Example #1
0
 public static function invokePermissions($pUser, $pObject, $pMethod)
 {
     return true;
     $pUser = new User();
     $registry = KISS_Framework_Registry::instance();
     $permissions = $registry->getEntry('user_defined');
     $permissions_default = $registry->getEntry('default');
     $permission_array = array($permissions->xpath('/application/permission/user[@role="' . $pUser->getRole() . '"]/class[@name="' . get_class($pObject) . '"]/method[@name="' . $pMethod . '"]'), $permissions->xpath('/application/permission/user[@role="' . $pUser->getRole() . '"]/class[@name="' . get_class($pObject) . '"]'), $permissions->xpath('/application/permission/user[@role="' . $pUser->getRole() . '"]'), $permissions->xpath('/application/permission/user[@role="default"]'));
     //$permissions_default->xpath('/application/permission/user[@role="default"]')
     foreach ($permission_array as $permission) {
         if ($permission && count($permission) == 1) {
             return (string) $permission[0]['access'] == "true";
         }
     }
     return false;
 }
 private function isRootUser(User $existingUser)
 {
     if ($existingUser->getRole()->getName() === "ROOT") {
         return true;
     }
     return false;
 }
Example #3
0
 /**
  * Store User authentication data in session
  *
  * Also regenerates session id to prevent session fixation
  *
  * @param User $user
  */
 public function signIn(User $user)
 {
     $_SESSION['HTTP_USER_AGENT'] = $_SERVER['HTTP_USER_AGENT'];
     $userArray = ['id' => $user->getId(), 'email' => $user->getEmail(), 'role' => $user->getRole()];
     $_SESSION['User'] = serialize($userArray);
     session_regenerate_id(true);
 }
 /**
  * Returns true if this relationship is applicable to the supplied user
  * @param User $user
  * @return boolean
  */
 public function isRelated(User $user)
 {
     if ($this->organisation && $user->getOrganisationId() != $this->organisation || $this->group && $user->getGroup() != $this->group || $this->role && $user->getRole() != $this->role || $this->user && $user->getID() != $this->user) {
         return false;
     }
     return true;
 }
    public function checkLogin()
    {
        if (isset($_POST['submit'])) {
            $user = new User();
            $role = $user->getRole();
            if ($role) {
                $_SESSION['role'] = $role;
                $_SESSION['login'] = "OK";
                $_SESSION['user'] = $_POST['userName'];
                header("Location: http://localhost/HW/View/Home.php");
            } else {
                //header("Location: http://localhost/HW/connection.php");
                ?>
<div dir="rtl">
				<?php 
                $_SESSION['Fail'] = "OK";
                //echo "خطأ في اسم المستخدم أو كلمة السر";
                ?>
				</div>
				<?php 
                //exit();
            }
        }
        if (isset($_SESSION['logout'])) {
            //<div dir="rtl">
            //<h2>
            //<?php echo "تم تسجيل الخروج بنجاح";
            //</h2>
            //</div>
            //<?php
            session_destroy();
        }
    }
 public function setRole()
 {
     $this->setPrerequisites('userid,newrole,targetid');
     if (!$this->checkPrerequisites()) {
         return false;
     }
     if (!$this->isModerator()) {
         $this->setUpError('NO RIGHTS', $this->getRole());
         return false;
     }
     $target = new User(array('userid' => $this->get('targetid')));
     if ($this->get('newrole') == $target->getRole()) {
         $this->setUpError("ALREADY IN ROLE", $this->get('newrole'));
         return false;
     }
     $db = new DB();
     $query = 'UPDATE mototimes_users SET role=? WHERE id_vk=?';
     $stmt = $db->prepare($query);
     $stmt->bind_param('si', $this->get('newrole'), $this->get('targetid'));
     $stmt->execute();
     if ($stmt->errno != 0) {
         $this->setUpError("NO SUCH ROLE", $this->get('newrole'));
     } else {
         if ($stmt->affected_rows == 0) {
             $this->setUpError("NO USER", $this->get('targetid'));
         } else {
             $result = array('response' => 'ok');
             $this->setResult($result);
         }
     }
     $db->close();
     return true;
 }
Example #7
0
 function login()
 {
     //登录
     if (isset($_POST['name'])) {
         $model = new User();
         if ($model->check()) {
             //检查用户输入的用户名和密码是否有效
             setcookie('user', $_POST['name']);
             //有效则将用户信息存入cookie和session中
             $_SESSION['name'] = $model->getName();
             $_SESSION['id'] = $model->getID();
             $_SESSION['role'] = $model->getRole();
             header('location:http://' . $_SERVER['HTTP_HOST'] . '/WeiXianPin/index.php');
             //重定向到主页
             exit;
         } else {
             $error = '用户名或密码错误,请重新登录';
         }
     } else {
         $error = '';
     }
     //没有提交登录表单,自然没错
     include 'login.html.php';
     //进入登录页面并显示错误信息(如果没有则不显示)
 }
function getBiographicalFeature(User $user, $feature)
{
    switch ($feature) {
        case "name":
            $feat_str = $user->getName("%f %l");
            break;
        case "group":
            $feat_str = $user->getGroup();
            break;
        case "role":
            $feat_str = $user->getRole();
            break;
        case "photo":
            $official_photo = UserPhoto::get($user->getID(), UserPhoto::OFFICIAL);
            $feat_str = $official_photo->getFilename();
            break;
        case "organisation":
            $organisation = $user->getOrganisation();
            $feat_str = $organisation->getTitle();
            break;
        case "email":
            $feat_str = $user->getEmail();
            break;
        case "email_alt":
            $feat_str = $user->getEmailAlternate();
            break;
        case "address":
            $address = $user->getAddress();
            $postcode = $user->getPostalCode();
            $city = $user->getCity();
            $province = $user->getProvince();
            $prov_name = $province->getName();
            $country = $user->getCountry();
            $country_name = $country->getName();
            $feat_str = html_encode($address) . "<br />" . html_encode($city);
            if ($prov_name) {
                $feat_str .= ", " . html_encode($prov_name);
            }
            $feat_str .= "<br />";
            $feat_str .= html_encode($country_name);
            if ($postcode) {
                $feat_str .= ", " . html_encode($postcode);
            }
            break;
        case "phone":
            $feat_str = $user->getTelephone();
            break;
        case "fax":
            $feat_str = $user->getFax();
            break;
        default:
            Zend_Debug::dump($feature);
            return;
    }
    return $feat_str;
}
Example #9
0
 /**
  * @param user User
  * @param $token Token
  * @return UserDto
  */
 public function mapUserToDto(User $user, $token = null)
 {
     $userDto = new UserDto();
     $userDto->setId($user->getId());
     $userDto->setUserName($user->getUsername());
     $userDto->setEmail($user->getEmail());
     $userDto->setFirstName($user->getFirstName());
     $userDto->setLastName($user->getLastName());
     $userDto->setPicture($user->getPicture());
     $userDto->setFile($user->getFile());
     $userDto->setDisplay($user->getDisplay());
     $userDto->setRole($this->roleMapper->mapUserRoleToDto($user->getRole()));
     $userDto->setToken($token);
     return $userDto;
 }
Example #10
0
 function getRole($type = null)
 {
     if (isset(Yii::app()->user->id)) {
         $groups = User::getGroups($this->id);
         if ($role = User::getRole($this->id)) {
             $role['role'] = $groups[$role['groupId']];
             return $role;
         } else {
             $role['groupId'] = 6;
             $role['role'] = $groups[6];
             return $role;
         }
     } else {
         $role['groupId'] = 0;
         $role['role'] = 0;
         return $role;
     }
 }
Example #11
0
 /**
  * Checks whether the given user has acces to a resource.
  * First invokes the parent for general ACL verification, then checks the instance specifically
  * 
  * @param StitchPattern $resource
  * @param User $identity
  * @param string $privilege
  */
 public function __invoke(\StitchPattern\Model\StitchPattern $resource, $identity, $privilege)
 {
     $sharePrivilages = array('convert', 'upload', 'pddemulate');
     if (parent::__invoke('StitchPattern\\Controller', $privilege)) {
         if ($identity && $identity->getRole()->getName() == 'admin') {
             return true;
         } else {
             if ($identity && $resource->user_id == $identity->getId()) {
                 return true;
             } else {
                 if (in_array($privilege, $sharePrivilages) && $resource->shared) {
                     return true;
                 }
             }
         }
     }
     return false;
 }
 /**
  * 
  * @param User $user
  * @return int id of the User inserted in base. False if it didn't work.
  */
 public static function flush($user)
 {
     $userId = $user->getId();
     $login = $user->getLogin();
     $password = $user->getPassword();
     $mail = $user->getMail();
     $inscriptionDate = $user->getInscriptionDate();
     $firstName = $user->getFirstName();
     $lastName = $user->getLastName();
     $birthDate = $user->getBirthDate();
     $address = $user->getAddress();
     $phoneNumber = $user->getPhoneNumber();
     $avatar = $user->getAvatar();
     $role = $user->getRole()->getId();
     if ($userId > 0) {
         $sql = 'UPDATE user u SET ' . 'u.login = ?, ' . 'u.passwd = ?, ' . 'u.mail = ?, ' . 'u.inscription_date = ?, ' . 'u.first_name = ?, ' . 'u.last_name = ?, ' . 'u.birth_date = ?, ' . 'u.address = ?, ' . 'u.phone_number = ?, ' . 'u.avatar = ?, ' . 'u.ROLE_id_role = ? ' . 'WHERE u.id_user = ?';
         $params = array('ssssssssssii', &$login, &$password, &$mail, &$inscriptionDate, &$firstName, &$lastName, &$birthDate, &$address, &$phoneNumber, &$avatar, &$role, &$userId);
     } else {
         $sql = 'INSERT INTO user ' . '(login, passwd, mail, inscription_date, first_name, ' . 'last_name, birth_date, address, phone_number, avatar, ROLE_id_role) ' . 'VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)';
         $params = array('ssssssssssi', &$login, &$password, &$mail, &$inscriptionDate, &$firstName, &$lastName, &$birthDate, &$address, &$phoneNumber, &$avatar, &$role);
     }
     $idInsert = BaseSingleton::insertOrEdit($sql, $params);
     if ($idInsert !== false && $userId > 0) {
         $idInsert = $userId;
     }
     return $idInsert;
 }
Example #13
0
 /**
  * Lists the link filters currently in the system.
  *
  * @return array An array of information.
  */
 public static function getList()
 {
     $sql = 'SELECT
                 lfi_id,
                 lfi_description,
                 lfi_usr_role,
                 lfi_pattern,
                 lfi_replacement
             FROM
                 {{%link_filter}}
             ORDER BY
                 lfi_id';
     try {
         $res = DB_Helper::getInstance()->getAll($sql);
     } catch (DbException $e) {
         return array();
     }
     foreach ($res as &$row) {
         $sql = 'SELECT
                     plf_prj_id,
                     prj_title
                 FROM
                     {{%project_link_filter}},
                     {{%project}}
                 WHERE
                     prj_id = plf_prj_id AND
                     plf_lfi_id = ?';
         try {
             $projects = DB_Helper::getInstance()->getPair($sql, array($row['lfi_id']));
         } catch (DbException $e) {
             $projects = array();
         }
         if ($projects === null) {
             $projects = array();
         }
         $row['projects'] = array_keys($projects);
         $row['project_names'] = array_values($projects);
         $row['min_usr_role_name'] = User::getRole($row['lfi_usr_role']);
     }
     return $res;
 }
/**
 * This displays a person's name, picture etc. including basic biographical information and assistant info if relevant
 * @param User $user
 */
function display_person(User $user)
{
    global $ENTRADA_ACL;
    $photos = $user->getPhotos();
    $user_id = $user->getID();
    $is_administrator = $ENTRADA_ACL->amIallowed('user', 'update');
    $prefix = $user->getPrefix();
    $firstname = $user->getFirstname();
    $lastname = $user->getLastname();
    $fullname = $user->getName("%f %l");
    $departments = $user->getDepartments();
    if (0 < count($departments)) {
        $dep_titles = array();
        foreach ($departments as $department) {
            $dep_titles[] = ucwords($department->getTitle());
        }
        $group_line = implode("<br />", $dep_titles);
    } else {
        $group = $user->getGroup();
        $role = $user->getRole();
        $group_line = ucwords($group . " > " . ($group == "student" ? "Class of " : "") . $role);
    }
    $privacy_level = $user->getPrivacyLevel();
    $organisation = $user->getOrganisation();
    $org_name = $organisation ? $organisation->getTitle() : "";
    $email = 1 < $privacy_level || $is_administrator ? $user->getEmail() : "";
    $email_alt = $user->getAlternateEmail();
    if (2 < $privacy_level || $is_administrator) {
        $show_address = true;
        $city = $user->getCity();
        $province = $user->getProvince();
        $prov_name = $province->getName();
        $country = $user->getCountry();
        $country_name = $country->getName();
        $phone = $user->getTelephone();
        $fax = $user->getFax();
        $address = $user->getAddress();
        $postcode = $user->getPostalCode();
        $office_hours = $user->getOfficeHours();
    }
    $assistants = $user->getAssistants();
    //there are 4 photo cases (at time of writing): no photos, official only, uploaded only, or both.
    //privacy options also need to be considered here.
    ob_start();
    ?>
	<div id="result-<?php 
    echo $user_id;
    ?>
" class="person-result">
		<div id="img-holder-<?php 
    echo $user_id;
    ?>
" class="img-holder">
		<?php 
    $num_photos = count($photos);
    if (0 === $num_photos) {
        echo display_photo_placeholder();
    } else {
        foreach ($photos as $photo) {
            echo display_photo($photo);
        }
        if (2 <= $num_photos) {
            $label = 0;
            foreach ($photos as $photo) {
                echo display_photo_link($photo, ++$label);
            }
        }
        echo display_zoom_controls($user_id);
    }
    ?>
		</div>
		<div class="person-data">
			<div class="basic">
				<span class="person-name"><?php 
    echo html_encode($fullname);
    ?>
</span>
				<span class="person-group"><?php 
    echo html_encode($group_line);
    ?>
</span>
				<span class="person-organisation"><?php 
    echo html_encode($org_name);
    ?>
</span>
				<div class="email-container">
				<?php 
    if ($email) {
        echo display_person_email($email);
        if ($email_alt) {
            echo display_person_email($email_alt);
        }
    }
    ?>
				</div>
			</div>
			<div class="address">
			<?php 
    if ($show_address) {
        if ($phone) {
            ?>
						<div>
							<span class="address-label">Telephone:</span>
							<span class="address-value"><?php 
            echo html_encode($phone);
            ?>
</span>
						</div>
						<?php 
        }
        if ($fax) {
            ?>
						<div>
							<span class="address-label">Fax:</span>
							<span class="address-value"><?php 
            echo html_encode($fax);
            ?>
</span>
						</div>
						<?php 
        }
        if ($address && $city) {
            ?>
						<div>
							<span class="address-label">Address:</span><br />
							<span class="address-value">
							<?php 
            echo html_encode($address) . "<br />" . html_encode($city);
            if ($prov_name) {
                echo ", " . html_encode($prov_name);
            }
            echo "<br />";
            echo html_encode($country_name);
            if ($postcode) {
                echo ", " . html_encode($postcode);
            }
            ?>
							</span>
						</div>
						<?php 
        }
        if ($office_hours) {
            ?>
						<div>
							<span class="address-label">Office Hours:</span>
							<span class="address-value"><?php 
            echo html_encode($office_hours);
            ?>
</span>
						</div>
						<?php 
        }
    }
    ?>
			</div>
			<div class="assistant"><?php 
    if (count($assistants) > 0) {
        ?>
				<span class="content-small">Administrative Assistants:</span>
				<ul class="assistant-list">
					<?php 
        foreach ($assistants as $assistant) {
            echo "<li>" . display_person_email($assistant->getEmail(), $assistant->getName("%f %l")) . "</li>";
        }
        ?>
				</ul><?php 
    }
    ?>
			</div>
		</div>
		<div></div>
		<div class="clearfix">&nbsp;</div>
	</div>

	<?php 
    return ob_get_clean();
}
Example #15
0
 /**
  * Method used to get the list of custom fields available in the
  * system.
  *
  * @return  array The list of custom fields
  */
 public static function getList()
 {
     $stmt = 'SELECT
                 *
              FROM
                 {{%custom_field}}
              ORDER BY
                 fld_rank ASC';
     try {
         $res = DB_Helper::getInstance()->getAll($stmt);
     } catch (DbException $e) {
         return '';
     }
     foreach ($res as &$row) {
         $row['projects'] = @implode(', ', array_values(self::getAssociatedProjects($row['fld_id'])));
         if ($row['fld_type'] == 'combo' || $row['fld_type'] == 'multiple') {
             if (!empty($row['fld_backend'])) {
                 $row['field_options'] = implode(', ', array_values(self::getOptions($row['fld_id'])));
             }
         }
         if (!empty($row['fld_backend'])) {
             $row['field_options'] = 'Backend: ' . self::getBackendName($row['fld_backend']);
         }
         $row['min_role_name'] = User::getRole($row['fld_min_role']);
     }
     return $res;
 }
Example #16
0
<?php

$this->breadcrumbs = array(UserModule::t('Users') => array('admin'), $model->userLogin->username);
?>
<h1><?php 
echo UserModule::t('View User') . ' "' . $model->userLogin->username . '"';
?>
</h1>

<?php 
echo $this->renderPartial('_menu', array('list' => array(CHtml::link(UserModule::t('Create User'), array('create')), CHtml::link(UserModule::t('Update User'), array('update', 'id' => $model->user_id)), CHtml::linkButton(UserModule::t('Delete User'), array('submit' => array('delete', 'id' => $model->user_id), 'confirm' => UserModule::t('Are you sure to delete this item?'))))));
$this->widget('zii.widgets.CDetailView', array('data' => $model, 'attributes' => array('name', array('name' => 'Username', 'value' => $model->userLogin->username), 'mobile', 'email', array('name' => 'Address', 'value' => $model->address1 . "\n" . $model->address2), 'city', 'state', 'country', 'pincode', array('name' => 'Created on', 'value' => date("d.m.Y H:i:s", strtotime($model->create_ts))), array('name' => 'Updated By', 'type' => 'raw', 'value' => $model->updated_by > 0 ? isset($model->updatedBy) ? CHtml::link(CHtml::encode($model->updatedBy->name), array("admin/view", "id" => $model->updatedBy->user_id)) : $model->updated_by : 'Unavailable'), array('name' => 'Updated on', 'value' => date("d.m.Y H:i:s", strtotime($model->update_ts))), array('name' => 'Role', 'value' => User::getRole($model->role)), array('name' => 'Last Visited On', 'value' => isset($model->userLogin->last_login) ? date("d.m.Y H:i:s", strtotime($model->userLogin->last_login)) : 'Never Logged In'))));
Example #17
0
 /**
  * Method used to get the list of issues to be displayed in the grid layout.
  *
  * @access  public
  * @param   array $options The search parameters
  * @return  string The where clause
  */
 function buildWhereClause($options)
 {
     $usr_id = Auth::getUserID();
     $prj_id = Auth::getCurrentProject();
     $role_id = User::getRoleByUser($usr_id, $prj_id);
     $stmt = ' AND iss_usr_id = en_ID';
     if (User::getRole($role_id) == "Customer") {
         $stmt .= " AND iss_customer_id=" . User::getCustomerID($usr_id);
     } elseif ($role_id <= User::getRoleID("Standard User") && Project::getSegregateReporters($prj_id)) {
         $stmt .= " AND (\n                        iss_usr_id = {$usr_id} OR\n                        iur_usr_id = {$usr_id} OR\n                        isu_usr_id = {$usr_id}\n                        )";
     }
     if (!empty($options["users"])) {
         $stmt .= " AND (\n";
         if (stristr($options["users"], "grp") !== false) {
             $chunks = explode(":", $options["users"]);
             $stmt .= 'iss_grp_id = ' . Misc::escapeInteger($chunks[1]);
         } else {
             if ($options['users'] == '-1') {
                 $stmt .= 'isu_usr_id IS NULL';
             } elseif ($options['users'] == '-2') {
                 $stmt .= 'isu_usr_id IS NULL OR isu_usr_id=' . $usr_id;
             } elseif ($options['users'] == '-3') {
                 $stmt .= 'isu_usr_id = ' . $usr_id . ' OR iss_grp_id = ' . User::getGroupID($usr_id);
             } elseif ($options['users'] == '-4') {
                 $stmt .= 'isu_usr_id IS NULL OR isu_usr_id = ' . $usr_id . ' OR iss_grp_id = ' . User::getGroupID($usr_id);
             } else {
                 $stmt .= 'isu_usr_id =' . Misc::escapeInteger($options["users"]);
             }
         }
         $stmt .= ')';
     }
     if (!empty($options["reporter"])) {
         $stmt .= " AND iss_usr_id = " . Misc::escapeInteger($options["reporter"]);
     }
     if (!empty($options["show_authorized_issues"])) {
         $stmt .= " AND (iur_usr_id={$usr_id})";
     }
     if (!empty($options["show_notification_list_issues"])) {
         $stmt .= " AND (sub_usr_id={$usr_id})";
     }
     if (!empty($options["keywords"])) {
         $stmt .= " AND (\n";
         if ($options['search_type'] == 'all_text' && APP_ENABLE_FULLTEXT) {
             $stmt .= "iss_id IN(" . join(', ', Issue::getFullTextIssues($options)) . ")";
         } elseif ($options['search_type'] == 'customer' && Customer::hasCustomerIntegration($prj_id)) {
             // check if the user is trying to search by customer email
             $customer_ids = Customer::getCustomerIDsLikeEmail($prj_id, $options['keywords']);
             if (count($customer_ids) > 0) {
                 $stmt .= " iss_customer_id IN (" . implode(', ', $customer_ids) . ")";
             } else {
                 // no results, kill query
                 $stmt .= " iss_customer_id = -1";
             }
         } else {
             $stmt .= "(" . Misc::prepareBooleanSearch('iss_summary', $options["keywords"]);
             $stmt .= " OR " . Misc::prepareBooleanSearch('iss_description', $options["keywords"]) . ")";
         }
         $stmt .= "\n) ";
     }
     if (!empty($options["priority"])) {
         $stmt .= " AND iss_pri_id=" . Misc::escapeInteger($options["priority"]);
     }
     if (!empty($options["status"])) {
         $stmt .= " AND iss_sta_id=" . Misc::escapeInteger($options["status"]);
     }
     if (!empty($options["category"])) {
         $stmt .= " AND iss_prc_id=" . Misc::escapeInteger($options["category"]);
     }
     if (!empty($options["hide_closed"])) {
         $stmt .= " AND sta_is_closed=0";
     }
     if (!empty($options["hide_answered"])) {
         $stmt .= " AND iss_control_status='Unanswered'";
     }
     if (!empty($options['release'])) {
         $stmt .= " AND iss_pre_id = " . Misc::escapeInteger($options['release']);
     }
     // now for the date fields
     $date_fields = array('created_date', 'updated_date', 'last_response_date', 'first_response_date', 'closed_date');
     foreach ($date_fields as $field_name) {
         if (!empty($options[$field_name])) {
             switch ($options[$field_name]['filter_type']) {
                 case 'greater':
                     $stmt .= " AND iss_{$field_name} >= '" . Misc::escapeString($options[$field_name]['start']) . "'";
                     break;
                 case 'less':
                     $stmt .= " AND iss_{$field_name} <= '" . Misc::escapeString($options[$field_name]['start']) . "'";
                     break;
                 case 'between':
                     $stmt .= " AND iss_{$field_name} BETWEEN '" . Misc::escapeString($options[$field_name]['start']) . "' AND '" . Misc::escapeString($options[$field_name]['end']) . "'";
                     break;
                 case 'null':
                     $stmt .= " AND iss_{$field_name} IS NULL";
                     break;
                 case 'in_past':
                     if (strlen($options[$field_name]['time_period']) == 0) {
                         $options[$field_name]['time_period'] = 0;
                     }
                     $stmt .= " AND (UNIX_TIMESTAMP('" . Date_API::getCurrentDateGMT() . "') - UNIX_TIMESTAMP(iss_{$field_name})) <= (" . Misc::escapeInteger($options[$field_name]['time_period']) . "*3600)";
                     break;
                 case 'not_in_past':
                     if (strlen($options[$field_name]['time_period']) == 0) {
                         $options[$field_name]['time_period'] = 0;
                     }
                     $stmt .= " AND \n\t\t\t\t\t\t(\n\t\t\t\t\t\t\tiss_{$field_name} is NULL || \n\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t(UNIX_TIMESTAMP('" . Date_API::getCurrentDateGMT() . "') - UNIX_TIMESTAMP(iss_{$field_name})) > (" . Misc::escapeInteger($options[$field_name]['time_period']) . "*3600)\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t)\n\t\t\t\t\t\t)";
                     break;
             }
         }
     }
     // custom fields
     if (is_array($options['custom_field']) && count($options['custom_field']) > 0) {
         foreach ($options['custom_field'] as $fld_id => $search_value) {
             if (empty($search_value)) {
                 continue;
             }
             $field = Custom_Field::getDetails($fld_id);
             if ($field['fld_type'] == 'multiple') {
                 $search_value = Misc::escapeInteger($search_value);
                 foreach ($search_value as $cfo_id) {
                     $stmt .= " AND\n cf" . $fld_id . '_' . $cfo_id . ".icf_iss_id = iss_id";
                     $stmt .= " AND\n cf" . $fld_id . '_' . $cfo_id . ".icf_fld_id = {$fld_id}";
                     $stmt .= " AND\n cf" . $fld_id . '_' . $cfo_id . ".icf_value = {$cfo_id}";
                 }
             } elseif ($field['fld_type'] == 'date') {
                 if (empty($search_value['Year']) || empty($search_value['Month']) || empty($search_value['Day'])) {
                     continue;
                 }
                 $search_value = $search_value['Year'] . "-" . $search_value['Month'] . "-" . $search_value['Day'];
                 $stmt .= " AND\n (iss_id = cf" . $fld_id . ".icf_iss_id AND\n                        cf" . $fld_id . ".icf_value = '" . Misc::escapeString($search_value) . "')";
             } else {
                 $stmt .= " AND\n (iss_id = cf" . $fld_id . ".icf_iss_id";
                 $stmt .= " AND\n cf" . $fld_id . ".icf_fld_id = {$fld_id}";
                 if (in_array($field['fld_type'], array('text', 'textarea'))) {
                     $stmt .= " AND cf" . $fld_id . ".icf_value LIKE '%" . Misc::escapeString($search_value) . "%'";
                 } elseif ($field['fld_type'] == 'combo') {
                     $stmt .= " AND cf" . $fld_id . ".icf_value IN(" . join(', ', Misc::escapeInteger($search_value)) . ")";
                 }
                 $stmt .= ')';
             }
         }
     }
     // clear cached full-text values if we are not searching fulltext anymore
     if (APP_ENABLE_FULLTEXT && @$options['search_type'] != 'all_text') {
         Session::set('fulltext_string', '');
         Session::set('fulltext_issues', '');
     }
     return $stmt;
 }
Example #18
0
/**
* @package CandyCMS
* @version 0.1
* @copyright Copyright 2012 (C) Cocoon Design Ltd. - All Rights Reserved
* 
* Login page for CandyCMS admin
*/
session_start();
if (isset($_SESSION['loggedin'])) {
    header('Location: dashboard.php');
}
require 'bootstrap.php';
if (isset($_POST['username'])) {
    $login = Login::signin($_POST['username'], $_POST['password']);
    if ($login != false) {
        $role = User::getRole($_POST['username']);
        $_SESSION['loggedin'] = 'true';
        $_SESSION['username'] = $_POST['username'];
        $_SESSION['role'] = $role;
        header('Location: dashboard.php');
    }
}
?>

<!DOCTYPE html>
<html lang="en">
<head>
	<meta charset="utf-8">
	<title>CMS Login</title>
	<link rel="stylesheet" href="css/login.css" type="text/css" />
	<!--[if lt IE 9]>
 /**
  * Processes the template and assign common variables automatically.
  * @return $this
  */
 private function processTemplate()
 {
     $core = array('rel_url' => APP_RELATIVE_URL, 'base_url' => APP_BASE_URL, 'app_title' => APP_NAME, 'app_version' => APP_VERSION, 'app_setup' => Setup::load(), 'messages' => Misc::getMessages(), 'roles' => User::getAssocRoleIDs(), 'auth_backend' => APP_AUTH_BACKEND, 'current_url' => $_SERVER['PHP_SELF']);
     // If VCS version is present "Eventum 2.3.3-148-g78b3368", link ref to github
     $vcsVersion = self::getVcsVersion();
     if ($vcsVersion) {
         $link = "https://github.com/eventum/eventum/commit/{$vcsVersion}";
         $core['application_version_link'] = $link;
         // append VCS version if not yet there
         if (!preg_match('/-g[0-9a-f]+$/', APP_VERSION)) {
             $core['app_version'] = "v{$core['app_version']}-g{$vcsVersion}";
         }
     }
     $usr_id = Auth::getUserID();
     if ($usr_id) {
         $core['user'] = User::getDetails($usr_id);
         $prj_id = Auth::getCurrentProject();
         $setup = Setup::load();
         if (!empty($prj_id)) {
             $role_id = User::getRoleByUser($usr_id, $prj_id);
             $has_crm = CRM::hasCustomerIntegration($prj_id);
             $core = $core + array('project_id' => $prj_id, 'project_name' => Auth::getCurrentProjectName(), 'has_crm' => $has_crm, 'current_role' => $role_id, 'current_role_name' => User::getRole($role_id), 'feature_access' => Access::getFeatureAccessArray($usr_id));
             if ($has_crm) {
                 $crm = CRM::getInstance($prj_id);
                 $core['crm_template_path'] = $crm->getTemplatePath();
                 if ($role_id == User::getRoleID('Customer')) {
                     try {
                         $contact = $crm->getContact($core['user']['usr_customer_contact_id']);
                         $core['allowed_customers'] = $contact->getCustomers();
                         $core['current_customer'] = $crm->getCustomer(Auth::getCurrentCustomerID(false));
                     } catch (CRMException $e) {
                     }
                 }
             }
         }
         $info = User::getDetails($usr_id);
         $raw_projects = Project::getAssocList(Auth::getUserID(), false, true);
         $active_projects = array();
         foreach ($raw_projects as $prj_id => $prj_info) {
             if ($prj_info['status'] == 'archived') {
                 $prj_info['prj_title'] .= ' ' . ev_gettext('(archived)');
             }
             $active_projects[$prj_id] = $prj_info['prj_title'];
         }
         $core = $core + array('active_projects' => $active_projects, 'current_full_name' => $info['usr_full_name'], 'current_email' => $info['usr_email'], 'current_user_id' => $usr_id, 'current_user_datetime' => Date_Helper::getISO8601date('now', '', true), 'is_current_user_clocked_in' => User::isCLockedIn($usr_id), 'is_anon_user' => Auth::isAnonUser(), 'is_current_user_partner' => !empty($info['usr_par_code']), 'roles' => User::getAssocRoleIDs(), 'current_user_prefs' => Prefs::get(Auth::getUserID()));
         $this->assign('current_full_name', $core['user']['usr_full_name']);
         $this->assign('current_email', $core['user']['usr_email']);
         $this->assign('current_user_id', $usr_id);
         $this->assign('handle_clock_in', $setup['handle_clock_in'] == 'enabled');
         $this->assign('is_current_user_clocked_in', User::isClockedIn($usr_id));
         $this->assign('roles', User::getAssocRoleIDs());
     }
     $this->assign('core', $core);
     return $this;
 }
Example #20
0
$action = fRequest::get('action');
// --------------------------------- //
if ('log_out' == $action) {
    fAuthorization::destroyUserInfo();
    fSession::destroy();
    fMessaging::create('success', User::makeUrl('login'), 'You were successfully logged out');
    fURL::redirect(User::makeUrl('login'));
    // --------------------------------- //
} else {
    if (!fAuthorization::checkLoggedIn()) {
        if (fRequest::isPost()) {
            try {
                $user = new User(array('username' => fRequest::get('username')));
                $valid_pass = fCryptography::checkPasswordHash(fRequest::get('password'), $user->getPassword());
                if (!$valid_pass) {
                    throw new fValidationException('The login or password entered is invalid');
                }
                fAuthorization::setUserToken($user->getEmail());
                fAuthorization::setUserAuthLevel($user->getRole());
                fSession::set('user_id', $user->getUserId());
                fSession::set('user_name', $user->getUsername());
                fURL::redirect(fAuthorization::getRequestedURL(TRUE, 'index.php'));
            } catch (fExpectedException $e) {
                fMessaging::create('error', fURL::get(), $e->getMessage());
            }
        }
        include VIEW_PATH . '/log_in.php';
    } else {
        fURL::redirect('index.php');
    }
}
 /**
  * Method used to get the list of custom fields available in the
  * system.
  *
  * @access  public
  * @return  array The list of custom fields
  */
 function getList()
 {
     $stmt = "SELECT\n                    *\n                 FROM\n                    " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "custom_field\n                 ORDER BY\n                    fld_rank ASC";
     $res = $GLOBALS["db_api"]->dbh->getAll($stmt, DB_FETCHMODE_ASSOC);
     if (PEAR::isError($res)) {
         Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
         return "";
     } else {
         for ($i = 0; $i < count($res); $i++) {
             $res[$i]["projects"] = @implode(", ", array_values(Custom_Field::getAssociatedProjects($res[$i]["fld_id"])));
             if ($res[$i]["fld_type"] == "combo" || $res[$i]["fld_type"] == "multiple") {
                 if (!empty($res[$i]['fld_backend'])) {
                     $res[$i]["field_options"] = @implode(", ", array_values(Custom_Field::getOptions($res[$i]["fld_id"])));
                 }
             }
             if (!empty($res[$i]['fld_backend'])) {
                 $res[$i]['field_options'] = 'Backend: ' . Custom_Field::getBackendName($res[$i]['fld_backend']);
             }
             $res[$i]['min_role_name'] = @User::getRole($res[$i]['fld_min_role']);
         }
         return $res;
     }
 }
Example #22
0
        }
        // if we are dealing with just one message, use the subject line as the
        // summary for the issue, and the body as the description
        if (count($HTTP_GET_VARS["item"]) == 1) {
            $email_details = Support::getEmailDetails(Email_Account::getAccountByEmail($HTTP_GET_VARS["item"][0]), $HTTP_GET_VARS["item"][0]);
            $tpl->assign(array('issue_summary' => $email_details['sup_subject'], 'issue_description' => $email_details['message']));
            // also auto pre-fill the customer contact text fields
            if (Customer::hasCustomerIntegration($prj_id)) {
                $sender_email = Mail_API::getEmailAddress($email_details['sup_from']);
                list(, $contact_id) = Customer::getCustomerIDByEmails($prj_id, array($sender_email));
                if (!empty($contact_id)) {
                    $tpl->assign("contact_details", Customer::getContactDetails($prj_id, $contact_id));
                }
            }
        }
    }
}
$tpl->assign(array("cats" => Category::getAssocList($prj_id), "priorities" => Priority::getAssocList($prj_id), "users" => Project::getUserAssocList($prj_id, 'active', User::getRoleID('Customer')), "releases" => Release::getAssocList($prj_id), "custom_fields" => Custom_Field::getListByProject($prj_id, 'report_form'), "max_attachment_size" => Attachment::getMaxAttachmentSize(), "field_display_settings" => Project::getFieldDisplaySettings($prj_id), "groups" => Group::getAssocList($prj_id)));
$setup = Setup::load();
$tpl->assign("allow_unassigned_issues", @$setup["allow_unassigned_issues"]);
$prefs = Prefs::get($usr_id);
$tpl->assign("user_prefs", $prefs);
$tpl->assign("zones", Date_API::getTimezoneList());
if (User::getRole(Auth::getCurrentRole()) == "Customer") {
    $customer_contact_id = User::getCustomerContactID($usr_id);
    $tpl->assign("contact_details", Customer::getContactDetails($prj_id, $customer_contact_id));
    $customer_id = User::getCustomerID($usr_id);
    $tpl->assign("contacts", Customer::getContactEmailAssocList($prj_id, $customer_id));
    $tpl->assign(array("customer_id" => User::getCustomerID($usr_id), "contact_id" => User::getCustomerContactID($usr_id)));
}
$tpl->displayTemplate();
Example #23
0
<?php

$user_id = '3';
$u = new User();
$u->load($user_id);
$rolle = $u->getRole();
//html::showAll($rolle);
$vname = $rolle->getVorname();
$nname = $rolle->getNachname();
$geburtstag_db = $u->getGeburtstag();
$nick = $u->getLogin();
$email = $u->getEmail();
$beschreibung = $rolle->getBeschreibung();
$klasse_id = $rolle->getKlasse_Id();
$k = new Klasse();
$k->load($klasse_id);
$klasse = $k->getName();
//Umwandlung der DB-Schreibweise in die EU-Schreibweise
$geburtstag = html::buildDateFromMysql($geburtstag_db);
//Errechung des Alters
$alter = html::buildDateToAge($geburtstag);
?>

<html>
<head>
<title>Profil &auml;ndern</title>
</head>
<body>
	<form method="post" action="index.phpaction=save&what=edituser">
    <input type="hidden" name="user_id" value="<?php 
echo $user_id;
Example #24
0
 public function testGetSetRole()
 {
     $user = new User();
     $user->setRole('user');
     $this->assertEquals('user', $user->getRole());
 }
Example #25
0
 /**
  * Method used to get an associative array of project ID and title
  * of all projects available in the system to a given user ID.
  *
  * @access  public
  * @param   integer $usr_id The user ID
  * @param   boolean $force_refresh If the cache should not be used.
  * @param   boolean $include_role if the user role should be included.
  * @return  array The list of projects
  */
 function getAssocList($usr_id, $force_refresh = false, $include_role = false)
 {
     static $returns;
     if (!empty($returns[$usr_id][$include_role]) && $force_refresh != true) {
         return $returns[$usr_id][$include_role];
     }
     $stmt = "SELECT\n                    prj_id,\n                    prj_title";
     if ($include_role) {
         $stmt .= ",\npru_role";
     }
     $stmt .= "\n                 FROM\n                    " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "project,\n                    " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "project_user\n                 WHERE\n                    prj_id=pru_prj_id AND\n                    pru_usr_id=" . Misc::escapeInteger($usr_id) . "\n                 ORDER BY\n                    prj_title";
     if ($include_role) {
         $res = $GLOBALS["db_api"]->dbh->getAssoc($stmt, true, array(), DB_FETCHMODE_ASSOC);
     } else {
         $res = $GLOBALS["db_api"]->dbh->getAssoc($stmt);
     }
     if (PEAR::isError($res)) {
         Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
         return "";
     } else {
         if ($include_role) {
             foreach ($res as $prj_id => $data) {
                 $res[$prj_id]['role'] = User::getRole($data['pru_role']);
             }
         }
         $returns[$usr_id][$include_role] = $res;
         return $res;
     }
 }
Example #26
0
 /**
  * Processes the template and assigns common variables automatically.
  * 
  * @access	private
  */
 function processTemplate()
 {
     global $HTTP_SERVER_VARS;
     // determine the correct CSS file to use
     if (ereg('MSIE ([0-9].[0-9]{1,2})', @$HTTP_SERVER_VARS["HTTP_USER_AGENT"], $log_version)) {
         $user_agent = 'ie';
     } else {
         $user_agent = 'other';
     }
     $this->assign("user_agent", $user_agent);
     // create the list of projects
     $usr_id = Auth::getUserID();
     if ($usr_id != '') {
         $prj_id = Auth::getCurrentProject();
         if (!empty($prj_id)) {
             $role_id = User::getRoleByUser($usr_id, $prj_id);
             $this->assign("current_project", $prj_id);
             $this->assign("current_project_name", Auth::getCurrentProjectName());
             $has_customer_integration = Customer::hasCustomerIntegration($prj_id);
             $this->assign("has_customer_integration", $has_customer_integration);
             if ($has_customer_integration) {
                 $this->assign("customer_backend_name", Customer::getBackendImplementationName($prj_id));
             }
             if ($role_id == User::getRoleID('administrator') || $role_id == User::getRoleID('manager')) {
                 $this->assign("show_admin_link", true);
             }
             if ($role_id > 0) {
                 $this->assign("current_role", (int) $role_id);
                 $this->assign("current_role_name", User::getRole($role_id));
             }
         }
         $info = User::getNameEmail($usr_id);
         $this->assign("active_projects", Project::getAssocList($usr_id));
         $this->assign("current_full_name", $info["usr_full_name"]);
         $this->assign("current_email", $info["usr_email"]);
         $this->assign("current_user_id", $usr_id);
         $this->assign("is_current_user_clocked_in", User::isClockedIn($usr_id));
         $this->assign("roles", User::getAssocRoleIDs());
     }
     $this->assign("app_setup", Setup::load());
     $this->assign("app_setup_path", APP_SETUP_PATH);
     $this->assign("app_setup_file", APP_SETUP_FILE);
     $this->assign("application_version", APP_VERSION);
     $this->assign("application_title", APP_NAME);
     $this->assign("app_base_url", APP_BASE_URL);
     $this->assign("rel_url", APP_RELATIVE_URL);
     $this->assign("lang", APP_CURRENT_LANG);
     $this->assign("SID", SID);
     // now for the browser detection stuff
     Net_UserAgent_Detect::detect();
     $this->assign("browser", Net_UserAgent_Detect::_getStaticProperty('browser'));
     $this->assign("os", Net_UserAgent_Detect::_getStaticProperty('os'));
     // this is only used by the textarea resize script
     $js_script_name = str_replace('/', '_', str_replace('.php', '', $HTTP_SERVER_VARS['PHP_SELF']));
     $this->assign("js_script_name", $js_script_name);
     $this->assign("total_queries", $GLOBALS['TOTAL_QUERIES']);
     $this->assign(array("cell_color" => APP_CELL_COLOR, "light_color" => APP_LIGHT_COLOR, "middle_color" => APP_MIDDLE_COLOR, "dark_color" => APP_DARK_COLOR, "cycle" => APP_CYCLE_COLORS, "internal_color" => APP_INTERNAL_COLOR));
 }
Example #27
0
 public function getRole()
 {
     $this->__load();
     return parent::getRole();
 }
Example #28
0
 /**
  * Method used to get an associative array of project ID and title
  * of all projects available in the system to a given user ID.
  *
  * @param   integer $usr_id The user ID
  * @param   boolean $force_refresh If the cache should not be used.
  * @param   boolean $include_extra If extra data should be included.
  * @return  array The list of projects
  */
 public static function getAssocList($usr_id, $force_refresh = false, $include_extra = false)
 {
     static $returns;
     if (!empty($returns[$usr_id][$include_extra]) && $force_refresh != true) {
         return $returns[$usr_id][$include_extra];
     }
     $stmt = 'SELECT
                 prj_id,
                 prj_title';
     if ($include_extra) {
         $stmt .= ',
                 pru_role,
                 prj_status as status';
     }
     $stmt .= '
              FROM
                 {{%project}},
                 {{%project_user}}
              WHERE
                 prj_id=pru_prj_id AND
                 pru_usr_id=? AND
                 (
                     prj_status <> ? OR
                     pru_role >= ?
                 )
              ORDER BY
                 prj_title';
     try {
         $params = array($usr_id, 'archived', User::getRoleID('Manager'));
         if ($include_extra) {
             $res = DB_Helper::getInstance()->fetchAssoc($stmt, $params, DB_FETCHMODE_ASSOC);
         } else {
             $res = DB_Helper::getInstance()->getPair($stmt, $params);
         }
     } catch (DbException $e) {
         return '';
     }
     if ($include_extra) {
         foreach ($res as $prj_id => $data) {
             $res[$prj_id]['role'] = User::getRole($data['pru_role']);
         }
     }
     $returns[$usr_id][$include_extra] = $res;
     return $res;
 }
function getUserCategoryValues(User $eUser, MetaDataType $category)
{
    $org_id = $eUser->getOrganisationId();
    $group = $eUser->getGroup();
    $role = $eUser->getRole();
    $proxy_id = $eUser->getID();
    return MetaDataValues::get($org_id, $group, $role, $proxy_id, $category, true, array("order by" => array(array("meta_value_id", "desc"))));
}
 /**
  * @see IUserAuthentication::logoutUser()
  */
 public function logoutUser(User $currentUser)
 {
     if ($currentUser->getRole() == ROLE_USER) {
         $currentUser->id = null;
         $currentUser->username = null;
         $currentUser->email = null;
         $_SESSION = array();
         session_destroy();
         CookieHelper::destroyCookie('user');
     }
 }