<?php
include 'include.php';
isAllowed();
if (!isset($_GET['id'])) {
setFlash("action impossible.", "danger");
redirect("accueil.php");
die;
}
$follower = $_SESSION['profil']['id'];
$following = $_GET['id'];
$follow = unfollow($follower, $following);
if ($follow == 400) {
setFlash("action impossible.", "danger");
redirect('acceuil.php');
} elseif ($follow == 500) {
setFlash('Nos services sont en panne, nous faisons notre possible pour régler le problème.', 'danger');
redirect('serveur_down.php');
} elseif ($follow == 200) {
setFlash("Cette personne a bien été retiré de vos abonnements");
redirect('profil.php?id=' . $following);
} else {
setFlash('Nos services sont en panne, nous faisons notre possible pour régler le problème.', 'danger');
redirect('serveur_down.php');
}
<body>
<?php
function isAllowed()
{
$OK = $_GET['passwort'] == "123456";
if ($OK) {
return true;
} else {
return false;
}
}
if (isAllowed()) {
?>
<h1>Bestellungen</h1>
<?php
include "res/plist.php";
?>
<table border="0">
<tr bgcolor="#cccccc"><td>Name</td>
<td>Vorname</td>
<td>Adresse</td>
<td>Plz</td>
<td>Ort</td>
<td>Tel.</td>
if ($role != $row['role']) {
// Update role
echo 'Updating user <b>' . $handle . '</b> ...<br />';
$result = $dbh->execute($update, array($role, $handle, $id));
}
}
}
$pear_rest->savePackageMaintainerREST($package);
$url = $self;
if (!empty($_GET['pid'])) {
$url .= "?pid=" . urlencode(strip_tags($_GET['pid']));
}
echo '<br /><b>Done</b><br />';
echo '<a href="' . $url . '">Back</a>';
} else {
if (!isAllowed($id)) {
PEAR::raiseError("Only the lead maintainer of the package or PEAR\n administrators can edit the maintainers.");
response_footer();
exit;
}
$package = htmlentities($dbh->getOne('SELECT name FROM packages WHERE id=?', array($id)), ENT_QUOTES);
$bb = new BorderBox("Manage maintainers for {$package}", "100%");
echo '<script src="/javascript/package-maintainers.js" type="text/javascript"></script>';
echo '<form onSubmit="beforeSubmit()" name="form" method="get" action="' . $self . '">';
echo '<input type="hidden" name="update" value="yes" />';
echo '<input type="hidden" name="pid" value="' . $id . '" />';
echo '<table border="0" cellpadding="0" cellspacing="4" border="0" width="100%">';
echo '<tr>';
echo ' <th>All users:</th>';
echo ' <th></th>';
echo ' <th>Package maintainers:</th>';
<?php
/**
* autoload.php has common logic for the framework
*/
include dirname(__FILE__) . '/../autoload.php';
?>
<?php
$jpmContent = '';
$actionInstance = NULL;
try {
$actionInstance = new $_SESSION['url_action']();
if (method_exists($actionInstance, $_SESSION['url_task'])) {
if (isAllowed(array($actionInstance->myModuleName()), $_SESSION['url_sub_task'])) {
$jpmContent .= $actionInstance->{$_SESSION['url_task']}($urlArgsArray);
} else {
$jpmContent .= 'Sorry, No Access Please';
}
} else {
echo 'invalid task ' . $_SESSION['url_task'];
}
} catch (Exception $e) {
echo 'invalid action ' . $_SESSION['url_action'] . $e->getMessage();
}
?>
<?php
/**
* This is main home page code file, it has scheme based on domain name seperate home page is loaded
<?php
$userMenu = new PipeMenu();
if ($loguserid) {
$userMenu->add(new PipeMenuHtmlEntry(userLink($loguser)));
if (isAllowed("editProfile")) {
$userMenu->add(new PipeMenuLinkEntry(__("Edit profile"), "editprofile", "", "", "pencil"));
}
if (isAllowed("viewPM")) {
$userMenu->add(new PipeMenuLinkEntry(__("Private messages"), "private", "", "", "envelope"));
}
if (isAllowed("editMoods")) {
$userMenu->add(new PipeMenuLinkEntry(__("Mood avatars"), "editavatars", "", "", "picture"));
}
$bucket = "bottomMenu";
include "./lib/pluginloader.php";
if (!isset($_POST['id']) && isset($_GET['id'])) {
$_POST['id'] = (int) $_GET['id'];
}
if (isset($user_panel)) {
echo $user_panel;
}
$userMenu->add(new PipeMenuLinkEntry(__("Log out"), "", "", "", "signout", "document.forms[0].submit(); return false;"));
} else {
$userMenu->add(new PipeMenuLinkEntry(__("Register"), "register", "", "", "user"));
$userMenu->add(new PipeMenuLinkEntry(__("Log in"), "login", "", "", "signin"));
}
$layout_userpanel = $userMenu;
<?php
if (isAllowed("viewAvatars")) {
$navigation->add(new PipeMenuLinkEntry(__("Avatars"), "avatarlibrary"));
}
$command = isset($_GET['command']) ? strtolower($_GET['command']) : '';
require 'vendor/autoload.php';
require 'config.php';
use Aws\Common\Enum\DateFormat;
use Aws\S3\Model\MultipartUpload\UploadId;
use Aws\S3\S3Client;
$client = S3Client::factory(array('key' => AWS_KEY, 'secret' => AWS_SECRET));
function isAllowed()
{
//wow, what a validator :P
//WARNING: this is just a demonstration, convert it to your own need
return $_REQUEST['otherInfo']['user'] == 'user' && $_REQUEST['otherInfo']['pass'] == 'pass';
}
switch ($command) {
case 'createmultipartupload':
if (!isAllowed()) {
header(' ', true, 403);
die('You are not authorized');
}
/* @var $multipartUploadModel UploadId */
$model = $client->createMultipartUpload(array('Bucket' => BUCKET_NAME, 'Key' => $_REQUEST['fileInfo']['name'], 'ContentType' => $_REQUEST['fileInfo']['type'], 'Metadata' => $_REQUEST['fileInfo']));
sendJson(array('uploadId' => $model->get('UploadId'), 'key' => $model->get('Key')));
break;
case 'signuploadpart':
$command = $client->getCommand('UploadPart', array('Bucket' => BUCKET_NAME, 'Key' => $_REQUEST['sendBackData']['key'], 'UploadId' => $_REQUEST['sendBackData']['uploadId'], 'PartNumber' => $_REQUEST['partNumber'], 'ContentLength' => $_REQUEST['contentLength']));
$request = $command->prepare();
// This dispatch commands wasted a lot of my times :'(
$client->dispatch('command.before_send', array('command' => $command));
$request->removeHeader('User-Agent');
$request->setHeader('x-amz-date', gmdate(DateFormat::RFC2822));
// This dispatch commands wasted a lot of my times :'(
<?php
$navigation = new PipeMenu();
if ($loguser['powerlevel'] >= 3 && isAllowed("viewAdminRoom")) {
$navigation->add(new PipeMenuLinkEntry(__("Admin"), "admin", "", "", "cogs"));
}
$bucket = "topMenuStart";
include "./lib/pluginloader.php";
$navigation->add(new PipeMenuLinkEntry(Settings::get("menuMainName"), "board", "", "", "home"));
if (isAllowed("viewMembers")) {
$navigation->add(new PipeMenuLinkEntry(__("Member list"), "memberlist", "", "", "group"));
}
if (isAllowed("viewRanks")) {
$navigation->add(new PipeMenuLinkEntry(__("Ranks"), "ranks", "", "", "trophy"));
}
if (isAllowed("viewOnline")) {
$navigation->add(new PipeMenuLinkEntry(__("Online users"), "online", "", "", "eye-open"));
}
if (isAllowed("search")) {
$navigation->add(new PipeMenuLinkEntry(__("Search"), "search", "", "", "search"));
}
$navigation->add(new PipeMenuLinkEntry(__("Last posts"), "lastposts", "", "", "reorder"));
$bucket = "topMenu";
include "./lib/pluginloader.php";
$layout_navigation = $navigation;
<?php
if (isAllowed("viewUploader")) {
$navigation->add(new PipeMenuLinkEntry(__("Uploader"), "uploader", "", "", "cloud-upload"));
}
//Checking if resource access available
if (isset($privilegesAvailable[$resource]) && true === $privilegesAvailable[$resource]) {
return true;
}
return false;
}
/**
* It is method that will check whether the user has permission
*
* @param string $resource resource name
* @param string $permission permission type
* @return boolean
*/
function isAllowed($resource, $privilege = '')
{
$privilegesAvailable = $_SESSION['privilegedInfo']['privileges'];
$privilegeToCheck = $resource . "-" . $privilege;
//Checking if all access permission or current action access permission
if (isset($privilegesAvailable[$resource . "-" . "all"]) && true === $privilegesAvailable[$resource . "-" . "all"] || isset($privilegesAvailable[$privilegeToCheck]) && true === $privilegesAvailable[$privilegeToCheck]) {
return true;
}
return false;
}
//Checking access for current page
$path_parts = pathinfo($_SERVER['REQUEST_URI']);
$requestedResource = $path_parts['filename'];
$requestedAction = isset($_GET['action']) ? $_GET['action'] : '';
if (!isAllowed($requestedResource, $requestedAction)) {
$_SESSION['acl_message'] = 'Sorry! You do not have permission to access ' . $requestedResource . ' ' . $requestedAction;
header("Location: /dashboard.php");
}
<section id="sidebar">
<?php
if (isResourceAllowed($requestedResource)) {
if (isset($_SESSION["userid"])) {
?>
<h2><?php
echo ucfirst($requestedResource);
?>
Menu</h2>
<ul>
<?php
echo isAllowed($requestedResource, 'view') ? '<li><a href="/' . $requestedResource . '.php?action=view">View</a></li>' : '';
echo isAllowed($requestedResource, 'add') ? '<li><a href="/' . $requestedResource . '.php?action=add">Add</a></li>' : '';
echo isAllowed($requestedResource, 'edit') ? '<li><a href="/' . $requestedResource . '.php?action=edit">Edit</a></li>' : '';
echo isAllowed($requestedResource, 'delete') ? '<li><a href="/' . $requestedResource . '.php?action=delete">Delete</a></li>' : '';
?>
</ul>
<?php
}
}
?>
</section>
<div class="clear"></div>
<div class="clear"></div>
</section>
</div>
<?php
if (isAllowed("viewCalendar") && !$isBot) {
$navigation->add(new PipeMenuLinkEntry(__("Calendar"), "calendar", "", "", "calendar"));
}
die("Invalid package or method");
}
//initialize database adapter
$dbAdapter = new Zend_Db_Adapter_Pdo_Mysql(array('host' => DB_HOST, 'dbname' => DB_NAME, 'username' => DB_USER, 'password' => DB_PASSWORD, 'charset' => 'utf8'));
Zend_Db_Table::setDefaultAdapter($dbAdapter);
session_start();
$userId = isset($_SESSION['userId']) ? $_SESSION['userId'] : null;
if (!empty($userId)) {
$userTable = new Zend_Db_Table('User');
$currentUser = $userTable->fetchRow($userTable->select()->from($userTable, array('id', 'email', 'fullname', 'isSupporter'))->where('id = ?', $userId));
if (!empty($currentUser)) {
Zend_Registry::set('currentUser', $currentUser);
}
}
include_once 'acl.php';
$code = isAllowed($packageName, $methodName);
if ($code != 200) {
header("HTTP/1.1 {$code} " . httpStatusCode($code));
die;
}
//init the handler instance from packageName
$packagePath = implode(DIRECTORY_SEPARATOR, array(DIR_ROOT, 'handlers', $packageName)) . '.php';
if (!file_exists($packagePath)) {
header('HTTP/1.1 404 Not Found');
die("{$pkgName} is not found!");
}
include_once $packagePath;
$handlerClass = new $packageName();
$results = null;
if (!is_callable(array($handlerClass, $methodName))) {
header('HTTP/1.1 404 Not Found');