function testSlash()
 {
     $this->assertEquals('foobar/', slash('foobar/'));
     $this->assertEquals('/foobar/', slash('/foobar/'));
     $this->assertEquals('/foobar/', slash('/foobar'));
     $this->assertEquals('/foobar/', slash('/foobar///'));
 }
 function testSlash()
 {
     $this->equals(slash('foobar/'), 'foobar/');
     $this->equals(slash('/foobar/'), '/foobar/');
     $this->equals(slash('/foobar'), '/foobar/');
     $this->equals(slash('/foobar///'), '/foobar/');
 }
function getDir($path, $filter, $recursive, &$result, $ignore)
{
    foreach (glob($path . '/*', GLOB_ONLYDIR) as $dir) {
        if ($dir == '.' | $dir == '..' | ignored($dir, $ignore)) {
            continue;
        }
        foreach (glob($dir . '/' . $filter) as $file) {
            if (ignored($file, $ignore)) {
                continue;
            }
            $f[] = slash(str_replace($_SERVER['DOCUMENT_ROOT'], '/', $file), false);
        }
        if (count($f) > 0) {
            $result[] = array('DIR' => slash(str_replace($_SERVER['DOCUMENT_ROOT'], '/', $dir)), 'FILES' => $f);
        }
        if ($recursive) {
            if (getDir($dir, $filter, $recursive, $result, $ignore) === false) {
                return false;
            }
        }
    }
    return true;
}
                return true;
            }
	    };

	    <?php 
}
$res = mysql_query("select usr.ugr_ID, usr.ugr_Name, concat(usr.ugr_FirstName, ' ', usr.ugr_LastName) as fullname\n\t\tfrom " . USERS_DATABASE . ".sysUGrps usr\n\t\twhere usr.ugr_Enabled='y' and usr.ugr_FirstName is not null and usr.ugr_LastName is not null and !usr.ugr_IsModelUser\n\torder by fullname");
print "    top.HEURIST.allUsers = {\n";
$first = true;
while ($row = mysql_fetch_row($res)) {
    if (!$first) {
        print ",";
    }
    print "\n";
    $first = false;
    print "\t\"" . $row[0] . "\":\t[ \"" . slash($row[1]) . "\", \"" . slash($row[2]) . "\" ]";
}
print "    };\n";
?>

    top.HEURIST.is_registration_allowed = <?php 
echo defined('HEURIST_ALLOW_REGISTRATION') && HEURIST_ALLOW_REGISTRATION ? "true" : "false";
?>
;
    top.HEURIST.is_logged_in = function() {
        return <?php 
echo intval(is_logged_in());
?>
 > 0;
    };
    top.HEURIST.get_user_id = function() { return <?php 
        ?>
,
     email: "<?php 
        echo slash($rem["rem_ToEmail"]);
        ?>
",
     message: "<?php 
        echo slash($rem["rem_Message"]);
        ?>
",
     when: "<?php 
        echo slash($rem["rem_StartDate"]);
        ?>
",
     frequency: "<?php 
        echo slash($rem["rem_Freq"]);
        ?>
"
  }
})
<?php 
    }
} else {
    if ($rec_id && $rem_id && $_POST["save-mode"] == "delete") {
        $res = mysql_query("delete from usrReminders where rem_ID={$rem_id} and rem_RecID={$rec_id} and rem_OwnerUGrpID=" . get_user_id());
        if (!mysql_error()) {
            print "1";
        } else {
            print "({ error: \"Internal database error - " . mysql_error() . "\" })";
        }
    }
/**
 * Main method that parses POST and update details for given record ID
 *
 * @param int $recID
 */
function updateRecord($recID, $rtyID = null)
{
    // Update the given record.
    // This is non-trivial: so that the versioning stuff (achive_*) works properly
    // we need to separate this into updates, inserts and deletes.
    // We get the currect record details and compare them against the post
    // if the details id is in the post[dtyID][dtlID] then compare the values
    $recID = intval($recID);
    // Check that the user has permissions to edit it.
    $res = mysql_query("select * from Records" . " left join sysUsrGrpLinks on ugl_GroupID=rec_OwnerUGrpID" . " left join defRecTypes on rty_ID=rec_RecTypeID" . " where rec_ID={$recID} and (! rec_OwnerUGrpID or rec_OwnerUGrpID=" . get_user_id() . " or ugl_UserID=" . get_user_id() . ")");
    if (mysql_num_rows($res) == 0) {
        $res = mysql_query("select grp.ugr_Name from Records, " . USERS_DATABASE . ".sysUGrps grp where rec_ID={$recID} and grp.ugr_ID=rec_OwnerUGrpID");
        $grpName = mysql_fetch_row($res);
        $grpName = $grpName[0];
        print '({ error: "\\nSorry - you can\'t edit this record.\\nYou aren\'t in the ' . slash($grpName) . ' workgroup" })';
        return;
    }
    $record = mysql_fetch_assoc($res);
    /*****DEBUG****/
    error_log("save record dtls POST " . print_r($_POST, true));
    // Upload any files submitted ... (doesn't have to take place right now, but may as well)
    uploadFiles();
    //Artem: it does not work here - since we uploaded files at once
    // Get the existing records details and compare them to the incoming data
    $recDetails = getRecordDetails($recID);
    // find UPDATES - everything that is in current record and has a post value is treated as an update
    $recDetailUpdates = array();
    /*****DEBUG****/
    //error_log("save record dtls ".print_r($recDetails,true));
    foreach ($recDetails as $dtyID => $dtlIDs) {
        $eltName = "type:" . $dtyID;
        if (!(@$_POST[$eltName] && is_array($_POST[$eltName]))) {
            // element wasn't in POST: ignore it -this could be a non-rectype detail
            unset($recDetails[$dtyID]);
            // remove from details so it's not deleted
            continue;
        }
        if (count($_POST[$eltName]) == 0) {
            // element was in POST but without content: values have been deleted client-side (need to be deleted in DB so leave POST)
            continue;
        }
        $bdInputHandler = getInputHandlerForType($dtyID);
        //returns the particular handler (processor) for given field type
        foreach ($dtlIDs as $dtlID => $val) {
            /*****DEBUG****/
            //error_log(" in saveRecord details loop  $dtyID,  $dtlID, ".print_r($val,true));
            $eltID = "bd:" . $dtlID;
            $val = @$_POST[$eltName][$eltID];
            if (!$bdInputHandler->inputOK($val, $dtyID, $rtyID)) {
                /*****DEBUG****/
                //error_log(" in saveRecord update details value check error  $dtyID,  $dtlID, ".print_r($val,true));
                continue;
                // faulty input ... ignore
            }
            $toadd = $bdInputHandler->convertPostToMysql($val);
            /*****DEBUG****/
            //error_log(" in saveRecord update details value converted from $val to $toadd");
            if ($toadd == null) {
                continue;
            }
            $recDetailUpdates[$dtlID] = $toadd;
            $recDetailUpdates[$dtlID]["dtl_DetailTypeID"] = $dtyID;
            /*
            @TODO Since this function is utilized in (email)import we need to add verification of values according to detail type
            at the first for terms (enumeration field type)
            */
            unset($_POST[$eltName][$eltID]);
            // remove data from post submission
            if (count($_POST[$eltName]) == 0) {
                // if nothing left in post dtyID then remove it also
                unset($_POST[$eltName]);
            }
            unset($recDetails[$dtyID][$dtlID]);
            // remove data from local reflection of the database
        }
    }
    /*****DEBUG****/
    //error_log("save record dtls POST after updates removed ".print_r($_POST,true));
    /*****DEBUG****/
    //error_log("save record dtls after updates removed ".print_r($recDetails,true));
    // find DELETES
    // Anything left in recDetails now represents recDetails rows that need to be deleted
    $bibDetailDeletes = array();
    foreach ($recDetails as $dtyID => $dtlIDs) {
        foreach ($dtlIDs as $dtlID => $val) {
            array_push($bibDetailDeletes, $dtlID);
        }
    }
    // find INSERTS
    // Try to insert anything left in POST as new recDetails rows
    $bibDetailInserts = array();
    /*****DEBUG****/
    error_log(" in saveRecord checking for inserts  _POST =" . print_r($_POST, true));
    foreach ($_POST as $eltName => $bds) {
        // if not properly formatted or empty or an empty array then skip it
        if (!preg_match("/^type:\\d+\$/", $eltName) || !$_POST[$eltName] || count($_POST[$eltName]) == 0) {
            continue;
        }
        $dtyID = substr($eltName, 5);
        $bdInputHandler = getInputHandlerForType($dtyID);
        foreach ($bds as $eltID => $val) {
            if (!$bdInputHandler->inputOK($val, $dtyID, $rtyID)) {
                /*****DEBUG****/
                //error_log(" in saveRecord insert details value check error for $eltName,  $eltID, ".print_r($val,true));
                continue;
                // faulty input ... ignore
            }
            $newBibDetail = $bdInputHandler->convertPostToMysql($val);
            $newBibDetail["dtl_DetailTypeID"] = $dtyID;
            $newBibDetail["dtl_RecID"] = $recID;
            /*****DEBUG****/
            //error_log("new detail ".print_r($newBibDetail,true));
            array_push($bibDetailInserts, $newBibDetail);
            unset($_POST[$eltName][$eltID]);
            // remove data from post submission
        }
    }
    // Anything left in POST now is stuff that we have no intention of inserting ... ignore it
    // We now have:
    //  - $recDetailUpdates: an assoc. array of dtl_ID => column values to be updated in recDetails
    //  - $bibDetailInserts: an array of column values to be inserted into recDetails
    //  - $bibDetailDeletes: an array of dtl_ID values corresponding to rows to be deleted from recDetails
    // Commence versioning ...
    mysql_query("start transaction");
    $recUpdates = array("rec_Modified" => array("now()"), "rec_FlagTemporary" => 0);
    $recUpdates["rec_ScratchPad"] = $_POST["notes"];
    if (intval(@$_POST["rectype"])) {
        $recUpdates["rec_RecTypeID"] = intval($_POST["rectype"]);
    }
    if (array_key_exists("rec_url", $_POST)) {
        $recUpdates["rec_URL"] = $_POST["rec_url"];
    }
    $owner = $record['rec_OwnerUGrpID'];
    if (is_admin() || is_admin('group', $owner) || $owner == get_user_id()) {
        // must be grpAdmin or record owner to changes ownership or visibility
        if (array_key_exists("rec_owner", $_POST)) {
            $recUpdates["rec_OwnerUGrpID"] = $_POST["rec_owner"];
        }
        if (array_key_exists("rec_visibility", $_POST)) {
            $recUpdates["rec_NonOwnerVisibility"] = $_POST["rec_visibility"];
        } else {
            if ($record['rec_NonOwnerVisibility'] == 'public' && HEURIST_PUBLIC_TO_PENDING) {
                $recUpdates["rec_NonOwnerVisibility"] = 'pending';
            }
        }
    }
    /*****DEBUG****/
    error_log(" in saveRecord update recUpdates = " . print_r($recUpdates, true));
    mysql__update("Records", "rec_ID={$recID}", $recUpdates);
    $biblioUpdated = mysql_affected_rows() > 0 ? true : false;
    if (mysql_error()) {
        error_log("error rec update" . mysql_error());
    }
    $updatedRowCount = 0;
    foreach ($recDetailUpdates as $bdID => $vals) {
        /*****DEBUG****/
        error_log(" in saveRecord update details dtl_ID = {$bdID} value =" . print_r($vals, true));
        mysql__update("recDetails", "dtl_ID={$bdID} and dtl_RecID={$recID}", $vals);
        if (mysql_affected_rows() > 0) {
            ++$updatedRowCount;
        }
    }
    if (mysql_error()) {
        error_log("error detail updates" . mysql_error());
    }
    $insertedRowCount = 0;
    foreach ($bibDetailInserts as $vals) {
        /*****DEBUG****/
        error_log(" in saveRecord insert details detail =" . print_r($vals, true));
        mysql__insert("recDetails", $vals);
        if (mysql_affected_rows() > 0) {
            ++$insertedRowCount;
        }
    }
    if (mysql_error()) {
        error_log("error detail inserts" . mysql_error());
    }
    $deletedRowCount = 0;
    if ($bibDetailDeletes) {
        /*****DEBUG****/
        error_log(" in saveRecord delete details " . print_r($bibDetailDeletes, true));
        mysql_query("delete from recDetails where dtl_ID in (" . join($bibDetailDeletes, ",") . ") and dtl_RecID={$recID}");
        if (mysql_affected_rows() > 0) {
            $deletedRowCount = mysql_affected_rows();
        }
    }
    if (mysql_error()) {
        error_log("error detail deletes" . mysql_error());
    }
    // eliminate any duplicated lines
    $notesIn = explode("\n", str_replace("\r", "", $_POST["notes"]));
    $notesOut = "";
    $notesMap = array();
    for ($i = 0; $i < count($notesIn); ++$i) {
        if (!@$notesMap[$notesIn[$i]] || !$notesIn[$i]) {
            // preserve blank lines
            $notesOut .= $notesIn[$i] . "\n";
            $notesMap[$notesIn[$i]] = true;
        }
    }
    $_POST["notes"] = preg_replace("/\n\n+/", "\n", $notesOut);
    if ($updatedRowCount > 0 || $insertedRowCount > 0 || $deletedRowCount > 0 || $biblioUpdated) {
        /* something changed: update the records title and commit all changes */
        $title_check = check_title_mask2($record["rty_TitleMask"], $record["rec_RecTypeID"], true);
        if ($title_check != '') {
            $new_title = "Please go to Designer View > Essentials > Record types/fields and edit the title mask for this record type";
        } else {
            $new_title = fill_title_mask($record["rty_TitleMask"], $record["rec_ID"], $record["rec_RecTypeID"]);
        }
        mysql_query("update Records\n                set rec_Title = '" . addslashes($new_title) . "'\n                where rec_ID = {$recID}");
        mysql_query("commit");
        // Update memcached's copy of record (if it is cached)
        updateCachedRecord($recID);
        return true;
    } else {
        /* nothing changed: rollback the transaction so we don't get false versioning */
        mysql_query("rollback");
        return false;
    }
}
 public static function city_list($wanted_region = null, $lang = 'en', $select = false)
 {
     if ($lang == 'en') {
         $lang_index = 0;
     }
     if ($lang == 'ar') {
         $lang_index = 1;
     }
     require "lists/lists_cities.php";
     $regions = $cities;
     $i = 0;
     $res = [];
     foreach ($regions as $region) {
         $region_name = $region[0][$lang_index];
         // if($lang_index==1) $region_name .= ' / '.$region[0][0];
         foreach ($region[1] as $city) {
             if ($select) {
                 $cities_array[strtolower(slash($city[0]))] = strtolower($city[$lang_index]);
             } else {
                 $cities_array[] = $city[$lang_index];
             }
         }
         // if($i==2) dd($cities_array);
         if (empty($cities_array)) {
             $cities_array = array();
         }
         $res['region'][strtolower(slash($region[0][0]))] = $region_name;
         $res['city'][strtolower(slash($region[0][0]))] = $cities_array;
         $cities_array = array();
         $i++;
     }
     if ($wanted_region != null) {
         return $res[$wanted_region];
     }
     return $res;
 }
    }
    mysql__update("usrBookmarks", "bkm_ID={$bkm_ID} and bkm_UGrpID={$usrID}", $updates);
    $res = mysql_query("select " . join(", ", array_keys($updates)) . " from usrBookmarks where bkm_ID={$bkm_ID} and bkm_UGrpID={$usrID}");
    if (mysql_num_rows($res) == 1) {
        $dbVals = mysql_fetch_assoc($res);
        $hVals = array();
        foreach ($dbVals as $colName => $val) {
            $hVals[$updatable[$colName][1]] = $val;
        }
        if ($tagString !== NULL) {
            $hVals["tagString"] = $tagString;
        }
        print "(" . json_format($hVals) . ")";
    } else {
        if ($tagString !== NULL) {
            print "({tagString: \"" . slash($tagString) . "\"})";
        }
    }
}
function doTagInsertion($bkm_ID)
{
    global $usrID;
    //translate bmkID to record IT
    $res = mysql_query("select bkm_recID from usrBookmarks where bkm_ID={$bkm_ID}");
    $rec_id = mysql_fetch_row($res);
    $rec_id = $rec_id[0] ? $rec_id[0] : null;
    if (!$rec_id) {
        return "";
    }
    $tags = mysql__select_array("usrRecTagLinks, usrTags", "tag_Text", "rtl_RecID={$rec_id} and tag_ID=rtl_TagID and tag_UGrpID={$usrID} order by rtl_Order, rtl_ID");
    $tagString = join(",", $tags);
    if ($bibID && $bdtID) {
        mysql_query("update Records set rec_Modified=now() where rec_ID={$bibID}");
        mysql_query("insert into recDetails (dtl_RecID, dtl_DetailTypeID, dtl_UploadedFileID) values ({$bibID}, {$bdtID}, {$fileID})");
    }
    $file = get_uploaded_file_info($fileID, false, false);
    print json_format($file);
    /*({ file: {	// saw TODO:  update this to include url or nonce and thumbURL
    	id: "<?= $file["ulf_ID"] ?>",
    	origName: "<?= slash($file["ulf_OrigFileName"]) ?>",
    	date: "<?= slash($file["ulf_Added"]) ?>",
    	mimeType: "<?= slash($file["ulf_MimeExt"]) ?>",
    	nonce: "<?= slash($file["ulf_ObfuscatedFileID"]) ?>",
    	fileSize: "<?= slash($file["ulf_FileSizeKB"]) ?>",
    	description: "<?= slash($file["ulf_Description"]) ?>"
    } })*/
} else {
    if ($fileID) {
        print "({ file: { origName: \"" . slash($_FILES["file"]["name"]) . "\" }, error: {$fileID} })";
    } else {
        if ($_FILES["file"]["error"]) {
            print "({ file: { origName: \"" . slash($_FILES["file"]["name"]) . "\" }, error: \"Uploaded file was too large\" })";
        } else {
            print "({ file: { origName: \"" . slash($_FILES["file"]["name"]) . "\" }, error: \"File upload was interrupted\" })";
        }
    }
}
?>
</script>
</head>
<body onload="fireParentSubmitFunction()"></body>
</html>
/**
* change php object in to it's json description as a string
* @param    mixed [$obj] variable to convert to JSON
* @param    boolean [$purdy] whether to out put in pretty format (use newlines)
* @return   string JSON formatted description of the supplied variable/object
*/
function json_format($obj, $purdy = false)
{
    // Return the data from $obj as a JSON format string
    if (!is_array($obj) && !is_object($obj)) {
        // Primitive scalar types
        if ($obj === null) {
            return "null";
        } else {
            if (is_bool($obj)) {
                return $obj ? "true" : "false";
            } else {
                if (is_integer($obj)) {
                    return $obj;
                } else {
                    if (is_float($obj)) {
                        return $obj;
                    } else {
                        return '"' . slash($obj) . '"';
                    }
                }
            }
        }
    }
    // is it an array or an object?
    if (count($obj) == 0) {
        return "[]";
    } else {
        if (isZeroBasedOrderedArray($obj)) {
            // Has a "0" element ... we'll call it an array
            $json = "";
            foreach ($obj as $val) {
                if ($json) {
                    $json .= ",";
                    if ($purdy) {
                        $json .= "\n";
                    }
                }
                $json .= json_format($val);
            }
            return "[" . $json . "]";
        } else {
            // Do object output
            $json = "";
            foreach ($obj as $key => $val) {
                if ($json) {
                    $json .= ",";
                    if ($purdy) {
                        $json .= "\n";
                    }
                }
                if (preg_match('/^\\d+$/', $key)) {
                    $json .= "\"" . $key . "\"" . ":" . json_format($val);
                } else {
                    $json .= "\"" . slash($key) . "\":" . json_format($val);
                }
            }
            return "{" . $json . "}";
        }
    }
}
 public function movies_info()
 {
     if (\Cache::has('genres_actors')) {
         $data = \Cache::get('genres_actors');
     } else {
         $obj = new \movies_model();
         $players_json_array = $obj->where('id', '>', 0)->lists('players');
         $actors = [];
         foreach ($players_json_array as $p) {
             $out = json_decode($p);
             if (isset($out->actors) && $out->actors) {
                 $actors = array_unique(array_merge($out->actors, $actors));
             }
             if (isset($out->actor) && $out->actor) {
                 $actors = array_unique(array_merge($out->actor, $actors));
             }
         }
         $franch = $obj->where('franchises', '!=', '')->orderBy("year", "asc")->get(['franchises', 'link_id']);
         $final = [];
         foreach ($franch as $f) {
             $final[slash($f->franchises)][] = ["franch" => $f->franchises, "id" => $f->link_id];
         }
         $franch = [$final];
         sort($franch);
         sort($actors);
         $data['actors'] = $actors;
         $genres = \movies_model::lists('genre')->unique()->sort();
         $data['genres'] = $genres;
         $data['franch'] = $franch;
         \Cache::add('genres_actors', $data, 4320);
     }
     return $data;
 }
Exemple #12
0
    $Error->blank($_POST['human_version'], 'Human Readable Version Number');
    $Error->upload($_FILES['file'], 'file');
    if ($Error->ok()) {
        $v = new Version();
        $v->app_id = $app->id;
        $v->version_number = $_POST['version_number'];
        $v->human_version = $_POST['human_version'];
        $v->release_notes = $_POST['release_notes'];
        $v->dt = dater();
        $v->downloads = 0;
        $v->filesize = filesize($_FILES['file']['tmp_name']);
        $v->signature = sign_file($_FILES['file']['tmp_name'], $app->sparkle_pkey);
        $object = strtolower(preg_replace('/[^a-zA-Z0-9]/', '', $app->name)) . "_" . $v->version_number . "." . substr($_FILES['file']['name'], -3);
        $v->url = slash($app->s3path) . $object;
        $info = parse_url($app->s3path);
        $object = ltrim(slash($info['path']) . $object, '/');
        chmod($_FILES['file']['tmp_name'], 0755);
        $s3 = new S3($app->s3key, $app->s3pkey);
        $s3->uploadFile($app->s3bucket, $object, $_FILES['file']['tmp_name'], true);
        $v->insert();
        redirect('versions.php?id=' . $app->id);
    } else {
        $version_number = $_POST['version_number'];
        $human_version = $_POST['human_version'];
        $release_notes = $_POST['release_notes'];
    }
} else {
    $version_number = '';
    $human_version = '';
    $release_notes = '';
}
        $updates["cmt_Deleted"] = true;
    }
    mysql__update("recThreadedComments", "cmt_ID={$cmt_id} and cmt_OwnerUgrpID=" . get_user_id(), $updates);
    if (mysql_error()) {
        $error = mysql_error();
    }
    $res = mysql_query("select * from recThreadedComments left join " . USERS_DATABASE . ".sysUGrps usr on cmt_OwnerUgrpID=usr.ugr_ID where cmt_ID={$cmt_id} and ! cmt_Deleted");
    $cmt = mysql_fetch_assoc($res);
} else {
    if ($rec_id) {
        // ADD NEW COMMENT TO RECORD
        $inserts = array("cmt_Text" => $_POST["text"], "cmt_Added" => array("now()"), "cmt_OwnerUgrpID" => get_user_id(), "cmt_RecID" => $rec_id);
        if ($owner) {
            $inserts["cmt_ParentCmtID"] = $owner;
        }
        mysql__insert("recThreadedComments", $inserts);
        if (mysql_error()) {
            $error = mysql_error();
        }
        $query = "select * from recThreadedComments left join " . USERS_DATABASE . ".sysUGrps usr on cmt_OwnerUgrpID=usr.ugr_ID where cmt_ID=" . mysql_insert_id();
        $res = mysql_query($query);
        $cmt = mysql_fetch_assoc($res);
    }
}
if (@$error) {
    print "({ error: \"" . slash($error) . "\" })";
} else {
    if (@$cmt) {
        print "({ comment: " . json_format(array("id" => $cmt["cmt_ID"], "text" => $cmt["cmt_Text"], "owner" => $cmt["cmt_ParentCmtID"], "user" => $cmt["ugr_FirstName"] . ' ' . $cmt["ugr_LastName"], "userID" => $cmt["cmt_OwnerUgrpID"], "deleted" => false)) . " })";
    }
}
}
$colNames = array("rec_ID", "rec_Title", "rec_URL", "rec_RecTypeID");
$query = REQUEST_to_query("select " . join(", ", $colNames) . " ", BOTH);
if (@$_REQUEST["r"] == "recent") {
    $query = preg_replace("/\\swhere\\s/", " where (TOPBIBLIO.rec_RecTypeID!=1) AND " . "(TOPBIBLIO.rec_ID in (select distinct rre_RecID from usrRecentRecords where rre_UGrpID = " . get_user_id() . ")) and ", $query);
    // saw CHECK ME: this code assumes order by is last clause of query
    $query = preg_replace("/(.*)\\sorder by.*/", "\$1 order by TOPBIBLIO.rec_Modified desc", $query);
} else {
    $query = preg_replace("/\\swhere\\s/", " where (TOPBIBLIO.rec_RecTypeID!=1) AND ", $query);
}
$query .= " limit {$limit}";
header("Content-type: text/javascript");
?>
({
	"searchID": "<?php 
echo slash($searchID);
?>
",
	"colNames": [ "<?php 
echo join("\", \"", $colNames);
?>
" ],

	"records": [
<?php 
$res = mysql_query($query);
$first = true;
while ($row = mysql_fetch_row($res)) {
    if (!$first) {
        print ",\n";
    }
$res = mysql_query("select * from Records where rec_ID = {$rec_id}");
$bib = mysql_fetch_assoc($res);
if (!$bib) {
    print "{ error: \"invalid record ID - {$rec_id}\" }";
    return;
}
/* check workgroup permissions */
if (array_key_exists("rec_OwnerUGrpID", $bib) && $bib["rec_OwnerUGrpID"] != $usrID && $bib["rec_OwnerUGrpID"] != 0 && $bib["rec_NonOwnerVisibility"] == "hidden") {
    /*****DEBUG****/
    //	error_log("select ugl_GroupID from ".USERS_DATABASE.".sysUsrGrpLinks where ugl_UserID=$usrID and ugl_GroupID=" . intval($bib["rec_OwnerUGrpID"]));
    $res = mysql_query("select ugl_GroupID from " . USERS_DATABASE . ".sysUsrGrpLinks " . "where ugl_UserID={$usrID} and ugl_GroupID=" . intval($bib["rec_OwnerUGrpID"]));
    if (!mysql_num_rows($res)) {
        $res = mysql_query("select grp.ugr_Name from " . USERS_DATABASE . ".sysUGrps grp where grp.ugr_ID=" . $bib["rec_OwnerUGrpID"]);
        $grp_name = mysql_fetch_row($res);
        $grp_name = $grp_name[0];
        print "{ error: \"record is restricted to workgroup " . slash($grp_name) . "\" }";
        return;
    }
}
/* check -- maybe the user has this bookmarked already ..? */
$res = mysql_query("select * from usrBookmarks where bkm_recID={$rec_id} and bkm_UGrpID={$usrID}");
if (mysql_num_rows($res) == 0) {
    /* full steam ahead */
    mysql_query("insert into usrBookmarks (bkm_recID, bkm_UGrpID, bkm_Added, bkm_Modified) values (" . $rec_id . ", {$usrID}, now(), now())");
    $res = mysql_query("select * from usrBookmarks where bkm_ID=last_insert_id()");
    if (mysql_num_rows($res) == 0) {
        print "{ error: \"internal database error while adding bookmark\" }";
        return;
    }
    $bkmk = mysql_fetch_assoc($res);
    $tagString = "";
 function arr_to_str($array, $delemeter = "/", $func = null)
 {
     if (!is_array($array)) {
         die('<h1>arr_to_str() says: it isn\'s an array...</h1>');
     }
     // $str = implode($delemeter,$array);
     $new = [];
     foreach ($array as $key => $val) {
         if ($func == 'slash') {
             $new[$key] = slash($val);
         } elseif ($func == 'unslash') {
             $new[$key] = u(unslash($val));
         } else {
             $new[$key] = $val;
         }
     }
     $str = implode($delemeter, $new);
     return $str;
 }
    print '({ "error": "User unauthorised to fetch workgroup data for workgroup ' . $wg_id . '" })';
    return;
}
?>

{
	"members": [<?php 
$res = mysql_query("select usr.ugr_ID, concat(usr.ugr_FirstName,' ',usr.ugr_LastName) as name, usr.ugr_eMail\n\t\t\t\t\t  from " . USERS_DATABASE . ".sysUsrGrpLinks\n\t\t\t\t left join " . USERS_DATABASE . ".sysUGrps usr on usr.ugr_ID = ugl_UserID\n\t\t\t\t\t where usr.ugl_GroupID = " . $wg_id . "\n\t\t\t\t\t   and usr.ugr_Enabled = 'y'\n\t\t\t\t  order by usr.ugr_LastName");
$first = true;
while ($row = mysql_fetch_row($res)) {
    if (!$first) {
        print ",";
    }
    print "\n";
    $first = false;
    print "\t\t{ \"id\": " . slash($row[0]) . ", \"name\": \"" . slash($row[1]) . "\", \"email\": \"" . slash($row[2]) . "\" }";
}
?>

	],

	"savedSearches": [ <?php 
$res = mysql_query("select svs_Name, ss_url, ss_url not like '%w=bookmark%' as w_all\n\t\t\t\t\t  from usrSavedSearches\n\t\t\t\t\t where svs_UGrpID=" . $wg_id . "\n\t\t\t\t  order by svs_Name");
$first = true;
while ($row = mysql_fetch_assoc($res)) {
    if (!$first) {
        print ",";
    }
    print "\n";
    $first = false;
    print "\t\t[ \"" . addslashes($row['svs_Name']) . "\", \"" . addslashes($row['ss_url']) . "\", 0, " . intval($row['w_all']) . " ]";
function saveRelationship($recID, $relTermID, $trgRecID, $interpRecID, $title, $notes, $start_date, $end_date)
{
    $relval = mysql_fetch_assoc(mysql_query("select trm_Label from defTerms where trm_ID = {$relTermID}"));
    $relval = $relval['trm_Label'];
    $srcTitle = mysql_fetch_assoc(mysql_query("select rec_Title from Records where rec_ID = {$recID}"));
    $srcTitle = $srcTitle['rec_Title'];
    $trgTitle = mysql_fetch_assoc(mysql_query("select rec_Title from Records where rec_ID = {$trgRecID}"));
    $trgTitle = $trgTitle['rec_Title'];
    mysql__insert("Records", array("rec_Title" => "{$title} ({$srcTitle} {$relval} {$trgTitle})", "rec_Added" => date('Y-m-d H:i:s'), "rec_Modified" => date('Y-m-d H:i:s'), "rec_RecTypeID" => RT_RELATION, 'rec_OwnerUGrpID' => intval(@$_REQUEST['rec_owner']) ? intval($_REQUEST['rec_owner']) : (@$userDefaultOwnerGroupID ? $userDefaultOwnerGroupID : (defined('HEURIST_NEWREC_OWNER_ID') ? HEURIST_NEWREC_OWNER_ID : get_user_id())), "rec_AddedByUGrpID" => get_user_id()));
    if (mysql_error()) {
        return array("error" => slash(mysql_error()));
    }
    $relnRecID = mysql_insert_id();
    $res = null;
    if ($relnRecID > 0 && defined('DT_NAME') && defined('DT_RELATION_TYPE') && defined('DT_TARGET_RESOURCE') && defined('DT_PRIMARY_RESOURCE')) {
        $query = "insert into recDetails (dtl_RecID, dtl_DetailTypeID, dtl_Value) values ";
        $query .= "({$relnRecID}, " . DT_NAME . ", '" . mysql_real_escape_string($title) . "')";
        $query .= ", ({$relnRecID}, " . DT_PRIMARY_RESOURCE . ", {$recID})";
        $query .= ", ({$relnRecID}, " . DT_TARGET_RESOURCE . ", {$trgRecID})";
        $query .= ", ({$relnRecID}, " . DT_RELATION_TYPE . ", {$relTermID})";
        if ($interpRecID && defined('DT_INTERPRETATION_REFERENCE')) {
            $query .= ", ({$relnRecID}, " . DT_INTERPRETATION_REFERENCE . ", {$interpRecID})";
        }
        if ($notes && defined('DT_SHORT_SUMMARY')) {
            $query .= ", ({$relnRecID}, " . DT_SHORT_SUMMARY . ", '" . mysql_real_escape_string($notes) . "')";
        }
        if ($start_date && defined('DT_START_DATE')) {
            $query .= ", ({$relnRecID}, " . DT_START_DATE . ", '" . mysql_real_escape_string($start_date) . "')";
        }
        if ($end_date && defined('DT_END_DATE')) {
            $query .= ", ({$relnRecID}, " . DT_END_DATE . ", '" . mysql_real_escape_string($end_date) . "')";
        }
        $res = mysql_query($query);
    }
    if (mysql_error()) {
        return array("error" => slash(mysql_error()));
    } else {
        //		$related = getAllRelatedRecords($recID, $relnRecID);
        $related = getAllRelatedRecords($recID);
        return array("relationship" => $related, "relnRecID" => $relnRecID);
    }
}
Exemple #19
0
     $data = get_data_from_url($v->url);
     if (!$data) {
         die("The file at <a href='{$v->url}'>{$v->url}</a> does not exist or is empty!");
     }
     file_put_contents($tmpfile, $data);
 } else {
     $tmpfile = $_FILES['file']['tmp_name'];
 }
 $v->filesize = filesize($tmpfile);
 $v->signature = sign_file($tmpfile, $app->sparkle_pkey);
 if (!$v->url) {
     $object = strtolower(preg_replace('/[^a-zA-Z0-9]/', '', $app->name)) . "_" . $v->version_number . "." . substr($_FILES['file']['name'], -3);
     if ($app->s3bucket && $app->s3path) {
         $v->url = slash($app->s3path) . $object;
         $info = parse_url($app->s3path);
         $object = slash($info['path']) . $object;
         chmod($tmpfile, 0755);
         $s3 = new S3($app->s3key, $app->s3pkey);
         $s3->putObject($app->s3bucket, $object, $tmpfile, true);
     } else {
         die("Configure your Amazon S3 account or modify version-new.php file.");
         /*
         $v->url = '/Users/dirk/work/wordpress/shine/' . $object;
         copy($_FILES['file']['tmp_name'], '/Users/dirk/work/wordpress/shine/' . $object);
         */
     }
 } else {
     // Cleanup download
     unlink($tmpfile);
 }
 $v->insert();
Exemple #20
0
$link_actual = "http://" . $HTTP_HOST . $REQUEST_URI;
/* nombre puesto al backdoor ej: backdoor.php, ingresar solo backdoor */
$uri = $REQUEST_URI;
/*Funcion para quitar slash*/
function slash($valor)
{
    $nopermitido = array("/");
    $valor = str_replace($nopermitido, "", $valor);
    return $valor;
}
/*Armamos el link*/
if (strpos($uri, "?")) {
    $last_uri = explode("?", $uri);
    $nombre_backdoor = slash($last_uri[0]);
} else {
    $nombre_backdoor = slash($uri);
}
session_start();
if (!isset($_SESSION['user'])) {
    /*
     * Verificamos que se haya enviado el formulario de login
     * y comprobamos los datos
     */
    if (isset($_POST['cerrojo'])) {
        if ($_POST['key'] == $pass and $_POST['cerrojo'] == $user) {
            session_start();
            $_SESSION['user'] = $user;
            header("Location:{$link_actual}");
        } else {
            if (empty($_POST['key']) or empty($_POST['cerrojo'])) {
                echo "<script>alert('Ingresa tus datos')</script>";
Exemple #21
0
    echo $app->name;
    ?>
 <?php 
    echo $v->human_version;
    ?>
</title>
			<description><![CDATA[ <?php 
    echo $v->release_notes;
    ?>
 ]]></description>
			<pubDate><?php 
    echo dater($v->dt, 'D, d M Y H:i:s O');
    ?>
</pubDate>
			<enclosure url="<?php 
    echo "http://" . $_SERVER['HTTP_HOST'] . slash(WEB_ROOT) . "update.php?id={$v->id}";
    ?>
" sparkle:shortVersionString="<?php 
    echo $v->human_version;
    ?>
" sparkle:version="<?php 
    echo $v->version_number;
    ?>
" length="<?php 
    echo $v->filesize;
    ?>
" type="application/octet-stream" sparkle:dsaSignature="<?php 
    echo $v->signature;
    ?>
" />
		</item>
Exemple #22
0
/**
 * 写一个 PHP 缓存文件;
 * @param string $dir	目录路径;
 * @param string $cachename	文件名;
 * @param array $data	数据;
 * @param string $prefix	文件名前缀;
 */
function write_cache_file($dir, $cachename, $data = array(), $prefix = 'cache_')
{
    if (!empty($data) && is_array($data)) {
        $cachedata = "\$cache = " . rvar_export($data) . ";\n\n";
    } else {
        $cachedata = $data;
    }
    rfwrite(slash($dir . $prefix . $cachename) . '.php', "<?php\n//Myws! cache file, DO NOT modify me!\n//Created on " . date("M j, Y, G:i") . "\n\n" . $cachedata, 'w');
}