public static function Init()
{
$setup = \SystemSetting::getByKey("ARC_ISINIT");
if ($setup->value == "1") {
return;
}
\Log::createLog("warning", "Arc", "Initilised default Arc settings");
// Default system settings
Helper::arcCheckSettingExists("ARC_ISINIT", "1");
Helper::arcCheckSettingExists("ARC_KEEP_LOGS", "31");
Helper::arcCheckSettingExists("ARC_MAIL", "{\"smtp\":\"false\", \"server\":\"localhost\"" . ", \"username\":\"\", \"password\":\"\", \"port\":\"25\", \"sender\":\"Admin <*****@*****.**>\"}");
Helper::arcCheckSettingExists("ARC_LOGIN_URL", "welcome");
Helper::arcCheckSettingExists("ARC_FILE_UPLOAD_SIZE_BYTES", "2000000");
Helper::arcCheckSettingExists("ARC_THUMB_WIDTH", "80");
Helper::arcCheckSettingExists("ARC_THEME", "default");
Helper::arcCheckSettingExists("ARC_DEFAULT_PAGE", "welcome");
Helper::arcCheckSettingExists("ARC_LDAP", "{\"ldap\":\"false\", \"server\":\"localhost\"," . " \"domain\":\"mydomain\", \"base\":\"dc=mydomain,dc=local\"}");
Helper::arcCheckSettingExists("ARC_PASSWORD_RESET_MESSAGE", htmlentities("You or someone else has requested a password reset.<br />" . "Your new password is '{password}'."));
Helper::arcCheckSettingExists("ARC_ALLOWREG", "true");
Helper::arcCheckSettingExists("ARC_LOGO_PATH", "assets/logo-200x48-dark.png");
Helper::arcCheckSettingExists("ARC_DATEFORMAT", "d-m-Y");
Helper::arcCheckSettingExists("ARC_TIMEFORMAT", "H:i:s");
Helper::arcCheckSettingExists("ARC_REQUIRECOMPANY", false);
Helper::arcCheckSettingExists("ARC_SITETITLE", "Arc Project");
Helper::arcCheckSettingExists("ARC_MEDIAMANAGERURL", "administration/media-manager");
}
<?php
if (system\Helper::arcIsAjaxRequest()) {
$user = User::getByEmail($_POST["emailf"]);
// valid user
if ($user->id > 0) {
$password = md5(uniqid($user->email, true));
$user->setPassword($password);
$user->update();
$messageS = SystemSetting::getByKey("ARC_PASSWORD_RESET_MESSAGE");
$message = html_entity_decode($messageS->value);
$message = str_replace("{password}", $password, $message);
$mail = new Mail();
$mail->Send($user->email, "Password Reset Request", $message, true);
system\Helper::arcAddMessage("success", "Password reset, please check your email.");
Log::createLog("warning", "user", "Password reset request '" . $_POST["emailf"] . "'.");
} else {
system\Helper::arcAddMessage("danger", "Email address is not registered");
Log::createLog("danger", "user", "Request to reset unknown email address '" . $_POST["emailf"] . "'.");
}
}
}
$name = $_FILES["file"]["name"];
$ext = end(explode(".", $name));
# extra () to prevent notice
$filename = uniqid() . "." . $ext;
$path = system\Helper::arcGetPath(true) . "assets/profile";
$destination = $path . "/" . $filename;
if (!file_exists($path)) {
mkdir($path);
}
Log::createLog("info", "user", "Destination: '" . $destination . "'");
$location = $_FILES["file"]["tmp_name"];
$size = filesize($location);
if ($size == 0) {
system\Helper::arcAddMessage("danger", "Invalid file uploaded");
Log::createLog("danger", "user", "Invalid file size.");
return;
}
move_uploaded_file($location, $destination);
$profileImage = SystemSetting::getByKey("ARC_USER_IMAGE", system\Helper::arcGetUser()->id);
$profileImage->userid = system\Helper::arcGetUser()->id;
$profileImage->value = $filename;
$profileImage->update();
system\Helper::arcAddMessage("success", "File uploaded");
Log::createLog("success", "user", "Upload complete.");
} else {
Log::createLog("danger", "user", "Upload error " . $_FILES['file']['error']);
system\Helper::arcAddMessage("danger", "Error occured while uploading file");
}
}
}
/**
* Used to get Arc to build the content of the page or preform API request.
*/
public static function getContent()
{
// Break URL apart and check for API request
$uri_parts = explode('?', $_SERVER['REQUEST_URI'], 2);
$uri = $uri_parts[0];
if (strpos($uri, "/api/v1") === false) {
// No API, Get regular content
self::arcGetView();
} else {
// Handle API request
if (!isset($_GET["key"])) {
self::arcReturnJSON(["error" => "API key required to process request"]);
\Log::createLog("danger", "API", "API key required to process request");
} else {
$key = null;
$users = \User::getAllUsers();
foreach ($users as $user) {
$apikey = \SystemSetting::getByKey("APIKEY", $user->id);
if ($apikey->id != 0 && $apikey->value == $_GET["key"]) {
$key = $apikey->value;
}
}
if (empty($key)) {
self::arcReturnJSON(["error" => "Invalid API key"]);
\Log::createLog("danger", "API", "Invalid API key");
} else {
$split = explode("/", $uri);
if (!isset($split[3]) || !file_exists(self::arcGetPath(true) . "app/modules/{$split[3]}/api")) {
self::arcReturnJSON(["error" => "Invalid API request"]);
\Log::createLog("danger", "API", "Invalid API request");
} elseif (!isset($split[4]) || !file_exists(self::arcGetPath(true) . "app/modules/{$split[3]}/api/{$split[4]}.php")) {
self::arcReturnJSON(["error" => "Invalid API method request"]);
\Log::createLog("danger", "API", "Invalid API method request");
} else {
include self::arcGetPath(true) . "app/modules/{$split[3]}/api/{$split[4]}.php";
\Log::createLog("success", "API", "OK:: Module: {$split[3]}, Method: {$split[4]}, Key: {$key}");
}
}
}
}
}
function LDAPLogin($server = "mydomain.local", $username, $password, $domain = "mydomain", $dc = "dc=mydomain,dc=local")
{
// https://www.exchangecore.com/blog/how-use-ldap-active-directory-authentication-php/
$ldap = ldap_connect("ldap://{$server}");
$ldaprdn = "{$domain}\\{$username}";
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
$bind = @ldap_bind($ldap, $ldaprdn, $password);
if ($bind) {
$filter = "(sAMAccountName={$username})";
$result = ldap_search($ldap, $dc, $filter);
ldap_sort($ldap, $result, "sn");
$info = ldap_get_entries($ldap, $result);
if (!isset($info[0]["mail"][0])) {
Log::createLog("danger", "ldap", "Unable to query LDAP, check base settings.");
return null;
}
$data = array();
$data["email"] = $info[0]["mail"][0];
$data["lastname"] = $info[0]["sn"][0];
$data["firstname"] = $info[0]["givenname"][0];
@ldap_close($ldap);
return $data;
} else {
Log::createLog("danger", "ldap", "Error: " . ldap_error($ldap));
}
return null;
}
/**
*
* @param string $from Sender, left null to use system setting.
* @param string/array $to To, format as 'Firstname Lastname' <*****@*****.**> or email address only.
* @param string/array $cc CC, format as 'Firstname Lastname' <*****@*****.**> or email address only.
* @param string $subject String message subject.
* @param string $message Message body, html or plain text.
* @param boolean $html True for html body, false for plain.
* @return boolean True/False depending is the operation was completed.
*/
public function Send($to = array(), $subject, $message, $html = true, $from = null, $cc = array())
{
if ($html == true) {
$theme = SystemSetting::getByKey("ARC_THEME");
if (file_exists(system\Helper::arcGetPath(true) . "themes/" . $theme->value . "/email.php")) {
$content = file_get_contents(system\Helper::arcGetPath(true) . "themes/" . $theme->value . "/email.php");
$message = system\Helper::arcParseEmail($content, $message);
}
}
Log::createLog("info", "arcmail", "Send email request, mode: " . $this->mode);
// Set from details
if ($from == null) {
$from = $this->data["sender"];
}
// Build to list
if (!is_array($to)) {
$list = array();
$list[] = $to;
$to = $list;
}
// Build to list
if (!is_array($cc)) {
$list = array();
$list[] = $cc;
$cc = $list;
}
// Build Mail Header
$headers = "MIME-Version: 1.0\r\n";
if ($html == true) {
// Html content
$headers .= "Content-Type: text/html; charset=iso-8859-1\r\n";
} else {
// Plain test
$headers .= "Content-Type: text/plain;\r\n";
}
Log::createLog("info", "arcmail", "Mail headers built");
switch ($this->mode) {
case "MAIL":
// Add from header
$headers .= "From: " . $from . "\r\n";
// Build recipients list
$toList = "";
foreach ($to as $recipient) {
$toList .= $recipient . ", ";
}
$toList = substr($toList, 0, -2);
Log::createLog("success", "arcmail", "PHP mail created.");
// Send mail
mail($toList, $subject, $message, $headers);
Log::createLog("success", "arcmail", "PHP mail sent.");
break;
case "SMTP":
include system\Helper::arcGetPath(true) . "app/classes/PHPMailer/PHPMailerAutoload.php";
$mail = new PHPMailer();
$mail->isSMTP();
$mail->Host = $this->data["server"];
if (empty($this->data["username"]) && empty($this->data["password"])) {
$mail->SMTPAuth = false;
} else {
$mail->SMTPAuth = true;
$mail->Username = $this->data["username"];
$smtp_password = system\Helper::arcDecrypt($this->data["password"]);
$mail->Password = $smtp_password;
}
$mail->setFrom($from);
foreach ($to as $email) {
$mail->addAddress($email);
}
foreach ($cc as $email) {
$mail->addCC($email);
}
$mail->isHTML($html);
$mail->Subject = $subject;
$mail->Body = $message;
if (!$mail->send()) {
Log::createLog("danger", "arcmail", "SMTP: " . $mail->ErrorInfo);
} else {
Log::createLog("success", "arcmail", "SMTP: Message sent");
}
break;
}
}
Log::createLog("danger", "mediamanager", "Blocked file type: {$file_type}");
return;
}
$filename = $_FILES['file']['name'];
// force lowercase names
$filename = strtolower($filename);
$path = system\Helper::arcGetPath(true) . "assets" . $_POST["path"];
$destination = $path . "/" . $filename;
if (!file_exists($path)) {
mkdir($path);
}
Log::createLog("info", "mediamanager", "Destination: '" . $destination . "'");
$location = $_FILES["file"]["tmp_name"];
Log::createLog("info", "mediamanager", "Source: '" . $location . "'");
$size = filesize($location);
Log::createLog("info", "mediamanager", "Size: " . $size[0]);
if ($size == 0) {
system\Helper::arcAddMessage("danger", "Invalid file uploaded");
Log::createLog("danger", "mediamanager", "Invalid file size.");
return;
}
move_uploaded_file($location, $destination);
Log::createLog("info", "mediamanager", "File moved to image folder.");
system\Helper::arcAddMessage("success", "File uploaded");
Log::createLog("success", "mediamanager", "Upload complete.");
} else {
Log::createLog("danger", "mediamanager", "Upload error " . $_FILES['file']['error']);
system\Helper::arcAddMessage("danger", "Error occured while uploading file");
}
}
}
<?php
if (system\Helper::arcIsAjaxRequest()) {
$user = User::getByID($_POST["id"]);
if ($user->id != system\Helper::arcGetUser()->id) {
system\Helper::arcImpersonateUser($user);
system\Helper::arcAddMessage("success", "Impersonation mode enabled");
Log::createLog("warning", "user", "Is impersonating " . $user->getFullname());
system\Helper::arcReturnJSON(["status" => "success"]);
} else {
system\Helper::arcAddMessage("danger", "You cannot impersonate yourself");
system\Helper::arcReturnJSON(["status" => "failed"]);
}
}
public function afterDelete()
{
$this->clearCache();
$sectionID = implode(',', $this->getPkValues());
$section = strtolower(get_class($this));
$userID = $this->model_uset_id;
if ($this->_isLog) {
Log::createLog($userID, 'delete', $section, $sectionID);
}
}
<?php
http_response_code(system\Helper::arcGetPostData("error"));
$error = system\Helper::arcGetPostData("error") . ": " . system\Helper::arcGetPostData("path");
if (!empty($_SERVER["HTTP_REFERER"])) {
$error .= " (ref: " . $_SERVER["HTTP_REFERER"] . ")";
}
Log::createLog("danger", "error", $error);