/**
* This function is called before any output is generated or any other
* actions are performed. Initializations happen here.
*
* @param $action Name of the action to perform
* @param $args Arguments for the given action
*/
public function before_filter(&$action, &$args)
{
parent::before_filter($action, $args);
$this->modules = array();
// Set Navigation
PageLayout::setHelpKeyword("Basis.ProfileModules");
PageLayout::setTitle(_("Mehr Funktionen"));
PageLayout::addSqueezePackage('lightbox');
Navigation::activateItem('/profile/modules');
// Get current user.
$this->username = Request::username('username', $GLOBALS['user']->username);
$this->user_id = get_userid($this->username);
$this->plugins = array();
$blubber = PluginEngine::getPlugin('Blubber');
// Add blubber to plugin list so status can be updated.
if ($blubber) {
$this->plugins[] = $blubber;
}
// Get homepage plugins from database.
$this->plugins = array_merge($this->plugins, PluginEngine::getPlugins('HomepagePlugin'));
// Show info message if user is not on his own profile
if ($this->user_id != $GLOBALS['user']->id) {
$current_user = User::find($this->user_id);
$message = sprintf(_('Daten von: %s %s (%s), Status: %s'), htmlReady($current_user->Vorname), htmlReady($current_user->Nachname), htmlReady($current_user->username), htmlReady($current_user->perms));
PageLayout::postMessage(MessageBox::info($message));
}
$this->setupSidebar();
}
function smarty_modifier_cms_date_format($string, $format = '', $default_date = '')
{
$gCms = cmsms();
if ($format == '') {
$format = get_site_preference('defaultdateformat');
if ($format == '') {
$format = '%b %e, %Y';
}
if (!isset($gCms->variables['page_id'])) {
$uid = get_userid(false);
if ($uid) {
$tmp = get_preference($uid, 'date_format_string');
if ($tmp != '') {
$format = $tmp;
}
}
}
}
$config = $gCms->GetConfig();
$fn = cms_join_path($config['root_path'], 'lib', 'smarty', 'plugins', 'modifier.date_format.php');
if (!file_exists($fn)) {
die;
}
require_once $fn;
return smarty_modifier_date_format($string, $format, $default_date);
}
function updatecontentobj(&$contentobj, $preview = false, $params = null)
{
if ($params == null) {
$params = $_POST;
}
$userid = get_userid();
$adminaccess = check_ownership($userid, $contentobj->Id()) || check_permission($userid, 'Modify Any Page');
#Fill contentobj with parameters
$contentobj->FillParams($params);
if ($preview) {
$error = $contentobj->ValidateData();
}
if (isset($params["ownerid"])) {
$contentobj->SetOwner($params["ownerid"]);
}
$contentobj->SetLastModifiedBy($userid);
// #Fill Additional Editors (kind of kludgy)
// if (isset($params["additional_editors"]))
// {
// $addtarray = array();
// foreach ($params["additional_editors"] as $addt_user_id)
// {
// $addtarray[] = $addt_user_id;
// }
// $contentobj->SetAdditionalEditors($addtarray);
// }
// else if ($adminaccess)
// {
// $contentobj->SetAdditionalEditors(array());
// }
}
/**
* A convenience function to test if the site is marked as down according to the config panel.
* This method includes handling the preference that indicates that site-down behaviour should
* be disabled for certain IP address ranges.
*
* @return boolean
*/
function is_sitedown()
{
global $CMS_INSTALL_PAGE;
if (isset($CMS_INSTALL_PAGE)) {
return TRUE;
}
if (get_site_preference('enablesitedownmessage') !== '1') {
return FALSE;
}
if (get_site_preference('sitedownexcludeadmins')) {
$uid = get_userid(FALSE);
if ($uid) {
return FALSE;
}
}
if (!isset($_SERVER['REMOTE_ADDR'])) {
return TRUE;
}
$excludes = get_site_preference('sitedownexcludes', '');
if (empty($excludes)) {
return TRUE;
}
$tmp = explode(',', $excludes);
$ret = cms_ipmatches($_SERVER['REMOTE_ADDR'], $excludes);
if ($ret) {
return FALSE;
}
return TRUE;
}
function search_vuln($scanID)
{
$pScanID = $scanID;
// echo $pScanID.'<br>';
if ($userid = get_userid()) {
// echo $userid . '<br>';
} else {
die;
}
$query = "SELECT Vuln.IP_URL,Plugin.Name,Vuln.Vuln_Info,Vuln.Level FROM Plugin,Scan,Vuln WHERE Vuln.Scan_ID=Scan.ID AND Vuln.Plugin_ID=Plugin.ID AND Scan.ID={$scanID} AND Scan.User_ID='{$userid}' ORDER BY Vuln.IP_URL,Vuln.Level,Vuln.ID";
// echo $query.'<br>';
$ret = array();
$result = mysql_query($query);
while ($row = mysql_fetch_row($result)) {
// var_dump($row);
foreach ($row as $key => $value) {
// echo $key.' => '.$value;
$row[$key] = check_xss($value);
}
$ipurl = $row[0];
$ret[$ipurl][] = array_slice($row, 1);
}
// var_dump($ret);
return $ret;
}
function PrePopulateAdminForm($formDescriptor)
{
$mod = $this->form_ptr->module_ptr;
$main = array(array($mod->Lang('title_text'), $mod->CreateTextArea(get_preference(get_userid(), 'use_wysiwyg') == '1', $formDescriptor, $this->GetOption('text', ''), 'fbrp_opt_text', 'pageheadtags')));
$adv = array(array($mod->Lang('title_smarty_eval'), $mod->CreateInputCheckbox($formDescriptor, 'fbrp_opt_smarty_eval', '1', $this->GetOption('smarty_eval', '0'))));
return array('main' => $main, 'adv' => $adv);
}
function SMS_ADD_POST($person = 0, $content = 0, $type, $url = 0, $userid)
{
//发送消息表
$sms_send = array('receiveperson' => $person, 'content' => $content, 'uid' => $userid, 'date' => get_date('y-m-d H:i:s', PHP_TIME));
insert_db('sms_send', $sms_send);
global $db;
$blog = $db->fetch_one_array("SELECT * FROM " . DB_TABLEPRE . "sms_send WHERE receiveperson = '" . $person . "' and uid='" . $userid . "' order by id desc");
$id = $blog["id"];
//获取字符串
$receivepersonarr = explode(',', $person);
//发送消息表
for ($i = 0; $i < sizeof($receivepersonarr); $i++) {
//接收消息表
$sms_receive = array('sendperson' => $userid, 'date' => get_date('y-m-d H:i:s', PHP_TIME), 'content' => $content, 'receiveperson' => get_userid($receivepersonarr[$i]), 'type' => '2', 'smskey' => '1', 'sendid' => $id);
//接收消息表
insert_db('sms_receive', $sms_receive);
}
if ($id != '') {
$oalog = array('uid' => $userid, 'content' => $content . get_log(1) . $person, 'title' => '发布短消息', 'startdate' => get_date('Y-m-d H:i:s', PHP_TIME), 'contentid' => $id, 'type' => '4');
insert_db('oalog', $oalog);
}
if ($type == '1') {
goto_page($url);
}
}
public function act_insert()
{
$emails = isset($_POST['emails']) ? trim($_POST['emails']) : "";
$accounts = isset($_POST['accounts']) ? $_POST['accounts'] : "";
$emails = explode(",", $emails);
$emails = array_filter($emails);
$userId = get_userid();
foreach ($emails as $key => $value) {
if (!preg_match("/^([a-z0-9_\\.-]+)@([\\da-z\\.-]+)\\.([a-z\\.]{2,6})\$/", $value)) {
self::$errMsg[10061] = get_promptmsg(10061, "邮箱格式有误导致");
return false;
}
foreach ($accounts as $account) {
$data['email'] = $value;
$data['accountId'] = $account;
$data['createTime'] = time();
$data['creatorId'] = get_userid();
$data['modefyTime'] = time();
$msg = M('PaypalEmail')->insertData($data);
if (!$msg) {
self::$errMsg[10061] = get_promptmsg(10061, "插入数据库出错导致");
return false;
}
}
}
self::$errMsg[200] = get_promptmsg(200, "添加paypalEmail");
return true;
}
function add_comment()
{
global $db, $fullsite, $cla_cid, $cla_nid, $cla_site, $ts_config;
$result = array('result' => -1, 'data' => '');
if (!is_login()) {
die(json_encode($result));
}
$user_info = get_user_info_login();
$user_id = get_userid();
$comment = __post('comment');
$post_id = (int) __post('post_id');
$token = __post('token');
$tokenCheck = md5(md5($post_id));
if ($token != $tokenCheck) {
$result['result'] = -2;
die(json_encode($result));
}
$sSQL = " insert into ntk_forum_comments(user_id,post_id,content,`status`,create_date)\n\t\t\t\tvalues({$user_id},{$post_id},'{$comment}',0,NOW() )\n\t\t\t";
$resultSQL = $db->query($sSQL, true, "Query failed");
$result['result'] = 1;
$html_comment = '<div class="forum_comment ' . $class . '">';
$html_comment .= '<div class="forum_comment_header">';
$html_comment .= '<span class="forum_comment_full_name">' . $user_info['full_name'] . '</span> ';
$html_comment .= '<span class="forum_comment_date">' . date("d/m/Y H:i:s") . '</span><br>';
$html_comment .= '</div>';
$html_comment .= '<div class="forum_comment_content">';
$html_comment .= ' <pre>' . $comment . '<pre>';
$html_comment .= '</div>';
$html_comment .= '</div>';
$result['data'] = $html_comment;
die(json_encode($result));
}
public function check($data, $virtualobject, $relevantfields)
{
$errors = "";
if (!$data['user_id']) {
if (!$data['username']) {
$errors .= "Kein Nutzername. ";
} else {
$validator = new email_validation_class();
if (!$validator->ValidateUsername($data['username'])) {
$errors .= "Nutzername syntaktisch falsch. ";
} elseif (get_userid($data['username']) && get_userid($data['username']) !== $data['user_id']) {
$errors .= "Nutzername schon vergeben. ";
}
}
if (!$data['perms'] || !in_array($data['perms'], array("user", "autor", "tutor", "dozent", "admin", "root"))) {
$errors .= "Keine korrekten Perms gesetzt. ";
}
if (!$data['vorname'] && !$data['nachname']) {
$errors .= "Kein Name gesetzt. ";
}
}
if (in_array("email", $relevantfields)) {
if (!$data['email']) {
$errors .= "Keine Email. ";
} else {
$validator = new email_validation_class();
if (!$validator->ValidateEmailAddress($data['email'])) {
$errors .= "Email syntaktisch falsch. ";
}
}
}
return $errors;
}
function TabNames()
{
$res = array(lang('main'));
if (check_permission(get_userid(), 'Manage All Content')) {
$res[] = lang('options');
}
return $res;
}
/**
* 新增平台信息
* @return array
* @author lzx
*/
public function act_insert()
{
$data = array();
$data['platform'] = isset($_POST['platform']) ? trim($_POST['platform']) : '';
$data['shortcode'] = isset($_POST['shortcode']) ? trim($_POST['shortcode']) : '';
$data['suffix'] = isset($_POST['suffix']) ? trim($_POST['suffix']) : '';
$data['addUser'] = get_userid();
$data['addTime'] = time();
return M('Platform')->insertData($data);
}
public function act_insert()
{
$id = isset($_POST['currId']) ? $_POST['currId'] : '';
$data = array();
$data['currency'] = isset($_POST['currency']) ? $_POST['currency'] : '';
$data['rates'] = isset($_POST['rates']) ? $_POST['rates'] : '';
$data['userId'] = get_userid();
$data['modefyTime'] = time();
return M('Currency')->insertData($data);
}
public function view_edit()
{
//面包屑
$navlist = array(array('url' => 'index.php?mod=user&act=index', 'title' => '授权管理'), array('url' => '#', 'title' => '用户列表'), array('url' => 'index.php?mod=user&act=edit&uid=' . $id, 'title' => '编辑'));
$userInfo = A('User')->act_getUserInfoById(get_userid());
$this->smarty->assign('navlist', $navlist);
$this->smarty->assign('toptitle', '编辑');
$this->smarty->assign('userInfo', $userInfo);
$this->smarty->display("userModify.htm");
}
public function act_update()
{
$data = array();
$id = isset($_POST['id']) ? trim($_POST['id']) : '';
$data['type'] = isset($_POST['type']) ? trim($_POST['type']) : '';
$data['status'] = isset($_POST['status']) ? trim($_POST['status']) : '';
$data['errormsg'] = isset($_POST['errormsg']) ? trim($_POST['errormsg']) : '';
$data['lastmodifyuserId'] = get_userid();
$data['lastmodefyTime'] = time();
return M('PromptMsg')->updateData($id, $data);
}
/**
* 订单系统相关操作权限获取
*@eturn array
*@author lzx
*modify by yxd 2014/7/17
*/
public function view_edit()
{
F('order');
//编辑权限控制, 存在隐患BUG, 需要增加是否有编辑这个用户的权限
$navlist = array(array('url' => 'index.php?mod=user&act=index', 'title' => '授权管理'), array('url' => 'index.php?mod=user&act=index', 'title' => '用户列表'), array('url' => '#', 'title' => '订单系统相关操作权限获取'));
$uid = isset($_GET['uid']) & intval($_GET['uid']) > 0 ? intval($_GET['uid']) : 0;
$competences = A('UserCompetence')->act_getCompetenceByUserId($uid);
$mycompetences = A('UserCompetence')->act_getCompetenceByUserId(get_userid());
//需要设置session的用户id, 还需要增加文件夹移动权限
$groupLists = M('StatusMenu')->getOrderStatusByGroupId();
//文件夹分组列表
$statusLists = A('StatusMenu')->act_getStatusMenuList();
//文件夹状态列表
$visibleCarrier = json_decode($competences['visible_carrier'], true);
$visibleEditorder = explode(',', $competences['visible_editorder']);
$myVisibleEditorder = explode(',', $mycompetences['visible_editorder']);
$visibleCarrier0 = $visibleCarrier[0];
//快递
$visibleCarrier1 = $visibleCarrier[1];
//非快递
$myvisibleCarrier = json_decode($competences['visible_carrier'], true);
$editorder_options = C('EDITORDEROPTIONS');
$this->smarty->assign('platform_account', json_decode($competences['visible_platform_account'], true));
//被修改者平台账号控制权限
$this->smarty->assign('myplatform_account', json_decode($mycompetences['visible_platform_account'], true));
//修改者平台账号控制权限
$this->smarty->assign('showfolder', explode(',', $competences['visible_showfolder']));
//被修改者文件夹显示权限
$this->smarty->assign('myshowfolder', explode(',', $mycompetences['visible_showfolder']));
//修改者文件夹显示权限
$this->smarty->assign('movefolder', $competences['visible_movefolder']);
//被修改者文件夹移动权限
$this->smarty->assign('mymovefolder', $mycompetences['visible_movefolder']);
//修改者文件夹移动权限
$this->smarty->assign('statusLists', $statusLists);
//文件状态分组
$this->smarty->assign('groupLists', $groupLists);
//文件状态
$this->smarty->assign("editorderOptions", $editorder_options);
$this->smarty->assign('myVisibleEditorder', $myVisibleEditorder);
$this->smarty->assign('visibleEditorder', $visibleEditorder);
$this->smarty->assign('carrierListk', A('PlatformToCarrier')->act_getCarrierFromApi(0));
//快递
$this->smarty->assign('carrierListnk', A('PlatformToCarrier')->act_getCarrierFromApi(1));
//非快递
$this->smarty->assign('visibleCarrier0', $visibleCarrier0);
$this->smarty->assign('visibleCarrier1', $visibleCarrier1);
$this->smarty->assign('toptitle', '订单系统细颗粒度权限控制');
$this->smarty->assign('toplevel', A('Topmenu')->act_getToplevel('User'));
$this->smarty->assign('secondlevel', A('Topmenu')->act_getSecondlevel('User'));
$this->smarty->assign('navlist', $navlist);
$this->smarty->assign('toptitle', '授权管理');
$this->smarty->display("compenseEdit.htm");
}
public function view_edit()
{
$navlist = array(array('url' => 'index.php?mod=Platform&act=index', 'title' => '系统设置'), array('url' => 'index.php?mod=averageDailyCount&act=index', 'title' => '日均量策略设置'), array('url' => '', 'title' => '修改'));
F('order');
$this->smarty->assign('plataccount', get_userplatacountpower(get_userid()));
$this->smarty->assign('navlist', $navlist);
$this->smarty->assign('toptitle', '添加SKU');
$this->smarty->assign('toplevel', A('Topmenu')->act_getToplevel('averageDailyCount'));
$this->smarty->assign('secondlevel', A('Topmenu')->act_getSecondlevel('averageDailyCount'));
$this->smarty->assign('averageDailyCountList', A('AverageDailyCount')->act_getAverageDailyCountListById());
$this->smarty->display("averageDailyCountEdit.htm");
}
private static function _init()
{
$AC =& ac_utils::get_module('AdvancedContent');
self::$_tabs = array('main' => array('tab_id' => 'main', 'tab_name' => lang('main'), 'block_tabs' => array(), 'block_groups' => array(), 'content_blocks' => array()));
if (check_permission(get_userid(), 'Manage All Content')) {
self::$_tabs['options'] = array('tab_id' => 'options', 'tab_name' => lang('options'), 'block_tabs' => array(), 'block_groups' => array(), 'content_blocks' => array());
}
if (check_permission(get_userid(), 'Manage AdvancedContent Options') && $AC->GetPreference('use_advanced_pageoptions', 0)) {
self::$_tabs['AdvancedContent'] = array('tab_id' => 'AdvancedContent', 'tab_name' => $AC->lang('advancedcontent_tabname'), 'block_tabs' => array(), 'block_groups' => array(), 'content_blocks' => array());
}
self::$_init = true;
}
/**
* Triggered on loc_begin_index
*
* Initiating GhostTracker - Perform user logout after registration if not validated
*/
function UAM_Init()
{
global $conf, $user;
include_once PHPWG_ROOT_PATH . 'admin/include/functions.php';
$conf_UAM = unserialize($conf['UserAdvManager']);
// Admins, Guests and Adult_Content users are not tracked for Ghost Tracker or Users Tracker
// -----------------------------------------------------------------------------------------
if (!is_admin() and !is_a_guest() and $user['username'] != "16" and $user['username'] != "18") {
if (isset($conf_UAM['GHOSTRACKER']) and $conf_UAM['GHOSTRACKER'] == 'true' or isset($conf_UAM['ADDLASTVISIT']) and $conf_UAM['ADDLASTVISIT'] == 'true') {
$userid = get_userid($user['username']);
// Looking for existing entry in last visit table
// ----------------------------------------------
$query = '
SELECT *
FROM ' . USER_LASTVISIT_TABLE . '
WHERE user_id = ' . $userid . '
;';
$count = pwg_db_num_rows(pwg_query($query));
if ($count == 0) {
// If not, data are inserted in table
// ----------------------------------
$query = '
INSERT INTO ' . USER_LASTVISIT_TABLE . ' (user_id, lastvisit, reminder)
VALUES (' . $userid . ', now(), "false")
;';
pwg_query($query);
} else {
if ($count > 0) {
// If yes, data are updated in table
// ---------------------------------
$query = '
UPDATE ' . USER_LASTVISIT_TABLE . '
SET lastvisit = now(), reminder = "false"
WHERE user_id = ' . $userid . '
LIMIT 1
;';
pwg_query($query);
}
}
}
// Perform user logout after registration if not validated
if (isset($conf_UAM['CONFIRM_MAIL']) and ($conf_UAM['CONFIRM_MAIL'] == 'true' or $conf_UAM['CONFIRM_MAIL'] == 'local') and (isset($conf_UAM['REJECTCONNECT']) and $conf_UAM['REJECTCONNECT'] == 'true') and !UAM_UsrReg_Verif($user['id']) and !is_admin() and !is_webmaster()) {
invalidate_user_cache();
logout_user();
if ($conf['guest_access']) {
redirect(make_index_url() . '?UAM_msg=rejected', 0);
} else {
redirect(get_root_url() . 'identification.php?UAM_msg=rejected', 0);
}
}
}
}
public function act_update()
{
$id = isset($_POST['id']) ? trim($_POST['id']) : '';
$data['platformId'] = $_POST['platformId'];
$data['accountId'] = $_POST['accountId'];
$data['sku'] = $_POST['sku'];
$data['orderTime1'] = strtotime($_POST['OrderTime1']);
$data['orderTime2'] = strtotime($_POST['OrderTime2']);
$data['updateTime'] = time();
$data['operatorId'] = get_userid();
$data['is_delete'] = 0;
return M('AverageDailyCount')->updateData($id, $data);
}
/**
* 修改指定用户的密码
* @param userId POST过来的被修改人id
* @param pwd 新密码
* @return array()
* @author zqt
*/
public function act_updateUserPsw()
{
$userId2 = $_POST['userId'];
//被修改人密码
$pwd = $_POST['pwd'];
//密码
$data = M('InterfacePower')->userUpdatePsw(get_userid(), $userId2, $pwd);
if (empty($data)) {
self::$errMsg[10052] = get_promptmsg(10052);
} else {
self::$errMsg[$data['errCode']] = $data['errMsg'];
}
return $data;
}
/**
* checks the validity of input parameters, fills $page['errors'] and
* $page['infos'] and send an email with confirmation link
*
* @return bool (true if email was sent, false otherwise)
*/
function process_password_request()
{
global $page, $conf;
if (empty($_POST['username_or_email'])) {
$page['errors'][] = l10n('Invalid username or email');
return false;
}
$user_id = get_userid_by_email($_POST['username_or_email']);
if (!is_numeric($user_id)) {
$user_id = get_userid($_POST['username_or_email']);
}
if (!is_numeric($user_id)) {
$page['errors'][] = l10n('Invalid username or email');
return false;
}
$userdata = getuserdata($user_id, false);
// password request is not possible for guest/generic users
$status = $userdata['status'];
if (is_a_guest($status) or is_generic($status)) {
$page['errors'][] = l10n('Password reset is not allowed for this user');
return false;
}
if (empty($userdata['email'])) {
$page['errors'][] = l10n('User "%s" has no email address, password reset is not possible', $userdata['username']);
return false;
}
$activation_key = generate_key(20);
list($expire) = pwg_db_fetch_row(pwg_query('SELECT ADDDATE(NOW(), INTERVAL 1 HOUR)'));
single_update(USER_INFOS_TABLE, array('activation_key' => pwg_password_hash($activation_key), 'activation_key_expire' => $expire), array('user_id' => $user_id));
$userdata['activation_key'] = $activation_key;
set_make_full_url();
$message = l10n('Someone requested that the password be reset for the following user account:') . "\r\n\r\n";
$message .= l10n('Username "%s" on gallery %s', $userdata['username'], get_gallery_home_url());
$message .= "\r\n\r\n";
$message .= l10n('To reset your password, visit the following address:') . "\r\n";
$message .= get_gallery_home_url() . '/password.php?key=' . $activation_key . '-' . urlencode($userdata['email']);
$message .= "\r\n\r\n";
$message .= l10n('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n";
unset_make_full_url();
$message = trigger_change('render_lost_password_mail_content', $message);
$email_params = array('subject' => '[' . $conf['gallery_title'] . '] ' . l10n('Password Reset'), 'content' => $message, 'email_format' => 'text/plain');
if (pwg_mail($userdata['email'], $email_params)) {
$page['infos'][] = l10n('Check your email for the confirmation link');
return true;
} else {
$page['errors'][] = l10n('Error sending email');
return false;
}
}
function execute()
{
$list_form = new XTemplate('Home/List.html');
$left_menu = $this->rmenu();
$uId = get_userid();
$infoArr = $this->fnc_get_user_info($type_id = 1, $value = $uId, $html = true);
$gridview = $infoArr['html'];
$list_form->assign('slide_bar', $this->slide_bar($left_menu));
$list_form->assign('tabs', $this->set_tabs());
$list_form->assign('gridview', $gridview);
$list_form->assign('dialog_title', 'thành viên');
$list_form->parse('main');
$html = $list_form->out_return('main');
echo $html;
}
function search_dist($status, $os, $mac, $distid = 0)
{
// $pKeyword = check_sql($keyword);
$pStatus = $status;
$pOS = $os;
$pMAC = $mac;
$pId = $distid;
$time = time();
$ip = $_SERVER["REMOTE_ADDR"];
if ($userid = get_userid()) {
// echo $userid . '<br>';
} else {
die;
}
// echo $userid . '<br>';
// echo $time . '<br>';
// if Last_Time bigger than now time too much, such as 1 min, then set online status off
$query = "UPDATE Dispatcher SET Status=0 WHERE {$time}-Last_Time>60";
$result = mysql_query($query);
// then select information
$query = "SELECT Dispatcher.ID,Dispatcher.OS,Dispatcher.MAC,Dispatcher.IP,Dispatcher.Last_Time,Dispatcher.Status,User.Name FROM Dispatcher,User WHERE Dispatcher.User_ID=User.ID AND Dispatcher.User_ID='{$userid}'";
if (is_int($pStatus) and $pStatus >= 0 and $pStatus < 2) {
$query .= " AND Dispatcher.Status='{$pStatus}'";
}
if ($pOS) {
$query .= " AND Dispatcher.OS like'%{$pOS}%'";
}
if ($pMAC) {
$query .= " AND Dispatcher.MAC='{$pMAC}'";
}
if (is_int($pId) and $pId > 0) {
$query .= " AND Dispatcher.ID={$pId}";
}
// echo $query.'<br>';
$ret = array('data' => array());
$result = mysql_query($query);
while ($row = mysql_fetch_row($result)) {
// var_dump($row);
foreach ($row as $key => $value) {
// echo $key.' => '.$value;
$row[$key] = check_xss($value);
}
$ret['data'][] = $row;
// var_dump($row);
}
return $ret;
}
function adduser($username, $level = 0, $email = '', $realname = '', $can_modify_passwd = 0, $description = '', $twofactor = 0)
{
// Check to see if user is already added in the database
if (!user_exists_in_db($username)) {
$userid = dbInsert(array('username' => $username, 'realname' => $realname, 'email' => $email, 'descr' => $description, 'level' => $level, 'can_modify_passwd' => $can_modify_passwd, 'twofactor' => $twofactor, 'user_id' => get_userid($username)), 'users');
if ($userid == false) {
return false;
} else {
foreach (dbFetchRows('select notifications.* from notifications where not exists( select 1 from notifications_attribs where notifications.notifications_id = notifications_attribs.notifications_id and notifications_attribs.user_id = ?) order by notifications.notifications_id desc', array($userid)) as $notif) {
dbInsert(array('notifications_id' => $notif['notifications_id'], 'user_id' => $userid, 'key' => 'read', 'value' => 1), 'notifications_attribs');
}
}
return $userid;
} else {
return false;
}
}
public function index_action($verify_action = null)
{
if (Request::submitted('store')) {
$this->check_ticket();
if (Request::get('new_smsforward_rec')) {
$this->user->smsforward_rec = get_userid(Request::get('new_smsforward_rec'));
$this->user->smsforward_copy = 1;
} else {
if (Request::int('smsforward_copy') && !$this->user->smsforward_copy) {
$this->user->smsforward_copy = 1;
} else {
if (!Request::int('smsforward_copy') && $this->user->smsforward_copy) {
$this->user->smsforward_copy = 0;
}
}
}
$this->user->email_forward = Request::int('send_as_email');
$this->user->store();
// write to user config table
$this->config->store('ONLINE_NAME_FORMAT', Request::option('online_format'));
$this->config->store('MAIL_AS_HTML', Request::int('mail_format'));
$settings = $this->settings;
$settings['sms_sig'] = Request::get('sms_sig');
$settings['logout_markreaded'] = Request::int('logout_markreaded');
$settings['save_snd'] = Request::int('save_snd', 2);
$settings['request_mail_forward'] = Request::int('request_mail_forward', 0);
$this->config->store('MESSAGING_SETTINGS', $settings);
$this->reportSuccess(_('Ihre Einstellungen wurden erfolgreich gespeichert.'));
$this->redirect('settings/messaging');
}
if (!$this->user->smsforward_rec && Request::submitted('gosearch')) {
$vis_query = get_vis_query('auth_user_md5');
$query = "SELECT user_id, username, {$GLOBALS['_fullname_sql']['full_rev']} AS fullname, perms\n FROM auth_user_md5\n LEFT JOIN user_info USING (user_id)\n WHERE (username LIKE CONCAT('%', :needle, '%') OR\n Vorname LIKE CONCAT('%', :needle, '%') OR\n Nachname LIKE CONCAT('%', :needle, '%'))\n AND user_id != :user_id AND {$vis_query}\n ORDER BY Nachname ASC";
$statement = DBManager::get()->prepare($query);
$statement->bindValue(':needle', Request::get('search_exp'));
$statement->bindValue(':user_id', $this->user->user_id);
$statement->execute();
$matches = $statement->fetchAll(PDO::FETCH_ASSOC);
} else {
$matches = false;
}
$this->matches = $matches;
$this->verify_action = $verify_action;
}
function create_action()
{
$username = strtolower(Request::get("username"));
$password = Request::get("password");
if (isset($username) && isset($password)) {
$result = StudipAuthAbstract::CheckAuthentication($username, $password);
}
if (!isset($result) || $result['uid'] === false) {
$this->flash["notice"] = "login unsuccessful!";
$this->redirect("session/new");
return;
}
$user_id = get_userid($username);
if (isset($user_id)) {
$this->start_session($user_id);
}
$this->flash["notice"] = "login successful!";
$this->redirect("quickdial");
}
function add_task($target, $arguments)
{
$target = check_sql($target);
$time = time();
// $argJson = base64_encode(json_encode($arguments));
// $argJson = json_encode($arguments,JSON_FORCE_OBJECT);
$argJson = json_encode($arguments);
$argJson = mysql_real_escape_string($argJson);
$userid = get_userid();
var_dump($argJson);
$query = "INSERT INTO Task(Target,Start_Time,Arguments,Status,User_ID) VALUES('{$target}',{$time},'{$argJson}','waiting',{$userid})";
// echo $query . '<br>';
$result = mysql_query($query);
if ($result) {
return True;
} else {
echo mysql_error();
return False;
}
}
public function getUserFormat($fmt = '')
{
$config = cmsms()->GetConfig();
$stz = new DateTimeZone($config['timezone']);
$utz = new DateTimeZone($config['user_timezone']);
// this calls the cms_date_format stuff.
if (empty($fmt)) {
$fmt = get_site_preference('defaultdateformat', '%b %e, %Y');
global $gCms;
if (!isset($gCms->variables['page_id'])) {
$uid = get_userid(FALSE);
if ($uid) {
$fmt = get_preference($uid, 'date_format_string', $fmt);
}
}
}
$this->setTimeZone($utz);
$when = $this->format('U');
$this->setTimeZone($stz);
return strftime($fmt, $when);
}
function smarty_cms_function_edit($params, &$smarty)
{
global $gCms;
if (!check_permission(get_userid(false), 'Modify Any Page') && !quick_check_authorship($gCms->variables['content_id'], author_pages(get_userid(false)))) {
return;
}
$urlext = '?' . CMS_SECURE_PARAM_NAME . '=' . $_SESSION[CMS_USER_KEY];
$text = isset($params['text']) ? $params['text'] : 'Edit This Page';
if (isset($params["showbutton"])) {
return '<a href="' . $gCms->config['root_url'] . '/' . $gCms->config['admin_dir'] . '/editcontent.php' . $urlext . '&content_id=' . $gCms->variables['content_id'] . '"><img src="' . $gCms->config['root_url'] . '/images/cms/editbutton.png" alt="' . $text . '"/></a>';
} else {
return '<a href="' . $gCms->config['root_url'] . '/' . $gCms->config['admin_dir'] . '/editcontent.php' . $urlext . '&content_id=' . $gCms->variables['content_id'] . '">' . $text . '</a>';
}
/*
global $gCms;
$userid = get_userid(false);
if(!$userid) return;
$access = check_permission($userid, 'Modify Any Page');
if (!$access) return;
$text = 'Edit This Page';
if (!empty($params['text']))
{
$text = $params['text'];
}
//will this work if using htaccess? (Yes! -Wishy)
if (isset($params["showbutton"]))
{
return '<a href="'.$gCms->config['root_url'].'/'.$gCms->config['admin_dir'].'/editcontent.php?content_id='.$gCms->variables['content_id'].'"><img src="'.$gCms->config['root_url'].'/images/cms/editbutton.png" alt="'.$text.'"/></a>';
}
else
{
return '<a href="'.$gCms->config['root_url'].'/'.$gCms->config['admin_dir'].'/editcontent.php?content_id='.$gCms->variables['content_id'].'">'.$text.'</a>';
}
*/
}
