/**
* send mail
*/
function _sendmail($cp)
{
//$mail->SMTPDebug = 3; // Enable verbose debug output
$to = $cp->email_domain ? $cp->email_domain : ADMIN_EMAIL;
$res = send_mail1($to, _post('subject'), _post('body'));
ajax_output(strip_tags($res));
}
function saveBanner()
{
$banID = _post("banID");
$url = _post("url");
$link = _post("link");
$text = _post("text");
$param = _post("param");
$isactive = _post("isactive");
$fParts = split("\\.", $url);
//echo '<hr><pre>'; print_r($fParts);echo '</pre><hr>';
if (count($fParts) == 1) {
$type = $fParts[0];
} else {
$type = $fParts[1];
}
if (!$banID) {
$query = "INSERT INTO pm_banners (`url`, `type`, `link`,`text` ,`param`, `isactive`) \n\t\t\tVALUES ('" . $url . "', '" . $type . "', '" . $link . "', '" . $text . "', '" . $param . "', '" . $isactive . "')\n\t\t\t";
} else {
$query = "UPDATE pm_banners SET \n\t\t\t\t`url` = '" . $url . "',\n\t\t\t\t`type` = '" . $type . "',\n\t\t\t\t`link` = '" . $link . "',\n\t\t\t\t`text` = '" . $text . "',\n\t\t\t\t`isactive` = '" . $isactive . "',\n\t\t\t\t`param` = '" . $param . "'\n\t\t\tWHERE banID = '" . $banID . "'";
}
//echo $query;
if (!mysql_query($query)) {
trigger_error("Error while updating banner [{$query}] - " . mysql_error(), PM_FATAL);
}
header("Location: /admin?cmd=banner");
}
function saveVote()
{
$qID = _post("qID");
$Question = _post("Question");
$Ans1 = _post("Ans1");
$Ans2 = _post("Ans2");
$Ans3 = _post("Ans3");
$Ans4 = _post("Ans4");
$Ans5 = _post("Ans5");
$Ans6 = _post("Ans6");
$Ans7 = _post("Ans7");
$Ans8 = _post("Ans8");
$Ans9 = _post("Ans9");
$Ans10 = _post("Ans10");
$isactive = _post("isactive");
$isdefault = _post("isdefault");
if (!$qID) {
$query = "INSERT INTO pm_vote (`Question`, `Ans1`, `Ans2`, `Ans3`, `Ans4`, `Ans5`, `Ans6`, `Ans7`, `Ans8`, `Ans9`, `Ans10`, `isdefault`, `isactive`) \n\t\t\tVALUES ('" . $Question . "', '" . $Ans1 . "', '" . $Ans2 . "', '" . $Ans3 . "', '" . $Ans4 . "', '" . $Ans5 . "', '" . $Ans6 . "', '" . $Ans7 . "', '" . $Ans8 . "', '" . $Ans9 . "', '" . $Ans10 . "', '" . $isdefault . "', '" . $isactive . "')\n\t\t\t";
} else {
$query = "UPDATE pm_vote SET \n\t\t\t\t`Question` = '" . $Question . "',\n\t\t\t\t`Ans1` = '" . $Ans1 . "',\n\t\t\t\t`Ans2` = '" . $Ans2 . "',\n\t\t\t\t`Ans3` = '" . $Ans3 . "',\n\t\t\t\t`Ans4` = '" . $Ans4 . "',\n\t\t\t\t`Ans5` = '" . $Ans5 . "',\n\t\t\t\t`Ans6` = '" . $Ans6 . "',\n\t\t\t\t`Ans7` = '" . $Ans7 . "',\n\t\t\t\t`Ans8` = '" . $Ans8 . "',\n\t\t\t\t`Ans9` = '" . $Ans9 . "',\n\t\t\t\t`Ans10` = '" . $Ans10 . "',\n\t\t\t\t`isdefault` = '" . $isdefault . "',\n\t\t\t\t`isactive` = '" . $isactive . "'\n\t\t\tWHERE qID = '" . $qID . "'";
}
//echo $query;
if (!mysql_query($query)) {
trigger_error("Error while updating vote [{$query}] - " . mysql_error(), PM_FATAL);
}
header("Location: /admin?cmd=vote");
}
function updateFromRequest()
{
parent::updateFromRequest();
$category = _post("fld_category");
$categoryLbl = _post("fld_category_lbl");
$item = _post("fld_item");
$itemLbl = _post("fld_item_lbl");
$completed = _post("fld_completed");
$frequency = _post("fld_frequency");
$frequencyComparator = _post("fld_frequency_comparator");
$this->completed = $completed == 'yes';
$this->frequency = $frequency;
$this->frequencyComparator = $frequencyComparator;
// update labels
// xxx todo abstract this out to a manager (which may or may not defer to core options handling code)!
// xxx this belongs more in the rule manager
$dbLbl = getLabel($category, 'rule_action_category');
if ($category && $dbLbl != $categoryLbl) {
// update
sqlStatement("UPDATE list_options SET title = ? WHERE list_id = 'rule_action_category' AND option_id = ?", array($categoryLbl, $category));
}
$dbLbl = getLabel($item, 'rule_action');
if ($item && $dbLbl != $itemLbl) {
// update
sqlStatement("UPDATE list_options SET title = ? WHERE list_id = 'rule_action' AND option_id = ?", array($itemLbl, $item));
}
$this->category = $category;
$this->item = $item;
$this->itemLbl = $itemLbl;
$this->categoryLbl = $categoryLbl;
}
/**
* Return all post parameters or a single post parameter.
*
* @param string|null $param
* Parameter name to retrieve, or null to get all.
* @param mixed $default
* Default value to use when the parameter is missing.
* @return mixed
*/
public function fromPost($param = null, $default = null)
{
$result = _post($param);
if (null === $result && null !== $default) {
$result = $default;
}
return $result;
/*
if (null === $this->postParams) {
$request = $this->getController()->getRequest();
if ($request->getHeaders('accept')->match('application/json')) {
$content = $request->getContent();
$this->postParams = json_decode($content, true);
} else {
$this->postParams = parent::fromPost(null, $default);
}
}
if ($param === null) {
return $this->postParams;
} else {
return isset($this->postParams[$param])
? $this->postParams[$param] : $default;
}
*/
}
function authenticate()
{
$q = "SELECT userID FROM pm_users WHERE login=\"" . mysql_escape_string(_post('login')) . "\" AND Password = \"" . mysql_escape_string(md5(_post('psw'))) . "\" AND uDeleted=0 AND isUserGroup=0";
$qr = mysql_query($q);
if (!$qr) {
trigger_error("Invaild query while reading user info - " . mysql_error(), PM_FATAL);
}
$count = mysql_num_rows($qr);
if ($count == 1) {
list($userID) = mysql_fetch_row($qr);
if ($userID) {
// trigger_error("Auth userID: $userID", PM_WARNING);
$sessionID = _cookie("sessionID");
// trigger_error("Auth sessionID: $sessionID", PM_WARNING);
if (!$sessionID) {
$sessionID = $this->generateSessionID();
}
setcookie("sessionID", $sessionID, time() + 30 * 24 * 60 * 60, "/");
//expire in a month
mysql_query("REPLACE INTO pm_sessions (sessionID, userID, CreateTime) VALUES(\"{$sessionID}\", {$userID}, NOW())");
mysql_query("UPDATE pm_users SET LoginDate=NOW() WHERE userID={$userID}");
$this->userID = $userID;
return true;
}
}
return false;
}
function updateFromRequest()
{
parent::updateFromRequest();
$age = _post("fld_value");
$timeUnit = TimeUnit::from(_post("fld_timeunit"));
$this->value = $age;
$this->timeUnit = $timeUnit;
}
function updateFromRequest()
{
parent::updateFromRequest();
$value = _post("fld_value");
$exploded = explode(" ", $value);
$diagInfo = explode(":", $exploded[0]);
$this->codeType = $diagInfo[0];
$this->id = $diagInfo[1];
}
function edit_teacher_POST($id)
{
$description = _post('description');
$teacher = new Teacher($id);
if ($description) {
$teacher->update('description', $description);
}
redirect("teacher/{$id}/edit");
}
/**
* Check view and edit permissions.
*
* @param $op
* The type of operation. Either 'view' or 'edit'.
*/
function have_access($op)
{
global $user;
$db = DBConnection::instance();
$field_id = (int) _post('fid');
if (!$field_id) {
$field_id = (int) _get('fid');
}
$field = (object) $db->dq("SELECT entity_id, entity_type, delta FROM {mytinytodo_fields} WHERE id = ?", $field_id)->fetch_assoc();
$field_info = field_info_field_by_id($field->delta);
if ($field->entity_type == 'node') {
if (!($node = node_load($field->entity_id))) {
return false;
}
$node_access = $op == 'edit' ? 'update' : $op;
if (node_access($node_access, $node, $user) && field_access($op, $field_info, $field->entity_type, $node, $user)) {
return true;
}
} else {
if ($field->entity_type == 'user') {
if (!($account = user_load($field->entity_id))) {
return false;
}
if (field_access($op, $field_info, $field->entity_type, $account, $user)) {
return true;
}
} else {
if ($field->entity_type == 'comment') {
if (!($comment = comment_load($field->entity_id))) {
return false;
}
if ($op == 'view' && !user_access('access comments')) {
return false;
} else {
if ($op == 'edit' && !comment_access($op, $comment)) {
return false;
}
}
if (field_access($op, $field_info, $field->entity_type, $comment, $user)) {
return true;
}
} else {
if (module_exists('entity')) {
if (!($entity = entity_load($field_id))) {
return false;
}
$entity_access = $op == 'edit' ? 'update' : $op;
if (entity_access($entity_access, $field->entity_type, $entity, $user) && field_access($op, $field_info, $field->entity_type, $entity, $user)) {
return true;
}
}
}
}
}
return false;
}
function updateFromRequest()
{
parent::updateFromRequest();
$this->table = _post("fld_table");
$this->column = _post("fld_column");
$this->value = _post("fld_value");
$this->valueComparator = _post("fld_value_comparator");
$this->frequency = _post("fld_frequency");
$this->frequencyComparator = _post("fld_frequency_comparator");
}
private function _check_csrf()
{
if (!_is_post()) {
return;
}
if (_post('form_key') !== Session::form_key()) {
Log::write(chr(27) . '[41m' . chr(27) . '[37m** POSSIBLE CSRF **' . chr(27) . '[0m');
Errors::show_404();
}
}
public static function acc_number()
{
$zones = _post('zones');
$routes = _post('routes');
$category = _post('category');
$array = array($zones, $routes, $category);
//$acc_no = implode( $array);
$acc_no = var_dump(implode('Ksm', array()));
// The modified acc_no.
return $acc_no;
}
function updateFromRequest()
{
parent::updateFromRequest();
$age = _post("fld_value");
$timeUnit = TimeUnit::from(_post("fld_timeunit"));
if ($timeUnit == null) {
$timeUnit = TimeUnit::from(_post("fld_target_interval_type"));
}
$this->value = $age;
$this->timeUnit = $timeUnit;
}
function add_course_POST()
{
$name = _post('name');
$teacher = _post('teacher');
$description = _post('description');
if ($name && $teacher) {
$course = Course::create(compact('name', 'teacher', 'description'));
redirect('course/' . $course->id);
} else {
show_form();
}
}
function add_teacher_POST()
{
$name = _post('name');
$gender = _post('gender');
$description = _post('description');
if ($name && $gender) {
$teacher = Teacher::create(compact('name', 'gender', 'description'));
redirect('teacher/' . $teacher->id);
} else {
show_form();
}
}
function login_POST()
{
$username = _post('username');
$password = _post('password');
if ($user = User::check($username, $password)) {
$user->login();
$back_url = _get('back_url') ?: DEFAULT_LOGIN_REDIRECT_URL;
redirect($back_url);
} else {
$GLOBALS['msg'] = $GLOBALS['config']['error']['info']['USERNAME_OR_PASSWORD_INCORRECT'];
}
}
function my_POST()
{
$user = $GLOBALS['user'];
$name = _post('name');
if ($name) {
$user->update('name', $name);
}
$newPass = _post('newPass');
if ($newPass) {
$user->update('name', $newPass);
}
redirect('my');
}
function register_POST()
{
$username = _post('username');
$password = _post('password');
$gender = _post('gender');
$school = _post('school');
$year = _post('year');
if ($username && $password && $gender && $school && $year) {
$user = User::create(compact('username', 'password', 'gender', 'school', 'year'));
$user->login();
redirect();
}
}
/**
* @author ryan <*****@*****.**>
*/
function discuss_comment($comment)
{
if (!$GLOBALS['has_login']) {
exit;
}
$comment = new Comment($comment);
$content = _post('content');
if ($content) {
$comment->discuss($content, $GLOBALS['user']);
$teacherId = $comment->teacher;
redirect("teacher/{$teacherId}/comment/{$comment->id}");
}
}
function updateFromRequest()
{
parent::updateFromRequest();
$lifestyle = _post("fld_lifestyle");
$value = _post("fld_value");
$matchType = _post("fld_value_type");
$this->type = $lifestyle;
if ($matchType == "any") {
$this->matchValue = null;
} else {
$this->matchValue = $value;
}
}
/**
* @author ryan <*****@*****.**>
*/
function comment_action($type, $id)
{
if (!$GLOBALS['has_login']) {
return;
}
$title = _post('title');
$content = _post('content');
if ($title && $content) {
$user = $GLOBALS['user'];
$o = new $type($id);
$o->comment($title, $content, $user);
}
$t = camel2under($type);
redirect("{$t}/{$id}");
}
function comment_add_POST($teacher, $comment)
{
if (!$GLOBALS['has_login']) {
return;
}
$comment = new Comment($comment);
if ($GLOBALS['user']->id != $comment->user) {
return;
}
$content = _post('content');
if (!$content) {
return;
}
$comment->addContent($content);
redirect("teacher/{$teacher}/comment/{$comment->id}");
}
/**
* Sanitize input values from POST
* @param mixed $post The value or The array of values being sanitized.
* @return mixed the cleaned value
*/
function _post($post)
{
if (is_array($post)) {
foreach ($post as $name => $value) {
if (is_array($value)) {
$post[$name] = _post($value);
} else {
$value = stripslashes($value);
$value = _sanitize($value);
$post[$name] = $value;
}
}
} else {
$value = stripslashes($post);
$value = _sanitize($value);
return $value;
}
return $post;
}
function getContent($args)
{
$aID = _post("vote");
$qID = _post("qID");
$cmd = _post("cmd");
$res = "";
switch ($cmd) {
case "vote":
if (!$this->checkIfUserVoted($qID)) {
$this->makeVote($qID, $aID);
$res .= "<div class=\"podbor\"><p><strong>Внимание!</strong></p>\n\t\t\t\t\t\t\t\t<p>Вы не можете голосовать больше одного раза</p></div>\n\t\t\t\t\t\t\t\t";
} else {
$res .= "<div class=\"podbor\"><p><strong>Внимание!</strong></p>\n\t\t\t\t\t\t\t\t<p>Спасибо. Ваш голос учтен</p></div>";
}
break;
}
$res .= $this->getResults($args);
return $res;
}
public function testPOST()
{
$input = 'Hello World';
$this->assertEqual(_post($input), 'Hello World');
$input = array('str' => 'Hello World');
$this->assertEqual(_post($input), array('str' => 'Hello World'));
$input = 'Hello <a href="javascript:alert(\'xss\');">World</a>';
$this->assertEqual(_post($input), 'Hello <a href="javascript:alert(\'xss\');">World</a>');
$input = array('str' => 'Hello World', 'xss' => 'Hello <a href="javascript:alert(\'xss\');">World</a>');
$this->assertEqual(_post($input), array('str' => 'Hello World', 'xss' => 'Hello <a href="javascript:alert(\'xss\');">World</a>'));
$input = '<IMG SRC=javascript:alert("XSS")>';
$this->assertEqual(_post($input), '<IMG SRC=javascript:alert("XSS")>');
$input = '"Double quotes"';
$this->assertEqual(_post($input), '"Double quotes"');
$input = "'Single quotes'";
$this->assertEqual(_post($input), "'Single quotes'");
$input = "'Single quotes' & \"Double quotes\"";
$this->assertEqual(_post($input), "'Single quotes' & \"Double quotes\"");
$input = "<b>Wörmann</b>";
$this->assertEqual(_post($input), '<b>Wörmann</b>');
}
/**
* Write a timeline log
*
* Log array:
* - uid
* - message
* - timeline
* - module
* - link
* - time
* - app_key
*
* @return bool
*/
public function insertAction()
{
$result = array('status' => 0, 'message' => __('Timeline post failed.'));
$uid = (int) _post('uid');
$timeline = _post('timeline');
$title = _post('title');
$message = _post('message');
$time = (int) _post('time') ?: time();
$link = _post('link');
$appKey = _post('app_key');
$module = _post('module');
if (!$uid || !$timeline || !$message) {
return $result;
}
// Check timeline
$rowset = $this->getModel('timeline')->find($timeline, 'name');
if (!$rowset && !$appKey) {
return $result;
// Register timeline meta if not exist
} elseif (!$rowset && $appKey) {
$data = array('name' => $timeline, 'module' => $module, 'title' => $title ?: $timeline, 'app_key' => $appKey, 'active' => 1);
// Insert timeline meta
$row = $this->getModel('timeline')->createRow($data);
$row->save();
if (!$row->id) {
return $result;
}
}
// Add timeline log
$log = compact('uid', 'timeline', 'message', 'time', 'link');
$stauts = Pi::api('timeline', 'user')->add($log);
if ($stauts) {
$result['status'] = 1;
$result['message'] = __('Timeline added successfully.');
}
return $result;
}
public function login()
{
$this->layout = 'blank';
$user = new User(_post('user'));
$user->refine();
if (!$user->validate_login()) {
$this->flash->add('message_error', $user->errors->get_messages());
$this->back();
}
$remember_me = is_blank(_post('remember_me')) ? false : true;
$user->login($remember_me);
$return_url = _get('return_url');
if (empty($return_url)) {
$return_url = '/';
}
$this->redirect_to($return_url);
}
if ($by_post) {
$labor_expense = _post('labor_expense');
$wear_tear = _post('wear_tear');
$st_expense = _post('st_expense');
$st_price = _post('st_price');
$weight_ratio = _post('weight_ratio');
Setting::set(compact('labor_expense', 'wear_tear', 'st_expense', 'st_price', 'weight_ratio'));
redirect('setting');
// refresh
}
break;
case 'password':
if ($by_post) {
$password = _post('password');
$new_password = _post('new_password');
$re_password = _post('re_password');
if (empty($password)) {
$msg = $ERROR_INFO['PASSWORD_EMPTY'];
} elseif (!$user->checkPassword($password)) {
$msg = $ERROR_INFO['PASSWORD_INCORRECT'];
} elseif (empty($new_password)) {
$msg = $ERROR_INFO['NEW_PASSWORD_EMPTY'];
} elseif ($new_password !== $re_password) {
$msg = $ERROR_INFO['PASSWORD_NOT_SAME'];
} else {
$user->changePassword($new_password);
redirect();
}
}
break;
default:
</div>
<div class="row">
<div class="col-md-5">
<h3>Caraceristici</h3>
<hr>
<div class="alert alert-info"><strong>Info!</strong> Introduceti cate o caracteristica pe linie.</div>
<textarea class="form-control" name="produs_caracteristici" style="height:200px;" placeholder="Introduceti cate o caracteristica pe linie."><?php
_post("produs_caracteristici");
?>
</textarea>
</div>
<div class="col-md-7">
<h3>Descriere</h3>
<hr>
<textarea name="produs_descriere" class="editor"><?php
_post("produs_descriere");
?>
</textarea>
</div>
</div>
<hr>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" class="btn btn-primary" name="add_produs_btn"><i class="fa fa-plus"></i> Adauga produs</button>
</div>
</div>
</form>
<?php
TPL::thing('footer', 'text', function () {
