/** * Method to get experiments of a particular time range * @param $inputs * @return array */ public static function get_experiments_of_time_range($inputs) { $experimentStatistics = AdminUtilities::get_experiment_execution_statistics(strtotime($inputs["from-date"]) * 1000, strtotime($inputs["to-date"]) * 1000); $experiments = array(); if ($inputs["status-type"] == "ALL") { $experiments = $experimentStatistics->allExperiments; } else { if ($inputs["status-type"] == "COMPLETED") { $experiments = $experimentStatistics->completedExperiments; } elseif ($inputs["status-type"] == "FAILED") { $experiments = $experimentStatistics->failedExperiments; } else { if ($inputs["status-type"] == "CANCELED") { $experiments = $experimentStatistics->cancelledExperiments; } } } $expContainer = array(); $expNum = 0; foreach ($experiments as $experiment) { $expValue = ExperimentUtilities::get_experiment_values($experiment, ProjectUtilities::get_project($experiment->projectID), true); $expContainer[$expNum]['experiment'] = $experiment; $expValue["editable"] = false; $expContainer[$expNum]['expValue'] = $expValue; $expNum++; } return $expContainer; }
/** * Loads the mysqli object and organizes the URL into variables * * @param object $mysqli * @param array $url_array */ public function __construct($url_array = NULL) { // Creates a database object parent::__construct(); // Store the URL components as class properties for ($i = 0, $c = count($url_array); $i < $c; ++$i) { if (!empty($url_array[$i])) { $prop = "url{$i}"; $this->{$prop} = $url_array[$i]; } } // Identify the class being used $this->page_type = $this->get_page_data_by_slug($this->url0)->type; // Register access points $this->register_core_actions(); }
/** * Loads the page entry and outputs HTML markup to display it * * @return string the formatted entry */ public function display_public() { // Check if the user is logged in and attempting to edit an entry if (isset($this->url1) && $this->url1 === 'admin' && AdminUtilities::check_clearance(1)) { // Load the entry ID if one was passed $id = isset($this->url2) ? (int) $this->url2 : NULL; // Output the admin controls return $this->display_admin($id); } // Load the entries $this->get_all_entries(); // Add the admin options for preview entries $entry_id = array_key_exists(0, $this->entries) ? $this->entries[0]->entry_id : NULL; $extra->header->admin = $this->admin_entry_options($this->url0, $entry_id, FALSE); // Set the template file $this->template = $this->url0 . '.inc'; // Organize the data $this->generate_template_tags(); // Return the entry as formatted by the template return $this->generate_markup($extra); }
public function display_site_options() { // Make sure the user is logged in before showing any options if (AdminUtilities::check_clearance(1)) { // Set up the break for menu items $tab = str_repeat(' ', 4); $break = "</li>\n{$tab}<li>"; // Create the unordered list and display user info $options = '<ul id="admin-site-options">' . "\n" . $tab . '<li class="info-box">You are logged in as <strong>' . $_SESSION['user']['name'] . '</strong>' . $break; // If the user has clearance, allow for site page & category editing if (AdminUtilities::check_clearance(2)) { $options .= '<a href="/siteadmin/pages">Edit Site Pages</a>' . $break . '<a href="/siteadmin/categories">Edit Entry ' . 'Categories<a/>' . $break; } // If the user has high enough clearance, they can manage admins if (AdminUtilities::check_clearance(2)) { $options .= '<a href="/admin/manage">Manage Administrators</a>' . $break; } return $options . '<a href="/admin/logout">Logout</a></li>' . "\n" . '</ul><!-- end #admin-site-options -->'; } else { return NULL; } }
/** * Loads the page entries and outputs HTML markup to display them * * @return string the formatted entries */ public function display_public() { // If logged in, show the admin options (if JavaScript is disabled) if (isset($this->url1) && $this->url1 === 'admin' && AdminUtilities::check_clearance(1)) { // Load the entry ID if one was passed $id = isset($this->url2) ? (int) $this->url2 : NULL; // Output the admin controls return $this->display_admin($id); } else { if (isset($this->url1) && $this->url1 !== 'more') { // Load the entry by its URL $this->get_entry_by_url($this->url1); // Avoid a notice $extra = (object) array(); // Set the template $this->template = $this->url0 . '-full.inc'; } else { // If the entries are paginated, this determines what page to show if (isset($this->url1) && $this->url1 === 'more') { $offset = isset($this->url2) ? $limit * ($this->url2 - 1) : 0; } else { $offset = 0; } // Load most recent entries for a preview if no entry was selected $this->get_all_entries($offset); // Add the admin options for preview entries $extra->header->admin = $this->admin_general_options($this->url0); // Set the template $this->template = $this->url0 . '-preview.inc'; } } // Organize the data $this->generate_template_tags(); // Return the entry as formatted by the template return $this->generate_markup($extra); }
/** * Checks for the existence of a cached file with the ID passed * * @param string $cache_id A string by which the cache is identified * @return mixed The cached data if saved, else boolean FALSE */ public static function check_cache($cache_id) { $cache_filepath = self::_generate_cache_filepath($cache_id); /* * If the cached file exists and is within the time limit defined in * CACHE_EXPIRES, load the cached data. Does not apply if the user is * logged in */ if (file_exists($cache_filepath) && time() - filemtime($cache_filepath) <= CACHE_EXPIRES && !AdminUtilities::check_clearance(1)) { $cache = file_get_contents($cache_filepath); FB::warn("Data loaded from cache ({$cache_filepath})"); return unserialize($cache); } return FALSE; }
public function addGateway() { $inputs = Input::all(); $gateway = AdminUtilities::addGateway(Input::all()); $tm = WSIS::createTenant(1, $inputs["admin-username"], $inputs["admin-password"], $inputs["admin-email"], $inputs["admin-firstname"], $inputs["admin-lastname"], $inputs["domain"]); return $gateway; }
public function login() { // Sanitize the username and store the password for hashing if (SIV::validate($_POST['username'], SIV::USERNAME) === TRUE) { $username = $_POST['username']; $password = $_POST['password']; } else { return FALSE; } FB::log($username, "Username"); // Load user data that matches the supplied username $userdata = $this->get_user_data($username); FB::log($userdata); // Make sure a user was loaded before continuing if (array_key_exists('email', $userdata) || array_key_exists('password', $userdata) || array_key_exists('username', $userdata) || array_key_exists('display', $userdata) || array_key_exists('clearance', $userdata)) { // Extract password hash $db_pass = $userdata['password']; FB::log($this->createSaltedHash($password, $db_pass), "Password Hash"); FB::log($db_pass === $this->createSaltedHash($password, $db_pass), "Passwords Match"); // Make sure the passwords match if ($db_pass === $this->createSaltedHash($password, $db_pass) && AdminUtilities::check_session()) { // Save the user data in a session variable $_SESSION['user'] = array('name' => $userdata['display'], 'email' => $userdata['email'], 'clearance' => $userdata['clearance']); FB::log($_SESSION, "Session"); // Set a cookie to store the username that expires in 30 days setcookie('username', $username, time() + 2592000, '/'); return TRUE; } else { return FALSE; } } else { return FALSE; } }
/** * Creates the database tables necessary for the CMS to function * * @param array $menuPages The menu configuration array * @return void */ public static function build_database() { // Loads necessary MySQL to build and populate the database $file_array = array(); $var_arr = array(); $file_array[] = CMS_PATH . 'core/resources/sql/build_database.sql'; $file_array[] = CMS_PATH . 'core/resources/sql/build_table_pages.sql'; $file_array[] = CMS_PATH . 'core/resources/sql/build_table_entries.sql'; $file_array[] = CMS_PATH . 'core/resources/sql/build_table_categories.sql'; $file_array[] = CMS_PATH . 'core/resources/sql/build_table_entry_categories.sql'; $file_array[] = CMS_PATH . 'core/resources/sql/build_table_featured.sql'; $file_array[] = CMS_PATH . 'core/resources/sql/build_table_users.sql'; $file_array[] = CMS_PATH . 'core/resources/sql/build_table_comments.sql'; // If an admin is initializing the ECMS, create his or her account if (DEV_PASS !== '') { $filepath = CMS_PATH . 'core/resources/sql/insert_users_entry.sql'; // Create a salted hash of the password $password_hash = AdminUtilities::createSaltedHash(DEV_PASS); // Assign variables needed to properly parse the file $var_arr = array($filepath => array('display' => DEV_DISPLAY_NAME, 'username' => DEV_USER_NAME, 'email' => DEV_EMAIL, 'vcode' => sha1(uniqid(time(), TRUE)), 'clearance' => DEV_CLEARANCE, 'password' => $password_hash)); // Add the file to the array $file_array[] = $filepath; } // Load the files $sql = Utilities::load_file($file_array, $var_arr); // Execute the loaded queries try { $dsn = "mysql:host=" . DB_HOST . ";dbname=" . DB_NAME; $db = new PDO($dsn, DB_USER, DB_PASS); $db->query($sql); } catch (Exception $e) { ECMS_Error::log_exception($e); } }
public function removeSSH() { $removeToken = Input::get("token"); if (AdminUtilities::remove_ssh_token($removeToken)) { return 1; } else { return 0; } }
private function _display_comment_form() { $form = new Form(); $form->page = 'comments'; $form->legend = 'Add a Comment'; $form->action = 'comment-write'; $form->entry_id = $this->_entry_id; $form->form_id = 'add-comment'; if (isset($this->_sdata->error) && $this->_sdata->error !== '0000') { $form->notice = '<p class="comment-error">' . $this->_get_comment_error_message() . '</p>'; } // Make the entry values available to the form if they exist $form->entry = $this->_get_comment_data(); // If the admin is trying to reply to a comment, add the thread ID if (AdminUtilities::check_clearance(1) && isset($_GET['thread_id'])) { $form->entry->thread_id = (int) $_GET['thread_id']; } // If the commenter is new and no cookies exist, do a spam challenge if ($this->_is_verified_human() === TRUE) { $challenge = array('name' => 'challenge', 'type' => 'hidden', 'value' => 1); } else { $challenge = array('name' => 'challenge', 'class' => 'input-text', 'label' => $this->_generate_spam_challenge()); } // Set up input information $form->input_arr = array(array('name' => 'name', 'class' => 'input-text', 'label' => 'Your Name (Not Your Business Name)'), array('type' => 'email', 'name' => 'email', 'class' => 'input-text', 'label' => 'Your Email (Required, Never Shared)'), array('name' => 'url', 'class' => 'input-text', 'label' => 'Your Website (Optional)'), array('type' => 'textarea', 'name' => 'comment', 'class' => 'input-textarea', 'label' => 'Your Comment'), $challenge, array('type' => 'checkbox', 'name' => 'subscribe', 'id' => 'subscribe', 'label' => 'Receive an email when new comments are posted', 'value' => 1), array('type' => 'submit', 'name' => 'comment-submit', 'class' => 'input-submit', 'value' => 'Post a Comment'), array('type' => 'hidden', 'name' => 'comment_id'), array('type' => 'hidden', 'name' => 'thread_id'), array('type' => 'hidden', 'name' => 'return-url', 'value' => $this->_redirect_url)); return $form; }
/** * Checks for a valid session * * Runs a few checks to make sure the same user agent and IP are used in * addition to the check for a token and timeout. Any failure results in a * full-on self-destruct for the session. * * @return boolean Whether or not a valid session is present */ public static function check_session() { // If we've already checked this and it's valid, just return TRUE if (self::$valid_session === TRUE) { return TRUE; } FB::log($_SESSION, "Session Data"); FB::log(time(), "Current Time"); // Create a token if one doesn't exist or has timed out if (!isset($_SESSION['ecms']) || $_SESSION['ecms']['ttl'] <= time()) { // Regenerate the session to avoid any unwanted shenanigans self::destroy_session(); self::create_session(); // Log data for debugging FB::log("Session doesn't exist or expired. New session created."); FB::log($_SESSION, "New Session"); return FALSE; } else { if ($_SESSION['ecms']['user-agent'] !== $_SERVER['HTTP_USER_AGENT'] || $_SESSION['ecms']['address'] !== $_SERVER['REMOTE_ADDR']) { // Log data for debugging FB::log("User agent or remote address is mismatched."); // Regenerate the session to avoid any unwanted shenanigans self::destroy_session(); self::create_session(); return FALSE; } else { if (is_array($_SESSION['ecms'])) { $_SESSION['ecms']['ttl'] = time() + 600; // 10 minutes from now self::$valid_session = TRUE; return TRUE; } else { // Log data for debugging FB::log("No conditions met. Something is odd."); // Regenerate the session to avoid any unwanted shenanigans self::destroy_session(); self::create_session(); return FALSE; } } } }
static function buildDB($menuPages) { $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME); if ($mysqli->connect_errno) { exit("Couldn't connect to the database." . $mysqli->connect_error()); } $admin_u = DEV_NAME; $admin_e = DEV_EMAIL; $admin_p = AdminUtilities::createSaltedHash(DEV_PASS); $sql = "CREATE DATABASE IF NOT EXISTS `" . DB_NAME . "`\n DEFAULT CHARACTER SET " . DEFAULT_CHARACTER_SET . " COLLATE " . DEFAULT_COLLATION . ";\n CREATE TABLE IF NOT EXISTS `" . DB_NAME . "`.`" . DB_PREFIX . "entryMgr`\n (\n `id` INT UNSIGNED NOT NULL PRIMARY KEY auto_increment,\n `page` VARCHAR(64) NOT NULL,\n `title` VARCHAR(255) DEFAULT NULL,\n `subhead` VARCHAR(75) DEFAULT NULL,\n `body` TEXT DEFAULT NULL,\n `img` VARCHAR(128) DEFAULT NULL,\n `imgcap` VARCHAR(128) DEFAULT NULL,\n `data1` VARCHAR(255) DEFAULT NULL,\n `data2` VARCHAR(255) DEFAULT NULL,\n `data3` VARCHAR(255) DEFAULT NULL,\n `data4` VARCHAR(255) DEFAULT NULL,\n `data5` VARCHAR(255) DEFAULT NULL,\n `data6` VARCHAR(255) DEFAULT NULL,\n `data7` VARCHAR(255) DEFAULT NULL,\n `data8` VARCHAR(255) DEFAULT NULL,\n `author` VARCHAR(64) DEFAULT '" . SITE_CONTACT_NAME . "',\n `created` INT(12),\n INDEX(`page`),\n INDEX(`created`),\n INDEX(`title`),\n FULLTEXT KEY `search` (`title`,`body`,`data2`)\n ) ENGINE=MYISAM CHARACTER SET " . DEFAULT_CHARACTER_SET . " COLLATE " . DEFAULT_COLLATION . ";\n CREATE TABLE IF NOT EXISTS `" . DB_NAME . "`.`" . DB_PREFIX . "adminMgr`\n (\n `id` INT UNSIGNED NOT NULL PRIMARY KEY auto_increment,\n `admin_u` VARCHAR(60) UNIQUE,\n `admin_e` VARCHAR(100) UNIQUE,\n `admin_p` VARCHAR(150) DEFAULT NULL,\n `admin_v` VARCHAR(150) NOT NULL,\n `is_admin` TINYINT(1) DEFAULT '0',\n INDEX(admin_v)\n ) ENGINE=MYISAM CHARACTER SET " . DEFAULT_CHARACTER_SET . " COLLATE " . DEFAULT_COLLATION . ";\n INSERT INTO `" . DB_NAME . "`.`" . DB_PREFIX . "entryMgr`\n (\n `page`, `title`, `body`, `img`, `imgcap`,\n `data2`, `data6`, `author`, `created`\n )\n VALUES\n (\n '" . DEFAULT_PAGE . "', 'Welcome to the ECMS!',\n '<p>You have successfully installed the " . "<a href=\"http://ennuicms.com/\">ECMS</a>.</p>" . "\r\n<p>To get started:</p>\r\n<ul>\r\n<li>" . "<a href=\"/admin\">Log in</a> using the username " . "and password you set up in the config files</li>\r\n" . "<li>Edit this entry to contain the content for your " . "site''s home page</li>\r\n<li>Add content to the " . "rest of the pages on your site</li>\r\n</ul>\r\n" . "<h2>HTML Element Style Test (h2)</h2>\r\n" . "<blockquote>\r\n<p>This is a blockquote. Putamus " . "lectores litterarum dynamicus facilisi dolore. " . "Facilisi qui zzril legunt nibh in. Nostrud nonummy " . "sequitur autem consequat ut. Assum tincidunt " . "vulputate gothica molestie veniam.</p>\r\n" . "</blockquote>\r\n<h3>H3 Element</h3>\r\n<p>Sed " . "consequat tempor ex formas dignissim. Lobortis " . "anteposuerit consectetuer consequat ullamcorper " . "dolore. Dolore imperdiet amet iis sed iriure. " . "Luptatum adipiscing lorem augue diam te. Cum autem " . "claritas tempor sed augue.</p>\r\n<h4>H4 Element" . "</h4>\r\n<ol>\r\n<li>This is an ordered list</li>" . "\r\n<li>Typi at doming usus lectores parum.</li>" . "\r\n<li>Parum quod legentis qui nonummy mirum. Nunc " . "quis consequat in seacula consectetuer.</li>\r\n" . "</ol>\r\n<h5>H5 Element</h5>\r\n<p>Parum quod " . "legentis qui nonummy mirum. Nunc quis consequat in " . "seacula consectetuer. Est humanitatis eros duis qui " . "quarta. Enim quod in aliquip placerat insitam. " . "Putamus consequat hendrerit demonstraverunt " . "eleifend claram. Videntur molestie typi hendrerit " . "duis qui.</p>\r\n<h6>H6 Element</h6>\r\n<p>Mazim ut " . "euismod formas amet in. Ex blandit nulla tincidunt " . "wisi consequat. Typi illum ad luptatum " . "Investigationes legentis.</p>',\n 'blog, entry, testing', 'welcome-to-the-ecms',\n 'Ennui Design', " . time() . "\n )\n ON DUPLICATE KEY UPDATE `created`=" . time() . ";"; if (DEV_PASS != '') { $sql .= "INSERT INTO `" . DB_NAME . "`.`" . DB_PREFIX . "adminMgr`\n (`admin_u`, `admin_e`, `admin_p`, `admin_v`, `is_admin`)\n VALUES\n ('{$admin_u}', '{$admin_e}', '{$admin_p}', '" . sha1(time()) . "', '1')\n ON DUPLICATE KEY UPDATE `is_admin`=1;"; } if (array_key_exists('blog', $menuPages)) { $sql .= "\n CREATE TABLE IF NOT EXISTS `" . DB_NAME . "`.`" . DB_PREFIX . "blogCmnt`\n (\n `id` INT(5) PRIMARY KEY auto_increment,\n `bid` INT(5),\n `user` VARCHAR(60),\n `email` VARCHAR(100),\n `link` VARCHAR(100),\n `comment` TEXT,\n `timestamp` INT(12),\n `subscribe` TINYINT(1) DEFAULT '0',\n INDEX(bid),\n INDEX(timestamp),\n INDEX(subscribe)\n ) ENGINE=MYISAM CHARACTER SET " . DEFAULT_CHARACTER_SET . " COLLATE " . DEFAULT_COLLATION . ";"; } if ($mysqli->multi_query($sql)) { do { if ($result = $mysqli->store_result()) { echo "Table created.<br />\n"; $result->close(); } } while ($mysqli->next_result()); } else { exit('Database tables could not be created. ' . $mysqli->error()); } $mysqli->close(); return true; }
FB::warn("FirePHP logging enabled."); } else { ini_set("display_errors", 0); error_reporting(0); FB::setEnabled(FALSE); } // URL Parsing - Read the URL and break it apart for processing $url_array = Utilities::readUrl(); if (!is_array($url_array) && file_exists($url_array)) { require_once $url_array; } // Creates a database object $dbo = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME); // Creates the database tables if set to true if (CREATE_DB === TRUE) { AdminUtilities::buildDB($menuPages); } // Load the page attributes from the menu array $menuPage = Utilities::getPageAttributes($menuPages, $url_array[0]); // Check if the admin page is being accessed if ($url_array[0] == 'admin') { $menuPage = array('display' => 'Administrative Controls', 'type' => 'admin'); } // Check if the search page is being accessed if ($url_array[0] == 'search') { $menuPage = array('display' => 'Search', 'type' => 'search'); } // If the supplied URL doesn't match any menu items, direct to the 404 page if ($menuPage === FALSE) { $menuPage = array('display' => 'Invalid URL', 'type' => 'missing'); }
public static function is_form_submission_valid() { return isset($_REQUEST['page']) && (isset($_POST['token']) || isset($_GET['action'])) && AdminUtilities::check_session(); }
<!-- Additional scripts for site enhancement. These are optional. --> <script type="text/javascript" src="/assets/js/jquery.loadflickr.js"></script> <script type="text/javascript" src="/assets/js/jquery.cookie.js"></script> <!--[if IE]> <script type="text/javascript" src="/assets/js/selectivizr.js"></script> <![endif]--> <?php // If the user is logged in, load JavaScript for the admin controls if ($main_content->url0 == "admin" || AdminUtilities::check_clearance(1)) { ?> <!-- Admin JS Files --> <script type="text/javascript" src="/assets/js/tiny_mce/jquery.tinymce.js"></script> <script type="text/javascript" src="/assets/js/hlx.admin.js"></script> <?php } ?> <!-- Initialization JS File --> <script type="text/javascript" src="/assets/js/hlx.init.js"></script> <?php
public function getExperimentsOfTimeRange() { if (Request::ajax()) { $inputs = Input::all(); $expContainer = AdminUtilities::get_experiments_of_time_range($inputs); $expStates = ExperimentUtilities::getExpStates(); return View::make("partials/experiment-container", array("expContainer" => $expContainer, "expStates" => $expStates)); } }
if (ACTIVATE_DEBUG_MODE === TRUE) { ini_set("display_errors", 1); ERROR_REPORTING(E_ALL); FB::setEnabled(TRUE); FB::warn("FirePHP logging is enabled! Sensitive data may be exposed."); } else { ini_set("display_errors", 0); error_reporting(0); FB::setEnabled(FALSE); } // Creates the database tables if set to true if (BUILD_DATABASE === TRUE) { DB_Actions::build_database(); } // Check for a valid session AdminUtilities::check_session(); /******************************************************************************* * Break apart the URL and determine what data needs to be loaded *******************************************************************************/ // URL Parsing - Read the URL and break it apart for processing $url_array = Utilities::read_url(); // Load the menu $menu = new Menu($url_array); // Load the page attributes from the menu array $menu_page = DB_Actions::get_page_data_by_slug($url_array[0]); // Check if the page should actually be shown as main content if (property_exists($menu_page, 'show_full') && $menu_page->show_full != 1) { header("Location: /" . DB_Actions::get_default_page()); exit; } else { if ($menu_page === FALSE) {