<input name="_advancedActionSubmit" value=" go " class="button" type="submit" />
<br />
<?php
}
?>
</div>
<div style="float:right">
<?php
echo $buttonsRight;
?>
</div>
<div class="clear"></div>
<?php
applyFilters('listPage_footer', $tableName);
?>
</div> <!-- End .content-box-content -->
</div>
</form>
<script type="text/javascript" src="lib/menus/default/list_functions.js?<?php
echo filemtime(SCRIPT_DIR . '/lib/menus/default/list_functions.js');
function getTableRow($record, $value, $formType)
{
global $isMyAccountMenu;
$parentTable = $GLOBALS['menu'];
// set field attributes
$relatedTable = $this->relatedTable;
$relatedWhere = getEvalOutput(@$this->relatedWhere);
$seeMoreLink = @$this->relatedMoreLink ? "?menu={$relatedTable}&search=1&_ignoreSavedSearch=1&" . getEvalOutput($this->relatedMoreLink) : '';
// load list functions
require_once "lib/menus/default/list_functions.php";
require_once "lib/viewer_functions.php";
// save and update globals
list($originalMenu, $originalTableName, $originalSchema) = array($GLOBALS['menu'], $GLOBALS['tableName'], $GLOBALS['schema']);
$GLOBALS['menu'] = $relatedTable;
$GLOBALS['tableName'] = $relatedTable;
$GLOBALS['schema'] = loadSchema($relatedTable);
$GLOBALS['schema'] = array_merge($GLOBALS['schema'], getSchemaFields($GLOBALS['schema']));
// v2.16+, add pseudo-fields name and _tableName to all fieldSchemas. Doing this once here instead of every time in loadSchema() is less expensive
// load list data
list($listFields, $records, $metaData) = list_functions_init(array('isRelatedRecords' => true, 'tableName' => $relatedTable, 'where' => $relatedWhere, 'perPage' => @$this->relatedLimit));
### show header
$html = '';
$recordCount = count($records);
$oneOrZero = $recordCount > 0 ? 1 : 0;
$seeMoreHTML = $seeMoreLink ? "<br/><a href='{$seeMoreLink}'>" . htmlencode(t("see related records >>")) . "</a>" : '';
$showingText = sprintf(t('Showing %1$s - %2$s of %3$s related records'), $oneOrZero, $recordCount, $metaData['totalRecords']);
ob_start();
?>
<tr><td colspan="2">
<div class="clear"></div>
<div class="content-box">
<div class="content-box-header">
<div style="float:right; text-align: right; line-height: 110%">
<?php
echo $showingText;
?>
<?php
echo $seeMoreHTML;
?>
</div>
<h3><?php
echo $this->label;
?>
<!-- --></h3>
<div class="clear"></div>
</div> <!-- End .content-box-header -->
<div class="content-box-content">
<?php
$html .= ob_get_clean();
### show body
// show list
ob_start();
showListTable($listFields, $records, array('isRelatedRecords' => true, 'showView' => @$this->relatedView, 'showModify' => @$this->relatedModify, 'showErase' => @$this->relatedErase, 'showCreate' => @$this->relatedCreate));
$html .= ob_get_clean();
### get footer
$buttonsRight = '';
if (@$this->relatedCreate) {
// show "create" button for related records
$buttonsRight = relatedRecordsButton(t('Create'), "?menu={$relatedTable}&action=edit&{$parentTable}Num=###");
}
$tableName = $relatedTable;
$isRelatedTable = true;
$buttonsRight = applyFilters('list_buttonsRight', $buttonsRight, $tableName, $isRelatedTable);
$html .= <<<__FOOTER__
<div style='float:right; padding-top: 3px'>
{$buttonsRight}
</div>
<div class='clear'></div>
</div><!-- End .content-box-content -->
</div><!-- End .content-box -->
</td></tr>
__FOOTER__;
// reset globals
list($GLOBALS['menu'], $GLOBALS['tableName'], $GLOBALS['schema']) = array($originalMenu, $originalTableName, $originalSchema);
//
return $html;
}
function _getMenuList()
{
global $APP, $CURRENT_USER;
$menus = array();
$selectedMenu = getFirstDefinedValue(@$APP['selectedMenu'], @$_REQUEST['menu'], 'home');
$menuOrder = 0;
// get schema files
foreach (getSchemaTables() as $tableName) {
$schema = loadSchema($tableName);
if (!@$schema['menuType']) {
continue;
}
if (@$schema['menuHidden']) {
continue;
}
$menuOrder = max($menuOrder, @$schema['menuOrder']);
// add menu items
$thisMenu = array();
$thisMenu['schema'] = $schema;
$thisMenu['menuType'] = $schema['menuType'];
$thisMenu['menuName'] = $schema['menuName'];
$thisMenu['menuOrder'] = $schema['menuOrder'];
$thisMenu['tableName'] = $tableName;
$thisMenu['isSelected'] = $selectedMenu == $tableName;
$thisMenu['_indent'] = @$schema['_indent'];
$thisMenu['_disableView'] = @$schema['_disableView'];
$thisMenu['link'] = "?menu={$tableName}";
$thisMenu['linkTarget'] = '';
$thisMenu['linkMessage'] = '';
if ($schema['menuType'] == 'link') {
$isExternalLink = @$schema['_linkTarget'] != 'iframe';
$setTargetBlank = $isExternalLink && (@$schema['_targetBlank'] || @$schema['_linkTarget'] == 'new');
// _targetBlank is the old schema format
if ($isExternalLink) {
$thisMenu['link'] = $schema['_url'];
}
if ($setTargetBlank) {
$thisMenu['linkTarget'] = 'target="_blank"';
}
if ($isExternalLink) {
$thisMenu['linkMessage'] = @$schema['_linkMessage'];
}
// don't show js alert() for iframe links (show them at top of iframe page)
}
array_push($menus, $thisMenu);
}
// add admin menus
$showAdminAtTop = false;
if ($showAdminAtTop) {
$menuOrder = -100;
}
$menus = array_merge($menus, _getAdminMenus($menuOrder));
// sort menus by order value
uasort($menus, '_sortMenusByOrder');
$menus = array_values($menus);
// re-index elements to match sort order (for operation below)
// allow plugins to customize the menu while it's still an easily managable array
$menus = applyFilters('menulinks_array', $menus);
// set isSelected for menuGroups
$groupChildSelected = false;
for ($index = count($menus) - 1; $index >= 0; $index--) {
$menu =& $menus[$index];
if ($menu['menuType'] == 'menugroup') {
if ($groupChildSelected) {
$menu['isSelected'] = true;
$groupChildSelected = false;
}
} else {
if ($menu['isSelected']) {
$groupChildSelected = true;
}
}
unset($menu);
}
//
return $menus;
}
<?php
foreach (getUploadInfoFields($_REQUEST['fieldName']) as $infoFieldname => $label) {
?>
<tr>
<td style="vertical-align: middle" valign="middle"><?php
echo htmlencode($label);
?>
</td>
<td>
<?php
$fieldName = $_REQUEST['fieldName'];
// eg: uploads, photos, etc
$formFieldName = "{$uploadRecord['num']}_{$infoFieldname}";
// eg: 1234_info2 (upload record number, underscore, info field name)
$fieldHTML = "<input class='text-input' type='text' name='{$formFieldName}' value='" . htmlencode($uploadRecord[$infoFieldname]) . "' size='55' maxlength='255' />";
$fieldHTML = applyFilters('uploadModify_infoFieldHTML', $fieldHTML, $tableName, $fieldName, $infoFieldname, $formFieldName, $uploadRecord);
echo $fieldHTML;
?>
</td>
</tr>
<?php
}
?>
</table>
</td>
</tr>
<?php
}
?>
function getNewPasswordErrors($passwordText, $passwordText2 = null, $username = '')
{
$errors = array();
$is2 = !is_null($passwordText2);
// is there 2 passwords being checked?
// require passwords to be filled out
if ($passwordText == '') {
$errors[] = t("Please enter password.");
} elseif ($is2 && $passwordText2 == '') {
$errors[] = t("Please enter password again.");
} elseif ($is2 && $passwordText != $passwordText2) {
$errors[] = t("Passwords do not match!");
}
// don't let user user username as password
if (!$errors) {
if ($username && $username == $passwordText) {
$errors[] = t("Your username and your password cannot be the same!");
}
}
// don't allow leading or trailing whitespace
if (!$errors) {
if (preg_match("/^\\s|\\s\$/s", $passwordText)) {
$errors[] = t("Password cannot start or end with spaces!");
}
}
// don't allow using password hashes as passwords
if (!$errors && $passwordText2) {
// only check on forms that have two password fields (password, password again). We don't want to return this error on the CMS User Accounts Edit/Save screen which has the hash prefilled.
if (isPasswordDigest($passwordText)) {
$errors[] = t("Password cannot look like a password digest, try adding characters to beginning.");
}
}
// check for common passwords
if (!$errors) {
$commonPasswordList = file_get_contents(dirname(__FILE__) . '/login_password_blacklist.txt');
$passwordMatchRegexp = '/' . preg_quote($passwordText, '/') . '/i';
$isCommonPassword = preg_match($passwordMatchRegexp, $commonPasswordList);
if ($isCommonPassword) {
$errors[] = t('Password found in list of "most common passwords", please choose a more secure password.');
}
}
// allow plugins to add additional password rules
$errors = applyFilters('login_newPasswordErrors', $errors, $passwordText);
// return error text, use nl2br(htmlencode($errors) to covert to html
$errors = implode("\n", $errors);
if ($errors) {
$errors .= "\n";
}
return $errors;
}
function backupDatabase($filenameOrPath = '', $selectedTable = '')
{
global $TABLE_PREFIX;
$prefixPlaceholder = '#TABLE_PREFIX#_';
set_time_limit(60 * 5);
// v2.51 - allow up to 5 minutes to backup/restore database
session_write_close();
// v2.51 - End the current session and store session data so locked session data doesn't prevent concurrent access to CMS by user while backup in progress
// error checking
if ($selectedTable != '') {
$schemaTables = getSchemaTables();
if (preg_match("/[^\\w\\d\\-\\.]/", $selectedTable)) {
die(__FUNCTION__ . " : \$selectedTable contains invalid chars! " . htmlencode($selectedTable));
}
if (!in_array($selectedTable, $schemaTables)) {
die("Unknown table selected '" . htmlencode($selectedTable) . "'!");
}
}
// open backup file
$hostname = preg_replace('/[^\\w\\d\\-\\.]/', '', @$_SERVER['HTTP_HOST']);
if (!$filenameOrPath) {
$filenameOrPath = "{$hostname}-v{$GLOBALS['APP']['version']}-" . date('Ymd-His');
if ($selectedTable) {
$filenameOrPath .= "-{$selectedTable}";
}
$filenameOrPath .= ".sql.php";
}
$outputFilepath = isAbsPath($filenameOrPath) ? $filenameOrPath : DATA_DIR . "/backups/{$filenameOrPath}";
// v2.60 if only filename provided, use /data/backup/ as the basedir
$fp = @fopen($outputFilepath, 'x');
if (!$fp) {
// file already exists - avoid race condition
session_start();
return false;
}
// create no execute php header
fwrite($fp, "-- <?php die('This is not a program file.'); exit; ?>\n\n");
# prevent file from being executed
// get tablenames to backup
if ($selectedTable) {
$tablenames = array(getTableNameWithPrefix($selectedTable));
} else {
$skippedTables = array('_cron_log', '_error_log', '_outgoing_mail', '_nlb_log');
// don't backup these table names
$skippedTables = applyFilters('backupDatabase_skippedTables', $skippedTables);
// let users skip tables via plugins
$skippedTables = array_map('getTableNameWithPrefix', $skippedTables);
// add table_prefix to all table names (if needed)
$allTables = getMysqlTablesWithPrefix();
$tablenames = array_diff($allTables, $skippedTables);
// remove skipped tables from list
}
// backup database
foreach ($tablenames as $unescapedTablename) {
$escapedTablename = mysql_escape($unescapedTablename);
$tablenameWithFakePrefix = $prefixPlaceholder . getTableNameWithoutPrefix($escapedTablename);
// create table
fwrite($fp, "\n--\n");
fwrite($fp, "-- Table structure for table `{$tablenameWithFakePrefix}`\n");
fwrite($fp, "--\n\n");
fwrite($fp, "DROP TABLE IF EXISTS `{$tablenameWithFakePrefix}`;\n\n");
$result = mysql_query("SHOW CREATE TABLE `{$escapedTablename}`");
list(, $createStatement) = mysql_fetch_row($result) or die("MySQL Error: " . htmlencode(mysql_error()));
$createStatement = str_replace("TABLE `{$TABLE_PREFIX}", "TABLE `{$prefixPlaceholder}", $createStatement);
fwrite($fp, "{$createStatement};\n\n");
if (is_resource($result)) {
mysql_free_result($result);
}
// create rows
fwrite($fp, "\n--\n");
fwrite($fp, "-- Dumping data for table `{$tablenameWithFakePrefix}`\n");
fwrite($fp, "--\n\n");
$result = mysql_query("SELECT * FROM `{$escapedTablename}`") or die("MySQL Error: " . htmlencode(mysql_error()));
while ($row = mysql_fetch_row($result)) {
$values = '';
foreach ($row as $value) {
if (is_null($value)) {
$values .= 'NULL,';
} else {
$values .= '"' . mysql_real_escape_string($value) . '",';
}
}
$values = chop($values, ',');
// remove trailing comma
fwrite($fp, "INSERT INTO `{$tablenameWithFakePrefix}` VALUES({$values});\n");
}
if (is_resource($result)) {
mysql_free_result($result);
}
}
//
fwrite($fp, "\n");
$result = fwrite($fp, "-- Dump completed on " . date('Y-m-d H:i:s O') . "\n\n");
if ($result === false) {
die(__FUNCTION__ . ": Error writing backup file! {$php_errormsg}");
}
fclose($fp) || die(__FUNCTION__ . ": Error closing backup file! {$php_errormsg}");
//
@session_start();
// hide error: E_WARNING: session_start(): Cannot send session cache limiter - headers already sent
return $outputFilepath;
}
function serve($width, $height, $person)
{
$app = \Slim\Slim::getInstance();
$response = $app->response();
$response['Content-Type'] = 'image/jpeg';
$img = new abeautifulsite\SimpleImage(getBestImage($width, $height, $person));
if ($img->get_width() / $img->get_height() >= $width / $height) {
$img->fit_to_height($height);
$centre = round($img->get_width() / 2);
$x1 = $centre - $width / 2;
$x2 = $centre + $width / 2;
$img->crop($x1, 0, $x2, $height);
} else {
$img->fit_to_width($width);
$centre = round($img->get_height() / 2);
$y1 = $centre - $height / 2;
$y2 = $centre + $height / 2;
$img->crop(0, $y1, $width, $y2);
}
$img = applyFilters($img);
$img->output();
}
<input type="hidden" name="dragSortOrder" value="<?php
echo (int) @$_REQUEST['dragSortOrder'];
?>
" />
<?php
echo security_getHiddenCsrfTokenField();
disableAutocomplete('form-headers');
?>
<div class="content-box">
<div class="content-box-header">
<div style="float:right">
<?php
$buttonsRight = '';
$buttonsRight .= "<input class='button' type='button' name='cancel' value='" . t('Cancel') . "' onclick=\"viewCancel();\" />\n";
$buttonsRight = applyFilters('view_buttonsRight', $buttonsRight, $tableName, $GLOBALS['RECORD']);
echo $buttonsRight;
?>
</div>
<h3><a href="?menu=<?php
echo $menu;
?>
" ><?php
echo $schema['menuName'];
?>
</a></h3>
<div class="clear"></div>
</div> <!-- End .content-box-header -->
function _displayRecordAccessErrors($action)
{
global $CURRENT_USER, $hasEditorAccess, $hasAuthorAccess, $hasAuthorViewerAccess, $schema, $tableName, $escapedTableName, $isSingleMenu;
//
$isAuthor = !$CURRENT_USER['isAdmin'] && !$hasEditorAccess && $hasAuthorAccess;
$recordNums = array_unique(array_merge((array) @$_REQUEST['selectedRecords'], (array) @$_REQUEST['num']));
$recordNumsAsCSV = join(',', array_map('intval', $recordNums));
// escape nums by converting them to integers
$invalidNums = array();
// don't allow authors to edit records they don't own
$allowAuthorViewerAccess = $hasAuthorViewerAccess && in_array($action, array('view', 'uploadList'));
if ($isAuthor && $recordNums && !$isSingleMenu && !$allowAuthorViewerAccess) {
$accessWhere = "`createdByUserNum` = '{$CURRENT_USER['num']}'";
$accessWhere = applyFilters('record_access_where', $accessWhere, $tableName);
// this is also called in list_functions_init()
$query = "SELECT num FROM `{$escapedTableName}` WHERE num IN ({$recordNumsAsCSV}) AND !({$accessWhere})";
$records = mysql_select_query($query, true);
// these are records not owned by the user (who has author access)
foreach ($records as $record) {
$invalidNums[] = $record[0];
}
}
// User Accounts: don't allow non-admin's to edit 'isAdmin' accounts
if ($tableName == 'accounts' && !$CURRENT_USER['isAdmin'] && $recordNums) {
$query = "SELECT num FROM `{$escapedTableName}` WHERE num IN ({$recordNumsAsCSV}) AND isAdmin = '1'";
$records = mysql_select_query($query, true);
// these are records not owned by the user (who has author access)
foreach ($records as $record) {
$invalidNums[] = $record[0];
}
}
// show errors
if ($invalidNums) {
$invalidNumsAsCSV = join(',', $invalidNums);
$error = sprintf(t("You don't have permission to access these records: %s"), $invalidNumsAsCSV);
showInterfaceError($error);
}
}
</table>
</td></tr></table>
<br/>
<div style="float:left">
<?php
$advancedCommands = array();
if ($CURRENT_USER['isAdmin']) {
$advancedCommands['Admin: Edit Section'] = '?menu=database&action=editTable&tableName=' . urlencode($tableName);
}
if ($CURRENT_USER['isAdmin']) {
$advancedCommands['Admin: Code Generator'] = '?menu=_codeGenerator&tableName=' . urlencode($tableName);
}
$advancedCommands = applyFilters('edit_advancedCommands', $advancedCommands);
if ($advancedCommands) {
$labels = array_map('t', array_keys($advancedCommands));
// translate labels
?>
<select name="_advancedAction" id="advancedAction">
<option value=''><?php
et('Advanced Commands...');
?>
</option>
<option value=''> </option>
<?php
echo getSelectOptions(null, array_values($advancedCommands), $labels);
?>
</select>
<input class="button" type="submit" name="_advancedActionSubmit" value=" go " onclick="$('form').ajaxFormUnbind();" />
function userHasFieldAccess($fieldSchema)
{
// args changed as of 2.16, used to be ($tableName, $accessRule) {
global $CURRENT_USER;
if (!array_key_exists('_tableName', $fieldSchema)) {
dieAsCaller("Fieldschema missing '_tableName' value!");
}
if (!array_key_exists('name', $fieldSchema)) {
dieAsCaller("Fieldschema missing 'name' value!");
}
// check if user has access to this field
$hasAccess = false;
$accessRule = @$fieldSchema['adminOnly'];
// this schema key is a legacy fieldname that will be renamed in future
$hasEditorAccess = userSectionAccess($fieldSchema['_tableName']) >= 9;
if ($CURRENT_USER['isAdmin']) {
$hasAccess = true;
} elseif (!$accessRule) {
$hasAccess = true;
} elseif ($accessRule == 1 && $hasEditorAccess) {
$hasAccess = true;
} elseif ($accessRule == 2 && $CURRENT_USER['isAdmin']) {
$hasAccess = true;
}
// requires admin access (ignored since admins can access all fields)
$hasAccess = applyFilters('userHasFieldAccess', $hasAccess, $fieldSchema);
return $hasAccess;
}
function showUploadPreview($uploadRecord, $maxWidth = 50, $maxHeight = null)
{
if ($maxWidth && !$maxHeight) {
$maxHeight = $maxWidth * 2;
}
// legacy 2-argument support
// find the biggest image or thumb with the least scaling
list($bestSrc, $bestWidth, $bestHeight, $bestSize, $bestScaledBy) = array('', 0, 0, 0, 0);
$isImage = preg_match("/\\.(gif|jpg|jpeg|png)\$/i", $uploadRecord['urlPath']);
if ($isImage) {
foreach (range(0, 4) as $thumbNum) {
if ($thumbNum === 0) {
list($widthField, $heightField, $urlField) = array('width', 'height', 'urlPath');
} elseif ($thumbNum === 1) {
list($widthField, $heightField, $urlField) = array('thumbWidth', 'thumbHeight', 'thumbUrlPath');
} else {
list($widthField, $heightField, $urlField) = array("thumbWidth{$thumbNum}", "thumbHeight{$thumbNum}", "thumbUrlPath{$thumbNum}");
}
// skip images with no height or width
if (!@$uploadRecord[$widthField] && !@$uploadRecord[$heightField]) {
continue;
}
// calculate dimensions of scaling this image or thumbnail (do not allow scaling-up)
list($resizeWidth, $resizeHeight, $resizeScale) = image_resizeCalc($uploadRecord[$widthField], $uploadRecord[$heightField], $maxWidth, $maxHeight);
// when calculating sizes, longest run (width or height) is more appropriate than width * height, since rounding errors can cause the minor
// axis to deviate by 1 pixel (e.g. a 10x150 image, thumbnailed to 100x100 and 64x64, will resize to 50x50 as 50x4 and 50x3 respectively; the
// 64x64 thumb should be chosen, even though its minor axis is one pixel smaller than the 100x100 thumb)
$resizeSize = max($resizeWidth, $resizeHeight);
// if this resized image/thumb is the biggest, or if it's the same size but requires less scaling (meaning that the original thumb is smaller)
// Note: Multiple thumbs that are larger than maxHeight/maxWidth will have similar resized height/width but different resizing scales,
// ... we want to select the image that needs to be scaled down the least, since we're not scaling the image itself but the height/width in
// ... the image tag. We want to load the image that is closest in size to reduce bandwidth required.
if ($resizeSize > $bestSize || $resizeSize === $bestSize && $resizeScale > $bestScaledBy) {
$bestSrc = $uploadRecord[$urlField];
// keep track of best match
list($bestWidth, $bestHeight, $bestSize, $bestScaledBy) = array($resizeWidth, $resizeHeight, $resizeSize, $resizeScale);
}
}
}
// output preview html
$aLink = urlencodeSpaces($uploadRecord['urlPath']);
$title = htmlencode($uploadRecord['filename']);
$bestSrc = htmlencode($bestSrc);
$html = '';
$html .= "<a href='{$aLink}' title='{$title}' target='_BLANK'>";
if ($isImage && $bestSrc) {
$html .= "<img src='{$bestSrc}' border='0' width='{$bestWidth}' height='{$bestHeight}' alt='{$title}' title='{$title}' />";
} else {
$html .= t('download');
}
$html .= "</a>\n";
//
$html = applyFilters('showUploadPreview_html', $html, $uploadRecord);
print $html;
}
function _showUpload($fieldSchema, $record)
{
global $preSaveTempId, $SETTINGS, $menu;
$prefixText = @$fieldSchema['fieldPrefix'];
$description = @$fieldSchema['description'];
if ($prefixText) {
$prefixText .= "<br/>";
}
// create uploadList url
$uploadList = "?" . "menu=" . urlencode($menu) . "&action=uploadList" . "&fieldName=" . urlencode($fieldSchema['name']) . "&num=" . urlencode(@$_REQUEST['num']) . "&preSaveTempId=" . urlencode($preSaveTempId);
// create uploadLink url
$uploadLink = "?menu=" . urlencode($menu) . "&action=uploadForm" . "&fieldName=" . urlencode($fieldSchema['name']) . "&num=" . urlencode(@$_REQUEST['num']) . "&preSaveTempId=" . urlencode($preSaveTempId) . "&TB_iframe=true&height=350&width=700&modal=true";
// error checking
$errors = '';
list($uploadDir, $uploadUrl) = getUploadDirAndUrl($fieldSchema);
if (!file_exists($uploadDir)) {
mkdir_recursive($uploadDir, 0755);
}
// create upload dir (if not possible, dir not exists error will show below)
if (!file_exists($uploadDir)) {
$errors .= "Upload directory '" . htmlencode($uploadDir) . "' doesn't exist!.<br/>\n";
} elseif (!is_writable($uploadDir)) {
$errors .= "Upload directory '" . htmlencode($uploadDir) . "' isn't writable!.<br/>\n";
}
// display errors
if ($errors) {
print <<<__HTML__
<tr>
<td valign="top"><br/>{$fieldSchema['label']}<br/></td>
<td><div id='alert'><span>{$errors}</span></div></td>
</tr>
__HTML__;
return;
}
// display field
?>
<tr>
<td style="vertical-align: top"><?php
echo $fieldSchema['label'];
?>
</td>
<td>
<?php
echo $prefixText;
?>
<iframe id="<?php
echo $fieldSchema['name'];
?>
_iframe" src="<?php
echo $uploadList;
?>
" height="100" width="100%" frameborder="0" class="uploadIframe"></iframe><br/>
<?php
$displayDefaultLink = applyFilters('edit_show_upload_link', true, $fieldSchema, $record);
?>
<?php
if ($displayDefaultLink) {
?>
<div style="position: relative; height: 24px;">
<div style="position: absolute; top: 6px; width: 100%; text-align: center;">
<?php
if (inDemoMode()) {
?>
<a href="javascript:alert('<?php
echo jsEncode(t('This feature is disabled in demo mode.'));
?>
')"><b><?php
echo t('Add or Upload File(s)');
?>
</b></a>
<?php
} else {
?>
<a href="<?php
echo $uploadLink;
?>
" class="thickbox"><b><?php
echo t('Add or Upload File(s)');
?>
</b></a>
<?php
}
?>
</div>
<div style="position: absolute; z-index: 1; width: 100%; text-align: center;">
<div id="<?php
echo $fieldSchema['name'];
?>
_uploadButton"></div>
</div>
</div>
<?php
$useFlashUploader = !@$SETTINGS['advanced']['disableFlashUploader'];
?>
<?php
if ($useFlashUploader && !inDemoMode()) {
?>
<?php
$fileExtCSV = implode(',', preg_split("/\\s*\\,\\s*/", strtolower($fieldSchema['allowedExtensions'])));
?>
<div id="<?php
echo $fieldSchema['name'];
?>
_uploadTips" style="display: none; text-align: center; font-size: xx-small; margin-top: 2px;">
<?php
$isMac = preg_match('/macintosh|mac os x/i', @$_SERVER['HTTP_USER_AGENT']);
$key = $isMac ? '<Command>' : '<Ctrl>';
if (@$fieldSchema['maxUploads'] != 1) {
echo htmlencode(t("Tip: hold {$key} to select multiple files"));
}
?>
<br/>
<?php
echo $description;
?>
</div>
<div class="uploadifyQueue" id="<?php
echo $fieldSchema['name'];
?>
_uploadQueue"></div>
<script type="text/javascript">// <![CDATA[
$(document).ready(function() {
$('#<?php
echo $fieldSchema['name'];
?>
_uploadButton').uploadify(generateUploadifyOptions({
'script' : <?php
echo json_encode(basename(@$_SERVER['SCRIPT_NAME']));
?>
,
'modifyAfterSave' : <?php
echo count(getUploadInfoFields($fieldSchema['name']));
?>
,
'menu' : <?php
echo json_encode($menu);
?>
,
'fieldName' : <?php
echo json_encode($fieldSchema['name']);
?>
,
'num' : <?php
echo json_encode(@$_REQUEST['num'] ? $_REQUEST['num'] : '');
?>
,
'preSaveTempId' : <?php
echo json_encode($preSaveTempId);
?>
,
'buttonText' : <?php
echo json_encode(t('Upload File(s)'));
?>
,
'fileExtCSV' : <?php
echo json_encode($fileExtCSV);
?>
,
'maxUploadSizeKB' : <?php
echo json_encode($fieldSchema['checkMaxUploadSize'] ? $fieldSchema['maxUploadSizeKB'] : 0);
?>
,
'loginDataEncoded' : <?php
echo json_encode(@$_COOKIE[loginCookie_name(true)]);
?>
,
'queueID' : <?php
echo json_encode($fieldSchema['name'] . "_uploadQueue");
?>
}));
});
// ]]></script>
<?php
}
?>
<?php
}
?>
</td>
</tr>
<?php
}
<p>
<input class="button" type="submit" name="login" value="<?php
et('Login');
?>
" tabindex="4" />
</p>
<p>
<a href="?menu=forgotPassword"><?php
et('Forgot your password?');
?>
</a>
</p>
<?php
$content = ob_get_clean();
// get cached output
$content = applyFilters('login_content', $content);
echo $content;
?>
<div class="clear"></div>
</div> <!-- End .tab-content -->
</div> <!-- End .content-box-content -->
</div> <!-- End .content-box -->
</form>
<?php
showFooter();
function showFooter()
{
global $APP, $SETTINGS, $CURRENT_USER, $TABLE_PREFIX;
if (applyFilters('ui_footer', TRUE)) {
//
include "lib/menus/footer.php";
}
// display license and build info
# NOTE: Disabling or modifying licensing or registration code violates your license agreement and is willful copyright infringement.
# NOTE: Copyright infringement can be very expensive: http://en.wikipedia.org/wiki/Statutory_damages_for_copyright_infringement
# NOTE: Please do not steal our software.
showBuildInfo();
}
<div id="footer">
<small>
<?php
if ($SETTINGS['footerHTML']) {
echo getEvalOutput($SETTINGS['footerHTML']) . '<br/>';
}
$executeSecondsString = sprintf(t("%s seconds"), showExecuteSeconds(true));
echo applyFilters('execute_seconds', $executeSecondsString);
?>
<?php
doAction('admin_footer');
?>
<!-- -->
</small>
</div>
</div> <!-- End #main-content -->
</div> <!-- End #body-wrapper -->
<div class="clear"></div>
</body>
</html>
<h2>
<?php
$title = sprintf(t('Welcome to %s'), htmlencode($SETTINGS['programName']));
$title = applyFilters('home_title', $title);
echo $title;
?>
</h2>
<div class="content-box">
<div class="content-box-content">
<?php
$content = "<p>" . t('Please select an option from the menu.') . "</p>";
if ($CURRENT_USER['isAdmin']) {
$content .= "<p>" . t('<b>Administrators:</b> Use the <a href="?menu=database">Section Editors</a> to add sections and generate PHP viewers.') . "</p>";
}
$content = applyFilters('home_content', $content);
echo $content;
?>
</div>
</div>
function getFilenameFieldValue($record, $filenameFields)
{
global $VIEWER_NAME;
$filenameValue = '';
// convert string to array
if (!is_array($filenameFields)) {
$filenameFields = preg_split("/\\s*,\\s*/", $filenameFields);
}
// error checking
foreach ($filenameFields as $fieldname) {
if ($fieldname == '') {
continue;
}
if (!array_key_exists($fieldname, $record)) {
die("{$VIEWER_NAME}: Unknown field '" . htmlencode($fieldname) . "' in filenameFields or titleField options!");
}
}
// get first defined field value
$fieldValue = '';
foreach ($filenameFields as $fieldname) {
if (@$record[$fieldname] == '') {
continue;
}
$fieldValue = @$record[$fieldname];
$filenameValue = $fieldValue;
break;
}
$filenameValue = preg_replace('/[^a-z0-9\\.\\-\\_]+/i', '-', $filenameValue);
$filenameValue = preg_replace("/(^-+|-+\$)/", '', $filenameValue);
# remove leading and trailing underscores
if ($filenameValue) {
$filenameValue .= "-";
}
//
$filenameValue = applyFilters('viewer_link_field_content', $filenameValue, $fieldValue, $record);
//
return $filenameValue;
}
function sendMessage($options = array())
{
// allow hooks to override
$eventState = array('cancelEvent' => false, 'returnValue' => null);
$eventState = applyFilters('sendMessage', $eventState, $options);
if ($eventState['cancelEvent']) {
return $eventState['returnValue'];
}
// don't send if 'disabled' option set
if (@$options['disabled']) {
return;
}
### v2.52 Notes: PHP's mail() function is very broken, on windows it talks directly to a SMTP server, or linux it talks to sendmail/qmail/postfix, etc.
### ... The PHP docs and RFCs say to use CRLF as an EOL in messages, but QMail and other Mail Transfer Agents (MTA) assume input is using the
### ... OS's default EOL char and converts LF to CRLF so it's standard compliant, which also causes CRLF to be translated to CRCRLF. So there's
### ... no OS-independent way to make it work. For these reasons, we bypass PHP mail() altogether and use the Swift Mailer library.
// error checking
$errors = '';
$hasText = array_key_exists('text', $options);
$hasHTML = array_key_exists('html', $options);
$hasAttachments = array_key_exists('attachments', $options);
if (!isValidEmail(@$options['to'], true)) {
$errors .= "'to' isn't a valid email '" . htmlencode($options['to']) . "'!<br/>\n";
}
if (!isValidEmail(@$options['from'])) {
$errors .= "'from' isn't a valid email '" . htmlencode($options['from']) . "'!<br/>\n";
}
if (!array_key_exists('subject', $options)) {
$errors .= "'subject' must be defined!<br/>\n";
}
if (!$hasText && !$hasHTML) {
$errors .= "Either 'text' or 'html' or both must be defined!<br/>\n";
}
if ($errors) {
return $errors;
}
// optionally log message and/or skip sending (log only - if enabled)
$mode = $GLOBALS['SETTINGS']['advanced']['outgoingMail'];
if ($mode != 'sendOnly' && @$options['logging'] !== false) {
$colsToValues = array_slice_keys($options, array('from', 'to', 'subject', 'text', 'html'));
$colsToValues['createdDate='] = 'NOW()';
$colsToValues['sent='] = $mode == 'logOnly' ? '""' : 'NOW()';
$colsToValues['headers'] = '';
if (@$options['headers']) {
// v2.52 log message headers (previously died with "logging message headers not supported"
foreach ($options['headers'] as $name => $value) {
$colsToValues['headers'] .= "{$name}: {$value}\n";
}
}
$colsToValues['reply-to'] = @$options['headers']['Reply-To'];
$colsToValues['cc'] = @$options['headers']['CC'];
$colsToValues['bcc'] = @$options['headers']['BCC'];
mysql_insert('_outgoing_mail', $colsToValues, true);
}
if ($mode == 'logOnly') {
return;
}
// don't send if "log only" set
// debug
// showme($options);
// send message with swift mailer
$errors = _sendMessage_swiftMailer($options);
return $errors;
}
function displayListColumns($listFields, $record, $options = array())
{
global $CURRENT_USER, $tableName, $schema;
$showView = @$options['isRelatedRecords'] ? @$options['showView'] : !@$schema['_disableView'];
$showModify = @$options['isRelatedRecords'] ? @$options['showModify'] : !@$schema['_disableModify'];
$showErase = @$options['isRelatedRecords'] ? @$options['showErase'] : !@$schema['_disableErase'];
$hasAuthorViewerAccessOnly = userSectionAccess($tableName) == 7;
$hasViewerAccessOnly = userSectionAccess($tableName) == 3;
// remove modify/erase for users with view only access -OR- with Author/Viewer access who don't own the record
if ($hasViewerAccessOnly) {
$showModify = false;
$showErase = false;
}
if ($hasAuthorViewerAccessOnly) {
$showModify = $showModify && ($record['createdByUserNum'] && $record['createdByUserNum'] == $CURRENT_USER['num']);
$showErase = $showErase && ($record['createdByUserNum'] && $record['createdByUserNum'] == $CURRENT_USER['num']);
}
// checkboxes - for "Advanced Commands" pulldown
if (!@$options['isRelatedRecords']) {
print "<td>";
if (@$schema['num']) {
print "<input type='checkbox' name='selectedRecords[]' value='{$record['num']}' class='selectRecordCheckbox' />";
}
print "</td>\n";
}
// category sections - add up/down sorting links and drag field
if (@$schema['menuType'] == 'category' && !@$options['isRelatedRecords']) {
//
$tableNameJsEncoded = jsencode($tableName);
$upClick = "return redirectWithPost('?', {menu:'{$tableNameJsEncoded}', _action:'categoryMove', 'direction':'up', 'num':'{$record['num']}', '_CSRFToken': \$('[name=_CSRFToken]').val()});";
$dnClick = "return redirectWithPost('?', {menu:'{$tableNameJsEncoded}', _action:'categoryMove', 'direction':'down', 'num':'{$record['num']}', '_CSRFToken': \$('[name=_CSRFToken]').val()});";
//
print "<td class='dragger'>";
print "<img src='lib/images/drag.gif' height='6' width='19' title='" . t('Click and drag to change order.') . "' alt='' />";
print "<a href='#' onclick=\"{$upClick}\"><!-- " . t('UP') . ' --></a>';
print "<a href='#' onclick=\"{$dnClick}\"><!-- " . t('DN') . ' --></a>';
print "</td>";
}
// display all other fields
foreach ($listFields as $fieldnameWithSuffix) {
@(list($fieldname, $suffix) = explode(":", $fieldnameWithSuffix));
// to support fieldname:label
if ($fieldnameWithSuffix == 'dragSortOrder') {
if (@$options['isRelatedRecords'] && !@$GLOBALS['SETTINGS']['advanced']['allowRelatedRecordsDragSorting']) {
continue;
}
if ($hasViewerAccessOnly) {
continue;
}
if (!userHasFieldAccess($schema[$fieldname])) {
continue;
}
// skip fields that the user has no access to
}
list($displayValue, $tdAttributes) = _getColumnDisplayValueAndAttributes($fieldname, $record);
$displayValue = applyFilters('listRow_displayValue', $displayValue, $tableName, $fieldname, $record);
$tdAttributes = applyFilters('listRow_tdAttributes', $tdAttributes, $tableName, $fieldname, $record);
print "<td {$tdAttributes}>{$displayValue}</td>\n";
}
### display actions
$actionLinks = '';
// view
if ($showView) {
$viewLink = '?menu=' . htmlencode($tableName) . "&action=view&num=" . @$record['num'];
if (@$options['isRelatedRecords']) {
$viewLink .= "&returnUrl=" . urlencode('?' . $_SERVER['QUERY_STRING']);
}
$actionLinks .= "<a href='{$viewLink}'>" . t('view') . "</a>\n";
}
// modify
if ($showModify) {
$modifyLink = '?menu=' . htmlencode($tableName) . "&action=edit&num=" . @$record['num'];
if (@$options['isRelatedRecords']) {
$modifyLink .= "&returnUrl=" . urlencode('?' . $_SERVER['QUERY_STRING']);
}
$actionLinks .= "<a href='{$modifyLink}'>" . t('modify') . "</a>\n";
}
// erase
if ($showErase) {
$returnArg = @$options['isRelatedRecords'] ? ',' . htmlencode(json_encode('?' . urlencode($_SERVER['QUERY_STRING']))) : '';
$disableErase = $tableName == 'accounts' && $CURRENT_USER['num'] == $record['num'];
$eraseLink = "javascript:confirmEraseRecord('" . htmlencode($tableName) . "','" . @$record['num'] . "'{$returnArg});";
if ($disableErase) {
$actionLinks .= "<span class='disabled'>" . t('erase') . "</span>\n";
} else {
$actionLinks .= "<a href=\"{$eraseLink}\">" . t('erase') . "</a>\n";
}
}
//
$actionLinks = applyFilters('listRow_actionLinks', $actionLinks, $tableName, $record);
// show erase link
print "<td class='listActions'>{$actionLinks}</td>";
}
if ($CURRENT_USER) {
$headerLinks .= " | <a href='?action=logoff'>" . sprintf(t("Logoff (%s)"), htmlencode($CURRENT_USER['username'])) . "</a>";
}
// Help | License | View Website >>
if ($headerLinks) {
$headerLinks .= "<br/>\n";
}
if ($SETTINGS['helpUrl']) {
$headerLinks .= "<a href='" . getEvalOutput($SETTINGS['helpUrl']) . "' target='_blank'>" . t('Help') . "</a> | ";
}
$headerLinks .= "<a href='?menu=license'>" . t('License') . "</a> | ";
if ($SETTINGS['websiteUrl']) {
$headerLinks .= "<a href='" . getEvalOutput($SETTINGS['websiteUrl']) . "' target='_blank' class='mLink'>" . t('View Website >>') . "</a><br/>";
}
//
echo applyFilters('header_links', $headerLinks);
?>
</div>
<?php
if ($CURRENT_USER) {
?>
<ul id="main-nav">
<?php
echo $menuLinks;
?>
</ul>
<?php
}
?>
