/** * Used when checking if there is a client or user logged in via cookie. * * @see check_for_session */ function check_valid_cookie() { if (isset($_COOKIE['password']) && isset($_COOKIE['loggedin']) && isset($_COOKIE['userlevel'])) { $cookie_pass = mysql_real_escape_string($_COOKIE['password']); $cookie_user = mysql_real_escape_string($_COOKIE['loggedin']); $cookie_level = mysql_real_escape_string($_COOKIE['userlevel']); /** * Compare the cookies to the database information. Level * and active are compared in case the cookie exists but * the client has been deactivated, or the user level has * changed. */ $sql_cookie = mysql_query("SELECT * FROM tbl_users WHERE user='******' AND password='******' AND level='{$cookie_level}' AND active = '1'"); $count = mysql_num_rows($sql_cookie); if ($count > 0) { if (!isset($_SESSION['loggedin'])) { /** Set SESSION values */ $_SESSION['loggedin'] = $_COOKIE['loggedin']; $_SESSION['userlevel'] = $_COOKIE['userlevel']; $_SESSION['access'] = $_COOKIE['access']; while ($row = mysql_fetch_array($sql_cookie)) { $log_id = $row['id']; $log_name = $row['name']; } /** Record the action log */ $new_log_action = new LogActions(); $log_action_args = array('action' => 24, 'owner_id' => $log_id, 'owner_user' => $log_name); $new_record_action = $new_log_action->log_action_save($log_action_args); } return true; } } }
/** * Used when checking if there is a client or user logged in via cookie. * * @see check_for_session */ function check_valid_cookie() { global $dbh; if (isset($_COOKIE['password']) && isset($_COOKIE['loggedin']) && isset($_COOKIE['userlevel'])) { $statement = $dbh->prepare("SELECT * FROM " . TABLE_USERS . " WHERE user= :cookie_user AND password= :cookie_pass AND level= :cookie_level AND active = '1'"); $statement->execute(array(':cookie_user' => $_COOKIE['loggedin'], ':cookie_pass' => $_COOKIE['password'], ':cookie_level' => $_COOKIE['userlevel'])); $count = $statement->rowCount(); /** * Compare the cookies to the database information. Level * and active are compared in case the cookie exists but * the client has been deactivated, or the user level has * changed. */ if ($count > 0) { if (!isset($_SESSION['loggedin'])) { /** Set SESSION values */ $_SESSION['loggedin'] = $_COOKIE['loggedin']; $_SESSION['userlevel'] = $_COOKIE['userlevel']; $_SESSION['access'] = $_COOKIE['access']; $statement->setFetchMode(PDO::FETCH_ASSOC); while ($row = $statement->fetch()) { $log_id = $row['id']; $log_name = $row['name']; } /** Record the action log */ $new_log_action = new LogActions(); $log_action_args = array('action' => 24, 'owner_id' => $log_id, 'owner_user' => $log_name); $new_record_action = $new_log_action->log_action_save($log_action_args); } return true; } } }
/** * Receives the data from any of the 2 clear assignments functions */ private function delete_assignments($arguments) { global $database; $this->clients = $arguments['clients']; $this->groups = $arguments['groups']; $this->owner_id = $arguments['owner_id']; /** * Get a list of clients names for the log */ if (!empty($this->clients)) { $this->delete_clients = implode(',', array_unique($this->clients)); $this->clients_names_query = "SELECT id, name FROM tbl_users WHERE id IN ({$this->delete_clients})"; $this->clients_names_sql = $database->query($this->clients_names_query); while ($this->crow = mysql_fetch_array($this->clients_names_sql)) { $this->clients_names[$this->crow['id']] = $this->crow['name']; } $this->clean_query = "DELETE FROM tbl_files_relations WHERE file_id = '{$this->file_id}' AND client_id IN ({$this->delete_clients})"; $this->clean_sql = $database->query($this->clean_query); /** Record the action log */ foreach ($this->clients as $this->deleted_client) { $new_log_action = new LogActions(); $log_action_args = array('action' => 10, 'owner_id' => $this->owner_id, 'affected_file' => $this->file_id, 'affected_file_name' => $this->file_name, 'affected_account' => $this->deleted_client, 'affected_account_name' => $this->clients_names[$this->deleted_client]); $new_record_action = $new_log_action->log_action_save($log_action_args); } } /** * Get a list of groups names for the log */ if (!empty($this->groups)) { $this->delete_groups = implode(',', array_unique($this->groups)); $this->groups_names_query = "SELECT id, name FROM tbl_groups WHERE id IN ({$this->delete_groups})"; $this->groups_names_sql = $database->query($this->groups_names_query); while ($this->grow = mysql_fetch_array($this->groups_names_sql)) { $this->groups_names[$this->grow['id']] = $this->grow['name']; } $this->clean_query = "DELETE FROM tbl_files_relations WHERE file_id = '{$this->file_id}' AND group_id IN ({$this->delete_groups})"; $this->clean_sql = $database->query($this->clean_query); /** Record the action log */ foreach ($this->groups as $this->deleted_group) { $new_log_action = new LogActions(); $log_action_args = array('action' => 11, 'owner_id' => $this->owner_id, 'affected_file' => $this->file_id, 'affected_file_name' => $this->file_name, 'affected_account' => $this->deleted_group, 'affected_account_name' => $this->groups_names[$this->deleted_group]); $new_record_action = $new_log_action->log_action_save($log_action_args); } } }
* 3- Hide for everyone if checked */ if (!empty($file['hideall'])) { $this_file = new FilesActions(); $hide_file = $this_file->hide_for_everyone($this_file_id); } /** * 4- Add the notifications to the database */ if ($send_notifications == true) { $process_notifications = $this_upload->upload_add_notifications($add_arguments); } } $new_log_action = new LogActions(); $log_action_args = array('action' => $action_log_number, 'owner_id' => $global_id, 'owner_user' => $global_user, 'affected_file' => $process_file['new_file_id'], 'affected_file_name' => $file['name']); $new_record_action = $new_log_action->log_action_save($log_action_args); $msg = __('The file has been edited succesfuly.', 'cftp_admin'); echo system_message('ok', $msg); include ROOT_DIR . '/upload-send-notifications.php'; } } } } /** Validations OK, show the editor */ ?> <form action="edit-file.php?file_id=<?php echo $this_file_id; ?> " method="post" name="edit_file" id="edit_file"> <?php /** Reconstruct the current assignments arrays */
function logout() { header("Cache-control: private"); unset($_SESSION['loggedin']); unset($_SESSION['access']); unset($_SESSION['userlevel']); session_destroy(); /** If there is a cookie, unset it */ setcookie("loggedin", "", time() - COOKIE_EXP_TIME); setcookie("password", "", time() - COOKIE_EXP_TIME); setcookie("access", "", time() - COOKIE_EXP_TIME); setcookie("userlevel", "", time() - COOKIE_EXP_TIME); /** Record the action log */ $new_log_action = new LogActions(); $log_action_args = array('action' => 31, 'owner_id' => $logged_id, 'affected_account_name' => $global_name); $new_record_action = $new_log_action->log_action_save($log_action_args); header("location:index.php"); }
/** * Receives the data from any of the 2 clear assignments functions */ private function delete_assignments($arguments) { $this->clients = $arguments['clients']; $this->groups = $arguments['groups']; $this->owner_id = $arguments['owner_id']; /** * Get a list of clients names for the log */ if (!empty($this->clients)) { $this->delete_clients = implode(',', array_unique($this->clients)); $this->statement = $this->dbh->prepare("SELECT id, name FROM " . TABLE_USERS . " WHERE FIND_IN_SET(id, :clients)"); $this->statement->bindParam(':clients', $this->delete_clients); $this->statement->execute(); $this->statement->setFetchMode(PDO::FETCH_ASSOC); while ($this->row = $this->statement->fetch()) { $this->clients_names[$this->row['id']] = $this->row['name']; } /** Remove existing assignments of this file/clients */ $this->statement = $this->dbh->prepare("DELETE FROM " . TABLE_FILES_RELATIONS . " WHERE file_id = :file_id AND FIND_IN_SET(client_id, :clients)"); $this->statement->bindParam(':file_id', $this->file_id, PDO::PARAM_INT); $this->statement->bindParam(':clients', $this->delete_clients); $this->statement->execute(); /** Record the action log */ foreach ($this->clients as $this->deleted_client) { $new_log_action = new LogActions(); $log_action_args = array('action' => 10, 'owner_id' => $this->owner_id, 'affected_file' => $this->file_id, 'affected_file_name' => $this->file_name, 'affected_account' => $this->deleted_client, 'affected_account_name' => $this->clients_names[$this->deleted_client]); $new_record_action = $new_log_action->log_action_save($log_action_args); } } /** * Get a list of groups names for the log */ if (!empty($this->groups)) { $this->delete_groups = implode(',', array_unique($this->groups)); $this->statement = $this->dbh->prepare("SELECT id, name FROM " . TABLE_GROUPS . " WHERE FIND_IN_SET(id, :groups)"); $this->statement->bindParam(':groups', $this->delete_groups); $this->statement->execute(); $this->statement->setFetchMode(PDO::FETCH_ASSOC); while ($this->row = $this->statement->fetch()) { $this->groups_names[$this->row['id']] = $this->row['name']; } /** Remove existing assignments of this file/groups */ $this->statement = $this->dbh->prepare("DELETE FROM " . TABLE_FILES_RELATIONS . " WHERE file_id = :file_id AND FIND_IN_SET(group_id, :groups)"); $this->statement->bindParam(':file_id', $this->file_id, PDO::PARAM_INT); $this->statement->bindParam(':groups', $this->delete_groups); $this->statement->execute(); /** Record the action log */ foreach ($this->groups as $this->deleted_group) { $new_log_action = new LogActions(); $log_action_args = array('action' => 11, 'owner_id' => $this->owner_id, 'affected_file' => $this->file_id, 'affected_file_name' => $this->file_name, 'affected_account' => $this->deleted_group, 'affected_account_name' => $this->groups_names[$this->deleted_group]); $new_record_action = $new_log_action->log_action_save($log_action_args); } } }