public function index()
{
/*
UserCake (Via CupCake) Version: 2.0.2
http://usercake.com
*/
global $loggedInUser;
$baseURL = getcwd();
require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
//Log the user out
if (isUserLoggedIn()) {
$loggedInUser->userLogOut($this);
}
$s_u = site_url();
if (!empty($s_u)) {
$add_http = "";
if (strpos(site_url(), "http://") === false) {
$add_http = "http://";
}
header("Location: " . $add_http . str_replace('.php', '', site_url()));
die;
} else {
header("Location: http://" . $_SERVER['HTTP_HOST']);
die;
}
}
public function index()
{
/*
UserCake (Via CupCake) Version: 2.0.2
http://usercake.com
*/
global $baseURL;
require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
$pages = getPageFiles();
//Retrieve list of pages in root usercake folder
$dbpages = fetchAllPages();
//Retrieve list of pages in pages table
$creations = array();
$deletions = array();
//Check if any pages exist which are not in DB
foreach ($pages as $page) {
if (!isset($dbpages[str_replace(".php", "", $page)])) {
$creations[] = str_replace(".php", "", $page);
}
}
//Enter new pages in DB if found
if (count($creations) > 0) {
createPages($creations);
}
if (count($dbpages) > 0) {
//Check if DB contains pages that don't exist
foreach ($dbpages as $page) {
if (!isset($pages[$page['page'] . '.php'])) {
$deletions[] = $page['id'];
}
}
}
//Delete pages from DB if not found
if (count($deletions) > 0) {
deletePages($deletions);
}
//Update DB pages
$dbpages = fetchAllPages();
require_once "{$baseURL}/application/third_party/user_cake/models/header.php";
echo "\r\n<body>\r\n<div id='wrapper'>\r\n<div id='top'><div id='logo'></div></div>\r\n<div id='content'>\r\n<h1>UserCake (Via CupCake)</h1>\r\n<h2>Admin Pages</h2>\r\n<div id='left-nav'>";
include "{$baseURL}/application/third_party/user_cake/left-nav.php";
echo "\r\n</div>\r\n<div id='main'>\r\n<form name='adminPages' action='" . $_SERVER['PHP_SELF'] . "' method='post'>\r\n<table class='admin'>\r\n<tr><th>Delete</th><th>Id</th><th>Page</th><th>Access</th></tr>";
//Display list of pages
foreach ($dbpages as $page) {
echo "\r\n\t<tr>\r\n\t<td><input type='checkbox' name='delete[" . $page['id'] . "]' id='delete[" . $page['id'] . "]' value='" . $page['id'] . "'></td>\r\n\t<td>\r\n\t" . $page['id'] . "\r\n\t</td>\r\n\t<td>\r\n\t<a href ='" . str_replace('index.php/', '', site_url('admin_page')) . "?id=" . $page['id'] . "'>" . $page['page'] . "</a>\r\n\t</td>\r\n\t<td>";
//Show public/private setting of page
if ($page['private'] == 0) {
echo "Public";
} else {
echo "Private";
}
echo "\r\n\t</td>\r\n\t</tr>";
}
echo "\r\n</table>\r\n<input type = 'submit' value = 'Submit'/>\r\n</form>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n<div id = 'createNewPage'>\r\n<a href ='" . str_replace('index.php/', '', site_url('new_page')) . "'>Add Page</a>\r\n</div>\r\n</body>\r\n</html>";
}
public function index()
{
/*
UserCake (Via CupCake) Version: 2.0.2
http://usercake.com
*/
$baseURL = getcwd();
require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
//Forms posted
if (!empty($_POST)) {
if (!empty($_POST['delete']) || !empty($_POST['newPermission'])) {
//Delete permission levels
if (!empty($_POST['delete'])) {
$deletions = $_POST['delete'];
if ($deletion_count = deletePermission($deletions)) {
$successes[] = lang("PERMISSION_DELETIONS_SUCCESSFUL", array($deletion_count));
}
}
//Create new permission level
if (!empty($_POST['newPermission'])) {
$permission = trim($_POST['newPermission']);
//Validate request
if (permissionNameExists($permission)) {
$errors[] = lang("PERMISSION_NAME_IN_USE", array($permission));
} elseif (minMaxRange(1, 50, $permission)) {
$errors[] = lang("PERMISSION_CHAR_LIMIT", array(1, 50));
} else {
if (createPermission($permission)) {
$successes[] = lang("PERMISSION_CREATION_SUCCESSFUL", array($permission));
} else {
$errors[] = lang("SQL_ERROR");
}
}
}
} else {
$errors[] = lang("NO_PERMISSION_SELECTED");
}
}
$permissionData = fetchAllPermissions();
//Retrieve list of all permission levels
require_once "{$baseURL}/application/third_party/user_cake/models/header.php";
echo "\r\n<body>\r\n<div id='wrapper'>\r\n<div id='top'><div id='logo'></div></div>\r\n<div id='content'>\r\n<h1>UserCake (Via CupCake)</h1>\r\n<h2>Admin Permissions</h2>\r\n<div id='left-nav'>";
include "{$baseURL}/application/third_party/user_cake/left-nav.php";
echo "\r\n</div>\r\n<div id='main'>";
echo resultBlock($errors, $successes);
echo "\r\n<form name='adminPermissions' action='" . $_SERVER['PHP_SELF'] . "' method='post'>\r\n<table class='admin'>\r\n<tr>\r\n<th>Delete</th><th>Permission Name</th>\r\n</tr>";
//List each permission level
foreach ($permissionData as $v1) {
echo "\r\n\t<tr>\r\n\t<td><input type='checkbox' name='delete[" . $v1['id'] . "]' id='delete[" . $v1['id'] . "]' value='" . $v1['id'] . "'></td>\r\n\t<td><a href='" . str_replace('index.php/', '', site_url('admin_permission')) . "?id=" . $v1['id'] . "'>" . $v1['name'] . "</a></td>\r\n\t</tr>";
}
echo "\r\n</table>\r\n<p>\r\n<label>Permission Name:</label>\r\n<input type='text' name='newPermission' />\r\n</p> \r\n<input type='submit' name='Submit' value='Submit' />\r\n</form>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n</body>\r\n</html>";
}
public function index()
{
/*
UserCake (Via CupCake) Version: 2.0.2
http://usercake.com
*/
global $baseURL;
require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
$this->load->view('index');
}
public function index()
{
/*
UserCake (Via CupCake) Version: 2.0.2
http://usercake.com
*/
$baseURL = getcwd();
require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
//Forms posted
if (!empty($_POST)) {
if (!empty($_POST['delete'])) {
$deletions = $_POST['delete'];
if ($deletion_count = deleteUsers($deletions)) {
$successes[] = lang("ACCOUNT_DELETIONS_SUCCESSFUL", array($deletion_count));
} else {
$errors[] = lang("SQL_ERROR");
}
} else {
$errors[] = lang("NO_SELECTION_TO_DELETE_USER");
}
}
$userData = fetchAllUsers();
//Fetch information for all users
require_once "{$baseURL}/application/third_party/user_cake/models/header.php";
echo "\r\n<body>\r\n<div id='wrapper'>\r\n<div id='top'><div id='logo'></div></div>\r\n<div id='content'>\r\n<h1>UserCake (Via CupCake)</h1>\r\n<h2>Admin Users</h2>\r\n<div id='left-nav'>";
include "{$baseURL}/application/third_party/user_cake/left-nav.php";
echo "\r\n</div>\r\n<div id='main'>";
echo resultBlock($errors, $successes);
echo "\r\n<form name='adminUsers' action='" . $_SERVER['PHP_SELF'] . "' method='post'>\r\n<table class='admin'>\r\n<tr>\r\n<th>Delete</th><th>Username</th><th>Display Name</th><th>Title</th><th>Last Sign In</th>\r\n</tr>";
//Cycle through users
foreach ($userData as $v1) {
echo "\r\n\t<tr>\r\n\t<td><input type='checkbox' name='delete[" . $v1['id'] . "]' id='delete[" . $v1['id'] . "]' value='" . $v1['id'] . "'></td>\r\n\t<td><a href='" . str_replace('index.php/', '', site_url('admin_user')) . "?id=" . $v1['id'] . "'>" . $v1['user_name'] . "</a></td>\r\n\t<td>" . $v1['display_name'] . "</td>\r\n\t<td>" . $v1['title'] . "</td>\r\n\t<td>\r\n\t";
//Interprety last login
if ($v1['last_sign_in_stamp'] == '0') {
echo "Never";
} else {
echo date("j M, Y", $v1['last_sign_in_stamp']);
}
echo "\r\n\t</td>\r\n\t</tr>";
}
echo "\r\n</table>\r\n<input type='submit' name='Submit' value='Delete' />\r\n</form>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n</body>\r\n</html>";
}
public function index()
{
/*
UserCake (Via CupCake) Version: 2.0.2
http://usercake.com
*/
global $baseURL;
require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
//Prevent the user visiting the logged in page if he/she is already logged in
if (isUserLoggedIn()) {
header("Location: " . str_replace('index.php/', '', site_url('account')));
die;
}
//Forms posted
if (!empty($_POST)) {
$errors = array();
$email = trim($_POST["email"]);
$username = trim($_POST["username"]);
$displayname = trim($_POST["displayname"]);
$password = trim($_POST["password"]);
$confirm_pass = trim($_POST["passwordc"]);
$captcha = md5($_POST["captcha"]);
if (strtolower($captcha) != strtolower($this->session->userdata('security_code'))) {
$errors[] = lang("CAPTCHA_FAIL");
} else {
$this->session->unset_userdata('security_code');
}
if (minMaxRange(5, 25, $username)) {
$errors[] = lang("ACCOUNT_USER_CHAR_LIMIT", array(5, 25));
}
if (!ctype_alnum($username)) {
$errors[] = lang("ACCOUNT_USER_INVALID_CHARACTERS");
}
if (minMaxRange(5, 25, $displayname)) {
$errors[] = lang("ACCOUNT_DISPLAY_CHAR_LIMIT", array(5, 25));
}
if (!ctype_alnum($displayname)) {
$errors[] = lang("ACCOUNT_DISPLAY_INVALID_CHARACTERS");
}
if (minMaxRange(8, 50, $password) && minMaxRange(8, 50, $confirm_pass)) {
$errors[] = lang("ACCOUNT_PASS_CHAR_LIMIT", array(8, 50));
} else {
if ($password != $confirm_pass) {
$errors[] = lang("ACCOUNT_PASS_MISMATCH");
}
}
if (!isValidEmail($email)) {
$errors[] = lang("ACCOUNT_INVALID_EMAIL");
}
//End data validation
if (count($errors) == 0) {
//Construct a user object
$user = new User($username, $displayname, $password, $email);
//Checking this flag tells us whether there were any errors such as possible data duplication occured
if (!$user->status) {
if ($user->username_taken) {
$errors[] = lang("ACCOUNT_USERNAME_IN_USE", array($username));
}
if ($user->displayname_taken) {
$errors[] = lang("ACCOUNT_DISPLAYNAME_IN_USE", array($displayname));
}
if ($user->email_taken) {
$errors[] = lang("ACCOUNT_EMAIL_IN_USE", array($email));
}
} else {
//Attempt to add the user to the database, carry out finishing tasks like emailing the user (if required)
if (!$user->userCakeAddUser()) {
if ($user->mail_failure) {
$errors[] = lang("MAIL_ERROR");
}
if ($user->sql_failure) {
$errors[] = lang("SQL_ERROR");
}
}
}
}
if (count($errors) == 0) {
$successes[] = $user->success;
}
}
$vals = array('img_path' => './captcha/', 'img_url' => str_replace("index.php", "", site_url()) . '/captcha/', 'img_width' => '150', 'img_height' => 30, 'expiration' => 7200);
$cap = create_captcha($vals);
$this->session->set_userdata("security_code", md5($cap['word']));
$this->load->view('register', array("cap" => $cap));
}
public function index()
{
/*
UserCake (Via CupCake) Version: 2.0.2
http://usercake.com
*/
global $baseURL;
$baseURL = getcwd();
require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
//Forms posted
if (!empty($_POST) && $emailActivation) {
$email = $_POST["email"];
$username = $_POST["username"];
//Perform some validation
//Feel free to edit / change as required
if (trim($email) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_EMAIL");
} else {
if (!isValidEmail($email) || !emailExists($email)) {
$errors[] = lang("ACCOUNT_INVALID_EMAIL");
}
}
if (trim($username) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
} else {
if (!usernameExists($username)) {
$errors[] = lang("ACCOUNT_INVALID_USERNAME");
}
}
if (count($errors) == 0) {
//Check that the username / email are associated to the same account
if (!emailUsernameLinked($email, $username)) {
$errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID");
} else {
$userdetails = fetchUserDetails($username);
//See if the user's account is activation
if ($userdetails["active"] == 1) {
$errors[] = lang("ACCOUNT_ALREADY_ACTIVE");
} else {
if ($resend_activation_threshold == 0) {
$hours_diff = 0;
} else {
$last_request = $userdetails["last_activation_request"];
$hours_diff = round((time() - $last_request) / (3600 * $resend_activation_threshold), 0);
}
if ($resend_activation_threshold != 0 && $hours_diff <= $resend_activation_threshold) {
$errors[] = lang("ACCOUNT_LINK_ALREADY_SENT", array($resend_activation_threshold));
} else {
//For security create a new activation url;
$new_activation_token = generateActivationToken();
if (!updateLastActivationRequest($new_activation_token, $username, $email)) {
$errors[] = lang("SQL_ERROR");
} else {
$mail = new userCakeMail();
$activation_url = $websiteUrl . "activate-account.php?token=" . $new_activation_token;
//Setup our custom hooks
$hooks = array("searchStrs" => array("#ACTIVATION-URL", "#USERNAME#"), "subjectStrs" => array($activation_url, $userdetails["display_name"]));
if (!$mail->newTemplateMsg("resend-activation.txt", $hooks)) {
$errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");
} else {
if (!$mail->sendMail($userdetails["email"], "Activate your " . $websiteName . " Account")) {
$errors[] = lang("MAIL_ERROR");
} else {
//Success, user details have been updated in the db now mail this information out.
$successes[] = lang("ACCOUNT_NEW_ACTIVATION_SENT");
}
}
}
}
}
}
}
}
//Prevent the user visiting the logged in page if he/she is already logged in
if (isUserLoggedIn()) {
header("Location: " . str_replace('index.php/', '', site_url('account')));
die;
}
$this->load->view('resend_activation');
}
public function index()
{
/*
UserCake (Via CupCake) Version: 2.0.2
http://usercake.com
*/
global $baseURL, $loggedInUser, $errors, $success;
require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
//Forms posted
if (!empty($_POST)) {
$pageName = $_POST['pageName'];
$pageNameWithoutExt = str_replace(".php", "", $pageName);
$defaultPages = fetchAllPages();
$pageCheck = false;
foreach ($defaultPages as $indPage) {
if ($indPage['page'] == $pageNameWithoutExt) {
$pageCheck = true;
}
}
if (preg_match('/^[A-Za-z][A-Za-z0-9]*(?:_[A-Za-z0-9]+)*$/', $pageNameWithoutExt) && !$pageCheck) {
$comment = $_POST['pageComment'];
$nameWords = explode("_", $pageNameWithoutExt);
$className = '';
if (sizeof($nameWords)) {
for ($i = 0; $i < sizeof($nameWords); $i++) {
$sep = $i ? "_" : "";
$className .= $sep . ucfirst($nameWords[$i]);
}
} else {
$className = ucfirst($pageNameWithoutExt);
}
$file = fopen("{$baseURL}/application/controllers/{$pageName}.php", "w");
fwrite($file, '<?php
/* This pase was created by ' . $loggedInUser->displayname . ' at "' . date("Y m d H-i-s") . '". */
/* ' . $comment . ' */
class ' . $className . ' extends CI_Controller{
public function __construct(){
parent::__construct();
global $baseURL;
$baseURL = getcwd();
// File requires to check logged in user information.
require_once("$baseURL/application/third_party/user_cake/models/class.user.php");
// Basic helper and libraries
$this->load->helper();
$this->load->library("session");
}
public function index(){
global $baseURL;
// Require config file
require_once("$baseURL/application/third_party/user_cake/models/config.php");
// Write your code after this line
// Code ends here
// index function
$this->load->view("' . $pageName . '");
}
}
?>');
fclose($file);
$file = fopen("{$baseURL}/application/views/{$pageName}.php", "w");
fwrite($file, '<?php
global $baseURL;
require_once("$baseURL/application/third_party/user_cake/models/header.php");
?>
<!DOCTYPE html PUBLIC \'-//W3C//DTD XHTML 1.0 Transitional//EN\' \'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\'>
<html xmlns=\'http://www.w3.org/1999/xhtml\'>
<head>
<meta http-equiv=\'Content-Type\' content=\'text/html; charset=utf-8\' />
<title>' . $pageName . '</title>
</head>
<body>
<div id="wrapper">
<div id="top"><div id="logo"></div></div>
<div id="content">
<h1>UserCake (Via CupCake)</h1>
<h2>Account</h2>
<div id="left-nav">
<?php
include("$baseURL/application/third_party/user_cake/left-nav.php");
?>
</div>
<div id="main">
</div>
<div id="bottom"></div>
</div>
</body>
</html>');
fclose($file);
$newPage = array(str_replace(".php", "", $pageName));
createPages($newPage);
$successes[] = lang("PAGE_CREATED_SUCCESSFULLY", array($baseURL, $pageName));
} else {
if ($pageCheck) {
$errors[] = lang("USER_CREATED_PAGE_EXIST");
} else {
$errors[] = lang("PAGE_VALIDATION_ERROR");
}
}
}
require_once "{$baseURL}/application/third_party/user_cake/models/header.php";
echo "\r\n<body>\r\n<div id='wrapper'>\r\n<div id='top'><div id='logo'></div></div>\r\n<div id='content'>\r\n<h1>UserCake (Via CupCake)</h1>\r\n<h2>Admin Page</h2>\r\n<div id='left-nav'>";
include "{$baseURL}/application/third_party/user_cake/left-nav.php";
echo "\r\n</div>\r\n<div id='main'>";
echo resultBlock($errors, $successes);
echo "\r\n<form name='newPage' action='" . $_SERVER['PHP_SELF'] . "' method='post'>\r\n<input type='hidden' name='process' value='1'>\r\n<table class='admin'>\r\n<tr><td>\r\n<h3>Add New Page</h3>\r\n<div id='regbox'>\r\n<p>\r\n<label>New Page Name:</label>\r\n<input type = 'text' name = 'pageName' id = 'pageName'><br/>\r\n(only underscore '_' is allowed as special character.)<br/>\r\n<label>Write your comment:</label><textarea rows = '5' cols = '30' name = 'pageComment' id = 'pageComment'></textarea><br/>\r\n<div>( This is only for documentation purpose. )</div>";
echo "<input type='submit' value='Create' class='submit'/>\r\n</p>\r\n</form>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n</body>\r\n</html>";
}
<?php
require_once "../models/config.php";
if (!securePage(__FILE__)) {
// Forward to index page
addAlert("danger", "Whoops, looks like you don't have permission to view that page.");
header("Location: 404.php");
exit;
}
setReferralPage(getAbsoluteDocumentPath(__FILE__));
//Log the user out
if (isUserLoggedIn()) {
$loggedInUser->userLogOut();
}
// Forward to index root page
header("Location: " . SITE_ROOT);
die;
?>
index.php
------------
product : PHP Invoice
version : 1.0 build 1 (Beta)
released : Sunday September 7 2003
copyright : Copyright © 2001-2009 Jeremy Hubert
email : support@illanti.com
website : http://www.illanti.com
The starting point for the software. Login page. DO NOT EDIT unless
you know what you are doing.
***************************************************************************/
define('SITE_ROOT', './');
require_once SITE_ROOT . 'includes/common.php';
securePage('none');
$tpl_main_file = 'login_framework.tpl';
$tpl =& new TemplateSystem();
if (isset($_POST['btnSubmit'])) {
if ($_POST['email'] != '') {
$method = 'email';
$value = $_POST['email'];
} elseif ($_POST['username'] != '') {
$method = 'username';
$value = $_POST['username'];
}
$client = $ISL->recoverPassword($method, $value);
if (is_array($client)) {
$e = new Emailer();
$e->setMainFile('forms/email_forgotpass.tpl');
$e->setFrom($SYSTEM['email']['from']);
public function index()
{
/*
UserCake (Via CupCake) Version: 2.0.2
http://usercake.com
*/
global $baseURL;
$baseURL = getcwd();
require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
//User has confirmed they want their password changed
if (!empty($_GET["confirm"])) {
$token = trim($_GET["confirm"]);
if ($token == "" || !validateActivationToken($token, TRUE)) {
$errors[] = lang("FORGOTPASS_INVALID_TOKEN");
} else {
$rand_pass = getUniqueCode(15);
//Get unique code
$secure_pass = generateHash($rand_pass);
//Generate random hash
$userdetails = fetchUserDetails(NULL, $token);
//Fetchs user details
$mail = new userCakeMail();
//Setup our custom hooks
$hooks = array("searchStrs" => array("#GENERATED-PASS#", "#USERNAME#"), "subjectStrs" => array($rand_pass, $userdetails["display_name"]));
if (!$mail->newTemplateMsg("{$baseURL}/application/third_party/user_cake/mail-templates/your-lost-password.txt", $hooks)) {
$errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");
} else {
if (!$mail->sendMail($userdetails["email"], "Your new password")) {
$errors[] = lang("MAIL_ERROR");
} else {
if (!updatePasswordFromToken($secure_pass, $token)) {
$errors[] = lang("SQL_ERROR");
} else {
if (!flagLostPasswordRequest($userdetails["user_name"], 0)) {
$errors[] = lang("SQL_ERROR");
} else {
$successes[] = lang("FORGOTPASS_NEW_PASS_EMAIL");
}
}
}
}
}
}
//User has denied this request
if (!empty($_GET["deny"])) {
$token = trim($_GET["deny"]);
if ($token == "" || !validateActivationToken($token, TRUE)) {
$errors[] = lang("FORGOTPASS_INVALID_TOKEN");
} else {
$userdetails = fetchUserDetails(NULL, $token);
if (!flagLostPasswordRequest($userdetails["user_name"], 0)) {
$errors[] = lang("SQL_ERROR");
} else {
$successes[] = lang("FORGOTPASS_REQUEST_CANNED");
}
}
}
//Forms posted
if (!empty($_POST)) {
$email = $_POST["email"];
$username = sanitize($_POST["username"]);
//Perform some validation
//Feel free to edit / change as required
if (trim($email) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_EMAIL");
} else {
if (!isValidEmail($email) || !emailExists($email)) {
$errors[] = lang("ACCOUNT_INVALID_EMAIL");
}
}
if (trim($username) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
} else {
if (!usernameExists($username)) {
$errors[] = lang("ACCOUNT_INVALID_USERNAME");
}
}
if (count($errors) == 0) {
//Check that the username / email are associated to the same account
if (!emailUsernameLinked($email, $username)) {
$errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID");
} else {
//Check if the user has any outstanding lost password requests
$userdetails = fetchUserDetails($username);
if ($userdetails["lost_password_request"] == 1) {
$errors[] = lang("FORGOTPASS_REQUEST_EXISTS");
} else {
//Email the user asking to confirm this change password request
//We can use the template builder here
//We use the activation token again for the url key it gets regenerated everytime it's used.
$mail = new userCakeMail();
$confirm_url = lang("CONFIRM") . "\n" . $websiteUrl . "forgot-password.php?confirm=" . $userdetails["activation_token"];
$deny_url = lang("DENY") . "\n" . $websiteUrl . "forgot-password.php?deny=" . $userdetails["activation_token"];
//Setup our custom hooks
$hooks = array("searchStrs" => array("#CONFIRM-URL#", "#DENY-URL#", "#USERNAME#"), "subjectStrs" => array($confirm_url, $deny_url, $userdetails["user_name"]));
if (!$mail->newTemplateMsg("{$baseURL}/application/third_party/user_cake/mail-templates/lost-password-request.txt", $hooks)) {
$errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");
} else {
if (!$mail->sendMail($userdetails["email"], "Lost password request")) {
$errors[] = lang("MAIL_ERROR");
} else {
//Update the DB to show this account has an outstanding request
if (!flagLostPasswordRequest($userdetails["user_name"], 1)) {
$errors[] = lang("SQL_ERROR");
} else {
$successes[] = lang("FORGOTPASS_REQUEST_SUCCESS");
}
}
}
}
}
}
}
$this->load->view('forgot_password');
}
<?php
require_once "models/config.php";
//for usercake
if (!securePage(htmlspecialchars($_SERVER['PHP_SELF']))) {
die;
}
//User has confirmed they want their password changed
if (!empty($_GET["confirm"])) {
$token = trim($_GET["confirm"]);
if ($token == "" || !validateActivationToken($token, TRUE)) {
$errors[] = lang("FORGOTPASS_INVALID_TOKEN");
} else {
$rand_pass = getUniqueCode(15);
//Get unique code
$secure_pass = generateHash($rand_pass);
//Generate random hash
$userdetails = fetchUserDetails(NULL, $token);
//Fetchs user details
$mail = new userCakeMail();
//Setup our custom hooks
$hooks = array("searchStrs" => array("#GENERATED-PASS#", "#USERNAME#"), "subjectStrs" => array($rand_pass, $userdetails["display_name"]));
if (!$mail->newTemplateMsg("your-lost-password.txt", $hooks)) {
$errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");
} else {
if (!$mail->sendMail($userdetails["email"], "Your new password")) {
$errors[] = lang("MAIL_ERROR");
} else {
if (!updatePasswordFromToken($secure_pass, $token)) {
$errors[] = lang("SQL_ERROR");
} else {
invoices.php
------------
product : PHP Invoice
version : 1.0 build 1 (Beta)
released : Sunday September 7 2003
copyright : Copyright © 2001-2009 Jeremy Hubert
email : support@illanti.com
website : http://www.illanti.com
The main page for the invoice software. Lists all invoices in the db.
DO NOT EDIT unless you know what you are doing.
***************************************************************************/
define('SITE_ROOT', '../');
require_once SITE_ROOT . 'includes/common.php';
securePage('client');
$tpl =& new TemplateSystem();
$tpl->set('page_title', $lang['pt_invoice_overview']);
$tpl->set('SYSTEM', $SYSTEM);
$invoices = $ISL->FetchInvoices();
$tpl->set('tbody', 'client/invoice_overview.tpl');
$count['total'] = count($invoices);
foreach ($invoices as $inv) {
$count[$inv['curr_status']]++;
$totals[$inv['curr_status']]['cost'] += $inv['cost'];
$totals[$inv['curr_status']]['tax'] += $inv['tax'];
$totals[$inv['curr_status']]['tax2'] += $inv['tax2'];
$totals[$inv['curr_status']]['total'] += $inv['cost'] + $inv['tax'] + $inv['tax2'] + $inv['shipping'];
}
$tpl->set('invoices', $invoices);
$tpl->set('count', $count);
public function index()
{
/*
UserCake (Via CupCake) Version: 2.0.2
http://usercake.com
*/
global $baseURL;
require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
//Prevent the user visiting the logged in page if he/she is already logged in
if (isUserLoggedIn()) {
header("Location: " . str_replace('index.php/', '', site_url('account')));
die;
}
//Forms posted
if (!empty($_POST)) {
global $errors;
$errors = array();
$username = sanitize(trim($_POST["username"]));
$password = trim($_POST["password"]);
//Perform some validation
//Feel free to edit / change as required
if ($username == "") {
$errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
}
if ($password == "") {
$errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");
}
if (count($errors) == 0) {
//A security note here, never tell the user which credential was incorrect
if (!usernameExists($username)) {
$errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");
} else {
$userdetails = fetchUserDetails($username);
//See if the user's account is activated
if ($userdetails["active"] == 0) {
$errors[] = lang("ACCOUNT_INACTIVE");
} else {
//Hash the password and use the salt from the database to compare the password.
$entered_pass = generateHash($password, $userdetails["password"]);
if ($entered_pass != $userdetails["password"]) {
//Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing
$errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");
} else {
//Passwords match! we're good to go'
//Construct a new logged in user object
//Transfer some db data to the session object
$loggedInUser = new loggedInUser();
$loggedInUser->email = $userdetails["email"];
$loggedInUser->user_id = $userdetails["id"];
$loggedInUser->hash_pw = $userdetails["password"];
$loggedInUser->title = $userdetails["title"];
$loggedInUser->displayname = $userdetails["display_name"];
$loggedInUser->username = $userdetails["user_name"];
//Update last sign in
$loggedInUser->updateLastSignIn();
$this->session->set_userdata('userCakeUser', $loggedInUser);
// $_SESSION["userCakeUser"] = $loggedInUser;
//Redirect to user account page
header("Location: " . str_replace('index.php/', '', site_url('account')));
die;
}
}
}
}
}
$this->load->view('login');
}
public function index()
{
/*
UserCake (Via CupCake) Version: 2.0.2
http://usercake.com
*/
global $baseURL;
require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
$permissionId = $_GET['id'];
//Check if selected permission level exists
if (!permissionIdExists($permissionId)) {
header("Location: " . site_url('admin_permissions'));
die;
}
$permissionDetails = fetchPermissionDetails($permissionId);
//Fetch information specific to permission level
//Forms posted
if (!empty($_POST)) {
//Delete selected permission level
if (!empty($_POST['delete'])) {
$deletions = $_POST['delete'];
if ($deletion_count = deletePermission($deletions)) {
$successes[] = lang("PERMISSION_DELETIONS_SUCCESSFUL", array($deletion_count));
header("Location: " . site_url('admin_permissions'));
} else {
$errors[] = lang("SQL_ERROR");
}
} else {
//Update permission level name
if ($permissionDetails[0]['name'] != $_POST['name']) {
$permission = trim($_POST['name']);
//Validate new name
if (permissionNameExists($permission)) {
$errors[] = lang("ACCOUNT_PERMISSIONNAME_IN_USE", array($permission));
} elseif (minMaxRange(1, 50, $permission)) {
$errors[] = lang("ACCOUNT_PERMISSION_CHAR_LIMIT", array(1, 50));
} else {
if (updatePermissionName($permissionId, $permission)) {
$successes[] = lang("PERMISSION_NAME_UPDATE", array($permission));
} else {
$errors[] = lang("SQL_ERROR");
}
}
}
//Remove access to pages
if (!empty($_POST['removePermission'])) {
$remove = $_POST['removePermission'];
if ($deletion_count = removePermission($permissionId, $remove)) {
$successes[] = lang("PERMISSION_REMOVE_USERS", array($deletion_count));
} else {
$errors[] = lang("SQL_ERROR");
}
}
//Add access to pages
if (!empty($_POST['addPermission'])) {
$add = $_POST['addPermission'];
if ($addition_count = addPermission($permissionId, $add)) {
$successes[] = lang("PERMISSION_ADD_USERS", array($addition_count));
} else {
$errors[] = lang("SQL_ERROR");
}
}
//Remove access to pages
if (!empty($_POST['removePage'])) {
$remove = $_POST['removePage'];
if ($deletion_count = removePage($remove, $permissionId)) {
$successes[] = lang("PERMISSION_REMOVE_PAGES", array($deletion_count));
} else {
$errors[] = lang("SQL_ERROR");
}
}
//Add access to pages
if (!empty($_POST['addPage'])) {
$add = $_POST['addPage'];
if ($addition_count = addPage($add, $permissionId)) {
$successes[] = lang("PERMISSION_ADD_PAGES", array($addition_count));
} else {
$errors[] = lang("SQL_ERROR");
}
}
$permissionDetails = fetchPermissionDetails($permissionId);
}
}
$pagePermissions = fetchPermissionPages($permissionId);
//Retrieve list of accessible pages
$permissionUsers = fetchPermissionUsers($permissionId);
//Retrieve list of users with membership
$userData = fetchAllUsers();
//Fetch all users
$pageData = fetchAllPages();
//Fetch all pages
require_once "{$baseURL}/application/third_party/user_cake/models/header.php";
echo "\r\n<body>\r\n<div id='wrapper'>\r\n<div id='top'><div id='logo'></div></div>\r\n<div id='content'>\r\n<h1>UserCake (Via CupCake)</h1>\r\n<h2>Admin Permissions</h2>\r\n<div id='left-nav'>";
include "{$baseURL}/application/third_party/user_cake/left-nav.php";
echo "\r\n</div>\r\n<div id='main'>";
echo resultBlock($errors, $successes);
echo "\r\n<form name='adminPermission' action='" . $_SERVER['PHP_SELF'] . "?id=" . $permissionId . "' method='post'>\r\n<table class='admin'>\r\n<tr><td>\r\n<h3>Permission Information</h3>\r\n<div id='regbox'>\r\n<p>\r\n<label>ID:</label>\r\n" . $permissionDetails[0]['id'] . "\r\n</p>\r\n<p>\r\n<label>Name:</label>\r\n<input type='text' name='name' value='" . $permissionDetails[0]['name'] . "' />\r\n</p>\r\n<label>Delete:</label>\r\n<input type='checkbox' name='delete[" . $permissionDetails[0]['id'] . "]' id='delete[" . $permissionDetails[0]['id'] . "]' value='" . $permissionDetails[0]['id'] . "'>\r\n</p>\r\n</div></td><td>\r\n<h3>Permission Membership</h3>\r\n<div id='regbox'>\r\n<p>\r\nRemove Members:";
//List users with permission level
foreach ($userData as $v1) {
if (isset($permissionUsers[$v1['id']])) {
echo "<br><input type='checkbox' name='removePermission[" . $v1['id'] . "]' id='removePermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['display_name'];
}
}
echo "\r\n</p><p>Add Members:";
//List users without permission level
foreach ($userData as $v1) {
if (!isset($permissionUsers[$v1['id']])) {
echo "<br><input type='checkbox' name='addPermission[" . $v1['id'] . "]' id='addPermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['display_name'];
}
}
echo "\r\n</p>\r\n</div>\r\n</td>\r\n<td>\r\n<h3>Permission Access</h3>\r\n<div id='regbox'>\r\n<p>\r\nPublic Access:";
//List public pages
foreach ($pageData as $v1) {
if ($v1['private'] != 1) {
echo "<br>" . $v1['page'];
}
}
echo "\r\n</p>\r\n<p>\r\nRemove Access:";
//List pages accessible to permission level
foreach ($pageData as $v1) {
if (isset($pagePermissions[$v1['id']]) and $v1['private'] == 1) {
echo "<br><input type='checkbox' name='removePage[" . $v1['id'] . "]' id='removePage[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['page'];
}
}
echo "\r\n</p><p>Add Access:";
//List pages inaccessible to permission level
foreach ($pageData as $v1) {
if (!isset($pagePermissions[$v1['id']]) and $v1['private'] == 1) {
echo "<br><input type='checkbox' name='addPage[" . $v1['id'] . "]' id='addPage[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['page'];
}
}
echo "\r\n</p>\r\n</div>\r\n</td>\r\n</tr>\r\n</table>\r\n<p>\r\n<label> </label>\r\n<input type='submit' value='Update' class='submit' />\r\n</p>\r\n</form>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n</body>\r\n</html>";
}
public function index()
{
/*
UserCake (Via CupCake) Version: 2.0.2
http://usercake.com
*/
global $baseURL;
$baseURL = getcwd();
require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
//Forms posted
if (!empty($_POST)) {
$cfgId = array();
$newSettings = $_POST['settings'];
//Validate new site name
if ($newSettings[1] != $websiteName) {
$newWebsiteName = $newSettings[1];
if (minMaxRange(1, 150, $newWebsiteName)) {
$errors[] = lang("CONFIG_NAME_CHAR_LIMIT", array(1, 150));
} else {
if (count($errors) == 0) {
$cfgId[] = 1;
$cfgValue[1] = $newWebsiteName;
$websiteName = $newWebsiteName;
}
}
}
//Validate new URL
if ($newSettings[2] != $websiteUrl) {
$newWebsiteUrl = $newSettings[2];
if (minMaxRange(1, 150, $newWebsiteUrl)) {
$errors[] = lang("CONFIG_URL_CHAR_LIMIT", array(1, 150));
} else {
if (substr($newWebsiteUrl, -1) != "/") {
$errors[] = lang("CONFIG_INVALID_URL_END");
} else {
if (count($errors) == 0) {
$cfgId[] = 2;
$cfgValue[2] = $newWebsiteUrl;
$websiteUrl = $newWebsiteUrl;
}
}
}
}
//Validate new site email address
if ($newSettings[3] != $emailAddress) {
$newEmail = $newSettings[3];
if (minMaxRange(1, 150, $newEmail)) {
$errors[] = lang("CONFIG_EMAIL_CHAR_LIMIT", array(1, 150));
} elseif (!isValidEmail($newEmail)) {
$errors[] = lang("CONFIG_EMAIL_INVALID");
} else {
if (count($errors) == 0) {
$cfgId[] = 3;
$cfgValue[3] = $newEmail;
$emailAddress = $newEmail;
}
}
}
//Validate email activation selection
if ($newSettings[4] != $emailActivation) {
$newActivation = $newSettings[4];
if ($newActivation != "true" and $newActivation != "false") {
$errors[] = lang("CONFIG_ACTIVATION_TRUE_FALSE");
} else {
if (count($errors) == 0) {
$cfgId[] = 4;
$cfgValue[4] = $newActivation;
$emailActivation = $newActivation;
}
}
}
//Validate new email activation resend threshold
if ($newSettings[5] != $resend_activation_threshold) {
$newResend_activation_threshold = $newSettings[5];
if ($newResend_activation_threshold > 72 or $newResend_activation_threshold < 0) {
$errors[] = lang("CONFIG_ACTIVATION_RESEND_RANGE", array(0, 72));
} else {
if (count($errors) == 0) {
$cfgId[] = 5;
$cfgValue[5] = $newResend_activation_threshold;
$resend_activation_threshold = $newResend_activation_threshold;
}
}
}
//Validate new language selection
if ($newSettings[6] != $language) {
$newLanguage = $newSettings[6];
if (minMaxRange(1, 150, $language)) {
$errors[] = lang("CONFIG_LANGUAGE_CHAR_LIMIT", array(1, 150));
} elseif (!file_exists($baseURL . $newLanguage)) {
$errors[] = lang("CONFIG_LANGUAGE_INVALID", array($newLanguage));
} else {
if (count($errors) == 0) {
$cfgId[] = 6;
$cfgValue[6] = $newLanguage;
$language = $newLanguage;
}
}
}
//Validate new template selection
if ($newSettings[7] != $template) {
$newTemplate = $newSettings[7];
if (minMaxRange(1, 150, $template)) {
$errors[] = lang("CONFIG_TEMPLATE_CHAR_LIMIT", array(1, 150));
} elseif (!file_exists($baseURL . $newTemplate)) {
$errors[] = lang("CONFIG_TEMPLATE_INVALID", array($newTemplate));
} else {
if (count($errors) == 0) {
$cfgId[] = 7;
$cfgValue[7] = $newTemplate;
$template = $newTemplate;
}
}
}
//Update configuration table with new settings
if (count($errors) == 0 and count($cfgId) > 0) {
updateConfig($cfgId, $cfgValue);
$successes[] = lang("CONFIG_UPDATE_SUCCESSFUL");
}
}
$languages = getLanguageFiles();
//Retrieve list of language files
$templates = getTemplateFiles();
//Retrieve list of template files
$permissionData = fetchAllPermissions();
//Retrieve list of all permission levels
require_once "{$baseURL}/application/third_party/user_cake/models/header.php";
echo "\r\n<body>\r\n<div id='wrapper'>\r\n<div id='top'><div id='logo'></div></div>\r\n<div id='content'>\r\n<h1>UserCake (Via CupCake)</h1>\r\n<h2>Admin Configuration</h2>\r\n<div id='left-nav'>";
include "{$baseURL}/application/third_party/user_cake/left-nav.php";
echo "\r\n</div>\r\n<div id='main'>";
echo resultBlock($errors, $successes);
echo "\r\n<div id='regbox'>\r\n<form name='adminConfiguration' action='" . $_SERVER['PHP_SELF'] . "' method='post'>\r\n<p>\r\n<label>Website Name:</label>\r\n<input type='text' name='settings[" . $settings['website_name']['id'] . "]' value='" . $websiteName . "' />\r\n</p>\r\n<p>\r\n<label>Website URL:</label>\r\n<input type='text' name='settings[" . $settings['website_url']['id'] . "]' value='" . $websiteUrl . "' />\r\n</p>\r\n<p>\r\n<label>Email:</label>\r\n<input type='text' name='settings[" . $settings['email']['id'] . "]' value='" . $emailAddress . "' />\r\n</p>\r\n<p>\r\n<label>Activation Threshold:</label>\r\n<input type='text' name='settings[" . $settings['resend_activation_threshold']['id'] . "]' value='" . $resend_activation_threshold . "' />\r\n</p>\r\n<p>\r\n<label>Language:</label>\r\n<select name='settings[" . $settings['language']['id'] . "]'>";
//Display language options
foreach ($languages as $optLang) {
if ($optLang == $language) {
echo "<option value='" . $optLang . "' selected>{$optLang}</option>";
} else {
echo "<option value='" . $optLang . "'>{$optLang}</option>";
}
}
echo "\r\n</select>\r\n</p>\r\n<p>\r\n<label>Email Activation:</label>\r\n<select name='settings[" . $settings['activation']['id'] . "]'>";
//Display email activation options
if ($emailActivation == "true") {
echo "\r\n\t<option value='true' selected>True</option>\r\n\t<option value='false'>False</option>\r\n\t</select>";
} else {
echo "\r\n\t<option value='true'>True</option>\r\n\t<option value='false' selected>False</option>\r\n\t</select>";
}
echo "</p>\r\n<p>\r\n<label>Template:</label>\r\n<select name='settings[" . $settings['template']['id'] . "]'>";
//Display template options
foreach ($templates as $temp) {
if ($temp == $template) {
echo "<option value='" . $temp . "' selected>{$temp}</option>";
} else {
echo "<option value='" . $temp . "'>{$temp}</option>";
}
}
echo "\r\n</select>\r\n</p>\r\n<input type='submit' name='Submit' value='Submit' />\r\n</form>\r\n</div>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n</body>\r\n</html>";
}
// Admin home
//
// Parameters:
// none
//
//------------------------------------------------------------------------------------------
//PAGE VARIABLE
$path_to_dynamik = "../common/";
// include global constants
include $path_to_dynamik . "config.inc.php";
// include connection script
include $path_to_dynamik . "connect.inc.php";
// include format functions
include $path_to_dynamik . "login_access_fncs.inc.php";
//user must be logged-in to view this page
securePage();
// include no cache headers
include $path_to_dynamik . "no_cache.inc.php";
// include format functions
include $path_to_dynamik . "format_functions.inc.php";
// include DB fetch functions
include $path_to_dynamik . "db_fetch_fncs.inc.php";
// include DB operations functions
include $path_to_dynamik . "db_ops_fncs.inc.php";
// load type of items to display (online / offline)
$type = trim($_GET["type"]);
// make sure type is set
if ($type == "") {
$type = "online";
}
// transform $type into $online (Y/N)
public function index()
{
/*
UserCake (Via CupCake) Version: 2.0.2
http://usercake.com
*/
$baseURL = getcwd();
require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
//Prevent the user visiting the logged in page if he is not logged in
if (!isUserLoggedIn()) {
header("Location: " . str_replace('index.php/', '', site_url('login')));
die;
}
if (!empty($_POST)) {
$errors = array();
$successes = array();
$password = $_POST["password"];
$password_new = $_POST["passwordc"];
$password_confirm = $_POST["passwordcheck"];
$errors = array();
$email = $_POST["email"];
//Perform some validation
//Feel free to edit / change as required
//Confirm the hashes match before updating a users password
$entered_pass = generateHash($password, $loggedInUser->hash_pw);
if (trim($password) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");
} else {
if ($entered_pass != $loggedInUser->hash_pw) {
//No match
$errors[] = lang("ACCOUNT_PASSWORD_INVALID");
}
}
if ($email != $loggedInUser->email) {
if (trim($email) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_EMAIL");
} else {
if (!isValidEmail($email)) {
$errors[] = lang("ACCOUNT_INVALID_EMAIL");
} else {
if (emailExists($email)) {
$errors[] = lang("ACCOUNT_EMAIL_IN_USE", array($email));
}
}
}
//End data validation
if (count($errors) == 0) {
$loggedInUser->updateEmail($email);
$successes[] = lang("ACCOUNT_EMAIL_UPDATED");
}
}
if ($password_new != "" or $password_confirm != "") {
if (trim($password_new) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_NEW_PASSWORD");
} else {
if (trim($password_confirm) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_CONFIRM_PASSWORD");
} else {
if (minMaxRange(8, 50, $password_new)) {
$errors[] = lang("ACCOUNT_NEW_PASSWORD_LENGTH", array(8, 50));
} else {
if ($password_new != $password_confirm) {
$errors[] = lang("ACCOUNT_PASS_MISMATCH");
}
}
}
}
//End data validation
if (count($errors) == 0) {
//Also prevent updating if someone attempts to update with the same password
$entered_pass_new = generateHash($password_new, $loggedInUser->hash_pw);
if ($entered_pass_new == $loggedInUser->hash_pw) {
//Don't update, this fool is trying to update with the same password ¬¬
$errors[] = lang("ACCOUNT_PASSWORD_NOTHING_TO_UPDATE");
} else {
//This function will create the new hash and update the hash_pw property.
$loggedInUser->updatePassword($password_new);
$successes[] = lang("ACCOUNT_PASSWORD_UPDATED");
}
}
}
if (count($errors) == 0 and count($successes) == 0) {
$errors[] = lang("NOTHING_TO_UPDATE");
}
}
$this->load->view('user_settings');
}
invoices.php
------------
product : PHP Invoice
version : 1.0 build 1 (Beta)
released : Sunday September 7 2003
copyright : Copyright © 2001-2009 Jeremy Hubert
email : support@illanti.com
website : http://www.illanti.com
The main page for the invoice software. Lists all invoices in the db.
DO NOT EDIT unless you know what you are doing.
***************************************************************************/
define('SITE_ROOT', '../');
require_once SITE_ROOT . 'includes/common.php';
securePage('admin');
$param = isset($_GET['param']) ? $_GET['param'] : 'invoice_num';
$invoiceID = isset($_GET['id']) ? $_GET['id'] : 0;
$item = isset($_GET['item']) ? $_GET['item'] : 0;
$value = isset($_GET['value']) ? $_GET['value'] : 0;
$search = isset($_GET['search']) ? $_GET['search'] : 0;
$page = isset($_GET['page']) ? $_GET['page'] : 0;
$message = '';
$tpl =& new TemplateSystem();
$tpl->set('page_title', $lang['pt_invoices']);
$tpl->set('SYSTEM', $SYSTEM);
// Delete Selected Invoice
if (isset($_GET['del']) && isset($_GET['id'])) {
$inv = $ISL->FetchInvoiceDetails($_GET['id']);
if ($inv['curr_status'] == 'unsent') {
$ISL->DeleteInvoice($_GET['id'], false);
public function index()
{
/*
UserCake (Via CupCake) Version: 2.0.2
http://usercake.com
*/
global $baseURL;
require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
$userId = $_GET['id'];
//Check if selected user exists
if (!userIdExists($userId)) {
header("Location: " . str_replace('index.php/', '', site_url('admin_users')));
die;
}
$userdetails = fetchUserDetails(NULL, NULL, $userId);
//Fetch user details
//Forms posted
if (!empty($_POST)) {
//Delete selected account
if (!empty($_POST['delete'])) {
$deletions = $_POST['delete'];
if ($deletion_count = deleteUsers($deletions)) {
$successes[] = lang("ACCOUNT_DELETIONS_SUCCESSFUL", array($deletion_count));
} else {
$errors[] = lang("SQL_ERROR");
}
} else {
//Update display name
if ($userdetails['display_name'] != $_POST['display']) {
$displayname = trim($_POST['display']);
//Validate display name
if (displayNameExists($displayname)) {
$errors[] = lang("ACCOUNT_DISPLAYNAME_IN_USE", array($displayname));
} elseif (minMaxRange(5, 25, $displayname)) {
$errors[] = lang("ACCOUNT_DISPLAY_CHAR_LIMIT", array(5, 25));
} elseif (!ctype_alnum($displayname)) {
$errors[] = lang("ACCOUNT_DISPLAY_INVALID_CHARACTERS");
} else {
if (updateDisplayName($userId, $displayname)) {
$successes[] = lang("ACCOUNT_DISPLAYNAME_UPDATED", array($displayname));
} else {
$errors[] = lang("SQL_ERROR");
}
}
} else {
$displayname = $userdetails['display_name'];
}
//Activate account
if (isset($_POST['activate']) && $_POST['activate'] == "activate") {
if (setUserActive($userdetails['activation_token'])) {
$successes[] = lang("ACCOUNT_MANUALLY_ACTIVATED", array($displayname));
} else {
$errors[] = lang("SQL_ERROR");
}
}
//Update email
if ($userdetails['email'] != $_POST['email']) {
$email = trim($_POST["email"]);
//Validate email
if (!isValidEmail($email)) {
$errors[] = lang("ACCOUNT_INVALID_EMAIL");
} elseif (emailExists($email)) {
$errors[] = lang("ACCOUNT_EMAIL_IN_USE", array($email));
} else {
if (updateEmail($userId, $email)) {
$successes[] = lang("ACCOUNT_EMAIL_UPDATED");
} else {
$errors[] = lang("SQL_ERROR");
}
}
}
//Update title
if ($userdetails['title'] != $_POST['title']) {
$title = trim($_POST['title']);
//Validate title
if (minMaxRange(1, 50, $title)) {
$errors[] = lang("ACCOUNT_TITLE_CHAR_LIMIT", array(1, 50));
} else {
if (updateTitle($userId, $title)) {
$successes[] = lang("ACCOUNT_TITLE_UPDATED", array($displayname, $title));
} else {
$errors[] = lang("SQL_ERROR");
}
}
}
//Remove permission level
if (!empty($_POST['removePermission'])) {
$remove = $_POST['removePermission'];
if ($deletion_count = removePermission($remove, $userId)) {
$successes[] = lang("ACCOUNT_PERMISSION_REMOVED", array($deletion_count));
} else {
$errors[] = lang("SQL_ERROR");
}
}
if (!empty($_POST['addPermission'])) {
$add = $_POST['addPermission'];
if ($addition_count = addPermission($add, $userId)) {
$successes[] = lang("ACCOUNT_PERMISSION_ADDED", array($addition_count));
} else {
$errors[] = lang("SQL_ERROR");
}
}
$userdetails = fetchUserDetails(NULL, NULL, $userId);
}
}
$userPermission = fetchUserPermissions($userId);
$permissionData = fetchAllPermissions();
require_once "{$baseURL}/application/third_party/user_cake/models/header.php";
echo "\r\n<body>\r\n<div id='wrapper'>\r\n<div id='top'><div id='logo'></div></div>\r\n<div id='content'>\r\n<h1>UserCake (Via CupCake)</h1>\r\n<h2>Admin User</h2>\r\n<div id='left-nav'>";
include "{$baseURL}/application/third_party/user_cake/left-nav.php";
echo "\r\n</div>\r\n<div id='main'>";
echo resultBlock($errors, $successes);
echo "\r\n<form name='adminUser' action='" . $_SERVER['PHP_SELF'] . "?id=" . $userId . "' method='post'>\r\n<table class='admin'><tr><td>\r\n<h3>User Information</h3>\r\n<div id='regbox'>\r\n<p>\r\n<label>ID:</label>\r\n" . $userdetails['id'] . "\r\n</p>\r\n<p>\r\n<label>Username:</label>\r\n" . $userdetails['user_name'] . "\r\n</p>\r\n<p>\r\n<label>Display Name:</label>\r\n<input type='text' name='display' value='" . $userdetails['display_name'] . "' />\r\n</p>\r\n<p>\r\n<label>Email:</label>\r\n<input type='text' name='email' value='" . $userdetails['email'] . "' />\r\n</p>\r\n<p>\r\n<label>Active:</label>";
//Display activation link, if account inactive
if ($userdetails['active'] == '1') {
echo "Yes";
} else {
echo "No\r\n\t</p>\r\n\t<p>\r\n\t<label>Activate:</label>\r\n\t<input type='checkbox' name='activate' id='activate' value='activate'>\r\n\t";
}
echo "\r\n</p>\r\n<p>\r\n<label>Title:</label>\r\n<input type='text' name='title' value='" . $userdetails['title'] . "' />\r\n</p>\r\n<p>\r\n<label>Sign Up:</label>\r\n" . date("j M, Y", $userdetails['sign_up_stamp']) . "\r\n</p>\r\n<p>\r\n<label>Last Sign In:</label>";
//Last sign in, interpretation
if ($userdetails['last_sign_in_stamp'] == '0') {
echo "Never";
} else {
echo date("j M, Y", $userdetails['last_sign_in_stamp']);
}
echo "\r\n</p>\r\n<p>\r\n<label>Delete:</label>\r\n<input type='checkbox' name='delete[" . $userdetails['id'] . "]' id='delete[" . $userdetails['id'] . "]' value='" . $userdetails['id'] . "'>\r\n</p>\r\n<p>\r\n<label> </label>\r\n<input type='submit' value='Update' class='submit' />\r\n</p>\r\n</div>\r\n</td>\r\n<td>\r\n<h3>Permission Membership</h3>\r\n<div id='regbox'>\r\n<p>Remove Permission:";
//List of permission levels user is apart of
foreach ($permissionData as $v1) {
if (isset($userPermission[$v1['id']])) {
echo "<br><input type='checkbox' name='removePermission[" . $v1['id'] . "]' id='removePermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['name'];
}
}
//List of permission levels user is not apart of
echo "</p><p>Add Permission:";
foreach ($permissionData as $v1) {
if (!isset($userPermission[$v1['id']])) {
echo "<br><input type='checkbox' name='addPermission[" . $v1['id'] . "]' id='addPermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['name'];
}
}
echo "\r\n</p>\r\n</div>\r\n</td>\r\n</tr>\r\n</table>\r\n</form>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n</body>\r\n</html>";
}
<?php
require_once "models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
require_once "models/header.php";
echo "\r\n<div class='container'>\r\n<h1>PerunioCMS</h1>\r\n<p>\r\nHey, {$loggedInUser->displayname}. This is an example secure page designed to demonstrate some of the basic features of UserCake. Just so you know, your title at the moment is {$loggedInUser->title}, and that can be changed in the admin panel. You registered this account on " . date("M d, Y", $loggedInUser->signup) . ".\r\n</p>\r\n</div>";
require_once "models/footer.php";
public function index()
{
/*
UserCake (Via CupCake) Version: 2.0.2
http://usercake.com
*/
global $baseURL;
require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
$pageId = $_GET['id'];
//Check if selected pages exist
if (!pageIdExists($pageId)) {
header("Location: " . str_replace('index.php/', '', site_url('admin_pages')));
die;
}
$pageDetails = fetchPageDetails($pageId);
//Fetch information specific to page
//Forms posted
if (!empty($_POST)) {
$update = 0;
if (!empty($_POST['private'])) {
$private = $_POST['private'];
}
//Toggle private page setting
if (isset($private) and $private == 'Yes') {
if ($pageDetails['private'] == 0) {
if (updatePrivate($pageId, 1)) {
$successes[] = lang("PAGE_PRIVATE_TOGGLED", array("private"));
} else {
$errors[] = lang("SQL_ERROR");
}
}
} elseif ($pageDetails['private'] == 1) {
if (updatePrivate($pageId, 0)) {
$successes[] = lang("PAGE_PRIVATE_TOGGLED", array("public"));
} else {
$errors[] = lang("SQL_ERROR");
}
}
//Remove permission level(s) access to page
if (!empty($_POST['removePermission'])) {
$remove = $_POST['removePermission'];
if ($deletion_count = removePage($pageId, $remove)) {
$successes[] = lang("PAGE_ACCESS_REMOVED", array($deletion_count));
} else {
$errors[] = lang("SQL_ERROR");
}
}
//Add permission level(s) access to page
if (!empty($_POST['addPermission'])) {
$add = $_POST['addPermission'];
if ($addition_count = addPage($pageId, $add)) {
$successes[] = lang("PAGE_ACCESS_ADDED", array($addition_count));
} else {
$errors[] = lang("SQL_ERROR");
}
}
$pageDetails = fetchPageDetails($pageId);
}
$pagePermissions = fetchPagePermissions($pageId);
$permissionData = fetchAllPermissions();
require_once "{$baseURL}/application/third_party/user_cake/models/header.php";
echo "\r\n<body>\r\n<div id='wrapper'>\r\n<div id='top'><div id='logo'></div></div>\r\n<div id='content'>\r\n<h1>UserCake (Via CupCake)</h1>\r\n<h2>Admin Page</h2>\r\n<div id='left-nav'>";
include "{$baseURL}/application/third_party/user_cake/left-nav.php";
echo "\r\n</div>\r\n<div id='main'>";
echo resultBlock($errors, $successes);
echo "\r\n<form name='adminPage' action='" . $_SERVER['PHP_SELF'] . "?id=" . $pageId . "' method='post'>\r\n<input type='hidden' name='process' value='1'>\r\n<table class='admin'>\r\n<tr><td>\r\n<h3>Page Information</h3>\r\n<div id='regbox'>\r\n<p>\r\n<label>ID:</label>\r\n" . $pageDetails['id'] . "\r\n</p>\r\n<p>\r\n<label>Name:</label>\r\n" . $pageDetails['page'] . "\r\n</p>\r\n<p>\r\n<label>Private:</label>";
//Display private checkbox
if ($pageDetails['private'] == 1) {
echo "<input type='checkbox' name='private' id='private' value='Yes' checked>";
} else {
echo "<input type='checkbox' name='private' id='private' value='Yes'>";
}
echo "\r\n</p>\r\n</div></td><td>\r\n<h3>Page Access</h3>\r\n<div id='regbox'>\r\n<p>\r\nRemove Access:";
//Display list of permission levels with access
foreach ($permissionData as $v1) {
if (isset($pagePermissions[$v1['id']])) {
echo "<br><input type='checkbox' name='removePermission[" . $v1['id'] . "]' id='removePermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['name'];
}
}
echo "\r\n</p><p>Add Access:";
//Display list of permission levels without access
foreach ($permissionData as $v1) {
if (!isset($pagePermissions[$v1['id']])) {
echo "<br><input type='checkbox' name='addPermission[" . $v1['id'] . "]' id='addPermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['name'];
}
}
echo "\r\n</p>\r\n</div>\r\n</td>\r\n</tr>\r\n</table>\r\n<p>\r\n<label> </label>\r\n<input type='submit' value='Update' class='submit' />\r\n</p>\r\n</form>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n</body>\r\n</html>";
}
