/**
* Method to get experiments of a particular time range
* @param $inputs
* @return array
*/
public static function get_experiments_of_time_range($inputs)
{
$experimentStatistics = AdminUtilities::get_experiment_execution_statistics(strtotime($inputs["from-date"]) * 1000, strtotime($inputs["to-date"]) * 1000);
$experiments = array();
if ($inputs["status-type"] == "ALL") {
$experiments = $experimentStatistics->allExperiments;
} else {
if ($inputs["status-type"] == "COMPLETED") {
$experiments = $experimentStatistics->completedExperiments;
} elseif ($inputs["status-type"] == "FAILED") {
$experiments = $experimentStatistics->failedExperiments;
} else {
if ($inputs["status-type"] == "CANCELED") {
$experiments = $experimentStatistics->cancelledExperiments;
}
}
}
$expContainer = array();
$expNum = 0;
foreach ($experiments as $experiment) {
$expValue = ExperimentUtilities::get_experiment_values($experiment, ProjectUtilities::get_project($experiment->projectID), true);
$expContainer[$expNum]['experiment'] = $experiment;
$expValue["editable"] = false;
$expContainer[$expNum]['expValue'] = $expValue;
$expNum++;
}
return $expContainer;
}
/**
* Loads the mysqli object and organizes the URL into variables
*
* @param object $mysqli
* @param array $url_array
*/
public function __construct($url_array = NULL)
{
// Creates a database object
parent::__construct();
// Store the URL components as class properties
for ($i = 0, $c = count($url_array); $i < $c; ++$i) {
if (!empty($url_array[$i])) {
$prop = "url{$i}";
$this->{$prop} = $url_array[$i];
}
}
// Identify the class being used
$this->page_type = $this->get_page_data_by_slug($this->url0)->type;
// Register access points
$this->register_core_actions();
}
/**
* Loads the page entry and outputs HTML markup to display it
*
* @return string the formatted entry
*/
public function display_public()
{
// Check if the user is logged in and attempting to edit an entry
if (isset($this->url1) && $this->url1 === 'admin' && AdminUtilities::check_clearance(1)) {
// Load the entry ID if one was passed
$id = isset($this->url2) ? (int) $this->url2 : NULL;
// Output the admin controls
return $this->display_admin($id);
}
// Load the entries
$this->get_all_entries();
// Add the admin options for preview entries
$entry_id = array_key_exists(0, $this->entries) ? $this->entries[0]->entry_id : NULL;
$extra->header->admin = $this->admin_entry_options($this->url0, $entry_id, FALSE);
// Set the template file
$this->template = $this->url0 . '.inc';
// Organize the data
$this->generate_template_tags();
// Return the entry as formatted by the template
return $this->generate_markup($extra);
}
public function display_site_options()
{
// Make sure the user is logged in before showing any options
if (AdminUtilities::check_clearance(1)) {
// Set up the break for menu items
$tab = str_repeat(' ', 4);
$break = "</li>\n{$tab}<li>";
// Create the unordered list and display user info
$options = '<ul id="admin-site-options">' . "\n" . $tab . '<li class="info-box">You are logged in as <strong>' . $_SESSION['user']['name'] . '</strong>' . $break;
// If the user has clearance, allow for site page & category editing
if (AdminUtilities::check_clearance(2)) {
$options .= '<a href="/siteadmin/pages">Edit Site Pages</a>' . $break . '<a href="/siteadmin/categories">Edit Entry ' . 'Categories<a/>' . $break;
}
// If the user has high enough clearance, they can manage admins
if (AdminUtilities::check_clearance(2)) {
$options .= '<a href="/admin/manage">Manage Administrators</a>' . $break;
}
return $options . '<a href="/admin/logout">Logout</a></li>' . "\n" . '</ul><!-- end #admin-site-options -->';
} else {
return NULL;
}
}
/**
* Loads the page entries and outputs HTML markup to display them
*
* @return string the formatted entries
*/
public function display_public()
{
// If logged in, show the admin options (if JavaScript is disabled)
if (isset($this->url1) && $this->url1 === 'admin' && AdminUtilities::check_clearance(1)) {
// Load the entry ID if one was passed
$id = isset($this->url2) ? (int) $this->url2 : NULL;
// Output the admin controls
return $this->display_admin($id);
} else {
if (isset($this->url1) && $this->url1 !== 'more') {
// Load the entry by its URL
$this->get_entry_by_url($this->url1);
// Avoid a notice
$extra = (object) array();
// Set the template
$this->template = $this->url0 . '-full.inc';
} else {
// If the entries are paginated, this determines what page to show
if (isset($this->url1) && $this->url1 === 'more') {
$offset = isset($this->url2) ? $limit * ($this->url2 - 1) : 0;
} else {
$offset = 0;
}
// Load most recent entries for a preview if no entry was selected
$this->get_all_entries($offset);
// Add the admin options for preview entries
$extra->header->admin = $this->admin_general_options($this->url0);
// Set the template
$this->template = $this->url0 . '-preview.inc';
}
}
// Organize the data
$this->generate_template_tags();
// Return the entry as formatted by the template
return $this->generate_markup($extra);
}
/**
* Checks for the existence of a cached file with the ID passed
*
* @param string $cache_id A string by which the cache is identified
* @return mixed The cached data if saved, else boolean FALSE
*/
public static function check_cache($cache_id)
{
$cache_filepath = self::_generate_cache_filepath($cache_id);
/*
* If the cached file exists and is within the time limit defined in
* CACHE_EXPIRES, load the cached data. Does not apply if the user is
* logged in
*/
if (file_exists($cache_filepath) && time() - filemtime($cache_filepath) <= CACHE_EXPIRES && !AdminUtilities::check_clearance(1)) {
$cache = file_get_contents($cache_filepath);
FB::warn("Data loaded from cache ({$cache_filepath})");
return unserialize($cache);
}
return FALSE;
}
public function addGateway()
{
$inputs = Input::all();
$gateway = AdminUtilities::addGateway(Input::all());
$tm = WSIS::createTenant(1, $inputs["admin-username"], $inputs["admin-password"], $inputs["admin-email"], $inputs["admin-firstname"], $inputs["admin-lastname"], $inputs["domain"]);
return $gateway;
}
public function login()
{
// Sanitize the username and store the password for hashing
if (SIV::validate($_POST['username'], SIV::USERNAME) === TRUE) {
$username = $_POST['username'];
$password = $_POST['password'];
} else {
return FALSE;
}
FB::log($username, "Username");
// Load user data that matches the supplied username
$userdata = $this->get_user_data($username);
FB::log($userdata);
// Make sure a user was loaded before continuing
if (array_key_exists('email', $userdata) || array_key_exists('password', $userdata) || array_key_exists('username', $userdata) || array_key_exists('display', $userdata) || array_key_exists('clearance', $userdata)) {
// Extract password hash
$db_pass = $userdata['password'];
FB::log($this->createSaltedHash($password, $db_pass), "Password Hash");
FB::log($db_pass === $this->createSaltedHash($password, $db_pass), "Passwords Match");
// Make sure the passwords match
if ($db_pass === $this->createSaltedHash($password, $db_pass) && AdminUtilities::check_session()) {
// Save the user data in a session variable
$_SESSION['user'] = array('name' => $userdata['display'], 'email' => $userdata['email'], 'clearance' => $userdata['clearance']);
FB::log($_SESSION, "Session");
// Set a cookie to store the username that expires in 30 days
setcookie('username', $username, time() + 2592000, '/');
return TRUE;
} else {
return FALSE;
}
} else {
return FALSE;
}
}
/**
* Creates the database tables necessary for the CMS to function
*
* @param array $menuPages The menu configuration array
* @return void
*/
public static function build_database()
{
// Loads necessary MySQL to build and populate the database
$file_array = array();
$var_arr = array();
$file_array[] = CMS_PATH . 'core/resources/sql/build_database.sql';
$file_array[] = CMS_PATH . 'core/resources/sql/build_table_pages.sql';
$file_array[] = CMS_PATH . 'core/resources/sql/build_table_entries.sql';
$file_array[] = CMS_PATH . 'core/resources/sql/build_table_categories.sql';
$file_array[] = CMS_PATH . 'core/resources/sql/build_table_entry_categories.sql';
$file_array[] = CMS_PATH . 'core/resources/sql/build_table_featured.sql';
$file_array[] = CMS_PATH . 'core/resources/sql/build_table_users.sql';
$file_array[] = CMS_PATH . 'core/resources/sql/build_table_comments.sql';
// If an admin is initializing the ECMS, create his or her account
if (DEV_PASS !== '') {
$filepath = CMS_PATH . 'core/resources/sql/insert_users_entry.sql';
// Create a salted hash of the password
$password_hash = AdminUtilities::createSaltedHash(DEV_PASS);
// Assign variables needed to properly parse the file
$var_arr = array($filepath => array('display' => DEV_DISPLAY_NAME, 'username' => DEV_USER_NAME, 'email' => DEV_EMAIL, 'vcode' => sha1(uniqid(time(), TRUE)), 'clearance' => DEV_CLEARANCE, 'password' => $password_hash));
// Add the file to the array
$file_array[] = $filepath;
}
// Load the files
$sql = Utilities::load_file($file_array, $var_arr);
// Execute the loaded queries
try {
$dsn = "mysql:host=" . DB_HOST . ";dbname=" . DB_NAME;
$db = new PDO($dsn, DB_USER, DB_PASS);
$db->query($sql);
} catch (Exception $e) {
ECMS_Error::log_exception($e);
}
}
public function removeSSH()
{
$removeToken = Input::get("token");
if (AdminUtilities::remove_ssh_token($removeToken)) {
return 1;
} else {
return 0;
}
}
private function _display_comment_form()
{
$form = new Form();
$form->page = 'comments';
$form->legend = 'Add a Comment';
$form->action = 'comment-write';
$form->entry_id = $this->_entry_id;
$form->form_id = 'add-comment';
if (isset($this->_sdata->error) && $this->_sdata->error !== '0000') {
$form->notice = '<p class="comment-error">' . $this->_get_comment_error_message() . '</p>';
}
// Make the entry values available to the form if they exist
$form->entry = $this->_get_comment_data();
// If the admin is trying to reply to a comment, add the thread ID
if (AdminUtilities::check_clearance(1) && isset($_GET['thread_id'])) {
$form->entry->thread_id = (int) $_GET['thread_id'];
}
// If the commenter is new and no cookies exist, do a spam challenge
if ($this->_is_verified_human() === TRUE) {
$challenge = array('name' => 'challenge', 'type' => 'hidden', 'value' => 1);
} else {
$challenge = array('name' => 'challenge', 'class' => 'input-text', 'label' => $this->_generate_spam_challenge());
}
// Set up input information
$form->input_arr = array(array('name' => 'name', 'class' => 'input-text', 'label' => 'Your Name (Not Your Business Name)'), array('type' => 'email', 'name' => 'email', 'class' => 'input-text', 'label' => 'Your Email (Required, Never Shared)'), array('name' => 'url', 'class' => 'input-text', 'label' => 'Your Website (Optional)'), array('type' => 'textarea', 'name' => 'comment', 'class' => 'input-textarea', 'label' => 'Your Comment'), $challenge, array('type' => 'checkbox', 'name' => 'subscribe', 'id' => 'subscribe', 'label' => 'Receive an email when new comments are posted', 'value' => 1), array('type' => 'submit', 'name' => 'comment-submit', 'class' => 'input-submit', 'value' => 'Post a Comment'), array('type' => 'hidden', 'name' => 'comment_id'), array('type' => 'hidden', 'name' => 'thread_id'), array('type' => 'hidden', 'name' => 'return-url', 'value' => $this->_redirect_url));
return $form;
}
/**
* Checks for a valid session
*
* Runs a few checks to make sure the same user agent and IP are used in
* addition to the check for a token and timeout. Any failure results in a
* full-on self-destruct for the session.
*
* @return boolean Whether or not a valid session is present
*/
public static function check_session()
{
// If we've already checked this and it's valid, just return TRUE
if (self::$valid_session === TRUE) {
return TRUE;
}
FB::log($_SESSION, "Session Data");
FB::log(time(), "Current Time");
// Create a token if one doesn't exist or has timed out
if (!isset($_SESSION['ecms']) || $_SESSION['ecms']['ttl'] <= time()) {
// Regenerate the session to avoid any unwanted shenanigans
self::destroy_session();
self::create_session();
// Log data for debugging
FB::log("Session doesn't exist or expired. New session created.");
FB::log($_SESSION, "New Session");
return FALSE;
} else {
if ($_SESSION['ecms']['user-agent'] !== $_SERVER['HTTP_USER_AGENT'] || $_SESSION['ecms']['address'] !== $_SERVER['REMOTE_ADDR']) {
// Log data for debugging
FB::log("User agent or remote address is mismatched.");
// Regenerate the session to avoid any unwanted shenanigans
self::destroy_session();
self::create_session();
return FALSE;
} else {
if (is_array($_SESSION['ecms'])) {
$_SESSION['ecms']['ttl'] = time() + 600;
// 10 minutes from now
self::$valid_session = TRUE;
return TRUE;
} else {
// Log data for debugging
FB::log("No conditions met. Something is odd.");
// Regenerate the session to avoid any unwanted shenanigans
self::destroy_session();
self::create_session();
return FALSE;
}
}
}
}
static function buildDB($menuPages)
{
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if ($mysqli->connect_errno) {
exit("Couldn't connect to the database." . $mysqli->connect_error());
}
$admin_u = DEV_NAME;
$admin_e = DEV_EMAIL;
$admin_p = AdminUtilities::createSaltedHash(DEV_PASS);
$sql = "CREATE DATABASE IF NOT EXISTS `" . DB_NAME . "`\n DEFAULT CHARACTER SET " . DEFAULT_CHARACTER_SET . " COLLATE " . DEFAULT_COLLATION . ";\n CREATE TABLE IF NOT EXISTS `" . DB_NAME . "`.`" . DB_PREFIX . "entryMgr`\n (\n `id` INT UNSIGNED NOT NULL PRIMARY KEY auto_increment,\n `page` VARCHAR(64) NOT NULL,\n `title` VARCHAR(255) DEFAULT NULL,\n `subhead` VARCHAR(75) DEFAULT NULL,\n `body` TEXT DEFAULT NULL,\n `img` VARCHAR(128) DEFAULT NULL,\n `imgcap` VARCHAR(128) DEFAULT NULL,\n `data1` VARCHAR(255) DEFAULT NULL,\n `data2` VARCHAR(255) DEFAULT NULL,\n `data3` VARCHAR(255) DEFAULT NULL,\n `data4` VARCHAR(255) DEFAULT NULL,\n `data5` VARCHAR(255) DEFAULT NULL,\n `data6` VARCHAR(255) DEFAULT NULL,\n `data7` VARCHAR(255) DEFAULT NULL,\n `data8` VARCHAR(255) DEFAULT NULL,\n `author` VARCHAR(64) DEFAULT '" . SITE_CONTACT_NAME . "',\n `created` INT(12),\n INDEX(`page`),\n INDEX(`created`),\n INDEX(`title`),\n FULLTEXT KEY `search` (`title`,`body`,`data2`)\n ) ENGINE=MYISAM CHARACTER SET " . DEFAULT_CHARACTER_SET . " COLLATE " . DEFAULT_COLLATION . ";\n CREATE TABLE IF NOT EXISTS `" . DB_NAME . "`.`" . DB_PREFIX . "adminMgr`\n (\n `id` INT UNSIGNED NOT NULL PRIMARY KEY auto_increment,\n `admin_u` VARCHAR(60) UNIQUE,\n `admin_e` VARCHAR(100) UNIQUE,\n `admin_p` VARCHAR(150) DEFAULT NULL,\n `admin_v` VARCHAR(150) NOT NULL,\n `is_admin` TINYINT(1) DEFAULT '0',\n INDEX(admin_v)\n ) ENGINE=MYISAM CHARACTER SET " . DEFAULT_CHARACTER_SET . " COLLATE " . DEFAULT_COLLATION . ";\n INSERT INTO `" . DB_NAME . "`.`" . DB_PREFIX . "entryMgr`\n (\n `page`, `title`, `body`, `img`, `imgcap`,\n `data2`, `data6`, `author`, `created`\n )\n VALUES\n (\n '" . DEFAULT_PAGE . "', 'Welcome to the ECMS!',\n '<p>You have successfully installed the " . "<a href=\"http://ennuicms.com/\">ECMS</a>.</p>" . "\r\n<p>To get started:</p>\r\n<ul>\r\n<li>" . "<a href=\"/admin\">Log in</a> using the username " . "and password you set up in the config files</li>\r\n" . "<li>Edit this entry to contain the content for your " . "site''s home page</li>\r\n<li>Add content to the " . "rest of the pages on your site</li>\r\n</ul>\r\n" . "<h2>HTML Element Style Test (h2)</h2>\r\n" . "<blockquote>\r\n<p>This is a blockquote. Putamus " . "lectores litterarum dynamicus facilisi dolore. " . "Facilisi qui zzril legunt nibh in. Nostrud nonummy " . "sequitur autem consequat ut. Assum tincidunt " . "vulputate gothica molestie veniam.</p>\r\n" . "</blockquote>\r\n<h3>H3 Element</h3>\r\n<p>Sed " . "consequat tempor ex formas dignissim. Lobortis " . "anteposuerit consectetuer consequat ullamcorper " . "dolore. Dolore imperdiet amet iis sed iriure. " . "Luptatum adipiscing lorem augue diam te. Cum autem " . "claritas tempor sed augue.</p>\r\n<h4>H4 Element" . "</h4>\r\n<ol>\r\n<li>This is an ordered list</li>" . "\r\n<li>Typi at doming usus lectores parum.</li>" . "\r\n<li>Parum quod legentis qui nonummy mirum. Nunc " . "quis consequat in seacula consectetuer.</li>\r\n" . "</ol>\r\n<h5>H5 Element</h5>\r\n<p>Parum quod " . "legentis qui nonummy mirum. Nunc quis consequat in " . "seacula consectetuer. Est humanitatis eros duis qui " . "quarta. Enim quod in aliquip placerat insitam. " . "Putamus consequat hendrerit demonstraverunt " . "eleifend claram. Videntur molestie typi hendrerit " . "duis qui.</p>\r\n<h6>H6 Element</h6>\r\n<p>Mazim ut " . "euismod formas amet in. Ex blandit nulla tincidunt " . "wisi consequat. Typi illum ad luptatum " . "Investigationes legentis.</p>',\n 'blog, entry, testing', 'welcome-to-the-ecms',\n 'Ennui Design', " . time() . "\n )\n ON DUPLICATE KEY UPDATE `created`=" . time() . ";";
if (DEV_PASS != '') {
$sql .= "INSERT INTO `" . DB_NAME . "`.`" . DB_PREFIX . "adminMgr`\n (`admin_u`, `admin_e`, `admin_p`, `admin_v`, `is_admin`)\n VALUES\n ('{$admin_u}', '{$admin_e}', '{$admin_p}', '" . sha1(time()) . "', '1')\n ON DUPLICATE KEY UPDATE `is_admin`=1;";
}
if (array_key_exists('blog', $menuPages)) {
$sql .= "\n CREATE TABLE IF NOT EXISTS `" . DB_NAME . "`.`" . DB_PREFIX . "blogCmnt`\n (\n `id` INT(5) PRIMARY KEY auto_increment,\n `bid` INT(5),\n `user` VARCHAR(60),\n `email` VARCHAR(100),\n `link` VARCHAR(100),\n `comment` TEXT,\n `timestamp` INT(12),\n `subscribe` TINYINT(1) DEFAULT '0',\n INDEX(bid),\n INDEX(timestamp),\n INDEX(subscribe)\n ) ENGINE=MYISAM CHARACTER SET " . DEFAULT_CHARACTER_SET . " COLLATE " . DEFAULT_COLLATION . ";";
}
if ($mysqli->multi_query($sql)) {
do {
if ($result = $mysqli->store_result()) {
echo "Table created.<br />\n";
$result->close();
}
} while ($mysqli->next_result());
} else {
exit('Database tables could not be created. ' . $mysqli->error());
}
$mysqli->close();
return true;
}
FB::warn("FirePHP logging enabled.");
} else {
ini_set("display_errors", 0);
error_reporting(0);
FB::setEnabled(FALSE);
}
// URL Parsing - Read the URL and break it apart for processing
$url_array = Utilities::readUrl();
if (!is_array($url_array) && file_exists($url_array)) {
require_once $url_array;
}
// Creates a database object
$dbo = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
// Creates the database tables if set to true
if (CREATE_DB === TRUE) {
AdminUtilities::buildDB($menuPages);
}
// Load the page attributes from the menu array
$menuPage = Utilities::getPageAttributes($menuPages, $url_array[0]);
// Check if the admin page is being accessed
if ($url_array[0] == 'admin') {
$menuPage = array('display' => 'Administrative Controls', 'type' => 'admin');
}
// Check if the search page is being accessed
if ($url_array[0] == 'search') {
$menuPage = array('display' => 'Search', 'type' => 'search');
}
// If the supplied URL doesn't match any menu items, direct to the 404 page
if ($menuPage === FALSE) {
$menuPage = array('display' => 'Invalid URL', 'type' => 'missing');
}
public static function is_form_submission_valid()
{
return isset($_REQUEST['page']) && (isset($_POST['token']) || isset($_GET['action'])) && AdminUtilities::check_session();
}
<!-- Additional scripts for site enhancement. These are optional. -->
<script type="text/javascript"
src="/assets/js/jquery.loadflickr.js"></script>
<script type="text/javascript"
src="/assets/js/jquery.cookie.js"></script>
<!--[if IE]>
<script type="text/javascript"
src="/assets/js/selectivizr.js"></script>
<![endif]-->
<?php
// If the user is logged in, load JavaScript for the admin controls
if ($main_content->url0 == "admin" || AdminUtilities::check_clearance(1)) {
?>
<!-- Admin JS Files -->
<script type="text/javascript"
src="/assets/js/tiny_mce/jquery.tinymce.js"></script>
<script type="text/javascript"
src="/assets/js/hlx.admin.js"></script>
<?php
}
?>
<!-- Initialization JS File -->
<script type="text/javascript"
src="/assets/js/hlx.init.js"></script>
<?php
public function getExperimentsOfTimeRange()
{
if (Request::ajax()) {
$inputs = Input::all();
$expContainer = AdminUtilities::get_experiments_of_time_range($inputs);
$expStates = ExperimentUtilities::getExpStates();
return View::make("partials/experiment-container", array("expContainer" => $expContainer, "expStates" => $expStates));
}
}
if (ACTIVATE_DEBUG_MODE === TRUE) {
ini_set("display_errors", 1);
ERROR_REPORTING(E_ALL);
FB::setEnabled(TRUE);
FB::warn("FirePHP logging is enabled! Sensitive data may be exposed.");
} else {
ini_set("display_errors", 0);
error_reporting(0);
FB::setEnabled(FALSE);
}
// Creates the database tables if set to true
if (BUILD_DATABASE === TRUE) {
DB_Actions::build_database();
}
// Check for a valid session
AdminUtilities::check_session();
/*******************************************************************************
* Break apart the URL and determine what data needs to be loaded
*******************************************************************************/
// URL Parsing - Read the URL and break it apart for processing
$url_array = Utilities::read_url();
// Load the menu
$menu = new Menu($url_array);
// Load the page attributes from the menu array
$menu_page = DB_Actions::get_page_data_by_slug($url_array[0]);
// Check if the page should actually be shown as main content
if (property_exists($menu_page, 'show_full') && $menu_page->show_full != 1) {
header("Location: /" . DB_Actions::get_default_page());
exit;
} else {
if ($menu_page === FALSE) {
