Exemple #1
0
 function getNavMenuObj($menuid, $menuAutoGroupFile = null, $params = null)
 {
     if ($params == null) {
         $params = array("dbtable" => _dbtable("links"), "requiredTableList" => _db(true)->getTableList(), "requiredModuleList" => null, "sysdb" => false, "site" => SITENAME);
     }
     if ($menuAutoGroupFile != null) {
         if (file_exists($menuAutoGroupFile)) {
             $json = file_get_contents($menuAutoGroupFile);
             $arrMenu = json_decode($json, true);
             if ($arrMenu == null) {
                 $arrMenu = array();
             } else {
                 foreach ($arrMenu as $a => $b) {
                     if (isset($b['enabled']) && !$b['enabled'] && !$allGenerators) {
                         unset($arrMenu[$a]);
                     }
                 }
             }
         }
     } else {
         $arrMenu = array();
     }
     $sm = new AutoMenus($arrMenu);
     //$sm->printTitle($params['printTitle']);
     $sm->requiredTableList($params['requiredTableList']);
     $sm->requiredModuleList($params['requiredModuleList']);
     $sm->generateSQL($params['site'], $_SESSION["SESS_PRIVILEGE_NAME"], $params['sysdb']);
     return $sm;
 }
Exemple #2
0
function printAvatarPhoto($method)
{
    if (isset($_REQUEST['authorid']) && strlen($_REQUEST['authorid']) > 0) {
        $authorid = explode("@", $_REQUEST['authorid']);
        $authorid = $authorid[0];
        if ($method == "facebook") {
            $url = "http://graph.facebook.com/{$authorid}/picture?type=large";
            //?redirect=false
            $data = file_get_contents($url);
            printAvatar($data, "jpeg");
        } elseif ($method == "gravatar") {
            $url = "http://www.gravatar.com/avatar/" . md5(strtolower(trim($_REQUEST['authorid']))) . "?s=80&d=mm&r=g";
            $data = file_get_contents($url);
            printAvatar($data, "png");
        } elseif ($method == "twitter") {
            $url = "http://avatars.io/twitter/{$authorid}?size=large";
            $data = file_get_contents($url);
            printAvatar($data, "jpeg");
        } elseif ($method == "instagram") {
            $url = "http://avatars.io/instagram/{$authorid}?size=large";
            $data = file_get_contents($url);
            printAvatar($data, "jpeg");
        } elseif ($method == "email") {
            $url = "http://avatars.io/email/{$_REQUEST['authorid']}?size=large";
            $data = file_get_contents($url);
            printAvatar($data, "jpeg");
        } elseif ($method == "logiks") {
            $profilePhoto = APPROOT . APPS_USERDATA_FOLDER . "profile_photos/{$_REQUEST['authorid']}";
            if (file_exists($profilePhoto . ".png")) {
                header("content-type:image/png");
                readfile($profilePhoto . ".png");
            } elseif (file_exists($profilePhoto . ".gif")) {
                header("content-type:image/gif");
                readfile($profilePhoto . ".gif");
            } elseif (file_exists($profilePhoto . ".jpg")) {
                header("content-type:image/jpg");
                readfile($profilePhoto . ".jpg");
            } elseif (file_exists($profilePhoto . ".jpeg")) {
                header("content-type:image/jpeg");
                readfile($profilePhoto . ".jpeg");
            } else {
                printDefaultAvatar();
            }
        } elseif ($method == "photoid") {
            if (!isset($_REQUEST['src'])) {
                $_REQUEST['src'] = getConfig("DBTABLE_AVATAR");
                if (strlen($_REQUEST['src']) <= 0) {
                    $_REQUEST['src'] = _dbtable("avatar");
                }
            }
            $lx = _service("viewphoto") . "&type=view&loc=db&dbtbl={$_REQUEST['src']}&image={$_REQUEST['authorid']}";
            header("Location:{$lx}");
            exit;
        }
    } else {
        printDefaultAvatar();
    }
}
Exemple #3
0
 function registerSettings($name, $value = "", $scope = "default")
 {
     $data = array("userid" => $_SESSION['SESS_USER_ID'], "site" => SITENAME, "scope" => $scope, "name" => $name, "settings" => $value);
     $q = _db(true)->_insertQ1(_dbtable("settings", true), $data);
     $res = _dbQuery($q, true);
     if ($res) {
         return true;
     } else {
         return false;
     }
 }
Exemple #4
0
 function createDataSelector($dbLink, $groupID, $allowNone = true, $format = "select", $orderBy = null, $params = array())
 {
     if (isset($_SESSION['SESS_PRIVILEGE_ID'])) {
         $where = "blocked='false' && groupid='{$groupID}' and (privilege='*' OR FIND_IN_SET('{$_SESSION['SESS_PRIVILEGE_NAME']}',privilege))";
     } else {
         $where = "blocked='false' && groupid='{$groupID}' and privilege='*'";
     }
     if ($orderBy == null) {
         $where .= " ORDER BY title";
     } elseif (strlen($orderBy) > 0) {
         $where .= " ORDER BY {$orderBy}";
     }
     return createDataSelectorFromTable(_db(), _dbtable("lists"), "title", "value", "class", null, $where, null, false, $allowNone, $format, $params);
 }
Exemple #5
0
 function printContent($refID, $category = "", $silent = false, $autoCreate = false)
 {
     $sql = "SELECT title,category,text,blocked FROM " . _dbtable("contents") . " WHERE (ID='{$refID}' OR reflink='{$refID}')";
     if (strlen($category) > 0) {
         $sql .= " AND category='{$category}'";
     }
     $sql .= " AND (site='*' OR site='" . SITENAME . "')";
     $rs = _dbQuery($sql);
     $data = _dbData($rs);
     _dbFree($rs);
     $text = "";
     if (count($data) > 0) {
         if ($data[0]['blocked'] == "false") {
             $text = $data[0]['text'];
         } else {
             if (!$silent) {
                 echo "<div class=divError>";
                 dispErrMessage("Page Content Currently Not Available For <i class='text2'>{$refID}</i><br/><br/>Visit Us Again ...", "Not Available!", "400", "notfound/file.png");
                 echo "</div>";
             }
         }
         if (strlen($text) > 0) {
             echo $text;
             return $data[0]['title'];
         } else {
             if (!$silent) {
                 echo "<div class=divError>";
                 dispErrMessage("Page Content Not Found For <i class='text2'>{$refID}</i>", "Content Not Found OR Missing !", "404", "notfound/file.png");
                 echo "</div>";
             }
             return false;
         }
     } elseif ($autoCreate) {
         $date = date("Y-m-d");
         $cols = "id,reflink,title,category,text,blocked,site,userid,doc,doe";
         $vals = "0,'{$refID}','" . toTitle($refID) . "','{$category}','','false','" . SITENAME . "','auto','{$date}','{$date}'";
         $sql = "INSERT INTO " . _dbtable("contents") . " ({$cols}) VALUES ({$vals})";
         _dbQuery($sql);
         return true;
     }
     return false;
 }
Exemple #6
0
function changePWD()
{
    $userid = $_SESSION["SESS_USER_ID"];
    $tbl = _dbtable("users", true);
    $sql1 = "SELECT pwd FROM {$tbl} WHERE userid='{$userid}'";
    $r = _dbQuery($sql1, true);
    $ra = _dbData($r);
    if (!isset($ra[0])) {
        $q = array("code" => "1", "msg" => "Error In Changing Password (1).");
        echo json_encode($q);
        exit;
    }
    $ra = $ra[0];
    $_POST["old"] = getPWDHash($_POST["old"]);
    $_POST["new"] = getPWDHash($_POST["new"]);
    //printArray($ra);
    //printArray($_POST);
    //exit();
    if ($ra["pwd"] != $_POST["old"]) {
        $q = array("code" => "0", "msg" => "Old Password Doesn't Match. Please Use Correct Credentials. (2)");
        echo json_encode($q);
        exit;
    }
    $oldPwd = $_POST["old"];
    $newPwd = $_POST["new"];
    $date = date("Y-m-d");
    $q = "UPDATE {$tbl} SET pwd = '{$newPwd}', doe = '{$date}' WHERE userid='{$userid}' and pwd='{$oldPwd}'";
    _dbQuery($q, true);
    if (_db(true)->affected_rows() <= 0) {
        $q = array("code" => "0", "msg" => "Old Password Doesn't Match. Please Use Correct Credentials.(3)");
        echo json_encode($q);
    } else {
        $q = array("code" => "1", "msg" => "Successfully Updated Your New Password");
        echo json_encode($q);
    }
}
Exemple #7
0
                 printHeader($doc, $type);
                 printVFile($doc);
                 exit;
             } else {
                 displayLocalImage("images/forbidden.png", "view");
                 exit;
             }
         }
     }
     displayLocalImage("images/warning.png", "view");
 } elseif (strtolower($_REQUEST['loc']) == "dbfile") {
     $dbtbl = "";
     if (isset($_REQUEST['dbtbl'])) {
         $dbtbl = $_REQUEST['dbtbl'];
     } else {
         $dbtbl = _dbtable("files");
     }
     $sql = "SELECT file_name,file_type,file_data,file_size FROM {$dbtbl} WHERE ID=" . $_REQUEST['file'];
     $result = _db()->executeQuery($sql);
     if ($result) {
         if (_db()->recordCount($result) > 0) {
             $record = _db()->fetchData($result);
             $darr = explode(".", $record["file_name"]);
             $ext = $darr[sizeOf($darr) - 1];
             printHeader($record["file_name"], $type);
             echo $record["file_data"];
             exit;
         }
     }
     displayLocalImage("images/warning.png", "view");
 } else {
Exemple #8
0
 function updateUser($attrs = array(), $userID = null, $site = SITENAME)
 {
     if (!isset($_SESSION['SESS_PRIVILEGE_ID']) || $_SESSION['SESS_PRIVILEGE_ID'] > ROLE_PRIME) {
         $site = SITENAME;
         $userID = $_SESSION['SESS_USER_ID'];
     }
     if ($userID == null && isset($_SESSION['SESS_USER_ID'])) {
         $userID = $_SESSION['SESS_USER_ID'];
     }
     if (checkUserID($userID, $site)) {
         $dataUser = $attrs;
         $reqParams = explode(",", getConfig("USER_CREATE_REQUIRED_FIELDS"));
         foreach ($reqParams as $vx) {
             if (isset($dataUser[$vx]) && ($dataUser[$vx] == null || strlen($dataUser[$vx]) <= 0)) {
                 return array("error" => "Missing Field", "field" => $vx);
             }
         }
         //Check PrivilegeID if required
         if (isset($dataUser['privilegeid'])) {
             $privilegeID = $dataUser['privilegeid'];
             $sql = _db(true)->_selectQ(_dbTable("privileges", true), "count(*) as cnt")->_where(array("id" => $privilegeID))->_raw(" AND (site='" . SITENAME . "' OR site='*')");
             $res = _dbQuery($sql, true);
             if (!$res) {
                 return array("error" => "PrivilegeID Query Error");
             }
             $data = _dbData($res, true);
             _dbFree($res, true);
             if ($data[0]['cnt'] <= 0) {
                 return array("error" => "PrivilegeID Not Found This Site {$site}");
             }
         }
         //Check AccessID if required
         if (isset($dataUser['accessid'])) {
             $accessID = $dataUser['accessid'];
             $sql = _db(true)->_selectQ(_dbTable("access", true), "count(*) as cnt")->_where(array("blocked" => 'false', "id" => $accessID))->_raw(" AND (FIND_IN_SET('" . SITENAME . "',sites) OR sites='*')");
             $res = _dbQuery($sql, true);
             if (!$res) {
                 return array("error" => "AccessID Query Error");
             }
             $data = _dbData($res, true);
             _dbFree($res, true);
             if ($data[0]['cnt'] <= 0) {
                 return array("error" => "AccessID Not Found For This Site {$site}");
             }
         }
         $sql = _db(true)->_updateQ(_dbtable("users", true), $dataUser, array("userid" => "{$userID}"));
         $res = _dbQuery($sql, true);
         if ($res) {
             return true;
         }
         return array("error" => "Error In User Updating", "details" => _db(true)->get_error());
     }
     return array("error" => "UserID Not Found");
 }
Exemple #9
0
function displayDBImage($imgID, $type = "view")
{
    $dbtbl = "";
    if (isset($_REQUEST['dbtbl'])) {
        $dbtbl = $_REQUEST['dbtbl'];
    } else {
        $dbtbl = _dbtable("photos");
    }
    $sql = "SELECT image_type,image_data,image_size FROM {$dbtbl} WHERE ID={$imgID}";
    $result = _db()->executeQuery($sql);
    if ($result) {
        if (_db()->recordCount($result) > 0) {
            $record = _db()->fetchData($result);
            $ext = str_replace("image/", "", $record["image_type"]);
            printHeader("download.{$ext}", $type);
            echo $record["image_data"];
            exit;
        }
    }
    displayLocalImage("images/warning.png", "view");
}
Exemple #10
0
    $rssid = $_REQUEST['rss'];
    $tbl = _dbtable($rsstable);
    $temp_FULL_MEDIA_PATH = getConfig("FULL_MEDIA_PATH");
    setConfig("FULL_MEDIA_PATH", "true");
    $rss = RSSGen::generateFromDB($tbl, $rssid);
    setConfig("FULL_MEDIA_PATH", $temp_FULL_MEDIA_PATH);
    if (strlen($rss) > 0) {
        RSSGen::printRSSHeader();
        echo $rss;
    }
    exit;
} elseif (isset($_REQUEST['list'])) {
    if (!isset($_REQUEST['format'])) {
        $_REQUEST['format'] = "json";
    }
    $tbl = _dbtable($rsstable);
    $list = RSSGen::listFeeds($tbl);
    if (count($list) > 0) {
        foreach ($list as $a => $b) {
            $list[$a]['link'] = SiteLocation . "services/?scmd=rss&rss={$b['rssid']}";
        }
        if ($_REQUEST['format'] == "json") {
            echo json_encode($list);
        } elseif ($_REQUEST['format'] == "table") {
            $s = "<table width=100% cellpadding=2 cellspacing=0 border=0>";
            foreach ($list as $a) {
                $s .= "<tr>";
                foreach ($a as $m => $n) {
                    $s .= "<td name='{$m}'>{$n}</td>";
                }
                $s .= "</tr>";
Exemple #11
0
 function moveFile($file)
 {
     if (strlen($file['name']) == 0 && $file['size'] == 0 && strlen($file['tmp_name']) == 0) {
         return array();
     }
     $lnk = "";
     $maxFileSize = $_POST['MAX_FILE_SIZE'];
     $ifFileExists = $_POST['IF_FILE_EXISTS'];
     //replace,noreplace
     $fileAct = $_POST['FILE_ACTION'];
     //create,replace,delete
     $storeTxtToDB = $_POST['TEXT_EXTRACTION'];
     //true,false,yes,no
     $storeType = "fs";
     $storePath = "attachments/";
     if (strlen($file['src']) == 0) {
         $file['src'] = "fs#attachments/";
     }
     if (strpos($file['src'], "fs#") === 0) {
         $storePath = substr($file['src'], 3);
         $storeType = "fs";
         if (strlen($storePath) <= 0) {
             $storePath = "attachments/";
         }
     } elseif (strpos($file['src'], "db#") === 0) {
         $storePath = substr($file['src'], 3);
         $storeType = "db";
         if (strlen($storePath) <= 0) {
             $storePath = _dbtable("files");
         }
     } else {
         $file['src'] = "fs#attachments/";
         $storePath = substr($file['src'], 3);
         $storeType = "fs";
         if (strlen($storePath) <= 0) {
             $storePath = "attachments/";
         }
     }
     $exts = explode(".", $file['name']);
     if (count($exts) > 1) {
         $ext = $exts[count($exts) - 1];
     } else {
         $ext = "";
     }
     $fname = substr($file['name'], 0, strlen($file['name']) - strlen($ext));
     if (strpos($fname, ".") === strlen($fname) - 1) {
         $fname = substr($fname, 0, strlen($fname) - 1);
     }
     if ($storeType == "fs") {
         $newName = md5(rand() * time()) . "-" . str_replace(" ", "_", $fname);
         $targetPath = APPROOT . APPS_USERDATA_FOLDER . "{$storePath}/{$newName}.{$ext}";
         $targetPath = str_replace("//", "/", $targetPath);
         if (!file_exists(dirname($targetPath))) {
             mkdir(dirname($targetPath), 0777, true);
             chmod(dirname($targetPath), 0777);
         }
         if (!file_exists(dirname($targetPath))) {
             return array("Error" => "Failed To Create TargetPath Folder.");
         }
         if (file_exists($targetPath)) {
             if ($ifFileExists == "replace") {
                 unlink($targetPath);
             } elseif ($ifFileExists == "noreplace") {
                 return array("Error" => "File Exists At The Target.");
             }
         }
         if ($fileSize < $maxFileSize) {
             if (@move_uploaded_file($file['tmp_name'], $targetPath)) {
                 return str_replace("//", "/", "{$storePath}/{$newName}.{$ext}");
             } else {
                 return array("Error" => "Failed To Move File To Destination.");
             }
         } else {
             return array("Error" => "File Size Is More Then Max.");
         }
     } elseif ($storeType == "db") {
         $date = date("Y-m-d");
         $usr = getUserInfo();
         $defData['date'] = $date;
         $defData['time'] = date('H:i:s');
         $defData['doc'] = $date;
         $defData['doe'] = $date;
         $defData['datestamp'] = date('Y-m-d H:i:s');
         $defData['username'] = $usr['SESS_USER_NAME'];
         $defData['userid'] = $usr['SESS_USER_ID'];
         $defData['privilegeid'] = $_SESSION['SESS_PRIVILEGE_ID'];
         $defData['scanBy'] = $_SESSION['SESS_USER_ID'];
         $defData['site'] = SITENAME;
         $fileName = $file['name'];
         $fileType = $file['type'];
         $fileSize = $file['size'];
         $fileData = "";
         $meta = "";
         $txtData = "";
         if (isset($_POST['tags'])) {
             $tags = $_POST['tags'];
         } else {
             $tags = "";
         }
         if (isset($_POST['remarks'])) {
             $remarks = $_POST['remarks'];
         } else {
             $remarks = "";
         }
         if ($fileSize < $maxFileSize) {
             $fileData = file_get_contents($file['tmp_name']);
             $fileData = mysql_real_escape_string($fileData);
             if ($storeTxtToDB || $storeTxtToDB == "true") {
                 $txtData = getTextData($fileData, $fileType);
             }
         } else {
             return array("Error" => "File Size Is More Then Max.");
         }
         if (strpos("#" . $storePath, $GLOBALS["DBCONFIG"]["DB_SYSTEM"]) == 1) {
             $sysDb = true;
         } else {
             $sysDb = false;
         }
         $insertQuery = "INSERT INTO {$storePath} ";
         $insertQuery .= "(datestamp,title,txt_data,file_name,file_data,file_type,file_size,remarks,tags,meta,site,userid,doc,doe) VALUES ";
         $insertQuery .= "('{$defData['datestamp']}','{$fname}',\"{$txtData}\",'{$fileName}',\"{$fileData}\",'{$fileType}','{$fileSize}','{$remarks}','{$tags}',";
         $insertQuery .= "'{$meta}','{$defData['site']}','{$defData['userid']}','{$defData['doc']}','{$defData['doe']}')";
         //echo $insertQuery;
         $a = _dbQuery($insertQuery, $sysDb);
         if ($a) {
             return _db($sysDb)->insert_id();
         }
         return array("Error" => "Error In MySQL Query.");
     }
     return array("Error" => "StorageType Not Supported.");
 }
Exemple #12
0
function deleteForm()
{
    if (isset($_REQUEST["on_success"])) {
        $onSuccess = $_REQUEST["on_success"];
    } else {
        $onSuccess = "";
    }
    if (isset($_REQUEST["on_error"])) {
        $onFailure = $_REQUEST["on_error"];
    } else {
        $onFailure = "";
    }
    $sTable = $_POST["submit_table"];
    $sql = "";
    if (isset($_POST["delete_id"])) {
        $id = clean($_POST["delete_id"]);
        $sql = "DELETE FROM {$sTable} WHERE id={$id}";
    } elseif (isset($_POST["submit_wherecol"])) {
        $whereCol = $_POST["submit_wherecol"];
        $whereCol = explode(",", $whereCol);
        $w = array();
        foreach ($whereCol as $a => $b) {
            if (isset($_POST[$b])) {
                $x = clean($_POST[$b]);
                $sw = "{$b}='{$x}'";
                array_push($w, $sw);
            }
        }
        $where = implode("AND ", $w);
        $sql = "DELETE FROM {$sTable} WHERE {$where}";
    }
    //exit("Error:: $sql");
    if (strlen($sql) > strlen("DELETE FROM {$sTable} WHERE ")) {
        $a = _dbQuery($sql);
        if ($a) {
            if (function_exists($onSuccess)) {
                call_user_func($onSuccess);
            } else {
                echo $onSuccess;
            }
        } else {
            if (strlen($onFailure) > 0) {
                echo $onFailure;
            } else {
                echo "Error:: " . _db($sysDb)->getErrorNo() . "<br/>";
            }
            if (MASTER_DEBUG_MODE == 'true') {
                echo _db($sysDb)->getError();
            }
        }
    } else {
        if (strlen($onFailure) > 0) {
            echo $onFailure;
        } else {
            echo "Error:: " . _db($sysDb)->getErrorNo() . "<br/>";
        }
        if (MASTER_DEBUG_MODE == 'true') {
            echo _db($sysDb)->getError();
        }
    }
    if (function_exists("log_ActivityEvent")) {
        if (isset($_POST["delete_id"])) {
            log_ActivityEvent("Record Form Deleted From Table {$sTable}, For ID::{$id}", "User", 4, "forms", _dbtable("forms"));
        } else {
            log_ActivityEvent("Record Form Deleted For Query {$sql}", "User", 4, "forms", _dbtable("forms"));
        }
    }
}