private function __construct()
{
$this->m_state = json_decode(file_get_contents(__DIR__ . ServiceState::StateFile), true);
if ($this->m_state === null) {
Error('Unable to decode the service state file (' . ServiceState::StateFile . ').');
}
}
function edit_user()
{
if (!is_logged_in() || !is_post_parameter_complete(array('salutation', 'gender', 'firstname', 'lastname', 'birthyear', 'birthmonth', 'birthday', 'password', 'aboutme'))) {
Redirect('../edit_user.php');
}
$userDetails['salutation'] = $_POST['salutation'];
$userDetails['firstname'] = $_POST['firstname'];
$userDetails['lastname'] = $_POST['lastname'];
$userDetails['gender'] = $_POST['gender'];
$userDetails['birthdate'] = "{$_POST['birthyear']}-{$_POST['birthmonth']}-{$_POST['birthday']}";
$userDetails['username'] = $_SESSION['user']['username'];
$userDetails['password'] = $_POST['password'];
$userDetails['aboutme'] = $_POST['aboutme'];
if (is_admin()) {
if (is_post_parameter_complete(array('accesslevel'))) {
$userDetails['accesslevel'] = $_POST['accesslevel'];
} else {
Redirect('../edit_user.php');
}
} else {
$userDetails['accesslevel'] = 'User';
}
if (EditUser($userDetails)) {
if ($_SESSION['user']['accesslevel'] == $userDetails['accesslevel']) {
$_SESSION['user'] = SelectUser($userDetails['username']);
Redirect('../index.php');
} else {
Redirect('../landing.php/logout');
}
} else {
Error('Edit Failed');
}
}
function register_user()
{
if (!is_post_parameter_complete(array('salutation', 'gender', 'firstname', 'lastname', 'birthyear', 'birthmonth', 'birthday', 'username', 'password', 'aboutme'))) {
Redirect('../register.php');
}
$userDetails['salutation'] = $_POST['salutation'];
$userDetails['firstname'] = $_POST['firstname'];
$userDetails['lastname'] = $_POST['lastname'];
$userDetails['gender'] = $_POST['gender'];
$userDetails['birthdate'] = "{$_POST['birthyear']}-{$_POST['birthmonth']}-{$_POST['birthday']}";
$userDetails['username'] = $_POST['username'];
$userDetails['password'] = $_POST['password'];
$userDetails['aboutme'] = $_POST['aboutme'];
if (is_admin()) {
if (is_post_parameter_complete(array('accesslevel'))) {
$userDetails['accesslevel'] = $_POST['accesslevel'];
} else {
Redirect('../register.php');
}
} else {
$userDetails['accesslevel'] = 'User';
}
if (AddUser($userDetails)) {
Redirect('../index.php');
} else {
Error('Registration Failed');
}
}
function initialize_store()
{
if (!is_logged_in()) {
Error('Invalid Access');
}
$GLOBALS['items'] = GetItems();
}
public function save()
{
$aid = $this->admin['aid'];
$password = ForceStringFrom('password');
$passwordconfirm = ForceStringFrom('passwordconfirm');
$email = ForceStringFrom('email');
$fullname = ForceStringFrom('fullname');
$fullname_en = ForceStringFrom('fullname_en');
if (strlen($password) or strlen($passwordconfirm)) {
if (strcmp($password, $passwordconfirm)) {
$errors[] = '两次输入的密码不相同!';
}
}
if (!$email) {
$errors[] = '请输入Email地址!';
} elseif (!IsEmail($email)) {
$errors[] = 'Email地址不规范!';
} elseif (APP::$DB->getOne("SELECT aid FROM " . TABLE_PREFIX . "admin WHERE email = '{$email}' AND aid != '{$aid}'")) {
$errors[] = 'Email地址已占用!';
}
if (!$fullname) {
$errors[] = '请输入中文昵称!';
}
if (!$fullname_en) {
$errors[] = '请输入英文昵称!';
}
if (isset($errors)) {
Error($errors, '编辑我的信息错误');
} else {
APP::$DB->exe("UPDATE " . TABLE_PREFIX . "admin SET \r\n\t\t\t" . Iif($password, "password = '******',") . "\r\n\t\t\temail = '{$email}',\r\n\t\t\tfullname = '{$fullname}',\r\n\t\t\tfullname_en = '{$fullname_en}'\r\n\t\t\tWHERE aid = '{$aid}'");
Success('myprofile');
}
}
/**
* validateLogin, verify that the login credentials are correct.
*
* @param string $login the login field
* @param string $password the password
*
* @return array
* index 0 -> false if login failed, index of the administrator if successful
* index 1 -> error message when login fails
*
* eg
* return array(5,'OK'); // -> login successful for admin 5
* return array(0,'Incorrect login details'); // login failed
*/
public function validateLogin($login, $password)
{
$query = sprintf('select password, disabled, id from %s where loginname = "%s"', $GLOBALS['tables']['admin'], sql_escape($login));
$req = Sql_Query($query);
$admindata = Sql_Fetch_Assoc($req);
$encryptedPass = hash(ENCRYPTION_ALGO, $password);
$passwordDB = $admindata['password'];
#Password encryption verification.
if (strlen($passwordDB) < $GLOBALS['hash_length']) {
// Passwords are encrypted but the actual is not.
#Encrypt the actual DB password before performing the validation below.
$encryptedPassDB = hash(ENCRYPTION_ALGO, $passwordDB);
$query = sprintf('update %s set password = "******" where loginname = "%s"', $GLOBALS['tables']['admin'], $encryptedPassDB, sql_escape($login));
$passwordDB = $encryptedPassDB;
$req = Sql_Query($query);
}
if ($admindata['disabled']) {
return array(0, s('your account has been disabled'));
} elseif (!empty($passwordDB) && $encryptedPass == $passwordDB) {
return array($admindata['id'], 'OK');
} else {
if (!empty($GLOBALS['admin_auth_module'])) {
Error(s('Admin authentication has changed, please update your admin module'), 'https://resources.phplist.com/documentation/errors/adminauthchange');
return;
}
return array(0, s('incorrect password'));
}
if (!empty($GLOBALS['admin_auth_module'])) {
Error(s('Admin authentication has changed, please update your admin module'), 'https://resources.phplist.com/documentation/errors/adminauthchange');
return;
}
return array(0, s('Login failed'));
}
public function save()
{
$aids = $_POST['aids'];
$nums = count($aids);
$msg = ForceStringFrom('msg');
$msg_en = ForceStringFrom('msg_en');
if ($nums < 1) {
$errors[] = '请选择所属客服人员!';
}
if (!$msg) {
$errors[] = '请填写常用短语中文内容!';
}
if (!$msg_en) {
$errors[] = '请填写常用短语英文内容!';
}
if (isset($errors)) {
Error($errors, '添加常用短语');
}
for ($i = 0; $i < $nums; $i++) {
$aid = ForceInt($aids[$i]);
APP::$DB->exe("INSERT INTO " . TABLE_PREFIX . "phrase (aid, activated, msg, msg_en) VALUES ('{$aid}', 1, '{$msg}', '{$msg_en}')");
$lastid = APP::$DB->insert_id;
APP::$DB->exe("UPDATE " . TABLE_PREFIX . "phrase SET sort = '{$lastid}' WHERE pid = '{$lastid}'");
}
Success('phrases');
}
public function __construct($IdOrRow)
{
$row = NULL;
if ($IdOrRow) {
if (is_integer($IdOrRow) or is_numeric($IdOrRow)) {
$row = dbFetchOne('SELECT * FROM Frames WHERE Id=?', NULL, array($IdOrRow));
if (!$row) {
Error("Unable to load Frame record for Id=" . $IdOrRow);
}
} elseif (is_array($IdOrRow)) {
$row = $IdOrRow;
} else {
Error("Unknown argument passed to Frame Constructor ({$IdOrRow})");
return;
}
}
# end if isset($IdOrRow)
if ($row) {
foreach ($row as $k => $v) {
$this->{$k} = $v;
}
} else {
Error("No row for Frame " . $IdOrRow);
}
}
public function __construct($IdOrRow)
{
$row = NULL;
if ($IdOrRow) {
if (is_integer($IdOrRow) or is_numeric($IdOrRow)) {
$row = dbFetchOne('SELECT * FROM Monitors WHERE Id=?', NULL, array($IdOrRow));
if (!$row) {
Error("Unable to load Server record for Id=" . $IdOrRow);
}
} elseif (is_array($IdOrRow)) {
$row = $IdOrRow;
} else {
Error("Unknown argument passed to Monitor Constructor ({$IdOrRow})");
return;
}
}
# end if isset($IdOrRow)
if ($row) {
foreach ($row as $k => $v) {
$this->{$k} = $v;
}
if ($this->{'Controllable'}) {
$s = dbFetchOne('SELECT * FROM Controls WHERE Id=?', NULL, array($this->{'ControlId'}));
foreach ($s as $k => $v) {
if ($k == 'Id') {
continue;
}
$this->{$k} = $v;
}
}
} else {
Error("No row for Monitor " . $IdOrRow);
}
}
public function LinkPath()
{
if (ZM_USE_DEEP_STORAGE) {
return $this->{'MonitorId'} . '/' . strftime("%y/%m/%d/.", $this->Time()) . $this->{'Id'};
}
Error("Calling Link_Path when not using deep storage");
return '';
}
function chk_id($id, $url = "", $msg = "操作非法")
{
$id = intval($id);
if (!$id || $id == 0) {
Error($msg, $url);
}
return true;
}
function Fatal_error($msg)
{
global $config;
# logError($msg);
$emailmsg = ' Fatal Error ' . $config["websiteurl"] . "\n\n" . $PHP_SELF . " " . $page . ", {$msg}";
sendError($emailmsg);
Error($msg);
exit;
}
function check_user($user_id)
{
$sql = mysql_query("SELECT COUNT(*) FROM " . TABLE_ORDER . " WHERE user_id='{$user_id}'") or Error(1, __FILE__, __LINE__);
$arr = @mysql_fetch_array($sql);
if (@$arr[0]) {
return 1;
}
return 0;
}
function check_event($event_id)
{
$sql = mysql_query("SELECT user_id FROM " . TABLE_EVENT . " WHERE event_id={$event_id}") or Error(1, __FILE__, __LINE__);
$info = @mysql_fetch_array($sql);
if ($info['user_id'] != $_SESSION['admin_id']) {
return '-';
}
return 0;
}
fclose($handle);
}
/**
* Add a new mail content by Admin
* @param array 0 => title, 1 => content
*/
public static function addNewMail($newmail)
{
assert(count($newmail) == 2);
xassert(trim($newmail['title']) != '' && $newmail['content'] != '', Error('nullContent'));
public function verifyAndRotateLogs()
{
$directory = realpath(__DIR__ . '/../../logs/');
$latest = $directory . '/latest.log';
if (!file_exists($latest)) {
Error('ServicesMonitor: The latest log file does not exists (/logs/latest.log).');
return;
}
if (!is_writable($directory)) {
Error('ServicesMonitor: Unable to write to the logs (/logs/) directory.');
return;
}
$logs = array();
$errors = array();
$warnings = array();
$invalid = array();
$entries = file($latest);
while (($line = array_shift($entries)) !== null) {
$line = trim($line);
if (!strlen($line)) {
continue;
}
if (!preg_match('/^\\[(\\d+-\\d+-\\d+ \\d+:\\d+:\\d+)\\] \\[(Error|Warning|Info)\\] (.*?)$/s', $line, $matches)) {
$invalid[] = $line;
continue;
}
while (count($entries) > 0 && substr(reset($entries), 0, 3) != '[20') {
$matches[3] .= PHP_EOL . trim(array_shift($entries));
}
$date = substr($matches[1], 0, 10);
if (!array_key_exists($date, $logs)) {
$logs[$date] = array();
}
$logs[$date][] = $matches;
if ($matches[2] == 'Warning') {
$warnings[] = $matches;
}
if ($matches[2] == 'Error') {
$errors[] = $matches;
}
}
foreach ($logs as $date => $entries) {
$file = fopen($directory . '/' . $date . '.log', 'a');
foreach ($entries as $entry) {
fwrite($file, '[' . $entry[1] . '] [' . $entry[2] . '] ' . trim($entry[3]) . PHP_EOL);
}
fclose($file);
}
file_put_contents($latest, '');
if (!count($errors) && !count($warnings) && !count($invalid)) {
return;
}
$message = $this->loadMessage($errors, $warnings, $invalid);
$subject = 'Service Monitor update for ' . date('Y-m-d');
$headers = array('From: Peter Beverloo <*****@*****.**>', 'Reply-To: Peter Beverloo <*****@*****.**>', 'Return-Path: Peter Beverloo <*****@*****.**>', 'Content-Type: text/html');
mail(Configuration::$serviceMonitorUpdateAddress, $subject, $message, implode("\r\n", $headers));
}
function check_tz($tz_id)
{
$sql = mysql_query("SELECT COUNT(*) FROM " . TABLE_OBJECT . " WHERE tz_id={$tz_id}") or Error(1, __FILE__, __LINE__);
$arr = @mysql_fetch_array($sql);
$count = (int) @$arr[0];
if ($count) {
return $count . "об";
}
return '';
}
public function fastdelete()
{
$days = ForceIntFrom('days');
if (!$days) {
Error('请选择删除期限!');
}
$time = time() - $days * 24 * 3600;
APP::$DB->exe("DELETE FROM " . TABLE_PREFIX . "comment WHERE readed = 1 AND time < {$time}");
Success('comments');
}
static function Error($msg_class = null, $err_code = 0, $msg = "error")
{
switch (func_num_args()) {
case 0:
Error();
break;
default:
Error($msg_class, $err_code, $msg);
}
}
public function fastdelete()
{
$days = ForceIntFrom('days');
if (!$days) {
Error('请选择删除期限!');
}
$time = time() - $days * 24 * 3600;
APP::$DB->exe("DELETE FROM " . TABLE_PREFIX . "msg WHERE time < {$time}");
Success('messages');
}
public function get_field($query)
{
$this->result = $this->mysqli->query($query);
for ($count = 0; $array = $this->result->fetch_array(); $count++) {
$this->toShow[$count] = $array[0];
}
if ($count == 0) {
Error('Not found any requested article from records.');
}
}
public function process()
{
$context = \CADB\Model\Context::instance();
if (!$this->params['nid']) {
Error('단체협약서 번호를 입력하세요.');
}
if (!$this->themes) {
$this->themes = $context->getProperty('service.themes');
}
$this->fields = \CADB\Agreement::getFieldInfo(1);
$this->articles = \CADB\Agreement::getAgreement($this->params['nid'], $this->params['did'] ? $this->params['did'] : 0);
if (!$this->articles) {
Error('존재하지 않는 단체협약입니다.');
}
if (\CADB\Privilege::checkAgreement($this->articles) == false) {
Error('접근 권한이 없습니다.');
}
$g_cids = \CADB\Guide::getTaxonomy();
foreach ($g_cids as $id) {
$this->guide_taxonomy_terms[$id] = \CADB\Guide::getRelativeGuideTerm($id);
}
$this->taxonomy = $this->fields['taxonomy'];
$taxonomy_cids = array();
foreach ($this->fields['field'] as $fid => $f) {
if ($f['table'] == 'agreement') {
if ($f['type'] == 'taxonomy') {
$taxonomy_cids[] = $f['cid'];
}
}
}
if (count($taxonomy_cids)) {
$this->taxonomy += \CADB\Taxonomy::getTaxonomy($taxonomy_cids);
}
$cids = array_keys($this->taxonomy);
if ($cids) {
$taxonomy_terms = \CADB\Taxonomy::getTaxonomyTerms($cids);
foreach ($taxonomy_terms as $cid => $terms) {
$this->taxonomy_terms[$cid] = \CADB\Taxonomy::makeTree($terms);
}
}
/* ob_start();
$theme_html_file = "";
if($this->themes) {
$theme_html_file = CADB_PATH."/themes/".$this->themes."/articles/pdf.html.php";
if($theme_html_file && file_exists($theme_html_file)) {
include $theme_html_file;
} else {
include dirname(__FILE__)."/pdf.html.php";
}
} else {
include dirname(__FILE__)."/pdf.html.php";
}
$content = ob_get_contents();
ob_end_clean(); */
}
public function alter_database($query)
{
if ($this->permission() != ADMIN) {
Error('You must be admin to alter the database');
}
conn($mysqli);
if (!$mysqli->query($query)) {
Error($mysqli->error);
}
$mysqli->close();
}
function initialize_profile()
{
global $userDetails;
if (!is_get_parameter_complete(array('username'))) {
Redirect('index.php');
}
$userDetails = SelectUser($_GET['username']);
if ($userDetails == null) {
Error('User not found');
}
}
function edit_message()
{
if (!is_logged_in() || !is_post_parameter_complete(array('username', 'date', 'message')) || !(is_admin() || is_logged_username($_POST['username']))) {
Error('Invalid Access');
}
if (EditPost($_POST['username'], $_POST['date'], $_POST['message'])) {
echo 'success';
} else {
echo 'Edit failed';
}
}
function initialize_item()
{
global $itemDetails;
if (!is_get_parameter_complete(array('iditem'))) {
Redirect('store.php');
}
$itemDetails = SelectItem($_GET['iditem']);
if ($itemDetails == null) {
Error('Item not found');
}
}
function delete_item()
{
if (!is_admin()) {
Error('Invalid Access');
}
$iditem = $_POST['iditem'];
if (DeleteItem($iditem)) {
echo 'success';
} else {
echo 'edit item unsuccessfull';
}
}
function cleanFilter($filterArray)
{
$criteriaArray = parseCriteriaXML();
// print_r($criteriaArray); die();
$result = (object) array();
$result->query = " ";
$result->variables = array();
// $bool = true;
foreach ($filterArray as $filter) {
$tempQuery = "";
$tempVariables = array();
$tempCount = count($result->variables);
$filter = explode(",", $filter);
// echo $filter[0] . ' ' . $filter[3] . '<br>';
if ($filter[0] == 'AND' || $filter[0] == 'OR') {
$tempQuery .= $filter[0] . ' ';
} else {
Error('Error in query');
}
// Get query for the specified choice
if (isset($criteriaArray[$filter[1]])) {
$tempQuery .= $criteriaArray[$filter[1]]['query'] . ' ';
// echo $tempQuery;
} else {
// $bool = false;
// break;
Error('Error in query');
}
// Validate the inputs
foreach ($criteriaArray[$filter[1]]['inputs'] as $key => $value) {
// echo $key . $value .'<br>';
if ($filter[2 * ($key + 1)] == $value && $filter[2 * ($key + 1) + 1] != "") {
$result->variables[":{$tempCount}"] = $filter[2 * ($key + 1) + 1];
$tempQuery = str_replace(":{$value}", ":{$tempCount}", $tempQuery);
$tempCount++;
} else {
// $bool = false;
// break;
Error('Error in query');
}
}
// if(!$bool){
// break;
// }
$result->query .= $tempQuery;
}
// if(!$bool){
// $result->query = "";
// $result->variables = array();
// }
return $result;
}
function create_post()
{
if (!is_logged_in() || !is_post_parameter_complete(array('post-message'))) {
Error('Forbidden Access');
}
if (AddPost($_SESSION['user']['username'], $_POST['post-message'])) {
echo 'success';
die;
} else {
echo 'Message was not posted successfully.';
die;
}
}
function create_item()
{
if (!is_admin() || !is_post_parameter_complete(GetFormInputNames($GLOBALS['itemForm']))) {
Error('Invalid Access');
}
$item = CleanFormInput($GLOBALS['itemForm'], $_POST);
if (!$item) {
Error('Erroneous Parameters');
}
if (AddItem($item)) {
echo 'success';
} else {
echo 'create item unsuccessfull';
}
}
