admin.php - This PHP code is part of a CodeIgniter applicat…

/halogy/application/modules/halogy/controllers/admin.php

https://bitbucket.org/haloweb/halogy-1.0/ · PHP · 546 lines · 377 code · 88 blank · 81 comment · 57 complexity · 402e91823845954d34f803a0fa01a948 MD5 · raw file

<?php
/**
 * Halogy
 *
 * A user friendly, modular content management system for PHP 5.0
 * Built on CodeIgniter - http://codeigniter.com
 *
 * @package		Halogy
 * @author		Haloweb Ltd.
 * @copyright	Copyright (c) 2008-2011, Haloweb Ltd.
 * @license		http://halogy.com/license
 * @link		http://halogy.com/
 * @since		Version 1.0
 * @filesource
 */

// ------------------------------------------------------------------------

class Admin extends Controller {

	// set defaults
	var $includes_path = '/includes/admin';				// path to includes for header and footer
	var $redirect = '/admin/dashboard';
	var $permissions = array();
	
	function Admin()
	{
		parent::Controller();

		// get siteID, if available
		if (defined('SITEID'))
		{
			$this->siteID = SITEID;
		}
	}

	function index()
	{
		redirect($this->redirect);
	}

	function dashboard($days = '')
	{
		// logout if not admin
		if ($this->session->userdata('session_user') && !$this->permission->permissions)
		{
			show_error('Sorry, you do not have permission to administer this website. Please go back or '.anchor('/admin/logout', 'log out').'.');
		}
		if (!$this->session->userdata('session_admin'))
		{
			redirect('/admin/login/'.$this->core->encode($this->uri->uri_string()));
		}

		// load model and libs
		$this->load->model('halogy_model', 'halogy');
		$this->load->library('parser');

		// show any errors that have resulted from a redirect
		if ($days === 'permissions')
		{
			$this->form_validation->set_error('Sorry, you do not have permissions to do what you just tried to do.');
		}

		// set message
		$output['message'] = '';

		// get new blog comments
		$newComments = $this->halogy->get_blog_new_comments();
		if ($newComments)
		{
			$output['message'] .= '<p>You have <strong>'.$newComments.' new pending comment(s).</strong> You can <a href="/admin/blog/comments">view your comments here</a>.</p>';
		}

		// get new blog comments
		$newTickets = $this->halogy->get_new_tickets();
		if ($newTickets)
		{
			$output['message'] .= '<p>You have <strong>'.$newTickets.' new ticket(s).</strong> You can <a href="/admin/webforms/tickets">view your tickets here</a>.</p>';
		}		

		// get new orders
		if (@in_array('shop', $this->permission->sitePermissions))
		{
			$this->load->model('shop/shop_model', 'shop');

			if ($newOrders = $this->shop->get_new_orders())
			{
				$output['message'] .= '<p>You have <strong>'.sizeof($newOrders).' new order(s).</strong> You can <a href="/admin/shop/orders">view your orders here</a>.</p>';
			}
		}
		
		// import default template for new sites
		if (!$this->halogy->get_num_pages())
		{
			$this->load->model('sites_model', 'sites');
			$this->sites->add_templates($this->siteID);
			
			$output['message'] = '<p><strong>Congratulations</strong> - your new site is set up and ready to go!</strong> You can view your site <a href="/">here</a>.</p>';
		}

		// get stats
		$data['recentActivity'] = $this->halogy->get_recent_activity();		
		$data['todaysActivity'] = $this->halogy->get_activity('today');
		$data['yesterdaysActivity'] = $this->halogy->get_activity('yesterday');		
		$output['activity'] = $this->parser->parse('activity_ajax', $data, TRUE);

		// get stats
		$output['days'] = (is_numeric($days)) ? $days : '30';
		$output['numPageViews'] = $this->halogy->get_num_page_views();
		$output['numPages'] = $this->halogy->get_num_pages();
		$output['quota'] = $this->site->get_quota();
		$output['numUsers'] = ($count = $this->halogy->get_num_users()) ? $count : 0;
		$output['numUsersToday'] = ($count = $this->halogy->get_num_users_today()) ? $count : 0;
		$output['numUsersYesterday'] = ($count = $this->halogy->get_num_users_yesterday()) ? $count : 0;
		$output['numUsersWeek'] = ($count = $this->halogy->get_num_users_week()) ? $count : 0;
		$output['numUsersLastWeek'] = ($count = $this->halogy->get_num_users_last_week()) ? $count : 0;		
		$output['numBlogPosts'] = $this->halogy->get_blog_posts_count();
		$output['popularPages'] = $this->halogy->get_popular_pages();
		$output['popularBlogPosts'] = $this->halogy->get_popular_blog_posts();
		$output['popularShopProducts'] = $this->halogy->get_popular_shop_products();
				
		$this->load->view($this->includes_path.'/header');
		$this->load->view('dashboard', $output);
		$this->load->view($this->includes_path.'/footer');		
	}

	function stats($limit = 30)
	{		
		// logout if not admin
		if ($this->session->userdata('session_admin'))
		{
			$visitations = 0;
			$signups = 0;
	
			$this->db->select("COUNT(*) as visitations, UNIX_TIMESTAMP(MIN(date))*1000 as dateMicro, DATE_FORMAT(date,'%y%m%d') as dateFmt", FALSE);
			$this->db->where('siteID', $this->siteID);
			$this->db->where('date >=', "DATE_SUB(CONCAT(CURDATE(), ' 00:00:00'), INTERVAL ".$this->db->escape($limit)." DAY)", FALSE);
			$this->db->order_by('dateFmt', 'desc');
			$this->db->group_by('dateFmt');
			
			$query = $this->db->get('tracking');
	
			if ($query->num_rows())
			{
				$visitations = array();
	
				$i=0;			
				$result = $query->result_array();
				foreach($result as $row)
				{
					$i++;
					$visitations[$i] = '['.$row['dateMicro'].','.$row['visitations'].']';
				}
				$visitations = implode(',', $visitations);
			}
			
			$this->db->select("COUNT(*) as signups, UNIX_TIMESTAMP(MIN(dateCreated))*1000 as dateMicro, DATE_FORMAT(dateCreated,'%y%m%d') as dateFmt", FALSE);
			$this->db->where('siteID', $this->siteID);
			$this->db->where('dateCreated >=', "DATE_SUB(CONCAT(CURDATE(), ' 00:00:00'), INTERVAL ".$this->db->escape($limit)." DAY)", FALSE);
			$this->db->order_by('dateFmt', 'desc');
			$this->db->group_by('dateFmt');
			
			$query = $this->db->get('users');
	
			if ($query->num_rows())
			{
				$signups = array();
	
				$i=0;			
				$result = $query->result_array();
				foreach($result as $row)
				{
					$i++;
					$signups[$i] = '['.$row['dateMicro'].','.$row['signups'].']';
				}
				$signups = implode(',', $signups);
			}
	
			$this->output->set_output('{ "visits" : ['.$visitations.'] ,  "signups" : ['.$signups.'] }');
		}
	}

	function activity_ajax()
	{
		// logout if not admin
		if ($this->session->userdata('session_admin'))
		{
			// load model
			$this->load->model('halogy_model', 'halogy');
	
			// get stats
			$output['recentActivity'] = $this->halogy->get_recent_activity();		
			$output['todaysActivity'] = $this->halogy->get_activity('today');
			$output['yesterdaysActivity'] = $this->halogy->get_activity('yesterday');
	
			$this->load->view('activity_ajax', $output);
		}
	}

	function tracking()
	{
		// logout if not admin
		if (!$this->session->userdata('session_admin'))
		{
			redirect('/admin/login/'.$this->core->encode($this->uri->uri_string()));
		}
		
		$this->load->view($this->includes_path.'/header');
		$this->load->view('tracking');
		$this->load->view($this->includes_path.'/footer');
	}

	function tracking_ajax()
	{
		// logout if not admin
		if ($this->session->userdata('session_admin'))
		{		
			$output = $this->core->viewall('tracking', null, array('trackingID', 'desc'));
	
			$this->load->view('tracking_ajax', $output);
		}
	}

	function login($redirect = '')
	{
		// load libs etc
		$this->load->library('auth');
		
		if (!$this->session->userdata('session_admin'))
		{
			if ($_POST)
			{	
				// set redirect to default if not given
				if ($redirect == '')
				{
					$redirect = $this->redirect;
				}
				else
				{
					$redirect = $this->core->decode($redirect);
				}
				
				// set admin session name, if given
				if ($this->auth->login($this->input->post('username'), $this->input->post('password'), 'session_user'))
				{
					// for use with ce
					if ($this->session->userdata('groupID') != 0 && $this->permission->get_group_permissions($this->session->userdata('groupID')))
					{
						$this->session->set_userdata('session_admin', TRUE);
					}
					
					// update quota
					$quota = $this->site->get_quota();
					$this->core->set['quota'] = ($quota > 0) ? (floor($quota / $this->site->plans['storage'] * 100)) : 0;
					$this->core->update('sites', array('siteID' => $this->siteID));

					redirect($redirect);
				}

				// get error message
				else
				{
					$this->form_validation->set_error($this->auth->error);
				}
			}
		}
		else
		{
			if ($redirect != '')
			{
				redirect($redirect);
			}
		}
		
		// view
		$this->load->view($this->includes_path.'/header');
		$this->load->view('login');
		$this->load->view($this->includes_path.'/footer');	
	}

	function logout($redirect = '')
	{
		// load libs etc
		$this->load->library('auth');
		
		// set redirect to default if not given
		if ($redirect == '')
		{
			$redirect = '';
		}
		else
		{
			$redirect = $this->core->decode($redirect);
		}
		$this->auth->logout($redirect);
	}

	function site()
	{
		// logout if not admin
		if (!$this->session->userdata('session_admin'))
		{
			redirect('/admin/login/'.$this->core->encode($this->uri->uri_string()));
		}

		// check they are administrator
		if ($this->session->userdata('groupID') != $this->site->config['groupID'] && $this->session->userdata('groupID') >= 0)
		{
			redirect('/admin/dashboard/permissions');
		}
		
		// set object ID
		$objectID = array('siteID' => $this->siteID);

		// get values
		$output['data'] = $this->core->get_values('sites', $objectID);

		// set defaults
		$output['data']['shopVariation1'] = ($this->input->post('shopVariation1')) ? $this->input->post('shopVariation1') : $this->site->config['shopVariation1'];
		$output['data']['shopVariation2'] = ($this->input->post('shopVariation2')) ? $this->input->post('shopVariation2') : $this->site->config['shopVariation2'];
		$output['data']['shopVariation3'] = ($this->input->post('shopVariation3')) ? $this->input->post('shopVariation3') : $this->site->config['shopVariation3'];
		$output['data']['emailHeader'] = ($this->input->post('emailHeader')) ? $this->input->post('emailHeader') : $this->site->config['emailHeader'];
		$output['data']['emailFooter'] = ($this->input->post('emailFooter')) ? $this->input->post('emailFooter') : $this->site->config['emailFooter'];
		$output['data']['emailTicket'] = ($this->input->post('emailTicket')) ? $this->input->post('emailTicket') : $this->site->config['emailTicket'];
		$output['data']['emailAccount'] = ($this->input->post('emailAccount')) ? $this->input->post('emailAccount') : $this->site->config['emailAccount'];
		$output['data']['emailOrder'] = ($this->input->post('emailOrder')) ? $this->input->post('emailOrder') : $this->site->config['emailOrder'];
		$output['data']['emailDispatch'] = ($this->input->post('emailDispatch')) ? $this->input->post('emailDispatch') : $this->site->config['emailDispatch'];
		$output['data']['emailDonation'] = ($this->input->post('emailDonation')) ? $this->input->post('emailDonation') : $this->site->config['emailDonation'];
		$output['data']['emailSubscription'] = ($this->input->post('emailSubscription')) ? $this->input->post('emailSubscription') : $this->site->config['emailSubscription'];
				
		// handle post
		if (count($_POST))
		{
			// check some things aren't being posted
			if ($this->input->post('siteID') || $this->input->post('siteDomain') || $this->input->post('groupID'))
			{
				show_error('You do not have permission to change those things.');
			}
			
			// required
			$this->core->required = array(
				'siteName' => array('label' => 'Name of Site', 'rules' => 'required|trim'),
				'siteURL' => array('label' => 'URL', 'rules' => 'required|trim'),
				'siteEmail' => array('label' => 'Email', 'rules' => 'required|valid_email|trim'),
			);	
	
			// set date
			$this->core->set['dateModified'] = date("Y-m-d H:i:s");
			
			// update
			if ($this->core->update('sites', $objectID))
			{
				// where to redirect to
				$output['message'] = '<p>Your details have been updated.</p>';
			}
		}

		// get permission groups
		$output['groups'] = $this->permission->get_groups();
		
		// templates
		$this->load->view($this->includes_path.'/header');
		$this->load->view('site',$output);
		$this->load->view($this->includes_path.'/footer');
	}
	
	function setup()
	{
		echo 'tset';
	}
	
	function backup()
	{
		// check permissions for this page
		if ($this->session->userdata('groupID') >= 0)
		{
			redirect('/admin/dashboard');
		}	

		$filename = 'halogy_backup_'.date('Y-m-d_H-i', time());
		
		// Set up our default preferences
		$prefs = array(
							'tables'		=> $this->db->list_tables(),
							'ignore'		=> array('ha_ci_sessions', 'ha_captcha', 'ha_permissions', 'ha_zipcodes'),
							'filename'		=> $filename.'.sql',
							'format'		=> 'gzip', // gzip, zip, txt
							'add_drop'		=> FALSE,
							'add_insert'	=> TRUE,
							'newline'		=> "\n"
						);

		// Is the encoder supported?  If not, we'll either issue an
		// error or use plain text depending on the debug settings
		if (($prefs['format'] == 'gzip' AND ! @function_exists('gzencode'))
		 OR ($prefs['format'] == 'zip'  AND ! @function_exists('gzcompress')))
		{
			if ($this->db->db_debug)
			{
				return $this->db->display_error('db_unsuported_compression');
			}
		
			$prefs['format'] = 'txt';
		}

		// Load the Zip class and output it
		$this->load->library('zip');
		$this->zip->add_data($prefs['filename'], $this->_backup($prefs));
		$backup = $this->zip->get_zip();
				
		// Load the download helper and send the file to your desktop
		$this->load->helper('download');
		force_download($filename.'.zip', $backup); 		
	}

	function _backup($params = array())
	{
		if (count($params) == 0)
		{
			return FALSE;
		}

		// Extract the prefs for simplicity
		extract($params);
	
		// Build the output
		$output = '';
		foreach ((array)$tables as $table)
		{
			// Is the table in the "ignore" list?
			if (in_array($table, (array)$ignore, TRUE))
			{
				continue;
			}

			// Get the table schema
			$query = $this->db->query("SHOW CREATE TABLE `".$this->db->database.'`.'.$table);
			
			// No result means the table name was invalid
			if ($query === FALSE)
			{
				continue;
			}
			
			// Write out the table schema
			$output .= '#'.$newline.'# TABLE STRUCTURE FOR: '.$table.$newline.'#'.$newline.$newline;

 			if ($add_drop == TRUE)
 			{
				$output .= 'DROP TABLE IF EXISTS '.$table.';'.$newline.$newline;
			}
			
			$i = 0;
			$result = $query->result_array();
			foreach ($result[0] as $val)
			{
				if ($i++ % 2)
				{ 					
					$output .= $val.';'.$newline.$newline;
				}
			}
			
			// If inserts are not needed we're done...
			if ($add_insert == FALSE)
			{
				continue;
			}

			// Grab all the data from the current table
			$query = $this->db->query("SELECT * FROM $table WHERE siteID = ".$this->siteID);
			
			if ($query->num_rows() == 0)
			{
				continue;
			}
		
			// Fetch the field names and determine if the field is an
			// integer type.  We use this info to decide whether to
			// surround the data with quotes or not
			
			$i = 0;
			$field_str = '';
			$is_int = array();
			while ($field = mysql_fetch_field($query->result_id))
			{
				// Most versions of MySQL store timestamp as a string
				$is_int[$i] = (in_array(
										strtolower(mysql_field_type($query->result_id, $i)),
										array('tinyint', 'smallint', 'mediumint', 'int', 'bigint'), //, 'timestamp'), 
										TRUE)
										) ? TRUE : FALSE;
										
				// Create a string of field names
				$field_str .= '`'.$field->name.'`, ';
				$i++;
			}
			
			// Trim off the end comma
			$field_str = preg_replace( "/, $/" , "" , $field_str);
			
			
			// Build the insert string
			foreach ($query->result_array() as $row)
			{
				$val_str = '';
			
				$i = 0;
				foreach ($row as $v)
				{
					// Is the value NULL?
					if ($v === NULL)
					{
						$val_str .= 'NULL';
					}
					else
					{
						// Escape the data if it's not an integer
						if ($is_int[$i] == FALSE)
						{
							$val_str .= $this->db->escape($v);
						}
						else
						{
							$val_str .= $v;
						}					
					}					
					
					// Append a comma
					$val_str .= ', ';
					$i++;
				}
				
				// Remove the comma at the end of the string
				$val_str = preg_replace( "/, $/" , "" , $val_str);
								
				// Build the INSERT string
				$output .= 'INSERT INTO '.$table.' ('.$field_str.') VALUES ('.$val_str.');'.$newline;
			}
			
			$output .= $newline.$newline;
		}

		return $output;
	}

}
Summary ✨

This PHP code is part of a CodeIgniter application, specifically handling database backups and exports. It allows users to download a ZIP file containing the current state of their database tables, including table structures and data. The backup process involves querying the database, escaping sensitive data, and formatting the output into a human-readable format for easy import into another database.
Alerts (9)

'var' Legacy var keyword detected; use public/private/protected for class properties
22 23 24
Complexity hotspot; line 247 (total complexity: 3)
247
Complexity hotspot; line 307 (total complexity: 3)
307
Complexity hotspot; line 335 (total complexity: 3)
335
Complexity hotspot; lines 395 to 396 (total complexity: 3)
395 396
'extract(' Variable extraction risks pollution; use explicit assignments instead
424