function ModuleMenu($head, $module_id, $arr_menu, $arr_images = "") { $ui = $GLOBALS['ui']; $wb = $GLOBALS['wb']; $c = "<table class='plain'>\n"; $c .= "<tr>\n"; $c .= "<td colspan='2' class='bold'>" . $head . "</td>\n"; $c .= "</tr>\n"; /* LOOP ALL THE ITEMS IN THE MENU ARRAY */ for ($i = 0; $i < count($arr_menu); $i++) { /* CHECK THE ACL FOR THIS MODULE */ //echo $GLOBALS['wui']->RoleID()."<br>"; //echo $module."<br>"; //echo $arr_menu[$i]."<br>"; if (CheckAccess($GLOBALS['wui']->RoleID(), $module_id, $arr_menu[$i])) { $friendly = InitCap($arr_menu[$i]); if (defined('_VALID_MVH_MOBILE_')) { $c .= "<tr><td colspan='2'>+<a href='index.php?module=" . EscapeData($_GET['module']) . "&task=" . $arr_menu[$i] . "'>" . $friendly . "</a></td></tr>"; } else { $c .= "<tr>\n"; $c .= "<td width='16'><img src='" . $wb . "images/" . $arr_images[$i] . "'></td>\n"; $c .= "<td><a href='index.php?module=" . EscapeData($_GET['module']) . "&task=" . $arr_menu[$i] . "'>" . $friendly . "</a></td>\n"; $c .= "</tr>\n"; } } } $c .= "</table>\n"; return $c; }
function ModuleMenuDynamic($module_id, $module_name, $items) { $ui = $GLOBALS['ui']; $dr = $GLOBALS['dr']; $wb = $GLOBALS['wb']; $module_id = $GLOBALS['module_id']; $c = "<table class='plain' width='150'>\n"; $c .= "<tr>\n"; $c .= "<td colspan='3' class='bold'>" . InitCap($module_name) . " Menu</td>\n"; $c .= "</tr>\n"; /* LOOP ALL THE ITEMS IN THE MENU ARRAY */ for ($i = 0; $i < count($items); $i++) { /* CHECK THE ACL FOR THIS MODULE */ //echo $GLOBALS['wui']->RoleID()."<br>"; //echo $module."<br>"; //echo $arr_menu[$i]."<br>"; $task_img_desc = STRTOLOWER($items[$i]); $task_img_desc = STR_REPLACE(" ", "_", $task_img_desc); //echo $task_img_desc."<br>"; if (CheckAccess($GLOBALS['wui']->RoleID(), $module_id, $task_img_desc)) { $friendly = InitCap($items[$i]); if (defined('_VALID_MVH_MOBILE_')) { $c .= "<tr><td colspan='2'>+<a href='index.php?module=" . $module_name . "&task=" . $task_img_desc . "'>" . $friendly . "</a></td></tr>"; } else { $icon_file = $dr . "modules/" . $module_name . "/images/default/" . $task_img_desc . ".png"; $icon_http = "modules/" . $module_name . "/images/default/" . $task_img_desc . ".png"; //echo $icon."<br>"; if (file_exists($icon_file)) { $icon_file = $icon_http; } else { $icon_file = $wb . "images/nuvola/16x16/actions/view_remove.png"; } if ($_GET['task'] == $task_img_desc) { $arrow = "<img src='images/nuvola/16x16/actions/player_play.png'>"; $bgcolor = "#dedede"; } else { $arrow = ""; $bgcolor = "#ffffff"; } $c .= "<tr>\n"; $c .= "<td width='16'>" . $arrow . "</td>\n"; $c .= "<td width='16'><img src='" . $icon_file . "'></td>\n"; $c .= "<td bgcolor='" . $bgcolor . "' width='134'><a href='index.php?module=" . $module_name . "&task=" . $task_img_desc . "'>" . $friendly . "</a></td>\n"; $c .= "</tr>\n"; } } } $c .= "</table>\n"; return $c; }
function showMainMenu($option, $loggedincount) { global $mainframe; jimport('joomla.utilities.date'); $date = new JDate('now'); $tzoffset = $mainframe->getCfg('offset'); $date->setOffset($tzoffset); $timeStr = $date->toFormat("%l:%M %P"); $dateStr = $date->toFormat("%A, %B %e, %G"); //$tzEST = new DateTimeZone('America/New_York'); //$date = new DateTime("now", $tzEST); //$date = new DateTime("now"); //$timeStr = $date->format("g:i a"); //$dateStr = $date->format("l, F jS Y"); $ipset = CheckAccess(); echo '<h1>Ohio City Bicycle Co-op Member Database</h1>'; echo "<h2>There are currently {$loggedincount} members clocked in at {$timeStr} on {$dateStr}.</h2>\n"; // echo '<h2>Access '.($ipset ? '<font color="green">is enabled</font>' : '<font color="red">is NOT enabled</font>'). ' from your location.'; echo '<form action="index.php" method="post" name="adminForm">'; echo '<input type="hidden" name="option" value="' . $option . '">'; echo '<input type="hidden" name="task" value="" />'; echo '<input type="hidden" name="boxchecked" value="0" />'; echo '</form>'; }
include 'functions.php'; $powerRequired = 100; // //$sql = "Select // access_power // From // Access // Where // access_page = 'edit_members'"; // //$result = $mysqli->query($sql); // //$RankResult = mysqli_fetch_array($result, MYSQL_ASSOC); // //$powerRequired = $RankResult['access_power']; $powerRequired = CheckAccess('edit_members'); if (isset($_SESSION["userName"]) && $_SESSION["userName"] != "") { $theName = $_SESSION["userName"]; if (isset($_SESSION["power"])) { if ($_SESSION["power"] >= $powerRequired) { AccessGranted($theName); } else { AccessDenied(); } } else { AccessDenied(); //There should be a switch code for how this page failed } } else { AccessDenied(); }
<?php include 'connection.php'; include 'functions.php'; // $powerRequired = 100; // // $sql = "Select // access_power // From // Access // Where // access_page = 'edit_ranks'"; // // $result = $mysqli->query($sql); // // $AccessReq = mysqli_fetch_array($result, MYSQL_ASSOC); $powerRequired = CheckAccess('edit_ranks'); if (isset($_SESSION["userName"]) && $_SESSION["userName"] != "") { $theName = $_SESSION["userName"]; if (isset($_SESSION["power"])) { if ($_SESSION["power"] >= $powerRequired) { AccessGranted($theName); } else { AccessDenied(); } } else { AccessDenied(); } } function AccessGranted($adminName) { global $conn;
<br/> <br/> <br/> <br/> <form action="processAccess.php" method="post"> <fieldset> <legend>Access</legend> <?php include 'connection.php'; include 'functions.php'; $powerRequired = 100; $powerRequired = CheckAccess('edit_access'); if (isset($_SESSION["userName"]) && $_SESSION["userName"] != "") { $theName = $_SESSION["userName"]; if (isset($_SESSION["power"])) { if ($_SESSION["power"] >= $powerRequired) { AccessGranted($theName); } else { AccessDenied(); } } else { AccessDenied(); } } function AccessGranted($adminName) { global $mysqli;
function BrowseModuleTaskACL($module) { $db = $GLOBALS['db']; $module_id = $GLOBALS['module_id']; /* SETUP THE INITIAL MODULE DIRECTORY */ $dir = $GLOBALS['dr'] . "modules/" . $module . "/modules/"; /* CHECK THAT THE MODULE EXISTS */ if (!file_exists($dir)) { return "No such directory"; } /* LOOP THE PHP FILES IN EACH MODULE */ $dir_arr[] = ""; if ($handle = opendir($dir)) { while (false !== ($file = readdir($handle))) { if ($file != "." && $file != ".." && substr($file, -4) == ".php") { $dir_arr[] = substr($file, 0, -4); } } closedir($handle); } /* SORT THE ARRAY INTO ALPHABETICAL ORDER */ sort($dir_arr, SORT_REGULAR); /**** THIS IS THE SUBMIT FORM PART WHICH WE PUT IN HERE BECAUSE THIS PAGE IS LOADED FROM MANY LOCATIONS ****/ if (isset($_POST['submit_form'])) { for ($i = 1; $i < count($dir_arr); $i++) { /* GRAB ALL THE ROLES SINCE WE DO NOT SIMPLY UPDATE WHATEVER CAME FROM THE FORM */ $sql = "SELECT crm.role_id,crm.role_name\n\t\t\t\t\t\tFROM " . $GLOBALS['database_prefix'] . "core_workspace_role_master crm\n\t\t\t\t\t\tWHERE crm.workspace_id = " . $GLOBALS['ui']->WorkspaceID() . "\n\t\t\t\t\t\tORDER BY crm.role_name\n\t\t\t\t\t\t"; //echo $sql."<br>"; $result = $db->Query($sql); if ($db->NumRows($result) > 0) { while ($row = $db->FetchArray($result)) { $post_var = $dir_arr[$i] . "_" . $row['role_id']; if (isset($_POST[$post_var]) && $_POST[$post_var] == "y") { $access = "y"; } else { $access = "n"; } /* SINCE NEW TASKS AND ROLES CAN BE ADDED WE MAKE SURE THE RECORD EXISTS */ CheckCreateACLTaskExists($row['role_id'], $module_id, $dir_arr[$i]); $sql = "UPDATE " . $GLOBALS['database_prefix'] . "core_space_task_acl\n\t\t\t\t\t\t\t\tSET access = '" . $access . "'\n\t\t\t\t\t\t\t\tWHERE role_id = " . $row['role_id'] . "\n\t\t\t\t\t\t\t\tAND module_id = '" . $module_id . "'\n\t\t\t\t\t\t\t\tAND task = '" . $dir_arr[$i] . "'\n\t\t\t\t\t\t\t\tAND workspace_id = " . $GLOBALS['workspace_id'] . "\n\t\t\t\t\t\t\t\tAND teamspace_id " . $GLOBALS['teamspace_sql'] . "\n\t\t\t\t\t\t\t\t"; //echo $sql."<br>"; $success = $db->Query($sql); } } } } /**** END FORM SUBMITTING ****/ /* DISPLAY EACH */ $c = "<table class='plain' border='0'>\n"; $c .= "<form method='post' name='acl' action='index.php?module=" . $module . "&task=acl'>\n"; for ($i = 1; $i < count($dir_arr); $i++) { $c .= "<tr class='alternatecell2'>\n"; $c .= "<td colspan='3'>" . STRTOUPPER($dir_arr[$i]) . "</td>\n"; $c .= "</tr>\n"; /* DISPLAY ALL THE ROLES*/ $sql = "SELECT crm.role_id,crm.role_name\n\t\t\t\t\t\tFROM " . $GLOBALS['database_prefix'] . "core_workspace_role_master crm\n\t\t\t\t\t\tWHERE crm.workspace_id = " . $GLOBALS['ui']->WorkspaceID() . "\n\t\t\t\t\t\tORDER BY crm.role_name\n\t\t\t\t\t\t"; //echo $sql."<br>"; $result = $db->Query($sql); if ($db->NumRows($result) > 0) { while ($row = $db->FetchArray($result)) { if (CheckAccess($row['role_id'], $module_id, $dir_arr[$i])) { $selected = "checked"; } else { $selected = ""; } $c .= "<tr>\n"; $c .= "<td><li></td>\n"; $c .= "<td>" . $row['role_name'] . "</td>\n"; $c .= "<td><input type='checkbox' value='y' name='" . $dir_arr[$i] . "_" . $row['role_id'] . "' {$selected}>\n"; $c .= "</tr>\n"; } } /* END */ } $c .= "<tr class='alternatecell2'>\n"; $c .= "<td colspan='3'><input type='submit' name='submit_form' value='Save' class='buttonstyle'></td>\n"; $c .= "</tr>\n"; $c .= "</form>\n"; $c .= "</table>\n"; return $c; }
function createMobileFiles() { function CheckAccess() { global $sugar_config; if (is_windows()) { return true; } else { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $sugar_config['site_url'] . "/custom/QuickCRM/rest.php"); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_NOBODY, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1"); $res = curl_exec($ch); $err = curl_errno($ch); if (!$err) { $info = curl_getinfo($ch); $info = $info['http_code']; $err = $info == '403' || $info == '500'; } curl_close($ch); return !$err; } } $mobile = new mobile_jsLanguage(); $mobile->createAllFiles(); return CheckAccess(); }
session_start(); include 'header.html'; ?> <!-- InstanceBeginEditable name="content" --> <div id="content_area" align="left"> <br/> <br/> <br/> <br/> <?php include 'connection.php'; include 'functions.php'; $powerRequired = 100; $powerRequired = CheckAccess('edit_op'); if (isset($_SESSION["power"]) && isset($_SESSION["userName"])) { if ($_SESSION["power"] >= $powerRequired) { AccessGranted(); } elseif ($_SESSION["power"] < $powerRequired) { AccessDenied(1); } } else { AccessDenied(0); } function AccessGranted() { //Login Check if (isset($_SESSION["userName"])) { $selectedOp = 0; $OPArray = null;
<div id="content_area" align="left"> <br/> <br/> <br/> <br/> <form action="processItems.php" method="post"> <fieldset> <legend>Items</legend> <?php include 'connection.php'; include 'functions.php'; $powerRequired = 100; $powerRequired = CheckAccess('edit_items'); if (isset($_SESSION["power"])) { if ($_SESSION["power"] >= $powerRequired) { AccessGranted(); } elseif ($_SESSION["power"] < $powerRequired) { AccessDenied(); } } else { AccessDenied(); } function AccessGranted() { global $mysqli; $sql = "SELECT\n item_id,\n item_name,\n item_type,\n item_iskValue,\n item_order\n FROM Items"; $result = $mysqli->query($sql); while ($row = $result->fetch_array(MYSQLI_BOTH)) {
<?php require "../db_conn.php"; require "access.php"; CheckAccess(); $id = $db->escape_string($_GET['id']); $query = "SELECT * FROM pagecontent WHERE id={$id}"; $result = $db->query($query); $result = $result->fetch_assoc(); $oldtemplate = $result['template']; $oldsub = $result['pagecontent_id']; $oldpagecontent = $result['pagecontent_id']; $query1 = "SELECT * FROM pagecontent WHERE id={$oldpagecontent}"; $result1 = $db->query($query1); $olddata = $result1->fetch_assoc(); $oldmenuoption = $olddata['menuoption']; if ($_SERVER["REQUEST_METHOD"] == "POST") { $stmt = $db->prepare("UPDATE pagecontent SET page=?, menuoption=?, menuorder=?, pagecontent_id=?, content=?, template=? WHERE id=?"); $stmt->bind_param("ssisssi", $page, $menu, $order, $subid, $content, $template, $id); $page = isset($_POST['page']) ? strip_tags($_POST['page']) : null; $menu = isset($_POST['menu']) ? strip_tags($_POST['menu']) : null; $order = isset($_POST['order']) ? strip_tags($_POST['order']) : null; $content = isset($_POST['content']) ? $_POST['content'] : null; $template = isset($_POST['template']) ? $_POST['template'] : $oldtemplate; $subid = isset($_POST['sub']) ? $_POST['sub'] : $oldsub; var_dump($_POST); $stmt->execute(); header("location: index.php"); } function getPagesForSub($oldmenuoption, $oldpagecontent) {
session_start(); include 'header.html'; ?> <!-- InstanceBeginEditable name="content" --> <div id="content_area" align="left"> <br/> <br/> <br/> <br/> <?php include 'connection.php'; include 'functions.php'; $powerRequired = 100; $powerRequired = CheckAccess('reset_password'); if (isset($_SESSION["power"]) && isset($_SESSION["userName"])) { if ($_SESSION["power"] >= $powerRequired) { AccessGranted(); } elseif ($_SESSION["power"] < $powerRequired) { AccessDenied(1); } } else { AccessDenied(0); } function AccessGranted() { global $conn; $userArray[0] = ""; $userIdArray[0] = 0; $userCount = 0;
include 'header.html'; ?> <!-- InstanceBeginEditable name="content" --> <div id="content_area" align="left"> <br/> <br/> <br/> <br/> <?php //This could be a good place to add in allowing people to ONLY process ops $powerRequired = 100; include 'connection.php'; include 'functions.php'; $powerRequired = CheckAccess('item_category'); if (isset($_SESSION["power"]) && isset($_SESSION["userName"])) { if ($_SESSION["power"] >= $powerRequired) { AccessGranted(); } elseif ($_SESSION["power"] < $powerRequired) { AccessDenied(1); } } else { AccessDenied(0); } function AccessGranted() { global $mysqli; echo "<form action = 'processItemCategories.php' method = 'post'>"; echo "<fieldset>"; echo "<legend>Item Categories</legend>";
<!-- InstanceBeginEditable name="content" --> <div id="content_area" align="left"> <br/> <br/> <br/> <br/> <form action="TDSInTransfer.php" method="post"> <fieldset> <legend>Transfer Type</legend> <?php $powerRequired = 100; $powerRequired = CheckAccess('transfer'); if (isset($_SESSION["power"])) { if ($_SESSION["power"] >= $powerRequired) { AccessGranted(); } elseif ($_SESSION["power"] < $powerRequired) { AccessDenied(1); } } else { AccessDenied(0); } function AccessGranted() { include 'connection.php'; $typeCount = 1; $typeName[0] = ""; $selectedType = 0;
<DIV ID="right"> <IMG SRC="./images/right.png" WIDTH=296 HEIGHT=39 ALT=""> </DIV> <!-- InstanceBeginEditable name="content" --> <div id="content_area" align="left"> <br/> <br/> <br/> <br/> <?php //This could be a good place to add in allowing people to ONLY process ops include 'connection.php'; include 'functions.php'; $powerRequired = 100; $powerRequired = CheckAccess('admin_tools'); if (isset($_SESSION["power"]) && isset($_SESSION["userName"])) { if ($_SESSION["power"] >= $powerRequired) { AccessGranted(); } elseif ($_SESSION["power"] < $powerRequired) { AccessDenied(1); } } else { AccessDenied(0); } function AccessGranted() { //All of the Sumbit buttons need to be replaced with correct links to pages like the other ones are echo "<form action = ' '>"; echo "<fieldset>"; echo "<legend>Admin Tools</legend>";