Esempio n. 1
0
 public function getLoveHistory($page, $justUser = false)
 {
     $front = Frontend::getInstance();
     $page--;
     $l = $this->getLimit() * $page;
     $where = '';
     $sql = "SELECT count(*) " . "FROM " . LOVE_LOVE;
     $res = mysql_query($sql);
     $row = mysql_fetch_row($res);
     $loves = $row[0];
     $sql = "SELECT count(*) " . "FROM " . LOVE_LOVE . " " . "WHERE " . LOVE_LOVE . ".receiver = '" . $front->getUser()->getUsername() . "' " . "OR " . LOVE_LOVE . ".giver = '" . $front->getUser()->getUsername() . "' " . ($sql .= $justUser ? '' : "OR " . LOVE_LOVE . ".company_id = '" . $front->getUser()->getCompany_id() . "' ");
     $sql .= $where . " " . "ORDER BY id DESC";
     $res = mysql_query($sql);
     $row = mysql_fetch_row($res);
     $count = $row[0];
     $cPages = ceil($count / $this->getLimit());
     $sql = "SELECT id,giver,receiver,why,private,TIMESTAMPDIFF(SECOND,at,NOW()) as delta " . "FROM " . LOVE_LOVE . " " . "WHERE " . LOVE_LOVE . ".receiver = '" . $front->getUser()->getUsername() . "' " . "OR " . LOVE_LOVE . ".giver = '" . $front->getUser()->getUsername() . "' ";
     $sql .= $justUser ? '' : "OR " . LOVE_LOVE . ".company_id = '" . $front->getUser()->getCompany_id() . "' ";
     $sql .= $where . " " . "ORDER BY id DESC " . "LIMIT " . $l . "," . $this->getLimit();
     $res = mysql_query($sql);
     // Construct json for history
     $this->pages = array(array($page, $cPages, number_format($loves)));
     for ($i = 1; $row = mysql_fetch_assoc($res); $i++) {
         $givernickname = getNickName($row['giver']);
         $givernickname = !empty($givernickname) ? $givernickname : $row['giver'];
         $receivernickname = getNickName($row['receiver']);
         $receivernickname = !empty($receivernickname) ? $receivernickname : $row['receiver'];
         $why = $row['why'];
         if ($row['private']) {
             $why .= " (love sent quietly)";
         }
         $history[] = array("id" => $row['id'], "giver" => $row['giver'], "giverNickname" => $givernickname, "receiver" => $row['receiver'], "receiverNickname" => $receivernickname, "why" => $why, "delta" => Utils::relativeTime($row['delta']));
     }
     return $history;
 }
Esempio n. 2
0
function checkLoginFromAdmin($userid_from_zend)
{
    $front = Frontend::getInstance();
    if (isset($userid_from_zend) && $userid_from_zend != "" && $userid_from_zend != -2) {
        //echo "0*".$userid_from_zend."*";
        $user_id = (int) $userid_from_zend;
        if ($user_id == 0) {
            die("Admin session expired");
        }
        if ($front->isUserLoggedIn() && isset($_SESSION["userid"]) && $_SESSION["userid"] != 0 && $_SESSION["userid"] == $user_id) {
            // already logged nothing to do
        } else {
            if ($front->isUserLoggedIn() && isset($_SESSION["userid"]) && $_SESSION["userid"] != 0 && $_SESSION["userid"] != $user_id) {
                die("You are logged in Love application with another userid in this session. Please, logout from Love application!" . $_SESSION["userid"] . "**" . $user_id);
            } else {
                $sql = "SELECT " . USERS . ".*, " . COMPANY . ".name as company_name  " . "FROM " . USERS . ", " . COMPANY . " " . "WHERE " . USERS . ".id = " . mysql_real_escape_string($user_id) . " AND " . USERS . ".company_id = " . COMPANY . ".id";
                $row = doQuery($sql);
                $username = $row->username;
                $nickname = $row->nickname;
                //           $admin = $row->admin;
                $_SESSION["userid"] = $user_id;
                $_SESSION["username"] = $username;
                $_SESSION["nickname"] = $nickname;
                //         $_SESSION["admin"] = $admin;
                $_SESSION['running'] = "true";
                if (!$front->isUserLoggedIn()) {
                    $front = new Frontend();
                    if (!$front->isUserLoggedIn()) {
                        clearSession();
                        die("You are still not logged! Click on another tab, and come back back here it could work");
                    }
                }
                if (!isAdmin($user_id)) {
                    clearSession();
                    die("You should have admin right to get access to this page." . $admin . "**" . USERS);
                }
            }
        }
    }
    if (!$front->isUserLoggedIn()) {
        clearSession();
        $front->getUser()->askUserToAuthenticate();
    }
    if (!isAdmin($_SESSION["userid"])) {
        clearSession();
        die("You should have admin right to get access to this page.");
    }
}
Esempio n. 3
0
// and should build a $js_contents variable which will be output
// both to a file and the screen
// once the generation has happened the htaccess will then
// ensure the flat file version is used
// to reset the file just delete the flat file version in the js folder
*/
// prevent this file from being called directly
// we should only allow it to be accessed via mod_rewrite
if (preg_match('/generator.php/', $_SERVER["REQUEST_URI"])) {
    // 404
    no_file();
}
// we need to check the usual login shtuff
include "class/frontend.class.php";
include_once "helper/check_new_user.php";
$front = Frontend::getInstance();
include_once "db_connect.php";
include_once "autoload.php";
if (!$front->isUserLoggedIn()) {
    $front->getUser()->askUserToAuthenticate();
}
// what file are we after?
//untaint this paramater
$filename = isset($_GET['file']) ? preg_replace("/[^a-zA-Z0-9\\_\\-]/", "", $_GET['file']) : '';
// does the file exist?
if (file_exists("view/js/{$filename}.php")) {
    // if so let's include it
    include "view/js/{$filename}.php";
    // and check it's created the $js_content variable
    if (!is_null($js_contents) || empty($js_contents)) {
        // let's pretend we're a js file if we can
Esempio n. 4
0
 /**
  * Gets number of senders that have sent love to given user (total value)
  * 
  * @param String $username username(email) of user
  * @return Integer number of unique senders 
  */
 public static function getUserUniqueSenders($username)
 {
     $front = Frontend::getInstance();
     $mycompany = $front->getCompany()->getId() || MAIN_COMPANY;
     $givers = 0;
     $sql = "SELECT COUNT(DISTINCT giver) AS `givers`\n                    FROM `" . LOVE . "` l\n                    WHERE l.receiver = '{$username}'\n                    AND l.company_id = " . (int) $mycompany;
     $res = mysql_query($sql);
     if ($res) {
         $row = mysql_fetch_assoc($res);
         $givers = $row['givers'];
     }
     return $givers;
 }