function processLogin()
{
global $cfg;
// Initialize or retrieve the current values for the login variables
$loginAttempts = !isset($_POST['loginAttempts']) ? 1 : $_POST['loginAttempts'];
$formUser = !isset($_POST['formUser']) ? NULL : $_POST['formUser'];
$formPassword = !isset($_POST['formPassword']) ? NULL : $_POST['formPassword'];
// If the posted username and/or password doesnt match whats set in config.
if ($formUser != $cfg->get('admin_user') || $formPassword != $cfg->get('admin_pass')) {
// If first login attempt, initiate a login attempt counter
if ($loginAttempts == 0) {
$_POST['loginAttempts'] = 1;
$auth = false;
return;
} else {
if ($loginAttempts >= 3) {
echo "<blink><p align='center' style=\"font-weight:bold;font-size:170px;color:red;font-family:sans-serif;\">Log In<br>Failed.</p></blink>";
exit;
} else {
$_POST['loginAttempts'] += 1;
return;
}
}
} elseif ($formUser == $cfg->get('admin_user') && $formPassword == $cfg->get('admin_pass')) {
// Start Session, set session variables
start_session();
$_SESSION['adminAuth'] = md5($cfg->get('admin_user') . $cfg->get('admin_pass'));
$_SESSION['adminTime'] = time();
$SID = session_id();
$_POST['task'] = 'home';
} else {
$_POST['loginAttempts'] += 1;
return;
}
}
function __construct()
{
if (!session_id()) {
start_session();
}
$this->_db = new my_mysql();
}
function is_logged_in()
{
//function to see if the user is logged in
start_session();
//PhP session must be started before you can start storing infromation
return isset($_SESSION['user']);
//return session of the "user"
}
function authenticate_user($inputUsername, $inputPassword, $connection)
{
//query database to return password for the username that was input
//usernames are unique so only 1 row should be returned
$result = $connection->query("SELECT password FROM employee \n\t\tWHERE username = '******'");
//get the returned result as an array
$row = $result->fetch_array(MYSQLI_NUM);
//verify the passwords match
if ($inputPassword == $row[0]) {
echo "true";
start_session($inputUsername, $inputPassword);
} else {
echo "false";
}
}
function validate()
{
$clean_email = strstr($email, '@');
if (empty($name) || !isset($name)) {
echo 'please fill all fields';
}
//check if array has a value
if (!in_array($clean_email, $domains)) {
echo 'please enter a valid email provider';
}
if ($password !== $confirm) {
echo 'plase check your password match';
}
if (isset($_POST['register'])) {
start_session();
}
}
function processLogin()
{
global $cfg;
// Initialize or retrieve the current values for the login variables
$loginAttempts = !isset($_POST['loginAttempts']) ? 1 : $_POST['loginAttempts'];
$formUser = !isset($_POST['formUser']) ? NULL : $_POST['formUser'];
$formPassword = !isset($_POST['formPassword']) ? NULL : $_POST['formPassword'];
// Check Values
if ($formUser != $cfg->get('admin_user') || $formPassword != $cfg->get('admin_pass')) {
if ($loginAttempts == 0) {
/* 3 strikes and they're out */
$_POST['loginAttempts'] = 1;
$auth = false;
return;
} else {
if ($loginAttempts >= 3) {
echo "<blink><p align='center' style=\"font-weight:bold;font-size:170px;color:red;font-family:sans-serif;\">Log In<br>Failed.</p></blink>";
exit;
} else {
$_POST['loginAttempts'] += 1;
return;
}
}
} elseif ($formUser == $cfg->get('admin_user') && $formPassword == $cfg->get('admin_pass')) {
// test for valid username and password
// Start Session
start_session();
$_SESSION['adminAuth'] = md5($cfg->get('admin_user') . $cfg->get('admin_pass'));
$_SESSION['adminTime'] = time();
$SID = session_id();
$_POST['task'] = 'home';
} else {
$_POST['loginAttempts'] += 1;
return;
}
}
function do_acct_status($status)
{
$do_admin_acct = false;
// Change to 'true', if desired
if (get_device() || $do_admin_acct) {
switch ($status) {
case 'update':
update_session();
break;
case 'start':
start_session();
break;
case 'stop':
stop_session();
break;
case 'auth':
auth_session();
break;
}
}
}
</form>
<?php
}
if ($_GET['vars'] == "yes") {
$key_country = $_POST['key_country'];
$key_province = $_POST['key_province'];
$key_city = $_POST['key_city'];
$key_org = $_POST['key_org'];
$key_email = $_POST['key_email'];
$server_name = $_POST['server_name'];
$client_name = $_POST['client_name'];
//need to use bash commands to do this... permission issues.
//editing var file using sed
//define('NET_SSH2_LOGGING', NET_SSH2_LOG_COMPLEX);
if (!isset($_SESSION['password'])) {
start_session('create_certs.php?vars=yes');
}
$password = stripslashes(trim($_SESSION['password']));
$username = stripslashes(trim($_SESSION['username']));
if ($username == "") {
$username = "******";
}
$ssh = new Net_SSH2('localhost');
if (!$ssh->login($username, $password)) {
exit('Login Failed');
}
echo $ssh->read('/.*@.*/', NET_SSH2_READ_REGEX);
$ssh->write("sudo killall -v openvpn\n");
$ssh->setTimeout(10);
$output = $ssh->read('/.*@.*[$|#]|.*[P|p]assword.*/', NET_SSH2_READ_REGEX);
//$ssh->read();
function is_logged_in()
{
start_session();
return isset($_SESSION['user']);
}
require 'functions.php';
set_include_path(get_include_path() . PATH_SEPARATOR . 'phpseclib');
include 'Net/SSH2.php';
//if (!(isset($_SESSION['password']))){
// start_session('install.php'); //getting username and password for phpseclib ssh terminal
//}
?>
<?
//error_reporting(E_ALL);
//ini_set('display_errors', 'on');
//functions.php includes session_start()
//will need to do the pkitool test now.... TODO move pkitool to previous heading so don't have to test for it twice :(
//Will reach this if the "initial-setup" button is pressed in code block after this
If ($_GET['action'] == "initial-setup"){
if (! (isset($_SESSION['password']))){
start_session('install.php&action=initial-setup');
}
$password = stripslashes(trim($_SESSION['password']));
$username = stripslashes(trim($_SESSION['username']));
if ($username == ""){
$username = "******";
}
$ssh = new Net_SSH2('localhost');
if (!$ssh->login($username, $password)) {
exit('Login Failed');
}
$default_pkitool_location = $config_dir . "/easy-rsa/pkitool";
if (!(file_exists($default_pkitool_location))){
echo "<font color='B22222'>Error!</font> PKITOOL not found... required, will attempt to copy into $config_dir<br />";
echo $ssh->exec("sudo cp -r $easy_rsa_dir $config_dir");
function create_zip($files = array(), $destination = '', $cert_name, $overwrite = true)
{
//will need phpseclib later.... so...
if (!isset($_SESSION['password'])) {
start_session('certs.php?action=send_cert&type=$send_type&cert_name=$cert_name');
}
$password = stripslashes(trim($_SESSION['password']));
$username = stripslashes(trim($_SESSION['username']));
if ($username == "") {
$username = "******";
}
$ssh = new Net_SSH2('localhost');
if (!$ssh->login($username, $password)) {
exit('Login Failed');
}
//if the zip file already exists and overwrite is false, return false
if (file_exists($destination) && !$overwrite) {
echo "Will not overwrite!<br />";
return false;
}
//vars
$valid_files = array();
//if files were passed in...
if (is_array($files)) {
//cycle through each file
foreach ($files as $file) {
//make sure the file exists
if (file_exists($file)) {
$valid_files[] = $file;
}
}
}
//if we have good files...
if (count($valid_files)) {
//create the archive
$zip = new ZipArchive();
if ($zip->open($destination, $overwrite ? ZIPARCHIVE::OVERWRITE : ZIPARCHIVE::CREATE) !== true) {
return false;
}
//add the files
foreach ($valid_files as $file) {
$zip->addFile($file, $file);
echo "File: {$file}<br />";
}
//debug
echo 'The zip archive contains ', $zip->numFiles, ' files with a status of ', $zip->status;
echo "<br />";
$zip->addFile($file);
//close the zip -- done!
$zip->close();
$curr_work_dir = getcwd();
echo "{$curr_work_dir}/Downloads/{$destination}<br />";
//now move the file to our Downloads folder
if (copy("{$destination}", "{$curr_work_dir}/Downloads/{$destination}")) {
unlink("{$destination}");
}
//and update destination
$zip_download = "{$destination}";
//TODO check if file exists
return $zip_download;
} else {
return false;
}
}
<?php
require_once 'inc/functions.php';
/*
* If posted information from login form
*/
if (isset($_POST['submitLogin'])) {
if (check_credentials($_POST)) {
start_session($_POST['uname']);
} else {
$msg = 'Invalid Login Credentials!';
}
}
/*
* If user is logged-in
* redirect to home.php
*/
if (isset($_SESSION['username'])) {
header('Location: home.php?u=' . $_SESSION['username']);
}
require 'inc/header.php';
?>
<div class="container">
<form method="POST" class="form-signin col-md-6 col-md-offset-3 col-xs-10 col-xs-offset-1">
<?php
if (isset($msg)) {
echo "<div class='alert alert-danger' role='alert'>Invalid Login Credentials!</div>";
}
?>
<input type="text" name="uname" class="form-control" placeholder="Username" required autofocus>
<input type="password" name="pword" class="form-control" placeholder="Password" required>
require_once DIR_FS_PRONTO . DS . 'core' . DS . 'factory.php';
require_once DIR_FS_PRONTO . DS . 'core' . DS . 'session.php';
if (defined('SESSION_USEDB') && SESSION_USEDB === true) {
// taken from pronto/profiles/web.php
if (defined('DB_NAME')) {
$db =& Factory::db(array('dsn' => DB_DSN, 'file' => DB_FILE, 'host' => DB_HOST, 'user' => DB_USER, 'pass' => DB_PASS, 'name' => DB_NAME));
Registry::set('pronto:db:main', $db);
} else {
foreach ($DATABASES as $key => $dbcfg) {
$db =& Factory::db($dbcfg);
Registry::set('pronto:db:' . $key, $db);
}
unset($key, $dbcfg);
}
}
start_session($_GET['sessidpass']);
/*
TinyBrowser 1.41 - A TinyMCE file browser (C) 2008 Bryn Jones
(author website - http://www.lunarvis.com)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
// as well as links to various search forms.
// Incorporate some include files:
include 'initialize/db.inc.php';
// 'db.inc.php' is included to hide username and password
include 'includes/header.inc.php';
// include header
include 'includes/footer.inc.php';
// include footer
include 'includes/include.inc.php';
// include common functions
include 'initialize/ini.inc.php';
// include common variables
// --------------------------------------------------------------------
// START A SESSION:
// call the 'start_session()' function (from 'include.inc.php') which will also read out available session variables:
start_session(true);
// --------------------------------------------------------------------
// Initialize preferred display language:
// (note that 'locales.inc.php' has to be included *after* the call to the 'start_session()' function)
include 'includes/locales.inc.php';
// include the locales
// --------------------------------------------------------------------
// If there's no stored message available:
if (!isset($_SESSION['HeaderString'])) {
$HeaderString = $loc["Default Welcome Message"];
} else {
$HeaderString = $_SESSION['HeaderString'];
// extract 'HeaderString' session variable (only necessary if register globals is OFF!)
// Note: though we clear the session variable, the current message is still available to this script via '$HeaderString':
deleteSessionVariable("HeaderString");
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
<?php
include '../include/webzone.php';
$login = $_POST['login'];
$password = $_POST['password'];
if ($login == '' || $password == '') {
$display .= '<div class="alert fade in alert-error"><button type="button" class="close" data-dismiss="alert">×</button><strong>';
$display .= 'Missing login and/or password';
$display .= '</strong></div>';
$d['display'] = $display;
$d['code'] = 0;
echo json_encode($d);
} else {
if ($login == $GLOBALS['admin_username'] and $password == $GLOBALS['admin_password']) {
start_session(array('user_id' => '99999', 'login' => $login));
$d['code'] = 1;
//success
echo json_encode($d);
} else {
$display .= '<div class="alert fade in alert-error"><button type="button" class="close" data-dismiss="alert">×</button><strong>';
$display .= 'The user and/or password are incorrect';
$display .= '</strong></div>';
$d['display'] = $display;
$d['code'] = 0;
echo json_encode($d);
}
}
function POST_login__openid()
{
if (USER_USE_OPENID !== true) {
$this->redirect(url('User', 'login'));
return;
}
if (isset($_SESSION['openid']['validated'])) {
if ($_SESSION['openid']['validated']) {
$err = $this->models->user->authenticate_openid($_SESSION['openid']['identity']);
if ($err === false) {
// no user exists yet, but we have a positive openid auth,
// so let's create a new account...
$_SESSION['newuser_data'] = array();
if (is_array($_SESSION['openid']['sreg'])) {
$_SESSION['openid_identity'] = $_SESSION['openid']['identity'];
$_SESSION['openid_user_data'] = $_SESSION['openid']['sreg'];
$this->redirect(url('User', 'signup'));
return;
}
}
} else {
$err = $_SESSION['openid']['error'];
}
unset($_SESSION['openid']);
if ($err !== true) {
$this->tset('error', $err);
$this->GET_login();
} else {
$return_url = $this->param('return_url', '/');
$this->redirect(url($return_url));
}
} else {
if ($this->param('openid_url')) {
define('OPENID_NOKEYMANAGER', 1);
define('OPENID_SREG_REQUEST', 'nickname,email,fullname,dob,gender,postcode,country,language,timezone');
start_session();
require_once dirname(__FILE__) . '/../extlib/openid/processor.php';
}
}
}
$row = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["username"])) {
echo "Please input a username";
die;
} else {
if (empty($_POST["password"])) {
echo "Please input a password";
die;
} else {
$username = clean_input($_POST["username"]);
$password = clean_input(md5($_POST["password"]));
$query = mysqli_query($database_connection, "SELECT * FROM userstable WHERE `username` = '{$username}' AND `password` = '{$password}' ");
$row = mysqli_fetch_array($query);
if ($row) {
start_session($row);
echo "<br><br>", $_SESSION['LOGGED_IN'];
header("Location: /website/");
} else {
echo 'LOGIN UNSUCCESSFUL';
}
}
}
}
function clean_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
$data = mysql_real_escape_string($data);
return $data;
function application_add_company()
{
global $wpdb;
if (function_exists('start_session')) {
start_session();
}
$_SESSION['wp_page'] = 'my-companies';
// Create for empty post data
if (!isset($_REQUEST['submit']) && !isset($_REQUEST['name']) && empty($_REQUEST['name']) && !isset($_REQUEST['firstname']) && empty($_REQUEST['firstname']) && !isset($_REQUEST['lastname']) && empty($_REQUEST['lastname']) && !isset($_REQUEST['email']) && empty($_REQUEST['email']) && !isset($_REQUEST['phone']) && empty($_REQUEST['phone']) && !isset($_REQUEST['preferredcontactmethodcode']) && empty($_REQUEST['preferredcontactmethodcode']) && !isset($_REQUEST['address']) && empty($_REQUEST['address']) && !isset($_REQUEST['city']) && empty($_REQUEST['city']) && !isset($_REQUEST['zipcode']) && empty($_REQUEST['zipcode']) && !isset($_REQUEST['state']) && empty($_REQUEST['state']) && !isset($_REQUEST['country']) && empty($_REQUEST['country'])) {
if (isset($_SERVER["HTTP_REFERER"]) && !empty($_SERVER["HTTP_REFERER"])) {
$_SESSION['wp_errors']['company_invalid_post_data'] = __("Mandatory field(s) are required..");
wp_redirect($_SERVER["HTTP_REFERER"]);
} else {
// This case is occur when internet is disconnect and user direct hit the url
$_SESSION['wp_errors']['company_invalid_post_data'] = __("Something went wrong.Please try again later.");
wp_redirect(get_permalink(get_page_by_path('listings')) . '?page=my-companies&type=all');
}
}
// Check for unique company name
$company_sql = 'SELECT id FROM ' . $wpdb->prefix . 'company where name="' . $_POST['name'] . '"';
if ($_POST['id'] != 0) {
$company_sql .= ' AND id != ' . $_POST['id'];
}
//echo $company_sql;
$company_result = $wpdb->get_results($company_sql);
$company_count = $wpdb->num_rows;
/*
if ($company_count > 0) {
set_site_message('my-companies', 'error', "Company Already exists");
//$_SESSION['wp_errors']['company_exists'] = __("Company Already exists ");
wp_redirect($_SERVER["HTTP_REFERER"]);
exit;
}
*/
$roles = get_user_meta(get_current_user_id(), 'wp_capabilities');
if (!empty($roles) && isset($roles[0]) && array_key_exists('staff', $roles[0])) {
$isstaff = true;
}
//if ($wpdb->num_rows == 0) {
if ($_POST['id'] == 0) {
if (email_exists($_REQUEST['email'])) {
set_site_message('my-companies', 'error', "Email already exists please enter another email");
wp_redirect(get_permalink(get_page_by_path('listings')) . '?page=my-companies&type=all');
}
$company_type = isset($_POST['company_type']) ? $_POST['company_type'] : "Company";
$table = $wpdb->prefix . "company";
$data = array('name' => $_POST['name'], 'email' => $_POST['email'], 'created_by' => get_current_user_id(), 'phone' => $_POST['phone'], 'created_on' => date('Y-m-d H:m:s'), 'address' => $_POST['address'], 'fax' => $_POST['fax'], 'country' => $_POST['country'], 'state' => $_POST['state'], 'city' => $_POST['city'], 'zipcode' => $_POST['zipcode'], 'website_url' => $_POST['website_url'], 'status' => "New_company", 'type' => $company_type);
//print_r($data);die;
$wpdb->insert($table, $data);
$company_id = $wpdb->insert_id;
/* create new contact associated with new inserted company */
$random_password = wp_generate_password($length = 12, $include_standard_special_chars = false);
/* 0846 - 08/06/15 - in place of user_name in below function we take user_email because we change the functionality to take user_name as user_email */
$user_id = wp_create_user($_REQUEST['email'], $random_password, $_REQUEST['email']);
$user = get_user_by('id', $user_id);
/* assign role agent if company is agency */
if ($isstaff) {
if ($company_type == 'Agency') {
$agent_array = get_role("Agent");
if (empty($agent_array)) {
add_role('agent', 'Agent', array('read' => true, 'application-form' => true));
$user = new WP_User($user_id);
$user->add_cap('Agent');
} else {
$user = new WP_User($user_id);
$user->add_cap('Agent');
}
} else {
$user = new WP_User($user_id);
$user->remove_cap('Agent');
}
}
$wpdb->query("update " . $wpdb->prefix . "users set display_name = '" . $_POST['firstname'] . " " . $_POST['lastname'] . "', first_name = '" . $_POST['firstname'] . "',last_name='" . $_POST['lastname'] . "',salutaions='" . $_POST['salutaions'] . "',preferred_form='" . $_POST['preferredcontactmethodcode'] . "', phone = '" . $_POST['phone'] . "', country=" . $_POST['country'] . ",state=" . $_POST['state'] . ",city='" . $_POST['city'] . "', address = '" . $_POST['address'] . "', created_by = " . get_current_user_id() . ", created_on = '" . date("Y-m-d H:m:s") . "', company_id = '" . $company_id . "' where ID=" . $user_id);
$sql = 'SELECT * FROM ' . $wpdb->prefix . 'users where ID=' . get_current_user_id();
$result = $wpdb->get_results($sql);
$get_current_user_role_new = get_current_user_role();
if (strtolower($get_current_user_role_new) != 'staff') {
$firstname_users = $result[0]->first_name;
$lastname_users = $result[0]->last_name;
$link_to_comapnies = get_permalink(get_page_by_path('listings')) . '?page=my-companies&type=all';
$bnfw = BNFW::factory();
if ($bnfw->notifier->notification_exists('new-company')) {
$notifications = $bnfw->notifier->get_notifications('new-company');
foreach ($notifications as $notification) {
$setting = $bnfw->notifier->read_settings($notification->ID);
foreach ($setting['users'] as $users_role) {
$main_role = strtolower(str_replace('role-', '', $users_role));
$sql = "select `user_email`,`display_name` from " . $wpdb->prefix . "users where `user_type` = '" . $main_role . "'";
$staff_user = $wpdb->get_results($sql);
foreach ($staff_user as $staff_user) {
$emailstaff = $staff_user->user_email;
$username_staff = ucwords($staff_user->display_name);
$subjectstaff = str_replace('New Company Added', 'Existing Company Details Updated', $setting['subject']);
$date = date('Y-m-d');
$messagestaff = $setting['message'];
$messagestaff = str_replace('[firstname]', $firstname_users, $messagestaff);
$messagestaff = str_replace('[lastname]', $lastname_users, $messagestaff);
$messagestaff = str_replace('[username]', $username_staff, $messagestaff);
$messagestaff = str_replace('[date]', $date, $messagestaff);
$messagestaff = str_replace('[companyname]', $_POST['name'], $messagestaff);
$messagestaff = str_replace('[linkToCompany]', $link_to_comapnies, $messagestaff);
$subjectstaff = str_replace('[firstname]', $firstname_users, $subjectstaff);
$subjectstaff = str_replace('[lastname]', $lastname_users, $subjectstaff);
wp_mail($emailstaff, $subjectstaff, wpautop($messagestaff));
}
}
}
}
}
if ($isstaff) {
try {
staff_company_approve($company_id, false);
// approve company
} catch (Exception $e) {
$_SESSION['company_error_msg'] = "CRM Approve ERROR: " . $e->getMessage();
wp_redirect($_SERVER["HTTP_REFERER"]);
exit;
}
}
/* approve user at the time of company creation */
if ($isstaff) {
try {
approve_user_by_staff($user_id, false);
// approve user
} catch (Exception $e) {
$_SESSION['user_error_msg'] = "CRM Approve ERROR: " . $e->getMessage();
wp_redirect($_SERVER["HTTP_REFERER"]);
exit;
}
}
if (isset($_POST['redirect_url']) && !empty($_POST['redirect_url'])) {
set_site_message('my-companies', 'success', "Company Added Successfully");
//$_SESSION['wp_notices']['company_added'] = __("Company Added Successfully");
wp_redirect($_POST['redirect_url']);
} else {
set_site_message('my-companies', 'success', "Company Added Successfully");
// $_SESSION['wp_notices']['company_added'] = __("Company Added Successfully");
wp_redirect(admin_url() . 'admin.php?page=' . $_GET['page']);
}
} else {
$status = "Modified";
$company_result = $wpdb->get_results("SELECT status, crm_id FROM " . $wpdb->prefix . "company where " . $wpdb->prefix . "company.id = " . $_POST['id']);
$users = $wpdb->get_results("SELECT ID FROM " . $wpdb->prefix . "users where company_id = " . $_POST['id']);
//Do not update company status until it is approved
if (!empty($company_result) && $company_result[0]->crm_id == '') {
$status = $company_result[0]->status;
}
if (!empty($users)) {
$user_id = $users[0]->ID;
}
$company_type = isset($_POST['company_type']) ? $_POST['company_type'] : "Company";
$update_item_sql = 'SELECT ' . $wpdb->prefix . 'users.salutaions,' . $wpdb->prefix . 'users.first_name as firstname,' . $wpdb->prefix . 'users.last_name as lastname,' . $wpdb->prefix . 'company.email,' . $wpdb->prefix . 'company.phone,' . $wpdb->prefix . 'company.fax,' . $wpdb->prefix . 'company.name,' . $wpdb->prefix . 'company.address,' . $wpdb->prefix . 'company.preferredcontactmethodcode,' . $wpdb->prefix . 'company.city,' . $wpdb->prefix . 'company.zipcode,' . $wpdb->prefix . 'company.state,' . $wpdb->prefix . 'company.country,' . $wpdb->prefix . 'company.website_url FROM ' . $wpdb->prefix . 'company JOIN ' . $wpdb->prefix . 'users on ' . $wpdb->prefix . 'users.company_id=' . $wpdb->prefix . 'company.id where ' . $wpdb->prefix . 'company.id=' . $_POST['id'] . ' AND ' . $wpdb->prefix . 'users.ID=' . $_POST['user_id'];
$update_item_result = $wpdb->get_results($update_item_sql);
$_POST['preferredcontactmethodcode'] = isset($_POST['preferredcontactmethodcode']) ? $_POST['preferredcontactmethodcode'] : 'Email';
$post_array = array_slice($_POST, 0, 8, true) + array("preferredcontactmethodcode" => $_POST['preferredcontactmethodcode']) + array_slice($_POST, 3, count($_POST) - 3, true);
$update_array = json_decode(json_encode($update_item_result), true);
$diff_array = array_diff($_POST, $update_array[0]);
$updated_string = '';
foreach ($diff_array as $key => $value) {
if (isset($update_array[0][$key]) && isset($diff_array[$key])) {
switch ($key) {
case 'firstname':
$label = 'First Name';
break;
case 'lastname':
$label = 'Last Name';
break;
case 'preferredcontactmethodcode':
$label = 'Preferred Contact Method';
break;
case 'name':
$label = 'Company Name';
break;
default:
$label = $key;
}
$updated_string .= ucfirst(str_replace("_", ' ', $label)) . " from '" . $update_array[0][$key] . "' to '" . $diff_array[$key] . "'<br/>";
}
}
//Add updated data in logger
$json_data = json_encode($diff_array);
$log_data = array();
//Declare array to stored log data
$log_data['ref_type'] = "company";
$log_data['ref_id'] = $_POST['id'];
$log_data['title'] = "Company Updated";
$log_data['description'] = "Company Updated From Portal";
$log_data['content'] = $json_data;
//Used to log activity
IB_Logging::ib_log_activity($log_data);
$wpdb->update($wpdb->prefix . 'company', array('name' => $_POST['name'], 'email' => $_POST['email'], 'address' => $_POST['address'], 'preferredcontactmethodcode' => $_POST['preferredcontactmethodcode'], 'phone' => $_POST['phone'], 'fax' => $_POST['fax'], 'country' => $_POST['country'], 'state' => $_POST['state'], 'city' => $_POST['city'], 'zipcode' => $_POST['zipcode'], 'website_url' => $_POST['website_url'], 'status' => $status, 'modified_by' => get_current_user_id(), 'modified_on' => date('Y-m-d H:m:s'), 'type' => $company_type), array('id' => $_POST['id']));
/* update user details */
$wpdb->update($wpdb->prefix . 'users', array('first_name' => $_POST['firstname'], 'last_name' => $_POST['lastname'], 'phone' => $_POST['phone'], 'preferred_form' => $_POST['preferredcontactmethodcode'], 'modified_by' => get_current_user_id(), 'modified_on' => date('Y-m-d H:m:s'), 'country' => $_POST['country'], 'state' => $_POST['state'], 'city' => $_POST['city'], 'zipcode' => $_POST['zipcode'], 'website_url' => $_POST['website_url']), array('ID' => $_POST['user_id']));
/* update quotation progarm company details*/
$wpdb->update($wpdb->prefix . 'quotation_program', array('companyname' => $_POST['name']), array('company_id' => $_POST['id']));
/* assign role agent if company is agency */
if (isset($isstaff) && $isstaff) {
if ($company_type == 'Agency') {
$agent_array = get_role("Agent");
if (empty($agent_array)) {
add_role('agent', 'Agent', array('read' => true, 'application-form' => true));
$user = new WP_User($user_id);
$user->add_cap('Agent');
} else {
$user = new WP_User($user_id);
$user->add_cap('Agent');
}
} else {
$user = new WP_User($user_id);
$user->remove_cap('Agent');
}
}
if (isset($isstaff) && $isstaff) {
try {
$company_sql = 'SELECT crm_id FROM ' . $wpdb->prefix . 'company where id="' . $_POST['id'] . '"';
$company_result = $wpdb->get_results($company_sql);
if (!empty($company_result) && !empty($company_result[0]->crm_id)) {
staff_company_approve($_POST['id'], true);
// approve company
} else {
staff_company_approve($_POST['id'], false);
// approve company
}
} catch (Exception $e) {
$_SESSION['company_error_msg'] = "CRM Approve ERROR: " . $e->getMessage();
wp_redirect($_SERVER["HTTP_REFERER"]);
exit;
}
}
$sql = 'SELECT * FROM ' . $wpdb->prefix . 'users where ID=' . get_current_user_id();
$result = $wpdb->get_results($sql);
$get_current_user_role_new = get_current_user_role();
if (strtolower($get_current_user_role_new) != 'staff') {
$firstname_users = $result[0]->first_name;
$lastname_users = $result[0]->last_name;
$link_to_comapnies = get_permalink(get_page_by_path('listings')) . '?page=my-companies&type=modified';
$bnfw = BNFW::factory();
if ($bnfw->notifier->notification_exists('existing-company-update')) {
$notifications = $bnfw->notifier->get_notifications('existing-company-update');
foreach ($notifications as $notification) {
$setting = $bnfw->notifier->read_settings($notification->ID);
foreach ($setting['users'] as $users_role) {
$main_role = strtolower(str_replace('role-', '', $users_role));
$sql = "select `user_email`,`display_name` from " . $wpdb->prefix . "users where `user_type` = '" . $main_role . "'";
$staff_user = $wpdb->get_results($sql);
foreach ($staff_user as $staff_user) {
$emailstaff = $staff_user->user_email;
$username_staff = ucwords($staff_user->display_name);
$subjectstaff = $setting['subject'];
$subjectstaff = str_replace("[firstname]", $firstname_users, $subjectstaff);
$subjectstaff = str_replace('[lastname]', $lastname_users, $subjectstaff);
$date = date('Y-m-d');
$messagestaff = $setting['message'];
//$messagestaff = str_replace('[common_header]', $common_header, $messagestaff);
$messagestaff = str_replace('[firstname]', $firstname_users, $messagestaff);
$messagestaff = str_replace('[lastname]', $lastname_users, $messagestaff);
$messagestaff = str_replace('[username]', $username_staff, $messagestaff);
$messagestaff = str_replace('[date]', $date, $messagestaff);
$messagestaff = str_replace('[companyname]', $_POST['name'], $messagestaff);
$messagestaff = str_replace('[linkToCompany]', $link_to_comapnies, $messagestaff);
$messagestaff = str_replace("[update_fields]", $updated_string, $messagestaff);
$subjectstaff = str_replace('[firstname]', $firstname_users, $subjectstaff);
$subjectstaff = str_replace('[lastname]', $lastname_users, $subjectstaff);
if ($updated_string != '') {
wp_mail($emailstaff, $subjectstaff, wpautop($messagestaff));
}
}
}
}
}
}
if (isset($_POST['redirect_url']) && !empty($_POST['redirect_url'])) {
set_site_message('my-companies', 'success', "Company Details Updated Successfully");
// $_SESSION['wp_notices']['company_updated'] = __("Company Updated Successfully");
wp_redirect($_POST['redirect_url']);
} else {
set_site_message('my-companies', 'success', "Company Details Updated Successfully");
//$_SESSION['wp_notices']['company_updated'] = __("Company Updated Successfully");
wp_redirect(admin_url() . 'admin.php?page=' . $_GET['page']);
}
}
//}
}
// a link to the previous search results page (if any) // Incorporate some include files: include 'initialize/db.inc.php'; // 'db.inc.php' is included to hide username and password include 'includes/header.inc.php'; // include header include 'includes/footer.inc.php'; // include footer include 'includes/include.inc.php'; // include common functions include 'initialize/ini.inc.php'; // include common variables // -------------------------------------------------------------------- // START A SESSION: // call the 'start_session()' function (from 'include.inc.php') which will also read out available session variables: start_session(false); // -------------------------------------------------------------------- // Initialize preferred display language: // (note that 'locales.inc.php' has to be included *after* the call to the 'start_session()' function) include 'includes/locales.inc.php'; // include the locales // -------------------------------------------------------------------- // [ Extract form variables sent through POST/GET by use of the '$_REQUEST' variable ] // [ !! NOTE !!: for details see <http://www.php.net/release_4_2_1.php> & <http://www.php.net/manual/en/language.variables.predefined.php> ] // Check if any error occurred while processing the database UPDATE/INSERT/DELETE $errorNo = $_REQUEST['errorNo']; $errorMsg = $_REQUEST['errorMsg']; $errorMsg = stripSlashesIfMagicQuotes($errorMsg); // function 'stripSlashesIfMagicQuotes()' is defined in 'include.inc.php' // Extract the header message that was returned by originating script: $HeaderString = $_REQUEST['headerMsg'];
}
}
$cwdir = getcwd();
echo "<h3> Config file written to {$cwdir}/{$config_file_temp}.</h3><br />";
echo "Shall I attempt to copy config file to {$config_file_with_path}?<br />";
echo "This will require openvpn to be restarted..... continue?<br />";
echo "<a class='btn btn-danger' href='config.php?action=restart'>Restart Openvpn</a>";
echo " ";
echo "<a class='btn btn-primary' href='index.php'>I will restart manually</a>";
exit;
}
//End update file... now checking for a restart command....
if (isset($_GET['action']) and $_GET['action'] == "restart") {
if (!isset($_SESSION['password'])) {
//will start the session if needed, and return to config.php?action=restart
start_session('config.php?action=restart');
}
$password = stripslashes(trim($_SESSION['password']));
$username = stripslashes(trim($_SESSION['username']));
if ($username == "") {
$username = "******";
}
$ssh = new Net_SSH2('localhost');
if (!$ssh->login($username, $password)) {
exit('Login Failed');
}
read_config_file();
$config_file_temp = $config_file;
$cwdir = getcwd();
echo "<pre>";
echo $ssh->exec("sudo killall -v openvpn");
<!DOCTYPE html>
<?php
start_session(600);
#session_start();
if (empty($_SESSION['username'])) {
header("location:index.php");
}
echo "You're logged as " . $_SESSION['username'];
echo '<form action=./destroy.php method=get><input type=submit value=logout></form>';
function start_session($expire = 0)
{
if ($expire == 0) {
$expire = ini_get('session.gc_maxlifetime');
} else {
ini_set('session.gc_maxlifetime', $expire);
}
if (empty($_COOKIE['PHPSESSID'])) {
session_set_cookie_params($expire);
session_start();
} else {
session_start();
setcookie('PHPSESSID', session_id(), time() + $expire);
}
}
?>
<html>
<head>
<title></title>
<script type="text/javascript" src="js/jquery-1.7.2.js"></script>
<link rel="stylesheet" type="text/css" href="js/tree_themes/SimpleTree.css"/>
<script type="text/javascript" src="js/SimpleTree.js"></script>
echo "<br />";
echo "<br />";
echo "<br />";
echo "<br />";
echo "Checking if openvpn is running......<br />";
echo "<br />";
echo "<br />";
echo "<br />";
echo "Printing your config file......<br />";
echo "</div>";
echo "<div class='span5'>";
echo "Checking {$config_dir}" . "easy-rsa/....<br />";
}
//Next test... see if openvpn is running
if (!isset($_SESSION['password'])) {
start_session('install.php');
}
$password = stripslashes(trim($_SESSION['password']));
$username = stripslashes(trim($_SESSION['username']));
if ($username == "") {
$username = "******";
}
$ssh = new Net_SSH2('localhost');
if (!$ssh->login($username, $password)) {
exit('Login Failed');
}
$openvpn_running = $ssh->exec("ps aux | grep openvpn");
echo str_repeat(' ', 1024 * 64);
if (stristr($openvpn_running, $bin_file)) {
echo "Running from {$bin_file}<br />";
if ($pki_tool_found == "no") {
<?php
/**
* Validates POST data from HTML forms
*
* A subclass to which is passed the form's fields' attributes
* can offer more specific validation.
*/
require_once CORE_DOC_ROOT . 'php/global.php';
start_session();
class Form_Validator
{
public $valid = false;
public $result = null;
public function __construct()
{
$form_data = $this->get_form_data();
if ($form_data === null) {
return;
}
$validation_return = $this->validate_form($form_data);
$this->valid = $validation_return[0];
$this->result = $validation_return[1];
}
protected function get_form_data()
{
if ($_POST === null || count($_POST) === 0) {
return null;
}
/*
* undo PHP's automatic field-name-to-array grouping
<?php
require_once('config.php');
require_once('base_function.php');
# 建立資料庫連線
global $db;
$db = new PDO(
'mysql:host='.DB_HOST.';dbname='.DB_NAME.';',
DB_USERNAME, DB_PASSWORD,
array( PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8'" ));
start_session(3600);
