public function updateRole($name, $label = "", $permissions = array(), $add = false) { global $pawUsers; // CHECK PERMISSIONS if ($this->hasPermission("pawu_perm_manage") === false) { $this->_error(__("You don't have the Permission to perform this action!")); return false; } // VALIDATE if (($name = $this->validateRole($name, false)) === false) { return false; } if (($label = $this->validateLabel($label)) === false) { return false; } $permissions = paw_xss_cleaner($permissions, true); if (!is_array($permissions)) { $permissions = array(); } // ADD ALL SYSTEM PERMISSIONS TO THE ADMIN ROLE if ($name == "administrator") { $permissions = array_merge($permissions, $this->system); } $role = $this->getRoles($name, false); $role = $role[$name]["id"]; // ADD NEW PERMISSIONS if ($add === true) { $this->updatePermissions($permissions, false); } // UPDATE ROLE $query = "UPDATE " . TABLE_PREFIX . "role SET label=:label WHERE name=:name"; $query = Record::query($query, array(":name" => $name, ":label" => $label)); if ($query === false) { $this->_error(__("An unknown error is occurred!")); return false; } // DELETE ROLE PERMISSIONS $query = "DELETE FROM " . TABLE_PREFIX . "role_permission WHERE role_id=" . $role; if (Record::query($query) === false) { $this->_error(__("An unknown error is occurred!")); return false; } // LINK NEW PERMISSIONS SET TO ROLE if (!empty($permissions)) { $queries = array(); foreach ($this->getPermissions(false) as $id => $perm) { if (in_array($perm["name"], $permissions)) { $queries[] = "(" . Record::escape($role) . ", " . Record::escape($perm["id"]) . ")"; } } $query = "INSERT INTO " . TABLE_PREFIX . "role_permission (role_id, permission_id) VALUES " . implode(", ", $queries) . ";"; $query = Record::query($query, array(":name" => $name, ":label" => $label)); if ($query === false) { $this->_error(__("An unknown error is occurred!")); return false; } } return true; }
public function updateData($id, $type, $value, $status = false, $config = "") { global $pawUsers; // CHECK PERMISSIONS if ($pawUsers->permissions->hasPermission("pawu_list_manage") === false) { $this->_error(__("You don't have the Permission to perform this action!")); return false; } // VALIDATE $value = paw_xss_cleaner($value); $status = in_array($status, array(1, "1", true)) ? 1 : 0; if ($this->validateData($type, $value) !== true) { return false; } $settings = $this->_settings($type, $config); // CHECK IF ITEM EXIST $query = "SELECT * FROM " . TABLE_PREFIX . "blacklist WHERE id=:id"; $query = Record::query($query, array(":id" => $id)); if (empty($query) || !isset($query[0])) { $this->_error(__("The blacklist item does not exists!")); return false; } // UPDATE BLACKLIST ITEM $data = array("value=:value", "type=" . Record::escape($type), "status=" . Record::escape($status), "settings=" . Record::escape(paw_serializer($settings))); $query = "UPDATE " . TABLE_PREFIX . "blacklist SET " . implode(", ", $data) . " WHERE id=" . $id; $query = Record::query($query, array(":value" => $value)); if ($query !== false) { return true; } $this->_error(__("An unknown error is occurred!")); return false; }
public function updateUser($data, $update) { $data = paw_xss_cleaner($data); $update = paw_xss_cleaner($update); if (!is_array($update)) { $this->_error(__("The Action is invalid!")); return false; } // GET USER $user = $this->_getUser($data); if (empty($user)) { $this->_error(__("The User does not exist!")); return false; } // CHECK PERMISSIONS if ($this->login === false) { if ((int) $user->id !== (int) $this->currentID) { if (!$this->permissions->hasPermission("user_edit")) { $this->_error(__("You don't have the Permission to perform this action!")); return false; } else { $url = get_url("user/edit/" . $user->id . "/" . $this->currentID); if (!isset($update["token"]) || !SecureToken::validateToken($update["token"], $url)) { $this->_error(__("The CSRF Token does not exist or is invalid!")); return false; } } } } // FETCH EMAIL AND PASSWORD REQUESTS if ($this->login === false) { // UPDATE eMAIL ADDRESS if (isset($update["email"]) && (isset($update["password"]) || $this->permissions->hasPermission("user_edit"))) { if (($mail = $this->validateUsermail($update["email"], true)) === false) { return false; } if ((int) $user->id === (int) $this->currentID && isset($update["password"])) { if (!$this->_checkPassword($user, $update["password"])) { $this->_error(__("The Password is incorrect!")); return false; } $this->_userPassword($user, $update["password"]); } if ($this->_userMail($user, $update["email"])) { return true; } } // UPDATE PASSWORD if (isset($update["new-password"]) && (isset($update["password"]) || $this->permissions->hasPermission("user_edit"))) { if (($pass = $this->validatePassword($update["new-password"], true)) === false) { return false; } if ((int) $user->id === (int) $this->currentID && isset($update["password"])) { if (!$this->_checkPassword($user, $update["password"])) { $this->_error(__("The Password is incorrect!")); return false; } } if ($this->_userPassword($user, $pass)) { return true; } } } // VALIDATE $valid = array("name", "ip", "language", "last_login", "last_failure", "failure_count", "updated_by_id", "roles"); $sql = array(); $values = array(); foreach ($update as $key => $value) { if (!in_array($key, $valid)) { unset($update[$key]); continue; } if ($key === "name" && strlen($value) > 50) { unset($update["name"]); continue; } if ($key === "roles") { $roles = $value; continue; } $sql[$key] = $key . "=:" . $key; $values[":" . $key] = $value; } $sql["updated_on"] = "updated_on=" . Record::escape(date("Y-m-d H:i:s")); // UPDATED BY ID if (!isset($sql["updated_by_id"])) { if ($this->isLoggedIn()) { $sql["updated_by_id"] = "updated_by_id=" . Record::escape($this->currentID); } else { $sql["updated_by_id"] = "updated_by_id=" . $user->id; } } $query = "UPDATE " . TABLE_PREFIX . "user SET " . implode(", ", $sql) . " WHERE id=" . $user->id; $query = Record::query($query, $values); if ($query !== false) { if (isset($roles) && $this->permissions->hasPermission("user_edit")) { if (is_string($roles)) { $roles = array($roles); } $userroles = array_keys($this->permissions->getRoles(NULL, false)); if (!empty($roles)) { $this->permissions->roleToUser($roles, $user->id); } $remove = array_diff($userroles, $roles); $this->permissions->roleAwayUser($remove, $user->id); } return true; } return false; }
public static function findById($id) { return self::find(array( 'where' => 'error404s.id=' . Record::escape((int)$id), 'limit' => 1 )); } //*/
private function __storetags($tags,$download_id=null) { // if download_id is provided clear out old tags if (!is_null($download_id)) Record::deleteWhere('DownloadTagConnection','download_id='.Record::escape((int)$download_id)); // check to make sure there are some tags if (empty($tags)) return true; // take either an array or comma separated list of tags if (!is_array($tags)) $tags = explode(',',$tags); $tags = preg_replace('/[^a-z0-9 _,-]/','',$tags); // find or create tag and connect to download foreach ($tags as $tagname) { $tagname = trim(strtolower($tagname)); // check for minimum tag length; must be at least three characters if (strlen($tagname) >= 3) { if (!$tag = DownloadTag::findByName($tagname)) { $tag = new DownloadTag(array('name'=>$tagname)); $tag->save(); } if (!is_null($download_id)) { $connection = new DownloadTagConnection(array( 'download_id'=>(int)$download_id, 'tag_id'=>$tag->id )); $connection->save(); } } } return true; }//*/
function downloadSearch($terms,$limit=10,$offset=0,$order='name',$expired=false,$inactive=false) { $where = '1'; // show expired downloads? if ($expired === false) $where .= " AND ( `downloads`.`expires` > NOW() || `downloads`.`expires` IS NULL )"; // show inactive downloads? if ($inactive === false) $where .= " AND `downloads`.`active` = '1'"; $order = strtolower($order); $order = in_array($order,explode(',','id,name,filename,active,downloads,expires,created,updated')) && !empty($order) ? $order : 'name' ; $order = $order == 'downloads' ? 'downloads.'.$order.' DESC' : 'downloads.'.$order.' ASC'; if (! empty($terms)) { $querys = preg_replace('/[^a-z0-9 %]/i',' ',$terms); $querys = strstr($querys,' ') !== false ? explode(' ',$querys) : array($querys); $querys = preg_replace(array('/ing$/i','/ed$/i','/s$/i'),'',$querys); foreach ($querys as $query) { if (strstr($query,'%') === false && !empty($query)) $query = "%{$query}%"; if (!empty($query)) $where .= " AND ( downloads.name LIKE ".Record::escape($query)." OR downloads.description LIKE ".Record::escape($query)." OR downloads.keywords LIKE ".Record::escape($query)." ) "; } } if (!$results = Download::findAll(array('where'=>$where,'limit'=>$limit,'offset'=>$offset,'order'=>$order))) return false; $count = Record::countFrom('Download',$where); return array('downloads'=>$results,'count'=>$count); }
public static function findAllByTagName($tags=array()) { $tags = is_array($tags) ? $tags : explode(',',$tags); $where = ''; $count = 0; foreach ($tags as $tag) if (! empty($tag)) { $where .= (!empty($where) ? ',' : '') . Record::escape($tag); $count++; } return self::find(array( 'where' => "downloadtags.name IN ($where)", 'order' => 'downloads.name ASC', 'group' => 'downloads.id', 'having' => "COUNT(*)>=$count" )); } //*/
public static function findByName($name) { return self::find(array( 'where' => 'facts.name='.Record::escape($name), 'limit' => 1 )); } //*/
public static function findByHash($hash) { return self::find(array( 'where' => 'downloads.hash='.Record::escape($hash), 'limit' => 1 )); } //*/