/** * Create a Columnator Object. * @param array $props This is the properties that the Columnator will use to display. * <pre> * $props = array ( 'attribs' => 'array ( 'style' => 'display:none ), // Optional, * // Attributes that will be stamped on the div that is generated * // if not supplied will be empty array. * // Need to supply if the primary key is not simple column name * 'suffix' => 'V', // Optional, suffix for the action variable for Columnator * // useful when there is a numbner on the screen * // if not supplied one will be generated based on the number of * // Columnator that are generated * 'request_vars' => 'CEMID', // Optional, regexpression or individual name of any request * // vars that are to be copied to the response vars (chained vars) * 'init_column' => 'fldDate', // Optional, Initial Coloumn to be sorted * 'init_order' => 'DESC', // Optional, initial direction * ); * </pre> */ public function __construct($props = []) { parent::__construct(); $this->attribs = isset($props['attribs']) ? $props['attribs'] : []; $suffix = isset($props['suffix']) ? $props['suffix'] : Invocation::next(); $this->navVar = self::navVar($suffix); $initPattern = isset($props['request_vars']) ? $props['request_vars'] : ''; $this->respVars = new Response($initPattern); $initialVars = self::$columnation; $initialVars[self::SORT_COL] = isset($props['init_column']) ? $props['init_column'] : ''; $initialVars[self::SORT_ORDER] = isset($props['init_order']) ? $props['init_order'] : ''; // ensyre that they have been set $requestColumnVars = Request::get($this->navVar, []); foreach ($initialVars as $key => $val) { $this->set($key, isset($requestColumnVars[$key]) ? $requestColumnVars[$key] : $val); } // Get the current settings $this->sortColumn = $this->formVars[self::SORT_COL]; $this->sortOrder = $this->formVars[self::SORT_ORDER]; if (!isset($this->sortOrder) || $this->sortOrder == false || !in_array($this->sortOrder, ['ASC', 'DESC'])) { $this->sortOrder = 'ASC'; } $this->styles[self::COL_LINK_CLASS] = 'jb-collink'; $this->styles[self::COL_BUTTON_CLASS] = 'jb-colbutton'; }
public static function display($menuClasses = null) { $id = 'MenuUtils_display' . Invocation::next(); $jsLibraries = JS::libraryWithDependancies(JS::JQUERY_UI); $activeMenu = Request::get(self::ACTIVE_MENU, 0); $js = <<<JS \$().ready ( function () { \$( '#{$id}' ).show() .accordion({ collapsible: true, active: {$activeMenu} }); }); JS; $html = ''; $html .= Tag::div(['id' => $id, 'style' => 'font-size: 0.8em; width:250px; text-align:left; display:none;']); foreach (self::getMenuItems($menuClasses) as $header => $menuList) { $html .= Tag::hTag('h3') . Tag::hRef('#', $header) . Tag::_hTag('h3') . Tag::div() . Tag::ul(); foreach ($menuList as $row) { $html .= Tag::li(); if (isset($row['slug'])) { $html .= Tag::hRef(Cfg::siteUrl() . '/menu.php?S=' . $row['slug'], $row['name'], $row['attribs']); } else { $html .= Tag::hRef($row['url'], $row['name'], $row['attribs']); } $html .= Tag::_li(); } $html .= Tag::_ul() . Tag::_div(); } $html .= Tag::_div(); return $jsLibraries . JS::javaScript($js) . $html; }
public function xls($tName = '') { if (($tableName = Request::get('tblName', $tName)) == '') { exit; } XLS::output(DB::query(DB::DEF, 'SELECT * FROM ' . $tableName), $tableName); }
public function resetSave() { if (($confirm = Request::get('fldConfirm')) == '' || $confirm != 'RESET CONFIG') { return Widget::popupWrapper('Invalid response, Reset cancelled', -1, 'Action Cancelled') . $this->index(); } else { DB::exec(DB::DEF, 'DELETE FROM tblConfig'); return Widget::popupWrapper('All configuration data has been erased', -1, 'Reset Complete') . $this->index(); } }
public static function check() { // If we do not have jackbooted database then have no CSRFGuard if (!Cfg::get('jb_db', false)) { return true; } // If the variable is not there then assume all good if (($csrfKey = Request::get(CSRFGuard::KEY)) == '') { return true; } return self::valid($csrfKey); }
private static function checkPriviliages($action) { if (!Cfg::get('check_priviliages', false)) { return $action; } if (($loginAction = Privileges::access($action)) === false) { return false; } if (is_string($loginAction) && isset($_SERVER["REQUEST_URI"])) { Request::set(self::SAVE_URL, $_SERVER["REQUEST_URI"]); $action = $loginAction; } return $action; }
public static function check() { if (($val = Request::get(self::KEY)) == '') { return self::NOGUARD; } else { $values = explode(self::DELIM, $val); if (count($values) != 6) { return 'Incorrect TimeGuard format'; } else { if ($values[0] != G::get('fldUser', 'GUEST')) { return 'The user has changed in the submission of this url'; } else { if ($values[1] != $_SERVER['HTTP_HOST']) { return 'Host server has been compromised'; } else { if ($values[2] != $_SERVER['HTTP_USER_AGENT']) { return 'Browser has been compromised'; } else { if ($values[3] != session_id()) { return 'PHP Session ID has been compromised'; } else { if (strpos($_SERVER['SCRIPT_NAME'], $values[4]) === false) { return 'URL has been reused for target file name'; } else { $diff = time() - $values[5]; if ($diff < 0 || $diff > self::EXPIRY) { return 'URL has expired'; } else { return true; } } } } } } } } }
protected function zoom() { $siteUrl = Cfg::siteUrl(); $html = ''; $html .= JS::library(JS::JQUERY); // Get the current Pin $url = Request::get('url'); $jQuery = <<<JS var currentXPos = 0; var currentYPos = 0; var IE = document.all?true:false if (!IE) document.captureEvents(Event.MOUSEMOVE); document.onmousemove = getMouseXY; function getMouseXY(e) { if (IE) { // grab the x-y pos.s if browser is IE currentXPos = event.clientX + document.body.scrollLeft; currentYPos = event.clientY + document.body.scrollTop; } else { // grab the x-y pos.s if browser is NS currentXPos = e.pageX; currentYPos = e.pageY; } if (currentXPos < 0) currentXPos = 0; if (currentYPos < 0) currentYPos = 0; return true; } function movePinToCursor () { var offs = \$('#baseImage').offset(); \$('#PinTop').attr ( 'value', '' + parseInt ( currentYPos - offs.top ) ); \$('#PinLeft').attr ( 'value', '' + parseInt ( currentXPos - offs.left ) ); } JS; $html .= JS::javaScript($jQuery); $html .= Tag::img($siteUrl . $url, ['title' => 'Click on this image to move the Pin', 'id' => 'baseImage', 'onClick' => 'movePinToCursor();', 'name' => 'voodoo_image']); $html .= '<br>X' . Tag::text('PinLeft', '', ['size' => 4, 'id' => 'PinLeft']); $html .= '<br>Y' . Tag::text('PinTop', '', ['size' => 4, 'id' => 'PinTop']); return $html; }
public static function access($action = null) { if (!Cfg::get('check_priviliages')) { return true; } if ($action == null) { $action = Request::get(WebPage::ACTION); } if (isset(self::$cache[$action])) { return self::$cache[$action]; } if (($priviliagesIDs = self::getPriviliageIDs($action)) === false) { self::$log->warn('No priviliages found for action: ' . $action); return self::$cache[$action] = true; } $uid = G::get('fldUserID', '0'); $groupIDs = self::getGroupIDs($uid); $params = []; $privIdIn = DB::in($priviliagesIDs, $params); $params[] = $uid; $params[] = (int) G::get('fldLevel', 7); $groupIn = DB::in($groupIDs, $params); $now = time(); $sql = <<<SQL SELECT count(*) FROM tblSecPrivUserMap WHERE fldPrivilegeID IN ( {$privIdIn} ) AND ( fldStartDate=0 OR fldStartDate < {$now} ) AND ( fldEndDate=0 OR fldEndDate > {$now} ) AND ( ( fldUserID IS NOT NULL AND fldUserID<>'' AND fldUserID=? ) OR ( fldLevelID IS NOT NULL AND fldLevelID<>'' AND fldLevelID>=? ) OR fldGroupID IN ( {$groupIn} ) ) SQL; if (DB::oneValue(DB::DEF, $sql, $params) > 0) { return self::$cache[$action] = true; } return self::canLogin($priviliagesIDs); }
public static function img() { header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Cache-Control: no-store, no-cache, must-revalidate'); header('Cache-Control: post-check=0, pre-check=0', false); header('Pragma: no-cache'); header('Content-type: image/jpeg'); $captchaValue = Request::get('_CP1'); $hatch = Request::get('_CP4'); $fontAngle = 0.0; //$fontFile = dirname ( __FILE__ ) . '/fonts/luggerbu.ttf'; //$fontFile = dirname ( __FILE__ ) . '/fonts/Alanden_.ttf'; $fontFile = dirname(__FILE__) . '/fonts/WAVY.TTF'; $fontSize = 16.0; $box = imagettfbbox($fontSize, $fontAngle, $fontFile, $captchaValue); $min_x = min([$box[0], $box[2], $box[4], $box[6]]); $max_x = max([$box[0], $box[2], $box[4], $box[6]]); $min_y = min([$box[1], $box[3], $box[5], $box[7]]); $max_y = max([$box[1], $box[3], $box[5], $box[7]]); $w = ($max_x - $min_x) * 1.1; $h = ($max_y - $min_y) * 1.4; $im = imagecreatetruecolor($w, $h) or die('Cannot Initialize new GD image stream'); $background_color = imagecolorallocate($im, 50, 50, 50); // Write the text imagettftext($im, $fontSize, $fontAngle, 4, $h - 4, self::textColor($im), $fontFile, $captchaValue); // Hatch for ($i = -$h; $i < $w; $i += $hatch) { imageline($im, $i, 0, $i + $h, $h, self::lineColor($im)); imageline($im, $i, $h, $i + $h, 0, self::lineColor($im)); } // Output imagejpeg($im); imagedestroy($im); exit; }
public function deleteItem() { $id = Request::get('fldID'); Scheduler::factory(['id' => $id])->delete(); return Widget::popupWrapper('Deleted Item: ' . $id) . $this->index(); }
public static function check(Request $request) { if (($formVarLen = $request->count()) == 0) { return true; } foreach ($request as $key => $val) { if (in_array($key, self::$knownFields)) { $formVarLen--; } } if ($formVarLen <= 0) { return true; } if (($checksum = $request->getVar(self::CHECKSUM)) == '') { $request->clear(); if (Cfg::get('jb_tamper_detail', false)) { return 'Checksum Variable Missing from the request.'; } else { self::$log->error('Checksum Variable Missing from the request: ' . $_SERVER['SCRIPT_NAME']); return false; } } else { if (!is_array($checksum)) { $request->clear(); if (Cfg::get('jb_tamper_detail', false)) { return 'Checksum Variable not an array.'; } else { self::$log->error('Checksum Variable not an array: ' . $_SERVER['SCRIPT_NAME']); return false; } } else { if (count($checksum) != 2) { $request->clear(); if (Cfg::get('jb_tamper_detail', false)) { return 'Checksum Variable not 2 elements.'; } else { self::$log->error('Checksum Variable not 2 elements: ' . $_SERVER['SCRIPT_NAME']); return false; } } else { if (!empty($checksum[0])) { $keys = explode(',', $checksum[0]); $allVariablesJoined = $checksum[0]; foreach ($keys as $key) { $allVariablesJoined .= $request->getRaw($key); } } else { $allVariablesJoined = ''; } if (md5($allVariablesJoined) != $checksum[1]) { $request->clear(); if (Cfg::get('jb_tamper_detail', false)) { return 'Checksum failed md5(' . $allVariablesJoined . ')<>' . $checksum[1]; } else { self::$log->error('The checksum has failed. The request variables have been tampered: ' . $_SERVER['SCRIPT_NAME']); return false; } self::$log->error('The checksum has failed. The request variables have been tampered. ' . $_SERVER['SCRIPT_NAME']); } else { return true; } } } } }
public function sourceCode() { $fileName = Request::get('fldFileName', __FILE__); $code = strtr(file_get_contents($fileName), array('&' => '&', '<' => '<')); // http://sunlightjs.com/ $html = <<<HTML <link rel="stylesheet" type="text/css" href="http://www.brettdutton.com/prism/themes/sunlight.default.css" /> <script type="text/javascript" src="http://www.brettdutton.com/prism/sunlight-min.js"></script> <script type="text/javascript" src="http://www.brettdutton.com/prism/lang/sunlight.php-min.js"></script> <pre class="sunlight-highlight-php">{$code}</pre> <script type="text/javascript">Sunlight.highlightAll( );</script> HTML; return $html; }
/** * @param string $matches * @return Response */ public function copyVarsFromRequest($matches = '/.*/') { if (!preg_match('/^\\/.*\\/$/', $matches)) { $matches = '/^' . $matches . '$/'; } foreach (Request::get() as $key => $val) { if (preg_match($matches, $key)) { $this->set($key, $val); } } return $this; }
public function sendPW() { $sql = 'SELECT fldUserID FROM tblUser WHERE fldUser=?'; if (($id = DB::oneValue(DB::DEF, $sql, Request::get('fldEmail'))) === false) { $msg = 'This email does not exist on this system.<br>' . 'Either choose a new email address or register as new customer.' . $this->forgotPassword(); } else { $pw = Password::passGen(10, Password::MEDIUM); if (DB::driver() == DB::MYSQL) { $sql = 'UPDATE tblUser SET fldPassword=PASSWORD(?) WHERE fldUserID=?'; DB::exec(DB::DEF, $sql, [$pw, $id]); } else { $sql = 'UPDATE tblUser SET fldPassword=? WHERE fldUserID=?'; DB::exec(DB::DEF, $sql, [hash('md5', $pw), $id]); } // Update the Database with the new Password combo $boss = Cfg::get('boss'); $desc = Cfg::get('desc'); // create the email message to notify about a password request $body = '<h3>User requested password<br>Email: <b>%s</b></h3><br>From %s'; Mailer::envelope()->format(Mailer::HTML_TEXT)->from(Request::get('fldEmail'))->to($boss)->subject('User requested password')->body(sprintf($body, Request::get('fldEmail'), $desc))->send(); $body = <<<TXT Message from %s Here are your login details Password: %s Regards %s TXT; // create the email message to notify the user of his/her login details Mailer::envelope()->from($boss)->to(Request::get('fldEmail'))->subject('Login Request ' . $desc)->body(sprintf($body, $desc, $pw, $desc))->send(); $msg = 'Soon you will receive an email that will contain your login details.'; } return Widget::popupWrapper($msg, -1); }
protected function insertRows() { $rowsToInsert = (int) Request::get('rows'); $insertedCnt = 0; for ($i = 0; $i < $rowsToInsert; $i++) { $params = array_merge($this->insDefaults, $this->where); $paramValues = null; if (Cfg::get('jb_db', false)) { $params[$this->primaryKey] = DBMaintenance::dbNextNumber($this->db, $this->tableName); } $sql = 'INSERT INTO ' . $this->tableName; if (count($params) > 0) { $sql .= ' (' . join(',', array_keys($params)) . ') ' . 'VALUES (' . DB::in(array_values($params), $paramValues) . ')'; } $insertedCnt += $this->exec($sql, $paramValues); } if ($insertedCnt > 0) { $this->paginator->setRows($this->getRowCount()); } return 'Inserted ' . $insertedCnt . ' row' . StringUtil::plural($insertedCnt) . Tag::br(); }
public function saveConfig() { Config::put(Request::get('fldCfgKey'), Request::get('fldCfgValue')); return Widget::popupWrapper('Saved Config Item: ' . Request::get('fldCfgKey'), 1000, 'Save Config Message') . $this->index(); }
/** * Generates a radio awlwct box from almost anything * @param array $displayList * @param array $attribs html attributes to generate * @param string $defaultValue matches the key in the displayList * @param boolean $blank true if you want to generate a blank row * @returns string The resulting HTML */ static function radio($name, $displayList, $attribs = array()) { // If an array is here if (is_array($displayList) && count($displayList) > 0) { if (isset($attribs['side'])) { $side = $attribs['side']; unset($attribs['side']); } else { $side = 'left'; } if (isset($attribs['default'])) { $defaultValue = $attribs['default']; unset($attribs['default']); } else { $defaultValue = Request::get($name, null); } $tag = array(); $idx = 0; foreach ($displayList as $key => $val) { if (is_int($key)) { $key = $val; } $key = trim($key); $attribs['id'] = $name . $idx++; $label = Tag::label($attribs['id'], ucwords(strtolower($val))); $radio = Tag::radio($name, $key, $defaultValue == $key, $attribs); if ($side == 'left') { $tag[$attribs['id']] = $label . ' ' . $radio; } else { $tag[$attribs['id']] = $radio . ' ' . $label; } } } else { if (is_object($displayList) && $displayList instanceof DBTable) { $newDisplayList = array(); for ($i = 0; $i < $displayList->getRowCount(); $i++) { $key = $displayList->getValue(0, $i); $val = $displayList->getColumnCount() > 1 ? $displayList->getValue(1, $i) : $key; $newDisplayList[' ' . $key] = $val; } $tag = self::radio($name, $newDisplayList, $attribs); } else { if (is_string($displayList)) { $table = new DBTable(DB::DEF, $displayList, null, DB::FETCH_NUM); $tag = self::radio($name, $table, $attribs); } else { if (isset($attribs['default'])) { $tag = Tag::hidden($name, $attribs['default']); } else { $tag = false; } } } } return $tag; }
protected function runCommand() { $cmd = Request::get('CMDTEXT'); echo '<pre>'; echo htmlspecialchars(system($cmd, $return_var)); echo '</pre>'; return $this->askCommand() . '<br/>Returned Value: ' . $return_var; }
/** * Calls the function specified by the incoming ajax request * */ public function execute() { if ($this->executed) { return; } $this->executed = true; if (($function = Request::get('plxf')) == '') { return; } $args = Request::get('plxa', array()); if (function_exists("json_decode")) { foreach ($args as &$val) { if (preg_match('/<plxobj[^>]*>(.|\\n|\\t|\\r)*?<\\/plxobj>/', $val, $matches)) { $val = json_decode(substr($matches[0], 8, -9)); } } } $response = ''; $parts = explode("::", $function); switch (count($parts)) { // Function Call case 1: $response = call_user_func_array($function, $args); break; // Object Call // Object Call case 2: if (isset($this->objectMethods[$parts[0]])) { $objectInfo = $this->objectMethods[$parts[0]]; $response = call_user_func_array(array($objectInfo['ref'], $parts[1]), $args); } else { $response = call_user_func_array(array($parts[0], $parts[1]), $args); } break; default: $response = ''; break; } if (is_bool($response)) { $response = (int) $response; } else { if (function_exists("json_encode") && (is_array($response) || is_object($response))) { $response = json_encode($response); } } echo Tag::hTag('phplivex'), $response, Tag::_hTag('phplivex'); exit; }
public function editAccountSave() { $uid = Request::get('fldUserID', G::get('fldUserID')); $messages = []; $sqls = []; $params = []; $pw = Request::get('fldPassword'); $pwCheck = Request::get('fldPassword_CHK'); $pwOld = Request::get('fldPassword_OLD'); if ($pw != '' && $pwCheck != '') { if (!$this->checkOldPassword($uid, $pwOld)) { $messages[] = '<font color=red>Old Password is not correct<font>'; } else { if ($pw != $pwCheck) { $messages[] = '<font color=red>Passwords are not the same<font>'; } else { if ($pwOld == $pw) { $messages[] = '<font color=red>No Change, old and new passwords same<font>'; } else { if (DB::driver() == DB::MYSQL) { $sqls[] = 'UPDATE tblUser SET fldPassword=PASSWORD(?),fldModified=UNIX_TIMESTAMP() WHERE fldUserID=?'; $params[] = [$pw, $uid]; } else { $sqls[] = 'UPDATE tblUser SET fldPassword=?,fldModified=strftime(\'%s\',\'now\') WHERE fldUserID=?'; $params[] = [hash('md5', $pw), $uid]; } } } } } $sqls[] = 'UPDATE tblUser SET fldSalutation=?,fldModified=' . time() . ' WHERE fldUserID=?'; $params[] = [Request::get('fldSalutation'), $uid]; if (Request::get('fldFirstName') == '') { $messages[] = '<font color=red>First name cannot be empty<font>'; } else { $sqls[] = 'UPDATE tblUser SET fldFirstName=?,fldModified=' . time() . ' WHERE fldUserID=?'; $params[] = [Request::get('fldFirstName'), $uid]; } if (Request::get('fldLastName') == '') { $messages[] = '<font color=red>Last name cannot be empty<font>'; } else { $sqls[] = 'UPDATE tblUser SET fldLastName=?,fldModified=' . time() . ' WHERE fldUserID=?'; $params[] = [Request::get('fldLastName'), $uid]; } if (Request::get('fldTimeZone') != '') { $sqls[] = 'UPDATE tblUser SET fldTimeZone=?,fldModified=' . time() . ' WHERE fldUserID=?'; $params[] = [Request::get('fldTimeZone'), $uid]; } if (Request::get('fldUser') != '') { $sqls[] = 'UPDATE tblUser SET fldUser=?,fldModified=' . time() . ' WHERE fldUserID=?'; $params[] = [Request::get('fldUser'), $uid]; } if (Request::get('fldLevel') != '') { $sqls[] = 'UPDATE tblUser SET fldLevel=?,fldModified=' . time() . ' WHERE fldUserID=?'; $params[] = [Request::get('fldLevel'), $uid]; } if (count($messages) != 0) { return join('<br>', $messages) . $this->editAccount(); } else { foreach ($sqls as $idx => $sql) { DB::exec(DB::DEF, $sql, $params[$idx]); } if ($uid == G::get('fldUserID')) { foreach (DB::oneRow(DB::DEF, 'SELECT * FROM tblUser WHERE fldUserID=?', $uid) as $key => $val) { G::set($key, $val); } } return 'Sucessfully updated user account details' . $this->editAccount(); } }
/** * Create a Pagination Object. * @param array $props This is the properties that the Paginator will use to display. * <pre> * $props = array ( 'attribs' => 'array ( 'style' => 'display:none ), // Optional, * // Attributes that will be stamped on the div that is generated * // if not supplied will be empty array. * // Need to supply if the primary key is not simple column name * 'suffix' => 'V', // Optional, suffix for the action variable for paginator * // useful when there is a numbner on the screen * // if not supplied one will be generated based on the number of * // paginators that are generated * 'request_vars' => 'CEMID', // Optional, regexpression or individual name of any request * // vars that are to be copied to the response vars (chained vars) * 'display_pagesize' => true, // Optional defaults to true. If false the page sizes will not * // be displayed * 'rows' => 100, // Optional. Number of rows that the Paginator has to deal with * // Based on this number and the number of rows per page, the number of * // pages are calculated * 'def_num_rows' => 15, // Optional. Number of rows default on this pagination * ); * </pre> */ public function __construct($props = []) { parent::__construct(); $this->attribs = isset($props['attribs']) ? $props['attribs'] : []; $suffix = isset($props['suffix']) ? $props['suffix'] : Invocation::next(); $this->navVar = self::navVar($suffix); $initPattern = isset($props['request_vars']) ? $props['request_vars'] : ''; $this->respVars = new Response($initPattern); $this->dispPageSize = isset($props['display_pagesize']) ? $props['display_pagesize'] : true; $defPagination = array_merge(self::$pagination); if (isset($props['def_num_rows'])) { $defPagination[self::ROWS_PER_PAGE] = $props['def_num_rows']; } if (!in_array($defPagination[self::ROWS_PER_PAGE], self::$itemsPerPageList)) { self::$itemsPerPageList[] = $defPagination[self::ROWS_PER_PAGE]; sort(self::$itemsPerPageList); } // ensure that they have been set $requestPageVars = Request::get($this->navVar, []); foreach ($defPagination as $key => $val) { $this->set($key, isset($requestPageVars[$key]) ? $requestPageVars[$key] : $val); } if (isset($props['rows'])) { $this->setRows((int) $props['rows']); } $this->styles[self::PAGE_LINK_CLASS] = 'jb-pagelink'; $this->styles[self::PAGE_BUTTON_CLASS] = 'jb-pagebuton'; if ($this->getStart() > 0 && $this->getRows() < $this->getPageSize()) { $this->setStart(0); } }
private static function ensureNoForgery() { if (!Cfg::get('jb_forgery_check', true)) { return; } // Check if the current script is exempt from forgery check $fileName = ''; if (isset($_SERVER['SCRIPT_FILENAME'])) { $fileName = $_SERVER['SCRIPT_FILENAME']; } else { if (isset($_SERVER['argv'][0])) { $fileName = $_SERVER['argv'][0]; } } if (in_array(basename($fileName), Cfg::get('exempt', []))) { return; } // Add the known request variables to TamperGuard foreach (Cfg::get('known', []) as $val) { TamperGuard::known($val); } $message = null; if (($tg = TimeGuard::check()) !== TimeGuard::NOGUARD) { if ($tg !== true) { $message = <<<HTML Invalid AJAX Request ({$tg})<br/> %s has detected changes in the URL.<br/> Please do not manually edit URL or reuse URL (support %s).<br/> You will be <a href="%s">redirected</a> in %s seconds <meta HTTP-EQUIV="REFRESH" content="%s; url=%s"> HTML; } } else { if (($reqChk = Request::check()) !== true) { $reqChk = str_replace('%', '%%', $reqChk); $message = <<<HTML Invalid or expired request (URL Error - {$reqChk})<br/> %s has detected changes in the URL.<br/> Please do not manually edit URL (support %s).<br/> You will be <a href="%s">redirected</a> in %s seconds <meta HTTP-EQUIV="REFRESH" content="%s; url=%s"> HTML; } else { if (!CSRFGuard::check()) { $message = <<<HTML Invalid Request (CSRF error)<br/> %s has detected re-submission or form tampering.<br/> please contact support %s<br/> You will be <a href="%s">redirected</a> in %s seconds <meta HTTP-EQUIV="REFRESH" content="%s; url=%s"> HTML; } } } if ($message != null) { $seconds = '5'; if (($location = Cfg::get('index')) == '') { $location = Cfg::siteUrl() . '/index.php'; } echo sprintf($message, Cfg::get('version'), Cfg::get('boss'), $location, $seconds, $seconds, $location); exit; } }
/** * Generates the text tag * @param array $attribs array of attributes to output * @returns string The resulting HTML */ public static function text($name, $value = '', $attribs = []) { $extraAttribs = ['name' => $name]; if (!isset($attribs['type'])) { $extraAttribs['type'] = 'text'; } if (is_array($value)) { foreach ($value as $key => $val) { $extraAttribs[$key] = $val; } } else { if ($value != '') { $extraAttribs['value'] = $value; } } foreach ($attribs as $key => $val) { $extraAttribs[$key] = $val; } /* Fix this Should be key_exists or something like that */ if (!array_key_exists('value', $extraAttribs)) { $extraAttribs['value'] = Request::get($name); } return self::input($extraAttribs); }
public function checkLogin() { $username = Request::get(self::LOGIN_FNAME); $password = Request::get(self::PASSW_FNAME); if (!isset($username) || $username == false || !isset($password) || $password == false) { return false; } if (self::checkAuthenticated($username, $password)) { self::$log->debug('Killing old session id: ' . session_id()); @session_regenerate_id(true); self::$log->debug('New session has taken over id: ' . session_id()); self::loadPreferences($username); self::sendLoginCookie($username, $password); self::doRedirect(); } else { return 'Invalid Login Details' . $this->index(); } }