function ajaxpreview($params) { $gCms = cmsms(); $urlext = '?' . CMS_SECURE_PARAM_NAME . '=' . $_SESSION[CMS_USER_KEY]; $config = $gCms->GetConfig(); $contentops = $gCms->GetContentOperations(); $content_type = $params['content_type']; global $contentobj; if (!is_object($contentobj)) { debug_to_log('no content object'); return; } // $contentobj = UnserializeObject($params["serialized_content"]); // if (strtolower(get_class($contentobj)) != strtolower($content_type)) // { // copycontentobj($contentobj, $content_type, $params); // } updatecontentobj($contentobj, true, $params); $tmpfname = createtmpfname($contentobj); // str_replace is because of stupid windows machines.... when will they die. $_SESSION['cms_preview'] = str_replace('\\', '/', $tmpfname); $tmpvar = substr(str_shuffle(md5($tmpfname)), -3); $url = $config["root_url"] . '/index.php?' . $config['query_var'] . "=__CMS_PREVIEW_PAGE__&r={$tmpvar}"; // temporary $objResponse = new xajaxResponse(); $objResponse->assign("previewframe", "src", $url); $objResponse->assign("serialized_content", "value", SerializeObject($contentobj)); $count = 0; foreach ($contentobj->TabNames() as $tabname) { $objResponse->script("Element.removeClassName('editab" . $count . "', 'active');Element.removeClassName('editab" . $count . "_c', 'active');\$('editab" . $count . "_c').style.display = 'none';"); $count++; } $objResponse->script("Element.addClassName('edittabpreview', 'active');Element.addClassName('edittabpreview_c', 'active');\$('edittabpreview_c').style.display = '';"); return $objResponse; }
function cms_shutdown_function() { $error = error_get_last(); if ($error['type'] == E_ERROR || $error['type'] == E_USER_ERROR) { $str = 'ERROR DETECTED: ' . $error['message'] . ' at ' . $error['file'] . ':' . $error['line']; debug_to_log($str); $db = cmsms()->GetDb(); if (is_object($db)) { // put mention into the admin log audit('', 'ERROR', $str); } } }
protected function handle_image_file($file_path, $fileobject) { parent::handle_image_file($file_path, $fileobject); // here we may do image handling, and other cruft. if (is_object($fileobject) && $fileobject->name != '') { $mod = cms_utils::get_module('FileManager'); $parms = array(); $parms['file'] = filemanager_utils::join_path(filemanager_utils::get_full_cwd(), $fileobject->name); debug_to_log('after uploaded file'); if ($mod->GetPreference('create_thumbnails')) { $thumb = cms_utils::generate_thumbnail($parms['file']); if ($thumb) { $params['thumb'] = $thumb; } } $str = $fileobject->name . ' uploaded to ' . filemanager_utils::get_full_cwd(); if (isset($params['thumb'])) { $str .= ' and a thumbnail was generated'; } audit('', $mod->GetName(), $str); $mod->SendEvent('OnFileUploaded', $parms); } }
$out->child = $rec['event_parent_id']; $out->candelete = 1; } else { if ($rec['event_recur_period'] && $rec['event_recur_period'] != 'none') { // is a parent event of a recurring event $out->title .= " (" . $this->Lang('repeats') . ')'; $out->recurs = 1; } else { $out->candelete = 1; } } //$out->start = $db->UnixTimeStamp($rec['event_date_start']); //$out->end = $db->UnixTimeStamp($rec['event_date_end']); $out->start = $rec['event_date_start']; $out->end = $rec['event_date_end']; $out->allDay = $rec['event_all_day'] ? true : false; $out->edit_url = $this->create_url($id, 'admin_add_event', $returnid, array('event_id' => $rec['event_id'])); $out->edit_url = str_replace('&', '&', $out->edit_url); $outlist[] = $out; } catch (Exception $e) { debug_to_log(__FILE__); debug_to_log($e->GetMessage()); } } debug_to_log(__FILE__); debug_to_log($outlist); $out = json_encode($outlist); debug_to_log($out); echo $out; } exit;
foreach ($gCms->errors as $globalerror) { echo $globalerror; } } else { // attempt to redirect to the originally requested page $tmp = $_SESSION["redirect_url"]; unset($_SESSION["redirect_url"]); if (strstr($tmp, CMS_SECURE_PARAM_NAME . '=') !== FALSE) { $the_url = new cms_url($tmp); $the_url->set_queryvar(CMS_SECURE_PARAM_NAME, $_SESSION[CMS_USER_KEY]); $tmp = (string) $the_url; } if (!strstr($tmp, '.php') || endswith($tmp, '/')) { // force the url to go to index.php $tmp = $config['admin_url'] . '/index.php?' . CMS_SECURE_PARAM_NAME . '=' . $_SESSION[CMS_USER_KEY]; debug_to_log('change session var to ' . $tmp); } redirect($tmp); } unset($_SESSION["redirect_url"]); } else { if (isset($config) and $config['debug'] == true) { $url = 'index.php?' . CMS_SECURE_PARAM_NAME . '=' . $_SESSION[CMS_USER_KEY]; echo "Debug is on. Redirecting disabled... Please click this link to continue.<br />"; echo "<a href=\"{$url}\">{$url}</a><br />"; foreach ($gCms->errors as $globalerror) { echo $globalerror; } } else { $homepage = get_preference($oneuser->id, 'homepage'); // quick hacks to remove old secure param name from homepage url
/** * // LOGGING FUNCTIONS */ protected function log($str) { debug_to_log($str); }
} else { $out->candelete = 1; } } $out->start = $rec['event_date_start']; $out->end = $rec['event_date_end']; $out->allDay = $rec['event_all_day'] ? true : false; $parms = array('event_id' => $rec['event_id']); $parms['display'] = 'event'; if ($eventtemplate) { $parms['eventtemplate'] = $eventtemplate; } $out->detail_url = $this->create_url('cntnt01', 'default', $detailpage, $parms); $out->detail_url = str_replace('&', '&', $out->detail_url); if ($feu_uid && $rec['event_created_by'] == $feu_uid) { $parms = array('event_id' => $rec['event_id']); if ($editeventtemplate) { $parms['editeventtemplate'] = $editeventtemplate; } $parms['return_id'] = $returnid; $out->edit_url = $this->create_url('cntnt01', 'addedit_event', $editpage, $parms); $out->edit_url = str_replace('&', '&', $out->edit_url); } $outlist[] = $out; } catch (Exception $e) { debug_to_log(__FILE__); debug_to_log($e->GetMessage()); } } } cge_utils::send_ajax_and_exit($outlist);
} // quick hack to remove old secure param name from homepage url $pos = strpos($homepage, '?_s_'); if ($pos !== FALSE) { $homepage = substr($homepage, 0, $pos); } $pos = strpos($homepage, CMS_SECURE_PARAM_NAME); if ($pos !== FALSE) { $str = substr($homepage, $pos - 1, strlen(CMS_SECURE_PARAM_NAME) + strlen($_SESSION[CMS_USER_KEY]) + 2); $rep = '?' . CMS_SECURE_PARAM_NAME . '=' . $_SESSION[CMS_USER_KEY]; $homepage = str_replace($str, $rep, $homepage); } else { $homepage .= '?' . CMS_SECURE_PARAM_NAME . '=' . $_SESSION[CMS_USER_KEY]; } $homepage = html_entity_decode($homepage); debug_to_log('redirect to homepage ' . $homepage); redirect($homepage); } } return; #redirect("index.php"); } else { if (isset($_POST['loginsubmit'])) { //No error if changing languages $error .= lang('usernameincorrect'); debug_buffer("Login failed. Error is: " . $error); Events::SendEvent('Core', 'LoginFailed', array('user' => $_POST['username'])); // put mention into the admin log $ip_login_failed = cms_utils::get_real_ip(); audit('', "Admin Username: " . $username . ' (IP: ' . $ip_login_failed . ')', 'Login Failed'); #Now call the event
try { $event_id = (int) cge_utils::get_param($params, 'event_id'); $delete_children = (int) cge_utils::get_param($params, 'delete_children', 0); // get the event (make sure it's valid, and we have permission to delete it, AND that it is not a parent) $query = 'SELECT * FROM ' . $this->events_table_name . ' WHERE event_id = ?'; $parms = array($event_id); if (!is_null($userid)) { $query .= ' AND event_created_by = ?'; $parms[] = $userid; } $event = $db->GetRow($query, array($event_id)); if (!$event) { throw new Exception($this->Lang('error_eventnotfound')); } if (!$delete_children) { // now make sure it's not a parent (don't wanna leave orphaned events lying around) $query = 'SELECT event_id FROM ' . $this->events_table_name . ' WHERE event_parent_id = ?'; $tmp = $db->GetOne($query, array($event_id)); if ($tmp > 0) { throw new Exception($this->Lang('error_deleteparentevent')); } } // woot, we can delete the thing. cgcalendar_utils::delete_event($event_id); $result->status = 1; } catch (Exception $e) { $result->msg = $e->GetMessage(); debug_to_log('admin_ajax_deleteevent err ' . $e->GetMessage()); } echo json_encode($result); exit;
$oneurl = cms_join_path($config['root_path'], $oneurl); } else { $oneurl = $tmpurl; } } } if (!file_exists($oneurl)) { debug_to_log("file not found url: {$origurl} - file:{$oneurl}"); continue; } $contents = file_get_contents($oneurl); if (!$contents) { debug_to_log('unable to read: ' . $oneurl); continue; } debug_to_log('converted: ' . $origurl . ' to ' . $oneurl); $encoded = base64_encode($contents); $output .= " <reference>\n"; $output .= " <refname>" . basename($oneurl) . "</refname>\n"; $output .= " <refencoded>1</refencoded>\n"; $output .= " <reflocation>{$oneurl}</reflocation>\n"; $output .= " <refdata><![CDATA[" . $encoded . "]]></refdata>\n"; $output .= " </reference>\n"; } $smarty->left_delimiter = '{'; $smarty->right_delimiter = '}'; // and the theme tail $output .= "</theme>\n"; // and spit it out header('Content-Description: File Transfer'); header('Content-Type: application/force-download');
if (!$ct) { $ct = 'text/html'; } header("Content-Type: {$ct}; charset=" . get_encoding()); echo $html; @ob_flush(); $endtime = microtime(); $db =& cmsms()->GetDb(); $memory = function_exists('memory_get_usage') ? memory_get_usage() : 0; $memory = $memory - $orig_memory; $memory_peak = function_exists('memory_get_peak_usage') ? memory_get_peak_usage() : 0; if (!is_sitedown() && $config["debug"] == true) { echo "<p>Generated in " . microtime_diff($starttime, $endtime) . " seconds by CMS Made Simple using " . (isset($db->query_count) ? $db->query_count : '') . " SQL queries and {$memory} bytes of memory (peak memory usage was {$memory_peak})</p>"; } else { if (isset($config['show_performance_info']) && $showtemplate == true) { debug_to_log('performance info: ' . microtime_diff($starttime, $endtime) . " / " . (isset($db->query_count) ? $db->query_count : '') . " / {$memory} / {$memory_peak}"); echo "<!-- " . microtime_diff($starttime, $endtime) . " / " . (isset($db->query_count) ? $db->query_count : '') . " / {$memory} / {$memory_peak} -->\n"; } } if (is_sitedown() || $config['debug'] == true) { $smarty->clear_compiled_tpl(); #$smarty->clear_all_cache(); } if (!is_sitedown() && $config["debug"] == true) { #$db->LogSQL(false); // turn off logging # output summary of SQL logging results #$perf = NewPerfMonitor($db); #echo $perf->SuspiciousSQL(); #echo $perf->ExpensiveSQL(); #echo $sql_queries; foreach ($gCms->errors as $error) {
if ($event['event_date_end']) { $event['event_date_end'] = $db->UnixTimeStamp($event['event_date_end']) + $tdiff; } } else { $event['event_date_start'] = $db->UnixTimeStamp($event['event_date_start']); if ($tdiff < 0) { $event['event_date_start'] += $tdiff; } else { // if there is no end date yet. // we have to create one. $event['event_date_end'] = $db->UnixTimeStamp($event['event_date_end']); if ($event['event_date_end'] == 0) { $event['event_date_end'] = $event['event_date_start'] + 15 * 60; } // fifteen minutes if there is no end time. $event['event_date_end'] += $tdiff; } } $event['event_all_day'] = $allDay; debug_to_log('start date ' . strftime('%x %X', $event['event_date_start'])); debug_to_log('end date ' . strftime('%x %X', $event['event_date_end'])); // and save the thing. $query = 'UPDATE ' . $this->events_table_name . ' SET event_date_start = FROM_UNIXTIME(?), event_date_end = FROM_UNIXTIME(?), event_all_day = ?, event_modified_date = NOW() WHERE event_id = ?'; $db->Execute($query, array($event['event_date_start'], $event['event_date_end'], $event['event_all_day'], $event['event_id'])); $result->status = 1; } catch (Exception $e) { $result->msg = $this->GetMessage(); } echo json_encode($result); exit;