Beispiel #1
0
####################
# access denied
if (!$access) {
    ####### write log
    if ($site->fdat['op'] == 'new' || $site->fdat['op'] == 'copy') {
        $text = sprintf("Access denied: attempt to create group under restricted group ID = %s", $site->fdat['group_id']);
        new Log(array('action' => 'create', 'component' => 'User groups', 'type' => 'WARNING', 'message' => $text));
    } elseif ($site->fdat['op'] == 'delete') {
        new Log(array('action' => 'delete', 'component' => 'User groups', 'type' => 'WARNING', 'message' => $text));
        $text = sprintf("Access denied: attempt to delete group '%s' (ID = %s)", $group->name, $group->id);
    } else {
        new Log(array('action' => 'update', 'component' => 'User groups', 'type' => 'WARNING', 'message' => $text));
        $text = sprintf("Access denied: attempt to edit group '%s' (ID = %s)", $group->name, $group->id);
    }
    ####### print error html
    print_error_html(array("message" => $site->sys_sona(array(sona => "access denied", tyyp => "editor"))));
    ####### print debug
    if ($site->user) {
        $site->user->debug->print_msg();
    }
    if ($site->guest) {
        $site->guest->debug->print_msg();
    }
    $site->debug->print_msg();
    ########### EXIT
    exit;
}
# / ACCESS allowed/denied
###########################
# / PERMISSIONS CHECK
####################################
Beispiel #2
0
    foreach ($site->fdat as $name => $value) {
        $objekt->all[$name] = $value;
    }
    #echo printr($objekt->all);
}
###########################################
# Feature "Check IN/OUT"
if ($op == 'edit' && !$site->fdat['op2']) {
    $sql = $site->db->prepare("\r\n\t\t\tSELECT objekt.objekt_id, users.user_id, CONCAT(users.firstname,' ',users.lastname) AS name, users.username, users.email FROM objekt\r\n\t\t\tLEFT JOIN users ON users.user_id = objekt.check_in_admin_id\r\n\t\t\tWHERE check_in between date_sub(now(), interval 2 minute) and now()\r\n\t\t\tAND objekt_id=?", $objekt->objekt_id);
    $sth = new SQL($sql);
    $site->debug->msg("EDIT: " . $sth->debug->get_msgs());
    $changer = $sth->fetch();
    if ($sth->rows && $changer['username'] && $site->user->id != $changer['user_id']) {
        $checkin_msg = "<br>" . $site->sys_sona(array(sona => "Another editor is editing this document right now", tyyp => "editor")) . ": <br>" . $changer['name'] . " (" . $changer['username'] . ") <a href=\"mailto:" . $changer['email'] . "\">" . $changer['email'] . "</a>";
        ####### print error html
        print_error_html(array("message" => $checkin_msg));
        $site->debug->print_hash($site->fdat, 1, "FORM DATA");
        $site->debug->print_hash($objekt, 1, "Objekt");
        $site->debug->print_msg();
        exit;
    } else {
        $sql = $site->db->prepare("UPDATE objekt SET check_in=now(), check_in_admin_id=? WHERE objekt_id=?", $site->user->id, $objekt->objekt_id);
        $sth = new SQL($sql);
        $site->debug->msg("EDIT: " . $sth->debug->get_msgs());
    }
}
# SQL
# / Feature "Check IN/OUT"
###########################################
##################
# ONLOAD
Beispiel #3
0
/**
* FUNCTION delete_profile_field
* 
* Checks if this field is allowed actually to delete from table (execute drop field command);
* Profile field is not allowed to delete if one of following conditions is true:
*	- fields is predefined
*	- field doesn't exists in other profiles
*   - field is system field (minimum to operate with table)
*	
* returns 1/0
* 
* usage:
* $is_deleted = delete_profile_field(array(
*	"did" => $site->fdat['did'],
*	"profile" => $profile
* ));
*/
function delete_profile_field(){
	global $site;
	
	$args = @func_get_arg(0);
	
	$did = $args['did']; # profile field ID
	$profile = $args['profile']; # profile array, result of function "$site->get_profile"

	if(!$did) { return 0; } 
	if(!sizeof($profile)) { return 0; }

	$drop_denied = 0;

	$data = unserialize($profile['data']);
	## 1) deny deleting if field is predefined OR general object field
	if( $data[$did]['is_predefined'] || $data[$did]['is_general']) {
		$drop_denied = 1;
		$explanation = " - it's predefined";
	}

	## 2) field exists in other profiles?
	# get all profiles with same source table:
	$sql = $site->db->prepare("SELECT data FROM object_profiles WHERE source_table=? AND profile_id<>? ",$profile['source_table'],$profile['profile_id']);
	$sth = new SQL($sql);
	while($others = $sth->fetch()){
		$others_data = unserialize($others['data']);
		if(is_array($others_data)){
			$others_fields = array_keys($others_data);
			# if found field with same name
			if(in_array($did,$others_fields)){
				$drop_denied = 1;
				$explanation = " - found in another profile";
				continue;
			} 
		}
	}

	## 3) if field is system field (minimum to operate with table OR provided with default installation), then dont delete it
	if($profile['source_table'] == 'users') {
		$system_fields = array('user_id','group_id','email','is_predefined','profile_id','username','password','firstname','lastname','title','image','created_date','session_id','last_access_time','is_locked','idcode','address','postalcode','tel','pass_expires','autologin_ip','last_ip','account_nr','reference_nr','city','country','delivery_address','delivery_city','delivery_zip','delivery_country','contact_phone','contactperson','birthdate');
	}
	elseif($profile['source_table'] == 'groups') {
		$system_fields = array('group_id','name','parent_group_id','is_predefined','description','auth_type','auth_params','profile_id','tel','email');
	}
	elseif($profile['source_table'] == 'obj_dokument') {
		$system_fields = array('objekt_id','profile_id');
	}
	elseif($profile['source_table'] == 'obj_asset') {
		$system_fields = array('objekt_id','profile_id');
	}
	elseif($profile['source_table'] == 'obj_file') {
		$system_fields = array('objekt_id','profile_id','fullpath','relative_path','filename','mimetype','size','lastmodified','is_deleted');
	}
	elseif($profile['source_table'] == 'obj_folder') {
		$system_fields = array('objekt_id','profile_id','fullpath');
	}
	elseif($profile['source_table'] == 'obj_artikkel') {
		$system_fields = array('objekt_id','profile_id','lyhi','sisu','algus_aeg','lopp_aeg');
	}
	elseif(substr($prof_row['source_table'],0,4) == 'obj_') {
		$system_fields = array('objekt_id', 'profile_id');
	}

	# if field is system field:
	if( is_array($system_fields) ){
	if(in_array($did,$system_fields)){
		$drop_denied = 1;
		$explanation = " - it's system field";
	}
	} # is array

	#echo "did: ".$did." => denied:  ".$drop_denied;
	# if drop allowed

	if(!$drop_denied){
�+		$sql = "ALTER TABLE ".$profile['source_table']." DROP ".$did;
		$sth = new SQL($sql);
		if($sth->error){ $msg = $sth->error; $drop_denied = 1;}
	}
	else { $msg = "<br>Field '".$did."' was not deleted from table".$explanation; }

	if($drop_denied) {
		print_error_html(array(
			"message" => $msg,
			"close_js" => 'window.opener.location=window.opener.location;'
		));
	}

	# return 1 if successfully deleted, 0 otherwise	
	return !$drop_denied;

}