function edit_POST(Web $w) { $p = $w->pathMatch("id"); $processor_id = $p["id"]; // Break the selected processor up into module and class $processor_class = $w->request("processor_class"); $processor_expl = explode(".", $processor_class); // Make sure we only have two values if (count($processor_expl) !== 2) { $w->error("Missing Processor values", "/channels/listprocessors"); exit; } // make sure the selected class exists in config if (!in_array($processor_expl[1], $w->moduleConf($processor_expl[0], "processors"))) { $w->error("Could not find processor in config", "/channels/listprocessors"); exit; } $processor_object = $processor_id ? $w->Channel->getProcessor($processor_id) : new ChannelProcessor($w); $processor_object->fill($_POST); $processor_object->channel_id = $w->request("channel_id"); $processor_object->module = $processor_expl[0]; $processor_object->class = $processor_expl[1]; $processor_object->insertOrUpdate(); $w->msg("Processor " . ($processor_id ? "updated" : "created"), "/channels/listprocessors"); }
/** * updates or removes favorited item * * @author Steve Ryan, steve@2pisystems.com, 2015 **/ function ajaxEditFavorites_ALL(Web $w) { $id = $w->request("id"); $class = $w->request("class"); $user = $w->Auth->user(); $cmd = $w->request("cmd"); if (!empty($id) && !empty($class) && !empty($user) && !empty($cmd)) { if ($cmd == "add") { $favorite = new Favorite($w); $favorite->object_class = $class; $favorite->object_id = $id; $favorite->user_id = $user->id; $favorite->insertOrUpdate(); echo $w->Favorite->getFavoriteButton($id, $class); } else { if ($cmd == "remove") { $favorite = $w->Favorite->getDataByObject($id, $class); if (get_class($favorite) == "Favorite" && $favorite->id > 0) { $favorite->delete(); } echo $w->Favorite->getFavoriteButton($id, $class); } else { echo "Invalid request"; } } } else { echo "Invalid request"; } }
function token_GET(Web &$w) { $w->setLayout(null); $username = $w->request("username"); $password = $w->request("password"); $api = $w->request("api"); $w->out($w->Rest->getTokenJson($username, $password, $api)); }
function results_GET(Web $w) { $response = array("success" => true, "data" => ""); $w->setLayout(null); $q = $w->request('q'); // query $idx = $w->request('idx'); // index $p = $w->request('p'); // page $ps = $w->request('ps'); // pageSize $tr = $w->request('tr'); // total results if ($q && strlen($q) >= 3) { $results = $w->Search->getResults($q, $idx, $p, $ps); if (empty($p) && empty($ps) && empty($tr)) { $buffer = ""; if (!empty($results[0])) { // Group results by class_name $filter_results = array(); foreach ($results[0] as $res) { $searchobject = $w->Search->getObject($res['class_name'], $res['object_id']); if (!empty($searchobject)) { $filter_results[$res['class_name']][] = $searchobject; } } foreach ($filter_results as $class => $objects) { // Transform class into readable text $t_class = preg_replace('/(?<=\\w)(?=[A-Z])/', " \$1", $class); $buffer .= "<div class='row search-class'><h4 style='padding-top: 10px; font-weight: lighter;'>{$t_class}</h4>"; if (!empty($objects)) { foreach ($objects as $object) { if ($object->canList($w->Auth->user())) { $buffer .= '<div class="panel search-result">'; if ($object->canView($w->Auth->user())) { $buffer .= "<a class=\"row search-title\" href=\"" . $w->localUrl($object->printSearchUrl()) . "\">{$object->printSearchTitle()}</a>" . "<div class=\"row search-listing\">{$object->printSearchListing()}</div>"; } else { $buffer .= "<div class=\"small-12 columns search-title\">{$object->printSearchTitle()}</div><div class=\"row search-listing\">(restricted)</div>"; } $buffer .= "</div>"; } } } $buffer .= "</div>"; } } $response["data"] = $buffer; } } else { $response["success"] = false; $response["data"] = "Please enter at least 3 characters for searching."; } echo json_encode($response); }
function ajaxSaveComment_POST(Web $w) { $p = $w->pathMatch('parent_id'); $comment = new Comment($w); $comment->obj_table = "comment"; $comment->obj_id = $p['parent_id']; $comment->comment = strip_tags($w->request('comment')); $comment->insert(); $w->setLayout(null); echo $w->partial("displaycomment", array("object" => $comment, 'redirect' => $w->request('redirect')), "admin"); }
function thumb_GET(Web &$w) { $filename = str_replace("..", "", FILE_ROOT . $w->getPath()); if (is_file($filename)) { $width = $w->request("w", FileService::$_thumb_width); $height = $w->request("h", FileService::$_thumb_height); require_once 'phpthumb/ThumbLib.inc.php'; $thumb = PhpThumbFactory::create($filename); $thumb->adaptiveResize($width, $height); header("Content-Type: image/png"); $thumb->show(); exit; } }
function taskAjaxPrioritytoStatus_ALL(Web &$w) { $status = array(); // split query string into proirity, type, group and assignee list($priority, $type, $group, $assignee) = preg_split('/_/', $w->request('id')); // organise criteria $who = $assignee != "" ? $assignee : null; $where = ""; if ($group != "") { $where .= "task_group_id = " . $group . " and "; } if ($type != "") { $where .= "task_type = '" . $type . "' and "; } if ($priority != "") { $where .= "priority = '" . $priority . "' and "; } $where .= "is_closed = 0"; // get statuses from available tasks $tasks = $w->Task->getTasks($who, $where); if ($tasks) { foreach ($tasks as $task) { if (!array_key_exists($task->status, $status)) { $status[$task->status] = array($task->status, $task->status); } } } if (!$status) { $status = array(array("No assigned Tasks", "")); } // load status dropdown and return $status = Html::select("status", $status, null); $w->setLayout(null); $w->out(json_encode($status)); }
function taskAjaxTypetoPriority_ALL(Web &$w) { $priority = array(); // split the query string into type, group and assignee list($type, $group, $assignee) = preg_split('/_/', $w->request('id')); // organise criteria $who = $assignee != "" ? $assignee : null; $where = ""; if ($group != "") { $where .= "task_group_id = " . $group . " and "; } if ($type != "") { $where .= "task_type = '" . $type . "' and "; } $where .= "is_closed = 0"; // get priorities from available task list $tasks = $w->Task->getTasks($who, $where); if ($tasks) { foreach ($tasks as $task) { if (!array_key_exists($task->priority, $priority)) { $priority[$task->priority] = array($task->priority, $task->priority); } } } if (!$priority) { $priority = array(array("No assigned Tasks", "")); } // load priority dropdown and return $priority = Html::select("tpriority", $priority, null); $w->setLayout(null); $w->out(json_encode($priority)); }
function get_GET(Web &$w) { $w->setLayout(null); $p = $w->pathMatch("classname", "id"); $token = $w->request("token"); $w->out($w->Rest->getJson($p['classname'], $p['id'], $token)); }
function reportAjaxCategorytoType_ALL(Web $w) { $type = array(); list($category, $module) = preg_split('/_/', $w->request('id')); // organise criteria $who = $w->session('user_id'); $where = array(); if (!empty($module)) { $where['report.module'] = $module; } if (!empty($category)) { $where['report.category'] = $category; } // get report categories from available report list $reports = $w->Report->getReportsbyUserWhere($who, $where); if ($reports) { foreach ($reports as $report) { $arrtype = preg_split("/,/", $report->sqltype); foreach ($arrtype as $rtype) { $rtype = trim($rtype); if (!array_key_exists(strtolower($rtype), $type)) { $type[strtolower($rtype)] = array(strtolower($rtype), strtolower($rtype)); } } } } if (empty($type)) { $type = array(array("No Reports", "")); } $w->setLayout(null); $w->out(json_encode(Html::select("type", $type))); }
function attachForm_POST(Web $w) { $p = $w->pathMatch("id"); // get relevant task $task = $w->Task->getTask($p['id']); // if task exists get REQUEST and FILE object for insert into attachment database against this task if ($task) { $description = $w->request('description'); if ($_FILES['form']['size'] > 0) { $filename = strtolower($_FILES['form']['name']); $parts = explode(".", $filename); $n = count($parts) - 1; $ext = $parts[$n]; $attach = $w->File->uploadAttachment("form", $task, null, $description); if (!$attach) { $message = "There was an error. The document could not be saved."; } else { $message = "The Document has been uploaded."; } } // create comment $comm = new TaskComment($w); $comm->obj_table = $task->getDbTableName(); $comm->obj_id = $task->id; $comm->comment = "File Uploaded: " . $filename; $comm->insert(); // add to context for notifications post listener $w->ctx("TaskComment", $comm); $w->ctx("TaskEvent", "task_documents"); } // return $w->msg($message, "/task/edit/" . $task->id . "#attachments"); }
function taskAjaxGrouptoType_ALL(Web &$w) { $types = array(); // split query string into group and assignee list($group, $assignee) = preg_split('/_/', $w->request('id')); // organise criteria $who = $assignee != "" ? $assignee : null; $where = ""; if ($group != "") { $where .= "task_group_id = " . $group . " and "; } $where .= "is_closed = 0"; // get task types from available task list $tasks = $w->Task->getTasks($who, $where); if ($tasks) { foreach ($tasks as $task) { if (!array_key_exists($task->task_type, $types)) { $types[$task->task_type] = array($task->getTypeTitle(), $task->task_type); } } } if (!$types) { $types = array(array("No assigned Tasks", "")); } // load type dropdown and return $tasktypes = Html::select("tasktypes", $types, null); $w->setLayout(null); $w->out(json_encode($tasktypes)); }
function reportAjaxModuletoCategory_ALL(Web $w) { $category = array(); $module = $w->request('id'); // organise criteria $who = $w->session('user_id'); $where = array(); if ($module != "") { $where['report.module'] = $module; } // get report categories from available report list $reports = $w->Report->getReportsbyUserWhere($who, $where); if ($reports) { foreach ($reports as $report) { if (!array_key_exists($report->category, $category)) { $category[$report->category] = array($report->getCategoryTitle(), $report->category); } } } if (!$category) { $category = array(array("No Reports", "")); } // load Category dropdown and return $category = Html::select("category", $category); $w->setLayout(null); $w->out(json_encode($category)); }
/** * perform a signed oauth request * @param string $url request url * @param string $method method type * @param array $params additional params * @param null $type storage type [sandbox|dropbox] * @param null $file full file pathname * @param null $content file content * @return bool */ protected function doOAuthCall($url, $method, $params = null, $type = NULL, $file = NULL, $content = NULL) { if (is_null($params)) { $params = array(); } $method = strtoupper($method); $options = array('method' => $method); if ($method == 'GET') { if ($file) { $url .= $type . '/' . $file; } $url .= '?' . http_build_query($this->authParams + $params); } elseif ($method == 'POST') { $params = $this->authParams + $params + array('root' => $type); $options['content'] = http_build_query($params); } elseif ($method == 'PUT') { $url .= $type . '/' . $file . '?' . http_build_query($this->authParams + $params); $options['content'] = $content; $options['header'] = array('Content-Type: application/octet-stream'); } else { trigger_error(sprintf(self::E_METHODNOTSUPPORTED, $method)); return false; } return $this->web->request($url, $options); }
function ajax_getwidgetnames_GET(Web $w) { $module = $w->request("source"); if (!empty($module)) { $names = $w->Widget->getWidgetNamesForModule($module); echo json_encode($names); } }
function index_ALL(Web &$w) { // $w->out(print_r($w->Search->getIndexes(),true)); $w->ctx("indexes", $w->Search->getIndexes()); if ($w->request("isbox") !== NULL) { $w->setLayout(null); } }
function edit_POST(Web $w) { $p = $w->pathMatch("id"); $group = !empty($p['id']) ? $w->Auth->getUser($p['group_id']) : new User($w); $group->login = $w->request('title'); $group->is_group = 1; $group->insertOrUpdate(); $w->msg("Group " . (!empty($p['id']) ? "updated" : "created"), "/admin-groups/show/{$group->id}"); }
function resetpassword_POST(Web $w) { $email = $w->request('email'); // email $token = $w->request('token'); // token $password = $w->request('password'); // password $password_confirm = $w->request('password_confirm'); if ($password !== $password_confirm) { $w->error("Passwords do not match", "/auth/resetpassword?email={$email}&token={$token}"); return; } $user = $w->Auth->getUserForToken($token); //getObject("User", array("password_reset_token", $token)); $validData = false; if (!empty($user->id)) { // Check that the password reset hasn't expired if (time() - strtotime($user->dt_password_reset_at) < 0) { $w->msg("Your token has expired (max 24 hours), please submit for a new one", "/admin/forgotpassword"); return; } $user_contact = $user->getContact(); if (!empty($user_contact)) { if ($user_contact->email == $email) { $user->setPassword($password); $user->password_reset_token = null; $user->dt_password_reset_at = null; $user->update(true); // Precautionary logout if ($w->Auth->loggedIn()) { $w->sessionDestroy(); } $validData = true; } } } if (!$validData) { $w->Log->warn("Password reset attempt failed with email: {$email}, token: {$token}"); $w->out("Invalid email or token, this incident has been logged"); } else { $w->msg("Your password has been reset", "/auth/login"); } }
function comment_POST(Web $w) { $p = $w->pathMatch("comment_id", "tablename", "object_id"); $comment_id = intval($p["comment_id"]); $comment = $comment_id > 0 ? $w->Comment->getComment($comment_id) : new Comment($w); if ($comment === null) { $comment = new Comment($w); } $comment->obj_table = $p["tablename"]; $comment->obj_id = $p["object_id"]; $comment->comment = strip_tags($w->request("comment")); $comment->insertOrUpdate(); $redirectUrl = $w->request("redirect_url"); if (!empty($redirectUrl)) { $w->msg("Comment saved", urldecode($redirectUrl)); } else { $w->msg("Comment saved", $w->localUrl($_SERVER["REQUEST_URI"])); } }
function list_GET(Web &$w) { $w->setLayout(null); $p = $w->pathMatch("classname", "where_key", "where_val"); $token = $w->request("token"); if ($p['where_key'] && $p['where_val']) { $where = array($p['where_key'] => $p['where_val']); } else { $where = null; } $w->out($w->Rest->listJson($p['classname'], $where, $token)); }
function edit_POST(Web $w) { $p = $w->pathMatch("id"); $t = $p["id"] ? $w->Template->getTemplate($p['id']) : new Template($w); $t->fill($_POST); // Set is active if saving is originating from the first page if (isset($_POST["title"]) && isset($_POST["module"]) && isset($_POST["category"])) { $t->is_active = intval($w->request("is_active")); } $t->insertOrUpdate(); $w->msg("Template saved", "/admin-templates/edit/" . $t->id); }
function attach_POST(Web &$w) { $table = $w->request('table'); $id = $w->request('id'); $title = $w->request('title'); $description = $w->request('description'); $type_code = $w->request('type_code'); $url = str_replace(" ", "/", $w->request('url')); $object = $w->Auth->getObject($table, $id); if (!$object) { $w->error("Nothing to attach to.", $url); } $aid = $w->service("File")->uploadAttachment("file", $object, $title, $description, $type_code); if ($aid) { $w->ctx('attach_id', $aid); $w->ctx('attach_table', $table); $w->ctx('attach_table_id', $id); $w->ctx('attach_title', $title); $w->ctx('attach_description', $description); $w->ctx('attach_type_code', $type_code); $w->msg("File attached.", $url); } else { $w->error("There was an error. Attachment could not be saved.", $url); } }
function deletecomment_ALL(Web &$w) { $p = $w->pathMatch("id"); $comment_id = intval($p["id"]); if (!empty($comment_id)) { $comment = $w->Comment->getComment($comment_id); if (!empty($comment)) { $comment->delete(); } } $redirectUrl = $w->request("redirect_url"); $w->msg("Comment deleted.", !empty($redirectUrl) ? $redirectUrl : $_SERVER["REQUEST_URI"]); }
function groupmember_POST(Web $w) { $p = $w->pathMatch("group_id"); $member_id = $w->request('member_id'); $group_id = $p['group_id']; $is_owner = $w->request('is_owner'); $exceptions = array(); // store all parent groups in session $groupUsers = $w->Auth->getUser($group_id)->isInGroups(); if ($groupUsers) { foreach ($groupUsers as $groupUser) { $groupUser->getParents(); } } // add member to the group only if it isn't already in there // this logic should move to the model! $existUser = $w->Auth->getUser($member_id)->isInGroups($group_id); if (!$existUser) { if (!$w->session('parents') || !in_array($member_id, $w->session('parents'))) { $groupMember = new GroupUser($w); $groupMember->group_id = $group_id; $groupMember->user_id = $member_id; $groupMember->role = $is_owner && $is_owner == 1 ? "owner" : "member"; $groupMember->insert(); } if ($w->session('parents') && in_array($member_id, $w->session('parents'))) { $exceptions[] = $w->Auth->getUser($member_id)->login; } } else { $user = $existUser[0]->getUser(); $exceptions[] = $user->is_group == 1 ? $user->login : $user->getContact()->getFullName(); } $w->sessionUnset('parents'); if (!empty($exceptions)) { $w->error(implode(", ", $exceptions) . " can not be added!", "/admin/moreInfo/" . $group_id); } else { $w->msg("New members are added!", "/admin/moreInfo/" . $group_id); } }
function ajax_getfolderlist_ALL(Web $w) { $emailchannel = new EmailChannelOption($w); $emailchannel->server = urldecode($w->request("server")); $emailchannel->s_username = urldecode($w->request("s_username")); $emailchannel->s_password = urldecode($w->request("s_password")); $emailchannel->use_auth = $w->request("use_auth"); $folders = $emailchannel->getFolderList(false); $response = array("success" => false, "response" => ""); if (!empty($folders)) { if (is_array($folders)) { // echo json_encode($folders); $response["success"] = true; $response["response"] = $folders; } else { if (is_string($folders)) { $response["response"] = $folders; } else { $response["response"] = "Folders not found (maybe a misconfiguration?)"; } } } echo json_encode($response); }
function forgotpassword_POST(Web $w) { $support_email = Config::get('main.company_support_email'); if (empty($support_email)) { $w->Log->error("Cannot send recovery email. This site has not been configured with a default email address. Th project config needs a main.company_support_email record."); $w->error("Cannot send recovery email. This site has not been configured with a default email address", "/auth/login"); } $login = $w->request("login"); $user = $w->Auth->getUserForLogin($login); $responseString = "If this account exists then a password reset email has been just sent to the associated email address."; // For someone trying to gain access to a system, this is one of the // easiest ways to find a valid login, using the security through obscurity // principle, we dont tell them if it was a valid user or not, and we can log if they get it wrong // Note the previous message was "Could not find your account" if (!$user) { $w->msg($responseString, "/auth/login"); } $user_contact = $user->getContact(); // Generate password reset token // We can use the cstrong to check that a cryptographically secure token was generated $token = sha1(openssl_random_pseudo_bytes(40, $cstrong)); $user->password_reset_token = $token; $user->dt_password_reset_at = $user->time2Dt(); $user->update(); // Send email $message = "Hello {$user->getFullName()},\n<br/>"; $message .= "Please go to this link to reset your password:<br/>\n"; $message .= "<a href=\"http://" . $_SERVER["HTTP_HOST"] . "/auth/resetpassword?email={$user_contact->email}&token={$token}\">http://" . $_SERVER["HTTP_HOST"] . "/auth/resetpassword?email={$user_contact->email}&token={$token}</a>\n<br/>You have 24 hours to reset your password.<br/><br/>"; $message .= "Thank you,\n<br/>cmfive support"; $result = $w->Mail->sendMail($user_contact->email, $support_email, Config::get("main.application_name") . " password reset", $message); if ($result !== 0) { $w->msg($responseString, "/auth/login"); } else { $w->error("There was a problem sending an email, check your settings.", "/auth/login"); } // explain }
function taskAjaxAssigntoGroup_ALL(Web $w) { $group = array(); $assignee = $w->request('id'); // organise criteria $who = $assignee != "" ? $assignee : null; $where = "is_closed = 0"; // get task group titles from available task list $tasks = $w->Task->getTasks($who, $where); if ($tasks) { foreach ($tasks as $task) { if (!array_key_exists($task->task_group_id, $group)) { $group[$task->task_group_id] = array($task->getTaskGroupTypeTitle(), $task->task_group_id); } } } if (!$group) { $group = array(array("No assigned Tasks", "")); } // load Group dropdown and return $taskgroups = Html::select("taskgroups", $group, null); $w->setLayout(null); $w->out(json_encode($taskgroups)); }
function api_fetch($part, $ttl = false) { $f3 = \Base::instance(); $url = $f3->get("_api_url"); $url = $url . "/api/" . $part; $apiHits = $f3->get("_api_hits"); $apiHits[] = $url; $f3->set("_api_hits", $apiHits); $key = md5($url); $cache = new \Cache($key); //test_array($url); if ($cache->exists($key) && $ttl) { $data = json_decode($cache->get($key), true); } else { $web = new \Web(); $data = $web->request($url); $data = json_decode($data['body'], true); $ddata = json_encode($data); $cache->set($key, $ddata, $ttl); } //test_array($data); //$url = substr($url,strpos($url,".")); return $data; }
function send_POST(Web &$w) { $p = $w->pathMatch('id'); if ($p['id']) { // For reply function $mess = $w->Inbox->getMessage($p['id']); $w->Inbox->addMessage($w->request("subject"), $w->request("message"), $w->request("receiver_id"), null, $p['id']); $mess->has_parent = 1; $mess->update(); } else { // To generate test data cause im lazy $receiver_id = $w->request("receiver_id"); $subject = $w->request("subject"); $message = $w->request("message"); if ($receiver_id && $subject) { $w->Inbox->addMessage($subject, $message, $receiver_id); } } $w->msg("Message Sent.", "/inbox/index"); }
function updategroupmembers_POST(Web &$w) { // populate input array with preliminary membership details pertaining to target task group // these details will be the same for all new members to be added to the group $arrdb = array(); $arrdb['task_group_id'] = $_REQUEST['task_group_id']; $arrdb['role'] = $_REQUEST['role']; $arrdb['priority'] = 1; $arrdb['is_active'] = 1; // for each selected member, complete population of input array // foreach ($_REQUEST['member'] as $member) { $arrdb['user_id'] = $w->request('member'); // check to see if member already exists in this group $mem = $w->Task->getMemberGroupById($arrdb['task_group_id'], $arrdb['user_id']); // if no membership, create it if (!$mem) { $mem = new TaskGroupMember($w); $mem->fill($arrdb); $mem->insert(); } else { // if membership does exists, update the record - only the role will be updated $mem->fill($arrdb); $mem->update(); } // prepare input array for next selected member to insert/update unset($arrdb['user_id']); // } // return $w->msg("Task Group updated", "/task-group/viewmembergroup/" . $_REQUEST['task_group_id']); }