/** * @function removeEvent * Returns interface for removing an event */ public function removeEvent() { $explodedpath = explode("/", current_path()); $event_id = $this->clearContent($explodedpath[1]); if (!user_is_logged_in() || !$this->event->isAuthorized($event_id, $this->user_id)) { drupal_access_denied(); drupal_exit(); } if (isset($_POST['submit'])) { $this->event->removeEvent($event_id); if (session_status() == PHP_SESSION_NONE) { session_start(); } drupal_set_message(t('Das Event wurde gelöscht.')); header("Location: " . $base_url . "/events"); // Und "Tschö mit ö..."! } else { $pathThisFile = $_SERVER['REQUEST_URI']; return '<div class="callout row"> <h4><strong>' . t('Möchten Sie dieses Event wirklich löschen?') . '</strong></h4><br /> <form action=' . $pathThisFile . ' method="POST" enctype="multipart/form-data"> <input name="event_id" type="hidden" id="eventEIDInput" value="' . $event_id . '" /> <a class="secondary button" href="javascript:history.go(-1)">Abbrechen</a> <input type="submit" class="button" id="eventSubmit" name="submit" value="Löschen"> </form></div>'; } }
/** * Routing behaviour * @returns $profileHTML; */ public function run() { if (isset($_POST['submit'])) { if ($this->target == 'update') { if (!$this->isAuthorized($this->akteur_id)) { drupal_access_denied(); drupal_exit(); } $this->akteurUpdaten(); } else { $this->akteurSpeichern(); } } else { // Load input-values via akteure-model if ($this->target == 'update') { if (!$this->isAuthorized($this->akteur_id)) { drupal_access_denied(); drupal_exit(); } else { # formerly: $this->akteurGetFields(); $this->__setSingleAkteurVars(reset($this->getAkteure(array('AID' => $this->akteur_id), 'complete'))); if (module_exists('aggregator')) { $this->rssFeed = aggregator_feed_load('aae-feed-' . $this->akteur_id); } } } } return $this->akteurDisplay(); }
/** * Page callback for forcing a file to download */ function mymodule_download_file($file) { if ($file) { $headers = array('Content-Type' => 'application/octet-stream', 'Content-Disposition' => 'attachment; filename="' . $file->filename . '"', 'Content-Length' => $file->filesize); file_transfer($file->uri, $headers); } else { return drupal_access_denied(); } }
function define_workspace($workflow_id) { global $user; if ($workflow_id == "0" || empty($workflow_id)) { return drupal_access_denied(); } if (Workflow_Users::doesWorkflowHaveUserName($workflow_id, $user->name) && Workflow_Permission::doesWorkflowHavePermission($workflow_id, "canAnalyzeSpecimen")) { $apiary_session_base = $user->name . '_' . $workflow_id . '_'; if (empty($_SESSION['apiary_session_id'])) { $_SESSION['apiary_session_id'] = $apiary_session_base . date("Ymdhis"); } echo get_workspace_mark_up($workflow_id); } else { echo "It seems you do not have permission to access this workflow. Please contact administrator for further instructions."; } }
function __construct($action) { parent::__construct(); global $user; if (!array_intersect(array('administrator', 'festival'), $user->roles)) { drupal_access_denied(); drupal_exit(); } else { # if update -> needs to be admin or global admin } if ($action == 'update') { $this->target = 'update'; } $explodedpath = explode('/', current_path()); $this->festival_id = $this->clearContent($explodedpath[1]); }
function action_begin() { $transaction = TransactionSession::getFromSession(); if (!$transaction) { drupal_access_denied(); } // If there are no root entities, throw an error. $root_entities = $transaction->getRootEntities(); if (count($root_entities) <= 0) { drupal_access_denied(); } // Launch a batch session to get all the dependencies of the root entities. $queue = new \Drupal\publisher\Batch\BeginOperationQueue(); foreach ($root_entities as $root_entity) { $queue->addOperation(new \Drupal\publisher\Batch\BeginOperation(), $root_entity['entity'], $transaction->getRemote(), $root_entity['options']); } $queue->start(); // We'll need to call batch_process because we're not in the context of a // form's submit handler. batch_process('publisher/feedback'); }
function __construct($action = false) { parent::__construct(); $explodedpath = explode('/', current_path()); $this->event_id = $this->clearContent($explodedpath[1]); $this->event = new events(); $this->tagsHelper = new tags(); $this->adressHelper = new adressen(); // Sollen die Werte im Anschluss gespeichert oder geupdatet werden? if ($action == 'update') { $this->target = 'update'; if (!user_is_logged_in() || !$this->event->isAuthorized($this->event_id, $this->user_id)) { drupal_access_denied(); drupal_exit(); } } else { if (!user_is_logged_in()) { drupal_access_denied(); drupal_exit(); } } }
/** * @function removeAkteur() * Removes an Akteur from DB * TODO: t()!!! */ public function removeAkteur() { if (!user_is_logged_in() || !$this->isAuthorized($this->akteur_id)) { drupal_access_denied(); drupal_exit(); } if (isset($_POST['submit'])) { $this->__removeAkteur($this->akteur_id); if (session_status() == PHP_SESSION_NONE) { session_start(); } drupal_set_message(t('Der Akteur wurde gelöscht.')); header('Location: ' . $base_url . '/akteure'); } else { $pathThisFile = $_SERVER['REQUEST_URI']; return '<div class="callout row"> <h3>Möchten Sie den Akteur wirklich löschen?</h3><br /> <form action="#" method="POST" enctype="multipart/form-data"> <a class="secondary button" href="javascript:history.go(-1)">Abbrechen</a> <input type="submit" class="button" id="akteurSubmit" name="submit" value="Löschen"> </form> </div>'; } }
<?php // $Id: index.php,v 1.82.4.1 2006/10/18 20:14:08 killes Exp $ /** * @file * The PHP page that serves all page requests on a Drupal installation. * * The routines here dispatch control to the appropriate handler, which then * prints the appropriate page. */ include_once 'includes/bootstrap.inc'; drupal_page_header(); include_once 'includes/common.inc'; fix_gpc_magic(); /* Disabled by AstBill Team - Uvaraj Not compatible med AstBill. Fix to come soon.*/ //drupal_check_token(); $status = menu_execute_active_handler(); switch ($status) { case MENU_NOT_FOUND: drupal_not_found(); break; case MENU_ACCESS_DENIED: drupal_access_denied(); break; } drupal_page_footer();
function permissionDenied() { drupal_access_denied(); }
/** * @function removeEvent() * TODO: Kann raus? Muss überarbeitet werden! */ public function removeEventChildren($eid) { $eid = $this->clearContent($eid); if (!user_is_logged_in()) { drupal_access_denied(); } $parentEID = db_select($this->tbl_event, 'e')->fields('e', array('parent_EID'))->condition('EID', $eid)->execute()->fetchObject(); // Sicherheitsschutz, ob User entsprechende Rechte hat $resultAkteurEvent = db_select($this->tbl_akteur_events, 'e')->fields('e')->condition('EID', $parentEID->parent_EID)->execute()->fetchObject(); $akteur_id = $resultAkteurEvent->AID; // Prüfen ob Schreibrecht vorliegt: ob User zu dem Akteur gehört $resultUser = db_select($this->tbl_hat_user, 'u')->fields('u')->condition('hat_AID', $akteur_id)->condition('hat_UID', $this->user_id)->execute(); if (!$resultUser->rowCount()) { if (!array_intersect(array('administrator'), $user->roles)) { echo '0'; exit; } } db_delete($this->tbl_event)->condition('EID', $eid)->execute(); echo '1'; }
/** * Form callback. */ function entityqueue_subqueue_delete_form($form, &$form_state, $queue, $subqueue) { $handler = entityqueue_get_handler($queue); // If they can't delete this subqueue, return access denied. if (!$handler->canDeleteSubqueue($subqueue)) { drupal_set_message(t('The %queue: %subqueue subqueue cannot be deleted.', array('%queue' => $queue->label, '%subqueue' => $subqueue->label)), 'warning'); drupal_access_denied(); drupal_exit(); } $form['#queue'] = $queue; $form['#subqueue'] = $subqueue; $form['subqueue_id'] = array('#type' => 'value', '#value' => $subqueue->subqueue_id); return confirm_form($form, t('Are you sure you want to delete %queue: %subqueue?', array('%queue' => $queue->label, '%subqueue' => $subqueue->label)), 'admin/structure/entityqueue/list/' . $queue->name . '/subqueues', NULL, t('Delete')); }
function bootstrap_theme_dashboard_page($action = 'create-contribute', $uid = null) { global $user; //bootstrap_theme_set_page_title_class(''); bootstrap_theme_set_page_title_block('<div class="dashboard-search-form"></div>'); $output = ' <ul class="dashboard-tabs"> <li class="' . ($action == 'create-contribute' ? 'active' : '') . '"><a href="' . url('dashboard/create-contribute') . '">Contribute</a></li> <!--<li><a href="#">Create</a></li>--> <li class="' . ($action == 'contributions' ? 'active' : '') . '"><a href="' . url('dashboard/contributions') . '">Contributions</a></li> <li class="' . ($action == 'collections' ? 'active' : '') . '"><a href="' . url('dashboard/collections') . '">My Collections</a></li> <li class="' . ($action == 'all_collections' ? 'active' : '') . '"><a href="' . url('dashboard/all_collections') . '">All Collections</a></li>'; if (!in_array('administrator', $user->roles)) { $output .= '<li class="' . ($action == 'badges' ? 'active' : '') . '"><a href="' . url('dashboard/badges') . '">My Badges</a></li>'; } if (bootstrap_theme_is_editor()) { $output .= ' <li class="' . ($action == 'contributions-to-approve' ? 'active' : '') . '"><a href="' . url('dashboard/contributions-to-approve') . '">Contributions to Approve</a></li> <li class="' . ($action == 'contributors-to-approve' ? 'active' : '') . '"><a href="' . url('dashboard/contributors-to-approve') . '">Contributors to Approve</a></li> '; } $output .= ' </ul>'; switch ($action) { case 'create-contribute': $output .= '<div class="dashboard-tab-content">' . _bootstrap_theme_dashboard_create_contribute_form_tab_contents() . '</div>'; break; case 'create': $output .= '<div class="dashboard-tab-content">' . _bootstrap_theme_dashboard_create_contribute_form_tab_contents() . '</div>'; break; case 'contributions': $output .= '<div class="dashboard-tab-content">' . _bootstrap_theme_dashboard_contributions_form_tab_contents() . '</div>'; break; case 'collections': $output .= '<div class="dashboard-tab-content">' . _bootstrap_theme_dashboard_my_collections_tab_contents() . '</div>'; break; case 'badges': $output .= '<div class="dashboard-tab-content">' . _bootstrap_theme_dashboard_my_badges_tab_contents() . '</div>'; break; case 'all_collections': $output .= '<div class="dashboard-tab-content">' . _bootstrap_theme_dashboard_all_collections_tab_contents() . '</div>'; break; /*case 'groups': $output .= '<div class="dashboard-tab-content">'._bootstrap_theme_dashboard_create_contribute_form_tab_contents().'</div>'; break; case 'connect': $output .= '<div class="dashboard-tab-content">'._bootstrap_theme_dashboard_create_contribute_form_tab_contents().'</div>'; break; case 'calendar': $output .= '<div class="dashboard-tab-content">'._bootstrap_theme_dashboard_create_contribute_form_tab_contents().'</div>'; break;*/ /*case 'groups': $output .= '<div class="dashboard-tab-content">'._bootstrap_theme_dashboard_create_contribute_form_tab_contents().'</div>'; break; case 'connect': $output .= '<div class="dashboard-tab-content">'._bootstrap_theme_dashboard_create_contribute_form_tab_contents().'</div>'; break; case 'calendar': $output .= '<div class="dashboard-tab-content">'._bootstrap_theme_dashboard_create_contribute_form_tab_contents().'</div>'; break;*/ case 'become-contributor': if (!bootstrap_theme_is_contributor()) { $output .= '<div class="dashboard-tab-content">' . _bootstrap_theme_done_to_be_contributor($uid) . '</div>'; } else { $output .= '<div class="dashboard-tab-content">' . _bootstrap_theme_dashboard_create_contribute_form_tab_contents() . '</div>'; } break; case 'contributions-to-approve': if (!bootstrap_theme_is_editor()) { drupal_access_denied(); exit; } $output .= '<div class="dashboard-tab-content">' . _bootstrap_theme_dashboard_contributions_to_approve_contents() . '</div>'; break; case 'contributors-to-approve': if (!bootstrap_theme_is_editor()) { drupal_access_denied(); exit; } $output .= '<div class="dashboard-tab-content">' . _bootstrap_theme_dashboard_contributors_to_approve_contents() . '</div>'; break; default: $output .= '<div class="dashboard-tab-content">' . _bootstrap_theme_dashboard_create_contribute_form_tab_contents() . '</div>'; break; } $output .= ''; return $output; }
function bootstrap_theme_display_node_content($node) { global $user; //$flag = flag_get_flag('testflag'); //echo $flag->is_flagged($node->nid); if ($node->status == NODE_NOT_PUBLISHED) { drupal_access_denied(); exit; } $referer_url = $_SERVER['HTTP_REFERER']; $output = ''; $account = user_load($node->uid); $badge_uri = ''; $badge_img = ''; if (isset($node->field_cnob_assigned_badge[$node->language][0]['value'])) { $query = db_select('file_managed', 'fm'); $query = $query->fields('fm', array('filename', 'uri')); $query->leftJoin('field_data_field_badges_badge_image', 'fbbi', 'fbbi.field_badges_badge_image_fid=fm.fid'); $query->condition('fbbi.entity_id', $node->field_cnob_assigned_badge[$node->language][0]['value'], '='); $result = $query->execute(); foreach ($result as $data) { $badge_uri = $data->uri; $badge_img = $data->filename; } } if (trim($badge_uri) == '') { if (!in_array('administrator', $user->roles) && trim($node->type) == 'badges') { bootstrap_theme_set_page_title_block('<div class="buttons"><a href="../dashboard/badges" class="button">Return to Badges</a></div>'); } else { bootstrap_theme_set_page_title_block('<div class="buttons"><a href="' . (strpos($referer_url, '/search/site') > 0 ? $referer_url : $referer_url) . '" class="button">Return to Results</a></div>'); } } else { bootstrap_theme_set_page_title_block('<div style="padding:25px;float:left;"><img src="' . image_style_url('badge_thumb', $badge_uri) . '" alt="' . $badge_img . '"/></div><div class="buttons"><a href="' . (strpos($referer_url, '/search/site') > 0 ? $referer_url : $referer_url) . '" class="button">Return to Results</a></div>'); } if ($node->type == NODE_TYPE_CLAS_CONTRIBUTOR) { $change_collection_form = drupal_get_form('bootstrap_theme_change_collection_form', $node); bootstrap_theme_set_page_small_title('<span>Submitted by ' . format_username($account) . ' on ' . date('F j, Y - g:sa', $node->created) . '</span>'); bootstrap_theme_set_page_content_class('page-view-container node-view'); //bootstrap_theme_set_page_title_block('<div class="buttons"><a href="'.((strpos($referer_url, '/search/site') > 0)? $referer_url : "#").'" class="button">Return to Results</a></div>'); /*echo "<pre>"; print_r($node); echo "</pre>"; die;*/ $material_type = taxonomy_term_load($node->field_cnob_learning_object_type[$node->language][0]['tid'])->name; if (!empty($node->field_cno_associated_materials)) { $contributor_material = $node->field_cno_associated_materials[$node->language][0]; } else { $contributor_material = null; } $output .= '<div class="page-container">'; $output .= '<div class="node-view-left">'; //$output .= '<img src="'.file_create_url($badge_uri).'" alt="'.$badge_img.'" hwight="50" width="50"/>'; if ($material_type == 'Video') { /*$output .= '<div class="node-view-video">'; $output .= '<video controls="">'; $output .= '<source src="'.file_create_url($contributor_material['uri']).'" />'; $output .= '</video>'; $output .= '</div>';*/ //$videofile = file_load($node->field_cnob_learn_obj_res_video['und'][0]['fid']) $output .= '<div class="node-view-video">'; $video = array('#theme' => 'video_embed_field_embed_code', '#style' => 'normal', '#url' => $node->field_cnob_learn_obj_res_video['und'][0]['video_url']); $output .= drupal_render($video); $output .= '</div>'; } if ($material_type == 'Audio') { $fload = file_load($node->field_cnob_learn_obj_res_audio['und'][0]['fid']); $audiofile = file_create_url($fload->uri); $info = pathinfo($audiofile); $op = $info['extension']; $output .= '<div class="node-view-audio">'; $output .= audiofield_get_player($audiofile, $op); $output .= '</div>'; } $area_of_study = taxonomy_term_load($node->field_cnob_area_of_study[$node->language][0]['tid']); $output .= '<ul class="node-view-fields">'; $output .= '<li><strong>Category:</strong><span>' . taxonomy_term_load($node->field_cnob_category[$node->language][0]['tid'])->name . '</span></li>'; $output .= '<li><strong>User Type:</strong><span>' . $node->field_cnob_user_type[$node->language][0]['value'] . '</span></li>'; $output .= '<li><strong>Area of Study:</strong><span>' . (!empty($area_of_study) ? $area_of_study->name : '') . '</span></li>'; $output .= '<li><strong>Grade Level:</strong><span>' . taxonomy_term_load($node->field_cnob_grade_level[$node->language][0]['tid'])->name . '</span></li>'; $output .= '<li><strong>Relevant Standards:</strong><span>' . taxonomy_term_load($node->field_cnob_relevant_standards[$node->language][0]['tid'])->name . '</span></li>'; $output .= '<li><strong>Learning Object Type:</strong><span>' . $material_type . '</span></li>'; if ($material_type == 'Link') { $output .= '<li><strong>Learning Object Link:</strong><span><a href="' . $node->field_cnob_learn_obj_res_link[$node->language][0]['value'] . '" target="_blank">' . $node->field_cnob_learn_obj_res_link[$node->language][0]['value'] . '</a></span></li>'; } else { if ($material_type == 'Document') { $docload = file_load($node->field_cnob_learn_obj_res_doc['und'][0]['fid']); $output .= '<li><strong>Learning Object Document:</strong><span><a href="' . file_create_url($docload->uri) . '" target="_blank">' . $docload->filename . '</a></span></li>'; } } $output .= '</ul>'; $output .= '<div class="node-view-body">'; $output .= !empty($node->body[LANGUAGE_NONE]) ? $node->body[LANGUAGE_NONE][0]['value'] : ''; $output .= '</div>'; $output .= '<div class="node-view-tags">'; $output .= '<strong>Tags:</strong> ' . bootstrap_theme_render_html_tags($node->field_cnob_tags); $output .= '</div>'; $output .= '</div>'; if (user_is_logged_in()) { $output .= '<div class="node-view-right">'; $output .= '<div id="collection_ids_for_contribution">'; $output .= drupal_render($change_collection_form); $output .= '</div>'; $output .= '<div class="node-view-share">'; $output .= '<strong>Share</strong>'; $output .= '<a class="button" href="#share_with_member_modal" role="button" data-toggle="modal">Share with a member</a>'; $output .= '<div id="share_with_member_modal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="share_with_member_modal_label" aria-hidden="true">'; $output .= '<div class="modal-header">'; $output .= '<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>'; $output .= '<h3 id="share_with_member_modal_label">Share with a member</h3>'; $output .= '</div>'; $output .= '<div class="modal-body">'; $output .= _bootstrap_theme_share_with_member_form(null, null); $output .= '</div>'; $output .= '<div class="modal-footer">'; $output .= '<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>'; $output .= '<button class="btn btn-primary">Save changes</button>'; $output .= '</div>'; $output .= '</div>'; $output .= '<!-- AddThis Button BEGIN --> <div class="addthis_toolbox addthis_default_style addthis_32x32_style"> <a href="https://www.facebook.com/" class="addthis_button_facebook"></a> <a href="https://twitter.com/" class="addthis_button_twitter"></a> <a class="addthis_button_google_plusone_share"></a> <a href="https://www.linkedin.com/" class="addthis_button_linkedin"></a> </div> <script type="text/javascript">var addthis_config = {"data_track_addressbar":true};</script> <script type="text/javascript" src="//s7.addthis.com/js/300/addthis_widget.js#pubid=ra-4f0ac6263266f930"></script> <!-- AddThis Button END -->'; $output .= '</div>'; $output .= '</div>'; } $output .= '</div>'; $output .= '<div class="clear"></div>'; $output .= '</div>'; $output .= '<div class="page-title-bar small">'; $output .= '<div class="inner">'; $output .= '<div class="page-title">'; $output .= '<h3>Comments</h3>'; $output .= '<a id="comments" href="#" class="element-invisible">Comments</a>'; $output .= '</div>'; $output .= '</div>'; $output .= '</div>'; $output .= '<div class="page-container">'; $output .= _bootstrap_theme_comments_view($node); //$output .= '</div>'; } else { if ($node->type == NODE_TYPE_CLAS_COLLECTION) { $output = bootstrap_theme_collection_page($node->nid); } else { $output = node_page_view($node); } } return $output; }
function os_poker_pass_reset(&$form_state, $uid, $timestamp, $hashed_pass, $action = NULL) { global $user; // Check if the user is already logged in. The back button is often the culprit here. if ($user->uid) { drupal_set_message(t('You have already used this one-time login link. It is not necessary to use this link to login anymore. You are already logged in.')); drupal_goto(); } else { // Time out, in seconds, until login URL expires. 24 hours = 86400 seconds. $timeout = 86400; $current = time(); // Some redundant checks for extra security ? if ($timestamp < $current && ($account = user_load(array('uid' => $uid, 'status' => 1)))) { // Deny one-time login to blocked accounts. if (drupal_is_denied('user', $account->name) || drupal_is_denied('mail', $account->mail)) { drupal_set_message(t('You have tried to use a one-time login for an account which has been blocked.'), 'error'); drupal_goto(); } // No time out for first time login. if ($account->login && $current - $timestamp > $timeout) { drupal_set_message(t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.')); drupal_goto('poker/forgot-password'); } else { if ($account->uid && $timestamp > $account->login && $timestamp < $current && $hashed_pass == user_pass_rehash($account->pass, $timestamp, $account->login)) { // First stage is a confirmation form, then login if ($action == 'login') { watchdog('user', 'User %name used one-time login link at time %timestamp.', array('%name' => $account->name, '%timestamp' => $timestamp)); // Set the new user. $user = $account; // user_authenticate_finalize() also updates the login timestamp of the // user, which invalidates further use of the one-time login link. user_authenticate_finalize($form_state['values']); drupal_set_message(t('You have just used your one-time login link. It is no longer necessary to use this link to login. !settings-page.', array('!settings-page' => l('Please change your password', 'poker/profile/settings', array('attributes' => array('onclick' => "(function(a){var url = a.href; tb_remove();setTimeout(function(){tb_show('',url, false)},201);})(this);return false;"), 'query' => array('height' => 442, 'width' => 603, 'TB_iframe' => 'true')))))); // drupal_goto('poker/profile/settings/'. $user->uid); drupal_goto('<front>'); } else { $form['message'] = array('#value' => t('<p>This is a one-time login for %user_name and will expire on %expiration_date.</p><p>Click on this button to login to the site and change your password.</p>', array('%user_name' => $account->name, '%expiration_date' => format_date($timestamp + $timeout)))); $form['help'] = array('#value' => '<p>' . t('This login can be used only once.') . '</p>'); $form['submit'] = array('#type' => 'submit', '#value' => t('Log in')); $form['#action'] = url("user/reset/{$uid}/{$timestamp}/{$hashed_pass}/login"); return $form; } } else { drupal_set_message(t('You have tried to use a one-time login link which has either been used or is no longer valid. Please request a new one using the form below.')); drupal_goto('poker/forgot-password'); } } } else { // Deny access, no more clues. // Everything will be in the watchdog's URL for the administrator to check. drupal_access_denied(); } } }