/**
* create the content of the options page
* @return string html-content
* @global ErrorHandler used for error handling
* @uses createPasswordForm()
* @uses createEmailForm()
* @uses createOptionsForm()
*/
function innerCreate()
{
global $errorHandler;
$cont = '<div class="options">';
$cont .= $this->nav->create();
$box = '';
$rightsManager = RightsManager::getSingleton();
if (!$rightsManager->isSelf($this->user)) {
$box .= '<div class="options-title">Edit the options of ' . $this->user->contact['lastname'] . ', ' . $this->user->contact['firstname'] . '</div>';
} else {
$box .= '<div class="options-title">Edit your options</div>';
}
$box .= '<div class="options-box">';
if ($rightsManager->currentUserIsAllowedTo('edit-options-password', $this->user)) {
$box .= $this->createPasswordForm();
}
if ($rightsManager->currentUserIsAllowedTo('edit-options-regemail', $this->user)) {
$box .= $this->createEmailForm();
}
if ($rightsManager->currentUserIsAllowedTo('edit-options-useroptions', $this->user)) {
$box .= $this->createOptionsForm();
}
$box .= '</div>';
return $cont . HTMLHelper::createNestedDivBoxModel('options-content', $box) . '</div>';
}
/**
* Constructor
*
* init superclass, create navigation
*/
function PageAdminPanel()
{
// MANDATORY SECURITY CHECK IN CONSTRUCTOR OF EACH PAGE
$rightsManager = RightsManager::getSingleton();
if (!$rightsManager->currentUserIsAllowedTo('administrate')) {
ErrorHandler::getSingleton()->standardError('PERMISSION_DENIED', basename($_SERVER['SCRIPT_NAME']));
}
$this->Page('Admin Panel');
$this->nav = new Navigation('admin-menu');
$this->nav->addEntry('return', 'return', Navigation::mainPageUrl());
}
function contactOutput(&$contact, $location)
{
if ($location != 'beforeNotes' || FALSE === $contact->getUserId()) {
return '';
}
$cont = '';
$rightsManager = RightsManager::getSingleton();
if ($rightsManager->mayViewPrivateInfo($contact)) {
$cont .= '<div class="other-spacer"></div>';
$cont .= '<div class="other"><span class="other-label">Single Sign On</span><span class="other-info">';
global $CONFIG_SSO_CLIENTS;
foreach ($CONFIG_SSO_CLIENTS as $cl) {
$cont .= '<a href="../plugins/SingleSignOn/createAccount.php?mode=' . $cl->mode . '&id=' . $contact->contact['id'] . '">' . $cl->appName . '</a>';
}
$cont .= '</span></div>';
}
// end mayViewPrivateInfo()
return $cont;
}
/**
* Constructor: ONLY TO BE CALLED by Page factory: Page::newPage($group,$expand,$begin,$page) factory method!!
*
* init {@link $contactList}, and menu
* @param string $group group to display list for
* @param boolean $expand whether to contact entries or not
* @param string $begin the point in the alphabet, where the list should start (does not have to be just one character 'Sch' is also ok)
* @param integer $page number of page to show
* @global Options used to determine how many entries per page should be shown
* @global PluginManager used for menu completion
* @global string name of popup window (unused)
*/
function PageList($group = '', $expand = false, $begin = '', $page = 0)
{
global $options, $pluginManager;
$this->Page('List entries');
// determine group to display
if (empty($group)) {
if (isset($_SESSION['group'])) {
$group = $_SESSION['group'];
} else {
$group = $options->getOption('defaultGroup');
}
} else {
// cache current group in session
$_SESSION['group'] = $group;
}
$this->contactList = new GroupContactList($group);
$this->contactList->setStartString($begin);
$this->contactList->setPage($page);
$this->contactList->setEntriesPerPage($options->getOption('limitEntries'));
$this->expand = $expand;
$this->menu = new Navigation('list-menu');
$this->menu->addEntry('search', 'search', '../contact/searchlist.php');
if ($_SESSION['user']->isAtLeast('user')) {
if (RightsManager::getSingleton()->currentUserIsAllowedTo('create')) {
$this->menu->addEntry('add', 'add new entry', '../contact/contact.php?mode=new');
}
if (RightsManager::getSingleton()->currentUserIsAllowedTo('edit-options', $_SESSION['user'])) {
$this->menu->addEntry('settings', 'personal settings', '../user/options.php');
}
if ($_SESSION['user']->isAtLeast('admin')) {
$this->menu->addEntry('admin', 'admin panel', '../admin/adminPanel.php');
}
$this->menu->addEntry('logout', 'log out', '../user/logout.php');
} else {
$this->menu->addEntry('login', 'log in', '../user/login.php');
}
$pluginManager->listMenu($this->contactList, $this->menu);
}
<?php
// jEdit :folding=indent: :collapseFolds=1: :noTabs=true:
/**
* Lists address book entries. This is the main page that is displazed as default after login.
*
*/
chdir('..');
require_once 'lib/init.php';
require_once 'PageList.class.php';
require_once 'StringHelper.class.php';
require_once 'HTMLBeautifier.class.php';
require_once 'ErrorHandler.class.php';
// Is someone logged in? Terminate if not
$rightsManager = RightsManager::getSingleton();
// Allowed to view list
if (!$rightsManager->currentUserIsAllowedTo('view-list')) {
$errorHandler->standardError('PERMISSION_DENIED', basename($_SERVER['SCRIPT_NAME']));
}
if (!isset($_GET['group']) || $_GET['group'] == 'hidden' && !$_SESSION['user']->isAtLeast('admin')) {
$_GET['group'] = '';
}
if (!isset($_GET['begin'])) {
$_GET['begin'] = '';
}
if (!isset($_GET['page'])) {
$_GET['page'] = 0;
}
if (!isset($_GET['expand'])) {
$_GET['expand'] = 0;
}
/**
* Create the fieldset that allows user to edit communication and other information.
* Users can make each property private or public, admins can attach properties only
* visible to users and them.
* @param array $options selections showed in dropdown
* @param string $type type of the entry (not necessarily shown in dropdown)
* @param integer $size1 size of first text-field
* @param integer|array $size2 size of second text-field or an array of sizes for several fields
* @return string html-content
*/
function createDates($options, $type, $size1 = 6, $size2 = 39)
{
if (!array_key_exists($type, $this->counters)) {
$this->counters[$type] = 0;
}
if (mb_substr($type, 0, 5) == 'blank') {
$dummy = array('type' => $type, 'label' => '', 'value' => '', 'value1' => '', 'value2' => '', 'visibility' => 'visible');
if ($this->add == true) {
$vals = array($dummy, $dummy, $dummy, $dummy);
} else {
$vals = array($dummy, $dummy);
}
// 2 blanks
if (mb_substr($type, 6) != '') {
$type = mb_substr($type, 6);
}
} else {
$vals = $this->contact->getValueGroup($type);
}
$visibilityOptions = array('visible' => 'public');
// default (actually used for manager)
$rightsManager = RightsManager::getSingleton();
if ($rightsManager->mayViewPrivateInfo($this->contact)) {
// users and admins add private option
$visibilityOptions['hidden'] = 'private';
}
if ($_SESSION['user']->isAtLeast('admin')) {
// only admin can attach info private to user, changeable by admin, hidden from manager
$visibilityOptions['admin-hidden'] = 'admin';
}
$cont = '';
foreach ($vals as $m) {
if ($m['visibility'] == 'admin-hidden' && !$_SESSION['user']->isAtLeast('admin') || $m['visibility'] == 'hidden' && !$rightsManager->mayViewPrivateInfo($this->contact)) {
// do not show
continue;
}
$c = $this->counters[$type];
$cont .= "\n<div class='edit-propertyset'>" . HTMLHelper::createDropdown($type . "[{$c}][type]", '', $options, $m['type'], null, false);
$cont .= "\n<input type='text' name='" . $type . "[{$c}][label]' value='{$m['label']}' size='{$size1}'/>\n";
if (is_array($size2)) {
$i = 0;
foreach ($size2 as $s) {
$i++;
$value = htmlspecialchars($m["value{$i}"]);
if ($type == 'date') {
if ($m["value{$i}"] === null) {
$value = '?';
} else {
if ($m["value{$i}"] == '0000-00-00') {
$value = '';
}
}
}
$cont .= "<input type='text' name='" . $type . "[{$c}][value{$i}]' value='" . $value . "' size='{$s}'/>\n";
}
} else {
$cont .= "<input type='text' name='" . $type . "[{$c}][value]' value='{$m['value']}' size='{$size2}'/>\n";
}
$cont .= HTMLHelper::createDropdown($type . "[{$c}][visibility]", '', $visibilityOptions, $m['visibility'], null, false);
$cont .= "<br></div>\n";
$this->counters[$type]++;
}
return $cont;
}
/**
* create the menu of the contact-card
*/
function createMenu()
{
// Create Menue
$this->cardMenu = new Navigation('card-menu');
$this->cardMenu->addEntry("return", "return", Navigation::previousPageUrl());
$rightsManager = RightsManager::getSingleton();
if ($rightsManager->currentUserIsAllowedTo('edit', $this->contact)) {
$this->cardMenu->addEntry("edit", "edit", "../contact/contact.php?mode=edit&id={$this->contact->contact['id']}");
}
$this->cardMenu->addEntry("print", "print", "javascript:window.print()");
if ($_SESSION['user']->isAtLeast('user')) {
$this->cardMenu->addEntry("incorrect", "incorrect", "javascript:reportIncorrectEntry({$this->contact->contact['id']},'Are you sure you want to report this entry as incorrect? This will automatically generate an email to the person who last edited the contact.')");
}
if ($_SESSION['user']->isAtLeast('admin') && !$this->contact->isUser()) {
if (!empty($this->contact->contact['xsltDisplayType']) && $this->noXSLT == FALSE) {
$this->cardMenu->addEntry('alt-view', '[change view]', "../contact/contact.php?noxslt=1&id={$this->contact->contact['id']}");
}
$this->cardMenu->addEntry('cuser', '[create user]', "../user/register.php?mode=cuser&id={$this->contact->contact['id']}");
}
}
/**
* create error page according to error that occured
* @return string html-content
*/
function innerCreate()
{
global $CONFIG_TAB_ROOT;
$cont = <<<EOC
<div class="error-box">
EOC;
switch ($this->error['type']) {
case 'db':
$cont .= '<div class="error-title">An error in the database occured:</div>';
$cont .= '<div class="error-body">' . $this->errorHandler->errorString() . '</div>';
$cont .= '<div class="error-body">NOTE: Developers (SVN repository users) will see development DB upgrades that run the same upgrade file multiple times. This may result in an error (Duplicate column name or similar) as soon as MySQL attempts a change that is already in the DB from the previous upgrade. This error should be ignored. The database should be at the newest version.</div>';
break;
case 'noLogin':
// DISABLED - REDIRECTS IMMEDIATELY TO LOGIN PAGE IN ErrorHandler
// DISABLED - REDIRECTS IMMEDIATELY TO LOGIN PAGE IN ErrorHandler
case 'denied':
// permission denied error
$cont .= '<div class="error-title">An error with your login occured:</div>';
$cont .= '<div class="error-body">' . $this->errorHandler->errorString() . '</div>';
break;
case 'adminLock':
$cont .= '<div class="error-title">Administrative Lock Active</div>';
$cont .= '<div class="error-body">This application is currently locked by an administrator because of database maintainance. You may not edit or delete any entries. Please retry later.</div>';
break;
case 'install':
$cont .= '<div class="error-title">During installation the following error occurred:</div>';
$cont .= '<div class="error-body">' . $this->errorHandler->errorString() . '</div>';
break;
case 'noFile':
$cont .= '<div class="error-title">File not found:</div>';
$cont .= '<div class="error-body">The file ' . $this->errorHandler->errorString() . ' could not be found.</div>';
break;
default:
$cont .= '<div class="error-title">The following error occurred:</div>';
$cont .= '<div class="error-body">' . $this->errorHandler->errorString() . '</div>';
break;
}
$cont .= '<div class="error-footer">If necessary, please press the BACK button on your browser to return to the previous screen and correct any possible mistakes. You can also try the following actions that might solve your problem:<ul>';
// not sure if we need this ...
// $cont .= '<li><a style="font-size:larger;" href="'.$_SERVER['PHP_SELF'].'">go back</a></li>';
$cont .= '<li><a style="font-size:larger;" href="' . Navigation::mainPageUrl() . '">default page</a></li>';
$cont .= '<li><a href="' . $CONFIG_TAB_ROOT . 'user/login.php?redirect=' . Navigation::mainPageUrl() . '">login</a></li>';
$cont .= '<li><a href="' . $CONFIG_TAB_ROOT . 'user/logout.php">logout</a></li>';
$cont .= '<li id="em0"><a href="#" onclick="Effect.SlideUp(\'em0\'); Effect.SlideDown(\'em1\'); Effect.SlideDown(\'em2\'); Effect.SlideDown(\'em3\'); Effect.SlideDown(\'em4\'); return false;">advanced</a></li>';
$cont .= '<li style="display:none" id="em1"><a href="' . $CONFIG_TAB_ROOT . 'lib/support/destroysession.php">destroy session (force logout)</a></li>';
// Cannot be moved to admin section. Authozization does not work.
$cont .= '<li style="display:none" id="em3"><a href="' . $CONFIG_TAB_ROOT . 'admin/upgrade.php">[upgrade database]</a></li>';
$cont .= '<li style="display:none" id="em2"><a href="' . $CONFIG_TAB_ROOT . 'admin/install.php">[install database]</a></li>';
// Avoid recursion from rightsManager if 'no user error' occurs!
if (isset($_SESSION['user'])) {
$rightsManager = RightsManager::getSingleton();
if ($rightsManager->currentUserIsAllowedTo('administrate')) {
$cont .= '<li style="display:none" id="em4"><a href="' . $CONFIG_TAB_ROOT . 'lib/support/phpinfo.php">[php info]</a></li>';
}
}
$cont .= '</ul><br/>If you still need help, or you believe this to be a bug, copy the calling URL from the browser <b>NOW</b> and then please notify ';
global $CONFIG_BUG_TRACK_LINK;
$cont .= isset($CONFIG_BUG_TRACK_LINK) ? $CONFIG_BUG_TRACK_LINK : '<a href="http://sourceforge.net/tracker/?atid=861161&group_id=172286&func=browse" target="_blank">Bug Tracker</a>.';
$cont .= '</div></div>';
return $cont;
}
function saveValueGroupsFromArray(&$post)
{
global $errorHandler, $VALUE_GROUP_TYPES_ARRAY;
$rightsManager = RightsManager::getSingleton();
$currentUser = $rightsManager->getUser();
$valGroups = $VALUE_GROUP_TYPES_ARRAY;
$newPost = array();
// prepare new, sorted value Groups array
foreach ($valGroups as $vg) {
$newPost[$vg] = array();
}
$valGroups[] = 'blank';
// special magic group for new entries
// sort value groups (user may reassign type of entry)
foreach ($valGroups as $vg) {
if (isset($post[$vg])) {
foreach ($post[$vg] as $vgi) {
// blank or value and label empty ... then delete the entry
if ($vgi['type'] == ' ' || empty($vgi['label']) && empty($vgi['value']) && empty($vgi['value1']) && empty($vgi['value2'])) {
continue;
}
if (!empty($vgi['type']) && $vgi['type'] != $vg && $vg != 'date') {
$newPost[$vgi['type']][] = $vgi;
// copy to appropriate array
continue;
}
$newPost[$vg][] = $vgi;
}
}
}
// store everything ... that's the easiest
foreach ($valGroups as $vg) {
if ($vg != 'blank' && isset($newPost[$vg])) {
$this->setValueGroup($vg, $newPost[$vg]);
}
}
}
function contactOutput(&$contact, $location)
{
global $CONFIG_CERT_PUBLIC_KEY_PATH, $CONFIG_CERT_PUBLIC_KEY_LINK;
if ($location != 'beforeNotes') {
return '';
}
$cont = '';
$cont .= '<div class="other-spacer"></div>';
$cont .= '<div class="other"><span class="other-label">Organizational Unit</span><span class="other-info">';
if (empty($contact->contact['organizationalUnit'])) {
$cont .= "- blank -";
} else {
$cont .= $contact->contact['organizationalUnit'];
}
$cont .= '</span></div>';
if ($contact->contact['certState'] == 'used') {
$cont .= '<div class="other"><span class="other-label">Client Certificate</span><span class="other-info">in use</span></div>';
$eml = $contact->getFirstEmail();
$certFile = $CONFIG_CERT_PUBLIC_KEY_PATH . '/' . $eml . '.crt';
$certLink = $CONFIG_CERT_PUBLIC_KEY_LINK . '/' . $eml . '.crt';
if (file_exists($certFile)) {
$cont .= '<div class="other"><span class="other-label">Public Key Certificate</span><span class="other-info"><a href="' . $certLink . '"><b>download</b></a> public key certificate for sending encrypted email to this person</span></div>';
}
}
$rightsManager = RightsManager::getSingleton();
if ($rightsManager->mayViewPrivateInfo($contact)) {
$cont .= '<div class="other"><span class="other-label hidden">Certificate State</span><span class="other-info">';
if ($_SESSION['user']->isAtLeast('admin')) {
if ($contact->contact['certState'] == 'used') {
$lastUsed = '(' . $contact->contact['certLastUsed'] . ')';
} else {
$lastUsed = '';
}
$cont .= '<a href="#" onclick="effect_1 = Effect.SlideDown(\'certChanger' . $contact->contact['id'] . '\',{duration:1.2}); return false;">' . $contact->contact['certState'] . '</a> ' . $lastUsed;
$cont .= '</span></div>';
// Hidden changer div for scriptacuous magic:
$id = $contact->contact['id'];
$cont .= '<div class="other" id="certChanger' . $id . '" style="display:none;"><span class="other-info">Change:
<a href="../admin/saveadmin.php?mode=cycleCertState&id=' . $id . '&newState=new">new</a>
<a href="../admin/saveadmin.php?mode=cycleCertState&id=' . $id . '&newState=revoke">revoke</a>
<a href="../admin/saveadmin.php?mode=cycleCertState&id=' . $id . '&newState=none">(none)</a>
<a href="../admin/saveadmin.php?mode=cycleCertState&id=' . $id . '&newState=issued">(issued)</a>
<a href="../admin/saveadmin.php?mode=cycleCertState&id=' . $id . '&newState=mailed">(mailed)</a>
<a href="../admin/saveadmin.php?mode=cycleCertState&id=' . $id . '&newState=used">(used)</a>
<a href="../admin/saveadmin.php?mode=cycleCertState&id=' . $id . '&newState=revoked">(revoked)</a></span></div>';
} else {
$cont .= $contact->contact['certState'];
$cont .= '</span></div>';
}
if ($contact->contact['certState'] != 'none') {
$cont .= '<div class="other"><span class="other-label hidden">Certificate Expires</span><span class="other-info">';
$cont .= (empty($contact->contact['certExpires']) ? '- not set -' : $contact->contact['certExpires']) . '</span></div>';
$x = $contact->contact['certPassword'];
if (!empty($x)) {
$cont .= '<div class="other"><span class="other-label hidden">Certificate Password</span><span class="other-info" style="font-family: Courier">' . htmlentities($x, ENT_COMPAT, 'UTF-8') . ' (0=zero, O=oscar, 1=one, l=lima)</span></div>';
}
}
}
// end mayViewPrivateInfo()
return $cont;
}
