public function renderSidebar()
{
global $event, $signups, $db;
if (!Session::hasPriv('FORCE_SIGNUPS')) {
return;
}
if (!isset($event) || empty($signups)) {
return;
}
$sql = 'SELECT u.id, u.username FROM plugin_regulars r INNER JOIN users u ON r.user = u.id WHERE r.user NOT IN (SELECT s.user FROM signups s WHERE s.event = :eventId) ';
$stmt = $db->prepare($sql);
$stmt->bindValue(':eventId', $event['id']);
$stmt->execute();
$regularUsers = $stmt->fetchAll();
startBox();
if (count($regularUsers) > 0) {
echo '<p>The following regulars are not signed up:</p> ';
echo '<ul>';
foreach ($regularUsers as $user) {
echo '<li><a href = "profile.php?id=' . $user['id'] . '">' . $user['username'] . '</a> (<span class = "dummyLink" onclick = "document.getElementById(\'username\').value = \'' . $user['username'] . '\'" >force</span>)</li>';
}
echo '</ul>';
} else {
echo 'All the regulars are signed up to this event!';
}
echo '<p><a href = "plugins.php">Plugin admin</a></p>';
stopBox('Regulars');
}
public function fetchImages()
{
if (!file_exists($this->fullPath)) {
throw new Exception('Gallery path does not exist: ' . $this->fullPath);
}
$sql = 'SELECT i.id, i.filename, i.published FROM images i WHERE i.gallery = :gallery';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':gallery', $this->id);
$stmt->execute();
$databaseImages = assignKeys($stmt->fetchAll(), 'filename');
$privViewUnpublished = Session::hasPriv('GALLERY_VIEW_UNPUBLISHED');
$images = array();
foreach (scandir($this->fullPath) as $filename) {
if (strpos($filename, '.') == 0) {
continue;
}
$potentialImage = array('filename' => $filename, 'published' => true);
$dbEntry =& $databaseImages[$filename];
$dbEntry = is_array($dbEntry) ? $dbEntry : array();
$imageMerged = array_merge($potentialImage, $dbEntry);
if ($imageMerged['published'] || !$imageMerged['published'] && $privViewUnpublished) {
$images[] = $imageMerged;
}
}
return $images;
}
private function shouldNotDisplay()
{
if (Session::hasPriv('ADMIN')) {
$excludesPages = explode("\n", getSiteSetting('plugin.teamspeak3.ignorePages.admin'));
} else {
$excludesPages = explode("\n", getSiteSetting('plugin.teamspeak3.ignorePages'));
}
return in_array(basename($_SERVER['PHP_SELF']), $excludesPages);
}
public static function getAll()
{
global $db;
if (Session::hasPriv('SUPERUSER')) {
$sql = 'SELECT g.id, g.title, g.coverImage, g.folderName, e.date, g.status FROM galleries g LEFT JOIN events e ON e.gallery = g.id ORDER BY e.date DESC, g.title ASC, g.ordinal ASC';
} else {
$sql = 'SELECT g.id, g.title, g.coverImage, g.folderName, e.date, g.status FROM galleries g LEFT JOIN events e ON e.gallery = g.id WHERE g.status = "Open" ORDER BY e.date DESC, g.title ASC, g.ordinal ASC';
}
$result = $db->query($sql);
$galleries = array();
foreach ($result->fetchAll() as $itemGallery) {
$galleries[] = ItemGallery::fromArray($itemGallery);
}
return $galleries;
}
public function fetch()
{
global $db;
$sql = 'SELECT es.id, es.message, es.start, es.duration, es.icon FROM event_schedule es WHERE es.event = :event ORDER BY start';
$stmt = $db->prepare($sql);
$stmt->bindValue(':event', $this->eventId, Database::PARAM_INT);
$stmt->execute();
$ret = array();
foreach ($stmt->fetchAll() as $scheduleItem) {
$scheduleItem['actions'] = array();
if (Session::hasPriv('SCHEDULE_CHANGE')) {
$scheduleItem['actions'][] = '<a href = "?action=delete&schId=' . $scheduleItem['id'] . '&id=' . $this->eventId . '">Delete</a>';
}
$scheduleItem['actions'] = implode(', ', $scheduleItem['actions']);
$scheduleItem['start'] = formatDtString($scheduleItem['start']);
if (!empty($scheduleItem['icon'])) {
$scheduleItem['iconUrl'] = 'resources/images/icons/games/' . $scheduleItem['icon'];
} else {
$scheduleItem['iconUrl'] = null;
}
$ret[] = $scheduleItem;
}
return $ret;
}
break;
case 'delete':
if (!Session::hasPriv('NEWS_DELETE')) {
throw new PermissionException();
}
$id = intval($_REQUEST['id']);
$sql = 'DELETE FROM news WHERE id = :id ';
$stmt = $db->prepare($sql);
$stmt->bindValue(':id', $id);
$stmt->execute();
logAndRedirect('news.php', 'News deleted: ' . $id);
break;
default:
require_once 'includes/widgets/header.php';
require_once 'includes/widgets/sidebar.php';
$news = new News();
$news->setCount(10);
while ($article = $news->getNext()) {
startBox();
echo '<p><span class = "subtle">Posted on ' . formatDt(new DateTime($article['date'])) . ' by <a href = "profile.php?id=' . $article['author'] . '">' . $article['username'] . '</a>.</span></p>';
echo htmlify($article['content']);
if (Session::hasPriv('NEWS_DELETE')) {
echo '<dl class = "subtle">';
echo '<dt><a href = "news.php?action=delete&id=' . $article['id'] . '">Delete</a></dt>';
echo '<dt><a href = "news.php?action=edit&id=' . $article['id'] . '">Edit</a></dt>';
echo '</dl>';
}
stopBox(htmlify($article['title'], false));
}
}
require_once 'includes/widgets/footer.php';
(at your option) any later version.
pFrog is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with pFrog; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*******************************************************************************/
require_once 'includes/common.php';
$title = "index";
require_once "includes/widgets/header.php";
if (!\libAllure\Session::hasPriv('VIEW_ADMIN')) {
redirect('index.php', 'You do not have the privileges to see this.');
}
if (isset($_GET['toggle'])) {
if (inAdminMode()) {
$_SESSION['admin_mode'] = false;
} else {
$_SESSION['admin_mode'] = true;
}
}
startBox("Toggle admin mode", BOX_RED);
echo "If you are an admin, and want to play the game via this account, admin mode might get in the way. You can turn it off to make playing the game\neasier. <br /><br />";
echo "<form action = \"admin.php\">";
if (inAdminMode()) {
echo "<input type = \"hidden\" name = \"toggle\" value = \"off\" />";
echo "<input type = \"submit\" value = \"Turn admin mode off\" />";
$standardLinks->addIfPriv('UPLOAD_GALLERY_IMAGE', 'formUploadImage.php', 'Upload gallery image');
$standardLinks->addIfPriv('VIEW_SURVEYS', 'listSurveys.php', 'Survey', 'survey');
$tpl->assign('standardLinks', $standardLinks);
$privilegedLinks = new HtmlLinksCollection();
$privilegedLinks->addIfPriv('ADMIN_USERS', 'users.php', 'Users', 'users');
$privilegedLinks->addIfPriv('ADMIN_GROUPS', 'listGroups.php', 'Groups');
$privilegedLinks->addIfPriv('ADMIN_USERS', 'formFlagEmail.php', 'Flag bad emails', 'users');
$privilegedLinks->addIfPriv('VIEW_PRIVS', 'listPermissions.php', 'Permissions');
$privilegedLinks->addIfPriv('VIEW_VENUES', 'listVenues.php', 'Venues');
$privilegedLinks->addIfPriv('EDIT_CONTENT', 'listContent.php', 'Content blocks', 'contentBlocks');
$privilegedLinks->addIfPriv('VIEW_LOG', 'listLogs.php', 'Log');
$privilegedLinks->addIfPriv('MAILING_LIST', 'viewMailingList.php', 'Mailing list');
$privilegedLinks->addIfPriv('SITE_SETTINGS', 'siteSettings.php', 'Site settings', 'siteSettings');
$privilegedLinks->addIfPriv('ADMIN_PLUGINS', 'plugins.php', 'Plugins');
$privilegedLinks->addIfPriv('ADDITIONAL_MENU_ITEMS', 'form.php?form=FormAdditionalMenuItems', 'Additional menu items');
$privilegedLinks->addIfPriv('FINANCES', 'listFinanceAccounts.php', 'Finances');
$privilegedLinks->addIfPriv('SUDO', 'formSudo.php', 'SUDO');
$privilegedLinks->addIfPriv('VIEW_SYSTEM_STATISTICS', 'viewSystemStatus.php', 'System Status');
$privilegedLinks->addIfPriv('MACHINE_AUTHENTICATIONS', 'listMachineAuthentications.php', 'Machine Authentications');
$privilegedLinks->addIfPriv('LIST_SEATINGPLANS', 'listSeatingPlans.php', 'Seating plans');
$tpl->assign('privilegedLinks', $privilegedLinks);
$tpl->display('account.tpl');
$tpl->assign('acheivements', getAcheivements());
$tpl->display('acheivements.tpl');
$userEventSignups = getUserSignups();
$userSignupStatistics = getSignupStatistics($userEventSignups);
$tpl->assign('userEventSignups', $userEventSignups);
$tpl->assign('userSignupStatistics', $userSignupStatistics);
$tpl->assign('privViewAttendance', Session::hasPriv('VIEW_ATTENDANCE'));
$tpl->display('accountSignupOverview.tpl');
require_once 'includes/widgets/footer.php';
require_once 'includes/common.php';
use libAllure\Session;
if (!isset($title)) {
$title = 'Untitled page';
}
global $tpl;
$tpl->assign('title', $title);
$tpl->display('header.tpl');
?>
<div id = "header">
<h1><a href = "index.php">pFrog</a></h1>
<?php
if (Session::isLoggedIn()) {
echo "<div style = 'float: right;'> logged in as <strong><a href = \"viewuser.php?user="******"\">" . Session::getUser()->getUsername() . "</a></strong>.</div>";
if (Session::hasPriv('ADMIN')) {
echo "<a href = admin.php>admin</a>";
}
?>
<div id = "navigation">
<ul class = "mainmenu">
<li><h3>Main</h3></li>
<li><a href="index.php">index</a></li>
<li><a href="leaderboard.php">leaderbord</a></li>
<li><a href="quadrants.php">quadrants</a></li>
<li><a href="activitys.php">activities</a></li>
</ul>
<ul class = "mainmenu">
<li><h3>Financial</h3></li>
<li><a href="bank.php">bank</a></li>
<li><a href="shop.php">shop</a></li>
<?php
require_once 'includes/common.php';
require_once 'includes/widgets/header.php';
require_once 'includes/widgets/sidebar.php';
require_once 'includes/classes/FormSeatingPlanMoveUser.php';
require_once 'includes/classes/FormSwapSeats.php';
use libAllure\DatabaseFactory;
use libAllure\Sanitizer;
use libAllure\Session;
if (Session::hasPriv('SEATING_PLAN_MOVE_USERS')) {
$formMoveUsers = new FormSeatingPlanMoveUser();
if ($formMoveUsers->validate()) {
$formMoveUsers->process();
}
$formSwapUsers = new FormSwapSeats();
if ($formSwapUsers->validate()) {
$formSwapUsers->process();
}
}
$event = Sanitizer::getInstance()->filterUint('event');
$event = Events::getById($event);
if (empty($event['seatingPlan'])) {
$tpl->error('Seating plan not enabled.');
}
$sql = 'SELECT sp.seatCount, sp.layout, sp.name, e.id AS event, e.name AS eventName FROM events e JOIN seatingplans sp ON e.seatingPlan = sp.id WHERE e.id = :event';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':event', $event['id']);
$stmt->execute();
$seatingPlan = $stmt->fetchRow();
$structSp = parseSeatingPlanObjects($seatingPlan['layout']);
<?php
require_once 'includes/widgets/header.php';
require_once 'includes/widgets/sidebar.php';
require_once 'includes/classes/FormPermissionCreate.php';
use libAllure\Session;
if (!Session::getUser()->hasPriv('VIEW_PRIVS')) {
box('You do not have permission to view this page.');
require_once 'includes/widgets/footer.php';
}
$sql = 'SELECT `key`, description FROM permissions ORDER BY `key` ASC';
$result = $db->query($sql);
$permissions = array();
while ($perm = $result->fetchRow()) {
if (Session::getUser()->hasPriv($perm['key'])) {
$priv = '<span class = "good">' . $perm['key'] . '</span>';
} else {
if (Session::hasPriv('VIEW_UNASSIGNED_PERMISSIONS')) {
$priv = '<span class = "bad">' . $perm['key'] . '</span>';
}
}
$perm['priv'] = $priv;
$permissions[] = $perm;
}
$tpl->assign('permissionsList', $permissions);
$tpl->display('listPermissions.tpl');
require_once 'includes/widgets/footer.php';
$tpl->assign('privViewSignupComments', Session::hasPriv('VIEW_SIGNUP_COMMENTS'));
$tpl->display('signupsList.tpl');
if (Session::hasPriv('VIEW_SIGNUP_COMMENTS')) {
require_once 'includes/widgets/sidebar.php';
}
$tpl->assign('venue', array('id' => $event['venueId'], 'name' => $event['venueName']));
$tpl->display('venueOverview.tpl');
if (Session::hasPriv('SCHEDULE_UPDATE')) {
$action = Sanitizer::getInstance()->filterString('action');
if ($action == 'delete') {
$id = intval($_REQUEST['schId']);
$sql = 'DELETE FROM event_schedule WHERE id = :id ';
$stmt = $db->prepare($sql);
$stmt->bindValue(':id', $id);
$stmt->execute();
}
require_once 'includes/classes/FormScheduleAdd.php';
$f = new FormScheduleAdd($event['id']);
if ($f->validate()) {
$f->process();
$f->reset();
}
}
$schedule = new Schedule($event['id']);
$tpl->assign('privEditSchedule', Session::hasPriv('SCHEDULE_UPDATE'));
$tpl->assign('schedule', $schedule->fetch());
if (Session::hasPriv('SCHEDULE_CHANGE')) {
$tpl->assignForm($f);
}
$tpl->display('schedule.tpl');
require_once 'includes/widgets/footer.php';
<?php
use libAllure\HtmlLinksCollection;
use libAllure\Session;
$linksCollection = new HtmlLinksCollection('Event admin');
//$linksCollection->addIf(Session::hasPriv('EVENT_DELETE'), 'deleteEvent.php?id=' . $_REQUEST['id'], 'Delete event', null, 'delete');
$linksCollection->addIf(Session::hasPriv('EVENT_UPDATE'), 'updateEvent.php?id=' . $event['id'], 'Update');
$linksCollection->addIf(Session::hasPriv('ADMIN_SEATING'), 'seatingplan.php?event=' . $event['id'], 'Seating plan');
if ($linksCollection->hasLinks()) {
$tpl->assign('links', $linksCollection);
$tpl->display('sidebarLinks.tpl');
}
<?php
use libAllure\HtmlLinksCollection;
use libAllure\Session;
$menu = new HtmlLinksCollection('Survey admin');
$menu->addIf(Session::hasPriv('SURVEY_CREATE'), 'createSurvey.php', 'Create');
if (isset($survey['id'])) {
$menu->addIf(Session::hasPriv('SURVEY_UPDATE'), 'updateSurvey.php?id=' . $survey['id'], 'Update');
$menu->addIf(Session::hasPriv('SURVEY_UPDATE'), 'viewSurveyVotes.php?id=' . $survey['id'], 'Show detail');
}
if ($menu->hasLinks()) {
$tpl->assign('links', $menu);
$tpl->display('sidebarLinks.tpl');
}
<?php
require_once 'includes/common.php';
use libAllure\Session;
if (!Session::hasPriv('CONTENT_EDIT')) {
$tpl->error('You do not have permission to edit the content.');
}
if (isset($_REQUEST['id'])) {
$f = new FormContentEdit($_REQUEST['id']);
} else {
$f = new FormContentEdit();
}
if ($f->validate()) {
$f->process();
redirect('listContent.php', 'Content updated.');
} else {
if (isset($_REQUEST['title'])) {
$f->getElement('title')->setValue($_REQUEST['title']);
}
}
require_once 'includes/widgets/header.php';
require_once 'includes/widgets/sidebar.php';
$tpl->assignForm($f);
$tpl->display('form.tpl');
$tpl->display('wikiHelp.tpl');
require_once 'includes/widgets/footer.php';
<?php
use libAllure\HtmlLinksCollection;
use libAllure\Session;
if (!Session::isLoggedIn()) {
return;
}
$isMe = Session::getUser()->getId() == $user->getId() && Session::hasPriv('CHANGE_AVATAR');
$linksCollection = new HtmlLinksCollection('User admin');
$linksCollection->addIf(Session::hasPriv('DELETE_USER'), 'users.php?action=delete&id=' . $user->getId(), 'Delete', null, 'delete');
$linksCollection->addIf(Session::hasPriv('VIEW_ATTENDANCE'), 'viewAttendance.php?user='******'Attendance');
$linksCollection->addIf(Session::hasPriv('EDIT_USER') || $isMe, 'users.php?action=edit&user='******'Update my profile' : 'Edit user', null, 'update');
$linksCollection->addIf(Session::hasPriv('SEND_EMAIL'), 'sendEmail.php?userId=' . $user->getId(), 'Send email');
$linksCollection->addIf(Session::hasPriv('EDIT_OTHERS_AVATAR') || $isMe, 'updateAvatar.php?user='******'Avatar', null, 'avatar');
$linksCollection->addIfPriv('SUDO', 'formSudo.php?username='******'SUDO');
if ($linksCollection->hasLinks()) {
$tpl->assign('links', $linksCollection);
$tpl->display('sidebarLinks.tpl');
}
$listPermissions = array();
foreach ($user->getPrivs() as $privilege) {
if ($privilege['source'] == 'Group') {
$source = 'Group: <a href = "group.php?action=view&id=' . $privilege['sourceId'] . '">' . $privilege['sourceTitle'] . '</a>';
} else {
$source = 'User';
}
$privilege['source'] = $source;
$listPermissions[] = $privilege;
}
$tpl->assign('listPermissions', $listPermissions);
$tpl->display('profilePermissions.tpl');
}
if (Session::hasPriv('GROUPS_VIEW')) {
$usergroups = array();
foreach ($user->getUsergroups() as $group) {
$actions = array();
if (Session::hasPriv('GROUPS_EDIT')) {
if ($user->getData('group') != $group['id']) {
$actions[] = '<a href = "group.php?action=makePrimary&user='******'&group=' . $group['id'] . '">Make primary</a>';
$actions[] = '<a href = "group.php?action=kick&user='******'&group=' . $group['id'] . '">Kick</a>';
}
}
$group['actions'] = implode(', ', $actions);
$usergroups[] = $group;
}
$tpl->assign('usergroups', $usergroups);
$tpl->assignForm($formAddUserToGroup);
$tpl->display('profileUsergroups.tpl');
}
require_once 'includes/widgets/footer.php';
private static function signupUpdate($signupId, $status, $permissionsCheck = true)
{
if ($permissionsCheck && $status == 'PAID' && !Session::hasPriv('SIGNUPS_MODIFY')) {
throw new PermissionException();
}
global $db;
$sql = 'UPDATE signups SET status = :status WHERE id = :id ';
$stmt = $db->prepare($sql);
$stmt->bindValue(':status', $status);
$stmt->bindValue(':id', $signupId);
$stmt->execute();
}
<?php
require_once 'includes/common.php';
require_once 'includes/classes/Plugin.php';
use libAllure\Session;
use libAllure\Sanitizer;
use libAllure\ElementHidden;
if (!Session::hasPriv('ADMIN_PLUGINS')) {
throw new PermissionsException();
}
if (!isset($_REQUEST['action'])) {
$action = null;
} else {
$action = Sanitizer::getInstance()->filterString('action');
}
switch ($action) {
case 'settings':
$id = Sanitizer::getInstance()->filterUint('id');
$sql = 'SELECT p.id, p.title FROM plugins p WHERE p.id = :id LIMIT 1';
$stmt = $db->prepare($sql);
$stmt->bindValue(':id', $id);
$stmt->execute();
$plugin = $stmt->fetchRow();
if (empty($plugin)) {
throw new Exception('Plugin not found.');
}
require_once 'includes/classes/plugins/' . $plugin['title'] . '.php';
$pluginInstance = new $plugin['title']();
if (!$pluginInstance instanceof Plugin) {
throw new Exception('That is not a plugin.');
}
private function bindUser(&$stmt)
{
if (Session::hasPriv('EDIT_USERS')) {
$stmt->bindValue(':id', $this->getElementValue('user'));
} else {
$stmt->bindValue(':id', Session::getUser()->getId());
}
}
function getContent($pageTitle)
{
global $db;
$sql = 'SELECT id, page, content FROM page_content WHERE page = :pageTitle LIMIT 1';
$stmt = $db->prepare($sql);
$stmt->bindValue(':pageTitle', $pageTitle);
$stmt->execute();
if ($stmt->numRows() == 0) {
if (Session::hasPriv('CONTENT_EDIT')) {
return '<span class = "bad">Content block "' . $pageTitle . '" does not exist in the database - <a href = "updateContent.php?title=' . $pageTitle . '">create it</a>?</span>';
} else {
return '<span class = "bad">Content block "' . $pageTitle . '" does not exist in the database.</span>';
}
}
$content = $stmt->fetchRow();
$stuff = $content['content'];
$stuff = stripslashes($stuff);
$stuff = wikify($stuff);
if (Session::hasPriv('CONTENT_EDIT')) {
$stuff .= ' <a href = "updateContent.php?id=' . $content['id'] . '"><img class = "icon" src = "resources/images/icons/edit.png" alt = "edit" /></a>';
}
$stuff = parify($stuff);
return $stuff;
}
<?php
require_once 'includes/widgets/header.php';
require_once 'includes/widgets/sidebar.php';
use libAllure\Sanitizer;
use libAllure\Session;
$gallery = Galleries::getById(Sanitizer::getInstance()->filterUint('id'));
$files = $gallery->fetchImages();
try {
$tpl->assign('event', Events::getByGalleryId($gallery['id']));
} catch (Exception $e) {
$tpl->assign('event', null);
}
$tpl->assign('privViewUnpublished', Session::hasPriv('GALLERY_VIEW_UNPUBLISHED'));
$tpl->assign('files', $files);
$tpl->assign('gallery', $gallery);
$tpl->display('viewGallery.tpl');
require_once 'includes/widgets/footer.php';
echo "\t<td class = map_box_here>\n";
} else {
if ($row_result['traversable'] == 'yes') {
echo "\t<td class = 'map_box_traversable'>\n";
} else {
echo "\t<td class = 'map_box'>\n";
}
}
if ($result->numRows() == 0) {
if (inAdminMode()) {
popup("no map data", "admin_modify_tileset.php?quadrent={$quadrent}&row={$row_loop}&column={$column_loop}");
} else {
popup("no map data", "help.php?topic=no_map_data");
}
} else {
if ($row_result['traversable'] == 'yes' && \libAllure\Session::hasPriv('something')) {
echo "<a href = quadrants.php?quadrent={$quadrent}&row={$row_loop}&column={$column_loop}>";
}
if (substr($row_result['tileset'], -3, 3) == "jpg") {
echo "<img class = null src = 'resources/images/tilesets/" . $row_result['tileset'] . "' / >";
} else {
echo $row_result['tileset'];
}
if ($row_result['traversable'] == 'yes') {
echo "</a>";
}
}
echo "</td>\n";
//
// end cell
//
// Fetch the votes for the survey.
$sql = 'SELECT sv.id, sv.user, u.username, so.id optionId FROM survey_votes sv, survey_options so, users u WHERE sv.user = u.id AND sv.opt = so.id AND so.survey = :id';
$stmt = $db->prepare($sql);
$stmt->bindValue(':id', $survey['id']);
$stmt->execute();
$totalVotes = $stmt->numRows();
$tpl->assign('totalVotes');
foreach ($stmt->fetchAll() as $vote) {
$options[$vote['optionId']]['voteCount']++;
}
foreach ($options as &$option) {
if ($option['voteCount'] == 0) {
$option['votePercent'] = 0;
} else {
$option['votePercent'] = $option['voteCount'] / $totalVotes * 100;
}
}
$tpl->assign('hasDeletePriv', Session::hasPriv('SURVEY_DELETE_OPTION'));
$tpl->assign('survey', $survey);
$tpl->assign('listOptions', $options);
$tpl->display('viewSurvey.tpl');
if (Session::isLoggedIn()) {
$tpl->assignForm($f);
$tpl->display('form.tpl');
} else {
$tpl->assign('title', 'Only logged in users can vote!');
$tpl->assign('message', 'To voew on this survey, you need to <a href = "login.php">login</a>!');
$tpl->display('notification.tpl');
}
}
require_once 'includes/widgets/footer.php';
<?php
require_once 'includes/common.php';
use libAllure\Session;
if (!Session::hasPriv('VIEW_GROUPS')) {
$tpl->error('You dont have permission to view groups.');
}
require_once 'includes/widgets/header.php';
require_once 'includes/widgets/sidebar.php';
$sql = 'SELECT g.id, g.title, g.css, count(mem.id) membershipCount FROM groups g LEFT JOIN group_memberships mem ON mem.`group` = g.id GROUP BY g.id';
$stmt = $db->prepare($sql);
$stmt->execute();
$tpl->assign('listGroups', $stmt->fetchAll());
$tpl->display('listGroups.tpl');
<?php
require_once 'includes/widgets/header.php';
require_once 'includes/widgets/sidebar.php';
require_once 'includes/classes/Events.php';
use libAllure\Session;
$tpl->assign('privViewUnpublishedEvents', Session::hasPriv('VIEW_UNPUBLISHED_EVENTS'));
$tpl->assign('events', Events::getAllUpcommingEvents());
$tpl->display('eventsListUpcomming.tpl');
$tpl->assign('events', Events::getAllPreviousEvents());
$tpl->display('eventsListPast.tpl');
require_once 'includes/widgets/footer.php';
<?php
use libAllure\HtmlLinksCollection;
use libAllure\Session;
$menu = new HtmlLinksCollection('Gallery admin');
$menu->addIf(Session::hasPriv('GALLERY_SCAN'), 'doScanImageGallery.php', 'Scan gallery for problems');
$menu->addIf(Session::hasPriv('GALLERY_CREATE'), 'createGallery.php', 'Create');
if ($menu->hasLinks()) {
$tpl->assign('links', $menu);
$tpl->display('sidebarLinks.tpl');
}
<?php
use libAllure\Session;
if (Session::hasPriv('NEWS_ADD')) {
startBox();
echo '<dl><dt class = "create"><a href = "news.php?action=new">Add news</a></dt></dl>';
stopBox('News admin');
}
box('You can get this news in <a href = "extern.php?source=news&format=rss">RSS <img class = "icon" src = "resources/images/icons/rss.gif" alt = "RSS" title = "RSS" /></a> too.');
<?php
use libAllure\HtmlLinksCollection;
use libAllure\Session;
$links = new HtmlLinksCollection('Permissions admin');
$links->addIf(Session::hasPriv('CREATE_PERMISSION'), 'createPermission.php', 'Create permission', null, 'create');
$tpl->assign('links', $links);
$tpl->display('sidebarLinks.tpl');
?>
<?php
use libAllure\HtmlLinksCollection;
use libAllure\Session;
$linksCollection = new HtmlLinksCollection('Group Admin');
if (isset($group)) {
$linksCollection->addIf(Session::hasPriv('EDIT_GROUP_PRIVILEGES'), 'group.php?action=privileges&id=' . $group->getId(), 'Privileges');
$linksCollection->addIf(Session::hasPriv('EDIT_GROUP_SETTINGS'), 'group.php?action=edit&id=' . $group->getId(), 'Settings', null, 'siteSettings');
$linksCollection->addIf(Session::hasPriv('GROUP_DELETE'), 'group.php?action=delete&id=' . $group->getId(), 'Delete', null, 'delete');
} else {
$linksCollection->addIf(Session::hasPriv('GROUP_CREATE'), 'group.php?action=create', 'Create');
}
$tpl->assign('links', $linksCollection);
$tpl->display('sidebarLinks.tpl');
