private function checkAuth($method) { $auth = ""; if ($this->input->server('HTTP_X_AUTHORIZATION')) { $auth = $this->input->server('HTTP_X_AUTHORIZATION'); } $request_date = ""; if ($this->input->server('HTTP_DATE')) { $request_date = $this->input->server('HTTP_DATE'); } $query_string = ""; if ($this->input->server('QUERY_STRING')) { $query_string = $this->input->server('QUERY_STRING'); } if (empty($request_date) || !$this->checkDate($request_date)) { $error_code = "403"; $error_message = $error_code . " Date is invalid"; show_error($error_message, $error_code); exit; } if (empty($auth) || !isAuthorized($auth, $request_date, $method, $query_string)) { $error_code = "401"; $error_message = $error_code . " Unauthorized"; show_error($error_message, $error_code); exit; } }
function show_default() { $profiledb = ProfileDB::getInstance(); $profiles = $profiledb->getList(); if (is_array($profiles) == false) { $profiles = array(); } $can_manage_profiles = isAuthorized('manageSharedFolders'); $can_manage_configuration = isAuthorized('manageConfiguration'); page_header(); echo '<div id="profiles_div">'; echo '<h1>' . _('Profiles') . '</h1>'; echo '<div id="profiles_list_div">'; echo '<table border="0" cellspacing="1" cellpadding="3">'; foreach ($profiles as $profile) { echo '<tr>'; echo '<td><a href="profiles.php?action=manage&id=' . $profile->id . '">' . $profile->id . '</a></td>'; if ($can_manage_profiles) { echo '<td><form action="actions.php" method="post" onsubmit="return confirm(\'' . _('Are you sure you want to delete this profile?') . '\');">'; echo '<input type="hidden" name="name" value="Profile" />'; echo '<input type="hidden" name="action" value="del" />'; echo '<input type="hidden" name="ids[]" value="' . $profile->id . '" />'; echo '<input type="submit" value="' . _('Delete this profile') . '" />'; echo '</form></td>'; } echo '</tr>'; } echo '</table>'; echo '</div>'; echo '</div>'; page_footer(); die; }
function getMyPermissionsHash() { $permissionsList = ""; if (isAuthorized()) { if (isset(Reg::get('usr')->perms) and !empty(Reg::get('usr')->perms)) { if (is_array(Reg::get('usr')->perms->permissionsList)) { foreach (Reg::get('usr')->perms->permissionsList as $perm) { $permissionsList .= $perm->id . ':'; } } } } return md5($permissionsList); }
function grantAccess() { $MM_restrictGoTo = "index.php"; if (!(isset($_SESSION['MM_Username']) && isAuthorized("", $MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup']))) { $MM_qsChar = "?"; $MM_referrer = $_SERVER['PHP_SELF']; if (strpos($MM_restrictGoTo, "?")) { $MM_qsChar = "&"; } if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) { $MM_referrer .= "?" . $QUERY_STRING; } $MM_restrictGoTo = $MM_restrictGoTo . $MM_qsChar . "accesscheck=" . urlencode($MM_referrer); header("Location: " . $MM_restrictGoTo); exit; } }
<?php require_once "../subs.php"; require_once "../conf.inc.php"; require_once "../lib/dblayer.php"; require_once "./subs.php"; require_once "../vendor/autoload.php"; // Twig инициализация Twig_Autoloader::register(); $loader = new Twig_Loader_Filesystem("../templates"); // Twig папка с шаблонами $twig = new Twig_Environment($loader, array("cache" => "../cache", "auto_reload" => 1)); // Twig no cache $template = 'tools.twig'; if ($admin_login = isAuthorized()) { $c['nojs'] = true; $users = getUsers(); $permissions = getPermissions($admin_login["uid"], $users); if ($permissions["bills"] == 'deny') { unset($TITLE["bills"]); } if ($permissions["users"] == 'deny') { unset($TITLE["users"]); } $c['dir'] = basename(__DIR__); $TITLE['helpdesk/reports'] = "Отчёты"; $c['sections'] = $TITLE; $categories = getCategories(); $c["cat"] = $_cat = checkRequest("cat"); if ($_cat) { $c['current_cat'] = getCategory($_cat);
function pageClearence($secLevel, $AUTH_redirectTo) { if (!isAuthorized($secLevel)) { header("Location: " . $AUTH_redirectTo); } }
<?php /* * index.php * general page * */ ini_set('display_errors', 1); error_reporting(E_ALL ^ E_NOTICE); require 'subs.php'; require 'conf.inc.php'; require_once "lib/dblayer.php"; $stage = isset($_REQUEST['stage']) ? check_string($_REQUEST['stage'], 'string') : null; // Стадия if (isAuthorized()) { header("Location: home"); } else { // echo 2; authorize(); } if ($db_err["error_no"] != null) { print_r($db_err); } // DB-errors
function checkAuthorization($policy_) { if (isAuthorized($policy_)) { return true; } popup_error(_('You are not allowed to perform this action')); return false; }
function show_default() { $tasks = $_SESSION['service']->tasks_list(); if (is_null($tasks)) { popup_error(_('Internal error requestings tasks')); redirect(); } $servers_ = $_SESSION['service']->getOnlineServersList(); if (is_null($servers_)) { $servers_ = array(); } $servers = array(); foreach ($servers_ as $server) { if (isset($server->ulteo_system) && $server->ulteo_system == 1) { $servers[] = $server; } } $can_do_action = isAuthorized('manageServers'); page_header(); echo '<div id="tasks_div">'; echo '<h1>' . _('Tasks') . '</h1>'; if (count($tasks) > 0) { echo '<div id="tasks_list_div">'; echo '<h2>' . _('List of tasks') . '</h2>'; echo '<table class="main_sub sortable" id="tasks_list_table" border="0" cellspacing="1" cellpadding="5">'; echo '<thead>'; echo '<tr class="title">'; echo '<th>' . _('ID') . '</th>'; echo '<th>' . _('Creation time') . '</th>'; echo '<th>' . _('Type') . '</th>'; echo '<th>' . _('Server') . '</th>'; echo '<th>' . _('Status') . '</th>'; echo '<th>' . _('Details') . '</th>'; echo '</tr>'; echo '</thead>'; echo '<tbody>'; $count = 0; foreach ($tasks as $task) { $content = 'content' . ($count++ % 2 == 0 ? 1 : 2); if (array_key_exists($task->server, $servers_)) { $server_name = $servers_[$task->server]->getDisplayName(); } else { $server_name = $task->server; } $can_remove = $task->succeed() || $task->failed(); if ($task->succeed()) { $status = '<span class="msg_ok">' . _('Finished') . '</span>'; } elseif ($task->failed()) { $status = '<span class="msg_error">' . _('Error') . '</span>'; } elseif ($task->status == 'in progress') { $status = '<span class="msg_warn">' . _('In progress') . '</span>'; } else { $status = $task->status; } echo '<tr class="' . $content . '">'; echo '<td><a href="?action=manage&id=' . $task->id . '">' . $task->id . '</a></td>'; echo '<td>' . date('Y-m-d H:i:s', $task->t_begin) . '</td>'; echo '<td>' . $task->getAttribute('type') . '</td>'; echo '<td><a href="servers.php?action=manage&id=' . $task->server . '">' . $server_name . '</a></td>'; echo '<td>' . $status . '</td>'; echo '<td>' . $task->getAttribute('request') . '</td>'; // todo !!! if ($can_do_action) { echo '<td>'; if ($can_remove) { echo '<form action="actions.php" method="post">'; echo '<input type="hidden" name="name" value="Task" />'; echo '<input type="hidden" name="action" value="del" />'; echo '<input type="hidden" name="checked_tasks[]" value="' . $task->id . '" />'; echo '<input type="submit" value="' . _('Delete') . '" />'; echo '</form>'; } echo '</td>'; } echo '</tr>'; } echo '</tbody>'; echo '</table>'; echo '</div>'; } $can_do_action = False; if (count($servers) > 0 && $can_do_action) { echo '<h2>' . _('Install an application from a package name') . '</h2>'; echo '<form action="actions.php" method="post">'; echo '<input type="hidden" name="name" value="Task" />'; echo '<input type="hidden" name="action" value="add" />'; echo '<select name="server">'; foreach ($servers as $server) { echo '<option value="' . $server->id . '">' . $server->getDisplayName() . '</option>'; } echo '</select> '; echo '<input type="text" name="request" value="" /> '; echo '<input type="hidden" name="type" value="install_from_line" />'; echo '<input type="submit" name="submit" value="' . _('Install') . '" />'; echo '</form>'; echo '<h2>' . _('Upgrade the internal system and applications') . '</h2>'; echo '<form action="actions.php" method="post">'; echo '<input type="hidden" name="name" value="Task" />'; echo '<input type="hidden" name="action" value="add" />'; echo '<input type="hidden" name="type" value="upgrade" />'; echo '<input type="hidden" name="request" value="" />'; // hack for the task creation echo '<select name="server">'; foreach ($servers as $server) { echo '<option value="' . $server->id . '">' . $server->getDisplayName() . '</option>'; } echo '</select> '; echo '<input type="submit" name="submit" value="' . _('Upgrade') . '" />'; echo '</form>'; } echo '</div>'; page_footer(); die; }
footer_static(); } } else { // conf not valid if ($setup) { popup_error('Error : ' . $ret); redirect('configuration.php?action=init'); } else { header_static(_('Configuration')); echo '<p class="msg_error centered">' . $ret . '</p>'; print_prefs($prefs); footer_static(); } } } else { $can_manage_configuration = isAuthorized('manageConfiguration'); if (isset($_GET['action']) && $_GET['action'] == 'init') { try { $prefs = new Preferences_admin(); } catch (Exception $e) { } $prefs->initialize(); require_once dirname(__FILE__) . '/includes/page_template.php'; page_header(); // printing of preferences if ($can_manage_configuration) { echo '<form method="post" action="configuration.php">'; echo '<input type="hidden" name="setup" value="setup" />'; } print_prefs5($prefs, 'general', 'sql'); if ($can_manage_configuration) {
<td> </td> </tr> <tr> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><div align="right">Observaciones:</div></td> <td><label> <textarea name="observaciones" cols="50" rows="5" id="observaciones"></textarea> </label></td> <td> </td> </tr> <?php if ($row_empleado['idunidadnegocio'] == $TYE_UNIDADNEGOCIO_DANONE || isAuthorized($FWK_PRIV_CONFIGURACION)) { ?> <tr> <td><div align="right">Refacturar:</div></td> <td><select name="refacturar" id="refacturar"> <option value="0" selected>No refacturar</option> <option value="4">Bonafont Themis</option> <option value="5">Bonafont Training</option> <option value="6">Bonafont IT</option> <option value="7">Bonafont Compensaciones</option> <option value="1">Colombia</option> <option value="2">Guatemala</option> <option value="3">El Salvador</option> </select> </td> <td> </td>
//防止直接登入 if (!$_SESSION['MM_Username'] || !$_SESSION['MM_UserGroup']) { header("Location: " . $MM_redirectLoginFailed1); } //防止管理员进入 function isAuthorized($UserName, $UserGroup) { $isValid = False; if (!empty($UserGroup)) { if ($UserGroup['authority'] == 1) { $isValid = true; } } return $isValid; } if (isAuthorized($_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])) { header("Location: " . $MM_redirectLoginFailed2); } //get data from the database of user's informaiton $id_quest = sprintf("SELECT id,username FROM admin WHERE username='******'MM_Username'] . "' AND password='******'MM_UserGroup']['password'] . "'"); $id_set = mysqli_query($connect, $id_quest) or die(mysql_error()); $id = mysqli_fetch_assoc($id_set); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <!-- saved from url=(0047)http://thechoose.phpnet.us/hushi2014070801.html --> <html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=GBK"> <title>教育交流协会</title> <meta name="keywords" content="个人留学直通车,中日人才交流援助平台,出国,留学,留日,人才交流,援助平台,培训,IPA,对外汉语"> <meta name="MSSmartTagsPreventParsing" content="TRUE"> <meta name="description" content="个人留学直通车,中日人才交流援助平台,出国,留学,留日,人才交流,援助平台,培训,IPA">
$arrGroups = Explode(",", $strGroups); if (in_array($UserName, $arrUsers)) { $isValid = true; } // Or, you may restrict access to only certain users based on their username. if (in_array($UserGroup, $arrGroups)) { $isValid = true; } if ($strUsers == "" && true) { $isValid = true; } } return $isValid; } $MM_restrictGoTo = "../index.php?error=2"; if (!(isset($_SESSION['MM_arica']) && isAuthorized("5,4,2", $MM_authorizedUsers, $_SESSION['MM_arica'], $_SESSION['MM_UserGroup']))) { $MM_qsChar = "?"; $MM_referrer = $_SERVER['PHP_SELF']; if (strpos($MM_restrictGoTo, "?")) { $MM_qsChar = "&"; } if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) { $MM_referrer .= "?" . $QUERY_STRING; } $MM_restrictGoTo = $MM_restrictGoTo . $MM_qsChar . "accesscheck=" . urlencode($MM_referrer); header("Location: " . $MM_restrictGoTo); exit; } ?> <?php
public function isAuthorizedW($user) { // All registered users can add posts if ($this->action === 'add' || $this->action === 'index' || $this->action === 'dashboard_user') { return true; } // The owner of a post can edit and delete it if (in_array($this->action, array('edit', 'delete'))) { $postId = (int) $this->request->params['pass'][0]; if ($this->Wallet->isOwnedBy($postId, $user['id'])) { return true; } } return isAuthorized($user); }
<?php function isAuthorized() { return isset($_SESSION['userId']); } function getUserData($id = null, Mysql $mysql) { $user = ['companyId' => 0, 'companyPrivs' => 0]; if (!$id) { return $user; } $query = $mysql->mq(' SELECT `companyId`, `companyPrivs` FROM `company` WHERE `companyId` = ' . (int) $id . ' LIMIT 1 '); return $mysql->assoc($query); } $userInfo = getUserData(isAuthorized() ? $_SESSION['userId'] : null, $mysql);
<?php $_documentTitle = _KEYWORDS; // Show "Page not found" for a non-administrator user. if (!atLeastModerator()) { include INCLUDES . "p_notfound.php"; return; } if (!isAuthorized('isKeywordsAdmin')) { include INCLUDES . "p_notfound.php"; return; } if ($_cmd[1] == "build") { // rebuild keywords cache include INCLUDES . "mod_keywords_build.php"; redirect(url("keywords", array("updated" => 1))); } ?> <div class="header"> <div class="header_title"> <?php echo _ADMINISTRATION; ?> <div class="subheader"><?php echo _KEYWORDS_SUBTITLE; ?> </div> </div> <?php $active = 2; include INCLUDES . "mod_adminmenu.php";
<?php ini_set("display_errors", 1); error_reporting(E_ALL ^ E_NOTICE); session_start(); require_once "./subs.php"; require_once "./conf.php"; require_once "../subs.php"; require_once "../conf.inc.php"; require_once "../lib/dblayer.php"; $result['msg'] = "Unknown error"; $result['success'] = false; if ($admin_login = isKnownUser($_SESSION['username']) or $admin_login = isAuthorized()) { /* Получаем параметры в виде JSON-объекта и преобразуем в асс.массив * Обязательный параметр - 'action' * */ $action = $_REQUEST['action']; $c['admin_id'] = $admin_login["uid"]; $users = getUsers(); switch ($action) { // Сохраняем пользовательский фильтр case 'saveNewFilter': $global = check_string($_REQUEST['global'], 'digits'); $user_id = $global != 1 ? $admin_login['uid'] : '0'; $name = check_string($_REQUEST['name'], 'text'); $filter = check_string($_REQUEST['filter'], 'json'); if ($filter != '' and $user_id != '' and $name != '' and $global != '') { $query_save = $db->query("INSERT INTO helpdesk_filter (`name`, `user`, `filter`)\r\n VALUES ('{$name}', '{$user_id}', '{$filter}')"); if ($query_save) { $result['success'] = true; $result['msg'] = "Фильтр {$name} успешно сохранён";
$theValue = $theValue != "" ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = $theValue != "" ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } $url = str_replace('/' . $config['project_folder'], '', $_SERVER['PHP_SELF']); mysql_select_db($database_dares_conn, $dares_conn); $query_get_prem_by_self_page = sprintf("SELECT prem_role_ids FROM sys_permission WHERE prem_url = %s", GetSQLValueString($url, "text")); $get_prem_by_self_page = mysql_query($query_get_prem_by_self_page, $dares_conn) or die(mysql_error()); $row_get_prem_by_self_page = mysql_fetch_assoc($get_prem_by_self_page); $totalRows_get_prem_by_self_page = mysql_num_rows($get_prem_by_self_page); $MM_authorizedUsers = $row_get_prem_by_self_page['prem_role_ids']; $MM_donotCheckaccess = "false"; $MM_restrictGoTo = $config['http_base_url'] . "index.php"; if (!(isset($_SESSION['User_name']) && isAuthorized("", $MM_authorizedUsers, $_SESSION['User_name'], $_SESSION['User_roles']))) { $MM_qsChar = "?"; $MM_referrer = $_SERVER['PHP_SELF']; if (strpos($MM_restrictGoTo, "?")) { $MM_qsChar = "&"; } if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0) { $MM_referrer .= "?" . $_SERVER['QUERY_STRING']; } $MM_restrictGoTo = $MM_restrictGoTo . $MM_qsChar . "accesscheck=" . urlencode($MM_referrer); header("Location: " . $MM_restrictGoTo); exit; }
function show_manage($news_id_) { $news = $_SESSION['service']->news_info($news_id_); if (!is_object($news)) { redirect('news.php'); } $can_manage_news = isAuthorized('manageNews'); page_header(); echo '<div id="news_div">'; echo '<h1>' . $news->title . '</h1>'; echo '<div>'; echo '<h2>' . _('Modify') . '</h2>'; echo '<table border="0" cellspacing="1" cellpadding="3">'; if ($can_manage_news) { echo '<form action="news.php" method="post">'; echo '<input type="hidden" name="action" value="rename" />'; echo '<input type="hidden" name="id" value="' . $news->id . '" />'; echo '<tr><td><strong>Title:</strong></td><td><input type="text" name="news_title" value="' . $news->title . '" /></td></tr>'; echo '<tr><td><strong>Content:</strong></td><td><textarea name="news_content" cols="40" rows="4">' . $news->content . '</textarea></td></tr>'; echo '<tr><td colspan="2"><input type="submit" value="' . _('Modify') . '" /></td></tr>'; echo '</form>'; } echo '</table>'; echo '</div>'; echo '</div>'; page_footer(); }
function show_manage($fqdn) { $server = Abstract_Server::load($fqdn); if (!$server || $server->getAttribute('registered') === false) { redirect('servers.php'); } $server_online = $server->isOnline(); if ($server_online) { $buf = $server->getMonitoring(); if ($buf === false) { popup_error(sprintf(_('Cannot get server monitoring for \'%s\''), $server->getAttribute('fqdn'))); } Abstract_Server::save($server); } $buf_status = $server->getAttribute('status'); if ($buf_status == 'down') { $status_error_msg = _('Warning: server is offline'); } elseif ($buf_status == 'broken') { $status_error_msg = _('Warning: server is broken'); } $server_lock = $server->getAttribute('locked'); if ($server_lock) { $switch_button = _('Switch to production'); $switch_value = 0; } else { $switch_button = _('Switch to maintenance'); $switch_value = 1; } ksort($server->roles); $var = array(); foreach ($server->roles as $role => $bool) { $ret = server_display_role_preparation($role, $server); if (!is_bool($ret)) { $var[$role] = $ret; } else { Logger::debug('main', 'server_display_role_preparation failed for server ' . $server->fqdn . ' role ' . $role); } } $can_do_action = isAuthorized('manageServers'); page_header(); echo '<script type="text/javascript" src="media/script/ajax/servers.js" charset="utf-8"></script>'; echo '<div id="servers_div">'; echo '<h1>' . $server->fqdn . '</h1>'; // if ($server_online === false) // echo '<h2><p class="msg_error centered">'.$status_error_msg.'</p></h2>'; echo '<div class="section">'; echo '<h2>' . _('Monitoring') . '</h2>'; echo '<table class="main_sub" border="0" cellspacing="1" cellpadding="3">'; echo '<tr class="title">'; echo '<th>' . _('Type') . '</th><th>' . _('Version') . '</th><th>' . _('Status') . '</th>'; echo '<th>' . _('Details') . '</th>'; if ($server_online) { echo '<th>' . _('Monitoring') . '</th>'; } echo '</tr>'; echo '<tr class="content1">'; echo '<td style="text-align: center;"><img src="media/image/server-' . $server->stringType() . '.png" alt="' . $server->stringType() . '" title="' . $server->stringType() . '" /><br />' . $server->stringType() . '</td>'; echo '<td>' . $server->stringVersion() . '</td>'; echo '<td>' . $server->stringStatus() . '</td>'; echo '<td>' . _('CPU') . '; : ' . $server->getAttribute('cpu_model') . ' (' . $server->getAttribute('cpu_nb_cores') . ' '; echo $server->getAttribute('cpu_nb_cores') > 1 ? _('cores') : _('core'); echo ')<br />' . _('RAM') . ' : ' . round($server->getAttribute('ram_total') / 1024) . ' ' . _('MB') . '</td>'; if ($server_online) { echo '<td>'; echo _('CPU usage') . ': ' . $server->getCpuUsage() . '%<br />'; echo display_loadbar($server->getCpuUsage()); echo _('RAM usage') . ': ' . $server->getRamUsage() . '%<br />'; echo display_loadbar($server->getRamUsage()); foreach ($server->roles as $role => $enabled) { if ($enabled === false) { continue; } switch ($role) { case 'aps': echo _('Sessions usage') . ': ' . $server->getSessionUsage() . '%<br />'; echo display_loadbar($server->getSessionUsage() > 100 ? 100 : $server->getSessionUsage()); break; case 'fs': echo _('Disk usage') . ': ' . $server->getDiskUsage() . '%<br />'; echo display_loadbar($server->getDiskUsage() > 100 ? 100 : $server->getDiskUsage()); break; } } echo '</td>'; } echo '</tr>'; echo '</table>'; echo '</div>'; echo '<div class="section">'; echo '<h2>' . _('Configuration') . '</h2>'; echo '<table>'; echo '<tr><td>'; echo _('Redirection name for this server') . ': '; echo '</td><td>'; if ($can_do_action) { echo '<form action="actions.php" method="post">'; echo '<input type="hidden" name="name" value="Server" />'; echo '<input type="hidden" name="fqdn" value="' . $server->fqdn . '" />'; echo '<input type="hidden" name="action" value="external_name" />'; } echo '<input type="text" name="external_name" value="' . $server->getAttribute('external_name') . '" />'; if ($can_do_action) { echo ' <input type="submit" value="' . _('change') . '" />'; echo '</form>'; } echo "</td></tr>\n"; if ($can_do_action) { if ($server_online || $switch_value == 1) { echo '<tr><td></td><td>'; echo '<form action="actions.php" method="post">'; echo '<input type="hidden" name="name" value="Server" />'; echo '<input type="hidden" name="checked_servers[]" value="' . $server->fqdn . '" />'; echo '<input type="hidden" name="action" value="maintenance" />'; if ($switch_value == 0) { echo '<input type="hidden" name="to_production" value="to_production"/>'; } else { echo '<input type="hidden" name="to_maintenance" value="to_maintenance"/>'; } echo '<input'; if ($switch_value == 0) { echo ' style="background: #05a305; color: #fff; font-weight: bold;"'; } echo ' type="submit" value="' . $switch_button . '"/>'; echo '</form>'; echo '</td></tr>'; } if ($server_lock || !$server_online) { echo '<tr><td></td><td>'; echo '<form action="actions.php" method="get" onsubmit="return confirm(\'' . _('Are you sure you want to delete this server?') . '\');">'; echo '<input type="hidden" name="name" value="Server" />'; echo '<input type="hidden" name="action" value="del" />'; echo '<input type="hidden" name="checked_servers[]" value="' . $server->fqdn . '" />'; echo '<input type="submit" value="' . _('Delete') . '" />'; echo '</form>'; echo '</td></tr>'; } } echo '</table>'; echo '</div>'; foreach ($server->roles as $role => $bool) { if (array_key_exists($role, $var)) { echo '<div>'; // div role echo '<fieldset class="role">'; echo '<legend>' . sprintf(_('Role: %s'), strtoupper($role)) . '</legend>'; echo server_display_role($role, $server, $var[$role]); echo '</fieldset>'; echo '</div>'; } } page_footer(); die; }
<span style="text-align: center; margin-left: auto; margin-right: auto;"> <?php $prefs = Preferences::getInstance(); if (!$prefs) { die_error('get Preferences failed', __FILE__, __LINE__); } $system_in_maintenance = $prefs->get('general', 'system_in_maintenance'); if ($system_in_maintenance == '1') { echo '<span class="msg_error">' . _('The system is on maintenance mode') . '</span><br /><br />'; if (isAuthorized('manageServers')) { echo '<form action="actions.php" method="post" onsubmit="return confirm(\'' . _('Are you sure you want to switch the system to production mode?') . '\');"><input type="hidden" name="name" value="System" /><input type="hidden" name="action" value="change" /><input type="hidden" name="switch_to" value="production" /><input style="background: #05a305; color: #fff; font-weight: bold;" type="submit" value="' . _('Switch the system to production mode') . '" /></form>'; } } else { echo '<span class="msg_ok">' . _('The system is on production mode') . '</span><br /><br />'; if (isAuthorized('manageServers')) { echo '<form action="actions.php" method="post" onsubmit="return confirm(\'' . _('Are you sure you want to switch the system to maintenance mode?') . '\');"><input type="hidden" name="name" value="System" /><input type="hidden" name="action" value="change" /><input type="hidden" name="switch_to" value="maintenance" /><input type="submit" value="' . _('Switch the system to maintenance mode') . '" /></form>'; } } ?> </span> </div> </div> </td> <td style="width: 20px;"> </td> <td style="padding-right: 20px; text-align: left; vertical-align: top;"> <div class="container rounded" style="background: #eee; width: 99%; margin-left: auto; margin-right: auto;"> <div> <h2><?php echo _('Status');
function checkAuthorization($policy_) { if (isAuthorized($policy_)) { return true; } if (array_key_exists('admin_ovd_user', $_SESSION)) { Logger::warning('main', 'User(login='******'admin_ovd_user']->getAttribute('login') . ') is not allowed to perform ' . $policy_ . '.'); } else { Logger::warning('main', 'The user is not logged so he is not allowed to perform ' . $policy_ . '.'); } popup_error(_('You are not allowed to perform this action')); return false; }
function show_manage($sharedfolder_id_) { $sharedfolder = $group = $_SESSION['service']->shared_folder_info($sharedfolder_id_); if (is_null($sharedfolder)) { popup_error(sprintf(_("Failed to import shared folder '%s'"), $sharedfolder_id_)); redirect('sharedfolders.php'); } $server_displayname = $sharedfolder->server; $server = $_SESSION['service']->server_info($sharedfolder->server); if (!is_null($server)) { $server_displayname = $server->getDisplayName(); } $usersgroupsList = new UsersGroupsList($_REQUEST); $all_groups = $usersgroupsList->search(); if (!is_array($all_groups)) { $all_groups = array(); popup_error(_("Failed to get User Group data")); } uasort($all_groups, "usergroup_cmp"); $searchDiv = $usersgroupsList->getForm(); $available_groups = array(); $used_groups = array(); if ($sharedfolder->hasAttribute('groups')) { $used_groups = array(); $mods_by_group = array(); $groups2 = $sharedfolder->getAttribute('groups'); foreach ($groups2 as $mode => $groups3) { foreach ($groups3 as $group_id => $group_name) { $used_groups[$group_id] = $group_name; $mods_by_group[$group_id] = $mode; } } } foreach ($all_groups as $group) { if (array_key_exists($group->id, $used_groups) === false) { $available_groups[$group->id] = $group; } } $can_manage_sharedfolders = isAuthorized('manageSharedFolders'); page_header(); echo '<div id="sharedfolders_div">'; echo '<h1>' . $sharedfolder->name . '</h1>'; echo '<div>'; echo '<h2>' . _('Server') . '</h2>'; echo '<a href="servers.php?action=manage&id=' . $sharedfolder->server . '"> ' . $server_displayname . '</a>'; echo '</div>'; echo '<br />'; echo '<div>'; echo '<h2>' . _('Configuration') . '</h2>'; echo '<table>'; echo '<tr><td>'; echo _('Name') . ': '; echo '</td><td>'; if ($can_manage_sharedfolders) { echo '<form action="actions.php" method="post">'; echo '<input type="hidden" name="name" value="SharedFolder" />'; echo '<input type="hidden" name="action" value="rename" />'; echo '<input type="hidden" name="id" value="' . $sharedfolder->id . '" />'; } echo '<input type="text" name="sharedfolder_name" value="' . $sharedfolder->name . '" />'; if ($can_manage_sharedfolders) { echo ' <input type="submit" value="' . _('Rename') . '" />'; echo '</form>'; } echo '</td></tr>'; echo '</table>'; echo '</div>'; echo '<br />'; echo '<div>'; echo '<h2>' . _('Publications') . '</h2>'; echo '<table border="0" cellspacing="1" cellpadding="3">'; foreach ($used_groups as $group_id => $group_name) { echo '<tr>'; echo '<td><a href="usersgroup.php?action=manage&id=' . $group_id . '">' . $group_name . '</a></td>'; echo '<td>' . $mods_by_group[$group_id] . '</td>'; if ($can_manage_sharedfolders) { echo '<td><form action="actions.php" method="post" onsubmit="return confirm(\'' . _('Are you sure you want to delete this shared folder access?') . '\');">'; echo '<input type="hidden" name="name" value="SharedFolder_ACL" />'; echo '<input type="hidden" name="action" value="del" />'; echo '<input type="hidden" name="sharedfolder_id" value="' . $sharedfolder->id . '" />'; echo '<input type="hidden" name="usergroup_id" value="' . $group_id . '" />'; echo '<input type="submit" value="' . _('Delete access to this shared folder') . '" />'; echo '</form></td>'; } echo '</tr>'; } if (count($available_groups) > 0 and $can_manage_sharedfolders) { echo '<tr><form action="actions.php" method="post"><td>'; echo '<input type="hidden" name="name" value="SharedFolder_ACL" />'; echo '<input type="hidden" name="action" value="add" />'; echo '<input type="hidden" name="sharedfolder_id" value="' . $sharedfolder->id . '" />'; echo '<select name="usergroup_id">'; foreach ($available_groups as $group) { echo '<option value="' . $group->id . '" >' . $group->name . '</option>'; } echo '</select>'; echo '</td><td>'; echo '<select name="mode">'; echo '<option value="rw" >' . _('Read-write') . '</option>'; echo '<option value="ro" >' . _('Read only') . '</option>'; echo '</select>'; echo '</td><td><input type="submit" value="' . _('Add access to this shared folder') . '" /></td>'; echo '</form></tr>'; } echo '</table>'; echo $searchDiv; echo '</div>'; echo '</div>'; page_footer(); }
public function isAuthorizedC($user) { // All registered users can add posts if ($this->action === 'add') { return false; } // The owner of a post can edit and delete it if (in_array($this->action, array('edit', 'delete'))) { $postId = (int) $this->request->params['pass'][0]; if ($this->Category->isOwnedBy($postId, $user['id'])) { return false; } } return isAuthorized($user); }
function show_manage($id) { $app = $_SESSION['service']->application_info($id); $application_type = $app->getAttribute('type'); if (!is_object($app)) { return false; } $is_rw = applicationdb_is_writable(); $can_manage_applications = isAuthorized('manageApplications'); // App groups $appgroups = $_SESSION['service']->applications_groups_list(); $groups_id = array(); if ($app->hasAttribute('groups')) { $groups_id = $app->getAttribute('groups'); } $groups = array(); $groups_available = array(); foreach ($appgroups as $group) { if (array_key_exists($group->id, $groups_id)) { $groups[] = $group; } else { $groups_available[] = $group; } } $servers_all = $_SESSION['service']->servers_list('online'); $servers = array(); foreach ($servers_all as $server) { if (array_key_exists('webapps', $server->roles) && $server->roles['webapps']) { $servers[] = $server; } } $can_manage_server = isAuthorized('manageServers'); page_header(); echo '<div>'; echo '<h1><img class="icon32" src="media/image/cache.php?id=' . $app->getAttribute('id') . '" alt="" title="" /> ' . $app->getAttribute('name') . '</h1>'; echo '<table class="main_sub" border="0" cellspacing="1" cellpadding="3">'; echo '<tr class="title">'; echo '<th>' . _('Type') . '</th>'; echo '<th>' . _('Description') . '</th>'; if ($is_rw and $can_manage_applications) { echo '<th></th>'; } echo '</tr>'; echo '<tr class="content1">'; // echo '<td>'.$app->getAttribute('package').'</td>'; echo '<td style="text-align: center;"><img src="media/image/server-' . $app->getAttribute('type') . '.png" alt="' . $app->getAttribute('type') . '" title="' . $app->getAttribute('type') . '" /><br />' . $app->getAttribute('type') . '</td>'; echo '<td>' . $app->getAttribute('description') . '</td>'; if ($is_rw and $can_manage_applications) { echo '<td>'; echo '<form action="actions.php" method="post" onsubmit="return confirm(\'' . _('Are you sure you want to delete this application?') . '\');">'; echo '<input type="hidden" name="name" value="Application_webapp" />'; echo '<input type="hidden" name="action" value="del" />'; echo '<input type="hidden" name="checked_applications[]" value="' . $app->getAttribute('id') . '" />'; echo '<input type="submit" value="' . _('Delete') . '" />'; echo '</form>'; echo '</td>'; } echo '</tr>'; echo '</table>'; if ($is_rw and $can_manage_applications) { $app_info = $_SESSION['service']->application_webapp_info($id); echo '<br />'; echo '<form action="actions.php" method="post"">'; echo '<input type="hidden" name="name" value="Application_webapp" />'; echo '<input type="hidden" name="action" value="clone" />'; echo '<input type="hidden" name="id" value="' . $app->getAttribute('id') . '" />'; echo '<input type="submit" value="' . _('Clone to new application') . '"/>'; echo '</form>'; echo '<br />'; echo '<h2>' . _('Description') . '</h2>'; echo '<div id="application_modify">'; echo '<form id="delete_icon" action="actions.php" method="post" style="display: none;">'; echo '<input type="hidden" name="name" value="Application_webapp" />'; echo '<input type="hidden" name="action" value="del_icon" />'; echo '<input type="hidden" name="checked_applications[]" value="' . $app->getAttribute('id') . '" />'; echo '</form>'; echo '<form action="actions.php" method="post" enctype="multipart/form-data" >'; // form A echo '<input type="hidden" name="name" value="Application_webapp" />'; echo '<input type="hidden" name="action" value="modify" />'; echo '<input type="hidden" name="published" value="1" />'; echo '<input type="hidden" name="static" value="1" />'; echo '<input type="hidden" name="id" value="' . $app->getAttribute('id') . '" />'; echo '<table border="1"><tr><td>'; echo '<table class="main_sub" border="0" cellspacing="1" cellpadding="5">'; $count = 1; $app->setAttribute('application_name', $app->getAttribute('name')); // ugly hack $app->setAttribute('url_prefix', $app_info['url_prefix']); $attr_list = array('application_name' => _('Name'), 'description' => 'Description', 'url_prefix' => _('URL prefix')); foreach ($attr_list as $attr_name => $display_name) { $content = 'content' . ($count++ % 2 == 0 ? 1 : 2); echo '<tr class="' . $content . '">'; echo '<td style="text-transform: capitalize;">'; echo $display_name; $attr_value = $app->getAttribute($attr_name); echo '</td>'; echo '<td>'; echo '<input type="text" name="' . $attr_name . '" value="' . htmlspecialchars($attr_value) . '" style="with:100%;"/>'; echo '<input type="hidden" name="attributes_send[]" value="' . $attr_name . '" />'; echo '</td>'; echo '</tr>'; } $content = 'content' . ($count++ % 2 == 0 ? 1 : 2); echo '<tr class="' . $content . '">'; echo '<td>' . _('Icon') . '</td>'; echo '<td>'; echo '<img class="icon32" src="media/image/cache.php?id=' . $app->getAttribute('id') . '" alt="" title="" /> '; echo '<input type="button" value="' . _('Delete this icon') . '" onclick="return confirm(\'' . _('Are you sure you want to delete this icon?') . '\') && $(\'delete_icon\').submit();"/>'; echo '<br />'; echo '<input type="file" name="file_icon" /> '; echo '</td>'; echo '</tr>'; $content = 'content' . ($count++ % 2 == 0 ? 1 : 2); echo '<tr class="' . $content . '">'; echo '<td>' . _('Configuration') . '</td>'; echo '<td>'; echo '<textarea name="app_conf_raw" style="width:100%;height:12em">' . $app_info['raw_configuration'] . '</textarea>'; echo '<br />'; echo '<a href="actions.php?name=Application_webapp&action=download&id=' . $app->getAttribute('id') . '">' . _('Download') . '</a>'; echo '</td>'; echo '</tr>'; $content = 'content' . ($count++ % 2 == 0 ? 1 : 2); echo '<tr class="' . $content . '">'; echo '<td colspan="2">'; echo '<input type="submit" value="' . _('Modify') . '" />'; echo '</td>'; echo '</tr>'; echo '</table>'; echo '</form>'; // form A echo "</td>"; echo "<td>"; echo '<table class="main_sub" border="0" cellspacing="1" cellpadding="3">'; echo '<form action="actions.php" method="post">'; echo '<input type="hidden" name="name" value="Application_webapp" />'; echo '<input type="hidden" name="action" value="modify" />'; echo '<input type="hidden" name="published" value="1" />'; echo '<input type="hidden" name="static" value="1" />'; echo '<input type="hidden" name="task" value="webapp_configuration" />'; echo '<input type="hidden" name="id" value="' . $id . '" />'; display_webapp_configuration($id); echo '</form>'; echo '</table>'; echo "</td></tr>"; echo "</table>"; echo '</div>'; // application_modify } if (count($servers) > 0) { echo '<div>'; echo '<h2>' . _('Servers') . '</h2>'; echo '<table border="0" cellspacing="1" cellpadding="3">'; foreach ($servers as $server) { echo '<tr><td>'; echo '<a href="servers.php?action=manage&id=' . $server->id . '">' . $server->getDisplayName() . '</a>'; echo '</td></tr>'; } echo '</table>'; echo "<div>\n"; } if (count($appgroups) > 0) { echo '<div>'; echo '<h2>' . _('Groups with this application') . '</h2>'; echo '<table border="0" cellspacing="1" cellpadding="3">'; foreach ($groups as $group) { echo '<tr>'; echo '<td>'; echo '<a href="appsgroup.php?action=manage&id=' . $group->id . '">' . $group->name . '</a>'; echo '</td>'; echo '<td><form action="actions.php" method="post" onsubmit="return confirm(\'' . _('Are you sure you want to delete this application from this group?') . '\');">'; echo '<input type="hidden" name="name" value="Application_ApplicationGroup" />'; echo '<input type="hidden" name="action" value="del" />'; echo '<input type="hidden" name="element" value="' . $id . '" />'; echo '<input type="hidden" name="group" value="' . $group->id . '" />'; echo '<input type="submit" value="' . _('Delete from this group') . '" />'; echo '</form></td>'; echo '</tr>'; } if (count($groups_available) > 0) { echo '<tr>'; echo '<form action="actions.php" method="post"><td>'; echo '<input type="hidden" name="name" value="Application_ApplicationGroup" />'; echo '<input type="hidden" name="action" value="add" />'; echo '<input type="hidden" name="element" value="' . $id . '" />'; echo '<select name="group">'; foreach ($groups_available as $group) { echo '<option value="' . $group->id . '">' . $group->name . '</option>'; } echo '</select>'; echo '</td><td><input type="submit" value="' . _('Add to this group') . '" /></td>'; echo '</form>'; echo '</tr>'; } echo '</table>'; echo "<div>\n"; } echo '</div>'; echo '</div>'; echo '</div>'; echo '</div>'; echo '</div>'; echo '</div>'; page_footer(); die; }
<?php session_start(); require_once __DIR__ . '/libs.php'; if (isAuthorized() === true) { header('LOCATION: ./index.php'); } if (isset($_POST['go'])) { if (isset($_POST['login']) && isset($_POST['pass'])) { require_once __DIR__ . '/db-conf.php'; $link = connect(); $login = mysqli_real_escape_string($link, $_POST['login']); $pass = mysqli_real_escape_string($link, $_POST['pass']); $pass = md5($pass . md5('solt')); $sql = "SELECT id, user, pass FROM users WHERE user='******'"; $wasInBase = ($res = mysqli_query($link, $sql)) ? mysqli_fetch_assoc($res) : false; if ($wasInBase == false) { $user_id = createUser($link, $login, $pass); login($link, $user_id); } elseif (isset($wasInBase['pass']) && $wasInBase['pass'] == $pass) { login($link, $wasInBase['id']); } else { $message = 'Неправильный пароль или пользователь с таким логином уже существует.'; } } } ?> <!doctype html> <html lang="en"> <head> <meta charset="UTF-8">
function show_default() { $applicationsGroupDB = ApplicationsGroupDB::getInstance(); $publications = array(); $groups_apps = $applicationsGroupDB->getList(true); if (is_null($groups_apps)) { $groups_apps = array(); } foreach ($groups_apps as $i => $group_apps) { if (!$group_apps->published) { unset($groups_apps[$i]); } } $usergroupdb = UserGroupDB::getInstance(); $groups_users = $usergroupdb->getList(true); foreach ($groups_users as $i => $group_users) { if (!$group_users->published) { unset($groups_users[$i]); } } // Starts from the applications groups instead of users groups because // it's possible to not be able to have the complete users groups list (LDAP) foreach ($groups_apps as $group_apps) { foreach ($group_apps->userGroups() as $group_users) { if (!$group_users->published) { continue; } $publications[] = array('user' => $group_users, 'app' => $group_apps); } } $has_publish = count($publications); $can_add_publish = true; if (count($groups_users) == 0) { $can_add_publish = false; } elseif (count($groups_apps) == 0) { $can_add_publish = false; } elseif (count($groups_users) * count($groups_apps) <= count($publications)) { $can_add_publish = false; } $count = 0; $can_manage_publications = isAuthorized('managePublications'); page_header(array('js_files' => array('media/script/publication.js'))); echo '<div>'; echo '<h1>' . _('Publications') . '</h1>'; echo '<table class="main_sub sortable" id="publications_list_table" border="0" cellspacing="1" cellpadding="5">'; echo '<thead>'; echo '<tr class="title">'; echo '<th>' . _('Users group') . '</th>'; echo '<th>' . _('Applications group') . '</th>'; echo '</tr>'; echo '</thead>'; echo '<tbody>'; if (!$has_publish) { $content = 'content' . ($count++ % 2 == 0 ? 1 : 2); echo '<tr class="' . $content . '"><td colspan="3">' . _('No publication') . '</td></tr>'; } else { foreach ($publications as $publication) { $content = 'content' . ($count++ % 2 == 0 ? 1 : 2); $group_u = $publication['user']; $group_a = $publication['app']; echo '<tr class="' . $content . '">'; echo '<td><a href="usersgroup.php?action=manage&id=' . $group_u->getUniqueID() . '">' . $group_u->name . '</a></td>'; echo '<td><a href="appsgroup.php?action=manage&id=' . $group_a->id . '">' . $group_a->name . '</a></td>'; if ($can_manage_publications) { echo '<td><form action="actions.php" method="post" onsubmit="return confirm(\'' . _('Are you sure you want to delete this publication?') . '\');"><div>'; echo '<input type="hidden" name="action" value="del" />'; echo '<input type="hidden" name="name" value="Publication" />'; echo '<input type="hidden" name="group_a" value="' . $group_a->id . '" />'; echo '<input type="hidden" name="group_u" value="' . $group_u->getUniqueID() . '" />'; echo '<input type="submit" value="' . _('Delete') . '"/>'; echo '</div></form></td>'; } echo '</tr>'; } } echo '</tbody>'; $nb_groups_apps = count($groups_apps); $nb_groups_users = count($groups_users); if ($can_add_publish and $can_manage_publications) { $content = 'content' . ($count++ % 2 == 0 ? 1 : 2); echo '<tfoot>'; echo '<tr class="' . $content . '">'; echo '<td>'; echo '<select id="select_group_u" name="group_u" onchange="ovdsm_publication_hook_select(this)" style="width: 100%;">'; echo '<option value="">*</option>'; foreach ($groups_users as $group_users) { if (count($group_users->appsGroups()) < $nb_groups_apps) { echo '<option value="' . $group_users->getUniqueID() . '" >' . $group_users->name . '</option>'; } } echo '</select>'; echo '</td>'; echo '<td>'; echo '<select id="select_group_a" name="group_a" onchange="ovdsm_publication_hook_select(this)" style="width: 100%;">'; echo '<option value="" >*</option>'; foreach ($groups_apps as $group_apps) { if (count($group_apps->userGroups()) < $nb_groups_users) { echo '<option value="' . $group_apps->id . '" >' . $group_apps->name . '</option>'; } } echo '</select>'; echo '</td><td>'; echo '<form action="actions.php" method="post" ><div>'; echo '<input type="hidden" name="action" value="add" />'; echo '<input type="hidden" name="name" value="Publication" />'; echo '<input type="hidden" name="group_u" value="" id="input_group_u" />'; echo '<input type="hidden" name="group_a" value="" id="input_group_a" />'; echo '<input type="button" value="' . _('Add') . '" onclick="if($(\'input_group_u\').value == \'\') {alert(\'' . addslashes(_('Please select an users group')) . '\'); return;} if($(\'input_group_a\').value == \'\') {alert(\'' . addslashes(_('Please select an applications group')) . '\'); return;} this.form.submit();" />'; echo '</div></form>'; echo '</td>'; echo '</tr>'; echo '</tfoot>'; } echo '</table>'; echo '<br /><br /><br />'; echo '</div>'; echo '</div>'; page_footer(); }
function show_manage($id, $applicationDB) { global $types; $applicationsGroupDB = ApplicationsGroupDB::getInstance(); $app = $applicationDB->import($id); if (!is_object($app)) { return false; } $is_rw = $applicationDB->isWriteable(); $can_manage_applications = isAuthorized('manageApplications'); // App groups $appgroups = $applicationsGroupDB->getList(); $groups_id = array(); $liaisons = Abstract_Liaison::load('AppsGroup', $app->getAttribute('id'), NULL); foreach ($liaisons as $liaison) { $groups_id[] = $liaison->group; } $groups = array(); $groups_available = array(); foreach ($appgroups as $group) { if (in_array($group->id, $groups_id)) { $groups[] = $group; } else { $groups_available[] = $group; } } $servers_all = Abstract_Server::load_available_by_role(Server::SERVER_ROLE_APS, true); $liaisons = Abstract_Liaison::load('ApplicationServer', $app->getAttribute('id'), NULL); $servers_id = array(); foreach ($liaisons as $liaison) { $servers_id[] = $liaison->group; } $servers = array(); $servers_available = array(); foreach ($servers_all as $server) { if (in_array($server->fqdn, $servers_id)) { $servers[] = $server; } elseif (!$server->isOnline()) { continue; } elseif ($server->type != $app->getAttribute('type')) { continue; } else { $servers_available[] = $server; } } $mimes = $applicationDB->getAllMimeTypes(); $mimeliste1 = $app->getMimeTypes(); $mimeliste2 = array(); foreach ($mimes as $mime) { if (!in_array($mime, $mimeliste1)) { $mimeliste2[] = $mime; } } $can_manage_server = isAuthorized('manageServers'); page_header(); echo '<div>'; echo '<h1><img src="media/image/cache.php?id=' . $app->getAttribute('id') . '" alt="" title="" /> ' . $app->getAttribute('name') . '</h1>'; echo '<table class="main_sub" border="0" cellspacing="1" cellpadding="3">'; echo '<tr class="title">'; // echo '<th>'._('Package').'</th>'; echo '<th>' . _('Type') . '</th>'; echo '<th>' . _('Description') . '</th>'; echo '<th>' . _('Command') . '</th>'; if ($is_rw and $can_manage_applications) { echo '<th></th>'; } echo '</tr>'; echo '<tr class="content1">'; // echo '<td>'.$app->getAttribute('package').'</td>'; echo '<td style="text-align: center;"><img src="media/image/server-' . $app->getAttribute('type') . '.png" alt="' . $app->getAttribute('type') . '" title="' . $app->getAttribute('type') . '" /><br />' . $app->getAttribute('type') . '</td>'; echo '<td>' . $app->getAttribute('description') . '</td>'; echo '<td>'; echo $app->getAttribute('executable_path'); echo '</td>'; if ($is_rw and $can_manage_applications) { echo '<td>'; echo '<form action="actions.php" method="post" onsubmit="return confirm(\'' . _('Are you sure you want to delete this application?') . '\');">'; echo '<input type="hidden" name="name" value="Application_static" />'; echo '<input type="hidden" name="action" value="del" />'; echo '<input type="hidden" name="checked_applications[]" value="' . $app->getAttribute('id') . '" />'; echo '<input type="submit" value="' . _('Delete') . '" />'; echo '</form>'; echo '</td>'; } echo '</tr>'; echo '</table>'; if ($is_rw and $can_manage_applications) { echo '<br />'; echo '<form action="actions.php" method="post"">'; echo '<input type="hidden" name="name" value="Application" />'; echo '<input type="hidden" name="action" value="clone" />'; echo '<input type="hidden" name="id" value="' . $app->getAttribute('id') . '" />'; echo '<input type="submit" value="' . _('Clone to new application') . '"/>'; echo '</form>'; echo '<br />'; echo '<h2>' . _('Modify') . '</h2>'; echo '<div id="application_modify">'; echo '<form id="delete_icon" action="actions.php" method="post" style="display: none;">'; echo '<input type="hidden" name="name" value="Application_static" />'; echo '<input type="hidden" name="action" value="del_icon" />'; echo '<input type="hidden" name="checked_applications[]" value="' . $app->getAttribute('id') . '" />'; echo '</form>'; echo '<form action="actions.php" method="post" enctype="multipart/form-data" >'; // form A echo '<input type="hidden" name="name" value="Application_static" />'; echo '<input type="hidden" name="action" value="modify" />'; echo '<input type="hidden" name="published" value="1" />'; echo '<input type="hidden" name="static" value="1" />'; echo '<input type="hidden" name="id" value="' . $app->getAttribute('id') . '" />'; echo '<table class="main_sub" border="0" cellspacing="1" cellpadding="5">'; $count = 1; $app->setAttribute('application_name', $app->getAttribute('name')); // ugly hack $app->unsetAttribute('name'); $attr_list = $app->getAttributesList(); foreach ($attr_list as $k => $v) { if (in_array($v, array('id', 'type', 'static', 'published', 'desktopfile', 'package', 'revision'))) { unset($attr_list[$k]); } } asort($attr_list); foreach ($attr_list as $attr_name) { $content = 'content' . ($count++ % 2 == 0 ? 1 : 2); echo '<tr class="' . $content . '">'; echo '<td style="text-transform: capitalize;">'; if ($attr_name == 'executable_path') { echo _('Command'); } else { if ($attr_name == 'application_name') { echo _('Name'); } else { echo _($attr_name); } } echo '</td>'; echo '<td>'; echo '<input type="text" name="' . $attr_name . '" value="' . htmlspecialchars($app->getAttribute($attr_name)) . '" style="with:100%;"/>'; echo '<input type="hidden" name="attributes_send[]" value="' . $attr_name . '" />'; echo '</td>'; echo '</tr>'; } if (get_classes_startwith('Imagick') != array()) { $content = 'content' . ($count++ % 2 == 0 ? 1 : 2); echo '<tr class="' . $content . '">'; echo '<td>' . _('Icon') . '</td>'; echo '<td>'; if ($app->getIconPath() != $app->getDefaultIconPath() && file_exists($app->getIconPath())) { echo '<img src="media/image/cache.php?id=' . $app->getAttribute('id') . '" alt="" title="" /> '; echo '<input type="button" value="' . _('Delete this icon') . '" onclick="return confirm(\'' . _('Are you sure you want to delete this icon?') . '\') && $(\'delete_icon\').submit();"/>'; echo '<br />'; } echo '<input type="file" name="file_icon" /> '; echo '</td>'; echo '</tr>'; } else { Logger::info('main', 'No Imagick support found'); } $content = 'content' . ($count++ % 2 == 0 ? 1 : 2); echo '<tr class="' . $content . '">'; echo '<td colspan="2">'; echo '<input type="submit" value="' . _('Modify') . '" />'; echo '</td>'; echo '</tr>'; echo '</table>'; echo '</form>'; // form A echo '</div>'; // application_modify } if (count($servers) + count($servers_available) > 0) { echo '<div>'; echo '<h2>' . _('Servers with this application') . '</h2>'; echo '<table border="0" cellspacing="1" cellpadding="3">'; foreach ($servers as $server) { echo '<tr><td>'; echo '<a href="servers.php?action=manage&fqdn=' . $server->fqdn . '">' . $server->fqdn . '</a>'; echo '</td>'; echo '<td>'; if ($server->isOnline() and $can_manage_server) { echo '<form action="actions.php" method="post" onsubmit="return confirm(\'' . _('Are you sure you want to remove this application from this server?') . '\');">'; echo '<input type="hidden" name="action" value="del" />'; echo '<input type="hidden" name="name" value="Application_Server" />'; echo '<input type="hidden" name="application" value="' . $id . '" />'; echo '<input type="hidden" name="server" value="' . $server->fqdn . '" />'; echo '<input type="submit" value="' . _('Remove from this server') . '"/>'; echo '</form>'; } echo '</td>'; echo '</tr>'; } if (count($servers_available) > 0 and $can_manage_server) { echo '<tr>'; echo '<form action="actions.php" method="post"><td>'; echo '<input type="hidden" name="name" value="Application_Server" />'; echo '<input type="hidden" name="action" value="add" />'; echo '<input type="hidden" name="application" value="' . $id . '" />'; echo '<select name="server">'; foreach ($servers_available as $server) { echo '<option value="' . $server->fqdn . '">' . $server->fqdn . '</option>'; } echo '</select>'; echo '</td><td><input type="submit" value="' . _('Add to this server') . '" /></td>'; echo '</form>'; echo '</tr>'; } echo '</table>'; echo "<div>\n"; } if (count($appgroups) > 0) { echo '<div>'; echo '<h2>' . _('Groups with this application') . '</h2>'; echo '<table border="0" cellspacing="1" cellpadding="3">'; foreach ($groups as $group) { echo '<tr>'; echo '<td>'; echo '<a href="appsgroup.php?action=manage&id=' . $group->id . '">' . $group->name . '</a>'; echo '</td>'; echo '<td><form action="actions.php" method="post" onsubmit="return confirm(\'' . _('Are you sure you want to delete this application from this group?') . '\');">'; echo '<input type="hidden" name="name" value="Application_ApplicationGroup" />'; echo '<input type="hidden" name="action" value="del" />'; echo '<input type="hidden" name="element" value="' . $id . '" />'; echo '<input type="hidden" name="group" value="' . $group->id . '" />'; echo '<input type="submit" value="' . _('Delete from this group') . '" />'; echo '</form></td>'; echo '</tr>'; } if (count($groups_available) > 0) { echo '<tr>'; echo '<form action="actions.php" method="post"><td>'; echo '<input type="hidden" name="name" value="Application_ApplicationGroup" />'; echo '<input type="hidden" name="action" value="add" />'; echo '<input type="hidden" name="element" value="' . $id . '" />'; echo '<select name="group">'; foreach ($groups_available as $group) { echo '<option value="' . $group->id . '">' . $group->name . '</option>'; } echo '</select>'; echo '</td><td><input type="submit" value="' . _('Add to this group') . '" /></td>'; echo '</form>'; echo '</tr>'; } echo '</table>'; echo "<div>\n"; } // Mime-Type part echo '<div>'; echo '<h2>' . _('Mime-Types') . '</h2>'; echo '<div>'; echo '<table border="0" cellspacing="1" cellpadding="3">'; foreach ($mimeliste1 as $mime) { echo '<tr><td>'; echo '<a href="mimetypes.php?action=manage&id=' . urlencode($mime) . '">' . $mime . '</a>'; echo '</td>'; echo '<td>'; echo '<form action="actions.php" method="post">'; echo '<input type="hidden" name="name" value="Application_MimeType" />'; echo '<input type="hidden" name="action" value="del" />'; echo '<input type="hidden" name="id" value="' . $app->getAttribute('id') . '" />'; echo '<input type="hidden" name="mime" value="' . $mime . '" />'; echo '<input type="submit" value="' . _('Del') . '"/>'; echo '</form>'; echo '</td>'; echo '</tr>'; } if (is_array($mimeliste2) && count($mimeliste2) > 0) { echo '<tr>'; echo '<form action="actions.php" method="post">'; echo '<input type="hidden" name="name" value="Application_MimeType" />'; echo '<input type="hidden" name="action" value="add" />'; echo '<input type="hidden" name="id" value="' . $app->getAttribute('id') . '" />'; echo '<td>'; echo '<select name="mime">'; foreach ($mimeliste2 as $mime) { echo '<option>' . $mime . '</option>'; } echo '</select>'; echo '</td>'; echo '<td>'; echo '<input type="submit" value="' . _('Add') . '"/>'; echo '</td>'; echo '</form>'; echo '</tr>'; } echo '<tr>'; echo '<form action="actions.php" method="post">'; echo '<input type="hidden" name="name" value="Application_MimeType" />'; echo '<input type="hidden" name="action" value="add" />'; echo '<input type="hidden" name="id" value="' . $app->getAttribute('id') . '" />'; echo '<td>' . _('Custom Mime-Type: ') . '<input type="text" name="mime" /></td>'; echo '<td>'; echo '<input type="submit" value="' . _('Add') . '"/>'; echo '</td>'; echo '</form>'; echo '</tr>'; echo '</table>'; echo '</div>'; echo '</div>'; // mime div echo '</div>'; echo '</div>'; echo '</div>'; echo '</div>'; echo '</div>'; echo '</div>'; page_footer(); die; }
$arrGroups = Explode(",", $strGroups); if (in_array($UserName, $arrUsers)) { $isValid = true; } // Or, you may restrict access to only certain users based on their username. if (in_array($UserGroup, $arrGroups)) { $isValid = true; } if ($strUsers == "" && true) { $isValid = true; } } return $isValid; } $MM_restrictGoTo = "../users/login.php"; if (!(isset($_SESSION['MM_Username']) && isAuthorized("", $MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup']))) { $MM_qsChar = "?"; $MM_referrer = $_SERVER['PHP_SELF']; if (strpos($MM_restrictGoTo, "?")) { $MM_qsChar = "&"; } if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) { $MM_referrer .= "?" . $QUERY_STRING; } $MM_restrictGoTo = $MM_restrictGoTo . $MM_qsChar . "accesscheck=" . urlencode($MM_referrer); header("Location: " . $MM_restrictGoTo); exit; } if ($_POST['list']) { if (trim($_POST['list']) != "") { $query = "insert into procentris_list(list, pid, level, list_type, user_id) values('" . addslashes(stripslashes($_POST['list'])) . "', '" . $_POST['pid'] . "', '" . $_POST['level'] . "', '" . $_POST['list_type'] . "', '" . $_POST['user_id'] . "')";
<?php session_start(); // *** Restrict Access To Page: Grant or deny access to this page function isAuthorized($access) { // For security, start by assuming the visitor is NOT authorized. $isValid = False; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. // Therefore, we know that a user is NOT logged in if that Session variable is blank. if (!empty($access)) { $isValid = True; } return $isValid; } if (!isset($_SESSION['username']) && !isAuthorized($_SESSION['access'])) { header("Location: " . $ROOT . "pages/login/login.php"); } // ** Logout the current user. ** //Link for logout $logoutAction = $_SERVER['PHP_SELF'] . "?doLogout=true"; if (isset($_GET['doLogout']) && $_GET['doLogout'] == "true") { //to fully log out a visitor we need to clear the session varialbles $_SESSION['username'] = NULL; $_SESSION['name'] = NULL; $_SESSION['access'] = NULL; unset($_SESSION['username']); unset($_SESSION['name']); unset($_SESSION['access']); //logout redirect header("Location: " . $ROOT . "pages/login/login.php");