Beispiel #1
0
$user = new user();
$json .= $user->login('foo', 'test');
echo "<em>Login failure session</em>";
var_dump($_SESSION);
echo "<em>Login failure admin check</em>";
var_dump($user->isAdmin());
//False
//Fail
var_dump($user);
$user = '';
$user = new user();
$json .= $user->login('Second User', 'test');
echo "<em>Second User Session</em>";
var_dump($_SESSION);
echo "<em>Second user admin check</em>";
var_dump($user->isAdmin());
//False
//Soft fail
var_dump($user);
$json .= $user->logout();
$json = str_replace('}{', '},{', "[{$json}]");
if (RETURN_JSON) {
    var_dump($json);
} else {
    var_dump(json_decode($json));
}
$db->query("TRUNCATE tbl_user; TRUNCATE tbl_session; TRUNCATE tbl_log;");
try {
    $db->execute();
} catch (Exception $e) {
    return array("Database error: " . $e->getMessage(), 1);
 public function testRoleTwoIsNotAdmin()
 {
     $u = new user();
     $u->setRole(2);
     $this->assertFalse($u->isAdmin());
 }
Beispiel #3
0
 public function is_admin()
 {
     return $this->user->isAdmin();
 }
Beispiel #4
0
function auth_check($atom)
{
    global $dbh;
    static $karma;
    require_once "Damblan/Karma.php";
    global $auth_user;
    // admins are almighty
    if (user::isAdmin($auth_user->handle)) {
        return true;
    }
    // Check for backwards compatibility
    if (is_bool($atom)) {
        if ($atom == true) {
            $atom = "pear.admin";
        } else {
            $atom = "pear.dev";
        }
    }
    // every authenticated user has the pear.user and pear.dev karma
    if (in_array($atom, array("pear.user", "pear.dev"))) {
        return true;
    }
    if (!isset($karma)) {
        $karma = new Damblan_Karma($dbh);
    }
    $a = $karma->has($auth_user->handle, $atom);
    if (PEAR::isError($a)) {
        return false;
    }
    return $a;
}
Beispiel #5
0
$bb->horizHeadRow("Description", nl2br($description));
if (!empty($homepage)) {
    $bb->horizHeadRow("Homepage", make_link($homepage));
}
if ($relid) {
    // Find correct version for given release id
    foreach ($pkg['releases'] as $r_version => $release) {
        if ($release['id'] != $relid) {
            continue;
        }
        $bb->horizHeadRow("Release notes<br />Version " . $version . "<br />(" . $release['state'] . ")", nl2br($release['releasenotes']));
        break;
    }
}
if (!empty($auth_user)) {
    $bb->fullRow("<div align=\"right\">" . make_link("/package-edit.php?id={$pacid}", make_image("edit.gif", "Edit package information")) . (user::isAdmin($auth_user->handle) ? "&nbsp;" . make_link("/package-delete.php?id={$pacid}", make_image("delete.gif", "Delete package")) : "") . "&nbsp;[" . make_link("/admin/package-maintainers.php?pid={$pacid}", "Edit maintainers") . "]</div>");
}
$bb->end();
// }}}
// {{{ latest/cvs/changelog links
?>

<br />
<table border="0" cellspacing="3" cellpadding="3" height="48" width="90%" align="center">
<tr>
<?php 
$get_link = make_link("/get/{$name}", 'Latest Tarball');
if ($version) {
    $changelog_link = make_link("/package-changelog.php?package=" . $pkg['name'] . '&amp;release=' . $version, 'Changelog');
} else {
    $changelog_link = make_link("/package-changelog.php?package=" . $pkg['name'], 'Changelog');
function isAllowed($package)
{
    global $auth_user;
    auth_require();
    $lead = in_array($auth_user->handle, array_keys(maintainer::get($package, true)));
    $admin = user::isAdmin($auth_user->handle);
    return $lead || $admin;
}
 public function boot_user()
 {
     global $user, $db;
     if (!empty($this->params['id'])) {
         $u = new user($this->params['id']);
         if ($user->isSuperAdmin() || $user->isActingAdmin() && !$u->isAdmin()) {
             // We can only kick the user if they are A) not an acting admin, or
             // B) The current user is a super user and the kicked user is not.
             $db->delete('sessionticket', 'uid=' . $u->id);
         }
     }
     expHistory::back();
 }
Beispiel #8
0
 static function getUserCart()
 {
     global $db, $user, $router;
     $sessAr = expSession::get('verify_shopper');
     // initialize this users cart if they have ecomm installed.
     $active = $db->selectValue('modstate', 'active', 'module="storeController"');
     if (!expModules::controllerExists('cart') || empty($active)) {
         // if ecomm is turned off, no cart.
         return null;
     } else {
         if (isset($router->params['controller']) && $router->params['controller'] == 'order' && ($router->params['action'] == 'verifyReturnShopper' || $router->params['action'] == 'verifyAndRestoreCart' || $router->params['action'] == 'clearCart') && (!isset($sessAr['validated']) || $sessAr['validated'] != true)) {
             return new order();
         } else {
             // if ecomm is turned off, no cart.
             //$active = ;
             if (empty($active)) {
                 return null;
             }
             $order = new order();
             //initialize a new order object to use the find function from.
             $ticket = expSession::getTicketString();
             //get this users session ticket. this is how we track anonymous users.
             // grab the origional referrer from the session table so that we can transfer it into the cart where it will be used for reporting purposes
             // sessions are temporary so we can't report on the referrer in the session table itsef because it may not be there
             // and we can't just get the referrer ar this point becaues the user likely navigated the site a bit and we want the origional referring site
             $orig_referrer = $db->selectValue('sessionticket', 'referrer', "`ticket`='" . $ticket . "'");
             //see if we have a LIVE and ACTIVE session w/ cart and grab it if so
             $sessioncart = $order->find('first', "invoice_id='' AND sessionticket_ticket='" . $ticket . "'");
             //check to see if the user is logged in, and if so grab their existing cart
             if (!empty($user) && $user->isLoggedIn()) {
                 $usercart = $order->find('first', "invoice_id='' AND user_id=" . $user->id);
             }
             //eDebug($sessioncart);
             //eDebug($usercart);
             //enter here if we have NO ACTIVE SESSION CART -OR- We're awaiting a potential cart retore
             if (empty($sessioncart->id) || $sessAr['awaiting_choice'] == true) {
                 if (empty($usercart->id)) {
                     // no SESSION cart was found and user is not logged in...
                     //let's see if they have a cart_id cookie set and we'll snag that if so
                     //they won't have any user data, since they are "logged in" once they get to
                     //checkout, so all we're really doing here is populating a cart for return
                     //shoppers
                     $cookie_cart_id = isset($_COOKIE['cid']) ? $_COOKIE['cid'] : 0;
                     //eDebug($cookie_cart_id,true);
                     if ($cookie_cart_id) {
                         $tmpCart = new order($cookie_cart_id);
                         if ($tmpCart->id != $cookie_cart_id) {
                             //cookie set, but we gots no cart in the DB so act as if we had no cookie
                             $cart = new order();
                             $cart->update(array("sessionticket_ticket" => $ticket, 'user_id' => $user->id, 'orig_referrer' => $orig_referrer, 'return_count' => $cart->setReturnCount($orig_referrer)));
                             order::setCartCookie($cart);
                         } else {
                             $u = new user($tmpCart->user_id);
                             //1) Was Not logged in
                             if (empty($tmpCart->user_id)) {
                                 $cart = new order($cookie_cart_id);
                                 //update the session ticket and return count
                                 $cart->update(array('sessionticket_ticket' => $ticket, 'return_count' => $cart->setReturnCount($orig_referrer)));
                                 order::setCartCookie($cart);
                                 flash('message', gt('Welcome back'));
                             } else {
                                 if (!empty($tmpCart->user_id)) {
                                     //check for is admin first
                                     if ($u->isActingAdmin() || $u->isAdmin()) {
                                         //no need to restore anything.
                                         $cart = new order();
                                         $cart->update(array("sessionticket_ticket" => $ticket, 'user_id' => $user->id, 'orig_referrer' => $orig_referrer));
                                         order::setCartCookie($cart);
                                     } else {
                                         if (!empty($tmpCart->user_id) && count($tmpCart->orderitem) == 0) {
                                             //silently copy tracking data from old order and continue on
                                             $cart = new order();
                                             $cart->update(array("sessionticket_ticket" => $ticket, 'user_id' => $user->id, 'orig_referrer' => $orig_referrer, 'return_count' => $tmpCart->setReturnCount($orig_referrer)));
                                             order::setCartCookie($cart);
                                             flash('message', gt('Welcome back'));
                                         } else {
                                             if (!empty($tmpCart->user_id) && count($tmpCart->orderitem) > 0) {
                                                 //3) Was Logged in w/ NON-?real user? account
                                                 //eDebug(expUtil::right($u->username,10),true);
                                                 if ($u->isTempUser()) {
                                                     if (isset($sessAr['validated']) && $sessAr['validated']) {
                                                         //already went through validation and we're good to go
                                                         $cart = new order($sessAr['cid']);
                                                         //update the session ticket and return count
                                                         $cart->update(array('sessionticket_ticket' => $ticket, 'return_count' => $cart->mergeReturnCount($sessioncart->return_count), 'orig_referrer' => $sessioncart->orig_referrer));
                                                         order::setCartCookie($cart);
                                                         expSession::un_set('verify_shopper');
                                                         $user = new user($cart->user_id);
                                                         expSession::login($user);
                                                         //Update the last login timestamp for this user.
                                                         $user->updateLastLogin();
                                                         flash('message', gt('Welcome back') . ' ' . $sessAr['firstname'] . '! ' . gt('Your shopping cart has been restored - you may continue shopping or') . ' <a href="' . makelink(array("controller" => "cart", "action" => "checkout")) . '">checkout</a> ' . gt('at your convenience.'));
                                                     } else {
                                                         //send to verification? If user has elected to restore their cart
                                                         //eDebug($_SESSION);
                                                         if (isset($sessAr['awaiting_choice']) && $sessAr['awaiting_choice'] == true) {
                                                             /*expSession::set('verify_shopper',array('au'=>1,'orig_path'=>$router->current_url, 'firstname'=>$u->firstname, 'cid'=>$cookie_cart_id));
                                                               redirect_to(array("controller"=>"order",'action'=>'verifyReturnShopper'));                                                                     
                                                               orderController::verifyReturnShopper();*/
                                                             //just give em the sessioncart
                                                             $cart = $sessioncart;
                                                             if (count($cart->orderitem) > 0) {
                                                                 //added items to current cart, so we'll assume they do not want to restore the previous at this point
                                                                 expSession::un_set('verify_shopper');
                                                                 order::setCartCookie($cart);
                                                             } else {
                                                                 flash('message', gt('Welcome back') . ' ' . $u->firstname . '! ' . gt('We see that you have shopped with us before.') . '<br><br><a id="submit-verify" href="' . makelink(array("controller" => "order", "action" => "verifyReturnShopper")) . '" rel="nofollow">' . gt('Click Here to Restore Your Previous Shopping Cart') . '</a><br><br><a class="exp-ecom-link" href="' . makelink(array("controller" => "order", "action" => "clearCart", "id" => $cookie_cart_id)) . '">' . gt('Click Here To Start a New Shopping Cart') . '</a>');
                                                                 $sessAr['orig_path'] = $router->current_url;
                                                                 expSession::set('verify_shopper', $sessAr);
                                                             }
                                                         } else {
                                                             //first time...create a default cart, issue message, set session, rinse, repeat
                                                             $cart = new order();
                                                             $cart->update(array("sessionticket_ticket" => $ticket, 'return_count' => $cart->setReturnCount($orig_referrer)));
                                                             expSession::set('verify_shopper', array('au' => 1, 'orig_path' => $router->current_url, 'firstname' => $u->firstname, 'cid' => $cookie_cart_id, 'awaiting_choice' => true));
                                                             //order::setCartCookie($cart);
                                                             flash('message', gt('Welcome back') . ' ' . $u->firstname . '! ' . gt('We see that you have shopped with us before.') . '<br><br><a id="submit-verify" href="' . makelink(array("controller" => "order", "action" => "verifyReturnShopper")) . '" rel="nofollow">' . gt('Click Here to Restore Your Previous Shopping Cart') . '</a><br><br><a class="exp-ecom-link" href="' . makelink(array("controller" => "order", "action" => "clearCart", "id" => $cookie_cart_id)) . '">' . gt('Click Here To Start a New Shopping Cart') . '</a>');
                                                         }
                                                     }
                                                 } else {
                                                     //prompt to login and restore, otherwise reset and start fresh
                                                     //this should be all we need to do here
                                                     //redirect_to(array("controller"=>"order",'action'=>'verifyReturnShopper','au'=>'0'));
                                                     $cart = new order();
                                                     $cart->update(array("sessionticket_ticket" => $ticket, 'user_id' => $user->id, 'orig_referrer' => $orig_referrer));
                                                     order::setCartCookie($cart);
                                                     flash('message', gt('Welcome back') . ' ' . $u->firstname . '! ' . gt('If you would like to pick up where you left off, click here to login and your previous shopping cart will be restored.'));
                                                 }
                                             }
                                         }
                                     }
                                 }
                             }
                         }
                     } else {
                         $cart = new order();
                         $cart->update(array("sessionticket_ticket" => $ticket, 'user_id' => $user->id, 'orig_referrer' => $orig_referrer));
                         order::setCartCookie($cart);
                     }
                 } else {
                     //user is logged in, so we grab their usercart and update the session ticket only
                     //$usercart->update(array('sessionticket_ticket'=>$ticket, 'orig_referrer'=>$orig_referrer));
                     $usercart->update(array('sessionticket_ticket' => $ticket));
                     $cart = $usercart;
                 }
                 //enter here if we HAVE an ACTIVE session/cart, but the user is not logged in
             } elseif (!empty($sessioncart->id) && $user->id == 0) {
                 // the user isn't logged in yet...the session cart will do for now.
                 $cart = $sessioncart;
                 // if we hit here we've found a session cart AND a usercart because the user just logged in
                 // and had both...that means we need to merge them
             } elseif (!empty($sessioncart->id) && !empty($usercart->id)) {
                 // if we hit here we've found a session cart and a usercart...that means we need to merge them
                 // if it's not the same cart.
                 if ($sessioncart->id == $usercart->id) {
                     $cart = $sessioncart;
                 } else {
                     // if the old user cart had gone through any of the checkout process before, than we
                     // will clean that data out now and start fresh.
                     $usercart->cleanOrderitems();
                     //merge the current session cart with previously saved user cart.
                     foreach ($sessioncart->orderitem as $orderitem) {
                         $orderitem->merge(array('orders_id' => $usercart->id, 'user_id' => $user->id));
                     }
                     //if session cart HAS coupon codes, delete usercart codes and copy new code to usercart, else leave be
                     if (count($sessioncart->getOrderDiscounts())) {
                         foreach ($usercart->getOrderDiscounts() as $od) {
                             $od->delete();
                         }
                         foreach ($sessioncart->getOrderDiscounts() as $sod) {
                             $sod->orders_id = $usercart->id;
                             $sod->save();
                         }
                     }
                     $cart = new order($usercart->id);
                     $sessioncart->delete();
                 }
                 order::setCartCookie($cart);
                 expSession::un_set('verify_shopper');
                 // the user doesn't have a cart with his/her user id in it. this probably means they just
                 // logged in so we need to update the cart with the new user id information.
             } elseif (!empty($sessioncart->id) && (empty($usercart->id) && $user->isLoggedIn())) {
                 //$sessioncart->update(array('user_id'=>$user->id, 'orig_referrer'=>$orig_referrer));
                 $sessioncart->update(array('user_id' => $user->id));
                 $cart = $sessioncart;
             }
             $cart->item_count = 0;
             foreach ($cart->orderitem as $items) {
                 if ($items->product->requiresShipping && !$items->product->no_shipping) {
                     $cart->shipping_required = true;
                 }
                 if ($items->product->requiresBilling) {
                     $cart->billing_required = true;
                 }
                 $cart->item_count += $items->quantity;
             }
             $cart->lastcat = expSession::get('last_ecomm_category');
             $cart->total = $cart->getCartTotal();
             //eDebug($cart,true);
             return $cart;
         }
     }
 }
Beispiel #9
0
echo make_link('/news/', 'News');
echo '</h3>';
echo '<h3>Documentation</h3>';
echo '<div class="indent">';
echo menu_link("PECL specific docs", "/doc/index.php");
echo menu_link("Mailing Lists &amp; Support Resources", "/support.php");
echo '</div>';
echo '<h3>Downloads</h3>';
echo '<div class="indent">';
echo menu_link("Browse All Packages", "packages.php");
echo menu_link("Search Packages", "package-search.php");
echo menu_link("Download Statistics", "package-stats.php");
echo '</div>';
if (!empty($auth_user)) {
    echo '<h3>Developers</h3>';
    echo '<div class="indent">';
    echo menu_link("Upload Release", "release-upload.php");
    echo menu_link("New Package", "package-new.php");
    echo '</div>';
    if (user::isAdmin($auth_user->handle)) {
        echo '<h3>Administrators</h3>';
        echo '<div class="indent">';
        echo menu_link("Overview", "/admin/");
        echo menu_link("Maintainers", "/admin/package-maintainers.php");
        echo menu_link("Categories", "/admin/category-manager.php");
        echo '</div>';
    }
}
// XXX Hide for the moment?
menu_link("I want to publish my PHP Extension in PECL", "account-request.php");
response_footer();
Beispiel #10
0
            $msg = $user->login($_POST['username'], $_POST['password']);
            break;
    }
} else {
    if ('register' == $action) {
        die("You are already registered");
    }
    switch ($action) {
        default:
            $msg = returnError("Action not found: {$action}");
            break;
        case 'logout':
            $msg = $user->logout();
            break;
        case 'viewUserList':
            if ($user->isAdmin()) {
                $include = 'admin/userList';
            } else {
                $msg = returnError("Access denied");
            }
            break;
        case 'activateUser':
            if ($user->isAdmin()) {
                $msg = $user->activateUser($_GET['user']);
                $include = 'admin/userList';
            } else {
                $msg = returnError("Access denied");
            }
            $changeURL = TRUE;
            break;
        case 'deactivateUser':
<?php

require_once "page.php";
require_once "model/HomeImage.php";
$params = (require_once dirname(dirname(__FILE__)) . "/config/params.php");
$user = new user();
if (!$user->isAdmin()) {
    header("location:root.php");
    exit;
}
?>

<!doctype html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Document</title>
    <style>
        .table th{
            padding: 0 20px;
        }
        .table td{
            text-align: center;
        }
        .table img{
            width: 120px;
            height: 80px;
        }
        form img{
            width: 120px;
            height: 80px;
Beispiel #12
0
                echo "<b>Successfully logged in.</b><br/>";
                misc::redirect("?pg=news", 1);
            } else {
                echo "Invalid username, or password.<br/>";
                misc::back();
            }
        }
    }
}
?>
	</div> 

	
	
	<?php 
if (user::isAdmin($_SESSION['username'])) {
    echo "\t  \r\n\t<div class='box_one'>\r\n\t<div class='box_one_title'>Admin panel</div>\r\n\t<a href='?pg=admin&act=news'>Edit/add/remove news</a><br />\r\n\t<a href='?pg=admin&act=dl'>Edit/add/remove downloads</a><br />\r\n\t<a href='?pg=admin&act=settings'>Edit settings</a><br />\r\n\t<a href='?pg=admin&act=epin'>Epin system</a><br />\r\n\t</div>";
}
?>
	
	



	<div class="box_one">
	<div class="box_one_title">Fortress Status:</div>
	<table width="100%"><tbody><tr><td><span class="yellow_text">
	<?php 
core::$sql->changeDB("shard");
$hJanganData = core::$sql->fetchArray("select * from _SiegeFortress where FortressID='1'");
$hBanditData = core::$sql->fetchArray("select * from _SiegeFortress where FortressID='3'");
Beispiel #13
0
<?php

include "../function.php";
//$userSelf = new ser();
//检查是否登陆
$isLogin = user::isLogin();
if (!$isLogin) {
    error("你没有权限", "alertGoTo", WEB_HOST . 'index.php');
}
//检查是否登陆
$isAdmins = user::isAdmin();
if (!$isAdmins) {
    error("你没有权限", "alertGoTo", WEB_HOST . 'index.php');
}
//$isLogin = user::isLogin();
//
$u = user::getUserSession();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<?php 
//导入meta数据及js库
echo $systemHead["meta"] . $systemHead["title"] . CSS_BASE . JS_JQUERY . JS_DIALOG . JS_COMMON . LIB_LIGERUI;
?>
<script>
var tab = null;
var accordion = null;
var tree = null;

var isLogin = <?php 
Beispiel #14
0
 function isAdmin()
 {
     if (!isset($this->handle)) {
         return false;
     }
     require_once 'pear-database-user.php';
     return user::isAdmin($this->handle);
 }
Beispiel #15
0
$history = new expHistory();
//<--This is the new flow subsystem
// Initialize the javascript subsystem
if (expJavascript::inAjaxAction()) {
    set_error_handler('handleErrors');
}
// Validate the session and populate the $user variable
if ($db->havedb) {
    $user = new user();
    expSession::validate();
}
/* exdoc
 * The flag to use a mobile theme variation.
 */
if (!defined('MOBILE')) {
    if (defined('FORCE_MOBILE') && FORCE_MOBILE && $user->isAdmin()) {
        define('MOBILE', true);
    } else {
        define('MOBILE', expTheme::is_mobile());
    }
}
// Initialize permissions variables
$exponent_permissions_r = expSession::get("permissions");
// initialize the expRouter
$router = new expRouter();
// Initialize the navigation hierarchy
if ($db->havedb) {
    $sections = expCore::initializeNavigation();
}
/**
 * dumps the passed variable to screen, but only if in development mode
<?php

/*
	Checks if the user is admin...
*/
header('Content-Type: application/json');
require '../class.user.inc';
// GET The info from POST called by Ajax method
$idUser = $_POST['userId'];
$user = new user();
$user->idUsr = $idUser;
//Calls method to store users onto the database and Returns 1 if the the user was stored and 0 if the user could not be stored
$returnInfoUser = $user->isAdmin($user);
//Return for jason to work with
echo json_encode($returnInfoUser);
Beispiel #17
0
/**
 * Prints a tabbed navigation bar for the various package pages.
 *
 * @param int    $pacid   the id number of the package being viewed
 * @param string $name    the name of the package being viewed
 * @param string $action  the indicator of the current page view
 *
 * @return void
 */
function print_package_navigation($pacid, $name, $action)
{
    global $auth_user;
    $items = array('Main' => array('url' => '', 'title' => 'Main view'), 'Download' => array('url' => 'download', 'title' => 'Download releases of this package'), 'Documentation' => array('url' => 'docs', 'title' => 'Read the available documentation'), 'Bugs' => array('url' => 'bugs', 'title' => 'View/Report Bugs'), 'Trackbacks' => array('url' => 'trackbacks', 'title' => 'Show Related Sites'));
    if (isset($auth_user) && is_object($auth_user) && (user::maintains($auth_user->handle, $pacid, 'lead') || user::isAdmin($auth_user->handle) || user::isQA($auth_user->handle))) {
        $items['Edit'] = array('url' => '/package-edit.php?id=' . $pacid, 'title' => 'Edit this package');
        $items['Edit Maintainers'] = array('url' => '/admin/package-maintainers.php?pid=' . $pacid, 'title' => 'Edit the maintainers of this package');
    }
    if (isset($auth_user) && is_object($auth_user) && ($auth_user->isAdmin() || $auth_user->isQA())) {
        $items['Delete'] = array('url' => '/package-delete.php?id=' . $pacid, 'title' => 'Delete this package');
    }
    //echo print_tabbed_navigation($nav_items);
    echo '<div id="nav">' . "\n";
    foreach ($items as $title => $item) {
        if (!empty($item['url']) && $item['url'][0] == '/') {
            $url = $item['url'];
        } else {
            $url = '/package/' . htmlspecialchars($name) . '/' . $item['url'];
        }
        $css = $action == $item['url'] ? ' class="current" ' : '';
        echo make_link($url, $title, '', $css, $item['title']);
    }
    echo '</div>' . "\n";
}
Beispiel #18
0
        if ($GLOBALS['CONFIG']['authen'] == 'mysql') {
            $mail_body .= msg('password') . ': ' . $_POST['password'] . "\n\n";
        }
        $mail_salute = "\n\r" . msg('email_salute') . ",\n\r{$full_name}";
        $mail_to = $new_user_obj->getEmailAddress();
        if ($GLOBALS['CONFIG']['demo'] == 'False') {
            mail($mail_to, $mail_subject, $mail_greeting . ' ' . $mail_body . $mail_salute, $mail_headers);
        }
        $last_message = urlencode(msg('message_user_successfully_added'));
        // Call the plugin API call for this section
        callPluginMethod('onAfterAddUser');
        header('Location: ' . $secureurl->encode('admin.php?last_message=' . $last_message));
    }
} elseif (isset($_POST['submit']) && 'Delete User' == $_POST['submit']) {
    // Make sure they are an admin
    if (!$user_obj->isAdmin()) {
        header('Location:' . $secureurl->encode('error.php?ec=4'));
        exit;
    }
    // form has been submitted -> process data
    // DELETE admin info
    $query = "DELETE FROM {$GLOBALS['CONFIG']['db_prefix']}admin WHERE id = '{$_POST['id']}'";
    $result = mysql_query($query, $GLOBALS['connection']) or die("Error in query: {$query}. " . mysql_error());
    // DELETE user info
    $query = "DELETE FROM {$GLOBALS['CONFIG']['db_prefix']}user WHERE id = '{$_POST['id']}'";
    $result = mysql_query($query, $GLOBALS['connection']) or die("Error in query: {$query}. " . mysql_error());
    // DELETE perms info
    $query = "DELETE FROM {$GLOBALS['CONFIG']['db_prefix']}user_perms WHERE uid = '{$_POST['id']}'";
    $result = mysql_query($query, $GLOBALS['connection']) or die("Error in query: {$query}. " . mysql_error());
    // Change data info to nobody
    $query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}data SET owner='0' where owner = '{$_POST['id']}'";
Beispiel #19
0
// -->
</script>

<?php 
echo "<h1>Edit package</h1>";
if (!isset($_GET['id'])) {
    PEAR::raiseError("No package ID specified.");
    response_footer();
    exit;
}
/**
 * The user has to be either a lead developer of the package or
 * a PEAR administrator.
 */
$lead = user::maintains($auth_user->handle, $_GET['id'], "lead");
$admin = user::isAdmin($auth_user->handle);
if (!$lead && !$admin) {
    PEAR::raiseError("Only the lead maintainer of the package or PEAR\n                      administrators can edit the package.");
    response_footer();
    exit;
}
/** Update */
if (isset($_POST['submit'])) {
    if (!$_POST['name'] || !$_POST['license'] || !$_POST['summary']) {
        PEAR::raiseError("You have to enter values for name, license and summary!");
    }
    $query = 'UPDATE packages SET name = ?, license = ?,
              summary = ?, description = ?, category = ?,
              homepage = ?, cvs_link = ?,
              doc_link = ?, bug_link = ?, unmaintained = ?,
              newpackagename = ?, newchannel = ?
Beispiel #20
0
    if (confirm(message)) {
        location = url;
    }
}
// -->
</script>

<?php 
echo '<h1>Edit Package</h1>';
if (!isset($_GET['id']) || !is_numeric($_GET['id'])) {
    report_error('No package ID specified.');
    response_footer();
    exit;
}
include_once 'pear-database-user.php';
if (!user::maintains($auth_user->handle, $_GET['id'], 'lead') && !user::isAdmin($auth_user->handle) && !user::isQA($auth_user->handle)) {
    report_error('Editing only permitted by package leads, PEAR Admins or PEAR QA');
    response_footer();
    exit;
}
// Update
include_once 'pear-database-package.php';
if (isset($_POST['submit'])) {
    if (!validate_csrf_token($csrf_token_name)) {
        report_error('Invalid token.');
    } elseif (!$_POST['name'] || !$_POST['license'] || !$_POST['summary']) {
        report_error('You have to enter values for name, license and summary!');
    } elseif ($_POST['new_channel'] && !$_POST['new_package'] || $_POST['new_package'] && !$_POST['new_channel']) {
        report_error('You have to enter both channel + package name for packages moved out of PEAR!');
    } else {
        $query = '
Beispiel #21
0
 private static function checkByJevix($text, $autolink = true)
 {
     $jevix = new Jevix();
     //Конфигурация
     if (user::isAdmin()) {
         // Администратору доверяем больше, разрешаем ему втавлять потенциально опасные теги - object, param, embed, video, iframe
         // 1. Устанавливаем разрешённые теги. (Все не разрешенные теги считаются запрещенными.)
         $jevix->cfgAllowTags(array('table', 'tr', 'td', 'th', 'p', 'a', 'img', 'i', 'b', 'u', 'em', 'strong', 'nobr', 'li', 'ol', 'ul', 'sup', 'abbr', 'pre', 'acronym', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'adabracut', 'br', 'code', 'div', 'span', 'object', 'param', 'embed', 'video', 'code', 'iframe', 'hr'));
         // 2. Устанавливаем коротие теги. (не имеющие закрывающего тега)
         $jevix->cfgSetTagShort(array('br', 'img', 'param', 'embed', 'hr'));
         // 3. Устанавливаем преформатированные теги. (в них все будет заменятся на HTML сущности)
         $jevix->cfgSetTagPreformatted(array('pre'));
         // 4. Устанавливаем теги, которые необходимо вырезать из текста вместе с контентом.
         $jevix->cfgSetTagCutWithContent(array('script', 'javascript', 'style', 'applet'));
         // 5. Устанавливаем разрешённые параметры тегов. Также можно устанавливать допустимые значения этих параметров.
         $jevix->cfgAllowTagParams('div', array('class', 'id', 'style'));
         $jevix->cfgAllowTagParams('p', array('style'));
         $jevix->cfgAllowTagParams('h1', array('style'));
         $jevix->cfgAllowTagParams('h2', array('style'));
         $jevix->cfgAllowTagParams('h3', array('style'));
         $jevix->cfgAllowTagParams('h4', array('style'));
         $jevix->cfgAllowTagParams('h5', array('style'));
         $jevix->cfgAllowTagParams('h6', array('style'));
         $jevix->cfgAllowTagParams('span', array('class', 'id', 'style'));
         $jevix->cfgAllowTagParams('a', array('title', 'href', 'target', 'class', 'id', 'rel', 'style'));
         $jevix->cfgAllowTagParams('img', array('style', 'src', 'alt' => '#text', 'title', 'align' => array('right', 'left', 'center'), 'width' => '#text', 'height' => '#int', 'hspace' => '#int', 'vspace' => '#int'));
         $jevix->cfgAllowTagParams('table', array('border', 'class', 'width', 'align', 'valign', 'style', 'id'));
         $jevix->cfgAllowTagParams('tr', array('height', 'class', 'style'));
         $jevix->cfgAllowTagParams('td', array('colspan', 'rowspan', 'class', 'width', 'height', 'align', 'valign', 'style'));
         $jevix->cfgAllowTagParams('th', array('colspan', 'rowspan', 'class', 'width', 'height', 'align', 'valign', 'style'));
         $jevix->cfgAllowTagParams('object', array('width' => '#text', 'height'));
         $jevix->cfgAllowTagParams('param', array('name', 'value'));
         $jevix->cfgAllowTagParams('embed', array('src', 'type', 'allowscriptaccess', 'allowfullscreen', 'width' => '#text', 'height', 'wmode'));
         $jevix->cfgAllowTagParams('iframe', array('src', 'type', 'allowscriptaccess', 'allowfullscreen', 'width' => '#text', 'height', 'wmode', 'frameborder'));
         // 6. Устанавливаем параметры тегов являющиеся обязательными. Без них вырезает тег оставляя содержимое.
         $jevix->cfgSetTagParamsRequired('img', 'src');
         // 9. Устанавливаем автозамену
         $jevix->cfgSetAutoReplace(array('+/-', '(c)', '(r)'), array('±', '©', '®'));
         // 10. Включаем или выключаем режим XHTML. (по умолчанию включен)
         $jevix->cfgSetXHTMLMode(true);
         // 11. Включаем или выключаем режим замены переноса строк на тег
         $jevix->cfgSetAutoBrMode(false);
         // 12. Включаем или выключаем режим автоматического определения ссылок. (по умолчанию включен)
         $jevix->cfgSetAutoLinkMode($autolink);
         // 13. Отключаем типографирование в определенном теге
         $jevix->cfgSetTagNoTypography('code', 'video', 'iframe');
         // 14. Устанавливаем пустые теги
         $jevix->cfgSetTagIsEmpty('iframe');
     } else {
         // 1. Устанавливаем разрешённые теги. (Все не разрешенные теги считаются запрещенными.)
         $jevix->cfgAllowTags(array('table', 'tr', 'td', 'th', 'p', 'a', 'img', 'i', 'b', 'u', 'em', 'strong', 'nobr', 'li', 'ol', 'ul', 'sup', 'abbr', 'pre', 'acronym', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'adabracut', 'br', 'code', 'div', 'span'));
         // 2. Устанавливаем коротие теги. (не имеющие закрывающего тега)
         $jevix->cfgSetTagShort(array('br', 'img'));
         // 3. Устанавливаем преформатированные теги. (в них все будет заменятся на HTML сущности)
         $jevix->cfgSetTagPreformatted(array('pre'));
         // 4. Устанавливаем теги, которые необходимо вырезать из текста вместе с контентом.
         $jevix->cfgSetTagCutWithContent(array('script', 'javascript', 'object', 'iframe', 'style', 'embed', 'applet'));
         // 5. Устанавливаем разрешённые параметры тегов. Также можно устанавливать допустимые значения этих параметров.
         $jevix->cfgAllowTagParams('div', array('class', 'id'));
         $jevix->cfgAllowTagParams('span', array('class', 'id'));
         $jevix->cfgAllowTagParams('a', array('title', 'href', 'target', 'class', 'id'));
         $jevix->cfgAllowTagParams('img', array('src', 'alt' => '#text', 'title', 'align' => array('right', 'left', 'center'), 'width' => '#int', 'height' => '#int', 'hspace' => '#int', 'vspace' => '#int'));
         $jevix->cfgAllowTagParams('table', array('border', 'class', 'width', 'align', 'valign'));
         $jevix->cfgAllowTagParams('tr', array('height', 'class'));
         $jevix->cfgAllowTagParams('td', array('colspan', 'rowspan', 'class', 'width', 'height', 'align', 'valign'));
         $jevix->cfgAllowTagParams('th', array('colspan', 'rowspan', 'class', 'width', 'height', 'align', 'valign'));
         // 6. Устанавливаем параметры тегов являющиеся обязательными. Без них вырезает тег оставляя содержимое.
         $jevix->cfgSetTagParamsRequired('img', 'src');
         //$jevix->cfgSetTagParamsRequired('a', 'href');
         // 7. Устанавливаем теги которые может содержать тег контейнер
         //    cfgSetTagChilds($tag, $childs, $isContainerOnly, $isChildOnly)
         //       $isContainerOnly : тег является только контейнером для других тегов и не может содержать текст (по умолчанию false)
         //       $isChildOnly : вложенные теги не могут присутствовать нигде кроме указанного тега (по умолчанию false)
         //$jevix->cfgSetTagChilds('ul', 'li', true, false);
         // 8. Устанавливаем атрибуты тегов, которые будут добавлятся автоматически
         //$jevix->cfgSetTagParamDefault('a', 'rel', null, true);
         //$jevix->cfgSetTagParamsAutoAdd('a', array('rel' => 'nofollow'));
         //$jevix->cfgSetTagParamsAutoAdd('a', array('name'=>'rel', 'value' => 'nofollow', 'rewrite' => true));
         //$jevix->cfgSetTagParamDefault('img', 'width',  '300px');
         //$jevix->cfgSetTagParamDefault('img', 'height', '300px');
         //$jevix->cfgSetTagParamsAutoAdd('img', array('width' => '300', 'height' => '300'));
         //$jevix->cfgSetTagParamsAutoAdd('img', array(array('name'=>'width', 'value' => '300'), array('name'=>'height', 'value' => '300') ));
         // 9. Устанавливаем автозамену
         $jevix->cfgSetAutoReplace(array('+/-', '(c)', '(r)'), array('±', '©', '®'));
         // 10. Включаем или выключаем режим XHTML. (по умолчанию включен)
         $jevix->cfgSetXHTMLMode(true);
         // 11. Включаем или выключаем режим замены переноса строк на тег <br/>. (по умолчанию включен)
         $jevix->cfgSetAutoBrMode(false);
         // 12. Включаем или выключаем режим автоматического определения ссылок. (по умолчанию включен)
         $jevix->cfgSetAutoLinkMode($autolink);
         // 13. Отключаем типографирование в определенном теге
         $jevix->cfgSetTagNoTypography('code');
     }
     // Переменная, в которую будут записыватся ошибки
     $errors = null;
     return $jevix->parse($text, $errors);
 }
Beispiel #22
0
<?php

include "../function.php";
$isLogin = user::isLogin();
if (!$isLogin) {
    error("你没有权限", "alertGoTo", WEB_HOST . 'index.php');
}
$isAdmin = user::isAdmin();
//
$u = user::getUserSession();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<?php 
//导入meta数据及js库
echo $systemHead["meta"] . $systemHead["title"] . CSS_BASE . JS_JQUERY . JS_COMMON . JS_BASE . JS_DIALOG . LIB_LIGERUI;
?>

<script>

var tab = null;
var accordion = null;
var tree = null;


var isLogin = <?php 
echo json_encode($isLogin);
?>
;
Beispiel #23
0
 static function authHim(ormObject $user)
 {
     if ($user->isInheritor('user')) {
         self::$obj = $user;
         self::$obj->last_visit = date('Y-m-d H:i:s');
         self::$obj->last_ip = $_SERVER['REMOTE_ADDR'];
         self::$obj->error_passw = 0;
         self::$obj->save();
         // Загружаем данные и обновляем сессию
         self::getRights();
         self::$isAdmin = count(self::$right) == 0 ? false : true;
         self::$isGuest = false;
         self::updateSession(self::$obj->id, self::$obj->login, self::$obj->name, self::$obj->email);
         system::log(lang::get('ENTER_USER'), info);
         //запоминаем в куки
         if (!empty($_POST['remember_me'])) {
             SetCookie("remember_me", user::createCookie(), time() + 3600 * 24 * 7, "/", "", 0, true);
         }
         return true;
     }
     return false;
 }
Beispiel #24
0
    public function defAction()
    {
        // Устанавливаем статус системы "в режиме администрирования".
        system::$isAdmin = true;
        page::$macros = 0;
        // Попытка авторизации
        if (!empty($_POST['enter'])) {
            if (!user::auth($_POST['login'], $_POST['passw'])) {
                $this->showAuthForm(1);
            } else {
                header("Location: " . $_SERVER["HTTP_REFERER"]);
            }
        }
        // Если пользователь не админ, показываем форму авторизации
        if (!user::isAdmin()) {
            $this->showAuthForm();
        }
        // Определяем текущий домен
        domains::curDomain();
        // Выход из системы
        if (system::issetUrl(0) && system::url(0) == 'logout') {
            user::logout();
        }
        if (system::url(0) == 'showhide') {
            $_SESSION['SH_FIELDS'] = system::url(1) == 0 ? 'hide' : 'show';
            system::stop();
        }
        // Обработка запросов от поля ObjectLinks
        ui::checkObjectLinks();
        system::$defTemplate = MODUL_DIR . '/mpanel/template/default.tpl';
        // Определяем модуль
        if (!system::issetUrl(0)) {
            system::setUrl(0, user::getDefModul());
        }
        // Если есть ссылка на обработчик формы
        if (!empty($_POST['right'])) {
            system::setUrl(1, system::POST('right', isVarName));
        }
        // Определяем право
        if (system::issetUrl(1)) {
            // Проверяем существует ли указанное право
            if (user::issetRight(system::url(1))) {
                $currRight = system::url(1);
            } else {
                if (user::issetRight(str_replace('_proc', '', system::url(1)))) {
                    $currRight = system::url(1);
                }
            }
        } else {
            // Пытаемся найти право по умолчанию
            $def_right = user::getDefaultRight(system::url(0));
            if ($def_right) {
                $currRight = $def_right;
                system::setUrl(1, $def_right);
            }
        }
        $this->getMenu();
        page::assign('current_url', system::getCurrentUrl());
        page::assign('admin_url', system::au());
        if (!empty($currRight)) {
            // Определяем имя и метод контролера
            $pos = strpos($currRight, '_');
            if ($pos) {
                $class_name = '__' . substr($currRight, 0, $pos);
                $action_name = substr($currRight, $pos + 1, strlen($currRight) - $pos);
            } else {
                $class_name = '__' . $currRight;
                $action_name = 'defAction';
            }
            $mod_name = MODUL_DIR . '/' . system::url(0) . '/' . $class_name . '.php';
            // Пытаемся подгрузить модуль
            if (file_exists($mod_name)) {
                include $mod_name;
                if (file_exists(MODUL_DIR . '/' . system::url(0) . '/lang-ru.php')) {
                    include MODUL_DIR . '/' . system::url(0) . '/lang-ru.php';
                }
                ui::setHeader(lang::right($currRight));
                if (class_exists($class_name)) {
                    eval('$c = new ' . $class_name . '();');
                    if (ui::$stop) {
                        $content = '.';
                    } else {
                        if (method_exists($c, $action_name)) {
                            $content = call_user_func(array($c, $action_name));
                        }
                    }
                }
            }
            if (empty($content)) {
                $msg = lang::get('TEXT_PROC_NOTFOUND2') . '<br />' . system::getCurrentUrl() . '<br /><br />
	                        ' . lang::get('TEXT_PROC_NOTFOUND3') . '<br />' . $mod_name . '<br /><br />
	                        ' . lang::get('TEXT_PROC_NOTFOUND4');
                system::log(lang::get('TEXT_PROC_NOTFOUND') . ' ' . system::getCurrentUrl());
                ui::MessageBox(lang::get('TEXT_PROC_NOTFOUND'), $msg);
                system::redirect('/');
            }
        } else {
            system::log(lang::get('TEXT_ERROR_RIGHT_LOG') . system::getCurrentUrl());
            ui::MessageBox(lang::get('TEXT_ERROR_RIGHT'), lang::get('TEXT_ERROR_RIGHT2'));
            system::redirect('/');
        }
        //Производим сжатие страницы
        if (reg::getKey('/config/gzip')) {
            $PREFER_DEFLATE = false;
            $FORCE_COMPRESSION = false;
            $AE = isset($_SERVER['HTTP_ACCEPT_ENCODING']) ? $_SERVER['HTTP_ACCEPT_ENCODING'] : $_SERVER['HTTP_TE'];
            $support_gzip = strpos($AE, 'gzip') !== FALSE || $FORCE_COMPRESSION;
            $support_deflate = strpos($AE, 'deflate') !== FALSE || $FORCE_COMPRESSION;
            if ($support_gzip && $support_deflate) {
                $support_deflate = $PREFER_DEFLATE;
            }
            if ($support_deflate) {
                header("Content-Encoding: deflate");
                ob_start("compress_output_deflate");
            } else {
                if ($support_gzip) {
                    header("Content-Encoding: gzip");
                    ob_start("compress_output_gzip");
                } else {
                    ob_start();
                }
            }
        }
        return ui::getMainHTML($content);
    }
Beispiel #25
0
function checkUser($user, $pacid = null)
{
    global $dbh;
    $add = $pacid ? 'AND p.id = ' . $dbh->quoteSmart($pacid) : '';
    // It's a lead or user of the package
    $query = "SELECT m.handle\n              FROM packages p, maintains m\n              WHERE\n                 m.handle = ? AND\n                 p.id = m.package {$add} AND\n                 (m.role IN ('lead', 'developer'))";
    $res = $dbh->getOne($query, array($user));
    if ($res !== null) {
        return true;
    }
    // Try to see if the user is an admin
    $res = user::isAdmin($user);
    return $res === true;
}