function validate_form()
{
$error = array();
$NumberTickets = clean_int($_POST['numberoftickets']);
$MaxMb = clean_number($_POST['MaxMb']);
$Max_Mb = clean_number($_POST['Max_Mb']);
$MaxTime = clean_int($_POST['MaxTime']);
$Max_Time = clean_int($_POST['Max_Time']);
$error[] = validate_int($NumberTickets);
if (!\Grase\Validate::numericLimit($MaxMb)) {
$error[] = sprintf(T_("Invalid value '%s' for Data Limit"), $MaxMb);
}
if (!\Grase\Validate::numericLimit($Max_Mb)) {
$error[] = sprintf(T_("Invalid value '%s' for Data Limit"), $Max_Mb);
}
if (!\Grase\Validate::numericLimit($MaxTime)) {
$error[] = sprintf(T_("Invalid value '%s' for Time Limit"), $MaxTime);
}
if (!\Grase\Validate::numericLimit($Max_Time)) {
$error[] = sprintf(T_("Invalid value '%s' for Time Limit"), $Max_Time);
}
if ((is_numeric($Max_Mb) || $_POST['Max_Mb'] == 'inherit') && is_numeric($MaxMb)) {
$error[] = T_("Only set one Data limit field");
}
if ((is_numeric($Max_Time) || $_POST['Max_Time'] == 'inherit') && is_numeric($MaxTime)) {
$error[] = T_("Only set one Time limit field");
}
// 1000 seems like a reasonable number, if someone wants it increased we can now that we can delete batches
if ($NumberTickets > 1000) {
$error[] = T_("Max of 1000 tickets per batch");
}
$error[] = validate_group($_POST['Group']);
return array_filter($error);
}
public function deleteFromDB()
{
global $db;
if ($this->plusrelationship_id > 0) {
//DELETE ALL SUB-CONTENT
//$revs = DocRevision::FetchByGroupDoc( $this->groupdoc_id );
//foreach ( $revs as $rev ) {
// $rev->deleteFromDB();
//}
$query = sprintf("DELETE FROM plusrelationship WHERE plusrelationship_id = %d", clean_int($this->plusrelationship_id));
$result = mysql_query($query, $db);
if ($result) {
$this->plusrelationship_id = 0;
}
}
}
public function deleteFromDB()
{
global $db;
if ($this->pluspost_id > 0) {
//DELETE ALL SUB-CONTENT
$query = sprintf("DELETE FROM pluspost WHERE pluspost_id = %d", clean_int($this->pluspost_id));
$result = mysql_query($query, $db);
if ($result) {
$this->pluspost_id = 0;
}
}
}
<?php
global $form, $listid, $groups;
if (preg_match("/\\/includes\\//", $PHP_SELF)) {
die("You can't access this file directly!");
}
$form = clean_word($form);
$listid = clean_int($listid);
?>
<script type="text/javascript">
<!-- <![CDATA[
function OkButton () {
var parentlist = window.opener.document.<?php
echo $form;
?>
.elements[<?php
echo $listid;
?>
];
var thislist = document.forms[0].elements[0];
var found = "";
// select/deselect all elements
for ( i = 0; i < parentlist.length; i++ ) {
var state = false;
for ( j = 0; j < thislist.length; j++ ) {
if ( thislist.options[j].value == parentlist.options[i].value ) {
state = thislist.options[i].selected;
found += " " + thislist.options[j].value;
}
}
// Options for login Config that can only be one
$singleLoginOptions = array('hideheader' => array("label" => T_("Login Screen Title"), "description" => T_("Hide Title (header) from login screen"), "type" => "bool"), 'hidemenu' => array("label" => T_("Login Screen Menu"), "description" => T_("Hide Menubar from login screen"), "type" => "bool"), 'hidefooter' => array("label" => T_("Login Screen Footer"), "description" => T_("Hide footer from login screen.\n Please consider adding a link back to http://grasehotspot.org if you are hiding the footer"), "type" => "bool"), 'hidehelplink' => array("label" => T_("Help Link"), "description" => T_("Hide Help link from menu and footer"), "type" => "bool"), 'disablejavascript' => array("label" => T_("Disable Javascript Login"), "description" => T_("Force all logins to be through the less secure non-javascript method"), "type" => "bool"), 'disableallcss' => array("label" => T_("Disable All Default CSS"), "description" => T_("All css files will be excluded from the login pages, and only the css below (Main CSS) will be used"), "type" => "bool"), 'logintitle' => array("label" => T_("Page Title"), "description" => T_("The page title that is displayed on the login page"), "type" => "text"), 'autocreategroup' => array("label" => T_("Free Login Group"), "description" => T_("The group to create 'Free Login' users in. Leave blank to disable free logins"), "type" => "text"), 'freeloginbuttontext' => array("label" => T_("Free Login Button Text"), "description" => T_("Text to show on the Free Login button if enabled above. Defaults to 'Free Access'"), "type" => "text"), 'hidenormallogin' => array("label" => T_("Hide Username/Password (Voucher) login form"), "description" => T_("Hides the login form (username/password fields). Useful if you only want a free login button"), "type" => "bool"));
// Templates
$templateOptions = array('termsandconditions' => array("label" => T_("Terms and Conditions"), "description" => T_("Terms and Conditions of use (HTML) - Leave empty to not display"), "type" => "html"), 'maincss' => array("label" => T_("Main CSS"), "description" => T_("Cascading style sheet that is applied to all portal pages (use !important to override a style if your\n settings here don't seem to work, it may be that the builtin css has a more specific selector than your one\n here, look at radmin.css for id's and classes)"), "type" => "css"), 'helptext' => array("label" => T_("Help and Information Page"), "description" => T_("Help and Information page contents, leaving this blank does not remove the link, see above options for removing the link."), "type" => "html"), 'aboveloginhtml' => array("label" => T_("HTML Above login form"), "description" => T_("HTML to insert above login form (and free login)"), "type" => "html"), 'belowloginhtml' => array("label" => T_("HTML Below login form"), "description" => T_("HTML to insert below login form"), "type" => "html"), 'loggedinnojshtml' => array("label" => T_("Logged In HTML"), "description" => T_("HTML for successful login when not using javascript"), "type" => "html"));
loadLoginOptions($Settings);
if (isset($_POST['submit'])) {
foreach ($singleLoginOptions as $singleOption => $attributes) {
switch ($attributes['type']) {
default:
case "string":
$postValue = trim(\Grase\Clean::text($_POST[$singleOption]));
break;
case "int":
$postValue = trim(clean_int($_POST[$singleOption]));
break;
case "number":
$postValue = trim(clean_number($_POST[$singleOption]));
break;
case "bool":
if (isset($_POST[$singleOption])) {
$postValue = 'TRUE';
} else {
$postValue = 'FALSE';
}
break;
}
if ($postValue != $attributes['value']) {
// Update options in database
$Settings->setSetting($singleOption, $postValue);
}
if (!(isset($vouchermaxmb[$key]) || isset($vouchermaxtime[$key]))) {
$warning[] = T_("It is not recommended having vouchers without a data or time limit");
}
// validate limits
//$error[] = validate_datalimit($groupdatalimit[$key]);
// Silence warnings (@) as we don't care if they are set or not'
if (!\Grase\Validate::numericLimit($vouchermaxtime[$key])) {
$error[] = sprintf(T_("Invalid value '%s' for Time Limit"), $vouchermaxtime[$key]);
}
if (!\Grase\Validate::numericLimit($vouchermaxmb[$key])) {
$error[] = sprintf(T_("Invalid value '%s' for Data Limit"), $vouchermaxmb[$key]);
}
// TODO validate groupname, it already comes in in the correct format though
$error = array_filter($error);
$vouchersettings[\Grase\Clean::groupName($name)] = array_filter(array('VoucherName' => \Grase\Clean::groupName($name), 'VoucherLabel' => \Grase\Clean::text($name), 'VoucherPrice' => @clean_number($voucherprice[$key]), 'VoucherGroup' => $vouchergroup[$key], 'MaxMb' => @clean_number($vouchermaxmb[$key]), 'MaxTime' => @clean_int($vouchermaxtime[$key]), 'Description' => @\Grase\Clean::text($voucherdesc[$key]), 'TopupVoucher' => $vouchertopup[$key] ? TRUE : FALSE, 'InitVoucher' => $voucherinit[$key] ? TRUE : FALSE));
}
if (sizeof($error) == 0) {
// No errors. Save groups
//$Settings->setSetting("groups", serialize($groupexpiries));
foreach ($vouchersettings as $attributes) {
//$Settings->setGroup($attributes);
$Settings->setVoucher($attributes);
}
// Delete vouchers no longer referenced
foreach ($Settings->getVoucher() as $oldvoucher => $oldvouchersettings) {
if (!isset($vouchersettings[$oldvoucher])) {
$Settings->deleteVoucher($oldvoucher);
}
}
$success[] = T_("Vouchers updated");
public function deleteFromDB()
{
global $db;
if ($this->plusperson_id > 0) {
//DELETE ALL SUB-CONTENT
$rs = PlusRelationship::FetchRelationshipsByOwner($this->googleplus_id);
foreach ($rs as $r) {
$r->deleteFromDB();
}
$rs = PlusRelationship::FetchRelationshipsByCircled($this->googleplus_id);
foreach ($rs as $r) {
$r->deleteFromDB();
}
$query = sprintf("DELETE FROM plusperson WHERE plusperson_id = %d", clean_int($this->plusperson_id));
$result = mysql_query($query, $db);
if ($result) {
$this->plusperson_id = 0;
}
}
}
case "string":
$postValue = trim(\Grase\Clean::text($_POST[$selectOption]));
// TODO Validate from list of valid vars
break;
}
$networkOptions[$selectOption] = $postValue;
}
foreach ($multiNetworkOptions as $multiOption => $attributes) {
$postValue = array();
foreach ($_POST[$multiOption] as $value) {
switch ($attributes['type']) {
case "string":
$postValue[] = \Grase\Clean::text($value);
break;
case "int":
$postValue[] = clean_int($value);
break;
case "number":
$postValue[] = clean_number($value);
break;
case "ip":
if (trim($value)) {
$postValue[] = long2ip(ip2long(trim($value)));
}
break;
}
}
$postValue = array_filter($postValue);
$networkOptions[$multiOption] = $postValue;
}
// TODO: validate network settings
if ($type == 'User') {
$user['Username'] = \Grase\Clean::username($_POST['Username']);
$user['Password'] = \Grase\Clean::text($_POST['Password']);
}
if ($type == 'Computer') {
$user['Username'] = \Grase\Clean::username($_POST['mac']);
$user['mac'] = $user['Username'];
$user['Password'] = DatabaseFunctions::getInstance()->getChilliConfigSingle('macpasswd');
}
$user['MaxMb'] = $_POST['MaxMb'];
$user['Max_Mb'] = clean_number($_POST['Max_Mb']);
if ($_POST['Max_Mb'] == 'inherit') {
$user['Max_Mb'] = 'inherit';
}
$user['MaxTime'] = $_POST['MaxTime'];
$user['Max_Time'] = clean_int($_POST['Max_Time']);
if ($_POST['Max_Time'] == 'inherit') {
$user['Max_Time'] = 'inherit';
}
$user['Group'] = \Grase\Clean::text($_POST['Group']);
$user['Expiration'] = expiry_for_group(\Grase\Clean::text($_POST['Group']));
$user['Comment'] = \Grase\Clean::text($_POST['Comment']);
// Validate details
$error = validate_form($user, $type);
if ($error) {
$templateEngine->assign("user", $user);
$templateEngine->assign("error", $error);
$templateEngine->displayPage($templateFile);
exit;
} else {
// Load group settings so we can use Expiry, MaxMb and MaxTime
protected function clean_smallint($input)
{
return clean_int($input);
}
$templateEngine->assign("username", $_GET['username']);
} elseif (isset($_GET['allsessions'])) {
$sessions = DatabaseFunctions::getInstance()->getRadiusUserSessionsDetails();
$totalRows = sizeof($sessions);
$numPerPage = $_GET['items'] ? abs($_GET['items']) : 25;
// TODO check this is safe
$page = $_GET['page'] ? abs($_GET['page']) : 0;
//TODO check this is safe
$pages = floor($totalRows / $numPerPage);
if ($page > $pages) {
$page = $pages;
}
$currentStartItem = $page * $numPerPage;
$displaySessions = array_slice($sessions, $currentStartItem, $numPerPage, true);
$templateEngine->assign("sessions", $displaySessions);
$templateEngine->assign("pages", $pages);
$templateEngine->assign("perpage", $numPerPage);
$templateEngine->assign("currentpage", $page);
} else {
$templateEngine->assign("activesessions", DatabaseFunctions::getInstance()->getActiveRadiusSessionsDetails());
if ($_GET['refresh']) {
$refresh = clean_int($_GET['refresh']) * 60;
if ($refresh < 60) {
$refresh = 60;
}
$templateEngine->assign("autorefresh", $refresh);
}
}
$templateEngine->assign('usercomments', DatabaseFunctions::getInstance()->getAllUsersComments());
$templateEngine->displayPage('sessions.tpl');
// TODO: Data usage over "forever"
if (!\Grase\Validate::bandwidthOptions($groupBandwidthDownLimit[$key], bandwidth_options())) {
$error[] = sprintf(T_("Invalid Bandwidth Limit '%s'"), $groupBandwidthDownLimit[$key]);
}
if (!\Grase\Validate::bandwidthOptions($groupBandwidthUpLimit[$key], bandwidth_options())) {
$error[] = sprintf(T_("Invalid Bandwidth Limit '%s'"), $groupBandwidthUpLimit[$key]);
}
//TODO we don't validate that it's not 0, relying on HTML5 to do that
$error[] = @validate_int($groupSimultaneousUse[$key], true);
// TODO: Validate Login-Time
$error[] = @validate_uucptimerange($groupLoginTime[$key]);
$error = array_filter($error);
if (isset($groupRecurTime[$key]) xor isset($groupRecurTimeLimit[$key])) {
$error[] = sprintf(T_("Need both a time limit and recurrance for '%s'"), \Grase\Clean::text($name));
}
$groups[\Grase\Clean::groupName($name)] = array_filter(array('DataRecurTime' => \Grase\Clean::text($groupRecurData[$key]), 'DataRecurLimit' => clean_number($groupRecurDataLimit[$key]), 'TimeRecurTime' => @\Grase\Clean::text($groupRecurTime[$key]), 'TimeRecurLimit' => @clean_int($groupRecurTimeLimit[$key]), 'BandwidthDownLimit' => @clean_int($groupBandwidthDownLimit[$key]), 'BandwidthUpLimit' => @clean_int($groupBandwidthUpLimit[$key]), 'SimultaneousUse' => @clean_int($groupSimultaneousUse[$key]), 'LoginTime' => @$groupLoginTime[$key], 'IdleTimeout' => @clean_int($groupIdleTimeout[$key])));
$groupSettings[\Grase\Clean::groupName($name)] = array_filter(array('GroupName' => \Grase\Clean::groupName($name), 'Comment' => \Grase\Clean::text($groupComment[$key]), 'GroupLabel' => \Grase\Clean::text($name), 'Expiry' => @$groupExpiry[$key], 'ExpireAfter' => @$groupExpireAfter[$key], 'MaxMb' => @clean_number($groupDataLimit[$key]), 'MaxTime' => @clean_int($groupTimeLimit[$key])));
}
if (sizeof($error) == 0) {
// No errors. Save groups
foreach ($groupSettings as $attributes) {
$Settings->setGroup($attributes);
}
// Delete groups no longer referenced
foreach ($Settings->getGroup() as $oldgroup => $oldgroupsettings) {
if (!isset($groupSettings[$oldgroup])) {
$Settings->deleteGroup($oldgroup);
}
}
// Delete groups from radgroupreply not in groupExpiries...
// Deleting groups out of radgroupreply will modify current users
// Need to do check for any users still using group, if no user then delete
