function _allowedFields($fields) { $permission_manager =& AMPSystem_PermissionManager::instance(); //clear non-allowed fields as specified by 'per' element in XML foreach ($fields as $fieldname => $field_def) { if (!isset($field_def['per'])) { continue; } $per_constant = $permission_manager->convertDescriptor($field_def['per']); if (!AMP_Authorized($per_constant)) { unset($fields[$fieldname]); } } //clear non_allowed submit actions as specified by the map $map =& $this->_get_map(); foreach ($this->submit_button[$this->_submit_group]['elements'] as $action => $field_def) { if (!$map) { continue; } if (!$map->isAllowed($action)) { $this->removeSubmit($action); } } return $fields; }
function _after_init() { $this->addTranslation('order', '_makeInput'); $this->addLookup('class', AMPContent_Lookup::instance('classes')); $this->addLookup('section', AMPContent_Lookup::instance('sections')); if (!AMP_Authorized(AMP_PERMISSION_CONTENT_EDIT)) { $this->suppress['editcolumn'] = true; $this->suppress['selectcolumn'] = true; } }
function AMP_init_user() { if (!isset($_SERVER['REMOTE_USER'])) { return false; } $AMP_Permission =& AMPSystem_PermissionManager::instance(); $AMP_CurrentUser = false; $AMP_CurrentUser =& $AMP_Permission->readUser($_SERVER['REMOTE_USER']); if ($AMP_CurrentUser) { if (!defined('AMP_SYSTEM_USER_ID')) { define('AMP_SYSTEM_USER_ID', $AMP_CurrentUser->id); } $content_roots = AMP_lookup('userSiteRoots'); if (isset($content_roots[AMP_SYSTEM_USER_ID])) { if (!defined('AMP_CONTENT_MAP_ROOT_SECTION')) { define('AMP_CONTENT_MAP_ROOT_SECTION', $content_roots[AMP_SYSTEM_USER_ID]); } $sections = AMP_lookup('sections'); if (!defined('AMP_CONTENT_SECTION_NAME_ROOT')) { if (AMP_CONTENT_MAP_ROOT_SECTION != AMP_CONTENT_SECTION_ID_ROOT) { define('AMP_CONTENT_SECTION_NAME_ROOT', $sections[AMP_CONTENT_MAP_ROOT_SECTION]); } else { define('AMP_CONTENT_SECTION_NAME_ROOT', AMP_SITE_NAME); } } } else { define('AMP_CONTENT_MAP_ROOT_SECTION', AMP_CONTENT_SECTION_ID_ROOT); define('AMP_CONTENT_SECTION_NAME_ROOT', AMP_SITE_NAME); } //ACL user def code if (!defined('AMP_SYSTEM_USER_TYPE')) { define('AMP_SYSTEM_USER_TYPE', 'users'); } if (!defined('AMP_SYSTEM_USER_ID_ACL')) { define('AMP_SYSTEM_USER_ID_ACL', 'user_' . $AMP_CurrentUser->id); } if (!AMP_Authorized(AMP_PERMISSION_CONTENT_ACCESS)) { trigger_error('content access not authorized for user ' . $AMP_CurrentUser->getName()); ampredirect(AMP_SITE_URL); } //ENSURE THAT THE current user is allowed to see this page if (!$AMP_Permission->authorizedPage()) { trigger_error('unauthorized page access attempt by ' . $AMP_CurrentUser->getName()); ampredirect($AMP_Permission->userHome()); } } }
unset($url_vars['id']); ampredirect(AMP_url_add_vars(AMP_SYSTEM_URL_FORM_ENTRY, $url_vars)); } } if ($modin) { $form_id_nav = $modin; $form_permissions =& AMPSystem_Lookup::instance('PermissionsbyForm'); $tools = AMP_lookup('ToolsbyForm'); $modin_permission = isset($form_permissions[$modin]) && $form_permissions[$modin] ? $form_permissions[$modin] : false; //$modidselect=$dbcon->GetRow("SELECT id, perid from modules where userdatamodid=" . $modin) or DIE($dbcon->ErrorMsg()); //$modid=$modidselect['id']; $modid = isset($tools[$modin]) && $tools[$modin] ? $tools[$modin] : false; } else { ampredirect("modinput4_list.php"); } $admin = AMP_Authorized(AMP_PERMISSION_FORM_DATA_EDIT) && AMP_Authorized($modin_permission); // Fetch the form instance specified by submitted modin value. $udm = new UserDataInput($dbcon, $modin, $admin); // User ID. $udm->authorized = true; $udm->uid = $uid; // Was data submitted via the web? $sub = isset($_REQUEST['btnUdmSubmit']) ? $_REQUEST['btnUdmSubmit'] : false; // Fetch or save user data. if ($sub) { // Save only if submitted data is present, and the user is // authenticated, or if the submission is anonymous (i.e., !$uid) if ($udm->saveUser()) { ampredirect(AMP_SYSTEM_URL_FORM_DATA . "?modin=" . $udm->instance); } $udm->showForm = true;
*****/ $mod_name='udm'; require_once( 'AMP/System/Base.php' ); require_once('AMP/UserData/Set.inc.php'); if (isset($_REQUEST['modin']) && $_REQUEST['modin']) { $modin=$form_id_nav = $_REQUEST['modin']; } else { ampredirect( AMP_SYSTEM_URL_FORMS ); } $form_permissions = &System_Lookup::instance( 'PermissionsbyForm'); $modin_permission = ( isset( $form_permissions[$modin]) && $form_permissions[$modin]) ? $form_permissions[$modin] : false; $view_permission = (AMP_Authorized(AMP_PERMISSION_FORM_DATA_EDIT) && ( $modin_permission ? AMP_Authorized($modin_permission) : true )); $tool_set = &System_Lookup::instance( 'ToolsbyForm'); $modid = isset( $tool_set[$modin]) ? $tool_set[$modin] : null; $admin=true; $userlist=&new UserDataSet($dbcon, $modin, $admin); $userlist->_register_default_plugins(); $uid= isset( $_REQUEST['uid'] ) ? $_REQUEST['uid'] : false; if ($uid && $modin) { $userlist->uid=$uid; $output= $userlist->output('DisplayHTML');
function checkPermission($item = null) { $per = false; if (isset($item['per'])) { $per = $item['per']; } if (!isset($item)) { $per = $this->permission; } if (!$per) { return true; } return AMP_Authorized($per); }
function allow($action) { if (isset($this->_map)) { return $this->_map->isAllowed($action, $this->_model_id); } if (!isset($this->_model)) { return true; } if (!isset($this->_model->protected_actions[$action])) { return true; } return AMP_Authorized($this->_model->protected_actions[$action]); }
require_once 'AMP/UserData/Set.inc.php'; require_once 'AMP/System/Base.php'; require_once 'utility.functions.inc.php'; $show_template = false; $modin = false; $flash = AMP_System_Flash::instance(); if (isset($_REQUEST['modin']) && $_REQUEST['modin']) { $modin = $_REQUEST['modin']; } else { $flash->add_error(sprintf(AMP_TEXT_ERROR_NO_SELECTION, AMP_TEXT_FORM)); ampredirect(AMP_SYSTEM_URL_FORMS); exit; } $form_permissions =& AMPSystem_Lookup::instance('PermissionsbyForm'); $modin_permission = isset($form_permissions[$modin]) && $form_permissions[$modin] ? $form_permissions[$modin] : false; $view_permission = AMP_Authorized(AMP_PERMISSION_FORM_DATA_EXPORT) && ($modin_permission ? AMP_Authorized($modin_permission) : true); if ($view_permission) { $admin = true; // Fetch the form instance specified by submitted modin value. $userlist = new UserDataSet($dbcon, $_REQUEST['modin'], $admin); /* Output the file */ $userlist->unregisterPlugin('Pager', 'Output'); $search_form = $userlist->getPlugins('SearchForm'); $search = $userlist->getPlugins('Search'); if (!$search_form) { $userlist->registerPlugin('Output', 'SearchForm'); } if (!$search) { $userlist->registerPlugin('AMP', 'Search'); }
function _verifyConditionals($field_def) { if (!isset($this->conditionals)) { return true; } foreach ($this->conditionals as $key => $requirement) { if (!isset($field_def[$key])) { return false; } if ($field_def[$key] != $requirement) { return false; } } if (isset($field_def['per'])) { $this->_loadPermissionManager(); $per = $this->_per_manager->convertDescriptor($field_def['per']); return AMP_Authorized($per); } return true; }
function _allowedItems($set) { if (empty($set)) { return false; } $result_set = array(); foreach ($set as $key => $item) { if (!is_array($item)) { continue; } if (isset($item['per']) && !AMP_Authorized($item['per'])) { continue; } $result_set[$key] = $item; if (isset($item['item'])) { $result_set[$key]['item'] = $this->_allowedItems($item['item']); } } return $result_set; }
<td><A HREF="<?php echo $filename; ?> ?<?php echo $MM_keepNone . ($MM_keepNone != "" ? "&" : "") . "id=" . $new->Fields("id"); ?> ">edit</A></td> </tr> <?php $new->MoveNext(); } ?> </table> <?php } if (AMP_Authorized(AMP_PERMISSION_MESSAGES_ADMIN)) { ?> <h2>Messages that have been received or sent as email</h2> <table width="90%" border="0" cellspacing="2" cellpadding="3" align="center"> <tr class="intitle"> <td>From</td> <td>To</td> <td>Date</td> <td> </td> </tr> <?php while (!$old->EOF) { ?> <tr bgcolor="#CCCCCC"> <td> <?php
<td> </td> </tr><?php $i = 0; while (!$Recordset1->EOF) { $i++; $bgcolor = $i % 2 ? "#D5D5D5" : "#E5E5E5"; ?> <tr bordercolor="#333333" bgcolor="<?php echo $bgcolor; ?> " onMouseover="this.bgColor='#CCFFCC'" onMouseout="this.bgColor='<?php echo $bgcolor; ?> '"> <td><?php if (AMP_Authorized(AMP_PERMISSION_CONTENT_EDIT)) { ?> <input type="checkbox" name="id[]" value="<?php echo $Recordset1->Fields("id"); ?> "><?php } ?> </td> <td><a href="<?php if ($class == 2) { echo "article_fpedit.php"; } else { echo "article_edit.php"; } ?>
* * (c) 2004 Radical Designs * Written by Blaine Cook, blaine@radicaldesigns.org * *****/ $mod_name = 'calendar'; require_once 'AMP/UserData/Input.inc.php'; require_once 'Connections/freedomrising.php'; require_once 'utility.functions.inc.php'; #set_error_handler( 'e' ); if (!defined(AMP_CALENDAR_ENTRY_FORM_DEFAULT)) { define('AMP_CALENDAR_ENTRY_FORM_DEFAULT', 50); } // Fetch the form instance specified by submitted modin value. $modin = isset($_REQUEST['modin']) ? $_REQUEST['modin'] : AMP_CALENDAR_ENTRY_FORM_DEFAULT; $admin = AMP_Authorized(AMP_PERMISSION_FORM_ADMIN); $udm = new UserDataInput($dbcon, $modin, $admin); $modidselect = $dbcon->Execute("SELECT id, perid from modules where userdatamodid=" . $dbcon->qstr($udm->instance)) or die("Couldn't get module information for form: " . $dbcon->ErrorMsg()); $modid = $modidselect->Fields("id"); $modin_permission = $modidselect->Fields("perid"); // User ID. if (isset($_REQUEST['calid']) && $_REQUEST['calid']) { $uidset = $dbcon->Execute("Select uid from calendar where id=" . $_REQUEST['calid']); $uid = $uidset->Fields("uid"); $calid = $_REQUEST['calid']; } else { $uid = isset($_REQUEST['uid']) ? $_REQUEST['uid'] : false; } $udm->authorized = true; $udm->uid = $uid; // Was data submitted via the web?
} if ($modin) { $form_id_nav = $modin; $form_permissions = &System_Lookup::instance( 'PermissionsbyForm'); $tools = AMP_lookup( 'ToolsbyForm'); $modin_permission = ( isset( $form_permissions[$modin]) && $form_permissions[$modin]) ? $form_permissions[$modin] : false; //$modidselect=$dbcon->GetRow("SELECT id, perid from modules where userdatamodid=" . $modin) or DIE($dbcon->ErrorMsg()); //$modid=$modidselect['id']; $modid = ( isset( $tools[$modin]) && $tools[$modin]) ? $tools[$modin] : false; } else { ampredirect("modinput4_list.php"); } $admin = (AMP_Authorized(AMP_PERMISSION_FORM_DATA_EDIT) && AMP_Authorized($modin_permission) ); // Fetch the form instance specified by submitted modin value. $udm = &new UserDataInput( $dbcon, $modin ,$admin ); // User ID. $udm->authorized = true; $udm->uid = $uid; // Was data submitted via the web? $sub = (isset($_REQUEST['btnUdmSubmit'])) ? $_REQUEST['btnUdmSubmit'] : false; // Fetch or save user data. if ( $sub ) { // Save only if submitted data is present, and the user is
</table></div> <table width = "100%"> <tr class="intitle"> <td colspan="2" valign="top"> </td> </tr> <tr> <td colspan="2" valign="top"><input type="submit" name="<?php if (empty($_GET['id']) == TRUE) { echo "MM_insert"; } else { echo "MM_update"; } ?> " value="Save Changes"><?php if (AMP_Authorized(AMP_PERMISSION_CONTENT_DELETE)) { ?> <input name="MM_delete" type="submit" value="Delete Record" onclick="return confirmSubmit('Are you sure you want to DELETE this record?')"> <?php } ?> </td> </tr> </table> <input type="hidden" name="MM_recordId" value="<?php echo $id; ?> ">
function isAllowed($action, $id = false) { if ($this->_gacl_obj && $id) { if (!AMP_allow($action, $this->_gacl_obj, $id)) { return false; } } $allow_var = '_allow_' . $action; if (!isset($this->{$allow_var})) { //if edit is not allowed -- allow nothing $allow_any_action = 'edit'; if ($action != $allow_any_action && $action != 'search') { if (!$this->isAllowed($allow_any_action)) { return false; } } return true; } if (!$this->{$allow_var}) { return false; } if ($this->{$allow_var} === true) { return true; } return AMP_Authorized($this->{$allow_var}); }