Ejemplo n.º 1
0
 function can_do($user_access_group, $action)
 {
     if ($user_access_group == 'SUDO') {
         return TRUE;
     }
     $permissions = get_permissions();
     if (!isset($permissions[$user_access_group][$action['class']])) {
         return FALSE;
     }
     $permission = $permissions[$user_access_group][$action['class']];
     if (is_bool($permission)) {
         return $permission;
     }
     if (!isset($permission[$action['method']])) {
         return FALSE;
     }
     $permission = $permission[$action['method']];
     if (is_array($permission)) {
         return $permission[0];
     }
     return $permission;
 }
Ejemplo n.º 2
0
        $chemin_sous_dossier = $dossier;
        $perms_dossier = get_permissions($chemin_sous_dossier);
        if ($perms_dossier != $thisSite->DROITS_DOSSIER_ECRITURE) {
            $infos .= "<div class='erreur'>ATTENTION: Les droits du dossier " . strtoupper($chemin_sous_dossier) . " sont à " . $perms_dossier . " alors qu'ils devraient être à " . $thisSite->DROITS_DOSSIER_ECRITURE . "</div>";
            $erreur_perms = 1;
        }
    }
    $chemin_sous_dossier = $racine_smarty . "smarty/templates_c/";
    $perms_dossier = get_permissions($chemin_sous_dossier);
    if ($perms_dossier != $thisSite->DROITS_DOSSIER_ECRITURE) {
        $infos .= "<div class='erreur'><br>ATTENTION: Les droits du dossier " . strtoupper($chemin_sous_dossier) . " sont à " . $perms_dossier . " alors qu'ils devraient être à " . $thisSite->DROITS_DOSSIER_ECRITURE . "</div>";
        $erreur_perms = 1;
    }
    $chemin_sous_dossier = $racine_smarty . "smarty/cache/";
    $perms_dossier = get_permissions($chemin_sous_dossier);
    if ($perms_dossier != $thisSite->DROITS_DOSSIER_ECRITURE) {
        $infos .= "<div class='erreur'>ATTENTION: Les droits du dossier " . strtoupper($chemin_sous_dossier) . " sont à " . $perms_dossier . " alors qu'ils devraient être à " . $thisSite->DROITS_DOSSIER_ECRITURE . "</div>";
        $erreur_perms = 1;
    }
    $chemin_sous_dossier = $racine_smarty . $thisSite->DOS_LOGS;
    $perms_dossier = get_permissions($chemin_sous_dossier);
    if ($perms_dossier != $thisSite->DROITS_DOSSIER_ECRITURE) {
        $infos .= "<div class='erreur'><br>ATTENTION: Les droits du dossier " . strtoupper($chemin_sous_dossier) . " sont à " . $perms_dossier . " alors qu'ils devraient être à " . $thisSite->DROITS_DOSSIER_ECRITURE . "</div>";
        $erreur_perms = 1;
    }
    if ($erreur_perms == 1) {
        $infos .= "<br><div class='erreur'>CELA PEUT POSER DES PROBLEMES LORS DE L'AJOUT DE FICHIERS (UPLOAD)</div>";
        $infos .= "<div class='erreur'>CONTACTER LE WEBMASTER POUR QU'IL CORRIGE LE PROBLEME.</div>";
    }
}
$smarty->assign("infos", $infos);
Ejemplo n.º 3
0
 list($UserID, $PermissionID, $CustomPermissions, $PassHash, $Secret, $Enabled) = $DB->next_record(MYSQLI_NUM, array(2));
 if (strtotime($BannedUntil) < time()) {
     if ($UserID && $PassHash == make_hash($_POST['password'], $Secret)) {
         if ($Enabled == 1) {
             $SessionID = make_secret();
             $Cookie = $Enc->encrypt($Enc->encrypt($SessionID . '|~|' . $UserID));
             if (isset($_POST['keeplogged']) && $_POST['keeplogged']) {
                 $KeepLogged = 1;
                 setcookie('session', $Cookie, time() + 60 * 60 * 24 * 365, '/', '', false);
             } else {
                 $KeepLogged = 0;
                 setcookie('session', $Cookie, 0, '/', '', false);
             }
             //TODO: another tracker might enable this for donors, I think it's too stupid to bother adding that
             // Because we <3 our staff
             $Permissions = get_permissions($PermissionID);
             $CustomPermissions = unserialize($CustomPermissions);
             if (isset($Permissions['Permissions']['site_disable_ip_history']) || isset($CustomPermissions['site_disable_ip_history'])) {
                 $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
             }
             $DB->query("INSERT INTO users_sessions\n\t\t\t\t\t\t\t(UserID, SessionID, KeepLogged, Browser, OperatingSystem, IP, LastUpdate)\n\t\t\t\t\t\t\tVALUES ('{$UserID}', '" . db_string($SessionID) . "', '{$KeepLogged}', '{$Browser}','{$OperatingSystem}', '" . db_string($_SERVER['REMOTE_ADDR']) . "', '" . sqltime() . "')");
             $Cache->begin_transaction('users_sessions_' . $UserID);
             $Cache->insert_front($SessionID, array('SessionID' => $SessionID, 'Browser' => $Browser, 'OperatingSystem' => $OperatingSystem, 'IP' => $_SERVER['REMOTE_ADDR'], 'LastUpdate' => sqltime()));
             $Cache->commit_transaction(0);
             $Sql = "UPDATE users_main \n\t\t\t\t\t\t\tSET \n\t\t\t\t\t\t\t\tLastLogin='******',\n\t\t\t\t\t\t\t\tLastAccess='" . sqltime() . "'";
             $Sql .= "\tWHERE ID='" . db_string($UserID) . "'";
             $DB->query($Sql);
             if (!empty($_COOKIE['redirect'])) {
                 $URL = $_COOKIE['redirect'];
                 setcookie('redirect', '', time() - 60 * 60 * 24, '/', '', false);
                 header('Location: ' . $URL);
Ejemplo n.º 4
0
function get_dir($path, $max_depth = '', $l = 0, $total = '')
{
    if (!is_dir($path)) {
        echo "\nInvalid Path\n";
        return;
    }
    echo "<table border='0' cellpadding='5' cellspacing='0'>";
    $path = substr($path, -1) != "/" ? $path . "/" : $path;
    if (!$l) {
        echo "\n<tr><td colspan='4'>Contents of directory {$path} :</td></tr>\n";
        echo "\n<tr><td>Permissions</td><td>File Size</td><td>File Name</td><td>&nbsp;</td></tr>\n";
        $total = 0;
    }
    if ($max_depth === '' || $max_depth > $l && is_int($max_depth)) {
        $test_depth = true;
    } else {
        $test_depth = false;
    }
    $pre = "";
    $c = $l;
    while ($c--) {
        $pre .= "\t";
    }
    $dir = opendir($path);
    while ($f = readdir($dir)) {
        if ($f == "." || $f == "..") {
            continue;
        }
        $file = $path . $f;
        $size = "";
        if (is_file($file) || !is_dir($file)) {
            $s = filesize($file);
            $total += $s;
            $size = "[ " . fsize($s) . " ]";
        } else {
            $f .= "/";
        }
        while (strlen($size) < 16) {
            $size = " " . $size;
        }
        //       echo "\n".get_permissions(fileperms($file)).$size.$pre."\t".$f;
        //       echo "\n<tr><td>".get_permissions(fileperms($file))."</td><td>".$size.$pre."</td><td>".$f."</td><td><a href=\"upld1/download.php?name=$f&mode=view\">View</a>&nbsp;<a href=\"upld1/download.php?name=$f\">Download</a>&nbsp;<a href=\"$me?mode=delete&name=$f\" onclick=\"return delete_confirm();\">Delete</a></td></tr>";
        echo "\n<tr><td>" . get_permissions(fileperms($file)) . "</td><td>" . $size . $pre . "</td><td>" . $f . "</td><td>";
        switch ($f) {
            case 'download.php':
            case 'dl.php':
            case 'index.php':
                echo "&nbsp;</td></tr>";
                break;
            default:
                echo "<a href=\"{$urlpath}/dl.php?name={$f}&mode=view\">View</a>&nbsp;<a href=\"{$urlpath}/dl.php?name={$f}\">Download</a>&nbsp;<a href=\"{$me}?mode=delete&name={$f}\" onclick=\"return delete_confirm();\">Delete</a></td></tr>";
                break;
        }
        if (is_dir($file) && $test_depth) {
            $total = get_dir($file, $max_depth, $l + 1, $total);
        }
    }
    if (!$l) {
        echo "\n<tr><td colspan='4'>Total size: " . fsize($total) . "</td></tr></table>";
    }
    return $total;
}
Ejemplo n.º 5
0
 function isAllowed($permission, $context_type, $context_id)
 {
     global $cs_url;
     $now = time();
     $permission_manager = null;
     if (array_key_exists(PERMISSION_MANAGER_TAG, $_SESSION)) {
         $permission_manager = $_SESSION[PERMISSION_MANAGER_TAG];
     }
     $permission_manager_timestamp = null;
     if (array_key_exists(PERMISSION_MANAGER_TIMESTAMP_TAG, $_SESSION)) {
         $permission_manager_timestamp = $_SESSION[PERMISSION_MANAGER_TIMESTAMP_TAG];
     }
     $permission_manager_account_id = null;
     if (array_key_exists(PERMISSION_MANAGER_ACCOUNT_ID_TAG, $_SESSION)) {
         $permission_manager_account_id = $_SESSION[PERMISSION_MANAGER_ACCOUNT_ID_TAG];
     }
     //    error_log("SESSION = " . print_r($_SESSION, true));
     //    error_log("PMT = " . $permission_manager_timestamp  . " " . $now);
     if ($permission_manager == null || $permission_manager_account_id != $this->account_id || $now - $permission_manager_timestamp > GeniUser::STALE_PERMISSION_MANAGER_THRESHOLD_SEC) {
         //	error_log("PM = " . $permission_manager . ", " . $this->account_id . ", " . $permission_manager_account_id);
         //	error_log("PMT = " . $permission_manager_timestamp  . " " . $now);
         if ($cs_url == null) {
             $cs_url = get_first_service_of_type(SR_SERVICE_TYPE::CREDENTIAL_STORE);
         }
         $permission_manager = get_permissions($cs_url, $this, $this->account_id);
         $permission_manager_timestamp = $now;
         $permission_manager_account_id = $this->account_id;
         //	error_log("Refreshing permission manager " . $permission_manager_timestamp . " "
         //		  . $permission_manager_account_id . " "
         //		  . print_r($permission_manager, true));
         $_SESSION[PERMISSION_MANAGER_TAG] = $permission_manager;
         $_SESSION[PERMISSION_MANAGER_TIMESTAMP_TAG] = $now;
         $_SESSION[PERMISSION_MANAGER_ACCOUNT_ID_TAG] = $this->account_id;
     }
     //    error_log("PM = " . print_r($permission_manager, true));
     $result = $permission_manager->is_allowed($permission, $context_type, $context_id);
     return $result;
 }
Ejemplo n.º 6
0
    if (($_GET['action'] == 'grant' or $_GET['action'] == 'revoke') and isset($_GET['permission']) and isset($_GET['tool'])) {
        $result_message = store_one_permission('group', $_GET['action'], $group_id, $_GET['tool'], $_GET['permission']);
    }
    if (isset($_GET['role']) and ($_GET['action'] == 'grant' or $_GET['action'] == 'revoke')) {
        $result_message = assign_role('group', $_GET['action'], $group_id, $_GET['role'], $_GET['scope']);
        echo 'hier';
    }
}
if (isset($result_message)) {
    Display::display_normal_message($result_message);
}
// ---------------------------------------------------
// 			RETRIEVING THE PERMISSIONS
// ---------------------------------------------------
$current_group_permissions = array();
$current_group_permissions = get_permissions('group', $group_id);
// @todo current group permissions and current role permissions
// ---------------------------------------------------
//   INHERITED PERMISSIONS (group roles)
// ---------------------------------------------------
$group_course_roles_permissions = get_roles_permissions('group', $group_id, 'course');
$group_platform_roles_permissions = get_roles_permissions('group', $group_id, 'platform');
$inherited_permissions = permission_array_merge($group_course_roles_permissions, $group_platform_roles_permissions);
// ---------------------------------------------------
// 			LIMITED OR FULL
// ---------------------------------------------------
$current_group_permissions = limited_or_full($current_group_permissions);
$inherited_permissions = limited_or_full($inherited_permissions);
if (api_get_setting('permissions') == 'limited') {
    $header_array = $rights_limited;
}
Ejemplo n.º 7
0
/**
* Checks whether the user is allowed in a specific tool for a specific action
* @param $tool the tool we are checking if the user has a certain permission
* @param $action the action we are checking (add, edit, delete, move, visibility)
* @author Patrick Cool <*****@*****.**>, Ghent University
* @author Julio Montoya
* @version 1.0
*/
function api_is_allowed($tool, $action, $task_id = 0)
{
    $_user = api_get_user_info();
    $_course = api_get_course_info();
    if (api_is_course_admin()) {
        return true;
    }
    //if (!$_SESSION['total_permissions'][$_course['code']] and $_course)
    if (is_array($_course) and count($_course) > 0) {
        require_once api_get_path(SYS_CODE_PATH) . 'permissions/permissions_functions.inc.php';
        // Getting the permissions of this user.
        if ($task_id == 0) {
            $user_permissions = get_permissions('user', $_user['user_id']);
            $_SESSION['total_permissions'][$_course['code']] = $user_permissions;
        }
        // Getting the permissions of the task.
        if ($task_id != 0) {
            $task_permissions = get_permissions('task', $task_id);
            /* !!! */
            $_SESSION['total_permissions'][$_course['code']] = $task_permissions;
        }
        //print_r($_SESSION['total_permissions']);
        // Getting the permissions of the groups of the user
        //$groups_of_user = GroupManager::get_group_ids($_course['db_name'], $_user['user_id']);
        //foreach($groups_of_user as $group)
        //   $this_group_permissions = get_permissions('group', $group);
        // Getting the permissions of the courseroles of the user
        $user_courserole_permissions = get_roles_permissions('user', $_user['user_id']);
        // Getting the permissions of the platformroles of the user
        //$user_platformrole_permissions = get_roles_permissions('user', $_user['user_id'], ', platform');
        // Getting the permissions of the roles of the groups of the user
        //foreach($groups_of_user as $group)
        //    $this_group_courserole_permissions = get_roles_permissions('group', $group);
        // Getting the permissions of the platformroles of the groups of the user
        //foreach($groups_of_user as $group)
        //    $this_group_platformrole_permissions = get_roles_permissions('group', $group, 'platform');
    }
    // If the permissions are limited, we have to map the extended ones to the limited ones.
    if (api_get_setting('permissions') == 'limited') {
        if ($action == 'Visibility') {
            $action = 'Edit';
        }
        if ($action == 'Move') {
            $action = 'Edit';
        }
    }
    // The session that contains all the permissions already exists for this course
    // so there is no need to requery everything.
    //my_print_r($_SESSION['total_permissions'][$_course['code']][$tool]);
    if (is_array($_SESSION['total_permissions'][$_course['code']][$tool])) {
        if (in_array($action, $_SESSION['total_permissions'][$_course['code']][$tool])) {
            return true;
        } else {
            return false;
        }
    }
}
Ejemplo n.º 8
0
// If not table ID, get ID from name
if ($_GET['table'] || $_GET['table'] == 0) {
    $table_id = array_search($_GET['table'], $tables) !== false ? array_search($_GET['table'], $tables) : $_GET['table'];
    $table_rows = get_rows($table_id);
    //print_r($table_rows);
}
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// If nothing is found...
if (!$table_rows) {
    $_SESSION['alert'] = "no_such_table_" . addslashes($_GET['table']);
    header("Location: " . CMS_INSTALL_PATH . "tables.php");
    die;
}
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Check Permissions
$allow = get_permissions($table_rows['name']);
if (!$allow['view']) {
    $_SESSION['alert'] = "permissions_view";
    header("Location: " . CMS_INSTALL_PATH . "tables.php");
    die;
}
// Disable Reordering if more than X items
if (count($table_rows['rows']) > MAX_TABLE_REORDERABLE_ITEMS) {
    $allow['reorder'] = false;
}
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Get browse rows (Loop through all items in this table)
function show_browse_rows()
{
    global $dbh;
    global $table_rows;
Ejemplo n.º 9
0
function step_2($lang)
{
    require './samsclass.php';
    $langmodule = "./lang/lang.{$lang}";
    require $langmodule;
    $SAMSConf = new MAINCONF();
    print "<INPUT TYPE=\"HIDDEN\" NAME=\"step\" value=\"3\">\n";
    print "<INPUT TYPE=\"HIDDEN\" NAME=\"lang\" value=\"{$lang}\">\n";
    print "<H2 ALIGN=\"CENTER\">{$setup_5}</H2>\n";
    echo "<INPUT CLASS=\"button\" TYPE=\"button\" onclick=\"window.location=window.location\" VALUE=\"{$setup_18}\">\n";
    print "<H4>{$setup_6}</H4>\n";
    echo "<TABLE WIDTH=80%>\n";
    echo "<H3><FONT COLOR=BLUE>{$setup_19}:</FONT></H3>\n";
    if (get_permissions("data/test.txt", "w", $setup_7, $lang) == 0) {
        echo "<BR><font color=red> {$setup_8}</font>";
        echo "<BR>{$setup_9}";
    }
    echo "</TABLE>";
    echo "<H3><FONT COLOR=BLUE>{$setup_21}:</FONT></H3>";
    echo "<TABLE WIDTH=80%>";
    if ($SAMSConf->DB_ENGINE == "MySQL") {
        get_php_function("mysql_connect", $setup_24, $lang);
    }
    if ($SAMSConf->DB_ENGINE == "PostgreSQL") {
        get_php_function("pg_connect", $setup_35, $lang);
    }
    get_php_function("gzopen", $setup_22, $lang);
    get_php_function("imagecreatetruecolor", $setup_23, $lang);
    echo "</TABLE>";
    echo "<H3><FONT COLOR=BLUE>{$setup_20}:</FONT></H3>";
    echo "<TABLE WIDTH=90%>";
    echo "<TR>";
    echo "<TD WIDTH=30%><B>{$setup_31}</B>";
    echo "<TD WIDTH=35%><B>{$setup_29}</B>";
    echo "<TD WIDTH=35%><B>{$setup_30}</B>";
    echo "<TR>";
    echo "<TD WIDTH=50%><B>safe_mode</B>";
    echo "<TD>on";
    if (function_exists('ini_get')) {
        $safe_switch = @ini_get("safe_mode") ? 1 : 0;
    }
    if ($safe_switch == 0) {
        echo "<TD><font color=RED>off</b></font>";
    } else {
        echo "<TD><font color=GREEN>on</b></font>";
        $safe_mode_exec_dir = @ini_get("safe_mode_exec_dir") ? 1 : 0;
        $safe_mode_exec_dir_path = @ini_get("safe_mode_exec_dir");
        $real_path = realpath(".");
        echo "<TR>";
        echo "<TD WIDTH=50%><B>safe_mode_exec_dir</B>";
        echo "<TD>{$real_path}/bin";
        if ($safe_mode_exec_dir == 0) {
            echo "<TD><font color=RED>{$setup_28}</b></font>";
        } else {
            if ($safe_mode_exec_dir_path == "{$real_path}/bin") {
                echo "<TD><font color=GREEN>{$safe_mode_exec_dir_path}</b></font>";
            } else {
                echo "<TD><font color=RED>{$safe_mode_exec_dir_path}</b></font>";
            }
        }
        echo "<TR>";
        echo "<TD><TD COLSPAN=2>{$setup_40}";
        $disable_functions = @ini_get("disable_functions") ? 1 : 0;
        $disable_functions_names = @ini_get("disable_functions");
        echo "<TR>";
        echo "<TD WIDTH=50%><B>disable_functions</B>";
        echo "<TD>{$setup_41} <B>exec</B>";
        if (strstr($disable_functions_names, ",exec")) {
            echo "<TD><font color=RED>disable_functions= " . str_replace(",", ", ", $disable_functions_names) . "</b></font>";
        } else {
            echo "<TD><font color=GREEN>disable_functions= " . str_replace(",", ", ", $disable_functions_names) . "</b></font>";
        }
        //		echo "<TR>";
        //		echo "<TD><TD COLSPAN=2>$setup_40";
    }
    echo "</TABLE>\n";
}
Ejemplo n.º 10
0
     echo "<td></td>";
 }
 $fileowner = "";
 $filegroup = "";
 if (is_executable($dir) && installed_php("fileowner") && installed_php("filegroup")) {
     $fileowner = fileowner($curr_dir);
     $filegroup = filegroup($curr_dir);
     if (installed_php("posix_getpwuid")) {
         $fileowner = posix_getpwuid($fileowner)["name"];
         $filegroup = posix_getgrgid($filegroup)["name"];
     }
 }
 echo "<td>{$fileowner}</td>";
 echo "<td>{$filegroup}</td>";
 if (is_executable($dir)) {
     echo "<td>" . get_permissions($curr_dir) . "</td>";
 } else {
     echo "<td></td>";
 }
 echo "<td>";
 if (is_dir($curr_dir)) {
     //for directories only
     if (is_readable($curr_dir)) {
         echo "\n\t\t\t\t\t\t\t<form style='font-color=;display:inline;' action='#File Manager' method='post'>\n\t\t\t\t\t\t\t\t<input type='hidden' name='zip' value='" . xor_this($curr_dir) . "'/>\n\t\t\t\t\t\t\t\t<input type='hidden' name='dir' value='" . xor_this($dir) . "' />\n\t\t\t\t\t\t\t\t<input type='submit' class='a_button' value='Zip'/>\n\t\t\t\t\t\t\t</form>";
     }
 } else {
     //for files only
     if (is_readable($curr_dir)) {
         echo "\n\t\t\t\t\t\t\t<form style='font-color=;display:inline;' action='#File Manager' method='post'>\n\t\t\t\t\t\t\t\t<input type='hidden' name='download' value='" . xor_this($curr_dir) . "'/>\n\t\t\t\t\t\t\t\t<input type='submit' class='a_button' value='Download'/>\n\t\t\t\t\t\t\t</form>";
     }
     if (is_readable($curr_dir) && is_writable($curr_dir)) {
Ejemplo n.º 11
0
 get_token();
 check_permissions($_SESSION['admin_purview'], "reward_check_list");
 require_once QISHI_ROOT_PATH . 'include/page.class.php';
 $wheresql = " WHERE 1=1 ";
 $oederbysql = " order BY addtime DESC ";
 if ($_GET['status'] != "") {
     //未分配
     $consultant = intval($_GET['status']);
     if ($consultant == "0") {
         $wheresql .= " AND  m.member_id is null";
     } elseif ($consultant == "1") {
         $wheresql .= " AND m.member_id <> null";
     }
 }
 //分配权限
 $assign = get_permissions($_SESSION['admin_purview'], "reward_check_list_assign");
 if (!$assign) {
     $wheresql .= " AND c.admin_id = " . $_SESSION["admin_id"];
 }
 $total_sql = "SELECT COUNT(*) AS num FROM " . table('jobs_reward_clue') . " as m " . $wheresql;
 $total_val = $db->get_total($total_sql);
 $page = new page(array('total' => $total_val, 'perpage' => $perpage, 'getarray' => $_GET));
 $currenpage = $page->nowindex;
 $offset = ($currenpage - 1) * $perpage;
 $member = get_clue_check_list($offset, $perpage, $wheresql . $oederbysql);
 $admin = $db->getall("select * from " . table("admin") . " where admin_id!=1 order by admin_id");
 $smarty->assign('admin', $admin);
 $smarty->assign('pageheader', "人才线索");
 $smarty->assign('member', $member);
 $smarty->assign('page', $page->show(3));
 $smarty->assign("assign", $assign);
Ejemplo n.º 12
0
if ($ssl_admin_order_details && strlen($secure_url)) {
    $order_details_site_url = $admin_secure_url;
} else {
    $order_details_site_url = $admin_site_url;
}
if ($ssl_admin_orders_pages && strlen($secure_url)) {
    $orders_pages_site_url = $admin_secure_url;
} else {
    $orders_pages_site_url = $admin_site_url;
}
if ($secure_admin_order_create && strlen($secure_url)) {
    $admin_order_call_url = $admin_secure_url . "admin_order_call.php";
} else {
    $admin_order_call_url = $admin_site_url . "admin_order_call.php";
}
$permissions = get_permissions();
//BEGIN product privileges changes
$products_categories_perm = get_setting_value($permissions, "products_categories", 0);
$products_settings_perm = get_setting_value($permissions, "products_settings", 0);
$product_types_perm = get_setting_value($permissions, "product_types", 0);
$manufacturers_perm = get_setting_value($permissions, "manufacturers", 0);
$features_groups_perm = get_setting_value($permissions, "features_groups", 0);
$products_reviews_perm = get_setting_value($permissions, "products_reviews", 0);
$products_report_perm = get_setting_value($permissions, "product_report", 0);
$shipping_methods_perm = get_setting_value($permissions, "shipping_methods", 0);
$shipping_times_perm = get_setting_value($permissions, "shipping_times", 0);
$shipping_rules_perm = get_setting_value($permissions, "shipping_rules", 0);
$downloadable_products_perm = get_setting_value($permissions, "downloadable_products", 0);
$coupons_perm_perm = get_setting_value($permissions, "coupons", 0);
$saved_types_perm = get_setting_value($permissions, "saved_types", 0);
$advanced_search_perm = get_setting_value($permissions, "advanced_search", 0);
Ejemplo n.º 13
0
<?php

authorize();
$UserID = $_REQUEST['userid'];
if (!is_number($UserID)) {
    error(404);
}
//if($LoggedUser['ID']==1) die($_POST['countrySelect']);
//For the entire of this page we should in general be using $UserID not $LoggedUser['ID'] and $U[] not $LoggedUser[]
$U = user_info($UserID);
if (!$U) {
    error(404);
}
$Permissions = get_permissions($U['PermissionID']);
if ($UserID != $LoggedUser['ID'] && !check_perms('users_edit_profiles', $Permissions['Class'])) {
    send_irc("PRIVMSG " . ADMIN_CHAN . " :User " . $LoggedUser['Username'] . " (http://" . NONSSL_SITE_URL . "/user.php?id=" . $LoggedUser['ID'] . ") just tried to edit the profile of http://" . NONSSL_SITE_URL . "/user.php?id=" . $_REQUEST['userid']);
    error(403);
}
$Val->SetFields('stylesheet', 1, "number", "You forgot to select a stylesheet.");
$Val->SetFields('styleurl', 0, "regex", "You did not enter a valid stylesheet url.", array('regex' => '/^https?:\\/\\/(localhost(:[0-9]{2,5})?|[0-9]{1,3}(\\.[0-9]{1,3}){3}|([a-zA-Z0-9\\-\\_]+\\.)+([a-zA-Z]{1,5}[^\\.]))(:[0-9]{2,5})?(\\/[^<>]+)+\\.css$/i'));
$Val->SetFields('disablegrouping', 1, "number", "You forgot to select your torrent grouping option.", array('minlength' => 0, 'maxlength' => 1));
$Val->SetFields('torrentgrouping', 1, "number", "You forgot to select your torrent grouping option.", array('minlength' => 0, 'maxlength' => 1));
$Val->SetFields('discogview', 1, "number", "You forgot to select your discography view option.", array('minlength' => 0, 'maxlength' => 1));
$Val->SetFields('postsperpage', 1, "number", "You forgot to select your posts per page option.", array('inarray' => array(25, 50, 100)));
$Val->SetFields('hidecollage', 1, "number", "You forgot to select your collage option.", array('minlength' => 0, 'maxlength' => 1));
$Val->SetFields('showtags', 1, "number", "You forgot to select your show tags option.", array('minlength' => 0, 'maxlength' => 1));
$Val->SetFields('avatar', 0, "regex", "You did not enter a valid avatar url.", array('regex' => "/^" . IMAGE_REGEX . "\$/i"));
$Val->SetFields('email', 1, "email", "You did not enter a valid email address.");
$Val->SetFields('irckey', 0, "string", "You did not enter a valid IRCKey, must be between 6 and 32 characters long.", array('minlength' => 6, 'maxlength' => 32));
$Val->SetFields('cur_pass', 0, "string", "You did not enter a valid password, must be between 6 and 40 characters long.", array('minlength' => 6, 'maxlength' => 40));
$Val->SetFields('new_pass_1', 0, "string", "You did not enter a valid password, must be between 6 and 40 characters long.", array('minlength' => 6, 'maxlength' => 40));
Ejemplo n.º 14
0
Archivo: acl.php Proyecto: ydhl/yangzie
 private function _check_role_permission($aroname, $aconame)
 {
     if (!trim($aroname)) {
         return false;
     }
     if (function_exists("get_permissions")) {
         $perm = get_permissions($aroname);
     } else {
         $perm = @$this->acos_aros[$aconame];
     }
     if (is_array(@$perm["deny"])) {
         //配置了拒绝项
         $denys = $this->_in_array($aroname, $perm["deny"]);
         //拒绝当前ARO
         if ($denys) {
             //拒绝当前ACO的所有action
             return false;
         }
     }
     if (is_array(@$perm["allow"])) {
         //允许当前ACO
         $allow = $this->_in_array($aroname, $perm["allow"]);
         //允许当前ARO
         if ($allow) {
             //允许当前ACO的所有action
             return true;
         }
     }
     if (@$perm["deny"] == "*") {
         return false;
     }
     //拒绝优先
     if (@$perm["allow"] == "*") {
         return true;
     }
     //允许所有
     if ($aroname == "/") {
         return false;
     }
     //都没找到
     $aronames = explode("/", $aroname);
     array_pop($aronames);
     $aroname = count($aronames) == 1 ? "/" : join("/", $aronames);
     return $this->_check_role_permission($aroname, $aconame, $matched_aco);
 }
Ejemplo n.º 15
0
	//$LoggedUser['RatioWatch'] as a bool to disable things for users on Ratio Watch
	$LoggedUser['RatioWatch'] = (
		$LoggedUser['RatioWatchEnds'] != '0000-00-00 00:00:00' &&
		time() < strtotime($LoggedUser['RatioWatchEnds']) &&
		($LoggedUser['BytesDownloaded']*$LoggedUser['RequiredRatio'])>$LoggedUser['BytesUploaded']
	);

	// Manage 'special' inherited permissions
	if($LoggedUser['Artist']) {
		$ArtistPerms = get_permissions(ARTIST);
	} else {
		$ArtistPerms['Permissions'] = array();
	}

	if($LoggedUser['Donor']) {
		$DonorPerms = get_permissions(DONOR);
	} else {
		$DonorPerms['Permissions'] = array();
	}

	if(is_array($LoggedUser['CustomPermissions'])) {
		$CustomPerms = $LoggedUser['CustomPermissions'];
	} else {
		$CustomPerms = array();
	}

	$LoggedUser['Permissions'] = array_merge($LoggedUser['Permissions'], $DonorPerms['Permissions'], $ArtistPerms['Permissions'], $CustomPerms);
	
	// Because we <3 our staff
	if (check_perms('site_disable_ip_history')) { $_SERVER['REMOTE_ADDR'] = '127.0.0.1'; }
Ejemplo n.º 16
0
function phpraid_login()
{
    global $db_raid, $phpraid_config;
    global $db_user_id, $db_user_name, $db_user_email, $db_user_password, $table_prefix, $db_table_user_name;
    $username = $password = "";
    if (isset($_POST['username'])) {
        // User is logging in, set encryption flag to 0 to identify login with plain text password.
        $pwdencrypt = FALSE;
        $username = mb_strtolower(scrub_input($_POST['username']), "UTF-8");
        $password = $_POST['password'];
    } elseif (isset($_COOKIE['username']) && isset($_COOKIE['password'])) {
        // User is not logging in but processing cooking, set encryption flag to 1 to identify login with encrypted password.
        $pwdencrypt = TRUE;
        $username = mb_strtolower(scrub_input($_COOKIE['username']), "UTF-8");
        $password = $_COOKIE['password'];
    } else {
        phpraid_logout();
    }
    $sql = "SELECT * FROM " . $phpraid_config['db_prefix'] . "profile";
    $sql = sprintf("SELECT " . $db_user_id . " , " . $db_user_name . " , " . $db_user_email . " , " . $db_user_password . " FROM " . $table_prefix . $db_table_user_name . " WHERE " . $db_user_name . " = %s", quote_smart($username));
    $result = $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
    while ($data = $db_raid->sql_fetchrow($result, true)) {
        if ($username == mb_strtolower($data[$db_user_name], "UTF-8") && ($cmspass = password_check($password, $data[$db_user_id], $pwdencrypt))) {
            // User is properly logged in and is allowed to use WRM, go ahead and process his login.
            $autologin = scrub_input($_POST['autologin']);
            if (isset($autologin)) {
                // they want automatic logins so set the cookie
                // set to expire in one month
                setcookie('username', $data[$db_user_name], time() + 2629743);
                setcookie('password', $cmspass, time() + 2629743);
            }
            // set user profile variables
            $_SESSION['username'] = mb_strtolower($data[$db_user_name], "UTF-8");
            $_SESSION['session_logged_in'] = 1;
            $_SESSION['profile_id'] = $data[$db_user_id];
            $_SESSION['email'] = $data[$db_user_email];
            // get user permissions
            get_permissions();
            // ********************
            // * NOTE * IUMS Auth does not do profile checking like external bridges do.
            // ********************
            /* if($phpraid_config['default_group'] != 'nil')
            				$user_priv = $phpraid_config['default_group'];
            			else
            				$user_priv = '0'; */
            // User is all logged in and setup, the session is initialized properly.  Now we need to create the users
            //    profile in the WRM database if it does not already exist.
            /* $sql = sprintf("SELECT * FROM " . $phpraid_config['db_prefix'] . "profile WHERE profile_id = %s",
            							quote_smart($_SESSION['profile_id'])
            					);
            			$result = $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
            			if ($data = $db_raid->sql_fetchrow($result))
            			{*/
            //We found the profile in the database, update.
            /*	$sql = sprintf(	"UPDATE " . $phpraid_config['db_prefix'] . "profile ".
            								" SET email = %s, password = %s, last_login_time = %s WHERE profile_id = %s",
            							quote_smart($_SESSION['email']),quote_smart($wrmuserpassword),
            							quote_smart(time()),quote_smart($_SESSION['profile_id'])
            						);
            				$db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
            			}
            			else
            			{
            				//Profile not found in the database or DB Error, insert.
            				$sql = sprintf("INSERT INTO " . $phpraid_config['db_prefix'] . "profile VALUES (%s, %s, %s, %s, %s, %s)",
            							quote_smart($_SESSION['profile_id']), quote_smart($_SESSION['email']), quote_smart($wrmuserpassword),
            							quote_smart($user_priv), quote_smart(strtolower($_SESSION['username'])), quote_smart(time())
            						);
            				$db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
            			}*/
            $sql = sprintf("UPDATE " . $phpraid_config['db_prefix'] . "profile SET last_login_time=%s WHERE profile_id=%s", quote_smart(time()), quote_smart($_SESSION['profile_id']));
            $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
            //security fix
            unset($username);
            unset($password);
            unset($cmspass);
            return 1;
        }
    }
    return 0;
}
Ejemplo n.º 17
0
function get_permissions_for_user($UserID, $CustomPermissions = false)
{
    global $DB;
    $UserInfo = user_info($UserID);
    if ($CustomPermissions === false) {
        $DB->query('SELECT um.CustomPermissions FROM users_main AS um WHERE um.ID = ' . (int) $UserID);
        list($CustomPermissions) = $DB->next_record(MYSQLI_NUM, false);
    }
    if (!empty($CustomPermissions) && !is_array($CustomPermissions)) {
        $CustomPermissions = unserialize($CustomPermissions);
    }
    $Permissions = get_permissions($UserInfo['PermissionID']);
    // Manage 'special' inherited permissions
    if ($UserInfo['Artist']) {
        $ArtistPerms = get_permissions(ARTIST);
    } else {
        $ArtistPerms = array('Permissions' => array());
    }
    if ($UserInfo['Donor']) {
        $DonorPerms = get_permissions(DONOR);
    } else {
        $DonorPerms = array('Permissions' => array());
    }
    if (!empty($CustomPermissions)) {
        $CustomPerms = $CustomPermissions;
    } else {
        $CustomPerms = array();
    }
    //Combine the permissions
    return array_merge($Permissions['Permissions'], $DonorPerms['Permissions'], $ArtistPerms['Permissions'], $CustomPerms, array('MaxCollages' => $MaxCollages));
}
Ejemplo n.º 18
0
    }
}
// course roles
$all_roles = get_all_roles();
foreach ($all_roles as $role) {
    echo '<div><a href="roles.php?action=view&amp;role_id=' . $role['role_id'] . '">' . $role['role_name'] . '</a><a href="roles.php?action=delete&amp;role_id=' . $role['role_id'] . '"><img src="../img/delete.gif" /></a></div>';
    echo '<div>' . $role['role_comment'] . '</div><br />';
    if ($role['role_id'] == $_GET['role_id']) {
        $current_role_info = $role;
    }
}
// ===================================================
// 		DISPLAYING THE PERMISSIONS OF A GIVEN ROLE
// ===================================================
if ($_GET['role_id']) {
    $current_role_permissions = get_permissions('role', $_GET['role_id']);
    // ---------------------------------------------------
    // 			LIMITED OR FULL
    // ---------------------------------------------------
    $current_role_permissions = limited_or_full($current_role_permissions);
    if (api_get_setting('permissions') == 'limited') {
        $header_array = $rights_limited;
    }
    if (api_get_setting('permissions') == 'full') {
        $header_array = $rights_full;
    }
    // ---------------------------------------------------
    // 			DISPLAYING THE MATRIX
    // ---------------------------------------------------
    echo "<form method=\"post\" action=\"" . str_replace('&', '&amp;', $_SERVER['REQUEST_URI']) . "\">";
    // the list of the roles for the user
Ejemplo n.º 19
0
<?php

include 'functions.php';
session_start();
if (!isset($_SESSION['ID'])) {
    header('Location: /index.php');
}
if (isset($_GET['id'])) {
    $permissions = get_permissions($_SESSION['ID'], $_GET['id']);
    if ($permissions == 3 || $permissions == 2) {
        show('document_editor', null, null);
        $document = get_document($_GET['id']);
        echo '
                <form class="basic-grey-e" action="./document_editor.php?id=' . $_GET['id'] . '" name="save_doc" method="post">
                <a class="basic-grey-text" href="./documents.php">Вернуться к документам</a>
                <input type="text" id="title" name="title"></br>

                <textarea class="basic-grey-e" name="body" id="body"></textarea></br>
                <input type="submit" name="save_doc" value="Сохранить документ">
                <a class="basic-grey-text" href="./document_editor.php?id=' . $document['ID'] . '&sign=' . $document['ID'] . '">Подписать документ</a>
                <a class="basic-grey-text" href="./contributors.php?document_id=' . $document['ID'] . '">Настроить доступ сотрудников к документу</a>
            </form>';
        set_element_value('title', $document['TITLE']);
        set_element_value('body', $document['BODY']);
        if (isset($_POST['save_doc'])) {
            $title = $_POST['title'];
            $body = $_POST['body'];
            if ($title !== '' && $body !== '') {
                edit_document($title, $body, $document['ID'], null);
            }
        }
Ejemplo n.º 20
0
                                        </select>
                                    </div>
                                </div>

                                <div class="form-group">
                                    <label for="permission" class="col-sm-3 control-label"><?php 
echo tr('_GLOBAL_permission_');
?>
</label>
                                    <div class="col-sm-5">
                                        <select name="permission" id="permission" class="form-control" <?php 
echo $data['user']['id'] == user('uID') ? 'disabled="disabled"' : '';
?>
>
					    <?php 
foreach (get_permissions() as $permission_id => $permission) {
    ?>
    					    <option value="<?php 
    echo $permission_id;
    ?>
" <?php 
    echo set_select('permission', $permission_id, $permission_id == $data['user']['permission_id']);
    ?>
 ><?php 
    echo $permission;
    ?>
</option>
					    <?php 
}
?>
					    <?php 
    }
}
if (isset($result_message)) {
    Display::display_normal_message($result_message);
}
// ---------------------------------------------------
// 			RETRIEVING THE PERMISSIONS OF THE USER
// ---------------------------------------------------
$current_user_permissions = array();
$current_user_permissions = get_permissions('user', $user_id);
//   INHERITED PERMISSIONS (group permissions, user roles, group roles)
// 			RETRIEVING THE PERMISSIONS OF THE GROUPS OF THE USER
$groups_of_user = array();
$groups_of_user = GroupManager::get_group_ids($_course['real_id'], $user_id);
foreach ($groups_of_user as $group) {
    $this_group_permissions = get_permissions('group', $group);
    foreach ($this_group_permissions as $tool => $permissions) {
        foreach ($permissions as $permission) {
            $inherited_group_permissions[$tool][] = $permission;
        }
    }
}
$inherited_permissions = $inherited_group_permissions;
// 			RETRIEVING THE PERMISSIONS OF THE ROLES OF THE USER
if (api_get_setting('user_roles') == 'true') {
    // course roles that are assigned to the user
    $current_user_role_permissions_of_user = get_roles_permissions('user', $user_id);
    $inherited_permissions = permission_array_merge($inherited_permissions, $current_user_role_permissions_of_user);
    // NOTE: deze array moet nog gemerged worden met de $inherited_permissions array
    // (heet momenteel nog $current_group_permissions_of_user omdat voorlopig enkel de
    // groepsge�rfde permissions in beschouwing worden genomen
Ejemplo n.º 22
0
function phpraid_login()
{
    global $db_user_id, $db_group_id, $db_user_name, $db_user_email, $db_user_password, $db_table_user_name;
    global $db_table_group_name, $auth_user_class, $auth_alt_user_class, $table_prefix, $db_raid, $phpraid_config;
    $username = $password = "";
    if (isset($_POST['username'])) {
        // User is logging in, set encryption flag to 0 to identify login with plain text password.
        $pwdencrypt = FALSE;
        $username = mb_strtolower(scrub_input($_POST['username']), "UTF-8");
        $password = $_POST['password'];
        $wrmpass = md5($_POST['password']);
    } elseif (isset($_COOKIE['username']) && isset($_COOKIE['password'])) {
        // User is not logging in but processing cooking, set encryption flag to 1 to identify login with encrypted password.
        $pwdencrypt = TRUE;
        $username = mb_strtolower(scrub_input($_COOKIE['username']), "UTF-8");
        $password = $_COOKIE['password'];
        $wrmpass = '';
    } else {
        phpraid_logout();
    }
    // from site/page/.. change pwd (testing)
    //if(isset($_POST['username2'])){
    //	$username = scrub_input(strtolower($_POST['username2']));
    //$password = $pwd_hasher->HashPassword($_POST['password2']);
    //	$password = md5($_POST['password2']);
    //}
    //database
    $sql = sprintf("SELECT " . $db_user_id . "," . $db_user_name . "," . $db_user_email . "," . $db_user_password . " FROM " . $table_prefix . $db_table_user_name . " WHERE " . $db_user_name . " = %s", quote_smart($username));
    $result = $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
    //WRM database
    //$sql = sprintf("SELECT username, password FROM " . $phpraid_config['db_prefix'] . "profile WHERE username = %s",
    //				quote_smart($username)
    //		);
    //$result2 = $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
    //if ($data2 = $db_raid->sql_fetchrow($result2))
    //{
    //	$wrmuserpassword = $data2['password'];
    //}
    while ($data = $db_raid->sql_fetchrow($result, true)) {
        //$testVal = password_check($password, $data[$db_user_id]);
        //echo "<br>Processing: " . $data[$db_user_name] . " : Password Check: " . $testVal;
        if ($username == mb_strtolower($data[$db_user_name], "UTF-8") && ($cmspass = password_check($password, $data[$db_user_id], $pwdencrypt))) {
            // The user has a matching username and proper password in the phpbb database.
            // We need to validate the users group.  If it does not contain the user group that has been set as
            //	authorized to use WRM, we need to fail the login with a proper message.
            if ($auth_user_class != 0) {
                $FoundUserInGroup = FALSE;
                $sql = sprintf("SELECT " . $db_user_id . "," . $db_group_id . " FROM " . $table_prefix . $db_table_group_name . " WHERE " . $db_user_id . " = %s", quote_smart($data[$db_user_id]));
                $resultgroup = $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
                while ($datagroup = $db_raid->sql_fetchrow($resultgroup, true)) {
                    if ($datagroup[$db_group_id] == $auth_user_class or $datagroup[$db_group_id] == $auth_alt_user_class) {
                        $FoundUserInGroup = TRUE;
                    }
                }
                if ($FoundUserInGroup == FALSE) {
                    phpraid_logout();
                    return -1;
                }
            }
            // User is properly logged in and is allowed to use WRM, go ahead and process his login.
            $autologin = scrub_input($_POST['autologin']);
            if (isset($autologin)) {
                // they want automatic logins so set the cookie
                // set to expire in one month
                setcookie('username', $data[$db_user_name], time() + 2629743);
                setcookie('password', $cmspass, time() + 2629743);
            }
            // set user profile variables
            $_SESSION['username'] = mb_strtolower($data[$db_user_name], "UTF-8");
            $_SESSION['session_logged_in'] = 1;
            $_SESSION['profile_id'] = $data[$db_user_id];
            $_SESSION['email'] = $data[$db_user_email];
            if ($phpraid_config['default_group'] != 'nil') {
                $user_priv = $phpraid_config['default_group'];
            } else {
                $user_priv = '0';
            }
            // User is all logged in and setup, the session is initialized properly.  Now we need to create the users
            //    profile in the WRM database if it does not already exist.
            $sql = sprintf("SELECT * FROM " . $phpraid_config['db_prefix'] . "profile WHERE profile_id = %s", quote_smart($_SESSION['profile_id']));
            $result = $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
            if ($data = $db_raid->sql_fetchrow($result)) {
                //We found the profile in the database, update.
                if ($wrmpass != '') {
                    $sql = sprintf("UPDATE " . $phpraid_config['db_prefix'] . "profile SET email = %s, password = %s, last_login_time = %s WHERE profile_id = %s", quote_smart($_SESSION['email']), quote_smart($wrmpass), quote_smart(time()), quote_smart($_SESSION['profile_id']));
                } else {
                    $sql = sprintf("UPDATE " . $phpraid_config['db_prefix'] . "profile SET email = %s, last_login_time = %s WHERE profile_id = %s", quote_smart($_SESSION['email']), quote_smart(time()), quote_smart($_SESSION['profile_id']));
                }
                $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
            } else {
                //Profile not found in the database or DB Error, insert.
                $sql = sprintf("INSERT INTO " . $phpraid_config['db_prefix'] . "profile VALUES (%s, %s, %s, %s, %s, %s)", quote_smart($_SESSION['profile_id']), quote_smart($_SESSION['email']), quote_smart($wrmpass), quote_smart($user_priv), quote_smart(mb_strtolower($_SESSION['username'], "UTF-8")), quote_smart(time()));
                $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
            }
            get_permissions();
            //security fix
            unset($username);
            unset($password);
            unset($cmspass);
            unset($wrmpass);
            return 1;
        }
    }
    return 0;
}
Ejemplo n.º 23
0
if ($_GET['table'] || $_GET['table'] == 0) {
    // If not table ID, get table ID from name
    $table_id = array_search($_GET['table'], $tables) !== false ? array_search($_GET['table'], $tables) : $_GET['table'];
    // Bypass getting item data if we're creating a new item
    $get_id = isset($_GET['item']) ? $_GET['item'] : 'bypass';
    // Get table and row data
    $table_rows = get_rows($table_id, $get_id);
    // Set cleaned variables
    $table = $table_rows['name'];
    $id = $table_rows['item_id'];
    // New or Edit
    $has_id = is_numeric($id) && $id > 0 ? true : false;
}
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Get restrictions (If you shouldnt be here, redirect and warn)
$allow = get_permissions($table);
if (!$allow['view'] || $table_id === false) {
    $_SESSION['alert'] = "permissions_view";
    header("Location: " . CMS_INSTALL_PATH . "tables.php");
    die;
}
if (!$allow['edit'] && $has_id) {
    $_SESSION['alert'] = "permissions_edit";
    header("Location: " . CMS_INSTALL_PATH . "tables.php");
    die;
}
if (!$allow['add'] && !$has_id) {
    $_SESSION['alert'] = "permissions_add";
    header("Location: " . CMS_INSTALL_PATH . "tables.php");
    die;
}
Ejemplo n.º 24
0
echo "\t\t<th align='center'>" . get_lang('Edit') . "</th>\n";
echo "\t\t<th align='center'>" . get_lang('Rate') . "</th>\n";
echo "\t\t<th align='center'>" . get_lang('Add') . "</th>\n";
echo "\t\t<th align='center'>" . get_lang('Delete') . "</th>\n";
echo "\t\t<th align='center'>" . get_lang('Rate') . "</th>\n";
echo "\t\t<th align='center'>" . get_lang('Tasks') . "</th>\n";
echo "\t\t<th align='center'>" . get_lang('Members') . "</th>\n";
echo "\t\t<th align='center'>" . get_lang('Roles') . "</th>\n";
echo "\t</tr>\n";
// the main area with the checkboxes or images
foreach ($blog_users as $user_id => $user_name) {
    // ---------------------------------------------------
    // 			RETRIEVING THE PERMISSIONS OF THE USER
    // ---------------------------------------------------
    $current_user_permissions = array();
    $current_user_permissions = get_permissions('user', $user_id);
    echo "\t<tr>\n";
    echo "\t\t<td>\n";
    echo $user_name;
    echo "\t\t</td>\n";
    foreach ($rights_full as $key => $value) {
        echo "\t\t<td align='center'>\n";
        if (in_array($value, $rights_blog)) {
            display_image_matrix_for_blogs($current_user_permissions, $user_id, 'BLOG_' . $blog_id, $value, $inherited_permissions, $course_admin);
        }
        // note: in a later stage this part will be replaced by a function
        // so that we can easily switch between a checkbox approach or an image approach
        // where every click is in fact a change of status. In the checkbox approach you first have to
        // do the changes and then store them by clicking the submit button.
        echo "\t\t</td>\n";
    }
Ejemplo n.º 25
0
    exit;
}
global $current_action;
$current_action = 'edit';
if (isset($_POST['update'])) {
    if (edit_permissions($_GET['type'], $_POST, $_GET['id'])) {
        global $edited;
        $edited = 1;
        MAD_Admin_Redirect::redirect('permission_management.php?edited=1&id=' . $_GET['id'] . '&type=' . $_GET['type'] . '');
    } else {
        global $edited;
        $edited = 2;
    }
}
if ($edited != 2) {
    $editdata = get_permissions($_GET['type'], $_GET['id']);
}
switch ($_GET['type']) {
    case 'group':
        $tt = 'Group';
        $group_detail = get_group_detail($_GET['id']);
        $tt_det = $group_detail['group_name'];
        break;
    case 'user':
        $tt = 'User';
        $usr_detail = get_user_detail($_GET['id']);
        $tt_det = $usr_detail['first_name'] . ' ' . $usr_detail['last_name'];
        break;
}
require_once MAD_PATH . '/www/cp/templates/header.tpl.php';
?>