Exemplo n.º 1
0
<?php

// +----------------------------------------------------------------------
// | Demila [ Beautiful Digital Content Trading System ]
// +----------------------------------------------------------------------
// | Copyright (c) 2015 http://demila.org All rights reserved.
// +----------------------------------------------------------------------
// | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
// +----------------------------------------------------------------------
// | Email author@demila.org
// +----------------------------------------------------------------------
_setView(__FILE__);
$commentID = get_id(2);
$commentsClass = new comments();
$comment = $commentsClass->get($commentID);
if (!is_array($comment)) {
    addErrorMessage($langArray['wrong_comment'], '', 'error');
} else {
    abr('show_form', 'yes');
    abr('comment', $comment);
}
Exemplo n.º 2
0
                $total_money = floatval($item['prepaid_price']) + floatval($item['your_profit']);
                $ordersClass->buy($total_money);
                refresh('/' . $languageURL . 'download/', $langArray['complete_buy_theme'], 'complete');
            }
        }
    } elseif ($_POST['licence'] == 'extended') {
        if (isset($_POST['pay_method']) && $_POST['pay_method'] == 'paymethod') {
            $orderID = $ordersClass->add($item['extended_price'], 'true');
            if (isset($_SESSION['tmp']['deposit_id'])) {
                unset($_SESSION['tmp']['deposit_id']);
            }
            $_SESSION['tmp']['order_id'] = $orderID;
            refresh('/' . $languageURL . 'items/payment/');
        } else {
            if ($_SESSION['user']['total'] < $item['extended_price']) {
                addErrorMessage($langArray['error_not_enought_money'], '', 'error');
            } else {
                $ordersClass->buy($item['extended_price'], true);
                refresh('/' . $languageURL . 'download/', $langArray['complete_buy_theme'], 'complete');
            }
        }
    }
}
#标签标记作品
require_once ROOT_PATH . '/apps/items/controllers/bookmark.php';
#是否免费文件
if ($item['free_file'] == 'true') {
    abr('freeFileMessage', langMessageReplace($langArray['free_file_info'], array('URL' => '/' . $languageURL . 'users/downloads/' . $item['id'])));
}
#加载其它作品
$otherItems = $itemsClass->getAll(0, 6, " `status` = 'active' AND `id` <> '" . intval($itemID) . "' AND `user_id` = '" . intval($item['user_id']) . "' ", "RAND()");
Exemplo n.º 3
0
#加载类别
$categoriesClass = new ccategories();
$categories = $categoriesClass->getAll(0, 0, " `visible` = 'true'");
abr('categories', $categories);
#发送联系支持请求
if (isset($_POST['action'])) {
    //验证码验证
    if (isset($_POST['verify'])) {
        if (empty($_POST['verify'])) {
            addErrorMessage($langArray['error_verify_invalid_empty'], '', 'error');
        }
        require_once ROOT_PATH . '/classes/Verify.class.php';
        $verify = new Verify();
        $yz_verify = $verify->check($_POST['verify'], 1);
        if (!$yz_verify) {
            addErrorMessage($langArray['error_invalid_verify'], '', 'error');
        } else {
            $contactsClass = new contacts();
            $s = $contactsClass->add();
            if ($s === true) {
                refresh('/' . $languageURL . 'support/', $langArray['complete_send_email'], 'complete');
            } else {
                addErrorMessage($langArray['error_all_fields_required'], '', 'error');
            }
        }
    } else {
        addErrorMessage($langArray['error_verify_invalid_empty'], '', 'error');
    }
}
#面包屑
abr('breadcrumb', '<a href="/' . $languageURL . '" title="">' . $langArray['home'] . '</a> \\ <a href="/' . $languageURL . 'contacts/" title="">' . $langArray['contacts'] . '</a>');
Exemplo n.º 4
0
<?php

// +----------------------------------------------------------------------
// | Demila [ Beautiful Digital Content Trading System ]
// +----------------------------------------------------------------------
// | Copyright (c) 2015 http://demila.org All rights reserved.
// +----------------------------------------------------------------------
// | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
// +----------------------------------------------------------------------
// | Email author@demila.org
// +----------------------------------------------------------------------
require_once ROOT_PATH . '/apps/collections/models/collections.class.php';
$collectionsClass = new collections();
if (check_login_bool() && isset($_POST['add_collection'])) {
    $s = $collectionsClass->bookmark($itemID);
    if ($s === true) {
        refresh('/' . $languageURL . 'items/' . $itemID, $langArray['complete_bookmark_item'], 'complete');
    } else {
        addErrorMessage($s, '还没有创建书签集', 'error');
    }
}
if (check_login_bool()) {
    $collections = $collectionsClass->getAll(0, 0, " `user_id` = '" . intval($_SESSION['user']['user_id']) . "' ");
    abr('bookCollections', $collections);
}
Exemplo n.º 5
0
    }
    if ($dnid = $_POST['default']) {
        c2r_user_number_default($uid, $dnid);
    }
} else {
    if (isset($_POST['validate_unid']) && ($vunid = $_POST['validate_unid'])) {
        c2r_user_number_activate($vunid, $_POST['code']);
    }
    if (isset($_POST['number']) && ($number = $_POST['number'])) {
        if (!eregi("^\\+[0-9]+\$", $number)) {
            addErrorMessage(t('This phone number has a wrong format. Please use the + sign, followed by country code, area code and your individual number.'));
        } else {
            $sql = "select number from users u, user_number un where u.is_active=True and un.user_id=u.id and number='{$number}'";
            $result = query($sql);
            if (pg_fetch_row($result)) {
                addErrorMessage('This number is already used!');
            } else {
                c2r_user_number_add($user->id, $number);
                addInfoMessage(t('Please validate ') . $number . t('. Enter the Code you get via SMS.'));
            }
        }
    }
    if (isset($_GET['number_delete']) && ($del_unid = $_GET['number_delete'])) {
        addInfoMessage(t('Phone number deleted'));
        c2r_user_number_delete($del_unid);
    }
    if (isset($_POST['default']) && ($dnid = $_POST['default'])) {
        c2r_user_number_default($user->id, $dnid);
    }
    if (isset($_POST['dlid']) && ($dlid = $_POST['dlid']) && isset($_POST['language']) && ($lng = $_POST['language'])) {
        c2r_user_update_default_location($user->id, $dlid);
Exemplo n.º 6
0
                $has_errors = true;
            }
        }
    }
    if (!$has_errors) {
        c2r_userinfo_insert($_POST['name'], $_POST['email'], $_POST['cid'], $_POST['dlid'], $_POST['gid'], $_POST['is_active'], $_POST['number']);
        unset($_POST);
    } else {
        if ($duplicate_email) {
            $e_msg = 'Duplicate Email: ' . $_POST['email'];
            addErrorMessage($e_msg);
            c2r_log_error('Add User', $e_msg);
        }
        if ($duplicate_number) {
            $e_msg = 'Duplicate Numbers: ' . $_POST['number'];
            addErrorMessage($e_msg);
            c2r_log_error('Add User', $e_msg);
        }
    }
}
$users = c2r_users_get($user->group_id < 3 ? $user->company_id : 0);
foreach ($users as $uid => $u) {
    $ui = c2r_get_user_info_object($uid);
    $users[$uid]->ui = $ui;
}
$locations = c2r_locations_get(0, $user->group_id < 3 ? $user->company_id : 0);
$companies = c2r_companies_get();
$smarty->assign('companies', $companies);
$smarty->assign('locations', $locations);
$smarty->assign('has_errors', $has_errors);
$smarty->assign('users', $users);
Exemplo n.º 7
0
_setView(__FILE__);
_setTitle($langArray['make_payment_setTitle']);
$deposit_id = 0;
if (isset($_SESSION['tmp']['deposit_id'])) {
    $deposit_id = (int) $_SESSION['tmp']['deposit_id'];
}
require_once ROOT_PATH . '/apps/users/models/deposit.class.php';
$cms = new deposit();
$deposit_info = $cms->get($deposit_id);
//充值信息
if ($deposit_info) {
    $payments = glob(dirname(dirname(dirname(__FILE__))) . '/payments/controllers/*.php');
    $payments_data = array();
    //充值方式
    if ($payments) {
        $order_obj = array();
        $key = 'chinabank';
        require_once ROOT_PATH . '/apps/payments/models/' . $key . '.class.php';
        $order_obj[$key] = new $key();
        $payments_data[$key] = array('title' => '网银在线', 'description' => '网银在线订单支付', 'form' => $order_obj[$key]->generateDepositForm($deposit_info), 'logo' => '');
        if ($payments_data) {
            abr('payments_data', $payments_data);
        } else {
            addErrorMessage($langArray['no_payment_methods'], '', 'error');
        }
    } else {
        addErrorMessage($langArray['no_payment_methods'], '', 'error');
    }
} else {
    addErrorMessage($langArray['deposit_is_expired'], '', 'error');
}
Exemplo n.º 8
0
<?php

// +----------------------------------------------------------------------
// | Demila [ Beautiful Digital Content Trading System ]
// +----------------------------------------------------------------------
// | Copyright (c) 2015 http://demila.org All rights reserved.
// +----------------------------------------------------------------------
// | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
// +----------------------------------------------------------------------
// | Email author@demila.org
// +----------------------------------------------------------------------
_setView(__FILE__);
if (!isset($_GET['email'])) {
    refresh('/');
}
require_once ROOT_PATH . "/apps/bulletin/models/bulletin.class.php";
$bulletinClass = new bulletin();
$bulletinClass->deleteEmail($_GET['email']);
addErrorMessage($_GET['email'] . $langArray['complete_unsubscribe'], '', 'complete');
Exemplo n.º 9
0
<?php

// +----------------------------------------------------------------------
// | Demila [ Beautiful Digital Content Trading System ]
// +----------------------------------------------------------------------
// | Copyright (c) 2015 http://demila.org All rights reserved.
// +----------------------------------------------------------------------
// | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
// +----------------------------------------------------------------------
// | Email author@demila.org
// +----------------------------------------------------------------------
_setView(__FILE__);
_setTitle($langArray['view']);
if (!isset($_GET['id']) || !is_numeric($_GET['id'])) {
    refresh('?m=' . $_GET['m'] . '&c=list', 'INVALID ID', 'error');
}
if (!isset($_GET['p'])) {
    $_GET['p'] = '';
}
$cms = new contacts();
$data = $cms->get($_GET['id']);
if (isset($_POST['send'])) {
    $s = $cms->sendAnswer();
    if ($s === true) {
        refresh('?m=' . $_GET['m'] . '&c=list', $langArray['complete_answer_issue'], 'complete');
    } else {
        addErrorMessage($langArray['error_answer_issue'], '', 'error');
    }
}
$_POST = $data;
require_once ROOT_PATH . '/apps/lists/leftlist_admin.php';
Exemplo n.º 10
0
$quizClass = new quiz();
$answersClass = new answers();
$questions = $quizClass->getAll(0, 0, '', 'RAND()');
abr('questions', $questions);
$answers = $answersClass->getAll(0, 0, '', true);
abr('answers', $answers);
if ($_SESSION['user']['quiz'] != 'false') {
    refresh('/' . $languageURL . 'author_dashboard/');
}
#检查测验
if (isset($_POST['submit'])) {
    $rightAnswers = 0;
    if (isset($_POST['answers']) && is_array($_POST['answers'])) {
        foreach ($_POST['answers'] as $question => $answer) {
            if (isset($answers[$question][$answer]) && $answers[$question][$answer]['right'] == 'true') {
                $rightAnswers++;
            }
        }
    }
    if ($rightAnswers > 0 && count($questions) == $rightAnswers) {
        $_SESSION['user']['quiz'] = 'true';
        require_once ROOT_PATH . '/apps/users/models/users.class.php';
        $usersClass = new users();
        $usersClass->updateQuiz($_SESSION['user']['user_id'], 'true');
        refresh('/' . $languageURL . 'users/dashboard/', $langArray['complete_score_quiz'], 'complete');
    } else {
        addErrorMessage(langMessageReplace($langArray['error_quiz'], array('RIGHT' => $rightAnswers, 'TOTAL' => count($questions))), '', 'error');
    }
}
#面包屑
abr('breadcrumb', '<a href="/' . $languageURL . '" title="">' . $langArray['home'] . '</a> \\ <a href="/' . $languageURL . 'quiz/" title="">' . $langArray['quiz'] . '</a>');
Exemplo n.º 11
0
/**
 * do several things??? with groups and memberships
 *
 * TODO: rename, maybe to groupMembership?
 *
 * @return string; html form
 */
function subscribeGroup()
{
    global $user;
    include_once CHURCHDB . '/churchdb_db.php';
    $sql_gruppenteilnahme = "SELECT g.bezeichnung, gpg.*\n                           FROM {cdb_gemeindeperson_gruppe} gpg, {cdb_gemeindeperson} gp, {cdb_gruppe} g\n                           WHERE gpg.gemeindeperson_id=gp.id AND gp.person_id=:person_id AND gpg.gruppe_id=g.id AND g.id=:g_id";
    $sGroup = getVar("subscribegroup");
    //   if ($sGroup = getVar("subscribegroup")) { // should also work
    if ($sGroup > 0) {
        $res = db_query("SELECT * FROM {cdb_gruppe}\n                     WHERE id=:id AND offen_yn=1", array(":id" => $sGroup))->fetch();
        if (!$res) {
            addErrorMessage(t("error.requesting.group.membership"));
        } else {
            include_once CHURCHDB . '/churchdb_ajax.php';
            $grp = db_query($sql_gruppenteilnahme, array(":person_id" => $user->id, ":g_id" => $sGroup))->fetch();
            if (!$grp) {
                churchdb_addPersonGroupRelation($user->id, $res->id, -2, null, null, null, t("request.by.form"));
            } else {
                _churchdb_editPersonGroupRelation($user->id, $res->id, -2, null, "null", t("request.quit.membership.by.form"));
            }
            addInfoMessage(t("membership.requested.by.form.leader.will.be.informed", "<i>{$res->bezeichnung}</i>"));
        }
    }
    $uGroup = getVar("unsubscribegroup");
    //  if ($uGroup = getVar("unsubscribegroup")) { // should also work
    if ($uGroup > 0) {
        $res = db_query($sql_gruppenteilnahme, array(":person_id" => $user->id, ":g_id" => $uGroup))->fetch();
        if (!$res) {
            addErrorMessage(t("error.quitting.membership"));
        } else {
            include_once CHURCHDB . '/churchdb_ajax.php';
            _churchdb_editPersonGroupRelation($user->id, $res->gruppe_id, -1, null, "null", t("request.quit.membership.by.form"));
            addInfoMessage(t("membership.marked.for.deleting", "<i>{$res->bezeichnung}</i>"));
        }
    }
    // get groups the user is member of or requested membership
    $res = db_query("SELECT gpg.gruppe_id, status_no\n                   FROM {cdb_gemeindeperson_gruppe} gpg, {cdb_gemeindeperson} gp\n                   WHERE gpg.gemeindeperson_id=gp.id AND gp.person_id={$user->id}");
    $mygroups = array();
    foreach ($res as $p) {
        $mygroups[$p->gruppe_id] = $p;
    }
    // get all open groups
    $res = db_query("SELECT * FROM {cdb_gruppe} p\n                   WHERE offen_yn=1 AND ((abschlussdatum IS NULL) OR (DATE_ADD( abschlussdatum, INTERVAL 1 DAY ) > NOW( )))");
    $txt = "";
    $txt_subscribe = "";
    $txt_unsubscribe = "";
    foreach ($res as $g) {
        // groups user is not member of
        if (!isset($mygroups[$g->id]) || $mygroups[$g->id]->status_no == -1) {
            if ($g->max_teilnehmer == null || churchdb_countMembersInGroup($g->id) < $g->max_teilnehmer) {
                $txt_subscribe .= "<option value='{$g->id}'>{$g->bezeichnung}";
                if ($g->max_teilnehmer) {
                    $txt_subscribe .= " (max. {$g->max_teilnehmer})";
                }
            }
        } else {
            if ($mygroups[$g->id]->status_no <= 0) {
                $txt_unsubscribe .= "<option value='{$g->id}'>{$g->bezeichnung}";
                if ($mygroups[$g->id]->status_no == -2) {
                    $txt_unsubscribe .= " [beantragt]";
                }
            }
        }
    }
    if ($txt_subscribe || $txt_unsubscribe) {
        $txt = '<form method="GET" action="?q=home">';
        if ($txt_subscribe) {
            $txt .= '<p>' . t("apply.for.group.membership") . ':<p><select name="subscribegroup"><option>' . $txt_subscribe . '</select>';
        }
        if ($txt_unsubscribe) {
            $txt .= '<p>' . t("quit.group.membership") . ':<p><select name="unsubscribegroup"><option>' . $txt_unsubscribe . '</select>';
        }
        $txt .= '<P><button class="btn" type="submit" name="btn">' . t("send") . '</button>';
        $txt .= '</form>';
    }
    return $txt;
}
Exemplo n.º 12
0
if (check_login_bool() && isset($_POST['add'])) {
    $s = $commentsClass->add();
    if ($s === true) {
        refresh('/' . $languageURL . 'items/comments/' . $itemID, $langArray['complete_add_comment'], 'complete');
    } else {
        addErrorMessage($langArray['error_item_comment'], '', 'error');
    }
} elseif (isset($_POST['add_reply'])) {
    if (!isset($_POST['comment_id'])) {
        $_POST['comment_id'] = 0;
    }
    $s = $commentsClass->add($_POST['comment_id']);
    if ($s === true) {
        refresh('/' . $languageURL . 'items/comments/' . $itemID, $langArray['complete_add_reply'], 'complete');
    } else {
        addErrorMessage($langArray['error_item_comment'], '', 'error');
    }
}
$comments = $commentsClass->getAll(START, LIMIT, " `item_id` = '" . intval($itemID) . "' AND `reply_to` = '0' ", true, '`datetime` ASC');
if (is_array($comments)) {
    $users = $usersClass->getAll(0, 0, $commentsClass->usersQuery);
    abr('users', $users);
    $ordersClass = new orders();
    $buyFromUsers = $ordersClass->isItemBuyed($itemID, $commentsClass->usersQuery);
    abr('buyFromUsers', $buyFromUsers);
}
abr('comments', $comments);
abr('paging', paging('/' . $languageURL . 'items/comments/' . $itemID . '/?p=', '', PAGE, LIMIT, $commentsClass->foundRows));
#标签标记作品
require_once ROOT_PATH . '/apps/items/controllers/bookmark.php';
#是否免费文件
Exemplo n.º 13
0
    if (!$has_error) {
        if ($_GET['route']) {
            $r = c2r_routes_get($_GET['route_id']);
            $res = c2r_request_ride_route($_GET['user_number_id'], $_GET['location_id'], $r->key, $_GET['reverse'], $time_earliest, $time_latest, $sdate);
        } else {
            $sp = c2r_pickuppoints_get($_GET['start_point']);
            $ep = c2r_pickuppoints_get($_GET['end_point']);
            $res = c2r_request_ride($_GET['user_number_id'], $_GET['location_id'], $sp->key, $ep->key, $time_earliest, $time_latest, $sdate);
        }
        if ($res) {
            addInfoMessage($res);
            header("Location: " . OCP_BASE_URL . "matchingoffers.php");
            /* Redirect browser */
            exit;
        } else {
            addErrorMessage(t('An error occurred'));
        }
    }
}
smarty_display('request');
exit;
$title = 'Request';
$page_id = 'index';
include 'design/header.php';
?>

<script type="text/javascript" charset="utf-8">
	function change_select (val) {
		if (val) {
			$('#point_select').hide();
			$('#route_select').show();
Exemplo n.º 14
0
/**
 * view log
 *
 * TODO: maybe the html should be in a sort of template?
 */
function churchcore__logviewer()
{
    if (!user_access("view logfile", "churchcore")) {
        addErrorMessage(t("no.permission.for", "LogViewer"));
        return " ";
    }
    $txt = '<div class="row-fluid">';
    $txt .= '<div class="span3 bs-docs-sidebar">';
    $txt .= '<ul id="navlist" class="nav nav-list bs-docs-sidenav affix-top">';
    $txt .= '<li><a href="#log1">' . t("important.logs") . '</a>';
    $txt .= '<li><a href="#log2">' . t("last.accesses") . '</a>';
    $txt .= '<li><a href="#log3">' . t("top.accesses") . '</a>';
    $txt .= '</div>';
    $txt .= '<div class="span9">';
    $limit = 200;
    if (getVar("showmore")) {
        $limit = 1000;
    }
    $filter = "txt LIKE 'Sende Mail%' OR txt LIKE 'Gruppe:%' OR level<3";
    $val = "";
    $params = array();
    if ($f = getVar("filter")) {
        $filter = "txt LIKE :filter";
        $params[":filter"] = '%' . $f . '%';
        $val = $f;
    }
    $txt .= '<anchor id="log1"/><h2>' . t("logviewer") . '</h2>';
    $res = db_query("SELECT p.id p_id, p.vorname, p.name, log.datum, log.level, log.domain_type, log.domain_id, log.txt\n                   FROM {cdb_person} p RIGHT JOIN\n                     (SELECT person_id, datum, level, domain_type, domain_id, txt\n                      FROM {cdb_log} l\n                      WHERE {$filter}\n  \t\t\t\t      ORDER BY l.id DESC\n  \t\t\t\t      LIMIT 0,{$limit}) AS log ON (log.person_id=p.id)", $params);
    $txt .= '<form class="form-inline" action="">';
    $txt .= '<input type="hidden" name="q" value="churchcore/logviewer"/>';
    $txt .= '<input name="filter" class="input-medium" type="text" value="' . $val . '"></input> <input type="submit" class="btn" value="' . t("filter") . '"/></form>';
    $txt .= '<table class="table table-condensed table-bordered">';
    $txt .= "<tr><th>" . t("date") . "<th>#<th>Object<th>" . t("name") . "<th>Log";
    $counter = 0;
    foreach ($res as $arr) {
        $txt .= "<tr><td><nobr>{$arr->datum} &nbsp; </nobr><td>{$arr->level}<td>{$arr->domain_type}" . ($arr->domain_id != -1 ? "[{$arr->domain_id}]" : "");
        $txt .= "<td>";
        if (isset($arr->p_id)) {
            $txt .= "<nobr>{$arr->vorname} {$arr->name} [{$arr->p_id}]</nobr>";
        }
        $txt .= "<td><small style=\"color:grey\">{$arr->txt}</small>";
        $counter++;
    }
    $txt .= '</table>';
    if (!getVar("showmore") && $counter >= $limit) {
        $txt .= '<a href="?q=churchcore/logviewer&showmore=true" class="btn">' . t("show.more.rows") . '</a> &nbsp; ';
    }
    $txt .= '<anchor id="log2"><h2>' . t("last.accesses") . '</h2>';
    $txt .= "<table class=\"table table-condensed table-bordered\"><tr><th>" . t("name") . "<th>" . t("count.accesses") . "<th>" . t("last.accesses");
    $res = db_query("SELECT p.id pid, vorname, name, COUNT( l.id ) count, MAX( lastlogin ) maxdatum\n                   FROM {cdb_log} l, {cdb_person} p\n                   WHERE l.person_id=p.id\n                   GROUP BY pid, vorname, name\n                   ORDER BY max( lastlogin ) DESC ");
    foreach ($res as $arr) {
        $txt .= "<tr><td>{$arr->vorname} {$arr->name} [{$arr->pid}]<td>" . $arr->count . "<td>" . $arr->maxdatum . "<br/>";
    }
    $txt .= "</table><br/><br/>";
    $txt .= '<anchor id="log3"><h2>' . t("top.accesses") . '</h2>';
    $txt .= "<table class=\"table table-condensed table-bordered\"><tr><th>" . t("name") . "<th>" . t("count.accesses") . "<th>" . t("last.accesses");
    $res = db_query("SELECT p.id pid, vorname, name, COUNT( l.id ) count, MAX( lastlogin ) maxdatum\n                   FROM {cdb_log} l, {cdb_person} p\n                   WHERE l.person_id=p.id\n                   GROUP BY pid, vorname, name\n                   ORDER BY count(l.id) DESC ");
    foreach ($res as $arr) {
        $txt .= "<tr><td>{$arr->vorname} {$arr->name} [{$arr->pid}]<td>" . $arr->count . "<td>" . $arr->maxdatum . "<br/>";
    }
    $txt .= "</table><br/><br/>";
    $txt .= "</div></div>";
    $txt .= '
    <script>
      !function ($) {
        $(function(){
          // carousel demo
          $("#navlist").affix({offset: {top: 15}});
        })
      }(window.jQuery)
    </script>';
    return $txt;
}
Exemplo n.º 15
0
/**
 * TODO: put this into churchtools_main, no need for two functions
 *
 * Main entry point for churchtools.
 * This will be called from /index.php
 * Function loads i18n, configuration, check data security.
 * If everything is ok, it calls churchtools_processRequest()
 */
function churchtools_app()
{
    global $q, $q_orig, $currentModule, $add_header, $config, $mapping, $content, $base_url, $files_dir, $user, $embedded, $i18n;
    include_once CHURCHCORE . "/churchcore_db.php";
    $files_dir = DEFAULT_SITE;
    // which module is requested?
    $q = $q_orig = getVar("q", userLoggedIn() ? "home" : getConf("site_startpage", "home"));
    // $currentModule is needed for class autoloading and maybe other include paths
    list($currentModule) = explode('/', getVar("q"));
    // get first part of $q or churchcore
    $embedded = getVar("embedded", false);
    $base_url = getBaseUrl();
    $config = loadConfig();
    if ($config) {
        if (db_connect()) {
            // DBConfig overwrites the config files
            loadDBConfig();
            if (empty($config['site_name'])) {
                $config['site_name'] = 'ChurchTools';
            }
            //dont allow site_name to be empty
            date_default_timezone_set(getConf("timezone", "Europe/Berlin"));
            if (isset($_COOKIE["language"])) {
                $config["language"] = $_COOKIE["language"];
            }
            // Load i18n churchcore-bundle
            if (!isset($config["language"])) {
                if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
                    $config["language"] = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2);
                } else {
                    $config["language"] = DEFAULT_LANGUAGE;
                }
            }
            $i18n = new TextBundle(CHURCHCORE . "/resources/messages");
            $i18n->load("churchcore", $config["language"] != null ? $config["language"] : null);
            // Session Init
            if (!file_exists($files_dir . "/tmp")) {
                @mkdir($files_dir . "/tmp", 0775, true);
            }
            if (!file_exists($files_dir . "/tmp")) {
                // Admin should act accordingly, default suggestion is 0755.
                addErrorMessage(t("permission.denied.write.dir", $files_dir));
            } else {
                session_save_path($files_dir . "/tmp");
            }
            session_name("ChurchTools_" . $config["db_name"]);
            session_start();
            register_shutdown_function('handleShutdown');
            // Check for offline mode. If it's activated display message and return false;
            if (getConf("site_offline") == 1) {
                if (!isset($_SESSION["user"]) || !in_array($_SESSION["user"]->id, getConf("admin_ids"))) {
                    echo t("site.is.down");
                    return false;
                }
            }
            $embedded = getVar("embedded", false);
            $mapping = loadMapping();
            $success = true;
            // Check for DB-Updates and loginstr only if this is not an ajax call.
            if (strrpos($q, "ajax") === false) {
                $success = checkForDBUpdates();
            }
            // Log if debug ist activated
            if (isset($config["debug"])) {
                logParams();
            }
            if ($success) {
                // Is there a loginstr which does not fit to the current logged in user?
                if (getVar("loginstr") && getVar("id") && userLoggedIn() && $_SESSION["user"]->id != getVar("id")) {
                    logout_current_user();
                    session_start();
                } else {
                    loadUserObjectInSession();
                }
            }
            if ($success) {
                if (isset($_SESSION['user'])) {
                    $user = $_SESSION['user'];
                }
                // Accept data security?
                if (userLoggedIn() && !isset($_SESSION["simulate"]) && $q != "logout" && isset($config["accept_datasecurity"]) && $config["accept_datasecurity"] == 1 && !isset($user->acceptedsecurity)) {
                    $content .= pleaseAcceptDatasecurity();
                } else {
                    $content .= churchtools_processRequest($q);
                }
            }
        }
    }
    // TODO: i changed header/footer to a sort of template
    // probably some more logic could be removed from them by setting some more variables here
    // put header/footer into new file layout.php and add a variable $content
    $lang = getConf("language");
    $simulate = getVar("simulate", false, $_SESSION);
    $sitename = getConf("site_name");
    if (getConf("test")) {
        $sitename .= " TEST ";
    }
    $logo = ($logo = getConf("site_logo")) ? "{$files_dir}/files/logo/{$logo}" : '';
    include INCLUDES . "/header.php";
    echo $content;
    include INCLUDES . "/footer.php";
}
Exemplo n.º 16
0
// +----------------------------------------------------------------------
// | Demila [ Beautiful Digital Content Trading System ]
// +----------------------------------------------------------------------
// | Copyright (c) 2015 http://demila.org All rights reserved.
// +----------------------------------------------------------------------
// | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
// +----------------------------------------------------------------------
// | Email author@demila.org
// +----------------------------------------------------------------------
_setView(__FILE__);
_setTitle($langArray['edit']);
if (!isset($_GET['id']) || !is_numeric($_GET['id'])) {
    refresh('?m=' . $_GET['m'] . '&c=withdraws', 'INVALID ID', 'error');
}
$cms = new deposit();
$data = $cms->getWithdraw($_GET['id']);
abr('data', $data);
$usersClass = new users();
$user = $usersClass->get($data['user_id']);
abr('user', $user);
if (isset($_POST['edit'])) {
    $status = $cms->payoutWithdraw();
    if ($status !== true) {
        addErrorMessage($status, '', 'error');
    } else {
        refresh("?m=" . $_GET['m'] . "&c=withdraws", $langArray['complete_withdraw']);
    }
} else {
    $_POST = $data;
}
require_once ROOT_PATH . '/apps/lists/leftlist_admin.php';
Exemplo n.º 17
0
}
/* PW Lost */
if ($key = $_GET['pwlost']) {
    check_lost_password($key);
    // if script continues, then key was invalid
    addErrorMessage(t('This key is invalid, please use the password lost function again'));
}
/* Login */
if (isset($_POST['email'])) {
    $email = strtolower($_POST['email']);
    $password = $_POST['password'];
    if (!loginUser($email, $password)) {
        addErrorMessage(t('Wrong email address or password'));
    }
}
/* Password lost */
if (isset($_POST['lost_email'])) {
    $email = strtolower($_POST['lost_email']);
    $keeponpage = true;
    $res = c2r_lost_password($email);
    if ($res == 1) {
        addInfoMessage(t('We sent you a login link via email. Please check your email account.'));
    } else {
        addErrorMessage(t('Unknown email address. You can register a new account with this email address.'));
    }
}
if (!$keeponpage && $user) {
    header('Location: ' . OCP_BASE_URL);
    exit;
}
smarty_display(t('login'));
Exemplo n.º 18
0
    $s = $usersClass->login();
    if ($s === true) {
        if (isset($_SESSION['temp']['golink'])) {
            $web = $_SESSION['temp']['golink'];
            unset($_SESSION['temp']['golink']);
            refresh($web);
        }
        refresh('/' . $languageURL);
    } else {
        //            error_invalid_username_or_password
        //账号未激活
        if ($s == 'error_invalid_activation_no') {
            //通过用户名密码获取用户信息
            $username = $_POST['username'];
            $password = $_POST['password'];
            $user_info = $usersClass->getuserinfoByNamePwd($username, $password);
            $usersClass->res_send($user_info['user_id']);
            $res_data['show_status'] = 1;
            $res_mail = 'http://' . $usersClass->gotomail($user_info['email']);
            $_SESSION["THE_USER_RES_SEND_MAIL_4_M_MAIL"] = $res_mail;
            $_SESSION["THE_USER_RES_SEND_MAIL_4_M"] = $user_info['user_id'];
        } else {
            $res_data['user_info'] = array();
            $res_data['show_status'] = 0;
        }
        abr('res_data', $res_data);
        addErrorMessage($langArray[$s], '', 'error');
    }
}
#面包屑
abr('breadcrumb', '<a href="/' . $languageURL . '" title="">' . $langArray['home'] . '</a> \\ <a href="/' . $languageURL . 'users/login/" title="">' . $langArray['login'] . '</a>');
Exemplo n.º 19
0
	function parseInputs() {
		global $inputs, $results;

		//create the results array, with true as the default
		$results[0] = "true";

		//catch the posted inputs and store them in the inputs array
		foreach ($_POST as $field => $value) {
			$inputs[$field] = $value;
		}

		//perform misc functions to make sure the inputs won't do anything
		//malicious (such as trimming, stripping html tags, and preventing
		//sql injections)
		foreach ($inputs as $field => $value) {
			$inputs[$field] = trim($value);
			$inputs[$field] = htmlspecialchars($value);
			$inputs[$field] = strip_tags($value);
			$inputs[$field] = nl2br($value);
			$inputs[$field] = mysql_real_escape_string($value);
		}

		//make sure any inputs that are marked as required aren't empty, and 
		//that all fields conform to the proper data type, if one is indicated
		foreach ($inputs as $field => $value) {
			//reset these flags for each input
			$isRequired = false;
			$foundError = false;

			//make sure required fields aren't empty
			if (strrpos($field, '$R', 0) != false) {
				//this field is required
				$isRequired = true;

				if ($value == "") {
					//this field is required, but it's empty. log an error
					addErrorMessage("\"" . restoreFieldName($field) . "\" is a required field, you must enter a value");

					//set this so we don't check this field for data type
					$foundError = true;
				}
			}

			//we only care about the data type if the field has a value, and 
			//we haven't already found a problem with this input
			if (($value != "") && (!$foundError)) {
				//make sure the value is of the proper data type
				$dollar_position = strrpos($field, '$', 0);
				if ($dollar_position != false) {
					//there is a $ in the name of this field (position of it stored in $dollar_position)
					if ((substr($field, ($dollar_position + 1), 2) == "is") || (substr($field, ($dollar_position + 2), 2) == "is")) {
						//this field name has "is" either right after the $, or 1 char after the $ (allowing for the R)
						//this means that this field must conform to a specific data type
						$dataType = substr($field, (strpos($field, '$', 0) + 1), strlen($field));
						$dataType = substr($dataType, (strpos($dataType, "is", 0) + 2), strlen($dataType));
						$dataType = strToLower($dataType);

						if (!isCorrectDataType($value, $dataType)) {
							//the value does not conform to the data type. log an error
							addErrorMessage("\"" . restoreFieldName($field) . "\" must be of the " . $dataType . " data type");

							//and now empty this value in the array, so that if this gets sent back and 
							//preloaded into the form, the faulty value won't go with it
							$inputs[$field] = "";
						}
					}
				}
			}
		}

		//lastly, remove the $ and everything after it from the keys of the inputs array
		foreach ($inputs as $key => $value) {
			$oldKey = null;
			$newKey = null;

			//store the place of the dollar sign in the key (if any)
			$dollar_position = strpos($key, "$", 0);

			if ($dollar_position != false) {
				//there is a $ in the name of this field
				//store the current key
				$oldKey = $key;

				//the new key is the old key from the start up to the position of the dollar sign
				$newKey = substr($oldKey, 0, $dollar_position);

				//create a new entry in the array with the new key and the same value as the old one
				$inputs[$newKey] = $value;

				//and remove the old (with the $) entry in the array
				unset($GLOBALS["inputs"][$oldKey]);
			}
		}
	}
Exemplo n.º 20
0
#END;
/*
 * CACHE
 */
$cache = new cache();
$cache->cacheDir = CACHE;
global $cache;
/*
 * SESSION
 */
$session = new session();
/*
 * 读取$_SESSION中的flash信息
 */
if ($message = getRefreshMessage()) {
    addErrorMessage($message['title'], $message['text'], $message['type']);
}
/*
 * 设置默认分页变量
 * LIMIT = 10 
 */
if (!defined('LIMIT')) {
    define('LIMIT', 20, true);
}
if (isset($_GET['p']) && is_numeric($_GET['p']) && $_GET['p'] > 1) {
    define('PAGE', intval($_GET['p']));
    define('START', (PAGE - 1) * LIMIT);
} else {
    define('PAGE', 1);
    define('START', 0);
}
Exemplo n.º 21
0
/**
 * db backup into file $files_dir . "/db_backup"
 * @return boolean
 */
function dump_database()
{
    global $files_dir;
    $dir = $files_dir . "/db_backup";
    if (!file_exists($dir)) {
        mkdir($dir, 0700, true);
    }
    if (!is_writable($dir)) {
        addErrorMessage(t('permission.denied.write.dir', "<i>{$dir}</i>"));
    } else {
        if (!file_exists($dir . "/.htaccess")) {
            $handle = fopen($dir . "/.htaccess", 'w+');
            fwrite($handle, "Deny from all");
            fclose($handle);
        }
        $tables = array();
        $res = db_query('SHOW TABLES');
        foreach ($res as $row) {
            $table = "";
            foreach ($row as $key => $val) {
                $table = $val;
                break;
            }
            if (isCTDBTable($table)) {
                $tables[] = $table;
            }
        }
        $return = "";
        $dt = new DateTime();
        $filename = $dir . '/db-backup-' . $dt->format('YmdHi') . '-' . md5(implode(',', $tables)) . '.sql';
        $handle = fopen($filename, 'w+');
        foreach ($tables as $table) {
            $return .= 'DROP TABLE IF EXISTS ' . $table . ';';
            $row2 = db_query('SHOW CREATE TABLE ' . $table)->fetch();
            $row2 = (array) $row2;
            $return .= "\n" . $row2["Create Table"] . ";\n\n";
            $result = db_query('SELECT * FROM ' . $table);
            foreach ($result as $content) {
                $return .= 'INSERT INTO ' . $table . ' VALUES(';
                $arr = array();
                foreach ($content as $key => $val) {
                    if (!isset($val)) {
                        $val = "NULL";
                    } else {
                        $val = '"' . addslashes($val) . '"';
                    }
                    $arr[] = $val;
                }
                $return .= implode(",", $arr) . ");\n";
            }
            $return .= "\n\n\n";
            fwrite($handle, $return);
            $return = "";
        }
        // save file
        fclose($handle);
        $zip = new ZipArchive();
        if ($zip->open($dir . '/db-backup-' . $dt->format('YmdHi') . '.zip', ZIPARCHIVE::OVERWRITE) !== true) {
            return false;
        }
        $zip->addFile($filename);
        $zip->close();
        unlink($filename);
        // delete files older then 30 days
        if ($handle = opendir($dir)) {
            $now = new DateTime();
            while (false !== ($file = readdir($handle))) {
                if (preg_match('/\\.sql|zip$/i', $file)) {
                    $date = DateTime::createFromFormat('YmdHi', substr($file, 10, strpos($file, ".") - 10));
                    if ($date != null) {
                        $interval = $date->diff($now);
                        if ($interval->format('%a') > 30) {
                            unlink($dir . "/" . $file);
                        }
                    }
                }
            }
        }
    }
}
Exemplo n.º 22
0
$data["thumbnail"] = empty($data["thumbnail"]) ? "" : DATA_SERVER . '/uploads/items/' . $data['item_id'] . '/' . $data["thumbnail"];
$data["first_preview"] = empty($data["first_preview"]) ? "" : DATA_SERVER . '/uploads/items/' . $data['item_id'] . '/' . $data["first_preview"];
$data["main_file"] = empty($data["main_file"]) ? "" : DATA_SERVER . '/uploads/items/' . $data['item_id'] . '/' . $data["main_file"];
abr('data', $data);
$item = $cms->get($data['item_id']);
if (!is_array($item)) {
    refresh('?m=' . $_GET['m'] . '&c=queue_update', 'WRONG ID', 'error');
}
$item['user'] = $usersClass->get($item['user_id']);
$item["thumbnail"] = DATA_SERVER . '/uploads/items/' . $data['item_id'] . '/' . $item["thumbnail"];
$item["theme_preview"] = DATA_SERVER . '/uploads/items/' . $data['item_id'] . '/' . $item["theme_preview"];
$item["main_file"] = DATA_SERVER . '/uploads/items/' . $data['item_id'] . '/' . $item["main_file"];
abr('item', $item);
if (isset($_POST['submit'])) {
    if ($_POST['action'] == 'approve') {
        $s = $cms->approveUpdate($_GET['id']);
        if ($s === true) {
            refresh("?m=" . $_GET['m'] . "&c=queue_update&p=" . $_GET['p'], $langArray['complete_approve_item_update']);
        } else {
            addErrorMessage($s, '', 'error');
        }
    } elseif ($_POST['action'] == 'delete') {
        $s = $cms->unapproveDeleteUpdate($_GET['id']);
        if ($s === true) {
            refresh("?m=" . $_GET['m'] . "&c=queue_update&p=" . $_GET['p'], $langArray['complete_delete_item_update']);
        } else {
            addErrorMessage($s, '', 'error');
        }
    }
}
require_once ROOT_PATH . '/apps/lists/leftlist_admin.php';
Exemplo n.º 23
0
// +----------------------------------------------------------------------
// | Email author@demila.org
// +----------------------------------------------------------------------
_setView(__FILE__);
$orderID = 0;
if (isset($_SESSION['tmp']['order_id'])) {
    $orderID = (int) $_SESSION['tmp']['order_id'];
}
require_once ROOT_PATH . '/apps/items/models/orders.class.php';
$cms = new orders();
$order_info = $cms->get($orderID);
if ($order_info) {
    $payments = glob(dirname(dirname(dirname(__FILE__))) . '/payments/controllers/*.php');
    $payments_data = array();
    if ($payments) {
        $order_obj = array();
        $key = 'chinabank';
        require_once ROOT_PATH . '/apps/payments/models/' . $key . '.class.php';
        $order_obj[$key] = new $key();
        $payments_data[$key] = array('title' => '网银在线', 'description' => '网银在线订单支付', 'form' => $order_obj[$key]->generateForm($order_info), 'logo' => '');
        if ($payments_data) {
            abr('payments_data', $payments_data);
        } else {
            addErrorMessage($langArray['no_payment_methods'], '', 'error');
        }
    } else {
        addErrorMessage($langArray['no_payment_methods'], '', 'error');
    }
} else {
    addErrorMessage($langArray['order_is_expired'], '', 'error');
}
Exemplo n.º 24
0
/**
 *
 * @param array $u userdata
 * @param bool $rember_me
 * @return NULL
 */
function login_user($u, $rember_me = false, $redirect = true)
{
    global $q, $q_orig, $config;
    if (empty($u->id)) {
        addErrorMessage(t("login.error.no.id.specified"));
        return null;
    }
    $_SESSION["email"] = $u->email;
    if (!$u->cmsuserid) {
        $u->cmsuserid = "{$u->vorname} {$u->name} [" . $u->id . "]";
        db_query("UPDATE {cdb_person}\n              SET cmsuserid=:cmsuserid\n              WHERE id=:id", array(':cmsuserid' => $u->cmsuserid, ':id' => $u->id));
    }
    if ($u->loginstr) {
        db_query("UPDATE {cdb_person}\n              SET loginstr=NULL\n              WHERE id=:id", array(':id' => $u->id));
    }
    $u->auth = getUserAuthorization($u->id);
    $_SESSION["user"] = $u;
    // TODO: make time configurable
    // login is valid for 6 days
    $cookieExpireTime = time() + 60 * 60 * 24 * 6;
    setcookie("RememberMe", $rember_me, $cookieExpireTime);
    $_SESSION["sessionid"] = random_string();
    setcookie("CC_SessionId", $_SESSION["sessionid"], $cookieExpireTime);
    $dt = new DateTime();
    db_query("UPDATE {cdb_person} SET lastlogin=NOW(), loginerrorcount=0 WHERE id=:id", array(':id' => $u->id));
    // Get language form user setting, if not available set it from current cookie
    $lang = getUserSetting("churchcore", $u->id, "language");
    if (!$lang) {
        _churchcore_savePidUserSetting("churchcore", $u->id, "language", getConf("language"));
    } else {
        setcookie("language", $lang, time() + 60 * 60 * 24 * 30);
    }
    // 30 days
    db_query("DELETE FROM {cc_session} WHERE datediff(NOW(), datum)>7");
    db_query("INSERT INTO {cc_session} (person_id, session, hostname, datum)\n            VALUES (:id, :session, :host, :date)", array(':id' => $u->id, ':session' => $_SESSION["sessionid"], ':host' => $_SERVER["HTTP_HOST"], ':date' => $dt->format('Y-m-d H:i:s')));
    if ($u->email) {
        // look for family users with the same email
        $res = db_query("SELECT * FROM {cdb_person}\n                     WHERE email=:email AND archiv_yn=0", array(":email" => $u->email));
        $family = array();
        $count = 0;
        foreach ($res as $p) {
            if ($p->id != $u->id) {
                $family[$p->id] = $p;
            }
            $count++;
            if ($count > 15) {
                break;
            }
            //no family should have more then 15 users
        }
        if (count($family)) {
            $_SESSION["family"] = $family;
        }
    }
    ct_log("Login succeed: {$u->email} with " . getVar('HTTP_USER_AGENT', "Unkown Browser", $_SERVER), 2, -1, "login");
    if ($redirect) {
        // on switching family login dont forward to login again
        if ($q != $q_orig) {
            header("Location: " . $_SERVER["REQUEST_URI"]);
        } else {
            if ($q == "login") {
                header("Location: ?q=home");
            }
        }
    }
}
Exemplo n.º 25
0
function home__memberlist_printview()
{
    global $base_url, $files_dir, $config;
    // $content='<html><head><meta http-equiv="Content-Type" content="application/pdf; charset=utf-8" />';
    // drupal_add_css(BOOTSTRAP.'/css/bootstrap.min.css');
    // drupal_add_css(CHURCHDB.'/cdb_printview.css');
    // $content=$content.drupal_get_header();
    if (!user_access("view memberliste", "churchdb")) {
        addErrorMessage(t("no.permission.for", t("list.of.members")));
        return " ";
    }
    require_once ASSETS . '/fpdf17/fpdf.php';
    $compact = true;
    if (isset($_GET["compact"])) {
        $compact = $_GET["compact"];
    }
    // Instanciation of inherited class
    $pdf = new PDF('P', 'mm', 'A4');
    $pdf->AliasNbPages();
    $pdf->AddPage();
    $pdf->SetFont('Arial', '', 9);
    $res = home_getMemberList();
    $pdf->SetLineWidth(0.4);
    $pdf->SetDrawColor(200, 200, 200);
    $fields = _home__memberlist_getSettingFields()->fields;
    foreach ($res as $p) {
        $pdf->Line(8, $pdf->GetY() - 1, 204, $pdf->GetY() - 1);
        $pdf->Cell(10, 10, "", 0);
        if ($p->imageurl == null || !file_exists("{$files_dir}/fotos/{$p->imageurl}")) {
            $p->imageurl = "nobody.gif";
        }
        $pdf->Image("{$files_dir}/fotos/{$p->imageurl}", $pdf->GetX() - 10, $pdf->GetY() + 1, 9);
        $pdf->Cell(2);
        $pdf->Cell(13, 9, $p->anrede, 0, 0, 'L');
        $pdf->Cell(48, 9, utf8_decode("{$p->name}, {$p->vorname}"), 0, 0, 'L');
        $pdf->Cell(45, 9, utf8_decode("{$p->strasse}"), 0, 0, 'L');
        // TODO: second occurence of code part - whats this for?
        $birthday = "";
        if ($p->geburtsdatum != null) {
            if ($p->year < 7000) {
                $birthday = "{$p->day}.{$p->month}.";
            }
            if ($p->year != 1004 && $fields["memberlist_birthday_full"]->getValue()) {
                if ($p->year < 7000) {
                    $birthday = $birthday . $p->year;
                } else {
                    $birthday = $birthday . $p->year - 7000;
                }
            }
        }
        $pdf->Cell(20, 9, $birthday, 0, 0, 'L');
        if ($fields["memberlist_telefonprivat"]->getValue() && $p->telefonprivat != "") {
            $pdf->Cell(30, 9, $p->telefonprivat, 0, 0, 'L');
        } else {
            if ($fields["memberlist_telefongeschaeftlich"]->getValue() && $p->telefongeschaeftlich != "") {
                $pdf->Cell(30, 9, $p->telefongeschaeftlich, 0, 0, 'L');
            } else {
                if ($fields["memberlist_telefongeschaeftlich"]->getValue() && $p->fax != "") {
                    $pdf->Cell(30, 9, $p->fax . " (Fax)", 0, 0, 'L');
                } else {
                    $pdf->Cell(30, 9, "", 0, 0, 'L');
                }
            }
        }
        if ($fields["memberlist_telefonhandy"]->getValue() && $p->telefonhandy != "") {
            $pdf->Cell(30, 9, $p->telefonhandy, 0, 0, 'L');
        }
        // Zeilenumbruch
        $pdf->Ln(5);
        $pdf->Cell(73);
        $pdf->Cell(48, 10, "{$p->plz} " . utf8_decode($p->ort), 0, 0, 'L');
        $pdf->Cell(17);
        if ($fields["memberlist_email"]->getValue() && $p->email != "") {
            $pdf->SetFont('Arial', '', 8);
            $pdf->Cell(30, 9, $p->email);
            $pdf->SetFont('Arial', '', 9);
        }
        $pdf->Ln(12);
    }
    $pdf->Output(t("list.of.members") . '.pdf', 'I');
}
Exemplo n.º 26
0
function login_user($ret, $rember_me = false)
{
    global $q, $q_orig;
    if (!isset($ret->id)) {
        addErrorMessage("Keine Id vorhanden, Fehler beim Login!");
        return null;
    }
    $_SESSION["email"] = $ret->email;
    if ($ret->cmsuserid == "") {
        $ret->cmsuserid = $ret->vorname . " " . $ret->name . " [" . $ret->id . "]";
        db_query("update {cdb_person} set cmsuserid='" . $ret->cmsuserid . "' where id={$ret->id}");
    }
    if ($ret->loginstr != null) {
        db_query("update {cdb_person} set loginstr=null where id={$ret->id}");
    }
    $ret->auth = getUserAuthorization($ret->id);
    $_SESSION["user"] = $ret;
    // 6 Tage h�lt der Login
    $ablaufDesCookies = time() + 60 * 60 * 24 * 6;
    setcookie("RememberMe", $rember_me, $ablaufDesCookies);
    $_SESSION["sessionid"] = random_string();
    setcookie("CC_SessionId", $_SESSION["sessionid"], $ablaufDesCookies);
    $dt = new DateTime();
    db_query("update {cdb_person} set lastlogin=now(), loginerrorcount=0 where id=" . $ret->id);
    //  db_query("delete from {cc_session} where person_id=".$ret->id." AND hostname='".$_SERVER["HTTP_HOST"]."'");
    db_query("delete from {cc_session} where datediff(now(), datum)>7");
    db_query("insert into {cc_session} (person_id, session, hostname, datum) \n            values (" . $ret->id . ", '" . $_SESSION["sessionid"] . "', '" . $_SERVER["HTTP_HOST"] . "', '" . $dt->format('Y-m-d H:i:s') . "')");
    if ($ret->email != '') {
        // Suche Leute aus der Familie, die die gleiche EMail-Adresse haben.
        $res = db_query("select * from {cdb_person} where email=:email and archiv_yn=0", array(":email" => $ret->email));
        $family = null;
        $count = 0;
        foreach ($res as $p) {
            if ($p->id != $ret->id) {
                $family[$p->id] = $p;
            }
            $count++;
            if ($count > 15) {
                break;
            }
        }
        if ($family != null) {
            $_SESSION["family"] = $family;
        }
    }
    ct_log("Login succeed: " . $ret->email . " with " . (isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : "Unkown Browser!"), 2, -1, "login");
    // Wenn es Ummelden war, dann nicht weiterleiten, denn sonst w�re das ja wieder Login.
    if ($q != $q_orig) {
        header("Location: ?q={$q_orig}");
    } else {
        if ($q == "login") {
            header("Location: ?q=" . variable_get("site_startpage", "home"));
        }
    }
}
Exemplo n.º 27
0
$usersClass = new users();
$item['user'] = $usersClass->get($item['user_id']);
abr('item', $item);
#添加FAQ条目
if (check_login_bool() && $item['user_id'] == $_SESSION['user']['user_id'] && isset($_POST['add'])) {
    $faqClass = new faq();
    $s = $faqClass->add($itemID);
    if ($s === true) {
        refresh('/' . $languageURL . 'items/faq/' . $itemID . '/', $langArray['complete_add_faq'], 'complete');
    } else {
        $message = '<ul>';
        foreach ($s as $e) {
            $message .= '<li>' . $e . '</li>';
        }
        $message .= '</ul>';
        addErrorMessage($message, '', 'error');
    }
}
$faqClass = new faq();
if (check_login_bool() && $item['user_id'] == $_SESSION['user']['user_id'] && isset($_GET['del']) && is_numeric($_GET['del'])) {
    $faqClass->delete($_GET['del'], $itemID);
    refresh('/' . $languageURL . 'items/faq/' . $itemID . '/', $langArray['complete_delete_faq'], 'complete');
}
#加载FAQ
$faq = $faqClass->getAll($itemID);
abr('faq', $faq);
#标签标记作品
require_once ROOT_PATH . '/apps/items/controllers/bookmark.php';
#是否免费文件
if ($item['free_file'] == 'true') {
    abr('freeFileMessage', langMessageReplace($langArray['free_file_info'], array('URL' => '/' . $languageURL . 'users/downloads/' . $item['id'])));
Exemplo n.º 28
0
/**
 * do several things??? with groups and memberships
 * 
 * TODO: rename, maybe to groupMembership?
 * @return string; html form
 */
function subscribeGroup()
{
    global $user;
    include_once CHURCHDB . '/churchdb_db.php';
    $sql_gruppenteilnahme = "select g.bezeichnung, gpg.* from {cdb_gemeindeperson_gruppe} gpg, {cdb_gemeindeperson} gp, {cdb_gruppe} g \n                   where gpg.gemeindeperson_id=gp.id and gp.person_id=:person_id \n                   and gpg.gruppe_id=g.id and g.id=:g_id";
    if (isset($_GET["subscribegroup"]) && $_GET["subscribegroup"] > 0) {
        $res = db_query("select * from {cdb_gruppe} where id=:id and offen_yn=1", array(":id" => $_GET["subscribegroup"]))->fetch();
        if (!$res) {
            addErrorMessage(t("error.requesting.group.membership"));
        } else {
            include_once CHURCHDB . '/churchdb_ajax.php';
            $grp = db_query($sql_gruppenteilnahme, array(":person_id" => $user->id, ":g_id" => $_GET["subscribegroup"]))->fetch();
            if (!$grp) {
                churchdb_addPersonGroupRelation($user->id, $res->id, -2, null, null, null, t("request.by.form"));
            } else {
                _churchdb_editPersonGroupRelation($user->id, $res->id, -2, null, "null", t("request.quitting.by.form"));
            }
            addInfoMessage(t("membership.requested.by.form.leader.will.be.informed"), $res->bezeichnung);
        }
    }
    if (isset($_GET["unsubscribegroup"]) && $_GET["unsubscribegroup"] > 0) {
        $res = db_query($sql_gruppenteilnahme, array(":person_id" => $user->id, ":g_id" => $_GET["unsubscribegroup"]))->fetch();
        if (!$res) {
            addErrorMessage(t("error.quitting.membership"));
        } else {
            include_once CHURCHDB . '/churchdb_ajax.php';
            _churchdb_editPersonGroupRelation($user->id, $res->gruppe_id, -1, null, "null", t("request.quitting.by.form"));
            addInfoMessage(t("membership.marked.for.deleting", $res->bezeichnung));
        }
    }
    // get groups the user is member of or requested membership
    $res = db_query("select gpg.gruppe_id, status_no from {cdb_gemeindeperson_gruppe} gpg, {cdb_gemeindeperson} gp\n         where gpg.gemeindeperson_id=gp.id and gp.person_id={$user->id}");
    $mygroups = array();
    foreach ($res as $p) {
        $mygroups[$p->gruppe_id] = $p;
    }
    // get all open groups
    $res = db_query("select * from {cdb_gruppe} p where offen_yn=1 and \n                       ((abschlussdatum is null) or (DATE_ADD( abschlussdatum, INTERVAL 1  DAY ) > NOW( )))");
    $txt = "";
    $txt_subscribe = "";
    $txt_unsubscribe = "";
    foreach ($res as $g) {
        // groups i am not member of
        if (!isset($mygroups[$g->id]) || $mygroups[$g->id]->status_no == -1) {
            if ($g->max_teilnehmer == null || churchdb_countMembersInGroup($g->id) < $g->max_teilnehmer) {
                $txt_subscribe .= "<option value=\"" . $g->id . "\">" . $g->bezeichnung;
                if ($g->max_teilnehmer != null) {
                    $txt_subscribe .= " (max. {$g->max_teilnehmer})";
                }
            }
        } else {
            if ($mygroups[$g->id]->status_no <= 0) {
                $txt_unsubscribe .= '<option value="' . $g->id . '">' . $g->bezeichnung;
                if ($mygroups[$g->id]->status_no == -2) {
                    $txt_unsubscribe .= "  [beantragt]";
                }
            }
        }
    }
    if ($txt_subscribe || $txt_unsubscribe) {
        $txt = '<form method="GET" action="?q=home">';
        if ($txt_subscribe) {
            $txt .= '<p>' . t("apply.for.group.membership") . ':<p><select name="subscribegroup"><option>' . $txt_subscribe . '</select>';
        }
        if ($txt_unsubscribe) {
            $txt .= '<p>' . t("quit.group.membership") . ':<p><select name="unsubscribegroup"><option>' . $txt_unsubscribe . '</select>';
        }
        $txt .= '<P><button class="btn" type="submit" name="btn">' . t("send") . '</button>';
        $txt .= '</form>';
    }
    return $txt;
}
Exemplo n.º 29
0
/**
 * view log
 * 
 * TODO: maybe the html should be in a sort of template? 
 */
function churchcore__logviewer()
{
    if (!user_access("view logfile", "churchcore")) {
        addErrorMessage(t("no.permission.for", "LogViewer"));
        return " ";
    }
    $txt = '<div class="row-fluid">';
    $txt .= '<div class="span3 bs-docs-sidebar">';
    $txt .= '<ul id="navlist" class="nav nav-list bs-docs-sidenav affix-top">';
    $txt .= '<li><a href="#log1">' . t("important.logs") . '</a>';
    $txt .= '<li><a href="#log2">' . t("last.accesses") . '</a>';
    $txt .= '<li><a href="#log3">' . t("top.accesses") . '</a>';
    $txt .= '</div>';
    $txt .= '<div class="span9">';
    $limit = 200;
    if (isset($_GET["showmore"])) {
        $limit = 1000;
    }
    $filter = "txt like 'Sende Mail%' or txt like 'Gruppe:%' or level<3";
    $val = "";
    if (isset($_GET["filter"]) && $_GET["filter"] != "") {
        $filter = "txt like '%" . $_GET["filter"] . "%'";
        $val = $_GET["filter"];
    }
    $txt .= '<anchor id="log1"/><h2>' . t("logviewer") . '</h2>';
    $res = db_query("select p.id p_id, p.vorname, p.name, log.datum, log.level, log.domain_type, log.domain_id, log.txt  from {cdb_person} p\n                 RIGHT JOIN  \n                   (select person_id, datum, level, domain_type, domain_id, txt \n                      from {cdb_log} l where\n\t\t\t\t\t\t{$filter}\n\t\t\t\t\t\torder by l.id desc \n\t\t\t\t\t\tlimit 0,{$limit}) as log on (log.person_id=p.id)");
    $txt .= '<form class="form-inline" action="">';
    $txt .= '<input type="hidden" name="q" value="churchcore/logviewer"/>';
    $txt .= '<input name="filter" class="input-medium" type="text" value="' . $val . '"></input> <input type="submit" class="btn" value="' . t("filter") . '"/></form>';
    $txt .= '<table class="table table-condensed table-bordered">';
    $txt .= "<tr><th>" . t("date") . "<th>#<th>Object<th>" . t("name") . "<th>Log";
    $counter = 0;
    foreach ($res as $arr) {
        $txt .= "<tr><td><nobr>{$arr->datum} &nbsp; </nobr><td>{$arr->level}<td>{$arr->domain_type}" . ($arr->domain_id != -1 ? "[{$arr->domain_id}]" : "");
        $txt .= "<td>";
        if (isset($arr->p_id)) {
            $txt .= "<nobr>{$arr->vorname} {$arr->name} [{$arr->p_id}]</nobr>";
        }
        $logtxtencoded = htmlspecialchars($arr->txt);
        $txt .= "<td><small style=\"color:grey\">{$logtxtencoded}</small>";
        $counter++;
    }
    $txt .= '</table>';
    if (!isset($_GET["showmore"]) && $counter >= $limit) {
        $txt .= '<a href="?q=churchcore/logviewer&showmore=true" class="btn">' . t("show.more.rows") . '</a> &nbsp; ';
    }
    $txt .= '<anchor id="log2"><h2>' . t("last.accesses") . '</h2>';
    $txt .= "<table class=\"table table-condensed table-bordered\"><tr><th>" . t("name") . "<th>" . t("count.accesses") . "<th>" . t("last.accesses");
    $res = db_query("SELECT p.id pid, vorname, name, count( l.id ) count, max( lastlogin ) maxdatum\n       FROM {cdb_log} l, {cdb_person} p where l.person_id=p.id GROUP BY pid, vorname, name ORDER BY max( lastlogin ) DESC ");
    foreach ($res as $arr) {
        $txt .= "<tr><td>{$arr->vorname} {$arr->name} [{$arr->pid}]<td>" . $arr->count . "<td>" . $arr->maxdatum . "<br/>";
    }
    $txt .= "</table><br/><br/>";
    $txt .= '<anchor id="log3"><h2>' . t("top.accesses") . '</h2>';
    $txt .= "<table class=\"table table-condensed table-bordered\"><tr><th>" . t("name") . "<th>" . t("count.accesses") . "<th>" . t("last.accesses");
    $res = db_query("SELECT p.id pid, vorname, name, count( l.id ) count, max( lastlogin ) maxdatum\n       FROM {cdb_log} l, {cdb_person} p where l.person_id=p.id GROUP BY pid, vorname, name ORDER BY count(l.id) DESC ");
    foreach ($res as $arr) {
        $txt .= "<tr><td>{$arr->vorname} {$arr->name} [{$arr->pid}]<td>" . $arr->count . "<td>" . $arr->maxdatum . "<br/>";
    }
    $txt .= "</table><br/><br/>";
    $txt .= "</div></div>";
    $txt .= '  
    <script>
      !function ($) {
        $(function(){
          // carousel demo
          $("#navlist").affix({offset: {top: 15}});
        })
      }(window.jQuery)
    </script>';
    return $txt;
}
Exemplo n.º 30
0
/**
 * save admin settings and reload config
 *
 * TODO: feature: automatically downsize logo file
 *
 * @param CTForm $form
 */
function admin_saveSettings($form)
{
    $modules = churchcore_getModulesSorted(false, true);
    $modules[] = "churchadmin";
    foreach ($modules as $module) {
        foreach ($form->fields as $key => $value) {
            if (function_exists($module . "_validateAdminForm")) {
                $res = call_user_func($module . "_validateAdminForm", $key, $value->getValue());
                if ($res !== true) {
                    $form->fields[$key]->setError($res);
                    addErrorMessage(t("error.occured") . ": " . $res);
                    return;
                }
            }
        }
    }
    foreach ($form->fields as $key => $value) {
        db_query("INSERT INTO {cc_config} (name, value)\n              VALUES (:name,:value)\n              ON DUPLICATE KEY UPDATE value=:value", array(":name" => $key, ":value" => $value));
    }
    // TODO: test if max_uploadfile_size_kb is bigger then allowed in php.ini
    loadDBConfig();
}