public function execute()
{
header("Status: 401");
$this->output->description = "Login";
$this->output->keywords = "login";
$this->output->title = "Login";
$this->output->add_javascript("banshee/login.js");
$this->output->open_tag("login", array("password" => show_boolean(module_exists("password")), "register" => show_boolean(module_exists("register"))));
$this->output->add_tag("url", $_SERVER["REQUEST_URI"]);
if ($_SERVER["REQUEST_METHOD"] != "POST") {
$this->output->add_tag("bind");
} else {
$this->output->add_tag("username", $_POST["username"]);
if (is_true($_POST["bind_ip"])) {
$this->output->add_tag("bind");
}
}
$this->output->add_tag("remote_addr", $_SERVER["REMOTE_ADDR"]);
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (strpos($_POST["username"], "'") !== false) {
$this->output->add_message("Sorry, this application does not support SQL injection.");
header("X-Hiawatha-Monitor: exploit_attempt");
} else {
$this->output->add_message("Login incorrect");
}
}
$this->output->close_tag();
}
public function execute()
{
if (isset($_SERVER["hide_ss"]) == false) {
$_SERVER["hide_ss"] = true;
}
if ($_SERVER["REQUEST_METHOD"] == "POST" && $_POST["submit_button"] == "hidess") {
$_SERVER["hide_ss"] = is_true($_POST["hide_ss"]);
}
$this->output->add_css("banshee/filter.css");
$filter = new filter($this->db, $this->output, $this->user);
$filter->to_output($this->model->table, false);
if (($count = $this->model->count_events($filter->webserver, $_SERVER["hide_ss"])) === false) {
$this->output->add_tag("result", "Database error.");
return;
}
$paging = new pagination($this->output, "events", $this->settings->event_page_size, $count);
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$paging->reset();
}
if (($events = $this->model->get_events($paging->offset, $paging->size, $filter->webserver, $_SERVER["hide_ss"])) === false) {
$this->output->add_tag("result", "Database error.");
return;
}
$this->output->open_tag("events", array("hide_ss" => show_boolean($_SERVER["hide_ss"])));
foreach ($events as $event) {
$event["timestamp"] = date("j F Y, H:i:s", $event["timestamp"]);
$event["event"] = $this->output->secure_string($event["event"], "_");
$this->output->record($event, "event");
}
$paging->show_browse_links();
$this->output->close_tag();
}
private function show_edit_form($photo)
{
$this->output->open_tag("edit");
$photo["overview"] = show_boolean($photo["overview"]);
$this->output->record($photo, "photo");
$this->output->close_tag();
}
private function show_profile_form($profile)
{
$this->output->add_javascript("banshee/" . PASSWORD_HASH . ".js");
$this->output->add_javascript("profile.js");
$this->output->run_javascript("hash = window['" . PASSWORD_HASH . "'];");
$this->output->open_tag("edit");
$this->output->add_tag("username", $this->user->username);
$this->output->add_tag("email", $profile["email"]);
$this->output->add_tag("notification_key", $profile["notification_key"]);
$this->output->add_tag("notification_method", $profile["notification_method"]);
$this->output->add_tag("daily_report", show_boolean($profile["daily_report"]));
if ($this->user->status == USER_STATUS_CHANGEPWD) {
$this->output->add_tag("cancel", "Logout", array("page" => LOGOUT_MODULE));
} else {
$this->output->add_tag("cancel", "Back", array("page" => $this->settings->start_page));
}
$notification_methods = config_array(NOTIFICATION_METHODS);
$this->output->open_tag("notification");
foreach ($notification_methods as $method => $label) {
$this->output->add_tag("method", $method, array("label" => $label));
}
$this->output->close_tag();
/* Action log
*/
if (($actionlog = $this->model->last_account_logs()) !== false) {
$this->output->open_tag("actionlog");
foreach ($actionlog as $log) {
$this->output->record($log, "log");
}
$this->output->close_tag();
}
$this->output->close_tag();
}
private function show_day_information($type, $date)
{
$filter = new filter($this->db, $this->output, $this->user);
$filter->to_output($this->model->table, $this->model->hostnames);
if (($stats = $this->model->get_day_statistics($type, $date, $filter->hostname, $filter->webserver)) === false) {
$this->output->add_tag("result", "Database error.");
return false;
}
$graph = new graph($this->output);
$graph->title = $this->graphs[$type] . " for " . date("l j F Y", strtotime($date));
$graph->width = 960;
$graph->height = GRAPH_HEIGHT;
foreach ($stats as $hour => $count) {
$graph->add_bar("Hour " . $hour, $count, "hour");
}
$graph->to_output();
if (($stats = $this->model->get_day_information($type, $date, $filter->hostname, $filter->webserver)) === false) {
$this->output->add_tag("result", "Database error.");
return false;
}
$this->output->open_tag("day", array("hostnames" => show_boolean($this->model->hostnames), "label" => $this->graphs[$type]));
foreach ($stats as $stat) {
if ($type == "requests" || $type == "bytes_sent") {
$stat["count"] = $this->model->readable_number($stat["count"]);
}
$this->output->record($stat, "stat");
}
$this->output->close_tag();
}
public function execute()
{
$this->output->title = "Captcha demo";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$valid = captcha::valid_code($_POST["code"]);
$this->output->add_tag("valid", show_boolean($valid));
}
}
public function execute()
{
if ($this->user->logged_in == false) {
unset($this->sections["mail"]);
}
if (isset($_SESSION["search"]) == false) {
$_SESSION["search"] = array();
foreach ($this->sections as $section => $label) {
$_SESSION["search"][$section] = true;
}
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$this->log_search_query($_POST["query"]);
foreach ($this->sections as $section => $label) {
$_SESSION["search"][$section] = is_true($_POST[$section]);
}
}
$this->output->add_css("banshee/js_pagination.css");
$this->output->add_javascript("banshee/pagination.js");
$this->output->add_javascript("search.js");
$this->output->run_javascript("document.getElementById('query').focus()");
$this->output->add_tag("query", $_POST["query"]);
$this->output->open_tag("sections");
foreach ($this->sections as $section => $label) {
$params = array("label" => $label, "checked" => show_boolean($_SESSION["search"][$section]));
$this->output->add_tag("section", $section, $params);
}
$this->output->close_tag();
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (strlen(trim($_POST["query"])) < 3) {
$this->output->add_tag("result", "Search query too short.");
} else {
if (($result = $this->model->search($_POST, $this->sections)) === false) {
/* Error
*/
$this->output->add_tag("result", "Search error.");
} else {
if (count($result) == 0) {
$this->output->add_tag("result", "No matches found.");
} else {
/* Results
*/
foreach ($result as $section => $hits) {
$this->output->open_tag("section", array("section" => $section, "label" => $this->sections[$section]));
foreach ($hits as $hit) {
$hit["text"] = strip_tags($hit["text"]);
$hit["content"] = strip_tags($hit["content"]);
$hit["content"] = preg_replace('/\\[.*?\\]/', "", $hit["content"]);
$hit["content"] = truncate_text($hit["content"], 400);
$this->output->record($hit, "hit");
}
$this->output->close_tag();
}
}
}
}
}
}
private function show_user_form($user)
{
if (isset($user["roles"]) == false) {
$user["roles"] = array();
}
if (($roles = $this->model->get_roles()) == false) {
$this->output->add_tag("result", "Database error.");
return;
}
if ($this->user->is_admin) {
if (($organisations = $this->model->get_organisations()) == false) {
$this->output->add_tag("result", "Database error.");
return;
}
}
/* Non-admins cannot edit admins
*/
if (isset($user["id"]) && $this->user->is_admin == false) {
if ($this->model->access_allowed_for_non_admin($user) == false) {
$this->user->log_action("unauthorized edit attempt of user %d", $user["id"]);
$this->output->add_tag("result", "You are not allowed to edit this user.");
return;
}
}
$this->output->add_javascript("cms/user.js");
$this->output->open_tag("edit");
$this->output->open_tag("status");
$status = array(USER_STATUS_DISABLED => "Disabled", USER_STATUS_CHANGEPWD => "Change password", USER_STATUS_ACTIVE => "Active");
foreach ($status as $id => $stat) {
$this->output->add_tag("status", $stat, array("id" => $id));
}
$this->output->close_tag();
$this->output->record($user, "user");
if ($this->user->is_admin) {
$this->output->open_tag("organisations");
foreach ($organisations as $organisation) {
$this->output->add_tag("organisation", $organisation["name"], array("id" => $organisation["id"]));
}
$this->output->close_tag();
}
$this->output->open_tag("roles");
foreach ($roles as $role) {
/* Non-admins cannot assign the admin role
*/
if ($this->user->is_admin == false && $role["id"] == ADMIN_ROLE_ID) {
continue;
}
$checked = in_array($role["id"], $user["roles"]);
$enabled = $this->user->id != $user["id"] || $role["id"] != ADMIN_ROLE_ID;
/* Don't disable yourself */
$this->output->add_tag("role", $role["name"], array("id" => $role["id"], "checked" => show_boolean($checked), "enabled" => show_boolean($enabled)));
}
$this->output->close_tag();
$this->output->close_tag();
}
private function show_hostnames()
{
if (($hostnames = $this->model->get_hostnames()) === false) {
$this->output->add_tag("result", "Database error.");
} else {
$this->output->open_tag("hostnames");
foreach ($hostnames as $hostname) {
$this->output->add_tag("hostname", $hostname["hostname"], array("id" => $hostname["id"], "visible" => show_boolean($hostname["visible"])));
}
$this->output->close_tag();
}
}
private function show_mail($mail)
{
$message = new message($mail["message"]);
$mail["message"] = $message->unescaped_output();
if ($mail["to_user_id"] == $this->user->id) {
$this->title = "Inbox";
} else {
$this->title = "Sentbox";
$back = "/sent";
}
$actions = show_boolean($mail["to_user_id"] == $this->user->id);
$this->output->record($mail, "mail", array("actions" => $actions, "back" => $back));
}
public function execute()
{
$menu = array("Authentication & authorization" => array("Users" => array("cms/user", "users.png"), "Roles" => array("cms/role", "roles.png"), "Organisations" => array("cms/organisation", "organisations.png"), "Access" => array("cms/access", "access.png"), "Flags" => array("cms/flag", "flags.png"), "User switch" => array("cms/switch", "switch.png")), "Content" => array("Agenda" => array("cms/agenda", "agenda.png"), "Dictionary" => array("cms/dictionary", "dictionary.png"), "F.A.Q." => array("cms/faq", "faq.png"), "Files" => array("cms/file", "file.png"), "Forum" => array("cms/forum", "forum.png"), "Guestbook" => array("cms/guestbook", "guestbook.png"), "Languages" => array("cms/language", "language.png"), "Links" => array("cms/links", "links.png"), "Menu" => array("cms/menu", "menu.png"), "News" => array("cms/news", "news.png"), "Pages" => array("cms/page", "page.png"), "Polls" => array("cms/poll", "poll.png"), "Weblog" => array("cms/weblog", "weblog.png")), "Photo album" => array("Albums" => array("cms/album", "album.png"), "Collections" => array("cms/collection", "collection.png"), "Photos" => array("cms/photo", "photo.png")), "Newsletter" => array("Newsletter" => array("cms/newsletter", "newsletter.png"), "Subscriptions" => array("cms/subscriptions", "subscriptions.png")), "System" => array("Logging" => array("cms/logging", "logging.png"), "Action log" => array("cms/action", "action.png"), "Settings" => array("cms/settings", "settings.png"), "API test" => array("cms/apitest", "apitest.png")));
/* Show warnings
*/
if ($this->user->is_admin) {
if (module_exists("setup")) {
$this->output->add_system_warning("The setup module is still available. Remove it from settings/public_modules.conf.");
}
if ($this->user->id == 1 && $this->user->password == "c10b391ff5e75af6ee8469539e6a5428f09eff7e693d6a8c4de0e5525cd9b287") {
$this->output->add_system_warning("Don't forget to change the password of the admin account!");
}
if ($this->settings->secret_website_code == "CHANGE_ME_INTO_A_RANDOM_STRING") {
$this->output->add_system_warning("Don't forget to change the secret_website_code setting.");
}
if (is_true(DEBUG_MODE)) {
$this->output->add_system_warning("Website is running in debug mode. Set DEBUG_MODE in settings/website.conf to 'no'.");
}
}
if ($this->page->pathinfo[1] != null) {
$this->output->add_system_warning("The administration module '%s' does not exist.", $this->page->pathinfo[1]);
}
/* Show icons
*/
if (is_false(MULTILINGUAL)) {
unset($menu["Content"]["Languages"]);
}
$access_list = page_access_list($this->db, $this->user);
$private_modules = config_file("private_modules");
$this->output->open_tag("menu");
foreach ($menu as $text => $section) {
$this->output->open_tag("section", array("text" => $text, "class" => strtr(strtolower($text), " &", "__")));
foreach ($section as $text => $info) {
list($module, $icon) = $info;
if (in_array($module, $private_modules) == false) {
continue;
}
if (isset($access_list[$module])) {
$access = $access_list[$module] > 0;
} else {
$access = true;
}
$this->output->add_tag("entry", $module, array("text" => $text, "access" => show_boolean($access), "icon" => $icon));
}
$this->output->close_tag();
}
$this->output->close_tag();
}
public function execute()
{
$menu = array("Authentication, authorization & system" => array("Users" => array("cms/user", "users.png"), "Roles" => array("cms/role", "roles.png"), "Organisations" => array("cms/organisation", "organisations.png"), "Access" => array("cms/access", "access.png"), "User switch" => array("cms/switch", "switch.png"), "Action log" => array("cms/action", "action.png"), "Settings" => array("cms/settings", "settings.png")), "Content" => array("Files" => array("cms/file", "file.png"), "Hostnames" => array("cms/hostname", "hostname.gif"), "Menu" => array("cms/menu", "menu.png"), "Pages" => array("cms/page", "page.png"), "Webservers" => array("cms/webserver", "webserver.png")));
/* Show warnings
*/
if ($this->user->is_admin) {
if ($this->user->id == 1 && $this->user->password == "610706e9a48f85476e04d270bd6dc7492cdcd9ad7e91878007dff629ab11f195") {
$this->output->add_system_warning("Don't forget to change the password of the admin account!");
}
if ($this->settings->secret_website_code == "CHANGE_ME_INTO_A_RANDOM_STRING") {
$this->output->add_system_warning("Don't forget to change the secret_website_code setting.");
}
if (is_true(DEBUG_MODE)) {
$this->output->add_system_warning("Website is running in debug mode. Set DEBUG_MODE in settings/website.conf to 'no'.");
}
}
if ($this->page->pathinfo[1] != null) {
$this->output->add_system_warning("The administration module '%s' does not exist.", $this->page->pathinfo[1]);
}
/* Show icons
*/
if (is_false(MULTILINGUAL)) {
unset($menu["Content"]["Languages"]);
}
$access_list = page_access_list($this->db, $this->user);
$private_pages = config_file("private_pages");
$this->output->open_tag("menu");
foreach ($menu as $text => $section) {
$this->output->open_tag("section", array("text" => $text, "class" => strtr(strtolower($text), " &", "__")));
foreach ($section as $text => $info) {
list($page, $icon) = $info;
if (in_array($page, $private_pages) == false) {
continue;
}
if (isset($access_list[$page])) {
$access = $access_list[$page] > 0;
} else {
$access = true;
}
$this->output->add_tag("entry", $page, array("text" => $text, "access" => show_boolean($access), "icon" => $icon));
}
$this->output->close_tag();
}
$this->output->close_tag();
}
private function show_page_form($page)
{
$this->output->set_xslt_parameter("admin_role_id", ADMIN_ROLE_ID);
$page["private"] = show_boolean($page["private"]);
$page["visible"] = show_boolean($page["visible"]);
$page["back"] = show_boolean($page["back"]);
$args = array();
if (isset($page["id"])) {
$args["id"] = $page["id"];
}
$this->output->add_javascript("cms/page.js");
$this->output->add_javascript("ckeditor/ckeditor.js");
$this->output->add_javascript("banshee/start_ckeditor.js");
$this->output->open_tag("edit");
/* Languages
*/
$this->output->open_tag("languages");
foreach (config_array(SUPPORTED_LANGUAGES) as $code => $lang) {
$this->output->add_tag("language", $lang, array("code" => $code));
}
$this->output->close_tag();
/* Layouts
*/
$this->output->open_tag("layouts", array("current" => $page["layout"]));
if (($layouts = $this->model->get_layouts()) != false) {
foreach ($layouts as $layout) {
$this->output->add_tag("layout", $layout);
}
}
$this->output->close_tag();
/* Roles
*/
$this->output->open_tag("roles");
if (($roles = $this->model->get_roles()) != false) {
foreach ($roles as $role) {
$this->output->add_tag("role", $role["name"], array("id" => $role["id"], "checked" => show_boolean($page["roles"][$role["id"]])));
}
}
$this->output->close_tag();
/* Page data
*/
$this->output->record($page, "page", $args);
$this->output->close_tag();
}
private function show_graph($items, $title)
{
static $id = -1;
$id = $id + 1;
$max = $this->model->max_value($items, "count");
$this->output->open_tag("graph", array("title" => $title, "id" => $id, "max" => $max));
foreach ($items as $item) {
if ($max > 0) {
$item["height"] = round($this->height * ($item["count"] / $max));
} else {
$item["height"] = 0;
}
$timestamp = strtotime($item["date"]);
$item["day"] = date("j F Y", $timestamp);
$item["weekend"] = show_boolean(date("N", $timestamp) >= 6);
$this->output->record($item, "item");
}
$this->output->close_tag();
}
private function show_webserver_form($webserver)
{
if (($users = $this->model->get_users()) === false) {
return;
}
$this->output->add_javascript("cms/webserver.js");
$this->output->open_tag("edit");
$webserver["tls"] = show_boolean($webserver["tls"]);
$webserver["active"] = show_boolean($webserver["active"]);
if (is_array($webserver["users"]) == false) {
$webserver["users"] = array();
}
$this->output->record($webserver, "webserver");
$this->output->open_tag("users");
foreach ($users as $user) {
$attr = array("id" => $user["id"], "checked" => show_boolean(in_array($user["id"], $webserver["users"])));
$this->output->add_tag("user", $user["fullname"], $attr);
}
$this->output->close_tag();
$this->output->close_tag();
}
private function show_collection_form($collection)
{
if (($albums = $this->model->get_albums()) === false) {
$this->output->add_tag("result", "Database error.");
return;
}
if (is_array($collection["albums"]) == false) {
$collection["albums"] = array();
}
$this->output->open_tag("edit");
$params = isset($collection["id"]) ? array("id" => $collection["id"]) : array();
$this->output->open_tag("collection", $params);
$this->output->record($collection);
$this->output->open_tag("albums");
foreach ($albums as $album) {
$this->output->add_tag("album", $album["name"], array("id" => $album["id"], "checked" => show_boolean(in_array($album["id"], $collection["albums"]))));
}
$this->output->close_tag();
$this->output->close_tag();
$this->output->close_tag();
}
private function show_poll_overview()
{
if (($polls = $this->model->get_polls()) === false) {
$this->output->add_tag("result", "Database error");
} else {
$today = strtotime("today 00:00:00");
$this->output->open_tag("overview");
$this->output->open_tag("polls");
foreach ($polls as $poll) {
$edit = $poll["begin"] > $today;
$args = array("edit" => show_boolean($edit));
if ($edit == false) {
$args["button"] = $poll["end"] >= $today ? "close" : "delete";
}
$poll["begin"] = date("j F Y", $poll["begin"]);
$poll["end"] = date("j F Y", $poll["end"]);
$this->output->record($poll, "poll", $args);
}
$this->output->close_tag();
$this->output->close_tag();
}
}
private function show_weblog_form($weblog)
{
$this->output->add_javascript("ckeditor/ckeditor.js");
$this->output->add_javascript("banshee/start_ckeditor.js");
$this->output->open_tag("edit");
$weblog["visible"] = show_boolean($weblog["visible"]);
$this->output->record($weblog, "weblog");
/* Tags
*/
$tagged = array();
if (isset($weblog["tag"])) {
$tagged = $weblog["tag"];
} else {
if (($weblog_tags = $this->model->get_weblog_tags($weblog["id"])) != false) {
foreach ($weblog_tags as $tag) {
array_push($tagged, $tag["id"]);
}
}
}
$this->output->open_tag("tags");
if (($tags = $this->model->get_tags()) != false) {
foreach ($tags as $tag) {
$this->output->add_tag("tag", $tag["tag"], array("id" => $tag["id"], "selected" => show_boolean(in_array($tag["id"], $tagged))));
}
}
$this->output->close_tag();
/* Comments
*/
$this->output->open_tag("comments");
if (($weblog_comments = $this->model->get_weblog_comments($weblog["id"])) != false) {
foreach ($weblog_comments as $comment) {
$comment["content"] = truncate_text($comment["content"], 100);
$this->output->record($comment, "comment");
}
}
$this->output->close_tag();
$this->output->close_tag();
}
public function execute()
{
$this->output->description = "Guestbook";
$this->output->keywords = "guestbook";
$this->output->title = "Guestbook";
$skip_sign_link = false;
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if ($this->model->message_oke($_POST) == false) {
$this->show_guestbook_form($_POST);
} else {
if ($this->model->save_message($_POST) == false) {
$this->output->add_message("Database errors while saving message.");
$this->show_guestbook_form($_POST);
} else {
$skip_sign_link = true;
}
}
}
if (($message_count = $this->model->count_messages()) === false) {
$this->output->add_tag("result", "Database error.");
return;
}
$paging = new pagination($this->output, "guestbook", $this->settings->guestbook_page_size, $message_count);
if (($guestbook = $this->model->get_messages($paging->offset, $paging->size)) === false) {
$this->output->add_tag("result", "Database error.");
} else {
$this->output->open_tag("guestbook", array("skip_sign_link" => show_boolean($skip_sign_link)));
foreach ($guestbook as $item) {
$item["timestamp"] = date("j F Y, H:i", $item["timestamp"]);
$message = new message($item["message"]);
$item["message"] = $message->unescaped_output();
unset($item["ip_address"]);
$this->output->record($item, "item");
}
$paging->show_browse_links(7, 3);
$this->output->close_tag();
}
}
public function show_role_form($role)
{
if (isset($role["id"]) == false) {
$params = array("editable" => "yes");
} else {
$params = array("id" => $role["id"], "editable" => show_boolean($role["id"] != ADMIN_ROLE_ID));
}
if (($pages = $this->model->get_restricted_pages()) === false) {
$this->output->add_tag("result", "Database error.");
return;
}
sort($pages);
$this->output->open_tag("edit");
/* Roles
*/
$this->output->add_tag("role", $role["name"], $params);
$this->output->open_tag("pages");
foreach ($pages as $page) {
if (($value = $role[$page]) == null) {
$value = 0;
}
$params = array("value" => $value);
$this->output->add_tag("page", $page, $params);
}
$this->output->close_tag();
$this->output->open_tag("members");
if (($users = $this->model->get_role_members($role["id"])) !== false) {
foreach ($users as $user) {
$this->output->open_tag("member", array("id" => $user["id"]));
$this->output->add_tag("fullname", $user["fullname"]);
$this->output->add_tag("email", $user["email"]);
$this->output->close_tag();
}
}
$this->output->close_tag();
$this->output->close_tag();
}
protected function show_item_form($item)
{
$args = array("name" => strtolower($this->name), "allow_delete" => show_boolean($this->model->allow_delete));
if (isset($item["id"]) == false) {
if ($this->model->allow_create == false) {
$this->show_overview();
return;
}
} else {
$args["id"] = $item["id"];
if ($this->model->allow_update == false) {
$this->show_overview();
return;
}
}
$this->output->open_tag("edit");
$this->output->open_tag("form", $args);
foreach ($this->model->elements as $name => $element) {
if ($name == "id" || $element["readonly"]) {
continue;
}
$this->output->open_tag("element", array("name" => $name, "type" => $element["type"]));
if (isset($element["label"])) {
$this->output->add_tag("label", $element["label"]);
}
if ($element["type"] == "boolean") {
$item[$name] = show_boolean($item[$name]);
} else {
if ($element["type"] == "timestamp") {
$item[$name] = date("Y-m-d H:i", strtotime($item[$name]));
}
}
if ($element["type"] != "blob") {
$this->output->add_tag("value", $item[$name]);
}
if ($element["type"] == "foreignkey") {
$element["options"] = array();
if ($element["required"] == false) {
$element["options"][null] = $this->foreign_null;
}
if (is_array($element["column"]) == false) {
$cols = array($element["column"]);
} else {
$cols = $element["column"];
}
$qcols = implode(",", array_fill(1, count($cols), "%S"));
$query = "select id," . $qcols . " from %S order by " . $qcols;
if (($options = $this->db->execute($query, $cols, $element["table"], $cols)) != false) {
foreach ($options as $option) {
$values = array();
foreach ($cols as $col) {
array_push($values, $option[$col]);
}
$element["options"][$option["id"]] = implode(" ", $values);
}
}
}
switch ($element["type"]) {
case "date":
$this->output->add_javascript("jquery/jquery-ui.js");
$this->output->add_javascript("banshee/datepicker.js");
$this->output->add_css("jquery/jquery-ui.css");
break;
case "timestamp":
$this->output->add_javascript("jquery/jquery-ui.js");
$this->output->add_javascript("banshee/jquery.timepicker.js");
$this->output->add_javascript("banshee/datetimepicker.js");
$this->output->add_css("jquery/jquery-ui.css");
$this->output->add_css("banshee/timepicker.css");
break;
case "ckeditor":
$this->output->add_javascript("ckeditor/ckeditor.js");
$this->output->add_javascript("banshee/start_ckeditor.js");
break;
}
if ($element["type"] == "enum" || $element["type"] == "foreignkey") {
$this->output->open_tag("options");
foreach ($element["options"] as $value => $label) {
$this->output->add_tag("option", $label, array("value" => $value));
}
$this->output->close_tag();
}
$this->output->close_tag();
}
$this->output->close_tag();
$this->output->close_tag();
}
private function get_menu($id, $depth = 1, $current_url = null)
{
$query = "select * from menu where parent_id=%d order by %S";
if (($menu = $this->db->execute($query, $id, "id")) === false) {
return false;
}
$result = array("id" => $id, "items" => array());
foreach ($menu as $item) {
$element = array();
if ($this->user !== null && $item["link"][0] == "/") {
if (($module = ltrim($item["link"], "/")) != "") {
if ($this->user->access_allowed($module) == false) {
continue;
}
}
}
$element["id"] = $item["id"];
if ($current_url !== null) {
$element["current"] = show_boolean($item["link"] == $current_url);
}
$element["text"] = $item["text"];
$element["link"] = $item["link"];
if ($depth > 1) {
$element["submenu"] = $this->get_menu($item["id"], $depth - 1, $current_url);
}
array_push($result["items"], $element);
}
return $result;
}
public function execute()
{
$base_dir = FILES_PATH;
if (($sub_dir = implode("/", $this->page->parameters)) != "") {
$sub_dir = "/" . $sub_dir;
}
$directory = $base_dir . $sub_dir;
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if ($_POST["submit_button"] == "Create directory") {
/* Create directory
*/
if ($this->model->directory_oke($_POST["create"], $directory) == false) {
$this->output->add_tag("create", $_POST["create"]);
} else {
if ($this->model->create_directory($_POST["create"], $directory) == false) {
$this->output->add_tag("create", $_POST["create"]);
$this->output->add_message("Error creating directory.");
}
}
} else {
if ($_POST["submit_button"] == "Upload file") {
/* Upload file
*/
if ($this->model->upload_oke($_FILES["file"], $directory)) {
if ($this->model->import_uploaded_file($_FILES["file"], $directory) == false) {
$this->output->add_message("Error while importing file.");
} else {
$this->user->log_action("file '%s' uploaded", $_FILES["file"]["name"]);
}
}
} else {
if ($_POST["submit_button"] == "delete") {
/* Delete file
*/
if ($this->model->delete_file($_POST["filename"], $directory) == false) {
$this->output->add_message("Error while deleting file.");
} else {
$this->user->log_action("file '%s' deleted", $_POST["filename"]);
}
}
}
}
}
if (($files = $this->model->directory_listing($directory)) === false) {
$this->output->add_tag("result", "Error reading directory");
} else {
$this->output->open_tag("files", array("dir" => $sub_dir));
/* One directory up
*/
$back = $this->page->parameters;
if (count($back) > 0) {
array_pop($back);
if (($back = implode("/", $back)) != "") {
$back = "/" . $back;
}
$this->output->add_tag("back", "/" . $this->page->module . $back);
}
/* Directories
*/
foreach ($files["dirs"] as $filename) {
$file = array("name" => $filename, "link" => "/" . $this->page->module . $sub_dir . "/" . $filename, "size" => $this->model->get_file_size($directory . "/" . $filename), "delete" => show_boolean($this->model->directory_empty($filename, $directory)));
$this->output->record($file, "dir");
}
/* Files
*/
foreach ($files["files"] as $filename) {
$file = array("name" => $filename, "link" => "/" . $directory . "/" . rawurlencode($filename), "size" => $this->model->get_file_size($directory . "/" . $filename), "delete" => "yes");
$this->output->record($file, "file");
}
$this->output->close_tag();
}
}
public function to_output()
{
$this->output->add_css("banshee/poll.css");
if (($poll = $this->get_active_poll()) == false) {
return false;
}
$today = strtotime("today 00:00:00");
$poll_open = $poll["end"] >= $today && $this->user_may_vote($poll["id"]);
$this->output->open_tag("active_poll", array("can_vote" => show_boolean($poll_open)));
$this->output->add_tag("question", $poll["question"]);
$this->output->add_tag("end_date", date_string("d F", $poll["end"]));
$query = "select * from poll_answers where poll_id=%d order by answer";
if (($answers = $this->db->execute($query, $poll["id"])) != false) {
if ($poll_open == false) {
$votes = 0;
foreach ($answers as $answer) {
$votes += (int) $answer["votes"];
}
}
$this->output->open_tag("answers", $poll_open ? array() : array("votes" => $votes));
$poll_id = 0;
foreach ($answers as $answer) {
if ($poll_open) {
$this->output->add_tag("answer", $answer["answer"], array("id" => $poll_id++));
} else {
unset($answer["poll_id"]);
$answer["percentage"] = $votes > 0 ? round(100 * (int) $answer["votes"] / $votes) : 0;
$this->output->record($answer, "answer");
}
}
$this->output->close_tag();
}
$this->output->close_tag();
return true;
}
$menu->set_user($_user);
}
$menu->to_output();
}
}
/* Stylesheet
*/
$_output->add_css("banshee/bootstrap.css");
$_output->add_css("banshee/bootstrap-theme.css");
$_output->add_css("banshee/layout_" . $_output->layout . ".css");
$_output->add_css($_page->module . ".css");
/* Javascripts
*/
$_output->add_javascript("jquery/jquery.js");
$_output->add_javascript("banshee/bootstrap.js");
$_output->open_tag("content", array("mobile" => show_boolean($_output->mobile)));
}
/* Include the controller
*/
if (file_exists($file = "../controllers/" . $_page->module . ".php")) {
include $file;
$controller_class = str_replace("/", "_", $_page->module) . "_controller";
if (class_exists($controller_class) == false) {
print "Controller class '" . $controller_class . "' does not exist.\n";
} else {
if (is_subclass_of($controller_class, "controller") == false) {
print "Controller class '" . $controller_class . "' does not extend 'controller'.\n";
} else {
$_controller = new $controller_class($_database, $_settings, $_user, $_page, $_output, $_language);
$method = "execute";
if (is_true(URL_PARAMETERS)) {
public function __set($key, $value)
{
if ($this->valid_key($key) == false) {
return;
}
if ($this->db === null) {
return null;
} else {
if ($this->db->connected == false) {
return null;
}
}
if ($value === null) {
$query = "delete from settings where %S=%s";
if ($this->db->query($query, "key", $key) !== false) {
unset($this->cache[$key]);
}
} else {
if (is_int($value)) {
$this->store($key, "integer", (string) $value);
} else {
if (is_float($value)) {
$this->store($key, "float", (double) $value);
} else {
if (is_bool($value)) {
$this->store($key, "boolean", show_boolean($value));
} else {
if (is_string($value)) {
$this->store($key, "string", $value);
}
}
}
}
}
}
private function show_topic($topic_id, $response = null)
{
$moderate = $this->user->access_allowed("cms/forum");
if (($topic = $this->model->get_topic($topic_id)) == false) {
$this->output->add_tag("result", "Topic not found.", $this->url);
} else {
$this->output->add_javascript("forum.js");
$this->output->title = $topic["subject"] . " - Forum";
$this->output->open_tag("topic", array("id" => $topic["id"], "forum_id" => $topic["forum_id"]));
$this->output->add_tag("subject", $topic["subject"]);
if ($this->user->logged_in) {
$last_view = $this->model->last_topic_view($topic["id"], true);
}
foreach ($topic["messages"] as $message) {
if ($this->user->logged_in) {
$message["unread"] = show_boolean($last_view < $message["timestamp"]);
}
if ($message["user_id"] == "") {
$message["author"] = $message["username"];
$message["usertype"] = "unregistered";
} else {
$message["usertype"] = "registered";
}
$message["timestamp"] = date("j F Y, H:i", $message["timestamp"]);
$message["content"] = preg_replace("/\\[(config|code|quote)\\]([\r\n]*)/", "[\$1]", $message["content"]);
$post = new message($message["content"]);
$post->unescaped_output();
$post->translate_bbcodes();
$post->translate_smilies();
$message["content"] = $post->content;
unset($post);
$this->output->record($message, "message", array("moderate" => show_boolean($moderate)));
}
if ($response != null) {
$this->output->record($response, "response");
}
$this->output->close_tag();
$this->show_smilies();
}
}
public function to_output($table, $show_hostnames = true)
{
if (is_array($_SESSION["filter"]) == false) {
$_SESSION["filter"] = array("webserver" => 0, "hostname" => 0);
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if ($_POST["submit_button"] == "filter" && $this->valid_webserver($_POST["webserver"])) {
if ($_SESSION["filter"]["webserver"] != $_POST["webserver"]) {
$_SESSION["filter"]["hostname"] = 0;
$selected_hostname = $_POST["hostname"];
} else {
$_SESSION["filter"]["hostname"] = $_POST["hostname"];
}
$_SESSION["filter"]["webserver"] = $_POST["webserver"];
}
}
$this->output->open_tag("filter");
/* Webserver filter
*/
$query = "select w.* from webservers w, webserver_user a " . "where w.id=a.webserver_id and a.user_id=%d order by name";
if (($webservers = $this->db->execute($query, $this->user->id)) !== false) {
$this->output->open_tag("webservers");
array_unshift($webservers, array("id" => 0, "name" => "All"));
foreach ($webservers as $webserver) {
$this->output->add_tag("webserver", $webserver["name"], array("id" => $webserver["id"], "selected" => show_boolean($webserver["id"] == $_SESSION["filter"]["webserver"])));
}
$this->output->close_tag();
}
/* Hostname filter
*/
if ($show_hostnames) {
if ($_SESSION["filter"]["webserver"] == 0) {
$query = "select distinct h.* from hostnames h, %S t, webserver_user a " . "where h.id=t.hostname_id and t.webserver_id=a.webserver_id " . "and a.user_id=%d and h.visible=%d order by hostname";
$args = array($table, $this->user->id, YES);
} else {
$query = "select distinct * from hostnames where visible=%d and id in " . "(select distinct hostname_id from %S where webserver_id=%d) " . "order by hostname";
$args = array(YES, $table, $_SESSION["filter"]["webserver"]);
}
if (($hostnames = $this->db->execute($query, $args)) !== false) {
$this->output->open_tag("hostnames");
array_unshift($hostnames, array("id" => 0, "hostname" => "All"));
$hostname_found = false;
foreach ($hostnames as $hostname) {
if ($selected_hostname != null) {
if ($selected_hostname == $hostname["id"]) {
$_SESSION["filter"]["hostname"] = $selected_hostname;
}
}
if ($hostname["id"] == $_SESSION["filter"]["hostname"]) {
$hostname_found = true;
}
$this->output->add_tag("hostname", $hostname["hostname"], array("id" => $hostname["id"], "selected" => show_boolean($hostname["id"] == $_SESSION["filter"]["hostname"])));
}
$this->output->close_tag();
if ($hostname_found == false) {
$_SESSION["filter"]["hostname"] = 0;
}
}
}
$this->output->close_tag();
return true;
}
public function execute()
{
if ($this->page->ajax_request) {
if ($this->page->pathinfo[1] == null) {
$this->output->add_tag("max_alert_count", count($this->alerts));
$this->output->add_tag("page_refresh", $this->settings->dashboard_page_refresh);
} else {
$this->show_alert($this->page->pathinfo[1]);
}
return;
}
if (isset($_SESSION["latest_hiawatha_version"]) == false) {
$hiawatha_website = new HTTPS("www.hiawatha-webserver.org");
if (($result = $hiawatha_website->GET("/latest")) !== false) {
$_SESSION["latest_hiawatha_version"] = $result["body"];
}
}
if (isset($_SESSION["latest_mbedtls_version"]) == false) {
$mbedtls_website = new HTTPS("tls.mbed.org");
if (($result = $mbedtls_website->GET("/download/latest-stable-version")) !== false) {
$_SESSION["latest_mbedtls_version"] = $result["body"];
}
}
/* Webserver
*/
if (($webservers = $this->model->get_webservers()) === false) {
return;
}
$webservers_offline = false;
foreach ($webservers as $webserver) {
$webserver["address"] = ($webserver["tls"] == 0 ? "http" : "https") . "://" . $webserver["ip_address"];
if ($webserver["tls"] == 0 && $webserver["port"] != 80 || $webserver["tls"] == 1 && $webserver["port"] != 443) {
$webserver["address"] .= ":" . $webserver["port"];
}
$webserver["address"] .= "/";
if ($webserver["active"]) {
if ($webserver["errors"] == 0) {
$webserver["status"] = "online";
} else {
$webserver["status"] = "offline";
$webservers_offline = true;
}
}
$webserver["tls"] = show_boolean($webserver["tls"]);
$webserver["active"] = show_boolean($webserver["active"]);
if ($webserver["version"] != "") {
$parts = explode(",", $webserver["version"]);
list(, $version) = explode("v", $parts[0], 2);
$comparison = version_compare($version, $_SESSION["latest_hiawatha_version"], ">=");
$webserver["uptodate"] = show_boolean($comparison);
foreach ($parts as $part) {
if (in_array(substr(ltrim($part), 0, 3), array("TLS", "SSL"))) {
$version = trim(substr($part, 4), " ()");
if (version_compare($version, $_SESSION["latest_mbedtls_version"], "<")) {
$webserver["uptodate"] .= " (mbed TLS out of date)";
}
}
}
}
$this->output->record($webserver, "webserver");
}
if ($webservers_offline) {
$this->output->add_system_message("Warning, one or more webservers are unavailable!");
}
/* Alerts
*/
$this->output->add_javascript("jquery/jquery-ui.js");
$this->output->add_javascript("dashboard.js");
$this->output->add_css("jquery/jquery-ui.css");
$this->output->add_tag("threshold_change", $this->settings->dashboard_threshold_change);
$this->output->add_tag("threshold_value", $this->settings->dashboard_threshold_value);
$this->output->add_tag("page_refresh", $this->settings->dashboard_page_refresh);
}
