/** * Encode array and set Parameter field */ public function setParams($input, $field = 'params') { if (!empty($field) && $input != 'null') { if (get_magic_quotes_gpc()) { $store = jsonDBTable::multistripslashes($input); } else { $store = $input; } $this->{$field} = xJ::escape($this->_db, jsoonHandler::encode($store)); } else { $this->{$field} = null; } return true; }
public function setCMSparams($array) { $db = JFactory::getDBO(); $params = explode("\n", $this->cmsUser->params); $oldarray = array(); foreach ($params as $chunk) { $k = explode('=', $chunk, 2); if (!empty($k[0])) { // Strip slashes, but preserve special characters $oldarray[$k[0]] = stripslashes(str_replace(array('\\n', '\\t', '\\r'), array("\n", "\t", "\r"), $k[1])); } unset($k); } foreach ($array as $n => $v) { $oldarray[$n] = $v; } $params = array(); foreach ($array as $key => $value) { if (!is_null($key)) { if (is_array($value)) { $temp = implode(';', $value); $value = $temp; } if (get_magic_quotes_gpc()) { $value = stripslashes($value); } $value = xJ::escape($db, $value); $params[] = $key . '=' . $value; } } $this->cmsUser->params = implode("\n", $params); $this->cmsUser->check(); return $this->cmsUser->store(); }
/** * Encode array to newline separated string * @return string */ static function encode($array) { $db = JFactory::getDBO(); $params = array(); foreach ($array as $key => $value) { if (!is_null($key)) { if (is_array($value)) { $temp = implode(';', $value); $value = $temp; } if (get_magic_quotes_gpc()) { $value = stripslashes($value); } $value = xJ::escape($db, $value); $params[] = $key . '=' . $value; } } return implode("\n", $params); }
public function save() { $user = JFactory::getUser(); global $aecConfig; $general_settings = AECToolbox::cleanPOST($_POST, false); if (!empty($general_settings['apiapplist'])) { $list = explode("\n", $general_settings['apiapplist']); $array = array(); foreach ($list as $item) { $li = explode("=", $item, 2); $k = $li[0]; if (!empty($k)) { if (!empty($li[1])) { $v = $li[1]; } else { $v = AECToolbox::randomstring(32, true, true); } $array[$k] = $v; } } $general_settings['apiapplist'] = $array; } else { $general_settings['apiapplist'] = array(); } $diff = $aecConfig->diffParams($general_settings, 'settings'); if (is_array($diff)) { $newdiff = array(); foreach ($diff as $value => $change) { $newdiff[] = $value . '(' . implode(' -> ', $change) . ')'; } $difference = implode(',', $newdiff); } else { $difference = 'none'; } if (defined('JPATH_MANIFESTS')) { if ($aecConfig->cfg['manageraccess'] !== $general_settings['manageraccess']) { if ($general_settings['manageraccess']) { $set = '{"core.admin":{"7":1},"core.manage":{"6":1},"core.create":[],"core.delete":[],"core.edit":[],"core.edit.state":[]}'; } else { $set = '{}'; } $query = 'UPDATE #__assets' . ' SET `rules` = \'' . xJ::escape($this->db, $set) . '\'' . ' WHERE `name` = \'com_acctexp\''; $this->db->setQuery($query); $this->db->query(); } } $aecConfig->cfg = $general_settings; $aecConfig->saveSettings(); $ip = AECToolbox::aecIP(); $short = JText::_('AEC_LOG_SH_SETT_SAVED'); $event = JText::_('AEC_LOG_LO_SETT_SAVED') . ' ' . $difference; $tags = 'settings,system'; $params = array('userid' => $user->id, 'ip' => $ip['ip'], 'isp' => $ip['isp']); $eventlog = new eventLog(); $eventlog->issue($short, $tags, $event, 2, $params); if (!empty($aecConfig->cfg['entry_plan'])) { $plan = new SubscriptionPlan(); $plan->load($aecConfig->cfg['entry_plan']); $terms = $plan->getTerms(); if (!$terms->checkFree()) { $short = "Settings Warning"; $event = "You have selected a non-free plan as Entry Plan." . " Please keep in mind that this means that users" . " will be getting it for free when they log in" . " without having any membership"; $tags = 'settings,system'; $params = array('userid' => $user->id, 'ip' => $ip['ip'], 'isp' => $ip['isp']); $eventlog = new eventLog(); $eventlog->issue($short, $tags, $event, 32, $params); } } $this->setMessage(JText::_('AEC_CONFIG_SAVED')); }
public function loadUser() { $users = array(); if (is_object($this->request->user)) { $db = JFactory::getDBO(); if (isset($this->request->user->username)) { $query = 'SELECT `id`' . ' FROM #__users' . ' WHERE LOWER( `username` ) LIKE \'%' . xJ::escape($db, strtolower($this->request->user->username)) . '%\''; $db->setQuery($query); $users = xJ::getDBArray($db); } if (empty($users) && isset($this->request->user->name)) { $query = 'SELECT `id`' . ' FROM #__users' . ' WHERE LOWER( `name` ) LIKE \'%' . xJ::escape($db, strtolower($this->request->user->name)) . '%\''; $db->setQuery($query); $users = xJ::getDBArray($db); } if (empty($users) && isset($this->request->user->email)) { $query = 'SELECT `id`' . ' FROM #__users' . ' WHERE LOWER( `email` ) = \'' . xJ::escape($db, $this->request->user->email) . '\''; $db->setQuery($query); $users = xJ::getDBArray($db); } if (empty($users) && isset($this->request->user->userid)) { $query = 'SELECT `id`' . ' FROM #__users' . ' WHERE `id` = \'' . xJ::escape($db, $this->request->user->userid) . '\''; $db->setQuery($query); $users = xJ::getDBArray($db); } if (empty($users) && isset($this->request->user->invoice_number)) { $query = 'SELECT `userid`' . 'FROM #__acctexp_invoices' . ' WHERE LOWER( `invoice_number` ) = \'' . xJ::escape($db, $this->request->user->invoice_number) . '\'' . ' OR LOWER( `secondary_ident` ) = \'' . xJ::escape($db, $this->request->user->invoice_number) . '\''; $db->setQuery($query); $users = xJ::getDBArray($db); } } else { $users = AECToolbox::searchUser($this->request->user); } if (!count($users)) { $this->error = 'user not found'; } elseif (count($users) > 1) { $this->error = 'multiple users found'; } else { if (!empty($this->metaUser->userid)) { if ($this->metaUser->userid != $users[0]) { $this->metaUser = new metaUser($users[0]); } } else { $this->metaUser = new metaUser($users[0]); } } }
static function getActiveListbyList($milist) { if (empty($milist)) { return array(); } $db = JFactory::getDBO(); $milist = array_unique($milist); $query = 'SELECT `id`' . ' FROM #__acctexp_microintegrations' . ' WHERE `id` IN (' . xJ::escape($db, implode(',', $milist)) . ')' . ' AND `active` = \'1\'' . ' ORDER BY `ordering` ASC'; $db->setQuery($query); return xJ::getDBArray($db); }
public function deformatInvoiceNumber() { global $aecConfig; $query = 'SELECT invoice_number' . ' FROM #__acctexp_invoices' . ' WHERE id = \'' . xJ::escape($this->_db, $this->id) . '\'' . ' OR secondary_ident = \'' . xJ::escape($this->_db, $this->invoice_number) . '\''; $this->_db->setQuery($query); $this->invoice_number = $this->_db->loadResult(); }
static function getPlanUserlist($planid) { $db = JFactory::getDBO(); $db->setQuery('SELECT `userid`' . ' FROM #__acctexp_subscr' . ' WHERE `plan` = \'' . xJ::escape($db, $planid) . '\' AND ( `status` = \'Active\' OR `status` = \'Trial\' )'); return xJ::getDBArray($db); }
public function putSession($userid, $data, $gid = null, $gid_name = null) { $db = JFactory::getDBO(); $sdata = $this->joomserializesession(array($this->sessionkey => $data)); if (isset($data['user'])) { if (empty($gid)) { $query = 'UPDATE #__session' . ' SET `data` = \'' . xJ::escape($db, $sdata) . '\'' . ' WHERE `userid` = \'' . (int) $userid . '\''; } else { $query = 'UPDATE #__session' . ' SET `gid` = \'' . (int) $gid . '\', `usertype` = \'' . $gid_name . '\', `data` = \'' . xJ::escape($db, $sdata) . '\'' . ' WHERE `userid` = \'' . (int) $userid . '\''; } } $db->setQuery($query); return $db->query() or die($db->stderr()); }
public function putSession($userid, $data, $gid = null, $gid_name = null) { $db = JFactory::getDBO(); $sdata = $this->joomserializesession(array($this->sessionkey => $data)); if (defined('JPATH_MANIFESTS')) { $query = 'UPDATE #__session' . ' SET `data` = \'' . xJ::escape($db, $sdata) . '\'' . ' WHERE `userid` = \'' . (int) $userid . '\''; } $db->setQuery($query); $db->query() or die($db->stderr()); }
public function loadName($name) { $query = 'SELECT `id`' . ' FROM #__acctexp_config_processors' . ' WHERE `name` = \'' . xJ::escape($this->_db, $name) . '\''; $this->_db->setQuery($query); $id = $this->_db->loadResult(); if ($id) { return $this->load($this->_db->loadResult()); } else { return false; } }
function aecEscape($value, $safe_params) { if (is_array($value)) { $array = array(); foreach ($value as $k => $v) { $array[$k] = aecEscape($v, $safe_params); } return $array; } $regex = "#{aecjson}(.*?){/aecjson}#s"; // find all instances of json code $matches = array(); preg_match_all($regex, $value, $matches, PREG_SET_ORDER); if (count($matches)) { $value = str_replace($matches, array(''), $value); } if (get_magic_quotes_gpc()) { $return = stripslashes($value); } else { $return = $value; } if (in_array('clear_nonemail', $safe_params)) { if (strpos($value, '@') === false) { if (!in_array('clear_nonalnum', $safe_params)) { // This is not a valid email adress to begin with, so strip everything hazardous $safe_params[] = 'clear_nonalnum'; } } else { $array = explode('@', $return, 2); $username = preg_replace('/[^a-z0-9._+-]+/i', '', $array[0]); $domain = preg_replace('/[^a-z0-9.-]+/i', '', $array[1]); $return = $username . '@' . $domain; } } if (in_array('clear_nonalnumwhitespace', $safe_params)) { $return = preg_replace("/[^a-z0-9\\s@._+-]/i", '', $return); } if (in_array('clear_nonalnum', $safe_params)) { $return = preg_replace("/[^a-z0-9@._+-]/i", '', $return); } if (in_array('clear_nonslug', $safe_params)) { $return = preg_replace("/[^a-z0-9_-]/i", '', $return); } if (!empty($safe_params)) { foreach ($safe_params as $param) { $r = $return; switch ($param) { case 'word': $e = strpos($return, ' '); if ($e !== false) { $r = substr($return, 0, $e); } break; case 'badchars': $r = preg_replace("#[<>\"'%;()&]#i", '', $return); break; case 'int': $r = (int) $return; break; case 'bool': $r = (bool) $return; break; case 'string': $r = (string) $return; break; case 'float': $r = (double) $return; break; } $return = $r; } } $db = JFactory::getDBO(); return xJ::escape($db, $return); }