/**
* Show object visibility if it's private
*
* @param array $params
* @param Smarty $smarty
* @return string
*/
function smarty_function_object_visibility($params, &$smarty)
{
static $ids = array();
$object = array_var($params, 'object');
if (!instance_of($object, 'ProjectObject')) {
return new InvalidParamError('object', $object, '$object is not valid instance of ProjectObject class', true);
}
// if
if ($object->getVisibility() > VISIBILITY_PRIVATE) {
return '';
}
// if
$user = array_var($params, 'user');
if (!instance_of($user, 'User')) {
return new InvalidParamError('user', $user, '$user is expected to be an instance of User class', true);
}
// if
if (!$user->canSeePrivate()) {
return '';
}
// if
$id = array_var($params, 'id');
if (empty($id)) {
do {
$id = 'object_visibility_' . make_string(40);
} while (in_array($id, $ids));
}
// if
$ids[] = $id;
return open_html_tag('a', array('href' => assemble_url('project_object_visibility', array('project_id' => $object->getProjectId(), 'object_id' => $object->getId())), 'title' => lang('Private :type', array('type' => Inflector::humanize($object->getType()))), 'class' => 'object_visibility', 'id' => $id)) . '<img src="' . get_image_url('private.gif') . '" alt="" /></a><script type="text/javascript">App.widgets.ObjectVisibility.init("' . $id . '");</script>';
}
/**
* Render star for a given user page
*
* @param array $params
* @param Smarty $smarty
* @return string
*/
function smarty_function_object_user_star($params, &$smarty)
{
static $ids = array();
$starred_user_id = array_var($params, 'starred_user_id');
$starred_page_type = array_var($params, 'starred_page_type');
$starred_by_user_id = array_var($params, 'starred_by_user_id');
$project_id = array_var($params, 'project_id');
$id = array_var($params, 'id');
if (empty($id)) {
do {
$id = 'object_star_' . make_string(40);
} while (in_array($id, $ids));
}
// if
$ids[] = $id;
$link = mysql_connect(DB_HOST, DB_USER, DB_PASS);
mysql_select_db(DB_NAME, $link);
$query = "select * from healingcrystals_starred_user_pages where starred_by_user_id='" . $starred_by_user_id . "' and starred_user_id='" . $starred_user_id . "' and starred_page_type='" . $starred_page_type . "'";
$result = mysql_query($query);
$is_starred = false;
if (mysql_num_rows($result)) {
$is_starred = true;
}
mysql_close($link);
if ($is_starred) {
$params = array('id' => $id, 'href' => assemble_url('unstar_user_' . $starred_page_type . '_page', array('project_id' => $project_id, 'user_id' => $starred_by_user_id)) . '&starred_user_id=' . $starred_user_id, 'title' => lang('Unstar this object'), 'class' => 'object_star');
$result = open_html_tag('a', $params) . '<img src="' . get_image_url('icons/star-small.gif') . '" alt="" /></a>';
} else {
$params = array('id' => $id, 'href' => assemble_url('star_user_' . $starred_page_type . '_page', array('project_id' => $project_id, 'user_id' => $starred_by_user_id)) . '&starred_user_id=' . $starred_user_id, 'title' => lang('Star this object'), 'class' => 'object_star');
$result = open_html_tag('a', $params) . '<img src="' . get_image_url('icons/unstar-small.gif') . '" alt="" /></a>';
}
// if
return $result . "\n<script type=\"text/javascript\">App.layout.init_star_unstar_link('" . $id . "')</script>";
}
/**
* Render star for a given object
*
* @param array $params
* @param Smarty $smarty
* @return string
*/
function smarty_function_object_star($params, &$smarty)
{
static $ids = array();
$object = array_var($params, 'object');
if (!instance_of($object, 'ProjectObject')) {
return new InvalidParamError('object', $object, '$object is not valid instance of ProjectObject class', true);
}
// if
$user = array_var($params, 'user');
if (!instance_of($user, 'User')) {
return new InvalidParamError('user', $user, '$user is expected to be an instance of User class', true);
}
// if
$id = array_var($params, 'id');
if (empty($id)) {
do {
$id = 'object_star_' . make_string(40);
} while (in_array($id, $ids));
}
// if
$ids[] = $id;
if ($object->can_be_starred) {
if ($object->isStarred($user)) {
$params = array('id' => $id, 'href' => $object->getUnstarUrl(), 'title' => lang('Unstar this object'), 'class' => 'object_star');
$result = open_html_tag('a', $params) . '<img src="' . get_image_url('icons/star-small.gif') . '" alt="" /></a>';
} else {
$params = array('id' => $id, 'href' => $object->getStarUrl(), 'title' => lang('Star this object'), 'class' => 'object_star');
$result = open_html_tag('a', $params) . '<img src="' . get_image_url('icons/unstar-small.gif') . '" alt="" /></a>';
}
// if
return $result . "\n<script type=\"text/javascript\">App.layout.init_star_unstar_link('" . $id . "')</script>";
} else {
return '';
}
// if
}
<?php
// /captcha.php
// /images/captcha.png
// /images/agustinasans.ttf
ini_set('memory_limit', '128M');
ini_set('display_errors', '0');
require_once "cfg/pre.inc";
require_once INIT_DIR . "env.inc";
if (!isset($_SESSION['last_captcha'])) {
$text = make_string();
$_SESSION['last_captcha'] = $text;
} else {
$text = $_SESSION['last_captcha'];
}
$width = '200';
$height = '60';
$ttfPath = 'images/malapropism.ttf';
$bgImagePath = 'images/captcha.png';
$backgroundImage = imagecreatefrompng($bgImagePath);
$bgWidth = imagesx($backgroundImage);
$bgHeight = imagesy($backgroundImage);
$randomXStart = rand(0, $bgWidth - $width);
$randomYStart = rand(0, $bgHeight - $height);
$randomContrast = rand(192, 255);
imagefilter($backgroundImage, IMG_FILTER_CONTRAST, $randomContrast);
imagefilter($backgroundImage, IMG_FILTER_COLORIZE, 247, 147, 30);
$captcha = imageCreateTrueColor($width, $height);
imagecopy($captcha, $backgroundImage, 0, 0, $randomXStart, $randomYStart, $bgWidth, $bgHeight);
$textcolor = imagecolorallocate($captcha, 247, 147, 30);
$offset = 0;
/**
* Generate new token for this user
*
* @param void
* @return null
*/
function resetToken()
{
$this->setToken(make_string(40));
}
/**
* Render and process forgot password form
*
* @param void
* @return null
*/
function forgot_password()
{
$forgot_password_data = $this->request->post('forgot_password');
$this->smarty->assign('forgot_password_data', $forgot_password_data);
if ($this->request->isSubmitted()) {
$errors = new ValidationErrors();
$email = trim(array_var($forgot_password_data, 'email'));
if ($email == '') {
$errors->addError(lang('Email address is required'), 'email');
} else {
if (is_valid_email($email)) {
$user = Users::findByEmail($email);
if (instance_of($user, 'User')) {
$user->setPasswordResetKey(make_string(13));
$user->setPasswordResetOn(new DateTimeValue());
$save = $user->save();
if (!$save || is_error($save)) {
$errors->addError('Failed to update your user password with reset password data');
}
// of
} else {
$errors->addError(lang('There is no user account that matches the e-mail address you entered'), 'email');
}
// if
} else {
$errors->addError(lang('Invalid email address'), 'email');
}
// if
}
// if
if ($errors->hasErrors()) {
$this->smarty->assign('errors', $errors);
$this->render();
}
// if
$sent = ApplicationMailer::send(array($user), 'system/forgot_password', array('reset_url' => $user->getResetPasswordUrl()));
$this->smarty->assign(array('success_message' => lang('We emailed reset password instructions at :email', array('email' => $user->getEmail())), 'forgot_password_data' => null));
}
// if
}
/**
* Reset API key
*
* @param void
* @return null
*/
function api_reset_key()
{
if ($this->active_user->isNew()) {
$this->httpError(HTTP_ERR_NOT_FOUND);
}
// if
if (!$this->active_user->canEdit($this->logged_user)) {
$this->httpError(HTTP_ERR_FORBIDDEN);
}
// if
if ($this->request->isSubmitted()) {
$this->active_user->setToken(make_string(40));
$save = $this->active_user->save();
if ($save && !is_error($save)) {
flash_success('API key updated');
} else {
flash_error('Failed to update API key. Try again in a few minutes');
}
// if
$this->redirectToUrl($this->active_user->getApiSettingsUrl());
} else {
$this->httpError(HTTP_ERR_BAD_REQUEST);
}
// if
}
/**
* parse message body part
*
* @param integer $message_id
* @param stdObject $structure
* @param MailboxManagerEmail $results
* @param string $attachments_folder
* @param string $part_id
* @return array
*/
function parseMessageBodyPart($message_id, &$structure, &$results, $attachments_folder, $part_id)
{
$content_type = $this->getContentType($structure);
$type = $this->getMainContentType($structure->type);
$sub_type = $this->getSubContentType($structure->subtype);
$charset = $this->getPartParameter($structure, 'charset');
$encoding = $this->getBodyEncodingString($structure->encoding);
$disposition = 'inline';
if ($structure->ifdisposition) {
$disposition = strtolower($structure->disposition);
}
// if
$is_attachment = $this->getPartParameter($structure, 'name') || $this->getDispositionParameter($structure, 'filename') ? true : false;
$part_analyzed = array();
$part_analyzed['disposition'] = $disposition;
$part_analyzed['type'] = $type;
$part_analyzed['content_type'] = $content_type;
$part_analyzed['sub_type'] = $sub_type;
$part_analyzed['is_file'] = $is_attachment;
$part_analyzed['part_id'] = $part_id;
$part_analyzed['encoding'] = $encoding;
if ($is_attachment) {
$filename = $this->getPartParameter($structure, 'name') ? $this->getPartParameter($structure, 'name') : $this->getDispositionParameter($structure, 'filename');
$part_analyzed['file_name'] = imap_utf8_alt($filename);
}
// if
$charset = $this->getPartParameter($structure, 'charset');
if ($charset) {
$part_analyzed['charset'] = $charset;
}
// if
switch ($type) {
case 'multipart':
$subparts = array();
for ($x = 0; $x < count($structure->parts); $x++) {
if (!$part_id) {
$new_part_id = (string) ($x + 1);
} else {
$new_part_id = (string) $part_id . '.' . ($x + 1);
}
// if
$subparts[$x] = $this->parseMessageBodyPart($message_id, $structure->parts[$x], $results, $attachments_folder, $new_part_id);
}
// for
switch ($sub_type) {
// multipart/alternative
case 'alternative':
$counter = count($subparts) - 1;
if ($subparts[$counter]['type'] != 'multipart') {
$body_part = array_var($subparts[$counter], 'part_id');
$charset = strtoupper(array_var($subparts[$counter], 'charset'));
$encoding = array_var($subparts[$counter], 'encoding');
$content = $this->getBodyPart($message_id, $body_part, $encoding);
$results->addBody($body_part, array_var($subparts[$counter], 'content_type'), $charset == 'UTF-8' ? $content : convert_to_utf8($content, $charset));
}
// if
$alternative_to = $body_part;
for (--$counter; $counter >= 0; --$counter) {
$body_part = array_var($subparts[$counter], 'part_id');
$charset = strtoupper(array_var($subparts[$counter], 'charset'));
$encoding = array_var($subparts[$counter], 'encoding');
$content = $this->getBodyPart($message_id, $body_part, $encoding);
$results->addAlternative($body_part, $alternative_to, array_var($subparts[$counter], 'content_type'), $charset == 'UTF-8' ? $content : convert_to_utf8($content, $charset));
}
// for
break;
// multipart/mixed
// multipart/mixed
case 'mixed':
for ($counter = 0; $counter < count($subparts); ++$counter) {
if ($subparts[$counter]['type'] != 'multipart') {
if ($subparts[$counter]['is_file']) {
$body_part = array_var($subparts[$counter], 'part_id');
$encoding = array_var($subparts[$counter], 'encoding');
do {
$path = $attachments_folder . '/' . make_string(40);
} while (is_file($path));
$attachment_result = $this->getBodyPart($message_id, $body_part, $encoding, $path);
if ($attachment_result) {
$results->addAttachment($body_part, array_var($subparts[$counter], 'content_type'), array_var($subparts[$counter], 'file_name'), $path, filesize($path));
}
// if
} else {
$body_part = array_var($subparts[$counter], 'part_id');
$charset = strtoupper(array_var($subparts[$counter], 'charset'));
$encoding = array_var($subparts[$counter], 'encoding');
$content = $this->getBodyPart($message_id, $body_part, $encoding);
$results->addBody($body_part, array_var($subparts[$counter], 'content_type'), $charset == 'UTF-8' ? $content : convert_to_utf8($content, $charset));
}
// if
}
// if
}
// for
break;
// multipart/related
// multipart/related
case 'related':
for ($counter = 0; $counter < count($subparts); ++$counter) {
if ($subparts[$counter]['type'] != 'multipart') {
if ($subparts[$counter]['is_file']) {
$body_part = array_var($subparts[$counter], 'part_id');
$encoding = array_var($subparts[$counter], 'encoding');
do {
$path = $attachments_folder . '/' . make_string(40);
} while (is_file($path));
$attachment_result = $this->getBodyPart($message_id, $body_part, $encoding, $path);
if ($attachment_result) {
$results->addAttachment($body_part, array_var($subparts[$counter], 'content_type'), array_var($subparts[$counter], 'file_name'), $path, filesize($path));
}
// if
} else {
$body_part = array_var($subparts[$counter], 'part_id');
$charset = strtoupper(array_var($subparts[$counter], 'charset'));
$encoding = array_var($subparts[$counter], 'encoding');
$content = $this->getBodyPart($message_id, $body_part, $encoding);
$results->addBody($body_part, array_var($subparts[$counter], 'content_type'), $charset == 'UTF-8' ? $content : convert_to_utf8($content, $charset));
}
// if
}
// if
}
// for
break;
// multipart/report
// multipart/report
case 'report':
$results->setIsReport(true);
$counter = 0;
if ($subparts[$counter]['type'] != 'multipart') {
if ($subparts[$counter]['is_file']) {
$body_part = array_var($subparts[$counter], 'part_id');
$encoding = array_var($subparts[$counter], 'encoding');
do {
$path = $attachments_folder . '/' . make_string(40);
} while (is_file($path));
$attachment_result = $this->getBodyPart($message_id, $body_part, $encoding, $path);
if ($attachment_result) {
$results->addAttachment($body_part, array_var($subparts[$counter], 'content_type'), array_var($subparts[$counter], 'file_name'), $path, filesize($path));
}
// if
} else {
$body_part = array_var($subparts[$counter], 'part_id');
$charset = strtoupper(array_var($subparts[$counter], 'charset'));
$encoding = array_var($subparts[$counter], 'encoding');
$content = $this->getBodyPart($message_id, $body_part, $encoding);
$results->addBody($body_part, array_var($subparts[$counter], 'content_type'), $charset == 'UTF-8' ? $content : convert_to_utf8($content, $charset));
}
// if
}
// if
break;
}
// switch
break;
default:
break;
}
// switch
return $part_analyzed;
}
/**
* Save company details info
*
* @param void
* @return void
*/
function index()
{
$brand_path = PUBLIC_PATH . '/brand';
$default_image_name = 'invoicing_logo.jpg';
$default_full_image_name = $brand_path . '/' . $default_image_name;
if (!folder_is_writable($brand_path)) {
$brand_folder_writable = false;
$this->wireframe->addPageMessage(lang('Brand folder is not writable (:brand_folder). You will not be able to upload company logo.', array('brand_folder' => $brand_path)), PAGE_MESSAGE_WARNING);
}
// if
$company_data = $this->request->post('company');
if (!is_foreachable($company_data)) {
$company_data = array('name' => ConfigOptions::getValue('invoicing_company_name'), 'details' => ConfigOptions::getValue('invoicing_company_details'));
}
// if
if ($this->request->isSubmitted()) {
$errors = new ValidationErrors();
db_begin_work();
$company_name = trim(array_var($company_data, 'name'));
$company_details = trim(array_var($company_data, 'details'));
if (!$company_name || !$company_details) {
if (!$company_name) {
$errors->addError(lang('Company name is required'), 'company_name');
}
// if
if (!$company_details) {
$errors->addError(lang('Company details are required'), 'company_details');
}
// if
} else {
// copy and convert logo
$logo_file = array_var($_FILES, 'company_logo', null);
if ($logo_file['name']) {
$pathinfo = pathinfo($logo_file['name']);
do {
$new_filename = make_string(30) . '.' . array_var($pathinfo, 'extension');
$new_file_full_path = $brand_path . '/' . $new_filename;
} while (is_file($new_file_full_path));
if (move_uploaded_file($logo_file['tmp_name'], $new_file_full_path)) {
if (FIX_UPLOAD_PERMISSION !== false) {
@chmod($new_file_full_path, FIX_UPLOAD_PERMISSION);
}
// if
scale_image($new_file_full_path, $new_file_full_path, 600, 150, IMAGETYPE_JPEG, 100);
} else {
$errors->addError(lang('Could not upload company logo'), 'company_logo');
}
// if
}
// if
$company_logo_url = get_company_invoicing_logo_url();
db_commit();
}
// if
if (!$errors->hasErrors()) {
// set config options
ConfigOptions::setValue('invoicing_company_name', $company_name);
ConfigOptions::setValue('invoicing_company_details', $company_details);
@unlink($default_full_image_name);
rename($new_file_full_path, $default_full_image_name);
flash_success('Company identity successfully modified');
$this->redirectTo('admin_invoicing_company_identity');
db_commit();
} else {
@unlink($new_file_full_path);
db_rollback();
$this->smarty->assign('errors', $errors);
}
// if
}
// if
$company_logo_url = get_company_invoicing_logo_url();
$this->smarty->assign(array('company_data' => $company_data, 'company_logo_url' => $company_logo_url));
}
/**
* Make a passsword out of list of allowed characters with a given length
*
* Difference between make_string and make_password is in the list of allowed
* chars. Some chars that create a lot of confusion (I, l and so on) are
* excluded in password generation function
*
* @param integer $length
* @param string $allowed_chars
* @return string
*/
function make_password($length = 10, $allowed_chars = 'abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789')
{
return make_string($length, $allowed_chars);
}
function &logUserIn(User $user, $settings = null)
{
$existing_session_id = isset($settings['existing_session_id']) && $settings['existing_session_id'] ? $settings['existing_session_id'] : null;
try {
DB::beginWork('Logging user in @ ' . __CLASS__);
$users_table = TABLE_PREFIX . 'users';
$user_sessions_table = TABLE_PREFIX . 'user_sessions';
$remember = (bool) array_var($settings, 'remember', false);
$new_visit = (bool) array_var($settings, 'new_visit', false);
// Some initial data
$session_id = null;
$new_expires_on = $remember ? time() + 1209600 : time() + 1800;
// 30 minutes or 2 weeks?
// Existing session
if ($existing_session_id) {
$existing_session_data = DB::executeFirstRow("SELECT remember, session_key, interface FROM {$user_sessions_table} WHERE id = ?", $existing_session_id);
if ($existing_session_data && isset($existing_session_data['remember']) && isset($existing_session_data['session_key'])) {
if ($existing_session_data['remember']) {
$new_expires_on = time() + 1209600;
}
// if
$session_key = $existing_session_data['session_key'];
DB::execute("UPDATE {$user_sessions_table} SET user_ip = ?, user_agent = ?, last_activity_on = UTC_TIMESTAMP(), expires_on = ?, visits = visits + 1 WHERE id = ?", AngieApplication::getVisitorIp(), AngieApplication::getVisitorUserAgent(), date(DATETIME_MYSQL, $new_expires_on), $existing_session_id);
$session_id = $existing_session_id;
AngieApplication::setPreferedInterface($existing_session_data['interface']);
}
// if
}
// if
// New session?
if ($session_id === null) {
AngieApplication::setPreferedInterface(array_var($settings, 'interface'));
do {
$session_key = make_string(40);
} while (DB::executeFirstCell("SELECT COUNT(id) AS 'row_count' FROM {$user_sessions_table} WHERE session_key = ?", $session_key) > 0);
DB::execute("INSERT INTO {$user_sessions_table} (user_id, user_ip, user_agent, visits, remember, interface, created_on, last_activity_on, expires_on, session_key) VALUES (?, ?, ?, ?, ?, ?, UTC_TIMESTAMP(), ?, ?, ?)", $user->getId(), AngieApplication::getVisitorIp(), AngieApplication::getVisitorUserAgent(), 1, (int) $remember, AngieApplication::getPreferedInterface(), date(DATETIME_MYSQL), date(DATETIME_MYSQL, $new_expires_on), $session_key);
$session_id = DB::lastInsertId();
}
// if
// Update last visit time
if ($new_visit) {
DB::execute("UPDATE {$users_table} SET last_visit_on = last_login_on, last_login_on = ?, last_activity_on = ? WHERE id = ?", date(DATETIME_MYSQL), date(DATETIME_MYSQL), $user->getId());
} else {
DB::execute("UPDATE {$users_table} SET last_activity_on = ? WHERE id = ?", date(DATETIME_MYSQL), $user->getId());
}
// if
DB::commit('User logged in @ ' . __CLASS__);
$this->session_id = $session_id;
// remember it, for logout
Cookies::setVariable($this->session_id_var_name, "{$session_id}/{$session_key}/" . date(DATETIME_MYSQL));
return parent::logUserIn($user);
} catch (Exception $e) {
DB::rollback('Failed to log user in @ ' . __CLASS__);
throw $e;
}
// try
}
/**
* Finds first available filename in uploads folder
*
* @param void
* @return string full path to file
*/
function get_available_uploads_filename()
{
do {
$filename = UPLOAD_PATH . '/' . make_string(10) . '-' . make_string(10) . '-' . make_string(10) . '-' . make_string(10);
} while (is_file($filename));
return $filename;
}
