* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
// $Id: editEvent.php,v 1.4 2005/10/30 22:37:19 atrommer Exp $
checkUser($_SESSION['USERTYPE'], 2);
if (!$_REQUEST['event']) {
// throw an error, we need an event to edit
accessDenied("Please select an event to edit first!");
}
$oEvent = getEventDetails($_REQUEST['event']);
doHeader("Editing Event");
?>
<form name="frmAddEvent" action="editSchedDetails.php" method="post">
<input type="hidden" name="isSubmit">
<input type="hidden" name="area" value="<?php
echo $oEvent->event_area_id;
?>
">
<input type="hidden" name="event_id" value="<?php
echo $oEvent->event_id;
?>
">
<strong>Edit a new event:</strong>
/**
* User Rights POST
*/
function userrights()
{
$clang = Yii::app()->lang;
$postuserid = Yii::app()->request->getPost("uid");
$aViewUrls = array();
// A user can't modify his own rights ;-)
if ($postuserid != Yii::app()->session['loginID']) {
$sresult = User::model()->findAllByAttributes(array('uid' => $postuserid, 'parent_id' => Yii::app()->session['loginID']));
$sresultcount = count($sresult);
if (Yii::app()->session['USER_RIGHT_SUPERADMIN'] != 1 && $sresultcount > 0) {
// Not Admin, just a user with childs
$rights = array();
$rights['create_survey'] = isset($_POST['create_survey']) && Yii::app()->session['USER_RIGHT_CREATE_SURVEY'] ? 1 : 0;
$rights['configurator'] = isset($_POST['configurator']) && Yii::app()->session['USER_RIGHT_CONFIGURATOR'] ? 1 : 0;
$rights['create_user'] = isset($_POST['create_user']) && Yii::app()->session['USER_RIGHT_CREATE_USER'] ? 1 : 0;
$rights['participant_panel'] = isset($_POST['participant_panel']) && Yii::app()->session['USER_RIGHT_PARTICIPANT_PANEL'] ? 1 : 0;
$rights['delete_user'] = isset($_POST['delete_user']) && Yii::app()->session['USER_RIGHT_DELETE_USER'] ? 1 : 0;
$rights['manage_template'] = isset($_POST['manage_template']) && Yii::app()->session['USER_RIGHT_MANAGE_TEMPLATE'] ? 1 : 0;
$rights['manage_label'] = isset($_POST['manage_label']) && Yii::app()->session['USER_RIGHT_MANAGE_LABEL'] ? 1 : 0;
$rights['superadmin'] = 0;
// ONLY Initial Superadmin can give this right
if ($postuserid != 1) {
setUserRights($postuserid, $rights);
}
} elseif (Yii::app()->session['USER_RIGHT_SUPERADMIN'] == 1) {
$rights = array();
// Only Initial Superadmin can give this right
if (isset($_POST['superadmin'])) {
// Am I original Superadmin ?
// Initial SuperAdmin has parent_id == 0
$adminresult = User::model()->getuidfromparentid('0');
$row = $adminresult;
if ($row['uid'] == Yii::app()->session['loginID']) {
$rights['superadmin'] = 1;
} else {
$rights['superadmin'] = 0;
}
} else {
$rights['superadmin'] = 0;
}
$rights['create_survey'] = isset($_POST['create_survey']) || $rights['superadmin'] ? 1 : 0;
$rights['configurator'] = isset($_POST['configurator']) || $rights['superadmin'] ? 1 : 0;
$rights['create_user'] = isset($_POST['create_user']) || $rights['superadmin'] ? 1 : 0;
$rights['participant_panel'] = isset($_POST['participant_panel']) || $rights['superadmin'] ? 1 : 0;
$rights['delete_user'] = isset($_POST['delete_user']) || $rights['superadmin'] ? 1 : 0;
$rights['manage_template'] = isset($_POST['manage_template']) || $rights['superadmin'] ? 1 : 0;
$rights['manage_label'] = isset($_POST['manage_label']) || $rights['superadmin'] ? 1 : 0;
setUserRights($postuserid, $rights);
} else {
echo accessDenied('userrights');
die;
}
$aViewUrls['mboxwithredirect'][] = $this->_messageBoxWithRedirect($clang->gT("Set user permissions"), $clang->gT("User permissions were updated successfully."), 'successheader');
} else {
$aViewUrls['mboxwithredirect'][] = $this->_messageBoxWithRedirect($clang->gT("Set user permissions"), $clang->gT("You are not allowed to change your own permissions!"), 'warningheader');
}
$this->_renderWrappedTemplate('user', $aViewUrls);
}
/**
* surveypermission::delete()
* Function responsible to delete a user/usergroup.
* @param mixed $surveyid
* @return void
*/
function delete($surveyid)
{
$aData['surveyid'] = $surveyid = sanitize_int($surveyid);
$aViewUrls = array();
$action = $_POST['action'];
$clang = Yii::app()->lang;
$imageurl = Yii::app()->getConfig('imageurl');
$postuserid = !empty($_POST['uid']) ? $_POST['uid'] : false;
$postusergroupid = !empty($_POST['gid']) ? $_POST['gid'] : false;
if ($action == "delsurveysecurity") {
$addsummary = "<div class=\"header\">" . $clang->gT("Deleting User") . "</div>\n";
$addsummary .= "<div class=\"messagebox\">\n";
$result = Survey::model()->findAll('sid = :sid AND owner_id = :owner_id AND owner_id != :postuserid', array(':sid' => $surveyid, ':owner_id' => Yii::app()->session['loginID'], ':postuserid' => $postuserid));
if (count($result) > 0 || Yii::app()->session['USER_RIGHT_SUPERADMIN'] == 1) {
if (isset($postuserid)) {
$dbresult = Survey_permissions::model()->deleteAll('uid = :uid AND sid = :sid', array(':uid' => $postuserid, ':sid' => $surveyid));
$addsummary .= "<br />" . $clang->gT("Username") . ": " . sanitize_xss_string($_POST['user']) . "<br /><br />\n";
$addsummary .= "<div class=\"successheader\">" . $clang->gT("Success!") . "</div>\n";
} else {
$addsummary .= "<div class=\"warningheader\">" . $clang->gT("Could not delete user. User was not supplied.") . "</div>\n";
}
$addsummary .= "<br/><input type=\"submit\" onclick=\"window.open('" . $this->getController()->createUrl('admin/surveypermission/sa/view/surveyid/' . $surveyid) . "', '_top')\" value=\"" . $clang->gT("Continue") . "\"/>\n";
} else {
accessDenied();
}
$addsummary .= "</div>\n";
$aViewUrls['output'] = $addsummary;
}
$this->_renderWrappedTemplate('authentication', $aViewUrls, $aData);
}
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
// $Id: viewSched.php,v 1.7 2005/10/30 22:37:19 atrommer Exp $
checkUser($_SESSION['USERTYPE'], 2);
if (empty($_REQUEST['user'])) {
// keep people from navigating here directly
accessDenied("Please choose a user first.");
}
$oEmp = getUserVals($_REQUEST['user']);
if (empty($oEmp)) {
// this would happen if they arbitrarily typed in a num in the url
accessDenied("You selected an invalid user!");
}
if (!$_REQUEST['doPop']) {
doHeader("Viewing {$oEmp->user_first} {$oEmp->user_last}'s schedule");
} else {
?>
<html>
<head>
<title>Viewing <?php
echo $oEmp->user_first . ' ' . $oEmp->user_last;
?>
's schedule</title>
<link href="global.css" rel="stylesheet" type="text/css">
</head>
<body>
function printArea($iArea)
{
// displays the area schedule
$oAreaDetails = getAreas($_SESSION['USERID'], $iArea);
// make sure a row is returned, if not, user is being bad
if (!count($oAreaDetails)) {
// no areas, tried to circumvent sec, yell at them
accessDenied("You tried to access an area you aren't assigned to!");
}
$oAreaSched = getAreaSched($_REQUEST['area']);
if (!count($oAreaSched)) {
// let user know we have no rows
print "You haven't created a schedule for this area yet.";
}
?>
<html>
<head>
<title>Viewing Schedule for <?php
echo $oAreaDetails[0]->area_name;
?>
</title>
<link href="global.css" rel="stylesheet" type="text/css">
</head>
<body>
<table width="100%" cellpadding="2" cellspacing="0">
<tr>
<td width="50%">
Below are the events for <?php
echo $oAreaDetails[0]->area_name;
?>
.
<?php
// Area events go to the left
foreach ($oAreaSched as $Sched) {
// get area positions
$oAreaPos = getAreaPos($_REQUEST['area']);
?>
<br>
<hr align="left">
<?php
echo $Sched->event_name;
?>
<table width="100%" border="0" cellpadding="2" class="contactInfo">
<tr>
<td class="contactInfoName"><?php
print date("D, n/d/y", strtotime($Sched->event_date));
?>
</td>
</tr>
<tr>
<td>Start: <?php
echo date("g:i a", strtotime($Sched->event_start));
?>
<div align="left"></div></td>
<td>End: <?php
echo date("g:i a", strtotime($Sched->event_end));
?>
</td>
</tr>
<tr valign="top">
<?php
// now we go through each pos and list the scheduled emps
foreach ($oAreaPos as $Pos) {
?>
<td><table border="0" cellpadding="2" class="contactInfo">
<tr><td colspan=2><strong><?php
echo $Pos->pos_name;
?>
</strong></td></tr><?php
$bRow = true;
$oEventEmps = getEventEmps($Sched->event_id, $Pos->pos_id);
if (count($oEventEmps)) {
// we have emps, display them
foreach ($oEventEmps as $Emp) {
$bRow = !$bRow;
?>
<tr<?php
if ($bRow) {
print " class=evenRow";
}
?>
>
<td colspan=2><?php
echo $Emp->user_first . ' ' . $Emp->user_last;
?>
</td>
</tr>
<?php
}
} else {
//we don't, display msg
print "<tr><td colspan=2><i>No employees scheduled yet</i></td></tr>";
}
?>
</table></td><?php
}
?>
</tr>
</table>
<?php
}
?>
</td>
</tr>
</table>
<?php
}
function view($GET, $POST)
{
global $menu, $docs, $cat, $users;
if (isset($GET['view'])) {
$view = (string) $GET['view'];
if (strlen($view) != 24) {
error404();
} else {
$id = new MongoId($view);
$search = $menu->findOne(array('_id' => $id));
if (!$search) {
error404();
} else {
$site = $search['site'];
$curid = $search['_id'];
echo '<div class="link-tree">';
echo '<a href="/?sys=' . $_COOKIE['site'] . '" target="_blank">' . $_COOKIE['site'] . '</a>';
pathTree($curid);
echo '</div>';
$userId = $_COOKIE['login'];
$userId = new MongoId($userId);
$login = $users->findOne(array('_id' => $userId));
$sites = explode(" @", $login['access']);
if (in_array($site, $sites) && empty($_COOKIE[md5("role")]) || !empty($_COOKIE[md5("role")])) {
$doc = $docs->find(array('itemId' => $id));
$target_dir = "documents/";
echo '<div class="post-content">';
echo '<h2 class="blog-title" style="margin-bottom: 0;">' . htmlspecialchars($search['name']) . '</h2>';
if (isset($search['text']) && $search['text'] != '') {
echo '<div class="text">' . preg_replace('#<br.*?>#s', '', $search['text']) . '</div><br>';
}
if ($doc->count(true)) {
foreach ($doc as $file) {
$path = 'documents/' . $search['site'] . '_' . $file['name'] . '.' . $file['ext'];
if (file_exists($path)) {
echo '<div class="file">Файл: <a href="documents/' . $search['site'] . '_' . $file['name'] . '.' . $file['ext'] . '" target="_blank">' . $file['name'] . '</a></div><br>';
}
}
}
$links = $menu->find(array('toId' => $id))->sort(array($_COOKIE['sortindex'] => 1));
if ($_COOKIE['sortindex'] == 'time') {
$links = $menu->find(array('toId' => $id))->sort(array($_COOKIE['sortindex'] => -1));
}
if ($links->count(true)) {
foreach ($links as $key) {
echo '<div>';
echo '<div class="spoiler">';
echo '<a href="" class="spoiler_links">' . $key['name'] . '</a><div class="date">' . date('d/m/Y', $key['time']) . '</div>';
echo '<div class="spoiler_body">';
if (isset($key['text']) && $key['text'] != '') {
echo '<div class="text">' . $key['text'] . '</div><br>';
}
$docSP = $docs->find(array('itemId' => $key['_id']));
if ($docSP->count(true)) {
foreach ($docSP as $file) {
$path = 'documents/' . $search['site'] . '_' . $file['name'] . '.' . $file['ext'];
if (file_exists($path)) {
echo '<div class="file">Файл: <a href="documents/' . $search['site'] . '_' . $file['name'] . '.' . $file['ext'] . '" target="_blank">' . $file['name'] . '</a></div><br>';
}
}
}
echo 'Додано: ' . date('d/m/Y', $key['time']) . '<br><br>';
echo '<a href="/?view=' . $key['_id'] . '" target="_blank">Повне посилання</a><br><br>';
echo '</div>';
echo '</div>';
echo '</div>';
}
}
echo '<div class="post-footer">';
echo 'Додано: ' . date('d/m/Y', $search['time']);
echo '</div>';
echo '</div>';
if ($site != $cat) {
setcookie("site", $site);
header("Location: index.php?view={$view}");
}
} else {
accessDenied();
}
}
}
}
if (isset($POST['search'])) {
$string = trim($POST['search']);
header("Location: /?search={$string}");
}
if (isset($GET['search'])) {
$string = (string) $GET['search'];
$arrWord = explode(" ", $string);
foreach ($arrWord as $word) {
$regex = new MongoRegex("/{$word}/i");
$criteria = array('$and' => array(array('$or' => array(array('name' => array('$regex' => $regex)), array('text' => array('$regex' => $regex)))), array('site' => $cat)));
$data = $menu->find($criteria)->sort(array($_COOKIE['sortindex'] => 1));
if ($_COOKIE['sortindex'] == 'time') {
$data = $menu->find($criteria)->sort(array($_COOKIE['sortindex'] => -1));
}
echo 'Результати пошуку: "' . $word . '"<br><br>';
if ($data->count(true)) {
echo '<div class="post-content">';
foreach ($data as $search) {
$curid = $search['toId'];
if ($curid != 0) {
$curid = new MongoId($curid);
$tempsearch = $menu->find(array('_id' => $curid));
if ($tempsearch->count(true)) {
echo '<div class="search-link-border">';
echo '<div class="search-title""><a href="/?view=' . $search['_id'] . '" target="_blank">' . htmlspecialchars($search['name']) . '</a></div><div class="date">' . date('d/m/Y', $search['time']) . '</div><br>';
echo '<div class="search-link-tree">';
pathTree($search['_id']);
echo '</div>';
echo '</div>';
}
} else {
echo '<div class="search-link-border">';
echo '<div class="search-title""><a href="/?view=' . $search['_id'] . '" target="_blank">' . htmlspecialchars($search['name']) . '</a></div><div class="date">' . date('d/m/Y', $search['time']) . '</div><br>';
echo '<div class="search-link-tree">';
pathTree($search['_id']);
echo '</div>';
echo '</div>';
}
}
echo '</div>';
} else {
echo '<div class="post-content">';
echo 'Записів не знайдено</div>';
}
}
}
}
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
// $Id: editSched.php,v 1.17 2006/02/03 20:24:34 atrommer Exp $
checkUser($_SESSION['USERTYPE'], 2);
// get the area attributes
$oAreaDetails = getAreas($_SESSION['USERID'], $_REQUEST['area']);
// make sure a row is returned, if not, user is being bad
if (!count($oAreaDetails)) {
// no areas, tried to circumvent sec, yell at them
accessDenied("You tried to access an area you aren't assigned to!");
} elseif (!$_REQUEST['area']) {
// force people through assignEmps
accessDenied("Please choose an area to edit first through Manage Schedules");
}
if ($_POST['confirmDelete']) {
deleteEvent($_POST['event']);
redirect("editSched.php?area=" . $_POST['area']);
}
function deleteConfirm($iArea, $iEvent)
{
$aEventDetails = getEventDetails($iEvent);
?>
<form id="frmDelete" name="frmDelete" method="post" action="<?php
echo $_SERVER['PHP_SELF'];
?>
">
<input type="hidden" name="area" value="<?php
echo $iArea;
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
require_once 'classes/class.ical.inc.php';
// $Id: iCalView.php,v 1.3 2005/10/30 22:37:19 atrommer Exp $
// if we have a uid, grab their schedule
// if we have aid, grab area schedule
// otherwise, do nothing
if ($_REQUEST['uid']) {
$oSched = getMySched($_REQUEST['uid'], 2);
} elseif ($_REQUEST['aid']) {
$oSched = getAreaSched($_REQUEST['aid'], 2);
} else {
accessDenied("Invalid user or area!");
}
$iCal = (object) new iCal('', 0);
// (ProgrammID, Method [1 = Publish | 0 = Request])
$categories = array('Work', 'Party');
// main loop for the events
foreach ($oSched as $Sched) {
$aAssign = array();
$oEventEmps = getEventEmps($Sched->event_id);
// add all event emps to the attendees
foreach ($oEventEmps as $Emp) {
$aTemp = array($Emp->user_first . ' ' . $Emp->user_last => $Emp->user_email . ",1");
$aAssign = array_merge($aAssign, $aTemp);
}
$iCal->addEvent('', strtotime($Sched->event_date . ' ' . $Sched->event_start), strtotime($Sched->event_date . ' ' . $Sched->event_end), $Sched->area_name, 0, $categories, 'Log into ESS for more details!', $Sched->event_name, 1, $aAssign, 5, 0, 1, 1, '', 0, '', '', 1, 'http://' . $host . $docroot, 'en', '');
}
<?php
require_once 'common.php';
/*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
// $Id: assumeUser.php,v 1.5 2005/10/30 22:37:19 atrommer Exp $
checkUser($_SESSION['USERTYPE'], 2);
if (!$_REQUEST['user']) {
accessDenied("Please choose a user first!");
}
assumeUser($_REQUEST['user']);
function checkUser($userType, $typeAllowed)
{
if ($userType < $typeAllowed) {
accessDenied();
}
}
checkUser($_SESSION['USERTYPE'], 2);
// check for postback
if ($_POST['isPostback']) {
updateNotes($_POST['hdEvent'], sanitizeInput($_POST['taComments']));
redirect('editSched.php?area=' . $_POST['area']);
}
if (isset($_REQUEST['event'])) {
$oEvent = getEventDetails($_REQUEST['event']);
// if we don't have a month set, pull it from area
if (strlen($oEvent->event_comments)) {
$sNotes = $oEvent->event_comments;
} else {
$sNotes = getAreaTempl($_REQUEST['area']);
}
} else {
accessDenied("Please choose an event to edit first using Manage Schedules");
}
doHeader("Editing notes for " . $oEvent->event_name, 'taComments');
?>
<b><?php
echo $oEvent->event_name;
?>
</b>
<br>
<span class="contactInfo"><?php
echo date("l, F jS, Y", strtotime($oEvent->event_date));
?>
(<?php
echo date("g:i a", strtotime($oEvent->event_start));
$iEID = schedEvent($_POST, $_POST['event_id']);
redirect("editNotes.php?event=" . $iEID . "&area=" . $_POST['area']);
}
// now we cat the dates together
$dDate = $_POST['ddYear'] . '-' . $_POST['ddMonth'] . '-' . $_POST['ddDay'];
$dStart = date("H:i", strtotime($_POST['ddStartTime']));
$dEnd = date("H:i", strtotime($_POST['ddEndTime']));
$sDay = date("w", strtotime($dDate));
$dStartFull = $_POST['ddYear'] . '-' . $_POST['ddMonth'] . '-' . $_POST['ddDay'] . ' ' . $dStart;
// get the area attributes
$oAreaDetails = getAreas($_SESSION['USERID'], $_REQUEST['area']);
$oAreaPos = getAreaPos($_REQUEST[area]);
// make sure a row is returned, if not, user is being bad
if (!count($oAreaDetails)) {
// no areas, tried to circumvent sec, yell at them
accessDenied("You tried to access an area you aren't assigned to!");
}
$oMyEmps = getMyEmployees($_SESSION['USERID']);
doHeader("Editing " . $_POST['tbName']);
?>
The following list shows all of your employees. Green means they are available, red means they aren't.
<br>Use the radio buttons to assign your employees and press "Assign" to save the event and assignments.
<br>
<span class="contactInfo"><?php
echo date("l, F jS, Y", strtotime($dDate));
?>
(<?php
echo date("g:i a", strtotime($dStart));
?>
addPos($_POST, $_SESSION['USERID']);
redirect('editPos.php?area=' . $_POST['area']);
}
if ($_POST['confirmDelete']) {
delPos($_POST['pos']);
redirect('editPos.php?area=' . $_POST['area']);
}
// if request is empty, make user select area first
if (!$_REQUEST['area']) {
accessDenied("Please go through Manage Schedules to edit positions!");
}
// grab area details
$oAreaDetails = getAreas($_SESSION['USERID'], $_REQUEST['area']);
// kick user out if details don't exist
if (!$oAreaDetails) {
accessDenied("You do not have access to this function!");
}
// now that we are clean, grab the pos
$oAreaPos = getAreaPos($_REQUEST['area']);
// prompts user for del confirm
function deleteConfirm($iArea, $iPos)
{
$oPosDetails = getPosDetails($iPos);
?>
Warning! <b>Deleting</b> a position will orphan any assignments using this position.
Do this only as a last resort!<br>
<form id="frmDelete" name="frmDelete" method="post" action="<?php
echo $_SERVER['PHP_SELF'];
?>
">
<input type="hidden" name="area" value="<?php
function formBuilder()
{
global $url, $auth;
$prj_name = str_replace('/formBuilder', '', $url);
$prj = new EcProject();
$prj->name = $prj_name;
$prj->fetch();
$uid = $auth->getEcUserId();
if ($prj->checkPermission($uid)) {
echo applyTemplate('./base.html', './createOrEditForm.html', array('projectName' => $prj_name));
} else {
accessDenied(sprintf(' Project %s', $prj_name));
}
}
<?php
switch (true) {
case isset($_POST['in']):
logIn($_POST);
break;
case isset($_GET['out']):
logOut($_GET, $_POST);
break;
case (isset($_GET['ins']) || isset($_GET['admin']) || isset($_GET['users']) || isset($_GET['upmenu']) || isset($_GET['chgum']) || isset($_GET['chgusr']) || isset($_GET['chid']) || isset($_GET['chgdoc'])) && empty($_COOKIE[md5("role")]):
accessDenied();
break;
case isset($_GET['view']) || isset($_POST['search']) || isset($_GET['search']):
view($_GET, $_POST);
break;
case isset($_GET['sys']):
site($_GET);
break;
case isset($_GET['sortindex']):
sortItem($_GET);
break;
case isset($_GET['delid']) && !empty($_COOKIE[md5("role")]):
delete($_GET);
break;
case (isset($_GET['deldoc']) || isset($_GET['item'])) && !empty($_COOKIE[md5("role")]):
deleteDoc($_GET);
break;
case isset($_GET['chgdoc']) || isset($_POST['chgdoc']):
changeDoc($_POST, $_GET);
break;
