Spade
Mini Shell
home/lmsyaran/public_html/components/com_reservation/controller.php000064400000010322151165700660022111
0ustar00<?php
/*----------------------------------------------------------------------------------|
www.vdm.io |----/
fdsh
/-------------------------------------------------------------------------------------------------------/
@version 1.0.39
@build 4th April, 2023
@created 17th December, 2020
@package Reservation
@subpackage controller.php
@author farhad shahbazi <http://farhad.com>
@copyright Copyright (C) 2015. All Rights Reserved
@license GNU/GPL Version 2 or later -
http://www.gnu.org/licenses/gpl-2.0.html
____ _____ _____ __ __ __ __ ___ _____ __ __ ____
_____ _ _ ____ _ _ ____
(_ _)( _ )( _ )( \/ )( ) /__\ / __)( _ )( \/ )( _ \(
_ )( \( )( ___)( \( )(_ _)
.-_)( )(_)( )(_)( ) ( )(__ /(__)\ ( (__ )(_)( ) ( )___/
)(_)( ) ( )__) ) ( )(
\____) (_____)(_____)(_/\/\_)(____)(__)(__) \___)(_____)(_/\/\_)(__)
(_____)(_)\_)(____)(_)\_) (__)
/------------------------------------------------------------------------------------------------------*/
// No direct access to this file
defined('_JEXEC') or die('Restricted access');
use Joomla\Utilities\ArrayHelper;
/**
* Reservation Component Controller
*/
class ReservationController extends JControllerLegacy
{
/**
* Method to display a view.
*
* @param boolean $cachable If true, the view output will be cached.
* @param boolean $urlparams An array of safe URL parameters and their
variable types, for valid values see {@link JFilterInput::clean()}.
*
* @return JController This object to support chaining.
*
*/
function display($cachable = false, $urlparams = false)
{
// set default view if not set
$view = $this->input->getCmd('view', 'login');
$this->input->set('view', $view);
$isEdit = $this->checkEditView($view);
$layout = $this->input->get('layout', null,
'WORD');
$id = $this->input->getInt('id');
// $cachable = true; (TODO) working on a fix
[gh-238](https://github.com/vdm-io/Joomla-Component-Builder/issues/238)
// insure that the view is not cashable if edit view or if user is logged
in
$user = JFactory::getUser();
if ($user->get('id') || $isEdit)
{
$cachable = false;
}
// Check for edit form.
if($isEdit)
{
if ($layout == 'edit' &&
!$this->checkEditId('com_reservation.edit.'.$view, $id))
{
// Somehow the person just went to the form - we don't allow that.
$this->setError(JText::sprintf('JLIB_APPLICATION_ERROR_UNHELD_ID',
$id));
$this->setMessage($this->getError(), 'error');
// check if item was opend from other then its own list view
$ref = $this->input->getCmd('ref', 0);
$refid = $this->input->getInt('refid', 0);
// set redirect
if ($refid > 0 && ReservationHelper::checkString($ref))
{
// redirect to item of ref
$this->setRedirect(JRoute::_('index.php?option=com_reservation&view='.(string)$ref.'&layout=edit&id='.(int)$refid,
false));
}
elseif (ReservationHelper::checkString($ref))
{
// redirect to ref
$this->setRedirect(JRoute::_('index.php?option=com_reservation&view='.(string)$ref,
false));
}
else
{
// normal redirect back to the list default site view
$this->setRedirect(JRoute::_('index.php?option=com_reservation&view=login',
false));
}
return false;
}
}
// we may need to make this more dynamic in the future. (TODO)
$safeurlparams = array(
'catid' => 'INT',
'id' => 'INT',
'cid' => 'ARRAY',
'year' => 'INT',
'month' => 'INT',
'limit' => 'UINT',
'limitstart' => 'UINT',
'showall' => 'INT',
'return' => 'BASE64',
'filter' => 'STRING',
'filter_order' => 'CMD',
'filter_order_Dir' => 'CMD',
'filter-search' => 'STRING',
'print' => 'BOOLEAN',
'lang' => 'CMD',
'Itemid' => 'INT');
// should these not merge?
if (ReservationHelper::checkArray($urlparams))
{
$safeurlparams = ReservationHelper::mergeArrays(array($urlparams,
$safeurlparams));
}
return parent::display($cachable, $safeurlparams);
}
protected function checkEditView($view)
{
if (ReservationHelper::checkString($view))
{
$views = array(
'plan'
);
// check if this is a edit view
if (in_array($view,$views))
{
return true;
}
}
return false;
}
}
home/lmsyaran/public_html/j3/components/com_mailto/controller.php000064400000007447151165777170021401
0ustar00<?php
/**
* @package Joomla.Site
* @subpackage com_mailto
*
* @copyright Copyright (C) 2005 - 2020 Open Source Matters, Inc. All
rights reserved.
* @license GNU General Public License version 2 or later; see
LICENSE.txt
*/
defined('_JEXEC') or die;
/**
* Mailer Component Controller.
*
* @since 1.5
*/
class MailtoController extends JControllerLegacy
{
/**
* Show the form so that the user can send the link to someone.
*
* @return void
*
* @since 1.5
*/
public function mailto()
{
$this->input->set('view', 'mailto');
$this->display();
}
/**
* Send the message and display a notice
*
* @return void
*
* @since 1.5
*/
public function send()
{
// Check for request forgeries
$this->checkToken();
$app = JFactory::getApplication();
$model = $this->getModel('mailto');
$data = $model->getData();
// Validate the posted data.
$form = $model->getForm();
if (!$form)
{
JError::raiseError(500, $model->getError());
return false;
}
if (!$model->validate($form, $data))
{
$errors = $model->getErrors();
foreach ($errors as $error)
{
$errorMessage = $error;
if ($error instanceof Exception)
{
$errorMessage = $error->getMessage();
}
$app->enqueueMessage($errorMessage, 'error');
}
return $this->mailto();
}
// An array of email headers we do not want to allow as input
$headers = array (
'Content-Type:',
'MIME-Version:',
'Content-Transfer-Encoding:',
'bcc:',
'cc:'
);
/*
* Here is the meat and potatoes of the header injection test. We
* iterate over the array of form input and check for header strings.
* If we find one, send an unauthorized header and die.
*/
foreach ($data as $key => $value)
{
foreach ($headers as $header)
{
if (is_string($value) && strpos($value, $header) !== false)
{
JError::raiseError(403, '');
}
}
}
/*
* Free up memory
*/
unset($headers, $fields);
$siteName = $app->get('sitename');
$link =
MailtoHelper::validateHash($this->input->post->get('link',
'', 'post'));
// Verify that this is a local link
if (!$link || !JUri::isInternal($link))
{
// Non-local url...
JError::raiseNotice(500,
JText::_('COM_MAILTO_EMAIL_NOT_SENT'));
return $this->mailto();
}
$subject_default = JText::sprintf('COM_MAILTO_SENT_BY',
$data['sender']);
$subject = $data['subject'] !== '' ?
$data['subject'] : $subject_default;
// Check for a valid to address
$error = false;
if (!$data['emailto'] ||
!JMailHelper::isEmailAddress($data['emailto']))
{
$error = JText::sprintf('COM_MAILTO_EMAIL_INVALID',
$data['emailto']);
JError::raiseWarning(0, $error);
}
// Check for a valid from address
if (!$data['emailfrom'] ||
!JMailHelper::isEmailAddress($data['emailfrom']))
{
$error = JText::sprintf('COM_MAILTO_EMAIL_INVALID',
$data['emailfrom']);
JError::raiseWarning(0, $error);
}
if ($error)
{
return $this->mailto();
}
// Build the message to send
$msg = JText::_('COM_MAILTO_EMAIL_MSG');
$body = sprintf($msg, $siteName, $data['sender'],
$data['emailfrom'], $link);
// Clean the email data
$subject = JMailHelper::cleanSubject($subject);
$body = JMailHelper::cleanBody($body);
// To send we need to use punycode.
$data['emailfrom'] =
JStringPunycode::emailToPunycode($data['emailfrom']);
$data['emailfrom'] =
JMailHelper::cleanAddress($data['emailfrom']);
$data['emailto'] =
JStringPunycode::emailToPunycode($data['emailto']);
// Send the email
if (JFactory::getMailer()->sendMail($data['emailfrom'],
$data['sender'], $data['emailto'], $subject, $body) !==
true)
{
JError::raiseNotice(500,
JText::_('COM_MAILTO_EMAIL_NOT_SENT'));
return $this->mailto();
}
$this->input->set('view', 'sent');
$this->display();
}
}
home/lmsyaran/public_html/components/com_invoices/controller.php000064400000021565151166001320021366
0ustar00<?php
/*------------------------------------------------------------------------
# com_invoices - Invoice Manager for Joomla
# ------------------------------------------------------------------------
# author Germinal Camps
# copyright Copyright (C) 2012 - 2016 JoomlaThat.com. All Rights
Reserved.
# @license http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL
# Websites: http://www.joomlathat.com
# Technical Support: Forum - http://www.joomlathat.com/support
-------------------------------------------------------------------------*/
//no direct access
defined('_JEXEC') or die('Restricted access.');
jimport('joomla.application.component.controller');
class InvoicesController extends JControllerLegacy
{
function display( $cachable = false, $urlparams = array())
{
$user = JFactory::getUser();
$db = JFactory::getDBO();
$id = JRequest::getInt( 'id' ) ;
$view = JRequest::getVar( 'view' ) ;
$params = JComponentHelper::getParams( 'com_invoices' );
$itemid = $params->get('itemid');
if($itemid != "") $itemid = "&Itemid=" . $itemid;
switch($view){
case "invoice":
$can_view = $this->check_invoice_permission($id);
$msg = JText::_('NOT_AUTHORIZED_INVOICE');
$link =
JRoute::_('index.php?option=com_invoices&view=invoices' .
$itemid);
break;
case "payment":
$query = ' SELECT invoice_id FROM #__invoices_payments WHERE id =
' . $id ;
$db->setQuery($query);
$invoice_id = $db->loadResult();
//$can_view = $this->check_invoice_permission($invoice_id);
$can_view = true ;
$msg = JText::_('NOT_AUTHORIZED_PAYMENT');
$link =
JRoute::_('index.php?option=com_invoices&view=invoices' .
$itemid);
if(!$id){
$msg = "";
$can_view = false;
}
break;
case "invoices":
$can_view = true ;
break;
}
if(!$can_view){
$link =
JRoute::_('index.php?option=com_invoices&view=invoices' .
$itemid);
$this->setRedirect($link, $msg);
}
else parent::display($cachable,$urlparams);
}
function check_invoice_permission($invoice_id, $auth_code = false){
$db = JFactory::getDBO();
$user = JFactory::getUser();
$app = JFactory::getApplication();
if(!$auth_code) $auth_code = JRequest::getString('auth_code') ;
if(in_array(3, $user->getAuthorisedViewLevels())){
return true;
}
$now = date('Y-m-d H:i:s') ;
$query = ' SELECT co.user_id, i.auth_code FROM #__invoices_invoices
AS i '
.' LEFT JOIN #__invoices_contacts AS co ON co.id = i.user_id
'
.' WHERE i.id = ' . $invoice_id
.' AND ( i.start_publish <= "'. $now .'" OR
i.start_publish = "0000-00-00 00:00:00") '
.' AND ( i.end_publish >= "'. $now .'" OR
i.end_publish = "0000-00-00 00:00:00") '
.' AND i.publish = 1 ' ;
;
$db->setQuery($query);
$invoice = $db->loadObject();
$invoice_owner = $invoice->user_id;
$view = JRequest::getCmd('view');
if($invoice_owner == $user->id && $user->id) return true;
elseif($auth_code == $invoice->auth_code &&
$invoice->auth_code != "") return true;
elseif($auth_code != $invoice->auth_code &&
$invoice->auth_code != "" && $view !=
"payment") {
$app->enqueueMessage(JText::_('INVALID_AUTH_CODE'));
return false;
}
else return false;
}
function send()
{
$db = JFactory::getDBO();
$params = JComponentHelper::getParams( 'com_invoices' );
$id = JRequest::getInt( 'id' ) ;
$can_view = $this->check_invoice_permission($id);
if($can_view){
$model = $this->getModel('invoice');
$model->setId($id) ;
if ($model->sendMail()) {
$msg = JText::sprintf( 'INVOICE_SENT',
$model->_data->invoice_num, $model->_data->to_email );
$saved_ok = true;
} else {
$msg = JText::sprintf( 'ERROR_SENDING_INVOICE',
$model->_data->invoice_num, $model->_data->to_email );
$saved_ok = false;
}
}
else{
$msg = JText::_( 'NOT_ALLOWED_SEND' );
}
$link =
JRoute::_('index.php?option=com_invoices&view=invoices') ;
$this->setRedirect($link, $msg);
}
function send_email_payment($payment_id = false)
{
if(!$payment_id) $payment_id = JRequest::getInt('id');
$app = JFactory::getApplication();
$db = JFactory::getDBO();
$params = JComponentHelper::getParams( 'com_invoices' );
$query = ' SELECT invoice_id FROM #__invoices_payments WHERE id =
' . $payment_id ;
$db->setQuery($query);
$invoice_id = $db->loadResult();
$can_view = $this->check_invoice_permission($invoice_id);
$can_view = true ;
if($can_view){
$model = $this->getModel('payment');
$model->setId($payment_id);
if ($model->sendMail()) {
//$msg = JText::sprintf( 'PAYMENT_SENT',
$model->_data->to_email );
$saved_ok = true;
} else {
//$msg = JText::sprintf( 'ERROR_SENDING_PAYMENT',
$model->_data->to_email );
$saved_ok = false;
}
}
else{
$msg = JText::_( 'NOT_ALLOWED_SEND_PAYMENT' );
}
$app->enqueueMessage($msg);
}
function process_payment(){
$ptype = JRequest::getVar( 'ptype' );
$payment_id = JRequest::getInt( 'item_number' );
$paction = JRequest::getVar( 'paction' );
$db = JFactory::getDBO();
$user = JFactory::getUser();
$query = ' SELECT pa.* FROM #__invoices_payments AS pa WHERE pa.id =
'.$payment_id;
$db->setQuery($query);
$payment = $db->loadObject();
$import = JPluginHelper::importPlugin( strtolower( 'Invoices'
), $ptype );
$dispatcher = JDispatcher::getInstance();
$results = $dispatcher->trigger( 'onProcessPayment', array(
$payment, $user ) );
//print_r($results);die;
$params = JComponentHelper::getParams( 'com_invoices' );
$itemid = $params->get('itemid');
if($itemid != "") $itemid = "&Itemid=" . $itemid;
$link =
JRoute::_('index.php?option=com_invoices&view=payment&id='
. $payment_id . $itemid) ;
switch ($paction) {
case "display_message":
$query = ' SELECT pa.* FROM #__invoices_payments AS pa WHERE pa.id
= '.$payment_id;
$db->setQuery($query);
$payment = $db->loadObject();
switch ($payment->payment_status) {
case 1:
$text = JText::_('PAYMENT_COMPLETED');
$type = "Success" ;
break;
case 2:
$text = JText::_('PAYMENT_PENDING_VALIDATION');
$type = "message" ;
break;
case 0:
$text = JText::_('PAYMENT_NOT_COMPLETED');
$type = "message" ;
break;
}
break;
case "process":
$query = ' SELECT pa.* FROM #__invoices_payments AS pa WHERE pa.id
= '.$payment_id;
$db->setQuery($query);
$payment = $db->loadObject();
//we send the emails
switch ($payment->payment_status) {
case 1:
$this->send_email_payment($payment_id);
break;
case 2:
break;
case 0:
break;
}
$link =
JRoute::_('index.php?option=com_invoices&task=process_payment&ptype='.$ptype.'&paction=display_message&tmpl=component&item_number='
. $payment_id . $itemid) ;
break;
case "cancel":
$text = JText::_( 'PAYMENT_PROCESS_CANCELLED' );
$type = "message" ;
break;
default:
$text = JText::_( 'INVALID_ACTION' );
$type = "error" ;
break;
}
$this->setRedirect($link, $text);
}
function accept_quote(){
$params = JComponentHelper::getParams( 'com_invoices' );
$itemid = $params->get('itemid');
if($itemid != "") $itemid = "&Itemid=" . $itemid;
$id = JRequest::getInt('id');
$can_view = $this->check_invoice_permission($id);
$db = JFactory::getDBO();
$query = "SELECT status FROM #__invoices_invoices WHERE id =
".$id ;
$db->setQuery($query);
$status = $db->loadResult();
if($can_view && ($status == "pending" || $status ==
"")){
$model = $this->getModel('invoice');
$model->setId($id);
if ($model->accept_quote()) {
$msg = JText::_( 'QUOTE_ACCEPTED' );
$saved_ok = true;
} else {
$saved_ok = false;
}
}
else{
$msg = JText::_( 'NOT_ALLOWED_PERFORM_ACTION' );
}
$auth_code = JRequest::getString('auth_code');
if($auth_code) $auth_code = '&auth_code='.$auth_code;
else $auth_code = "";
$link =
JRoute::_('index.php?option=com_invoices&view=invoice&id='.$id
. $auth_code . $itemid);
$this->setRedirect($link, $msg);
}
function reject_quote(){
$params = JComponentHelper::getParams( 'com_invoices' );
$itemid = $params->get('itemid');
if($itemid != "") $itemid = "&Itemid=" . $itemid;
$id = JRequest::getInt('id');
$can_view = $this->check_invoice_permission($id);
$db = JFactory::getDBO();
$query = "SELECT status FROM #__invoices_invoices WHERE id =
".$id ;
$db->setQuery($query);
$status = $db->loadResult();
if($can_view && ($status == "pending" || $status ==
"")){
$model = $this->getModel('invoice');
$model->setId($id);
if ($model->reject_quote()) {
$msg = JText::_( 'QUOTE_REJECTED' );
$saved_ok = true;
} else {
$saved_ok = false;
}
}
else{
$msg = JText::_( 'NOT_ALLOWED_PERFORM_ACTION' );
}
$auth_code = JRequest::getString('auth_code');
if($auth_code) $auth_code = '&auth_code='.$auth_code;
else $auth_code = "";
$link =
JRoute::_('index.php?option=com_invoices&view=invoice&id='.$id
. $auth_code . $itemid);
$this->setRedirect($link, $msg);
}
}
?>
home/lmsyaran/public_html/j3/components/com_newsfeeds/controller.php000064400000002506151166046270022055
0ustar00<?php
/**
* @package Joomla.Site
* @subpackage com_newsfeeds
*
* @copyright Copyright (C) 2005 - 2020 Open Source Matters, Inc. All
rights reserved.
* @license GNU General Public License version 2 or later; see
LICENSE.txt
*/
defined('_JEXEC') or die;
/**
* Newsfeeds Component Controller
*
* @since 1.5
*/
class NewsfeedsController extends JControllerLegacy
{
/**
* Method to show a newsfeeds view
*
* @param boolean $cachable If true, the view output will be cached
* @param array $urlparams An array of safe URL parameters and their
variable types, for valid values see {@link JFilterInput::clean()}.
*
* @return JControllerLegacy This object to support chaining.
*
* @since 1.5
*/
public function display($cachable = false, $urlparams = false)
{
$cachable = true;
// Set the default view name and format from the Request.
$vName = $this->input->get('view',
'categories');
$this->input->set('view', $vName);
$user = JFactory::getUser();
if ($user->get('id') || ($this->input->getMethod() ===
'POST' && $vName === 'category'))
{
$cachable = false;
}
$safeurlparams = array('id' => 'INT',
'limit' => 'UINT', 'limitstart' =>
'UINT',
'filter_order' => 'CMD',
'filter_order_Dir' => 'CMD', 'lang' =>
'CMD');
parent::display($cachable, $safeurlparams);
}
}
home/lmsyaran/public_html/components/com_blank/controller.php000064400000010213151166065020020631
0ustar00<?php
/*----------------------------------------------------------------------------------|
www.vdm.io |----/
Lmskaran
/-------------------------------------------------------------------------------------------------------/
@version 1.0.0
@build 10th April, 2021
@created 10th April, 2021
@package Blank
@subpackage controller.php
@author Mojtaba Taheri <http://lmskaran.com/>
@copyright Copyright (C) 2015. All Rights Reserved
@license GNU/GPL Version 2 or later -
http://www.gnu.org/licenses/gpl-2.0.html
____ _____ _____ __ __ __ __ ___ _____ __ __ ____
_____ _ _ ____ _ _ ____
(_ _)( _ )( _ )( \/ )( ) /__\ / __)( _ )( \/ )( _ \(
_ )( \( )( ___)( \( )(_ _)
.-_)( )(_)( )(_)( ) ( )(__ /(__)\ ( (__ )(_)( ) ( )___/
)(_)( ) ( )__) ) ( )(
\____) (_____)(_____)(_/\/\_)(____)(__)(__) \___)(_____)(_/\/\_)(__)
(_____)(_)\_)(____)(_)\_) (__)
/------------------------------------------------------------------------------------------------------*/
// No direct access to this file
defined('_JEXEC') or die('Restricted access');
use Joomla\Utilities\ArrayHelper;
/**
* Blank Component Controller
*/
class BlankController extends JControllerLegacy
{
/**
* Method to display a view.
*
* @param boolean $cachable If true, the view output will be cached.
* @param boolean $urlparams An array of safe URL parameters and their
variable types, for valid values see {@link JFilterInput::clean()}.
*
* @return JController This object to support chaining.
*
*/
function display($cachable = false, $urlparams = false)
{
// set default view if not set
$view = $this->input->getCmd('view',
'blanksite');
$this->input->set('view', $view);
$isEdit = $this->checkEditView($view);
$layout = $this->input->get('layout', null,
'WORD');
$id = $this->input->getInt('id');
// $cachable = true; (TODO) working on a fix
[gh-238](https://github.com/vdm-io/Joomla-Component-Builder/issues/238)
// insure that the view is not cashable if edit view or if user is logged
in
$user = JFactory::getUser();
if ($user->get('id') || $isEdit)
{
$cachable = false;
}
// Check for edit form.
if($isEdit)
{
if ($layout == 'edit' &&
!$this->checkEditId('com_blank.edit.'.$view, $id))
{
// Somehow the person just went to the form - we don't allow that.
$this->setError(JText::sprintf('JLIB_APPLICATION_ERROR_UNHELD_ID',
$id));
$this->setMessage($this->getError(), 'error');
// check if item was opend from other then its own list view
$ref = $this->input->getCmd('ref', 0);
$refid = $this->input->getInt('refid', 0);
// set redirect
if ($refid > 0 && BlankHelper::checkString($ref))
{
// redirect to item of ref
$this->setRedirect(JRoute::_('index.php?option=com_blank&view='.(string)$ref.'&layout=edit&id='.(int)$refid,
false));
}
elseif (BlankHelper::checkString($ref))
{
// redirect to ref
$this->setRedirect(JRoute::_('index.php?option=com_blank&view='.(string)$ref,
false));
}
else
{
// normal redirect back to the list default site view
$this->setRedirect(JRoute::_('index.php?option=com_blank&view=blanksite',
false));
}
return false;
}
}
// we may need to make this more dynamic in the future. (TODO)
$safeurlparams = array(
'catid' => 'INT',
'id' => 'INT',
'cid' => 'ARRAY',
'year' => 'INT',
'month' => 'INT',
'limit' => 'UINT',
'limitstart' => 'UINT',
'showall' => 'INT',
'return' => 'BASE64',
'filter' => 'STRING',
'filter_order' => 'CMD',
'filter_order_Dir' => 'CMD',
'filter-search' => 'STRING',
'print' => 'BOOLEAN',
'lang' => 'CMD',
'Itemid' => 'INT');
// should these not merge?
if (BlankHelper::checkArray($urlparams))
{
$safeurlparams = BlankHelper::mergeArrays(array($urlparams,
$safeurlparams));
}
return parent::display($cachable, $safeurlparams);
}
protected function checkEditView($view)
{
if (BlankHelper::checkString($view))
{
$views = array(
);
// check if this is a edit view
if (in_array($view,$views))
{
return true;
}
}
return false;
}
}