public function save_password($username, $password) { if ($username == "") { return false; } else { if (is_false($password["password_hashed"])) { $password["password"] = hash(PASSWORD_HASH, $password["password"] . hash(PASSWORD_HASH, $username)); } } $query = "update users set password=%s where username=%s"; return $this->db->query($query, $password["password"], $username) != false; }
function is_boolean() { $params = func_get_args(); $count = func_num_args(); $value = null; if (_get_value($params, $count, $value)) { if (!is_true($value) && !is_false($value)) { return false; } return true; } return false; }
public function update_profile($profile) { $profile["status"] = USER_STATUS_ACTIVE; $keys = array("email", "notification_key", "notification_method", "daily_report"); if ($profile["password"] != "") { array_push($keys, "password"); array_push($keys, "status"); if (is_false($profile["password_hashed"])) { $profile["password"] = hash(PASSWORD_HASH, $profile["password"] . hash(PASSWORD_HASH, $this->user->username)); } } $profile["daily_report"] = is_true($profile["daily_report"]) ? YES : NO; return $this->db->update("users", $this->user->id, $profile, $keys) !== false; }
public function __construct($db, $settings, $user) { $this->db = $db; $this->settings = $settings; $this->user = $user; /* AJAX request */ if ($_SERVER["HTTP_X_REQUESTED_WITH"] == "XMLHttpRequest" || $_GET["output"] == "ajax") { $this->ajax_request = true; } /* Select module */ if (is_true(ENFORCE_HTTPS) && $_SERVER["HTTPS"] != "on") { header(sprintf("Location: https://%s%s", $_SERVER["HTTP_HOST"], $_SERVER["REQUEST_URI"])); header("Strict-Transport-Security: max-age=31536000"); $this->module = ERROR_MODULE; $this->http_code = 301; } else { if (is_false(WEBSITE_ONLINE) && $_SERVER["REMOTE_ADDR"] != WEBSITE_ONLINE) { $this->module = "banshee/offline"; } else { if ($this->db->connected == false) { if (module_exists("setup") && is_true(DEBUG_MODE)) { $this->module = "setup"; } else { $this->module = ERROR_MODULE; $this->http_code = 500; } } else { list($this->url) = explode("?", $_SERVER["REQUEST_URI"], 2); $path = trim($this->url, "/"); if ($path == "") { $page = $this->settings->start_page; } else { if (valid_input($path, VALIDATE_URL, VALIDATE_NONEMPTY)) { $page = $path; } else { $this->module = ERROR_MODULE; $this->http_code = 404; } } $this->pathinfo = explode("/", $page); } } } if ($this->module === null) { $this->select_module($page); } }
public function execute() { $menu = array("Authentication & authorization" => array("Users" => array("cms/user", "users.png"), "Roles" => array("cms/role", "roles.png"), "Organisations" => array("cms/organisation", "organisations.png"), "Access" => array("cms/access", "access.png"), "Flags" => array("cms/flag", "flags.png"), "User switch" => array("cms/switch", "switch.png")), "Content" => array("Agenda" => array("cms/agenda", "agenda.png"), "Dictionary" => array("cms/dictionary", "dictionary.png"), "F.A.Q." => array("cms/faq", "faq.png"), "Files" => array("cms/file", "file.png"), "Forum" => array("cms/forum", "forum.png"), "Guestbook" => array("cms/guestbook", "guestbook.png"), "Languages" => array("cms/language", "language.png"), "Links" => array("cms/links", "links.png"), "Menu" => array("cms/menu", "menu.png"), "News" => array("cms/news", "news.png"), "Pages" => array("cms/page", "page.png"), "Polls" => array("cms/poll", "poll.png"), "Weblog" => array("cms/weblog", "weblog.png")), "Photo album" => array("Albums" => array("cms/album", "album.png"), "Collections" => array("cms/collection", "collection.png"), "Photos" => array("cms/photo", "photo.png")), "Newsletter" => array("Newsletter" => array("cms/newsletter", "newsletter.png"), "Subscriptions" => array("cms/subscriptions", "subscriptions.png")), "System" => array("Logging" => array("cms/logging", "logging.png"), "Action log" => array("cms/action", "action.png"), "Settings" => array("cms/settings", "settings.png"), "API test" => array("cms/apitest", "apitest.png"))); /* Show warnings */ if ($this->user->is_admin) { if (module_exists("setup")) { $this->output->add_system_warning("The setup module is still available. Remove it from settings/public_modules.conf."); } if ($this->user->id == 1 && $this->user->password == "c10b391ff5e75af6ee8469539e6a5428f09eff7e693d6a8c4de0e5525cd9b287") { $this->output->add_system_warning("Don't forget to change the password of the admin account!"); } if ($this->settings->secret_website_code == "CHANGE_ME_INTO_A_RANDOM_STRING") { $this->output->add_system_warning("Don't forget to change the secret_website_code setting."); } if (is_true(DEBUG_MODE)) { $this->output->add_system_warning("Website is running in debug mode. Set DEBUG_MODE in settings/website.conf to 'no'."); } } if ($this->page->pathinfo[1] != null) { $this->output->add_system_warning("The administration module '%s' does not exist.", $this->page->pathinfo[1]); } /* Show icons */ if (is_false(MULTILINGUAL)) { unset($menu["Content"]["Languages"]); } $access_list = page_access_list($this->db, $this->user); $private_modules = config_file("private_modules"); $this->output->open_tag("menu"); foreach ($menu as $text => $section) { $this->output->open_tag("section", array("text" => $text, "class" => strtr(strtolower($text), " &", "__"))); foreach ($section as $text => $info) { list($module, $icon) = $info; if (in_array($module, $private_modules) == false) { continue; } if (isset($access_list[$module])) { $access = $access_list[$module] > 0; } else { $access = true; } $this->output->add_tag("entry", $module, array("text" => $text, "access" => show_boolean($access), "icon" => $icon)); } $this->output->close_tag(); } $this->output->close_tag(); }
public function execute() { $menu = array("Authentication, authorization & system" => array("Users" => array("cms/user", "users.png"), "Roles" => array("cms/role", "roles.png"), "Organisations" => array("cms/organisation", "organisations.png"), "Access" => array("cms/access", "access.png"), "User switch" => array("cms/switch", "switch.png"), "Action log" => array("cms/action", "action.png"), "Settings" => array("cms/settings", "settings.png")), "Content" => array("Files" => array("cms/file", "file.png"), "Hostnames" => array("cms/hostname", "hostname.gif"), "Menu" => array("cms/menu", "menu.png"), "Pages" => array("cms/page", "page.png"), "Webservers" => array("cms/webserver", "webserver.png"))); /* Show warnings */ if ($this->user->is_admin) { if ($this->user->id == 1 && $this->user->password == "610706e9a48f85476e04d270bd6dc7492cdcd9ad7e91878007dff629ab11f195") { $this->output->add_system_warning("Don't forget to change the password of the admin account!"); } if ($this->settings->secret_website_code == "CHANGE_ME_INTO_A_RANDOM_STRING") { $this->output->add_system_warning("Don't forget to change the secret_website_code setting."); } if (is_true(DEBUG_MODE)) { $this->output->add_system_warning("Website is running in debug mode. Set DEBUG_MODE in settings/website.conf to 'no'."); } } if ($this->page->pathinfo[1] != null) { $this->output->add_system_warning("The administration module '%s' does not exist.", $this->page->pathinfo[1]); } /* Show icons */ if (is_false(MULTILINGUAL)) { unset($menu["Content"]["Languages"]); } $access_list = page_access_list($this->db, $this->user); $private_pages = config_file("private_pages"); $this->output->open_tag("menu"); foreach ($menu as $text => $section) { $this->output->open_tag("section", array("text" => $text, "class" => strtr(strtolower($text), " &", "__"))); foreach ($section as $text => $info) { list($page, $icon) = $info; if (in_array($page, $private_pages) == false) { continue; } if (isset($access_list[$page])) { $access = $access_list[$page] > 0; } else { $access = true; } $this->output->add_tag("entry", $page, array("text" => $text, "access" => show_boolean($access), "icon" => $icon)); } $this->output->close_tag(); } $this->output->close_tag(); }
function validate_session($credential_store = 'credential') { $pk_entity = -1; if (is_missing($_SESSION, $credential_store)) { # Server has no session credentials stored. } if (is_missing_or_empty($_SESSION, $credential_store)) { error_log("db_lib/validate_session() credential exists, but is empty"); return -1; } $entity_record = $_SESSION[$credential_store]; $pk_entity = intval($entity_record['entity']); if ($pk_entity <= 0) { return -1; } if (is_false($entity_record, 'entity')) { $pk_entity = null; return -1; } return $pk_entity; }
public function generate() { if ($this->disabled) { return; } if (headers_sent() == false && $this->http_status != 200) { header(sprintf("Status: %d", $this->http_status)); } switch ($this->mode) { case "json": $data = $this->array; $data = $this->optimize_for_json($data); header("Content-Type: application/json"); $result = json_encode($data["output"]); break; case "xml": header("Content-Type: text/xml"); $result = $this->document; break; case "data": header("Content-Type: text/plain"); $result = $this->document; break; case null: $xslt_file = "../views/" . $this->page->view . ".xslt"; if (($result = parent::transform($xslt_file)) === false) { header("Status: 500"); header("Content-Type: text/plain"); $result = "Banshee: Fatal XSL Transformation error.\n"; if (file_exists($xslt_file) == false) { $result .= sprintf("%s: file not found.\n", substr($xslt_file, 3)); } else { $result .= sprintf("%s: invalid XML.\n", substr($xslt_file, 3)); } break; } /* Print headers */ if (headers_sent() == false) { header("X-Frame-Options: sameorigin"); if ($this->activate_hiawatha_cache()) { header("X-Hiawatha-Cache: " . $this->hiawatha_cache_time); } header("Content-Type: " . $this->content_type); header("Content-Language: " . $this->language); if (is_false(ini_get("zlib.output_compression"))) { if ($this->can_gzip_output($result)) { header("Content-Encoding: gzip"); $result = gzencode($result, 6); } header("Content-Length: " . strlen($result)); } header("Vary: Accept-Encoding"); header("X-Powered-By: Banshee PHP framework v" . BANSHEE_VERSION); } break; default: $result = "Unknown output type"; } return $result; }
function executeQuery($sql_query_str) { set_error_handler("txtdbapi_error_handler"); txtdbapi_clear_errors(); debug_printb("[executeQuery] Query: {$sql_query_str}<br>"); // Parse Query $start = getmicrotime(); $sqlParser = new SqlParser($sql_query_str); $sqlQuery = $sqlParser->parseSqlQuery(); debug_print("parseSqlQuery: " . (getmicrotime() - $start) . " seconds elapsed<br>"); // free $sqlParser unset($sqlParser); $sqlParser = ""; // Test Query if (!$sqlQuery || !$sqlQuery->test()) { restore_error_handler(); return false; } $start = getmicrotime(); debug_printb("[executeQuery] Parsed Query:<br>"); if (TXTDBAPI_DEBUG) { $sqlQuery->dump(); } // Dispatch switch ($sqlQuery->type) { case "SELECT": $rc = $this->executeSelectQuery($sqlQuery); break; case "INSERT": $rc = $this->executeInsertQuery($sqlQuery); break; case "DELETE": $rc = $this->executeDeleteQuery($sqlQuery); break; case "UPDATE": $rc = $this->executeUpdateQuery($sqlQuery); break; case "CREATE TABLE": $rc = $this->executeCreateTableQuery($sqlQuery); break; case "DROP TABLE": $rc = $this->executeDropTableQuery($sqlQuery); break; case "CREATE DATABASE": $rc = $this->executeCreateDatabaseQuery($sqlQuery); break; case "DROP DATABASE": $rc = $this->executeDropDatabaseQuery($sqlQuery); break; case "LIST TABLES": $rc = $this->executeListTablesQuery($sqlQuery); break; default: print_error_msg("Invalid or unsupported Query Type: " . $sqlQuery->type); restore_error_handler(); return false; } if (is_false($rc)) { print_error_msg("Query '" . $sql_query_str . "' failed"); } debug_printb("[executeQuery] Query execution done: " . (getmicrotime() - $start) . " seconds elapsed<br>"); restore_error_handler(); return $rc; }
function parseResultSetFromFileForAppend($fd) { $start = getmicrotime(); $rs = new ResultSet(); // COLUMN NAMES // read with a maximum of 1000 bytes, until there is a newline included (or eof) $buf = ""; while (is_false(strstr($buf, "\n"))) { $buf .= fgets($fd, 1000); if (feof($fd)) { print_error_msg("Invalid Table File!<br>"); return null; } } // remove newline remove_last_char($buf); $rec = $this->parseRowFromLine($buf); $rs->setColumnNames($rec); // COLUMN TYPES // read with a maximum of 1000 bytes, until there is a newline included (or eof) $buf = ""; while (is_false(strstr($buf, "\n"))) { $buf .= fgets($fd, 1000); if (feof($fd)) { print_error_msg("Invalid Table File!<br>"); return null; } } // remove newline remove_last_char($buf); $rec = $this->parseRowFromLine($buf); $rs->setColumnTypes($rec); // COLUMN DEFAULT VALUES // read with a maximum of 1000 bytes, until there is a newline included (or eof) $buf = ""; while (is_false(strstr($buf, "\n"))) { $buf .= fgets($fd, 1000); if (feof($fd)) { break; // there's no newline after the colum types => empty table } } // remove newline if (last_char($buf) == "\n") { remove_last_char($buf); } $rec = $this->parseRowFromLine($buf); $rs->setColumnDefaultValues($rec); // get file size fseek($fd, 0, SEEK_END); $size = ftell($fd); $lastRecSize = min($size, ASSUMED_RECORD_SIZE); $lastRecPos = false; while (is_false($lastRecPos)) { fseek($fd, -$lastRecSize, SEEK_END); $buf = fread($fd, $lastRecSize); $lastRecSize = $lastRecSize * 2; $lastRecSize = min($size, $lastRecSize); if ($lastRecSize < 1) { print_error_message("lastRecSize should not be 0! Contact developer please!"); } $lastRecPos = $this->getLastRecordPosInString($buf); if (TXTDBAPI_VERBOSE_DEBUG) { echo "<hr>pass! <br>"; echo "lastRecPos: " . $lastRecPos . "<br>"; echo "buf: " . $buf . "<br>"; } } $buf = trim(substr($buf, $lastRecPos)); verbose_debug_print("buf after substr() and trim(): " . $buf . "<br>"); $rs->reset(); $row = $this->parseRowFromLine($buf); if (TXTDBAPI_VERBOSE_DEBUG) { echo "parseResultSetFromFileForAppend(): last Row:<br>"; print_r($row); echo "<br>"; } $rs->appendRow($row); $rs->setColumnAliases(create_array_fill(count($rs->colNames), "")); $rs->setColumnTables(create_array_fill(count($rs->colNames), "")); $rs->setColumnTableAliases(create_array_fill(count($rs->colNames), "")); $rs->setColumnFunctions(create_array_fill(count($rs->colNames), "")); $rs->colFuncsExecuted = create_array_fill(count($rs->colNames), false); debug_print("<i>III: parseResultSetFromFileForAppend: " . (getmicrotime() - $start) . " seconds elapsed</i><br>"); return $rs; }
public function save_oke($user) { $result = true; if (isset($user["id"])) { if (($current = $this->get_user($user["id"])) == false) { $this->output->add_message("User not found."); return false; } /* Non-admins cannot edit admins */ if ($this->user->is_admin == false) { if ($this->access_allowed_for_non_admin($current) == false) { $this->output->add_message("You are not allowed to edit this user."); $this->user->log_action("unauthorized update attempt of user %d", $user["id"]); return false; } } /* Username changed need password to be reset */ if ($user["username"] != $current["username"] && $user["password"] == "") { $this->output->add_message("Username change needs password to be re-entered."); $result = false; } } /* Check username */ if ($user["username"] == "" || $user["fullname"] == "") { $this->output->add_message("The username and full name cannot be empty."); $result = false; } else { if (valid_input($user["username"], VALIDATE_LETTERS . VALIDATE_NUMBERS) == false) { $this->output->add_message("Invalid characters in username."); $result = false; } else { if (($check = $this->db->entry("users", $user["username"], "username")) != false) { if ($check["id"] != $user["id"]) { $this->output->add_message("Username already exists."); $result = false; } } } } /* Check password */ if (isset($user["id"]) == false) { if ($user["password"] == "" && is_false($user["generate"])) { $this->output->add_message("Fill in the password or let Banshee generate one."); $result = false; } } /* Check e-mail */ if (valid_email($user["email"]) == false) { $this->output->add_message("Invalid e-mail address."); $result = false; } else { if (($check = $this->db->entry("users", $user["email"], "email")) != false) { if ($check["id"] != $user["id"]) { $this->output->add_message("E-mail address already exists."); $result = false; } } } /* Check certificate serial */ if (valid_input($user["cert_serial"], VALIDATE_NUMBERS) == false) { $this->output->add_message("The certificate serial must be a number."); $result = false; } return $result; }
public function testIsNotFalse() { $this->assertFalse(is_false(null)); }
function parseNextChar() { if (!(++$this->currentPos < strlen($this->workingStr))) { return false; } $this->currentChar = $this->workingStr[$this->currentPos]; $c = $this->currentChar; verbose_debug_print("<hr>"); verbose_debug_print("StringParser:: current char: '" . $c . "' <br>"); // update escape char tracking vars if ($this->currentIsEscape) { $this->lastWasEscape = true; $this->currentIsEscape = false; } else { $this->lastWasEscape = false; $this->currentIsEscape = false; } // escape char: if ($c == $this->escapeChar) { verbose_debug_print("StringParser:: escape char matched: " . $c . "<br>"); // last was escape: 2 escape chars => the char is used, and the escapement meaning is lost if ($this->lastWasEscape) { $this->currentIsEscape = false; $this->lastWasEscape = false; $this->currentElement .= $c; // last was not escape, so the current has escape meaning } else { $this->currentIsEscape = true; // add only if we don't remove escape chars if (!$this->removeEscapeChars) { $this->currentElement .= $c; } } return true; } // handle quote chars (only if the last was no escape char) if (!$this->lastWasEscape) { for ($j = 0; $j < count($this->quoteChars); ++$j) { if ($c == $this->quoteChars[$j]) { // are we in this quotes OR not in other quotes => swap quote var if ($this->inQuotes[$j] || is_false(in_array(1, $this->inQuotes))) { $this->inQuotes[$j] = !$this->inQuotes[$j]; // add only if $this->removeQuotes isn't set if (!$this->removeQuotes) { $this->currentElement .= $c; } // else ignore the quotes meaning, but add it anyway } else { $this->currentElement .= $c; } return true; } } } // handle whitespace chars (if we are not in quotes) if (is_false(in_array(1, $this->inQuotes))) { for ($j = 0; $j < count($this->whitespaceChars); ++$j) { if ($c == $this->whitespaceChars[$j]) { verbose_debug_print("StringParser:: whitespace matched: '" . $c . "' nr: " . $j . "<br>"); // whitespace found, return element if the strlen() is > 0 if (strlen($this->currentElement) > 0) { //++$this->currentPos; // skip the whitespace // break all for's an return $element: //break 2; $this->elementFinished = true; return true; } // ignore the whitespace => continue return true; } } } // search for specialElements, but only if we are not in quotes if (is_false(in_array(1, $this->inQuotes))) { $testStr = substr($this->workingStr, $this->currentPos, $this->specialElementsMaxLen); verbose_debug_print("StringParser:: testStr is " . $testStr . "<br>"); if (!is_false($specialElem = array_search_stri_start($testStr, $this->specialElements))) { verbose_debug_print("special Element found: " . $specialElem . "<br>"); // specialElement found! // strlen(element)>0 ? return current element if (strlen($this->currentElement) > 0) { verbose_debug_print("returning last Element !<br>"); $this->elementFinished = true; --$this->currentPos; return true; // make the specialElement the current element and return it } else { verbose_debug_print("returning specialElement !<br>"); $this->currentElement = $specialElem; $this->currentPos += strlen($specialElem); --$this->currentPos; $this->elementFinished = true; return true; } } } // none of the previous tests matches, add the current char to the element verbose_debug_print("StringParser:: normal char...<br>"); $this->currentElement .= $c; return true; }
function parseSelectQuery() { $colNames = array(); $colTables = array(); $colAliases = array(); $colFuncs = array(); $fieldValues = array(); $tables = array(); $tableAliases = array(); $groupColumns = array(); $orderColumns = array(); $orderTypes = array(); $where_expr = ""; $distinct = 0; // parse Distinct if (strtoupper($this->peekNextElement()) == "DISTINCT") { $distinct = 1; $this->skipNextElement(); } // parse Columns $arrElements = array(); $colIndex = -1; while ($this->parseNextElements(",", array("FROM"), $arrElements)) { ++$colIndex; $colNames[$colIndex] = ""; $colTables[$colIndex] = ""; $colAliases[$colIndex] = ""; $colFuncs[$colIndex] = ""; // FUNC() | FUNC(col) | FUNC(table.col) | FUNC(col) AS alias | FUNC(table.col) AS alias | FUNC() AS alias // function ? if (count($arrElements) >= 3 && $arrElements[1] == "(") { $colFuncs[$colIndex] = strtoupper($arrElements[0]); // remove function from $arrElements array_splice($arrElements, 0, 2); $pos = array_search(")", $arrElements); if (!is_false($pos) && !_is_null($pos)) { array_splice($arrElements, $pos, 1); } } // *empty array* | col | table.col | col AS alias | table.col AS alias | AS alias // table ? if (count($arrElements) >= 3 && $arrElements[1] == ".") { $colTables[$colIndex] = $arrElements[0]; array_splice($arrElements, 0, 2); } // *empty array* | col | col AS alias | AS alias // alias ? if (count($arrElements) >= 3 && strtoupper($arrElements[1]) == "AS") { $colAliases[$colIndex] = $arrElements[2]; array_splice($arrElements, 1, 2); } // *empty array* | col | AS alias // alias on function without column if (count($arrElements) >= 2 && strtoupper($arrElements[0]) == "AS") { $colAliases[$colIndex] = $arrElements[1]; array_splice($arrElements, 0, 2); } // *empty array* | col // column name ? if (count($arrElements) >= 1) { $colNames[$colIndex] = $arrElements[0]; array_splice($arrElements, 0, 1); } if (count($arrElements) > 0) { $errStr = "Unexpected Element(s): "; for ($i = 0; $i < count($arrElements); ++$i) { $errStr .= $arrElements[$i] . " "; } print_error_msg($errStr); return null; } } // skip FROM $this->skipNextElement(); // parse Tables $arrElements = array(); while ($this->parseNextElements(",", array("GROUP", "WHERE", "ORDER", "LIMIT", ";"), $arrElements)) { $tables[] = $arrElements[0]; if (count($arrElements) > 2 && strtoupper($arrElements[1]) == "AS") { $tableAliases[] = $arrElements[2]; // mysql like Table aliasing support, without AS } else { if (count($arrElements) > 1) { $tableAliases[] = $arrElements[1]; // end of mysql like Table aliasing support } else { $tableAliases[] = ""; } } } // parse Where statement (Raw, because the escape-chars are needend in the ExpressionParser) if (strtoupper($this->peekNextElement()) == "WHERE") { $this->skipNextElement(); while (!is_empty_str($elem = $this->peekNextElementRaw())) { if (strtoupper($elem) == "GROUP" || strtoupper($elem) == "ORDER" || $elem == ";" || strtoupper($elem) == "LIMIT") { break; } $this->skipNextElement(); // no " " on points if ($elem == ".") { remove_last_char($where_expr); $where_expr .= $elem; } else { $where_expr .= $elem . " "; } } } debug_print("WHERE EXPR: {$where_expr}<br>"); // parse GROUP BY $groupColumnIndex = 0; if (strtoupper($this->peekNextElement()) == "GROUP") { $this->skipNextElement(); if (strtoupper($this->parseNextElement()) != "BY") { print_error_msg("BY expected"); return null; } while (!is_empty_str($elem = $this->peekNextElement())) { if ($elem == ";" || strtoupper($elem) == "LIMIT" || strtoupper($elem) == "ORDER") { break; } $this->skipNextElement(); if ($elem == ",") { $groupColumnIndex++; } else { if (!isset($groupColumns[$groupColumnIndex])) { $groupColumns[$groupColumnIndex] = $elem; } else { $groupColumns[$groupColumnIndex] .= $elem; } } } } // parse ORDER BY $orderColumnIndex = 0; if (strtoupper($this->peekNextElement()) == "ORDER") { $this->skipNextElement(); if (strtoupper($this->parseNextElement()) != "BY") { print_error_msg("BY expected"); return null; } while (!is_empty_str($elem = $this->peekNextElement())) { if ($elem == ";" || strtoupper($elem) == "LIMIT") { break; } $this->skipNextElement(); if ($elem == ",") { $orderColumnIndex++; } else { if (strtoupper($elem) == "ASC") { $orderTypes[$orderColumnIndex] = ORDER_ASC; } else { if (strtoupper($elem) == "DESC") { $orderTypes[$orderColumnIndex] = ORDER_DESC; } else { if (!isset($orderColumns[$orderColumnIndex])) { $orderColumns[$orderColumnIndex] = $elem; } else { $orderColumns[$orderColumnIndex] .= $elem; } $orderTypes[$orderColumnIndex] = ORDER_ASC; } } } } } // parse LIMIT $limit = array(); if (strtoupper($this->peekNextElement()) == "LIMIT") { $this->skipNextElement(); while (!is_empty_str($elem = $this->peekNextElement())) { if ($elem == ";") { break; } $this->skipNextElement(); if ($elem != ",") { $limit[] = $elem; } } } $sqlObj = new SqlQuery("SELECT", $colNames, $tables, $colAliases, $colTables, $where_expr, $groupColumns, $orderColumns, $orderTypes, $limit); $sqlObj->tableAliases = $tableAliases; $sqlObj->colFuncs = $colFuncs; $sqlObj->distinct = $distinct; return $sqlObj; }
public function save_access($page_id, $roles) { if ($this->db->query("delete from page_access where page_id=%d", $page_id) === false) { return false; } if (is_array($roles) == false) { return true; } foreach ($roles as $role_id => $has_role) { if (is_false($has_role) || $role_id == ADMIN_ROLE_ID) { continue; } $values = array("page_id" => (int) $page_id, "role_id" => (int) $role_id, "level" => 1); if ($this->db->insert("page_access", $values) === false) { return false; } } return true; }
/** * vdebug() * * @param mixed $data * @param bool $die FALSE * @param bool $add_var_dump FALSE * @param bool $add_last_query TRUE * @return void */ function vdebug($data, $die = false, $add_var_dump = false, $add_last_query = true) { $CI =& get_instance(); $CI->load->library('unit_test'); $bt = debug_backtrace(); $src = file($bt[0]["file"]); $line = $src[$bt[0]['line'] - 1]; # Match the function call and the last closing bracket preg_match('#' . __FUNCTION__ . '\\((.+)\\)#', $line, $match); $max = strlen($match[1]); $varname = NULL; $c = 0; for ($i = 0; $i < $max; $i++) { if ($match[1][$i] == "(") { $c++; } elseif ($match[1][$i] == ")") { $c--; } if ($c < 0) { break; } $varname .= $match[1][$i]; } if (is_object($data)) { $message = 'Variable holds an OBJECT'; } elseif (is_array($data)) { $message = 'Variable holds an ARRAY'; } elseif (is_string($data)) { $message = 'Variable holds a STRING'; } elseif (is_int($data)) { $message = 'Variable holds a INTEGER'; } elseif (is_true($data)) { $message = 'Variable holds a TRUE BOOLEAN'; } elseif (is_false($data)) { $message = 'Variable holds a FALSE BOOLEAN'; } elseif (is_null($data)) { $message = 'Variable is NULL'; } elseif (is_float($data)) { $message = 'Variable is FLOAT'; } else { $message = 'N/A'; } $output = '<div style="clear:both;"></div>'; $output .= '<meta charset="UTF-8" />'; $output .= '<style>::selection{background-color:#E13300!important;color:#fff}::moz-selection{background-color:#E13300!important;color:#fff}::webkit-selection{background-color:#E13300!important;color:#fff}div.debugbody{background-color:#fff;margin:40px;font:9px/12px normal;font-family:Arial,Helvetica,sans-serif;color:#4F5155;min-width:500px}a.debughref{color:#039;background-color:transparent;font-weight:400}h1.debugheader{color:#444;background-color:transparent;border-bottom:1px solid #D0D0D0;font-size:12px;line-height:14px;font-weight:700;margin:0 0 14px;padding:14px 15px 10px;font-family:Consolas}code.debugcode{font-family:Consolas,Monaco,Courier New,Courier,monospace;font-size:12px;background-color:#f9f9f9;border:1px solid #D0D0D0;color:#002166;display:block;margin:10px 0;padding:5px 10px 15px}pre.debugpre{display:block;padding:0;margin:0;color:#002166;font:12px/14px normal;font-family:Consolas,Monaco,Courier New,Courier,monospace;background:0;border:0}div.debugcontent{margin:0 15px}p.debugp{margin:0;padding:0}.debugitalic{font-style:italic}.debutextR{text-align:right;margin-bottom:0;margin-top:0}.debugbold{font-weight:700}p.debugfooter{text-align:right;font-size:11px;border-top:1px solid #D0D0D0;line-height:32px;padding:0 10px;margin:20px 0 0}div.debugcontainer{margin:10px;border:1px solid #D0D0D0;-webkit-box-shadow:0 0 8px #D0D0D0}code.debug p{padding:0;margin:0;width:100%;text-align:right;font-weight:700;text-transform:uppercase;border-bottom:1px dotted #CCC;clear:right}code.debug span{float:left;font-style:italic;color:#CCC}</style>'; $output .= '<div class="debugbody"><div class="debugcontainer">'; $output .= '<h1 class="debugheader">' . $varname . '</h1>'; $output .= '<div class="debugcontent">'; $output .= '<code class="debugcode"><p class="debugp debugbold debutextR">:: Variable Type</p>' . $message . '</code>'; if ($add_last_query) { if ($CI->db->last_query()) { $output .= '<code class="debugcode"><p class="debugp debugbold debutextR">:: $CI->db->last_query()</p>'; $output .= $CI->db->last_query(); $output .= '</code>'; } } $output .= '<code class="debugcode"><p class="debugp debugbold debutextR">:: print_r</p><pre class="debugpre">'; ob_start(); print_r($data); $output .= trim(ob_get_clean()); $output .= '</pre></code>'; if ($add_var_dump) { $output .= '<code class="debugcode"><p class="debugp debugbold debutextR">:: var_dump</p><pre class="debugpre">'; ob_start(); var_dump($data); $vardump = trim(ob_get_clean()); $vardump = preg_replace("/\\]\\=\\>\n(\\s+)/m", "] => ", $vardump); $output .= $vardump; $output .= '</pre></code>'; } $output .= '</div><p class="debugfooter">Vayes Debug Helper © Yahya A. Erturan</p></div></div>'; $output .= '<div style="clear:both;"></div>'; if (PHP_SAPI == 'cli') { echo $varname . ' = ' . PHP_EOL . $output . PHP_EOL . PHP_EOL; return; } echo $output; if ($die) { exit; } }
public function execute() { if ($_SERVER["REQUEST_METHOD"] == "POST") { if ($_POST["submit_button"] == "Save user") { /* Fix password */ if (is_true($_POST["generate"])) { $_POST["password"] = random_string(10); $_POST["password_hashed"] = false; } if (is_false($_POST["password_hashed"]) && $_POST["password"] != "") { $_POST["plaintext"] = $_POST["password"]; $_POST["password"] = hash(PASSWORD_HASH, $_POST["password"] . hash(PASSWORD_HASH, $_POST["username"])); } /* Save user */ if ($this->model->save_oke($_POST) == false) { $this->show_user_form($_POST); } else { if (isset($_POST["id"]) === false) { /* Create user */ if ($this->model->create_user($_POST) === false) { $this->output->add_message("Database error while creating user."); $this->show_user_form($_POST); } else { $this->user->log_action("user %s created", $_POST["username"]); if (is_true($_POST["generate"])) { $this->model->send_notification($_POST); } $this->show_user_overview(); } } else { /* Update user */ $username = $this->model->get_username($_POST["id"]); if ($this->model->update_user($_POST) === false) { $this->output->add_message("Database error while updating user."); $this->show_user_form($_POST); } else { if ($_POST["username"] == $username) { $name = $_POST["id"]; } else { $name = sprintf("%s -> %s", $username, $_POST["username"]); } $this->user->log_action("user %s updated", $name); if (is_true($_POST["generate"])) { $this->model->send_notification($_POST); } $this->show_user_overview(); } } } } else { if ($_POST["submit_button"] == "Delete user") { /* Delete user */ $username = $this->model->get_username($_POST["id"]); if ($this->model->delete_oke($_POST["id"]) == false) { $this->show_user_form($_POST); } else { if ($this->model->delete_user($_POST["id"]) == false) { $this->output->add_tag("result", "Database error while deleting user."); } else { $this->user->log_action("user %s deleted", $username); $this->show_user_overview(); } } } else { $this->show_user_overview(); } } } else { if ($this->page->pathinfo[2] == "new") { /* Show the user webform */ $user = array("organisation_id" => $this->user->organisation_id, "roles" => array(ADMIN_ROLE_ID + 1), "status" => USER_STATUS_CHANGEPWD); $this->show_user_form($user); } else { if (valid_input($this->page->pathinfo[2], VALIDATE_NUMBERS, VALIDATE_NONEMPTY)) { /* Show the user webform */ if (($user = $this->model->get_user($this->page->pathinfo[2])) == false) { $this->output->add_tag("result", "User not found."); } else { $this->show_user_form($user); } } else { /* Show a list of all users */ $this->show_user_overview(); } } } }
function page_access_list($db, $user) { $access_rights = array(); /* Public pages on disk */ $public = page_to_module(config_file("public_pages")); foreach ($public as $page) { $access_rights[$page] = 1; } /* Private pages on disk */ $private_pages = page_to_module(config_file("private_pages")); foreach ($private_pages as $page) { $access_rights[$page] = $user->is_admin ? YES : NO; } if ($user->logged_in && $user->is_admin == false) { $query = "select * from roles where id in " . "(select role_id from user_role where user_id=%d)"; if (($roles = $db->execute($query, $user->id)) === false) { return false; } foreach ($roles as $role) { $role = array_slice($role, 2); foreach ($role as $page => $level) { $level = (int) $level; if ($user->is_admin && $level == NO) { $level = YES; } if (isset($access_rights[$page]) == false) { $access_rights[$page] = $level; } else { if ($access_rights[$page] < $level) { $access_rights[$page] = $level; } } } } } /* Pages in database */ if (($pages = $db->execute("select * from pages")) === false) { return false; } foreach ($pages as $page) { $access_rights[ltrim($page["url"], "/")] = is_false($page["private"]) || $user->is_admin ? YES : NO; } if ($user->logged_in && $user->is_admin == false) { $conditions = $rids = array(); foreach ($user->role_ids as $rid) { array_push($conditions, "role_id=%d"); array_push($rids, $rid); } $query = "select p.url,a.level from pages p, page_access a " . "where p.id=a.page_id and (" . implode(" or ", $conditions) . ")"; if (($pages = $db->execute($query, $rids)) === false) { return false; } foreach ($pages as $page) { $url = ltrim($page["url"], "/"); if ($access_rights[$url] < $page["level"]) { $access_rights[$url] = $page["level"]; } } } return $access_rights; }
function split_full_colname($fullColName, &$colName, &$colTable, &$colFunc) { $colName = ""; $colTable = ""; $colFunc = ""; // direct value ? if (is_numeric($fullColName) || has_quotes($fullColName)) { $colName = trim($fullColName); return true; } if (!is_false($pos = strpos($fullColName, "("))) { $colFunc = strtoupper(trim(substr($fullColName, 0, $pos))); $fullColName = substr($fullColName, $pos + 1); } if (!is_false($pos = strpos($fullColName, ".")) && $colFunc != "EVAL") { $colTable = substr($fullColName, 0, $pos); $colName = substr($fullColName, $pos + 1); } else { $colName = $fullColName; } $colName = trim($colName); if ($colFunc) { if (last_char($colName) == ")") { remove_last_char($colName); } else { print_error_msg(") expected after {$colName}!"); return false; } } $colName = trim($colName); $colTable = trim($colTable); return true; }
protected static function NOT_FALSE($var1) { return !is_false($var1) ? true : false; }
function parseSelectQuery() { $colNames = array(); $colTables = array(); $colAliases = array(); $colFuncs = array(); $fieldValues = array(); $tables = array(); $tableAliases = array(); $groupColumns = array(); $orderColumns = array(); $orderTypes = array(); $where_expr = ""; $distinct = 0; $joins = array(); // parse Distinct if (strtoupper($this->peekNextElement()) == "DISTINCT") { $distinct = 1; $this->skipNextElement(); } // parse Columns $arrElements = array(); $colIndex = -1; while ($this->parseNextElements(",", array("FROM"), $arrElements)) { ++$colIndex; $colNames[$colIndex] = ""; $colTables[$colIndex] = ""; $colAliases[$colIndex] = ""; $colFuncs[$colIndex] = ""; // FUNC() | FUNC(col) | FUNC(table.col) | FUNC(col) AS alias | FUNC(table.col) AS alias | FUNC() AS alias // function ? if (count($arrElements) >= 3 && $arrElements[1] == "(") { $colFuncs[$colIndex] = strtoupper($arrElements[0]); // remove function from $arrElements array_splice($arrElements, 0, 2); $pos = array_search(")", $arrElements); if (!is_false($pos) && !_is_null($pos)) { array_splice($arrElements, $pos, 1); } } // *empty array* | col | table.col | col AS alias | table.col AS alias | AS alias // table ? if (count($arrElements) >= 3 && $arrElements[1] == ".") { $colTables[$colIndex] = $arrElements[0]; array_splice($arrElements, 0, 2); } // *empty array* | col | col AS alias | AS alias // alias ? if (count($arrElements) >= 3 && strtoupper($arrElements[1]) == "AS") { $colAliases[$colIndex] = $arrElements[2]; array_splice($arrElements, 1, 2); } // *empty array* | col | AS alias // alias on function without column if (count($arrElements) >= 2 && strtoupper($arrElements[0]) == "AS") { $colAliases[$colIndex] = $arrElements[1]; array_splice($arrElements, 0, 2); } // *empty array* | col // column name ? if (count($arrElements) >= 1) { $colNames[$colIndex] = $arrElements[0]; array_splice($arrElements, 0, 1); } if (count($arrElements) > 0) { $errStr = "Unexpected Element(s): "; for ($i = 0; $i < count($arrElements); ++$i) { $errStr .= $arrElements[$i] . " "; } print_error_msg($errStr); return null; } } // skip FROM $this->skipNextElement(); // parse Tables $arrElements = array(); $tableIndex = 0; $joinIndex = 0; while ($elem = $this->peekNextElement()) { $elemUpper = strtoupper($elem); if (in_array($elemUpper, array("GROUP", "WHERE", "ORDER", "LIMIT", ";"))) { break; } if ($elemUpper == "AS") { $this->skipNextElement(); $tableAliases[$tableIndex] = $this->parseNextElement(); continue; } if ($elemUpper == "LEFT") { if (!isset($joins[$joinIndex])) { $joins[$joinIndex] = new Join(); } $joins[$joinIndex]->type = JOIN_LEFT; $this->skipNextElement(); continue; } if ($elemUpper == "RIGHT") { if (!isset($joins[$joinIndex])) { $joins[$joinIndex] = new Join(); } $joins[$joinIndex]->type = JOIN_RIGHT; $this->skipNextElement(); continue; } if ($elemUpper == "INNER") { if (!isset($joins[$joinIndex])) { $joins[$joinIndex] = new Join(); } $joins[$joinIndex]->type = JOIN_INNER; $this->skipNextElement(); continue; } if ($elemUpper == "JOIN") { if (!isset($joins[$joinIndex])) { $joins[$joinIndex] = new Join(); } $joins[$joinIndex]->leftTableIndex = $tableIndex; $this->skipNextElement(); $tables[++$tableIndex] = $this->parseNextElement(); $tableAliases[$tableIndex] = ""; $joins[$joinIndex]->rightTableIndex = $tableIndex; continue; } if ($elemUpper == "OUTER") { $this->skipNextElement(); // ignore continue; } if ($elemUpper == ",") { ++$tableIndex; $this->skipNextElement(); continue; } if ($elemUpper == "ON") { $exprElements = array(); $this->skipNextElement(); $this->parseNextElements("", array(",", "GROUP", "WHERE", "ORDER", "LIMIT", ";", "LEFT", "RIGHT", "INNER", "OUTER", "JOIN"), $exprElements); foreach ($exprElements as $exprElem) { // no spaces on .'s if ($exprElem == ".") { remove_last_char($joins[$joinIndex]->expr); $joins[$joinIndex]->expr .= $exprElem; } else { $joins[$joinIndex]->expr .= $exprElem . " "; } } $joinIndex++; continue; } // if table is allready set its an alias without AS, else its the table name if (isset($tables[$tableIndex])) { $tableAliases[$tableIndex] = $elem; $this->skipNextElement(); } else { $tables[$tableIndex] = $elem; $tableAliases[$tableIndex] = ""; $this->skipNextElement(); } } // parse Where statement (Raw, because the escape-chars are needend in the ExpressionParser) if (strtoupper($this->peekNextElement()) == "WHERE") { $this->skipNextElement(); while (!is_empty_str($elem = $this->peekNextElementRaw())) { if (strtoupper($elem) == "GROUP" || strtoupper($elem) == "ORDER" || $elem == ";" || strtoupper($elem) == "LIMIT") { break; } $this->skipNextElement(); // no " " on points if ($elem == ".") { remove_last_char($where_expr); $where_expr .= $elem; } else { $where_expr .= $elem . " "; } } } debug_print("WHERE EXPR: {$where_expr}<br>"); // parse GROUP BY $groupColumnIndex = 0; if (strtoupper($this->peekNextElement()) == "GROUP") { $this->skipNextElement(); if (strtoupper($this->parseNextElement()) != "BY") { print_error_msg("BY expected"); return null; } while (!is_empty_str($elem = $this->peekNextElement())) { if ($elem == ";" || strtoupper($elem) == "LIMIT" || strtoupper($elem) == "ORDER") { break; } $this->skipNextElement(); if ($elem == ",") { $groupColumnIndex++; } else { if (!isset($groupColumns[$groupColumnIndex])) { $groupColumns[$groupColumnIndex] = $elem; } else { $groupColumns[$groupColumnIndex] .= $elem; } } } } // parse ORDER BY $orderColumnIndex = 0; if (strtoupper($this->peekNextElement()) == "ORDER") { $this->skipNextElement(); if (strtoupper($this->parseNextElement()) != "BY") { print_error_msg("BY expected"); return null; } while (!is_empty_str($elem = $this->peekNextElement())) { if ($elem == ";" || strtoupper($elem) == "LIMIT") { break; } $this->skipNextElement(); if ($elem == ",") { $orderColumnIndex++; } else { if (strtoupper($elem) == "ASC") { $orderTypes[$orderColumnIndex] = ORDER_ASC; } else { if (strtoupper($elem) == "DESC") { $orderTypes[$orderColumnIndex] = ORDER_DESC; } else { if (!isset($orderColumns[$orderColumnIndex])) { $orderColumns[$orderColumnIndex] = $elem; } else { $orderColumns[$orderColumnIndex] .= $elem; } $orderTypes[$orderColumnIndex] = ORDER_ASC; } } } } } // parse LIMIT $limit = array(); if (strtoupper($this->peekNextElement()) == "LIMIT") { $this->skipNextElement(); while (!is_empty_str($elem = $this->peekNextElement())) { if ($elem == ";") { break; } $this->skipNextElement(); if ($elem != ",") { $limit[] = $elem; } } } $sqlObj = new SqlQuery("SELECT", $colNames, $tables, $colAliases, $colTables, $where_expr, $groupColumns, $orderColumns, $orderTypes, $limit); $sqlObj->tableAliases = $tableAliases; $sqlObj->colFuncs = $colFuncs; $sqlObj->distinct = $distinct; $sqlObj->joins = $joins; return $sqlObj; }