public static function ProcessSource($source)
{
$file = File::Temporary(TEMP_DIR, 'txt');
switch ($source['source']) {
case self::SOURCE_CLIPBOARD:
if (String::IsEmpty($_REQUEST[self::FIELD_CLIPBOARD])) {
throw new BaseException('The Clipboard field was empty');
}
file_put_contents($file, String::FormatNewlines($_REQUEST[self::FIELD_CLIPBOARD]));
break;
case self::SOURCE_UPLOAD:
$upload = $_FILES[self::FIELD_UPLOAD];
// Check for errors
if ($upload['error'] != UPLOAD_ERR_OK) {
throw new BaseException(Uploads::CodeToMessage($upload['error']));
}
if (move_uploaded_file($upload['tmp_name'], $file) === false) {
throw new BaseException('Could not process uploaded file');
}
break;
case self::SOURCE_URL:
$http = new HTTP();
if ($http->Get($_REQUEST[self::FIELD_URL], $_REQUEST[self::FIELD_URL])) {
file_put_contents($file, String::FormatNewlines($http->body));
} else {
throw new BaseException('Could not access URL: ' . $http->error);
}
break;
}
return basename($file);
}
public function __construct()
{
$this->From = Config::Get('email_address');
$this->FromName = Config::Get('email_name');
switch (Config::Get('mailer')) {
case self::MAIL:
$this->IsMail();
break;
case self::SENDMAIL:
$this->IsSendmail();
$this->Sendmail = Config::Get('sendmail_path');
break;
case self::SMTP:
$this->IsSMTP();
$this->Host = Config::Get('smtp_hostname');
$this->Port = Config::Get('smtp_port');
$this->SMTPSecure = Config::Get('flag_smtp_ssl') ? 'ssl' : '';
$this->Username = Config::Get('smtp_username');
$this->Password = Config::Get('smtp_password');
if (!String::IsEmpty($this->Username)) {
$this->SMTPAuth = true;
}
break;
}
$this->greeting = file_get_contents(TEMPLATES_DIR . '/email-global-greeting.tpl');
$this->signature = file_get_contents(TEMPLATES_DIR . '/email-global-signature.tpl');
}
public static function DurationToSeconds($duration)
{
if (String::IsEmpty($duration)) {
return 0;
}
list($hours, $minutes, $seconds) = explode(':', $duration);
return $hours * 3600 + $minutes * 60 + $seconds;
}
public static function Login()
{
$DB = GetDB();
self::$authenticated = false;
self::$superuser = false;
self::$username = null;
$cookie_settings = self::GetCookieSettings();
if (isset($_REQUEST[self::FIELD_USERNAME])) {
if (String::IsEmpty($_REQUEST[self::FIELD_USERNAME])) {
self::$error = 'The username field was left blank';
return;
}
if (String::IsEmpty($_REQUEST[self::FIELD_PASSWORD])) {
self::$error = 'The password field was left blank';
return;
}
$account = $DB->Row('SELECT * FROM `tbx_administrator` WHERE `username`=? AND `password`=?', array($_REQUEST[self::FIELD_USERNAME], sha1($_REQUEST[self::FIELD_PASSWORD])));
if (!$account) {
self::$error = 'The supplied username/password combination is not valid';
return;
} else {
$session = sha1(uniqid(rand(), true));
$DB->Update('INSERT INTO `tbx_administrator_session` VALUES (?,?,?,?,?)', array($account['username'], $session, sha1($_SERVER['HTTP_USER_AGENT']), $_SERVER['REMOTE_ADDR'], time()));
$DB->Update('INSERT INTO `tbx_administrator_login_history` VALUES (?,?,?)', array($account['username'], Database_MySQL::Now(), $_SERVER['REMOTE_ADDR']));
setcookie(self::COOKIE_NAME, self::FIELD_USERNAME . '=' . urlencode($account['username']) . '&' . self::FIELD_SESSION . '=' . urlencode($session), $_REQUEST[self::FIELD_REMEMBER] ? time() + self::SESSION_LENGTH : null, $cookie_settings['path'], $cookie_settings['domain']);
self::$username = $account['username'];
self::$superuser = $account['type'] == self::TYPE_SUPERUSER;
self::$privileges = $account['privileges'];
self::$authenticated = true;
}
} else {
if (isset($_COOKIE[self::COOKIE_NAME])) {
$cookie = array();
parse_str($_COOKIE[self::COOKIE_NAME], $cookie);
$DB->Update('DELETE FROM `tbx_administrator_session` WHERE `timestamp` < ?', array(time() - self::SESSION_LENGTH));
$session = $DB->Row('SELECT * FROM `tbx_administrator_session` WHERE `username`=? AND `session`=? AND `browser`=? AND `ip_address`=?', array($cookie[self::FIELD_USERNAME], $cookie[self::FIELD_SESSION], sha1($_SERVER['HTTP_USER_AGENT']), $_SERVER['REMOTE_ADDR']));
if (!$session) {
setcookie(self::COOKIE_NAME, false, time() - self::SESSION_LENGTH, $cookie_settings['path'], $cookie_settings['domain']);
self::$error = 'Your control panel session has expired';
return;
} else {
$account = $DB->Row('SELECT * FROM `tbx_administrator` WHERE `username`=?', array($session['username']));
if (!$account) {
setcookie(self::COOKIE_NAME, false, time() - self::SESSION_LENGTH, $cookie_settings['path'], $cookie_settings['domain']);
self::$error = 'Invalid control panel account';
return;
} else {
self::$username = $account['username'];
self::$superuser = $account['type'] == self::TYPE_SUPERUSER;
self::$privileges = $account['privileges'];
self::$authenticated = true;
}
}
}
}
return self::$authenticated;
}
public static function RemoveFromFrequency($tags)
{
if (String::IsEmpty($tags)) {
return;
}
$DB = GetDB();
foreach (explode(' ', $tags) as $tag) {
$tag = trim($tag);
$DB->Update('UPDATE `tbx_video_tag` SET `frequency`=`frequency`-1 WHERE `tag`=?', array($tag));
}
$DB->Update('DELETE FROM `tbx_video_tag` WHERE `frequency` < 1');
}
public static function Sanitize($filename, $force_extension = null)
{
$info = pathinfo($filename);
$filename = $info['filename'];
$extension = isset($info['extension']) ? $info['extension'] : '';
$filename = preg_replace('~[^a-z0-9_\\-]~i', '', $filename);
$extension = preg_replace('~[^a-z0-9]~i', '', $extension);
if (String::IsEmpty($filename)) {
$filename = 'none';
}
if (String::IsEmpty($extension)) {
return $filename . ($force_extension ? '.' . $force_extension : '');
} else {
return $filename . '.' . ($force_extension ? $force_extension : $extension);
}
}
public function RegisterFromXml($xtable, $section = 'admin', $location = 'create')
{
$reflect = new ReflectionClass('Validator_Type');
foreach ($xtable->xpath('./columns/column') as $xcolumn) {
$xsection = $xcolumn->el('./' . $section);
if ($section != 'admin' && !empty($xsection) && !$xsection->el('./' . $location)->val()) {
continue;
}
$xvalidators = $xcolumn->xpath('./' . $section . '/validator');
if (empty($xvalidators)) {
continue;
}
foreach ($xvalidators as $xvalidator) {
$type = $reflect->getConstant($xvalidator->type->val());
$value = Request::Get($xcolumn->name->val());
switch ($xvalidator->condition->val()) {
case self::COND_NOT_EMPTY:
if (String::IsEmpty($value)) {
break;
}
default:
$this->Register($value, $type, $xvalidator->message->val(), $xvalidator->extras->val());
break;
}
}
}
}
public static function Login($fail_function = null)
{
$DB = GetDB();
self::$authenticated = false;
self::$username = null;
try {
if (isset($_REQUEST[self::FIELD_USERNAME])) {
if (String::IsEmpty($_REQUEST[self::FIELD_USERNAME])) {
throw new Exception(_T('Validation:Required', _T('Label:Username')));
}
if (String::IsEmpty($_REQUEST[self::FIELD_PASSWORD])) {
throw new Exception(_T('Validation:Required', _T('Label:Password')));
}
$user = $DB->Row('SELECT * FROM `tbx_user` WHERE `username`=? AND `password`=?', array($_REQUEST[self::FIELD_USERNAME], sha1($_REQUEST[self::FIELD_PASSWORD])));
if (!$user) {
throw new Exception(_T('Validation:Invalid Login'));
} else {
if ($user['status'] != STATUS_ACTIVE) {
throw new Exception(_T('Validation:Inactive Account'));
}
$session = sha1(uniqid(rand(), true));
$DB->Update('UPDATE `tbx_user_stat` SET `date_last_login`=? WHERE `username`=?', array(Database_MySQL::Now(), $user['username']));
$DB->Update('INSERT INTO `tbx_user_session` VALUES (?,?,?,?,?)', array($user['username'], $session, sha1($_SERVER['HTTP_USER_AGENT']), $_SERVER['REMOTE_ADDR'], time()));
setcookie(LOGIN_COOKIE, self::FIELD_USERNAME . '=' . urlencode($user['username']) . '&' . self::FIELD_SESSION . '=' . urlencode($session), $_REQUEST[self::FIELD_REMEMBER] ? time() + self::REMEMBER_PERIOD : null, Config::Get('cookie_path'), Config::Get('cookie_domain'));
self::$username = $user['username'];
self::$authenticated = true;
}
} else {
if (isset($_COOKIE[LOGIN_COOKIE])) {
$cookie = array();
parse_str(html_entity_decode($_COOKIE[LOGIN_COOKIE]), $cookie);
$DB->Update('DELETE FROM `tbx_user_session` WHERE `timestamp` < ?', array(time() - self::REMEMBER_PERIOD));
$session = $DB->Row('SELECT * FROM `tbx_user_session` WHERE `username`=? AND `session`=?', array($cookie[self::FIELD_USERNAME], $cookie[self::FIELD_SESSION]));
if (!$session) {
setcookie(LOGIN_COOKIE, false, time() - 604800, Config::Get('cookie_path'), Config::Get('cookie_domain'));
throw new Exception(_T('Validation:Session Expired'));
} else {
$user = $DB->Row('SELECT * FROM `tbx_user` WHERE `username`=?', array($session['username']));
if (!$user) {
setcookie(LOGIN_COOKIE, false, time() - 604800, Config::Get('cookie_path'), Config::Get('cookie_domain'));
throw new Exception(_T('Validation:Invalid Account'));
} else {
if ($user['status'] != STATUS_ACTIVE) {
throw new Exception(_T('Validation:Inactive Account'));
}
self::$username = $user['username'];
self::$authenticated = true;
}
}
}
}
} catch (Exception $e) {
self::$error = $e->getMessage();
self::$authenticated = false;
}
if (!self::$authenticated && function_exists($fail_function)) {
call_user_func($fail_function);
exit;
}
return self::$authenticated;
}
function tbxGenericSearch()
{
$DB = GetDB();
$schema = GetDBSchema();
$_REQUEST['per_page'] = isset($_REQUEST['per_page']) && $_REQUEST['per_page'] > 0 ? $_REQUEST['per_page'] : 20;
$_REQUEST['page'] = isset($_REQUEST['page']) && $_REQUEST['page'] > 0 ? $_REQUEST['page'] : 1;
// Sanity checking
$table = Request::GetSafe('table');
$xtable = $schema->el('//table[name="' . $table . '"]');
if (empty($xtable)) {
throw new BaseException('The supplied database table does not exist', $table);
}
// Get custom and merge tables
$custom_table = $xtable->custom->val();
$merge_tables = empty($custom_table) ? array() : array($custom_table);
foreach ($xtable->xpath('./merge') as $xmerge) {
$merge_tables[] = $xmerge->val();
}
// Start building the SQL query
$s = new SQL_SelectBuilder($table);
// Fulltext searches
if (isset($_REQUEST['text_search']) && !String::IsEmpty($_REQUEST['text_search'])) {
$columns = array();
foreach ($xtable->xpath('.//fulltext[1]/column') as $xcolumn) {
$columns[] = $table . '.' . $xcolumn->val();
}
$s->AddFulltextWhere($columns, $_REQUEST['text_search_type'], $_REQUEST['text_search']);
if ($_REQUEST['text_search_type'] == SQL::FULLTEXT) {
$_REQUEST['sort_field'] = array();
}
}
// Standard search fields
for ($i = 0; $i < count($_REQUEST['search_field']); $i++) {
$s->AddWhere($_REQUEST['search_field'][$i], $_REQUEST['search_operator'][$i], $_REQUEST['search_term'][$i], $_REQUEST['search_connector'][$i], true);
}
// Sort fields
for ($i = 0; $i < count($_REQUEST['sort_field']); $i++) {
$s->AddOrder($_REQUEST['sort_field'][$i], $_REQUEST['sort_direction'][$i]);
}
$primary_key = $xtable->columns->primaryKey->val();
$result = $DB->QueryWithPagination($s->Generate(), $s->Binds(), $_REQUEST['page'], $_REQUEST['per_page'], $primary_key);
if ($result['handle']) {
$global_item_include_file = File::Sanitize('cp-' . $xtable->naming->type . '-search-item-global.php', 'php');
$item_include_file = File::Sanitize('cp-' . $xtable->naming->type . '-search-item.php', 'php');
if (!is_file("includes/{$item_include_file}")) {
throw new BaseException('The required include file could not be found', $item_include_file);
}
ob_start();
if (is_file("includes/{$global_item_include_file}")) {
include $global_item_include_file;
}
while ($original = $DB->NextRow($result['handle'])) {
foreach ($merge_tables as $merge_table) {
$row = $DB->Row('SELECT * FROM # WHERE #=?', array($merge_table, $primary_key, $original[$primary_key]));
if (is_array($row)) {
$original = array_merge($row, $original);
}
}
$item = String::HtmlSpecialChars($original);
include $item_include_file;
}
$result['html'] = ob_get_clean();
$DB->Free($result['handle']);
unset($result['handle']);
}
JSON::Success($result);
}
function GetBestCategory($search_data)
{
if (Cache_Memory::IsCached(CACHE_CATEGORIES)) {
$categories = Cache_Memory::Get(CACHE_CATEGORIES);
} else {
$DB = GetDB();
$categories = $DB->FetchAll('SELECT * FROM `tbx_category`');
Cache_Memory::Cache(CACHE_CATEGORIES, $categories);
}
$best_score = 0;
$best_category_id = null;
foreach ($categories as $category) {
if (!String::IsEmpty($category['auto_category_term']) && preg_match('~(' . str_replace(',', '|', preg_quote($category['auto_category_term'])) . ')~i', $search_data, $matches)) {
if (count($matches[1]) > $best_score) {
$best_score = count($matches[1]);
$best_category_id = $category['category_id'];
}
}
}
return $best_category_id;
}
private function Query($query)
{
$DB = GetDB();
$xnaming = $this->xtable->naming;
$table = $this->xtable->name->val();
$primary_key = $this->xtable->el('.//primaryKey')->val();
$search = $this->search_form;
$s = new SQL_SelectBuilder($table);
switch ($this->type) {
case self::$TYPE_MATCHING:
// Fulltext searches
if (isset($search['text_search']) && !String::IsEmpty($search['text_search'])) {
$columns = array();
foreach ($this->xtable->xpath('.//fulltext/column') as $xcolumn) {
$columns[] = $table . '.' . $xcolumn->name;
}
$s->AddFulltextWhere($columns, $search['text_search_type'], $search['text_search']);
}
for ($i = 0; $i < count($search['search_field']); $i++) {
$s->AddWhere($search['search_field'][$i], $search['search_operator'][$i], $search['search_term'][$i], $search['search_connector'][$i], true);
}
break;
case self::$TYPE_SELECTED:
$s->AddWhere("{$table}.{$primary_key}", SQL::IN, $search['search_term']);
break;
}
switch ($query) {
case 'amount':
return $DB->QueryCount($s->Generate(), $s->Binds(), $primary_key);
case 'handle':
return $DB->Query($s->Generate(), $s->Binds());
case 'ids':
$ids = array();
$result = $DB->Query($s->Generate(), $s->Binds());
while ($row = $DB->NextRow($result)) {
$ids[] = $row[$primary_key];
}
$DB->Free($result);
return $ids;
}
}
private static function VerifyRequiredAttributes($required, &$attributes, $tag)
{
foreach ($required as $r) {
if (!isset($attributes[$r]) || String::IsEmpty($attributes[$r])) {
throw new CompilerException("{" . $tag . "} tag is missing the '{$r}' attribute");
}
}
}
function AddFulltextWhere($fields, $operator, $value, $skip_empty = false)
{
// No need to process empty items
if ($skip_empty && String::IsEmpty($value)) {
return;
}
foreach ($fields as $field) {
list($table, $junk) = $this->ParseField($field);
}
$this->wheres[] = array($table, $fields, $operator, $value, SQL::LOGICAL_AND);
}
