function GetPath($path)
{
$fullPath = system\Helper::arcGetPath(true) . "assets/" . $path . "/";
$webPath = system\Helper::arcGetPath() . "assets" . $path;
$files = scandir($fullPath);
$html = "";
foreach ($files as $file) {
if ($file != "." && $file != "..") {
$html .= "<tr>" . "<td style=\"width: 10px;\"><input type=\"checkbox\" id=\"{$file}\" onchange=\"mark('{$path}/{$file}')\"><label for=\"{$file}\"></label></td>";
if (is_dir($fullPath . $file)) {
// folder
$fi = new FilesystemIterator($fullPath . $file, FilesystemIterator::SKIP_DOTS);
$html .= "<td><i class=\"fa fa-folder-o\"></i> <a class=\"clickable\" onclick=\"getFolderPath('{$path}/{$file}')\">{$file}</a></td>" . "<td style=\"width: 10px;\">folder</td>" . "<td style=\"width: 10px;\">-</td>" . "<td style=\"width: 100px;\">" . iterator_count($fi) . ngettext(" item", " items", iterator_count($fi)) . "</td>" . "<td style=\"width: 100px;\">" . date("d M Y", filectime($fullPath . $file)) . "</td>";
} else {
// get file type
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$filetype = finfo_file($finfo, $fullPath . $file);
finfo_close($finfo);
// file
$html .= "<td><i class=\"" . GetFileTypeIcon($filetype) . "\"></i> <a class=\"clickable\" onclick=\"viewFile('{$webPath}/{$file}', '{$filetype}', '" . FileSizeConvert(filesize($fullPath . $file)) . "', '" . date("d M Y", filectime($fullPath . $file)) . "')\">{$file}<a/></td>" . "<td style=\"width: 10px;\">{$filetype}</td>" . "<td style=\"width: 10px;\"><a alt=\"Copy link to clipboard\" class=\"clickable\" onclick=\"copyToClipboard('{$webPath}/{$file}')\"><i class=\"fa fa-link\"></i></a></td>" . "<td style=\"width: 100px;\">" . FileSizeConvert(filesize($fullPath . $file)) . "</td>" . "<td style=\"width: 100px;\">" . date("d M Y", filectime($fullPath . $file)) . "</td>";
}
$html .= "</tr>";
}
}
// no files
if (count($files) == 2) {
$html .= "<tr><td colspan=\"4\" class=\"text-center\">Folder is empty.</td></tr>";
}
return $html;
}
function doLogin($user)
{
system\Helper::arcSetUser($user);
Log::createLog("success", "user", "User logged in: " . $user->email);
system\Helper::arcCheckSettingExists("ARC_LOGIN_URL", "/");
$url = SystemSetting::getByKey("ARC_LOGIN_URL");
system\Helper::arcReturnJSON(["redirect" => $url->value]);
system\Helper::arcAddMessage("success", "Login successful.");
}
public static function createLog($type, $module, $message)
{
$log = new Log();
$log->type = $type;
$log->module = $module;
$log->message = $message;
if (system\Helper::arcIsImpersonator()) {
$log->message = "Impersonated (" . system\Helper::arcGetImpersonator()->getFullname() . "): " . $log->message;
}
$log->update();
// get days
$days = SystemSetting::getByKey("ARC_KEEP_LOGS");
system\Helper::arcGetDatabase()->query("delete from arc_logs where datediff(now(), arc_logs.event) > " . $days->value);
}
if (empty($_POST["lastname"])) {
system\Helper::arcAddMessage("danger", "Lastname cannot be empty");
return;
}
$test = User::getByEmail($_POST["email"]);
if ($user->id == 0 && $test->id != 0) {
system\Helper::arcAddMessage("danger", "User already exists with this email address");
return;
}
if ($user->id == 0 && empty($_POST["password"])) {
system\Helper::arcAddMessage("danger", "New users must have a password");
return;
}
if (!empty($_POST["company"])) {
$comp = Company::getByName(ucwords($_POST["company"]));
if ($comp->id == 0) {
$comp = new Company();
$comp->name = ucwords($_POST["company"]);
$comp->update();
}
$user->addToCompany($comp->id);
}
if ($_POST["enabled"] == "true") {
$user->enabled = 1;
} else {
$user->enabled = 0;
}
$user->email = strtolower($_POST["email"]);
$user->update();
system\Helper::arcAddMessage("success", "Changes saved");
}
<?php
if (system\Helper::arcIsAjaxRequest()) {
$company = Company::getByID($_POST["id"]);
system\Helper::arcReturnJSON(["name" => $company->name]);
}
<?php
$menus = system\Helper::arcGetMenu();
$path = system\Helper::arcGetPath();
$html = "<ul class=\"sidebar-elements\"><li class=\"divider\">Menu</li>";
foreach ($menus as $grandfather => $parent) {
if (count($parent) == 1) {
// only one item in this menu.
foreach ($parent as $child => $data) {
$html .= "<li><a href=\"" . $path . $data["url"] . "\"><i class=\"{$data["icon"]}\"></i> <span>{$data["name"]}</span></a></li>";
}
} else {
// multi items in this menu.
$submenu = "";
$subicon = "";
foreach ($parent as $child => $data) {
$submenu .= "<li><a href=\"" . $path . $data["url"] . "\">";
if ($data["icon"] != "") {
$submenu .= "<i class=\"{$data["icon"]}\"></i> ";
}
$submenu .= "{$data["name"]}</a></li>";
// use the first icon we have for the parent icon.
if ($subicon == "" && $data["icon"] != "") {
$subicon = $data["icon"];
}
}
$html .= "<li class=\"parent\">" . "<a href=\"#\">";
if ($subicon != "") {
$html .= "<i class=\"{$subicon}\"></i> ";
}
$html .= "{$grandfather}</a>" . "<ul class=\"sub-menu\">{$submenu}</ul>" . "</li>";
<?php
system\Helper::arcAddFooter("js", system\Helper::arcGetModulePath() . "js/logviewer.js");
<?php
system\Helper::arcAddHeader("css", system\Helper::arcGetThemePath() . "css/smartadmin-bootstrap.min.css");
system\Helper::arcAddHeader("css", system\Helper::arcGetThemePath() . "css/smartadmin-production-plugins.min.css");
system\Helper::arcAddHeader("css", system\Helper::arcGetThemePath() . "css/smartadmin-production.min.css");
system\Helper::arcAddHeader("css", system\Helper::arcGetThemePath() . "css/smartadmin-skins.min.css");
system\Helper::arcAddHeader("css", "http://fonts.googleapis.com/css?family=Open+Sans:400italic,700italic,300,400,700");
system\Helper::arcAddHeader("css", system\Helper::arcGetThemePath() . "css/styles.css");
system\Helper::arcAddFooter("js", system\Helper::arcGetThemePath() . "js/SmartNotification.min.js");
system\Helper::arcAddFooter("js", system\Helper::arcGetThemePath() . "js/app.config.js");
system\Helper::arcAddFooter("js", system\Helper::arcGetThemePath() . "js/app.min.js");
system\Helper::arcAddFooter("js", system\Helper::arcGetThemePath() . "js/storage.js");
system\Helper::arcAddFooter("js", system\Helper::arcGetThemePath() . "js/styles.js");
}
$name = $_FILES["file"]["name"];
$ext = end(explode(".", $name));
# extra () to prevent notice
$filename = uniqid() . "." . $ext;
$path = system\Helper::arcGetPath(true) . "assets/profile";
$destination = $path . "/" . $filename;
if (!file_exists($path)) {
mkdir($path);
}
Log::createLog("info", "user", "Destination: '" . $destination . "'");
$location = $_FILES["file"]["tmp_name"];
$size = filesize($location);
if ($size == 0) {
system\Helper::arcAddMessage("danger", "Invalid file uploaded");
Log::createLog("danger", "user", "Invalid file size.");
return;
}
move_uploaded_file($location, $destination);
$profileImage = SystemSetting::getByKey("ARC_USER_IMAGE", system\Helper::arcGetUser()->id);
$profileImage->userid = system\Helper::arcGetUser()->id;
$profileImage->value = $filename;
$profileImage->update();
system\Helper::arcAddMessage("success", "File uploaded");
Log::createLog("success", "user", "Upload complete.");
} else {
Log::createLog("danger", "user", "Upload error " . $_FILES['file']['error']);
system\Helper::arcAddMessage("danger", "Error occured while uploading file");
}
}
}
<?php
system\Helper::arcAddFooter("js", system\Helper::arcGetModulePath() . "js/mediamanager.js");
/**
*
* @param int $id Removes a database row based on the ID
*/
public function delete($id)
{
system\Helper::arcGetDatabase()->delete($this->table, ['id' => $id]);
}
<?php
if (system\Helper::arcIsAjaxRequest()) {
$company = Company::getByID($_POST["id"]);
$company->name = ucwords(strtolower($_POST["name"]));
if (empty($_POST["name"])) {
system\Helper::arcAddMessage("danger", "Company name cannot be empty");
return;
}
$test = Company::getByName($_POST["name"]);
if ($test->id != $company->id && $test->id != 0) {
system\Helper::arcAddMessage("danger", "Company with this name already exists");
return;
}
$company->update();
system\Helper::arcAddMessage("success", "Company saved");
}
<?php
if (system\Helper::arcIsAjaxRequest()) {
$group = UserGroup::getByID($_POST["id"]);
system\Helper::arcReturnJSON(["name" => $group->name, "description" => $group->description]);
}
<?php
system\Helper::arcAddFooter("js", system\Helper::arcGetModulePath() . "js/pagemanager.js");
//summernote
system\Helper::arcAddFooter("js", system\Helper::arcGetPath() . "js/codemirror/codemirror.js");
system\Helper::arcAddFooter("js", system\Helper::arcGetPath() . "js/codemirror/xml.js");
system\Helper::arcAddFooter("js", system\Helper::arcGetPath() . "js/summernote.min.js");
system\Helper::arcAddHeader("css", system\Helper::arcGetPath() . "css/codemirror/codemirror.css");
system\Helper::arcAddHeader("css", system\Helper::arcGetPath() . "css/codemirror/monokai.css");
system\Helper::arcAddHeader("css", system\Helper::arcGetPath() . "css/summernote.css");
// trim / from start
$page->seourl = ltrim($page->seourl, "/");
if (empty($page->seourl)) {
system\Helper::arcAddMessage("danger", "SEO url is a required field");
system\Helper::arcReturnJSON(["status" => "failed"]);
return;
}
$page->metadescription = $_POST["metadescription"];
$page->metakeywords = $_POST["metakeywords"];
$page->sortorder = $_POST["sortorder"];
$page->iconclass = $_POST["iconclass"];
$page->title = $_POST["title"];
if ($page->title == "") {
system\Helper::arcAddMessage("danger", "Page must have a title");
system\Helper::arcReturnJSON(["status" => "failed"]);
return;
}
$page->showtitle = $_POST["showtitle"];
$page->hideonlogin = $_POST["hidelogin"];
$page->hidefrommenu = $_POST["hidemenu"];
$page->theme = $_POST["theme"];
$seo = Page::getBySEOURL($_POST["seourl"]);
if ($seo->id != 0 && $seo->id != $page->id) {
system\Helper::arcAddMessage("danger", "Duplicate SEO Url found, please choose another");
system\Helper::arcReturnJSON(["status" => "failed"]);
return;
}
$page->update();
system\Helper::arcAddMessage("success", "Page saved");
system\Helper::arcReturnJSON(["status" => "success"]);
}
<?php
if (system\Helper::arcIsAjaxRequest()) {
$user = User::getByID($_POST["userid"]);
if ($user->id == 0) {
system\Helper::arcAddMessage("danger", "User must be saved before group can be modified.");
return;
}
if (empty($_POST["company"])) {
system\Helper::arcAddMessage("danger", "Invalid company");
return;
}
$user->addToCompany($_POST["company"]);
system\Helper::arcAddMessage("success", "User associated with company");
}
<?php
if (system\Helper::arcIsAjaxRequest()) {
$users = User::getAllUsers();
$table = "<table class=\"table table-hover table-condensed\">";
$table .= "<thead><tr><th>Name</th><th>Status</th><th>Email</th><th>Auth</th><th></th></tr></thead><tbody>";
foreach ($users as $user) {
$table .= "<tr><td>" . $user->getFullname() . "</td><td>";
if ($user->enabled == true) {
$table .= "<div class=\"label label-success\"><i class=\"fa fa-check\"></i> Enabled</div>";
} else {
$table .= "<div class=\"label label-danger\"><i class=\"fa fa-remove\"></i> Disabled</div>";
}
$table .= "</td><td>" . $user->email . "</td>" . "<td>";
$ad = SystemSetting::getByKey("ARC_USER_AD", $user->id);
if ($ad->id == 0) {
$table .= "<i class=\"fa fa-user\"></i> Local";
} else {
$table .= "<i class=\"fa fa-cloud-download\"></i> LDAP";
}
$table .= "</td>" . "<td class=\"text-right\">" . "<div class=\"btn-group\" role=\"group\">" . "<a class=\"btn btn-primary btn-xs\" onclick=\"impersonateUser(" . $user->id . ")\"><i class=\"fa fa-user-secret\"></i> Impersonate</a>" . "<a class=\"btn btn-success btn-xs\" onclick=\"editUser(" . $user->id . ")\"><i class=\"fa fa-pencil\"></i> Edit</a>" . "<a class=\"btn btn-danger btn-xs\" onclick=\"removeUser(" . $user->id . ")\"><i class=\"fa fa-remove\"></i> Remove</a>" . "</div>" . "</td></tr>";
}
$table .= "</tbody></table>";
system\Helper::arcReturnJSON(["html" => $table]);
}
<?php
if (system\Helper::arcIsAjaxRequest()) {
$user = system\Helper::arcGetUser();
// password settings
if (!empty($_POST["password"])) {
if (strlen($_POST["password"]) > 0 && $_POST["password"] == $_POST["password2"]) {
$user->setPassword($_POST['password']);
} else {
system\Helper::arcAddMessage("danger", "Password and retyped password do not match");
return;
}
}
$user->firstname = ucfirst(strtolower($_POST["firstname"]));
$user->lastname = ucfirst(strtolower($_POST["lastname"]));
$user->update();
system\Helper::arcSetUser($user);
system\Helper::arcAddMessage("success", "Changes saved");
} else {
system\Helper::arcAddFooter("js", system\Helper::arcGetModulePath() . "js/userdetails.js");
}
?>
</div>
</fieldset>
</div>
</div>
<div class="text-right">
<a id="btnSaveSettings" class="btn btn-primary"><i class="fa fa-save"></i> Save</a>
</div>
<div class="modal fade" id="mediaManager" tabindex="-1" role="dialog">
<div class="modal-dialog modal-lg">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">×</span></button>
<h4 class="modal-title">Media Manager</h4>
</div>
<div class="modal-body">
<iframe style="width: 100%; height: 500px; border: 0;" src="<?php
echo system\Helper::arcGetPath() . $media->value;
?>
"></iframe>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal" onclick="$('#contentViewer').html('');">Close</button>
</div>
</div><!-- /.modal-content -->
</div><!-- /.modal-dialog -->
</div><!-- /.modal -->
<?php
$user = system\Helper::arcGetUser();
$profileImage = SystemSetting::getByKey("ARC_USER_IMAGE", $user->id);
$image = "<i class=\"fa fa-user fa-5x\"></i>";
if (!empty($profileImage->value)) {
$image = "<img class=\"img-responsive img-thumbnail\" src=\"" . system\Helper::arcGetPath() . "assets/profile/" . $profileImage->value . "\" />";
}
$company = SystemSetting::getByKey("ARC_REQUIRECOMPANY");
?>
<div class="panel panel-default">
<div class="panel-body">
<div class="row">
<div class="col-md-8">
<form id="detailsForm">
<div class="form-group">
<label for="firstname">Firstname</label>
<input type="firstname" class="form-control" name="firstname" maxlength="50" placeholder="Firstname" value="<?php
echo $user->firstname;
?>
">
</div>
<div class="form-group">
<label for="lastname">Lastname</label>
<input type="lastname" class="form-control" name="lastname" maxlength="50" placeholder="Lastname" value="<?php
echo $user->lastname;
?>
">
</div>
<?php
<?php
if (system\Helper::arcIsAjaxRequest()) {
$folder = strtolower($_POST["name"]);
$destination = system\Helper::arcGetPath(true) . "assets" . $_POST["path"];
if (substr($destination, -1) != "/") {
$destination .= "/";
}
$destination .= $folder;
if (!file_exists($destination)) {
mkdir($destination);
}
system\Helper::arcAddMessage("success", "Folder Created");
}
<?php
system\Helper::arcAddFooter("js", system\Helper::arcGetModulePath() . "js/pagepermissions.js");
<?php
if (system\Helper::arcIsAjaxRequest()) {
$user = User::getByID($_POST["id"]);
$data = "";
foreach ($user->getGroups() as $group) {
$data .= "<li class=\"list-group-item\"><a class=\"btn btn-danger btn-xs\" onclick=\"removeFromGroupBtn('{$group->name}')\"><i class=\"fa fa-close\"></i></a> {$group->name}</li>";
}
$companies = $user->getCompanies();
$company = "";
foreach ($companies as $comp) {
$company .= "<li class=\"list-group-item\"><a class=\"btn btn-danger btn-xs\" onclick=\"removeCompanyUser({$comp->id})\"><i class=\"fa fa-close\"></i></a> {$comp->name}</li>";
}
system\Helper::arcReturnJSON(["firstname" => $user->firstname, "lastname" => $user->lastname, "email" => $user->email, "group" => $data, "enabled" => boolval($user->enabled), "company" => $company]);
}
<?php
if (system\Helper::arcIsAjaxRequest()) {
$user = User::getByEmail($_POST["emailf"]);
// valid user
if ($user->id > 0) {
$password = md5(uniqid($user->email, true));
$user->setPassword($password);
$user->update();
$messageS = SystemSetting::getByKey("ARC_PASSWORD_RESET_MESSAGE");
$message = html_entity_decode($messageS->value);
$message = str_replace("{password}", $password, $message);
$mail = new Mail();
$mail->Send($user->email, "Password Reset Request", $message, true);
system\Helper::arcAddMessage("success", "Password reset, please check your email.");
Log::createLog("warning", "user", "Password reset request '" . $_POST["emailf"] . "'.");
} else {
system\Helper::arcAddMessage("danger", "Email address is not registered");
Log::createLog("danger", "user", "Request to reset unknown email address '" . $_POST["emailf"] . "'.");
}
}
<?php
if (system\Helper::arcIsAjaxRequest() == true) {
$permission = UserPermission::getByID($_POST["id"]);
$data = "<div class=\"form-group\"><label for=\"module\">Module</label>" . "<select id=\"module\" class=\"form-control\">";
$pages = Page::getAllPages();
foreach ($pages as $page) {
$data .= "<option value=\"" . $page->seourl . "\"";
if ($page->seourl == $permission->permission) {
$data .= " selected";
}
$data .= ">" . $page->seourl . "</option>";
}
$data .= "</select></div>";
system\Helper::arcReturnJSON(["data" => $data]);
}
<?php
system\Helper::arcAddFooter("js", system\Helper::arcGetThemePath() . "js/error.js");
<?php
switch (system\Helper::arcGetPostData("error")) {
case "404":
echo "The resource you're looking for cannot be found.<br />\n <br />Request URL:" . system\Helper::arcGetPostData("path");
break;
case "403":
echo "You do not have permission to access this resource.";
break;
case "401":
echo "Your session has expired. Please login and try again.";
break;
case "419":
echo "Your authentication has expired. Please <a href=\"" . system\Helper::arcGetPath() . "login" . "\">login</a>.";
break;
default:
echo "Unhandled error occured: " . system\Helper::arcGetPostData("error");
break;
}
?>
</div>
<div class="error-goback-text">Would you like to go home?</div>
<div class="error-goback-button"><a id="btnHome" class="btn btn-xl btn-primary">Let's go home</a></div>
<div class="footer">{{arc:sitetitle}}</div>
</div>
</div>
/**
*
* @param string $from Sender, left null to use system setting.
* @param string/array $to To, format as 'Firstname Lastname' <*****@*****.**> or email address only.
* @param string/array $cc CC, format as 'Firstname Lastname' <*****@*****.**> or email address only.
* @param string $subject String message subject.
* @param string $message Message body, html or plain text.
* @param boolean $html True for html body, false for plain.
* @return boolean True/False depending is the operation was completed.
*/
public function Send($to = array(), $subject, $message, $html = true, $from = null, $cc = array())
{
if ($html == true) {
$theme = SystemSetting::getByKey("ARC_THEME");
if (file_exists(system\Helper::arcGetPath(true) . "themes/" . $theme->value . "/email.php")) {
$content = file_get_contents(system\Helper::arcGetPath(true) . "themes/" . $theme->value . "/email.php");
$message = system\Helper::arcParseEmail($content, $message);
}
}
Log::createLog("info", "arcmail", "Send email request, mode: " . $this->mode);
// Set from details
if ($from == null) {
$from = $this->data["sender"];
}
// Build to list
if (!is_array($to)) {
$list = array();
$list[] = $to;
$to = $list;
}
// Build to list
if (!is_array($cc)) {
$list = array();
$list[] = $cc;
$cc = $list;
}
// Build Mail Header
$headers = "MIME-Version: 1.0\r\n";
if ($html == true) {
// Html content
$headers .= "Content-Type: text/html; charset=iso-8859-1\r\n";
} else {
// Plain test
$headers .= "Content-Type: text/plain;\r\n";
}
Log::createLog("info", "arcmail", "Mail headers built");
switch ($this->mode) {
case "MAIL":
// Add from header
$headers .= "From: " . $from . "\r\n";
// Build recipients list
$toList = "";
foreach ($to as $recipient) {
$toList .= $recipient . ", ";
}
$toList = substr($toList, 0, -2);
Log::createLog("success", "arcmail", "PHP mail created.");
// Send mail
mail($toList, $subject, $message, $headers);
Log::createLog("success", "arcmail", "PHP mail sent.");
break;
case "SMTP":
include system\Helper::arcGetPath(true) . "app/classes/PHPMailer/PHPMailerAutoload.php";
$mail = new PHPMailer();
$mail->isSMTP();
$mail->Host = $this->data["server"];
if (empty($this->data["username"]) && empty($this->data["password"])) {
$mail->SMTPAuth = false;
} else {
$mail->SMTPAuth = true;
$mail->Username = $this->data["username"];
$smtp_password = system\Helper::arcDecrypt($this->data["password"]);
$mail->Password = $smtp_password;
}
$mail->setFrom($from);
foreach ($to as $email) {
$mail->addAddress($email);
}
foreach ($cc as $email) {
$mail->addCC($email);
}
$mail->isHTML($html);
$mail->Subject = $subject;
$mail->Body = $message;
if (!$mail->send()) {
Log::createLog("danger", "arcmail", "SMTP: " . $mail->ErrorInfo);
} else {
Log::createLog("success", "arcmail", "SMTP: Message sent");
}
break;
}
}
<?php
if (system\Helper::arcIsAjaxRequest()) {
$apikey = SystemSetting::getByKey("APIKEY", $_POST["userid"]);
$apikey->delete($apikey->id);
//system\Helper::arcAddMessage("success", "User API key removed");
}
<?php
system\Helper::arcAddHeader("css", system\Helper::arcGetThemePath() . "css/style.css");
system\Helper::arcAddHeader("css", system\Helper::arcGetThemePath() . "css/green.css");
system\Helper::arcAddHeader("css", system\Helper::arcGetThemePath() . "css/sweet-alert.css");
system\Helper::arcAddHeader("favicon", system\Helper::arcGetThemePath() . "images/logo-48x48.png");
system\Helper::arcAddFooter("js", system\Helper::arcGetThemePath() . "js/main.js");
system\Helper::arcAddFooter("js", system\Helper::arcGetThemePath() . "js/sweet-alert.min.js");