<?php
require_once 'nucommon.php';
if (isset($_GET['p'])) {
$values = array($_GET['p']);
$sql = "SELECT zzzsys_php_id, slp_php FROM zzzsys_php WHERE slp_code = ? AND slp_nonsecure = '1' ";
$rs = nuRunQuery($sql, $values);
$num = db_num_rows($rs);
if ($num == 1) {
$r = db_fetch_object($rs);
$r->slp_php = nuGetSafePHP('slp_php', $r->zzzsys_php_id, $r->slp_php);
$e = nuReplaceHashes($r->slp_php, $_GET);
eval($e);
} else {
echo "Request is not allowed";
}
} else {
echo "Request format is invalid";
}
<?php
require_once 'nucommon.php';
$jsonID = $_GET['i'];
$t = nuRunQuery("SELECT deb_message AS json FROM zzzsys_debug WHERE zzzsys_debug_id = ? ", array($jsonID));
$r = db_fetch_object($t);
$JSON = json_decode($r->json);
$DATA = $JSON->slp_php;
$ID = $JSON->zzzsys_php_id;
$DATA = nuGetSafePHP('slp_php', $ID, $DATA);
$TABLE_ID = nuTT();
$hashData = nuBuildHashData($JSON, $TABLE_ID);
$php = nuReplaceHashes($DATA, $hashData);
eval($php);
//-- run php code
nuRunQuery("DELETE FROM zzzsys_debug WHERE zzzsys_debug_id = ? ", array($jsonID));
<?php
require_once 'nucommon.php';
$response = array();
$response['DATA'] = '';
$response['SUCCESS'] = false;
$response['ERRORS'] = array();
$GLOBALS['ERRORS'] = array();
$hashData = nuHashData();
$code = $_GET['c'];
$sql = "SELECT * FROM zzzsys_php WHERE slp_code = ?";
$t = nuRunQuery($sql, array($code));
$r = db_fetch_object($t);
if (nuPHPAccess($r->zzzsys_php_id)) {
$r->slp_php = nuGetSafePHP('slp_php', $r->zzzsys_php_id, $r->slp_php);
$e = nuReplaceHashes($r->slp_php, $hashData);
eval($e);
$response['DATA'] = $nuParameters;
if ($nuError != '') {
$response['ERRORS'][] = $nuError;
}
} else {
$response['ERRORS'][] = "Access denied to PHP - ({$r->slp_code})";
}
print json_encode($response);
function nuEmail($pPDForPHP, $pEmailTo, $pSubject, $pMessage, $hashData)
{
//-- Emails a PDF,PHP generated file or plain email (Requires hashdata of form to generate file from)
if ($hashData == '') {
$hashData = nuHashData();
}
$session = $hashData['session_id'];
$sql = "SELECT * FROM zzzsys_session INNER JOIN zzzsys_user ON sss_zzzsys_user_id = zzzsys_user_id WHERE zzzsys_session_id = '{$session}'";
$t = nuRunQuery($sql);
$r = db_fetch_object($t);
if ($r != null) {
$fromname = $r->sus_name;
$fromaddress = $r->sus_email;
} else {
$setup = $GLOBALS['nuSetup'];
//-- Read SMTP AUTH Settings from zzsys_setup table
$fromname = trim($setup->set_smtp_from_name);
$fromaddress = trim($setup->set_smtp_from_address);
}
$filelist = array();
if ($hashData['nu_pdf_code'] != '') {
nuV('code', $pPDForPHP);
nuV('call_type', 'printpdf');
nuV('filename', $hashData['nu_email_file_name']);
$hashData['parent_record_id'] = $hashData['nu_pdf_code'];
$tmp_nu_file = nuPDForPHPParameters($hashData);
$finfo = finfo_open(FILEINFO_MIME_TYPE);
//-- check to see if the file being sent is a PDF file
if (finfo_file($finfo, $tmp_nu_file) != 'application/pdf') {
nuDisplayError(file_get_contents($tmp_nu_file, true));
finfo_close($finfo);
return;
}
} else {
if ($hashData['nu_php_code'] != '') {
//-- Run PHP Code
$s = "SELECT zzzsys_php_id, slp_php FROM zzzsys_php WHERE slp_code = '{$pPDForPHP}'";
$t = nuRunQuery($s);
$r = db_fetch_object($t);
$r->slp_php = nuGetSafePHP('slp_php', $r->zzzsys_php_id, $r->slp_php);
$php = nuReplaceHashes($r->slp_php, $hashData);
eval($php);
return;
}
}
if ($hashData['nu_pdf_code'] != '') {
//-- File to attach, send with file
$filelist[$hashData['nu_email_file_name']] = $tmp_nu_file;
}
/*
if(!nuEmailValidateAddress($pEmailTo)) { //-- check to see if to field email is valid
nuDisplayError("To Email validation failed");
return;
}
*/
return nuSendEmail($pEmailTo, $fromaddress, $fromname, $pMessage, $pSubject, $filelist);
}
function nuReplaceLabelHashVariables($LAY, $hashData)
{
for ($i = 0; $i < count($GLOBALS['nu_report']); $i++) {
for ($o = 0; $o < count($GLOBALS['nu_report'][$i]->objects); $o++) {
$O = nuGetObjectProperties($LAY, $GLOBALS['nu_report'][$i]->objects[$o]->id);
if ($O->objectType == 'label') {
for ($l = 0; $l < count($GLOBALS['nu_report'][$i]->objects[$o]->lines); $l++) {
$GLOBALS['nu_report'][$i]->objects[$o]->lines[$l] = nuReplaceHashes($GLOBALS['nu_report'][$i]->objects[$o]->lines[$l], $hashData);
}
}
}
}
}
function nuButtonTitle($name, $show, $title, $sql, $hash = array())
{
if ($show != '1') {
return '';
}
if ($sql == '') {
if ($title != '') {
//-- 28/01/2014 - 2:55PM - Added code to return title if one existed - Ken
return $title;
} else {
return $name;
}
}
$sql = nuReplaceHashes($sql, $hash);
$t = nuRunQuery($sql);
if (nuErrorFound()) {
return;
}
$r = db_fetch_row($t);
if ($r[0] != '1') {
return '';
}
if ($title != '') {
//-- 28/01/2014 - 2:55PM - Added code to return title if one existed - Ken
return $title;
} else {
return $name;
}
}
