function create_list($arr, $ord)
{
if ($ord == 0) {
$html = "\n<ul class='sidebar-menu'>\n";
} else {
$html = "\n<ul class='treeview-menu'>\n";
}
$html .= "<li class='header'>" . (isset($menu_header) ? $menu_header : "") . "</li>\n";
foreach ($arr as $key => $v) {
if (array_key_exists('children', $v)) {
$html .= "<li class='treeview'>\n";
$html .= '<a href="#">
<i class="' . $v['icon'] . '"></i>
<span>' . $v['menu_item_name'] . '</span>
<i class="fa fa-angle-left pull-right"></i>
</a>';
$html .= create_list($v['children'], 1);
$html .= "</li>\n";
} else {
$html .= '<li><a href="' . $v['url'] . '">';
if ($ord == 0) {
$html .= '<i class="' . $v['icon'] . '"></i>';
}
if ($ord == 1) {
$html .= '<i class="fa fa-angle-double-right"></i>';
}
$html .= $v['menu_item_name'] . "</a></li>\n";
}
}
$html .= "</ul>\n";
return $html;
}
function menuLayout($name)
{
$nombre_archivo = $_SERVER['REQUEST_URI'];
$url = explode("/", $nombre_archivo);
$posicion_coincidencia = strpos($url[4], "?");
if ($posicion_coincidencia) {
$dominio = substr($url[4], 0, $posicion_coincidencia);
$url[4] = $dominio;
}
$url[4] = '../../' . $url[2] . '/' . $url[3] . '/' . $url[4];
echo ' <section class="sidebar" >
<!-- Sidebar user panel -->
<div class="user-panel">
<div class="pull-left image">
<img src="../../static/css/img/avatar5.png" class="img-circle" alt="User Image" />
</div>
<div class="pull-left info">
<p>Hola, ' . htmlentities($name) . '</p>
<a href="#"><i class="fa fa-circle text-success"></i> Online</a>
</div>
</div>
<!-- sidebar menu: : style can be found in sidebar.less -->
<ul class="sidebar-menu">';
$servicios = new servicios();
$valores = create_list();
foreach ($valores as $value) {
if ($value['hijos']) {
$re = $servicios->filter_by_value($value['hijos'], 'url', $url[4]);
// foreach ($value['hijos'] as $va) {
// $niet[] = $servicios->filter_by_value($va['nietos'], 'url', $url[2]);
// }
// var_dump($niet[0][0]["url"]);exit;
// $nieto = $servicios->filter_by_value($value['nietos'], 'url', $url[2]);
if (isset($re)) {
$info = 'treeview active';
echo '<li class="' . $info . '">';
} else {
$info = 'treeview';
echo '<li class="' . $info . '">';
}
} else {
$nieto = $servicios->filter_by_value($value['nietos'], 'url', $url[4]);
if ($nieto || $value['url'] == $url[4]) {
echo '<li class="active">';
} else {
echo '<li class="">';
}
}
echo '<a href="' . $value['url'] . '">
<i class="fa fa-table"></i> <span>' . $value['descripcion'] . '</span>';
if ($value['hijos']) {
echo '<i class="fa fa-angle-left pull-right"></i>';
}
echo ' </a>';
if ($value['hijos']) {
echo '<ul class="treeview-menu">';
foreach ($value['hijos'] as $valor) {
echo $valor['url'] == $url[4] ? '<li class="active">' : '<li class="">';
echo ' <a href="' . $valor['url'] . '"><i class="fa fa-angle-double-right"></i>' . $valor['descripcion'] . '</a>
</li>';
}
echo '</ul>';
}
echo ' </li>';
}
echo ' </ul>
</section>
<!-- /.sidebar -->
</aside>';
}
echo $row["assessment_id"];
?>
'><?php
echo $row['expected_outcome'];
?>
</a>
<?php
echo "<br>";
echo $string1;
}
}
}
// Set user name and password
$wwwuser = '******';
$wwwpass = '******';
// last updated 03/26/15 mh
$username = '******';
$dbh = new PDO('mysql:host=localhost;dbname=Assessment_2', $wwwuser, $wwwpass);
// $dbh = new PDO('mysql:host=localhost;dbname=Assessment_2', root, 'europe-guilty-kaleidoscope-head');
// foreach($dbh->query("select * from users where users_username='******'") ->fetchAll(PDO::FETCH_ASSOC) as $row)
foreach ($dbh->query("select * from users as us\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tinner join user_team as ut\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ton us.users_id = ut.users_id\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tinner join team te\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ton ut.team_id=te.team_id where users_username='******'")->fetchAll(PDO::FETCH_ASSOC) as $row) {
//print_r($row);
$users_id = $row['users_id'];
$fname = $row['users_fname'];
$lname = $row['users_lname'];
$team = $row['team_name'];
}
$reassessment_sql = "select expected_outcome, assessment_id from assessment where users_id = '{$users_id}' AND ReAssessment='1'";
//echo $reassessment_sql;
create_list("reassessment", $reassessment_sql);
function build_listado_acordes()
{
// Grid de acordes
global $ins, $dic, $Path;
$searchbox = $ins['searchbox'] ? $ins['searchbox'] : false;
$sqlData = select_acordes($searchbox);
$y = 0;
if ($sqlData) {
foreach ($sqlData as $row) {
$seccion = 'acordes';
$id = $row[id_acorde];
$valor = $row[acorde];
$tblData[$y] = $row;
unset($tblData[$y][combo], $tblData[$y][img_guitar], $tblData[$y][img_piano], $tblData[$y][img_bass]);
$tblData[$y][acorde] = '<span class="editar campo-editable" data-pk="' . $id . '" data-title="' . $dic[ico][editar] . '" title="' . $dic[ico][editar] . '">' . $valor . '</span> <span id="frm-msj_' . $id . '"></span>';
$tblData[$y][notas] = '<span class="editar campo-editable" data-name="notas" data-pk="' . $id . '" data-title="' . $dic[ico][editar] . '" title="' . $dic[ico][editar] . '">' . create_list(explode('|', implode(',|', explode(',', $row[notas])))) . '</span>';
$tblData[$y][guitarra] = '<span style="text-align:center; vertical-align:middle;" class="editar campo-editable" data-type="file" data-name="img_guitar" data-pk="' . $id . '" data-title="' . $dic[ico][editar] . '" title="' . $dic[ico][editar] . '">' . '<img class="img-zoom" src="' . $Path[chordsurl] . $row[img_guitar] . '" data-zoom-image="' . $Path[chordsurl] . $row[img_guitar] . '" width="50%"/></span>';
$tblData[$y][piano] = '<span style="text-align:center; vertical-align:middle; margin-top: 8%;" class="editar campo-editable" data-type="file" data-name="img_piano" data-pk="' . $id . '" data-title="' . $dic[ico][editar] . '" title="' . $dic[ico][editar] . '">' . '<img class="img-zoom" src="' . $Path[chordsurl] . $row[img_piano] . '" data-zoom-image="' . $Path[chordsurl] . $row[img_piano] . '" width="50%"/></span>';
$tblData[$y][bajo] = '<span style="text-align:center; vertical-align:middle;" class="editar campo-editable" data-type="file" data-name="img_bass" data-pk="' . $id . '" data-title="' . $dic[ico][editar] . '" title="' . $dic[ico][editar] . '">' . '<img class="img-zoom" src="' . $Path[chordsurl] . $row[img_bass] . '" data-zoom-image="' . $Path[chordsurl] . $row[img_bass] . '" width="50%"/></span>';
$tblData[$y][quitar] = ico_eliminar($id, "activate('frm-captura-" . $seccion . "','" . $seccion . "'," . $id . ');');
$y++;
}
}
return build_grid_paginado($tblData, $titulos);
}
function filterByElement($s3ql, $user_id, $db)
{
switch ($s3ql['from']) {
case 'users':
#$user_query_const .= " and account_type !=".$regexp." '(u|p|a|r)'";
$user_query_const .= " and account_type != 'g'";
if (!user_is_admin($user_id, $db) || $s3ql['where']['account_status'] == '') {
$user_query_const .= " and account_status = 'A'";
}
if ($s3ql['where']['group_id'] != '') {
$group_info = s3info('group', $s3ql['where']['group_id'], $db);
if (!is_array($group_info)) {
return False;
echo formatReturn($GLOBALS['error_codes']['something_does_not_exist'], 'Group ' . $s3ql['where']['group_id'] . ' does not exist', $s3ql['format'], '');
} else {
#$group_members_query=str_replace("*", "substr(uid, 2, length(uid))", select(array('uid'=>'U'.$s3ql['where']['user_id'], 'shared_with'=>'G'.$s3ql['where']['group_id'])));
$group_members_query = str_replace("*", "replace(substr(uid, 2, length(uid)), '" . $GLOBALS['Did'] . '/U' . "', '')", select(array('uid' => 'U' . $s3ql['where']['user_id'], 'shared_with' => 'G' . $s3ql['where']['group_id'])));
$user_query_const .= " and account_id in (" . $group_members_query . ")";
#group_id is artifical, don't use it in determining output
$s3ql['where'] = array_diff_key($s3ql['where'], array('group_id' => ''));
$s3ql['where'] = array_filter($s3ql['where']);
}
}
#if there is any coreID, this is a check on permissions. Check first if user can query the resource, then check for permission
$COREids = $GLOBALS['COREids'];
foreach ($COREids as $s3code => $s3coreId) {
if ($s3ql['where'][$s3coreId] != '' && $s3coreId != 'user_id') {
$stream = "upstream";
$id_name = $s3coreId;
$code_id = $s3ql['where'][$s3coreId];
$uid = strtoupper(substr($s3code, 0, 1)) . $s3ql['where'][$s3coreId];
$element_info = URIinfo($uid, $user_id, $s3ql['key'], $db);
if (!is_array($element_info)) {
echo formatReturn($GLOBALS['error_codes']['something_missing'], $uid . ' was not found', $s3ql['format'], '');
return false;
}
if (!$element_info['view']) {
echo formatReturn($GLOBALS['error_codes']['no_permission_message'], $uid . ' was not found', $s3ql['format'], '');
return false;
}
$user_query_const .= " and account_id in (" . str_replace('*', 'substr(shared_with,2,length(shared_with))', select(array('shared_with' => 'U', 'uid' => $uid, 'stream' => 'upstream'))) . ")";
}
}
break;
case 'groups':
#secial query will be pefrformed on listS3DB.
$user_query_const .= " and account_type " . $GLOBALS['regexp'] . " '(g)'";
if ($group_id != '1' || $s3ql['where']['account_status'] != 'I') {
$user_query_const .= " and account_status = 'A'";
}
if ($s3ql['where']['user_id'] != '') {
$user_members = select(array('uid' => 'U' . $s3ql['where']['user_id'], 'shared_with' => 'G' . $s3ql['where']['group_id'], 'stream' => 'upstream'));
$user_members_query = str_replace("*", "substr(shared_with, 2, length(shared_with))", $user_members);
$user_query_const .= " and account_id in (" . $user_members_query . ")";
#$user_query_const .= " and account_id in (select group_id from s3db_account_group where account_id ".$regexp." ".$s3ql['where']['user_id'].")";
$s3ql['where'] = array_diff_key($s3ql['where'], array('user_id' => ''));
$s3ql['where'] = array_filter($s3ql['where']);
}
#implicated user id. When queried with user_id, this query gives all the groups where user_id is involved, which are all the groups he can change.
break;
case 'accesslog':
#if(!user_is_admin($user_id, $db))
if ($user_id != '1' && !user_is_admin($user_id, $db)) {
echo formatReturn($GLOBALS['error_codes']['no_permission_message'], 'User does not have permission to see accesslog', $s3ql['format'], '');
return False;
}
break;
case 'rulelog':
if ($user_id != '1') {
$user_projects = findUserProjects($user_id, $db);
$user_query_const .= " and project_id " . $regexp . " " . create_list($user_projects) . "";
}
break;
case 'keys':
$P['table'] = 'access_keys';
if ($user_id != '1') {
$user_query_const .= " and account_id = '" . $user_id . "'";
}
break;
case 'filekeys':
$P['table'] = 'file_transfer';
if ($user_id != '1') {
$user_query_const .= " and created_by = '" . $user_id . "'";
}
break;
case 'projects':
if ($user_id != '1' && $s3ql['where']['project_status'] != 'I') {
$user_query_const .= " and project_status = 'A'";
}
break;
case 'requests':
if ($user_id != '1') {
$user_rules = findUserRules($user_id, $db);
$user_query_const .= " and rule_id " . $regexp . " '" . create_list($user_rules) . "'";
}
break;
case 'rules':
if ($s3ql['where']['class_id'] != '') {
$class_info = URI('C' . $s3ql['where']['class_id'], $user_id, $db);
$user_query_const .= " and (subject_id = '" . $class_info['resource_id'] . "' or object_id = '" . $class_info['resource_id'] . "')";
}
break;
case 'statements':
#
if ($s3ql['where']['class_id'] != '') {
$class_info = URI('C' . $s3ql['where']['class_id'], $user_id, $db);
$user_query_const .= " and rule_id = '" . $class_info['rule_id'] . "'";
}
break;
case 'collections':
$user_query_const .= " and iid = '0'";
if ($s3ql['where']['rule_id'] != '') {
$element_info = URI('R' . $s3ql['where']['rule_id'], $user_id, $db);
$user_query_const .= " and resource_id '^" . $regexp . " " . fastClassID(array('entity' => $element_info['subject'], 'project_id' => $element_info['project_id'], 'db' => $db)) . "'\$'";
}
break;
case 'items':
$user_query_const .= " and iid = '1'";
if ($s3ql['where']['rule_id'] != '') {
$element_info = URI('R' . $s3ql['where']['rule_id'], $user_id, $db);
$user_query_const .= " and resource_class_id '^" . $regexp . " " . fastClassID(array('entity' => $element_info['subject'], 'project_id' => $element_info['project_id'], 'db' => $db)) . "'\$'";
}
break;
}
return $user_query_const;
}
function filterByElement($s3ql, $user_id, $db)
{
switch ($s3ql['from']) {
case 'users':
#$user_query_const .= " and account_type !=".$regexp." '(u|p|a|r)'";
$user_query_const .= " and account_type != 'g'";
if (!user_is_admin($user_id, $db) || $s3ql['where']['account_status'] == '') {
$user_query_const .= " and account_status = 'A'";
}
if ($s3ql['where']['group_id'] != '') {
$group_info = s3info('group', $s3ql['where']['group_id'], $db);
if (!is_array($group_info)) {
return False;
echo formatReturn($GLOBALS['error_codes']['something_does_not_exist'], 'Group ' . $s3ql['where']['group_id'] . ' does not exist', $s3ql['format'], '');
} else {
#$group_members_query=str_replace("*", "substr(uid, 2, length(uid))", select(array('uid'=>'U'.$s3ql['where']['user_id'], 'shared_with'=>'G'.$s3ql['where']['group_id'])));
#$group_members_query=str_replace("*", "replace(substr(uid, 2, length(uid)), '".$GLOBALS['Did'].'/U'."', '')", select(array('uid'=>'U'.$s3ql['where']['user_id'], 'shared_with'=>'G'.$s3ql['where']['group_id'])));
$group_members_query = "select id from s3db_permission where shared_with = 'G" . $s3ql['where']['group_id'] . "' and uid " . $GLOBALS['regexp'] . " '^U'";
$user_query_const .= " and account_id in (" . $group_members_query . ")";
#group_id is artifical, don't use it in determining output
$s3ql['where'] = array_diff_key($s3ql['where'], array('group_id' => ''));
$s3ql['where'] = array_filter($s3ql['where']);
}
}
break;
case 'groups':
#secial query will be pefrformed on listS3DB.
$user_query_const .= " and account_type " . $GLOBALS['regexp'] . " '(g)'";
if ($group_id != '1' || $s3ql['where']['account_status'] != 'I') {
$user_query_const .= " and account_status = 'A'";
}
if ($s3ql['where']['user_id'] != '') {
$user2query = $s3ql['where']['user_id'];
$user_members_query = "select shared_with_num from s3db_permission where shared_with " . $GLOBALS['regexp'] . " '^G' and uid = 'U" . $user2query . "'";
$user_query_const .= " and account_id in (" . $user_members_query . ")";
#$user_members = select(array('uid'=>'U'.$s3ql['where']['user_id'], 'shared_with'=>'G'.$s3ql['where']['group_id'], 'stream'=>'upstream'));
#$user_members_query=str_replace("*", "substr(shared_with, 2, length(shared_with))", $user_members);
#$user_query_const .= " and account_id in (select group_id from s3db_account_group where account_id ".$regexp." ".$s3ql['where']['user_id'].")";
$s3ql['where'] = array_diff_key($s3ql['where'], array('user_id' => ''));
$s3ql['where'] = array_filter($s3ql['where']);
}
#implicated user id. When queried with user_id, this query gives all the groups where user_id is involved, which are all the groups he can change.
break;
case 'accesslog':
#if(!user_is_admin($user_id, $db))
if ($user_id != '1' && !user_is_admin($user_id, $db)) {
echo formatReturn($GLOBALS['error_codes']['no_permission_message'], 'User does not have permission to see accesslog', $s3ql['format'], '');
exit;
//return (False);
}
break;
case 'rulelog':
if ($user_id != '1') {
$user_projects = findUserProjects($user_id, $db);
$user_query_const .= " and project_id " . $GLOBALS['regexp'] . " '" . create_list($user_projects) . "'";
}
break;
case 'keys':
$P['table'] = 'access_keys';
if ($user_id != '1') {
$user_query_const .= " and account_id = '" . $user_id . "'";
}
break;
case 'filekeys':
$P['table'] = 'file_transfer';
if ($user_id != '1') {
$user_query_const .= " and created_by = '" . $user_id . "'";
}
break;
case 'projects':
if ($user_id != '1' && $s3ql['where']['project_status'] != 'I') {
$user_query_const .= " and project_status = 'A'";
}
break;
case 'requests':
if ($user_id != '1') {
$user_rules = findUserRules($user_id, $db);
$user_query_const .= " and rule_id " . $regexp . " '" . create_list($user_rules) . "'";
}
break;
case 'rules':
if ($s3ql['where']['class_id'] != '') {
$class_info = URI('C' . $s3ql['where']['class_id'], $user_id, $db);
$user_query_const .= " and (subject_id = '" . $class_info['resource_id'] . "' or object_id = '" . $class_info['resource_id'] . "')";
}
$user_query_const .= " and object!='UID'";
break;
case 'statements':
#
if ($s3ql['where']['class_id'] != '') {
$class_info = URI('C' . $s3ql['where']['class_id'], $user_id, $db);
$user_query_const .= " and rule_id = '" . $class_info['rule_id'] . "'";
}
$user_query_const .= " and rule_id not in (select rule_id from s3db_rule where object='UID')";
$user_query_const .= " and rule_id!=''";
break;
case 'collections':
$user_query_const .= " and iid = '0'";
if ($s3ql['where']['rule_id'] != '') {
$element_info = URI('R' . $s3ql['where']['rule_id'], $user_id, $db);
$user_query_const .= " and resource_id '^" . $regexp . " " . fastClassID(array('entity' => $element_info['subject'], 'project_id' => $element_info['project_id'], 'db' => $db)) . "'\$'";
}
break;
case 'items':
$user_query_const .= " and iid = '1'";
if ($s3ql['where']['rule_id'] != '') {
$element_info = URI('R' . $s3ql['where']['rule_id'], $user_id, $db);
$user_query_const .= " and resource_class_id '^" . $regexp . " " . fastClassID(array('entity' => $element_info['subject'], 'project_id' => $element_info['project_id'], 'db' => $db)) . "'\$'";
}
break;
}
return $user_query_const;
}
function main()
{
create_html_start();
check_post_values();
$path = 'users/' . $_SESSION['ms_username'] . '/';
if (!isset($_GET['catalog'])) {
echo 'You must give catalog name!';
} else {
// Catalog file not found!
if (!file_exists($path . $_GET['catalog̈́'])) {
echo 'You don\'t have catalogue with that name!';
} else {
create_list($_GET['catalog']);
}
echo '<center>';
echo '<br />';
echo '<a href="index.php">Back to main page</a>';
echo '</center><br />';
create_html_end();
}
}
</div>
<?php
echo $my_profile->print_blocks("primary_bar");
?>
</div>
<div id="text">
<?php
echo $my_profile->print_blocks("header");
?>
<header>
<h1><?php
echo $my_profile->get_name();
?>
</h1>
<h2 class="subh1"><?php
echo create_list(array($my_profile->job_title, $my_profile->job_role, $my_profile->job_description), " | ");
?>
</h2>
<div id="frases">
<?php
$result = mysqli_query($con, "SELECT phrase FROM profile_phrases WHERE pid = " . $my_profile->id);
while ($row = mysqli_fetch_array($result)) {
echo "<p>" . $row['phrase'] . "</p>";
}
?>
</div>
</header>
<?php
echo $my_profile->print_blocks("body");
?>
</div>
$sql = "UPDATE " . TMPINTER . " SET date = '" . $date . "' , am = '" . $am . "' , pm = '" . $pm . "' , intervenantid = '" . $lstagent . "',evtidam = '" . $evtam . "',evtidpm = '" . $evtpm . "' WHERE idtmpintervention='" . $id . "'";
if (!$db->query($sql)) {
message(ERROR, 'Impossible de mettre à jour la base de données', __FILE__, __LINE__, $sql);
}
$meta = '<meta http-equiv="Refresh" content="2;url=' . $_SERVER["PHP_SELF"] . '">';
$message = 'Evénement planning modifié avec succès';
$message .= '<br /><br />' . sprintf($lang['update']['retour'], '<a href="' . $_SERVER["PHP_SELF"] . '">', '</a>');
message(INFO, $message);
}
include $header;
//mode affichage du formulaire
$template->set_filenames(array('body' => 'insert_pla_body.tpl'));
// Sélection de l'enregistrement
$sql = "SELECT * FROM " . TMPINTER . "," . EVENT . "," . AGENT . " WHERE " . AGENT . ".idintervenant = " . TMPINTER . ".intervenantid AND " . EVENT . ".idevenement = " . TMPINTER . ".evenementid AND idtmpintervention = '" . $id . "' ";
if (!($result = $db->query($sql))) {
message(ERROR, 'Impossible de selectionner les dates d\'interventions', __FILE__, __LINE__, $sql);
}
if ($db->num_rows($result)) {
$row = $db->fetch_array($result);
//selection des categories
$check = $row['am'] == '1' && $row['pm'] == '0' ? 'checked' : '';
$nockeck = $row['pm'] == '1' && $row['am'] == '0' ? 'checked' : '';
$nockeck2 = $row['pm'] == '1' && $row['am'] == '1' ? 'checked' : '';
$template->assign_vars(array('L_ENTETE' => 'Modifier un événement planning', 'L_EXPLAIN' => 'Tous les champs suivis d\'une étoile sont obligatoires', 'L_AJOUT' => $lang['Button']['update'], 'L_RESET' => $lang['Button']['reset2'], 'L_DATE' => $lang['insert']['date2'], 'L_AMPM' => $lang['insert']['ampm'], 'L_AGENT' => $lang['insert']['agent'], 'L_EVENT' => $lang['insert']['event'], 'LSTAGENT' => create_list("lstagent", AGENT, 'idintervenant', 'nom', 'prenom', $row['intervenantid'], 'code'), 'LSTEVENT' => create_list("lstevent", EVENT, 'idevenement', 'libevent', '', $row['evenementid'], 'libevent'), 'DATE' => make_date($row['date'], 'date'), 'TRAITCHECK' => $check, 'TRAITNOCHECK' => $nockeck, 'TRAITNOCHECK2' => $nockeck2, 'F_ACTION' => $_SERVER["PHP_SELF"] . '?mode=update&id=' . $id, 'F_ENCTYPE' => 'enctype="multipart/form-data"'));
}
break;
}
$template->pparse('body');
include $footer;
$db->free_result();
$db->close_connexion();
public function commit()
{
require_once 'emails.inc.php';
if ($this->asso == 'alias') {
foreach ($this->members as $member) {
add_to_list_alias($member, $this->liste, $this->domain);
}
} else {
$members = User::getBulkForlifeEmails($this->members, true, array('ListsModule', 'no_login_callback'));
$owners = User::getBulkForlifeEmails($this->owners, true, array('ListsModule', 'no_login_callback'));
// Make sure we send a list (array_values) of unique (array_unique)
// emails.
$owners = array_values(array_unique($owners));
$members = array_values(array_unique($members));
$success = MailingList::create($this->liste, $this->domain, S::user(), $this->desc, $this->advertise, $this->modlevel, $this->inslevel, $owners, $members);
if ($success) {
create_list($this->liste, $this->domain);
}
return $success;
}
}
function findUserInstances($user_id, $db)
{
$regexp = $GLOBALS['regexp'];
#start with finding projects where user is allowed;
$user_classes = findUserClasses($user_id, $db);
$classlist = create_list($user_classes);
#$sql = "select distinct(resource_id) as resource_id from s3db_resource where resource_class_id ".$regexp." '".$classlist;
$sql = "select distinct(resource_id) as resource_id from s3db_resource where (resource_class_id " . $regexp . " '" . $classlist . "' or resource_id in (select id from s3db_permission where shared_with regexp 'U" . $user_id . "\$' and uid regexp '^I' and permission_level regexp '^(1|2)'))";
#echo $sql;
$db->query($sql, __LINE__, __FILE__);
while ($db->next_record()) {
$instances[] = $db->f('resource_id');
}
return $instances;
}
function CORElist($C)
{
#function CORElist lists all the resources in the element downstream of the "uid" in the s3core structure. For example, if element == rules, then s3list will list all the rules on a given project_id, provided project_id is specified. If element is statements, then s3list wil be expecting rule_id and resource_id or just one of them
#Syntax CORElist(compact($child, array('rule_id'=>$rule_id, 'item_id'=>$item_id), $db)); where child is the name of the elements to retrieve; parante_ids is an array where the type of id is specified in the key
$regexp = $GLOBALS['regexp'];
$dbstruct = $GLOBALS['dbstruct'];
$messages = $GLOBALS['messages'];
extract($C);
extract($parent_ids);
$from = $child;
if (!$from) {
$from = 'projects';
}
if (!$select) {
$select = '*';
}
$equality = '=';
#by default, equality on query end be this, unless specified that equality should be a regular expression
#Error messages
$syntax_message = "Please provide all the necessary fields. For syntax instructions refer to <a href='http://www.s3db.org/documentation.html'>S3DB Documentation</a>";
$success = '<error>0</error><message>' . $from . ' ' . $action . 'ed ' . $element_id . '</message>';
$not_a_query = '<error>1</error><message>' . $from . ' is not a valid S3element. Valid elements: groups, users, keys, projects, rules, statements, collections, items, rulelog";</message>';
$something_went_wrong = '<error>2</error><message>Failed to ' . $action . ' ' . $from . '</message>';
$something_missing = '<error>3</error><message>' . $syntax_message . '</message>';
$repeating_action = '<error>4</error>';
$no_permission_message = '<error>5</error>';
$something_does_not_exist = '<error>5</error>';
$wrong_query_for_purpose = '<error>6</error>';
$wrong_input = '<error>7</error>';
$no_output = '<error>8</error>';
#alternative IDs that can be used for the query
$alt = array('keys' => array('key_id'), 'rulelog' => array('rule_id'), 'users' => array('group_id', 'project_id'), 'groups' => array('user_id'), 'projects' => array('user_id'), 'collections' => array('project_id', 'rule_id'), 'rules' => array('project_id', 'collection_id', 'subject_id', 'object_id'), 'items' => array('collection_id', 'project_id'), 'statements' => array('rule_id', 'item_id', 'collection_id', 'project_id'), 'files' => array('statement_id', 'rule_id', 'item_id', 'project_id'));
#if from is not one of these elements, sent the user back, query is invalid!
if (!in_array($from, array_keys($alt))) {
#check if user is inputing a sigular of one of the alt plurals
$plurals = array_keys($alt);
$singulars = array('key', 'rulelog', 'user', 'group', 'project', 'collection', 'rule', 'item', 'statement', 'file');
$from = str_replace($singulars, $plurals, $from);
$cols = $dbstruct[$from];
#if still not in array, definitelly exit;
if (!in_array($from, array_keys($alt))) {
return $not_a_query;
}
}
#now replace on "where" the correct s3db names
$s3map = array('users' => array('user_id' => 'account_id', 'login' => 'account_lid', 'password' => 'account_pwd', 'username' => 'account_uname', 'email' => 'account_email', 'phone' => 'account_phone', 'address' => 'addr1', 'address2' => 'addr2', 'city' => 'city', 'state' => 'state', 'postal_code' => 'postal_code', 'country' => 'country'), 'groups' => array('group_id' => 'account_id', 'groupname' => 'account_lid'), 'keys' => array(), 'accesslog' => array('account_lid' => 'login_id', 'time' => 'login_timestamp'), 'projects' => array(), 'project' => array(), 'items' => array('collection_id' => 'resource_class_id', 'item_id' => 'resource_id'), 'item' => array('collection_id' => 'resource_class_id', 'item_id' => 'resource_id'), 'collections' => array('collection_id' => 'resource_id'), 'collection' => array('collection_id' => 'resource_id'), 'rules' => array(), 'rule' => array(), 'statements' => array('item_id' => 'resource_id'), 'statement' => array('item_id' => 'resource_id'), 'files' => array());
foreach ($alt[$from] as $s3id) {
$s3dbId = $s3map[$from][$s3id];
if ($s3dbId == '') {
$s3dbId = $s3id;
}
if ($parent_ids[$s3id] != '') {
#does it exist? What sort of resource is this? Type of id should be identified in the first letter (collection_id is C, rule_id is R...)
$CRISP = strtoupper(substr($s3id, 0, 1));
$id = $CRISP . $parent_ids[$s3id];
$info[$parent_ids[$s3id]] = s3info(str_replace('_id', '', $s3id), $parent_ids[$s3id], $db);
if (!is_array($info)) {
return $something_does_not_exist . '<message>' . $s3id . ' ' . $parent_ids[$s3id] . ' does not exist</message>';
}
#does user have permission on this/these resources?
$query_end .= " and " . $s3dbId . " " . $equality . " '" . $parent_ids[$s3id] . "'";
}
}
$toreplace = array_keys($s3map[$from]);
$replacements = array_values($s3map[$from]);
$s3ql['select'] = str_replace($toreplace, $replacements, $query_end);
#all queries will run AS IF ADMIN WAS RUNNING THEM
switch ($from) {
case 'keys':
$table = 'access_keys';
$required = "expires > '" . date('Y-m-d') . "'";
if ($user_id != '1') {
$required .= " and (account_id = '" . $user_id . "')";
}
break;
case 'rulelog':
$table = 'rule_change_log';
$required = "rule_id !=''";
break;
case 'users':
#expecting group_id or project_id
#remove password from query fields
$table = 'account';
$required = "account_type = 'u' and account_status = 'A'";
break;
case 'groups':
$table = 'account';
$required = "account_type = 'g' and account_status = 'A'";
break;
case 'projects':
$table = 'project';
$required = "project_status = 'A'";
#if user is not admin, retrict this query to the projects user can view by extending queryend
if ($user_id != '1') {
$required .= " and (project_owner = '" . $user_id . "' or project_id in (select acl_project_id from s3db_project_acl where acl_account = '" . $user_id . "' and acl_rights!='0'))";
}
break;
case 'collections':
#$table = 'resource';
$table = 'resource, s3db_rule';
$required = "iid = '0' and s3db_rule.status = 'A'";
$select = str_replace('project_id', 's3db_rule.project_id', $select);
$select = str_replace('notes', 's3db_resource.notes', $select);
if ($parent_ids['project_id'] != '') {
$query_end = str_replace("and project_id = '" . $project_id . "'", "and (entity = subject and verb = 'has UID' and object = 'UID' and s3db_resource.project_id = s3db_rule.project_id and (s3db_rule.project_id = '" . $project_id . "' or s3db_rule.permission " . $regexp . " '(_|^)" . $project_id . "_'))", $query_end);
}
#restrict the query to the rules where user is allowed
$query_end = str_replace("and project_id " . $regexp . " '" . $user_project_list . "'", "and subject = entity and object = 'UID' and s3db_rule.project_id = s3db_resource.project_id and (s3db_rule.project_id " . $regexp . " '" . $user_project_list . "' or s3db_rule.permission " . $regexp . " '" . $user_permission_list . "')", $query_end);
break;
case 'items':
$table = 'resource';
$required = "iid = '1' and status = 'A'";
#to avoid having to call s3list again, created this function that simulates finding user collections
$classes = findUserClasses($user_id, $db);
if (!is_array($classes)) {
return $no_output . '<message>User does not have permission in any collections</message>';
}
$classes_list = create_class_id_list($classes);
$query_end = str_replace("and project_id " . $regexp . " '" . $user_project_list . "'", "and resource_class_id " . $regexp . " '" . $classes_list . "'", $query_end);
break;
case 'rules':
$table = 'rule';
$required = "status ='A'";
if ($parent_ids['project_id'] != '') {
$query_end = str_replace("and project_id = '" . $project_id . "'", "and (project_id " . $regexp . " '^" . $project_id . "\$' or permission " . $regexp . " '(_|^)" . $project_id . "_')", $query_end);
if ($parent_ids['collection_id'] != '') {
$class_info = s3info('collection', $parent_ids['collection_id'], $db);
$query_end = str_replace("and collection_id = '" . $parent_ids['collection_id'] . "'", "and (subject_id = '" . $parent_ids['collection_id'] . "' or object_id = '" . $parent_ids['collection_id'] . "')", $query_end);
}
} elseif ($parent_ids['collection_id'] != '') {
#no project_id but w/ collection_id. If no project_id is indicated, it will have to find the correct subjects (which can be repeated if queried on several projects)
$class_info = s3info('collection', $parent_ids['collection_id'], $db);
#$query_end = str_replace("and collection_id = '".$parent_ids['collection_id']."'", "and (subject_id = '".$parent_ids['collection_id']."' or (subject = '".$class_info['entity']."' and project_id = '".$class_info['project_id']."'))",$query_end); #all that don't belong to this project will have to be queried by collection_id.
$query_end = str_replace("and collection_id = '" . $parent_ids['collection_id'] . "'", "and (subject_id = '" . $parent_ids['collection_id'] . "' or object_id = '" . $parent_ids['collection_id'] . "')", $query_end);
} else {
$query_end = str_replace("and project_id " . $regexp . " '" . $user_project_list . "'", " and (project_id " . $regexp . " '" . $user_project_list . "' or permission " . $regexp . " '" . $user_permission_list . "')", $query_end);
}
break;
case 'statements':
$table = 'statement';
$required = "status = 'A'";
if ($parent_ids['collection_id'] != '') {
#find all the statements in items that belong to this collection.
$instance_ids = findClassInstances($parent_ids['collection_id'], $db);
$rule_ids = findClassRules($parent_ids['collection_id'], $db);
#these would be all the rules that use the collection as either subject or object
$instance_list = create_list($instance_ids);
$rule_list = create_list($rule_ids);
if (is_array($instance_ids) && is_array($rule_ids)) {
$query_end = str_replace("and collection_id = '" . $parent_ids['collection_id'] . "'", "and (resource_id " . $regexp . " '" . $instance_list . "' or rule_id " . $regexp . " '" . $rule_list . "')", $query_end);
} elseif (is_array($instance_ids) && !is_array($rule_ids)) {
$query_end = str_replace("and collection_id = '" . $parent_ids['collection_id'] . "'", "and (resource_id " . $regexp . " '" . $instance_list . "')", $query_end);
} elseif (!is_array($instance_ids) && is_array($rule_ids)) {
$query_end = str_replace("and collection_id = '" . $parent_ids['collection_id'] . "'", "and (rule_id " . $regexp . " '" . $rule_list . "')", $query_end);
}
}
break;
}
#POSSIBLY MOVE THIS PART TO A SEPARATE FUNCTION!!
$sql = "select " . $select . " from s3db_" . $table . " where " . $required . " " . $query_end . $order_by;
#echo $sql.'<br>';
#exit;
$db->query($sql, __LINE__, __FILE__);
$cols = $dbstruct[$from];
while ($db->next_record()) {
$resultStr .= "\$data[] = Array(";
if ($extracol != '') {
$resultStr .= "'" . $extracol . "'=>'" . $db->f($SQLfun) . "',";
}
foreach ($cols as $col) {
$resultStr .= "'" . $col . "'=>'" . addslashes($db->f($col)) . "'";
if ($col != end($cols)) {
$resultStr .= ",";
}
}
$resultStr .= ");";
}
#evaluate the long string
eval($resultStr);
#echo '<pre>';print_r($data);
if (is_array($data)) {
if (!$nomap) {
#include stuff relevant for each element
foreach ($data as $element_info) {
#$element_info['dataAcl'] = instanceAcl(array('instance_info'=>$element_info, 'user_id'=>$user_id, 'db'=>$db));
$data1[] = include_all(array('elements' => $from, 'element_info' => $element_info, 'user_id' => $user_id, 'db' => $db));
}
$data = $data1;
}
} else {
$data = $no_output . '<message>Your query returned no results</message>';
}
#echo '<pre>';print_r($data);
return $data;
}
function handler_create($page)
{
if (!$this->get_lists_domain()) {
return PL_NOT_FOUND;
}
$page->changeTpl('xnetlists/create.tpl');
if (!Post::has('submit')) {
return;
} else {
S::assert_xsrf_token();
}
if (!Post::has('liste') || !Post::t('liste')) {
$page->trigError('Le champs « adresse souhaitée » est vide.');
return;
}
$list = strtolower(Post::t('liste'));
if (!preg_match("/^[a-zA-Z0-9\\-]*\$/", $list)) {
$page->trigError('le nom de la liste ne doit contenir que des lettres non accentuées, chiffres et tirets');
return;
}
require_once 'emails.inc.php';
if (list_exist($list, $this->get_lists_domain())) {
$page->trigError('Cet alias est déjà pris.');
return;
}
if (!Post::t('desc')) {
$page->trigError('Le sujet est vide.');
return;
}
$mlist = $this->prepare_list($list);
$success = MailingList::create($mlist->mbox, $mlist->domain, S::user(), Post::t('desc'), Post::t('advertise'), Post::t('modlevel'), Post::t('inslevel'), array(S::user()->forlifeEmail()), array(S::user()->forlifeEmail()));
if (!$success) {
$page->kill("Un problème est survenu, contacter " . "<a href='mailto:support@m4x.org'>support@m4x.org</a>");
return;
}
create_list($mlist->mbox, $mlist->domain);
global $globals;
XDB::execute("UPDATE groups\n SET flags = CONCAT_WS(',', IF(flags = '', NULL, flags), 'has_ml')\n WHERE id = {?}", $globals->asso('id'));
pl_redirect('lists/admin/' . $list);
}
