$rec['ID'] = SQLInsert($table_name, $rec); // adding new record } $out['OK'] = 1; } else { $out['ERR'] = 1; } } if (is_array($rec)) { foreach ($rec as $k => $v) { if (!is_array($v)) { $rec[$k] = htmlspecialchars($v); } } } outHash($rec, $out); $out['LOG'] = nl2br($out['LOG']); if ($rec['ID']) { $properties = SQLSelect("SELECT * FROM owproperties WHERE DEVICE_ID='" . $rec['ID'] . "' ORDER BY SYSNAME"); if ($this->mode == 'update') { $total = count($properties); for ($i = 0; $i < $total; $i++) { global ${'linked_object' . $properties[$i]['ID']}; global ${'linked_property' . $properties[$i]['ID']}; if (${'linked_object' . $properties[$i]['ID']} && ${'linked_property' . $properties[$i]['ID']}) { $properties[$i]['LINKED_OBJECT'] = ${'linked_object' . $properties[$i]['ID']}; $properties[$i]['LINKED_PROPERTY'] = ${'linked_property' . $properties[$i]['ID']}; SQLUpdate('owproperties', $properties[$i]); } elseif ($properties[$i]['LINKED_OBJECT'] || $properties[$i]['LINKED_PROPERTY']) { $properties[$i]['LINKED_OBJECT'] = ''; $properties[$i]['LINKED_PROPERTY'] = '';
/** * btdevices edit/add * * @access public */ function edit_btdevices(&$out, $id) { $rec = SQLSelectOne("SELECT * FROM btdevices WHERE ID='" . (int) $id . "'"); if ($this->mode == 'update') { global $title; global $user_id; $rec['TITLE'] = $title; $rec['USER_ID'] = $user_id; SQLUpdate('btdevices', $rec); $this->redirect("?"); } $rec['LOG'] = nl2br($rec['LOG']); outHash($rec, $out); $out['USERS'] = SQLSelect("SELECT * FROM users ORDER BY NAME"); }
function run() { // running current module global $mode; global $name; $rep_ext = ""; if (preg_match('/\\.dev/is', $_SERVER['HTTP_HOST'])) { $rep_ext = '.dev'; } if (preg_match('/\\.jbk/is', $_SERVER['HTTP_HOST'])) { $rep_ext = '.jbk'; } if (preg_match('/\\.bk/is', $_SERVER['HTTP_HOST'])) { $rep_ext = '.bk'; } if ($rep_ext) { $out['LOCAL_PROJECT'] = 1; $out['REP_EXT'] = $rep_ext; $out['HOST'] = $_SERVER['HTTP_HOST']; $out['DOCUMENT_ROOT'] = dirname($_SERVER['SCRIPT_FILENAME']); } if ($mode == "edit") { global $mode2; $rec = SQLSelectOne("SELECT * FROM project_modules WHERE NAME='" . $name . "'"); $rec['NAME'] = $name; if ($mode2 == "update") { global $title; global $category; $rec['TITLE'] = $title; $rec['CATEGORY'] = $category; SQLUpdate("project_modules", $rec); $this->redirect("?name={$name}&mode=edit"); } elseif ($mode2 == "show") { if ($rec['HIDDEN']) { $rec['HIDDEN'] = 0; } else { $rec['HIDDEN'] = 1; } SQLUpdate('project_modules', $rec); $this->redirect("?"); } elseif ($mode2 == "install") { $rec = SQLSelectOne("SELECT * FROM project_modules WHERE NAME='" . $name . "'"); SQLExec("DELETE FROM project_modules WHERE NAME='" . $name . "'"); @unlink(DIR_MODULES . $name . "/installed"); include_once DIR_MODULES . $name . "/" . $name . ".class.php"; $obj = "\$object{$i}"; $code .= "{$obj}=new " . $name . ";\n"; @eval($code); // add module to control access global $session; $user = SQLSelectOne("SELECT * FROM admin_users WHERE LOGIN='******'"); if ($user['ID'] && !Is_Integer(strpos($user["ACCESS"], $name))) { if ($user["ACCESS"] != '') { $user["ACCESS"] .= ",{$name}"; } else { $user["ACCESS"] = $name; } SQLUpdate('admin_users', $user); } SQLExec("UPDATE project_modules SET HIDDEN='" . (int) $rec['HIDDEN'] . "' WHERE NAME='" . $name . "'"); // redirect to edit $this->redirect("?name={$name}&mode=edit"); } elseif ($mode2 == 'uninstall') { SQLExec("DELETE FROM project_modules WHERE NAME='" . $name . "'"); @unlink(DIR_MODULES . $name . "/installed"); if (file_exists(DIR_MODULES . $name . "/" . $name . ".class.php")) { include_once DIR_MODULES . $name . "/" . $name . ".class.php"; $obj = "\$object{$i}"; $code .= "{$obj}=new " . $name . ";\n"; $code .= "{$obj}" . "->uninstall();"; eval($code); } if ($out['LOCAL_PROJECT']) { $this->redirect("?mode=repository_uninstall&module={$name}"); } else { $this->redirect("?"); } } outHash($rec, $out); } if ($mode == 'repository_uninstall') { global $module; $out['MODULE'] = $module; } $out["MODE"] = $mode; $this->getModulesList(); $lst = $this->modules; for ($i = 0; $i < count($lst); $i++) { $rec = SQLSelectOne("SELECT *, DATE_FORMAT(ADDED, '%M %d, %Y (%H:%i)') as DAT FROM project_modules WHERE NAME='" . $lst[$i]['FILENAME'] . "'"); if (isset($rec['ID'])) { outHash($rec, $lst[$i]); } } $out["MODULES"] = $lst; $this->data = $out; $p = new parser(DIR_TEMPLATES . $this->name . "/" . $this->name . ".html", $this->data, $this); $this->result = $p->result; }
/** * BackEnd * * Module backend * * @access public */ function admin(&$out) { /* $this->getConfig(); if ($this->mode=='update') { global $path; $this->config['PATH']=$path; $this->saveConfig(); $out['OK']=1; } $out['PATH']=htmlspecialchars($this->config['PATH']); */ global $id; if ($this->view_mode=='delete') { $rec=SQLSelectOne("SELECT * FROM collections WHERE ID='".(int)$id."'"); SQLExec("DELETE FROM collections WHERE ID='".$rec['ID']."'"); $this->redirect("?"); } if ($this->view_mode=='edit') { $rec=SQLSelectOne("SELECT * FROM collections WHERE ID='".(int)$id."'"); if ($this->mode=='update_collection') { global $title; global $path; $rec['TITLE']=$title; $rec['PATH']=$path; if ($rec['TITLE'] && $rec['PATH']) { if ($rec['ID']) { SQLUpdate('collections', $rec); } else { $rec['ID']=SQLInsert('collections', $rec); } $this->redirect("?"); } } outHash($rec, $out); } $out['COLLECTIONS']=SQLSelect("SELECT * FROM collections ORDER BY TITLE"); }
function run() { // running current module global $session; if ($this->owner->name != 'panel' && $this->owner->name != 'master') { echo "Unauthorized Access"; exit; } if ($this->id == '1') { $this->mode = 'edit'; global $id; global $mode; $id = $this->id; $mode = 'edit'; $out['MASTER'] = 1; } // LDAP inicial if (function_exists('ldap_connect') && is_file(ROOT . 'modules/ldap_users/installed')) { $out['LDAP_ON'] = 1; } if ($this->mode == 'logoff') { unset($session->data['AUTHORIZED']); unset($session->data['USER_NAME']); unset($session->data['USERNAME']); unset($session->data['SITE_USERNAME']); unset($session->data['SITE_USER_ID']); unset($session->data["cp_requested_url"]); $this->owner->redirect("/"); } if ($this->action == "enter") { global $md; global $login; if (!$session->data["cp_requested_url"] && ($md != 'panel' || $action != '') && !$login) { $session->data["cp_requested_url"] = $_SERVER['REQUEST_URI']; } if ($this->mode == "check") { global $login; global $psw; // $user=SQLSelectOne("SELECT * FROM admin_users WHERE LOGIN='******' AND PASSWORD='******'"); $user = SQLSelectOne("SELECT * FROM admin_users WHERE LOGIN='******' AND PASSWORD='******'"); // $user=SQLSelectOne("SELECT * FROM admin_users WHERE 1"); // LDAP logining if ($out['LDAP_ON'] != false && ($user == false || $psw == 'this_ldap_admin')) { include_once ROOT . 'modules/ldap_users/ldap_users.class.php'; $ldap = new ldap_users(); $user = $ldap->ctrl_access(); } // LDAP loginig if (!isset($user['ID'])) { $out["ERRMESS"] = "Wrong username and/or password"; } else { $session->data['AUTHORIZED'] = 1; $session->data['USER_NAME'] = $user['LOGIN']; $session->data['USER_LEVEL'] = $user['PRIVATE']; $session->data['USER_ID'] = $user['ID']; if (!$session->data["cp_requested_url"]) { if (file_exists(DIR_MODULES . 'dashboard/dashboard.class.php')) { $this->owner->redirect("?action=dashboard"); } $this->owner->redirect("?"); } else { $this->owner->redirect($session->data["cp_requested_url"]); } } } } elseif ($this->action == "logged") { $out["USER_NAME"] = $session->data["USER_NAME"]; $tmp = SQLSelectOne("SELECT ID FROM admin_users WHERE LOGIN='******' AND PASSWORD='******'admin') . "'"); if ($tmp['ID']) { $out['WARNING'] = 1; } $user = SQLSelectOne("SELECT * FROM admin_users WHERE LOGIN='******'"); if (!$user['ID']) { unset($session->data['AUTHORIZED']); unset($session->data['USER_NAME']); $session->save(); $this->owner->redirect("?"); } $modules = SQLSelect("SELECT * FROM project_modules WHERE HIDDEN='0' ORDER BY CATEGORY, NAME"); $modulesCnt = count($modules); for ($i = 0; $i < $modulesCnt; $i++) { if (preg_match("/," . $modules[$i]['NAME'] . ",/i", @$user["ACCESS"]) || preg_match("/," . $modules[$i]['NAME'] . "\$/i", @$user["ACCESS"]) || preg_match("/^" . $modules[$i]['NAME'] . ",/i", @$user["ACCESS"]) || preg_match("/^" . $modules[$i]['NAME'] . "\$/i", @$user["ACCESS"]) || 0) { $new[] = $modules[$i]; } } $on_row = 0; $newCnt = count($new); for ($i = 0; $i < $newCnt; $i++) { if ($new[$i]['CATEGORY'] != $new_category) { $new[$i]['NEWCATEGORY'] = 1; $new_category = $new[$i]['CATEGORY']; $on_row = 0; } $on_row++; if ($on_row % 6 == 0 && $on_row >= 6) { $new[$i]['NEWROW'] = 1; } if (file_exists(ROOT . 'img/admin/icons/ico_' . $new[$i]['NAME'] . '.gif')) { $new[$i]['ICON'] = ROOTHTML . 'img/admin/icons/ico_' . $new[$i]['NAME'] . '.gif'; } else { $new[$i]['ICON'] = ROOTHTML . 'img/admin/icons/ico_default.gif'; } } $out["MODULES"] = $new; if (file_exists(DIR_MODULES . 'saverestore/saverestore.class.php')) { $out['CHECK_UPDATES'] = 1; global $check; if ($check) { include_once DIR_MODULES . 'saverestore/saverestore.class.php'; $sv = new saverestore(); $sv->checkUpdates($o); if ($o['NO_UPDATES'] || $o['ERROR_CHECK']) { echo "no"; } else { echo "yes"; } exit; } } } elseif ($this->action == "logoff") { unset($session->data['AUTHORIZED']); unset($session->data['USER_NAME']); unset($session->data['USERNAME']); $this->owner->redirect("?"); } elseif ($this->action == "admin") { global $mode; global $mode2; global $id; if (!$session->data['AUTHORIZED']) { exit; } if ($mode == "delete") { SQLExec("DELETE FROM admin_users WHERE ID='" . $id . "'"); $this->redirect("?"); } if ($mode == "edit") { $user = SQLSelectOne("SELECT * FROM admin_users WHERE ID='" . $id . "'"); if ($mode2 == "update") { $ok = 1; global $name; global $login; global $password; global $email; global $comments; global $sel; global $private; global $EMAIL_ORDERS; global $EMAIL_INVENTORY; $user['NAME'] = $name; if (!checkGeneral($user['NAME'])) { $out["ERR_NAME"] = 1; $ok = 0; } $user['LOGIN'] = $login; if (!checkGeneral($user['LOGIN'])) { $out["ERR_LOGIN"] = 1; $ok = 0; } if ($password != '' || !$user['ID']) { $user['PASSWORD'] = $password; if (!checkGeneral($user['PASSWORD'])) { $out["ERR_PASSWORD"] = 1; $ok = 0; } else { $user['PASSWORD'] = md5($user['PASSWORD']); } } $user['EMAIL'] = $email; $user['COMMENTS'] = $comments; $user['PRIVATE'] = (int) $private; $user['EMAIL_ORDERS'] = $EMAIL_ORDERS; $user['EMAIL_INVENTORY'] = $EMAIL_INVENTORY; if (count($sel) > 0) { $user['ACCESS'] = join(",", $sel); } else { $user['ACCESS'] = ""; } if ($ok) { SQLUpdateInsert("admin_users", $user); $out["OK"] = 1; } } $modules = SQLSelect("SELECT * FROM project_modules"); $modulesCnt = count($modules); for ($i = 0; $i < $modulesCnt; $i++) { if (preg_match("/," . $modules[$i]['NAME'] . ",/i", @$user["ACCESS"]) || preg_match("/," . $modules[$i]['NAME'] . "\$/i", @$user["ACCESS"]) || preg_match("/^" . $modules[$i]['NAME'] . ",/i", @$user["ACCESS"]) || preg_match("/^" . $modules[$i]['NAME'] . "\$/i", @$user["ACCESS"]) || 0) { $modules[$i]["SELECTED"] = 1; } if (($i + 1) % 3 == 0) { $modules[$i]['NEWR'] = 1; } } $user["MODULES"] = $modules; outHash($user, $out); } $users = SQlSelect("SELECT * FROM admin_users ORDER BY ID DESC"); $out["USERS"] = $users; } $out["MODE"] = $mode; $out["ACTION"] = $this->action; $this->data = $out; $p = new parser(DIR_TEMPLATES . $this->name . "/" . $this->name . ".html", $this->data, $this); $this->result = $p->result; }
/** * Title * * Description * * @access public */ function view_layouts(&$out, $id) { $rec=SQLSelectOne("SELECT * FROM layouts WHERE ID='".(int)$id."'"); if (!$rec['ID']) { return 0; } outHash($rec, $out); }
/** * usbdevices edit/add * * @access public */ function edit_usbdevices(&$out, $id) { $rec = SQLSelectOne("SELECT * FROM usbdevices WHERE ID='" . (int) $id . "'"); if ($this->mode == 'update') { global $title; global $user_id; global $script; $rec['TITLE'] = $title; $rec['SCRIPT'] = trim($script); global $run_type; if ($run_type == 'script') { global $script_id; $rec['SCRIPT_ID'] = $script_id; } else { $rec['SCRIPT_ID'] = 0; } if ($rec['SCRIPT'] != '' && $run_type == 'code') { //echo $content; $errors = php_syntax_error($rec['SCRIPT']); if ($errors) { $out['ERR_SCRIPT'] = 1; $out['ERRORS'] = nl2br($errors); $ok = 0; } } $rec['USER_ID'] = $user_id; SQLUpdate('usbdevices', $rec); $this->redirect("?"); } $rec['LOG'] = nl2br($rec['LOG']); outHash($rec, $out); $out['USERS'] = SQLSelect("SELECT * FROM users ORDER BY NAME"); $out['SCRIPTS'] = SQLSelect("SELECT ID, TITLE FROM scripts ORDER BY TITLE"); }
function edit_devices(&$out, $id) { $table_name = 'app_pushbullet'; $rec = SQLSelectOne("SELECT * FROM {$table_name} WHERE ID='{$id}'"); if ($this->mode == 'update') { $ok = 1; global $apikey; global $iden; global $name; $rec['apikey'] = $apikey; $rec['iden'] = $iden; $rec['name'] = $name; if ($rec['apikey'] == '' || $rec['iden'] == '' || $rec['name'] == '') { $out['ERR_stations'] = 1; $ok = 0; } //UPDATING RECORD if ($ok) { if ($rec['ID']) { SQLUpdate($table_name, $rec); // update } else { $new_rec = 1; $rec['ID'] = SQLInsert($table_name, $rec); // adding new record } $out['OK'] = 1; } else { $out['ERR'] = 1; } } outHash($rec, $out); }
/** * BackEnd * * Module backend * * @access public */ function admin(&$out) { $this->getConfig(); $out['CONNECT_USERNAME'] = $this->config['CONNECT_USERNAME']; $out['CONNECT_PASSWORD'] = $this->config['CONNECT_PASSWORD']; $out['CONNECT_SYNC'] = $this->config['CONNECT_SYNC']; $out['SEND_MENU'] = $this->config['SEND_MENU']; $out['SEND_OBJECTS'] = $this->config['SEND_OBJECTS']; $out['SEND_SCRIPTS'] = $this->config['SEND_SCRIPTS']; $out['SEND_PATTERNS'] = $this->config['SEND_PATTERNS']; if ($this->view_mode == 'update_settings') { global $connect_username; global $connect_password; global $connect_sync; $this->config['CONNECT_USERNAME'] = $connect_username; $this->config['CONNECT_PASSWORD'] = $connect_password; $this->config['CONNECT_SYNC'] = (int) $connect_sync; $this->saveConfig(); $this->redirect("?"); } if ($this->view_mode == 'send_data') { $this->sendData($out); } if ($this->tab == 'calls') { if ($this->view_mode == 'sync') { if ($this->config['CONNECT_USERNAME']) { $this->sendCalls(); } $this->redirect("?tab=" . $this->tab); } if ($this->view_mode == 'delete_calls') { global $id; SQLExec("DELETE FROM public_calls WHERE ID='" . (int) $id . "'"); $this->redirect("?tab=" . $this->tab . "&view_mode=sync"); } if ($this->view_mode == 'edit_calls') { global $id; $rec = SQLSelectOne("SELECT * FROM public_calls WHERE ID='" . (int) $id . "'"); if ($this->mode == 'update') { $ok = 1; global $title; $rec['TITLE'] = $title; if (!$rec['TITLE']) { $out['ERR_TITLE'] = 1; $ok = 0; } global $linked_object; $rec['LINKED_OBJECT'] = $linked_object; global $linked_method; $rec['LINKED_METHOD'] = $linked_method; global $protected; $rec['PROTECTED'] = (int) $protected; global $public_username; $rec['PUBLIC_USERNAME'] = $public_username; global $public_password; $rec['PUBLIC_PASSWORD'] = $public_password; if ($ok) { if ($rec['ID']) { SQLUpdate('public_calls', $rec); } else { $rec['ID'] = SQLInsert('public_calls', $rec); } $this->redirect("?tab=" . $this->tab . "&view_mode=sync"); } } outHash($rec, $out); } $calls = SQLSelect("SELECT * FROM public_calls ORDER BY ID DESC"); $out['CALLS'] = $calls; } if ($_GET['uploaded']) { $out['UPLOADED'] = 1; $out['RESULT'] = $_GET['result']; } $out['TAB'] = $this->tab; }
/** * Title * * Description * * @access public */ function usual_edit(&$out) { global $title; global $id; if ($id) { $rec = SQLSelectOne("SELECT * FROM calendar_events WHERE ID='" . (int) $id . "'"); if ($this->mode == 'delete') { SQLExec("DELETE FROM calendar_events WHERE ID='" . (int) $rec['ID'] . "'"); $this->redirect("?"); } } else { $out['TITLE'] = $title; $out['DUE'] = date('Y-m-d'); if ($out['TITLE']) { $others = SQLSelect("SELECT ID, TITLE, IS_DONE FROM calendar_events WHERE TITLE LIKE '%" . DBSafe($out['TITLE']) . "%' ORDER BY ID DESC"); if ($others) { $out['OTHERS'] = $others; } } } if ($this->mode == 'update') { $ok = 1; global $is_task; global $notes; $rec['TITLE'] = $title; if (!$rec['TITLE']) { $ok = 0; $out['ERR_TITLE'] = 1; } $rec['IS_TASK'] = (int) $is_task; $rec['NOTES'] = $notes; global $due; $rec['DUE'] = $due; if (!$rec['DUE']) { $rec['DUE'] = date('Y-m-d'); } global $is_repeating; $rec['IS_REPEATING'] = (int) $is_repeating; global $is_repeating_after; $rec['IS_REPEATING_AFTER'] = (int) $is_repeating_after; global $repeat_in; $rec['REPEAT_IN'] = (int) $repeat_in; global $repeat_type; $rec['REPEAT_TYPE'] = (int) $repeat_type; global $is_done; if ($is_done && !$rec['IS_DONE']) { $marked_done = 1; } $rec['IS_DONE'] = (int) $is_done; global $is_nodate; $rec['IS_NODATE'] = (int) $rec['IS_NODATE']; global $user_id; $rec['USER_ID'] = (int) $user_id; global $location_id; $rec['LOCATION_ID'] = (int) $location_id; global $done_script_id; $rec['DONE_SCRIPT_ID'] = (int) $done_script_id; if ($ok) { if ($rec['ID']) { SQLUpdate('calendar_events', $rec); } else { $rec['ADDED'] = date('Y-m-d H:i:s'); $rec['ID'] = SQLInsert('calendar_events', $rec); } if ($marked_done) { $this->task_done($rec['ID']); } $this->redirect("?"); } } outHash($rec, $out); $out['USERS'] = SQLSelect("SELECT * FROM users ORDER BY NAME"); $out['LOCATIONS'] = SQLSelect("SELECT * FROM gpslocations ORDER BY TITLE"); $out['SCRIPTS'] = SQLSelect("SELECT ID, TITLE FROM scripts ORDER BY TITLE"); }