Exemplo n.º 1
0
 /**
  * Encode array and set Parameter field
  */
 public function setParams($input, $field = 'params')
 {
     if (!empty($field) && $input != 'null') {
         if (get_magic_quotes_gpc()) {
             $store = jsonDBTable::multistripslashes($input);
         } else {
             $store = $input;
         }
         $this->{$field} = xJ::escape($this->_db, jsoonHandler::encode($store));
     } else {
         $this->{$field} = null;
     }
     return true;
 }
Exemplo n.º 2
0
 public function setCMSparams($array)
 {
     $db = JFactory::getDBO();
     $params = explode("\n", $this->cmsUser->params);
     $oldarray = array();
     foreach ($params as $chunk) {
         $k = explode('=', $chunk, 2);
         if (!empty($k[0])) {
             // Strip slashes, but preserve special characters
             $oldarray[$k[0]] = stripslashes(str_replace(array('\\n', '\\t', '\\r'), array("\n", "\t", "\r"), $k[1]));
         }
         unset($k);
     }
     foreach ($array as $n => $v) {
         $oldarray[$n] = $v;
     }
     $params = array();
     foreach ($array as $key => $value) {
         if (!is_null($key)) {
             if (is_array($value)) {
                 $temp = implode(';', $value);
                 $value = $temp;
             }
             if (get_magic_quotes_gpc()) {
                 $value = stripslashes($value);
             }
             $value = xJ::escape($db, $value);
             $params[] = $key . '=' . $value;
         }
     }
     $this->cmsUser->params = implode("\n", $params);
     $this->cmsUser->check();
     return $this->cmsUser->store();
 }
Exemplo n.º 3
0
 /**
  * Encode array to newline separated string
  * @return string
  */
 static function encode($array)
 {
     $db = JFactory::getDBO();
     $params = array();
     foreach ($array as $key => $value) {
         if (!is_null($key)) {
             if (is_array($value)) {
                 $temp = implode(';', $value);
                 $value = $temp;
             }
             if (get_magic_quotes_gpc()) {
                 $value = stripslashes($value);
             }
             $value = xJ::escape($db, $value);
             $params[] = $key . '=' . $value;
         }
     }
     return implode("\n", $params);
 }
Exemplo n.º 4
0
 public function save()
 {
     $user = JFactory::getUser();
     global $aecConfig;
     $general_settings = AECToolbox::cleanPOST($_POST, false);
     if (!empty($general_settings['apiapplist'])) {
         $list = explode("\n", $general_settings['apiapplist']);
         $array = array();
         foreach ($list as $item) {
             $li = explode("=", $item, 2);
             $k = $li[0];
             if (!empty($k)) {
                 if (!empty($li[1])) {
                     $v = $li[1];
                 } else {
                     $v = AECToolbox::randomstring(32, true, true);
                 }
                 $array[$k] = $v;
             }
         }
         $general_settings['apiapplist'] = $array;
     } else {
         $general_settings['apiapplist'] = array();
     }
     $diff = $aecConfig->diffParams($general_settings, 'settings');
     if (is_array($diff)) {
         $newdiff = array();
         foreach ($diff as $value => $change) {
             $newdiff[] = $value . '(' . implode(' -> ', $change) . ')';
         }
         $difference = implode(',', $newdiff);
     } else {
         $difference = 'none';
     }
     if (defined('JPATH_MANIFESTS')) {
         if ($aecConfig->cfg['manageraccess'] !== $general_settings['manageraccess']) {
             if ($general_settings['manageraccess']) {
                 $set = '{"core.admin":{"7":1},"core.manage":{"6":1},"core.create":[],"core.delete":[],"core.edit":[],"core.edit.state":[]}';
             } else {
                 $set = '{}';
             }
             $query = 'UPDATE #__assets' . ' SET `rules` = \'' . xJ::escape($this->db, $set) . '\'' . ' WHERE `name` = \'com_acctexp\'';
             $this->db->setQuery($query);
             $this->db->query();
         }
     }
     $aecConfig->cfg = $general_settings;
     $aecConfig->saveSettings();
     $ip = AECToolbox::aecIP();
     $short = JText::_('AEC_LOG_SH_SETT_SAVED');
     $event = JText::_('AEC_LOG_LO_SETT_SAVED') . ' ' . $difference;
     $tags = 'settings,system';
     $params = array('userid' => $user->id, 'ip' => $ip['ip'], 'isp' => $ip['isp']);
     $eventlog = new eventLog();
     $eventlog->issue($short, $tags, $event, 2, $params);
     if (!empty($aecConfig->cfg['entry_plan'])) {
         $plan = new SubscriptionPlan();
         $plan->load($aecConfig->cfg['entry_plan']);
         $terms = $plan->getTerms();
         if (!$terms->checkFree()) {
             $short = "Settings Warning";
             $event = "You have selected a non-free plan as Entry Plan." . " Please keep in mind that this means that users" . " will be getting it for free when they log in" . " without having any membership";
             $tags = 'settings,system';
             $params = array('userid' => $user->id, 'ip' => $ip['ip'], 'isp' => $ip['isp']);
             $eventlog = new eventLog();
             $eventlog->issue($short, $tags, $event, 32, $params);
         }
     }
     $this->setMessage(JText::_('AEC_CONFIG_SAVED'));
 }
Exemplo n.º 5
0
 public function loadUser()
 {
     $users = array();
     if (is_object($this->request->user)) {
         $db = JFactory::getDBO();
         if (isset($this->request->user->username)) {
             $query = 'SELECT `id`' . ' FROM #__users' . ' WHERE LOWER( `username` ) LIKE \'%' . xJ::escape($db, strtolower($this->request->user->username)) . '%\'';
             $db->setQuery($query);
             $users = xJ::getDBArray($db);
         }
         if (empty($users) && isset($this->request->user->name)) {
             $query = 'SELECT `id`' . ' FROM #__users' . ' WHERE LOWER( `name` ) LIKE \'%' . xJ::escape($db, strtolower($this->request->user->name)) . '%\'';
             $db->setQuery($query);
             $users = xJ::getDBArray($db);
         }
         if (empty($users) && isset($this->request->user->email)) {
             $query = 'SELECT `id`' . ' FROM #__users' . ' WHERE LOWER( `email` ) = \'' . xJ::escape($db, $this->request->user->email) . '\'';
             $db->setQuery($query);
             $users = xJ::getDBArray($db);
         }
         if (empty($users) && isset($this->request->user->userid)) {
             $query = 'SELECT `id`' . '  FROM #__users' . ' WHERE `id` = \'' . xJ::escape($db, $this->request->user->userid) . '\'';
             $db->setQuery($query);
             $users = xJ::getDBArray($db);
         }
         if (empty($users) && isset($this->request->user->invoice_number)) {
             $query = 'SELECT `userid`' . 'FROM #__acctexp_invoices' . ' WHERE LOWER( `invoice_number` ) = \'' . xJ::escape($db, $this->request->user->invoice_number) . '\'' . ' OR LOWER( `secondary_ident` ) = \'' . xJ::escape($db, $this->request->user->invoice_number) . '\'';
             $db->setQuery($query);
             $users = xJ::getDBArray($db);
         }
     } else {
         $users = AECToolbox::searchUser($this->request->user);
     }
     if (!count($users)) {
         $this->error = 'user not found';
     } elseif (count($users) > 1) {
         $this->error = 'multiple users found';
     } else {
         if (!empty($this->metaUser->userid)) {
             if ($this->metaUser->userid != $users[0]) {
                 $this->metaUser = new metaUser($users[0]);
             }
         } else {
             $this->metaUser = new metaUser($users[0]);
         }
     }
 }
 static function getActiveListbyList($milist)
 {
     if (empty($milist)) {
         return array();
     }
     $db = JFactory::getDBO();
     $milist = array_unique($milist);
     $query = 'SELECT `id`' . ' FROM #__acctexp_microintegrations' . ' WHERE `id` IN (' . xJ::escape($db, implode(',', $milist)) . ')' . ' AND `active` = \'1\'' . ' ORDER BY `ordering` ASC';
     $db->setQuery($query);
     return xJ::getDBArray($db);
 }
Exemplo n.º 7
0
 public function deformatInvoiceNumber()
 {
     global $aecConfig;
     $query = 'SELECT invoice_number' . ' FROM #__acctexp_invoices' . ' WHERE id = \'' . xJ::escape($this->_db, $this->id) . '\'' . ' OR secondary_ident = \'' . xJ::escape($this->_db, $this->invoice_number) . '\'';
     $this->_db->setQuery($query);
     $this->invoice_number = $this->_db->loadResult();
 }
 static function getPlanUserlist($planid)
 {
     $db = JFactory::getDBO();
     $db->setQuery('SELECT `userid`' . ' FROM #__acctexp_subscr' . ' WHERE `plan` = \'' . xJ::escape($db, $planid) . '\' AND ( `status` = \'Active\' OR `status` = \'Trial\' )');
     return xJ::getDBArray($db);
 }
Exemplo n.º 9
0
Arquivo: j15.php Projeto: Ibrahim1/aec
 public function putSession($userid, $data, $gid = null, $gid_name = null)
 {
     $db = JFactory::getDBO();
     $sdata = $this->joomserializesession(array($this->sessionkey => $data));
     if (isset($data['user'])) {
         if (empty($gid)) {
             $query = 'UPDATE #__session' . ' SET `data` = \'' . xJ::escape($db, $sdata) . '\'' . ' WHERE `userid` = \'' . (int) $userid . '\'';
         } else {
             $query = 'UPDATE #__session' . ' SET `gid` = \'' . (int) $gid . '\', `usertype` = \'' . $gid_name . '\', `data` = \'' . xJ::escape($db, $sdata) . '\'' . ' WHERE `userid` = \'' . (int) $userid . '\'';
         }
     }
     $db->setQuery($query);
     return $db->query() or die($db->stderr());
 }
Exemplo n.º 10
0
 public function putSession($userid, $data, $gid = null, $gid_name = null)
 {
     $db = JFactory::getDBO();
     $sdata = $this->joomserializesession(array($this->sessionkey => $data));
     if (defined('JPATH_MANIFESTS')) {
         $query = 'UPDATE #__session' . ' SET `data` = \'' . xJ::escape($db, $sdata) . '\'' . ' WHERE `userid` = \'' . (int) $userid . '\'';
     }
     $db->setQuery($query);
     $db->query() or die($db->stderr());
 }
Exemplo n.º 11
0
 public function loadName($name)
 {
     $query = 'SELECT `id`' . ' FROM #__acctexp_config_processors' . ' WHERE `name` = \'' . xJ::escape($this->_db, $name) . '\'';
     $this->_db->setQuery($query);
     $id = $this->_db->loadResult();
     if ($id) {
         return $this->load($this->_db->loadResult());
     } else {
         return false;
     }
 }
Exemplo n.º 12
0
function aecEscape($value, $safe_params)
{
    if (is_array($value)) {
        $array = array();
        foreach ($value as $k => $v) {
            $array[$k] = aecEscape($v, $safe_params);
        }
        return $array;
    }
    $regex = "#{aecjson}(.*?){/aecjson}#s";
    // find all instances of json code
    $matches = array();
    preg_match_all($regex, $value, $matches, PREG_SET_ORDER);
    if (count($matches)) {
        $value = str_replace($matches, array(''), $value);
    }
    if (get_magic_quotes_gpc()) {
        $return = stripslashes($value);
    } else {
        $return = $value;
    }
    if (in_array('clear_nonemail', $safe_params)) {
        if (strpos($value, '@') === false) {
            if (!in_array('clear_nonalnum', $safe_params)) {
                // This is not a valid email adress to begin with, so strip everything hazardous
                $safe_params[] = 'clear_nonalnum';
            }
        } else {
            $array = explode('@', $return, 2);
            $username = preg_replace('/[^a-z0-9._+-]+/i', '', $array[0]);
            $domain = preg_replace('/[^a-z0-9.-]+/i', '', $array[1]);
            $return = $username . '@' . $domain;
        }
    }
    if (in_array('clear_nonalnumwhitespace', $safe_params)) {
        $return = preg_replace("/[^a-z0-9\\s@._+-]/i", '', $return);
    }
    if (in_array('clear_nonalnum', $safe_params)) {
        $return = preg_replace("/[^a-z0-9@._+-]/i", '', $return);
    }
    if (in_array('clear_nonslug', $safe_params)) {
        $return = preg_replace("/[^a-z0-9_-]/i", '', $return);
    }
    if (!empty($safe_params)) {
        foreach ($safe_params as $param) {
            $r = $return;
            switch ($param) {
                case 'word':
                    $e = strpos($return, ' ');
                    if ($e !== false) {
                        $r = substr($return, 0, $e);
                    }
                    break;
                case 'badchars':
                    $r = preg_replace("#[<>\"'%;()&]#i", '', $return);
                    break;
                case 'int':
                    $r = (int) $return;
                    break;
                case 'bool':
                    $r = (bool) $return;
                    break;
                case 'string':
                    $r = (string) $return;
                    break;
                case 'float':
                    $r = (double) $return;
                    break;
            }
            $return = $r;
        }
    }
    $db = JFactory::getDBO();
    return xJ::escape($db, $return);
}