/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if (!$this->user->isAdmin()) {
return redirect()->guest('admin/login');
}
return $next($request);
}
/**
* @covers User::setIsAdmin
* @covers User::isAdmin
*/
public function testSetIsAdmin()
{
$actual = $this->user->isAdmin();
$this->assertNull($actual);
$this->user->setIsAdmin(true);
$actual = $this->user->isAdmin();
$this->assertTrue($actual);
}
public function deleteAction()
{
$id = $this->_getParam('id');
$userInfo = Zend_Auth::getInstance()->getStorage()->read();
$user = new User($userInfo->id);
if ($user->isAdmin()) {
if (!is_null($id)) {
$file = StoredFile::Recall($id);
if (PEAR::isError($file)) {
$this->view->message = $file->getMessage();
return;
} else {
if (is_null($file)) {
$this->view->message = "file doesn't exist";
return;
}
}
$res = $file->delete();
if (PEAR::isError($res)) {
$this->view->message = $res->getMessage();
return;
} else {
$res = settype($res, "integer");
$data = array("filepath" => $file->getFilePath(), "delete" => $res);
RabbitMq::SendMessageToMediaMonitor("file_delete", $data);
}
}
$this->view->id = $id;
}
}
public function assertAdmin()
{
$this->assertLoggedIn();
if (!User::isAdmin()) {
die("You must be an admin to enter.");
}
}
public function __construct()
{
$this->user = Sentry::getUser();
$this->isAdmin = User::isAdmin($this->user);
$this->logged_in_for = $this->user->last_login->diffForHumans();
$this->configs = Setting::getSiteSettings();
}
function __construct($view, $method = null, $parameters = null)
{
//instantiate the load class
$this->view = new View();
new Model();
//check if the user is logged in
$u = new User();
//check access to the page
if ($this->access == 1 && !$u->isAdmin()) {
$_SESSION['redirect'] = $view;
header("location: " . BASE_URL . 'login/');
} else {
//run any task methods
if ($method) {
$this->runTask($method, $parameters);
} else {
$this->index();
$method = 'index';
}
//render the view
if (file_exists('views/' . strtolower($view) . '/' . strtolower($method) . '.php')) {
$this->view->load($view, $method, $this->data);
} else {
$this->view->load($view, 'index', $this->data);
}
}
}
function checkAccess($access = 'n', $mute = 'f', $target = '', $load_header = false)
{
global $SETTINGS;
$granted = false;
if (empty($user)) {
require_once 'includes/user.php';
$user = new User();
}
if ($access == 'a') {
$granted = $user->isLoggedIn() && $user->isAdmin();
} else {
$granted = $user->isLoggedIn();
}
if (!$granted) {
if ($mute == 'f') {
if ($load_header) {
require_once "header.php";
}
$loginLink = $SETTINGS['path_mod'] . "login.php";
if ($target != "") {
$loginLink .= "\" target=\"_{$target}";
}
if ($access == 'n') {
echo "<h2>" . T_("Protected Area") . "</h2>\n<p class=\"error\">" . T_("You are not logged in, or your session has expired") . ".</p><p>" . T_("Only registered users can access this page") . ".<br>\n" . sprintf(T_("Please <a href=\"%s\">login</a> into your account from the login page"), $loginLink) . ".</p>\n";
} else {
echo "<h2>" . T_("Protected Area") . "</h2>\n<p class=\"error\">" . T_("This is a protected area") . ".</p><p>" . T_("Only admin users can access this page") . ".<br>\n" . sprintf(T_("Please <a href=\"%s\">login</a> into your account from the login page"), $loginLink) . ".</p>\n";
}
}
}
return $granted;
}
function add($postArray)
{
if (User::isAdmin()) {
$bm = BandMember::get($postArray['member_id']);
} else {
$uo = User::getCurrent();
$bm = BandMember::getByUserID($uo->getID());
}
if (db::isError($bm)) {
return $bm;
}
$db = new db();
$member_id = $bm->getID();
$title = $db->sanitize_to_db($postArray['title']);
$_dt = strtotime($postArray['date']);
$dt = date('Y-m-d', $_dt) . ' ' . $postArray['time'];
$dateTime = date("Y-m-d H:i:s", strtotime($dt));
$body = $db->sanitize_to_db($postArray['body']);
if (!$title) {
$title = '(untitled)';
}
$r = @mysql_query("insert into Band_Diaries (title, member_id, date_time, body, is_active) values ('{$title}','{$member_id}','{$dateTime}','{$body}'," . DEFAULT_ACTIVE . ")");
if (!$r) {
return Error::MySQL();
} else {
$bd = BandMemberDiary::get(mysql_insert_id());
return $bd;
}
}
function validateMediaOperation($opType = "ADD", $mediaObject = null)
{
$e = new Error();
// called automatically by the m2 functions that add media, when passed the object
// opType allows us to distinguish between adding, editing, updating, etc... but most times
// the same check will work for all operation types
if ($opType == "UPDATEINFO") {
if (!User::isAdmin()) {
$e->add("Only an admin user may edit media areas.");
return $e;
}
}
if ($opType == "RESCAN") {
if (!User::isAdmin()) {
$e->add("Only an admin user may rescan media.");
return $e;
}
}
if (!$this->areaObject->isGeneralMedia()) {
$e->add("You cannot directly move or edit an area that is not generally accessible.");
return $e;
} else {
if (!User::isAdmin()) {
$e->add("Only an admin user may modify general media.");
return $e;
}
}
// if we get this far...
return true;
}
function checkIfOwnAccountRedirect($userId, $id, $redirect)
{
if ($id === $_SESSION['userId'] || User::isAdmin($userId) === 1) {
return true;
}
header($redirect);
}
public function index()
{
$user = Sentry::getUser();
$isAdmin = User::isAdmin($user);
$configs = Setting::getSiteSettings();
$logged_in_for = $user->last_login->diffForHumans();
return View::make('backend.dashboards.index', ['user' => $user, 'isAdmin' => $isAdmin, 'configs' => $configs, 'logged_in_for' => $logged_in_for, 'activeParent' => 'index', 'active' => 'index']);
}
public function erase(User $user)
{
if ($user->isModerator() || $user->isAdmin()) {
ModoAction::create(array('id' => ModoAction::generateId(6), 'user_id' => $user->id, 'type' => 'delete_comment', 'target' => $this->id, 'timestamp' => Utils::tps()));
}
ChannelAction::table()->delete(array("type" => "comment", "complementary_id" => $this->id));
$this->delete();
}
public static function check_admin()
{
$user_id = $_SESSION['user'];
$user = User::find($user_id);
if (User::isAdmin($user_id) == NULL) {
Redirect::to('/login', array('message' => 'Et ole admin'));
}
}
public function indexAction()
{
$request = $this->getRequest();
$baseUrl = $request->getBaseUrl();
$this->view->headScript()->appendFile($baseUrl . '/js/datatables/js/jquery.dataTables.min.js', 'text/javascript');
$this->view->headScript()->appendFile($baseUrl . '/js/airtime/nowplaying/nowplayingdatagrid.js', 'text/javascript');
$this->view->headScript()->appendFile($baseUrl . '/js/airtime/nowplaying/nowview.js', 'text/javascript');
$refer_sses = new Zend_Session_Namespace('referrer');
$userInfo = Zend_Auth::getInstance()->getStorage()->read();
$user = new User($userInfo->id);
if ($request->isPost()) {
$form = new Application_Form_RegisterAirtime();
$values = $request->getPost();
if ($values["Publicise"] != 1) {
Application_Model_Preference::SetSupportFeedback($values["SupportFeedback"]);
// unset session
Zend_Session::namespaceUnset('referrer');
} else {
if ($values["Publicise"] == '1' && $form->isValid($values)) {
Application_Model_Preference::SetHeadTitle($values["stnName"], $this->view);
Application_Model_Preference::SetPhone($values["Phone"]);
Application_Model_Preference::SetEmail($values["Email"]);
Application_Model_Preference::SetStationWebSite($values["StationWebSite"]);
Application_Model_Preference::SetPublicise($values["Publicise"]);
$form->Logo->receive();
$imagePath = $form->Logo->getFileName();
Application_Model_Preference::SetStationCountry($values["Country"]);
Application_Model_Preference::SetStationCity($values["City"]);
Application_Model_Preference::SetStationDescription($values["Description"]);
Application_Model_Preference::SetStationLogo($imagePath);
Application_Model_Preference::SetSupportFeedback($values["SupportFeedback"]);
// unset session
Zend_Session::namespaceUnset('referrer');
} else {
var_dump($form->getMessages());
$logo = Application_Model_Preference::GetStationLogo();
if ($logo) {
$this->view->logoImg = $logo;
}
$this->view->dialog = $form;
$this->view->headScript()->appendFile($baseUrl . '/js/airtime/nowplaying/register.js', 'text/javascript');
}
}
} else {
//popup if previous page was login
if ($refer_sses->referrer == 'login' && Application_Model_Nowplaying::ShouldShowPopUp() && !Application_Model_Preference::GetSupportFeedback() && $user->isAdmin()) {
$form = new Application_Form_RegisterAirtime();
$logo = Application_Model_Preference::GetStationLogo();
if ($logo) {
$this->view->logoImg = $logo;
}
$this->view->dialog = $form;
$this->view->headScript()->appendFile($baseUrl . '/js/airtime/nowplaying/register.js', 'text/javascript');
}
}
}
public static function getUsers($page)
{
if (!User::isModerator() and !User::isAdmin()) {
throw new Exception("Invalid Access!");
}
$limit = 30;
$offset = ($page - 1) * $limit;
$users = Db::query("SELECT * FROM zz_users ORDER BY id LIMIT {$offset}, {$limit}", array(), 0);
return $users;
}
/**
* @param User $user
* @return bool
*/
public function canViewUser(User $user)
{
// Only administrator can view admin profile
if (!$this->getUser()->isAdmin() && $user->isAdmin()) {
return false;
}
// Carrier can view only his profile
if ($this->getUser()->isCarrier() && $this->getUser()->id !== $user->id) {
return false;
}
return true;
}
public function testRoles()
{
$user = new User();
$user->role = User::ROLE_ADMIN;
$this->assertTrue($user->isAdmin());
$this->assertTrue($user->hasRole(User::ROLE_ADMIN));
$this->assertTrue($user->hasRole(User::ROLE_POWER));
$this->assertTrue($user->hasRole(User::ROLE_USER));
$user->role = User::ROLE_USER;
$this->assertTrue($user->hasRole(User::ROLE_USER));
$this->assertFalse($user->hasRole(User::ROLE_ADMIN));
}
public function __construct()
{
$this->user = Sentry::getUser();
$this->isAdmin = User::isAdmin($this->user);
$this->logged_in_for = $this->user->last_login->diffForHumans();
$this->configs = Setting::getSiteSettings();
$this->paginate = Addressbook::getRecordsPerPage();
$this->orderBy = Addressbook::getOrderBy();
$this->cacheMinutes = 30;
$this->rules = Addressbook::$rules;
$this->activeParent = 'lists';
}
/**
* Get a single tag.
*
* @param string $tag A string of the tag
* @return array Tag object augmented with a "weight" property.
*/
public function getTag($tag = null)
{
$userObj = new User();
$tagField = $userObj->isAdmin() ? 'countPrivate' : 'countPublic';
$tag = $this->db->getTag($tag);
if (!$tag || $tag[$tagField] == 0) {
return false;
}
$tag['count'] = intval($tag[$tagField]);
unset($tag['countPrivate'], $tag['countPublic']);
return $tag;
}
function checkIfOwnPostRedirect($userId, $id, $redirect)
{
$return = [];
$returned_set = $GLOBALS['db']->query('SELECT id FROM post WHERE author=' . $userId);
while ($result = $returned_set->fetchArray()) {
$return[] = (string) $result['id'];
}
if (in_array($id, $return, true) || User::isAdmin($userId) === 1) {
return true;
}
header($redirect);
}
public function __construct()
{
$this->user = Sentry::getUser();
$this->isAdmin = User::isAdmin($this->user);
$this->logged_in_for = $this->user->last_login->diffForHumans();
$this->configs = Setting::getSiteSettings();
$this->paginate = User::getRecordsPerPage($this->user->id);
$this->orderBy = User::getOrderBy($this->user->id);
$this->rules = User::$rules;
$this->editRules = User::$editRules;
$this->newUserRules = User::$newUserRules;
$this->activeParent = 'users';
}
function checkAdminRedirect($redirect)
{
//Check if username exists in session, to make sure that user is logged in
if (isset($_SESSION['userId'])) {
//Get hash from database and check if hash and id in session match, to make sure user is correctly logged in
$user = new User();
if ($user->isAdmin($_SESSION['userId']) === 1) {
return true;
}
header($redirect);
}
header($redirect);
}
/**
* Creates a query that is restricted to bookings belonging to the specified account.
* This function will INNER JOIN "transaction_booking", "transaction" and
* "booking_type" and will fetch the latter. Use {@link BookingQuery::with()}
* if you wish to fetch records from the joined tables.
*
* @param User $user The user object.
* @return BookingQuery
*/
private function createBookingQuery(User $user, PropelPDO $con = null)
{
$account = $user->getAccount($con);
if ($account === null) {
throw new Exception('Could not determine account the user "' . $user->getName() . '" belongs to.');
}
$query = BookingQuery::create()->joinTransaction()->joinWithBookingType();
$accessCriterion = $query->getNewCriterion(TransactionPeer::USER_ID, $user->getId());
if ($user->isAdmin()) {
$accessCriterion->addOr($query->getNewCriterion(BookingTypePeer::ACCOUNT_ID, $account->getId()));
}
return $query->add($accessCriterion);
}
public function execute(\DOMElement $apiDocument)
{
$username = isset($_GET['user']) ? trim($_GET['user']) : '';
if ($username == '') {
throw new ApiException("Please specify a username");
}
$userElement = $this->document->createElement("user");
$userElement->setAttribute("name", $username);
$apiDocument->appendChild($userElement);
$this->database = gGetDb();
$this->user = \User::getByUsername($username, $this->database);
if ($this->user === false) {
$userElement->setAttribute("missing", "true");
return $apiDocument;
}
$userElement->setAttribute("level", $this->user->getStatus());
$userElement->setAttribute("created", $this->getAccountsCreated());
$userElement->setAttribute("today", $this->getToday());
if ($this->user->isAdmin()) {
$this->fetchAdminData($userElement);
}
return $apiDocument;
}
public function __construct()
{
$this->user = Sentry::getUser();
$this->isAdmin = User::isAdmin($this->user);
$this->logged_in_for = $this->user->last_login->diffForHumans();
$this->configs = Setting::getSiteSettings();
// $this->paginate = Subscriber::getRecordsPerPage();
// $this->orderBy = Subscriber::getOrderBy();
// $this->cacheMinutes = 30;
$this->rules = Email::$rules;
$this->draftRules = Draft::$rules;
// $this->editRules = Subscriber::$editRules;
$this->activeParent = 'emails';
}
public function __construct()
{
$this->user = Sentry::getUser();
$this->isAdmin = User::isAdmin($this->user);
$this->logged_in_for = $this->user->last_login->diffForHumans();
$this->configs = Setting::getSiteSettings();
$this->paginate = Maillist::getRecordsPerPage();
$this->orderBy = Maillist::getOrderBy();
$this->cacheMinutes = 30;
$this->rules = Maillist::$rules;
$this->activeParent = 'lists';
$this->subscriberRules = Subscriber::$rules;
$this->fileSizeRules = Subscriber::$fileRules;
}
/**
* Checks if explicit plugin invocation is allowed.
*
* @return bool
*/
private function executionAllowed(User $user, Plugin $plugin)
{
if ($user->isAdmin()) {
return true;
}
$entity = $plugin->getEntity();
$event = $plugin->getEvent();
if ((string) $entity === '' or (string) $event === '') {
return false;
}
// Check if entire entity is white-listed
if (!empty(self::$pluginNonAdminWhitelist[$entity]) and self::$pluginNonAdminWhitelist[$entity] === true) {
return true;
}
// Check if entity / event combination is white-listed
return !empty(self::$pluginNonAdminWhitelist[$entity][$event]);
}
function getNavigation()
{
if (Bloggy::checkSession()) {
$pages = [0 => ['link' => 'Create', 'name' => '{TXT_BLOG_NAVIGATION_CREATE}'], 1 => ['link' => 'Posts', 'name' => '{TXT_BLOG_NAVIGATION_POSTS}'], 2 => ['link' => 'Account', 'name' => '{TXT_BLOG_NAVIGATION_ACCOUNT}'], 3 => ['link' => 'Logout', 'name' => '{TXT_BLOG_NAVIGATION_LOGOUT}']];
$user = new User();
if ($user->isAdmin($_SESSION['userId']) == '1') {
$pageAdmin = [0 => ['link' => 'Admin', 'name' => '{TXT_BLOG_NAVIGATION_ADMIN}']];
array_splice($pages, 3, 0, $pageAdmin);
}
} else {
$pages = [0 => ['link' => 'Login', 'name' => '{TXT_BLOG_NAVIGATION_LOGIN}']];
}
$navigation = '';
foreach ($pages as &$page) {
$navigation = $navigation . '<li><a href=\'{PATH_OFFSET}/{LANGUAGE}/' . $page['link'] . '\'>' . $page['name'] . '</a></li>';
}
return $navigation;
}
public function checkAccess(User $user)
{
if ($user->isAdmin()) {
return Acl::ADMINISTRATOR;
}
$perms = $this->permissions;
if (array_key_exists($user->id, $perms['users'])) {
return $perms['users'][$user->id];
}
$groups = $perms['groups'];
$prms = array(0);
foreach ($groups as $group => $role) {
$oGroup = Group::getGroupById($group);
if ($oGroup->hasMember($user)) {
$prms[] = $role;
}
}
return max($prms);
}
public function authorizePost()
{
$userObj = new User();
if (!$userObj->isAdmin()) {
$this->route->run('/error/403', EpiRoute::httpGet);
die;
}
if (!isset($_POST['name']) || empty($_POST['name'])) {
$this->route->run('/error/500', EpiRoute::httpGet);
die;
}
// TODO make permissions an array
$consumerKey = getCredential()->create($_POST['name'], array());
if (!$consumerKey) {
getLogger()->warn(sprintf('Could not add credential for: %s', json_encode($consumerKey)));
$this->route->run('/error/500', EpiRoute::httpGet);
die;
}
$consumer = getDb()->getCredential($consumerKey);
$token = $consumer['userToken'];
$tokenType = Credential::typeRequest;
if (isset($_POST['tokenType']) && $_POST['tokenType'] === 'access') {
$tokenType = Credential::typeAccess;
}
$res = getCredential()->convertToken($consumer['id'], $tokenType);
if (!$res) {
getLogger()->warn(sprintf('Could not convert credential for: %s', json_encode($token)));
$this->route->run('/error/500', EpiRoute::httpGet);
die;
}
// we have to fetch this again to have the consumer key and secret
$consumer = getDb()->getCredentialByUserToken($token);
$callback = null;
$separator = '?';
if (isset($_GET['oauth_callback'])) {
$callback = $_GET['oauth_callback'];
if (stripos($callback, '?') !== false) {
$separator = '&';
}
}
$callback .= "{$separator}oauth_consumer_key={$consumer['id']}&oauth_consumer_secret={$consumer['clientSecret']}&oauth_token={$consumer['userToken']}&oauth_token_secret={$consumer['userSecret']}&oauth_verifier={$consumer['verifier']}";
$this->route->redirect($callback, null, true);
}
