function __construct($ser = NULL, $user = NULL)
{
parent::__construct();
//echo ( "<br>function LoadPrefs ( $ser=NULL, $user=NULL ) {" );
$this->prefs = new Preferences();
// Make sure that we have the correct server
$server = $ser == NULL ? Cfg::get("server") : $ser;
// Load up thi s domain information from
// the user information If there is no information
// in the user, check the alternate domain
$sql = "SELECT * FROM tblUser WHERE ";
if ($user != NULL) {
$sql .= "fldUser='******'";
} else {
if ($server != NULL) {
$sql .= "'{$server}' LIKE fldDomain";
}
}
$sql .= " LIMIT 1";
if ($this->_loadUserTable($sql)) {
$this->_loadGroupTable();
} else {
$sql = "SELECT * FROM tblUser WHERE '{$server}' LIKE fldAltDomain LIMIT 1";
if ($this->_loadUserTable($sql)) {
// If it is in the alternate domain the
// use these preferences
$server = $this->prefs->userPrefs["fldDomain"];
Cfg::set('server', $server);
$this->_loadGroupTable();
}
}
}
public function getRaw($key)
{
$oldValues = Cfg::turnOffErrorHandling();
eval('$value = $this->formVars' . $key . ';');
if (!isset($value)) {
$value = '';
}
Cfg::turnOnErrorHandling($oldValues);
return $value;
}
/**
* Generates the html for cron iframe
*/
public static function iFrame()
{
$cronUrl = Cfg::get('site_url') . '/cron.php';
$cronHtml = <<<HTML
<iframe src="{$cronUrl}" frameboarder="1" scrolling="yes" width="620" height="100">
<p>Your browser does not support iframes.</p>
</iframe><br/>
HTML;
return $cronHtml;
}
public static function check()
{
// If we do not have jackbooted database then have no CSRFGuard
if (!Cfg::get('jb_db', false)) {
return true;
}
// If the variable is not there then assume all good
if (($csrfKey = Request::get(CSRFGuard::KEY)) == '') {
return true;
}
return self::valid($csrfKey);
}
public static function slugRedirect($slug, $menuClasses = null)
{
foreach (self::getMenuItems($menuClasses) as $menuList) {
foreach ($menuList as $row) {
if (isset($row['slug']) && $row['slug'] == $slug) {
header('Location: ' . Cfg::siteUrl() . '/' . $row['url']);
exit;
}
}
}
// Default
header('Location: ' . Cfg::siteUrl());
exit;
}
public static function migrate()
{
$maxRun = 0;
$runItems = [];
foreach (DBTable::factory(DB::DEF, 'SELECT * FROM tblMigration') as $row) {
if ((int) $row['fldRun'] > $maxRun) {
$maxRun = (int) $row['fldRun'];
}
if (!isset($runItems[$row['fldClass']])) {
$runItems[$row['fldClass']] = [];
}
$runItems[$row['fldClass']][] = $row['fldMethod'];
}
$maxRun += 1;
$html = '';
// Go through all the migration classes
foreach (Cfg::get('migration', []) as $migrationClass) {
$clazz = new \ReflectionClass($migrationClass);
// If new class then just add empty list
if (!isset($runItems[$migrationClass])) {
$runItems[$migrationClass] = [];
}
// get a list of methods to run
$methodList = [];
foreach ($clazz->getMethods() as $method) {
if (in_array($method->name, $runItems[$migrationClass])) {
continue;
}
if (strpos($method->name, 'migrate') !== 0) {
continue;
}
// Add the name to the list
$methodList[] = $method->name;
}
// Sort so that it will be date ordered
sort($methodList);
foreach ($methodList as $method) {
if (($result = call_user_func([$migrationClass, $method])) === false) {
$html .= "There is a problem running {$migrationClass}::{$method}<br/>\n";
} else {
$html .= $result;
DB::exec(DB::DEF, 'INSERT INTO tblMigration (fldMigrationID,fldRun,fldClass,fldMethod) VALUES (?,?,?,?)', [DBMaintenance::dbNextNumber(DB::DEF, 'tblMigration'), $maxRun, $migrationClass, $method]);
}
}
}
return $html;
}
public static function initialize()
{
$dbType = Cfg::get('local-driver');
switch ($dbType) {
case DB::SQLITE:
$dbFileName = Cfg::get('local-host');
echo "Checking that the file {$dbFileName} exists\n";
if (file_exists($dbFileName)) {
echo "Database exists ({$dbFileName})\n";
} else {
echo "Creating empty database\n";
touch($dbFileName);
}
break;
case DB::MYSQL:
$fldHostName = Cfg::get('local-host');
$fldDBName = Cfg::get('local-db');
$fldUsername = Cfg::get('local-user');
$fldPassword = Cfg::get('local-pass');
try {
$dbh = new \PDO("mysql:host={$fldHostName}", $fldUsername, $fldPassword);
$dbh->exec("CREATE DATABASE IF NOT EXISTS {$fldDBName}") or die(print_r($dbh->errorInfo(), true));
} catch (PDOException $e) {
die("DB ERROR: " . $e->getMessage());
}
break;
default:
die("Unsupported DB Type: {$dbType}");
}
if (count(\Jackbooted\DB\DBMaintenance::getTableList()) == 0) {
// Put in the base data
$sqlFileName = Cfg::get('tmp_path') . '/base_database.sql';
if (file_exists($sqlFileName)) {
echo "Running the commands in {$sqlFileName} against the database\n";
foreach (explode(';', file_get_contents($sqlFileName)) as $statement) {
DB::exec(DB::DEF, $statement);
}
} else {
die("Base Database file does not exists ({$sqlFileName}) aborting\n");
}
} else {
die("Database already seems to be set up.");
}
echo "audititing Table - AlertsDAO\n";
(new \App\Models\AlertsDAO())->auditTable();
return '';
}
public static function icon($email, $size = 24, $rating = 'PG', $type = null)
{
if ($type == null) {
$type = self::$gravType;
}
$gHash = md5(strtolower(trim($email)));
$tPath = Cfg::get('tmp_path');
$fName = 'GRAV' . $size . $type . $gHash . '.png';
$fPath = $tPath . '/' . $fName;
// Locally Caches the gavatar image
if (!file_exists($fPath)) {
copy(sprintf(self::ICO, self::$URL, $gHash, $size, $rating, $type), $fPath);
if (!file_exists($fPath)) {
return Tag::img(sprintf(self::ICO, self::$URL, $gHash, $size, $rating, $type));
}
}
return Tag::img(Cfg::get('site_url') . '/' . basename($tPath) . '/' . $fName);
}
public static function init()
{
self::$log = Log4PHP::logFactory(__CLASS__);
self::$encryptionOff = Cfg::get('encrypt_override');
if (!function_exists('mcrypt_get_key_size')) {
self::$encryptionOff = true;
}
// The IV is session specific. See if the key has been set in the session
if (isset($_SESSION[G::SESS][G::CRYPTO])) {
self::$randKey = md5($_SESSION[G::SESS][G::CRYPTO]);
} else {
self::$randKey = md5(self::RAND_KEY);
self::$log->warn('Using the default key for crypto');
}
if (!self::$encryptionOff) {
self::$algortithm = Cfg::get('quercus', false) ? MCRYPT_TRIPLEDES : MCRYPT_RIJNDAEL_256;
}
self::$instance = new Cryptography(self::$randKey);
}
static function library($lib, $force = false)
{
if (!$force && isset(self::$displayedLibraries[$lib])) {
return '';
}
self::$displayedLibraries[$lib] = true;
if (!preg_match('/^http(s)?:\\/\\/.*$/i', $lib)) {
$lib = Cfg::get('js_url') . '/' . $lib;
}
if (preg_match('/^.*\\.js$/i', $lib) || preg_match('/^.*\\jsapi$/i', $lib)) {
return Tag::hTag('script', ['type' => 'text/javascript', 'src' => $lib]) . Tag::_hTag('script') . self::$LF;
} else {
if (preg_match('/^.*\\.css$/i', $lib)) {
$attribs = ['type' => 'text/css', 'href' => $lib, 'rel' => 'stylesheet'];
if (preg_match('/^.*\\.print\\.css$/i', $lib)) {
$attribs['media'] = 'print';
}
return Tag::hTag('link', $attribs) . Tag::_hTag('link') . self::$LF;
} else {
return '';
}
}
}
public static function access($action = null)
{
if (!Cfg::get('check_priviliages')) {
return true;
}
if ($action == null) {
$action = Request::get(WebPage::ACTION);
}
if (isset(self::$cache[$action])) {
return self::$cache[$action];
}
if (($priviliagesIDs = self::getPriviliageIDs($action)) === false) {
self::$log->warn('No priviliages found for action: ' . $action);
return self::$cache[$action] = true;
}
$uid = G::get('fldUserID', '0');
$groupIDs = self::getGroupIDs($uid);
$params = [];
$privIdIn = DB::in($priviliagesIDs, $params);
$params[] = $uid;
$params[] = (int) G::get('fldLevel', 7);
$groupIn = DB::in($groupIDs, $params);
$now = time();
$sql = <<<SQL
SELECT count(*) FROM tblSecPrivUserMap
WHERE fldPrivilegeID IN ( {$privIdIn} )
AND ( fldStartDate=0 OR fldStartDate < {$now} )
AND ( fldEndDate=0 OR fldEndDate > {$now} )
AND ( ( fldUserID IS NOT NULL AND fldUserID<>'' AND fldUserID=? ) OR
( fldLevelID IS NOT NULL AND fldLevelID<>'' AND fldLevelID>=? ) OR
fldGroupID IN ( {$groupIn} ) )
SQL;
if (DB::oneValue(DB::DEF, $sql, $params) > 0) {
return self::$cache[$action] = true;
}
return self::canLogin($priviliagesIDs);
}
public function index($tName = '')
{
if (($tableName = Request::get('tblName', $tName)) == '') {
return '';
}
$crud = CRUD::factory($tableName, ['topPager' => false])->copyVarsFromRequest('tblName');
if (preg_match('/^tblMod([A-Z]+[a-z]+)/', $tableName, $matches)) {
foreach (Cfg::get('modules', []) as $moduleClass) {
eval($moduleClass . '::' . Module::CRUD_MOD . '($crud);');
}
} else {
switch ($tableName) {
case 'tblNextNumber':
$crud->setColDisplay('fldTable', [CRUD::SELECT, DBMaintenance::getTableList(), true]);
break;
case 'tblSecPrivUserMap':
$userSql = DB::driver() == DB::MYSQL ? Admin::USER_SQL_MYSQL : Admin::USER_SQL_MYSQL;
$crud->setColDisplay('fldUserID', [CRUD::SELECT, $userSql, true]);
$crud->setColDisplay('fldGroupID', [CRUD::SELECT, Admin::GROUP_SQL, true]);
$crud->setColDisplay('fldPrivilegeID', [CRUD::SELECT, Admin::PRIV_SQL, true]);
$crud->setColDisplay('fldLevelID', [CRUD::SELECT, Admin::LEVEL_SQL]);
break;
case 'tblUserGroupMap':
$userSql = DB::driver() == DB::MYSQL ? Admin::USER_SQL_MYSQL : Admin::USER_SQL_SQLITE;
$crud->setColDisplay('fldUserID', [CRUD::SELECT, $userSql, true]);
$crud->setColDisplay('fldGroupID', [CRUD::SELECT, Admin::GROUP_SQL, true]);
break;
case 'tblUser':
$crud->setColDisplay('fldLevel', [CRUD::SELECT, Admin::LEVEL_SQL]);
$crud->setColDisplay('fldTimeZone', [CRUD::SELECT, Admin::TZ_SQL]);
break;
}
}
$resp = Response::factory()->set('tblName', $tableName);
return Tag::hTag('b') . 'Editing Table: ' . $tableName . Tag::_hTag('b') . ' ' . Tag::hRef('ajax.php?' . $resp->action(__CLASS__ . '->csv()'), 'CSV') . ' ' . Tag::hRef('ajax.php?' . $resp->action(__CLASS__ . '->xls()'), 'XLS') . $crud->index();
}
public static function getTempDir()
{
if (preg_match('/^(RADWEB|JACKBOOTWEB).*$/', Cfg::get('version'))) {
$tmpDir = Cfg::get('tmp_path');
} else {
$tmpDir = '/tmp';
if (function_exists('sys_get_temp_dir')) {
$tmpDir = sys_get_temp_dir();
} else {
foreach (['TMP', 'TEMP', 'TMPDIR'] as $envVar) {
if (($temp = getenv($envVar)) !== false) {
$tmpDir = $temp;
break;
}
}
}
}
// ensure that there is no trailing slash (Standard)
$lastChar = substr($tmpDir, -1);
if ($lastChar == '/' || $lastChar == '\\') {
$tmpDir = substr($tmpDir, 0, -1);
}
return $tmpDir;
}
<?php
/** config.php - This file loads the various configuration options
**
** Written by Brett Dutton of Jackbooted Software
** brett@brettdutton.com
**
** This software is written and distributed under the GNU General Public
** License which means that its source code is freely-distributed and
** available to the general public.
**
**/
// Create the $config array
$config = [];
require_once dirname(__FILE__) . '/config.default.php';
require_once dirname(__FILE__) . '/config.local.php';
// Environment overrides not in version control
if (file_exists(dirname(__FILE__) . '/config.env.php')) {
require_once dirname(__FILE__) . '/config.env.php';
}
require_once $config['site_path'] . '/vendor/jackbooted/config/Cfg.php';
\Jackbooted\Config\Cfg::init($config);
// If you want to set everything as global scope then uncheck this
// \Jackbooted\Config\Config::setOverrideScope( \Jackbooted\Config\Config::GLOBAL_SCOPE );
public function sendPW()
{
$sql = 'SELECT fldUserID FROM tblUser WHERE fldUser=?';
if (($id = DB::oneValue(DB::DEF, $sql, Request::get('fldEmail'))) === false) {
$msg = 'This email does not exist on this system.<br>' . 'Either choose a new email address or register as new customer.' . $this->forgotPassword();
} else {
$pw = Password::passGen(10, Password::MEDIUM);
if (DB::driver() == DB::MYSQL) {
$sql = 'UPDATE tblUser SET fldPassword=PASSWORD(?) WHERE fldUserID=?';
DB::exec(DB::DEF, $sql, [$pw, $id]);
} else {
$sql = 'UPDATE tblUser SET fldPassword=? WHERE fldUserID=?';
DB::exec(DB::DEF, $sql, [hash('md5', $pw), $id]);
}
// Update the Database with the new Password combo
$boss = Cfg::get('boss');
$desc = Cfg::get('desc');
// create the email message to notify about a password request
$body = '<h3>User requested password<br>Email: <b>%s</b></h3><br>From %s';
Mailer::envelope()->format(Mailer::HTML_TEXT)->from(Request::get('fldEmail'))->to($boss)->subject('User requested password')->body(sprintf($body, Request::get('fldEmail'), $desc))->send();
$body = <<<TXT
Message from %s
Here are your login details
Password: %s
Regards
%s
TXT;
// create the email message to notify the user of his/her login details
Mailer::envelope()->from($boss)->to(Request::get('fldEmail'))->subject('Login Request ' . $desc)->body(sprintf($body, $desc, $pw, $desc))->send();
$msg = 'Soon you will receive an email that will contain your login details.';
}
return Widget::popupWrapper($msg, -1);
}
public static function setErrorLevel()
{
$errMode = self::get('jb_error_mode');
$level = $errMode ? E_ALL | E_STRICT : 0;
error_reporting($level);
ini_set('display_errors', $errMode ? '1' : '0');
if (Cfg::get('quercus', false)) {
set_error_handler([__CLASS__, 'errorHandler'], $level);
}
self::$errorLevel = $level;
}
public function version()
{
return Cfg::get('build_version', 'No Version info');
}
private static function connectionFactoryFromString($db)
{
if (isset(self::$connections[$db])) {
self::$lastDB = self::$connections[$db];
return self::$lastDB;
} else {
$dbConnection = ['hostname' => Cfg::get($db . '-host'), 'dbname' => Cfg::get($db . '-db'), 'username' => Cfg::get($db . '-user'), 'password' => Cfg::get($db . '-pass'), 'options' => Cfg::get($db . '-options', ''), 'driver' => Cfg::get($db . '-driver', 'mongodb')];
if ($dbConnection['hostname'] != '') {
return self::connectionFactoryFromArray($dbConnection);
} else {
self::logErrorMessage('Unknown DB: ' . $db);
return false;
}
}
}
public function index()
{
$sitePath = Cfg::get('site_path');
$sitePathLen = strlen($sitePath);
$resp = Response::factory()->action(__CLASS__ . '->zoom()');
$html = Tag::ul();
foreach ($this->findImages($sitePath) as $item) {
$relItemName = substr($item, $sitePathLen);
$html .= Tag::li() . Tag::hRef('?' . $resp->set('url', $relItemName)->toUrl(), $relItemName) . Tag::_li();
}
$html .= Tag::_ul();
return $html;
}
public function fileChecksumRebase()
{
DB::exec(DB::DEF, 'TRUNCATE tblFileCheck');
$dirList = PHPExt::dirSearch(Cfg::get('site_path'), '/^[^_].*$/');
$len = strlen(Cfg::get('site_path')) + 1;
$fileCount = 0;
foreach ($dirList as $fullPath) {
$fileCount++;
DB::exec(DB::DEF, 'INSERT INTO tblFileCheck VALUES(?,?,?,?)', [DBMaintenance::dbNextNumber(DB::DEF, 'tblFileCheck'), substr($fullPath, $len), filesize($fullPath), sha1_file($fullPath)]);
}
return "Updated {$fileCount} files<br/>" . $this->fileChecksum();
}
/**
* Check to see if there is class level initialisation and then runs it
* Need this because PHP does not have static initialisation yet
* @param string $className to initialise
*/
private static function runClassInitialization($className)
{
if (Cfg::get('quercus', false)) {
@eval($className . '::' . self::STATIC_INIT . '();');
} else {
if (method_exists($className, self::STATIC_INIT)) {
$classLevelInit = [$className, self::STATIC_INIT];
call_user_func($classLevelInit);
}
}
}
/**
* @param $row
* @return bool|mixed
*/
public function insert($row, $insertMethod = 'INSERT')
{
$row = $this->objToRel($row);
// This allows for dummy columns to be part of the object without the
// DAO automatically accessing them in the queries.
if ($this->ignoreCols != null) {
foreach ($this->ignoreCols as $ignoreCol) {
unset($row[$ignoreCol]);
}
}
if (Cfg::get('jb_db', false)) {
$pKey = DBMaintenance::dbNextNumber($this->db, $this->tableName);
$row[$this->primaryKey] = $pKey;
}
$keys = array_keys($row);
$values = array_values($row);
$sql = $insertMethod . ' INTO ' . $this->tableName . ' (' . join(',', $keys) . ') VALUES (' . DB::in($values) . ')';
if (DB::exec($this->db, $sql, $values) != 1) {
return false;
}
if (!Cfg::get('jb_db', false)) {
$pKey = DB::lastInsertId($this->db);
}
return $pKey;
}
public function imageUrl()
{
$resp = new Response();
$url = Cfg::siteUrl() . '/ajax.php?' . Response::factory()->action(__CLASS__ . '::img()')->set('_CP1', $this->value)->set('_CP4', $this->hatch)->toUrl(Response::UNIQUE_CSRF);
return $url;
}
protected function insertRows()
{
$rowsToInsert = (int) Request::get('rows');
$insertedCnt = 0;
for ($i = 0; $i < $rowsToInsert; $i++) {
$params = array_merge($this->insDefaults, $this->where);
$paramValues = null;
if (Cfg::get('jb_db', false)) {
$params[$this->primaryKey] = DBMaintenance::dbNextNumber($this->db, $this->tableName);
}
$sql = 'INSERT INTO ' . $this->tableName;
if (count($params) > 0) {
$sql .= ' (' . join(',', array_keys($params)) . ') ' . 'VALUES (' . DB::in(array_values($params), $paramValues) . ')';
}
$insertedCnt += $this->exec($sql, $paramValues);
}
if ($insertedCnt > 0) {
$this->paginator->setRows($this->getRowCount());
}
return 'Inserted ' . $insertedCnt . ' row' . StringUtil::plural($insertedCnt) . Tag::br();
}
public static function driver($dbh = self::DEF)
{
return Cfg::get($dbh . '-driver');
}
public function editAccount()
{
$resp = new Response();
$uid = G::get('fldUserID');
$html = '';
$props = [];
$jsUrl = Cfg::get('js_url');
$jQuery = <<<JS
\$().ready(function() {
\$('a.facebox').facebox({closeImage: '{$jsUrl}/images/closelabel.png',
loadingImage: '{$jsUrl}/images/loading.gif'
});
});
JS;
$userSql = DB::driver() == DB::MYSQL ? self::USER_SQL_MYSQL : self::USER_SQL_SQLITE;
if (G::accessLevel(Privileges::getSecurityLevel('SITE ADMIN'))) {
$uid = Request::get('fldUserID', G::get('fldUserID'));
$props['where'] = ['fldUserID' => G::get('fldUserID')];
$html .= Tag::form() . $resp->action(sprintf('%s->%s()', __CLASS__, __FUNCTION__))->toHidden() . Tag::table() . Tag::tr() . Tag::th() . 'User to edit' . Tag::_th() . Tag::td() . Lists::select('fldUserID', $userSql, ['onChange' => 'submit()', 'default' => $uid]) . Tag::_td() . Tag::_tr() . Tag::_table() . Tag::_form();
}
$formName = 'Admin_editAccount';
$valid = Validator::factory($formName)->addEqual('fldPassword', 'fldPassword_CHK', 'Your passwords do not match')->addLength('fldPassword', 'Password must be at least 6 characters', 6, null, true)->addExists('fldFirstName', 'You must enter your first name')->addExists('fldLastName', 'You must enter your last name');
$row = DB::oneRow(DB::DEF, 'SELECT * FROM tblUser WHERE fldUserID=?', $uid);
$html .= '<h2>Edit User Account</h2>' . $valid->toHtml() . Tag::form(['name' => $formName, 'onSubmit' => $valid->onSubmit()]) . $resp->action(sprintf('%s->%sSave()', __CLASS__, __FUNCTION__))->set('fldUserID', $uid)->toHidden() . Tag::table();
$html .= Tag::tr() . Tag::td() . Tag::table() . Tag::tr() . Tag::td() . 'User Name/Email' . Tag::_td() . Tag::td() . Tag::text('fldUser', $row['fldUser']) . Tag::_td() . Tag::_tr() . Tag::tr() . Tag::td() . 'Old Password' . Tag::_td() . Tag::td() . Tag::password('fldPassword_OLD') . Tag::_td() . Tag::_tr() . Tag::tr() . Tag::td() . 'Password' . Tag::_td() . Tag::td() . Tag::password('fldPassword') . Tag::_td() . Tag::_tr() . Tag::tr() . Tag::td() . 'Confirm Password' . Tag::_td() . Tag::td() . Tag::password('fldPassword_CHK') . Tag::_td() . Tag::_tr() . Tag::tr() . Tag::td() . 'Title' . Tag::_td() . Tag::td() . Tag::text('fldSalutation', $row['fldSalutation']) . Tag::_td() . Tag::_tr() . Tag::tr() . Tag::td() . 'First Name' . Tag::_td() . Tag::td() . Tag::text('fldFirstName', $row['fldFirstName']) . Tag::_td() . Tag::_tr() . Tag::tr() . Tag::td() . 'Last Name' . Tag::_td() . Tag::td() . Tag::text('fldLastName', $row['fldLastName']) . Tag::_td() . Tag::_tr() . Tag::tr() . Tag::td() . 'Time Zone' . Tag::_td() . Tag::td() . Lists::select('fldTimeZone', self::TZ_SQL, ['default' => $row['fldTimeZone']]) . Tag::_td() . Tag::_tr();
if (G::accessLevel(Privileges::getSecurityLevel('SITE ADMIN'))) {
$html .= Tag::tr() . Tag::td() . 'Security Level' . Tag::_td() . Tag::td() . Lists::select('fldLevel', self::LEVEL_SQL, ['default' => $row['fldLevel']]) . Tag::_td() . Tag::_tr() . Tag::tr() . Tag::td() . 'Login Fails' . Tag::_td() . Tag::td() . Tag::text('fldFails', $row['fldFails']) . Tag::_td() . Tag::_tr();
} else {
$html .= Tag::tr() . Tag::td() . 'Security Level' . Tag::_td() . Tag::td() . Privileges::getSecurityLevel($row['fldLevel']) . Tag::_td() . Tag::_tr() . Tag::tr() . Tag::td() . 'Login Fails' . Tag::_td() . Tag::td() . $row['fldFails'] . Tag::_td() . Tag::_tr();
}
$html .= Tag::tr() . Tag::td(['colspan' => 2]) . Tag::submit('Save') . Tag::_td() . Tag::_tr();
if (G::accessLevel(Privileges::getSecurityLevel('SITE ADMIN'))) {
$html .= Tag::tr() . Tag::td(['colspan' => 2]) . Tag::hRef('ajax.php?' . $resp->action(__CLASS__ . '->newUser()')->toUrl(), 'Create New User', ['class' => 'facebox']) . Tag::_td() . Tag::_tr();
}
$html .= Tag::_table() . Tag::_td() . Tag::td(['valign' => 'top', 'align' => 'center']) . Tag::table() . Tag::tr() . Tag::td(['valign' => 'top', 'align' => 'center']) . Gravatar::icon($row['fldUser'], 128) . Tag::_td() . Tag::_tr() . Tag::tr() . Tag::td() . Tag::linkButton(Gravatar::getURL(), 'Change Picture', ['target' => '_blank', 'title' => 'your gravatar is associated with your email address ' . $row['fldUser'] . ' (up to 24 hrs to change)']) . Tag::_td() . Tag::_tr();
if (G::accessLevel(Privileges::getSecurityLevel('SITE ADMIN')) && $uid != G::get('fldUserID')) {
$name = $row['fldFirstName'] . ' ' . $row['fldLastName'];
$html .= Tag::tr() . Tag::td() . Tag::linkButton('?' . $resp->action(__CLASS__ . '->loginAs()')->set('fldUser', $row['fldUser'])->toUrl(), 'Login as this User', ['title' => "Login as this user ({$name})"]) . Tag::_td() . Tag::_tr();
}
$html .= Tag::_table() . Tag::_td() . Tag::_tr() . Tag::_table() . Tag::_form();
return JS::library(JS::JQUERY) . JS::libraryWithDependancies(JS::FACEBOX) . JS::javaScript($jQuery) . $html;
}
public function __call($name, $arguments)
{
$fName = Cfg::get('site_path') . '/' . $name . '.html';
if (file_exists($fName)) {
return file_get_contents($fName);
} else {
return 'Unknown Method Call: ' . $name;
}
}
/** Function to set a Cookie
* @param $s The name of the Cookie
* @param $val The value of the Cookie
* @public
*/
public static function set($key, $val)
{
setcookie($key, self::$crypto->encrypt($val), time() + self::$timeout, Cfg::get('cookie_path', '/'));
}
public static function check(Request $request)
{
if (($formVarLen = $request->count()) == 0) {
return true;
}
foreach ($request as $key => $val) {
if (in_array($key, self::$knownFields)) {
$formVarLen--;
}
}
if ($formVarLen <= 0) {
return true;
}
if (($checksum = $request->getVar(self::CHECKSUM)) == '') {
$request->clear();
if (Cfg::get('jb_tamper_detail', false)) {
return 'Checksum Variable Missing from the request.';
} else {
self::$log->error('Checksum Variable Missing from the request: ' . $_SERVER['SCRIPT_NAME']);
return false;
}
} else {
if (!is_array($checksum)) {
$request->clear();
if (Cfg::get('jb_tamper_detail', false)) {
return 'Checksum Variable not an array.';
} else {
self::$log->error('Checksum Variable not an array: ' . $_SERVER['SCRIPT_NAME']);
return false;
}
} else {
if (count($checksum) != 2) {
$request->clear();
if (Cfg::get('jb_tamper_detail', false)) {
return 'Checksum Variable not 2 elements.';
} else {
self::$log->error('Checksum Variable not 2 elements: ' . $_SERVER['SCRIPT_NAME']);
return false;
}
} else {
if (!empty($checksum[0])) {
$keys = explode(',', $checksum[0]);
$allVariablesJoined = $checksum[0];
foreach ($keys as $key) {
$allVariablesJoined .= $request->getRaw($key);
}
} else {
$allVariablesJoined = '';
}
if (md5($allVariablesJoined) != $checksum[1]) {
$request->clear();
if (Cfg::get('jb_tamper_detail', false)) {
return 'Checksum failed md5(' . $allVariablesJoined . ')<>' . $checksum[1];
} else {
self::$log->error('The checksum has failed. The request variables have been tampered: ' . $_SERVER['SCRIPT_NAME']);
return false;
}
self::$log->error('The checksum has failed. The request variables have been tampered. ' . $_SERVER['SCRIPT_NAME']);
} else {
return true;
}
}
}
}
}
?>
</td>
<td width="100%" align="center">
© <?php
echo date('Y');
?>
.
Created by <a href="<?php
echo Cfg::get('site_url');
?>
"><?php
echo Cfg::get('title');
?>
</a>
<?php
echo Cfg::get('copyright');
?>
</td>
<td nowrap="nowrap" align="right">
<?php
echo $pageTimer->logLoadTime();
?>
</td>
</tr>
</table>
</td>
</tr>
</table>
<?php
/* <script src="//cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/js/bootstrap.min.js"></script> */
?>
