/**
* Edit an existing group.
*/
function edit_group($arguments)
{
global $database;
$this->state = array();
/** Define the group information */
$this->id = $arguments['id'];
$this->name = $arguments['name'];
$this->description = $arguments['description'];
$this->members = $arguments['members'];
$this->timestamp = time();
/** Who is adding the members to the group? */
$this->this_admin = get_current_user_username();
/** SQL query */
$this->edit_group_query = "UPDATE tbl_groups SET name = '{$this->name}', description = '{$this->description}' WHERE id = {$this->id}";
$this->sql_query = $database->query($this->edit_group_query);
/** Clean the memmbers table */
$this->sql_clean = $database->query("DELETE FROM tbl_members WHERE group_id = '{$this->id}'");
/** Create the members records */
if (!empty($this->members)) {
foreach ($this->members as $this->member) {
$this->sql_member = $database->query("INSERT INTO tbl_members (added_by,client_id,group_id)" . "VALUES ('{$this->this_admin}', '{$this->member}', '{$this->id}' )");
}
}
if ($this->sql_query) {
$this->state['query'] = 1;
} else {
$this->state['query'] = 0;
}
return $this->state;
}
if (isset($_POST['users_actions'])) {
/** Continue only if 1 or more users were selected. */
if (!empty($_POST['users'])) {
$selected_users = $_POST['users'];
$users_to_get = implode(',', array_map('intval', array_unique($selected_users)));
/**
* Make a list of users to avoid individual queries.
*/
$sql_user = $dbh->prepare("SELECT id, name FROM " . TABLE_USERS . " WHERE FIND_IN_SET(id, :users)");
$sql_user->bindParam(':users', $users_to_get);
$sql_user->execute();
$sql_user->setFetchMode(PDO::FETCH_ASSOC);
while ($data_user = $sql_user->fetch()) {
$all_users[$data_user['id']] = $data_user['name'];
}
$my_info = get_user_by_username(get_current_user_username());
$affected_users = 0;
switch ($_POST['users_actions']) {
case 'activate':
/**
* Changes the value on the "active" column value on the database.
* Inactive users are not allowed to log in.
*/
foreach ($selected_users as $work_user) {
$this_user = new UserActions();
$hide_user = $this_user->change_user_active_status($work_user, '1');
}
$msg = __('The selected users were marked as active.', 'cftp_admin');
echo system_message('ok', $msg);
$log_action_number = 27;
break;
$allowed_levels = array(9, 8, 7, 0);
require_once 'sys.includes.php';
require_once 'header.php';
$zip_file = tempnam("tmp", "zip");
$zip = new ZipArchive();
$zip->open($zip_file, ZipArchive::OVERWRITE);
$files_to_zip = explode(',', $_GET['file']);
foreach ($files_to_zip as $idx => $file) {
$file = UPLOADED_FILES_FOLDER . $file;
if (!(realpath($file) && substr(realpath($file), 0, strlen(UPLOADED_FILES_FOLDER))) === UPLOADED_FILES_FOLDER) {
unset($files_to_zip[$idx]);
}
}
$added_files = 0;
$current_level = get_current_user_level();
$current_username = get_current_user_username();
/**
* Get the list of different groups the client belongs to.
*/
$statement = $dbh->prepare("SELECT DISTINCT group_id FROM " . TABLE_MEMBERS . " WHERE client_id = :client_id");
$statement->bindParam(':client_id', $global_id, PDO::PARAM_INT);
$statement->execute();
if ($statement->rowCount() > 0) {
$statement->setFetchMode(PDO::FETCH_ASSOC);
while ($row = $statement->fetch()) {
$groups_ids[] = $row["group_id"];
}
$found_groups = implode(',', $groups_ids);
}
foreach ($files_to_zip as $file_to_zip) {
/**
/**
* Create a new client.
*/
function create_client($arguments)
{
global $hasher;
global $database;
$this->state = array();
/** Define the account information */
$this->id = $arguments['id'];
$this->name = $arguments['name'];
$this->email = $arguments['email'];
$this->username = $arguments['username'];
$this->password = $arguments['password'];
//$this->password_repeat = $arguments['password_repeat'];
$this->address = $arguments['address'];
$this->phone = $arguments['phone'];
$this->contact = $arguments['contact'];
$this->notify = $arguments['notify'];
$this->active = $arguments['active'];
//$this->enc_password = md5(mysql_real_escape_string($this->password));
$this->enc_password = $hasher->HashPassword($this->password);
if (strlen($this->enc_password) >= 20) {
$this->state['hash'] = 1;
/** Who is creating the client? */
$this->this_admin = get_current_user_username();
/** Insert the client information into the database */
$this->timestamp = time();
$this->sql_query = $database->query("INSERT INTO tbl_users (name,user,password,address,phone,email,notify,contact,created_by,active)" . "VALUES ('{$this->name}', '{$this->username}', '{$this->enc_password}', '{$this->address}', '{$this->phone}', '{$this->email}', '{$this->notify}', '{$this->contact}','{$this->this_admin}', '{$this->active}')");
if ($this->sql_query) {
$this->state['actions'] = 1;
$this->state['new_id'] = mysql_insert_id();
/** Send account data by email */
$this->notify_client = new PSend_Email();
$this->email_arguments = array('type' => 'new_client', 'address' => $this->email, 'username' => $this->username, 'password' => $this->password);
$this->notify_send = $this->notify_client->psend_send_email($this->email_arguments);
if ($this->notify_send == 1) {
$this->state['email'] = 1;
} else {
$this->state['email'] = 0;
}
} else {
/** Query couldn't be executed */
$this->state['actions'] = 0;
}
} else {
$this->state['hash'] = 0;
}
return $this->state;
}
/**
* Create a new client.
*/
function create_client($arguments)
{
global $hasher;
$this->state = array();
/** Define the account information */
$this->id = $arguments['id'];
$this->name = $arguments['name'];
$this->email = $arguments['email'];
$this->username = $arguments['username'];
$this->password = $arguments['password'];
//$this->password_repeat = $arguments['password_repeat'];
$this->address = $arguments['address'];
$this->phone = $arguments['phone'];
$this->contact = $arguments['contact'];
$this->notify = $arguments['notify'] == '1' ? 1 : 0;
$this->active = $arguments['active'] == '1' ? 1 : 0;
$this->enc_password = $hasher->HashPassword($this->password);
if (strlen($this->enc_password) >= 20) {
$this->state['hash'] = 1;
/** Who is creating the client? */
$this->this_admin = get_current_user_username();
/** Insert the client information into the database */
$this->timestamp = time();
$this->sql_query = $this->dbh->prepare("INSERT INTO " . TABLE_USERS . " (name,user,password,address,phone,email,notify,contact,created_by,active)" . "VALUES (:name, :username, :password, :address, :phone, :email, :notify, :contact, :admin, :active)");
$this->sql_query->bindParam(':name', $this->name);
$this->sql_query->bindParam(':username', $this->username);
$this->sql_query->bindParam(':password', $this->enc_password);
$this->sql_query->bindParam(':address', $this->address);
$this->sql_query->bindParam(':phone', $this->phone);
$this->sql_query->bindParam(':email', $this->email);
$this->sql_query->bindParam(':notify', $this->notify, PDO::PARAM_INT);
$this->sql_query->bindParam(':contact', $this->contact);
$this->sql_query->bindParam(':admin', $this->this_admin);
$this->sql_query->bindParam(':active', $this->active, PDO::PARAM_INT);
$this->sql_query->execute();
if ($this->sql_query) {
$this->state['actions'] = 1;
$this->state['new_id'] = $this->dbh->lastInsertId();
/** Send account data by email */
$this->notify_client = new PSend_Email();
$this->email_arguments = array('type' => 'new_client', 'address' => $this->email, 'username' => $this->username, 'password' => $this->password);
$this->notify_send = $this->notify_client->psend_send_email($this->email_arguments);
if ($this->notify_send == 1) {
$this->state['email'] = 1;
} else {
$this->state['email'] = 0;
}
} else {
/** Query couldn't be executed */
$this->state['actions'] = 0;
}
} else {
$this->state['hash'] = 0;
}
return $this->state;
}
/**
* Define the information about the current logged in user or client
* used on the different validations across the system.
*
* @package ProjectSend
* @subpackage Session
*/
session_start();
ob_start();
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
/**
* Global information on the current account to use accross the system.
*/
$global_user = get_current_user_username();
$global_level = get_current_user_level();
/**
* Get the user information from the database
*/
if ($global_level != 0) {
$global_account = get_user_by_username($global_user);
} else {
$global_account = get_client_by_username($global_user);
}
/**
* Automatic log out if account is deactivated while session is on.
*/
if ($global_account['active'] == '0') {
/** Prevent an infinite loop */
if (!isset($_SESSION['logout'])) {
/**
* Edit an existing group.
*/
function edit_group($arguments)
{
$this->state = array();
/** Define the group information */
$this->id = $arguments['id'];
$this->name = $arguments['name'];
$this->description = $arguments['description'];
$this->members = $arguments['members'];
$this->timestamp = time();
/** Who is adding the members to the group? */
$this->this_admin = get_current_user_username();
/** SQL query */
$this->sql_query = $this->dbh->prepare("UPDATE " . TABLE_GROUPS . " SET name = :name, description = :description WHERE id = :id");
$this->sql_query->bindParam(':name', $this->name);
$this->sql_query->bindParam(':description', $this->description);
$this->sql_query->bindParam(':id', $this->id, PDO::PARAM_INT);
$this->sql_query->execute();
/** Clean the memmbers table */
$this->sql_clean = $this->dbh->prepare("DELETE FROM " . TABLE_MEMBERS . " WHERE group_id = :id");
$this->sql_clean->bindParam(':id', $this->id, PDO::PARAM_INT);
$this->sql_clean->execute();
/** Create the members records */
if (!empty($this->members)) {
foreach ($this->members as $this->member) {
$this->sql_member = $this->dbh->prepare("INSERT INTO " . TABLE_MEMBERS . " (added_by,client_id,group_id)" . " VALUES (:admin, :member, :id)");
$this->sql_member->bindParam(':admin', $this->this_admin);
$this->sql_member->bindParam(':member', $this->member, PDO::PARAM_INT);
$this->sql_member->bindParam(':id', $this->id, PDO::PARAM_INT);
$this->sql_member->execute();
}
}
if ($this->sql_query) {
$this->state['query'] = 1;
} else {
$this->state['query'] = 0;
}
return $this->state;
}
function download_file()
{
$this->check_level = array(9, 8, 7, 0);
if (isset($_GET['id']) && isset($_GET['client'])) {
/** Do a permissions check for logged in user */
if (isset($this->check_level) && in_session_or_cookies($this->check_level)) {
/**
* Get the file name
*/
$this->get_file_uri_sql = 'SELECT url, expires, expiry_date FROM tbl_files WHERE id="' . (int) $_GET['id'] . '"';
$this->get_file_uri = $this->database->query($this->get_file_uri_sql);
$this->got_url = mysql_fetch_array($this->get_file_uri);
$this->real_file_url = $this->got_url['url'];
$this->expires = $this->got_url['expires'];
$this->expiry_date = $this->got_url['expiry_date'];
$this->expired = false;
if ($this->expires == '1' && time() > strtotime($this->expiry_date)) {
$this->expired = true;
}
$this->can_download = false;
if (CURRENT_USER_LEVEL == 0) {
if ($this->expires == '0' || $this->expired == false) {
/**
* Does the client have permission to download the file?
* First, get the list of different groups the client belongs to.
*/
$sql_groups = $this->database->query("SELECT DISTINCT group_id FROM tbl_members WHERE client_id='" . CURRENT_USER_ID . "'");
$count_groups = mysql_num_rows($sql_groups);
if ($count_groups > 0) {
while ($row_groups = mysql_fetch_array($sql_groups)) {
$groups_ids[] = $row_groups["group_id"];
}
$found_groups = implode(',', $groups_ids);
}
/** Then, check on the client's own or gruops files */
$files_own_query = 'SELECT * FROM tbl_files_relations WHERE (client_id="' . CURRENT_USER_ID . '"';
if (!empty($found_groups)) {
$files_own_query .= ' OR group_id IN ("' . $found_groups . '")';
}
$files_own_query .= ') AND file_id="' . (int) $_GET['id'] . '" AND hidden = "0"';
$files_own = $this->database->query($files_own_query);
$count_files = mysql_num_rows($files_own);
if ($count_files > 0) {
$this->can_download = true;
}
/** Continue */
if ($this->can_download == true) {
/**
* If the file is being downloaded by a client, add +1 to
* the download count
*/
$this->add_download_sql = 'INSERT INTO tbl_downloads (user_id , file_id) VALUES ("' . CURRENT_USER_ID . '", "' . (int) $_GET['id'] . '")';
$this->sql = $this->database->query($this->add_download_sql);
/**
* The owner ID is generated here to prevent false results
* from a modified GET url.
*/
$log_action = 8;
$log_action_owner_id = CURRENT_USER_ID;
}
}
} else {
$this->can_download = true;
$log_action = 7;
$global_user = get_current_user_username();
$global_id = get_logged_account_id($global_user);
$log_action_owner_id = $global_id;
}
if ($this->can_download == true) {
/** Record the action log */
$new_log_action = new LogActions();
$log_action_args = array('action' => $log_action, 'owner_id' => $log_action_owner_id, 'affected_file' => (int) $_GET['id'], 'affected_file_name' => $this->real_file_url, 'affected_account' => (int) $_GET['client_id'], 'affected_account_name' => mysql_real_escape_string($_GET['client']), 'get_user_real_name' => true, 'get_file_real_name' => true);
$new_record_action = $new_log_action->log_action_save($log_action_args);
$this->real_file = UPLOADED_FILES_FOLDER . $this->real_file_url;
if (file_exists($this->real_file)) {
while (ob_get_level()) {
ob_end_clean();
}
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename=' . basename($this->real_file));
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Cache-Control: private', false);
header('Content-Length: ' . get_real_size($this->real_file));
header('Connection: close');
readfile($this->real_file);
exit;
} else {
header("HTTP/1.1 404 Not Found");
exit;
}
}
}
}
}
function download_file()
{
$this->check_level = array(9, 8, 7, 0);
if (isset($_GET['id']) && isset($_GET['client'])) {
/** Do a permissions check for logged in user */
if (isset($this->check_level) && in_session_or_cookies($this->check_level)) {
/**
* Get the file name
*/
$this->statement = $this->dbh->prepare("SELECT url, expires, expiry_date FROM " . TABLE_FILES . " WHERE id=:id");
$this->statement->bindParam(':id', $_GET['id'], PDO::PARAM_INT);
$this->statement->execute();
$this->statement->setFetchMode(PDO::FETCH_ASSOC);
$this->row = $this->statement->fetch();
$this->real_file_url = $this->row['url'];
$this->expires = $this->row['expires'];
$this->expiry_date = $this->row['expiry_date'];
$this->expired = false;
if ($this->expires == '1' && time() > strtotime($this->expiry_date)) {
$this->expired = true;
}
$this->can_download = false;
if (CURRENT_USER_LEVEL == 0) {
if ($this->expires == '0' || $this->expired == false) {
/**
* Does the client have permission to download the file?
* First, get the list of different groups the client belongs to.
*/
$this->groups = $this->dbh->prepare("SELECT DISTINCT group_id FROM " . TABLE_MEMBERS . " WHERE client_id=:id");
$this->groups->bindValue(':id', CURRENT_USER_ID, PDO::PARAM_INT);
$this->groups->execute();
if ($this->groups->rowCount() > 0) {
$this->groups->setFetchMode(PDO::FETCH_ASSOC);
while ($this->row_groups = $this->groups->fetch()) {
$this->groups_ids[] = $this->row_groups["group_id"];
}
if (!empty($this->groups_ids)) {
$this->found_groups = implode(',', $this->groups_ids);
}
}
$this->params = array(':client_id' => CURRENT_USER_ID);
$this->fq = "SELECT * FROM " . TABLE_FILES_RELATIONS . " WHERE (client_id=:client_id";
// Add found groups, if any
if (!empty($this->found_groups)) {
$this->fq .= ' OR FIND_IN_SET(group_id, :groups)';
$this->params[':groups'] = $this->found_groups;
}
// Continue assembling the query
$this->fq .= ') AND file_id=:file_id AND hidden = "0"';
$this->params[':file_id'] = (int) $_GET['id'];
$this->files = $this->dbh->prepare($this->fq);
$this->files->execute($this->params);
if ($this->files->rowCount() > 0) {
$this->can_download = true;
}
/** Continue */
if ($this->can_download == true) {
/**
* If the file is being downloaded by a client, add +1 to
* the download count
*/
$this->statement = $this->dbh->prepare("INSERT INTO " . TABLE_DOWNLOADS . " (user_id , file_id) VALUES (:user_id, :file_id)");
$this->statement->bindValue(':user_id', CURRENT_USER_ID, PDO::PARAM_INT);
$this->statement->bindParam(':file_id', $_GET['id'], PDO::PARAM_INT);
$this->statement->execute();
/**
* The owner ID is generated here to prevent false results
* from a modified GET url.
*/
$log_action = 8;
$log_action_owner_id = CURRENT_USER_ID;
}
}
} else {
$this->can_download = true;
$log_action = 7;
$global_user = get_current_user_username();
$global_id = get_logged_account_id($global_user);
$log_action_owner_id = $global_id;
}
if ($this->can_download == true) {
/** Record the action log */
$new_log_action = new LogActions();
$log_action_args = array('action' => $log_action, 'owner_id' => $log_action_owner_id, 'affected_file' => (int) $_GET['id'], 'affected_file_name' => $this->real_file_url, 'affected_account' => (int) $_GET['client_id'], 'affected_account_name' => $_GET['client'], 'get_user_real_name' => true, 'get_file_real_name' => true);
$new_record_action = $new_log_action->log_action_save($log_action_args);
$this->real_file = UPLOADED_FILES_FOLDER . $this->real_file_url;
if (file_exists($this->real_file)) {
while (ob_get_level()) {
ob_end_clean();
}
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename=' . basename($this->real_file));
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Cache-Control: private', false);
header('Content-Length: ' . get_real_size($this->real_file));
header('Connection: close');
readfile($this->real_file);
exit;
} else {
header("HTTP/1.1 404 Not Found");
exit;
}
}
}
}
}