public static function createEmptyFile(WOOOF $wo, $fileName)
{
$fullFilename = $wo->getConfigurationFor('absoluteFilesRepositoryPath') . $wo->randomString(40);
while (file_exists($fullFilename)) {
$fullFilename = $wo->getConfigurationFor('absoluteFilesRepositoryPath') . $wo->randomString(40);
}
$result = touch($fullFilename);
if ($result === FALSE) {
$wo->logError(self::_ECP . "0001 createEmptyFile: External File was not created by the file system.");
return true;
}
$newId = $wo->db->getNewId('__externalFiles');
$result = $wo->db->query('insert into __externalFiles ' . '(id, entryDate, fileName, originalFileName) values ' . '(' . $newId . ', ' . $wo->getCurrentDateTime() . ', ' . $fullFilename . ', ' . $wo->cleanUserInput($fileName) . ')');
if ($result === FALSE) {
return FALSE;
}
}
<?php
$__isSiteBuilderPage = true;
$__actualPath = dirname($_SERVER['SCRIPT_FILENAME']);
$__actualPath = dirname($__actualPath);
require_once $__actualPath . '/setup.inc.php';
$requestedAction = 'edit';
$pageLocation = '1';
$wo = new WOOOF();
$table = new WOOOF_dataBaseTable($wo->db, $_GET['table']);
if (isset($_GET['submit']) && $_GET['submit'] == 'Submit') {
for ($du = 0; $du < count($_GET['chk']); $du++) {
$desr = $wo->db->query('select * from __columnMetaData where tableId=\'' . $table->getTableId() . '\' and id=\'' . $wo->cleanUserInput($_GET['chk'][$du]) . '\'');
$de = $wo->db->fetchAssoc($desr);
$c = '';
//print_r($de);
//echo 'INSERT INTO __columnMetaData set
$wo->db->query('INSERT INTO __columnMetaData set
id=\'' . $wo->db->getNewId('__columnMetaData') . '\',
tableId=\'' . $table->getTableId() . '\',
name=\'' . $wo->db->escape(trim($de['name' . $c] . $_GET['suplec'])) . '\',
description=\'' . $wo->db->escape(trim($de['description' . $c] . $_GET['suple'])) . '\',
type=\'' . $wo->db->escape(trim($de['type' . $c])) . '\',
length=\'' . $wo->db->escape(trim($de['length' . $c])) . '\',
notNull=\'' . $wo->db->escape(trim($de['notNull' . $c])) . '\',
presentationType=\'' . $wo->db->escape(trim($de['presentationType' . $c])) . '\',
isReadOnly=\'' . $wo->db->escape(trim($de['isReadOnly' . $c])) . '\',
isInvisible=\'' . $wo->db->escape(trim($de['isInvisible' . $c])) . '\',
appearsInLists=\'' . $wo->db->escape(trim($de['appearsInLists' . $c])) . '\',
isASearchableProperty=\'' . $wo->db->escape(trim($de['isASearchableProperty' . $c])) . '\',
isReadOnlyAfterFirstUpdate=\'' . $wo->db->escape(trim($de['isReadOnlyAfterFirstUpdate' . $c])) . '\',
echo json_encode($obj);
exit;
}
if (!isset($_POST['action'])) {
showErrorAndTerminate('2001', 'No action requested.');
} elseif ($_POST['action'] == 'wsRead' || $_POST['action'] == 'wsUpdate' || $_POST['action'] == 'wsDelete' || $_POST['action'] == 'wsInsert' && (!isset($_POST['__address']) || $_POST['__address'] == '')) {
showErrorAndTerminate('2002', 'Address required to perform this specific action');
} elseif ((!isset($_POST['wsSessionIdentifier']) || ($_POST['wsSessionIdentifier'] = '')) && $_POST['action'] != 'wsLogin') {
showErrorAndTerminate('2003', 'Not valid session supplied.');
}
$requestedAction = 'viewUncontroled';
$pageLocation = '3_webService';
$wo = new WOOOF();
if ($_POST['action'] == 'wsLogin') {
$loginResult = FALSE;
$rowForTest = $this->db->getRowByColumn('__users', 'loginName', $wo->cleanUserInput($_POST['username']));
if (isset($rowForTest['id'])) {
$hash = $wo->getPasswordHash($_POST['password'], $rowForTest['id']);
$result = $this->db->query('select * from __users where binary loginName=\'' . $wo->cleanUserInput($rowForTest['loginName']) . '\' and binary loginPass=\'' . $hash . '\'');
if (mysqli_num_rows($result)) {
$userRow = $this->db->fetchAssoc($result);
$userRow['loginPass'] = '******';
$goOn = FALSE;
do {
$sid = 'ws' . WOOOF::randomString(38);
$new_sid_result = $this->db->query("select * from __sessions where sessionId='" . $sid . "'");
if (!mysqli_num_rows($new_sid_result)) {
$goOn = TRUE;
}
} while (!$goOn);
$result = $this->db->query("insert into __sessions (userId,sessionId,loginDateTime,lastAction,loginIP,active) values ('{$uid}','{$sid}','" . $this->dateTime . "','" . $this->dateTime . "','" . $this->cleanUserInput($_SERVER["REMOTE_ADDR"]) . "','1')");
<?php
$__isAdminPage = true;
$__actualPath = dirname($_SERVER['SCRIPT_FILENAME']);
$__actualPath = dirname($__actualPath);
require_once $__actualPath . '/setup.inc.php';
$requestedAction = 'read';
$pageLocation = '1';
$pageTitle = 'Administration Back End';
$tableName = 'pictures';
$columnName = 'picture';
$remoteIdColumn = 'itemId';
$wo = new WOOOF();
if (isset($_GET['itemId'])) {
$_POST['itemId'] = $wo->cleanUserInput($_GET['itemId']);
} else {
if (isset($_POST['itemId'])) {
$_POST['itemId'] = $wo->cleanUserInput($_POST['itemId']);
} else {
die('severe error! no ITEM ID!');
}
}
if (isset($_GET['table'])) {
$_POST['table'] = $wo->cleanUserInput($_GET['table']);
} else {
if (isset($_POST['table'])) {
$_POST['table'] = $wo->cleanUserInput($_POST['table']);
} else {
die('severe error! no TABLE ID!');
}
}
$__isAdminPage = true;
$__actualPath = dirname($_SERVER['SCRIPT_FILENAME']);
$__actualPath = dirname($__actualPath);
require_once $__actualPath . '/setup.inc.php';
function doTheExit()
{
global $wo;
$wo->db->commit();
exit;
}
$requestedAction = 'read';
$pageLocation = '1';
$pageTitle = 'Administration Back End';
$wo = new WOOOF();
if (isset($_GET['__address'])) {
$address = $wo->cleanUserInput($_GET['__address']);
} else {
if (isset($_POST['__address'])) {
$address = $wo->cleanUserInput($_POST['__address']);
} else {
$address = '1';
}
}
if (isset($_GET['action'])) {
$action = $wo->cleanUserInput($_GET['action']);
} else {
if (isset($_POST['action'])) {
$action = $wo->cleanUserInput($_POST['action']);
} else {
$action = 'read';
}
<?php
require_once '../setup.inc.php';
$requestedAction = 'viewUncontroled';
$pageLocation = '3';
$pageTitle = 'Download File.';
$wo = new WOOOF();
$pageLocation = '6_' . $wo->cleanUserInput($_GET['location']);
$pieces = explode('_', $pageLocation);
if (count($pieces) != 4) {
die('Malformed file location. Please try again !');
}
// antonis ???? The specific field is ignored?
$pageLocationTrue = '6_' . $pieces[1] . '_' . $pieces[3];
$permitions = $wo->db->getSecurityPermitionsForLocationAndUser($pageLocationTrue, $userData['id']);
//antonis. TODO: Fix and uncomment!!!
/*
if (!isset($permitions['download']) || $permitions['download']!='1')
{
die('Security failure: you don\'t have permission to perform the requested action.');
}
*/
$result = $wo->db->query('select * from __tableMetaData where id=\'' . $pieces[1] . '\'');
if (mysqli_num_rows($result) != 1) {
die('Malformed file location. Specified HEAD location is invalid!');
}
$tMD = $wo->db->fetchAssoc($result);
$result = $wo->db->query('select * from __columnMetaData where id=\'' . $pieces[2] . '\'');
if (mysqli_num_rows($result) != 1) {
die('Malformed file location. Specified BODY location is invalid!');
}
<?php
$__isSiteBuilderPage = true;
$__actualPath = dirname($_SERVER['SCRIPT_FILENAME']);
$__actualPath = dirname($__actualPath);
require_once $__actualPath . '/setup.inc.php';
$requestedAction = 'edit';
$pageLocation = '1';
$wo = new WOOOF();
$result = $wo->db->query("select * from __tableMetaData where tableName='" . $wo->cleanUserInput($_GET["table"]) . "'");
// TODO: Update with relevant metadata changes!!!
if (mysqli_num_rows($result)) {
$row = $wo->db->fetchAssoc($result);
$tableId = $wo->db->getNewId('__tableMetaData');
$wo->db->query('insert into __tableMetaData set
id=\'' . $tableId . '\',
tableName=\'' . $wo->cleanUserInput($row['tableName']) . '_dup\',
orderingColumnForListings=\'' . $wo->cleanUserInput($row['orderingColumnForListings']) . '\',
appearsInAdminMenu=\'' . $wo->cleanUserInput($row['appearsInAdminMenu']) . '\',
adminPresentation=\'' . $wo->cleanUserInput($row['adminPresentation']) . '\',
adminItemsPerPage=\'' . $wo->cleanUserInput($row['adminItemsPerPage']) . '\',
adminListMarkingCondition=\'' . $wo->cleanUserInput($row['adminListMarkingCondition']) . '\',
adminListMarkedStyle=\'' . $wo->cleanUserInput($row['adminListMarkedStyle']) . '\',
groupedByTable=\'' . $wo->cleanUserInput($row['groupedByTable']) . '\',
remoteGroupColumn=\'' . $wo->cleanUserInput($row['remoteGroupColumn']) . '\',
localGroupColumn=\'' . $wo->cleanUserInput($row['localGroupColumn']) . '\',
tablesGroupedByThis=\'' . $wo->cleanUserInput($row['tablesGroupedByThis']) . '\',
hasActivationFlag=\'' . $wo->cleanUserInput($row['hasActivationFlag']) . '\',
availableForSearching=\'' . $wo->cleanUserInput($row['availableForSearching']) . '\',
hasGhostTable=\'' . $wo->cleanUserInput($row['hasGhostTable']) . '\',
hasDeletedColumn=\'' . $wo->cleanUserInput($row['hasDeletedColumn']) . '\',
<?php
/*
*/
if (!isset($table)) {
$__isAdminPage = true;
$__actualPath = dirname($_SERVER['SCRIPT_FILENAME']);
$__actualPath = dirname($__actualPath);
require_once $__actualPath . '/setup.inc.php';
$requestedAction = 'read';
$pageLocation = '1';
$pageTitle = 'Administration Back End';
$wo = new WOOOF();
$table = new WOOOF_dataBaseTable($wo->db, 'categories');
$addressItems = explode('_', $wo->cleanUserInput($_GET['__address']));
}
$counter = 0;
while ($table->columns[$counter]->getAppearsInLists() != '1') {
$counter++;
}
$path = '';
foreach ($table->columns as $key => $value) {
$column = $value->getColumnMetaData();
if ($column['appearsInLists']) {
$columnsToShow = $column['name'];
}
}
if (count($addressItems) == 2 || $addressItems[2] == '') {
$whereClauses['parent_id'] = '-1';
$table->getResult($whereClauses, 'ord');
//$innerStuff ='<div id="listTitle"><a href="administration.php?action=edit&__address=1_'. $table->getTableId() .'_&wooofParent=-1">Προσθήκη '. $table->getTableDescription() .'</a></div>';
/**
* getDomainValues get the data values for a requested domain/subdomain
*
* @param WOOOD $wo -- the initialized instance of WOOOF to use
* @param string $value -- the value to check
* @param string $requestedDomain -- the domain whose values we want to retrieve
* @param string $requestedSubDomain -- optional -- if the domain is split in subdomains, the requested subdomain should be specified here. If there are subdomains in the domain and no subdomain is specified all the values will be returned regardless of subdomain bu a warning will be written to the debug log.
* @param string $mandatory -- optional -- if the given value must have content or not
*
* @return boolean TRUE for valid input.
*/
public static function validateId(WOOOF $wo, $value, $requestedDomain, $requestedSubDomain = '', $mandatory = TRUE)
{
if (!$wo->hasContent($value) && $mandatory) {
return FALSE;
}
$domain = $wo->db->getRowByColumn('__domains', 'code', $requestedDomain);
if ($domain === FALSE) {
return FALSE;
} elseif (!isset($domain['id'])) {
$wo->log(WOOOF_loggingLevels::WOOOF_ERROR, self::_ECP . '0301 Requested domain [' . $wo->cleanUserInput($requestedDomain) . '] doesn\'t exist in the database!');
return FALSE;
}
$domainData = new WOOOF_dataBaseTable($wo->db, '__domain_values');
if (!$domainData->constructedOk) {
$wo->log(WOOOF_loggingLevels::WOOOF_ERROR, self::_ECP . '0302 Internal failure. Failed to construct instance of __domain_values!');
return FALSE;
}
$whereClauses['domainId'] = $domain['id'];
if ($wo->hasContent($requestedSubDomain)) {
$subDomainsR = $wo->db->query('select subDomain from __domain_values where domainId = \'' . $wo->db->escape($domain['id']) . '\' and subDomain = \'' . $wo->db->escape($requestedSubDomain) . '\'');
if (!$wo->db->getNumRows($subDomainsR)) {
$wo->log(WOOOF_loggingLevels::WOOOF_ERROR, self::_ECP . '0204 Requested subdomain [' . $wo->cleanUserInput($requestedSubDomain) . '] doesn\'t exist in the database!');
return FALSE;
}
$whereClauses['subDomain'] = $requestedSubDomain;
}
$whereClauses['active'] = '1';
$whereClauses['domainValueCode'] = $value;
$howManyResults = $domainData->getResult($whereClauses);
if ($howManyResults === FALSE) {
$wo->log(WOOOF_loggingLevels::WOOOF_ERROR, self::_ECP . '0303 Operation failed in result retrieval from domain values.');
return FALSE;
}
if ($howManyResults['rowsFetched'] == 0) {
return FALSE;
}
return TRUE;
}
<?php
die('Currently under implementation...');
$__isSiteBuilderPage = true;
$__actualPath = dirname($_SERVER['SCRIPT_FILENAME']);
$__actualPath = dirname($__actualPath);
require_once $__actualPath . '/setup.inc.php';
$requestedAction = 'edit';
$pageLocation = '1';
$wo = new WOOOF();
$tm = WOOOF::getCurrentDateTime();
$extraContent = '';
if (isset($_GET['newNode'])) {
$_GET['newNode'] = $wo->cleanUserInput($_GET['newNode']);
if ($_GET['newNode'] != 'NULL') {
$testR = $wo->query('select * from __administrationMenu where id = ' . $_GET['newNode']);
if (!mysqli_num_rows($testR)) {
die('Argh! the parent id selected doesn\'t exist !!!');
}
}
$tables = $wo->db->getDropList('__tableMetaData', 'table', 'where appearsInAdminMenu=1', $tagClass = 'normalText', $valueColumn = 'id', $descriptionColumn = 'tableName', $orderBy = 'tableName');
$extraContent = '<a href="adminMenuManager.php" class="normalTextOrange">Back to Admin Menu Manager</a> <br/><br/>
<form method="GET" action="adminMenuManager.php"><input type="hidden" name="action" value="insertNode">
<input type="hidden" name="parentId" value="' . $_GET['newNode'] . '">
Node label: <input type="text" name="nodeLabel" class="normalText"><br/>
Node type: <select name="nodeType">
<option value="1">1. Table List</option>
<option value="2">2. Table Search</option>
<option value="3">3. Table insert</option>
<option value="4">4. Simple Link</option>
</select><br/>
