$user = new user();
$json .= $user->login('foo', 'test');
echo "<em>Login failure session</em>";
var_dump($_SESSION);
echo "<em>Login failure admin check</em>";
var_dump($user->isAdmin());
//False
//Fail
var_dump($user);
$user = '';
$user = new user();
$json .= $user->login('Second User', 'test');
echo "<em>Second User Session</em>";
var_dump($_SESSION);
echo "<em>Second user admin check</em>";
var_dump($user->isAdmin());
//False
//Soft fail
var_dump($user);
$json .= $user->logout();
$json = str_replace('}{', '},{', "[{$json}]");
if (RETURN_JSON) {
var_dump($json);
} else {
var_dump(json_decode($json));
}
$db->query("TRUNCATE tbl_user; TRUNCATE tbl_session; TRUNCATE tbl_log;");
try {
$db->execute();
} catch (Exception $e) {
return array("Database error: " . $e->getMessage(), 1);
public function testRoleTwoIsNotAdmin()
{
$u = new user();
$u->setRole(2);
$this->assertFalse($u->isAdmin());
}
public function is_admin()
{
return $this->user->isAdmin();
}
function auth_check($atom)
{
global $dbh;
static $karma;
require_once "Damblan/Karma.php";
global $auth_user;
// admins are almighty
if (user::isAdmin($auth_user->handle)) {
return true;
}
// Check for backwards compatibility
if (is_bool($atom)) {
if ($atom == true) {
$atom = "pear.admin";
} else {
$atom = "pear.dev";
}
}
// every authenticated user has the pear.user and pear.dev karma
if (in_array($atom, array("pear.user", "pear.dev"))) {
return true;
}
if (!isset($karma)) {
$karma = new Damblan_Karma($dbh);
}
$a = $karma->has($auth_user->handle, $atom);
if (PEAR::isError($a)) {
return false;
}
return $a;
}
$bb->horizHeadRow("Description", nl2br($description));
if (!empty($homepage)) {
$bb->horizHeadRow("Homepage", make_link($homepage));
}
if ($relid) {
// Find correct version for given release id
foreach ($pkg['releases'] as $r_version => $release) {
if ($release['id'] != $relid) {
continue;
}
$bb->horizHeadRow("Release notes<br />Version " . $version . "<br />(" . $release['state'] . ")", nl2br($release['releasenotes']));
break;
}
}
if (!empty($auth_user)) {
$bb->fullRow("<div align=\"right\">" . make_link("/package-edit.php?id={$pacid}", make_image("edit.gif", "Edit package information")) . (user::isAdmin($auth_user->handle) ? " " . make_link("/package-delete.php?id={$pacid}", make_image("delete.gif", "Delete package")) : "") . " [" . make_link("/admin/package-maintainers.php?pid={$pacid}", "Edit maintainers") . "]</div>");
}
$bb->end();
// }}}
// {{{ latest/cvs/changelog links
?>
<br />
<table border="0" cellspacing="3" cellpadding="3" height="48" width="90%" align="center">
<tr>
<?php
$get_link = make_link("/get/{$name}", 'Latest Tarball');
if ($version) {
$changelog_link = make_link("/package-changelog.php?package=" . $pkg['name'] . '&release=' . $version, 'Changelog');
} else {
$changelog_link = make_link("/package-changelog.php?package=" . $pkg['name'], 'Changelog');
function isAllowed($package)
{
global $auth_user;
auth_require();
$lead = in_array($auth_user->handle, array_keys(maintainer::get($package, true)));
$admin = user::isAdmin($auth_user->handle);
return $lead || $admin;
}
public function boot_user()
{
global $user, $db;
if (!empty($this->params['id'])) {
$u = new user($this->params['id']);
if ($user->isSuperAdmin() || $user->isActingAdmin() && !$u->isAdmin()) {
// We can only kick the user if they are A) not an acting admin, or
// B) The current user is a super user and the kicked user is not.
$db->delete('sessionticket', 'uid=' . $u->id);
}
}
expHistory::back();
}
static function getUserCart()
{
global $db, $user, $router;
$sessAr = expSession::get('verify_shopper');
// initialize this users cart if they have ecomm installed.
$active = $db->selectValue('modstate', 'active', 'module="storeController"');
if (!expModules::controllerExists('cart') || empty($active)) {
// if ecomm is turned off, no cart.
return null;
} else {
if (isset($router->params['controller']) && $router->params['controller'] == 'order' && ($router->params['action'] == 'verifyReturnShopper' || $router->params['action'] == 'verifyAndRestoreCart' || $router->params['action'] == 'clearCart') && (!isset($sessAr['validated']) || $sessAr['validated'] != true)) {
return new order();
} else {
// if ecomm is turned off, no cart.
//$active = ;
if (empty($active)) {
return null;
}
$order = new order();
//initialize a new order object to use the find function from.
$ticket = expSession::getTicketString();
//get this users session ticket. this is how we track anonymous users.
// grab the origional referrer from the session table so that we can transfer it into the cart where it will be used for reporting purposes
// sessions are temporary so we can't report on the referrer in the session table itsef because it may not be there
// and we can't just get the referrer ar this point becaues the user likely navigated the site a bit and we want the origional referring site
$orig_referrer = $db->selectValue('sessionticket', 'referrer', "`ticket`='" . $ticket . "'");
//see if we have a LIVE and ACTIVE session w/ cart and grab it if so
$sessioncart = $order->find('first', "invoice_id='' AND sessionticket_ticket='" . $ticket . "'");
//check to see if the user is logged in, and if so grab their existing cart
if (!empty($user) && $user->isLoggedIn()) {
$usercart = $order->find('first', "invoice_id='' AND user_id=" . $user->id);
}
//eDebug($sessioncart);
//eDebug($usercart);
//enter here if we have NO ACTIVE SESSION CART -OR- We're awaiting a potential cart retore
if (empty($sessioncart->id) || $sessAr['awaiting_choice'] == true) {
if (empty($usercart->id)) {
// no SESSION cart was found and user is not logged in...
//let's see if they have a cart_id cookie set and we'll snag that if so
//they won't have any user data, since they are "logged in" once they get to
//checkout, so all we're really doing here is populating a cart for return
//shoppers
$cookie_cart_id = isset($_COOKIE['cid']) ? $_COOKIE['cid'] : 0;
//eDebug($cookie_cart_id,true);
if ($cookie_cart_id) {
$tmpCart = new order($cookie_cart_id);
if ($tmpCart->id != $cookie_cart_id) {
//cookie set, but we gots no cart in the DB so act as if we had no cookie
$cart = new order();
$cart->update(array("sessionticket_ticket" => $ticket, 'user_id' => $user->id, 'orig_referrer' => $orig_referrer, 'return_count' => $cart->setReturnCount($orig_referrer)));
order::setCartCookie($cart);
} else {
$u = new user($tmpCart->user_id);
//1) Was Not logged in
if (empty($tmpCart->user_id)) {
$cart = new order($cookie_cart_id);
//update the session ticket and return count
$cart->update(array('sessionticket_ticket' => $ticket, 'return_count' => $cart->setReturnCount($orig_referrer)));
order::setCartCookie($cart);
flash('message', gt('Welcome back'));
} else {
if (!empty($tmpCart->user_id)) {
//check for is admin first
if ($u->isActingAdmin() || $u->isAdmin()) {
//no need to restore anything.
$cart = new order();
$cart->update(array("sessionticket_ticket" => $ticket, 'user_id' => $user->id, 'orig_referrer' => $orig_referrer));
order::setCartCookie($cart);
} else {
if (!empty($tmpCart->user_id) && count($tmpCart->orderitem) == 0) {
//silently copy tracking data from old order and continue on
$cart = new order();
$cart->update(array("sessionticket_ticket" => $ticket, 'user_id' => $user->id, 'orig_referrer' => $orig_referrer, 'return_count' => $tmpCart->setReturnCount($orig_referrer)));
order::setCartCookie($cart);
flash('message', gt('Welcome back'));
} else {
if (!empty($tmpCart->user_id) && count($tmpCart->orderitem) > 0) {
//3) Was Logged in w/ NON-?real user? account
//eDebug(expUtil::right($u->username,10),true);
if ($u->isTempUser()) {
if (isset($sessAr['validated']) && $sessAr['validated']) {
//already went through validation and we're good to go
$cart = new order($sessAr['cid']);
//update the session ticket and return count
$cart->update(array('sessionticket_ticket' => $ticket, 'return_count' => $cart->mergeReturnCount($sessioncart->return_count), 'orig_referrer' => $sessioncart->orig_referrer));
order::setCartCookie($cart);
expSession::un_set('verify_shopper');
$user = new user($cart->user_id);
expSession::login($user);
//Update the last login timestamp for this user.
$user->updateLastLogin();
flash('message', gt('Welcome back') . ' ' . $sessAr['firstname'] . '! ' . gt('Your shopping cart has been restored - you may continue shopping or') . ' <a href="' . makelink(array("controller" => "cart", "action" => "checkout")) . '">checkout</a> ' . gt('at your convenience.'));
} else {
//send to verification? If user has elected to restore their cart
//eDebug($_SESSION);
if (isset($sessAr['awaiting_choice']) && $sessAr['awaiting_choice'] == true) {
/*expSession::set('verify_shopper',array('au'=>1,'orig_path'=>$router->current_url, 'firstname'=>$u->firstname, 'cid'=>$cookie_cart_id));
redirect_to(array("controller"=>"order",'action'=>'verifyReturnShopper'));
orderController::verifyReturnShopper();*/
//just give em the sessioncart
$cart = $sessioncart;
if (count($cart->orderitem) > 0) {
//added items to current cart, so we'll assume they do not want to restore the previous at this point
expSession::un_set('verify_shopper');
order::setCartCookie($cart);
} else {
flash('message', gt('Welcome back') . ' ' . $u->firstname . '! ' . gt('We see that you have shopped with us before.') . '<br><br><a id="submit-verify" href="' . makelink(array("controller" => "order", "action" => "verifyReturnShopper")) . '" rel="nofollow">' . gt('Click Here to Restore Your Previous Shopping Cart') . '</a><br><br><a class="exp-ecom-link" href="' . makelink(array("controller" => "order", "action" => "clearCart", "id" => $cookie_cart_id)) . '">' . gt('Click Here To Start a New Shopping Cart') . '</a>');
$sessAr['orig_path'] = $router->current_url;
expSession::set('verify_shopper', $sessAr);
}
} else {
//first time...create a default cart, issue message, set session, rinse, repeat
$cart = new order();
$cart->update(array("sessionticket_ticket" => $ticket, 'return_count' => $cart->setReturnCount($orig_referrer)));
expSession::set('verify_shopper', array('au' => 1, 'orig_path' => $router->current_url, 'firstname' => $u->firstname, 'cid' => $cookie_cart_id, 'awaiting_choice' => true));
//order::setCartCookie($cart);
flash('message', gt('Welcome back') . ' ' . $u->firstname . '! ' . gt('We see that you have shopped with us before.') . '<br><br><a id="submit-verify" href="' . makelink(array("controller" => "order", "action" => "verifyReturnShopper")) . '" rel="nofollow">' . gt('Click Here to Restore Your Previous Shopping Cart') . '</a><br><br><a class="exp-ecom-link" href="' . makelink(array("controller" => "order", "action" => "clearCart", "id" => $cookie_cart_id)) . '">' . gt('Click Here To Start a New Shopping Cart') . '</a>');
}
}
} else {
//prompt to login and restore, otherwise reset and start fresh
//this should be all we need to do here
//redirect_to(array("controller"=>"order",'action'=>'verifyReturnShopper','au'=>'0'));
$cart = new order();
$cart->update(array("sessionticket_ticket" => $ticket, 'user_id' => $user->id, 'orig_referrer' => $orig_referrer));
order::setCartCookie($cart);
flash('message', gt('Welcome back') . ' ' . $u->firstname . '! ' . gt('If you would like to pick up where you left off, click here to login and your previous shopping cart will be restored.'));
}
}
}
}
}
}
}
} else {
$cart = new order();
$cart->update(array("sessionticket_ticket" => $ticket, 'user_id' => $user->id, 'orig_referrer' => $orig_referrer));
order::setCartCookie($cart);
}
} else {
//user is logged in, so we grab their usercart and update the session ticket only
//$usercart->update(array('sessionticket_ticket'=>$ticket, 'orig_referrer'=>$orig_referrer));
$usercart->update(array('sessionticket_ticket' => $ticket));
$cart = $usercart;
}
//enter here if we HAVE an ACTIVE session/cart, but the user is not logged in
} elseif (!empty($sessioncart->id) && $user->id == 0) {
// the user isn't logged in yet...the session cart will do for now.
$cart = $sessioncart;
// if we hit here we've found a session cart AND a usercart because the user just logged in
// and had both...that means we need to merge them
} elseif (!empty($sessioncart->id) && !empty($usercart->id)) {
// if we hit here we've found a session cart and a usercart...that means we need to merge them
// if it's not the same cart.
if ($sessioncart->id == $usercart->id) {
$cart = $sessioncart;
} else {
// if the old user cart had gone through any of the checkout process before, than we
// will clean that data out now and start fresh.
$usercart->cleanOrderitems();
//merge the current session cart with previously saved user cart.
foreach ($sessioncart->orderitem as $orderitem) {
$orderitem->merge(array('orders_id' => $usercart->id, 'user_id' => $user->id));
}
//if session cart HAS coupon codes, delete usercart codes and copy new code to usercart, else leave be
if (count($sessioncart->getOrderDiscounts())) {
foreach ($usercart->getOrderDiscounts() as $od) {
$od->delete();
}
foreach ($sessioncart->getOrderDiscounts() as $sod) {
$sod->orders_id = $usercart->id;
$sod->save();
}
}
$cart = new order($usercart->id);
$sessioncart->delete();
}
order::setCartCookie($cart);
expSession::un_set('verify_shopper');
// the user doesn't have a cart with his/her user id in it. this probably means they just
// logged in so we need to update the cart with the new user id information.
} elseif (!empty($sessioncart->id) && (empty($usercart->id) && $user->isLoggedIn())) {
//$sessioncart->update(array('user_id'=>$user->id, 'orig_referrer'=>$orig_referrer));
$sessioncart->update(array('user_id' => $user->id));
$cart = $sessioncart;
}
$cart->item_count = 0;
foreach ($cart->orderitem as $items) {
if ($items->product->requiresShipping && !$items->product->no_shipping) {
$cart->shipping_required = true;
}
if ($items->product->requiresBilling) {
$cart->billing_required = true;
}
$cart->item_count += $items->quantity;
}
$cart->lastcat = expSession::get('last_ecomm_category');
$cart->total = $cart->getCartTotal();
//eDebug($cart,true);
return $cart;
}
}
}
echo make_link('/news/', 'News');
echo '</h3>';
echo '<h3>Documentation</h3>';
echo '<div class="indent">';
echo menu_link("PECL specific docs", "/doc/index.php");
echo menu_link("Mailing Lists & Support Resources", "/support.php");
echo '</div>';
echo '<h3>Downloads</h3>';
echo '<div class="indent">';
echo menu_link("Browse All Packages", "packages.php");
echo menu_link("Search Packages", "package-search.php");
echo menu_link("Download Statistics", "package-stats.php");
echo '</div>';
if (!empty($auth_user)) {
echo '<h3>Developers</h3>';
echo '<div class="indent">';
echo menu_link("Upload Release", "release-upload.php");
echo menu_link("New Package", "package-new.php");
echo '</div>';
if (user::isAdmin($auth_user->handle)) {
echo '<h3>Administrators</h3>';
echo '<div class="indent">';
echo menu_link("Overview", "/admin/");
echo menu_link("Maintainers", "/admin/package-maintainers.php");
echo menu_link("Categories", "/admin/category-manager.php");
echo '</div>';
}
}
// XXX Hide for the moment?
menu_link("I want to publish my PHP Extension in PECL", "account-request.php");
response_footer();
$msg = $user->login($_POST['username'], $_POST['password']);
break;
}
} else {
if ('register' == $action) {
die("You are already registered");
}
switch ($action) {
default:
$msg = returnError("Action not found: {$action}");
break;
case 'logout':
$msg = $user->logout();
break;
case 'viewUserList':
if ($user->isAdmin()) {
$include = 'admin/userList';
} else {
$msg = returnError("Access denied");
}
break;
case 'activateUser':
if ($user->isAdmin()) {
$msg = $user->activateUser($_GET['user']);
$include = 'admin/userList';
} else {
$msg = returnError("Access denied");
}
$changeURL = TRUE;
break;
case 'deactivateUser':
<?php
require_once "page.php";
require_once "model/HomeImage.php";
$params = (require_once dirname(dirname(__FILE__)) . "/config/params.php");
$user = new user();
if (!$user->isAdmin()) {
header("location:root.php");
exit;
}
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Document</title>
<style>
.table th{
padding: 0 20px;
}
.table td{
text-align: center;
}
.table img{
width: 120px;
height: 80px;
}
form img{
width: 120px;
height: 80px;
echo "<b>Successfully logged in.</b><br/>";
misc::redirect("?pg=news", 1);
} else {
echo "Invalid username, or password.<br/>";
misc::back();
}
}
}
}
?>
</div>
<?php
if (user::isAdmin($_SESSION['username'])) {
echo "\t \r\n\t<div class='box_one'>\r\n\t<div class='box_one_title'>Admin panel</div>\r\n\t<a href='?pg=admin&act=news'>Edit/add/remove news</a><br />\r\n\t<a href='?pg=admin&act=dl'>Edit/add/remove downloads</a><br />\r\n\t<a href='?pg=admin&act=settings'>Edit settings</a><br />\r\n\t<a href='?pg=admin&act=epin'>Epin system</a><br />\r\n\t</div>";
}
?>
<div class="box_one">
<div class="box_one_title">Fortress Status:</div>
<table width="100%"><tbody><tr><td><span class="yellow_text">
<?php
core::$sql->changeDB("shard");
$hJanganData = core::$sql->fetchArray("select * from _SiegeFortress where FortressID='1'");
$hBanditData = core::$sql->fetchArray("select * from _SiegeFortress where FortressID='3'");
<?php
include "../function.php";
//$userSelf = new ser();
//检查是否登陆
$isLogin = user::isLogin();
if (!$isLogin) {
error("你没有权限", "alertGoTo", WEB_HOST . 'index.php');
}
//检查是否登陆
$isAdmins = user::isAdmin();
if (!$isAdmins) {
error("你没有权限", "alertGoTo", WEB_HOST . 'index.php');
}
//$isLogin = user::isLogin();
//
$u = user::getUserSession();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<?php
//导入meta数据及js库
echo $systemHead["meta"] . $systemHead["title"] . CSS_BASE . JS_JQUERY . JS_DIALOG . JS_COMMON . LIB_LIGERUI;
?>
<script>
var tab = null;
var accordion = null;
var tree = null;
var isLogin = <?php
function isAdmin()
{
if (!isset($this->handle)) {
return false;
}
require_once 'pear-database-user.php';
return user::isAdmin($this->handle);
}
$history = new expHistory();
//<--This is the new flow subsystem
// Initialize the javascript subsystem
if (expJavascript::inAjaxAction()) {
set_error_handler('handleErrors');
}
// Validate the session and populate the $user variable
if ($db->havedb) {
$user = new user();
expSession::validate();
}
/* exdoc
* The flag to use a mobile theme variation.
*/
if (!defined('MOBILE')) {
if (defined('FORCE_MOBILE') && FORCE_MOBILE && $user->isAdmin()) {
define('MOBILE', true);
} else {
define('MOBILE', expTheme::is_mobile());
}
}
// Initialize permissions variables
$exponent_permissions_r = expSession::get("permissions");
// initialize the expRouter
$router = new expRouter();
// Initialize the navigation hierarchy
if ($db->havedb) {
$sections = expCore::initializeNavigation();
}
/**
* dumps the passed variable to screen, but only if in development mode
<?php
/*
Checks if the user is admin...
*/
header('Content-Type: application/json');
require '../class.user.inc';
// GET The info from POST called by Ajax method
$idUser = $_POST['userId'];
$user = new user();
$user->idUsr = $idUser;
//Calls method to store users onto the database and Returns 1 if the the user was stored and 0 if the user could not be stored
$returnInfoUser = $user->isAdmin($user);
//Return for jason to work with
echo json_encode($returnInfoUser);
/**
* Prints a tabbed navigation bar for the various package pages.
*
* @param int $pacid the id number of the package being viewed
* @param string $name the name of the package being viewed
* @param string $action the indicator of the current page view
*
* @return void
*/
function print_package_navigation($pacid, $name, $action)
{
global $auth_user;
$items = array('Main' => array('url' => '', 'title' => 'Main view'), 'Download' => array('url' => 'download', 'title' => 'Download releases of this package'), 'Documentation' => array('url' => 'docs', 'title' => 'Read the available documentation'), 'Bugs' => array('url' => 'bugs', 'title' => 'View/Report Bugs'), 'Trackbacks' => array('url' => 'trackbacks', 'title' => 'Show Related Sites'));
if (isset($auth_user) && is_object($auth_user) && (user::maintains($auth_user->handle, $pacid, 'lead') || user::isAdmin($auth_user->handle) || user::isQA($auth_user->handle))) {
$items['Edit'] = array('url' => '/package-edit.php?id=' . $pacid, 'title' => 'Edit this package');
$items['Edit Maintainers'] = array('url' => '/admin/package-maintainers.php?pid=' . $pacid, 'title' => 'Edit the maintainers of this package');
}
if (isset($auth_user) && is_object($auth_user) && ($auth_user->isAdmin() || $auth_user->isQA())) {
$items['Delete'] = array('url' => '/package-delete.php?id=' . $pacid, 'title' => 'Delete this package');
}
//echo print_tabbed_navigation($nav_items);
echo '<div id="nav">' . "\n";
foreach ($items as $title => $item) {
if (!empty($item['url']) && $item['url'][0] == '/') {
$url = $item['url'];
} else {
$url = '/package/' . htmlspecialchars($name) . '/' . $item['url'];
}
$css = $action == $item['url'] ? ' class="current" ' : '';
echo make_link($url, $title, '', $css, $item['title']);
}
echo '</div>' . "\n";
}
if ($GLOBALS['CONFIG']['authen'] == 'mysql') {
$mail_body .= msg('password') . ': ' . $_POST['password'] . "\n\n";
}
$mail_salute = "\n\r" . msg('email_salute') . ",\n\r{$full_name}";
$mail_to = $new_user_obj->getEmailAddress();
if ($GLOBALS['CONFIG']['demo'] == 'False') {
mail($mail_to, $mail_subject, $mail_greeting . ' ' . $mail_body . $mail_salute, $mail_headers);
}
$last_message = urlencode(msg('message_user_successfully_added'));
// Call the plugin API call for this section
callPluginMethod('onAfterAddUser');
header('Location: ' . $secureurl->encode('admin.php?last_message=' . $last_message));
}
} elseif (isset($_POST['submit']) && 'Delete User' == $_POST['submit']) {
// Make sure they are an admin
if (!$user_obj->isAdmin()) {
header('Location:' . $secureurl->encode('error.php?ec=4'));
exit;
}
// form has been submitted -> process data
// DELETE admin info
$query = "DELETE FROM {$GLOBALS['CONFIG']['db_prefix']}admin WHERE id = '{$_POST['id']}'";
$result = mysql_query($query, $GLOBALS['connection']) or die("Error in query: {$query}. " . mysql_error());
// DELETE user info
$query = "DELETE FROM {$GLOBALS['CONFIG']['db_prefix']}user WHERE id = '{$_POST['id']}'";
$result = mysql_query($query, $GLOBALS['connection']) or die("Error in query: {$query}. " . mysql_error());
// DELETE perms info
$query = "DELETE FROM {$GLOBALS['CONFIG']['db_prefix']}user_perms WHERE uid = '{$_POST['id']}'";
$result = mysql_query($query, $GLOBALS['connection']) or die("Error in query: {$query}. " . mysql_error());
// Change data info to nobody
$query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}data SET owner='0' where owner = '{$_POST['id']}'";
// -->
</script>
<?php
echo "<h1>Edit package</h1>";
if (!isset($_GET['id'])) {
PEAR::raiseError("No package ID specified.");
response_footer();
exit;
}
/**
* The user has to be either a lead developer of the package or
* a PEAR administrator.
*/
$lead = user::maintains($auth_user->handle, $_GET['id'], "lead");
$admin = user::isAdmin($auth_user->handle);
if (!$lead && !$admin) {
PEAR::raiseError("Only the lead maintainer of the package or PEAR\n administrators can edit the package.");
response_footer();
exit;
}
/** Update */
if (isset($_POST['submit'])) {
if (!$_POST['name'] || !$_POST['license'] || !$_POST['summary']) {
PEAR::raiseError("You have to enter values for name, license and summary!");
}
$query = 'UPDATE packages SET name = ?, license = ?,
summary = ?, description = ?, category = ?,
homepage = ?, cvs_link = ?,
doc_link = ?, bug_link = ?, unmaintained = ?,
newpackagename = ?, newchannel = ?
if (confirm(message)) {
location = url;
}
}
// -->
</script>
<?php
echo '<h1>Edit Package</h1>';
if (!isset($_GET['id']) || !is_numeric($_GET['id'])) {
report_error('No package ID specified.');
response_footer();
exit;
}
include_once 'pear-database-user.php';
if (!user::maintains($auth_user->handle, $_GET['id'], 'lead') && !user::isAdmin($auth_user->handle) && !user::isQA($auth_user->handle)) {
report_error('Editing only permitted by package leads, PEAR Admins or PEAR QA');
response_footer();
exit;
}
// Update
include_once 'pear-database-package.php';
if (isset($_POST['submit'])) {
if (!validate_csrf_token($csrf_token_name)) {
report_error('Invalid token.');
} elseif (!$_POST['name'] || !$_POST['license'] || !$_POST['summary']) {
report_error('You have to enter values for name, license and summary!');
} elseif ($_POST['new_channel'] && !$_POST['new_package'] || $_POST['new_package'] && !$_POST['new_channel']) {
report_error('You have to enter both channel + package name for packages moved out of PEAR!');
} else {
$query = '
private static function checkByJevix($text, $autolink = true)
{
$jevix = new Jevix();
//Конфигурация
if (user::isAdmin()) {
// Администратору доверяем больше, разрешаем ему втавлять потенциально опасные теги - object, param, embed, video, iframe
// 1. Устанавливаем разрешённые теги. (Все не разрешенные теги считаются запрещенными.)
$jevix->cfgAllowTags(array('table', 'tr', 'td', 'th', 'p', 'a', 'img', 'i', 'b', 'u', 'em', 'strong', 'nobr', 'li', 'ol', 'ul', 'sup', 'abbr', 'pre', 'acronym', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'adabracut', 'br', 'code', 'div', 'span', 'object', 'param', 'embed', 'video', 'code', 'iframe', 'hr'));
// 2. Устанавливаем коротие теги. (не имеющие закрывающего тега)
$jevix->cfgSetTagShort(array('br', 'img', 'param', 'embed', 'hr'));
// 3. Устанавливаем преформатированные теги. (в них все будет заменятся на HTML сущности)
$jevix->cfgSetTagPreformatted(array('pre'));
// 4. Устанавливаем теги, которые необходимо вырезать из текста вместе с контентом.
$jevix->cfgSetTagCutWithContent(array('script', 'javascript', 'style', 'applet'));
// 5. Устанавливаем разрешённые параметры тегов. Также можно устанавливать допустимые значения этих параметров.
$jevix->cfgAllowTagParams('div', array('class', 'id', 'style'));
$jevix->cfgAllowTagParams('p', array('style'));
$jevix->cfgAllowTagParams('h1', array('style'));
$jevix->cfgAllowTagParams('h2', array('style'));
$jevix->cfgAllowTagParams('h3', array('style'));
$jevix->cfgAllowTagParams('h4', array('style'));
$jevix->cfgAllowTagParams('h5', array('style'));
$jevix->cfgAllowTagParams('h6', array('style'));
$jevix->cfgAllowTagParams('span', array('class', 'id', 'style'));
$jevix->cfgAllowTagParams('a', array('title', 'href', 'target', 'class', 'id', 'rel', 'style'));
$jevix->cfgAllowTagParams('img', array('style', 'src', 'alt' => '#text', 'title', 'align' => array('right', 'left', 'center'), 'width' => '#text', 'height' => '#int', 'hspace' => '#int', 'vspace' => '#int'));
$jevix->cfgAllowTagParams('table', array('border', 'class', 'width', 'align', 'valign', 'style', 'id'));
$jevix->cfgAllowTagParams('tr', array('height', 'class', 'style'));
$jevix->cfgAllowTagParams('td', array('colspan', 'rowspan', 'class', 'width', 'height', 'align', 'valign', 'style'));
$jevix->cfgAllowTagParams('th', array('colspan', 'rowspan', 'class', 'width', 'height', 'align', 'valign', 'style'));
$jevix->cfgAllowTagParams('object', array('width' => '#text', 'height'));
$jevix->cfgAllowTagParams('param', array('name', 'value'));
$jevix->cfgAllowTagParams('embed', array('src', 'type', 'allowscriptaccess', 'allowfullscreen', 'width' => '#text', 'height', 'wmode'));
$jevix->cfgAllowTagParams('iframe', array('src', 'type', 'allowscriptaccess', 'allowfullscreen', 'width' => '#text', 'height', 'wmode', 'frameborder'));
// 6. Устанавливаем параметры тегов являющиеся обязательными. Без них вырезает тег оставляя содержимое.
$jevix->cfgSetTagParamsRequired('img', 'src');
// 9. Устанавливаем автозамену
$jevix->cfgSetAutoReplace(array('+/-', '(c)', '(r)'), array('±', '©', '®'));
// 10. Включаем или выключаем режим XHTML. (по умолчанию включен)
$jevix->cfgSetXHTMLMode(true);
// 11. Включаем или выключаем режим замены переноса строк на тег
$jevix->cfgSetAutoBrMode(false);
// 12. Включаем или выключаем режим автоматического определения ссылок. (по умолчанию включен)
$jevix->cfgSetAutoLinkMode($autolink);
// 13. Отключаем типографирование в определенном теге
$jevix->cfgSetTagNoTypography('code', 'video', 'iframe');
// 14. Устанавливаем пустые теги
$jevix->cfgSetTagIsEmpty('iframe');
} else {
// 1. Устанавливаем разрешённые теги. (Все не разрешенные теги считаются запрещенными.)
$jevix->cfgAllowTags(array('table', 'tr', 'td', 'th', 'p', 'a', 'img', 'i', 'b', 'u', 'em', 'strong', 'nobr', 'li', 'ol', 'ul', 'sup', 'abbr', 'pre', 'acronym', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'adabracut', 'br', 'code', 'div', 'span'));
// 2. Устанавливаем коротие теги. (не имеющие закрывающего тега)
$jevix->cfgSetTagShort(array('br', 'img'));
// 3. Устанавливаем преформатированные теги. (в них все будет заменятся на HTML сущности)
$jevix->cfgSetTagPreformatted(array('pre'));
// 4. Устанавливаем теги, которые необходимо вырезать из текста вместе с контентом.
$jevix->cfgSetTagCutWithContent(array('script', 'javascript', 'object', 'iframe', 'style', 'embed', 'applet'));
// 5. Устанавливаем разрешённые параметры тегов. Также можно устанавливать допустимые значения этих параметров.
$jevix->cfgAllowTagParams('div', array('class', 'id'));
$jevix->cfgAllowTagParams('span', array('class', 'id'));
$jevix->cfgAllowTagParams('a', array('title', 'href', 'target', 'class', 'id'));
$jevix->cfgAllowTagParams('img', array('src', 'alt' => '#text', 'title', 'align' => array('right', 'left', 'center'), 'width' => '#int', 'height' => '#int', 'hspace' => '#int', 'vspace' => '#int'));
$jevix->cfgAllowTagParams('table', array('border', 'class', 'width', 'align', 'valign'));
$jevix->cfgAllowTagParams('tr', array('height', 'class'));
$jevix->cfgAllowTagParams('td', array('colspan', 'rowspan', 'class', 'width', 'height', 'align', 'valign'));
$jevix->cfgAllowTagParams('th', array('colspan', 'rowspan', 'class', 'width', 'height', 'align', 'valign'));
// 6. Устанавливаем параметры тегов являющиеся обязательными. Без них вырезает тег оставляя содержимое.
$jevix->cfgSetTagParamsRequired('img', 'src');
//$jevix->cfgSetTagParamsRequired('a', 'href');
// 7. Устанавливаем теги которые может содержать тег контейнер
// cfgSetTagChilds($tag, $childs, $isContainerOnly, $isChildOnly)
// $isContainerOnly : тег является только контейнером для других тегов и не может содержать текст (по умолчанию false)
// $isChildOnly : вложенные теги не могут присутствовать нигде кроме указанного тега (по умолчанию false)
//$jevix->cfgSetTagChilds('ul', 'li', true, false);
// 8. Устанавливаем атрибуты тегов, которые будут добавлятся автоматически
//$jevix->cfgSetTagParamDefault('a', 'rel', null, true);
//$jevix->cfgSetTagParamsAutoAdd('a', array('rel' => 'nofollow'));
//$jevix->cfgSetTagParamsAutoAdd('a', array('name'=>'rel', 'value' => 'nofollow', 'rewrite' => true));
//$jevix->cfgSetTagParamDefault('img', 'width', '300px');
//$jevix->cfgSetTagParamDefault('img', 'height', '300px');
//$jevix->cfgSetTagParamsAutoAdd('img', array('width' => '300', 'height' => '300'));
//$jevix->cfgSetTagParamsAutoAdd('img', array(array('name'=>'width', 'value' => '300'), array('name'=>'height', 'value' => '300') ));
// 9. Устанавливаем автозамену
$jevix->cfgSetAutoReplace(array('+/-', '(c)', '(r)'), array('±', '©', '®'));
// 10. Включаем или выключаем режим XHTML. (по умолчанию включен)
$jevix->cfgSetXHTMLMode(true);
// 11. Включаем или выключаем режим замены переноса строк на тег <br/>. (по умолчанию включен)
$jevix->cfgSetAutoBrMode(false);
// 12. Включаем или выключаем режим автоматического определения ссылок. (по умолчанию включен)
$jevix->cfgSetAutoLinkMode($autolink);
// 13. Отключаем типографирование в определенном теге
$jevix->cfgSetTagNoTypography('code');
}
// Переменная, в которую будут записыватся ошибки
$errors = null;
return $jevix->parse($text, $errors);
}
<?php
include "../function.php";
$isLogin = user::isLogin();
if (!$isLogin) {
error("你没有权限", "alertGoTo", WEB_HOST . 'index.php');
}
$isAdmin = user::isAdmin();
//
$u = user::getUserSession();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<?php
//导入meta数据及js库
echo $systemHead["meta"] . $systemHead["title"] . CSS_BASE . JS_JQUERY . JS_COMMON . JS_BASE . JS_DIALOG . LIB_LIGERUI;
?>
<script>
var tab = null;
var accordion = null;
var tree = null;
var isLogin = <?php
echo json_encode($isLogin);
?>
;
static function authHim(ormObject $user)
{
if ($user->isInheritor('user')) {
self::$obj = $user;
self::$obj->last_visit = date('Y-m-d H:i:s');
self::$obj->last_ip = $_SERVER['REMOTE_ADDR'];
self::$obj->error_passw = 0;
self::$obj->save();
// Загружаем данные и обновляем сессию
self::getRights();
self::$isAdmin = count(self::$right) == 0 ? false : true;
self::$isGuest = false;
self::updateSession(self::$obj->id, self::$obj->login, self::$obj->name, self::$obj->email);
system::log(lang::get('ENTER_USER'), info);
//запоминаем в куки
if (!empty($_POST['remember_me'])) {
SetCookie("remember_me", user::createCookie(), time() + 3600 * 24 * 7, "/", "", 0, true);
}
return true;
}
return false;
}
public function defAction()
{
// Устанавливаем статус системы "в режиме администрирования".
system::$isAdmin = true;
page::$macros = 0;
// Попытка авторизации
if (!empty($_POST['enter'])) {
if (!user::auth($_POST['login'], $_POST['passw'])) {
$this->showAuthForm(1);
} else {
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
}
// Если пользователь не админ, показываем форму авторизации
if (!user::isAdmin()) {
$this->showAuthForm();
}
// Определяем текущий домен
domains::curDomain();
// Выход из системы
if (system::issetUrl(0) && system::url(0) == 'logout') {
user::logout();
}
if (system::url(0) == 'showhide') {
$_SESSION['SH_FIELDS'] = system::url(1) == 0 ? 'hide' : 'show';
system::stop();
}
// Обработка запросов от поля ObjectLinks
ui::checkObjectLinks();
system::$defTemplate = MODUL_DIR . '/mpanel/template/default.tpl';
// Определяем модуль
if (!system::issetUrl(0)) {
system::setUrl(0, user::getDefModul());
}
// Если есть ссылка на обработчик формы
if (!empty($_POST['right'])) {
system::setUrl(1, system::POST('right', isVarName));
}
// Определяем право
if (system::issetUrl(1)) {
// Проверяем существует ли указанное право
if (user::issetRight(system::url(1))) {
$currRight = system::url(1);
} else {
if (user::issetRight(str_replace('_proc', '', system::url(1)))) {
$currRight = system::url(1);
}
}
} else {
// Пытаемся найти право по умолчанию
$def_right = user::getDefaultRight(system::url(0));
if ($def_right) {
$currRight = $def_right;
system::setUrl(1, $def_right);
}
}
$this->getMenu();
page::assign('current_url', system::getCurrentUrl());
page::assign('admin_url', system::au());
if (!empty($currRight)) {
// Определяем имя и метод контролера
$pos = strpos($currRight, '_');
if ($pos) {
$class_name = '__' . substr($currRight, 0, $pos);
$action_name = substr($currRight, $pos + 1, strlen($currRight) - $pos);
} else {
$class_name = '__' . $currRight;
$action_name = 'defAction';
}
$mod_name = MODUL_DIR . '/' . system::url(0) . '/' . $class_name . '.php';
// Пытаемся подгрузить модуль
if (file_exists($mod_name)) {
include $mod_name;
if (file_exists(MODUL_DIR . '/' . system::url(0) . '/lang-ru.php')) {
include MODUL_DIR . '/' . system::url(0) . '/lang-ru.php';
}
ui::setHeader(lang::right($currRight));
if (class_exists($class_name)) {
eval('$c = new ' . $class_name . '();');
if (ui::$stop) {
$content = '.';
} else {
if (method_exists($c, $action_name)) {
$content = call_user_func(array($c, $action_name));
}
}
}
}
if (empty($content)) {
$msg = lang::get('TEXT_PROC_NOTFOUND2') . '<br />' . system::getCurrentUrl() . '<br /><br />
' . lang::get('TEXT_PROC_NOTFOUND3') . '<br />' . $mod_name . '<br /><br />
' . lang::get('TEXT_PROC_NOTFOUND4');
system::log(lang::get('TEXT_PROC_NOTFOUND') . ' ' . system::getCurrentUrl());
ui::MessageBox(lang::get('TEXT_PROC_NOTFOUND'), $msg);
system::redirect('/');
}
} else {
system::log(lang::get('TEXT_ERROR_RIGHT_LOG') . system::getCurrentUrl());
ui::MessageBox(lang::get('TEXT_ERROR_RIGHT'), lang::get('TEXT_ERROR_RIGHT2'));
system::redirect('/');
}
//Производим сжатие страницы
if (reg::getKey('/config/gzip')) {
$PREFER_DEFLATE = false;
$FORCE_COMPRESSION = false;
$AE = isset($_SERVER['HTTP_ACCEPT_ENCODING']) ? $_SERVER['HTTP_ACCEPT_ENCODING'] : $_SERVER['HTTP_TE'];
$support_gzip = strpos($AE, 'gzip') !== FALSE || $FORCE_COMPRESSION;
$support_deflate = strpos($AE, 'deflate') !== FALSE || $FORCE_COMPRESSION;
if ($support_gzip && $support_deflate) {
$support_deflate = $PREFER_DEFLATE;
}
if ($support_deflate) {
header("Content-Encoding: deflate");
ob_start("compress_output_deflate");
} else {
if ($support_gzip) {
header("Content-Encoding: gzip");
ob_start("compress_output_gzip");
} else {
ob_start();
}
}
}
return ui::getMainHTML($content);
}
function checkUser($user, $pacid = null)
{
global $dbh;
$add = $pacid ? 'AND p.id = ' . $dbh->quoteSmart($pacid) : '';
// It's a lead or user of the package
$query = "SELECT m.handle\n FROM packages p, maintains m\n WHERE\n m.handle = ? AND\n p.id = m.package {$add} AND\n (m.role IN ('lead', 'developer'))";
$res = $dbh->getOne($query, array($user));
if ($res !== null) {
return true;
}
// Try to see if the user is an admin
$res = user::isAdmin($user);
return $res === true;
}
