function log_to_db($db)
{
$ERROR_MSG = "usage logger.php?s=subject&p=predicate&v=value&k=key";
// #1 - grab values from query string
$subject = array_key_exists('s', $_GET) ? sanitize_string($_GET['s']) : die($ERROR_MSG);
$predicate = array_key_exists('p', $_GET) ? sanitize_string($_GET['p']) : die($ERROR_MSG);
$value = array_key_exists('v', $_GET) ? sanitize_string($_GET['v']) : die($ERROR_MSG);
$key = array_key_exists('k', $_GET) ? sanitize_string($_GET['k']) : die($ERROR_MSG);
$timestamp = time();
// #2 - Check to see if user is authorized
// if they are, we should get one match from the table
$queryString = "SELECT * FROM AuthKey WHERE username = '******' AND key='{$key}'";
// log the query string for debugging purposes
echo "\$queryString={$queryString}<br>";
$result = $db->query($queryString);
$numRows = count($result->fetchAll());
// #3 - no match? Exit program!
if ($numRows == 0) {
die("Bad username or key!");
}
// #4 - INSERT values into Triple table
$queryString = "INSERT INTO Triple (id, subject, predicate, value, timestamp) VALUES (NULL, '{$subject}', '{$predicate}', '{$value}', '{$timestamp}')";
// log the query string for debugging purposes
echo "\$queryString={$queryString}<br>";
$result = $db->query($queryString);
}
/**
* {@inheritDoc}
*/
public function destroy($session_id)
{
global $CONFIG;
$id = sanitize_string($session_id);
$query = "DELETE FROM {$CONFIG->dbprefix}users_sessions WHERE session='{$id}'";
return (bool) $this->db->deleteData($query);
}
/**
* Check if a invitation code results in a group
*
* @param string $invite_code the invite code
* @param int $group_guid (optional) the group to check
*
* @return false|ElggGroup
*/
function group_tools_check_group_email_invitation($invite_code, $group_guid = 0)
{
if (empty($invite_code)) {
return false;
}
$group_guid = sanitize_int($group_guid, false);
// note not using elgg_get_entities_from_annotations
// due to performance issues with LIKE wildcard search
// prefetch metastring ids for use in lighter joins instead
$name_id = elgg_get_metastring_id('email_invitation');
$code_id = elgg_get_metastring_id($invite_code);
$sanitized_invite_code = sanitize_string($invite_code);
$options = ['limit' => 1, 'wheres' => ["n_table.name_id = {$name_id} AND (n_table.value_id = {$code_id} OR v.string LIKE '{$sanitized_invite_code}|%')"]];
if (!empty($group_guid)) {
$options['annotation_owner_guids'] = [$group_guid];
}
// find hidden groups
$ia = elgg_set_ignore_access(true);
$annotations = elgg_get_annotations($options);
if (empty($annotations)) {
// restore access
elgg_set_ignore_access($ia);
return false;
}
$group = $annotations[0]->getEntity();
if ($group instanceof ElggGroup) {
// restore access
elgg_set_ignore_access($ia);
return $group;
}
// restore access
elgg_set_ignore_access($ia);
return false;
}
/**
* Clean up operations on calendar delete
*
* @param string $event "delete"
* @param string $type "object"
* @param ElggEntity $entity Entity being deleted
*/
function delete_event_handler($event, $type, $entity)
{
if ($entity instanceof Calendar) {
// Do not allow users to delete publi calendars
if ($entity->isPublicCalendar() && !elgg_is_admin_logged_in()) {
register_error(elgg_echo('events:error:public_calendar_delete'));
return false;
}
// Move all orphaned events to the public calendar
$owner = $entity->getContainerEntity();
$public_calendar = Calendar::getPublicCalendar($owner);
if (!$public_calendar) {
register_error(elgg_echo('events:error:no_public_for_orphans'));
return false;
}
$dbprefix = elgg_get_config('dbprefix');
$relationship_name = sanitize_string(Calendar::EVENT_CALENDAR_RELATIONSHIP);
$calendar_subtype_id = (int) get_subtype_id('object', Calendar::SUBTYPE);
// Get all events that do not appear on container's other calendars
$events = new ElggBatch('elgg_get_entities_from_relationship', array('types' => 'object', 'subtypes' => Event::SUBTYPE, 'relationship' => Calendar::EVENT_CALENDAR_RELATIONSHIP, 'relationship_guid' => $entity->guid, 'inverse_relationship' => true, 'limit' => 0, 'wheres' => array("NOT EXISTS(SELECT * FROM {$dbprefix}entity_relationships er2\n\t\t\t\t\tJOIN {$dbprefix}entities e2 ON er2.guid_two = e2.guid\n\t\t\t\t\tWHERE er2.relationship = '{$relationship_name}'\n\t\t\t\t\t\tAND er2.guid_one = e.guid\n\t\t\t\t\t\tAND er2.guid_two != {$entity->guid}\n\t\t\t\t\t\tAND e2.container_guid = {$entity->container_guid}\n\t\t\t\t\t\tAND e2.type = 'object' AND e2.subtype = {$calendar_subtype_id})")));
foreach ($events as $event) {
/* @var Event $event */
$public_calendar->addEvent($event);
}
}
return true;
}
/**
* Check if a invitation code results in a group
*
* @param string $invite_code the invite code
* @param int $group_guid (optional) the group to check
*
* @return boolean|ElggGroup a group for the invitation or false
*/
function group_tools_check_group_email_invitation($invite_code, $group_guid = 0)
{
$result = false;
if (!empty($invite_code)) {
// note not using elgg_get_entities_from_annotations
// due to performance issues with LIKE wildcard search
// prefetch metastring ids for use in lighter joins instead
$name_id = add_metastring('email_invitation');
$code_id = add_metastring($invite_code);
$sanitized_invite_code = sanitize_string($invite_code);
$options = array('limit' => 1, 'wheres' => array("n_table.name_id = {$name_id} AND (n_table.value_id = {$code_id} OR v.string LIKE '{$sanitized_invite_code}|%')"));
if (!empty($group_guid)) {
$options["annotation_owner_guids"] = array($group_guid);
}
$annotations = elgg_get_annotations($options);
if (!$annotations) {
return $result;
}
// find hidden groups
$ia = elgg_set_ignore_access(true);
$group = $annotations[0]->getEntity();
if ($group) {
$result = $group;
}
// restore access
elgg_set_ignore_access($ia);
}
return $result;
}
/**
* Get access collection by its name from database
*
* @param string $name Collection name
* @return stdClass
*/
public function getCollectionIdByName($name)
{
$name = sanitize_string($name);
$query = "SELECT * FROM {$this->dbprefix}access_collections\n\t\t\t\t\tWHERE name = '{$name}'";
$collection = get_data_row($query);
return $collection ? $collection->id : 0;
}
protected function getOptions()
{
$options = parent::getOptions();
if ($this->banned === true) {
$options['wheres'][] = "u.banned = 'yes'";
} elseif ($this->banned === false) {
$options['wheres'][] = "u.banned = 'no'";
}
if ($this->admin === true) {
$options['wheres'][] = "u.admin = 'yes'";
} elseif ($this->admin === false) {
$options['wheres'][] = "u.admin = 'no'";
}
if ($this->search) {
$q = sanitize_string($this->search);
$where = "u.name LIKE \"%{$q}%\" OR u.username LIKE \"%{$q}%\"";
if (\elgg_is_admin_logged_in()) {
$where .= " u.email LIKE \"%{$q}%\"";
}
$options['wheres'][] = "({$where})";
}
/*
* "Unvalidated" means metadata of validated is not set or not truthy.
* We can't use elgg_get_entities_from_metadata() because you can't say
* "where the entity has metadata set OR it's not equal to 1".
*/
if ($this->validated === false) {
$validated_id = \elgg_get_metastring_id('validated');
$one_id = \elgg_get_metastring_id('1');
$options['wheres'][] = "NOT EXISTS (\n\t\t\t\tSELECT 1 FROM {$this->getDB()->getPrefix()}metadata validated_md\n\t\t\t\tWHERE validated_md.entity_guid = e.guid\n\t\t\t\t\tAND validated_md.name_id = {$validated_id}\n\t\t\t\t\tAND validated_md.value_id = {$one_id})";
}
return $options;
}
function log_to_db($db)
{
$ERROR_MSG = "usage logger.php?u=user&n=name&t=startTime&a=address&e=email&la=latitude&ln=longitude&k=key";
//Grab the values from the original query string
$user = array_key_exists('u', $_GET) ? sanitize_string($_GET['u']) : die($ERROR_MSG);
$name = array_key_exists('n', $_GET) ? sanitize_string($_GET['n']) : die($ERROR_MSG);
$startTime = array_key_exists('t', $_GET) ? sanitize_string($_GET['t']) : die($ERROR_MSG);
$address = array_key_exists('a', $_GET) ? sanitize_string($_GET['a']) : die($ERROR_MSG);
$email = array_key_exists('e', $_GET) ? sanitize_string($_GET['e']) : die($ERROR_MSG);
$latitude = array_key_exists('la', $_GET) ? sanitize_string($_GET['la']) : die($ERROR_MSG);
$longitude = array_key_exists('ln', $_GET) ? sanitize_string($_GET['ln']) : die($ERROR_MSG);
$key = array_key_exists('k', $_GET) ? sanitize_string($_GET['k']) : die($ERROR_MSG);
//authenticate the user
$queryString = "SELECT * FROM AuthKey WHERE username = '******' AND password='******'";
echo "\$queryString={$queryString}<br>";
$result = $db->query($queryString);
$numRows = count($result->fetchAll());
echo $numRows;
// #3 - no match? Exit program!
if ($numRows == 0) {
die("Bad username or key!");
}
echo "user is correct";
//insert data into the table!
$queryString = "INSERT INTO Events (ID, EventName, Location, Emails, DateTime, Creator, Lat, Long, Reminder) VALUES (NULL, '{$name}', '{$address}', '{$email}', '{$startTime}', '{$email}', '{$latitude}', '{$longitude}', 'False')";
echo "\$queryString={$queryString}<br>";
$result = $db->query($queryString);
echo "did a thing";
}
/**
* Callback function for token input search
*
* @param string $term Search term
* @param array $options Options
* @return array
*/
public function search($term, $options = array())
{
$term = sanitize_string($term);
$query = str_replace(array('_', '%'), array('\\_', '\\%'), $term);
$options['metadata_names'] = array('location', 'temp_location');
$options['group_by'] = "v.string";
$options['wheres'] = array("v.string LIKE '%{$query}%'");
return elgg_get_metadata($options);
}
function getArguments($request)
{
// Override if request arguments are not proper
$arguments = array();
// Defaults for below
$arguments['limit'] = 50;
if (array_key_exists('limit', $request)) {
$limit = sanitize_numeric($request['limit']);
// Ignore if it doesn't seem numeric
if (is_numeric($limit)) {
$arguments['limit'] = max(min($limit, 50), 1);
}
}
$arguments['maxdistance'] = 10000;
if (array_key_exists('maxdistance', $request)) {
$maxdistance = sanitize_numeric($request['maxdistance']);
if (is_numeric($maxdistance)) {
// We expect miles from user, convert to meters here for API
$arguments['maxdistance'] = max(min($maxdistance * 1609.344, 50000), 1000);
}
}
$arguments['minprice'] = null;
if (array_key_exists('minprice', $request)) {
$minprice = sanitize_numeric($request['minprice']);
if (is_numeric($minprice)) {
$arguments['minprice'] = max(min($minprice, 4), 0);
}
}
$arguments['maxprice'] = null;
if (array_key_exists('maxprice', $request)) {
$maxprice = sanitize_numeric($request['maxprice']);
if (is_numeric($maxprice)) {
$arguments['maxprice'] = max(min($maxprice, 4), 0);
}
}
// No defaults for below
if (array_key_exists('zip', $request)) {
$zip = sanitize_numeric($request['zip']);
if (is_numeric($zip)) {
// Remove leading zeros
$arguments['zip'] = ltrim($zip, "0");
}
}
if (array_key_exists('latitude', $request) && array_key_exists('longitude', $_REQUEST)) {
$latitude = sanitize_numeric($request['latitude']);
$longitude = sanitize_numeric($request['longitude']);
if (is_numeric($latitude) && is_numeric($longitude)) {
$arguments['latitude'] = $latitude;
$arguments['longitude'] = $longitude;
}
}
if (array_key_exists('pagetoken', $request)) {
$pagetoken = sanitize_string($request['pagetoken']);
$arguments['pagetoken'] = $pagetoken;
}
return $arguments;
}
protected function renderTable($limit, $offset = 0)
{
static $count;
static $iterator;
$options = ['query' => sanitize_string($this->option('keyword')), 'guids' => $this->option('guid') ?: ELGG_ENTITIES_ANY_VALUE, 'types' => $this->option('type') ?: 'object', 'subtypes' => $this->option('subtype') ?: ELGG_ENTITIES_ANY_VALUE, 'limit' => $limit, 'offset' => (int) $offset, 'order_by' => 'e.guid ASC'];
if ($this->option('keyword')) {
$results = elgg_trigger_plugin_hook('search', $this->option('type') ?: 'object', $options, []);
$count = $results['count'];
$batch = $results['entities'];
} else {
$options['count'] = true;
if (!$count) {
$count = elgg_get_entities($options);
}
unset($options['count']);
$batch = new ElggBatch('elgg_get_entities', $options);
}
if (!$count) {
$this->write('<comment>No entities to display</comment>');
return;
}
$headers = ['#', 'GUID', 'Type', 'Title/name', 'Description', 'Owner', 'Container', 'Access'];
if ($this->option('full-view')) {
$headers[] = 'Metadata';
}
$table = new Table($this->output);
$table->setHeaders($headers);
foreach ($batch as $entity) {
/* @var $entity \ElggEntity */
$row = [$iterator, $entity->guid, ($subtype = $entity->getSubtype()) ? elgg_echo("item:{$entity->type}:{$subtype}") : elgg_echo("item:{$entity->type}"), elgg_get_excerpt($entity->getDisplayName(), 25), elgg_get_excerpt($entity->description, 25), ($owner = $entity->getOwnerEntity()) ? '[' . $owner->guid . '] ' . elgg_get_excerpt($owner->getDisplayName(), 25) : '', ($container = $entity->getContainerEntity()) ? '[' . $container->guid . '] ' . elgg_get_excerpt($container->getDisplayName(), 25) : '', '[' . $entity->access_id . '] ' . elgg_get_excerpt(get_readable_access_level($entity->access_id), 25)];
if ($this->option('full-view')) {
$metadata = new \ElggBatch('elgg_get_metadata', ['guids' => $entity->guid, 'limit' => 0]);
$metatable = [];
foreach ($metadata as $md) {
$name = $md->name;
$values = (array) $md->value;
foreach ($values as $value) {
$metatable[] = "{$name}: {$value}";
}
}
$row[] = implode("\n", $metatable);
}
$table->addRow($row);
$table->addRow(new TableSeparator());
$iterator++;
}
$table->render();
if ($count > $limit + $offset) {
$helper = $this->getHelper('question');
$question = new ConfirmationQuestion('Load next batch [y,n]?', true);
if (!$helper->ask($this->input, $this->output, $question)) {
return;
}
$this->renderTable($limit, $limit + $offset);
}
}
/**
* Loads a token from the DB
*
* @param string $token Token
* @return UserToken|false
*/
public static function load($token)
{
$dbprefix = elgg_get_config('dbprefix');
$token = sanitize_string($token);
$row = get_data_row("SELECT * FROM {$dbprefix}users_apisessions WHERE token='{$token}'");
if (!$row) {
return false;
}
return new UserToken($row);
}
/**
* Constructor
* @param array $policy An array of policy clauses
*/
public function __construct(array $policy = array())
{
$this->dbprefix = elgg_get_config('dbprefix');
$policy = $this->normalizePolicy($policy);
$this->setSenderType($policy['sender']);
$this->setRecipientType($policy['recipient']);
$this->relationship = sanitize_string($policy['relationship']);
$this->inverse_relationship = (bool) $policy['inverse_relationship'];
$this->group_relationship = sanitize_string($policy['group_relationship']);
}
/**
* Sanitize message body and make it a safe HTML string.
*
* @param array $msg Message object
* @return array Message object with sanitized body.
*/
function sanitize_message($msg)
{
$message_body = $msg['message'];
// Messages entered by user or operator cannot contain any markup
if ($msg['kind'] == Thread::KIND_USER || $msg['kind'] == Thread::KIND_AGENT) {
$message_body = safe_htmlspecialchars($message_body);
}
$msg['message'] = sanitize_string($message_body, 'low', 'moderate');
return $msg;
}
function tokeninput_search($query, $options = array())
{
$query = sanitize_string($query);
// replace mysql vars with escaped strings
$q = str_replace(array('_', '%'), array('\\_', '\\%'), $query);
$dbprefix = elgg_get_config('dbprefix');
$options['types'] = array('user', 'group');
$options['joins'] = array("LEFT JOIN {$dbprefix}users_entity ue ON ue.guid = e.guid", "LEFT JOIN {$dbprefix}groups_entity ge ON ge.guid = e.guid");
$options['wheres'] = array("(ue.name LIKE '%{$q}%' OR ue.username LIKE '%{$q}%' OR ge.name LIKE '%{$q}%')");
return elgg_get_entities($options);
}
/**
* Prepares batch options
*
* @param array $options ege* options
* @return array
*/
protected function prepareBatchOptions(array $options = array())
{
if (!in_array($this->getter, array('elgg_get_entities', 'elgg_get_entities_from_metadata', 'elgg_get_entities_from_relationship'))) {
return $options;
}
$sort = elgg_extract('sort', $options);
unset($options['sort']);
if (!is_array($sort)) {
$sort = array('time_created' => 'DESC');
}
$dbprefix = elgg_get_config('dbprefix');
$order_by = array();
foreach ($sort as $field => $direction) {
$field = sanitize_string($field);
$direction = strtoupper(sanitize_string($direction));
if (!in_array($direction, array('ASC', 'DESC'))) {
$direction = 'ASC';
}
switch ($field) {
case 'alpha':
if (elgg_extract('types', $options) == 'user') {
$options['joins']['ue'] = "JOIN {$dbprefix}users_entity ue ON ue.guid = e.guid";
$order_by[] = "ue.name {$direction}";
} else {
if (elgg_extract('types', $options) == 'group') {
$options['joins']['ge'] = "JOIN {$dbprefix}groups_entity ge ON ge.guid = e.guid";
$order_by[] = "ge.name {$direction}";
} else {
if (elgg_extract('types', $options) == 'object') {
$options['joins']['oe'] = "JOIN {$dbprefix}objects_entity oe ON oe.guid = e.guid";
$order_by[] = "oe.title {$direction}";
}
}
}
break;
case 'type':
case 'subtype':
case 'guid':
case 'owner_guid':
case 'container_guid':
case 'site_guid':
case 'enabled':
case 'time_created':
case 'time_updated':
case 'last_action':
case 'access_id':
$order_by[] = "e.{$field} {$direction}";
break;
}
}
$options['order_by'] = implode(',', $order_by);
return $options;
}
function sanitize($input_string, $sanitize_level = 3)
{
if (is_array($input_string)) {
foreach ($input_string as $output_key => $output_value) {
$output_string[$output_key] = sanitize_string($output_value, $sanitize_level);
}
unset($output_key, $output_value);
} else {
$output_string = sanitize_string($input_string, $sanitize_level);
}
return $output_string;
}
function add_nurse_control()
{
if (filter_input(INPUT_GET, 'nurse_id') && filter_input(INPUT_GET, 'fname') && filter_input(INPUT_GET, 'sname') && filter_input(INPUT_GET, 'zone') && filter_input(INPUT_GET, 'phone') && filter_input(INPUT_GET, 'gender')) {
$obj = get_nurse_model();
$nurse_id = sanitize_string(filter_input(INPUT_GET, 'nurse_id'));
$fname = sanitize_string(filter_input(INPUT_GET, 'fname'));
$sname = sanitize_string(filter_input(INPUT_GET, 'sname'));
$district_zone = sanitize_string(filter_input(INPUT_GET, 'zone'));
$phone = sanitize_string(filter_input(INPUT_GET, 'phone'));
$gender = sanitize_string(filter_input(INPUT_GET, 'gender'));
if ($obj->add_nurses($nurse_id, $fname, $sname, $district_zone, $phone, $gender)) {
echo '{"result":1,"message": "nurse added successfully"}';
} else {
echo '{"result":0,"message": "unable to add nurse"}';
}
}
}
/**
* Set session geopositioning
* Cache geocode along the way
*
* @param string $location
* @param float $latitude
* @param float $longitude
* @return void
*/
function set_geopositioning($location = '', $latitude = 0, $longitude = 0)
{
$location = sanitize_string($location);
$lat = (double) $latitude;
$long = (double) $longitude;
$latlong = elgg_geocode_location($location);
if ($latlong) {
$latitude = elgg_extract('lat', $latlong);
$longitude = elgg_extract('long', $latlong);
} else {
if ($location && $latitude && $longitude) {
$dbprefix = elgg_get_config('dbprefix');
$query = "INSERT INTO {$dbprefix}geocode_cache\n\t\t\t\t(location, lat, `long`) VALUES ('{$location}', '{$lat}', '{$long}')\n\t\t\t\tON DUPLICATE KEY UPDATE lat='{$lat}', `long`='{$long}'";
insert_data($query);
}
}
$_SESSION['geopositioning'] = array('location' => $location, 'latitude' => (double) $latitude, 'longitude' => (double) $longitude);
}
/**
* {@inheritdoc}
*/
public function handle(ElggEntity $entity)
{
$value = get_input($this->getShortname());
$value = strip_tags($value);
// update access collection name if group name changes
if ($entity->guid && $value != $entity->name) {
$entity_name = html_entity_decode($value, ENT_QUOTES, 'UTF-8');
$ac_name = sanitize_string(elgg_echo('groups:group') . ": " . $entity_name);
$acl = get_access_collection($entity->group_acl);
if ($acl) {
$db_prefix = elgg_get_config('dbprefix');
$query = "UPDATE {$db_prefix}access_collections SET name = '{$ac_name}'\n\t\t\t\tWHERE id = {$entity->group_acl}";
update_data($query);
}
}
$entity->name = $value;
return $entity;
}
/**
* Custom clauses for forum ordering
*/
function hj_forum_order_by_clauses($hook, $type, $options, $params)
{
$order_by = $params['order_by'];
$direction = $params['direction'];
list($prefix, $column) = explode('.', $order_by);
if (!$prefix || !$column) {
return $options;
}
if ($prefix !== 'forum') {
return $options;
}
$prefix = sanitize_string($prefix);
$column = sanitize_string($column);
$direction = sanitize_string($direction);
$dbprefix = elgg_get_config('dbprefix');
$order_by_prev = elgg_extract('order_by', $options, false);
switch ($column) {
case 'topics':
$options = hj_framework_get_order_by_descendant_count_clauses(array('hjforum', 'hjforumtopic'), $direction, $options);
break;
case 'posts':
$options = hj_framework_get_order_by_descendant_count_clauses(array('hjforumpost'), $direction, $options);
break;
case 'author':
$options['joins'][] = "JOIN {$dbprefix}users_entity ue ON ue.guid = e.owner_guid";
$options['order_by'] = "ue.name {$direction}";
break;
case 'sticky':
$subtype_ids = implode(',', array(get_subtype_id('object', 'hjforum'), get_subtype_id('object', 'hjforumtopic')));
$options['selects'][] = "SUM(stickymsv.string) stickyval";
$options['joins'][] = "JOIN {$dbprefix}metadata stickymd ON e.guid = stickymd.entity_guid";
$options['joins'][] = "JOIN {$dbprefix}metastrings stickymsn ON (stickymsn.string = 'sticky')";
$options['joins'][] = "LEFT JOIN {$dbprefix}metastrings stickymsv ON (stickymd.name_id = stickymsn.id AND stickymd.value_id = stickymsv.id)";
$options['group_by'] = 'e.guid';
$options['order_by'] = "FIELD(e.subtype, {$subtype_ids}), ISNULL(SUM(stickymsv.string)), SUM(stickymsv.string) = 0, SUM(stickymsv.string) {$direction}, e.time_created DESC";
break;
}
if ($order_by_prev) {
$options['order_by'] = "{$order_by_prev}, {$options['order_by']}";
}
return $options;
}
public function create()
{
if (isConnectMySql()) {
// creation de la personne
$sqlPersonne = 'INSERT INTO projetGL_personne(nom, prenom, adresse, telephone, mail) VALUES (\'' . sanitize_string($this->_personne->getNom()) . '\', \'' . sanitize_string($this->_personne->getPrenom()) . '\', \'' . sanitize_string($this->_personne->getAdresse()) . '\', \'' . sanitize_string($this->_personne->getTelephone()) . '\', \'' . sanitize_string($this->_personne->getMail()) . '\');';
if ($_SESSION["link"]->query($sqlPersonne) === true) {
// creer le contact liée à la personne creer
$persId = $_SESSION["link"]->insert_id;
$sqlContact = 'INSERT INTO projetGL_contact(client, personne, etat) VALUES (' . $this->_client . ', ' . $persId . ', 1);';
if ($_SESSION["link"]->query($sqlContact) === true) {
return $persId;
} else {
return 0;
}
} else {
return 0;
}
} else {
return 0;
}
}
function edit()
{
$userid = abs((int) $this->uri->segment(4));
if (!empty($userid)) {
$this->form_validation->set_rules('userid', 'Username', 'required');
$this->form_validation->set_rules('nama', 'Nama', 'required');
$this->form_validation->set_rules('jabid', 'Jabatan', 'required');
if ($this->form_validation->run() == FALSE) {
$this->data['user'] = $this->admin->get_user($userid);
$this->data['title'] = 'Edit Data Pengguna';
$this->data['template'] = 'user/edit';
$this->load->view('backend/index', $this->data);
} else {
$posts = $this->input->post();
foreach ($posts as $key => $val) {
if ($key != 'passwd' && $key != 'passwd2' && $key != 'id') {
$data[$key] = sanitize_string($val);
}
}
$this->admin->update_user($data, $this->input->post('id'));
$this->session->set_flashdata('message_type', 'success');
$this->session->set_flashdata('message', 'Data berhasil diperbaharui');
if ($this->input->post('passwd') && $this->input->post('passwd') != '' && $this->input->post('passwd2') && $this->input->post('passwd2') != '') {
if ($this->input->post('passwd') == $this->input->post('passwd')) {
$datapasswd = array('passwd' => md5(sanitize_string($this->input->post('passwd'))));
$this->admin->update_user($datapasswd, $this->input->post('id'));
$this->session->set_flashdata('message_type', 'success');
$this->session->set_flashdata('message', 'Data berhasil diperbaharui');
} else {
$this->session->set_flashdata('message_type', 'error');
$this->session->set_flashdata('message', 'Password tidak valid');
}
}
redirect('backend/user');
}
} else {
redirect('backend');
}
}
/**
* Log a system event related to a specific object.
*
* This is called by the event system and should not be called directly.
*
* @param object $object The object you're talking about.
* @param string $event The event being logged
* @return void
*/
function system_log($object, $event)
{
global $CONFIG;
static $log_cache;
static $cache_size = 0;
if ($object instanceof Loggable) {
/* @var ElggEntity|ElggExtender $object */
if (datalist_get('version') < 2012012000) {
// this is a site that doesn't have the ip_address column yet
return;
}
// reset cache if it has grown too large
if (!is_array($log_cache) || $cache_size > 500) {
$log_cache = array();
$cache_size = 0;
}
// Has loggable interface, extract the necessary information and store
$object_id = (int) $object->getSystemLogID();
$object_class = get_class($object);
$object_type = $object->getType();
$object_subtype = $object->getSubtype();
$event = sanitise_string($event);
$time = time();
$ip_address = sanitize_string(_elgg_services()->request->getClientIp());
if (!$ip_address) {
$ip_address = '0.0.0.0';
}
$performed_by = elgg_get_logged_in_user_guid();
if (isset($object->access_id)) {
$access_id = $object->access_id;
} else {
$access_id = ACCESS_PUBLIC;
}
if (isset($object->enabled)) {
$enabled = $object->enabled;
} else {
$enabled = 'yes';
}
if (isset($object->owner_guid)) {
$owner_guid = $object->owner_guid;
} else {
$owner_guid = 0;
}
// Create log if we haven't already created it
if (!isset($log_cache[$time][$object_id][$event])) {
$query = "INSERT DELAYED into {$CONFIG->dbprefix}system_log\n\t\t\t\t(object_id, object_class, object_type, object_subtype, event,\n\t\t\t\tperformed_by_guid, owner_guid, access_id, enabled, time_created, ip_address)\n\t\t\tVALUES\n\t\t\t\t('{$object_id}','{$object_class}','{$object_type}', '{$object_subtype}', '{$event}',\n\t\t\t\t{$performed_by}, {$owner_guid}, {$access_id}, '{$enabled}', '{$time}', '{$ip_address}')";
insert_data($query);
$log_cache[$time][$object_id][$event] = true;
$cache_size += 1;
}
}
}
$error = $obj->validate();
if ($_POST['content'] == '') {
$error .= "Please Enter Content" . '<br>';
}
if ($_POST['content'] != '') {
$sel_projectupdateno = mysql_fetch_assoc($con->recordselect("SELECT count(*) as total FROM projectupdate WHERE projectId='" . $_GET['projectId'] . "'"));
$num_of_rows = $sel_projectupdateno['total'] + 1;
$currentTime = time();
$textcontent = unsanitize_string($content);
//$textcontent= trim(strip_tags($content));
//echo 'abc'.$updateTitle;exit;
//echo 'aaaa'.$updateTitle;exit;
//echo "UPDATE projectupdate SET updateTitle='".sanitize_string($updateTitle)."' AND updateDescription='".$textcontent."' WHERE projectupdateId='".$_GET['projectId']."'";exit;
$con->update("UPDATE projectupdate SET updateDescription='' WHERE projectupdateId='" . $_GET['projectId'] . "'");
$con->update("UPDATE projectupdate SET updateDescription='" . addslashes($content) . "' WHERE projectupdateId='" . $_GET['projectId'] . "'");
$con->update("UPDATE projectupdate SET updateTitle='" . sanitize_string($updateTitle) . "' WHERE projectupdateId='" . $_GET['projectId'] . "'");
$sel_project_id = mysql_fetch_assoc($con->recordselect("SELECT * FROM projectupdate WHERE projectupdateId='" . $_GET['projectId'] . "'"));
$sel_project_name = mysql_fetch_assoc($con->recordselect("SELECT * FROM projectbasics WHERE projectId='" . $sel_project_id['projectId'] . "'"));
$sel_project_detail = $con->recordselect("SELECT * FROM `projectbacking` WHERE projectId='" . $sel_project_id['projectId'] . "' GROUP BY `userId`");
while ($sel_project_backers = mysql_fetch_assoc($sel_project_detail)) {
$sel_project_backer_user = mysql_fetch_assoc($con->recordselect("SELECT * FROM users WHERE userId='" . $sel_project_backers['userId'] . "'"));
if ($sel_project_backer_user['updatesNotifyBackedProject'] == 1) {
$artical = "";
//tableborder { border: 1px solid #CCCCCC; }
$artical = "<html><head><style>.body{font-family:Arial, Helvetica, sans-serif; font-size:12px; }\n\t\t\t.mtext {font-family: Arial, Helvetica, sans-serif;font-size: 12px;color: #333333;text-decoration: none;}\n\t\t\ta { font-family: Arial, Helvetica, sans-serif;font-size: 12px;color: #A11B1B;font-weight: normal;text-decoration: underline;}\n\t\t\ta:hover {font-family: Arial, Helvetica, sans-serif;font-size: 12px;font-weight: normal;color: #A11B1B;text-decoration: none;}\n\t\t\t</style></head>";
$artical .= "<body><strong>Hello " . $sel_project_backer_user['name'] . ", </strong><br />";
$artical .= "<br /><table width='100%' cellspacing='0' cellpadding='0' class='tableborder' align='left'>";
/*$artical.="<tr><td height='80' style='border-bottom:solid 1px #f2f2f2; padding:5px; background-color: #999999;' valign='middle'><img src='".SITE_IMG."logo_fundraiser.png' /></td>
</tr>";*/
$artical .= "<tr><td colspan='2'>Updates on <b>" . $sel_project_name['projectTitle'] . " Edited: </b> " . "</td></tr>";
$artical .= "<tr><td colspan='2'>Update #" . $num_of_rows . " " . unsanitize_string($_POST['updateTitle']) . "</td></tr>";
/**
* Removes all relationships originating from a particular entity
*
* @param int $guid GUID of the subject or target entity (see $inverse)
* @param string $relationship Type of the relationship (optional, default is all relationships)
* @param bool $inverse_relationship Is $guid the target of the deleted relationships? By default, $guid is the
* subject of the relationships.
* @param string $type The type of entity related to $guid (defaults to all)
*
* @return true
*/
function remove_entity_relationships($guid, $relationship = "", $inverse_relationship = false, $type = '')
{
global $CONFIG;
$guid = (int) $guid;
if (!empty($relationship)) {
$relationship = sanitize_string($relationship);
$where = "AND er.relationship = '{$relationship}'";
} else {
$where = "";
}
if (!empty($type)) {
$type = sanitize_string($type);
if (!$inverse_relationship) {
$join = "JOIN {$CONFIG->dbprefix}entities e ON e.guid = er.guid_two";
} else {
$join = "JOIN {$CONFIG->dbprefix}entities e ON e.guid = er.guid_one";
$where .= " AND ";
}
$where .= " AND e.type = '{$type}'";
} else {
$join = "";
}
$guid_col = $inverse_relationship ? "guid_two" : "guid_one";
delete_data("\n\t\tDELETE er FROM {$CONFIG->dbprefix}entity_relationships AS er\n\t\t{$join}\n\t\tWHERE {$guid_col} = {$guid}\n\t\t{$where}\n\t");
return true;
}
/**
* Check to see if a user has already created an annotation on an object
*
* @param int $entity_guid Entity guid
* @param string $annotation_type Type of annotation
* @param int $owner_guid Defaults to logged in user.
*
* @return bool
* @since 1.8.0
*/
function elgg_annotation_exists($entity_guid, $annotation_type, $owner_guid = null)
{
global $CONFIG;
if (!$owner_guid && !($owner_guid = elgg_get_logged_in_user_guid())) {
return false;
}
$entity_guid = sanitize_int($entity_guid);
$owner_guid = sanitize_int($owner_guid);
$annotation_type = sanitize_string($annotation_type);
$sql = "SELECT a.id FROM {$CONFIG->dbprefix}annotations a" . " JOIN {$CONFIG->dbprefix}metastrings m ON a.name_id = m.id" . " WHERE a.owner_guid = {$owner_guid} AND a.entity_guid = {$entity_guid}" . " AND m.string = '{$annotation_type}'";
if (get_data_row($sql)) {
return true;
}
return false;
}
/**
* Returns localized string.
*
* @param string $text A text which should be localized
* @param array $params Indexed array with placeholders.
* @param string|null $locale Target locale code. If null is passed in the
* current locale will be used.
* @param boolean $raw Indicates if the result should be sanitized or not.
* @return string Localized text.
*/
function getlocal($text, $params = null, $locale = null, $raw = false)
{
if (is_null($locale)) {
$locale = get_current_locale();
}
$string = get_localized_string($text, $locale);
if ($params) {
for ($i = 0; $i < count($params); $i++) {
$string = str_replace("{" . $i . "}", $params[$i], $string);
}
}
return $raw ? $string : sanitize_string($string, 'low', 'moderate');
}
/**
* {@inheritdoc}
*/
protected function update()
{
global $CONFIG;
if (!parent::update()) {
return false;
}
$guid = (int) $this->guid;
$title = sanitize_string($this->title);
$description = sanitize_string($this->description);
$query = "UPDATE {$CONFIG->dbprefix}objects_entity\n\t\t\tset title='{$title}', description='{$description}' where guid={$guid}";
return $this->getDatabase()->updateData($query) !== false;
}
register_error(elgg_echo("groups:cantcreate"));
forward(REFERER);
}
$group = new ElggGroup($group_guid);
// load if present, if not create a new group
if ($group_guid && !$group->canEdit()) {
register_error(elgg_echo("groups:cantedit"));
forward(REFERER);
}
// Assume we can edit or this is a new group
if (sizeof($input) > 0) {
foreach ($input as $shortname => $value) {
// update access collection name if group name changes
if (!$is_new_group && $shortname == 'name' && $value != $group->name) {
$group_name = html_entity_decode($value, ENT_QUOTES, 'UTF-8');
$ac_name = sanitize_string(elgg_echo('groups:group') . ": " . $group_name);
$acl = get_access_collection($group->group_acl);
if ($acl) {
// @todo Elgg api does not support updating access collection name
$db_prefix = elgg_get_config('dbprefix');
$query = "UPDATE {$db_prefix}access_collections SET name = '{$ac_name}' \n\t\t\t\t\tWHERE id = {$group->group_acl}";
update_data($query);
}
}
$group->{$shortname} = $value;
}
}
// Validate create
if (!$group->name) {
register_error(elgg_echo("groups:notitle"));
forward(REFERER);
