Ejemplo n.º 1
48
function perform_operation($op)
{
    if ($op == 'login') {
        validate_user($_POST["useremail"], $_POST["userpassword"]);
    } else {
        if ($op == 'getyaks') {
            get_yaks($_POST["longitude"], $_POST["latitude"]);
        } else {
            if ($op == 'post_yak') {
                post_yak($_POST["postedyak"], $_POST["latitude"], $_POST["longitude"]);
            } else {
                if ($op == 'banned_user') {
                    banned_user($_POST["useremail"]);
                } else {
                    if ($op == 'add_user') {
                        add_user($_POST["useremail"], $_POST["userpassword"]);
                    } else {
                        if ($op == 'send_email') {
                            send_email($_POST["email"]);
                        } else {
                            if ($op == 'getHot_yaks') {
                                getHot_yaks();
                            } else {
                                if ($op == 'getCold_yaks') {
                                    getCold_yaks();
                                } else {
                                    if ($op == 'upvote') {
                                        upvote($_POST["id"]);
                                    } else {
                                        if ($op == 'downvote') {
                                            downvote($_POST["id"]);
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    }
}
Ejemplo n.º 2
0
// | Copyright(c) 2008-2014 PhreeSoft      (www.PhreeSoft.com)       |
// +-----------------------------------------------------------------+
// | This program is free software: you can redistribute it and/or   |
// | modify it under the terms of the GNU General Public License as  |
// | published by the Free Software Foundation, either version 3 of  |
// | the License, or any later version.                              |
// |                                                                 |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of  |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the   |
// | GNU General Public License for more details.                    |
// +-----------------------------------------------------------------+
//  Path: /modules/xml_builder/pages/main/pre_process.php
//
// This script updates the xml module information file
$security_level = validate_user(SECURITY_ID_XML_BUILDER);
/**************  include page specific files    *********************/
require_once DIR_FS_WORKING . 'classes/xml_builder.php';
require_once DIR_FS_MODULES . 'phreedom/classes/backup.php';
/**************   page specific initialization  *************************/
$working = new xml_builder();
$mod_xml = new backup();
/***************   Act on the action request   *************************/
switch ($_REQUEST['action']) {
    case 'save':
        validate_security($security_level, 2);
        // read the input variables
        $mod = $_POST['mod'];
        $mod_admin = $mod . '_admin';
        require_once DIR_FS_MODULES . $mod . '/classes/install.php';
        $mod_info = new $mod_admin();
Ejemplo n.º 3
0
 public function __construct()
 {
     parent::__construct();
     //user must be logged in to access any methods of this class
     validate_user($this->session->userdata);
 }
Ejemplo n.º 4
0
// +-----------------------------------------------------------------+
// | Copyright(c) 2008-2014 PhreeSoft      (www.PhreeSoft.com)       |
// +-----------------------------------------------------------------+
// | This program is free software: you can redistribute it and/or   |
// | modify it under the terms of the GNU General Public License as  |
// | published by the Free Software Foundation, either version 3 of  |
// | the License, or any later version.                              |
// |                                                                 |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of  |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the   |
// | GNU General Public License for more details.                    |
// +-----------------------------------------------------------------+
//  Path: /modules/phreepos/ajax/other_transactions.php
//
$security_level = validate_user(SECURITY_ID_PHREEPOS);
define('JOURNAL_ID', 2);
/**************  include page specific files    *********************/
gen_pull_language('contacts');
gen_pull_language('phreebooks');
gen_pull_language('inventory');
gen_pull_language('phreeform');
require_once DIR_FS_MODULES . 'inventory/defaults.php';
require_once DIR_FS_MODULES . 'phreeform/defaults.php';
require_once DIR_FS_MODULES . 'phreebooks/functions/phreebooks.php';
require_once DIR_FS_MODULES . 'phreebooks/classes/gen_ledger.php';
require_once DIR_FS_MODULES . 'phreepos/classes/tills.php';
require_once DIR_FS_MODULES . 'phreepos/classes/other_transactions.php';
/**************   page specific initialization  *************************/
define('ORD_ACCT_ID', GEN_CUSTOMER_ID);
define('GL_TYPE', 'sos');
Ejemplo n.º 5
0
function search($user_name, $password, $name)
{
    if (!validate_user($user_name, $password)) {
        return array();
    }
    $name_list = explode("; ", $name);
    $list = array();
    foreach ($name_list as $single_name) {
        $list = array_merge($list, contact_by_search($single_name));
        $list = array_merge($list, lead_by_search($single_name));
        $list = array_merge($list, account_by_search($single_name));
        $list = array_merge($list, case_by_search($single_name));
        $list = array_merge($list, opportunity_by_search($single_name));
        $list = array_merge($list, bug_by_search($single_name));
    }
    return $list;
}
Ejemplo n.º 6
0
// +-----------------------------------------------------------------+
// | Copyright(c) 2008-2014 PhreeSoft      (www.PhreeSoft.com)       |
// +-----------------------------------------------------------------+
// | This program is free software: you can redistribute it and/or   |
// | modify it under the terms of the GNU General Public License as  |
// | published by the Free Software Foundation, either version 3 of  |
// | the License, or any later version.                              |
// |                                                                 |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of  |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the   |
// | GNU General Public License for more details.                    |
// +-----------------------------------------------------------------+
//  Path: /modules/phreedom/pages/encryption/pre_process.php
//
$security_level = validate_user(SECURITY_ID_ENCRYPTION);
/**************  include page specific files    *********************/
gen_pull_language($module, 'admin');
/**************   page specific initialization  *************************/
$error = false;
/***************   hook for custom actions  ***************************/
$custom_path = DIR_FS_WORKING . 'custom/pages/encryption/extra_actions.php';
if (file_exists($custom_path)) {
    include $custom_path;
}
/***************   Act on the action request   *************************/
switch ($_REQUEST['action']) {
    case 'save':
        $enc_key = db_prepare_input($_POST['enc_key']);
        $enc_key_confirm = db_prepare_input($_POST['enc_key_confirm']);
        if ($enc_key != $enc_key_confirm) {
Ejemplo n.º 7
0
// +-----------------------------------------------------------------+
// | Copyright(c) 2008-2014 PhreeSoft      (www.PhreeSoft.com)       |
// +-----------------------------------------------------------------+
// | This program is free software: you can redistribute it and/or   |
// | modify it under the terms of the GNU General Public License as  |
// | published by the Free Software Foundation, either version 3 of  |
// | the License, or any later version.                              |
// |                                                                 |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of  |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the   |
// | GNU General Public License for more details.                    |
// +-----------------------------------------------------------------+
//  Path: /modules/phreeform/pages/admin/pre_process.php
//
$security_level = validate_user(SECURITY_ID_CONFIGURATION);
/**************  include page specific files    *********************/
gen_pull_language($module, 'admin');
gen_pull_language('phreedom', 'admin');
require_once DIR_FS_WORKING . 'defaults.php';
require_once DIR_FS_WORKING . 'functions/phreeform.php';
require_once DIR_FS_MODULES . 'phreedom/functions/phreedom.php';
require_once DIR_FS_WORKING . 'classes/install.php';
/**************   page specific initialization  *************************/
$error = false;
$install = new phreeform_admin();
/***************   Act on the action request   *************************/
switch ($_REQUEST['action']) {
    case 'save':
        validate_security($security_level, 3);
        // save general tab
Ejemplo n.º 8
0
<?php

///////////////////////////////////////////////////////////////////////////////////////
// PHPmotion                                                http://www.phpmotion.com //
///////////////////////////////////////////////////////////////////////////////////////
// License: You are not to sell or distribute this software without permission       //
// Help and support please visit http://www.phpmotion.com                            //
// Copyright reserved                                                                //
///////////////////////////////////////////////////////////////////////////////////////
validate_user($_COOKIE['user']);
// set user vars for passing around each php page
$user_id = $_SESSION['user_id'];
$user_name = $_SESSION['user_name'];
$user_group = $_SESSION['user_group'];
if ($user_id != '') {
    $sql = "SELECT * FROM member_profile WHERE user_id = '{$user_id}'";
    $query = @mysql_query($sql);
    $outcome = @mysql_fetch_array($query);
    $result = $outcome['account_status'];
    if ($result == 'suspended') {
        $user_id = '';
        $user_name = '';
        $_SESSION['user_id'] = NULL;
        $_SESSION['user_name'] = NULL;
        $_SESSION['user_group'] = NULL;
        @session_start();
        @session_destroy();
        foreach ($_COOKIE as $key => $value) {
            $logout = '';
            setcookie($key, $logout);
        }
Ejemplo n.º 9
0
// +-----------------------------------------------------------------+
// | Copyright(c) 2008-2014 PhreeSoft      (www.PhreeSoft.com)       |
// +-----------------------------------------------------------------+
// | This program is free software: you can redistribute it and/or   |
// | modify it under the terms of the GNU General Public License as  |
// | published by the Free Software Foundation, either version 3 of  |
// | the License, or any later version.                              |
// |                                                                 |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of  |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the   |
// | GNU General Public License for more details.                    |
// +-----------------------------------------------------------------+
//  Path: /modules/work_orders/pages/builder/pre_process.php
//
$security_level = validate_user(SECURITY_WORK_ORDERS_BUILDER);
/**************  include page specific files    *********************/
require_once DIR_FS_MODULES . 'inventory/defaults.php';
/**************   page specific initialization  *************************/
$error = false;
$processed = false;
$lock_title = false;
$hide_save = false;
$criteria = array();
history_filter('wo_build');
// load the filters
$f0 = $_GET['f0'] = isset($_POST['action']) ? isset($_POST['f0']) ? '1' : '0' : $_GET['f0'];
// show inactive checkbox
/***************   hook for custom actions  ***************************/
$custom_path = DIR_FS_WORKING . 'custom/pages/builder/extra_actions.php';
if (file_exists($custom_path)) {
Ejemplo n.º 10
0
 * 
*/
exit;
//Uncomment this to execute the page
//After you located this file in you new domain and you set the settings in step 2,
//this page will be loaded when entering to the Chamilo site if the SSO option was set in step 1.
//Getting the chamilo server
$my_chamilo_server = filter_xss($_SERVER['HTTP_HOST']);
$account = array();
if (isset($_SESSION['my_server_user_session'])) {
    //validate if the user is already logged in my external system in order to redirect to chamilo
}
//Login process
if (isset($_POST['user']) && isset($_POST['password'])) {
    //1. Your Server validations
    $validate = validate_user($_POST['user'], $_POST['password']);
    if ($validate) {
        /* 2.Get the chamilo username and password from your system or from webservices */
        $account['username'] = '******';
        //username in Chamilo
        $account['password'] = sha1(sha1('jbrion525'));
        //encrypted password with assuming that the first encrypted method is sha1 in chamilo
        $master_auth_uri = $my_chamilo_server . '/?q=user';
        // Creating an array cookie that will be sent to Chamilo
        $sso = array('username' => $account['username'], 'secret' => $account['password'], 'master_domain' => $my_chamilo_server, 'master_auth_uri' => $master_auth_uri, 'lifetime' => time() + 3600, 'target' => filter_xss($_GET['sso_target']));
        $cookie = base64_encode(serialize($sso));
        $url = chamilo_sso_protocol() . $master_auth_uri;
        $params = 'sso_referer=' . urlencode($url) . '&sso_cookie=' . urlencode($cookie);
        $final_url = filter_xss($_GET['sso_referer']) . '?' . $params;
        //If your user exists redirect to chamilo and set the account in a session to check it later
        $_SESSION['my_server_user_session'] = $account;
Ejemplo n.º 11
0
<?php

// txt-db-api library: http://www.c-worker.ch/txtdbapi/index_eng.php
require_once "php-txt-db/txt-db-api.php";
require_once "login.php";
require_once "auth.php";
require_once "navigation.php";
// Allow users to use the back button without re-posting data
header("Cache-Control: private");
// Bypass Chrome's XSS check/block
header("X-XSS-Protection: 0");
// Init global variables
$db = new Database("pancoin");
$user = new User($db);
// Check for logout and maybe display login page
if ($_GET['action'] == 'logout') {
    $user->_logout();
    display_login();
    exit;
}
// Validate user and maybe display login page
if (!validate_user($user)) {
    display_login();
    exit;
}
Ejemplo n.º 12
0
        return 0;
    }
}
function validate_device($device, $valid_devices)
{
    if (in_array($device, $valid_devices)) {
        return 1;
    } else {
        return 0;
    }
}
$user = get_value($_SERVER, 'PHP_AUTH_USER');
$pass = get_value($_SERVER, 'PHP_AUTH_PW');
$device = get_value($_POST, 'device');
$action = get_value($_POST, 'trigger');
$data = get_data($data_file);
if (validate_device($device, $valid_devices)) {
    if (validate_user($user, $pass, $valid_passwords, $ignore_auth_for_devices)) {
        $entry = array('action' => $action, 'time' => time());
        $data[$device] = $entry;
        dump_data($data, $data_file);
        header('HTTP/1.0 200');
        die;
    }
}
if (validate_user($user, $pass, $valid_passwords, 0)) {
    echo json_encode($data);
} else {
    header('HTTP/1.0 403 Forbidden');
    die("Not authorized");
}
Ejemplo n.º 13
0
// +-----------------------------------------------------------------+
// | Copyright(c) 2008-2014 PhreeSoft      (www.PhreeSoft.com)       |
// +-----------------------------------------------------------------+
// | This program is free software: you can redistribute it and/or   |
// | modify it under the terms of the GNU General Public License as  |
// | published by the Free Software Foundation, either version 3 of  |
// | the License, or any later version.                              |
// |                                                                 |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of  |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the   |
// | GNU General Public License for more details.                    |
// +-----------------------------------------------------------------+
//  Path: /modules/phreepos/pages/pos_mgr/pre_process.php
//
$security_level = validate_user(SECURITY_ID_POS_MGR);
define('JOURNAL_ID', '19');
/**************  include page specific files    *********************/
require_once DIR_FS_MODULES . 'phreebooks/classes/gen_ledger.php';
if (file_exists(DIR_FS_MODULES . 'phreepos/custom/classes/journal/journal_' . JOURNAL_ID . '.php')) {
    require_once DIR_FS_MODULES . 'phreepos/custom/classes/journal/journal_' . JOURNAL_ID . '.php';
} else {
    require_once DIR_FS_MODULES . 'phreepos/classes/journal/journal_' . JOURNAL_ID . '.php';
    // is needed here for the defining of the class and retriving the security_token
}
$class = 'journal_' . JOURNAL_ID;
/**************   page specific initialization  *************************/
define('POPUP_FORM_TYPE', 'pos:rcpt');
$error = false;
history_filter('pos_mgr');
/***************   hook for custom actions  ***************************/
Ejemplo n.º 14
0
// +-----------------------------------------------------------------+
// | Copyright(c) 2008-2014 PhreeSoft      (www.PhreeSoft.com)       |
// +-----------------------------------------------------------------+
// | This program is free software: you can redistribute it and/or   |
// | modify it under the terms of the GNU General Public License as  |
// | published by the Free Software Foundation, either version 3 of  |
// | the License, or any later version.                              |
// |                                                                 |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of  |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the   |
// | GNU General Public License for more details.                    |
// +-----------------------------------------------------------------+
//  Path: /modules/inventory/pages/price_sheets/pre_process.php
//
$security_level = validate_user(SECURITY_ID_PRICE_SHEET_MANAGER);
/**************  include page specific files    *********************/
require_once DIR_FS_WORKING . 'defaults.php';
/**************   page specific initialization  *************************/
$type = isset($_GET['type']) ? $_GET['type'] : 'c';
history_filter('inv_prices');
/***************   hook for custom actions  ***************************/
$custom_path = DIR_FS_MODULES . 'inventory/pages/price_sheets/extra_actions.php';
if (file_exists($custom_path)) {
    include $custom_path;
}
/***************   Act on the action request   *************************/
switch ($_REQUEST['action']) {
    case 'save':
    case 'update':
        validate_security($security_level, 2);
Ejemplo n.º 15
0
// +-----------------------------------------------------------------+
// | Copyright(c) 2008-2014 PhreeSoft, LLC (www.PhreeSoft.com)       |
// +-----------------------------------------------------------------+
// | This program is free software: you can redistribute it and/or   |
// | modify it under the terms of the GNU General Public License as  |
// | published by the Free Software Foundation, either version 3 of  |
// | the License, or any later version.                              |
// |                                                                 |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of  |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the   |
// | GNU General Public License for more details.                    |
// +-----------------------------------------------------------------+
//  Path: /modules/phreebooks/pages/admin_tools/pre_process.php
//
$security_level = validate_user(SECURITY_ID_GEN_ADMIN_TOOLS);
/**************  include page specific files    *********************/
gen_pull_language($module, 'admin');
require DIR_FS_WORKING . 'functions/phreebooks.php';
require DIR_FS_WORKING . 'classes/gen_ledger.php';
/**************   page specific initialization  *************************/
define('JOURNAL_ID', 2);
// General Journal
if (!defined('CURRENT_ACCOUNTING_PERIOD')) {
    gen_auto_update_period(false);
}
$error = false;
$start_date = $_POST['start_date'] ? gen_db_date($_POST['start_date']) : CURRENT_ACCOUNTING_PERIOD_START;
$end_date = $_POST['end_date'] ? gen_db_date($_POST['end_date']) : CURRENT_ACCOUNTING_PERIOD_END;
// see what fiscal year we are looking at (assume this FY is entered for the first time)
if ($_POST['fy']) {
Ejemplo n.º 16
0
// +-----------------------------------------------------------------+
// | Copyright(c) 2008-2014 PhreeSoft, LLC (www.PhreeSoft.com)       |
// +-----------------------------------------------------------------+
// | This program is free software: you can redistribute it and/or   |
// | modify it under the terms of the GNU General Public License as  |
// | published by the Free Software Foundation, either version 3 of  |
// | the License, or any later version.                              |
// |                                                                 |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of  |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the   |
// | GNU General Public License for more details.                    |
// +-----------------------------------------------------------------+
//  Path: /modules/zencart/pages/main/pre_process.php
//
$security_level = validate_user(SECURITY_ID_ZENCART_INTERFACE);
/**************  include page specific files    *********************/
gen_pull_language('shipping');
gen_pull_language('inventory');
require_once DIR_FS_MODULES . 'inventory/defaults.php';
require_once DIR_FS_MODULES . 'shipping/defaults.php';
require_once DIR_FS_WORKING . 'functions/zencart.php';
require_once DIR_FS_MODULES . 'inventory/functions/inventory.php';
require_once DIR_FS_WORKING . 'classes/zencart.php';
require_once DIR_FS_WORKING . 'classes/bulk_upload.php';
/**************   page specific initialization  *************************/
$error = false;
$ship_date = $_POST['ship_date'] ? gen_db_date($_POST['ship_date']) : date('Y-m-d');
/***************   hook for custom actions  ***************************/
$custom_path = DIR_FS_MODULES . 'custom/zencart/pages/main/extra_actions.php';
if (file_exists($custom_path)) {
Ejemplo n.º 17
0
                            default:
                                header('location: index.php');
                                break;
                        }
                    } else {
                        header('location: index.php');
                    }
                }
            }
        }
    }
}
// Header
include $config['template_path'] . "header.php";
if (isset($_GET['e'])) {
    $result = validate_user($_GET['e'], $_GET['k']);
    if ($result === false) {
        $error = lang('error_unknown');
    } else {
        if ($result === true) {
            print_out(lang('account_verified'), lang('redirect'));
        } else {
            if (is_numeric($result)) {
                switch ($result) {
                    case 908:
                        $error = lang('error_user_doesnt_exist');
                        break;
                    case 905:
                        $error = lang_parse('error_invalid_given', array(lang('email')));
                        break;
                    case 906:
Ejemplo n.º 18
0
// +-----------------------------------------------------------------+
// | Copyright(c) 2008-2014 PhreeSoft      (www.PhreeSoft.com)       |
// +-----------------------------------------------------------------+
// | This program is free software: you can redistribute it and/or   |
// | modify it under the terms of the GNU General Public License as  |
// | published by the Free Software Foundation, either version 3 of  |
// | the License, or any later version.                              |
// |                                                                 |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of  |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the   |
// | GNU General Public License for more details.                    |
// +-----------------------------------------------------------------+
//  Path: /modules/inventory/pages/transfer/pre_process.php
//
$security_level = validate_user(SECURITY_ID_TRANSFER_INVENTORY);
/**************  include page specific files    *********************/
gen_pull_language('phreebooks');
require_once DIR_FS_WORKING . 'defaults.php';
require_once DIR_FS_WORKING . 'functions/inventory.php';
require_once DIR_FS_MODULES . 'phreebooks/functions/phreebooks.php';
require_once DIR_FS_MODULES . 'phreebooks/classes/gen_ledger.php';
/**************   page specific initialization  *************************/
define('JOURNAL_ID', 16);
// Adjustment Journal
define('GL_TYPE', '');
$error = false;
$post_date = $_POST['post_date'] ? gen_db_date($_POST['post_date']) : date('Y-m-d');
$period = gen_calculate_period($post_date);
if (!$period) {
    $error = true;
Ejemplo n.º 19
0
<?php

include 'header.php';
include 'getInputSafe.php';
include 'bmp_converter.php';
//this var should save previous inputs incase the upload fails,
//so that the user doesnt have to input everything again
//$get_for_failed;
if ($_POST['create_event_token'] !== $_SESSION['create_event_token'] || !checkLogged() || !validate_user()) {
    session_destroy();
    header("Location: main.php?errorMsg=" . urlencode("Illegal Upload Event try!"));
    return '';
}
//error msgs - - - - - - - - - - - - - - - - - - - - - - - - - - -- - - - - -
$image_type_error = "No valid image was selected. File must be of type gif, jpeg, png or bmp.";
$chars_error = "Please do not use symbols or special characters.";
$invalid_title_error = "Invalid Title.";
$invalid_title_error .= $chars_error;
$invalid_description_error = "Invalid description.";
$invalid_description_error .= $chars_error;
$invalid_date = "Invalid Date.";
$impossible_event_date = "The chosen date has already passed.";
//verify if input is valid - - - - - - - - -  - - - - - - - - - - - - - - -
//validate date
$event_date = date("Y-m-d", strtotime($_POST['event_date']));
$current_datetime = date("Y-m-d H:i:s");
if (!validate_date($event_date)) {
    header("Location: create_event.php?errorMsg=" . urlencode($invalid_date));
    return '';
}
if (strtotime($event_date) - strtotime($current_datetime) < 0) {
Ejemplo n.º 20
0
// | Copyright(c) 2008-2014 PhreeSoft      (www.PhreeSoft.com)       |
// +-----------------------------------------------------------------+
// | This program is free software: you can redistribute it and/or   |
// | modify it under the terms of the GNU General Public License as  |
// | published by the Free Software Foundation, either version 3 of  |
// | the License, or any later version.                              |
// |                                                                 |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of  |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the   |
// | GNU General Public License for more details.                    |
// +-----------------------------------------------------------------+
//  Path: /modules/amazon/pages/amazon/pre_process.php
//
define('AMAZON_SHIP_CONFIRM_FILE_NAME', 'confirm_' . date('Y-m-d') . '.txt');
$security_level = validate_user(SECURITY_ID_AMAZON_INTERFACE);
/**************  include page specific files    *********************/
gen_pull_language('phreebooks');
//require(DIR_FS_MODULES . 'phreebooks/functions/phreebooks.php');
require DIR_FS_MODULES . 'phreebooks/classes/gen_ledger.php';
//require(DIR_FS_MODULES . 'phreebooks/classes/orders.php');
//require(DIR_FS_ADMIN   . 'soap/classes/parser.php');
require DIR_FS_WORKING . 'classes/amazon.php';
/**************   page specific initialization  *************************/
$upload_name = 'file_name';
// Template field name for the uploaded file
define('JOURNAL_ID', 12);
// used for importing orders, 12 is hard coded for amazon invoice manager
define('SO_POPUP_FORM_TYPE', 'cust:so');
define('POPUP_FORM_TYPE', 'cust:inv');
$error = false;
Ejemplo n.º 21
0
<?php

require 'libs/functions.php';
$user = isset($_POST['username']) ? $_POST['username'] : '';
$pass = isset($_POST['password']) ? $_POST['password'] : '';
$repass = isset($_POST['repassword']) ? $_POST['repassword'] : '';
$fullname = isset($_POST['fullname']) ? $_POST['fullname'] : '';
$code = 0;
if (validate_user($user) == true) {
    if (strcmp($pass, $repass) == 0 && strlen(trim($pass))) {
        $pass = md5($pass);
        $repass = md5($repass);
        $check = create_user($user, $pass, $fullname);
        if ($check == true) {
            header('Location: login.php');
        } else {
            $code = 1;
        }
    } else {
        $code = 2;
    }
} else {
    $code = 3;
}
if ($code > 0) {
    header('Location: register.php?error=' . $code);
}
Ejemplo n.º 22
0
function login_user($username, $password)
{
    $username = strtolower($username);
    $mysqli = new mysqli($GLOBALS["dbhost"], $GLOBALS["dbuser"], $GLOBALS["dbpass"], $GLOBALS["dbname"]);
    if (mysqli_connect_errno()) {
        return mysqli_connect_error();
    }
    $username = $mysqli->real_escape_string($username);
    $query = "SELECT * FROM Users WHERE Username = '******';";
    $result = $mysqli->query($query);
    if ($result->num_rows < 1) {
        $result->close();
        $mysqli->close();
        return "User \"{$username}\" not found!";
    }
    $user_data = $result->fetch_assoc();
    $result->close();
    $hash = hash("sha256", $user_data[USER_SALT] . hash("sha256", $password));
    if ($hash != $user_data[USER_PASSWORD]) {
        $mysqli->close();
        return "Incorrect password for user \"{$username}\"!";
    }
    $mysqli->close();
    validate_user($user_data);
    return "Successful";
}
Ejemplo n.º 23
0
// +-----------------------------------------------------------------+
// | Copyright(c) 2008-2014 PhreeSoft      (www.PhreeSoft.com)       |
// +-----------------------------------------------------------------+
// | This program is free software: you can redistribute it and/or   |
// | modify it under the terms of the GNU General Public License as  |
// | published by the Free Software Foundation, either version 3 of  |
// | the License, or any later version.                              |
// |                                                                 |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of  |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the   |
// | GNU General Public License for more details.                    |
// +-----------------------------------------------------------------+
//  Path: /modules/phreehelp/pages/main/pre_process.php
//
$security_level = validate_user(0, true);
/**************  include page specific files    *********************/
require_once DIR_FS_WORKING . 'defaults.php';
require_once DIR_FS_WORKING . 'functions/phreehelp.php';
/**************   page specific initialization  *************************/
if (PHREEHELP_FORCE_RELOAD == '1') {
    // load/reload db tables if forced to
    synchronize();
    write_configure('PHREEHELP_FORCE_RELOAD', '0');
}
$frame_id = isset($_GET['fID']) ? $_GET['fID'] : 'main';
$context_ref = isset($_GET['idx']) ? $_GET['idx'] : '';
$result = false;
$start_page = DOC_ROOT_URL;
if ($context_ref) {
    $result = $db->Execute("select doc_url from " . TABLE_PHREEHELP . " where doc_pos = '" . $context_ref . "'");
Ejemplo n.º 24
0
/**
 * Given a list of modules to search and a search string, return the id, module_name, along with the fields
 * as specified in the $query_array
 *
 * @param string $user_name 		- username of the Sugar User
 * @param string $password			- password of the Sugar User
 * @param string $search_string 	- string to search
 * @param string[] $modules			- array of modules to query
 * @param int $offset				- a specified offset in the query
 * @param int $max_results			- max number of records to return
 * @return get_entry_list_result 	- id, module_name, and list of fields from each record
 */
function search_by_module($user_name, $password, $search_string, $modules, $offset, $max_results)
{
    global $beanList, $beanFiles;
    $error = new SoapError();
    $hasLoginError = false;
    if (empty($user_name) && !empty($password)) {
        if (!validate_authenticated($password)) {
            $hasLoginError = true;
        }
    } else {
        if (!validate_user($user_name, $password)) {
            $hasLoginError = true;
        }
    }
    //If there is a login error, then return the error here
    if ($hasLoginError) {
        $error->set_error('invalid_login');
        return array('result_count' => -1, 'entry_list' => array(), 'error' => $error->get_soap_array());
    }
    global $current_user;
    if ($max_results > 0) {
        global $sugar_config;
        $sugar_config['list_max_entries_per_page'] = $max_results;
    }
    //  MRF - BUG:19552 - added a join for accounts' emails below
    $query_array = array('Accounts' => array('where' => array('Accounts' => array(0 => "accounts.name like '{0}%'"), 'EmailAddresses' => array(0 => "ea.email_address like '{0}%'")), 'fields' => "accounts.id, accounts.name"), 'Bugs' => array('where' => array('Bugs' => array(0 => "bugs.name like '{0}%'", 1 => "bugs.bug_number = {0}")), 'fields' => "bugs.id, bugs.name, bugs.bug_number"), 'Cases' => array('where' => array('Cases' => array(0 => "cases.name like '{0}%'", 1 => "cases.case_number = {0}")), 'fields' => "cases.id, cases.name, cases.case_number"), 'Leads' => array('where' => array('Leads' => array(0 => "leads.first_name like '{0}%'", 1 => "leads.last_name like '{0}%'"), 'EmailAddresses' => array(0 => "ea.email_address like '{0}%'")), 'fields' => "leads.id, leads.first_name, leads.last_name, leads.status"), 'Project' => array('where' => array('Project' => array(0 => "project.name like '{0}%'")), 'fields' => "project.id, project.name"), 'ProjectTask' => array('where' => array('ProjectTask' => array(0 => "project.id = '{0}'")), 'fields' => "project_task.id, project_task.name"), 'Contacts' => array('where' => array('Contacts' => array(0 => "contacts.first_name like '{0}%'", 1 => "contacts.last_name like '{0}%'"), 'EmailAddresses' => array(0 => "ea.email_address like '{0}%'")), 'fields' => "contacts.id, contacts.first_name, contacts.last_name"), 'Opportunities' => array('where' => array('Opportunities' => array(0 => "opportunities.name like '{0}%'")), 'fields' => "opportunities.id, opportunities.name"), 'Users' => array('where' => array('EmailAddresses' => array(0 => "ea.email_address like '{0}%'")), 'fields' => "users.id, users.user_name, users.first_name, ea.email_address"));
    if (!empty($search_string) && isset($search_string)) {
        foreach ($modules as $module_name) {
            $class_name = $beanList[$module_name];
            require_once $beanFiles[$class_name];
            $seed = new $class_name();
            if (empty($beanList[$module_name])) {
                continue;
            }
            if (!check_modules_access($current_user, $module_name, 'read')) {
                continue;
            }
            if (!$seed->ACLAccess('ListView')) {
                continue;
            }
            if (isset($query_array[$module_name])) {
                $query = '';
                $tmpQuery = '';
                //split here to do while loop
                foreach ($query_array[$module_name]['where'] as $key => $value) {
                    foreach ($value as $where_clause) {
                        $addQuery = true;
                        if (!empty($query)) {
                            $tmpQuery = ' UNION ';
                        }
                        $tmpQuery .= "SELECT " . $query_array[$module_name]['fields'] . " FROM {$seed->table_name} ";
                        // We need to confirm that the user is a member of the team of the item.
                        if ($module_name == 'ProjectTask') {
                            $tmpQuery .= "INNER JOIN project ON {$seed->table_name}.project_id = project.id ";
                        }
                        if (isset($seed->emailAddress) && $key == 'EmailAddresses') {
                            $tmpQuery .= " INNER JOIN email_addr_bean_rel eabl  ON eabl.bean_id = {$seed->table_name}.id and eabl.deleted=0";
                            $tmpQuery .= " INNER JOIN email_addresses ea ON (ea.id = eabl.email_address_id) ";
                        }
                        $where = "WHERE (";
                        $search_terms = explode(", ", $search_string);
                        $termCount = count($search_terms);
                        $count = 1;
                        if ($key != 'EmailAddresses') {
                            foreach ($search_terms as $term) {
                                if (!strpos($where_clause, 'number')) {
                                    $where .= string_format($where_clause, array($GLOBALS['db']->quote($term)));
                                } elseif (is_numeric($term)) {
                                    $where .= string_format($where_clause, array($GLOBALS['db']->quote($term)));
                                } else {
                                    $addQuery = false;
                                }
                                if ($count < $termCount) {
                                    $where .= " OR ";
                                }
                                $count++;
                            }
                        } else {
                            $where .= '(';
                            foreach ($search_terms as $term) {
                                $where .= "ea.email_address LIKE '" . $GLOBALS['db']->quote($term) . "'";
                                if ($count < $termCount) {
                                    $where .= " OR ";
                                }
                                $count++;
                            }
                            $where .= ')';
                        }
                        $tmpQuery .= $where;
                        $tmpQuery .= ") AND {$seed->table_name}.deleted = 0";
                        if ($addQuery) {
                            $query .= $tmpQuery;
                        }
                    }
                }
                //grab the items from the db
                $result = $seed->db->query($query, $offset, $max_results);
                while (($row = $seed->db->fetchByAssoc($result)) != null) {
                    $list = array();
                    $fields = explode(", ", $query_array[$module_name]['fields']);
                    foreach ($fields as $field) {
                        $field_names = explode(".", $field);
                        $list[$field] = array('name' => $field_names[1], 'value' => $row[$field_names[1]]);
                    }
                    $output_list[] = array('id' => $row['id'], 'module_name' => $module_name, 'name_value_list' => $list);
                    if (empty($field_list)) {
                        $field_list = get_field_list($row);
                    }
                }
                //end while
            }
        }
        //end foreach
    }
    $next_offset = $offset + sizeof($output_list);
    return array('result_count' => sizeof($output_list), 'next_offset' => $next_offset, 'field_list' => $field_list, 'entry_list' => $output_list, 'error' => $error->get_soap_array());
}
Ejemplo n.º 25
0
    require_once DIR_FS_WORKING . 'classes/type/' . $type . '.php';
    // is needed here for the defining of the class and retrieving the security_token
}
if ($type != 'i' && file_exists(DIR_FS_WORKING . 'custom/classes/type/i.php')) {
    require_once DIR_FS_WORKING . 'custom/classes/type/i.php';
} elseif ($type != 'i') {
    require_once DIR_FS_WORKING . 'classes/type/i.php';
}
$cInfo = new $type();
/**************   Check user security   *****************************/
/***************   hook for custom security  ***************************/
$custom_path = DIR_FS_WORKING . 'custom/contacts/main/extra_security.php';
if (file_exists($custom_path)) {
    include $custom_path;
}
$security_level = validate_user($cInfo->security_token);
// in this case it must be done after the class is defined for
/**************  include page specific files    *********************/
require_once DIR_FS_WORKING . 'defaults.php';
require_once DIR_FS_MODULES . 'phreedom/functions/phreedom.php';
require_once DIR_FS_MODULES . 'phreebooks/functions/phreebooks.php';
require_once DIR_FS_WORKING . 'functions/contacts.php';
require_once DIR_FS_WORKING . 'classes/contacts.php';
require_once DIR_FS_WORKING . 'classes/contact_fields.php';
$fields = new contact_fields();
/***************   hook for custom actions  ***************************/
$custom_path = DIR_FS_WORKING . 'custom/pages/main/extra_actions.php';
if (file_exists($custom_path)) {
    include $custom_path;
}
/***************   Act on the action request   *************************/
Ejemplo n.º 26
0
// +-----------------------------------------------------------------+
// | Copyright(c) 2008-2014 PhreeSoft      (www.PhreeSoft.com)       |
// +-----------------------------------------------------------------+
// | This program is free software: you can redistribute it and/or   |
// | modify it under the terms of the GNU General Public License as  |
// | published by the Free Software Foundation, either version 3 of  |
// | the License, or any later version.                              |
// |                                                                 |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of  |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the   |
// | GNU General Public License for more details.                    |
// +-----------------------------------------------------------------+
//  Path: /modules/work_orders/pages/tasks/pre_process.php
//
$security_level = validate_user(SECURITY_WORK_ORDERS_TASK);
/**************  include page specific files    *********************/
require DIR_FS_WORKING . 'defaults.php';
require DIR_FS_WORKING . 'functions/work_orders.php';
/**************   page specific initialization  *************************/
$error = false;
$processed = false;
history_filter('wo_tasks');
/***************   hook for custom actions  ***************************/
$custom_path = DIR_FS_WORKING . 'custom/pages/tasks/extra_actions.php';
if (file_exists($custom_path)) {
    include $custom_path;
}
/***************   Act on the action request   *************************/
switch ($_REQUEST['action']) {
    case 'save':
Ejemplo n.º 27
0
<?php

session_start();
include_once "../functions.inc.php";
$CONF['title_header'] = lang('NEW_title') . " - " . $CONF['name_of_firm'];
if (validate_user($_SESSION['helpdesk_user_id'], $_SESSION['code'])) {
    if ($_SESSION['helpdesk_user_id']) {
        include "head.inc.php";
        include "navbar.inc.php";
        //check_unlinked_file();
        ?>



<div class="container" id="form_add">
<input type="hidden" id="main_last_new_ticket" value="<?php 
        echo get_last_ticket_new($_SESSION['helpdesk_user_id']);
        ?>
">


<div class="row" style="padding-bottom:20px;">

    <div class="col-md-8"> <center><h3><i class="fa fa-tag"></i> <?php 
        echo lang('NEW_title');
        ?>
</h3></center></div>


</div>
Ejemplo n.º 28
0
});
$app->post('/get_schools', function ($request, $response, $args) {
    validate_user($request->getParsedBody());
    $obj = SchoolAppClass::set_instance();
    $response = $obj->get_schools($request->getParsedBody());
    $obj->log_api($request->getParsedBody(), $_SERVER['REQUEST_URI'], $response);
    echo json_encode($response);
});
$app->post('/get_school_info', function ($request, $response, $args) {
    validate_user($request->getParsedBody());
    $obj = SchoolAppClass::set_instance();
    $response = $obj->get_school_info($request->getParsedBody());
    $obj->log_api($request->getParsedBody(), $_SERVER['REQUEST_URI'], $response);
    echo json_encode($response);
});
$app->post('/get_classes', function ($request, $response, $args) {
    //print_r($request->getParseBody());
    validate_user($request->getParsedBody());
    $obj = SchoolAppClass::set_instance();
    $response = $obj->get_classes($request->getParsedBody());
    $obj->log_api($request->getParsedBody(), $_SERVER['REQUEST_URI'], $response);
    echo json_encode($response);
});
$app->post('/get_notification_details', function ($request, $response, $args) {
    validate_user($request->getParsedBody());
    $obj = SchoolAppClass::set_instance();
    $response = $obj->get_notification_details($request->getParsedBody());
    $obj->log_api($request->getParsedBody(), $_SERVER['REQUEST_URI'], $response);
    echo json_encode($response);
});
$app->run();
Ejemplo n.º 29
0
<?php

require_once 'connection.php';
require_once 'functions.php';
validate_user();
?>
<LINK href="netherhall.css" rel="stylesheet" type="text/css">
<br>
<table border="0" cellpadding="1" cellspacing="1" style="margin-left:10px">
<tr class="header">
<td></td>
<?php 
$request = filter_input_array(INPUT_POST);
$today = time();
//today
$strToday = date("d/m/Y", $today);
$first_day = time() - 0 * 24 * 60 * 60;
// today
//$first_day=time()-(7 * 24 * 60 * 60); // one less week
//$first_day=time()-(285 * 24 * 60 * 60); // one less week
if ($request["small"] == 1) {
    $first_day = time();
}
if (isset($request["first_day"])) {
    $first_day = $request["first_day"];
}
if ($request["when"] == "week") {
    // 7 dias * 24 hours * 60 minutes * 60 seconds.
    $first_day = $first_day - 7 * 24 * 60 * 60;
} elseif ($request["when"] == "month") {
    // 4 weeks * 7 days * 24 hours * 60 minutes * 60 seconds.
Ejemplo n.º 30
0
// +-----------------------------------------------------------------+
// | Copyright(c) 2008-2014 PhreeSoft      (www.PhreeSoft.com)       |
// +-----------------------------------------------------------------+
// | This program is free software: you can redistribute it and/or   |
// | modify it under the terms of the GNU General Public License as  |
// | published by the Free Software Foundation, either version 3 of  |
// | the License, or any later version.                              |
// |                                                                 |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of  |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the   |
// | GNU General Public License for more details.                    |
// +-----------------------------------------------------------------+
//  Path: /modules/rma/pages/main/pre_process.php
//
$security_level = validate_user(SECURITY_RMA_MGT);
/**************  include page specific files    *********************/
require_once DIR_FS_WORKING . 'defaults.php';
require_once DIR_FS_MODULES . 'inventory/defaults.php';
/**************   page specific initialization  *************************/
if (!isset($_REQUEST['list'])) {
    $_REQUEST['list'] = 1;
}
$error = false;
$processed = false;
$cInfo = new objectInfo(array());
$creation_date = isset($_POST['creation_date']) ? gen_db_date($_POST['creation_date']) : date('Y-m-d');
$receive_date = isset($_POST['receive_date']) ? gen_db_date($_POST['receive_date']) : '';
$closed_date = isset($_POST['closed_date']) ? gen_db_date($_POST['closed_date']) : '';
$invoice_date = isset($_POST['invoice_date']) ? gen_db_date($_POST['invoice_date']) : '';
history_filter();