function getGroupInfo($groupid)
{
$sql = _db(true)->_selectQ(_dbTable("users_group", true), "*")->_where(array("id" => $groupid));
if (!isset($_SESSION['SESS_PRIVILEGE_ID']) || $_SESSION['SESS_PRIVILEGE_ID'] > ROLE_PRIME) {
$sql->_where(["guid" => $data['SESS_GUID']]);
}
$data = $sql->_GET();
if ($data) {
return $data[0];
} else {
return false;
}
}
function registerSettings($name, $value = "", $scope = "system")
{
if (is_file($value)) {
$value = json_decode(file_get_contents($value), true);
}
$data = array("guid" => $_SESSION['SESS_GUID'], "userid" => $_SESSION['SESS_USER_ID'], "site" => SITENAME, "scope" => strtolower($scope), "name" => $name, "settings" => $value);
$q = _db(true)->_insertQ1(_dbTable("settings", true), $data);
$res = _dbQuery($q, true);
if ($res) {
return true;
} else {
return false;
}
}
function checkUserID($userid, $site = SITENAME)
{
if ($userid == "root") {
return true;
}
if (!isset($_SESSION['SESS_PRIVILEGE_ID']) || $_SESSION['SESS_PRIVILEGE_ID'] > 2) {
$site = SITENAME;
}
$sql = _db(true)->_selectQ(_dbTable("users", true), "count(*) as cnt")->_where(array("blocked" => 'false', "userid" => $userid));
$sql1 = _db(true)->_selectQ(_dbTable("access", true), "id")->_where(array("blocked" => 'false'))->_whereRAW(' (FIND_IN_SET("' . SITENAME . '",sites) OR sites="*")');
$sql = $sql->_query("accessid", $sql1);
$res = _dbQuery($sql, true);
if ($res) {
$data = _dbData($res, true);
_dbFree($res, true);
return $data[0]['cnt'] > 0 ? true : false;
}
return false;
}
function setSettings($name, $value = "", $scope = "default")
{
if (strlen($name) <= 0 || !isset($_SESSION['SESS_USER_ID'])) {
return $defaultValue;
}
$sql = _db(true)->_selectQ(_dbTable("settings", true), "name,settings")->_where(array("userid" => $_SESSION['SESS_USER_ID'], "site" => SITENAME, "scope" => $scope, "name" => $name));
$res = _dbQuery($sql, true);
if ($res) {
$data = _dbData($res, true);
_dbFree($res, true);
if (isset($data[0])) {
$data = array("settings" => $value);
$q = _db(true)->_updateQ(_dbtable("settings", true), $data, array("userid" => $_SESSION['SESS_USER_ID'], "site" => SITENAME, "scope" => $scope, "name" => $name));
_dbQuery($q, true);
return $value;
}
}
if (registerSettings($name, $value, $scope)) {
return $value;
}
return false;
}
function changePWD()
{
$userid = $_SESSION["SESS_USER_ID"];
$tbl = _dbTable("users", true);
$sql1 = "SELECT pwd FROM {$tbl} WHERE userid='{$userid}'";
$r = _dbQuery($sql1, true);
$ra = _dbData($r);
if (!isset($ra[0])) {
$q = array("code" => "1", "msg" => "Error In Changing Password (1).");
echo json_encode($q);
exit;
}
$ra = $ra[0];
$_POST["old"] = getPWDHash($_POST["old"]);
$_POST["new"] = getPWDHash($_POST["new"]);
//printArray($ra);
//printArray($_POST);
//exit();
if ($ra["pwd"] != $_POST["old"]) {
$q = array("code" => "0", "msg" => "Old Password Doesn't Match. Please Use Correct Credentials. (2)");
echo json_encode($q);
exit;
}
$oldPwd = $_POST["old"];
$newPwd = $_POST["new"];
$date = date("Y-m-d");
$q = "UPDATE {$tbl} SET pwd = '{$newPwd}', doe = '{$date}' WHERE userid='{$userid}' and pwd='{$oldPwd}'";
_dbQuery($q, true);
if (_db(true)->affected_rows() <= 0) {
$q = array("code" => "0", "msg" => "Old Password Doesn't Match. Please Use Correct Credentials.(3)");
echo json_encode($q);
} else {
$q = array("code" => "1", "msg" => "Successfully Updated Your New Password");
echo json_encode($q);
}
}
function updateUser($attrs = array(), $userID = null, $site = SITENAME)
{
if (!isset($_SESSION['SESS_PRIVILEGE_ID']) || $_SESSION['SESS_PRIVILEGE_ID'] > ROLE_PRIME) {
$site = SITENAME;
$userID = $_SESSION['SESS_USER_ID'];
}
if ($userID == null && isset($_SESSION['SESS_USER_ID'])) {
$userID = $_SESSION['SESS_USER_ID'];
}
if (checkUserID($userID, $site)) {
$dataUser = $attrs;
$reqParams = explode(",", getConfig("USER_CREATE_REQUIRED_FIELDS"));
foreach ($reqParams as $vx) {
if (isset($dataUser[$vx]) && ($dataUser[$vx] == null || strlen($dataUser[$vx]) <= 0)) {
return array("error" => "Missing Field", "field" => $vx);
}
}
//Check PrivilegeID if required
if (isset($dataUser['privilegeid'])) {
$privilegeID = $dataUser['privilegeid'];
$sql = _db(true)->_selectQ(_dbTable("privileges", true), "count(*) as cnt")->_where(array("id" => $privilegeID))->_raw(" AND (site='" . SITENAME . "' OR site='*')");
$res = _dbQuery($sql, true);
if (!$res) {
return array("error" => "PrivilegeID Query Error");
}
$data = _dbData($res, true);
_dbFree($res, true);
if ($data[0]['cnt'] <= 0) {
return array("error" => "PrivilegeID Not Found This Site {$site}");
}
}
//Check AccessID if required
if (isset($dataUser['accessid'])) {
$accessID = $dataUser['accessid'];
$sql = _db(true)->_selectQ(_dbTable("access", true), "count(*) as cnt")->_where(array("blocked" => 'false', "id" => $accessID))->_raw(" AND (FIND_IN_SET('" . SITENAME . "',sites) OR sites='*')");
$res = _dbQuery($sql, true);
if (!$res) {
return array("error" => "AccessID Query Error");
}
$data = _dbData($res, true);
_dbFree($res, true);
if ($data[0]['cnt'] <= 0) {
return array("error" => "AccessID Not Found For This Site {$site}");
}
}
$sql = _db(true)->_updateQ(_dbtable("users", true), $dataUser, array("userid" => "{$userID}"));
$res = _dbQuery($sql, true);
if ($res) {
return true;
}
return array("error" => "Error In User Updating", "details" => _db(true)->get_error());
}
return array("error" => "UserID Not Found");
}
<?php
if (!defined('ROOT')) {
exit('No direct script access allowed');
}
$sql = "SELECT * FROM " . _dbTable("links") . " WHERE menuid='header' AND (site='" . SITENAME . "' OR site='*') AND blocked='false' AND onmenu='true' AND (device='*')";
$res = _dbQuery($sql);
if ($res) {
$menuData = _dbData($res);
_dbFree($res);
} else {
$menuData = array();
}
?>
<style>
.hea-navbar .dropdown-menu {
margin-left: -150px;
padding-top: 5px;padding-bottom: 5px;
right: 0px;left: auto;
}
.hea-navbar .dropdown-menu li {
display: block !important;
float:none !important;
}
.hea-navbar .dropdown-menu a {
padding-bottom: 0px;
padding-top: 0px;
width: 100%;
line-height: 30px;
}
#header .toggle {display: none;}
function printAvatarPhoto($method)
{
if (isset($_REQUEST['authorid']) && strlen($_REQUEST['authorid']) > 0) {
$authorid = explode("@", $_REQUEST['authorid']);
$authorid = $authorid[0];
if ($method == "facebook") {
//$url="http://graph.facebook.com/{$authorid}/picture?type=large";//?redirect=false
$url = "http://avatars.io/facebook/{$authorid}/large";
$data = file_get_contents($url);
printAvatar($data, "jpeg");
} elseif ($method == "gravatar") {
$url = "http://www.gravatar.com/avatar/" . md5(strtolower(trim($_REQUEST['authorid']))) . "?s=80&d=mm&r=g";
$data = file_get_contents($url);
printAvatar($data, "png");
} elseif ($method == "twitter") {
$url = "http://avatars.io/twitter/{$authorid}/large";
$data = file_get_contents($url);
printAvatar($data, "jpeg");
} elseif ($method == "instagram") {
$url = "http://avatars.io/instagram/{$authorid}/large";
$data = file_get_contents($url);
printAvatar($data, "jpeg");
} elseif ($method == "email") {
//d= Default imageset to use [ 404 | mm | identicon | monsterid | wavatar ]
//r= Maximum rating (inclusive) [ g | pg | r | x ]
$url = "http://www.gravatar.com/avatar/";
$url .= md5(strtolower(trim($_REQUEST['authorid'])));
$url .= "?s=120&d=identicon&r=g";
$data = file_get_contents($url);
printAvatar($data, "png");
//printDefaultAvatar();
} elseif ($method == "logiks") {
$profilePhoto = APPROOT . APPS_USERDATA_FOLDER . "profile_photos/{$_REQUEST['authorid']}";
if (file_exists($profilePhoto . ".png")) {
header("content-type:image/png");
readfile($profilePhoto . ".png");
} elseif (file_exists($profilePhoto . ".gif")) {
header("content-type:image/gif");
readfile($profilePhoto . ".gif");
} elseif (file_exists($profilePhoto . ".jpg")) {
header("content-type:image/jpg");
readfile($profilePhoto . ".jpg");
} elseif (file_exists($profilePhoto . ".jpeg")) {
header("content-type:image/jpeg");
readfile($profilePhoto . ".jpeg");
} else {
printDefaultAvatar();
}
} elseif ($method == "photoid") {
if (!isset($_REQUEST['src'])) {
$_REQUEST['src'] = getConfig("DBTABLE_AVATAR");
if (strlen($_REQUEST['src']) <= 0) {
$_REQUEST['src'] = _dbTable("avatar");
}
}
$lx = _service("viewphoto") . "&type=view&loc=db&dbtbl={$_REQUEST['src']}&image={$_REQUEST['authorid']}";
header("Location:{$lx}");
exit;
}
} else {
printDefaultAvatar();
}
}
function restoreOldSession($sessionData, $userid, $domain, $dbLink, $params = array())
{
$data = $_ENV['AUTH-DATA'];
$sessionID = $sessionData['token'];
$q1 = $dbLink->_selectQ(_dbTable("log_sessions", true), "*", array("sessionid" => $sessionID, "user" => $userid, "client" => _server('REMOTE_ADDR'), "user_agent" => _server('HTTP_USER_AGENT')));
$result = $dbLink->executeQuery($q1);
if ($result) {
$logData = $dbLink->fetchAllData($result);
$dbLink->freeResult($result);
if ($logData != null && count($logData) > 0) {
$logData = $logData[0];
$logData['session_data'] = stripslashes($logData['session_data']);
$logData['session_data'] = json_decode($logData['session_data'], true);
session_regenerate_id();
foreach ($logData['session_data'] as $key => $value) {
$_SESSION[$key] = $value;
}
setcookie("LOGIN", "true", time() + 36000);
setcookie("USER", $_SESSION['SESS_USER_ID'], time() + 36000);
setcookie("TOKEN", $_SESSION['SESS_TOKEN'], time() + 36000);
setcookie("SITE", $_SESSION['SESS_LOGIN_SITE'], time() + 36000);
//$logData['global_data']$GLOBALS
//printArray($_SESSION);exit();
gotoSuccessLink();
} else {
logoutOldSessions($userid, $domain, $dbLink, $params);
startNewSession($userid, $domain, $dbLink, $params);
}
} else {
logoutOldSessions($userid, $domain, $dbLink, $params);
startNewSession($userid, $domain, $dbLink, $params);
}
exit;
}
function restoreOldSession($sessionData, $userid, $domain, $params = array())
{
$data = $_ENV['AUTH-DATA'];
$sessionID = $sessionData['token'];
$logData = _db(true)->_selectQ(_dbTable("cache_sessions", true), "*", array("session_key" => $sessionID, "userid" => $userid, "site" => $domain, "device" => getUserDeviceType(), "client_ip" => $_SERVER['REMOTE_ADDR']))->_get();
if (!empty($logData)) {
$logData = $logData[0];
$logData['session_data'] = stripslashes($logData['session_data']);
$logData['session_data'] = json_decode($logData['session_data'], true);
session_regenerate_id();
foreach ($logData['session_data'] as $key => $value) {
$_SESSION[$key] = $value;
}
setcookie("LOGIN", "true", time() + 36000);
setcookie("USER", $_SESSION['SESS_USER_ID'], time() + 36000);
setcookie("TOKEN", $_SESSION['SESS_TOKEN'], time() + 36000);
setcookie("SITE", $_SESSION['SESS_LOGIN_SITE'], time() + 36000);
//$logData['global_data']$GLOBALS
//printArray($_SESSION);exit();
gotoSuccessLink();
} else {
logoutOldSessions($userid, $domain, $params);
startNewSession($userid, $domain, $params);
}
}
$rssid = $_REQUEST['rss'];
$tbl = _dbTable($rsstable);
$temp_FULL_MEDIA_PATH = getConfig("FULL_MEDIA_PATH");
setConfig("FULL_MEDIA_PATH", "true");
$rss = RSSGen::generateFromDB($tbl, $rssid);
setConfig("FULL_MEDIA_PATH", $temp_FULL_MEDIA_PATH);
if (strlen($rss) > 0) {
RSSGen::printRSSHeader();
echo $rss;
}
exit;
} elseif (isset($_REQUEST['list'])) {
if (!isset($_REQUEST['format'])) {
$_REQUEST['format'] = "json";
}
$tbl = _dbTable($rsstable);
$list = RSSGen::listFeeds($tbl);
if (count($list) > 0) {
foreach ($list as $a => $b) {
$list[$a]['link'] = SiteLocation . "services/?scmd=rss&rss={$b['rssid']}";
}
if ($_REQUEST['format'] == "json") {
echo json_encode($list);
} elseif ($_REQUEST['format'] == "table") {
$s = "<table width=100% cellpadding=2 cellspacing=0 border=0>";
foreach ($list as $a) {
$s .= "<tr>";
foreach ($a as $m => $n) {
$s .= "<td name='{$m}'>{$n}</td>";
}
$s .= "</tr>";
printHeader($doc, $type);
printVFile($doc);
exit;
} else {
displayLocalImage("images/forbidden.png", "view");
exit;
}
}
}
displayLocalImage("images/warning.png", "view");
} elseif (strtolower($_REQUEST['loc']) == "dbfile") {
$dbtbl = "";
if (isset($_REQUEST['dbtbl'])) {
$dbtbl = $_REQUEST['dbtbl'];
} else {
$dbtbl = _dbTable("files");
}
$sql = "SELECT file_name,file_type,file_data,file_size FROM {$dbtbl} WHERE ID=" . $_REQUEST['file'];
$result = _db()->executeQuery($sql);
if ($result) {
if (_db()->recordCount($result) > 0) {
$record = _db()->fetchData($result);
$darr = explode(".", $record["file_name"]);
$ext = $darr[sizeOf($darr) - 1];
printHeader($record["file_name"], $type);
echo $record["file_data"];
exit;
}
}
displayLocalImage("images/warning.png", "view");
} else {
function fetchUserRoleHash($userid)
{
$tbl1 = _dbTable("users", true);
$tbl2 = _dbTable("privileges", true);
$data = _db(true)->_raw("SELECT md5(concat({$tbl2}.id,{$tbl2}.name)) as hash FROM {$tbl1},{$tbl2} WHERE {$tbl1}.privilegeid={$tbl2}.id AND {$tbl1}.userid='{$userid}'")->_get();
if (isset($data[0])) {
return $data[0]['hash'];
} else {
return false;
}
}
function displayDBImage($imgID, $type = "view")
{
$dbtbl = "";
if (isset($_REQUEST['dbtbl'])) {
$dbtbl = $_REQUEST['dbtbl'];
} else {
$dbtbl = _dbTable("photos");
}
$sql = "SELECT image_type,image_data,image_size FROM {$dbtbl} WHERE ID={$imgID}";
$result = _db()->executeQuery($sql);
if ($result) {
if (_db()->recordCount($result) > 0) {
$record = _db()->fetchData($result);
$ext = str_replace("image/", "", $record["image_type"]);
printHeader("download.{$ext}", $type);
echo $record["image_data"];
exit;
}
}
displayLocalImage("images/warning.png", "view");
}
function moveFile($file)
{
if (strlen($file['name']) == 0 && $file['size'] == 0 && strlen($file['tmp_name']) == 0) {
return array();
}
$lnk = "";
$maxFileSize = $_POST['MAX_FILE_SIZE'];
$ifFileExists = $_POST['IF_FILE_EXISTS'];
//replace,noreplace
$fileAct = $_POST['FILE_ACTION'];
//create,replace,delete
$storeTxtToDB = $_POST['TEXT_EXTRACTION'];
//true,false,yes,no
$storeType = "fs";
$storePath = "attachments/";
if (strlen($file['src']) == 0) {
$file['src'] = "fs#attachments/";
}
if (strpos($file['src'], "fs#") === 0) {
$storePath = substr($file['src'], 3);
$storeType = "fs";
if (strlen($storePath) <= 0) {
$storePath = "attachments/";
}
} elseif (strpos($file['src'], "db#") === 0) {
$storePath = substr($file['src'], 3);
$storeType = "db";
if (strlen($storePath) <= 0) {
$storePath = _dbTable("files");
}
} else {
$file['src'] = "fs#attachments/";
$storePath = substr($file['src'], 3);
$storeType = "fs";
if (strlen($storePath) <= 0) {
$storePath = "attachments/";
}
}
$exts = explode(".", $file['name']);
if (count($exts) > 1) {
$ext = $exts[count($exts) - 1];
} else {
$ext = "";
}
$fname = substr($file['name'], 0, strlen($file['name']) - strlen($ext));
if (strpos($fname, ".") === strlen($fname) - 1) {
$fname = substr($fname, 0, strlen($fname) - 1);
}
if ($storeType == "fs") {
$newName = md5(rand() * time()) . "-" . str_replace(" ", "_", $fname);
$targetPath = APPROOT . APPS_USERDATA_FOLDER . "{$storePath}/{$newName}.{$ext}";
$targetPath = str_replace("//", "/", $targetPath);
if (!file_exists(dirname($targetPath))) {
mkdir(dirname($targetPath), 0777, true);
chmod(dirname($targetPath), 0777);
}
if (!file_exists(dirname($targetPath))) {
return array("Error" => "Failed To Create TargetPath Folder.");
}
if (file_exists($targetPath)) {
if ($ifFileExists == "replace") {
unlink($targetPath);
} elseif ($ifFileExists == "noreplace") {
return array("Error" => "File Exists At The Target.");
}
}
if ($fileSize < $maxFileSize) {
if (@move_uploaded_file($file['tmp_name'], $targetPath)) {
return str_replace("//", "/", "{$storePath}/{$newName}.{$ext}");
} else {
return array("Error" => "Failed To Move File To Destination.");
}
} else {
return array("Error" => "File Size Is More Then Max.");
}
} elseif ($storeType == "db") {
$date = date("Y-m-d");
$usr = getUserInfo();
$defData['date'] = $date;
$defData['time'] = date('H:i:s');
$defData['doc'] = $date;
$defData['doe'] = $date;
$defData['datestamp'] = date('Y-m-d H:i:s');
$defData['username'] = $usr['SESS_USER_NAME'];
$defData['userid'] = $usr['SESS_USER_ID'];
$defData['privilegeid'] = _session('SESS_PRIVILEGE_ID');
$defData['scanBy'] = _session('SESS_USER_ID');
$defData['site'] = SITENAME;
$fileName = $file['name'];
$fileType = $file['type'];
$fileSize = $file['size'];
$fileData = "";
$meta = "";
$txtData = "";
if (isset($_POST['tags'])) {
$tags = $_POST['tags'];
} else {
$tags = "";
}
if (isset($_POST['remarks'])) {
$remarks = $_POST['remarks'];
} else {
$remarks = "";
}
if ($fileSize < $maxFileSize) {
$fileData = file_get_contents($file['tmp_name']);
$fileData = mysql_real_escape_string($fileData);
if ($storeTxtToDB || $storeTxtToDB == "true") {
$txtData = getTextData($fileData, $fileType);
}
} else {
return array("Error" => "File Size Is More Then Max.");
}
if (strpos("#" . $storePath, $GLOBALS["DBCONFIG"]["DB_SYSTEM"]) == 1) {
$sysDb = true;
} else {
$sysDb = false;
}
$insertQuery = "INSERT INTO {$storePath} ";
$insertQuery .= "(datestamp,title,txt_data,file_name,file_data,file_type,file_size,remarks,tags,meta,site,userid,doc,doe) VALUES ";
$insertQuery .= "('{$defData['datestamp']}','{$fname}',\"{$txtData}\",'{$fileName}',\"{$fileData}\",'{$fileType}','{$fileSize}','{$remarks}','{$tags}',";
$insertQuery .= "'{$meta}','{$defData['site']}','{$defData['userid']}','{$defData['doc']}','{$defData['doe']}')";
//echo $insertQuery;
$a = _dbQuery($insertQuery, $sysDb);
if ($a) {
return _db($sysDb)->insert_id();
}
return array("Error" => "Error In MySQL Query.");
}
return array("Error" => "StorageType Not Supported.");
}
