/** * @return array[permission => array[role]] */ function getUserPermissions() { if (null === $this->permissionsCache) { $this->permissionsCache = array(); $implicitRoles = array(); $isOfficer = false; switch (GetUserLevel()) { case 'admin': $implicitRoles[] = 'LEVEL_ADMIN'; // Fall-thru // Fall-thru case 'editor': $implicitRoles[] = 'LEVEL_EDITOR'; // Fall-thru // Fall-thru case 'office': $implicitRoles[] = 'LEVEL_OFFICER'; $isOfficer = true; } // Don't waste a database query if the user isn't logged into the office. // Most of the time this will probably be normal users with no permissions. if ($isOfficer) { $query = $this->db->query(' SELECT role_permission_permission_name AS permission,' . ' role_permission_role_name AS role' . ' FROM role_permissions' . ' LEFT JOIN user_roles' . ' ON user_role_role_name = role_permission_role_name' . ' AND user_role_user_entity_id = ?' . ' WHERE user_role_user_entity_id IS NOT NULL' . (empty($implicitRoles) ? '' : ' OR role_permission_role_name IN ("' . implode('","', $implicitRoles) . '")'), array($this->user_auth->entityId)); foreach ($query->result_array() as $row) { $this->permissionsCache[$row['permission']][] = $row['role']; } } } return $this->permissionsCache; }
/** * @note POST data: * - 'search' (search pattern, optional) */ function attentionlist($content_type_codename) { //check permissions if (!CheckPermissions('office')) { return; } //load Navbar frame $this->_SetupNavbar($content_type_codename); $this->main_frame->SetPage('attentionlist'); $content_type_fullname = $this->pr_model->GetContentTypeNiceName($content_type_codename); $this->main_frame->SetTitleParameters(array('content_type' => $content_type_fullname)); //Load page properties stuff $this->pages_model->SetPageCode('office_review_attention_list'); $data = array(); $data['page_information'] = $this->pages_model->GetPropertyWikiText('page_information'); $data['assigned_venues_text'] = $this->pages_model->GetPropertyWikiText('assigned_venues'); $data['revisions_needing_approval'] = $this->pages_model->GetPropertyWikiText('revisions_needing_approval'); $data['reviews_needing_approval'] = $this->pages_model->GetPropertyWikiText('reviews_needing_approval'); $data['list_text_information'] = $this->pages_model->GetPropertyWikiText('list_text_information'); $data['list_text_reviews'] = $this->pages_model->GetPropertyWikiText('list_text_reviews'); $data['list_text_tags'] = $this->pages_model->GetPropertyWikiText('list_text_tags'); $data['list_text_leagues'] = $this->pages_model->GetPropertyWikiText('list_text_leagues'); $data['list_text_photos'] = $this->pages_model->GetPropertyWikiText('list_text_photos'); $data['list_text_thumbnails'] = $this->pages_model->GetPropertyWikiText('list_text_thumbnails'); $data['content_type_codename'] = $content_type_codename; ///////////////Get Sidebar data //Get Assigned Venues $data['assigned_venues'] = $this->pr_model->GetUsersAssignedReviewVenues($this->user_auth->entityId, $content_type_codename); //Get Leagues $data['leagues'] = $this->leagues_model->getAllLeagues($content_type_codename); $user_level = GetUserLevel(); if ($user_level == "editor" || $user_level == "admin") { //Get Waiting Revisions, (only show if editor, otherwise they cant approve stuff anyway) $data['waiting_revisions'] = $this->pr_model->GetWaitingVenueInformationRevisions($content_type_codename); //Get Waiting Reviews, (only show if editor, otherwise they cant approve stuff anyway) $data['waiting_review_revisions'] = $this->pr_model->GetWaitingVenueReviewRevisions($content_type_codename); } //////Get data for main page lists $data['information_venues'] = $this->pr_model->GetWorstVenuesForInformation($content_type_codename, 5); $data['reviews_venues'] = $this->pr_model->GetWorstVenuesForReviews($content_type_codename, 5); $data['tags_venues'] = $this->pr_model->GetWorstVenuesForTags($content_type_codename, 5); $data['leagues_venues'] = $this->pr_model->GetWorstVenuesForLeagues($content_type_codename, 5); $data['photos_venues'] = $this->pr_model->GetWorstVenuesForPhotos($content_type_codename, 5); $data['thumbnails_venues'] = $this->pr_model->GetVenuesWithoutThumbnails($content_type_codename, 'small'); //no limit, gets all // Set up the public frame to use the directory view $this->main_frame->SetContentSimple('office/reviews/reviewlist_overview', $data); $this->main_frame->Load(); }
function __construct() { parent::Controller(); // Load models $this->load->model('facebookticker_model'); // All functionality in this section requires office access or above if (!CheckPermissions('office')) { return; } // Retrieve access level $this->access = GetUserLevel(); // Make it so that we only need to worry about two levels of access (admin == editor) if ($this->access == 'admin') { $this->access = 'editor'; } }
function UpdatePassword($email, $newPwd) { $res = "-1"; $pwd = ""; $level = GetUserLevel($email); if ($level == "A") { // go to admin table. $pwd = UpdatePasswordUtility($email, $newPwd, "Admin", "AdminEmail", "AdminPwd"); if ($pwd == "1") { $res = "A"; } else { if ($pwd == "-1") { $res = "-A"; } else { if ($pwd == "2") { // user has not signed up $res = "2"; } else { $res = "-1"; } } } } else { if ($level == "B") { // go to director table. $pwd = UpdatePasswordUtility($email, $newPwd, "Director", "DirectorEmail", "DirectorPwd"); if ($pwd == "1") { $res = "B"; } else { if ($pwd == "-1") { $res = "-B"; } else { if ($pwd == "2") { // not signed up yet! $res = "2"; } else { $res = "-1"; } } } } else { if ($level == "C") { // go to mentor table. $pwd = UpdatePasswordUtility($email, $newPwd, "Mentor", "MentorEmail", "MentorPwd"); if ($pwd == "1") { $res = "C"; } else { if ($pwd == "-1") { $res = "-C"; } else { if ($pwd == "2") { $res = "2"; } else { $res = "-1"; } } } } else { if ($level == "D") { // go to mentee table. $pwd = UpdatePasswordUtility($email, $newPwd, "Mentee", "MenteeEmail", "MenteePwd"); if ($pwd == "1") { $res = "D"; } else { if ($pwd == "-1") { $res = "-D"; } else { if ($pwd == "2") { $res = "2"; } else { $res = "-1"; } } } } else { if ($level == "") { // user email not in the user table. $res = "0"; } else { if ($level == "-1") { // error condition. $res = "-1"; } } } } } } return $res; }
" method="post"> <div class="BlueBox"> <h2>about</h2> <div id="name_details"> <p> Organisation name : <strong><?php echo xml_escape($organisation['name']); ?> </strong><br /> Organisation type : <strong><?php echo xml_escape($organisation['type']); ?> </strong><br /> </p> <?php if (PermissionsSubset('pr', GetUserLevel())) { ?> <form> <fieldset> <input name="name_edit_button" type="button" onclick="document.getElementById('name_details').style.display = 'none'; document.getElementById('name_details_form').style.display = 'block';" value="Edit" class="button" /> </fieldset> </form> </div> <div id="name_details_form" style="display: none;"> <form id="org_name" action="<?php echo vip_url('directory/information/changename'); ?> " method="post"> <fieldset> <label for="organisation_name">Name:</label> <input type="text" name="organisation_name" id="organisation_name" value="<?php
/** * @brief Load photo request details */ function view() { /// Make sure users have necessary permissions to view this page if (!CheckPermissions('office')) { return; } /// Get custom page content $this->pages_model->SetPageCode('office_photos'); $request_id = $this->uri->segment(4); if (!$request_id || !is_numeric($request_id)) { redirect('/office/photos/'); } else { /// Get all the information about the specified photo request $data = $this->photos_model->GetPhotoRequestDetails($request_id); if (!$data) { /// If request doesn't exist then redirect redirect('/office/photos/'); } else { /// Get help text for current request status $data['help_text'] = $this->pages_model->GetPropertyWikiText('help_' . $data['status']); /// Check if there are any new suggested photos - ask for confirmation /// @TODO:Ensure request is open for new suggestions if (isset($_SESSION['img'])) { foreach ($_SESSION['img'] as $image) { $data['suggestion'][] = $image['list']; } $data['suggestion'] = array_unique($data['suggestion']); $this->load->library('image'); /// Reset list of new suggestions unset($_SESSION['img']); } /// Add any confirmed suggestions /// @TODO: Don't allow duplicate suggestions if ($this->input->post('r_suggest') == 'Suggest' && $this->input->post('imgid_number')) { for ($i = 0; $i < $this->input->post('imgid_number'); $i++) { if ($this->input->post('imgid_' . $i . '_allow') == 'y') { $this->photos_model->SuggestPhoto($request_id, $this->input->post('imgid_' . $i . '_number'), $this->input->post('imgid_' . $i . '_comment'), $this->user_auth->entityId); } } redirect('/office/photos/view/' . $request_id . '/'); } /// Get suggested photos for request $data['photos'] = $this->photos_model->GetSuggestedPhotos($request_id); /// Get photographers that request can be assigned to $data['photographers'] = $this->photos_model->GetPhotographers(); /// Get comments if (is_numeric($data['comments_thread'])) { $this->load->library('comment_views'); $this->comment_views->SetUri('/office/photos/view/' . $request_id . '/'); $data['comments'] = $this->comment_views->CreateStandard((int) $data['comments_thread'], 1); } /// Get current user's access level $is_editor = GetUserLevel(); if ($is_editor == 'admin') { /// Admin users are effectively editors $is_editor = 'editor'; } if ($data['status'] == 'assigned' && $data['assigned_id'] == $this->user_auth->entityId) { $data['user_level'] = 'photographer'; } elseif ($is_editor == 'editor') { $data['user_level'] = 'editor'; } elseif ($data['reporter_id'] == $this->user_auth->entityId) { $data['user_level'] = 'reporter'; } else { $data['user_level'] = 'everyone'; } /* At this point $data['user_level'] should hold one of the following access levels: * - editor * - photographer * - reporter * - everyone */ /// Access matrix $data['access']['details'] = array('editor' => TRUE, 'photographer' => TRUE, 'reporter' => TRUE, 'everyone' => FALSE); $data['access']['ready'] = array('editor' => TRUE, 'photographer' => TRUE, 'reporter' => TRUE, 'everyone' => FALSE); $data['access']['complete'] = array('editor' => TRUE, 'photographer' => TRUE, 'reporter' => TRUE, 'everyone' => FALSE); $data['access']['cancel'] = array('editor' => TRUE, 'photographer' => TRUE, 'reporter' => TRUE, 'everyone' => FALSE); if ($data['status'] == 'unassigned' || $data['status'] == 'assigned') { $data['request_editable'] = TRUE; } else { $data['request_editable'] = FALSE; $data['access']['details'] = array('editor' => FALSE, 'photographer' => FALSE, 'reporter' => FALSE, 'everyone' => FALSE); } $data['request_finished'] = FALSE; if ($data['status'] == 'deleted' || $data['status'] == 'completed') { $data['request_finished'] = TRUE; } if ($data['status'] == 'completed') { $data['access']['details'] = array('editor' => TRUE, 'photographer' => TRUE, 'reporter' => TRUE, 'everyone' => FALSE); } /// Check if user is trying to cancel or (un)ready a request $special_op = $this->uri->segment(5); if ($special_op) { if ($special_op == 'ready') { if ($data['access']['ready'][$data['user_level']]) { $this->photos_model->FlagRequestReady($request_id); } else { $this->main_frame->AddMessage('error', 'You do not have the necessary permissions to flag this request as being ready.'); } redirect('/office/photos/view/' . $request_id); } elseif ($special_op == 'unready') { if ($data['access']['ready'][$data['user_level']]) { $this->photos_model->FlagRequestReady($request_id, 0); } else { $this->main_frame->AddMessage('error', 'You do not have the necessary permissions to remove the ready flag on this request.'); } redirect('/office/photos/view/' . $request_id); } elseif ($special_op == 'cancel') { if ($data['access']['cancel'][$data['user_level']]) { $this->photos_model->CancelRequest($request_id); } else { $this->main_frame->AddMessage('error', 'You do not have the necessary permissions to cancel this photo request.'); } redirect('/office/photos/view/' . $request_id); } elseif ($special_op == 'select') { if ($data['access']['complete'][$data['user_level']]) { $this->photos_model->SelectPhoto($request_id, $this->uri->segment(6), $this->user_auth->entityId); } else { $this->main_frame->AddMessage('error', 'You do not have the necessary permissions to select the chosen photo for this photo request.'); } redirect('/office/photos/view/' . $request_id); } } /// Check if user is trying to edit request's details if ($this->input->post('r_details') == 'Update') { /// Check the have the necessary permissions to edit if ($data['access']['details'][$data['user_level']]) { $this->photos_model->ChangeDetails($request_id, $this->input->post('r_title'), $this->input->post('r_brief')); $this->main_frame->AddMessage('success', 'Photo request details successfully changed.'); redirect('/office/photos/view/' . $request_id . '/'); } else { $this->main_frame->AddMessage('error', 'You do not have the necessary permissions to edit the details for this photo request, or this request has been completed or cancelled.'); } } /// Check if trying to change assigned photographer if ($this->input->post('r_assign') !== FALSE) { if ($data['status'] == 'unassigned') { if ($data['user_level'] == 'editor' && is_numeric($this->input->post('r_assignuser'))) { $this->photos_model->AssignPhotographer($request_id, $this->input->post('r_assignuser')); redirect('/office/photos/view/' . $request_id); } else { $this->photos_model->AssignPhotographer($request_id, $this->user_auth->entityId, 'accepted'); redirect('/office/photos/view/' . $request_id); } } elseif ($data['status'] == 'assigned') { if ($data['user_level'] == 'photographer') { if ($data['assigned_status'] == 'requested') { $this->photos_model->AssignPhotographer($request_id, $this->user_auth->entityId, 'accepted'); redirect('/office/photos/view/' . $request_id); } elseif ($data['assigned_status'] == 'accepted') { $this->photos_model->AssignPhotographer($request_id, $this->user_auth->entityId, 'declined'); redirect('/office/photos/view/' . $request_id); } } elseif ($data['user_level'] == 'editor') { $this->photos_model->UnassignPhotographer($request_id); redirect('/office/photos/view/' . $request_id); } } } elseif ($this->input->post('r_decline') !== FALSE) { if ($data['status'] == 'assigned' && $data['user_level'] == 'photographer' && $data['assigned_status'] == 'requested') { $this->photos_model->AssignPhotographer($request_id, $this->user_auth->entityId, 'declined'); redirect('/office/photos/view/' . $request_id); } } /// Load image helper to get suggested photos' thumbnails $this->load->library('image'); /// Load main frame with view $this->main_frame->SetContentSimple('office/photos/view', $data); $this->main_frame->Load(); } } }
function _deleteArticle() { $xajax_response = new xajaxResponse(); $article_id = $this->uri->segment(3); $data['article'] = $this->article_model->GetArticleDetails($article_id); // Make it so we only have to worry about two levels of access as admins can do everything editors can $data['user_level'] = GetUserLevel(); if ($data['user_level'] == 'admin') { $data['user_level'] = 'editor'; } // if (($data['user_level'] == 'editor') || ($this->requests_model->IsUserRequestedForArticle($article_id, $this->user_auth->entityId) == 'accepted')) { if ($data['user_level'] == 'editor') { $this->requests_model->DeleteArticle($article_id); $this->main_frame->AddMessage('success', 'The article was successfully deleted.'); $xajax_response->addRedirect('/office/news'); } else { $xajax_response->addAlert('You must be an editor to delete an article!'); } return $xajax_response; }
function contacts($action = "viewgroup", $business_card_group = -1) { if (!CheckPermissions('vip+pr')) { return; } $organisation = VipOrganisation(); $this->pages_model->SetPageCode('viparea_directory_contacts'); $editor_level = PermissionsSubset('pr', GetUserLevel()) || PermissionsSubset('vip', GetUserLevel()); //The pr and vip has all the powers of the editor in the directory, but not in the calendar //Get Data And toolbar $data = $this->organisations->_GetOrgData($organisation); $data['page_information'] = $this->pages_model->GetPropertyWikitext('page_information'); //Delete group if ($this->input->post('group_deletebutton')) { $cards = $this->directory_model->GetDirectoryOrganisationCardsByGroupId($this->input->post('group_id'), true); if (empty($cards)) { $result = $this->businesscards_model->RemoveOrganisationCardGroupById($this->input->post('group_id')); if ($result == 1) { $this->messages->AddMessage('success', 'Group was successfully removed.'); } else { $this->messages->AddMessage('error', 'Group was not removed, the group does not exist.'); } } else { $this->messages->AddMessage('error', 'Group was not removed, you cannot remove groups with cards.'); } //set things back to normal redirect(vip_url('directory/contacts/')); } //rename group if ($this->input->post('group_renamebutton')) { $result = $this->businesscards_model->RenameOrganisationCardGroup($this->input->post('group_id'), $this->input->post('group_name')); if ($result == 1) { $this->messages->AddMessage('success', 'Group was successfully renamed.'); } else { $this->messages->AddMessage('error', 'Group was not renamed, the group does not exist.'); } redirect(vip_url('directory/contacts/viewgroup/' . $this->input->post('group_id'))); } if ($action == "deletecard") { //business_card_group is actually the card id for this action if ($editor_level) { $result = $this->businesscards_model->DeleteBusinessCard($business_card_group); if ($result) { $this->messages->AddMessage('success', 'The contact card was successfully deleted.'); } else { $this->messages->AddMessage('error', 'The contact card was not removed, it does not exist.'); } redirect(vip_url('directory/contacts/')); } else { $this->messages->AddMessage('error', 'You do not have permission to delete contact cards.'); } } if ($action == "approvecard") { //business_card_group is actually the card id for this action if ($editor_level) { $result = $this->businesscards_model->ApproveBusinessCard($business_card_group); if ($result) { $this->messages->AddMessage('success', 'The contact card was successfully approved.'); } else { $this->messages->AddMessage('error', 'The contact card was not approved, it does not exist.'); } //set things back to normal redirect(vip_url('directory/contacts/')); } else { $this->messages->AddMessage('error', 'You do not have permission to approve contact cards.'); } } //Add Groups if ($this->input->post('add_group_button')) { if (!empty($_POST["group_name"])) { $max_order = $this->businesscards_model->SelectMaxGroupOrderById($data['organisation']['id']); $post_data = array('group_name' => $_POST["group_name"], 'organisation_id' => $data['organisation']['id'], 'group_order' => $max_order + 1); $this->businesscards_model->AddOrganisationCardGroup($post_data); $this->messages->AddMessage('success', 'Group was successfully added.'); redirect(vip_url('directory/contacts/')); } } if (!empty($_POST["card_addbutton"])) { if (empty($_POST["card_name"]) || empty($_POST["card_title"])) { $this->messages->AddMessage('error', 'Please include a name and a title for your contact card'); //add failed send the data back into the form $data['card_form'] = $_POST; } else { //find user id if exist if (!empty($_POST["card_username"])) { //find user id from username $user_id = $this->businesscards_model->GetUserIdFromUsername($_POST["card_username"]); } else { $user_id = ""; } //Send message if username was given and no id found if ($user_id == "" && !empty($_POST["card_username"])) { $this->messages->AddMessage('error', 'The user ' . $_POST["card_username"] . ' was not found, you may have spelt the username incorrectly or the user is not on the yorker. You may wish to leave that field blank.'); //add failed send the data back into the form $data['card_form'] = $_POST; } else { //add contact card //@note start time, end time, order, and image id are all currently null and not in use. $this->businesscards_model->NewBusinessCard($user_id, $_POST["group_id"], null, $_POST["card_name"], $_POST["card_title"], $_POST["card_about"], $_POST["card_course"], $_POST["email"], $_POST["phone_mobile"], $_POST["phone_internal"], $_POST["phone_external"], $_POST["postal_address"], 0, null, null, 1); //@note the 1 in the last parameter forces the card to be published when it is created. Beta only. $this->messages->AddMessage('success', 'The contact card was successfully added.'); } redirect(vip_url('directory/contacts/viewgroup/' . $_POST["group_id"])); } } if (!empty($data)) { $this->_SetupOrganisationNavbar(); // Business Card Groups $groups = $this->directory_model->GetDirectoryOrganisationCardGroups($organisation); // translate into nice names for view $data['organisation']['groups'] = array(); foreach ($groups as $group) { $data['organisation']['groups'][] = array('name' => $group['business_card_group_name'], 'href' => vip_url('directory/contacts/viewgroup/' . $group['business_card_group_id']), 'id' => $group['business_card_group_id']); if ($business_card_group == -1) { $business_card_group = $group['business_card_group_id']; } $data['current_group']['id'] = $business_card_group; if ($group['business_card_group_id'] == $business_card_group) { $data['current_group']['name'] = $group['business_card_group_name']; } } //Make sure there are some groups to prevent view break on none. if (empty($groups)) { $data['no_groups'] = true; } else { $data['no_groups'] = false; } // Members data $members = $this->directory_model->GetDirectoryOrganisationCardsByGroupId($business_card_group, true); // translate into nice names for view $data['organisation']['cards'] = array(); foreach ($members as $member) { $data['organisation']['cards'][] = array('user_id' => $member['business_card_user_entity_id'], 'id' => $member['business_card_id'], 'name' => $member['business_card_name'], 'title' => $member['business_card_title'], 'course' => $member['business_card_course'], 'blurb' => $member['business_card_blurb'], 'email' => $member['business_card_email'], 'image_id' => $member['business_card_image_id'], 'phone_mobile' => $member['business_card_mobile'], 'phone_internal' => $member['business_card_phone_internal'], 'phone_external' => $member['business_card_phone_external'], 'postal_address' => $member['business_card_postal_address'], 'approved' => $member['business_card_approved']); } //Put the view in edit mode $data['organisation']['editmode'] = true; // Set up the directory view $the_view = $this->frames->view('directory/viparea_directory_view_members', $data); // Set up the public frame $this->main_frame->SetTitleParameters(array('organisation' => $data['organisation']['name'])); $this->main_frame->SetPage('contacts'); $this->main_frame->SetContent($the_view); } else { $this->load->library('custom_pages'); $this->main_frame->SetContent(new CustomPageView('directory_notindirectory', 'error')); } // Load the public frame view $this->main_frame->Load(); }
function edit($game_id = -1) { if ($game_id == -1) { redirect('office/games'); } if (!CheckPermissions('office')) { return; } $data['is_editor'] = PermissionsSubset('editor', GetUserLevel()); $this->pages_model->SetPageCode('office_games_edit'); $this->load->library('image'); $data['section_games_edit_page_info_title'] = $this->pages_model->GetPropertyText('section_games_edit_page_info_title'); $data['section_games_edit_page_info_text'] = $this->pages_model->GetPropertyWikiText('section_games_edit_page_info_text'); if (isset($_POST['game_title_field']) && isset($_POST['game_width_field']) && isset($_POST['game_height_field'])) { if ($this->games_model->Edit_Game_Update($game_id, $_POST['game_title_field'], $_POST['game_width_field'], $_POST['game_height_field'], PermissionsSubset('editor', GetUserLevel()) and isset($_POST['game_activated_field']))) { $this->main_frame->AddMessage('success', 'Changes saved!', FALSE); } else { $this->main_frame->AddMessage('error', 'Update failed!', FALSE); } } $data['game'] = $this->games_model->Edit_Game_Get($game_id); $data['game']['pathname'] = $this->config->item('static_web_address') . '/games/' . $data['game']['filename']; $data['game']['image'] = $this->image->getImage($data['game']['image_id'], 'gamethumb', array('title' => $data['game']['title'])); $data['game_id'] = $game_id; $this->main_frame->SetContentSimple('office/games/edit', $data); $this->main_frame->Load(); }
function editinfo($campaign_id) { if (!CheckPermissions('office')) { return; } //set the page code and load the required models $this->pages_model->SetPageCode('office_campaign_edit'); $this->load->model('campaign_model', 'campaign_model'); //Get navigation bar and tell it the current page $this->_SetupNavbar($campaign_id); $this->main_frame->SetPage('info'); //get charity from given id $data['campaign']['name'] = $this->campaign_model->GetCampaignNameID($campaign_id); $data['campaign']['id'] = $campaign_id; //get the current users id and office access $data['user']['id'] = $this->user_auth->entityId; $data['user']['is_editor'] = PermissionsSubset('editor', GetUserLevel()); // Set up the view $the_view = $this->frames->view('office/campaign/info', $data); // Set up the public frame $this->main_frame->SetTitleParameters(array('name' => $data['campaign']['name'])); $this->main_frame->SetContent($the_view); // Load the public frame view $this->main_frame->Load(); }
/** * @param $Level string: * - 'public' * - 'student' * - 'organisation' * - 'vip' * - 'office' * - 'pr' * - 'editor' * - 'admin' * @param $RedirectDestination string URI to redirect to on success. * @param $Organisation string Organisation codename to force. * @return Whether successfully logged in yet * * @pre CheckPermissions has already been called. */ function LoginHandler($Level, $RedirectDestination, $Organisation = FALSE) { $CI =& get_instance(); $CI->load->library('messages'); $data = array('target' => $CI->uri->uri_string()); $login_id = ''; if ($Level === 'office') { $page_code = 'login_office'; $login_id = 'office'; $success_msg = $CI->pages_model->GetPropertyText('login:success_office', TRUE); // Find whether to fail $data['failure'] = !$CI->user_auth->officeLogin; if ($data['failure']) { $data['failure_text'] = $CI->pages_model->GetPropertyWikitext('nooffice_text', $page_code); } } elseif ($Level === 'vip') { $page_code = 'login_vip'; $login_id = 'vip'; $success_msg = $CI->pages_model->GetPropertyText('login:success_vip', TRUE); $data['usernames'] = array(); $logins = $CI->user_auth->getOrganisationLogins(); // Find whether to fail $data['failure'] = empty($logins); if ($data['failure']) { $data['failure_text'] = $CI->pages_model->GetPropertyWikitext('novip_text', $page_code); } // Default to an organisation? if (is_string($Organisation)) { // Default organisation is $Organisation foreach ($logins as $login) { $data['usernames'][$login['organisation_entity_id']] = $login['organisation_name']; if ($login['organisation_directory_entry_name'] === $Organisation) { $data['default_username'] = $login['organisation_entity_id']; } } } else { // Don't specify a default foreach ($logins as $login) { $data['usernames'][$login['organisation_entity_id']] = $login['organisation_name']; } } } else { $page_code = 'login_public'; $login_id = 'student'; $success_msg = $CI->pages_model->GetPropertyText('login:success_public', TRUE); $data['username'] = $CI->user_auth->username; $data['keep_login'] = !empty($CI->user_auth->username); $data['failure'] = false; } $data['login_id'] = $login_id; if ($CI->input->post('login_id') === $login_id) { if ($login_id === 'student') { $username = $CI->input->post('username'); } elseif ($login_id === 'vip') { $entity_id = $CI->input->post('username'); } $password = $CI->input->post('password'); $post_data = $CI->input->post('previous_post_data'); if (FALSE !== $post_data) { $data['previous_post_data'] = $post_data; } try { if ($Level === 'vip') { // if office access say have been logged out of vip if ($CI->user_auth->officeType !== 'None') { $CI->user_auth->logoutOffice(); $left_office_message = $CI->pages_model->GetPropertyMessage('msg_left_office_message', $page_code); if (FALSE !== $left_office_message) { $CI->messages->AddMessage(new Message($left_office_message)); } } $CI->user_auth->loginOrganisation($password, $entity_id); } elseif ($Level === 'office') { // if vip access say have been logged out of office if ($CI->user_auth->organisationLogin >= 0) { $CI->user_auth->logoutOrganisation(); $left_vip_message = $CI->pages_model->GetPropertyMessage('msg_left_vip_message', $page_code); if (FALSE !== $left_vip_message) { $CI->messages->AddMessage(new Message($left_vip_message)); } } $CI->user_auth->loginOffice($password); } else { $keep_login = FALSE !== $CI->input->post('keep_login'); $CI->user_auth->login($username, $password, $keep_login); if ($CI->user_auth->firstname == '' && $CI->user_auth->surname == '') { $CI->messages->AddMessage('warning', $CI->pages_model->GetPropertyWikiText('login:no_name_set', TRUE)); } if ($RedirectDestination == '' || $RedirectDestination == '/') { $RedirectDestination = GetDefaultHomepage(); } } $CI->messages->AddMessage('success', '<p>' . $success_msg . '</p>'); if (FALSE !== $post_data) { SetRedirectData($RedirectDestination, $post_data); } redirect($RedirectDestination); return TRUE; } catch (Exception $e) { $CI->messages->AddMessage('error', '<p>' . $e->getMessage() . '</p>'); } } else { $post_data = GetRedirectData(); if (NULL !== $post_data) { $data['previous_post_data'] = $post_data; $CI->messages->AddMessage('information', '<p>The form data you submitted will be sent after you log in from this page. </p>'); } $data['initial_username'] = ''; } // Get various page properties used for displaying the login screen $CI->pages_model->SetPageCode($page_code); // Show "please log in" message if not failed /* if (!$data['failure']) { $permission_message = $CI->pages_model->GetPropertyMessage('msg_permission_message'); if (FALSE !== $permission_message) { $CI->messages->AddMessage(new Message($permission_message), FALSE); } }*/ // Title of login section of page $section_title = $CI->pages_model->GetPropertyText('section_title'); if (!empty($section_title)) { $data['title'] = $section_title; } // Main login message $login_message = $CI->pages_model->GetPropertyText('login_message'); if (!empty($login_message)) { $data['login_message'] = '<p>' . $login_message . '</p>'; } // Items in the right bar $data['rightbar'] = $CI->pages_model->GetPropertyArray('rightbar', array(array('pre' => '[', 'post' => ']', 'type' => 'int'), array('pre' => '.', 'type' => 'enum', 'enum' => array(array('title', 'text'), array('text', 'wikitext'))))); SetupMainFrame(GetUserLevel(), FALSE); $CI->main_frame->SetContentSimple('login/login', $data); $CI->main_frame->Load(); return FALSE; }
unset($links[$i]); } } if (count($links) == 0) { return; } echo ' <ul' . ($firstMenu ? ' class="first"' : '') . '>' . "\n"; echo ' <li class="first">' . $title . '</li>' . "\n"; foreach ($links as $link) { echo ' <li><a href="' . $link[1] . '">' . $link[0] . '</a></li>' . "\n"; } echo ' </ul>' . "\n"; } printMenu($this, 'Office', array(array('Office Home', '/office', ''), array('Office Chat', '/office/irc', 'IRC_CHAT'), array('My Bylines', '/office/bylines', 'BYLINES_VIEW')), true); // Editor and Admins only if (PermissionsSubset('editor', GetUserLevel())) { printMenu($this, 'Admin', array(array('Announcements', '/office/announcements', 'ANNOUNCEMENT_VIEW'), array('Permissions', '/admin/permissions', 'PERMISSIONS_VIEW'), array('Manage Team', '/office/manage/members', 'MANAGE'), array('Manage VIPs', '/office/vipmanager', 'VIPMANAGER_VIEW'), array('Content Schedule', '/office/news/contentschedule', 'ARTICLE_VIEW'), array('Change Live Article', '/office/news/scheduledlive', 'ARTICLE_VIEW'), array('Comment Moderation', '/office/moderator', 'COMMENT_MODERATE'), array('Page Properties', '/admin/pages', 'PAGES_VIEW'), array('Statistics', '/office/stats', 'STATS_VIEW'), array('Feedback', '/admin/feedback', 'FEEDBACK_VIEW'), array('Article Types', '/office/articletypes', 'ARTICLETYPES_VIEW'), array('Special Articles', '/office/specials', 'ARTICLE_VIEW'), array('Facebook Articles', '/office/ticker', 'ARTICLE_VIEW'), array('Advertising', '/office/advertising', 'ADVERTISING_VIEW'), array('Polls', '/office/polls', 'POLLS_VIEW'))); } printMenu($this, 'Sections', array(array('Uni News', '/office/news/uninews', 'ARTICLE_VIEW'), array('Features', '/office/news/features', 'ARTICLE_VIEW'), array('Lifestyle', '/office/news/lifestyle', 'ARTICLE_VIEW'), array('Arts', '/office/news/arts', 'ARTICLE_VIEW'), array('Sport', '/office/news/sport', 'ARTICLE_VIEW'), array('Blogs', '/office/news/blogs', 'ARTICLE_VIEW'), array('Food', '/office/news/food', 'ARTICLE_VIEW'), array('Videocasts', '/office/news/videocasts', 'ARTICLE_VIEW'), array('News Comment', '/office/news/comment', 'ARTICLE_VIEW'), array('Podcasts', '/office/podcasts', 'ARTICLE_VIEW'))); printMenu($this, 'Info + Reviews', array(array('Directory', '/office/prlist', ''), array('Food', '/office/reviewlist/foodreviews', ''), array('Drink', '/office/reviewlist/drinkreviews', ''), array('Review Tags', '/office/reviewtags', ''), array('Leagues', '/office/leagues', ''), array('PR System', '/office/pr/summary', ''), array('Campaigns', '/office/campaign', 'CAMPAIGN_VIEW'), array('Charities', '/office/charity', 'CHARITY_VIEW'), array('How Do I', '/office/howdoi', 'HOWDOI_VIEW'), array('Game Zone', '/office/games', 'GAMEZONE_VIEW'))); printMenu($this, 'Photos', array(array('Photo Requests', '/office/photos', 'GALLERY_VIEW'), array('Gallery', '/office/gallery', 'GALLERY_VIEW'), array('Homepage Banners', '/office/banners', 'BANNERS_VIEW'))); printMenu($this, 'Homepage', array(array('Quotes', '/office/quotes', 'QUOTES_VIEW'), array('Links', '/office/links', 'LINKS_VIEW'), array('Style Guide', '/office/guide', 'ARTICLE_VIEW'))); ?> <?php if (isset($extra_menu_buttons) && !empty($extra_menu_buttons)) { echo '<ul>'; foreach ($extra_menu_buttons as $key => $button) { echo '<li' . (!$key ? ' class="first"' : '') . '>'; if (is_string($button)) { echo $button; } else {
function __construct() { parent::__construct('templates/list'); $config = get_instance()->config->item('comments'); $this->SetData('Mode', $config['edit']['moderator'] && PermissionsSubset('moderator', GetUserLevel()) ? 'mod' : null); $this->SetData('Threaded', true); $this->mMaxPerPage = $config['max_per_page']; }
function _updateHeadlines($revision, $headline, $subheadline, $subtext, $blurb, $wiki, $create_cache, $fact_heading, $fact_text) { $this->load->library('image'); $xajax_response = new xajaxResponse(); $article_id = $this->uri->segment(3); // Make it so we only have to worry about two levels of access as admins can do everything editors can $data['user_level'] = GetUserLevel(); if ($data['user_level'] == 'admin') { $data['user_level'] = 'editor'; } if ($data['user_level'] == 'editor' || $this->requests_model->IsUserRequestedForArticle($article_id, $this->user_auth->entityId) == 'accepted') { if (is_numeric($revision)) { $headline = $this->input->xss_clean($headline); $subheadline = $this->input->xss_clean($subheadline); $subtext = $this->input->xss_clean($subtext); $blurb = $this->input->xss_clean($blurb); $wiki = $this->input->xss_clean($wiki); $fact_heading = $this->input->xss_clean($fact_heading); $fact_text = $this->input->xss_clean($fact_text); $revision = $this->article_model->GetArticleRevisionToEdit($article_id, $this->user_auth->entityId, $revision); $wiki_cache = ''; // if ($create_cache) { $this->load->library('wikiparser'); $data['photo_requests'] = $this->photos_model->GetPhotoRequestsForArticle($article_id); foreach ($data['photo_requests'] as $photo) { $this->wikiparser->add_image_override($photo['photo_number'], $this->image->getThumb($photo['chosen_photo'], 'medium', true), $photo['title']); } $wiki_cache = $this->wikiparser->parse($wiki); // } if ($revision == 0) { $revision = $this->article_model->CreateNewRevision($article_id, $this->user_auth->entityId, $headline, $subheadline, $subtext, $blurb, $wiki, $wiki_cache); } else { $this->article_model->UpdateRevision($revision, $headline, $subheadline, $subtext, $blurb, $wiki, $wiki_cache); } $this->article_model->UpdateRevisionFactBox($revision, $fact_heading, $fact_text); $xajax_response->addScriptCall('headlinesUpdates', $revision, date('H:i:s')); } else { $xajax_response->addAlert('Invalid revision number, please try reloading the page.'); } } else { $xajax_response->addAlert('You do not have the permissions required to edit the details for this article!'); } return $xajax_response; }
/** * ACTIVITY */ function getActivity($count = 30, $start_date = NULL) { if (empty($start_date)) { $start_date = mktime(); } $implicitRoles = array(); switch (GetUserLevel()) { case 'admin': $implicitRoles[] = 'LEVEL_ADMIN'; // Fall-thru // Fall-thru case 'editor': $implicitRoles[] = 'LEVEL_EDITOR'; // Fall-thru // Fall-thru case 'office': $implicitRoles[] = 'LEVEL_OFFICER'; } $sql = 'SELECT notifications.notification_id AS id, notifications.notification_type AS type, notifications.notification_subject AS subject, notifications.notification_wikitext_cache AS wikitext, notifications.notification_user_entity_id AS user_id, notifications.notification_byline_business_card_id AS byline_id, UNIX_TIMESTAMP(notifications.notification_date) AS date, notifications_recipients.notification_read AS opened, CONCAT(users.user_firstname, " ", users.user_surname) AS user_name FROM notifications INNER JOIN users ON notifications.notification_user_entity_id = users.user_entity_id LEFT JOIN notifications_recipients ON ( notifications_recipients.notification_id = notifications.notification_id AND notifications_recipients.notification_user_entity_id = ? ) WHERE notifications.notification_deleted = 0 AND ( notifications.notification_role IN ( SELECT user_role_role_name FROM user_roles WHERE user_role_user_entity_id = ? ) OR notifications.notification_role IN ("' . implode('","', $implicitRoles) . '") OR notifications_recipients.notification_user_entity_id IS NOT NULL OR notifications.notification_permission IN ( SELECT role_permission_permission_name FROM role_permissions WHERE role_permission_role_name IN ( SELECT user_role_role_name FROM user_roles WHERE user_role_user_entity_id = ? ) OR role_permission_role_name IN ("' . implode('","', $implicitRoles) . '") ) ) AND UNIX_TIMESTAMP(notifications.notification_date) <= ? ORDER BY notifications.notification_date DESC LIMIT 0, ?'; $query = $this->db->query($sql, array($this->user_auth->entityId, $this->user_auth->entityId, $this->user_auth->entityId, $start_date, $count)); return $query->result(); }
function update() { if (!CheckPermissions('office', false)) { return; } // Allow admins to do this, in case somebody screws with permissions. if (GetUserLevel() != 'admin') { $requiredPermissions = array(); if (isset($_POST['roles'])) { $requiredPermissions[] = 'PERMISSIONS_MODIFY_ROLES'; } if (isset($_POST['users'])) { $requiredPermissions[] = 'PERMISSIONS_MODIFY_USERS'; } if (!CheckRolePermissions($requiredPermissions)) { return; } } else { $this->load->model('permissions_model'); } // Confirm changes if (isset($_POST['roles'])) { $roleChangesPost = $_POST['roles']; $roleChanges = array(); foreach ($roleChangesPost as $addrem => $changes) { foreach ($changes as $change_info) { if (isset($change_info['r']) && isset($change_info['p'])) { $roleChanges[$addrem][$change_info['r']][] = $change_info['p']; } } } if (isset($roleChanges[1])) { $this->permissions_model->removeRolePermissions($roleChanges[1]); } if (isset($roleChanges[0])) { $this->permissions_model->addRolePermissions($roleChanges[0]); } } if (isset($_POST['users'])) { $userChangesPost = $_POST['users']; $userChanges = array(); foreach ($userChangesPost as $addrem => $changes) { foreach ($changes as $change_info) { if (isset($change_info['u']) && isset($change_info['r'])) { $userChanges[$addrem][$change_info['u']][] = $change_info['r']; } } } if (isset($userChanges[1])) { $this->permissions_model->removeUserRoles($userChanges[1]); } if (isset($userChanges[0])) { $this->permissions_model->addUserRoles($userChanges[0]); } } }
function _article($article_type = 'uninews', $article_id = NULL, $CommentInclude = 0) { // Load public view if (!CheckPermissions('public')) { return; } $type_info = $this->News_model->getArticleTypeInformation($article_type); if (count($type_info) == 0) { $article_type = 'uninews'; $type_info = $this->News_model->getArticleTypeInformation($article_type); } // The precise article wasn't given so we should show the default. // Redirect to the correct URL so that google doesn't index section pages. // Get a minimum of information so the redirect is fast. if ($article_id === NULL) { list($content_codename, $article_id) = $this->News_model->GetDefaultArticleInfo($article_type); if (is_numeric($article_id)) { redirect('news/' . $content_codename . '/' . $article_id); } } // Get the latest article ids from the model. $latest_article_ids = $this->News_model->GetLatestId($article_type, 13); if ($type_info['parent_id'] != NULL) { $parent = $this->News_model->getArticleTypeCodename($type_info['parent_id']); $this->pages_model->SetPageCode('news_' . $parent['content_type_codename']); $this->main_frame->SetTitleParameters(array('section' => ' - ' . $type_info['name'])); } else { $this->pages_model->SetPageCode('news_' . $article_type); if ($type_info['has_children']) { $this->main_frame->SetTitleParameters(array('section' => '')); } } // Get page specific attributes if ($article_type == 'uninews') { $data['rss_feed_title'] = $this->pages_model->GetPropertyText('rss_feed_title'); } // Get variable content based on article type $data['article_type'] = $article_type; $data['puffer_heading'] = $this->pages_model->GetPropertyText('puffer_heading'); $data['latest_heading'] = $this->pages_model->GetPropertyText('latest_heading'); $data['other_heading'] = $this->pages_model->GetPropertyText('other_heading'); $data['related_heading'] = $this->pages_model->GetPropertyText('related_heading'); $data['links_heading'] = $this->pages_model->GetPropertyText('links_heading'); // $latest_article_ids has already been found above if ($type_info['has_children'] || $type_info['parent_id'] != NULL) { $this->load->library('image'); if ($type_info['section'] == 'blogs') { if ($type_info['parent_id'] != NULL) { $temp_type = $parent['content_type_codename']; } if ($type_info['has_children']) { $temp_type = $article_type; } $data['blogs'] = $this->News_model->getSubArticleTypes($temp_type); foreach ($data['blogs'] as &$blog) { $blog['image'] = '/image/' . $blog['image_codename'] . '/' . $blog['image']; } } else { $temp_type = $article_type; if ($type_info['parent_id'] != NULL) { $temp_type = $parent['content_type_codename']; } $data['puffers'] = $this->News_model->getSubArticleTypes($temp_type); foreach ($data['puffers'] as &$puffer) { $puffer['image'] = '/image/' . $puffer['image_codename'] . '/' . $puffer['image']; } } } /// Get requested article id if submitted $url_article_id = $article_id; // Check if an article id was requested, if so check that the type of article it corresponds // to is correct for the current news view, otherwise 404 (so that search engines do not index duplicate pages). if ($url_article_id !== NULL) { if (is_numeric($url_article_id) && $this->News_model->IdIsOfType($url_article_id, $article_type)) { /// Check if requested article is already one of the IDs returned $found_article = array_search($url_article_id, $latest_article_ids); if ($found_article !== FALSE) { /// If it is, remove it from the list unset($latest_article_ids[$found_article]); } /// Put request article id onto front of array so that it becomes the main article $latest_article_ids = array_merge(array($url_article_id), $latest_article_ids); } else { return show_404(); } } /// Get all of the latest article if (isset($_SESSION['office_news_preview'])) { $main_article = $this->News_model->GetFullArticle($latest_article_ids[0], '', '%W, %D %M %Y', $_SESSION['office_news_preview']); $data['office_preview'] = 1; unset($_SESSION['office_news_preview']); } else { /// If there are no articles for this particular section then show a page anyway if (count($latest_article_ids) == 0) { $main_article = array('placeholder' => true, 'id' => 0, 'date' => date('l, jS F Y'), 'location' => 0, 'public_thread_id' => NULL, 'heading' => $this->pages_model->GetPropertyText('news:no_articles_heading', TRUE), 'subheading' => NULL, 'subtext' => NULL, 'text' => $this->pages_model->GetPropertyWikitext('news:no_articles_text', TRUE), 'blurb' => NULL, 'authors' => array(), 'links' => array(), 'related_articles' => array(), 'fact_boxes' => array(), 'poll_id' => NULL); } else { $main_article = $this->News_model->GetFullArticle($latest_article_ids[0]); /// Check if article requested doesn't exist if ($main_article === NULL) { redirect('/news/' . $article_type); } } } if ($main_article['poll_id'] !== NULL) { $this->load->model('polls_model'); $poll_info = $this->polls_model->GetPollDetails($main_article['poll_id']); //$poll_options = $this->polls_model->GetPollChoices($main_article['poll_id']); $user_info = $this->polls_model->GetCompetitionContactDetails($this->user_auth->entityId); if (!$poll_info['deleted'] && mktime() > $poll_info['start_time']) { $poll_message = ''; if (!$this->user_auth->isLoggedIn) { $poll_message = 'Please <a href="/login/main/news/' . $article_type . '/' . $article_id . '">login</a> to enter this competition.'; } elseif (!$this->user_auth->isUser) { $poll_message = 'Sorry, organisations may not enter competitions. Please login as an individual to enter.'; } elseif ($this->user_auth->officeLogin) { $poll_message = 'Sorry, members of The Yorker may not enter competitions.'; } elseif ($this->polls_model->HasUserVoted($main_article['poll_id'], $this->user_auth->entityId)) { $poll_message = 'Thank you for entering this competition.'; } elseif (mktime() > $poll_info['finish_time']) { $poll_message = 'Sorry, this competition is now closed.'; } elseif (!empty($_POST['york_score']) && !empty($_POST['lancs_score'])) { /* Roses Special Competition */ //} elseif (isset($_POST['comp_answer'])) { if ($user_info['user_firstname'] == '' || $user_info['user_surname'] == '') { $this->messages->AddMessage('error', 'Please make sure you enter your name before entering this competition.'); //} elseif ($this->polls_model->IsChoicePartOfPoll($main_article['poll_id'], $_POST['comp_answer'])) { // $this->polls_model->SetUserPollVote($main_article['poll_id'], $this->user_auth->entityId, $_POST['comp_answer']); } else { $this->load->model('roses_model'); $this->roses_model->enterComp($main_article['poll_id'], $this->user_auth->entityId, $_POST['york_score'], $_POST['lancs_score']); $this->messages->AddMessage('success', 'You have successfully been entered into the competition.'); } redirect('/news/' . $article_type . '/' . $article_id); } $main_article['article_poll'] = array('info' => $poll_info, 'message' => $poll_message, 'user' => $user_info); $this->load->library('wikiparser'); $main_article['article_poll']['info']['question'] = $this->wikiparser->parse($main_article['article_poll']['info']['question']); } } //Set page title to include headline $this->main_frame->SetTitleParameters(array('headline' => $main_article['heading'])); /// Get some of the 2nd- and 3rd-latest articles $news_previews = array(); for ($index = 1; $index <= 4 && $index < count($latest_article_ids); $index++) { array_push($news_previews, $this->News_model->GetSummaryArticle($latest_article_ids[$index], "Right")); } /// Get less of the next 3 newest articles $news_others = array(); for ($index = 5; $index < count($latest_article_ids); $index++) { array_push($news_others, $this->News_model->GetSimpleArticle($latest_article_ids[$index], "Left")); } /// Get comments for article if (is_numeric($main_article['public_thread_id'])) { $this->load->library('comment_views'); if (FALSE === $CommentInclude) { $CommentInclude = NULL; } $this->comment_views->SetUri('/news/' . $article_type . '/' . $latest_article_ids[0] . '/'); $data['comments'] = $this->comment_views->CreateStandard((int) $main_article['public_thread_id'], $CommentInclude); } $access_level = GetUserLevel(); if ($access_level == 'editor' || $access_level == 'admin') { $data['editor_tools'] = true; } /// Gather all the data into an array to be passed to the view $data['main_article'] = $main_article; $data['news_previews'] = $news_previews; $data['news_others'] = $news_others; /// Facebook share link info $this->main_frame->SetData('description', $main_article['blurb']); $this->main_frame->SetData('medium_type', 'news'); if (isset($main_article['primary_photo_link'])) { $this->main_frame->SetData('main_image', $main_article['primary_photo_link']); } // Set up the public frame if ($article_type == 'videocasts') { $this->main_frame->SetContentSimple('news/videocasts', $data); } else { $this->main_frame->SetContentSimple('news/news', $data); } // Load the public frame view (which will load the content view) $this->main_frame->Load(); }
function information($ContextType, $organisation, $action = 'view', $revision_id = FALSE) { /// @todo add show all option backend if (!CheckPermissions('office')) { return; } $this->pages_model->SetPageCode('office_reviews_information'); $editor_level = PermissionsSubset('editor', GetUserLevel()); //Get navigation bar and tell it the current page $data = $this->organisations->_GetOrgData($organisation); $data['page_information'] = $this->pages_model->GetPropertyWikitext('page_information'); $data['context_type'] = $ContextType; $this->_SetupNavbar($organisation, $ContextType); $this->main_frame->SetPage('information'); //test to allow a person to view deleted revisions $show_all_revisions = false; if ($action == 'viewall') { if ($editor_level) { $show_all_revisions = true; } else { $this->messages->AddMessage('error', 'You do not have permission to view deleted revisions'); } $action = 'view'; } if ($action == 'assign') { //There are two types of assignment. Url /assign/ where a user assigns themselfs. And by Posting a form, where an editor can assign anyone. $this->load->model('pr_model'); $content_type_id = $this->pr_model->GetContentTypeId($ContextType); if (isset($_POST['assign_reporter'])) { //There is form post, so treat and check as an editor if ($editor_level) { if ($_POST['assign_reporter'] == 'unassign') { $this->pr_model->AssignReviewVenueToUser($data['organisation']['id'], $content_type_id); $this->messages->AddMessage('success', 'The assigned user has been removed.'); } else { $user_id = (int) $_POST['assign_reporter']; //check for post $this->pr_model->AssignReviewVenueToUser($data['organisation']['id'], $content_type_id, $user_id); $this->messages->AddMessage('success', 'The user has been assigned to the venue.'); } } else { $this->messages->AddMessage('error', 'Only aditors can assign someone else to a venue.'); } } else { //there is no form post, so assume its a writer wanting to assign themselfs. $user_owns = $this->pr_model->IsUserAssignedToReviewVenue($ContextType, $organisation); if ($user_owns) { $this->pr_model->AssignReviewVenueToUser($data['organisation']['id'], $content_type_id, $this->user_auth->entityId); $this->messages->AddMessage('success', 'You have been assigned to this venue.'); } else { $this->messages->AddMessage('error', 'This venue is already assigned to someone else!'); } } $revision_id = FALSE; //have used this parameter for user id! Better clear it so other functions dont think i want a revision. $action = 'view'; } if ($action == 'unassign') { //this action is only used by non editors wanting to unassign themselfs. Editors dont unassign people the reassign something to someone (inculding the null person) //Check the user is unassigning themselfs only! $this->load->model('pr_model'); $content_type_id = $this->pr_model->GetContentTypeId($ContextType); $user_owns = $this->pr_model->IsUserAssignedToReviewVenue($ContextType, $organisation, $this->user_auth->entityId); if ($user_owns) { $this->pr_model->AssignReviewVenueToUser($data['organisation']['id'], $content_type_id); $this->messages->AddMessage('success', 'You have been unassigned from this venue.'); } else { $this->messages->AddMessage('error', 'You can only unassign yourself from a venue.'); } $revision_id = FALSE; $action = 'view'; } if ($action == 'delete') { if ($editor_level) { if (TRUE) { /// @todo Review context revision removal. $this->messages->AddMessage('error', 'Removal of revisions is not yet available'); } else { $result = $this->directory_model->FlagEntryRevisionAsDeletedById($organisation, $revision); if ($result == 1) { $this->messages->AddMessage('success', 'Directory revision successfully removed.'); } else { $this->messages->AddMessage('error', 'Directory revision was not removed, revision does not exist or is live.'); } } } else { $this->messages->AddMessage('error', 'You do not have permission to remove revisions.'); } $action = 'view'; } if ($action == 'restore') { //Check Permissions if ($editor_level) { if (TRUE) { /// @todo Review context revision restoration. $this->messages->AddMessage('error', 'Restoration of revisions is not yet available'); } else { //Send and get data $result = $this->directory_model->FlagEntryRevisionAsDeletedById($organisation, $revision, false); if ($result == 1) { $this->messages->AddMessage('success', 'Directory revision was restored successfully.'); } else { $this->messages->AddMessage('error', 'Directory revision was not restored it does not exist or it is not deleted.'); } } } else { $this->messages->AddMessage('error', 'You do not have permission to restore revisions'); } $action = 'view'; } if ($action == 'publish') { //Check Permissions if ($editor_level) { //Send and get data $result = $this->review_model->PublishContextContentRevision($organisation, $ContextType, $revision_id); if ($result) { $this->messages->AddMessage('success', 'Review page revision was published successfully.'); } else { $this->messages->AddMessage('error', 'Review page revision was not published as it does not exist or is already live.'); } } else { $this->messages->AddMessage('error', 'You do not have permission to publish revisions'); } $action = 'view'; } if ('preview' === $action) { $here = site_url('office/reviews/' . $organisation . '/' . $ContextType . '/information'); $revision = $this->review_model->GetReviewContextContentRevisions($organisation, $ContextType, $revision_id === TRUE ? -1 : $revision_id); if (!array_key_exists(0, $revision)) { $action = 'view'; } else { //Show a toolbar in a message for the preview. $published = $revision[0]['published']; $user_level = GetUserLevel(); $is_deleted = $revision[0]['deleted']; if ($published) { $message = 'This is a preview of the current published review page.<br />'; } else { if ($is_deleted) { $message = 'This is a preview of a <span class="red">deleted</span> review page revision.<br />'; } else { $message = 'This is a preview of a review page revision.<br />'; } } $message .= '<a href="' . $here . '/view/' . $revision_id . '">Go Back</a>'; if ($published == false) { if ($editor_level) { $message .= ' | <a href="' . $here . '/publish/' . $revision_id . '">Publish This Revision</a>'; } if ($is_deleted) { if ($editor_level) { $message .= ' | <a href="' . $here . '/restore/' . $revision_id . '">Restore This Revision</a>'; } } else { $message .= ' | <a href="' . $here . '/delete/' . $revision_id . '">Delete This Revision</a>'; } } $this->messages->AddMessage('information', $message); $this->load->library('Review_views'); $this->review_views->SetRevision(is_numeric($revision_id) ? $revision_id : -1); $this->review_views->DisplayReview($ContextType, $organisation); } } if ('view' === $action) { $this->load->model('requests_model'); $this->load->model('article_model'); // Insert main text from pages information (sample) $data['main_text'] = $this->pages_model->GetPropertyWikitext('main_text'); // Handle submitted data if ($this->input->post('reviewinfo_rating') != false) { // Set up validation library $this->load->library('validation'); $this->validation->set_error_delimiters('<li>', '</li>'); // Specify validation rules $rules['reviewinfo_about'] = 'trim|required|xss_clean'; $rules['reviewinfo_rating'] = 'trim|required|numeric'; $rules['reviewinfo_js_rating'] = 'trim|required|numeric'; $rules['reviewinfo_use_js_rating'] = 'trim|required|numeric'; $rules['reviewinfo_quote'] = 'trim|required|xss_clean'; $rules['reviewinfo_recommended'] = 'trim|xss_clean'; $rules['reviewinfo_average_price'] = 'trim|xss_clean'; $rules['reviewinfo_serving_hours'] = 'trim|xss_clean'; $this->validation->set_rules($rules); // Set field names for displaying in error messages $fields['reviewinfo_about'] = 'blurb'; $fields['reviewinfo_rating'] = 'rating'; $fields['reviewinfo_js_rating'] = 'js_rating'; $fields['reviewinfo_use_js_rating'] = 'use_js_rating'; $fields['reviewinfo_quote'] = 'quote'; $fields['reviewinfo_recommended'] = 'recommended item'; $fields['reviewinfo_average_price'] = 'average price'; $fields['reviewinfo_serving_hours'] = 'serving hours'; $this->validation->set_fields($fields); // Run validation $errors = array(); if ($this->validation->run()) { if ($this->input->post('reviewinfo_deal_expires') != false) { if (!$this->input->post('reviewinfo_deal')) { array_push($errors, 'Please enter deal information or remove the deal expiry date.'); } if (strtotime($this->input->post('reviewinfo_deal_expires')) == false) { array_push($errors, 'Please enter the deal expiry date in the format yyyy-mm-dd'); } } // If there are no errors, insert data into database if (count($errors) == 0) { //The rating could have come from the nice js or the ugly drop down list, check which was being used. if ($this->input->post('reviewinfo_use_js_rating')) { $rating = $this->input->post('reviewinfo_js_rating'); } else { $rating = $this->input->post('reviewinfo_rating'); } if ($this->review_model->SetReviewContextContent($organisation, $ContextType, $this->user_auth->entityId, $this->input->post('reviewinfo_about'), $this->input->post('reviewinfo_quote'), $this->input->post('reviewinfo_average_price'), $this->input->post('reviewinfo_recommended'), $rating, $this->input->post('reviewinfo_serving_hours'))) { $this->messages->AddMessage('success', 'Review information updated.'); } else { $this->messages->AddMessage('error', 'Review information could not be updated.'); } } } // If there are errors, display them if ($this->validation->error_string != '') { $this->messages->AddMessage('error', 'We were unable to process the information you submitted for the following reasons:<ul>' . $this->validation->error_string . '</ul>'); } elseif (count($errors) > 0) { $temp_msg = ''; foreach ($errors as $error) { $temp_msg .= '<li>' . $error . '</li>'; } $this->messages->AddMessage('error', 'We were unable to process the information you submitted for the following reasons:<ul>' . $temp_msg . '</ul>'); } } // Get revision data from model $data['revisions'] = $this->review_model->GetReviewContextContentRevisions($organisation, $ContextType); $data['show_all_revisions'] = $show_all_revisions; $data['user_is_editor'] = $editor_level; //get assigned user stuff $data['reviewers'] = $this->requests_model->getReporters(); $data['assigned_user_you'] = $this->pages_model->GetPropertyWikitext('assigned_user_you'); $data['assigned_user_none'] = $this->pages_model->GetPropertyWikitext('assigned_user_none'); $data['assigned_user_editor'] = $this->pages_model->GetPropertyWikitext('assigned_user_editor'); // Get context contents from model $data['main_revision'] = $this->review_model->GetReviewContextContents($organisation, $ContextType, $revision_id); if ($data['main_revision'] == FALSE) { //Error is not needed, as the blanks make it obvious that no review context exists. Nse500 //$this->messages->AddMessage('error', 'Review context '.$revision_id.' does not exist'); $data['main_revision']['content_id'] = 0; $data['main_revision']['content_blurb'] = ''; $data['main_revision']['content_quote'] = ''; $data['main_revision']['average_price'] = ''; $data['main_revision']['recommended_item'] = ''; $data['main_revision']['content_rating'] = 5; $data['main_revision']['serving_times'] = ''; $data['main_revision']['deal'] = ''; $data['main_revision']['deal_expires'] = ''; } //get reviews for areas for attention $temp_reviews = $this->review_model->GetOrgReviews($ContextType, $data['organisation']['id']); if (is_array($temp_reviews)) { foreach ($temp_reviews as $review) { $temp['writers'] = $this->requests_model->GetWritersForArticle($review['id']); $temp['article'] = $this->article_model->GetArticleHeader($review['id']); $temp['article']['id'] = $review['id']; $data['reviews'][] = $temp; } } // Set up the public frame $this->main_frame->SetContentSimple('office/reviews/office_review_information', $data); } $this->main_frame->SetTitleParameters(array('organisation' => $data['organisation']['name'], 'content_type' => ucfirst($ContextType))); // Load the public frame view $this->main_frame->Load(); }
/** * @param $Permission string Permission level of page * @pre user_auth library loaded. */ function GenerateToplinks($Permission) { $CI =& get_instance(); $UserLevel = GetUserLevel(); $top_links = array(); $log_out = array('log out', site_url('logout/main' . $CI->uri->uri_string())); $username = $CI->user_auth->username; $enter_office = array('enter office', site_url('office')); $go_office = array('office', site_url('office')); $enter_vip = array('enter VIP area', site_url('viparea')); $go_vip = array('VIP area', site_url('viparea')); switch ($UserLevel) { case 'public': if ($CI->uri->segment(1) !== 'login') { $top_links[] = array('log in', site_url('login/main' . $CI->uri->uri_string())); } $top_links[] = array('register', site_url('/register')); break; case 'student': $top_links[] = 'logged in as ' . $username; if ($CI->user_auth->officeLogin) { $top_links[] = $enter_office; } //@TODO: Should display to VIPs too, for now displayed to everyone nse500 //if ($CI->user_auth->officeLogin) { $top_links[] = $enter_vip; //} $top_links[] = $log_out; break; case 'organisation': case 'vip': if ($Permission === 'public' || $Permission === 'student') { $top_links[] = 'logged in as ' . $username; $top_links[] = $go_vip; if ($UserLevel === 'vip') { $top_links[] = array('leave VIP area', site_url('logout/vip' . $CI->uri->uri_string())); } } elseif ($Permission === 'vip') { $top_links[] = 'in VIP area of ' . VipOrganisationName(TRUE) . ' as ' . $username; if ($UserLevel === 'vip') { $top_links[] = array('leave VIP area', site_url('logout/vip')); } } $top_links[] = $log_out; break; case 'office': case 'editor': case 'manage': case 'admin': if ($Permission === 'public' || $Permission === 'student') { $top_links[] = 'logged in as ' . $username; $top_links[] = $go_office; $top_links[] = array('leave office', site_url('logout/office' . $CI->uri->uri_string())); } elseif ($Permission === 'office' || $Permission === 'editor' || $Permission === 'admin') { $top_links[] = 'in office as ' . $username; $top_links[] = array('leave office', site_url('logout/office')); } elseif ($Permission === 'pr') { $top_links[] = 'in PR area of ' . VipOrganisationName(TRUE) . ' as ' . $username; $top_links[] = array('office', site_url('office')); $top_links[] = array('leave office', site_url('logout/office')); } elseif ($Permission === 'manage') { $top_links[] = 'in management area of ' . VipOrganisationName(TRUE) . ' as ' . $username; $top_links[] = array('office', site_url('office')); $top_links[] = array('leave office', site_url('logout/office')); } $top_links[] = $log_out; break; } return $top_links; /* office | editor | admin [public | student] >enter office if (office) !you're still in office 'in office as %%username%%' >leave office */ }
function admin($article_id = 1682, $entry_id = NULL) { if (!CheckPermissions('office')) { return; } if (GetUserLevel() == 'editor' || GetUserLevel() == 'admin' || true) { $this->load->model('roses_model'); $this->load->model('photos_model'); $this->load->library('image'); $this->load->library('wikiparser'); // Set winning team indicators $this->wikiparser->add_image_override(-1, '<img src="/images/version2/rose_lancashire.png" alt="Lancaster" />', 'Lancaster Win'); $this->wikiparser->add_image_override(-2, '<img src="/images/version2/rose_yorkshire.png" alt="York Win" />', 'York Win'); $this->wikiparser->add_image_override(-3, '<img src="/images/version2/rose_draw.png" alt="Draw" />', 'Draw'); $photo_requests = $this->photos_model->GetPhotoRequestsForArticle($article_id); foreach ($photo_requests as $photo) { $this->wikiparser->add_image_override($photo['photo_number'], $this->image->getThumb($photo['photo_id'], $photo['photo_codename'], true), $photo['photo_caption']); } $data = array(); if ($this->roses_model->isLiveBlog($article_id)) { if (is_numeric($entry_id) && !empty($_POST['edit' . $entry_id])) { $blog_entry = $_POST['entry' . $entry_id]; $blog_entry_cache = $this->wikiparser->parse($blog_entry); $this->roses_model->updateBlogEntry($entry_id, $blog_entry, $blog_entry_cache, $this->user_auth->entityId); $this->_updateArticle($article_id, $this->user_auth->entityId); $this->main_frame->AddMessage('success', 'Blog entry was successfully edited.'); redirect('/office/liveblog/admin/' . $article_id); } if (is_numeric($entry_id) && !empty($_POST['delete' . $entry_id])) { $this->roses_model->deleteBlogEntry($entry_id); $this->_updateArticle($article_id, $this->user_auth->entityId); $this->main_frame->AddMessage('success', 'Blog entry was successfully deleted!'); redirect('/office/liveblog/admin/' . $article_id); } if (is_numeric($article_id) && !empty($_POST['postnew'])) { $blog_entry = "'''" . date('H:i') . "''' " . $_POST['postcontent']; $twitter_update = $_POST['postcontent']; $blog_entry_cache = $this->wikiparser->parse($blog_entry); $this->roses_model->addBlogEntry($article_id, $blog_entry, $blog_entry_cache, $this->user_auth->entityId); $this->_updateArticle($article_id, $this->user_auth->entityId); if (!empty($_POST['posttwitter'])) { // Post to public Twitter feed $TwitterFeed = new TwitterXML($this->config->item('twitter_feed_userid'), $this->config->item('twitter_feed_passwd')); $TwitterFeed->updateStatus($twitter_update); } $this->main_frame->AddMessage('success', 'New Blog entry added.'); redirect('/office/liveblog/admin/' . $article_id); } $data['article_id'] = $article_id; $data['content'] = $this->roses_model->getLiveBlog($article_id); // Set up the content $this->main_frame->SetContentSimple('office/liveblog/admin', $data); $this->main_frame->Load(); } else { $this->main_frame->AddMessage('error', 'Requested article ID is not setup for Live Blogging.'); redirect('/office/liveblog'); } } else { $this->main_frame->AddMessage('error', 'ACCESS DENIED'); redirect('/office/liveblog'); } }
function Login($email, $pwd) { $res = "-1"; $login = ""; $team = ""; $level = GetUserLevel($email); if ($level == "A") { // go to admin table. $login = LoginUtility($email, $pwd, "Admin", "AdminEmail", "AdminPwd"); if ($login == "1") { $res = "A"; } else { if ($login == "0") { $res = "-A"; } else { $res = "-1"; } } } else { if ($level == "B") { // go to director table. $login = LoginUtility($email, $pwd, "Director", "DirectorEmail", "DirectorPwd"); if ($login == "1") { $res = "B"; } else { if ($login == "0") { $res = "-B"; } else { $res = "-1"; } } } else { if ($level == "C") { // go to mentor table. $login = LoginUtility($email, $pwd, "Mentor", "MentorEmail", "MentorPwd"); if ($login == "1") { $res = "C"; } else { if ($login == "0") { $res = "-C"; } else { $res = "-1"; } } } else { if ($level == "D") { // go to mentee table. // check if the given user email address is in the team table. $team = CheckTeamMember($email); $login = LoginUtility($email, $pwd, "Mentee", "MenteeEmail", "MenteePwd"); if ($login == "1") { $res = "D"; } else { if ($login == "0") { $res = "-D"; } else { $res = "-1"; } } } else { if ($level == "") { // user email not in the user table. $res = "0"; } else { if ($level == "-1") { // error condition. $res = "-1"; } } } } } } echo $res . " ~~ " . $team; }