Esempio n. 1
0
 public static function post()
 {
     $form = f::dbFirstRow("select name, enabled_domains, detail \n\t\t\t\t\t\tfrom fm_forms \n\t\t\t\t\t\twhere id = {p:form_id} \n\t\t\t\t\t\tand client_id = {p:client_id} \n\t\t\t\t\t\tand (available_from = '' or available_from <= curdate()) \n\t\t\t\t\t\tand (available_to = '' or available_to >= curdate()) \n\t\t\t\t\t\tand status = 1");
     self::validateForm($form);
     if (f::hasErrors()) {
         return;
     }
     // get form data
     $formDetail = json_decode($form["detail"], true);
     $fields = $formDetail["fields"];
     // validate captcha
     if (isset($formDetail["captcha"]) && $formDetail["captcha"]) {
         f::validateParam("captcha", array("captcha"), "Wrong captcha");
     }
     $dataFields = self::validateFields($fields);
     if (f::hasErrors()) {
         return;
     }
     // validations are ok, then insert
     $userData = json_encode($dataFields, JSON_UNESCAPED_UNICODE);
     $siteTableId = "fm_userdata_" . substr("00" . f::getParam("client_id") * 1, -3);
     $insertId = f::dbInsert("insert into {d:siteTableId} set \n\t\t\t\t\t\t\t\tcreated_date = now(),\n\t\t\t\t\t\t\t\tstatus = 0,\n\t\t\t\t\t\t\t\tform_id = {p:form_id}, \n\t\t\t\t\t\t\t\tclient_id = {p:client_id}, \n\t\t\t\t\t\t\t\tuser_data = {userData}", array("siteTableId" => $siteTableId, "userData" => $userData));
     if (!$insertId) {
         f::setError(500, "Unexpected Error");
     } else {
         f::setResponseJson(array("ok" => true));
     }
 }
Esempio n. 2
0
 public static function edit()
 {
     if (!security::isLogged() || !USER_IS_ADMIN) {
         return;
     }
     $name = f::getParam("name");
     $availableFrom = f::date2sql(f::getParam("available_from"));
     $availableTo = f::date2sql(f::getParam("available_to"));
     $status = f::getParam("status");
     if ($status != 1 && $status != 0 && $status != 2) {
         f::setError(400, "Wrong Status");
     }
     if (!$name) {
         f::setError(400, "Invalid form name");
     }
     $clientExists = f::dbRes("select 1 from fm_clients where id = {p:client_id}");
     if (!$clientExists) {
         f::setError(400, "Client does not Exist");
     }
     if (!f::hasErrors()) {
         if (f::getParam("form_id")) {
             f::dbQuery("insert into fm_forms_log (created_date, form_id, client_id, name, enabled_domains, detail, available_from, available_to, status, description)\n\t\t\t\t\tselect now(), id, client_id, name, enabled_domains, detail, available_from, available_to, status, description from fm_forms where id = {p:form_id}");
             f::dbQuery("update fm_forms set name = {p:name}, detail = {p:detail}, available_from = {availableFrom}, available_to = {availableTo}, status = {p:status} where id = {p:form_id}", array("availableFrom" => $availableFrom, "availableTo" => $availableTo));
         } else {
             f::dbQuery("insert into fm_forms set client_id = {p:client_id}, name = {p:name}, detail = {p:detail}, available_from = {availableFrom}, available_to = {availableTo}, status = {p:status} ", array("availableFrom" => $availableFrom, "availableTo" => $availableTo));
         }
         f::setResponseJson(array("ok" => 1));
     }
 }
Esempio n. 3
0
 public static function save()
 {
     if (!security::isLogged() || !USER_IS_ADMIN) {
         return;
     }
     $status = f::getParam("status");
     $clientId = f::getParam("client_id");
     $name = f::getParam("name");
     if ($status != 1 && $status != 0) {
         f::setError(400, "Invalid Client Status");
     }
     if (!$clientId && !$name) {
         f::setError(400, "Invalid Client Name");
     }
     $clientExists = f::dbRes("select 1 from fm_clients where id = {p:client_id}") == 1;
     if ($clientId && !$clientExists) {
         f::setError(400, "Invalid Client Id");
     }
     if (!f::hasErrors()) {
         if ($clientId) {
             f::dbQuery("update fm_clients set status = {p:status} where id = {p:client_id}");
         } else {
             f::dbQuery("insert into fm_clients set name = {p:name}, status = {p:status}");
         }
         f::setResponseJson(array("ok" => 1));
     }
 }
Esempio n. 4
0
 public static function get()
 {
     if (!security::isLogged()) {
         return;
     }
     $clients = f::dbFullRes("select distinct c.id, c.name \n\t\t\t\t\t\t\t\t from fm_clients c\n\t\t\t\t\t\t\t\t join fm_users_clients uc on (uc.client_id = c.id)\n\t\t\t\t\t\t\t\t where c.status = 1\n\t\t\t\t\t\t\t\t and uc.user_id = {userId}\n\t\t\t\t\t\t\t\t order by c.name ", array("userId" => USER_ID));
     $forms = f::dbFullRes("select c.id client_id, f.id, f.name, f.status\n\t\t\t\t\t\t\t\t from fm_forms f\n\t\t\t\t\t\t\t\t join fm_clients c on (c.id = f.client_id)\n\t\t\t\t\t\t\t\t join fm_users_clients uc on (uc.client_id = c.id)\n\t\t\t\t\t\t\t\t where c.status = 1\n\t\t\t\t\t\t\t\t and uc.user_id = {userId}\n\t\t\t\t\t\t\t\t order by c.id, f.status desc, f.id desc ", array("userId" => USER_ID));
     foreach ($forms as $k => $v) {
         $siteTableId = "fm_userdata_" . substr("00" . $forms[$k]["client_id"], -3);
         $forms[$k]["data_7_days"] = f::dbRes("select count(*) from {d:siteTableId} ud where ud.form_id = {formId} and date(created_date) >= (CURDATE() - INTERVAL 7 DAY)", array("siteTableId" => $siteTableId, "formId" => $forms[$k]["id"]));
         $forms[$k]["data_total"] = f::dbRes("select count(*) from {d:siteTableId} ud where ud.form_id = {formId}", array("siteTableId" => $siteTableId, "formId" => $forms[$k]["id"]));
     }
     f::setResponseJson(array("clients" => $clients, "forms" => $forms));
 }
Esempio n. 5
0
 public static function post()
 {
     $token = f::getParam("_api_key");
     $userIp = $_SERVER["REMOTE_ADDR"];
     $sessionId = f::dbRes("select id from ge_sessions where user_ip='{$userIp}' and token='{$token}' and status=1");
     if ($sessionId) {
         if (defined("DELETE_SESSIONS")) {
             f::dbQuery("delete from ge_sessions where id='{$sessionId}'");
         } else {
             f::dbQuery("update ge_sessions set status=0 where id='{$sessionId}'");
         }
         f::setResponseJson(array("ok" => 1));
     } else {
         f::setError(400, "Sesion invalida");
     }
 }
Esempio n. 6
0
 public static function get()
 {
     $form = f::dbFirstRow("select enabled_domains, detail \n\t\t\t\t\t\tfrom fm_forms \n\t\t\t\t\t\twhere id = {p:form_id} \n\t\t\t\t\t\tand client_id = {p:client_id} \n\t\t\t\t\t\tand (available_from = '' or available_from <= curdate()) \n\t\t\t\t\t\tand (available_to = '' or available_to >= curdate()) \n\t\t\t\t\t\tand status = 1");
     if (!$form) {
         f::setError(400, "Form not found");
     } else {
         if (!self::checkDomain($form)) {
             f::setError(400, "Hostname not allowed");
         }
     }
     if (f::hasErrors()) {
         return;
     }
     $formDetail = json_decode($form["detail"], true);
     $uniqId = sha1(uniqid());
     $captcha = f::getCaptcha();
     f::setResponseJson(array("id" => $uniqId, "captcha" => $captcha, "form" => $formDetail));
 }
Esempio n. 7
0
 public static function post()
 {
     $user = f::getParam("user");
     $pass = f::getParam("pass");
     $userId = f::dbRes("select id from fm_users where email='{$user}' and (password='******' or password='******') and status=1");
     $userIp = $_SERVER["REMOTE_ADDR"];
     if (!$userId) {
         f::setError(400, "Invalid user");
     } else {
         // create token
         $token = md5(uniqid($userId, true)) . md5(uniqid());
     }
     if (!f::hasErrors()) {
         $userName = f::dbRes("select name from fm_users where id='{$userId}'");
         $isAdmin = f::dbRes("select is_admin from fm_users where id='{$userId}'") == 1;
         f::dbQuery("insert into fm_sessions set user_id='{$userId}', user_ip='{$userIp}', token='{$token}', status=1, created_date=now()");
         f::setResponseJson(array("userName" => $userName, "_api_key" => $token, "isAdmin" => $isAdmin));
     }
 }
Esempio n. 8
0
 private static function step2($page, $start, $rowsPerPage, $outData)
 {
     $excel = f::getParam("excel") == 1;
     $order = f::getParam("order") * 1;
     $orderDesc = f::getParam("orderDesc") * 1;
     $orderBy = $order == "" ? "" : " ORDER BY {$order}";
     $clientId = f::dbRes("select client_id from fm_forms where id = {p:form_id}");
     $siteTableId = "fm_userdata_" . substr("00" . $clientId, -3);
     $limit = $excel ? "" : " limit {$start}, {$rowsPerPage}";
     $textFilter = "";
     if (f::getParam("textFilter")) {
         $textFilter = " and user_data like '%" . f::dbEscape(f::getParam("textFilter")) . "%'";
     }
     $sql = "select SQL_CALC_FOUND_ROWS id, date_format(created_date,'%d/%m/%Y %H:%i') as created_date, user_data \n\t\t\t\t\t\tfrom {d:siteTableId}\n\t\t\t\t\t\twhere form_id = {p:form_id} \n\t\t\t\t\t\t{n:textFilter}\n\t\t\t\t\t\torder by id desc {d:orderBy} {d:limit}";
     $formData = f::dbFullRes($sql, array("siteTableId" => $siteTableId, "textFilter" => $textFilter, "orderBy" => $orderBy, "limit" => $limit));
     foreach ($formData as $k => $v) {
         $formData[$k]["user_data"] = json_decode($formData[$k]["user_data"], true);
     }
     $totalRows = f::dbRes("SELECT FOUND_ROWS()");
     if ($totalRows <= $page * $rowsPerPage) {
         $outData["nextPage"] = 0;
     }
     $form = f::dbFirstRow("select id, name, enabled_domains, detail \n\t\t\t\tfrom fm_forms \n\t\t\t\twhere id = {p:form_id}");
     $form["detail"] = json_decode($form["detail"], true);
     $outData["form"] = $form;
     $outData["data"] = $formData;
     $outData["totalRows"] = $totalRows;
     $outData["order"] = $order;
     $outData["orderDesc"] = $orderDesc;
     $outData["end"] = min($outData["start"] + $rowsPerPage, $totalRows);
     if (!$excel) {
         f::setResponseJson($outData);
     } else {
         $out = self::prepareExcel($form, $formData);
         $formName = preg_replace("/[^A-Za-z0-9 ]/", '', $form["name"]);
         f::setExcelOutput($form["id"] . "_{$formName}_" . date("Ymd_His") . ".xls", $out);
     }
 }
Esempio n. 9
0
 public static function add()
 {
     if (!security::isLogged() || !USER_IS_ADMIN) {
         return;
     }
     $status = f::getParam("status");
     $name = f::getParam("name");
     $email = f::getParam("email");
     $password1 = trim(f::getParam("password1"));
     $password2 = trim(f::getParam("password2"));
     $exists = f::dbRes("select 1 from fm_users where name = {name}", array("name" => $name));
     if (!$email) {
         f::setError(400, "Email field is missing");
     } else {
         if (!$name) {
             f::setError(400, "Name field is missing");
         } else {
             if ($exists) {
                 f::setError(400, "Failed, user already exists.");
             }
         }
     }
     if ($status != 1 && $status != 0) {
         f::setError(400, "Incorrect Status");
     }
     if ($password1 && $password1 != $password2) {
         f::setError(400, "Incorrect Password");
     }
     if (!f::hasErrors()) {
         $userId = f::dbInsert("insert into fm_users set email = {email}, name = {name}, status = {status} ", array("email" => $email, "name" => $name, "status" => $status));
         if ($password1 && $password1 == $password2) {
             f::dbQuery("update fm_users set password = {pwd} where id = {userId}", array("pwd" => md5($password1), "userId" => $userId));
         }
         $userClients = f::getParam("userClients");
         f::dbQuery("delete from fm_users_clients where user_id = {userId}");
         foreach ($userClients as $clientId => $value) {
             f::dbQuery("insert into fm_users_clients set user_id = {userId}, client_id = {clientId}", array("userId" => $userId, "clientId" => $clientId));
         }
         f::setResponseJson(array("userId" => $userId));
     }
 }
Esempio n. 10
0
 public static function get()
 {
     if (security::isLogged()) {
         f::setResponseJson(array("userName" => USER_NAME, "isAdmin" => USER_IS_ADMIN));
     }
 }