function currUserHasRole($role)
{
    if (isset($_SESSION['id']) && $_SESSION['id'] >= 0) {
        return userHasRole($_SESSION['id'], $role);
    }
    return false;
}
Example #2
0
<?php

$DEV = strpos($_SERVER['REQUEST_URI'], '~') != 0;
set_include_path(get_include_path() . PATH_SEPARATOR . ($DEV ? '/home/mgorman/public_html/_resources/php' : '/var/www/php.iwu.edu/htdocs/_resources/php'));
require_once '_class.IWU_DB.php';
require_once '_class.IWU_DataRow.php';
require_once '_class.IWU_Auth.php';
require_once '_class.IWU_Template.php';
require_once '_class.IWU_Paginate.php';
require_once '_db.php';
IWU_Auth::forceAuthentication();
if (userHasRole(IWU_Auth::getUser(), 'admin') && isset($_GET['impersonate'])) {
    $user = $_GET['impersonate'];
} else {
    $user = IWU_Auth::getUser();
}
$roles = getRoles($user);
class Channel
{
    protected $slug = '';
    protected $heading = '';
    protected $styles = array();
    protected $classes = array('highlight');
    protected $context = '';
    protected $contexts = array();
    protected $contentHTML = '';
    public function __construct($slug, $heading, $content = '', $max_height = NULL)
    {
        $this->slug = $slug;
        $this->heading = $heading;
        $this->contentHTML = $content;
Example #3
0
<?php

include_once $_SERVER['DOCUMENT_ROOT'] . '/voteonline/include/magicquotes.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/voteonline/include/access.inc.php';
if (!userIsLoggedIn()) {
    $loginstate = 'Zaloguj';
    include '../templates/login.html.php';
    exit;
} else {
    $loginstate = 'Wyloguj(' . $_SESSION['userlogin'] . ')';
}
if (!userHasRole('Administrator')) {
    $error = 'Dostęp do tej strony mają tylko Administratorzy';
    include '../templates/accessdenied.html.php';
    exit;
}
include $_SERVER['DOCUMENT_ROOT'] . '/voteonline/include/db.inc.php';
//wybór danych użytkownika do edycji
if (isset($_GET['action']) and $_GET['action'] == 'Edytuj') {
    try {
        $sql = 'SELECT id, login, email, roleid FROM users WHERE login = :login';
        $s = $pdo->prepare($sql);
        $s->bindValue(':login', $_GET['login']);
        $s->execute();
    } catch (PDOException $e) {
        $error = 'Błąd podczas pobierania danych użytkownika.';
        include '../templates/error.html.php';
        exit;
    }
    foreach ($s as $row) {
        $menageuserid = $row['id'];
Example #4
0
<?php

include_once $_SERVER['DOCUMENT_ROOT'] . '/includes/magicquotes.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/access.inc.php';
if (!userIsLoggedIn()) {
    include '../login.html.php';
    exit;
}
if (!userHasRole('Account Administrator')) {
    $error = 'Only Account Administrators may access this page.';
    include '../accessdenied.html.php';
    exit;
}
if (isset($_GET['add'])) {
    include $_SERVER['DOCUMENT_ROOT'] . '/includes/db.inc.php';
    $pageTitle = 'New Author';
    $action = 'addform';
    $name = '';
    $email = '';
    $id = '';
    $button = 'Add author';
    // Build the list of roles
    try {
        $result = $pdo->query('SELECT id, description FROM role');
    } catch (PDOException $e) {
        $error = 'Error fetching list of roles.';
        include 'error.html.php';
        exit;
    }
    foreach ($result as $row) {
        $roles[] = array('id' => $row['id'], 'description' => $row['description'], 'selected' => FALSE);
Example #5
0
<?php 
}
if (userHasRole($user, 'Moodle')) {
    ?>
	<li><a href="http://courses.iwu.edu/">Moodle</a></li>
<?php 
}
if (userHasRole($user, 'BSS')) {
    ?>
	<li><a href="https://luna.iwu.edu/PPRD/twbkwbis.P_GenMenu?name=bmenu.P_MainMnu">Banner Self-Service</a></li>
<?php 
}
if (userHasRole($user, 'INB')) {
    ?>
	<li><a href="http://luna.iwu.edu:9099/forms/frmservlet?config=pprd_jpi">Internet Native Banner</a></li>
<?php 
}
?>

<li><a href="http://answers.iwu.edu/3900/ask">ITS Helpdesk</a></li>
<li><a href="https://php.iwu.edu/directory/">Campus Directory</a></li>
<li><a href="http://lists.iwu.edu/">Mailing Lists</a></li>
<li><a href="http://theiwubookstore.com/">Bookstore</a></li>

<?php 
if (userHasRole($user, 'Adirondack')) {
    ?>
	<!-- <li><a href="https://luna.iwu.edu:443/PPRD/zwgkthouse.p_redirect_housdir">MyHousing Information</a></li> -->
    <li><a href="https://iwu.datacenter.adirondacksolutions.com/iwu_thdss_test/security/iwu_login.cfm">MyHousing</a></li>
<?php 
}
Example #6
0
    header("Location: index.php");
    exit;
}
/*
 * check to see if session is set
 */
if (!isset($_SESSION['loggedIn'])) {
    $title = 'Unauthorized User';
    $longdesc = "You need to log in as a user with appropriate credentials to view this part of the site.";
    include '/home/simpleco/demo2/app/pages_eventadmin/confirmation.inc.html.php';
    exit;
}
/*
 * checks to see if user is logged in
 */
if (!userHasRole(3)) {
    $title = 'Unauthorized User';
    $longdesc = "You do not have permission to access this part of the site.";
    include '/home/simpleco/demo2/app/pages_eventadmin/confirmation.inc.html.php';
    exit;
}
/*
 * --------------------------------------------------------------------
 *                                                                     |
 *                event admin                                          |
 *                                                                     |
 * --------------------------------------------------------------------
 */
/*
 * responds to request to view all events
 */
Example #7
0
<?php

include_once $_SERVER['DOCUMENT_ROOT'] . '/includes/magicquotes.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/access.inc.php';
if (!userIsLoggedIn()) {
    include '../login.html.php';
    exit;
}
if (!userHasRole('Content Editor')) {
    $error = 'Only Content Editors may access this page.';
    include '../accessdenied.html.php';
    exit;
}
if (isset($_GET['add'])) {
    $pagetitle = 'New Joke';
    $action = 'addform';
    $text = '';
    $authorid = '';
    $id = '';
    $button = 'Add joke';
    include $_SERVER['DOCUMENT_ROOT'] . '/includes/db.inc.php';
    // Build the list of authors
    $sql = "SELECT id, name FROM author";
    $result = mysqli_query($link, $sql);
    if (!$result) {
        $error = 'Error fetching list of authors.';
        include 'error.html.php';
        exit;
    }
    while ($row = mysqli_fetch_array($result)) {
        $authors[] = array('id' => $row['id'], 'name' => $row['name']);
Example #8
0
<?php

//CATEGORIES
include_once $_SERVER['DOCUMENT_ROOT'] . '/inc/access.inc.php';
if (!userIsLoggedIn()) {
    include $_SERVER['DOCUMENT_ROOT'] . '/chapter9/admin/login.html.php';
    exit;
}
if (!userHasRole('Administrator of categories')) {
    $error = 'Only Site Administrators may access this page.';
    include '../accessdenied.html.php';
    exit;
}
if (isset($_GET['add'])) {
    include $_SERVER['DOCUMENT_ROOT'] . '/inc/db.inc.php';
    $pageTitle = 'Add new category';
    $action = 'addcategory';
    $name = '';
    $id = '';
    $button = 'Add';
    include 'form.html.php';
    exit;
}
if (isset($_GET['addcategory'])) {
    include $_SERVER['DOCUMENT_ROOT'] . '/inc/db.inc.php';
    try {
        $sql = 'INSERT INTO category SET name = :name';
        $s = $pdo->prepare($sql);
        $s->bindValue(':name', $_POST['name']);
        $s->execute();
    } catch (PDOException $e) {
Example #9
0
<?php

include_once $_SERVER['DOCUMENT_ROOT'] . '/includes/magicquotes.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/access.inc.php';
if (!userIsLoggedIn()) {
    include '../login.html.php';
    exit;
}
if (!userHasRole('Site Administrator')) {
    $error = 'Only Site Administrators may access this page.';
    include '../accessdenied.html.php';
    exit;
}
if (isset($_GET['add'])) {
    $pagetitle = 'New Category';
    $action = 'addform';
    $name = '';
    $id = '';
    $button = 'Add category';
    include 'form.html.php';
    exit;
}
if (isset($_GET['addform'])) {
    include $_SERVER['DOCUMENT_ROOT'] . '/includes/db.inc.php';
    $name = mysqli_real_escape_string($link, $_POST['name']);
    $sql = "INSERT INTO category SET\n\t\t\tname='{$name}'";
    if (!mysqli_query($link, $sql)) {
        $error = 'Error adding submitted category.';
        include 'error.html.php';
        exit;
    }
<?php

session_start();
if (isset($_SESSION['loggedIn'])) {
    if ($_SESSION['loggedIn'] = TRUE) {
        $menu_login_status = TRUE;
    } else {
        $menu_login_status = FALSE;
    }
} else {
    $menu_login_status = FALSE;
}
if ($menu_login_status == 'TRUE' and userHasRole(5) == TRUE) {
    echo '       <ul class="nav nav-list">
                    <li><a href="?register_new">register new user</a></li>
                    <li class="nav-header"></li>
                    <li><a href="?register_existing">register existing user</a></li>
                    <li class="nav-header"></li>
                    <li><a href="?logout">logout</a></li>
                </ul>';
} else {
    echo '       <ul class="nav nav-list">
                    <li><a href="?logout">logout</a></li>
                    <li><a href="?loginform">login</a></li>
                </ul>';
}
Example #11
0
        exit;
    }
}
/*
 * check to see if session is set
 */
if (!isset($_SESSION['loggedIn'])) {
    $title = 'Unauthorized User';
    $longdesc = "You need to log in to view this part of the site.";
    include $siteroot . 'demo2/app/pages_storeadmin/confirmation.inc.html.php';
    exit;
}
/*
 * checks to see if user has required role
 */
if (!userHasRole(6)) {
    $title = 'Unauthorized User';
    $longdesc = "You do not have permission to access this part of the site.";
    include $siteroot . 'demo2/app/pages_storeadmin/confirmation.inc.html.php';
    exit;
}
/*
 * responds to logout attempt
 */
if (isset($_GET['logout'])) {
    logevent($user_info['id'], NULL, 'logout');
    unset($_SESSION['loggedIn']);
    unset($_SESSION['email']);
    unset($_SESSION['password']);
    $longdesc = "You are now logged out.";
    include $siteroot . 'demo2/app/pages_storeadmin/confirmation.inc.html.php';
<?php

if (isset($_SESSION['loggedIn'])) {
    if ($_SESSION['loggedIn'] = TRUE) {
        $menu_login_status = TRUE;
    } else {
        $menu_login_status = FALSE;
    }
} else {
    $menu_login_status = FALSE;
}
if ($menu_login_status == 'TRUE') {
    if (userHasRole(6)) {
        echo '      <ul class="nav nav-list">
                        <li><a href="?logout">logout</a></li>
                        <li class="nav-header">STORE</li>
                        <li><a href="?items">items</a></li>
                        <li><a href="?categories">categories</a></li>
                    </ul>';
    } else {
        echo '      <ul class="nav nav-list">
                        <li><a href="?loginform">login</a></li>
                    </ul>';
    }
} else {
    echo '      <ul class="nav nav-list">
                    <li><a href="?loginform">login</a></li>
                </ul>';
}
<?php

if (isset($_SESSION['loggedIn'])) {
    if ($_SESSION['loggedIn'] = TRUE) {
        $menu_login_status = TRUE;
    } else {
        $menu_login_status = FALSE;
    }
} else {
    $menu_login_status = FALSE;
}
if ($menu_login_status == 'TRUE') {
    if (userHasRole(2)) {
        echo '      <ul class="nav nav-list">
                        <li><a href="?">home</a></li>
                        <li><a href="?logout">logout</a></li>
                        <li class="nav-header">EVENTS</li>
                        <li><a href="?view_events">view events</a></li>
                        <li><a href="?view_event_types">edit types</a></li>
                        <li><a href="?view_event_properties">edit properties</a></li>
                        <li class="nav-header">USERS</li>
                        <li><a href="?view_users">view users</a></li>
                        <li><a href="?duty_roster">duty roster</a></li>
                        <li><a href="?badges">badges</a></li>
                        <li class="nav-header">GUESTS</li>
                        <li><a href="?guests">manage</a></li>
                        <li><a href="?guest_schedule_check">check schedule</a></li>
                        <li class="nav-header">STORE</li>
                        <li><a href="?items">items</a></li>
                        <li><a href="?categories">categories</a></li>
                        <li class="nav-header">HTML</li>
Example #14
0
<?php

//AUTHORS
include_once $_SERVER['DOCUMENT_ROOT'] . '/inc/access.inc.php';
if (!userIsLoggedIn()) {
    include $_SERVER['DOCUMENT_ROOT'] . '/chapter9/admin/login.html.php';
    exit;
}
if (!userHasRole('Administrator registered users')) {
    $error = 'Only Account Administrators may access this page.';
    include '../accessdenied.html.php';
    exit;
}
if (isset($_GET['add'])) {
    include $_SERVER['DOCUMENT_ROOT'] . '/inc/db.inc.php';
    $pageTitle = 'Add author';
    $action = 'addauthor';
    $name = '';
    $email = '';
    $id = '';
    $button = 'Add';
    //формируем список ролей
    try {
        $result = $pdo->query('SELECT id, description FROM role');
    } catch (PDOException $e) {
        errorText('Unable to create list of roles', $e);
    }
    foreach ($result as $row) {
        $roles[] = array('id' => $row['id'], 'description' => $row['description'], 'selected' => false);
    }
    include 'form.html.php';
Example #15
0
// Assign global UI defaults here
$t->assign('page_title', $CFG->page_title_default);
$t->assign('currentURI', $_SERVER['REQUEST_URI']);
$t->assign('currentUser_isAdmin', FALSE);
$t->assign('currentUser_isAuthStaff', FALSE);
if ($login_state == DELPHI_LOGGED_IN || $login_state == DELPHI_REG_PENDING) {
    $details = getUserDetails($_SESSION['username']);
    $t->assign('currentUser_loggedIn', TRUE);
    $t->assign('currentUser_name', $details['username']);
    $t->assign('currentUser_email', $details['email']);
    $t->assign('currentUser_id', $details['id']);
    $_SESSION['id'] = $details['id'];
    $_SESSION['email'] = $details['email'];
    if (userHasRole($details['id'], 'Admin')) {
        $t->assign('currentUser_isAdmin', TRUE);
    }
    if (userHasRole($details['id'], 'AuthorizedStaff')) {
        $t->assign('currentUser_isAuthStaff', TRUE);
    }
} else {
    $t->assign('currentUser_loggedIn', FALSE);
    $t->assign('currentUser_name', null);
    $t->assign('currentUser_email', null);
    $t->assign('currentUser_id', null);
    //	Get the name of the file being called
    // $scriptName = end(explode("/", $_SERVER['SCRIPT_NAME']) );
    // if ( $scriptName != "login.php" ) {
    // 	header( 'Location: ' . $CFG->wwwroot . '/modules/auth/login.php' );
    // 	die();
    // }
}
Example #16
0
        $longdesc = "Email and password combination not found.";
        include $siteroot . 'demo2/app/pages_admin/confirmation.inc.html.php';
        exit;
    }
}
// make sure user is logged in
if (!isset($_SESSION['loggedIn'])) {
    if (!isset($_SESSION['loggedIn'])) {
        $title = 'Unauthorized User';
        $longdesc = "You need to log in to view this part of the site.";
        include $siteroot . 'demo2/app/pages_admin/confirmation.inc.html.php';
        exit;
    }
}
// make sure user has role 2
if (!userHasRole(2)) {
    $title = 'Unauthorized User';
    $longdesc = "You do not have permission to access this part of the site.";
    include $siteroot . 'demo2/app/pages_admin/confirmation.inc.html.php';
    exit;
}
// logs user out
if (isset($_GET['logout'])) {
    // get the user id and log the event
    logevent($user_info['id'], NULL, 'logout');
    unset($_SESSION['loggedIn']);
    unset($_SESSION['email']);
    unset($_SESSION['password']);
    $longdesc = "You are now logged out.";
    include $siteroot . 'demo2/app/pages_admin/confirmation.inc.html.php';
    exit;