public function __construct($title = null)
{
parent::__construct($title);
$this->user = new PSUPerson($_SESSION['wp_id']);
$this->params = new FinaidParams();
$this->params['admin'] = IDMObject::authZ('permission', 'mis') || IDMObject::authZ('permission', 'finaid_myfinaid_admin');
$this->tpl->assign('params', $this->params);
$this->_init_person($this->params['id']);
$this->params['aid_year'] = $this->_init_aid_years($this->params['aid_year']);
//
// setup testing data
//
$this->testing = new FinaidTesting();
// admins can do test mode
if ($this->params['admin']) {
$this->params['testable'] = true;
}
if ($this->params['testable']) {
$this->testing->mock($this->target);
}
$this->tpl->assign('testing', $this->testing);
// Warn user about pending relationships, no more than once every 5 minutes
if ($this->params['warned-pending'] < time() - 300 && ($pending = $this->user->myrelationships->get('pending'))) {
$this->params['warned-pending'] = time();
$count = count($pending);
$_SESSION['warnings']['finaid-pending'] = sprintf('You have %d pending relationship%s. Please note that you can\'t see another person\'s financial aid information until your relationship with that person is confirmed. Visit <a href="http://go.plymouth.edu/familychannel">Family Access</a> for more details.', $count, $count == 1 ? '' : 's');
}
}
public static function from_idmobject()
{
$perm = new Permissions();
$grant = array();
if (\IDMObject::authZ('role', 'tcert')) {
$grant[] = 'tcert';
}
if (\IDMObject::authz('permission', 'tcert_admin')) {
$grant[] = 'admin';
}
if (\IDMObject::authz('permission', 'tcert_gatesystem_ug')) {
$grant[] = 'gatesystem_ug';
}
if (\IDMObject::authz('permission', 'tcert_gatesystem_gr')) {
$grant[] = 'gatesystem_gr';
}
if (\IDMObject::authz('permission', 'mis')) {
$grant[] = 'superadmin';
}
if (\IDMObject::authz('role', 'faculty')) {
$grant[] = 'faculty';
}
$perm->grant($grant);
$perm->pidm = $_SESSION['pidm'];
return $perm;
}
/**
* initializeSession
*
* Set up necessary session variables.
*/
function initializeSession()
{
if (!isset($_SESSION['errors'])) {
$_SESSION['errors'] = array();
}
if (!isset($_SESSION['messages'])) {
$_SESSION['messages'] = array();
}
$_SESSION['student'] = array();
$_SESSION['user_type'] = null;
$_SESSION['editing'] = true;
// first time through means we're editing
$_SESSION['ae_init'] = true;
$_SESSION['pidm'] = $GLOBALS['BannerIDM']->getIdentifier($_SESSION['username'], 'username', 'pidm');
if (IDMObject::authZ('permission', 'academic_excellence_admin')) {
$_SESSION['user_type'] = 'admin';
} else {
$gpa = $GLOBALS['BannerStudent']->getOverallGPA($_SESSION['pidm']);
$_SESSION['gpa'] = $gpa['r_gpa'];
unset($gpa);
if ($_SESSION['username'] == 'ambackstrom') {
$_SESSION['gpa'] = 3.5;
// DEBUG: always let student through
}
// they're 'aestudent' only if their gpa qualifies
if ($_SESSION['gpa'] < 3.5) {
return;
}
$_SESSION['user_type'] = 'aestudent';
$name = $GLOBALS['BannerStudent']->getName($_SESSION['pidm']);
$_SESSION['student']['full_name'] = sprintf('%s %s %s', $name['r_first_name'], $name['r_mi'], $name['r_last_name']);
$_SESSION['student']['first_name'] = $name['r_first_name'];
$_SESSION['student']['middle_name'] = $name['r_mi'];
$_SESSION['student']['last_name'] = $name['r_last_name'];
unset($name);
$student = AEStudent::getStudentData($_SESSION['pidm'], $GLOBALS['TERM']);
$_SESSION['student'] = array_merge($_SESSION['student'], $student);
// (confirmed != -1) means that they have already submitted the form in a previous session
if ($student['confirmed'] > -1) {
$_SESSION['editing'] = false;
}
}
}
/**
* Routing provided by klein.php (https://github.com/chriso/klein.php)
* Make some objects available elsewhere.
*/
respond(function ($request, $response, $app) {
PSU::session_start();
// force ssl + start a session
$GLOBALS['BASE_URL'] = '/app/address-verification';
$GLOBALS['TITLE'] = 'Address Verification';
$GLOBALS['TEMPLATES'] = PSU_BASE_DIR . '/app/address-verification/templates';
if (file_exists(PSU_BASE_DIR . '/debug/address-verification-debug.php')) {
include PSU_BASE_DIR . '/debug/address-verification-debug.php';
}
IDMObject::authN();
if (!IDMObject::authZ('permission', 'mis') && !IDMObject::authZ('role', 'address_verification')) {
die('You do not have access to this application.');
}
// get the logged in user
$app->user = PSUPerson::get($_SESSION['wp_id']);
// create template object
$app->tpl = new PSU\Template();
// assign user to template
$app->tpl->assign('user', $app->user);
});
respond('/', function ($request, $response, $app) {
$app->tpl->display("index.tpl");
});
respond('GET', '/[:table]', function ($request, $response, $app) {
$table = strtolower($request->param('table'));
if ('spraddr' != $table) {
$pdf->SetFillColor(5, 66, 6);
$pdf->SetTextColor(255, 255, 255);
$fill = true;
$pdf->SetFont('Arial', '', 13);
$pdf->Cell(190, 7, 'Employee Clearance Checklist for ' . $person->formatName('f m l'), 0, 1, 'C', $fill);
$pdf->SetFont('Arial', '', 10);
$pdf->Cell(190, 6, 'Username: '******'C', $fill);
$pdf->setTextColor(5, 66, 6);
$pdf->ln(5);
$checklist_items = array();
$categories = array();
$checklist = HRChecklist::get($person->pidm, $list);
$categories = HRChecklist::categories($checklist['type']);
$checklist_id = HRChecklist::get($person->pidm, $list, 'id');
$closed = HRChecklist::meta_exists($checklist_id, 'closed', 1);
if (IDMObject::authZ('permission', 'ape_checklist_employee_exit_hr')) {
if ($_POST['checklist_closed'] && !$closed) {
HRChecklist::add_meta($checklist_id, 'closed', 1);
HRChecklist::toggle_checklist($checklist_id, $_REQUEST['identifier'], true);
HRChecklist::add_meta($checklist_id, 'closed_marked_by', $_SESSION['pidm']);
} elseif (!$_POST['checklist_closed'] && $closed) {
HRChecklist::add_meta($checklist_id, 'closed', 0);
HRChecklist::toggle_checklist($checklist_id, $_REQUEST['identifier'], false);
HRChecklist::add_meta($checklist_id, 'closed_marked_by', $_SESSION['pidm']);
}
//end elseif
}
//end if
$closed_person = HRChecklist::get_meta($checklist['id'], 'closed_marked_by', 1);
$closed_person = $closed_person['meta_value'];
if ($closed_person) {
exit;
}
// Local Includes
$GLOBALS['LOCAL_INCLUDES'] = $GLOBALS['BASE_DIR'] . '/includes';
$GLOBALS['TEMPORARY_FILES'] = '/web/temp';
// Directory to hold Smarty's compiled templates
$GLOBALS['SMARTY_COMPILE'] = $GLOBALS['TEMPORARY_FILES'] . '/phonebook';
if (!is_writable($GLOBALS['SMARTY_COMPILE'])) {
mkdir($GLOBALS['SMARTY_COMPILE'], 0700);
}
/*******************[End Site Constants]*******************/
$GLOBALS['TITLE'] = 'Public Directory';
/*******************[Authorization]*****************/
$can_see_images = false;
if ($_SESSION['pidm']) {
/**** TODO: make this based off of APE *****/
$GLOBALS['BANNER'] = PSUDatabase::connect('oracle/psc1_psu/fixcase');
if (IDMObject::authZ('department', 'University Police')) {
$can_see_images = true;
}
//end if
/**** END TODO: make this based off of APE *****/
IDMObject::loadAuthZ($_SESSION['pidm']);
if (IDMObject::authZ('permission', 'view_idcard_images')) {
$can_see_images = true;
}
//end if
}
//end if
/*******************[End Authorization]*****************/
$tpl = new PSUTemplate();
<?php
// TODO: move the functionality in this file into an API
//
// action page for deleting windows profiles (vista roaming or terminal services)
//
$response = array('status' => 'error', 'message' => null);
try {
// can the user perform this action?
if (!IDMObject::authZ('permission', 'ape_profilereset')) {
throw new Exception('You are not authorized to reset profiles.');
}
// did we get all the needed data?
if (!isset($_GET['username']) || !isset($_GET['profile'])) {
throw new Exception('Username or profile type was missing in request.');
}
$args = array('username' => $_GET['username'], 'profile' => $_GET['profile'] == 0 ? 0 : 1);
// validate the username
$pidm = $GLOBALS['BannerIDM']->getIdentifier($args['username'], 'username', 'pid');
if ($pidm === false) {
throw new Exception('An invalid username was specified (pidm not found).');
}
//
// everything's good, insert the record
//
$systems = PSUDatabase::connect('mysql/systems');
$sql = "INSERT INTO profile_reset (uname, profile) VALUES (?, ?)";
$systems->Execute($sql, $args);
$profile_type = $args['profile'] == 0 ? 'Vista roaming' : 'Terminal Services';
$GLOBALS['LOG']->write('Profile reset (' . $profile_type . ')', $args['username']);
$response['message'] = sprintf("%s profile queued for deletion, this may take up to three minutes.", $profile_type);
$response['status'] = 'success';
$response['message'] = sprintf('%s "%s" was sucessfully added.', ucfirst($type), $attribute['attribute']);
$name = $GLOBALS['BannerIDM']->getName($person->pidm, 'f,l');
list($response['first_name'], $response['last_name']) = explode(',', $name);
$response['username'] = $person->username;
$response['source'] = $attribute['source'];
$response['pid'] = $person->pidm;
$GLOBALS['ape']->log($person->pidm, $action, $action_status, $type, $log_attribute);
}
} elseif ($action == 'remove') {
$id = $_REQUEST['id'];
$role = $GLOBALS['BannerIDM']->getLog($id);
if ($role['source'] !== $GLOBALS['IDM_SOURCE']) {
throw new Exception(sprintf('That role was added via %s, and cannot be deleted through %s.', $role['source'], $GLOBALS['IDM_SOURCE']));
}
if (!$global_attribute_admin && !IDMObject::authZ('admin', $role['attribute'])) {
throw new Exception("You cannot administer the {$role['attribute']} attribute");
}
$GLOBALS['BannerIDM']->removeAttribute($person->pidm, $id);
list($type_id, $type) = $GLOBALS['BannerIDM']->any2type($role['type_id']);
$log_attribute = $role['attribute'];
$response['status'] = 'success';
$response['message'] = sprintf('%s "%s" has been removed.', ucfirst($type), $role['attribute']);
$GLOBALS['ape']->log($person->pidm, $action, $action_status, $type, $log_attribute);
} else {
$GLOBALS['ape']->log($person->pidm, $action, $action_status, $type, $log_attribute);
}
} catch (Exception $e) {
$response['message'] = $e->GetMessage() . ($e->GetCode() ? '(' . $e->GetCode() . ')' : '');
$GLOBALS['ape']->log($person->pidm, $action, $action_status, $type, $log_attribute);
}
<?php
require dirname(dirname(__DIR__)) . '/legacy/git-bootstrap.php';
require_once 'autoload.php';
PSU::session_start();
$GLOBALS['BASE_DIR'] = dirname(__FILE__);
$GLOBALS['BASE_URL'] = '/webapp/cdn';
$GLOBALS['TEMPLATES'] = $GLOBALS['BASE_DIR'] . '/templates';
$GLOBALS['TITLE'] = 'CDN Manager';
require_once 'includes/CDNController.class.php';
require_once 'includes/CDNAPI.class.php';
IDMObject::authN();
if (!IDMObject::authZ('permission', 'web_developer')) {
die('You don\'t have access to ski on the moon.');
}
CDNController::delegate();
<?php
/**
* Utility script to dump email addresses for every portal user who
* has done some customization. Currently, this includes adding a
* relationship and modifying the layout.
*
* Append ?simple=1 to URL to hide names.
*/
require __DIR__ . '/init.php';
require_once 'autoload.php';
IDMObject::authN();
if (!IDMObject::authZ('role', 'myplymouth')) {
die('no access');
}
echo '<pre>';
PSU::get()->portal = PSU::db('portal_dev');
$sql = "SELECT DISTINCT wpid1 FROM relsearch WHERE substr(wpid1, 1, 1) <> 't'";
$wpids = PSU::db('portal')->GetCol($sql);
$sql = "SELECT DISTINCT wp_id FROM usertabs WHERE wp_id != 0 AND substr(wp_id, 1, 1) <> 't'";
$wpids2 = PSU::db('portal')->GetCol($sql);
$wpids = array_merge($wpids, $wpids2);
$wpids = array_unique($wpids);
sort($wpids);
if (!$_GET['simple']) {
echo "// append ?simple=1 to url to hide names\n\n";
}
foreach ($wpids as $wpid) {
$p = new PSUPerson($wpid);
if ($_GET['simple'] == 1) {
if ($p->wp_email) {
<?php
$person = new PSUPerson($_REQUEST['pidm']);
$action = $_REQUEST['action'];
$value = $_REQUEST['value'];
if (!$person->pidm) {
$person = new PSUPerson($_REQUEST['username']);
}
$logs = $GLOBALS['BannerIDM']->getLogs($person->pidm);
$attribute_log = current(current($logs[$action]));
if ($attribute_log['source'] == 'ape') {
$log = $GLOBALS['BannerIDM']->getLog($attribute_log['origin_id']);
if (IDMObject::authZ('admin', $log['attribute']) || IDMObject::authZ('permission', 'ape_attribute_admin')) {
$GLOBALS['BannerIDM']->setAttribute($person->pidm, $action, $value, 'ape', false, 'parent_id=' . $attribute_log['parent_id'] . '&origin_id=' . $attribute_log['origin_id']);
}
}
//end if
// bail here if request was javascript
if (isset($_GET['method']) && $_GET['method'] == 'js') {
header('Content-type: text/javascript');
$response['pidm'] = $person->pidm;
$response['type'] = $type;
$response['attribute'] = $log_attribute;
die($value);
}
PSUHTML::redirect($GLOBALS['BASE_URL'] . '/user/' . $person->pidm);
public function user_level()
{
if (IDMObject::authZ('permission', 'cts_admin')) {
return 1;
} elseif (IDMObject::authZ('permission', 'cts')) {
return 2;
} elseif (IDMObject::authZ('role', 'calllog')) {
return 3;
} else {
return 4;
}
}
<?php
if (!IDMObject::authZ('permission', 'commonapp_upload')) {
$_SESSION['errors'][] = 'You do not have permission to upload Common App feeds.';
PSUHTML::redirect($GLOBALS['BASE_URL']);
}
$tmp_name = $_FILES['feed']['tmp_name'];
$new_name = $GLOBALS['TMP'] . '/' . $_FILES['feed']['name'];
if (!is_uploaded_file($tmp_name)) {
$_SESSION['errors'][] = "Uploaded file not found.";
PSUHTML::redirect($GLOBALS['BASE_URL'] . '/upload.html');
}
if (!is_dir($GLOBALS['TMP'])) {
mkdir($GLOBALS['TMP']);
}
move_uploaded_file($tmp_name, $new_name);
if (!is_file($new_name)) {
$_SESSION['errors'][] = 'Could not find renamed file at ' . $new_name;
PSUHTML::redirect($GLOBALS['BASE_URL'] . '/upload.html');
}
$result = chmod($new_name, 0600);
if ($result == false) {
$_SESSION['errors'][] = 'Could not chmod ' . $new_name;
PSUHTML::redirect($GLOBALS['BASE_URL'] . '/upload.html');
}
$ca = new CommonApp($new_name);
$ca->import();
if (count($ca->errors)) {
// there were errors
$_SESSION['errors'][] = 'Some records file failed to import.';
$_SESSION['errors'] = array_merge($_SESSION['errors'], $ca->errors);
<?php
respond(function ($request, $response, $app) {
PSU::session_start();
// Base directory of application
$GLOBALS['BASE_DIR'] = dirname(__FILE__);
// Base URL
$GLOBALS['BASE_URL'] = 'https://' . $_SERVER['HTTP_HOST'] . '/app/ar';
// Base URL
$GLOBALS['WEBAPP_URL'] = 'https://' . $_SERVER['HTTP_HOST'] . '/webapp';
// Templates
$GLOBALS['TEMPLATES'] = PSU_BASE_DIR . '/app/ar/templates';
$GLOBALS['TITLE'] = 'Student Account Services Dashboard';
IDMObject::authN();
if (!IDMObject::authZ('permission', 'mis') && !IDMObject::authZ('role', 'bursar')) {
die('You do not have access to this application.');
}
$app->tpl = new \PSU\Template();
});
respond('/?', function ($request, $response, $app) {
$contract = new PSU\AR\PaymentPlan\Feed\Contracts(4);
$disbursement = new PSU\AR\PaymentPlan\Feed\Disbursements(2);
$types = array('contract', 'disbursement');
foreach ($types as $type) {
$report[$type] = array();
foreach (${$type} as $feed) {
$report[$type]['invalid_id'] += $feed->invalid_id_count();
$report[$type]['unprocessed'] += $feed->date_processed_timestamp() ? 0 : 1;
if ($diff = $feed->processed_difference()) {
$report[$type]['difference'][$feed->id] = $diff;
}
function __construct()
{
parent::__construct();
// general template vars
$this->assign('title', 'Analysis and Provisioning Engine');
$this->assign('icon', $GLOBALS['ape']->icons);
$this->template_dir = $GLOBALS['BASE_DIR'] . '/templates';
// custom template functions
$this->register_function('ape_bool', array($this, 'ape_bool'));
$this->assign('username', $_SESSION['username']);
$this->assign('ape', $GLOBALS['ape']);
$this->assign('myuser', $GLOBALS['myuser']);
$this->assign('infodesk', APEAuthZ::infodesk());
// get svn dataz for this application
$this->assign('svninfo', PSU::get_svn_info());
$this->xhtml = false;
$this->load_authz();
/*** set up navigation links ***/
$links = array('nav-home' => $this->createLink('Home', $GLOBALS['BASE_URL'] . '/', 'nav-icon nav-home', 'home'), 'nav-identity' => $this->createLink('Identity/Access', $GLOBALS['BASE_URL'] . '/user/' . $_SESSION['ape_identifier'], 'nav-identity', 'person'));
if (APEAuthZ::advancement()) {
$links['nav-advancement'] = $this->createLink('Advancement', $GLOBALS['BASE_URL'] . '/user/advancement/' . $_SESSION['ape_identifier'], 'nav-advancement', 'advancement');
$this->assign('advancement_link', true);
}
//end if
if (APEAuthZ::hr()) {
$links['nav-hr'] = $this->createLink('HR', '#', 'nav-advancement', 'hr');
$this->assign('hr_link', true);
}
//end if
if (APEAuthZ::family()) {
$links['nav-family'] = $this->createLink('Family', $GLOBALS['BASE_URL'] . '/user/family/' . $_SESSION['ape_identifier'], 'nav-family', 'family');
$this->assign('family_link', true);
}
//end if
if (APEAuthZ::student()) {
$links['nav-student'] = $this->createLink('Student', $GLOBALS['BASE_URL'] . '/user/student/' . $_SESSION['ape_identifier'], 'nav-student', 'student');
$this->assign('student_link', true);
}
//end if
if ($_SESSION['AUTHZ']['admin']) {
$links['nav-identity']['children'][] = $this->createLink('Access Management', $GLOBALS['BASE_URL'] . '/authz.html', 'nav-access', 'access');
}
if (IDMObject::authZ('permission', 'ape_mailing')) {
$links['nav-identity']['children'][] = $this->createLink('Mailing Lists', $GLOBALS['BASE_URL'] . '/lists/', 'nav-mailing', 'mail');
}
if (IDMObject::authZ('oracle', 'reporting_security')) {
$links['nav-identity']['children'][] = $this->createLink('Banner Security', $GLOBALS['BASE_URL'] . '/banner/', 'nav-banner', 'banner-security');
}
if ($GLOBALS['ape']->canResetPassword()) {
$links['nav-identity']['children'][] = $this->createLink('Password Test', $GLOBALS['BASE_URL'] . '/password-test.html', 'nav-pass', 'password');
$links['nav-identity']['children'][] = $this->createLink('Locked (' . $GLOBALS['ape']->locks_count() . ')', $GLOBALS['BASE_URL'] . '/locks.html', 'nav-locked', 'lock');
}
//end if
$links['nav-identity']['children'][] = $this->createLink('Creation (' . $GLOBALS['ape']->pending_accounts_count() . ')', $GLOBALS['BASE_URL'] . '/pending.html', 'nav-pend-create', 'pending-creation');
$links['nav-identity']['children'][] = $this->createLink('Deletion (' . $GLOBALS['ape']->pending_deletion_count() . ')', $GLOBALS['BASE_URL'] . '/deletion.html', 'nav-pend-delete', 'pending-deletion');
if (IDMObject::authz('permission', 'mis')) {
$links['nav-identity']['children'][] = $this->createLink('Provision/Deprovision Docs', 'https://docs.google.com/Doc?docid=0AcDtIeWVN6nGYWNmZ3dxamRqOW5jXzE0N2dndHBqNmZn&hl=en', 'nav-identity', 'identity');
}
//end if
if (APEAuthZ::hr()) {
$links['nav-hr']['children'][] = $this->createLink('Employee Clearance', $GLOBALS['BASE_URL'] . '/checklist-admin.html', 'nav-advancement', 'identity');
}
//end if
// if there are only 2 root links, replace root link #2 with its children
if (count($links) == 2) {
$parent_link = array_pop($links);
$links = array_merge($links, $parent_link['children']);
}
//end if
$this->assign('nav_links', $links);
}
$options['domain_controllers'] = array($conf['hostname'], $conf['hostname2']);
$options['ad_username'] = $conf['username'];
$options['ad_password'] = $conf['password'];
$options['real_primarygroup'] = true;
$options['use_ssl'] = true;
$options['recursive_groups'] = true;
$GLOBALS['AD'] = new adLDAP($options);
}
$GLOBALS['SYSTEMS_DB'] = PSU::db('systems');
// do whatever you do to authenticate the user....set the
// username into a session variable.
// at PSU we use phpCAS:
if ($GLOBALS['IS_HD'] || $GLOBALS['IP'][2] == 112 || $GLOBALS['IP'][2] == 114 || $GLOBALS['IP'][2] == 33 || $GLOBALS['IP'][2] == 32 || $GLOBALS['IP'][2] == 115 || $GLOBALS['IP'][2] == 1) {
// make sure we're either on an acceptable helpdesk computer, or on the 112 or 114 networks, otherwise deny access
IDMObject::authN();
if (!(IDMObject::authZ('banner', 'student_active') || IDMObject::authZ('banner', 'employee') || IDMObject::authZ('banner', 'alumni') || IDMObject::authZ('banner', 'alumni_campus') || IDMObject::authZ('banner', 'alumni_emeritus') || IDMObject::authZ('banner', 'psu_friend'))) {
echo "You must be a current student, employee, alumni, or retiree to use this service";
exit;
}
} else {
echo "You do not have access to use this service from this location";
exit;
}
/*******************[End Authentication]********************/
/*******************[Authorization]********************/
/*$auth_query = "select id from authorized_users where uid='".$_SESSION['username']."'";
$result = $GLOBALS['SYSTEMS_DB']->Execute($auth_query);
if($result->RecordCount()<1)
{
echo 'You do not have access to use this service';
exit;
public static function visit_plymouth_state()
{
return IDMObject::authZ('banner', 'ug_app') && !IDMObject::authZ('banner', 'ug_app_denied');
}
throw new Exception('An identity confirmation must be provided.');
}
if (!$GLOBALS['ape']->canResetPassword()) {
$GLOBALS['LOG']->write('Password Reset Attempt Failed: Not authorized to reset passwords.', $username);
throw new Exception('You are not allowed to perform password resets (missing role, or not in IP whitelist).');
}
if (!$username) {
throw new Exception('Username missing from password reset request.');
}
$person = new PSUPerson($username);
if (!$reason && ($ssn != substr($person->ssn, -4) || $dob != $person->birth_date)) {
$GLOBALS['LOG']->write('Password Reset Attempt Failed: invalid DOB & SSN portion provided.', $username);
throw new Exception('The identity verification failed. Either the last 4 of the SSN OR the Date of Birth did not match.');
}
//end if
if ($reason && !IDMObject::authZ('permission', 'ape_pw')) {
throw new Exception('You are not allowed to perform password resets without the last 4 of the SSN and Birth Date.');
}
//end if
if (!$reason) {
$reason = 'Private Data Provided and Verified';
}
//end if
list($username, $password) = $GLOBALS['PWMAN']->defaultCredentials($username);
$GLOBALS['PWMAN']->setPassword($username, $password);
$GLOBALS['PWMAN']->expire($username, 'reset');
$GLOBALS['LOG']->write('Resetting password: '******'Password Reset', 'Reset password.', array('call_status' => 'closed'))) {
$message .= ' Ticket #<a href="http://go.plymouth.edu/log/' . $call_id . '">' . $call_id . '</a> has been logged.';
}
/**
* Return the SQL code used to target elements.
*/
public static function targetSQL(PSUPerson $person, $class)
{
$response = array('tables' => '', 'where' => array("(t.type = 'public' AND t.value = 'public')"));
// don't use targeting if the global identifier is 0 (editing the default layout)
if (!$GLOBALS['identifier']) {
self::use_targeting(false);
}
//end if
// should we show everything, regardless of targeting?
if (!self::use_targeting() || IDMObject::authZ('role', 'myplymouth')) {
$response['where'] = 'AND 1=1';
return $response;
}
// join with center table and targets table
$response['tables'] = sprintf('
LEFT JOIN %3$s ON %1$s.id = %3$s.%2$s
LEFT JOIN targets t ON %3$s.target_id = t.id
', self::dbstr($class, 'table'), self::dbstr($class, 'fk'), self::dbstr($class, 'targets'));
foreach ($_SESSION['AUTHZ']['sql'] as $subtype => $in_sql) {
$response['where'][] = sprintf("(t.type = 'authz' AND t.subtype = '%s' AND value IN %s)", $subtype, $in_sql);
}
if ($person->ad_rules_sql) {
$response['where'][] = sprintf("(t.type = 'ad' AND value IN %s)", $person->ad_roles_sql);
}
if ($person->banner_roles_sql) {
$response['where'][] = sprintf("(t.type = 'banner' AND value IN %s)", $person->banner_roles_sql);
}
$response['where'] = sprintf("AND (%s)", implode(' OR ', $response['where']));
return $response;
}
/**
* redirects if not admin
*/
private function _force_admin()
{
if (!IDMObject::authZ('role', 'myplymouth')) {
$_SESSION['errors'][] = 'You are not allowed to view the MyPlymouth administration interface.';
PSU::redirect($GLOBALS['BASE_URL']);
}
//end if
}
<?php
require dirname(dirname(__DIR__)) . '/legacy/git-bootstrap.php';
require_once 'autoload.php';
PSU::session_start();
require_once 'PSUWordPress.php';
$GLOBALS['BASE_URL'] = $GLOBALS['RELATIVE_URL'] = '/webapp/els';
$GLOBALS['BASE_DIR'] = __DIR__;
$GLOBALS['UPLOAD_DIR'] = PSU::UPLOAD_DIR . $GLOBALS['BASE_URL'];
$GLOBALS['TITLE'] = 'ELS Administration';
$GLOBALS['META_WEBAPP'] = 'webapp_els';
require_once $GLOBALS['BASE_DIR'] . '/includes/ELS.class.php';
IDMObject::authN();
if (!IDMObject::authZ('permission', 'els_admin')) {
die('You do not have access to this application.');
}
$GLOBALS['USER_DB'] = PSUDatabase::connect('mysql/user_info-admin');
//$GLOBALS['EPO'] = PSUDatabase::connect('mssql/epo_mercury');
$GLOBALS['ASTER'] = PSUDatabase::connect('mysql/aster-misuser');
$GLOBALS['MYPLYMOUTH'] = PSUDatabase::connect('mysql/myplymouth');
/*******************[End Database Connections]*****************/
// which portal we are working in, for now there is only one, and we hardcode it!
$GLOBALS['Workflow'] = new Workflow();
$GLOBALS['BannerGeneral'] = new BannerGeneral($GLOBALS['BANNER']);
$GLOBALS['BannerStudent'] = new BannerStudent($GLOBALS['BANNER']);
$GLOBALS['PWMAN'] = new PasswordManager($GLOBALS['MYPLYMOUTH'], $_ = false, $GLOBALS['USER_DB']);
$GLOBALS['LOG'] = new PSULog('ape', $_SESSION['username']);
$GLOBALS['ZimbraAdmin'] = new zimbraAdmin();
/*******************[Authorization Stuff]*****************/
$GLOBALS['user_roles'] = PSU::get('idmobject')->getAllBannerRoles($_SESSION['username']);
$path_parts = pathinfo($_SERVER['SCRIPT_FILENAME']);
if (!IDMObject::authZ('role', 'staff') && !IDMObject::authZ('role', 'ape') && !APEAuthZ::infodesk() && !APEAuthZ::family() && !APEAuthZ::student() && !APEAuthZ::advancement() && !$_SESSION['impersonate']) {
echo 'You (' . $_SESSION['username'] . ') do not have access to use this application. If ' . $_SESSION['username'] . ' is not your username, please log in to <a href="http://go.plymouth.edu/logout">myPlymouth</a> and try again.';
exit;
}
//end if
/*******************[End Authorization Stuff]*****************/
if ($_GET['mobile']) {
$_SESSION['psu_mobile'] = true;
} elseif ($_GET['nomobile']) {
$_SESSION['psu_mobile'] = false;
}
//end else
$GLOBALS['myuser'] = new PSUPerson($_SESSION['username']);
// first-time init. of error and message vars
if (!isset($_SESSION['errors'])) {
$_SESSION['errors'] = $_SESSION['messages'] = array();
<?php
/**
* Save changes to hardware from hardware.html.
*/
if (!IDMObject::authZ('permission', 'ape_hardware')) {
die('You do not have hardware privileges.');
}
$pidm = (int) $_GET['pidm'];
$id = (int) $_GET['id'];
$person = new PSUPerson($pidm);
$person->hardware->deleteHardware($id);
PSUHTML::redirect($BASE_URL . '/hardware/u/' . $person->username);
/**
* Return true if current user is a portal admin, false if not
*/
public function is_admin()
{
return IDMObject::authZ('role', 'myplymouth');
}
<?php
/**
* reset the expiration date on person_phone so that they are prompted to sign up with and re-confirm mobile number when logging into myPlymouth
*/
try {
// can the user perform this action?
if (!IDMObject::authZ('permission', 'mis') && !APEAuthZ::infodesk()) {
throw new Exception('You are not authorized to reset emergency phone information.');
}
// end if
// did we get all the needed data?
if (!isset($_GET['wp_id'])) {
throw new Exception('wp_id was missing in request.');
}
// end if
$person = PSUPerson::get($_GET['wp_id']);
if ($ok = $person->emergency_phone->unconfirm()) {
$GLOBALS['LOG']->write('Emergency phone reset', $_GET['wp_id']);
$response['message'] = 'Emergency number reset. They will be prompted to confirm on next login (assuming they are a student/employee)';
$response['status'] = 'success';
} else {
throw new Exception('Error resetting: ' . $ok);
}
// end else
} catch (Exception $e) {
$response['message'] = $e->getMessage();
}
// end catch
//
// ajax requests end here
/**
* Convenience function to test if the user can administer this role.
*
* @param $role \b array an associative array of the role data
*/
function canAdminRole($role = null)
{
// can't admin attributes
if (!IDMObject::authZ('permission', 'ape_attribute_admin')) {
return false;
}
// wasn't a role-specific query, user is allowed
if ($role == null) {
return true;
}
// allowed to edit this role?
if ($role['origin_id'] == null && $role['source'] == $GLOBALS['IDM_SOURCE']) {
return true;
}
return false;
}
<?php
try {
if (!IDMObject::authZ('permission', 'ape_wp_email_reset')) {
throw new Exception('You are not authorized to reset profiles.');
}
require_once '/web/connect.plymouth.edu/wp-includes/registration.php';
$person = new PSUPerson($_GET['identifier']);
if (!$person->pidm) {
throw new Exception('Could not load person for pidm: ' . $_GET['pidm']);
}
//end if
$user = get_userdatabypidm($person->pidm);
update_usermeta($user->ID, 'psuname', $person->login_name);
delete_usermeta($user->ID, 'ac_pwreset');
$response['message'] = 'WP psuname has been synched.';
$email = trim($_GET['email']);
if ($email) {
if ($_GET['type'] == 'primary') {
$user_data = array('ID' => $user->ID, 'user_email' => $email);
$which = "Email";
$old_email = $user->user_email;
$result = wp_update_user((array) $user_data);
} else {
$which = "Alt. email";
$old_email = $user->email_alt;
$result = update_usermeta($user->ID, 'email_alt', $email);
}
if ($result) {
$response['message'] .= sprintf(' %s changed from "%s" to "%s"', $which, $old_email, $email);
}
});
respond('/?', function ($request, $response, $app) {
$contracts = new PSU\AR\PaymentPlan\Feed\Contracts(10);
$disbursements = new PSU\AR\PaymentPlan\Feed\Disbursements(4);
$app->tpl->assign('date_format', '%b %e @ %l:%M %P');
$app->tpl->assign('contracts', $contracts);
$app->tpl->assign('disbursements', $disbursements);
$app->tpl->display('payment-plans.tpl');
});
respond('/process/[contract|disbursement:script]', function ($request, $response, $app) {
$script = $request->script;
if ($app->running[$script]) {
PSU::redirect($GLOBALS['BASE_URL'] . '/payment-plans');
}
//end if
$user = PSU::isDev() ? 'nrporter' : 'webguru';
if (PSU::isDev() && !IDMObject::authZ('permission', 'mis')) {
$_SESSION['errors'][] = 'Only MIS can run this script in development';
PSU::redirect($GLOBALS['BASE_URL'] . '/payment-plans');
}
//end if
if ('contract' == $script) {
$command = '/usr/local/bin/php ~' . $user . '/scripts/payment_plan_' . $script . '.php -i ' . strtolower(PSU::db('banner')->database) . ' &';
} else {
$command = '/usr/local/bin/php ~' . $user . '/scripts/payment_plan_' . $script . '.php --instance=' . strtolower(PSU::db('banner')->database) . ' &';
}
//end else
exec($command);
$_SESSION['successes'][] = 'The Payment Plan ' . ucwords($script) . ' processing script has begun. Please check back shortly.';
PSU::redirect($GLOBALS['BASE_URL'] . '/payment-plans');
});
require_once 'BannerStudent.class.php';
//student class
require_once 'PSUECommerce.class.php';
require_once 'PSUECommerceInterface.class.php';
require_once 'PSUECommerceTransaction.class.php';
require_once 'ecommerce/ETrans.class.php';
require_once 'channel.class.php';
/*******************[End Common Includes]**********************/
/*******************[Local Includes]**********************/
require_once $GLOBALS['LOCAL_INCLUDES'] . '/ECommerceSmarty.class.php';
/*******************[End Local Includes]**********************/
/*******************[Database Connections]*****************/
$which = 'test';
if ($_GET['which'] == 'psc1') {
$which = 'psc1';
} elseif (preg_match('/https?\\:\\/\\/www\\./', $GLOBALS['BASE_URL']) && $_GET['which'] != 'test') {
$which = 'psc1';
}
//end else
$GLOBALS['BANNER'] = PSUDatabase::connect('oracle/' . $which . '_psu/fixcase');
/*******************[End Database Connections]*****************/
$GLOBALS['BannerStudent'] = new BannerStudent($GLOBALS['BANNER']);
$GLOBALS['BannerIDM'] = new IDMObject();
if (strchr($_SERVER['SCRIPT_NAME'], '/admin/')) {
$_SESSION['username'] = IDMObject::authN();
if (!IDMObject::authZ('permission', 'mis')) {
exit("You do not have sufficient permissions to view this page.");
}
//end if
}
//end if
<?php
require_once 'autoload.php';
PSU::session_start();
$GLOBALS['BASE_DIR'] = dirname(__FILE__);
$GLOBALS['BASE_URL'] = '/webapp/faculty';
$GLOBALS['TEMPLATES'] = $GLOBALS['BASE_DIR'] . '/templates';
$GLOBALS['TITLE'] = 'Faculty Database';
IDMObject::authN();
if (!IDMObject::authZ('permission', 'faculty_admin')) {
exit('You do not have access to this service.');
}
