public function getLoveHistory($page, $justUser = false)
{
$front = Frontend::getInstance();
$page--;
$l = $this->getLimit() * $page;
$where = '';
$sql = "SELECT count(*) " . "FROM " . LOVE_LOVE;
$res = mysql_query($sql);
$row = mysql_fetch_row($res);
$loves = $row[0];
$sql = "SELECT count(*) " . "FROM " . LOVE_LOVE . " " . "WHERE " . LOVE_LOVE . ".receiver = '" . $front->getUser()->getUsername() . "' " . "OR " . LOVE_LOVE . ".giver = '" . $front->getUser()->getUsername() . "' " . ($sql .= $justUser ? '' : "OR " . LOVE_LOVE . ".company_id = '" . $front->getUser()->getCompany_id() . "' ");
$sql .= $where . " " . "ORDER BY id DESC";
$res = mysql_query($sql);
$row = mysql_fetch_row($res);
$count = $row[0];
$cPages = ceil($count / $this->getLimit());
$sql = "SELECT id,giver,receiver,why,private,TIMESTAMPDIFF(SECOND,at,NOW()) as delta " . "FROM " . LOVE_LOVE . " " . "WHERE " . LOVE_LOVE . ".receiver = '" . $front->getUser()->getUsername() . "' " . "OR " . LOVE_LOVE . ".giver = '" . $front->getUser()->getUsername() . "' ";
$sql .= $justUser ? '' : "OR " . LOVE_LOVE . ".company_id = '" . $front->getUser()->getCompany_id() . "' ";
$sql .= $where . " " . "ORDER BY id DESC " . "LIMIT " . $l . "," . $this->getLimit();
$res = mysql_query($sql);
// Construct json for history
$this->pages = array(array($page, $cPages, number_format($loves)));
for ($i = 1; $row = mysql_fetch_assoc($res); $i++) {
$givernickname = getNickName($row['giver']);
$givernickname = !empty($givernickname) ? $givernickname : $row['giver'];
$receivernickname = getNickName($row['receiver']);
$receivernickname = !empty($receivernickname) ? $receivernickname : $row['receiver'];
$why = $row['why'];
if ($row['private']) {
$why .= " (love sent quietly)";
}
$history[] = array("id" => $row['id'], "giver" => $row['giver'], "giverNickname" => $givernickname, "receiver" => $row['receiver'], "receiverNickname" => $receivernickname, "why" => $why, "delta" => Utils::relativeTime($row['delta']));
}
return $history;
}
function checkLoginFromAdmin($userid_from_zend)
{
$front = Frontend::getInstance();
if (isset($userid_from_zend) && $userid_from_zend != "" && $userid_from_zend != -2) {
//echo "0*".$userid_from_zend."*";
$user_id = (int) $userid_from_zend;
if ($user_id == 0) {
die("Admin session expired");
}
if ($front->isUserLoggedIn() && isset($_SESSION["userid"]) && $_SESSION["userid"] != 0 && $_SESSION["userid"] == $user_id) {
// already logged nothing to do
} else {
if ($front->isUserLoggedIn() && isset($_SESSION["userid"]) && $_SESSION["userid"] != 0 && $_SESSION["userid"] != $user_id) {
die("You are logged in Love application with another userid in this session. Please, logout from Love application!" . $_SESSION["userid"] . "**" . $user_id);
} else {
$sql = "SELECT " . USERS . ".*, " . COMPANY . ".name as company_name " . "FROM " . USERS . ", " . COMPANY . " " . "WHERE " . USERS . ".id = " . mysql_real_escape_string($user_id) . " AND " . USERS . ".company_id = " . COMPANY . ".id";
$row = doQuery($sql);
$username = $row->username;
$nickname = $row->nickname;
// $admin = $row->admin;
$_SESSION["userid"] = $user_id;
$_SESSION["username"] = $username;
$_SESSION["nickname"] = $nickname;
// $_SESSION["admin"] = $admin;
$_SESSION['running'] = "true";
if (!$front->isUserLoggedIn()) {
$front = new Frontend();
if (!$front->isUserLoggedIn()) {
clearSession();
die("You are still not logged! Click on another tab, and come back back here it could work");
}
}
if (!isAdmin($user_id)) {
clearSession();
die("You should have admin right to get access to this page." . $admin . "**" . USERS);
}
}
}
}
if (!$front->isUserLoggedIn()) {
clearSession();
$front->getUser()->askUserToAuthenticate();
}
if (!isAdmin($_SESSION["userid"])) {
clearSession();
die("You should have admin right to get access to this page.");
}
}
// and should build a $js_contents variable which will be output
// both to a file and the screen
// once the generation has happened the htaccess will then
// ensure the flat file version is used
// to reset the file just delete the flat file version in the js folder
*/
// prevent this file from being called directly
// we should only allow it to be accessed via mod_rewrite
if (preg_match('/generator.php/', $_SERVER["REQUEST_URI"])) {
// 404
no_file();
}
// we need to check the usual login shtuff
include "class/frontend.class.php";
include_once "helper/check_new_user.php";
$front = Frontend::getInstance();
include_once "db_connect.php";
include_once "autoload.php";
if (!$front->isUserLoggedIn()) {
$front->getUser()->askUserToAuthenticate();
}
// what file are we after?
//untaint this paramater
$filename = isset($_GET['file']) ? preg_replace("/[^a-zA-Z0-9\\_\\-]/", "", $_GET['file']) : '';
// does the file exist?
if (file_exists("view/js/{$filename}.php")) {
// if so let's include it
include "view/js/{$filename}.php";
// and check it's created the $js_content variable
if (!is_null($js_contents) || empty($js_contents)) {
// let's pretend we're a js file if we can
/**
* Gets number of senders that have sent love to given user (total value)
*
* @param String $username username(email) of user
* @return Integer number of unique senders
*/
public static function getUserUniqueSenders($username)
{
$front = Frontend::getInstance();
$mycompany = $front->getCompany()->getId() || MAIN_COMPANY;
$givers = 0;
$sql = "SELECT COUNT(DISTINCT giver) AS `givers`\n FROM `" . LOVE . "` l\n WHERE l.receiver = '{$username}'\n AND l.company_id = " . (int) $mycompany;
$res = mysql_query($sql);
if ($res) {
$row = mysql_fetch_assoc($res);
$givers = $row['givers'];
}
return $givers;
}
