Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
As generated by AppGini 5.97
  • Loading branch information
Ahmad Gneady committed Jun 14, 2021
1 parent 148f5d4 commit 0a2aaf5
Show file tree
Hide file tree
Showing 65 changed files with 695 additions and 574 deletions.
2 changes: 1 addition & 1 deletion app/admin/getUsers.php
@@ -1,5 +1,5 @@
<?php
// This script and data application were generated by AppGini 5.95
// This script and data application were generated by AppGini 5.97
// Download AppGini for free from https://bigprof.com/appgini/download/

/*
Expand Down
274 changes: 176 additions & 98 deletions app/admin/incFunctions.php
Expand Up @@ -8,8 +8,8 @@
createThumbnail($img, $specs) -- $specs is an array as returned by getThumbnailSpecs(). Returns true on success, false on failure.
makeSafe($string)
checkPermissionVal($pvn)
sql($statment, $o)
sqlValue($statment)
sql($statement, $o)
sqlValue($statement)
getLoggedAdmin()
checkUser($username, $password)
logOutUser()
Expand Down Expand Up @@ -331,6 +331,8 @@ function createThumbnail($img, $specs) {
function makeSafe($string, $is_gpc = true) {
static $cached = []; /* str => escaped_str */

if(!strlen($string)) return '';

if(!db_link()) sql("SELECT 1+1", $eo);

// if this is a previously escaped string, return from cached
Expand All @@ -354,115 +356,191 @@ function checkPermissionVal($pvn) {
}
}
########################################################################
if(!function_exists('sql')) {
function sql($statment, &$o) {
function dieErrorPage($error) {
global $Translation;

/*
Supported options that can be passed in $o options array (as array keys):
'silentErrors': If true, errors will be returned in $o['error'] rather than displaying them on screen and exiting.
*/
$header = (defined('ADMIN_AREA') ? __DIR__ . '/incHeader.php' : __DIR__ . '/../header.php');
$footer = (defined('ADMIN_AREA') ? __DIR__ . '/incFooter.php' : __DIR__ . '/../footer.php');

global $Translation;
static $connected = false, $db_link;
ob_start();

$dbServer = config('dbServer');
$dbUsername = config('dbUsername');
$dbPassword = config('dbPassword');
$dbDatabase = config('dbDatabase');
@include_once($header);
echo Notification::placeholder();
echo Notification::show([
'message' => $error,
'class' => 'danger',
'dismiss_seconds' => 7200
]);
@include_once($footer);

$admin_dir = dirname(__FILE__);
$header = (defined('ADMIN_AREA') ? "{$admin_dir}/incHeader.php" : "{$admin_dir}/../header.php");
$footer = (defined('ADMIN_AREA') ? "{$admin_dir}/incFooter.php" : "{$admin_dir}/../footer.php");
echo ob_get_clean();
exit;
}
########################################################################
function openDBConnection(&$o) {
static $connected = false, $db_link;

ob_start();
$dbServer = config('dbServer');
$dbUsername = config('dbUsername');
$dbPassword = config('dbPassword');
$dbDatabase = config('dbDatabase');

if(!$connected) {
/****** Connect to MySQL ******/
if(!extension_loaded('mysql') && !extension_loaded('mysqli')) {
$o['error'] = 'PHP is not configured to connect to MySQL on this machine. Please see <a href="https://www.php.net/manual/en/ref.mysql.php">this page</a> for help on how to configure MySQL.';
if($o['silentErrors']) return false;

@include_once($header);
echo Notification::placeholder();
echo Notification::show(array(
'message' => $o['error'],
'class' => 'danger',
'dismiss_seconds' => 7200
));
@include_once($footer);
echo ob_get_clean();
exit;
}

if(!($db_link = @db_connect($dbServer, $dbUsername, $dbPassword))) {
$o['error'] = db_error($db_link, true);
if($o['silentErrors']) return false;

@include_once($header);
echo Notification::placeholder();
echo Notification::show(array(
'message' => $o['error'],
'class' => 'danger',
'dismiss_seconds' => 7200
));
@include_once($footer);
echo ob_get_clean();
exit;
}

/****** Select DB ********/
if(!db_select_db($dbDatabase, $db_link)) {
$o['error'] = db_error($db_link);
if($o['silentErrors']) return false;

@include_once($header);
echo Notification::placeholder();
echo Notification::show(array(
'message' => $o['error'],
'class' => 'danger',
'dismiss_seconds' => 7200
));
@include_once($footer);
echo ob_get_clean();
exit;
}

$connected = true;
}
if($connected) return $db_link;

if(!$result = @db_query($statment, $db_link)) {
if(!stristr($statment, "show columns")) {
// retrieve error codes
$errorNum = db_errno($db_link);
$errorMsg = htmlspecialchars(db_error($db_link));

if(getLoggedAdmin()) $errorMsg .= "<pre class=\"ltr\">{$Translation['query:']}\n" . htmlspecialchars($statment) . "</pre><p><i class=\"text-right\">{$Translation['admin-only info']}</i></p><p>{$Translation['try rebuild fields']}</p>";

if($o['silentErrors']) { $o['error'] = $errorMsg; return false; }

@include_once($header);
echo Notification::placeholder();
echo Notification::show(array(
'message' => $errorMsg,
'class' => 'danger',
'dismiss_seconds' => 7200
));
@include_once($footer);
echo ob_get_clean();
exit;
}
}
/****** Check that MySQL module is enabled ******/
if(!extension_loaded('mysql') && !extension_loaded('mysqli')) {
$o['error'] = 'PHP is not configured to connect to MySQL on this machine. Please see <a href="https://www.php.net/manual/en/ref.mysql.php">this page</a> for help on how to configure MySQL.';
if($o['silentErrors']) return false;

ob_end_clean();
return $result;
dieErrorPage($o['error']);
}

/****** Connect to MySQL ******/
if(!($db_link = @db_connect($dbServer, $dbUsername, $dbPassword))) {
$o['error'] = db_error($db_link, true);
if($o['silentErrors']) return false;

dieErrorPage($o['error']);
}

/****** Select DB ********/
if(!db_select_db($dbDatabase, $db_link)) {
$o['error'] = db_error($db_link);
if($o['silentErrors']) return false;

dieErrorPage($o['error']);
}

$connected = true;
return $db_link;
}
########################################################################
function sql($statement, &$o) {

/*
Supported options that can be passed in $o options array (as array keys):
'silentErrors': If true, errors will be returned in $o['error'] rather than displaying them on screen and exiting.
'noSlowQueryLog': don't log slow query if true
'noErrorQueryLog': don't log error query if true
*/

global $Translation;

$db_link = openDBConnection($o);

/*
if openDBConnection() fails, it would abort execution unless 'silentErrors' is true,
in which case, we should return false from sql() without further action since
$o['error'] would be already set by openDBConnection()
*/
if(!$db_link) return false;

$t0 = microtime(true);

if(!$result = @db_query($statement, $db_link)) {
if(!stristr($statement, "show columns")) {
// retrieve error codes
$errorNum = db_errno($db_link);
$o['error'] = htmlspecialchars(db_error($db_link));

if(empty($o['noErrorQueryLog']))
logErrorQuery($statement, $o['error']);

if(getLoggedAdmin())
$o['error'] .= "<pre class=\"ltr\">{$Translation['query:']}\n" . htmlspecialchars($statement) . "</pre><p><i class=\"text-right\">{$Translation['admin-only info']}</i></p><p>{$Translation['try rebuild fields']}</p>";

if($o['silentErrors']) return false;

dieErrorPage($o['error']);
}
}

/* log slow queries that take more than 1 sec */
$t1 = microtime(true);
if($t1 - $t0 > 1.0 && empty($o['noSlowQueryLog']))
logSlowQuery($statement, $t1 - $t0);

return $result;
}
########################################################################
function logSlowQuery($statement, $duration) {
if(!createQueryLogTable()) return;

$o = [
'silentErrors' => true,
'noSlowQueryLog' => true,
'noErrorQueryLog' => true
];
$statement = makeSafe($statement);
$duration = floatval($duration);
$memberID = makeSafe(getLoggedMemberID());
$uri = makeSafe($_SERVER['REQUEST_URI']);

sql("INSERT INTO `appgini_query_log` SET
`statement`='$statement',
`duration`=$duration,
`memberID`='$memberID',
`uri`='$uri'
", $o);
}
########################################################################
function logErrorQuery($statement, $error) {
if(!createQueryLogTable()) return;

$o = [
'silentErrors' => true,
'noSlowQueryLog' => true,
'noErrorQueryLog' => true
];
$statement = makeSafe($statement);
$error = makeSafe($error);
$memberID = makeSafe(getLoggedMemberID());
$uri = makeSafe($_SERVER['REQUEST_URI']);

sql("INSERT INTO `appgini_query_log` SET
`statement`='$statement',
`error`='$error',
`memberID`='$memberID',
`uri`='$uri'
", $o);
}

########################################################################
function createQueryLogTable() {
static $created = false;
if($created) return true;

$o = [
'silentErrors' => true,
'noSlowQueryLog' => true,
'noErrorQueryLog' => true
];

sql("CREATE TABLE IF NOT EXISTS `appgini_query_log` (
`datetime` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
`statement` LONGTEXT,
`duration` DECIMAL(10,2) UNSIGNED DEFAULT 0.0,
`error` TEXT,
`memberID` VARCHAR(200),
`uri` VARCHAR(200)
) CHARSET " . mysql_charset, $o);

// check if table created
//$o2 = $o;
//$o2['error'] = '';
//sql("SELECT COUNT(1) FROM 'appgini_query_log'", $o2);

//$created = empty($o2['error']);

$created = true;
return $created;
}

########################################################################
function sqlValue($statment, &$error = NULL) {
// executes a statment that retreives a single data value and returns the value retrieved
function sqlValue($statement, &$error = NULL) {
// executes a statement that retreives a single data value and returns the value retrieved
$eo = ['silentErrors' => true];
if(!$res = sql($statment, $eo)) { $error = $eo['error']; return false; }
if(!$res = sql($statement, $eo)) { $error = $eo['error']; return false; }
if(!$row = db_fetch_row($res)) return false;
return $row[0];
}
Expand Down
8 changes: 5 additions & 3 deletions app/admin/incHeader.php
Expand Up @@ -204,14 +204,16 @@ function hideDialogs() {
<li><a href="pageSettings.php"><i class="glyphicon menu-item-icon text-info glyphicon-cog"></i> <?php echo $Translation['admin settings']; ?></a></li>
<li class="divider"></li>
<li><a href="pageRebuildThumbnails.php"><i class="glyphicon menu-item-icon text-info glyphicon-picture"></i> <?php echo $Translation['rebuild thumbnails']; ?></a></li>
<li><a href="pageRebuildFields.php"><i class="glyphicon menu-item-icon text-info glyphicon-refresh"></i> <?php echo $Translation['view or rebuild fields']; ?></a></li>
<li><a href="pageUploadCSV.php"><i class="glyphicon menu-item-icon text-info glyphicon-upload"></i> <?php echo $Translation['import CSV']; ?></a></li>
<li><a href="pageTransferOwnership.php"><i class="glyphicon menu-item-icon text-info glyphicon-random"></i> <?php echo $Translation['batch transfer']; ?></a></li>
<li><a href="pageMail.php?sendToAll=1"><i class="glyphicon menu-item-icon text-info glyphicon-envelope"></i> <?php echo $Translation['mail all users']; ?></a></li>
<li><a href="pageBackupRestore.php"><i class="glyphicon menu-item-icon text-info glyphicon-tasks"></i> <?php echo $Translation['database backups']; ?></a></li>
<li><a href="pageServerStatus.php"><i class="glyphicon menu-item-icon text-info glyphicon-hdd"></i> <?php echo $Translation['server status']; ?></a></li>
<li><a href="app-documentation.php"><i class="glyphicon menu-item-icon text-info glyphicon-book"></i> <?php echo $Translation['app documentation']; ?></a></li>
<li class="divider"></li>
<li><a href="pageRebuildFields.php"><i class="glyphicon menu-item-icon text-info glyphicon-refresh"></i> <?php echo $Translation['view or rebuild fields']; ?></a></li>
<li><a href="pageBackupRestore.php"><i class="glyphicon menu-item-icon text-info glyphicon-tasks"></i> <?php echo $Translation['database backups']; ?></a></li>
<li><a href="pageUploadCSV.php"><i class="glyphicon menu-item-icon text-info glyphicon-upload"></i> <?php echo $Translation['import CSV']; ?></a></li>
<li><a href="pageQueryLogs.php"><i class="glyphicon menu-item-icon text-info glyphicon-book"></i> <?php echo $Translation['Query logs']; ?></a></li>
<li class="divider"></li>
<li><a href="https://forums.appgini.com" target="_blank"><i class="glyphicon menu-item-icon text-info glyphicon-new-window"></i> <?php echo $Translation['AppGini forum']; ?></a></li>
</ul>
</li>
Expand Down
8 changes: 4 additions & 4 deletions app/admin/pageBackupRestore.php
Expand Up @@ -129,7 +129,7 @@ protected function utf8ize($mixed) {
*/
protected function get_specified_backup_file() {
$md5_hash = $this->request['md5_hash'];
if(!preg_match('/^[a-f0-9]{32}$/i', $md5_hash)) return false;
if(!preg_match('/^[a-f0-9]{17,32}$/i', $md5_hash)) return false;

$bfile = "{$this->curr_dir}/backups/{$md5_hash}.sql";
if(!is_file($bfile)) return false;
Expand Down Expand Up @@ -361,10 +361,10 @@ public function get_backup_files() {
$list = [];

while(false !== ($entry = $d->read())) {
if(!preg_match('/^[a-f0-9]{32}\.sql$/i', $entry)) continue;
if(!preg_match('/^[a-f0-9]{17,32}\.sql$/i', $entry)) continue;
$fts = @filemtime("{$bdir}/{$entry}");
$list[$fts] = array(
'md5_hash' => substr($entry, 0, 32),
'md5_hash' => substr($entry, 0, -4),
'datetime' => date($dtf, $fts),
'size' => number_format(@filesize("{$bdir}/{$entry}") / 1024)
);
Expand All @@ -388,7 +388,7 @@ public function create_backup() {
$config = ['dbServer' => '', 'dbUsername' => '', 'dbPassword' => '', 'dbDatabase' => ''];
foreach($config as $k => $v) $config[$k] = escapeshellarg(config($k));

$dump_file = escapeshellarg(normalize_path($this->curr_dir)) . '/backups/' . md5(microtime()) . '.sql';
$dump_file = escapeshellarg(normalize_path($this->curr_dir)) . '/backups/' . substr(md5(microtime() . rand(0, 100000)), -17) . '.sql';
$pass_param = ($config['dbPassword'] ? "-p{$config['dbPassword']}" : '');
$this->cmd = "(mysqldump --no-tablespaces -u{$config['dbUsername']} {$pass_param} -h{$config['dbServer']} {$config['dbDatabase']} -r {$dump_file}) 2>&1";

Expand Down
2 changes: 1 addition & 1 deletion app/admin/pageEditMember.php
Expand Up @@ -383,7 +383,7 @@
.parents('.form-group').removeClass('has-error has-success');
},
success: function(resp) {
if(resp.match(/\<!-- AVAILABLE --\>/)) {
if(resp.indexOf('username-available') > -1) {
$j('#username-available')
.removeClass('hidden')
.parents('.form-group').addClass('has-success');
Expand Down
2 changes: 1 addition & 1 deletion app/admin/pageMail.php
Expand Up @@ -84,7 +84,7 @@
}

// save mail queue
$queueFile = md5(microtime());
$queueFile = substr(md5(microtime() . rand(0, 100000)), -17);
$currDir = dirname(__FILE__);
if(!($fp = fopen("{$currDir}/{$queueFile}.php", 'w'))) {
echo Notification::show(array(
Expand Down
2 changes: 1 addition & 1 deletion app/admin/pageSender.php
Expand Up @@ -13,7 +13,7 @@

$queue = $_REQUEST['queue'];
$simulate = (isset($_REQUEST['simulate']) ? true : false);
if(!preg_match('/^[a-f0-9]{32}$/i', $queue)) {
if(!preg_match('/^[a-f0-9]{17,32}$/i', $queue)) {
echo "<div class=\"alert alert-danger\">{$Translation['invalid mail queue']}</div>";
include("{$currDir}/incFooter.php");
}
Expand Down

0 comments on commit 0a2aaf5

Please sign in to comment.