protected function setupTemplate()
 {
     global $cfg;
     parent::setupTemplate();
     $db = Database::getInstance($cfg['DPS']['dsn']);
     $auth = Auth::getInstance();
     $userID = $auth->getUserID();
     $audioID = pg_escape_string($this->fieldData['audioID']);
     $sql = "SELECT jinglepkgid FROM audiojinglepkgs WHERE audioid = {$audioID}";
     $jinglepkgID = $db->getOne($sql);
     $sql = "SELECT name FROM jinglepkgs WHERE id = {$jinglepkgID}";
     $currentpkg = $db->getOne($sql);
     if ($currentpkg == '') {
         $currentpkg = 'Default';
     }
     $sql = "SELECT title FROM audio WHERE id = {$audioID}";
     $jinglename = $db->getOne($sql);
     $sql = "SELECT name, id FROM jinglepkgs";
     $jinglepkgs = $db->getAll($sql);
     $this->assign('access_playlist', AuthUtil::getDetailedUserrealmAccess(array(3, 21, 33), $userID));
     $this->assign('access_sue', AuthUtil::getDetailedUserrealmAccess(array(24, 20, 3), $userID));
     $this->assign('Admin', AuthUtil::getDetailedUserrealmAccess(array(1), $userID));
     $this->assign('jinglepkgs', $jinglepkgs);
     $this->assign('currentpkg', $currentpkg);
     $this->assign('currentpkgid', $jinglepkgID);
     $this->assign('jinglename', $jinglename);
     $this->assign('jingleID', $audioID);
 }
 function __construct()
 {
     parent::__construct();
     $this->setTitle(sprintf(Messages::getString('EnterDataPage.Title'), $this->project->getName()));
     $this->menu = array(Messages::getString('General.AdminMenu') => "admin.php") + $this->menu;
     $this->db = Database::getInstance();
 }
Esempio n. 3
0
 /**
  * constructor
  */
 function sfCategory($id = null)
 {
     $this->db =& Database::getInstance();
     $this->initVar("categoryid", XOBJ_DTYPE_INT, null, false);
     $this->initVar("parentid", XOBJ_DTYPE_INT, null, false);
     $this->initVar("name", XOBJ_DTYPE_TXTBOX, null, true, 100);
     $this->initVar("description", XOBJ_DTYPE_TXTAREA, null, false, 255);
     $this->initVar("total", XOBJ_DTYPE_INT, 1, false);
     $this->initVar("weight", XOBJ_DTYPE_INT, 1, false);
     $this->initVar("created", XOBJ_DTYPE_INT, null, false);
     $this->initVar("last_faq", XOBJ_DTYPE_INT);
     //not persistent values
     $this->initVar("faqcount", XOBJ_DTYPE_INT, 0, false);
     $this->initVar('last_faqid', XOBJ_DTYPE_INT);
     $this->initVar('last_question_link', XOBJ_DTYPE_TXTBOX);
     if (isset($id)) {
         if (is_array($id)) {
             $this->assignVars($id);
         } else {
             $category_handler = new sfCategoryHandler($this->db);
             $category =& $category_handler->get($id);
             foreach ($category->vars as $k => $v) {
                 $this->assignVar($k, $v['value']);
             }
             $this->assignOtherProperties();
         }
     }
 }
Esempio n. 4
0
 public function getConfiguration($param)
 {
     $dc = Database::getInstance();
     $obj = $dc->prepare('SELECT * FROM tl_rs_settings ORDER BY have_license,language, language_demo ASC')->execute()->fetchAllAssoc();
     $returner = array();
     $error = true;
     $edit_link = '<a href="contao/main.php?do=readspeaker_settings&act=edit&id=%s&amp;rt=%s&ref=%s" title="" class="edit"><img src="system/themes/default/images/edit.gif" width="12" height="16" alt="Edit "></a>';
     if (count($obj) >= 1) {
         $error = false;
         foreach ($obj as $key => $row) {
             if ($row['have_license']) {
                 $returner['ID: ' . $row['customer_id']][$row['id']] = $GLOBALS['TL_LANG']['MSC']['rs_language_codes'][$row['language']] . ' ' . ($row['domain'] ? '[' . $row['domain'] . ']' : '');
                 // . ' ' . ($row['note'] ? '<span class="tl_blue" >[' . $row['note'] . ']</span>' : '');
             } else {
                 $returner['DEMO'][$row['id']] = $GLOBALS['TL_LANG']['MSC']['rs_language_codes'][$row['language_demo']] . ' ' . ($row['domain'] ? '[' . $row['domain'] . ']' : '');
                 // . ' ' . ($row['note'] ? '<span class="tl_blue" >[' . $row['note'] . ']</span>' : '');
             }
         }
     }
     if ($error) {
         $session = $this->Session->get('referer');
         $session[TL_REFERER_ID]['current'] = substr(\Environment::get('requestUri'), strlen(TL_PATH) + 1);
         $this->Session->set('referer', $session);
         Message::addRaw(sprintf($GLOBALS['TL_LANG']['tl_module']['error']['error_no_settings'], REQUEST_TOKEN, TL_REFERER_ID));
     }
     return $returner;
 }
Esempio n. 5
0
 public function run($blnInstalled)
 {
     $this->db = \Database::getInstance();
     if ($blnInstalled) {
         $this->convertSerializedValues();
     }
 }
Esempio n. 6
0
 /**
  * @param array $navigation
  * @param       $showAll
  *
  * @return array
  * @SuppressWarnings(PHPMD.CyclomaticComplexity)
  */
 public static function hookGetUserNavigation(array $navigation, $showAll)
 {
     if (TL_MODE == 'BE') {
         try {
             if (!$showAll) {
                 $database = \Database::getInstance();
                 if ($database->tableExists('orm_avisota_message_category')) {
                     $category = Helper::resolveCategoryFromInput();
                     if ($category) {
                         $foundCustomEntry = false;
                         $menu =& $navigation['avisota'];
                         foreach ($menu['modules'] as $name => &$module) {
                             if ($name == 'avisota_category_' . $category->getId()) {
                                 $module['class'] .= ' active';
                                 $foundCustomEntry = true;
                             }
                         }
                         if ($foundCustomEntry) {
                             $classes = explode(' ', $menu['modules']['avisota_newsletter']['class']);
                             $classes = array_map('trim', $classes);
                             $pos = array_search('active', $classes);
                             if ($pos !== false) {
                                 unset($classes[$pos]);
                             }
                             $menu['modules']['avisota_newsletter']['class'] = implode(' ', $classes);
                         }
                     }
                 }
             }
         } catch (\Exception $exception) {
             // silently ignore
         }
     }
     return $navigation;
 }
Esempio n. 7
0
    public function getArticleOptions(CreateOptionsEvent $event)
    {
        \Controller::loadLanguageFile('tl_article');
        $database = \Database::getInstance();
        $dataContainer = $event->getDataContainer();
        $options = $event->getOptions();
        // add articles in this page to options array
        $resultSet = $database->prepare('SELECT a.id, a.title, a.inColumn
				 FROM tl_article a
				 INNER JOIN tl_article b
				 ON a.pid = b.pid
				 INNER JOIN tl_content c
				 ON c.pid = b.id
				 WHERE c.id = ?
				 ORDER BY a.inColumn, a.sorting')->execute($dataContainer->id);
        while ($resultSet->next()) {
            if (isset($GLOBALS['TL_LANG']['tl_article'][$resultSet->inColumn])) {
                $sectionName = $GLOBALS['TL_LANG']['tl_article'][$resultSet->inColumn];
            } else {
                $sectionName = $resultSet->inColumn;
            }
            if (isset($GLOBALS['TL_LANG']['tl_article'][$sectionName])) {
                $sectionName = $GLOBALS['TL_LANG']['tl_article'][$sectionName];
            }
            $options[$sectionName][$resultSet->id] = $resultSet->title;
        }
    }
Esempio n. 8
0
 /**
  * Retrieve the type name from an attribute.
  *
  * @param int $value The id of an attribute.
  *
  * @return string
  */
 public function getTypeOfAttribute($value)
 {
     if (!isset(self::$attributeTypes[$value])) {
         self::$attributeTypes[$value] = \Database::getInstance()->prepare('SELECT type FROM tl_metamodel_attribute WHERE id=?')->limit(1)->execute($value)->type;
     }
     return self::$attributeTypes[$value];
 }
Esempio n. 9
0
function login($email, $password)
{
    $db = Database::getInstance();
    $mysqli = $db->getConnection();
    $mysqli->query("SET NAMES utf8");
    $sql_query = 'SELECT * FROM user WHERE email="' . $email . '"';
    $result = $mysqli->query($sql_query);
    $user = mysqli_fetch_assoc($result);
    global $password;
    //if password correct
    if (password_verify($password, $user['password'])) {
        session_start();
        $_SESSION['auth'] = true;
        $_SESSION['id'] = $user['id'];
        $_SESSION['user'] = $user['user'];
        //check keep login, set coockie
        if ($_POST['loginkeeping'] == "on") {
            $key = md5(generate(7, 15));
            setcookie('login', $user['user'], time() + 60 * 60 * 24 * 365);
            setcookie('key', $key, time() + 60 * 60 * 24 * 365);
            $sql_query = "UPDATE user SET cookie='" . $key . "' WHERE id='" . $user['id'] . "'";
            $mysqli->query($sql_query);
            //if no keep login, set cookie as NULL
        } else {
            $sql_query = "UPDATE user SET cookie=NULL WHERE id='" . $user['id'] . "'";
            $mysqli->query($sql_query);
        }
        header("Location: http://" . $_SERVER['SERVER_NAME']);
    } else {
        echo "Email or password is incorrect";
    }
}
Esempio n. 10
0
 public static function doesUserHasAccess($moduleName, $userId, $accessType)
 {
     try {
         $db = Database::getInstance();
         $conn = $db->getConnection();
         $stmt = $conn->prepare("SELECT `isSuperUser` FROM `usermaster` WHERE `userId` =:userId");
         $stmt->bindParam(':userId', $userId, PDO::PARAM_STR);
         $stmt->execute();
         $result = $stmt->fetchAll(PDO::FETCH_ASSOC);
         $isSuperUser = $result[0]['isSuperUser'];
         if ($isSuperUser) {
             return true;
         }
         $stmt = $conn->prepare("SELECT * FROM `roleaccesspermission` WHERE `accessId` IN (SELECT `accessId` FROM `accesspermission` WHERE `ModuleName`=:moduleName AND `accessType`=:accessType) AND `roleId` IN (SELECT `roleId` FROM `userroleinfo` WHERE `userId`=:userId)");
         $stmt->bindParam(':moduleName', $moduleName, PDO::PARAM_STR);
         $stmt->bindParam(':userId', $userId, PDO::PARAM_STR);
         $stmt->bindParam(':accessType', $accessType, PDO::PARAM_STR);
         if ($stmt->execute()) {
             $result = $stmt->fetchAll(PDO::FETCH_ASSOC);
             if (count($result) > 0) {
                 return true;
             } else {
                 return false;
             }
         } else {
             return false;
         }
     } catch (Exception $e) {
         return false;
     }
     return false;
 }
Esempio n. 11
0
 /**
  * @param GetEditModeButtonsEvent $objEvent
  */
 public function addButton(GetEditModeButtonsEvent $objEvent)
 {
     if (!$this->isRightContext($objEvent->getEnvironment())) {
         return;
     }
     // Check the file cache.
     $strInitFilePath = '/system/config/initconfig.php';
     if (file_exists(TL_ROOT . $strInitFilePath)) {
         $strFile = new \File($strInitFilePath);
         $arrFileContent = $strFile->getContentAsArray();
         foreach ($arrFileContent as $strContent) {
             if (!preg_match("/(\\/\\*|\\*|\\*\\/|\\/\\/)/", $strContent)) {
                 //system/tmp.
                 if (preg_match("/system\\/tmp/", $strContent)) {
                     // Set data.
                     \Message::addInfo($GLOBALS['TL_LANG']['MSC']['disabled_cache']);
                 }
             }
         }
     }
     // Update a field with last sync information
     $objSyncTime = \Database::getInstance()->prepare("SELECT cl.syncFrom_tstamp as syncFrom_tstamp, user.name as syncFrom_user, user.username as syncFrom_alias\n                         FROM tl_synccto_clients as cl\n                         INNER JOIN tl_user as user\n                         ON cl.syncTo_user = user.id\n                         WHERE cl.id = ?")->limit(1)->execute(\Input::get("id"));
     if ($objSyncTime->syncFrom_tstamp != 0 && strlen($objSyncTime->syncFrom_user) != 0 && strlen($objSyncTime->syncFrom_alias) != 0) {
         $strLastSync = vsprintf($GLOBALS['TL_LANG']['MSC']['last_sync'], array(date($GLOBALS['TL_CONFIG']['timeFormat'], $objSyncTime->syncFrom_tstamp), date($GLOBALS['TL_CONFIG']['dateFormat'], $objSyncTime->syncFrom_tstamp), $objSyncTime->syncFrom_user, $objSyncTime->syncFrom_alias));
         // Set data
         \Message::addInfo($strLastSync);
     }
     // Set buttons.
     $objEvent->setButtons(array('start_sync' => '<input type="submit" name="start_sync" id="start_sync" class="tl_submit" accesskey="s" value="' . specialchars($GLOBALS['TL_LANG']['MSC']['sync']) . '" />', 'start_sync_all' => '<input type="submit" name="start_sync_all" id="start_sync_all" class="tl_submit" accesskey="o" value="' . specialchars($GLOBALS['TL_LANG']['MSC']['syncAll']) . '" />'));
 }
Esempio n. 12
0
 function createActivityList()
 {
     $db = Database::getInstance();
     $cxn = $db->getConnection();
     if ($this->activityid == '') {
         $query = "SELECT * FROM Activity";
     } else {
         if (in_array($this->activityid, $this->production)) {
             $query = "SELECT * FROM Activity WHERE Activity_ID IN(1,2,3,16)";
         } else {
             if (in_array($this->activityid, $this->nonproduction)) {
                 $query = "SELECT * FROM Activity WHERE Activity_ID IN(4,8,9,11,12)";
             }
         }
     }
     //			print("$query<br>");
     if (!($res = $cxn->query($query))) {
         echo "error :", $cxn->error;
     } else {
         $rows = array();
         while ($r = mysqli_fetch_assoc($res)) {
             $rows[] = $r;
         }
         $this->activitylist = json_encode($rows);
     }
 }
 /**
  * Fill the object's arrProducts array
  *
  * @param array|null $arrCacheIds
  *
  * @return array
  */
 protected function findProducts($arrCacheIds = null)
 {
     $t = Product::getTable();
     $arrColumns = array();
     $arrCategories = $this->findCategories();
     $arrProductIds = \Database::getInstance()->query("\n                SELECT pid\n                FROM tl_iso_product_category\n                WHERE page_id IN (" . implode(',', $arrCategories) . ")\n            ")->fetchEach('pid');
     $arrTypes = \Database::getInstance()->query("SELECT id FROM tl_iso_producttype WHERE variants='1'")->fetchEach('id');
     if (empty($arrProductIds)) {
         return array();
     }
     $queryBuilder = new FilterQueryBuilder(Isotope::getRequestCache()->getFiltersForModules($this->iso_filterModules));
     $arrColumns[] = "(\n            ({$t}.id IN (" . implode(',', $arrProductIds) . ") AND {$t}.type NOT IN (" . implode(',', $arrTypes) . "))\n            OR {$t}.pid IN (" . implode(',', $arrProductIds) . ")\n        )";
     if (!empty($arrCacheIds) && is_array($arrCacheIds)) {
         $arrColumns[] = Product::getTable() . ".id IN (" . implode(',', $arrCacheIds) . ")";
     }
     // Apply new/old product filter
     if ($this->iso_newFilter == 'show_new') {
         $arrColumns[] = Product::getTable() . ".dateAdded>=" . Isotope::getConfig()->getNewProductLimit();
     } elseif ($this->iso_newFilter == 'show_old') {
         $arrColumns[] = Product::getTable() . ".dateAdded<" . Isotope::getConfig()->getNewProductLimit();
     }
     if ($this->iso_list_where != '') {
         $arrColumns[] = $this->iso_list_where;
     }
     if ($queryBuilder->hasSqlCondition()) {
         $arrColumns[] = $queryBuilder->getSqlWhere();
     }
     $arrSorting = Isotope::getRequestCache()->getSortingsForModules($this->iso_filterModules);
     if (empty($arrSorting) && $this->iso_listingSortField != '') {
         $direction = $this->iso_listingSortDirection == 'DESC' ? Sort::descending() : Sort::ascending();
         $arrSorting[$this->iso_listingSortField] = $direction;
     }
     $objProducts = Product::findAvailableBy($arrColumns, $queryBuilder->getSqlValues(), array('order' => 'c.sorting', 'filters' => $queryBuilder->getFilters(), 'sorting' => $arrSorting));
     return null === $objProducts ? array() : $objProducts->getModels();
 }
Esempio n. 14
0
 public function __construct()
 {
     //SINGLETON------------------------------------
     $this->msgs = messages::getInstance();
     $this->db = Database::getInstance();
     //---------------------------------------------
 }
Esempio n. 15
0
 function XoopsTree($table_name, $id_name, $pid_name)
 {
     $this->db =& Database::getInstance();
     $this->table = $table_name;
     $this->id = $id_name;
     $this->pid = $pid_name;
 }
 function processForm()
 {
     if (!$_POST['name']) {
         return Messages::getString('CreateProjectPage.ProjectNameNotEmpty');
     }
     if (!$_POST['pwd']) {
         return Messages::getString('CreateProjectPage.PasswordNotEmpty');
     }
     if ($_POST['pwd'] != $_POST['pwd2']) {
         return Messages::getString('CreateProjectPage.PasswordsNotEqual');
     }
     if (!$this->CheckPostMasterPassword()) {
         return Messages::getString('CreateProjectPage.MasterPasswordWrong');
     }
     try {
         $db = Database::getInstance();
         $project_info = array('name' => stripslashes($_POST['name']), 'pwd' => stripslashes($_POST['pwd']), 'info' => Config::$default_project_info['info'], 'access' => Config::$default_project_info['access'], 'introduction' => Config::$default_project_info['introduction'], 'hint' => Config::$default_project_info['hint']);
         if (!($this->new_project_id = $db->insertProject($project_info))) {
             return sprintf("%s: %s", Messages::getString('General.dbError'), $db->lastError());
         }
     } catch (Exception $exception) {
         // in this case, render exception as error.
         return $exception;
     }
     return '';
 }
Esempio n. 17
0
function b_waiting_PDlinks()
{
    $xoopsDB =& Database::getInstance();
    $ret = array();
    // PDlinks waiting
    $block = array();
    $result = $xoopsDB->query("SELECT COUNT(*) FROM " . $xoopsDB->prefix("PDlinks_links") . " WHERE status=0");
    if ($result) {
        $block['adminlink'] = XOOPS_URL . "/modules/PDlinks/admin/newlinks.php";
        list($block['pendingnum']) = $xoopsDB->fetchRow($result);
        $block['lang_linkname'] = _PI_WAITING_WAITINGS;
    }
    $ret[] = $block;
    // PDlinks broken
    $block = array();
    $result = $xoopsDB->query("SELECT COUNT(*) FROM " . $xoopsDB->prefix("PDlinks_broken"));
    if ($result) {
        $block['adminlink'] = XOOPS_URL . "/modules/PDlinks/admin/brokenlink.php";
        list($block['pendingnum']) = $xoopsDB->fetchRow($result);
        $block['lang_linkname'] = _PI_WAITING_BROKENS;
    }
    $ret[] = $block;
    // PDlinks modreq
    $block = array();
    $result = $xoopsDB->query("SELECT COUNT(*) FROM " . $xoopsDB->prefix("PDlinks_mod"));
    if ($result) {
        $block['adminlink'] = XOOPS_URL . "/modules/PDlinks/admin/index.php?op=listModReq";
        list($block['pendingnum']) = $xoopsDB->fetchRow($result);
        $block['lang_linkname'] = _PI_WAITING_MODREQS;
    }
    $ret[] = $block;
    return $ret;
}
Esempio n. 18
0
 public static function getPropertyEvents($pID)
 {
     try {
         $DBH = Database::getInstance();
         $DBH->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
     } catch (PDOException $e) {
         echo "Unable to connect";
         file_put_contents(__DIR__ . '/../Log/PDOErrorLog.txt', $e->getMessage(), FILE_APPEND);
         exit;
     }
     try {
         $eventArray = [];
         $statement = $DBH->prepare("SELECT * FROM calendar WHERE propertyID = :propertyID");
         $statement->bindParam(':propertyID', $pID);
         $statement->execute();
         while ($row = $statement->fetch(PDO::FETCH_OBJ)) {
             $eventArray[] = $row;
         }
         return $eventArray;
         #close db connection
         $DBH = NULL;
         exit;
     } catch (PDOException $e) {
         echo "Could not load calendar events";
         file_put_contents(__DIR__ . '/../Log/PDOErrorLog.txt', $e->getMessage(), FILE_APPEND);
         $DBH = NULL;
         exit;
     }
 }
Esempio n. 19
0
 /**
  * public queueNewUser($email, $password)
  *
  * Creates a new user and stores it in the TEMP database, setting
  * the local object's data. It then sends an email with an activation links.
  * 
  * Returns true on success.
  */
 public function queueNewUser($email, $username, $pw)
 {
     // Send back a return code to state whether its success/fail
     // eg 1 would be success
     // 2 means "email already registered"
     $db = Database::getInstance();
     $query = "\n\t\t\t\tINSERT INTO users_confirm (\n\t\t\t\t\temail,\n\t\t\t\t\tusername,\n\t\t\t\t\tpassword,\n\t\t\t\t\tsalt,\n\t\t\t\t\tactivation_key\n\t\t\t\t) VALUES (\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?\n\t\t\t\t)\n\t\t\t";
     $salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
     // This hashes the password with the salt so it can be stored securely.
     $password = hash('sha256', $pw . $salt);
     // Next we hash the hash value 65536 more times.  The purpose of this is to
     // protect against brute force attacks.  Now an attacker must compute the hash 65537
     // times for each guess they make against a password, whereas if the password
     // were hashed only once the attacker would have been able to make 65537 different
     // guesses in the same amount of time instead of only one.
     for ($round = 0; $round < 65536; $round++) {
         $password = hash('sha256', $password . $salt);
     }
     // Uncomment to actually register accounts
     $key = md5(time());
     $db->query($query, array($email, $username, $password, $salt, $key));
     $result = $db->firstResult();
     // Send email
     $em = new Email();
     $em->sendEmail($email, "Confirm your account", "This is an email test, please use this key to register: " . $key, true);
     return true;
 }
 public static function run()
 {
     $objDatabase = \Database::getInstance();
     \Controller::loadDataContainer('tl_module');
     $arrRenameFields = array('tl_module' => array('jumpToSuccess' => array('name' => 'jumpTo', 'syncValue' => true), 'jumpToSuccessPreserveParams' => array('name' => 'formHybridJumpToPreserveParams', 'syncValue' => false), 'allowIdAsGetParameter' => array('name' => 'formHybridAllowIdAsGetParameter', 'syncValue' => true), 'idGetParameter' => array('name' => 'formHybridIdGetParameter', 'syncValue' => true), 'appendIdToUrlOnCreation' => array('name' => 'formHybridAppendIdToUrlOnCreation', 'syncValue' => true)));
     foreach ($arrRenameFields as $strTable => $arrFields) {
         if (!$objDatabase->tableExists($strTable)) {
             continue;
         }
         foreach ($arrFields as $strOldName => $arrConfig) {
             if (!$objDatabase->fieldExists($strOldName, $strTable)) {
                 continue;
             }
             $strNewName = $arrConfig['name'];
             $sql =& $GLOBALS['TL_DCA']['tl_module']['fields'][$strNewName]['sql'];
             if (!$objDatabase->fieldExists($arrConfig['name'], $strTable) && $sql) {
                 $sql =& $GLOBALS['TL_DCA']['tl_module']['fields'][$strNewName]['sql'];
                 $objDatabase->query("ALTER TABLE {$strTable} ADD `{$strNewName}` {$sql}");
             }
             if (!$arrConfig['syncValue']) {
                 continue;
             }
             $objDatabase->prepare('UPDATE ' . $strTable . ' SET ' . $arrConfig['name'] . ' = ' . $strOldName)->execute();
         }
     }
     return;
 }
 function getAllPosts($topic_id, $order = "ASC", $perpage = 0, &$start, $post_id = 0)
 {
     $db =& Database::getInstance();
     if ($order == "DESC") {
         $operator_for_position = '>';
     } else {
         $order = "ASC";
         $operator_for_position = '<';
     }
     if ($perpage <= 0) {
         $perpage = 10;
     }
     if (empty($start)) {
         $start = 0;
     }
     // GIJ start
     if (!empty($post_id)) {
         $result = $db->query("SELECT COUNT(post_id) FROM " . $db->prefix('xhnewbb_posts') . " WHERE topic_id={$topic_id} AND post_id {$operator_for_position} {$post_id}");
         list($position) = $db->fetchRow($result);
         $start = intval($position / $perpage) * $perpage;
     }
     // GIJ end
     $sql = 'SELECT p.*, t.post_text FROM ' . $db->prefix('xhnewbb_posts') . ' p, ' . $db->prefix('xhnewbb_posts_text') . " t WHERE p.topic_id={$topic_id} AND p.post_id = t.post_id ORDER BY p.post_id {$order}";
     $result = $db->query($sql, $perpage, $start);
     $ret = array();
     while ($myrow = $db->fetchArray($result)) {
         $ret[] = new ForumPosts($myrow);
     }
     return $ret;
 }
    protected function setupTemplate()
    {
        global $cfg;
        parent::setupTemplate();
        $db = Database::getInstance($cfg['MVC']['dsn']);
        $sql = 'SELECT regionid FROM cmsregions ORDER BY name';
        $rIDs = $db->getColumn($sql);
        $sql = 'SELECT name FROM cmsregions ORDER BY name';
        $rNames = $db->getColumn($sql);
        $regions = array_combine($rIDs, $rNames);
        $this->assign('regions', $regions);
        if (isset($this->fieldData['regionID'])) {
            $sql = 'SELECT cmsregions.inlinetoolbar, 
			               cmsregions.windowtoolbar, 
			               cmsregions.editrealm, 
			               cmsregions.viewrealm,
			               cmsregions.name FROM cmsregions 
			       WHERE cmsregions.regionid = ?';
            $regionData = $db->getRow($sql, array($this->fieldData['regionID']));
            $this->assign('inlineToolbar', $regionData['inlinetoolbar']);
            $this->assign('windowToolbar', $regionData['windowtoolbar']);
            $this->assign('editRealm', $regionData['editrealm']);
            $this->assign('viewRealm', $regionData['viewrealm']);
            $this->assign('name', $regionData['name']);
            $sql = 'SELECT realmid, name, depth FROM realms ORDER BY realmpath';
            $realmInfo = $db->getAll($sql);
            $realms = array();
            foreach ($realmInfo as $row) {
                $realms[$row['realmid']] = str_repeat('--', $row['depth']) . ' ' . $row['name'];
            }
            $this->assign('realms', $realms);
        }
    }
Esempio n. 23
0
 function getAllpriv_msgsconts($criteria = array(), $asobject = false, $sort = "", $order = "ASC", $limit = 0, $start = 0)
 {
     $db =& Database::getInstance();
     $ret = array();
     $where_query = "";
     if (is_array($criteria) && count($criteria) > 0) {
         $where_query = " WHERE";
         foreach ($criteria as $c) {
             $where_query .= " {$c} AND";
         }
         $where_query = substr($where_query, 0, -4);
     } elseif (!is_array($criteria) && $criteria) {
         $where_query = " WHERE " . $criteria;
     }
     if (!$asobject) {
         $sql = "SELECT  FROM " . $db->prefix("priv_msgscont") . "{$where_query} ORDER BY {$sort} {$order}";
         $result = $db->query($sql, $limit, $start);
         while ($myrow = $db->fetchArray($result)) {
             $ret[] = $myrow['priv_msgscont_id'];
         }
     } else {
         $sql = "SELECT * FROM " . $db->prefix("priv_msgscont") . "{$where_query} ORDER BY {$sort} {$order}";
         $result = $db->query($sql, $limit, $start);
         while ($myrow = $db->fetchArray($result)) {
             $ret[] = new priv_msgscont($myrow);
         }
     }
     return $ret;
 }
Esempio n. 24
0
 public function pastePage(DataContainer $dc, $row, $table, $cr, $clipboardData = false)
 {
     if ($row['type'] == 'avisota') {
         $disablePA = false;
         // Disable all buttons if there is a circular reference
         if ($clipboardData !== false && ($clipboardData['mode'] == 'cut' && ($cr == 1 || $clipboardData['id'] == $row['id']) || $clipboardData['mode'] == 'cutAll' && ($cr == 1 || in_array($row['id'], $clipboardData['id'])))) {
             $disablePA = true;
         }
         // Check permissions if the user is not an administrator
         if (!$this->User->isAdmin) {
             $page = \Database::getInstance()->prepare("SELECT * FROM " . $table . " WHERE id=?")->limit(1)->execute($row['pid']);
             // Disable "paste after" button if there is no permission 2 for the parent page
             if (!$disablePA && $page->numRows) {
                 if (!$this->User->isAllowed(2, $page->row())) {
                     $disablePA = true;
                 }
             }
             // Disable "paste after" button if the parent page is a root page and the user is not an administrator
             if (!$disablePA && ($row['pid'] < 1 || in_array($row['id'], $dc->rootIds))) {
                 $disablePA = true;
             }
         }
         // Return the buttons
         $imagePasteAfter = $this->generateImage('pasteafter.gif', sprintf($GLOBALS['TL_LANG'][$table]['pasteafter'][1], $row['id']), 'class="blink"');
         if ($row['id'] > 0) {
             return $disablePA ? $this->generateImage('pasteafter_.gif', '', 'class="blink"') . ' ' : '<a href="' . $this->addToUrl('act=' . $clipboardData['mode'] . '&amp;mode=1&amp;pid=' . $row['id'] . (!is_array($clipboardData['id']) ? '&amp;id=' . $clipboardData['id'] : '')) . '" title="' . specialchars(sprintf($GLOBALS['TL_LANG'][$table]['pasteafter'][1], $row['id'])) . '" onclick="Backend.getScrollOffset();">' . $imagePasteAfter . '</a> ' . $this->generateImage('pasteinto_.gif', '', 'class="blink"');
         }
         return '';
     }
     return parent::pastePage($dc, $row, $table, $cr, $clipboardData);
 }
Esempio n. 25
0
 private function getLoginForm()
 {
     try {
         $db = Database::getInstance();
         $frontpage_info = $db->getFrontpageInfo();
     } catch (Exception $exception) {
         // in this case, render exception as error.
         return $exception;
     }
     $result = '<form action="admin.php" name="login_form" method="post"><div id="loginform">';
     if (count($frontpage_info) > 1) {
         $result .= sprintf('<label for="project_id">%s: </label>', Messages::getString('General.Project'));
         $result .= '<select name="project_id" id="project_id_selector">';
         foreach ($frontpage_info as $id => $project) {
             $result .= sprintf('<option value="%03d" %s>%s&nbsp;&nbsp;</option>', $id, $id == Config::$default_project_id ? 'selected="selected"' : '', $project->name);
         }
         $result .= '</select><br/>';
     } else {
         foreach ($frontpage_info as $id => $project) {
             $result .= sprintf('<input type="hidden" name="project_id" value="%03d" />', $id);
         }
     }
     $result .= sprintf('<label for="password">%s: </label>', Messages::getString('LoginPage.EnterPassword')) . '  <input type="password" name="pwd" value="" /> ' . '  <input type="submit" value="Login" />' . '</div></form>&nbsp;';
     return $result;
 }
Esempio n. 26
0
 function Post($id = null)
 {
     $this->db =& Database::getInstance();
     $this->initVar('post_id', XOBJ_DTYPE_INT);
     $this->initVar('topic_id', XOBJ_DTYPE_INT);
     $this->initVar('forum_id', XOBJ_DTYPE_INT);
     $this->initVar('post_time', XOBJ_DTYPE_INT);
     $this->initVar('poster_ip', XOBJ_DTYPE_INT);
     $this->initVar('poster_name', XOBJ_DTYPE_TXTBOX);
     $this->initVar('subject', XOBJ_DTYPE_TXTBOX);
     $this->initVar('pid', XOBJ_DTYPE_INT);
     $this->initVar('dohtml', XOBJ_DTYPE_INT, 0);
     $this->initVar('dosmiley', XOBJ_DTYPE_INT, 1);
     $this->initVar('doxcode', XOBJ_DTYPE_INT, 1);
     $this->initVar('uid', XOBJ_DTYPE_INT, 1);
     $this->initVar('icon', XOBJ_DTYPE_TXTBOX);
     $this->initVar('attachsig', XOBJ_DTYPE_INT);
     $this->initVar('approved', XOBJ_DTYPE_INT, 1);
     $this->initVar('post_karma', XOBJ_DTYPE_INT);
     $this->initVar('require_reply', XOBJ_DTYPE_INT);
     $this->initVar('attachment', XOBJ_DTYPE_TXTAREA);
     $this->initVar('post_text', XOBJ_DTYPE_TXTAREA);
     $this->initVar('post_edit', XOBJ_DTYPE_TXTAREA);
     $this->initVar('doimage', XOBJ_DTYPE_INT, 1);
     $this->initVar('dobr', XOBJ_DTYPE_INT, 1);
 }
function tplsadmin_import_data($tplset, $tpl_file, $tpl_source, $lastmodified = 0)
{
    $db =& Database::getInstance();
    // check the file is valid template
    list($count) = $db->fetchRow($db->query("SELECT COUNT(*) FROM " . $db->prefix("tplfile") . " WHERE tpl_tplset='default' AND tpl_file='" . addslashes($tpl_file) . "'"));
    if (!$count) {
        return false;
    }
    // check the template exists in the tplset
    if ($tplset != 'default') {
        list($count) = $db->fetchRow($db->query("SELECT COUNT(*) FROM " . $db->prefix("tplfile") . " WHERE tpl_tplset='" . addslashes($tplset) . "' AND tpl_file='" . addslashes($tpl_file) . "'"));
        if ($count <= 0) {
            // copy from 'default' to the tplset
            $result = $db->query("SELECT * FROM " . $db->prefix("tplfile") . " WHERE tpl_tplset='default' AND tpl_file='" . addslashes($tpl_file) . "'");
            while ($row = $db->fetchArray($result)) {
                $db->queryF("INSERT INTO " . $db->prefix("tplfile") . " SET tpl_refid='" . addslashes($row['tpl_refid']) . "',tpl_module='" . addslashes($row['tpl_module']) . "',tpl_tplset='" . addslashes($tplset) . "',tpl_file='" . addslashes($tpl_file) . "',tpl_desc='" . addslashes($row['tpl_desc']) . "',tpl_type='" . addslashes($row['tpl_type']) . "'");
                $tpl_id = $db->getInsertId();
                $db->queryF("INSERT INTO " . $db->prefix("tplsource") . " SET tpl_id='{$tpl_id}', tpl_source=''");
            }
        }
    }
    // UPDATE just tpl_lastmodified and tpl_source
    $drs = $db->query("SELECT tpl_id FROM " . $db->prefix("tplfile") . " WHERE tpl_tplset='" . addslashes($tplset) . "' AND tpl_file='" . addslashes($tpl_file) . "'");
    while (list($tpl_id) = $db->fetchRow($drs)) {
        $db->queryF("UPDATE " . $db->prefix("tplfile") . " SET tpl_lastmodified='" . addslashes($lastmodified) . "',tpl_lastimported=UNIX_TIMESTAMP() WHERE tpl_id='{$tpl_id}'");
        $db->queryF("UPDATE " . $db->prefix("tplsource") . " SET tpl_source='" . addslashes($tpl_source) . "' WHERE tpl_id='{$tpl_id}'");
        altsys_template_touch($tpl_id);
    }
    return true;
}
 protected function setupTemplate()
 {
     global $cfg;
     parent::setupTemplate();
     $db = Database::getInstance($cfg['DPS']['dsn']);
     $auth = Auth::getInstance();
     $userID = $auth->getUserID();
     $scriptID = pg_escape_string($this->fieldData['scriptID']);
     if (!is_numeric($scriptID)) {
         $this->assign('permError', 't');
     } else {
         $sql = "SELECT count(*) FROM v_tree_script\n\t\t\t\tWHERE id = {$scriptID}\n\t\t\t\t\tAND\tuserid = {$userID}\n\t\t\t\t\tAND permissions & B'" . $cfg['DPS']['fileW'] . "' = '" . $cfg['DPS']['fileW'] . "'";
         if ($db->getOne($sql) > 0) {
             $sql = "SELECT dirid FROM scriptsdir\n\t\t\t\t\tWHERE scriptid = {$scriptID}";
             $dirID = $db->getOne($sql);
             "SELECT count(*) FROM v_tree_dir\n\t\t\t\t\tWHERE id = {$dirID}\n\t\t\t\t\t\tAND\tuserid = {$userID}\n\t\t\t\t\t\tAND permissions & B'" . $cfg['DPS']['fileW'] . "' = '" . $cfg['DPS']['fileW'] . "'";
             if ($db->getOne($sql) > 0) {
                 $flag = true;
             }
         }
         if ($flag) {
             $sql = "SELECT * FROM scripts WHERE id = {$scriptID}";
             $script = $db->getRow($sql);
             $sql = "SELECT count(*) FROM v_tree_script\n\t\t\t\t\tWHERE id = {$scriptID}\n\t\t\t\t\t\tAND\tuserid = {$userID}\n\t\t\t\t\t\tAND permissions & B'" . $cfg['DPS']['fileO'] . "' = '" . $cfg['DPS']['fileO'] . "'";
             $check = $db->getOne($sql);
             if ($check > 0) {
                 $this->assign('own', 't');
             }
             $this->assign('script', $script);
             $this->assign('treeType', '');
         } else {
             $this->assign('permError', 't');
         }
     }
 }
Esempio n. 29
0
 /**
  * Class constructor
  */
 function __construct()
 {
     //get database class instance
     $this->db = Database::getInstance();
     //create new object of Email class
     $this->mailer = new Email();
 }
Esempio n. 30
0
function callback_rm()
{
    global $CACHE;
    $DB = Database::getInstance();
    $DB->query("UPDATE " . DB_PREFIX . "navi SET hide='y' WHERE url='" . BLOG_URL . "?plugin=archiver'");
    $CACHE->updateCache('navi');
}