public function __construct(database $db, User $user, $menu)
{
$this->db =& $db;
$this->user =& $user;
$this->ajax = Kit::GetParam('ajax', _REQUEST, _BOOL, false);
$this->q = Kit::GetParam('q', _REQUEST, _WORD);
$this->userid = Kit::GetParam('userid', _SESSION, _INT);
$usertypeid = Kit::GetParam('usertype', _SESSION, _INT);
if ($menu == '') {
$this->message = __('No menu provided');
return false;
}
if (!($this->theMenu = $user->MenuAuth($menu))) {
$this->message = __('No permissions for this menu.');
return false;
}
// Set some information about this menu
$this->current = 0;
$this->numberItems = count($this->theMenu);
// We dont want to do 0 items
if ($this->numberItems == 0) {
$this->numberItems = -1;
}
$this->message = $this->numberItems . ' menu items loaded';
return true;
}
function __construct(database $db, user $user)
{
$this->db =& $db;
$this->user =& $user;
$this->layoutid = Kit::GetParam('layoutid', _REQUEST, _INT);
// Include the layout data class
include_once "lib/data/layout.data.class.php";
//if we have modify selected then we need to get some info
if ($this->layoutid != '') {
// get the permissions
Debug::LogEntry('audit', 'Loading permissions for layoutid ' . $this->layoutid);
$this->auth = $user->LayoutAuth($this->layoutid, true);
if (!$this->auth->view) {
trigger_error(__("You do not have permissions to view this layout"), E_USER_ERROR);
}
$sql = " SELECT layout, description, userid, retired, tags, xml FROM layout ";
$sql .= sprintf(" WHERE layoutID = %d ", $this->layoutid);
if (!($results = $db->query($sql))) {
trigger_error($db->error());
trigger_error(__("Cannot retrieve the Information relating to this layout. The layout may be corrupt."), E_USER_ERROR);
}
if ($db->num_rows($results) == 0) {
$this->has_permissions = false;
}
while ($aRow = $db->get_row($results)) {
$this->layout = Kit::ValidateParam($aRow[0], _STRING);
$this->description = Kit::ValidateParam($aRow[1], _STRING);
$this->retired = Kit::ValidateParam($aRow[3], _INT);
$this->tags = Kit::ValidateParam($aRow[4], _STRING);
$this->xml = $aRow[5];
}
}
}
public function __construct()
{
// Determine if this is an AJAX call or not
$this->ajax = Kit::GetParam('ajax', _REQUEST, _BOOL, false);
// Assume success
$this->success = true;
$this->clockUpdate = false;
$this->focusInFirstInput = true;
$this->appendHiddenSubmit = true;
$this->uniqueReference = '';
$this->buttons = '';
$this->pageSize = 10;
$this->pageNumber = 0;
$this->initialSortColumn = 1;
$this->initialSortOrder = 1;
$this->modal = false;
$this->extra = array();
$this->dialogClass = '';
// Start a DB transaction for all returns from the Web Portal
try {
$dbh = PDOConnect::init();
if (!$dbh->inTransaction()) {
$dbh->beginTransaction();
}
} catch (Exception $e) {
Debug::LogEntry('error', $e->getMessage());
trigger_error(__('Unable to open connection and start transaction'), E_USER_ERROR);
}
return true;
}
protected function handle_form_data($file, $index)
{
// Handle form data, e.g. $_REQUEST['description'][$index]
// Link the file to the module
$name = $_REQUEST['name'][$index];
$duration = $_REQUEST['duration'][$index];
$layoutId = Kit::GetParam('layoutid', _REQUEST, _INT);
$type = Kit::GetParam('type', _REQUEST, _WORD);
Debug::LogEntry('audit', 'Upload complete for Type: ' . $type . ' and file name: ' . $file->name . '. Name: ' . $name . '. Duration:' . $duration);
// We want to create a module for each of the uploaded files.
// Do not pass in the region ID so that we only assign to the library and not to the layout
try {
$module = ModuleFactory::createForLibrary($type, $layoutId, $this->options['db'], $this->options['user']);
} catch (Exception $e) {
$file->error = $e->getMessage();
exit;
}
// We want to add this item to our library
if (!($storedAs = $module->AddLibraryMedia($file->name, $name, $duration, $file->name))) {
$file->error = $module->GetErrorMessage();
}
// Set new file details
$file->storedas = $storedAs;
// Delete the file
@unlink($this->get_upload_path($file->name));
}
function displayPage()
{
$db =& $this->db;
$user =& $this->user;
$error = Kit::GetParam('ErrorMessage', _SESSION, _HTMLSTRING, __('Unknown Error'));
Theme::Set('ErrorMessage', $error);
Theme::Render('error');
}
function displayPage()
{
$db =& $this->db;
$user =& $this->user;
$error = Kit::GetParam('ErrorMessage', _SESSION, _HTMLSTRING, __('Unknown Error'));
echo __('There has been an application error.');
echo $error;
exit;
}
function modify()
{
$db =& $this->db;
// Check the token
if (!Kit::CheckToken()) {
trigger_error('Token does not match', E_USER_ERROR);
}
$refer = Kit::GetParam('refer', _POST, _STRING);
$usertype = Kit::GetParam('usertype', _SESSION, _INT);
$ids = Kit::GetParam('id', _POST, _ARRAY);
$values = Kit::GetParam('value', _POST, _ARRAY);
$size = count($ids);
if ($usertype != 1) {
setMessage(__("Only admin users are allowed to modify settings"));
return $refer;
}
// Get the SettingId for LIBRARY_LOCATION
$SQL = sprintf("SELECT settingid FROM setting WHERE setting = '%s'", 'LIBRARY_LOCATION');
if (!($result = $db->query($SQL))) {
trigger_error($db->error());
trigger_error(__('Cannot find the Library Location Setting - this is serious.'), E_USER_ERROR);
}
if ($db->num_rows($result) == 0) {
trigger_error(__('Cannot find the Library Location Setting - this is serious.'), E_USER_ERROR);
}
$row = $db->get_row($result);
$librarySettingId = $row[0];
// Loop through and modify the settings
for ($i = 0; $i < $size; $i++) {
$value = Kit::ValidateParam($values[$i], _STRING);
$id = $ids[$i];
// Is this the library location setting
if ($id == $librarySettingId) {
// Check for a trailing slash and add it if its not there
$value = rtrim($value, '/') . '/';
// Attempt to add the directory specified
if (!file_exists($value . 'temp')) {
// Make the directory with broad permissions recursively (so will add the whole path)
mkdir($value . 'temp', 0777, true);
}
if (!is_writable($value . 'temp')) {
trigger_error(__('The Library Location you have picked is not writable'), E_USER_ERROR);
}
}
$SQL = sprintf("UPDATE setting SET value = '%s' WHERE settingid = %d ", $db->escape_string($value), $id);
if (!$db->query($SQL)) {
trigger_error($db->error());
trigger_error(__('Update of settings failed.'), E_USER_ERROR);
}
}
$response = new ResponseManager();
$response->SetFormSubmitResponse(__('Settings Updated'), false);
$response->Respond();
}
/**
* Gets and Sets the Local
* @return
*/
public static function InitLocale()
{
$localeDir = 'locale';
$default = Config::GetSetting('DEFAULT_LANGUAGE');
global $transEngine;
global $stream;
//Debug::LogEntry('audit', 'IN', 'TranslationEngine', 'InitLocal');
// Try to get the local firstly from _REQUEST (post then get)
$lang = Kit::GetParam('lang', _REQUEST, _WORD, '');
// Build an array of supported languages
$supportedLangs = scandir($localeDir);
if ($lang != '') {
// Set the language
Debug::LogEntry('audit', 'Set the Language from REQUEST [' . $lang . ']', 'TranslationEngine', 'InitLocal');
// Is this language supported?
// if not just use the default (eb_GB).
if (!in_array($lang . '.mo', $supportedLangs)) {
trigger_error(sprintf('Language not supported. %s', $lang));
// Use the default language instead.
$lang = $default;
}
} else {
$langs = Kit::GetParam('HTTP_ACCEPT_LANGUAGE', $_SERVER, _STRING);
if ($langs != '') {
//Debug::LogEntry('audit', ' HTTP_ACCEPT_LANGUAGE [' . $langs . ']', 'TranslationEngine', 'InitLocal');
$langs = explode(',', $langs);
foreach ($langs as $lang) {
// Remove any quality rating (as we aren't interested)
$rawLang = explode(';', $lang);
$lang = str_replace("-", "_", $rawLang[0]);
if (in_array($lang . '.mo', $supportedLangs)) {
//Debug::LogEntry('audit', 'Obtained the Language from HTTP_ACCEPT_LANGUAGE [' . $lang . ']', 'TranslationEngine', 'InitLocal');
break;
}
// Set lang as the default
$lang = $default;
}
} else {
$lang = $default;
}
}
// We have the language
//Debug::LogEntry('audit', 'Creating new file streamer for '. $localeDir . '/' . $lang . '.mo', 'TranslationEngine', 'InitLocal');
if (!($stream = new CachedFileReader($localeDir . '/' . $lang . '.mo'))) {
trigger_error('Unable to translate this language');
$transEngine = false;
return;
}
$transEngine = new gettext_reader($stream);
}
/**
* Audit Log
* @param string $entity
* @param int $entityId
* @param string $message
* @param string|object|array $object
*/
public static function audit($entity, $entityId, $message, $object)
{
\Debug::Audit(sprintf('Audit Trail message recorded for %s with id %d. Message: %s', $entity, $entityId, $message));
if (self::$_auditLogStatement == null) {
$dbh = \PDOConnect::newConnection();
self::$_auditLogStatement = $dbh->prepare('
INSERT INTO `auditlog` (logDate, userId, entity, message, entityId, objectAfter)
VALUES (:logDate, :userId, :entity, :message, :entityId, :objectAfter)
');
}
// If we aren't a string then encode
if (!is_string($object)) {
$object = json_encode($object);
}
self::$_auditLogStatement->execute(array('logDate' => time(), 'userId' => \Kit::GetParam('userid', _SESSION, _INT, 0), 'entity' => $entity, 'message' => $message, 'entityId' => $entityId, 'objectAfter' => $object));
}
function __construct(database $db, user $user, $page)
{
$this->db =& $db;
$this->user =& $user;
$this->path = 'lib/pages/' . $page . '.class.php';
$this->page = $page . 'DAO';
$this->p = $page;
$this->ajax = Kit::GetParam('ajax', _REQUEST, _BOOL, false);
$this->q = Kit::GetParam('q', _REQUEST, _WORD);
$this->userid = $this->user->userid;
// Default not authorised
$this->authed = false;
// Create a theme
new Theme($db, $user);
Theme::SetPagename($this->p);
}
static function Redirect($page, $message = '', $pageIsUrl = false)
{
$url = $page;
$ajax = Kit::GetParam('ajax', _REQUEST, _BOOL, false);
if ($ajax) {
echo json_encode($page);
die;
}
// Header or JS redirect
if (headers_sent()) {
echo "<script>document.location.href='{$url}';</script>\n";
} else {
header('Location: ' . $url);
}
die;
}
/**
* Outputs a help link
* @return
* @param $topic Object[optional]
* @param $category Object[optional]
*/
public static function Link($topic = "", $category = "General")
{
// if topic is empty use the page name
$topic = $topic == '' ? Kit::GetParam('p', _REQUEST, _WORD) : $topic;
$topic = ucfirst($topic);
// Get the link
try {
$dbh = PDOConnect::init();
$sth = $dbh->prepare('SELECT Link FROM help WHERE Topic = :topic and Category = :cat');
$sth->execute(array('topic' => $topic, 'cat' => $category));
if (!($link = $sth->fetchColumn(0))) {
$sth->execute(array('topic' => $topic, 'cat' => 'General'));
$link = $sth->fetchColumn(0);
}
return Config::GetSetting('HELP_BASE') . $link;
} catch (Exception $e) {
return false;
}
}
function __construct(database $db, user $user)
{
$this->db =& $db;
$this->user =& $user;
$this->layoutid = Kit::GetParam('layoutid', _REQUEST, _INT);
//if we have modify selected then we need to get some info
if ($this->layoutid != '') {
// get the permissions
Debug::LogEntry('audit', 'Loading permissions for layoutid ' . $this->layoutid);
$layout = $this->user->LayoutList(NULL, array('layoutId' => $this->layoutid));
if (count($layout) <= 0) {
trigger_error(__('You do not have permissions to view this layout'), E_USER_ERROR);
}
$layout = $layout[0];
$this->layout = $layout['layout'];
$this->description = $layout['description'];
$this->retired = $layout['retired'];
$this->tags = $layout['tags'];
$this->xml = $layout['xml'];
}
}
/**
* What action to perform?
* @return
*/
public function Exec()
{
// What module has been requested?
$method = Kit::GetParam('method', _REQUEST, _WORD);
$raw = Kit::GetParam('raw', _REQUEST, _WORD);
if (method_exists($this->module, $method)) {
$response = $this->module->{$method}();
} else {
// Set the error to display
trigger_error(__('This Module does not exist'), E_USER_ERROR);
}
if ($raw == 'true') {
echo $response;
exit;
} else {
$response->Respond();
}
}
/**
* Get Resource
*/
public function GetResource($displayId = 0)
{
// Load the HtmlTemplate
$template = file_get_contents('modules/preview/HtmlTemplateForGetResource.html');
// What is the data source for this ticker?
$sourceId = $this->GetOption('sourceId', 1);
// Information from the Module
$direction = $this->GetOption('direction');
$scrollSpeed = $this->GetOption('scrollSpeed');
$fitText = $this->GetOption('fitText', 0);
$itemsSideBySide = $this->GetOption('itemsSideBySide', 0);
$duration = $this->duration;
$durationIsPerItem = $this->GetOption('durationIsPerItem', 0);
$numItems = $this->GetOption('numItems', 0);
$takeItemsFrom = $this->GetOption('takeItemsFrom', 'start');
$itemsPerPage = $this->GetOption('itemsPerPage', 0);
// Get the text out of RAW
$rawXml = new DOMDocument();
$rawXml->loadXML($this->GetRaw());
// Get the Text Node
$textNodes = $rawXml->getElementsByTagName('template');
$textNode = $textNodes->item(0);
$text = $textNode->nodeValue;
// Get the CSS Node
$cssNodes = $rawXml->getElementsByTagName('css');
if ($cssNodes->length > 0) {
$cssNode = $cssNodes->item(0);
$css = $cssNode->nodeValue;
} else {
$css = '';
}
$options = array('type' => 'ticker', 'sourceid' => $sourceId, 'direction' => $direction, 'duration' => $duration, 'durationIsPerItem' => $durationIsPerItem == 0 ? false : true, 'numItems' => $numItems, 'takeItemsFrom' => $takeItemsFrom, 'itemsPerPage' => $itemsPerPage, 'scrollSpeed' => $scrollSpeed, 'scaleMode' => $fitText == 0 ? 'scale' : 'fit', 'originalWidth' => $this->width, 'originalHeight' => $this->height, 'previewWidth' => Kit::GetParam('width', _GET, _DOUBLE, 0), 'previewHeight' => Kit::GetParam('height', _GET, _DOUBLE, 0));
// Generate a JSON string of substituted items.
if ($sourceId == 2) {
$items = $this->GetDataSetItems($displayId, $text);
} else {
$items = $this->GetRssItems($text);
}
// Return empty string if there are no items to show.
if (count($items) == 0) {
return '';
}
// Work out how many pages we will be showing.
$pages = $numItems;
if ($numItems > count($items) || $numItems == 0) {
$pages = count($items);
}
$pages = $itemsPerPage > 0 ? ceil($pages / $itemsPerPage) : $pages;
$totalDuration = $durationIsPerItem == 0 ? $duration : $duration * $pages;
$controlMeta = array('numItems' => $pages, 'totalDuration' => $totalDuration);
// Replace and Control Meta options
$template = str_replace('<!--[[[CONTROLMETA]]]-->', '<!-- NUMITEMS=' . $pages . ' -->' . PHP_EOL . '<!-- DURATION=' . $totalDuration . ' -->', $template);
// Replace the head content
$headContent = '<script type="text/javascript">';
$headContent .= ' function init() { ';
$headContent .= ' $("body").xiboRender(options, items);';
$headContent .= ' } ';
$headContent .= ' var options = ' . json_encode($options) . ';';
$headContent .= ' var items = ' . json_encode($items) . ';';
$headContent .= '</script>';
if ($itemsSideBySide == 1) {
$headContent .= '<style type="text/css">';
$headContent .= ' .item, .page { float: left; }';
$headContent .= '</style>';
}
// Add the CSS if it isn't empty
if ($css != '') {
$headContent .= '<style type="text/css">' . $css . '</style>';
}
// Replace the View Port Width?
if (isset($_GET['preview'])) {
$template = str_replace('[[ViewPortWidth]]', $this->width . 'px', $template);
}
// Replace the Head Content with our generated javascript
$template = str_replace('<!--[[[HEADCONTENT]]]-->', $headContent, $template);
// Replace the Body Content with our generated text
$template = str_replace('<!--[[[BODYCONTENT]]]-->', '', $template);
return $template;
}
public function RequestScreenShot()
{
// Check the token
if (!Kit::CheckToken()) {
trigger_error(__('Sorry the form has expired. Please refresh.'), E_USER_ERROR);
}
$db =& $this->db;
$response = new ResponseManager();
$displayObject = new Display($db);
$displayId = Kit::GetParam('displayId', _POST, _INT);
if (!$displayObject->RequestScreenShot($displayId)) {
trigger_error($displayObject->GetErrorMessage(), E_USER_ERROR);
}
$response->SetFormSubmitResponse(__('Request Sent.'));
$response->Respond();
}
/**
* Get Resource
*/
public function GetResource($displayId = 0)
{
$proportional = Kit::GetParam('proportional', _GET, _BOOL, true);
$thumb = Kit::GetParam('thumb', _GET, _BOOL, false);
$dynamic = isset($_REQUEST['dynamic']);
$file = $this->storedAs;
$width = intval(Kit::GetParam('width', _REQUEST, _DOUBLE, 80));
$height = intval(Kit::GetParam('height', _REQUEST, _DOUBLE, 80));
// File upload directory.. get this from the settings object
$library = Config::GetSetting("LIBRARY_LOCATION");
$fileName = $library . $file;
Debug::Audit(sprintf('Image Request %dx%d %s. Thumb: %s', $width, $height, $fileName, $thumb));
// If we are a thumb request then output the cached thumbnail
if ($thumb) {
$fileName = $library . sprintf('tn_%dx%d_%s', $width, $height, $file);
// If the thumbnail doesn't exist then create one
if (!file_exists($fileName)) {
Debug::LogEntry('audit', 'File doesnt exist, creating a thumbnail for ' . $fileName);
if (!($info = getimagesize($library . $file))) {
die($library . $file . ' is not an image');
}
ResizeImage($library . $file, $fileName, $width, $height, $proportional, 'file');
}
}
// Get the info for this new temporary file
if (!($info = getimagesize($fileName))) {
$fileName = 'theme/default/img/forms/filenotfound.png';
$this->ReturnFile($fileName);
exit;
}
if ($dynamic && !$thumb && $info[2]) {
$width = intval(Kit::GetParam('width', _REQUEST, _DOUBLE, 80));
$height = intval(Kit::GetParam('height', _REQUEST, _DOUBLE, 80));
// dynamically create an image of the correct size - used for previews
ResizeImage($fileName, '', $width, $height, $proportional, 'browser');
exit;
}
if (!file_exists($fileName)) {
//not sure
Debug::LogEntry('audit', "Cant find: {$uid}", 'module', 'GetResource');
$fileName = 'theme/default/img/forms/filenotfound.png';
}
$this->ReturnFile($fileName);
exit;
}
/**
* Logs out a user
* @return
*/
function LogoutUser()
{
// Check the token
if (!Kit::CheckToken()) {
trigger_error(__('Sorry the form has expired. Please refresh.'), E_USER_ERROR);
}
$db =& $this->db;
//ajax request handler
$response = new ResponseManager();
$userID = Kit::GetParam('userid', _POST, _INT);
$SQL = sprintf("UPDATE session SET IsExpired = 1 WHERE userID = %d", $userID);
if (!$db->query($SQL)) {
trigger_error($db->error());
trigger_error(__("Unable to log out this user"), E_USER_ERROR);
}
$response->SetFormSubmitResponse(__('User Logged Out.'));
$response->Respond();
}
/**
* List of Displays this user has access to view
*/
public function DisplayList($sort_order = array('displayid'), $filter_by = array(), $auth_level = 'view')
{
$SQL = 'SELECT display.displayid, ';
$SQL .= ' display.display, ';
$SQL .= ' layout.layout, ';
$SQL .= ' display.loggedin, ';
$SQL .= ' IFNULL(display.lastaccessed, 0) AS lastaccessed, ';
$SQL .= ' display.inc_schedule, ';
$SQL .= ' display.licensed, ';
$SQL .= ' display.email_alert, ';
$SQL .= ' displaygroup.DisplayGroupID, ';
$SQL .= ' display.ClientAddress, ';
$SQL .= ' display.MediaInventoryStatus, ';
$SQL .= ' display.MacAddress, ';
$SQL .= ' display.client_type, ';
$SQL .= ' display.client_version, ';
$SQL .= ' display.client_code ';
$SQL .= ' FROM display ';
$SQL .= ' INNER JOIN lkdisplaydg ON lkdisplaydg.DisplayID = display.DisplayID ';
$SQL .= ' INNER JOIN displaygroup ON displaygroup.DisplayGroupID = lkdisplaydg.DisplayGroupID ';
$SQL .= ' LEFT OUTER JOIN layout ON layout.layoutid = display.defaultlayoutid ';
if (Kit::GetParam('displaygroupid', $filter_by, _INT) != 0) {
// Restrict to a specific display group
$SQL .= sprintf(' WHERE displaygroup.displaygroupid = %d ', Kit::GetParam('displaygroupid', $filter_by, _INT));
} else {
// Restrict to display specific groups
$SQL .= ' WHERE displaygroup.IsDisplaySpecific = 1 ';
}
// Filter by Display ID?
if (Kit::GetParam('displayid', $filter_by, _INT) != 0) {
$SQL .= sprintf(' AND display.displayid = %d ', Kit::GetParam('displayid', $filter_by, _INT));
}
// Exclude a group?
if (Kit::GetParam('exclude_displaygroupid', $filter_by, _INT) != 0) {
$SQL .= " AND display.DisplayID NOT IN ";
$SQL .= " (SELECT display.DisplayID ";
$SQL .= " FROM display ";
$SQL .= " INNER JOIN lkdisplaydg ";
$SQL .= " ON lkdisplaydg.DisplayID = display.DisplayID ";
$SQL .= sprintf(" WHERE lkdisplaydg.DisplayGroupID = %d ", Kit::GetParam('exclude_displaygroupid', $filter_by, _INT));
$SQL .= " )";
}
// Sorting?
if (is_array($sort_order)) {
$SQL .= 'ORDER BY ' . implode(',', $sort_order);
}
if (!($result = $this->db->query($SQL))) {
trigger_error($this->db->error());
return false;
}
$displays = array();
while ($row = $this->db->get_assoc_row($result)) {
$displayItem = array();
// Validate each param and add it to the array.
$displayItem['displayid'] = Kit::ValidateParam($row['displayid'], _INT);
$displayItem['display'] = Kit::ValidateParam($row['display'], _STRING);
$displayItem['layout'] = Kit::ValidateParam($row['layout'], _STRING);
$displayItem['loggedin'] = Kit::ValidateParam($row['loggedin'], _INT);
$displayItem['lastaccessed'] = Kit::ValidateParam($row['lastaccessed'], _STRING);
$displayItem['inc_schedule'] = Kit::ValidateParam($row['inc_schedule'], _INT);
$displayItem['licensed'] = Kit::ValidateParam($row['licensed'], _INT);
$displayItem['email_alert'] = Kit::ValidateParam($row['email_alert'], _INT);
$displayItem['displaygroupid'] = Kit::ValidateParam($row['DisplayGroupID'], _INT);
$displayItem['clientaddress'] = Kit::ValidateParam($row['ClientAddress'], _STRING);
$displayItem['mediainventorystatus'] = Kit::ValidateParam($row['MediaInventoryStatus'], _INT);
$displayItem['macaddress'] = Kit::ValidateParam($row['MacAddress'], _STRING);
$displayItem['client_type'] = Kit::ValidateParam($row['client_type'], _STRING);
$displayItem['client_version'] = Kit::ValidateParam($row['client_version'], _STRING);
$displayItem['client_code'] = Kit::ValidateParam($row['client_code'], _STRING);
$auth = $this->DisplayGroupAuth($displayItem['displaygroupid'], true);
if ($auth->view) {
// If auth level = edit and we don't have edit, then leave them off
if ($auth_level == 'edit' && !$auth->edit) {
continue;
}
$displayItem['view'] = (int) $auth->view;
$displayItem['edit'] = (int) $auth->edit;
$displayItem['del'] = (int) $auth->del;
$displayItem['modifypermissions'] = (int) $auth->modifyPermissions;
$displays[] = $displayItem;
}
}
return $displays;
}
/**
* GetParam
* @param <string> $param
* @param <int> $type
* @param <type> $default
* @return <type>
*/
protected function GetParam($param, $type, $default = null)
{
return Kit::GetParam($param, $this->POST, $type, $default);
}
* the Free Software Foundation, either version 3 of the License, or
* any later version.
*
* Xibo is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Xibo. If not, see <http://www.gnu.org/licenses/>.
*/
DEFINE('XIBO', true);
include_once "lib/xmds.inc.php";
$method = Kit::GetParam('method', _REQUEST, _WORD, '');
$service = Kit::GetParam('service', _REQUEST, _WORD, 'rest');
$response = Kit::GetParam('response', _REQUEST, _WORD, 'xml');
$serviceResponse = new XiboServiceResponse();
// Is the WSDL being requested.
if (isset($_GET['wsdl']) || isset($_GET['WSDL'])) {
$serviceResponse->WSDL();
}
// Is the XRDS being requested
if (isset($_GET['xrds'])) {
$serviceResponse->XRDS();
}
if (defined('XMDS')) {
$service = 'soap';
}
// Check to see if we are going to consume a service (if we came from xmds.php then we will always use the SOAP service)
if (defined('XMDS') || $method != '') {
// Create a service to handle the method
/**
* Return file based media items to the browser for Download/Preview
* @return
* @param $download Boolean
*/
public function ReturnFile($fileName = '')
{
// Return the raw flash file with appropriate headers
$library = Config::GetSetting("LIBRARY_LOCATION");
# If we weren't passed in a filename then use the default
if ($fileName == '') {
$fileName = $library . $this->storedAs;
}
$download = Kit::GetParam('download', _REQUEST, _BOOLEAN, false);
$downloadFromLibrary = Kit::GetParam('downloadFromLibrary', _REQUEST, _BOOLEAN, false);
$size = filesize($fileName);
if ($download) {
header('Content-Type: application/octet-stream');
header("Content-Transfer-Encoding: Binary");
header("Content-disposition: attachment; filename=\"" . ($downloadFromLibrary ? $this->originalFilename : basename($fileName)) . "\"");
} else {
$fi = new finfo(FILEINFO_MIME_TYPE);
$mime = $fi->file($fileName);
header("Content-Type: {$mime}");
}
//Output a header
header('Pragma: public');
header('Cache-Control: max-age=86400');
header('Expires: ' . gmdate('D, d M Y H:i:s \\G\\M\\T', time() + 86400));
header('Content-Length: ' . $size);
// Send via Apache X-Sendfile header?
if (Config::GetSetting('SENDFILE_MODE') == 'Apache') {
header("X-Sendfile: {$fileName}");
exit;
}
// Send via Nginx X-Accel-Redirect?
if (Config::GetSetting('SENDFILE_MODE') == 'Nginx') {
header("X-Accel-Redirect: /download/" . basename($fileName));
exit;
}
// Return the file with PHP
// Disable any buffering to prevent OOM errors.
@ob_end_clean();
readfile($fileName);
}
/**
* Edit Media in the Database
* @return
*/
public function EditMedia()
{
$this->response = new ResponseManager();
$db =& $this->db;
$layoutid = $this->layoutid;
$regionid = $this->regionid;
$mediaid = $this->mediaid;
if (!$this->auth->edit) {
$this->response->SetError('You do not have permission to edit this assignment.');
$this->response->keepOpen = false;
return $this->response;
}
$windowsCommand = Kit::GetParam('windowsCommand', _POST, _STRING);
$linuxCommand = Kit::GetParam('linuxCommand', _POST, _STRING);
if ($windowsCommand == '' && $linuxCommand == '') {
$this->response->SetError('You must enter a command');
$this->response->keepOpen = true;
return $this->response;
}
// Any Options
$this->duration = 1;
$this->SetOption('windowsCommand', urlencode($windowsCommand));
$this->SetOption('linuxCommand', urlencode($linuxCommand));
// Should have built the media object entirely by this time
// This saves the Media Object to the Region
$this->UpdateRegion();
// Set this as the session information
setSession('content', 'type', 'shellcommand');
if ($this->showRegionOptions) {
// We want to load a new form
$this->response->loadForm = true;
$this->response->loadFormUri = "index.php?p=timeline&layoutid={$layoutid}®ionid={$regionid}&q=RegionOptions";
}
return $this->response;
}
/**
* Set this templates permissions
*/
public function Permissions()
{
// Check the token
if (!Kit::CheckToken()) {
trigger_error('Token does not match', E_USER_ERROR);
}
$db =& $this->db;
$user =& $this->user;
$response = new ResponseManager();
$templateId = Kit::GetParam('templateid', _POST, _INT);
if ($templateId == 0) {
trigger_error(__('No template selected'), E_USER_ERROR);
}
// Is this user allowed to delete this template?
$auth = $this->user->TemplateAuth($templateId, true);
$groupIds = Kit::GetParam('groupids', _POST, _ARRAY);
// Unlink all
Kit::ClassLoader('templategroupsecurity');
$security = new TemplateGroupSecurity($db);
if (!$security->UnlinkAll($templateId)) {
trigger_error(__('Unable to set permissions'), E_USER_ERROR);
}
// Some assignments for the loop
$lastGroupId = 0;
$first = true;
$view = 0;
$edit = 0;
$del = 0;
// List of groupIds with view, edit and del assignments
foreach ($groupIds as $groupPermission) {
$groupPermission = explode('_', $groupPermission);
$groupId = $groupPermission[0];
if ($first) {
// First time through
$first = false;
$lastGroupId = $groupId;
}
if ($groupId != $lastGroupId) {
// The groupId has changed, so we need to write the current settings to the db.
// Link new permissions
if (!$security->Link($templateId, $lastGroupId, $view, $edit, $del)) {
trigger_error(__('Unable to set permissions'), E_USER_ERROR);
}
// Reset
$lastGroupId = $groupId;
$view = 0;
$edit = 0;
$del = 0;
}
switch ($groupPermission[1]) {
case 'view':
$view = 1;
break;
case 'edit':
$edit = 1;
break;
case 'del':
$del = 1;
break;
}
}
// Need to do the last one
if (!$first) {
if (!$security->Link($templateId, $lastGroupId, $view, $edit, $del)) {
trigger_error(__('Unable to set permissions'), E_USER_ERROR);
}
}
$response->SetFormSubmitResponse(__('Permissions Changed'));
$response->Respond();
}
}
// Setup the translations for gettext
TranslationEngine::InitLocale();
// Create login control system
require_once 'modules/' . Config::GetSetting("userModule");
// Page variable set? Otherwise default to index
$page = Kit::GetParam('p', _REQUEST, _WORD, 'index');
$function = Kit::GetParam('q', _REQUEST, _WORD);
// Does the version in the DB match the version of the code?
// If not then we need to run an upgrade. Change the page variable to upgrade
if (DBVERSION != WEBSITE_VERSION && !($page == 'index' && $function == 'login' || $page == 'error')) {
require_once 'install/upgradestep.class.php';
$page = 'upgrade';
if (Kit::GetParam('includes', _POST, _BOOL)) {
$upgradeFrom = Kit::GetParam('upgradeFrom', _POST, _INT);
$upgradeTo = Kit::GetParam('upgradeTo', _POST, _INT);
for ($i = $upgradeFrom + 1; $i <= $upgradeTo; $i++) {
if (file_exists('install/database/' . $i . '.php')) {
include_once 'install/database/' . $i . '.php';
}
}
}
}
// Create a Session
$session = new Session();
// Work out the location of this service
$serviceLocation = Kit::GetXiboRoot();
// OAuth
require_once 'lib/oauth.inc.php';
// Assign the page name to the session
$session->set_page(session_id(), $page);
public function Import()
{
$db =& $this->db;
$response = new ResponseManager();
// What are we importing?
$template = Kit::GetParam('template', _POST, _STRING, 'false');
$template = $template == 'true';
$layout = Kit::GetParam('layout', _POST, _STRING);
$replaceExisting = Kit::GetParam('replaceExisting', _POST, _CHECKBOX);
$importTags = Kit::GetParam('importTags', _POST, _CHECKBOX, !$template);
// File data
$tmpName = Kit::GetParam('hidFileID', _POST, _STRING);
if ($tmpName == '') {
trigger_error(__('Please ensure you have picked a file and it has finished uploading'), E_USER_ERROR);
}
// File name and extension (orignial name)
$fileName = Kit::GetParam('txtFileName', _POST, _STRING);
$fileName = basename($fileName);
$ext = strtolower(substr(strrchr($fileName, "."), 1));
// File upload directory.. get this from the settings object
$fileLocation = Config::GetSetting('LIBRARY_LOCATION') . 'temp/' . $tmpName;
Kit::ClassLoader('layout');
$layoutObject = new Layout($this->db);
if (!$layoutObject->Import($fileLocation, $layout, $this->user->userid, $template, $replaceExisting, $importTags)) {
trigger_error($layoutObject->GetErrorMessage(), E_USER_ERROR);
}
$response->SetFormSubmitResponse(__('Layout Imported'));
$response->Respond();
}
/**
* Deletes a Group
* @return
*/
function Delete()
{
// Check the token
if (!Kit::CheckToken()) {
trigger_error('Token does not match', E_USER_ERROR);
}
$response = new ResponseManager();
$displayProfile = new DisplayProfile();
$displayProfile->displayProfileId = Kit::GetParam('displayprofileid', _POST, _INT);
if (!$displayProfile->Load()) {
trigger_error($displayProfile->GetErrorMessage(), E_USER_ERROR);
}
if ($this->user->usertypeid != 1 && $this->user->userid != $displayProfile->userId) {
trigger_error(__('You do not have permission to edit this profile'), E_USER_ERROR);
}
if (!$displayProfile->Delete($displayProfile->displayProfileId)) {
trigger_error($displayProfile->GetErrorMessage(), E_USER_ERROR);
}
$response->SetFormSubmitResponse(__('Display Profile Deleted'), false);
$response->Respond();
}
function forgotten()
{
//Called by a submit to the Forgotten Details form
// Checks the validity of the data provided, and emails a new password to the user
$db =& $this->db;
$username = Kit::GetParam('f_username', _POST, _USERNAME);
$email = Kit::GetParam('f_email', _POST, _STRING);
$return = "index.php";
if ($username == "" || $email == "") {
setMessage("Username and Email address need to be filled in");
return $return;
}
//send the email
$from = Config::GetSetting("mail_from");
if ($from == "") {
setMessage("Email is not set up, please contact your IT manager");
return $return;
}
//check the user details
$SQL = sprintf("SELECT userid FROM user WHERE username = '******' AND email = '%s'", $db->escape_string($username), $db->escape_string($email));
if (!($results = $db->query($SQL))) {
trigger_error($db->error);
trigger_error("Can not get the user information", E_USER_ERROR);
}
if ($db->num_rows($results) < 0 || $db->num_rows($results) > 1) {
setMessage("The details you entered are incorrect.");
return $return;
}
$row = $db->get_row($results);
$userid = Kit::ValidateParam($row[0], _INT);
//user ID for the user that wants a new password
$password_plain = $this->random_word(8);
//generate a new password
$password = md5($password_plain);
//update the password
$SQL = sprintf("UPDATE user SET UserPassword = '******' WHERE userid = %d", $db->escape_string($password), $userid);
if (!$db->query($SQL)) {
trigger_error($db->error());
trigger_error("Unable to send new password", E_USER_ERROR);
}
$headers = "From: {$from}" . "\r\n" . "Reply-To: {$from}" . "\r\n" . "X-Mailer: PHP/" . phpversion();
if (!@mail($email, "Xibo: New Password request for {$username}", "Your new password is {$password_plain} \n . You may now login with these details.", $headers)) {
setMessage("Email is not set up, please contact your IT manager");
return $return;
}
setMessage("New Password Sent to your email address");
return $return;
}
/**
* Show the library
* @return
*/
function LayoutAssignView()
{
$db =& $this->db;
$user =& $this->user;
$response = new ResponseManager();
//Input vars
$name = Kit::GetParam('filter_name', _POST, _STRING);
$tags = Kit::GetParam('filter_tags', _POST, _STRING);
// Get a list of media
$layoutList = $user->LayoutList(NULL, array('layout' => $name, 'tags' => $tags));
$cols = array(array('name' => 'layout', 'title' => __('Name')));
Theme::Set('table_cols', $cols);
$rows = array();
// Add some extra information
foreach ($layoutList as $row) {
$row['list_id'] = 'LayoutID_' . $row['layoutid'];
$row['assign_icons'][] = array('assign_icons_class' => 'layout_assign_list_select');
$row['dataAttributes'] = array(array('name' => 'rowid', 'value' => $row['list_id']), array('name' => 'litext', 'value' => $row['layout']));
$rows[] = $row;
}
Theme::Set('table_rows', $rows);
// Render the Theme
$response->SetGridResponse(Theme::RenderReturn('table_render'));
$response->callBack = 'LayoutAssignCallback';
$response->pageSize = 5;
$response->Respond();
}
/**
* Outputs a CSV of stats
* @return
*/
public function OutputCSV()
{
$db =& $this->db;
$output = '';
// We are expecting some parameters
$fromdt = Kit::GetParam('fromdt', _POST, _STRING);
$todt = Kit::GetParam('todt', _POST, _STRING);
$displayID = Kit::GetParam('displayid', _POST, _INT);
if ($fromdt == $todt) {
$todt = date("Y-m-d", strtotime($todt) + 86399);
}
// We want to output a load of stuff to the browser as a text file.
header('Content-Type: text/csv');
header('Content-Disposition: attachment; filename="stats.csv"');
header("Content-Transfer-Encoding: binary");
header('Accept-Ranges: bytes');
// Get an array of display id this user has access to.
$displays = $this->user->DisplayList();
$display_ids = array();
foreach ($displays as $display) {
$display_ids[] = $display['displayid'];
}
if (count($display_ids) <= 0) {
echo __('No displays with View permissions');
exit;
}
$SQL = 'SELECT stat.*, display.Display, layout.Layout, media.Name AS MediaName ';
$SQL .= ' FROM stat ';
$SQL .= ' INNER JOIN display ON stat.DisplayID = display.DisplayID ';
$SQL .= ' INNER JOIN layout ON layout.LayoutID = stat.LayoutID ';
$SQL .= ' LEFT OUTER JOIN media ON media.mediaID = stat.mediaID ';
$SQL .= ' WHERE 1=1 ';
$SQL .= sprintf(" AND stat.end > '%s' ", $fromdt);
$SQL .= sprintf(" AND stat.start <= '%s' ", $todt);
$SQL .= ' AND stat.displayID IN (' . implode(',', $display_ids) . ') ';
if ($displayID != 0) {
$SQL .= sprintf(" AND stat.displayID = %d ", $displayID);
}
$SQL .= " ORDER BY stat.start ";
Debug::LogEntry('audit', $SQL, 'Stats', 'OutputCSV');
if (!($result = $db->query($SQL))) {
trigger_error($db->error());
trigger_error('Failed to query for Stats.', E_USER_ERROR);
}
// Header row
$output .= "Type, FromDT, ToDT, Layout, Display, Media, Tag\n";
while ($row = $db->get_assoc_row($result)) {
// Read the columns
$type = Kit::ValidateParam($row['Type'], _STRING);
$fromdt = Kit::ValidateParam($row['start'], _STRING);
$todt = Kit::ValidateParam($row['end'], _STRING);
$layout = Kit::ValidateParam($row['Layout'], _STRING);
$display = Kit::ValidateParam($row['Display'], _STRING);
$media = Kit::ValidateParam($row['MediaName'], _STRING);
$tag = Kit::ValidateParam($row['Tag'], _STRING);
$output .= "{$type}, {$fromdt}, {$todt}, {$layout}, {$display}, {$media}, {$tag}\n";
}
//Debug::LogEntry('audit', 'Output: ' . $output, 'Stats', 'OutputCSV');
echo $output;
exit;
}