<?php require_once 'nucommon.php'; if (isset($_GET['p'])) { $values = array($_GET['p']); $sql = "SELECT zzzsys_php_id, slp_php FROM zzzsys_php WHERE slp_code = ? AND slp_nonsecure = '1' "; $rs = nuRunQuery($sql, $values); $num = db_num_rows($rs); if ($num == 1) { $r = db_fetch_object($rs); $r->slp_php = nuGetSafePHP('slp_php', $r->zzzsys_php_id, $r->slp_php); $e = nuReplaceHashes($r->slp_php, $_GET); eval($e); } else { echo "Request is not allowed"; } } else { echo "Request format is invalid"; }
<?php require_once 'nucommon.php'; $jsonID = $_GET['i']; $t = nuRunQuery("SELECT deb_message AS json FROM zzzsys_debug WHERE zzzsys_debug_id = ? ", array($jsonID)); $r = db_fetch_object($t); $JSON = json_decode($r->json); $DATA = $JSON->slp_php; $ID = $JSON->zzzsys_php_id; $DATA = nuGetSafePHP('slp_php', $ID, $DATA); $TABLE_ID = nuTT(); $hashData = nuBuildHashData($JSON, $TABLE_ID); $php = nuReplaceHashes($DATA, $hashData); eval($php); //-- run php code nuRunQuery("DELETE FROM zzzsys_debug WHERE zzzsys_debug_id = ? ", array($jsonID));
<?php require_once 'nucommon.php'; $response = array(); $response['DATA'] = ''; $response['SUCCESS'] = false; $response['ERRORS'] = array(); $GLOBALS['ERRORS'] = array(); $hashData = nuHashData(); $code = $_GET['c']; $sql = "SELECT * FROM zzzsys_php WHERE slp_code = ?"; $t = nuRunQuery($sql, array($code)); $r = db_fetch_object($t); if (nuPHPAccess($r->zzzsys_php_id)) { $r->slp_php = nuGetSafePHP('slp_php', $r->zzzsys_php_id, $r->slp_php); $e = nuReplaceHashes($r->slp_php, $hashData); eval($e); $response['DATA'] = $nuParameters; if ($nuError != '') { $response['ERRORS'][] = $nuError; } } else { $response['ERRORS'][] = "Access denied to PHP - ({$r->slp_code})"; } print json_encode($response);
function nuEmail($pPDForPHP, $pEmailTo, $pSubject, $pMessage, $hashData) { //-- Emails a PDF,PHP generated file or plain email (Requires hashdata of form to generate file from) if ($hashData == '') { $hashData = nuHashData(); } $session = $hashData['session_id']; $sql = "SELECT * FROM zzzsys_session INNER JOIN zzzsys_user ON sss_zzzsys_user_id = zzzsys_user_id WHERE zzzsys_session_id = '{$session}'"; $t = nuRunQuery($sql); $r = db_fetch_object($t); if ($r != null) { $fromname = $r->sus_name; $fromaddress = $r->sus_email; } else { $setup = $GLOBALS['nuSetup']; //-- Read SMTP AUTH Settings from zzsys_setup table $fromname = trim($setup->set_smtp_from_name); $fromaddress = trim($setup->set_smtp_from_address); } $filelist = array(); if ($hashData['nu_pdf_code'] != '') { nuV('code', $pPDForPHP); nuV('call_type', 'printpdf'); nuV('filename', $hashData['nu_email_file_name']); $hashData['parent_record_id'] = $hashData['nu_pdf_code']; $tmp_nu_file = nuPDForPHPParameters($hashData); $finfo = finfo_open(FILEINFO_MIME_TYPE); //-- check to see if the file being sent is a PDF file if (finfo_file($finfo, $tmp_nu_file) != 'application/pdf') { nuDisplayError(file_get_contents($tmp_nu_file, true)); finfo_close($finfo); return; } } else { if ($hashData['nu_php_code'] != '') { //-- Run PHP Code $s = "SELECT zzzsys_php_id, slp_php FROM zzzsys_php WHERE slp_code = '{$pPDForPHP}'"; $t = nuRunQuery($s); $r = db_fetch_object($t); $r->slp_php = nuGetSafePHP('slp_php', $r->zzzsys_php_id, $r->slp_php); $php = nuReplaceHashes($r->slp_php, $hashData); eval($php); return; } } if ($hashData['nu_pdf_code'] != '') { //-- File to attach, send with file $filelist[$hashData['nu_email_file_name']] = $tmp_nu_file; } /* if(!nuEmailValidateAddress($pEmailTo)) { //-- check to see if to field email is valid nuDisplayError("To Email validation failed"); return; } */ return nuSendEmail($pEmailTo, $fromaddress, $fromname, $pMessage, $pSubject, $filelist); }
function nuReplaceLabelHashVariables($LAY, $hashData) { for ($i = 0; $i < count($GLOBALS['nu_report']); $i++) { for ($o = 0; $o < count($GLOBALS['nu_report'][$i]->objects); $o++) { $O = nuGetObjectProperties($LAY, $GLOBALS['nu_report'][$i]->objects[$o]->id); if ($O->objectType == 'label') { for ($l = 0; $l < count($GLOBALS['nu_report'][$i]->objects[$o]->lines); $l++) { $GLOBALS['nu_report'][$i]->objects[$o]->lines[$l] = nuReplaceHashes($GLOBALS['nu_report'][$i]->objects[$o]->lines[$l], $hashData); } } } } }
function nuButtonTitle($name, $show, $title, $sql, $hash = array()) { if ($show != '1') { return ''; } if ($sql == '') { if ($title != '') { //-- 28/01/2014 - 2:55PM - Added code to return title if one existed - Ken return $title; } else { return $name; } } $sql = nuReplaceHashes($sql, $hash); $t = nuRunQuery($sql); if (nuErrorFound()) { return; } $r = db_fetch_row($t); if ($r[0] != '1') { return ''; } if ($title != '') { //-- 28/01/2014 - 2:55PM - Added code to return title if one existed - Ken return $title; } else { return $name; } }