PluginProbe ʕ •ᴥ•ʔ
VikAppointments Services Booking Calendar / trunk
VikAppointments Services Booking Calendar vtrunk
trunk 1.2.17 1.2.18 1.2.19
vikappointments / admin / controllers / backup.php
vikappointments / admin / controllers Last commit date
analytics.php 4 years ago apiban.php 4 years ago apilog.php 4 years ago apiplugin.php 4 years ago apiuser.php 4 years ago backup.php 4 years ago calendar.php 4 years ago city.php 4 years ago closure.php 1 month ago configapp.php 4 years ago configcldays.php 2 years ago configcron.php 4 years ago configemp.php 4 years ago configsmsapi.php 4 years ago configuration.php 1 month ago conversion.php 1 year ago country.php 4 years ago coupon.php 4 years ago coupongroup.php 4 years ago cronjob.php 2 years ago cronjoblog.php 4 years ago customer.php 4 months ago customf.php 1 year ago dashboard.php 4 years ago emplocwdays.php 4 years ago employee.php 1 year ago emprates.php 4 years ago export.php 4 years ago exportres.php 4 years ago file.php 4 months ago findreservation.php 1 month ago group.php 4 years ago import.php 4 years ago index.html 4 years ago invoice.php 1 month ago langcustomf.php 4 years ago langemployee.php 4 years ago langgroup.php 4 years ago langmedia.php 4 years ago langoption.php 4 years ago langoptiongroup.php 4 years ago langpackage.php 4 years ago langpackgroup.php 4 years ago langpayment.php 4 years ago langservice.php 4 years ago langstatuscode.php 4 years ago langsubscr.php 4 years ago langtax.php 4 years ago location.php 4 years ago mailtext.php 2 years ago makerecurrence.php 1 month ago media.php 4 years ago multiorder.php 4 years ago option.php 4 months ago optiongroup.php 4 years ago package.php 2 years ago packgroup.php 4 years ago packorder.php 1 year ago payment.php 4 years ago rate.php 4 years ago reportsemp.php 4 years ago reportsser.php 4 years ago reservation.php 1 month ago restriction.php 4 years ago review.php 4 years ago service.php 1 year ago serworkday.php 4 months ago state.php 4 years ago statuscode.php 4 years ago subscription.php 4 years ago subscrorder.php 4 years ago tag.php 4 years ago tax.php 4 years ago usernote.php 4 years ago waitinglist.php 4 years ago webhook.php 4 years ago wizard.php 1 year ago
backup.php
322 lines
1 <?php
2 /**
3 * @package VikAppointments
4 * @subpackage core
5 * @author E4J s.r.l.
6 * @copyright Copyright (C) 2021 E4J s.r.l. All Rights Reserved.
7 * @license http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL
8 * @link https://vikwp.com
9 */
10
11 // No direct access
12 defined('ABSPATH') or die('No script kiddies please!');
13
14 VAPLoader::import('libraries.mvc.controllers.admin');
15
16 /**
17 * VikAppointments backup controller.
18 *
19 * @since 1.7.1
20 */
21 class VikAppointmentsControllerBackup extends VAPControllerAdmin
22 {
23 /**
24 * Task used to save the record data set in the request.
25 * After saving, the user is redirected to the management
26 * page of the record that has been saved.
27 *
28 * @return boolean
29 */
30 public function save()
31 {
32 $app = JFactory::getApplication();
33 $input = $app->input;
34 $user = JFactory::getUser();
35
36 $ajax = $input->getBool('ajax');
37
38 /**
39 * Added token validation.
40 *
41 * @since 1.7
42 */
43 if (!JSession::checkToken())
44 {
45 if ($ajax)
46 {
47 // missing CSRF-proof token
48 UIErrorFactory::raiseError(403, JText::translate('JINVALID_TOKEN'));
49 }
50 else
51 {
52 // back to main list, missing CSRF-proof token
53 $app->enqueueMessage(JText::translate('JINVALID_TOKEN'), 'error');
54 $this->cancel();
55
56 return false;
57 }
58 }
59
60 // fetch requested action
61 $args = [];
62 $args['action'] = $input->get('backup_action', 'create');
63
64 if ($args['action'] === 'create')
65 {
66 // get requested backup type
67 $args['type'] = $input->get('type');
68 }
69 else
70 {
71 /**
72 * Take uploaded file.
73 * Use "raw" filter because Joomla seems to block the attachments
74 * containing PHP files.
75 */
76 $args['file'] = $input->files->get('file', null, 'raw');
77 }
78
79 // check user permissions
80 if (!$user->authorise('core.create', 'com_vikappointments') || !$user->authorise('core.admin', 'com_vikappointments'))
81 {
82 if ($ajax)
83 {
84 // not allowed
85 UIErrorFactory::raiseError(403, JText::translate('JERROR_ALERTNOAUTHOR'));
86 }
87 else
88 {
89 // back to main list, not authorised to create/edit records
90 $app->enqueueMessage(JText::translate('JERROR_ALERTNOAUTHOR'), 'error');
91 $this->cancel();
92
93 return false;
94 }
95 }
96
97 // get backup model
98 $backup = $this->getModel();
99
100 // try to save arguments
101 $id = $backup->save($args);
102
103 if ($id === false)
104 {
105 // get string error
106 $error = $backup->getError(null, true);
107
108 if ($ajax)
109 {
110 UIErrorFactory::raiseError(500, $error);
111 }
112 else
113 {
114 // display error message
115 $app->enqueueMessage(JText::sprintf('JLIB_APPLICATION_ERROR_SAVE_FAILED', $error), 'error');
116
117 // redirect to list page
118 $this->cancel();
119
120 return false;
121 }
122 }
123
124 if ($ajax)
125 {
126 // send the details of the created backup
127 $this->sendJSON($backup->getItem($id));
128 }
129 else
130 {
131 // display generic successful message
132 $app->enqueueMessage(JText::translate('JLIB_APPLICATION_SAVE_SUCCESS'));
133
134 // redirect to list page
135 $this->cancel();
136
137 return true;
138 }
139 }
140
141 /**
142 * Deletes a list of records set in the request.
143 *
144 * @return boolean
145 */
146 public function delete()
147 {
148 $app = JFactory::getApplication();
149 $cid = $app->input->get('cid', array(), 'string');
150
151 /**
152 * Added token validation.
153 * Both GET and POST are supported.
154 */
155 if (!JSession::checkToken() && !JSession::checkToken('get'))
156 {
157 // back to main list, missing CSRF-proof token
158 $app->enqueueMessage(JText::translate('JINVALID_TOKEN'), 'error');
159 $this->cancel();
160
161 return false;
162 }
163
164 // check user permissions
165 if (!JFactory::getUser()->authorise('core.delete', 'com_vikappointments') || !JFactory::getUser()->authorise('core.admin', 'com_vikappointments'))
166 {
167 // back to main list, not authorised to delete records
168 $app->enqueueMessage(JText::translate('JERROR_ALERTNOAUTHOR'), 'error');
169 $this->cancel();
170
171 return false;
172 }
173
174 // delete selected records
175 $res = $this->getModel()->delete($cid);
176
177 // back to main list
178 $this->cancel();
179
180 return true;
181 }
182
183 /**
184 * Restores the specified backup.
185 *
186 * @return boolean
187 */
188 public function restore()
189 {
190 $app = JFactory::getApplication();
191 $cid = $app->input->get('cid', array(), 'string');
192
193 // take only the first backup
194 $cid = array_shift($cid);
195
196 /**
197 * Added token validation.
198 * Both GET and POST are supported.
199 */
200 if (!JSession::checkToken() && !JSession::checkToken('get'))
201 {
202 // back to main list, missing CSRF-proof token
203 $app->enqueueMessage(JText::translate('JINVALID_TOKEN'), 'error');
204 $this->cancel();
205
206 return false;
207 }
208
209 // check user permissions
210 if (!JFactory::getUser()->authorise('core.admin', 'com_vikappointments'))
211 {
212 // back to main list, not authorised to delete records
213 $app->enqueueMessage(JText::translate('JERROR_ALERTNOAUTHOR'), 'error');
214 $this->cancel();
215
216 return false;
217 }
218
219 $model = $this->getModel();
220
221 // restore backup
222 $res = $model->restore($cid);
223
224 if (!$res)
225 {
226 // get last error
227 $error = $model->getError(null, true);
228
229 if ($error)
230 {
231 $app->enqueueMessage($error, 'error');
232 }
233 }
234 else
235 {
236 $app->enqueueMessage(JText::translate('VAPBACKUPRESTORED'));
237 }
238
239 // back to main list
240 $this->cancel();
241
242 return $res;
243 }
244
245 /**
246 * End-point used to download a backuo archive.
247 *
248 * @return boolean
249 *
250 * @since 1.7.1
251 */
252 public function download()
253 {
254 $app = JFactory::getApplication();
255 $cid = $app->input->get('cid', array(), 'string');
256
257 // take only the first backup
258 $cid = array_shift($cid);
259
260 /**
261 * Added token validation.
262 * Both GET and POST are supported.
263 */
264 if (!JSession::checkToken() && !JSession::checkToken('get'))
265 {
266 // back to main list, missing CSRF-proof token
267 $app->enqueueMessage(JText::translate('JINVALID_TOKEN'), 'error');
268 $this->cancel();
269
270 return false;
271 }
272
273 // check user permissions
274 if (!JFactory::getUser()->authorise('core.admin', 'com_vikappointments'))
275 {
276 // back to main list, not authorised to delete records
277 $app->enqueueMessage(JText::translate('JERROR_ALERTNOAUTHOR'), 'error');
278 $this->cancel();
279
280 return false;
281 }
282
283 // fetch backup details
284 $item = $this->getModel()->getItem($cid);
285
286 if (!$item)
287 {
288 // backup not found
289 $app->enqueueMessage(JText::translate('JGLOBAL_NO_MATCHING_RESULTS'), 'error');
290 $this->cancel();
291
292 return false;
293 }
294
295 // execute archive download
296 VAPLoader::import('libraries.archive.factory');
297 VAPArchiveFactory::download($item->path);
298
299 $app->close();
300 }
301
302 /**
303 * Redirects the users to the main records list.
304 *
305 * @return void
306 */
307 public function cancel()
308 {
309 $this->setRedirect('index.php?option=com_vikappointments&view=backups');
310 }
311
312 /**
313 * Redirects the users to the parent records list.
314 *
315 * @return void
316 */
317 public function back()
318 {
319 $this->setRedirect('index.php?option=com_vikappointments&view=editconfigapp');
320 }
321 }
322