public function getLoveHistory($page, $justUser = false) { $front = Frontend::getInstance(); $page--; $l = $this->getLimit() * $page; $where = ''; $sql = "SELECT count(*) " . "FROM " . LOVE_LOVE; $res = mysql_query($sql); $row = mysql_fetch_row($res); $loves = $row[0]; $sql = "SELECT count(*) " . "FROM " . LOVE_LOVE . " " . "WHERE " . LOVE_LOVE . ".receiver = '" . $front->getUser()->getUsername() . "' " . "OR " . LOVE_LOVE . ".giver = '" . $front->getUser()->getUsername() . "' " . ($sql .= $justUser ? '' : "OR " . LOVE_LOVE . ".company_id = '" . $front->getUser()->getCompany_id() . "' "); $sql .= $where . " " . "ORDER BY id DESC"; $res = mysql_query($sql); $row = mysql_fetch_row($res); $count = $row[0]; $cPages = ceil($count / $this->getLimit()); $sql = "SELECT id,giver,receiver,why,private,TIMESTAMPDIFF(SECOND,at,NOW()) as delta " . "FROM " . LOVE_LOVE . " " . "WHERE " . LOVE_LOVE . ".receiver = '" . $front->getUser()->getUsername() . "' " . "OR " . LOVE_LOVE . ".giver = '" . $front->getUser()->getUsername() . "' "; $sql .= $justUser ? '' : "OR " . LOVE_LOVE . ".company_id = '" . $front->getUser()->getCompany_id() . "' "; $sql .= $where . " " . "ORDER BY id DESC " . "LIMIT " . $l . "," . $this->getLimit(); $res = mysql_query($sql); // Construct json for history $this->pages = array(array($page, $cPages, number_format($loves))); for ($i = 1; $row = mysql_fetch_assoc($res); $i++) { $givernickname = getNickName($row['giver']); $givernickname = !empty($givernickname) ? $givernickname : $row['giver']; $receivernickname = getNickName($row['receiver']); $receivernickname = !empty($receivernickname) ? $receivernickname : $row['receiver']; $why = $row['why']; if ($row['private']) { $why .= " (love sent quietly)"; } $history[] = array("id" => $row['id'], "giver" => $row['giver'], "giverNickname" => $givernickname, "receiver" => $row['receiver'], "receiverNickname" => $receivernickname, "why" => $why, "delta" => Utils::relativeTime($row['delta'])); } return $history; }
function checkLoginFromAdmin($userid_from_zend) { $front = Frontend::getInstance(); if (isset($userid_from_zend) && $userid_from_zend != "" && $userid_from_zend != -2) { //echo "0*".$userid_from_zend."*"; $user_id = (int) $userid_from_zend; if ($user_id == 0) { die("Admin session expired"); } if ($front->isUserLoggedIn() && isset($_SESSION["userid"]) && $_SESSION["userid"] != 0 && $_SESSION["userid"] == $user_id) { // already logged nothing to do } else { if ($front->isUserLoggedIn() && isset($_SESSION["userid"]) && $_SESSION["userid"] != 0 && $_SESSION["userid"] != $user_id) { die("You are logged in Love application with another userid in this session. Please, logout from Love application!" . $_SESSION["userid"] . "**" . $user_id); } else { $sql = "SELECT " . USERS . ".*, " . COMPANY . ".name as company_name " . "FROM " . USERS . ", " . COMPANY . " " . "WHERE " . USERS . ".id = " . mysql_real_escape_string($user_id) . " AND " . USERS . ".company_id = " . COMPANY . ".id"; $row = doQuery($sql); $username = $row->username; $nickname = $row->nickname; // $admin = $row->admin; $_SESSION["userid"] = $user_id; $_SESSION["username"] = $username; $_SESSION["nickname"] = $nickname; // $_SESSION["admin"] = $admin; $_SESSION['running'] = "true"; if (!$front->isUserLoggedIn()) { $front = new Frontend(); if (!$front->isUserLoggedIn()) { clearSession(); die("You are still not logged! Click on another tab, and come back back here it could work"); } } if (!isAdmin($user_id)) { clearSession(); die("You should have admin right to get access to this page." . $admin . "**" . USERS); } } } } if (!$front->isUserLoggedIn()) { clearSession(); $front->getUser()->askUserToAuthenticate(); } if (!isAdmin($_SESSION["userid"])) { clearSession(); die("You should have admin right to get access to this page."); } }
// and should build a $js_contents variable which will be output // both to a file and the screen // once the generation has happened the htaccess will then // ensure the flat file version is used // to reset the file just delete the flat file version in the js folder */ // prevent this file from being called directly // we should only allow it to be accessed via mod_rewrite if (preg_match('/generator.php/', $_SERVER["REQUEST_URI"])) { // 404 no_file(); } // we need to check the usual login shtuff include "class/frontend.class.php"; include_once "helper/check_new_user.php"; $front = Frontend::getInstance(); include_once "db_connect.php"; include_once "autoload.php"; if (!$front->isUserLoggedIn()) { $front->getUser()->askUserToAuthenticate(); } // what file are we after? //untaint this paramater $filename = isset($_GET['file']) ? preg_replace("/[^a-zA-Z0-9\\_\\-]/", "", $_GET['file']) : ''; // does the file exist? if (file_exists("view/js/{$filename}.php")) { // if so let's include it include "view/js/{$filename}.php"; // and check it's created the $js_content variable if (!is_null($js_contents) || empty($js_contents)) { // let's pretend we're a js file if we can
/** * Gets number of senders that have sent love to given user (total value) * * @param String $username username(email) of user * @return Integer number of unique senders */ public static function getUserUniqueSenders($username) { $front = Frontend::getInstance(); $mycompany = $front->getCompany()->getId() || MAIN_COMPANY; $givers = 0; $sql = "SELECT COUNT(DISTINCT giver) AS `givers`\n FROM `" . LOVE . "` l\n WHERE l.receiver = '{$username}'\n AND l.company_id = " . (int) $mycompany; $res = mysql_query($sql); if ($res) { $row = mysql_fetch_assoc($res); $givers = $row['givers']; } return $givers; }