public static function menu()
{
if (Privileges::access(__METHOD__) !== true || !G::isLoggedIn()) {
return '';
}
$html = Tag::hTag('b') . 'Database Menu' . Tag::_hTag('b') . Tag::form(['method' => 'get']) . Response::factory()->action(__CLASS__ . '->index()')->toHidden(false) . Lists::select('tblName', self::TABLES_SQL, ['size' => '10', 'onClick' => 'submit();']) . Tag::_form();
return $html;
}
public function index()
{
if (!G::isLoggedIn()) {
return Login::controller(Login::DEF);
}
$crud = new CRUD('tblConfig', ['insDefaults' => ['fldUserID' => G::getUserID()], 'primaryKey' => 'fldKey']);
$crud->setColDisplay('fldUserID', CRUD::HIDDEN);
$crud->columnAttrib('fldValue', ['size' => 60]);
return $crud->index();
}
private static function getScope($scope = self::USER_SCOPE)
{
if (self::$overrideScope) {
$uid = self::$overrideScope;
} else {
if ($scope == self::USER_SCOPE) {
$uid = G::get('fldUserID', self::GLOBAL_SCOPE);
} else {
$uid = self::GLOBAL_SCOPE;
}
}
return $uid;
}
private function displayUserDetails()
{
$jQuery = <<<JS
\$().ready(function() {
\$('#hoverimage').hover( function () { \$('#extralinks').fadeIn('fast'); },
function () { setTimeout("\$('#extralinks').fadeOut('slow');", 3000 ); });
});
JS;
$resp = new Response();
$html = JS::library(JS::JQUERY) . JS::javaScript($jQuery) . Tag::table() . Tag::tr() . Tag::td(['id' => 'hoverimage', 'class' => 'logindetails', 'nowrap' => 'nowrap']) . 'Welcome ' . $this->getDisplayName() . Gravatar::icon(G::get('fldUser')) . Tag::_td() . Tag::_tr() . Tag::tr() . Tag::td(['id' => 'extralinks', 'style' => 'display: none;']) . Tag::ul(['id' => 'vertMenu']) . Tag::li() . Tag::hRef('ajax.php?' . $resp->action('\\Jackbooted\\Admin\\Login->logout()')->toUrl(), 'Logout') . Tag::_li();
foreach ($this->loggedInMenuItems as $name => $act) {
$html .= Tag::li() . Tag::hRef('?' . $resp->action($act)->toUrl(), $name) . Tag::_li();
}
$html .= Tag::_ul() . Tag::_td() . Tag::_tr() . Tag::_table();
return $html;
}
public static function check()
{
if (($val = Request::get(self::KEY)) == '') {
return self::NOGUARD;
} else {
$values = explode(self::DELIM, $val);
if (count($values) != 6) {
return 'Incorrect TimeGuard format';
} else {
if ($values[0] != G::get('fldUser', 'GUEST')) {
return 'The user has changed in the submission of this url';
} else {
if ($values[1] != $_SERVER['HTTP_HOST']) {
return 'Host server has been compromised';
} else {
if ($values[2] != $_SERVER['HTTP_USER_AGENT']) {
return 'Browser has been compromised';
} else {
if ($values[3] != session_id()) {
return 'PHP Session ID has been compromised';
} else {
if (strpos($_SERVER['SCRIPT_NAME'], $values[4]) === false) {
return 'URL has been reused for target file name';
} else {
$diff = time() - $values[5];
if ($diff < 0 || $diff > self::EXPIRY) {
return 'URL has expired';
} else {
return true;
}
}
}
}
}
}
}
}
}
public static function access($action = null)
{
if (!Cfg::get('check_priviliages')) {
return true;
}
if ($action == null) {
$action = Request::get(WebPage::ACTION);
}
if (isset(self::$cache[$action])) {
return self::$cache[$action];
}
if (($priviliagesIDs = self::getPriviliageIDs($action)) === false) {
self::$log->warn('No priviliages found for action: ' . $action);
return self::$cache[$action] = true;
}
$uid = G::get('fldUserID', '0');
$groupIDs = self::getGroupIDs($uid);
$params = [];
$privIdIn = DB::in($priviliagesIDs, $params);
$params[] = $uid;
$params[] = (int) G::get('fldLevel', 7);
$groupIn = DB::in($groupIDs, $params);
$now = time();
$sql = <<<SQL
SELECT count(*) FROM tblSecPrivUserMap
WHERE fldPrivilegeID IN ( {$privIdIn} )
AND ( fldStartDate=0 OR fldStartDate < {$now} )
AND ( fldEndDate=0 OR fldEndDate > {$now} )
AND ( ( fldUserID IS NOT NULL AND fldUserID<>'' AND fldUserID=? ) OR
( fldLevelID IS NOT NULL AND fldLevelID<>'' AND fldLevelID>=? ) OR
fldGroupID IN ( {$groupIn} ) )
SQL;
if (DB::oneValue(DB::DEF, $sql, $params) > 0) {
return self::$cache[$action] = true;
}
return self::canLogin($priviliagesIDs);
}
protected function reloadPreferences()
{
Login::loadPreferences(G::get('fldUser'));
return 'Reloaded Preferences';
}
protected function getDisplayName()
{
$name = G::get('fldFirstName') . ' ' . G::get('fldLastName');
if (G::isLoggedIn() && G::accessLevel(Privileges::getSecurityLevel('SITE ADMIN'))) {
$uName = Tag::hRef('superadmin.php', $name, ['class' => 'admin']);
} else {
$uName = Tag::e($name);
}
return $uName;
}
public function editAccountSave()
{
$uid = Request::get('fldUserID', G::get('fldUserID'));
$messages = [];
$sqls = [];
$params = [];
$pw = Request::get('fldPassword');
$pwCheck = Request::get('fldPassword_CHK');
$pwOld = Request::get('fldPassword_OLD');
if ($pw != '' && $pwCheck != '') {
if (!$this->checkOldPassword($uid, $pwOld)) {
$messages[] = '<font color=red>Old Password is not correct<font>';
} else {
if ($pw != $pwCheck) {
$messages[] = '<font color=red>Passwords are not the same<font>';
} else {
if ($pwOld == $pw) {
$messages[] = '<font color=red>No Change, old and new passwords same<font>';
} else {
if (DB::driver() == DB::MYSQL) {
$sqls[] = 'UPDATE tblUser SET fldPassword=PASSWORD(?),fldModified=UNIX_TIMESTAMP() WHERE fldUserID=?';
$params[] = [$pw, $uid];
} else {
$sqls[] = 'UPDATE tblUser SET fldPassword=?,fldModified=strftime(\'%s\',\'now\') WHERE fldUserID=?';
$params[] = [hash('md5', $pw), $uid];
}
}
}
}
}
$sqls[] = 'UPDATE tblUser SET fldSalutation=?,fldModified=' . time() . ' WHERE fldUserID=?';
$params[] = [Request::get('fldSalutation'), $uid];
if (Request::get('fldFirstName') == '') {
$messages[] = '<font color=red>First name cannot be empty<font>';
} else {
$sqls[] = 'UPDATE tblUser SET fldFirstName=?,fldModified=' . time() . ' WHERE fldUserID=?';
$params[] = [Request::get('fldFirstName'), $uid];
}
if (Request::get('fldLastName') == '') {
$messages[] = '<font color=red>Last name cannot be empty<font>';
} else {
$sqls[] = 'UPDATE tblUser SET fldLastName=?,fldModified=' . time() . ' WHERE fldUserID=?';
$params[] = [Request::get('fldLastName'), $uid];
}
if (Request::get('fldTimeZone') != '') {
$sqls[] = 'UPDATE tblUser SET fldTimeZone=?,fldModified=' . time() . ' WHERE fldUserID=?';
$params[] = [Request::get('fldTimeZone'), $uid];
}
if (Request::get('fldUser') != '') {
$sqls[] = 'UPDATE tblUser SET fldUser=?,fldModified=' . time() . ' WHERE fldUserID=?';
$params[] = [Request::get('fldUser'), $uid];
}
if (Request::get('fldLevel') != '') {
$sqls[] = 'UPDATE tblUser SET fldLevel=?,fldModified=' . time() . ' WHERE fldUserID=?';
$params[] = [Request::get('fldLevel'), $uid];
}
if (count($messages) != 0) {
return join('<br>', $messages) . $this->editAccount();
} else {
foreach ($sqls as $idx => $sql) {
DB::exec(DB::DEF, $sql, $params[$idx]);
}
if ($uid == G::get('fldUserID')) {
foreach (DB::oneRow(DB::DEF, 'SELECT * FROM tblUser WHERE fldUserID=?', $uid) as $key => $val) {
G::set($key, $val);
}
}
return 'Sucessfully updated user account details' . $this->editAccount();
}
}
private static function setUpSession()
{
Login::initSession();
// See if we can log the user in
if (!Login::loadPreferencesFromCookies()) {
if (G::isLoggedIn()) {
Login::logOut();
}
}
}
<td nowrap="nowrap" valign="top" align="right" width="100%">
<?php
echo \Jackbooted\Admin\FancyLogin::controller();
?>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td height="600px" width="100%">
<table width="100%" height="100%" cellpadding="5" cellspacing="0">
<tr>
<td nowrap="nowrap" valign="top">
<?php
echo \Jackbooted\G::isLoggedIn() ? \Jackbooted\Util\MenuUtils::display() : ' ';
?>
</td>
<td align="left" valign="top" width="100%">
<?php
echo \Jackbooted\Html\WebPage::controller(Cfg::get('def_display'));
?>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td width="100%">
<table width="100%" cellpadding="0" cellspacing="0">
<tr>
