function printGroups($area, $user)
{
global $netID, $db;
//go through all groups in current area
try {
$permissionsQuery = $db->prepare("SELECT * FROM permissionsGroups WHERE area=:area");
$permissionsQuery->execute(array(':area' => $area));
} catch (PDOException $e) {
exit("error in query");
}
while ($cur = $permissionsQuery->fetch(PDO::FETCH_ASSOC)) {
$filler = "";
//call has group permissions on them to print checkbox
$filler .= "<input type='checkbox' id='" . $cur['ID'] . "' name='" . $cur['ID'] . "' value='" . $cur['ID'] . "' onclick='if(this.checked){grantGroupPermission(this.value);}else{revokeGroupPermission(this.value);}' ";
if (hasAllGroupPermissions($user, $cur['ID'])) {
$filler .= "checked ";
}
if ((!hasAllGroupPermissions($netID, $cur['ID']) || $user == $netID) && !checkPermission('development')) {
$filler .= "disabled ";
}
$filler .= "/>";
//print group name
$filler .= "<label class 'title' for='" . $cur['ID'] . "'> " . $cur['name'] . "</label> (<a href='javascript:void' onclick=\"showHide('" . $cur['ID'] . "group')\">See Permissions</a>)<br/>";
//call pull group permissions to print list of permissions
$filler .= "<div class='description' id='" . $cur['ID'] . "group' style='display:none;'>";
$filler .= printPermissions($cur['ID']);
$filler .= "</div><br/>";
echo $filler;
}
}
public function index()
{
checkPermission('info_view');
$this->load->library('pagination');
$this->data['table'] = $table = $this->input->get_post('table');
$this->data['q'] = $q = $this->input->get_post('q');
$this->data['start'] = $start = $this->input->get_post('page') ? $this->input->get_post('page') : 1;
$this->data['pageSize'] = $pageSize = $this->input->get_post('pageSize') ? $this->input->get_post('pageSize') : 30;
$this->general_mdl->setTable('category');
$this->data['categories'] = $this->general_mdl->get_query()->result_array();
$fileds = array('type', 'province', 'city', 'district', 'company', 'address');
$info_data = array();
$like = array();
if ($q) {
foreach ($fileds as $key => $value) {
$like[$value] = $q;
}
}
if ($table) {
$this->general_mdl->setTable($table);
//查询数据的总量,计算出页数
$query = $this->general_mdl->get_query_or_like($like);
$page = ceil($query->num_rows() / $pageSize);
$this->data['page'] = $page;
//取出当前面数据
$query = $this->general_mdl->get_query_or_like($like, array(), $start, $pageSize);
$info_data = $query->result_array();
$this->data['current_page'] = $start;
}
$this->data['result'] = $info_data;
$this->data['title'] = '信息管理';
$this->load->view('admin_info/list', $this->data);
}
function checkPermissionRedirect($permission)
{
if (checkPermission($permission) === false) {
echo '<h1 style="text-align:center;margin-top:20%;">You do not have permission to see this page</h1><p style="text-align:center;"> If you should have access to this page, please talk to your manager</p>';
require 'includeAtEnd.php';
exit;
}
}
public function index()
{
checkPermission('book_view');
$this->data['name'] = $q = $this->input->get_post('q');
//预约人姓名
$this->data['book_date'] = $book_date = $this->input->get_post('book_date') ? $this->input->get_post('book_date') : date('Y-m-d');
//预约人时间
$this->data['doctor_id'] = $doctor_id = $this->input->get_post('doctor_id');
//预约医生
$this->data['start'] = $start = $this->input->get_post('page') ? $this->input->get_post('page') : 1;
$this->data['pageSize'] = $pageSize = $this->input->get_post('pageSize') ? $this->input->get_post('pageSize') : 20;
$like = array();
$where = array();
if ($q) {
$like['appointment.name'] = $q;
} else {
if ($book_date) {
$book_date = trans_date_format($book_date, 'Y-m-d');
$this->data['book_date'] = $book_date;
$where['book_date >'] = $book_date;
$where['book_date <'] = date('Y-m-d', strtotime('+1 day', strtotime($book_date)));
}
}
if ($doctor_id) {
$where['doctor_id'] = $doctor_id;
}
//查询数据的总量,计算出页数
$this->db->where($where);
$this->db->or_like($like);
$query = $this->general_mdl->get_query();
$this->data['total'] = $query->num_rows();
$page = ceil($query->num_rows() / $pageSize);
$this->data['page'] = $page;
//取出当前面数据
$this->db->select('appointment.*,doctor.name as doctor_name');
$this->db->join('doctor', 'doctor.id = appointment.doctor_id');
$this->db->where($where);
$this->db->or_like($like);
$query = $this->general_mdl->get_query(($start - 1) * $pageSize, $pageSize, 'book_date ASC');
$book_data = $query->result_array();
$this->data['current_page'] = $start;
$prev_link = $this->data['controller_url'] . '?page=' . ($start - 1);
$prev_link .= $q ? '&q=' . $q : '';
$next_link = $this->data['controller_url'] . '?page=' . ($start + 1);
$next_link .= $q ? '&q=' . $q : '';
$this->data['prev_link'] = $prev_link;
$this->data['next_link'] = $next_link;
$page_link = array();
for ($i = 1; $i <= $page; $i++) {
$page_link[$i] = $this->data['controller_url'] . '?page=' . $i;
$page_link[$i] .= $q ? '&q=' . $q : '';
$page_link[$i] .= $book_date ? '&book_date=' . $book_date : '';
}
$this->data['page_links'] = $page_link;
$this->data['result'] = $book_data;
$this->data['title'] = '预约管理';
$this->load->view('admin_book/list', $this->data);
}
public function loadData()
{
$UserID = Gdn::controller()->data('Profile.UserID', Gdn::session()->UserID);
$this->User = Gdn::userModel()->getID($UserID);
$this->Roles = Gdn::userModel()->GetRoles($UserID)->resultArray();
// Hide personal info roles
if (!checkPermission('Garden.PersonalInfo.View')) {
$this->Roles = array_filter($this->Roles, 'RoleModel::FilterPersonalInfo');
}
}
/**
* Render the module.
*
* @return string Rendered HTML.
*/
public function toString()
{
// Simplify our permission logic
$ConversationExists = is_object($this->Conversation) && $this->Conversation->ConversationID > 0;
$CanAddUsers = $this->AddUserAllowed && checkPermission('Conversations.Conversations.Add');
if ($ConversationExists && $CanAddUsers) {
return parent::toString();
}
return '';
}
function localSecurityChecks($folder)
{
global $successful_Check;
foreach (glob($folder . "*") as $element) {
$res = checkPermission($element);
$successful_Check = $res ? $successful_Check : false;
if (is_dir($element)) {
localSecurityChecks($element . "/");
}
}
}
public function index()
{
checkPermission('sys_admin');
$doctor_data = array();
$party_id_array = array();
$query = $this->general_mdl->get_query();
$this->data['total'] = $query->num_rows();
$doctor_data = $query->result_array();
$this->data['result'] = $doctor_data;
$this->data['title'] = '医生管理';
$this->load->view('admin_doctor/list', $this->data);
}
public function index()
{
checkPermission('sys_admin');
$this->general_mdl->setTable('sys_config');
$res = $this->general_mdl->get_query_by_where(array('cat' => 'sys'))->result_array();
foreach ($res as $key => $item) {
$this->sys_configs[$item['name']] = $item['value'];
}
$data['config'] = $this->sys_configs;
$data['title'] = '';
$this->load->view('admin/sys_config', $data);
}
function deleteCategory()
{
//xóa danh muc khach hang
$cat_id = getValue('cat_id', 'int', 'POST', 0);
//check quyền xóa
checkPermission('trash');
$array_return = array();
$db_data = new db_query('SELECT * FROM customer_cat WHERE cus_cat_id = ' . $cat_id . ' LIMIT 1');
$cuscat_data = mysqli_fetch_assoc($db_data->result);
unset($db_data);
move2trash('cus_cat_id', $cat_id, 'customer_cat', $cuscat_data);
$array_return = array('success' => 1);
die(json_encode($array_return));
}
/**
* Permission checks & property prep.
*/
public function __construct()
{
parent::__construct();
if (!class_exists('MediaModel')) {
require __DIR__ . '/class.mediamodel.php';
}
$this->_MediaCache = null;
$this->CanUpload = checkPermission('Plugins.Attachments.Upload.Allow');
$this->CanDownload = checkPermission('Plugins.Attachments.Download.Allow');
if ($this->CanUpload) {
$PermissionCategory = CategoryModel::permissionCategory(Gdn::controller()->data('Category'));
if (!val('AllowFileUploads', $PermissionCategory, true)) {
$this->CanUpload = false;
}
}
}
public function handle($request, Closure $next)
{
if ($this->auth->guest()) {
if ($request->ajax()) {
return response('Unauthorized.', 401);
} else {
return redirect()->guest('auth/login');
}
}
if (checkMember()) {
return redirect()->guest('/');
}
$route = $request->route()->getPath();
if (!checkPermission($route)) {
return redirect(URL::to('/admin/dashboard'))->withErrors('You has not permission to page');
}
return $next($request);
}
public function toString()
{
$Session = Gdn::session();
$Controller = Gdn::controller();
$UserID = $Controller->User->UserID;
$MemberOptions = array();
$ProfileOptions = array();
$Controller->EventArguments['UserID'] = $UserID;
$Controller->EventArguments['ProfileOptions'] =& $ProfileOptions;
$Controller->EventArguments['MemberOptions'] =& $MemberOptions;
if ($Controller->EditMode) {
return '<div class="ProfileOptions">' . anchor(t('Back to Profile'), userUrl($Controller->User), array('class' => 'ProfileButtons')) . '</div>';
// $ProfileOptions[] = array('Text' => t('Back to Profile'), 'Url' => userUrl($Controller->User), 'CssClass' => 'BackToProfile');
} else {
// Profile Editing
if (hasEditProfile($Controller->User->UserID)) {
$ProfileOptions[] = array('Text' => sprite('SpEditProfile') . ' ' . t('Edit Profile'), 'Url' => userUrl($Controller->User, '', 'edit'));
} elseif ($Session->isValid() && $UserID == $Session->UserID) {
$ProfileOptions[] = array('Text' => sprite('SpEditProfile') . ' ' . t('Preferences'), 'Url' => userUrl($Controller->User, '', 'preferences'));
}
// Ban/Unban
$MayBan = checkPermission('Garden.Moderation.Manage') || checkPermission('Garden.Users.Edit') || checkPermission('Moderation.Users.Ban');
if ($MayBan && $UserID != $Session->UserID) {
if (BanModel::isBanned($Controller->User->Banned, BanModel::BAN_AUTOMATIC | BanModel::BAN_MANUAL)) {
$ProfileOptions[] = array('Text' => sprite('SpBan') . ' ' . t('Unban'), 'Url' => "/user/ban?userid={$UserID}&unban=1", 'CssClass' => 'Popup');
} elseif (!$Controller->User->Admin) {
$ProfileOptions[] = array('Text' => sprite('SpBan') . ' ' . t('Ban'), 'Url' => "/user/ban?userid={$UserID}", 'CssClass' => 'Popup');
}
}
// Delete content.
if (checkPermission('Garden.Moderation.Manage')) {
$ProfileOptions[] = array('Text' => sprite('SpDelete') . ' ' . t('Delete Content'), 'Url' => "/user/deletecontent?userid={$UserID}", 'CssClass' => 'Popup');
}
}
return parent::ToString();
}
<?php
if (!defined('APPLICATION')) {
exit;
}
$Session = Gdn::session();
$EditUser = $Session->checkPermission('Garden.Users.Edit');
$ViewPersonalInfo = $Session->checkPermission('Garden.PersonalInfo.View');
helpAsset(t('Heads Up!'), t('Search by user or role.', 'Search for users by name or email, optionally using % as a wildcard. You can also search by user ID, the name of a role, or “banned”.'));
helpAsset(t('Need More Help?'), anchor(t("Video tutorial on finding & managing users"), 'settings/tutorials/users'));
if (checkPermission('Garden.Users.Add')) {
echo heading(t('Manage Users'), t('Add User'), 'dashboard/user/add', 'js-modal btn btn-primary');
} else {
echo heading(t('Manage Users'));
}
?>
<div class="toolbar">
<div class="toolbar-main">
<?php
$info = '';
$count = $this->data('RecordCount', $this->data('UserCount', null));
if ($count !== null) {
$info = sprintf(plural($count, '%s user found.', '%s users found.'), $count);
} elseif ($this->data('UserEstimate', null) !== null) {
$info = sprintf(t('Approximately %s users exist.'), $this->data('UserEstimate'));
}
echo $this->Form->searchForm('Keywords', '/user/browse', [], $info);
?>
</div>
<?php
PagerModule::write(array('Sender' => $this, 'View' => 'pager-dashboard'));
}
if ($whmcs->get_req_var("fraud")) {
check_token("WHMCS.admin.default");
changeOrderStatus($id, "Fraud");
redir("action=view&id=" . $id . "&frauded=true");
exit;
}
if ($whmcs->get_req_var("pending")) {
check_token("WHMCS.admin.default");
changeOrderStatus($id, "Pending");
redir("action=view&id=" . $id . "&backpending=true");
exit;
}
if ($whmcs->get_req_var("cancelrefund")) {
check_token("WHMCS.admin.default");
checkPermission("Refund Invoice Payments");
$error = cancelRefundOrder($id);
redir("action=view&id=" . $id . "&cancelledrefunded=true&error=" . $error);
exit;
}
if ($whmcs->get_req_var("activated") && isset($_COOKIE['WHMCSOrderAccept'])) {
$errors = wGetCookie("OrderAccept", 1);
wDelCookie("OrderAccept");
if (count($errors)) {
infoBox($aInt->lang("orders", "statusaccepterror"), implode("<br>", $errors), "error");
} else {
infoBox($aInt->lang("orders", "statusaccept"), $aInt->lang("orders", "statusacceptmsg"), "success");
}
}
if ($whmcs->get_req_var("cancelled")) {
infoBox($aInt->lang("orders", "statuscancelled"), $aInt->lang("orders", "statuschangemsg"));
<!-- Latest compiled and minified CSS (Bootstrap)-->
<link rel="stylesheet" href="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script src="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js"></script>
<!-- General Custom Style -->
<link href="default.css" rel="stylesheet">
<!-- Ensures proper rendering on touch zooming -->
<meta name="viewport" content="width=device-width, initial-scale=1">
<?php
require_once 'utils.php';
?>
<?php
checkPermission(3);
?>
<?php
$new_published = false;
if (isset($_POST["title"]) && isset($_POST["image"]) && isset($_POST["content"]) && isset($_POST["category"])) {
//me conecto a la db
$link = mysqli_connect('localhost', 'root', '', 'ajedrezfcfm');
//si no me pude conectar tiro error
if (!$link) {
echo "Error: Unable to connect to MySQL." . PHP_EOL;
echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL;
echo "Debugging error: " . mysqli_connect_error() . PHP_EOL;
exit;
}
//se usa begin y commit pues queremos que las transacciones sólo se realicen juntas.
/**
* Pulls the keywords from a search string
* and creates an array of them
*
* Returns an associative array:
* $ret['search'] is the search string without keywords
* $ret['keywords'] is an array of keywords
* with values if needed.
*
* @author Ben Dodson
* @version 1/17/05
* @since 1/17/05
*
*/
function splitKeywords($string)
{
global $jzUSER, $keyword_genre, $keyword_artist, $keyword_album, $keyword_track, $keyword_play, $keyword_random, $keyword_radio, $keyword_lyrics, $keyword_limit, $keyword_id;
$limit_default = 50;
$ret = array();
$keywords = array();
if (isset($keyword_id) && false !== stristr($string, "{$keyword_id}")) {
$keywords['id'] = true;
$string = str_replace(" ", " ", str_replace("{$keyword_id}", "", $string));
}
if (isset($keyword_genre) && false !== stristr($string, "{$keyword_genre}")) {
$keywords['genres'] = true;
$string = str_replace(" ", " ", str_replace("{$keyword_genre}", "", $string));
}
if (isset($keyword_artist) && false !== stristr($string, "{$keyword_artist}")) {
$keywords['artists'] = true;
$string = str_replace(" ", " ", str_replace("{$keyword_artist}", "", $string));
}
if (isset($keyword_album) && false !== stristr($string, "{$keyword_album}")) {
$keywords['albums'] = true;
$string = str_replace(" ", " ", str_replace("{$keyword_album}", "", $string));
}
if (isset($keyword_track) && false !== stristr($string, "{$keyword_track}")) {
$keywords['tracks'] = true;
$string = str_replace(" ", " ", str_replace("{$keyword_track}", "", $string));
}
if (isset($keyword_lyrics) && false !== stristr($string, "{$keyword_lyrics}")) {
$keywords['lyrics'] = true;
$string = str_replace(" ", " ", str_replace("{$keyword_lyrics}", "", $string));
}
if (isset($keyword_play) && (false !== stristr($string, "{$keyword_play}") && checkPermission($jzUSER, 'play') === true)) {
$keywords['play'] = true;
$string = str_replace(" ", " ", str_replace("{$keyword_play}", "", $string));
}
if (isset($keyword_radio) && (false !== stristr($string, "{$keyword_radio}") && checkPermission($jzUSER, 'play') === true)) {
$keywords['radio'] = true;
$keywords['limit'] = $limit_default;
$string = str_replace(" ", " ", str_replace("{$keyword_radio}", "", $string));
}
if (isset($keyword_limit) && (false !== stristr($string, "{$keyword_random}") && checkPermission($jzUSER, 'play') === true)) {
$keywords['random'] = true;
$keywords['play'] = true;
$keywords['limit'] = $limit_default;
$string = str_replace(" ", " ", str_replace("{$keyword_random}", "", $string));
}
if (isset($keyword_limit) && false !== stristr($string, "{$keyword_limit}")) {
$explode = explode(" ", $string);
$str_array = array();
for ($i = 0; $i < sizeof($explode) - 1; $i++) {
if (false !== stristr($explode[$i], "{$keyword_limit}")) {
if (is_numeric($explode[$i + 1])) {
$keywords['limit'] = $explode[$i + 1];
$i++;
} else {
$keywords['limit'] = $limit_default;
}
} else {
$str_array[] = $explode[$i];
}
}
$string = implode(" ", $str_array);
}
while ($string[0] == " ") {
$string = substr($string, 1);
}
while ($string[strlen($string)] == " ") {
$string = substr($string, 0, -1);
}
$ret['keywords'] = $keywords;
$ret['search'] = $string;
return $ret;
}
function doTemplate($node)
{
global $jzUSER;
$display =& new jzDisplay();
$smarty = mobileSmarty();
$jb = new jzJukebox();
if (!$jb->connect()) {
//jzTemplate($smarty,'jukeboxError');
echo 'Error connecting to jukebox.';
return;
}
$smarty->assign('Play', word('Play'));
$smarty->assign('Pause', word('Pause'));
$smarty->assign('Stop', word('Stop'));
$smarty->assign('Previous', word('Previous'));
$smarty->assign('Next', word('Next'));
$smarty->assign('Shuffle', word('Shuffle'));
$smarty->assign('Clear', word('Clear'));
/* buttons */
if (checkPermission($jzUSER, "jukebox_admin")) {
$func = $jb->jbAbilities();
if ($func['playbutton']) {
$smarty->assign('openPlayTag', $display->getOpenJukeboxActionTag('play'));
}
if ($func['pausebutton']) {
$smarty->assign('openPauseTag', $display->getOpenJukeboxActionTag('pause'));
}
if ($func['stopbutton']) {
$smarty->assign('openStopTag', $display->getOpenJukeboxActionTag('stop'));
}
if ($func['prevbutton']) {
$smarty->assign('openPrevTag', $display->getOpenJukeboxActionTag('previous'));
}
if ($func['nextbutton']) {
$smarty->assign('openNextTag', $display->getOpenJukeboxActionTag('next'));
}
if ($func['shufflebutton']) {
$smarty->assign('openShuffleTag', $display->getOpenJukeboxActionTag('random_play'));
}
if ($func['clearbutton']) {
$smarty->assign('openClearTag', $display->getOpenJukeboxActionTag('clear'));
}
if ($func['volume']) {
$smarty->assign('Volume', word('Volume:'));
$smarty->assign('volumeSteps', range(0, 100, 5));
$vol = $_SESSION['jz_jbvol-' . $_SESSION['jb_id']];
if (!isset($vol) || !is_numeric($vol)) {
$vol = 0;
}
$smarty->assign('currentVolume', $vol);
}
if ($func['addtype']) {
/* how to add media */
$smarty->assign('whereAdd', word('Add media:'));
function jbHREF($type)
{
return "javascript:sendJukeboxRequest('addwhere','{$type}');";
}
$set = array();
$set[] = array('href' => jbHREF('current'), 'label' => 'After current track', 'selected' => $_SESSION['jb-addtype'] == "current");
$set[] = array('href' => jbHREF('begin'), 'label' => 'At beginning of playlist', 'selected' => $_SESSION['jb-addtype'] == "begin");
$set[] = array('href' => jbHREF('end'), 'label' => 'At end of playlist', 'selected' => $_SESSION['jb-addtype'] == "end");
$set[] = array('href' => jbHREF('replace'), 'label' => 'Replace current playlist', 'selected' => $_SESSION['jb-addtype'] == "replace");
$smarty->assign('addTypes', $set);
}
}
jzTemplate($smarty, 'jukebox');
}
/**
* Determine whether or not a given user has the edit profile link.
*
* @param int $userID The user ID to check.
* @return bool Return true if the user should have the edit profile link or false otherwise.
*/
function hasEditProfile($userID)
{
if (checkPermission(array('Garden.Users.Edit', 'Moderation.Profiles.Edit'))) {
return true;
}
if ($userID != Gdn::session()->UserID) {
return false;
}
$result = checkPermission('Garden.Profiles.Edit') && c('Garden.UserAccount.AllowEdit');
$result &= C('Garden.Profile.Titles') || C('Garden.Profile.Locations', false) || C('Garden.Registration.Method') != 'Connect';
return $result;
}
/**
* Creates a small version of the jukebox block.
*
* @author Ben Dodson
* @since 4/29/05
* @version 4/29/05
* @param text: the text to display in the box. 'off' means no text.
* @buttons: one of: "top|default|off". Top means toggle with the header text when applicable.
**/
function smallJukebox($text = false, $buttons = "default", $linebreaks = true)
{
global $jbArr, $jzUSER, $include_path, $jukebox_display;
if ($text == "") {
$text = false;
}
$display = new jzDisplay();
include_once $include_path . "jukebox/class.php";
$jb = new jzJukebox();
if (!$jb->connect()) {
echo '<strong>Error connecting to jukebox. Please make sure your jukebox settings are correct. (jukebox/settings.php)</strong>';
$jb_playwhere = "";
} else {
if (isset($_SESSION['jb_playwhere'])) {
$jb_playwhere = $_SESSION['jb_playwhere'];
} else {
$jb_playwhere = "stream";
}
}
$url_array = array();
$url_array['action'] = "popup";
$url_array['ptype'] = "jukezora";
?>
<script>
sm_text = '<?php
echo $text;
?>
';
sm_buttons = '<?php
echo $buttons;
?>
';
sm_linebreaks = '<?php
echo $linebreaks;
?>
';
</script>
<table width="100%" cellpadding="2" cellspacing="0" border="0">
<tr>
<td width="100%" valign="top">
<?php
$showText = true;
if ($buttons == "top" && checkPermission($jzUSER, "jukebox_admin") === true && $_SESSION['jb_playwhere'] != "stream") {
// Ok, now we need to make sure we can do things
$func = $jb->jbAbilities();
echo "<nobr>";
if ($func['playbutton']) {
$display->displayJukeboxButton("play");
$showText = false;
}
if ($func['pausebutton']) {
$display->displayJukeboxButton("pause");
$showText = false;
}
if ($func['stopbutton']) {
$display->displayJukeboxButton("stop");
$showText = false;
}
if ($func['nextbutton']) {
$display->displayJukeboxButton("previous");
$showText = false;
}
if ($func['prevbutton']) {
$display->displayJukeboxButton("next");
$showText = false;
}
if ($func['shufflebutton']) {
//$display->displayJukeboxButton("random_play");
//$showText = false;
}
if ($func['clearbutton']) {
$display->displayJukeboxButton("clear");
$showText = false;
}
echo "</nobr>";
}
if ($showText) {
?>
<?php
if (isNothing($text)) {
?>
<font size="1">
<strong>
<?php
if (checkPlayback() == "jukebox") {
$theJWord = word("Jukebox");
} else {
$theJWord = word("Playback");
}
$display->popupLink("jukezora", $theJWord);
if (checkPlayback() == "jukebox") {
$jz_jbstatus = $jb->getPlayerStatus();
echo " - " . ucwords($jz_jbstatus);
}
?>
</strong>
</font>
<?php
} else {
if ($text != "off") {
echo $text;
}
}
?>
<?php
}
?>
</td>
</tr>
<tr>
<td width="100%" valign="top">
<?php
$arr = array();
$arr['action'] = "jukebox";
$arr['subaction'] = "jukebox-command";
$arr['command'] = "playwhere";
?>
<form action="<?php
echo urlize($arr);
?>
" method="POST" name="playbackForm">
<select name="jbplaywhere" id="smallJukeboxSelect" class="jz_select" style="width:132;" onChange="updateSmallJukebox()">
<?php
if (checkPermission($jzUSER, 'stream')) {
?>
<option value="stream">Stream</option>
<?php
}
// Now let's get a list of all the jukeboxes that are installed
for ($i = 0; $i < count($jbArr); $i++) {
echo '<option ';
if ($jb_playwhere == $jbArr[$i]['description']) {
echo " selected ";
}
echo 'value="' . $jbArr[$i]['description'] . '">' . $jbArr[$i]['description'] . '</option>';
}
?>
</select>
</form>
<?php
if ($linebreaks) {
echo '</td></tr><tr><td width="100%">';
} else {
echo "   ";
}
if ($jb_playwhere != "stream" && checkPermission($jzUSER, "jukebox_admin") === true && $buttons == "default") {
// Ok, now we need to make sure we can do things
$func = $jb->jbAbilities();
echo "<nobr>";
if ($func['playbutton']) {
$display->displayJukeboxButton("play");
}
if ($func['pausebutton']) {
$display->displayJukeboxButton("pause");
}
if ($func['stopbutton']) {
$display->displayJukeboxButton("stop");
}
if ($func['nextbutton']) {
$display->displayJukeboxButton("previous");
}
if ($func['prevbutton']) {
$display->displayJukeboxButton("next");
}
if ($func['shufflebutton']) {
//$display->displayJukeboxButton("random_play");
}
if ($func['clearbutton']) {
$display->displayJukeboxButton("clear");
}
echo "</nobr>";
}
?>
</td>
</tr>
</table>
<?php
}
<?php
if (!defined(JZ_SECURE_ACCESS)) {
die('Security breach detected.');
}
/**
* Displays the Item Retagger tool
*
* @author Ross Carlson, Ben Dodson
* @version 01/27/05
* @since 01/27/05
* @param $node The node we are looking at
*/
global $jzSERVICES, $jzUSER, $node;
if (!checkPermission($jzUSER, "admin", $node->getPath("String"))) {
echo word("Insufficient permissions.");
return;
}
$title = word("Retag files");
if ($node->getName() != "") {
$title = word("Retag files in") . ": " . $node->getName();
}
$this->displayPageTop("", $title, false);
$this->openBlock();
// Did they submit the form?
if (isset($_POST['updateTags'])) {
// Let's not timeout
set_time_limit(0);
// Ok, now let's see what they wanted to retag
$reGenre = false;
$reArtist = false;
/**
* Draws the Jinzora Radio Block using the data from the current node
*
* @author Ross Carlson
* @version 01/11/05
* @since 01/11/05
* @param object $node The object to create the radio from
*/
function slickRadioBlock($node)
{
global $show_radio, $jzUSER;
// First do they even want this?
if ($show_radio != true || !checkPermission($jzUSER, 'play', $node->getPath("String"))) {
return;
}
if ($node->getAncestor("artist") === false) {
return;
}
$node = $node->getAncestor("artist");
// Let's startup Smarty
$smarty = smartySetup();
$smarty->assign('title', word("Jinzora Radio"));
$smarty->display(SMARTY_ROOT . 'templates/slick/radio-block.tpl');
}
<?php
require_once "inc_security.php";
checkPermission('edit');
$returnurl = base64_decode(getValue("url", "str", "GET", base64_encode("listing.html")));
$errorMsg = '';
$errorMsgAll = "";
$iQuick = getValue("iQuick", "str", "POST", "");
$record_id = getValue("record_id", "arr", "POST", "");
if (!$record_id) {
redirect('listing.html');
}
if ($iQuick == 'update') {
$total_record = count($record_id);
if ($total_record > 0) {
for ($i = 0; $i < $total_record; $i++) {
//Call Class generate_form();
$myform = new generate_form();
//Insert to database
$myform->add('cat_name', "cat_name" . $record_id[$i], 0, 0, '', 0, '', 0, '');
$myform->add('cat_order', "cat_order" . $record_id[$i], 1, 0, '', 0, '', 0, '');
//Add table
$myform->addTable($bg_table);
$errorMsg .= $myform->checkdata($id_field, $record_id[$i]);
//Check loi cua tat ca cac ban ghi duoc sua
$errorMsgAll .= $errorMsg;
if ($errorMsg == "") {
$db_ex = new db_execute($myform->generate_update_SQL($id_field, $record_id[$i]));
unset($db_ex);
} else {
echo $record_id[$i] . " : " . $errorMsg . "</br>";
$jzUSER->logout();
}
}
if ($jzUSER->getName() == "") {
$jzUSER->logout();
}
// handle changing of settings:
// These affect the session, NOT the user settings.
// This is handled in general.lib.php: setThisPage().
if (isset($_POST['action'])) {
if ($_POST['action'] == "popup") {
$_GET['action'] = "popup";
$_GET['ptype'] = $_POST['ptype'];
}
}
if (checkPermission($jzUSER, "view") === false && (!isset($_POST['action']) || $_POST['action'] != "login")) {
// Now are we in CMS mode or what?
if ($cms_type == "standalone" || $cms_type == "false" || $cms_type == "") {
writeLogData("messages", "Index: Sending the user to the login page");
$fe->loginPage();
exit;
}
}
// Detect our current playlist:
if (isset($_GET['jz_playlist'])) {
$_SESSION['jz_playlist'] = $_GET['jz_playlist'];
}
if (isset($_POST['jz_playlist'])) {
$_SESSION['jz_playlist'] = $_POST['jz_playlist'];
}
// Should we use AJAX?
/**
* Edit a user account.
*
* @since 2.0.0
* @access public
* @param int $UserID Unique ID.
*/
public function edit($UserID)
{
$this->permission('Garden.Users.Edit');
// Page setup
$this->addJsFile('user.js');
$this->title(t('Edit User'));
$this->addSideMenu('dashboard/user');
// Only admins can reassign roles
$RoleModel = new RoleModel();
$AllRoles = $RoleModel->getArray();
$RoleData = $RoleModel->getAssignable();
$UserModel = new UserModel();
$User = $UserModel->getID($UserID, DATASET_TYPE_ARRAY);
// Determine if username can be edited
$CanEditUsername = (bool) c("Garden.Profile.EditUsernames") || Gdn::session()->checkPermission('Garden.Users.Edit');
$this->setData('_CanEditUsername', $CanEditUsername);
// Determine if emails can be edited
$CanEditEmail = Gdn::session()->checkPermission('Garden.Users.Edit');
$this->setData('_CanEditEmail', $CanEditEmail);
// Decide if they have ability to confirm users
$Confirmed = (bool) valr('Confirmed', $User);
$CanConfirmEmail = UserModel::RequireConfirmEmail() && Gdn::session()->checkPermission('Garden.Users.Edit');
$this->setData('_CanConfirmEmail', $CanConfirmEmail);
$this->setData('_EmailConfirmed', $Confirmed);
$User['ConfirmEmail'] = (int) $Confirmed;
// Determine whether user being edited is privileged (can escalate permissions)
$UserModel = new UserModel();
$EditingPrivilegedUser = $UserModel->checkPermission($User, 'Garden.Settings.Manage');
// Determine our password reset options
// Anyone with user editing my force reset over email
$this->ResetOptions = array(0 => t('Keep current password.'), 'Auto' => t('Force user to reset their password and send email notification.'));
// Only admins may manually reset passwords for other admins
if (checkPermission('Garden.Settings.Manage') || !$EditingPrivilegedUser) {
$this->ResetOptions['Manual'] = t('Manually set user password. No email notification.');
}
// Set the model on the form.
$this->Form->setModel($UserModel);
// Make sure the form knows which item we are editing.
$this->Form->addHidden('UserID', $UserID);
try {
$AllowEditing = true;
$this->EventArguments['AllowEditing'] =& $AllowEditing;
$this->EventArguments['TargetUser'] =& $User;
// These are all the 'effective' roles for this edit action. This list can
// be trimmed down from the real list to allow subsets of roles to be
// edited.
$this->EventArguments['RoleData'] =& $RoleData;
$UserRoleData = $UserModel->getRoles($UserID)->resultArray();
$RoleIDs = array_column($UserRoleData, 'RoleID');
$RoleNames = array_column($UserRoleData, 'Name');
$UserRoleData = arrayCombine($RoleIDs, $RoleNames);
$this->EventArguments['UserRoleData'] =& $UserRoleData;
$this->fireEvent("BeforeUserEdit");
$this->setData('AllowEditing', $AllowEditing);
$this->Form->setData($User);
if ($this->Form->authenticatedPostBack()) {
if (!$CanEditUsername) {
$this->Form->setFormValue("Name", $User['Name']);
}
// Allow mods to confirm/unconfirm emails
$this->Form->removeFormValue('Confirmed');
$Confirmation = $this->Form->getFormValue('ConfirmEmail', null);
$Confirmation = !is_null($Confirmation) ? (bool) $Confirmation : null;
if ($CanConfirmEmail && is_bool($Confirmation)) {
$this->Form->setFormValue('Confirmed', (int) $Confirmation);
}
$ResetPassword = $this->Form->getValue('ResetPassword', false);
// If we're an admin or this isn't a privileged user, allow manual setting of password
$AllowManualReset = checkPermission('Garden.Settings.Manage') || !$EditingPrivilegedUser;
if ($ResetPassword == 'Manual' && $AllowManualReset) {
// If a new password was specified, add it to the form's collection
$NewPassword = $this->Form->getValue('NewPassword', '');
$this->Form->setFormValue('Password', $NewPassword);
}
// Role changes
// These are the new roles the editing user wishes to apply to the target
// user, adjusted for his ability to affect those roles
$RequestedRoles = $this->Form->getFormValue('RoleID');
if (!is_array($RequestedRoles)) {
$RequestedRoles = array();
}
$RequestedRoles = array_flip($RequestedRoles);
$UserNewRoles = array_intersect_key($RoleData, $RequestedRoles);
// These roles will stay turned on regardless of the form submission contents
// because the editing user does not have permission to modify them
$ImmutableRoles = array_diff_key($AllRoles, $RoleData);
$UserImmutableRoles = array_intersect_key($ImmutableRoles, $UserRoleData);
// Apply immutable roles
foreach ($UserImmutableRoles as $IMRoleID => $IMRoleName) {
$UserNewRoles[$IMRoleID] = $IMRoleName;
}
// Put the data back into the forum object as if the user had submitted
// this themselves
$this->Form->setFormValue('RoleID', array_keys($UserNewRoles));
if ($this->Form->save(array('SaveRoles' => true)) !== false) {
if ($this->Form->getValue('ResetPassword', '') == 'Auto') {
$UserModel->PasswordRequest($User['Email']);
$UserModel->setField($UserID, 'HashMethod', 'Reset');
}
$this->informMessage(t('Your changes have been saved.'));
}
$UserRoleData = $UserNewRoles;
}
} catch (Exception $Ex) {
$this->Form->addError($Ex);
}
$this->setData('User', $User);
$this->setData('Roles', $RoleData);
$this->setData('UserRoles', $UserRoleData);
$this->render();
}
function validateAdminTicketAccess($ticketid)
{
$data = get_query_vals("tbltickets", "id,did,flag", array("id" => $ticketid));
$id = $data['id'];
$deptid = $data['did'];
$flag = $data['flag'];
if (!$id) {
return "invalidid";
}
if (!in_array($deptid, getAdminDepartmentAssignments()) && !checkPermission("Access All Tickets Directly", true)) {
return "deptblocked";
}
if ($flag && $flag != $_SESSION['adminid'] && !checkPermission("View Flagged Tickets", true) && !checkPermission("Access All Tickets Directly", true)) {
return "flagged";
}
return false;
}
/***************************************************************************
*
* This hack is released under the GPL License.
* This hack can be freely used, but not distributed, without permission.
* Intellectual Property is retained by the author listed above.
*
***************************************************************************/
define('IN_PHPBB', true);
$phpbb_root_path = './';
include_once $phpbb_root_path . 'auction/auction_common.php';
// Start session management
$userdata = session_pagestart($user_ip, AUCTION_ROOM);
init_userprefs($userdata);
// End session management
// Check auction_permission
checkPermission('VIEW_ALL');
// Information for the standard Who-is-Online-Block
$total_posts = get_db_stat('postcount');
$total_users = get_db_stat('usercount');
$newest_userdata = get_db_stat('newestuser');
$newest_user = $newest_userdata['username'];
$newest_uid = $newest_userdata['user_id'];
if ($total_posts == 0) {
$l_total_post_s = $lang['Posted_articles_zero_total'];
} else {
if ($total_posts == 1) {
$l_total_post_s = $lang['Posted_article_total'];
} else {
$l_total_post_s = $lang['Posted_articles_total'];
}
}
}
if (isset($_REQUEST['sessID'])) {
$split = explode(",", $_REQUEST['sessID']);
$split2 = explode(",", $_POST['sessID']);
$_REQUEST['sessID'] = $split[0];
$_POST['sessID'] = $split2[0];
}
if (isset($_REQUEST['hiddenId']) || isset($_REQUEST['sessID'])) {
} else {
header("Location: SessionList.php");
}
include "HandleDB.php";
include "conf.php";
include "builder.cfg";
include "Messages.php";
checkPermission();
$selUnix = "";
$selWin = "";
$selVnc = "";
$selShadow = "";
$check_grabKeyboard = "";
$check_directDraw = "";
$dis_deskType = "";
$check_HttpProxy = "";
$check_EnableMultimedia = "";
$check_useFontServer = "";
$check_rememberProxyAuth = "";
$check_compressionType3 = "";
$fontServerHostValue = "";
$fontServerPortValue = "";
$lastSessionID = "";
function jzPopup()
{
global $jzUSER;
// Now let's se if they selected a Genre, Artist, or Album:
if (isset($_POST['chosenPath'])) {
if (isset($_POST['jz_type']) && $_POST['jz_type'] == "track") {
if (checkPermission($jzUSER, 'play', $_POST['chosenPath']) === false) {
$this->closeWindow(false);
}
$e = new jzMediaTrack($_POST['chosenPath']);
$pl = new jzPlaylist();
$pl->add($e);
$pl->play();
exit;
} else {
$return = $this->returnGoBackPage($_POST['return']);
}
//$url = $return. "&" . jz_encode("path") . "=". jz_encode(urlencode($_POST['chosenPath']));
$link = array();
$link['jz_path'] = $_POST['chosenPath'];
// Now let's fix that if we need to
// Ok, now that we've got the URL let's refresh the parent and close this window
echo '<body onload="opener.location.href=\'' . urlize($link) . '\';window.close();">';
exit;
}
}
/**
* Delete a single draft.
*
* Redirects user back to Index unless DeliveryType is set.
*
* @since 2.0.0
* @access public
*
* @param int $DraftID Unique ID of draft to be deleted.
* @param string $TransientKey Single-use hash to prove intent.
*/
public function delete($DraftID = '', $TransientKey = '')
{
$Form = Gdn::factory('Form');
$Session = Gdn::session();
if (is_numeric($DraftID) && $DraftID > 0) {
$Draft = $this->DraftModel->getID($DraftID);
}
if ($Draft) {
if ($Session->validateTransientKey($TransientKey) && (val('InsertUserID', $Draft) == $Session->UserID || checkPermission('Garden.Community.Manage'))) {
// Delete the draft
if (!$this->DraftModel->deleteID($DraftID)) {
$Form->addError('Failed to delete draft');
}
} else {
throw permissionException('Garden.Community.Manage');
}
} else {
throw notFoundException('Draft');
}
// Redirect
if ($this->_DeliveryType === DELIVERY_TYPE_ALL) {
$Target = GetIncomingValue('Target', '/drafts');
redirect($Target);
}
// Return any errors
if ($Form->errorCount() > 0) {
$this->setJson('ErrorMessage', $Form->errors());
}
// Render default view
$this->render();
}