} } if ($message == "") { require 'core_extra.php'; if ($_POST['ViewMonitor']) { $SHOW_MONITOR_2 = TRUE; } else { $SHOW_MONITOR_3 = TRUE; } } $TimeStart = $RealTimeStart; $TimeEnd = $RealTimeEnd; } } $html_writer = new html(); $html_writer->draw_header('Security Monitor', $message, $message_type); if ($SHOW_MONITOR_2) { new_window("security_monitor2.php?DateTimeOptions={$DateTimeOptions}&UserOptions={$UserOptions}&ModuleOptions={$ModuleOptions}&TimeStart={$TimeStart}&TimeEnd={$TimeEnd}&Username={$Username}&Module={$Module}&KeywordSearch={$KeywordSearch}&Keyword={$Keyword}&IPAddressOptions={$IPAddressOptions}&IPAddress={$IPAddress}"); } elseif ($SHOW_MONITOR_3) { new_window("security_monitor3.php?DateTimeOptions={$DateTimeOptions}&UserOptions={$UserOptions}&ModuleOptions={$ModuleOptions}&TimeStart={$TimeStart}&TimeEnd={$TimeEnd}&Username={$Username}&Module={$Module}&KeywordSearch={$KeywordSearch}&Keyword={$Keyword}&IPAddressOptions={$IPAddressOptions}&IPAddress={$IPAddress}"); } ?> <script> function NoRange() { window.document.cobalt_form.TimeStart.value='-NO RANGE-'; window.document.cobalt_form.TimeEnd.value='-NO RANGE-' } function WithRange() { if(window.document.cobalt_form.TimeStart.value=='-NO RANGE-') window.document.cobalt_form.TimeStart.value='';
<?php //****************************************************************** //This file was generated by Cobalt, a rapid application development //framework developed by JV Roig (jvroig@jvroig.com). // //Cobalt on the web: http://cobalt.jvroig.com //****************************************************************** require_once 'path.php'; init_cobalt('ALLOW_ALL'); $html = new html(); $html->draw_header('About ' . GLOBAL_PROJECT_NAME, $message, $message_type); $project_name = GLOBAL_PROJECT_NAME; $msg = <<<EOD This is a microsite wherein the students and the internship head communicate with each other during the internship period. <br /><br /><b> {$project_name} is powered by Cobalt</b> EOD; $html->display_info($msg); $html->draw_page_title('About Cobalt'); $msg = <<<EOD Cobalt is a web-based code generator and framework using PHP and Oracle Database created by JV Roig. It makes web-based systems maintainable, scalable, secure and efficient, and makes the life of developers a lot easier. <br><br> <a href="http://cobalt.jvroig.com/co/download/" target="_blank">Download Cobalt</a> | <a href="http://cobalt.jvroig.com/co/documentation/" target="_blank">Cobalt FAQ</a> EOD; $html->display_message($msg); $html->draw_footer();
$dbh->set_where("username='******' AND link_id='" . quote_smart($link_id) . "'"); $dbh->make_query(); if ($dbh->num_rows == 0) { $dbh->set_query_type('INSERT'); $dbh->set_values("'" . quote_smart($Username) . "','" . quote_smart($link_id) . "'"); $dbh->make_query(); } } $dbh->close_db(); } $message = 'Success! User passport has been updated.'; $message_type = 'system'; } } $html_writer = new html(); $html_writer->draw_header('Set User Passports', $message, $message_type); ?> <div class="container"> <fieldset class="container_invisible"> <fieldset class="top"> Role-Based Access Control Interface</fieldset> <fieldset class="middle"> <table class="input_form" width="800"> <tr><td><a href="set_user_passports.php">[Custom Permissions]</a> :: <a href="set_user_passports2.php">[View and Remove Permissions Per Module]</a> :: <b>[Role-Based Access Control Interface]</b><hr></td> </table> <?php init_var($Username); init_var($Name); init_var($Type); ?> <table width="75%" cellpadding="2" cellspacing="2" class="input_form">
<?php require_once 'path.php'; init_cobalt('ALLOW_ALL', FALSE); $html = new html(); $html->draw_header('Welcome to your Control Center', $message, $message_type, FALSE); if (ENABLE_SIDEBAR) { echo ' <script> if (top.location == location) { window.location.replace("start.php"); } </script> '; } if (DEBUG_MODE) { $html->display_error('System is running in DEBUG MODE. Please contact the system administrator ASAP.'); } require_once 'subclasses/request.php'; $dbh_request = new request(); $dbh_request->execute_query("SELECT date_served FROM request WHERE date_served = '0000-00-00'"); $result1 = $dbh_request->result; $hi = array(); while ($row1 = $result1->fetch_assoc()) { extract($row1); $hi[] = $row1['date_served']; } $res = count($hi); $html->display_tip('You have: ' . $res . ' documents to process'); require_once 'subclasses/citizen.php';
$_SESSION['footer'] = $footer; $_SESSION['skin'] = $skin_name; $_SESSION['master_css'] = $master_css; $_SESSION['colors_css'] = $colors_css; $_SESSION['fonts_css'] = $fonts_css; $_SESSION['override_css'] = $override_css; $_SESSION['icon_set'] = $icon_set; if (trim($_SESSION['icon_set'] == '')) { $_SESSION['icon_set'] = 'cobalt'; } } $redraw = TRUE; } } $html = new html(); $html->draw_header('Change Skin', $message); $html->display_info('Changing the System Skin does not affect functionality.<br>All changes are merely aesthetic.'); echo '<div class="container"> <fieldset class="container_invisible"> <fieldset class="top"> Skin (UI Theme) Management </fieldset> <fieldset class="middle"> <table class="input_form">'; echo '<tr><td class="label">System Skin:</td><td> <select name="skin_id">'; $data_con = new data_abstraction(); $data_con->set_fields('skin_id AS new_skin_id, skin_name'); $data_con->set_table('system_skins'); $data_con->set_order('skin_name'); $result = $data_con->make_query()->result; $numrows = $data_con->num_rows; if ($data_con->error) {
$result_message_type = 'error'; } else { //Delete passports of all users retreived $db = new data_abstraction(); $db->execute_query('DELETE FROM user_passport WHERE username IN (' . $lst_user . ')'); //Assign role privileges to each user foreach ($arr_user as $username) { $db->execute_query("INSERT `user_passport` SELECT '" . quote_smart($username) . "', `link_id` FROM user_role_links WHERE role_id='" . quote_smart($role_id) . "'"); } $result_message = 'Role cascade update was succesful.'; $result_message_type = 'system'; } } } $html = new html(); $html->draw_header('Role Cascade Update', $message, $message_type); $html->draw_listview_referrer_info($filter_field_used, $filter_used, $page_from, $filter_sort_asc, $filter_sort_desc); $html->draw_hidden('role_id'); $html->draw_hidden('role_name'); echo '<div class="container">'; echo '<fieldset class="container_invisible">'; $html->draw_fieldset_header('Batch Process to Update "' . cobalt_htmlentities($role_name) . '" Users'); $html->draw_fieldset_body_start(); echo '<tr><td>'; if ($show_result) { if ($result_message_type == 'error') { $html->display_error($result_message); } else { $html->display_message($result_message); } } else {
<?php if (isset($valid_directory) && $valid_directory != '') { $html = new html(); $filename = str_replace("", '', cobalt_htmlentities_decode(basename(urldecode($_GET['filename'])))); $download_name = substr($filename, $html->upload_token_length); $filename = $valid_directory . '/' . $filename; if (is_readable($filename) && dirname($filename) === $valid_directory) { log_action('Successful file download: ' . $download_name . ' (' . $filename . ')'); header('Content-Description: File Download'); header("Cache-Control: no-cache, must-revalidate"); header('Content-Transfer-Encoding: binary'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . $download_name . '"'); header('Content-Length: ' . filesize($filename)); @ob_clean(); //error suppression to avoid Notice if output buffering was turned off in php.ini; otherwise, Notice will corrupt the file flush(); readfile($filename); die; } else { log_action('Failed file download: ' . $download_name . ' (' . $filename . ')'); $message = 'File not found or server error encountered.<br> Please press the back button in your browser and try again. <br><br> If this error persists, the file must have been deleted. Please contact your system administrator.'; $html->draw_header('File Download Error', $message); $html->draw_footer(); } }
$mod_update_con->set_update("status='{$new_module_status}'"); $mod_update_con->set_where("link_id='{$link_id}'"); $mod_update_con->make_query(); if ($mod_update_con->error != '') { die($mod_update_con->error); } } } $data_con->close_db(); $mod_update_con->close_db(); $message = 'Modules status have been updated.'; $message_type = 'system'; } } $html_writer = new html(); $html_writer->draw_header('Module Control', $message, $message_type); //Display system message after module status update. echo '<div class="container"> <fieldset class="container_invisible"> <fieldset class="top"> Enable or Disable System Modules</fieldset> <fieldset class="middle"> <table class="input_form" width="900">'; echo '<tr><td style="vertical-align: middle">'; $html_writer->draw_button('SPECIAL', 'submit', 'btn_submit', 'SAVE CHANGES', FALSE, 0); $html_writer->draw_button('SPECIAL', 'cancel', 'btn_cancel', 'BACK', FALSE, 0); $html_writer->draw_button('BUTTON', '', 'enable', 'ENABLE ALL', FALSE, 0, "onClick='checkAll()'"); $html_writer->draw_button('BUTTON', '', 'disable', 'DISABLE ALL', FALSE, 0, "onClick='uncheckAll()'"); echo '</td><td align="right">'; ?> <span class="label">Module Category: </span><select name="passportGroup" onChange="this.form.submit();"> <?php
$data_con = new data_abstraction(); $data_con->set_query_type('UPDATE'); $data_con->set_table('user'); $data_con->set_update("`password`='{$hashed_password}', `salt`='{$new_salt}', `iteration`='{$new_iteration}', `method`='{$new_method}'"); $data_con->set_where("username='******'user']) . "'"); $data_con->make_query(); $message = 'Your password has been successfully updated! You can <a href="main.php"> click here </a> to go back to your control center or use the menu above.'; $message_type = 'SYSTEM'; $old_password = ''; $password1 = ''; $password2 = ''; } } } $html = new html(); $html->draw_header('Change Password', $message, $message_type); echo '<div class="container"> <fieldset class="container_invisible"> <fieldset class="top"> Password Management </fieldset> <fieldset class="middle"> <table class="input_form">'; $html->draw_text_field('Old Password', 'old_password', FALSE, 'password', TRUE, 'maxlength="' . MAX_PASSWORD_LENGTH . '"'); $html->draw_text_field('New Password', 'password1', FALSE, 'password', TRUE, 'maxlength="' . MAX_PASSWORD_LENGTH . '"'); $html->draw_text_field('Confirm New Password', 'password2', FALSE, 'password', TRUE, 'maxlength="' . MAX_PASSWORD_LENGTH . '"'); echo '</table> </fieldset> <fieldset class="bottom">'; $html->draw_submit_cancel(); echo '</fieldset>'; echo '</fieldset>';
$data_con->set_query_type('INSERT'); for ($a = 0; $a < $numLinks; $a++) { if (isset($link[$a])) { $data_con->set_table('user_role_links'); $data_con->set_fields('role_id, link_id'); $data_con->set_values("'" . quote_smart($role_id) . "', '{$link[$a]}'"); $data_con->make_query(); } } $data_con->close_db(); $message = 'Role privileges succesfully updated'; $message_type = 'system'; } } $html_writer = new html(); $html_writer->draw_header('Role Permissions', $message, $message_type); $html_writer->draw_listview_referrer_info($filter_field_used, $filter_used, $page_from, $filter_sort_asc, $filter_sort_desc); $html_writer->draw_hidden('role_id'); $html_writer->draw_hidden('role_name'); ?> <div class="container"> <fieldset class="container_invisible"> <fieldset class="top"> Modify System Privileges for Role: <?php echo $role_name; ?> </fieldset> <fieldset class="middle"> <table width="75%" cellpadding="2" cellspacing="2" align="center" class="tableContent"> <?php init_var($passportGroup); ?>
function auto_doc() { //****************************** //Getting documentation data //****************************** $module_name = $this->readable_name; $vocabulary = FULLPATH_BASE . 'help/' . $this->language_dir . '/' . $this->language . '/' . $this->vocabulary; require $vocabulary; $highlight_style = 'font-weight: bold; text-decoration: underline;'; //Get Field Info $arr_required = array(); $arr_optional = array(); $arr_field_labels = array(); $arr_field_max_length = array(); $arr_allow_html = array(); $arr_allowed_chars = array(); $arr_valid_set = array(); $arr_date_default = array(); foreach ($this->fields as $field => $arr_field_data) { //REQUIRED, OPTIONAL, and MAX LENGTH $display_max_length = TRUE; $display_allowed_chars = TRUE; $display_valid_set = TRUE; if ($arr_field_data['required'] == TRUE) { $arr_required[] = $arr_field_data['label']; } elseif ($arr_field_data['control_type'] == 'none' || $arr_field_data['control_type'] == '') { //nothing for fields without control types (auto-increment, hidden / auto fields, removed fields) //we also disable showing max length and allowed chars $display_max_length = FALSE; $display_allowed_chars = FALSE; } else { $arr_optional[] = $arr_field_data['label']; } if ($display_max_length) { $arr_field_labels[] = $arr_field_data['label']; $arr_field_max_length[] = $arr_field_data['length']; } if ($display_allowed_chars) { if ($arr_field_data['char_set_method'] == '') { $arr_allowed_chars[] = '***'; //This is a placeholder value that will be interpreted by the template as "all chars allowed" } else { $extra_chars_allowed = $arr_field_data['extra_chars_allowed']; $char_set_allow_space = $arr_field_data['char_set_allow_space']; $char_set_method = $arr_field_data['char_set_method']; require_once 'char_set_class.php'; $cg = new char_set(); $cg->allow_space = $char_set_allow_space; $cg->{$char_set_method}($extra_chars_allowed); $arr_allowed_chars[] = $cg->allowed_chars; $cg = null; } } } //Scan for images clearstatcache(); $arr_images = array(); $image_dir = getcwd() . '/' . $this->doc_images_dir; if (is_dir($image_dir) && is_readable($image_dir)) { $arr_valid_formats = $this->image_formats; if ($dh = opendir($image_dir)) { while (($file = readdir($dh)) !== false) { $extension = pathinfo($file, PATHINFO_EXTENSION); //Verify that file extension is in whitelist $allowed_extension = FALSE; if (in_array(strtolower($extension), $arr_valid_formats)) { $arr_images[] = $file; } else { //ignore } } } sort($arr_images); } if (count($arr_images) > 0) { //Make sure images fit -- width should be no more than max_image_width $arr_image_widths = array(); foreach ($arr_images as $file) { $image_data = getimagesize($image_dir . '/' . $file); $dimensions = $image_data[3]; $quote1_pos = strpos($dimensions, '"'); $quote2_pos = strpos($dimensions, '"', $quote1_pos + 1); $quote3_pos = strpos($dimensions, '"', $quote2_pos + 1); $quote4_pos = strpos($dimensions, '"', $quote3_pos + 1); $width = substr($dimensions, $quote1_pos + 1, $quote2_pos - $quote1_pos - 1); $height = substr($dimensions, $quote3_pos + 1, $quote4_pos - $quote3_pos - 1); //echo $dimensions . ' with quotes at positions: ' . " $quote1_pos $quote2_pos $quote3_pos $quote4_pos " . '<br>'; //echo "$file width is $width and height is $height" . '<hr>'; if ($width > 1000) { $width = 1000; } $arr_image_widths[] = $width; } } //Set path to images for image links $path_to_images = '/' . BASE_DIRECTORY . '/help/' . $this->document_dir . '/' . basename(getcwd()) . '/' . $this->doc_images_dir . '/'; //****************************** //Output //****************************** $html = new html(); $html->draw_header($this->readable_name); echo '<div style="padding: 30px;">'; echo '<a href="../../contents.php">[Back to Table of Contents]</a>'; echo '<hr><br>'; if (isset($arr_images[0])) { echo '<div style="display: block">'; echo '<img src="' . $path_to_images . $arr_images[0] . '" width="' . $arr_image_widths[0] . '">'; echo '</div>'; } echo $how_to_add_intro; echo ' '; echo $how_to_add_required; if (count($arr_required) > 0) { echo '<ul style="list-style-type: disc; ' . $highlight_style . '; padding: 10px; padding-left: 25px">'; foreach ($arr_required as $field_name) { echo '<li>' . $field_name . '</li>'; } echo '</ul>'; } if (count($arr_optional) > 0) { echo $how_to_add_optional; echo '<ul style="list-style-type: circle; ' . $highlight_style . '; padding: 10px; padding-left: 25px">'; foreach ($arr_optional as $field_name) { echo '<li>' . $field_name . '</li>'; } echo '</ul>'; } if (isset($arr_images[1])) { echo '<div style="display: block">'; echo '<img src="' . $path_to_images . $arr_images[1] . '" width="' . $arr_image_widths[1] . '">'; echo '</div>'; } echo '<br>'; echo $how_to_add_working_with_fields_0; echo '<ul style="list-style-type: circle; padding: 10px; padding-left: 25px">'; foreach ($arr_field_labels as $index => $field_name) { echo '<li>'; echo $how_to_add_working_with_fields_1; echo ' <span style="' . $highlight_style . '">' . $field_name . '</span> '; if ($arr_field_max_length[$index] == 0) { echo $how_to_add_working_with_fields_4; } else { echo $how_to_add_working_with_fields_2; echo ' ' . $arr_field_max_length[$index] . ' '; echo $how_to_add_working_with_fields_3; } echo '</li>'; } echo '</ul>'; if (isset($arr_images[2])) { $limit = count($arr_images); for ($a = 2; $a < $limit; ++$a) { echo '<div style="display: block">'; echo '<img src="' . $path_to_images . $arr_images[$a] . '" width="' . $arr_image_widths[$a] . '">'; echo '</div>'; echo '<br>'; } } echo '<br>'; echo $how_to_add_allowed_chars_0; echo '<ul style="list-style-type: circle; padding: 10px; padding-left: 25px">'; $char_limit = 15; //this should probably be a setting of some sort, perhaps in base_documentation_class foreach ($arr_field_labels as $index => $field_name) { echo '<li>'; echo $how_to_add_allowed_chars_1; echo ' <span style="' . $highlight_style . '">' . $field_name . '</span> '; if ($arr_allowed_chars[$index] == '***') { echo $how_to_add_allowed_chars_2; echo '<br>'; echo '<table>'; echo '<tr>'; echo '<td style="text-align: center; border-style: solid; border-width: 1px; padding-top: 5px; padding-bottom: 5px; width: ' . (40 * $char_limit + 14) . 'px;" colspan="' . $char_limit . '">'; echo $how_to_add_allowed_chars_4; echo '</td>'; echo '</tr>'; echo '</table><br>'; } else { echo $how_to_add_allowed_chars_3; echo '<br>'; echo '<table>'; echo '<tr>'; $char_counter = 0; foreach ($arr_allowed_chars[$index] as $char) { echo '<td style="text-align: center; border-style: solid; border-width: 1px; padding-top: 5px; padding-bottom: 5px; width: 40px;">'; if ($char == ' ') { echo '<span style="font-size: 9px">[space]</span>'; } elseif ($char == "\r") { echo '\\r'; } elseif ($char == "\n") { echo '\\n'; } else { echo $char; } echo '</td>'; ++$char_counter; if ($char_counter == $char_limit) { $char_counter = 0; echo '</tr>'; echo '<tr>'; } } echo '</tr>'; echo '</table><br>'; } echo '</li>'; } echo '</ul>'; echo '<br><hr>'; echo '<a href="../../contents.php">[Back to Table of Contents]</a>'; echo '</div>'; }
<?php if (isset($enable_red_alert) && $enable_red_alert == TRUE) { $username = $_SESSION['user']; $ip_address = get_ip(); $message = 'You tried to access a module without sufficient privileges.<br>' . 'Cobalt Security has detected and blocked this illegal access attempt.<br><br>' . 'The following details have been logged and sent to the system administrator for review: ' . '<br>*Date & time of illegal access attempt: ' . date('Y-m-d, h:ia') . '<br>*Username: '******'<br>*IP Address: ' . $ip_address . '<br>*Module: ' . basename($_SERVER['PHP_SELF']) . '<br><br>If you have seen this alert by mistake, or you believe you should have access, please ask the system administrator to review your permissions and relevant module settings.'; $message_type = 'error'; if (isset($_COOKIE[session_name()])) { setcookie(session_name(), "", time() - 86400); } $html = new html(); $html->draw_header('Possible Hack Attempt Detected and Blocked', $message, $message_type); $html->draw_footer(); $_SESSION = array(); session_destroy(); die; }