public static function Init() { $setup = \SystemSetting::getByKey("ARC_ISINIT"); if ($setup->value == "1") { return; } \Log::createLog("warning", "Arc", "Initilised default Arc settings"); // Default system settings Helper::arcCheckSettingExists("ARC_ISINIT", "1"); Helper::arcCheckSettingExists("ARC_KEEP_LOGS", "31"); Helper::arcCheckSettingExists("ARC_MAIL", "{\"smtp\":\"false\", \"server\":\"localhost\"" . ", \"username\":\"\", \"password\":\"\", \"port\":\"25\", \"sender\":\"Admin <*****@*****.**>\"}"); Helper::arcCheckSettingExists("ARC_LOGIN_URL", "welcome"); Helper::arcCheckSettingExists("ARC_FILE_UPLOAD_SIZE_BYTES", "2000000"); Helper::arcCheckSettingExists("ARC_THUMB_WIDTH", "80"); Helper::arcCheckSettingExists("ARC_THEME", "default"); Helper::arcCheckSettingExists("ARC_DEFAULT_PAGE", "welcome"); Helper::arcCheckSettingExists("ARC_LDAP", "{\"ldap\":\"false\", \"server\":\"localhost\"," . " \"domain\":\"mydomain\", \"base\":\"dc=mydomain,dc=local\"}"); Helper::arcCheckSettingExists("ARC_PASSWORD_RESET_MESSAGE", htmlentities("You or someone else has requested a password reset.<br />" . "Your new password is '{password}'.")); Helper::arcCheckSettingExists("ARC_ALLOWREG", "true"); Helper::arcCheckSettingExists("ARC_LOGO_PATH", "assets/logo-200x48-dark.png"); Helper::arcCheckSettingExists("ARC_DATEFORMAT", "d-m-Y"); Helper::arcCheckSettingExists("ARC_TIMEFORMAT", "H:i:s"); Helper::arcCheckSettingExists("ARC_REQUIRECOMPANY", false); Helper::arcCheckSettingExists("ARC_SITETITLE", "Arc Project"); Helper::arcCheckSettingExists("ARC_MEDIAMANAGERURL", "administration/media-manager"); }
function doLogin($user) { system\Helper::arcSetUser($user); Log::createLog("success", "user", "User logged in: " . $user->email); system\Helper::arcCheckSettingExists("ARC_LOGIN_URL", "/"); $url = SystemSetting::getByKey("ARC_LOGIN_URL"); system\Helper::arcReturnJSON(["redirect" => $url->value]); system\Helper::arcAddMessage("success", "Login successful."); }
public static function createLog($type, $module, $message) { $log = new Log(); $log->type = $type; $log->module = $module; $log->message = $message; if (system\Helper::arcIsImpersonator()) { $log->message = "Impersonated (" . system\Helper::arcGetImpersonator()->getFullname() . "): " . $log->message; } $log->update(); // get days $days = SystemSetting::getByKey("ARC_KEEP_LOGS"); system\Helper::arcGetDatabase()->query("delete from arc_logs where datediff(now(), arc_logs.event) > " . $days->value); }
<?php if (system\Helper::arcIsAjaxRequest()) { $apikey = SystemSetting::getByKey("APIKEY", $_POST["userid"]); $apikey->delete($apikey->id); //system\Helper::arcAddMessage("success", "User API key removed"); }
<?php if (system\Helper::arcIsAjaxRequest()) { $user = User::getByEmail($_POST["emailf"]); // valid user if ($user->id > 0) { $password = md5(uniqid($user->email, true)); $user->setPassword($password); $user->update(); $messageS = SystemSetting::getByKey("ARC_PASSWORD_RESET_MESSAGE"); $message = html_entity_decode($messageS->value); $message = str_replace("{password}", $password, $message); $mail = new Mail(); $mail->Send($user->email, "Password Reset Request", $message, true); system\Helper::arcAddMessage("success", "Password reset, please check your email."); Log::createLog("warning", "user", "Password reset request '" . $_POST["emailf"] . "'."); } else { system\Helper::arcAddMessage("danger", "Email address is not registered"); Log::createLog("danger", "user", "Request to reset unknown email address '" . $_POST["emailf"] . "'."); } }
} $name = $_FILES["file"]["name"]; $ext = end(explode(".", $name)); # extra () to prevent notice $filename = uniqid() . "." . $ext; $path = system\Helper::arcGetPath(true) . "assets/profile"; $destination = $path . "/" . $filename; if (!file_exists($path)) { mkdir($path); } Log::createLog("info", "user", "Destination: '" . $destination . "'"); $location = $_FILES["file"]["tmp_name"]; $size = filesize($location); if ($size == 0) { system\Helper::arcAddMessage("danger", "Invalid file uploaded"); Log::createLog("danger", "user", "Invalid file size."); return; } move_uploaded_file($location, $destination); $profileImage = SystemSetting::getByKey("ARC_USER_IMAGE", system\Helper::arcGetUser()->id); $profileImage->userid = system\Helper::arcGetUser()->id; $profileImage->value = $filename; $profileImage->update(); system\Helper::arcAddMessage("success", "File uploaded"); Log::createLog("success", "user", "Upload complete."); } else { Log::createLog("danger", "user", "Upload error " . $_FILES['file']['error']); system\Helper::arcAddMessage("danger", "Error occured while uploading file"); } } }
<?php $ldap = SystemSetting::getByKey("ARC_LDAP"); $ldapData = $ldap->getArrayFromJson(); $login = "******"; if ($ldapData["ldap"] == "true") { $login = "******"; } $reg = SystemSetting::getByKey("ARC_ALLOWREG"); $company = SystemSetting::getByKey("ARC_REQUIRECOMPANY"); ?> <div class="row"> <div class="collapse in" id="collapseA"> <div class="row"> <div class="col-md-5 col-md-offset-1"> <h3>Sign in</h3> <form name="loginForm"> <div class="form-group"> <input maxlength="100" type="text" class="form-control" id="email" placeholder="<?php echo $login; ?> "> </div> <div class="form-group"> <input maxlength="100" type="password" class="form-control" id="password" placeholder="Password"> </div> </div> <div class="col-md-5"> <?php
/** * * @param string String to decrypt * @return string */ public static function arcDecrypt($string) { $encryption_key = \SystemSetting::getByKey("ARC_PAIR")->value; $decrypted = openssl_decrypt($string, "aes-256-cbc", $encryption_key, 0, ARCIVKEYPAIR); return $decrypted; }
</tbody> </table> </div> </div> </div> <div class="panel panel-default"> <div class="panel-body"> <label for="apiuser">Add user</label> <div class="row"> <div class="col-md-8"> <select class="form-control" id="apiuser"> <?php $users = User::getAllUsers(); foreach ($users as $user) { $apikey = SystemSetting::getByKey("APIKEY", $user->id); if ($apikey->id == 0) { echo "<option value=\"{$user->id}\">{$user->getFullname()} ({$user->email})</option>"; } } ?> </select> </div> <div class="col-md-4"> <a class="btn btn-default btn-block" id="createAPI"><i class="fa fa-plus"></i> Create API key</a> </div> </div> </div> </div> <div class="well">
<?php if (system\Helper::arcIsAjaxRequest()) { $users = User::getAllUsers(); $table = "<table class=\"table table-hover table-condensed\">"; $table .= "<thead><tr><th>Name</th><th>Status</th><th>Email</th><th>Auth</th><th></th></tr></thead><tbody>"; foreach ($users as $user) { $table .= "<tr><td>" . $user->getFullname() . "</td><td>"; if ($user->enabled == true) { $table .= "<div class=\"label label-success\"><i class=\"fa fa-check\"></i> Enabled</div>"; } else { $table .= "<div class=\"label label-danger\"><i class=\"fa fa-remove\"></i> Disabled</div>"; } $table .= "</td><td>" . $user->email . "</td>" . "<td>"; $ad = SystemSetting::getByKey("ARC_USER_AD", $user->id); if ($ad->id == 0) { $table .= "<i class=\"fa fa-user\"></i> Local"; } else { $table .= "<i class=\"fa fa-cloud-download\"></i> LDAP"; } $table .= "</td>" . "<td class=\"text-right\">" . "<div class=\"btn-group\" role=\"group\">" . "<a class=\"btn btn-primary btn-xs\" onclick=\"impersonateUser(" . $user->id . ")\"><i class=\"fa fa-user-secret\"></i> Impersonate</a>" . "<a class=\"btn btn-success btn-xs\" onclick=\"editUser(" . $user->id . ")\"><i class=\"fa fa-pencil\"></i> Edit</a>" . "<a class=\"btn btn-danger btn-xs\" onclick=\"removeUser(" . $user->id . ")\"><i class=\"fa fa-remove\"></i> Remove</a>" . "</div>" . "</td></tr>"; } $table .= "</tbody></table>"; system\Helper::arcReturnJSON(["html" => $table]); }
<?php if (system\Helper::arcIsAjaxRequest() && count($_FILES) > 0) { Log::createLog("success", "arc", "Detected upload request."); if (isset($_FILES['file']['name'])) { if (!$_FILES['file']['error']) { Log::createLog("success", "arc", "Starting image upload."); $filesize = SystemSetting::getByKey("ARC_FILE_UPLOAD_SIZE_BYTES"); Log::createLog("info", "arc", "Upload size limit: " . $filesize->value); if ($_FILES['file']['size'] > $filesize->value) { system\Helper::arcAddMessage("danger", "Image file size exceeds limit"); Log::createLog("danger", "arc", "Image exceeds size limit."); return; } $file_type = $_FILES['file']['type']; Log::createLog("info", "arc", "Type: " . $_FILES['file']['type']); if ($file_type != "image/jpeg" && $file_type != "image/jpg" && $file_type != "image/gif" && $file_type != "image/png") { system\Helper::arcAddMessage("danger", "Invalid image type, requires JPEG, JPG, GIF or PNG"); Log::createLog("danger", "arc", "Invalid image type."); return; } Log::createLog("info", "arc", "Valid image type detected."); //$name = md5(uniqid(rand(), true)); //$ext = explode('.', $_FILES['file']['name']); //$filename = $name . '.' . $ext[1]; $filename = $_FILES['file']['name']; // force lowercase names $filename = strtolower($filename); $destination = system\Helper::arcGetPath(true) . "assets/pagemanager/" . $filename; if (!file_exists(system\Helper::arcGetPath(true) . "assets/pagemanager")) { mkdir(system\Helper::arcGetPath(true) . "assets/pagemanager");
/** * * @param string $from Sender, left null to use system setting. * @param string/array $to To, format as 'Firstname Lastname' <*****@*****.**> or email address only. * @param string/array $cc CC, format as 'Firstname Lastname' <*****@*****.**> or email address only. * @param string $subject String message subject. * @param string $message Message body, html or plain text. * @param boolean $html True for html body, false for plain. * @return boolean True/False depending is the operation was completed. */ public function Send($to = array(), $subject, $message, $html = true, $from = null, $cc = array()) { if ($html == true) { $theme = SystemSetting::getByKey("ARC_THEME"); if (file_exists(system\Helper::arcGetPath(true) . "themes/" . $theme->value . "/email.php")) { $content = file_get_contents(system\Helper::arcGetPath(true) . "themes/" . $theme->value . "/email.php"); $message = system\Helper::arcParseEmail($content, $message); } } Log::createLog("info", "arcmail", "Send email request, mode: " . $this->mode); // Set from details if ($from == null) { $from = $this->data["sender"]; } // Build to list if (!is_array($to)) { $list = array(); $list[] = $to; $to = $list; } // Build to list if (!is_array($cc)) { $list = array(); $list[] = $cc; $cc = $list; } // Build Mail Header $headers = "MIME-Version: 1.0\r\n"; if ($html == true) { // Html content $headers .= "Content-Type: text/html; charset=iso-8859-1\r\n"; } else { // Plain test $headers .= "Content-Type: text/plain;\r\n"; } Log::createLog("info", "arcmail", "Mail headers built"); switch ($this->mode) { case "MAIL": // Add from header $headers .= "From: " . $from . "\r\n"; // Build recipients list $toList = ""; foreach ($to as $recipient) { $toList .= $recipient . ", "; } $toList = substr($toList, 0, -2); Log::createLog("success", "arcmail", "PHP mail created."); // Send mail mail($toList, $subject, $message, $headers); Log::createLog("success", "arcmail", "PHP mail sent."); break; case "SMTP": include system\Helper::arcGetPath(true) . "app/classes/PHPMailer/PHPMailerAutoload.php"; $mail = new PHPMailer(); $mail->isSMTP(); $mail->Host = $this->data["server"]; if (empty($this->data["username"]) && empty($this->data["password"])) { $mail->SMTPAuth = false; } else { $mail->SMTPAuth = true; $mail->Username = $this->data["username"]; $smtp_password = system\Helper::arcDecrypt($this->data["password"]); $mail->Password = $smtp_password; } $mail->setFrom($from); foreach ($to as $email) { $mail->addAddress($email); } foreach ($cc as $email) { $mail->addCC($email); } $mail->isHTML($html); $mail->Subject = $subject; $mail->Body = $message; if (!$mail->send()) { Log::createLog("danger", "arcmail", "SMTP: " . $mail->ErrorInfo); } else { Log::createLog("success", "arcmail", "SMTP: Message sent"); } break; } }
$setting->value = $_POST["theme"]; $setting->update(); $setting = SystemSetting::getByKey("ARC_THUMB_WIDTH"); $setting->value = $_POST["width"]; $setting->update(); $setting = SystemSetting::getByKey("ARC_FILE_UPLOAD_SIZE_BYTES"); $setting->value = $_POST["limit"]; $setting->update(); $setting = SystemSetting::getByKey("ARC_ALLOWREG"); $setting->value = $_POST["allowReg"]; $setting->update(); $setting = SystemSetting::getByKey("ARC_LOGO_PATH"); $setting->value = $_POST["siteLogo"]; $setting->update(); $setting = SystemSetting::getByKey("ARC_DATEFORMAT"); $setting->value = $_POST["dateFormat"]; $setting->update(); $setting = SystemSetting::getByKey("ARC_TIMEFORMAT"); $setting->value = $_POST["timeFormat"]; $setting->update(); $setting = SystemSetting::getByKey("ARC_REQUIRECOMPANY"); $setting->value = $_POST["company"]; $setting->update(); $setting = SystemSetting::getByKey("ARC_SITETITLE"); $setting->value = $_POST["siteTitle"]; $setting->update(); $setting = SystemSetting::getByKey("ARC_MEDIAMANAGERURL"); $setting->value = $_POST["media"]; $setting->update(); system\Helper::arcAddMessage("success", "System settings saved."); }
<?php system\Helper::arcAddFooter("js", system\Helper::arcGetModulePath() . "js/systemsettings.js"); $logs = SystemSetting::getByKey("ARC_KEEP_LOGS"); $file_size = SystemSetting::getByKey("ARC_FILE_UPLOAD_SIZE_BYTES"); $theme_setting = SystemSetting::getByKey("ARC_THEME"); $thumb = SystemSetting::getByKey("ARC_THUMB_WIDTH"); $login_url = SystemSetting::getByKey("ARC_LOGIN_URL"); $default_page = SystemSetting::getByKey("ARC_DEFAULT_PAGE"); $mail = SystemSetting::getByKey("ARC_MAIL"); $ldap = SystemSetting::getByKey("ARC_LDAP"); $reg = \SystemSetting::getByKey("ARC_ALLOWREG"); $logo = \SystemSetting::getByKey("ARC_LOGO_PATH"); $dateformat = \SystemSetting::getByKey("ARC_DATEFORMAT"); $timeformat = \SystemSetting::getByKey("ARC_TIMEFORMAT"); $company = \SystemSetting::getByKey("ARC_REQUIRECOMPANY"); $title = \SystemSetting::getByKey("ARC_SITETITLE"); $media = \SystemSetting::getByKey("ARC_MEDIAMANAGERURL");
<?php $days = SystemSetting::getByKey("ARC_KEEP_LOGS"); ?> <ul class="nav nav-tabs"> <li class="active"><a data-toggle="tab" href="#log"> Arc Logs</a></li> <li><a data-toggle="tab" href="#php"> PHP Logs</a></li> </ul> <div class="tab-content"> <div id="log" class="tab-pane fade in active"> <div class="alert alert-warning"> <i class="fa fa-exclamation"></i> Logs are purged automatically after <?php echo $days->value; ?> days. This can be adjusted in settings. </div> <div id="logs" class="small"> </div> </div> <div id="php" class="tab-pane fade"> <p class="small"> <?php $path = system\Helper::arcGetPath(true) . ini_get('error_log'); if (file_exists($path)) { $log = nl2br(file_get_contents($path)); $log = str_replace("[", "<mark>[", $log); $log = str_replace("]", "]</mark>", $log); $log = str_replace("PHP Warning:", "<label class=\"label label-warning\">Warning</label><br />", $log); $log = str_replace("PHP Fatal error:", "<label class=\"label label-danger\">Error</label><br />", $log);
system\Helper::arcAddMessage("danger", "User already exists with that email address"); return; } $user->firstname = ucfirst(strtolower($_POST["firstname"])); $user->lastname = ucfirst(strtolower($_POST["lastname"])); $user->email = strtolower($_POST["emailr"]); if (empty($user->email)) { system\Helper::arcAddMessage("danger", "Please specifiy an email address"); return; } $user->setPassword($_POST["passwordr"]); // save user $user->update(); $company = SystemSetting::getByKey("ARC_REQUIRECOMPANY"); if (!empty($_POST["company"]) && $company->value == "true") { $comp = Company::getByName(ucwords($_POST["company"])); if ($comp->id == 0) { $comp = new Company(); $comp->name = ucwords($_POST["company"]); $comp->update(); } $user->addToCompany($comp->id); } system\Helper::arcSetUser($user); system\Helper::arcAddMessage("success", "Your details have been registered"); system\Helper::arcCheckSettingExists("ARC_LOGIN_URL", "/"); $url = SystemSetting::getByKey("ARC_LOGIN_URL"); system\Helper::arcReturnJSON(["redirect" => $url->value]); } else { system\Helper::arcAddFooter("js", system\Helper::arcGetModulePath() . "js/register.js"); }