public function onLoad($param) { parent::onLoad($param); $userid = $this->User->getId(); if ($this->User->IsAdmin()) { $results = $this->Module->Database->Execute("SELECT * FROM repositories ORDER BY name"); } else { $results = $this->Module->Database->Execute("SELECT * FROM repositories WHERE ownerid=" . makeSqlString($userid)); } if ($results) { $data = array(); while (!$results->EOF) { $fields = $results->fields; $owner = $this->Module->getUserName($fields['ownerid']); $repoID = $fields['id']; $descrResults = $this->Module->Database->Execute("SELECT * FROM repo_descriptions WHERE repo_id=" . makeSqlString($repoID)); $descrFields = $descrResults->fields; if ($descrFields['id']) { $description = wordwrap(htmlspecialchars($descrFields['description']), 40, "<br />\n"); $description = $descrFields['description']; } else { $description = "No description for " . $fields['name'] . " repository"; } $data[] = array('id' => $fields['id'], 'repositoryname' => $fields['name'], 'owner' => $owner, 'description' => $description); $results->MoveNext(); $this->RepositoryTable->setDataSource($data); } $results->Close(); } $this->dataBind(); }
public function onInit($param) { parent::onInit($param); $userid = $_GET['UserID']; if (!$this->User->isAdmin() && $userid != $this->User->getId()) { echo "Not enough rights to change this user!"; exit(-1); } $results = $this->Module->Database->Execute("SELECT * FROM users WHERE id=" . makeSqlString($userid)); $fields = $results->fields; $user = array('id' => $fields['id'], 'name' => $fields['name'], 'email' => $fields['email'], 'admin' => $fields['admin'], 'grants' => $fields['repositorygrants']); $this->setSelectedUser($user); $this->UserID->setText($fields['id']); $this->UserName->setText($fields['name']); $this->Email->setText($fields['email']); if ($fields['admin'] == 255) { $this->Admin->setChecked(true); } else { $this->Admin->setChecked(false); } $this->Grants->setText($fields['repositorygrants']); if (!$this->User->isAdmin()) { $this->Grants->setEnabled(false); $this->Admin->setEnabled(false); } else { $this->Grants->setEnabled(true); $this->Admin->setEnabled(true); } }
public function createFromDatabase() { require "config.php"; if (!isset($svnserve_user_file)) { return; } $filename = $svnserve_user_file; $accessfile = "## This SVNServe user file generated by SVNManager\n[users]\n"; $accessfile .= "\n"; $userresults = $this->database->Execute("SELECT * FROM users ORDER BY name"); while (!$userresults->EOF) { $id = $userresults->fields['id']; $password = $this->database->Execute("SELECT * FROM svnserve_pwd WHERE ownerid=" . makeSqlString($id)); if ($password->RecordCount() > 0) { $accessfile .= $userresults->fields['name'] . " = " . str_rot13($password->fields['password']) . "\n"; } $userresults->MoveNext(); } $userresults->Close(); if (!($handle = fopen($filename, 'w'))) { echo "Cannot open file ({$filename})"; exit; } if (fwrite($handle, $accessfile) === FALSE) { echo "Cannot write to file ({$filename})"; exit; } fclose($handle); }
function OnInit($param) { parent::onInit($param); include "config.php"; $repositoryid = $_GET['RepositoryID']; $results = $this->Module->Database->Execute("SELECT * FROM repositories WHERE id=" . makeSqlString($repositoryid)); $fields = $results->fields; $ownerid = $fields['ownerid']; $name = $fields['name']; if (!$this->User->isAdmin() && $this->User->getId() != $ownerid) { echo "Not enough rights to change this repository!"; exit(-1); } $filename = $name . ".dump"; if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/MSIE/", $_SERVER['HTTP_USER_AGENT'])) { // IE Bug in download name workaround error_log("ini_set"); ini_set('zlib.output_compression', 'Off'); } header('Cache-Control:'); header('Pragma:'); header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename=\"{$filename}\""); header("Content-Transfer-Encoding: binary"); passthru($svnadmin_cmd . " dump " . $svn_repos_loc . DIRECTORY_SEPARATOR . $name); exit(0); //$this->Application->transfer('Repository:AdminPage'); }
function OnInit($param) { parent::onInit($param); include "config.php"; $repositoryid = $_GET['RepositoryID']; $results = $this->Module->Database->Execute("SELECT * FROM repositories WHERE id=" . makeSqlString($repositoryid)); $fields = $results->fields; $ownerid = $fields['ownerid']; $name = $fields['name']; if (!$this->User->isAdmin() && $this->User->getId() != $ownerid) { echo "Not enough rights to change this repository!"; exit(-1); } $servername = $_SERVER['SERVER_NAME']; $page = $_SERVER['PHP_SELF']; $port = $_SERVER['SERVER_PORT']; if ($port == '443') { $prot = "https"; } else { $prot = "http"; if ($port != '80') { $servername .= ":{$port}"; } } $url = $prot . "://{$servername}{$page}?page=Repository:DumpOutputPage&RepositoryID={$repositoryid}"; $this->StartLink->setNavigateUrl("{$url}"); header("Refresh: 3; URL={$url}"); }
public function onSelectRepository($sender, $param) { $name = $param->parameter; $userID = $this->User->getId(); $s_name = makeSqlString($name); $s_userID = makeSqlString($userID); //Add repository into database $result = $this->Module->Database->Execute("INSERT INTO repositories (id, name, ownerid) VALUES (null, {$s_name}, {$s_userID})"); //Rebuild accessfile $this->Module->rebuildAccessFile(); $this->ImportPanel->setVisible(false); $this->RepoImportedPanel->setVisible(true); }
protected function getGroupMemebersData($groupid) { $userid = $this->Module->Database->Execute("SELECT * FROM usersgroups WHERE groupid=" . makeSqlString($groupid)); if ($userid) { $data = array(); while (!$userid->EOF) { $data[] = array('emailaddress' => $this->getUserEmail($userid->fields['userid'])); $userid->MoveNext(); } $userid->Close(); return $data; } }
public function isValidName($sender, $param) { $group = $this->getSelectedGroup(); $name = $this->Name->getText(); $param->isValid = false; if ($name == $group['name']) { $param->isValid = true; } else { $results = $this->Module->Database->Execute("SELECT * FROM groups WHERE name=" . makeSqlString($name)); if ($results->RecordCount() == 0) { $param->isValid = true; } } return; }
public function onSelectRepository($sender, $param) { $repositoryid = $param->parameter; //$this->Application->transfer('Repository:EditPage', array('RepositoryID' => $id)); include "config.php"; $results = $this->Module->Database->Execute("SELECT * FROM repositories WHERE id=" . makeSqlString($repositoryid)); $fields = $results->fields; $ownerid = $fields['ownerid']; $name = $fields['name']; if (!$this->User->isAdmin() && $this->User->getId() != $ownerid) { echo "Not enough rights to recover this repository!"; exit(-1); } exec($svnadmin_cmd . " --config-dir {$svn_config_dir} recover " . escapeshellarg($svn_repos_loc . DIRECTORY_SEPARATOR . $name)); $this->TablePanel->setVisible(false); $this->MessageLabel->setText("Tried to recover Repository!"); $this->ResultPanel->setVisible(true); }
public function sendInviteAgain($sender, $param) { $repeaterItem = $sender->Parent; $itemIndex = $repeaterItem->Index; $email = $this->UserTable->Items[$itemIndex]->emailField->Text; $s_email = makeSqlString($email); $results = $this->Module->Database->Execute("SELECT * FROM usertickets WHERE email={$s_email}"); if ($results) { $fields = $results->fields; $email = $fields['email']; $ticket = $fields['ticket']; require "config.php"; require "./svnmanager/library/class.phpmailer.php"; $servername = $_SERVER['SERVER_NAME']; $page = $_SERVER['PHP_SELF']; // 2006-03-28 PDurden Removed assumption of https protocol $port = $_SERVER['SERVER_PORT']; if ($port != '80') { if ($port == '443') { $url = "https://{$servername}{$page}?page=User:ActivatePage&ticket={$ticket}"; } else { $url = "http://{$servername}:{$port}{$page}?page=User:ActivatePage&ticket={$ticket}"; } } else { $url = "http://{$servername}{$page}?page=User:ActivatePage&ticket={$ticket}"; } $message = "Your are invited to create an account on the {$servername} server. Please follow the link to activate your account:\n" . "\n" . $url . "\n" . "\n" . "Regards"; $mail = new PHPMailer(); $mail->From = "svnmanager@{$servername}"; $mail->FromName = "SVNManager"; $mail->Host = "{$smtp_server}"; $mail->Mailer = "smtp"; $mail->Body = $message; $mail->AddAddress($email); $mail->Subject = "Account Invitation (resend)"; //Email invitation and Store ticket into database $this->MainPanel->setVisible(false); if ($mail->Send()) { $this->SendAgainPanel->setVisible(true); } else { $this->SendAgainErrorPanel->setVisible(true); } } }
public function onLoad($param) { parent::onLoad($param); $userid = $this->User->getId(); if ($this->User->IsAdmin()) { $results = $this->Module->Database->Execute("SELECT * FROM groups ORDER BY name"); } else { $results = $this->Module->Database->Execute("SELECT * FROM groups WHERE adminid=" . makeSqlString($userid)); } if ($results) { $data = array(); while (!$results->EOF) { $fields = $results->fields; $owner = $this->Module->getUserName($fields['adminid']); $data[] = array('id' => $fields['id'], 'groupname' => $fields['name'], 'admin' => $owner); $results->MoveNext(); $this->GroupTable->setDataSource($data); } $results->Close(); } $this->dataBind(); }
function process_risk_information_notification($Gresponse, $googlepayment) { global $db; list($root, $data) = $Gresponse->GetParsedXML(); $google_order_number = $data[$root]['google-order-number']['VALUE']; $google_order = $db->Execute("SELECT orders_id from " . "" . $googlepayment->table_order . " where google_order_number = " . "'" . makeSqlString($google_order_number) . "'"); // fwrite($message_log,sprintf("\n%s\n", $google_order->fields['orders_id'])); $sql_data_array = array('orders_id' => $google_order->fields['orders_id'], 'orders_status_id' => GC_STATE_NEW, 'date_added' => 'now()', 'customer_notified' => 0, 'comments' => GOOGLECHECKOUT_STATE_STRING_RISK_INFO . "\n" . GOOGLECHECKOUT_STATE_STRING_RISK_ELEGIBLE . $data[$root]['risk-information']['eligible-for-protection']['VALUE'] . "\n" . GOOGLECHECKOUT_STATE_STRING_RISK_AVS . $data[$root]['risk-information']['avs-response']['VALUE'] . "\n" . GOOGLECHECKOUT_STATE_STRING_RISK_CVN . $data[$root]['risk-information']['cvn-response']['VALUE'] . "\n" . GOOGLECHECKOUT_STATE_STRING_RISK_CC_NUM . $data[$root]['risk-information']['partial-cc-number']['VALUE'] . "\n" . GOOGLECHECKOUT_STATE_STRING_RISK_ACC_AGE . $data[$root]['risk-information']['buyer-account-age']['VALUE'] . "\n"); zen_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_array); $db->Execute("UPDATE " . TABLE_ORDERS . " SET orders_status = '" . GC_STATE_NEW . "' " . "WHERE orders_id = '" . makeSqlInteger($google_order->fields['orders_id']) . "'"); $Gresponse->SendAck(); }
public function onConfirmButton($sender, $param) { if ($this->IsValid) { $changes = false; $repository = $this->getSelectedRepository(); if ($this->Name->getText() != $repository['name']) { $this->Module->renameRepository($repository['id'], $this->Name->getText()); } if ($this->Description->getText() != $repository['description']) { $newDescr = $this->Description->getText(); $repoID = $repository['id']; $descrID = $repository['descrID']; $s_newDescr = makeSqlString($newDescr); $s_descrID = makeSqlString($descrID); $s_repoID = makeSqlString($repoID); if ($descrID) { $this->Module->Database->Execute("UPDATE repo_descriptions SET description={$s_newDescr} WHERE id={$s_descrID}"); } else { $this->Module->Database->Execute("INSERT INTO repo_descriptions (id, repo_id, description) VALUES (null, {$s_repoID}, {$s_newDescr})"); } } if ($this->Owner->getSelectedItem()->getText() != $repository['ownername']) { $newname = $this->Owner->getSelectedItem()->getText(); error_log("name:{$newname}"); $results = $this->Module->Database->Execute("SELECT id FROM users WHERE name=" . makeSqlString($newname)); $newownerid = $results->fields['id']; error_log("id:{$newownerid}"); $results->Close(); $this->Module->changeRepositoryOwner($repository['id'], $newownerid); } //$this->Application->transfer('Repository:AdminPage'); $this->EditPanel->setVisible(false); $this->ConfirmationPanel->setVisible(true); } }
$tax_name_array = array(); // BOF - define value for languages_id - added by colosports $attributes = $db->Execute("select languages_id\n from " . TABLE_LANGUAGES . " \n where name = '" . $_SESSION['language'] . "'\n "); $languages_id = $attributes->fields['languages_id']; // EOF - define value for languages_id - added by colosports $flagAnyOutOfStock = false; $product_list = ''; //print_r($order_items); // Zencart's special attribute types $look4Attr = array('TEXT'); // Restricted categories $resticted_categories = split('([ ]?[,][ ]?)', MODULE_PAYMENT_GOOGLECHECKOUT_RESTRICTED_CATEGORIES); for ($i = 0, $n = sizeof($products); $i < $n; $i++) { if (isset($products[$i]['attributes']) && is_array($products[$i]['attributes'])) { while (list($option, $value) = each($products[$i]['attributes'])) { $attributes = $db->Execute("select popt.products_options_name, \n poval.products_options_values_name,\n pa.options_values_price, pa.price_prefix\n from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa\n where pa.products_id = '" . makeSqlInteger($products[$i]['id']) . "'and pa.options_id = '" . makeSqlString($option) . "'\n and pa.options_id = popt.products_options_id\n and pa.options_values_id = '" . makeSqlString($value) . "'\n and pa.options_values_id = poval.products_options_values_id\n and popt.language_id = '" . $languages_id . "'\n and poval.language_id = '" . $languages_id . "'"); $attr_value = $attributes->fields['products_options_values_name']; $products[$i][$option]['products_options_name'] = $attributes->fields['products_options_name']; $products[$i][$option]['options_values_id'] = $value; $products[$i][$option]['products_options_values_name'] = in_array($attr_value, $look4Attr) ? $products[$i]['attributes_values'][$option] : $attr_value; // $products[$i][$option]['products_options_values'] = $products[$i]['attributes_values'][$option]; $products[$i][$option]['options_values_price'] = $attributes->fields['options_values_price']; $products[$i][$option]['price_prefix'] = $attributes->fields['price_prefix']; } } $products_name = $products[$i]['name']; $products_description = $db->Execute("select products_description \n from " . TABLE_PRODUCTS_DESCRIPTION . " \n where products_id = '" . $products[$i]['id'] . "' \n and language_id = '" . $languages_id . "'"); $attribute_name = ''; $tax = $db->Execute("select tax_class_title \n from " . TABLE_TAX_CLASS . " \n where tax_class_id = " . makeSqlInteger($products[$i]['tax_class_id'])); $tt = @$tax->fields['tax_class_title']; if (!empty($tt) && !in_array($products[$i]['tax_class_id'], $tax_array)) {
public function changeGroupOwner($id, $newownerid) { $s_id = makeSqlString($id); $s_newownerid = makeSqlString($newownerid); $result = $this->Database->Execute("UPDATE groups SET adminid={$s_newownerid} WHERE id={$s_id}"); $result->Close(); $this->rebuildAccessFile(); }
public function onRemovePrivileges($sender, $param) { $id = $param->parameter; //Check if user may remove this privileges if (!$this->User->isAdmin()) { $priv = $this->Module->Database->Execute("SELECT * FROM groupprivileges WHERE id=" . makeSqlString($id)); $reposid = $priv->fields['repositoryid']; $priv->Close(); $repos = $this->Module->Database->Execute("SELECT * FROM repositories WHERE id=" . makeSqlString($reposid)); $ownerid = $repos->fields['ownerid']; $repos->Close(); if ($this->User->getId() != $ownerid) { echo "Not enough rights to change these privileges!"; exit(-1); } } $this->Module->removeGroupPrivileges($id); $this->Application->transfer('Repository:GroupPrivilegesEditPage', array('RepositoryID' => $this->getSelectedRepository())); }
public function login($name, $password = '') { $authenticated = false; $adodb = new TAdodb(); //$adodb->setDataSourceName($this->Application->getUserParameter('DSN')); require "config.php"; $adodb->setDataSourceName($dsn); $adodb->SetFetchMode("Associative"); //Check if there are any admin users $result = $adodb->Execute("SELECT * FROM users WHERE admin=255"); //Check with config.php password if there are no admin users if ($result->RecordCount() == 0) { if ($name == $admin_name && $password == $admin_temp_password) { $this->setEmail("*****@*****.**"); $this->setId(0); $this->setAdmin(true); $this->setGroup(false); $this->setRepository(false); $this->setAuthenticated(true); $this->setConfigAdmin(true); $result->Close(); return true; } } $result->Close(); //Check for database user $md5_pw = md5($password); $s_name = makeSqlString($name); $result = $adodb->Execute("SELECT * FROM users WHERE name={$s_name} AND password='******'"); //$result=$adodb->Execute("SELECT * FROM users WHERE name='$name' AND password = MD5('$password')"); if ($result->RecordCount() > 0) { $authenticated = true; $fields = $result->fields; $userid = $fields['id']; $s_userid = makeSqlString($userid); $email = $fields['email']; $this->setEmail($email); $this->setId($userid); if ($fields['admin'] == 255) { //Level 255 is superadmin $this->setAdmin(true); } else { $this->setAdmin(false); } $groups = $adodb->Execute("SELECT * FROM groups WHERE adminid={$s_userid}"); if ($groups->RecordCount() > 0) { $this->setGroup(true); } else { $this->setGroup(false); } $repos = $adodb->Execute("SELECT * FROM repositories WHERE ownerid={$s_userid}"); if ($repos->RecordCount() > 0) { $this->setRepository(true); } else { $repos = $adodb->Execute("SELECT repositorygrants FROM users WHERE id={$s_userid}"); if ($repos->fields['repositorygrants'] > 0) { $this->setRepository(true); } else { $this->setRepository(false); } } } $result->Close(); $this->setAuthenticated($authenticated); return $authenticated; }
public function checkPassword($userid, $password) { //Check if admin is config file defined administrator (id=0) if ($userid == '0') { require "config.php"; if ($password == $admin_temp_password) { return true; } else { return false; } } $s_userid = makeSqlString($userid); $md5_pw = md5($password); $result = $this->Module->Database->Execute("SELECT * FROM users WHERE id={$s_userid} AND password='******'"); return $result->RecordCount() > 0; }
function getGrants($userid) { $result = $this->Module->Database->Execute("SELECT repositorygrants FROM users WHERE id=" . makeSqlString($userid)); return $result->fields['repositorygrants']; }
public function createFromDatabase() { $accessfile = ""; //Groups $groups = $this->database->Execute("SELECT * FROM groups ORDER BY name"); if ($groups) { $accessfile .= "[groups]\n"; while (!$groups->EOF) { $groupname = $groups->fields['name']; $groupid = $groups->fields['id']; $test = $this->database->Execute("SELECT * FROM usersgroups"); $usergroups = $this->database->Execute("SELECT * FROM usersgroups WHERE groupid=" . makeSqlString($groupid)); if ($usergroups) { $accessfile .= "{$groupname} = "; $first = true; while (!$usergroups->EOF) { $userid = $usergroups->fields['userid']; $username = $this->getUserName($userid); if ($username == null) { error_log("Database inconsistent, can't find user that exists in group!'"); exit(-1); } if ($first) { $first = false; } else { $accessfile .= ", "; } $accessfile .= "{$username}"; $usergroups->MoveNext(); } $usergroups->Close(); $accessfile .= "\n"; } $groups->MoveNext(); } $groups->Close(); } $accessfile .= "\n"; //Access $repositories = $this->database->Execute("SELECT * FROM repositories"); $privhash = array(); while (!$repositories->EOF) { $repositoryname = $repositories->fields['name']; $repositoryid = $repositories->fields['id']; $s_repositoryid = makeSqlString($repositoryid); $ownerid = $repositories->fields['ownerid']; $ownername = $this->getUserName($ownerid); if ($ownername == null) { error_log("Database inconsistent, can't find user that owns repository!'"); exit(-1); } // Create hash to store privilegies for this repository $privhash[$repositoryname] = array(); // Give owner full access to whole repository $privhash[$repositoryname]['/'] = "{$ownername} = rw\n"; //User privileges $userprivileges = $this->database->Execute("SELECT * FROM userprivileges WHERE repositoryid={$s_repositoryid}"); if ($userprivileges) { while (!$userprivileges->EOF) { $username = $this->getUsername($userprivileges->fields['userid']); if ($username == null) { error_log("Database inconsistent, can't find user that has privilege'"); exit; } $access = $userprivileges->fields['access']; $path = $userprivileges->fields['path']; $useraccess = "{$username} = "; switch ($access) { case 0: break; case 1: $useraccess .= "r"; break; case 2: $useraccess .= "w"; break; case 3: $useraccess .= "rw"; break; } $useraccess .= "\n"; // Create string for path if it is not created yet if (!isset($privhash[$repositoryname][$path])) { $privhash[$repositoryname][$path] = ""; } // Add user access to this path string $privhash[$repositoryname][$path] .= $useraccess; $userprivileges->MoveNext(); } } $userprivileges->Close(); //Group privileges $groupprivileges = $this->database->Execute("SELECT * FROM groupprivileges WHERE repositoryid={$s_repositoryid}"); if ($groupprivileges) { while (!$groupprivileges->EOF) { $groupid = $groupprivileges->fields['groupid']; $group = $this->database->Execute("SELECT * FROM groups WHERE id=" . makeSqlString($groupid)); if (!$group) { error_log("Database inconsistent, can't find group that has privilege'"); exit; } $groupname = $group->fields['name']; $access = $groupprivileges->fields['access']; $path = $groupprivileges->fields['path']; //$currUrl = "$repositoryname:$path"; //if( $currUrl != $lastUrl ) { $accessfile .= "[$repositoryname:$path]\n"; $lastUrl=$currUrl; } $groupaccess = "@{$groupname} = "; switch ($access) { case 0: break; case 1: $groupaccess .= "r"; break; case 2: $groupaccess .= "w"; break; case 3: $groupaccess .= "rw"; break; } $groupaccess .= "\n"; // Create string for path if it is not created yet if (!isset($privhash[$repositoryname][$path])) { $privhash[$repositoryname][$path] = ""; } // Add group access to this path string $privhash[$repositoryname][$path] .= $groupaccess; $groupprivileges->MoveNext(); } } $groupprivileges->Close(); $repositories->MoveNext(); } $repositories->Close(); // Add access privilegies to accessfile string foreach ($privhash as $repos => $reppaths) { foreach ($reppaths as $reppath => $pathaccess) { $accessfile .= "[{$repos}:{$reppath}]\n"; $accessfile .= $pathaccess; } $accessfile .= "\n"; } require "config.php"; $filename = $svn_access_file; // if (is_writable($filename)) // { if (!($handle = fopen($filename, 'w'))) { echo "Cannot open file ({$filename})"; exit; } if (fwrite($handle, $accessfile) === FALSE) { echo "Cannot write to file ({$filename})"; exit; } fclose($handle); // } else { // error_log("File not writable"); // } }