public function getFaultLogView($start = 0, $limit = 30, $searchTerm = '')
{
$sql = "\n SELECT\n *\n FROM\n errorlogs\n WHERE\n 1=1\n ";
if ($searchTerm) {
$sql .= " AND logActions LIKE '%" . db::escapechars($searchTerm) . "%'";
}
$sql .= "ORDER BY logged DESC";
$sql .= " LIMIT " . $start . "," . $limit;
$results = db::returnallrows($sql);
return $results;
}
public function documentSearch($searchTerm, $status = '1', $startpoint = '0', $limit = '20')
{
$cleanTerm = db::escapechars(strip_tags($searchTerm));
if (db::escapechars($startpoint) > 0) {
$start = db::escapechars($startpoint);
} else {
$start = 0;
}
if (db::escapechars($limit) > 0) {
$quantity = db::escapechars($limit);
} else {
$quantity = 20;
}
$sql = "SELECT * FROM\n class_documents\n WHERE\n (\n document_name LIKE '%" . $cleanTerm . "%'\n OR\n document_description LIKE '%" . $cleanTerm . "%'\n OR\n document_location LIKE '%" . $cleanTerm . "%'\n )\n AND\n document_state='" . db::escapechars($status) . "'\n ORDER BY\n document_name ASC\n LIMIT " . $start . ", " . $quantity;
$result = db::returnallrows($sql);
return $result;
}
public function getQuestionList($quizid)
{
// Grab all questions for a quiz
$sql = "SELECT\n *\n FROM\n quiz_questions\n WHERE\n quiz_id='" . db::escapechars($quizid) . "'\n ORDER BY\n question_position\n ASC";
$quesionList = db::returnallrows($sql);
return $quesionList;
}
?>
</span>
</div>
</div>
<div class="row clearfix"><br/></div>
<?php
}
?>
<div class="row">
<div class="col-lg-12">
<h2>Search Results</h2>
<p>
Searching for the word / phrase "<?php
echo db::escapechars($searchTerm);
?>
"
</p>
<?php
if (count($classSearch) > 0) {
?>
<table class="table table-striped">
<tr>
<th>Title</th>
<th colspan="2">Description</th>
</tr>
<?php
foreach ($classSearch as $result) {
?>
<tr>
public function deleteRegister($registerid)
{
$sql = "UPDATE class_register SET register_status='9' WHERE registerid='" . db::escapechars($registerid) . "' LIMIT 1";
$deleteRegister = db::execute($sql);
if ($purgeMessage) {
// Log the activity
$logType = "Register";
$logValue = $this->usernametorealname($_SESSION['username']) . "(" . $_SESSION['username'] . ") deleted a register (" . db::escapechars($registerid) . ") ";
$this->logevent($logType, $logValue);
return true;
} else {
// Log the fault in the system
$logValue = $this->usernametorealname($_SESSION['username']) . "(" . $_SESSION['username'] . ") failed deleting a register: " . db::escapechars($sql);
$this->logfault($logValue);
return faluse;
}
}
public function resetPassword($userid, $seededpassword, $newpasswd = '')
{
$userid = db::escapechars($userid);
$newpasswd = db::escapechars($newpasswd);
if (is_null($newpasswd)) {
$newpassword = $this->generatePassword();
} else {
$newpassword = $newpasswd;
}
$newpasswordmd5 = md5($newpassword . $seededpassword);
$sql = "UPDATE\n users\n SET\n password='******'\n WHERE\n userid='{$userid}'\n LIMIT 1";
$resetpass = db::execute($sql);
if ($resetpass) {
// Log the activity
$logType = "Reset Password";
$IPAddress = $_SERVER["REMOTE_ADDR"];
$myusername = $_SESSION['username'];
$theirusername = $this->useridtoname($userid);
$logValue = "{$myusername} reset user password for user ( {$theirusername} )";
$this->logevent($logType, $logValue);
// Email user with reset notification
$message = "<h2>Password Reset</h2><p>Hello, a reset password request was sent for your account ({$theirusername}).</p><p>Your new password is {$newpassword}</p><p>You should log on and change this as soon as possible</p>";
$this->emailUser($userid, 'Password Reset', $message);
return true;
} else {
return false;
}
}
public function maintainauth()
{
// Maintain Authentication using session variables and a connection to the DB
if ($_SESSION['username'] == "" || $_SESSION['passwd'] == "" || $_SESSION['utype'] == "") {
if ($_POST['username'] !== "" && $_POST['passwd'] !== "" && $_POST['z'] == "login") {
// Authenticating against scripts so allow through this check script
return 'authing';
} else {
// Log in form required
return 'noauth';
}
} else {
/*
*
* Should be authenticated ok but always check the authentication
* in case SESSION vars are being tampered with
*
*/
$username = db::escapechars($_SESSION['username']);
$sql = "SELECT * FROM users WHERE username = '******'";
$result = db::returnrow($sql);
if ($result) {
// If there is a match set the session variables
if ($_SESSION['passwd'] == $result['password']) {
$_SESSION['username'] = $username;
$_SESSION['passwd'] = $_SESSION['passwd'];
$_SESSION['utype'] = $result['user_type'];
return 'auth';
} else {
// Stored data doesn't match that passed to it - log the activity and destroy data
// Log the spurious activity
$logType = "Session Auth";
$IPAddress = $_SERVER["REMOTE_ADDR"];
$logValue = db::escapechars($_SESSION['username']) . " Tried Session maintain - Failed auth maintain from {$IPAddress}";
$this->logevent($logType, $logValue);
// Kill the session variables and give an error message
$_SESSION['username'] = "";
$_SESSION['passwd'] = "";
$_SESSION['utype'] = "";
// return failure
return "fail";
session_destroy();
return 'noauth';
}
} else {
// Couldn't get the username - need to authenticate again because something is wrong
return 'noauth';
}
}
}
$ObjAuth = new authentication();
require_once '../src/core/controller/akonga.php';
$ObjAkonga = new akonga();
// <-- END CORE LOAD MECHANISMS
// Run Firewall Checks before hitting authentication
if ($myApp['firewall'] == "on") {
if ($ObjFirewall->runIPcheck() != true) {
// Your IP address is not in the approved range or implicit speicification
require_once '../web/core/security/ipviolation.php';
exit;
}
}
if ($_SESSION['username'] != "") {
if ($_SESSION['utype'] >= '1') {
$urlVars = explode("/", $_SERVER['REQUEST_URI']);
$contentUUID = db::escapechars(trim($urlVars[3]));
require_once '../src/core/controller/content.php';
$ObjContent = new content();
$docID = $ObjContent->convertUUIDToDocumentID($contentUUID);
// Grab file information from the DB
$file_info = $ObjContent->getSingleDocument($docID);
$downloadFile = ".." . $file_info['document_location'];
$downloadFileNameArray = explode("/", $downloadFile);
$downloadFileName = $downloadFileNameArray[4];
if (file_exists($downloadFile)) {
// Get the file information from the file system
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime_type = finfo_file($finfo, $downloadFile);
// Set the headers for the download
header("Content-Disposition: attachment; filename=\"{$downloadFileName}\";");
header("Content-Type: {$mime_type}");
$b = db::escapechars(trim($_POST['y']));
// function
$c = db::escapechars(trim($_POST['z']));
// file
} else {
// Split the URL into the load functions and possible variable entities
$urlVars = explode("/", $_SERVER['REQUEST_URI']);
$a = db::escapechars(trim($urlVars[2]));
// module
$b = db::escapechars(trim($urlVars[3]));
// function
$c = db::escapechars(trim($urlVars[4]));
// file
$d = db::escapechars(trim($urlVars[5]));
// var1
$e = db::escapechars(trim($urlVars[6]));
// var2
}
// ------ Sort out account type for header bar information for easy Browser-based account checking -->
if ($_SESSION['utype'] == '9') {
// User is an ADMIN
$accountType = "Admin";
} else {
if ($_SESSION['utype'] == '5') {
// User is a TEACHER
$accountType = "Teacher";
} else {
// User is a PUPIL
$accountType = "Student";
}
}
public function purgeDiary($classid, $teacherid)
{
// Check if owner of the class or if an administrator
$classInfo = $this->getClassInformation($classid);
if ($classInfo['teacher_id'] == $teacherid || $_SESSION['utype'] >= 8) {
$sql = "DELETE FROM\n class_diary\n WHERE\n class_id='" . db::escapechars($classid) . "'\n AND\n item_status='9'";
$purge = db::execute($sql);
if ($purge) {
// Log the activity
$logType = "Classes";
$logValue = db::escapechars($_SESSION['username']) . " Purged class diary events - " . db::escapechars($classid);
$this->logevent($logType, $logValue);
return true;
} else {
// Log the activity
$logValue = db::escapechars($_SESSION['username']) . " Failed Purging class diary events - " . db::escapechars($sql);
$this->logfault($logValue);
return false;
}
} else {
return false;
}
}
require_once 'src/core/controller/admin.php';
$ObjAdmin = new admin();
if ($d) {
// Start Value for the log list
if ($d) {
$start = $d;
}
// Limit value which defaults back to thirty and doesn't permit more than 100 items to display
if ($e && $e < 100) {
$limit = db::escapechars($e);
} else {
$limit = 30;
}
// If search criteria exists then utilise that in results else just pull everything
if ($f) {
$search = db::escapechars($f);
} else {
$search = "";
}
// Set pagination
$previous = $start - $limit;
if ($previous < 0) {
$previous = 0;
}
$next = $start + $limit;
} else {
$start = 0;
$limit = 30;
$search = "";
$previous = 0;
$next = 30;
public function getUserIcon($userid, $iconsize = '30')
{
// Icons stored against userid
$filepath = "/docstore/users/" . db::escapechars(strip_tags($userid)) . "/userImg.png";
// Check file exists on the system
if (file_exists($filepath)) {
// Return image path
return $filepath;
} else {
// Default Icon only
return "/web/img/defaultUser.png";
}
}
public function saveRule($rule_id, $start_ip, $end_ip, $rule_state)
{
$sql = "UPDATE\n firewall_rules\n SET\n start_ip='" . db::escapechars($start_ip) . "',\n end_ip='" . db::escapechars($end_ip) . "',\n rule_state='" . db::escapechars($rule_state) . "'\n date_modified=NOW()\n WHERE\n rule_id='" . db::escapechars($rule_id) . "'\n LIMIT 1";
$updateFirewall = db::execute($sql);
if ($removeItem) {
// Log activity
$logType = "Firewall";
$logValue = db::escapechars($_SESSION['username']) . " updated a firewall rule - " . db::escapechars($ruleid);
$this->logevent($logType, $logValue);
return true;
} else {
// Log failure
$logValue = db::escapechars($_SESSION['username']) . " Failed updating a firewall rule - " . db::escapechars($sql);
$this->logfault($logValue);
return false;
}
}
public function addHashtag($hashtag, $userid)
{
if ($hashtag) {
$hashtagStripped = str_replace('@', '', $hashtag);
$hashtagStripped = str_replace('#', '', $hashtagStripped);
$sql = "INSERT INTO tweetSearch SET ";
if (substr($hashtag, 0, 1) == "@") {
$sql .= " accountID='" . db::escapechars($hashtagStripped) . "'";
} else {
$sql .= " hashtag='" . db::escapechars($hashtagStripped) . "'";
}
$sql .= " , userID='" . db::escapechars($userid) . "'";
$result = db::execute($sql);
if ($result) {
$logType = "";
$myusername = $this->useridtorealname($userid);
$logValue = "{$myusername} created a hashtag or username (" . db::escapechars($hashtagStripped) . ")";
$this->logevent($logType, $logValue);
return true;
} else {
$this->logfault('ADD HASHTAG', "TRYING TO UNDERTAKE: " . $sql);
return false;
}
} else {
return false;
}
}
public function deleteContent($contentid)
{
$sql = "UPDATE class_documents SET\n document_state='0'\n WHERE\n document_id='" . $this->convertUUIDToContentID(db::escapechars($contentid)) . "'\n LIMIT 1";
$deleteContent = db::execute($sql);
if ($deleteContent) {
// Content soft-deleted so log event
$logevent = "Content Soft-Delete : " . db::escapechars($_SESSION['username']) . " deleted document " . db::escapechars($contentid);
$this->logevent('Content', $logevent);
} else {
// Could not delete the item
$logfault = $this->logfault(db::escapechars($sql));
}
}
public function purgedeleted($userid)
{
$sql = "DELETE FROM user_messages WHERE userid='" . db::escapechars(userid) . "' AND message_state='9'";
$purgeMessage = db::execute($sql);
if ($purgeMessage) {
// Log the activity
$logType = "Messaging";
$logValue = $this->usernametorealname($_SESSION['username']) . "(" . $_SESSION['username'] . ") purged messages ";
$this->logevent($logType, $logValue);
return true;
} else {
// Log the fault in the system
$logValue = $this->usernametorealname($_SESSION['username']) . "(" . $_SESSION['username'] . ") failed purging messages: " . db::escapechars($sql);
$this->logfault($logValue);
return false;
}
}
