/**
* Layout Page Logic
* @return
* @param $db Object
*/
function __construct(database $db, user $user)
{
$this->db =& $db;
$this->user =& $user;
$this->sub_page = Kit::GetParam('sp', _GET, _WORD, 'view');
$this->layoutid = Kit::GetParam('layoutid', _REQUEST, _INT);
// If we have modify selected then we need to get some info
if ($this->layoutid != '') {
// get the permissions
Debug::LogEntry('audit', 'Loading permissions for layoutid ' . $this->layoutid);
$this->auth = $user->LayoutAuth($this->layoutid, true);
if (!$this->auth->edit) {
trigger_error(__("You do not have permissions to edit this layout"), E_USER_ERROR);
}
$this->sub_page = "edit";
$sql = " SELECT layout, description, userid, retired, xml FROM layout ";
$sql .= sprintf(" WHERE layoutID = %d ", $this->layoutid);
if (!($results = $db->query($sql))) {
trigger_error($db->error());
trigger_error(__("Cannot retrieve the Information relating to this layout. The layout may be corrupt."), E_USER_ERROR);
}
if ($db->num_rows($results) == 0) {
$this->has_permissions = false;
}
while ($aRow = $db->get_row($results)) {
$this->layout = Kit::ValidateParam($aRow[0], _STRING);
$this->description = Kit::ValidateParam($aRow[1], _STRING);
$this->retired = Kit::ValidateParam($aRow[3], _INT);
$this->xml = $aRow[4];
}
}
}
public function Add($dataSetId, $heading, $dataTypeId, $listContent, $columnOrder = 0, $dataSetColumnTypeId = 1, $formula = '')
{
Debug::LogEntry('audit', sprintf('IN - DataSetID = %d', $dataSetId), 'DataSetColumn', 'Add');
try {
$dbh = PDOConnect::init();
// Is the column order provided?
if ($columnOrder == 0) {
$SQL = "";
$SQL .= "SELECT IFNULL(MAX(ColumnOrder), 1) AS ColumnOrder ";
$SQL .= " FROM datasetcolumn ";
$SQL .= "WHERE datasetID = :datasetid ";
$sth = $dbh->prepare($SQL);
$sth->execute(array('datasetid' => $dataSetId));
if (!($row = $sth->fetch())) {
return $this->SetError(25005, __('Could not determine the Column Order'));
}
$columnOrder = Kit::ValidateParam($row['ColumnOrder'], _INT);
}
// Insert the data set column
$SQL = "INSERT INTO datasetcolumn (DataSetID, Heading, DataTypeID, ListContent, ColumnOrder, DataSetColumnTypeID, Formula) ";
$SQL .= " VALUES (:datasetid, :heading, :datatypeid, :listcontent, :columnorder, :datasetcolumntypeid, :formula) ";
$sth = $dbh->prepare($SQL);
$sth->execute(array('datasetid' => $dataSetId, 'heading' => $heading, 'datatypeid' => $dataTypeId, 'listcontent' => $listContent, 'columnorder' => $columnOrder, 'datasetcolumntypeid' => $dataSetColumnTypeId, 'formula' => $formula));
$id = $dbh->lastInsertId();
Debug::LogEntry('audit', 'Complete', 'DataSetColumn', 'Add');
return $id;
} catch (Exception $e) {
Debug::LogEntry('error', $e->getMessage());
return $this->SetError(25005, __('Could not add DataSet Column'));
}
}
/**
* Defines the Version and returns it
* @return
* @param $object String [optional]
*/
static function Version($object = '')
{
try {
$dbh = PDOConnect::init();
$sth = $dbh->prepare('SELECT app_ver, XlfVersion, XmdsVersion, DBVersion FROM version');
$sth->execute();
if (!($row = $sth->fetch())) {
throw new Exception('No results returned');
}
$appVer = Kit::ValidateParam($row['app_ver'], _STRING);
$xlfVer = Kit::ValidateParam($row['XlfVersion'], _INT);
$xmdsVer = Kit::ValidateParam($row['XmdsVersion'], _INT);
$dbVer = Kit::ValidateParam($row['DBVersion'], _INT);
if (!defined('VERSION')) {
define('VERSION', $appVer);
}
if (!defined('DBVERSION')) {
define('DBVERSION', $dbVer);
}
if ($object != '') {
return Kit::GetParam($object, $row, _STRING);
}
return $row;
} catch (Exception $e) {
trigger_error($e->getMessage());
trigger_error(__('No Version information - please contact technical support'), E_USER_WARNING);
}
}
public function ValidateQuestion($questionNumber, $response)
{
switch ($questionNumber) {
case 0:
if (Kit::ValidateParam($response, _BOOL)) {
$this->a[0] = "Protected";
} else {
$this->a[0] = "Off";
}
return true;
case 1:
$this->a[1] = Kit::ValidateParam($response, _INT, 30);
return true;
case 2:
$this->a[2] = Kit::ValidateParam($response, _INT, 30);
return true;
case 3:
$this->a[3] = Kit::ValidateParam($response, _BOOL);
return true;
case 4:
// TODO: Teach Kit how to validate email addresses?
$this->a[4] = Kit::ValidateParam($response, _PASSWORD);
return true;
case 5:
// TODO: Teach Kit how to validate email addresses?
$this->a[5] = Kit::ValidateParam($response, _PASSWORD);
return true;
case 6:
$this->a[6] = Kit::ValidateParam($response, _INT, 12);
return true;
}
return false;
}
public function ValidateQuestion($questionNumber, $response)
{
switch ($questionNumber) {
case 0:
$this->a[0] = Kit::ValidateParam($response, _BOOL);
return true;
}
return false;
}
/**
* Unlink all media from the provided media item
* @param int $mediaid The media item to unlink from
*/
public function UnlinkAllFromMedia($mediaid)
{
Debug::LogEntry('audit', 'IN', get_class(), __FUNCTION__);
try {
$dbh = PDOConnect::init();
$mediaid = Kit::ValidateParam($mediaid, _INT, false);
$sth = $dbh->prepare('DELETE FROM `lkmediadisplaygroup` WHERE mediaid = :mediaid');
$sth->execute(array('mediaid' => $mediaid));
return true;
} catch (Exception $e) {
Debug::LogEntry('error', $e->getMessage(), get_class(), __FUNCTION__);
if (!$this->IsError()) {
$this->SetError(1, __('Unknown Error'));
}
return false;
}
}
/**
* Links everyone to the layout specified
* @param <type> $layoutId
* @param <type> $view
* @param <type> $edit
* @param <type> $del
* @return <type>
*/
public function LinkEveryone($dataSetId, $view, $edit, $del)
{
Debug::LogEntry('audit', 'IN', 'DataSetGroupSecurity', 'LinkEveryone');
try {
$dbh = PDOConnect::init();
// Get the Group ID for Everyone
$sth = $dbh->prepare('SELECT GroupID FROM `group` WHERE IsEveryone = 1');
$sth->execute();
if (!($row = $sth->fetch())) {
throw new Exception('Missing Everyone group');
}
// Link
return $this->Link($dataSetId, Kit::ValidateParam($row['GroupID'], _INT), $view, $edit, $del);
} catch (Exception $e) {
Debug::LogEntry('error', $e->getMessage());
return $this->SetError(25024, __('Could not Link DataSet to Group'));
}
}
/**
* Change a users password
* @param <type> $userId
* @param <type> $oldPassword
* @param <type> $newPassword
* @param <type> $retypedNewPassword
* @return <type>
*/
public function ChangePassword($userId, $oldPassword, $newPassword, $retypedNewPassword, $forceChange = false)
{
try {
$dbh = PDOConnect::init();
// Validate
if ($userId == 0) {
$this->ThrowError(26001, __('User not selected'));
}
// We can force the users password to change without having to provide the old one.
// Is this a potential security hole - we must have validated that we are an admin to get to this point
if (!$forceChange) {
// Get the stored hash
$sth = $dbh->prepare('SELECT UserPassword FROM `user` WHERE UserID = :userid');
$sth->execute(array('userid' => $userId));
if (!($row = $sth->fetch())) {
$this->ThrowError(26000, __('Incorrect Password Provided'));
}
$good_hash = Kit::ValidateParam($row['UserPassword'], _STRING);
// Check the Old Password is correct
if ($this->validate_password($oldPassword, $good_hash) === false) {
$this->ThrowError(26000, __('Incorrect Password Provided'));
}
}
// Check the New Password and Retyped Password match
if ($newPassword != $retypedNewPassword) {
$this->ThrowError(26001, __('New Passwords do not match'));
}
// Check password complexity
if (!$this->TestPasswordAgainstPolicy($newPassword)) {
throw new Exception("Error Processing Request", 1);
}
// Generate a new SALT and Password
$hash = $this->create_hash($newPassword);
$sth = $dbh->prepare('UPDATE `user` SET UserPassword = :hash, CSPRNG = 1 WHERE UserID = :userid');
$sth->execute(array('hash' => $hash, 'userid' => $userId));
return true;
} catch (Exception $e) {
Debug::LogEntry('error', $e->getMessage());
if (!$this->IsError()) {
$this->SetError(25000, __('Could not edit Password'));
}
return false;
}
}
public function add($tag)
{
try {
$dbh = PDOConnect::init();
// See if it exists
$sth = $dbh->prepare('SELECT * FROM `tag` WHERE tag = :tag');
$sth->execute(array('tag' => $tag));
if ($row = $sth->fetch()) {
return Kit::ValidateParam($row['tagId'], _INT);
}
// Insert if not
$sth = $dbh->prepare('INSERT INTO `tag` (tag) VALUES (:tag)');
$sth->execute(array('tag' => $tag));
return $dbh->lastInsertId();
} catch (Exception $e) {
Debug::LogEntry('error', $e->getMessage(), get_class(), __FUNCTION__);
if (!$this->IsError()) {
$this->SetError(1, __('Unknown Error'));
}
return false;
}
}
/**
* Links everyone to the layout specified
* @param <type> $layoutId
* @param <type> $view
* @param <type> $edit
* @param <type> $del
* @return <type>
*/
public function LinkEveryone($layoutId, $regionId, $mediaId, $view, $edit, $del)
{
try {
$dbh = PDOConnect::init();
$sth = $dbh->prepare('SELECT GroupID FROM `group` WHERE IsEveryone = 1');
$sth->execute();
if (!($row = $sth->fetch())) {
throw new Exception("Error Processing Request", 1);
}
$groupId = Kit::ValidateParam($row['GroupID'], _INT);
if (!$this->Link($layoutId, $regionId, $mediaId, $groupId, $view, $edit, $del)) {
throw new Exception("Error Processing Request", 1);
}
return true;
} catch (Exception $e) {
Debug::LogEntry('error', $e->getMessage());
if (!$this->IsError()) {
$this->SetError(1, __('Unknown Error'));
}
return false;
}
}
/**
* Get a list of transitions
* @param string in/out
* @param string transition code
* @return boolean
*/
public function TransitionAuth($type = '', $code = '')
{
// Return a list of in/out transitions (or both)
$SQL = 'SELECT TransitionID, ';
$SQL .= ' Transition, ';
$SQL .= ' Code, ';
$SQL .= ' HasDuration, ';
$SQL .= ' HasDirection, ';
$SQL .= ' AvailableAsIn, ';
$SQL .= ' AvailableAsOut ';
$SQL .= ' FROM `transition` ';
$SQL .= ' WHERE 1 = 1 ';
if ($type != '') {
// Filter on type
if ($type == 'in') {
$SQL .= ' AND AvailableAsIn = 1 ';
}
if ($type == 'out') {
$SQL .= ' AND AvailableAsOut = 1 ';
}
}
if ($code != '') {
// Filter on code
$SQL .= sprintf("AND Code = '%s' ", $this->db->escape_string($code));
}
$SQL .= ' ORDER BY Transition ';
$rows = $this->db->GetArray($SQL);
if (!is_array($rows)) {
trigger_error($this->db->error());
return false;
}
$transitions = array();
foreach ($rows as $transition) {
$transitionItem = array();
$transitionItem['transitionid'] = Kit::ValidateParam($transition['TransitionID'], _INT);
$transitionItem['transition'] = Kit::ValidateParam($transition['Transition'], _STRING);
$transitionItem['code'] = Kit::ValidateParam($transition['Code'], _WORD);
$transitionItem['hasduration'] = Kit::ValidateParam($transition['HasDuration'], _INT);
$transitionItem['hasdirection'] = Kit::ValidateParam($transition['HasDirection'], _INT);
$transitionItem['enabledforin'] = Kit::ValidateParam($transition['AvailableAsIn'], _INT);
$transitionItem['enabledforout'] = Kit::ValidateParam($transition['AvailableAsOut'], _INT);
$transitionItem['class'] = ($transitionItem['hasduration'] == 1 ? 'hasDuration' : '') . ' ' . ($transitionItem['hasdirection'] == 1 ? 'hasDirection' : '');
$transitions[] = $transitionItem;
}
return $transitions;
}
function Grid()
{
$db =& $this->db;
$response = new ResponseManager();
$type = Kit::GetParam('filter_type', _POST, _WORD);
$fromDt = Kit::GetParam('filter_fromdt', _POST, _STRING);
setSession('sessions', 'Filter', Kit::GetParam('XiboFilterPinned', _REQUEST, _CHECKBOX, 'off'));
setSession('sessions', 'filter_type', $type);
setSession('sessions', 'filter_fromdt', $fromDt);
$SQL = "SELECT session.userID, user.UserName, IsExpired, LastPage, session.LastAccessed, RemoteAddr, UserAgent ";
$SQL .= "FROM `session` LEFT OUTER JOIN user ON user.userID = session.userID ";
$SQL .= "WHERE 1 = 1 ";
if ($fromDt != '') {
// From Date is the Calendar Formatted DateTime in ISO format
$SQL .= sprintf(" AND session.LastAccessed < '%s' ", DateManager::getMidnightSystemDate(DateManager::getTimestampFromString($fromDt)));
}
if ($type == "active") {
$SQL .= " AND IsExpired = 0 ";
}
if ($type == "expired") {
$SQL .= " AND IsExpired = 1 ";
}
if ($type == "guest") {
$SQL .= " AND session.userID IS NULL ";
}
// Load results into an array
$log = $db->GetArray($SQL);
Debug::LogEntry('audit', $SQL);
if (!is_array($log)) {
trigger_error($db->error());
trigger_error(__('Error getting the log'), E_USER_ERROR);
}
$cols = array(array('name' => 'lastaccessed', 'title' => __('Last Accessed')), array('name' => 'isexpired', 'title' => __('Active'), 'icons' => true), array('name' => 'username', 'title' => __('User Name')), array('name' => 'lastpage', 'title' => __('Last Page')), array('name' => 'ip', 'title' => __('IP Address')), array('name' => 'browser', 'title' => __('Browser')));
Theme::Set('table_cols', $cols);
$rows = array();
foreach ($log as $row) {
$row['userid'] = Kit::ValidateParam($row['userID'], _INT);
$row['username'] = Kit::ValidateParam($row['UserName'], _STRING);
$row['isexpired'] = Kit::ValidateParam($row['IsExpired'], _INT) == 1 ? 0 : 1;
$row['lastpage'] = Kit::ValidateParam($row['LastPage'], _STRING);
$row['lastaccessed'] = DateManager::getLocalDate(strtotime(Kit::ValidateParam($row['LastAccessed'], _STRING)));
$row['ip'] = Kit::ValidateParam($row['RemoteAddr'], _STRING);
$row['browser'] = Kit::ValidateParam($row['UserAgent'], _STRING);
// Edit
$row['buttons'][] = array('id' => 'sessions_button_logout', 'url' => 'index.php?p=sessions&q=ConfirmLogout&userid=' . $row['userid'], 'text' => __('Logout'));
$rows[] = $row;
}
Theme::Set('table_rows', $rows);
$response->SetGridResponse(Theme::RenderReturn('table_render'));
$response->Respond();
}
public function GetColumns($dataSetId)
{
if ($dataSetId == 0 || $dataSetId == '') {
return $this->SetError(25001, __('Missing dataSetId'));
}
try {
$dbh = PDOConnect::init();
$sth = $dbh->prepare('SELECT DataSetColumnID, Heading, datatype.DataType, datasetcolumntype.DataSetColumnType, ListContent, ColumnOrder
FROM datasetcolumn
INNER JOIN `datatype`
ON datatype.DataTypeID = datasetcolumn.DataTypeID
INNER JOIN `datasetcolumntype`
ON datasetcolumntype.DataSetColumnTypeID = datasetcolumn.DataSetColumnTypeID
WHERE DataSetID = :datasetid
ORDER BY ColumnOrder ');
$sth->execute(array('datasetid' => $dataSetId));
$results = $sth->fetchAll();
// Check there are some columns returned
if (count($results) <= 0) {
$this->ThrowError(__('No columns'));
}
$rows = array();
foreach ($results as $row) {
$col['datasetcolumnid'] = Kit::ValidateParam($row['DataSetColumnID'], _INT);
$col['heading'] = Kit::ValidateParam($row['Heading'], _STRING);
$col['listcontent'] = Kit::ValidateParam($row['ListContent'], _STRING);
$col['columnorder'] = Kit::ValidateParam($row['ColumnOrder'], _INT);
$col['datatype'] = Kit::ValidateParam($row['DataType'], _STRING);
$col['datasetcolumntype'] = Kit::ValidateParam($row['DataSetColumnType'], _STRING);
$rows[] = $col;
}
Debug::LogEntry('audit', sprintf('Returning %d columns.', count($rows)), 'DataSetColumn', 'GetColumns');
return $rows;
} catch (Exception $e) {
Debug::LogEntry('error', $e->getMessage());
if (!$this->IsError()) {
$this->SetError(1, __('Unknown Error'));
}
return false;
}
}
/**
* Edit Form
*/
public function EditForm()
{
$db =& $this->db;
$user =& $this->user;
$response = new ResponseManager();
$helpManager = new HelpManager($db, $user);
// Can we edit?
if (Config::GetSetting('MODULE_CONFIG_LOCKED_CHECKB') == 'Checked') {
trigger_error(__('Module Config Locked'), E_USER_ERROR);
}
$moduleId = Kit::GetParam('ModuleID', _GET, _INT);
// Pull the currently known info from the DB
$SQL = '';
$SQL .= 'SELECT ModuleID, ';
$SQL .= ' Name, ';
$SQL .= ' Enabled, ';
$SQL .= ' Description, ';
$SQL .= ' RegionSpecific, ';
$SQL .= ' ValidExtensions, ';
$SQL .= ' ImageUri, ';
$SQL .= ' PreviewEnabled ';
$SQL .= ' FROM `module` ';
$SQL .= ' WHERE ModuleID = %d ';
$SQL = sprintf($SQL, $moduleId);
if (!($row = $db->GetSingleRow($SQL))) {
trigger_error($db->error());
trigger_error(__('Error getting Module'));
}
Theme::Set('validextensions', Kit::ValidateParam($row['ValidExtensions'], _STRING));
Theme::Set('imageuri', Kit::ValidateParam($row['ImageUri'], _STRING));
Theme::Set('isregionspecific', Kit::ValidateParam($row['RegionSpecific'], _INT));
Theme::Set('enabled_checked', Kit::ValidateParam($row['Enabled'], _INT) ? 'checked' : '');
Theme::Set('preview_enabled_checked', Kit::ValidateParam($row['PreviewEnabled'], _INT) ? 'checked' : '');
// Set some information about the form
Theme::Set('form_id', 'ModuleEditForm');
Theme::Set('form_action', 'index.php?p=module&q=Edit');
Theme::Set('form_meta', '<input type="hidden" name="ModuleID" value="' . $moduleId . '" />');
$form = Theme::RenderReturn('module_form_edit');
$response->SetFormRequestResponse($form, __('Edit Module'), '350px', '325px');
$response->AddButton(__('Help'), 'XiboHelpRender("' . $helpManager->Link('Module', 'Edit') . '")');
$response->AddButton(__('Cancel'), 'XiboDialogClose()');
$response->AddButton(__('Save'), '$("#ModuleEditForm").submit()');
$response->Respond();
}
/**
* Gets a single value from the provided SQL
* @param <string> $SQL
* @param <string> $columnName
* @param <int> $dataType
* @return <type>
*/
public function GetSingleValue($SQL, $columnName, $dataType)
{
if (!($row = $this->GetSingleRow($SQL))) {
return false;
}
if (!isset($row[$columnName])) {
$this->error_text = 'No such column or column is null';
return false;
}
return Kit::ValidateParam($row[$columnName], $dataType);
}
public function EditForm()
{
// Create a form out of the config object.
$displayProfile = new DisplayProfile();
$displayProfile->displayProfileId = Kit::GetParam('displayprofileid', _GET, _INT);
if (!$displayProfile->Load()) {
trigger_error($displayProfile->GetErrorMessage(), E_USER_ERROR);
}
if ($this->user->usertypeid != 1 && $this->user->userid != $displayProfile->userId) {
trigger_error(__('You do not have permission to edit this profile'), E_USER_ERROR);
}
if (empty($displayProfile->type)) {
trigger_error(__('Unknown Client Type'), E_USER_ERROR);
}
// Capture and validate the posted form parameters in accordance with the display config object.
include 'config/client.config.php';
if (!isset($CLIENT_CONFIG[$displayProfile->type])) {
trigger_error(__('CMS Config not supported for ' . $displayProfile->type . ' displays.'), E_USER_ERROR);
}
// Set some information about the form
Theme::Set('form_id', 'DisplayConfigForm');
Theme::Set('form_action', 'index.php?p=displayprofile&q=Edit');
Theme::Set('form_meta', '<input type="hidden" name="displayprofileid" value="' . $displayProfile->displayProfileId . '" />');
$formFields = array();
$formTabs = array();
// Tabs?
foreach ($CLIENT_CONFIG[$displayProfile->type]['tabs'] as $tab) {
// Create an empty array of form fields for this tab.
$formFields[$tab['id']] = array();
// Also add the tab
$formTabs[] = FormManager::AddTab($tab['id'], $tab['name']);
}
// Go through each setting and output a form control to the theme.
$formFields['general'][] = FormManager::AddText('name', __('Name'), $displayProfile->name, __('The Name of the Profile - (1 - 50 characters)'), 'n', 'maxlength="50" required');
$formFields['general'][] = FormManager::AddCheckbox('isdefault', __('Default Profile?'), $displayProfile->isDefault, __('Is this the default profile for all Displays of this type? Only 1 profile can be the default.'), 'd');
foreach ($CLIENT_CONFIG[$displayProfile->type]['settings'] as $setting) {
// Check to see if we have a value for this setting as yet, if so we use that.
// TODO: there must be a way to improve this?
foreach ($displayProfile->config as $set) {
if ($set['name'] == $setting['name']) {
$setting['value'] = $set['value'];
}
}
if ($setting['type'] == 'checkbox' && isset($setting['value'])) {
$validated = $setting['value'];
} else {
if ($setting['fieldType'] == 'timePicker') {
// Check if we are 0, if so then set to 00:00
if ($setting['value'] == 0) {
$validated = '00:00';
} else {
$validated = DateManager::getLocalDate($setting['value'] / 1000, 'H:i');
}
} else {
if (isset($setting['value'])) {
$validated = Kit::ValidateParam($setting['value'], $setting['type']);
} else {
$validated = $setting['default'];
}
}
}
//Debug::LogEntry('audit', 'Validated ' . $setting['name'] . '. [' . $setting['value'] . '] as [' . $validated . ']. With type ' . $setting['type']);
// Each field needs to have a type, a name and a default
$formFields[$setting['tabId']][] = array('name' => $setting['name'], 'fieldType' => $setting['fieldType'], 'helpText' => $setting['helpText'], 'title' => $setting['title'], 'options' => isset($setting['options']) ? $setting['options'] : array(), 'optionId' => 'id', 'optionValue' => 'value', 'validation' => isset($setting['validation']) ? $setting['validation'] : '', 'value' => $validated, 'enabled' => $setting['enabled'], 'groupClass' => NULL, 'accesskey' => '');
}
Theme::Set('form_tabs', $formTabs);
foreach ($CLIENT_CONFIG[$displayProfile->type]['tabs'] as $tab) {
Theme::Set('form_fields_' . $tab['id'], $formFields[$tab['id']]);
}
$response = new ResponseManager();
$response->SetFormRequestResponse(NULL, __('Edit Profile'), '650px', '350px');
$response->AddButton(__('Help'), 'XiboHelpRender("' . HelpManager::Link('DisplayProfile', 'Edit') . '")');
$response->AddButton(__('Cancel'), 'XiboDialogClose()');
$response->AddButton(__('Save'), '$("#DisplayConfigForm").submit()');
$response->Respond();
}
/**
* We need to update the user groups
*/
private function UpdateUserGroups()
{
$db =& $this->db;
// Get all the current users in the system
$SQL = "SELECT UserID, groupID, UserName FROM `user`";
if (!($result = $db->query($SQL))) {
reportError('20.php', "Error creating user groups" . $db->error());
}
while ($row = $db->get_assoc_row($result)) {
// For each display create a display group and link it to the display
$ugid = 0;
$userID = Kit::ValidateParam($row['UserID'], _INT);
$groupID = Kit::ValidateParam($row['groupID'], _INT);
$username = Kit::ValidateParam($row['UserName'], _STRING);
$ug = new UserGroup($db);
// For each one create a user specific group
if (!($ugId = $ug->Add($username, 1))) {
reportError('20.php', "Error creating user groups" . $db->error());
}
// Link to the users own userspecific group and also to the one they were already on
$ug->Link($ugId, $userID);
$ug->Link($groupID, $userID);
}
}
/**
* Permissions form
*/
public function PermissionsForm()
{
$db =& $this->db;
$user =& $this->user;
$response = new ResponseManager();
$helpManager = new HelpManager($db, $user);
$templateId = Kit::GetParam('templateid', _GET, _INT);
if ($templateId == 0) {
trigger_error(__('No template selected'), E_USER_ERROR);
}
// Is this user allowed to delete this template?
$auth = $this->user->TemplateAuth($templateId, true);
// Set some information about the form
Theme::Set('form_id', 'TemplatePermissionsForm');
Theme::Set('form_action', 'index.php?p=template&q=Permissions');
Theme::Set('form_meta', '<input type="hidden" name="templateid" value="' . $templateId . '" />');
// List of all Groups with a view/edit/delete checkbox
$SQL = '';
$SQL .= 'SELECT `group`.GroupID, `group`.`Group`, View, Edit, Del, `group`.IsUserSpecific ';
$SQL .= ' FROM `group` ';
$SQL .= ' LEFT OUTER JOIN lktemplategroup ';
$SQL .= ' ON lktemplategroup.GroupID = group.GroupID ';
$SQL .= ' AND lktemplategroup.TemplateID = %d ';
$SQL .= ' WHERE `group`.GroupID <> %d ';
$SQL .= 'ORDER BY `group`.IsEveryone DESC, `group`.IsUserSpecific, `group`.`Group` ';
$SQL = sprintf($SQL, $templateId, $user->getGroupFromId($user->userid, true));
if (!($results = $db->query($SQL))) {
trigger_error($db->error());
trigger_error(__('Unable to get permissions for this template'), E_USER_ERROR);
}
$checkboxes = array();
while ($row = $db->get_assoc_row($results)) {
$groupId = $row['GroupID'];
$rowClass = $row['IsUserSpecific'] == 0 ? 'strong_text' : '';
$checkbox = array('id' => $groupId, 'name' => Kit::ValidateParam($row['Group'], _STRING), 'class' => $rowClass, 'value_view' => $groupId . '_view', 'value_view_checked' => $row['View'] == 1 ? 'checked' : '', 'value_edit' => $groupId . '_edit', 'value_edit_checked' => $row['Edit'] == 1 ? 'checked' : '', 'value_del' => $groupId . '_del', 'value_del_checked' => $row['Del'] == 1 ? 'checked' : '');
$checkboxes[] = $checkbox;
}
Theme::Set('form_rows', $checkboxes);
$form = Theme::RenderReturn('campaign_form_permissions');
$response->SetFormRequestResponse($form, __('Permissions'), '350px', '500px');
$response->AddButton(__('Help'), 'XiboHelpRender("' . $helpManager->Link('Template', 'Permissions') . '")');
$response->AddButton(__('Cancel'), 'XiboDialogClose()');
$response->AddButton(__('Save'), '$("#TemplatePermissionsForm").submit()');
$response->Respond();
}
/**
* Resolution Edit Form
*/
function EditForm()
{
$db =& $this->db;
$user =& $this->user;
$response = new ResponseManager();
$resolutionID = Kit::GetParam('resolutionid', _GET, _INT);
$SQL = sprintf("SELECT resolution, width, height, intended_width, intended_height, enabled FROM resolution WHERE resolutionID = %d", $resolutionID);
if (!($result = $db->query($SQL))) {
trigger_error($db->error());
trigger_error(__('Unable to edit this resolution'), E_USER_ERROR);
}
if ($db->num_rows($result) == 0) {
trigger_error(__('Incorrect resolution id'), E_USER_ERROR);
}
$row = $db->get_assoc_row($result);
$formFields = array();
$formFields[] = FormManager::AddText('resolution', __('Resolution'), Kit::ValidateParam($row['resolution'], _STRING), __('A name for this Resolution'), 'r', 'required');
$formFields[] = FormManager::AddNumber('width', __('Width'), Kit::ValidateParam($row['intended_width'], _INT), __('The Width for this Resolution'), 'w', 'required');
$formFields[] = FormManager::AddNumber('height', __('Height'), Kit::ValidateParam($row['intended_height'], _INT), __('The Height for this Resolution'), 'h', 'required');
$formFields[] = FormManager::AddCheckbox('enabled', __('Enable?'), Kit::ValidateParam($row['enabled'], _INT), __('Is the Resolution enabled for use?'), 'e');
Theme::Set('form_fields', $formFields);
Theme::Set('form_id', 'ResolutionForm');
Theme::Set('form_action', 'index.php?p=resolution&q=Edit');
Theme::Set('form_meta', '<input type="hidden" name="resolutionid" value="' . $resolutionID . '" >');
$response->SetFormRequestResponse(NULL, __('Edit Resolution'), '350px', '250px');
$response->AddButton(__('Help'), 'XiboHelpRender("' . HelpManager::Link('Template', 'Add') . '")');
$response->AddButton(__('Cancel'), 'XiboDialogClose()');
$response->AddButton(__('Save'), '$("#ResolutionForm").submit()');
$response->Respond();
}
/**
* Edit Form
*/
public function EditForm()
{
$db =& $this->db;
$user =& $this->user;
$response = new ResponseManager();
$helpManager = new HelpManager($db, $user);
// Can we edit?
if (Config::GetSetting('MODULE_CONFIG_LOCKED_CHECKB') == 'Checked') {
trigger_error(__('Module Config Locked'), E_USER_ERROR);
}
$moduleId = Kit::GetParam('ModuleID', _GET, _INT);
// Pull the currently known info from the DB
$SQL = '';
$SQL .= 'SELECT ModuleID, ';
$SQL .= ' Module, ';
$SQL .= ' Name, ';
$SQL .= ' Enabled, ';
$SQL .= ' Description, ';
$SQL .= ' RegionSpecific, ';
$SQL .= ' ValidExtensions, ';
$SQL .= ' ImageUri, ';
$SQL .= ' PreviewEnabled ';
$SQL .= ' FROM `module` ';
$SQL .= ' WHERE ModuleID = %d ';
$SQL = sprintf($SQL, $moduleId);
if (!($row = $db->GetSingleRow($SQL))) {
trigger_error($db->error());
trigger_error(__('Error getting Module'));
}
$type = Kit::ValidateParam($row['Module'], _WORD);
// Set some information about the form
Theme::Set('form_id', 'ModuleEditForm');
Theme::Set('form_action', 'index.php?p=module&q=Edit');
Theme::Set('form_meta', '<input type="hidden" name="ModuleID" value="' . $moduleId . '" /><input type="hidden" name="type" value="' . $type . '" />');
$formFields = array();
$formFields[] = FormManager::AddText('ValidExtensions', __('Valid Extensions'), Kit::ValidateParam($row['ValidExtensions'], _STRING), __('The Extensions allowed on files uploaded using this module. Comma Separated.'), 'e', '');
$formFields[] = FormManager::AddText('ImageUri', __('Image Uri'), Kit::ValidateParam($row['ImageUri'], _STRING), __('The Image to display for this module. This should be a path relative to the root of the installation.'), 'i', '');
$formFields[] = FormManager::AddCheckbox('PreviewEnabled', __('Preview Enabled?'), Kit::ValidateParam($row['PreviewEnabled'], _INT), __('When PreviewEnabled users will be able to see a preview in the layout designer'), 'p');
$formFields[] = FormManager::AddCheckbox('Enabled', __('Enabled?'), Kit::ValidateParam($row['Enabled'], _INT), __('When Enabled users will be able to add media using this module'), 'b');
// Set any module specific form fields
$module = ModuleFactory::create($type, $this->db, $this->user);
// Merge in the fields from the settings
foreach ($module->ModuleSettingsForm() as $field) {
$formFields[] = $field;
}
Theme::Set('form_fields', $formFields);
$response->SetFormRequestResponse(NULL, __('Edit Module'), '350px', '325px');
$response->AddButton(__('Help'), 'XiboHelpRender("' . $helpManager->Link('Module', 'Edit') . '")');
$response->AddButton(__('Cancel'), 'XiboDialogClose()');
$response->AddButton(__('Save'), '$("#ModuleEditForm").submit()');
$response->Respond();
}
/**
* Links a layout and tag
* @param string $tag The Tag
* @param int $mediaId The Layout
*/
public function tag($tag, $mediaId)
{
$tagObject = new Tag();
if (!($tagId = $tagObject->add($tag))) {
return $this->SetError($tagObject->GetErrorMessage());
}
try {
$dbh = PDOConnect::init();
// See if this tag exists
$sth = $dbh->prepare('SELECT * FROM `lktagmedia` WHERE mediaId = :mediaId AND tagId = :tagId');
$sth->execute(array('tagId' => $tagId, 'mediaId' => $mediaId));
if (!($row = $sth->fetch())) {
$sth = $dbh->prepare('INSERT INTO `lktagmedia` (tagId, mediaId) VALUES (:tagId, :mediaId)');
$sth->execute(array('tagId' => $tagId, 'mediaId' => $mediaId));
return $dbh->lastInsertId();
} else {
return Kit::ValidateParam($row['lkTagMediaId'], _INT);
}
} catch (Exception $e) {
Debug::LogEntry('error', $e->getMessage(), get_class(), __FUNCTION__);
if (!$this->IsError()) {
$this->SetError(1, __('Unknown Error'));
}
return false;
}
}
/**
* Gets called by the SWFUpload Object for uploading files
* @return
*/
function FileUpload()
{
$db =& $this->db;
Debug::LogEntry('audit', 'Uploading a file', 'Library', 'FileUpload');
Kit::ClassLoader('file');
$fileObject = new File($db);
// Check we got a valid file
if (isset($_FILES['media_file']) && is_uploaded_file($_FILES['media_file']['tmp_name']) && $_FILES['media_file']['error'] == 0) {
Debug::LogEntry('audit', 'Valid Upload', 'Library', 'FileUpload');
// Directory location
$libraryFolder = Config::GetSetting('LIBRARY_LOCATION');
$error = 0;
$fileName = Kit::ValidateParam($_FILES['media_file']['name'], _FILENAME);
$fileId = $fileObject->GenerateFileId($this->user->userid);
$fileLocation = $libraryFolder . 'temp/' . $fileId;
// Make sure the library exists
File::EnsureLibraryExists();
// Save the FILE
Debug::LogEntry('audit', 'Saving the file to: ' . $fileLocation, 'FileUpload');
move_uploaded_file($_FILES['media_file']['tmp_name'], $fileLocation);
Debug::LogEntry('audit', 'Upload Success', 'FileUpload');
} else {
$error = isset($_FILES['media_file']) ? $_FILES['media_file']['error'] : -1;
$fileName = 'Error';
$fileId = 0;
Debug::LogEntry('audit', 'Error uploading the file. Error Number: ' . $error, 'FileUpload');
}
$complete_page = <<<HTML
<html>
<head>
<script type="text/javascript">
var fileId = '{$fileId}';
var fileName = '{$fileName}';
var errorNo = {$error};
function report()
{
var form = window.parent.fileUploadReport(fileName, fileId, errorNo);
}
window.onload = report;
</script>
</head>
<body></body>
</html>
HTML;
echo $complete_page;
Debug::LogEntry("audit", $complete_page, "FileUpload");
Debug::LogEntry("audit", "[OUT]", "FileUpload");
exit;
}
/**
* Edits the User Group associated with a User
* @return
* @param $userID Object
* @param $userName Object
*/
public function EditUserGroup($userID, $userName)
{
Debug::LogEntry('audit', 'IN', 'UserGroup', 'EditUserGroup');
try {
$dbh = PDOConnect::init();
// Get the UserGroupID for this UserID
$SQL = "SELECT `group`.GroupID ";
$SQL .= "FROM `group` ";
$SQL .= " INNER JOIN lkusergroup ";
$SQL .= " ON lkusergroup.GroupID = `group`.groupID ";
$SQL .= "WHERE `group`.IsUserSpecific = 1 ";
$SQL .= " AND lkusergroup.UserID = :userid";
$sth = $dbh->prepare($SQL);
$sth->execute(array('userid' => $userID));
if (!($row = $sth->fetch())) {
$this->ThrowError(25005, __('Unable to get the UserGroup for this User.'));
}
$userGroupID = Kit::ValidateParam($row['GroupID'], _INT);
if ($userGroupID == 0) {
// We should always have 1 display specific UserGroup for a display.
// Do we a) Error here and give up?
// b) Create one and link it up?
// $this->SetError(25006, __('Unable to get the UserGroup for this Display'));
if (!($userGroupID = $this->Add($userName, 1))) {
$this->ThrowError(25001, __('Could not add a user group for this user.'));
}
// Link the Two together
if (!$this->Link($userGroupID, $userID)) {
$this->ThrowError(25001, __('Could not link the new user with its group.'));
}
} else {
if (!$this->Edit($userGroupID, $userName)) {
throw new Exception("Error Processing Request", 1);
}
}
Debug::LogEntry('audit', 'OUT', 'UserGroup', 'EditUserGroup');
return true;
} catch (Exception $e) {
Debug::LogEntry('error', $e->getMessage());
if (!$this->IsError()) {
$this->SetError(1, __('Unknown Error'));
}
return false;
}
}
/**
* Help Edit form
*/
public function EditForm()
{
$db =& $this->db;
$user =& $this->user;
$response = new ResponseManager();
$helpId = Kit::GetParam('HelpID', _REQUEST, _INT);
// Pull the currently known info from the DB
$SQL = "SELECT HelpID, Topic, Category, Link FROM `help` WHERE HelpID = %d ";
$SQL = sprintf($SQL, $helpId);
if (!($row = $db->GetSingleRow($SQL))) {
trigger_error($db->error());
trigger_error(__('Error getting Help Link'));
}
// Set some information about the form
Theme::Set('form_id', 'HelpEditForm');
Theme::Set('form_action', 'index.php?p=help&q=Edit');
Theme::Set('form_meta', '<input type="hidden" name="HelpID" value="' . $helpId . '" />');
Theme::Set('topic', Kit::ValidateParam($row['Topic'], _STRING));
Theme::Set('category', Kit::ValidateParam($row['Category'], _STRING));
Theme::Set('link', Kit::ValidateParam($row['Link'], _STRING));
$form = Theme::RenderReturn('help_form_edit');
$response->SetFormRequestResponse($form, __('Edit Help Link'), '350px', '325px');
$response->AddButton(__('Cancel'), 'XiboDialogClose()');
$response->AddButton(__('Save'), '$("#HelpEditForm").submit()');
$response->Respond();
}
/**
* Permissions form
*/
public function PermissionsForm()
{
$db =& $this->db;
$user =& $this->user;
$response = new ResponseManager();
$helpManager = new HelpManager($db, $user);
if (!$this->auth->modifyPermissions) {
trigger_error(__('You do not have permissions to edit this media'), E_USER_ERROR);
}
// List of all Groups with a view / edit / delete check box
$permissions = new UserGroup();
if ($this->assignedMedia) {
if (!($result = $permissions->GetPermissionsForObject('lklayoutmediagroup', NULL, NULL, sprintf(" AND lklayoutmediagroup.MediaID = '%s' AND lklayoutmediagroup.RegionID = '%s' AND lklayoutmediagroup.LayoutID = %d ", $this->mediaid, $this->regionid, $this->layoutid)))) {
trigger_error($permissions->GetErrorMessage(), E_USER_ERROR);
}
} else {
if (!($result = $permissions->GetPermissionsForObject('lkmediagroup', 'MediaID', $this->mediaid))) {
trigger_error($permissions->GetErrorMessage(), E_USER_ERROR);
}
}
if (count($result) <= 0) {
trigger_error(__('Unable to get permissions'), E_USER_ERROR);
}
$checkboxes = array();
foreach ($result as $row) {
$groupId = $row['groupid'];
$rowClass = $row['isuserspecific'] == 0 ? 'strong_text' : '';
$checkbox = array('id' => $groupId, 'name' => Kit::ValidateParam($row['group'], _STRING), 'class' => $rowClass, 'value_view' => $groupId . '_view', 'value_view_checked' => $row['view'] == 1 ? 'checked' : '', 'value_edit' => $groupId . '_edit', 'value_edit_checked' => $row['edit'] == 1 ? 'checked' : '', 'value_del' => $groupId . '_del', 'value_del_checked' => $row['del'] == 1 ? 'checked' : '');
$checkboxes[] = $checkbox;
}
$formFields = array();
$formFields[] = FormManager::AddPermissions('groupids[]', $checkboxes);
Theme::Set('form_fields', $formFields);
// Set some information about the form
Theme::Set('form_id', 'LayoutPermissionsForm');
Theme::Set('form_action', 'index.php?p=module&mod=' . $this->type . '&q=Exec&method=Permissions');
Theme::Set('form_meta', '<input type="hidden" name="layoutid" value="' . $this->layoutid . '" /><input type="hidden" name="regionid" value="' . $this->regionid . '" /><input type="hidden" name="mediaid" value="' . $this->mediaid . '" />');
$response->SetFormRequestResponse(NULL, __('Permissions'), '350px', '500px');
$response->AddButton(__('Help'), 'XiboHelpRender("' . ($this->layoutid != 0 ? $helpManager->Link('LayoutMedia', 'Permissions') : $helpManager->Link('Media', 'Permissions')) . '")');
if ($this->assignedMedia) {
$response->AddButton(__('Cancel'), 'XiboSwapDialog("index.php?p=timeline&layoutid=' . $this->layoutid . '®ionid=' . $this->regionid . '&q=RegionOptions")');
} else {
$response->AddButton(__('Cancel'), 'XiboDialogClose()');
}
$response->AddButton(__('Save'), '$("#LayoutPermissionsForm").submit()');
return $response;
}
function forgotten()
{
//Called by a submit to the Forgotten Details form
// Checks the validity of the data provided, and emails a new password to the user
$db =& $this->db;
$username = Kit::GetParam('f_username', _POST, _USERNAME);
$email = Kit::GetParam('f_email', _POST, _STRING);
$return = "index.php";
if ($username == "" || $email == "") {
setMessage("Username and Email address need to be filled in");
return $return;
}
//send the email
$from = Config::GetSetting("mail_from");
if ($from == "") {
setMessage("Email is not set up, please contact your IT manager");
return $return;
}
//check the user details
$SQL = sprintf("SELECT userid FROM user WHERE username = '******' AND email = '%s'", $db->escape_string($username), $db->escape_string($email));
if (!($results = $db->query($SQL))) {
trigger_error($db->error);
trigger_error("Can not get the user information", E_USER_ERROR);
}
if ($db->num_rows($results) < 0 || $db->num_rows($results) > 1) {
setMessage("The details you entered are incorrect.");
return $return;
}
$row = $db->get_row($results);
$userid = Kit::ValidateParam($row[0], _INT);
//user ID for the user that wants a new password
$password_plain = $this->random_word(8);
//generate a new password
$password = md5($password_plain);
//update the password
$SQL = sprintf("UPDATE user SET UserPassword = '******' WHERE userid = %d", $db->escape_string($password), $userid);
if (!$db->query($SQL)) {
trigger_error($db->error());
trigger_error("Unable to send new password", E_USER_ERROR);
}
$headers = "From: {$from}" . "\r\n" . "Reply-To: {$from}" . "\r\n" . "X-Mailer: PHP/" . phpversion();
if (!@mail($email, "Xibo: New Password request for {$username}", "Your new password is {$password_plain} \n . You may now login with these details.", $headers)) {
setMessage("Email is not set up, please contact your IT manager");
return $return;
}
setMessage("New Password Sent to your email address");
return $return;
}
/**
* Sets the Members of a group
* @return
*/
public function SetMemberOf()
{
$db =& $this->db;
$response = new ResponseManager();
Kit::ClassLoader('displaygroup');
$displayGroupObject = new DisplayGroup($db);
$displayID = Kit::GetParam('DisplayID', _REQUEST, _INT);
$displayGroups = Kit::GetParam('DisplayGroupID', _POST, _ARRAY, array());
$members = array();
// Get a list of current members
$SQL = "";
$SQL .= "SELECT displaygroup.DisplayGroupID ";
$SQL .= "FROM displaygroup ";
$SQL .= " INNER JOIN lkdisplaydg ON lkdisplaydg.DisplayGroupID = displaygroup.DisplayGroupID ";
$SQL .= sprintf("WHERE lkdisplaydg.DisplayID = %d ", $displayID);
$SQL .= " AND displaygroup.IsDisplaySpecific = 0 ";
if (!($resultIn = $db->query($SQL))) {
trigger_error($db->error());
trigger_error(__('Error getting Display Groups'), E_USER_ERROR);
}
while ($row = $db->get_assoc_row($resultIn)) {
// Test whether this ID is in the array or not
$displayGroupID = Kit::ValidateParam($row['DisplayGroupID'], _INT);
if (!in_array($displayGroupID, $displayGroups)) {
// Its currently assigned but not in the $displays array
// so we unassign
if (!$displayGroupObject->Unlink($displayGroupID, $displayID)) {
trigger_error($displayGroupObject->GetErrorMessage(), E_USER_ERROR);
}
} else {
$members[] = $displayGroupID;
}
}
foreach ($displayGroups as $displayGroupID) {
// Add any that are missing
if (!in_array($displayGroupID, $members)) {
if (!$displayGroupObject->Link($displayGroupID, $displayID)) {
trigger_error($displayGroupObject->GetErrorMessage(), E_USER_ERROR);
}
}
}
$response->SetFormSubmitResponse(__('Group membership set'), false);
$response->Respond();
}
/**
* Outputs a CSV of stats
* @return
*/
public function OutputCSV()
{
$db =& $this->db;
$output = '';
// We are expecting some parameters
$fromdt = Kit::GetParam('fromdt', _POST, _STRING);
$todt = Kit::GetParam('todt', _POST, _STRING);
$displayID = Kit::GetParam('displayid', _POST, _INT);
if ($fromdt == $todt) {
$todt = date("Y-m-d", strtotime($todt) + 86399);
}
// We want to output a load of stuff to the browser as a text file.
header('Content-Type: text/csv');
header('Content-Disposition: attachment; filename="stats.csv"');
header("Content-Transfer-Encoding: binary");
header('Accept-Ranges: bytes');
// Get an array of display id this user has access to.
$displays = $this->user->DisplayList();
$display_ids = array();
foreach ($displays as $display) {
$display_ids[] = $display['displayid'];
}
if (count($display_ids) <= 0) {
echo __('No displays with View permissions');
exit;
}
$SQL = 'SELECT stat.*, display.Display, layout.Layout, media.Name AS MediaName ';
$SQL .= ' FROM stat ';
$SQL .= ' INNER JOIN display ON stat.DisplayID = display.DisplayID ';
$SQL .= ' INNER JOIN layout ON layout.LayoutID = stat.LayoutID ';
$SQL .= ' LEFT OUTER JOIN media ON media.mediaID = stat.mediaID ';
$SQL .= ' WHERE 1=1 ';
$SQL .= sprintf(" AND stat.end > '%s' ", $fromdt);
$SQL .= sprintf(" AND stat.start <= '%s' ", $todt);
$SQL .= ' AND stat.displayID IN (' . implode(',', $display_ids) . ') ';
if ($displayID != 0) {
$SQL .= sprintf(" AND stat.displayID = %d ", $displayID);
}
$SQL .= " ORDER BY stat.start ";
Debug::LogEntry('audit', $SQL, 'Stats', 'OutputCSV');
if (!($result = $db->query($SQL))) {
trigger_error($db->error());
trigger_error('Failed to query for Stats.', E_USER_ERROR);
}
// Header row
$output .= "Type, FromDT, ToDT, Layout, Display, Media, Tag\n";
while ($row = $db->get_assoc_row($result)) {
// Read the columns
$type = Kit::ValidateParam($row['Type'], _STRING);
$fromdt = Kit::ValidateParam($row['start'], _STRING);
$todt = Kit::ValidateParam($row['end'], _STRING);
$layout = Kit::ValidateParam($row['Layout'], _STRING);
$display = Kit::ValidateParam($row['Display'], _STRING);
$media = Kit::ValidateParam($row['MediaName'], _STRING);
$tag = Kit::ValidateParam($row['Tag'], _STRING);
$output .= "{$type}, {$fromdt}, {$todt}, {$layout}, {$display}, {$media}, {$tag}\n";
}
//Debug::LogEntry('audit', 'Output: ' . $output, 'Stats', 'OutputCSV');
echo $output;
exit;
}
/**
* Show the Permissions for this Campaign
*/
public function PermissionsForm()
{
$db =& $this->db;
$user =& $this->user;
$response = new ResponseManager();
$campaignId = Kit::GetParam('CampaignID', _GET, _INT);
$auth = $this->user->CampaignAuth($campaignId, true);
if (!$auth->modifyPermissions) {
trigger_error(__('You do not have permissions to edit this campaign'), E_USER_ERROR);
}
// Set some information about the form
Theme::Set('form_id', 'CampaignPermissionsForm');
Theme::Set('form_action', 'index.php?p=campaign&q=Permissions');
Theme::Set('form_meta', '<input type="hidden" name="campaignId" value="' . $campaignId . '" />');
// List of all Groups with a view / edit / delete check box
$permissions = new CampaignSecurity();
if (!($result = $permissions->GetPermissions($campaignId))) {
trigger_error($permissions->GetErrorMessage(), E_USER_ERROR);
}
if (count($result) <= 0) {
trigger_error(__('Unable to get permissions for this Campaign'), E_USER_ERROR);
}
$checkboxes = array();
foreach ($result as $row) {
$groupId = $row['groupid'];
$rowClass = $row['isuserspecific'] == 0 ? 'strong_text' : '';
$checkbox = array('id' => $groupId, 'name' => Kit::ValidateParam($row['group'], _STRING), 'class' => $rowClass, 'value_view' => $groupId . '_view', 'value_view_checked' => $row['view'] == 1 ? 'checked' : '', 'value_edit' => $groupId . '_edit', 'value_edit_checked' => $row['edit'] == 1 ? 'checked' : '', 'value_del' => $groupId . '_del', 'value_del_checked' => $row['del'] == 1 ? 'checked' : '');
$checkboxes[] = $checkbox;
}
$formFields = array();
$formFields[] = FormManager::AddPermissions('groupids[]', $checkboxes);
$formFields[] = FormManager::AddCheckbox('replaceInLayouts', __('Update these permissions on all layouts, regions and media.'), 0, __('Note: It will only be replaced in layouts you have permission to edit.'), 'r');
$users = $user->userList(array('userName'));
$users[] = array('userid' => -1, 'username' => '');
$formFields[] = FormManager::AddCombo('ownerId', __('Owner'), -1, $users, 'userid', 'username', __('Change the Owner of this item. Leave empty to keep the current owner.'), 'o');
Theme::Set('form_fields', $formFields);
$form = Theme::RenderReturn('form_render');
$response->SetFormRequestResponse($form, __('Permissions'), '350px', '500px');
$response->AddButton(__('Help'), 'XiboHelpRender("' . HelpManager::Link('Campaign', 'Permissions') . '")');
$response->AddButton(__('Cancel'), 'XiboDialogClose()');
$response->AddButton(__('Save'), '$("#CampaignPermissionsForm").submit()');
$response->Respond();
}
/**
* Export a layout.
* @param [type] $layoutId [description]
*/
function Export($layoutId)
{
if ($layoutId == 0 || $layoutId == '') {
return $this->SetError(__('Must provide layoutId'));
}
$config = new Config();
if (!$config->CheckZip()) {
return $this->SetError(__('Zip is not enabled on this server'));
}
$libraryPath = Config::GetSetting('LIBRARY_LOCATION');
try {
$dbh = PDOConnect::init();
$sth = $dbh->prepare('
SELECT layout, description, backgroundImageId, xml
FROM layout
WHERE layoutid = :layoutid');
$sth->execute(array('layoutid' => $layoutId));
if (!($row = $sth->fetch())) {
$this->ThrowError(__('Layout not found.'));
}
// Open a ZIP file with the same name as the layout
File::EnsureLibraryExists();
$zip = new ZipArchive();
$fileName = $libraryPath . 'temp/export_' . Kit::ValidateParam($row['layout'], _FILENAME) . '.zip';
$result = $zip->open($fileName, ZIPARCHIVE::CREATE | ZIPARCHIVE::OVERWRITE);
if ($result !== true) {
$this->ThrowError(__('Can\'t create ZIP. Error Code: ' . $result));
}
// Add layout information to the ZIP
$layout = array('layout' => Kit::ValidateParam($row['layout'], _STRING), 'description' => Kit::ValidateParam($row['description'], _STRING));
$zip->addFromString('layout.json', json_encode($layout));
// Add the layout XLF
$xml = $row['xml'];
$zip->addFromString('layout.xml', $xml);
$params = array('layoutid' => $layoutId, 'excludeType' => 'module');
$SQL = '
SELECT media.mediaid, media.name, media.storedAs, originalFileName, type, duration
FROM `media`
INNER JOIN `lklayoutmedia`
ON lklayoutmedia.mediaid = media.mediaid
WHERE lklayoutmedia.layoutid = :layoutid
AND media.type <> :excludeType
';
// Add the media to the ZIP
$mediaSth = $dbh->prepare($SQL);
$mediaSth->execute($params);
$mappings = array();
foreach ($mediaSth->fetchAll() as $media) {
$mediaFilePath = $libraryPath . $media['storedAs'];
$zip->addFile($mediaFilePath, 'library/' . $media['originalFileName']);
$mappings[] = array('file' => $media['originalFileName'], 'mediaid' => $media['mediaid'], 'name' => $media['name'], 'type' => $media['type'], 'duration' => $media['duration'], 'background' => $media['mediaid'] == $row['backgroundImageId'] ? 1 : 0);
}
// Add the mappings file to the ZIP
$zip->addFromString('mapping.json', json_encode($mappings));
$zip->close();
// Uncomment only if you are having permission issues
// chmod($fileName, 0777);
// Push file back to browser
if (ini_get('zlib.output_compression')) {
ini_set('zlib.output_compression', 'Off');
}
$size = filesize($fileName);
header('Content-Type: application/octet-stream');
header("Content-Transfer-Encoding: Binary");
header("Content-disposition: attachment; filename=\"" . basename($fileName) . "\"");
//Output a header
header('Pragma: public');
header('Cache-Control: max-age=86400');
header('Expires: ' . gmdate('D, d M Y H:i:s \\G\\M\\T', time() + 86400));
header('Content-Length: ' . $size);
// Send via Apache X-Sendfile header?
if (Config::GetSetting('SENDFILE_MODE') == 'Apache') {
header("X-Sendfile: {$fileName}");
exit;
}
// Send via Nginx X-Accel-Redirect?
if (Config::GetSetting('SENDFILE_MODE') == 'Nginx') {
header("X-Accel-Redirect: /download/temp/" . basename($fileName));
exit;
}
// Return the file with PHP
// Disable any buffering to prevent OOM errors.
@ob_end_clean();
@ob_end_flush();
readfile($fileName);
exit;
} catch (Exception $e) {
Debug::LogEntry('error', $e->getMessage());
if (!$this->IsError()) {
$this->SetError(1, __('Unknown Error'));
}
return false;
}
}