function testUser() { $this->startCodeCoverage(); $user = new User(); $user->Id = "non_numeric"; if (!($user->SetPassword("blah") === false)) { $this->fail("User::SetPassword didn't return false for non-numeric user id"); return 1; } if (!($user->IsAdmin() === false)) { $this->fail("User::IsAdmin didn't return false for non-numeric user id"); return 1; } $user->Id = ""; $user->Email = ""; if (!($user->GetName() === false)) { $this->fail("User::GetName didn't return false when given no user id"); return 1; } if (!($user->IsAdmin() === false)) { $this->fail("User::Exists didn't return false for no user id and no email"); return 1; } $user->Email = "simpletest@localhost"; if ($user->Exists() === false) { $this->fail("User::Exists returned false even though user exists"); return 1; } $id = $user->GetIdFromEmail("simpletest@localhost"); if ($id === false) { $this->fail("User::GetIdFromEmail returned false for a valid user"); return 1; } $user->Id = $id; $user->Admin = "1"; $user->FirstName = "administrator"; $user->Institution = "Kitware Inc."; if ($user->Exists() != true) { $this->fail("User::Exists failed given a valid user id"); return 1; } $user->Password = md5("simpletest"); // Coverage for update save $user->Save(); // Coverage for SetPassword $user->SetPassword(md5("simpletest")); $this->stopCodeCoverage(); return 0; }
public function testUser() { $this->startCodeCoverage(); $user = new User(); $user->Id = 'non_numeric'; if (!($user->SetPassword('blah') === false)) { $this->fail("User::SetPassword didn't return false for non-numeric user id"); return 1; } if (!($user->IsAdmin() === false)) { $this->fail("User::IsAdmin didn't return false for non-numeric user id"); return 1; } $user->Id = ''; $user->Email = ''; if (!($user->GetName() === false)) { $this->fail("User::GetName didn't return false when given no user id"); return 1; } if (!($user->IsAdmin() === false)) { $this->fail("User::Exists didn't return false for no user id and no email"); return 1; } $user->Email = 'simpletest@localhost'; if ($user->Exists() === false) { $this->fail('User::Exists returned false even though user exists'); return 1; } $id = $user->GetIdFromEmail('simpletest@localhost'); if ($id === false) { $this->fail('User::GetIdFromEmail returned false for a valid user'); return 1; } $user->Id = $id; $user->Admin = '1'; $user->FirstName = 'administrator'; $user->Institution = 'Kitware Inc.'; if ($user->Exists() != true) { $this->fail('User::Exists failed given a valid user id'); return 1; } $user->Password = md5('simpletest'); // Coverage for update save $user->Save(); // Coverage for SetPassword $user->SetPassword(md5('simpletest')); $this->stopCodeCoverage(); return 0; }
/** * Get the list of Chronicles visible to the specified user for the specified group. * @param int $groupId * @param User $user * @return Query The results Query */ public function getVisibleForGroup($groupId, $user) { $chronicles = $this->findByGroupId((int) $groupId); if (!$user->IsAdmin()) { $chronicles->where(['OR' => [['published' => true], ['created_by' => (int) $user->id]]]); } return $chronicles; }
if (pdo_num_rows($project) > 0) { $project_array = pdo_fetch_array($project); $projectname = $project_array["name"]; } $Project->Id = $projectid; $role = $Project->GetUserRole($userid); } else { $projectname = 'Global'; } $xml = begin_XML_for_XSLT(); $xml .= "<title>Feed - " . $projectname . "</title>"; $xml .= get_cdash_dashboard_xml(get_project_name($projectid), $date); $sql = ''; if ($date) { $sql = "AND date>'" . $date . "'"; } // Get the errors $query = pdo_query("SELECT * FROM feed WHERE projectid=" . qnum($projectid) . " ORDER BY id DESC"); while ($query_array = pdo_fetch_array($query)) { $xml .= "<feeditem>"; $xml .= add_XML_value("date", $query_array["date"]); $xml .= add_XML_value("buildid", $query_array["buildid"]); $xml .= add_XML_value("type", $query_array["type"]); $xml .= add_XML_value("description", $query_array["description"]); $xml .= "</feeditem>"; } $xml .= add_XML_value("admin", $User->IsAdmin()); $xml .= add_XML_value("role", $role); $xml .= "</cdash>"; // Now doing the xslt transition generate_XSLT($xml, "viewFeed");
function valid_user(&$response, $Project = null) { // Make sure we have a logged in user. global $session_OK; if (!$session_OK) { $response['requirelogin'] = 1; http_response_code(401); return false; } if (!isset($_SESSION['cdash']) || !isset($_SESSION['cdash']['loginid'])) { $response['requirelogin'] = 1; http_response_code(401); return false; } global $userid; $userid = $_SESSION['cdash']['loginid']; if (!isset($userid) || !is_numeric($userid)) { $response['requirelogin'] = 1; http_response_code(401); return false; } // Make sure this user has the necessary permissions. $User = new User(); $User->Id = $userid; if (is_null($Project) && !(isset($_SESSION['cdash']['user_can_create_project']) && $_SESSION['cdash']['user_can_create_project'] == 1) && !$User->IsAdmin()) { // User does not have permission to create a new project. $response['error'] = 'You do not have permission to access this page.'; http_response_code(403); return false; } elseif (!is_null($Project) && (!$User->IsAdmin() && $Project->GetUserRole($userid) <= 1)) { // User does not have permission to edit this project. $response['error'] = 'You do not have permission to access this page.'; http_response_code(403); return false; } return true; }
if (count($projectids) == 1) { $projectid = $projectids[0]; } } // If the projectid is set, make sure that it's valid $Project->Id = $projectid; if (!is_null($projectid) && $projectid > 0 && !$Project->Exists()) { $response['error'] = 'This project does not exist.'; echo json_encode($response); return; } $User = new User(); $User->Id = $userid; $role = $Project->GetUserRole($userid); // If we are editing a project make sure we have the right to do so if (!is_null($projectid) && !(isset($_SESSION['cdash']['user_can_create_project']) && $_SESSION['cdash']['user_can_create_project'] == 1) && !$User->IsAdmin()) { $response['error'] = 'You do not have permission to access this page.'; echo json_encode($response); return; } elseif (!is_null($projectid) && (!$User->IsAdmin() && $role <= 1)) { $response['error'] = 'You do not have permission to access this page.'; echo json_encode($response); return; } $response = begin_JSON_response(); if ($projectid > 0) { get_dashboard_JSON($Project->GetName(), null, $response); } $response['hidenav'] = 1; $menu = array(); $menu['back'] = 'user.php';
if (empty($projectid)) { $projectid = 0; } $Project = new Project(); // If the projectid is not set and there is only one project we go directly to the page if (isset($edit) && !isset($projectid)) { $projectids = $Project->GetIds(); if (count($projectids) == 1) { $projectid = $projectids[0]; } } $User = new User(); $User->Id = $userid; $Project->Id = $projectid; $role = $Project->GetUserRole($userid); if ($User->IsAdmin() === FALSE && $role <= 1) { echo "You don't have the permissions to access this page"; return; } // If user is admin then we can add a banner for all projects if ($User->IsAdmin() == true) { $xml .= "<availableproject>"; $xml .= add_XML_value("id", "0"); $xml .= add_XML_value("name", "All"); if ($projectid == 0) { $xml .= add_XML_value("selected", "1"); } $xml .= "</availableproject>"; } $sql = "SELECT id,name FROM project"; if ($User->IsAdmin() == false) {
/** * * @access public * @param Comment $comment * @param User $user * @return bool */ public static function Remove($comment, $user) { try { if ($user->user_id == $comment->user_id || $user->IsAdmin()) { $cmd = sprintf("DELETE FROM zi_comments WHERE comment_id=%d;", $comment->comment_id); if (!Database::Query($cmd, false)) { throw new IdeaException("can't remove comment - database problem"); } } else { throw new IdeaException("can't remove comment - user is not an owner of the comment "); } } catch (Exception $e) { Debug::Log($e, WARNING); return false; } return true; }
return; } if ($edit) { $xml .= "<edit>1</edit>"; } else { $xml .= "<edit>0</edit>"; } $project = pdo_query("SELECT id,name,public,emailbrokensubmission FROM project WHERE id='{$projectid}'"); $project_array = pdo_fetch_array($project); $Project = new Project(); $User = new User(); $User->Id = $userid; $Project->Id = $projectid; $role = $Project->GetUserRole($userid); // Check if the project is public if (!$project_array['public'] && ($User->IsAdmin() === FALSE && $role < 0)) { echo "You don't have the permissions to access this page"; return; } // Check if the user is not already in the database $user2project = pdo_query("SELECT role,emailtype,emailcategory,emailmissingsites,emailsuccess\n FROM user2project WHERE userid='{$userid}' AND projectid='{$projectid}'"); if (pdo_num_rows($user2project) > 0) { $user2project_array = pdo_fetch_array($user2project); $xml .= add_XML_value("role", $user2project_array["role"]); $xml .= add_XML_value("emailtype", $user2project_array["emailtype"]); $xml .= add_XML_value("emailmissingsites", $user2project_array["emailmissingsites"]); $xml .= add_XML_value("emailsuccess", $user2project_array["emailsuccess"]); $emailcategory = $user2project_array["emailcategory"]; $xml .= add_XML_value("emailcategory_update", check_email_category("update", $emailcategory)); $xml .= add_XML_value("emailcategory_configure", check_email_category("configure", $emailcategory)); $xml .= add_XML_value("emailcategory_warning", check_email_category("warning", $emailcategory));
require_once 'models/constants.php'; require_once 'models/user.php'; require_once 'models/userproject.php'; if ($session_OK) { if (!$CDASH_MANAGE_CLIENTS) { echo 'CDash has not been setup to allow client management'; return; } $userid = $_SESSION['cdash']['loginid']; $User = new User(); $User->Id = $userid; /* If we should remove a job */ if (isset($_GET['removeschedule'])) { $ClientJobSchedule = new ClientJobSchedule(); $ClientJobSchedule->Id = pdo_real_escape_numeric($_GET['removeschedule']); if (!$User->IsAdmin() && $ClientJobSchedule->GetOwner() != $userid) { echo 'You cannot access this job'; return; } $ClientJobSchedule->Remove(); echo "<script language=\"javascript\">window.location='user.php'</script>"; } if (!isset($_GET['projectid']) && !isset($_GET['scheduleid'])) { echo 'Projectid or Schedule id not set'; return; } if (isset($_GET['projectid'])) { $projectid = pdo_real_escape_numeric($_GET['projectid']); } else { $scheduleid = pdo_real_escape_numeric($_GET['scheduleid']); $ClientJobSchedule = new ClientJobSchedule();
<?php /* * Page that Permits to an Admin to create a new User */ //TODO think about a new system to create users, password, etc.. include_once dirname(__FILE__) . "/classes/User.php"; include_once dirname(__FILE__) . "/functions/functions.php"; session_start(); if (!isset($_SESSION['USERNAME'])) { redirect("login.php", 301); } else { //TODO check session duration try { $user = new User($_SESSION['USERNAME']); if (!$user->IsAdmin()) { //TODO Reporting through logger throw new Exception("You have not admin permissions, this abuse will be reported"); } else { if (isset($_POST['USERNAME']) && isset($_POST['PWD']) && isset($_POST['PWDR'])) { if ($_POST['USERNAME'] == "" || $_POST['PWD'] == "" || $_POST['PWDR'] == "") { throw new Exception("Fields cannot be empty"); } if ($_POST['PWD'] != $_POST['PWDR']) { throw new Exception("Two passwords are different"); } $username = clearInput($_POST['USERNAME']); $usernameN = strip_tags($username); if ($usernameN != $username) { throw new Exception("Inserted Username is not valid"); }
if (pdo_num_rows($project) > 0) { $project_array = pdo_fetch_array($project); $projectname = $project_array['name']; } $Project->Id = $projectid; $role = $Project->GetUserRole($userid); } else { $projectname = 'Global'; } $xml = begin_XML_for_XSLT(); $xml .= '<title>Feed - ' . $projectname . '</title>'; $xml .= get_cdash_dashboard_xml(get_project_name($projectid), $date); $sql = ''; if ($date) { $sql = "AND date>'" . $date . "'"; } // Get the errors $query = pdo_query('SELECT * FROM feed WHERE projectid=' . qnum($projectid) . ' ORDER BY id DESC'); while ($query_array = pdo_fetch_array($query)) { $xml .= '<feeditem>'; $xml .= add_XML_value('date', $query_array['date']); $xml .= add_XML_value('buildid', $query_array['buildid']); $xml .= add_XML_value('type', $query_array['type']); $xml .= add_XML_value('description', $query_array['description']); $xml .= '</feeditem>'; } $xml .= add_XML_value('admin', $User->IsAdmin()); $xml .= add_XML_value('role', $role); $xml .= '</cdash>'; // Now doing the xslt transition generate_XSLT($xml, 'viewFeed');
<?php include_once '../globals.php'; if (!isset($_SESSION)) { session_start(); } $currentUser = new User($_SESSION['username'], $_SESSION['firstname'], $_SESSION['name'], $_SESSION['is_admin'], $_SESSION['user_id']); if (!$currentUser->IsAdmin()) { header("location: ../index.php"); } else { ?> <!DOCTYPE html> <html ng-app="management-system"> <head> <title>Didier Alessandroni - Apiculteur</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <!-- Bootstrap --> <link href="<?php echo $include_path; ?> includes/css/bootstrap.min.css" rel="stylesheet"> <link href="<?php echo $include_path; ?> includes/css/bootstrap-responsive.min.css" rel="stylesheet"> <link href="<?php echo $include_path; ?>
/** * * @access public * @static * @param Idea $idea * @param User $user * @return bool */ public static function Remove($idea, $user) { try { if ($user->user_id == $idea->user_id || $user->IsAdmin()) { $cmd = sprintf("DELETE FROM zi_ideas WHERE idea_id=%d;", $idea->idea_id); if (!Database::Query($cmd, false)) { throw new IdeaException("can't remove idea - database problem"); } $cmd = sprintf("DELETE FROM zi_comments WHERE idea_id=%d;", $idea->idea_id); if (!Database::Query($cmd, false)) { throw new IdeaException("can't remove idea comments - database problem"); } $cmd = sprintf("DELETE FROM zi_rates WHERE idea_id=%d;", $idea->idea_id); if (!Database::Query($cmd, false)) { throw new IdeaException("can't remove idea rates - database problem"); } } else { throw new IdeaException("can't remove idea - user is not a owner of the idea "); } } catch (Exception $e) { Debug::Log($e, WARNING); return false; } return true; }
$User->Id = $userid; $Project = new Project(); $role = 0; if ($projectid) { $project = pdo_query("SELECT name FROM project WHERE id='{$projectid}'"); if (pdo_num_rows($project) > 0) { $project_array = pdo_fetch_array($project); $projectname = $project_array["name"]; } $Project->Id = $projectid; $role = $Project->GetUserRole($userid); } else { $projectname = 'Global'; } // If we should delete the log if (($User->IsAdmin() || $role > 1) && isset($_POST["deletelogs"])) { $ErrorLog = new ErrorLog(); $ErrorLog->Clean(0, $projectid); } else { if (isset($_POST["deletelogs"])) { echo "You don't have the privileges to delete these logs."; exit; } } $xml = begin_XML_for_XSLT(); $xml .= "<title>Error Log - " . $projectname . "</title>"; if ($buildid) { $xml .= get_cdash_dashboard_xml(get_project_name($projectid), $date); // Get the errors $query = pdo_query("SELECT resourcetype,date,resourceid,description,type,buildid,projectid\n FROM errorlog WHERE projectid=" . qnum($projectid) . " AND buildid=" . qnum($buildid) . " ORDER BY date DESC"); } else {
$rest_json = file_get_contents("php://input"); $_POST = json_decode($rest_json, true); @($projectid = $_POST['projectid']); } if (!isset($projectid)) { echo_error('projectid not specified.'); return; } $projectid = pdo_real_escape_numeric($projectid); // Make sure the user has access to this page. $Project = new Project(); $User = new User(); $User->Id = $userid; $Project->Id = $projectid; $role = $Project->GetUserRole($userid); if ($User->IsAdmin() === FALSE && $role <= 1) { echo_error("You ({$userid}) don't have the permissions to access this page ({$projectid})"); return; } // Route based on what type of request this is. $method = $_SERVER['REQUEST_METHOD']; switch ($method) { case 'DELETE': rest_delete(); break; case 'POST': rest_post(); break; case 'PUT': rest_put(); break;
echo "Used: " . number_format($fs[1] / pow(2, 20), 1) . "GB - "; echo "Free: " . number_format($fs[2] / pow(2, 20), 1) . "GB"; echo "</div>"; } } } ?> <a href="index.php">BACK</a> </section> <section class="toolsMenu"> <ul class="scripts"> <!-- TODO define Tools Menu --> <li><a href="passwd.php">Change Password</a></li> <?php if ($user->IsAdmin()) { ?> <li><a href="adduser.php">Add User</a></li> <li><a href="moduser.php">Modify User</a></li> <?php } ?> </ul> </section> <footer> <ul> <li class="footerTab"> <a onclick="showTools(this)">TOOLS</a> </li> <li class="footerTab">
$rest_json = file_get_contents('php://input'); $_POST = json_decode($rest_json, true); @($projectid = $_POST['projectid']); } if (!isset($projectid)) { echo_error('projectid not specified.'); return; } $projectid = pdo_real_escape_numeric($projectid); // Make sure the user has access to this page. $Project = new Project(); $User = new User(); $User->Id = $userid; $Project->Id = $projectid; $role = $Project->GetUserRole($userid); if ($User->IsAdmin() === false && $role <= 1) { echo_error("You ({$userid}) don't have the permissions to access this page ({$projectid})"); return; } // Route based on what type of request this is. $method = $_SERVER['REQUEST_METHOD']; switch ($method) { case 'DELETE': rest_delete(); break; case 'POST': rest_post(); break; case 'PUT': rest_put(); break;
} @($db = pdo_connect("{$CDASH_DB_HOST}", "{$CDASH_DB_LOGIN}", "{$CDASH_DB_PASS}")); pdo_select_db("{$CDASH_DB_NAME}", $db); @($userid = $_SESSION['cdash']['loginid']); // Checks if (!isset($userid) || !is_numeric($userid)) { $response['requirelogin'] = 1; echo json_encode($response); return; } // List the available projects that this user has admin rights to. @($projectid = $_GET['projectid']); $User = new User(); $User->Id = $userid; $sql = 'SELECT id,name FROM project'; if ($User->IsAdmin() == false) { $sql .= " WHERE id IN (SELECT projectid AS id FROM user2project WHERE userid='{$userid}' AND role>0)"; } $projects = pdo_query($sql); $availableprojects = array(); while ($project_array = pdo_fetch_array($projects)) { $availableproject = array(); $availableproject['id'] = $project_array['id']; $availableproject['name'] = $project_array['name']; if ($project_array['id'] == $projectid) { $availableproject['selected'] = '1'; } $availableprojects[] = $availableproject; } $response['availableprojects'] = $availableprojects; if (!isset($projectid) || $projectid < 1) {