Example #1
0
 protected function onValidateId()
 {
     $id = param("id");
     if (!hasPerm(AUTH_MGR) || is_null(param("id"))) {
         setParam("id", $_SESSION["empId"]);
     }
 }
 /**
  * Handle an incoming request.
  *
  * @param  \Illuminate\Http\Request  $request
  * @param  \Closure	$next
  * @param  string	$role
  * @param  string	$type
  * @return mixed
  */
 public function handle($request, Closure $next, $role, $type = null)
 {
     $slug = $type != 'restrict' ? isset($request->slug) ? $request->slug : $request->id : null;
     $permission = hasPerm($role, $slug);
     if ($permission === true) {
         return $next($request);
     }
     return $permission;
 }
function intShowUserSearchSetVars(&$smarty)
{
    $smarty->assign_by_ref("group_names", getGroupNames($smarty));
    $smarty->assign_by_ref("admin_names", getAdminNames($smarty));
    intSetChargeNames($smarty, null);
    $smarty->assign("can_change", hasPerm("CHANGE USER ATTRIBUTES") or amIGod());
    $smarty->assign("order_by_options", array("user_id" => "User ID", "normal_username" => "Normal Username", "creation_date" => "Creation Date", "owner_id" => "Owner ID", "group_id" => "Group ID", "credit" => "Credit"));
    if (!$smarty->is_assigned("show_results")) {
        $smarty->assign("show_results", FALSE);
    }
}
 /** Retrieves roles and contacts associated with this object */
 function getRoles()
 {
     $roles = $this->db->getAll("SELECT id, contact_id, role_id FROM sotf_object_roles WHERE object_id='{$this->id}' ORDER BY role_id, contact_id");
     for ($i = 0; $i < count($roles); $i++) {
         $roles[$i]['role_name'] = $this->repository->getRoleName($roles[$i]['role_id']);
         $cobj = new sotf_Contact($roles[$i]['contact_id']);
         $roles[$i]['contact_data'] = $cobj->getAllWithIcon();
         if (hasPerm($roles[$i]['contact_id'], 'change')) {
             $roles[$i]['change_contact'] = 1;
         }
     }
     return $roles;
 }
Example #5
0
function intAssignSelectedPermVals(&$smarty)
{
    if (isInRequest("selected")) {
        $has_perm = hasPerm($_REQUEST["selected"], $_REQUEST["admin_username"]);
        $smarty->assign("selected", $_REQUEST["selected"]);
        $smarty->assign("has_selected_perm", $has_perm);
        $smarty->assign("selected_value", requestVal("value"));
        if ($has_perm) {
            $perm_val_req = new AdminPermValue($_REQUEST["selected"], $_REQUEST["admin_username"]);
            list($success, $cur_val) = $perm_val_req->send();
            if ($success) {
                $smarty->assign("cur_val", $cur_val);
            } else {
                $smarty->assign("cur_val", "ERR");
                smartySetPageErr($smarty, $cur_val->getErrorMsgs());
            }
        }
    } else {
        $smarty->assign("selected", "");
    }
}
Example #6
0
<?php

$killOverride = true;
require_once "authlib.php";
$userID = $_POST['userID'];
$username = $_POST['username'];
if (!empty($userID) && !hasPerm("users.edit")) {
    $conn = $altConn = null;
    header('Location: user.php');
    die;
}
//Check if the username already exists
$cmd = $conn->prepare("select userID from {$userTable} where username = :username");
$cmd->bindParam(":username", $username, PDO::PARAM_STR, 25);
$cmd->execute();
$results = $cmd->fetchAll();
if (count($results) === 0) {
    //Add the value to our table
    $sql = empty($userID) ? "insert into {$userTable} (username, addr) \n\t\tvalues (:username, :addr)" : "update {$userTable} \n\t\tset username = :username where userID = :userID";
    $cmd = $conn->prepare($sql);
    $cmd->bindParam(":username", $username, PDO::PARAM_STR, 25);
    if (empty($userID)) {
        $cmd->bindParam(":addr", $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR, 16);
    } else {
        $cmd->bindParam(":userID", $userID, PDO::PARAM_INT);
    }
    $cmd->execute();
    //Get userID for the Log
    if (empty($userID)) {
        $cmd = $conn->prepare("select userID from {$userTable} where username = :username");
        $cmd->bindParam(":username", $username, PDO::PARAM_STR, 25);
 function canListen()
 {
     //global $config;
     //if(!$config['payableMode'])
     //	return 1;
     if ($this->getBool('free_content')) {
         return 1;
     }
     return hasPerm($this, 'listen');
 }
 /** Retrieves roles and contacts associated with this object */
 function getRoles($language = '')
 {
     global $db, $vocabularies, $lang, $repository;
     if (empty($language)) {
         $language = $lang;
     }
     $roles = $db->getAll("SELECT id, contact_id, role_id FROM sotf_object_roles WHERE object_id='{$this->id}' ORDER BY role_id, contact_id");
     for ($i = 0; $i < count($roles); $i++) {
         $cobj =& $repository->getObject($roles[$i]['contact_id']);
         if ($cobj) {
             $roles[$i]['role_name'] = $vocabularies->getRoleName($roles[$i]['role_id'], $language);
             $roles[$i]['creator'] = $vocabularies->isCreator($roles[$i]['role_id']);
             $roles[$i]['contact_data'] = $cobj->getAllWithIcon();
             if (hasPerm($roles[$i]['contact_id'], 'change')) {
                 $roles[$i]['change_contact'] = 1;
             }
         } else {
             logError("Referred contact does not exist: " . $roles[$i]['contact_id']);
             unset($roles[$i]);
         }
     }
     return $roles;
 }
Example #9
0
<?php

require "init.inc.php";
$seriesid = sotf_Utils::getParameter('seriesid');
$page->errorURL = "editSeries.php?seriesid={$seriesid}";
$page->setTitle('edit_series');
$page->popup = true;
$page->forceLogin();
if (!$seriesid) {
    raiseError("Id is missing");
}
if (!hasPerm($seriesid, "change")) {
    raiseError("You have no permission to change series settings!");
}
$series =& new sotf_Series($seriesid);
// save general data
$save = sotf_Utils::getParameter('save');
$finish = sotf_Utils::getParameter('finish');
if ($save || $finish) {
    $series->setWithParam('title');
    $series->setWithParam('description');
    $series->update();
    if ($finish) {
        $page->redirect("closeAndRefresh.php?anchor=series");
    } else {
        $page->redirect("editSeries.php?seriesid={$seriesid}");
    }
    exit;
}
// manage roles
$delrole = sotf_Utils::getParameter('delrole');
Example #10
0
<body>
	<?php 
if (isset($_SESSION['isLogged']) && (dirname($_SERVER['REQUEST_URI']) == "/cauth" || $_SERVER['REQUEST_URI'] == "/cauth/")) {
    ?>
	<header>
		<nav class="navbar navbar-default">
			<div class="navbar-header">
				<button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#mainNav">
					<span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span>
				</button>
				<a href="index.php" class="navbar-brand">SeaAuth - Server Protection</a>
			</div>

			<div class="collapse navbar-collapse" id="mainNav">
	    		<ul class="nav navbar-nav">
	    			<li><a href="index.php">Home</a></li>
	    			<?php 
    if (hasPerm("codes.list", $user)) {
        echo '<li><a href="codelist.php">Codes</a></li>';
    }
    if (hasPerm("users.list", $user)) {
        echo '<li><a href="userlist.php">Users</a></li>';
    }
    ?>
	    			<li><a href="logout.php">Logout</a></li>
	    		</ul>
	    	</div>
		</nav>
	</header>
	<?php 
}
Example #11
0
 * Created for the StreamOnTheFly project (IST-2001-32226)
 * Authors: András Micsik, Máté Pataki, Tamás Déri 
 *          at MTA SZTAKI DSD, http://dsd.sztaki.hu
 */
require "init.inc.php";
//$smarty->assign("OKURL", $_SERVER['PHP_SELF'] . "?id=" . rawurlencode($id));
$id = sotf_Utils::getParameter('id');
if ($id) {
    $db->begin();
    $smarty->assign('ID', $id);
    $prg =& $repository->getObject($id);
    if (!$prg) {
        raiseError("no_such_object", $id);
    }
    if (!$prg->getBool('published')) {
        if (!hasPerm($prg->id, 'change')) {
            raiseError("not_published_yet", $id);
            exit;
        }
        $smarty->assign("UNPUBLISHED", 1);
    }
    $page->setTitle($prg->get('title'));
    // general data
    $prgData = $prg->getAll();
    $prgData['icon'] = sotf_Blob::cacheIcon($id);
    $smarty->assign('PRG_DATA', $prgData);
    // station data
    $station = $prg->getStation();
    $smarty->assign('STATION_DATA', $station->getAllWithIcon());
    // series data
    $series = $prg->getSeries();
Example #12
0
function amIGod()
{
    return hasPerm("GOD");
}
Example #13
0
<?php

//Setup Connection and check authorization
require_once "authlib.php";
if (hasPerm("codes.clear")) {
    //Check if a UserID is specified
    $code = base64_decode($_GET['ccode']);
    //Grab the user and set address to null
    logEvent($conn, $logTable, "Cleared SeaCode {$code}");
    $cmd = $conn->prepare("update {$codeTable} set userID = null where codename = :code");
    $cmd->bindParam(":code", $code, PDO::PARAM_INT);
    $cmd->execute();
}
//Disconnect
$conn = $altConn = null;
header('Location: codelist.php');
Example #14
0
    $smarty->assign("PAGETITLE", $page->getlocalized("editmeta"));
}
$page->forceLogin();
$okURL = sotf_Utils::getParameter('okURL');
// delete topic
$delTopic = sotf_Utils::getParameter('deltopic');
if ($delTopic) {
    $repository->delFromTopic($delTopic);
    $page->redirect("editMeta.php?id={$prgId}#topics");
    exit;
}
$prg =& new sotf_Programme($prgId);
if (!$prg->isLocal()) {
    raiseError("You can only edit programmes locally!");
}
if (!hasPerm($prgId, 'change')) {
    raiseError("no permission to change files in this programme");
    exit;
}
$finishpublish = sotf_Utils::getParameter('finishpublish');
$finish = sotf_Utils::getParameter('finish');
$save = sotf_Utils::getParameter('save');
if ($save || $finish || $finishpublish) {
    $params = array('title' => 'text', 'alternative_title' => 'text', 'episode_title' => 'text', 'episode_sequence' => 'number', 'keywords' => 'text', 'abstract' => 'text', 'language' => 'text', 'genre_id' => 'number', 'spatial_coverage' => 'text', 'temporal_coverage' => 'date', 'production_date' => 'date', 'broadcast_date' => 'date', 'expiry_date' => 'date');
    foreach ($params as $param => $type) {
        $value = sotf_Utils::getParameter($param);
        if ($type == 'text') {
            $value = strip_tags($value);
        } elseif ($type == 'number') {
            if (empty($value)) {
                $value = '';
<?php

// -*- tab-width: 3; indent-tabs-mode: 1; -*-
// $Id$
require "init.inc.php";
$page->popup = true;
$page->forceLogin();
$stationId = sotf_Utils::getParameter('stationid');
$seriesTitle = sotf_Utils::getParameter('title');
if (!hasPerm($stationId, "create")) {
    raiseError("You have no permission to create new series!");
}
if ($seriesTitle) {
    // create a new series
    $series = new sotf_Series();
    $series->set('title', $seriesTitle);
    $series->set('station_id', $stationId);
    $series->set('entry_date', date('Y-m-d'));
    $status = $series->create();
    if (!$status) {
        $page->addStatusMsg('series_create_failed');
    } else {
        $permissions->addPermission($series->id, $user->id, 'admin');
        $page->redirect("editSeries.php?seriesid=" . $series->id);
        exit;
    }
}
// general data
$smarty->assign("TITLE", $seriesTitle);
$page->sendPopup();
Example #16
0
<main id="content-wrapper" class="container">
	<div class="page-header">
		<h1>SeaAuth <small>Code Management</small></h1>
	</div>
	<div class="btn-group">
		<a href="code.php" class="btn btn-warning">Add Code</a>
		<a href="?di" class="btn btn-warning">Show Inactive</a>
		<a href="permlist.php" class="btn btn-warning">Permission List</a>
	</div>
	<table class="table table-striped table-hover">
		<?php 
//Get Columns
$cols = array("codename", "username", "perms");
//Get fields
$col_ss = implode(", ", $cols) . ", userID";
$joinType = (isset($_GET['di']) && hasPerm("codes.inactive", $user) ? "left" : "") . " join";
$cmd = $conn->prepare("select {$col_ss} from {$codeTable} \n\t\t\t{$joinType} {$userTable} using(userID)");
$cmd->execute();
$results = $cmd->fetchAll();
//Print out our table
echo "<thead><tr>";
foreach ($cols as $col) {
    echo "<th>{$col}</th>";
}
echo "<th>Edit</th><th>Delete</th></tr></thead><tbody>";
foreach ($results as $row) {
    $ccode = base64_encode($row['codename']);
    echo "<tr>";
    foreach ($cols as $col) {
        $val = strlen($row[$col]) > 47 ? substr($row[$col], 0, 47) . "..." : $row[$col];
        echo "<td>{$val}</td>";
<?php

// -*- tab-width: 3; indent-tabs-mode: 1; -*-
// $Id$
require "init.inc.php";
$station = sotf_Utils::getParameter('station');
$new = sotf_Utils::getParameter('new');
$desc = sotf_Utils::getParameter('desc');
$manager = sotf_Utils::getParameter('username');
$page->forceLogin();
if (!hasPerm('node', 'create')) {
    raiseError($page->getlocalized('no_permission'));
    exit;
}
if ($new) {
    $userid = $user->getUserid($manager);
    if (empty($userid) || !is_numeric($userid)) {
        $page->addStatusMsg('select_manager');
        $problem = 1;
    }
    $station_old = $station;
    $station = sotf_Utils::makeValidName($station, 32);
    if ($station != $station_old) {
        $page->addStatusMsg('illegal_name');
        $problem = 1;
    }
    if (sotf_Station::isNameInUse($station)) {
        $page->addStatusMsg('name_in_use');
        $problem = 1;
    }
    if (!$problem) {
Example #18
0
					</span>
				</div>
			</form>
		</div>
	</div>
	<?php 
$cmd = $conn->prepare("select now() from {$logTable}");
$cmd->execute();
$results = $cmd->fetchAll();
if (count($results)) {
    echo "<h2>Current Server Time: {$results[0][0]}</h2>";
}
?>
	<table class="table table-striped table-hover">
		<?php 
if (hasPerm("log.view")) {
    //Get Columns
    $search = isset($_GET['search']) ? addslashes($_GET['search']) : "";
    $cols = array("logID", "username", "logTime", "logEvent");
    //Get fields
    $col_ss = implode(", ", $cols);
    //SQL safe Columns
    $where_ss = implode(" like '%{$search}%' or ", $cols) . " like '%{$search}%'";
    $sql = "select {$col_ss} from {$logTable}\n\t\t\t\tleft join {$userTable} using(userID)\n\t\t\t\twhere {$where_ss}\n\t\t\t\torder by logTime desc\n\t\t\t\tlimit 30";
    echo "<code>{$sql}</code>";
    $cmd = $conn->prepare($sql);
    $cmd->execute();
    $results = $cmd->fetchAll();
    //Print out our table
    echo "<thead><tr>";
    foreach ($cols as $col) {
Example #19
0
 * Created for the StreamOnTheFly project (IST-2001-32226)
 * Authors: András Micsik, Máté Pataki, Tamás Déri 
 *          at MTA SZTAKI DSD, http://dsd.sztaki.hu
 */
require "init.inc.php";
$hitsPerPage = $sotfVars->get("hitsPerPage", 15);
$smarty->assign('PAGETITLE', $page->getlocalized('Stations'));
$start = sotf_Utils::getParameter('start');
$station = sotf_Utils::getParameter('station');
$delete = sotf_Utils::getParameter('delete');
if ($delete) {
    checkPerm('node', 'delete');
    $st =& $repository->getObject($station);
    $st->delete();
    $page->addStatusMsg('delete_ok');
    $page->redirect($_SERVER["PHP_SELF"]);
}
$limit = $page->splitList(sotf_Station::countAll(), $scriptUrl);
//$result = $db->limitQuery($query, $limit["from"], $limit["maxresults"]);				//get results with limit
$stations = sotf_Station::listStations($limit["from"], $limit["maxresults"]);
for ($i = 0; $i < count($stations); $i++) {
    $sprops = $stations[$i]->getAllWithIcon();
    $sprops['numProgs'] = $stations[$i]->numProgrammes();
    $sprops['isLocal'] = $stations[$i]->isLocal();
    if (hasPerm('node', 'delete', 'change')) {
        $sprops['managers'] = $permissions->listUsersWithPermission($stations[$i]->id, 'admin');
    }
    $STATION_LIST[] = $sprops;
}
$smarty->assign('STATIONS', $STATION_LIST);
$page->send();
Example #20
0
//Get fields
$col_ss = implode(", ", $cols);
$where = isset($_GET['di']) && hasPerm("users.inactive", $user) ? "" : "where active = '1'";
$cmd = $conn->prepare("select {$col_ss} from {$userTable} {$where} order by userID");
$cmd->execute();
$results = $cmd->fetchAll();
//Print out our table
echo "<thead><tr>";
foreach ($cols as $col) {
    echo "<th>{$col}</th>";
}
echo "<th>Edit</th><th>Deactivate</tr></thead><tbody>";
foreach ($results as $row) {
    echo "<tr>";
    foreach ($cols as $col) {
        if ($col == "addr" && !hasPerm("users.addr", $user)) {
            $val = "***.***.***.***";
        } else {
            $val = strlen($row[$col]) > 47 ? substr($row[$col], 0, 47) . "..." : $row[$col];
        }
        echo "<td>{$val}</td>";
    }
    $params = "?userID=" . base64_encode($row['userID']);
    $params .= $row['active'] == 0 ? "&undo" : "";
    echo "<td><a href='user.php{$params}'>Edit</a></td>";
    echo "<td><a href='revoke-user.php{$params}' onclick='return confirm(\"Are you sure?\");'>X</a></td>";
}
echo "</tbody>";
?>
	</table>
</main>
Example #21
0
<?php

// -*- tab-width: 3; indent-tabs-mode: 1; -*-
// $Id$
require "init.inc.php";
$hitsPerPage = $sotfVars->get("hitsPerPage", 15);
$smarty->assign('PAGETITLE', $page->getlocalized('Stations'));
$start = sotf_Utils::getParameter('start');
$station = sotf_Utils::getParameter('station');
$delete = sotf_Utils::getParameter('delete');
if ($delete and hasPerm('node', 'delete')) {
    $st =& new sotf_Station($station);
    $st->delete();
    $page->addStatusMsg('delete_ok');
    $page->redirect($_SERVER["PHP_SELF"]);
}
$limit = $page->splitList(sotf_Station::countAll(), "{$php_self}");
//$result = $db->limitQuery($query, $limit["from"], $limit["maxresults"]);				//get results with limit
$stations = sotf_Station::listStations($limit["from"], $limit["maxresults"]);
for ($i = 0; $i < count($stations); $i++) {
    $sprops = $stations[$i]->getAllWithIcon();
    $sprops['numProgs'] = $stations[$i]->numProgrammes();
    $sprops['isLocal'] = $stations[$i]->isLocal();
    if (hasPerm('node', 'delete')) {
        $sprops['managers'] = $permissions->listUsersWithPermission($stations[$i]->id, 'admin');
    }
    $STATION_LIST[] = $sprops;
}
$smarty->assign('STATIONS', $STATION_LIST);
$page->send();
 * Created for the StreamOnTheFly project (IST-2001-32226)
 * Authors: András Micsik, Máté Pataki, Tamás Déri 
 *          at MTA SZTAKI DSD, http://dsd.sztaki.hu
 */
require "init.inc.php";
$page->popup = true;
$page->forceLogin();
$context = sotf_Utils::getParameter('context');
$objectname = sotf_Utils::getParameter('objectname');
$objectid = sotf_Utils::getParameter('objectid');
$username = sotf_Utils::getParameter('username');
$save = sotf_Utils::getParameter('save');
$userid = $user->getUserid($username);
if ($userid == $user->id) {
    // trying to change permissions for self
    if (!hasPerm($objectid, 'admin')) {
        raiseError("self_perm_change_not_allowed");
    }
}
checkPerm($objectid, "authorize");
if (empty($userid) || !is_numeric($userid)) {
    raiseError("Invalid username: {$username}");
}
if ($save) {
    $userPerms = $permissions->getPermissions($objectid, $userid);
    debug("userPerms", $userPerms);
    if (sotf_Utils::getParameter('perm_admin')) {
        if (!in_array('admin', $userPerms)) {
            $permissions->addPermission($objectid, $userid, 'admin');
        }
    } else {
Example #23
0
<?php

require "init.inc.php";
$smarty->assign('PAGETITLE', $page->getlocalized('AdminPage'));
$page->forceLogin();
$page->errorURL = "admin.php";
if (!hasPerm('node', "change")) {
    raiseError("You have no permission to change node settings!");
}
/*
// save general data
$save = sotf_Utils::getParameter('save');
if($save) {
  $desc = sotf_Utils::getParameter('desc');
  $st->set('description', $desc);
  $st->update();
  $page->redirect("editStation.php?stationid=$stationid");
  exit;
}
*/
// sync
$sync = sotf_Utils::getParameter('sync');
if ($sync) {
    $nid = sotf_Utils::getParameter('nodeid');
    $neighbour = sotf_Neighbour::getById($nid);
    $neighbour->sync(true);
    $page->redirect("admin.php#network");
}
// delete neighbour
$deln = sotf_Utils::getParameter('delneighbour');
debug("deln", $deln);
Example #24
0
<?php

require "init.inc.php";
$smarty->assign('PAGETITLE', $page->getlocalized('edit_station'));
$page->forceLogin();
$stationid = sotf_Utils::getParameter('stationid');
$page->errorURL = "editStation.php?stationid={$stationid}";
$st =& new sotf_Station($stationid);
$smarty->assign('STATION_ID', $stationid);
$smarty->assign('STATION', $st->get('name'));
if (!$st->isLocal()) {
    raiseError("You can only edit local stations!");
}
if (!hasPerm($st->id, "change")) {
    raiseError("You have no permission to change station settings!");
}
// save general data
$save = sotf_Utils::getParameter('save');
if ($save) {
    $desc = sotf_Utils::getParameter('desc');
    $st->set('description', $desc);
    $st->update();
    $page->redirect("editStation.php?stationid={$stationid}");
    exit;
}
// manage roles
$delrole = sotf_Utils::getParameter('delrole');
if ($delrole) {
    $roleid = sotf_Utils::getParameter('roleid');
    $role = new sotf_NodeObject('sotf_object_roles', $roleid);
    $c = new sotf_Contact($role->get('contact_id'));
<?php

require "init.inc.php";
$page->forceLogin();
$context = sotf_Utils::getParameter('context');
$objectname = sotf_Utils::getParameter('objectname');
$objectid = sotf_Utils::getParameter('objectid');
$username = sotf_Utils::getParameter('username');
$save = sotf_Utils::getParameter('save');
$userid = $user->getUserid($username);
if (!hasPerm($objectid, "change")) {
    raiseError("You have no permission to change user permissions!");
}
if (empty($userid) || !is_numeric($userid)) {
    raiseError("Invalid username: {$username}");
}
if ($save) {
    $userPerms = $permissions->getPermissions($objectid, $userid);
    debug("userPerms", $userPerms);
    if (sotf_Utils::getParameter('perm_admin')) {
        if (!in_array('admin', $userPerms)) {
            $permissions->addPermission($objectid, $userid, 'admin');
        }
    } else {
        if (in_array('admin', $userPerms)) {
            $permissions->delPermission($objectid, $userid, 'admin');
        }
        $perms['create'] = sotf_Utils::getParameter('perm_create');
        $perms['change'] = sotf_Utils::getParameter('perm_change');
        $perms['add_prog'] = sotf_Utils::getParameter('perm_add_prog');
        $perms['delete'] = sotf_Utils::getParameter('perm_delete');
Example #26
0
$page->forceLogin();
$contactId = sotf_Utils::getParameter('id');
$save = sotf_Utils::getParameter('save');
$finish1 = sotf_Utils::getParameter('finish1');
$finish2 = sotf_Utils::getParameter('finish2');
$addperm = sotf_Utils::getParameter('addperm');
$delperm = sotf_Utils::getParameter('delperm');
$username = sotf_Utils::getParameter('username');
$view = sotf_Utils::getParameter('view');
$contact =& new sotf_Contact($contactId);
$smarty->assign('CONTACT_ID', $contactId);
$smarty->assign('CONTACT_NAME', $contact->get('name'));
if (!$contact->isLocal()) {
    raiseError("You can only edit local contacts!");
}
if (!hasPerm($contact->id, "change")) {
    raiseError("You have no permission to change contact settings!");
}
// upload icon
$uploadicon = sotf_Utils::getParameter('uploadicon');
if ($uploadicon) {
    $file = sotf_Utils::getFileInDir($user->getUserDir(), $_FILES['userfile']['name']);
    move_uploaded_file($_FILES['userfile']['tmp_name'], $file);
    $contact->setIcon($file);
    $page->redirect("editContact.php?id={$contactId}#icon");
    exit;
}
// save general data
if ($save || $finish1 || $finish2) {
    if (!$finish2) {
        $contact->set('alias', sotf_Utils::getParameter('alias'));
Example #27
0
require_once "authlib.php";
$code = $_POST['ccode'];
$oldCode = $_POST['oldCode'];
$perms = $_POST['perms'];
$user = null;
if (!empty($oldCode) && hasPerm("codes.edit", $user)) {
    logEvent($conn, $logTable, "Changed SeaCode {$oldCode} to {$code}");
    $cmd = $conn->prepare("update {$codeTable} set codename = :code, perms = :perms \n\t\twhere codename = :oldCode");
    $cmd->bindParam(":code", $code, PDO::PARAM_STR, 10);
    $cmd->bindParam(":oldCode", $oldCode, PDO::PARAM_STR, 10);
    $cmd->bindParam(":perms", $perms, PDO::PARAM_STR, 100);
    $cmd->execute();
    $conn = $altConn = null;
    header('Location: codelist.php');
    die('');
}
$cmd = $conn->prepare("select userID from {$codeTable} where codename = :code");
$cmd->bindParam(":code", $code, PDO::PARAM_STR, 10);
$cmd->execute();
$results = $cmd->fetchAll();
if (count($results) === 0 && hasPerm("codes.add", $user)) {
    logEvent($conn, $logTable, "Added new SeaCode {$code}");
    $cmd = $conn->prepare("insert into {$codeTable} (codename, perms) \n\t\tvalues (:code, :perms)");
    $cmd->bindParam(":code", $code, PDO::PARAM_STR, 10);
    $cmd->bindParam(":perms", $perms, PDO::PARAM_STR, 100);
    $cmd->execute();
    header('Location: codelist.php');
} else {
    header('Location: code.php');
}
$conn = $altConn = null;
Example #28
0
    if (!strstr($capurl, "#")) {
        $capurl .= "#ofiles";
    }
    $page->redirect($capurl);
} elseif ($capname == "mfiles") {
    $x = new sotf_NodeObject("sotf_media_files", $capid);
    $x->set('caption', addslashes($capvalue));
    $x->update();
    if (!strstr($capurl, "#")) {
        $capurl .= "#mfiles";
    }
    $page->redirect($capurl);
}
$prg =& new sotf_Programme($id);
// admins or owners can change files
if (!hasPerm($id, 'change')) {
    raiseError("no permission to change files in this programme");
    exit;
}
// delete link
$delLink = sotf_Utils::getParameter('dellink');
$linkid = sotf_Utils::getParameter('linkid');
if ($delLink) {
    $link = new sotf_NodeObject("sotf_links", $linkid);
    $link->delete();
    $page->redirect("editFiles.php?id={$id}#links");
    exit;
}
// delete file
$delFile = sotf_Utils::getParameter('delfile');
if ($delFile) {
Example #29
0
<?php

require "init.inc.php";
$smarty->assign('PAGETITLE', $page->getlocalized('add_files'));
$page->forceLogin();
$prgId = sotf_Utils::getParameter('prgid');
$main = sotf_Utils::getParameter('main');
$add = sotf_Utils::getParameter('add');
if (empty($prgId)) {
    raiseError("Missing programme id!");
}
if (!hasPerm($prgId, "change")) {
    raiseError("You have no permission to add files here!");
}
// upload file
$upload = sotf_Utils::getParameter('upload');
if ($upload) {
    $fname = $_FILES['userfile']['name'];
    $file = sotf_Utils::getFileInDir($user->getUserDir(), $fname);
    move_uploaded_file($_FILES['userfile']['tmp_name'], $file);
    $prg = new sotf_Programme($prgId);
    if ($main) {
        $prg->setAudio($file);
        $page->redirect("closeAndRefresh.php");
    } else {
        $prg->setOtherFile($fname);
        $page->redirect("closeAndRefresh.php#anchor=mfiles");
    }
    exit;
}
// add files
    }
    $station_old = $station;
    /*
    $station = sotf_Utils::makeValidName($station, 32);
    if ($station != $station_old) {
    			$page->addStatusMsg('illegal_name');
        $problem = 1;
    }
    */
    if (sotf_Station::isNameInUse($station)) {
        $page->addStatusMsg('name_in_use');
        $problem = 1;
    }
    if (!$problem) {
        $st =& new sotf_Station();
        $st->create($station, $desc);
        if ($manager || !hasPerm('node', 'change')) {
            $permissions->addPermission($st->getID(), $userid, 'admin');
        }
        $page->addStatusMsg('station_created');
        if (hasPerm('node', 'change') || !$manager) {
            $page->redirect("editStation.php?stationid=" . $st->id);
        } else {
            $page->redirect("stations.php");
        }
    }
}
$smarty->assign('STATION', $station);
$smarty->assign('DESC', $desc);
$smarty->assign('MANAGER', $manager);
$page->send();