include "include/dbcommon.php";
add_nocache_headers();
include 'include/xtempl.php';
include "include/public_tmp_bank_2013_variables.php";
include 'classes/runnerpage.php';
include 'classes/listpage.php';
include "classes/searchpanel.php";
include "classes/searchcontrol.php";
include "classes/searchclause.php";
include "classes/panelsearchcontrol.php";
if (!isLogged()) {
$_SESSION["MyURL"] = $_SERVER["SCRIPT_NAME"] . "?" . $_SERVER["QUERY_STRING"];
header("Location: login.php?message=expired");
return;
}
if (isLoggedAsGuest()) {
$_SESSION["MyURL"] = $_SERVER["SCRIPT_NAME"] . "?" . $_SERVER["QUERY_STRING"];
}
if (CheckPermissionsEvent($strTableName, 'S') && !CheckSecurity(@$_SESSION["_" . $strTableName . "_OwnerID"], "Search") && !CheckSecurity(@$_SESSION["_" . $strTableName . "_OwnerID"], "Add")) {
if (IsAdmin()) {
echo "<p>" . "You don't have permissions to access this table" . "<br><a href=\"admin_rights_list.php\">" . "Proceed to Admin Area" . "</a> " . "to set up user permissions" . "</p>";
} else {
echo "<p>" . "You don't have permissions to access this table" . " <a href=\"login.php\">" . "Back to login page" . "</a></p>";
}
exit;
}
$layout = new TLayout("list2", "RoundedGreen", "MobileGreen");
$layout->blocks["center"] = array();
$layout->skins["recordcontrols"] = "1";
$layout->blocks["center"][] = "recordcontrols";
$layout->containers["message"] = array();
/**
* Returns true if logged out
* @return Boolean
*/
static function processLogoutRequest()
{
// no need to logout
if (postvalue("a") != "logout" || !isLogged() || isLoggedAsGuest()) {
return false;
}
// logout and redirect (refresh current page)
$loginPageObject = Security::createLoginPageObject();
$loginPageObject->Logout();
// login as guest
Security::doGuestLogin();
global $logoutPerformed;
$logoutPerformed = true;
return true;
}
/**
* Common assign for diferent mode on list page
* Branch classes add to this method its individualy code
*/
function commonAssign()
{
parent::commonAssign();
$this->xt->assign("id", $this->id);
$this->xt->assignbyref("body", $this->body);
$this->xt->enable_section("style_block");
$this->xt->enable_section("iestyle_block");
$this->xt->assign("newrecord_controls_block", $this->permis[$this->tName]['add']);
$this->xt->assign("record_controls_block", $this->permis[$this->tName]['add'] || $this->isDispGrid());
//$this->xt->assign("grid_controls", $this->isDispGrid());
$this->importLinksAttrs();
$this->xt->assign("changepwd_link", $_SESSION["AccessLevel"] != ACCESS_LEVEL_GUEST);
$this->xt->assign("changepwdlink_attrs", "href=\"changepwd.php\" onclick=\"window.location.href='changepwd.php';return false;\"");
if ($this->isShowMenu() || $this->isAdminTable()) {
$this->xt->assign("quickjump_attrs", 'class="runner-quickjump"');
}
if ($this->createLoginPage) {
$this->xt->assign("security_block", true);
$this->xt->assign("username", htmlspecialchars($_SESSION["UserName"]));
$this->xt->assign("logoutlink_attrs", "onclick=\"window.location.href='login.php?a=logout';return false;\"");
$this->xt->assign("guestloginlink_attrs", "onclick=\"window.location.href='login.php';return false;\"");
$this->xt->assign("loggedas_message", !isLoggedAsGuest());
$this->xt->assign("guestloginbutton", isLoggedAsGuest());
$this->xt->assign("logoutbutton", isSingleSign() && !isLoggedAsGuest());
}
foreach ($this->googleMapCfg['mainMapIds'] as $mapId) {
$this->xt->assign_event($mapId, $this, 'createMapDiv', array('mapId' => $mapId, 'width' => $this->googleMapCfg['mapsData'][$mapId]['width'], 'height' => $this->googleMapCfg['mapsData'][$mapId]['height']));
}
//add assign for grid block
$this->addAssignForGrid();
}
/**
* @param String table
*/
public static function processAddPageSecurity($table)
{
// user has necessary permissions
if (Security::checkPagePermissions($table, "A")) {
return true;
}
// display entered data. Give the user chance to relogin. Do nothing for now.
if (postvalue("a") == "added") {
return true;
}
// page can not be displayed. Redirect or return error
// return error if the page is requested by AJAX
$pageMode = AddPage::readAddModeFromRequest();
if ($pageMode != ADD_SIMPLE) {
Security::sendPermissionError();
return false;
}
// The user is logged in but lacks necessary permissions
// redirect to List page or Menu.
if (isLogged() && !isLoggedAsGuest()) {
Security::redirectToList($table);
return false;
}
redirectToLogin();
return false;
}
{
$changedValues[$fieldName] = $value;
}
}
//check if some values are duplicated for the fields not allowing duplicates
$retval = !$pageObject->hasDeniedDuplicateValues($changedValues, $usermessage);
}
// if get save data and user is logged and not check permission
if ($evalues && !CheckTablePermissions($strTableName, "E") && isLogged()) {
$retval = false;
$usermessage = 'You have no permissions to complete this action.';
}
// if get save data and user is not logged or guest
if ($evalues && ((!CheckTablePermissions($strTableName, "E") && isLoggedAsGuest()) || !isLogged())) {
$retval = false;
$usermessage = "Your session has expired." . "<a href='#' id='loginButtonContinue" . $pageObject->id . "'>" . "Login" . "</a>" . " to save data.";
}
if($retval && $pageObject->isCaptchaOk)
{
if($inlineedit!=EDIT_INLINE)
$_SESSION[$strTableName."_count_captcha"] = $_SESSION[$strTableName."_count_captcha"]+1;
//set updated lat-lng values for all map fileds with 'UpdateLatLng' ticked
if( $pageObject->isTableGeoUpdatable() )
$pageObject->setUpdatedLatLng( $evalues, $dataold );
$customEditResult = true;
if($eventObj->exists("CustomEdit"))
//fill jsSettings and ControlsHTMLMap
$pageObject->fillSetCntrlMaps();
$pageObject->body['end'] .= '<script>';
$pageObject->body['end'] .= "window.controlsMap = " . my_json_encode($pageObject->controlsHTMLMap) . ";";
$pageObject->body['end'] .= "window.viewControlsMap = " . my_json_encode($pageObject->viewControlsHTMLMap) . ";";
$pageObject->body['end'] .= "window.settings = " . my_json_encode($pageObject->jsSettings) . ";</script>";
$pageObject->body["end"] .= "<script type=\"text/javascript\" src=\"" . GetRootPathForResources("include/runnerJS/RunnerAll.js") . "\"></script>";
$pageObject->body["end"] .= '<script>' . $pageObject->PrepareJS() . "</script>";
$xt->assignbyref("body", $pageObject->body);
// The user might rewrite $_SESSION["UserName"] value with HTML code in an event, so no encoding will be performed while printing this value.
$xt->assign("username", $_SESSION["UserName"]);
$xt->assign("changepwd_link", $_SESSION["AccessLevel"] != ACCESS_LEVEL_GUEST && $_SESSION["fromFacebook"] == false);
$xt->assign("changepwdlink_attrs", "onclick=\"window.location.href='" . GetTableLink("changepwd") . "';return false;\"");
$xt->assign("logoutlink_attrs", "onclick=\"window.location.href='" . GetTableLink("login", "", "a=logout") . "';return false;\"");
$xt->assign("guestloginlink_attrs", "onclick=\"window.location.href='" . GetTableLink("login") . "';return false;\"");
$xt->assign("loggedas_block", !isLoggedAsGuest());
$xt->assign("loggedas_message", !isLoggedAsGuest());
$xt->assign("logout_link", true);
$xt->assign("guestloginbutton", isLoggedAsGuest());
$xt->assign("logoutbutton", isSingleSign() && !isLoggedAsGuest());
// get redirect location for menu page
$redirect = $pageObject->getRedirectForMenuPage();
if ($redirect) {
header("Location: " . $redirect);
exit;
}
$xt->assign("menu_block", true);
if ($globalEvents->exists("BeforeShowMenu")) {
$globalEvents->BeforeShowMenu($xt, $pageObject->templatefile, $pageObject);
}
$pageObject->display($pageObject->templatefile);
protected function recheckUserPermissions()
{
if (CheckTablePermissions($this->tName, "E")) {
return true;
}
if (isLoggedAsGuest() || !isLogged()) {
$this->setMessage("Your session has expired." . "<a href='#' id='loginButtonContinue" . $this->id . "'>" . "Login" . "</a>" . " to save data.");
} else {
$this->setMessage('You have no permissions to complete this action.');
}
return false;
}
public static function processListPageSecurity($table)
{
// user has necessary permissions
if (Security::checkPagePermissions($table, "S")) {
return true;
}
$mode = ListPage::readListModeFromRequest();
// check special permissions like lookup mode
if ($mode == LIST_LOOKUP && ListPage::checkLookupPermissions($table)) {
return true;
}
// page can not be displayed. Redirect or return error
// return error if the page is requested by AJAX
if ($mode != LIST_SIMPLE) {
Security::sendPermissionError();
return false;
}
// The user is logged in but lacks necessary permissions
// redirect to List page or Menu.
if (isLogged() && !isLoggedAsGuest()) {
HeaderRedirect("menu");
return false;
}
// Not logged in
// redirect to Login
// Current URL is already saved in session
redirectToLogin();
return false;
}
static function reloginAndLogoutProcess($permission)
{
global $strTableName;
include_once(getabspath('classes/loginpage.php'));
$loginXt = new Xtempl();
$loginParams = array("pageType" => PAGE_LOGIN);
$loginParams['xt'] = &$loginXt;
$loginParams["tName"]= NOT_TABLE_BASED_TNAME;
$loginParams['needSearchClauseObj'] = false;
$loginPageObject = new LoginPage($loginParams);
$loginPageObject->init();
// login automatically, if username and password are in cookies.
if( !isLogged() || isLoggedAsGuest() )
{
$username = $_COOKIE["username"];
$password = $_COOKIE["password"];
if( $username != "" && $password != "" )
{
$loginPageObject->LogIn($username, $password);
}
}
$url = $_SERVER["SCRIPT_NAME"].(!empty($_SERVER["QUERY_STRING"]) ? "?".$_SERVER["QUERY_STRING"] : '');
if (!postvalue("onFly"))
{
$_SESSION["MyURL"] = $url;
}
if (postvalue("a")=="logout")
{
$_SESSION["MyURL"] = $_SERVER["SCRIPT_NAME"];
if (!CheckTablePermissions($strTableName, $permission) || !isLogged())
{
HeaderRedirect("login", "", "");
exit();
}
if (isLogged() && !isLoggedAsGuest())
{
$loginPageObject->LogoutAndRedirect($url);
}
}
}
<?php
@ini_set("display_errors", "1");
@ini_set("display_startup_errors", "1");
require_once "include/dbcommon.php";
if ($_SESSION["MyURL"] == "" || !isLoggedAsGuest()) {
Security::saveRedirectURL();
}
$layout = new TLayout("menu2", "Rounded1DeliciousLavender1", "MobileDeliciousLavender1");
$layout->version = 2;
$layout->blocks["top"] = array();
$layout->containers["menu"] = array();
$layout->container_properties["menu"] = array();
$layout->containers["menu"][] = array("name" => "vmenu", "block" => "menu_block", "substyle" => 1);
$layout->skins["menu"] = "1";
$layout->blocks["top"][] = "menu";
$page_layouts["menu"] = $layout;
$layout->skinsparams = array();
$layout->skinsparams["empty"] = array("button" => "button2");
$layout->skinsparams["menu"] = array("button" => "button1");
$layout->skinsparams["hmenu"] = array("button" => "button1");
$layout->skinsparams["undermenu"] = array("button" => "button1");
$layout->skinsparams["fields"] = array("button" => "button1");
$layout->skinsparams["form"] = array("button" => "button1");
$layout->skinsparams["1"] = array("button" => "button1");
$layout->skinsparams["2"] = array("button" => "button1");
$layout->skinsparams["3"] = array("button" => "button1");
require_once 'include/xtempl.php';
require_once getabspath("classes/cipherer.php");
$xt = new Xtempl();
$id = postvalue("id") !== "" ? postvalue("id") : 1;
/**
* Init login form
*/
function initLogin()
{
$this->settingsMap["globalSettings"]["loginFormType"] = GetGlobalData("nLoginForm", 0);
$this->xt->assign("security_block", true);
// The user might rewrite $_SESSION["UserName"] value with HTML code in an event, so no encoding will be performed while printing this value.
$this->xt->assign("username", $_SESSION["UserName"]);
$this->xt->assign("logoutlink_attrs", 'id="logoutButton' . $this->id . '"');
$loggedAsGuest = isLoggedAsGuest();
$this->xt->assign("loggedas_message", !$loggedAsGuest);
$this->xt->assign("guestloginbutton", $loggedAsGuest);
$this->xt->assign("logoutbutton", isSingleSign() && !$loggedAsGuest);
if (isMobile()) {
$this->xt->assign("guestloginlink_attrs", 'id="loginButton' . $this->id . '"');
return;
}
$this->xt->assign("guestloginlink_attrs", 'id="loginButton' . $this->id . '"');
return;
}
