$rec['ID'] = SQLInsert($table_name, $rec);
// adding new record
}
$out['OK'] = 1;
} else {
$out['ERR'] = 1;
}
}
if (is_array($rec)) {
foreach ($rec as $k => $v) {
if (!is_array($v)) {
$rec[$k] = htmlspecialchars($v);
}
}
}
outHash($rec, $out);
$out['LOG'] = nl2br($out['LOG']);
if ($rec['ID']) {
$properties = SQLSelect("SELECT * FROM owproperties WHERE DEVICE_ID='" . $rec['ID'] . "' ORDER BY SYSNAME");
if ($this->mode == 'update') {
$total = count($properties);
for ($i = 0; $i < $total; $i++) {
global ${'linked_object' . $properties[$i]['ID']};
global ${'linked_property' . $properties[$i]['ID']};
if (${'linked_object' . $properties[$i]['ID']} && ${'linked_property' . $properties[$i]['ID']}) {
$properties[$i]['LINKED_OBJECT'] = ${'linked_object' . $properties[$i]['ID']};
$properties[$i]['LINKED_PROPERTY'] = ${'linked_property' . $properties[$i]['ID']};
SQLUpdate('owproperties', $properties[$i]);
} elseif ($properties[$i]['LINKED_OBJECT'] || $properties[$i]['LINKED_PROPERTY']) {
$properties[$i]['LINKED_OBJECT'] = '';
$properties[$i]['LINKED_PROPERTY'] = '';
/**
* btdevices edit/add
*
* @access public
*/
function edit_btdevices(&$out, $id)
{
$rec = SQLSelectOne("SELECT * FROM btdevices WHERE ID='" . (int) $id . "'");
if ($this->mode == 'update') {
global $title;
global $user_id;
$rec['TITLE'] = $title;
$rec['USER_ID'] = $user_id;
SQLUpdate('btdevices', $rec);
$this->redirect("?");
}
$rec['LOG'] = nl2br($rec['LOG']);
outHash($rec, $out);
$out['USERS'] = SQLSelect("SELECT * FROM users ORDER BY NAME");
}
function run()
{
// running current module
global $mode;
global $name;
$rep_ext = "";
if (preg_match('/\\.dev/is', $_SERVER['HTTP_HOST'])) {
$rep_ext = '.dev';
}
if (preg_match('/\\.jbk/is', $_SERVER['HTTP_HOST'])) {
$rep_ext = '.jbk';
}
if (preg_match('/\\.bk/is', $_SERVER['HTTP_HOST'])) {
$rep_ext = '.bk';
}
if ($rep_ext) {
$out['LOCAL_PROJECT'] = 1;
$out['REP_EXT'] = $rep_ext;
$out['HOST'] = $_SERVER['HTTP_HOST'];
$out['DOCUMENT_ROOT'] = dirname($_SERVER['SCRIPT_FILENAME']);
}
if ($mode == "edit") {
global $mode2;
$rec = SQLSelectOne("SELECT * FROM project_modules WHERE NAME='" . $name . "'");
$rec['NAME'] = $name;
if ($mode2 == "update") {
global $title;
global $category;
$rec['TITLE'] = $title;
$rec['CATEGORY'] = $category;
SQLUpdate("project_modules", $rec);
$this->redirect("?name={$name}&mode=edit");
} elseif ($mode2 == "show") {
if ($rec['HIDDEN']) {
$rec['HIDDEN'] = 0;
} else {
$rec['HIDDEN'] = 1;
}
SQLUpdate('project_modules', $rec);
$this->redirect("?");
} elseif ($mode2 == "install") {
$rec = SQLSelectOne("SELECT * FROM project_modules WHERE NAME='" . $name . "'");
SQLExec("DELETE FROM project_modules WHERE NAME='" . $name . "'");
@unlink(DIR_MODULES . $name . "/installed");
include_once DIR_MODULES . $name . "/" . $name . ".class.php";
$obj = "\$object{$i}";
$code .= "{$obj}=new " . $name . ";\n";
@eval($code);
// add module to control access
global $session;
$user = SQLSelectOne("SELECT * FROM admin_users WHERE LOGIN='******'");
if ($user['ID'] && !Is_Integer(strpos($user["ACCESS"], $name))) {
if ($user["ACCESS"] != '') {
$user["ACCESS"] .= ",{$name}";
} else {
$user["ACCESS"] = $name;
}
SQLUpdate('admin_users', $user);
}
SQLExec("UPDATE project_modules SET HIDDEN='" . (int) $rec['HIDDEN'] . "' WHERE NAME='" . $name . "'");
// redirect to edit
$this->redirect("?name={$name}&mode=edit");
} elseif ($mode2 == 'uninstall') {
SQLExec("DELETE FROM project_modules WHERE NAME='" . $name . "'");
@unlink(DIR_MODULES . $name . "/installed");
if (file_exists(DIR_MODULES . $name . "/" . $name . ".class.php")) {
include_once DIR_MODULES . $name . "/" . $name . ".class.php";
$obj = "\$object{$i}";
$code .= "{$obj}=new " . $name . ";\n";
$code .= "{$obj}" . "->uninstall();";
eval($code);
}
if ($out['LOCAL_PROJECT']) {
$this->redirect("?mode=repository_uninstall&module={$name}");
} else {
$this->redirect("?");
}
}
outHash($rec, $out);
}
if ($mode == 'repository_uninstall') {
global $module;
$out['MODULE'] = $module;
}
$out["MODE"] = $mode;
$this->getModulesList();
$lst = $this->modules;
for ($i = 0; $i < count($lst); $i++) {
$rec = SQLSelectOne("SELECT *, DATE_FORMAT(ADDED, '%M %d, %Y (%H:%i)') as DAT FROM project_modules WHERE NAME='" . $lst[$i]['FILENAME'] . "'");
if (isset($rec['ID'])) {
outHash($rec, $lst[$i]);
}
}
$out["MODULES"] = $lst;
$this->data = $out;
$p = new parser(DIR_TEMPLATES . $this->name . "/" . $this->name . ".html", $this->data, $this);
$this->result = $p->result;
}
/**
* BackEnd
*
* Module backend
*
* @access public
*/
function admin(&$out) {
/*
$this->getConfig();
if ($this->mode=='update') {
global $path;
$this->config['PATH']=$path;
$this->saveConfig();
$out['OK']=1;
}
$out['PATH']=htmlspecialchars($this->config['PATH']);
*/
global $id;
if ($this->view_mode=='delete') {
$rec=SQLSelectOne("SELECT * FROM collections WHERE ID='".(int)$id."'");
SQLExec("DELETE FROM collections WHERE ID='".$rec['ID']."'");
$this->redirect("?");
}
if ($this->view_mode=='edit') {
$rec=SQLSelectOne("SELECT * FROM collections WHERE ID='".(int)$id."'");
if ($this->mode=='update_collection') {
global $title;
global $path;
$rec['TITLE']=$title;
$rec['PATH']=$path;
if ($rec['TITLE'] && $rec['PATH']) {
if ($rec['ID']) {
SQLUpdate('collections', $rec);
} else {
$rec['ID']=SQLInsert('collections', $rec);
}
$this->redirect("?");
}
}
outHash($rec, $out);
}
$out['COLLECTIONS']=SQLSelect("SELECT * FROM collections ORDER BY TITLE");
}
function run()
{
// running current module
global $session;
if ($this->owner->name != 'panel' && $this->owner->name != 'master') {
echo "Unauthorized Access";
exit;
}
if ($this->id == '1') {
$this->mode = 'edit';
global $id;
global $mode;
$id = $this->id;
$mode = 'edit';
$out['MASTER'] = 1;
}
// LDAP inicial
if (function_exists('ldap_connect') && is_file(ROOT . 'modules/ldap_users/installed')) {
$out['LDAP_ON'] = 1;
}
if ($this->mode == 'logoff') {
unset($session->data['AUTHORIZED']);
unset($session->data['USER_NAME']);
unset($session->data['USERNAME']);
unset($session->data['SITE_USERNAME']);
unset($session->data['SITE_USER_ID']);
unset($session->data["cp_requested_url"]);
$this->owner->redirect("/");
}
if ($this->action == "enter") {
global $md;
global $login;
if (!$session->data["cp_requested_url"] && ($md != 'panel' || $action != '') && !$login) {
$session->data["cp_requested_url"] = $_SERVER['REQUEST_URI'];
}
if ($this->mode == "check") {
global $login;
global $psw;
// $user=SQLSelectOne("SELECT * FROM admin_users WHERE LOGIN='******' AND PASSWORD='******'");
$user = SQLSelectOne("SELECT * FROM admin_users WHERE LOGIN='******' AND PASSWORD='******'");
// $user=SQLSelectOne("SELECT * FROM admin_users WHERE 1");
// LDAP logining
if ($out['LDAP_ON'] != false && ($user == false || $psw == 'this_ldap_admin')) {
include_once ROOT . 'modules/ldap_users/ldap_users.class.php';
$ldap = new ldap_users();
$user = $ldap->ctrl_access();
}
// LDAP loginig
if (!isset($user['ID'])) {
$out["ERRMESS"] = "Wrong username and/or password";
} else {
$session->data['AUTHORIZED'] = 1;
$session->data['USER_NAME'] = $user['LOGIN'];
$session->data['USER_LEVEL'] = $user['PRIVATE'];
$session->data['USER_ID'] = $user['ID'];
if (!$session->data["cp_requested_url"]) {
if (file_exists(DIR_MODULES . 'dashboard/dashboard.class.php')) {
$this->owner->redirect("?action=dashboard");
}
$this->owner->redirect("?");
} else {
$this->owner->redirect($session->data["cp_requested_url"]);
}
}
}
} elseif ($this->action == "logged") {
$out["USER_NAME"] = $session->data["USER_NAME"];
$tmp = SQLSelectOne("SELECT ID FROM admin_users WHERE LOGIN='******' AND PASSWORD='******'admin') . "'");
if ($tmp['ID']) {
$out['WARNING'] = 1;
}
$user = SQLSelectOne("SELECT * FROM admin_users WHERE LOGIN='******'");
if (!$user['ID']) {
unset($session->data['AUTHORIZED']);
unset($session->data['USER_NAME']);
$session->save();
$this->owner->redirect("?");
}
$modules = SQLSelect("SELECT * FROM project_modules WHERE HIDDEN='0' ORDER BY CATEGORY, NAME");
$modulesCnt = count($modules);
for ($i = 0; $i < $modulesCnt; $i++) {
if (preg_match("/," . $modules[$i]['NAME'] . ",/i", @$user["ACCESS"]) || preg_match("/," . $modules[$i]['NAME'] . "\$/i", @$user["ACCESS"]) || preg_match("/^" . $modules[$i]['NAME'] . ",/i", @$user["ACCESS"]) || preg_match("/^" . $modules[$i]['NAME'] . "\$/i", @$user["ACCESS"]) || 0) {
$new[] = $modules[$i];
}
}
$on_row = 0;
$newCnt = count($new);
for ($i = 0; $i < $newCnt; $i++) {
if ($new[$i]['CATEGORY'] != $new_category) {
$new[$i]['NEWCATEGORY'] = 1;
$new_category = $new[$i]['CATEGORY'];
$on_row = 0;
}
$on_row++;
if ($on_row % 6 == 0 && $on_row >= 6) {
$new[$i]['NEWROW'] = 1;
}
if (file_exists(ROOT . 'img/admin/icons/ico_' . $new[$i]['NAME'] . '.gif')) {
$new[$i]['ICON'] = ROOTHTML . 'img/admin/icons/ico_' . $new[$i]['NAME'] . '.gif';
} else {
$new[$i]['ICON'] = ROOTHTML . 'img/admin/icons/ico_default.gif';
}
}
$out["MODULES"] = $new;
if (file_exists(DIR_MODULES . 'saverestore/saverestore.class.php')) {
$out['CHECK_UPDATES'] = 1;
global $check;
if ($check) {
include_once DIR_MODULES . 'saverestore/saverestore.class.php';
$sv = new saverestore();
$sv->checkUpdates($o);
if ($o['NO_UPDATES'] || $o['ERROR_CHECK']) {
echo "no";
} else {
echo "yes";
}
exit;
}
}
} elseif ($this->action == "logoff") {
unset($session->data['AUTHORIZED']);
unset($session->data['USER_NAME']);
unset($session->data['USERNAME']);
$this->owner->redirect("?");
} elseif ($this->action == "admin") {
global $mode;
global $mode2;
global $id;
if (!$session->data['AUTHORIZED']) {
exit;
}
if ($mode == "delete") {
SQLExec("DELETE FROM admin_users WHERE ID='" . $id . "'");
$this->redirect("?");
}
if ($mode == "edit") {
$user = SQLSelectOne("SELECT * FROM admin_users WHERE ID='" . $id . "'");
if ($mode2 == "update") {
$ok = 1;
global $name;
global $login;
global $password;
global $email;
global $comments;
global $sel;
global $private;
global $EMAIL_ORDERS;
global $EMAIL_INVENTORY;
$user['NAME'] = $name;
if (!checkGeneral($user['NAME'])) {
$out["ERR_NAME"] = 1;
$ok = 0;
}
$user['LOGIN'] = $login;
if (!checkGeneral($user['LOGIN'])) {
$out["ERR_LOGIN"] = 1;
$ok = 0;
}
if ($password != '' || !$user['ID']) {
$user['PASSWORD'] = $password;
if (!checkGeneral($user['PASSWORD'])) {
$out["ERR_PASSWORD"] = 1;
$ok = 0;
} else {
$user['PASSWORD'] = md5($user['PASSWORD']);
}
}
$user['EMAIL'] = $email;
$user['COMMENTS'] = $comments;
$user['PRIVATE'] = (int) $private;
$user['EMAIL_ORDERS'] = $EMAIL_ORDERS;
$user['EMAIL_INVENTORY'] = $EMAIL_INVENTORY;
if (count($sel) > 0) {
$user['ACCESS'] = join(",", $sel);
} else {
$user['ACCESS'] = "";
}
if ($ok) {
SQLUpdateInsert("admin_users", $user);
$out["OK"] = 1;
}
}
$modules = SQLSelect("SELECT * FROM project_modules");
$modulesCnt = count($modules);
for ($i = 0; $i < $modulesCnt; $i++) {
if (preg_match("/," . $modules[$i]['NAME'] . ",/i", @$user["ACCESS"]) || preg_match("/," . $modules[$i]['NAME'] . "\$/i", @$user["ACCESS"]) || preg_match("/^" . $modules[$i]['NAME'] . ",/i", @$user["ACCESS"]) || preg_match("/^" . $modules[$i]['NAME'] . "\$/i", @$user["ACCESS"]) || 0) {
$modules[$i]["SELECTED"] = 1;
}
if (($i + 1) % 3 == 0) {
$modules[$i]['NEWR'] = 1;
}
}
$user["MODULES"] = $modules;
outHash($user, $out);
}
$users = SQlSelect("SELECT * FROM admin_users ORDER BY ID DESC");
$out["USERS"] = $users;
}
$out["MODE"] = $mode;
$out["ACTION"] = $this->action;
$this->data = $out;
$p = new parser(DIR_TEMPLATES . $this->name . "/" . $this->name . ".html", $this->data, $this);
$this->result = $p->result;
}
/**
* Title
*
* Description
*
* @access public
*/
function view_layouts(&$out, $id) {
$rec=SQLSelectOne("SELECT * FROM layouts WHERE ID='".(int)$id."'");
if (!$rec['ID']) {
return 0;
}
outHash($rec, $out);
}
/**
* usbdevices edit/add
*
* @access public
*/
function edit_usbdevices(&$out, $id)
{
$rec = SQLSelectOne("SELECT * FROM usbdevices WHERE ID='" . (int) $id . "'");
if ($this->mode == 'update') {
global $title;
global $user_id;
global $script;
$rec['TITLE'] = $title;
$rec['SCRIPT'] = trim($script);
global $run_type;
if ($run_type == 'script') {
global $script_id;
$rec['SCRIPT_ID'] = $script_id;
} else {
$rec['SCRIPT_ID'] = 0;
}
if ($rec['SCRIPT'] != '' && $run_type == 'code') {
//echo $content;
$errors = php_syntax_error($rec['SCRIPT']);
if ($errors) {
$out['ERR_SCRIPT'] = 1;
$out['ERRORS'] = nl2br($errors);
$ok = 0;
}
}
$rec['USER_ID'] = $user_id;
SQLUpdate('usbdevices', $rec);
$this->redirect("?");
}
$rec['LOG'] = nl2br($rec['LOG']);
outHash($rec, $out);
$out['USERS'] = SQLSelect("SELECT * FROM users ORDER BY NAME");
$out['SCRIPTS'] = SQLSelect("SELECT ID, TITLE FROM scripts ORDER BY TITLE");
}
function edit_devices(&$out, $id)
{
$table_name = 'app_pushbullet';
$rec = SQLSelectOne("SELECT * FROM {$table_name} WHERE ID='{$id}'");
if ($this->mode == 'update') {
$ok = 1;
global $apikey;
global $iden;
global $name;
$rec['apikey'] = $apikey;
$rec['iden'] = $iden;
$rec['name'] = $name;
if ($rec['apikey'] == '' || $rec['iden'] == '' || $rec['name'] == '') {
$out['ERR_stations'] = 1;
$ok = 0;
}
//UPDATING RECORD
if ($ok) {
if ($rec['ID']) {
SQLUpdate($table_name, $rec);
// update
} else {
$new_rec = 1;
$rec['ID'] = SQLInsert($table_name, $rec);
// adding new record
}
$out['OK'] = 1;
} else {
$out['ERR'] = 1;
}
}
outHash($rec, $out);
}
/**
* BackEnd
*
* Module backend
*
* @access public
*/
function admin(&$out)
{
$this->getConfig();
$out['CONNECT_USERNAME'] = $this->config['CONNECT_USERNAME'];
$out['CONNECT_PASSWORD'] = $this->config['CONNECT_PASSWORD'];
$out['CONNECT_SYNC'] = $this->config['CONNECT_SYNC'];
$out['SEND_MENU'] = $this->config['SEND_MENU'];
$out['SEND_OBJECTS'] = $this->config['SEND_OBJECTS'];
$out['SEND_SCRIPTS'] = $this->config['SEND_SCRIPTS'];
$out['SEND_PATTERNS'] = $this->config['SEND_PATTERNS'];
if ($this->view_mode == 'update_settings') {
global $connect_username;
global $connect_password;
global $connect_sync;
$this->config['CONNECT_USERNAME'] = $connect_username;
$this->config['CONNECT_PASSWORD'] = $connect_password;
$this->config['CONNECT_SYNC'] = (int) $connect_sync;
$this->saveConfig();
$this->redirect("?");
}
if ($this->view_mode == 'send_data') {
$this->sendData($out);
}
if ($this->tab == 'calls') {
if ($this->view_mode == 'sync') {
if ($this->config['CONNECT_USERNAME']) {
$this->sendCalls();
}
$this->redirect("?tab=" . $this->tab);
}
if ($this->view_mode == 'delete_calls') {
global $id;
SQLExec("DELETE FROM public_calls WHERE ID='" . (int) $id . "'");
$this->redirect("?tab=" . $this->tab . "&view_mode=sync");
}
if ($this->view_mode == 'edit_calls') {
global $id;
$rec = SQLSelectOne("SELECT * FROM public_calls WHERE ID='" . (int) $id . "'");
if ($this->mode == 'update') {
$ok = 1;
global $title;
$rec['TITLE'] = $title;
if (!$rec['TITLE']) {
$out['ERR_TITLE'] = 1;
$ok = 0;
}
global $linked_object;
$rec['LINKED_OBJECT'] = $linked_object;
global $linked_method;
$rec['LINKED_METHOD'] = $linked_method;
global $protected;
$rec['PROTECTED'] = (int) $protected;
global $public_username;
$rec['PUBLIC_USERNAME'] = $public_username;
global $public_password;
$rec['PUBLIC_PASSWORD'] = $public_password;
if ($ok) {
if ($rec['ID']) {
SQLUpdate('public_calls', $rec);
} else {
$rec['ID'] = SQLInsert('public_calls', $rec);
}
$this->redirect("?tab=" . $this->tab . "&view_mode=sync");
}
}
outHash($rec, $out);
}
$calls = SQLSelect("SELECT * FROM public_calls ORDER BY ID DESC");
$out['CALLS'] = $calls;
}
if ($_GET['uploaded']) {
$out['UPLOADED'] = 1;
$out['RESULT'] = $_GET['result'];
}
$out['TAB'] = $this->tab;
}
/**
* Title
*
* Description
*
* @access public
*/
function usual_edit(&$out)
{
global $title;
global $id;
if ($id) {
$rec = SQLSelectOne("SELECT * FROM calendar_events WHERE ID='" . (int) $id . "'");
if ($this->mode == 'delete') {
SQLExec("DELETE FROM calendar_events WHERE ID='" . (int) $rec['ID'] . "'");
$this->redirect("?");
}
} else {
$out['TITLE'] = $title;
$out['DUE'] = date('Y-m-d');
if ($out['TITLE']) {
$others = SQLSelect("SELECT ID, TITLE, IS_DONE FROM calendar_events WHERE TITLE LIKE '%" . DBSafe($out['TITLE']) . "%' ORDER BY ID DESC");
if ($others) {
$out['OTHERS'] = $others;
}
}
}
if ($this->mode == 'update') {
$ok = 1;
global $is_task;
global $notes;
$rec['TITLE'] = $title;
if (!$rec['TITLE']) {
$ok = 0;
$out['ERR_TITLE'] = 1;
}
$rec['IS_TASK'] = (int) $is_task;
$rec['NOTES'] = $notes;
global $due;
$rec['DUE'] = $due;
if (!$rec['DUE']) {
$rec['DUE'] = date('Y-m-d');
}
global $is_repeating;
$rec['IS_REPEATING'] = (int) $is_repeating;
global $is_repeating_after;
$rec['IS_REPEATING_AFTER'] = (int) $is_repeating_after;
global $repeat_in;
$rec['REPEAT_IN'] = (int) $repeat_in;
global $repeat_type;
$rec['REPEAT_TYPE'] = (int) $repeat_type;
global $is_done;
if ($is_done && !$rec['IS_DONE']) {
$marked_done = 1;
}
$rec['IS_DONE'] = (int) $is_done;
global $is_nodate;
$rec['IS_NODATE'] = (int) $rec['IS_NODATE'];
global $user_id;
$rec['USER_ID'] = (int) $user_id;
global $location_id;
$rec['LOCATION_ID'] = (int) $location_id;
global $done_script_id;
$rec['DONE_SCRIPT_ID'] = (int) $done_script_id;
if ($ok) {
if ($rec['ID']) {
SQLUpdate('calendar_events', $rec);
} else {
$rec['ADDED'] = date('Y-m-d H:i:s');
$rec['ID'] = SQLInsert('calendar_events', $rec);
}
if ($marked_done) {
$this->task_done($rec['ID']);
}
$this->redirect("?");
}
}
outHash($rec, $out);
$out['USERS'] = SQLSelect("SELECT * FROM users ORDER BY NAME");
$out['LOCATIONS'] = SQLSelect("SELECT * FROM gpslocations ORDER BY TITLE");
$out['SCRIPTS'] = SQLSelect("SELECT ID, TITLE FROM scripts ORDER BY TITLE");
}
