Ejemplo n.º 1
0
 public function upload()
 {
     // security check first
     $token_handler = new security();
     $token_handler->check_token();
     // receives data from input form:
     /*
     *  <form action="upload.php" method="post" enctype="multipart/form-data">
            Select image to upload:
            <input type="file" name="fileToUpload" id="fileToUpload">
            <input type="submit" value="Upload Image" name="submit">
        </form>
     */
     $target_dir = PHOTO_DIR;
     $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
     $uploadOk = 1;
     $imageFileType = pathinfo($target_file, PATHINFO_EXTENSION);
     // actual photo/image ?
     $msg = '';
     if (isset($_POST["submit"])) {
         $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
         if ($check !== false) {
             $msg .= "File is an image - " . $check["mime"] . ".";
             $uploadOk = 1;
         } else {
             $msg .= "File is not an image.";
             $uploadOk = 0;
         }
     }
     // Check if file already exists
     if (file_exists($target_file)) {
         $msg .= "Sorry, file already exists.";
         $uploadOk = 0;
     }
     // Check file size
     if ($_FILES["fileToUpload"]["size"] > 500000) {
         $msg .= "Sorry, your file is too large.";
         $uploadOk = 0;
     }
     // Allow certain file formats
     if ($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif") {
         $msg .= "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
         $uploadOk = 0;
     }
     // Check if $uploadOk is set to 0 by an error
     if ($uploadOk == 0) {
         $msg .= "Sorry, your file was not uploaded.";
         // if everything is ok, try to upload file
     } else {
         if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
             $msg .= "The file " . basename($_FILES["fileToUpload"]["name"]) . " has been uploaded.";
         } else {
             $msg .= "Sorry, there was an error uploading your file.";
         }
     }
     $result = array('message' => $msg, 'ok' => $uploadOk);
     return $result;
 }
Ejemplo n.º 2
0
 /**
  * @param FactoryInterface $factory
  * @param EntityManager    $entityManager
  * @param TokenStorage     $security
  */
 public function __construct(FactoryInterface $factory, EntityManager $entityManager, TokenStorage $security)
 {
     $this->factory = $factory;
     $this->entityManager = $entityManager;
     $this->security = $security;
     $this->repository = $this->entityManager->getRepository('BigfootUserBundle:RoleMenu');
     $this->menu = null;
     $this->children = array();
     $this->user = $this->security->getToken()->getUser();
 }
Ejemplo n.º 3
0
 /**
  * 初始化函数,获取加密与解密的Key
  */
 public static function init()
 {
     if (empty(self::$key)) {
         $global_conf = Registry::get('global_conf');
         self::$key = $global_conf['key'];
     }
 }
Ejemplo n.º 4
0
 public static function edit()
 {
     if (!security::isLogged() || !USER_IS_ADMIN) {
         return;
     }
     $name = f::getParam("name");
     $availableFrom = f::date2sql(f::getParam("available_from"));
     $availableTo = f::date2sql(f::getParam("available_to"));
     $status = f::getParam("status");
     if ($status != 1 && $status != 0 && $status != 2) {
         f::setError(400, "Wrong Status");
     }
     if (!$name) {
         f::setError(400, "Invalid form name");
     }
     $clientExists = f::dbRes("select 1 from fm_clients where id = {p:client_id}");
     if (!$clientExists) {
         f::setError(400, "Client does not Exist");
     }
     if (!f::hasErrors()) {
         if (f::getParam("form_id")) {
             f::dbQuery("insert into fm_forms_log (created_date, form_id, client_id, name, enabled_domains, detail, available_from, available_to, status, description)\n\t\t\t\t\tselect now(), id, client_id, name, enabled_domains, detail, available_from, available_to, status, description from fm_forms where id = {p:form_id}");
             f::dbQuery("update fm_forms set name = {p:name}, detail = {p:detail}, available_from = {availableFrom}, available_to = {availableTo}, status = {p:status} where id = {p:form_id}", array("availableFrom" => $availableFrom, "availableTo" => $availableTo));
         } else {
             f::dbQuery("insert into fm_forms set client_id = {p:client_id}, name = {p:name}, detail = {p:detail}, available_from = {availableFrom}, available_to = {availableTo}, status = {p:status} ", array("availableFrom" => $availableFrom, "availableTo" => $availableTo));
         }
         f::setResponseJson(array("ok" => 1));
     }
 }
Ejemplo n.º 5
0
 public function update($id)
 {
     if (request::is_ajax() and request::method() == 'post') {
         $this->auto_render = FALSE;
         $post = security::xss_clean($this->input->post());
         $item = $this->item_model->find($id)->as_array();
         if (!empty($_FILES['item-image']['name'])) {
             $targetPath = 'assets/uploads/items/';
             $filename = $_FILES['item-image']['name'];
             $tempname = $_FILES['item-image']['tmp_name'];
             $temp = explode(".", $filename);
             $extension = end($temp);
             if (!is_dir($targetPath)) {
                 mkdir($targetPath, 0700);
                 $salt = 'items-' . uniqid() . '-';
                 $targetFile = $targetPath . $salt . $filename;
                 $this->start_upload($targetFile, $tempname);
             } else {
                 $salt = 'items-' . uniqid() . '-';
                 $targetFile = $targetPath . $salt . $filename;
                 $this->start_upload($targetFile, $tempname);
             }
         } else {
             $targetFile = $item['image_file_name'];
         }
         $post = array("category_id" => $post['item-category'], "code" => $post['item-code'], "name" => $post['item-name'], "quantity" => $item['quantity'], "unit" => $post['item-unit'], "cost" => $post['item-cost'], "price" => $post['item-price'], "description" => $post['item-description'], "image_file_name" => $targetFile);
         $this->item_model->update($post, $id);
         log_helper::add("1", $this->user_log, $this->user_id, "Updated Item named " . $post['name']);
     }
 }
Ejemplo n.º 6
0
 public static function save()
 {
     if (!security::isLogged() || !USER_IS_ADMIN) {
         return;
     }
     $status = f::getParam("status");
     $clientId = f::getParam("client_id");
     $name = f::getParam("name");
     if ($status != 1 && $status != 0) {
         f::setError(400, "Invalid Client Status");
     }
     if (!$clientId && !$name) {
         f::setError(400, "Invalid Client Name");
     }
     $clientExists = f::dbRes("select 1 from fm_clients where id = {p:client_id}") == 1;
     if ($clientId && !$clientExists) {
         f::setError(400, "Invalid Client Id");
     }
     if (!f::hasErrors()) {
         if ($clientId) {
             f::dbQuery("update fm_clients set status = {p:status} where id = {p:client_id}");
         } else {
             f::dbQuery("insert into fm_clients set name = {p:name}, status = {p:status}");
         }
         f::setResponseJson(array("ok" => 1));
     }
 }
Ejemplo n.º 7
0
 public function __construct()
 {
     parent::__construct();
     $this->spam = antispam::getInstance();
     $this->security = security::getInstance();
     $this->filter = array('content' => array('filters' => array()), 'suscribe' => array('filters' => array(array('trueOrFalse'))));
     $this->validate = array('author' => array('required' => true, 'rules' => array(array('rule' => VALID_NOT_EMPTY, 'message' => 'Por favor introduce tu Nombre.'))), 'url' => array('rules' => array(array('rule' => VALID_URL, 'message' => 'No es una URL valida.'))), 'email' => array('required' => true, 'rules' => array(array('rule' => VALID_EMAIL, 'message' => 'El e-mail no es valido.'))), 'content' => array('required' => true, 'rules' => array(array('rule' => VALID_NOT_EMPTY, 'message' => 'Debes introducir un comentario.'), array('rule' => array('isSpam'), 'message' => 'No se aceptan comentarios en blanco o con spam.'))));
 }
Ejemplo n.º 8
0
 public function reset()
 {
     $token_handler = new security();
     $token_handler->check_token();
     $content = '';
     // resets users password
     // sends an email containing a link + token with 6h validity
     // from this link, access this same method, but with confirm=yes in url
     if (isset($_GET['confirm'])) {
         if ($_GET['confirm'] == 'yes') {
             // check token with database
             // will arrive here from user's mail - show form to enter new password and UPDATE it in the database
         }
     } else {
         // send email to user with link to reset, redirecting here
         // ?controller=users&action=reset&confirm=yes&token=ETC
         // 1st, check if user + email exist in database
         $connection = new database();
         $sql = "SELECT username, email FROM users WHERE username=?";
         $data[] = $_POST['username'];
         $user_results = $connection->fetchAll($sql, $data);
         if ($connection->row_count = 1) {
             // ok, found one user with this username
             // but, does he/she has an email?
             if ($_POST['email'] != '') {
                 if ($user_results[0]['email'] == $_POST['email']) {
                     // send email with proper link to reset password
                     $content .= "<p>Dear {$_POST['username']}, an email was sent to {$_POST['email']} with instructions on how to reset your password.";
                     $content .= "<p>It should arrive momentarily; if not, check your spam box or contact the administrator.";
                     // TODO: send email to reset password.
                     // Contains a link with a token that redirects to a special page - this only confirms that user has acces to the concerned email
                 } else {
                     $content .= "<p>Email not found or invalid. Please, try again.";
                     $content .= "<p>Contact the administrator if you think you do not have a registered email.";
                 }
             } else {
                 $content .= "<p>Email is obligatory. Please, try again.";
             }
         } else {
             $content .= "User not found. Please, try again!";
         }
     }
     $output['page'] = 'views/forgot.php';
     $output['content'] = $content;
     return $output;
 }
Ejemplo n.º 9
0
 public function save()
 {
     if (request::is_ajax() && request::method() === 'post') {
         $this->auto_render = FALSE;
         $post = security::xss_clean($this->input->post());
         log_helper::add("1", $this->user_log, $this->user_id, "Added New Purchase");
         $this->purchase_model->insert($post);
     }
 }
Ejemplo n.º 10
0
 function delete($colum = '')
 {
     if ($colum == '') {
         $colum = $this->key;
     }
     $this->db->delete_record($this->table, $colum, $_POST['cid'], $this->pathadm);
     $this->db->delete_record($this->table_image, $colum, $_POST['cid'], $this->path_otheradm);
     security::redirect($this->module, 'list_reports');
 }
Ejemplo n.º 11
0
 public function save()
 {
     if (request::is_ajax() && request::method() === 'post') {
         $this->auto_render = FALSE;
         $post = security::xss_clean($this->input->post());
         $latest = json_helper::convert($this->district_model->insert($post));
         echo json_encode($latest);
     }
 }
Ejemplo n.º 12
0
 public function __construct()
 {
     parent::__construct();
     security::logged_in();
     $this->id = null;
     $arr = array(0 => '') + acc_ctrl::_load_account();
     $this->acc_id = new sel($arr);
     $this->name = new text();
     $this->total = 0;
 }
Ejemplo n.º 13
0
 private function checkSessionVariables()
 {
     if (count($_SESSION) > 0) {
         foreach ($_SESSION as $nElement => $nValue) {
             if (is_array($nValue)) {
                 die("SESSION variable nElement can't be array");
             }
             $nValue = security::toHTML($nValue);
         }
     }
 }
Ejemplo n.º 14
0
 function delete()
 {
     $cat = new category_news();
     $news = new news();
     if ($this->db->check_delete($news->table, $this->key, $_POST['cid']) > 0) {
         $this->db->alert('You must delete news first.');
         security::redirect($news->module, 'list');
         return false;
     }
     $this->db->delete_record($this->table, $this->key, $_POST['cid']);
     $cat->delete($this->key);
 }
Ejemplo n.º 15
0
 function delete()
 {
     $cat = new category_pro();
     $pro = new product();
     if ($this->db->check_delete($pro->table, $this->key, $_POST['cid']) > 0) {
         $this->db->alert('Bạn phải xóa sản phẩm thuộc nhóm chủng loại cần xóa trước');
         security::redirect($pro->module, 'list');
         return false;
     }
     $this->db->delete_record($this->table, $this->key, $_POST['cid']);
     $cat->delete($this->key);
 }
Ejemplo n.º 16
0
 public static function get()
 {
     if (!security::isLogged()) {
         return;
     }
     $clients = f::dbFullRes("select distinct c.id, c.name \n\t\t\t\t\t\t\t\t from fm_clients c\n\t\t\t\t\t\t\t\t join fm_users_clients uc on (uc.client_id = c.id)\n\t\t\t\t\t\t\t\t where c.status = 1\n\t\t\t\t\t\t\t\t and uc.user_id = {userId}\n\t\t\t\t\t\t\t\t order by c.name ", array("userId" => USER_ID));
     $forms = f::dbFullRes("select c.id client_id, f.id, f.name, f.status\n\t\t\t\t\t\t\t\t from fm_forms f\n\t\t\t\t\t\t\t\t join fm_clients c on (c.id = f.client_id)\n\t\t\t\t\t\t\t\t join fm_users_clients uc on (uc.client_id = c.id)\n\t\t\t\t\t\t\t\t where c.status = 1\n\t\t\t\t\t\t\t\t and uc.user_id = {userId}\n\t\t\t\t\t\t\t\t order by c.id, f.status desc, f.id desc ", array("userId" => USER_ID));
     foreach ($forms as $k => $v) {
         $siteTableId = "fm_userdata_" . substr("00" . $forms[$k]["client_id"], -3);
         $forms[$k]["data_7_days"] = f::dbRes("select count(*) from {d:siteTableId} ud where ud.form_id = {formId} and date(created_date) >= (CURDATE() - INTERVAL 7 DAY)", array("siteTableId" => $siteTableId, "formId" => $forms[$k]["id"]));
         $forms[$k]["data_total"] = f::dbRes("select count(*) from {d:siteTableId} ud where ud.form_id = {formId}", array("siteTableId" => $siteTableId, "formId" => $forms[$k]["id"]));
     }
     f::setResponseJson(array("clients" => $clients, "forms" => $forms));
 }
Ejemplo n.º 17
0
 public function __construct()
 {
     parent::__construct();
     security::logged_in();
     $this->db = my_db::open();
     $this->message = '';
     $this->id = null;
     $this->name = new text();
     $this->date = new text();
     $this->entry = array();
     $this->total = 0;
     $this->account = array();
     $this->account = acc_ctrl::_load_account();
 }
Ejemplo n.º 18
0
 /**
  * 验证是否登录,如果已经登录,返回登录的uid 和 phone 否则返回false
  * @param  [type] $token [description]
  * @return [type]        [description]
  */
 public static function checkLogin($token)
 {
     $uid = security::decode(base64_decode($token));
     if (empty($uid)) {
         return false;
     }
     $db = DB::getInstance();
     $sql = "select a.uid, b.enable from t_login a , t_user b where a.uid={$uid} and a.token = '{$token}' and a.uid = b.uid limit 1";
     $rst = $db->get_one($sql);
     if (empty($rst)) {
         return false;
     }
     return $rst;
 }
Ejemplo n.º 19
0
 protected function renderAdminMenu(array $prm = null)
 {
     $links = array();
     if (security::getInstance()->isLogged()) {
         $db = db::getInstance();
         $tables = $db->getTables();
         foreach ($tables as $t) {
             if (!strpos($t, '_') && !strpos($t, db::getCfg('i18n'))) {
                 $links[$t] = request::uriDef(array('module' => $t, 'action' => '', 'param' => ''));
             }
         }
     }
     $this->setViewVar('linksTable', $links);
 }
Ejemplo n.º 20
0
 public function contact_info()
 {
     if (request::is_ajax() && request::method() == 'post') {
         $this->auto_render = FALSE;
         //$settings = json_decode($this->setting_model->find(1)->configs);
         //$this->template->settings = $settings;
         $post = security::xss_clean($this->input->post());
         $data = array("mobile" => $post["mobile"], "email" => $post["email"], "twitter" => $post["twitter"], "skype" => $post["skype"]);
         $json = json_encode($data, TRUE);
         $data_contact_info = array("contact_information" => $json);
         log_helper::add("2", $this->user_log, $this->user_id, "Profile Contact Information was Successfully Updated");
         $this->setting_model->update_user($this->auth->get_user()->id, $data_contact_info);
     }
 }
Ejemplo n.º 21
0
 public function save()
 {
     if (request::is_ajax() && request::method() === 'post') {
         $this->auto_render = FALSE;
         $post = security::xss_clean($this->input->post());
         $officeBudget = arr::remove('currentBudget', $post);
         if ($post['status'] == 'Approved') {
             $this->budget_model->updateBudget($post['office_id'], $officeBudget);
             echo $this->request_model->insert($post);
         }
         $this->request_model->insert($post);
         log_helper::add("1", $this->user_log, $this->user_id, "Added New Request");
     }
 }
Ejemplo n.º 22
0
 public static function sub_cat($sub)
 {
     global $db;
     MCached::connect();
     $key = 'sub::categories::' . $sub;
     $name = MCached::get($key);
     if ($name === MCached::NO_RESULT) {
         $c_q = @$db->query("SELECT name FROM categories WHERE id = '" . $sub . "'");
         $c_q = @$c_q->fetch_array(MYSQLI_BOTH);
         $name = security::html_safe(unesc($c_q["name"]));
         MCached::add($key, $name, self::ONE_DAY);
     }
     return $name;
 }
Ejemplo n.º 23
0
 public function login()
 {
     // 1st time (&submit is not set) or error=true - just show form and/or error message
     // 2nd time (&submit==yes) - check
     // if ok, redirect to home
     // if not, set $content to error message and just show form again
     if (!isset($_SESSION['log'])) {
         $_SESSION['log'] = new timestamp("login");
     }
     $content = "";
     $output['page'] = 'views/login/index.php';
     //$header = 'CSS AEC-Foyer Lataste ADTJK System V2.0';
     $token_handler = new security();
     $token_handler->set_token();
     $token = $token_handler->get_token();
     $login_form = "\n        <form action='?controller=login&action=submit' method='post'>\n          Username: <input type='text' name='username' placeholder='ex: john' autofocus>\n            <br>\n          Password: <input type='password' name='password'>\n          <br><br>\n          <input type='submit' value='login'>\n          <input type='hidden' value='{$token}' name='token'>\n        </form>\n\n        ";
     $current_year = date("Y");
     $footer = "CSS AEC-Foyer Lataste ADTJK Copyright {$current_year} All Rights Reserved - Webmaster: ivan.bragatto@gmail.com";
     // $output ['header']     = $header;
     $output['login_form'] = $login_form;
     $output['content'] = $content;
     $output['footer'] = $footer;
     return $output;
 }
Ejemplo n.º 24
0
 public function save_email()
 {
     if (request::is_ajax() && request::method() === 'post') {
         $this->auto_render = FALSE;
         $post = security::xss_clean($this->input->post());
         $senderId = $this->auth->get_user()->id;
         $receiver = $this->category_model->getOneUser($post['receiverId']);
         $decodeUserInfo = json_decode($receiver[0]->user_information, TRUE);
         $dataSent = array("email_data" => $post['content'], "subject" => $post['subject'], "receiver_id" => $post['receiverId'], "sender_id" => $senderId, "notif_viewed" => 0, "email_viewed" => 0, "email_deleted" => 0);
         //print_r($post);exit;
         //$this->auth->get_user()->id
         $latest = $this->email_model->insert($dataSent);
         log_helper::add("1", $this->user_log, $this->user_id, "Email Sent to " . $decodeUserInfo['fullname'] . ".");
         //  echo json_encode($latest);
     }
 }
Ejemplo n.º 25
0
 public function update($id)
 {
     if (request::is_ajax() && request::method() === 'post') {
         $this->auto_render = FALSE;
         $changes = "";
         $post = security::xss_clean($this->input->post('name'));
         $district = $this->district_model->find($id);
         $changes .= custom_helper::compare_variable("District Name", $district->name, $post);
         if ($changes != "") {
             $changes = substr($changes, 0, -2) . '.';
         }
         $district->name = $post;
         log_helper::add("1", $this->user_log, $this->user_id, "Updated a District. " . $changes);
         echo json_encode($this->district_model->getOne($district->save($id)));
     }
 }
Ejemplo n.º 26
0
 function delete($colum = '')
 {
     $cha = new channel_pro();
     $pro = new product();
     $module = $cha->module;
     if ($colum == '') {
         $colum = $this->key;
         if ($this->db->check_delete($pro->table, $colum, $_POST['cid']) > 0) {
             $this->db->alert('Bạn phải xóa sản phẩm thuộc nhóm chủng loại cần xóa trước');
             security::redirect($pro->module, 'list');
             return false;
         }
         $module = $this->module;
     }
     $this->db->delete_record($this->table, $colum, $_POST['cid']);
     security::redirect($module, 'list');
 }
Ejemplo n.º 27
0
 public static function serializer($get = array(), $security = false)
 {
     if (is_array($get)) {
         $d = "";
         foreach ($get as $key => $value) {
             if ($security) {
                 $key = security::render($key);
                 $value = security::render($value);
             }
             $d .= "{$key}={$value}&";
         }
         $d = rtrim($d, "&");
         return $d;
     } else {
         return false;
     }
 }
Ejemplo n.º 28
0
 function delete($colum = '')
 {
     $cha = new channel_news();
     $news = new news();
     $module = $cha->module;
     if ($colum == '') {
         $colum = $this->key;
         if ($this->db->check_delete($news->table, $colum, $_POST['cid']) > 0) {
             $this->db->alert('Bạn phải xóa tin tức thuộc chủ đề cần xóa trước');
             security::redirect($news->module, 'list');
             return false;
         }
         $module = $this->module;
     }
     $this->db->delete_record($this->table, $colum, $_POST['cid']);
     security::redirect($module, 'list');
 }
Ejemplo n.º 29
0
function format_shout($text)
{
    global $Smileys, $BASEURL;
    $s = $text;
    $s = strip_tags($s);
    $s = security::html_safe(unesc($s));
    $f = @fopen("badwords.txt", "r");
    if ($f && filesize("badwords.txt") != 0) {
        $bw = fread($f, filesize("badwords.txt"));
        $badwords = explode("\n", $bw);
        for ($i = 0; $i < count($badwords); ++$i) {
            $badwords[$i] = trim($badwords[$i]);
        }
        $s = str_replace($badwords, "*censored*", $s);
    }
    @fclose($f);
    // [b]Bold[/b]
    $s = preg_replace("/\\[b\\]((\\s|.)+?)\\[\\/b\\]/", "<b>\\1</b>", $s);
    // [i]Italic[/i]
    $s = preg_replace("/\\[i\\]((\\s|.)+?)\\[\\/i\\]/", "<i>\\1</i>", $s);
    // [u]Underline[/u]
    $s = preg_replace("/\\[u\\]((\\s|.)+?)\\[\\/u\\]/", "<u>\\1</u>", $s);
    // [u]Underline[/u]
    $s = preg_replace("/\\[u\\]((\\s|.)+?)\\[\\/u\\]/i", "<u>\\1</u>", $s);
    // [color=blue]Text[/color]
    $s = preg_replace("/\\[color=([a-zA-Z]+)\\]((\\s|.)+?)\\[\\/color\\]/i", "<font color=\\1>\\2</font>", $s);
    // [color=#ffcc99]Text[/color]
    $s = preg_replace("/\\[color=(#[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9])\\]((\\s|.)+?)\\[\\/color\\]/i", "<font color=\\1>\\2</font>", $s);
    // [url=http://www.example.com]Text[/url]
    $s = preg_replace("/\\[url=((http|ftp|https|ftps|irc):\\/\\/[^<>\\s]+?)\\]((\\s|.)+?)\\[\\/url\\]/i", "<a href=\\1 target=_blank>\\3</a>", $s);
    // [url]http://www.example.com[/url]
    $s = preg_replace("/\\[url\\]((http|ftp|https|ftps|irc):\\/\\/[^<>\\s]+?)\\[\\/url\\]/i", "<a href=\\1 target=_blank>\\1</a>", $s);
    // [size=4]Text[/size]
    $s = preg_replace("/\\[size=([1-7])\\]((\\s|.)+?)\\[\\/size\\]/i", "<font size=\\1>\\2</font>", $s);
    // [font=Arial]Text[/font]
    $s = preg_replace("/\\[font=([a-zA-Z ,]+)\\]((\\s|.)+?)\\[\\/font\\]/i", "<font face=\"\\1\">\\2</font>", $s);
    // Linebreaks
    $s = nl2br($s);
    // Maintain spacing
    $s = str_replace("  ", " &nbsp;", $s);
    reset($Smileys);
    while (list($code, $url) = each($Smileys)) {
        $s = str_replace($code, "<img border='0' src='" . $BASEURL . "/images/smilies/" . $url . "'>", $s);
    }
    return $s;
}
 public function save()
 {
     if (request::is_ajax() and request::method() === 'post') {
         $this->auto_render = FALSE;
         $office_id = Auth::instance()->get_user()->office_id;
         $post = security::xss_clean($this->input->post());
         $post['office_id'] = $office_id;
         $post['status'] = 'Received';
         $officeBudget = arr::remove('currentBudget', $post);
         if ($post['status'] == 'Approved') {
             $this->budget_model->updateBudget($post['office_id'], $officeBudget);
             echo $this->request_model->insert($post);
         }
         log_helper::add("1", $this->user_log, $this->user_id, "Requested a Budget");
         $this->request_model->insert($post);
     }
 }