Пример #1
0
 /**
  * Function: submit
  * Submits a post to the blog owner.
  */
 public function route_submit()
 {
     if (!Visitor::current()->group->can("submit_article")) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to submit articles."));
     }
     if (!empty($_POST)) {
         if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
             show_403(__("Access Denied"), __("Invalid security key."));
         }
         if (empty($_POST['body'])) {
             Flash::notice(__("Post body can't be empty!"), redirect("/"));
         }
         if (!isset($_POST['draft'])) {
             $_POST['draft'] = "true";
         }
         $_POST['body'] = "{$_POST['body']}\n\n\n{$_POST['name']}\n{$_POST['email']}\n";
         $post = Feathers::$instances[$_POST['feather']]->submit();
         if (!in_array(false, $post)) {
             Flash::notice(__("Thank you for your submission. ", "submission"), "/");
         }
     }
     if (Theme::current()->file_exists("forms/post/submit")) {
         MainController::current()->display("forms/post/submit", array("feather" => $feather), __("Submit a Text Post"));
     } else {
         require "pages/submit.php";
     }
 }
Пример #2
0
 public function route_makeRequest()
 {
     $type = pluralize(strip_tags($_GET['type']));
     set_time_limit(0);
     $fp = fopen("../{$type}/latest.zip", 'w+');
     $url = str_replace(" ", "%20", strip_tags($_GET['url']));
     $ch = curl_init($url);
     curl_setopt($ch, CURLOPT_TIMEOUT, 50);
     curl_setopt($ch, CURLOPT_FILE, $fp);
     # write curl response to file
     curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
     curl_exec($ch);
     curl_close($ch);
     fclose($fp);
     $zip = new ZipArchive();
     if ($zip->open("../{$type}/latest.zip") == true) {
         mkdir("../{$type}/latest", 0777);
         $zip->extractTo("../{$type}/latest");
         $zip->close();
         $handle = opendir("../{$type}/latest");
         if ($handle) {
             while (($file = readdir($handle)) !== false) {
                 if (is_dir("../{$type}/latest/{$file}")) {
                     if ($file != '.' and $file != '..') {
                         rename("../{$type}/latest/{$file}", "../{$type}/{$file}");
                     }
                 }
             }
         }
         $this->rrmdir("../{$type}/latest");
         unlink("../{$type}/latest.zip");
         $this->rrmdir("../{$type}/__MACOSX");
     }
     Flash::notice(__("Extension downloaded successfully.", "extension_manager"), "/admin/?action=extend_manager");
 }
Пример #3
0
 public function admin_friendfeedr_settings($admin)
 {
     if (empty($_POST)) {
         return $admin->display("friendfeedr_settings");
     }
     $config = Config::current();
     if ($config->set("friendfeedr_username", $_POST['friendfeedr_username']) && $config->set("friendfeedr_wrapper", $_POST['friendfeedr_wrapper'])) {
         Flash::notice(__("Settings updated."), "/admin/?action=friendfeedr_settings");
     }
 }
Пример #4
0
 public function main_delete_attachment()
 {
     if (!isset($_GET['id'])) {
         error(__("No ID Specified"), __("An ID is required to delete an attachment.", "attachments"));
     }
     $attachment = new Attachment($_GET['id']);
     if ($attachment->no_results) {
         error(__("Error"), __("Invalid attachment ID specified.", "attachments"));
     }
     if (!$attachment->deletable()) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this attachment.", "attachments"));
     }
     Attachment::delete($attachment->id);
     Flash::notice(__("Attachment deleted.", "attachments"), $_SESSION['redirect_to']);
 }
Пример #5
0
 static function admin_obscura_settings($admin)
 {
     if (!Visitor::current()->group->can("change_settings")) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings."));
     }
     if (empty($_POST)) {
         return $admin->display("obscura_settings");
     }
     if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
         show_403(__("Access Denied"), __("Invalid security key."));
     }
     $set = array(Config::current()->set("module_obscura", array("background" => $_POST['background'], "spacing" => $_POST['spacing'], "protect" => isset($_POST['protect']))));
     if (!in_array(false, $set)) {
         Flash::notice(__("Settings updated."), "/admin/?action=obscura_settings");
     }
 }
Пример #6
0
 static function admin_cascade_settings($admin)
 {
     if (!Visitor::current()->group->can("change_settings")) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings."));
     }
     if (empty($_POST)) {
         return $admin->display("cascade_settings");
     }
     if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
         show_403(__("Access Denied"), __("Invalid security key."));
     }
     $set = array(Config::current()->set("ajax_scroll_auto", isset($_POST['auto'])));
     if (!in_array(false, $set)) {
         Flash::notice(__("Settings updated."), "/admin/?action=cascade_settings");
     }
 }
Пример #7
0
 static function admin_emailblog_settings($admin)
 {
     if (!Visitor::current()->group->can("change_settings")) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings."));
     }
     if (empty($_POST)) {
         return $admin->display("emailblog_settings");
     }
     if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
         show_403(__("Access Denied"), __("Invalid security key."));
     }
     $config = Config::current();
     $set = array($config->set("emailblog_address", $_POST['email']), $config->set("emailblog_pass", $_POST['pass']), $config->set("emailblog_minutes", $_POST['minutes']), $config->set("emailblog_subjpass", $_POST['subjpass']), $config->set("emailblog_server", $_POST['server']));
     if (!in_array(false, $set)) {
         Flash::notice(__("Settings updated."), "/admin/?action=emailblog_settings");
     }
 }
Пример #8
0
 public function admin_theme_editor($admin)
 {
     if (!Visitor::current()->group->can("change_settings")) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings."));
     }
     if (empty($_POST)) {
         return $admin->display("theme_editor", array("editor" => self::admin_context($admin->context)), __("Theme Editor", "theme_editor"));
     }
     if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
         show_403(__("Access Denied"), __("Invalid security key."));
     }
     if (isset($_POST['file']) and isset($_POST['newcontent'])) {
         $done = file_put_contents($_POST['file'], $_POST['newcontent']);
         if (!empty($done)) {
             Flash::notice(__("File Updated"), "/admin/?action=theme_editor&file=" . $_POST['cur_file']);
         }
     }
 }
Пример #9
0
 static function admin_like_settings($admin)
 {
     $config = Config::current();
     if (!Visitor::current()->group->can("change_settings")) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings."));
     }
     if (empty($_POST)) {
         return $admin->display("like_settings");
     }
     if (!isset($_POST['hash']) or $_POST['hash'] != $config->secure_hashkey) {
         show_403(__("Access Denied"), __("Invalid security key."));
     }
     $likeText = array();
     foreach ($_POST as $key => $value) {
         if (strstr($key, "likeText-")) {
             $exploded_array = explode("-", $key, 2);
             $likeText[$exploded_array[1]] = strip_tags(stripslashes($value));
         }
     }
     $set = array($config->set("module_like", array("showOnFront" => isset($_POST['showOnFront']), "likeWithText" => isset($_POST['likeWithText']), "likeImage" => $_POST['likeImage'], "likeText" => $likeText)));
     if (!in_array(false, $set)) {
         Flash::notice(__("Settings updated."), "/admin/?action=like_settings");
     }
 }
Пример #10
0
 /**
  * Function: create
  * Attempts to create a comment using the passed information. If a Defensio API key is present, it will check it.
  *
  * Parameters:
  *     $author - The name of the commenter.
  *     $email - The commenter's email.
  *     $url - The commenter's website.
  *     $body - The comment.
  *     $post - The <Post> they're commenting on.
  *     $type - The type of comment. Optional, used for trackbacks/pingbacks.
  */
 static function create($author, $email, $url, $body, $post, $type = null)
 {
     if (!self::user_can($post->id) and !in_array($type, array("trackback", "pingback"))) {
         return;
     }
     $config = Config::current();
     $route = Route::current();
     $visitor = Visitor::current();
     if (!$type) {
         $status = $post->user_id == $visitor->id ? "approved" : $config->default_comment_status;
         $type = "comment";
     } else {
         $status = $type;
     }
     if (!empty($config->defensio_api_key)) {
         $comment = array("user-ip" => $_SERVER['REMOTE_ADDR'], "article-date" => when("Y/m/d", $post->created_at), "comment-author" => $author, "comment-type" => $type, "comment-content" => $body, "comment-author-email" => $email, "comment-author-url" => $url, "permalink" => $post->url(), "referrer" => $_SERVER['HTTP_REFERER'], "user-logged-in" => logged_in());
         $defensio = new Defensio($config->url, $config->defensio_api_key);
         list($spam, $spaminess, $signature) = $defensio->auditComment($comment);
         if ($spam) {
             self::add($body, $author, $url, $email, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT'], "spam", $signature, null, null, $post, $visitor->id);
             error(__("Spam Comment"), __("Your comment has been marked as spam. It will have to be approved before it will show up.", "comments"));
         } else {
             $comment = self::add($body, $author, $url, $email, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT'], $status, $signature, null, null, $post, $visitor->id);
             fallback($_SESSION['comments'], array());
             $_SESSION['comments'][] = $comment->id;
             if (isset($_POST['ajax'])) {
                 exit("{ comment_id: " . $comment->id . ", comment_timestamp: \"" . $comment->created_at . "\" }");
             }
             Flash::notice(__("Comment added."), $post->url() . "#comment_" . $comment->id);
         }
     } else {
         $comment = self::add($body, $author, $url, $email, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT'], $status, "", null, null, $post, $visitor->id);
         fallback($_SESSION['comments'], array());
         $_SESSION['comments'][] = $comment->id;
         if (isset($_POST['ajax'])) {
             exit("{ comment_id: " . $comment->id . ", comment_timestamp: \"" . $comment->created_at . "\" }");
         }
         Flash::notice(__("Comment added."), $post->url() . "#comment_" . $comment->id);
     }
 }
Пример #11
0
 /**
  * Function: create
  * Attempts to create a comment using the passed information. If the Akismet API key is present, it will check it.
  *
  * Parameters:
  *     $body - The comment.
  *     $author - The name of the commenter.
  *     $url - The commenter's website.
  *     $email - The commenter's email.
  *     $post - The <Post> they're commenting on.
  *     $parent - The <Comment> they're replying to.
  *     $notify - Notification on follow-up comments.
  *     $type - The type of comment. Optional, used for trackbacks/pingbacks.
  */
 static function create($body, $author, $url, $email, $post, $parent, $notify, $type = null)
 {
     if (!self::user_can($post->id) and !in_array($type, array("trackback", "pingback"))) {
         return;
     }
     $config = Config::current();
     $route = Route::current();
     $visitor = Visitor::current();
     if (!$type) {
         $status = $post->user_id == $visitor->id ? "approved" : $config->default_comment_status;
         $type = "comment";
     } else {
         $status = $type;
     }
     if (!empty($config->akismet_api_key)) {
         $akismet = new Akismet($config->url, $config->akismet_api_key);
         $akismet->setCommentContent($body);
         $akismet->setCommentAuthor($author);
         $akismet->setCommentAuthorURL($url);
         $akismet->setCommentAuthorEmail($email);
         $akismet->setPermalink($post->url());
         $akismet->setCommentType($type);
         $akismet->setReferrer($_SERVER['HTTP_REFERER']);
         $akismet->setUserIP($_SERVER['REMOTE_ADDR']);
         if ($akismet->isCommentSpam()) {
             self::add($body, $author, $url, $email, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT'], "spam", $post->id, $visitor->id, $parent, $notify);
             error(__("Spam Comment"), __("Your comment has been marked as spam. It has to be reviewed and/or approved by an admin.", "comments"));
         } else {
             $comment = self::add($body, $author, $url, $email, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT'], $status, $post->id, $visitor->id, $parent, $notify);
             fallback($_SESSION['comments'], array());
             $_SESSION['comments'][] = $comment->id;
             if (isset($_POST['ajax'])) {
                 exit("{ \"comment_id\": \"" . $comment->id . "\", \"comment_timestamp\": \"" . $comment->created_at . "\" }");
             }
             Flash::notice(__("Comment added."), $post->url() . "#comments");
         }
     } else {
         $comment = self::add($body, $author, $url, $email, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT'], $status, $post->id, $visitor->id, $parent, $notify);
         fallback($_SESSION['comments'], array());
         $_SESSION['comments'][] = $comment->id;
         if (isset($_POST['ajax'])) {
             exit("{ \"comment_id\": \"" . $comment->id . "\", \"comment_timestamp\": \"" . $comment->created_at . "\" }");
         }
         Flash::notice(__("Comment added."), $post->url() . "#comment");
     }
 }
Пример #12
0
 static function admin_manage_dropbox($admin)
 {
     if (!Visitor::current()->group->can("add_post", "add_draft")) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to create posts."));
     }
     if (empty($_POST)) {
         return $admin->display("manage_dropbox");
     }
     $config = Config::current();
     if (!isset($config->module_dropbox["oauth_token"])) {
         Flash::notice(__("You need to authorize Dropbox first.", "dropbox"), "/admin/?action=dropbox_settings");
     }
     $data = json_decode(file_get_contents("http://chyrp.net/api/1/dropboxsync.php?keys"), true);
     $app_key = $data["key"];
     $app_secret = $data["secret"];
     $storage = new \Dropbox\OAuth\Storage\Session();
     $OAuth = new \Dropbox\OAuth\Consumer\Curl($app_key, $app_secret, $storage);
     $dropbox = new \Dropbox\API($OAuth);
     $delta = $dropbox->delta();
     $delta = $delta["body"];
     if ($delta->cursor != $config->module_dropbox["cursor"]) {
         if (count($delta->entries) > 0) {
             foreach ($delta->entries as $entry) {
                 $tmpfname = tempnam("/tmp", "md");
                 $file = $dropbox->getFile(ltrim($entry[0], "/"), $tmpfname);
                 $post = new FrontMatter($file["name"]);
                 $date = explode(".", ltrim($entry[0], "/"));
                 $values = array("title" => $post->fetch("title"), "body" => $post->fetch("content"));
                 # Set defaults
                 fallback($clean, oneof($post->fetch("slug"), strtolower(str_replace(" ", "-", $post->fetch("title")))));
                 fallback($url, Post::check_url($clean));
                 fallback($pinned, oneof($post->fetch("pinned"), 0));
                 fallback($status, oneof($post->fetch("status"), "public"));
                 fallback($date, oneof(datetime($post->fetch("date")), datetime($date[0])));
                 $post = Post::add($values, $clean, $url, "text", 1, $pinned, $status, datetime($post->fetch("date")), datetime($post->fetch("date")), false);
             }
         }
         $set = array($config->set("module_dropbox", array("oauth_token_secret" => $config->module_dropbox['oauth_token_secret'], "oauth_token" => $config->module_dropbox['oauth_token'], "uid" => $config->module_dropbox['uid'], "cursor" => $delta->cursor)));
         if (!in_array(false, $set)) {
             Flash::notice(__("Post imported successfully.", "dropbox"), "/admin/?action=manage_posts");
         }
     }
 }
Пример #13
0
 public function admin_delete_category($admin)
 {
     if (!Visitor::current()->group()->can("manage_categorize")) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to manage categories.", "categorize"));
     }
     Category::deleteCategory($_REQUEST['id']);
     Flash::notice(__("Category deleted.", "categorize"), "/admin/?action=manage_category");
 }
Пример #14
0
} catch (Exception $e) {
    print "<div style='background:#FFBBBB;border:1px solid red'>";
    print "Test '{$test_name}' (FALL&Oacute;) con mensaje: ({$e->getMessage()})";
    print "</div>";
}
if ($test) {
    $end_benckmark = microtime(true) - $start_benchmark;
    print "<div style='background:#CCFF99;border:1px solid green'>";
    print "Test '{$test_name}' (OK) con tiempo: ({$end_benckmark})";
    print "</div>";
}
$test = true;
$test_name = "CONTAR TABLAS Y DESCRIBIR TABLA TEST";
$start_benchmark = microtime(true);
try {
    Flash::notice("HAY " . count($db->list_tables()) . " TABLA(S) EN LA BASE DE DATOS");
    print_r($db->describe_table("kumbia_test"));
} catch (Exception $e) {
    print "<div style='background:#FFBBBB;border:1px solid red'>";
    print "Test '{$test_name}' (FALL&Oacute;) con mensaje: ({$e->getMessage()})";
    print "</div>";
}
if ($test) {
    $end_benckmark = microtime(true) - $start_benchmark;
    print "<div style='background:#CCFF99;border:1px solid green'>";
    print "Test '{$test_name}' (OK) con tiempo: ({$end_benckmark})";
    print "</div>";
}
$test = true;
$test_name = "CERRAR LA CONEXION A LA BASE DE DATOS";
$start_benchmark = microtime(true);
Пример #15
0
 public function destroy_version()
 {
     if (!isset($_POST['version_id'])) {
         error(__("Error"), __("No version ID specified.", "extend"));
     }
     $version = new Version($_POST['version_id']);
     if ($version->no_results) {
         error(__("Error"), __("Invalid version ID specified.", "extend"));
     }
     if (!$version->deletable()) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this version.", "extend"));
     }
     Version::delete($version->id);
     Flash::notice(__("Version deleted.", "extend"), $version->extension->url());
 }
Пример #16
0
 public function admin_clear_cache()
 {
     if (!Visitor::current()->group->can("change_settings")) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings."));
     }
     $this->regenerate();
     Flash::notice(__("Cache cleared.", "cacher"), "/admin/?action=cache_settings");
 }
Пример #17
0
 public function admin_destroy_milestone()
 {
     if (!isset($_POST['id'])) {
         error(__("Error"), __("No milestone ID specified.", "progress"));
     }
     if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
         show_403(__("Access Denied"), __("Invalid security key."));
     }
     $milestone = new Milestone($_POST['id']);
     if ($milestone->no_results) {
         error(__("Error"), __("Invalid milestone ID specified.", "progress"));
     }
     if (!$milestone->deletable()) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this milestone.", "progress"));
     }
     foreach ($milestone->tickets as $ticket) {
         $ticket->update(null, null, $_POST['move_milestone']);
     }
     Milestone::delete($milestone->id);
     Flash::notice(__("Milestone deleted.", "progress"), "/admin/?action=manage_milestones");
 }
Пример #18
0
	function messages() {
		Flash::notice("Success message.");
		Flash::error("Error message.");
		
		$this->redirect(WWW_PATH . '/');
	}
Пример #19
0
 public function destroy_topic()
 {
     if (!isset($_POST['topic_id'])) {
         error(__("Error"), __("No topic ID specified.", "discuss"));
     }
     $topic = new Topic($_POST['topic_id']);
     if ($topic->no_results) {
         error(__("Error"), __("Invalid topic ID specified.", "discuss"));
     }
     if (!$topic->deletable()) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this topic.", "discuss"));
     }
     Topic::delete($topic->id);
     Flash::notice(__("Topic deleted.", "discuss"), $topic->forum->url());
 }
Пример #20
0
 public function admin_bulk_tag($admin)
 {
     if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
         show_403(__("Access Denied"), __("Invalid security key."));
     }
     if (empty($_POST['name']) or empty($_POST['post'])) {
         redirect("/admin/?action=manage_tags");
     }
     $sql = SQL::current();
     foreach (array_map("trim", explode(",", $_POST['name'])) as $tag) {
         foreach ($_POST['post'] as $post_id) {
             $post = new Post($post_id);
             if (!$post->editable()) {
                 continue;
             }
             $tags = $sql->select("post_attributes", "value", array("name" => "tags", "post_id" => $post_id));
             if ($tags and $value = $tags->fetchColumn()) {
                 $tags = YAML::load($value);
             } else {
                 $tags = array();
             }
             $tags[$tag] = sanitize($tag);
             $sql->replace("post_attributes", array("post_id", "name"), array("name" => "tags", "value" => YAML::dump($tags), "post_id" => $post_id));
         }
     }
     Flash::notice(__("Posts tagged.", "tags"), "/admin/?action=manage_tags");
 }
Пример #21
0
 static function generate($form)
 {
     $config = Config::read();
     $weightArray = array();
     $headerArray = array();
     $selectedFields = "";
     $tables = "";
     $whereCondition = "";
     $maxCondition = "";
     $n = 0;
     $db = db::raw_connect();
     if (isset($form['dataFilter']) && $form['dataFilter']) {
         if (strpos($form['dataFilter'], '@')) {
             ereg("[\\@][A-Za-z0-9_]+", $form['dataFilter'], $regs);
             foreach ($regs as $reg) {
                 $form['dataFilter'] = str_replace($reg, $_REQUEST["fl_" . str_replace("@", "", $reg)], $form['dataFilter']);
             }
         }
     }
     if ($form['type'] == 'standard') {
         if (isset($form['joinTables']) && $form['joinTables']) {
             $tables = $form['joinTables'];
         }
         if (isset($form['joinConditions']) && $form['joinConditions']) {
             $whereCondition = " " . $form['joinConditions'];
         }
         foreach ($form['components'] as $name => $com) {
             if (!isset($com['attributes']['value'])) {
                 $com['attributes']['value'] = "";
             }
             if ($_REQUEST['fl_' . $name] == $com['attributes']['value']) {
                 $_REQUEST['fl_' . $name] = "";
             }
             if (trim($_REQUEST["fl_" . $name]) && $_REQUEST["fl_" . $name] != '@') {
                 if ($form['components'][$name]['valueType'] == 'date') {
                     $whereCondition .= " and " . $form['source'] . ".{$name} = '" . $_REQUEST["fl_" . $name] . "'";
                 } else {
                     if ($form['components'][$name]['valueType'] == 'numeric') {
                         $whereCondition .= " and " . $form['source'] . ".{$name} = '" . $_REQUEST["fl_" . $name] . "'";
                     } else {
                         if ($form['components'][$name]['type'] == 'hidden') {
                             $whereCondition .= " and " . $form['source'] . ".{$name} = '" . $_REQUEST["fl_" . $name] . "'";
                         } else {
                             if ($com['type'] == 'check') {
                                 if ($_REQUEST["fl_" . $name] == $form['components'][$name]['checkedValue']) {
                                     $whereCondition .= " and " . $form['source'] . ".{$name} = '" . $_REQUEST["fl_" . $name] . "'";
                                 }
                             } else {
                                 if ($com['type'] == 'time') {
                                     if ($_REQUEST["fl_" . $name] != '00:00') {
                                         $whereCondition .= " and {$form['source']}.{$name} = '" . $_REQUEST["fl_" . $name] . "'";
                                     }
                                 } else {
                                     if ($com['primary'] || $com['type'] == 'combo') {
                                         $whereCondition .= " and " . $form['source'] . ".{$name} = '" . $_REQUEST["fl_" . $name] . "'";
                                     } else {
                                         $whereCondition .= " and " . $form['source'] . ".{$name} like '%" . $_REQUEST["fl_" . $name] . "%'";
                                     }
                                 }
                             }
                         }
                     }
                 }
             }
         }
     }
     //Modificaciones para seleccion de la ordenacion del report, si esta acabado en _id, quiere decir foreignkey
     //Cojeremos el texto sin el id, tendremos la tabla
     ActiveRecord::sql_item_sanizite($_REQUEST['reportTypeField']);
     if (substr($_REQUEST['reportTypeField'], strlen($_REQUEST['reportTypeField']) - 3, strlen($_REQUEST['reportTypeField'])) == "_id") {
         $OrderFields = substr($_REQUEST['reportTypeField'], 0, strlen($_REQUEST['reportTypeField']) - 3);
     } else {
         $OrderFields = $_REQUEST['reportTypeField'];
     }
     $maxCondition = $whereCondition;
     $n = 0;
     foreach ($form['components'] as $name => $com) {
         if (!isset($com['notReport'])) {
             $com['notReport'] = false;
         }
         if (!isset($com['class'])) {
             $com['class'] = false;
         }
         if (!$com['notReport']) {
             if (isset($com['caption']) && $com['caption']) {
                 $headerArray[$n] = str_replace("&oacute;", "ó", $com['caption']);
                 $headerArray[$n] = str_replace("&aacute;", "á", $headerArray[$n]);
                 $headerArray[$n] = str_replace("&eacute;", "é", $headerArray[$n]);
                 $headerArray[$n] = str_replace("&iacute;", "í", $headerArray[$n]);
                 $headerArray[$n] = str_replace("&uacute;", "ú", $headerArray[$n]);
                 $headerArray[$n] = str_replace("<br/>", " ", $headerArray[$n]);
             } else {
                 $com['caption'] = "";
             }
             if ($com['type'] == 'combo' && $com['class'] == 'dynamic') {
                 if (isset($com['extraTables']) && $com['extraTables']) {
                     $tables .= "{$com['extraTables']},";
                 }
                 if (isset($com['whereConditionOnQuery']) && $com['whereConditionOnQuery']) {
                     $whereCondition .= " and {$com['whereConditionOnQuery']}";
                 }
                 if (strpos(" " . $com['detailField'], "concat(")) {
                     $selectedFields .= $com['detailField'] . ",";
                 } else {
                     $selectedFields .= $com['foreignTable'] . "." . $com['detailField'] . ",";
                     //Comparamos la Tabla foranea que tenemos, y cuando sea igual, suponiendo no hay
                     //mas de una clave foranea por tabla, sabremos a que tabla pertenece
                     if ($com['foreignTable'] == $OrderFields) {
                         $OrderFields = $com['foreignTable'] . "." . $com['detailField'];
                     }
                 }
                 $tables .= $com['foreignTable'] . ",";
                 if ($com['column_relation']) {
                     $whereCondition .= " and " . $com['foreignTable'] . "." . $com['column_relation'] . " = " . $form['source'] . "." . $name;
                 } else {
                     $whereCondition .= " and " . $com['foreignTable'] . "." . $name . " = " . $form['source'] . "." . $name;
                 }
                 $weightArray[$n] = strlen($headerArray[$n]) + 2;
                 $n++;
             } else {
                 if ($com['type'] != 'hidden') {
                     if ($com['class'] == 'static' && isset($com['type']) && $com['type'] == 'combo') {
                         $weightArray[$n] = strlen($headerArray[$n]) + 2;
                         if ($config->type == 'pgsql') {
                             $selectedFields .= "case ";
                         }
                         if ($config->type == 'mysql') {
                             for ($i = 0; $i <= count($com['items']) - 2; $i++) {
                                 $selectedFields .= "if(" . $form['source'] . "." . $name . "='" . $com['items'][$i][0] . "', '" . $com['items'][$i][1] . "', ";
                                 if ($weightArray[$n] < strlen($com['items'][$i][1])) {
                                     $weightArray[$n] = strlen($com['items'][$i][1]) + 1;
                                 }
                             }
                         }
                         if ($config->type == 'pgsql') {
                             for ($i = 0; $i <= count($com['items']) - 1; $i++) {
                                 $selectedFields .= " when " . $form['source'] . "." . $name . "='" . $com['items'][$i][0] . "' THEN '" . $com['items'][$i][1] . "' ";
                                 if ($weightArray[$n] < strlen($com['items'][$i][1])) {
                                     $weightArray[$n] = strlen($com['items'][$i][1]) + 1;
                                 }
                             }
                         }
                         $n++;
                         if ($config->type == 'mysql') {
                             $selectedFields .= "'" . $com['items'][$i][1] . "')";
                             for ($j = 0; $j <= $i - 2; $j++) {
                                 $selectedFields .= ")";
                             }
                         }
                         if ($config->type == 'pgsql') {
                             $selectedFields .= " end ";
                         }
                         $selectedFields .= ",";
                     } else {
                         $selectedFields .= $form['source'] . "." . $name . ",";
                         //Aqui seguro que no es foranea, entonces tenemos que poner la tabla principal 							//
                         //antes para evitar repeticiones
                         if ($name == $OrderFields) {
                             $OrderFields = $form['source'] . "." . $OrderFields;
                         }
                         $weightArray[$n] = strlen($headerArray[$n]) + 2;
                         $n++;
                     }
                 }
             }
         }
     }
     $tables .= $form['source'];
     $selectedFields = substr($selectedFields, 0, strlen($selectedFields) - 1);
     if (isset($form['dataRequisite']) && $form['dataRequisite']) {
         $whereCondition .= " and {$form['dataFilter']}";
     }
     //Modificacion del order
     if ($OrderFields) {
         $OrderCondition = "Order By " . $OrderFields;
     } else {
         $OrderCondition = "";
     }
     $query = "select {$selectedFields} from {$tables} where 1 = 1 " . $whereCondition . " " . $OrderCondition;
     $q = $db->query($query);
     if (!is_bool($q)) {
         if (!$db->num_rows($q)) {
             Flash::notice("No hay informaci&oacute;n para listar");
             return;
         }
     } else {
         Flash::error($db->error());
         return;
     }
     $result = array();
     $n = 0;
     while ($row = $db->fetch_array($q, db::DB_NUM)) {
         $result[$n++] = $row;
     }
     foreach ($result as $row) {
         for ($i = 0; $i <= count($row) - 1; $i++) {
             if ($weightArray[$i] < strlen(trim($row[$i]))) {
                 $weightArray[$i] = strlen(trim($row[$i]));
             }
         }
     }
     for ($i = 0; $i <= count($weightArray) - 1; $i++) {
         $weightArray[$i] *= 1.8;
     }
     $sumArray = array_sum($weightArray);
     if (!$_REQUEST['reportType']) {
         $_REQUEST['reportType'] = 'pdf';
     }
     if ($_REQUEST['reportType'] != 'html') {
         $title = str_replace("&oacute;", "ó", $form['caption']);
         $title = str_replace("&aacute;", "á", $title);
         $title = str_replace("&eacute;", "é", $title);
         $title = str_replace("&iacute;", "í", $title);
         $title = str_replace("&uacute;", "ú", $title);
     } else {
         $title = $form['caption'];
     }
     switch ($_REQUEST['reportType']) {
         case 'pdf':
             require_once CORE_PATH . 'extensions/report/format/pdf.php';
             pdf($result, $sumArray, $title, $weightArray, $headerArray);
             break;
         case 'xls':
             require_once CORE_PATH . 'extensions/report/format/xls.php';
             xls($result, $sumArray, $title, $weightArray, $headerArray);
             break;
         case 'html':
             require_once CORE_PATH . 'extensions/report/format/htm.php';
             htm($result, $sumArray, $title, $weightArray, $headerArray);
             break;
         case 'doc':
             require_once CORE_PATH . 'extensions/report/format/doc.php';
             doc($result, $sumArray, $title, $weightArray, $headerArray);
             break;
         default:
             require_once CORE_PATH . 'extensions/report/format/pdf.php';
             pdf($result, $sumArray, $title, $weightArray, $headerArray);
             break;
     }
 }
 /**
  * Muestra Mensajes de Debug en Pantalla si esta habilitado
  *
  * @param string $sql
  */
 protected function debug($sql)
 {
     if ($this->debug) {
         Flash::notice($sql);
     }
 }
Пример #23
0
 public function destroy_ticket()
 {
     if (!isset($_POST['ticket_id'])) {
         error(__("Error"), __("No ticket ID specified.", "progress"));
     }
     $ticket = new Ticket($_POST['ticket_id']);
     if ($ticket->no_results) {
         error(__("Error"), __("Invalid ticket ID specified.", "progress"));
     }
     if (!$ticket->deletable()) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this ticket.", "progress"));
     }
     Ticket::delete($ticket->id);
     Flash::notice(__("Ticket deleted.", "progress"), $ticket->milestone->url());
 }
Пример #24
0
 /**
  * Function: lost_password
  * Handles e-mailing lost passwords to a user's email address.
  */
 public function lost_password()
 {
     if (!empty($_POST)) {
         $user = new User(array("login" => $_POST['login']));
         if ($user->no_results) {
             Flash::warning(__("Invalid user specified."));
             return $this->display("forms/user/lost_password", array(), __("Lost Password"));
         }
         $new_password = random(16);
         $user->update($user->login, User::hashPassword($new_password), $user->email, $user->full_name, $user->website, $user->group_id);
         $sent = email($user->email, __("Lost Password Request"), _f("%s,\n\nWe have received a request for a new password for your account at %s.\n\nPlease log in with the following password, and feel free to change it once you've successfully logged in:\n\t%s", array($user->login, Config::current()->name, $new_password)));
         if ($sent) {
             Flash::notice(_f("An e-mail has been sent to your e-mail address that contains a new password. Once you have logged in, you can change it at <a href=\"%s\">User Controls</a>.", array(url("controls"))));
         } else {
             # Set their password back to what it was originally.
             $user->update($user->login, $user->password, $user->email, $user->full_name, $user->website, $user->group_id);
             Flash::warning(__("E-Mail could not be sent. Password change cancelled."));
         }
     }
     $this->display("forms/user/lost_password", array(), __("Lost Password"));
 }
Пример #25
0
 public function admin_destroy_type()
 {
     if (!isset($_POST['id'])) {
         error(__("Error"), __("No type ID specified.", "extend"));
     }
     if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
         show_403(__("Access Denied"), __("Invalid security key."));
     }
     $type = new Type($_POST['id']);
     if ($type->no_results) {
         error(__("Error"), __("Invalid type ID specified.", "extend"));
     }
     if (!$type->deletable()) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this type.", "extend"));
     }
     foreach ($type->extensions as $extension) {
         $extension->update(null, null, $_POST['move_type']);
     }
     Type::delete($type->id);
     Flash::notice(__("Type deleted.", "extend"), "/admin/?action=manage_types");
 }
Пример #26
0
 /**
  * Function: route_settings
  * Route Settings page.
  */
 public function route_settings()
 {
     if (!Visitor::current()->group->can("change_settings")) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings."));
     }
     if (empty($_POST)) {
         return $this->display("route_settings");
     }
     if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
         show_403(__("Access Denied"), __("Invalid security key."));
     }
     $config = Config::current();
     $set = array($config->set("clean_urls", !empty($_POST['clean_urls'])), $config->set("post_url", $_POST['post_url']));
     if (!in_array(false, $set)) {
         Flash::notice(__("Settings updated."), "/admin/?action=route_settings");
     }
 }
Пример #27
0
 public function admin_destroy_aggregate($admin)
 {
     if (empty($_POST['id'])) {
         error(__("No ID Specified"), __("An ID is required to delete an aggregate.", "aggregator"));
     }
     if ($_POST['destroy'] == "bollocks") {
         redirect("/admin/?action=manage_aggregates");
     }
     if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
         show_403(__("Access Denied"), __("Invalid security key."));
     }
     if (!Visitor::current()->group->can("delete_aggregate")) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this aggregate.", "aggregator"));
     }
     $name = $_POST['id'];
     if ($_POST["delete_posts"]) {
         $this->delete_posts($name);
         $notice = __("Aggregate and its posts deleted.", "aggregator");
     } else {
         $notice = __("Aggregate deleted.", "aggregator");
     }
     $config = Config::current();
     unset($config->aggregates[$name]);
     $config->set("aggregates", $config->aggregates);
     Flash::notice($notice, "/admin/?action=manage_aggregates");
 }
Пример #28
0
 static function admin_bulk_comments()
 {
     $from = !isset($_GET['from']) ? "manage_comments" : "manage_spam";
     if (!isset($_POST['comment'])) {
         Flash::warning(__("No comments selected."), "/admin/?action=" . $from);
     }
     $comments = array_keys($_POST['comment']);
     if (isset($_POST['delete'])) {
         foreach ($comments as $comment) {
             $comment = new Comment($comment);
             if ($comment->deletable()) {
                 Comment::delete($comment->id);
             }
         }
         Flash::notice(__("Selected comments deleted.", "comments"));
     }
     $false_positives = array();
     $false_negatives = array();
     $sql = SQL::current();
     $config = Config::current();
     if (isset($_POST['deny'])) {
         foreach ($comments as $comment) {
             $comment = new Comment($comment);
             if (!$comment->editable()) {
                 continue;
             }
             if ($comment->status == "spam") {
                 $false_positives[] = $comment->signature;
             }
             $sql->update("comments", array("id" => $comment->id), array("status" => "denied"));
         }
         Flash::notice(__("Selected comments denied.", "comments"));
     }
     if (isset($_POST['approve'])) {
         foreach ($comments as $comment) {
             $comment = new Comment($comment);
             if (!$comment->editable()) {
                 continue;
             }
             if ($comment->status == "spam") {
                 $false_positives[] = $comment->signature;
             }
             $sql->update("comments", array("id" => $comment->id), array("status" => "approved"));
         }
         Flash::notice(__("Selected comments approved.", "comments"));
     }
     if (isset($_POST['spam'])) {
         foreach ($comments as $comment) {
             $comment = new Comment($comment);
             if (!$comment->editable()) {
                 continue;
             }
             $sql->update("comments", array("id" => $comment->id), array("status" => "spam"));
             $false_negatives[] = $comment->signature;
         }
         Flash::notice(__("Selected comments marked as spam.", "comments"));
     }
     if (!empty($config->defensio_api_key)) {
         $defensio = new Defensio($config->url, $config->defensio_api_key);
         if (!empty($false_positives)) {
             $defensio->submitFalsePositives(implode(",", $false_positives));
         }
         if (!empty($false_negatives)) {
             $defensio->submitFalseNegatives(implode(",", $false_negatives));
         }
     }
     redirect("/admin/?action=" . $from);
 }
Пример #29
0
 public function admin_destroy_forum()
 {
     if (!isset($_POST['id'])) {
         error(__("Error"), __("No forum ID specified.", "discuss"));
     }
     if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
         show_403(__("Access Denied"), __("Invalid security key."));
     }
     $forum = new Forum($_POST['id']);
     if ($forum->no_results) {
         error(__("Error"), __("Invalid forum ID specified.", "discuss"));
     }
     if (!$forum->deletable()) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this forum.", "discuss"));
     }
     foreach ($forum->topics as $topic) {
         $topic->update(null, null, $_POST['move_forum']);
     }
     Forum::delete($forum->id);
     Flash::notice(__("Forum deleted.", "discuss"), "/admin/?action=manage_forums");
 }