public static function ProcessSource($source) { $file = File::Temporary(TEMP_DIR, 'txt'); switch ($source['source']) { case self::SOURCE_CLIPBOARD: if (String::IsEmpty($_REQUEST[self::FIELD_CLIPBOARD])) { throw new BaseException('The Clipboard field was empty'); } file_put_contents($file, String::FormatNewlines($_REQUEST[self::FIELD_CLIPBOARD])); break; case self::SOURCE_UPLOAD: $upload = $_FILES[self::FIELD_UPLOAD]; // Check for errors if ($upload['error'] != UPLOAD_ERR_OK) { throw new BaseException(Uploads::CodeToMessage($upload['error'])); } if (move_uploaded_file($upload['tmp_name'], $file) === false) { throw new BaseException('Could not process uploaded file'); } break; case self::SOURCE_URL: $http = new HTTP(); if ($http->Get($_REQUEST[self::FIELD_URL], $_REQUEST[self::FIELD_URL])) { file_put_contents($file, String::FormatNewlines($http->body)); } else { throw new BaseException('Could not access URL: ' . $http->error); } break; } return basename($file); }
public function __construct() { $this->From = Config::Get('email_address'); $this->FromName = Config::Get('email_name'); switch (Config::Get('mailer')) { case self::MAIL: $this->IsMail(); break; case self::SENDMAIL: $this->IsSendmail(); $this->Sendmail = Config::Get('sendmail_path'); break; case self::SMTP: $this->IsSMTP(); $this->Host = Config::Get('smtp_hostname'); $this->Port = Config::Get('smtp_port'); $this->SMTPSecure = Config::Get('flag_smtp_ssl') ? 'ssl' : ''; $this->Username = Config::Get('smtp_username'); $this->Password = Config::Get('smtp_password'); if (!String::IsEmpty($this->Username)) { $this->SMTPAuth = true; } break; } $this->greeting = file_get_contents(TEMPLATES_DIR . '/email-global-greeting.tpl'); $this->signature = file_get_contents(TEMPLATES_DIR . '/email-global-signature.tpl'); }
public static function DurationToSeconds($duration) { if (String::IsEmpty($duration)) { return 0; } list($hours, $minutes, $seconds) = explode(':', $duration); return $hours * 3600 + $minutes * 60 + $seconds; }
public static function Login() { $DB = GetDB(); self::$authenticated = false; self::$superuser = false; self::$username = null; $cookie_settings = self::GetCookieSettings(); if (isset($_REQUEST[self::FIELD_USERNAME])) { if (String::IsEmpty($_REQUEST[self::FIELD_USERNAME])) { self::$error = 'The username field was left blank'; return; } if (String::IsEmpty($_REQUEST[self::FIELD_PASSWORD])) { self::$error = 'The password field was left blank'; return; } $account = $DB->Row('SELECT * FROM `tbx_administrator` WHERE `username`=? AND `password`=?', array($_REQUEST[self::FIELD_USERNAME], sha1($_REQUEST[self::FIELD_PASSWORD]))); if (!$account) { self::$error = 'The supplied username/password combination is not valid'; return; } else { $session = sha1(uniqid(rand(), true)); $DB->Update('INSERT INTO `tbx_administrator_session` VALUES (?,?,?,?,?)', array($account['username'], $session, sha1($_SERVER['HTTP_USER_AGENT']), $_SERVER['REMOTE_ADDR'], time())); $DB->Update('INSERT INTO `tbx_administrator_login_history` VALUES (?,?,?)', array($account['username'], Database_MySQL::Now(), $_SERVER['REMOTE_ADDR'])); setcookie(self::COOKIE_NAME, self::FIELD_USERNAME . '=' . urlencode($account['username']) . '&' . self::FIELD_SESSION . '=' . urlencode($session), $_REQUEST[self::FIELD_REMEMBER] ? time() + self::SESSION_LENGTH : null, $cookie_settings['path'], $cookie_settings['domain']); self::$username = $account['username']; self::$superuser = $account['type'] == self::TYPE_SUPERUSER; self::$privileges = $account['privileges']; self::$authenticated = true; } } else { if (isset($_COOKIE[self::COOKIE_NAME])) { $cookie = array(); parse_str($_COOKIE[self::COOKIE_NAME], $cookie); $DB->Update('DELETE FROM `tbx_administrator_session` WHERE `timestamp` < ?', array(time() - self::SESSION_LENGTH)); $session = $DB->Row('SELECT * FROM `tbx_administrator_session` WHERE `username`=? AND `session`=? AND `browser`=? AND `ip_address`=?', array($cookie[self::FIELD_USERNAME], $cookie[self::FIELD_SESSION], sha1($_SERVER['HTTP_USER_AGENT']), $_SERVER['REMOTE_ADDR'])); if (!$session) { setcookie(self::COOKIE_NAME, false, time() - self::SESSION_LENGTH, $cookie_settings['path'], $cookie_settings['domain']); self::$error = 'Your control panel session has expired'; return; } else { $account = $DB->Row('SELECT * FROM `tbx_administrator` WHERE `username`=?', array($session['username'])); if (!$account) { setcookie(self::COOKIE_NAME, false, time() - self::SESSION_LENGTH, $cookie_settings['path'], $cookie_settings['domain']); self::$error = 'Invalid control panel account'; return; } else { self::$username = $account['username']; self::$superuser = $account['type'] == self::TYPE_SUPERUSER; self::$privileges = $account['privileges']; self::$authenticated = true; } } } } return self::$authenticated; }
public static function RemoveFromFrequency($tags) { if (String::IsEmpty($tags)) { return; } $DB = GetDB(); foreach (explode(' ', $tags) as $tag) { $tag = trim($tag); $DB->Update('UPDATE `tbx_video_tag` SET `frequency`=`frequency`-1 WHERE `tag`=?', array($tag)); } $DB->Update('DELETE FROM `tbx_video_tag` WHERE `frequency` < 1'); }
public static function Sanitize($filename, $force_extension = null) { $info = pathinfo($filename); $filename = $info['filename']; $extension = isset($info['extension']) ? $info['extension'] : ''; $filename = preg_replace('~[^a-z0-9_\\-]~i', '', $filename); $extension = preg_replace('~[^a-z0-9]~i', '', $extension); if (String::IsEmpty($filename)) { $filename = 'none'; } if (String::IsEmpty($extension)) { return $filename . ($force_extension ? '.' . $force_extension : ''); } else { return $filename . '.' . ($force_extension ? $force_extension : $extension); } }
public function RegisterFromXml($xtable, $section = 'admin', $location = 'create') { $reflect = new ReflectionClass('Validator_Type'); foreach ($xtable->xpath('./columns/column') as $xcolumn) { $xsection = $xcolumn->el('./' . $section); if ($section != 'admin' && !empty($xsection) && !$xsection->el('./' . $location)->val()) { continue; } $xvalidators = $xcolumn->xpath('./' . $section . '/validator'); if (empty($xvalidators)) { continue; } foreach ($xvalidators as $xvalidator) { $type = $reflect->getConstant($xvalidator->type->val()); $value = Request::Get($xcolumn->name->val()); switch ($xvalidator->condition->val()) { case self::COND_NOT_EMPTY: if (String::IsEmpty($value)) { break; } default: $this->Register($value, $type, $xvalidator->message->val(), $xvalidator->extras->val()); break; } } } }
public static function Login($fail_function = null) { $DB = GetDB(); self::$authenticated = false; self::$username = null; try { if (isset($_REQUEST[self::FIELD_USERNAME])) { if (String::IsEmpty($_REQUEST[self::FIELD_USERNAME])) { throw new Exception(_T('Validation:Required', _T('Label:Username'))); } if (String::IsEmpty($_REQUEST[self::FIELD_PASSWORD])) { throw new Exception(_T('Validation:Required', _T('Label:Password'))); } $user = $DB->Row('SELECT * FROM `tbx_user` WHERE `username`=? AND `password`=?', array($_REQUEST[self::FIELD_USERNAME], sha1($_REQUEST[self::FIELD_PASSWORD]))); if (!$user) { throw new Exception(_T('Validation:Invalid Login')); } else { if ($user['status'] != STATUS_ACTIVE) { throw new Exception(_T('Validation:Inactive Account')); } $session = sha1(uniqid(rand(), true)); $DB->Update('UPDATE `tbx_user_stat` SET `date_last_login`=? WHERE `username`=?', array(Database_MySQL::Now(), $user['username'])); $DB->Update('INSERT INTO `tbx_user_session` VALUES (?,?,?,?,?)', array($user['username'], $session, sha1($_SERVER['HTTP_USER_AGENT']), $_SERVER['REMOTE_ADDR'], time())); setcookie(LOGIN_COOKIE, self::FIELD_USERNAME . '=' . urlencode($user['username']) . '&' . self::FIELD_SESSION . '=' . urlencode($session), $_REQUEST[self::FIELD_REMEMBER] ? time() + self::REMEMBER_PERIOD : null, Config::Get('cookie_path'), Config::Get('cookie_domain')); self::$username = $user['username']; self::$authenticated = true; } } else { if (isset($_COOKIE[LOGIN_COOKIE])) { $cookie = array(); parse_str(html_entity_decode($_COOKIE[LOGIN_COOKIE]), $cookie); $DB->Update('DELETE FROM `tbx_user_session` WHERE `timestamp` < ?', array(time() - self::REMEMBER_PERIOD)); $session = $DB->Row('SELECT * FROM `tbx_user_session` WHERE `username`=? AND `session`=?', array($cookie[self::FIELD_USERNAME], $cookie[self::FIELD_SESSION])); if (!$session) { setcookie(LOGIN_COOKIE, false, time() - 604800, Config::Get('cookie_path'), Config::Get('cookie_domain')); throw new Exception(_T('Validation:Session Expired')); } else { $user = $DB->Row('SELECT * FROM `tbx_user` WHERE `username`=?', array($session['username'])); if (!$user) { setcookie(LOGIN_COOKIE, false, time() - 604800, Config::Get('cookie_path'), Config::Get('cookie_domain')); throw new Exception(_T('Validation:Invalid Account')); } else { if ($user['status'] != STATUS_ACTIVE) { throw new Exception(_T('Validation:Inactive Account')); } self::$username = $user['username']; self::$authenticated = true; } } } } } catch (Exception $e) { self::$error = $e->getMessage(); self::$authenticated = false; } if (!self::$authenticated && function_exists($fail_function)) { call_user_func($fail_function); exit; } return self::$authenticated; }
function tbxGenericSearch() { $DB = GetDB(); $schema = GetDBSchema(); $_REQUEST['per_page'] = isset($_REQUEST['per_page']) && $_REQUEST['per_page'] > 0 ? $_REQUEST['per_page'] : 20; $_REQUEST['page'] = isset($_REQUEST['page']) && $_REQUEST['page'] > 0 ? $_REQUEST['page'] : 1; // Sanity checking $table = Request::GetSafe('table'); $xtable = $schema->el('//table[name="' . $table . '"]'); if (empty($xtable)) { throw new BaseException('The supplied database table does not exist', $table); } // Get custom and merge tables $custom_table = $xtable->custom->val(); $merge_tables = empty($custom_table) ? array() : array($custom_table); foreach ($xtable->xpath('./merge') as $xmerge) { $merge_tables[] = $xmerge->val(); } // Start building the SQL query $s = new SQL_SelectBuilder($table); // Fulltext searches if (isset($_REQUEST['text_search']) && !String::IsEmpty($_REQUEST['text_search'])) { $columns = array(); foreach ($xtable->xpath('.//fulltext[1]/column') as $xcolumn) { $columns[] = $table . '.' . $xcolumn->val(); } $s->AddFulltextWhere($columns, $_REQUEST['text_search_type'], $_REQUEST['text_search']); if ($_REQUEST['text_search_type'] == SQL::FULLTEXT) { $_REQUEST['sort_field'] = array(); } } // Standard search fields for ($i = 0; $i < count($_REQUEST['search_field']); $i++) { $s->AddWhere($_REQUEST['search_field'][$i], $_REQUEST['search_operator'][$i], $_REQUEST['search_term'][$i], $_REQUEST['search_connector'][$i], true); } // Sort fields for ($i = 0; $i < count($_REQUEST['sort_field']); $i++) { $s->AddOrder($_REQUEST['sort_field'][$i], $_REQUEST['sort_direction'][$i]); } $primary_key = $xtable->columns->primaryKey->val(); $result = $DB->QueryWithPagination($s->Generate(), $s->Binds(), $_REQUEST['page'], $_REQUEST['per_page'], $primary_key); if ($result['handle']) { $global_item_include_file = File::Sanitize('cp-' . $xtable->naming->type . '-search-item-global.php', 'php'); $item_include_file = File::Sanitize('cp-' . $xtable->naming->type . '-search-item.php', 'php'); if (!is_file("includes/{$item_include_file}")) { throw new BaseException('The required include file could not be found', $item_include_file); } ob_start(); if (is_file("includes/{$global_item_include_file}")) { include $global_item_include_file; } while ($original = $DB->NextRow($result['handle'])) { foreach ($merge_tables as $merge_table) { $row = $DB->Row('SELECT * FROM # WHERE #=?', array($merge_table, $primary_key, $original[$primary_key])); if (is_array($row)) { $original = array_merge($row, $original); } } $item = String::HtmlSpecialChars($original); include $item_include_file; } $result['html'] = ob_get_clean(); $DB->Free($result['handle']); unset($result['handle']); } JSON::Success($result); }
function GetBestCategory($search_data) { if (Cache_Memory::IsCached(CACHE_CATEGORIES)) { $categories = Cache_Memory::Get(CACHE_CATEGORIES); } else { $DB = GetDB(); $categories = $DB->FetchAll('SELECT * FROM `tbx_category`'); Cache_Memory::Cache(CACHE_CATEGORIES, $categories); } $best_score = 0; $best_category_id = null; foreach ($categories as $category) { if (!String::IsEmpty($category['auto_category_term']) && preg_match('~(' . str_replace(',', '|', preg_quote($category['auto_category_term'])) . ')~i', $search_data, $matches)) { if (count($matches[1]) > $best_score) { $best_score = count($matches[1]); $best_category_id = $category['category_id']; } } } return $best_category_id; }
private function Query($query) { $DB = GetDB(); $xnaming = $this->xtable->naming; $table = $this->xtable->name->val(); $primary_key = $this->xtable->el('.//primaryKey')->val(); $search = $this->search_form; $s = new SQL_SelectBuilder($table); switch ($this->type) { case self::$TYPE_MATCHING: // Fulltext searches if (isset($search['text_search']) && !String::IsEmpty($search['text_search'])) { $columns = array(); foreach ($this->xtable->xpath('.//fulltext/column') as $xcolumn) { $columns[] = $table . '.' . $xcolumn->name; } $s->AddFulltextWhere($columns, $search['text_search_type'], $search['text_search']); } for ($i = 0; $i < count($search['search_field']); $i++) { $s->AddWhere($search['search_field'][$i], $search['search_operator'][$i], $search['search_term'][$i], $search['search_connector'][$i], true); } break; case self::$TYPE_SELECTED: $s->AddWhere("{$table}.{$primary_key}", SQL::IN, $search['search_term']); break; } switch ($query) { case 'amount': return $DB->QueryCount($s->Generate(), $s->Binds(), $primary_key); case 'handle': return $DB->Query($s->Generate(), $s->Binds()); case 'ids': $ids = array(); $result = $DB->Query($s->Generate(), $s->Binds()); while ($row = $DB->NextRow($result)) { $ids[] = $row[$primary_key]; } $DB->Free($result); return $ids; } }
private static function VerifyRequiredAttributes($required, &$attributes, $tag) { foreach ($required as $r) { if (!isset($attributes[$r]) || String::IsEmpty($attributes[$r])) { throw new CompilerException("{" . $tag . "} tag is missing the '{$r}' attribute"); } } }
function AddFulltextWhere($fields, $operator, $value, $skip_empty = false) { // No need to process empty items if ($skip_empty && String::IsEmpty($value)) { return; } foreach ($fields as $field) { list($table, $junk) = $this->ParseField($field); } $this->wheres[] = array($table, $fields, $operator, $value, SQL::LOGICAL_AND); }