function addToCacheTable($id)
{
global $server, $user, $pass, $database, $link;
teampass_connect();
// get data
$data = DB::queryfirstrow("SELECT i.label AS label, i.description AS description, i.id_tree AS id_tree, i.perso AS perso, i.restricted_to AS restricted_to, i.login AS login, i.id AS id\n FROM " . prefix_table("items") . " AS i\n AND " . prefix_table("log_items") . " AS l ON (l.id_item = i.id)\n WHERE i.id = %i\n AND l.action = %s", intval($id), at_creation);
// Get all TAGS
$tags = "";
$data_tags = DB::query("SELECT tag FROM " . prefix_table("tags") . " WHERE item_id=%i", $id);
foreach ($data_tags as $itemTag) {
if (!empty($itemTag['tag'])) {
$tags .= $itemTag['tag'] . " ";
}
}
// form id_tree to full foldername
/*$folder = "";
$arbo = $tree->getPath($data['id_tree'], true);
foreach ($arbo as $elem) {
if ($elem->title == $_SESSION['user_id'] && $elem->nlevel == 1) {
$elem->title = $_SESSION['login'];
}
if (empty($folder)) {
$folder = stripslashes($elem->title);
} else {
$folder .= " » ".stripslashes($elem->title);
}
}*/
// finaly update
DB::insert(prefix_table("cache"), array("id" => $data['id'], "label" => $data['label'], "description" => $data['description'], "tags" => $tags, "id_tree" => $data['id_tree'], "perso" => $data['perso'], "restricted_to" => $data['restricted_to'], "login" => $data['login'], "folder" => "", "restricted_to" => "0", "author" => "9999999"));
}
function addToCacheTable($id)
{
global $server, $user, $pass, $database, $link;
teampass_connect();
// get data
$data = DB::queryfirstrow("SELECT i.label AS label, i.description AS description, i.id_tree AS id_tree, i.perso AS perso, i.restricted_to AS restricted_to, i.login AS login, i.id AS id\n FROM " . prefix_table("items") . " AS i\n AND " . prefix_table("log_items") . " AS l ON (l.id_item = i.id)\n WHERE i.id = %i\n AND l.action = %s", intval($id), at_creation);
// Get all TAGS
$tags = "";
$data_tags = DB::query("SELECT tag FROM " . prefix_table("tags") . " WHERE item_id=%i", $id);
foreach ($data_tags as $itemTag) {
if (!empty($itemTag['tag'])) {
$tags .= $itemTag['tag'] . " ";
}
}
// finaly update
DB::insert(prefix_table("cache"), array("id" => $data['id'], "label" => $data['label'], "description" => $data['description'], "tags" => $tags, "id_tree" => $data['id_tree'], "perso" => $data['perso'], "restricted_to" => $data['restricted_to'], "login" => $data['login'], "folder" => "", "author" => API_USER_ID, "renewal_period" => 0, "timestamp" => time(), "url" => 0));
}
function checkUser($userId, $userKey, $pageVisited)
{
global $pagesRights;
if (empty($userId) || empty($pageVisited) || empty($userKey)) {
return false;
}
if (!is_array($pageVisited)) {
$pageVisited = array($pageVisited);
}
include $_SESSION['settings']['cpassman_dir'] . '/includes/settings.php';
require_once $_SESSION['settings']['cpassman_dir'] . '/includes/language/' . $_SESSION['user_language'] . '.php';
require_once $_SESSION['settings']['cpassman_dir'] . '/sources/SplClassLoader.php';
require_once 'main.functions.php';
// Connect to mysql server
require_once $_SESSION['settings']['cpassman_dir'] . '/includes/libraries/Database/Meekrodb/db.class.php';
DB::$host = $server;
DB::$user = $user;
DB::$password = $pass;
DB::$dbName = $database;
DB::$port = $port;
DB::$encoding = $encoding;
DB::$error_handler = 'db_error_handler';
$link = mysqli_connect($server, $user, $pass, $database, $port);
$link->set_charset($encoding);
// load user's data
$data = DB::queryfirstrow("SELECT login, key_tempo, admin, gestionnaire FROM " . prefix_table("users") . " WHERE id = %i", $userId);
// check if user exists and tempo key is coherant
if (empty($data['login']) || empty($data['key_tempo']) || $data['key_tempo'] != $userKey) {
return false;
}
// check if user is allowed to see this page
if (empty($data['admin']) && empty($data['gestionnaire']) && !IsInArray($pageVisited, $pagesRights['user'])) {
return false;
} else {
if (empty($data['admin']) && !empty($data['gestionnaire']) && !IsInArray($pageVisited, $pagesRights['manager'])) {
return false;
} else {
if (!empty($data['admin']) && !IsInArray($pageVisited, $pagesRights['admin'])) {
return false;
}
}
}
return true;
}
echo '[ { "status" : "none" } ]';
}
break;
/**
* Open KB
*/
/**
* Open KB
*/
case "open_kb":
// Check KEY
if ($_POST['key'] != $_SESSION['key']) {
echo '[ { "error" : "key_not_conform" } ]';
break;
}
$ret = DB::queryfirstrow("SELECT k.id AS id, k.label AS label, k.description AS description, k.category_id AScategory_id, k.author_id AS author_id, k.anyone_can_modify AS anyone_can_modify, u.login AS login, c.category AS category\n FROM " . prefix_table("kb") . " AS k\n INNER JOIN " . prefix_table("kb_categories") . " AS c ON (c.id = k.category_id)\n INNER JOIN " . prefix_table("users") . " AS u ON (u.id = k.author_id)\n WHERE k.id = %i", $_POST['id']);
//select associated items
$rows = DB::query("SELECT item_id FROM " . prefix_table("kb") . "_items WHERE kb_id = %i", $_POST['id']);
$arrOptions = array();
foreach ($rows as $record) {
//echo '$("#kb_associated_to option[value='.$record['item_id'].']").attr("selected","selected");';
array_push($arrOptions, $record['item_id']);
}
$arrOutput = array("label" => $ret['label'], "category" => $ret['category'], "description" => $ret['description'], "anyone_can_modify" => $ret['anyone_can_modify'], "options" => $arrOptions);
echo json_encode($arrOutput, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP);
break;
/**
* Delete the KB
*/
/**
* Delete the KB
//CASE where to update the associated Function
//CASE where to update the associated Function
case "fonction":
/* do checks */
require_once $_SESSION['settings']['cpassman_dir'] . '/sources/checks.php';
if (!checkUser($_SESSION['user_id'], $_SESSION['key'], "manage_folders")) {
$_SESSION['error']['code'] = ERR_NOT_ALLOWED;
//not allowed page
include $_SESSION['settings']['cpassman_dir'] . '/error.php';
exit;
}
// get values
$val = explode(';', $_POST['valeur']);
$valeur = $_POST['valeur'];
//Check if ID already exists
$data = DB::queryfirstrow("SELECT authorized FROM " . prefix_table("rights") . " WHERE tree_id = %i AND fonction_id= %i", $val[0], $val[1]);
if (empty($data['authorized'])) {
//Insert into DB
DB::insert(prefix_table("rights"), array('tree_id' => $val[0], 'fonction_id' => $val[1], 'authorized' => 1));
} else {
//Update DB
if ($data['authorized'] == 1) {
DB::update(prefix_table("rights"), array('authorized' => 0), "id = %i AND fonction_id=%i", $val[0], $val[1]);
} else {
DB::update(prefix_table("rights"), array('authorized' => 1), "id = %i AND fonction_id=%i", $val[0], $val[1]);
}
}
break;
// CASE where to authorize an ITEM creation without respecting the complexity
// CASE where to authorize an ITEM creation without respecting the complexity
case "modif_droit_autorisation_sans_complexite":
}
$texte .= '<tr><td><input type=\'checkbox\' class=\'cb_deleted_item\' value=\'' . $reccord['id'] . '\' id=\'item_deleted_' . $reccord['id'] . '\' /> <b>' . $reccord['label'] . '</b></td><td width=\\"100px\\" align=\\"center\\">' . date($_SESSION['settings']['date_format'], $reccord['date']) . '</td><td width=\\"70px\\" align=\\"center\\">' . $reccord['login'] . '</td>' . $thisFolder . '</tr>';
}
echo '[{"text":"' . $texte . '</table><div style=\'margin-left:5px;\'><input type=\'checkbox\' id=\'item_deleted_select_all\' /> <img src=\\"includes/images/arrow-repeat.png\\" title=\\"' . $LANG['restore'] . '\\" style=\\"cursor:pointer;\\" onclick=\\"restoreDeletedItems()\\"> <img src=\\"includes/images/bin_empty.png\\" title=\\"' . $LANG['delete'] . '\\" style=\\"cursor:pointer;\\" onclick=\\"reallyDeleteItems()\\"></div>"}]';
break;
/**
* CASE admin want to restaure a list of deleted items
*/
/**
* CASE admin want to restaure a list of deleted items
*/
case "restore_deleted__items":
//restore FOLDERS
if (count($_POST['list_f']) > 0) {
foreach (explode(';', $_POST['list_f']) as $id) {
$data = DB::queryfirstrow("SELECT valeur\n FROM " . prefix_table("misc") . "\n WHERE type = 'folder_deleted'\n AND intitule = %s", $id);
if ($data['valeur'] != 0) {
$folderData = explode(', ', $data['valeur']);
//insert deleted folder
DB::insert(prefix_table("nested_tree"), array('id' => $folderData[0], 'parent_id' => $folderData[1], 'title' => $folderData[2], 'nleft' => $folderData[3], 'nright' => $folderData[4], 'nlevel' => $folderData[5], 'bloquer_creation' => $folderData[6], 'bloquer_modification' => $folderData[7], 'personal_folder' => $folderData[8], 'renewal_period' => $folderData[9]));
//delete log
DB::delete(prefix_table("misc"), "type = %s AND intitule = %s", "folder_deleted", $id);
}
}
}
//restore ITEMS
if (count($_POST['list_i']) > 0) {
foreach (explode(';', $_POST['list_i']) as $id) {
DB::update(prefix_table("items"), array('inactif' => '0'), 'id = %i', $id);
//log
DB::insert(prefix_table("log_items"), array("id_item" => $id, "date" => time(), "id_user" => $_SESSION['user_id'], "action" => "at_restored"));
}
$texte .= '<tr><td><input type=\'checkbox\' class=\'cb_deleted_item\' value=\'' . $reccord['id'] . '\' id=\'item_deleted_' . $reccord['id'] . '\' /> <b>' . $reccord['label'] . '</b></td><td width=\\"100px\\" align=\\"center\\">' . date($_SESSION['settings']['date_format'], $reccord['date']) . '</td><td width=\\"70px\\" align=\\"center\\">' . $reccord['login'] . '</td>' . $thisFolder . '</tr>';
}
echo '[{"text":"' . $texte . '</table><div style=\'margin-left:5px;\'><input type=\'checkbox\' id=\'item_deleted_select_all\' /> <img src=\\"includes/images/arrow-repeat.png\\" title=\\"' . $LANG['restore'] . '\\" style=\\"cursor:pointer;\\" onclick=\\"restoreDeletedItems()\\"> <img src=\\"includes/images/bin_empty.png\\" title=\\"' . $LANG['delete'] . '\\" style=\\"cursor:pointer;\\" onclick=\\"reallyDeleteItems()\\"></div>"}]';
break;
/**
* CASE admin want to restaure a list of deleted items
*/
/**
* CASE admin want to restaure a list of deleted items
*/
case "restore_deleted__items":
//restore FOLDERS
if (count($_POST['list_f']) > 0) {
foreach (explode(';', $_POST['list_f']) as $id) {
$data = DB::queryfirstrow("SELECT valeur\n FROM " . $pre . "misc\n WHERE type = 'folder_deleted'\n AND intitule = %s", $id);
if ($data['valeur'] != 0) {
$folderData = explode(', ', $data['valeur']);
//insert deleted folder
DB::insert($pre . 'nested_tree', array('id' => $folderData[0], 'parent_id' => $folderData[1], 'title' => $folderData[2], 'nleft' => $folderData[3], 'nright' => $folderData[4], 'nlevel' => $folderData[5], 'bloquer_creation' => $folderData[6], 'bloquer_modification' => $folderData[7], 'personal_folder' => $folderData[8], 'renewal_period' => $folderData[9]));
//delete log
DB::delete($pre . "misc", "type = %s AND intitule = %s", "folder_deleted", $id);
}
}
}
//restore ITEMS
if (count($_POST['list_i']) > 0) {
foreach (explode(';', $_POST['list_i']) as $id) {
DB::update($pre . "items", array('inactif' => '0'), 'id = %i', $id);
//log
DB::insert($pre . "log_items", array("id_item" => $id, "date" => time(), "id_user" => $_SESSION['user_id'], "action" => "at_restored"));
$sOutput .= '"iTotalDisplayRecords": ' . $iFilteredTotal . ', ';
$sOutput .= '"aaData": ';
if ($iFilteredTotal > 0) {
$sOutput .= '[';
}
foreach ($rows as $record) {
$sOutput .= "[";
//col1
$sOutput .= '"<img src=\\"includes/images/direction_arrow.png\\" onclick=\\"openKB(\'' . $record['id'] . '\')\\" style=\\"cursor:pointer;\\" />';
if ($record['anyone_can_modify'] == 1 || $record['author_id'] == $_SESSION['user_id']) {
$sOutput .= '<img src=\\"includes/images/direction_minus.png\\" onclick=\\"deleteKB(\'' . $record['id'] . '\')\\" style=\\"cursor:pointer;\\" />';
}
$sOutput .= '",';
//col2
$ret_cat = DB::queryfirstrow("SELECT category FROM " . $pre . "kb_categories WHERE id = %i", $record['category_id']);
$sOutput .= '"' . htmlspecialchars(stripslashes($ret_cat['category']), ENT_QUOTES) . '",';
//col3
$sOutput .= '"' . htmlspecialchars(stripslashes($record['label']), ENT_QUOTES) . '",';
//col4
$ret_author = DB::queryfirstrow("SELECT login FROM " . $pre . "users WHERE id = %i", $record['author_id']);
$sOutput .= '"' . html_entity_decode($ret_author['login'], ENT_NOQUOTES) . '"';
//Finish the line
$sOutput .= '],';
}
if (count($rows) > 0) {
$sOutput = substr_replace($sOutput, "", -1);
$sOutput .= '] }';
} else {
$sOutput .= '[] }';
}
echo $sOutput;
$return = "";
//Get all tables
$tables = array();
$result = DB::query('SHOW TABLES');
foreach ($result as $row) {
$tables[] = $row["Tables_in_" . $database];
}
//cycle through
foreach ($tables as $table) {
if (empty($pre) || substr_count($table, $pre) > 0) {
$result = DB::queryRaw('SELECT * FROM ' . $table);
$mysqli_result = DB::queryRaw("SELECT *\n FROM INFORMATION_SCHEMA.COLUMNS\n WHERE table_schema = %s\n AND table_name = %s", $database, $table);
$numFields = DB::count();
// prepare a drop table
$return .= 'DROP TABLE ' . $table . ';';
$row2 = DB::queryfirstrow('SHOW CREATE TABLE ' . $table);
$return .= "\n\n" . $row2["Create Table"] . ";\n\n";
//prepare all fields and datas
for ($i = 0; $i < $numFields; $i++) {
while ($row = $result->fetch_row()) {
$return .= 'INSERT INTO ' . $table . ' VALUES(';
for ($j = 0; $j < $numFields; $j++) {
$row[$j] = addslashes($row[$j]);
$row[$j] = preg_replace("/\n/", "\\n", $row[$j]);
if (isset($row[$j])) {
$return .= '"' . $row[$j] . '"';
} else {
$return .= 'NULL';
}
if ($j < $numFields - 1) {
$return .= ',';
} else {
// COMPLETE RE-ENCRYPTION
$personal_sk = $_SESSION['my_sk'];
// get data about pw
$data = DB::queryfirstrow("SELECT id, pw, pw_iv\n FROM " . prefix_table("items") . "\n WHERE id = %i", $_POST['currentId']);
if (empty($data['pw_iv'])) {
// check if pw encrypted with protocol #2
$pw = decrypt($data['pw'], $_SESSION['my_sk']);
if (empty($pw)) {
// used protocol is #1
$pw = decryptOld($data['pw'], $_SESSION['my_sk']);
// decrypt using protocol #1
} else {
// used protocol is #2
// get key for this pw
$dataItem = DB::queryfirstrow("SELECT rand_key\n FROM " . prefix_table("keys") . "\n WHERE `sql_table` = %s AND id = %i", "items", $data['id']);
if (!empty($dataItem['rand_key'])) {
// remove key from pw
$pw = substr($pw, strlen($dataTemp['rand_key']));
}
}
// encrypt it
$encrypt = cryption($pw, $personal_sk, "", "encrypt");
// store Password
DB::update(prefix_table('items'), array('pw' => $encrypt['string'], 'pw_iv' => $encrypt['iv']), "id = %i", $data['id']);
} else {
// already re-encrypted
}
}
echo '[{"error" : ""}]';
break;
// launch query
$rows = DB::query("SELECT *\n FROM " . prefix_table("log_system") . "\n WHERE type = %s AND field_1=%i\n ORDER BY date DESC\n LIMIT {$start}," . $_POST['nb_items_by_page'], "user_mngt", $_POST['id']);
}
// generate data
if (isset($counter) && $counter != 0) {
$nb_pages = ceil($counter / $_POST['nb_items_by_page']);
for ($i = 1; $i <= $nb_pages; $i++) {
$pages .= '<td onclick=\'displayLogs(' . $i . ',\\"user_mngt\\")\'><span style=\'cursor:pointer;' . ($_POST['page'] == $i ? 'font-weight:bold;font-size:18px;\'>' . $i : '\'>' . $i) . '</span></td>';
}
}
$pages .= '</tr></table>';
if (isset($rows)) {
foreach ($rows as $record) {
if ($_POST['scope'] == "user_mngt") {
$user = DB::queryfirstrow("SELECT login from " . prefix_table("users") . " WHERE id=%i", $record['qui']);
$user_1 = DB::queryfirstrow("SELECT login from " . prefix_table("users") . " WHERE id=%i", $_POST['id']);
$tmp = explode(":", $record['label']);
$logs .= '<tr><td>' . date($_SESSION['settings']['date_format'] . " " . $_SESSION['settings']['time_format'], $record['date']) . '</td><td align=\\"center\\">' . str_replace(array('"', '#user_login#'), array('\\"', $user_1['login']), $LANG['login']) . '</td><td align=\\"center\\">' . $user['login'] . '</td><td align=\\"center\\"></td></tr>';
} else {
$logs .= '<tr><td>' . date($_SESSION['settings']['date_format'] . " " . $_SESSION['settings']['time_format'], $record['date']) . '</td><td align=\\"center\\">' . str_replace('"', '\\"', $record['label']) . '</td><td align=\\"center\\">' . $record['login'] . '</td><td align=\\"center\\">' . $LANG[$record['action']] . '</td></tr>';
}
}
}
echo '[ { "table_logs": "' . $logs . '", "pages": "' . $pages . '", "error" : "no" } ]';
break;
/*
* Migrate the Admin PF to User
*/
/*
* Migrate the Admin PF to User
*/
DB::$user = $user;
DB::$password = $pass;
DB::$dbName = $database;
DB::$port = $port;
DB::$encoding = $encoding;
DB::$error_handler = 'db_error_handler';
$link = mysqli_connect($server, $user, $pass, $database, $port);
$link->set_charset($encoding);
// check session validity
$data = DB::queryfirstrow("SELECT id, timestamp, code, item_id FROM " . prefix_table("otv") . "\n WHERE code = %i", intval($_GET['code']));
if ($data['timestamp'] == $_GET['stamp']) {
// otv is too old
if ($data['timestamp'] < time() - $_SESSION['settings']['otv_expiration_period'] * 86400) {
$html = "Link is too old!";
} else {
$dataItem = DB::queryfirstrow("SELECT *\n FROM " . prefix_table("items") . " as i\n INNER JOIN " . prefix_table("log_items") . " as l ON (l.id_item = i.id)\n WHERE i.id = %i AND l.action = %s", intval($data['item_id']), 'at_creation');
// get data
$pw = cryption($dataItem['pw'], SALT, $dataItem['pw_iv'], "decrypt");
$label = $dataItem['label'];
$email = $dataItem['email'];
$url = $dataItem['url'];
$description = preg_replace('/(?<!\\r)\\n+(?!\\r)/', '', strip_tags($dataItem['description'], $k['allowedTags']));
$login = str_replace('"', '"', $dataItem['login']);
// display data
$html = "<div style='margin:30px;'>" . "<div style='font-size:20px;font-weight:bold;'>Welcome to One-Time item view page.</div>" . "<div style='font-style:italic;'>Here are the details of the Item that has been shared to you</div>" . "<div style='margin-top:10px;'><table>" . "<tr><td>Label:</td><td>" . $label . "</td</tr>" . "<tr><td>Password:</td><td>" . $pw . "</td</tr>" . "<tr><td>Description:</td><td>" . $description . "</td</tr>" . "<tr><td>login:</td><td>" . $login . "</td</tr>" . "<tr><td>URL:</td><td>" . $url . "</td</tr>" . "</table></div>" . "<div style='margin-top:30px;'>Copy carefully the data you need. This page is only visible once.</div>" . "</div>";
// delete entry
//DB::delete(prefix_table("otv"), "id = %i", intval($_GET['otv_id']));
// display
echo $html;
}
} else {
/*
* CASE
* Free Item for Edition
*/
/*
* CASE
* Free Item for Edition
*/
case "delete_file":
// Check KEY
if ($_POST['key'] != $_SESSION['key']) {
echo '[ { "error" : "key_not_conform" } ]';
break;
}
// get file info
$result = DB::queryfirstrow("SELECT file FROM " . prefix_table("files") . " WHERE id=%i", substr($_POST['uri'], 1));
@unlink($_SESSION['settings']['path_to_upload_folder'] . '/' . $result['file'] . $_POST['file_suffix']);
break;
/*
* CASE
* Get list of users that have access to the folder
*/
/*
* CASE
* Get list of users that have access to the folder
*/
case "get_refined_list_of_users":
// Check KEY
if ($_POST['key'] != $_SESSION['key']) {
echo '[ { "error" : "key_not_conform" } ]';
break;
DB::$encoding = $encoding;
DB::$error_handler = 'db_error_handler';
$link = mysqli_connect($server, $user, $pass, $database, $port);
$link->set_charset($encoding);
// check session validity
$data = DB::queryfirstrow("SELECT id, timestamp, code, item_id FROM " . prefix_table("otv") . "\n WHERE code = %s", $_GET['code']);
if ($data['timestamp'] == intval($_GET['stamp'])) {
// otv is too old
if ($data['timestamp'] < time() - $_SESSION['settings']['otv_expiration_period'] * 86400) {
$html = "Link is too old!";
} else {
// get from DB
$dataItem = DB::queryfirstrow("SELECT *\n FROM " . prefix_table("items") . " as i\n INNER JOIN " . prefix_table("log_items") . " as l ON (l.id_item = i.id)\n WHERE i.id = %i AND l.action = %s", intval($data['item_id']), 'at_creation');
// is Item still valid regarding number of times being seen
// Decrement the number before being deleted
$dataDelete = DB::queryfirstrow("SELECT * FROM " . prefix_table("automatic_del") . " WHERE item_id=%i", $data['item_id']);
if (isset($_SESSION['settings']['enable_delete_after_consultation']) && $_SESSION['settings']['enable_delete_after_consultation'] == 1) {
if ($dataDelete['del_enabled'] == 1) {
if ($dataDelete['del_type'] == 1 && $dataDelete['del_value'] >= 1) {
// decrease counter
DB::update($pre . "automatic_del", array('del_value' => $dataDelete['del_value'] - 1), "item_id = %i", $data['item_id']);
} elseif ($dataDelete['del_type'] == 1 && $dataDelete['del_value'] <= 1 || $dataDelete['del_type'] == 2 && $dataDelete['del_value'] < time()) {
// delete item
DB::delete($pre . "automatic_del", "item_id = %i", $data['item_id']);
// make inactive object
DB::update(prefix_table("items"), array('inactif' => '1'), "id = %i", $data['item_id']);
// log
logItems($data['item_id'], $dataItem['label'], OTV_USER_ID, 'at_delete', 'otv', 'at_automatically_deleted');
echo '<div style="padding:10px; margin:90px 30px 30px 30px; text-align:center;" class="ui-widget-content ui-state-error ui-corner-all"><i class="fa fa-warning fa-2x"></i> ' . LANG['not_allowed_to_see_pw_is_expired'] . '</div>';
return false;
}
} else {
$ret .= "<tr><td><input class='pw_cb' type='checkbox' id='" . $record['id'] . "'></td><td id='old_" . $record['id'] . "'>" . $pw . "</td><td> -> </td><td id='new_" . $record['id'] . "'>" . $reduced_pw . "</td><td id='res_" . $record['id'] . "'></td></tr>";
$rowColor = true;
}
} else {
$pw = "";
$reduced_pw = "";
if ($rowColor == true) {
$ret .= "<tr class='alt' style='disabled:disabled;'><td></td><td id='old_" . $record['id'] . "'>Password error encoding</td><td> -> </td><td id='new_" . $record['id'] . "'>" . $reduced_pw . "</td><td id='res_" . $record['id'] . "'></td></tr>";
$rowColor = false;
} else {
$ret .= "<tr style='disabled:disabled;'><td></td><td id='old_" . $record['id'] . "'>Password error encoding</td><td> -> </td><td id='new_" . $record['id'] . "'>" . $reduced_pw . "</td><td id='res_" . $record['id'] . "'></td></tr>";
$rowColor = true;
}
}
}
}
echo '[{"error":"", "result":"' . $ret . '", "index":"' . $_POST['index'] . '"}]';
} elseif (isset($_POST['action']) && $_POST['action'] == "tool_clean_1" && $_POST['prefix_len'] != "") {
$data = DB::queryfirstrow('SELECT i.pw AS pw, k.rand_key AS rand_key
FROM `' . $pre . 'items` as i
LEFT JOIN ' . $pre . 'keys as k ON (k.id = i.id)
WHERE i.id = %i', $_POST['id']);
$pw = decrypt($data['pw']);
$pw = substr($pw, strlen($data['rand_key']));
$pw = $data['rand_key'] . substr($pw, $_POST['prefix_len']);
DB::update($pre . "items", array('pw' => encrypt($pw)), "id = %i", $_POST['id']);
echo '[{"error":"", "result":"' . $_POST['id'] . '"}]';
}
break;
}
DB::$dbName = $database;
DB::$port = $port;
DB::$encoding = $encoding;
DB::$error_handler = 'db_error_handler';
$link = mysqli_connect($server, $user, $pass, $database, $port);
$link->set_charset($encoding);
// check user's token
$dataUser = DB::queryfirstrow("SELECT key_tempo\n FROM " . prefix_table("users") . "\n WHERE id=%i", $_SESSION['user_id']);
if ($dataUser['key_tempo'] !== $_GET['key']) {
$_SESSION['error']['code'] = ERR_NOT_ALLOWED;
//not allowed page
include $_SESSION['settings']['cpassman_dir'] . '/error.php';
exit;
}
// get data about item
$dataItem = DB::queryfirstrow("SELECT label, login, pw, pw_iv, url, auto_update_pwd_frequency\n FROM " . prefix_table("items") . "\n WHERE id=%i", $_GET['id']);
// decrypt password
$oldPwClear = cryption($dataItem['pw'], SALT, $dataItem['pw_iv'], "decrypt");
echo '
<div id="tabs">
<ul>
<li><a href="#tabs-1">' . $LANG['ssh_one_shot_change'] . '</a></li>
<li><a href="#tabs-2">' . $LANG['ssh_scheduled_change'] . '</a></li>
</ul>
<div id="tabs-1">
<div>
<label for="ausp_ssh_root">' . $LANG['ssh_user'] . ':</label>
<input type="text" id="ausp_ssh_root" class="menu_250 text ui-widget-content ui-corner-all" style="padding:3px;" value="' . $dataItem['login'] . '" />
</div>
<div>
<label for="ausp_ssh_pwd">' . $LANG['ssh_pwd'] . ':</label>
foreach ($server_cert['issuer'] as $key => $value) {
$cert_issuer .= "/{$key}={$value}";
}
if (isset($cert_name) && !empty($cert_name) && $cert_name != $cert_issuer) {
if (isset($_SERVER['HTTPS'])) {
header('Strict-Transport-Security: max-age=500');
$_SESSION['error']['sts'] = 0;
}
} elseif ($cert_name == $cert_issuer) {
$_SESSION['error']['sts'] = 1;
}
}
/* LOAD INFORMATION CONCERNING USER */
if (isset($_SESSION['user_id']) && !empty($_SESSION['user_id'])) {
// query on user
$data = DB::queryfirstrow("SELECT admin, gestionnaire, groupes_visibles, groupes_interdits, fonction_id FROM " . prefix_table("users") . " WHERE id=%i_id", array('id' => $_SESSION['user_id']));
//Check if user has been deleted or unlogged
if (empty($data)) {
// erase session table
$_SESSION = array();
// Kill session
session_destroy();
//redirection to index
echo '
<script language="javascript" type="text/javascript">
<!--
setTimeout(function(){document.location.href="index.php"}, 10);
-->
</script>';
} else {
// update user's rights
// connect to DB
require_once $_SESSION['settings']['cpassman_dir'] . '/includes/libraries/Database/Meekrodb/db.class.php';
DB::$host = $server;
DB::$user = $user;
DB::$password = $pass;
DB::$dbName = $database;
DB::$port = $port;
DB::$error_handler = 'db_error_handler';
$link = mysqli_connect($server, $user, $pass, $database, $port);
// manage action required
if (!empty($_POST['type'])) {
switch ($_POST['type']) {
#CASE adding a new function
case "del_fav":
//Get actual favourites
$data = DB::queryfirstrow("SELECT favourites FROM " . $pre . "users WHERE id = %i", $_SESSION['user_id']);
$tmp = explode(";", $data['favourites']);
$favs = "";
$tab_favs = array();
//redefine new list of favourites
foreach ($tmp as $f) {
if (!empty($f) && $f != $_POST['id']) {
if (empty($favs)) {
$favs = $f;
} else {
$favs = ';' . $f;
}
array_push($tab_favs, $f);
}
}
//update user's account
DB::$host = $server;
DB::$user = $user;
DB::$password = $pass;
DB::$dbName = $database;
DB::$port = $port;
DB::$encoding = $encoding;
DB::$error_handler = 'db_error_handler';
$link = mysqli_connect($server, $user, $pass, $database, $port);
$link->set_charset($encoding);
// manage action required
if (!empty($_POST['type'])) {
switch ($_POST['type']) {
#CASE adding a new function
case "del_fav":
//Get actual favourites
$data = DB::queryfirstrow("SELECT favourites FROM " . prefix_table("users") . " WHERE id = %i", $_SESSION['user_id']);
$tmp = explode(";", $data['favourites']);
$favs = "";
$tab_favs = array();
//redefine new list of favourites
foreach ($tmp as $f) {
if (!empty($f) && $f != $_POST['id']) {
if (empty($favs)) {
$favs = $f;
} else {
$favs = ';' . $f;
}
array_push($tab_favs, $f);
}
}
//update user's account
if (isset($_SESSION['settings']['psk_authentication']) && $_SESSION['settings']['psk_authentication'] == 1 && !empty($data['psk'])) {
$pskSet = true;
} else {
$pskSet = false;
}
echo '[{"login" : "' . $userOk . '", "psk":"' . $pskSet . '"}]';
break;
/**
* Make statistics on item
*/
/**
* Make statistics on item
*/
case "item_stat":
if (isset($_POST['scope']) && $_POST['scope'] == "item") {
$data = DB::queryfirstrow("SELECT view FROM " . prefix_table("statistics") . " WHERE scope = %s AND item_id = %i", 'item', $_POST['id']);
$counter = DB::count();
if ($counter == 0) {
DB::insert(prefix_table("statistics"), array('scope' => 'item', 'view' => '1', 'item_id' => $_POST['id']));
} else {
DB::update(prefix_table("statistics"), array('scope' => 'item', 'view' => $data['view'] + 1), "item_id = %i", $_POST['id']);
}
}
break;
/**
* Refresh list of last items seen
*/
/**
* Refresh list of last items seen
*/
case "refresh_list_items_seen":
DB::insert(prefix_table("items"), array('label' => $suggestion['label'], 'description' => $suggestion['description'], 'pw' => $suggestion['pw'], 'id_tree' => $suggestion['folder_id'], 'inactif' => '0', 'perso' => '0', 'anyone_can_modify' => '0', 'pw_iv' => $suggestion['pw_iv']));
$newID = DB::insertId();
if (is_numeric($newID)) {
// update log
DB::insert(prefix_table("log_items"), array('id_item' => $newID, 'date' => time(), 'id_user' => $suggestion['author_id'], 'action' => 'at_creation'));
// update cache table
updateCacheTable("add_value", $newID);
// delete suggestion
DB::delete(prefix_table("suggestion"), "id = %i", $_POST['id']);
echo '[ { "status" : "done" } ]';
} else {
echo '[ { "status" : "error_when_creating" } ]';
}
}
break;
case "get_complexity_level":
// Check KEY
if ($_POST['key'] != $_SESSION['key']) {
echo '[ { "error" : "key_not_conform" } ]';
break;
}
$data = DB::queryfirstrow("SELECT valeur FROM " . $pre . "misc WHERE intitule = %s AND type = %s", $_POST['folder_id'], "complex");
if (isset($data['valeur']) && (!empty($data['valeur']) || $data['valeur'] == 0)) {
$complexity = $_SESSION['settings']['pwComplexity'][$data['valeur']][1];
} else {
$complexity = $LANG['not_defined'];
}
echo '[ { "status" : "ok" , "complexity" : "' . $data['valeur'] . '" , "complexity_text" : "' . $complexity . '" } ]';
break;
}
}
foreach ($items as $item) {
// Delete item
DB::delete(prefix_table("items"), "id = %i", $item['id']);
// log
DB::delete(prefix_table("log_items"), "id_item = %i", $item['id']);
}
}
// rebuild tree
$tree = new Tree\NestedTree\NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
$tree->rebuild();
}
// update LOG
logEvents('user_mngt', 'at_user_deleted', $_SESSION['user_id'], $_SESSION['login'], $_POST['id']);
} else {
// Get old data about user
$oldData = DB::queryfirstrow("SELECT * FROM " . prefix_table("users") . "\n WHERE id = %i", $_POST['id']);
// manage account status
$accountDisabled = 0;
if ($account_status_action == "unlock") {
$accountDisabled = 0;
$logDisabledText = "at_user_unlocked";
} elseif ($account_status_action == "lock") {
$accountDisabled = 1;
$logDisabledText = "at_user_locked";
}
// update user
DB::update(prefix_table("users"), array('login' => mysqli_escape_string($link, htmlspecialchars_decode($dataReceived['login'])), 'name' => mysqli_escape_string($link, htmlspecialchars_decode($dataReceived['name'])), 'lastname' => mysqli_escape_string($link, htmlspecialchars_decode($dataReceived['lastname'])), 'email' => mysqli_escape_string($link, htmlspecialchars_decode($dataReceived['email'])), 'disabled' => $accountDisabled, 'isAdministratedByRole' => $dataReceived['managedby'], 'groupes_interdits' => empty($dataReceived['forbidFld']) ? '0' : rtrim($dataReceived['forbidFld'], ";"), 'groupes_visibles' => empty($dataReceived['allowFld']) ? '0' : rtrim($dataReceived['allowFld'], ";"), 'fonction_id' => empty($dataReceived['functions']) ? '0' : rtrim($dataReceived['functions'], ";")), "id = %i", $_POST['id']);
// update LOG
if ($oldData['email'] != mysqli_escape_string($link, htmlspecialchars_decode($dataReceived['email']))) {
logEvents('user_mngt', 'at_user_email_changed:' . $oldData['email'], intval($_SESSION['user_id']), $_SESSION['login'], intval($_POST['id']));
}
$rows = DB::query("SELECT * FROM " . $pre . "categories \n WHERE parent_id = %i\n ORDER BY " . $pre . "categories.order ASC", $record['id']);
if (count($rows) > 0) {
foreach ($rows as $field) {
array_push($arrCategories, array('2', $field['id'], $field['title'], $field['order'], "", ""));
}
}
}
echo json_encode($arrCategories, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP);
break;
case "categoryInFolders":
// update order
if (!empty($_POST['foldersIds'])) {
// delete all existing inputs
DB::delete($pre . "categories_folders", "id_category = %i", $_POST['id']);
// create new list
$list = "";
foreach (explode(';', $_POST['foldersIds']) as $folder) {
DB::insert($pre . 'categories_folders', array('id_category' => $_POST['id'], 'id_folder' => $folder));
// prepare a list
$row = DB::queryfirstrow("SELECT title FROM " . $pre . "nested_tree WHERE id=%i", $folder);
if (empty($list)) {
$list = $row['title'];
} else {
$list .= " | " . $row['title'];
}
}
echo '[{"list" : "' . $list . '"}]';
}
break;
}
}
DB::$encoding = $encoding;
DB::$error_handler = 'db_error_handler';
$link = mysqli_connect($server, $user, $pass, $database, $port);
$link->set_charset($encoding);
// check session validity
$data = DB::queryfirstrow("SELECT timestamp, code, item_id FROM " . prefix_table("otv") . "\n WHERE id = %i", intval($_GET['otv_id']));
if ($data['timestamp'] == $_GET['stamp'] && $data['code'] == $_GET['code'] && $data['item_id'] == $_GET['item_id']) {
// otv is too old
if ($data['timestamp'] < time() - $_SESSION['settings']['otv_expiration_period'] * 86400) {
$html = "Link is too old!";
} else {
$dataItem = DB::queryfirstrow("SELECT *\n FROM " . prefix_table("items") . " as i\n INNER JOIN " . prefix_table("log_items") . " as l ON (l.id_item = i.id)\n WHERE i.id = %i AND l.action = %s", intval($_GET['item_id']), 'at_creation');
// get data
$pw = cryption($dataItem['pw'], SALT, $dataItem['pw_iv'], "decrypt");
// get key for original pw
$originalKey = DB::queryfirstrow("SELECT rand_key FROM `" . prefix_table("keys") . "`\n WHERE `sql_table` = %s AND `id` = %i", 'items', intval($_GET['item_id']));
// unsalt previous pw
$pw = substr($pw, strlen($originalKey['rand_key']));
$label = $dataItem['label'];
$email = $dataItem['email'];
$url = $dataItem['url'];
$description = preg_replace('/(?<!\\r)\\n+(?!\\r)/', '', strip_tags($dataItem['description'], $k['allowedTags']));
$login = str_replace('"', '"', $dataItem['login']);
// display data
$html = "<div style='margin:30px;'>" . "<div style='font-size:20px;font-weight:bold;'>Welcome to One-Time item view page.</div>" . "<div style='font-style:italic;'>Here are the details of the Item that has been shared to you</div>" . "<div style='margin-top:10px;'><table>" . "<tr><td>Label:</td><td>" . $label . "</td</tr>" . "<tr><td>Password:</td><td>" . $pw . "</td</tr>" . "<tr><td>Description:</td><td>" . $description . "</td</tr>" . "<tr><td>login:</td><td>" . $login . "</td</tr>" . "<tr><td>URL:</td><td>" . $url . "</td</tr>" . "</table></div>" . "<div style='margin-top:30px;'>Copy carefully the data you need. This page is only visible once.</div>" . "</div>";
// delete entry
//DB::delete(prefix_table("otv"), "id = %i", intval($_GET['otv_id']));
// display
echo $html;
}
} else {
$rows = DB::query("SELECT * FROM " . prefix_table("categories") . "\n WHERE parent_id = %i\n ORDER BY " . $pre . "categories.order ASC", $record['id']);
if (count($rows) > 0) {
foreach ($rows as $field) {
array_push($arrCategories, array('2', $field['id'], $field['title'], $field['order'], "", ""));
}
}
}
echo json_encode($arrCategories, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP);
break;
case "categoryInFolders":
// update order
if (!empty($_POST['foldersIds'])) {
// delete all existing inputs
DB::delete($pre . "categories_folders", "id_category = %i", $_POST['id']);
// create new list
$list = "";
foreach (explode(';', $_POST['foldersIds']) as $folder) {
DB::insert(prefix_table("categories_folders"), array('id_category' => $_POST['id'], 'id_folder' => $folder));
// prepare a list
$row = DB::queryfirstrow("SELECT title FROM " . prefix_table("nested_tree") . " WHERE id=%i", $folder);
if (empty($list)) {
$list = $row['title'];
} else {
$list .= " | " . $row['title'];
}
}
echo '[{"list" : "' . $list . '"}]';
}
break;
}
}
// already re-encrypted
}
}
echo '[{"error" : ""}]';
break;
#CASE auto update server password
#CASE auto update server password
case "server_auto_update_password":
if ($_POST['key'] != $_SESSION['key']) {
echo '[{"error" : "something_wrong"}]';
break;
}
// decrypt and retreive data in JSON format
$dataReceived = prepareExchangedData($_POST['data'], "decode");
// get data about item
$dataItem = DB::queryfirstrow("SELECT label, login, pw, pw_iv, url\n FROM " . prefix_table("items") . "\n WHERE id=%i", $dataReceived['currentId']);
// decrypt password
$oldPwClear = cryption($dataItem['pw'], SALT, $dataItem['pw_iv'], "decrypt");
// encrypt new password
$encrypt = cryption($dataReceived['new_pwd'], SALT, "", "encrypt");
// connect ot server with ssh
$ret = "";
stream_resolve_include_path($_SESSION['settings']['cpassman_dir'] . '/includes/libraries/Authentication/phpseclib/Crypt/RC4.php');
include $_SESSION['settings']['cpassman_dir'] . '/includes/libraries/Authentication/phpseclib/Net/SSH2.php';
$parse = parse_url($dataItem['url']);
if (!isset($parse['host']) || empty($parse['host']) || !isset($parse['host']) || empty($parse['host'])) {
// error in parsing the url
echo prepareExchangedData(array("error" => "Parsing URL failed.<br />Ensure the URL is well written!</i>", "text" => ""), "encode");
break;
} else {
$ssh = new Net_SSH2($parse['host'], $parse['port']);
} else {
require_once 'main.functions.php';
// connect to DB
include $_SESSION['settings']['cpassman_dir'] . '/includes/config/settings.php';
require_once $_SESSION['settings']['cpassman_dir'] . '/includes/libraries/Database/Meekrodb/db.class.php';
DB::$host = $server;
DB::$user = $user;
DB::$password = $pass;
DB::$dbName = $database;
DB::$port = $port;
DB::$encoding = $encoding;
DB::$error_handler = 'db_error_handler';
$link = mysqli_connect($server, $user, $pass, $database, $port);
$link->set_charset($encoding);
// get file key
$result = DB::queryfirstrow("SELECT file FROM " . prefix_table("files") . " WHERE id=%i", $_GET['fileid']);
// Open the file
$fp = fopen($_SESSION['settings']['path_to_upload_folder'] . '/' . $result['file'], 'rb');
// should we decrypt the attachment?
if (isset($_SESSION['settings']['enable_attachment_encryption']) && $_SESSION['settings']['enable_attachment_encryption'] == 1) {
include $_SESSION['settings']['cpassman_dir'] . '/includes/config/settings.php';
// Prepare encryption options
$iv = substr(md5("<X" . SALT, true), 0, 8);
$key = substr(md5("-üØ" . SALT, true) . md5("-üÙ" . SALT, true), 0, 24);
$opts = array('iv' => $iv, 'key' => $key);
// Add the Mcrypt stream filter
stream_filter_append($fp, 'mdecrypt.tripledes', STREAM_FILTER_READ, $opts);
}
// Read the file contents
fpassthru($fp);
}
<div id="tabs-2">
<!-- Prepare a list of all folders that the user can choose -->
<div style="margin-top:10px;" id="keypass_import_options">
<label><b>' . $LANG['import_keepass_to_folder'] . '</b></label>
<select id="import_keepass_items_to">
<option value="0">' . $LANG['root'] . '</option>';
//Load Tree
$tree = new SplClassLoader('Tree\\NestedTree', './includes/libraries');
$tree->register();
$tree = new Tree\NestedTree\NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
$folders = $tree->getDescendants();
// show list of all folders
foreach ($folders as $t) {
if (in_array($t->id, $_SESSION['groupes_visibles'])) {
if (is_numeric($t->title)) {
$user = DB::queryfirstrow("SELECT login FROM " . prefix_table("users") . " WHERE id = %i", $t->title);
$t->title = $user['login'];
$t->id = $t->id . "-perso";
}
$ident = " ";
for ($x = 1; $x < $t->nlevel; $x++) {
$ident .= " ";
}
if (isset($_GET['folder_id']) && $_GET['folder_id'] == $t->id) {
$selected = " selected";
} else {
$selected = "";
}
if ($prevLevel < $t->nlevel) {
echo '<option value="' . $t->id . '"' . $selected . '>' . $ident . $t->title . '</option>';
} elseif ($prevLevel == $t->nlevel) {
}
$texte .= '</tr></thead><tbody>';
//Display each folder with associated rights by role
$i = 0;
foreach ($tree as $node) {
if (in_array($node->id, $_SESSION['groupes_visibles']) && !in_array($node->id, $_SESSION['personal_visible_groups'])) {
$ident = "";
for ($a = 1; $a < $node->nlevel; $a++) {
$ident .= "—";
}
//display 1st cell of the line
$texte .= '<tr><td style=\'font-size:10px; font-family:arial;\' title=\'ID=' . $node->id . '\'>' . $ident . " " . $node->title . '</td>';
foreach ($arrRoles as $role) {
//check if this role has access or not
// if not then color is red; if yes then color is green
$role_detail = DB::queryfirstrow("SELECT * FROM " . prefix_table("roles_values") . " WHERE folder_id = %i AND role_id = %i", $node->id, $role);
if (DB::count() > 0) {
if ($role_detail['type'] == "W") {
$couleur = '#008000';
$allowed = "W";
$title = $LANG['write'];
$label = '<i class="fa fa-indent"></i> <i class="fa fa-edit"></i> <i class="fa fa-eraser"></i>';
} elseif ($role_detail['type'] == "ND") {
$couleur = '#4E45F7';
$allowed = "ND";
$title = $LANG['no_delete'];
$label = '<i class="fa fa-indent"></i> <i class="fa fa-edit"></i>';
} elseif ($role_detail['type'] == "NE") {
$couleur = '#4E45F7';
$allowed = "NE";
$title = $LANG['no_edit'];
/**
* updateCacheTable()
*
* Update the CACHE table
*/
function updateCacheTable($action, $id = "")
{
global $db, $server, $user, $pass, $database, $pre, $port, $encoding;
require_once $_SESSION['settings']['cpassman_dir'] . '/sources/SplClassLoader.php';
//Connect to DB
require_once $_SESSION['settings']['cpassman_dir'] . '/includes/libraries/Database/Meekrodb/db.class.php';
DB::$host = $server;
DB::$user = $user;
DB::$password = $pass;
DB::$dbName = $database;
DB::$port = $port;
DB::$encoding = $encoding;
DB::$error_handler = 'db_error_handler';
$link = mysqli_connect($server, $user, $pass, $database, $port);
$link->set_charset($encoding);
//Load Tree
$tree = new SplClassLoader('Tree\\NestedTree', '../includes/libraries');
$tree->register();
$tree = new Tree\NestedTree\NestedTree(prefix_table("nested_tree"), 'id', 'parent_id', 'title');
// Rebuild full cache table
if ($action == "reload") {
// truncate table
DB::query("TRUNCATE TABLE " . $pre . "cache");
// reload date
$rows = DB::query("SELECT *\n FROM " . $pre . "items as i\n INNER JOIN " . $pre . "log_items as l ON (l.id_item = i.id)\n AND l.action = %s\n AND i.inactif = %i", 'at_creation', 0);
foreach ($rows as $record) {
// Get all TAGS
$tags = "";
$itemTags = DB::query("SELECT tag FROM " . $pre . "tags WHERE item_id=%i", $record['id']);
foreach ($itemTags as $itemTag) {
if (!empty($itemTag['tag'])) {
$tags .= $itemTag['tag'] . " ";
}
}
// form id_tree to full foldername
$folder = "";
$arbo = $tree->getPath($record['id_tree'], true);
foreach ($arbo as $elem) {
if ($elem->title == $_SESSION['user_id'] && $elem->nlevel == 1) {
$elem->title = $_SESSION['login'];
}
if (empty($folder)) {
$folder = stripslashes($elem->title);
} else {
$folder .= " » " . stripslashes($elem->title);
}
}
// store data
DB::insert($pre . "cache", array('id' => $record['id'], 'label' => $record['label'], 'description' => $record['description'], 'tags' => $tags, 'id_tree' => $record['id_tree'], 'perso' => $record['perso'], 'restricted_to' => $record['restricted_to'], 'login' => $record['login'] == null ? "" : $record['login'], 'folder' => $folder, 'author' => $record['id_user']));
}
// UPDATE an item
} elseif ($action == "update_value") {
// get new value from db
$data = DB::queryfirstrow("SELECT label, description, id_tree, perso, restricted_to, login\n FROM " . $pre . "items\n WHERE id=%i", $id);
// Get all TAGS
$tags = "";
$itemTags = DB::query("SELECT tag FROM " . $pre . "tags WHERE item_id=%i", $id);
foreach ($itemTags as $itemTag) {
if (!empty($itemTag['tag'])) {
$tags .= $itemTag['tag'] . " ";
}
}
// form id_tree to full foldername
$folder = "";
$arbo = $tree->getPath($data['id_tree'], true);
foreach ($arbo as $elem) {
if ($elem->title == $_SESSION['user_id'] && $elem->nlevel == 1) {
$elem->title = $_SESSION['login'];
}
if (empty($folder)) {
$folder = stripslashes($elem->title);
} else {
$folder .= " » " . stripslashes($elem->title);
}
}
// finaly update
DB::update($pre . "cache", array('label' => $data['label'], 'description' => $data['description'], 'tags' => $tags, 'id_tree' => $data['id_tree'], 'perso' => $data['perso'], 'restricted_to' => $data['restricted_to'], 'login' => $data['login'], 'folder' => $folder, 'author' => $_SESSION['user_id']), "id = %i", $id);
// ADD an item
} elseif ($action == "add_value") {
// get new value from db
$data = DB::queryFirstRow("SELECT i.label, i.description, i.id_tree as id_tree, i.perso, i.restricted_to, i.id, i.login\n FROM " . $pre . "items as i\n INNER JOIN " . $pre . "log_items as l ON (l.id_item = i.id)\n WHERE i.id = %i\n AND l.action = %s", $id, 'at_creation');
// Get all TAGS
$tags = "";
$itemTags = DB::query("SELECT tag FROM " . $pre . "tags WHERE item_id = %i", $id);
foreach ($itemTags as $itemTag) {
if (!empty($itemTag['tag'])) {
$tags .= $itemTag['tag'] . " ";
}
}
// form id_tree to full foldername
$folder = "";
$arbo = $tree->getPath($data['id_tree'], true);
foreach ($arbo as $elem) {
if ($elem->title == $_SESSION['user_id'] && $elem->nlevel == 1) {
$elem->title = $_SESSION['login'];
}
if (empty($folder)) {
$folder = stripslashes($elem->title);
} else {
$folder .= " » " . stripslashes($elem->title);
}
}
// finaly update
DB::insert($pre . "cache", array('id' => $data['id'], 'label' => $data['label'], 'description' => $data['description'], 'tags' => $tags, 'id_tree' => $data['id_tree'], 'perso' => $data['perso'], 'restricted_to' => $data['restricted_to'], 'login' => $data['login'], 'folder' => $folder, 'author' => $_SESSION['user_id']));
// DELETE an item
} elseif ($action == "delete_value") {
DB::delete($pre . "cache", "id = %i", $id);
}
}
