$_SESSION['skin'] = $skin_name;
$_SESSION['master_css'] = $master_css;
$_SESSION['colors_css'] = $colors_css;
$_SESSION['fonts_css'] = $fonts_css;
$_SESSION['override_css'] = $override_css;
$_SESSION['icon_set'] = $icon_set;
if (trim($_SESSION['icon_set'] == '')) {
$_SESSION['icon_set'] = 'cobalt';
}
}
$data_con->close_db();
log_action('Logged in');
//check if user must rehash his password due to updated method or work factor/iterations
if (cobalt_password_must_rehash($username)) {
$hashed_password = cobalt_password_hash('NEW', $password, $username, $new_salt, $new_iteration, $new_method);
$data_con = new data_abstraction();
$data_con->set_query_type('UPDATE');
$data_con->set_table('user');
$data_con->set_update("`password`=?, `salt`=?, `iteration`=?, `method`=?");
$data_con->set_where("username=?");
$bind_params = array('ssiss', $hashed_password, $new_salt, $new_iteration, $new_method, $username);
$data_con->stmt_prepare($bind_params);
$data_con->stmt_execute();
}
redirect('start.php');
} else {
$error_message = "Check username and password.";
}
} else {
die($mysqli->error);
}
$ModuleOptions = cobalt_htmlentities($ModuleOptions);
$KeywordSearch = cobalt_htmlentities($KeywordSearch);
$IPAddressOptions = cobalt_htmlentities($IPAddressOptions);
$TimeStart = cobalt_htmlentities($TimeStart);
$TimeEnd = cobalt_htmlentities($TimeEnd);
$Username = cobalt_htmlentities($Username);
$Module = cobalt_htmlentities($Module);
$Keyword = cobalt_htmlentities($Keyword);
$IPAddress = cobalt_htmlentities($IPAddress);
}
if (!isset($start)) {
$start = 0;
}
//Pagination ****************************
//->Query to get total number of records.
$data_con = new data_abstraction();
$data_con->set_fields("entry_id, ip_address, user, datetime, action, module");
$data_con->set_table("`system_log`");
$data_con->set_where("{$TimeFilter} AND {$UserFilter} AND {$ModuleFilter} AND {$KeywordFilter} AND {$IPAddressFilter}");
$data_con->set_order("entry_id");
if ($result = $data_con->make_query()->result) {
$total_records = $data_con->num_rows;
} else {
die("Error getting log entries: " . $data_con->QUERY);
}
//-> Now instantiate the pagination class and feed it the necessary information.
require 'paged_result_class.php';
$results_per_page = 50;
$pager = new paged_result($total_records, $results_per_page);
$pager->get_page_data($result_pager, $current_page);
$current_page = $pager->current_page;
function check_if_unique($db, $table, $where, $errMsg)
{
$error_message = '';
$data_con = new data_abstraction();
$data_con->set_database($db);
$data_con->set_table($table);
$data_con->set_where($where);
$data_con->make_query();
if ($data_con->Num_Rows > 0) {
$error_message = $errMsg;
}
return $error_message;
}
function draw_select_field_from_query_mf($param, $cntr)
{
$detail_view = $this->detail_view;
$query = '';
$list_value = '';
$list_items = '';
$form_control_name = '';
$extra = '';
$list_separators = '';
//$query, $list_value, $list_items, $form_control_name='', $extra=''
/*
if(isset($param[0])) $query = $param[0];
if(isset($param[1])) $list_value = $param[1];
if(isset($param[2])) $list_items = $param[2];
if(isset($param[3])) $form_control_name = $param[3];
if(isset($param[4])) $extra = $param[4];
if(isset($param[5])) $list_separators = $param[5];
*/
if (isset($param[0])) {
$query = $param[0]['query'];
$list_value = $param[0]['list_value'];
$list_items = $param[0]['list_items'];
$list_separators = $param[0]['list_separators'];
}
if (isset($param[1])) {
$form_control_name = $param[1];
}
if (isset($param[2])) {
$extra = $param[2];
}
//The query may have the "{[ ]}" marking, which means get the current value (using cntr) of the variable which is named
//inside the {[ ]}
//For example, a query with "WHERE myfield = '{[status]}'" in it means the actual query to be executed should be:
// WHERE myfield = '$status[$cntr]'
while ($start_replace = strpos($query, '{[', 0)) {
$end_replace = strpos($query, ']}', $start_replace);
if ($end_replace > $start_replace) {
$query_part1 = substr($query, 0, $start_replace);
$query_part2 = substr($query, $end_replace + 2, strlen($query));
$var_length = $end_replace - ($start_replace + 2);
$variable = substr($query, $start_replace + 2, $var_length);
global ${$variable};
$query = $query_part1 . ${$variable}[$cntr] . $query_part2;
}
}
global ${$form_control_name};
init_var(${$form_control_name}[$cntr]);
$num_display = count($list_items);
if ($detail_view != TRUE) {
++$this->tabindex;
echo "<select name='{$form_control_name}" . "[{$cntr}]' tabindex='{$this->tabindex}' {$extra}>\r\n";
if (isset($this->fields[$form_control_name]['drop_down_has_blank'])) {
if ($this->fields[$form_control_name]['drop_down_has_blank']) {
echo "<option></option>\r\n";
}
} elseif ($this->drop_down_has_blank) {
echo "<option></option>\r\n";
}
}
$data_con = new data_abstraction();
$data_con->query = $query;
if ($result = $data_con->execute_query('', LOG_SELECT_QUERIES)->result) {
while ($data = $result->fetch_assoc()) {
extract($data);
$selected = '';
if ((string) ${$form_control_name}[$cntr] == (string) ${$list_value}) {
$selected = 'selected';
}
$dropdown_item_entry = '';
for ($a = 0; $a < $num_display; ++$a) {
if (${$list_items[$a]} != '') {
init_var($list_separators[$a]);
if ($list_separators[$a] == '') {
$list_separators[$a] = ' ';
}
$dropdown_item_entry .= ${$list_items[$a]} . $list_separators[$a];
}
}
if ($detail_view != TRUE) {
echo '<option value="' . cobalt_htmlentities(${$list_value}) . '" ' . $selected . '>' . $dropdown_item_entry . '</option>' . "\r\n";
} else {
if (trim($dropdown_item_entry) == '') {
$dropdown_item_entry = ' ';
}
if ($selected == 'selected') {
echo nl2br($dropdown_item_entry) . "\r\n";
}
}
}
} else {
die($data_con->error);
}
if ($detail_view != TRUE) {
echo "</select>\r\n";
}
return $this;
}
$dbh = new data_abstraction();
$dbh->set_query_type('UPDATE');
$dbh->set_table('user');
$dbh->set_update("role_id='0'");
$dbh->set_where("username='******'");
$dbh->make_query();
$dbh->close_db();
//Get the role permissions
require_once 'subclasses/user_role_links.php';
$obj_role = new user_role_links();
$obj_role->get_user_role_links($role);
$arrLink = $obj_role->dump['link_id'];
$numLinks = $obj_role->num_rows;
$obj_role->close_db();
//Assign permissions to user
$dbh = new data_abstraction();
foreach ($arrLink as $link_id) {
$dbh->set_query_type('SELECT');
$dbh->set_table('user_passport');
$dbh->set_fields('username, link_id');
$dbh->set_where("username='******' AND link_id='" . quote_smart($link_id) . "'");
$dbh->make_query();
if ($dbh->num_rows == 0) {
$dbh->set_query_type('INSERT');
$dbh->set_values("'" . quote_smart($Username) . "','" . quote_smart($link_id) . "'");
$dbh->make_query();
}
}
$dbh->close_db();
}
$message = 'Success! User passport has been updated.';
function cobalt_password_must_rehash($username)
{
$must_rehash = FALSE;
$dbh = new data_abstraction();
$dbh->set_table('user');
$dbh->set_fields('`iteration`, `method` AS `current_method`');
$dbh->set_where("`username`= ?");
$bind_params = array('s', $username);
$dbh->stmt_prepare($bind_params);
$dbh->stmt_fetch('single');
if ($dbh->num_rows == 1) {
extract($dbh->dump);
}
$method = cobalt_password_set_method();
if ($method == $current_method) {
if ($method == 'blowfish') {
$blowfish_cost_factor = AUTH_BLOWFISH_COST_FACTOR;
if ((int) $iteration != (int) $blowfish_cost_factor) {
$must_rehash = TRUE;
}
} else {
$min = constant('AUTH_' . strtoupper($method) . '_MIN_ROUNDS');
$max = constant('AUTH_' . strtoupper($method) . '_MAX_ROUNDS');
if ($max < $min) {
$max = $min;
}
if ($iteration < $min || $iteration > $max) {
$must_rehash = TRUE;
}
}
} else {
$must_rehash = TRUE;
}
return $must_rehash;
}
extract($info);
$data_con = new data_abstraction();
$data_con->set_fields('username');
$data_con->set_table('user_passport');
$data_con->set_where("username='******' AND link_id='{$link_id}'");
$data_con->make_query();
$checked = '';
if ($data_con->num_rows == 1) {
$checked = 'checked';
}
echo "<TR class={$class}><td class=\"listCell\"><label style=\"display: block;\" for='checkfield[{$a}]'><input type=checkbox ID='checkfield[{$a}]' name=\"link[]\" value='{$link_id}' {$checked}> {$Module_Name}</label></td>";
$data_con->close_db();
if ($a + 1 < $numrows) {
$info = $result->fetch_assoc();
extract($info);
$data_con = new data_abstraction();
$data_con->set_fields('username');
$data_con->set_table('user_passport');
$data_con->set_where("username='******' AND link_id='{$link_id}'");
$data_con->make_query();
if ($data_con->num_rows == 0) {
echo "<td class='listCell'><label style=\"display: block;\" for=\"checkfield[" . ($a + 1) . "]\"><input type=checkbox ID='checkfield[" . ($a + 1) . "]' name=\"link[]\" value='{$link_id}'> {$Module_Name}</label></td></tr>";
} elseif ($data_con->num_rows == 1) {
echo "<td class='listCell'><label style=\"display: block;\" for=\"checkfield[" . ($a + 1) . "]\"><input type=checkbox ID='checkfield[" . ($a + 1) . "]' name=\"link[]\" value='{$link_id}' checked> {$Module_Name}</label></td></tr>";
}
$data_con->close_db();
} else {
echo "<td class='listCell'> </td></tr>";
}
}
if ($numrows > 0) {
}
}
$redraw = TRUE;
}
}
$html = new html();
$html->draw_header('Change Skin', $message);
$html->display_info('Changing the System Skin does not affect functionality.<br>All changes are merely aesthetic.');
echo '<div class="container">
<fieldset class="container_invisible">
<fieldset class="top"> Skin (UI Theme) Management
</fieldset>
<fieldset class="middle">
<table class="input_form">';
echo '<tr><td class="label">System Skin:</td><td> <select name="skin_id">';
$data_con = new data_abstraction();
$data_con->set_fields('skin_id AS new_skin_id, skin_name');
$data_con->set_table('system_skins');
$data_con->set_order('skin_name');
$result = $data_con->make_query()->result;
$numrows = $data_con->num_rows;
if ($data_con->error) {
echo die($data_con->error);
}
$data_con->close_db();
for ($a = 0; $a < $numrows; $a++) {
$data = $result->fetch_assoc();
extract($data);
$selected = '';
if ($skin_name == $_SESSION['skin']) {
$selected = 'selected';
redirect("listview_user.php?{$query_string}");
}
if ($_POST['btn_submit']) {
log_action('Pressed submit button', $_SERVER['PHP_SELF']);
$message .= $dbh_user->sanitize($arr_form_data)->lst_error;
extract($arr_form_data);
if ($dbh_user->check_uniqueness_for_editing($arr_form_data)->is_unique) {
//Good, no duplicate in database
} else {
$message = "Record already exists with the same primary identifiers!";
}
if ($message == "") {
$dbh_user->edit($arr_form_data);
//Permissions from role, if role was chosen
if ($role_id != '') {
$db = new data_abstraction();
$db->execute_query("DELETE FROM user_passport WHERE username = '******'");
$db->execute_query("INSERT `user_passport` SELECT '" . quote_smart($username) . "', `link_id` FROM user_role_links WHERE role_id='" . quote_smart($role_id) . "'");
}
redirect("listview_user.php?{$query_string}");
}
}
}
require 'subclasses/user_html.php';
$html = new user_html();
$html->draw_header('Edit User', $message, $message_type);
$html->draw_listview_referrer_info($filter_field_used, $filter_used, $page_from, $filter_sort_asc, $filter_sort_desc);
$html->draw_hidden('orig_username');
$html->exception = array('password');
$html->draw_controls('edit');
$html->draw_footer();
function log_action($action, $module = '')
{
if (isset($_SESSION['user'])) {
$username = quote_smart($_SESSION['user']);
} else {
$username = '******';
}
if ($module == '') {
$module = $_SERVER['SCRIPT_NAME'];
}
$date = date("m-d-Y");
$real_time = date("G:i:s");
$new_date = explode("-", $date);
$new_time = explode(":", $real_time);
$timestamp = mktime($new_time[0], $new_time[1], $new_time[2], $new_date[0], $new_date[1], $new_date[2]);
$date_time = date("l, F d, Y -- h:i:s a");
$ip_address = get_ip();
$action = quote_smart($action);
$data_con = new data_abstraction();
$data_con->set_query_type('INSERT');
$data_con->set_table('system_log');
$data_con->set_fields('ip_address, user, datetime, action, module');
$data_con->set_values("'{$ip_address}', '{$username}', '{$timestamp}', '{$action}', '{$module}'");
$data_con->make_query(TRUE, FALSE);
}
}
$res = count($hi);
$html->display_tip('You have: ' . $res . ' documents to process');
require_once 'subclasses/citizen.php';
$dbh_citizen = new request();
$dbh_citizen->execute_query("SELECT status FROM validate WHERE status = 'wait list'");
$result2 = $dbh_citizen->result;
$hi = array();
while ($row2 = $result2->fetch_assoc()) {
extract($row2);
$hi[] = $row1['status'];
}
$results = count($hi);
$html->display_tip('There are: ' . $results . ' Wait listed citizen');
$menu_links = '';
$data_con = new data_abstraction();
$data_con->set_fields('a.link_id, a.descriptive_title, a.target, a.description, c.passport_group, a.icon as link_icon, c.icon as `group_icon`');
$data_con->set_table('user_links a, user_passport b, user_passport_groups c');
$data_con->set_where("a.link_id=b.link_id AND b.username='******'user']) . "' AND a.passport_group_id=c.passport_group_id AND a.show_in_tasklist='Yes' AND a.status='On'");
$data_con->set_order('c.priority DESC, c.passport_group, a.priority DESC, a.descriptive_title');
if ($result = $data_con->make_query()->result) {
while ($data = $result->fetch_assoc()) {
extract($data);
$menu_links[$passport_group]['title'][] = $descriptive_title;
$menu_links[$passport_group]['target'][] = $target;
$menu_links[$passport_group]['link_id'][] = $link_id;
$menu_links[$passport_group]['description'][] = $description;
$menu_links[$passport_group]['link_icon'][] = $link_icon;
$menu_links[$passport_group]['group_icon'][] = $group_icon;
}
$result->close();
<?php
require 'path.php';
init_cobalt();
$page_title = 'Barangay System';
$stylesheet_link = 'style';
require 'header.php';
$data_con = new data_abstraction();
$data_con->set_fields('skin_name, header, footer, master_css, colors_css, fonts_css, override_css, icon_set');
$data_con->set_table('system_skins');
$data_con->set_where("skin_id=1");
$data_con->exec_fetch('single');
if ($data_con->num_rows == 1) {
extract($data_con->dump);
$_SESSION['header'] = $header;
$_SESSION['footer'] = $footer;
$_SESSION['skin'] = $skin_name;
$_SESSION['master_css'] = $master_css;
$_SESSION['colors_css'] = $colors_css;
$_SESSION['fonts_css'] = $fonts_css;
$_SESSION['override_css'] = $override_css;
$_SESSION['icon_set'] = $icon_set;
if (trim($_SESSION['icon_set'] == '')) {
$_SESSION['icon_set'] = 'cobalt';
}
}
$data_con->close_db();
require 'components/get_listview_referrer.php';
if (xsrf_guard()) {
init_var($_POST['btn_cancel']);
init_var($_POST['btn_submit']);
?>
</select>
</td></tr>
<tr>
<td colspan=2>
<table width="900" class="listView">
<tr class=listRowHead>
<td colspan="2"><?php
echo $active_passport_group;
?>
Modules</td>
</tr>
<?php
init_var($filter);
$a = 0;
$data_con = new data_abstraction();
$data_con->connect_db();
$data_con->set_fields('a.link_id, a.descriptive_title as `title`, a.status, b.passport_group');
$data_con->set_table('user_links a, user_passport_groups b');
$data_con->set_where("a.passport_group_id = b.passport_group_id AND a.name!='Module Control' {$filter}");
$data_con->set_order('a.descriptive_title');
if ($result = $data_con->make_query()->result) {
while ($data = $result->fetch_assoc()) {
extract($data);
if ($a % 4 == 0) {
$class = 'listRowOddNoHighlight';
} else {
$class = 'listRowEvenNoHighlight';
}
echo "<tr class={$class}>\n <td class=\"listCell\"><label style=\"display: block;\" for=\"checkfield[{$link_id}]\">";
$checked = '';
if (isset($_POST['group_field3'])) {
$group_field3 = $_POST['group_field3'];
}
$message = 'Report saved successfully!';
$message_type = 'system';
} else {
$message = 'Please enter a Report Name in order to save the report';
}
}
if ($_POST['btn_delete']) {
if (trim($_POST['chosen_report']) != '') {
log_action('Pressed delete button');
$reporter_mod_name = $reporter->session_array_name;
$chosen_report = $_POST['chosen_report'];
//Delete any existing report with the same report_name + module_name in order to effectively overwrite similarly named reports
$dbh = new data_abstraction();
$dbh->set_query_type('DELETE');
$dbh->set_table('cobalt_reporter');
$dbh->set_where('module_name = ? AND report_name = ?');
$bind_params = array('ss', $reporter_mod_name, $chosen_report);
$dbh->stmt_prepare($bind_params);
$dbh->stmt_execute();
} else {
$message = 'Please choose a saved report to delete';
}
}
if ($_POST['btn_submit']) {
log_action('Pressed submit button');
if (!isset($_POST['show_field']) || !is_array($_POST['show_field'])) {
$message = 'Please check at least one column to be used for the report.';
$show_field = array();
$message .= $dbh_user->sanitize($arr_form_data)->lst_error;
extract($arr_form_data);
if (strlen($password) > MAX_PASSWORD_LENGTH) {
$message = 'Password must not be more than ' . MAX_PASSWORD_LENGTH . ' chars.';
$password = '';
}
//check if user exists
if ($dbh_user->check_user($username)->user_exists) {
//Good
} else {
$message = 'Specified username does not exist.';
}
if ($message == "") {
require 'password_crypto.php';
$hashed_password = cobalt_password_hash('NEW', $password, $username, $new_salt, $new_iteration, $new_method);
$data_con = new data_abstraction();
$data_con->set_query_type('UPDATE');
$data_con->set_table('user');
$data_con->set_update("`password`='{$hashed_password}', `salt`='{$new_salt}', `iteration`='{$new_iteration}', `method`='{$new_method}'");
$data_con->set_where("username='******'");
$data_con->make_query();
$message = 'The password has been successfully reset.';
$message_type = 'SYSTEM';
$password = '';
}
}
}
require 'subclasses/user_html.php';
$html = new user_html();
$html->draw_header('Reset Password', $message, $message_type);
$html->fields['password']['control_type'] = 'password';
$obj_role->set_table('user');
$obj_role->set_update("role_id='0'");
foreach ($check as $user) {
$data_con->set_table('user_passport');
$data_con->set_where("username='******' AND link_id='" . quote_smart($module) . "'");
$data_con->make_query();
$obj_role->set_where("username='******'");
$obj_role->make_query();
}
$data_con->close_db();
$obj_role->close_db();
} else {
$message = "Please select at least one user.";
}
}
$data_con = new data_abstraction();
$data_con->set_fields('username');
$data_con->set_table('user_passport');
$data_con->set_where("link_id='" . quote_smart($module) . "'");
$data_con->set_order('username');
if ($result = $data_con->make_query()->result) {
$arrUser = array();
$showUsers = TRUE;
$numUsers = $data_con->num_rows;
for ($a = 0; $a < $numUsers; $a++) {
$data = $result->fetch_assoc();
extract($data);
$arrUser[] = $username;
}
}
}
$arr_form_data['person_id'] = $person_id;
require 'password_crypto.php';
//Hash the password using default Cobalt password hashing technique
$hashed_password = cobalt_password_hash('NEW', $password, $username, $new_salt, $new_iteration, $new_method);
$arr_form_data['password'] = $hashed_password;
$arr_form_data['salt'] = $new_salt;
$arr_form_data['iteration'] = $new_iteration;
$arr_form_data['method'] = $new_method;
$arr_form_data['role_id'] = 3;
$arr_form_data['skin_id'] = 1;
require_once 'subclasses/user.php';
$dbh_user = new user();
$dbh_user->add($arr_form_data);
//Permissions from role, if role was chosen
if ($arr_form_data['role_id'] != '') {
$db = new data_abstraction();
$db->execute_query("INSERT `user_passport` SELECT '" . quote_smart($username) . "', `link_id` FROM user_role_links WHERE role_id='" . quote_smart($arr_form_data['role_id']) . "'");
}
redirect("notification.php");
}
}
if ($arr_form_data['region'] != "") {
$chosen_region = $arr_form_data['region'];
}
if ($arr_form_data['province'] != "") {
$chosen_province = $arr_form_data['province'];
}
if ($arr_form_data['city'] != "") {
$chosen_city = $arr_form_data['city'];
}
if ($arr_form_data['barangay'] != "") {
extract($info);
$data_con = new data_abstraction();
$data_con->set_fields('role_id');
$data_con->set_table('user_role_links');
$data_con->set_where("role_id='{$role_id}' AND link_id='{$link_id}'");
$data_con->make_query();
$checked = '';
if ($data_con->num_rows == 1) {
$checked = 'checked';
}
echo "<TR class={$class}><TD class=\"listCell\"><label style=\"display: block;\" for='checkfield[{$a}]'><input type=checkbox ID='checkfield[{$a}]' name=\"link[]\" value='{$link_id}' {$checked}> {$Module_Name}</label></TD>";
$data_con->close_db();
if ($a + 1 < $numrows) {
$info = $result->fetch_assoc();
extract($info);
$data_con = new data_abstraction();
$data_con->set_fields('role_id');
$data_con->set_table('user_role_links');
$data_con->set_where("role_id='{$role_id}' AND link_id='{$link_id}'");
$data_con->make_query();
if ($data_con->num_rows == 0) {
echo "<TD class='listCell'><label style=\"display: block;\" for=\"checkfield[" . ($a + 1) . "]\"><input type=checkbox ID='checkfield[" . ($a + 1) . "]' name=\"link[]\" value='{$link_id}'> {$Module_Name}</label></TD></TR>";
} elseif ($data_con->num_rows == 1) {
echo "<TD class='listCell'><label style=\"display: block;\" for=\"checkfield[" . ($a + 1) . "]\"><input type=checkbox ID='checkfield[" . ($a + 1) . "]' name=\"link[]\" value='{$link_id}' checked> {$Module_Name}</label></TD></TR>";
}
$data_con->close_db();
} else {
echo "<TD class='listCell'> </TD></TR>";
}
}
if ($numrows > 0) {
