/**
* The method to generate a plugin-style report XLS from an already
* prepared statistics page OA_Admin_Statistics_Common object.
*/
function export()
{
// Prepare the report name
// Get system navigation
$oMenu = OA_Admin_Menu::singleton();
// Get section by pageId
$oCurrentSection = $oMenu->get($this->oStatsController->pageId);
if ($oCurrentSection == null) {
phpAds_Die($GLOBALS['strErrorOccurred'], 'Menu system error: <strong>' . OA_Permission::getAccountType(true) . '::' . htmlspecialchars($ID) . '</strong> not found for the current user');
}
// Get name
$reportName = $oCurrentSection->getName();
$this->_name = $reportName;
// Prepare the output writer for generation
$reportFileName = 'Exported Statistics - ' . $reportName;
if (!empty($this->oStatsController->aDates['day_begin'])) {
$oStartDate = new Date($this->oStatsController->aDates['day_begin']);
$reportFileName .= ' from ' . $oStartDate->format($GLOBALS['date_format']);
}
if (!empty($this->oStatsController->aDates['day_end'])) {
$oEndDate = new Date($this->oStatsController->aDates['day_end']);
$reportFileName .= ' to ' . $oEndDate->format($GLOBALS['date_format']);
}
$reportFileName .= '.xls';
$this->_oReportWriter->openWithFilename($reportFileName);
// Get the header and data arrays from the same statistics controllers
// that prepare stats for the user interface stats pages
list($aHeaders, $aData) = $this->getHeadersAndDataFromStatsController(null, $this->oStatsController);
// Add the worksheet
$name = ucfirst($this->oStatsController->entity) . ' ' . ucfirst($this->oStatsController->breakdown);
$this->createSubReport($reportName, $aHeaders, $aData);
// Close the report writer and send the report to the user
$this->_oReportWriter->closeAndSend();
}
function phpAds_checkAccess($allowed)
{
global $Session;
global $strNotAdmin, $strAccessDenied;
if (!($allowed & $Session['usertype'])) {
// No permission to access this page!
phpAds_PageHeader(0);
phpAds_Die($strAccessDenied, $strNotAdmin);
}
}
/**
* A method to parse the day paramer, check it's validity, and store it
* in the provided $aDates array.
*
* @param array $aDates A references to an array that will be set to
* contain the valid day as the "day_begin" and
* "day_end" values.
*/
function parseDay(&$aDates)
{
$day = MAX_getValue('day', '');
if (!preg_match('/^(\\d\\d\\d\\d)(\\d\\d)(\\d\\d)$/D', $day, $matches)) {
phpAds_PageHeader('2');
phpAds_Die($GLOBALS['strAccessDenied'], $GLOBALS['strNotAdmin']);
}
if (!checkdate($matches[2], $matches[3], $matches[1])) {
phpAds_PageHeader('2');
phpAds_Die($GLOBALS['strAccessDenied'], $GLOBALS['strNotAdmin']);
}
$aDates = array();
$aDates['day_begin'] = "{$matches[1]}-{$matches[2]}-{$matches[3]}";
$aDates['day_end'] = "{$matches[1]}-{$matches[2]}-{$matches[3]}";
}
/**
* A static method to display a login screen
*
* @static
*
* @param string $sMessage
* @param string $sessionID
* @param bool $inlineLogin
*/
function displayLogin($sMessage = '', $sessionID = 0, $inLineLogin = false)
{
global $strUsername, $strPassword, $strLogin, $strWelcomeTo, $strEnterUsername, $strNoAdminInteface, $strForgotPassword;
$aConf = $GLOBALS['_MAX']['CONF'];
$aPref = $GLOBALS['_MAX']['PREF'];
header('Cache-Control: max-age=0, no-cache, proxy-revalidate, must-revalidate');
if (!$inLineLogin) {
phpAds_PageHeader(phpAds_Login);
}
// Check environment settings
$oSystemMgr = new OA_Environment_Manager();
$aSysInfo = $oSystemMgr->checkSystem();
foreach ($aSysInfo as $env => $vals) {
$errDetails = '';
if (is_array($vals['error'])) {
$errDetails = '<ul>';
if ($env == 'PERMS') {
foreach ($vals['actual'] as $key => $val) {
if ($val['error']) {
$errDetails .= '<li>' . htmlspecialchars($val['file']) . ' ' . htmlspecialchars($val['result']) . '</li>';
}
}
} else {
foreach ($vals['actual'] as $key => $val) {
$errDetails .= '<li>' . htmlspecialchars($key) . ' => ' . htmlspecialchars($val) . '</li>';
}
}
$errDetails .= '</ul>';
foreach ($vals['error'] as $key => $err) {
phpAds_Die(' Error: ' . $err, $errDetails);
}
}
}
$oTpl = new OA_Admin_Template('login.html');
// we build the URL of the current page to use a redirect URL after login
// this code should work on all server configurations hence why it is a bit complicated
// inspired by http://dev.piwik.org/svn/trunk/core/Url.php getCurrentUrl()
$url = '';
if (!empty($_SERVER['PATH_INFO'])) {
$url = $_SERVER['PATH_INFO'];
} else {
if (!empty($_SERVER['REQUEST_URI'])) {
if (($pos = strpos($_SERVER['REQUEST_URI'], "?")) !== false) {
$url = substr($_SERVER['REQUEST_URI'], 0, $pos);
} else {
$url = $_SERVER['REQUEST_URI'];
}
}
}
if (empty($url)) {
$url = $_SERVER['SCRIPT_NAME'];
}
if (!empty($_SERVER['QUERY_STRING'])) {
$url .= '?' . $_SERVER['QUERY_STRING'];
}
if (!empty($url)) {
// remove any extra slashes that would confuse the browser (see OX-5234)
$url = '/' . ltrim($url, '/');
}
$appName = !empty($aConf['ui']['applicationName']) ? $aConf['ui']['applicationName'] : MAX_PRODUCT_NAME;
$oTpl->assign('uiEnabled', $aConf['ui']['enabled']);
$oTpl->assign('formAction', $url);
$oTpl->assign('sessionID', $sessionID);
$oTpl->assign('appName', $appName);
$oTpl->assign('message', $sMessage);
$oTpl->display();
phpAds_PageFooter();
exit;
}
function phpAds_HandleUploadFile(&$uploaded)
{
if (function_exists("is_uploaded_file")) {
$upload_valid = @is_uploaded_file($uploaded['tmp_name']);
} else {
if (!($tmp_file = get_cfg_var('upload_tmp_dir'))) {
$tmp_file = tempnam('', '');
@unlink($tmp_file);
$tmp_file = dirname($tmp_file);
}
$tmp_file .= '/' . basename($uploaded['tmp_name']);
$tmp_file = str_replace('\\', '/', $tmp_file);
$tmp_file = ereg_replace('/+', '/', $tmp_file);
$up_file = str_replace('\\', '/', $uploaded['tmp_name']);
$up_file = ereg_replace('/+', '/', $up_file);
$upload_valid = $tmp_file == $up_file;
}
if (!$upload_valid) {
// Don't use file in case of exploit
phpAds_PageHeader("1");
phpAds_Die('Error', $strErrorUploadSecurity);
} else {
if (@file_exists($uploaded['tmp_name'])) {
$upload_error = false;
// Read the contents of the file in a buffer
if ($fp = @fopen($uploaded['tmp_name'], "rb")) {
$uploaded['buffer'] = @fread($fp, @filesize($uploaded['tmp_name']));
@fclose($fp);
} else {
// Check if moving the file is possible
if (function_exists("move_uploaded_file")) {
$tmp_dir = phpAds_path . '/misc/tmp/' . basename($uploaded['tmp_name']);
// Try to move the file
if (@move_uploaded_file($uploaded['tmp_name'], $tmp_dir)) {
$uploaded['tmp_name'] = $tmp_dir;
// Try again if the file is readable
if ($fp = @fopen($uploaded['tmp_name'], "rb")) {
$uploaded['buffer'] = @fread($fp, @filesize($uploaded['tmp_name']));
@fclose($fp);
} else {
$upload_error = true;
}
} else {
$upload_error = true;
}
} else {
$upload_error = true;
}
}
if ($upload_error) {
phpAds_PageHeader("1");
phpAds_Die('Error', $strErrorUploadBasedir);
}
// Determine width and height
$size = @getimagesize($uploaded['tmp_name']);
$uploaded['width'] = $size[0];
$uploaded['height'] = $size[1];
} else {
phpAds_PageHeader("1");
phpAds_Die('Error', $strErrorUploadUnknown);
}
}
// Remove temporary file
if (@file_exists($uploaded['tmp_name'])) {
@unlink($uploaded['tmp_name']);
}
}
// Post configmanager, but not installed -> install
header('Location: install.php');
exit;
}
// Include required files
include "../libraries/lib-io.inc.php";
include "../libraries/lib-db.inc.php";
include "../libraries/lib-dbconfig.inc.php";
include "lib-gui.inc.php";
include "lib-permissions.inc.php";
include "../libraries/lib-userlog.inc.php";
// Open the database connection
$link = phpAds_dbConnect();
if (!$link) {
// This text isn't translated, because if it is shown the language files are not yet loaded
phpAds_Die("A fatal error occurred", $phpAds_productname . " can't connect to the database.\n\t\t\t\tBecause of this it isn't possible to use the administrator interface. The delivery\n\t\t\t\tof banners might also be affected. Possible reasons for the problem are:\n\t\t\t\t<ul><li>The database server isn't functioning at the moment</li>\n\t\t\t\t<li>The location of the database server has changed</li>\n\t\t\t\t<li>The username or password used to contact the database server are not correct</li>\n\t\t\t\t</ul>");
}
// Load settings from the database
phpAds_LoadDbConfig();
if (!isset($phpAds_config['config_version']) || $phpAds_version > $phpAds_config['config_version']) {
// Post configmanager, but not up to date -> update
header("Location: upgrade.php");
exit;
}
// Check for SLL requirements
if ($phpAds_config['ui_forcessl'] && $_SERVER['SERVER_PORT'] != 443) {
header('Location: https://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF']);
exit;
}
// Adjust url_prefix if SLL is used
if ($_SERVER['SERVER_PORT'] == 443) {
$_REQUEST['listorder'] = $listorder;
$_REQUEST['orderdirection'] = $orderdirection;
// If displaying conversion statistics, hand over control to a different file
if ($entity == 'conversions') {
include_once MAX_PATH . '/www/admin/stats-conversions.php';
exit;
}
// Prepare the parameters for display or export to XLS
$aParams = null;
if (isset($plugin) && $plugin != '') {
$aParams = array('skipFormatting' => true, 'disablePager' => true);
}
// Prepare the stats controller, and populate with the stats
$oStatsController =& OA_Admin_Statistics_Factory::getController($entity . "-" . $breakdown, $aParams);
if (PEAR::isError($oStatsController)) {
phpAds_Die('Error occured', htmlspecialchars($oStatsController->getMessage()));
}
$oStatsController->start();
// Export to XLS...
if (isset($plugin) && $plugin != '') {
require_once MAX_PATH . '/lib/OA/Admin/Reports/Export.php';
$oModule = new OA_Admin_Reports_Export($oStatsController);
$oModule->export();
}
// ... otherwise, output in HTML
$oStatsController->output();
// Erase stats graph file
if (isset($GraphFile) && $GraphFile != '') {
$dirObject = dir($conf['store']['webDir'] . '/temp');
while (false !== ($entry = $dirObject->read())) {
if (filemtime($conf['store']['webDir'] . '/temp/' . $entry) + 60 < time()) {
/**
* Function check if advertiser or placement exists
* if not: display proper error message
* Error message contains link to:
* - advertiser summary statistics if campaign does not exists
* - stats.php if advertiser does not exists
*
* @param int $advertiserId Advertiser Id
* @param int $placementId Placement Id (Campaign Id)
*/
function _checkObjectsExist($advertiserId, $placementId)
{
// Check if placement (campaign) exist
if (0 == count(Admin_DA::getPlacements($this->coreParams + array('advertiser_id' => $advertiserId, 'placement_id' => $placementId)))) {
phpAds_PageHeader('2');
// Check if advertiser (clientid) exist
if (0 == count(Admin_DA::getPlacements($this->coreParams + array('advertiser_id' => $advertiserId)))) {
phpAds_Die($GLOBALS['strDeadLink'], str_replace('{link}', 'stats.php', $GLOBALS['strNoAdvertiser']));
} else {
$link = "stats.php?" . htmlspecialchars(preg_replace('#campaignid=[0-9]*&?#', '', $_SERVER['QUERY_STRING']), ENT_QUOTES);
phpAds_Die($GLOBALS['strDeadLink'], str_replace('{link}', $link, $GLOBALS['strNoPlacement']));
}
}
}
/**
* A static method to display a login screen
*
* @static
*
* @param string $sMessage
* @param string $sessionID
* @param bool $inlineLogin
*/
function displayLogin($sMessage = '', $sessionID = 0, $inLineLogin = false)
{
global $strUsername, $strPassword, $strLogin, $strWelcomeTo, $strEnterUsername, $strNoAdminInteface, $strForgotPassword;
$aConf = $GLOBALS['_MAX']['CONF'];
$aPref = $GLOBALS['_MAX']['PREF'];
@header('Cache-Control: max-age=0, no-cache, proxy-revalidate, must-revalidate');
if (!$inLineLogin) {
phpAds_PageHeader(phpAds_Login);
}
// Check environment settings
$oSystemMgr = new OA_Environment_Manager();
$aSysInfo = $oSystemMgr->checkSystem();
foreach ($aSysInfo as $env => $vals) {
$errDetails = '';
if (is_array($vals['error']) && !empty($vals['error'])) {
if ($env == 'PERMS') {
// Just note that some file/folders are unwritable and that more information can be found in the debug.log
OA_Admin_UI::queueMessage('Error: File permission errors detected.<br />These <em>may</em> impact the accurate delivery of your ads,<br />See the debug.log file for the list of unwritable files', 'global', 'error', 0);
} else {
foreach ($vals['error'] as $key => $val) {
$errDetails .= '<li>' . htmlspecialchars($key) . ' => ' . htmlspecialchars($val) . '</li>';
}
phpAds_Die(' Error: ' . $err, $errDetails);
}
}
}
$oTpl = new OA_Admin_Template('login.html');
$appName = !empty($aConf['ui']['applicationName']) ? $aConf['ui']['applicationName'] : PRODUCT_NAME;
$oTpl->assign('uiEnabled', $aConf['ui']['enabled']);
$oTpl->assign('sessionID', $sessionID);
$oTpl->assign('appName', $appName);
$oTpl->assign('message', $sMessage);
$oTpl->display();
phpAds_PageFooter();
exit;
}
function phpAds_sqlDie()
{
global $phpAds_dbmsname, $phpAds_version_readable, $phpAds_version, $phpAds_productname;
global $phpAds_last_query;
$error = phpAds_dbError();
$corrupt = false;
if ($phpAds_dbmsname == 'MySQL') {
$errornumber = phpAds_dbErrorNo();
if ($errornumber == 1027 || $errornumber == 1039) {
$corrupt = true;
}
if ($errornumber == 1016 || $errornumber == 1030) {
// Probably corrupted table, do additional check
eregi("[0-9]+", $error, $matches);
if ($matches[0] == 126 || $matches[0] == 127 || $matches[0] == 132 || $matches[0] == 134 || $matches[0] == 135 || $matches[0] == 136 || $matches[0] == 141 || $matches[0] == 144 || $matches[0] == 145) {
$corrupt = true;
}
}
}
if ($corrupt) {
$title = $GLOBALS['strErrorDBSerious'];
$message = $GLOBALS['strErrorDBNoDataSerious'];
if (phpAds_isLoggedIn() && phpAds_isUser(phpAds_Admin)) {
$message .= " (" . $error . ").<br><br>" . $GLOBALS['strErrorDBCorrupt'];
} else {
$message .= ".<br>" . $GLOBALS['strErrorDBContact'];
}
} else {
$title = $GLOBALS['strErrorDBPlain'];
$message = $GLOBALS['strErrorDBNoDataPlain'];
if (phpAds_isLoggedIn() && phpAds_isUser(phpAds_Admin)) {
$message .= $GLOBALS['strErrorDBSubmitBug'];
$last_query = $phpAds_last_query;
$message .= "<br><br><table cellpadding='0' cellspacing='0' border='0'>";
$message .= "<tr><td valign='top' nowrap><b>Version:</b> </td><td>" . $phpAds_productname . " " . $phpAds_version_readable . " (" . $phpAds_version . ")</td></tr>";
$message .= "<tr><td> </td><td>PHP " . phpversion() . " / " . $phpAds_dbmsname . " " . phpAds_dbResult(phpAds_dbQuery('SELECT VERSION()'), 0, 0) . "</td></tr>";
$message .= "<tr><td valign='top' nowrap><b>Page:</b></td><td>" . $_SERVER['PHP_SELF'] . "</td></tr>";
$message .= "<tr><td valign='top' nowrap><b>Error:</b></td><td>" . $error . "</td></tr>";
$message .= "<tr><td valign='top' nowrap><b>Query:</b></td><td>" . $last_query . "</td></tr>";
$message .= "</table>";
}
}
phpAds_Die($title, $message);
}
Language_Loader::load('default');
$oDbh = OA_DB::singleton();
if (PEAR::isError($oDbh)) {
// Check if UI is enabled
if (!$GLOBALS['_MAX']['CONF']['ui']['enabled']) {
phpAds_PageHeader(OA_Auth::login($checkRedirectFunc));
phpAds_ShowBreak();
echo "<br /><img src='" . OX::assetPath() . "/images/info.gif' align='absmiddle'> ";
echo $strNoAdminInterface;
phpAds_PageFooter();
exit;
}
$translation = new OX_Translation();
$translation->htmlSpecialChars = true;
$translated_message = $translation->translate($GLOBALS['strErrorCantConnectToDatabase'], array(PRODUCT_NAME));
phpAds_Die($GLOBALS['strErrorDatabaseConnetion'], $translated_message);
}
// First thing to do is clear the $session variable to
// prevent users from pretending to be logged in.
unset($session);
// Authorize the user
OA_Start();
// Load the account's preferences
OA_Preferences::loadPreferences();
$pref = $GLOBALS['_MAX']['PREF'];
// Set time zone to local
OA_setTimeZoneLocal();
// Load the required language files
Language_Loader::load('default');
// Register variables
phpAds_registerGlobalUnslashed('affiliateid', 'agencyid', 'bannerid', 'campaignid', 'channelid', 'clientid', 'day', 'trackerid', 'userlogid', 'zoneid');
/**
* A private method that can be inherited and used by children classes
* to check if the user has the required access level to view the
* statistics page. If not, the method will display the error message
* to the user, and terminate execution of the program.
*
* @access private
* @param array $aParams An array, indexed by types, of the entity IDs
* the statistics page is using, that the user
* must have access to. For example:
* array(
* 'advertiser' => 5,
* 'placement' => 12
* )
*/
function _checkAccess($aParams)
{
$access = false;
if (count($aParams) == 1) {
if (array_key_exists('advertiser', $aParams)) {
$access = MAX_checkAdvertiser($aParams['advertiser'], $aParams + $this->coreParams);
} else {
if (array_key_exists('publisher', $aParams)) {
$access = MAX_checkPublisher($aParams['publisher']);
}
}
} else {
if (count($aParams) == 2) {
if (array_key_exists('advertiser', $aParams) && array_key_exists('placement', $aParams)) {
$access = MAX_checkPlacement($aParams['advertiser'], $aParams['placement'], $aParams + $this->coreParams);
} else {
if (array_key_exists('publisher', $aParams) && array_key_exists('zone', $aParams)) {
$access = MAX_checkZone($aParams['publisher'], $aParams['zone']);
}
}
} else {
if (count($aParams) == 3) {
if (array_key_exists('advertiser', $aParams) && array_key_exists('placement', $aParams) && array_key_exists('ad', $aParams)) {
$access = MAX_checkAd($aParams['advertiser'], $aParams['placement'], $aParams['ad']);
}
}
}
}
if (!$access) {
// Before blatting out an error, has the access failure come about from
// a manually generated account switch process?
if (OA_Permission::isManualAccountSwitch()) {
// Yup! Re-direct to the main stats page
OX_Admin_Redirect::redirect('stats.php', true);
}
// Not a manual account switch, just deny access for now...
if (OA_Permission::isAccount(OA_ACCOUNT_ADMIN) || OA_Permission::isAccount(OA_ACCOUNT_MANAGER)) {
phpAds_PageHeader('2');
}
if (OA_Permission::isAccount(OA_ACCOUNT_ADVERTISER) || OA_Permission::isAccount(OA_ACCOUNT_TRAFFICKER)) {
phpAds_PageHeader('1');
}
phpAds_Die($GLOBALS['strAccessDenied'], $GLOBALS['strNotAdmin']);
}
}
function phpAds_sqlDie()
{
global $phpAds_last_query;
$corrupt = false;
$aConf = $GLOBALS['_MAX']['CONF'];
if (strcasecmp($aConf['database']['type'], 'mysql') === 0) {
$error = mysql_error();
$errornumber = mysql_errno();
if ($errornumber == 1027 || $errornumber == 1039) {
$corrupt = true;
}
if ($errornumber == 1016 || $errornumber == 1030) {
// Probably corrupted table, do additional check
preg_match("/[0-9]+/Di", $error, $matches);
if ($matches[0] == 126 || $matches[0] == 127 || $matches[0] == 132 || $matches[0] == 134 || $matches[0] == 135 || $matches[0] == 136 || $matches[0] == 141 || $matches[0] == 144 || $matches[0] == 145) {
$corrupt = true;
}
}
$dbmsName = 'MySQL';
} elseif (strcasecmp($aConf['database']['type'], 'pgsql') === 0) {
$error = pg_errormessage();
$dbmsName = 'PostgreSQL';
} else {
$error = '';
$dbmsName = 'Unknown';
}
if ($corrupt) {
$title = $GLOBALS['strErrorDBSerious'];
$message = sprintf($GLOBALS['strErrorDBNoDataSerious'], PRODUCT_NAME);
if (OA_Auth::isLoggedIn() && OA_Permission::isAccount(OA_ACCOUNT_ADMIN)) {
$message .= " (" . $error . ").<br><br>" . $GLOBALS['strErrorDBCorrupt'];
} else {
$message .= ".<br>" . $GLOBALS['strErrorDBContact'];
}
} else {
$title = $GLOBALS['strErrorDBPlain'];
$message = sprintf($GLOBALS['strErrorDBNoDataPlain'], PRODUCT_NAME);
if (OA_Auth::isLoggedIn() && (OA_Permission::isAccount(OA_ACCOUNT_ADMIN) || OA_Permission::isAccount(OA_ACCOUNT_MANAGER)) || defined('phpAds_installing')) {
// Get the DB server version
$connection = DBC::getCurrentConnection();
$connectionId = $connection->getConnectionId();
$aVersion = $connectionId->getServerVersion();
$dbVersion = $aVersion['major'] . '.' . $aVersion['minor'] . '.' . $aVersion['patch'] . '-' . $aVersion['extra'];
$message .= sprintf($GLOBALS['strErrorDBSubmitBug'], PRODUCT_NAME);
$last_query = $phpAds_last_query;
$message .= "<br><br><table cellpadding='0' cellspacing='0' border='0'>";
$message .= "<tr><td valign='top' nowrap><b>Version:</b> </td><td>" . htmlspecialchars(PRODUCT_NAME) . " v" . htmlspecialchars(VERSION) . "</td></tr>";
$message .= "<tr><td valien='top' nowrap><b>PHP/DB:</b></td><td>PHP " . phpversion() . " / " . $dbmsName . " " . $dbVersion . "</td></tr>";
$message .= "<tr><td valign='top' nowrap><b>Page:</b></td><td>" . htmlspecialchars($_SERVER['PHP_SELF']) . "</td></tr>";
$message .= "<tr><td valign='top' nowrap><b>Error:</b></td><td>" . htmlspecialchars($error) . "</td></tr>";
$message .= "<tr><td valign='top' nowrap><b>Query:</b></td><td><pre>" . htmlspecialchars($last_query) . "</pre></td></tr>";
$message .= "<tr><td valign='top' nowrap><b>\$_POST:</b></td><td><pre>" . (empty($_POST) ? 'Empty' : htmlspecialchars(print_r($_POST, true))) . "</pre></td></tr>";
$message .= "<tr><td valign='top' nowrap><b>\$_GET:</b></td><td><pre>" . (empty($_GET) ? 'Empty' : htmlspecialchars(print_r($_GET, true))) . "</pre></td></tr>";
$message .= "</table>";
}
}
phpAds_Die($title, $message);
}
function checkForErrorFileUploaded($oFile)
{
if (PEAR::isError($oFile)) {
phpAds_PageHeader(1);
phpAds_Die($GLOBALS['strErrorOccurred'], htmlspecialchars($oFile->getMessage()) . "<br>Please make sure you selected a valid file.");
}
}
if (!isset($entity)) {
$entity = 'global';
}
if (!isset($breakdown)) {
$breakdown = 'advertiser';
}
// Add all manipulated values to globals
$_REQUEST['zoneid'] = $zoneid;
$_REQUEST['affiliateid'] = $affiliateid;
$_REQUEST['bannerid'] = $bannerid;
$_REQUEST['campaignid'] = $campaignid;
$_REQUEST['clientid'] = $clientid;
// Overwirte file name to load right session data, see MAX_getStoredValue
$pgName = 'stats.php';
$oStats =& OA_Admin_Statistics_Factory::getController($entity . "-" . $breakdown);
if (PEAR::isError($oStats)) {
phpAds_Die('Error occurred', htmlspecialchars($oStats->getMessage()));
}
$oStats->noFormat = true;
$oStats->start();
// Output html code
$oStats->output(true);
// Erase stats graph file
if (isset($GraphFile) && $GraphFile != '') {
$dirObject = dir($conf['store']['webDir'] . '/temp');
while (false !== ($entry = $dirObject->read())) {
if (filemtime($conf['store']['webDir'] . '/temp/' . $entry) + 60 < time()) {
unlink($conf['store']['webDir'] . '/temp/' . $entry);
}
}
}
// Check if the Flash banner includes hard coded urls
if ($checkswf == 't' && $final['pluginversion'] >= 3 && phpAds_SWFInfo($uploaded['buffer'])) {
$edit_swf = true;
}
} else {
$final['pluginversion'] = 0;
}
// Add slashes to the file for storage
$final['filename'] = phpAds_ImageStore($storagetype, $final['filename'], $uploaded['buffer']);
$final['imageurl'] = $phpAds_config['type_web_url'] . '/' . $final['filename'];
if ($final['filename'] == false) {
phpAds_PageHeader("1");
if ($phpAds_config['type_web_mode'] == 0) {
phpAds_Die('Error', $strErrorStoreLocal);
} else {
phpAds_Die('Error', $strErrorStoreFTP);
}
}
// Cleanup existing image, if it exists
if (isset($current['filename']) && $current['filename'] != '' && $current['filename'] != $final['filename']) {
phpAds_ImageDelete($current['storagetype'], $current['filename']);
}
} else {
$final['contenttype'] = $current['contenttype'];
$final['pluginversion'] = $current['pluginversion'];
$final['filename'] = $current['filename'];
$final['imageurl'] = $current['imageurl'];
$final['width'] = $width;
$final['height'] = $height;
}
if (!isset($bannerid) || $bannerid == '0' || $bannerid == '') {
@(include phpAds_path . '/language/' . $phpAds_config['language'] . '/settings.lang.php');
}
// Include other required files
require "lib-settings.inc.php";
// If an old config.inc.php is present, upgrade!
if (!defined('phpAds_installed')) {
header("Location: upgrade.php");
exit;
}
/*********************************************************/
/* Begin of code */
/*********************************************************/
// Check if already installed
if (phpAds_installed) {
phpAds_PageHeader('');
phpAds_Die($strFatalError, $strAlreadyInstalled);
}
// First thing to do is clear the $Session variable to
// prevent users from pretending to be logged in.
unset($Session);
// Authorize the user
phpAds_Start();
// Setup navigation
$phpAds_nav = array("admin" => array("1" => array("install.php" => $strInstall)));
// Security check
phpAds_checkAccess(phpAds_Admin);
if (phpAds_isUser(phpAds_Admin)) {
if (!isset($phase)) {
$phase = 0;
}
$errormessage = array();
$phpAds_nav = array("admin" => array("1" => array("javascript:;" => $strUpgrade)), "client" => array("1" => array("javascript:;" => $strUpgrade)), "affiliate" => array("1" => array("javascript:;" => $strUpgrade)));
// Security check
// Let client in only to tell him that the system is temporary
// unavailable if an upgrade is needed, otherwise redirect to the home page.
phpAds_checkAccess(phpAds_Admin + phpAds_Client + phpAds_Affiliate);
// Check for the need to upgrade
$upgrade = !isset($phpAds_config['config_version']) || $phpAds_version > $phpAds_config['config_version'];
/*********************************************************/
/* Main code */
/*********************************************************/
if (phpAds_isUser(phpAds_Client) || phpAds_isUser(phpAds_Affiliate)) {
if (!$upgrade) {
header("Location: index.php");
} else {
phpAds_PageHeader("1");
phpAds_Die($strAccessDenied, "<br>{$strServiceUnavalable}<br> ");
}
}
if (phpAds_isUser(phpAds_Admin)) {
// Start with step 1
if (!isset($step)) {
$step = 1;
}
// Adjust step based on feedback after error
if ($step == 3 && isset($retry)) {
$step = 2;
}
if ($step == 3 && isset($ignore)) {
$step = 4;
}
// Check privileges and writability of config file
echo "<td><br />" . $maint_update[1]['description'] . "<br /><br />";
echo "</td>";
echo "<td width='32'> </td>";
echo "</tr>";
if ($maint_update[1]['url_zip'] != '' || $maint_update[1]['url_tgz'] != '') {
echo "<tr height='1'><td colspan='2' bgcolor='#F6F6F6'><img src='" . OX::assetPath() . "/images/spacer.gif' height='1' width='100%'>";
echo "<td colspan='2' bgcolor='#888888'><img src='" . OX::assetPath() . "/images/break-el.gif' height='1' width='100%'></td></tr>";
echo "<tr height='25' bgcolor='#F6F6F6'><td height='25' colspan='2'> </td><td>";
if ($maint_update[1]['url_zip'] != '') {
echo "<img src='" . OX::assetPath() . "/images/icon-filetype-zip.gif' align='absmiddle'> ";
echo "<a href='" . $maint_update[1]['url_zip'] . "'>" . $strDownloadZip . "</a>";
if ($maint_update[1]['url_tgz'] != '') {
echo " ";
}
}
if ($maint_update[1]['url_tgz'] != '') {
echo "<img src='" . OX::assetPath() . "/images/icon-filetype-zip.gif' align='absmiddle'> ";
echo "<a href='" . $maint_update[1]['url_tgz'] . "'>" . $strDownloadGZip . "</a>";
}
echo "</td><td> </td></tr>";
}
echo "<tr height='1'><td colspan='4' bgcolor='#888888'><img src='" . OX::assetPath() . "/images/break.gif' height='1' width='100%'></td></tr>";
echo "</table>";
} else {
phpAds_Die($strErrorOccurred, $strUpdateServerDown);
}
}
/*-------------------------------------------------------*/
/* HTML framework */
/*-------------------------------------------------------*/
phpAds_PageFooter();
/**
* Show page header
*
* @param int $ID
* @param OA_Admin_UI_Model_PageHeaderModel $headerModel
* @param int $imgPath deprecated
* @param bool $showSidebar Set to false if you do not wish to show the sidebar navigation
* @param bool $showContentFrame Set to false if you do not wish to show the content frame
* @param bool $showMainNavigation Set to false if you do not wish to show the main navigation
*/
function showHeader($ID = null, $oHeaderModel = null, $imgPath = "", $showSidebar = true, $showContentFrame = true, $showMainNavigation = true)
{
global $conf, $phpAds_CharSet, $phpAds_breadcrumbs_extra;
$conf = $GLOBALS['_MAX']['CONF'];
$ID = $this->getId($ID);
$this->setCurrentId($ID);
if (!defined('phpAds_installing')) {
OX_Admin_UI_Hooks::beforePageHeader($ID, $this->getLinkParams(), $oHeaderModel);
}
$pageTitle = !empty($conf['ui']['applicationName']) ? $conf['ui']['applicationName'] : MAX_PRODUCT_NAME;
$aMainNav = array();
$aLeftMenuNav = array();
$aLeftMenuSubNav = array();
$aSectionNav = array();
if ($ID !== phpAds_Login && $ID !== phpAds_Error && $ID !== phpAds_PasswordRecovery) {
//get system navigation
$oMenu = OA_Admin_Menu::singleton();
//update page title
$oCurrentSection = $oMenu->get($ID);
$this->redirectSectionToCorrectUrlIfOldUrlDetected($oCurrentSection);
if ($oCurrentSection == null) {
phpAds_Die($GLOBALS['strErrorOccurred'], 'Menu system error: <strong>' . OA_Permission::getAccountType(true) . '::' . htmlspecialchars($ID) . '</strong> not found for the current user: you might not have sufficient permission to view this page. <br/>If the problem persists, you can also try to delete the files inside your /path/to/openx/var/cache/ directory.');
}
if ($oHeaderModel == null) {
//build default model with title and name taken from nav entry
$oHeaderModel = new OA_Admin_UI_Model_PageHeaderModel($oCurrentSection->getName());
}
if ($oHeaderModel->getTitle()) {
$pageTitle .= ' - ' . $oHeaderModel->getTitle();
} else {
$pageTitle .= ' - ' . $oCurrentSection->getName();
}
// compile navigation arrays
$this->_compileMainNavigationTabBar($oCurrentSection, $oMenu, $aMainNav);
$this->_compileLeftMenuNavigation($oCurrentSection, $oMenu, $aLeftMenuNav);
$this->_compileLeftSubMenuNavigation($oCurrentSection, $oMenu, $aLeftMenuSubNav);
$this->_compileSectionTabBar($oCurrentSection, $oMenu, $aSectionNav);
} else {
// Build tabbed navigation bar
if ($ID == phpAds_Login) {
$aMainNav[] = array('title' => $GLOBALS['strAuthentification'], 'filename' => 'index.php', 'selected' => true);
} elseif ($ID == phpAds_Error) {
$aMainNav[] = array('title' => $GLOBALS['strErrorOccurred'], 'filename' => 'index.php', 'selected' => true);
} elseif ($ID == phpAds_PasswordRecovery) {
$aMainNav[] = array('title' => $GLOBALS['strPasswordRecovery'], 'filename' => 'index.php', 'selected' => true);
}
$showContentFrame = false;
}
//html header
$this->_assignLayout($pageTitle);
$this->_assignJavascriptandCSS();
//layout stuff
$this->oTpl->assign('uiPart', 'header');
$this->oTpl->assign('showContentFrame', $showContentFrame);
$this->oTpl->assign('showSidebar', $showSidebar);
$this->oTpl->assign('showMainNavigation', $showMainNavigation);
//top
$this->_assignBranding($conf['ui']);
$this->_assignSearch($ID);
$this->_assignUserAccountInfo($oCurrentSection);
$this->oTpl->assign('headerModel', $oHeaderModel);
$this->oTpl->assign('hideNavigator', $conf['ui']['hideNavigator']);
// Tabbed navigation bar and sidebar
$this->oTpl->assign('aMainTabNav', $aMainNav);
$this->oTpl->assign('aLeftMenuNav', $aLeftMenuNav);
$this->oTpl->assign('aLeftMenuSubNav', $aLeftMenuSubNav);
$this->oTpl->assign('aSectionNav', $aSectionNav);
// This is used to show banner preview
$this->oTpl->assign('breadcrumbsExtra', $phpAds_breadcrumbs_extra);
//tools and shortcuts
$this->oTpl->assign('aTools', $this->aTools);
$this->oTpl->assign('aShortcuts', $this->aShortcuts);
//additional things
$this->_assignJavascriptDefaults();
//JS validation messages and other defaults
$this->_assignAlertMPE();
//mpe xajax
$this->_assignInstalling();
//install indicator
$this->_assignMessagesAndNotifications();
//messaging system
//html header
$this->_assignJavascriptandCSS();
/* DISPLAY */
// Use gzip content compression
if (isset($conf['ui']['gzipCompression']) && $conf['ui']['gzipCompression']) {
//enable compression if it's not alredy handled by the zlib and ob_gzhandler is loaded
$zlibCompression = ini_get('zlib.output_compression');
if (!$zlibCompression && function_exists('ob_gzhandler')) {
// enable compression only if it wasn't enabled previously (e.g by widget)
//also, we cannot enable gzip if session was started
$session_id = session_id();
//check if there's any session
if (ob_get_contents() === false && empty($session_id)) {
ob_start("ob_gzhandler");
}
}
}
// Send header with charset info and display
header("Content-Type: text/html" . (isset($phpAds_CharSet) && $phpAds_CharSet != "" ? "; charset=" . $phpAds_CharSet : ""));
$this->oTpl->display();
if (!defined('phpAds_installing')) {
OX_Admin_UI_Hooks::afterPageHeader($id);
}
}
require "config.php";
require "lib-statistics.inc.php";
// Register input variables
phpAds_registerGlobal('action', 'trackerids', 'clickwindowday', 'clickwindowhour', 'clickwindowminute', 'clickwindows', 'clickwindowsecond', 'hideinactive', 'logids', 'submit', 'viewwindowday', 'viewwindowhour', 'viewwindowminute', 'viewwindows', 'viewwindowsecond');
// Security check
phpAds_checkAccess(phpAds_Admin + phpAds_Agency);
if (phpAds_isUser(phpAds_Agency)) {
if (isset($campaignid) && $campaignid != '') {
$query = "SELECT c.clientid" . " FROM " . $phpAds_config['tbl_clients'] . " AS c" . "," . $phpAds_config['tbl_campaigns'] . " AS m" . " WHERE c.clientid=m.clientid" . " AND c.clientid=" . $clientid . " AND m.campaignid=" . $campaignid . " AND agencyid=" . phpAds_getUserID();
} else {
$query = "SELECT c.clientid" . " FROM " . $phpAds_config['tbl_clients'] . " AS c" . " WHERE c.clientid=" . $clientid . " AND agencyid=" . phpAds_getUserID();
}
$res = phpAds_dbQuery($query) or phpAds_sqlDie();
if (phpAds_dbNumRows($res) == 0) {
phpAds_PageHeader("2");
phpAds_Die($strAccessDenied, $strNotAdmin);
}
}
/*********************************************************/
/* Process submitted form */
/*********************************************************/
if (isset($campaignid) && $campaignid != '') {
if (isset($action) && $action == 'set') {
$res = phpAds_dbQuery("DELETE" . " FROM " . $phpAds_config['tbl_campaigns_trackers'] . " WHERE campaignid=" . $campaignid) or phpAds_sqlDie();
if (isset($trackerids) && is_array($trackerids)) {
for ($i = 0; $i < sizeof($trackerids); $i++) {
$logid = 'n';
for ($j = 0; $j < sizeof($logids); $j++) {
if ($logids[$j] == $trackerids[$i]) {
$logid = 'y';
break;
function processForm($bannerid, $form, &$oComponent, $formDisabled = false)
{
$aFields = $form->exportValues();
$doBanners = OA_Dal::factoryDO('banners');
// Get the existing banner details (if it is not a new banner)
if (!empty($bannerid)) {
if ($doBanners->get($bannerid)) {
$aBanner = $doBanners->toArray();
}
}
$aVariables = array();
$aVariables['campaignid'] = $aFields['campaignid'];
$aVariables['target'] = isset($aFields['target']) ? $aFields['target'] : '';
$aVariables['height'] = isset($aFields['height']) ? $aFields['height'] : 0;
$aVariables['width'] = isset($aFields['width']) ? $aFields['width'] : 0;
$aVariables['weight'] = !empty($aFields['weight']) ? $aFields['weight'] : 0;
$aVariables['adserver'] = !empty($aFields['adserver']) ? $aFields['adserver'] : '';
$aVariables['alt'] = !empty($aFields['alt']) ? $aFields['alt'] : '';
$aVariables['bannertext'] = !empty($aFields['bannertext']) ? $aFields['bannertext'] : '';
$aVariables['htmltemplate'] = !empty($aFields['htmltemplate']) ? $aFields['htmltemplate'] : '';
$aVariables['description'] = !empty($aFields['description']) ? $aFields['description'] : '';
$aVariables['imageurl'] = !empty($aFields['imageurl']) && $aFields['imageurl'] != 'http://' ? $aFields['imageurl'] : '';
$aVariables['url'] = !empty($aFields['url']) && $aFields['url'] != 'http://' ? $aFields['url'] : '';
$aVariables['status'] = $aFields['status'] != '' ? $aFields['status'] : '';
$aVariables['statustext'] = !empty($aFields['statustext']) ? $aFields['statustext'] : '';
$aVariables['storagetype'] = $aFields['type'];
$aVariables['ext_bannertype'] = $aFields['ext_bannertype'];
$aVariables['comments'] = $aFields['comments'];
$aVariables['filename'] = !empty($aBanner['filename']) ? $aBanner['filename'] : '';
$aVariables['contenttype'] = !empty($aBanner['contenttype']) ? $aBanner['contenttype'] : '';
if ($aFields['type'] == 'url') {
$aVariables['contenttype'] = OA_Creative_File::staticGetContentTypeByExtension($aVariables['imageurl']);
if (empty($aVariables['contenttype'])) {
// Assume dynamic urls (i.e. http://www.example.com/foo?bar) are "gif"
$aVariables['contenttype'] = 'gif';
}
} elseif ($aFields['type'] == 'txt') {
// Text banners should always have a "txt" content type
$aVariables['contenttype'] = 'txt';
}
$aVariables['alt_filename'] = !empty($aBanner['alt_filename']) ? $aBanner['alt_filename'] : '';
$aVariables['alt_contenttype'] = !empty($aBanner['alt_contenttype']) ? $aBanner['alt_contenttype'] : '';
$aVariables['alt_imageurl'] = !empty($aFields['alt_imageurl']) ? $aFields['alt_imageurl'] : '';
if (isset($aFields['keyword']) && $aFields['keyword'] != '') {
$keywordArray = split('[ ,]+', $aFields['keyword']);
$aVariables['keyword'] = implode(' ', $keywordArray);
} else {
$aVariables['keyword'] = '';
}
$editSwf = false;
// Deal with any files that are uploaded.
if (!empty($_FILES['upload']) && $aFields['replaceimage'] == 't') {
//TODO refactor upload to be a valid quickform elem
$oFile = OA_Creative_File::factoryUploadedFile('upload');
if (PEAR::isError($oFile)) {
phpAds_PageHeader(1);
phpAds_Die($strErrorOccurred, htmlspecialchars($oFile->getMessage()));
}
$oFile->store($aFields['type']);
$aFile = $oFile->getFileDetails();
if (!empty($aFile)) {
$aVariables['filename'] = $aFile['filename'];
$aVariables['contenttype'] = $aFile['contenttype'];
$aVariables['width'] = $aFile['width'];
$aVariables['height'] = $aFile['height'];
$aVariables['pluginversion'] = $aFile['pluginversion'];
$editSwf = $aFile['editswf'];
}
// Delete the old file for this banner
if (!empty($aBanner['filename']) && ($aBanner['storagetype'] == 'web' || $aBanner['storagetype'] == 'sql')) {
DataObjects_Banners::deleteBannerFile($aBanner['storagetype'], $aBanner['filename']);
}
}
if (!empty($_FILES['uploadalt']) && $_FILES['uploadalt']['size'] > 0 && $aFields['replacealtimage'] == 't') {
//TODO: Check image only? - Wasn't enforced before
$oFile = OA_Creative_File::factoryUploadedFile('uploadalt');
if (PEAR::isError($oFile)) {
phpAds_PageHeader(1);
phpAds_Die($strErrorOccurred, htmlspecialchars($oFile->getMessage()));
}
$oFile->store($aFields['type']);
$aFile = $oFile->getFileDetails();
if (!empty($aFile)) {
$aVariables['alt_filename'] = $aFile['filename'];
$aVariables['alt_contenttype'] = $aFile['contenttype'];
}
}
// Handle SWF transparency
if ($aVariables['contenttype'] == 'swf') {
$aVariables['transparent'] = isset($aFields['transparent']) && $aFields['transparent'] ? 1 : 0;
}
// Update existing hard-coded links if new file has not been uploaded
if ($aVariables['contenttype'] == 'swf' && empty($_FILES['upload']['tmp_name']) && isset($aFields['alink']) && is_array($aFields['alink']) && count($aFields['alink'])) {
// Prepare the parameters
$parameters_complete = array();
// Prepare targets
if (!isset($aFields['atar']) || !is_array($aFields['atar'])) {
$aFields['atar'] = array();
}
foreach ($aFields['alink'] as $key => $val) {
if (substr($val, 0, 7) == 'http://' && strlen($val) > 7) {
if (!isset($aFields['atar'][$key])) {
$aFields['atar'][$key] = '';
}
if (isset($aFields['alink_chosen']) && $aFields['alink_chosen'] == $key) {
$aVariables['url'] = $val;
$aVariables['target'] = $aFields['atar'][$key];
}
/*
if (isset($aFields['asource'][$key]) && $aFields['asource'][$key] != '') {
$val .= '|source:'.$aFields['asource'][$key];
}
*/
$parameters_complete[$key] = array('link' => $val, 'tar' => $aFields['atar'][$key]);
}
}
$parameters = array('swf' => $parameters_complete);
} else {
$parameters = null;
}
$aVariables['parameters'] = serialize($parameters);
//TODO: deleting images is not viable because they could still be in use in the delivery cache
// // Delete any old banners...
// if (!empty($aBanner['filename']) && $aBanner['filename'] != $aVariables['filename']) {
// phpAds_ImageDelete($aBanner['storagetype'], $aBanner['filename']);
// }
// if (!empty($aBanner['alt_filename']) && $aBanner['alt_filename'] != $aVariables['alt_filename']) {
// phpAds_ImageDelete($aBanner['storagetype'], $aBanner['alt_filename']);
// }
// Clients are only allowed to modify certain fields, ensure that other fields are unchanged
if (OA_Permission::isAccount(OA_ACCOUNT_ADVERTISER)) {
$aVariables['weight'] = $aBanner['weight'];
$aVariables['description'] = $aBanner['name'];
$aVariables['comments'] = $aBanner['comments'];
}
$insert = empty($bannerid) ? true : false;
if ($oComponent) {
$result = $oComponent->preprocessForm($insert, $bannerid, $aFields, $aVariables);
if ($result === false) {
// handle error
return false;
}
}
// File the data
$doBanners->setFrom($aVariables);
if ($insert) {
$bannerid = $doBanners->insert();
// Run the Maintenance Priority Engine process
OA_Maintenance_Priority::scheduleRun();
} else {
$doBanners->update();
// check if size has changed
if ($aVariables['width'] != $aBanner['width'] || $aVariables['height'] != $aBanner['height']) {
MAX_adjustAdZones($bannerid);
MAX_addDefaultPlacementZones($bannerid, $aVariables['campaignid']);
}
}
if ($oComponent) {
$result = $oComponent->processForm($insert, $bannerid, $aFields, $aVariables);
if ($result === false) {
// handle error
// remove rec from banners table?
return false;
}
}
$translation = new OX_Translation();
if ($insert) {
// Queue confirmation message
$translated_message = $translation->translate($GLOBALS['strBannerHasBeenAdded'], array(MAX::constructURL(MAX_URL_ADMIN, 'banner-edit.php?clientid=' . $aFields['clientid'] . '&campaignid=' . $aFields['campaignid'] . '&bannerid=' . $bannerid), htmlspecialchars($aFields['description'])));
OA_Admin_UI::queueMessage($translated_message, 'local', 'confirm', 0);
// Determine what the next page is
if ($editSwf) {
$nextPage = "banner-swf.php?clientid=" . $aFields['clientid'] . "&campaignid=" . $aFields['campaignid'] . "&bannerid={$bannerid}&insert=true";
} else {
$nextPage = "campaign-banners.php?clientid=" . $aFields['clientid'] . "&campaignid=" . $aFields['campaignid'];
}
} else {
// Determine what the next page is
if ($editSwf) {
$nextPage = "banner-swf.php?clientid=" . $aFields['clientid'] . "&campaignid=" . $aFields['campaignid'] . "&bannerid={$bannerid}";
} else {
$translated_message = $translation->translate($GLOBALS['strBannerHasBeenUpdated'], array(MAX::constructURL(MAX_URL_ADMIN, 'banner-edit.php?clientid=' . $aFields['clientid'] . '&campaignid=' . $aFields['campaignid'] . '&bannerid=' . $aFields['bannerid']), htmlspecialchars($aFields['description'])));
OA_Admin_UI::queueMessage($translated_message, 'local', 'confirm', 0);
$nextPage = "banner-edit.php?clientid=" . $aFields['clientid'] . "&campaignid=" . $aFields['campaignid'] . "&bannerid={$bannerid}";
}
}
// Go to the next page
Header("Location: {$nextPage}");
exit;
}