function secureArea($group) { global $SETTINGS; if (!isUserInRole($group)) { setError('Du besitzt nicht die nötigen Rechte!'); header("location: {$SETTINGS['url']}/"); exit; } }
function reportCard(node) { window.open("matchcard.php?id=" + node); } <?php } } $crud = new MatchCrud(); $crud->dialogwidth = 450; $crud->title = "Match Details"; $crud->allowAdd = false; $crud->allowEdit = isUserInRole("SUPERUSER"); $crud->allowRemove = false; $crud->allowFilter = false; $crud->allowView = false; $crud->table = "{$_SESSION['DB_PREFIX']}matchdetails"; if (isUserInRole("ADMIN")) { $crud->sql = "SELECT A.*, A.id AS uniqueid,\n\t\t\t\t\t B.name AS refereename, C.age,\n\t\t\t\t\t C.name AS submittedteamname\n\t\t\t\t\t FROM {$_SESSION['DB_PREFIX']}matchdetails A\n\t\t\t\t\t LEFT OUTER JOIN {$_SESSION['DB_PREFIX']}referee B\n\t\t\t\t\t ON B.id = A.refereeid\n\t\t\t\t\t LEFT OUTER JOIN {$_SESSION['DB_PREFIX']}teamagegroup C\n\t\t\t\t\t ON C.id = A.teamid\n\t\t\t\t\t ORDER BY A.id DESC"; } else { if (isUserInRole("SECRETARY")) { $clubid = getLoggedOnClubID(); $crud->sql = "SELECT A.*, A.id AS uniqueid,\n\t\t\t\t\t B.name AS refereename, C.age,\n\t\t\t\t\t C.name AS submittedteamname\n\t\t\t\t\t FROM {$_SESSION['DB_PREFIX']}matchdetails A\n\t\t\t\t\t LEFT OUTER JOIN {$_SESSION['DB_PREFIX']}referee B\n\t\t\t\t\t ON B.id = A.refereeid\n\t\t\t\t\t LEFT OUTER JOIN {$_SESSION['DB_PREFIX']}teamagegroup C\n\t\t\t\t\t ON C.id = A.teamid\n\t\t\t\t\t WHERE C.teamid = {$clubid};\n\t\t\t\t\t ORDER BY A.id DESC"; } else { $teamid = getLoggedOnTeamID(); $crud->sql = "SELECT A.*, A.id AS uniqueid,\n\t\t\t\t\t B.name AS refereename, C.age,\n\t\t\t\t\t C.name AS submittedteamname\n\t\t\t\t\t FROM {$_SESSION['DB_PREFIX']}matchdetails A\n\t\t\t\t\t LEFT OUTER JOIN {$_SESSION['DB_PREFIX']}referee B\n\t\t\t\t\t ON B.id = A.refereeid\n\t\t\t\t\t LEFT OUTER JOIN {$_SESSION['DB_PREFIX']}teamagegroup C\n\t\t\t\t\t ON C.id = A.teamid\n\t\t\t\t\t WHERE A.teamid = {$teamid};\n\t\t\t\t\t ORDER BY A.id DESC"; } } $crud->columns = array(array('name' => 'matchdate', 'length' => 12, 'datatype' => 'date', 'label' => 'Match Date'), array('name' => 'ageref', 'function' => 'ageReference', 'sortcolumn' => 'C.age', 'type' => 'DERIVED', 'length' => 10, 'editable' => false, 'bind' => false, 'filter' => false, 'label' => 'Age Group'), array('name' => 'division', 'length' => 17, 'label' => 'Division / Group', 'type' => 'COMBO', 'options' => array(array('value' => 'X', 'text' => 'N/A'), array('value' => 'P', 'text' => 'Premier'), array('value' => '1', 'text' => '1'), array('value' => '2', 'text' => '2'), array('value' => '3', 'text' => '3'), array('value' => '4', 'text' => '4'), array('value' => '5', 'text' => '5'), array('value' => '6', 'text' => '6'), array('value' => 'A', 'text' => 'A'), array('value' => 'B', 'text' => 'B'), array('value' => 'C', 'text' => 'C'), array('value' => 'D', 'text' => 'D'), array('value' => 'E', 'text' => 'E'), array('value' => 'F', 'text' => 'F'), array('value' => 'G', 'text' => 'G'), array('value' => 'H', 'text' => 'H'))), array('name' => 'leaguecup', 'length' => 15, 'label' => 'Competition', 'type' => 'COMBO', 'options' => array(array('value' => 'L', 'text' => 'League'), array('value' => 'N', 'text' => 'Combination'), array('value' => 'C', 'text' => 'Challenge Cup'), array('value' => 'T', 'text' => 'Challenge Trophy'))), array('name' => 'hometeam', 'length' => 28, 'editable' => false, 'bind' => false, 'label' => 'Home Team'), array('name' => 'hometeamscore', 'length' => 5, 'align' => 'center', 'label' => 'Score'), array('name' => 'opposition', 'length' => 28, 'editable' => false, 'bind' => false, 'label' => 'Away Team'), array('name' => 'awayteamscore', 'length' => 5, 'align' => 'center', 'label' => 'Score'), array('name' => 'id', 'length' => 5, 'filter' => false, 'bind' => false, 'editable' => false, 'pk' => true, 'label' => 'ID'), array('name' => 'teamid', 'type' => 'DATACOMBO', 'length' => 28, 'label' => 'Submitted By Team', 'table' => 'teamagegroup', 'required' => true, 'table_id' => 'id', 'alias' => 'submittedteamname', 'table_name' => 'name')); $crud->subapplications = array(array('title' => 'Match Result Form', 'imageurl' => 'images/print.png', 'script' => 'reportCard')); $crud->run();
<tr> <td>Confirm Password </td> <td><input name="cpassword" type="password" class="textfield" id="cpassword" /></td> </tr> <tr> <td> </td> <td> <span class="wrapper"><a class='link1' href="javascript:if (verify()) $('#loginForm').submit();"><em><b>Update</b></em></a></span> </td> </tr> </table> <script> $(document).ready( function() { <?php if ($memberid != $_SESSION['SESS_MEMBER_ID'] && !isUserInRole("ADMIN")) { ?> $("#fname").attr("disabled", true); $("#lname").attr("disabled", true); $("#email").attr("disabled", true); <?php } ?> $(".pwd").blur(verifypassword); $("#cpassword").blur(verifycpassword); $("#fname").focus(); }); function verify() {
require_once 'lib/login.php'; require_once 'lib/voc.php'; if (!connect_mysql()) { exit; } include 'lib/loginfilter.php'; secureArea('user'); if (!isset($_GET['id'])) { header("location: {$SETTINGS['url']}/"); exit; } $id = $_GET['id']; $nav = array('Synonyme ändern' => substr($_SERVER['REQUEST_URI'], strlen($SETTINGS['path']))); include 'lib/navbar.php'; $voc = getVocByID($id); if ($voc === false || !isUserInRole('admin') && $voc->deleted == 'yes') { setError('Wort nicht in der Datenbank vorhanden!'); header("location: {$SETTINGS['url']}/"); exit; } $vocs = getVocsByGerman($voc->german); $rows = ''; foreach ($vocs as $voc) { $german = htmlspecialchars($voc->german, 0, 'UTF-8'); $english = htmlspecialchars($voc->english, 0, 'UTF-8'); $id = $voc->id; $rows .= <<<EOT \t\t<tr> \t\t\t<td><a href="{$SETTINGS['path']}/mod/{$id}">{$german}</a></td> \t\t\t<td><a href="{$SETTINGS['path']}/mod/{$id}">{$english}</a></td> \t\t</tr>
} else { if (isset($_GET['sessionid'])) { $qry = "SELECT A.*, DATE_FORMAT(A.createddate, '%d/%m/%Y') AS createddate, " . "DATE_FORMAT(A.lastmodifieddate, '%d/%m/%Y') AS lastmodifieddate, " . "B.firstname, B.lastname " . "FROM {$_SESSION['DB_PREFIX']}documents A " . "INNER JOIN {$_SESSION['DB_PREFIX']}members B " . "ON B.member_id = A.createdby " . "WHERE A.sessionid = '" . $_GET['sessionid'] . "' " . "ORDER BY A.id"; } else { $qry = "SELECT A.*, DATE_FORMAT(A.createddate, '%d/%m/%Y') AS createddate, " . "DATE_FORMAT(A.lastmodifieddate, '%d/%m/%Y') AS lastmodifieddate, " . "B.firstname, B.lastname," . "C.prefix, C.id AS quoteid, C.status " . "FROM {$_SESSION['DB_PREFIX']}documents A " . "INNER JOIN {$_SESSION['DB_PREFIX']}members B " . "ON B.member_id = A.createdby " . "INNER JOIN {$_SESSION['DB_PREFIX']}trainingcode C " . "ON C.id = A.headerid " . $where . " " . "ORDER BY A.id"; } } $result = mysql_query($qry); if (!$result) { logError("Error: " . mysql_error()); } //Check whether the query was successful or not if ($result) { while ($member = mysql_fetch_assoc($result)) { echo "<tr>\n"; if (isUserInRole("ADMIN")) { echo "<td width='20px' title='Delete' onclick='deleteDocument(" . $member['id'] . ")'><img src='images/delete.png' /></td>\n"; } else { echo "<td width='20px'> </td>\n"; } if ($member['name'] == null || trim($member['name']) == "") { echo "<td><a target='_new' href='viewdocuments.php?id=" . $member['id'] . "'>" . $member['filename'] . "</a></td>\n"; } else { echo "<td><a target='_new' href='viewdocuments.php?id=" . $member['id'] . "'>" . $member['name'] . "</a></td>\n"; } echo "<td>" . $member['filename'] . "</td>\n"; echo "<td>" . $member['size'] . "</td>\n"; echo "<td>" . $member['createddate'] . "</td>\n"; echo "<td>" . $member['firstname'] . " " . $member['lastname'] . "</td>\n"; echo "</tr>\n"; }
public function run() { for ($i = 0; $i < count($this->subapplications); $i++) { $this->subapplications[$i] = array_merge($this->defaultsubappcolumn, $this->subapplications[$i]); } for ($i = 0; $i < count($this->applications); $i++) { $this->applications[$i] = array_merge($this->defaultappcolumn, $this->applications[$i]); } for ($i = 0; $i < count($this->columns); $i++) { $this->columns[$i] = array_merge($this->defaultcolumn, $this->columns[$i]); if ($this->columns[$i]['type'] == "GEOLOCATION") { $this->geolocation = true; } if ($this->columns[$i]['viewname'] == "") { $this->columns[$i]['viewname'] = $this->columns[$i]['name']; } if ($this->columns[$i]['viewname'] == "id") { $this->columns[$i]['viewname'] = "uniqueid"; } if ($this->columns[$i]['pk'] == true) { $this->pkName = $this->columns[$i]['name']; $this->pkViewName = $this->columns[$i]['viewname']; } if ($this->columns[$i]['sortby'] == true) { $this->orderColumn = $this->columns[$i]['name']; } if ($this->columns[$i]['role'] != null) { $allowed = false; foreach ($this->columns[$i]['role'] as $roleid) { if (isUserInRole($roleid)) { $allowed = true; break; } } if (!$allowed) { $this->columns[$i]['showInView'] = false; $this->columns[$i]['editable'] = false; $this->columns[$i]['filter'] = false; } } } if ($this->geolocation) { foreach ($this->columns as $col) { if ($col['type'] == 'GEOLOCATION') { $this->columns[count($this->columns)] = array_merge($this->defaultcolumn, array('name' => $col['name'] . '_lat', 'datatype' => 'float', 'length' => 10, 'required' => false, 'showInView' => false, 'hidden' => true, 'label' => 'Latitude')); $this->columns[count($this->columns)] = array_merge($this->defaultcolumn, array('name' => $col['name'] . '_lng', 'datatype' => 'float', 'length' => 10, 'showInView' => false, 'required' => false, 'hidden' => true, 'label' => 'Longtitude')); } } } for ($i = 0; $i < count($this->columns); $i++) { foreach ($this->columns[$i]['associatedcolumns'] as $associated) { for ($j = 0; $j < count($this->columns); $j++) { if ($associated == $this->columns[$j]['name']) { $this->columns[$j]['associated'] = true; } } } } if ($this->orderColumn == "") { $this->orderColumn = $this->columns[0]['name']; } $this->preCommandEvent(); if (isset($_POST['crudcmd'])) { if ($_POST['crudcmd'] == "update") { $this->update($_POST['crudid']); $this->triggerRefresh(); } else { if ($_POST['crudcmd'] == "insert") { $this->insert(); $this->triggerRefresh(); } else { if ($_POST['crudcmd'] == "filtersave") { $this->filterSave(); $this->view(); } else { if ($_POST['crudcmd'] == "filter") { $this->fromrow = 0; $this->torow = $this->pagesize; $this->autoPopulate = true; $this->view(); } else { $_POST['crudcmd']($this); if ($_POST['triggerrefresh'] != "") { $this->triggerRefresh(); } } } } } mysql_query("COMMIT"); } else { $this->view(); } }
function redirectWithoutRole($role, $location) { start_db(); initialise_db(); if (!isUserInRole($role)) { header("location: {$location}"); } }
false ); } ); function validatePlayerForm() { if (parseFloat($("#registrationnumber").val().substring(0, 2)) != agegroup) { pwAlert("Registration number does match the age group of under " + agegroup + "'s"); return false; } } function editDocuments(node) { viewDocument(node, "addplayerdocument.php", node, "playerdocs", "playerid"); } <?php } } $agegroupid = $_GET['id']; $crud = new PlayerCrud(); $crud->dialogwidth = 450; $crud->title = "Players"; $crud->allowFilter = false; $crud->allowAdd = isUserInRole("TEAM"); $crud->allowEdit = isUserInRole("TEAM"); $crud->allowRemove = isUserInRole("TEAM"); $crud->validateForm = "validatePlayerForm"; $crud->table = "{$_SESSION['DB_PREFIX']}player"; $crud->sql = "SELECT A.*, B.name AS teamname, C.name AS clubname\n\t\t\t\t FROM {$_SESSION['DB_PREFIX']}player A\n\t\t\t\t INNER JOIN {$_SESSION['DB_PREFIX']}teamagegroup B\n\t\t\t\t ON B.id = A.agegroupid\n\t\t\t\t INNER JOIN {$_SESSION['DB_PREFIX']}team C\n\t\t\t\t ON C.id = B.teamid\n\t\t\t\t WHERE A.agegroupid = {$agegroupid}\n\t\t\t\t ORDER BY A.firstname, A.lastname"; $crud->columns = array(array('name' => 'id', 'viewname' => 'uniqueid', 'length' => 6, 'showInView' => false, 'filter' => false, 'bind' => false, 'editable' => false, 'pk' => true, 'label' => 'ID'), array('name' => 'agegroupid', 'datatype' => 'integer', 'length' => 6, 'showInView' => false, 'filter' => false, 'editable' => false, 'default' => $agegroupid, 'label' => 'Team'), array('name' => 'clubname', 'length' => 28, 'editable' => false, 'bind' => false, 'label' => 'Club'), array('name' => 'teamname', 'length' => 28, 'editable' => false, 'bind' => false, 'label' => 'Team'), array('name' => 'firstname', 'length' => 15, 'label' => 'First Name'), array('name' => 'lastname', 'length' => 15, 'label' => 'Last Name'), array('name' => 'registrationnumber', 'length' => 30, 'label' => 'Registration Number')); $crud->run();
function editDocuments(node) { viewDocument(node, "addleveldocument.php", node, "teamagegroupdocs", "agegroupid"); } <?php } } $crud = new TeamCrud(); if (isset($_GET['id'])) { $teamid = $_GET['id']; $crud->sql = "SELECT A.*, C.name AS clubname,\n\t\t\t\t\t (SELECT B.fullname FROM {$_SESSION['DB_PREFIX']}members B WHERE B.teamid = A.id ORDER BY member_id LIMIT 1) AS fullname,\n\t\t\t\t\t (SELECT C.email FROM {$_SESSION['DB_PREFIX']}members C WHERE C.teamid = A.id ORDER BY member_id LIMIT 1) AS email,\n\t\t\t\t\t (SELECT D.landline FROM {$_SESSION['DB_PREFIX']}members D WHERE D.teamid = A.id ORDER BY member_id LIMIT 1) AS telephone\n\t\t\t\t\t FROM {$_SESSION['DB_PREFIX']}teamagegroup A\n\t\t\t\t\t INNER JOIN {$_SESSION['DB_PREFIX']}team C\n\t\t\t\t\t ON C.id = A.teamid\n\t\t\t\t\t WHERE A.teamid = {$teamid}\n\t\t\t\t\t ORDER BY A.age"; } else { if (isUserInRole("SECRETARY")) { $clubid = getLoggedOnClubID(); $crud->sql = "SELECT A.*, C.name AS clubname,\n\t\t\t\t\t (SELECT B.fullname FROM {$_SESSION['DB_PREFIX']}members B WHERE B.teamid = A.id ORDER BY member_id LIMIT 1) AS fullname,\n\t\t\t\t\t (SELECT C.email FROM {$_SESSION['DB_PREFIX']}members C WHERE C.teamid = A.id ORDER BY member_id LIMIT 1) AS email,\n\t\t\t\t\t (SELECT D.landline FROM {$_SESSION['DB_PREFIX']}members D WHERE D.teamid = A.id ORDER BY member_id LIMIT 1) AS telephone\n\t\t\t\t\t FROM {$_SESSION['DB_PREFIX']}teamagegroup A\n\t\t\t\t\t INNER JOIN {$_SESSION['DB_PREFIX']}team C\n\t\t\t\t\t ON C.id = A.teamid\n\t\t\t\t\t WHERE A.teamid = {$clubid}\n\t\t\t\t\t ORDER BY A.age"; } else { $teamid = getLoggedOnTeamID(); $crud->sql = "SELECT A.*, C.name AS clubname,\n\t\t\t\t\t (SELECT B.fullname FROM {$_SESSION['DB_PREFIX']}members B WHERE B.teamid = A.id ORDER BY member_id LIMIT 1) AS fullname,\n\t\t\t\t\t (SELECT C.email FROM {$_SESSION['DB_PREFIX']}members C WHERE C.teamid = A.id ORDER BY member_id LIMIT 1) AS email,\n\t\t\t\t\t (SELECT D.landline FROM {$_SESSION['DB_PREFIX']}members D WHERE D.teamid = A.id ORDER BY member_id LIMIT 1) AS telephone\n\t\t\t\t\t FROM {$_SESSION['DB_PREFIX']}teamagegroup A\n\t\t\t\t\t INNER JOIN {$_SESSION['DB_PREFIX']}team C\n\t\t\t\t\t ON C.id = A.teamid\n\t\t\t\t\t WHERE A.id = {$teamid}\n\t\t\t\t\t ORDER BY A.age"; } } $crud->dialogwidth = 450; $crud->allowFilter = false; $crud->allowAdd = isUserInRole("ADMIN"); $crud->allowEdit = isUserInRole("ADMIN"); $crud->allowRemove = isUserInRole("ADMIN"); $crud->title = "Teams"; $crud->table = "{$_SESSION['DB_PREFIX']}teamagegroup"; $crud->columns = array(array('name' => 'id', 'viewname' => 'uniqueid', 'length' => 6, 'showInView' => false, 'filter' => false, 'bind' => false, 'editable' => false, 'pk' => true, 'label' => 'ID'), array('name' => 'clubname', 'length' => 28, 'editable' => false, 'bind' => false, 'label' => 'Club'), array('name' => 'name', 'length' => 28, 'label' => 'Team'), array('name' => 'teamid', 'length' => 28, 'default' => $_GET['id'], 'label' => 'Team', 'showInView' => false, 'editable' => false), array('name' => 'age', 'type' => 'COMBO', 'onchange' => 'age_onchange', 'options' => array(array('value' => '7', 'text' => 'Under 7'), array('value' => '8', 'text' => 'Under 8'), array('value' => '9', 'text' => 'Under 9'), array('value' => '10', 'text' => 'Under 10'), array('value' => '11', 'text' => 'Under 11'), array('value' => '12', 'text' => 'Under 12'), array('value' => '13', 'text' => 'Under 13'), array('value' => '14', 'text' => 'Under 14'), array('value' => '15', 'text' => 'Under 15'), array('value' => '16', 'text' => 'Under 16'), array('value' => '17', 'text' => 'Under 17'), array('value' => '18', 'text' => 'Under 18')), 'length' => 15, 'label' => 'Age Group'), array('name' => 'fullname', 'length' => 25, 'readonly' => true, 'bind' => false, 'required' => false, 'label' => 'Manager'), array('name' => 'email', 'length' => 40, 'bind' => false, 'readonly' => true, 'required' => false, 'label' => 'Email'), array('name' => 'telephone', 'length' => 12, 'readonly' => true, 'bind' => false, 'required' => false, 'label' => 'Telephone')); $crud->subapplications = array(array('title' => 'Players', 'imageurl' => 'images/team.png', 'application' => 'players.php'), array('title' => 'Managers', 'imageurl' => 'images/team.png', 'application' => 'clubmanagers.php'), array('title' => 'Log In', 'imageurl' => 'images/lock.png', 'script' => 'login')); $crud->run();
<?php require_once 'lib/settings.php'; require_once 'lib/db.php'; require_once 'lib/users.php'; require_once 'lib/session.php'; require_once 'lib/login.php'; require_once 'lib/voc.php'; if (!connect_mysql()) { exit; } include 'lib/loginfilter.php'; include 'lib/navbar.php'; $isAdmin = isUserInRole('admin'); $isUser = isUserInRole('user'); $voc = getVoc($isAdmin); $table = ''; if ($voc === false) { setError('Fehler beim Abrufen der Vokabeln'); } else { if (count($voc) == 0) { setError('Keine Vokabeln vorhanden'); } else { $xhdr = $isAdmin ? '<th>Ersteller</th>' : ''; $xhdr = $isUser ? "<th></th>{$xhdr}<th class=\"time\">Datum</th>" : ''; $top = "<tr><th>Englisch</th><th>Deutsch</th>{$xhdr}</tr>"; $rows = ''; foreach ($voc as $v) { $id = htmlspecialchars($v->id); $german = htmlspecialchars($v->german, 0, 'UTF-8'); $english = htmlspecialchars($v->english, 0, 'UTF-8');
<?php require_once 'lib/settings.php'; require_once 'lib/db.php'; require_once 'lib/users.php'; require_once 'lib/session.php'; require_once 'lib/login.php'; require_once 'lib/voc.php'; if (!connect_mysql()) { exit; } include 'lib/loginfilter.php'; $nav = array('Benutzer' => $_SERVER['REQUEST_URI']); include 'lib/navbar.php'; $isAdmin = isUserInRole('admin'); if (!$isAdmin) { setError('Du bist kein Administrator!'); header("location: {$SETTINGS['url']}/"); exit; } if (!isset($_GET['id'])) { header("location: {$SETTINGS['url']}/"); exit; } $userid = $_GET['id']; if (isset($_POST['lastname'])) { $newlastname = trim($_POST['lastname']); if (strlen($newlastname) < 2) { setError('Dein Nachname ist ungütig!'); } else { if (setLastName($userid, $newlastname)) {
{ /* Post header event. */ public function postHeaderEvent() { createDocumentLink(); } public function postScriptEvent() { ?> function editDocuments(node) { viewDocument(node, "addteamdocument.php", node, "teamdocs", "teamid"); } <?php } } $crud = new TeamCrud(); $crud->dialogwidth = 650; $crud->title = "Clubs"; $crud->allowFilter = false; $crud->allowEdit = isUserInRole("ADMIN"); $crud->allowRemove = isUserInRole("ADMIN"); $crud->allowAdd = isUserInRole("ADMIN"); $crud->table = "{$_SESSION['DB_PREFIX']}team"; $crud->sql = "SELECT A.*, \n\t\t\t\t (SELECT B.fullname FROM {$_SESSION['DB_PREFIX']}members B WHERE B.clubid = A.id ORDER BY member_id LIMIT 1) AS fullname,\n\t\t\t\t (SELECT C.email FROM {$_SESSION['DB_PREFIX']}members C WHERE C.clubid = A.id ORDER BY member_id LIMIT 1) AS email,\n\t\t\t\t (SELECT D.landline FROM {$_SESSION['DB_PREFIX']}members D WHERE D.clubid = A.id ORDER BY member_id LIMIT 1) AS telephone\n\t\t\t\t FROM {$_SESSION['DB_PREFIX']}team A\n\t\t\t\t ORDER BY A.name"; $crud->columns = array(array('name' => 'id', 'viewname' => 'uniqueid', 'length' => 6, 'showInView' => false, 'filter' => false, 'bind' => false, 'editable' => false, 'pk' => true, 'label' => 'ID'), array('name' => 'name', 'length' => 30, 'label' => 'Name'), array('name' => 'fullname', 'length' => 25, 'readonly' => true, 'required' => false, 'bind' => false, 'label' => 'Secretary'), array('name' => 'email', 'bind' => false, 'length' => 35, 'readonly' => true, 'required' => false, 'label' => 'Email'), array('name' => 'telephone', 'length' => 14, 'bind' => false, 'readonly' => true, 'required' => false, 'label' => 'Telephone')); $crud->subapplications = array(array('title' => 'Documents', 'imageurl' => 'images/document.gif', 'script' => 'editDocuments'), array('title' => 'Teams', 'imageurl' => 'images/team.png', 'application' => 'levels.php'), array('title' => 'Secretaries', 'imageurl' => 'images/team.png', 'application' => 'clubsecretaries.php')); $crud->run(); ?> ?>
<?php require_once "system-db.php"; start_db(); if (isUserInRole("TEAM")) { header("location: match.php"); } else { header("location: matchdetails.php"); }
<?php $elements = array(); if (isLoggedIn()) { $elements = array('Vokabelliste' => '/', 'Synonyme' => '/synonyms', 'Hinzufügen' => '/add', 'Trainer' => '/trainer', 'Statistik' => '/statistics', 'Einstellungen' => '/settings', 'Logout' => '/logout'); if (!isUserInRole('user')) { unset($elements['Hinzufügen']); } } else { $elements = array('Login' => '/', 'Anmeldung' => '/register', 'Vokabelliste' => '/print'); } if (!isset($nav)) { $nav = $elements; } else { foreach ($elements as $name => $value) { $nav[$name] = $value; } }
function getFilteredData($sql) { if (!isset($_SESSION['SITE_CONFIG'])) { return $sql; } $parser = new PHPSQLParser($sql); $tablealias = null; $data = getSiteConfigData(); foreach ($parser->parsed['FROM'] as $table) { if ($table['table'] == "horizon_members") { if ($table['alias'] != "") { $tablealias = $table['alias']['name']; } else { $tablealias = $table['table']; } } } // echo $sql . "\n"; // print_r($parser->parsed); if (!isset($parser->parsed['WHERE'])) { /* Create where clause. */ $parser->parsed['WHERE'] = array(); } else { /* Add to the where clause. */ $parser->parsed['WHERE'][] = array("expr_type" => "operator", "base_expr" => "AND", "sub_tree" => ""); } if (isUserInRole($data->adminrole) || isUserInRole($data->managementrole)) { /* Do nothing, access rights to all. */ return $sql; } if (isUserInRole($data->trainingmanagementrole)) { /* Not restricted by anything training related. * Page roles will prevent access to parts of the system * that are not appropriate to training management. */ return $sql; } if (isUserInRole($data->officeadminrole)) { /* Restricted to. * Personal details for APPRAISALS only. */ foreach ($parser->parsed['FROM'] as $table) { if ($table['table'] != "horizon_appraisal") { $parser->parsed['WHERE'][] = array("expr_type" => "colref", "base_expr" => $tablealias . ".member_id", "sub_tree" => ""); $parser->parsed['WHERE'][] = array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""); $parser->parsed['WHERE'][] = array("expr_type" => "const", "base_expr" => getLoggedOnMemberID(), "sub_tree" => ""); } } } if (isUserInRole($data->compliancerole)) { foreach ($parser->parsed['FROM'] as $table) { if ($table['table'] == "horizon_holiday") { /* Compliance don't restrict holidays */ return $sql; } } /* Restricted to. * All technicians and team leaders. */ $parser->parsed['WHERE'][] = array("expr_type" => "bracket_expression", "sub_tree" => array(array("expr_type" => "colref", "base_expr" => $tablealias . ".position", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => "'" . $data->technicianposition . "'", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "OR", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => $tablealias . ".position", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => "'" . $data->teamleaderposition . "'", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "OR", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => $tablealias . ".member_id", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => getLoggedOnMemberID(), "sub_tree" => ""))); } else { if (isUserInRole($data->regionalservicemanagerrole)) { /* Restricted to. * All personnel and team leaders. */ $parser->parsed['OPTIONS'][] = "DISTINCT"; $parser->parsed['FROM'][] = array("expr_type" => "table", "table" => "horizon_userteams", "alias" => array("as" => "", "name" => "horizon_userteams", "base_expr" => "horizon_userteams"), "join_type" => "JOIN", "ref_type" => "ON", "ref_clause" => array(array("expr_type" => "colref", "base_expr" => "horizon_userteams.memberid", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => getLoggedOnMemberID(), "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "OR", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => $tablealias . ".member_id", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => getLoggedOnMemberID(), "sub_tree" => ""))); $parser->parsed['WHERE'][] = array("expr_type" => "bracket_expression", "sub_tree" => array(array("expr_type" => "colref", "base_expr" => "horizon_userteams.teamid", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => $tablealias . ".teamid", "sub_tree" => ""))); } else { if (isUserInRole($data->officerole)) { $appraisal = false; foreach ($parser->parsed['FROM'] as $table) { if ($table['table'] == "horizon_appraisal") { /* Compliance don't restrict holidays */ $appraisal = true; } } if (!$appraisal) { return $sql; } /* Restricted to. * All technicians and team leaders. */ $parser->parsed['WHERE'][] = array("expr_type" => "bracket_expression", "sub_tree" => array(array("expr_type" => "colref", "base_expr" => $tablealias . ".position", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => "'" . $data->technicianposition . "'", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "OR", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => $tablealias . ".position", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => "'" . $data->teamleaderposition . "'", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "OR", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => $tablealias . ".member_id", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => getLoggedOnMemberID(), "sub_tree" => ""))); } else { if (isUserInRole($data->officemanagerrole)) { /* Restricted to. * All personnel and team leaders. */ $parser->parsed['OPTIONS'][] = "DISTINCT"; $parser->parsed['FROM'][] = array("expr_type" => "table", "table" => "horizon_userroles", "alias" => array("as" => "", "name" => "horizon_userroles", "base_expr" => "horizon_userroles"), "join_type" => "JOIN", "ref_type" => "ON", "ref_clause" => array(array("expr_type" => "colref", "base_expr" => "horizon_userroles.memberid", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => $tablealias . ".member_id", "sub_tree" => ""))); $parser->parsed['WHERE'][] = array("expr_type" => "bracket_expression", "sub_tree" => array(array("expr_type" => "colref", "base_expr" => "horizon_userroles.roleid", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => "'" . $data->officepersonnelrole . "'", "sub_tree" => ""))); } else { if (isUserInRole($data->teamleaderrole)) { /* Restricted to. * Team personnel and themselves. */ $parser->parsed['WHERE'][] = array("expr_type" => "colref", "base_expr" => $tablealias . ".teamid", "sub_tree" => ""); $parser->parsed['WHERE'][] = array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""); $parser->parsed['WHERE'][] = array("expr_type" => "const", "base_expr" => getLoggedOnTeamID(), "sub_tree" => ""); } else { if (isUserInRole($data->areacoordinatorrole)) { /* Restricted to. * Team personnel and themselves. */ $parser->parsed['WHERE'][] = array("expr_type" => "colref", "base_expr" => $tablealias . ".teamid", "sub_tree" => ""); $parser->parsed['WHERE'][] = array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""); $parser->parsed['WHERE'][] = array("expr_type" => "const", "base_expr" => getLoggedOnTeamID(), "sub_tree" => ""); } else { /* Restricted to. * Technician Level 1 – Personal details. */ $parser->parsed['WHERE'][] = array("expr_type" => "colref", "base_expr" => $tablealias . ".member_id", "sub_tree" => ""); $parser->parsed['WHERE'][] = array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""); $parser->parsed['WHERE'][] = array("expr_type" => "const", "base_expr" => getLoggedOnMemberID(), "sub_tree" => ""); } } } } } } $creator = new PHPSQLCreator($parser->parsed); $created = $creator->created; return $created; }
<?php require_once "crud.php"; class TeamCrud extends Crud { } $teamid = $_GET['id']; $crud = new TeamCrud(); $crud->dialogwidth = 650; $crud->title = "Club Managers"; $crud->allowFilter = false; $crud->allowEdit = false; $crud->allowRemove = isUserInRole("SECRETARY"); $crud->allowAdd = false; $crud->table = "{$_SESSION['DB_PREFIX']}members"; $crud->sql = "SELECT A.*, B.name\n\t\t\t\t FROM {$_SESSION['DB_PREFIX']}members A\n\t\t\t\t INNER JOIN {$_SESSION['DB_PREFIX']}teamagegroup B\n\t\t\t\t ON B.id = A.teamid\n\t\t\t\t WHERE A.teamid = {$teamid}\n\t\t\t\t ORDER BY A.firstname, A.lastname"; $crud->columns = array(array('name' => 'member_id', 'viewname' => 'uniqueid', 'length' => 6, 'showInView' => false, 'filter' => false, 'bind' => false, 'editable' => false, 'pk' => true, 'label' => 'ID'), array('name' => 'name', 'length' => 30, 'bind' => false, 'editable' => false, 'label' => 'Name'), array('name' => 'firstname', 'length' => 15, 'label' => 'First Name'), array('name' => 'lastname', 'length' => 15, 'label' => 'Last Name'), array('name' => 'email', 'length' => 40, 'label' => 'Email'), array('name' => 'telephone', 'length' => 12, 'label' => 'Contact Number')); $crud->run();