
         $this->error_msg = $this->error_msg . _("Der Nachname fehlt oder ist unsinnig!") . "<br>";
         return false;
         // Nachname nicht korrekt oder fehlend
     }
     if (!$validator->ValidateEmailAddress($Email)) {
         $this->error_msg = $this->error_msg . _("Die E-Mail-Adresse fehlt oder ist falsch geschrieben!") . "<br>";
         return false;
     }
     // E-Mail syntaktisch nicht korrekt oder fehlend
     $REMOTE_ADDR = $_SERVER["REMOTE_ADDR"];
     $Zeit = date("H:i:s, d.m.Y", time());
     if (!$validator->ValidateEmailHost($Email)) {
         // Mailserver nicht erreichbar, ablehnen
         $this->error_msg = $this->error_msg . _("Der Mailserver ist nicht erreichbar, bitte überprüfen Sie, ob Sie E-Mails mit der angegebenen Adresse verschicken und empfangen können!") . "<br>";
         return false;
     } else {
         // Server ereichbar
         if (!$validator->ValidateEmailBox($Email)) {
             // aber user unbekannt. Mail an abuse!
             StudipMail::sendAbuseMessage("Register", "Emailbox unbekannt\n\nUser: {$username}\nEmail: {$Email}\n\nIP: {$REMOTE_ADDR}\nZeit: {$Zeit}\n");
             $this->error_msg = $this->error_msg . _("Die angegebene E-Mail-Adresse ist nicht erreichbar, bitte überprüfen Sie Ihre Angaben!") . "<br>";
             return false;
         } else {
             // Alles paletti, jetzt kommen die Checks gegen die Datenbank...
         }
     }
     $check_uname = StudipAuthAbstract::CheckUsername($username);
     if ($check_uname['found']) {
         //   error_log("username schon vorhanden", 0);
         $this->error_msg = $this->error_msg . _("Der gewählte Benutzername ist bereits vorhanden!") . "<br>";
         return false;
         // username schon vorhanden
     }
     if (count(User::findBySQL("Email LIKE " . DbManager::get()->quote($Email)))) {
         $this->error_msg = $this->error_msg . _("Die angegebene E-Mail-Adresse wird bereits von einem anderen Benutzer verwendet. Sie müssen eine andere E-Mail-Adresse angeben!") . "<br>";
         return false;
         // Email schon vorhanden
     }
     // alle Checks ok, Benutzer registrieren...
     $hasher = UserManagement::getPwdHasher();
     $new_user = new User();
     $new_user->username = $username;
     $new_user->perms = 'user';
     $new_user->password = $hasher->HashPassword(Request::get('password'));
     $new_user->vorname = $Vorname;
     $new_user->nachname = $Nachname;
     $new_user->email = $Email;
     $new_user->geschlecht = Request::int('geschlecht');
     $new_user->title_front = trim(Request::get('title_front', Request::get('title_front_chooser')));
     $new_user->title_rear = trim(Request::get('title_rear', Request::get('title_rear_chooser')));
     $new_user->auth_plugin = 'standard';
     $new_user->store();
     if ($new_user->user_id) {
         self::sendValidationMail($new_user);
         $this->auth["perm"] = $new_user->perms;
         return $new_user->user_id;
     }
 }
Example #14
0
 /**
  * Remove old files from the media cache.
  */
 public function garbageCollect()
 {
     $db = DBManager::get();
     $config = Config::GetInstance();
     $limit = (int) $config->getValue('MEDIA_CACHE_MAX_FILES');
     $result = $db->query("SELECT id FROM media_cache ORDER BY expires DESC LIMIT {$limit}, 1000");
     if ($ids = $result->fetchAll(PDO::FETCH_COLUMN)) {
         $this->removeCacheEntries($ids);
     }
 }
Example #15
0
 private function _makePublicUrl($fieldname, $filename)
 {
     // ensure the publicly visible folder exists
     if (!file_exists(Config::GetInstance()->getStorageFolder(4))) {
         mkdir(Config::GetInstance()->getStorageFolder(4));
     }
     // use the rules to find out where the file is
     if (Config::GetInstance()->GetRulePropertyByName($fieldname, 'files') == true) {
         if (!copy(Config::GetInstance()->getStorageFolder(1) . $filename, Config::GetInstance()->getStorageFolder(4) . $filename)) {
             writeErrorLog('MailChimp plugin couldn\'t copy the uploaded file to a public folder', $filename);
             $this->setError(_T('Failed to copy the uploaded file %s to a publicly visible folder.', $filename));
             return;
         }
     } else {
         // look for it in the uploads table
         if (isset($_FILES[$fieldname]) && file_exists($_FILES[$fieldname]['tmp_name'])) {
             $filename = SaveUploadAsFile(Config::GetInstance()->getStorageFolder(4), $_FILES[$fieldname]);
             if ($filename == false) {
                 writeErrorLog('MailChimp plugin couldn\'t move the uploaded file to a public folder', $filename);
                 $this->setError(_T('Failed to move the uploaded file %s to a publicly visible folder.', $filename));
                 return;
             }
         }
     }
     $servername = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME'];
     $path = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : $_SERVER['PHP_SELF'];
     $path = substr($path, 0, strrpos($path, '/'));
     // encode the folders, not the '/'!
     $tmp = explode('/', $path);
     for ($i = 0; $i < count($tmp); ++$i) {
         $tmp[$i] = rawurlencode($tmp[$i]);
     }
     $path = implode('/', $tmp);
     // windows servers may set [HTTPS] => off, linux server usually don't set [HTTPS] at all
     if (isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
         $protocol = 'https';
     } else {
         $protocol = 'http';
     }
     $url = $protocol . '://' . $servername;
     // only add the serverport when it differs from the default
     if (strpos($servername, ':') === false && ($_SERVER['SERVER_PORT'] != '80' || $protocol != 'http')) {
         $url .= ':' . $_SERVER['SERVER_PORT'];
     }
     return $url . $path . '/' . FormPage::GetInstance()->GetFormName() . CC_FB_STORAGE_FOLDER . CC_FB_PUBLIC_DIRECTORY . $filename;
 }
Example #16
0
        }
    }
}

    // add skip links
    SkipLinks::addIndex(Navigation::getItem('/course/files/all')->getTitle(), 'main_content', 100);
    SkipLinks::addIndex(Navigation::getItem('/course/files/tree')->getTitle(), 'main_content', 100);
$folder_tree = TreeAbstract::GetInstance('StudipDocumentTree', array('range_id' => $SessSemName[1]));

$question = $msg = '';

if($zip_file_id === false){
    $msg = 'error§'
    . sprintf(_("Der Zip Download ist fehlgeschlagen. Bitte beachten Sie das Limit von maximal %s Dateien und die maximale Größe der zu zippenden Dateien von %s MB."),
    (int)Config::GetInstance()->getValue('ZIP_DOWNLOAD_MAX_FILES'),
    (int)Config::GetInstance()->getValue('ZIP_DOWNLOAD_MAX_SIZE') )
    . '§';
}

//obskuren id+_?_ string zerpflücken
if (strpos($open, "_") !== false){
    list($open_id, $open_cmd) = explode('_', $open);
}

//Wenn nicht Rechte und Operation uebermittelt: Ist das mein Dokument und ist der Ordner beschreibbar?
if (!$rechte && $open_cmd) {
    $query = "SELECT user_id, range_id FROM dokumente WHERE dokument_id = ?";
    $statement = DBManager::get()->prepare($query);
    $statement->execute(array($open_id));
    $result = $statement->fetch();
Example #17
0
 public function __construct()
 {
     $config = Config::GetInstance();
     $config->setConfiguration();
 }
Example #18
0
 public static function DoGarbageCollect()
 {
     $db = DBManager::get();
     if (!Config::GetInstance()->getValue('NEWS_DISABLE_GARBAGE_COLLECT')) {
         $result = $db->query("SELECT news.news_id FROM news where (date+expire)<UNIX_TIMESTAMP()\n                                UNION DISTINCT\n                                SELECT news_range.news_id FROM news_range LEFT JOIN news USING (news_id) WHERE ISNULL(news.news_id)\n                                UNION DISTINCT\n                                SELECT news.news_id FROM news LEFT JOIN news_range USING (news_id) WHERE range_id IS NULL")->fetchAll(PDO::FETCH_COLUMN, 0);
         if (count($result) > 0) {
             $query = "DELETE FROM news WHERE news_id IN (?)";
             $statement = DBManager::get()->prepare($query);
             $statement->execute(array($result));
             $killed = $statement->rowCount();
             $query = "DELETE FROM news_range WHERE news_id IN (?)";
             $statement = DBManager::get()->prepare($query);
             $statement->execute(array($result));
             object_kill_visits(null, $result);
             object_kill_views($result);
             StudipComment::DeleteCommentsByObject($result);
         }
         return $killed;
     }
 }
Example #19
0
 private function _PaymentFieldSubstitutions(&$needles, &$replacements)
 {
     $pr = Config::GetInstance()->GetConfig('payment_rules');
     foreach ($pr as $name => $rule) {
         $needles[] = '[' . $name . _T('_invoicetext]');
         if (isset($rule->use_invoice) && $rule->use_invoice && !empty($rule->invoice_label)) {
             $replacements[] = $rule->invoice_label;
         } else {
             $replacements[] = $name;
         }
         if ($this->cart) {
             $needles[] = '[' . $name . _T('_price]');
             if ($price = $this->cart->getSubtotalPriceProduct($name)) {
                 $replacements[] = $this->cursym . formatMoney($price, $this->divider);
             } else {
                 $replacements[] = '';
             }
         }
     }
 }
Example #20
0
/**
 *
 * checks if the 'protected' flag of a file is set and if
 * the course access is closed
 *
 * @param string MD5 id of the file
 * @return bool
 */
function check_protected_download($document_id) {
    $ok = true;
    if (Config::GetInstance()->getValue('ENABLE_PROTECTED_DOWNLOAD_RESTRICTION')) {
        $doc = new StudipDocument($document_id);
        if ($doc->getValue('protected')) {
            $ok = false;
            $range_id = $doc->getValue('seminar_id');

            if (get_object_type($range_id) == 'sem') {
                $seminar = Seminar::GetInstance($range_id);
                $timed_admission = $seminar->getAdmissionTimeFrame();

                if ($seminar->isPasswordProtected() ||
                        $seminar->isAdmissionLocked()
                        || ($timed_admission['end_time'] > 0 && $timed_admission['end_time'] < time())) {
                    $ok = true;
                } else if (StudygroupModel::isStudygroup($range_id)) {
                    $studygroup = Seminar::GetInstance($range_id);
                    if ($studygroup->admission_prelim == 1) {
                        $ok = true;
                    }
                }
            }
        }
    }

    return $ok;
}
Example #21
0
 protected function _CheckFields()
 {
     parent::_CheckFields();
     // check for int/decimal changes
     $rules = Config::GetInstance()->GetConfig('rules');
     foreach ($rules as $name => $format) {
         // table_description is filled before creating missing fields, but in that case
         // the field has been created with the right format
         if ($format->fieldtype == 'number' && isset($this->table_description[$name])) {
             if ($format->decimals == 0 && strpos($this->table_description[$name]['Type'], 'int') === false) {
                 $sql = 'ALTER TABLE ' . $this->_EscapeName($this->table) . ' CHANGE ' . $this->_EscapeName($name) . ' ' . $this->_EscapeName($name) . ' int(11)';
             } elseif ($this->table_description[$name]['Type'] != 'decimal(' . 11 + $format->decimals . ',' . $format->decimals . ')') {
                 $sql = 'ALTER TABLE ' . $this->_EscapeName($this->table) . ' CHANGE ' . $this->_EscapeName($name) . ' ' . $this->_EscapeName($name) . ' decimal(' . (11 + $format->decimals) . ',' . $format->decimals . ');';
             } else {
                 continue;
             }
             $this->_Exec($sql);
         }
     }
     return true;
 }
Example #22
0
 public function searchRoomsToRequest($search_exp, $properties = false)
 {
     $permitted_rooms = null;
     if (getGlobalPerms($GLOBALS['user']->id) != 'admin' && !Config::GetInstance()->getValue('RESOURCES_ALLOW_ROOM_REQUESTS_ALL_ROOMS')) {
         $my_rooms = new ResourcesUserRoomsList($GLOBALS['user']->id, false, false, true);
         $global_resources = DBManager::get()->query("SELECT resource_id FROM resources_objects WHERE owner_id='global'")->fetchAll(PDO::FETCH_COLUMN);
         $permitted_rooms = array_unique(array_merge(array_keys($my_rooms->getRooms()), $global_resources));
     }
     return $this->searchRooms($search_exp, $properties, 0, 0, true, $permitted_rooms);
 }
Example #23
0
 private function _CheckSubmitLimitReset()
 {
     $upgrade_date = Config::GetInstance()->getSubmitLimitUpgradeDate();
     if ($upgrade_date && $upgrade_date != $this->GetSetting(FB_SETTING_SUBMITLIMIT)) {
         // store the new date so that we know if it changed or not
         $this->SetSetting(array(FB_SETTING_SUBMITLIMIT => $upgrade_date));
         // clear the flags for the month that the date is set
         $qry = 'UPDATE ' . $this->_EscapeName($this->table) . ' SET _flags_ = _flags_&' . ~FLAG_OVERSUBMITLIMIT . ' WHERE strftime(\'%Y-%m\', _submitted_) = \'' . substr($upgrade_date, 0, 7) . '\';';
         $count = $this->db->exec($qry);
     }
     if ($count === false) {
         writeErrorLog(__METHOD__, $this->db->errorInfo());
         return 0;
     }
     return $count;
 }
Example #24
0
 function RestorePostFromSession($clearSession = true)
 {
     $this->post = Config::GetInstance()->GetSessionVariable('post');
     if ($clearSession) {
         Config::GetInstance()->UnsetSessionVariable('post');
     }
     if ($this->post) {
         // also restore the uploads table, possibly needed for sending emails
         $this->uploads = Config::GetInstance()->GetSessionVariable('uploads');
     } else {
         header('Location: ' . getUrl(''));
         exit;
     }
 }
Example #25
0
 /**
  * Stud.IP markup for images, audio, video and flash-films
  */
 protected static function markupMedia($markup, $matches)
 {
     $tag = $matches[1];
     $params = explode(":", $matches[2]);
     $url = $matches[3];
     $whitespace = $matches[4];
     foreach ($params as $key => $param) {
         if ($param) {
             if (is_numeric($param)) {
                 $width = $param;
             } elseif (in_array($param, words("left center right"))) {
                 $position = $param;
             } elseif ($key === 0 && $param[0] === "=") {
                 $title = substr($param, 1);
             } elseif ($key < count($params) - 1) {
                 $virtual_url = $param . ":" . $params[$key + 1];
                 if (isURL($virtual_url)) {
                     $link = $virtual_url;
                 }
             }
         }
     }
     $format_strings = array('img' => '<img src="%s" style="%s" title="%s" alt="%s">', 'audio' => '<audio src="%s" style="%s" title="%s" alt="%s" controls></audio>', 'video' => '<video src="%s" style="%s" title="%s" alt="%s" controls></video>');
     $url = TransformInternalLinks($url);
     $pu = @parse_url($url);
     if (($pu['scheme'] == 'http' || $pu['scheme'] == 'https') && ($pu['host'] == $_SERVER['HTTP_HOST'] || $pu['host'] . ':' . $pu['port'] == $_SERVER['HTTP_HOST']) && strpos($pu['path'], $GLOBALS['CANONICAL_RELATIVE_PATH_STUDIP']) === 0) {
         $intern = true;
         $checkpath = urldecode(substr($pu['path'], strlen($GLOBALS['CANONICAL_RELATIVE_PATH_STUDIP'])));
         if (strpos($checkpath, '../') === false) {
             list($pu['first_target']) = explode('/', $checkpath);
         } else {
             $pu['first_target'] = false;
         }
     }
     $LOAD_EXTERNAL_MEDIA = Config::GetInstance()->getValue('LOAD_EXTERNAL_MEDIA');
     if ($intern && !in_array($pu['first_target'], array('sendfile.php', 'download', 'assets', 'pictures')) && !($pu['first_target'] === 'dispatch.php' && strpos($pu['path'], 'dispatch.php/document/download') !== false)) {
         return $matches[0];
     } elseif ((!$LOAD_EXTERNAL_MEDIA || $LOAD_EXTERNAL_MEDIA === 'deny') && !$intern) {
         return $matches[0];
     }
     //Mediaproxy?
     if (!$intern && $LOAD_EXTERNAL_MEDIA === "proxy" && Seminar_Session::is_current_session_authenticated()) {
         $media_url = $GLOBALS['ABSOLUTE_URI_STUDIP'] . 'dispatch.php/media_proxy?url=' . urlencode(decodeHTML(idna_link($url)));
     } else {
         $media_url = idna_link($url);
     }
     if ($tag === "flash") {
         $width = $width ? $width : 200;
         $height = round($width * 0.75);
         $flash_config = $width > 200 ? $GLOBALS['FLASHPLAYER_DEFAULT_CONFIG_MAX'] : $GLOBALS['FLASHPLAYER_DEFAULT_CONFIG_MIN'];
         $media = '<object type="application/x-shockwave-flash" id="FlashPlayer" data="' . Assets::url() . 'flash/player_flv.swf" width="' . $width . '" height="' . $height . '">
                     <param name="movie" value="' . Assets::url() . 'flash/player_flv.swf">
                     <param name="allowFullScreen" value="true">
                     <param name="FlashVars" value="flv=' . urlencode(decodeHTML($media_url)) . '&amp;startimage=' . $link . $flash_config . '">
                     <embed src="' . Assets::url() . 'flash/player_flv.swf" movie="$media_url" type="application/x-shockwave-flash" FlashVars="flv=' . urlencode(decodeHTML($media_url)) . '&amp;startimage=' . $link . $flash_config . '">
                     </object>';
     } else {
         $media = sprintf($format_strings[$tag], $media_url, isset($width) ? "width: " . $width . "px;" : "", $title, $title);
     }
     if ($tag === 'audio') {
         $random_id = 'audio-' . substr(md5(uniqid('audio', true)), -8);
         $media = str_replace('<audio ', '<audio id="' . $random_id . '" onerror="STUDIP.Audio.handle(this);" ', $media);
     }
     if ($link && $tag === "img") {
         $media = sprintf('<a href="%s"%s>%s</a>', $link, !isLinkIntern($link) ? ' target="_blank"' : "", $media);
     }
     if ($position) {
         $media = '<div style="text-align: ' . $position . '">' . $media . '</div>';
     }
     $media .= $whitespace;
     return $media;
 }
Example #26
0
    die;
}
include 'lib/seminar_open.php';
// initialise Stud.IP-Session
include 'lib/msg.inc.php';
PageLayout::setTitle($UNI_NAME_CLEAN . " - " . _("Veranstaltungshierachie bearbeiten"));
Navigation::activateItem('/admin/locations/sem_tree');
// Start of Output
ob_start();
$view = DbView::getView('sem_tree');
$the_tree = new StudipSemTreeViewAdmin(Request::option('start_item_id'));
$search_obj = new StudipSemSearch();
$_open_items =& $the_tree->open_items;
$_open_ranges =& $the_tree->open_ranges;
$_possible_open_items = array();
if (!Config::GetInstance()->getValue('SEM_TREE_ALLOW_BRANCH_ASSIGN')) {
    if (is_array($_open_items)) {
        foreach ($_open_items as $item_id => $value) {
            if (!$the_tree->tree->getNumKids($item_id)) {
                $_possible_open_items[$item_id] = $value;
            }
        }
    }
} else {
    $_possible_open_items = $_open_items;
}
// allow add only for items where user has admin permission
if (is_array($_possible_open_items)) {
    foreach ($_possible_open_items as $item_id => $value) {
        if (!$the_tree->isItemAdmin($item_id)) {
            unset($_possible_open_items[$item_id]);
Example #27
0
 private function _orderLikeInForm($a, $b)
 {
     static $keys = false;
     if (!$keys) {
         // get keys from the rules and convert to lower case
         $keys = array();
         foreach (Config::GetInstance()->GetConfig('rules') as $key => $value) {
             $keys[] = strtolower($key);
         }
     }
     $r = 0;
     if ($a != $b) {
         foreach ($keys as $key) {
             if ($key == $a) {
                 $r = -1;
                 // a appears before b
                 break;
             }
             if ($key == $b) {
                 $r = 1;
                 // b appears before a
                 break;
             }
         }
     }
     return $r;
 }
Example #28
0
 /**
  * @return bool
  * @throws AccessDeniedException
  */
 function is_authenticated()
 {
     $cfg = Config::GetInstance();
     //check if the user got kicked meanwhile, or if user is locked out
     if ($this->auth['uid'] && !in_array($this->auth['uid'], array('form', 'nobody'))) {
         $user = $GLOBALS['user']->id == $this->auth['uid'] ? $GLOBALS['user'] : User::find($this->auth['uid']);
         if (!$user->username || $user->locked) {
             $this->unauth();
         }
     } elseif ($cfg->getValue('MAINTENANCE_MODE_ENABLE') && Request::username('loginname')) {
         $user = User::findByUsername(Request::username('loginname'));
     }
     if ($cfg->getValue('MAINTENANCE_MODE_ENABLE') && $user->perms != 'root') {
         $this->unauth();
         throw new AccessDeniedException(_("Das System befindet sich im Wartungsmodus. Zur Zeit ist kein Zugriff möglich."));
     }
     return @$this->auth['uid'] ?: false;
 }
Example #29
0
 protected function _UpdateRow()
 {
     $fields = '';
     $rules = Config::GetInstance()->GetConfig('rules');
     $data = array();
     // deal with the data in the post map
     foreach ($this->post as $key => $value) {
         $fields .= $this->_EscapeName($key) . '=?,';
         // check rules for special formatting needs
         if (isset($rules->{$key}) && $rules->{$key}->fieldtype == 'date' && !empty($value)) {
             $data[] = date('Y-m-d', $value);
         } else {
             if ($key == '_submitted_') {
                 $data[] = $this->_applyTimeZone($value);
             } else {
                 $data[] = $value;
             }
         }
     }
     // add any file fields that aren't included yet
     foreach (FormPage::GetInstance()->uploads as $upload) {
         if (!isset($this->post[$upload['fieldname']])) {
             $fields .= $this->_EscapeName($upload['fieldname']) . '=?,';
             $data[] = $upload['storedname'];
         }
     }
     $sql = 'UPDATE ' . $this->_EscapeName($this->table) . ' SET' . rtrim($fields, ',') . ' WHERE _rowid_=' . $this->lastrowid;
     $sth = $this->db->prepare($sql);
     if ($sth === false) {
         writeErrorLog('Failed compile query:', $sql);
         return false;
     } else {
         if (!$sth->execute($data)) {
             writeErrorLog('Failed to update data in from table:', $sth->errorInfo());
             return false;
         }
     }
     return true;
 }
Example #30
0
 private function _getToCheckoutButton()
 {
     if (!$this->getConfigS('2CO', 'enabled')) {
         return '';
     }
     include CARTREVISION . '/php/checkout2co.cls.php';
     $checkout = new Checkout2CO($this);
     $checkout->setReturnUrl(urldecode(Config::GetInstance()->GetSessionVariable(CC_FB_URLEMBEDDED)) . '?action=checkedout');
     //		$checkout->setCancelUrl( getFullUrl( false, false ) . '?action=cancel' );
     $html = '<form target="_top" style="display:inline;" action="' . $this->getConfigS('2CO', 'URL') . '" method="POST">' . $checkout->getCheckoutFields() . '<input type="submit" id="fb_2checkout" name="_xclick" value="Proceed to 2Checkout" /></form>';
     return $html;
 }