Beispiel #1
0
			';
$jobs = Record::query($full_query);
$stmt = Record::getConnection()->prepare($full_query);
$stmt->execute();
$rowspage = 20;
//number of data per page
$start = $CurPage * $rowspage;
$jobs_count = $stmt->rowCount();
$totalrecords = $jobs_count;
$lastpage = ceil($totalrecords / $rowspage);
if ($jobs_count <= $rowspage) {
    $lastpage = 0;
} else {
    $lastpage = abs($lastpage - 1);
}
$jobs = Record::query($full_query . ' LIMIT ' . $start . ',' . $rowspage);
// $jobs= Record::query($full_query);
if ($jobs_count > 0) {
    while ($job = $jobs->fetchObject()) {
        $quota_left = intval($job->quota - $job->total_assign);
        $quota_left = max($quota_left, 0);
        $job_start_datetime = strtotime($job->job_date . ' ' . $job->time_in);
        $close_secs = $job->close_hour * 3600;
        //Convert hour to seconds
        $job_expired_time = $job_start_datetime - $close_secs;
        $green_cls = '';
        if ($job->is_assigned) {
            $green_cls = 'green';
            $apply_btn = '';
        } else {
            if ($quota_left == 0 || strtotime(date("Y-m-d H:i")) > $job_expired_time) {
 public function getData($id)
 {
     global $pawUsers;
     // VALIDATE
     if (!is_integer($id)) {
         return false;
     }
     // SELECT AND RETURN
     $query = "SELECT * FROM " . TABLE_PREFIX . "blacklist WHERE id=:id";
     $query = Record::query($query, array(":id" => $id));
     if (!empty($query)) {
         foreach ($query as $q) {
             $user = $pawUsers->getUser($q->author, "id");
             $q->author = $user->name;
             $q->settings = paw_unserializer($q->settings);
             return (array) $q;
         }
     }
     return false;
 }
 public function getMeta($data, $key, $single = false, $default = false)
 {
     global $pawUsers;
     $data = paw_xss_cleaner($data);
     $key = paw_xss_cleaner($key);
     // GET USER
     if (($user = $pawUsers->getUser($data)) === false) {
         return $default;
     }
     // CHECK IF EXISTS
     $query = "SELECT * FROM " . TABLE_PREFIX . "user_meta WHERE user_id=" . $user->id . " AND meta_key=:key";
     $query = Record::query($query, array(":key" => $key));
     if (empty($query)) {
         return $default;
     }
     // RETURN RESULT
     $return = array();
     foreach ($query as $line) {
         $line->meta_value = paw_unserializer($line->meta_value);
         if ($line->meta_unique == 1) {
             if ($single === true) {
                 return $line->meta_value;
             } else {
                 return $line;
             }
         }
         if ($single === true) {
             return $line->meta_value;
         } else {
             $return[] = $line;
         }
     }
     return $return;
 }
Beispiel #4
0
         $asn->find();
         $rec = new Record();
         $rec->aid = $_POST['aid'];
         $rec->uid = $asn->rid;
         $rec->date = parse_date($_POST);
         $rec->hours = $_POST['hours'];
         $rec->materials = $_POST['materials'];
         $rec->cost = str_replace('$', '', $_POST['cost']);
         $rec->insert();
     } else {
         if (!empty($_POST['id'])) {
             $rec = new Record();
             $date = parse_date($_POST);
             $cost = str_replace('$', '', $_POST['cost']);
             $query = 'UPDATE record ' . "SET date='{$date}', " . "hours={$_POST['hours']}, " . "materials='{$_POST['materials']}', " . "cost={$cost} " . "WHERE id={$_POST['id']}";
             $rec->query($query);
         }
     }
 }
 // Initialize values!
 $aid = isset($_GET['aid']) ? $_GET['aid'] : '';
 $id = isset($_GET['id']) ? $_GET['id'] : '';
 $requestor = '';
 $requestor_phone = '';
 $deadline = '';
 $description = '';
 $hours = '';
 $materials = '';
 $cost = '';
 if ($aid) {
     $asn = new Assign();
        <?php 
    $post_in_item = array('CART_media');
    ?>
        <input id="post_in_tables" name="post_in_tables" type="hidden" value="<?php 
    echo str_replace(' ', '', implode(',', $post_in_item));
    ?>
" />
        <input id="post_in_prod" name="post_in_prod" type="hidden" value="<?php 
    echo $prod['id'];
    ?>
" />
        
<?php 
    $i = 0;
    $imgdb = Record::query("select * from CART_media where pid = '" . $prod['id'] . "' order by priority");
    while ($img = $imgdb->fetch(PDO::FETCH_ASSOC)) {
        if ($i == 0) {
            echo '<h3>' . __('Edit Media Gallery for ') . $prod['name'] . '</h3>';
        }
        $i++;
        ?>

        <input id="post_in_item" name="post_in_item[]" type="hidden" value="<?php 
        echo $img['id'];
        ?>
" />
        <input id="url" name="url[<?php 
        echo $img['id'];
        ?>
]" type="hidden" value="<?php 
 public function save_album_order()
 {
     $album_array = $_POST['album_id'];
     $order_array = $_POST['order'];
     // $gallery = new Gallery;
     foreach ($album_array as $key => $value) {
         $album_id = $value;
         $album_order = $order_array[$key];
         Record::query("Update wolf_album SET sequence='" . $album_order . "' WHERE id='" . $album_id . "'");
     }
     Flash::set('success', __('This album sequence has been saved.'));
     redirect(get_url('gallery'));
 }
    echo $sh->enum_to_select("SHOW FIELDS FROM CART_orders where field = 'status'", $ord['order_id'], $ord['status']);
    ?>
</p>
        </div>
        <div class="half-r">

          <p>Products ordered: </p>
        <br />
          <p class="table_row table_header">
              <span>Product #</span>
              <span>Name</span>
              <span>Sold Price/each</span>
              <span>Qty</span>
          </p>
          <?php 
    $order_prod = Record::query("select * from CART_order_product\n                            left join CART_products on CART_products.id = CART_order_product.product_id\n                            where order_id = " . $ord['order_id']);
    while ($o = $order_prod->fetch(PDO::FETCH_ASSOC)) {
        $order_total += $o['sold_price'] * $o['quantity'];
        echo " \n          <p class=\"table_row\">\n              <span>" . $o['product_id'] . "</span>\n              <span title=\"full id: " . $o['product_options_full_id'] . "\">" . ucwords($o['product_options_full_name']) . "</span>\n              <span>\$" . $o['sold_price'] . "</span>\n              <span>" . $o['quantity'] . "</span>\n          </p>\n          ";
    }
    ?>
          
          <br />

          <?php 
    if ($ord['coupon']) {
        echo "<p><b>Coupon code: </b>" . ucwords($ord['coupon']) . "</p>";
    }
    ?>
          <?php 
    if ($ord['payment_confirmation']) {
 public function view()
 {
     $this->_checkPermission();
     $paths = func_get_args();
     $id = urldecode(join('/', $paths));
     $mysidebarlink = Record::query('select * from ' . TABLE_PREFIX . 'sidebarlink where id="' . $id . '"');
     $sidebarlink = $mysidebarlink->fetchObject();
     $this->display('sidebarlink/view', array('sidebarlink' => $sidebarlink, 'pages' => Record::findAllFrom('Page', 'parent_id=1 OR parent_id=0 order by parent_id,position')));
 }
Beispiel #9
0
 public function save_category_order()
 {
     $news_array = $_POST['news_category_id'];
     $order_array = $_POST['order'];
     foreach ($news_array as $key => $value) {
         $news_id = $value;
         $news_order = $order_array[$key];
         $cat = Record::query('Update ' . TABLE_PREFIX . 'newscategory set sequence=' . $news_order . ' where id="' . $news_id . '"');
         $cat->execute();
     }
     Flash::set('success', __('This news category sequence has been saved.'));
     redirect(get_url('news'));
 }
Beispiel #10
0
 } else {
     if (!preg_match("/^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})\$/i", $login_email)) {
         $error = "invalidemail";
     } else {
         $employee = new Employee();
         if ($employee->countFrom('Employee', 'email = "' . $login_email . '" AND NRIC = "' . $login_nric . '"') > 0) {
             $employee = $employee->findOneFrom('Employee', 'email="' . $login_email . '" AND NRIC = "' . $login_nric . '"');
             if ($employee->suspended || !$employee->validate) {
                 $error = "invalidstatus";
             } else {
                 $employee_id = $employee->employee_id;
                 $employee_email = $employee->email;
                 $rand_pass = substr(md5(uniqid()), 0, 6);
                 $encrypt_pass = md5($rand_pass);
                 // $encrypted = md5(mktime());
                 $employee = Record::query('UPDATE ' . TABLE_PREFIX . 'employee set password="******" WHERE employee_id = "' . $employee_id . '"');
                 //Send reset password email to employee
                 $users = new User();
                 $user = $users->findOneFrom('User', 'id=1');
                 $emailTo = $user->email;
                 //Admin Email
                 $subject = "[CONA] New Login Password";
                 $content = "You have recently requested a new password,<br />";
                 $content .= "Please find your new password: "******"<br /><br />";
                 // $content .= "For security purposes, we ask you to confirm your email address before we can proceed with resetting your password.<br />";
                 // $content .= "Click here to confirm your email address > <a href='".URL_PUBLIC."reset-password?id=".$employee_id."&ref=".$encrypted."'>Reset Link</a><br /><br />";
                 // $content .= "In case the link does not work, please copy and paste the following into your browser address bar:<br />";
                 // $content .= URL_PUBLIC."reset-password?id=".$employee_id."&ref=".$encrypted." <br /><br />";
                 $content .= "For changes or enquiries, please contact us at xxxx@cona.com.";
                 $headers = 'From: CONA <' . $emailTo . '>' . "\r\n";
                 $headers .= 'Reply-To: ' . $emailTo . "\r\n";
Beispiel #11
0
        $current_password = $_POST["current_password"];
        $new_password = $_POST["new_password"];
        $re_new_password = $_POST["re_new_password"];
        //Compare entered password with current one
        $encrypt_current_password = md5($current_password);
        echo $encrypt_current_password;
        if ($encrypt_current_password != $old_password) {
            $status = "failed";
            $msg = "Current password is not valid. Please enter again.";
        } else {
            if ($new_password != $re_new_password) {
                $status = "failed";
                $msg = "New password is not match.";
            } else {
                $enrypt_new_password = md5($new_password);
                $employee = Record::query('UPDATE ' . TABLE_PREFIX . 'employee set password = "******" where employee_id="' . $employee_id . '"');
                $status = "success";
            }
        }
        redirect(get_url('employee/setting?status=' . $status . '&msg=' . $msg));
    }
}
?>

  <div id="employee-login" align=center>
	<?php 
if (isset($_GET['status1'])) {
    if ($_GET['status1'] == 'success') {
        echo '<p class="tbSuccess">Status: You had successfully updated your profile.</p>';
    } else {
        if (isset($_GET['msg1'])) {
Beispiel #12
0
 public static function getCategoryName($id)
 {
     $category = Record::query('select title from ' . TABLE_PREFIX . 'newscategory WHERE id=' . $id);
     return $category->fetchColumn();
 }
 public function edit_media()
 {
     $this->clean_post($_POST);
     $tables = array();
     $tables = isset($_POST['post_in_tables']) ? explode(',', str_replace(' ', '', $_POST['post_in_tables'])) : null;
     if (!AuthUser::hasPermission('shopping_cart_edit') || empty($tables)) {
         Flash::set('error', __('You are not allowed to perform this operation.'));
         redirect(get_url('plugin/shopping_cart/'));
     }
     if (isset($_POST['post_in_item'])) {
         foreach ($_POST['post_in_item'] as $k => $v) {
             if (!isset($_POST['delete_image'][$v])) {
                 // update
                 Record::query(" UPDATE " . $tables[0] . " SET\n                            alt = '" . $_POST['alt'][$v] . "',\n                            width = '" . $_POST['width'][$v] . "',\n                            height = '" . $_POST['height'][$v] . "',\n                            detail_width = '" . $_POST['detail_width'][$v] . "',\n                            type = '" . $_POST['type'][$v] . "',\n                            status = '" . $_POST['status'][$v] . "',\n                            priority = '" . $_POST['priority'][$v] . "'\n                            WHERE id = '{$v}'\n                          ");
             } else {
                 Record::query("delete from " . $tables[0] . " where id = '{$v}' ");
                 unlink(FILES_DIR . '/../' . $_POST['url'][$v]);
             }
         }
     }
     if (isset($_FILES['new_url']['name'][0]) && !empty($_FILES['new_url']['name'][0])) {
         $new_image_name = array();
         foreach ($_FILES['new_url']['name'] as $k => $v) {
             $new_image_name[$k] = $this->_upload_file($_FILES['new_url']['name'][$k], FILES_DIR . '/../' . $this->product_image_folder, $_FILES['new_url']['tmp_name'][$k]);
             Record::query("INSERT INTO " . $tables[0] . " (pid, url, alt, width, type, status, priority) VALUES (" . $_POST['post_in_prod'] . ", '" . $this->product_image_folder . $new_image_name[$k] . "', '" . $_POST['new_alt'][$k] . "', '" . $_POST['new_width'][$k] . "', '" . $_POST['new_type'][$k] . "', '" . $_POST['new_status'][$k] . "', " . $_POST['new_priority'][$k] . ")");
         }
     }
     Flash::set('success', __('Product media has been saved.'));
     redirect(get_url("plugin/shopping_cart"));
 }
Beispiel #14
0
        if (strlen($signature) > 0) {
            $signature_filename = md5(uniqid(rand(), true)) . '.png';
            generateBase64Image($signature, $upload_path . 'signature/' . $signature_filename);
        }
        if (strlen($profile_image) > 0) {
            $profile_filename = md5(uniqid(rand(), true)) . '.png';
            generateBase64Image($profile_image, $upload_path . 'profile/' . $profile_filename);
        }
        if (strlen($NRIC_front) > 0) {
            $nricfront_filename = md5(uniqid(rand(), true)) . '.png';
            generateBase64Image($NRIC_front, $upload_path . 'nric/' . $nricfront_filename);
        }
        if (strlen($NRIC_back) > 0) {
            $nricback_filename = md5(uniqid(rand(), true)) . '.png';
            generateBase64Image($NRIC_back, $upload_path . 'nric/' . $nricback_filename);
        }
        //Image decode, generate and upload
        $dob = date("Y-m-d", strtotime($dob));
        $student_pass_expiry = date("Y-m-d", strtotime($student_pass_expiry));
        $register_date = date("Y-m-d");
        $suspended = 0;
        $status = '';
        $from_source = 'ipad';
    }
    //Add to database
    if (strlen($fullname) > 0 && strlen($email) > 0 && strlen($NRIC) > 0) {
        Record::query('INSERT INTO ' . TABLE_PREFIX . 'employee (`employee_id`,`fullname`,`email`,`NRIC`,`passport_no`,`dob`,`pob`,`citizenship`,`gender`,`age`,`race`,`mobiletel`,`hometel`,`address`,`referee`,`educate_level`,`school`,`course`,`highest_educate`,`educate_from`,`educate_to`,`student_pass_expiry`,`contact_name`,`contact_mobiletel`,`contact_hometel`,`contact_relationship`,`contact_address`,`suspended`,`status`,`register_date`,`signature`,`profile_image`,`NRIC_front`,`NRIC_back`,`from_source`) VALUES("0","' . addslashes($fullname) . '","' . addslashes($email) . '","' . addslashes($NRIC) . '","' . addslashes($passport_no) . '","' . addslashes($dob) . '","' . addslashes($pob) . '","' . addslashes($citizenship) . '","' . addslashes($gender) . '","' . addslashes($age) . '","' . addslashes($race) . '","' . $mobiletel . '","' . addslashes($hometel) . '","' . addslashes($address) . '","' . addslashes($referee) . '","' . addslashes($educate_level) . '","' . addslashes($school) . '","' . addslashes($course) . '","' . addslashes($highest_educate) . '","' . addslashes($educate_from) . '","' . addslashes($educate_to) . '","' . addslashes($student_pass_expiry) . '","' . addslashes($contact_name) . '","' . addslashes($contact_mobiletel) . '","' . addslashes($contact_hometel) . '","' . addslashes($contact_relationship) . '","' . addslashes($contact_address) . '","' . $suspended . '","' . addslashes($status) . '","' . addslashes($register_date) . '","' . addslashes($signature_filename) . '","' . addslashes($profile_filename) . '","' . addslashes($nricfront_filename) . '","' . addslashes($nricback_filename) . '","' . $from_source . '")');
        // $PDO = Record::getConnection();
        // $last_id = $PDO->lastInsertId();
    }
}
Beispiel #15
0
 public function browse()
 {
     $this->_checkPermission();
     $params = func_get_args();
     $this->path = join('/', $params);
     // make sure there's a / at the end
     if (substr($this->path, -1, 1) != '/') {
         $this->path .= '/';
     }
     $careers = Record::query('select * from ' . TABLE_PREFIX . 'career ORDER BY sequence asc, id desc');
     $this->display('career/index', array('careers' => $careers));
 }
Beispiel #16
0
<?php

if ($this->parent->id == 1) {
    $isRoot = 1;
} else {
    $isRoot = 0;
}
$oGallery = new Gallery();
$count = 0;
if ($isRoot == 1) {
    // album cover
    $albums = Record::query("select a.page_id, a.id, a.name as album_name from wolf_album a,wolf_page p where a.id=p.id AND a.status='1' group by a.id order by p.position asc");
} else {
    // loop photos
    $albums = Record::query("select a.page_id, a.id, a.name as album_name,g.* from wolf_gallery g inner join wolf_album a on a.id=g.album_id AND a.status='1' AND a.page_id='" . $this->id . "' where g.status='1' order by g.sequence asc, g.id desc");
}
while ($album = $albums->fetchObject()) {
    $count++;
    //Album cover
    $cover = Record::findOneFrom("Gallery", "status='1' and album_id='" . $album->id . "' order by sequence asc LIMIT 1");
    if ($isRoot == 1) {
        $url = Page::urlById((int) $album->page_id);
        $img_src = $cover->filename != "" ? URL_PUBLIC . 'public/gallery/images/' . $album->id . '/' . $cover->filename : THEME_PATH . 'js/gallery/broken_image.jpg';
        echo '<div class="album-cover">
					<div><a href="' . $url . '">
						<img id="cover' . $album->id . '" src="' . $img_src . '" border=0>
					</a></div>
					<p>' . $album->album_name . '</p>
				</div>
			';
    } else {
 function backup()
 {
     $settings = Plugin::getAllSettings('backup_restore');
     // All of the tablesnames that belong to Wolf CMS core.
     $tablenames = array();
     if (strpos(DB_DSN, 'mysql') !== false) {
         $sql = 'show tables';
     }
     if (strpos(DB_DSN, 'sqlite') !== false) {
         $sql = 'SELECT name FROM SQLITE_MASTER WHERE type="table" ORDER BY name';
     }
     if (strpos(DB_DSN, 'pgsql') !== false) {
         $sql = "select tablename from pg_tables where schemaname='public'";
     }
     Record::logQuery($sql);
     $pdo = Record::getConnection();
     $result = $pdo->query($sql);
     while ($col = $result->fetchColumn()) {
         $tablenames[] = $col;
     }
     // All fields that should be wrapped as CDATA
     $cdata_fields = array('title', 'content', 'content_html');
     // Setup XML for backup
     $xmltext = '<?xml version="1.0" encoding="UTF-8"?><wolfcms></wolfcms>';
     $xmlobj = new SimpleXMLExtended($xmltext);
     $xmlobj->addAttribute('version', CMS_VERSION);
     // Retrieve all database information for placement in XML backup
     global $__CMS_CONN__;
     Record::connection($__CMS_CONN__);
     // Generate XML file entry for each table
     foreach ($tablenames as $tablename) {
         $table = Record::query('SELECT * FROM ' . $tablename);
         $child = $xmlobj->addChild($tablename . 's');
         while ($entry = $table->fetch(PDO::FETCH_ASSOC)) {
             $subchild = $child->addChild($tablename);
             foreach ($entry as $key => $value) {
                 if ($key == 'password' && $settings['pwd'] === '0') {
                     $value = '';
                 }
                 if (in_array($key, $cdata_fields, true)) {
                     $valueChild = $subchild->addCData($key, $value);
                 } else {
                     $valueChild = $subchild->addChild($key, str_replace('&', '&amp;', $value));
                 }
                 if ($value === null) {
                     $valueChild->addAttribute('null', true);
                 }
             }
         }
     }
     // Add XML files entries for all files in upload directory
     if ($settings['backupfiles'] == '1') {
         $dir = realpath(FILES_DIR);
         $this->_backup_directory($xmlobj->addChild('files'), $dir, $dir);
     }
     // Create the XML file
     $file = $xmlobj->asXML();
     $filename = 'wolfcms-backup-' . date($settings['stamp']) . '.' . $settings['extension'];
     // Offer a plain XML file or a zip file for download
     if ($settings['zip'] == '1') {
         // Create a note file
         $note = "---[ NOTES for {$filename} ]---\n\n";
         $note .= "This backup was created for a specific Wolf CMS version, please only restore it\n";
         $note .= "on the same version.\n\n";
         $note .= "When restoring a backup, upload the UNzipped XML backup file, not this zip file.\n\n";
         $note .= 'Created on ' . date('Y-m-d') . ' at ' . date('H:i:s') . ' GTM ' . date('O') . ".\n";
         $note .= 'Created with BackupRestore plugin version ' . BR_VERSION . "\n";
         $note .= 'Created for Wolf CMS version ' . CMS_VERSION . "\n\n";
         $note .= '---[ END NOTES ]---';
         use_helper('Zip');
         $zip = new Zip();
         $zip->clear();
         $zip->addFile($note, 'readme.txt');
         $zip->addFile($file, $filename);
         $zip->download($filename . '.zip');
     } else {
         header('Pragma: public');
         header('Expires: 0');
         header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
         header('Cache-Control: private', false);
         header('Content-Type: text/xml; charset=UTF-8');
         header('Content-Disposition: attachment; filename=' . $filename . ';');
         header('Content-Transfer-Encoding: 8bit');
         header('Content-Length: ' . strlen($file));
         echo $file;
     }
 }
Beispiel #18
0
 public function browse()
 {
     $this->_checkPermission();
     $params = func_get_args();
     $this->path = join('/', $params);
     // make sure there's a / at the end
     if (substr($this->path, -1, 1) != '/') {
         $this->path .= '/';
     }
     //security
     // we dont allow back link
     if (strpos($this->path, '..') !== false) {
         if (Plugin::isEnabled('statistics_api')) {
             $user = null;
             if (AuthUser::isLoggedIn()) {
                 $user = AuthUser::getUserName();
             }
             $ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
             $event = array('event_type' => 'hack_attempt', 'description' => __('A possible hack attempt was detected.'), 'ipaddress' => $ip, 'username' => $user);
             Observer::notify('stats_file_manager_hack_attempt', $event);
         }
     }
     $this->fullpath = FILES_DIR . '/themes/promo/images/';
     // clean up nicely
     $this->fullpath = preg_replace('/\\/\\//', '/', $this->fullpath);
     $newss = Record::query('select * from ' . TABLE_PREFIX . 'news ORDER BY type, sequence asc, id desc');
     $this->display('news/index', array('dir' => $this->path, 'files' => $this->_getListFiles(), 'newss' => $newss));
 }
 public function findUsers($where = NULL, $orderby = NULL, $limit = 0, $offset = 0)
 {
     // FETCH WHERE DATA
     $data = array("users" => array(), "roles" => array(), "status" => array(), "login" => array(), "register" => array(), "meta" => array());
     $values = array();
     if ($where !== NULL) {
         foreach ($where as $key => $value) {
             // GET USERS
             if ($key === "users") {
                 if (is_string($value)) {
                     $value = array($value);
                 }
                 $count = 0;
                 $userquery = array();
                 foreach ($value as $column => $user) {
                     $column_name = false;
                     if (!is_numeric($column) && in_array(strtolower($column), array("id", "username", "name", "email"), true)) {
                         $column_name = strtolower($column);
                     }
                     if (!is_array($user)) {
                         $user = array($user);
                     }
                     foreach ($user as $val) {
                         $op = "OR";
                         $skip = "LIKE";
                         if (startsWith($val, "!")) {
                             $op = "AND";
                             $skip = "NOT LIKE";
                             $val = substr($val, 1);
                         }
                         if (empty($userquery)) {
                             if ($column_name === false) {
                                 $userquery[] = "(user.id {$skip} :user{$count} {$op} user.name {$skip} :user{$count} {$op} user.email {$skip} :user{$count} {$op} user.username {$skip} :user{$count})";
                             } else {
                                 $userquery[] = "(user.{$column_name} {$skip} :user{$count})";
                             }
                         } else {
                             if ($column_name === false) {
                                 $userquery[] = " {$op} (user.id {$skip} :user{$count} {$op} user.name {$skip} :user{$count} {$op} user.email {$skip} :user{$count} {$op} user.username {$skip} :user{$count})";
                             } else {
                                 $userquery[] = " {$op} (user.{$column_name} {$skip} :user{$count})";
                             }
                         }
                         $values[":user" . $count] = "%" . $val . "%";
                         $count++;
                     }
                 }
                 if (count($userquery) > 1) {
                     $data["users"][] = "(" . implode("", $userquery) . ")";
                 } else {
                     $data["users"][] = implode("", $userquery);
                 }
                 continue;
             }
             // GET ROLES
             if ($key === "roles") {
                 if (is_string($value) && in_array($value, array(":norole", ":role"))) {
                     if ($value === ":role") {
                         $roleset = "LEFT";
                         $data["roles"][] = "(ur.role_id is NOT NULL)";
                     } else {
                         if ($value === ":norole") {
                             $roleset = "LEFT";
                             $data["roles"][] = "(ur.role_id is NULL)";
                         }
                     }
                     continue;
                 } else {
                     if (is_string($value)) {
                         $value = array($value);
                     }
                     $count = 0;
                     $rolequery = array();
                     foreach ($value as $role) {
                         $op = "OR";
                         $skip = "=";
                         if (startsWith($role, "!")) {
                             $op = "AND";
                             $skip = "!=";
                             $role = substr($role, 1);
                         }
                         if (empty($rolequery)) {
                             $rolequery[] = "(role.name {$skip} :role{$count})";
                         } else {
                             $rolequery[] = " {$op} (role.name {$skip} :role{$count})";
                         }
                         $values[":role" . $count] = $role;
                         $count++;
                     }
                     if (count($rolequery) > 1) {
                         $data["roles"][] = "(" . implode("", $rolequery) . ")";
                     } else {
                         $data["roles"][] = implode("", $rolequery);
                     }
                     $roleset = "INNER";
                 }
                 continue;
             }
             // GET STATUS
             if ($key === "status") {
                 if (is_string($value)) {
                     $value = array($value);
                 }
                 foreach ($value as $status) {
                     if (in_array($status, array("activated", "pending", "blacklisted"))) {
                         $data["status"][] = $status;
                     }
                 }
                 continue;
             }
             // GET LOGIN RANGE
             if ($key === "login" && is_array($value)) {
                 $login = array();
                 if (isset($value["from"])) {
                     $split = explode("-", $value["from"]);
                     if (count($split) == 3 && strlen($split[0]) === 4 && strlen($split[1]) === 2 && strlen($split[2]) === 2) {
                         $login[] = "user.last_login >= '" . implode("-", $split) . "'";
                     }
                 }
                 if (isset($value["until"])) {
                     $split = explode("-", $value["until"]);
                     if (count($split) == 3 && strlen($split[0]) === 4 && strlen($split[1]) === 2 && strlen($split[2]) === 2) {
                         $login[] = "user.last_login <= '" . implode("-", $split) . "'";
                     }
                 }
                 if (!empty($login)) {
                     $data["login"][] = "(" . implode(" AND ", $login) . ")";
                 }
                 continue;
             }
             // GET REGISTER RANGE
             if ($key === "register" && is_array($value)) {
                 $register = array();
                 if (isset($value["from"])) {
                     $split = explode("-", $value["from"]);
                     if (count($split) == 3 && strlen($split[0]) === 4 && strlen($split[1]) === 2 && strlen($split[2]) === 2) {
                         $register[] = "user.created_on >= '" . implode("-", $split) . "'";
                     }
                 }
                 if (isset($value["until"])) {
                     $split = explode("-", $value["until"]);
                     if (count($split) == 3 && strlen($split[0]) === 4 && strlen($split[1]) === 2 && strlen($split[2]) === 2) {
                         $register[] = "user.created_on <= '" . implode("-", $split) . "'";
                     }
                 }
                 if (!empty($register)) {
                     $data["register"][] = "(" . implode(" AND ", $register) . ")";
                 }
                 continue;
             }
             // GET USER META
             if ($key === "meta" && is_array($value)) {
                 $count = 0;
                 $metaquery = array();
                 foreach ($value as $mkey => $mvalue) {
                     $skip = "=";
                     if (startsWith($mvalue, "!")) {
                         $skip = "!=";
                         $mvalue = substr($mvalue, 1);
                     }
                     if (startsWith($mvalue, "<=")) {
                         $skip = "<=";
                         $mvalue = substr($mvalue, 2);
                     }
                     if (startsWith($mvalue, ">=")) {
                         $skip = ">=";
                         $mvalue = substr($mvalue, 2);
                     }
                     if (startsWith($mvalue, "<")) {
                         $skip = "<";
                         $mvalue = substr($mvalue, 1);
                     }
                     if (startsWith($mvalue, ">")) {
                         $skip = ">";
                         $mvalue = substr($mvalue, 1);
                     }
                     $op = "OR";
                     if (startsWith($mkey, "+")) {
                         $op = "AND";
                         $mkey = substr($mkey, 1);
                     }
                     if (startsWith($mkey, "-")) {
                         $op = "OR";
                         $mkey = substr($mkey, 1);
                     }
                     if (empty($metaquery)) {
                         $metaquery[] = "(meta.meta_key = :mkey{$count} AND meta.meta_value {$skip} :mvalue{$count})";
                     } else {
                         $metaquery[] = " {$op} (meta.meta_key = :mkey{$count} AND meta.meta_value {$skip} :mvalue{$count})";
                     }
                     $values[":mkey" . $count] = $mkey;
                     $values[":mvalue" . $count] = $mvalue;
                     $count++;
                 }
                 if (count($metaquery) > 1) {
                     $data["meta"][] = "(" . implode("", $metaquery) . ")";
                 } else {
                     $data["meta"][] = implode("", $metaquery);
                 }
                 continue;
             }
         }
     }
     $clause = array_merge($data["users"], $data["roles"], $data["login"], $data["register"], $data["meta"]);
     $clause = !empty($clause) ? "WHERE " . implode(" AND ", $clause) : "";
     // GET OTHER CLAUSEs
     if (!empty($orderby)) {
         if (is_string($orderby)) {
             $orderby = array($orderby);
         }
         $orderby = "ORDER BY " . implode(", ", $orderby);
     }
     $limit = $limit > 0 ? "LIMIT " . $limit : "LIMIT 1000";
     $offset = $offset > 0 ? "OFFSET " . $offset : "";
     // BUILD QUERY
     $query = "SELECT user.* FROM " . TABLE_PREFIX . "user AS user";
     if (!empty($data["roles"])) {
         $query .= " CROSS JOIN " . TABLE_PREFIX . "role AS role";
         if (isset($roleset) && $roleset == "LEFT") {
             $query .= " LEFT JOIN " . TABLE_PREFIX . "user_role AS ur ON (user.id=ur.user_id)";
         } else {
             $query .= " INNER JOIN " . TABLE_PREFIX . "user_role AS ur ON (user.id=ur.user_id AND role.id=ur.role_id)";
         }
     }
     if (!empty($data["meta"])) {
         $query .= " LEFT JOIN " . TABLE_PREFIX . "user_meta AS meta ON (user.id=meta.user_id)";
     }
     $query .= " {$clause} GROUP BY user.id, user.username {$orderby} {$limit} {$offset};";
     $query = Record::query($query, $values);
     // CLEAN DATA
     $return = array();
     foreach ($query as $line) {
         // DELETE PRIVATE STUFF
         unset($line->password);
         unset($line->blowfish);
         unset($line->salt);
         // GET STATUS
         if ($this->isLocked($line->id)) {
             $line->status = "blacklisted";
         } else {
             if ($this->isActivated($line->id)) {
                 $line->status = "activated";
             } else {
                 $line->status = "pending";
             }
         }
         if (!empty($data["status"])) {
             if (!in_array($line->status, $data["status"])) {
                 continue;
             }
         }
         // ADD
         $return[] = $line;
     }
     return $return;
 }
 public function browse()
 {
     $this->_checkPermission();
     $params = func_get_args();
     $this->path = join('/', $params);
     // make sure there's a / at the end
     if (substr($this->path, -1, 1) != '/') {
         $this->path .= '/';
     }
     //security
     // we dont allow back link
     if (strpos($this->path, '..') !== false) {
         if (Plugin::isEnabled('statistics_api')) {
             $user = null;
             if (AuthUser::isLoggedIn()) {
                 $user = AuthUser::getUserName();
             }
             $ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
             $event = array('event_type' => 'hack_attempt', 'description' => __('A possible hack attempt was detected.'), 'ipaddress' => $ip, 'username' => $user);
             Observer::notify('stats_file_manager_hack_attempt', $event);
         }
     }
     $this->display('testimonial/index', array('testimonials' => Record::query('select * from ' . TABLE_PREFIX . 'testimonial ORDER BY ' . TABLE_PREFIX . 'testimonial.sequence, ' . TABLE_PREFIX . 'testimonial.id desc'), 'pages' => Record::findAllFrom('Page', 'parent_id=1 order by parent_id,position')));
 }
 function backup()
 {
     $settings = Plugin::getAllSettings('backup_restore');
     // All of the tablesnames that belong to Fresh CMS core.
     $tablenames = array('layout', 'page', 'page_part', 'page_tag', 'permission', 'plugin_settings', 'setting', 'snippet', 'tag', 'user', 'user_permission');
     // All fields that should be wrapped as CDATA
     $cdata_fields = array('content', 'content_html');
     // Setup XML for backup
     $xmltext = '<?xml version="1.0" encoding="UTF-8"?><freshcms></freshcms>';
     $xmlobj = new SimpleXMLExtended($xmltext);
     $xmlobj->addAttribute('version', CMS_VERSION);
     // Retrieve all database information for placement in XML backup
     global $__CMS_CONN__;
     Record::connection($__CMS_CONN__);
     $lasttable = '';
     // Generate XML file entry for each table
     foreach ($tablenames as $tablename) {
         $table = Record::query('SELECT * FROM ' . TABLE_PREFIX . $tablename);
         while ($entry = $table->fetchObject()) {
             if ($lasttable !== $tablename) {
                 $lasttable = $tablename;
                 $child = $xmlobj->addChild($tablename . 's');
             }
             $subchild = $child->addChild($tablename);
             while (list($key, $value) = each($entry)) {
                 if ($key === 'password' && $settings['pwd'] === '0') {
                     $value = '';
                 }
                 if (in_array($key, $cdata_fields, true)) {
                     $subchild->addCData($key, $value);
                 } else {
                     $subchild->addChild($key, $value);
                 }
             }
         }
     }
     // Create the XML file
     $file = $xmlobj->asXML();
     $filename = 'freshcms-backup-' . date($settings['stamp']);
     // Offer a plain XML file or a zip file for download
     if ($settings['zip'] == '1') {
         // Create a note file
         $note = "---[ NOTES for {$filename}.xml ]---\n\n";
         $note .= "This backup was created for a specific Fresh CMS version, please only restore it\n";
         $note .= "on the same version.\n\n";
         $note .= "When restoring a backup, upload the UNzipped XML file, not this zip file.\n\n";
         $note .= 'Created on ' . date('Y-m-d') . ' at ' . date('H:i:s') . ' GTM ' . date('O') . ".\n";
         $note .= 'Created with BackupRestore plugin version ' . BR_VERSION . "\n";
         $note .= 'Created for Fresh CMS version ' . CMS_VERSION . "\n\n";
         $note .= '---[ END NOTES ]---';
         use_helper('Zip');
         $zip = new Zip();
         $zip->clear();
         $zip->addFile($note, 'readme.txt');
         $zip->addFile($file, $filename . '.xml');
         $zip->download($filename . '.zip');
     } else {
         header('Pragma: public');
         header('Expires: 0');
         header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
         header('Cache-Control: private', false);
         header('Content-Type: text/xml; charset=UTF-8');
         header('Content-Disposition: attachment; filename=' . $filename . '.xml;');
         header('Content-Transfer-Encoding: 8bit');
         header('Content-Length: ' . strlen($file));
         echo $file;
     }
 }
Beispiel #22
0
 public function edit_upload($id)
 {
     $this->_checkPermission();
     $data = $_POST['upload'];
     $path = str_replace('..', '', $data['path']);
     $overwrite = isset($data['overwrite']) ? true : false;
     $overwrite = true;
     if (isset($_FILES)) {
         if (!empty($_FILES['upload_file']['name']) && !file_exists(FILES_DIR . '/about/' . $_FILES['upload_file']['tmp_name'])) {
             //Remove existing image
             $exist_abouts = Record::query('Select filename from ' . TABLE_PREFIX . 'about where id="' . $id . '"');
             $exist_about = $exist_abouts->fetchObject();
             $old_file_name = $exist_about->filename;
             if (file_exists(FILES_DIR . '/about/' . $old_file_name) && $old_file_name != "") {
                 unlink(FILES_DIR . '/about/' . $old_file_name);
             }
             $file = $this->edit_upload_file($_FILES['upload_file']['name'], FILES_DIR . '/about/', $_FILES['upload_file']['tmp_name'], $overwrite, $id);
             if ($file === false) {
                 Flash::set('error', __('File has not been uploaded!'));
             }
         }
     }
 }
 public function hasPermission($permission, $data = NULL)
 {
     global $pawUsers;
     // CHECK IF PERMISSION EXIST
     if (empty($permission) || !is_string($permission)) {
         return false;
     }
     $permission = paw_xss_cleaner($permission);
     $query = "SELECT * FROM " . TABLE_PREFIX . "permission WHERE name=:name";
     $query = Record::query($query, array(":name" => $permission));
     if (empty($query)) {
         return false;
     }
     if ($data === false) {
         return true;
     }
     $permission = $query[0]->id;
     // GET USER
     if ($data === NULL) {
         $data = $pawUsers->getCurrentUserID();
     }
     $user = $pawUsers->getUser($data);
     if ($user === false) {
         return false;
     }
     // CHECK IF THE USER HAS THE PERMISSION
     $query = "SELECT ur.user_id AS id FROM " . TABLE_PREFIX . "user_role AS ur\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "role_permission AS rp ON (ur.role_id = rp.role_id) \n\t\t\t\tWHERE ur.user_id=:user AND rp.permission_id=:perm;";
     $query = Record::query($query, array(":user" => $user->id, ":perm" => $permission));
     if (!empty($query) && isset($query[0])) {
         return true;
     }
     return false;
 }
<?php

error_reporting(E_ALL);
if (isset($_GET['page']) && $_GET['page'] !== "") {
    $page = $_GET['page'];
}
if (isset($_GET['album']) && $_GET['album'] !== "") {
    $album = $_GET['album'];
}
if (isset($page)) {
    $sql = "SELECT * FROM wolf_ssp WHERE page_id=" . $page;
    $query = Record::query($sql);
    if ($result = $query->fetch()) {
        $id = $result['id'];
        $slideshow = new SSP_Slideshow($id);
    } else {
        $slideshow = new SSP_Slideshow();
        $slideshow->page_id = $page;
        $slideshow->id = 0;
        $slideshow->elid = 'preview';
    }
    if (isset($album)) {
        $slideshow->aid = $album;
    }
    if (isset($slideshow->aid)) {
        $json = $slideshow->preview_json();
    } else {
        // no album selected
        $json = '{ "slides":"<h3>PREVIEW</h3><h4>(select an album)</h4>"}';
    }
} else {
 function savesettings()
 {
     if (!isset($_POST["settings"]) || !isset($_POST["settings"]["action"])) {
         Flash::set("error", __("Could not save settings, no settings found."));
     } else {
         $action = $_POST["settings"]["action"];
         if ($action == "theme") {
             $themes = array_keys(Setting::getThemes());
             if (in_array($_POST["settings"]["theme"], $themes)) {
                 $sql = "UPDATE " . TABLE_PREFIX . "setting SET value=:theme WHERE name='theme';";
                 Record::query($sql, array(":theme" => $_POST["settings"]["theme"]));
                 Flash::set("success", __("The settings have been saved."));
             } else {
                 Flash::set("error", __("An error occured trying to save the settings."));
             }
         } else {
             if ($action == "reset") {
                 // RESET SETTINGS
                 $settings = array("fox" => array("color" => "color.fox.css"), "wordpress-3.8" => array("color" => "default.css", "sidebar_width" => 180), "wint" => array("color" => "default.css", "sidebar_width" => 200, "responsive" => true));
                 $settings = $settings[$this->theme];
             } else {
                 // VALIDATE SETTINGS
                 if (isset($_POST["settings"]["color"])) {
                     $colors = array_keys($this->getColors());
                     if (in_array($_POST["settings"]["color"], $colors)) {
                         $settings["color"] = $_POST["settings"]["color"];
                     }
                 }
                 if (isset($_POST["settings"]["sidebar_width"])) {
                     if (is_numeric($_POST["settings"]["sidebar_width"])) {
                         $settings["sidebar_width"] = (int) $_POST["settings"]["sidebar_width"];
                     }
                 }
                 if (isset($_POST["settings"]["responsive"])) {
                     $settings["responsive"] = true;
                 } else {
                     if ($this->theme == "wint") {
                         $settings["responsive"] = false;
                     }
                 }
             }
             // SET SETTINGS
             if (isset($settings)) {
                 $insert = array();
                 $insert[$this->theme] = serialize($settings);
                 $settings = Plugin::setAllSettings($insert, "themer");
             } else {
                 $settings = false;
             }
             if ($settings === true) {
                 Flash::set("success", __("The settings have been saved."));
             } else {
                 Flash::set("error", __("An error occured trying to save the settings."));
             }
         }
     }
     redirect(get_url("plugin/themer/settings"));
     die;
 }