* @copyright (cc) creative commons - attribution-shareAlike 3.0 unported
* @version 7.14
* @package app
* @subpackage controllers
*/
class admin extends controller {
/**
* constructor
* load the session manager by default
*/
function __construct() {
$imports = array(
"session" => array(
"type" => qoob_types::core,
"class" => "dbsession",
"dir" => "users/"));
parent::__construct($imports);
}
//___________________________________________________________________________________________________________
// login/logout
/**
* logout
* destroy the dession
*/
function logout() {
$this->session->destroy(session_id());
$this->session->regenerate();
header("location: ".QOOB_DOMAIN.QOOB_CONTROLLER_URL."/");
}
/**
* index
* login screen
*/
function index() {
$html["title"] = 'backdoor';
$html["meta"] = '';
$html["sidebar"] = $this->view("blog/sidebar_qr", array(), true);
$html["selected"] = '';
$html["script"] = '';
$html["body"] = '';
$html["error"] = "";
$html["username"] = '';
$html["password"] = '';
$loginAttempt = false;
if($_POST) {
$loginAttempt = true;
$html["username"] = getRequest("txtUser", "post", FILTER_SANITIZE_STRING);
$html["password"] = getRequest("txtPass", "post", FILTER_SANITIZE_STRING);
}
if($html["username"] === "" or $html["password"] === "") {
$html["error"] = $this->view("admin/errorBubble", array('title' => 'Error!', 'msg' => 'Please complete the entire form!'), true);
} else {
$admin = $this->model("adminModel");
$result = $admin->checkUser($html["username"]);
if (count($result) > 0) {
//--load the hash utility
$this->library(qoob_types::utility, "hash", "crypto/");
//--compare pass to hash
if($this->hash->compare($html["password"], $result[0]["password"])) {
//---setup session
$_SESSION["admin_id"] = $result[0]["admin_id"];
$_SESSION["name"] = $result[0]["name"];
$_SESSION["username"] = $result[0]["username"];
$_SESSION["email"] = $result[0]["email"];
header("location: ".QOOB_DOMAIN."backdoor/console/");
} else {
$html["error"] = $this->view("admin/errorBubble", array('title' => 'Error!', 'msg' => 'Bad username / password combination!'), true);
}
} else {
$html["error"] = $this->view("admin/errorBubble", array('title' => 'Error!', 'msg' => 'Bad username / password combination!'), true);
}
}
if(!$loginAttempt) {
$html["error"] = "";
}
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'the login screen',
'content' => $this->view("admin/login", array('errors' => $html["error"]), true),
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
$this->view("pixelgraff", $html);
}
/**
* main
* display the main menu after login
*/
function main() {
if(!$this->session->validate()){
header("location: ".QOOB_DOMAIN.QOOB_CONTROLLER_URL."/");
} else {
$html["title"] = 'backdoor/console';
$html["meta"] = '';
$html["sidebar"] = $this->view("admin/sidebar", array(), true).$this->view("blog/sidebar_qr", array(), true);
$html["selected"] = '';
$html["script"] = '';
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'the console',
'content' => '
Hello '.$_SESSION['name'].',
and welcome to the qoob backend.
Use the menu on the right to moderate the site.
',
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
$this->view("pixelgraff", $html);
}
}
//___________________________________________________________________________________________________________
// admin
/**
* add admin
* add new administrators to the database
*/
function addAdmin() {
if(!$this->session->validate()){
header("location: ".QOOB_DOMAIN.QOOB_CONTROLLER_URL."/");
} else {
$html["title"] = 'backdoor/addAdmin';
$html["meta"] = '';
$html["sidebar"] = $this->view("admin/sidebar", array(), true).$this->view("blog/sidebar_qr", array(), true);
$html["selected"] = '';
$html["script"] = $this->view("admin/addAdminJS", array(), true);
$html["body"] = '';
$saveAttempt = false;
if($_POST) {
$clean["name"] = getRequest("txtName", "post", FILTER_SANITIZE_STRING);
$clean["user"] = getRequest("txtUser", "post", FILTER_SANITIZE_STRING);
$clean["email"] = getRequest("txtEmail", "post", FILTER_SANITIZE_EMAIL);
$clean["pass"] = getRequest("txtPass", "post", FILTER_SANITIZE_STRING);
$saveAttempt = true;
$data = array(
'txtName' => $clean["name"],
'txtUser' => $clean["user"],
'txtEmail' => $clean["email"],
'txtPass' => $clean["pass"],
'errors' => ''
);
if($clean["name"] === "" or $clean["user"] === "" or $clean["email"] === "" or $clean["pass"] === "") {
$data["errors"] = $this->view("admin/errorBubble", array('title' => 'Error!', 'msg' => 'Please complete the entire form!'), true);
$form = $this->view("admin/addAdmin", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Add Administrators',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
} else {
$am = $this->model("adminModel");
$result = $am->checkAdmin($clean["email"]);
if(isset($result[0])) {
$data["errors"] = $this->view("admin/errorBubble", array('title' => 'Error!', 'msg' => 'That email is already in use!'), true);
$form = $this->view("admin/addAdmin", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Add Administrators',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
} else {
//---generate random values
$algo = mt_rand(0, 1) == 0 ? false : true;
list($usec, $sec) = explode(' ', microtime()); // reseed the
$seed = (float) $sec + ((float) $usec * 100000); // random number
mt_srand($seed); // generator
$rounds = mt_rand(2000, 3000);
//---hash password
$this->library(qoob_types::utility, "hash", "crypto/");
$this->hash->sha1 = $algo;
$this->hash->rounds = $rounds;
$clean["pass"] = $this->hash->make($clean["pass"]);
$am->addAdmin($clean);
$html["error"] = '';
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Add Administrators',
'content' => 'Administrator added successfully!',
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
}
}
if(!$saveAttempt) {
$form = array(
'txtName' => '',
'txtUser' => '',
'txtEmail' => '',
'txtPass' => '',
'errors' => ''
);
$form = $this->view("admin/addAdmin", $form, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Add Administrators',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
$this->view("pixelgraff", $html);
}
}
/**
* modify admin
* update the administrators info in the database
*/
function modAdmin() {
if(!$this->session->validate()){
header("location: ".QOOB_DOMAIN.QOOB_CONTROLLER_URL."/");
} else {
$html["title"] = 'backdoor/modAdmin';
$html["meta"] = '';
$html["sidebar"] = $this->view("admin/sidebar", array(), true).$this->view("blog/sidebar_qr", array(), true);
$html["selected"] = '';
$html["script"] = $this->view("admin/addAdminJS", array(), true);
$html["body"] = '';
$saveAttempt = false;
$loadAttempt = false;
$am = $this->model("adminModel");
if($_POST) {
$action = getRequest("action", "post", FILTER_SANITIZE_STRING);
if($action == "load") {
$loadAttempt = true;
$clean["admin_id"] = getRequest("whichAdmin", "post", FILTER_SANITIZE_NUMBER_INT);
$admin = $am->getAdminByID($clean["admin_id"]);
if(isset($admin[0])) {
$data = array(
'admin_id' => $admin[0]["admin_id"],
'txtName' => $admin[0]["name"],
'txtUser' => $admin[0]["username"],
'txtEmail' => $admin[0]["email"],
'errors' => ''
);
$form = $this->view("admin/modAdmin", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Modify Administrator',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
} else {
throw new Exception("Invalid admin id.", 500);
}
} else {
$saveAttempt = true;
$clean["name"] = getRequest("txtName", "post", FILTER_SANITIZE_STRING);
$clean["user"] = getRequest("txtUser", "post", FILTER_SANITIZE_STRING);
$clean["email"] = getRequest("txtEmail", "post", FILTER_SANITIZE_EMAIL);
$clean["pass"] = getRequest("txtPass", "post", FILTER_SANITIZE_STRING);
$clean["admin_id"] = getRequest("admin_id", "post", FILTER_SANITIZE_NUMBER_INT);
$data = array(
'txtName' => $clean["name"],
'txtUser' => $clean["user"],
'txtEmail' => $clean["email"],
'txtPass' => $clean["pass"],
'admin_id' => $clean["admin_id"]
);
if($clean["name"] === "" or $clean["user"] === "" or $clean["email"] === "" or $clean["pass"] === "" or $clean["admin_id"] === "") {
$data["errors"] = $this->view("admin/errorBubble", array('title' => 'Error!', 'msg' => 'Please complete the entire form!'), true);
$form = $this->view("admin/modAdmin", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Modify Administrator',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
} else {
//---generate random values
$algo = mt_rand(0, 1) == 0 ? false : true;
list($usec, $sec) = explode(' ', microtime()); // reseed the
$seed = (float) $sec + ((float) $usec * 100000); // random number
mt_srand($seed); // generator
$rounds = mt_rand(2000, 3000);
//---hash password
$this->library(qoob_types::utility, "hash", "crypto/");
$this->hash->sha1 = $algo;
$this->hash->rounds = $rounds;
$clean["pass"] = $this->hash->make($clean["pass"]);
$am->modAdmin($clean);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Modify Administrators',
'content' => 'Administrator modified successfully!',
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
}
}
if(!$saveAttempt && !$loadAttempt) {
$admins = $am->getAllAdmins();
$adminList = '';
foreach ($admins as $admin) {
$adminList .= '\n';
}
$form = $this->view("admin/modAdminSelect", array('adminList' => $adminList), true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Modify Administrators',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
$this->view("pixelgraff", $html);
}
}
/**
* delete admin
* remove administrators from the database
*/
function delAdmin() {
if(!$this->session->validate()){
header("location: ".QOOB_DOMAIN.QOOB_CONTROLLER_URL."/");
} else {
$html["title"] = 'backdoor/delAdmin';
$html["meta"] = '';
$html["sidebar"] = $this->view("admin/sidebar", array(), true).$this->view("blog/sidebar_qr", array(), true);
$html["selected"] = '';
$html["script"] = $this->view("admin/delPageJS", array(), true);
$html["body"] = '';
$saveAttempt = false;
$loadAttempt = false;
$am = $this->model("adminModel");
if($_POST) {
$action = getRequest("action", "post", FILTER_SANITIZE_STRING);
if($action == "load") {
$loadAttempt = true;
$clean["admin_id"] = getRequest("whichAdmin", "post", FILTER_SANITIZE_NUMBER_INT);
$admin = $am->getAdminByID($clean["admin_id"]);
if(isset($admin[0])) {
$data = array(
'name' => $admin[0]["name"],
'admin_id' => $admin[0]["admin_id"]
);
$form = $this->view("admin/delAdmin", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Delete Administrator',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
} else {
throw new Exception("Invalid admin id.", 500);
}
} else {
$saveAttempt = true;
$clean["admin_id"] = getRequest("admin_id", "post", FILTER_SANITIZE_NUMBER_INT);
if($clean["admin_id"] === "") {
throw new Exception("Invalid admin id.", 500);
} else {
$am->deleteAdmin($clean["admin_id"]);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Delete Administrators',
'content' => 'Administrator deleted successfully!',
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
}
}
if(!$saveAttempt && !$loadAttempt) {
$admins = $am->getAllAdmins();
$adminList = '';
foreach ($admins as $admin) {
$adminList .= '\n';
}
$form = $this->view("admin/delAdminSelect", array('adminList' => $adminList), true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Delete Administrators',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
$this->view("pixelgraff", $html);
}
}
/**
* invite new admins
*/
function invite() {
if(!$this->session->validate()){
header("location: ".QOOB_DOMAIN.QOOB_CONTROLLER_URL."/");
} else {
$html["title"] = 'backdoor/invite';
$html["meta"] = '';
$html["sidebar"] = $this->view("admin/sidebar", array(), true).$this->view("blog/sidebar_qr", array(), true);
$html["selected"] = '';
$html["script"] = '';
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Invitations',
'content' => 'Administrator invites coming soon...',
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
$this->view("pixelgraff", $html);
}
}
//___________________________________________________________________________________________________________
// pages
/**
* display page functions
*/
function pages() {
if(!$this->session->validate()){
header("location: ".QOOB_DOMAIN.QOOB_CONTROLLER_URL."/");
} else {
$html["title"] = 'backdoor/pages';
$html["meta"] = '';
$html["sidebar"] = $this->view("admin/sidebar", array(), true).$this->view("blog/sidebar_qr", array(), true);
$html["selected"] = '';
$html["script"] = '';
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Pages',
'content' => 'Administrator invites coming soon...',
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
$this->view("pixelgraff", $html);
}
}
/**
* add page
* add new pages to the database
*/
function addPage() {
if(!$this->session->validate()){
header("location: ".QOOB_DOMAIN.QOOB_CONTROLLER_URL."/");
} else {
$html["title"] = 'backdoor/addPage';
$html["meta"] = '';
$html["sidebar"] = $this->view("admin/sidebar", array(), true).$this->view("blog/sidebar_qr", array(), true);
$html["selected"] = '';
$html["script"] = $this->view("admin/addPageJS", array(), true);
$saveAttempt = false;
if($_POST) {
$clean["url"] = getRequest("theRealURL", "post", FILTER_SANITIZE_STRING);
$clean["title"] = getRequest("txtTitle", "post", FILTER_SANITIZE_STRING);
$clean["subtitle"] = getRequest("txtSubTitle", "post", FILTER_SANITIZE_STRING);
$clean["body"] = getRequest("txtBody", "post", FILTER_SANITIZE_SPECIAL_CHARS);
$clean["script"] = getRequest("txtScript", "post", FILTER_SANITIZE_SPECIAL_CHARS);
$clean["selected"] = getRequest("txtSelected", "post", FILTER_SANITIZE_STRING);
$clean["meta"] = getRequest("txtMeta", "post", FILTER_SANITIZE_STRING);
$clean["sidebar"] = getRequest("txtSidebar", "post", FILTER_SANITIZE_STRING);
$saveAttempt = true;
$data = array(
'errors' => '',
'txtTitle' => $clean["title"],
'txtSubTitle' => $clean["subtitle"],
'txtURL' => $clean["url"],
'txtBody' => $clean["body"],
'txtScript' => $clean["script"],
'txtSelected' => $clean["selected"],
'txtMeta' => $clean["meta"],
'txtSidebar' => $clean["sidebar"]
);
if($clean["url"] === "" or $clean["title"] === "" or $clean["body"] === "") {
$data["errors"] = $this->view("admin/errorBubble", array('title' => 'Error!', 'msg' => 'Please complete the entire form!'), true);
$form = $this->view("admin/addPage", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Add Page',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
} else {
$am = $this->model("adminModel");
$result = $am->checkPageRoute($clean["url"]);
if(isset($result[0])) {
$data["errors"] = $this->view("admin/errorBubble", array('title' => 'Error!', 'msg' => 'That URL is already in use!'), true);
$form = $this->view("admin/addPage", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Add Page',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
} else {
$am->addPage($clean);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Add Page',
'content' => 'New page added successfully!',
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
}
}
if(!$saveAttempt) {
$data = array(
'txtTitle' => '',
'txtSubTitle' => '',
'txtURL' => '',
'txtBody' => '',
'txtScript' => '',
'txtSelected' => '',
'txtMeta' => '',
'txtSidebar' => '',
'errors' => '',
);
$form = $this->view("admin/addPage", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Add Page',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
$this->view("pixelgraff", $html);
}
}
/**
* modify pages
* update the contents of pages in the database
*/
function modPage() {
if(!$this->session->validate()){
header("location: ".QOOB_DOMAIN.QOOB_CONTROLLER_URL."/");
} else {
$html["title"] = 'backdoor/modPage';
$html["meta"] = '';
$html["sidebar"] = $this->view("admin/sidebar", array(), true).$this->view("blog/sidebar_qr", array(), true);
$html["selected"] = '';
$html["script"] = $this->view("admin/addPageJS", array(), true);
$html["body"] = '';
$saveAttempt = false;
$loadAttempt = false;
$am = $this->model("adminModel");
if($_POST) {
$action = getRequest("action", "post", FILTER_SANITIZE_STRING);
if($action == "load") {
$loadAttempt = true;
$clean["page_id"] = getRequest("whichPage", "post", FILTER_SANITIZE_NUMBER_INT);
$page = $am->getPage($clean["page_id"]);
if(isset($page[0])) {
$route = $am->getPageRouteIDs($page[0]["url"]);
$data = array(
'errors' => '',
'txtTitle' => $page[0]["title"],
'txtSubTitle' => $page[0]["subtitle"],
'txtURL' => $page[0]["url"],
'txtBody' => $page[0]["body"],
'txtScript' => $page[0]["script"],
'txtSelected' => $page[0]["mainCat"],
'txtMeta' => $page[0]["meta"],
'txtSidebar' => $page[0]["sidebar"],
'page_id' => $route["p_id"],
'route_id' => $route["r_id"]
);
$form = $this->view("admin/modPage", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Modify Page',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
} else {
throw new Exception("Invalid page id.", 500);
}
} else {
$saveAttempt = true;
$clean["page_id"] = getRequest("page_id", "post", FILTER_SANITIZE_NUMBER_INT);
$clean["route_id"] = getRequest("route_id", "post", FILTER_SANITIZE_NUMBER_INT);
$clean["url"] = getRequest("theRealURL", "post", FILTER_SANITIZE_STRING);
$clean["title"] = getRequest("txtTitle", "post", FILTER_SANITIZE_STRING);
$clean["subtitle"] = getRequest("txtSubTitle", "post", FILTER_SANITIZE_STRING);
$clean["body"] = getRequest("txtBody", "post", FILTER_SANITIZE_SPECIAL_CHARS);
$clean["script"] = getRequest("txtScript", "post", FILTER_SANITIZE_SPECIAL_CHARS);
$clean["selected"] = getRequest("txtSelected", "post", FILTER_SANITIZE_STRING);
$clean["meta"] = getRequest("txtMeta", "post", FILTER_SANITIZE_STRING);
$clean["sidebar"] = getRequest("txtSidebar", "post", FILTER_SANITIZE_STRING);
$data = array(
'errors' => '',
'txtTitle' => $clean["title"],
'txtSubTitle' => $clean["subtitle"],
'txtURL' => $clean["url"],
'txtBody' => $clean["body"],
'txtScript' => $clean["script"],
'txtSelected' => $clean["selected"],
'txtMeta' => $clean["meta"],
'txtSidebar' => $clean["sidebar"],
'page_id' => $clean["page_id"],
'route_id' => $clean["route_id"]
);
if($clean["url"] === "" or $clean["title"] === "" or $clean["body"] === "") {
$data["errors"] = $this->view("admin/errorBubble", array('title' => 'Error!', 'msg' => 'Please complete the entire form!'), true);
$form = $this->view("admin/modPage", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Modify Page',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
} else {
if($am->checkPageRouteChange($clean["page_id"], $clean["url"])) {
$test =$am->checkPageRoute($clean["url"]);
if(isset($test[0])) {
$data["errors"] = $this->view("admin/errorBubble", array('title' => 'Error!', 'msg' => 'That URL is already in use!'), true);
$form = $this->view("admin/modPage", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Modify Page',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
}
if($data["errors"] == '') {
$am->modPage($clean);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Modify Page',
'content' => 'Your page has been modified successfully!',
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
}
}
}
if(!$saveAttempt && !$loadAttempt) {
$pages = $am->getPages();
$pageList = '';
foreach ($pages as $page) {
$pageList .= '\n';
}
$form = $this->view("admin/modPageSelect", array('pageList' => $pageList), true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Modify Page',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
$this->view("pixelgraff", $html);
}
}
/**
* delete page
* remove pages from the database
*/
function delPage() {
if(!$this->session->validate()){
header("location: ".QOOB_DOMAIN.QOOB_CONTROLLER_URL."/");
} else {
$html["title"] = 'backdoor/delPage';
$html["meta"] = '';
$html["sidebar"] = $this->view("admin/sidebar", array(), true).$this->view("blog/sidebar_qr", array(), true);
$html["selected"] = '';
$html["script"] = $this->view("admin/delPageJS", array(), true);
$html["body"] = '';
$saveAttempt = false;
$loadAttempt = false;
$am = $this->model("adminModel");
if($_POST) {
$action = getRequest("action", "post", FILTER_SANITIZE_STRING);
if($action == "load") {
$loadAttempt = true;
$clean["page_id"] = getRequest("whichPage", "post", FILTER_SANITIZE_NUMBER_INT);
$page = $am->getPage($clean["page_id"]);
if(isset($page[0])) {
$route = $am->getPageRouteIDs($page[0]["url"]);
$data = array(
'url' => $page[0]["url"],
'page_id' => $route["p_id"],
'route_id' => $route["r_id"]
);
$form = $this->view("admin/delPage", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Delete Page',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
} else {
throw new Exception("Invalid page id.", 500);
}
} else {
$saveAttempt = true;
$clean["page_id"] = getRequest("page_id", "post", FILTER_SANITIZE_NUMBER_INT);
$clean["route_id"] = getRequest("route_id", "post", FILTER_SANITIZE_NUMBER_INT);
if($clean["page_id"] === "" or $clean["route_id"] === "") {
throw new Exception("Invalid page id.", 500);
} else {
$am->delPage($clean);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Delete Page',
'content' => 'Your page as been deleted successfully!',
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
}
}
if(!$saveAttempt && !$loadAttempt) {
$pages = $am->getPages();
$pageList = '';
foreach ($pages as $page) {
$pageList .= '\n';
}
$form = $this->view("admin/delPageSelect", array('pageList' => $pageList), true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Delete Page',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
$this->view("pixelgraff", $html);
}
}
//___________________________________________________________________________________________________________
// blog
/**
* add blog
* insert a blog post into the database
*/
function addBlog() {
if(!$this->session->validate()){
header("location: ".QOOB_DOMAIN.QOOB_CONTROLLER_URL."/");
} else {
$html["title"] = 'backdoor/addBlog';
$html["meta"] = '';
$html["sidebar"] = $this->view("admin/sidebar", array(), true).$this->view("blog/sidebar_qr", array(), true);
$html["selected"] = '';
$html["script"] = $this->view("admin/addBlogJS", array('taglist' => '', 'catlist' =>'', 'post' => 'draft'), true);
$html["jsfiles"] = ''.PHP_EOL.' '.PHP_EOL.' '.PHP_EOL.' '.PHP_EOL.' '.PHP_EOL;
$html["body"] = '';
$saveAttempt = false;
if($_POST) {
$clean["date"] = getRequest("txtDateTime", "post", FILTER_SANITIZE_STRING);
$clean["post"] = getRequest("postMenu", "post", FILTER_SANITIZE_STRING);
$clean["url"] = getRequest("theRealURL", "post", FILTER_SANITIZE_STRING);
$clean["title"] = getRequest("txtTitle", "post", FILTER_SANITIZE_STRING);
$clean["subtitle"] = getRequest("txtSubTitle", "post", FILTER_SANITIZE_STRING);
$clean["body"] = getRequest("txtBody", "post", FILTER_SANITIZE_SPECIAL_CHARS);
$clean["excerpt"] = getRequest("txtExcerpt", "post", FILTER_SANITIZE_SPECIAL_CHARS);
$clean["tags"] = getRequest("txtTags", "post", FILTER_SANITIZE_STRING);
$cats = getRequest("txtCats", "post");
$clean["cats"] = is_array($cats) ? implode(",", $cats) : $cats;
switch ($clean["post"]) {
case "draft":
$clean["live"] = 0;
$clean["date"] = time();
break;
case "now":
$clean["live"] = 1;
$clean["date"] = time();
break;
case "date":
$clean["date"] = strtotime($clean["date"]);
$now = time();
$clean["live"] = ($clean["date"] <= $now) ? 1 : 0;
break;
default:
throw new Exception("Bad post type value.", 500);
break;
}
$saveAttempt = true;
$html["script"] = $this->view("admin/addBlogJS", array('taglist' => $clean["tags"], 'catlist' => $clean["cats"], 'post' => $clean['post']), true);
$data = array(
'errors' => '',
'date' => $clean["date"],
'postMenu' => $clean["post"],
'txtURL' => $clean["url"],
'txtTitle' => $clean["title"],
'txtSubTitle' => $clean["subtitle"],
'txtBody' => $clean["body"],
'txtExcerpt' => $clean["excerpt"],
'txtDateTime' => $clean["date"]
);
if($clean["url"] === "" || $clean["title"] === "" || $clean["subtitle"] === "" || $clean["body"] === "" or $clean["excerpt"] === "") {
$data["errors"] = $this->view("admin/errorBubble", array('title' => 'Error!', 'msg' => 'Please complete the entire form!'), true);
$form = $this->view("admin/addBlog", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Add Blog Entry',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
} else {
$am = $this->model("adminModel");
if(!$am->checkBlogRoute($clean["url"])) {
$data["errors"] = $this->view("admin/errorBubble", array('title' => 'Error!', 'msg' => 'That URL is already in use!'), true);
$form = $this->view("admin/addBlog", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Add Blog Entry',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
} else {
//---add post post
$id = $am->addBlogPost($clean["url"], $clean["title"], $clean["subtitle"], $clean["excerpt"], $clean["body"], $clean["date"], $clean["live"]);
//---add tags
if(!empty($clean["tags"])) {
$tags = explode(",", $clean["tags"]);
foreach($tags as $tag) {
$am->addBlogMeta($id, "tag", $tag);
}
}
//---add categories
if(!empty($clean["cats"])) {
$cats = explode(",", $clean["cats"]);
foreach($cats as $cat) {
$am->addBlogMeta($id, "category", $cat);
}
}
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Add Blog Entry',
'content' => 'New blog post added successfully!',
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
}
}
if(!$saveAttempt) {
$data = array(
'errors' => '',
'txtTitle' => '',
'txtSubTitle' => '',
'txtURL' => '',
'txtBody' => '',
'txtExcerpt' => '',
'txtTags' => '',
'chkLive' => '',
'postMenu' => 'draft'
);
$form = $this->view("admin/addBlog", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Add Blog Entry',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
$this->view("pixelgraff", $html);
}
}
/**
* modify blog
* update a blog post in the database
*/
function modBlog() {
if(!$this->session->validate()){
header("location: ".QOOB_DOMAIN.QOOB_CONTROLLER_URL."/");
} else {
$html["title"] = 'backdoor/modBlog';
$html["meta"] = '';
$html["sidebar"] = $this->view("admin/sidebar", array(), true).$this->view("blog/sidebar_qr", array(), true);
$html["selected"] = '';
$html["script"] = $this->view("admin/addBlogJS", array('taglist' => '', 'catlist' =>'', 'post' => 'draft'), true);
$html["jsfiles"] = ''.PHP_EOL.' '.PHP_EOL.' '.PHP_EOL.' '.PHP_EOL.' '.PHP_EOL;
$html["body"] = '';
$saveAttempt = false;
$loadAttempt = false;
$am = $this->model("adminModel");
if($_POST) {
$action = getRequest("action", "post", FILTER_SANITIZE_STRING);
if($action == "load") {
$loadAttempt = true;
$clean["post_id"] = getRequest("whichBlog", "post", FILTER_SANITIZE_NUMBER_INT);
$post = $am->getBlogAndMetaByID($clean["post_id"]);
if(isset($post[0])) {
$data = array(
'errors' => '',
'post_id' => $clean["post_id"],
'txtTitle' => $post[0]["title"],
'txtSubTitle' => $post[0]["subtitle"],
'txtURL' => $post[0]["url"],
'theRealURL' => $post[0]["url"],
'txtBody' => $post[0]["content"],
'txtExcerpt' => $post[0]["excerpt"],
'txtCats' => $post[0]["cats"],
'txtTags' => $post[0]["tags"],
'txtDateTime' => $post[0]["date"],
'postMenu' => ($post[0]["live"] == 0) ? 'draft' : 'date'
);
$html["script"] = $this->view("admin/addBlogJS", array('taglist' => $post[0]["tags"], 'catlist' => $post[0]["cats"], 'post' => $data["postMenu"]), true);
$html["body"] = $this->view("admin/modBlog", $data, true);
} else {
throw new Exception("Invalid post id.", 500);
}
} else {
$clean["post_id"] = getRequest("post_id", "post", FILTER_SANITIZE_NUMBER_INT);
$clean["date"] = getRequest("txtDateTime", "post", FILTER_SANITIZE_STRING);
$clean["post"] = getRequest("postMenu", "post", FILTER_SANITIZE_STRING);
$clean["url"] = getRequest("theRealURL", "post", FILTER_SANITIZE_STRING);
$clean["title"] = getRequest("txtTitle", "post", FILTER_SANITIZE_STRING);
$clean["subtitle"] = getRequest("txtSubTitle", "post", FILTER_SANITIZE_STRING);
$clean["body"] = getRequest("txtBody", "post", FILTER_SANITIZE_SPECIAL_CHARS);
$clean["excerpt"] = getRequest("txtExcerpt", "post", FILTER_SANITIZE_SPECIAL_CHARS);
$clean["tags"] = getRequest("txtTags", "post", FILTER_SANITIZE_STRING);
$cats = getRequest("txtCats", "post");
$clean["cats"] = is_array($cats) ? implode(",", $cats) : $cats;
switch ($clean["post"]) {
case "draft":
$clean["live"] = 0;
$clean["date"] = time();
break;
case "now":
$clean["live"] = 1;
$clean["date"] = time();
break;
case "date":
$clean["date"] = strtotime($clean["date"]);
$now = time();
$clean["live"] = ($clean["date"] <= $now) ? 1 : 0;
break;
default:
throw new Exception("Bad post type value.", 500);
break;
}
$html["script"] = $this->view("admin/addBlogJS", array('taglist' => $clean["tags"], 'catlist' => $clean["cats"], 'post' => $clean["post"]), true);
$saveAttempt = true;
$data = array(
'errors' => '',
'post_id' => $clean["post_id"],
'date' => $clean["date"],
'post' => $clean["post"],
'txtURL' => $clean["url"],
'txtTitle' => $clean["title"],
'txtSubTitle' => $clean["subtitle"],
'txtBody' => $clean["body"],
'txtExcerpt' => $clean["excerpt"],
'postMenu' => $clean["post"],
'txtDateTime' => $clean["date"]
);
if($clean["url"] === "" || $clean["title"] === "" || $clean["subtitle"] === "" || $clean["body"] === "" or $clean["excerpt"] === "") {
$data["errors"] = $this->view("admin/errorBubble", array('title' => 'Error!', 'msg' => 'Please complete the entire form!'), true);
$form = $this->view("admin/modBlog", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Modify Blog Entry',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
} else {
$oldpost = $am->getBlogAndMetaByID($clean["post_id"]);
if($clean["url"] != $oldpost[0]["url"]) {
if(!$am->checkBlogRoute($clean["url"])) {
$data["errors"] = $this->view("admin/errorBubble", array('title' => 'Error!', 'msg' => 'That URL is already in use!'), true);
$form = $this->view("admin/modBlog", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Modify Blog Entry',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
}
if($data["errors"] == "") {
//---modify post post
$am->modBlogPost($clean["post_id"], $clean["url"], $clean["title"], $clean["subtitle"], $clean["excerpt"], $clean["body"], $clean["date"], $clean["live"]);
//---check tags
$this->library(qoob_types::utility, "custom_diff");
$tagTest = $this->custom_diff->run($oldpost[0]["tags"], $clean["tags"]);
if(isset($tagTest["add"])) {
foreach($tagTest["add"] as $newtag) {
$am->addBlogMeta($clean["post_id"], "tag", $newtag);
}
}
if(isset($tagTest["del"])) {
foreach($tagTest["del"] as $oldtag) {
$am->delBlogMeta($clean["post_id"], "tag", $oldtag);
}
}
//---check categories
$catTest = $this->custom_diff->run($oldpost[0]["cats"], $clean["cats"]);
if(isset($catTest["add"])) {
foreach($catTest["add"] as $newcat) {
$am->addBlogMeta($clean["post_id"], "category", $newcat);
}
}
if(isset($catTest["del"])) {
foreach($catTest["del"] as $oldcat) {
$am->delBlogMeta($clean["post_id"], "category", $oldcat);
}
}
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Modify Blog Entry',
'content' => 'Blog post modified successfully!',
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
}
}
}
if(!$saveAttempt && !$loadAttempt) {
$posts = $am->getAllBlogPosts();
$blogList = '';
if(isset($posts[0])) {
foreach ($posts as $post) {
$blogList .= '\n';
}
} else {
$blogList = '\n';
}
$form = $this->view("admin/modBlogSelect", array('blogList' => $blogList), true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Modify Blog Entry',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
$this->view("pixelgraff", $html);
}
}
/**
* delete blog
* remove posts from the blog
*/
function delBlog() {
if(!$this->session->validate()){
header("location: ".QOOB_DOMAIN.QOOB_CONTROLLER_URL."/");
} else {
$html["title"] = 'backdoor/delBlog';
$html["meta"] = '';
$html["sidebar"] = $this->view("admin/sidebar", array(), true).$this->view("blog/sidebar_qr", array(), true);
$html["selected"] = '';
$html["script"] = $this->view("admin/delBlogJS", array('taglist' => ''), true);
$html["jsfiles"] = ''.PHP_EOL.' '.PHP_EOL.' '.PHP_EOL.' '.PHP_EOL.' '.PHP_EOL;
$html["body"] = '';
$saveAttempt = false;
$loadAttempt = false;
$am = $this->model("adminModel");
if($_POST) {
$action = getRequest("action", "post", FILTER_SANITIZE_STRING);
if($action == "load") {
$loadAttempt = true;
$clean["post_id"] = getRequest("whichBlog", "post", FILTER_SANITIZE_NUMBER_INT);
$post = $am->getBlogByID($clean["post_id"]);
if(isset($post[0])) {
$data = array(
'url' => $post[0]["url"],
'post_id' => $post[0]["post_id"]
);
$form = $this->view("admin/delBlog", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Delete Blog Entry',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
} else {
throw new Exception("Invalid post id.", 500);
}
} else {
$saveAttempt = true;
$clean["post_id"] = getRequest("post_id", "post", FILTER_SANITIZE_NUMBER_INT);
if($clean["post_id"] === "") {
throw new Exception("Invalid post id.", 500);
} else {
$am->delBlogPost($clean["post_id"]);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Delete Blog Entry',
'content' => 'Blog entry deleted successfully!',
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
}
}
if(!$saveAttempt && !$loadAttempt) {
$posts = $am->getAllBlogPosts();
$blogList = '';
if(isset($posts[0])) {
foreach ($posts as $post) {
$blogList .= '\n';
}
} else {
$blogList = '\n';
}
$form = $this->view("admin/delBlogSelect", array('blogList' => $blogList), true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Delete Blog Entry',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
$this->view("pixelgraff", $html);
}
}
//___________________________________________________________________________________________________________
// gallery
/**
* add gallery category
* add a new gallery categories to the database
*/
function addGalleryCat() {
if(!$this->session->validate()){
header("location: ".QOOB_DOMAIN.QOOB_CONTROLLER_URL."/");
} else {
$html["title"] = 'backdoor/addGalleryCat';
$html["meta"] = '';
$html["sidebar"] = $this->view("admin/sidebar", array(), true).$this->view("blog/sidebar_qr", array(), true);
$html["selected"] = '';
$html["script"] = $this->view("admin/addGalleryCatJS", array('parent' => ''), true);
$html["body"] = '';
$saveAttempt = false;
if($_POST) {
$clean["parent"] = getRequest("selNewCat", "post", FILTER_SANITIZE_NUMBER_INT);
$clean["name"] = getRequest("txtName", "post", FILTER_SANITIZE_STRING);
$clean["url"] = getRequest("theRealURL", "post", FILTER_SANITIZE_STRING);
$clean["title"] = getRequest("txtTitle", "post", FILTER_SANITIZE_STRING);
$clean["excerpt"] = getRequest("txtExcerpt", "post", FILTER_SANITIZE_SPECIAL_CHARS);
$clean["description"] = getRequest("txtDescript", "post", FILTER_SANITIZE_SPECIAL_CHARS);
$clean["live"] = getRequest("chkLive", "post", FILTER_SANITIZE_STRING);
$clean["live"] = $clean["live"] == "on" ? 1 : 0;
$saveAttempt = true;
$data = array(
'txtName' => $clean["name"],
'txtURL' => $clean["url"],
'txtTitle' => $clean["title"],
'txtExcerpt' => $clean["excerpt"],
'txtDescript' => $clean["description"],
'chkLive' => $clean["live"],
'errors' => ''
);
if($clean["parent"] === "" || $clean["name"] === "" || $clean["title"] === "" || $clean["url"] === "") {
$data["errors"] = $this->view("admin/errorBubble", array('title' => 'Error!', 'msg' => 'Please complete the entire form!'), true);
$html["script"] = $this->view("admin/addGalleryCatJS", array('parent' => $clean["parent"]), true);
$form = $this->view("admin/addGalleryCat", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Add Gallery',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
} else {
$am = $this->model("adminModel");
$result = $am->checkGalleryCategory($clean["name"], $clean["url"]);
if(isset($result[0])) {
$data["errors"] = $this->view("admin/errorBubble", array('title' => 'Error!', 'msg' => 'That category already exists!'), true);
$html["script"] = $this->view("admin/addGalleryCatJS", array('parent' => $clean["parent"]), true);
$form = $this->view("admin/addGalleryCat", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Add Gallery',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
} else {
$am->addGalleryCategory($clean["parent"], $clean["name"], $clean["url"], $clean["title"], $clean["excerpt"], $clean["description"], $clean["live"]);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Add Gallery',
'content' => 'Gallery added successfully!',
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
}
}
if(!$saveAttempt) {
$form = array(
'txtName' => '',
'txtURL' => '',
'txtTitle' => '',
'txtExcerpt' => '',
'txtDescript' => '',
'chkLive' => '',
'errors' => ''
);
$form = $this->view("admin/addGalleryCat", $form, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Add Gallery',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
$this->view("pixelgraff", $html);
}
}
/**
* modify gallery category
* update the gallery info in the database
*/
function modGalleryCat() {
if(!$this->session->validate()){
header("location: ".QOOB_DOMAIN.QOOB_CONTROLLER_URL."/");
} else {
$html["title"] = 'backdoor/modGalleryCat';
$html["meta"] = '';
$html["sidebar"] = $this->view("admin/sidebar", array(), true).$this->view("blog/sidebar_qr", array(), true);
$html["selected"] = '';
$html["script"] = $this->view("admin/addGalleryCatJS", array('parent' => ''), true);
$html["body"] = '';
$saveAttempt = false;
$loadAttempt = false;
$am = $this->model("adminModel");
if($_POST) {
$action = getRequest("action", "post", FILTER_SANITIZE_STRING);
if($action == "load") {
$loadAttempt = true;
$clean["gallery_cat_id"] = getRequest("whichGallery", "post", FILTER_SANITIZE_NUMBER_FLOAT);
$cat = $am->getGalleryCatByID($clean["gallery_cat_id"]);
if(isset($cat[0])) {
if(substr_count($clean["gallery_cat_id"], ".") > 0) {
$html["script"] = $this->view("admin/addGalleryCatJS", array('parent' => intval($clean["gallery_cat_id"])), true);
}
$data = array(
'cat_id' => $clean["gallery_cat_id"],
'txtName' => $cat[0]["name"],
'txtURL' => $cat[0]["url"],
'txtTitle' => $cat[0]["title"],
'txtExcerpt' => $cat[0]["excerpt"],
'txtDescript' => $cat[0]["description"],
'chkLive' => $cat[0]["live"],
'errors' => ''
);
$form = $this->view("admin/modGalleryCat", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Modify Gallery',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
} else {
throw new Exception("Invalid admin id.", 500);
}
} else {
$saveAttempt = true;
$clean["gallery_cat_id"] = getRequest("cat_id", "post", FILTER_SANITIZE_NUMBER_FLOAT);
$clean["parent"] = getRequest("selNewCat", "post", FILTER_SANITIZE_NUMBER_INT);
$clean["name"] = getRequest("txtName", "post", FILTER_SANITIZE_STRING);
$clean["url"] = getRequest("theRealURL", "post", FILTER_SANITIZE_STRING);
$clean["title"] = getRequest("txtTitle", "post", FILTER_SANITIZE_STRING);
$clean["excerpt"] = getRequest("txtExcerpt", "post", FILTER_SANITIZE_SPECIAL_CHARS);
$clean["description"] = getRequest("txtDescript", "post", FILTER_SANITIZE_SPECIAL_CHARS);
$clean["live"] = getRequest("chkLive", "post", FILTER_SANITIZE_STRING);
$clean["live"] = $clean["live"] == "on" ? 1 : 0;
$data = array(
'cat_id' => $clean["gallery_cat_id"],
'txtName' => $clean["name"],
'txtURL' => $clean["url"],
'txtTitle' => $clean["title"],
'txtExcerpt' => $clean["excerpt"],
'txtDescript' => $clean["description"],
'chkLive' => $clean["live"],
'errors' => ''
);
if($clean["parent"] === "" || $clean["name"] === "" || $clean["title"] === "" || $clean["url"] === "") {
$data["errors"] = $this->view("admin/errorBubble", array('title' => 'Error!', 'msg' => 'Please complete the entire form!'), true);
$html["script"] = $this->view("admin/addGalleryCatJS", array('parent' => $clean["parent"]), true);
$form = $this->view("admin/modGalleryCat", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Modify Gallery',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
} else {
$am->modGalleryCategory($clean["gallery_cat_id"], $clean["parent"], $clean["name"], $clean["url"], $clean["title"], $clean["excerpt"], $clean["description"], $clean["live"]);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Modify Gallery',
'content' => 'Gallery modified successfully!',
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
}
}
if(!$saveAttempt && !$loadAttempt) {
$galleries = $am->getGalleryCategories();
$galleryList = '';
foreach ($galleries as $gallery) {
$spacer = (substr_count($gallery["gallery_cat_id"], ".") > 0) ? " . " : "";
$galleryList .= '\n';
}
$form = $this->view("admin/modGalleryCatSelect", array('galleryList' => $galleryList), true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Modify Gallery',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
$this->view("pixelgraff", $html);
}
}
/**
* delete gallery
* remove galleries from the database
*/
function delGalleryCat() {
if(!$this->session->validate()){
header("location: ".QOOB_DOMAIN.QOOB_CONTROLLER_URL."/");
} else {
$html["title"] = 'backdoor/delGalleryCat';
$html["sidebar"] = $this->view("admin/sidebar", array(), true).$this->view("blog/sidebar_qr", array(), true);
$html["selected"] = '';
$html["script"] = $this->view("admin/delGalleryCatJS", array(), true);
$html["body"] = '';
$saveAttempt = false;
$loadAttempt = false;
$am = $this->model("adminModel");
if($_POST) {
$action = getRequest("action", "post", FILTER_SANITIZE_STRING);
if($action == "load") {
$loadAttempt = true;
$clean["gallery_cat_id"] = getRequest("whichGallery", "post", FILTER_SANITIZE_NUMBER_FLOAT);
if($clean["gallery_cat_id"] === '') {
throw new Exception("Invalid gallery id.", 500);
}
$cat = $am->getGalleryCatByID($clean["gallery_cat_id"]);
if(isset($cat[0])) {
$data = array(
'name' => $cat[0]["name"],
'gallery_cat_id' => $cat[0]["gallery_cat_id"],
'deleteCheck' => '',
'images' => 0,
'subcats' => 0
);
if(strpos($clean["gallery_cat_id"], ".") == 0) {
$catcount = $am->getSubGalleryCount($clean["gallery_cat_id"]);
if(isset($catcount[0])) {
$subcats = intval($catcount[0]['theCount']);
if($subcats > 0) {
$data['subcats'] = $subcats;
}
}
}
$imgcount = $am->getGalleryImgCount($clean["gallery_cat_id"]);
if(isset($imgcount[0])) {
$theCount = intval($imgcount[0]['theCount']);
if($theCount > 0) {
$data['images'] = $theCount;
$data['deleteCheck'] = 'Delete Images? ';
}
}
$form = $this->view("admin/delGalleryCat", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Delete Gallery',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
} else {
throw new Exception("Invalid gallery id.", 500);
}
} else {
$saveAttempt = true;
$clean["gallery_cat_id"] = getRequest("gallery_cat_id", "post", FILTER_SANITIZE_NUMBER_FLOAT);
$clean["delete"] = getRequest("chkDelete", "post", FILTER_SANITIZE_STRING);
$clean["delete"] = $clean["delete"] == "on" ? 1 : 0;
if($clean["gallery_cat_id"] === "") {
throw new Exception("Invalid gallery id.", 500);
} else {
$files = $am->delGalleryAndImgs($clean["gallery_cat_id"], $clean["delete"]);
$msg = '';
if($clean["delete"] == 1) {
$total = count($files);
$imgs = 0;
$thumbs = 0;
$this->library(qoob_types::utility, "upload");
$this->upload->setDirectory("root");
foreach ($files as $file) {
$test = $this->upload->delete($file);
if($test) {
$imgs++;
}
$num = strrpos($file,".");
$filename = substr($file, 0, $num);
$ext = substr($file, $num, strlen($file));
$test = $this->upload->delete($filename.'_thumb'.$ext);
if($test) {
$thumbs++;
}
}
$msg = '
'.$imgs.' of '.$total.' images deleted.
'.$thumbs.' of '.$total.' thumbnails deleted';
}
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Delete Gallery',
'content' => 'Galery deleted successfully!'.$msg,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
}
}
if(!$saveAttempt && !$loadAttempt) {
$galleryList = '';
$galleries = $am->getGalleryCategories();
if(count($galleries) > 1) {
foreach ($galleries as $gallery) {
if(strtolower($gallery["name"]) != 'uncategorized') {
$spacer = (substr_count($gallery["gallery_cat_id"], ".") > 0) ? " . " : "";
$galleryList .= '\n';
}
}
} else {
$galleryList .= '\n';
}
$form = $this->view("admin/delGalleryCatSelect", array('galleryList' => $galleryList), true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Delete Gallery',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
$this->view("pixelgraff", $html);
}
}
/**
* add gallery image
* add a new image to the gallery
*/
function addGalleryImg() {
if(!$this->session->validate()){
header("location: ".QOOB_DOMAIN.QOOB_CONTROLLER_URL."/");
} else {
$html["title"] = 'backdoor/addGalleryImg';
$html["meta"] = '';
$html["sidebar"] = $this->view("admin/sidebar", array(), true).$this->view("blog/sidebar_qr", array(), true);
$html["selected"] = '';
$html["script"] = $this->view("admin/addGalleryImgJS", array('cats' => ''), true);
$html["jsfiles"] = ''.PHP_EOL.' '.PHP_EOL.' '.PHP_EOL.' '.PHP_EOL.' '.PHP_EOL;
$html["body"] = '';
$saveAttempt = false;
if($_POST) {
$clean["title"] = getRequest("txtTitle", "post", FILTER_SANITIZE_STRING);
$clean["subtitle"] = getRequest("txtSubTitle", "post", FILTER_SANITIZE_STRING);
$clean["url"] = getRequest("theRealURL", "post", FILTER_SANITIZE_STRING);
$clean["excerpt"] = getRequest("txtExcerpt", "post", FILTER_SANITIZE_STRING);
$clean["description"] = getRequest("txtDescript", "post", FILTER_SANITIZE_STRING);
$clean["live"] = getRequest("chkLive", "post", FILTER_SANITIZE_STRING);
$clean["live"] = $clean["live"] == "on" ? 1 : 0;
$cats = getRequest("txtCats", "post");
$clean["cats"] = is_array($cats) ? implode(",", $cats) : $cats;
$saveAttempt = true;
//---nullbyte filename exploit countermeasue
$clean['theFile'] = str_replace(chr(0), '', $_FILES["theFile"]["name"]);
$clean['theFile'] = str_replace("\0", '', $clean['theFile']);
$data = array(
'txtTitle' => $clean["title"],
'txtSubTitle' => $clean["subtitle"],
'txtURL' => $clean["url"],
'txtExcerpt' => $clean["excerpt"],
'txtDescript' => $clean["description"],
'chkLive' => $clean["live"],
'errors' => ''
);
if($clean['theFile'] === "" || $clean["cats"] === "" || $clean["title"] === ""|| $clean["subtitle"] === "" || $clean["url"] === "") {
$data["errors"] = $this->view("admin/errorBubble", array('title' => 'Error!', 'msg' => 'Please complete the entire form!'), true);
$html["script"] = $this->view("admin/addGalleryImgJS", array('cats' => $clean["cats"]), true);
$form = $this->view("admin/addGalleryImg", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Add Image',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
} else {
$am = $this->model("adminModel");
$result = $am->checkGalleryImg($clean["url"]);
if(isset($result[0])) {
$data["errors"] = $this->view("admin/errorBubble", array('title' => 'Error!', 'msg' => 'That image URL already exists!'), true);
$html["script"] = $this->view("admin/addGalleryImgJS", array('cats' => $clean["cats"]), true);
$form = $this->view("admin/addGalleryImg", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Add Image',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
} else {
if($_FILES["theFile"]["error"] > 0) {
$data["errors"] = $this->view("admin/errorBubble", array('title' => 'Error!', 'msg' => 'Your image is corrupt or became corrupt in upload!'), true);
$html["script"] = $this->view("admin/addGalleryImgJS", array('cats' => $clean["cats"]), true);
$form = $this->view("admin/addGalleryImg", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Add Image',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
} else {
$this->library(qoob_types::utility, "upload");
$this->upload->setMIMES(array('image/jpeg','image/pjpeg','image/jpg','image/x-jps','image/png','image/tiff','image/x-tiff','image/gif','image/bmp'));
if(!$this->upload->testMIME($_FILES["theFile"]["type"])) {
$data["errors"] = $this->view("admin/errorBubble", array('title' => 'Error!', 'msg' => 'The file you selected was not an image!'), true);
$html["script"] = $this->view("admin/addGalleryImgJS", array('cats' => $clean["cats"]), true);
$form = $this->view("admin/addGalleryImg", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Add Image',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
} else {
//save image
$this->upload->setDirectory("root");
$ext = strtolower($this->upload->getExtention($clean['theFile']));
$name = $clean["url"];
while($this->upload->exists($name.".".$ext)) {
$rand = str_split(md5(microtime()), 5);
$name .= $rand[0];
}
$clean["filename"] = $name.".".$ext;
$clean["thumbname"] = $name."_thumb.".$ext;
$this->upload->file($_FILES["theFile"]["tmp_name"], $clean["filename"]);
//create thumbnail
$target_path = QOOB_ROOT.SLASH."style".SLASH."img".SLASH."projects".SLASH.$clean["filename"];
/**
* @todo thumbnail size needs to be user defined somewhere...
*/
$size = 300;
switch ($ext) {
case 'png':
$img = imagecreatefrompng($target_path);
$createIMG = 'ImagePNG';
ImageAlphaBlending($img,true);
ImageSaveAlpha($img,true);
break;
case 'gif':
$img = imagecreatefromgif($target_path);
$createIMG = 'ImageGIF';
$transparent_index = ImageColorTransparent($img);
if($transparent_index!=(-1)) $transparent_color = ImageColorsForIndex($img,$transparent_index);
break;
case 'jpg':
case 'jpeg':
$img = imagecreatefromjpeg($target_path);
$createIMG = 'ImageJPEG';
break;
default:
throw new Exception("Failed to create thumbnail.
Invalid image type.", 500);
break;
}
list($w,$h) = GetImageSize($target_path);
if( $w==0 or $h==0 ) throw new Exception("Image size is zero.", 500);
$percent = $size / (($w>$h)?$w:$h);
$nw = intval($w*$percent);
$nh = intval($h*$percent);
$thumb = ImageCreateTrueColor($nw,$nh);
if($ext=='png') {
ImageAlphaBlending($thumb,false);
ImageSaveAlpha($thumb,true);
}
if(!empty($transparent_color)) {
$transparent_new = ImageColorAllocate($thumb, $transparent_color['red'], $transparent_color['green'], $transparent_color['blue']);
$transparent_new_index = ImageColorTransparent($thumb,$transparent_new);
ImageFill($thumb, 0,0, $transparent_new_index);
}
if(ImageCopyResized($thumb,$img, 0,0,0,0, $nw,$nh, $w,$h)) {
ImageDestroy($img);
$img = $thumb;
}
ob_start();
$createIMG($img);
$thumbdata = ob_get_clean();
$this->upload->writeFile($clean["thumbname"], $thumbdata);
ImageDestroy($img);
//add to database
$id = $am->addGalleryImg($clean["url"], $clean["filename"], $clean["title"], $clean["subtitle"], $clean["excerpt"], $clean["description"], $clean["live"]);
if(!empty($clean["cats"])) {
$cats = explode(",", $clean["cats"]);
foreach($cats as $cat) {
$am->addGalleryImgMeta($id, "category", $cat);
}
}
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Add Image',
'content' => 'Gallery image uploaded successfully!',
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
}
}
}
}
if(!$saveAttempt) {
$form = array(
'txtTitle' => '',
'txtSubTitle' => '',
'txtURL' => '',
'txtExcerpt' => '',
'txtDescript' => '',
'chkLive' => '',
'errors' => ''
);
$form = $this->view("admin/addGalleryImg", $form, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Add Image',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
$this->view("pixelgraff", $html);
}
}
/**
* modify gallery image
* update the gallery image info in the database
*/
function modGalleryImg() {
if(!$this->session->validate()){
header("location: ".QOOB_DOMAIN.QOOB_CONTROLLER_URL."/");
} else {
$html["title"] = 'backdoor/modGalleryImg';
$html["meta"] = '';
$html["sidebar"] = $this->view("admin/sidebar", array(), true).$this->view("blog/sidebar_qr", array(), true);
$html["selected"] = '';
$html["script"] = $this->view("admin/addGalleryImgJS", array('cats' => ''), true);
$html["jsfiles"] = ''.PHP_EOL.' '.PHP_EOL.' '.PHP_EOL.' '.PHP_EOL.' '.PHP_EOL;
$html["body"] = '';
$saveAttempt = false;
$loadAttempt = false;
$am = $this->model("adminModel");
if($_POST) {
$action = getRequest("action", "post", FILTER_SANITIZE_STRING);
if($action == "load") {
$loadAttempt = true;
$clean["image_id"] = getRequest("selectImgID", "post", FILTER_SANITIZE_NUMBER_INT);
$img = $am->getGalleryImgAndMetaByID($clean["image_id"]);
if(isset($img[0])) {
$data = array(
'image_id' => $clean["image_id"],
'txtURL' => $img[0]["url"],
'theFile' => $img[0]["filename"],
'txtTitle' => $img[0]["title"],
'txtSubTitle' => $img[0]["subtitle"],
'txtExcerpt' => $img[0]["excerpt"],
'txtDescript' => $img[0]["description"],
'chkLive' => $img[0]["live"],
'errors' => ''
);
$form = $this->view("admin/modGalleryImg", $data, true);
$html["script"] = $this->view("admin/addGalleryImgJS", array('cats' => $img[0]["cats"]), true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Modify Image',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
} else {
throw new Exception("Invalid image id.", 500);
}
} else {
$clean["image_id"] = getRequest("image_id", "post", FILTER_SANITIZE_NUMBER_INT);
$clean["theFile"] = getRequest("theFile", "post", FILTER_SANITIZE_STRING);
$clean["title"] = getRequest("txtTitle", "post", FILTER_SANITIZE_STRING);
$clean["subtitle"] = getRequest("txtSubTitle", "post", FILTER_SANITIZE_STRING);
$clean["url"] = getRequest("theRealURL", "post", FILTER_SANITIZE_STRING);
$clean["excerpt"] = getRequest("txtExcerpt", "post", FILTER_SANITIZE_STRING);
$clean["description"] = getRequest("txtDescript", "post", FILTER_SANITIZE_STRING);
$clean["live"] = getRequest("chkLive", "post", FILTER_SANITIZE_STRING);
$clean["live"] = $clean["live"] == "on" ? 1 : 0;
$cats = getRequest("txtCats", "post");
$clean["cats"] = is_array($cats) ? implode(",", $cats) : $cats;
$saveAttempt = true;
$data = array(
'image_id' => $clean["image_id"],
'theFile' => $clean["theFile"],
'txtTitle' => $clean["title"],
'txtSubTitle' => $clean["subtitle"],
'txtURL' => $clean["url"],
'txtExcerpt' => $clean["excerpt"],
'txtDescript' => $clean["description"],
'chkLive' => $clean["live"],
'errors' => ''
);
if($clean["cats"] === "" || $clean["title"] === ""|| $clean["subtitle"] === "" || $clean["url"] === "") {
$data["errors"] = $this->view("admin/errorBubble", array('title' => 'Error!', 'msg' => 'Please complete the entire form!'), true);
$html["script"] = $this->view("admin/addGalleryImgJS", array('cats' => $clean["cats"]), true);
$form = $this->view("admin/modGalleryImg", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Add Image',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
} else {
$oldpost = $am->getGalleryImgAndMetaByID($clean["image_id"]);
if($clean["url"] != $oldpost[0]["url"]) {
$result = $am->checkGalleryImg($clean["url"]);
if(isset($result[0])) {
$data["errors"] = $this->view("admin/errorBubble", array('title' => 'Error!', 'msg' => 'That URL is already in use!'), true);
$html["script"] = $this->view("admin/addGalleryImgJS", array('cats' => $clean["cats"]), true);
$form = $this->view("admin/modGalleryImg", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Modify Image',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
}
if($data["errors"] == "") {
//---modify image
$am->modGalleryImg($clean["image_id"], $clean["url"], $clean["title"], $clean["subtitle"], $clean["excerpt"], $clean["description"], $clean["live"]);
//---check categories
$this->library(qoob_types::utility, "custom_diff");
$catTest = $this->custom_diff->run($oldpost[0]["cats"], $clean["cats"]);
if(isset($catTest["add"])) {
foreach($catTest["add"] as $newcat) {
$am->addGalleryImgMeta($clean["image_id"], "category", $newcat);
}
}
if(isset($catTest["del"])) {
foreach($catTest["del"] as $oldcat) {
$am->delGalleryImgMeta($clean["image_id"], "category", $oldcat);
}
}
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Modify Image',
'content' => 'Image modified successfully!',
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
}
}
}
if(!$saveAttempt && !$loadAttempt) {
$galleries = $am->getGalleryCategories();
$galleryList = '';
foreach ($galleries as $gallery) {
$spacer = (substr_count($gallery["gallery_cat_id"], ".") > 0) ? " . " : "";
$galleryList .= '\n';
}
$form = $this->view("admin/modGalleryImgSelect", array('galleryList' => $galleryList, 'errors' => ''), true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Modify Image',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
$this->view("pixelgraff", $html);
}
}
/**
* delete image
* remove images from the gallery
*/
function delGalleryImg() {
if(!$this->session->validate()){
header("location: ".QOOB_DOMAIN.QOOB_CONTROLLER_URL."/");
} else {
$html["title"] = 'backdoor/delGalleryImg';
$html["sidebar"] = $this->view("admin/sidebar", array(), true).$this->view("blog/sidebar_qr", array(), true);
$html["selected"] = '';
$html["script"] = $this->view("admin/delGalleryImgJS", array(), true);
$html["body"] = '';
$saveAttempt = false;
$loadAttempt = false;
$am = $this->model("adminModel");
if($_POST) {
$action = getRequest("action", "post", FILTER_SANITIZE_STRING);
if($action == "load") {
$loadAttempt = true;
$clean["image_id"] = getRequest("selectImgID", "post", FILTER_SANITIZE_NUMBER_INT);
$img = $am->getGalleryImgAndMetaByID($clean["image_id"]);
if(isset($img[0])) {
$data = array(
'image_id' => $clean["image_id"],
'theFile' => $img[0]["filename"],
);
$form = $this->view("admin/delGalleryImg", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Delete Image',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
} else {
throw new Exception("Invalid image id.", 500);
}
} else {
$saveAttempt = true;
$clean["image_id"] = getRequest("image_id", "post", FILTER_SANITIZE_NUMBER_INT);
if($clean["image_id"] === "") {
throw new Exception("Invalid post id.", 500);
} else {
$img = $am->getGalleryImgAndMetaByID($clean["image_id"]);
if(!isset($img[0])) {
throw new Exception("Invalid post id.", 500);
} else {
$cats = explode(',', $img[0]['cats']);
foreach ($cats as $cat) {
$am->delGalleryImgMeta($clean["image_id"], "category", $cat);
}
$am->delGalleryImg($clean["image_id"]);
$this->library(qoob_types::utility, "upload");
$this->upload->setDirectory("root");
$test = $this->upload->delete($img[0]['filename']);
$msg = '';
if(!$test) {
$msg = "Failed to delete the image from the server.";
}
$num = strrpos($img[0]['filename'],".");
$file = substr($img[0]['filename'], 0, $num);
$ext = substr($img[0]['filename'], $num, strlen($img[0]['filename']));
$test = $this->upload->delete($file.'_thumb'.$ext);
if(!$test) {
$msg = "
Failed to delete thumbnail from the server.";
}
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Delete Image',
'content' => 'Gallery image deleted successfully!
'.$msg,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
}
}
}
if(!$saveAttempt && !$loadAttempt) {
$galleries = $am->getGalleryCategories();
$galleryList = '';
foreach ($galleries as $gallery) {
$spacer = (substr_count($gallery["gallery_cat_id"], ".") > 0) ? " . " : "";
$galleryList .= '\n';
}
$form = $this->view("admin/delGalleryImgSelect", array('galleryList' => $galleryList, 'errors' => ''), true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Delete Image',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
$this->view("pixelgraff", $html);
}
}
//___________________________________________________________________________________________________________
// code
/**
* add code
* add a git repo to the database
*/
function addCode() {
if(!$this->session->validate()){
header("location: ".QOOB_DOMAIN.QOOB_CONTROLLER_URL."/");
} else {
$html["title"] = 'backdoor/addCode';
$html["meta"] = '';
$html["sidebar"] = $this->view("admin/sidebar", array(), true).$this->view("blog/sidebar_qr", array(), true);
$html["selected"] = '';
$html["script"] = $this->view("admin/addCodeJS", array(), true);
$saveAttempt = false;
if($_POST) {
$clean["url"] = getRequest("theRealURL", "post", FILTER_SANITIZE_STRING);
$clean["repo"] = getRequest("txtRepo", "post", FILTER_SANITIZE_STRING);
$clean["name"] = getRequest("txtName", "post", FILTER_SANITIZE_STRING);
$clean["subtitle"] = getRequest("txtSubTitle", "post", FILTER_SANITIZE_STRING);
$clean["description"] = getRequest("txtDescription", "post", FILTER_SANITIZE_SPECIAL_CHARS);
$clean["readme"] = getRequest("txtReadMe", "post", FILTER_SANITIZE_SPECIAL_CHARS);
$saveAttempt = true;
$data = array(
'errors' => '',
'txtRepo' => $clean["repo"],
'txtName' => $clean["name"],
'txtSubTitle' => $clean["subtitle"],
'txtURL' => $clean["url"],
'txtDescription' => $clean["description"],
'txtReadMe' => $clean["readme"],
);
if($clean["url"] === "" or $clean["repo"] === "" or $clean["name"] === "" or $clean["description"] === "" or $clean["readme"] === "") {
$data["errors"] = $this->view("admin/errorBubble", array('title' => 'Error!', 'msg' => 'Please complete the entire form!'), true);
$form = $this->view("admin/addCode", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Add Code',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
} else {
$am = $this->model("adminModel");
$result = $am->checkCodeRoute($clean["url"]);
if(isset($result[0])) {
$data["errors"] = $this->view("admin/errorBubble", array('title' => 'Error!', 'msg' => 'That URL is already in use!'), true);
$form = $this->view("admin/addCode", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Add Code',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
} else {
$am->addCode($clean);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Add Code',
'content' => 'New Git Repo added successfully!',
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
}
}
if(!$saveAttempt) {
$data = array(
'txtRepo' => '',
'txtName' => '',
'txtSubTitle' => '',
'txtURL' => '',
'txtDescription' => '',
'txtReadMe' => '',
'errors' => '',
);
$form = $this->view("admin/addCode", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Add Code',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
$this->view("pixelgraff", $html);
}
}
function modCode() {
if(!$this->session->validate()){
header("location: ".QOOB_DOMAIN.QOOB_CONTROLLER_URL."/");
} else {
$html["title"] = 'backdoor/modCode';
$html["meta"] = '';
$html["sidebar"] = $this->view("admin/sidebar", array(), true).$this->view("blog/sidebar_qr", array(), true);
$html["selected"] = '';
$html["script"] = $this->view("admin/modCodeJS", array(), true);
$saveAttempt = false;
$loadAttempt = false;
$am = $this->model("adminModel");
if($_POST) {
$action = getRequest("action", "post", FILTER_SANITIZE_STRING);
if($action == "load") {
$loadAttempt = true;
$clean["git_id"] = getRequest("whichRepo", "post", FILTER_SANITIZE_NUMBER_INT);
$repo = $am->getCode($clean["git_id"]);
if(isset($repo[0])) {
$data = array(
'errors' => '',
'txtRepo' => $repo[0]["repo"],
'txtName' => $repo[0]["name"],
'txtSubTitle' => $repo[0]["subtitle"],
'txtURL' => $repo[0]["url"],
'txtDescription' => $repo[0]["description"],
'txtReadMe' => $repo[0]["readme"],
'git_id' => $repo[0]["git_id"],
);
$form = $this->view("admin/modCode", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Modify Code',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
} else {
throw new Exception("Invalid code id.", 500);
}
} else {
$saveAttempt = true;
$clean["git_id"] = getRequest("git_id", "post", FILTER_SANITIZE_NUMBER_INT);
$clean["url"] = getRequest("theRealURL", "post", FILTER_SANITIZE_STRING);
$clean["repo"] = getRequest("txtRepo", "post", FILTER_SANITIZE_STRING);
$clean["name"] = getRequest("txtName", "post", FILTER_SANITIZE_STRING);
$clean["subtitle"] = getRequest("txtSubTitle", "post", FILTER_SANITIZE_STRING);
$clean["description"] = getRequest("txtDescription", "post", FILTER_SANITIZE_SPECIAL_CHARS);
$clean["readme"] = getRequest("txtReadMe", "post", FILTER_SANITIZE_SPECIAL_CHARS);
$data = array(
'errors' => '',
'txtRepo' => $clean["repo"],
'txtName' => $clean["name"],
'txtSubTitle' => $clean["subtitle"],
'txtURL' => $clean["url"],
'txtDescription' => $clean["description"],
'txtReadMe' => $clean["readme"],
'git_id' => $clean["git_id"]
);
if($clean["url"] === "" or $clean["repo"] === "" or $clean["name"] === "" or $clean["description"] === "" or $clean["readme"] === "") {
$data["errors"] = $this->view("admin/errorBubble", array('title' => 'Error!', 'msg' => 'Please complete the entire form!'), true);
$form = $this->view("admin/modCode", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Modify Code',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
} else {
if($data["errors"] == '') {
$am->modCode($clean);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Modify Code',
'content' => 'Your Git Repo has been modified successfully!',
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
}
}
}
if(!$saveAttempt && !$loadAttempt) {
$codes = $am->getCodes();
$repoList = '';
if(isset($codes[0])) {
foreach ($codes as $repo) {
$repoList .= '\n';
}
} else {
$repoList = '\n';
}
$form = $this->view("admin/modCodeSelect", array('repoList' => $repoList), true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Modify Code',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
$this->view("pixelgraff", $html);
}
}
function delCode() {
if(!$this->session->validate()){
header("location: ".QOOB_DOMAIN.QOOB_CONTROLLER_URL."/");
} else {
$html["title"] = 'backdoor/delCode';
$html["meta"] = '';
$html["sidebar"] = $this->view("admin/sidebar", array(), true).$this->view("blog/sidebar_qr", array(), true);
$html["selected"] = '';
$html["script"] = $this->view("admin/delCodeJS", array(), true);
$html["body"] = '';
$saveAttempt = false;
$loadAttempt = false;
$am = $this->model("adminModel");
if($_POST) {
$action = getRequest("action", "post", FILTER_SANITIZE_STRING);
if($action == "load") {
$loadAttempt = true;
$clean["git_id"] = getRequest("whichRepo", "post", FILTER_SANITIZE_NUMBER_INT);
$repo = $am->getCode($clean["git_id"]);
if(isset($repo[0])) {
$data = array(
'url' => $repo[0]["url"],
'git_id' => $clean["git_id"],
);
$form = $this->view("admin/delCode", $data, true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Delete Code',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
} else {
throw new Exception("Invalid code id.", 500);
}
} else {
$saveAttempt = true;
$clean["git_id"] = getRequest("git_id", "post", FILTER_SANITIZE_NUMBER_INT);
if($clean["git_id"] === "") {
throw new Exception("Invalid code id.", 500);
} else {
$am->delCode($clean["git_id"]);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Delete Code',
'content' => 'Your Git Repo as been deleted successfully!',
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
}
}
if(!$saveAttempt && !$loadAttempt) {
$codes = $am->getCodes();
$repoList = '';
if(isset($codes[0])) {
foreach ($codes as $repo) {
$repoList .= '\n';
}
} else {
$repoList = '\n';
}
$form = $this->view("admin/delCodeSelect", array('repoList' => $repoList), true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'Delete Code',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
}
$this->view("pixelgraff", $html);
}
}
//___________________________________________________________________________________________________________
// stats
function stats() {
if(!$this->session->validate()){
header("location: ".QOOB_DOMAIN.QOOB_CONTROLLER_URL."/");
} else {
$html["title"] = 'backdoor/stats';
$html["meta"] = '';
$html["sidebar"] = $this->view("admin/sidebar", array(), true).$this->view("blog/sidebar_qr", array(), true);
$html["selected"] = '';
$html["script"] = $this->view("admin/statsJS", array(), true);
$html["body"] = '';
$form = $this->view("admin/stats", array(), true);
$post = array(
'mainCat' => '',
'url' => '',
'title' => 'Backdoor',
'subtitle' => 'View Statistics',
'content' => $form,
'comments' => 0
);
$html["body"] = $this->view("post", $post, true);
$this->view("pixelgraff", $html);
}
}
//___________________________________________________________________________________________________________
// ajax
/**
* ajax
* dynamic javascript backend
*/
function ajax() {
if(!$this->session->validate()){
header("location: ".QOOB_DOMAIN.QOOB_CONTROLLER_URL."/");
} else {
$action = getRequest("action", "request", FILTER_SANITIZE_STRING);
$this->stats = false;
switch ($action) {
case "inflection":
$str = getRequest("str", "post", FILTER_SANITIZE_STRING);
$type = getRequest("type", "post", FILTER_SANITIZE_STRING);
$this->library(qoob_types::utility, "inflector");
if($str === "") {
die("error");
} else {
switch ($type) {
case "camel":
$url = $this->inflector->camelize($str);
break;
case "underscore":
$url = $this->inflector->underscore($str);
break;
default:
$url = $this->inflector->underscore($str);
break;
}
die($url);
}
break;
case "addTag":
$name = getRequest("name", "post", FILTER_SANITIZE_STRING);
$url = getRequest("url", "post", FILTER_SANITIZE_STRING);
if($name == "" || $url == "") {
die("missing");
}
$cat = $this->model("adminModel");
$check = $cat->checkBlogTag($name, $url);
if(count($check) > 0) {
die("used");
}
$cat->addBlogTag($name, $url);
die("success");
break;
case "getTags":
$tag = $this->model("adminModel");
$tags = $tag->getBlogTags();
if(isset($tags[0])) {
$this->library(qoob_types::utility, "cloud");
$this->cloud->setMax(200);
$this->cloud->setMin(90);
$html = $this->cloud->generate($tags);
} else {
$html = 'No tags found.';
}
die($html);
break;
case "addCategory":
$name = getRequest("name", "post", FILTER_SANITIZE_STRING);
$url = getRequest("url", "post", FILTER_SANITIZE_STRING);
$parent = getRequest("parent", "post", FILTER_SANITIZE_STRING);
if($name == "" || $url == "" || $parent == "") {
die("missing");
}
$cat = $this->model("adminModel");
/**
* @todo perhaps allow for subcat to have the same name as a main cat?
* possibility for collisions...? :P
*/
$check = $cat->checkBlogCategory($name, $url);
if(count($check) > 0) {
die("used");
}
$cat->addBlogCategory($name, $url, $parent);
die("success");
break;
case "getCategories":
$type = getRequest("type", "post", FILTER_SANITIZE_STRING);
$cat = $this->model("adminModel");
$cats = $cat->getBlogCategories();
$i = 0;
if($type == "new") {
$html = '