<?php include_once dirname(__FILE__) . '/core/partials/pageCheck.php'; include_once dirname(__FILE__) . '/partials/permissionCheck.php'; include_once dirname(__FILE__) . '/classes/media.php'; $thisPage = "mediaManager"; $return = 20; $offset = Utility::getRequestVariable('offset', 0); $filters = ""; // should we get from param? $class = new Media($userID, $tenantID); $count = $class->getEntityCount($filters); $media = $class->getEntities($filters, $return, $offset); ?> <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <title><?php echo Utility::getTenantProperty($applicationID, $_SESSION['tenantID'], $userID, 'title'); ?> </title> <?php include "partials/includes.php"; ?> <link rel="stylesheet" type="text/css" href="static/css/mediaManager.css" /> <script type="text/javascript" src="js/jquery.form.min.js"></script> <script type="text/javascript" src="js/bootpag.min.js"></script> <script src="js/mediaManager.js" type="text/javascript"></script> <script src="js/workingPanel.js" type="text/javascript"></script>
$classfile = $classpath . $type . '.php'; if (!file_exists($classfile)) { header(' ', true, 500); Utility::debug('Unable to instantiate class for ' . $type . ' Classfile does not exist. Looking for: ' . $classfile, 9); echo 'Internal error. Unable to process entity.'; die; } include_once $classfile; $classname = ucfirst($type); // class names start with uppercase $class = new $classname($userID, $tenantID); $id = 0; if (isset($_GET["id"])) { $id = $_GET["id"]; } $parentid = Utility::getRequestVariable('parentid', 0); $entity = ''; if ($id > 0) { try { $entity = $class->getEntity($id, $tenantID, $userID); } catch (Exception $ex) { Service::returnError($ex->getMessage()); } } ?> <form id="<?php echo $type; ?> Form" class="form-horizontal" action="<?php echo $class->getDataServiceURL(); ?>
<?php include_once dirname(__FILE__) . '/../partials/pageCheck.php'; include_once dirname(__FILE__) . '/../classes/database.php'; include_once dirname(__FILE__) . '/../classes/utility.php'; include_once dirname(__FILE__) . '/../classes/service.php'; if ($_SERVER['REQUEST_METHOD'] == "POST") { $event = Utility::getRequestVariable('event', 'unknown event'); $entityType = Utility::getRequestVariable('entityType', 'unknown entity'); $entityId = Utility::getRequestVariable('entityId', 0); $query = "INSERT INTO event (event,entityType,entityId,userId,sessionId,tenantId) values ("; $query .= Database::queryString($event); $query .= ',' . Database::queryString($entityType); $query .= ',' . Database::queryNumber($entityId); $query .= ',' . Database::queryNumber($userID); $query .= ',' . Database::queryString(session_id()); $query .= ',' . Database::queryNumber($tenantID); $query .= ")"; $errorMsg = ''; try { Database::executeQuery($query); } catch (Exception $ex) { $errorMsg = $ex->getMessage(); } if (strlen($errorMsg) > 0) { Service::returnError($errorMsg); } else { Service::returnJSON('{result: true}'); } } else { echo "Unsupported HTTP method.";
<?php /* a utility service to update the sort order on a page within a page Collection * get parameters are: * collection: name of the pageCollection to update (e.g. 'home') * pageid: id of the page * sort: new sort/sequence number for the page */ include_once dirname(__FILE__) . '/../partials/pageCheck.php'; include_once dirname(__FILE__) . '/../classes/utility.php'; include_once dirname(__FILE__) . '/../classes/service.php'; if ($_SERVER['REQUEST_METHOD'] == "POST") { $collection = Utility::getRequestVariable("collection", ""); $pageid = Utility::getRequestVariable("pageid", ""); $sort = Utility::getRequestVariable("sort", ""); if ($collection == "") { Service::returnError('collection parameter is required.'); } if ($pageid == "") { Service::returnError('pageid parameter is required.'); } if ($sort == "") { Service::returnError('sort parameter is required.'); } if (!$user->hasRole('admin', $tenantID)) { Service::returnError('Access denied.', 403); } $query = "call setPageSortOrderForCollection(" . Database::queryString($collection) . "," . Database::queryNumber($pageid) . "," . Database::queryNumber($sort) . "," . Database::queryNumber($tenantID) . ");"; Database::executeQuery($query); $json = '{"success":true}'; Service::returnJSON($json);
<?php include_once dirname(__FILE__) . '/classes/config.php'; include_once Config::$core_path . '/classes/utility.php'; session_start(); // perform all steps to flush user and clear state: right now userID is only remnant // do need to keep tenant, though, for branding $tenantID = $_SESSION['tenantID']; Log::endSession(session_id()); session_destroy(); // create new session to save tenantID session_start(); session_regenerate_id(true); $flushed = true; if (Utility::getRequestVariable('flush', 'no') != 'yes') { $_SESSION['tenantID'] = $tenantID; $flushed = false; } ?> <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <title>Food Finder: Logout</title> <?php include "partials/includes.php"; ?> </head> <body>
Log::debug('Non admin user (id=' . $userID . ', session_id=' . session_id() . ') attempted to access admin.php page', 10); header('Location: ../403.php'); die; } $newtenant = Utility::getRequestVariable('newtenant', 0); // verify user can access requested tenant, then switch & force reload if ($newtenant > 0 && $newtenant != $tenantID) { if ($user->canAccessTenant($newtenant)) { $_SESSION['tenantID'] = $newtenant; $tenantID = $newtenant; header("Refresh:0"); } else { echo 'Sorry - can\'t switch that tenant. No sure how that happened . . .'; } } $flush = Utility::getRequestVariable('flushCache', 'no'); if ($flush == "yes" || $flush == "true") { Cache::flushCache(); $message = "Cache flushed."; } ?> <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <title><?php echo Utility::getTenantProperty($applicationID, $_SESSION['tenantID'], $userID, 'title'); ?> </title> <?php
<?php include dirname(__FILE__) . '/../partials/pageCheck.php'; include_once dirname(__FILE__) . '/../classes/core/database.php'; include_once dirname(__FILE__) . '/../classes/core/utility.php'; $batchId = Utility::getRequestVariable('id', 0); $action = Utility::getRequestVariable('action', 'status'); if ($batchId == 0) { echo 'id parameter must be specified'; header(' ', true, 400); die; } if ($action == 'cancel') { Utility::debug('Canceling batch ' . $batchId . '...', 5); $result = Utility::cancelBatch($batchId, $tenantID, $userID); if (!$result) { echo 'Unable to cancel batch.'; header(' ', true, 404); } else { $response = '{"status": "canceled"}'; header('Content-Type: application/json'); echo $response; } } else { Utility::debug('Checking batch status for batch ' . $batchId, 9); $result = Utility::getBatchStatus($batchId, $tenantID, $userID); if (!$result) { echo 'Batch status not found.'; header(' ', true, 404); } else { if ($r = mysqli_fetch_array($result)) {
<?php include dirname(__FILE__) . '/core/partials/pageCheck.php'; include_once dirname(__FILE__) . '/core/classes/utility.php'; $thisPage = Utility::getRequestVariable('type', 'finder'); $zoom = Utility::getRequestVariable('zoom', 0); $list = Utility::getRequestVariable('list', 0); $selectedLocation = Utility::getRequestVariable('location', 0); Log::logPageView('finder', 0, 'list=' . $list . '&selectedLocation=' . $selectedLocation); ?> <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <title><?php echo Utility::getTenantProperty($applicationID, $_SESSION['tenantID'], $userID, 'title'); ?> : Finder</title> <?php include "partials/includes.php"; ?> <link rel="stylesheet" type="text/css" href="static/css/map.css" /> <script src="js/main.js"></script> <script type="text/javascript" src="https://maps.googleapis.com/maps/api/js?key=AIzaSyB9Zbt86U4kbMR534s7_gtQbx-0tMdL0QA&libraries=places"></script> </head> <body> <div id="topPart"> <?php
<?php // a service that allows clients to request and receive lists of locations on a specified route include dirname(__FILE__) . '/../core/partials/pageCheck.php'; include_once dirname(__FILE__) . '/../core/classes/database.php'; include_once dirname(__FILE__) . '/../core/classes/utility.php'; include_once dirname(__FILE__) . '/../core/classes/service.php'; if ($_SERVER['REQUEST_METHOD'] == "GET") { $origin = Utility::getRequestVariable("origin", ""); $destination = Utility::getRequestVariable("destination", ""); $maxDetour = Utility::getRequestVariable("maxDetour", "25"); // default is 25 miles $numToReturn = Utility::getRequestVariable("return", "10"); // default is 10 $categories = Utility::getRequestVariable("categories", ''); $errMessage = ''; $o = explode(',', $origin); if (!isset($o[1])) { $errMessage = 'Invalid origin coordinates.'; } else { $originLong = $o[1]; $originLat = $o[0]; } $o = explode(',', $destination); if (!isset($o[1])) { $errMessage = 'Invalid destination coordinates.'; } else { $destLong = $o[1]; $destLat = $o[0]; } $filter = getFilter($categories);
<?php /* * The idea of a region page is that it encapsulates a bunch of locations within a particular region, which could be a state, a region of a state, a city, etc. * It will have a map of locations (defined by a query/list) as well as a headnote introducing and a series of pages/features hanging off of it */ include dirname(__FILE__) . '/core/partials/pageCheck.php'; include dirname(__FILE__) . '/core/classes/propertyBag.php'; include_once dirname(__FILE__) . '/core/classes/log.php'; include_once Config::$root_path . '/classes/productCollection.php'; $thisPage = "region"; $errMessage = ""; $region = Utility::getRequestVariable('region', 'none'); if ($region == 'none') { $errMessage = "Hmm. Something went wrong. No valid region specified."; } else { $stateList = Utility::getTenantProperty($applicationID, $tenantID, $userID, 'enabledStates'); if (!is_null($stateList)) { $stateArray = explode(",", strtoupper($stateList)); if (!in_array(strtoupper($region), $stateArray)) { $errMessage = "That is not a valid region."; } else { Log::logPageView('region', 0, $region); } } } // retrieve properties for this region $propertyBag = new PropertyBag($userID, $tenantID); $bagName = 'region' . $region . 'Properties'; ?> <!DOCTYPE html>
protected function getEntityCountQuery($filters) { $query = ''; $name = Utility::getRequestVariable('name', ''); if (strlen($name) > 0) { $query = "call countLocationsBySearchCriteria(" . $this->tenantid . "," . Database::queryString($name) . ")"; } else { $query = parent::getEntityCountQuery($filters); } return $query; }
include_once dirname(__FILE__) . '/../core/classes/database.php'; include_once dirname(__FILE__) . '/../core/classes/utility.php'; include_once dirname(__FILE__) . '/../core/classes/service.php'; include_once dirname(__FILE__) . '/../core/classes/imageHandler.php'; include_once dirname(__FILE__) . '/../classes/media.php'; include_once dirname(__FILE__) . '/../classes/location.php'; include_once dirname(__FILE__) . '/../' . Config::$cdn_classfile; Utility::Debug('files.php invoked ', 5); if ($_SERVER['REQUEST_METHOD'] == "GET") { Service::returnError('Method not supported.'); } elseif ($_SERVER['REQUEST_METHOD'] == "POST") { if (count($_FILES) == 0) { Service::returnError('No files submitted or files unable to be received. Current maximum file size is ' . ini_get("upload_max_filesize") . ' and total upload max size is ' . ini_get("post_max_size") . '.'); } // if a locationid is included on post, all files submitted will be linked to specified location $locationid = Utility::getRequestVariable('locationid', 0); if ($locationid > 0) { $location = new Location($userID, $tenantID); if (!$location->userCanEdit($locationid, $user)) { Log::debug('User ' . $userID . ' attempted unauthorized edit of location id=' . $locationid, 9); Service::returnError('User does not have permission to edit specified location', 401); } } // build array of files. These need to match the Media class fields $files = array(); if (!array_key_exists("importFile", $_FILES)) { Service::returnError('Unable to find "importFile" key in $FILES array.', 400); } for ($i = 0; $i < count($_FILES["importFile"]["name"]); $i++) { $file = array("id" => 0, "url" => '', "name" => $_FILES["importFile"]["name"][$i], "type" => $_FILES["importFile"]["type"][$i], "tmp_name" => $_FILES["importFile"]["tmp_name"][$i], "description" => "", "metadata" => "", "public" => 0); array_push($files, $file);
<?php include_once dirname(__FILE__) . '/classes/config.php'; include Config::$core_path . '/partials/pageCheck.php'; include_once Config::$core_path . '/classes/database.php'; include_once Config::$core_path . '/classes/utility.php'; include_once Config::$core_path . '/classes/user.php'; include_once Config::$core_path . '/partials/requireSSL.php'; $thisPage = "login"; Utility::debug("login.php: logging in user.", 5); $username = ''; $password = ''; $remember_choice = false; $successURL = 'index.php'; $context = Utility::getRequestVariable('context', ''); $requestMethod = $_SERVER['REQUEST_METHOD']; if (isset($_POST['username'])) { $username = trim(htmlspecialchars($_POST['username'])); } if (isset($_POST['password'])) { $password = trim(htmlspecialchars($_POST['password'])); } if (isset($_POST['remember_me'])) { $remember_choice = trim($_POST["remember_me"]); } if (isset($_POST['successURL'])) { $successURL = $_POST['successURL']; } if (isset($_POST['source'])) { $source = $_POST['source']; }
< <div id="mapOptions" class="mapOptions"> <p class="center">Show Only:</p> <form id="displayOptionsForm"> <?php /* to do: add logic to remember users settings across page loads */ $categories = Utility::getRequestVariable('categories', ''); if (strlen($categories) > 0) { $cat_array = explode(',', $categories); } foreach (Utility::getList('categories', $tenantID, $userID) as $category) { $selected = ''; if (strlen($categories) > 0) { if (in_array($category['id'], $cat_array, false)) { $selected = ' checked'; } } echo '<div class="checkbox">'; echo ' <label><input type="checkbox" class="categoryInput" value="' . $category['id'] . '" name="' . $category['name'] . '"' . $selected . '> '; echo '<img src="' . $category['icon'] . '">' . $category['name'] . '</label>'; echo '</div>'; } ?> </form> </div>
$search = Utility::getRequestVariable('search', ''); // keeping this old parameter for backwards compatibility; return is preferred $numToReturn = Utility::getRequestVariable('numToLoad', 0); if ($numToReturn == 0) { $numToReturn = Utility::getRequestVariable('return', 10); } if ($numToReturn > 100) { $numToReturn = 100; // let's not get crazy, people. } $offset = Utility::getRequestVariable('offset', 0); $listId = Utility::getRequestVariable('list', 0); if ($listId == 0) { $listId = Utility::getRequestVariable('entityList', 0); } $descending = Utility::getRequestVariable('desc', 'false'); try { $class = ClassFactory::getClass($type, $userID, $tenantID); } catch (Exception $ex) { Service::returnError('Unknown or uncreatable type: ' . $type, 400, 'entitiesService?type=' . $type); } if ($_SERVER['REQUEST_METHOD'] == "GET") { if ($listId > 0) { // a list was requested here. Different handling than regular entity set try { $totalEntities = $class->getEntityCountForList($listId); $entities = $class->getEntitiesFromList($listId, $numToReturn, $offset); } catch (Exception $ex) { $message = 'Unable to retrieve ' . $type . ' set count: ' . $ex->getMessage(); Service::returnError($message); }
/* a utility page that generates the SQL for the specified entity * needs type as GET parameter (e.g. generateSQL.php?type=patient) */ include_once dirname(__FILE__) . '/../core/partials/pageCheck.php'; include_once dirname(__FILE__) . '/../core/classes/service.php'; include_once dirname(__FILE__) . '/../core/classes/dataentity.php'; include_once dirname(__FILE__) . '/../classes/application.php'; include_once dirname(__FILE__) . '/../classes/config.php'; // must be an super user to access this page if ($userID == 0 || $user && !$user->hasRole('superuser', $tenantID)) { Log::debug('Non super user (id=' . $userID . ') attempted to access generateSQL.php page', 10); $path = Config::getSiteRoot() . '/403.php'; header('Location: ' . $path); die; } $type = Utility::getRequestVariable('type', ''); if (strlen($type) < 1) { Service::returnError('Please specify a type'); } $coretypes = array('tenant', 'tenantSetting', 'tenantProperty', 'category', 'menuItem', 'page', 'pageCollection', 'content', 'tenantContent', 'entityList', 'entityListItem', 'propertyBag'); if (!in_array($type, $coretypes, false) && !in_array($type, Application::$knowntypes, false)) { // unrecognized type requested can't do much from here. Service::returnError('Unknown type: ' . $type, 400, 'entityService?type=' . $type); } $classpath = dirname(__FILE__) . '/../classes/'; if (in_array($type, $coretypes, false)) { // core types will be in core subfolder $classpath = Config::$core_path . '/classes'; } // include appropriate dataEntity class & then instantiate it $classfile = $classpath . '/' . $type . '.php';
$thisPage = "service_proto"; include dirname(__FILE__) . '/../core/partials/pageCheck.php'; include_once dirname(__FILE__) . '/../core/classes/database.php'; include_once dirname(__FILE__) . '/../core/classes/utility.php'; //session_start(); Utility::debug('Executing service_proto.php', 1); // retrive required parameters $center_lat = $_GET["center_lat"]; $center_long = $_GET["center_lng"]; $return = Utility::getRequestVariable("return", 10); $start = Utility::getRequestVariable("start", 0); $categories = Utility::getRequestVariable("categories", ''); $tenantID = $_SESSION['tenantID']; $listId = Utility::getRequestVariable('list', 0); if ($listId == 0) { $listId = Utility::getRequestVariable('entityList', 0); } Utility::debug('Executing service_proto.php with return=' . $return . " list=" . $listId, 5); // connect to database //$con=mysqli_connect(Database::$server,Database::$user,Database::$password,Database::$database); $con = mysqli_connect(Config::$server, Config::$user, Config::$password, Config::$database); if (!$con) { header(' ', true, 500); echo 'Service unavailable.'; die; } else { $filter = ''; if (strlen($categories) > 0) { // may be a little overkill, but want to ensure nothing but integers get passed into category id list $idlist = explode("|", $categories, 10); $separator = "";
<?php include dirname(__FILE__) . '/core/partials/pageCheck.php'; include_once dirname(__FILE__) . '/core/classes/log.php'; include_once dirname(__FILE__) . '/core/classes/format.php'; include_once Config::$root_path . '/classes/feature.php'; include_once Config::$root_path . '/classes/media.php'; include_once Config::$root_path . '/classes/display.php'; $thisPage = "feature"; $siteName = Utility::getTenantProperty($applicationID, $_SESSION['tenantID'], $userID, 'title'); $id = Utility::getRequestVariable('id', 0); $errorMsg = ""; $preview = ""; if ($id == 0) { $errorMsg = "You must specify a valid feature id."; } else { try { $class = new Feature($userID, $tenantID); $feature = $class->getEntity($id); $hasImage = false; if (strtolower($feature["status"]) != "published") { // if contributor, allow to preview and add preview stripe if ($user->hasRole("admin", $tenantID) || $user->hasRole("contributor", $tenantID)) { $preview = "You are previewing a feature that is currently in <strong>" . $feature["status"] . '</strong> status.'; } else { $errorMsg = "We don't seem to be able to find what you're looking for."; } } else { // don't log page views for unpublished feature: distorts counts Log::logPageView('feature', $id, ''); }
<?php /* * Processes KML file to import locations from a Google Map * Uses Google Places API to get location data */ include_once dirname(__FILE__) . '/../classes/core/database.php'; include_once dirname(__FILE__) . '/../classes/core/utility.php'; include_once dirname(__FILE__) . '/../classes/googlePlaces.php'; Utility::debug('processKML.php: processing KML file', 5); $source = Utility::getRequestVariable('source', ''); $batchid = Utility::getRequestVariable('batchid', 0); $tenantid = Utility::getRequestVariable('tenantid', 0); ignore_user_abort(); Utility::debug('Source: ' . $source . ', batch: ' . $batchid, 5); try { $xml = simplexml_load_file($source); if (!$xml) { Utility::debug('Unable to load xml file.' . $xml, 2); } else { Utility::debug('Xml file loaded:' . $xml, 5); } } catch (Exception $e) { Utility::debug('Unable to load xml file: ' . $e->getMessage(), 1); die; } $itemscomplete = 0; $count = 0; $places = new GooglePlaces(); $exceptions; $exceptionCount = 0;