public function updateRole($name, $label = "", $permissions = array(), $add = false)
{
global $pawUsers;
// CHECK PERMISSIONS
if ($this->hasPermission("pawu_perm_manage") === false) {
$this->_error(__("You don't have the Permission to perform this action!"));
return false;
}
// VALIDATE
if (($name = $this->validateRole($name, false)) === false) {
return false;
}
if (($label = $this->validateLabel($label)) === false) {
return false;
}
$permissions = paw_xss_cleaner($permissions, true);
if (!is_array($permissions)) {
$permissions = array();
}
// ADD ALL SYSTEM PERMISSIONS TO THE ADMIN ROLE
if ($name == "administrator") {
$permissions = array_merge($permissions, $this->system);
}
$role = $this->getRoles($name, false);
$role = $role[$name]["id"];
// ADD NEW PERMISSIONS
if ($add === true) {
$this->updatePermissions($permissions, false);
}
// UPDATE ROLE
$query = "UPDATE " . TABLE_PREFIX . "role SET label=:label WHERE name=:name";
$query = Record::query($query, array(":name" => $name, ":label" => $label));
if ($query === false) {
$this->_error(__("An unknown error is occurred!"));
return false;
}
// DELETE ROLE PERMISSIONS
$query = "DELETE FROM " . TABLE_PREFIX . "role_permission WHERE role_id=" . $role;
if (Record::query($query) === false) {
$this->_error(__("An unknown error is occurred!"));
return false;
}
// LINK NEW PERMISSIONS SET TO ROLE
if (!empty($permissions)) {
$queries = array();
foreach ($this->getPermissions(false) as $id => $perm) {
if (in_array($perm["name"], $permissions)) {
$queries[] = "(" . Record::escape($role) . ", " . Record::escape($perm["id"]) . ")";
}
}
$query = "INSERT INTO " . TABLE_PREFIX . "role_permission (role_id, permission_id) VALUES " . implode(", ", $queries) . ";";
$query = Record::query($query, array(":name" => $name, ":label" => $label));
if ($query === false) {
$this->_error(__("An unknown error is occurred!"));
return false;
}
}
return true;
}
public function updateData($id, $type, $value, $status = false, $config = "")
{
global $pawUsers;
// CHECK PERMISSIONS
if ($pawUsers->permissions->hasPermission("pawu_list_manage") === false) {
$this->_error(__("You don't have the Permission to perform this action!"));
return false;
}
// VALIDATE
$value = paw_xss_cleaner($value);
$status = in_array($status, array(1, "1", true)) ? 1 : 0;
if ($this->validateData($type, $value) !== true) {
return false;
}
$settings = $this->_settings($type, $config);
// CHECK IF ITEM EXIST
$query = "SELECT * FROM " . TABLE_PREFIX . "blacklist WHERE id=:id";
$query = Record::query($query, array(":id" => $id));
if (empty($query) || !isset($query[0])) {
$this->_error(__("The blacklist item does not exists!"));
return false;
}
// UPDATE BLACKLIST ITEM
$data = array("value=:value", "type=" . Record::escape($type), "status=" . Record::escape($status), "settings=" . Record::escape(paw_serializer($settings)));
$query = "UPDATE " . TABLE_PREFIX . "blacklist SET " . implode(", ", $data) . " WHERE id=" . $id;
$query = Record::query($query, array(":value" => $value));
if ($query !== false) {
return true;
}
$this->_error(__("An unknown error is occurred!"));
return false;
}
public function updateUser($data, $update)
{
$data = paw_xss_cleaner($data);
$update = paw_xss_cleaner($update);
if (!is_array($update)) {
$this->_error(__("The Action is invalid!"));
return false;
}
// GET USER
$user = $this->_getUser($data);
if (empty($user)) {
$this->_error(__("The User does not exist!"));
return false;
}
// CHECK PERMISSIONS
if ($this->login === false) {
if ((int) $user->id !== (int) $this->currentID) {
if (!$this->permissions->hasPermission("user_edit")) {
$this->_error(__("You don't have the Permission to perform this action!"));
return false;
} else {
$url = get_url("user/edit/" . $user->id . "/" . $this->currentID);
if (!isset($update["token"]) || !SecureToken::validateToken($update["token"], $url)) {
$this->_error(__("The CSRF Token does not exist or is invalid!"));
return false;
}
}
}
}
// FETCH EMAIL AND PASSWORD REQUESTS
if ($this->login === false) {
// UPDATE eMAIL ADDRESS
if (isset($update["email"]) && (isset($update["password"]) || $this->permissions->hasPermission("user_edit"))) {
if (($mail = $this->validateUsermail($update["email"], true)) === false) {
return false;
}
if ((int) $user->id === (int) $this->currentID && isset($update["password"])) {
if (!$this->_checkPassword($user, $update["password"])) {
$this->_error(__("The Password is incorrect!"));
return false;
}
$this->_userPassword($user, $update["password"]);
}
if ($this->_userMail($user, $update["email"])) {
return true;
}
}
// UPDATE PASSWORD
if (isset($update["new-password"]) && (isset($update["password"]) || $this->permissions->hasPermission("user_edit"))) {
if (($pass = $this->validatePassword($update["new-password"], true)) === false) {
return false;
}
if ((int) $user->id === (int) $this->currentID && isset($update["password"])) {
if (!$this->_checkPassword($user, $update["password"])) {
$this->_error(__("The Password is incorrect!"));
return false;
}
}
if ($this->_userPassword($user, $pass)) {
return true;
}
}
}
// VALIDATE
$valid = array("name", "ip", "language", "last_login", "last_failure", "failure_count", "updated_by_id", "roles");
$sql = array();
$values = array();
foreach ($update as $key => $value) {
if (!in_array($key, $valid)) {
unset($update[$key]);
continue;
}
if ($key === "name" && strlen($value) > 50) {
unset($update["name"]);
continue;
}
if ($key === "roles") {
$roles = $value;
continue;
}
$sql[$key] = $key . "=:" . $key;
$values[":" . $key] = $value;
}
$sql["updated_on"] = "updated_on=" . Record::escape(date("Y-m-d H:i:s"));
// UPDATED BY ID
if (!isset($sql["updated_by_id"])) {
if ($this->isLoggedIn()) {
$sql["updated_by_id"] = "updated_by_id=" . Record::escape($this->currentID);
} else {
$sql["updated_by_id"] = "updated_by_id=" . $user->id;
}
}
$query = "UPDATE " . TABLE_PREFIX . "user SET " . implode(", ", $sql) . " WHERE id=" . $user->id;
$query = Record::query($query, $values);
if ($query !== false) {
if (isset($roles) && $this->permissions->hasPermission("user_edit")) {
if (is_string($roles)) {
$roles = array($roles);
}
$userroles = array_keys($this->permissions->getRoles(NULL, false));
if (!empty($roles)) {
$this->permissions->roleToUser($roles, $user->id);
}
$remove = array_diff($userroles, $roles);
$this->permissions->roleAwayUser($remove, $user->id);
}
return true;
}
return false;
}
public static function findById($id) {
return self::find(array(
'where' => 'error404s.id=' . Record::escape((int)$id),
'limit' => 1
));
} //*/
private function __storetags($tags,$download_id=null) {
// if download_id is provided clear out old tags
if (!is_null($download_id)) Record::deleteWhere('DownloadTagConnection','download_id='.Record::escape((int)$download_id));
// check to make sure there are some tags
if (empty($tags)) return true;
// take either an array or comma separated list of tags
if (!is_array($tags)) $tags = explode(',',$tags);
$tags = preg_replace('/[^a-z0-9 _,-]/','',$tags);
// find or create tag and connect to download
foreach ($tags as $tagname) {
$tagname = trim(strtolower($tagname));
// check for minimum tag length; must be at least three characters
if (strlen($tagname) >= 3) {
if (!$tag = DownloadTag::findByName($tagname)) {
$tag = new DownloadTag(array('name'=>$tagname));
$tag->save();
}
if (!is_null($download_id)) {
$connection = new DownloadTagConnection(array(
'download_id'=>(int)$download_id,
'tag_id'=>$tag->id
));
$connection->save();
}
}
}
return true;
}//*/
function downloadSearch($terms,$limit=10,$offset=0,$order='name',$expired=false,$inactive=false) {
$where = '1';
// show expired downloads?
if ($expired === false) $where .= " AND ( `downloads`.`expires` > NOW() || `downloads`.`expires` IS NULL )";
// show inactive downloads?
if ($inactive === false) $where .= " AND `downloads`.`active` = '1'";
$order = strtolower($order);
$order = in_array($order,explode(',','id,name,filename,active,downloads,expires,created,updated')) && !empty($order) ? $order : 'name' ;
$order = $order == 'downloads' ? 'downloads.'.$order.' DESC' : 'downloads.'.$order.' ASC';
if (! empty($terms)) {
$querys = preg_replace('/[^a-z0-9 %]/i',' ',$terms);
$querys = strstr($querys,' ') !== false ? explode(' ',$querys) : array($querys);
$querys = preg_replace(array('/ing$/i','/ed$/i','/s$/i'),'',$querys);
foreach ($querys as $query) {
if (strstr($query,'%') === false && !empty($query)) $query = "%{$query}%";
if (!empty($query)) $where .= " AND ( downloads.name LIKE ".Record::escape($query)." OR downloads.description LIKE ".Record::escape($query)." OR downloads.keywords LIKE ".Record::escape($query)." ) ";
}
}
if (!$results = Download::findAll(array('where'=>$where,'limit'=>$limit,'offset'=>$offset,'order'=>$order))) return false;
$count = Record::countFrom('Download',$where);
return array('downloads'=>$results,'count'=>$count);
}
public static function findAllByTagName($tags=array()) {
$tags = is_array($tags) ? $tags : explode(',',$tags);
$where = '';
$count = 0;
foreach ($tags as $tag) if (! empty($tag)) {
$where .= (!empty($where) ? ',' : '') . Record::escape($tag);
$count++;
}
return self::find(array(
'where' => "downloadtags.name IN ($where)",
'order' => 'downloads.name ASC',
'group' => 'downloads.id',
'having' => "COUNT(*)>=$count"
));
} //*/
public static function findByName($name) {
return self::find(array(
'where' => 'facts.name='.Record::escape($name),
'limit' => 1
));
} //*/
public static function findByHash($hash) {
return self::find(array(
'where' => 'downloads.hash='.Record::escape($hash),
'limit' => 1
));
} //*/
