function api_output_get_format()
{
$format = null;
$possible = null;
if (request_isset('format')) {
$possible = request_str('format');
} elseif (function_exists('getallheaders')) {
$headers = getallheaders();
if (isset($headers['Accept'])) {
foreach (explode(",", $headers['Accept']) as $what) {
list($type, $q) = explode(";", $what, 2);
if (preg_match("!^application/(\\w+)\$!", $type, $m)) {
$possible = $m[1];
break;
}
}
}
} else {
}
if ($possible) {
if (in_array($possible, $GLOBALS['cfg']['api']['formats'])) {
$format = $possible;
}
}
return $format;
}
function _api_output_rest_send_json_headers()
{
$content_type = 'application/json';
if (request_isset('_jsondebug')) {
$content_type = 'text/plain';
}
utf8_headers($content_type);
}
function api_output_send($rsp, $more = array())
{
$rsp['stat'] = isset($more['is_error']) ? 'error' : 'ok';
api_log(array('stat' => $rsp['stat']), 'write');
api_output_utils_start_headers($rsp, $more);
if (features_is_enabled("api_cors")) {
if ($origin = $GLOBALS['cfg']['api_cors_allow_origin']) {
header("Access-Control-Allow-Origin: " . htmlspecialchars($origin));
}
}
if (!request_isset("inline")) {
header("Content-Type: text/json");
}
$json = json_encode($rsp);
header("Content-Length: " . strlen($json));
echo $json;
exit;
}
function api_output_send($rsp, $callback, $more = array())
{
$rsp['stat'] = isset($more['is_error']) ? 'error' : 'ok';
api_log(array('stat' => $rsp['stat']), 'write');
api_output_utils_start_headers($rsp, $more);
if (features_is_enabled("api_cors")) {
if ($origin = $GLOBALS['cfg']['api_cors_allow_origin']) {
header("Access-Control-Allow-Origin: " . htmlspecialchars($origin));
}
}
$json = json_encode($rsp);
# http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/
$jsonp = "/**/" . $callback . "(" . $json . ")";
header("Content-Disposition: attachment; filename=f.txt,");
header("X-Content-Type-Options: nosniff");
header("Content-Length: " . strlen($jsonp));
if (!request_isset("inline")) {
header("Content-Type: application/javascript");
}
echo $jsonp;
exit;
}
mysql_connect($DB_ADDRESS, $DB_USER, $DB_PASS) or die(mysql_error());
mysql_select_db($DB_NAME) or die(mysql_error());
// To protect MySQL injection (more detail about MySQL injection)
$username = mysql_real_escape_string(stripslashes(request_isset('myusername')));
$password = mysql_real_escape_string(stripslashes(request_isset('mypassword')));
$authManager = new AuthManager();
$checkLogin = $authManager->checkLogin($username, $password);
// if a single record was found given the username and password
if ($checkLogin['count'] == 1) {
// store nessasary data to the session
$_SESSION['USER_ID'] = $checkLogin['USER_ID'];
$_SESSION['usertype'] = $checkLogin['user_type'];
$_SESSION['username'] = $username;
$sessionManager = new sessionManager($checkLogin['USER_ID'], $checkLogin['user_type'], $username);
$_SESSION['sessionManager'] = serialize($sessionManager);
}
}
// END -----------------------------------------------------------------------------------
if ($sessionManager->isAuthorized()) {
$USER_ID = $_SESSION['USER_ID'];
$page_action = request_isset('action');
$db_link = DB_Connect($DB_ADDRESS, $DB_USER, $DB_PASS, $DB_NAME);
} else {
if (isset($forceLogin)) {
if ($forceLogin == true) {
require_once $relative_base_path . 'auth/login.php';
}
} else {
require_once $relative_base_path . 'auth/login.php';
}
}
<?php
require_once '../../views/_secureHead.php';
require_once '../../models/_add.php';
require_once '../../models/_table.php';
if (isset($sessionManager) && $sessionManager->isAuthorized()) {
$PASSMAN_ID = request_isset('id');
$site = request_isset('site');
$url = request_isset('url');
$username = request_isset('username');
$password = request_isset('password');
switch ($page_action) {
case 'update_by_id':
$db_update_success = PasswordManager::updateRecord($PASSMAN_ID, $USER_ID, $site, $url, $username, $password);
break;
case 'add_password':
$db_add_success = PasswordManager::addRecord($USER_ID, $site, $url, $username, $password);
break;
case 'delete_by_id':
$db_delete_success = PasswordManager::deleteRecord($PASSMAN_ID, $USER_ID);
break;
}
$passman_records = PasswordManager::getAllRecords($USER_ID);
$page_title = 'PassMan';
$alt_menu = getAddButton();
// build add view
$addView = new AddView('Add', 'add_password');
$addView->addRow('site', 'Site');
$addView->addRow('url', 'URL');
$addView->addRow('username', 'Username');
$addView->addRow('password', 'Password');
<?php
require_once '../../views/_secureHead.php';
require_once $relative_base_path . 'models/edit.php';
if (isset($sessionManager) && $sessionManager->isAuthorized()) {
$KEYMAN_ID = request_isset('id');
$record = KeyManager::getRecord($KEYMAN_ID, $USER_ID);
$app_title = 'Edit | ' . $app_title;
// build edit view
$editModel = new EditModel('Edit', 'update_by_id', $KEYMAN_ID);
$editModel->addRow('name', 'Name', $record->getName());
$editModel->addTextarea('private_key', 'Private key', $record->getPrivateKey());
$editModel->addTextarea('public_key', 'Public key', $record->getPublicKey());
$editModel->addRow('passphrase', 'Passphrase', $record->getPassphrase());
$views_to_load = array();
$views_to_load[] = ' ' . EditView2::render($editModel);
include $relative_base_path . 'views/_generic.php';
}
login_ensure_loggedin();
loadlib("api_keys");
loadlib("api_keys_utils");
loadlib("api_oauth2_access_tokens");
loadlib("api_oauth2_grant_tokens");
$key_more = array('ensure_isown' => 0);
$key_row = api_keys_utils_get_from_url($key_more);
$GLOBALS['smarty']->assign_by_ref("key", $key_row);
$crumb_key = 'access_token_register';
$GLOBALS['smarty']->assign("crumb_key", $crumb_key);
$perms_map = api_oauth2_access_tokens_permissions_map();
$GLOBALS['smarty']->assign_by_ref("permissions", $perms_map);
$ttl_map = api_oauth2_access_tokens_ttl_map();
$GLOBALS['smarty']->assign_by_ref("ttl_map", $ttl_map);
# Handy helper mode to create auth tokens for yourself...
if (request_isset("self")) {
features_ensure_enabled("api_authenticate_self");
if ($key_row['user_id'] != $GLOBALS['cfg']['user']['id']) {
error_403();
}
if ($token_row = api_oauth2_access_tokens_get_for_user_and_key($GLOBALS['cfg']['user'], $key_row)) {
$GLOBALS['smarty']->assign_by_ref("token_row", $token_row);
$GLOBALS['smarty']->assign("has_token", 1);
} else {
if (post_isset("confirm") && crumb_check($crumb_key)) {
$perms = request_str("perms");
$ttl = request_int32("ttl");
if (!api_oauth2_access_tokens_is_valid_permission($perms)) {
$GLOBALS['smarty']->assign("error", "bad_perms");
} else {
$rsp = api_oauth2_access_tokens_create($key_row, $GLOBALS['cfg']['user'], $perms, $ttl);
<?php
require_once '../../views/_secureHead.php';
require_once '../../libs/simple_html_dom.php';
require_once '../../models/_header.php';
require_once '../../models/_add.php';
require_once '../../models/_table.php';
if (isset($sessionManager) && $sessionManager->isAuthorized()) {
$STOCK_ID = request_isset('id');
$ticker = request_isset('ticker');
$stockManager = new StockManager();
if ($sessionManager->getUserType() != 'ADMIN') {
switch ($page_action) {
case 'update_by_id':
$db_update_success = $stockManager->updateRecord($STOCK_ID, $USER_ID, $ticker);
break;
case 'add_stock':
$db_add_success = $stockManager->addRecord($USER_ID, $ticker);
break;
case 'delete_by_id':
$db_delete_success = $stockManager->deleteRecord($STOCK_ID, $USER_ID);
break;
}
}
$stock_records = $stockManager->getAllRecords();
// build header view
$headerView = new HeaderView(($sessionManager->getUserType() == 'ADMIN' ? 'Indexer | ' : '') . 'Stocks');
$headerView->setLink('<link rel="stylesheet" type="text/css" href="css/styles.css" />');
if ($sessionManager->getUserType() == 'ADMIN') {
$headerView->setMeta('<meta http-equiv="refresh" content="1800;url=#" />');
} else {
$id = request_isset('id');
$store = request_isset('store');
$dateOption = request_isset('dateOption');
$selectTimeDate = request_isset('selectTime-date');
$selectTimeTime = request_isset('selectTime-time');
$budget_id = request_isset('budget_id');
$item_id = request_isset('item_id');
$item_name = request_isset('item_name');
$amount = request_isset('amount');
$qty = request_isset('qty');
$category = request_isset('category');
$brand = request_isset('brand');
$size = request_isset('size');
$size_unit = request_isset('size_unit');
$tax = request_isset('tax');
$sale = request_isset('sale');
// figure out what $date should be
if ($dateOption == 'dateOption-current') {
$date = 'CURRENT_TIMESTAMP';
} else {
if ($dateOption == 'dateOption-selectTime') {
$date = "{$selectTimeDate} {$selectTimeTime}";
}
}
switch ($page_action) {
case 'update_item_by_id':
$id = BudgetManager::getBudgetIdFromItemId($item_id);
$db_update_success = BudgetManager::updateItemRecord($item_id, $item_name, $amount, $qty, $category, $brand, $size, $size_unit, $tax, $sale);
break;
case 'add_receipt_item':
$id = $budget_id;
<?php
require_once '../../views/_secureHead.php';
if (isset($sessionManager) && $sessionManager->isAuthorized()) {
$id = request_isset('id');
$sbookmark = request_isset('sbookmark');
$title = request_isset('title');
$url = request_isset('url');
switch ($page_action) {
case 'update_by_id':
$db_update_success = BookmarkManager::updateRecord($id, $title, $url);
break;
case 'add_bookmark':
$db_update_success = BookmarkManager::addRecord($title, $url);
break;
case 'delete_by_id':
$db_delete_success = BookmarkManager::deleteRecord($id);
break;
}
$page_title = 'Bookmarks';
$search_target = 'bookmarks';
$bookmark_data = BookmarkManager::getAllRecords();
$alt_menu = getAddButton() . getSearchButton();
$searchModel = new SearchModel($search_target);
$addModel = new AddModel('Add', 'add_bookmark');
$addModel->addRow('title', 'Title');
$addModel->addRow('url', 'URL');
$bookmarkModel = new TableModel('', $search_target);
/*$bookmarkModel->addRow ( array (
TableView2::createCell ('site', 'Site', 'th'),
TableView2::createCell ()
<?php
require_once '../../views/_secureHead.php';
require_once '../../models/_add.php';
require_once '../../models/_table.php';
KeyManager::initDB(new KeyManager());
if (isset($sessionManager) && $sessionManager->isAuthorized()) {
$KEYSTORE_ID = request_isset('id');
$name = request_isset('name');
$private_key = request_isset('private_key');
$public_key = request_isset('public_key');
$passphrase = request_isset('passphrase');
switch ($page_action) {
case 'update_by_id':
$db_update_success = KeyManager::updateRecord($KEYSTORE_ID, $USER_ID, $name, $private_key, $public_key, $passphrase);
break;
case 'add_key':
$db_add_success = KeyManager::addRecord($KEYSTORE_ID, $USER_ID, $name, $private_key, $public_key, $passphrase);
break;
case 'delete_by_id':
$db_delete_success = KeyManager::deleteRecord($KEYSTORE_ID, $USER_ID);
break;
}
$keyman_records = KeyManager::getAllRecords($USER_ID);
$alt_menu = getAddButton();
// build add view
$addView = new AddView('Add', 'add_key');
$addView->addRow('name', 'Name');
$addView->addRow('private_key', 'Private key');
$addView->addRow('public_key', 'Public key');
$addView->addRow('passphrase', 'Passphrase');
<?php
require_once '../../views/_secureHead.php';
require_once $relative_base_path . 'models/edit.php';
if (isset($sessionManager) && $sessionManager->isAuthorized()) {
$PASSMAN_ID = request_isset('id');
$passwordManager = new PasswordManager();
$record = $passwordManager->getRecord($PASSMAN_ID, $USER_ID);
$page_title = 'Edit | PassMan';
// build edit view
$editModel = new EditModel('Edit', 'update_by_id', $PASSMAN_ID);
$editModel->addRow('site', 'Site', $record->getSite());
$editModel->addRow('url', 'URL', $record->getUrl());
$editModel->addRow('username', 'Username', $record->getUsername());
$editModel->addRow('password', 'Password', $record->getPassword());
$views_to_load = array();
$views_to_load[] = ' ' . EditView2::render($editModel);
include $relative_base_path . 'views/_generic.php';
}
<?php
require_once '../../views/_secureHead.php';
require_once '../../libs/simple_html_dom.php';
require_once '../../models/_edit.php';
if (isset($sessionManager) && $sessionManager->isAuthorized()) {
$STOCK_ID = request_isset('id');
$stockManager = new StockManager();
$record = $stockManager->getRecord($STOCK_ID);
$page_title = 'Edit | Stocks';
// build edit view
$editView = new EditView('Edit', 'update_by_id', $STOCK_ID);
$editView->addRow('stock', 'Stock', $record->getStock());
$editView->addRow('ticker', 'Ticker', $record->getSymbol());
$views_to_load = array();
$views_to_load[] = '../../views/_edit.php';
include '../../views/_generic.php';
}
<?php
require_once '../../views/_secureHead.php';
require_once $relative_base_path . 'models/add.php';
require_once $relative_base_path . 'models/table.php';
require_once $relative_base_path . 'models/button.php';
if (isset($sessionManager) && $sessionManager->isAuthorized()) {
$id = request_isset('id');
$amount = request_isset('amount');
$category = request_isset('category');
$store = request_isset('store');
$items = request_isset('items');
$startdate = request_isset('startdate');
$enddate = request_isset('enddate');
switch ($page_action) {
case 'update_by_id':
$db_update_success = BudgetManager::updateRecurringRecord($id, $amount, $category, $store, $items, $startdate, $enddate);
break;
case 'add_budget_item':
$db_add_success = BudgetManager::addRecurringRecord($amount, $category, $store, $items, $startdate, $enddate);
break;
case 'delete_by_id':
$db_delete_success = BudgetManager::deleteRecurringRecord($id);
break;
}
$page_title = 'Recurring | Budget';
$alt_menu = getAddButton() . getBackButton();
$addModel = new AddModel('Add', 'add_budget_item');
$addModel->addRow('amount', 'Amount');
$addModel->addRow('category', 'Category');
$addModel->addRow('store', 'Store');
<?php
require_once '../../views/_secureHead.php';
require_once $relative_base_path . 'models/edit.php';
if (isset($sessionManager) && $sessionManager->isAuthorized()) {
$BOOKMARK_ID = request_isset('id');
$bookmarkManager = new BookmarkManager();
$record = $bookmarkManager->getRecord($BOOKMARK_ID);
$page_title = 'Edit | Bookmarks';
// build edit view
$editModel = new EditModel('Edit', 'update_by_id', $BOOKMARK_ID);
$editModel->addRow('title', 'Title', $record->getTitle());
$editModel->addRow('url', 'URL', $record->getUrl());
$views_to_load = array();
$views_to_load[] = ' ' . EditView2::render($editModel);
include $relative_base_path . 'views/_generic.php';
}
<?php
require_once '../../views/_secureHead.php';
require_once '../../models/_header.php';
require_once '../../models/_add.php';
require_once '../../models/_table.php';
require_once $relative_base_path . 'auth/_model.php';
if (isset($sessionManager) && $sessionManager->getUserType() == 'ADMIN') {
require_once 'usertypes.php';
$id = request_isset("id");
$user_type = request_isset("user_type");
$username = request_isset("username");
$new_password = request_isset("new_password");
$password = request_isset("password");
$userManager = new UserManager();
$authManager = new AuthManager();
switch ($page_action) {
case 'update_by_id':
//$db_update_success = $userManager->updateRecord ($id, $user_type, $username, $password);
$db_update_success = $authManager->updateRecord($id, $user_type, $username, $new_password);
break;
case "add_user":
//$userManager->addRecord($user_type, $username, $password);
$db_add_success = $authManager->addUser($user_type, $username, $password);
break;
case "delete_by_id":
//$userManager->deleteRecord ($id);
$db_delete_success = $authManager->deleteUser($id);
break;
}
$users_data = $userManager->getAllRecords();
<?php
require_once '../../views/_secureHead.php';
require_once '../../models/_header.php';
require_once '../../models/_add.php';
require_once '../../models/_table.php';
if (isset($sessionManager) && $sessionManager->getUserType() == 'ADMIN') {
$id = request_isset('id');
$key = request_isset('key');
$value = request_isset('value');
$settingsManager = new SettingsManager();
switch ($page_action) {
case 'add_setting':
$settingsManager->addRecord($key, $value);
break;
case 'delete_by_id':
$settingsManager->deleteRecord($id);
break;
case 'update_by_id':
$settingsManager->updateRecord($id, $key, $value);
break;
}
$settings_data = $settingsManager->getAllRecords();
$page_title = 'Settings';
$alt_menu = '<a href="#" class="add">Add</a>';
$addView = new AddView('Add', 'add_setting');
$addView->addRow('key', 'Key');
$addView->addRow('value', 'Value');
$tableView = new TableView(array('Key', 'Value', ''));
while (($settings_row = mysql_fetch_array($settings_data)) != null) {
$tableView->addRow(array(TableView::createCell('key', $settings_row['key']), TableView::createCell('value', $settings_row['value']), TableView::createEdit($settings_row['SETTING_ID'])));
<?php
require_once '../../views/_secureHead.php';
require_once $relative_base_path . 'models/edit.php';
if (isset($sessionManager) && $sessionManager->isAuthorized()) {
$id = request_isset('id');
$record = BudgetManager::getRecurringRecord($id);
$page_title = 'Edit | Bookmarks';
// build edit view
$editModel = new EditModel('Edit', 'update_by_id', $id, 'recurring.php');
$editModel->addRow('amount', 'Amount', $record['amount']);
$editModel->addRow('category', 'Category', $record['category']);
$editModel->addRow('store', 'Store', $record['store']);
$editModel->addRow('items', 'Items', $record['items']);
$editModel->addRow('startdate', 'Start date', $record['startDate']);
$editModel->addRow('enddate', 'End date', $record['endDate']);
$views_to_load = array();
$views_to_load[] = ' ' . EditView2::render($editModel);
include $relative_base_path . 'views/_generic.php';
}
<?php
require_once '../../views/_secureHead.php';
require_once $relative_base_path . 'models/add.php';
require_once $relative_base_path . 'models/table.php';
require_once $relative_base_path . 'models/button.php';
if (isset($sessionManager) && $sessionManager->isAuthorized()) {
$id = request_isset('id');
$year = request_isset('year');
$month = request_isset('month');
$store = request_isset('store');
$dateOption = request_isset('dateOption');
$selectTimeDate = request_isset('selectTime-date');
$selectTimeTime = request_isset('selectTime-time');
// figure out what $date should be
if ($dateOption == 'dateOption-current') {
$date = 'CURRENT_TIMESTAMP';
} else {
if ($dateOption == 'dateOption-selectTime') {
$date = "{$selectTimeDate} {$selectTimeTime}";
}
}
$hasTitle = $year != null && $month != null;
$total_spent = 0;
$totals = array();
$index = 0;
$budget_line_items = '';
if ($hasTitle) {
$todayDate = new DateTime("{$year}-{$month}-01 00:00:01");
$todayDateFormated = date('F Y', $todayDate->getTimestamp());
}
