<?php
include_once dirname(__FILE__) . '/core/partials/pageCheck.php';
include_once dirname(__FILE__) . '/partials/permissionCheck.php';
include_once dirname(__FILE__) . '/classes/media.php';
$thisPage = "mediaManager";
$return = 20;
$offset = Utility::getRequestVariable('offset', 0);
$filters = "";
// should we get from param?
$class = new Media($userID, $tenantID);
$count = $class->getEntityCount($filters);
$media = $class->getEntities($filters, $return, $offset);
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title><?php
echo Utility::getTenantProperty($applicationID, $_SESSION['tenantID'], $userID, 'title');
?>
</title>
<?php
include "partials/includes.php";
?>
<link rel="stylesheet" type="text/css" href="static/css/mediaManager.css" />
<script type="text/javascript" src="js/jquery.form.min.js"></script>
<script type="text/javascript" src="js/bootpag.min.js"></script>
<script src="js/mediaManager.js" type="text/javascript"></script>
<script src="js/workingPanel.js" type="text/javascript"></script>
$classfile = $classpath . $type . '.php';
if (!file_exists($classfile)) {
header(' ', true, 500);
Utility::debug('Unable to instantiate class for ' . $type . ' Classfile does not exist. Looking for: ' . $classfile, 9);
echo 'Internal error. Unable to process entity.';
die;
}
include_once $classfile;
$classname = ucfirst($type);
// class names start with uppercase
$class = new $classname($userID, $tenantID);
$id = 0;
if (isset($_GET["id"])) {
$id = $_GET["id"];
}
$parentid = Utility::getRequestVariable('parentid', 0);
$entity = '';
if ($id > 0) {
try {
$entity = $class->getEntity($id, $tenantID, $userID);
} catch (Exception $ex) {
Service::returnError($ex->getMessage());
}
}
?>
<form id="<?php
echo $type;
?>
Form" class="form-horizontal" action="<?php
echo $class->getDataServiceURL();
?>
<?php
include_once dirname(__FILE__) . '/../partials/pageCheck.php';
include_once dirname(__FILE__) . '/../classes/database.php';
include_once dirname(__FILE__) . '/../classes/utility.php';
include_once dirname(__FILE__) . '/../classes/service.php';
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$event = Utility::getRequestVariable('event', 'unknown event');
$entityType = Utility::getRequestVariable('entityType', 'unknown entity');
$entityId = Utility::getRequestVariable('entityId', 0);
$query = "INSERT INTO event (event,entityType,entityId,userId,sessionId,tenantId) values (";
$query .= Database::queryString($event);
$query .= ',' . Database::queryString($entityType);
$query .= ',' . Database::queryNumber($entityId);
$query .= ',' . Database::queryNumber($userID);
$query .= ',' . Database::queryString(session_id());
$query .= ',' . Database::queryNumber($tenantID);
$query .= ")";
$errorMsg = '';
try {
Database::executeQuery($query);
} catch (Exception $ex) {
$errorMsg = $ex->getMessage();
}
if (strlen($errorMsg) > 0) {
Service::returnError($errorMsg);
} else {
Service::returnJSON('{result: true}');
}
} else {
echo "Unsupported HTTP method.";
<?php
/* a utility service to update the sort order on a page within a page Collection
* get parameters are:
* collection: name of the pageCollection to update (e.g. 'home')
* pageid: id of the page
* sort: new sort/sequence number for the page
*/
include_once dirname(__FILE__) . '/../partials/pageCheck.php';
include_once dirname(__FILE__) . '/../classes/utility.php';
include_once dirname(__FILE__) . '/../classes/service.php';
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$collection = Utility::getRequestVariable("collection", "");
$pageid = Utility::getRequestVariable("pageid", "");
$sort = Utility::getRequestVariable("sort", "");
if ($collection == "") {
Service::returnError('collection parameter is required.');
}
if ($pageid == "") {
Service::returnError('pageid parameter is required.');
}
if ($sort == "") {
Service::returnError('sort parameter is required.');
}
if (!$user->hasRole('admin', $tenantID)) {
Service::returnError('Access denied.', 403);
}
$query = "call setPageSortOrderForCollection(" . Database::queryString($collection) . "," . Database::queryNumber($pageid) . "," . Database::queryNumber($sort) . "," . Database::queryNumber($tenantID) . ");";
Database::executeQuery($query);
$json = '{"success":true}';
Service::returnJSON($json);
<?php
include_once dirname(__FILE__) . '/classes/config.php';
include_once Config::$core_path . '/classes/utility.php';
session_start();
// perform all steps to flush user and clear state: right now userID is only remnant
// do need to keep tenant, though, for branding
$tenantID = $_SESSION['tenantID'];
Log::endSession(session_id());
session_destroy();
// create new session to save tenantID
session_start();
session_regenerate_id(true);
$flushed = true;
if (Utility::getRequestVariable('flush', 'no') != 'yes') {
$_SESSION['tenantID'] = $tenantID;
$flushed = false;
}
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Food Finder: Logout</title>
<?php
include "partials/includes.php";
?>
</head>
<body>
Log::debug('Non admin user (id=' . $userID . ', session_id=' . session_id() . ') attempted to access admin.php page', 10);
header('Location: ../403.php');
die;
}
$newtenant = Utility::getRequestVariable('newtenant', 0);
// verify user can access requested tenant, then switch & force reload
if ($newtenant > 0 && $newtenant != $tenantID) {
if ($user->canAccessTenant($newtenant)) {
$_SESSION['tenantID'] = $newtenant;
$tenantID = $newtenant;
header("Refresh:0");
} else {
echo 'Sorry - can\'t switch that tenant. No sure how that happened . . .';
}
}
$flush = Utility::getRequestVariable('flushCache', 'no');
if ($flush == "yes" || $flush == "true") {
Cache::flushCache();
$message = "Cache flushed.";
}
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title><?php
echo Utility::getTenantProperty($applicationID, $_SESSION['tenantID'], $userID, 'title');
?>
</title>
<?php
<?php
include dirname(__FILE__) . '/../partials/pageCheck.php';
include_once dirname(__FILE__) . '/../classes/core/database.php';
include_once dirname(__FILE__) . '/../classes/core/utility.php';
$batchId = Utility::getRequestVariable('id', 0);
$action = Utility::getRequestVariable('action', 'status');
if ($batchId == 0) {
echo 'id parameter must be specified';
header(' ', true, 400);
die;
}
if ($action == 'cancel') {
Utility::debug('Canceling batch ' . $batchId . '...', 5);
$result = Utility::cancelBatch($batchId, $tenantID, $userID);
if (!$result) {
echo 'Unable to cancel batch.';
header(' ', true, 404);
} else {
$response = '{"status": "canceled"}';
header('Content-Type: application/json');
echo $response;
}
} else {
Utility::debug('Checking batch status for batch ' . $batchId, 9);
$result = Utility::getBatchStatus($batchId, $tenantID, $userID);
if (!$result) {
echo 'Batch status not found.';
header(' ', true, 404);
} else {
if ($r = mysqli_fetch_array($result)) {
<?php
include dirname(__FILE__) . '/core/partials/pageCheck.php';
include_once dirname(__FILE__) . '/core/classes/utility.php';
$thisPage = Utility::getRequestVariable('type', 'finder');
$zoom = Utility::getRequestVariable('zoom', 0);
$list = Utility::getRequestVariable('list', 0);
$selectedLocation = Utility::getRequestVariable('location', 0);
Log::logPageView('finder', 0, 'list=' . $list . '&selectedLocation=' . $selectedLocation);
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title><?php
echo Utility::getTenantProperty($applicationID, $_SESSION['tenantID'], $userID, 'title');
?>
: Finder</title>
<?php
include "partials/includes.php";
?>
<link rel="stylesheet" type="text/css" href="static/css/map.css" />
<script src="js/main.js"></script>
<script type="text/javascript" src="https://maps.googleapis.com/maps/api/js?key=AIzaSyB9Zbt86U4kbMR534s7_gtQbx-0tMdL0QA&libraries=places"></script>
</head>
<body>
<div id="topPart">
<?php
<?php
// a service that allows clients to request and receive lists of locations on a specified route
include dirname(__FILE__) . '/../core/partials/pageCheck.php';
include_once dirname(__FILE__) . '/../core/classes/database.php';
include_once dirname(__FILE__) . '/../core/classes/utility.php';
include_once dirname(__FILE__) . '/../core/classes/service.php';
if ($_SERVER['REQUEST_METHOD'] == "GET") {
$origin = Utility::getRequestVariable("origin", "");
$destination = Utility::getRequestVariable("destination", "");
$maxDetour = Utility::getRequestVariable("maxDetour", "25");
// default is 25 miles
$numToReturn = Utility::getRequestVariable("return", "10");
// default is 10
$categories = Utility::getRequestVariable("categories", '');
$errMessage = '';
$o = explode(',', $origin);
if (!isset($o[1])) {
$errMessage = 'Invalid origin coordinates.';
} else {
$originLong = $o[1];
$originLat = $o[0];
}
$o = explode(',', $destination);
if (!isset($o[1])) {
$errMessage = 'Invalid destination coordinates.';
} else {
$destLong = $o[1];
$destLat = $o[0];
}
$filter = getFilter($categories);
<?php
/*
* The idea of a region page is that it encapsulates a bunch of locations within a particular region, which could be a state, a region of a state, a city, etc.
* It will have a map of locations (defined by a query/list) as well as a headnote introducing and a series of pages/features hanging off of it
*/
include dirname(__FILE__) . '/core/partials/pageCheck.php';
include dirname(__FILE__) . '/core/classes/propertyBag.php';
include_once dirname(__FILE__) . '/core/classes/log.php';
include_once Config::$root_path . '/classes/productCollection.php';
$thisPage = "region";
$errMessage = "";
$region = Utility::getRequestVariable('region', 'none');
if ($region == 'none') {
$errMessage = "Hmm. Something went wrong. No valid region specified.";
} else {
$stateList = Utility::getTenantProperty($applicationID, $tenantID, $userID, 'enabledStates');
if (!is_null($stateList)) {
$stateArray = explode(",", strtoupper($stateList));
if (!in_array(strtoupper($region), $stateArray)) {
$errMessage = "That is not a valid region.";
} else {
Log::logPageView('region', 0, $region);
}
}
}
// retrieve properties for this region
$propertyBag = new PropertyBag($userID, $tenantID);
$bagName = 'region' . $region . 'Properties';
?>
<!DOCTYPE html>
protected function getEntityCountQuery($filters)
{
$query = '';
$name = Utility::getRequestVariable('name', '');
if (strlen($name) > 0) {
$query = "call countLocationsBySearchCriteria(" . $this->tenantid . "," . Database::queryString($name) . ")";
} else {
$query = parent::getEntityCountQuery($filters);
}
return $query;
}
include_once dirname(__FILE__) . '/../core/classes/database.php';
include_once dirname(__FILE__) . '/../core/classes/utility.php';
include_once dirname(__FILE__) . '/../core/classes/service.php';
include_once dirname(__FILE__) . '/../core/classes/imageHandler.php';
include_once dirname(__FILE__) . '/../classes/media.php';
include_once dirname(__FILE__) . '/../classes/location.php';
include_once dirname(__FILE__) . '/../' . Config::$cdn_classfile;
Utility::Debug('files.php invoked ', 5);
if ($_SERVER['REQUEST_METHOD'] == "GET") {
Service::returnError('Method not supported.');
} elseif ($_SERVER['REQUEST_METHOD'] == "POST") {
if (count($_FILES) == 0) {
Service::returnError('No files submitted or files unable to be received. Current maximum file size is ' . ini_get("upload_max_filesize") . ' and total upload max size is ' . ini_get("post_max_size") . '.');
}
// if a locationid is included on post, all files submitted will be linked to specified location
$locationid = Utility::getRequestVariable('locationid', 0);
if ($locationid > 0) {
$location = new Location($userID, $tenantID);
if (!$location->userCanEdit($locationid, $user)) {
Log::debug('User ' . $userID . ' attempted unauthorized edit of location id=' . $locationid, 9);
Service::returnError('User does not have permission to edit specified location', 401);
}
}
// build array of files. These need to match the Media class fields
$files = array();
if (!array_key_exists("importFile", $_FILES)) {
Service::returnError('Unable to find "importFile" key in $FILES array.', 400);
}
for ($i = 0; $i < count($_FILES["importFile"]["name"]); $i++) {
$file = array("id" => 0, "url" => '', "name" => $_FILES["importFile"]["name"][$i], "type" => $_FILES["importFile"]["type"][$i], "tmp_name" => $_FILES["importFile"]["tmp_name"][$i], "description" => "", "metadata" => "", "public" => 0);
array_push($files, $file);
<?php
include_once dirname(__FILE__) . '/classes/config.php';
include Config::$core_path . '/partials/pageCheck.php';
include_once Config::$core_path . '/classes/database.php';
include_once Config::$core_path . '/classes/utility.php';
include_once Config::$core_path . '/classes/user.php';
include_once Config::$core_path . '/partials/requireSSL.php';
$thisPage = "login";
Utility::debug("login.php: logging in user.", 5);
$username = '';
$password = '';
$remember_choice = false;
$successURL = 'index.php';
$context = Utility::getRequestVariable('context', '');
$requestMethod = $_SERVER['REQUEST_METHOD'];
if (isset($_POST['username'])) {
$username = trim(htmlspecialchars($_POST['username']));
}
if (isset($_POST['password'])) {
$password = trim(htmlspecialchars($_POST['password']));
}
if (isset($_POST['remember_me'])) {
$remember_choice = trim($_POST["remember_me"]);
}
if (isset($_POST['successURL'])) {
$successURL = $_POST['successURL'];
}
if (isset($_POST['source'])) {
$source = $_POST['source'];
}
< <div id="mapOptions" class="mapOptions">
<p class="center">Show Only:</p>
<form id="displayOptionsForm">
<?php
/* to do: add logic to remember users settings across page loads */
$categories = Utility::getRequestVariable('categories', '');
if (strlen($categories) > 0) {
$cat_array = explode(',', $categories);
}
foreach (Utility::getList('categories', $tenantID, $userID) as $category) {
$selected = '';
if (strlen($categories) > 0) {
if (in_array($category['id'], $cat_array, false)) {
$selected = ' checked';
}
}
echo '<div class="checkbox">';
echo ' <label><input type="checkbox" class="categoryInput" value="' . $category['id'] . '" name="' . $category['name'] . '"' . $selected . '> ';
echo '<img src="' . $category['icon'] . '">' . $category['name'] . '</label>';
echo '</div>';
}
?>
</form>
</div>
$search = Utility::getRequestVariable('search', '');
// keeping this old parameter for backwards compatibility; return is preferred
$numToReturn = Utility::getRequestVariable('numToLoad', 0);
if ($numToReturn == 0) {
$numToReturn = Utility::getRequestVariable('return', 10);
}
if ($numToReturn > 100) {
$numToReturn = 100;
// let's not get crazy, people.
}
$offset = Utility::getRequestVariable('offset', 0);
$listId = Utility::getRequestVariable('list', 0);
if ($listId == 0) {
$listId = Utility::getRequestVariable('entityList', 0);
}
$descending = Utility::getRequestVariable('desc', 'false');
try {
$class = ClassFactory::getClass($type, $userID, $tenantID);
} catch (Exception $ex) {
Service::returnError('Unknown or uncreatable type: ' . $type, 400, 'entitiesService?type=' . $type);
}
if ($_SERVER['REQUEST_METHOD'] == "GET") {
if ($listId > 0) {
// a list was requested here. Different handling than regular entity set
try {
$totalEntities = $class->getEntityCountForList($listId);
$entities = $class->getEntitiesFromList($listId, $numToReturn, $offset);
} catch (Exception $ex) {
$message = 'Unable to retrieve ' . $type . ' set count: ' . $ex->getMessage();
Service::returnError($message);
}
/* a utility page that generates the SQL for the specified entity
* needs type as GET parameter (e.g. generateSQL.php?type=patient)
*/
include_once dirname(__FILE__) . '/../core/partials/pageCheck.php';
include_once dirname(__FILE__) . '/../core/classes/service.php';
include_once dirname(__FILE__) . '/../core/classes/dataentity.php';
include_once dirname(__FILE__) . '/../classes/application.php';
include_once dirname(__FILE__) . '/../classes/config.php';
// must be an super user to access this page
if ($userID == 0 || $user && !$user->hasRole('superuser', $tenantID)) {
Log::debug('Non super user (id=' . $userID . ') attempted to access generateSQL.php page', 10);
$path = Config::getSiteRoot() . '/403.php';
header('Location: ' . $path);
die;
}
$type = Utility::getRequestVariable('type', '');
if (strlen($type) < 1) {
Service::returnError('Please specify a type');
}
$coretypes = array('tenant', 'tenantSetting', 'tenantProperty', 'category', 'menuItem', 'page', 'pageCollection', 'content', 'tenantContent', 'entityList', 'entityListItem', 'propertyBag');
if (!in_array($type, $coretypes, false) && !in_array($type, Application::$knowntypes, false)) {
// unrecognized type requested can't do much from here.
Service::returnError('Unknown type: ' . $type, 400, 'entityService?type=' . $type);
}
$classpath = dirname(__FILE__) . '/../classes/';
if (in_array($type, $coretypes, false)) {
// core types will be in core subfolder
$classpath = Config::$core_path . '/classes';
}
// include appropriate dataEntity class & then instantiate it
$classfile = $classpath . '/' . $type . '.php';
$thisPage = "service_proto";
include dirname(__FILE__) . '/../core/partials/pageCheck.php';
include_once dirname(__FILE__) . '/../core/classes/database.php';
include_once dirname(__FILE__) . '/../core/classes/utility.php';
//session_start();
Utility::debug('Executing service_proto.php', 1);
// retrive required parameters
$center_lat = $_GET["center_lat"];
$center_long = $_GET["center_lng"];
$return = Utility::getRequestVariable("return", 10);
$start = Utility::getRequestVariable("start", 0);
$categories = Utility::getRequestVariable("categories", '');
$tenantID = $_SESSION['tenantID'];
$listId = Utility::getRequestVariable('list', 0);
if ($listId == 0) {
$listId = Utility::getRequestVariable('entityList', 0);
}
Utility::debug('Executing service_proto.php with return=' . $return . " list=" . $listId, 5);
// connect to database
//$con=mysqli_connect(Database::$server,Database::$user,Database::$password,Database::$database);
$con = mysqli_connect(Config::$server, Config::$user, Config::$password, Config::$database);
if (!$con) {
header(' ', true, 500);
echo 'Service unavailable.';
die;
} else {
$filter = '';
if (strlen($categories) > 0) {
// may be a little overkill, but want to ensure nothing but integers get passed into category id list
$idlist = explode("|", $categories, 10);
$separator = "";
<?php
include dirname(__FILE__) . '/core/partials/pageCheck.php';
include_once dirname(__FILE__) . '/core/classes/log.php';
include_once dirname(__FILE__) . '/core/classes/format.php';
include_once Config::$root_path . '/classes/feature.php';
include_once Config::$root_path . '/classes/media.php';
include_once Config::$root_path . '/classes/display.php';
$thisPage = "feature";
$siteName = Utility::getTenantProperty($applicationID, $_SESSION['tenantID'], $userID, 'title');
$id = Utility::getRequestVariable('id', 0);
$errorMsg = "";
$preview = "";
if ($id == 0) {
$errorMsg = "You must specify a valid feature id.";
} else {
try {
$class = new Feature($userID, $tenantID);
$feature = $class->getEntity($id);
$hasImage = false;
if (strtolower($feature["status"]) != "published") {
// if contributor, allow to preview and add preview stripe
if ($user->hasRole("admin", $tenantID) || $user->hasRole("contributor", $tenantID)) {
$preview = "You are previewing a feature that is currently in <strong>" . $feature["status"] . '</strong> status.';
} else {
$errorMsg = "We don't seem to be able to find what you're looking for.";
}
} else {
// don't log page views for unpublished feature: distorts counts
Log::logPageView('feature', $id, '');
}
<?php
/*
* Processes KML file to import locations from a Google Map
* Uses Google Places API to get location data
*/
include_once dirname(__FILE__) . '/../classes/core/database.php';
include_once dirname(__FILE__) . '/../classes/core/utility.php';
include_once dirname(__FILE__) . '/../classes/googlePlaces.php';
Utility::debug('processKML.php: processing KML file', 5);
$source = Utility::getRequestVariable('source', '');
$batchid = Utility::getRequestVariable('batchid', 0);
$tenantid = Utility::getRequestVariable('tenantid', 0);
ignore_user_abort();
Utility::debug('Source: ' . $source . ', batch: ' . $batchid, 5);
try {
$xml = simplexml_load_file($source);
if (!$xml) {
Utility::debug('Unable to load xml file.' . $xml, 2);
} else {
Utility::debug('Xml file loaded:' . $xml, 5);
}
} catch (Exception $e) {
Utility::debug('Unable to load xml file: ' . $e->getMessage(), 1);
die;
}
$itemscomplete = 0;
$count = 0;
$places = new GooglePlaces();
$exceptions;
$exceptionCount = 0;
