Location: PHPKode > projects > PhpBMS > phpbms/modules/base/include/adminsettings_include.php
<?php
/*
 $Rev: 703 $ | $LastChangedBy: brieb $
 $LastChangedDate: 2010-01-01 17:34:45 -0700 (Fri, 01 Jan 2010) $
 +-------------------------------------------------------------------------+
 | Copyright (c) 2004 - 2010, Kreotek LLC                                  |
 | All rights reserved.                                                    |
 +-------------------------------------------------------------------------+
 |                                                                         |
 | Redistribution and use in source and binary forms, with or without      |
 | modification, are permitted provided that the following conditions are  |
 | met:                                                                    |
 |                                                                         |
 | - Redistributions of source code must retain the above copyright        |
 |   notice, this list of conditions and the following disclaimer.         |
 |                                                                         |
 | - Redistributions in binary form must reproduce the above copyright     |
 |   notice, this list of conditions and the following disclaimer in the   |
 |   documentation and/or other materials provided with the distribution.  |
 |                                                                         |
 | - Neither the name of Kreotek LLC nor the names of its contributore may |
 |   be used to endorse or promote products derived from this software     |
 |   without specific prior written permission.                            |
 |                                                                         |
 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS     |
 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT       |
 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A |
 | PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT      |
 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,   |
 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT        |
 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,   |
 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY   |
 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT     |
 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE   |
 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.    |
 |                                                                         |
 +-------------------------------------------------------------------------+
*/

/**
 * Handles saving of settings for phpBMS
 *
 * Processes and retrieves settings from the settings table.
 * @author Brian Rieb <hide@address.com>
 */
class settings{

    /**
	 * $db
     *
     * @var object phpBMS database object
     */
    var $db;

	/**
	 * $updateErrors
	 *
	 * @var string Error message to be displayed upon errored update.
	 */
	var $updateErrorMessage = "";


    /**
     * Constructor sets up {@link $db}
     */
    function settings($db){

		$this->db = $db;

    }//end function constructor


    /**
     * Retrieves settings from database and populates array with them
     *
     */
    function getSettings(){

		$therecord = array();

		$querystatement = "
			SELECT
			`name`,
			`value`
			FROM
			`settings`";

		$queryresult = $this->db->query($querystatement);

		while($setting = $this->db->fetchArray($queryresult))
			$therecord[$setting["name"]] = $setting["value"];

		return $therecord;

    }//end function getSettings


    /**
     * Updates phpBMS settings
     *
     * Updates the phpBMS settings, including the logo graphic
     *
     * @param array $variables variables passed from the form
     * @global object phpbms
     */
    function updateSettings($variables){

		global $phpbms;

		if(!isset($variables["persistent_login"]))
			$variables["persistent_login"] = 0;

		if(!isset($variables["auto_check_update"]))
			$variables["auto_check_update"] = 0;

		if(!isset($variables["send_metrics"]))
			$variables["send_metrics"] = 0;

		//include any procesing that needs to be done by modules
		foreach($phpbms->modules as $module => $moduleinfo){
			if($module != "base"){
				if(class_exists($module."Update")){

					$class = $module."Update";
					$extraUpdate = new $class($this->db);
					$variables = $extraUpdate->updateSettings($variables);

					if(isset($extraUpdate->updateErrorMessage))
						if($extraUpdate->updateErrorMessage)
							$this->updateErrorMessage = $extraUpdate->updateErrorMessage;

				}//end if
			}//end if
		}//end foreach

		// Update the settings records
		foreach($variables as $settingname => $settingvalue){

			if(defined(strtoupper($settingname))){

				if(constant(strtoupper($settingname)) != $settingvalue){

					$updatestatement = "
						UPDATE
							settings
						SET
							value ='".$settingvalue."'
						WHERE
							name='".mysql_real_escape_string($settingname)."'";

					$updateresult = $this->db->query($updatestatement);

					if(!$this->db->affectedRows()){

						//check to see why the update did not work
						$querystatement = "
							SELECT
								name
							FROM
								settings
							WHERE
								name = '".mysql_real_escape_string($settingname)."'";

						$queryresult = $this->db->query($querystatement);

						if(!$this->db->numRows($queryresult)){

						//insert the setting if need be
						$insertstatement ="
							INSERT INTO
							settings (
								`value`,
								`name`,
							) VALUES (
								'".$settingvalue."',
								'".mysql_real_escape_string($settingname)."'
								)";

						$this->db-query($insertstatement);

						}//end if

					}//end if

				}//end if

			}//endif

		}//end foreach

		// deal with logo graphic.
		if(isset($_FILES["printedlogo"])){

			$validFileTypes = array(
			"image/png",
			"image/x-png",
			"image/jpg",
			"image/jpeg",
			"imagep/jpeg",
			);

			if(in_array($_FILES["printedlogo"]["type"], $validFileTypes)){

			if (function_exists('file_get_contents')) {

				$file = mysql_real_escape_string(file_get_contents($_FILES['printedlogo']['tmp_name']));

			} else {

				// If using PHP < 4.3.0 use the following:
				$file = mysql_real_escape_string(fread(fopen($_FILES['printedlogo']['tmp_name'], 'r'), filesize($_FILES['printedlogo']['tmp_name'])));

			}//endif

			if($_FILES["printedlogo"]["type"] == "image/jpeg")
				$name = "logo.jpg";
			else
				$name = "logo.png";

			$updatestatement = "
				UPDATE
				`files`
				SET
				`file` = '".$file."',
				`type` = '".$_FILES["printedlogo"]["type"]."',
				`name`='".$name."'
				WHERE
				id = 1";

			$this->db->query($updatestatement);

			}//endif file types

		}//endif file exists

		return true;

    }//end function updateSettings


    /**
     * Updates the password encryption seed and the password for the current user
     *
     * Updates the encryption seed, and alsoupdates the encryption seed for the
     * given user (current)
     *
     * @param string $newseed the new encrptions seed
     * @param string $currpassword the user's current password
     * @param integer $userid the user's id
     */
    function updateEncyptionSeed($newseed, $currpassword, $userid){

		$userid = (int) $userid;

		//first let's make sure the password matches
		$querystatement="
			SELECT
			id
			FROM
			users
			WHERE
			id = ".$userid."
			AND password = ENCODE('".$currpassword."','".ENCRYPTION_SEED."')";

		$queryresult = $this->db->query($querystatement);

		if(!$this->db->numRows($queryresult))
			return "Encryption Seed not Updated: Invalid Current Password";

		//let's update the encryption seed then
		$querystatement = "
			UPDATE
			`settings`
			SET
			`value` = '".$newseed."'
			WHERE
			`name` = 'encryption_seed'";

		$queryresult = $this->db->query($querystatement);

		//last, reencode the current password
		$querystatement = "
			UPDATE
			users
			SET
			password = ENCODE('".$currpassword."','".$newseed."')
			WHERE
			 id = ".$userid;

		$queryresult=$this->db->query($querystatement);

		//rencode all other passwords
		$querystatement = "
			UPDATE
			users
			SET
			password = ENCODE(DECODE(password,'".ENCRYPTION_SEED."'),'".$newseed."')
			WHERE
			id !=".$userid;

		$queryresult=$this->db->query($querystatement);

		return "Encryption Seed Updated.";

    }//end function updateEncryptionSeed


    /**
    * processes settings form
    *
    * Processes the form that updates the settings, or the encryption seed
    *
    * @param array $variables variables array passed from the $_POST
    */
    function processForm($variables){

		$variables = addSlashesToArray($variables);

		switch($variables["command"]){

			case "save":
			if($this->updateSettings($variables))
				if(!$this->updateErrorMessage)
					$statusmessage = "Settings Updated";
				else
					$statusmessage = "ERROR: ".$this->updateErrorMessage;
			break;

			case "encryption seed":
			if(isset($variables["changeseed"]))
				$statusmessage = $this->updateEncyptionSeed($variables["encryption_seed"],$variables["currentpassword"],$_SESSION["userinfo"]["id"]);
			break;

		}//endswitch

		return $statusmessage;

    }//end function processForm


    /**
     * displays options values for stylesheet select
     *
     * Displays the option tags for the stylesheet select
     *
     * @param string $stylesheet the current stylesheet
     */
    function displayStylesheets($stylesheet){

		$thedir="../../common/stylesheet";
		$thedir_stream = @opendir($thedir);

		while($entry = @ readdir($thedir_stream)){

			if ($entry!="." and  $entry!=".." and is_dir($thedir."/".$entry) && $entry != ".svn") {

			?><option value="<?php echo $entry?>" <?php if($entry = $stylesheet) echo 'selected="selected"'; ?>><?php echo $entry?></option><?php

			}//endif

		}//endwhile

    }//end function displayStyleSheets


    /**
     * Check to see if the scheduler has ever run
     */
    function checkForSchedulerRunning(){

		//first, if this is within the first day of the installation, we skip the check

		$querystatement = "SELECT creationdate FROM users WHERE id = 1";

		$queryresult = $this->db->query($querystatement);

		$therecord = $this->db->fetchArray($queryresult);

		if(stringToDate($therecord["creationdate"], "SQL") < strtotime("yesterday")){

			$querystatement = "
				SELECT
					MAX(lastrun) AS lastrun
				FROM
					scheduler";

			$queryresult = $this->db->query($querystatement);

			$therecord = $this->db->fetchArray($queryresult);

			if(!$therecord["lastrun"])
			return false;

		}//endif

		return true;

    }//end function checkForSchedulerRunning

}//end class settings
?>
Return current item: PhpBMS