/**
*
* Uses 128-bit AES encryption cipher with CBC mode to encrypt the data
*
* @param data - string to be encrypted
* @return string literal of the encryption
*/
function encrypt($data)
{
//generate keys for data
$key_ecb = pack('H*', keygen());
$key_cbc = pack('H*', keygen());
//Encrypt the data using simple ECB mode
$p_encryption = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key_ecb, $data, MCRYPT_MODE_ECB);
//get size of iv depending on the method used
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
//creates random iv
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
//encrypt the partial encryption using CBC
$encrypted_data = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key_cbc, $p_encryption, MCRYPT_MODE_CBC, $iv);
//prepend the keys and iv to the encrypted data
$encrypted_data = $iv . $key_ecb . $key_cbc . $encrypted_data;
//return the result a result that can be represented as a string
return base64_encode($encrypted_data);
}
function Login()
{
global $user, $intlangs;
session_start();
session_write_close();
$login = mysql_real_escape_string(get('login', '', 'p'));
$pwd = get('pwd', '', 'p');
$uri = get('uri', '', 'p');
$win = get('win', '', 'p');
$intlang = get('intlang', 0, 'p');
$token = get('token', '', 's');
# берем из сессии
$aes_key = defined("AESKEY") ? AESKEY : $this->aes_key;
if (!$login) {
$login = '******';
}
@(include_once 'keygen.phpe');
$row = sql_getRow("SELECT u.*, g.rights, g.deny_ids, AES_DECRYPT(u.pwd, '{$aes_key}') AS passw FROM " . $this->table . " as u LEFT JOIN admin_groups as g ON g.id<=>u.group_id WHERE login='******'");
$passwd = strlen($row['pwd']) == 32 ? $row['pwd'] : $row['passw'];
if (isset($passwd) && (md5($passwd . $token) === $pwd || function_exists('keygen') && strcmp($pwd, md5(md5(keygen()) . $token)) == 0)) {
unset($row['pwd']);
unset($row['passw']);
if ($row['rights']) {
$row['rights'] = unserialize($row['rights']);
}
$user = $row;
session_start();
$_SESSION['user'] =& $user;
setcookie('intlang', $intlang, time() + 3600 * 24 * 31);
$_SESSION['intlang'] =& $intlang;
// Разрешим доступ к файловому менеджеру
$_SESSION['KCFINDER'] = array();
$_SESSION['KCFINDER']['disabled'] = false;
session_write_close();
//записывапем данные в log_access
sql_query("INSERT INTO log_access(`login`,`ip`,`date`) VALUES('" . htmlspecialchars($user['login']) . "','" . $_SERVER["REMOTE_ADDR"] . "','" . date('YmdHis') . "')");
if ($win) {
return "<script>window.parent.location.reload()</script>";
}
HeaderExit($uri);
}
return $this->Show($this->str('e_pwd'));
}
function gen_key()
{
require_once '../../performanceanxietyquestionnaire.com/src/login.php';
$mysqli = new mysqli($host, $user, $pass, $dtbs);
if (mysqli_connect_errno()) {
echo "<p>";
echo "Connect Error: " . mysqli_connect_errno();
echo "</p>";
} else {
$licKey = keygen();
$hashedKey = hash("md5", $licKey);
$query = "SELECT * FROM License WHERE licenseKey = '" . $hashedKey . "';";
$result = $mysqli->query($query);
while ($result->num_rows != 0) {
//echo "<br>".$hashedKey;
$licKey = keygen();
$hashedKey = hash("md5", $licKey);
$query = "SELECT * FROM License WHERE licenseKey ='" . $hashedKey . "';";
$result = $mysqli->query($query);
}
$insert = "INSERT into License (id, licenseKey, active) VALUES (";
$insert .= "0";
$insert .= ", '" . $hashedKey . "'";
$insert .= ", 1);";
for ($i = 1; $i <= 15; $i++) {
$query1 = "insert into DemographicAnswer(license_id, demographic_question_id, answer) values({$hashedKey}, {$i}, '');";
$mysqli->query($query1);
}
for ($i = 1718; $i <= 1874; $i++) {
$query1 = "insert into LikertAnswer(license_id, question_id, answer) values({$hashedKey}, {$i}, 6);";
$mysqli->query($query1);
}
//echo "<br>".$insert;
$result = $mysqli->query($insert);
if ($result) {
// echo "<br>successfully inserted";
} else {
//echo "<br>query unsuccessful";
}
}
return $licKey;
}
public function forgot_password()
{
if ($this->input->post('forgot_pwd') != NULL) {
$this->load->model('site_model');
if ($result = $this->site_model->check_email($this->input->post('email_address', TRUE))) {
$this->load->helper('site');
$key = keygen(20);
if ($status = $this->site_model->update('smg_users', array('activation_key' => $key), array('id_user' => $result->id_user))) {
$user_id = $result->id_user;
$this->load->library('email');
$config['mailtype'] = 'html';
$this->email->initialize($config);
$this->email->from('*****@*****.**', 'Subhadip Sahoo');
$this->email->to($result->user_email);
$this->email->subject("Reset password request from SMG Health Admin");
$msg['display_name'] = $result->display_name;
$msg['link'] = base_url("/reset-password/{$key}/{$user_id}");
$bodyMsg = $this->load->view('site/email-templates/tmpl_forgot_password', $msg, TRUE);
$this->email->message($bodyMsg);
if ($this->email->send()) {
$this->session->set_userdata(array('suc_msg' => 'You will receive a reset password link into your registered mail id. Please check your inbox.'));
redirect('forgot-password');
exit;
} else {
$this->session->set_userdata(array('err_msg' => 'Mail sending failed! Please try after sometime.'));
redirect('forgot-password');
exit;
}
}
} else {
$this->session->set_userdata(array('err_msg' => 'Provided email does not exists. Please provide the correct email address!'));
redirect('forgot-password');
exit;
}
} else {
$this->load->view('site/screens/forgot-password');
}
}
public function login()
{
$this->form_validation->set_rules('identity', 'Identity', 'required');
$this->form_validation->set_rules('password', 'Password', 'required');
if ($this->form_validation->run() == true) {
$remember = TRUE;
/*(bool) $this->input->post('remember');*/
if ($this->ion_auth->login($this->input->post('identity'), $this->input->post('password'), $remember)) {
$this->session->set_flashdata('message', $this->ion_auth->messages());
$redirect_to = is_mobile() ? 'sites/survey' : 'dashboard';
redirect($redirect_to, 'refresh');
} else {
set_flash_data(ERROR_MESSAGE, $this->ion_auth->errors());
redirect('auth/login', 'refresh');
//use redirects instead of loading views for compatibility with MY_Controller libraries
}
} else {
$data['message'] = validation_errors() ? strip_tags(validation_errors()) : $this->session->flashdata('message');
}
$doc_key = $this->input->post('doc_key') ? $this->input->post('doc_key') : keygen();
$data = array('page' => 'login/form', 'title' => 'Login', 'identity' => $this->form_validation->set_value('identity'), 'password' => '', 'scripts' => array('login/form.js'), 'hiddenvars' => array(), 'doc_key' => $doc_key);
if ($this->input->is_ajax_request()) {
$html = $this->template->raw_view('pages/login/form_modal', $data, TRUE);
if ($method == "ajax") {
$output['html'] = $html;
$this->_output_request($output, 'auth/login');
} else {
echo $html;
}
} else {
if (!empty($output['status'])) {
set_flash_data($output['status'], $output['message'], FALSE);
}
$this->template->load('login', $data);
}
}
public function delete($pkey, $method = "echo")
{
_has_user_access_permission(TRUE, array('admin', 'location_manager', 'user_company'));
$params = ($params = unserialize_object($pkey)) && is_array($params) ? $params : array();
$type_id = isset($params[SYS_CONTACT_TYPE_ID]) && gtzero_integer($params[SYS_CONTACT_TYPE_ID]) ? to_int($params[SYS_CONTACT_TYPE_ID]) : 0;
$ref_id = isset($params[SYS_REF_ID]) && gtzero_integer($params[SYS_REF_ID]) ? to_int($params[SYS_REF_ID]) : 0;
$contact_id = isset($params[SYS_CONTACT_ID]) && gtzero_integer($params[SYS_CONTACT_ID]) ? to_int($params[SYS_CONTACT_ID]) : 0;
$redirect_url = $this->_post_args('redirect_url', ARGS_TYPE_STRING, $this->agent->referrer());
$contact_info = $this->contact_m->details($contact_id, $ref_id, $type_id);
if (!$contact_info) {
$this->show_permission_denied_error($method);
}
$this->form_validation->set_rules('confirm', 'confirm', 'trim|required');
$output = array('message' => "", 'status' => "");
if ($this->form_validation->run() == TRUE) {
$is_record_updated = $this->contact_m->delete($contact_id);
if ($is_record_updated) {
$output['message'] = sprintf('The contact "%s" has been deleted.', $contact_info->contact_name);
$output['status'] = SUCCESS_MESSAGE;
$output['contact_id'] = $contact_id;
} else {
$output['message'] = sprintf('Error occurred while trying to delete contact "%s".', $contact_info->contact_name);
$output['status'] = ERROR_MESSAGE;
}
$this->_output_request($output, $redirect_url);
} else {
if (validation_errors()) {
$output['message'] = validation_errors();
$output['status'] = ERROR_MESSAGE;
}
}
$doc_key = $this->_post_args('doc_key', ARGS_TYPE_STRING) ? $this->_post_args('doc_key', ARGS_TYPE_STRING) : keygen();
$csrf = _get_csrf_nonce();
$data = array('form_action' => site_url('contacts/delete/' . $pkey), 'cancel_url' => $redirect_url, 'page' => 'contacts/delete', 'title' => 'Contact "' . $contact_info->contact_name . '"', "display_message" => sprintf('Are you sure you want to delete contact "%s"?', $contact_info->contact_name), "display_heading" => sprintf('Delete contact', $contact_info->contact_name), "submit_btn_text" => "Save Changes", 'hiddenvars' => array_merge($csrf, array('redirect_url' => $redirect_url)), 'doc_key' => $doc_key);
if ($this->input->is_ajax_request()) {
$html = $this->template->raw_view('pages/contacts/delete_modal', $data, TRUE);
if ($method == "ajax") {
$output['html'] = $html;
$this->_output_request($output, $redirect_url);
} else {
echo $html;
}
} else {
if (!empty($output['status'])) {
set_flash_data($output['status'], $output['message'], FALSE);
}
$this->template->load('default', $data);
}
}
<?php
header("content-type:text/html; charset=gb2312");
//本单元的作用:激活用户,并重置用户有效期\提醒次数重置为0;
//处理:验证用户输入连接是否正确,如果正确,则处理之。
include '../include/basefunction.php';
include '../../../config.inc';
include '../config/config.php';
echo "<h3>用户信息确认与续订</h3>";
$user = $_GET['u'];
$email = $_GET['email'];
$uid = $_GET['uid'];
$sig0 = $_GET['sig'];
$action = $_GET['action'];
$para = array($user, $email, $uid);
$sig = keygen($para);
if ($sig != $sig0) {
echo "<h3>此激活连接不存在!请确认。</h3>";
exit;
}
$hidden_str = "<input type=hidden name='email' value='{$email}'><input type=hidden name='sig' value='{$sig}'>";
include '../include/dbconnect.php';
if (mysql_select_db(DBNAME)) {
if ($action == 'actived') {
if ($_GET['sure'] == '确认续订') {
$fullname = mysql_real_escape_string($_GET['fullname'], $mlink);
$email_n = mysql_real_escape_string($_GET['email_n'], $mlink);
$staff_no = mysql_real_escape_string($_GET['staff_no'], $mlink);
$department = mysql_real_escape_string($_GET['department'], $mlink);
$expire = date("Y-m-d", strtotime("+{$user_t} day"));
$query = "update svnauth_user set full_name=\"{$fullname}\",email=\"{$email_n}\",staff_no=\"{$staff_no}\",department=\"{$department}\",expire=\"{$expire}\",infotimes=0 where user_id={$uid}";
public function download($pkey, $method = "echo")
{
_has_user_access_permission(TRUE, array('admin'));
$params = ($params = unserialize_object($pkey)) && is_array($params) ? $params : array();
$company_id = in_array($this->current_user->group_id, array(GROUP_ADMIN, GROUP_STAFF, GROUP_ENGINEER)) ? $this->_post_args('company_id', ARGS_TYPE_INT, array_key_exists(SYS_COMPANY_ID, $params) && gtzero_integer($params[SYS_COMPANY_ID]) ? to_int($params[SYS_COMPANY_ID]) : 0) : $this->current_user->company_id;
$site_id = isset($params[SYS_SITE_ID]) && gtzero_integer($params[SYS_SITE_ID]) ? to_int($params[SYS_SITE_ID]) : 0;
$redirect_url = $this->_post_args('redirect_url', ARGS_TYPE_STRING, $this->agent->referrer());
$site_statuses = array('' => '', 1 => 'OPEN', 2 => 'SUBMITTED', 3 => 'COMPLETED');
$site_info = $this->site_m->details($site_id, $company_id);
if (!$site_info || _has_company_group_access($this->current_user->group_id) && $site_info->company_id != $this->current_user->company_id) {
$this->show_permission_denied_error($method);
}
$company_id = in_array($this->current_user->group_id, array(GROUP_ADMIN, GROUP_STAFF, GROUP_ENGINEER)) ? $this->_post_args('company_id', ARGS_TYPE_INT, $site_info->company_id) : $this->current_user->company_id;
$doc_key = $this->_post_args('doc_key', ARGS_TYPE_STRING) ? $this->_post_args('doc_key', ARGS_TYPE_STRING) : keygen();
$csrf = _get_csrf_nonce();
$headings = array("SITE", "FORM", "DATE ADDED", "ADDED BY", "STATUS", "DATE SUBMITTED", "SUBMITTED BY", "DATE COMPLETED", "COMPLETED BY");
$this->load->library('PHPExcel');
$this->load->library('PHPExcel/IOFactory');
// Create a new PHPExcel object
$objPHPExcel = new PHPExcel();
$objPHPExcel->getActiveSheet()->setTitle('List of Site Forms');
$rowNumber = 1;
$col = 'A';
foreach ($headings as $heading) {
$objPHPExcel->getActiveSheet()->setCellValue($col . $rowNumber, $heading);
$col++;
}
// Loop through the result set
$rowNumber = 2;
foreach ($site_info->site_forms as $site_form) {
$col = 'A';
$objPHPExcel->getActiveSheet()->setCellValue($col++ . $rowNumber, $site_info->site_code);
$objPHPExcel->getActiveSheet()->setCellValue($col++ . $rowNumber, $site_form->form_name);
$objPHPExcel->getActiveSheet()->setCellValue($col++ . $rowNumber, _validate_date($site_form->added_on, 'Y-m-d H:i:s') ? local_time($site_form->added_on, 'M d, Y @ h:ia') : '');
$objPHPExcel->getActiveSheet()->setCellValue($col++ . $rowNumber, $site_form->added_by_name);
$objPHPExcel->getActiveSheet()->setCellValue($col++ . $rowNumber, $site_statuses[$site_form->status]);
$objPHPExcel->getActiveSheet()->setCellValue($col++ . $rowNumber, _validate_date($site_form->submitted_on, 'Y-m-d H:i:s') ? local_time($site_form->submitted_on, 'M d, Y @ h:ia') : '');
$objPHPExcel->getActiveSheet()->setCellValue($col++ . $rowNumber, $site_form->submitted_by_name);
$objPHPExcel->getActiveSheet()->setCellValue($col++ . $rowNumber, _validate_date($site_form->completed_on, 'Y-m-d H:i:s') ? local_time($site_form->completed_on, 'M d, Y @ h:ia') : '');
$objPHPExcel->getActiveSheet()->setCellValue($col++ . $rowNumber, $site_form->completed_by_name);
$rowNumber++;
}
$objWriter = IOFactory::createWriter($objPHPExcel, 'Excel5');
// We'll be outputting an excel file
header('Content-type: application/vnd.ms-excel');
// It will be called file.xls
header('Content-Disposition: attachment; filename="' . date('Ymd') . '.xls"');
// Write file to the browser
$objWriter->save('php://output');
}
function do_package_install()
{
global $package_installer_console;
global $edit_domain;
global $adm_login;
global $pkg_info;
global $dtcpkg_db_login;
$package_installer_console .= "=> Installer Preparing Configuration for WordPress 2.5.1<br>";
$admin_path = getAdminPath($adm_login);
$vhost_path = $admin_path . "/" . $edit_domain . "/subdomains/" . $_REQUEST["subdomain"] . "/html";
$hostname = $_REQUEST["subdomain"] . "." . $edit_domain;
$vhost_url = "http://{$hostname}/";
$cmd = "mv " . $vhost_path . "/" . $pkg_info["directory"] . " " . $vhost_path . "/" . $_REQUEST["dtcpkg_directory"];
$data = array();
$data["lang"] = "english";
$data["dbms"] = "mysql4";
$data["upgrade"] = "0";
$data["dbhost"] = "localhost";
$data["dbname"] = $_REQUEST["database_name"];
$data["dbuser"] = $dtcpkg_db_login;
$data["dbpasswd"] = $_REQUEST["dtcpkg_db_pass"];
$data["prefix"] = "wordpress_";
$data["server_name"] = $hostname;
$data["server_port"] = "80";
$data["admin_name"] = $_REQUEST["dtcpkg_login"];
$data["admin_pass1"] = $_REQUEST["dtcpkg_pass"];
$data["admin_pass2"] = $_REQUEST["dtcpkg_pass"];
$data["install_step"] = "1";
$data["cur_lang"] = "english";
//Prepare WordPress Configuration
function keygen($length)
{
$key = '';
for ($i = 0; $i < $length; $i++) {
$key .= chr(rand(40, 127));
}
return $key;
}
$wpconfig = array();
$wpconfig["gophp"] = "<?php";
$wpconfig["dbname"] = "define('DB_NAME','" . $data["dbname"] . "');";
$wpconfig["dbuser"] = "******" . $data["dbuser"] . "');";
$wpconfig["dbpasswd"] = "define('DB_PASSWORD','" . $data["dbpasswd"] . "');";
$wpconfig["dbhost"] = "define('DB_HOST','localhost');";
$wpconfig["dbcharset"] = "define('DB_CHARSET','utf8');";
$wpconfig["dbcollate"] = "define('DB_COLLATE','');";
$wpconfig["seckey"] = "define('SECRET_KEY','" . keygen(25) . "');";
$wpconfig["tblpfx"] = "\$" . "table_prefix = 'wp_';";
$wpconfig["wplang"] = "define('WPLANG','');";
$wpconfig["abspath"] = "define('ABSPATH',dirname(__FILE__).'/');";
$wpconfig["req_once"] = "require_once(ABSPATH.'wp-settings.php');";
$wpconfig["nophp"] = "?>";
$wpconf_str = implode("\n", $wpconfig);
//Write WordPress Config File
if (!file_put_contents($vhost_path . "/" . $_REQUEST["dtcpkg_directory"] . "/wp-config.php", $wpconf_str)) {
$package_installer_console .= "=> Error Writing WordPress Configuration 'wp-config.php'<br>";
} else {
$package_installer_console .= "=> WordPress Configuration 'wp-config.php' written<br>";
}
//Set url for post install script, currently not used,
//but returns HTTP/1.1 200 OK on WordPress install success.
$url = $vhost_url . $_REQUEST["dtcpkg_directory"] . "/" . $pkg_info["post_script_url"];
// print_r($data);
$package_installer_console .= "=> Calling {$url}<br>";
$ret = HTTP_Post($url, $data, $url);
$weblines = explode("\n", $ret);
// HTTP/1.1 200 OK
$package_installer_console .= "=> Script returns: " . $weblines[0] . "\n\n";
$package_installer_console .= "WordPress will ask for a blog name and admin email address the first time you run it.\n\n WordPress will then show your admin login and password. Write it down to avoid trouble!\n\n";
return 0;
// Ok, no problem ! :)
}
require_once '../../../../performanceanxietyquestionnaire.com/src/login.php';
$count = $_POST["keycount"];
$mysqli = new mysqli($host, $user, $pass, $dtbs);
if (mysqli_connect_errno()) {
echo "<p>";
echo "Connect Error: " . mysqli_connect_errno();
echo "</p>";
} else {
for ($i = 0; $i < $count; $i++) {
$licKey = keygen();
$hashedKey = hash("md5", $licKey);
$query = "SELECT * FROM License WHERE licenseKey = '" . $hashedKey . "';";
$result = $mysqli->query($query);
while ($result->num_rows != 0) {
//echo "<br>".$hashedKey;
$licKey = keygen();
$hashedKey = hash("md5", $licKey);
$query = "SELECT * FROM License WHERE licenseKey ='" . $hashedKey . "';";
$result = $mysqli->query($query);
}
$insert = "INSERT into License (id, licenseKey, active) VALUES (";
$insert .= "0";
$insert .= ", '" . $hashedKey . "'";
$insert .= ", 1);";
//echo "<br>".$insert;
$result = $mysqli->query($insert);
if ($result) {
$keyFile .= $licKey . "\n";
$keyOutput .= $licKey . "<br>";
$get_id = "select id from License where licenseKey = '{$hashedKey}';";
$result = $mysqli->query($get_id);
# Prolong TTL
#
$item_ids = cw_query("SELECT {$tables['order_details']}.item_id FROM {$tables['order_details']}, {$tables['download_keys']} WHERE {$tables['order_details']}.doc_id = '{$doc_id}' AND {$tables['order_details']}.item_id = {$tables['download_keys']}.item_id");
if ($item_ids) {
foreach ($item_ids as $v) {
db_query("UPDATE {$tables['download_keys']} SET expires = '" . (time() + $config['egoods']['download_key_ttl'] * 3600) . "' WHERE item_id = '{$v['item_id']}'");
}
}
$pids = cw_query("SELECT {$tables['order_details']}.item_id, {$tables['order_details']}.product_id, {$tables['products']}.distribution FROM {$tables['order_details']}, {$tables['products']} WHERE {$tables['order_details']}.doc_id = '{$doc_id}' AND {$tables['order_details']}.product_id = {$tables['products']}.product_id AND {$tables['products']}.distribution != ''");
if ($pids) {
$keys = array();
foreach ($pids as $v) {
if (cw_query_first_cell("SELECT COUNT(*) FROM {$tables['download_keys']} WHERE item_id = '{$v['item_id']}'")) {
continue;
}
$keys[$v['item_id']]['download_key'] = keygen($v['product_id'], $config['egoods']['download_key_ttl'], $v['item_id']);
$keys[$v['item_id']]['distribution_filename'] = basename($v['distribution']);
}
if (!empty($keys)) {
$order = cw_order_data($doc_id);
if (!empty($order)) {
foreach ($order['products'] as $k => $v) {
if (isset($keys[$v['item_id']])) {
$order['products'][$k] = cw_array_merge($v, $keys[$v['item_id']]);
}
}
$smarty->assign('products', $order['products']);
$smarty->assign('order', $order['order']);
$smarty->assign('userinfo', $order['userinfo']);
cw_call('cw_send_mail', array($config['Company']['orders_department'], $order['userinfo']['email'], "mail/egoods_download_keys_subj.tpl", "mail/egoods_download_keys.tpl"));
}
public function show($pkey, $method = "echo")
{
_has_user_access_permission(TRUE, array('admin', 'staff'));
$params = ($params = unserialize_object($pkey)) && is_array($params) ? $params : array();
$company_id = isset($params[SYS_COMPANY_ID]) && gtzero_integer($params[SYS_COMPANY_ID]) ? to_int($params[SYS_COMPANY_ID]) : 0;
$redirect_url = $this->_post_args('redirect_url', ARGS_TYPE_STRING, $this->agent->referrer());
$company_info = $this->company_m->details($company_id);
if (!$company_info) {
$this->show_permission_denied_error($method);
}
$doc_key = $this->_post_args('doc_key', ARGS_TYPE_STRING) ? $this->_post_args('doc_key', ARGS_TYPE_STRING) : keygen();
$csrf = _get_csrf_nonce();
$data = array('form_action' => site_url('agencies/edit/' . $pkey), 'cancel_url' => $redirect_url, 'page' => 'companies/show', 'title' => 'Edit Agency', 'submit_btn_text' => 'Save Changes', 'logo' => $company_info->logo, 'name' => $company_info->name, 'address' => $company_info->address, 'active' => $company_info->active, 'gmt_offset' => $company_info->gmt_offset, 'scripts' => array('companies/show.js'), 'hiddenvars' => array_merge($csrf, array('redirect_url' => $redirect_url)), 'doc_key' => $doc_key);
if ($this->input->is_ajax_request()) {
$html = $this->template->raw_view('pages/companies/show_modal', $data, TRUE);
if ($method == "ajax") {
$output['html'] = $html;
$this->_output_request($output, $redirect_url);
} else {
echo $html;
}
} else {
if (!empty($output['status'])) {
set_flash_data($output['status'], $output['message'], FALSE);
}
$this->template->load('default', $data);
}
}
}
echo '
</tbody>
</table>
<p><input type="submit" value="Opslaan" /></p>
</fieldset>
</form>
';
} elseif (intval($_POST['step']) == 3) {
$names = $_POST['namen'];
$mails = $_POST['mails'];
$already = array();
foreach ($names as $key => $value) {
$name = mysql_real_escape_string($value);
$mail = mysql_real_escape_string($mails[$key]);
$code = keygen(10);
if (strlen($name) > 0) {
if (!is_unieke_naam_in_groep($name, $_SESSION['gid'])) {
$already[] = $name;
} else {
$sql = "INSERT INTO mensen SET\r\n naam = '" . $name . "',\r\n mail = '" . $mail . "',\r\n groep_id = " . $_SESSION['gid'] . ",\r\n code = '" . $code . "'";
$res = mysql_query($sql) or echo_mysql_error($sql);
mail($name . ' <' . $mail . '>', 'Lootjes trekken', '
Hallo ' . $name . ',
Zojuist is er een account voor je aangemaakt voor de Lootjestrekmachine in de groep \'' . $_SESSION['gname'] . '\'.
Groepsnaam: ' . $_SESSION['gname'] . '
Naam: ' . $name . '
Inlogcode: ' . $code . '
function handle_upload()
{
//print_r($_FILES);
$y = date('Y', current_time('timestamp'));
$d = date('d', current_time('timestamp'));
$m = date('m', current_time('timestamp'));
$full = $y . '/' . $m . '/' . $d;
// chmod(WP_CONTENT_DIR.'/cdm_uploads/'.$y.'/'.$m.'/'.$d, 777);
// chmod(WP_CONTENT_DIR.'/cdm_uploads/'.$y.'/'.$m, 777);
// chmod(WP_CONTENT_DIR.'/cdm_uploads/'.$y, 777);
$permission_denied = !file_exists(WP_CONTENT_DIR . '/cdm_uploads/' . $y) ? mkdir(WP_CONTENT_DIR . '/cdm_uploads/' . $y, 0755) ? true : false : false;
$permission_denied = !file_exists(WP_CONTENT_DIR . '/cdm_uploads/' . $y . '/' . $m) ? mkdir(WP_CONTENT_DIR . '/cdm_uploads/' . $y . '/' . $m, 0755) ? true : false : false;
$permission_denied = !file_exists(WP_CONTENT_DIR . '/cdm_uploads/' . $y . '/' . $m . '/' . $d) ? mkdir(WP_CONTENT_DIR . '/cdm_uploads/' . $y . '/' . $m . '/' . $d, 0755) ? true : false : false;
if ($permission) {
$error = true;
$msg = 'Permission denied! Cannot create directories, Please make sure the directory wp-content/cdm_uploads is writable.';
} else {
$uploadDir = WP_CONTENT_DIR . '/cdm_uploads/' . $full . '/';
if (!empty($_FILES)) {
$tempFile = $_FILES['Filedata']['tmp_name'][0];
// Validate the file type
$fileTypes = explode(',', $this->configuration->allowed_extension);
//$fileTypes = array('jpg', 'jpeg', 'gif', 'png'); // Allowed file extensions
$fileParts = pathinfo($_FILES['Filedata']['name'][0]);
$file_name = keygen(32) . '.' . $fileParts['extension'];
$targetFile = $uploadDir . $file_name;
//$_FILES['Filedata']['name'][0];
// Validate the filetype
if (in_array($fileParts['extension'], $fileTypes)) {
// Save the file
if (move_uploaded_file($tempFile, $targetFile)) {
if ($id = $this->_save_file($file_name, $full, $_FILES['Filedata']['name'][0])) {
$error = false;
$msg = "File " . $_FILES['Filedata']['name'][0] . " Uploaded!";
$data = array('id' => $id, 'name' => $_FILES['Filedata']['name'][0]);
} else {
$error = true;
$msg = "Server problem! Couldn't save the file to database, please try again. Here is the server message <br/>" . mysql_error();
}
}
} else {
$error = true;
$msg = "File type not allowed. Only " . $this->configuration->allowed_extension . " are allowed.";
}
}
}
header("Content-Type: application/json");
print_r(json_encode(array('error' => $error, 'msg' => $msg, 'file_data' => $data)));
die;
}
public function qedit($pkey, $method = "echo")
{
_has_user_access_permission(TRUE, array('admin'));
$params = ($params = unserialize_object($pkey)) && is_array($params) ? $params : array();
$form_type_id = isset($params[SYS_FORM_TYPE_ID]) && gtzero_integer($params[SYS_FORM_TYPE_ID]) ? to_int($params[SYS_FORM_TYPE_ID]) : 0;
$question_id = isset($params[SYS_QUESTION_ID]) && gtzero_integer($params[SYS_QUESTION_ID]) ? to_int($params[SYS_QUESTION_ID]) : 0;
$redirect_url = $this->_post_args('redirect_url', ARGS_TYPE_STRING, $this->agent->referrer());
$form_info = $this->survey_m->form_type_details($form_type_id);
$question_info = $this->survey_m->get_question_detail($question_id, $form_type_id);
$this->form_validation->set_rules('description', 'Description', 'required|xss_clean');
$this->form_validation->set_rules('help_text', 'Help Text', 'trim|xss_clean');
$this->form_validation->set_rules('question_type', 'Question Type', 'required|xss_clean');
$this->form_validation->set_rules('allowed_types', 'Allowed Types', 'callback__allowed_types');
$this->form_validation->set_rules('max_size', 'Max Size', 'callback__max_size');
$this->form_validation->set_rules('db_table', 'Table', 'callback__db_table');
$this->form_validation->set_rules('options', 'options', 'callback__seloptions');
$this->form_validation->set_rules('sort_order', 'Sort Order', '');
$output = array('message' => "", 'status' => "");
if ($this->form_validation->run() == TRUE) {
$question_type = $this->_post_args('question_type', ARGS_TYPE_STRING);
$input = array('form_type_id' => $form_type_id, 'form_section_id' => $this->_post_args('form_section_id', ARGS_TYPE_INT), 'description' => $this->_post_args('description', ARGS_TYPE_STRING), 'help_text' => $this->_post_args('help_text', ARGS_TYPE_STRING), 'type' => $this->_post_args('question_type', ARGS_TYPE_STRING, 'text'), 'allowed_types' => $question_type == 'upload' ? implode('|', $this->_post_args('allowed_types', ARGS_TYPE_ARRAY)) : '', 'max_size' => $question_type == 'upload' ? $this->_post_args('max_size', ARGS_TYPE_STRING) : 0, 'table' => $question_type == 'database_table' ? $this->_post_args('db_table', ARGS_TYPE_STRING) : '', 'options' => in_array($question_type, array('radio', 'checkbox', 'select')) ? $this->_post_args('options', ARGS_TYPE_STRING) : '', 'sort_order' => $this->_post_args('sort_order', ARGS_TYPE_INT));
$is_record_updated = $this->survey_m->qupdate($input, $question_id);
if ($is_record_updated > 0) {
$output['status'] = SUCCESS_MESSAGE;
$output['message'] = sprintf('The question for site form "%s" was updated.', $form_info->name);
$output['form_type_id'] = $form_type_id;
} else {
$output['message'] = sprintf('Unable to update question for site form record "%s". Please report the issue to %s', $form_info->name, $this->cfg->contact_email);
$output['status'] = ERROR_MESSAGE;
}
$this->_output_request($output, $redirect_url);
} else {
if (validation_errors()) {
$output['message'] = validation_errors();
$output['status'] = ERROR_MESSAGE;
}
}
$doc_key = $this->input->post('doc_key') ? $this->input->post('doc_key') : keygen();
$csrf = _get_csrf_nonce();
$data = array('form_action' => site_url('survey/qedit/' . $pkey), 'cancel_url' => $redirect_url, 'page' => 'survey/qform', 'title' => 'Question Detail', 'submit_btn_text' => 'Save Changes', 'form_type_id' => $form_type_id, 'form_section_id' => $this->_post_args('form_section_id', ARGS_TYPE_INT, $question_info->form_section_id), 'description' => $this->_post_args('description', ARGS_TYPE_STRING, $question_info->description), 'help_text' => $this->_post_args('help_text', ARGS_TYPE_STRING, $question_info->help_text), 'question_type' => $this->_post_args('question_type', ARGS_TYPE_STRING, $question_info->type), 'allowed_types' => $this->_post_args('allowed_types', ARGS_TYPE_ARRAY, !empty($question_info->allowed_types) ? explode('|', $question_info->allowed_types) : array()), 'max_size' => $this->_post_args('max_size', ARGS_TYPE_STRING, $question_info->max_size), 'db_table' => $this->_post_args('db_table', ARGS_TYPE_STRING, $question_info->table), 'options' => $this->_post_args('options', ARGS_TYPE_STRING, $question_info->options), 'sort_order' => $this->_post_args('sort_order', ARGS_TYPE_INT, $question_info->sort_order), 'scripts' => array('survey/qform.js'), 'hiddenvars' => array_merge($csrf, array('redirect_url' => $redirect_url)));
if ($this->input->is_ajax_request()) {
$html = $this->template->raw_view('pages/survey/qform_modal', $data, TRUE);
if ($method == "ajax") {
$output['html'] = $html;
$this->_output_request($output, $redirect_url);
} else {
echo $html;
}
} else {
if (!empty($output['status'])) {
set_flash_data($output['status'], $output['message'], FALSE);
}
$this->template->load('default', $data);
}
}
$db->insertImageAccessEntry($_POST['ids_avions'], $_POST['description'], $image_id, $_POST['user_key'], $_POST['id_categorie'], $_POST['rank']);
$db->commit();
$confirm = "Accès ajouté.";
$httpQuery->delete('indexForm', 'active');
// Générer la vignette
$vignette = new Image();
$vignette->createfromjpg($fileInfo['dirname'] . '/' . $fileInfo['basename'])->setHeight('24')->save(getHttpImagesRoot() . '/' . $fileInfo['basename']);
unset($vignette);
} catch (Exception $e) {
$error = $e->getMessage() . "<br />Détail :<br />" . $e->getTraceAsString();
}
}
}
// Ajouter un accès à un document
if ($httpQuery->has('indexForm', 'active')) {
$user_key = keygen();
$id_avion = false;
$submitName = 'activate_access';
$submitValue = 'Activer';
$description = '';
$categorie_id = '';
$rank = 0;
$id_avion_image = 0;
$comment = '';
$ids_avion_arr = $db->getAllProducts();
}
// Tous les documents présent sur l'espace ftp
$allImages = readdir_recursive(getFtpImagesRoot() . '/', array('jpg', 'jpeg', 'png', 'JPG', 'JPEG', 'PNG'));
// Toutes les images activés dans la base
// Tableau sous la forme [id_image] => full_path;
$allDbImages = $db->getAllImagesPath();
<?php
if (!defined('APP_START')) {
die('Access denied');
}
if (empty($products)) {
return false;
}
cw_load('mail');
$send_keys = false;
foreach ($products as $key => $value) {
if ($value['distribution']) {
$download_key = keygen($value['product_id'], $config['egoods']['download_key_ttl'], $value['item_id']);
$products[$key]['download_key'] = $download_key;
$products[$key]['distribution_filename'] = basename($products[$key]['distribution']);
$send_keys = true;
}
}
$smarty->assign('products', $products);
if ($send_keys) {
$to_customer = cw_user_get_language($userinfo['customer_id']);
if (empty($to_customer)) {
$to_customer = $config['default_customer_language'];
}
cw_call('cw_send_mail', array($config['Company']['orders_department'], $userinfo['email'], 'mail/egoods_download_keys_subj.tpl', 'mail/egoods_download_keys.tpl'));
}
public function show($pkey, $method = "echo")
{
_has_user_access_permission(TRUE, array('admin', 'management_company'));
$output = array('message' => "", 'status' => "");
$params = ($params = unserialize_object($pkey)) && is_array($params) ? $params : array();
$company_id = $this->current_user->group_id == 1 ? 0 : $this->current_user->company_id;
$user_id = isset($params[SYS_USER_ID]) && gtzero_integer($params[SYS_USER_ID]) ? to_int($params[SYS_USER_ID]) : 0;
$redirect_url = $this->_post_args('redirect_url', ARGS_TYPE_STRING, $this->agent->referrer());
$user_info = $this->user_m->details($user_id);
if (!$user_info || _has_company_group_access($this->current_user->group_id) && $user_info->company_id != $this->current_user->company_id || $this->current_user->user_id == $user_id) {
$this->show_permission_denied_error($method);
}
$doc_key = $this->_post_args('doc_key', ARGS_TYPE_STRING) ? $this->_post_args('doc_key', ARGS_TYPE_STRING) : keygen();
$csrf = _get_csrf_nonce();
$data = array("user_id" => $user_id, 'form_action_type' => FORM_ACTION_SHOW, 'form_action' => site_url('users/edit/' . $pkey), 'cancel_url' => $redirect_url, 'page' => 'user/show', 'title' => 'User Detail', 'submit_btn_text' => 'Save Changes', 'company_name' => $user_info->company_name, 'group_name' => $user_info->group_description, 'first_name' => $user_info->first_name, 'last_name' => $user_info->last_name, 'phone' => $user_info->phone, 'email' => $user_info->email, 'group_id' => $user_info->group_id, 'company_id' => $company_id, 'client_ids' => $user_info->client_ids, 'group_id' => $user_info->group_id, 'scripts' => array('user/show.js'), 'hiddenvars' => array(), 'doc_key' => $doc_key);
if ($this->input->is_ajax_request()) {
$html = $this->template->raw_view('pages/user/show_modal', $data, TRUE);
if ($method == "ajax") {
$output['html'] = $html;
$this->_output_request($output, $redirect_url);
} else {
echo $html;
}
} else {
if (!empty($output['status'])) {
set_flash_data($output['status'], $output['message'], FALSE);
}
$this->template->load('default', $data);
}
}
public function show($pkey, $method = "echo")
{
_has_user_access_permission(TRUE, array('admin', 'management_company', 'user_company'));
$params = ($params = unserialize_object($pkey)) && is_array($params) ? $params : array();
$company_id = $this->current_user->group_id == 1 ? $this->_post_args('company_id', ARGS_TYPE_INT, array_key_exists(SYS_COMPANY_ID, $params) && gtzero_integer($params[SYS_COMPANY_ID]) ? to_int($params[SYS_COMPANY_ID]) : 0) : $this->current_user->company_id;
$client_id = isset($params[SYS_CLIENT_ID]) && gtzero_integer($params[SYS_CLIENT_ID]) ? (int) $params[SYS_CLIENT_ID] : 0;
$redirect_url = $this->_post_args('redirect_url', ARGS_TYPE_STRING, $this->agent->referrer());
$client_info = $this->client_m->details($client_id, $company_id);
if (!$client_info || _has_company_group_access($this->current_user->group_id) && $client_info->company_id != $this->current_user->company_id) {
$this->show_permission_denied_error($method);
}
$company_id = $this->current_user->group_id == 1 ? $this->_post_args('company_id', ARGS_TYPE_INT, $client_info->company_id) : $this->current_user->company_id;
$doc_key = $this->_post_args('doc_key', ARGS_TYPE_STRING) ? $this->_post_args('doc_key', ARGS_TYPE_STRING) : keygen();
$csrf = _get_csrf_nonce();
$data = array("client_id" => $client_id, 'notes_listing_url' => site_url('notes/index/' . serialize_object(array(SYS_REF_ID => $client_id, SYS_NOTE_TYPE_ID => NOTE_TYPE_CLIENT))), 'form_action' => site_url('clients/edit/' . $pkey), 'cancel_url' => $redirect_url, 'page' => 'clients/show', 'title' => 'Client Detail', 'submit_btn_text' => 'Save Changes', 'company_id' => $company_id, 'company_name' => $client_info->company_name, 'client_name' => $client_info->full_name, 'first_name' => $client_info->first_name, 'last_name' => $client_info->last_name, 'address' => $client_info->address, 'postcode' => $client_info->postcode, 'phone' => $client_info->phone, 'email' => $client_info->email, 'avatar' => $client_info->avatar, 'contact_first_name' => $client_info->contact_first_name, 'contact_last_name' => $client_info->contact_last_name, 'contact_address' => $client_info->contact_address, 'contact_email' => $client_info->contact_email, 'contact_phone' => $client_info->contact_phone, 'contact_mobile' => $client_info->contact_mobile, 'contact_fax' => $client_info->contact_fax, 'notes' => $this->_post_args('notes', ARGS_TYPE_STRING), 'scripts' => array('clients/show.js'), 'hiddenvars' => array_merge($csrf, array('redirect_url' => $redirect_url)));
if ($this->input->is_ajax_request()) {
$html = $this->template->raw_view('pages/clients/show_modal', $data, TRUE);
if ($method == "ajax") {
$output['html'] = $html;
$this->_output_request($output, $redirect_url);
} else {
echo $html;
}
} else {
if (!empty($output['status'])) {
set_flash_data($output['status'], $output['message'], FALSE);
}
$this->template->load('default', $data);
}
}
break;
case "/pull":
git("pull github master");
break;
case "/status":
git("status");
break;
case "/log":
git('log --pretty=format:"%h - %an, %ar : %s"');
break;
case "/burn":
case "/燒毀":
burn($dict);
break;
case "/keygen":
keygen();
break;
default:
if (strpos($message, "@" . BOT_NAME)) {
sendMsg("我沒這指令, 你想做什麼??");
}
//error(3);
break;
}
} else {
error(2);
}
} else {
// 訊息不是 / 開頭
if (strpos($message, "@" . BOT_NAME) !== false) {
sendMsg("嗨~ Tag 我幹嘛?");
exit;
}
include '../../../config.inc';
include '../include/basefunction.php';
function safe($str)
{
// $str=htmlspecialchars($str,ENT_QUOTES);
return "'" . mysql_real_escape_string($str) . "'";
}
include '../include/dbconnect.php';
if (mysql_select_db(DBNAME)) {
//校验参数正确性
$repos = mysql_real_escape_string($_POST['repos']);
$path = mysql_real_escape_string($_POST['path']);
$para = array($repos, $path);
if (keygen($para) != $_POST['sig']) {
echo "参数非法!请勿越权操作!";
exit;
}
if (function_exists('iconv')) {
$_POST["newdescript"] = iconv("UTF-8", "GB2312", $_POST["newdescript"]);
}
$des = safe($_POST['newdescript']);
$pattern = '/(\\d+)\\.\\d+\\.\\d+/i';
preg_match($pattern, mysql_get_server_info(), $out);
$encode = '';
if ($out[1] > 4) {
$encode = " DEFAULT CHARSET=utf8 ";
}
$createtb = "create table IF NOT EXISTS dir_des(\r\n `repository` varchar(20) NOT NULL,\r\n `path` varchar(255) NOT NULL,\r\n `des` text(500) default NULL,\r\n PRIMARY KEY (`path`,`repository`)\r\n\t\t)ENGINE=MyISAM {$encode};";
mysql_query($createtb);
/**
* Constructor of the class
*
* @param mixed $id the param
* @since Version 0.0.1
* @version 0.0.1
*/
public function __construct()
{
$this->id = keygen(50);
$players = array();
}
