public function upload()
{
// security check first
$token_handler = new security();
$token_handler->check_token();
// receives data from input form:
/*
* <form action="upload.php" method="post" enctype="multipart/form-data">
Select image to upload:
<input type="file" name="fileToUpload" id="fileToUpload">
<input type="submit" value="Upload Image" name="submit">
</form>
*/
$target_dir = PHOTO_DIR;
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file, PATHINFO_EXTENSION);
// actual photo/image ?
$msg = '';
if (isset($_POST["submit"])) {
$check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
if ($check !== false) {
$msg .= "File is an image - " . $check["mime"] . ".";
$uploadOk = 1;
} else {
$msg .= "File is not an image.";
$uploadOk = 0;
}
}
// Check if file already exists
if (file_exists($target_file)) {
$msg .= "Sorry, file already exists.";
$uploadOk = 0;
}
// Check file size
if ($_FILES["fileToUpload"]["size"] > 500000) {
$msg .= "Sorry, your file is too large.";
$uploadOk = 0;
}
// Allow certain file formats
if ($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif") {
$msg .= "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
$uploadOk = 0;
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
$msg .= "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
$msg .= "The file " . basename($_FILES["fileToUpload"]["name"]) . " has been uploaded.";
} else {
$msg .= "Sorry, there was an error uploading your file.";
}
}
$result = array('message' => $msg, 'ok' => $uploadOk);
return $result;
}
/**
* @param FactoryInterface $factory
* @param EntityManager $entityManager
* @param TokenStorage $security
*/
public function __construct(FactoryInterface $factory, EntityManager $entityManager, TokenStorage $security)
{
$this->factory = $factory;
$this->entityManager = $entityManager;
$this->security = $security;
$this->repository = $this->entityManager->getRepository('BigfootUserBundle:RoleMenu');
$this->menu = null;
$this->children = array();
$this->user = $this->security->getToken()->getUser();
}
/**
* 初始化函数,获取加密与解密的Key
*/
public static function init()
{
if (empty(self::$key)) {
$global_conf = Registry::get('global_conf');
self::$key = $global_conf['key'];
}
}
public static function edit()
{
if (!security::isLogged() || !USER_IS_ADMIN) {
return;
}
$name = f::getParam("name");
$availableFrom = f::date2sql(f::getParam("available_from"));
$availableTo = f::date2sql(f::getParam("available_to"));
$status = f::getParam("status");
if ($status != 1 && $status != 0 && $status != 2) {
f::setError(400, "Wrong Status");
}
if (!$name) {
f::setError(400, "Invalid form name");
}
$clientExists = f::dbRes("select 1 from fm_clients where id = {p:client_id}");
if (!$clientExists) {
f::setError(400, "Client does not Exist");
}
if (!f::hasErrors()) {
if (f::getParam("form_id")) {
f::dbQuery("insert into fm_forms_log (created_date, form_id, client_id, name, enabled_domains, detail, available_from, available_to, status, description)\n\t\t\t\t\tselect now(), id, client_id, name, enabled_domains, detail, available_from, available_to, status, description from fm_forms where id = {p:form_id}");
f::dbQuery("update fm_forms set name = {p:name}, detail = {p:detail}, available_from = {availableFrom}, available_to = {availableTo}, status = {p:status} where id = {p:form_id}", array("availableFrom" => $availableFrom, "availableTo" => $availableTo));
} else {
f::dbQuery("insert into fm_forms set client_id = {p:client_id}, name = {p:name}, detail = {p:detail}, available_from = {availableFrom}, available_to = {availableTo}, status = {p:status} ", array("availableFrom" => $availableFrom, "availableTo" => $availableTo));
}
f::setResponseJson(array("ok" => 1));
}
}
public function update($id)
{
if (request::is_ajax() and request::method() == 'post') {
$this->auto_render = FALSE;
$post = security::xss_clean($this->input->post());
$item = $this->item_model->find($id)->as_array();
if (!empty($_FILES['item-image']['name'])) {
$targetPath = 'assets/uploads/items/';
$filename = $_FILES['item-image']['name'];
$tempname = $_FILES['item-image']['tmp_name'];
$temp = explode(".", $filename);
$extension = end($temp);
if (!is_dir($targetPath)) {
mkdir($targetPath, 0700);
$salt = 'items-' . uniqid() . '-';
$targetFile = $targetPath . $salt . $filename;
$this->start_upload($targetFile, $tempname);
} else {
$salt = 'items-' . uniqid() . '-';
$targetFile = $targetPath . $salt . $filename;
$this->start_upload($targetFile, $tempname);
}
} else {
$targetFile = $item['image_file_name'];
}
$post = array("category_id" => $post['item-category'], "code" => $post['item-code'], "name" => $post['item-name'], "quantity" => $item['quantity'], "unit" => $post['item-unit'], "cost" => $post['item-cost'], "price" => $post['item-price'], "description" => $post['item-description'], "image_file_name" => $targetFile);
$this->item_model->update($post, $id);
log_helper::add("1", $this->user_log, $this->user_id, "Updated Item named " . $post['name']);
}
}
public static function save()
{
if (!security::isLogged() || !USER_IS_ADMIN) {
return;
}
$status = f::getParam("status");
$clientId = f::getParam("client_id");
$name = f::getParam("name");
if ($status != 1 && $status != 0) {
f::setError(400, "Invalid Client Status");
}
if (!$clientId && !$name) {
f::setError(400, "Invalid Client Name");
}
$clientExists = f::dbRes("select 1 from fm_clients where id = {p:client_id}") == 1;
if ($clientId && !$clientExists) {
f::setError(400, "Invalid Client Id");
}
if (!f::hasErrors()) {
if ($clientId) {
f::dbQuery("update fm_clients set status = {p:status} where id = {p:client_id}");
} else {
f::dbQuery("insert into fm_clients set name = {p:name}, status = {p:status}");
}
f::setResponseJson(array("ok" => 1));
}
}
public function __construct()
{
parent::__construct();
$this->spam = antispam::getInstance();
$this->security = security::getInstance();
$this->filter = array('content' => array('filters' => array()), 'suscribe' => array('filters' => array(array('trueOrFalse'))));
$this->validate = array('author' => array('required' => true, 'rules' => array(array('rule' => VALID_NOT_EMPTY, 'message' => 'Por favor introduce tu Nombre.'))), 'url' => array('rules' => array(array('rule' => VALID_URL, 'message' => 'No es una URL valida.'))), 'email' => array('required' => true, 'rules' => array(array('rule' => VALID_EMAIL, 'message' => 'El e-mail no es valido.'))), 'content' => array('required' => true, 'rules' => array(array('rule' => VALID_NOT_EMPTY, 'message' => 'Debes introducir un comentario.'), array('rule' => array('isSpam'), 'message' => 'No se aceptan comentarios en blanco o con spam.'))));
}
public function reset()
{
$token_handler = new security();
$token_handler->check_token();
$content = '';
// resets users password
// sends an email containing a link + token with 6h validity
// from this link, access this same method, but with confirm=yes in url
if (isset($_GET['confirm'])) {
if ($_GET['confirm'] == 'yes') {
// check token with database
// will arrive here from user's mail - show form to enter new password and UPDATE it in the database
}
} else {
// send email to user with link to reset, redirecting here
// ?controller=users&action=reset&confirm=yes&token=ETC
// 1st, check if user + email exist in database
$connection = new database();
$sql = "SELECT username, email FROM users WHERE username=?";
$data[] = $_POST['username'];
$user_results = $connection->fetchAll($sql, $data);
if ($connection->row_count = 1) {
// ok, found one user with this username
// but, does he/she has an email?
if ($_POST['email'] != '') {
if ($user_results[0]['email'] == $_POST['email']) {
// send email with proper link to reset password
$content .= "<p>Dear {$_POST['username']}, an email was sent to {$_POST['email']} with instructions on how to reset your password.";
$content .= "<p>It should arrive momentarily; if not, check your spam box or contact the administrator.";
// TODO: send email to reset password.
// Contains a link with a token that redirects to a special page - this only confirms that user has acces to the concerned email
} else {
$content .= "<p>Email not found or invalid. Please, try again.";
$content .= "<p>Contact the administrator if you think you do not have a registered email.";
}
} else {
$content .= "<p>Email is obligatory. Please, try again.";
}
} else {
$content .= "User not found. Please, try again!";
}
}
$output['page'] = 'views/forgot.php';
$output['content'] = $content;
return $output;
}
public function save()
{
if (request::is_ajax() && request::method() === 'post') {
$this->auto_render = FALSE;
$post = security::xss_clean($this->input->post());
log_helper::add("1", $this->user_log, $this->user_id, "Added New Purchase");
$this->purchase_model->insert($post);
}
}
function delete($colum = '')
{
if ($colum == '') {
$colum = $this->key;
}
$this->db->delete_record($this->table, $colum, $_POST['cid'], $this->pathadm);
$this->db->delete_record($this->table_image, $colum, $_POST['cid'], $this->path_otheradm);
security::redirect($this->module, 'list_reports');
}
public function save()
{
if (request::is_ajax() && request::method() === 'post') {
$this->auto_render = FALSE;
$post = security::xss_clean($this->input->post());
$latest = json_helper::convert($this->district_model->insert($post));
echo json_encode($latest);
}
}
public function __construct()
{
parent::__construct();
security::logged_in();
$this->id = null;
$arr = array(0 => '') + acc_ctrl::_load_account();
$this->acc_id = new sel($arr);
$this->name = new text();
$this->total = 0;
}
private function checkSessionVariables()
{
if (count($_SESSION) > 0) {
foreach ($_SESSION as $nElement => $nValue) {
if (is_array($nValue)) {
die("SESSION variable nElement can't be array");
}
$nValue = security::toHTML($nValue);
}
}
}
function delete()
{
$cat = new category_news();
$news = new news();
if ($this->db->check_delete($news->table, $this->key, $_POST['cid']) > 0) {
$this->db->alert('You must delete news first.');
security::redirect($news->module, 'list');
return false;
}
$this->db->delete_record($this->table, $this->key, $_POST['cid']);
$cat->delete($this->key);
}
function delete()
{
$cat = new category_pro();
$pro = new product();
if ($this->db->check_delete($pro->table, $this->key, $_POST['cid']) > 0) {
$this->db->alert('Bạn phải xóa sản phẩm thuộc nhóm chủng loại cần xóa trước');
security::redirect($pro->module, 'list');
return false;
}
$this->db->delete_record($this->table, $this->key, $_POST['cid']);
$cat->delete($this->key);
}
public static function get()
{
if (!security::isLogged()) {
return;
}
$clients = f::dbFullRes("select distinct c.id, c.name \n\t\t\t\t\t\t\t\t from fm_clients c\n\t\t\t\t\t\t\t\t join fm_users_clients uc on (uc.client_id = c.id)\n\t\t\t\t\t\t\t\t where c.status = 1\n\t\t\t\t\t\t\t\t and uc.user_id = {userId}\n\t\t\t\t\t\t\t\t order by c.name ", array("userId" => USER_ID));
$forms = f::dbFullRes("select c.id client_id, f.id, f.name, f.status\n\t\t\t\t\t\t\t\t from fm_forms f\n\t\t\t\t\t\t\t\t join fm_clients c on (c.id = f.client_id)\n\t\t\t\t\t\t\t\t join fm_users_clients uc on (uc.client_id = c.id)\n\t\t\t\t\t\t\t\t where c.status = 1\n\t\t\t\t\t\t\t\t and uc.user_id = {userId}\n\t\t\t\t\t\t\t\t order by c.id, f.status desc, f.id desc ", array("userId" => USER_ID));
foreach ($forms as $k => $v) {
$siteTableId = "fm_userdata_" . substr("00" . $forms[$k]["client_id"], -3);
$forms[$k]["data_7_days"] = f::dbRes("select count(*) from {d:siteTableId} ud where ud.form_id = {formId} and date(created_date) >= (CURDATE() - INTERVAL 7 DAY)", array("siteTableId" => $siteTableId, "formId" => $forms[$k]["id"]));
$forms[$k]["data_total"] = f::dbRes("select count(*) from {d:siteTableId} ud where ud.form_id = {formId}", array("siteTableId" => $siteTableId, "formId" => $forms[$k]["id"]));
}
f::setResponseJson(array("clients" => $clients, "forms" => $forms));
}
public function __construct()
{
parent::__construct();
security::logged_in();
$this->db = my_db::open();
$this->message = '';
$this->id = null;
$this->name = new text();
$this->date = new text();
$this->entry = array();
$this->total = 0;
$this->account = array();
$this->account = acc_ctrl::_load_account();
}
/**
* 验证是否登录,如果已经登录,返回登录的uid 和 phone 否则返回false
* @param [type] $token [description]
* @return [type] [description]
*/
public static function checkLogin($token)
{
$uid = security::decode(base64_decode($token));
if (empty($uid)) {
return false;
}
$db = DB::getInstance();
$sql = "select a.uid, b.enable from t_login a , t_user b where a.uid={$uid} and a.token = '{$token}' and a.uid = b.uid limit 1";
$rst = $db->get_one($sql);
if (empty($rst)) {
return false;
}
return $rst;
}
protected function renderAdminMenu(array $prm = null)
{
$links = array();
if (security::getInstance()->isLogged()) {
$db = db::getInstance();
$tables = $db->getTables();
foreach ($tables as $t) {
if (!strpos($t, '_') && !strpos($t, db::getCfg('i18n'))) {
$links[$t] = request::uriDef(array('module' => $t, 'action' => '', 'param' => ''));
}
}
}
$this->setViewVar('linksTable', $links);
}
public function contact_info()
{
if (request::is_ajax() && request::method() == 'post') {
$this->auto_render = FALSE;
//$settings = json_decode($this->setting_model->find(1)->configs);
//$this->template->settings = $settings;
$post = security::xss_clean($this->input->post());
$data = array("mobile" => $post["mobile"], "email" => $post["email"], "twitter" => $post["twitter"], "skype" => $post["skype"]);
$json = json_encode($data, TRUE);
$data_contact_info = array("contact_information" => $json);
log_helper::add("2", $this->user_log, $this->user_id, "Profile Contact Information was Successfully Updated");
$this->setting_model->update_user($this->auth->get_user()->id, $data_contact_info);
}
}
public function save()
{
if (request::is_ajax() && request::method() === 'post') {
$this->auto_render = FALSE;
$post = security::xss_clean($this->input->post());
$officeBudget = arr::remove('currentBudget', $post);
if ($post['status'] == 'Approved') {
$this->budget_model->updateBudget($post['office_id'], $officeBudget);
echo $this->request_model->insert($post);
}
$this->request_model->insert($post);
log_helper::add("1", $this->user_log, $this->user_id, "Added New Request");
}
}
public static function sub_cat($sub)
{
global $db;
MCached::connect();
$key = 'sub::categories::' . $sub;
$name = MCached::get($key);
if ($name === MCached::NO_RESULT) {
$c_q = @$db->query("SELECT name FROM categories WHERE id = '" . $sub . "'");
$c_q = @$c_q->fetch_array(MYSQLI_BOTH);
$name = security::html_safe(unesc($c_q["name"]));
MCached::add($key, $name, self::ONE_DAY);
}
return $name;
}
public function login()
{
// 1st time (&submit is not set) or error=true - just show form and/or error message
// 2nd time (&submit==yes) - check
// if ok, redirect to home
// if not, set $content to error message and just show form again
if (!isset($_SESSION['log'])) {
$_SESSION['log'] = new timestamp("login");
}
$content = "";
$output['page'] = 'views/login/index.php';
//$header = 'CSS AEC-Foyer Lataste ADTJK System V2.0';
$token_handler = new security();
$token_handler->set_token();
$token = $token_handler->get_token();
$login_form = "\n <form action='?controller=login&action=submit' method='post'>\n Username: <input type='text' name='username' placeholder='ex: john' autofocus>\n <br>\n Password: <input type='password' name='password'>\n <br><br>\n <input type='submit' value='login'>\n <input type='hidden' value='{$token}' name='token'>\n </form>\n\n ";
$current_year = date("Y");
$footer = "CSS AEC-Foyer Lataste ADTJK Copyright {$current_year} All Rights Reserved - Webmaster: ivan.bragatto@gmail.com";
// $output ['header'] = $header;
$output['login_form'] = $login_form;
$output['content'] = $content;
$output['footer'] = $footer;
return $output;
}
public function save_email()
{
if (request::is_ajax() && request::method() === 'post') {
$this->auto_render = FALSE;
$post = security::xss_clean($this->input->post());
$senderId = $this->auth->get_user()->id;
$receiver = $this->category_model->getOneUser($post['receiverId']);
$decodeUserInfo = json_decode($receiver[0]->user_information, TRUE);
$dataSent = array("email_data" => $post['content'], "subject" => $post['subject'], "receiver_id" => $post['receiverId'], "sender_id" => $senderId, "notif_viewed" => 0, "email_viewed" => 0, "email_deleted" => 0);
//print_r($post);exit;
//$this->auth->get_user()->id
$latest = $this->email_model->insert($dataSent);
log_helper::add("1", $this->user_log, $this->user_id, "Email Sent to " . $decodeUserInfo['fullname'] . ".");
// echo json_encode($latest);
}
}
public function update($id)
{
if (request::is_ajax() && request::method() === 'post') {
$this->auto_render = FALSE;
$changes = "";
$post = security::xss_clean($this->input->post('name'));
$district = $this->district_model->find($id);
$changes .= custom_helper::compare_variable("District Name", $district->name, $post);
if ($changes != "") {
$changes = substr($changes, 0, -2) . '.';
}
$district->name = $post;
log_helper::add("1", $this->user_log, $this->user_id, "Updated a District. " . $changes);
echo json_encode($this->district_model->getOne($district->save($id)));
}
}
function delete($colum = '')
{
$cha = new channel_pro();
$pro = new product();
$module = $cha->module;
if ($colum == '') {
$colum = $this->key;
if ($this->db->check_delete($pro->table, $colum, $_POST['cid']) > 0) {
$this->db->alert('Bạn phải xóa sản phẩm thuộc nhóm chủng loại cần xóa trước');
security::redirect($pro->module, 'list');
return false;
}
$module = $this->module;
}
$this->db->delete_record($this->table, $colum, $_POST['cid']);
security::redirect($module, 'list');
}
public static function serializer($get = array(), $security = false)
{
if (is_array($get)) {
$d = "";
foreach ($get as $key => $value) {
if ($security) {
$key = security::render($key);
$value = security::render($value);
}
$d .= "{$key}={$value}&";
}
$d = rtrim($d, "&");
return $d;
} else {
return false;
}
}
function delete($colum = '')
{
$cha = new channel_news();
$news = new news();
$module = $cha->module;
if ($colum == '') {
$colum = $this->key;
if ($this->db->check_delete($news->table, $colum, $_POST['cid']) > 0) {
$this->db->alert('Bạn phải xóa tin tức thuộc chủ đề cần xóa trước');
security::redirect($news->module, 'list');
return false;
}
$module = $this->module;
}
$this->db->delete_record($this->table, $colum, $_POST['cid']);
security::redirect($module, 'list');
}
function format_shout($text)
{
global $Smileys, $BASEURL;
$s = $text;
$s = strip_tags($s);
$s = security::html_safe(unesc($s));
$f = @fopen("badwords.txt", "r");
if ($f && filesize("badwords.txt") != 0) {
$bw = fread($f, filesize("badwords.txt"));
$badwords = explode("\n", $bw);
for ($i = 0; $i < count($badwords); ++$i) {
$badwords[$i] = trim($badwords[$i]);
}
$s = str_replace($badwords, "*censored*", $s);
}
@fclose($f);
// [b]Bold[/b]
$s = preg_replace("/\\[b\\]((\\s|.)+?)\\[\\/b\\]/", "<b>\\1</b>", $s);
// [i]Italic[/i]
$s = preg_replace("/\\[i\\]((\\s|.)+?)\\[\\/i\\]/", "<i>\\1</i>", $s);
// [u]Underline[/u]
$s = preg_replace("/\\[u\\]((\\s|.)+?)\\[\\/u\\]/", "<u>\\1</u>", $s);
// [u]Underline[/u]
$s = preg_replace("/\\[u\\]((\\s|.)+?)\\[\\/u\\]/i", "<u>\\1</u>", $s);
// [color=blue]Text[/color]
$s = preg_replace("/\\[color=([a-zA-Z]+)\\]((\\s|.)+?)\\[\\/color\\]/i", "<font color=\\1>\\2</font>", $s);
// [color=#ffcc99]Text[/color]
$s = preg_replace("/\\[color=(#[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9])\\]((\\s|.)+?)\\[\\/color\\]/i", "<font color=\\1>\\2</font>", $s);
// [url=http://www.example.com]Text[/url]
$s = preg_replace("/\\[url=((http|ftp|https|ftps|irc):\\/\\/[^<>\\s]+?)\\]((\\s|.)+?)\\[\\/url\\]/i", "<a href=\\1 target=_blank>\\3</a>", $s);
// [url]http://www.example.com[/url]
$s = preg_replace("/\\[url\\]((http|ftp|https|ftps|irc):\\/\\/[^<>\\s]+?)\\[\\/url\\]/i", "<a href=\\1 target=_blank>\\1</a>", $s);
// [size=4]Text[/size]
$s = preg_replace("/\\[size=([1-7])\\]((\\s|.)+?)\\[\\/size\\]/i", "<font size=\\1>\\2</font>", $s);
// [font=Arial]Text[/font]
$s = preg_replace("/\\[font=([a-zA-Z ,]+)\\]((\\s|.)+?)\\[\\/font\\]/i", "<font face=\"\\1\">\\2</font>", $s);
// Linebreaks
$s = nl2br($s);
// Maintain spacing
$s = str_replace(" ", " ", $s);
reset($Smileys);
while (list($code, $url) = each($Smileys)) {
$s = str_replace($code, "<img border='0' src='" . $BASEURL . "/images/smilies/" . $url . "'>", $s);
}
return $s;
}
public function save()
{
if (request::is_ajax() and request::method() === 'post') {
$this->auto_render = FALSE;
$office_id = Auth::instance()->get_user()->office_id;
$post = security::xss_clean($this->input->post());
$post['office_id'] = $office_id;
$post['status'] = 'Received';
$officeBudget = arr::remove('currentBudget', $post);
if ($post['status'] == 'Approved') {
$this->budget_model->updateBudget($post['office_id'], $officeBudget);
echo $this->request_model->insert($post);
}
log_helper::add("1", $this->user_log, $this->user_id, "Requested a Budget");
$this->request_model->insert($post);
}
}
