/**
* Check string and return "none" if empty
*
* @param type $string
*/
function emptyString($string)
{
if (strlen(cleanString($string)) == 0) {
return '<span class="empty">none</span>';
}
return $string;
}
function getGlobals_help($getPage_connection2)
{
// session: admin
if (isset($_SESSION["admin"])) {
$_SESSION["admin"] = cleanString($_SESSION["admin"], true);
} else {
$_SESSION["admin"] = 0;
}
// else
// session: nation_id
if (isset($_SESSION["nation_id"])) {
$_SESSION["nation_id"] = cleanString($_SESSION["nation_id"], true);
} else {
$_SESSION["nation_id"] = 0;
}
// else
// session: user_id
if (isset($_SESSION["user_id"])) {
$_SESSION["user_id"] = cleanString($_SESSION["user_id"], true);
} else {
$_SESSION["user_id"] = 0;
}
// else
// get info
//$_SESSION["userInfo"] = getUserInfo($getPage_connection2,$_SESSION["user_id"]);
//$_SESSION["nationInfo"] = getNationInfo($getPage_connection2,$_SESSION["nation_id"]);
}
/**
* Make a search from the Google Image API,
* Browse the results,
* Exclude "not found", "forbidden", "unavailable" status,
* Return the path of the found image.
* If not found, return an empty string.
* If $thumb = true return the thumbnail image width, ortherwise return the full image width.
* @param string $search
* @param bool $thumb
*/
function getGoogleImg($search, $thumb = false)
{
// Clean search string to remove special chars, and replace spaces with +
$clean_str = cleanString($search, array(), '+');
// If $thumb = true, look for the thumbnail url, otherwise look for the full image url
$target = $thumb ? 'tbUrl' : 'url';
// Construct the Google Image API query
$query = 'https://ajax.googleapis.com/ajax/services/search/images?v=1.0&q=' . urlencode($clean_str);
// Get the result from query, returns a JSON object
$json = file_get_contents($query);
// Converts the JSON object in PHP array
$results = json_decode($json, true);
// If there are results from the query
if (!empty($results["responseData"]["results"])) {
// Browse each result from response and set it in $result
foreach ($results["responseData"]["results"] as $result) {
// Retrieve the HTTP headers
$file_headers = @get_headers($result[$target]);
// If HTTP headers don't contain status 403 (forbidden), 404 (not found) or 503 (unavailable)
if (strpos($file_headers[0], '403') === false && strpos($file_headers[0], '404') === false && strpos($file_headers[0], '503') === false) {
// Return the absolute image path (http://...) from result with $target as key
return $result[$target];
}
}
}
// No image found, return an empty string
return '';
}
function findValue($delimeter, $attrib, $xml)
{
$val = "";
$xml = split("\n", $xml);
foreach ($xml as $line) {
if (strpos($line, $delimeter) !== FALSE) {
$val = $line;
break;
}
}
if ($val) {
$val = split('"', $val);
$tmp = split(' ', $val[0]);
$val[0] = trim(str_replace("<" . $delimeter, "", $val[0]));
$flag = 0;
foreach ($val as $x) {
if ($flag) {
return $x;
}
if (cleanString($x) == $attrib) {
$flag = 1;
}
}
}
return FALSE;
}
function cleanOutputForEmployee($employee)
{
$a = cleanString(8, $employee['Units']);
$b = cleanString(45, $employee['Full Name']);
$c = " {$employee['Employee Number']}";
return "{$a}|{$b}|{$c}";
}
/**
* checkStandard
* \brief check the passed in list against the passed in standard.
*
* The two lists are expected to be arrays with the following format:
*
* List to be check: associative array with keys: count, showLink,
* testOrLink.
*
* Standard list: associative array, where the key is the count and the
* value is the text to compare.
*
* @param associative array $list
* @param associative array $standard
*
* @return empty array on success, array of errors on fail.
*
*/
function checkStandard($list, $standard, $testName)
{
if (empty($list)) {
return array('ERROR! empty list passed in');
}
if (empty($standard)) {
return array('ERROR! empty Standard list passed in');
}
if (strlen($testName) == 0) {
return array('ERROR! no testName supplied');
}
$results = array();
foreach ($list as $uiData) {
$cleanText = cleanString($uiData['textOrLink']);
print "ckSTDB: cleanText is:{$cleanText}\n";
if (array_key_exists($cleanText, $standard)) {
$stdCount = $standard[$cleanText];
if ($stdCount != $uiData['count']) {
$results[] = "{$testName} FAILED! Should be {$stdCount} files " . "got:{$uiData['count']} for row with text:\n{$cleanText}\n";
}
} else {
$results[] = "{$testName} FAILED! {$cleanText} did not meet the test Standard\n";
}
}
//print "ckStdDB: results are:\n";print_r($results) . "\n";
return $results;
}
public function __construct($first_name, $last_name, $username, $password, $db)
{
$this->first_name = cleanString($first_name);
$this->last_name = cleanString($last_name);
$this->username = cleanString($username);
$this->password = cleanString($password);
$this->db = $db;
$this->insertUser();
}
function removeLastWord($value)
{
$value = cleanString($value);
if (ctype_upper(substr($value, strlen($value) - 1, strlen($value)))) {
$value = substr($value, 0, strlen($value) - 1);
$value = cleanString($value);
}
return $value;
}
function getGlobals_search($getPage_connection2)
{
// session: admin
if (isset($_SESSION["admin"])) {
$_SESSION["admin"] = cleanString($_SESSION["admin"], true);
} else {
$_SESSION["admin"] = 0;
}
// else
// session: results output
if (isset($_SESSION["results_output"])) {
} else {
$_SESSION["results_output"] = "Search length requirements are not met! Search must be 5-75 characters long.";
}
// else
if (count($_POST)) {
// post: search terms
if (isset($_POST["search"])) {
$_SESSION["search"] = cleanString($_POST["search"], false);
} else {
$_SESSION["search"] = "";
}
// else
$_SESSION["results"] = array("");
// parse results into separate strings
if (stristr($_SESSION["search"], " ") === false) {
$_SESSION["results"][0] = $_SESSION["search"];
} else {
$_SESSION["results"] = explode(" ", $_SESSION["search"]);
}
// else
} else {
if (count($_GET)) {
}
}
// else if
// session: nation_id
if (isset($_SESSION["nation_id"])) {
$_SESSION["nation_id"] = cleanString($_SESSION["nation_id"], true);
} else {
$_SESSION["nation_id"] = 0;
}
// else
// session: user_id
if (isset($_SESSION["user_id"])) {
$_SESSION["user_id"] = cleanString($_SESSION["user_id"], true);
} else {
$_SESSION["user_id"] = 0;
}
// else
// get info
//$_SESSION["userInfo"] = getUserInfo($getPage_connection2,$_SESSION["user_id"]);
//$_SESSION["nationInfo"] = getNationInfo($getPage_connection2,$_SESSION["nation_id"]);
}
public function __construct($password, $username, $db)
{
//echo "password: "******"<br>";
//echo "username: "******"<br>";
$this->username = cleanString($username);
$password = cleanString($password);
$this->password = hashPasswords($password, $this->username);
//echo $this->password. "<br>";
$this->db = $db;
$this->sqlSelect();
}
function getGlobals_deactivate($getPage_connection2)
{
// session: admin
if (isset($_SESSION["admin"])) {
$_SESSION["admin"] = cleanString($_SESSION["admin"], true);
} else {
$_SESSION["admin"] = 0;
}
// else
if (count($_POST)) {
// post: current action
if (isset($_POST["action"])) {
$_SESSION["action"] = cleanString($_POST["action"], true);
} else {
$_SESSION["action"] = "";
}
// else
// post: current password
if (isset($_POST["current_password"])) {
$_SESSION["current_password"] = cleanString($_POST["current_password"], true);
} else {
$_SESSION["current_password"] = "";
}
// else
} else {
if (count($_GET)) {
}
}
// else if
// session: nation_id
if (isset($_SESSION["nation_id"])) {
$_SESSION["nation_id"] = cleanString($_SESSION["nation_id"], true);
} else {
$_SESSION["nation_id"] = 0;
}
// else
// session: user_id
if (isset($_SESSION["user_id"])) {
$_SESSION["user_id"] = cleanString($_SESSION["user_id"], true);
} else {
$_SESSION["user_id"] = 0;
}
// else
// get info
//$_SESSION["userInfo"] = getUserInfo($getPage_connection2,$_SESSION["user_id"]);
//$_SESSION["nationInfo"] = getNationInfo($getPage_connection2,$_SESSION["nation_id"]);
}
function readFromFile($conn, $fname, $dryrun)
{
//This is my function to read from the csv file.
if ($dryrun) {
fwrite(STDOUT, "\n[DRYRUN: Reading from file (\"" . $fname . "\")]");
} else {
fwrite(STDOUT, "\n[Reading from file (\"" . $fname . "\") and Inserting into DB]");
}
$file = fopen($fname, "r");
//Open the file.
$firstLine = true;
//We don't need the first line (it's the headers).
while (!feof($file)) {
//While we are not at the end of the file...
if ($firstLine) {
$firstLine = false;
fgetcsv($file);
//Read in the first line and don't do anything with it.
} else {
$person = fgetcsv($file);
//Read in all details.
$name = cleanString($person[0]);
//Clean the string.
$surname = cleanString($person[1]);
//Clean the string.
$email = trim(strtolower($person[2]));
//trim trims whitespace, strtolower puts the string to lowercase.
$emailFlag = filter_var($email, FILTER_VALIDATE_EMAIL);
//Use php's function for checking valid emails.
if ($emailFlag) {
//If it's a valid email...
if (!$dryrun) {
//If we are not on a dry run, we have access to the DB.
insertRecord($conn, $name, $surname, $email);
//Call function to insert.
} else {
fwrite(STDOUT, "\nPerson: " . $name . " " . $surname . " (" . $email . ")");
}
} else {
//If email isn't valid, tell the user.
fwrite(STDOUT, "\n[ERROR]: The supplied email address, \"" . $email . "\", is invalid");
}
}
}
fclose($file);
//Close the file after we are done.
}
function getGlobals_info($getPage_connection2)
{
// session: admin
if (isset($_SESSION["admin"])) {
$_SESSION["admin"] = cleanString($_SESSION["admin"], true);
} else {
$_SESSION["admin"] = 0;
}
// else
if (count($_GET) > 1) {
// get: info id
if (isset($_GET["info_id"])) {
$_SESSION["info_id"] = cleanString($_GET["info_id"], true);
} else {
$_SESSION["info_id"] = 0;
}
// else
// get: section
if (isset($_GET["section"])) {
$_SESSION["section"] = cleanString($_GET["section"], true);
} else {
$_SESSION["section"] = 0;
}
// else
}
// if
// session: nation_id
if (isset($_SESSION["nation_id"])) {
$_SESSION["nation_id"] = cleanString($_SESSION["nation_id"], true);
} else {
$_SESSION["nation_id"] = 0;
}
// else
// session: user_id
if (isset($_SESSION["user_id"])) {
$_SESSION["user_id"] = cleanString($_SESSION["user_id"], true);
} else {
$_SESSION["user_id"] = 0;
}
// else
// get info
//$_SESSION["userInfo"] = getUserInfo($getPage_connection2,$_SESSION["user_id"]);
//$_SESSION["nationInfo"] = getNationInfo($getPage_connection2,$_SESSION["nation_id"]);
}
public function download()
{
$id = intval($_GET['id']);
$this->loadModel('schnippet');
$schnippet = new Schnippet();
$schnippet->load($id);
if ($schnippet->getMember('protected') == 'on' && (!isset($_SESSION[APP_SES . 'id']) || $_SESSION[APP_SES . 'id'] == 0)) {
$_SESSION[APP_SES . 'route'] = '/application/schnippets&m=edit&id=' . $_GET['id'];
gotoUrl('/?route=/users/users');
exit;
}
// remove all non-alphanumeric characters from title to make filename then replace whitespace with underscores
$title = cleanString($schnippet->getMember('title'));
// get file extension
$ext = getExt($schnippet->getMember('lang'));
header("Content-Type: plain/text");
header("Content-Disposition: Attachment; filename={$title}.{$ext}");
header("Pragma: no-cache");
echo $schnippet->getMember('code');
}
public function insert()
{
$song_data = array('song_title' => cleanString($this->input->post('song_title')), 'song_year' => cleanString($this->input->post('song_year')), 'song_price' => cleanString($this->input->post('song_price')));
/* Insert the song and retrieve the song ID */
$song_id = $this->song_model->add($song_data);
$file_name = $song_data['song_title'];
/* Create directory for file upload */
$path = "data/music/songs/{$song_id}";
if (!is_dir($path)) {
mkdir($path, 755);
// Create the song directory
}
/* Load the Upload class */
$this->load->library('upload');
/* Upload the song cover */
$this->upload_cover($path);
/* Upload the file list */
$this->upload_songfile($file_name, $path);
/* Proceed to upload songs in the editor */
header("Location: " . base_url() . "admin/singles/");
}
public function index()
{
/* Prevent SQL injection. */
$search = html_escape($_GET['s']);
$search = cleanString(trim($search));
// Get the album search results from the database
$query = $this->db->like('album_title', $search);
$query = $this->db->or_like('album_year', $search);
$query = $this->db->order_by('album_title ASC');
$query = $this->db->get('db_album');
$data['albumList'] = $query->result();
$data['albumCount'] = $query->num_rows();
// Get the song search results from the database (singles)
$query = $this->db->like('song_title', $search);
$query = $this->db->or_like('song_year', $search);
$query = $this->db->order_by('song_title ASC');
$query = $this->db->get('db_song');
$data['songList'] = $query->result();
$data['songCount'] = $query->num_rows();
// Get the song search results from the database (albums)
$query = $this->db->like('track_title', $search);
$query = $this->db->order_by('track_title ASC');
$this->db->from('db_album_track');
$query = $this->db->get();
$data['albumSongList'] = $query->result();
$data['albumSongCount'] = $query->num_rows();
// Get the videos search results from the database
$query = $this->db->like('album_title', $search);
$query = $this->db->or_like('album_year', $search);
$query = $this->db->get('db_album');
$data['videoList'] = $query->result();
$data['videoCount'] = $query->num_rows();
/* Load the view files */
$data['title'] = 'Resultados de la busqueda';
$this->load->view('header', $data);
$this->load->view('search_results', $data);
$this->load->view('footer');
}
function snapRegisterNewXmppUser($emailaddress)
{
global $APPCONFIG;
include_once '../extensions/XMPPHP/XMPPHP_XMPP.php';
$conf = $APPCONFIG['XMPP'];
$passwd = $conf['userpasswd'];
$userJID = cleanString($emailaddress) . time() . '@' . $conf['server'];
$conn = new XMPPHP_XMPP($conf['server'], $conf['port'], $conf['adminuser'], $conf['adminpasswd'], $conf['resource'], $conf['domain']);
$conn->autoSubscribe(true);
$conn->useEncryption(false);
$resp = array();
try {
$conn->connect();
$conn->processUntil('session_start');
$conn->registerNewUser($userJID, $emailaddress, $passwd);
$conn->processUntil('done');
$conn->disconnect();
return array('xmppuserid' => $userJID, 'xmpppasswd' => $passwd);
} catch (XMPPHP_Exception $e) {
return 0;
//die($e->getMessage());
}
}
function soap_returned_msg($test_xml_string)
{
$test_xml_string = cleanString($test_xml_string);
if (!simplexml_load_string($test_xml_string)) {
echo json_encode(array("error"));
} else {
file_put_contents("LOG/usage_" . $_SESSION['user_email'] . ".txt", date("F j, Y, g:i a") . " " . $_SERVER['REMOTE_ADDR'] . "\r\n", FILE_APPEND | LOCK_EX);
$xml = simplexml_load_string($test_xml_string);
$arrayTweets = array();
foreach ($xml->children() as $tnum) {
if ($tnum['tweetID'] != "") {
$tweet = new Tweet();
$tweet->initializeMembers($tnum);
array_push($arrayTweets, $tweet);
}
}
echo json_encode($arrayTweets);
//free variable to avoid memory leak
foreach ($arrayTweets as $t) {
unset($t);
}
unset($arrayTweets);
}
}
private function sqlParameter($isADD, &$data, $name, &$field, &$EnumPrunecache, $isSerialized = false, $kA = '', $wS = '')
{
$output = false;
$encapsulation = $isSerialized ? '' : '"';
switch ($field[CONS_XML_TIPO]) {
case CONS_TIPO_INT:
if (isset($data[$name]) && $data[$name] !== "" && is_numeric($data[$name])) {
$output = $data[$name];
} else {
if ($isADD && isset($field[CONS_XML_DEFAULT])) {
$output = $field[CONS_XML_DEFAULT];
}
}
break;
case CONS_TIPO_LINK:
if ($field[CONS_XML_LINKTYPE] == CONS_TIPO_INT || $field[CONS_XML_LINKTYPE] == CONS_TIPO_FLOAT) {
$encapsulation = '';
}
if (isset($data[$name]) && ($data[$name] !== '' && $data[$name] !== 0 || !isset($field[CONS_XML_MANDATORY]))) {
# non-mandatory links accept 0 values, otherwise 0 is not acceptable
if ((!$isADD && isset($field[CONS_XML_IGNORENEDIT]) || $isADD) && ($data[$name] === 0 || $data[$name] === '')) {
break;
} else {
if (($field[CONS_XML_LINKTYPE] == CONS_TIPO_INT || $field[CONS_XML_LINKTYPE] == CONS_TIPO_FLOAT) && ($data[$name] === '' || !is_numeric($data[$name]))) {
$data[$name] = 0;
} else {
if ($field[CONS_XML_LINKTYPE] == CONS_TIPO_VC && $data[$name] != '') {
if ($field[CONS_XML_SPECIAL] == "ucase") {
$data[$name] = strtoupper($data[$name]);
}
if ($field[CONS_XML_SPECIAL] == "lcase") {
$data[$name] = strtolower($data[$name]);
}
}
}
}
# if this is a parent, check if this won't create a cyclic parenting
if ($data[$name] !== 0 && $data[$name] !== '' && $field[CONS_XML_MODULE] == $this->name && $this->options[CONS_MODULE_PARENT] == $name) {
if (!$isADD && $data[$name] == $data[$this->keys[0]]) {
$data[$name] = 0;
$this->parent->errorControl->raise(128, $name, $this->name, "Parent=Self");
if (isset($field[CONS_XML_MANDATORY])) {
return false;
}
} else {
$antiCicle = $isADD ? array() : array($data[$this->keys[0]]);
$idP = isset($data[$name]) ? $data[$name] : 0;
if ($idP == null) {
$idP = 0;
}
while ($idP !== 0) {
$idP = $this->parent->dbo->fetch("SELECT {$name} FROM " . $this->dbname . " WHERE " . $this->keys[0] . "={$idP}");
if ($idP == NULL) {
$idP = 0;
}
if (in_array($idP, $antiCicle)) {
break;
}
// cicle!
$antiCicle[] = $idP;
}
unset($antiCicle);
if ($idP !== 0) {
# did not reach root
$this->parent->errorControl->raise(128, $name, $this->name, "Initial parent was = " . $data[$name]);
$data[$name] = 0;
if (isset($field[CONS_XML_MANDATORY])) {
return false;
}
}
}
}
$output = $encapsulation . $data[$name] . $encapsulation;
} else {
if ($isADD && isset($field[CONS_XML_DEFAULT])) {
if ($field[CONS_XML_DEFAULT] == "%UID%" && defined("CONS_AUTH_USERMODULE") && $field[CONS_XML_MODULE] == CONS_AUTH_USERMODULE && $_SESSION[CONS_SESSION_ACCESS_LEVEL] > 0 && isset($_SESSION[CONS_SESSION_ACCESS_USER]['id'])) {
$output = $encapsulation . $_SESSION[CONS_SESSION_ACCESS_USER]['id'] . $encapsulation;
} else {
if ($field[CONS_XML_DEFAULT] != "%UID%") {
$output = $encapsulation . $field[CONS_XML_DEFAULT] . $encapsulation;
}
}
}
}
break;
case CONS_TIPO_FLOAT:
if (isset($data[$name]) && $data[$name] !== "") {
$data[$name] = fv($data[$name]);
if (is_numeric($data[$name])) {
$output = str_replace(",", ".", $data[$name]);
} else {
if ($isADD && isset($field[CONS_XML_DEFAULT])) {
$output = $field[CONS_XML_DEFAULT];
}
}
} else {
if ($isADD && isset($field[CONS_XML_DEFAULT])) {
$output = $field[CONS_XML_DEFAULT];
}
}
break;
case CONS_TIPO_VC:
if (isset($data[$name])) {
if (!isset($field[CONS_XML_SPECIAL]) || $field[CONS_XML_SPECIAL] != "urla") {
if (!isset($field[CONS_XML_CUSTOM])) {
$data[$name] = cleanString($data[$name], isset($field[CONS_XML_HTML]), $_SESSION[CONS_SESSION_ACCESS_LEVEL] == 100, $this->parent->dbo);
} else {
if (!$isSerialized) {
$data[$name] = addslashes_EX($data[$name], isset($field[CONS_XML_HTML]), $this->parent->dbo);
}
}
}
if (isset($field[CONS_XML_SPECIAL])) {
if ($field[CONS_XML_SPECIAL] == "urla") {
if (!isset($data[$name]) || $data[$name] == '') {
$source = isset($field[CONS_XML_SOURCE]) ? $field[CONS_XML_SOURCE] : "{" . $this->title . "}";
$tp = new CKTemplate($this->parent->template);
$tp->tbreak($source);
$data[$name] = $tp->techo($data);
unset($tp);
}
$data[$name] = str_replace(">", "", str_replace("<", "", str_replace(""", "", str_replace("'", "", $data[$name]))));
$data[$name] = removeSimbols($data[$name], true, false, CONS_FLATTENURL);
}
if ($field[CONS_XML_SPECIAL] == "login" && $data[$name] != "") {
if (!preg_match('/^([A-Za-z0-9_\\-\\.@]){4,20}$/', $data[$name])) {
$data[$name] = "";
$this->parent->errorControl->raise(129, $name, $this->name);
break;
}
}
if ($field[CONS_XML_SPECIAL] == "mail" && $data[$name] != "") {
if (!isMail($data[$name])) {
$data[$name] = "";
$this->parent->errorControl->raise(130, $name, $this->name);
break;
}
}
if ($field[CONS_XML_SPECIAL] == "ucase" && $data[$name] != "") {
$data[$name] = strtoupper($data[$name]);
$data[$name] = addslashes_EX($data[$name], isset($field[CONS_XML_HTML]), $this->parent->dbo);
}
if ($field[CONS_XML_SPECIAL] == "lcase" && $data[$name] != "") {
$data[$name] = strtolower($data[$name]);
$data[$name] = addslashes_EX($data[$name], isset($field[CONS_XML_HTML]), $this->parent->dbo);
}
if ($field[CONS_XML_SPECIAL] == "path" && $data[$name] != "") {
if (!preg_match('/^([A-Za-z0-9_\\/\\-]*)$/', $data[$name])) {
$data[$name] = "";
$this->parent->errorControl->raise(131, $name, $this->name);
break;
}
}
if ($field[CONS_XML_SPECIAL] == "onlinevideo" && $data[$name] != "") {
if (!preg_match('/^([A-Za-z0-9_\\-]){8,20}$/', $data[$name])) {
$data[$name] = "";
$this->parent->errorControl->raise(132, $name, $this->name);
break;
}
}
if ($field[CONS_XML_SPECIAL] == "time" && $data[$name] != "") {
if (!preg_match('/^([0-9]){1,2}(:)([0-9]){1,2}$/', $data[$name])) {
$data[$name] = "";
$this->parent->errorControl->raise(133, $name, $this->name);
break;
} else {
$data[$name] = explode(":", $data[$name]);
$data[$name][0] = (strlen($data[$name][0]) == 1 ? "0" : "") . $data[$name][0];
$data[$name][1] = (strlen($data[$name][1]) == 1 ? "0" : "") . $data[$name][1];
$data[$name] = $data[$name][0] . ":" . $data[$name][1];
}
}
}
if (!$isADD && isset($field[CONS_XML_IGNORENEDIT]) && $data[$name] == "") {
break;
} else {
if ($isADD && (!isset($data[$name]) || $data[$name] == '') && isset($field[CONS_XML_DEFAULT])) {
$data[$name] = $field[CONS_XML_DEFAULT];
}
}
$output = $encapsulation . $data[$name] . $encapsulation;
}
break;
case CONS_TIPO_TEXT:
if (isset($data[$name])) {
# WYSIWYG garbage ...
if (isset($field[CONS_XML_HTML]) && !isset($field[CONS_XML_CUSTOM])) {
$data[$name] = str_replace(" ", " ", trim($data[$name]));
if (isset($field[CONS_XML_SIMPLEEDITFORCE]) && $data[$name] != '') {
if (!defined('C_XHTML_AUTOTAB')) {
include CONS_PATH_INCLUDE . "xmlHandler.php";
}
$data[$name] = parseHTML($data[$name], true);
if ($data[$name] === false) {
$this->parent->errorControl->raise(190, $name, $this->name);
$data[$name] = '';
break;
}
}
if ($this->invalidHTML($data[$name])) {
# external editors garbage that can break HTML
$this->parent->errorControl->raise(135, $name, $this->name);
}
}
if (!isset($field[CONS_XML_CUSTOM])) {
$data[$name] = cleanString($data[$name], isset($field[CONS_XML_HTML]), $_SESSION[CONS_SESSION_ACCESS_LEVEL] == 100, $this->parent->dbo);
} else {
if (!$isSerialized) {
$data[$name] = addslashes_EX($data[$name], true, $this->parent->dbo);
}
}
if (!$isADD && isset($field[CONS_XML_IGNORENEDIT]) && $data[$name] == "") {
break;
}
$output = $encapsulation . $data[$name] . $encapsulation;
} else {
if ($isADD && isset($field[CONS_XML_DEFAULT])) {
$output = $encapsulation . $field[CONS_XML_DEFAULT] . $encapsulation;
}
}
break;
case CONS_TIPO_DATETIME:
case CONS_TIPO_DATE:
if (!isset($data[$name]) || $data[$name] == '') {
if (!$isADD && isset($field[CONS_XML_UPDATESTAMP])) {
$output = "NOW()";
$data[$name] = date("Y-m-d") . ($field[CONS_XML_TIPO] == CONS_TIPO_DATETIME ? " " . date("H:i:s") : "");
// might be used by friendly url or such
break;
} else {
if ($isADD && (isset($field[CONS_XML_TIMESTAMP]) || isset($field[CONS_XML_UPDATESTAMP]))) {
$output = "NOW()";
$data[$name] = date("Y-m-d") . ($field[CONS_XML_TIPO] == CONS_TIPO_DATETIME ? " " . date("H:i:s") : "");
// might be used by friendly url or such
break;
}
}
}
if (!isset($data[$name]) && isset($data[$name . "_day"])) {
# date came into separated fields, merge them
$theDate = $this->parent->intlControl->mergeDate($data, $name . "_");
if (!$theDate == false || ($theDate == "0000-00-00" || $theDate == "0000-00-00 00:00:00") && isset($field[CONS_XML_IGNORENEDIT])) {
break;
}
# empty date can be ignored, or corrupt date
$output = $encapsulation . $theDate . $encapsulation;
} else {
# came in mySQL format or i18n fromat
if (isset($data[$name]) && $data[$name] != "") {
$data[$name] = trim($data[$name]);
$theDate = $data[$name];
$theDate = $this->parent->intlControl->dateToSql($theDate, $field[CONS_XML_TIPO] == CONS_TIPO_DATETIME);
// handles any format of human or sql date
if ($theDate === false) {
if (substr($data[$name], 0, 5) == "NOW()") {
$output = $data[$name];
$data[$name] = date("Y-m-d") . ($field[CONS_XML_TIPO] == CONS_TIPO_DATETIME ? " " . date("H:i:s") : "");
// might be used by friendly url or such
} else {
$this->parent->errorControl->raise(134, $name, $this->name);
}
} else {
$output = $encapsulation . $theDate . $encapsulation;
$data[$name] = $theDate;
// other fields might need it
}
} else {
if (isset($data[$name])) {
// blank
if (!$isADD && isset($field[CONS_XML_IGNORENEDIT])) {
break;
}
$output = isset($field[CONS_XML_MANDATORY]) && $field[CONS_XML_MANDATORY] ? $encapsulation . "0000-00-00" . ($field[CONS_XML_TIPO] == CONS_TIPO_DATETIME ? " 00:00:00" : "") . $encapsulation : 'NULL';
}
}
}
break;
case CONS_TIPO_ENUM:
if (isset($data[$name])) {
if ($data[$name] == "") {
# enum does not accept empty values, this means it's a NON-MANDATORY enum comming empty = NULL
$output = "NULL";
} else {
$data[$name] = str_replace("\"", "", str_replace("'", "", $data[$name]));
$output = $encapsulation . $data[$name] . $encapsulation;
if (isset($field[CONS_XML_AUTOPRUNE])) {
// possible prune
//$EnumPrunecache
preg_match("@ENUM \\(([^)]*)\\).*@", $field[CONS_XML_SQL], $regs);
$enums = explode(",", $regs[1]);
$pruneRecipient = "";
for ($ec = 0; $ec < count($enums); $ec++) {
if (isset($field[CONS_XML_AUTOPRUNE][$ec]) && $field[CONS_XML_AUTOPRUNE][$ec] == '*') {
$pruneRecipient = $enums[$ec];
}
}
for ($ec = 0; $ec < count($enums); $ec++) {
if ("'" . $data[$name] . "'" == $enums[$ec]) {
if (isset($field[CONS_XML_AUTOPRUNE][$ec]) && $field[CONS_XML_AUTOPRUNE][$ec] != '0' && $field[CONS_XML_AUTOPRUNE][$ec] != '*') {
$EnumPrunecache[] = array($name, $field[CONS_XML_AUTOPRUNE][$ec], $pruneRecipient);
}
break;
// for
}
}
}
}
} else {
if ($isADD && isset($field[CONS_XML_DEFAULT])) {
$output = $encapsulation . $field[CONS_XML_DEFAULT] . $encapsulation;
}
}
break;
case CONS_TIPO_OPTIONS:
# must come as a string of 0 and 1
if (isset($data[$name]) && strlen($data[$name]) >= count($field[CONS_XML_OPTIONS])) {
# test if they are all 0 and 1!
$ok = true;
for ($c = 0; $c < strlen($data[$name]); $c++) {
if ($data[$name][$c] != "0" && $data[$name][$c] != "1") {
$ok = false;
break;
}
}
if ($ok) {
$output = $encapsulation . $data[$name] . ($isADD ? '0000' : '') . $encapsulation;
}
}
break;
case CONS_TIPO_UPLOAD:
if (!$isADD) {
# upload on add happens AFTER the SQL include, so if it fails, we don't even bother processing upload
if (isset($data[$name . "_delete"]) || isset($_FILES[$name]) && $_FILES[$name]['error'] == 0) {
// delete ou update
$ids = "";
foreach ($this->keys as $key) {
$ids .= $data[$key] . "_";
}
$ids = substr($ids, 0, strlen($ids) - 1);
$this->deleteUploads($data, $name, $ids);
}
$upOk = $this->prepareUpload($name, $kA, $data);
$upvalue = $upOk == '0' ? 'y' : 'n';
if ($upOk != 0 && $upOk != 4) {
# notification for the upload (4 = nothing sent, 0 = sent and ok)
$this->parent->errorControl->raise(200 + $upOk, $upOk, $this->name, $name);
}
if ($upOk != 4) {
$output = $encapsulation . $upvalue . $encapsulation;
} else {
// no change, but take this oportunity and check if the file exists!
$upvalue = 'n';
$path = CONS_FMANAGER . $this->name . "/";
if (is_dir($path)) {
if (isset($this->fields[$name][CONS_XML_FILEPATH])) {
$path .= $this->fields[$name][CONS_XML_FILEPATH];
if ($path[strlen($path) - 1] != "/") {
$path .= "/";
}
if (!is_dir($path)) {
safe_mkdir($path);
}
}
# prepares filename with item keys
$filename = $path . $name . "_";
foreach ($this->keys as $key) {
$filename .= $data[$key] . "_";
}
$filename .= "1";
$upvalue = locateAnyFile($filename, $ext, isset($this->fields[$name][CONS_XML_FILETYPES]) ? $this->fields[$name][CONS_XML_FILETYPES] : '') ? 'y' : 'n';
}
$output = $encapsulation . $upvalue . $encapsulation;
}
}
break;
case CONS_TIPO_ARRAY:
if (isset($data[$name])) {
if (is_array($data[$name])) {
$output = $data[$name];
} else {
# came in serialized (JSON or php)
if ($data[$name][0] == '[') {
# JSON
$output = @json_decode($data[$name]);
} else {
$output = @unserialize($data[$name]);
}
# we will serialize the whole thing
if ($output === false) {
$this->parent->errorControl->raise(189, $name, $this->name);
$output = "";
}
}
}
break;
case CONS_TIPO_SERIALIZED:
if (isset($data[$name])) {
// came raw data, we store as is, YOU should serialize raw data
$data[$name] = addslashes_EX($data[$name], true);
if (isset($field[CONS_XML_IGNORENEDIT]) && $data[$name] == "") {
break;
}
$output = $encapsulation . $data[$name] . $encapsulation;
} else {
if ($this->fields[$name][CONS_XML_SERIALIZED] > 1) {
// set to WRITE or ALL
// note: we ADD fields, never replace, because we should allow partial edits, thus we need to read the original data first
$sql = "SELECT {$name} FROM " . $this->dbname . " WHERE {$wS}";
$serialized = $this->parent->dbo->fetch($sql);
if ($serialized === false) {
$serialized = array();
} else {
$serialized = @unserialize($serialized);
}
$serializedFields = 0;
foreach ($this->fields[$name][CONS_XML_SERIALIZEDMODEL] as $exname => &$exfield) {
if (isset($data[$name . "_" . $exname])) {
$outfield = $this->sqlParameter(true, $data, $name . "_" . $exname, $exfield, $EnumPrunecache, true);
if ($outfield !== false && $outfield != 'NULL') {
$serialized[$exname] = $outfield;
}
# we don't need to store NULL like in sql
}
}
$output = $encapsulation . addslashes_EX(serialize($serialized), true, $this->parent->dbo) . $encapsulation;
}
}
break;
}
# switch
return $output;
}
public function update($album_id)
{
$album_data = array('album_id' => $album_id, 'album_price' => cleanString($this->input->post('album_price')), 'album_desc' => $this->input->post('album_desc'));
$this->album_model->update($album_data);
$path = "data/music/albums/{$album_id}";
/* Load the Upload class */
$this->load->library('upload');
$this->upload_cover($path);
header("Location: " . base_url() . "admin/albums");
}
$post['thumb'] = $temp_file . '.png';
} else {
fancyDie("Error while processing audio/video.");
}
}
}
$thumb_location = "thumb/" . $post['thumb'];
list($thumb_maxwidth, $thumb_maxheight) = thumbnailDimensions($post);
if (!createThumbnail($file_location, $thumb_location, $thumb_maxwidth, $thumb_maxheight)) {
fancyDie("Could not create thumbnail.");
}
addVideoOverlay($thumb_location);
$thumb_info = getimagesize($thumb_location);
$post['thumb_width'] = $thumb_info[0];
$post['thumb_height'] = $thumb_info[1];
$post['file_original'] = cleanString($embed['title']);
$post['file'] = str_ireplace(array('src="https://', 'src="http://'), 'src="//', $embed['html']);
} else {
if (isset($_FILES['file'])) {
if ($_FILES['file']['name'] != "") {
validateFileUpload();
if (!is_file($_FILES['file']['tmp_name']) || !is_readable($_FILES['file']['tmp_name'])) {
fancyDie("File transfer failure. Please retry the submission.");
}
if (TINYIB_MAXKB > 0 && filesize($_FILES['file']['tmp_name']) > TINYIB_MAXKB * 1024) {
fancyDie("That file is larger than " . TINYIB_MAXKBDESC . ".");
}
$post['file_original'] = trim(htmlentities(substr($_FILES['file']['name'], 0, 50), ENT_QUOTES));
$post['file_hex'] = md5_file($_FILES['file']['tmp_name']);
$post['file_size'] = $_FILES['file']['size'];
$post['file_size_formatted'] = convertBytes($post['file_size']);
function hyphenize($string)
{
return strtolower(preg_replace(array('#[\\s-]+#', '#[^A-Za-z0-9\\. -]+#'), array('-', ''), cleanString(urldecode($string))));
}
function getGlobals_organizations($getPage_connection2)
{
// session: admin
if (isset($_SESSION["admin"])) {
$_SESSION["admin"] = cleanString($_SESSION["admin"], true);
} else {
$_SESSION["admin"] = 0;
}
// else
if (count($_POST)) {
// post: current action
if (isset($_POST["action"])) {
$_SESSION["action"] = cleanString($_POST["action"], true);
} else {
$_SESSION["action"] = "";
}
// else
// post: organization id
if (isset($_POST["org"])) {
$_SESSION["org"] = cleanString($_POST["org"], true);
} else {
$_SESSION["org"] = "";
}
// else
// post: name for organization
if (isset($_POST["orgname"])) {
$_SESSION["name"] = cleanString($_POST["orgname"], false);
} else {
$_SESSION["name"] = "";
}
// else
// post: nation for organization
if (isset($_POST["orgnation"])) {
$_SESSION["nation"] = cleanString($_POST["orgnation"], false);
} else {
$_SESSION["nation"] = "";
}
// else
} else {
if (count($_GET)) {
}
}
// else if
// session: nation_id
if (isset($_SESSION["nation_id"])) {
$_SESSION["nation_id"] = cleanString($_SESSION["nation_id"], true);
} else {
$_SESSION["nation_id"] = 0;
}
// else
// session: user_id
if (isset($_SESSION["user_id"])) {
$_SESSION["user_id"] = cleanString($_SESSION["user_id"], true);
} else {
$_SESSION["user_id"] = 0;
}
// else
// get info
//$_SESSION["userInfo"] = getUserInfo($getPage_connection2,$_SESSION["user_id"]);
//$_SESSION["nationInfo"] = getNationInfo($getPage_connection2,$_SESSION["nation_id"]);
}
$view->clientes = Cliente::getClientes();
$view->contentTemplate = "templates/clientesGrid.php";
// seteo el template que se va a mostrar
break;
case 'saveClient':
// limpio todos los valores antes de guardarlos
// por ls dudas venga algo raro
$id = intval($_POST['id']);
$n_rfi = cleanString($_POST['n_rfi']);
$ccosto = cleanString($_POST['ccosto']);
$desc_rfi = cleanString($_POST['desc_rfi']);
$obs_rfi = cleanString($_POST['obs_rfi']);
$f_rfi = cleanString($_POST['f_rfi']);
$user_gen = cleanString($_POST['user_gen']);
$user_soli = cleanString($_POST['user_soli']);
$estado = cleanString($_POST['estado']);
$cliente = new Cliente($id);
$cliente->setn_rfi($n_rfi);
$cliente->setccosto($ccosto);
$cliente->setdesc_rfi($desc_rfi);
$cliente->setobs_rfi($obs_rfi);
$cliente->setf_rfi($f_rfi);
$cliente->setuser_gen($user_gen);
$cliente->setuser_soli($user_soli);
$cliente->setestado($estado);
$cliente->save();
break;
case 'newClient':
$view->client = new Cliente();
$view->label = 'Nuevo RFI';
$view->disableLayout = true;
function getGlobals_policies($getPage_connection2)
{
// get session: admin
if (isset($_SESSION["admin"])) {
$_SESSION["admin"] = cleanString($_SESSION["admin"], true);
} else {
$_SESSION["admin"] = 0;
}
// else
if (count($_POST)) {
// post: current action
if (isset($_POST["action"])) {
$_SESSION["action"] = cleanString($_POST["action"], true);
} else {
$_SESSION["action"] = "";
}
// else
// post: formal name input for changing formal name
if (isset($_POST["formalname"])) {
$_SESSION["formal_name"] = cleanString($_POST["formalname"], false);
} else {
$_SESSION["formal_name"] = 0;
}
// else
// post: formal name input for changing formal name
if (isset($_POST["prod-percent"])) {
$_SESSION["prod_percent"] = cleanString($_POST["prod-percent"], true);
} else {
$_SESSION["prod_percent"] = 0;
}
// else
// post: array of production targets
if (isset($_POST["prod"])) {
$_SESSION["prod"] = $_POST["prod"];
} else {
$_SESSION["prod"] = array(0 => 0, 1 => 0, 2 => 0, 3 => 0, 4 => 0, 5 => 0, 6 => 0, 7 => 0, 8 => 0);
}
// else
} else {
if (count($_GET)) {
}
}
// else if
// session: nation_id
if (isset($_SESSION["nation_id"])) {
$_SESSION["nation_id"] = cleanString($_SESSION["nation_id"], true);
} else {
$_SESSION["nation_id"] = 0;
}
// else
// session: user_id
if (isset($_SESSION["user_id"])) {
$_SESSION["user_id"] = cleanString($_SESSION["user_id"], true);
} else {
$_SESSION["user_id"] = 0;
}
// else
// get info
//$_SESSION["userInfo"] = getUserInfo($getPage_connection2,$_SESSION["user_id"]);
//$_SESSION["nationInfo"] = getNationInfo($getPage_connection2,$_SESSION["nation_id"]);
}
*
*/
require_once "lib/nusoap.php";
require_once "constants.php";
require_once "FunctionCollection.php";
error_reporting(E_ERROR);
session_start();
//if(!isset($_SESSION['client'])){
$_SESSION['client'] = new nusoap_client(getWsdlAddress(), true);
$_SESSION['client']->soap_defencoding = 'UTF-8';
$_SESSION['client']->decode_utf8 = false;
//}
$mode = $_GET["mode"];
$minlat = $_GET["minlat"];
$maxlat = $_GET["maxlat"];
$minlon = $_GET["minlon"];
$maxlon = $_GET["maxlon"];
$region = $_GET["region"];
$timewindow = $_GET["timewindow"];
$resultArray = array();
if (strlen($mode) <= 0 || strlen($minlat) <= 0 || strlen($maxlat) <= 0 || strlen($minlon) <= 0 || strlen($maxlon) <= 0) {
array_push($resultArray, "fail");
//file_put_contents("testfile.txt", "fail2", FILE_APPEND | LOCK_EX);
//file_put_contents("testfile.txt", "\r\n", FILE_APPEND | LOCK_EX);
} else {
$params = array('mode' => $mode, 'minlat' => $minlat, 'maxlat' => $maxlat, 'minlon' => $minlon, 'maxlon' => $maxlon, 'region' => $region, 'timewindow' => $timewindow);
$resultString = $_SESSION['client']->call("sendConfig", $params, const_namespace);
$resultString = cleanString($resultString);
array_push($resultArray, $resultString);
}
echo json_encode($resultArray);
function addUserSignup($user_id, $user_fullname, $user_email, $password, $lang, $token)
{
global $core;
# Clean Up user_id
$user_id = preg_replace("( )", "_", $user_id);
$user_id = cleanString($user_id);
# Check if user's information already exist in not pending users
$rs1 = $core->con->select("SELECT user_id, user_fullname, user_email\n\t\tFROM " . $core->prefix . "user\n\t\tWHERE lower(user_id) = '" . strtolower($user_id) . "'\n\t\tOR lower(user_fullname) = '" . strtolower($user_fullname) . "'\n\t\tOR lower(user_email) = '" . strtolower($user_email) . "'");
if ($rs1->count() > 0) {
if ($rs1->f('user_id') == $user_id) {
$error[] = sprintf(T_('The user %s already exists'), $user_id);
}
if ($rs1->f('user_fullname') == $user_fullname) {
$error[] = sprintf(T_('The user %s already exists'), $user_fullname);
}
if ($rs1->f('user_email') == $user_email) {
$error[] = sprintf(T_('The email address %s is already in use'), $user_email);
}
} else {
# Check if website is already in use
$rs2 = $core->con->select("SELECT " . $core->prefix . "user.user_id\n\t\t\tFROM " . $core->prefix . "user, " . $core->prefix . "site\n\t\t\tWHERE " . $core->prefix . "site.user_id = " . $core->prefix . "user.user_id\n\t\t\tAND site_url = '" . $url . "'");
if ($rs2->count() > 0) {
$error[] = sprintf(T_('The website %s is already assigned to the user %s'), $url, $user_id);
}
}
# All OK
if (empty($error)) {
$cur = $core->con->openCursor($core->prefix . 'user');
$cur->user_id = $user_id;
$cur->user_fullname = $user_fullname;
$cur->user_email = $user_email;
$cur->user_pwd = crypt::hmac('BP_MASTER_KEY', $password);
$cur->user_token = $token;
$cur->user_status = 0;
$cur->user_lang = $lang;
$cur->created = array(' NOW() ');
$cur->modified = array(' NOW() ');
$cur->insert();
}
return $error;
}
$nbPages = ceil($data[0] / $nbElements);
for ($i = 1; $i <= $nbPages; $i++) {
$pages .= '<td onclick=\'displayLogs(\\"copy_logs\\", ' . $i . ', \'\')\'><span style=\'cursor:pointer;' . ($_POST['page'] == $i ? 'font-weight:bold;font-size:18px;\'>' . $i : '\'>' . $i) . '</span></td>';
}
}
$pages .= '</tr></table>';
//define query limits
if (isset($_POST['page']) && $_POST['page'] > 1) {
$start = $nbElements * ($_POST['page'] - 1) + 1;
} else {
$start = 0;
}
//launch query
$rows = DB::query("SELECT l.date as date, u.login as login, l.label as label\n FROM " . prefix_table("log_system") . " as l\n INNER JOIN " . prefix_table("users") . " as u ON (l.qui=u.id)\n WHERE %l\n ORDER BY date DESC\n LIMIT {$start}, {$nbElements}", $where);
foreach ($rows as $reccord) {
$label = explode('@', addslashes(cleanString($reccord['label'])));
$logs .= '<tr><td>' . date($_SESSION['settings']['date_format'] . " " . $_SESSION['settings']['time_format'], $reccord['date']) . '</td><td align=\\"left\\">' . $label[0] . '</td><td align=\\"center\\">' . $reccord['login'] . '</td></tr>';
}
echo '[{"tbody_logs": "' . $logs . '" , "log_pages" : "' . $pages . '"}]';
break;
/**
* CASE display a full listing with items EXPRIED
*/
/**
* CASE display a full listing with items EXPRIED
*/
case "generate_renewal_listing":
if ($_POST['period'] == "0") {
$date = time();
} elseif ($_POST['period'] == "1month") {
$date = mktime(date('h'), date('i'), date('s'), date('m') + 1, date('d'), date('y'));
<?php
@(include 'utilities/all.php');
header("Content-Type: application/json");
checkGetParameter('item_id');
checkGetParameter('fb_id');
$item_id = cleanString(getGet('item_id'));
$fb_id = cleanString(getGet('fb_id'));
$sql = "UPDATE items SET item_status=2 WHERE item_id={$item_id} AND fb_id={$fb_id}";
$result = db_query($sql);
$out['success'] = true;
echo json_encode($out);
$_POST['pass_field_1'] = cleanString($_POST['pass_field_1'], 30);
}
if ($_POST['pass_field_2']) {
$_POST['pass_field_2'] = cleanString($_POST['pass_field_2'], 30);
}
if ($_POST['email']) {
$_POST['email'] = cleanString($_POST['email'], 140);
}
if ($_POST['passcurr']) {
$_POST['passcurr'] = cleanString($_POST['passcurr'], 40);
}
if ($_POST['pass1']) {
$_POST['pass1'] = cleanString($_POST['pass1'], 40);
}
if ($_POST['pass2']) {
$_POST['pass2'] = cleanString($_POST['pass2'], 40);
}
if ($_POST['salt']) {
$_POST['salt'] = '';
}
if ($_POST['key']) {
$_POST['key'] = '';
}
// check for errors
$alertArr = array();
if (!$_POST['pass_field_curr']) {
$alertArr[] = $ALERT['PASS_CURR_NO'];
}
// Recheck password of registered users
if (confirmUser($_SESSION['username'], $_POST['passcurr']) != 0) {
$alertArr[] = $ALERT['PASS_CURR_WRONG'];
