public function index($context = null) { // Get a list of modules with a controller matching // $context ('content', 'appearance', 'settings', 'statistics', or 'developer') foreach (module_list() as $module) { if (module_controller_exists($context, $module)) { $this->actions[] = $module; } } // Do we have any actions? if (!count($this->actions)) { return '<ul class="nav-sub clearfix"></ul>'; } // Grab our module permissions so we know who can see what on the sidebar $permissions = config_item('module_permissions'); // Build up our menu array foreach ($this->actions as $module) { // Make sure the user has permission to view this page. if (isset($permissions[$context][$module]) && has_permission($permissions[$context][$module]) || !array_key_exists($module, $permissions[$context])) { // Grab our module config array, if any. $mod_config = module_config($module); $display_name = isset($mod_config['name']) ? $mod_config['name'] : $module; $title = isset($mod_config['description']) ? $mod_config['description'] : $module; $menu_topic = isset($mod_config['menu_topic'][$context]) ? $mod_config['menu_topic'][$context] : $display_name; // Drop-down menus? if (isset($mod_config['menus']) && isset($mod_config['menus'][$context])) { $menu_view = $mod_config['menus'][$context]; } else { $menu_view = ''; } $this->menu[$menu_topic][$module] = array('title' => $title, 'display_name' => $display_name, 'menu_view' => $menu_view, 'menu_topic' => $menu_topic); } } return $this->build_menu($context); }
/** * Class constructor - setup paging and keyboard shortcuts as well as * load various libraries * */ public function __construct() { parent::__construct(); $this->load->library('template'); $this->load->library('assets'); $this->load->library('ui/contexts'); // Pagination config $this->pager = array('full_tag_open' => '<div class="pagination pagination-right"><ul>', 'full_tag_close' => '</ul></div>', 'next_link' => '→', 'prev_link' => '←', 'next_tag_open' => '<li>', 'next_tag_close' => '</li>', 'prev_tag_open' => '<li>', 'prev_tag_close' => '</li>', 'first_tag_open' => '<li>', 'first_tag_close' => '</li>', 'last_tag_open' => '<li>', 'last_tag_close' => '</li>', 'cur_tag_open' => '<li class="active"><a href="#">', 'cur_tag_close' => '</a></li>', 'num_tag_open' => '<li>', 'num_tag_close' => '</li>'); $this->limit = $this->settings_lib->item('site.list_limit'); // load the keyboard shortcut keys $shortcut_data = array('shortcuts' => config_item('ui.current_shortcuts'), 'shortcut_keys' => $this->settings_lib->find_all_by('module', 'core.ui')); Template::set('shortcut_data', $shortcut_data); // Profiler Bar? if (ENVIRONMENT == 'development') { if ($this->settings_lib->item('site.show_profiler') and has_permission('Bonfire.Profiler.View')) { // Profiler bar? if (!$this->input->is_cli_request() and !$this->input->is_ajax_request()) { $this->load->library('Console'); $this->output->enable_profiler(TRUE); } } } // Basic setup Template::set_theme($this->config->item('template.admin_theme'), 'junk'); }
public function index($type=null) { // Get a list of modules with a controller matching // $type ('content', 'appearance', 'settings', 'statistics', or 'developer') foreach (module_list() as $module) { if (module_controller_exists($type, $module)) { $this->actions[] = $module; } } // Do we have any actions? if (!count($this->actions)) { return '<ul class="nav-sub clearfix"></ul>'; } // Grab our module permissions so we know who can see what on the sidebar $permissions = config_item('module_permissions'); // Build a ul to return $list = "<ul class='nav-sub clearfix'>\n"; foreach ($this->actions as $module) { // Make sure the user has permission to view this page. if ((isset($permissions[$type][$module]) && has_permission($permissions[$type][$module])) || !array_key_exists($module, $permissions[$type])) { // Is this the current module? if ($module == $this->uri->segment(3)) { $class = 'class="current"'; } else { $class = ''; } // Build our list item. $list .= '<li><a href="'. site_url('admin/'. $type .'/'. $module) .'" '. $class; // Icon /* if ($icon = module_icon($module)) { $list .= ' style="background: url('. $icon .')"'; } */ $list .= '>'. ucwords(str_replace('_', '', $module)) ."</a></li>\n"; } } $list .= "</ul>\n"; return $list; }
function require_permission($permissions) { if (has_permission($permissions)) { return true; } else { http_response_code(401); dispatch('siteuser/user_login'); exit; } }
public function index() { if (!is_logged()) { redirect('login'); } // Use the same permissions for the list but use different statuses. $surveys = array(); if (has_permission('view survey list any')) { redirect('surveys'); } else { if (has_permission('view survey list assigned')) { redirect('surveys/open'); } } // If regular user just show a empty page. $this->load->view('base/html_start'); $this->load->view('components/navigation', array('active_menu' => 'dashboard')); $this->load->view('base/html_end'); }
public function type($type = '') { //restrict access to users with Institutions.View permission $warning = array('type' => 'warning', 'text' => 'You dont have permission to view inistitutions'); $this->auth->restrict($warning, 'Institutions.View'); if (!$type) { $this->index(); return; } // SB Admin CSS - Include on every page $this->layout->add_css('sb-admin'); // SB Admin Scripts - Include with every page $this->layout->add_js('sb-admin'); // get all institution by the type requested $institutions = $this->institution_model->get_by_type($type); $data['institutions'] = $institutions; //find the institution type string for display in the view $institution_type = $this->institutions_type[$type]; $data['institution_type'] = $institution_type; $parent = $institution_type->parent; $parent_institution_type = null; $parent_institutions = array(); if ($parent) { $parent_institution_type = $this->institutions_type[$parent]; $parent_institutions = $this->app->get_institutions_by_type($parent_institution_type->id_type); } // define institution columns. May be i should find a better way to do // this. $institution_columns = array('Institution'); if ($parent_institution_type && $parent_institution_type->nom_type) { $institution_columns[] = $parent_institution_type->nom_type; } $institution_columns[] = 'Nom Responsable'; $institution_columns[] = 'Prenom Responsable'; if (has_permission('Institutions.Edit') || has_permission('Institutions.Delete')) { $institution_columns[] = 'Actions'; } $data['institution_columns'] = $institution_columns; $data['parent_institutions'] = $parent_institutions; $this->layout->view('institution_list', $data); }
/** * Perform form validation and save the settings to the database * * @param array $extended_settings An optional array of settings from the * extended_settings config file * * @return bool */ private function save_settings($extended_settings = array()) { $this->form_validation->set_rules('title', 'lang:bf_site_name', 'required|trim'); $this->form_validation->set_rules('system_email', 'lang:bf_site_email', 'required|trim|valid_email'); $this->form_validation->set_rules('list_limit', 'Items <em>p.p.</em>', 'required|trim|numeric'); $this->form_validation->set_rules('password_min_length', 'lang:bf_password_length', 'required|trim|numeric'); $this->form_validation->set_rules('password_force_numbers', 'lang:bf_password_force_numbers', 'trim|numeric'); $this->form_validation->set_rules('password_force_symbols', 'lang:bf_password_force_symbols', 'trim|numeric'); $this->form_validation->set_rules('password_force_mixed_case', 'lang:bf_password_force_mixed_case', 'trim|numeric'); $this->form_validation->set_rules('password_show_labels', 'lang:bf_password_show_labels', 'trim|numeric'); $this->form_validation->set_rules('languages[]', 'lang:bf_language', 'required|trim|is_array'); // Setup the validation rules for any extended settings $extended_data = array(); foreach ($extended_settings as $field) { if (empty($field['permission']) || has_permission($field['permission'])) { $this->form_validation->set_rules($field['name'], $field['label'], $field['rules']); $extended_data["ext.{$field['name']}"] = $this->input->post($field['name']); } } if ($this->form_validation->run() === false) { return false; } $data = array(array('name' => 'site.title', 'value' => $this->input->post('title')), array('name' => 'site.system_email', 'value' => $this->input->post('system_email')), array('name' => 'site.status', 'value' => $this->input->post('status')), array('name' => 'site.list_limit', 'value' => $this->input->post('list_limit')), array('name' => 'auth.allow_register', 'value' => isset($_POST['allow_register']) ? 1 : 0), array('name' => 'auth.user_activation_method', 'value' => isset($_POST['user_activation_method']) ? $_POST['user_activation_method'] : 0), array('name' => 'auth.login_type', 'value' => $this->input->post('login_type')), array('name' => 'auth.use_usernames', 'value' => isset($_POST['use_usernames']) ? $this->input->post('use_usernames') : 0), array('name' => 'auth.allow_remember', 'value' => isset($_POST['allow_remember']) ? 1 : 0), array('name' => 'auth.remember_length', 'value' => (int) $this->input->post('remember_length')), array('name' => 'auth.use_extended_profile', 'value' => isset($_POST['use_ext_profile']) ? 1 : 0), array('name' => 'auth.allow_name_change', 'value' => $this->input->post('allow_name_change') ? 1 : 0), array('name' => 'auth.name_change_frequency', 'value' => $this->input->post('name_change_frequency')), array('name' => 'auth.name_change_limit', 'value' => $this->input->post('name_change_limit')), array('name' => 'auth.password_min_length', 'value' => $this->input->post('password_min_length')), array('name' => 'auth.password_force_numbers', 'value' => $this->input->post('password_force_numbers')), array('name' => 'auth.password_force_symbols', 'value' => $this->input->post('password_force_symbols')), array('name' => 'auth.password_force_mixed_case', 'value' => $this->input->post('password_force_mixed_case')), array('name' => 'auth.password_show_labels', 'value' => $this->input->post('password_show_labels') ? 1 : 0), array('name' => 'site.show_profiler', 'value' => isset($_POST['show_profiler']) ? 1 : 0), array('name' => 'site.show_front_profiler', 'value' => isset($_POST['show_front_profiler']) ? 1 : 0), array('name' => 'site.languages', 'value' => $this->input->post('languages') != '' ? serialize($this->input->post('languages')) : ''), array('name' => 'password_iterations', 'value' => $this->input->post('password_iterations'))); log_activity($this->current_user->id, lang('bf_act_settings_saved') . ': ' . $this->input->ip_address(), 'core'); // Save the settings to the DB $updated = $this->settings_model->update_batch($data, 'name'); // If the update was successful and there are extended settings to save, if ($updated && !empty($extended_data)) { // Save them $updated = $this->save_extended_settings($extended_data); } return $updated; }
function CreateFolder($resourceType, $currentFolder) { global $_FolderClass; global $Config; if (!isset($_GET)) { global $_GET; } $sErrorNumber = '0'; $sErrorMsg = ''; if (!has_permission($currentFolder, $resourceType) || $_FolderClass < 8) { if (!has_open_access()) { $sErrorNumber = 103; echo '<Error number="' . $sErrorNumber . '" />'; return; } } if (isset($_GET['NewFolderName'])) { $sess_id = session_id(); if (!isset($sess_id) || $sess_id != $_COOKIE['FCK_NmSp_acl']) { session_id($_COOKIE['FCK_NmSp_acl']); session_start(); } global $Dwfck_conf_values; global $dwfck_conf; $dwfck_conf = $_SESSION['dwfck_conf']; if (empty($dwfck_conf)) { $dwfck_conf['deaccent'] = isset($Dwfck_conf_values['deaccent']) ? $Dwfck_conf_values['deaccent'] : 1; $dwfck_conf['useslash'] = isset($Dwfck_conf_values['useslash']) ? $Dwfck_conf_values['useslash'] : 0; $dwfck_conf['sepchar'] = isset($Dwfck_conf_values['sepchar']) ? $Dwfck_conf_values['sepchar'] : '_'; } $sNewFolderName = $_GET['NewFolderName']; $sNewFolderName = str_replace(' ', $dwfck_conf['sepchar'], $sNewFolderName); $sNewFolderName = Dwfck_sanitize($sNewFolderName); if (strpos($sNewFolderName, '..') !== FALSE) { $sErrorNumber = '102'; } else { // Map the virtual path to the local server path of the current folder. $sServerDir = ServerMapFolder($resourceType, $currentFolder, 'CreateFolder'); if ($Dwfck_conf_values['fnencode'] == 'url' || $Config['osWindows'] && !isset($Dwfck_conf_values['fnencode'])) { $sServerDir = encode_dir($sServerDir); } if ($Config['osWindows']) { $sServerDir = normalizeWIN($sServerDir); } if (is_writable($sServerDir)) { $sServerDir .= $sNewFolderName; $sErrorMsg = CreateServerFolder($sServerDir); switch ($sErrorMsg) { case '': $sErrorNumber = '0'; break; case 'Invalid argument': case 'No such file or directory': $sErrorNumber = '102'; // Path too long. break; default: $sErrorNumber = '110'; break; } } else { $sErrorNumber = '103'; } } } else { $sErrorNumber = '102'; } // Create the "Error" node. echo '<Error number="' . $sErrorNumber . '" />'; }
</p> <?php echo Modules::run('roles/settings/matrix'); ?> </fieldset> <?php } ?> <fieldset class="form-actions"> <input type="submit" name="save" class="btn btn-primary" value="<?php echo lang('role_save_role'); ?> " /> <?php echo lang('bf_or') . ' ' . anchor(SITE_AREA . '/settings/roles', lang('bf_action_cancel')); if (isset($role) && $role->can_delete == 1 && has_permission('Bonfire.Roles.Delete')) { ?> <button type="submit" name="delete" class="btn btn-danger" onclick="return confirm('<?php e(js_escape(lang('role_delete_confirm') . ' ' . lang('role_delete_note'))); ?> ')"><span class="icon-trash icon-white"></span> <?php echo lang('role_delete_role'); ?> </button> <?php } ?> </fieldset> <?php echo form_close(); ?>
<li> <a href="#" class="bttn bttn-primary bttn-small bttn-dropdown bttn-icon-edit" data-dropdown="action-bttn">Edit</a> <ul class="action-dropdown for-bttn-small"> <?php if (has_permission('edit any survey')) { ?> <li><?php echo anchor($survey_entity->get_url_edit(), 'Modify'); ?> </li> <?php } ?> <?php if (has_permission('delete any survey')) { ?> <?php $class = 'danger'; ?> <?php $class .= !$survey_entity->status_allows('delete any survey') ? ' disabled' : ''; ?> <li><?php echo anchor_csrf($survey_entity->get_url_delete(), 'Delete', array('class' => $class, 'data-confirm-action' => 'Are you sure you want to delete: <em>' . $survey_entity->title . '</em>?')); ?> </li> <?php } ?> </ul>
<?php if (has_permission('Bonfire.Users.Manage')) { ?> <ul class="nav nav-pills"> <li <?php echo $this->uri->segment(4) == '' ? 'class="active"' : ''; ?> > <a href="<?php echo site_url(SITE_AREA . '/settings/users'); ?> "><?php echo lang('bf_users'); ?> </a> </li> <li <?php echo $this->uri->segment(4) == 'create' ? 'class="active"' : ''; ?> > <a href="<?php echo site_url(SITE_AREA . '/settings/users/create'); ?> " id="create_new">Nouvel utilisateur</a> </li> </ul> <?php }
?> </p> </div> <div class="text-right"> <br/> <input type="submit" name="submit" value="Edit Navigation" /> or <?php echo anchor(SITE_AREA . '/content/navigation', lang('navigation_cancel')); ?> </div> <?php echo form_close(); ?> <?php if (isset($navigation) && has_permission('Navigation.Content.Delete')) { ?> <div class="box delete rounded"> <a class="button" id="delete-me" href="<?php echo site_url(SITE_AREA . '/content/navigation/delete/' . $id); ?> " onclick="return confirm('<?php echo lang('navigation_delete_confirm'); ?> ')"><?php echo lang('navigation_delete_record'); ?> </a> <h3><?php echo lang('navigation_delete_record');
function include_all($x) { extract($x); #add a few extra variables that will be usefull in the output; #x = array('elements'=>, 'element_info'=>, 'user_id'=>, 'db'=>) #Example: $data = include_all(compact('elements', 'element_info', 'user_id', 'db')); #when there is no resource_class_id, find it from the project where instance was created. WILL ASSUME THAT RESOURCE_CLASS_ID FILLED OUT IS A REQUIREMENT FOR ALL S3DB THAT SHARE RULES if ($_REQUEST['project_id'] == '') { $project_id = $element_info['project_id']; } else { $project_id = $_REQUEST['project_id']; } if (!$model) { $model = 'nsy'; } if ($letter == '') { $letter = strtoupper(substr($elements, 0, 1)); } if (is_array($GLOBALS['s3map'][$GLOBALS['plurals'][$GLOBALS['s3codes'][$letter]]])) { foreach ($GLOBALS['s3map'][$GLOBALS['plurals'][$GLOBALS['s3codes'][$letter]]] as $replace => $with) { $element_info[$replace] = $element_info[$with]; } } #if element is a class, return the class id if ($letter == 'D') { $element_info['acl'] = $user_id == '1' ? '222' : (user_is_admin($user_id, $db) ? '212' : (user_is_public($user_id, $db) ? '210' : '211')); $element_info['created_by'] = $user_id; $element_info['description'] = $GLOBALS['s3db_info']['server']['site_intro']; $element_info['name'] = $GLOBALS['s3db_info']['server']['site_title']; if ($element_info['deployment_id'] == $GLOBALS['s3db_info']['deployment']['Did']) { $element_info['self'] = 1; } } if ($letter == 'G') { #echo '<pre>';print_r($x);exit; $e = 'groups'; #$element_info['group_id'] = $element_info['account_id']; #$element_info['groupname'] = $element_info['account_uname']; #$element_info['acl'] = groupAcl($element_info, $user_id, $db); $uid_info = uid($element_info['account_id']); $element_info['deployment_id'] = ereg_replace('^D', '', $uid_info['Did']); $strictuid = 1; $strictsharedwith = 1; $uid = 'G' . $element_info['group_id']; $shared_with = 'U' . $user_id; #$element_info['acl'] = permissionOnResource(compact('user_id', 'shared_with', 'db', 'uid','key','strictsharedwith','strictuid')); $element_info['acl'] = groupAcl($element_info, $user_id, $db, $timer); if ($timer) { $timer->setMarker('Included resource information for ' . $letter); } #echo '<pre>';print_r($element_info);exit; } if ($letter == 'U') { if ($element_info['account_addr_id'] != '') { $sql = "select * from s3db_addr where addr_id = '" . $element_info['account_addr_id'] . "'"; $fields = array('addr1', 'addr2', 'city', 'state', 'postal_code', 'country'); $db->query($sql); while ($db->next_record()) { for ($i = 0; $i < count($fields); $i++) { $element_info[$fields[$i]] = $db->f($fields[$i]); } } $element_info = array_delete($element_info, 'account_addr_id'); } $element_info['user_id'] = $element_info['account_id']; $element_info['username'] = $element_info['account_uname']; $element_info['login'] = $element_info['account_lid']; $element_info['address'] = $element_info['addr1']; $uid_info = uid($element_info['account_id']); $element_info['deployment_id'] = ereg_replace('^D', '', $uid_info['Did']); if ($user_id != '1' && $element_info['created_by'] != $user_id && $element_info['account_id'] != $user_id) { #if user is not seing himself and user is not admin and user was not the creator of element, then hide address, email, phone, etc. $keys2Remove = array('account_email' => '', 'account_phone' => '', 'addr1' => '', 'addr2' => '', 'city' => '', 'state' => '', 'postal_code' => '', 'country' => ''); if (is_array($element_info)) { $element_info = array_diff_key($element_info, $keys2Remove); } } if ($user_id != '1' && $element_info['created_by'] != $user_id && $user_id != $element_info['account_id']) { if (is_array($element_info)) { $element_info = array_diff_key($element_info, array('account_type' => '', 'account_status' => '')); } } else { //if this user has been created with a filter, what is that filter $permission_info = array('uid' => 'U' . $element_info['created_by'], 'shared_with' => 'U' . $element_info['account_id']); $hp = has_permission($permission_info, $db); if ($hp) { $element_info['filter'] = $hp; } } if (is_array($element_info)) { $element_info = array_diff_key($element_info, array('account_pwd' => '')); } $user_id_who_asks = $user_id; $uid = 'U' . $element_info['user_id']; $shared_with = $user_id_who_asks; $strictuid = 1; $strictsharedwith = 1; $onPermissions = compact('user_id', 'shared_with', 'db', 'uid', 'key', 'strictsharedwith', 'strictuid'); if ($element_info['acl'] == '') { $element_info['acl'] = userAcl(compact('key', 'element_info', 'user_id_who_asks', 'db')); } } if ($letter == 'P') { $element_info['name'] = $element_info['project_name']; $element_info['description'] = $element_info['project_description']; $id = 'P' . $element_info['project_id']; $uid = 'P' . $element_info['project_id']; } if ($letter == 'C') { $element_info['class_id'] = $element_info['resource_id']; $element_info['collection_id'] = $element_info['class_id']; $element_info['name'] = $element_info['entity']; $element_info['description'] = $element_info['notes']; #project_id to search for rule_id will be the same from the class $uid = 'C' . $element_info['resource_id']; } #if element is a rule, return the class_id of the subject. If the object is a class, return the object_id... to discuss with jonas if ($letter == 'R') { $uid = 'R' . $element_info['rule_id']; } #if this is an instance, return the class_id => ASSUMING THAT EVERY S3DB THAT HAS SHARED RULES HAS RESOURCECLASSID IN INSTANCE. if ($letter == 'I') { if ($element_info['resource_class_id'] != '') { $element_info['class_id'] = $element_info['resource_class_id']; } $element_info['instance_id'] = $element_info['resource_id']; $element_info['item_id'] = $element_info['instance_id']; $element_info['collection_id'] = $element_info['class_id']; $instance_id = $element_info['instance_id']; $uid = 'I' . $element_info['instance_id']; } if ($letter == 'S') { $uid = 'S' . $element_info['statement_id']; $info[$id] = $element_info; $statement_id = $element_info['statement_id']; $element_info['instance_id'] = $element_info['resource_id']; $element_info['item_id'] = $element_info['instance_id']; $element_info['instance_notes'] = $info['I' . $element_info['instance_id']]['notes']; if ($info['R' . $element_info['rule_id']] == '') { $info['R' . $element_info['rule_id']] = s3info('rule', $element_info['rule_id'], $db); } $element_info['object_notes'] = notes($element_info['value'], $db); $element_info['project_folder'] = $element_info['value']; $element_info = include_fileLinks($element_info, $db); $element_info['subject'] = $info['R' . $element_info['rule_id']]['subject']; $element_info['verb'] = $info['R' . $element_info['rule_id']]['verb']; $element_info['object'] = $info['R' . $element_info['rule_id']]['object']; $element_info['subject_id'] = $info['R' . $element_info['rule_id']]['subject_id']; $element_info['verb_id'] = $info['R' . $element_info['rule_id']]['verb_id']; $element_info['object_id'] = $info['R' . $element_info['rule_id']]['object_id']; } $strictuid = 1; $strictsharedwith = 1; $shared_with = 'U' . $user_id; $toFindInfo = $element_info; $onPermissions = compact('user_id', 'shared_with', 'db', 'uid', 'key', 'strictsharedwith', 'strictuid', 'timer', 'toFindInfo'); if ($element_info['acl'] == '') { $element_info['acl'] = permission4Resource($onPermissions); } $element_info['permission_level'] = $element_info['acl']; if (!$element_info['effective_permission']) { $element_info['effective_permission'] = $element_info['acl']; } if (!$element_info['assigned_permission']) { $pp = array('uid' => $uid, 'shared_with' => $shared_with); $tmp = has_permission($pp, $db); if ($tmp) { $element_info['assigned_permission'] = $tmp; } else { $element_info['assigned_permission'] = '---'; } } #Define if ser can view or not view data. View is the first number in the 3d code. $permission2user = permissionModelComp($element_info['permission_level']); ##According to the model, change the values of assigned_permission from prevous versions $element_info['assigned_permission'] = str_replace(array('0', '1', '2'), str_split($model), $element_info['assigned_permission']); $isOwner = $element_info['created_by'] == $user_id; $element_info['view'] = allowed($permission2user, 0, $isOwner, $state = 3, $model); $element_info['change'] = allowed($permission2user, 1, $isOwner, $state = 3, $model); $element_info['propagate'] = allowed($permission2user, 2, $isOwner, $state = 3, $model); #create the element "delete", in case it is eventually created...For now it is the same as change $element_info['delete'] = $element_info['change']; $element_info['delete_data'] = $element_info['add_data']; $element_info['add_data'] = $element_info['propagate']; return $element_info; }
</div> </div> </fieldset> <?php } // Allow modules to render custom fields Events::trigger('render_user_form'); ?> <!-- Start of User Meta --> <?php $this->load->view('users/user_meta'); ?> <!-- End of User Meta --> <?php if (isset($user) && has_permission('Permissions.' . ucfirst($user->role_name) . '.Manage') && $user->id != $this->auth->user_id() && ($user->banned || $user->deleted)) { ?> <fieldset> <legend><?php echo lang('us_account_status'); ?> </legend> <?php $field = 'activate'; if ($user->active) { $field = 'de' . $field; } ?> <div class="control-group"> <div class="controls"> <label for="<?php
<?php /******************/ // This Page Lets the Admin Add and Delete Editors to this site. /*****************/ ob_start(); require_once $_SERVER['DOCUMENT_ROOT'] . '/Gamesite/core/init.php'; // Check if Admin is logged in, if not, redirect him to index.php if (!has_permission('admin')) { permission_error_redirect('index.php'); } include 'includes/head.php'; include 'includes/navigation.php'; // Delete Editors if (isset($_GET['delete'])) { $delete_id = sanitize($_GET['delete']); // Delete from DB and run query with Header Redirect. $db->query("delete from admin where id = '{$delete_id}' "); $_SESSION['success_flash'] = 'Editor has been deleted.'; header('Location: Editors.php'); } // If Add New Editor is clicked if (isset($_GET['add'])) { // SET ALL OF THE FORM VARIABLES $name = isset($_POST['name']) ? sanitize($_POST['name']) : ''; $email = isset($_POST['email']) ? sanitize($_POST['email']) : ''; $password = isset($_POST['password']) ? sanitize($_POST['password']) : ''; $confirm = isset($_POST['confirm']) ? sanitize($_POST['confirm']) : ''; $permissions = isset($_POST['permissions']) ? sanitize($_POST['permissions']) : ''; // set errors to a empty array $errors = array();
/** * Save the user * * @access private * * @param string $type The type of operation (insert or edit) * @param int $id The id of the user in the case of an edit operation * @param array $meta_fields Array of meta fields fur the user * @param string $cur_role_name The current role for the user being edited * * @return bool */ private function save_user($type = 'insert', $id = 0, $meta_fields = array(), $cur_role_name = '') { $this->form_validation->set_rules($this->user_model->get_validation_rules($type)); $extra_unique_rule = ''; $username_required = ''; if ($type != 'insert') { $_POST['id'] = $id; $extra_unique_rule = ',users.id'; } if ($this->settings_lib->item('auth.login_type') == 'username' || $this->settings_lib->item('auth.use_usernames')) { $username_required = 'required|'; } $this->form_validation->set_rules('username', 'lang:bf_username', $username_required . 'trim|max_length[30]|unique[users.username' . $extra_unique_rule . ']'); $this->form_validation->set_rules('email', 'lang:bf_email', 'required|trim|valid_email|max_length[120]|unique[users.email' . $extra_unique_rule . ']'); if (has_permission('Bonfire.Roles.Manage') && has_permission('Permissions.' . $cur_role_name . '.Manage')) { $this->form_validation->set_rules('role_id', 'lang:us_role', 'required|trim|max_length[2]|is_numeric'); } $meta_data = array(); foreach ($meta_fields as $field) { if (!isset($field['admin_only']) || $field['admin_only'] === false || isset($field['admin_only']) && $field['admin_only'] === true && isset($this->current_user) && $this->current_user->role_id == 1) { $this->form_validation->set_rules($field['name'], $field['label'], $field['rules']); $meta_data[$field['name']] = $this->input->post($field['name']); } } if ($this->form_validation->run() === false) { return false; } // Compile our core user elements to save. $data = $this->user_model->prep_data($this->input->post()); if ($type == 'insert') { $activation_method = $this->settings_lib->item('auth.user_activation_method'); // No activation method if ($activation_method == 0) { // Activate the user automatically $data['active'] = 1; } $return = $this->user_model->insert($data); $id = $return; } else { // Update $return = $this->user_model->update($id, $data); } // Save any meta data for this user if (count($meta_data)) { $this->user_model->save_meta_for($id, $meta_data); } // Any modules needing to save data? Events::trigger('save_user', $this->input->post()); return $return; }
<?php if (has_permission($matrix_perm['name']) || $current_user->role_id == 1) { //Admin ?> <tr title="<?php echo $matrix_perm['name']; ?> "> <td><?php echo $matrix_perm['name']; ?> </td> <?php for ($i = 0; $i < count($cols); $i++) { if (has_permission('Permissions.' . $cols[$i]['role_name'] . '.Manage')) { $checkbox_value = $cols[$i]['role_id'] . ',' . $matrix_perm['permission_id']; $checked = in_array($checkbox_value, $matrix_role_permissions) ? ' checked="checked"' : ''; ?> <td class="text-center" title="<?php echo $cols[$i]['role_name']; ?> "> <input type="checkbox" value="<?php echo $checkbox_value; ?> "<?php echo $checked; ?> title="<?php echo lang('matrix_role');
?> </h1> </div> <nav id="secondary" role="navigation"> <ul class="bttn-toolbar"> <li class="sector-switcher"> <a class="bttn-sector bttn-dropdown" href="" data-dropdown="action-bttn"><strong>Call activity</strong></a> <ul class="action-dropdown"> <li><a href="<?php echo $survey->get_url_view(); ?> ">Summary</a></li> <?php if (has_permission('manage respondents any survey')) { ?> <li><a href="<?php echo $survey->get_url_respondents(); ?> ">Respondents</a></li> <?php } ?> </ul> </li> </ul> </nav> </div>
<div style="border-bottom: 1px solid #999; padding: 5px 18px; color: #222;" <?php echo 'class="' . $class . '"'; ?> > <?php e($row); ?> </div> <?php } ?> </div> </div> <?php if (has_permission('Bonfire.Logs.Manage')) { ?> <!-- Purge? --> <div class="admin-box"> <h3><?php echo lang('log_delete1_button'); ?> </h3> <br/> <?php echo form_open(SITE_AREA . '/developer/logs'); ?> <div class="alert alert-warning fade in"> <a class="close" data-dismiss="alert">×</a> <?php
<?php render_search_box(); ?> </div> <?php if (isset($users) && is_array($users)) { ?> <div class="scrollable"> <div class="list-view" id="user-list"> <?php foreach ($users as $user) { ?> <?php if (isset($user) && has_permission('Permissions.' . $user->role_name . '.Manage')) { ?> <div class="list-item with-icon" data-id="<?php echo $user->id; ?> " data-role="<?php echo $user->role_name; ?> "> <?php echo gravatar_link($user->email, 32, '', $user->first_name . ' ' . $user->last_name); ?> <p> <?php if (config_item('auth.use_own_names')) {
<?php include_once '../../../includes/user.php'; include_once '../../../includes/topic.php'; include_once '../../../includes/thread.php'; include_once '../../../includes/post.php'; include_once '../../../includes/parsedown.php'; include_once '../../../includes/permissions.php'; session_start(); if (isset($_SESSION['user'])) { if (has_permission($_SESSION['user'], 'CREATE_TOPIC')) { if (isset($_POST['create-topic'])) { if (isset($_GET['id'])) { $topic_id = create_topic($_POST['title'], get_topic_by_id($_GET['id'])); header("HTTP/1.1 303 See Other"); header("Location: /forum/topic/?id=" . $topic_id); } else { $topic_id = create_topic($_POST['title']); header("HTTP/1.1 303 See Other"); header("Location: /forum/topic/?id=" . $topic_id); } } else { header("HTTP/1.1 400 Bad Request"); } } else { header("HTTP/1.1 403 Forbidden"); } } else { header("HTTP/1.1 403 Forbidden"); }
<td> <?php if (has_permission('Confirmation.Edit')) { ?> <a class="btn btn-info edit" href="<?php echo site_url('sacrement/editConfirmation/' . $confirmation['id_confirmation']); ?> "> <i class="fa fa-edit"></i> Edit </a> <?php } ?> <?php if (has_permission('Confirmation.Delete')) { ?> <a class="btn btn-danger delete" href="<?php echo site_url('settings/deleteConfirmation/' . $confirmation['id_confirmation']); ?> "> <i class="fa fa-trash-o"></i> Delete </a> <?php } ?> </td> <?php } ?> </tr>
?> "><?php echo $mod; ?> </option> <?php } ?> </select> </div> <?php } ?> <?php if (has_permission('Activities.Date.Delete')) { ?> <div class="box delete rounded"> <a class="button" id="delete-activity_date"><?php echo lang('activity_date_delete'); ?> </a> <?php echo lang('activity_delete_date_note'); ?> <select id="activity_date_select"> <option value="all"><?php echo lang('activity_all_dates'); ?> </option>
<b class="caret"></b></a> <ul class="dropdown-menu"> <li> <a href="<?php echo site_url(); ?> "> <?php echo lang('bf_home'); ?> </a> </li> <?php if (has_permission('Site.Content.View')) { ?> <li class="divider"></li> <li> <?php echo anchor(SITE_AREA, 'Control Panel'); ?> </li> <?php } ?> <li class="divider"></li> <li> <a href="<?php echo site_url('users/profile');
<ul class="nav nav-pills"> <li <?php echo $this->uri->segment(4) == '' ? 'class="active"' : ''; ?> > <a href="<?php echo site_url(SITE_AREA . '/settings/roles'); ?> "><?php echo lang('role_roles'); ?> </a> </li> <?php if (has_permission('Bonfire.Roles.Add')) { ?> <li <?php echo $this->uri->segment(4) == 'create' ? 'class="active"' : ''; ?> > <a href="<?php echo site_url(SITE_AREA . '/settings/roles/create'); ?> " id="create_new"><?php echo lang('role_new_role'); ?> </a> </li> <?php } ?>
public function delete() { $id = $this->uri->segment(5); if (!empty($id)) { $this->auth->restrict('Bonfire.Users.Manage'); $user = $this->user_model->find($id); if (isset($user) && has_permission('Permissions.' . $user->role_name . '.Manage') && $user->id != $this->auth->user_id()) { if ($this->user_model->delete($id)) { $user = $this->user_model->find($id); $log_name = config_item('auth.use_own_names') ? $this->auth->user_name() : (config_item('auth.use_usernames') ? $user->username : $user->email); $this->activity_model->log_activity($this->auth->user_id(), lang('us_log_delete') . ': ' . $log_name, 'users'); Template::set_message('The User was successfully deleted.', 'success'); } else { Template::set_message('We could not delete the user: '******'success'); } } else { if ($user->id == $this->auth->user_id()) { Template::set_message(lang('us_self_delete'), 'error'); } else { Template::set_message(sprintf(lang('us_unauthorized'), $user->role_name), 'error'); } } } else { Template::set_message(lang('us_empty_id'), 'error'); } redirect(SITE_AREA . '/settings/users'); }
echo form_dropdown('author', $users, $selection, 'class="span6" id="author"'); } if (form_error('author')) { echo '<span class="help-inline">' . form_error('author') . '</span>'; } ?> <?php } else { echo find_author_name($selection); } ?> </div> </div> </fieldset> <?php if (has_permission('Site.News.Manage')) { ?> <fieldset> <legend><?php echo lang('us_additional'); ?> </legend> <div class="control-group <?php echo form_error('category_id') ? 'error' : ''; ?> "> <label class="control-label"><?php echo lang('us_category'); ?> </label>
</div> <!-- End of Developer Settings Tab --> <?php } if ($show_extended_settings) { ?> <!-- Start of Extended Settings Tab Pane --> <div class='tab-pane' id='extended'> <fieldset> <legend><?php echo lang('set_option_extended'); ?> </legend> <?php foreach ($extended_settings as $field) { if (empty($field['permission']) || has_permission($field['permission'])) { $form_error_class = form_error($field['name']) ? ' error' : ''; $field_control = ''; if ($field['form_detail']['type'] == 'dropdown') { echo form_dropdown($field['form_detail']['settings'], $field['form_detail']['options'], set_value($field['name'], isset($settings["ext.{$field['name']}"]) ? $settings["ext.{$field['name']}"] : ''), $field['label']); } elseif ($field['form_detail']['type'] == 'checkbox') { $field_control = form_checkbox($field['form_detail']['settings'], $field['form_detail']['value'], isset($settings["ext.{$field['name']}"]) && $field['form_detail']['value'] == $settings["ext.{$field['name']}"]); } elseif ($field['form_detail']['type'] == 'state_select') { if (!is_callable('state_select')) { $this->load->config('address'); $this->load->helper('address'); } $field_control = state_select(isset($settings["ext.{$field['name']}"]) ? $settings["ext.{$field['name']}"] : 'CA', 'CA', 'US', $field['name'], 'span6 chzn-select'); } elseif ($field['form_detail']['type'] == 'country_select') { if (!is_callable('country_select')) { $this->load->config('address');
?> <div class="submits"> <input type="submit" name="submit" value="<?php echo lang('bf_action_save'); ?> " /> <?php echo lang('bf_or'); ?> <?php echo anchor(SITE_AREA . '/settings/users', lang('bf_action_cancel')); ?> </div> <?php if (isset($user) && has_permission('Permissions.' . $user->role_name . '.Manage') && $user->id != $this->auth->user_id()) { ?> <div class="box delete rounded"> <a class="button" id="delete-me" href="<?php echo site_url(SITE_AREA . '/settings/users/delete/' . $user->id); ?> " onclick="return confirm('<?php echo lang('us_delete_account_confirm'); ?> ')"><?php echo lang('us_delete_account'); ?> </a> <?php echo lang('us_delete_account_note');
<td><?php echo $user->getLastLogin('Y-m-d H:i:s'); ?> </td> <td><?php echo $user->getCreatedAt('Y-m-d H:i:s'); ?> </td> <td> <div class="btn-group" role="group"> <a href="<?php echo uri('siteuser/edit/' . $user->getId()); ?> " class="btn btn-xs btn-primary"><span class="fa fa-paste"></span> 编辑</a> <?php if (has_permission('管理所有客户')) { ?> <a href="<?php echo uri('siteuser/delete/' . $user->getId()); ?> " data-name="<?php echo $user->getProfile()->getNickname(); ?> " data-uid="<?php echo $user->getId(); ?> " class="btn btn-xs btn-danger delete"><span class="fa fa-times"></span> 删除</a> <?php } ?> </div>