Example #1
0
 public function database($data)
 {
     $db = new DB($data['db_driver'], $data['db_hostname'], $data['db_username'], $data['db_password'], $data['db_database'], $data['db_port']);
     $file = DIR_APPLICATION . 'opencart.sql';
     if (!file_exists($file)) {
         exit('Could not load sql file: ' . $file);
     }
     $lines = file($file);
     if ($lines) {
         $sql = '';
         foreach ($lines as $line) {
             if ($line && substr($line, 0, 2) != '--' && substr($line, 0, 1) != '#') {
                 $sql .= $line;
                 if (preg_match('/;\\s*$/', $line)) {
                     $sql = str_replace("DROP TABLE IF EXISTS `oc_", "DROP TABLE IF EXISTS `" . $data['db_prefix'], $sql);
                     $sql = str_replace("CREATE TABLE IF NOT EXISTS `oc_", "CREATE TABLE IF NOT EXISTS `" . $data['db_prefix'], $sql);
                     $sql = str_replace("INSERT INTO `oc_", "INSERT INTO `" . $data['db_prefix'], $sql);
                     $db->query($sql);
                     $sql = '';
                 }
             }
         }
         $db->query("SET CHARACTER SET utf8");
         $db->query("SET @@session.sql_mode = 'MYSQL40'");
         $db->query("DELETE FROM `" . $data['db_prefix'] . "user` WHERE user_id = '1'");
         $db->query("INSERT INTO `" . $data['db_prefix'] . "user` SET user_id = '1', user_group_id = '1', username = '" . $db->escape($data['username']) . "', salt = '" . $db->escape($salt = substr(md5(uniqid(rand(), true)), 0, 9)) . "', password = '" . $db->escape(sha1($salt . sha1($salt . sha1($data['password'])))) . "', firstname = 'John', lastname = 'Doe', email = '" . $db->escape($data['email']) . "', status = '1', date_added = NOW()");
         $db->query("DELETE FROM `" . $data['db_prefix'] . "setting` WHERE `key` = 'config_email'");
         $db->query("INSERT INTO `" . $data['db_prefix'] . "setting` SET `code` = 'config', `key` = 'config_email', value = '" . $db->escape($data['email']) . "'");
         $db->query("DELETE FROM `" . $data['db_prefix'] . "setting` WHERE `key` = 'config_url'");
         $db->query("INSERT INTO `" . $data['db_prefix'] . "setting` SET `code` = 'config', `key` = 'config_url', value = '" . $db->escape(HTTP_OPENCART) . "'");
         // Create token to login with
         $string = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
         $token = '';
         for ($i = 0; $i < 64; $i++) {
             $token .= $string[rand(0, strlen($string) - 1)];
         }
         $db->query("DELETE FROM `" . $data['db_prefix'] . "setting` WHERE `key` = 'config_encryption'");
         $db->query("INSERT INTO `" . $data['db_prefix'] . "setting` SET `code` = 'config', `key` = 'config_encryption', value = '" . $db->escape($token) . "'");
         $db->query("UPDATE `" . $data['db_prefix'] . "product` SET `viewed` = '0'");
         // Create order API user
         $string = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
         $api_username = '';
         for ($i = 0; $i < 64; $i++) {
             $api_username .= $string[rand(0, strlen($string) - 1)];
         }
         $api_password = '';
         for ($i = 0; $i < 256; $i++) {
             $api_password .= $string[rand(0, strlen($string) - 1)];
         }
         $db->query("INSERT INTO `" . $data['db_prefix'] . "api` SET username = '" . $db->escape($api_username) . "', `password` = '" . $db->escape($api_password) . "', status = 1, date_added = NOW(), date_modified = NOW()");
         $api_id = $db->getLastId();
         $db->query("DELETE FROM `" . $data['db_prefix'] . "setting` WHERE `key` = 'config_api_id'");
         $db->query("INSERT INTO `" . $data['db_prefix'] . "setting` SET `code` = 'config', `key` = 'config_api_id', value = '" . (int) $api_id . "'");
     }
 }
 function getWebpages($project, $tag = '', $page = 1, $webpages_per_page = 10, $orderBy = 'title', $orderDir = 'ASC', $archived = false)
 {
     $orderDir = strtoupper($orderDir);
     if ($orderDir != "ASC" && $orderDir != "DESC") {
         $orderDir = "ASC";
     }
     if ($page < 0) {
         $page = 1;
     }
     //$conditions = logged_user()->isMemberOfOwnerCompany() ? '' : ' `is_private` = 0';
     if ($tag == '' || $tag == null) {
         $tagstr = "1=1";
     } else {
         $tagstr = "(SELECT count(*) FROM `" . TABLE_PREFIX . "tags` WHERE `" . TABLE_PREFIX . "project_webpages`.`id` = `" . TABLE_PREFIX . "tags`.`rel_object_id` AND `" . TABLE_PREFIX . "tags`.`tag` = " . DB::escape($tag) . " AND `" . TABLE_PREFIX . "tags`.`rel_object_manager` = 'ProjectWebpages' ) > 0 ";
     }
     $permission_str = ' AND (' . permissions_sql_for_listings(ProjectWebpages::instance(), ACCESS_LEVEL_READ, logged_user()) . ')';
     if ($project instanceof Project) {
         $pids = $project->getAllSubWorkspacesCSV(true);
         $project_str = " AND " . self::getWorkspaceString($pids);
     } else {
         $project_str = "";
     }
     if ($archived) {
         $archived_cond = " AND `archived_by_id` <> 0";
     } else {
         $archived_cond = " AND `archived_by_id` = 0";
     }
     $conditions = $tagstr . $permission_str . $project_str . $archived_cond;
     return ProjectWebpages::paginate(array("conditions" => $conditions, 'order' => DB::escapeField($orderBy) . " {$orderDir}"), config_option('files_per_page', 10), $page);
     // paginate
 }
Example #3
0
 public static function send($to_user, $subject, $body, $from_user)
 {
     $subject = strip_tags($subject);
     $body = strip_tags($body, "<br><a><strong><em>");
     // Verify title wasn't garbage
     if (empty($title) && empty($body)) {
         return array('status' => false, 'message' => 'You must enter a subject and a body');
     }
     if (empty($to_user)) {
         return array('status' => false, 'message' => 'You must select a recipient');
     }
     if (empty($from_user)) {
         return array('status' => false, 'message' => 'The message must be from someone');
     }
     if ($to_user->uid == $from_user->uid) {
         return array('status' => false, 'message' => 'You cannot send yourself a message');
     }
     $subject = DB::escape($subject);
     $body = DB::escape($body);
     $query = "INSERT INTO xbt_messages (from_user_uid, to_user_uid, subject, body, ctime) VALUES (" . $from_user->uid . ", " . $to_user->uid . ", '" . $subject . "', '" . $body . "', unix_timestamp())";
     if ($results = DB::query($query, true)) {
         return array('status' => true, 'message' => 'Your message has been sent.');
     } else {
         return array('status' => false, 'message' => 'The message could not be sent at this time.');
     }
 }
Example #4
0
 /**
  * Crear un hash con el nombre del cliente.
  * Esta función crear un hash para detectar clientes duplicados mediante
  * la eliminación de carácteres especiales y capitalización
  *
  * @return string con el hash generado
  */
 private static function mkCustomerHash()
 {
     $charsSrc = array(".", " ", "_", ", ", "-", ";", "'", "\"", ":", "(", ")", "|", "/");
     $newValue = strtolower(str_replace($charsSrc, '', DB::escape(self::$customerName)));
     $hashValue = md5($newValue);
     return $hashValue;
 }
Example #5
0
 public function showUserComments($pageId, $title)
 {
     // add page information to database, if not available
     if ($GLOBALS['DB']->getCell("SELECT COUNT(*) FROM page WHERE id = '{$pageId}'") == 0) {
         $dbTitle = DB::escape($title);
         $GLOBALS['DB']->query("INSERT INTO page VALUES ('{$pageId}', '{$dbTitle}')");
     }
     $html = "";
     if ($GLOBALS['User']->isLoggedIn()) {
         $html .= "\r\n\t\t\t    <a name='yournote'></a>\r\n\t\t\t    <form action='/andreas/php/andreas.php?module=cms&action=add' method='post'>\r\n\t\t\t    <table class='section'>\r\n\t\t\t    <caption class='sectionCaption'>Your note</caption>\r\n\t\t\t\t\t<tr><td><textarea name='content' cols='80' rows='5'></textarea></td></tr>\r\n\t\t\t        <tr><td><input type='submit' value='Submit'/></td></tr>\r\n\t\t\t    </table>\r\n\t\t\t    <input type='hidden' name='page_id' value='{$pageId}' />\r\n\r\n\t\t\t    </form>\r\n\t\t\t";
     } else {
         $html .= "\r\n\t\t\t    <table class='section'>\r\n\t\t\t    <caption class='sectionCaption'>Your note</caption>\r\n\t\t\t        <tr><td><div class='note'>\r\n\t\t\t\t\t\t<a href='/andreas/php/andreas.php?module=login&amp;action=login&amp;returnPageId={$pageId}'>Log in</a> to add a note.<br /><br />\r\n\t\t\t        \tYou need to <a href='/andreas/php/andreas.php?module=registration&amp;action=start'>register</a> (only name, e-mail address, and password) to add notes to the pages of the site.\r\n\t\t\t\t\t</div></td></tr>\r\n\t\t\t    </table>\r\n\t\t\t";
     }
     $rows = $GLOBALS['DB']->getRows(sprintf("\r\n\t\t\tSELECT\r\n\t\t\t\tnote.id as note_id, note.created_timestamp, note.last_changed_timestamp, note.content,\r\n\t\t\t\tuser.id as user_id, user.fullname\r\n\t\t\tFROM note\r\n\t\t\tINNER JOIN user ON user.id = note.user_id\r\n\t\t\tWHERE page_id = '%s' ORDER BY created_timestamp DESC\r\n\t\t", $pageId));
     if (count($rows) > 0) {
         $notes = "";
         foreach ($rows as $row) {
             $timeHTML = date("j F Y, H:i", $row["created_timestamp"]);
             if ($row['last_changed_timestamp'] != $row['created_timestamp']) {
                 $timeHTML .= ";&nbsp;&nbsp;&nbsp;last edit: " . date("j F Y, H:i", $row["last_changed_timestamp"]);
             }
             if ($row['user_id'] == $GLOBALS['User']->getId()) {
                 $editHTML = "&nbsp;&nbsp;<a href='/andreas/php/andreas.php?module=cms&action=edit&note_id={$row['note_id']}'>Edit your note</a>";
             } else {
                 $editHTML = "";
             }
             $notes .= "<a name='note_{$row['note_id']}'></a>";
             $notes .= "<h4>" . htmlspecialchars($row["fullname"]) . "&nbsp;&nbsp;&nbsp;({$timeHTML}){$editHTML}</h4>";
             $notes .= "<p>" . $this->clean($row["content"]) . "</p>";
         }
         $html .= "\r\n\t\t\t\t<table class='section'>\r\n\t\t\t    <caption class='sectionCaption'>User contributed notes</caption>\r\n\t\t\t        <tr><td><div class='note'>\r\n\t\t\t\t\t\t{$notes}\r\n\t\t\t\t\t</div></td></tr>\r\n\t\t\t    </table>\r\n\t\t\t";
     }
     echo $html;
 }
 public function findflight()
 {
     $arricao = DB::escape($this->post->arricao);
     $depicao = DB::escape($this->post->depicao);
     $airline = DB::escape($this->post->airline);
     $aircraft = DB::escape($this->post->aircraft);
     if (!$airline) {
         $airline = '%';
     }
     if (!$arricao) {
         $arricao = '%';
     }
     if (!$depicao) {
         $depicao = '%';
     }
     if ($aircraft == !'') {
         $aircrafts = FrontSchedulesData::findaircraft($aircraft);
         foreach ($aircrafts as $aircraft) {
             $route = FrontSchedulesData::findschedules($arricao, $depicao, $airline, $aircraft->id);
             if (!$route) {
                 $route = array();
             }
             if (!$routes) {
                 $routes = array();
             }
             $routes = array_merge($routes, $route);
         }
     } else {
         $routes = FrontSchedulesData::findschedule($arricao, $depicao, $airline);
     }
     $this->set('allroutes', $routes);
     $this->show('RSL/schedule_results.tpl');
 }
Example #7
0
 function actionInvite()
 {
     if ($user = DB::query_row("SELECT * FROM `user_tb` WHERE `id` = '" . DB::escape($_GET['page']) . "'")) {
         setcookie("ref_id", $user['id'], time() + 2592000, "/", $this->domain);
     }
     $this->redirectTo("/registration/");
 }
 function add()
 {
     $pt = DB::escape(array_var($_GET, 'pt'));
     $t = DB::escape(array_var($_GET, 't'));
     $dep = ProjectTaskDependencies::findOne(array('conditions' => "`previous_task_id` = {$pt} AND `task_id` = {$t}"));
     if (!$dep instanceof ProjectTaskDependency) {
         try {
             DB::beginWork();
             $dep = new ProjectTaskDependency();
             $dep->setPreviousTaskId(array_var($_GET, 'pt'));
             $dep->setTaskId(array_var($_GET, 't'));
             $dep->save();
             DB::commit();
         } catch (Exception $e) {
             flash_error($e->getMessage());
             DB::rollback();
         }
     }
     flash_success(lang('success add task dependency'));
     $reload = array_var($_GET, 'reload', true);
     if ($reload) {
         ajx_current("reload");
     } else {
         ajx_current("empty");
     }
 }
Example #9
0
 public static function safeSid()
 {
     if (self::loggedIn()) {
         return DB::escape(self::currentData()->student_id);
     }
     return 's0000000';
 }
Example #10
0
function browse($filter, $export = false)
{
    $records_per_page = (int) $filter['rec_per_page'];
    if (isset($filter['page']) && $filter['page'] > 1) {
        $page = (int) $filter['page'];
    } else {
        $page = 1;
    }
    $from = ($page - 1) * $records_per_page;
    $q1 = "SELECT p.*, h.host_id, h.ip AS ipaddress";
    $q2 = "SELECT COUNT(*) as total_records";
    $q = " FROM ports as p\n\t\t\tLEFT JOIN hosts AS h ON (h.host_id = p.ip)\n \t\t\tWHERE 1 = 1";
    if (!empty($filter['ip'])) {
        $q .= " AND h.ip LIKE (\"" . DB::escape($filter['ip']) . "%\") ";
    }
    if (isset($filter['port']) && (int) $filter['port'] > 0 && (int) $filter['port'] <= 65535) {
        $q .= " AND p.port_id = " . (int) $filter['port'];
    }
    if (!empty($filter['protocol'])) {
        $q .= " AND p.protocol = '" . DB::escape($filter['protocol']) . "'";
    }
    if (!empty($filter['state'])) {
        $q .= " AND p.state = '" . DB::escape($filter['state']) . "'";
    }
    if (!empty($filter['service'])) {
        $q .= " AND p.service = '" . DB::escape($filter['service']) . "'";
    }
    if (!empty($filter['banner'])) {
        if ((int) $filter['exact-match'] === 1) {
            $q .= " AND (p.banner LIKE BINARY \"%" . $filter['banner'] . "%\" OR p.title LIKE BINARY \"%" . $filter['banner'] . "%\")";
        } else {
            //$q .= " AND match(title, banner) AGAINST (\"".DB::escape($filter['banner'])."\" IN NATURAL LANGUAGE MODE)";
            $q .= " AND (p.banner LIKE \"%" . $filter['banner'] . "%\" OR p.title LIKE \"%" . $filter['banner'] . "%\")";
        }
    }
    if (!empty($filter['text'])) {
        $q .= " AND (match(title, banner) AGAINST (\"" . DB::escape($filter['text']) . "\" IN NATURAL LANGUAGE MODE)\n                        OR h.ip LIKE (\"" . DB::escape($filter['text']) . "%\")\n                        OR p.service = \"" . DB::escape($filter['text']) . "%\"\n                        OR p.protocol = \"" . DB::escape($filter['text']) . "%\"\n                        OR p.port_id = \"" . (int) $filter['text'] . "%\")";
    }
    $q .= " ORDER BY p.scanned_ts DESC";
    if (!$export) {
        $q3 = " LIMIT {$from}, {$records_per_page}";
    } else {
        $q3 = "";
    }
    $data = DB::fetchAll($q1 . $q . $q3);
    $executionTimes['main'] = DB::getQueryExecutionTime();
    if ($export) {
        return $data;
    }
    $total = DB::fetch($q2 . $q);
    $to = $from + $records_per_page < $total['total_records'] ? $from + $records_per_page : $total['total_records'];
    $pages = $total['total_records'] > 1 ? ceil($total['total_records'] / $records_per_page) : 0;
    if (count($data) > $records_per_page) {
        $to = $from + $records_per_page;
    } else {
        $to = count($data);
    }
    return array('data' => $data, 'pagination' => array('page' => $page, 'pages' => $pages, 'records' => $total['total_records'], 'from' => ++$from, 'to' => $to));
}
Example #11
0
 /**
  * Update the pref values on the selected target. 
  */
 function update()
 {
     $db = new DB("pref");
     $db->setColPrefix("pref_");
     foreach ($this->_vars as $name => $value) {
         $db->select("pref_name = '" . $name . "' AND pref_target = '" . $db->escape($this->target) . "'");
         if ($db->numRows()) {
             $db->value = $value;
             $db->update("pref_name = '" . $name . "' AND pref_target = '" . $db->escape($this->target) . "'");
         } else {
             $db->name = $name;
             $db->value = $value;
             $db->target = $this->target;
             $db->insert();
         }
     }
 }
Example #12
0
 public function index()
 {
     $db = new DB(DB_DRIVER, DB_HOSTNAME, DB_USERNAME, DB_PASSWORD, DB_DATABASE, DB_PORT);
     if ($this->request->server['REQUEST_METHOD'] == 'POST' && $this->validate()) {
         $db->query("REPLACE INTO `" . DB_PREFIX . "setting` SET `config_fraud_status_id` = '1', `config_fraud_score` = '" . (int) $this->request->post['config_fraud_score'] . "', `config_fraud_key` = '" . $db->escape($this->request->post['config_fraud_score']) . "', `config_fraud_detection` = '" . (int) $this->request->post['config_fraud_detection'] . "' WHERE `store_id` = '0' AND `code` = 'config'");
         $this->session->data['success'] = $this->language->get('text_maxmind_success');
         $this->response->redirect($this->url->link('step_4'));
     } else {
         $this->document->setTitle($this->language->get('heading_maxmind'));
         $data['heading_maxmind'] = $this->language->get('heading_maxmind');
         $data['heading_maxmind_small'] = $this->language->get('heading_maxmind_small');
         $data['text_maxmind_top'] = $this->language->get('text_maxmind_top');
         $data['text_maxmind_link'] = $this->language->get('text_maxmind_link');
         $data['entry_licence_key'] = $this->language->get('entry_licence_key');
         $data['entry_risk'] = $this->language->get('entry_risk');
         $data['entry_fraud_status'] = $this->language->get('entry_fraud_status');
         $data['help_maxmind_risk'] = $this->language->get('help_maxmind_risk');
         $data['help_maxmind_fraud'] = $this->language->get('help_maxmind_fraud');
         $data['button_continue'] = $this->language->get('button_continue');
         $data['button_back'] = $this->language->get('button_back');
         $data['action'] = $this->url->link('maxmind');
         if (isset($this->request->post['config_fraud_detection'])) {
             $data['config_fraud_detection'] = $this->request->post['config_fraud_detection'];
         } else {
             $data['config_fraud_detection'] = '';
         }
         if (isset($this->request->post['config_fraud_key'])) {
             $data['config_fraud_key'] = $this->request->post['config_fraud_key'];
         } else {
             $data['config_fraud_key'] = '';
         }
         if (isset($this->request->post['config_fraud_score'])) {
             $data['config_fraud_score'] = $this->request->post['config_fraud_score'];
         } else {
             $data['config_fraud_score'] = '80';
         }
         $data['order_statuses'] = $db->query("SELECT * FROM " . DB_PREFIX . "order_status WHERE language_id = '1'  ORDER BY name ASC")->rows;
         if (isset($this->request->post['config_fraud_status_id'])) {
             $data['config_fraud_status_id'] = $this->request->post['config_fraud_status_id'];
         } else {
             $data['config_fraud_status_id'] = '';
         }
         if (isset($this->error['fraud_key'])) {
             $data['error_fraud_key'] = $this->error['fraud_key'];
         } else {
             $data['error_fraud_key'] = '';
         }
         if (isset($this->error['fraud_score'])) {
             $data['error_fraud_score'] = $this->error['fraud_score'];
         } else {
             $data['error_fraud_score'] = '';
         }
         $data['back'] = $this->url->link('step_4');
         $data['footer'] = $this->load->controller('footer');
         $data['header'] = $this->load->controller('header');
         $this->response->setOutput($this->load->view('maxmind.tpl', $data));
     }
 }
Example #13
0
 public function mysql($data)
 {
     $db = new DB($data['db_driver'], $data['db_host'], $data['db_user'], $data['db_password'], $data['db_name']);
     $file = DIR_APPLICATION . 'opencart.sql';
     if (!file_exists($file)) {
         exit('Could not load sql file: ' . $file);
     }
     $lines = file($file);
     if ($lines) {
         $sql = '';
         foreach ($lines as $line) {
             if ($line && substr($line, 0, 2) != '--' && substr($line, 0, 1) != '#') {
                 $sql .= $line;
                 if (preg_match('/;\\s*$/', $line)) {
                     $sql = str_replace("DROP TABLE IF EXISTS `oc_", "DROP TABLE IF EXISTS `" . $data['db_prefix'], $sql);
                     $sql = str_replace("CREATE TABLE `oc_", "CREATE TABLE `" . $data['db_prefix'], $sql);
                     $sql = str_replace("INSERT INTO `oc_", "INSERT INTO `" . $data['db_prefix'], $sql);
                     $db->query($sql);
                     $sql = '';
                 }
             }
         }
         $db->query("SET CHARACTER SET utf8");
         $db->query("SET @@session.sql_mode = 'MYSQL40'");
         $db->query("DELETE FROM `" . $data['db_prefix'] . "user` WHERE user_id = '1'");
         $db->query("INSERT INTO `" . $data['db_prefix'] . "user` SET user_id = '1', user_group_id = '1', username = '" . $db->escape($data['username']) . "', salt = '" . $db->escape($salt = substr(md5(uniqid(rand(), true)), 0, 9)) . "', password = '" . $db->escape(sha1($salt . sha1($salt . sha1($data['password'])))) . "', status = '1', email = '" . $db->escape($data['email']) . "', date_added = NOW()");
         $db->query("DELETE FROM `" . $data['db_prefix'] . "setting` WHERE `key` = 'config_email'");
         $db->query("INSERT INTO `" . $data['db_prefix'] . "setting` SET `group` = 'config', `key` = 'config_email', value = '" . $db->escape($data['email']) . "'");
         $db->query("DELETE FROM `" . $data['db_prefix'] . "setting` WHERE `key` = 'config_url'");
         $db->query("INSERT INTO `" . $data['db_prefix'] . "setting` SET `group` = 'config', `key` = 'config_url', value = '" . $db->escape(HTTP_OPENCART) . "'");
         $db->query("DELETE FROM `" . $data['db_prefix'] . "setting` WHERE `key` = 'config_encryption'");
         $db->query("INSERT INTO `" . $data['db_prefix'] . "setting` SET `group` = 'config', `key` = 'config_encryption', value = '" . $db->escape(hash_rand('md5')) . "'");
         $db->query("UPDATE `" . $data['db_prefix'] . "product` SET `viewed` = '0'");
     }
 }
Example #14
0
 function update()
 {
     $db = new DB("pref");
     $db->setColPrefix("pref_");
     foreach ($this->_vars as $name => $value) {
         $db->value = $value;
         $db->update("pref_name = '" . $name . "' AND pref_target = '" . $db->escape($this->target) . "'");
     }
 }
Example #15
0
function browse($filter, $export = false)
{
    $records_per_page = (int) $filter['rec_per_page'];
    if (isset($filter['page']) && $filter['page'] > 1) {
        $page = (int) $filter['page'];
    } else {
        $page = 1;
    }
    $from = ($page - 1) * $records_per_page;
    $q1 = "SELECT ip AS ipaddress, port_id, protocol, state, reason, service, banner, title";
    $q2 = "SELECT COUNT(*) as total_records";
    $q = " FROM data WHERE 1 = 1";
    if (!empty($filter['ip'])) {
        list($start_ip, $end_ip) = getStartAndEndIps($filter['ip']);
        $q .= " AND (ip >= {$start_ip} AND ip <= {$end_ip})";
    }
    if (isset($filter['port']) && (int) $filter['port'] > 0 && (int) $filter['port'] <= 65535) {
        $q .= " AND port_id = " . (int) $filter['port'];
    }
    if (!empty($filter['protocol'])) {
        $q .= " AND protocol = '" . DB::escape($filter['protocol']) . "'";
    }
    if (!empty($filter['state'])) {
        $q .= " AND state = '" . DB::escape($filter['state']) . "'";
    }
    if (!empty($filter['service'])) {
        $q .= " AND service = '" . DB::escape($filter['service']) . "'";
    }
    if (!empty($filter['banner'])) {
        if ((int) $filter['exact-match'] === 1) {
            $q .= " AND (banner LIKE BINARY \"%" . $filter['banner'] . "%\" OR title LIKE BINARY \"%" . $filter['banner'] . "%\")";
        } else {
            $q .= " AND match(title, banner) AGAINST (\"" . DB::escape($filter['banner']) . "\" IN NATURAL LANGUAGE MODE)";
        }
    }
    if (!empty($filter['text'])) {
        $q .= " AND (match(title, banner) AGAINST (\"" . DB::escape($filter['text']) . "\" IN NATURAL LANGUAGE MODE)\n                        OR service = \"" . DB::escape($filter['text']) . "%\"\n                        OR protocol = \"" . DB::escape($filter['text']) . "%\"\n                        OR port_id = \"" . (int) $filter['text'] . "%\")";
    }
    if (isset($start_ip)) {
        $q3 = " ORDER BY ip ASC";
    } else {
        $q3 = " ORDER BY scanned_ts DESC";
    }
    if (!$export) {
        $q4 = " LIMIT {$from}, {$records_per_page}";
    } else {
        $q4 = "";
    }
    $data = DB::fetchAll($q1 . $q . $q3 . $q4);
    if ($export) {
        return $data;
    }
    $total = DB::fetch($q2 . $q);
    $to = $from + $records_per_page < $total['total_records'] ? $from + $records_per_page : $total['total_records'];
    $pages = $total['total_records'] > 1 ? ceil($total['total_records'] / $records_per_page) : 0;
    return array('data' => $data, 'pagination' => array('page' => $page, 'pages' => $pages, 'records' => $total['total_records'], 'from' => ++$from, 'to' => $to));
}
 /**
  * Get project forms that are in relation with this message
  *
  * @param void
  * @return array
  */
 function getRelatedForms()
 {
     if (is_null($this->related_forms)) {
         $this->related_forms = ProjectForms::findAll(array('conditions' => '`action` = ' . DB::escape(ProjectForm::ADD_COMMENT_ACTION) . ' AND `in_object_id` = ' . DB::escape($this->getId()), 'order' => '`order`'));
         // findAll
     }
     // if
     return $this->related_forms;
 }
	static function getLastLogs($category = '', $title = '', $log_data = '', $limit = 10, $additional_conds = '') {
		$cat_cond = $category == '' ? "" : " AND `category` = ".DB::escape($category);
		$title_cond = $title == '' ? "" : " AND `title` = ".DB::escape($title);
		$data_cond = $log_data == '' ? "" : " AND `log_data` = ".DB::escape($log_data);
		$conditions = "1=1 $cat_cond $title_cond $data_cond";
		if ($additional_conds != '') $conditions .= " AND $additional_conds";
		
		return self::findAll(array('conditions' => $conditions, 'limit' => $limit, 'order' => '`created_on` DESC'));
	}
 static function countPendingPreviousTasks($task_id)
 {
     $ids = array();
     // Build Main SQL
     $sql = "\r\n\t\tSELECT count(`previous_task_id`) AS row_count FROM `" . TABLE_PREFIX . "project_task_dependencies` AS ptd\r\n\t\tLEFT JOIN `" . TABLE_PREFIX . "project_tasks` AS e ON ptd.`previous_task_id` = e.`object_id`\r\n\t\tWHERE `task_id` = " . $task_id . " AND `e`.`completed_on` = " . DB::escape(EMPTY_DATETIME) . "\r\n\t\tAND 0 = (SELECT `trashed_by_id` FROM `" . TABLE_PREFIX . "objects` WHERE `id`=`previous_task_id`)\r\n\t\t\r\n\t\t";
     // Execute query and build the resultset
     $row = DB::executeOne($sql);
     return (int) array_var($row, 'row_count', 0);
 }
Example #19
0
 public function get_users($group_id)
 {
     $group_id = DB::escape($group_id);
     $data = DB::query("SELECT * FROM `users` WHERE `group` = '{$group_id}'", false);
     $result = array();
     while ($user = DB::next($data)) {
         $result[] = $user;
     }
     return $result;
 }
Example #20
0
 public function jumpseatPurchase()
 {
     $id = DB::escape($this->post->id);
     $cost = DB::escape($this->post->cost);
     $curmoney = Auth::$userinfo->totalpay;
     $total = $curmoney - $cost;
     FltbookData::jumpseatpurchase(Auth::$userinfo->pilotid, $total);
     FltbookData::updatePilotLocation($id);
     header('Location: ' . url('/Fltbook'));
 }
 public function purchase()
 {
     $id = DB::escape($_GET['id']);
     $cost = $_GET['cost'];
     $curmoney = Auth::$userinfo->totalpay;
     $total = $curmoney - $cost;
     FBSVData::purchase_ticket(Auth::$userinfo->pilotid, $total);
     FBSVData::update_pilot_location($id);
     header('Location: ' . url('/FBSV11'));
 }
Example #22
0
 /**
  * Adds extra where conditions when temporal filtering is needed.
  *
  * @param array $join_result
  * @param string $name
  * @return array
  */
 protected function modify_join_result($join_result, $name)
 {
     if (!is_null($this->timestamp) and is_subclass_of($join_result[$name]['model'], '\\Orm\\Model_Temporal')) {
         //Add the needed conditions to allow for temporal-ness
         $table = $join_result[$name]['table'][1];
         $query_time = \DB::escape($this->timestamp);
         $join_result[$name]['join_on'][] = array("{$table}.{$this->timestamp_start_col}", '<=', $query_time);
         $join_result[$name]['join_on'][] = array("{$table}.{$this->timestamp_end_col}", '>=', $query_time);
     }
     return $join_result;
 }
Example #23
0
 function table($aRow)
 {
     $photo = Photo::getPhotoById($aRow['main']);
     $aRow['main'] = "<img src='" . $photo['path'] . "/thumb/" . $photo['name'] . "'>";
     if ($parent = DB::query_row("SELECT * FROM `category_tb` WHERE `id` = '" . DB::escape($aRow['categoryID']) . "'")) {
         $aRow['categoryID'] = $parent['name'];
     } else {
         $aRow['categoryID'] = "нет";
     }
     return $aRow;
 }
Example #24
0
 /**
  * Check if the current user has access to view the addon
  * @return boolean 
  */
 function Access()
 {
     $acl = new Acl(USER_ID);
     $db = new DB("addons");
     $db->select("addon_name = '" . $db->escape($this->_name) . "' AND addon_installed = '1'");
     $db->nextRecord();
     if ((int) $acl->group < (int) $db->addon_group) {
         return false;
     } else {
         return true;
     }
 }
Example #25
0
    public static function EditNewsItem($id, $subject, $body)
    {
        $subject = DB::escape($subject);
        $body = DB::escape($body);
        $sql = 'UPDATE ' . TABLE_PREFIX . 'news SET subject=\'' . $subject . '\', body=\'' . $body . '\' 
					WHERE id=' . $id;
        $res = DB::query($sql);
        if (DB::errno() != 0) {
            return false;
        }
        return true;
    }
Example #26
0
 public static function handleBrowseRequest($options = [], $conditions = [], $responseID = null, $responseData = [])
 {
     // apply tag filter
     if (!empty($_REQUEST['tag'])) {
         // get tag
         if (!($Tag = Tag::getByHandle($_REQUEST['tag']))) {
             return static::throwNotFoundError('Tag not found');
         }
         $conditions[] = 'ID IN (SELECT ContextID FROM tag_items WHERE TagID = ' . $Tag->ID . ' AND ContextClass = "' . \DB::escape(\Emergence\People\Person::getStaticRootClass()) . '")';
     }
     return parent::handleBrowseRequest($options, $conditions, $responseID, $responseData);
 }
Example #27
0
 public static function AddGroup($groupname, $type)
 {
     $groupname = DB::escape($groupname);
     if ($type != 'a' || $type != 'd') {
         $type = 'd';
     }
     $query = "INSERT INTO " . TABLE_PREFIX . "groups (name, groupstype) VALUES ('{$groupname}', '{$type}')";
     $res = DB::query($sql);
     if (DB::errno() != 0) {
         return false;
     }
     return true;
 }
Example #28
0
 public function sendmail()
 {
     $this->checkPermission(EMAIL_PILOTS);
     echo '<h3>Sending email</h3>';
     if ($this->post->subject == '' || trim($this->post->message) == '') {
         $this->set('message', 'You must enter a subject and message!');
         $this->render('core_error.php');
         return;
     }
     if (count($this->post->groups) == 0) {
         $this->set('message', 'You must select groups to send to!');
         $this->render('core_error.php');
         return;
     }
     echo 'Sending email...<br />';
     $pilotarray = array();
     //Begin the nice long assembly of e-mail addresses
     foreach ($this->post->groups as $groupid) {
         if ($groupid == 'all') {
             $all_pilots = PilotData::findPilots(array());
             foreach ($all_pilots as $pilot) {
                 $pilotarray[$pilot->pilotid] = $pilot;
             }
             break;
         } else {
             $tmp = PilotGroups::getUsersInGroup($groupid);
             if (count($tmp) == 0 || !is_array($tmp)) {
                 continue;
             }
             foreach ($tmp as $pilot) {
                 $pilotarray[$pilot->pilotid] = $pilot;
             }
         }
     }
     $subject = DB::escape($this->post->subject);
     $message = stripslashes($this->post->message) . PHP_EOL . PHP_EOL;
     # Do some quick fixing of obvious formatting errors
     $message = str_replace('<br>', '<br />', $message);
     foreach ($pilotarray as $pilot) {
         echo 'Sending for ' . $pilot->firstname . ' ' . $pilot->lastname . '<br />';
         # Variable replacements
         $send_message = str_replace('{PILOT_FNAME}', $pilot->firstname, $message);
         $send_message = str_replace('{PILOT_LNAME}', $pilot->lastname, $send_message);
         $send_message = str_replace('{PILOT_ID}', PilotData::GetPilotCode($pilot->code, $pilot->pilotid), $send_message);
         $send_message = utf8_encode($send_message);
         Util::SendEmail($pilot->email, $subject, $send_message);
     }
     echo 'Complete!';
     LogData::addLog(Auth::$userinfo->pilotid, 'Sent pass mail');
     return;
 }
Example #29
0
 public function index()
 {
     require_once CORE_LIB_PATH . '/recaptcha/recaptchalib.php';
     if ($this->post->submit) {
         if (Auth::LoggedIn() == false) {
             # Make sure they entered an email address
             if (trim($this->post->name) == '' || trim($this->post->email) == '') {
                 $this->set('message', 'You must enter a name and email!');
                 $this->render('core_error.tpl');
                 return;
             }
         }
         $resp = recaptcha_check_answer(Config::Get('RECAPTCHA_PRIVATE_KEY'), $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
         // Check the captcha thingy
         if (!$resp->is_valid) {
             $this->set('captcha_error', $resp->error);
             $this->set('message', 'You failed the captcha test!');
             $this->render('contact_form.tpl');
             return;
         }
         if ($this->post->subject == '' || trim($this->post->message) == '') {
             $this->set('message', 'You must enter a subject and message!');
             $this->render('core_error.tpl');
             return;
         }
         $subject = 'New message from ' . $this->post->name . ' - "' . $this->post->subject . '"';
         $message = DB::escape($this->post->message) . PHP_EOL . PHP_EOL;
         unset($_POST['recaptcha_challenge_field']);
         unset($_POST['recaptcha_response_field']);
         foreach ($_POST as $field => $value) {
             $message .= "-{$field} = {$value}" . PHP_EOL;
         }
         $message = nl2br($message);
         $message = utf8_encode($message);
         Util::SendEmail(ADMIN_EMAIL, $subject, $message);
         $this->render('contact_sent.tpl');
         return;
     }
     # Just a simple addition
     $rand1 = rand(1, 10);
     $rand2 = rand(1, 10);
     $this->set('rand1', $rand1);
     $this->set('rand2', $rand2);
     $tot = $rand1 + $rand2;
     //echo "total: $tot <br />";
     SessionManager::Set('captcha_sum', $tot);
     //echo 'output of $_SESSION: <br />';
     //print_r($_SESSION);
     $this->render('contact_form.tpl');
 }
Example #30
0
 function getPermissionGroupsAllowAll($permission_group_ids)
 {
     if (is_array($permission_group_ids)) {
         $permission_group_ids = implode(",", $permission_group_ids);
     }
     $rows = DB::executeAll("SELECT permission_group_id FROM " . TABLE_PREFIX . "contact_dimension_permissions WHERE `dimension_id` = " . $this->getId() . " AND `permission_type` = " . DB::escape('allow all') . " AND `permission_group_id` in ({$permission_group_ids})");
     $res = array();
     if ($rows && is_array($rows)) {
         foreach ($rows as $row) {
             $res[] = $row['permission_group_id'];
         }
     }
     return $res;
 }