/**
* Method to catch the onAfterInitialise event.
*
* @return boolean True on success
*
*/
public function onAfterInitialise()
{
$input = JFactory::getApplication()->input;
$task = $input->get('task', $input->get('typeaheadtask', '', 'cmd'), 'cmd');
// in frontend SEF
if ($task != "gwejson") {
return true;
}
$file = $input->get('file', '', 'cmd');
// Library file MUST start with "gwejson_" for security reasons to stop other files being included maliciously
if ($file == "") {
return true;
}
if (strpos($file, "gwejson_") !== 0) {
$file = "gwejson_" . $file;
}
$path = $input->get('path', 'site', 'cmd');
$paths = array("site" => JPATH_SITE, "admin" => JPATH_ADMINISTRATOR, "plugin" => JPATH_SITE . "/plugins", "module" => JPATH_SITE . "/modules");
if (!in_array($path, array_keys($paths))) {
return true;
}
$folder = $input->get('folder', '', 'string');
if ($path == "plugin") {
$plugin = $input->get('plugin', '', 'string');
if ($folder == "" || $plugin == "") {
return true;
}
$path = $paths[$path] . "/{$folder}/{$plugin}/";
} else {
if ($path == "module") {
if ($folder == "") {
return true;
}
$path = $paths[$path] . "/{$folder}/";
} else {
$extension = $input->get('option', $input->get('ttoption', '', 'cmd'), 'cmd');
if ($extension == "") {
return true;
}
if ($folder == "") {
$path = $paths[$path] . "/components/{$extension}/libraries/";
} else {
$path = $paths[$path] . "/components/{$extension}/{$folder}/";
}
}
}
jimport('joomla.filesystem.file');
if (!JFile::exists($path . $file . ".php")) {
return true;
}
include_once $path . $file . ".php";
if (!function_exists("gwejson_skiptoken") || !gwejson_skiptoken()) {
$token = JSession::getFormToken();
if ($token != $input->get('token', '', 'string')) {
PlgSystemGwejson::throwerror("There was an error - bad token. Please refresh the page and try again.");
}
}
// we don't want any modules etc.
//$input->set('tmpl', 'component');
$input->set('format', 'json');
ini_set("display_errors", 0);
// When setting typeahead in the post it overrides the GET value which the prepare function doesn't replace for some reason :(
if ($input->get('typeahead', '', 'string') != "" || $input->get('prefetch', 0, 'int')) {
try {
$requestObject = new stdClass();
$requestObject->typeahead = $input->get('typeahead', '', 'string');
$data = null;
$data = ProcessJsonRequest($requestObject, $data);
} catch (Exception $e) {
//PlgSystemGwejson::throwerror("There was an exception ".$e->getMessage()." ".var_export($e->getTrace()));
PlgSystemGwejson::throwerror("There was an exception " . $e->getMessage());
}
} else {
if ($input->get('json', '', 'raw')) {
// Create JSON data structure
$data = new stdClass();
$data->error = 0;
$data->result = "ERROR";
$data->user = "";
$requestData = $input->get('json', '', 'raw');
if (isset($requestData)) {
try {
if (ini_get("magic_quotes_gpc")) {
$requestData = stripslashes($requestData);
}
$requestObject = json_decode($requestData, 0);
if (!$requestObject) {
$requestObject = json_decode(utf8_encode($requestData), 0);
}
} catch (Exception $e) {
PlgSystemGwejson::throwerror("There was an exception");
}
if (!$requestObject) {
//file_put_contents(dirname(__FILE__) . "/cache/error.txt", var_export($requestData, true));
PlgSystemGwejson::throwerror("There was an error - no request object ");
} else {
if ($requestObject->error) {
PlgSystemGwejson::throwerror("There was an error - Request object error " . $requestObject->error);
} else {
try {
$data = ProcessJsonRequest($requestObject, $data);
} catch (Exception $e) {
//PlgSystemGwejson::throwerror("There was an exception ".$e->getMessage()." ".var_export($e->getTrace()));
PlgSystemGwejson::throwerror("There was an exception " . $e->getMessage());
}
}
}
} else {
PlgSystemGwejson::throwerror("Invalid Input");
}
} else {
PlgSystemGwejson::throwerror("There was an error - no request data");
}
}
header("Content-Type: application/javascript; charset=utf-8");
if (is_object($data)) {
if (defined('_SC_START')) {
list($usec, $sec) = explode(" ", microtime());
$time_end = (double) $usec + (double) $sec;
$data->timing = round($time_end - _SC_START, 4);
} else {
$data->timing = 0;
}
}
// Must suppress any error messages
@ob_end_clean();
echo json_encode($data);
exit;
}
function simulateSaveRepeat($requestObject)
{
include_once JPATH_SITE . "/components/com_jevents/jevents.defines.php";
if (!JEVHelper::isEventCreator()) {
PlgSystemGwejson::throwerror(JText::_('ALERTNOTAUTH'));
}
// Convert formdata to array
$formdata = array();
foreach (get_object_vars($requestObject->formdata) as $k => $v) {
$k = str_replace("[]", "", $k);
$formdata[$k] = $v;
}
//$array = JRequest::_cleanVar($formdata, JREQUEST_ALLOWHTML);
$safeHtmlFilter = JFilterInput::getInstance(null, null, 1, 1);
$array = $safeHtmlFilter->clean($formdata, null);
if (!array_key_exists("rp_id", $array) || intval($array["rp_id"]) <= 0) {
PlgSystemGwejson::throwerror(JText::_("Not a repeat", true));
}
$rp_id = intval($array["rp_id"]);
$dataModel = new JEventsDataModel("JEventsAdminDBModel");
$queryModel = new JEventsDBModel($dataModel);
// I should be able to do this in one operation but that can come later
$event = $queryModel->listEventsById(intval($rp_id), 1, "icaldb");
if (!JEVHelper::canEditEvent($event)) {
PlgSystemGwejson::throwerror(JText::_('ALERTNOTAUTH'));
}
$db = JFactory::getDBO();
$rpt = new iCalRepetition($db);
$rpt->load($rp_id);
$query = "SELECT detail_id FROM #__jevents_vevent WHERE ev_id={$rpt->eventid}";
$db->setQuery($query);
$eventdetailid = $db->loadResult();
$data["UID"] = valueIfExists($array, "uid", md5(uniqid(rand(), true)));
$data["X-EXTRAINFO"] = valueIfExists($array, "extra_info", "");
$data["LOCATION"] = valueIfExists($array, "location", "");
$data["allDayEvent"] = valueIfExists($array, "allDayEvent", "off");
$data["CONTACT"] = valueIfExists($array, "contact_info", "");
// allow raw HTML (mask =2)
$data["DESCRIPTION"] = valueIfExists($array, "jevcontent", "", 'request', 'html', 2);
$data["publish_down"] = valueIfExists($array, "publish_down", "2006-12-12");
$data["publish_up"] = valueIfExists($array, "publish_up", "2006-12-12");
if (isset($array["publish_down2"]) && $array["publish_down2"]) {
$data["publish_down"] = $array["publish_down2"];
}
if (isset($array["publish_up2"]) && $array["publish_up2"]) {
$data["publish_up"] = $array["publish_up2"];
}
$interval = valueIfExists($array, "rinterval", 1);
$data["SUMMARY"] = valueIfExists($array, "title", "");
$data["MULTIDAY"] = intval(valueIfExists($array, "multiday", "1"));
$data["NOENDTIME"] = intval(valueIfExists($array, "noendtime", 0));
$ics_id = valueIfExists($array, "ics_id", 0);
if ($data["allDayEvent"] == "on") {
$start_time = "00:00";
} else {
$start_time = valueIfExists($array, "start_time", "08:00");
}
$publishstart = $data["publish_up"] . ' ' . $start_time . ':00';
$data["DTSTART"] = JevDate::strtotime($publishstart);
if ($data["allDayEvent"] == "on") {
$end_time = "23:59";
$publishend = $data["publish_down"] . ' ' . $end_time . ':59';
} else {
$end_time = valueIfExists($array, "end_time", "15:00");
$publishend = $data["publish_down"] . ' ' . $end_time . ':00';
}
$data["DTEND"] = JevDate::strtotime($publishend);
// iCal for whole day uses 00:00:00 on the next day JEvents uses 23:59:59 on the same day
list($h, $m, $s) = explode(":", $end_time . ':00');
if ($h + $m + $s == 0 && $data["allDayEvent"] == "on" && $data["DTEND"] > $data["DTSTART"]) {
$publishend = JevDate::strftime('%Y-%m-%d 23:59:59', $data["DTEND"] - 86400);
$data["DTEND"] = JevDate::strtotime($publishend);
}
$data["X-COLOR"] = valueIfExists($array, "color", "");
// Add any custom fields into $data array
foreach ($array as $key => $value) {
if (strpos($key, "custom_") === 0) {
$data[$key] = $value;
}
}
// populate rpt with data
$start = $data["DTSTART"];
$end = $data["DTEND"];
$rpt->startrepeat = JevDate::strftime('%Y-%m-%d %H:%M:%S', $start);
$rpt->endrepeat = JevDate::strftime('%Y-%m-%d %H:%M:%S', $end);
$rpt->duplicatecheck = md5($rpt->eventid . $start);
$rpt->rp_id = $rp_id;
$rpt->event = $event;
return $rpt;
}
/**
* @copyright Copyright (C) 2015-2015 GWE Systems Ltd. All rights reserved.
* @license By negoriation with author via http://www.gwesystems.com
*/
function ProcessJsonRequest(&$requestObject, $returnData)
{
$returnData->titles = array();
$returnData->exactmatch = false;
ini_set("display_errors", 0);
include_once JPATH_SITE . "/components/com_jevents/jevents.defines.php";
$token = JSession::getFormToken();
if (isset($requestObject->token) && $requestObject->token != $token || JFactory::getApplication()->input->get('token', '', 'string') != $token) {
PlgSystemGwejson::throwerror("There was an error - bad token. Please refresh the page and try again.");
}
$user = JFactory::getUser();
if ($user->id == 0) {
PlgSystemGwejson::throwerror("There was an error");
}
// If user is jevents can deleteall or has backend access then allow them to specify the creator
$jevuser = JEVHelper::getAuthorisedUser();
$user = JFactory::getUser();
//$access = JAccess::check($user->id, "core.deleteall", "com_jevents");
$access = $user->authorise('core.admin', 'com_jevents') || $user->authorise('core.deleteall', 'com_jevents');
$db = JFactory::getDBO();
if (!($jevuser && $jevuser->candeleteall) && !$access) {
PlgSystemGwejson::throwerror("There was an error - no access");
}
if ($requestObject->error) {
return "Error";
}
if (isset($requestObject->typeahead) && trim($requestObject->typeahead) !== "") {
$returnData->result = "title is " . $requestObject->typeahead;
} else {
PlgSystemGwejson::throwerror("There was an error - no valid argument");
}
$db = JFactory::getDBO();
$title = JFilterInput::getInstance()->clean($requestObject->typeahead, "string");
$text = $db->Quote('%' . $db->escape($title, true) . '%', false);
// Remove any dodgy characters from fields
// Only allow a to z , 0 to 9, ', " space (\\040), hyphen (\\-), underscore (\\_)
/*
$regex = '/[^a-zA-Z0-9_\'\"\'\\40\\-\\_]/';
$title = preg_replace($regex, "", $title);
$title = JString::substr($title." ",0,4);
*/
if (trim($title) == "" && trim($title) == "") {
PlgSystemGwejson::throwerror("There was an error - no valid argument");
}
$params = JComponentHelper::getParams(JEV_COM_COMPONENT);
$authorisedonly = $params->get("authorisedonly", 0);
// if authorised only then load from database
if ($authorisedonly) {
$sql = "SELECT ju.* FROM #__jev_users AS tl ";
$sql .= " LEFT JOIN #__users as ju ON tl.user_id=ju.id ";
$sql .= " WHERE tl.cancreate=1 and ju.username LIKE ({$text}) OR ju.name LIKE ({$text}) ";
$sql .= " ORDER BY ju.name ASC";
$sql .= " LIMIT 500";
$db->setQuery($sql);
$matches = $db->loadObjectList();
} else {
$rules = JAccess::getAssetRules("com_jevents", true);
$creatorgroups = $rules->getData();
// need to merge the arrays because of stupid way Joomla checks super user permissions
//$creatorgroups = array_merge($creatorgroups["core.admin"]->getData(), $creatorgroups["core.create"]->getData());
// use union orf arrays sincee getData no longer has string keys in the resultant array
//$creatorgroups = $creatorgroups["core.admin"]->getData()+ $creatorgroups["core.create"]->getData();
// use union orf arrays sincee getData no longer has string keys in the resultant array
$creatorgroupsdata = $creatorgroups["core.admin"]->getData();
// take the higher permission setting
foreach ($creatorgroups["core.create"]->getData() as $creatorgroup => $permission) {
if ($permission) {
$creatorgroupsdata[$creatorgroup] = $permission;
}
}
$userids = array(0);
foreach ($creatorgroupsdata as $creatorgroup => $permission) {
if ($permission == 1) {
$userids = array_merge(JAccess::getUsersByGroup($creatorgroup, true), $userids);
}
}
$sql = "SELECT * FROM #__users " . "where id IN (" . implode(",", array_values($userids)) . ") and username LIKE ({$text}) OR name LIKE ({$text}) and block=0 " . "ORDER BY name asc LIMIT 500";
$db->setQuery($sql);
$matches = $db->loadObjectList();
}
if (count($matches) == 0) {
$returnData = array();
} else {
$returnData = array();
foreach ($matches as $match) {
$result = new stdClass();
$result->title = $match->name . " (" . $match->username . ")";
$result->creator_id = $match->id;
$returnData[] = $result;
}
}
return $returnData;
}
