function salvar($id,$nome, $email,$senha)
{
$db = new Database();
// inserir
if($id == 0)
{
$senha = md5($senha);
$sql = 'insert into usuario ( nome, email, senha) values ("'.$nome.'","'.$email.'","'.$senha .'")';
return $db->query_insert($sql);
}
else
{ // atualizar
if($email != '')
$and = ' ,senha = md5(\''.$senha.'\') ';
else
$and = '';
$sql = ' update usuario set nome = "'.$nome.'", email = "'.$email.'" '. $and . ' where id = ' .$id;
return $db->query_update($sql);
}
}
public function add($obj)
{
$db = new Database();
$db->connect();
$obj = $db->query_insert($this->table_name, $obj);
$db->close();
return new response(array('body' => $obj));
}
public function save($token = false, $data = false, $server = false)
{
$database = new Database();
$date = date('Y-m-d h:m:s');
$expired_date = date('Y-m-d h:m:s ', strtotime($date . ' + 1 days'));
$session_saved = $database->query_insert('sessions', array('token' => $token, 'data' => json_encode($data), 'server_data' => json_encode($server), 'expired_date' => $expired_date, 'created' => $date));
return $session_saved;
}
function UpdateSettings($setting, $val, $type = '')
{
global $server, $user, $pass, $database, $pre;
if (empty($type)) {
$type = 'admin';
}
//Connect to database
require_once "sources/class.database.php";
$db = new Database($server, $user, $pass, $database, $pre);
$db->connect();
//Check if setting is already in DB. If NO then insert, if YES then update.
$data = $db->fetch_row("SELECT COUNT(*) FROM " . $pre . "misc WHERE type='" . $type . "' AND intitule = '" . $setting . "'");
if ($data[0] == 0) {
$db->query_insert("misc", array('valeur' => $val, 'type' => $type, 'intitule' => $setting));
//in case of stats enabled, add the actual time
if ($setting == 'send_stats') {
$db->query_insert("misc", array('valeur' => time(), 'type' => $type, 'intitule' => $setting . '_time'));
}
} else {
$db->query_update("misc", array('valeur' => $val), "type='" . $type . "' AND intitule = '" . $setting . "'");
//in case of stats enabled, update the actual time
if ($setting == 'send_stats') {
//Check if previous time exists, if not them insert this value in DB
$data_time = $db->fetch_row("SELECT COUNT(*) FROM " . $pre . "misc WHERE type='" . $type . "' AND intitule = '" . $setting . "_time'");
if ($data_time[0] == 0) {
$db->query_insert("misc", array('valeur' => 0, 'type' => $type, 'intitule' => $setting . '_time'));
} else {
$db->query_update("misc", array('valeur' => 0), "type='" . $type . "' AND intitule = '" . $setting . "_time'");
}
}
}
//save in variable
if ($type == "admin") {
$_SESSION['settings'][$setting] = $val;
} else {
if ($type == "settings") {
$settings[$setting] = $val;
}
}
}
function salvar($id,$nome, $email)
{
$db = new Database();
// inserir
if($id == 0)
{
$sql = 'insert into periodo ( nome ) values ("'.$nome.'")';
return $db->query_insert($sql);
}
else
{
// atualizar
$sql = ' update periodo set nome = "'.$nome.'" where id = ' .$id;
return $db->query_update($sql);
}
}
function sendSMSAlert($geoAssId, $devDateTime)
{
$db = new Database(DB_SERVER, DB_USER, DB_PASS, DB_DATABASE);
$db->connect();
$getData = "SELECT * FROM tb_assigngeofence,tb_deviceinfo,tb_geofence_info,tb_clientinfo WHERE ci_id = tag_clientId AND tgi_id = tag_geofenceId AND di_id = tag_diId AND tag_id = " . $geoAssId;
$resData = mysql_query($getData);
if (@mysql_affected_rows() > 0) {
$fetData = mysql_fetch_assoc($resData);
$from = "";
$to = $fetData[tag_alertSrc];
if ($fetData[di_deviceName]) {
$devName = $fetData[di_deviceName];
} else {
$devName = $fetData[di_deviceId];
}
if ($fetData[tag_inout] == "in") {
$status = "entered zone";
} else {
$status = "left zone";
}
$msg = "Dear " . ucfirst($fetData[ci_clientName]) . "! " . $devName . " has " . $status . " " . $fetData[tgi_name] . " at " . date("H:i:s", strtotime($devDateTime)) . " - " . $fetData[ci_weburl];
//echo $msg;
$smsres = sendSMS($from, $to, $msg);
$smsdata['tsi_mobileno'] = $fetData[tag_alertSrc];
$smsdata['tsi_tgai_id'] = $geoAssId;
$smsdata['tsi_smsResult'] = $smsres;
$smsdata['tsi_message'] = urlencode($msg);
$smsdata['tsi_smsType'] = "GEOALERT";
//print_r($smsdata);
//exit;
if ($db->query_insert("tb_smsinfo", $smsdata)) {
$res = 1;
} else {
$res = 0;
}
return $res;
//print_r($fetData);
}
}
public function insertNewTransfer($eventId, $offer)
{
$insert['mode'] = $_GET['mode'];
$insert['event_id'] = $eventId;
$insert['start'] = $_POST['start'];
$insert['via'] = $_POST['via'];
$insert['destination'] = $_POST['destination'];
$insert['email'] = $_POST['email'];
$insert['name'] = $_POST['name'];
$insert['message'] = $_POST['message'];
$insert['centre_fk'] = $_SESSION['centreIdent'];
#echo "*".$_SESSION['centreIdent'];
#check for Spamrobots
if ($_SESSION['centreIdent'] != '') {
echo "Spam";
$db = new Database();
$db->connect();
$db->query_insert("transfer", $insert);
$this->debug("NEW TRANSFER ENTRY", "Inserting transfer with the following content:\n" . $this->convert($insert));
$db->close();
}
}
include_once 'includes/database.class.php';
require_once 'config.php';
$db = new Database($mysql_db_host, $mysql_db_user, $mysql_db_passwd, $mysql_db_name, $table_prefix);
$db->connect();
switch ($_GET['action']) {
case "deactivate":
$data['action'] = 0;
$db->query_update("plugins", $data, "filename='" . $_GET['filename'] . "'");
break;
case "activate":
$sql = "SELECT * FROM " . $table_prefix . "plugins WHERE filename = '" . $db->escape($_GET['filename']) . "'";
$count = count($db->fetch_all_array($sql));
if ($count < 1) {
$data['filename'] = $_GET['filename'];
$data['action'] = 1;
$db->query_insert("plugins", $data);
} else {
$data['action'] = 1;
$db->query_update("plugins", $data, "filename='" . $_GET['filename'] . "'");
}
break;
}
$sql = "SELECT filename, action FROM " . $table_prefix . "plugins WHERE action = '" . $db->escape(1) . "'";
$result_rows = $db->fetch_all_array($sql);
$plugin_list = new phphooks();
$plugin_headers = $plugin_list->get_plugins_header();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
function logEvents($type, $label, $who)
{
global $server, $user, $pass, $database, $pre;
//include librairies & connect to DB
require_once "class.database.php";
$db = new Database($server, $user, $pass, $database, $pre);
$db->connect();
$db->query_insert("log_system", array('type' => $type, 'date' => mktime(date('h'), date('i'), date('s'), date('m'), date('d'), date('y')), 'label' => $label, 'qui' => $who));
}
// Photo name : timestamp-random(year,timestamp)-locationid_photoid.jpg
$photo_name = $date[0] . '-' . rand($date[year], $date[0]) . '-' . $subDirImage . "_" . $subPhotoID . ".jpg";
$path = "./../upload/{$dir}/{$subDirImage}/" . $photo_name;
// Write photo
$base = $_POST['photo_upload'];
if ($base != "") {
$binary = base64_decode($base);
$file = fopen($path, 'a');
fwrite($file, $binary);
fclose($file);
chmod($path, 0766);
$UploadImage['LOCATION_CATE_ID'] = $_POST["location_cate_id"];
$UploadImage['LOCATION_ID'] = $_POST["location_id"];
$UploadImage['PHOTO_NAME'] = $photo_name;
$UploadImage['OWNER_NAME'] = $_POST["user_name"];
$insertPhoto = $db->query_insert("photo", $UploadImage);
} else {
echo "เนเธกเนเธกเธตเธ เธฒเธเธญเธฑเธเนเธซเธฅเธ";
}
//Find PHOTO_ID
$sql = "SELECT MAX( PHOTO_ID ) as maxPho_ID FROM photo";
$q_maxPhotoID = $db->query($sql);
if ($_maxPhotoID = $db->fetch_array($q_maxPhotoID)) {
$maxPhoto_ID = $_maxPhotoID['maxPho_ID'];
}
// INSER OWNER
$_user_id = $_REQUEST['user_id'];
$_user_name = $_REQUEST['user_name'];
$_user_username = $_REQUEST['user_username'];
$userInsert['USER_ID'] = $_user_id;
$userInsert['USER_NAME'] = $_user_name;
echo "{$errstr} ({$errno})<br />\n";
} else {
$out = "GET /api/v1/xml/" . $user_proj . "/commits/master HTTP/1.1\r\n";
$out .= "Host: google.com \r\n";
$out .= "Connection: Close\r\n\r\n";
fwrite($fp, $out);
while (!feof($fp)) {
$results .= fgets($fp, 128);
}
fclose($fp);
}
$post_results = parseHttpResponse($results);
$objXML = new xml2Array();
$arrOutput = $objXML->parse($post_results);
$github_result = $arrOutput[0]['children'];
for ($i = 0; $i < count($github_result); $i++) {
$commit_id = $github_result[$i]['children'][4]['tagData'];
$message = $github_result[$i]['children'][0]['tagData'];
$date = str_replace('T', ' T ', $github_result[$i]['children'][5]['tagData']);
$commiter = $github_result[$i]['children'][3]['children'][0]['tagData'] . "/" . $github_result[$i]['children'][3]['children'][1]['tagData'];
$unix_stamp = strtotime($date);
echo "{$message} [{$commit_id}] was commited by {$commiter} on " . $unix_stamp . " \n";
if (strlen($mydb->first("SELECT `sum` FROM commits WHERE `sum`='{$commit_id}'")) == 0) {
$ar = array('id' => null, 'user' => $commiter, 'message' => $message, 'sum' => $commit_id, 'project' => $r['id']);
$mydb->query_insert('commits', $ar);
$LASTID = $mydb->lastID();
$s->n($LASTID, '', 'git', $r['id'], $unix_stamp);
}
//echo "<a href='#' onclick=\"insertAtCursor(document.reply.report, '[GIT]".$commit_id."[/GIT]');\" title=\".". $date . "\">" .$message . "</a><small>[" . $commit_id . "]</small>";
}
}
}
@fclose($file1);
}
if (isset($_GET[add_stop_name]) && $_GET[add_stop_name] != '') {
//echo $_GET[add_stop_name];
$getCont = "select * from tb_geofence_info where tgi_name = '" . $_GET[add_stop_name] . "' OR tgi_latLong = '" . $_GET[mapPt] . "' AND tgi_clientId =" . $_SESSION[clientID];
$resCont = $db->query($getCont);
if ($db->affected_rows == 0) {
$cdata["tgi_clientId"] = $_SESSION[clientID];
$cdata["tgi_name"] = $_GET[add_stop_name];
$cdata["tgi_isActive"] = 1;
$cdata["tgi_radius"] = "0.5";
$cdata["tgi_latLong"] = $_GET[mapPt];
//print_r($cdata);
//exit;
if ($db->query_insert("tb_geofence_info", $cdata)) {
echo 1;
} else {
echo 0;
}
} else {
echo 0;
}
}
if ($_GET[date_offline] != '' && $_GET[sessionid] != '') {
if (isset($_GET[date_offline]) && $_GET[date_offline]) {
$date_offline = $_GET[date_offline];
} else {
$date_offline = date('d-m-Y');
}
$getUserInfo = "SELECT * FROM tb_userinfo,tb_clientinfo WHERE ui_id = " . $_SESSION[userID] . " AND ci_id = " . $_SESSION[clientID];
$db->query_update('nested_tree', array('parent_id' => $_POST['newparent_id']), "id=" . $id[1]);
//Get the title to display it
$data = $db->fetch_row("SELECT title FROM " . $pre . "nested_tree WHERE id = " . $_POST['newparent_id']);
//show value
echo $data[0];
//rebuild the tree grid
$tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
$tree->rebuild();
} else {
if (isset($_POST['changer_complexite'])) {
$id = explode('_', $_POST['id']);
//Check if group exists
$tmp = $db->fetch_row("SELECT COUNT(*) FROM " . $pre . "misc WHERE type = 'complex' AND intitule = '" . $id[1] . "'");
if ($tmp[0] == 0) {
//Insert into DB
$db->query_insert('misc', array('type' => 'complex', 'intitule' => $id[1], 'valeur' => $_POST['changer_complexite']));
} else {
//update DB
$db->query_update('misc', array('valeur' => $_POST['changer_complexite']), "type='complex' AND intitule = " . $id[1]);
}
//Get title to display it
echo $mdp_complexite[$_POST['changer_complexite']][1];
//rebuild the tree grid
$tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
$tree->rebuild();
} else {
if (isset($_POST['type'])) {
switch ($_POST['type']) {
// CASE where DELETING a group
case "supprimer_groupe":
// this will delete all sub folders and items associated
if (isset($_POST["titlechange"]) && $isadmin == 1) {
$tickid = $mydb->clean($_POST["tickid"], '', '');
$mydb->query_update("list", array('title' => $_POST["titlechange"]), "id='{$tickid}'");
echo "Title changed.";
}
if (isset($_POST["closeticket"]) && $isadmin == 1) {
$closeticket = $mydb->clean($_POST["tickid"], '', '');
$mydb->query_update('list', array('status' => 0, 'finished' => time()), "id='{$closeticket}'");
echo "Ok";
}
if (isset($_POST["openticket"]) && $isadmin == 1) {
$closeticket = $mydb->clean($_POST["tickid"], '', '');
$mydb->query_update('list', array('status' => 1, 'finished' => '0'), "id='{$closeticket}'");
echo "Ok";
}
if (isset($_POST["changepri"]) && $isadmin == 1) {
$changepri = $mydb->clean($_POST["changepri"], '', '');
$id = $mydb->clean($_POST["id"], '', '');
$mydb->query_update('list', array('priority' => $changepri), "id='{$id}'");
//print_r($_POST);
}
// adds to do items
if (isset($_POST["addtodo"])) {
$id = $mydb->clean($_POST["id"], '', '');
$mydb->query_insert('todo_list', array('id' => 'null', 'tid' => $_POST['id'], 'content' => $_POST['item'], 'status' => 0));
echo $mydb->lastID();
}
if (isset($_POST["markfinish"])) {
$mydb->query_update('todo_list', array('status' => 1), "id='" . $mydb->clean($_POST["id"], '', '') . "'");
}
//print_r($_POST);
$parent_check = $db->query($parent_rec);
//check if parend data exist
if ($record = $db->fetch_array($parent_check)!=null) {
// $prnt_code['email_code'] = md5($record['email'] + microtime());//for email ver.
// $db->query_update("tblparents", $prnt_code, "id='$parent_id'");
//check slot available
$checkSlot = "SELECT student_id, student_id2, student_id3 FROM tblparents where id='$parent_id'";
$queryCheck = $db->query($checkSlot);
while ($record = $db->fetch_array($queryCheck)) {
if ($record['student_id']=="" && $student0['fname'] != NULL && $student0['lname'] != NULL && $student0['year_level'] != NULL ) {
$primary_id = $db->query_insert("tblstudents", $student0);//insert new student record in the tblstudents
$newStdID["student_id"] = $primary_id;
$db->query_update("tblparents", $newStdID, "id='$parent_id'");
if ($record['student_id2']=="" && $student1['fname'] != NULL && $student1['lname'] != NULL && $student1['year_level'] != NULL ){
$primary_id = $db->query_insert("tblstudents", $student1);//insert new student record in the tblstudents
$newStdID["student_id2"] = $primary_id;
$db->query_update("tblparents", $newStdID, "id='$parent_id'");
}
if($record['student_id3']=="" && $student2['fname'] != NULL && $student2['lname'] != NULL && $student2['year_level'] != NULL ){
$primary_id = $db->query_insert("tblstudents", $student2);//insert new student record in the tblstudents
$newStdID["student_id3"] = $primary_id;
$db->query_update("tblparents", $newStdID, "id='$parent_id'");
echo '[{"error":"no" , "output" : "' . $display . '"}]';
}
break;
//Insert into DB the items the user has selected
//Insert into DB the items the user has selected
case "import_items":
include 'main.functions.php';
foreach (explode('@_#sep#_@', mysql_real_escape_string(stripslashes($_POST['data']))) as $item) {
//For each item, insert into DB
$item = explode('@|@', $item);
//explode item to get all fields
//Encryption key
$random_key = GenerateKey();
$pw = $random_key . $item[2];
// Insert new item in table ITEMS
$new_id = $db->query_insert("items", array('label' => $item[0], 'description' => $item[4], 'pw' => encrypt($pw, mysql_real_escape_string(stripslashes($_SESSION['my_sk']))), 'url' => $item[3], 'id_tree' => $_POST['folder'], 'login' => $item[1], 'anyone_can_modify' => $_POST['import_csv_anyone_can_modify'] == "true" ? 1 : 0));
//Store generated key
$db->query_insert('keys', array('table' => 'items', 'id' => $new_id, 'rand_key' => $random_key));
//if asked, anyone in role can modify
if (isset($_POST['import_csv_anyone_can_modify_in_role']) && $_POST['import_csv_anyone_can_modify_in_role'] == "true") {
foreach ($_SESSION['arr_roles'] as $role) {
$db->query_insert('restriction_to_roles', array('role_id' => $role['id'], 'item_id' => $new_id));
}
}
// Insert new item in table LOGS_ITEMS
$db->query_insert('log_items', array('id_item' => $new_id, 'date' => mktime(date('H'), date('i'), date('s'), date('m'), date('d'), date('y')), 'id_user' => $_SESSION['user_id'], 'action' => 'at_creation'));
//reload Cache table
UpdateCacheTable("reload", "");
echo '[{"item":"' . $item[5] . '"}]';
}
break;
if (isset($_SESSION['settings']['duplicate_item']) && $_SESSION['settings']['duplicate_item'] == 0 && $item_exists == 0 || isset($_SESSION['settings']['duplicate_item']) && $_SESSION['settings']['duplicate_item'] == 1) {
//set key if non personal item
if ($data_received['is_pf'] != 1) {
//generate random key
$random_key = GenerateKey();
$pw = $random_key . $pw;
}
//encrypt PW
if ($data_received['salt_key_set'] == 1 && isset($data_received['salt_key_set']) && $data_received['is_pf'] == 1 && isset($data_received['is_pf'])) {
$pw = encrypt($pw, mysql_real_escape_string(stripslashes($_SESSION['my_sk'])));
$resticted_to = $_SESSION['user_id'];
} else {
$pw = encrypt($pw);
}
//ADD item
$new_id = $db->query_insert('items', array('label' => $label, 'description' => $data_received['description'], 'pw' => $pw, 'url' => $url, 'id_tree' => $data_received['categorie'], 'login' => $login, 'inactif' => '0', 'restricted_to' => isset($data_received['restricted_to']) ? $data_received['restricted_to'] : '', 'perso' => $data_received['salt_key_set'] == 1 && isset($data_received['salt_key_set']) && $data_received['is_pf'] == 1 && isset($data_received['is_pf']) ? '1' : '0', 'anyone_can_modify' => isset($data_received['anyone_can_modify']) && $data_received['anyone_can_modify'] == "on" ? '1' : '0'));
//Store generated key
if ($data_received['is_pf'] != 1) {
$db->query_insert('keys', array('table' => 'items', 'id' => $new_id, 'rand_key' => $random_key));
}
//Manage retriction_to_roles
if (isset($data_received['restricted_to_roles'])) {
foreach (array_filter(explode(';', $data_received['restricted_to_roles'])) as $role) {
$db->query_insert('restriction_to_roles', array('role_id' => $role, 'item_id' => $new_id));
}
}
//log
$db->query_insert('log_items', array('id_item' => $new_id, 'date' => mktime(date('H'), date('i'), date('s'), date('m'), date('d'), date('y')), 'id_user' => $_SESSION['user_id'], 'action' => 'at_creation'));
//Add tags
$tags = explode(' ', $tags);
foreach ($tags as $tag) {
echo 4;
} else {
echo 5;
}
}
if (isset($_GET[addGeoPoint]) && $_GET[addGeoPoint] != '') {
$getCont = "select * from tb_geofence_info where tgi_name = '" . $_GET[name] . "' OR tgi_latLong = '" . $_GET[param] . "' AND tgi_clientId =" . $_SESSION[clientID];
$resCont = $db->query($getCont);
if ($db->affected_rows == 0) {
$cdata["tgi_clientId"] = $_SESSION[clientID];
$cdata["tgi_name"] = $_GET[name];
$cdata["tgi_isActive"] = 1;
$cdata["tgi_radius"] = $_GET[radius];
$cdata["tgi_latLong"] = $_GET[param];
//print_r($cdata);
if ($db->query_insert("tb_geofence_info", $cdata)) {
echo 1;
} else {
echo 0;
}
} else {
$fetCont = $db->fetch_array($resCont);
$cdata["tgi_clientId"] = $_SESSION[clientID];
$cdata["tgi_name"] = $_GET[name];
$cdata["tgi_isActive"] = 1;
$cdata["tgi_radius"] = $_GET[radius];
$cdata["tgi_latLong"] = $_GET[param];
//print_r($cdata);
if ($db->query_update("tb_geofence_info", $cdata, "tgi_id = " . $fetCont[tgi_id])) {
echo 2;
} else {
$parent["password"] = $_POST["password"];
$parent["phone"] = $_POST["phone_number"];
$parent["postcode"] = $_POST["postcode"];
$parent["state"] = $_POST["state"];
$parent["date_registered"] = "NOW()";
$emailsession = $_POST["email"];
$prnt_email = $_POST["email"];
$prt_email = "SELECT email FROM tblparents where email='$prnt_email'";
$check_email = $db->query($prt_email);
//check email if it already exist
if ($record = $db->fetch_array($check_email)==null) {
$primary_id = $db->query_insert("tblparents", $parent);
if (isset($_SESSION['views'])) { //this is for the email verification page
$_SESSION['views']=$_SESSION['views']+1;
$_SESSION['parent_id']=$primary_id;
}else{
$_SESSION['views']=1;
}
header("Location:student_registration.php");
exit();
}else{
echo "<script>
alert('Email account already exist!');
window.history.go(-1);
</script>";
}
$message .= "</table>";
$message .= "</body></html>";
//echo $sub;
//exit;
if ($mailres = sendMail($t, $sub, $message, $fr)) {
$data['tdai_status'] = 1;
$data['tdai_deliveryTime'] = date("Y-m-d H:i:s");
if ($db->query_update("tb_device_alert_info", $data, "tdai_id=" . $record[tdai_id])) {
$maildata['tmi_email'] = $t;
$maildata['tmi_tgai_id'] = $record[tdai_id];
$maildata['tmi_mailResult'] = $mailres;
$maildata['tmi_message'] = $message;
$maildata['tmi_mailType'] = "DATEALERT";
//print_r($maildata);
//exit;
if ($db->query_insert("tb_mail_info", $maildata)) {
echo "done";
} else {
echo "no";
}
}
}
} elseif ($record[tdai_alertType] == "Mobile") {
$from = "";
$to = $record[tdai_source];
$msg = "Dear " . ucfirst($record[ci_clientName]) . "! " . $devName . " has " . $record[tdai_purpose] . ". pls log in for desc- " . $record[ci_weburl];
//echo $msg;
//exit;
if ($smsres = sendSMS($from, $to, $msg)) {
$data['tdai_status'] = 1;
$data['tdai_deliveryTime'] = date("Y-m-d H:i:s");
$db->query_update('nested_tree', array('parent_id' => $_POST['newparent_id']), "id=" . $id[1]);
//Get the title to display it
$data = $db->fetch_row("SELECT title FROM " . $pre . "nested_tree WHERE id = " . $_POST['newparent_id']);
//show value
echo $data[0];
//rebuild the tree grid
$tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
$tree->rebuild();
} else {
if (isset($_POST['changer_complexite'])) {
$id = explode('_', $_POST['id']);
//Check if group exists
$tmp = $db->fetch_row("SELECT COUNT(*) FROM " . $pre . "misc WHERE type = 'complex' AND intitule = '" . $id[1] . "'");
if ($tmp[0] == 0) {
//Insert into DB
$db->query_insert('misc', array('type' => 'complex', 'intitule' => $id[1], 'valeur' => $_POST['changer_complexite']));
} else {
//update DB
$db->query_update('misc', array('valeur' => $_POST['changer_complexite']), "type='complex' AND intitule = " . $id[1]);
}
//Get title to display it
echo $mdp_complexite[$_POST['changer_complexite']][1];
//rebuild the tree grid
$tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
$tree->rebuild();
} else {
if (isset($_POST['type'])) {
switch ($_POST['type']) {
// CASE where DELETING a group
case "delete_folder":
$folders_deleted = "";
$error_dat['status'] = "success";
$error_dat['reason'] = "Registration Complete...";
}
sleep(3);
echo json_encode($error_dat);
} elseif ($_GET['action'] == 'makesim' && !empty($_POST['MSISDN'])) {
$preMSISDN = $_POST['MSISDN'][0] . $_POST['MSISDN'][1] . $_POST['MSISDN'][2] . $_POST['MSISDN'][3];
$data['IMSI'] = "91" . $preMSISDN . rand('199999', '999999');
$data['IMEI'] = "956647" . "894467" . rand('199999', '999999');
$data['Ki'] = genRandKey(128);
$data['NSP'] = getNSP($preMSISDN);
$sql = "SELECT * FROM " . MSCTBL . " WHERE `MSISDN` = '" . $_POST['MSISDN'] . "'";
$row = $db->query_first($sql);
if (empty($row)) {
$data['MSISDN'] = $_POST['MSISDN'];
$db->query_insert(MSCTBL, $data);
} else {
$db->query_update(MSCTBL, $data, " `MSISDN` = '" . $_POST['MSISDN'] . "' ");
$data['MSISDN'] = $_POST['MSISDN'];
}
echo json_encode($data);
} elseif ($_GET['action'] == 'authenticate' && !empty($_POST['MSISDN']) && !empty($_POST['TMSI'])) {
$sql = "SELECT * FROM " . MSCTBL . " WHERE `MSISDN` = '" . $_POST['MSISDN'] . "' AND `TMSI` = '" . $_POST['TMSI'] . "'";
$row = $db->query_first($sql);
if (empty($row)) {
$error_dat['status'] = "error";
$error_dat['reason'] = "Device Not Registered...";
} else {
$error_dat['RAND'] = genRandKey(128);
$error_dat['RES'] = resGen($error_dat['RAND'], $row['Ki'], 128);
$error_dat['status'] = "success";
$db->query_update("users", array('fonction_id' => $new_fonctions), "id = " . $val[0]);
break;
## ADD NEW USER ##
## ADD NEW USER ##
case "add_new_user":
//Check KEY
if ($_POST['key'] != $_SESSION['key']) {
//error
exit;
}
// Check if user already exists
$db->query("SELECT id, fonction_id, groupes_interdits, groupes_visibles FROM " . $pre . "users WHERE login LIKE '" . mysql_real_escape_string(stripslashes($_POST['login'])) . "'");
$data = $db->fetch_array();
if (empty($data['id'])) {
//Add user in DB
$new_user_id = $db->query_insert("users", array('login' => htmlspecialchars_decode($_POST['login']), 'pw' => encrypt(string_utf8_decode($_POST['pw'])), 'email' => $_POST['email'], 'admin' => $_POST['admin'] == "true" ? '1' : '0', 'gestionnaire' => $_POST['manager'] == "true" ? '1' : '0', 'read_only' => $_POST['read_only'] == "true" ? '1' : '0', 'personal_folder' => $_POST['personal_folder'] == "true" ? '1' : '0', 'fonction_id' => $_POST['manager'] == "true" ? $_SESSION['fonction_id'] : '0', 'groupes_interdits' => $_POST['manager'] == "true" ? $data['groupes_interdits'] : '0', 'groupes_visibles' => $_POST['manager'] == "true" ? $data['groupes_visibles'] : '0'));
//Create personnal folder
if ($_POST['personal_folder'] == "true") {
$db->query_insert("nested_tree", array('parent_id' => '0', 'title' => $new_user_id, 'bloquer_creation' => '0', 'bloquer_modification' => '0', 'personal_folder' => '1'));
}
//Create folder and role for domain
if ($_POST['new_folder_role_domain'] == "true") {
//create folder
$new_folder_id = $db->query_insert("nested_tree", array('parent_id' => 0, 'title' => mysql_real_escape_string(stripslashes($_POST['domain'])), 'personal_folder' => 0, 'renewal_period' => 0, 'bloquer_creation' => '0', 'bloquer_modification' => '0'));
//Add complexity
$db->query_insert("misc", array('type' => 'complex', 'intitule' => $new_folder_id, 'valeur' => 50));
//Create role
$new_role_id = $db->query_insert("roles_title", array('title' => mysql_real_escape_string(stripslashes($_POST['domain']))));
//Associate new role to new folder
$db->query_insert('roles_values', array('folder_id' => $new_folder_id, 'role_id' => $new_role_id));
//Add the new user to this role
}
echo '[{"text":"' . $texte . '</table><div style=\'margin-left:5px;\'><input type=\'checkbox\' id=\'item_deleted_select_all\' /> <img src=\\"includes/images/arrow-repeat.png\\" title=\\"' . $txt['restore'] . '\\" style=\\"cursor:pointer;\\" onclick=\\"restoreDeletedItems()\\"> <img src=\\"includes/images/bin_empty.png\\" title=\\"' . $txt['delete'] . '\\" style=\\"cursor:pointer;\\" onclick=\\"reallyDeleteItems()\\"></div>"}]';
break;
#----------------------------------
#CASE admin want to restaure a list of deleted items
#----------------------------------
#CASE admin want to restaure a list of deleted items
case "restore_deleted__items":
//restore FOLDERS
if (count($_POST['list_f']) > 0) {
foreach (explode(';', $_POST['list_f']) as $id) {
$data = $db->query_first("\r\n\t\t\t\t\tSELECT valeur\r\n\t\t FROM " . $pre . "misc\r\n\t\t WHERE type = 'folder_deleted'\r\n\t\t AND intitule = '" . $id . "'");
if ($data['valeur'] != 0) {
$folder_data = explode(',', $data['valeur']);
//insert deleted folder
$db->query_insert('nested_tree', array('id' => $folder_data[0], 'parent_id' => $folder_data[1], 'title' => $folder_data[2], 'nleft' => $folder_data[3], 'nright' => $folder_data[4], 'nlevel' => $folder_data[5], 'bloquer_creation' => $folder_data[6], 'bloquer_modification' => $folder_data[7], 'personal_folder' => $folder_data[8], 'renewal_period' => $folder_data[9]));
//delete log
$db->query("DELETE FROM " . $pre . "misc WHERE type = 'folder_deleted' AND intitule= '" . $id . "'");
}
}
}
//restore ITEMS
if (count($_POST['list_i']) > 0) {
foreach (explode(';', $_POST['list_i']) as $id) {
$db->query_update("items", array('inactif' => '0'), 'id = ' . $id);
//log
$db->query("INSERT INTO " . $pre . "log_items VALUES ('" . $id . "','" . mktime(date('H'), date('i'), date('s'), date('m'), date('d'), date('y')) . "','" . $_SESSION['user_id'] . "','at_restored','')");
}
}
break;
#----------------------------------
$ldap_connection = false;
}
if ($debug_ldap == 1) {
fputs($dbg_ldap, "After authenticate : " . $adldap->get_last_error() . "\n\n\n" . "ldap status : " . $ldap_connection . "\n\n\n");
//Debug
}
}
//Check if user exists in cpassman
$sql = "SELECT * FROM " . $pre . "users WHERE login = '******'";
$row = $db->query($sql);
$proceed_identification = false;
if (mysql_num_rows($row) > 0) {
$proceed_identification = true;
} elseif (mysql_num_rows($row) == 0 && $ldap_connection == true) {
//If LDAP enabled, create user in CPM if doesn't exist
$new_user_id = $db->query_insert("users", array('login' => $username, 'pw' => $password, 'email' => "", 'admin' => '0', 'gestionnaire' => '0', 'personal_folder' => $_SESSION['settings']['enable_pf_feature'] == "1" ? '1' : '0', 'fonction_id' => '0', 'groupes_interdits' => '0', 'groupes_visibles' => '0', 'last_pw_change' => mktime(date('h'), date('m'), date('s'), date('m'), date('d'), date('y'))));
//Create personnal folder
if ($_SESSION['settings']['enable_pf_feature'] == "1") {
$db->query_insert("nested_tree", array('parent_id' => '0', 'title' => $new_user_id, 'bloquer_creation' => '0', 'bloquer_modification' => '0', 'personal_folder' => '1'));
}
//Get info for user
$sql = "SELECT * FROM " . $pre . "users WHERE login = '******'";
$row = $db->query($sql);
$proceed_identification = true;
}
if ($proceed_identification === true) {
//User exists in the DB
$data = $db->fetch_array($row);
// Can connect if
// 1- no LDAP mode + user enabled + pw ok
// 2- LDAP mode + user enabled + ldap connection ok + user is not admin
<?php
$db = new Database($db_host, $db_username, $db_password, $db_name);
$db->connect();
$err = "";
if (isset($_POST['submit']) && $_POST['submit'] != "") {
$error = 0;
if ($_POST['address'] == "") {
$error++;
}
if ($_POST['lat'] == "") {
$error++;
}
if ($_POST['lng'] == "") {
$error++;
}
if ($error == 0) {
$insert_array['eyo_admin_id'] = $_SESSION['user_id'];
$insert_array['full_address'] = $_POST['address'];
$insert_array['lat'] = $_POST['lat'];
$insert_array['lng'] = $_POST['lng'];
if ($db->query_insert($TABLE_EYO_MAP, $insert_array)) {
$err = "Map saved succesfully";
}
} else {
$err = "Please select valid position from the map";
}
}
$sql = "SELECT * from " . $TABLE_EYO_MAP . " order by id desc";
$map_result = $db->fetch_all_array($sql);
//get full tree dependencies
require_once "NestedTree.class.php";
$tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
$tree = $tree->getDescendants($_POST['folder'], true);
if (isset($_POST['allowed']) and $_POST['allowed'] == 1) {
//case where folder was allowed but not any more
foreach ($tree as $node) {
//Store in DB
$db->query_delete('roles_values', array('folder_id' => $node->id, 'role_id' => $_POST['role']));
}
} else {
if ($_POST['allowed'] == 0) {
//case where folder was not allowed but allowed now
foreach ($tree as $node) {
//Store in DB
$db->query_insert('roles_values', array('folder_id' => $node->id, 'role_id' => $_POST['role']));
}
}
}
echo 'httpRequest("sources/roles.queries.php","type=rafraichir_matrice");';
echo '$("#div_loading").hide();';
break;
}
} else {
if (!empty($_POST['edit_fonction'])) {
$id = explode('_', $_POST['id']);
//Update DB
$db->query_update('roles_title', array('title' => mysql_real_escape_string(stripslashes(utf8_decode($_POST['edit_fonction'])))), "id = " . $id[1]);
//Show value
echo $_POST['edit_fonction'];
}
break;
###########################################################
#CASE for refreshing all Personal Folders
###########################################################
#CASE for refreshing all Personal Folders
case "admin_action_check_pf":
//get through all users
$rows = $db->fetch_all_array("SELECT id,login,email FROM " . $pre . "users ORDER BY login ASC");
foreach ($rows as $record) {
//update PF field for user
$db->query_update('users', array('personal_folder' => '1'), "id='" . $record['id'] . "'");
//if folder doesn't exist then create it
$data = $db->fetch_row("SELECT COUNT(*) FROM " . $pre . "nested_tree WHERE title = '" . $record['id'] . "' AND parent_id = 0");
if ($data[0] == 0) {
//If not exist then add it
$db->query_insert("nested_tree", array('parent_id' => '0', 'title' => $record['id'], 'personal_folder' => '1'));
} else {
//If exists then update it
$db->query_update('nested_tree', array('personal_folder' => '1'), array("title" => $record['id'], 'parent_id' => '0'));
}
}
//Delete PF for deleted users
$db->query("\r\n\t\t\tDELETE " . $pre . "nested_tree\r\n \t\tFROM " . $pre . "nested_tree\r\n \t\tLEFT JOIN " . $pre . "users\r\n \t\tON " . $pre . "nested_tree.title = " . $pre . "users.id\r\n \t\tWHERE " . $pre . "users.id IS NULL AND " . $pre . "nested_tree.parent_id=0 AND " . $pre . "nested_tree.title REGEXP ('[0-9]')\r\n \t");
//rebuild fuild tree folder
require_once 'NestedTree.class.php';
$tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
$tree->rebuild();
echo '[{"result" : "pf_done"}]';
break;
###########################################################
#CASE for deleting all items from DB that are linked to a folder that has been deleted
$resAlertImeiInfo = $db->query($getAlertImeiInfo);
if ($db->affected_rows == 0) {
$getAlertInfo = "SELECT * FROM tb_geoalertinfo WHERE tgai_geoAssignId = " . $aid;
$resAlertInfo = $db->query($getAlertInfo);
if ($db->affected_rows == 0) {
if ($_GET[inoutFlag] == $_GET[inoutPoint]) {
$smsStatus = sendSMSAlert($aid);
if ($smsStatus) {
$data['tgai_assignDevId'] = $devImei;
$data['tgai_geoAssignId'] = $aid;
$data['tgai_inoutStatus'] = 0;
$data['tgai_alertCount'] = 1;
$data['tgai_alertType'] = $_GET[inoutPoint];
$data['tgai_reachdevTime1'] = date("Y-m-d H:i:s", strtotime($_GET[devDateTime]));
//print_r($data);
if ($db->query_insert("tb_geoalertinfo", $data)) {
$res = 1;
} else {
$res = 0;
}
echo "SMS";
}
}
}
} else {
$fetAlertImeiInfo = $db->fetch_array($resAlertImeiInfo);
if ($fetAlertImeiInfo[tgai_geoAssignId] == $aid) {
if ($fetAlertImeiInfo[tgai_inoutStatus] == 0) {
if ($_GET[inoutFlag] != $_GET[inoutPoint]) {
$data['tgai_inoutStatus'] = 1;
$data['tgai_reachdevTime2'] = date("Y-m-d H:i:s", strtotime($_GET[devDateTime]));
function sendAlert($geoAssId, $devDateTime)
{
$db = new Database(DB_SERVER, DB_USER, DB_PASS, DB_DATABASE);
$db->connect();
$getData = "SELECT * FROM tb_assigngeofence,tb_deviceinfo,tb_geofence_info,tb_clientinfo WHERE ci_id = tag_clientId AND tgi_id = tag_geofenceId AND di_id = tag_diId AND tag_id = " . $geoAssId;
$resData = mysql_query($getData);
if (@mysql_affected_rows() > 0) {
$fetData = mysql_fetch_assoc($resData);
//print_r($fetData);
$getReseller = "select * from tb_clientinfo where ci_id = " . $fetData[ci_clientId];
$resReseller = mysql_query($getReseller);
$fetReseller = @mysql_fetch_assoc($resReseller);
//print_r($fetReseller);
if ($fetData[di_deviceName]) {
$devName = $fetData[di_deviceName];
} else {
$devName = $fetData[di_deviceId];
}
if ($fetData[tag_inout] == "in") {
$status = "entered zone";
} else {
$status = "left zone";
}
$info = $devName . " has " . $status . " " . $fetData[tgi_name] . " at " . date("d M Y H:i:s", strtotime($devDateTime)) . " " . $fetData[tag_alertType] . " " . $fetData[tag_alertSrc];
if ($fetData[tag_alertType] == "Email") {
$to = $fetData[tag_alertSrc];
$sub = "Geofence Alert - " . $fetReseller[ci_clientName];
$msg = "<b>Dear " . ucfirst($fetData[ci_clientName]) . "! </b><br><br>Vehicle " . $devName . " has " . $status . " " . $fetData[tgi_name] . " at " . date("d M Y H:i", strtotime($devDateTime)) . "<br><br> - " . $fetReseller[ci_weburl];
$fr = $fetReseller[ci_clientName];
//echo $msg;
//exit;
$mailres = sendSMTPMail($to, $sub, $msg, $fetReseller[ci_clientName], $fetReseller[ci_smtpHostname], $fetReseller[ci_smtpUsername], $fetReseller[ci_smtpPassword], $fetReseller[ci_smtpUsername]);
$mailString = $to . "," . $fetReseller[ci_clientName] . "," . $fetReseller[ci_smtpHostname] . "," . $fetReseller[ci_smtpUsername] . "," . $fetReseller[ci_smtpPassword] . "," . $fetReseller[ci_smtpUsername] . "," . $mailres;
writeGeoData(date("d-m-Y", strtotime($devDateTime)), date("H:i:s", strtotime($devDateTime)), strip_tags($info), $mailString);
$maildata['tmi_email'] = $to;
$maildata['tmi_tgai_id'] = $geoAssId;
$maildata['tmi_mailResult'] = $mailres;
$maildata['tmi_message'] = urlencode($msg);
$maildata['tmi_mailType'] = "GEOALERT";
//print_r($maildata);
//exit;
if ($db->query_insert("tb_mail_info", $maildata)) {
return 1;
} else {
return 0;
}
} else {
if ($fetData[tag_alertType] == "Mobile") {
$from = "";
$to_nos = explode(',', $fetData[tag_alertSrc]);
foreach ($to_nos as $to) {
if ($to != "") {
$msg = "Dear " . ucfirst($fetData[ci_clientName]) . "! " . $devName . " has " . $status . " " . $fetData[tgi_name] . " at " . date("H:i:s", strtotime($devDateTime)) . " - " . $fetData[ci_weburl];
$smsres = sendGatewaySMS($from, $to, $msg, $fetReseller[ci_smsGatewayUri], $fetReseller[ci_smsGatewayUsername], $fetReseller[ci_smsGatewayPassword], $fetReseller[ci_smsGatewaySenderId]);
}
}
$smsString = $fetData[tag_alertSrc] . "," . $fetReseller[ci_smsGatewayUri] . "," . $fetReseller[ci_smsGatewayUsername] . "," . $fetReseller[ci_smsGatewayPassword] . "," . $fetReseller[ci_smsGatewaySenderId] . "," . $smsres;
writeGeoData(date("d-m-Y", strtotime($devDateTime)), date("H:i:s", strtotime($devDateTime)), strip_tags($info), $smsString);
$smsdata['tsi_mobileno'] = $fetData[tag_alertSrc];
$smsdata['tsi_tgai_id'] = $geoAssId;
$smsdata['tsi_smsResult'] = $smsres;
$smsdata['tsi_message'] = urlencode($msg);
$smsdata['tsi_smsType'] = "GEOALERT";
//print_r($smsdata);
//exit;
if ($db->query_insert("tb_smsinfo", $smsdata)) {
return 1;
} else {
return 0;
}
}
}
//exit;
//return 1;
}
}
