exit;
}
if (isset($_GET["popup"])) {
popup();
exit;
}
if (isset($_GET["index"])) {
index();
exit;
}
if (isset($_GET["RoundCubeEnableAddressbook"])) {
RoundCubeEnableAddressbook();
exit;
}
if (isset($_GET["admins"])) {
admins();
exit;
}
if (isset($_GET["find-members"])) {
admins_find();
exit;
}
if (isset($_GET["SearchPattern"])) {
list_users();
exit;
}
if (isset($_GET["admins-add"])) {
admins_add();
exit;
}
if (isset($_GET["admins-del"])) {
/**
* Shows the contact form for the user to fill out
* Needs to be enabled to be used
*/
public function action_contact()
{
global $context, $txt, $user_info, $modSettings;
// Already inside, no need to use this, just send a PM
// Disabled, you cannot enter.
if (!$user_info['is_guest'] || empty($modSettings['enable_contactform']) || $modSettings['enable_contactform'] == 'disabled') {
redirectexit();
}
loadLanguage('Login');
loadTemplate('Register');
if (isset($_REQUEST['send'])) {
checkSession('post');
validateToken('contact');
spamProtection('contact');
// No errors, yet.
$context['errors'] = array();
loadLanguage('Errors');
// Could they get the right send topic verification code?
require_once SUBSDIR . '/VerificationControls.class.php';
require_once SUBSDIR . '/Members.subs.php';
// form validation
require_once SUBSDIR . '/DataValidator.class.php';
$validator = new Data_Validator();
$validator->sanitation_rules(array('emailaddress' => 'trim', 'contactmessage' => 'trim|Util::htmlspecialchars'));
$validator->validation_rules(array('emailaddress' => 'required|valid_email', 'contactmessage' => 'required'));
$validator->text_replacements(array('emailaddress' => $txt['error_email'], 'contactmessage' => $txt['error_message']));
// Any form errors
if (!$validator->validate($_POST)) {
$context['errors'] = $validator->validation_errors();
}
// How about any verification errors
$verificationOptions = array('id' => 'contactform');
$context['require_verification'] = create_control_verification($verificationOptions, true);
if (is_array($context['require_verification'])) {
foreach ($context['require_verification'] as $error) {
$context['errors'][] = $txt['error_' . $error];
}
}
// No errors, then send the PM to the admins
if (empty($context['errors'])) {
$admins = admins();
if (!empty($admins)) {
require_once SUBSDIR . '/PersonalMessage.subs.php';
sendpm(array('to' => array_keys($admins), 'bcc' => array()), $txt['contact_subject'], $_REQUEST['contactmessage'], false, array('id' => 0, 'name' => $validator->emailaddress, 'username' => $validator->emailaddress));
}
// Send the PM
redirectexit('action=contact;sa=done');
} else {
$context['emailaddress'] = $validator->emailaddress;
$context['contactmessage'] = $validator->contactmessage;
}
}
if (isset($_GET['sa']) && $_GET['sa'] == 'done') {
$context['sub_template'] = 'contact_form_done';
} else {
$context['sub_template'] = 'contact_form';
$context['page_title'] = $txt['admin_contact_form'];
require_once SUBSDIR . '/VerificationControls.class.php';
$verificationOptions = array('id' => 'contactform');
$context['require_verification'] = create_control_verification($verificationOptions);
$context['visual_verification_id'] = $verificationOptions['id'];
}
createToken('contact');
}
include_once('ressources/class.ldap.inc');
include_once('ressources/class.roundcube.inc');
include_once('ressources/class.artica.inc');
include_once('ressources/class.ini.inc');
include_once('ressources/class.apache.inc');
if(!CheckPrivs()){
$tpl=new templates();
echo "alert('". $tpl->javascript_parse_text("{ERROR_NO_PRIVS}")."');";
die();exit();
}
if(isset($_GET["popup"])){popup();exit;}
if(isset($_GET["index"])){index();exit;}
if(isset($_GET["RoundCubeEnableAddressbook"])){RoundCubeEnableAddressbook();exit;}
if(isset($_GET["admins"])){admins();exit;}
if(isset($_GET["find-members"])){admins_find();exit;}
if(isset($_GET["SearchPattern"])){list_users();exit;}
if(isset($_GET["admins-add"])){admins_add();exit;}
if(isset($_GET["admins-del"])){admins_del();exit;}
if(isset($_GET["admin-list"])){admins_list();exit;}
js();
function js() {
$tpl=new templates();
$title=$tpl->_ENGINE_parse_body("{APP_ROUNDCUBE}::{global_addressbook}");
$page=CurrentPageName();
$html="
/**
* Allows the user to report a personal message to an administrator.
*
* What it does:
* - In the first instance requires that the ID of the message to report is passed through $_GET.
* - It allows the user to report to either a particular administrator - or the whole admin team.
* - It will forward on a copy of the original message without allowing the reporter to make changes.
*
* @uses report_message sub-template.
*/
public function action_report()
{
global $txt, $context, $user_info, $language, $modSettings;
// Check that this feature is even enabled!
if (empty($modSettings['enableReportPM']) || empty($_REQUEST['pmsg'])) {
fatal_lang_error('no_access', false);
}
$pmsg = (int) $_REQUEST['pmsg'];
if (!isAccessiblePM($pmsg, 'inbox')) {
fatal_lang_error('no_access', false);
}
$context['pm_id'] = $pmsg;
$context['page_title'] = $txt['pm_report_title'];
// We'll query some members, we will.
require_once SUBSDIR . '/Members.subs.php';
// If we're here, just send the user to the template, with a few useful context bits.
if (!isset($_POST['report'])) {
$context['sub_template'] = 'report_message';
// Now, get all the administrators.
$context['admins'] = admins();
// How many admins in total?
$context['admin_count'] = count($context['admins']);
} else {
// Check the session before proceeding any further!
checkSession('post');
// First, load up the message they want to file a complaint against, and verify it actually went to them!
list($subject, $body, $time, $memberFromID, $memberFromName) = loadPersonalMessage($context['pm_id']);
// Remove the line breaks...
$body = preg_replace('~<br ?/?' . '>~i', "\n", $body);
$recipients = array();
$temp = loadPMRecipientsAll($context['pm_id'], true);
foreach ($temp as $recipient) {
$recipients[] = $recipient['link'];
}
// Now let's get out and loop through the admins.
$admins = admins(isset($_POST['id_admin']) ? (int) $_POST['id_admin'] : 0);
// Maybe we shouldn't advertise this?
if (empty($admins)) {
fatal_lang_error('no_access', false);
}
$memberFromName = un_htmlspecialchars($memberFromName);
// Prepare the message storage array.
$messagesToSend = array();
// Loop through each admin, and add them to the right language pile...
foreach ($admins as $id_admin => $admin_info) {
// Need to send in the correct language!
$cur_language = empty($admin_info['lngfile']) || empty($modSettings['userLanguage']) ? $language : $admin_info['lngfile'];
if (!isset($messagesToSend[$cur_language])) {
loadLanguage('PersonalMessage', $cur_language, false);
// Make the body.
$report_body = str_replace(array('{REPORTER}', '{SENDER}'), array(un_htmlspecialchars($user_info['name']), $memberFromName), $txt['pm_report_pm_user_sent']);
$report_body .= "\n" . '[b]' . $_POST['reason'] . '[/b]' . "\n\n";
if (!empty($recipients)) {
$report_body .= $txt['pm_report_pm_other_recipients'] . ' ' . implode(', ', $recipients) . "\n\n";
}
$report_body .= $txt['pm_report_pm_unedited_below'] . "\n" . '[quote author=' . (empty($memberFromID) ? '"' . $memberFromName . '"' : $memberFromName . ' link=action=profile;u=' . $memberFromID . ' date=' . $time) . ']' . "\n" . un_htmlspecialchars($body) . '[/quote]';
// Plonk it in the array ;)
$messagesToSend[$cur_language] = array('subject' => (Util::strpos($subject, $txt['pm_report_pm_subject']) === false ? $txt['pm_report_pm_subject'] : '') . un_htmlspecialchars($subject), 'body' => $report_body, 'recipients' => array('to' => array(), 'bcc' => array()));
}
// Add them to the list.
$messagesToSend[$cur_language]['recipients']['to'][$id_admin] = $id_admin;
}
// Send a different email for each language.
foreach ($messagesToSend as $lang => $message) {
sendpm($message['recipients'], $message['subject'], $message['body']);
}
// Give the user their own language back!
if (!empty($modSettings['userLanguage'])) {
loadLanguage('PersonalMessage', '', false);
}
// Leave them with a template.
$context['sub_template'] = 'report_message_complete';
}
}
function user_is_admin($user_id, $db)
{
$admins = admins($_REQUEST['key'], $user_id, $db);
if (in_array($user_id, $admins)) {
return True;
} else {
$sql = "select account_group from s3db_account where account_id='" . $user_id . "'";
#echo $sql;
$db->query($sql, __LINE__, __FILE__);
if ($db->next_record()) {
$group = $db->f('account_group');
}
if ($group == 'a') {
return True;
} else {
return False;
}
}
}
<?php
/*
* This file is part of Infoschool - a web based school intranet.
* Copyright (C) 2004 Maikel Linke
*/
include 'var.php';
function admins()
{
global $db;
$db->select('person.id, person.first_name, person.last_name from person, admin where person.id=admin.pid');
return $db->data;
}
$output->secure('admin');
$v['admin'] = admins();
$content = new tmpl('index.html', $v);
$output->out($content);
function userAcl($E)
{
extract($E);
#$E must contain at least element_info, user_id_who_asks, and db
#user acl will depend on user being included in 1 of 3 categories:
$admins = admins($key, $user_id_who_asks, $db);
#echo '<pre>';print_r($admins);exit;
$uid = 'U' . $element_info['account_id'];
#$uid = $GLOBALS['Did'];
$shared_with = 'U' . $user_id_who_asks;
$has_permission = has_permission(compact('uid', 'shared_with'), $db);
if (!$model) {
$model = 'nsy';
}
$literal = str_split($model);
$order = range(0, 3);
if ($user_id_who_asks == '1') {
#return ('222');
$maxPerm = str_repeat($literal[2], 3);
return $maxPerm;
} elseif (in_array($user_id_who_asks, $admins) || user_type($user_id_who_asks, $db) == 'a') {
if ($element_info['account_id'] == $user_id_who_asks || $element_info['created_by'] == $user_id_who_asks) {
$maxPerm = str_repeat($literal[2], 3);
return $maxPerm;
} else {
$Perm = $literal[2] . $literal[1] . $literal[2];
##212
return $Perm;
}
} elseif (user_type($user_id_who_asks, $db) == 'p') {
if ($element_info['account_type'] == 'p') {
return $literal[2] . $literal[0] . $literal[1];
} else {
return $literal[2] . $literal[0] . $literal[0];
#200 or ynn
}
} elseif (user_type($user_id_who_asks, $db) == 'u') {
if (in_array('U' . $element_info['user_id'], $admins)) {
return $literal[2] . $literal[0] . $literal[0];
} else {
return $literal[2] . $literal[1] . $literal[1];
}
}
}
