/**
* @return array von Userinformationen
* @param $id integer id des Users
* @param $password = "" Passwort des users in md5, (optional)
* @desc Liefert Userinformationen anhand von id und passwort
*/
function getUserByID($id, $password = "")
{
Assert::isId($id);
if ($password) {
$user = selectsqlLine("select u.*,ga.aid,a.name,a.tag,\n\t\t\t\t g.name as groupname, g.descr as groupdescr,g.usertitle\n\t\t\t\t\tfrom user u\n\t\t\t\t left join groups g using(gid)\n left join galaxy ga on(ga.gala = u.gala)\n left join alliance a on(a.aid = ga.aid)\n\t\t\t\t\twhere u.uid = {$id} and u.password = '******'\n\t\t\t\t\t\t\t");
} else {
$user = selectsqlLine("select u.*,ga.aid,a.name,a.tag,\n\t\t\t\t\tg.name as groupname, g.descr as groupdescr,g.usertitle\n from user u\n\t\t\t\t\tleft join groups g using(gid)\n left join galaxy ga on(ga.gala = u.gala)\n left join alliance a on(a.aid = ga.aid)\n\t\t\t\t\t\t\t\twhere u.uid = {$id}\n\t\t\t\t\t\t\t");
}
if (is_numeric($user['gid']) && (int) $user['gid'] > 0) {
getUserRights($user['gid'], &$user);
}
return $user;
}
<?php
session_start();
include 'utils.php';
if (empty($_SESSION['session_name'])) {
ajaxLoginRedirect();
} else {
include '../../connectionString.php';
try {
//open connection
$dbconn = pg_connect($connectionString) or die('Could not connect: ' . pg_last_error());
// Get user rights from database
$userRights = getUserRights($dbconn, $_SESSION["user_id"]);
$_SESSION["canAddNewSearch"] = $userRights["canAddNewSearch"];
$canSeeAll = $userRights["canSeeAll"];
if (!$userRights["canAddNewSearch"]) {
ajaxLoginRedirect();
} else {
$possibleValues = array();
$getFieldValues = array("enzymes" => array("q" => "SELECT id, name from enzyme ORDER by name"), "ions" => array("q" => "SELECT id, name from ion ORDER by name"), "xlinkers" => array("q" => "SELECT id, name from crosslinker ORDER by name"), "losses" => array("q" => "SELECT id, name from loss ORDER by name"), "modifications" => array("q" => "SELECT id, name from modification ORDER by name"), "previousAcqui" => $canSeeAll ? array("q" => "SELECT acquisition.id, name AS Name, to_char(upload_date, 'YYYY-MM-DD HH24:MI') AS Date, users.user_name AS User FROM acquisition JOIN users ON (acquisition.uploadedby = users.id) ORDER BY acquisition.id DESC") : array("q" => "SELECT acquisition.id, name AS Name, to_char(upload_date, 'YYYY-MM-DD HH24:MI') AS Date, users.user_name AS User FROM acquisition JOIN users ON (users.id = \$1 AND acquisition.uploadedby = users.id) ORDER BY acquisition.id DESC", "params" => [$_SESSION["user_id"]]), "previousSeq" => $canSeeAll ? array("q" => "SELECT sequence_file.id, name AS Name, to_char(upload_date, 'YYYY-MM-DD HH24:MI') AS Date, users.user_name AS User, file_name as file FROM sequence_file JOIN users ON (sequence_file.uploadedby = users.id) ORDER BY upload_date DESC") : array("q" => "SELECT sequence_file.id, name AS Name, to_char(upload_date, 'YYYY-MM-DD HH24:MI') AS Date, users.user_name AS User, file_name as file FROM sequence_file JOIN users ON (users.id = \$1 AND sequence_file.uploadedby = users.id) ORDER BY upload_date DESC", "params" => [$_SESSION["user_id"]]), "filenames" => array("q" => "SELECT acq_id, name FROM run ORDER by acq_id DESC"));
foreach ($getFieldValues as $key => $value) {
$query = $value["q"];
$params = isset($value["params"]) ? $value["params"] : array();
pg_prepare($dbconn, $key, $query);
$result = pg_execute($dbconn, $key, $params);
$possibleValues[$key] = resultsAsArray($result);
}
// Get basedir for file uploads
$query = "SELECT setting FROM base_setting WHERE name='base_directory_path';";
$baseDir = pg_fetch_row(pg_query($query))[0];
// Store this server side 'cos we don't need it client side
function isSuperUser($dbconn, $userID)
{
$rights = getUserRights($dbconn, $userID);
return $rights["isSuperUser"];
}
<?php
/*
* Created on 20.09.2005
*
* author: coster
*/
include_once $root . "/include/benutzerFunctions.inc.php";
include_once $root . "/include/mietobjektFunctions.inc.php";
include_once $root . "/include/sessionFunctions.inc.php";
$benutzer_id = getSessionWert(BENUTZER_ID);
$benutzerrechte = getUserRights($benutzer_id);
$anzahlVorhandenerMietobjekte = getAnzahlVorhandeneMietobjekte($vermieter_id);
?>
<table cellpadding="3" cellspacing="0" border="0" class="<?php
echo TABLE_STANDARD;
?>
">
<tr>
<?php
//prüfen ob benutzer das recht hat den folgenden link auszuführen:
if ($benutzerrechte >= 1 && $anzahlVorhandenerMietobjekte > 0) {
?>
<form action="<?php
echo $root;
?>
/webinterface/reservierung/index.php" method="post" name="resEingebenAendern" target="_self">
<tr><td><input name="resEingebenAendern" type="submit" class="<?php
echo BUTTON;
?>
" onMouseOver="this.className='<?php
//Treat error
//("Erreur de connexion : " . $error->getMessage() );
//header('location:errorPage.php');
die($error->getMessage());
}
$query = $cnx->prepare($sql);
//Prepare the SQL
$query->execute();
//Execute prepared SQL => $query
$_SESSION['GL_USER'] = array();
//Session Variable for User
if ($query->rowCount()) {
$row = $query->fetch(PDO::FETCH_ASSOC);
//Fetch data
$exercice = getLastExercice();
$droit = getUserRights($row['IDPROFIL']);
//Session
$_SESSION['GL_USER']['NAME'] = trim($row['PERS_PRENOMS'] . ' ' . $row['PERS_NOM']);
$_SESSION['GL_USER']['LOGIN'] = $row['LOGIN'];
$_SESSION['GL_USER']['MLLE'] = $row['NUM_MLLE'];
$_SESSION['GL_USER']['DTLOG'] = date('d-m-Y H:i:s');
$_SESSION['GL_USER']['EXERCICE'] = $exercice['EXERCICE'];
$_SESSION['GL_USER']['DEBUT_EXERCICE'] = frFormat2($exercice['DEBUT_EXERCICE']);
$_SESSION['GL_USER']['FIN_EXERCICE'] = frFormat2($exercice['FIN_EXERCICE']);
$_SESSION['GL_USER']['EX_LIBELLE'] = $exercice['EX_LIBELLE'];
$_SESSION['GL_USER']['STATUT_EXERCICE'] = $exercice['STATUT_EXERCICE'];
$_SESSION['GL_USER']['GROUPE'] = $row['IDPROFIL'];
$_SESSION['GL_USER']['SESSIONID'] = session_id();
$_SESSION['GL_USER']['JOUR'] = '';
//$mag = preg_split('/ /',getUsermagasin($row['LOGIN']));
$_SESSION['GL_USER']['MAGASIN'] = '';
include_once $root . "/templates/stylesheetsIE9.php";
?>
</style>
<?php
include_once "../templates/headerB.php";
?>
<script language="JavaScript" type="text/javascript" src="./benutzerDaten.php">
</script>
<?php
include_once "../templates/bodyA.php";
//passwortprüfung:
if (checkPass($benutzername, $passwort, $unterkunft_id, $link)) {
//daten des ausgewählten benutzers auslesen:
$name = getUserName($id, $link);
$pass = getPassword($id, $link);
$rechte = getUserRights($id, $link);
$testuser = "******";
if ($name == "test") {
$testuser = "******";
}
?>
</head>
<body>
<h2><?php
echo getUebersetzung("Benutzer bearbeiten", $sprache, $link);
?>
</h2>
<div class="panel panel-default">
<div class="panel-body">
//Set the filter page session variable
$_SESSION['filter_page'] = isset($_SESSION['filter_page']) ? $_SESSION['filter_page'] : "filter_" . $_SESSION['language'] . ".php";
$_SESSION['filter_page'] = isset($_GET['home_page']) ? "filter_" . $_SESSION['language'] . ".php" : $_SESSION['filter_page'];
$_SESSION['filter_page'] = isset($_GET['filter_page']) ? urldecode($_GET['filter_page']) : $_SESSION['filter_page'];
// Remove the lock status when unloading an editor page
$cancel_user_now = isset($_GET['cancel']) ? $_GET['cancel'] == "True" : false;
if ($cancel_user_now) {
$cid = isset($_GET['cid']) ? $_GET['cid'] : '';
$ccat = isset($_GET['ccat']) ? $_GET['ccat'] : '';
if ($cid != "") {
backOver($ccat, $cid);
}
}
//Get the user's rights
$user_id_for_rights = isset($_SESSION['user_id']) ? $_SESSION['user_id'] : 0;
$_SESSION['user_rights'] = isset($_SESSION['user_rights']) ? $_SESSION['user_rights'] : getUserRights($user_id_for_rights);
//Show the coords converter if needed
$_SESSION['show_converter'] = isset($_GET['c']) ? true : (isset($_SESSION['show_converter']) ? $_SESSION['show_converter'] : false);
define("USER_IS_CONNECTED", userIsConnected(), true);
$FAQPages = array("Fr" => array("home" => 13), "En" => array("home" => 14), "Es" => array("home" => 19));
define("LEADER_GROUP_ID", 5, true);
define("ENTRY_COUNT_MAX", 3000, true);
define("Max_detail_level", 1000, true);
define("Select_default", "00", true);
define("start_comment", "<!--", true);
define("end_comment", "-->", true);
define("Contact_for_nobody", "0", true);
define("Contact_for_registered", "1", true);
define("Contact_for_everybody", "2", true);
define("Google_key", "ABQIAAAABppewhix0m2aGtrxzFsM1hTUoYxFMVJ0pZ8eIP2qT6O2FCqTDBSrYiCqarW5lo9hEXEt4pCtZ6bVVA", true);
//GMaps API Key for grottocenter.org
date: 24.9.05
author: christian osterrieder utilo.net
*/
//header einfuegen:
include_once $root . "/webinterface/templates/header.inc.php";
include_once $root . "/include/benutzerFunctions.inc.php";
if (!isset($fehler) || $fehler != true) {
$id = $_POST["id"];
$name = getUserName($id);
$pass = getPassword($id);
if ($name == "test" && $pass == "test") {
$testuser = true;
} else {
$testuser = false;
}
$rechte = getUserRights($id);
}
include_once $root . "/webinterface/templates/bodyStart.inc.php";
?>
<form action="./benutzerAendernDurchfuehren.php" method="post"
name="benutzer" id="benutzer" target="_self">
<input name="id" type="hidden" value="<?php
echo $id;
?>
">
<input name="testuser" type="hidden" value="<?php
echo $testuser;
?>
">
<table border="0" cellpadding="0" cellspacing="3" class="<?php
function setSession($status, $data = "")
{
$_SESSION['user_connected'] = $status;
if ($status) {
$_SESSION['user_id'] = $data['Id'];
$_SESSION['user_name'] = $data['Name'];
$_SESSION['user_surname'] = $data['Surname'];
$_SESSION['user_login'] = $data['Login'];
$_SESSION['user_nickname'] = $data['Nickname'];
$_SESSION['user_last_connection'] = cDate($data['Date_last_connection'], false);
$_SESSION['user_country'] = $data['Country'];
$_SESSION['user_region'] = $data['Region'];
$_SESSION['user_city'] = $data['City'];
$_SESSION['user_postal'] = $data['Postal_code'];
$_SESSION['user_address'] = $data['Address'];
$_SESSION['user_birth'] = cDate($data['Date_birth'], false);
$_SESSION['user_contact'] = $data['Contact'];
$_SESSION['user_initiation'] = $data['Year_initiation'];
$_SESSION['user_language'] = $data['Language'];
$_SESSION['language'] = $_SESSION['user_language'];
$_SESSION['user_public'] = $data['Contact_is_public'];
$_SESSION['user_hover'] = $data['Show_links'];
$_SESSION['user_detail_level'] = $data['Detail_level'];
$_SESSION['user_latitude'] = $data['Latitude'];
$_SESSION['user_longitude'] = $data['Longitude'];
$_SESSION['user_default_lat'] = $data['Default_latitude'];
$_SESSION['user_default_lng'] = $data['Default_longitude'];
$_SESSION['user_default_zoom'] = $data['Default_zoom'];
$_SESSION['user_message'] = $data['Custom_message'];
$_SESSION['user_facebook'] = $data['Facebook'];
$_SESSION['user_file'] = $data['Picture_file_name'];
$_SESSION['user_banned'] = $data['Banned'];
$_SESSION['user_news'] = $data['Alert_for_news'];
$_SESSION['user_utcoffset'] = $data['Utc_offset'];
$_SESSION['user_timezone'] = $data['Id_time_zone'];
// $_SESSION['user_timeformat'] = $data['Time_format'];
$_SESSION['user_rights'] = getUserRights($_SESSION['user_id']);
$_SESSION['user_lastactivitydate'] = 0;
}
}
$sprache = $_POST["sprache"];
setSessionWert(SPRACHE, $sprache);
} else {
$sprache = getSessionWert(SPRACHE);
}
//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
//unterkünfte sperren:
// 4 = la vielle maison
if ($unterkunft_id == -1) {
echo "Zugang gesperrt!";
$fehlgeschlagen = true;
include_once "./index.php";
} else {
//benutzerrechte auslesen:
$benutzerrechte = getUserRights($benutzer_id, $link);
$anzahlVorhandenerZimmer = getAnzahlVorhandeneZimmer($unterkunft_id, $link);
?>
<?php
include_once "./templates/headerA.php";
?>
<style type="text/css">
<?php
include_once $root . "/templates/stylesheetsIE9.php";
?>
</style>
<?php
include_once "./templates/headerB.php";
?>
<?php
include_once "./templates/bodyA.php";
}
exit;
}
// if the cookie is that check whether there uchetku with hash
if (isset($_COOKIE[$config["cookiename"]])) {
$cn = isset($config["cookiename"]) ? $config["cookiename"] : '';
if (!is_string($_COOKIE[$cn])) {
die('err...');
}
$cookie_data = addslashes($_COOKIE[$cn]);
$value = cdim('db', 'query', "SELECT * FROM `users` WHERE `sid` = '" . $cookie_data . "'");
// if the hash is not that show login
if (count($value) <= 0) {
if (!file_exists('../auth/index.php')) {
include '../auth/index.php';
} else {
include '../auth/index.php';
}
exit;
} else {
// If everything is OK then put user data in the config
foreach ($value[0] as $k => $v) {
$config['user'][$k] = $v;
}
$config['user']['rights'] = getUserRights($config['user']['id']);
// update last_time
$cookie_data = addslashes($_COOKIE[$config["cookiename"]]);
cdim('db', 'query', "UPDATE `users` SET `last_time` = '" . time() . "' WHERE `sid` = '" . $_COOKIE[$config["cookiename"]] . "'");
}
}
// cookie is ok, go on...
