public function testIsSuperAdmin() { //normal operation $admin = factory(\User::class, 'admin')->create(); $this->assertEquals(true, User::isSuperAdmin($admin)); //user not admin $user = factory(\User::class, 'user')->create(); $this->assertEquals(User::isSuperAdmin($user), false); //admin not activated $nonActivated = factory(\User::class, 'admin')->create(['activated' => false]); $this->assertEquals(User::isSuperAdmin($nonActivated), false); }
public static function adminRegister($frm_submitted, $bln_activate = false) { global $obj_db; $bln_insert = false; if (User::isSuperAdmin()) { $usertype = 'admin'; $admin_group = $_SESSION['calendar-uid']['uid']; $bln_insert = true; } else { if (User::isAdmin()) { $usertype = 'user'; $admin_group = $_SESSION['calendar-uid']['uid']; $bln_insert = true; } } if ($bln_insert) { $str_query = 'INSERT INTO users ( `firstname` ,`infix` ,`lastname` ,`username`,`password` ,`email` ,`registration_date` ,' . '`birth_date`, `active`, `ip`, `country`, `country_code`, `usertype`, `admin_group`) VALUES (' . '"' . $frm_submitted['firstname'] . '",' . '"' . $frm_submitted['infix'] . '",' . '"' . $frm_submitted['lastname'] . '",' . '"' . $frm_submitted['username'] . '",' . '"' . self::getPasswordHashcode($frm_submitted['password']) . '",' . '"' . $frm_submitted['email'] . '",' . 'NOW(),' . '"",' . '1,' . '"' . $_SERVER['REMOTE_ADDR'] . '",' . '"",' . '"",' . '"' . $usertype . '",' . $admin_group . ')'; $res = mysqli_query($obj_db, $str_query); return $res; } return false; }
function undeleteCalendar() { global $error; global $obj_smarty; $arr_submit = array(array('cid', 'int', true, '')); $frm_submitted = validate_var($arr_submit); if (User::isUser() || User::isAdmin() || User::isSuperAdmin()) { $arr_user = User::getUser(); $bln_success = Calendar::undeleteCalendar($frm_submitted['cid']); if ($bln_success) { $obj_smarty->assign('msg', 'Calendar is back again'); } $language = Settings::getSetting('language', $arr_user['user_id']); $obj_smarty->assign('language', $language); $arr_calendars = Calendar::getCalendarsOfUser($arr_user['user_id']); $obj_smarty->assign('calendars', $arr_calendars); $obj_smarty->assign('active', 'calendars'); } else { $obj_smarty->assign('error', 'NO rights to undelete this calendar'); } $obj_smarty->display(FULLCAL_DIR . '/view/user_panel.tpl'); exit; }
<?php /* * Created on 14-sep-2014 * * To change the template for this generated file go to * Window - Preferences - PHPeclipse - PHP - Code Templates */ require_once '../../include/default.inc.php'; if (User::isLoggedIn()) { header("Cache-Control: no-cache, must-revalidate"); $arr_user = User::getUser(); $bln_user = User::isUser(); $bln_admin = User::isAdmin(); $bln_superadmin = User::isSuperAdmin(); if ($bln_superadmin) { $obj_smarty->assign('active', 'admin'); $obj_smarty->display(FULLCAL_DIR . '/view/admin_panel.tpl'); exit; } $obj_smarty->assign('name', $arr_user['firstname'] . ' ' . (!empty($arr_user['infix']) ? $arr_user['infix'] : '') . $arr_user['lastname']); $obj_smarty->assign('user', $_SESSION['calendar-uid']['username']); $obj_smarty->assign('user_id', $_SESSION['calendar-uid']['uid']); $obj_smarty->assign('is_user', $bln_user); $obj_smarty->assign('is_admin', $bln_admin); $obj_smarty->assign('is_super_admin', $bln_superadmin); $language = Settings::getLanguage($arr_user['user_id']); $obj_smarty->assign('language', $language); $obj_smarty->assign('current_languages', $current_languages); // global var if (User::isAdmin()) {
public static function deleteEvent($frm_submitted) { global $obj_db; if (isset($frm_submitted['delete_all']) && $frm_submitted['delete_all'] === true && isset($frm_submitted['rep_event_id']) && $frm_submitted['rep_event_id'] > 0) { // part of repeat , delete all items $str_query = 'DELETE FROM events WHERE repeating_event_id = ' . $frm_submitted['rep_event_id'] . ' AND user_id = ' . $_SESSION['calendar-uid']['uid']; $obj_result = mysqli_query($obj_db, $str_query); if ($obj_result !== false) { // delete row from repeating_events $str_query = 'DELETE FROM repeating_events WHERE rep_event_id = ' . $frm_submitted['rep_event_id']; $obj_result = mysqli_query($obj_db, $str_query); if ($obj_result !== false) { return true; } } } else { if ($frm_submitted['rep_event_id'] > 0) { // part of repeat , delete only this one $str_query = 'DELETE FROM events WHERE event_id = ' . $frm_submitted['event_id'] . ' AND user_id = ' . $_SESSION['calendar-uid']['uid']; $obj_result = mysqli_query($obj_db, $str_query); // the pattern is broken, put bln_broken in db, // so that we know it that we have to show the repair pattern button $str_update_query = 'UPDATE repeating_events SET bln_broken = 1 WHERE rep_event_id = ' . $frm_submitted['rep_event_id']; $res = mysqli_query($obj_db, $str_update_query); if ($obj_result !== false) { // check if there is only one item left in this repeat, // if yes then delete row in repeating_events table and set repeating_event_id to 0 in events table if (self::OneHasLeftOfThisRepeat($frm_submitted['rep_event_id'])) { $str_query = 'DELETE FROM repeating_events WHERE rep_event_id = ' . $frm_submitted['rep_event_id']; $obj_result = mysqli_query($obj_db, $str_query); if ($obj_result !== false) { // update row //$str_update_query = 'UPDATE events SET repeating_event_id = 0 WHERE event_id = '.$frm_submitted['event_id']; $str_update_query = 'UPDATE events SET repeating_event_id = 0 WHERE repeating_event_id = ' . $frm_submitted['rep_event_id']; $obj_result = mysqli_query($obj_db, $str_query); if ($obj_result !== false) { return true; } } else { echo 'Error while trying to delete the row in repeating_events table'; } } return true; } else { echo 'Error while trying to delete the event'; } } else { /* * normal event */ $str_query = 'DELETE FROM events WHERE event_id = ' . $frm_submitted['event_id']; $bln_admin_and_full_control = ADMIN_HAS_FULL_CONTROL && (User::isAdmin() || User::isSuperAdmin()); if (User::isOwner() || $bln_admin_and_full_control) { // dont need to search on user_id } else { $str_query .= ' AND user_id = ' . $_SESSION['calendar-uid']['uid']; } $obj_result = mysqli_query($obj_db, $str_query); if ($obj_result !== false) { return true; } } } return false; }
function adminRegister() { if (User::isLoggedIn() && (User::isAdmin() || User::isSuperAdmin())) { global $error; $use_captcha = true; global $obj_smarty; $bln_success = false; $arr_submit = array(array('lastname', 'textonly', true, ''), array('password', 'string', true, ''), array('username', 'string', true, ''), array('email', 'string', true, '')); $frm_submitted = validate_var($arr_submit); if (!$error) { global $obj_db; $arr_user = null; // check if username does not exist $str_query = 'SELECT * FROM `users` ' . ' WHERE `username` = "' . $frm_submitted['username'] . '"'; $res1 = mysqli_query($obj_db, $str_query); if ($res1 !== false) { $arr_user = mysqli_fetch_array($res1, MYSQLI_ASSOC); } if (!is_null($arr_user) && !empty($res1)) { echo 'Username already exists'; } else { // check mailaddress $str_query = 'SELECT * FROM `users` ' . ' WHERE `email` = "' . $frm_submitted['email'] . '"'; $res2 = mysqli_query($obj_db, $str_query); if ($res2 !== false) { $arr_user2 = mysqli_fetch_array($res2, MYSQLI_ASSOC); } if (!is_null($arr_user2) && !empty($res2)) { echo 'Email already exists'; } else { $bln_success = User::adminRegister($frm_submitted, true); } if ($bln_success === false) { echo 'Admin must be logged in'; } } } else { echo $error; } if ($bln_success) { echo 'User inserted successfully'; } } else { echo 'No admin is logged in or you have no rights to do this'; } }
function getDeletedCalendars() { global $obj_smarty; if (User::isLoggedIn()) { $arr_user = User::getUser(); if (User::isSuperAdmin()) { $arr_calendars = Calendar::getCalendars(true, true); $obj_smarty->assign('calendars', $arr_calendars); } else { if (User::isAdmin()) { $arr_calendars = Calendar::getCalendarsOfAdmin($arr_user['user_id'], true); $obj_smarty->assign('calendars', $arr_calendars); } } } $obj_smarty->assign('active', 'calendars'); $obj_smarty->display(FULLCAL_DIR . '/view/admin_panel.tpl'); exit; }
public static function getLists($frm_submitted) { global $obj_db; $default_period = -1; $workday_hours = -1; $calendar_id = $frm_submitted['cid']; if (User::isLoggedIn()) { $arr_user = User::getUser(); $default_period = Settings::getSetting('hourcalculation_default_period', $arr_user['user_id']); $workday_hours = Settings::getSetting('hourcalculation_workday_hours', $arr_user['user_id']); if (!is_numeric($default_period) || $default_period < 0 || $default_period > 100) { $default_period = 6; } if ($workday_hours < 0 || $workday_hours > 24) { $workday_hours = 8; } } $arr_users = array(); $arr_list = array(); if ($workday_hours < 0) { if (!defined('HOURCALCULATION_WORKDAY_HOURS') || HOURCALCULATION_WORKDAY_HOURS < 0 || HOURCALCULATION_WORKDAY_HOURS > 24) { define('HOURCALCULATION_WORKDAY_HOURS', 8); } $workday_hours = HOURCALCULATION_WORKDAY_HOURS; if ($workday_hours < 0 || $workday_hours > 24) { $workday_hours = 8; } } if ($default_period < 0) { if (!defined('HOURCALCULATION_DEFAULT_PERIOD')) { define('HOURCALCULATION_DEFAULT_PERIOD', 6); } $default_period = HOURCALCULATION_DEFAULT_PERIOD; if (!is_numeric($default_period) || $default_period < 0 || $default_period > 100) { $default_period = 6; } } $period_startdate = date('Y-m-d', strtotime('-' . $default_period . ' MONTHS')); $period_enddate = date('Y-m-d'); if (!empty($frm_submitted['st'])) { $arr_startdate = explode('/', $frm_submitted['st']); $arr_enddate = explode('/', $frm_submitted['end']); if (substr(DATEPICKER_DATEFORMAT, 0, 2) == 'mm') { $period_startdate = $arr_startdate[2] . '-' . $arr_startdate[0] . '-' . $arr_startdate[1]; $period_enddate = $arr_enddate[2] . '-' . $arr_enddate[0] . '-' . $arr_enddate[1]; } else { $period_startdate = $arr_startdate[2] . '-' . $arr_startdate[1] . '-' . $arr_startdate[0]; $period_enddate = $arr_enddate[2] . '-' . $arr_enddate[1] . '-' . $arr_enddate[0]; } } $str_query = ''; if (User::isSuperAdmin()) { $str_query = 'SELECT user_id, active, concat_ws(" ",firstname,infix,lastname) as fullname FROM users WHERE `usertype` = "user" '; } else { if (User::isAdmin()) { $str_query = 'SELECT user_id, active, concat_ws(" ",firstname,infix,lastname) as fullname FROM users WHERE `usertype` = "user" AND `admin_group` = ' . $arr_user['user_id']; } } if (!empty($str_query)) { $obj_result = mysqli_query($obj_db, $str_query); if ($obj_result !== false) { while ($arr_line = mysqli_fetch_array($obj_result, MYSQLI_ASSOC)) { $arr_users[] = $arr_line; } } foreach ($arr_users as &$user) { $cnt_days = 0; $cnt_hours = 0; // find how many days $str_query = 'SELECT * FROM events WHERE user_id = ' . $user['user_id'] . ' AND date_start >= "' . $period_startdate . '" AND date_end <= "' . $period_enddate . '"'; if ($calendar_id == 'all') { } else { if ($calendar_id > 0) { $str_query .= ' AND `calendar_id` = ' . $calendar_id; } } $obj_result = mysqli_query($obj_db, $str_query); if ($obj_result->num_rows > 0) { if ($obj_result !== false) { while ($arr_line = mysqli_fetch_array($obj_result, MYSQLI_ASSOC)) { if ($arr_line['date_start'] == $arr_line['date_end']) { // oneday event if ($arr_line['allDay']) { $cnt_hours += $workday_hours; } else { $cnt_hours += (strtotime($arr_line['date_end'] . ' ' . $arr_line['time_end']) - strtotime($arr_line['date_start'] . ' ' . $arr_line['time_start'])) / 3600; } $cnt_days++; } else { // moredays event $days_in_between = Utils::getDaysBetween($arr_line['date_start'], $arr_line['date_end']); foreach ($days_in_between as $event_date) { if ($arr_line['allDay']) { $cnt_hours += $workday_hours; } else { // ignore the nights $cnt_hours += (strtotime($event_date . ' ' . $arr_line['time_end']) - strtotime($event_date . ' ' . $arr_line['time_start'])) / 3600; // else //$cnt_hours += (strtotime($arr_line['date_end'].' '.$arr_line['time_end']) - strtotime($arr_line['date_start'].' '.$arr_line['time_start'])) / 3600; } $cnt_days++; } } } $user['days'] = $cnt_days; $user['hours'] = round($cnt_hours, 2); } //return $arr_users; } } } $arr_startdate_tmp = explode('-', $period_startdate); $arr_enddate_tmp = explode('-', $period_enddate); if (substr(DATEPICKER_DATEFORMAT, 0, 2) == 'mm') { $arr_startdate_in_correct_format = $arr_startdate_tmp[1] . '/' . $arr_startdate_tmp[2] . '/' . $arr_startdate_tmp[0]; $arr_enddate_in_correct_format = $arr_enddate_tmp[1] . '/' . $arr_enddate_tmp[2] . '/' . $arr_enddate_tmp[0]; } else { $arr_startdate_in_correct_format = $arr_startdate_tmp[2] . '/' . $arr_startdate_tmp[1] . '/' . $arr_startdate_tmp[0]; $arr_enddate_in_correct_format = $arr_enddate_tmp[2] . '/' . $arr_enddate_tmp[1] . '/' . $arr_enddate_tmp[0]; } return array('users' => $arr_users, 'startdate' => $arr_startdate_in_correct_format, 'enddate' => $arr_enddate_in_correct_format); //return array(); }
function undeleteUser() { global $error; global $obj_smarty; $arr_submit = array(array('uid', 'int', true, '')); $frm_submitted = validate_var($arr_submit); $bln_admin = User::isAdmin(); $bln_superadmin = User::isSuperAdmin(); if ($bln_superadmin) { if (User::isAdmin($frm_submitted['uid'])) { $bln_success = User::undeleteAdmin($frm_submitted['uid']); if ($bln_success) { $obj_smarty->assign('msg', 'Admin is back again'); } $arr_users = User::getAdmins(true, true); // admins of this superadmin $obj_smarty->assign('users', $arr_users); } else { $obj_smarty->assign('error', 'NO rights to undelete this user'); } } else { if ($bln_admin) { if (User::isAdminUser($frm_submitted['uid'])) { $bln_success = User::undeleteUser($frm_submitted['uid']); if ($bln_success) { $obj_smarty->assign('msg', 'User is back again'); } //$arr_users = getUsers(); $arr_users = User::getAdminUsers(true, true); // users of this admin $obj_smarty->assign('users', $arr_users); } else { $obj_smarty->assign('error', 'NO rights to undelete this user'); } } } $obj_smarty->assign('active', 'users'); $obj_smarty->display(FULLCAL_DIR . '/view/admin_panel.tpl'); exit; }
/** * * @param type $int_cal_id * @return type */ public static function getPermissions($int_cal_id) { $arr_cal = Calendar::getCalendar($int_cal_id); $can_view = (bool) $arr_cal['can_view']; // can view detail $can_add = (bool) $arr_cal['can_add']; $can_edit = (bool) $arr_cal['can_edit']; $can_delete = (bool) $arr_cal['can_delete']; $can_change_color = (bool) $arr_cal['can_change_color']; $can_see_dditems = $can_add && !ONLY_ADMIN_CAN_SEE_DRAG_DROP_ITEMS; // only_owner , only_loggedin_users of everyone /* * IF LOGGED IN */ if (User::isLoggedIn()) { $arr_user = User::getUser(); if (ONLY_ADMIN_CAN_SEE_DRAG_DROP_ITEMS) { if (User::isAdmin() || User::isSuperAdmin()) { $can_see_dditems = true; } else { $can_see_dditems = false; } } else { if (Calendar::isOwner($arr_cal['calendar_id']) || $arr_cal['can_dd_drag'] == 'everyone' || $arr_cal['can_dd_drag'] == 'only_loggedin_users') { $can_see_dditems = true; } else { if ($arr_cal['can_dd_drag'] == 'only_owner' && !Calendar::isOwner($arr_cal['calendar_id'])) { $can_see_dditems = false; } } } // if admin with fullcontrol OR calendar owner (creator) if (ADMIN_HAS_FULL_CONTROL && (User::isAdmin() || User::isSuperAdmin()) || Calendar::isOwner($arr_cal['calendar_id'])) { $can_view = false; // not neccesary because admin can edit $can_add = true; $can_edit = true; $can_delete = true; $can_see_dditems = true; } else { if ($arr_cal['share_type'] == 'private_group' && !Calendar::UserInGroup($arr_cal, $arr_user['user_id'])) { // if share_type is private_group and user is not in that group (admingroup) $can_add = false; $can_edit = false; $can_delete = false; $can_see_dditems = false; } } } else { /* * IF NOT LOGGED IN */ if (ONLY_ADMIN_CAN_SEE_DRAG_DROP_ITEMS) { $can_see_dditems = false; } else { if ($arr_cal['can_dd_drag'] == 'everyone') { $can_see_dditems = true; } else { $can_see_dditems = false; } } // if public if ($arr_cal['share_type'] == 'public') { // use the defaults from the calendar } // if access allowed by IP and IP mathces with IP in config.php if (ALLOW_ACCESS_BY == 'ip' && User::ipAllowed()) { // use the defaults from the calendar } } return array('can_view' => $can_view, 'can_add' => $can_add, 'can_edit' => $can_edit, 'can_delete' => $can_delete, 'can_change_color' => $can_change_color, 'can_see_dditems' => $can_see_dditems); }