Example #1
0
function user_atom()
{
    global $ical_shifts, $user, $DISPLAY_NEWS;
    if (isset($_REQUEST['key']) && preg_match("/^[0-9a-f]{32}\$/", $_REQUEST['key'])) {
        $key = $_REQUEST['key'];
    } else {
        die("Missing key.");
    }
    $user = User_by_api_key($key);
    if ($user === false) {
        die("Unable to find user.");
    }
    if ($user == null) {
        die("Key invalid.");
    }
    if (!in_array('atom', privileges_for_user($user['UID']))) {
        die("No privilege for atom.");
    }
    $news = sql_select("SELECT * FROM `News` " . (empty($_REQUEST['meetings']) ? '' : 'WHERE `Treffen` = 1 ') . "ORDER BY `ID` DESC LIMIT " . sql_escape($DISPLAY_NEWS));
    header('Content-Type: application/atom+xml; charset=utf-8');
    $html = '<?xml version="1.0" encoding="utf-8"?>
  <feed xmlns="http://www.w3.org/2005/Atom">
  <title>Engelsystem</title>
  <id>' . $_SERVER['HTTP_HOST'] . htmlspecialchars(preg_replace('#[&?]key=[a-f0-9]{32}#', '', $_SERVER['REQUEST_URI'])) . '</id>
  <updated>' . date('Y-m-d\\TH:i:sP', $news[0]['Datum']) . "</updated>\n";
    foreach ($news as $news_entry) {
        $html .= "  <entry>\n    <title>" . htmlspecialchars($news_entry['Betreff']) . "</title>\n    <link href=\"" . page_link_to_absolute("news_comments&amp;nid=") . "{$news_entry['ID']}\"/>\n    <id>" . preg_replace('#^https?://#', '', page_link_to_absolute("news")) . "-{$news_entry['ID']}</id>\n    <updated>" . date('Y-m-d\\TH:i:sP', $news_entry['Datum']) . "</updated>\n    <summary type=\"html\">" . htmlspecialchars($news_entry['Text']) . "</summary>\n    </entry>\n";
    }
    $html .= "</feed>";
    header("Content-Length: " . strlen($html));
    echo $html;
    die;
}
function permitted($user, $action)
{
    global $privileges;
    if (!array_key_exists($action, $privileges)) {
        error_log("Invalid privilege checked: {$action}");
        return FALSE;
    }
    $allprivs = privileges_for_user($user);
    return in_array($action, $allprivs);
}
Example #3
0
function load_auth()
{
    global $user, $privileges;
    $user = null;
    if (isset($_SESSION['uid'])) {
        $user = sql_select("SELECT * FROM `User` WHERE `UID`='" . sql_escape($_SESSION['uid']) . "' LIMIT 1");
        if (count($user) > 0) {
            // User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten
            list($user) = $user;
            sql_query("UPDATE `User` SET " . "`lastLogIn` = '" . time() . "'" . " WHERE `UID` = '" . sql_escape($_SESSION['uid']) . "' LIMIT 1;");
        } else {
            unset($_SESSION['uid']);
        }
    }
    $privileges = isset($user) ? privileges_for_user($user['UID']) : privileges_for_group(-1);
}
Example #4
0
function user_ical()
{
    global $ical_shifts, $user;
    if (isset($_REQUEST['key']) && preg_match("/^[0-9a-f]{32}\$/", $_REQUEST['key'])) {
        $key = $_REQUEST['key'];
    } else {
        die("Missing key.");
    }
    $user = User_by_api_key($key);
    if ($user === false) {
        die("Unable to find user.");
    }
    if ($user == null) {
        die("Key invalid.");
    }
    if (!in_array('ical', privileges_for_user($user['UID']))) {
        die("No privilege for ical.");
    }
    if (isset($_REQUEST['export']) && $_REQUEST['export'] == 'user_shifts') {
        require_once realpath(__DIR__ . '/user_shifts.php');
        view_user_shifts();
    } else {
        $ical_shifts = sql_select("\n        SELECT `ShiftTypes`.`name`, `Shifts`.*, `Room`.`Name` as `room_name`\n        FROM `ShiftEntry`\n        INNER JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`)\n        JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`)\n        INNER JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`)\n        WHERE `UID`='" . sql_escape($user['UID']) . "'\n        ORDER BY `start`");
    }
    header("Content-Type: text/calendar; charset=utf-8");
    $html = "BEGIN:VCALENDAR\r\nVERSION:2.0\r\nPRODID:-//-//Engelsystem//DE\r\nCALSCALE:GREGORIAN\r\n";
    foreach ($ical_shifts as $shift) {
        $html .= "BEGIN:VEVENT\r\n";
        $html .= "UID:" . md5($shift['start'] . $shift['end'] . $shift['name']) . "\r\n";
        $html .= "SUMMARY:" . str_replace("\n", "\\n", $shift['name']) . " (" . str_replace("\n", "\\n", $shift['title']) . ")\r\n";
        if (isset($shift['Comment'])) {
            $html .= "DESCRIPTION:" . str_replace("\n", "\\n", $shift['Comment']) . "\r\n";
        }
        $html .= "DTSTART;TZID=Europe/Berlin:" . date("Ymd\\THis", $shift['start']) . "\r\n";
        $html .= "DTEND;TZID=Europe/Berlin:" . date("Ymd\\THis", $shift['end']) . "\r\n";
        $html .= "LOCATION:" . $shift['room_name'] . "\r\n";
        $html .= "END:VEVENT\r\n";
    }
    $html .= "END:VCALENDAR\r\n";
    $html = trim($html, "\n");
    header("Content-Length: " . strlen($html));
    echo $html;
    die;
}
/**
 * Created by PhpStorm.
 * User: matedealer
 * Date: 3/23/16
 * Time: 7:29 PM
 */
function users_export_controller($type)
{
    if (isset($_REQUEST['key']) && preg_match("/^[0-9a-f]{32}\$/", $_REQUEST['key'])) {
        $key = $_REQUEST['key'];
    } else {
        die("Missing key.");
    }
    $user = User_by_api_key($key);
    if ($user === false) {
        die("Unable to find user.");
    }
    if ($user == null) {
        die("Key invalid.");
    }
    if (!in_array('admin_user', privileges_for_user($user['UID']))) {
        die("No privilege for export users.");
    }
    if ($type == 'csv') {
        export_csv();
    } elseif ($type == 'mail') {
        export_mail();
    }
}
/**
 * Export filtered shifts via JSON.
 * (Like iCal Export or shifts view)
 */
function shifts_json_export_controller()
{
    global $ical_shifts, $user;
    if (isset($_REQUEST['key']) && preg_match("/^[0-9a-f]{32}\$/", $_REQUEST['key'])) {
        $key = $_REQUEST['key'];
    } else {
        die("Missing key.");
    }
    $user = User_by_api_key($key);
    if ($user === false) {
        die("Unable to find user.");
    }
    if ($user == null) {
        die("Key invalid.");
    }
    if (!in_array('shifts_json_export', privileges_for_user($user['UID']))) {
        die("No privilege for shifts_json_export.");
    }
    if (isset($_REQUEST['export']) && $_REQUEST['export'] == 'user_shifts') {
        require_once realpath(__DIR__ . '/../pages/user_shifts.php');
        view_user_shifts();
    } else {
        $ical_shifts = sql_select("\n        SELECT `ShiftTypes`.`name`, `Shifts`.*, `Room`.`Name` as `room_name`\n        FROM `ShiftEntry`\n        INNER JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`)\n        INNER JOIN `ShiftTypes` ON (`Shifts`.`shifttype_id`=`ShiftTypes`.`id`)\n        INNER JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`)\n        WHERE `UID`='" . sql_escape($user['UID']) . "'\n        ORDER BY `start`");
    }
    header("Content-Type: application/json; charset=utf-8");
    echo json_encode($ical_shifts);
    die;
}
/**
 * Returns true if user is angeltype coordinator or has privilege admin_user_angeltypes.
 *
 * @param User $user          
 * @param AngelType $angeltype          
 */
function User_is_AngelType_coordinator($user, $angeltype)
{
    return sql_num_query("\n      SELECT `id` \n      FROM `UserAngelTypes` \n      WHERE `user_id`='" . sql_escape($user['UID']) . "'\n      AND `angeltype_id`='" . sql_escape($angeltype['id']) . "'\n      AND `coordinator`=TRUE\n      LIMIT 1") > 0 || in_array('admin_user_angeltypes', privileges_for_user($user['UID']));
}