$content .= 'allowedContent: true, });'; $content .= 'CKEDITOR.config.height = 400;'; $content .= '</script>'; $content .= '<div class="row">'; $content .= DialogInputsYesNo('edit', $_POST['type'], $ob_id, Language::Word('save'), Language::Word('cancel')); $content .= '</div>'; $content .= '</form>'; $title = Language::Word('report editing'); $header = $title; } } else { if (!isset($_REQUEST['id'])) { echo 'user id is unset'; exit; } $ob = Report::FetchBy(['eq_conds' => ['id' => $_REQUEST['id']], 'is_unique' => true]); $user_id = GetUserID(); $user = User::FetchBy(['eq_conds' => ['id' => $user_id], 'is_unique' => true, 'select_list' => 'received_reports']); if ($user_id !== $ob->GetAuthorID() && !in_array($ob->GetID(), $user->GetReceivedReports()) && GetUserPrivileges() !== admin_user_id) { $content = AlertMessage('alert-danger', Language::Word('access denied')); } else { $title = ''; $header = ''; $content = ''; $title = Language::Word('report'); $header = htmlspecialchars($ob->GetName()); $content = $ob->ToHTMLAutoFull(GetUserPrivileges()); } } } include_once $link_to_admin_template;
public static function Delete($id) { global $db_connection; global $link_to_report_images; global $link_to_report_files; global $link_to_logo; $ob = Report::FetchBy(['select_list' => 'id, author_id', 'eq_conds' => ['id' => $id], 'is_unique' => true]); if (Error::IsError($ob)) { return $ob; } if (!$db_connection->query("DELETE FROM `" . self::$table . "` WHERE `id` = " . $id)) { echo $db_connection->error; return 0; } else { removeDirectory($link_to_report_images . $id); removeDirectory($link_to_report_files . $id); $sended = User::FetchBy(['select_list' => 'sended_reports', 'eq_conds' => ['id' => $ob->GetAuthorID()], 'is_unique' => true]); $new_sended = []; foreach ($sended->GetSendedReports() as $key => $repid) { if ($repid != $id) { array_push($new_sended, $repid); } } $rc = $db_connection->query('UPDATE ' . User::$table . ' SET sended_reports = "' . $db_connection->real_escape_string(json_encode($new_sended)) . '" WHERE id = ' . $ob->GetAuthorID()); if (!$rc) { return new Error($db_connection->error, Error::db_error); } $received = User::FetchBy(['select_list' => 'received_reports, id', 'where_addition' => '(received_reports LIKE ("%\\"' . $id . '\\"%"))']); if (Error::IsError($received)) { return $received; } foreach ($received as $key => $user) { $new_received = []; foreach ($user->GetReceivedReports() as $key => $repid) { if ($repid != $id) { array_push($new_received, $repid); } } $rc = $db_connection->query('UPDATE ' . User::$table . ' SET received_reports = "' . $db_connection->real_escape_string(json_encode($new_received)) . '" WHERE id = ' . $user->GetID()); if (!$rc) { return new Error($db_connection->error, Error::db_error); } } return 0; } }
<?php $is_public = false; include_once 'utility_lgmis_lib.php'; include_once $link_to_utility_authorization; clear_tmp_files_dir(MyFile::$type, 0); $perms = MyFile::perm_to_only_empls; $user = User::FetchBy(['select_list' => 'position', 'eq_conds' => ['id' => GetUserID()], 'is_unique' => true]); if ($user->GetPositionNum() == NotEmployeeNum) { $perms = MyFile::perm_to_all_registered; } $header = ''; $content = ''; $footer = ''; if ($perms > MyFile::perm_to_all_registered) { $head_addition = '<script type="text/javascript" src="js/files_upload.js"></script>'; } $head_addition .= '<script type="text/javascript" src="js/file_manager.js"></script>'; $head_addition .= MakeScript('files_type="' . MyFile::$type . '"; author_id=' . GetUserID() . '; max_files=10; files_action="add";'); $content .= '<div style="display: table; width: 100%; height: 80%;">'; $content .= '<div class="row" style="height: 100%; display: table-row;">'; $col_width = 8; if ($perms <= MyFile::perm_to_all_registered) { $col_width = 12; } $content .= '<div class="' . ColAllTypes($col_width) . ' modal-open" style="border: 3px solid #dadada; display: table-cell; float: none;">'; $content .= '<ol class="breadcrumb" id="current_manager_path" align="left">'; $content .= '<li><a href="#" onclick="goUpDir(0);">Home</a></li>'; $content .= '</ol>'; $content .= '<div class="row" id="files_place"></div>'; $content .= '<div id="file_backdrop_area" align="center"></div>';
$content = AlertMessage('alert-danger', Language::Word('access denied')); break; } } if ($content_type === 'received_reps') { $title .= ' :' . Language::Word('received reports'); } else { if ($content_type === 'sended_reps') { $title .= ' :' . Language::Word('sended reports'); } else { $title .= ' :' . Language::Word('all reports'); } } $header = $title; $reports = array(); $user = User::FetchBy(['select_list' => 'id, received_reports, sended_reports', 'eq_conds' => ['id' => GetUserID()], 'is_unique' => true]); $size = 0; $received = array(); $sended = array(); if ($content_type === 'received_reps') { $received = $user->GetReceivedReports(); $size = count($received); } else { if ($content_type === 'sended_reps') { $sended = $user->GetSendedReports(); $size = count($sended); } else { $size = Report::GetCount(); } } if ($size) {
<?php $is_public = true; include_once 'utility_lgmis_lib.php'; include_once $link_to_utility_authorization; if (isset($_POST['id']) && isset($_GET['id']) && $_POST['id'] !== $_GET['id']) { $content = AlertMessage('alert-danger', 'Неоднозначные id'); } else { $user = User::FetchBy(['eq_conds' => ['id' => $_REQUEST['id']], 'is_unique' => true]); $header = ''; $content = ''; $footer = ''; $header_type = 'h3'; $title = Language::Translit($user->GetSurname() . ' ' . $user->GetName() . ' ' . $user->GetFathername()); $header = htmlspecialchars(Language::Translit($user->GetSurname() . ' ' . $user->GetName() . ' ' . $user->GetFathername())); $content .= '<div class="row" align="center">'; $content .= '<div class="' . ColAllTypes(4) . '"><img src="' . Link::Get($user->GetPathToPhoto()) . '" class="img-avatar"></div>'; $content .= '<div class="' . ColAllTypes(8) . '">'; $content .= '<br><div class="row" align="center">'; $content .= '<div class="' . ColAllTypes(6) . '" align="right"><font color="grey">' . Language::Word('position') . ':</font></div>'; $content .= '<div class="' . ColAllTypes(6) . '" align="left">' . $user->GetPosition() . '</div>'; $content .= '</div>'; $articles = Article::FetchCountOf(['where' => 'author_id = ' . $user->GetID()]); $content .= '<div class="row" align="center">'; $content .= '<div class="' . ColAllTypes(6) . '" align="right"><font color="grey">' . Language::Word('news published') . ':</font></div>'; $content .= '<div class="' . ColAllTypes(6) . '" align="left">' . $articles . '</div>'; $content .= '</div>'; $content .= '<hr>'; $content .= ToPageHeader(Language::PublicMenu('contacts'), 'h4', 'grey'); $content .= '<div class="row" align="center">'; $content .= '<div class="' . ColAllTypes(6) . '" align="right"><font color="grey">' . Language::Word('mail') . ':</font></div>';
<?php include_once 'utility_lgmis_lib.php'; //Проверка авторизационных данных if (isset($_POST['exit'])) { session_unset(); session_destroy(); echo Language::Word('you logout') . '<br>'; echo OnStartAdminPage(); exit; } if (isset($_POST['login']) && !isset($_POST['name'])) { if (isset($_POST['enter'])) { if (isset($_POST['login'])) { if (isset($_POST['password'])) { $user = User::FetchBy(['select_list' => 'login, password', 'eq_conds' => ['login' => $_POST['login']], 'is_unique' => true]); if (!password_verify($_POST['password'], $user->GetPassword())) { echo Language::Word('incorrect password') . '<br>' . OnStartAdminPage(); exit; } $_SESSION['user_login'] = $user->GetLogin(); } else { echo Language::Word('it was not succeeded to be authorized') . '<br>' . OnStartAdminPage(); exit; } } else { echo Language::Word('it was not succeeded to be authorized') . '<br>' . OnStartAdminPage(); exit; } } else { echo 'Ошибка 1';
public function ToHTMLUserPrivateShortInTable() { global $content_types_full; $res = '<tr>'; $res .= '<td>' . htmlspecialchars($this->name) . '</td>'; $res .= '<td>' . User::FetchBy(['eq_conds' => ['id' => $this->author_id], 'select_list' => 'id, name, surname', 'is_unique' => true])->LinkToThis() . '</td>'; $res .= '<td>' . date('d : m : Y - H : i', $this->creating_date) . '</td>'; $res .= '<td>' . htmlspecialchars($content_types_full[$this->role]) . '</td>'; $res .= '<td>'; $res .= '<div class="row">'; $res .= '<div class="' . ColAllTypes(4) . '">'; $res .= $this->ToHTMLFullVers(); $res .= '</div>'; $res .= '<div class="' . ColAllTypes(4) . '">'; $res .= $this->ToHTMLEdit(); $res .= '</div>'; $res .= '<div class="' . ColAllTypes(4) . '">'; $res .= $this->ToHTMLDel(); $res .= '</div>'; $res .= '</div>'; $res .= '</td>'; $res .= '</tr>'; return $res; }
public function ToJSON($needed = array('id', 'author_id', 'name', 'annotation', 'creating_date', 'path_to_image', 'text_block')) { $res = array(); if (in_array('id', $needed)) { $res['id'] = $this->id; } if (in_array('author_id', $needed)) { $res['author_id'] = $this->author_id; } if (in_array('author_link', $needed)) { $res['author_link'] = User::FetchBy(['eq_conds' => ['id' => $this->author_id], 'select_list' => 'id, name, surname', 'is_unique' => true])->LinkToThis('btn-sm'); } if (in_array('name', $needed)) { $res['name'] = $this->name; } if (in_array('annotation', $needed)) { $res['annotation'] = $this->annotation; } if (in_array('creating_date', $needed)) { $res['creating_date'] = $this->creating_date; } if (in_array('path_to_image', $needed)) { $res['path_to_image'] = $this->path_to_image; } if (in_array('text_block', $needed)) { $res['text_block'] = $this->text_block; } if (in_array('full_vers_link', $needed)) { $res['full_vers_link'] = $this->ToHTMLFullVers(true); } return json_encode($res); }
public function ToHTMLUserPrivateShortInTable() { $author_login = User::FetchBy(['eq_conds' => ['id' => $this->author_id], 'select_list' => 'login', 'is_unique' => true])->GetLogin(); $res = ''; $res .= '<div class="row">'; $res .= '<div class="' . ColAllTypes(1) . '"></div>'; $res .= '<div class="' . ColAllTypes(10) . '">'; $res .= '<div class="panel panel-default"><div class="panel-body">'; $res .= '<div class="panel panel-default">'; $res .= '<div class="panel-heading" role="tab" id="' . $this->id . '">'; $res .= '<div class="panel-title">'; $res .= '<a data-toggle="collapse" data-parent="#accordion" href="#collapse' . $this->id . '" aria-expanded="false" aria-controls="collapse' . $this->id . '" class="collapsed">'; if (GetUserLogin() === $author_login || GetUserLogin() === 'admin') { $res .= '<div class="row">'; $res .= '<div class="' . ColAllTypes(7) . '">'; } $res .= ToPageHeader(htmlspecialchars($this->name), 'h3', 'black'); if (GetUserLogin() === $author_login || GetUserLogin() === 'admin') { $res .= '</div>'; $res .= '<div class="' . ColAllTypes(5) . '">'; $res .= ToPageHeader(Language::Word('rank') . ': ' . $this->priority, 'h4', 'grey'); $res .= '</div>'; $res .= '</div>'; } $res .= '</a>'; $res .= '</div>'; $res .= '</div>'; $res .= '<div id="collapse' . $this->id . '" class="panel-collapse collapse" role="tabpanel" aria-labelledby="' . $this->id . '" style="height: 0px;" aria-expanded="false">'; $res .= '<div class="panel-body">'; $res .= $this->text_block; $res .= '</div>'; $res .= '</div>'; $res .= '</div>'; if (GetUserLogin() === $author_login || GetUserLogin() === 'admin') { $res .= '<div class="row">'; $res .= '<div class="' . ColAllTypes(4) . '" align="right">'; $res .= $this->ToHTMLEdit(); $res .= '</div>'; $res .= '<div class="' . ColAllTypes(4) . '" align="center">'; $res .= $this->ToHTMLDel(); $res .= '</div>'; $res .= '<div class="' . ColAllTypes(4) . '" align="left">'; $res .= $this->ToHTMLAddLanguage(); $res .= '</div>'; $res .= '</div>'; } $res .= '</div></div>'; $res .= '</div>'; $res .= '</div>'; return $res; }
public function ToHTMLUserPrivateShortInTable() { $author = User::FetchBy(['eq_conds' => ['id' => $this->author_id], 'select_list' => 'id, name, surname, login', 'is_unique' => true]); $res = '<tr>'; $res .= '<td>' . htmlspecialchars($this->name) . '</td>'; $res .= '<td>' . date('d : m : Y - H : i', $this->creating_date) . '</td>'; $res .= '<td>' . $author->LinkToThis() . '</td>'; $res .= '<td>'; $res .= '<div class="row">'; if (GetUserLogin() === $author->GetLogin() || GetUserLogin() === 'admin') { $res .= '<div class="' . ColAllTypes(4) . '">'; } else { $res .= '<div class="' . ColAllTypes(12) . '">'; } $res .= $this->ToHTMLFullVers(); $res .= '</div>'; if (GetUserLogin() === $author->GetLogin() || GetUserLogin() === 'admin') { $res .= '<div class="' . ColAllTypes(4) . '">'; $res .= $this->ToHTMLEdit(); $res .= '</div>'; $res .= '<div class="' . ColAllTypes(4) . '">'; $res .= $this->ToHTMLDel(); $res .= '</div>'; } $res .= '</div>'; $res .= '</td>'; $res .= '</tr>'; return $res; }
?> <li> <form class="navbar-form navbar-left" method="post" action=<?php echo '"' . $link_to_admin_user . '"'; ?> > <input class="btn btn-default" name="full" type="submit" value=<?php echo '"' . Language::Word('my page') . '"'; ?> > <input type="hidden" name="type" value=<?php echo '"' . User::$type . '"'; ?> > <input type="hidden" name="id" value=<?php echo '"' . User::FetchBy(['eq_conds' => ['login' => $_SESSION['user_login']], 'select_list' => 'id', 'is_unique' => true])->GetID() . '"'; ?> > <input type="hidden" name="prev_page" value=<?php echo '"' . $_SERVER['REQUEST_URI'] . '"'; ?> > </form> </li> <li> <form class="navbar-form navbar-left dropdown" method="post" action=""> <div class="input-group"> <input style="min-width: 300px;" id="glob_search_input" placeholder=<?php echo '"' . Language::Word('start to insert something') . '"'; ?> onkeyup="showGlobalSearch(this);" class="form-control" aria-haspopup="true" name="search" type="text">
public function InsertToDB() { global $db_connection; $res = User::FetchBy(['eq_conds' => ['login' => $this->login], 'select_list' => 'id', 'is_unique' => true]); if (!Error::IsError($res)) { self::$last_error = Language::Word('user with such login already exists'); return false; } $name_tmp = $db_connection->real_escape_string($this->name); $surname_tmp = $db_connection->real_escape_string($this->surname); $fathername_tmp = $db_connection->real_escape_string($this->fathername); $login_tmp = $db_connection->real_escape_string($this->login); $email_tmp = $db_connection->real_escape_string($this->email); $telephone_tmp = $db_connection->real_escape_string($this->telephone); $text_tmp = $db_connection->real_escape_string($this->text); $res = $db_connection->query("INSERT INTO `register_requests`\r\n\t\t\t\t(`name`, `surname`, `fathername`, `login`, `password`, `request_time`, `email`, `telephone`, `text`)\r\n\t\t\t\tVALUES\r\n\t\t\t\t('" . $name_tmp . "', '" . $surname_tmp . "', '" . $fathername_tmp . "',\r\n\t\t\t\t\t'" . $login_tmp . "', '" . password_hash($this->password, PASSWORD_DEFAULT) . "', CURRENT_TIMESTAMP, '" . $email_tmp . "', '" . $telephone_tmp . "',\r\n\t\t\t\t\t'" . $text_tmp . "')"); if (!$res) { self::$last_error = $db_connection->error; return false; } return true; }
$content .= '<div class="row">'; $content .= '<div class="' . ColAllTypes(2) . '"></div>'; $content .= '<div class="' . ColAllTypes(8) . ' center-block">'; $content .= '<table class="table table-striped text-center">'; $content .= '<thead>'; $content .= '<tr>'; $content .= '<th class="text-center">' . Language::Word('name') . '</th>'; $content .= '<th class="text-center">' . Language::Word('surname') . '</th>'; $content .= '<th class="text-center">' . Language::Word('position') . '</th>'; $content .= '<th class="text-center">' . Language::Word('actions') . '</th>'; $content .= '</tr>'; $content .= '</thead>'; $content .= '<tbody>'; $from = -1; $to = -1; require $link_to_pagination_init_template; $users = User::FetchBy(['limit' => $count, 'offset' => $from]); for ($i = 0; $i < $count; ++$i) { $content .= $users[$i]->ToHTMLAutoShortForTable(GetUserPrivileges()); } $content .= '</tbody>'; $content .= '</table>'; $content .= '</div>'; $content .= '</div>'; $pagination = ''; require $link_to_pagination_show_template; $content .= $pagination; } else { $content = AlertMessage('alert-danger', Language::Word('error') . ': ' . User::$last_error); } require $link_to_admin_template;
default: break; } break; case 'info': switch ($_REQUEST['type']) { case MyFile::$type: $optional_data = json_decode($_REQUEST['optional_data']); $dir = $optional_data->cur_directory; $dirstr = ''; for ($i = 0, $size = count($dir); $i < $size; ++$i) { $dirstr .= $dir[$i] . '/'; } $my_rights = MyFile::perm_to_all_registered; $author_id = GetUserID(); $iam = User::FetchBy(['select_list' => 'position', 'eq_conds' => array('id' => $author_id), 'is_unique' => true]); if (Error::IsError($iam)) { $content = json_encode(['error' => Error::ToString($obs)]); break; } if ($iam->GetPositionNum() != NotEmployeeNum) { $my_rights = MyFile::perm_to_only_empls; } $obs = MyFile::FetchBy(['select_list' => 'id, name, is_directory, path_to_file, owner_id, permissions', 'order_by' => 'is_directory DESC, name', 'special' => ['file_type', 'link_to_download', 'link_to_delete', 'link_to_edit', 'link_to_link_to_download'], 'eq_conds' => ['path_to_file' => json_encode($dir)], 'is_assoc' => true, 'where_addition' => 'permissions <= ' . $my_rights]); if (Error::IsError($obs)) { $content = json_encode(["error" => Error::ToString($obs)]); break; } $content = json_encode($obs); break; default: