function getGroupInfo($groupid) { $sql = _db(true)->_selectQ(_dbTable("users_group", true), "*")->_where(array("id" => $groupid)); if (!isset($_SESSION['SESS_PRIVILEGE_ID']) || $_SESSION['SESS_PRIVILEGE_ID'] > ROLE_PRIME) { $sql->_where(["guid" => $data['SESS_GUID']]); } $data = $sql->_GET(); if ($data) { return $data[0]; } else { return false; } }
function registerSettings($name, $value = "", $scope = "system") { if (is_file($value)) { $value = json_decode(file_get_contents($value), true); } $data = array("guid" => $_SESSION['SESS_GUID'], "userid" => $_SESSION['SESS_USER_ID'], "site" => SITENAME, "scope" => strtolower($scope), "name" => $name, "settings" => $value); $q = _db(true)->_insertQ1(_dbTable("settings", true), $data); $res = _dbQuery($q, true); if ($res) { return true; } else { return false; } }
function checkUserID($userid, $site = SITENAME) { if ($userid == "root") { return true; } if (!isset($_SESSION['SESS_PRIVILEGE_ID']) || $_SESSION['SESS_PRIVILEGE_ID'] > 2) { $site = SITENAME; } $sql = _db(true)->_selectQ(_dbTable("users", true), "count(*) as cnt")->_where(array("blocked" => 'false', "userid" => $userid)); $sql1 = _db(true)->_selectQ(_dbTable("access", true), "id")->_where(array("blocked" => 'false'))->_whereRAW(' (FIND_IN_SET("' . SITENAME . '",sites) OR sites="*")'); $sql = $sql->_query("accessid", $sql1); $res = _dbQuery($sql, true); if ($res) { $data = _dbData($res, true); _dbFree($res, true); return $data[0]['cnt'] > 0 ? true : false; } return false; }
function setSettings($name, $value = "", $scope = "default") { if (strlen($name) <= 0 || !isset($_SESSION['SESS_USER_ID'])) { return $defaultValue; } $sql = _db(true)->_selectQ(_dbTable("settings", true), "name,settings")->_where(array("userid" => $_SESSION['SESS_USER_ID'], "site" => SITENAME, "scope" => $scope, "name" => $name)); $res = _dbQuery($sql, true); if ($res) { $data = _dbData($res, true); _dbFree($res, true); if (isset($data[0])) { $data = array("settings" => $value); $q = _db(true)->_updateQ(_dbtable("settings", true), $data, array("userid" => $_SESSION['SESS_USER_ID'], "site" => SITENAME, "scope" => $scope, "name" => $name)); _dbQuery($q, true); return $value; } } if (registerSettings($name, $value, $scope)) { return $value; } return false; }
function changePWD() { $userid = $_SESSION["SESS_USER_ID"]; $tbl = _dbTable("users", true); $sql1 = "SELECT pwd FROM {$tbl} WHERE userid='{$userid}'"; $r = _dbQuery($sql1, true); $ra = _dbData($r); if (!isset($ra[0])) { $q = array("code" => "1", "msg" => "Error In Changing Password (1)."); echo json_encode($q); exit; } $ra = $ra[0]; $_POST["old"] = getPWDHash($_POST["old"]); $_POST["new"] = getPWDHash($_POST["new"]); //printArray($ra); //printArray($_POST); //exit(); if ($ra["pwd"] != $_POST["old"]) { $q = array("code" => "0", "msg" => "Old Password Doesn't Match. Please Use Correct Credentials. (2)"); echo json_encode($q); exit; } $oldPwd = $_POST["old"]; $newPwd = $_POST["new"]; $date = date("Y-m-d"); $q = "UPDATE {$tbl} SET pwd = '{$newPwd}', doe = '{$date}' WHERE userid='{$userid}' and pwd='{$oldPwd}'"; _dbQuery($q, true); if (_db(true)->affected_rows() <= 0) { $q = array("code" => "0", "msg" => "Old Password Doesn't Match. Please Use Correct Credentials.(3)"); echo json_encode($q); } else { $q = array("code" => "1", "msg" => "Successfully Updated Your New Password"); echo json_encode($q); } }
function updateUser($attrs = array(), $userID = null, $site = SITENAME) { if (!isset($_SESSION['SESS_PRIVILEGE_ID']) || $_SESSION['SESS_PRIVILEGE_ID'] > ROLE_PRIME) { $site = SITENAME; $userID = $_SESSION['SESS_USER_ID']; } if ($userID == null && isset($_SESSION['SESS_USER_ID'])) { $userID = $_SESSION['SESS_USER_ID']; } if (checkUserID($userID, $site)) { $dataUser = $attrs; $reqParams = explode(",", getConfig("USER_CREATE_REQUIRED_FIELDS")); foreach ($reqParams as $vx) { if (isset($dataUser[$vx]) && ($dataUser[$vx] == null || strlen($dataUser[$vx]) <= 0)) { return array("error" => "Missing Field", "field" => $vx); } } //Check PrivilegeID if required if (isset($dataUser['privilegeid'])) { $privilegeID = $dataUser['privilegeid']; $sql = _db(true)->_selectQ(_dbTable("privileges", true), "count(*) as cnt")->_where(array("id" => $privilegeID))->_raw(" AND (site='" . SITENAME . "' OR site='*')"); $res = _dbQuery($sql, true); if (!$res) { return array("error" => "PrivilegeID Query Error"); } $data = _dbData($res, true); _dbFree($res, true); if ($data[0]['cnt'] <= 0) { return array("error" => "PrivilegeID Not Found This Site {$site}"); } } //Check AccessID if required if (isset($dataUser['accessid'])) { $accessID = $dataUser['accessid']; $sql = _db(true)->_selectQ(_dbTable("access", true), "count(*) as cnt")->_where(array("blocked" => 'false', "id" => $accessID))->_raw(" AND (FIND_IN_SET('" . SITENAME . "',sites) OR sites='*')"); $res = _dbQuery($sql, true); if (!$res) { return array("error" => "AccessID Query Error"); } $data = _dbData($res, true); _dbFree($res, true); if ($data[0]['cnt'] <= 0) { return array("error" => "AccessID Not Found For This Site {$site}"); } } $sql = _db(true)->_updateQ(_dbtable("users", true), $dataUser, array("userid" => "{$userID}")); $res = _dbQuery($sql, true); if ($res) { return true; } return array("error" => "Error In User Updating", "details" => _db(true)->get_error()); } return array("error" => "UserID Not Found"); }
<?php if (!defined('ROOT')) { exit('No direct script access allowed'); } $sql = "SELECT * FROM " . _dbTable("links") . " WHERE menuid='header' AND (site='" . SITENAME . "' OR site='*') AND blocked='false' AND onmenu='true' AND (device='*')"; $res = _dbQuery($sql); if ($res) { $menuData = _dbData($res); _dbFree($res); } else { $menuData = array(); } ?> <style> .hea-navbar .dropdown-menu { margin-left: -150px; padding-top: 5px;padding-bottom: 5px; right: 0px;left: auto; } .hea-navbar .dropdown-menu li { display: block !important; float:none !important; } .hea-navbar .dropdown-menu a { padding-bottom: 0px; padding-top: 0px; width: 100%; line-height: 30px; } #header .toggle {display: none;}
function printAvatarPhoto($method) { if (isset($_REQUEST['authorid']) && strlen($_REQUEST['authorid']) > 0) { $authorid = explode("@", $_REQUEST['authorid']); $authorid = $authorid[0]; if ($method == "facebook") { //$url="http://graph.facebook.com/{$authorid}/picture?type=large";//?redirect=false $url = "http://avatars.io/facebook/{$authorid}/large"; $data = file_get_contents($url); printAvatar($data, "jpeg"); } elseif ($method == "gravatar") { $url = "http://www.gravatar.com/avatar/" . md5(strtolower(trim($_REQUEST['authorid']))) . "?s=80&d=mm&r=g"; $data = file_get_contents($url); printAvatar($data, "png"); } elseif ($method == "twitter") { $url = "http://avatars.io/twitter/{$authorid}/large"; $data = file_get_contents($url); printAvatar($data, "jpeg"); } elseif ($method == "instagram") { $url = "http://avatars.io/instagram/{$authorid}/large"; $data = file_get_contents($url); printAvatar($data, "jpeg"); } elseif ($method == "email") { //d= Default imageset to use [ 404 | mm | identicon | monsterid | wavatar ] //r= Maximum rating (inclusive) [ g | pg | r | x ] $url = "http://www.gravatar.com/avatar/"; $url .= md5(strtolower(trim($_REQUEST['authorid']))); $url .= "?s=120&d=identicon&r=g"; $data = file_get_contents($url); printAvatar($data, "png"); //printDefaultAvatar(); } elseif ($method == "logiks") { $profilePhoto = APPROOT . APPS_USERDATA_FOLDER . "profile_photos/{$_REQUEST['authorid']}"; if (file_exists($profilePhoto . ".png")) { header("content-type:image/png"); readfile($profilePhoto . ".png"); } elseif (file_exists($profilePhoto . ".gif")) { header("content-type:image/gif"); readfile($profilePhoto . ".gif"); } elseif (file_exists($profilePhoto . ".jpg")) { header("content-type:image/jpg"); readfile($profilePhoto . ".jpg"); } elseif (file_exists($profilePhoto . ".jpeg")) { header("content-type:image/jpeg"); readfile($profilePhoto . ".jpeg"); } else { printDefaultAvatar(); } } elseif ($method == "photoid") { if (!isset($_REQUEST['src'])) { $_REQUEST['src'] = getConfig("DBTABLE_AVATAR"); if (strlen($_REQUEST['src']) <= 0) { $_REQUEST['src'] = _dbTable("avatar"); } } $lx = _service("viewphoto") . "&type=view&loc=db&dbtbl={$_REQUEST['src']}&image={$_REQUEST['authorid']}"; header("Location:{$lx}"); exit; } } else { printDefaultAvatar(); } }
function restoreOldSession($sessionData, $userid, $domain, $dbLink, $params = array()) { $data = $_ENV['AUTH-DATA']; $sessionID = $sessionData['token']; $q1 = $dbLink->_selectQ(_dbTable("log_sessions", true), "*", array("sessionid" => $sessionID, "user" => $userid, "client" => _server('REMOTE_ADDR'), "user_agent" => _server('HTTP_USER_AGENT'))); $result = $dbLink->executeQuery($q1); if ($result) { $logData = $dbLink->fetchAllData($result); $dbLink->freeResult($result); if ($logData != null && count($logData) > 0) { $logData = $logData[0]; $logData['session_data'] = stripslashes($logData['session_data']); $logData['session_data'] = json_decode($logData['session_data'], true); session_regenerate_id(); foreach ($logData['session_data'] as $key => $value) { $_SESSION[$key] = $value; } setcookie("LOGIN", "true", time() + 36000); setcookie("USER", $_SESSION['SESS_USER_ID'], time() + 36000); setcookie("TOKEN", $_SESSION['SESS_TOKEN'], time() + 36000); setcookie("SITE", $_SESSION['SESS_LOGIN_SITE'], time() + 36000); //$logData['global_data']$GLOBALS //printArray($_SESSION);exit(); gotoSuccessLink(); } else { logoutOldSessions($userid, $domain, $dbLink, $params); startNewSession($userid, $domain, $dbLink, $params); } } else { logoutOldSessions($userid, $domain, $dbLink, $params); startNewSession($userid, $domain, $dbLink, $params); } exit; }
function restoreOldSession($sessionData, $userid, $domain, $params = array()) { $data = $_ENV['AUTH-DATA']; $sessionID = $sessionData['token']; $logData = _db(true)->_selectQ(_dbTable("cache_sessions", true), "*", array("session_key" => $sessionID, "userid" => $userid, "site" => $domain, "device" => getUserDeviceType(), "client_ip" => $_SERVER['REMOTE_ADDR']))->_get(); if (!empty($logData)) { $logData = $logData[0]; $logData['session_data'] = stripslashes($logData['session_data']); $logData['session_data'] = json_decode($logData['session_data'], true); session_regenerate_id(); foreach ($logData['session_data'] as $key => $value) { $_SESSION[$key] = $value; } setcookie("LOGIN", "true", time() + 36000); setcookie("USER", $_SESSION['SESS_USER_ID'], time() + 36000); setcookie("TOKEN", $_SESSION['SESS_TOKEN'], time() + 36000); setcookie("SITE", $_SESSION['SESS_LOGIN_SITE'], time() + 36000); //$logData['global_data']$GLOBALS //printArray($_SESSION);exit(); gotoSuccessLink(); } else { logoutOldSessions($userid, $domain, $params); startNewSession($userid, $domain, $params); } }
$rssid = $_REQUEST['rss']; $tbl = _dbTable($rsstable); $temp_FULL_MEDIA_PATH = getConfig("FULL_MEDIA_PATH"); setConfig("FULL_MEDIA_PATH", "true"); $rss = RSSGen::generateFromDB($tbl, $rssid); setConfig("FULL_MEDIA_PATH", $temp_FULL_MEDIA_PATH); if (strlen($rss) > 0) { RSSGen::printRSSHeader(); echo $rss; } exit; } elseif (isset($_REQUEST['list'])) { if (!isset($_REQUEST['format'])) { $_REQUEST['format'] = "json"; } $tbl = _dbTable($rsstable); $list = RSSGen::listFeeds($tbl); if (count($list) > 0) { foreach ($list as $a => $b) { $list[$a]['link'] = SiteLocation . "services/?scmd=rss&rss={$b['rssid']}"; } if ($_REQUEST['format'] == "json") { echo json_encode($list); } elseif ($_REQUEST['format'] == "table") { $s = "<table width=100% cellpadding=2 cellspacing=0 border=0>"; foreach ($list as $a) { $s .= "<tr>"; foreach ($a as $m => $n) { $s .= "<td name='{$m}'>{$n}</td>"; } $s .= "</tr>";
printHeader($doc, $type); printVFile($doc); exit; } else { displayLocalImage("images/forbidden.png", "view"); exit; } } } displayLocalImage("images/warning.png", "view"); } elseif (strtolower($_REQUEST['loc']) == "dbfile") { $dbtbl = ""; if (isset($_REQUEST['dbtbl'])) { $dbtbl = $_REQUEST['dbtbl']; } else { $dbtbl = _dbTable("files"); } $sql = "SELECT file_name,file_type,file_data,file_size FROM {$dbtbl} WHERE ID=" . $_REQUEST['file']; $result = _db()->executeQuery($sql); if ($result) { if (_db()->recordCount($result) > 0) { $record = _db()->fetchData($result); $darr = explode(".", $record["file_name"]); $ext = $darr[sizeOf($darr) - 1]; printHeader($record["file_name"], $type); echo $record["file_data"]; exit; } } displayLocalImage("images/warning.png", "view"); } else {
function fetchUserRoleHash($userid) { $tbl1 = _dbTable("users", true); $tbl2 = _dbTable("privileges", true); $data = _db(true)->_raw("SELECT md5(concat({$tbl2}.id,{$tbl2}.name)) as hash FROM {$tbl1},{$tbl2} WHERE {$tbl1}.privilegeid={$tbl2}.id AND {$tbl1}.userid='{$userid}'")->_get(); if (isset($data[0])) { return $data[0]['hash']; } else { return false; } }
function displayDBImage($imgID, $type = "view") { $dbtbl = ""; if (isset($_REQUEST['dbtbl'])) { $dbtbl = $_REQUEST['dbtbl']; } else { $dbtbl = _dbTable("photos"); } $sql = "SELECT image_type,image_data,image_size FROM {$dbtbl} WHERE ID={$imgID}"; $result = _db()->executeQuery($sql); if ($result) { if (_db()->recordCount($result) > 0) { $record = _db()->fetchData($result); $ext = str_replace("image/", "", $record["image_type"]); printHeader("download.{$ext}", $type); echo $record["image_data"]; exit; } } displayLocalImage("images/warning.png", "view"); }
function moveFile($file) { if (strlen($file['name']) == 0 && $file['size'] == 0 && strlen($file['tmp_name']) == 0) { return array(); } $lnk = ""; $maxFileSize = $_POST['MAX_FILE_SIZE']; $ifFileExists = $_POST['IF_FILE_EXISTS']; //replace,noreplace $fileAct = $_POST['FILE_ACTION']; //create,replace,delete $storeTxtToDB = $_POST['TEXT_EXTRACTION']; //true,false,yes,no $storeType = "fs"; $storePath = "attachments/"; if (strlen($file['src']) == 0) { $file['src'] = "fs#attachments/"; } if (strpos($file['src'], "fs#") === 0) { $storePath = substr($file['src'], 3); $storeType = "fs"; if (strlen($storePath) <= 0) { $storePath = "attachments/"; } } elseif (strpos($file['src'], "db#") === 0) { $storePath = substr($file['src'], 3); $storeType = "db"; if (strlen($storePath) <= 0) { $storePath = _dbTable("files"); } } else { $file['src'] = "fs#attachments/"; $storePath = substr($file['src'], 3); $storeType = "fs"; if (strlen($storePath) <= 0) { $storePath = "attachments/"; } } $exts = explode(".", $file['name']); if (count($exts) > 1) { $ext = $exts[count($exts) - 1]; } else { $ext = ""; } $fname = substr($file['name'], 0, strlen($file['name']) - strlen($ext)); if (strpos($fname, ".") === strlen($fname) - 1) { $fname = substr($fname, 0, strlen($fname) - 1); } if ($storeType == "fs") { $newName = md5(rand() * time()) . "-" . str_replace(" ", "_", $fname); $targetPath = APPROOT . APPS_USERDATA_FOLDER . "{$storePath}/{$newName}.{$ext}"; $targetPath = str_replace("//", "/", $targetPath); if (!file_exists(dirname($targetPath))) { mkdir(dirname($targetPath), 0777, true); chmod(dirname($targetPath), 0777); } if (!file_exists(dirname($targetPath))) { return array("Error" => "Failed To Create TargetPath Folder."); } if (file_exists($targetPath)) { if ($ifFileExists == "replace") { unlink($targetPath); } elseif ($ifFileExists == "noreplace") { return array("Error" => "File Exists At The Target."); } } if ($fileSize < $maxFileSize) { if (@move_uploaded_file($file['tmp_name'], $targetPath)) { return str_replace("//", "/", "{$storePath}/{$newName}.{$ext}"); } else { return array("Error" => "Failed To Move File To Destination."); } } else { return array("Error" => "File Size Is More Then Max."); } } elseif ($storeType == "db") { $date = date("Y-m-d"); $usr = getUserInfo(); $defData['date'] = $date; $defData['time'] = date('H:i:s'); $defData['doc'] = $date; $defData['doe'] = $date; $defData['datestamp'] = date('Y-m-d H:i:s'); $defData['username'] = $usr['SESS_USER_NAME']; $defData['userid'] = $usr['SESS_USER_ID']; $defData['privilegeid'] = _session('SESS_PRIVILEGE_ID'); $defData['scanBy'] = _session('SESS_USER_ID'); $defData['site'] = SITENAME; $fileName = $file['name']; $fileType = $file['type']; $fileSize = $file['size']; $fileData = ""; $meta = ""; $txtData = ""; if (isset($_POST['tags'])) { $tags = $_POST['tags']; } else { $tags = ""; } if (isset($_POST['remarks'])) { $remarks = $_POST['remarks']; } else { $remarks = ""; } if ($fileSize < $maxFileSize) { $fileData = file_get_contents($file['tmp_name']); $fileData = mysql_real_escape_string($fileData); if ($storeTxtToDB || $storeTxtToDB == "true") { $txtData = getTextData($fileData, $fileType); } } else { return array("Error" => "File Size Is More Then Max."); } if (strpos("#" . $storePath, $GLOBALS["DBCONFIG"]["DB_SYSTEM"]) == 1) { $sysDb = true; } else { $sysDb = false; } $insertQuery = "INSERT INTO {$storePath} "; $insertQuery .= "(datestamp,title,txt_data,file_name,file_data,file_type,file_size,remarks,tags,meta,site,userid,doc,doe) VALUES "; $insertQuery .= "('{$defData['datestamp']}','{$fname}',\"{$txtData}\",'{$fileName}',\"{$fileData}\",'{$fileType}','{$fileSize}','{$remarks}','{$tags}',"; $insertQuery .= "'{$meta}','{$defData['site']}','{$defData['userid']}','{$defData['doc']}','{$defData['doe']}')"; //echo $insertQuery; $a = _dbQuery($insertQuery, $sysDb); if ($a) { return _db($sysDb)->insert_id(); } return array("Error" => "Error In MySQL Query."); } return array("Error" => "StorageType Not Supported."); }