/**
* Create a Columnator Object.
* @param array $props This is the properties that the Columnator will use to display.
* <pre>
* $props = array ( 'attribs' => 'array ( 'style' => 'display:none ), // Optional,
* // Attributes that will be stamped on the div that is generated
* // if not supplied will be empty array.
* // Need to supply if the primary key is not simple column name
* 'suffix' => 'V', // Optional, suffix for the action variable for Columnator
* // useful when there is a numbner on the screen
* // if not supplied one will be generated based on the number of
* // Columnator that are generated
* 'request_vars' => 'CEMID', // Optional, regexpression or individual name of any request
* // vars that are to be copied to the response vars (chained vars)
* 'init_column' => 'fldDate', // Optional, Initial Coloumn to be sorted
* 'init_order' => 'DESC', // Optional, initial direction
* );
* </pre>
*/
public function __construct($props = [])
{
parent::__construct();
$this->attribs = isset($props['attribs']) ? $props['attribs'] : [];
$suffix = isset($props['suffix']) ? $props['suffix'] : Invocation::next();
$this->navVar = self::navVar($suffix);
$initPattern = isset($props['request_vars']) ? $props['request_vars'] : '';
$this->respVars = new Response($initPattern);
$initialVars = self::$columnation;
$initialVars[self::SORT_COL] = isset($props['init_column']) ? $props['init_column'] : '';
$initialVars[self::SORT_ORDER] = isset($props['init_order']) ? $props['init_order'] : '';
// ensyre that they have been set
$requestColumnVars = Request::get($this->navVar, []);
foreach ($initialVars as $key => $val) {
$this->set($key, isset($requestColumnVars[$key]) ? $requestColumnVars[$key] : $val);
}
// Get the current settings
$this->sortColumn = $this->formVars[self::SORT_COL];
$this->sortOrder = $this->formVars[self::SORT_ORDER];
if (!isset($this->sortOrder) || $this->sortOrder == false || !in_array($this->sortOrder, ['ASC', 'DESC'])) {
$this->sortOrder = 'ASC';
}
$this->styles[self::COL_LINK_CLASS] = 'jb-collink';
$this->styles[self::COL_BUTTON_CLASS] = 'jb-colbutton';
}
public static function display($menuClasses = null)
{
$id = 'MenuUtils_display' . Invocation::next();
$jsLibraries = JS::libraryWithDependancies(JS::JQUERY_UI);
$activeMenu = Request::get(self::ACTIVE_MENU, 0);
$js = <<<JS
\$().ready ( function () {
\$( '#{$id}' ).show()
.accordion({
collapsible: true,
active: {$activeMenu}
});
});
JS;
$html = '';
$html .= Tag::div(['id' => $id, 'style' => 'font-size: 0.8em; width:250px; text-align:left; display:none;']);
foreach (self::getMenuItems($menuClasses) as $header => $menuList) {
$html .= Tag::hTag('h3') . Tag::hRef('#', $header) . Tag::_hTag('h3') . Tag::div() . Tag::ul();
foreach ($menuList as $row) {
$html .= Tag::li();
if (isset($row['slug'])) {
$html .= Tag::hRef(Cfg::siteUrl() . '/menu.php?S=' . $row['slug'], $row['name'], $row['attribs']);
} else {
$html .= Tag::hRef($row['url'], $row['name'], $row['attribs']);
}
$html .= Tag::_li();
}
$html .= Tag::_ul() . Tag::_div();
}
$html .= Tag::_div();
return $jsLibraries . JS::javaScript($js) . $html;
}
public function xls($tName = '')
{
if (($tableName = Request::get('tblName', $tName)) == '') {
exit;
}
XLS::output(DB::query(DB::DEF, 'SELECT * FROM ' . $tableName), $tableName);
}
public function resetSave()
{
if (($confirm = Request::get('fldConfirm')) == '' || $confirm != 'RESET CONFIG') {
return Widget::popupWrapper('Invalid response, Reset cancelled', -1, 'Action Cancelled') . $this->index();
} else {
DB::exec(DB::DEF, 'DELETE FROM tblConfig');
return Widget::popupWrapper('All configuration data has been erased', -1, 'Reset Complete') . $this->index();
}
}
public static function check()
{
// If we do not have jackbooted database then have no CSRFGuard
if (!Cfg::get('jb_db', false)) {
return true;
}
// If the variable is not there then assume all good
if (($csrfKey = Request::get(CSRFGuard::KEY)) == '') {
return true;
}
return self::valid($csrfKey);
}
private static function checkPriviliages($action)
{
if (!Cfg::get('check_priviliages', false)) {
return $action;
}
if (($loginAction = Privileges::access($action)) === false) {
return false;
}
if (is_string($loginAction) && isset($_SERVER["REQUEST_URI"])) {
Request::set(self::SAVE_URL, $_SERVER["REQUEST_URI"]);
$action = $loginAction;
}
return $action;
}
public static function check()
{
if (($val = Request::get(self::KEY)) == '') {
return self::NOGUARD;
} else {
$values = explode(self::DELIM, $val);
if (count($values) != 6) {
return 'Incorrect TimeGuard format';
} else {
if ($values[0] != G::get('fldUser', 'GUEST')) {
return 'The user has changed in the submission of this url';
} else {
if ($values[1] != $_SERVER['HTTP_HOST']) {
return 'Host server has been compromised';
} else {
if ($values[2] != $_SERVER['HTTP_USER_AGENT']) {
return 'Browser has been compromised';
} else {
if ($values[3] != session_id()) {
return 'PHP Session ID has been compromised';
} else {
if (strpos($_SERVER['SCRIPT_NAME'], $values[4]) === false) {
return 'URL has been reused for target file name';
} else {
$diff = time() - $values[5];
if ($diff < 0 || $diff > self::EXPIRY) {
return 'URL has expired';
} else {
return true;
}
}
}
}
}
}
}
}
}
protected function zoom()
{
$siteUrl = Cfg::siteUrl();
$html = '';
$html .= JS::library(JS::JQUERY);
// Get the current Pin
$url = Request::get('url');
$jQuery = <<<JS
var currentXPos = 0;
var currentYPos = 0;
var IE = document.all?true:false
if (!IE) document.captureEvents(Event.MOUSEMOVE);
document.onmousemove = getMouseXY;
function getMouseXY(e) {
if (IE) { // grab the x-y pos.s if browser is IE
currentXPos = event.clientX + document.body.scrollLeft;
currentYPos = event.clientY + document.body.scrollTop;
} else { // grab the x-y pos.s if browser is NS
currentXPos = e.pageX;
currentYPos = e.pageY;
}
if (currentXPos < 0) currentXPos = 0;
if (currentYPos < 0) currentYPos = 0;
return true;
}
function movePinToCursor () {
var offs = \$('#baseImage').offset();
\$('#PinTop').attr ( 'value', '' + parseInt ( currentYPos - offs.top ) );
\$('#PinLeft').attr ( 'value', '' + parseInt ( currentXPos - offs.left ) );
}
JS;
$html .= JS::javaScript($jQuery);
$html .= Tag::img($siteUrl . $url, ['title' => 'Click on this image to move the Pin', 'id' => 'baseImage', 'onClick' => 'movePinToCursor();', 'name' => 'voodoo_image']);
$html .= '<br>X' . Tag::text('PinLeft', '', ['size' => 4, 'id' => 'PinLeft']);
$html .= '<br>Y' . Tag::text('PinTop', '', ['size' => 4, 'id' => 'PinTop']);
return $html;
}
public static function access($action = null)
{
if (!Cfg::get('check_priviliages')) {
return true;
}
if ($action == null) {
$action = Request::get(WebPage::ACTION);
}
if (isset(self::$cache[$action])) {
return self::$cache[$action];
}
if (($priviliagesIDs = self::getPriviliageIDs($action)) === false) {
self::$log->warn('No priviliages found for action: ' . $action);
return self::$cache[$action] = true;
}
$uid = G::get('fldUserID', '0');
$groupIDs = self::getGroupIDs($uid);
$params = [];
$privIdIn = DB::in($priviliagesIDs, $params);
$params[] = $uid;
$params[] = (int) G::get('fldLevel', 7);
$groupIn = DB::in($groupIDs, $params);
$now = time();
$sql = <<<SQL
SELECT count(*) FROM tblSecPrivUserMap
WHERE fldPrivilegeID IN ( {$privIdIn} )
AND ( fldStartDate=0 OR fldStartDate < {$now} )
AND ( fldEndDate=0 OR fldEndDate > {$now} )
AND ( ( fldUserID IS NOT NULL AND fldUserID<>'' AND fldUserID=? ) OR
( fldLevelID IS NOT NULL AND fldLevelID<>'' AND fldLevelID>=? ) OR
fldGroupID IN ( {$groupIn} ) )
SQL;
if (DB::oneValue(DB::DEF, $sql, $params) > 0) {
return self::$cache[$action] = true;
}
return self::canLogin($priviliagesIDs);
}
public static function img()
{
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache');
header('Content-type: image/jpeg');
$captchaValue = Request::get('_CP1');
$hatch = Request::get('_CP4');
$fontAngle = 0.0;
//$fontFile = dirname ( __FILE__ ) . '/fonts/luggerbu.ttf';
//$fontFile = dirname ( __FILE__ ) . '/fonts/Alanden_.ttf';
$fontFile = dirname(__FILE__) . '/fonts/WAVY.TTF';
$fontSize = 16.0;
$box = imagettfbbox($fontSize, $fontAngle, $fontFile, $captchaValue);
$min_x = min([$box[0], $box[2], $box[4], $box[6]]);
$max_x = max([$box[0], $box[2], $box[4], $box[6]]);
$min_y = min([$box[1], $box[3], $box[5], $box[7]]);
$max_y = max([$box[1], $box[3], $box[5], $box[7]]);
$w = ($max_x - $min_x) * 1.1;
$h = ($max_y - $min_y) * 1.4;
$im = imagecreatetruecolor($w, $h) or die('Cannot Initialize new GD image stream');
$background_color = imagecolorallocate($im, 50, 50, 50);
// Write the text
imagettftext($im, $fontSize, $fontAngle, 4, $h - 4, self::textColor($im), $fontFile, $captchaValue);
// Hatch
for ($i = -$h; $i < $w; $i += $hatch) {
imageline($im, $i, 0, $i + $h, $h, self::lineColor($im));
imageline($im, $i, $h, $i + $h, 0, self::lineColor($im));
}
// Output
imagejpeg($im);
imagedestroy($im);
exit;
}
public function deleteItem()
{
$id = Request::get('fldID');
Scheduler::factory(['id' => $id])->delete();
return Widget::popupWrapper('Deleted Item: ' . $id) . $this->index();
}
public static function check(Request $request)
{
if (($formVarLen = $request->count()) == 0) {
return true;
}
foreach ($request as $key => $val) {
if (in_array($key, self::$knownFields)) {
$formVarLen--;
}
}
if ($formVarLen <= 0) {
return true;
}
if (($checksum = $request->getVar(self::CHECKSUM)) == '') {
$request->clear();
if (Cfg::get('jb_tamper_detail', false)) {
return 'Checksum Variable Missing from the request.';
} else {
self::$log->error('Checksum Variable Missing from the request: ' . $_SERVER['SCRIPT_NAME']);
return false;
}
} else {
if (!is_array($checksum)) {
$request->clear();
if (Cfg::get('jb_tamper_detail', false)) {
return 'Checksum Variable not an array.';
} else {
self::$log->error('Checksum Variable not an array: ' . $_SERVER['SCRIPT_NAME']);
return false;
}
} else {
if (count($checksum) != 2) {
$request->clear();
if (Cfg::get('jb_tamper_detail', false)) {
return 'Checksum Variable not 2 elements.';
} else {
self::$log->error('Checksum Variable not 2 elements: ' . $_SERVER['SCRIPT_NAME']);
return false;
}
} else {
if (!empty($checksum[0])) {
$keys = explode(',', $checksum[0]);
$allVariablesJoined = $checksum[0];
foreach ($keys as $key) {
$allVariablesJoined .= $request->getRaw($key);
}
} else {
$allVariablesJoined = '';
}
if (md5($allVariablesJoined) != $checksum[1]) {
$request->clear();
if (Cfg::get('jb_tamper_detail', false)) {
return 'Checksum failed md5(' . $allVariablesJoined . ')<>' . $checksum[1];
} else {
self::$log->error('The checksum has failed. The request variables have been tampered: ' . $_SERVER['SCRIPT_NAME']);
return false;
}
self::$log->error('The checksum has failed. The request variables have been tampered. ' . $_SERVER['SCRIPT_NAME']);
} else {
return true;
}
}
}
}
}
public function sourceCode()
{
$fileName = Request::get('fldFileName', __FILE__);
$code = strtr(file_get_contents($fileName), array('&' => '&', '<' => '<'));
// http://sunlightjs.com/
$html = <<<HTML
<link rel="stylesheet" type="text/css" href="http://www.brettdutton.com/prism/themes/sunlight.default.css" />
<script type="text/javascript" src="http://www.brettdutton.com/prism/sunlight-min.js"></script>
<script type="text/javascript" src="http://www.brettdutton.com/prism/lang/sunlight.php-min.js"></script>
<pre class="sunlight-highlight-php">{$code}</pre>
<script type="text/javascript">Sunlight.highlightAll( );</script>
HTML;
return $html;
}
/**
* @param string $matches
* @return Response
*/
public function copyVarsFromRequest($matches = '/.*/')
{
if (!preg_match('/^\\/.*\\/$/', $matches)) {
$matches = '/^' . $matches . '$/';
}
foreach (Request::get() as $key => $val) {
if (preg_match($matches, $key)) {
$this->set($key, $val);
}
}
return $this;
}
public function sendPW()
{
$sql = 'SELECT fldUserID FROM tblUser WHERE fldUser=?';
if (($id = DB::oneValue(DB::DEF, $sql, Request::get('fldEmail'))) === false) {
$msg = 'This email does not exist on this system.<br>' . 'Either choose a new email address or register as new customer.' . $this->forgotPassword();
} else {
$pw = Password::passGen(10, Password::MEDIUM);
if (DB::driver() == DB::MYSQL) {
$sql = 'UPDATE tblUser SET fldPassword=PASSWORD(?) WHERE fldUserID=?';
DB::exec(DB::DEF, $sql, [$pw, $id]);
} else {
$sql = 'UPDATE tblUser SET fldPassword=? WHERE fldUserID=?';
DB::exec(DB::DEF, $sql, [hash('md5', $pw), $id]);
}
// Update the Database with the new Password combo
$boss = Cfg::get('boss');
$desc = Cfg::get('desc');
// create the email message to notify about a password request
$body = '<h3>User requested password<br>Email: <b>%s</b></h3><br>From %s';
Mailer::envelope()->format(Mailer::HTML_TEXT)->from(Request::get('fldEmail'))->to($boss)->subject('User requested password')->body(sprintf($body, Request::get('fldEmail'), $desc))->send();
$body = <<<TXT
Message from %s
Here are your login details
Password: %s
Regards
%s
TXT;
// create the email message to notify the user of his/her login details
Mailer::envelope()->from($boss)->to(Request::get('fldEmail'))->subject('Login Request ' . $desc)->body(sprintf($body, $desc, $pw, $desc))->send();
$msg = 'Soon you will receive an email that will contain your login details.';
}
return Widget::popupWrapper($msg, -1);
}
protected function insertRows()
{
$rowsToInsert = (int) Request::get('rows');
$insertedCnt = 0;
for ($i = 0; $i < $rowsToInsert; $i++) {
$params = array_merge($this->insDefaults, $this->where);
$paramValues = null;
if (Cfg::get('jb_db', false)) {
$params[$this->primaryKey] = DBMaintenance::dbNextNumber($this->db, $this->tableName);
}
$sql = 'INSERT INTO ' . $this->tableName;
if (count($params) > 0) {
$sql .= ' (' . join(',', array_keys($params)) . ') ' . 'VALUES (' . DB::in(array_values($params), $paramValues) . ')';
}
$insertedCnt += $this->exec($sql, $paramValues);
}
if ($insertedCnt > 0) {
$this->paginator->setRows($this->getRowCount());
}
return 'Inserted ' . $insertedCnt . ' row' . StringUtil::plural($insertedCnt) . Tag::br();
}
public function saveConfig()
{
Config::put(Request::get('fldCfgKey'), Request::get('fldCfgValue'));
return Widget::popupWrapper('Saved Config Item: ' . Request::get('fldCfgKey'), 1000, 'Save Config Message') . $this->index();
}
/**
* Generates a radio awlwct box from almost anything
* @param array $displayList
* @param array $attribs html attributes to generate
* @param string $defaultValue matches the key in the displayList
* @param boolean $blank true if you want to generate a blank row
* @returns string The resulting HTML
*/
static function radio($name, $displayList, $attribs = array())
{
// If an array is here
if (is_array($displayList) && count($displayList) > 0) {
if (isset($attribs['side'])) {
$side = $attribs['side'];
unset($attribs['side']);
} else {
$side = 'left';
}
if (isset($attribs['default'])) {
$defaultValue = $attribs['default'];
unset($attribs['default']);
} else {
$defaultValue = Request::get($name, null);
}
$tag = array();
$idx = 0;
foreach ($displayList as $key => $val) {
if (is_int($key)) {
$key = $val;
}
$key = trim($key);
$attribs['id'] = $name . $idx++;
$label = Tag::label($attribs['id'], ucwords(strtolower($val)));
$radio = Tag::radio($name, $key, $defaultValue == $key, $attribs);
if ($side == 'left') {
$tag[$attribs['id']] = $label . ' ' . $radio;
} else {
$tag[$attribs['id']] = $radio . ' ' . $label;
}
}
} else {
if (is_object($displayList) && $displayList instanceof DBTable) {
$newDisplayList = array();
for ($i = 0; $i < $displayList->getRowCount(); $i++) {
$key = $displayList->getValue(0, $i);
$val = $displayList->getColumnCount() > 1 ? $displayList->getValue(1, $i) : $key;
$newDisplayList[' ' . $key] = $val;
}
$tag = self::radio($name, $newDisplayList, $attribs);
} else {
if (is_string($displayList)) {
$table = new DBTable(DB::DEF, $displayList, null, DB::FETCH_NUM);
$tag = self::radio($name, $table, $attribs);
} else {
if (isset($attribs['default'])) {
$tag = Tag::hidden($name, $attribs['default']);
} else {
$tag = false;
}
}
}
}
return $tag;
}
protected function runCommand()
{
$cmd = Request::get('CMDTEXT');
echo '<pre>';
echo htmlspecialchars(system($cmd, $return_var));
echo '</pre>';
return $this->askCommand() . '<br/>Returned Value: ' . $return_var;
}
/**
* Calls the function specified by the incoming ajax request
*
*/
public function execute()
{
if ($this->executed) {
return;
}
$this->executed = true;
if (($function = Request::get('plxf')) == '') {
return;
}
$args = Request::get('plxa', array());
if (function_exists("json_decode")) {
foreach ($args as &$val) {
if (preg_match('/<plxobj[^>]*>(.|\\n|\\t|\\r)*?<\\/plxobj>/', $val, $matches)) {
$val = json_decode(substr($matches[0], 8, -9));
}
}
}
$response = '';
$parts = explode("::", $function);
switch (count($parts)) {
// Function Call
case 1:
$response = call_user_func_array($function, $args);
break;
// Object Call
// Object Call
case 2:
if (isset($this->objectMethods[$parts[0]])) {
$objectInfo = $this->objectMethods[$parts[0]];
$response = call_user_func_array(array($objectInfo['ref'], $parts[1]), $args);
} else {
$response = call_user_func_array(array($parts[0], $parts[1]), $args);
}
break;
default:
$response = '';
break;
}
if (is_bool($response)) {
$response = (int) $response;
} else {
if (function_exists("json_encode") && (is_array($response) || is_object($response))) {
$response = json_encode($response);
}
}
echo Tag::hTag('phplivex'), $response, Tag::_hTag('phplivex');
exit;
}
public function editAccountSave()
{
$uid = Request::get('fldUserID', G::get('fldUserID'));
$messages = [];
$sqls = [];
$params = [];
$pw = Request::get('fldPassword');
$pwCheck = Request::get('fldPassword_CHK');
$pwOld = Request::get('fldPassword_OLD');
if ($pw != '' && $pwCheck != '') {
if (!$this->checkOldPassword($uid, $pwOld)) {
$messages[] = '<font color=red>Old Password is not correct<font>';
} else {
if ($pw != $pwCheck) {
$messages[] = '<font color=red>Passwords are not the same<font>';
} else {
if ($pwOld == $pw) {
$messages[] = '<font color=red>No Change, old and new passwords same<font>';
} else {
if (DB::driver() == DB::MYSQL) {
$sqls[] = 'UPDATE tblUser SET fldPassword=PASSWORD(?),fldModified=UNIX_TIMESTAMP() WHERE fldUserID=?';
$params[] = [$pw, $uid];
} else {
$sqls[] = 'UPDATE tblUser SET fldPassword=?,fldModified=strftime(\'%s\',\'now\') WHERE fldUserID=?';
$params[] = [hash('md5', $pw), $uid];
}
}
}
}
}
$sqls[] = 'UPDATE tblUser SET fldSalutation=?,fldModified=' . time() . ' WHERE fldUserID=?';
$params[] = [Request::get('fldSalutation'), $uid];
if (Request::get('fldFirstName') == '') {
$messages[] = '<font color=red>First name cannot be empty<font>';
} else {
$sqls[] = 'UPDATE tblUser SET fldFirstName=?,fldModified=' . time() . ' WHERE fldUserID=?';
$params[] = [Request::get('fldFirstName'), $uid];
}
if (Request::get('fldLastName') == '') {
$messages[] = '<font color=red>Last name cannot be empty<font>';
} else {
$sqls[] = 'UPDATE tblUser SET fldLastName=?,fldModified=' . time() . ' WHERE fldUserID=?';
$params[] = [Request::get('fldLastName'), $uid];
}
if (Request::get('fldTimeZone') != '') {
$sqls[] = 'UPDATE tblUser SET fldTimeZone=?,fldModified=' . time() . ' WHERE fldUserID=?';
$params[] = [Request::get('fldTimeZone'), $uid];
}
if (Request::get('fldUser') != '') {
$sqls[] = 'UPDATE tblUser SET fldUser=?,fldModified=' . time() . ' WHERE fldUserID=?';
$params[] = [Request::get('fldUser'), $uid];
}
if (Request::get('fldLevel') != '') {
$sqls[] = 'UPDATE tblUser SET fldLevel=?,fldModified=' . time() . ' WHERE fldUserID=?';
$params[] = [Request::get('fldLevel'), $uid];
}
if (count($messages) != 0) {
return join('<br>', $messages) . $this->editAccount();
} else {
foreach ($sqls as $idx => $sql) {
DB::exec(DB::DEF, $sql, $params[$idx]);
}
if ($uid == G::get('fldUserID')) {
foreach (DB::oneRow(DB::DEF, 'SELECT * FROM tblUser WHERE fldUserID=?', $uid) as $key => $val) {
G::set($key, $val);
}
}
return 'Sucessfully updated user account details' . $this->editAccount();
}
}
/**
* Create a Pagination Object.
* @param array $props This is the properties that the Paginator will use to display.
* <pre>
* $props = array ( 'attribs' => 'array ( 'style' => 'display:none ), // Optional,
* // Attributes that will be stamped on the div that is generated
* // if not supplied will be empty array.
* // Need to supply if the primary key is not simple column name
* 'suffix' => 'V', // Optional, suffix for the action variable for paginator
* // useful when there is a numbner on the screen
* // if not supplied one will be generated based on the number of
* // paginators that are generated
* 'request_vars' => 'CEMID', // Optional, regexpression or individual name of any request
* // vars that are to be copied to the response vars (chained vars)
* 'display_pagesize' => true, // Optional defaults to true. If false the page sizes will not
* // be displayed
* 'rows' => 100, // Optional. Number of rows that the Paginator has to deal with
* // Based on this number and the number of rows per page, the number of
* // pages are calculated
* 'def_num_rows' => 15, // Optional. Number of rows default on this pagination
* );
* </pre>
*/
public function __construct($props = [])
{
parent::__construct();
$this->attribs = isset($props['attribs']) ? $props['attribs'] : [];
$suffix = isset($props['suffix']) ? $props['suffix'] : Invocation::next();
$this->navVar = self::navVar($suffix);
$initPattern = isset($props['request_vars']) ? $props['request_vars'] : '';
$this->respVars = new Response($initPattern);
$this->dispPageSize = isset($props['display_pagesize']) ? $props['display_pagesize'] : true;
$defPagination = array_merge(self::$pagination);
if (isset($props['def_num_rows'])) {
$defPagination[self::ROWS_PER_PAGE] = $props['def_num_rows'];
}
if (!in_array($defPagination[self::ROWS_PER_PAGE], self::$itemsPerPageList)) {
self::$itemsPerPageList[] = $defPagination[self::ROWS_PER_PAGE];
sort(self::$itemsPerPageList);
}
// ensure that they have been set
$requestPageVars = Request::get($this->navVar, []);
foreach ($defPagination as $key => $val) {
$this->set($key, isset($requestPageVars[$key]) ? $requestPageVars[$key] : $val);
}
if (isset($props['rows'])) {
$this->setRows((int) $props['rows']);
}
$this->styles[self::PAGE_LINK_CLASS] = 'jb-pagelink';
$this->styles[self::PAGE_BUTTON_CLASS] = 'jb-pagebuton';
if ($this->getStart() > 0 && $this->getRows() < $this->getPageSize()) {
$this->setStart(0);
}
}
private static function ensureNoForgery()
{
if (!Cfg::get('jb_forgery_check', true)) {
return;
}
// Check if the current script is exempt from forgery check
$fileName = '';
if (isset($_SERVER['SCRIPT_FILENAME'])) {
$fileName = $_SERVER['SCRIPT_FILENAME'];
} else {
if (isset($_SERVER['argv'][0])) {
$fileName = $_SERVER['argv'][0];
}
}
if (in_array(basename($fileName), Cfg::get('exempt', []))) {
return;
}
// Add the known request variables to TamperGuard
foreach (Cfg::get('known', []) as $val) {
TamperGuard::known($val);
}
$message = null;
if (($tg = TimeGuard::check()) !== TimeGuard::NOGUARD) {
if ($tg !== true) {
$message = <<<HTML
Invalid AJAX Request ({$tg})<br/>
%s has detected changes in the URL.<br/>
Please do not manually edit URL or reuse URL (support %s).<br/>
You will be <a href="%s">redirected</a> in %s seconds
<meta HTTP-EQUIV="REFRESH" content="%s; url=%s">
HTML;
}
} else {
if (($reqChk = Request::check()) !== true) {
$reqChk = str_replace('%', '%%', $reqChk);
$message = <<<HTML
Invalid or expired request (URL Error - {$reqChk})<br/>
%s has detected changes in the URL.<br/>
Please do not manually edit URL (support %s).<br/>
You will be <a href="%s">redirected</a> in %s seconds
<meta HTTP-EQUIV="REFRESH" content="%s; url=%s">
HTML;
} else {
if (!CSRFGuard::check()) {
$message = <<<HTML
Invalid Request (CSRF error)<br/>
%s has detected re-submission or form tampering.<br/>
please contact support %s<br/>
You will be <a href="%s">redirected</a> in %s seconds
<meta HTTP-EQUIV="REFRESH" content="%s; url=%s">
HTML;
}
}
}
if ($message != null) {
$seconds = '5';
if (($location = Cfg::get('index')) == '') {
$location = Cfg::siteUrl() . '/index.php';
}
echo sprintf($message, Cfg::get('version'), Cfg::get('boss'), $location, $seconds, $seconds, $location);
exit;
}
}
/**
* Generates the text tag
* @param array $attribs array of attributes to output
* @returns string The resulting HTML
*/
public static function text($name, $value = '', $attribs = [])
{
$extraAttribs = ['name' => $name];
if (!isset($attribs['type'])) {
$extraAttribs['type'] = 'text';
}
if (is_array($value)) {
foreach ($value as $key => $val) {
$extraAttribs[$key] = $val;
}
} else {
if ($value != '') {
$extraAttribs['value'] = $value;
}
}
foreach ($attribs as $key => $val) {
$extraAttribs[$key] = $val;
}
/* Fix this Should be key_exists or something like that */
if (!array_key_exists('value', $extraAttribs)) {
$extraAttribs['value'] = Request::get($name);
}
return self::input($extraAttribs);
}
public function checkLogin()
{
$username = Request::get(self::LOGIN_FNAME);
$password = Request::get(self::PASSW_FNAME);
if (!isset($username) || $username == false || !isset($password) || $password == false) {
return false;
}
if (self::checkAuthenticated($username, $password)) {
self::$log->debug('Killing old session id: ' . session_id());
@session_regenerate_id(true);
self::$log->debug('New session has taken over id: ' . session_id());
self::loadPreferences($username);
self::sendLoginCookie($username, $password);
self::doRedirect();
} else {
return 'Invalid Login Details' . $this->index();
}
}
