protected function main() { inc_lib('news/news_exists'); $count_news_existe = news_exists($_GET['id']); if ($count_news_existe == false && (is_logged_in() && !check_auth('view_histo_all_news'))) { redir(Nw::$lang['news']['news_not_exist'], false, './'); } inc_lib('news/get_info_news'); $donnees_news = get_info_news($_GET['id']); $this->set_title(Nw::$lang['news']['historique_news'] . ' | ' . $donnees_news['n_titre']); $this->set_tpl('news/log_news.html'); $this->add_css('code.css'); // Fil ariane if ($count_news_existe) { $this->set_filAriane(array(Nw::$lang['news']['news_section'] => array('news-70.html'), $donnees_news['c_nom'] => array($donnees_news['c_rewrite'] . '/'), $donnees_news['n_titre'] => array($donnees_news['c_rewrite'] . '/' . rewrite($donnees_news['n_titre']) . '-' . $_GET['id'] . '/'), Nw::$lang['news']['historique_news'] => array(''))); } else { $this->set_filAriane(array(Nw::$lang['news']['news_section'] => array('news-70.html'), Nw::$lang['news']['historique_news'] => array(''))); } /** * Affichage du logo **/ inc_lib('news/get_news_logs'); $donnees_logs = get_news_logs('l_id_news = ' . intval($_GET['id']), 'l_date DESC'); foreach ($donnees_logs as $donnees) { Nw::$tpl->setBlock('log', array('ACTION' => $donnees['l_action'], 'ACTION_LOG' => isset(Nw::$lang['news']['log_news_' . $donnees['l_action']]) ? Nw::$lang['news']['log_news_' . $donnees['l_action']] : '', 'TEXTE' => nl2br($donnees['l_texte']), 'TITRE' => $donnees['l_titre'], 'DATE' => date_sql($donnees['date'], $donnees['heures_date'], $donnees['jours_date']), 'AUTEUR' => $donnees['u_pseudo'], 'AUTEUR_ID' => $donnees['u_id'], 'AUTEUR_AVATAR' => $donnees['u_avatar'], 'AUTEUR_ALIAS' => $donnees['u_alias'], 'IP' => long2ip($donnees['l_ip']))); } Nw::$tpl->set(array('ID' => $_GET['id'], 'TITRE' => $donnees_news['n_titre'])); }
protected function main() { if (!is_logged_in() && !check_auth('view_histo_all_news')) { header('Location: ./'); } $this->set_title(Nw::$lang['news']['historiques_news']); $this->set_tpl('news/log_admin.html'); $this->add_css('code.css'); $this->set_filAriane(array(Nw::$lang['news']['news_section'] => array('news-70.html'), Nw::$lang['news']['historiques_news'] => array(''))); $get_param = ''; $param_tpl = ''; if (!empty($_GET['t'])) { $get_param = 'l_titre LIKE "%' . insertBD(urldecode($_GET['t'])) . '%" OR l_texte LIKE "%' . insertBD(urldecode($_GET['t'])) . '%"'; $param_tpl = htmlspecialchars($_GET['t']); } inc_lib('news/count_news_logs'); $nombre_logs = count_news_logs($get_param); // Pagination $page = isset($_GET['page']) ? intval($_GET['page']) : 1; $nombreDePages = ceil($nombre_logs / Nw::$pref['nb_logs_admin']); // On vérifie que la page existe bien if ($nombreDePages > 0 && $page > $nombreDePages) { redir(Nw::$lang['common']['pg_not_exist'], false, 'news-21.html?t=' . $param_tpl); } /** * Affichage du logo **/ inc_lib('news/get_news_logs'); $donnees_logs = get_news_logs($get_param, 'l_date DESC', $page, Nw::$pref['nb_logs_admin']); foreach ($donnees_logs as $donnees) { Nw::$tpl->setBlock('log', array('ACTION' => $donnees['l_action'], 'ACTION_LOG' => isset(Nw::$lang['news']['log_news_' . $donnees['l_action']]) ? Nw::$lang['news']['log_news_' . $donnees['l_action']] : '', 'TEXTE' => nl2br($donnees['l_texte']), 'DATE' => date_sql($donnees['date'], $donnees['heures_date'], $donnees['jours_date']), 'AUTEUR' => $donnees['u_pseudo'], 'AUTEUR_ID' => $donnees['u_id'], 'AUTEUR_AVATAR' => $donnees['u_avatar'], 'AUTEUR_ALIAS' => $donnees['u_alias'], 'NEWS_ID' => $donnees['l_id_news'], 'NEWS_TITRE' => $donnees['n_titre'], 'TITRE_ACTU' => $donnees['l_titre'], 'IP' => long2ip($donnees['l_ip']))); } Nw::$tpl->set(array('TITRE' => urldecode($param_tpl), 'LIST_PG' => list_pg($nombreDePages, $page, 'news-21%s.html?t=' . $param_tpl))); }
function force_login() { if (!isset($GLOBALS['PHPCAS_CLIENT'])) { check_auth(); } phpCAS::forceAuthentication(); }
/** * 后台控制器初始化 */ protected function _initialize() { // 获取当前用户ID if (defined('UID')) { return; } $user = get_user(); if (!$user) { $this->redirect('Other/Public/login?type=miss_token'); } $this->_user = $user; define('UID', $user['uid']); if (!session('admin_login')) { // 缓存用户信息 session('user_auth', ['uid' => $user['uid'], 'uname' => $user['uname']]); session('admin_login', true); } // 是否是超级管理员 define('IS_ROOT', is_administrator()); // 检测系统权限 if (!IS_ROOT) { $access = $this->accessControl(); if (false === $access) { $this->error('403:禁止访问'); } elseif (null === $access) { // 检测访问权限 $rule = strtolower(MODULE_NAME . '/' . CONTROLLER_NAME . '/' . ACTION_NAME); if (!$this->checkRule($rule, array('in', '1,2'))) { $this->error('未授权用户:' . $user['uname']); } else { // 检测分类及内容有关的各项动态权限 $dynamic = $this->checkDynamic(); if (false === $dynamic) { $this->error('未授权用户:' . $user['uname']); } } } } // 初始化数据表 $this->_table = $this->_table ?: str_replace('/', '_', CONTROLLER_NAME); $this->assign('__MENU__', $this->getMenus()); $this->assign('_node_name', $this->_node_name); // 初始化通知 $notificationModel = new \Common\Model\SystemNotificationModel(); $notificationModel->updateStatus() or system_warn($notificationModel->getError()); $type = session('SYSTEM_NOTIFICATION_TYPE'); if (!is_array($type)) { $type = []; foreach (D('SystemNotification')->type_config as $key => $config) { if (check_auth($config[2])) { $type[] = $key; } } session('SYSTEM_NOTIFICATION_TYPE', $type); } $this->assign('notification_is_allow', check_auth('system/notification')); $this->assign('notification', $type ? M('SystemNotification')->where(['is_read' => 0, 'type' => ['in', $type]])->count() : 0); $this->_log(); }
/** * index 微博首页 * @author:xjw129xjt(肖骏涛) xjt@ourstu.com */ public function index() { $this->assign('tab', 'index'); $tab_config = get_kanban_config('WEIBO_DEFAULT_TAB', 'enable', array('all', 'concerned', 'hot')); if (!is_login()) { $_key = array_search('concerned', $tab_config); unset($tab_config[$_key]); } //获取参数 $aType = I('get.type', reset($tab_config), 'op_t'); $aUid = I('get.uid', 0, 'intval'); $aPage = I('get.page', 1, 'intval'); if (!in_array($aType, $tab_config)) { $this->error(L('_ERROR_PARAM_')); } $param = array(); //查询条件 $weiboModel = D('Weibo'); $param['field'] = 'id'; if ($aPage == 1) { $param['limit'] = 10; } else { $param['page'] = $aPage; $param['count'] = 30; } $param = $this->filterWeibo($aType, $param); $param['where']['status'] = 1; $param['where']['is_top'] = 0; //查询 $list = $weiboModel->getWeiboList($param); $this->assign('list', $list); // 获取置顶微博 $top_list = $weiboModel->getWeiboList(array('where' => array('status' => 1, 'is_top' => 1))); $this->assign('top_list', $top_list); $this->assign('total_count', $weiboModel->getWeiboCount($param['where'])); $this->assign('page', $aPage); $this->assign('loadMoreUrl', U('loadweibo', array('uid' => $aUid))); $this->assign('type', $aType); $this->assign('tab_config', $tab_config); if ($aType == 'concerned') { $this->assign('title', L('_MY_FOLLOW_')); $this->assign('filter_tab', 'concerned'); } else { if ($aType == 'hot') { $this->assign('title', L('_HOT_WEIBO_')); $this->assign('filter_tab', 'hot'); } else { $this->assign('title', L('_ALL_WEBSITE_FOLLOW_')); $this->assign('filter_tab', 'all'); } } $this->setTitle('{$title}' . L('_LINE_LINE_') . L('_MODULE_')); $this->assignSelf(); if (is_login() && check_auth('Weibo/Index/doSend')) { $this->assign('show_post', true); } $this->display(); }
function soap_refreshauth($auth) { if (!($bot = check_auth($auth))) { return null; } $authstring = md5(time() . $bot['botid'] . rand(1, 100) . "kibocenter botmanagement"); bot_refreshauth($bot['botid'], $authstring); return $authstring; }
protected function main() { if (is_logged_in() && check_auth('refresh_cache_droits')) { inc_lib('admin/refresh_cache_droits'); refresh_cache_droits(); redir(Nw::$lang['admin']['redir_cache_refreshed'], true, 'admin.html'); } else { redir(Nw::$lang['admin']['error_cant_see_admin'], false, './'); } }
protected function main() { if (is_logged_in() && check_auth('edit_vars_lang')) { $this->set_tpl('admin/edit_vars_lang.html'); $this->add_css('forms.css'); $this->set_title(Nw::$lang['admin']['edit_vars_lang']); $this->set_filAriane(array(Nw::$lang['admin']['fa_admin'] => array('admin.html'), Nw::$lang['admin']['edit_vars_lang'] => array(''))); //Récupération de tous les fichiers de langue $list_files = array(); $list_vars = array(); $dir = opendir(PATH_ROOT . 'lang/' . Nw::$site_lang); while ($file = readdir($dir)) { if (strpos($file, '.php')) { Nw::$tpl->setBlock('files', array('FILENAME' => $file)); $list_files[] = $file; } } closedir($dir); //Si on a envoyé un fichier particulier à voir if (!empty($_GET['file']) && !empty($_GET['lang'])) { if (in_array($_GET['file'], $list_files) && array_key_exists($_GET['lang'], Nw::$lang['common']['languages'])) { $this->load_lang_file(str_replace('.php', '', $_GET['file']), $_GET['lang']); $list_vars = Nw::$lang[str_replace('.php', '', $_GET['file'])]; foreach ($list_vars as $key => $value) { Nw::$tpl->setBlock('vars', array('KEY' => $key, 'VALUE' => is_array($value) ? array_map('htmlspecialchars', $value) : htmlspecialchars($value))); } Nw::$tpl->set('TEXT_LEGEND', sprintf(Nw::$lang['admin']['edit_vars_file'], $_GET['file'])); Nw::$tpl->set('DISPLAY_FORM', true); Nw::$tpl->set('FILE', $_GET['file']); Nw::$tpl->set('LANG', $_GET['lang']); } else { Nw::$tpl->set('DISPLAY_FORM', false); } } //Si on veut éditer un fichier if (isset($_POST['edit_vars']) && !empty($_GET['file']) && !empty($_GET['lang'])) { $f = PATH_ROOT . 'lang/' . $_GET['lang'] . '/' . $_GET['file']; $content = file_get_contents($f); foreach ($list_vars as $key => $value) { if (isset($_POST[$key]) && !empty($_POST[$key])) { $value = str_replace('\'', '\\\'', $_POST[$key]); $content = preg_replace('`\'' . $key . '\'(\\s*)=>(\\s*)\'(.*)\',`sU', '\'' . $key . '\'$1=>$2\'' . $value . '\',', $content); } else { redir(sprintf(Nw::$lang['admin']['error_var_empty'], $key), false, 'admin-1.html?file=' . $_GET['file'] . '&lang=' . $_GET['lang']); } } //echo htmlspecialchars($content); file_put_contents($f, $content); redir(sprintf(Nw::$lang['admin']['redir_vars_lang'], $key), true, 'admin-1.html?file=' . $_GET['file'] . '&lang=' . $_GET['lang']); } } else { redir(Nw::$lang['admin']['error_cant_edit_vars'], false, Nw::$site_url); } }
function try_signin() { $email = $_POST['email']; $password = $_POST['password']; $result = check_auth($email, $password); if ($result) { redirect("home"); } else { redirect("user/signin-failed"); } }
public function _initialize() { //实例化模型 $this->d_property = D('Property'); $this->d_object = D('Object'); $this->mid = is_login(); //控制权限 if (!check_auth('Property')) { // $this->error('对不起,只有认证的机构用户可以访问该页面'); } }
public function getComment($id) { $comment = S('weibo_comment_' . $id); if (!$comment) { $comment = $this->find($id); $comment['content'] = $this->parseComment($comment['content']); $comment['user'] = query_user(array('uid', 'nickname', 'avatar32', 'avatar64', 'avatar128', 'avatar256', 'avatar512', 'space_url', 'rank_link', 'score', 'title', 'weibocount', 'fans', 'following'), $comment['uid']); S('weibo_comment_' . $id, $comment); } $comment['can_delete'] = check_auth('Weibo/Index/doDelComment', $comment['uid']); return $comment; }
function xml_scannerlist($auth, $type, $items) { if (!check_auth($auth)) { return null; } # not authenticated if (!is_numeric($type)) { return null; } # new soap_fault('Client','',"Ung�ltiger Parameter: '$id'"); return user_get_scannerlist($type, $items); }
protected function main() { if (is_logged_in() && check_auth('manage_groups')) { // Edition d'un groupe if (!empty($_GET['id']) && is_numeric($_GET['id'])) { // On cherche les infos du groupe inc_lib('admin/get_info_grp'); $donnees_groupe = get_info_grp($_GET['id']); $form_id = $_GET['id']; $form_name = $donnees_groupe['g_nom']; $form_title = $donnees_groupe['g_titre']; $form_icone = $donnees_groupe['g_icone']; $form_color = $donnees_groupe['g_couleur']; // Fil ariane $this->set_filAriane(array(Nw::$lang['admin']['fa_admin'] => array('admin.html'), Nw::$lang['admin']['fa_grp'] => array('admin-299.html'), $donnees_groupe['g_nom'] => array('admin-300-' . $_GET['id'] . '.html'), Nw::$lang['admin']['fa_edit_grp'] => array(''))); } else { $form_id = 0; $form_name = ''; $form_title = ''; $form_icone = 0; $form_color = 0; // Fil ariane $this->set_filAriane(array(Nw::$lang['admin']['fa_admin'] => array('admin.html'), Nw::$lang['admin']['fa_grp'] => array('admin-299.html'), Nw::$lang['admin']['fa_new_grp'] => array(''))); } $this->set_tpl('admin/edit_grp.html'); $this->add_css('forms.css'); $this->set_title(Nw::$lang['admin']['titre_accueil']); // Formulaire soumis if (isset($_POST['submit'])) { $array_post = array('nom' => $_POST['nom'], 'titre' => $_POST['titre'], 'icone' => $_POST['icone'], 'couleur' => isset($_POST['couleur']) ? 1 : 0); // Les champs titre & contenu ne sont pas vides if (!multi_empty(trim($_POST['nom']))) { // Edition d'un groupe if (!empty($_GET['id']) && is_numeric($_GET['id'])) { inc_lib('admin/edit_grp'); edit_grp($_GET['id']); redir(Nw::$lang['admin']['confirm_edit_grp'], true, 'admin-300-' . $_GET['id'] . '.html'); } else { inc_lib('admin/add_grp'); $id_new_grp = add_grp(); redir(Nw::$lang['admin']['confirm_new_grp'], true, 'admin-310-' . $id_new_grp . '.html'); } } else { display_form($array_post, Nw::$lang['admin']['nom_grp_obligatoire']); } return; } // On affiche le template display_form(array('id' => $form_id, 'nom' => $form_name, 'titre' => $form_title, 'icone' => $form_icone, 'couleur' => $form_color)); } else { redir(Nw::$lang['admin']['error_cant_see_admin'], false, './'); } }
function url_for($ctrl, $action = false, $id = 0) { global $BASE_URL; if ($action == false) { $action = 'index'; } $ctrl = strtolower($ctrl); if (!check_auth($ctrl, $action)) { return false; } return $BASE_URL . "&ctrl={$ctrl}&action={$action}&id={$id}"; }
private function canDeleteWeibo($weibo) { //如果是管理员,则可以删除微博 if (is_administrator(get_uid()) || check_auth('deleteWeibo')) { return true; } //如果是自己发送的微博,可以删除微博 if ($weibo['uid'] == get_uid()) { return true; } //返回,不能删除微博 return false; }
protected function main() { if (is_logged_in() && check_auth('manage_groups')) { $this->set_title(Nw::$lang['admin']['titre_grp']); $this->set_tpl('admin/gestion_grp.html'); $this->set_filAriane(array(Nw::$lang['admin']['fa_admin'] => array('admin.html'), Nw::$lang['admin']['fa_grp'] => array(''))); inc_lib('admin/get_list_grp'); $list_grp = get_list_grp(); foreach ($list_grp as $grp) { Nw::$tpl->setBlock('grp', array('ID' => $grp['g_id'], 'NOM' => $grp['g_nom'], 'TITRE' => $grp['g_titre'], 'ICONE' => $grp['g_icone'], 'COULEUR' => $grp['g_couleur'])); } } else { redir(Nw::$lang['admin']['error_cant_see_admin'], false, './'); } }
public function _initialize() { if (is_login()) { $sub_menu['left'][] = array('tab' => 'my', 'title' => "我的" . $this->MODULE_ALIAS, 'href' => is_login() ? U('group/index/my') : "javascript:toast.error('登录后才能操作')"); } else { $sub_menu = array('left' => array()); } $sub_menu['left'] = array_merge($sub_menu['left'], array(array('tab' => 'discover', 'href' => U('group/index/discover'), 'title' => '发现'), array('tab' => 'select', 'title' => '精选', 'href' => U('group/index/select')), array('tab' => 'groups', 'title' => "全部" . $this->MODULE_ALIAS, 'href' => U('group/index/groups')))); $sub_menu['right'] = array(array('tab' => 'create', 'title' => '创建' . $this->MODULE_ALIAS, 'href' => check_auth('Group/Index/addGroup', -1) ? U('group/index/create') : "javascript:toast.error('您无添加群组权限')")); $this->assign('sub_menu', $sub_menu); $this->assign('current', 'home'); /* 读取站点配置 */ $config = api('Config/lists'); C($config); //添加配置 }
protected function main() { if (!is_logged_in() || !check_auth('solve_alertes')) { redir(Nw::$lang['news']['error_cant_solve_alerts'], false, './'); } if (empty($_GET['id']) || !is_numeric($_GET['id'])) { redir(Nw::$lang['news']['error_alert_dont_exist'], false, 'news-13.html'); } inc_lib('news/alert_news_exists'); if (alert_news_exists($_GET['id']) == false) { redir(Nw::$lang['news']['error_alert_dont_exist'], false, 'news-13.html'); } inc_lib('news/solve_alert_news'); solve_alert_news($_GET['id'], Nw::$dn_mbr['u_id']); redir(Nw::$lang['news']['confirm_alert_solved'], false, 'news-13.html'); }
protected function _getWhere() { $where = ['is_read' => 0]; // 初始化通知 $type = S('ADMIN_SYSTEM_NOTIFICATION_TYPE'); if (!is_array($type)) { $type = []; foreach (D('SystemNotification')->type_config as $key => $config) { if (check_auth($config[0])) { $type[] = $key; } } S('ADMIN_SYSTEM_NOTIFICATION_TYPE', $type, 1800); } if ($type) { $where['type'] = ['in', $type]; } return $where; }
protected function main() { if (!is_logged_in() || !check_auth('solve_alertes')) { redir(Nw::$lang['news']['error_cant_solve_alerts'], false, './'); } inc_lib('news/get_list_alerts_news'); //Si on veut trier selon le statut if (isset($_GET['solved']) && in_array($_GET['solved'], array(0, 1))) { $solved = $_GET['solved']; Nw::$tpl->set('SOLVED', $solved); } else { $solved = null; Nw::$tpl->set('SOLVED', -1); } //Si on veut voir les alertes d'une news précise if (!empty($_GET['id']) && is_numeric($_GET['id'])) { inc_lib('news/news_exists'); if (news_exists($_GET['id']) == false) { redir(Nw::$lang['news']['news_not_exist'], false, 'news-70.html'); } inc_lib('news/get_info_news'); $info_news = get_info_news($_GET['id']); $this->set_title($info_news['n_titre'] . ' | ' . Nw::$lang['news']['alerts_list']); $list_alerts = get_list_alerts_news($_GET['id'], $solved); Nw::$tpl->set('ID_NEWS', $_GET['id']); Nw::$tpl->set('NEWS', $info_news['n_titre']); // Fil ariane $this->set_filAriane(array(Nw::$lang['news']['news_section'] => array('news-70.html'), $info_news['c_nom'] => array($info_news['c_rewrite'] . '/'), $info_news['n_titre'] => array($info_news['c_rewrite'] . '/' . rewrite($info_news['n_titre']) . '-' . $_GET['id'] . '/'), Nw::$lang['news']['alerts_list'] => array(''))); Nw::$tpl->set(array('CAT_REWRITE' => $info_news['c_rewrite'], 'REWRITE' => rewrite($info_news['n_titre']))); } else { $this->set_title(Nw::$lang['news']['alerts_list']); $list_alerts = get_list_alerts_news(null, $solved); Nw::$tpl->set('ID_NEWS', null); // Fil ariane $this->set_filAriane(array(Nw::$lang['news']['news_section'] => array('news-70.html'), Nw::$lang['news']['alerts_list'] => array(''))); } $this->set_tpl('news/list_alerts.html'); $this->add_css('code.css'); foreach ($list_alerts as $a) { Nw::$tpl->setBlock('alerts', array('ID' => $a['a_id'], 'AUTEUR' => $a['pseudo_auteur'], 'ALIAS' => $a['u_alias'], 'ADMIN' => $a['pseudo_admin'], 'ID_ADMIN' => $a['a_admin'], 'SOLVED' => $a['a_solved'], 'DATE' => $a['date'], 'RAISON' => $a['a_texte'], 'MOTIF' => !empty($a['a_motif']) ? Nw::$lang['news']['motifs_list'][$a['a_motif']] : '-', 'IP' => long2ip($a['a_ip']), 'ID_NEWS' => $a['a_id_news'], 'NEWS' => $a['n_titre'], 'REWRITE' => rewrite($a['n_titre']), 'CAT_REWRITE' => rewrite($a['c_rewrite']), 'SOLVED_BY' => $a['a_solved'] ? sprintf(Nw::$lang['news']['alert_solved_by'], $a['pseudo_admin']) : '')); } }
public function _initialize() { $this->eventModel = D('Event/Event'); $this->eventAttendModel = D('Event/EventAttend'); $this->eventTypeModel = D('Event/EventType'); $this->_top_menu_list = array('left' => array(array('type' => 'home', 'href' => U('Mob/event/index')), array('type' => 'message')), 'center' => array('title' => '活动')); $this->setMobTitle('活动'); if (is_login()) { if (check_auth('Event/Index/add')) { $this->_top_menu_list['right'][] = array('type' => 'edit', 'href' => U('Mob/event/add')); } else { $this->_top_menu_list['right'][] = array('type' => 'edit', 'info' => '您无活动发布权限!'); } } else { $this->_top_menu_list['right'][] = array('type' => 'edit', 'info' => '登录后才能操作!'); } $tree = D('EventType')->where(array('status' => 1))->select(); $this->assign('type_tree', $tree); $this->assign('top_menu_list', $this->_top_menu_list); }
protected function main() { if (check_auth('manage_articles') || !is_logged_in()) { $this->set_title(Nw::$lang['press']['art_add']); $this->set_tpl('press/add.html'); $this->add_css('forms.css'); $this->add_js('write.js'); $this->add_js('forms.js'); // Fil ariane $this->set_filAriane(array(Nw::$lang['press']['mod_title'] => array('press.html'), Nw::$lang['press']['art_add'] => array(''))); //Si on veut ajouter l'article if (isset($_POST['submit'])) { inc_lib('press/add_article'); add_article($_SESSION['ident_session'], $_POST['paper'], $_POST['link'], $_POST['numero'], $_POST['country'], $_POST['contenu'], $_POST['date_pub']); redir(Nw::$lang['press']['redir_article_added'], true, 'press.html'); } } else { redir(Nw::$lang['press']['error_cant_manage'], false, 'press.html'); } }
public function deleteComment() { $aCid = I('post.id', 0, 'intval'); if ($aCid <= 0) { $this->error('删除评论失败。评论不存在。'); } //检查权限 $canDelete = check_auth('deleteLocalComment') || is_administrator(); $commentModel = D('Addons://LocalComment/LocalComment'); $comment = $commentModel->find($aCid); $isOnwer = ($comment['uid'] == is_login() and is_login() != 0); if ($canDelete || $isOnwer) { $result = $commentModel->where(array('id' => $aCid))->delete(); if ($result) { $this->success('删除评论成功。', 'refresh'); } else { $this->error('删除评论失败。' . $commentModel->getError()); } } else { $this->error('删除评论失败。' . '权限不足'); } }
protected function main() { if (!is_logged_in() || !check_auth('can_see_ip')) { redir(Nw::$lang['users']['error_cant_see_ip'], false, './'); } $this->load_lang_file('admin'); $this->set_title(Nw::$lang['users']['check_ip']); $this->set_tpl('membres/check_ip.html'); $this->add_css('forms.css'); if (!empty($_GET['ip'])) { inc_lib('users/check_ip'); $list_mbr = check_ip($_GET['ip']); Nw::$tpl->set('SEARCH', $_GET['ip']); foreach ($list_mbr as $mbr) { Nw::$tpl->setBlock('mbr', array('ID' => $mbr['u_id'], 'PSEUDO' => $mbr['u_pseudo'], 'IDENTIFIER' => $mbr['u_identifier'], 'LAST_IP' => long2ip($mbr['u_ip']), 'GROUP' => $mbr['g_nom'], 'ID_ADMIN' => $mbr['a_admin'], 'DATE_REGISTER' => $mbr['date_register'])); } } else { Nw::$tpl->set('SEARCH', ''); } // Fil ariane $this->set_filAriane(array(Nw::$lang['admin']['fa_admin'] => array('admin.html'), Nw::$lang['users']['check_ip'] => array(''))); }
protected function main() { if (is_logged_in() && check_auth('can_see_admin')) { $this->set_tpl('admin/index.html'); $this->add_js('admin.js'); $this->add_css('admin.css'); $this->set_title(Nw::$lang['admin']['titre_accueil']); $this->set_filAriane(Nw::$lang['admin']['fa_admin']); //Chargement de tous les fichiers de langue utiles $this->load_lang_file('press'); $this->load_lang_file('users'); $this->load_lang_file('news'); $this->load_lang_file('poll'); if (isset($_POST['log_submit']) && !empty($_POST['log_titre'])) { header('Location: news-21.html?t=' . urlencode(trim($_POST['log_titre']))); } inc_lib('news/count_alerts_news'); $count_alerts = count_alerts_news(null, false); Nw::$tpl->set('NEWS_ERRORS', sprintf(Nw::$lang['news']['nb_news_errors'], $count_alerts)); Nw::$tpl->set('COUNT_ERRORS', $count_alerts); } else { redir(Nw::$lang['admin']['error_cant_see_admin'], false, 'index.html'); } }
* copies or substantial portions of the Software. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ /* * display the user's messages */ require_once 'include.php'; $title = 'Messages'; $messages_on = 'messages-on'; // verify if we're logged in or not check_auth(IDP, $page_uri); $ret = ""; $ret .= "<div class=\"content relative shadow clearfix main\">\n"; $ret .= "<div>\n"; // verify if we are already registered if (!is_subscribed($_SESSION['webid'])) { $ret .= "<br/><p><font style=\"font-size: 1.3em;\">You have not registered to receive messages! You can register <a href=\"subscription\">here</a>.</font></p>\n"; } // manage received messages/pingbacks if (isset($_REQUEST['id'])) { $ok = true; $_to = ''; $_name = ''; $id = mysql_real_escape_string($_REQUEST['id']); $me = mysql_real_escape_string($_SESSION['webid']); // delete
<?php function check_auth($username, $password, $type) { if ($type == admin) { $query = "SELECT * FROM admin WHERE username='******'"; } else { $query = "SELECT * FROM reg_user WHERE username='******'"; } $result = mysql_query($query); while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { if ($password == $row['password']) { return true; } return false; } } include '../ajax/connection.php'; include '../ajax/sessions.inc'; if (isset($_REQUEST['login']) && $_REQUEST['login'] == 'Log In' && ($uid = check_auth($_REQUEST['username'], $_REQUEST['password'], $_REQUEST['type']))) { $_SESSION['username'] = $_REQUEST['username']; $_SESSION['type'] = $_REQUEST['type']; if ($_REQUEST['type'] == 'admin') { header('Location: ../mainForAdmin.php'); } else { header('Location: ../mainForRegUser.php'); } } else { $_SESSION['mssg'] = "Incorrect username/password"; header('Location: ../logInReg.php'); }
break; case AUTH_MOD: $auth_ug[$forum_id][$key] = !empty($auth_access_count[$forum_id]) ? check_auth(AUTH_MOD, $key, $auth_access[$forum_id], $is_admin) : 0; break; case AUTH_ADMIN: $auth_ug[$forum_id][$key] = $is_admin; break; default: $auth_ug[$forum_id][$key] = 0; break; } } // // Is user a moderator? // $auth_ug[$forum_id]['auth_mod'] = !empty($auth_access_count[$forum_id]) ? check_auth(AUTH_MOD, 'auth_mod', $auth_access[$forum_id], 0) : 0; } // Begin PNphpBB2 Categories Hierarchie Mod // $i = 0; // @reset($auth_ug); // while( list($forum_id, $user_ary) = @each($auth_ug) ) // { $s_column_span = 3 + $inc_max + 1; // Two columns always present if ($adv) { $s_column_span = $s_column_span + count($forum_auth_fields) - 1; } @reset($categories); while (list($cat_id, $catrow) = each($categories)) { // get the inc level $inc_col = $catrow['level'];
<?php define('FPDF_FONTPATH', 'fpdf_fonts/'); require 'fpdf.php'; include '_includeSessionConfig.php'; include "newProgressReports.php"; $loginError = check_auth($_SESSION[$_CONF['sess_name'] . '_username'], $_SESSION[$_CONF['sess_name'] . '_password']); if (!$loginError['error_value']) { $tid = $_SESSION[$_CONF['sess_name'] . '_selected_teacher']; $result = get_user_info($tid); $user = $result->fetch_assoc(); $tfName = $user['first_name']; $tlName = $user['last_name']; $teacherName = $tfName . " " . $tlName; $term_id = $_POST['term_id']; $termName = $_POST['term_name']; $loc = array(); $year = date("y"); $download = false; if (isset($_POST['all'])) { $sql = "SELECT classes.class_id,courses.teacher_id,courses.course_name\n FROM classes,courses\n WHERE courses.teacher_id=" . $tid . "\n AND courses.school_year_id=" . $_SESSION[$_CONF['sess_name'] . '_current_school_year'] . " \n AND classes.term_id=" . $term_id . "\n AND courses.course_id=classes.course_id\n ORDER by courses.course_name"; $result = $db->query($sql); while ($row = $result->fetch_assoc()) { $loc[$row['class_id']] = $row['course_name']; } $filename = $year . "_" . $termName . "_" . $teacherName . "_ClassSummaries.pdf"; $download = true; } else { $cid = $_SESSION[$_CONF['sess_name'] . '_selected_class']; $result = get_class_info($cid); $row = $result->fetch_assoc();
include '../m/news.php'; session_start(); $link = connect(); if (!$link) { echo "Не удалось подключиться: " . mysqli_connect_error(); exit; } if (count($_POST) > 0) { $login = trim($_POST['login']); $password = trim($_POST['password']); if ($login == '') { $message = "Незаполнено поле Login"; } elseif ($password == '') { $message = "Незаполнено поле Password"; } else { $id_user = check_auth($link, $login, $password); if ($id_user !== false) { $_SESSION['is_auth'] = true; $_SESSION['id_user'] = $id_user; if (isset($_POST['remember'])) { setcookie('login', md5($_POST['login']), time() + 3600 * 24 * 31, '/'); setcookie('password', md5($_POST['password']), time() + 3600 * 24 * 31, '/'); } header('Location: ../index.php'); exit; } else { $message = 'Неверный логин или пароль'; } } } else { $message = '';