* (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ // $Id: editEvent.php,v 1.4 2005/10/30 22:37:19 atrommer Exp $ checkUser($_SESSION['USERTYPE'], 2); if (!$_REQUEST['event']) { // throw an error, we need an event to edit accessDenied("Please select an event to edit first!"); } $oEvent = getEventDetails($_REQUEST['event']); doHeader("Editing Event"); ?> <form name="frmAddEvent" action="editSchedDetails.php" method="post"> <input type="hidden" name="isSubmit"> <input type="hidden" name="area" value="<?php echo $oEvent->event_area_id; ?> "> <input type="hidden" name="event_id" value="<?php echo $oEvent->event_id; ?> "> <strong>Edit a new event:</strong>
/** * User Rights POST */ function userrights() { $clang = Yii::app()->lang; $postuserid = Yii::app()->request->getPost("uid"); $aViewUrls = array(); // A user can't modify his own rights ;-) if ($postuserid != Yii::app()->session['loginID']) { $sresult = User::model()->findAllByAttributes(array('uid' => $postuserid, 'parent_id' => Yii::app()->session['loginID'])); $sresultcount = count($sresult); if (Yii::app()->session['USER_RIGHT_SUPERADMIN'] != 1 && $sresultcount > 0) { // Not Admin, just a user with childs $rights = array(); $rights['create_survey'] = isset($_POST['create_survey']) && Yii::app()->session['USER_RIGHT_CREATE_SURVEY'] ? 1 : 0; $rights['configurator'] = isset($_POST['configurator']) && Yii::app()->session['USER_RIGHT_CONFIGURATOR'] ? 1 : 0; $rights['create_user'] = isset($_POST['create_user']) && Yii::app()->session['USER_RIGHT_CREATE_USER'] ? 1 : 0; $rights['participant_panel'] = isset($_POST['participant_panel']) && Yii::app()->session['USER_RIGHT_PARTICIPANT_PANEL'] ? 1 : 0; $rights['delete_user'] = isset($_POST['delete_user']) && Yii::app()->session['USER_RIGHT_DELETE_USER'] ? 1 : 0; $rights['manage_template'] = isset($_POST['manage_template']) && Yii::app()->session['USER_RIGHT_MANAGE_TEMPLATE'] ? 1 : 0; $rights['manage_label'] = isset($_POST['manage_label']) && Yii::app()->session['USER_RIGHT_MANAGE_LABEL'] ? 1 : 0; $rights['superadmin'] = 0; // ONLY Initial Superadmin can give this right if ($postuserid != 1) { setUserRights($postuserid, $rights); } } elseif (Yii::app()->session['USER_RIGHT_SUPERADMIN'] == 1) { $rights = array(); // Only Initial Superadmin can give this right if (isset($_POST['superadmin'])) { // Am I original Superadmin ? // Initial SuperAdmin has parent_id == 0 $adminresult = User::model()->getuidfromparentid('0'); $row = $adminresult; if ($row['uid'] == Yii::app()->session['loginID']) { $rights['superadmin'] = 1; } else { $rights['superadmin'] = 0; } } else { $rights['superadmin'] = 0; } $rights['create_survey'] = isset($_POST['create_survey']) || $rights['superadmin'] ? 1 : 0; $rights['configurator'] = isset($_POST['configurator']) || $rights['superadmin'] ? 1 : 0; $rights['create_user'] = isset($_POST['create_user']) || $rights['superadmin'] ? 1 : 0; $rights['participant_panel'] = isset($_POST['participant_panel']) || $rights['superadmin'] ? 1 : 0; $rights['delete_user'] = isset($_POST['delete_user']) || $rights['superadmin'] ? 1 : 0; $rights['manage_template'] = isset($_POST['manage_template']) || $rights['superadmin'] ? 1 : 0; $rights['manage_label'] = isset($_POST['manage_label']) || $rights['superadmin'] ? 1 : 0; setUserRights($postuserid, $rights); } else { echo accessDenied('userrights'); die; } $aViewUrls['mboxwithredirect'][] = $this->_messageBoxWithRedirect($clang->gT("Set user permissions"), $clang->gT("User permissions were updated successfully."), 'successheader'); } else { $aViewUrls['mboxwithredirect'][] = $this->_messageBoxWithRedirect($clang->gT("Set user permissions"), $clang->gT("You are not allowed to change your own permissions!"), 'warningheader'); } $this->_renderWrappedTemplate('user', $aViewUrls); }
/** * surveypermission::delete() * Function responsible to delete a user/usergroup. * @param mixed $surveyid * @return void */ function delete($surveyid) { $aData['surveyid'] = $surveyid = sanitize_int($surveyid); $aViewUrls = array(); $action = $_POST['action']; $clang = Yii::app()->lang; $imageurl = Yii::app()->getConfig('imageurl'); $postuserid = !empty($_POST['uid']) ? $_POST['uid'] : false; $postusergroupid = !empty($_POST['gid']) ? $_POST['gid'] : false; if ($action == "delsurveysecurity") { $addsummary = "<div class=\"header\">" . $clang->gT("Deleting User") . "</div>\n"; $addsummary .= "<div class=\"messagebox\">\n"; $result = Survey::model()->findAll('sid = :sid AND owner_id = :owner_id AND owner_id != :postuserid', array(':sid' => $surveyid, ':owner_id' => Yii::app()->session['loginID'], ':postuserid' => $postuserid)); if (count($result) > 0 || Yii::app()->session['USER_RIGHT_SUPERADMIN'] == 1) { if (isset($postuserid)) { $dbresult = Survey_permissions::model()->deleteAll('uid = :uid AND sid = :sid', array(':uid' => $postuserid, ':sid' => $surveyid)); $addsummary .= "<br />" . $clang->gT("Username") . ": " . sanitize_xss_string($_POST['user']) . "<br /><br />\n"; $addsummary .= "<div class=\"successheader\">" . $clang->gT("Success!") . "</div>\n"; } else { $addsummary .= "<div class=\"warningheader\">" . $clang->gT("Could not delete user. User was not supplied.") . "</div>\n"; } $addsummary .= "<br/><input type=\"submit\" onclick=\"window.open('" . $this->getController()->createUrl('admin/surveypermission/sa/view/surveyid/' . $surveyid) . "', '_top')\" value=\"" . $clang->gT("Continue") . "\"/>\n"; } else { accessDenied(); } $addsummary .= "</div>\n"; $aViewUrls['output'] = $addsummary; } $this->_renderWrappedTemplate('authentication', $aViewUrls, $aData); }
* GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ // $Id: viewSched.php,v 1.7 2005/10/30 22:37:19 atrommer Exp $ checkUser($_SESSION['USERTYPE'], 2); if (empty($_REQUEST['user'])) { // keep people from navigating here directly accessDenied("Please choose a user first."); } $oEmp = getUserVals($_REQUEST['user']); if (empty($oEmp)) { // this would happen if they arbitrarily typed in a num in the url accessDenied("You selected an invalid user!"); } if (!$_REQUEST['doPop']) { doHeader("Viewing {$oEmp->user_first} {$oEmp->user_last}'s schedule"); } else { ?> <html> <head> <title>Viewing <?php echo $oEmp->user_first . ' ' . $oEmp->user_last; ?> 's schedule</title> <link href="global.css" rel="stylesheet" type="text/css"> </head> <body>
function printArea($iArea) { // displays the area schedule $oAreaDetails = getAreas($_SESSION['USERID'], $iArea); // make sure a row is returned, if not, user is being bad if (!count($oAreaDetails)) { // no areas, tried to circumvent sec, yell at them accessDenied("You tried to access an area you aren't assigned to!"); } $oAreaSched = getAreaSched($_REQUEST['area']); if (!count($oAreaSched)) { // let user know we have no rows print "You haven't created a schedule for this area yet."; } ?> <html> <head> <title>Viewing Schedule for <?php echo $oAreaDetails[0]->area_name; ?> </title> <link href="global.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" cellpadding="2" cellspacing="0"> <tr> <td width="50%"> Below are the events for <?php echo $oAreaDetails[0]->area_name; ?> . <?php // Area events go to the left foreach ($oAreaSched as $Sched) { // get area positions $oAreaPos = getAreaPos($_REQUEST['area']); ?> <br> <hr align="left"> <?php echo $Sched->event_name; ?> <table width="100%" border="0" cellpadding="2" class="contactInfo"> <tr> <td class="contactInfoName"><?php print date("D, n/d/y", strtotime($Sched->event_date)); ?> </td> </tr> <tr> <td>Start: <?php echo date("g:i a", strtotime($Sched->event_start)); ?> <div align="left"></div></td> <td>End: <?php echo date("g:i a", strtotime($Sched->event_end)); ?> </td> </tr> <tr valign="top"> <?php // now we go through each pos and list the scheduled emps foreach ($oAreaPos as $Pos) { ?> <td><table border="0" cellpadding="2" class="contactInfo"> <tr><td colspan=2><strong><?php echo $Pos->pos_name; ?> </strong></td></tr><?php $bRow = true; $oEventEmps = getEventEmps($Sched->event_id, $Pos->pos_id); if (count($oEventEmps)) { // we have emps, display them foreach ($oEventEmps as $Emp) { $bRow = !$bRow; ?> <tr<?php if ($bRow) { print " class=evenRow"; } ?> > <td colspan=2><?php echo $Emp->user_first . ' ' . $Emp->user_last; ?> </td> </tr> <?php } } else { //we don't, display msg print "<tr><td colspan=2><i>No employees scheduled yet</i></td></tr>"; } ?> </table></td><?php } ?> </tr> </table> <?php } ?> </td> </tr> </table> <?php }
function view($GET, $POST) { global $menu, $docs, $cat, $users; if (isset($GET['view'])) { $view = (string) $GET['view']; if (strlen($view) != 24) { error404(); } else { $id = new MongoId($view); $search = $menu->findOne(array('_id' => $id)); if (!$search) { error404(); } else { $site = $search['site']; $curid = $search['_id']; echo '<div class="link-tree">'; echo '<a href="/?sys=' . $_COOKIE['site'] . '" target="_blank">' . $_COOKIE['site'] . '</a>'; pathTree($curid); echo '</div>'; $userId = $_COOKIE['login']; $userId = new MongoId($userId); $login = $users->findOne(array('_id' => $userId)); $sites = explode(" @", $login['access']); if (in_array($site, $sites) && empty($_COOKIE[md5("role")]) || !empty($_COOKIE[md5("role")])) { $doc = $docs->find(array('itemId' => $id)); $target_dir = "documents/"; echo '<div class="post-content">'; echo '<h2 class="blog-title" style="margin-bottom: 0;">' . htmlspecialchars($search['name']) . '</h2>'; if (isset($search['text']) && $search['text'] != '') { echo '<div class="text">' . preg_replace('#<br.*?>#s', '', $search['text']) . '</div><br>'; } if ($doc->count(true)) { foreach ($doc as $file) { $path = 'documents/' . $search['site'] . '_' . $file['name'] . '.' . $file['ext']; if (file_exists($path)) { echo '<div class="file">Файл: <a href="documents/' . $search['site'] . '_' . $file['name'] . '.' . $file['ext'] . '" target="_blank">' . $file['name'] . '</a></div><br>'; } } } $links = $menu->find(array('toId' => $id))->sort(array($_COOKIE['sortindex'] => 1)); if ($_COOKIE['sortindex'] == 'time') { $links = $menu->find(array('toId' => $id))->sort(array($_COOKIE['sortindex'] => -1)); } if ($links->count(true)) { foreach ($links as $key) { echo '<div>'; echo '<div class="spoiler">'; echo '<a href="" class="spoiler_links">' . $key['name'] . '</a><div class="date">' . date('d/m/Y', $key['time']) . '</div>'; echo '<div class="spoiler_body">'; if (isset($key['text']) && $key['text'] != '') { echo '<div class="text">' . $key['text'] . '</div><br>'; } $docSP = $docs->find(array('itemId' => $key['_id'])); if ($docSP->count(true)) { foreach ($docSP as $file) { $path = 'documents/' . $search['site'] . '_' . $file['name'] . '.' . $file['ext']; if (file_exists($path)) { echo '<div class="file">Файл: <a href="documents/' . $search['site'] . '_' . $file['name'] . '.' . $file['ext'] . '" target="_blank">' . $file['name'] . '</a></div><br>'; } } } echo 'Додано: ' . date('d/m/Y', $key['time']) . '<br><br>'; echo '<a href="/?view=' . $key['_id'] . '" target="_blank">Повне посилання</a><br><br>'; echo '</div>'; echo '</div>'; echo '</div>'; } } echo '<div class="post-footer">'; echo 'Додано: ' . date('d/m/Y', $search['time']); echo '</div>'; echo '</div>'; if ($site != $cat) { setcookie("site", $site); header("Location: index.php?view={$view}"); } } else { accessDenied(); } } } } if (isset($POST['search'])) { $string = trim($POST['search']); header("Location: /?search={$string}"); } if (isset($GET['search'])) { $string = (string) $GET['search']; $arrWord = explode(" ", $string); foreach ($arrWord as $word) { $regex = new MongoRegex("/{$word}/i"); $criteria = array('$and' => array(array('$or' => array(array('name' => array('$regex' => $regex)), array('text' => array('$regex' => $regex)))), array('site' => $cat))); $data = $menu->find($criteria)->sort(array($_COOKIE['sortindex'] => 1)); if ($_COOKIE['sortindex'] == 'time') { $data = $menu->find($criteria)->sort(array($_COOKIE['sortindex'] => -1)); } echo 'Результати пошуку: "' . $word . '"<br><br>'; if ($data->count(true)) { echo '<div class="post-content">'; foreach ($data as $search) { $curid = $search['toId']; if ($curid != 0) { $curid = new MongoId($curid); $tempsearch = $menu->find(array('_id' => $curid)); if ($tempsearch->count(true)) { echo '<div class="search-link-border">'; echo '<div class="search-title""><a href="/?view=' . $search['_id'] . '" target="_blank">' . htmlspecialchars($search['name']) . '</a></div><div class="date">' . date('d/m/Y', $search['time']) . '</div><br>'; echo '<div class="search-link-tree">'; pathTree($search['_id']); echo '</div>'; echo '</div>'; } } else { echo '<div class="search-link-border">'; echo '<div class="search-title""><a href="/?view=' . $search['_id'] . '" target="_blank">' . htmlspecialchars($search['name']) . '</a></div><div class="date">' . date('d/m/Y', $search['time']) . '</div><br>'; echo '<div class="search-link-tree">'; pathTree($search['_id']); echo '</div>'; echo '</div>'; } } echo '</div>'; } else { echo '<div class="post-content">'; echo 'Записів не знайдено</div>'; } } } }
* * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ // $Id: editSched.php,v 1.17 2006/02/03 20:24:34 atrommer Exp $ checkUser($_SESSION['USERTYPE'], 2); // get the area attributes $oAreaDetails = getAreas($_SESSION['USERID'], $_REQUEST['area']); // make sure a row is returned, if not, user is being bad if (!count($oAreaDetails)) { // no areas, tried to circumvent sec, yell at them accessDenied("You tried to access an area you aren't assigned to!"); } elseif (!$_REQUEST['area']) { // force people through assignEmps accessDenied("Please choose an area to edit first through Manage Schedules"); } if ($_POST['confirmDelete']) { deleteEvent($_POST['event']); redirect("editSched.php?area=" . $_POST['area']); } function deleteConfirm($iArea, $iEvent) { $aEventDetails = getEventDetails($iEvent); ?> <form id="frmDelete" name="frmDelete" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?> "> <input type="hidden" name="area" value="<?php echo $iArea;
* * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ require_once 'classes/class.ical.inc.php'; // $Id: iCalView.php,v 1.3 2005/10/30 22:37:19 atrommer Exp $ // if we have a uid, grab their schedule // if we have aid, grab area schedule // otherwise, do nothing if ($_REQUEST['uid']) { $oSched = getMySched($_REQUEST['uid'], 2); } elseif ($_REQUEST['aid']) { $oSched = getAreaSched($_REQUEST['aid'], 2); } else { accessDenied("Invalid user or area!"); } $iCal = (object) new iCal('', 0); // (ProgrammID, Method [1 = Publish | 0 = Request]) $categories = array('Work', 'Party'); // main loop for the events foreach ($oSched as $Sched) { $aAssign = array(); $oEventEmps = getEventEmps($Sched->event_id); // add all event emps to the attendees foreach ($oEventEmps as $Emp) { $aTemp = array($Emp->user_first . ' ' . $Emp->user_last => $Emp->user_email . ",1"); $aAssign = array_merge($aAssign, $aTemp); } $iCal->addEvent('', strtotime($Sched->event_date . ' ' . $Sched->event_start), strtotime($Sched->event_date . ' ' . $Sched->event_end), $Sched->area_name, 0, $categories, 'Log into ESS for more details!', $Sched->event_name, 1, $aAssign, 5, 0, 1, 1, '', 0, '', '', 1, 'http://' . $host . $docroot, 'en', ''); }
<?php require_once 'common.php'; /* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ // $Id: assumeUser.php,v 1.5 2005/10/30 22:37:19 atrommer Exp $ checkUser($_SESSION['USERTYPE'], 2); if (!$_REQUEST['user']) { accessDenied("Please choose a user first!"); } assumeUser($_REQUEST['user']);
function checkUser($userType, $typeAllowed) { if ($userType < $typeAllowed) { accessDenied(); } }
checkUser($_SESSION['USERTYPE'], 2); // check for postback if ($_POST['isPostback']) { updateNotes($_POST['hdEvent'], sanitizeInput($_POST['taComments'])); redirect('editSched.php?area=' . $_POST['area']); } if (isset($_REQUEST['event'])) { $oEvent = getEventDetails($_REQUEST['event']); // if we don't have a month set, pull it from area if (strlen($oEvent->event_comments)) { $sNotes = $oEvent->event_comments; } else { $sNotes = getAreaTempl($_REQUEST['area']); } } else { accessDenied("Please choose an event to edit first using Manage Schedules"); } doHeader("Editing notes for " . $oEvent->event_name, 'taComments'); ?> <b><?php echo $oEvent->event_name; ?> </b> <br> <span class="contactInfo"><?php echo date("l, F jS, Y", strtotime($oEvent->event_date)); ?> (<?php echo date("g:i a", strtotime($oEvent->event_start));
$iEID = schedEvent($_POST, $_POST['event_id']); redirect("editNotes.php?event=" . $iEID . "&area=" . $_POST['area']); } // now we cat the dates together $dDate = $_POST['ddYear'] . '-' . $_POST['ddMonth'] . '-' . $_POST['ddDay']; $dStart = date("H:i", strtotime($_POST['ddStartTime'])); $dEnd = date("H:i", strtotime($_POST['ddEndTime'])); $sDay = date("w", strtotime($dDate)); $dStartFull = $_POST['ddYear'] . '-' . $_POST['ddMonth'] . '-' . $_POST['ddDay'] . ' ' . $dStart; // get the area attributes $oAreaDetails = getAreas($_SESSION['USERID'], $_REQUEST['area']); $oAreaPos = getAreaPos($_REQUEST[area]); // make sure a row is returned, if not, user is being bad if (!count($oAreaDetails)) { // no areas, tried to circumvent sec, yell at them accessDenied("You tried to access an area you aren't assigned to!"); } $oMyEmps = getMyEmployees($_SESSION['USERID']); doHeader("Editing " . $_POST['tbName']); ?> The following list shows all of your employees. Green means they are available, red means they aren't. <br>Use the radio buttons to assign your employees and press "Assign" to save the event and assignments. <br> <span class="contactInfo"><?php echo date("l, F jS, Y", strtotime($dDate)); ?> (<?php echo date("g:i a", strtotime($dStart)); ?>
addPos($_POST, $_SESSION['USERID']); redirect('editPos.php?area=' . $_POST['area']); } if ($_POST['confirmDelete']) { delPos($_POST['pos']); redirect('editPos.php?area=' . $_POST['area']); } // if request is empty, make user select area first if (!$_REQUEST['area']) { accessDenied("Please go through Manage Schedules to edit positions!"); } // grab area details $oAreaDetails = getAreas($_SESSION['USERID'], $_REQUEST['area']); // kick user out if details don't exist if (!$oAreaDetails) { accessDenied("You do not have access to this function!"); } // now that we are clean, grab the pos $oAreaPos = getAreaPos($_REQUEST['area']); // prompts user for del confirm function deleteConfirm($iArea, $iPos) { $oPosDetails = getPosDetails($iPos); ?> Warning! <b>Deleting</b> a position will orphan any assignments using this position. Do this only as a last resort!<br> <form id="frmDelete" name="frmDelete" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?> "> <input type="hidden" name="area" value="<?php
function formBuilder() { global $url, $auth; $prj_name = str_replace('/formBuilder', '', $url); $prj = new EcProject(); $prj->name = $prj_name; $prj->fetch(); $uid = $auth->getEcUserId(); if ($prj->checkPermission($uid)) { echo applyTemplate('./base.html', './createOrEditForm.html', array('projectName' => $prj_name)); } else { accessDenied(sprintf(' Project %s', $prj_name)); } }
<?php switch (true) { case isset($_POST['in']): logIn($_POST); break; case isset($_GET['out']): logOut($_GET, $_POST); break; case (isset($_GET['ins']) || isset($_GET['admin']) || isset($_GET['users']) || isset($_GET['upmenu']) || isset($_GET['chgum']) || isset($_GET['chgusr']) || isset($_GET['chid']) || isset($_GET['chgdoc'])) && empty($_COOKIE[md5("role")]): accessDenied(); break; case isset($_GET['view']) || isset($_POST['search']) || isset($_GET['search']): view($_GET, $_POST); break; case isset($_GET['sys']): site($_GET); break; case isset($_GET['sortindex']): sortItem($_GET); break; case isset($_GET['delid']) && !empty($_COOKIE[md5("role")]): delete($_GET); break; case (isset($_GET['deldoc']) || isset($_GET['item'])) && !empty($_COOKIE[md5("role")]): deleteDoc($_GET); break; case isset($_GET['chgdoc']) || isset($_POST['chgdoc']): changeDoc($_POST, $_GET); break;