public function testIsSuperAdmin()
{
//normal operation
$admin = factory(\User::class, 'admin')->create();
$this->assertEquals(true, User::isSuperAdmin($admin));
//user not admin
$user = factory(\User::class, 'user')->create();
$this->assertEquals(User::isSuperAdmin($user), false);
//admin not activated
$nonActivated = factory(\User::class, 'admin')->create(['activated' => false]);
$this->assertEquals(User::isSuperAdmin($nonActivated), false);
}
public static function adminRegister($frm_submitted, $bln_activate = false)
{
global $obj_db;
$bln_insert = false;
if (User::isSuperAdmin()) {
$usertype = 'admin';
$admin_group = $_SESSION['calendar-uid']['uid'];
$bln_insert = true;
} else {
if (User::isAdmin()) {
$usertype = 'user';
$admin_group = $_SESSION['calendar-uid']['uid'];
$bln_insert = true;
}
}
if ($bln_insert) {
$str_query = 'INSERT INTO users ( `firstname` ,`infix` ,`lastname` ,`username`,`password` ,`email` ,`registration_date` ,' . '`birth_date`, `active`, `ip`, `country`, `country_code`, `usertype`, `admin_group`) VALUES (' . '"' . $frm_submitted['firstname'] . '",' . '"' . $frm_submitted['infix'] . '",' . '"' . $frm_submitted['lastname'] . '",' . '"' . $frm_submitted['username'] . '",' . '"' . self::getPasswordHashcode($frm_submitted['password']) . '",' . '"' . $frm_submitted['email'] . '",' . 'NOW(),' . '"",' . '1,' . '"' . $_SERVER['REMOTE_ADDR'] . '",' . '"",' . '"",' . '"' . $usertype . '",' . $admin_group . ')';
$res = mysqli_query($obj_db, $str_query);
return $res;
}
return false;
}
function undeleteCalendar()
{
global $error;
global $obj_smarty;
$arr_submit = array(array('cid', 'int', true, ''));
$frm_submitted = validate_var($arr_submit);
if (User::isUser() || User::isAdmin() || User::isSuperAdmin()) {
$arr_user = User::getUser();
$bln_success = Calendar::undeleteCalendar($frm_submitted['cid']);
if ($bln_success) {
$obj_smarty->assign('msg', 'Calendar is back again');
}
$language = Settings::getSetting('language', $arr_user['user_id']);
$obj_smarty->assign('language', $language);
$arr_calendars = Calendar::getCalendarsOfUser($arr_user['user_id']);
$obj_smarty->assign('calendars', $arr_calendars);
$obj_smarty->assign('active', 'calendars');
} else {
$obj_smarty->assign('error', 'NO rights to undelete this calendar');
}
$obj_smarty->display(FULLCAL_DIR . '/view/user_panel.tpl');
exit;
}
<?php
/*
* Created on 14-sep-2014
*
* To change the template for this generated file go to
* Window - Preferences - PHPeclipse - PHP - Code Templates
*/
require_once '../../include/default.inc.php';
if (User::isLoggedIn()) {
header("Cache-Control: no-cache, must-revalidate");
$arr_user = User::getUser();
$bln_user = User::isUser();
$bln_admin = User::isAdmin();
$bln_superadmin = User::isSuperAdmin();
if ($bln_superadmin) {
$obj_smarty->assign('active', 'admin');
$obj_smarty->display(FULLCAL_DIR . '/view/admin_panel.tpl');
exit;
}
$obj_smarty->assign('name', $arr_user['firstname'] . ' ' . (!empty($arr_user['infix']) ? $arr_user['infix'] : '') . $arr_user['lastname']);
$obj_smarty->assign('user', $_SESSION['calendar-uid']['username']);
$obj_smarty->assign('user_id', $_SESSION['calendar-uid']['uid']);
$obj_smarty->assign('is_user', $bln_user);
$obj_smarty->assign('is_admin', $bln_admin);
$obj_smarty->assign('is_super_admin', $bln_superadmin);
$language = Settings::getLanguage($arr_user['user_id']);
$obj_smarty->assign('language', $language);
$obj_smarty->assign('current_languages', $current_languages);
// global var
if (User::isAdmin()) {
public static function deleteEvent($frm_submitted)
{
global $obj_db;
if (isset($frm_submitted['delete_all']) && $frm_submitted['delete_all'] === true && isset($frm_submitted['rep_event_id']) && $frm_submitted['rep_event_id'] > 0) {
// part of repeat , delete all items
$str_query = 'DELETE FROM events WHERE repeating_event_id = ' . $frm_submitted['rep_event_id'] . ' AND user_id = ' . $_SESSION['calendar-uid']['uid'];
$obj_result = mysqli_query($obj_db, $str_query);
if ($obj_result !== false) {
// delete row from repeating_events
$str_query = 'DELETE FROM repeating_events WHERE rep_event_id = ' . $frm_submitted['rep_event_id'];
$obj_result = mysqli_query($obj_db, $str_query);
if ($obj_result !== false) {
return true;
}
}
} else {
if ($frm_submitted['rep_event_id'] > 0) {
// part of repeat , delete only this one
$str_query = 'DELETE FROM events WHERE event_id = ' . $frm_submitted['event_id'] . ' AND user_id = ' . $_SESSION['calendar-uid']['uid'];
$obj_result = mysqli_query($obj_db, $str_query);
// the pattern is broken, put bln_broken in db,
// so that we know it that we have to show the repair pattern button
$str_update_query = 'UPDATE repeating_events SET bln_broken = 1 WHERE rep_event_id = ' . $frm_submitted['rep_event_id'];
$res = mysqli_query($obj_db, $str_update_query);
if ($obj_result !== false) {
// check if there is only one item left in this repeat,
// if yes then delete row in repeating_events table and set repeating_event_id to 0 in events table
if (self::OneHasLeftOfThisRepeat($frm_submitted['rep_event_id'])) {
$str_query = 'DELETE FROM repeating_events WHERE rep_event_id = ' . $frm_submitted['rep_event_id'];
$obj_result = mysqli_query($obj_db, $str_query);
if ($obj_result !== false) {
// update row
//$str_update_query = 'UPDATE events SET repeating_event_id = 0 WHERE event_id = '.$frm_submitted['event_id'];
$str_update_query = 'UPDATE events SET repeating_event_id = 0 WHERE repeating_event_id = ' . $frm_submitted['rep_event_id'];
$obj_result = mysqli_query($obj_db, $str_query);
if ($obj_result !== false) {
return true;
}
} else {
echo 'Error while trying to delete the row in repeating_events table';
}
}
return true;
} else {
echo 'Error while trying to delete the event';
}
} else {
/*
* normal event
*/
$str_query = 'DELETE FROM events WHERE event_id = ' . $frm_submitted['event_id'];
$bln_admin_and_full_control = ADMIN_HAS_FULL_CONTROL && (User::isAdmin() || User::isSuperAdmin());
if (User::isOwner() || $bln_admin_and_full_control) {
// dont need to search on user_id
} else {
$str_query .= ' AND user_id = ' . $_SESSION['calendar-uid']['uid'];
}
$obj_result = mysqli_query($obj_db, $str_query);
if ($obj_result !== false) {
return true;
}
}
}
return false;
}
function adminRegister()
{
if (User::isLoggedIn() && (User::isAdmin() || User::isSuperAdmin())) {
global $error;
$use_captcha = true;
global $obj_smarty;
$bln_success = false;
$arr_submit = array(array('lastname', 'textonly', true, ''), array('password', 'string', true, ''), array('username', 'string', true, ''), array('email', 'string', true, ''));
$frm_submitted = validate_var($arr_submit);
if (!$error) {
global $obj_db;
$arr_user = null;
// check if username does not exist
$str_query = 'SELECT * FROM `users` ' . ' WHERE `username` = "' . $frm_submitted['username'] . '"';
$res1 = mysqli_query($obj_db, $str_query);
if ($res1 !== false) {
$arr_user = mysqli_fetch_array($res1, MYSQLI_ASSOC);
}
if (!is_null($arr_user) && !empty($res1)) {
echo 'Username already exists';
} else {
// check mailaddress
$str_query = 'SELECT * FROM `users` ' . ' WHERE `email` = "' . $frm_submitted['email'] . '"';
$res2 = mysqli_query($obj_db, $str_query);
if ($res2 !== false) {
$arr_user2 = mysqli_fetch_array($res2, MYSQLI_ASSOC);
}
if (!is_null($arr_user2) && !empty($res2)) {
echo 'Email already exists';
} else {
$bln_success = User::adminRegister($frm_submitted, true);
}
if ($bln_success === false) {
echo 'Admin must be logged in';
}
}
} else {
echo $error;
}
if ($bln_success) {
echo 'User inserted successfully';
}
} else {
echo 'No admin is logged in or you have no rights to do this';
}
}
function getDeletedCalendars()
{
global $obj_smarty;
if (User::isLoggedIn()) {
$arr_user = User::getUser();
if (User::isSuperAdmin()) {
$arr_calendars = Calendar::getCalendars(true, true);
$obj_smarty->assign('calendars', $arr_calendars);
} else {
if (User::isAdmin()) {
$arr_calendars = Calendar::getCalendarsOfAdmin($arr_user['user_id'], true);
$obj_smarty->assign('calendars', $arr_calendars);
}
}
}
$obj_smarty->assign('active', 'calendars');
$obj_smarty->display(FULLCAL_DIR . '/view/admin_panel.tpl');
exit;
}
public static function getLists($frm_submitted)
{
global $obj_db;
$default_period = -1;
$workday_hours = -1;
$calendar_id = $frm_submitted['cid'];
if (User::isLoggedIn()) {
$arr_user = User::getUser();
$default_period = Settings::getSetting('hourcalculation_default_period', $arr_user['user_id']);
$workday_hours = Settings::getSetting('hourcalculation_workday_hours', $arr_user['user_id']);
if (!is_numeric($default_period) || $default_period < 0 || $default_period > 100) {
$default_period = 6;
}
if ($workday_hours < 0 || $workday_hours > 24) {
$workday_hours = 8;
}
}
$arr_users = array();
$arr_list = array();
if ($workday_hours < 0) {
if (!defined('HOURCALCULATION_WORKDAY_HOURS') || HOURCALCULATION_WORKDAY_HOURS < 0 || HOURCALCULATION_WORKDAY_HOURS > 24) {
define('HOURCALCULATION_WORKDAY_HOURS', 8);
}
$workday_hours = HOURCALCULATION_WORKDAY_HOURS;
if ($workday_hours < 0 || $workday_hours > 24) {
$workday_hours = 8;
}
}
if ($default_period < 0) {
if (!defined('HOURCALCULATION_DEFAULT_PERIOD')) {
define('HOURCALCULATION_DEFAULT_PERIOD', 6);
}
$default_period = HOURCALCULATION_DEFAULT_PERIOD;
if (!is_numeric($default_period) || $default_period < 0 || $default_period > 100) {
$default_period = 6;
}
}
$period_startdate = date('Y-m-d', strtotime('-' . $default_period . ' MONTHS'));
$period_enddate = date('Y-m-d');
if (!empty($frm_submitted['st'])) {
$arr_startdate = explode('/', $frm_submitted['st']);
$arr_enddate = explode('/', $frm_submitted['end']);
if (substr(DATEPICKER_DATEFORMAT, 0, 2) == 'mm') {
$period_startdate = $arr_startdate[2] . '-' . $arr_startdate[0] . '-' . $arr_startdate[1];
$period_enddate = $arr_enddate[2] . '-' . $arr_enddate[0] . '-' . $arr_enddate[1];
} else {
$period_startdate = $arr_startdate[2] . '-' . $arr_startdate[1] . '-' . $arr_startdate[0];
$period_enddate = $arr_enddate[2] . '-' . $arr_enddate[1] . '-' . $arr_enddate[0];
}
}
$str_query = '';
if (User::isSuperAdmin()) {
$str_query = 'SELECT user_id, active, concat_ws(" ",firstname,infix,lastname) as fullname FROM users WHERE `usertype` = "user" ';
} else {
if (User::isAdmin()) {
$str_query = 'SELECT user_id, active, concat_ws(" ",firstname,infix,lastname) as fullname FROM users WHERE `usertype` = "user" AND `admin_group` = ' . $arr_user['user_id'];
}
}
if (!empty($str_query)) {
$obj_result = mysqli_query($obj_db, $str_query);
if ($obj_result !== false) {
while ($arr_line = mysqli_fetch_array($obj_result, MYSQLI_ASSOC)) {
$arr_users[] = $arr_line;
}
}
foreach ($arr_users as &$user) {
$cnt_days = 0;
$cnt_hours = 0;
// find how many days
$str_query = 'SELECT * FROM events WHERE user_id = ' . $user['user_id'] . ' AND date_start >= "' . $period_startdate . '" AND date_end <= "' . $period_enddate . '"';
if ($calendar_id == 'all') {
} else {
if ($calendar_id > 0) {
$str_query .= ' AND `calendar_id` = ' . $calendar_id;
}
}
$obj_result = mysqli_query($obj_db, $str_query);
if ($obj_result->num_rows > 0) {
if ($obj_result !== false) {
while ($arr_line = mysqli_fetch_array($obj_result, MYSQLI_ASSOC)) {
if ($arr_line['date_start'] == $arr_line['date_end']) {
// oneday event
if ($arr_line['allDay']) {
$cnt_hours += $workday_hours;
} else {
$cnt_hours += (strtotime($arr_line['date_end'] . ' ' . $arr_line['time_end']) - strtotime($arr_line['date_start'] . ' ' . $arr_line['time_start'])) / 3600;
}
$cnt_days++;
} else {
// moredays event
$days_in_between = Utils::getDaysBetween($arr_line['date_start'], $arr_line['date_end']);
foreach ($days_in_between as $event_date) {
if ($arr_line['allDay']) {
$cnt_hours += $workday_hours;
} else {
// ignore the nights
$cnt_hours += (strtotime($event_date . ' ' . $arr_line['time_end']) - strtotime($event_date . ' ' . $arr_line['time_start'])) / 3600;
// else
//$cnt_hours += (strtotime($arr_line['date_end'].' '.$arr_line['time_end']) - strtotime($arr_line['date_start'].' '.$arr_line['time_start'])) / 3600;
}
$cnt_days++;
}
}
}
$user['days'] = $cnt_days;
$user['hours'] = round($cnt_hours, 2);
}
//return $arr_users;
}
}
}
$arr_startdate_tmp = explode('-', $period_startdate);
$arr_enddate_tmp = explode('-', $period_enddate);
if (substr(DATEPICKER_DATEFORMAT, 0, 2) == 'mm') {
$arr_startdate_in_correct_format = $arr_startdate_tmp[1] . '/' . $arr_startdate_tmp[2] . '/' . $arr_startdate_tmp[0];
$arr_enddate_in_correct_format = $arr_enddate_tmp[1] . '/' . $arr_enddate_tmp[2] . '/' . $arr_enddate_tmp[0];
} else {
$arr_startdate_in_correct_format = $arr_startdate_tmp[2] . '/' . $arr_startdate_tmp[1] . '/' . $arr_startdate_tmp[0];
$arr_enddate_in_correct_format = $arr_enddate_tmp[2] . '/' . $arr_enddate_tmp[1] . '/' . $arr_enddate_tmp[0];
}
return array('users' => $arr_users, 'startdate' => $arr_startdate_in_correct_format, 'enddate' => $arr_enddate_in_correct_format);
//return array();
}
function undeleteUser()
{
global $error;
global $obj_smarty;
$arr_submit = array(array('uid', 'int', true, ''));
$frm_submitted = validate_var($arr_submit);
$bln_admin = User::isAdmin();
$bln_superadmin = User::isSuperAdmin();
if ($bln_superadmin) {
if (User::isAdmin($frm_submitted['uid'])) {
$bln_success = User::undeleteAdmin($frm_submitted['uid']);
if ($bln_success) {
$obj_smarty->assign('msg', 'Admin is back again');
}
$arr_users = User::getAdmins(true, true);
// admins of this superadmin
$obj_smarty->assign('users', $arr_users);
} else {
$obj_smarty->assign('error', 'NO rights to undelete this user');
}
} else {
if ($bln_admin) {
if (User::isAdminUser($frm_submitted['uid'])) {
$bln_success = User::undeleteUser($frm_submitted['uid']);
if ($bln_success) {
$obj_smarty->assign('msg', 'User is back again');
}
//$arr_users = getUsers();
$arr_users = User::getAdminUsers(true, true);
// users of this admin
$obj_smarty->assign('users', $arr_users);
} else {
$obj_smarty->assign('error', 'NO rights to undelete this user');
}
}
}
$obj_smarty->assign('active', 'users');
$obj_smarty->display(FULLCAL_DIR . '/view/admin_panel.tpl');
exit;
}
/**
*
* @param type $int_cal_id
* @return type
*/
public static function getPermissions($int_cal_id)
{
$arr_cal = Calendar::getCalendar($int_cal_id);
$can_view = (bool) $arr_cal['can_view'];
// can view detail
$can_add = (bool) $arr_cal['can_add'];
$can_edit = (bool) $arr_cal['can_edit'];
$can_delete = (bool) $arr_cal['can_delete'];
$can_change_color = (bool) $arr_cal['can_change_color'];
$can_see_dditems = $can_add && !ONLY_ADMIN_CAN_SEE_DRAG_DROP_ITEMS;
// only_owner , only_loggedin_users of everyone
/*
* IF LOGGED IN
*/
if (User::isLoggedIn()) {
$arr_user = User::getUser();
if (ONLY_ADMIN_CAN_SEE_DRAG_DROP_ITEMS) {
if (User::isAdmin() || User::isSuperAdmin()) {
$can_see_dditems = true;
} else {
$can_see_dditems = false;
}
} else {
if (Calendar::isOwner($arr_cal['calendar_id']) || $arr_cal['can_dd_drag'] == 'everyone' || $arr_cal['can_dd_drag'] == 'only_loggedin_users') {
$can_see_dditems = true;
} else {
if ($arr_cal['can_dd_drag'] == 'only_owner' && !Calendar::isOwner($arr_cal['calendar_id'])) {
$can_see_dditems = false;
}
}
}
// if admin with fullcontrol OR calendar owner (creator)
if (ADMIN_HAS_FULL_CONTROL && (User::isAdmin() || User::isSuperAdmin()) || Calendar::isOwner($arr_cal['calendar_id'])) {
$can_view = false;
// not neccesary because admin can edit
$can_add = true;
$can_edit = true;
$can_delete = true;
$can_see_dditems = true;
} else {
if ($arr_cal['share_type'] == 'private_group' && !Calendar::UserInGroup($arr_cal, $arr_user['user_id'])) {
// if share_type is private_group and user is not in that group (admingroup)
$can_add = false;
$can_edit = false;
$can_delete = false;
$can_see_dditems = false;
}
}
} else {
/*
* IF NOT LOGGED IN
*/
if (ONLY_ADMIN_CAN_SEE_DRAG_DROP_ITEMS) {
$can_see_dditems = false;
} else {
if ($arr_cal['can_dd_drag'] == 'everyone') {
$can_see_dditems = true;
} else {
$can_see_dditems = false;
}
}
// if public
if ($arr_cal['share_type'] == 'public') {
// use the defaults from the calendar
}
// if access allowed by IP and IP mathces with IP in config.php
if (ALLOW_ACCESS_BY == 'ip' && User::ipAllowed()) {
// use the defaults from the calendar
}
}
return array('can_view' => $can_view, 'can_add' => $can_add, 'can_edit' => $can_edit, 'can_delete' => $can_delete, 'can_change_color' => $can_change_color, 'can_see_dditems' => $can_see_dditems);
}
