protected function onValidateId() { $id = param("id"); if (!hasPerm(AUTH_MGR) || is_null(param("id"))) { setParam("id", $_SESSION["empId"]); } }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @param string $role * @param string $type * @return mixed */ public function handle($request, Closure $next, $role, $type = null) { $slug = $type != 'restrict' ? isset($request->slug) ? $request->slug : $request->id : null; $permission = hasPerm($role, $slug); if ($permission === true) { return $next($request); } return $permission; }
function intShowUserSearchSetVars(&$smarty) { $smarty->assign_by_ref("group_names", getGroupNames($smarty)); $smarty->assign_by_ref("admin_names", getAdminNames($smarty)); intSetChargeNames($smarty, null); $smarty->assign("can_change", hasPerm("CHANGE USER ATTRIBUTES") or amIGod()); $smarty->assign("order_by_options", array("user_id" => "User ID", "normal_username" => "Normal Username", "creation_date" => "Creation Date", "owner_id" => "Owner ID", "group_id" => "Group ID", "credit" => "Credit")); if (!$smarty->is_assigned("show_results")) { $smarty->assign("show_results", FALSE); } }
/** Retrieves roles and contacts associated with this object */ function getRoles() { $roles = $this->db->getAll("SELECT id, contact_id, role_id FROM sotf_object_roles WHERE object_id='{$this->id}' ORDER BY role_id, contact_id"); for ($i = 0; $i < count($roles); $i++) { $roles[$i]['role_name'] = $this->repository->getRoleName($roles[$i]['role_id']); $cobj = new sotf_Contact($roles[$i]['contact_id']); $roles[$i]['contact_data'] = $cobj->getAllWithIcon(); if (hasPerm($roles[$i]['contact_id'], 'change')) { $roles[$i]['change_contact'] = 1; } } return $roles; }
function intAssignSelectedPermVals(&$smarty) { if (isInRequest("selected")) { $has_perm = hasPerm($_REQUEST["selected"], $_REQUEST["admin_username"]); $smarty->assign("selected", $_REQUEST["selected"]); $smarty->assign("has_selected_perm", $has_perm); $smarty->assign("selected_value", requestVal("value")); if ($has_perm) { $perm_val_req = new AdminPermValue($_REQUEST["selected"], $_REQUEST["admin_username"]); list($success, $cur_val) = $perm_val_req->send(); if ($success) { $smarty->assign("cur_val", $cur_val); } else { $smarty->assign("cur_val", "ERR"); smartySetPageErr($smarty, $cur_val->getErrorMsgs()); } } } else { $smarty->assign("selected", ""); } }
<?php $killOverride = true; require_once "authlib.php"; $userID = $_POST['userID']; $username = $_POST['username']; if (!empty($userID) && !hasPerm("users.edit")) { $conn = $altConn = null; header('Location: user.php'); die; } //Check if the username already exists $cmd = $conn->prepare("select userID from {$userTable} where username = :username"); $cmd->bindParam(":username", $username, PDO::PARAM_STR, 25); $cmd->execute(); $results = $cmd->fetchAll(); if (count($results) === 0) { //Add the value to our table $sql = empty($userID) ? "insert into {$userTable} (username, addr) \n\t\tvalues (:username, :addr)" : "update {$userTable} \n\t\tset username = :username where userID = :userID"; $cmd = $conn->prepare($sql); $cmd->bindParam(":username", $username, PDO::PARAM_STR, 25); if (empty($userID)) { $cmd->bindParam(":addr", $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR, 16); } else { $cmd->bindParam(":userID", $userID, PDO::PARAM_INT); } $cmd->execute(); //Get userID for the Log if (empty($userID)) { $cmd = $conn->prepare("select userID from {$userTable} where username = :username"); $cmd->bindParam(":username", $username, PDO::PARAM_STR, 25);
function canListen() { //global $config; //if(!$config['payableMode']) // return 1; if ($this->getBool('free_content')) { return 1; } return hasPerm($this, 'listen'); }
/** Retrieves roles and contacts associated with this object */ function getRoles($language = '') { global $db, $vocabularies, $lang, $repository; if (empty($language)) { $language = $lang; } $roles = $db->getAll("SELECT id, contact_id, role_id FROM sotf_object_roles WHERE object_id='{$this->id}' ORDER BY role_id, contact_id"); for ($i = 0; $i < count($roles); $i++) { $cobj =& $repository->getObject($roles[$i]['contact_id']); if ($cobj) { $roles[$i]['role_name'] = $vocabularies->getRoleName($roles[$i]['role_id'], $language); $roles[$i]['creator'] = $vocabularies->isCreator($roles[$i]['role_id']); $roles[$i]['contact_data'] = $cobj->getAllWithIcon(); if (hasPerm($roles[$i]['contact_id'], 'change')) { $roles[$i]['change_contact'] = 1; } } else { logError("Referred contact does not exist: " . $roles[$i]['contact_id']); unset($roles[$i]); } } return $roles; }
<?php require "init.inc.php"; $seriesid = sotf_Utils::getParameter('seriesid'); $page->errorURL = "editSeries.php?seriesid={$seriesid}"; $page->setTitle('edit_series'); $page->popup = true; $page->forceLogin(); if (!$seriesid) { raiseError("Id is missing"); } if (!hasPerm($seriesid, "change")) { raiseError("You have no permission to change series settings!"); } $series =& new sotf_Series($seriesid); // save general data $save = sotf_Utils::getParameter('save'); $finish = sotf_Utils::getParameter('finish'); if ($save || $finish) { $series->setWithParam('title'); $series->setWithParam('description'); $series->update(); if ($finish) { $page->redirect("closeAndRefresh.php?anchor=series"); } else { $page->redirect("editSeries.php?seriesid={$seriesid}"); } exit; } // manage roles $delrole = sotf_Utils::getParameter('delrole');
<body> <?php if (isset($_SESSION['isLogged']) && (dirname($_SERVER['REQUEST_URI']) == "/cauth" || $_SERVER['REQUEST_URI'] == "/cauth/")) { ?> <header> <nav class="navbar navbar-default"> <div class="navbar-header"> <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#mainNav"> <span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span> </button> <a href="index.php" class="navbar-brand">SeaAuth - Server Protection</a> </div> <div class="collapse navbar-collapse" id="mainNav"> <ul class="nav navbar-nav"> <li><a href="index.php">Home</a></li> <?php if (hasPerm("codes.list", $user)) { echo '<li><a href="codelist.php">Codes</a></li>'; } if (hasPerm("users.list", $user)) { echo '<li><a href="userlist.php">Users</a></li>'; } ?> <li><a href="logout.php">Logout</a></li> </ul> </div> </nav> </header> <?php }
* Created for the StreamOnTheFly project (IST-2001-32226) * Authors: András Micsik, Máté Pataki, Tamás Déri * at MTA SZTAKI DSD, http://dsd.sztaki.hu */ require "init.inc.php"; //$smarty->assign("OKURL", $_SERVER['PHP_SELF'] . "?id=" . rawurlencode($id)); $id = sotf_Utils::getParameter('id'); if ($id) { $db->begin(); $smarty->assign('ID', $id); $prg =& $repository->getObject($id); if (!$prg) { raiseError("no_such_object", $id); } if (!$prg->getBool('published')) { if (!hasPerm($prg->id, 'change')) { raiseError("not_published_yet", $id); exit; } $smarty->assign("UNPUBLISHED", 1); } $page->setTitle($prg->get('title')); // general data $prgData = $prg->getAll(); $prgData['icon'] = sotf_Blob::cacheIcon($id); $smarty->assign('PRG_DATA', $prgData); // station data $station = $prg->getStation(); $smarty->assign('STATION_DATA', $station->getAllWithIcon()); // series data $series = $prg->getSeries();
function amIGod() { return hasPerm("GOD"); }
<?php //Setup Connection and check authorization require_once "authlib.php"; if (hasPerm("codes.clear")) { //Check if a UserID is specified $code = base64_decode($_GET['ccode']); //Grab the user and set address to null logEvent($conn, $logTable, "Cleared SeaCode {$code}"); $cmd = $conn->prepare("update {$codeTable} set userID = null where codename = :code"); $cmd->bindParam(":code", $code, PDO::PARAM_INT); $cmd->execute(); } //Disconnect $conn = $altConn = null; header('Location: codelist.php');
$smarty->assign("PAGETITLE", $page->getlocalized("editmeta")); } $page->forceLogin(); $okURL = sotf_Utils::getParameter('okURL'); // delete topic $delTopic = sotf_Utils::getParameter('deltopic'); if ($delTopic) { $repository->delFromTopic($delTopic); $page->redirect("editMeta.php?id={$prgId}#topics"); exit; } $prg =& new sotf_Programme($prgId); if (!$prg->isLocal()) { raiseError("You can only edit programmes locally!"); } if (!hasPerm($prgId, 'change')) { raiseError("no permission to change files in this programme"); exit; } $finishpublish = sotf_Utils::getParameter('finishpublish'); $finish = sotf_Utils::getParameter('finish'); $save = sotf_Utils::getParameter('save'); if ($save || $finish || $finishpublish) { $params = array('title' => 'text', 'alternative_title' => 'text', 'episode_title' => 'text', 'episode_sequence' => 'number', 'keywords' => 'text', 'abstract' => 'text', 'language' => 'text', 'genre_id' => 'number', 'spatial_coverage' => 'text', 'temporal_coverage' => 'date', 'production_date' => 'date', 'broadcast_date' => 'date', 'expiry_date' => 'date'); foreach ($params as $param => $type) { $value = sotf_Utils::getParameter($param); if ($type == 'text') { $value = strip_tags($value); } elseif ($type == 'number') { if (empty($value)) { $value = '';
<?php // -*- tab-width: 3; indent-tabs-mode: 1; -*- // $Id$ require "init.inc.php"; $page->popup = true; $page->forceLogin(); $stationId = sotf_Utils::getParameter('stationid'); $seriesTitle = sotf_Utils::getParameter('title'); if (!hasPerm($stationId, "create")) { raiseError("You have no permission to create new series!"); } if ($seriesTitle) { // create a new series $series = new sotf_Series(); $series->set('title', $seriesTitle); $series->set('station_id', $stationId); $series->set('entry_date', date('Y-m-d')); $status = $series->create(); if (!$status) { $page->addStatusMsg('series_create_failed'); } else { $permissions->addPermission($series->id, $user->id, 'admin'); $page->redirect("editSeries.php?seriesid=" . $series->id); exit; } } // general data $smarty->assign("TITLE", $seriesTitle); $page->sendPopup();
<main id="content-wrapper" class="container"> <div class="page-header"> <h1>SeaAuth <small>Code Management</small></h1> </div> <div class="btn-group"> <a href="code.php" class="btn btn-warning">Add Code</a> <a href="?di" class="btn btn-warning">Show Inactive</a> <a href="permlist.php" class="btn btn-warning">Permission List</a> </div> <table class="table table-striped table-hover"> <?php //Get Columns $cols = array("codename", "username", "perms"); //Get fields $col_ss = implode(", ", $cols) . ", userID"; $joinType = (isset($_GET['di']) && hasPerm("codes.inactive", $user) ? "left" : "") . " join"; $cmd = $conn->prepare("select {$col_ss} from {$codeTable} \n\t\t\t{$joinType} {$userTable} using(userID)"); $cmd->execute(); $results = $cmd->fetchAll(); //Print out our table echo "<thead><tr>"; foreach ($cols as $col) { echo "<th>{$col}</th>"; } echo "<th>Edit</th><th>Delete</th></tr></thead><tbody>"; foreach ($results as $row) { $ccode = base64_encode($row['codename']); echo "<tr>"; foreach ($cols as $col) { $val = strlen($row[$col]) > 47 ? substr($row[$col], 0, 47) . "..." : $row[$col]; echo "<td>{$val}</td>";
<?php // -*- tab-width: 3; indent-tabs-mode: 1; -*- // $Id$ require "init.inc.php"; $station = sotf_Utils::getParameter('station'); $new = sotf_Utils::getParameter('new'); $desc = sotf_Utils::getParameter('desc'); $manager = sotf_Utils::getParameter('username'); $page->forceLogin(); if (!hasPerm('node', 'create')) { raiseError($page->getlocalized('no_permission')); exit; } if ($new) { $userid = $user->getUserid($manager); if (empty($userid) || !is_numeric($userid)) { $page->addStatusMsg('select_manager'); $problem = 1; } $station_old = $station; $station = sotf_Utils::makeValidName($station, 32); if ($station != $station_old) { $page->addStatusMsg('illegal_name'); $problem = 1; } if (sotf_Station::isNameInUse($station)) { $page->addStatusMsg('name_in_use'); $problem = 1; } if (!$problem) {
</span> </div> </form> </div> </div> <?php $cmd = $conn->prepare("select now() from {$logTable}"); $cmd->execute(); $results = $cmd->fetchAll(); if (count($results)) { echo "<h2>Current Server Time: {$results[0][0]}</h2>"; } ?> <table class="table table-striped table-hover"> <?php if (hasPerm("log.view")) { //Get Columns $search = isset($_GET['search']) ? addslashes($_GET['search']) : ""; $cols = array("logID", "username", "logTime", "logEvent"); //Get fields $col_ss = implode(", ", $cols); //SQL safe Columns $where_ss = implode(" like '%{$search}%' or ", $cols) . " like '%{$search}%'"; $sql = "select {$col_ss} from {$logTable}\n\t\t\t\tleft join {$userTable} using(userID)\n\t\t\t\twhere {$where_ss}\n\t\t\t\torder by logTime desc\n\t\t\t\tlimit 30"; echo "<code>{$sql}</code>"; $cmd = $conn->prepare($sql); $cmd->execute(); $results = $cmd->fetchAll(); //Print out our table echo "<thead><tr>"; foreach ($cols as $col) {
* Created for the StreamOnTheFly project (IST-2001-32226) * Authors: András Micsik, Máté Pataki, Tamás Déri * at MTA SZTAKI DSD, http://dsd.sztaki.hu */ require "init.inc.php"; $hitsPerPage = $sotfVars->get("hitsPerPage", 15); $smarty->assign('PAGETITLE', $page->getlocalized('Stations')); $start = sotf_Utils::getParameter('start'); $station = sotf_Utils::getParameter('station'); $delete = sotf_Utils::getParameter('delete'); if ($delete) { checkPerm('node', 'delete'); $st =& $repository->getObject($station); $st->delete(); $page->addStatusMsg('delete_ok'); $page->redirect($_SERVER["PHP_SELF"]); } $limit = $page->splitList(sotf_Station::countAll(), $scriptUrl); //$result = $db->limitQuery($query, $limit["from"], $limit["maxresults"]); //get results with limit $stations = sotf_Station::listStations($limit["from"], $limit["maxresults"]); for ($i = 0; $i < count($stations); $i++) { $sprops = $stations[$i]->getAllWithIcon(); $sprops['numProgs'] = $stations[$i]->numProgrammes(); $sprops['isLocal'] = $stations[$i]->isLocal(); if (hasPerm('node', 'delete', 'change')) { $sprops['managers'] = $permissions->listUsersWithPermission($stations[$i]->id, 'admin'); } $STATION_LIST[] = $sprops; } $smarty->assign('STATIONS', $STATION_LIST); $page->send();
//Get fields $col_ss = implode(", ", $cols); $where = isset($_GET['di']) && hasPerm("users.inactive", $user) ? "" : "where active = '1'"; $cmd = $conn->prepare("select {$col_ss} from {$userTable} {$where} order by userID"); $cmd->execute(); $results = $cmd->fetchAll(); //Print out our table echo "<thead><tr>"; foreach ($cols as $col) { echo "<th>{$col}</th>"; } echo "<th>Edit</th><th>Deactivate</tr></thead><tbody>"; foreach ($results as $row) { echo "<tr>"; foreach ($cols as $col) { if ($col == "addr" && !hasPerm("users.addr", $user)) { $val = "***.***.***.***"; } else { $val = strlen($row[$col]) > 47 ? substr($row[$col], 0, 47) . "..." : $row[$col]; } echo "<td>{$val}</td>"; } $params = "?userID=" . base64_encode($row['userID']); $params .= $row['active'] == 0 ? "&undo" : ""; echo "<td><a href='user.php{$params}'>Edit</a></td>"; echo "<td><a href='revoke-user.php{$params}' onclick='return confirm(\"Are you sure?\");'>X</a></td>"; } echo "</tbody>"; ?> </table> </main>
<?php // -*- tab-width: 3; indent-tabs-mode: 1; -*- // $Id$ require "init.inc.php"; $hitsPerPage = $sotfVars->get("hitsPerPage", 15); $smarty->assign('PAGETITLE', $page->getlocalized('Stations')); $start = sotf_Utils::getParameter('start'); $station = sotf_Utils::getParameter('station'); $delete = sotf_Utils::getParameter('delete'); if ($delete and hasPerm('node', 'delete')) { $st =& new sotf_Station($station); $st->delete(); $page->addStatusMsg('delete_ok'); $page->redirect($_SERVER["PHP_SELF"]); } $limit = $page->splitList(sotf_Station::countAll(), "{$php_self}"); //$result = $db->limitQuery($query, $limit["from"], $limit["maxresults"]); //get results with limit $stations = sotf_Station::listStations($limit["from"], $limit["maxresults"]); for ($i = 0; $i < count($stations); $i++) { $sprops = $stations[$i]->getAllWithIcon(); $sprops['numProgs'] = $stations[$i]->numProgrammes(); $sprops['isLocal'] = $stations[$i]->isLocal(); if (hasPerm('node', 'delete')) { $sprops['managers'] = $permissions->listUsersWithPermission($stations[$i]->id, 'admin'); } $STATION_LIST[] = $sprops; } $smarty->assign('STATIONS', $STATION_LIST); $page->send();
* Created for the StreamOnTheFly project (IST-2001-32226) * Authors: András Micsik, Máté Pataki, Tamás Déri * at MTA SZTAKI DSD, http://dsd.sztaki.hu */ require "init.inc.php"; $page->popup = true; $page->forceLogin(); $context = sotf_Utils::getParameter('context'); $objectname = sotf_Utils::getParameter('objectname'); $objectid = sotf_Utils::getParameter('objectid'); $username = sotf_Utils::getParameter('username'); $save = sotf_Utils::getParameter('save'); $userid = $user->getUserid($username); if ($userid == $user->id) { // trying to change permissions for self if (!hasPerm($objectid, 'admin')) { raiseError("self_perm_change_not_allowed"); } } checkPerm($objectid, "authorize"); if (empty($userid) || !is_numeric($userid)) { raiseError("Invalid username: {$username}"); } if ($save) { $userPerms = $permissions->getPermissions($objectid, $userid); debug("userPerms", $userPerms); if (sotf_Utils::getParameter('perm_admin')) { if (!in_array('admin', $userPerms)) { $permissions->addPermission($objectid, $userid, 'admin'); } } else {
<?php require "init.inc.php"; $smarty->assign('PAGETITLE', $page->getlocalized('AdminPage')); $page->forceLogin(); $page->errorURL = "admin.php"; if (!hasPerm('node', "change")) { raiseError("You have no permission to change node settings!"); } /* // save general data $save = sotf_Utils::getParameter('save'); if($save) { $desc = sotf_Utils::getParameter('desc'); $st->set('description', $desc); $st->update(); $page->redirect("editStation.php?stationid=$stationid"); exit; } */ // sync $sync = sotf_Utils::getParameter('sync'); if ($sync) { $nid = sotf_Utils::getParameter('nodeid'); $neighbour = sotf_Neighbour::getById($nid); $neighbour->sync(true); $page->redirect("admin.php#network"); } // delete neighbour $deln = sotf_Utils::getParameter('delneighbour'); debug("deln", $deln);
<?php require "init.inc.php"; $smarty->assign('PAGETITLE', $page->getlocalized('edit_station')); $page->forceLogin(); $stationid = sotf_Utils::getParameter('stationid'); $page->errorURL = "editStation.php?stationid={$stationid}"; $st =& new sotf_Station($stationid); $smarty->assign('STATION_ID', $stationid); $smarty->assign('STATION', $st->get('name')); if (!$st->isLocal()) { raiseError("You can only edit local stations!"); } if (!hasPerm($st->id, "change")) { raiseError("You have no permission to change station settings!"); } // save general data $save = sotf_Utils::getParameter('save'); if ($save) { $desc = sotf_Utils::getParameter('desc'); $st->set('description', $desc); $st->update(); $page->redirect("editStation.php?stationid={$stationid}"); exit; } // manage roles $delrole = sotf_Utils::getParameter('delrole'); if ($delrole) { $roleid = sotf_Utils::getParameter('roleid'); $role = new sotf_NodeObject('sotf_object_roles', $roleid); $c = new sotf_Contact($role->get('contact_id'));
<?php require "init.inc.php"; $page->forceLogin(); $context = sotf_Utils::getParameter('context'); $objectname = sotf_Utils::getParameter('objectname'); $objectid = sotf_Utils::getParameter('objectid'); $username = sotf_Utils::getParameter('username'); $save = sotf_Utils::getParameter('save'); $userid = $user->getUserid($username); if (!hasPerm($objectid, "change")) { raiseError("You have no permission to change user permissions!"); } if (empty($userid) || !is_numeric($userid)) { raiseError("Invalid username: {$username}"); } if ($save) { $userPerms = $permissions->getPermissions($objectid, $userid); debug("userPerms", $userPerms); if (sotf_Utils::getParameter('perm_admin')) { if (!in_array('admin', $userPerms)) { $permissions->addPermission($objectid, $userid, 'admin'); } } else { if (in_array('admin', $userPerms)) { $permissions->delPermission($objectid, $userid, 'admin'); } $perms['create'] = sotf_Utils::getParameter('perm_create'); $perms['change'] = sotf_Utils::getParameter('perm_change'); $perms['add_prog'] = sotf_Utils::getParameter('perm_add_prog'); $perms['delete'] = sotf_Utils::getParameter('perm_delete');
$page->forceLogin(); $contactId = sotf_Utils::getParameter('id'); $save = sotf_Utils::getParameter('save'); $finish1 = sotf_Utils::getParameter('finish1'); $finish2 = sotf_Utils::getParameter('finish2'); $addperm = sotf_Utils::getParameter('addperm'); $delperm = sotf_Utils::getParameter('delperm'); $username = sotf_Utils::getParameter('username'); $view = sotf_Utils::getParameter('view'); $contact =& new sotf_Contact($contactId); $smarty->assign('CONTACT_ID', $contactId); $smarty->assign('CONTACT_NAME', $contact->get('name')); if (!$contact->isLocal()) { raiseError("You can only edit local contacts!"); } if (!hasPerm($contact->id, "change")) { raiseError("You have no permission to change contact settings!"); } // upload icon $uploadicon = sotf_Utils::getParameter('uploadicon'); if ($uploadicon) { $file = sotf_Utils::getFileInDir($user->getUserDir(), $_FILES['userfile']['name']); move_uploaded_file($_FILES['userfile']['tmp_name'], $file); $contact->setIcon($file); $page->redirect("editContact.php?id={$contactId}#icon"); exit; } // save general data if ($save || $finish1 || $finish2) { if (!$finish2) { $contact->set('alias', sotf_Utils::getParameter('alias'));
require_once "authlib.php"; $code = $_POST['ccode']; $oldCode = $_POST['oldCode']; $perms = $_POST['perms']; $user = null; if (!empty($oldCode) && hasPerm("codes.edit", $user)) { logEvent($conn, $logTable, "Changed SeaCode {$oldCode} to {$code}"); $cmd = $conn->prepare("update {$codeTable} set codename = :code, perms = :perms \n\t\twhere codename = :oldCode"); $cmd->bindParam(":code", $code, PDO::PARAM_STR, 10); $cmd->bindParam(":oldCode", $oldCode, PDO::PARAM_STR, 10); $cmd->bindParam(":perms", $perms, PDO::PARAM_STR, 100); $cmd->execute(); $conn = $altConn = null; header('Location: codelist.php'); die(''); } $cmd = $conn->prepare("select userID from {$codeTable} where codename = :code"); $cmd->bindParam(":code", $code, PDO::PARAM_STR, 10); $cmd->execute(); $results = $cmd->fetchAll(); if (count($results) === 0 && hasPerm("codes.add", $user)) { logEvent($conn, $logTable, "Added new SeaCode {$code}"); $cmd = $conn->prepare("insert into {$codeTable} (codename, perms) \n\t\tvalues (:code, :perms)"); $cmd->bindParam(":code", $code, PDO::PARAM_STR, 10); $cmd->bindParam(":perms", $perms, PDO::PARAM_STR, 100); $cmd->execute(); header('Location: codelist.php'); } else { header('Location: code.php'); } $conn = $altConn = null;
if (!strstr($capurl, "#")) { $capurl .= "#ofiles"; } $page->redirect($capurl); } elseif ($capname == "mfiles") { $x = new sotf_NodeObject("sotf_media_files", $capid); $x->set('caption', addslashes($capvalue)); $x->update(); if (!strstr($capurl, "#")) { $capurl .= "#mfiles"; } $page->redirect($capurl); } $prg =& new sotf_Programme($id); // admins or owners can change files if (!hasPerm($id, 'change')) { raiseError("no permission to change files in this programme"); exit; } // delete link $delLink = sotf_Utils::getParameter('dellink'); $linkid = sotf_Utils::getParameter('linkid'); if ($delLink) { $link = new sotf_NodeObject("sotf_links", $linkid); $link->delete(); $page->redirect("editFiles.php?id={$id}#links"); exit; } // delete file $delFile = sotf_Utils::getParameter('delfile'); if ($delFile) {
<?php require "init.inc.php"; $smarty->assign('PAGETITLE', $page->getlocalized('add_files')); $page->forceLogin(); $prgId = sotf_Utils::getParameter('prgid'); $main = sotf_Utils::getParameter('main'); $add = sotf_Utils::getParameter('add'); if (empty($prgId)) { raiseError("Missing programme id!"); } if (!hasPerm($prgId, "change")) { raiseError("You have no permission to add files here!"); } // upload file $upload = sotf_Utils::getParameter('upload'); if ($upload) { $fname = $_FILES['userfile']['name']; $file = sotf_Utils::getFileInDir($user->getUserDir(), $fname); move_uploaded_file($_FILES['userfile']['tmp_name'], $file); $prg = new sotf_Programme($prgId); if ($main) { $prg->setAudio($file); $page->redirect("closeAndRefresh.php"); } else { $prg->setOtherFile($fname); $page->redirect("closeAndRefresh.php#anchor=mfiles"); } exit; } // add files
} $station_old = $station; /* $station = sotf_Utils::makeValidName($station, 32); if ($station != $station_old) { $page->addStatusMsg('illegal_name'); $problem = 1; } */ if (sotf_Station::isNameInUse($station)) { $page->addStatusMsg('name_in_use'); $problem = 1; } if (!$problem) { $st =& new sotf_Station(); $st->create($station, $desc); if ($manager || !hasPerm('node', 'change')) { $permissions->addPermission($st->getID(), $userid, 'admin'); } $page->addStatusMsg('station_created'); if (hasPerm('node', 'change') || !$manager) { $page->redirect("editStation.php?stationid=" . $st->id); } else { $page->redirect("stations.php"); } } } $smarty->assign('STATION', $station); $smarty->assign('DESC', $desc); $smarty->assign('MANAGER', $manager); $page->send();