}
}
if ($message == "") {
require 'core_extra.php';
if ($_POST['ViewMonitor']) {
$SHOW_MONITOR_2 = TRUE;
} else {
$SHOW_MONITOR_3 = TRUE;
}
}
$TimeStart = $RealTimeStart;
$TimeEnd = $RealTimeEnd;
}
}
$html_writer = new html();
$html_writer->draw_header('Security Monitor', $message, $message_type);
if ($SHOW_MONITOR_2) {
new_window("security_monitor2.php?DateTimeOptions={$DateTimeOptions}&UserOptions={$UserOptions}&ModuleOptions={$ModuleOptions}&TimeStart={$TimeStart}&TimeEnd={$TimeEnd}&Username={$Username}&Module={$Module}&KeywordSearch={$KeywordSearch}&Keyword={$Keyword}&IPAddressOptions={$IPAddressOptions}&IPAddress={$IPAddress}");
} elseif ($SHOW_MONITOR_3) {
new_window("security_monitor3.php?DateTimeOptions={$DateTimeOptions}&UserOptions={$UserOptions}&ModuleOptions={$ModuleOptions}&TimeStart={$TimeStart}&TimeEnd={$TimeEnd}&Username={$Username}&Module={$Module}&KeywordSearch={$KeywordSearch}&Keyword={$Keyword}&IPAddressOptions={$IPAddressOptions}&IPAddress={$IPAddress}");
}
?>
<script>
function NoRange()
{
window.document.cobalt_form.TimeStart.value='-NO RANGE-';
window.document.cobalt_form.TimeEnd.value='-NO RANGE-'
}
function WithRange()
{
if(window.document.cobalt_form.TimeStart.value=='-NO RANGE-') window.document.cobalt_form.TimeStart.value='';
<?php
//******************************************************************
//This file was generated by Cobalt, a rapid application development
//framework developed by JV Roig (jvroig@jvroig.com).
//
//Cobalt on the web: http://cobalt.jvroig.com
//******************************************************************
require_once 'path.php';
init_cobalt('ALLOW_ALL');
$html = new html();
$html->draw_header('About ' . GLOBAL_PROJECT_NAME, $message, $message_type);
$project_name = GLOBAL_PROJECT_NAME;
$msg = <<<EOD
This is a microsite wherein the students and the internship head communicate with each other during the internship period.
<br /><br /><b> {$project_name} is powered by Cobalt</b>
EOD;
$html->display_info($msg);
$html->draw_page_title('About Cobalt');
$msg = <<<EOD
Cobalt is a web-based code generator and framework using PHP and Oracle Database created by JV Roig.
It makes web-based systems maintainable, scalable, secure and efficient, and makes the life of developers a lot easier. <br><br>
<a href="http://cobalt.jvroig.com/co/download/" target="_blank">Download Cobalt</a> |
<a href="http://cobalt.jvroig.com/co/documentation/" target="_blank">Cobalt FAQ</a>
EOD;
$html->display_message($msg);
$html->draw_footer();
$dbh->set_where("username='******' AND link_id='" . quote_smart($link_id) . "'");
$dbh->make_query();
if ($dbh->num_rows == 0) {
$dbh->set_query_type('INSERT');
$dbh->set_values("'" . quote_smart($Username) . "','" . quote_smart($link_id) . "'");
$dbh->make_query();
}
}
$dbh->close_db();
}
$message = 'Success! User passport has been updated.';
$message_type = 'system';
}
}
$html_writer = new html();
$html_writer->draw_header('Set User Passports', $message, $message_type);
?>
<div class="container">
<fieldset class="container_invisible">
<fieldset class="top"> Role-Based Access Control Interface</fieldset>
<fieldset class="middle">
<table class="input_form" width="800">
<tr><td><a href="set_user_passports.php">[Custom Permissions]</a> :: <a href="set_user_passports2.php">[View and Remove Permissions Per Module]</a> :: <b>[Role-Based Access Control Interface]</b><hr></td>
</table>
<?php
init_var($Username);
init_var($Name);
init_var($Type);
?>
<table width="75%" cellpadding="2" cellspacing="2" class="input_form">
<?php
require_once 'path.php';
init_cobalt('ALLOW_ALL', FALSE);
$html = new html();
$html->draw_header('Welcome to your Control Center', $message, $message_type, FALSE);
if (ENABLE_SIDEBAR) {
echo '
<script>
if (top.location == location)
{
window.location.replace("start.php");
}
</script>
';
}
if (DEBUG_MODE) {
$html->display_error('System is running in DEBUG MODE. Please contact the system administrator ASAP.');
}
require_once 'subclasses/request.php';
$dbh_request = new request();
$dbh_request->execute_query("SELECT date_served FROM request WHERE date_served = '0000-00-00'");
$result1 = $dbh_request->result;
$hi = array();
while ($row1 = $result1->fetch_assoc()) {
extract($row1);
$hi[] = $row1['date_served'];
}
$res = count($hi);
$html->display_tip('You have: ' . $res . ' documents to process');
require_once 'subclasses/citizen.php';
$_SESSION['footer'] = $footer;
$_SESSION['skin'] = $skin_name;
$_SESSION['master_css'] = $master_css;
$_SESSION['colors_css'] = $colors_css;
$_SESSION['fonts_css'] = $fonts_css;
$_SESSION['override_css'] = $override_css;
$_SESSION['icon_set'] = $icon_set;
if (trim($_SESSION['icon_set'] == '')) {
$_SESSION['icon_set'] = 'cobalt';
}
}
$redraw = TRUE;
}
}
$html = new html();
$html->draw_header('Change Skin', $message);
$html->display_info('Changing the System Skin does not affect functionality.<br>All changes are merely aesthetic.');
echo '<div class="container">
<fieldset class="container_invisible">
<fieldset class="top"> Skin (UI Theme) Management
</fieldset>
<fieldset class="middle">
<table class="input_form">';
echo '<tr><td class="label">System Skin:</td><td> <select name="skin_id">';
$data_con = new data_abstraction();
$data_con->set_fields('skin_id AS new_skin_id, skin_name');
$data_con->set_table('system_skins');
$data_con->set_order('skin_name');
$result = $data_con->make_query()->result;
$numrows = $data_con->num_rows;
if ($data_con->error) {
$result_message_type = 'error';
} else {
//Delete passports of all users retreived
$db = new data_abstraction();
$db->execute_query('DELETE FROM user_passport WHERE username IN (' . $lst_user . ')');
//Assign role privileges to each user
foreach ($arr_user as $username) {
$db->execute_query("INSERT `user_passport` SELECT '" . quote_smart($username) . "', `link_id` FROM user_role_links WHERE role_id='" . quote_smart($role_id) . "'");
}
$result_message = 'Role cascade update was succesful.';
$result_message_type = 'system';
}
}
}
$html = new html();
$html->draw_header('Role Cascade Update', $message, $message_type);
$html->draw_listview_referrer_info($filter_field_used, $filter_used, $page_from, $filter_sort_asc, $filter_sort_desc);
$html->draw_hidden('role_id');
$html->draw_hidden('role_name');
echo '<div class="container">';
echo '<fieldset class="container_invisible">';
$html->draw_fieldset_header('Batch Process to Update "' . cobalt_htmlentities($role_name) . '" Users');
$html->draw_fieldset_body_start();
echo '<tr><td>';
if ($show_result) {
if ($result_message_type == 'error') {
$html->display_error($result_message);
} else {
$html->display_message($result_message);
}
} else {
<?php
if (isset($valid_directory) && $valid_directory != '') {
$html = new html();
$filename = str_replace("", '', cobalt_htmlentities_decode(basename(urldecode($_GET['filename']))));
$download_name = substr($filename, $html->upload_token_length);
$filename = $valid_directory . '/' . $filename;
if (is_readable($filename) && dirname($filename) === $valid_directory) {
log_action('Successful file download: ' . $download_name . ' (' . $filename . ')');
header('Content-Description: File Download');
header("Cache-Control: no-cache, must-revalidate");
header('Content-Transfer-Encoding: binary');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . $download_name . '"');
header('Content-Length: ' . filesize($filename));
@ob_clean();
//error suppression to avoid Notice if output buffering was turned off in php.ini; otherwise, Notice will corrupt the file
flush();
readfile($filename);
die;
} else {
log_action('Failed file download: ' . $download_name . ' (' . $filename . ')');
$message = 'File not found or server error encountered.<br>
Please press the back button in your browser and try again.
<br><br>
If this error persists, the file must have been deleted. Please contact your system administrator.';
$html->draw_header('File Download Error', $message);
$html->draw_footer();
}
}
$mod_update_con->set_update("status='{$new_module_status}'");
$mod_update_con->set_where("link_id='{$link_id}'");
$mod_update_con->make_query();
if ($mod_update_con->error != '') {
die($mod_update_con->error);
}
}
}
$data_con->close_db();
$mod_update_con->close_db();
$message = 'Modules status have been updated.';
$message_type = 'system';
}
}
$html_writer = new html();
$html_writer->draw_header('Module Control', $message, $message_type);
//Display system message after module status update.
echo '<div class="container">
<fieldset class="container_invisible">
<fieldset class="top"> Enable or Disable System Modules</fieldset>
<fieldset class="middle">
<table class="input_form" width="900">';
echo '<tr><td style="vertical-align: middle">';
$html_writer->draw_button('SPECIAL', 'submit', 'btn_submit', 'SAVE CHANGES', FALSE, 0);
$html_writer->draw_button('SPECIAL', 'cancel', 'btn_cancel', 'BACK', FALSE, 0);
$html_writer->draw_button('BUTTON', '', 'enable', 'ENABLE ALL', FALSE, 0, "onClick='checkAll()'");
$html_writer->draw_button('BUTTON', '', 'disable', 'DISABLE ALL', FALSE, 0, "onClick='uncheckAll()'");
echo '</td><td align="right">';
?>
<span class="label">Module Category: </span><select name="passportGroup" onChange="this.form.submit();">
<?php
$data_con = new data_abstraction();
$data_con->set_query_type('UPDATE');
$data_con->set_table('user');
$data_con->set_update("`password`='{$hashed_password}', `salt`='{$new_salt}', `iteration`='{$new_iteration}', `method`='{$new_method}'");
$data_con->set_where("username='******'user']) . "'");
$data_con->make_query();
$message = 'Your password has been successfully updated! You can <a href="main.php"> click here </a> to go back to your control center or use the menu above.';
$message_type = 'SYSTEM';
$old_password = '';
$password1 = '';
$password2 = '';
}
}
}
$html = new html();
$html->draw_header('Change Password', $message, $message_type);
echo '<div class="container">
<fieldset class="container_invisible">
<fieldset class="top"> Password Management
</fieldset>
<fieldset class="middle">
<table class="input_form">';
$html->draw_text_field('Old Password', 'old_password', FALSE, 'password', TRUE, 'maxlength="' . MAX_PASSWORD_LENGTH . '"');
$html->draw_text_field('New Password', 'password1', FALSE, 'password', TRUE, 'maxlength="' . MAX_PASSWORD_LENGTH . '"');
$html->draw_text_field('Confirm New Password', 'password2', FALSE, 'password', TRUE, 'maxlength="' . MAX_PASSWORD_LENGTH . '"');
echo '</table>
</fieldset>
<fieldset class="bottom">';
$html->draw_submit_cancel();
echo '</fieldset>';
echo '</fieldset>';
$data_con->set_query_type('INSERT');
for ($a = 0; $a < $numLinks; $a++) {
if (isset($link[$a])) {
$data_con->set_table('user_role_links');
$data_con->set_fields('role_id, link_id');
$data_con->set_values("'" . quote_smart($role_id) . "', '{$link[$a]}'");
$data_con->make_query();
}
}
$data_con->close_db();
$message = 'Role privileges succesfully updated';
$message_type = 'system';
}
}
$html_writer = new html();
$html_writer->draw_header('Role Permissions', $message, $message_type);
$html_writer->draw_listview_referrer_info($filter_field_used, $filter_used, $page_from, $filter_sort_asc, $filter_sort_desc);
$html_writer->draw_hidden('role_id');
$html_writer->draw_hidden('role_name');
?>
<div class="container">
<fieldset class="container_invisible">
<fieldset class="top"> Modify System Privileges for Role: <?php
echo $role_name;
?>
</fieldset>
<fieldset class="middle">
<table width="75%" cellpadding="2" cellspacing="2" align="center" class="tableContent">
<?php
init_var($passportGroup);
?>
function auto_doc()
{
//******************************
//Getting documentation data
//******************************
$module_name = $this->readable_name;
$vocabulary = FULLPATH_BASE . 'help/' . $this->language_dir . '/' . $this->language . '/' . $this->vocabulary;
require $vocabulary;
$highlight_style = 'font-weight: bold; text-decoration: underline;';
//Get Field Info
$arr_required = array();
$arr_optional = array();
$arr_field_labels = array();
$arr_field_max_length = array();
$arr_allow_html = array();
$arr_allowed_chars = array();
$arr_valid_set = array();
$arr_date_default = array();
foreach ($this->fields as $field => $arr_field_data) {
//REQUIRED, OPTIONAL, and MAX LENGTH
$display_max_length = TRUE;
$display_allowed_chars = TRUE;
$display_valid_set = TRUE;
if ($arr_field_data['required'] == TRUE) {
$arr_required[] = $arr_field_data['label'];
} elseif ($arr_field_data['control_type'] == 'none' || $arr_field_data['control_type'] == '') {
//nothing for fields without control types (auto-increment, hidden / auto fields, removed fields)
//we also disable showing max length and allowed chars
$display_max_length = FALSE;
$display_allowed_chars = FALSE;
} else {
$arr_optional[] = $arr_field_data['label'];
}
if ($display_max_length) {
$arr_field_labels[] = $arr_field_data['label'];
$arr_field_max_length[] = $arr_field_data['length'];
}
if ($display_allowed_chars) {
if ($arr_field_data['char_set_method'] == '') {
$arr_allowed_chars[] = '***';
//This is a placeholder value that will be interpreted by the template as "all chars allowed"
} else {
$extra_chars_allowed = $arr_field_data['extra_chars_allowed'];
$char_set_allow_space = $arr_field_data['char_set_allow_space'];
$char_set_method = $arr_field_data['char_set_method'];
require_once 'char_set_class.php';
$cg = new char_set();
$cg->allow_space = $char_set_allow_space;
$cg->{$char_set_method}($extra_chars_allowed);
$arr_allowed_chars[] = $cg->allowed_chars;
$cg = null;
}
}
}
//Scan for images
clearstatcache();
$arr_images = array();
$image_dir = getcwd() . '/' . $this->doc_images_dir;
if (is_dir($image_dir) && is_readable($image_dir)) {
$arr_valid_formats = $this->image_formats;
if ($dh = opendir($image_dir)) {
while (($file = readdir($dh)) !== false) {
$extension = pathinfo($file, PATHINFO_EXTENSION);
//Verify that file extension is in whitelist
$allowed_extension = FALSE;
if (in_array(strtolower($extension), $arr_valid_formats)) {
$arr_images[] = $file;
} else {
//ignore
}
}
}
sort($arr_images);
}
if (count($arr_images) > 0) {
//Make sure images fit -- width should be no more than max_image_width
$arr_image_widths = array();
foreach ($arr_images as $file) {
$image_data = getimagesize($image_dir . '/' . $file);
$dimensions = $image_data[3];
$quote1_pos = strpos($dimensions, '"');
$quote2_pos = strpos($dimensions, '"', $quote1_pos + 1);
$quote3_pos = strpos($dimensions, '"', $quote2_pos + 1);
$quote4_pos = strpos($dimensions, '"', $quote3_pos + 1);
$width = substr($dimensions, $quote1_pos + 1, $quote2_pos - $quote1_pos - 1);
$height = substr($dimensions, $quote3_pos + 1, $quote4_pos - $quote3_pos - 1);
//echo $dimensions . ' with quotes at positions: ' . " $quote1_pos $quote2_pos $quote3_pos $quote4_pos " . '<br>';
//echo "$file width is $width and height is $height" . '<hr>';
if ($width > 1000) {
$width = 1000;
}
$arr_image_widths[] = $width;
}
}
//Set path to images for image links
$path_to_images = '/' . BASE_DIRECTORY . '/help/' . $this->document_dir . '/' . basename(getcwd()) . '/' . $this->doc_images_dir . '/';
//******************************
//Output
//******************************
$html = new html();
$html->draw_header($this->readable_name);
echo '<div style="padding: 30px;">';
echo '<a href="../../contents.php">[Back to Table of Contents]</a>';
echo '<hr><br>';
if (isset($arr_images[0])) {
echo '<div style="display: block">';
echo '<img src="' . $path_to_images . $arr_images[0] . '" width="' . $arr_image_widths[0] . '">';
echo '</div>';
}
echo $how_to_add_intro;
echo ' ';
echo $how_to_add_required;
if (count($arr_required) > 0) {
echo '<ul style="list-style-type: disc; ' . $highlight_style . '; padding: 10px; padding-left: 25px">';
foreach ($arr_required as $field_name) {
echo '<li>' . $field_name . '</li>';
}
echo '</ul>';
}
if (count($arr_optional) > 0) {
echo $how_to_add_optional;
echo '<ul style="list-style-type: circle; ' . $highlight_style . '; padding: 10px; padding-left: 25px">';
foreach ($arr_optional as $field_name) {
echo '<li>' . $field_name . '</li>';
}
echo '</ul>';
}
if (isset($arr_images[1])) {
echo '<div style="display: block">';
echo '<img src="' . $path_to_images . $arr_images[1] . '" width="' . $arr_image_widths[1] . '">';
echo '</div>';
}
echo '<br>';
echo $how_to_add_working_with_fields_0;
echo '<ul style="list-style-type: circle; padding: 10px; padding-left: 25px">';
foreach ($arr_field_labels as $index => $field_name) {
echo '<li>';
echo $how_to_add_working_with_fields_1;
echo ' <span style="' . $highlight_style . '">' . $field_name . '</span> ';
if ($arr_field_max_length[$index] == 0) {
echo $how_to_add_working_with_fields_4;
} else {
echo $how_to_add_working_with_fields_2;
echo ' ' . $arr_field_max_length[$index] . ' ';
echo $how_to_add_working_with_fields_3;
}
echo '</li>';
}
echo '</ul>';
if (isset($arr_images[2])) {
$limit = count($arr_images);
for ($a = 2; $a < $limit; ++$a) {
echo '<div style="display: block">';
echo '<img src="' . $path_to_images . $arr_images[$a] . '" width="' . $arr_image_widths[$a] . '">';
echo '</div>';
echo '<br>';
}
}
echo '<br>';
echo $how_to_add_allowed_chars_0;
echo '<ul style="list-style-type: circle; padding: 10px; padding-left: 25px">';
$char_limit = 15;
//this should probably be a setting of some sort, perhaps in base_documentation_class
foreach ($arr_field_labels as $index => $field_name) {
echo '<li>';
echo $how_to_add_allowed_chars_1;
echo ' <span style="' . $highlight_style . '">' . $field_name . '</span> ';
if ($arr_allowed_chars[$index] == '***') {
echo $how_to_add_allowed_chars_2;
echo '<br>';
echo '<table>';
echo '<tr>';
echo '<td style="text-align: center; border-style: solid; border-width: 1px; padding-top: 5px; padding-bottom: 5px; width: ' . (40 * $char_limit + 14) . 'px;" colspan="' . $char_limit . '">';
echo $how_to_add_allowed_chars_4;
echo '</td>';
echo '</tr>';
echo '</table><br>';
} else {
echo $how_to_add_allowed_chars_3;
echo '<br>';
echo '<table>';
echo '<tr>';
$char_counter = 0;
foreach ($arr_allowed_chars[$index] as $char) {
echo '<td style="text-align: center; border-style: solid; border-width: 1px; padding-top: 5px; padding-bottom: 5px; width: 40px;">';
if ($char == ' ') {
echo '<span style="font-size: 9px">[space]</span>';
} elseif ($char == "\r") {
echo '\\r';
} elseif ($char == "\n") {
echo '\\n';
} else {
echo $char;
}
echo '</td>';
++$char_counter;
if ($char_counter == $char_limit) {
$char_counter = 0;
echo '</tr>';
echo '<tr>';
}
}
echo '</tr>';
echo '</table><br>';
}
echo '</li>';
}
echo '</ul>';
echo '<br><hr>';
echo '<a href="../../contents.php">[Back to Table of Contents]</a>';
echo '</div>';
}
<?php
if (isset($enable_red_alert) && $enable_red_alert == TRUE) {
$username = $_SESSION['user'];
$ip_address = get_ip();
$message = 'You tried to access a module without sufficient privileges.<br>' . 'Cobalt Security has detected and blocked this illegal access attempt.<br><br>' . 'The following details have been logged and sent to the system administrator for review: ' . '<br>*Date & time of illegal access attempt: ' . date('Y-m-d, h:ia') . '<br>*Username: '******'<br>*IP Address: ' . $ip_address . '<br>*Module: ' . basename($_SERVER['PHP_SELF']) . '<br><br>If you have seen this alert by mistake, or you believe you should have access, please ask the system administrator to review your permissions and relevant module settings.';
$message_type = 'error';
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), "", time() - 86400);
}
$html = new html();
$html->draw_header('Possible Hack Attempt Detected and Blocked', $message, $message_type);
$html->draw_footer();
$_SESSION = array();
session_destroy();
die;
}
