$_SESSION['skin'] = $skin_name; $_SESSION['master_css'] = $master_css; $_SESSION['colors_css'] = $colors_css; $_SESSION['fonts_css'] = $fonts_css; $_SESSION['override_css'] = $override_css; $_SESSION['icon_set'] = $icon_set; if (trim($_SESSION['icon_set'] == '')) { $_SESSION['icon_set'] = 'cobalt'; } } $data_con->close_db(); log_action('Logged in'); //check if user must rehash his password due to updated method or work factor/iterations if (cobalt_password_must_rehash($username)) { $hashed_password = cobalt_password_hash('NEW', $password, $username, $new_salt, $new_iteration, $new_method); $data_con = new data_abstraction(); $data_con->set_query_type('UPDATE'); $data_con->set_table('user'); $data_con->set_update("`password`=?, `salt`=?, `iteration`=?, `method`=?"); $data_con->set_where("username=?"); $bind_params = array('ssiss', $hashed_password, $new_salt, $new_iteration, $new_method, $username); $data_con->stmt_prepare($bind_params); $data_con->stmt_execute(); } redirect('start.php'); } else { $error_message = "Check username and password."; } } else { die($mysqli->error); }
$ModuleOptions = cobalt_htmlentities($ModuleOptions); $KeywordSearch = cobalt_htmlentities($KeywordSearch); $IPAddressOptions = cobalt_htmlentities($IPAddressOptions); $TimeStart = cobalt_htmlentities($TimeStart); $TimeEnd = cobalt_htmlentities($TimeEnd); $Username = cobalt_htmlentities($Username); $Module = cobalt_htmlentities($Module); $Keyword = cobalt_htmlentities($Keyword); $IPAddress = cobalt_htmlentities($IPAddress); } if (!isset($start)) { $start = 0; } //Pagination **************************** //->Query to get total number of records. $data_con = new data_abstraction(); $data_con->set_fields("entry_id, ip_address, user, datetime, action, module"); $data_con->set_table("`system_log`"); $data_con->set_where("{$TimeFilter} AND {$UserFilter} AND {$ModuleFilter} AND {$KeywordFilter} AND {$IPAddressFilter}"); $data_con->set_order("entry_id"); if ($result = $data_con->make_query()->result) { $total_records = $data_con->num_rows; } else { die("Error getting log entries: " . $data_con->QUERY); } //-> Now instantiate the pagination class and feed it the necessary information. require 'paged_result_class.php'; $results_per_page = 50; $pager = new paged_result($total_records, $results_per_page); $pager->get_page_data($result_pager, $current_page); $current_page = $pager->current_page;
function check_if_unique($db, $table, $where, $errMsg) { $error_message = ''; $data_con = new data_abstraction(); $data_con->set_database($db); $data_con->set_table($table); $data_con->set_where($where); $data_con->make_query(); if ($data_con->Num_Rows > 0) { $error_message = $errMsg; } return $error_message; }
function draw_select_field_from_query_mf($param, $cntr) { $detail_view = $this->detail_view; $query = ''; $list_value = ''; $list_items = ''; $form_control_name = ''; $extra = ''; $list_separators = ''; //$query, $list_value, $list_items, $form_control_name='', $extra='' /* if(isset($param[0])) $query = $param[0]; if(isset($param[1])) $list_value = $param[1]; if(isset($param[2])) $list_items = $param[2]; if(isset($param[3])) $form_control_name = $param[3]; if(isset($param[4])) $extra = $param[4]; if(isset($param[5])) $list_separators = $param[5]; */ if (isset($param[0])) { $query = $param[0]['query']; $list_value = $param[0]['list_value']; $list_items = $param[0]['list_items']; $list_separators = $param[0]['list_separators']; } if (isset($param[1])) { $form_control_name = $param[1]; } if (isset($param[2])) { $extra = $param[2]; } //The query may have the "{[ ]}" marking, which means get the current value (using cntr) of the variable which is named //inside the {[ ]} //For example, a query with "WHERE myfield = '{[status]}'" in it means the actual query to be executed should be: // WHERE myfield = '$status[$cntr]' while ($start_replace = strpos($query, '{[', 0)) { $end_replace = strpos($query, ']}', $start_replace); if ($end_replace > $start_replace) { $query_part1 = substr($query, 0, $start_replace); $query_part2 = substr($query, $end_replace + 2, strlen($query)); $var_length = $end_replace - ($start_replace + 2); $variable = substr($query, $start_replace + 2, $var_length); global ${$variable}; $query = $query_part1 . ${$variable}[$cntr] . $query_part2; } } global ${$form_control_name}; init_var(${$form_control_name}[$cntr]); $num_display = count($list_items); if ($detail_view != TRUE) { ++$this->tabindex; echo "<select name='{$form_control_name}" . "[{$cntr}]' tabindex='{$this->tabindex}' {$extra}>\r\n"; if (isset($this->fields[$form_control_name]['drop_down_has_blank'])) { if ($this->fields[$form_control_name]['drop_down_has_blank']) { echo "<option></option>\r\n"; } } elseif ($this->drop_down_has_blank) { echo "<option></option>\r\n"; } } $data_con = new data_abstraction(); $data_con->query = $query; if ($result = $data_con->execute_query('', LOG_SELECT_QUERIES)->result) { while ($data = $result->fetch_assoc()) { extract($data); $selected = ''; if ((string) ${$form_control_name}[$cntr] == (string) ${$list_value}) { $selected = 'selected'; } $dropdown_item_entry = ''; for ($a = 0; $a < $num_display; ++$a) { if (${$list_items[$a]} != '') { init_var($list_separators[$a]); if ($list_separators[$a] == '') { $list_separators[$a] = ' '; } $dropdown_item_entry .= ${$list_items[$a]} . $list_separators[$a]; } } if ($detail_view != TRUE) { echo '<option value="' . cobalt_htmlentities(${$list_value}) . '" ' . $selected . '>' . $dropdown_item_entry . '</option>' . "\r\n"; } else { if (trim($dropdown_item_entry) == '') { $dropdown_item_entry = ' '; } if ($selected == 'selected') { echo nl2br($dropdown_item_entry) . "\r\n"; } } } } else { die($data_con->error); } if ($detail_view != TRUE) { echo "</select>\r\n"; } return $this; }
$dbh = new data_abstraction(); $dbh->set_query_type('UPDATE'); $dbh->set_table('user'); $dbh->set_update("role_id='0'"); $dbh->set_where("username='******'"); $dbh->make_query(); $dbh->close_db(); //Get the role permissions require_once 'subclasses/user_role_links.php'; $obj_role = new user_role_links(); $obj_role->get_user_role_links($role); $arrLink = $obj_role->dump['link_id']; $numLinks = $obj_role->num_rows; $obj_role->close_db(); //Assign permissions to user $dbh = new data_abstraction(); foreach ($arrLink as $link_id) { $dbh->set_query_type('SELECT'); $dbh->set_table('user_passport'); $dbh->set_fields('username, link_id'); $dbh->set_where("username='******' AND link_id='" . quote_smart($link_id) . "'"); $dbh->make_query(); if ($dbh->num_rows == 0) { $dbh->set_query_type('INSERT'); $dbh->set_values("'" . quote_smart($Username) . "','" . quote_smart($link_id) . "'"); $dbh->make_query(); } } $dbh->close_db(); } $message = 'Success! User passport has been updated.';
function cobalt_password_must_rehash($username) { $must_rehash = FALSE; $dbh = new data_abstraction(); $dbh->set_table('user'); $dbh->set_fields('`iteration`, `method` AS `current_method`'); $dbh->set_where("`username`= ?"); $bind_params = array('s', $username); $dbh->stmt_prepare($bind_params); $dbh->stmt_fetch('single'); if ($dbh->num_rows == 1) { extract($dbh->dump); } $method = cobalt_password_set_method(); if ($method == $current_method) { if ($method == 'blowfish') { $blowfish_cost_factor = AUTH_BLOWFISH_COST_FACTOR; if ((int) $iteration != (int) $blowfish_cost_factor) { $must_rehash = TRUE; } } else { $min = constant('AUTH_' . strtoupper($method) . '_MIN_ROUNDS'); $max = constant('AUTH_' . strtoupper($method) . '_MAX_ROUNDS'); if ($max < $min) { $max = $min; } if ($iteration < $min || $iteration > $max) { $must_rehash = TRUE; } } } else { $must_rehash = TRUE; } return $must_rehash; }
extract($info); $data_con = new data_abstraction(); $data_con->set_fields('username'); $data_con->set_table('user_passport'); $data_con->set_where("username='******' AND link_id='{$link_id}'"); $data_con->make_query(); $checked = ''; if ($data_con->num_rows == 1) { $checked = 'checked'; } echo "<TR class={$class}><td class=\"listCell\"><label style=\"display: block;\" for='checkfield[{$a}]'><input type=checkbox ID='checkfield[{$a}]' name=\"link[]\" value='{$link_id}' {$checked}> {$Module_Name}</label></td>"; $data_con->close_db(); if ($a + 1 < $numrows) { $info = $result->fetch_assoc(); extract($info); $data_con = new data_abstraction(); $data_con->set_fields('username'); $data_con->set_table('user_passport'); $data_con->set_where("username='******' AND link_id='{$link_id}'"); $data_con->make_query(); if ($data_con->num_rows == 0) { echo "<td class='listCell'><label style=\"display: block;\" for=\"checkfield[" . ($a + 1) . "]\"><input type=checkbox ID='checkfield[" . ($a + 1) . "]' name=\"link[]\" value='{$link_id}'> {$Module_Name}</label></td></tr>"; } elseif ($data_con->num_rows == 1) { echo "<td class='listCell'><label style=\"display: block;\" for=\"checkfield[" . ($a + 1) . "]\"><input type=checkbox ID='checkfield[" . ($a + 1) . "]' name=\"link[]\" value='{$link_id}' checked> {$Module_Name}</label></td></tr>"; } $data_con->close_db(); } else { echo "<td class='listCell'> </td></tr>"; } } if ($numrows > 0) {
} } $redraw = TRUE; } } $html = new html(); $html->draw_header('Change Skin', $message); $html->display_info('Changing the System Skin does not affect functionality.<br>All changes are merely aesthetic.'); echo '<div class="container"> <fieldset class="container_invisible"> <fieldset class="top"> Skin (UI Theme) Management </fieldset> <fieldset class="middle"> <table class="input_form">'; echo '<tr><td class="label">System Skin:</td><td> <select name="skin_id">'; $data_con = new data_abstraction(); $data_con->set_fields('skin_id AS new_skin_id, skin_name'); $data_con->set_table('system_skins'); $data_con->set_order('skin_name'); $result = $data_con->make_query()->result; $numrows = $data_con->num_rows; if ($data_con->error) { echo die($data_con->error); } $data_con->close_db(); for ($a = 0; $a < $numrows; $a++) { $data = $result->fetch_assoc(); extract($data); $selected = ''; if ($skin_name == $_SESSION['skin']) { $selected = 'selected';
redirect("listview_user.php?{$query_string}"); } if ($_POST['btn_submit']) { log_action('Pressed submit button', $_SERVER['PHP_SELF']); $message .= $dbh_user->sanitize($arr_form_data)->lst_error; extract($arr_form_data); if ($dbh_user->check_uniqueness_for_editing($arr_form_data)->is_unique) { //Good, no duplicate in database } else { $message = "Record already exists with the same primary identifiers!"; } if ($message == "") { $dbh_user->edit($arr_form_data); //Permissions from role, if role was chosen if ($role_id != '') { $db = new data_abstraction(); $db->execute_query("DELETE FROM user_passport WHERE username = '******'"); $db->execute_query("INSERT `user_passport` SELECT '" . quote_smart($username) . "', `link_id` FROM user_role_links WHERE role_id='" . quote_smart($role_id) . "'"); } redirect("listview_user.php?{$query_string}"); } } } require 'subclasses/user_html.php'; $html = new user_html(); $html->draw_header('Edit User', $message, $message_type); $html->draw_listview_referrer_info($filter_field_used, $filter_used, $page_from, $filter_sort_asc, $filter_sort_desc); $html->draw_hidden('orig_username'); $html->exception = array('password'); $html->draw_controls('edit'); $html->draw_footer();
function log_action($action, $module = '') { if (isset($_SESSION['user'])) { $username = quote_smart($_SESSION['user']); } else { $username = '******'; } if ($module == '') { $module = $_SERVER['SCRIPT_NAME']; } $date = date("m-d-Y"); $real_time = date("G:i:s"); $new_date = explode("-", $date); $new_time = explode(":", $real_time); $timestamp = mktime($new_time[0], $new_time[1], $new_time[2], $new_date[0], $new_date[1], $new_date[2]); $date_time = date("l, F d, Y -- h:i:s a"); $ip_address = get_ip(); $action = quote_smart($action); $data_con = new data_abstraction(); $data_con->set_query_type('INSERT'); $data_con->set_table('system_log'); $data_con->set_fields('ip_address, user, datetime, action, module'); $data_con->set_values("'{$ip_address}', '{$username}', '{$timestamp}', '{$action}', '{$module}'"); $data_con->make_query(TRUE, FALSE); }
} $res = count($hi); $html->display_tip('You have: ' . $res . ' documents to process'); require_once 'subclasses/citizen.php'; $dbh_citizen = new request(); $dbh_citizen->execute_query("SELECT status FROM validate WHERE status = 'wait list'"); $result2 = $dbh_citizen->result; $hi = array(); while ($row2 = $result2->fetch_assoc()) { extract($row2); $hi[] = $row1['status']; } $results = count($hi); $html->display_tip('There are: ' . $results . ' Wait listed citizen'); $menu_links = ''; $data_con = new data_abstraction(); $data_con->set_fields('a.link_id, a.descriptive_title, a.target, a.description, c.passport_group, a.icon as link_icon, c.icon as `group_icon`'); $data_con->set_table('user_links a, user_passport b, user_passport_groups c'); $data_con->set_where("a.link_id=b.link_id AND b.username='******'user']) . "' AND a.passport_group_id=c.passport_group_id AND a.show_in_tasklist='Yes' AND a.status='On'"); $data_con->set_order('c.priority DESC, c.passport_group, a.priority DESC, a.descriptive_title'); if ($result = $data_con->make_query()->result) { while ($data = $result->fetch_assoc()) { extract($data); $menu_links[$passport_group]['title'][] = $descriptive_title; $menu_links[$passport_group]['target'][] = $target; $menu_links[$passport_group]['link_id'][] = $link_id; $menu_links[$passport_group]['description'][] = $description; $menu_links[$passport_group]['link_icon'][] = $link_icon; $menu_links[$passport_group]['group_icon'][] = $group_icon; } $result->close();
<?php require 'path.php'; init_cobalt(); $page_title = 'Barangay System'; $stylesheet_link = 'style'; require 'header.php'; $data_con = new data_abstraction(); $data_con->set_fields('skin_name, header, footer, master_css, colors_css, fonts_css, override_css, icon_set'); $data_con->set_table('system_skins'); $data_con->set_where("skin_id=1"); $data_con->exec_fetch('single'); if ($data_con->num_rows == 1) { extract($data_con->dump); $_SESSION['header'] = $header; $_SESSION['footer'] = $footer; $_SESSION['skin'] = $skin_name; $_SESSION['master_css'] = $master_css; $_SESSION['colors_css'] = $colors_css; $_SESSION['fonts_css'] = $fonts_css; $_SESSION['override_css'] = $override_css; $_SESSION['icon_set'] = $icon_set; if (trim($_SESSION['icon_set'] == '')) { $_SESSION['icon_set'] = 'cobalt'; } } $data_con->close_db(); require 'components/get_listview_referrer.php'; if (xsrf_guard()) { init_var($_POST['btn_cancel']); init_var($_POST['btn_submit']);
?> </select> </td></tr> <tr> <td colspan=2> <table width="900" class="listView"> <tr class=listRowHead> <td colspan="2"><?php echo $active_passport_group; ?> Modules</td> </tr> <?php init_var($filter); $a = 0; $data_con = new data_abstraction(); $data_con->connect_db(); $data_con->set_fields('a.link_id, a.descriptive_title as `title`, a.status, b.passport_group'); $data_con->set_table('user_links a, user_passport_groups b'); $data_con->set_where("a.passport_group_id = b.passport_group_id AND a.name!='Module Control' {$filter}"); $data_con->set_order('a.descriptive_title'); if ($result = $data_con->make_query()->result) { while ($data = $result->fetch_assoc()) { extract($data); if ($a % 4 == 0) { $class = 'listRowOddNoHighlight'; } else { $class = 'listRowEvenNoHighlight'; } echo "<tr class={$class}>\n <td class=\"listCell\"><label style=\"display: block;\" for=\"checkfield[{$link_id}]\">"; $checked = '';
if (isset($_POST['group_field3'])) { $group_field3 = $_POST['group_field3']; } $message = 'Report saved successfully!'; $message_type = 'system'; } else { $message = 'Please enter a Report Name in order to save the report'; } } if ($_POST['btn_delete']) { if (trim($_POST['chosen_report']) != '') { log_action('Pressed delete button'); $reporter_mod_name = $reporter->session_array_name; $chosen_report = $_POST['chosen_report']; //Delete any existing report with the same report_name + module_name in order to effectively overwrite similarly named reports $dbh = new data_abstraction(); $dbh->set_query_type('DELETE'); $dbh->set_table('cobalt_reporter'); $dbh->set_where('module_name = ? AND report_name = ?'); $bind_params = array('ss', $reporter_mod_name, $chosen_report); $dbh->stmt_prepare($bind_params); $dbh->stmt_execute(); } else { $message = 'Please choose a saved report to delete'; } } if ($_POST['btn_submit']) { log_action('Pressed submit button'); if (!isset($_POST['show_field']) || !is_array($_POST['show_field'])) { $message = 'Please check at least one column to be used for the report.'; $show_field = array();
$message .= $dbh_user->sanitize($arr_form_data)->lst_error; extract($arr_form_data); if (strlen($password) > MAX_PASSWORD_LENGTH) { $message = 'Password must not be more than ' . MAX_PASSWORD_LENGTH . ' chars.'; $password = ''; } //check if user exists if ($dbh_user->check_user($username)->user_exists) { //Good } else { $message = 'Specified username does not exist.'; } if ($message == "") { require 'password_crypto.php'; $hashed_password = cobalt_password_hash('NEW', $password, $username, $new_salt, $new_iteration, $new_method); $data_con = new data_abstraction(); $data_con->set_query_type('UPDATE'); $data_con->set_table('user'); $data_con->set_update("`password`='{$hashed_password}', `salt`='{$new_salt}', `iteration`='{$new_iteration}', `method`='{$new_method}'"); $data_con->set_where("username='******'"); $data_con->make_query(); $message = 'The password has been successfully reset.'; $message_type = 'SYSTEM'; $password = ''; } } } require 'subclasses/user_html.php'; $html = new user_html(); $html->draw_header('Reset Password', $message, $message_type); $html->fields['password']['control_type'] = 'password';
$obj_role->set_table('user'); $obj_role->set_update("role_id='0'"); foreach ($check as $user) { $data_con->set_table('user_passport'); $data_con->set_where("username='******' AND link_id='" . quote_smart($module) . "'"); $data_con->make_query(); $obj_role->set_where("username='******'"); $obj_role->make_query(); } $data_con->close_db(); $obj_role->close_db(); } else { $message = "Please select at least one user."; } } $data_con = new data_abstraction(); $data_con->set_fields('username'); $data_con->set_table('user_passport'); $data_con->set_where("link_id='" . quote_smart($module) . "'"); $data_con->set_order('username'); if ($result = $data_con->make_query()->result) { $arrUser = array(); $showUsers = TRUE; $numUsers = $data_con->num_rows; for ($a = 0; $a < $numUsers; $a++) { $data = $result->fetch_assoc(); extract($data); $arrUser[] = $username; } } }
$arr_form_data['person_id'] = $person_id; require 'password_crypto.php'; //Hash the password using default Cobalt password hashing technique $hashed_password = cobalt_password_hash('NEW', $password, $username, $new_salt, $new_iteration, $new_method); $arr_form_data['password'] = $hashed_password; $arr_form_data['salt'] = $new_salt; $arr_form_data['iteration'] = $new_iteration; $arr_form_data['method'] = $new_method; $arr_form_data['role_id'] = 3; $arr_form_data['skin_id'] = 1; require_once 'subclasses/user.php'; $dbh_user = new user(); $dbh_user->add($arr_form_data); //Permissions from role, if role was chosen if ($arr_form_data['role_id'] != '') { $db = new data_abstraction(); $db->execute_query("INSERT `user_passport` SELECT '" . quote_smart($username) . "', `link_id` FROM user_role_links WHERE role_id='" . quote_smart($arr_form_data['role_id']) . "'"); } redirect("notification.php"); } } if ($arr_form_data['region'] != "") { $chosen_region = $arr_form_data['region']; } if ($arr_form_data['province'] != "") { $chosen_province = $arr_form_data['province']; } if ($arr_form_data['city'] != "") { $chosen_city = $arr_form_data['city']; } if ($arr_form_data['barangay'] != "") {
extract($info); $data_con = new data_abstraction(); $data_con->set_fields('role_id'); $data_con->set_table('user_role_links'); $data_con->set_where("role_id='{$role_id}' AND link_id='{$link_id}'"); $data_con->make_query(); $checked = ''; if ($data_con->num_rows == 1) { $checked = 'checked'; } echo "<TR class={$class}><TD class=\"listCell\"><label style=\"display: block;\" for='checkfield[{$a}]'><input type=checkbox ID='checkfield[{$a}]' name=\"link[]\" value='{$link_id}' {$checked}> {$Module_Name}</label></TD>"; $data_con->close_db(); if ($a + 1 < $numrows) { $info = $result->fetch_assoc(); extract($info); $data_con = new data_abstraction(); $data_con->set_fields('role_id'); $data_con->set_table('user_role_links'); $data_con->set_where("role_id='{$role_id}' AND link_id='{$link_id}'"); $data_con->make_query(); if ($data_con->num_rows == 0) { echo "<TD class='listCell'><label style=\"display: block;\" for=\"checkfield[" . ($a + 1) . "]\"><input type=checkbox ID='checkfield[" . ($a + 1) . "]' name=\"link[]\" value='{$link_id}'> {$Module_Name}</label></TD></TR>"; } elseif ($data_con->num_rows == 1) { echo "<TD class='listCell'><label style=\"display: block;\" for=\"checkfield[" . ($a + 1) . "]\"><input type=checkbox ID='checkfield[" . ($a + 1) . "]' name=\"link[]\" value='{$link_id}' checked> {$Module_Name}</label></TD></TR>"; } $data_con->close_db(); } else { echo "<TD class='listCell'> </TD></TR>"; } } if ($numrows > 0) {