public function set()
{
daocall('setting', 'add', array('view_dir', $_REQUEST['view_dir']));
daocall('setting', 'add', array('reg_user_price', $_REQUEST['reg_user_price'] * 100));
daocall('setting', 'add', array('reg_off', $_REQUEST['reg_off']));
daocall('setting', 'add', array('findpasswd_off', $_REQUEST['findpasswd_off']));
daocall('setting', 'add', array('try_day', $_REQUEST['try_day']));
if ($_REQUEST['view_dir'] != $this->setting['view_dir']) {
$log = array('operate_object' => 'view_dir=' . $_REQUEST['view_dir'], 'admin' => getRole('admin'), 'operate' => $_REQUEST['c'] . "&a=" . $_REQUEST['a']);
apicall('operatelog', 'operatelogAdd', array($log));
}
if ($_REQUEST['reg_user_price'] * 100 != $this->setting['reg_user_price']) {
$log = array('operate_object' => 'reg_user_price=' . $_REQUEST['reg_user_price'], 'admin' => getRole('admin'), 'operate' => $_REQUEST['c'] . "&a=" . $_REQUEST['a']);
apicall('operatelog', 'operatelogAdd', array($log));
}
if ($_REQUEST['reg_off'] != $this->setting['reg_off']) {
$log = array('operate_object' => 'reg_off=' . $_REQUEST['reg_off'], 'admin' => getRole('admin'), 'operate' => $_REQUEST['c'] . "&a=" . $_REQUEST['a']);
apicall('operatelog', 'operatelogAdd', array($log));
}
if ($_REQUEST['findpasswd_off'] != $this->setting['findpasswd_off']) {
$log = array('operate_object' => 'findpasswd_off=' . $_REQUEST['findpasswd_off'], 'admin' => getRole('admin'), 'operate' => $_REQUEST['c'] . "&a=" . $_REQUEST['a']);
apicall('operatelog', 'operatelogAdd', array($log));
}
return header('Location: ?c=function&a=setFrom');
}
public function index()
{
if (isset($_SESSION[C('USER_AUTH_KEY')])) {
//显示菜单项
$menu = array();
$model = M("AdminMenu");
if (session("administrator")) {
//echo 'dd';
} else {
//echo 'bb';
$uid = getMemberId();
$role = getRole($uid);
//继续。。
//获取用户
}
$list = $model->where('display=1')->order(array('fid' => 'asc', 'sort' => 'asc'))->select();
$menu = fetchMenu($list, 0);
$menu_html = displayMenu($menu, false);
$this->assign('menu', $menu_html);
}
C('SHOW_RUN_TIME', false);
// 运行时间显示
C('SHOW_PAGE_TRACE', false);
$this->display();
}
function login($ip, $nick, $password)
{
/*$intentos = 0;
if (isset($_COOKIE['intentos'])){
$intentos = $_COOKIE['intentos'];
}
if ($intentos <= 3){*/
$hashedPassword = hash("sha256", $password, false);
if (checkNickPassword($nick, $hashedPassword)) {
$email = getEmail($nick);
$_SESSION['nick'] = $nick;
$_SESSION['email'] = $email;
$_SESSION['role'] = getRole($email);
//setcookie( 'intentos', 0, time() + 1800 ); //30 minutos
addAction($nick, $email, $ip, 'logged_in');
addConnection($nick, $email, $ip);
return '0';
// Logged.
} else {
//if ($intentos < 3) {
//setcookie( 'intentos', $intentos + 1, time() + 1800 ); //30 minutos
return '1';
// Log in failed.
}
/*}
setcookie( 'intentos', 0, time() + 1800);
return '2'; // Superado el límite de intentos.
*/
}
function getListByQuery($query, $department, $rtype = '')
{
$sDeptCondition = '';
$sCondition = '';
$sYear = getSchoolYear($this);
if (getRole($this) == 2) {
$sDept = $this->mod->getDeptOfEmployee(getUserId($this));
$sDept = $sDept[0]->department_id;
$sDeptCondition = "employees.department_id = {$sDept} and";
}
$sDeptCondition = '';
$rCondition = '';
if (getRole($this) != 2 && ($department != -1 && !empty($department))) {
$sDeptCondition = "(employees.department_id = {$department}) and";
}
if (!empty($query)) {
$sCondition = "(employees.empno like '%{$query}%' or employees.fname like '%{$query}%' or employees.lname like '%{$query}%') and";
}
$iProfileId = getUserId($this);
if (getRole($this) == 2) {
$sdep = $this->mod->getDeptOfEmployee($iProfileId);
$sDeptCondition = "(employees.department_id = {$sdep[0]->department_id}) and ";
}
if (!empty($rtype)) {
if (strpos($rtype, 'nal') !== false) {
$rCondition = "and if(emp_types.time_unit = 'd', \r\n\r\n (select (sum(abs(datediff(g.end_date, g.start_date)) - abs(g.end_date_hw + g.start_date_hw)) +1)\r\n from \r\n leave_transactions g, leave_credits \r\n where \r\n\r\n employment_id = employment.id and \r\n leave_credits.id = leave_credits_id and \r\n leave_credits.is_base = 1 and g.schoolyear = '{$sYear}'),\r\n\r\n\r\n\r\n\r\n round(( select (sum(timediff(g.end_time,g.start_time)))/10000 from \r\n leave_transactions g \r\n where \r\n\r\n g.employment_id = employment.id and g.schoolyear = '{$sYear}'\r\n\r\n ),2)) is null";
}
}
$query = $this->db->query("\r\n select \r\n employees.id as myid, \r\n employment.*, \r\n employees.*,\r\n ranks.*,\r\n roles.*,\r\n departments.*,\r\n emp_types.*,\r\n status.*,\r\n emp_types.time_unit as timeunit\r\n from \r\n employment, \r\n emp_types, \r\n status, \r\n employees, \r\n emp_types_stat,\r\n ranks,\r\n departments,\r\n roles\r\n where \r\n ({$sCondition} {$sDeptCondition} \r\n employment.emp_types_stat_id = emp_types_stat.id and\r\n \r\n emp_types.id = emp_types_stat.emp_types_id and \r\n \r\n status.id = emp_types_stat.status_id and \r\n \r\n employment.employee_id = employees.id and\r\n \r\n employees.rank_id = ranks.id and\r\n \r\n employees.department_id = departments.id and\r\n \r\n employees.role_id = roles.id) {$rCondition} \r\n\r\n group by employees.department_id, lname, fname\r\n ");
if ($query->num_rows() > 0) {
return $query->result();
} else {
return "";
}
}
function getQueryList($sEmployeeId = '', $sDept = '', $sStat = '', $rType = '')
{
$sCondition = '';
$sDeptCondition = '';
$sStatCondition = '';
$sRtype = '';
if (!empty($sEmployeeId)) {
$sCondition = "and e.id = {$sEmployeeId}";
}
if (!empty($sStat) && strpos($sStat, "All") === false) {
$sStatCondition = "and g.status = '{$sStat}'";
}
if (!empty($sDept) && $sDept != -1) {
$sDeptCondition = "and e.department_id = {$sDept}";
}
if (!empty($rType)) {
$sRtype = '';
}
$iProfileId = getUserId($this);
if (getRole($this) == 2) {
$sdep = $this->mod->getDeptOfEmployee($iProfileId);
$sDeptCondition = "and (e.department_id = {$sdep[0]->department_id})";
} else {
if (getRole($this) == 3) {
$sDeptCondition = "and (e.id = {$iProfileId})";
}
}
$query = $this->db->query("\r\n select \r\n g.*,\r\n concat(e.fname,' ',e.lname) as employee,\r\n datediff(g.end_date, g.start_date) as leaves \r\n from \r\n leave_transactions g, \r\n employees e,\r\n employment em \r\n where (g.employment_id = em.id and em.employee_id = e.id) \r\n {$sCondition} \r\n {$sStatCondition} \r\n {$sDeptCondition}\r\n order by g.filing_date desc");
$aResult = $query->result();
return $query->result();
}
function adminOnly($role)
{
// Redirect all if not admin.
if (getRole() < 3) {
header('Location: /');
exit;
}
}
public function del()
{
$ret = daocall('admin_user', 'delUser', array($_REQUEST['username']));
if ($ret) {
$log = array('admin' => getRole('admin'), 'operate' => $_REQUEST['a'], 'operate_object' => 'username='******'username']);
apicall('operatelog', 'operatelogAdd', array($log));
}
header("Location: ?c=adminuser&a=listUser");
}
public function verificaRespostaCriterio($enterpriseId, $perguntaId, $competitionId)
{
$configDb = Zend_Registry::get('configDb');
$query = $this->select()->setIntegrityCheck(false)->from(array('CHEKEV' => 'CheckerEvaluation'))->join(array('CHEKente' => 'CheckerEnterprise'), 'CHEKEV.CheckerEnterpriseId = CHEKente.ID', NULL)->where('CHEKente.EnterpriseId = ?', $enterpriseId)->where('CHEKEV.QuestionCheckerId = ?', $perguntaId);
$query->reset(Zend_Db_Select::COLUMNS)->columns(array('CHEKEV.QuestionCheckerId', 'CHEKEV.Resposta'));
$objResult = getRole($this->fetchRow($query));
$resposta = array();
$resposta[$objResult['QuestionCheckerId']] = $objResult['Resposta'];
return $resposta;
}
/**
* 用户充值成功,但没有到账,管理员手动给用户确认到账
* Enter description here ...
*/
public function manPayReturn()
{
if (apicall('money', 'payReturn', array($_REQUEST['id']))) {
$this->_tpl->assign('msg', '充值成功');
$log = array('operate_object' => 'id=' . $_REQUEST['id'], 'admin' => getRole('admin'), 'operate' => $_REQUEST['a']);
apicall('operatelog', 'operatelogAdd', array($log));
} else {
$this->_tpl->assign('msg', '充值失败');
}
return $this->display('msg.html');
}
public function delMproductorder()
{
$result = daocall('mproductorder', 'del', array(intval($_REQUEST['id'])));
if (!$result) {
$this->_tpl->assign('msg', '删除失败');
return $this->_tpl->fetch('msg.html');
}
$log = array('operate_object' => 'id=' . $_REQUEST['id'], 'admin' => getRole('admin'), 'operate' => $_REQUEST['a']);
apicall('operatelog', 'operatelogAdd', array($log));
return $this->pageListMproductorder();
}
public function delAgent()
{
if (!daocall('agent', 'del', array($_REQUEST['id']))) {
$this->_tpl->assign('msg', "删除失败");
return $this->_tpl->fetch('msg.html');
}
$log = array('operate_object' => 'id=' . $_REQUEST['id'], 'admin' => getRole('admin'), 'operate' => $_REQUEST['a']);
apicall('operatelog', 'operatelogAdd', array($log));
daocall('user', 'updateUserAgent_idByAent_id', array($_REQUEST['id']));
daocall('agentprice', 'delAgentpriceByAgent_id', array($_REQUEST['id']));
return $this->listAgent();
}
public function login()
{
$user = $this->checkPassword($_REQUEST['username'], $_REQUEST['passwd']);
if (!$user) {
return $this->_tpl->display('login_error.html');
//die('登录错误![<a href="javascript:history.go(-1);">返回</a>]');
}
registerRole('admin', $user['username']);
$_SESSION['admin_last_login'] = $user['last_login'];
$_SESSION['admin_last_ip'] = $user['last_ip'];
$log = array('operate_object' => 'username='******'username'], 'mem' => 'ip=' . $_SERVER["REMOTE_ADDR"], 'admin' => getRole('admin'), 'operate' => $_REQUEST['c'] . "&a=" . $_REQUEST['a']);
apicall('operatelog', 'operatelogAdd', array($log));
header("Location: index.php");
}
function showMyProposalPage()
{
//TODO check for the role of current user
$role = getRole();
if (!Users::isStudent()) {
echo t('You can only see this page as a student');
return;
}
//Get my groups
$my_proposals = Proposal::getInstance()->getMyProposals();
//::getGroups(_ORGANISATION_GROUP);
if (!$my_proposals) {
echo t('You have no proposal at the moment.') . '<br/>';
echo "<a href='" . _WEB_URL . "/projects/browse'>" . t('Please find yourself a project') . "</a>.";
} else {
$current_tab = getRequestVar('new_tab', 0);
showMyProposals($my_proposals, $current_tab);
}
}
public function getSysadmin()
{
$c = new Criteria();
$users = UserPeer::doSelect($c);
foreach ($users as $user1) {
$userrole = $user1->getUserRoles();
$found = false;
foreach ($userroles as $userrole) {
if ($userrole . getRole()->getName() == 'sysadmin') {
$found = true;
break;
}
}
if (found == true) {
return $user1;
}
}
return null;
}
public function moneyout()
{
$page = intval($_REQUEST['page']);
if ($page <= 0) {
$page = 1;
}
$page_count = 15;
$count = 0;
$list = daocall('moneyout', 'pageByUser', array(getRole('user'), $page, $page_count, &$count));
$total_page = ceil($count / $page_count);
if ($page >= $total_page) {
$page = $total_page;
}
$this->_tpl->assign('count', $count);
$this->_tpl->assign('total_page', $total_page);
$this->_tpl->assign('page', $page);
$this->_tpl->assign('page_count', $page_count);
$this->_tpl->assign('list', $list);
return $this->_tpl->fetch('money/moneyout.html');
}
public function pageByuser()
{
$sortname = $_REQUEST['sortname'];
$page = intval($_REQUEST['page']);
if ($page <= 0) {
$page = 1;
}
$page_count = 30;
$count = 0;
$list = daocall('question', 'pageByuser', array(getRole('user'), $page, $page_count, &$count, $sortname));
$total_page = ceil($count / $page_count);
if ($page >= $total_page) {
$page = $total_page;
}
$this->_tpl->assign('sortname', $sortname);
$this->_tpl->assign('count', $count);
$this->_tpl->assign('total_page', $total_page);
$this->_tpl->assign('page', $page);
$this->_tpl->assign('page_count', $page_count);
$this->_tpl->assign('list', $list);
return $this->_tpl->fetch('question/pagelist.html');
}
function chronology($type, $product_id)
{
if ($type == 0) {
$query = "SELECT pp_ref_no,pp_nama_brand,pp_nama_generic,pp_nama,\n DATE_FORMAT(pp_pkk_screen_tkh,'%d/%m/%Y %h:%i:%s %p') AS pp_pkk_screen_tkh FROM p_product\n WHERE pp_kod='{$product_id}'";
$result = selQuery($query);
$row = mysqli_fetch_assoc($result);
$query = "SELECT la_ru_kod,DATE_FORMAT(lab_assign_date,'%d/%m/%Y %h:%i:%s %p') AS lab_assign_date FROM lab_assign\n WHERE la_pp_kod='{$product_id}'";
$result = selQuery($query);
$assign = mysqli_fetch_assoc($result);
?>
<div class="admin-form" id="previewChrono">
<div class="row">
<div class="alert alert-sm alert-border-left alert-primary"><b>Product Information</b></div>
<div class="col-md-6">
<b>Reference No : </b>
<p><?php
echo isEmpty($row['pp_ref_no']);
?>
</p>
</div>
<div class="col-md-6">
<b>Brand Name : </b>
<p><?php
echo isEmpty($row["pp_nama_brand"]);
?>
</p>
</div>
<div class="col-md-6">
<b>Generic Name : </b>
<p><?php
echo isEmpty($row["pp_nama_generic"]);
?>
</p>
</div>
<div class="col-md-6">
<b>Full product name : </b>
<p><?php
echo isEmpty($row["pp_nama"]);
?>
</p>
</div>
</div>
<div class="row">
<div class="section-divider mb40"></div>
</div>
<div class="row">
<ol class="timeline-list">
<!-- <li class="timeline-item">
<div class="timeline-icon bg-warning">
<span class="fa fa-calendar"></span>
</div>
<div class="timeline-desc">
<p>Screening Date</p>
</div>
<div class="timeline-date"><?php
//echo $row['pp_pkk_screen_tkh'];
?>
</div>
</li>
<li class="timeline-item">
<div class="timeline-icon bg-warning">
<span class="fa fa-calendar"></span>
</div>
<div class="timeline-desc">
<p>Product Distribution</p>
<?php
// $labs = "";
// while($lab = mysqli_fetch_assoc($result)) {
// $labs = $labs."<small>".retriveLab($lab['la_ru_kod'])."</small><br />";
// }
// echo $labs;
?>
</div>
<div class="timeline-date"><?php
//echo $assign['lab_assign_date'];
?>
</div>
</li> -->
<?php
$query = "SELECT plc_user,plc_comment,plc_location,DATE_FORMAT(plc_tkh_upd,'%d/%m/%Y %h:%i:%s %p') AS tkh_upd FROM p_lab_comment\n WHERE plc_product_id='{$product_id}' ORDER BY plc_tkh_upd ASC";
$result = selQuery($query);
while ($rows = mysqli_fetch_assoc($result)) {
?>
<li class="timeline-item">
<div class="timeline-icon bg-primary light">
<span class="fa fa-comments-o"></span>
</div>
<div class="timeline-desc">
<div class="chat-widget">
<div class="media" align="left">
<div class="media-left">
<i class="fa fa-user-md fa-3x text-primary"></i>
</div>
<div class="media-body" align="left">
<h5 class="media-heading">
<small><?php
echo getUsername($rows['plc_user']) . " / " . getRole($rows['plc_location']);
?>
</small>
</h5><?php
echo nl2br($rows['plc_comment']);
?>
</div>
</div>
</div>
</div>
<div class="timeline-date"><?php
echo $rows['tkh_upd'];
?>
</div>
</li>
<?php
}
?>
</ol>
</div>
</div>
<?php
} else {
$query = "SELECT kp_sampel_no,kp_product_name FROM k_produk\n WHERE kp_id='{$product_id}'";
$result = selQuery($query);
$row = mysqli_fetch_assoc($result);
?>
<div class="admin-form" id="previewChrono">
<div class="row">
<div class="alert alert-sm alert-border-left alert-alert"><b>Sample Information</b></div>
<div class="col-md-6">
<b>Sample No : </b>
<p><?php
echo isEmpty($row['kp_sampel_no']);
?>
</p>
</div>
<div class="col-md-6">
<b>Product Name : </b>
<p><?php
echo isEmpty($row['kp_product_name']);
?>
</p>
</div>
</div>
<div class="row">
<div class="section-divider mb40"></div>
</div>
<div class="row">
<ol class="timeline-list">
<?php
$query = "SELECT plc_user,plc_comment,plc_location,DATE_FORMAT(plc_tkh_upd,'%d/%m/%Y %h:%i:%s %p') AS tkh_upd FROM p_lab_comment\n WHERE plc_product_id='{$product_id}' ORDER BY plc_tkh_upd ASC";
$result = selQuery($query);
while ($rows = mysqli_fetch_assoc($result)) {
?>
<li class="timeline-item">
<div class="timeline-icon bg-alert light">
<span class="fa fa-comments-o"></span>
</div>
<div class="timeline-desc">
<div class="chat-widget">
<div class="media" align="left">
<div class="media-left">
<i class="fa fa-user-md fa-3x text-alert"></i>
</div>
<div class="media-body" align="left">
<h5 class="media-heading">
<small><?php
echo getUsername($rows['plc_user']) . " / " . getRole($rows['plc_location']);
?>
</small>
</h5><?php
echo nl2br($rows['plc_comment']);
?>
</div>
</div>
</div>
</div>
<div class="timeline-date"><?php
echo $rows['tkh_upd'];
?>
</div>
</li>
<?php
}
?>
</ol>
</div>
</div>
<?php
}
}
function getUser()
{
return getRole(1);
}
function checkBoolPermission($action)
{
global $db, $userdata, $lang;
$role = getRole();
switch ($action) {
case 'VIEW_ALL':
$sql = "SELECT view_all\r\n FROM " . AUCTION_ROLE_TABLE . "\r\n WHERE auction_role_title='" . $role . "'";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not query role permissions', '', __LINE__, __FILE__, $sql);
}
// End if
$row = $db->sql_fetchrow($result);
if ($row['view_all'] == 0) {
return 0;
} else {
return 1;
}
break;
case 'VIEW_OFFER':
$sql = "SELECT view_offer\r\n FROM " . AUCTION_ROLE_TABLE . "\r\n WHERE auction_role_title='" . $role . "'";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not query role permissions', '', __LINE__, __FILE__, $sql);
}
// End if
$row = $db->sql_fetchrow($result);
if ($row['view_offer'] == 0) {
return 0;
} else {
return 1;
}
break;
case 'VIEW_BID_HISTORY':
$sql = "SELECT view_bid_history\r\n FROM " . AUCTION_ROLE_TABLE . "\r\n WHERE auction_role_title='" . $role . "'";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not query role permissions', '', __LINE__, __FILE__, $sql);
}
// End if
$row = $db->sql_fetchrow($result);
if ($row['view_bid_history'] == 0) {
return 0;
} else {
return 1;
}
break;
case 'NEW':
$sql = "SELECT new\r\n FROM " . AUCTION_ROLE_TABLE . "\r\n WHERE auction_role_title='" . $role . "'";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not query role permissions', '', __LINE__, __FILE__, $sql);
}
// End if
$row = $db->sql_fetchrow($result);
if ($row['new'] == 0) {
return 0;
} else {
return 1;
}
break;
case 'BID':
$sql = "SELECT bid\r\n FROM " . AUCTION_ROLE_TABLE . "\r\n WHERE auction_role_title='" . $role . "'";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not query role permissions', '', __LINE__, __FILE__, $sql);
}
// End if
$row = $db->sql_fetchrow($result);
if ($row['bid'] == 0) {
return 0;
} else {
return 1;
}
break;
case 'COMMENT':
$sql = "SELECT comment\r\n FROM " . AUCTION_ROLE_TABLE . "\r\n WHERE auction_role_title='" . $role . "'";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not query role permissions', '', __LINE__, __FILE__, $sql);
}
// End if
$row = $db->sql_fetchrow($result);
if ($row['comment'] == 0) {
return 0;
} else {
return 1;
}
break;
case 'MOVE':
$sql = "SELECT move\r\n FROM " . AUCTION_ROLE_TABLE . "\r\n WHERE auction_role_title='" . $role . "'";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not query role permissions', '', __LINE__, __FILE__, $sql);
}
// End if
$row = $db->sql_fetchrow($result);
if ($row['move'] == 0) {
return 0;
} else {
return 1;
}
break;
case 'DELETE_OFFER':
$sql = "SELECT delete_offer\r\n FROM " . AUCTION_ROLE_TABLE . "\r\n WHERE auction_role_title='" . $role . "'";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not query role permissions', '', __LINE__, __FILE__, $sql);
}
// End if
$row = $db->sql_fetchrow($result);
if ($row['delete_offer'] == 0) {
return 0;
} else {
return 1;
}
break;
case 'DELETE_BID':
$sql = "SELECT delete_bid\r\n FROM " . AUCTION_ROLE_TABLE . "\r\n WHERE auction_role_title='" . $role . "'";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not query role permissions', '', __LINE__, __FILE__, $sql);
}
// End if
$row = $db->sql_fetchrow($result);
if ($row['delete_bid'] == 0) {
return 0;
} else {
return 1;
}
break;
case 'SPECIAL':
$sql = "SELECT special\r\n FROM " . AUCTION_ROLE_TABLE . "\r\n WHERE auction_role_title='" . $role . "'";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not query role permissions', '', __LINE__, __FILE__, $sql);
}
// End if
$row = $db->sql_fetchrow($result);
if ($row['special'] == 0) {
return 0;
} else {
return 1;
}
break;
case 'DIRECT_SELL':
$sql = "SELECT direct_sell\r\n FROM " . AUCTION_ROLE_TABLE . "\r\n WHERE auction_role_title='" . $role . "'";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not query role permissions', '', __LINE__, __FILE__, $sql);
}
// End if
$row = $db->sql_fetchrow($result);
if ($row['direct_sell'] == 0) {
return 0;
} else {
return 1;
}
break;
case 'IMAGE_UPLOAD':
$sql = "SELECT image_upload\r\n FROM " . AUCTION_ROLE_TABLE . "\r\n WHERE auction_role_title='" . $role . "'";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not query role permissions', '', __LINE__, __FILE__, $sql);
}
// End if
$row = $db->sql_fetchrow($result);
if ($row['image_upload'] == 0) {
return 0;
} else {
return 1;
}
break;
}
}
$sql = "SELECT username, role FROM users WHERE id = {$id}";
$result = $db->query($sql);
$results = $result->fetch_assoc();
return $results;
}
function updateRole($role, $id)
{
$db = new mysqli(SERVERNAME, USERNAME, PASSWORD, DBNAME);
$sql = "UPDATE users SET role='{$role}' WHERE id = {$id}";
$result = $db->query($sql);
$db->close();
}
if (isset($_POST['role'])) {
$role = $_POST['role'];
$id = $_POST['id'];
updateRole($role, $id);
header("Location: users.php");
}
if (isset($_GET['id'])) {
$id = $_GET['id'];
$results = getRole($id);
$role = $results["role"];
$username = $results["username"];
if ($role == "admin") {
$selected = '<option value="moderator">Moderator</option>
<option selected="selected" value="admin">Admin</option>';
} elseif ($role == "moderator") {
$selected = '<option selected="selected" value="moderator">Moderator</option>
<option value="admin">Admin</option>';
}
}
public function randPassword()
{
$passwd = getRandPasswd();
if (daocall('user', 'updatePassword', array($_REQUEST['username'], $passwd))) {
$msg = "新密码是: " . $passwd;
} else {
$msg = "重设密码出错";
}
$log = array('operate_object' => 'username='******'username'], 'admin' => getRole('admin'), 'operate' => $_REQUEST['a']);
apicall('operatelog', 'operatelogAdd', array($log));
$this->_tpl->assign('msg', $msg);
return $this->listUser();
}
$pagestart = ($page - 1) * $pagesize;
$query = "select id,name,role,mall_id,shop_id,time,last_ip,now_ip,log_num from admin_manage" . $area . "order by role asc limit " . $pagestart . "," . $pagesize;
$res = mysql_query($query);
while ($row = mysql_fetch_array($res)) {
?>
<tr>
<td><?php
echo $row["id"];
?>
</td>
<td><?php
echo $row["name"];
?>
</td>
<td><?php
echo getRole($row["role"]);
?>
</td>
<td><?php
echo getRoleArea($row["role"], $row["shop_id"], $row["mall_id"]);
?>
</td>
<td><?php
echo $row["last_ip"];
?>
</td>
<td><?php
echo $row["now_ip"];
?>
</td>
<td><?php
private function _edit()
{
$this->verifyForm();
$data = array();
$data['shop_id'] = session('shop_id');
$data['shop_name'] = session('shop_name');
$data['username'] = post('username');
$data['email'] = post('email');
$data['name'] = post('name');
$data['sex'] = post('sex');
$data['phone'] = post('phone');
$data['role_id'] = post('role_id');
$data['role_name'] = getRole($data['role_id']);
$data['status'] = post('status');
$password = post('password');
if (!empty($password)) {
if ($password != post('repassword')) {
$this->error('两次密码不一致!');
}
$data['password'] = md5($password);
}
$shop_mod = m('User');
$r = $shop_mod->update($data, 'id=' . post('id'));
if ($r === false) {
$this->error($shop_mod->error());
} else {
$this->success('保存成功!');
}
}
<?php
include_once './business_logic/functions/database_logic.php';
include_once './business_logic/functions/menu_logic.php';
session_start();
if (!isset($_SESSION['nick'])) {
header('Location: main.php');
}
//$ip = get_client_ip();
$nick = $_SESSION['nick'];
$role = getRole($nick);
//$email = $_SESSION['email'];
if ($role != "admin") {
header('Location: main.php');
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Bigou - Mis Álbumes</title>
<link href="style/bigou_style.css" rel="stylesheet" type="text/css" />
<script language="JavaScript" src="./business_logic/ajax_bl.js"></script>
<script language="JavaScript" type="text/javascript" src="./business_logic/lib/jquery-1.11.3.min.js"></script>
<script>
var role = "<?php
echo $role;
?>
";
if(role=="admin"){
function renderProject($project = '', $target = '', $inline = FALSE, $all_can_edit = _VALS_SOC_MENTOR_ACCESS_ALL)
{
if (!$project) {
return t('I cannot show this project. It seems empty.');
}
if (is_object($project)) {
$project = objectToArray($project);
} else {
//It is NOT an object, so: array
}
$key_name = Groups::keyField(_PROJECT_OBJ);
$id = $project[$key_name];
$type = _PROJECT_OBJ;
$role = getRole();
$content = "<div class=\"totheright\">";
if (_STUDENT_TYPE == getRole()) {
$content .= "<br/><br/><input type='button' onclick=\"getProposalFormForProject(" . $project['pid'] . ")\" value='.t( 'Submit proposal for this project').'/>";
}
$is_inproject_organisation = Groups::isAssociate(_PROJECT_OBJ, $id);
//If not inline and either owner or mentor and mentors allowed to edit...
if (!$inline && ($all_can_edit && $is_inproject_organisation || Groups::isOwner(_PROJECT_OBJ, $id))) {
$delete_action = "onclick='if(confirm(\"" . t('Are you sure you want to delete this project?') . "\")){ajaxCall(\"project\", \"delete\", {type: \"{$type}\", id: {$id}, target: \"{$target}\"}, \"refreshTabs\", \"json\", [\"{$type}\", \"{$target}\", \"project\"]);}'";
$edit_action = "onclick='ajaxCall(\"project\", \"edit\", {type: \"{$type}\", id: {$id}, target: \"{$target}\"}, \"formResult\", \"html\", [\"{$target}\", \"project\"]);'";
$content .= "<input type='button' value='" . t('edit') . "' {$edit_action}/>";
$content .= "<input type='button' value='" . t('delete') . "' {$delete_action}/>";
}
$content .= "</div>";
$content .= "<h2>" . $project['title'] . "</h2>";
if ($is_inproject_organisation) {
$content .= "<h3>Statistics</h3>";
$content .= "<p>Number of student views: " . $project['views'] . "<BR>" . "Number of times marked by a student: " . $project['likes'] . "</p>";
}
$content .= '<p>' . $project['description'] . '</p>';
if ($project['url']) {
$content .= '<p>' . tt('More information can be found at %1$s', "<a href='{$project['url']}'> {$project['url']}</a>") . '</p>';
}
if (!$inline) {
if (getRole() != _ANONYMOUS_TYPE) {
module_load_include('inc', 'vals_soc', 'includes/ui/comments/threaded_comments');
$content .= initComments($id, _PROJECT_OBJ);
}
}
return $content;
}
public function insert()
{
// $os = $this->getOs();
// if(!$os){
// return false;
// }
$data = array('name' => $_REQUEST['name'], 'host' => $_REQUEST['host'], 'nickname' => $_REQUEST['nickname'], 'port' => intval($_REQUEST['port']), 'passwd' => $_REQUEST['passwd']);
$ret = daocall("nodes", "insertNode", array($data));
if ($ret !== false) {
// header("Location: ?c=nodes&a=listNode");
}
$log = array('operate_object' => 'name=' . $_REQUEST['name'], 'admin' => getRole('admin'), 'operate' => $_REQUEST['a']);
apicall('operatelog', 'operatelogAdd', array($log));
$this->flush();
}
$deleteReturnMessage = _("Your request failed because your inputs were invalid.");
} else {
if ($deleteReturn == "success0") {
$deleteReturnMessage = _("Your request was completed successfully.");
$class = "success";
}
}
}
}
}
print "<div class='{$class}'>";
print $deleteReturnMessage;
print "</div>";
}
//Get role within learning area
$role = getRole($_SESSION[$guid]["gibbonPersonID"], $gibbonDepartmentID, $connection2);
if ($role != "Coordinator" and $role != "Assistant Coordinator" and $role != "Teacher (Curriculum)" and $role != "Director" and $role != "Manager") {
print "<div class='error'>";
print _("The selected record does not exist, or you do not have access to it.");
print "</div>";
} else {
?>
<form method="post" action="<?php
print $_SESSION[$guid]["absoluteURL"] . "/modules/" . $_SESSION[$guid]["module"] . "/department_editProcess.php?gibbonDepartmentID={$gibbonDepartmentID}&address=" . $_GET["q"];
?>
" enctype="multipart/form-data">
<table class='smallIntBorder' cellspacing='0' style="width: 100%">
<tr class='break'>
<td colspan=2>
<h3><?php
print _('Overview');
// Check auction_permission
checkPermission('DELETE_OFFER');
// Check if bid exists - this is for cheaters who are not coming via the delete_confirm
$sql = "SELECT FK_auction_offer_last_bid_user_id\r\n FROM " . AUCTION_OFFER_TABLE . "\r\n WHERE PK_auction_offer_id= " . $HTTP_GET_VARS[POST_AUCTION_OFFER_URL] . "";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not query auction-start and stop date', '', __LINE__, __FILE__, $sql);
}
// if
$auction_corresponding_bids_start_stop_row = $db->sql_fetchrow($result);
// if a bid already exists just admins and mods can delete the offer
if ($auction_corresponding_bids_start_stop_row['FK_auction_offer_last_bid_user_id'] != '' and getRole() != 'administrator' and getRole() != 'moderator' and $userdata['user_level'] != ADMIN) {
message_die(GENERAL_MESSAGE, $lang['auction_no_permission_delete_bid_exists']);
}
// if
// registered and auctioneers can only move their own offers
$role = getRole();
if ($role == 'registered' or $role == 'auctioneer') {
$sql = "SELECT FK_auction_offer_user_id\r\n FROM " . AUCTION_OFFER_TABLE . "\r\n WHERE PK_auction_offer_id=" . $HTTP_GET_VARS[POST_AUCTION_OFFER_URL];
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not query offer-seller', '', __LINE__, __FILE__, $sql);
}
$auction_offer = $db->sql_fetchrow($result);
// stop the evil person moving the offer
if ($auction_offer['FK_auction_offer_user_id'] != $userdata['user_id']) {
message_die(GENERAL_MESSAGE, $lang['auction_no_permission_delete']);
}
}
$sql = "SELECT pic_filename\r\n FROM " . AUCTION_IMAGE_TABLE . "\r\n WHERE pic_auction_id = " . $HTTP_GET_VARS[POST_AUCTION_OFFER_URL];
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not select pic information', '', __LINE__, __FILE__, $sql);
}
/**
* @brief Checks if the currently logged-in user is an administrator.
* @returns boolean
*/
function isAdmin()
{
return getRole() == 'Admin';
}
function showProjectPage($show_last = FALSE, $owner_only = false)
{
global $base_url;
//TODO check for the role of current user
$role = getRole();
if (!Users::isMentor()) {
//true for both mentors and organisation admins. Also, they will see their own stuff only
echo t('You are not allowed to see the projects in this view.');
return;
}
//Get my groups
$my_organisations = Groups::getGroups(_ORGANISATION_GROUP);
if (!$my_organisations->rowCount()) {
//There are no organisations yet for this user
if ($role == _ORGADMIN_TYPE) {
echo t('You have no organisation yet.') . '<br/>';
echo "<a href='" . _WEB_URL . "/dashboard/organisation/administer'>" . t('Please go to the organisation register page') . "</a>";
} else {
echo t('You are not connected to any organisation yet.') . '<br/>';
echo "<a href='" . _WEB_URL . "/user/" . Users::getMyId() . "/edit'>" . t('Please edit your account to connect') . "</a>";
}
} else {
$show_all = !(bool) $owner_only;
$owner_id = $GLOBALS['user']->uid;
$orgs = array();
$orgids = array();
foreach ($my_organisations as $org) {
$orgs[] = $org;
$orgids[] = $org->org_id;
}
$projects = Project::getProjectsByUser($owner_id, $orgids, $show_all);
//$my_organisations->fetchCol());
if (!$projects) {
echo $owner_only ? t('You have no project yet registered') : t('There are no projects yet registered.');
echo $owner_only ? "<BR>" . '<a href="' . $base_url . '/dashboard/projects/administer" ' . 'title="Manage all my organisation\'s projects">Manage all my organisation\'s projects</a>' : '';
echo '<h2>' . t('Add a project') . '</h2>';
$tab_prefix = 'project_page-';
$target = "{$tab_prefix}1";
$form = drupal_get_form("vals_soc_project_form", '', 'project_page-1');
$form['submit'] = ajax_pre_render_element($form['submit']);
$add_tab = renderForm($form, $target, true);
$data = array();
$data[] = array(1, 'Add', 'add', _PROJECT_OBJ, '0', "target=admin_container", true, 'adding from the right');
echo renderTabs(1, null, 'project_page-', _PROJECT_OBJ, $data, null, TRUE, $add_tab, 1, _PROJECT_OBJ);
?>
<script type="text/javascript">
transform_into_rte();
activatetabs('tab_', ['project_page-1']);
</script><?php
} else {
echo "<a href='" . _WEB_URL . "/dashboard/projects/administer'>" . t('Show all') . "</a>";
echo " | ";
echo "<a href='" . _WEB_URL . "/dashboard/projects/administer/mine'>" . t('Show only mine') . "</a>";
$org = 1;
$show_org_title = $my_organisations->rowCount() > 1;
$org_key = AbstractEntity::keyField(_ORGANISATION_GROUP);
foreach ($orgs as $organisation) {
$projects = Project::getProjectsByUser($owner_id, array($organisation->{$org_key}), $show_all);
showOrganisationProjects($org, $projects, $organisation, $show_org_title, $show_last, TRUE, $owner_only);
$org++;
}
}
}
}
