Exemplo n.º 1
0
 /**
  * Create a Columnator Object.
  * @param array $props This is the properties that the Columnator will use to display.
  * <pre>
  * $props = array ( 'attribs'          => 'array ( 'style' => 'display:none ), // Optional,
  *                                        // Attributes that will be stamped on the div that is generated
  *                                        // if not supplied will be empty array.
  *                                        // Need to supply if the primary key is not simple column name
  *                  'suffix'           => 'V', // Optional, suffix for the action variable for Columnator
  *                                        // useful when there is a numbner on the screen
  *                                        // if not supplied one will be generated based on the number of
  *                                        // Columnator that are generated
  *                  'request_vars'     => 'CEMID', // Optional, regexpression or individual name of any request
  *                                        //  vars that are to be copied to the response vars (chained vars)
  *                  'init_column'      => 'fldDate', // Optional, Initial Coloumn to be sorted
  *                  'init_order'       => 'DESC', // Optional, initial direction
  *                );
  * </pre>
  */
 public function __construct($props = [])
 {
     parent::__construct();
     $this->attribs = isset($props['attribs']) ? $props['attribs'] : [];
     $suffix = isset($props['suffix']) ? $props['suffix'] : Invocation::next();
     $this->navVar = self::navVar($suffix);
     $initPattern = isset($props['request_vars']) ? $props['request_vars'] : '';
     $this->respVars = new Response($initPattern);
     $initialVars = self::$columnation;
     $initialVars[self::SORT_COL] = isset($props['init_column']) ? $props['init_column'] : '';
     $initialVars[self::SORT_ORDER] = isset($props['init_order']) ? $props['init_order'] : '';
     // ensyre that they have been set
     $requestColumnVars = Request::get($this->navVar, []);
     foreach ($initialVars as $key => $val) {
         $this->set($key, isset($requestColumnVars[$key]) ? $requestColumnVars[$key] : $val);
     }
     // Get the current settings
     $this->sortColumn = $this->formVars[self::SORT_COL];
     $this->sortOrder = $this->formVars[self::SORT_ORDER];
     if (!isset($this->sortOrder) || $this->sortOrder == false || !in_array($this->sortOrder, ['ASC', 'DESC'])) {
         $this->sortOrder = 'ASC';
     }
     $this->styles[self::COL_LINK_CLASS] = 'jb-collink';
     $this->styles[self::COL_BUTTON_CLASS] = 'jb-colbutton';
 }
Exemplo n.º 2
0
    public static function display($menuClasses = null)
    {
        $id = 'MenuUtils_display' . Invocation::next();
        $jsLibraries = JS::libraryWithDependancies(JS::JQUERY_UI);
        $activeMenu = Request::get(self::ACTIVE_MENU, 0);
        $js = <<<JS
            \$().ready ( function () {
                \$( '#{$id}' ).show()
                           .accordion({
                    collapsible: true,
                    active: {$activeMenu}
                });
            });
JS;
        $html = '';
        $html .= Tag::div(['id' => $id, 'style' => 'font-size: 0.8em; width:250px; text-align:left; display:none;']);
        foreach (self::getMenuItems($menuClasses) as $header => $menuList) {
            $html .= Tag::hTag('h3') . Tag::hRef('#', $header) . Tag::_hTag('h3') . Tag::div() . Tag::ul();
            foreach ($menuList as $row) {
                $html .= Tag::li();
                if (isset($row['slug'])) {
                    $html .= Tag::hRef(Cfg::siteUrl() . '/menu.php?S=' . $row['slug'], $row['name'], $row['attribs']);
                } else {
                    $html .= Tag::hRef($row['url'], $row['name'], $row['attribs']);
                }
                $html .= Tag::_li();
            }
            $html .= Tag::_ul() . Tag::_div();
        }
        $html .= Tag::_div();
        return $jsLibraries . JS::javaScript($js) . $html;
    }
Exemplo n.º 3
0
 public function xls($tName = '')
 {
     if (($tableName = Request::get('tblName', $tName)) == '') {
         exit;
     }
     XLS::output(DB::query(DB::DEF, 'SELECT * FROM ' . $tableName), $tableName);
 }
Exemplo n.º 4
0
 public function resetSave()
 {
     if (($confirm = Request::get('fldConfirm')) == '' || $confirm != 'RESET CONFIG') {
         return Widget::popupWrapper('Invalid response, Reset cancelled', -1, 'Action Cancelled') . $this->index();
     } else {
         DB::exec(DB::DEF, 'DELETE FROM tblConfig');
         return Widget::popupWrapper('All configuration data has been erased', -1, 'Reset Complete') . $this->index();
     }
 }
Exemplo n.º 5
0
 public static function check()
 {
     // If we do not have jackbooted database then have no CSRFGuard
     if (!Cfg::get('jb_db', false)) {
         return true;
     }
     // If the variable is not there then assume all good
     if (($csrfKey = Request::get(CSRFGuard::KEY)) == '') {
         return true;
     }
     return self::valid($csrfKey);
 }
Exemplo n.º 6
0
 private static function checkPriviliages($action)
 {
     if (!Cfg::get('check_priviliages', false)) {
         return $action;
     }
     if (($loginAction = Privileges::access($action)) === false) {
         return false;
     }
     if (is_string($loginAction) && isset($_SERVER["REQUEST_URI"])) {
         Request::set(self::SAVE_URL, $_SERVER["REQUEST_URI"]);
         $action = $loginAction;
     }
     return $action;
 }
Exemplo n.º 7
0
 public static function check()
 {
     if (($val = Request::get(self::KEY)) == '') {
         return self::NOGUARD;
     } else {
         $values = explode(self::DELIM, $val);
         if (count($values) != 6) {
             return 'Incorrect TimeGuard format';
         } else {
             if ($values[0] != G::get('fldUser', 'GUEST')) {
                 return 'The user has changed in the submission of this url';
             } else {
                 if ($values[1] != $_SERVER['HTTP_HOST']) {
                     return 'Host server has been compromised';
                 } else {
                     if ($values[2] != $_SERVER['HTTP_USER_AGENT']) {
                         return 'Browser has been compromised';
                     } else {
                         if ($values[3] != session_id()) {
                             return 'PHP Session ID has been compromised';
                         } else {
                             if (strpos($_SERVER['SCRIPT_NAME'], $values[4]) === false) {
                                 return 'URL has been reused for target file name';
                             } else {
                                 $diff = time() - $values[5];
                                 if ($diff < 0 || $diff > self::EXPIRY) {
                                     return 'URL has expired';
                                 } else {
                                     return true;
                                 }
                             }
                         }
                     }
                 }
             }
         }
     }
 }
Exemplo n.º 8
0
    protected function zoom()
    {
        $siteUrl = Cfg::siteUrl();
        $html = '';
        $html .= JS::library(JS::JQUERY);
        // Get the current Pin
        $url = Request::get('url');
        $jQuery = <<<JS
    var currentXPos = 0;
    var currentYPos = 0;
    var IE = document.all?true:false
    if (!IE) document.captureEvents(Event.MOUSEMOVE);
    document.onmousemove = getMouseXY;
    function getMouseXY(e) {
        if (IE) { // grab the x-y pos.s if browser is IE
            currentXPos = event.clientX + document.body.scrollLeft;
            currentYPos = event.clientY + document.body.scrollTop;
        } else {  // grab the x-y pos.s if browser is NS
            currentXPos = e.pageX;
            currentYPos = e.pageY;
        }
        if (currentXPos < 0) currentXPos = 0;
        if (currentYPos < 0) currentYPos = 0;
        return true;
    }
    function movePinToCursor () {
       var offs = \$('#baseImage').offset();
       \$('#PinTop').attr ( 'value', '' + parseInt ( currentYPos - offs.top ) );
       \$('#PinLeft').attr ( 'value', '' + parseInt ( currentXPos - offs.left ) );
    }
JS;
        $html .= JS::javaScript($jQuery);
        $html .= Tag::img($siteUrl . $url, ['title' => 'Click on this image to move the Pin', 'id' => 'baseImage', 'onClick' => 'movePinToCursor();', 'name' => 'voodoo_image']);
        $html .= '<br>X' . Tag::text('PinLeft', '', ['size' => 4, 'id' => 'PinLeft']);
        $html .= '<br>Y' . Tag::text('PinTop', '', ['size' => 4, 'id' => 'PinTop']);
        return $html;
    }
Exemplo n.º 9
0
    public static function access($action = null)
    {
        if (!Cfg::get('check_priviliages')) {
            return true;
        }
        if ($action == null) {
            $action = Request::get(WebPage::ACTION);
        }
        if (isset(self::$cache[$action])) {
            return self::$cache[$action];
        }
        if (($priviliagesIDs = self::getPriviliageIDs($action)) === false) {
            self::$log->warn('No priviliages found for action: ' . $action);
            return self::$cache[$action] = true;
        }
        $uid = G::get('fldUserID', '0');
        $groupIDs = self::getGroupIDs($uid);
        $params = [];
        $privIdIn = DB::in($priviliagesIDs, $params);
        $params[] = $uid;
        $params[] = (int) G::get('fldLevel', 7);
        $groupIn = DB::in($groupIDs, $params);
        $now = time();
        $sql = <<<SQL
            SELECT count(*) FROM tblSecPrivUserMap
            WHERE fldPrivilegeID IN ( {$privIdIn} )
            AND   ( fldStartDate=0 OR fldStartDate < {$now} )
            AND   ( fldEndDate=0   OR fldEndDate > {$now} )
            AND   ( ( fldUserID  IS NOT NULL AND fldUserID<>''  AND fldUserID=? )  OR
                    ( fldLevelID IS NOT NULL AND fldLevelID<>'' AND fldLevelID>=? )  OR
                      fldGroupID IN ( {$groupIn} ) )
SQL;
        if (DB::oneValue(DB::DEF, $sql, $params) > 0) {
            return self::$cache[$action] = true;
        }
        return self::canLogin($priviliagesIDs);
    }
Exemplo n.º 10
0
 public static function img()
 {
     header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
     header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
     header('Cache-Control: no-store, no-cache, must-revalidate');
     header('Cache-Control: post-check=0, pre-check=0', false);
     header('Pragma: no-cache');
     header('Content-type: image/jpeg');
     $captchaValue = Request::get('_CP1');
     $hatch = Request::get('_CP4');
     $fontAngle = 0.0;
     //$fontFile  = dirname ( __FILE__ ) . '/fonts/luggerbu.ttf';
     //$fontFile  = dirname ( __FILE__ ) . '/fonts/Alanden_.ttf';
     $fontFile = dirname(__FILE__) . '/fonts/WAVY.TTF';
     $fontSize = 16.0;
     $box = imagettfbbox($fontSize, $fontAngle, $fontFile, $captchaValue);
     $min_x = min([$box[0], $box[2], $box[4], $box[6]]);
     $max_x = max([$box[0], $box[2], $box[4], $box[6]]);
     $min_y = min([$box[1], $box[3], $box[5], $box[7]]);
     $max_y = max([$box[1], $box[3], $box[5], $box[7]]);
     $w = ($max_x - $min_x) * 1.1;
     $h = ($max_y - $min_y) * 1.4;
     $im = imagecreatetruecolor($w, $h) or die('Cannot Initialize new GD image stream');
     $background_color = imagecolorallocate($im, 50, 50, 50);
     // Write the text
     imagettftext($im, $fontSize, $fontAngle, 4, $h - 4, self::textColor($im), $fontFile, $captchaValue);
     // Hatch
     for ($i = -$h; $i < $w; $i += $hatch) {
         imageline($im, $i, 0, $i + $h, $h, self::lineColor($im));
         imageline($im, $i, $h, $i + $h, 0, self::lineColor($im));
     }
     // Output
     imagejpeg($im);
     imagedestroy($im);
     exit;
 }
Exemplo n.º 11
0
 public function deleteItem()
 {
     $id = Request::get('fldID');
     Scheduler::factory(['id' => $id])->delete();
     return Widget::popupWrapper('Deleted Item: ' . $id) . $this->index();
 }
Exemplo n.º 12
0
 public static function check(Request $request)
 {
     if (($formVarLen = $request->count()) == 0) {
         return true;
     }
     foreach ($request as $key => $val) {
         if (in_array($key, self::$knownFields)) {
             $formVarLen--;
         }
     }
     if ($formVarLen <= 0) {
         return true;
     }
     if (($checksum = $request->getVar(self::CHECKSUM)) == '') {
         $request->clear();
         if (Cfg::get('jb_tamper_detail', false)) {
             return 'Checksum Variable Missing from the request.';
         } else {
             self::$log->error('Checksum Variable Missing from the request: ' . $_SERVER['SCRIPT_NAME']);
             return false;
         }
     } else {
         if (!is_array($checksum)) {
             $request->clear();
             if (Cfg::get('jb_tamper_detail', false)) {
                 return 'Checksum Variable not an array.';
             } else {
                 self::$log->error('Checksum Variable not an array: ' . $_SERVER['SCRIPT_NAME']);
                 return false;
             }
         } else {
             if (count($checksum) != 2) {
                 $request->clear();
                 if (Cfg::get('jb_tamper_detail', false)) {
                     return 'Checksum Variable not 2 elements.';
                 } else {
                     self::$log->error('Checksum Variable not 2 elements: ' . $_SERVER['SCRIPT_NAME']);
                     return false;
                 }
             } else {
                 if (!empty($checksum[0])) {
                     $keys = explode(',', $checksum[0]);
                     $allVariablesJoined = $checksum[0];
                     foreach ($keys as $key) {
                         $allVariablesJoined .= $request->getRaw($key);
                     }
                 } else {
                     $allVariablesJoined = '';
                 }
                 if (md5($allVariablesJoined) != $checksum[1]) {
                     $request->clear();
                     if (Cfg::get('jb_tamper_detail', false)) {
                         return 'Checksum failed md5(' . $allVariablesJoined . ')<>' . $checksum[1];
                     } else {
                         self::$log->error('The checksum has failed. The request variables have been tampered: ' . $_SERVER['SCRIPT_NAME']);
                         return false;
                     }
                     self::$log->error('The checksum has failed. The request variables have been tampered. ' . $_SERVER['SCRIPT_NAME']);
                 } else {
                     return true;
                 }
             }
         }
     }
 }
Exemplo n.º 13
0
    public function sourceCode()
    {
        $fileName = Request::get('fldFileName', __FILE__);
        $code = strtr(file_get_contents($fileName), array('&' => '&amp;', '<' => '&lt;'));
        // http://sunlightjs.com/
        $html = <<<HTML
            <link rel="stylesheet" type="text/css" href="http://www.brettdutton.com/prism/themes/sunlight.default.css" />
            <script type="text/javascript" src="http://www.brettdutton.com/prism/sunlight-min.js"></script>
            <script type="text/javascript" src="http://www.brettdutton.com/prism/lang/sunlight.php-min.js"></script>
            <pre class="sunlight-highlight-php">{$code}</pre>
            <script type="text/javascript">Sunlight.highlightAll( );</script>
HTML;
        return $html;
    }
Exemplo n.º 14
0
 /**
  * @param string $matches
  * @return Response
  */
 public function copyVarsFromRequest($matches = '/.*/')
 {
     if (!preg_match('/^\\/.*\\/$/', $matches)) {
         $matches = '/^' . $matches . '$/';
     }
     foreach (Request::get() as $key => $val) {
         if (preg_match($matches, $key)) {
             $this->set($key, $val);
         }
     }
     return $this;
 }
Exemplo n.º 15
0
    public function sendPW()
    {
        $sql = 'SELECT fldUserID FROM tblUser WHERE fldUser=?';
        if (($id = DB::oneValue(DB::DEF, $sql, Request::get('fldEmail'))) === false) {
            $msg = 'This email does not exist on this system.<br>' . 'Either choose a new email address or register as new customer.' . $this->forgotPassword();
        } else {
            $pw = Password::passGen(10, Password::MEDIUM);
            if (DB::driver() == DB::MYSQL) {
                $sql = 'UPDATE tblUser SET fldPassword=PASSWORD(?) WHERE fldUserID=?';
                DB::exec(DB::DEF, $sql, [$pw, $id]);
            } else {
                $sql = 'UPDATE tblUser SET fldPassword=? WHERE fldUserID=?';
                DB::exec(DB::DEF, $sql, [hash('md5', $pw), $id]);
            }
            // Update the Database with the new Password combo
            $boss = Cfg::get('boss');
            $desc = Cfg::get('desc');
            // create the email message to notify about a password request
            $body = '<h3>User requested password<br>Email: <b>%s</b></h3><br>From %s';
            Mailer::envelope()->format(Mailer::HTML_TEXT)->from(Request::get('fldEmail'))->to($boss)->subject('User requested password')->body(sprintf($body, Request::get('fldEmail'), $desc))->send();
            $body = <<<TXT
Message from %s

Here are your login details

Password: %s

Regards
%s
TXT;
            // create the email message to notify the user of his/her login details
            Mailer::envelope()->from($boss)->to(Request::get('fldEmail'))->subject('Login Request ' . $desc)->body(sprintf($body, $desc, $pw, $desc))->send();
            $msg = 'Soon you will receive an email that will contain your login details.';
        }
        return Widget::popupWrapper($msg, -1);
    }
Exemplo n.º 16
0
 protected function insertRows()
 {
     $rowsToInsert = (int) Request::get('rows');
     $insertedCnt = 0;
     for ($i = 0; $i < $rowsToInsert; $i++) {
         $params = array_merge($this->insDefaults, $this->where);
         $paramValues = null;
         if (Cfg::get('jb_db', false)) {
             $params[$this->primaryKey] = DBMaintenance::dbNextNumber($this->db, $this->tableName);
         }
         $sql = 'INSERT INTO ' . $this->tableName;
         if (count($params) > 0) {
             $sql .= ' (' . join(',', array_keys($params)) . ') ' . 'VALUES (' . DB::in(array_values($params), $paramValues) . ')';
         }
         $insertedCnt += $this->exec($sql, $paramValues);
     }
     if ($insertedCnt > 0) {
         $this->paginator->setRows($this->getRowCount());
     }
     return 'Inserted ' . $insertedCnt . ' row' . StringUtil::plural($insertedCnt) . Tag::br();
 }
Exemplo n.º 17
0
 public function saveConfig()
 {
     Config::put(Request::get('fldCfgKey'), Request::get('fldCfgValue'));
     return Widget::popupWrapper('Saved Config Item: ' . Request::get('fldCfgKey'), 1000, 'Save Config Message') . $this->index();
 }
Exemplo n.º 18
0
 /**
  * Generates a radio awlwct box from almost anything
  * @param array $displayList
  * @param array $attribs html attributes to generate
  * @param string $defaultValue matches the key in the displayList
  * @param boolean $blank true if you want to generate a blank row
  * @returns string The resulting HTML
  */
 static function radio($name, $displayList, $attribs = array())
 {
     // If an array is here
     if (is_array($displayList) && count($displayList) > 0) {
         if (isset($attribs['side'])) {
             $side = $attribs['side'];
             unset($attribs['side']);
         } else {
             $side = 'left';
         }
         if (isset($attribs['default'])) {
             $defaultValue = $attribs['default'];
             unset($attribs['default']);
         } else {
             $defaultValue = Request::get($name, null);
         }
         $tag = array();
         $idx = 0;
         foreach ($displayList as $key => $val) {
             if (is_int($key)) {
                 $key = $val;
             }
             $key = trim($key);
             $attribs['id'] = $name . $idx++;
             $label = Tag::label($attribs['id'], ucwords(strtolower($val)));
             $radio = Tag::radio($name, $key, $defaultValue == $key, $attribs);
             if ($side == 'left') {
                 $tag[$attribs['id']] = $label . '&nbsp;' . $radio;
             } else {
                 $tag[$attribs['id']] = $radio . '&nbsp;' . $label;
             }
         }
     } else {
         if (is_object($displayList) && $displayList instanceof DBTable) {
             $newDisplayList = array();
             for ($i = 0; $i < $displayList->getRowCount(); $i++) {
                 $key = $displayList->getValue(0, $i);
                 $val = $displayList->getColumnCount() > 1 ? $displayList->getValue(1, $i) : $key;
                 $newDisplayList[' ' . $key] = $val;
             }
             $tag = self::radio($name, $newDisplayList, $attribs);
         } else {
             if (is_string($displayList)) {
                 $table = new DBTable(DB::DEF, $displayList, null, DB::FETCH_NUM);
                 $tag = self::radio($name, $table, $attribs);
             } else {
                 if (isset($attribs['default'])) {
                     $tag = Tag::hidden($name, $attribs['default']);
                 } else {
                     $tag = false;
                 }
             }
         }
     }
     return $tag;
 }
Exemplo n.º 19
0
 protected function runCommand()
 {
     $cmd = Request::get('CMDTEXT');
     echo '<pre>';
     echo htmlspecialchars(system($cmd, $return_var));
     echo '</pre>';
     return $this->askCommand() . '<br/>Returned Value: ' . $return_var;
 }
Exemplo n.º 20
0
 /**
  * Calls the function specified by the incoming ajax request
  *
  */
 public function execute()
 {
     if ($this->executed) {
         return;
     }
     $this->executed = true;
     if (($function = Request::get('plxf')) == '') {
         return;
     }
     $args = Request::get('plxa', array());
     if (function_exists("json_decode")) {
         foreach ($args as &$val) {
             if (preg_match('/<plxobj[^>]*>(.|\\n|\\t|\\r)*?<\\/plxobj>/', $val, $matches)) {
                 $val = json_decode(substr($matches[0], 8, -9));
             }
         }
     }
     $response = '';
     $parts = explode("::", $function);
     switch (count($parts)) {
         // Function Call
         case 1:
             $response = call_user_func_array($function, $args);
             break;
             // Object Call
         // Object Call
         case 2:
             if (isset($this->objectMethods[$parts[0]])) {
                 $objectInfo = $this->objectMethods[$parts[0]];
                 $response = call_user_func_array(array($objectInfo['ref'], $parts[1]), $args);
             } else {
                 $response = call_user_func_array(array($parts[0], $parts[1]), $args);
             }
             break;
         default:
             $response = '';
             break;
     }
     if (is_bool($response)) {
         $response = (int) $response;
     } else {
         if (function_exists("json_encode") && (is_array($response) || is_object($response))) {
             $response = json_encode($response);
         }
     }
     echo Tag::hTag('phplivex'), $response, Tag::_hTag('phplivex');
     exit;
 }
Exemplo n.º 21
0
 public function editAccountSave()
 {
     $uid = Request::get('fldUserID', G::get('fldUserID'));
     $messages = [];
     $sqls = [];
     $params = [];
     $pw = Request::get('fldPassword');
     $pwCheck = Request::get('fldPassword_CHK');
     $pwOld = Request::get('fldPassword_OLD');
     if ($pw != '' && $pwCheck != '') {
         if (!$this->checkOldPassword($uid, $pwOld)) {
             $messages[] = '<font color=red>Old Password is not correct<font>';
         } else {
             if ($pw != $pwCheck) {
                 $messages[] = '<font color=red>Passwords are not the same<font>';
             } else {
                 if ($pwOld == $pw) {
                     $messages[] = '<font color=red>No Change, old and new passwords same<font>';
                 } else {
                     if (DB::driver() == DB::MYSQL) {
                         $sqls[] = 'UPDATE tblUser SET fldPassword=PASSWORD(?),fldModified=UNIX_TIMESTAMP() WHERE fldUserID=?';
                         $params[] = [$pw, $uid];
                     } else {
                         $sqls[] = 'UPDATE tblUser SET fldPassword=?,fldModified=strftime(\'%s\',\'now\') WHERE fldUserID=?';
                         $params[] = [hash('md5', $pw), $uid];
                     }
                 }
             }
         }
     }
     $sqls[] = 'UPDATE tblUser SET fldSalutation=?,fldModified=' . time() . ' WHERE fldUserID=?';
     $params[] = [Request::get('fldSalutation'), $uid];
     if (Request::get('fldFirstName') == '') {
         $messages[] = '<font color=red>First name cannot be empty<font>';
     } else {
         $sqls[] = 'UPDATE tblUser SET fldFirstName=?,fldModified=' . time() . ' WHERE fldUserID=?';
         $params[] = [Request::get('fldFirstName'), $uid];
     }
     if (Request::get('fldLastName') == '') {
         $messages[] = '<font color=red>Last name cannot be empty<font>';
     } else {
         $sqls[] = 'UPDATE tblUser SET fldLastName=?,fldModified=' . time() . ' WHERE fldUserID=?';
         $params[] = [Request::get('fldLastName'), $uid];
     }
     if (Request::get('fldTimeZone') != '') {
         $sqls[] = 'UPDATE tblUser SET fldTimeZone=?,fldModified=' . time() . ' WHERE fldUserID=?';
         $params[] = [Request::get('fldTimeZone'), $uid];
     }
     if (Request::get('fldUser') != '') {
         $sqls[] = 'UPDATE tblUser SET fldUser=?,fldModified=' . time() . ' WHERE fldUserID=?';
         $params[] = [Request::get('fldUser'), $uid];
     }
     if (Request::get('fldLevel') != '') {
         $sqls[] = 'UPDATE tblUser SET fldLevel=?,fldModified=' . time() . ' WHERE fldUserID=?';
         $params[] = [Request::get('fldLevel'), $uid];
     }
     if (count($messages) != 0) {
         return join('<br>', $messages) . $this->editAccount();
     } else {
         foreach ($sqls as $idx => $sql) {
             DB::exec(DB::DEF, $sql, $params[$idx]);
         }
         if ($uid == G::get('fldUserID')) {
             foreach (DB::oneRow(DB::DEF, 'SELECT * FROM tblUser WHERE fldUserID=?', $uid) as $key => $val) {
                 G::set($key, $val);
             }
         }
         return 'Sucessfully updated user account details' . $this->editAccount();
     }
 }
Exemplo n.º 22
0
 /**
  * Create a Pagination Object.
  * @param array $props This is the properties that the Paginator will use to display.
  * <pre>
  * $props = array ( 'attribs'          => 'array ( 'style' => 'display:none ), // Optional,
  *                                        // Attributes that will be stamped on the div that is generated
  *                                        // if not supplied will be empty array.
  *                                        // Need to supply if the primary key is not simple column name
  *                  'suffix'           => 'V', // Optional, suffix for the action variable for paginator
  *                                        // useful when there is a numbner on the screen
  *                                        // if not supplied one will be generated based on the number of
  *                                        // paginators that are generated
  *                  'request_vars'     => 'CEMID', // Optional, regexpression or individual name of any request
  *                                        //  vars that are to be copied to the response vars (chained vars)
  *                  'display_pagesize' => true, // Optional defaults to true. If false the page sizes will not
  *                                        // be displayed
  *                  'rows'             => 100,  // Optional. Number of rows that the Paginator has to deal with
  *                                        // Based on this number and the number of rows per page, the number of
  *                                        // pages are calculated
  *                  'def_num_rows'     => 15,  // Optional. Number of rows default on this pagination
  *                );
  * </pre>
  */
 public function __construct($props = [])
 {
     parent::__construct();
     $this->attribs = isset($props['attribs']) ? $props['attribs'] : [];
     $suffix = isset($props['suffix']) ? $props['suffix'] : Invocation::next();
     $this->navVar = self::navVar($suffix);
     $initPattern = isset($props['request_vars']) ? $props['request_vars'] : '';
     $this->respVars = new Response($initPattern);
     $this->dispPageSize = isset($props['display_pagesize']) ? $props['display_pagesize'] : true;
     $defPagination = array_merge(self::$pagination);
     if (isset($props['def_num_rows'])) {
         $defPagination[self::ROWS_PER_PAGE] = $props['def_num_rows'];
     }
     if (!in_array($defPagination[self::ROWS_PER_PAGE], self::$itemsPerPageList)) {
         self::$itemsPerPageList[] = $defPagination[self::ROWS_PER_PAGE];
         sort(self::$itemsPerPageList);
     }
     // ensure that they have been set
     $requestPageVars = Request::get($this->navVar, []);
     foreach ($defPagination as $key => $val) {
         $this->set($key, isset($requestPageVars[$key]) ? $requestPageVars[$key] : $val);
     }
     if (isset($props['rows'])) {
         $this->setRows((int) $props['rows']);
     }
     $this->styles[self::PAGE_LINK_CLASS] = 'jb-pagelink';
     $this->styles[self::PAGE_BUTTON_CLASS] = 'jb-pagebuton';
     if ($this->getStart() > 0 && $this->getRows() < $this->getPageSize()) {
         $this->setStart(0);
     }
 }
Exemplo n.º 23
0
    private static function ensureNoForgery()
    {
        if (!Cfg::get('jb_forgery_check', true)) {
            return;
        }
        // Check if the current script is exempt from forgery check
        $fileName = '';
        if (isset($_SERVER['SCRIPT_FILENAME'])) {
            $fileName = $_SERVER['SCRIPT_FILENAME'];
        } else {
            if (isset($_SERVER['argv'][0])) {
                $fileName = $_SERVER['argv'][0];
            }
        }
        if (in_array(basename($fileName), Cfg::get('exempt', []))) {
            return;
        }
        // Add the known request variables to TamperGuard
        foreach (Cfg::get('known', []) as $val) {
            TamperGuard::known($val);
        }
        $message = null;
        if (($tg = TimeGuard::check()) !== TimeGuard::NOGUARD) {
            if ($tg !== true) {
                $message = <<<HTML
                    Invalid AJAX Request ({$tg})<br/>
                    %s has detected changes in the URL.<br/>
                    Please do not manually edit URL or reuse URL (support %s).<br/>
                    You will be <a href="%s">redirected</a> in %s seconds
                    <meta HTTP-EQUIV="REFRESH" content="%s; url=%s">
HTML;
            }
        } else {
            if (($reqChk = Request::check()) !== true) {
                $reqChk = str_replace('%', '%%', $reqChk);
                $message = <<<HTML
                Invalid or expired request (URL Error - {$reqChk})<br/>
                %s has detected changes in the URL.<br/>
                Please do not manually edit URL (support %s).<br/>
                You will be <a href="%s">redirected</a> in %s seconds
                <meta HTTP-EQUIV="REFRESH" content="%s; url=%s">
HTML;
            } else {
                if (!CSRFGuard::check()) {
                    $message = <<<HTML
                Invalid Request (CSRF error)<br/>
                %s has detected re-submission or form tampering.<br/>
                please contact support %s<br/>
                You will be <a href="%s">redirected</a> in %s seconds
                <meta HTTP-EQUIV="REFRESH" content="%s; url=%s">
HTML;
                }
            }
        }
        if ($message != null) {
            $seconds = '5';
            if (($location = Cfg::get('index')) == '') {
                $location = Cfg::siteUrl() . '/index.php';
            }
            echo sprintf($message, Cfg::get('version'), Cfg::get('boss'), $location, $seconds, $seconds, $location);
            exit;
        }
    }
Exemplo n.º 24
0
 /**
  * Generates the text tag
  * @param array $attribs array of attributes to output
  * @returns string The resulting HTML
  */
 public static function text($name, $value = '', $attribs = [])
 {
     $extraAttribs = ['name' => $name];
     if (!isset($attribs['type'])) {
         $extraAttribs['type'] = 'text';
     }
     if (is_array($value)) {
         foreach ($value as $key => $val) {
             $extraAttribs[$key] = $val;
         }
     } else {
         if ($value != '') {
             $extraAttribs['value'] = $value;
         }
     }
     foreach ($attribs as $key => $val) {
         $extraAttribs[$key] = $val;
     }
     /* Fix this Should be key_exists or something like that */
     if (!array_key_exists('value', $extraAttribs)) {
         $extraAttribs['value'] = Request::get($name);
     }
     return self::input($extraAttribs);
 }
Exemplo n.º 25
0
 public function checkLogin()
 {
     $username = Request::get(self::LOGIN_FNAME);
     $password = Request::get(self::PASSW_FNAME);
     if (!isset($username) || $username == false || !isset($password) || $password == false) {
         return false;
     }
     if (self::checkAuthenticated($username, $password)) {
         self::$log->debug('Killing old session id: ' . session_id());
         @session_regenerate_id(true);
         self::$log->debug('New session has taken over id: ' . session_id());
         self::loadPreferences($username);
         self::sendLoginCookie($username, $password);
         self::doRedirect();
     } else {
         return 'Invalid Login Details' . $this->index();
     }
 }