<input name="_advancedActionSubmit" value=" go " class="button" type="submit" /> <br /> <?php } ?> </div> <div style="float:right"> <?php echo $buttonsRight; ?> </div> <div class="clear"></div> <?php applyFilters('listPage_footer', $tableName); ?> </div> <!-- End .content-box-content --> </div> </form> <script type="text/javascript" src="lib/menus/default/list_functions.js?<?php echo filemtime(SCRIPT_DIR . '/lib/menus/default/list_functions.js');
function getTableRow($record, $value, $formType) { global $isMyAccountMenu; $parentTable = $GLOBALS['menu']; // set field attributes $relatedTable = $this->relatedTable; $relatedWhere = getEvalOutput(@$this->relatedWhere); $seeMoreLink = @$this->relatedMoreLink ? "?menu={$relatedTable}&search=1&_ignoreSavedSearch=1&" . getEvalOutput($this->relatedMoreLink) : ''; // load list functions require_once "lib/menus/default/list_functions.php"; require_once "lib/viewer_functions.php"; // save and update globals list($originalMenu, $originalTableName, $originalSchema) = array($GLOBALS['menu'], $GLOBALS['tableName'], $GLOBALS['schema']); $GLOBALS['menu'] = $relatedTable; $GLOBALS['tableName'] = $relatedTable; $GLOBALS['schema'] = loadSchema($relatedTable); $GLOBALS['schema'] = array_merge($GLOBALS['schema'], getSchemaFields($GLOBALS['schema'])); // v2.16+, add pseudo-fields name and _tableName to all fieldSchemas. Doing this once here instead of every time in loadSchema() is less expensive // load list data list($listFields, $records, $metaData) = list_functions_init(array('isRelatedRecords' => true, 'tableName' => $relatedTable, 'where' => $relatedWhere, 'perPage' => @$this->relatedLimit)); ### show header $html = ''; $recordCount = count($records); $oneOrZero = $recordCount > 0 ? 1 : 0; $seeMoreHTML = $seeMoreLink ? "<br/><a href='{$seeMoreLink}'>" . htmlencode(t("see related records >>")) . "</a>" : ''; $showingText = sprintf(t('Showing %1$s - %2$s of %3$s related records'), $oneOrZero, $recordCount, $metaData['totalRecords']); ob_start(); ?> <tr><td colspan="2"> <div class="clear"></div> <div class="content-box"> <div class="content-box-header"> <div style="float:right; text-align: right; line-height: 110%"> <?php echo $showingText; ?> <?php echo $seeMoreHTML; ?> </div> <h3><?php echo $this->label; ?> <!-- --></h3> <div class="clear"></div> </div> <!-- End .content-box-header --> <div class="content-box-content"> <?php $html .= ob_get_clean(); ### show body // show list ob_start(); showListTable($listFields, $records, array('isRelatedRecords' => true, 'showView' => @$this->relatedView, 'showModify' => @$this->relatedModify, 'showErase' => @$this->relatedErase, 'showCreate' => @$this->relatedCreate)); $html .= ob_get_clean(); ### get footer $buttonsRight = ''; if (@$this->relatedCreate) { // show "create" button for related records $buttonsRight = relatedRecordsButton(t('Create'), "?menu={$relatedTable}&action=edit&{$parentTable}Num=###"); } $tableName = $relatedTable; $isRelatedTable = true; $buttonsRight = applyFilters('list_buttonsRight', $buttonsRight, $tableName, $isRelatedTable); $html .= <<<__FOOTER__ <div style='float:right; padding-top: 3px'> {$buttonsRight} </div> <div class='clear'></div> </div><!-- End .content-box-content --> </div><!-- End .content-box --> </td></tr> __FOOTER__; // reset globals list($GLOBALS['menu'], $GLOBALS['tableName'], $GLOBALS['schema']) = array($originalMenu, $originalTableName, $originalSchema); // return $html; }
function _getMenuList() { global $APP, $CURRENT_USER; $menus = array(); $selectedMenu = getFirstDefinedValue(@$APP['selectedMenu'], @$_REQUEST['menu'], 'home'); $menuOrder = 0; // get schema files foreach (getSchemaTables() as $tableName) { $schema = loadSchema($tableName); if (!@$schema['menuType']) { continue; } if (@$schema['menuHidden']) { continue; } $menuOrder = max($menuOrder, @$schema['menuOrder']); // add menu items $thisMenu = array(); $thisMenu['schema'] = $schema; $thisMenu['menuType'] = $schema['menuType']; $thisMenu['menuName'] = $schema['menuName']; $thisMenu['menuOrder'] = $schema['menuOrder']; $thisMenu['tableName'] = $tableName; $thisMenu['isSelected'] = $selectedMenu == $tableName; $thisMenu['_indent'] = @$schema['_indent']; $thisMenu['_disableView'] = @$schema['_disableView']; $thisMenu['link'] = "?menu={$tableName}"; $thisMenu['linkTarget'] = ''; $thisMenu['linkMessage'] = ''; if ($schema['menuType'] == 'link') { $isExternalLink = @$schema['_linkTarget'] != 'iframe'; $setTargetBlank = $isExternalLink && (@$schema['_targetBlank'] || @$schema['_linkTarget'] == 'new'); // _targetBlank is the old schema format if ($isExternalLink) { $thisMenu['link'] = $schema['_url']; } if ($setTargetBlank) { $thisMenu['linkTarget'] = 'target="_blank"'; } if ($isExternalLink) { $thisMenu['linkMessage'] = @$schema['_linkMessage']; } // don't show js alert() for iframe links (show them at top of iframe page) } array_push($menus, $thisMenu); } // add admin menus $showAdminAtTop = false; if ($showAdminAtTop) { $menuOrder = -100; } $menus = array_merge($menus, _getAdminMenus($menuOrder)); // sort menus by order value uasort($menus, '_sortMenusByOrder'); $menus = array_values($menus); // re-index elements to match sort order (for operation below) // allow plugins to customize the menu while it's still an easily managable array $menus = applyFilters('menulinks_array', $menus); // set isSelected for menuGroups $groupChildSelected = false; for ($index = count($menus) - 1; $index >= 0; $index--) { $menu =& $menus[$index]; if ($menu['menuType'] == 'menugroup') { if ($groupChildSelected) { $menu['isSelected'] = true; $groupChildSelected = false; } } else { if ($menu['isSelected']) { $groupChildSelected = true; } } unset($menu); } // return $menus; }
<?php foreach (getUploadInfoFields($_REQUEST['fieldName']) as $infoFieldname => $label) { ?> <tr> <td style="vertical-align: middle" valign="middle"><?php echo htmlencode($label); ?> </td> <td> <?php $fieldName = $_REQUEST['fieldName']; // eg: uploads, photos, etc $formFieldName = "{$uploadRecord['num']}_{$infoFieldname}"; // eg: 1234_info2 (upload record number, underscore, info field name) $fieldHTML = "<input class='text-input' type='text' name='{$formFieldName}' value='" . htmlencode($uploadRecord[$infoFieldname]) . "' size='55' maxlength='255' />"; $fieldHTML = applyFilters('uploadModify_infoFieldHTML', $fieldHTML, $tableName, $fieldName, $infoFieldname, $formFieldName, $uploadRecord); echo $fieldHTML; ?> </td> </tr> <?php } ?> </table> </td> </tr> <?php } ?>
function getNewPasswordErrors($passwordText, $passwordText2 = null, $username = '') { $errors = array(); $is2 = !is_null($passwordText2); // is there 2 passwords being checked? // require passwords to be filled out if ($passwordText == '') { $errors[] = t("Please enter password."); } elseif ($is2 && $passwordText2 == '') { $errors[] = t("Please enter password again."); } elseif ($is2 && $passwordText != $passwordText2) { $errors[] = t("Passwords do not match!"); } // don't let user user username as password if (!$errors) { if ($username && $username == $passwordText) { $errors[] = t("Your username and your password cannot be the same!"); } } // don't allow leading or trailing whitespace if (!$errors) { if (preg_match("/^\\s|\\s\$/s", $passwordText)) { $errors[] = t("Password cannot start or end with spaces!"); } } // don't allow using password hashes as passwords if (!$errors && $passwordText2) { // only check on forms that have two password fields (password, password again). We don't want to return this error on the CMS User Accounts Edit/Save screen which has the hash prefilled. if (isPasswordDigest($passwordText)) { $errors[] = t("Password cannot look like a password digest, try adding characters to beginning."); } } // check for common passwords if (!$errors) { $commonPasswordList = file_get_contents(dirname(__FILE__) . '/login_password_blacklist.txt'); $passwordMatchRegexp = '/' . preg_quote($passwordText, '/') . '/i'; $isCommonPassword = preg_match($passwordMatchRegexp, $commonPasswordList); if ($isCommonPassword) { $errors[] = t('Password found in list of "most common passwords", please choose a more secure password.'); } } // allow plugins to add additional password rules $errors = applyFilters('login_newPasswordErrors', $errors, $passwordText); // return error text, use nl2br(htmlencode($errors) to covert to html $errors = implode("\n", $errors); if ($errors) { $errors .= "\n"; } return $errors; }
function backupDatabase($filenameOrPath = '', $selectedTable = '') { global $TABLE_PREFIX; $prefixPlaceholder = '#TABLE_PREFIX#_'; set_time_limit(60 * 5); // v2.51 - allow up to 5 minutes to backup/restore database session_write_close(); // v2.51 - End the current session and store session data so locked session data doesn't prevent concurrent access to CMS by user while backup in progress // error checking if ($selectedTable != '') { $schemaTables = getSchemaTables(); if (preg_match("/[^\\w\\d\\-\\.]/", $selectedTable)) { die(__FUNCTION__ . " : \$selectedTable contains invalid chars! " . htmlencode($selectedTable)); } if (!in_array($selectedTable, $schemaTables)) { die("Unknown table selected '" . htmlencode($selectedTable) . "'!"); } } // open backup file $hostname = preg_replace('/[^\\w\\d\\-\\.]/', '', @$_SERVER['HTTP_HOST']); if (!$filenameOrPath) { $filenameOrPath = "{$hostname}-v{$GLOBALS['APP']['version']}-" . date('Ymd-His'); if ($selectedTable) { $filenameOrPath .= "-{$selectedTable}"; } $filenameOrPath .= ".sql.php"; } $outputFilepath = isAbsPath($filenameOrPath) ? $filenameOrPath : DATA_DIR . "/backups/{$filenameOrPath}"; // v2.60 if only filename provided, use /data/backup/ as the basedir $fp = @fopen($outputFilepath, 'x'); if (!$fp) { // file already exists - avoid race condition session_start(); return false; } // create no execute php header fwrite($fp, "-- <?php die('This is not a program file.'); exit; ?>\n\n"); # prevent file from being executed // get tablenames to backup if ($selectedTable) { $tablenames = array(getTableNameWithPrefix($selectedTable)); } else { $skippedTables = array('_cron_log', '_error_log', '_outgoing_mail', '_nlb_log'); // don't backup these table names $skippedTables = applyFilters('backupDatabase_skippedTables', $skippedTables); // let users skip tables via plugins $skippedTables = array_map('getTableNameWithPrefix', $skippedTables); // add table_prefix to all table names (if needed) $allTables = getMysqlTablesWithPrefix(); $tablenames = array_diff($allTables, $skippedTables); // remove skipped tables from list } // backup database foreach ($tablenames as $unescapedTablename) { $escapedTablename = mysql_escape($unescapedTablename); $tablenameWithFakePrefix = $prefixPlaceholder . getTableNameWithoutPrefix($escapedTablename); // create table fwrite($fp, "\n--\n"); fwrite($fp, "-- Table structure for table `{$tablenameWithFakePrefix}`\n"); fwrite($fp, "--\n\n"); fwrite($fp, "DROP TABLE IF EXISTS `{$tablenameWithFakePrefix}`;\n\n"); $result = mysql_query("SHOW CREATE TABLE `{$escapedTablename}`"); list(, $createStatement) = mysql_fetch_row($result) or die("MySQL Error: " . htmlencode(mysql_error())); $createStatement = str_replace("TABLE `{$TABLE_PREFIX}", "TABLE `{$prefixPlaceholder}", $createStatement); fwrite($fp, "{$createStatement};\n\n"); if (is_resource($result)) { mysql_free_result($result); } // create rows fwrite($fp, "\n--\n"); fwrite($fp, "-- Dumping data for table `{$tablenameWithFakePrefix}`\n"); fwrite($fp, "--\n\n"); $result = mysql_query("SELECT * FROM `{$escapedTablename}`") or die("MySQL Error: " . htmlencode(mysql_error())); while ($row = mysql_fetch_row($result)) { $values = ''; foreach ($row as $value) { if (is_null($value)) { $values .= 'NULL,'; } else { $values .= '"' . mysql_real_escape_string($value) . '",'; } } $values = chop($values, ','); // remove trailing comma fwrite($fp, "INSERT INTO `{$tablenameWithFakePrefix}` VALUES({$values});\n"); } if (is_resource($result)) { mysql_free_result($result); } } // fwrite($fp, "\n"); $result = fwrite($fp, "-- Dump completed on " . date('Y-m-d H:i:s O') . "\n\n"); if ($result === false) { die(__FUNCTION__ . ": Error writing backup file! {$php_errormsg}"); } fclose($fp) || die(__FUNCTION__ . ": Error closing backup file! {$php_errormsg}"); // @session_start(); // hide error: E_WARNING: session_start(): Cannot send session cache limiter - headers already sent return $outputFilepath; }
function serve($width, $height, $person) { $app = \Slim\Slim::getInstance(); $response = $app->response(); $response['Content-Type'] = 'image/jpeg'; $img = new abeautifulsite\SimpleImage(getBestImage($width, $height, $person)); if ($img->get_width() / $img->get_height() >= $width / $height) { $img->fit_to_height($height); $centre = round($img->get_width() / 2); $x1 = $centre - $width / 2; $x2 = $centre + $width / 2; $img->crop($x1, 0, $x2, $height); } else { $img->fit_to_width($width); $centre = round($img->get_height() / 2); $y1 = $centre - $height / 2; $y2 = $centre + $height / 2; $img->crop(0, $y1, $width, $y2); } $img = applyFilters($img); $img->output(); }
<input type="hidden" name="dragSortOrder" value="<?php echo (int) @$_REQUEST['dragSortOrder']; ?> " /> <?php echo security_getHiddenCsrfTokenField(); disableAutocomplete('form-headers'); ?> <div class="content-box"> <div class="content-box-header"> <div style="float:right"> <?php $buttonsRight = ''; $buttonsRight .= "<input class='button' type='button' name='cancel' value='" . t('Cancel') . "' onclick=\"viewCancel();\" />\n"; $buttonsRight = applyFilters('view_buttonsRight', $buttonsRight, $tableName, $GLOBALS['RECORD']); echo $buttonsRight; ?> </div> <h3><a href="?menu=<?php echo $menu; ?> " ><?php echo $schema['menuName']; ?> </a></h3> <div class="clear"></div> </div> <!-- End .content-box-header -->
function _displayRecordAccessErrors($action) { global $CURRENT_USER, $hasEditorAccess, $hasAuthorAccess, $hasAuthorViewerAccess, $schema, $tableName, $escapedTableName, $isSingleMenu; // $isAuthor = !$CURRENT_USER['isAdmin'] && !$hasEditorAccess && $hasAuthorAccess; $recordNums = array_unique(array_merge((array) @$_REQUEST['selectedRecords'], (array) @$_REQUEST['num'])); $recordNumsAsCSV = join(',', array_map('intval', $recordNums)); // escape nums by converting them to integers $invalidNums = array(); // don't allow authors to edit records they don't own $allowAuthorViewerAccess = $hasAuthorViewerAccess && in_array($action, array('view', 'uploadList')); if ($isAuthor && $recordNums && !$isSingleMenu && !$allowAuthorViewerAccess) { $accessWhere = "`createdByUserNum` = '{$CURRENT_USER['num']}'"; $accessWhere = applyFilters('record_access_where', $accessWhere, $tableName); // this is also called in list_functions_init() $query = "SELECT num FROM `{$escapedTableName}` WHERE num IN ({$recordNumsAsCSV}) AND !({$accessWhere})"; $records = mysql_select_query($query, true); // these are records not owned by the user (who has author access) foreach ($records as $record) { $invalidNums[] = $record[0]; } } // User Accounts: don't allow non-admin's to edit 'isAdmin' accounts if ($tableName == 'accounts' && !$CURRENT_USER['isAdmin'] && $recordNums) { $query = "SELECT num FROM `{$escapedTableName}` WHERE num IN ({$recordNumsAsCSV}) AND isAdmin = '1'"; $records = mysql_select_query($query, true); // these are records not owned by the user (who has author access) foreach ($records as $record) { $invalidNums[] = $record[0]; } } // show errors if ($invalidNums) { $invalidNumsAsCSV = join(',', $invalidNums); $error = sprintf(t("You don't have permission to access these records: %s"), $invalidNumsAsCSV); showInterfaceError($error); } }
</table> </td></tr></table> <br/> <div style="float:left"> <?php $advancedCommands = array(); if ($CURRENT_USER['isAdmin']) { $advancedCommands['Admin: Edit Section'] = '?menu=database&action=editTable&tableName=' . urlencode($tableName); } if ($CURRENT_USER['isAdmin']) { $advancedCommands['Admin: Code Generator'] = '?menu=_codeGenerator&tableName=' . urlencode($tableName); } $advancedCommands = applyFilters('edit_advancedCommands', $advancedCommands); if ($advancedCommands) { $labels = array_map('t', array_keys($advancedCommands)); // translate labels ?> <select name="_advancedAction" id="advancedAction"> <option value=''><?php et('Advanced Commands...'); ?> </option> <option value=''> </option> <?php echo getSelectOptions(null, array_values($advancedCommands), $labels); ?> </select> <input class="button" type="submit" name="_advancedActionSubmit" value=" go " onclick="$('form').ajaxFormUnbind();" />
function userHasFieldAccess($fieldSchema) { // args changed as of 2.16, used to be ($tableName, $accessRule) { global $CURRENT_USER; if (!array_key_exists('_tableName', $fieldSchema)) { dieAsCaller("Fieldschema missing '_tableName' value!"); } if (!array_key_exists('name', $fieldSchema)) { dieAsCaller("Fieldschema missing 'name' value!"); } // check if user has access to this field $hasAccess = false; $accessRule = @$fieldSchema['adminOnly']; // this schema key is a legacy fieldname that will be renamed in future $hasEditorAccess = userSectionAccess($fieldSchema['_tableName']) >= 9; if ($CURRENT_USER['isAdmin']) { $hasAccess = true; } elseif (!$accessRule) { $hasAccess = true; } elseif ($accessRule == 1 && $hasEditorAccess) { $hasAccess = true; } elseif ($accessRule == 2 && $CURRENT_USER['isAdmin']) { $hasAccess = true; } // requires admin access (ignored since admins can access all fields) $hasAccess = applyFilters('userHasFieldAccess', $hasAccess, $fieldSchema); return $hasAccess; }
function showUploadPreview($uploadRecord, $maxWidth = 50, $maxHeight = null) { if ($maxWidth && !$maxHeight) { $maxHeight = $maxWidth * 2; } // legacy 2-argument support // find the biggest image or thumb with the least scaling list($bestSrc, $bestWidth, $bestHeight, $bestSize, $bestScaledBy) = array('', 0, 0, 0, 0); $isImage = preg_match("/\\.(gif|jpg|jpeg|png)\$/i", $uploadRecord['urlPath']); if ($isImage) { foreach (range(0, 4) as $thumbNum) { if ($thumbNum === 0) { list($widthField, $heightField, $urlField) = array('width', 'height', 'urlPath'); } elseif ($thumbNum === 1) { list($widthField, $heightField, $urlField) = array('thumbWidth', 'thumbHeight', 'thumbUrlPath'); } else { list($widthField, $heightField, $urlField) = array("thumbWidth{$thumbNum}", "thumbHeight{$thumbNum}", "thumbUrlPath{$thumbNum}"); } // skip images with no height or width if (!@$uploadRecord[$widthField] && !@$uploadRecord[$heightField]) { continue; } // calculate dimensions of scaling this image or thumbnail (do not allow scaling-up) list($resizeWidth, $resizeHeight, $resizeScale) = image_resizeCalc($uploadRecord[$widthField], $uploadRecord[$heightField], $maxWidth, $maxHeight); // when calculating sizes, longest run (width or height) is more appropriate than width * height, since rounding errors can cause the minor // axis to deviate by 1 pixel (e.g. a 10x150 image, thumbnailed to 100x100 and 64x64, will resize to 50x50 as 50x4 and 50x3 respectively; the // 64x64 thumb should be chosen, even though its minor axis is one pixel smaller than the 100x100 thumb) $resizeSize = max($resizeWidth, $resizeHeight); // if this resized image/thumb is the biggest, or if it's the same size but requires less scaling (meaning that the original thumb is smaller) // Note: Multiple thumbs that are larger than maxHeight/maxWidth will have similar resized height/width but different resizing scales, // ... we want to select the image that needs to be scaled down the least, since we're not scaling the image itself but the height/width in // ... the image tag. We want to load the image that is closest in size to reduce bandwidth required. if ($resizeSize > $bestSize || $resizeSize === $bestSize && $resizeScale > $bestScaledBy) { $bestSrc = $uploadRecord[$urlField]; // keep track of best match list($bestWidth, $bestHeight, $bestSize, $bestScaledBy) = array($resizeWidth, $resizeHeight, $resizeSize, $resizeScale); } } } // output preview html $aLink = urlencodeSpaces($uploadRecord['urlPath']); $title = htmlencode($uploadRecord['filename']); $bestSrc = htmlencode($bestSrc); $html = ''; $html .= "<a href='{$aLink}' title='{$title}' target='_BLANK'>"; if ($isImage && $bestSrc) { $html .= "<img src='{$bestSrc}' border='0' width='{$bestWidth}' height='{$bestHeight}' alt='{$title}' title='{$title}' />"; } else { $html .= t('download'); } $html .= "</a>\n"; // $html = applyFilters('showUploadPreview_html', $html, $uploadRecord); print $html; }
function _showUpload($fieldSchema, $record) { global $preSaveTempId, $SETTINGS, $menu; $prefixText = @$fieldSchema['fieldPrefix']; $description = @$fieldSchema['description']; if ($prefixText) { $prefixText .= "<br/>"; } // create uploadList url $uploadList = "?" . "menu=" . urlencode($menu) . "&action=uploadList" . "&fieldName=" . urlencode($fieldSchema['name']) . "&num=" . urlencode(@$_REQUEST['num']) . "&preSaveTempId=" . urlencode($preSaveTempId); // create uploadLink url $uploadLink = "?menu=" . urlencode($menu) . "&action=uploadForm" . "&fieldName=" . urlencode($fieldSchema['name']) . "&num=" . urlencode(@$_REQUEST['num']) . "&preSaveTempId=" . urlencode($preSaveTempId) . "&TB_iframe=true&height=350&width=700&modal=true"; // error checking $errors = ''; list($uploadDir, $uploadUrl) = getUploadDirAndUrl($fieldSchema); if (!file_exists($uploadDir)) { mkdir_recursive($uploadDir, 0755); } // create upload dir (if not possible, dir not exists error will show below) if (!file_exists($uploadDir)) { $errors .= "Upload directory '" . htmlencode($uploadDir) . "' doesn't exist!.<br/>\n"; } elseif (!is_writable($uploadDir)) { $errors .= "Upload directory '" . htmlencode($uploadDir) . "' isn't writable!.<br/>\n"; } // display errors if ($errors) { print <<<__HTML__ <tr> <td valign="top"><br/>{$fieldSchema['label']}<br/></td> <td><div id='alert'><span>{$errors}</span></div></td> </tr> __HTML__; return; } // display field ?> <tr> <td style="vertical-align: top"><?php echo $fieldSchema['label']; ?> </td> <td> <?php echo $prefixText; ?> <iframe id="<?php echo $fieldSchema['name']; ?> _iframe" src="<?php echo $uploadList; ?> " height="100" width="100%" frameborder="0" class="uploadIframe"></iframe><br/> <?php $displayDefaultLink = applyFilters('edit_show_upload_link', true, $fieldSchema, $record); ?> <?php if ($displayDefaultLink) { ?> <div style="position: relative; height: 24px;"> <div style="position: absolute; top: 6px; width: 100%; text-align: center;"> <?php if (inDemoMode()) { ?> <a href="javascript:alert('<?php echo jsEncode(t('This feature is disabled in demo mode.')); ?> ')"><b><?php echo t('Add or Upload File(s)'); ?> </b></a> <?php } else { ?> <a href="<?php echo $uploadLink; ?> " class="thickbox"><b><?php echo t('Add or Upload File(s)'); ?> </b></a> <?php } ?> </div> <div style="position: absolute; z-index: 1; width: 100%; text-align: center;"> <div id="<?php echo $fieldSchema['name']; ?> _uploadButton"></div> </div> </div> <?php $useFlashUploader = !@$SETTINGS['advanced']['disableFlashUploader']; ?> <?php if ($useFlashUploader && !inDemoMode()) { ?> <?php $fileExtCSV = implode(',', preg_split("/\\s*\\,\\s*/", strtolower($fieldSchema['allowedExtensions']))); ?> <div id="<?php echo $fieldSchema['name']; ?> _uploadTips" style="display: none; text-align: center; font-size: xx-small; margin-top: 2px;"> <?php $isMac = preg_match('/macintosh|mac os x/i', @$_SERVER['HTTP_USER_AGENT']); $key = $isMac ? '<Command>' : '<Ctrl>'; if (@$fieldSchema['maxUploads'] != 1) { echo htmlencode(t("Tip: hold {$key} to select multiple files")); } ?> <br/> <?php echo $description; ?> </div> <div class="uploadifyQueue" id="<?php echo $fieldSchema['name']; ?> _uploadQueue"></div> <script type="text/javascript">// <![CDATA[ $(document).ready(function() { $('#<?php echo $fieldSchema['name']; ?> _uploadButton').uploadify(generateUploadifyOptions({ 'script' : <?php echo json_encode(basename(@$_SERVER['SCRIPT_NAME'])); ?> , 'modifyAfterSave' : <?php echo count(getUploadInfoFields($fieldSchema['name'])); ?> , 'menu' : <?php echo json_encode($menu); ?> , 'fieldName' : <?php echo json_encode($fieldSchema['name']); ?> , 'num' : <?php echo json_encode(@$_REQUEST['num'] ? $_REQUEST['num'] : ''); ?> , 'preSaveTempId' : <?php echo json_encode($preSaveTempId); ?> , 'buttonText' : <?php echo json_encode(t('Upload File(s)')); ?> , 'fileExtCSV' : <?php echo json_encode($fileExtCSV); ?> , 'maxUploadSizeKB' : <?php echo json_encode($fieldSchema['checkMaxUploadSize'] ? $fieldSchema['maxUploadSizeKB'] : 0); ?> , 'loginDataEncoded' : <?php echo json_encode(@$_COOKIE[loginCookie_name(true)]); ?> , 'queueID' : <?php echo json_encode($fieldSchema['name'] . "_uploadQueue"); ?> })); }); // ]]></script> <?php } ?> <?php } ?> </td> </tr> <?php }
<p> <input class="button" type="submit" name="login" value="<?php et('Login'); ?> " tabindex="4" /> </p> <p> <a href="?menu=forgotPassword"><?php et('Forgot your password?'); ?> </a> </p> <?php $content = ob_get_clean(); // get cached output $content = applyFilters('login_content', $content); echo $content; ?> <div class="clear"></div> </div> <!-- End .tab-content --> </div> <!-- End .content-box-content --> </div> <!-- End .content-box --> </form> <?php showFooter();
function showFooter() { global $APP, $SETTINGS, $CURRENT_USER, $TABLE_PREFIX; if (applyFilters('ui_footer', TRUE)) { // include "lib/menus/footer.php"; } // display license and build info # NOTE: Disabling or modifying licensing or registration code violates your license agreement and is willful copyright infringement. # NOTE: Copyright infringement can be very expensive: http://en.wikipedia.org/wiki/Statutory_damages_for_copyright_infringement # NOTE: Please do not steal our software. showBuildInfo(); }
<div id="footer"> <small> <?php if ($SETTINGS['footerHTML']) { echo getEvalOutput($SETTINGS['footerHTML']) . '<br/>'; } $executeSecondsString = sprintf(t("%s seconds"), showExecuteSeconds(true)); echo applyFilters('execute_seconds', $executeSecondsString); ?> <?php doAction('admin_footer'); ?> <!-- --> </small> </div> </div> <!-- End #main-content --> </div> <!-- End #body-wrapper --> <div class="clear"></div> </body> </html>
<h2> <?php $title = sprintf(t('Welcome to %s'), htmlencode($SETTINGS['programName'])); $title = applyFilters('home_title', $title); echo $title; ?> </h2> <div class="content-box"> <div class="content-box-content"> <?php $content = "<p>" . t('Please select an option from the menu.') . "</p>"; if ($CURRENT_USER['isAdmin']) { $content .= "<p>" . t('<b>Administrators:</b> Use the <a href="?menu=database">Section Editors</a> to add sections and generate PHP viewers.') . "</p>"; } $content = applyFilters('home_content', $content); echo $content; ?> </div> </div>
function getFilenameFieldValue($record, $filenameFields) { global $VIEWER_NAME; $filenameValue = ''; // convert string to array if (!is_array($filenameFields)) { $filenameFields = preg_split("/\\s*,\\s*/", $filenameFields); } // error checking foreach ($filenameFields as $fieldname) { if ($fieldname == '') { continue; } if (!array_key_exists($fieldname, $record)) { die("{$VIEWER_NAME}: Unknown field '" . htmlencode($fieldname) . "' in filenameFields or titleField options!"); } } // get first defined field value $fieldValue = ''; foreach ($filenameFields as $fieldname) { if (@$record[$fieldname] == '') { continue; } $fieldValue = @$record[$fieldname]; $filenameValue = $fieldValue; break; } $filenameValue = preg_replace('/[^a-z0-9\\.\\-\\_]+/i', '-', $filenameValue); $filenameValue = preg_replace("/(^-+|-+\$)/", '', $filenameValue); # remove leading and trailing underscores if ($filenameValue) { $filenameValue .= "-"; } // $filenameValue = applyFilters('viewer_link_field_content', $filenameValue, $fieldValue, $record); // return $filenameValue; }
function sendMessage($options = array()) { // allow hooks to override $eventState = array('cancelEvent' => false, 'returnValue' => null); $eventState = applyFilters('sendMessage', $eventState, $options); if ($eventState['cancelEvent']) { return $eventState['returnValue']; } // don't send if 'disabled' option set if (@$options['disabled']) { return; } ### v2.52 Notes: PHP's mail() function is very broken, on windows it talks directly to a SMTP server, or linux it talks to sendmail/qmail/postfix, etc. ### ... The PHP docs and RFCs say to use CRLF as an EOL in messages, but QMail and other Mail Transfer Agents (MTA) assume input is using the ### ... OS's default EOL char and converts LF to CRLF so it's standard compliant, which also causes CRLF to be translated to CRCRLF. So there's ### ... no OS-independent way to make it work. For these reasons, we bypass PHP mail() altogether and use the Swift Mailer library. // error checking $errors = ''; $hasText = array_key_exists('text', $options); $hasHTML = array_key_exists('html', $options); $hasAttachments = array_key_exists('attachments', $options); if (!isValidEmail(@$options['to'], true)) { $errors .= "'to' isn't a valid email '" . htmlencode($options['to']) . "'!<br/>\n"; } if (!isValidEmail(@$options['from'])) { $errors .= "'from' isn't a valid email '" . htmlencode($options['from']) . "'!<br/>\n"; } if (!array_key_exists('subject', $options)) { $errors .= "'subject' must be defined!<br/>\n"; } if (!$hasText && !$hasHTML) { $errors .= "Either 'text' or 'html' or both must be defined!<br/>\n"; } if ($errors) { return $errors; } // optionally log message and/or skip sending (log only - if enabled) $mode = $GLOBALS['SETTINGS']['advanced']['outgoingMail']; if ($mode != 'sendOnly' && @$options['logging'] !== false) { $colsToValues = array_slice_keys($options, array('from', 'to', 'subject', 'text', 'html')); $colsToValues['createdDate='] = 'NOW()'; $colsToValues['sent='] = $mode == 'logOnly' ? '""' : 'NOW()'; $colsToValues['headers'] = ''; if (@$options['headers']) { // v2.52 log message headers (previously died with "logging message headers not supported" foreach ($options['headers'] as $name => $value) { $colsToValues['headers'] .= "{$name}: {$value}\n"; } } $colsToValues['reply-to'] = @$options['headers']['Reply-To']; $colsToValues['cc'] = @$options['headers']['CC']; $colsToValues['bcc'] = @$options['headers']['BCC']; mysql_insert('_outgoing_mail', $colsToValues, true); } if ($mode == 'logOnly') { return; } // don't send if "log only" set // debug // showme($options); // send message with swift mailer $errors = _sendMessage_swiftMailer($options); return $errors; }
function displayListColumns($listFields, $record, $options = array()) { global $CURRENT_USER, $tableName, $schema; $showView = @$options['isRelatedRecords'] ? @$options['showView'] : !@$schema['_disableView']; $showModify = @$options['isRelatedRecords'] ? @$options['showModify'] : !@$schema['_disableModify']; $showErase = @$options['isRelatedRecords'] ? @$options['showErase'] : !@$schema['_disableErase']; $hasAuthorViewerAccessOnly = userSectionAccess($tableName) == 7; $hasViewerAccessOnly = userSectionAccess($tableName) == 3; // remove modify/erase for users with view only access -OR- with Author/Viewer access who don't own the record if ($hasViewerAccessOnly) { $showModify = false; $showErase = false; } if ($hasAuthorViewerAccessOnly) { $showModify = $showModify && ($record['createdByUserNum'] && $record['createdByUserNum'] == $CURRENT_USER['num']); $showErase = $showErase && ($record['createdByUserNum'] && $record['createdByUserNum'] == $CURRENT_USER['num']); } // checkboxes - for "Advanced Commands" pulldown if (!@$options['isRelatedRecords']) { print "<td>"; if (@$schema['num']) { print "<input type='checkbox' name='selectedRecords[]' value='{$record['num']}' class='selectRecordCheckbox' />"; } print "</td>\n"; } // category sections - add up/down sorting links and drag field if (@$schema['menuType'] == 'category' && !@$options['isRelatedRecords']) { // $tableNameJsEncoded = jsencode($tableName); $upClick = "return redirectWithPost('?', {menu:'{$tableNameJsEncoded}', _action:'categoryMove', 'direction':'up', 'num':'{$record['num']}', '_CSRFToken': \$('[name=_CSRFToken]').val()});"; $dnClick = "return redirectWithPost('?', {menu:'{$tableNameJsEncoded}', _action:'categoryMove', 'direction':'down', 'num':'{$record['num']}', '_CSRFToken': \$('[name=_CSRFToken]').val()});"; // print "<td class='dragger'>"; print "<img src='lib/images/drag.gif' height='6' width='19' title='" . t('Click and drag to change order.') . "' alt='' />"; print "<a href='#' onclick=\"{$upClick}\"><!-- " . t('UP') . ' --></a>'; print "<a href='#' onclick=\"{$dnClick}\"><!-- " . t('DN') . ' --></a>'; print "</td>"; } // display all other fields foreach ($listFields as $fieldnameWithSuffix) { @(list($fieldname, $suffix) = explode(":", $fieldnameWithSuffix)); // to support fieldname:label if ($fieldnameWithSuffix == 'dragSortOrder') { if (@$options['isRelatedRecords'] && !@$GLOBALS['SETTINGS']['advanced']['allowRelatedRecordsDragSorting']) { continue; } if ($hasViewerAccessOnly) { continue; } if (!userHasFieldAccess($schema[$fieldname])) { continue; } // skip fields that the user has no access to } list($displayValue, $tdAttributes) = _getColumnDisplayValueAndAttributes($fieldname, $record); $displayValue = applyFilters('listRow_displayValue', $displayValue, $tableName, $fieldname, $record); $tdAttributes = applyFilters('listRow_tdAttributes', $tdAttributes, $tableName, $fieldname, $record); print "<td {$tdAttributes}>{$displayValue}</td>\n"; } ### display actions $actionLinks = ''; // view if ($showView) { $viewLink = '?menu=' . htmlencode($tableName) . "&action=view&num=" . @$record['num']; if (@$options['isRelatedRecords']) { $viewLink .= "&returnUrl=" . urlencode('?' . $_SERVER['QUERY_STRING']); } $actionLinks .= "<a href='{$viewLink}'>" . t('view') . "</a>\n"; } // modify if ($showModify) { $modifyLink = '?menu=' . htmlencode($tableName) . "&action=edit&num=" . @$record['num']; if (@$options['isRelatedRecords']) { $modifyLink .= "&returnUrl=" . urlencode('?' . $_SERVER['QUERY_STRING']); } $actionLinks .= "<a href='{$modifyLink}'>" . t('modify') . "</a>\n"; } // erase if ($showErase) { $returnArg = @$options['isRelatedRecords'] ? ',' . htmlencode(json_encode('?' . urlencode($_SERVER['QUERY_STRING']))) : ''; $disableErase = $tableName == 'accounts' && $CURRENT_USER['num'] == $record['num']; $eraseLink = "javascript:confirmEraseRecord('" . htmlencode($tableName) . "','" . @$record['num'] . "'{$returnArg});"; if ($disableErase) { $actionLinks .= "<span class='disabled'>" . t('erase') . "</span>\n"; } else { $actionLinks .= "<a href=\"{$eraseLink}\">" . t('erase') . "</a>\n"; } } // $actionLinks = applyFilters('listRow_actionLinks', $actionLinks, $tableName, $record); // show erase link print "<td class='listActions'>{$actionLinks}</td>"; }
if ($CURRENT_USER) { $headerLinks .= " | <a href='?action=logoff'>" . sprintf(t("Logoff (%s)"), htmlencode($CURRENT_USER['username'])) . "</a>"; } // Help | License | View Website >> if ($headerLinks) { $headerLinks .= "<br/>\n"; } if ($SETTINGS['helpUrl']) { $headerLinks .= "<a href='" . getEvalOutput($SETTINGS['helpUrl']) . "' target='_blank'>" . t('Help') . "</a> | "; } $headerLinks .= "<a href='?menu=license'>" . t('License') . "</a> | "; if ($SETTINGS['websiteUrl']) { $headerLinks .= "<a href='" . getEvalOutput($SETTINGS['websiteUrl']) . "' target='_blank' class='mLink'>" . t('View Website >>') . "</a><br/>"; } // echo applyFilters('header_links', $headerLinks); ?> </div> <?php if ($CURRENT_USER) { ?> <ul id="main-nav"> <?php echo $menuLinks; ?> </ul> <?php } ?>