/**
* Process the query
* @param $user the user to look for
* @param $password the user password
* @param $id the id in the hatting table
*/
function processLoad($user, $password, $id)
{
// Connect to the database
$pdo = pdo_connect();
getUser($pdo, $user, $password);
$idQ = $pdo->quote($id);
$query = "SELECT name, uri, type, x, y, rotation, scale, color, feather from hatting where id={$idQ}";
$rows = $pdo->query($query);
if ($row = $rows->fetch()) {
// We found the record in the database
echo "<hatter status=\"yes\">";
$uri = $row['uri'];
$x = $row['x'];
$y = $row['y'];
$angle = $row['rotation'];
$scale = $row['scale'];
$color = $row['color'];
$hat = $row['type'];
$feather = $row['feather'] == 1 ? "yes" : "no";
echo "<hatting uri=\"{$uri}\" x=\"{$x}\" y=\"{$y}\" angle=\"{$angle}\" scale=\"{$scale}\" color=\"{$color}\" type=\"{$hat}\" feather=\"{$feather}\" />\r\n";
echo "</hatter>";
exit;
}
echo '<hatter status="no" msg="image" />';
}
public static function checkState()
{
if (session_status() != PHP_SESSION_ACTIVE) {
session_start();
}
if (!isset($_SESSION[userNo])) {
return false;
}
$_userNo = $_SESSION[userNo];
if ($_userNo == 'null') {
return false;
}
$row = getUser($_userNo);
if (isset($row[adminNo])) {
return true;
}
$query = "SELECT " . loginSession . " FROM " . " User " . "WHERE " . userNo . " = '" . $_userNo . "'";
$result = DB::query($query);
if (!$result) {
return false;
}
$row = $result->fetch_array();
if (isset($row[0]) && $row[0] == $_COOKIE["PHPSESSID"]) {
return true;
} else {
return false;
}
}
protected function saveHelpStatus()
{
$user = getUser();
$config = PageConfigs::where('page', $this->id)->where('user_id', $user['id'])->first();
$config->help = !$config->help;
$config->save();
}
function testResettingPassword()
{
$email = '*****@*****.**';
$u = getUser($email);
$this->followRedirects(false);
# XXX: Hack to avoid being redirected to homepage upon logout.
$this->logout();
$this->followRedirects();
$this->get('/account/signin');
$this->clickLink("//a[contains(text(), 'Forget your password')]");
# We specify the address using different cAsINg to make sure things aren't case-sensitive.
$this->submitForm($this->getForm('lost-pass'), array('email' => '*****@*****.**'));
/*
TODO: Make this test more comprehensive -- but first we need a properly "stubbed-out"
email for test framework...
$sentEmails = $this->getSentEmails();
assertTrue(count($sentEmails) == 1);
$matches = array();
preg_match('@https?://[-.a-z]+(/[^\\s]+)@', $sentEmails[0]->message, $matches);
$relativeURI = $matches[1];
$this->get($relativeURI);
$this->submitForm($this->getForm(),
array('password' => 'nu3vo', 'confirmPassword' => 'nu3vo'));
$this->logout();
$this->assertNotLoggedIn();
$this->login($email, 'nu3vo');
$this->assertLoggedIn($u->email);
*/
$row = DB\selectExactlyOne('confirmation_codes', 'user_id = ?', array($u->id));
$this->get('/account/pass-reset?c=' . $row['code']);
$this->submitForm($this->getForm('change-password-form'), array('password' => 'n00p@ss', 'confirm-password' => 'n00p@ss'));
}
function login()
{
$app = \Slim\Slim::getInstance();
$json = decodeJsonOrFail($app->request->getBody());
$user = User::where('username', '=', $json['username'])->where('password', '=', $json['password'])->firstOrFail();
getUser($user->id);
}
function getPermissions(&$record)
{
if (getUser()) {
return Dataface_PermissionsTool::ALL();
}
return null;
}
/**
* This function must check the user session to be sure that he/she is
* authorized to upload and access files in the File Browser.
*
* @return boolean
*/
function CheckAuthentication()
{
// WARNING : DO NOT simply return "true". By doing so, you are allowing
// "anyone" to upload and list the files in your server. You must implement
// some kind of session validation here. Even something very simple as...
// return isset($_SESSION['IsAuthorized']) && $_SESSION['IsAuthorized'];
// ... where $_SESSION['IsAuthorized'] is set to "true" as soon as the
// user logs in your system. To be able to use session variables don't
// forget to add session_start() at the top of this file.
if (!class_exists("User")) {
//Check if Orongo was loaded
require "../../startOrongo.php";
startOrongo();
}
//ORONGOCMS AUTHENTICATION:
if (!function_exists('getUser')) {
return false;
}
if (getUser() == null) {
return false;
}
if (getUser()->getRank() < RANK_WRITER) {
return false;
}
return true;
}
protected static function newTempDir()
{
$tmp['tok'] = getUser() . time() . rand(5, 20);
$tmp['dir'] = addslash(self::$config['tempdir']) . '.rutorrent/.fman/' . $tmp['tok'] . '/';
Filesystem::get()->mkdir($tmp['dir'], true, 777);
return $tmp;
}
/**
* Returns the rank of the currently logged in user.
*
* @return string
*/
function getUserRank()
{
if (getUser()->id === 1) {
return 'admin';
}
return 'user';
}
public function __set($name, $value)
{
if (getUser()->data->id != $this->data->owner && getUser()->data->access_level != 0) {
return;
}
switch ($name) {
case 'name':
case 'mime':
getDB()->query('setFile', array('id' => $this->fid, 'field' => $name, 'value' => $value));
$this->data->{$name} = $value;
break;
case 'list':
getDB()->query('setFile', array('id' => $this->fid, 'field' => $name, 'value' => $value));
$this->data = getDB()->query('refreshData', array('pid' => $this->pid));
$this->data = $this->data->dataObj;
break;
case 'file':
if (!is_file(SYS_TMP . $file)) {
$this->throwError('$value isn`t a file', $value);
}
getRAR()->execute('moveFile', array('source' => SYS_TMP . $value, 'destination' => SYS_SHARE_PROJECTS . $this->fid));
break;
default:
return;
}
}
function checkLogin()
{
global $database;
/* Check if user has been remembered */
if (isset($_SESSION['usertype']) && isset($_SESSION['userID']) && $_SESSION['usertype'] == 1) {
if ($database->confirmUserID($_SESSION['userID']) != 0) {
unset($_SESSION['userID']);
unset($_SESSION['username']);
unset($_SESSION['classID']);
unset($_SESSION['userBranchID']);
unset($_SESSION['usertype']);
unset($_SESSION['databasename']);
unset($_SESSION['permissions']);
return false;
}
$temp = getUser($_SESSION['userID']);
$this->userID = $temp->getID();
$this->username = $temp->getUsername();
$this->classID = $temp->getClassID();
$this->userBranchID = $temp->getUserBranchID();
$this->name = $temp->getName();
$this->userlevel = $temp->getLevel();
$this->databasename = $temp->getInstituteObj()->getDatabaseName();
$this->usertype = 1;
$this->permissions = $temp->getPermissions();
// unsetDatabaseName();
// setDatabaseName($this->databasename,$this->classID);
return true;
} else {
return false;
}
}
function get($lastmodified, $api)
{
$sync = new Sync();
$output = array();
if ($lastmodified < $sync->get(Sync::USER)) {
$output[Sync::USER] = getUser($api);
}
if ($lastmodified < $sync->get(Sync::SCENARIOS)) {
$output[Sync::SCENARIOS] = getScenarios();
}
if ($lastmodified < $sync->get(Sync::LIGHTS)) {
$output[Sync::LIGHTS] = getLights();
}
if ($lastmodified < $sync->get(Sync::ROOMS)) {
$output[Sync::ROOMS] = getRooms();
}
if ($lastmodified < $sync->get(Sync::PLANTS)) {
$output[Sync::PLANTS] = getPlants();
}
if ($lastmodified < $sync->get(Sync::DEVICES)) {
$output[Sync::DEVICES] = getDevices();
}
if ($lastmodified < $sync->get(Sync::SENSORS)) {
$output[Sync::SENSORS] = getSensors();
}
if ($lastmodified < $sync->get(Sync::EAN)) {
$output[Sync::EAN] = getEan();
}
return $output;
}
public function actionEmployeeSchedulle()
{
header('Content-type: application/json');
$schedulles = AttendanceSchedulles::model()->findAllByAttributes(array('employee_id' => getUser()->id));
$data = array();
foreach ($schedulles as $schedulle) {
for ($i = 1; $i <= 31; $i++) {
if (strlen($i) == 1) {
$date = 'date_0' . $i;
} else {
$date = 'date_' . $i;
}
$day = $schedulle->year . '-' . $schedulle->month . '-' . $i;
$day = strtotime($day) + 2678400;
$day = date('Y-m-d', $day);
if ($schedulle->{$date} != '') {
$shift = ReferenceAttendanceShifts::model()->findByPk($schedulle->{$date})->name;
$data[] = array('title' => $shift, 'start' => $day, 'allDay' => true);
}
}
}
// $c = new CDbCriteria();
// $c->compare('employee_id', getUser()->id);
// $schedulles = AttendanceSchedulle::model()->findAll($c);
// $data = array();
// foreach($schedulles as $schedulle)
// {
// $data[] = array('title'=>$schedulle->shift->name, 'start'=>$schedulle->schedulle_date, 'allDay'=>true);
// }
echo CJSON::encode($data);
}
function sendUserLogsViaMail($classID)
{
$conn = getMainConnection();
$query = "SELECT * FROM info WHERE ID = '" . $classID . "'";
$result = mysql_query($query);
$numrows = mysql_affected_rows();
if ($numrows == 1) {
$member = mysql_fetch_array($result);
if ($member['activeflag'] != 0) {
getTemporaryConnection($member['databasename']);
}
}
$query = "SELECT * FROM login_logs WHERE lastlogin <= '" . time() . "' AND lastlogin >= '" . (time() - 86400) . "'";
$result = mysql_query($query);
$mail_string = '';
while ($member = mysql_fetch_array($result)) {
$time = date("F j, Y, g:i a", $member['lastlogin']);
$user = getUser($member['userID'])->getName();
$mail_string .= $user . ' logged in at ' . $time . ' from the ip ' . $member['ip'] . '<br />';
}
//echo $mail_string;
$toEmail = '*****@*****.**';
$toName = 'Ace Chemistry';
$fromEmail = '*****@*****.**';
$fromName = 'My Class - Knowledge Portal';
$subject = 'Staff Login Logs : ' . date("d-m-Y");
$body = 'Staff Login Logs <hr /><br />' . $mail_string;
$flag = sendEmail($toEmail, $toName, $fromEmail, $fromName, $subject, $body, '');
return $flag;
}
function start()
{
if (!empty($_POST)) {
if (!isset($_POST['id'])) {
createUser($_POST);
} else {
editUser($_POST);
}
require '../views/list.php';
return;
}
if (!isset($_GET['id']) && !isset($_GET['page'])) {
$people = getPeople();
require '../views/list.php';
return;
}
if (isset($_GET['page']) && $_GET['page'] === 'add') {
require '../views/add.php';
return;
}
if (isset($_GET['page']) && $_GET['page'] === 'edit') {
if (!isset($_GET['id'])) {
die('veuillez spécifier un id d\'utilisateur');
}
$id = $_GET['id'];
$editable = ORM::for_table('users')->find_one($id);
require '../views/edit.php';
return;
}
$user = getUser();
require '../views/show.php';
}
function loadByOwner($user_id, $sound_id)
{
$db = new SoundPlayData();
$ajaxServ = new AjaxServerBase();
$userTable = new Users();
$user = getUser();
//ユーザーチェック
$res = $userTable->loadFromUserId($user_id);
if ($res === false || is_null($res)) {
$ajaxServ->sendErrorJson(DBERROR_USER_NOTFOUND, 'user_id invalid');
return;
}
//オーナーチェックチェック(なければ普通のロード)
if ($user_id !== @$user['user_id']) {
$db->loadFromId($sound_id);
// $ajaxServ->sendErrorJson(DBERROR_USER_ID_INVALID, 'user logout');
return;
}
$user_id = @$user['user_id'];
$res = $db->loadFromUserIdSoundId($user_id, $sound_id);
if ($res === false || is_null($res)) {
$ajaxServ->sendErrorJson(DBERROR_USER_PERMISSION, 'user_id invalid');
return;
}
$ajaxServ->sendJson($res);
}
/** Erstellt ein nneues Projekt
*
* @param integer $pid Project ID
* @author Lorze Widmer
*/
public function __construct($pid)
{
$this->pid = $pid;
//Daten werden aus der Datenbank geladen
$this->data = getDB()->query('refreshDataP', array('pid' => $this->pid));
if ($this->data === null) {
$this->throwError('No project with given pid exists', $this->pid);
}
$this->data = $this->data->dataObj;
//Infos werden aus der Datenbank geladen und in einen assoziativen Array geladen InfoKey => InfoValue
$temp = getDB()->query('refreshDataProjectInfo', array('pid' => $this->pid));
$this->info = $temp;
if ($temp !== null) {
$this->info = array();
do {
$this->info[$temp->dataObj->key] = $temp->dataObj->value;
} while ($temp->next());
}
//Infos werden aus der Datenbank geladen und in einen assoziativen Array geladen InfoKey => InfoValue
$fail = ($this->data->access_level == 0 || $this->data->access_level == 1 && getUser()->access_level == 1 || $this->data->access_level <= 2 && $this->data->class == getUser()->class && getUser()->access_level == 2 || $this->data->access_level <= 2 && getUser()->access_level == null) && $this->data->owner != getUser()->id && getUser()->access_level != 0;
//Ist der Benutzer berechtigt das Projekt zu bearbeiten wird $this->editable auf true gesetzt
$this->editable = getUser()->data->id == $this->data->owner || getUser()->data->access_level == 0;
//Im Fehlerfall wird das Skript abgebrochen und ein Fehler ausgegeben
if ($fail) {
$this->throwError('$user has no access to the project');
}
if (getUser() === false && $this->data->access_level < 3) {
$this->throwError('You aren`t logged in');
}
}
public function exec()
{
if ($this->ci->ion_auth->logged_in()) {
$user = $this->ci->ion_auth->user()->row();
setUser('username', $user->username);
setUser('id', $user->id);
setUser('email', $user->email);
setUser('admin', $this->ci->ion_auth->is_admin());
setUser('logged', true);
$groupUser = $this->ci->ion_auth->get_users_groups(getUser('id'))->result();
$group = array();
foreach ($groupUser as $tmp) {
$group[] = $tmp->id;
}
setUser('groups', $group);
} else {
setUser('logged', false);
}
if ($this->ci->uri->segment(1) != "auth") {
if (!$this->ci->acl->isAllow()) {
$this->ci->session->set_flashdata('message', "Vous n'avez pas acces à cette page");
redirect("auth/login/redirect");
}
}
}
public function __invoke($args)
{
if (getUser() == null) {
throw new Exception("No user logged in!");
}
return new OrongoVariable(getUser()->getID());
}
public function getManager(Request $request)
{
$user = getUser();
$data['insert'] = $request->input('insert', false);
$data['from'] = $request->input('from', false);
$data['access_token'] = $user['access_token'];
return view('admin.files', $data);
}
function get_photo_quantity()
{
$user = getUser();
$this->db->where('user_id', $user->id);
$this->db->from('gallery');
$result = $this->db->count_all_results();
return $result;
}
function getUserEmail($userid)
{
global $emails;
if (!isset($names[$userid])) {
$emails[$userid] = getUser($userid)['email'];
}
return $emails[$userid];
}
function checkAuth()
{
$user = getUser();
if ($user) {
return $user;
}
redirectToLogin();
}
/**
* validate user cookie with database.
* note that base64 is an extra-step
* when storing the cookie on the user client
* and not an attempt to encrypt passwords.
*
* @return bool
*/
function validateUser()
{
// compare saved cookie with the actual credentials from the db.
if (getUser()['email'] && base64_decode(getUser(true)[1]) === getUser()['pass']) {
return true;
}
return false;
}
public function getSlide()
{
$user = getUser();
$data['token'] = $user['access_token'];
$data['active'] = 'slide';
$data['pages'] = Pages::where('status', 'open')->get();
return view('admin.widget.slide', $data);
}
function login($username, $userpassword, $rememberme = false)
{
$usersCounter = getUser($username, $userpassword);
$object = new stdClass();
$object->result = $usersCounter;
$object->message = "mmm";
return $object;
}
function validUser($username, $password)
{
$result = False;
$user = getUser($username);
if (isset($user) && $user["password"] == md5($password)) {
$result = True;
}
return $result;
}
function addHealth($id, $health)
{
$user = getUser($id);
$amount = Clamp($user['health'] + $health, 0, getUsersMaxHealth($id));
$lSql = "UPDATE ip_users SET health=:hp WHERE id=:id";
$lStmt = $db->prepare($lSql);
$res = $lStmt->execute(array(":hp" => $amount, ":id" => $id));
return $res;
}
/**
* Process the XML query
* @param $xmltext the provided XML
*/
function processXml($xmltext)
{
// Load the XML
$xml = new XMLReader();
if (!$xml->XML($xmltext)) {
echo '<hatter status="no" msg="invalid XML" />';
exit;
}
// Connect to the database
$pdo = pdo_connect();
// Read to the start tag
while ($xml->read()) {
if ($xml->nodeType == XMLReader::ELEMENT && $xml->name == "hatter") {
// We have the hatter tag
$magic = $xml->getAttribute("magic");
if ($magic != "NechAtHa6RuzeR8x") {
echo '<hatter status="no" msg="magic" />';
exit;
}
$user = $xml->getAttribute("user");
$password = $xml->getAttribute("pw");
$userid = getUser($pdo, $user, $password);
// Read to the hatting tag
while ($xml->read()) {
if ($xml->nodeType == XMLReader::ELEMENT && $xml->name == "hatting") {
$name = $xml->getAttribute("name");
$uri = $xml->getAttribute("uri");
$x = $xml->getAttribute("x");
$y = $xml->getAttribute("y");
$angle = $xml->getAttribute("angle");
$scale = $xml->getAttribute("scale");
$color = $xml->getAttribute("color");
$hat = $xml->getAttribute("hat");
$feather = $xml->getAttribute("feather") == "yes" ? 1 : 0;
$nameQ = $pdo->quote($name);
$uriQ = $pdo->quote($uri);
// Checks
if (!is_numeric($x) || !is_numeric($y) || !is_numeric($angle) || !is_numeric($scale) || !is_numeric($color) || !is_numeric($hat)) {
echo '<hatter status="no" msg="invalid" />';
exit;
}
$query = <<<QUERY
REPLACE INTO hatting(name, userid, uri, type, x, y, rotation, scale, color, feather)
VALUES({$nameQ}, '{$userid}', {$uriQ}, {$hat}, {$x}, {$y}, {$angle}, {$scale}, {$color}, {$feather})
QUERY;
if (!$pdo->query($query)) {
echo '<hatter status="no" msg="insertfail">' . $query . '</hatter>';
exit;
}
echo '<hatter status="yes"/>';
exit;
}
}
}
}
echo '<hatter save="no" msg="invalid XML" />';
}
function hasVoted($user, $voting_id)
{
$voted = false;
$db_user = getUser($user);
if (isset($db_user)) {
$voted = in_aray($voting_id, $db_user["voting"]);
}
return $voted;
}
