public function checkLogin() { $adminID = Yaf_Session::getInstance()->__get('adminID'); if (!$adminID) { jsRedirect('/admin/login'); } }
public function registerActAction() { $m['username'] = $this->getParam('username'); $m['password'] = $this->getParam('password'); if (!$m['username'] || !$m['password']) { $error = 'Username and password are required !'; $this->showError($error, 'index'); } // Username exists ? $where = array('username' => $m['username']); $num = $this->m_user->Where($where)->Total(); if ($num) { $msg = '注册名已存在, 请更换'; $this->showError($msg, 'index'); } $userID = $this->m_user->Insert($m); if (!$userID) { $error = '注册失败,请重试'; $this->showError($error, 'index'); } else { $msg = '注册成功,请登录'; $url = '/login'; } jsAlert($msg); jsRedirect($url); }
private function init() { $this->m_user = $this->load('user'); $userID = $this->getSession('userID'); if ($userID) { jsRedirect('/user/profile'); } }
function resetGetParams($params, $newURL = null) { zbx_value2array($params); $redirect = false; $url = new CUrl($newURL); foreach ($params as $num => $param) { if (!isset($_GET[$param])) { continue; } $redirect = true; $url->setArgument($param, null); } if ($redirect) { jsRedirect($url->getUrl()); include_once 'include/page_footer.php'; } }
public function registerActAction() { $m['username'] = $this->getPost('username'); $m['password'] = $this->getPost('password'); if (!$m['username'] || !$m['password']) { $error = 'Username and password are required !'; $this->showError($error, 'index'); } $userID = $this->m_user->Insert($m); if (!$userID) { $error = '注册失败,请重试'; $this->showError($error, 'index'); } else { $msg = '注册成功,请登录'; $url = '/login'; } jsAlert($msg); jsRedirect($url); }
public function resetActAction() { $t = $this->getPost('t'); $m = array(); $m['password'] = md5($t['newPass']); if ($this->adminAccount == $_SESSION['adminName']) { $where = array('username' => $_SESSION['adminName']); $data = $this->load('Admin')->Where($where)->UpdateOne($m); } if ($data !== FALSE) { unset($_SESSION['admin'], $_SESSION['priv'], $_SESSION['adminID'], $_SESSION['adminName']); $msg = '密码修改成功,请重新登录!'; $url = '/admin/login'; } else { $msg = '密码修改失败!'; $url = '/admin/index/reset'; } jsAlert($msg); jsRedirect($url); }
public function actionErrorAction() { $url = 'http://yof.mylinuxer.com/article/abc?pd=1'; jsRedirect($url); }
public function delAction() { $articleID = $this->get('articleID'); $code = $this->m_article->DeleteByID($articleID); jsRedirect($this->homeUrl); }
$trigger = API::Trigger()->get(['triggerids' => $_REQUEST['triggerid'], 'output' => API_OUTPUT_EXTEND, 'expandDescription' => true]); if (!$trigger) { access_deny(); } $trigger = reset($trigger); /* * Actions */ if (hasRequest('update')) { DBstart(); $result = DBexecute('UPDATE triggers' . ' SET comments=' . zbx_dbstr(getRequest('comments')) . ' WHERE triggerid=' . zbx_dbstr(getRequest('triggerid'))); $trigger['comments'] = $_REQUEST['comments']; if ($result) { add_audit(AUDIT_ACTION_UPDATE, AUDIT_RESOURCE_TRIGGER, _('Trigger') . ' [' . $_REQUEST['triggerid'] . '] [' . $trigger['description'] . '] ' . _('Comments') . ' [' . $_REQUEST['comments'] . ']'); } $result = DBend($result); show_messages($result, _('Description updated'), _('Cannot update description')); } elseif (isset($_REQUEST['cancel'])) { jsRedirect('tr_status.php'); exit; } /* * Display */ $triggerEditable = API::Trigger()->get(['triggerids' => $_REQUEST['triggerid'], 'output' => ['triggerid'], 'editable' => true]); $data = ['triggerid' => getRequest('triggerid'), 'trigger' => $trigger, 'isTriggerEditable' => !empty($triggerEditable), 'isCommentExist' => !empty($trigger['comments'])]; // render view $triggerCommentView = new CView('monitoring.triggerComment', $data); $triggerCommentView->render(); $triggerCommentView->show(); require_once dirname(__FILE__) . '/include/page_footer.php';
// add friend if exists & not already is a friend. $friendid = $db->getArray('SELECT user_id FROM ' . db_users . ' WHERE username="******" LIMIT 1;'); if (empty($friendid)) { $ets->page_body = '<div class="error">' . $l['ucp-fri-badname'] . '</div>'; } else { // are already friends? $fid = $friendid['user_id']; if ($user->areFriends($fid)) { $ets->page_body = '<div class="error">' . $l['ucp-fri-exists'] . '</div>'; } else { // add the friend $uid = $user->id; $now = time(); $db->query('INSERT INTO `' . db_friends . "` ( `owner_id` , `friend_id` , `date` )\r\n\t\t\t\tVALUES (\r\n\t\t\t\t'{$uid}', '{$fid}', '{$now}'\r\n\t\t\t\t);"); // friend is added, send back to list of friends page. jsRedirect('usercp.php?action=friends'); } } } // Show list of friends if (count($user->friends) > 0) { $ets->page_body .= '<table class="nlb_table"><tr> <th>' . $l['username:'******'</th> <th>' . $l['ucp-fri-profile'] . '</th><th>' . $l['ucp-fri-blog'] . '</th> <th>' . $l['ucp-fri-added'] . '</th> <th>' . $l['ucp-fri-del'] . '</th></tr>'; // get info on friends. $friends = $db->getAllArray('SELECT f.date, u.username, u.blog_count, u.user_id FROM ' . db_users . ' as u, ' . db_friends . ' as f WHERE f.owner_id = ' . $user->id . ' AND u.user_id = f.friend_id ORDER BY f.date DESC;');
public function checkLoginAction() { $username = $this->getPost('username'); $password = $this->getPost('password'); if (!$username || !$password) { jsAlert('信息不完整!'); jsRedirect($this->homeUrl); } // 管理员登陆 if (SUPER_ADMIN == $username) { $data = $this->m_admin->checkLogin($username, $password); } else { // 普通角色登陆 $data = $this->m_role->checkRole($username, $password); } if (!$data) { // Login fail $log['status'] = 0; jsAlert('账号或密码不正确!'); jsRedirect($this->homeUrl); } else { // Login OK, log this action and find privileges $this->setSession('adminID', $data['id']); $this->setSession('adminName', $username); // admin 拥有所有的权限 if (SUPER_ADMIN == $username) { $this->setSession('priv', 'ALL'); } else { // 不是管理员, 记录其 roleID, 用于查找权限 // 1: 取得登录的角色所拥有的权限 $priv = $this->m_role->getPrivilegeByRoleID($data['id']); // 如果角色没有分配到任何权限, 提示, 并且退出, 有则 SESSION 记录其所有的权限,供进一步处理 if (!$priv['privilege']) { jsAlert('您还没有任何权限, 请联系管理员!'); jsRedirect($this->homeUrl); } else { $this->setSession('priv', $priv); } } } // Privileges include APP_PATH . '/application/modules/Admin/menu.php'; if (SUPER_ADMIN != $this->getSession('adminName')) { $priv = $this->getSession('priv'); $priv = explode(',', $priv['privilege']); // 1: 与大菜单对比, 删除会员没有权限的菜单 foreach ($menu as $k => $v) { foreach ($v as $kk => $vv) { if (is_array($vv)) { foreach ($vv as $kkk => $vvv) { if (!in_array($kkk, $priv)) { unset($menu[$k][$kk][$kkk]); } } } } } // 2: 进一步处理: 删除没有子菜单的项 foreach ($menu as $k => $v) { if (!$v['sub']) { unset($menu[$k]); } } } $this->setSession('menu', $menu); jsRedirect('/admin/dashboard'); }
} else { if (isset($_REQUEST['triggers'])) { $options = array('output' => API_OUTPUT_SHORTEN, 'acknowledged' => 0, 'triggerids' => $_REQUEST['triggers']); $_REQUEST['events'] = CEvent::get($options); } } $eventsData = array('eventids' => zbx_objectValues($_REQUEST['events'], 'eventid'), 'message' => $_REQUEST['message']); $result = CEvent::acknowledge($eventsData); show_messages($result, S_EVENT_ACKNOWLEDGED, S_CANNOT_ACKNOWLEDGE_EVENT); if ($result) { $event_acknowledged = true; add_audit(AUDIT_ACTION_UPDATE, AUDIT_RESOURCE_TRIGGER, S_ACKNOWLEDGE_ADDED . ' [' . $bulk ? ' BULK ACKNOWLEDGE ' : expand_trigger_description_by_data($event_trigger) . ']' . ' [' . $_REQUEST['message'] . ']'); } if (isset($_REQUEST['saveandreturn'])) { $url = new CUrl(urldecode($_REQUEST['backurl'])); jsRedirect($url->getUrl()); exit; } } $msg = $bulk ? ' BULK ACKNOWLEDGE ' : expand_trigger_description_by_data($event_trigger); show_table_header(array(S_ALARM_ACKNOWLEDGES_BIG . ': ', $msg)); print SBR; if ($bulk) { $title = S_ACKNOWLEDGE_ALARM_BY; $btn_txt2 = S_ACKNOWLEDGE . ' ' . S_AND_SYMB . ' ' . S_RETURN; } else { $db_acks = get_acknowledges_by_eventid($_REQUEST['eventid']); if ($db_acks) { $table = new CTable(null, 'ack_msgs'); $table->setAlign('center'); while ($db_ack = DBfetch($db_acks)) {
* E D I T N E W S I T E M * ======================================= */ if (!defined('IN_NLB3')) { echo 'NLB3 Denies Direct Access'; exit; } $text = new text($_POST, array('body'), array('subject', 'bb', 'html', 'smiles', 'comments')); $problems = array(); $baddata = false; $USESKIN = skin_basic; $ets_outter->main_title = $config->get('site_name') . ": " . $l['acp-editnews']; $ets_outter->page_title = $l['acp-editnews']; if (!isset($_GET['id'])) { // No news ID specified. jsRedirect("admincp.php?action=edit_list"); } if (!empty($_POST)) { /** * Check submited data */ $text->validate(); $text->makeClean('trim', 'slash_if_needed'); $c = $text->clean; if ($text->is_missing_required) { $baddata = true; } else { /** * U P D A T E I T E M */ // deal with options.
<?php /** * ======================================= * E D I T A R T I C L E * ======================================= */ if (!defined('IN_NLB3')) { echo 'NLB3 Denies Direct Access'; exit; } if (!isset($_GET['id'])) { jsRedirect('admincp.php?action=list_article'); } $USESKIN = skin_basic; $text = new text($_POST, array('subject', 'body')); $text->validate(); $text->makeClean('slash_if_needed', 'trim'); $baddata = false; $problems = array(); $ets->page_body = ''; $ets_outter->main_title = $config->get('site_name') . ": " . $l['title-art-edit']; $ets_outter->page_title = $l['title-art-edit']; if (!empty($_POST)) { // check data if ($text->is_missing_required) { $baddata = true; } else { $subject = $text->clean['subject']; $body = $text->clean['body']; badHtmlSecond($body);
<?php /** * ======================================= * E D I T U S E R * ======================================= */ if (!defined('IN_NLB3')) { echo 'NLB3 Denies Direct Access'; exit; } $ets->page_body = ''; $baddata = false; if (!isset($_GET['id'])) { jsRedirect('admincp.php?action=edit_user'); } else { $USERID = $_GET['id']; $edituser = new nlb_user($db, $USERID); } $text = new text($_POST, array('username', 'email', 'blog_count', 'timezone', 'access'), array('bio', 'custom')); $text->validate(); $text->makeClean('trim', 'slash_if_needed'); if (!empty($_POST)) { // check data if ($text->is_missing_required) { $baddata = true; } else { $c = $text->clean; $c['timezone'] -= 13; foreach ($c as $key => $value) { $edituser->set($key, $value);
/** * @return void * @desc looks for banned users, and sends them to propper page. * @date 02-24-04 */ function checkBanned() { // get rid of old bans $this->sql->query('DELETE FROM ' . db_banned . ' WHERE expires < ' . time() . ';'); $ip = $_SERVER['REMOTE_ADDR']; $row = $this->sql->getArray('SELECT banned_id FROM ' . db_banned . ' WHERE ip="' . $ip . '" OR user_id="' . $this->id . '" LIMIT 1;'); if (empty($row)) { // not banned! return $this->isLogedIn; } else { // BANNED USER! jsRedirect(script_path . 'banned.php?id=' . $row['banned_id']); } }
/** * Assign or update privilege action */ public function assignActAction() { // 1: 取得选择的权限 $finalArr = array(); foreach ($_POST as $key => $val) { if (is_array($val)) { foreach ($val as $k => $v) { $finalArr[] = $v; } } } $roleID = $this->getPost('roleID'); $privilege = implode(',', $finalArr); $data = $this->m_role->updatePrivilegeByRoleID($roleID, $privilege); if ($data === FALSE) { jsAlert('更新权限失败'); } jsRedirect($this->homeUrl); }
require_once 'system/ets_file.php'; require_once 'system/sqldb2.class.php'; require_once 'system/nlb_user.class.php'; require_once 'system/nlb_config.class.php'; require_once 'system/nlb_blog.class.php'; require_once 'system/nlb_mail.class.php'; require_once 'system/text.class.php'; require_once 'ets.php'; $db = new sqldb2($DB_CONFIG); $user = new nlb_user($db); $config = new nlb_config($db); $blog = new nlb_blog($db); $user->checkLogin(); // check for loged in user. if ($user->isLogedIn) { jsRedirect("index.php"); } include $config->langfile(); $start = mymicrotime(); $text = new Text($_POST, array('username', 'password', 'confirm-password', 'email', 'template', 'timezone'), array('custom')); $text->validate(); $clean = $text->clean; $baddata = false; $problems = array(); if (!empty($_POST)) { if ($text->is_missing_required) { $baddata = true; } // if there was good submitted data... if ($clean['password'] != $clean['confirm-password']) { $baddata = true;
<?php /** * ======================================= * E D I T S M I L E * ======================================= */ if (!defined('IN_NLB3')) { echo 'NLB3 Denies Direct Access'; exit; } $text = new text($_POST, array('smile_id', 'image', 'code', 'desc'), array("delete")); $text->validate(); if ($text->is_missing_required) { jsRedirect("admincp.php?action=smiles"); die; } $text->makeClean("slash_if_needed"); $c = $text->clean; // delete or update? if (empty($c['delete'])) { $db->query("UPDATE `" . db_smiles . "`\r\n\tSET `code` = '" . $c['code'] . "', \r\n\t`image` = '" . $c['image'] . "', \r\n\t`desc` = '" . $c['desc'] . "' \r\n\tWHERE `smile_id` = " . $c['smile_id'] . "\r\n\tLIMIT 1;"); } else { $db->query("DELETE FROM " . db_smiles . "\r\n\tWHERE `smile_id` = " . $c['smile_id'] . "\r\n\tLIMIT 1;"); } // done here, back to manager... jsRedirect("admincp.php?action=smiles");
public function logoutAction() { $this->unsetSession('adminID'); $this->unsetSession('adminName'); jsRedirect($this->homeUrl); }
if ($baddata) { $ets->page_body .= '<div class="error">' . $l['data-problems'] . '<br />'; foreach ($problems as $p) { $ets->page_body .= '<li>' . $p . "</li>\n"; } $ets->page_body .= '</div><br>'; } // use submitted data or grab from db? if (empty($_POST)) { // get from db! $merge = $db->getArray('SELECT * FROM ' . db_blogs . ' WHERE blog_id=' . $_GET['id'] . ';'); if (empty($merge) || $merge['author_id'] != $user->id) { // if we are not the author, // or if this blog doesn't exist, // then throw back to homepage. jsRedirect('index.php'); } // put editable info into $merge. stripslashes_array($merge); // check options. if ($merge['bb'] == 1) { unset($merge['bb']); } if ($merge['html'] == 1) { unset($merge['html']); } if ($merge['smiles'] == 1) { unset($merge['smiles']); } if ($merge['comments'] != -1) { unset($merge['comments']);
** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. **/ require_once 'include/config.inc.php'; require_once 'include/forms.inc.php'; $page["title"] = "S_INSTALLATION"; $page["file"] = 'instal.php'; include_once 'include/page_header.php'; include_once 'setup.php'; include_once 'include/page_footer.php'; /*******************************/ /* THIS POINT NEVER BE REACHED */ /*******************************/ $fields = array("install" => array(T_ZBX_STR, O_OPT, P_SYS | P_ACT, NULL, NULL), "update" => array(T_ZBX_STR, O_OPT, P_SYS | P_ACT, NULL, NULL)); check_fields($fields); if (isset($_REQUEST['install'])) { jsRedirect('setup.php'); exit; } else { if (isset($_REQUEST['update'])) { error('*UNDER CONSTRUCTION*'); } } $form = new CFormTable(S_INSTALLATION_UPDATE); $form->setHelp('install_source_web.php'); $form->addRow(array(bold(S_NEW_INSTALLATION_BIG), BR(), BR(), bold(S_DESCRIPTION), BR(), 'Not implemented yet!', BR(), BR(), BR()), new CButton('install', S_NEW_INSTALLATION)); $form->addRow(array(bold(S_UPDATE_BIG), BR(), BR(), bold(S_DESCRIPTION), BR(), 'Not implemented yet!', BR(), BR(), BR()), new CButton('update', S_UPDATE)); $form->show(); include_once 'include/page_footer.php';
public function goHome() { jsRedirect($this->homeUrl); }
echo 'NLB3 Denies Direct Access'; exit; } $USESKIN = skin_basic; $ets_outter->main_title = $config->get('site_name') . ": " . $l['title-acp-validate']; $ets_outter->page_title = $l['title-acp-validate']; $dateformat = $config->get('memlist_date_format'); if (!isset($_POST['users'])) { // List un-validated users $ets->page_body = $l['acp-val-users'] . '<form method="post" action="' . script_path . 'admincp.php?action=validate_users">'; $users = $db->getAllArray('SELECT v.validate_id, u.user_id, u.username ' . 'FROM ' . db_validate . ' as v, ' . db_users . ' as u ' . 'WHERE v.owner_id = u.user_id ' . 'ORDER BY v.date DESC;'); foreach ($users as $row) { $ets->page_body .= '<input type="checkbox" name="users[]" value="' . $row['user_id'] . '"> ' . $row['username'] . "<br />\n"; } $ets->page_body .= '<br /><input type="submit" value="' . $l['submit'] . '"> </form>'; } else { // process the users. $users = $_POST['users']; if (is_array($users) && !empty($users)) { // good data. $ids = implode(', ', $users); // delete the rows in db_validate $db->query('DELETE FROM ' . db_validate . ' WHERE owner_id IN(' . $ids . ');'); // set the users to be valid so they can log in. $db->query('UPDATE ' . db_users . ' SET valid=1 ' . 'WHERE user_id IN(' . $ids . ');'); $ets->page_body = $l['acp-val-good']; } else { // not good data. jsRedirect(script_path . 'admincp.php?action=validate_users'); } }
<?php /** * ======================================= * D E L E T E A V A T A R * ======================================= */ if (!defined('IN_NLB3')) { echo 'NLB3 Denies Direct Access'; exit; } if (isset($_GET['id'])) { $w = array('owner_id' => $user->id, 'avatar_id' => $_GET['id']); remove_avatar($db, $w); } jsRedirect('usercp.php?action=avatars');
$problems = array(); $baddata = false; $text = new text($_POST, array('body'), array('subject', 'mood', 'custom', 'bb', 'html', 'smiles', 'comments', 'delete')); // blog id is good? if (!isset($_GET['id'])) { jsRedirect(script_path . 'admincp.php'); } else { $blog_id = $_GET['id'] + 0; } $blog_data = $db->getArray('SELECT b.*, u.username FROM ' . db_blogs . ' as b, ' . db_users . ' as u WHERE b.blog_id=' . $blog_id . ' AND b.author_id=u.user_id LIMIT 1;'); if (empty($blog_data)) { // blog doesn't exit jsRedirect(script_path . 'admincp.php'); } // admins can only edit public blogs if ($blog_data['access'] != access_public) { jsredirect(script_path . 'admincp.php'); } $author = new nlb_user($db, $blog_data['author_id']); if (!empty($_POST)) { /** * Check submited data */ $text->validate(); $text->makeClean('trim', 'slash_if_needed'); $c = $text->clean; if ($text->is_missing_required) { $baddata = true;
$result = rm4favorites('web.dashconf.groups.groupids'); foreach ($groupids as $gnum => $groupid) { $result &= add2favorites('web.dashconf.groups.groupids', $groupid); } } // HOSTS $_REQUEST['maintenance'] = get_request('maintenance', 0); CProfile::update('web.dashconf.hosts.maintenance', $_REQUEST['maintenance'], PROFILE_TYPE_INT); // TRIGGERS $_REQUEST['trgSeverity'] = get_request('trgSeverity', array()); $trgSeverity = implode(';', array_keys($_REQUEST['trgSeverity'])); CProfile::update('web.dashconf.triggers.severity', $trgSeverity, PROFILE_TYPE_STR); $_REQUEST['extAck'] = get_request('extAck', 0); CProfile::update('web.dashconf.events.extAck', $_REQUEST['extAck'], PROFILE_TYPE_INT); } jsRedirect('dashboard.php'); } else { if (isset($_REQUEST['new_right'])) { $_REQUEST['groupids'] = get_request('groupids', array()); foreach ($_REQUEST['new_right'] as $id => $group) { $_REQUEST['groupids'][$id] = $id; } } else { if (isset($_REQUEST['delete'])) { $del_groups = get_request('del_groups', array()); foreach ($del_groups as $gnum => $groupid) { if (!isset($_REQUEST['groupids'][$groupid])) { continue; } unset($_REQUEST['groupids'][$groupid]); }
break; case 'comment': /** * ======================================= * N E W S C O M M E N T S * ======================================= */ $USESKIN = skin_news; $ets_outter->main_title = $config->get('site_name') . ': ' . $l['title-news']; $ets_outter->page_title = $l['title-news']; if (!isset($_PATH['id'])) { jsRedirect('index.php'); } $id = $_PATH['id']; if (!is_numeric($id)) { jsRedirect(script_path . 'index.php'); } $data = $db->getArray(' # Get one news post SELECT t1.blog_id, t1.author_id, t1.date, t1.subject, t1.body, t1.access, t1.custom AS custom_text, t1.comments, t1.html, t1.smiles, t1.bb, t2.username AS author, t2.custom AS custom_title FROM ' . db_blogs . ' AS t1, ' . db_users . ' AS t2 WHERE t1.blog_id = "' . $id . '" AND t1.author_id = t2.user_id LIMIT 1;'); $b->setDate($config->get('news_date_format')); $ets->news[0] = $b->format($data, $user, $l['edit']); // get comments. $ets->list_comments = $b->getComments($id, $config->get('comment_date_format'), $l['guest'], $user, $l['edit']); // form to add comment $name = $user->isLogedIn ? $user->get('username') : $l['guest']; $submit_text = sprintf($l['comment_submit'], $name); $ets->add_comment = ' <script type="text/javascript">
/** * ======================================= * E D I T U S E R (part 1) * ======================================= */ if (!defined('IN_NLB3')) { echo 'NLB3 Denies Direct Access'; exit; } // just prompt for username $USESKIN = skin_basic; $ets->page_body = ''; $ets_outter->main_title = $config->get('site_name') . ": " . $l['title-admincp']; $ets_outter->page_title = $l['title-edituser']; $badname = false; if (isset($_POST['name'])) { $getid = $db->getArray('SELECT user_id FROM ' . db_users . ' WHERE username="******" limit 1;'); if (empty($getid)) { $badname = true; } else { jsRedirect('admincp.php?action=edit_user_id&id=' . $getid['user_id']); } } if ($badname) { $ets->page_body .= '<div class="error">' . $l['acp-bad-username'] . '</div>'; } if (!isset($_POST['name']) || $badname) { $ets->page_body .= '<form method="post" action="admincp.php?action=edit_user"> ' . $l['username:'******'<input type="text" name="name"><br> <input type="submit" value="' . $l['submit'] . '"></form>'; }
public function staticAction() { jsAlert('该菜单功能没有实现,只用于演示多个子菜单如何添加'); jsRedirect('/admin/article'); }