/**
* Encode array and set Parameter field
*/
public function setParams($input, $field = 'params')
{
if (!empty($field) && $input != 'null') {
if (get_magic_quotes_gpc()) {
$store = jsonDBTable::multistripslashes($input);
} else {
$store = $input;
}
$this->{$field} = xJ::escape($this->_db, jsoonHandler::encode($store));
} else {
$this->{$field} = null;
}
return true;
}
public function setCMSparams($array)
{
$db = JFactory::getDBO();
$params = explode("\n", $this->cmsUser->params);
$oldarray = array();
foreach ($params as $chunk) {
$k = explode('=', $chunk, 2);
if (!empty($k[0])) {
// Strip slashes, but preserve special characters
$oldarray[$k[0]] = stripslashes(str_replace(array('\\n', '\\t', '\\r'), array("\n", "\t", "\r"), $k[1]));
}
unset($k);
}
foreach ($array as $n => $v) {
$oldarray[$n] = $v;
}
$params = array();
foreach ($array as $key => $value) {
if (!is_null($key)) {
if (is_array($value)) {
$temp = implode(';', $value);
$value = $temp;
}
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
$value = xJ::escape($db, $value);
$params[] = $key . '=' . $value;
}
}
$this->cmsUser->params = implode("\n", $params);
$this->cmsUser->check();
return $this->cmsUser->store();
}
/**
* Encode array to newline separated string
* @return string
*/
static function encode($array)
{
$db = JFactory::getDBO();
$params = array();
foreach ($array as $key => $value) {
if (!is_null($key)) {
if (is_array($value)) {
$temp = implode(';', $value);
$value = $temp;
}
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
$value = xJ::escape($db, $value);
$params[] = $key . '=' . $value;
}
}
return implode("\n", $params);
}
public function save()
{
$user = JFactory::getUser();
global $aecConfig;
$general_settings = AECToolbox::cleanPOST($_POST, false);
if (!empty($general_settings['apiapplist'])) {
$list = explode("\n", $general_settings['apiapplist']);
$array = array();
foreach ($list as $item) {
$li = explode("=", $item, 2);
$k = $li[0];
if (!empty($k)) {
if (!empty($li[1])) {
$v = $li[1];
} else {
$v = AECToolbox::randomstring(32, true, true);
}
$array[$k] = $v;
}
}
$general_settings['apiapplist'] = $array;
} else {
$general_settings['apiapplist'] = array();
}
$diff = $aecConfig->diffParams($general_settings, 'settings');
if (is_array($diff)) {
$newdiff = array();
foreach ($diff as $value => $change) {
$newdiff[] = $value . '(' . implode(' -> ', $change) . ')';
}
$difference = implode(',', $newdiff);
} else {
$difference = 'none';
}
if (defined('JPATH_MANIFESTS')) {
if ($aecConfig->cfg['manageraccess'] !== $general_settings['manageraccess']) {
if ($general_settings['manageraccess']) {
$set = '{"core.admin":{"7":1},"core.manage":{"6":1},"core.create":[],"core.delete":[],"core.edit":[],"core.edit.state":[]}';
} else {
$set = '{}';
}
$query = 'UPDATE #__assets' . ' SET `rules` = \'' . xJ::escape($this->db, $set) . '\'' . ' WHERE `name` = \'com_acctexp\'';
$this->db->setQuery($query);
$this->db->query();
}
}
$aecConfig->cfg = $general_settings;
$aecConfig->saveSettings();
$ip = AECToolbox::aecIP();
$short = JText::_('AEC_LOG_SH_SETT_SAVED');
$event = JText::_('AEC_LOG_LO_SETT_SAVED') . ' ' . $difference;
$tags = 'settings,system';
$params = array('userid' => $user->id, 'ip' => $ip['ip'], 'isp' => $ip['isp']);
$eventlog = new eventLog();
$eventlog->issue($short, $tags, $event, 2, $params);
if (!empty($aecConfig->cfg['entry_plan'])) {
$plan = new SubscriptionPlan();
$plan->load($aecConfig->cfg['entry_plan']);
$terms = $plan->getTerms();
if (!$terms->checkFree()) {
$short = "Settings Warning";
$event = "You have selected a non-free plan as Entry Plan." . " Please keep in mind that this means that users" . " will be getting it for free when they log in" . " without having any membership";
$tags = 'settings,system';
$params = array('userid' => $user->id, 'ip' => $ip['ip'], 'isp' => $ip['isp']);
$eventlog = new eventLog();
$eventlog->issue($short, $tags, $event, 32, $params);
}
}
$this->setMessage(JText::_('AEC_CONFIG_SAVED'));
}
public function loadUser()
{
$users = array();
if (is_object($this->request->user)) {
$db = JFactory::getDBO();
if (isset($this->request->user->username)) {
$query = 'SELECT `id`' . ' FROM #__users' . ' WHERE LOWER( `username` ) LIKE \'%' . xJ::escape($db, strtolower($this->request->user->username)) . '%\'';
$db->setQuery($query);
$users = xJ::getDBArray($db);
}
if (empty($users) && isset($this->request->user->name)) {
$query = 'SELECT `id`' . ' FROM #__users' . ' WHERE LOWER( `name` ) LIKE \'%' . xJ::escape($db, strtolower($this->request->user->name)) . '%\'';
$db->setQuery($query);
$users = xJ::getDBArray($db);
}
if (empty($users) && isset($this->request->user->email)) {
$query = 'SELECT `id`' . ' FROM #__users' . ' WHERE LOWER( `email` ) = \'' . xJ::escape($db, $this->request->user->email) . '\'';
$db->setQuery($query);
$users = xJ::getDBArray($db);
}
if (empty($users) && isset($this->request->user->userid)) {
$query = 'SELECT `id`' . ' FROM #__users' . ' WHERE `id` = \'' . xJ::escape($db, $this->request->user->userid) . '\'';
$db->setQuery($query);
$users = xJ::getDBArray($db);
}
if (empty($users) && isset($this->request->user->invoice_number)) {
$query = 'SELECT `userid`' . 'FROM #__acctexp_invoices' . ' WHERE LOWER( `invoice_number` ) = \'' . xJ::escape($db, $this->request->user->invoice_number) . '\'' . ' OR LOWER( `secondary_ident` ) = \'' . xJ::escape($db, $this->request->user->invoice_number) . '\'';
$db->setQuery($query);
$users = xJ::getDBArray($db);
}
} else {
$users = AECToolbox::searchUser($this->request->user);
}
if (!count($users)) {
$this->error = 'user not found';
} elseif (count($users) > 1) {
$this->error = 'multiple users found';
} else {
if (!empty($this->metaUser->userid)) {
if ($this->metaUser->userid != $users[0]) {
$this->metaUser = new metaUser($users[0]);
}
} else {
$this->metaUser = new metaUser($users[0]);
}
}
}
static function getActiveListbyList($milist)
{
if (empty($milist)) {
return array();
}
$db = JFactory::getDBO();
$milist = array_unique($milist);
$query = 'SELECT `id`' . ' FROM #__acctexp_microintegrations' . ' WHERE `id` IN (' . xJ::escape($db, implode(',', $milist)) . ')' . ' AND `active` = \'1\'' . ' ORDER BY `ordering` ASC';
$db->setQuery($query);
return xJ::getDBArray($db);
}
public function deformatInvoiceNumber()
{
global $aecConfig;
$query = 'SELECT invoice_number' . ' FROM #__acctexp_invoices' . ' WHERE id = \'' . xJ::escape($this->_db, $this->id) . '\'' . ' OR secondary_ident = \'' . xJ::escape($this->_db, $this->invoice_number) . '\'';
$this->_db->setQuery($query);
$this->invoice_number = $this->_db->loadResult();
}
static function getPlanUserlist($planid)
{
$db = JFactory::getDBO();
$db->setQuery('SELECT `userid`' . ' FROM #__acctexp_subscr' . ' WHERE `plan` = \'' . xJ::escape($db, $planid) . '\' AND ( `status` = \'Active\' OR `status` = \'Trial\' )');
return xJ::getDBArray($db);
}
public function putSession($userid, $data, $gid = null, $gid_name = null)
{
$db = JFactory::getDBO();
$sdata = $this->joomserializesession(array($this->sessionkey => $data));
if (isset($data['user'])) {
if (empty($gid)) {
$query = 'UPDATE #__session' . ' SET `data` = \'' . xJ::escape($db, $sdata) . '\'' . ' WHERE `userid` = \'' . (int) $userid . '\'';
} else {
$query = 'UPDATE #__session' . ' SET `gid` = \'' . (int) $gid . '\', `usertype` = \'' . $gid_name . '\', `data` = \'' . xJ::escape($db, $sdata) . '\'' . ' WHERE `userid` = \'' . (int) $userid . '\'';
}
}
$db->setQuery($query);
return $db->query() or die($db->stderr());
}
public function putSession($userid, $data, $gid = null, $gid_name = null)
{
$db = JFactory::getDBO();
$sdata = $this->joomserializesession(array($this->sessionkey => $data));
if (defined('JPATH_MANIFESTS')) {
$query = 'UPDATE #__session' . ' SET `data` = \'' . xJ::escape($db, $sdata) . '\'' . ' WHERE `userid` = \'' . (int) $userid . '\'';
}
$db->setQuery($query);
$db->query() or die($db->stderr());
}
public function loadName($name)
{
$query = 'SELECT `id`' . ' FROM #__acctexp_config_processors' . ' WHERE `name` = \'' . xJ::escape($this->_db, $name) . '\'';
$this->_db->setQuery($query);
$id = $this->_db->loadResult();
if ($id) {
return $this->load($this->_db->loadResult());
} else {
return false;
}
}
function aecEscape($value, $safe_params)
{
if (is_array($value)) {
$array = array();
foreach ($value as $k => $v) {
$array[$k] = aecEscape($v, $safe_params);
}
return $array;
}
$regex = "#{aecjson}(.*?){/aecjson}#s";
// find all instances of json code
$matches = array();
preg_match_all($regex, $value, $matches, PREG_SET_ORDER);
if (count($matches)) {
$value = str_replace($matches, array(''), $value);
}
if (get_magic_quotes_gpc()) {
$return = stripslashes($value);
} else {
$return = $value;
}
if (in_array('clear_nonemail', $safe_params)) {
if (strpos($value, '@') === false) {
if (!in_array('clear_nonalnum', $safe_params)) {
// This is not a valid email adress to begin with, so strip everything hazardous
$safe_params[] = 'clear_nonalnum';
}
} else {
$array = explode('@', $return, 2);
$username = preg_replace('/[^a-z0-9._+-]+/i', '', $array[0]);
$domain = preg_replace('/[^a-z0-9.-]+/i', '', $array[1]);
$return = $username . '@' . $domain;
}
}
if (in_array('clear_nonalnumwhitespace', $safe_params)) {
$return = preg_replace("/[^a-z0-9\\s@._+-]/i", '', $return);
}
if (in_array('clear_nonalnum', $safe_params)) {
$return = preg_replace("/[^a-z0-9@._+-]/i", '', $return);
}
if (in_array('clear_nonslug', $safe_params)) {
$return = preg_replace("/[^a-z0-9_-]/i", '', $return);
}
if (!empty($safe_params)) {
foreach ($safe_params as $param) {
$r = $return;
switch ($param) {
case 'word':
$e = strpos($return, ' ');
if ($e !== false) {
$r = substr($return, 0, $e);
}
break;
case 'badchars':
$r = preg_replace("#[<>\"'%;()&]#i", '', $return);
break;
case 'int':
$r = (int) $return;
break;
case 'bool':
$r = (bool) $return;
break;
case 'string':
$r = (string) $return;
break;
case 'float':
$r = (double) $return;
break;
}
$return = $r;
}
}
$db = JFactory::getDBO();
return xJ::escape($db, $return);
}
