private function getPermission() { $sql = 'SELECT p.key, p.description FROM permissions p WHERE p.key = :key'; $stmt = DatabaseFactory::getInstance()->prepare($sql); $stmt->bindValue(':key', Sanitizer::getInstance()->filterString('id')); $stmt->execute(); return $stmt->fetchRow(); }
public function __construct() { parent::__construct('formSeatingPlanMoveUser', 'Move user'); $eventId = Sanitizer::getInstance()->filterUint('event'); $this->addElement(new ElementInput('username', 'Username')); $this->addElement(new ElementNumeric('seat', 'New seat number')); $this->addElementHidden('event', $eventId); $this->addDefaultButtons(); }
public function __construct() { parent::__construct('swapSeats', 'Swap Seats'); requirePrivOrRedirect('SWAP_USERS_SEATS'); $this->eventId = Sanitizer::getInstance()->filterUint('event'); $this->addElement(new ElementInput('username1', 'First username')); $this->addElement(new ElementInput('username2', 'Second username')); $this->addElementHidden('event', $this->eventId); $this->addDefaultButtons(); }
public function __construct() { parent::__construct('formGroupEdit', 'Edit Group'); $id = Sanitizer::getInstance()->filterUint('id'); $group = new Group($id); $this->addElement(new ElementHidden('id', null, $group->getId())); $this->addElement(new ElementInput('title', 'Title', $group->getTitle())); $this->addElement(new ElementInput('css', 'CSS', $group->getAttribute('css'), 'Additional styles to be applied to this group title (eg: color: red) ')); $this->getElement('css')->setMinMaxLengths(0, 128); $this->addDefaultButtons(); }
public function __construct() { parent::__construct('updateSeatingPlan', 'Update Seating Plan'); $id = Sanitizer::getInstance()->filterUint('id'); $sql = 'SELECT sp.id, sp.layout, sp.seatCount FROM seatingplans sp WHERE sp.id = :id'; $stmt = DatabaseFactory::getInstance()->prepare($sql); $stmt->bindValue(':id', $id); $stmt->execute(); $seatingPlan = $stmt->fetchRow(); $this->addElementHidden('id', $id); $this->addElement(new ElementTextbox('layout', 'Layout', $seatingPlan['layout'])); $this->getElement('layout')->classes = "codeEditor"; $this->addElement(new ElementNumeric('seatCount', 'Seat Count', $seatingPlan['seatCount'])); $this->addDefaultButtons(); }
public function __construct() { parent::__construct('editGallery', 'Edit Gallery'); $gallery = Galleries::getById(Sanitizer::getInstance()->filterUint('id')); $this->addElement(new ElementHidden('mode', null, 'edit')); $this->addElement(new ElementHidden('id', null, $gallery['id'])); $this->addElement(new ElementInput('title', 'Title', $gallery['title'])); $this->addElement(new ElementInput('folderName', 'Folder Name', $gallery['folderName'])); $this->addElement(new ElementInput('coverImage', 'Cover Image', $gallery['coverImage'], 'The filename of the THUMBNAIL already in the gallery that will be the cover image.')); $this->addElement(new ElementNumeric('ordinal', 'Ordinal', $gallery['ordinal'], 'Used for organizing the gallery.')); $this->addElement(new ElementAlphaNumeric('description', 'Description', $gallery['description'], 'A description that is shown when people view the gallery.')); $this->getElement('description')->setPunctuationAllowed(true); $this->getElement('description')->setMinMaxLengths(0, 64); $elStatus = new ElementSelect('status', 'Status', $gallery['status']); $elStatus->addOption('Open'); $elStatus->addOption('Closed'); $elStatus->addOption('Staff'); $this->addElement($elStatus); $this->addDefaultButtons(); }
$stmt = DatabaseFactory::getInstance()->prepare($sql); $stmt->execute(); $event = $stmt->fetchRowNotNull(); return $event; } function getAuthenticatedMachines($user, $event) { $sql = 'SELECT a.id FROM authenticated_machines a WHERE a.user = :user AND a.event = :event'; $stmt = DatabaseFactory::getInstance()->prepare($sql); $stmt->bindValue(':user', $user); $stmt->bindValue(':event', $event); $stmt->execute(); $authenticatedMachines = $stmt->fetchAll(); return $authenticatedMachines; } $sanitizer = Sanitizer::getInstance(); $username = $sanitizer->filterString('username'); $password = $sanitizer->filterString('password'); $isStaff = $sanitizer->filterString('fullrequest'); try { Session::checkCredentials($username, $password); $user = User::getUser($username); } catch (\libAllure\UserNotFoundException $e) { apiReturn('reject-authentication', 'User not found'); } catch (\libAllure\IncorrectPasswordException $e) { apiReturn('reject-authentication', 'Password is incorrect'); } $event = getEvent(); $signupStatus = getSignupStatus($user->getId(), $event['id']); switch ($signupStatus) { case 'PAID':
if (!$f instanceof \libAllure\Form) { require_once 'includes/widgets/header.php'; echo 'No settings for that plugin.'; return; } if ($f->validate()) { $f->process(); redirect('plugins.php', 'Plugin settings saved.'); } require_once 'includes/widgets/header.php'; $tpl->assignForm($f); $tpl->display('form.tpl'); require_once 'includes/widgets/footer.php'; break; case 'toggle': $id = Sanitizer::getInstance()->filterUint('id'); $sql = 'UPDATE plugins SET enabled = !enabled WHERE id = :id'; $stmt = $db->prepare($sql); $stmt->bindValue(':id', $id); $stmt->execute(); redirect('plugins.php', 'Plugin status toggled. '); break; default: require_once 'includes/widgets/header.php'; require_once 'includes/widgets/sidebar.php'; $sql = 'SELECT id, title, enabled FROM plugins'; $result = $db->query($sql); $tpl->assign('listPlugins', $result->fetchAll()); $tpl->display('listPlugins.tpl'); } require_once 'includes/widgets/footer.php';
protected function processUpdate() { global $db; if ($this->getElementValue('status') == "DELETE") { $this->processDelete(); } $sanitizer = Sanitizer::getInstance(); $sql = 'UPDATE signups SET status = :status, numberMachinesAllowed = :machinesAllowed, comments = concat(comments, "\\n", now(), " (", :staffUsername, ") - ", :comments, :changeMetadata), gigabit = :gigabit, ticketCost = :ticketCost WHERE id = :id'; $stmt = $db->prepare($sql); $stmt->bindValue(':id', $this->getElementValue('id')); $stmt->bindValue(':status', $this->getElementValue('status')); $stmt->bindValue(':comments', $sanitizer->formatString($this->getElementValue('comments'))); $stmt->bindValue(':gigabit', $sanitizer->formatBool($this->getElementValue('gigabit'))); $stmt->bindValue(':ticketCost', $this->getElementValue('ticketCost')); $stmt->bindValue(':staffUsername', Session::getUser()->getUsername()); $stmt->bindValue(':changeMetadata', $this->getChangeMetadata()); $stmt->bindValue(':machinesAllowed', $this->getElementValue('numberMachinesAllowed')); $stmt->execute(); $this->signup = $this->getSignup(); if ($this->getElementValue('status') == 'CANCELLED') { require_once 'includes/functions.seatingPlan.php'; removeSeat($this->signup['event'], $this->signup['userId']); } $sql = 'SELECT e.id FROM events e WHERE e.id = :eventId LIMIT 1'; $stmt = $db->prepare($sql); $stmt->bindValue(':eventId', $this->signup['event']); $stmt->execute(); logActivity('Signup updated for _u_ to event _e_ ' . $this->getElementValue('comments') . '. ' . $this->getChangeMetadata(), null, array('user' => $this->signup['user'], 'event' => $this->signup['event'])); redirect('viewEvent.php?id=' . $this->signup['event'], 'Signup edited.'); }
<?php require_once 'includes/common.php'; require_once 'includes/classes/News.php'; require_once 'includes/classes/FormNewsEdit.php'; require_once 'includes/classes/FormNewsCreate.php'; use libAllure\Sanitizer; use libAllure\Session; if (!getSiteSetting('newsFeature')) { redirect('index.php', 'News feature is disabled.'); } $action = Sanitizer::getInstance()->filterString('action'); switch ($action) { case 'add': case 'new': if (!Session::hasPriv('NEWS_ADD')) { throw new PermissionsException(); } $f = new FormNewsCreate(); if ($f->validate()) { $f->process(); logAndRedirect('news.php', 'News item added: ' . $f->getElementValue('title')); } require_once 'includes/widgets/header.php'; require_once 'includes/widgets/sidebar.php'; $tpl->displayForm($f); break; case 'edit': $id = intval($_REQUEST['id']); $f = new FormNewsEdit($id); if ($f->validate()) {
<?php require_once '../../includes/common.php'; use libAllure\Sanitizer; use libAllure\DatabaseFactory; $ipAddress = Sanitizer::getInstance()->filterString('ipAddress'); if ($ipAddress == null) { die('ERROR:IP Address not specified'); } $sql = 'SELECT u.username FROM authenticated_machines a JOIN events e ON a.event = e.id JOIN users u ON a.user = u.id WHERE a.ip = :ipAddress ORDER BY e.date DESC LIMIT 1'; $stmt = DatabaseFactory::getInstance()->prepare($sql); $stmt->bindValue(':ipAddress', $ipAddress); $stmt->execute(); if ($stmt->numRows() == 0) { die('Error:IP Address not found.'); } else { $machineAuthentication = $stmt->fetchRow(); die($machineAuthentication['username']); }
<?php require_once 'includes/widgets/header.php'; require_once 'includes/widgets/sidebar.php'; use libAllure\Sanitizer; use libAllure\Session; $gallery = Galleries::getById(Sanitizer::getInstance()->filterUint('id')); $files = $gallery->fetchImages(); try { $tpl->assign('event', Events::getByGalleryId($gallery['id'])); } catch (Exception $e) { $tpl->assign('event', null); } $tpl->assign('privViewUnpublished', Session::hasPriv('GALLERY_VIEW_UNPUBLISHED')); $tpl->assign('files', $files); $tpl->assign('gallery', $gallery); $tpl->display('viewGallery.tpl'); require_once 'includes/widgets/footer.php';
<?php set_include_path(get_include_path() . PATH_SEPARATOR . '../../'); require_once 'includes/common.php'; require_once 'includes/functions.seatingPlan.php'; use libAllure\Sanitizer; use libAllure\DatabaseFactory; use libAllure\Session; $eventId = Sanitizer::getInstance()->filterUint('event'); $seatChanges = array(); foreach (getSeats($eventId) as $seatSelection) { $seatChanges[] = getJsonSeatChange('set', $seatSelection['seat'], $seatSelection['username'], $seatSelection['usernameCss'], $seatSelection['seatCss']); } header('Content-Type: application/json'); echo json_encode($seatChanges); ?>
<?php require_once 'includes/common.php'; require_once 'includes/classes/FormSudo.php'; require_once 'libAllure/FormHandler.php'; requirePrivOrRedirect('SUDO'); use libAllure\FormHandler; use libAllure\Sanitizer; $handler = new FormHandler('formSudo', $tpl); $handler->setConstructorArgument(0, Sanitizer::getInstance()->filterString('username')); $handler->setRedirect('index.php'); $handler->handle();
<?php require_once 'jsonCommon.php'; use libAllure\DatabaseFactory; use libAllure\Sanitizer; $sql = 'SELECT u.username, m.ip, m.mac FROM authenticated_machines m LEFT JOIN users u ON m.user = u.id WHERE m.event = :eventId'; $stmt = DatabaseFactory::getInstance()->prepare($sql); $stmt->bindValue(':eventId', Sanitizer::getInstance()->filterUint('event')); $stmt->execute(); $ipAddresses = $stmt->fetchAll(); $ret = array(); foreach ($ipAddresses as $key => $addr) { $ret[$addr['ip']] = $addr; } header('Content-Type: application/json'); echo json_encode($ret);
<?php require_once 'includes/widgets/header.php'; use libAllure\Session; use libAllure\Sanitizer; use libAllure\DatabaseFactory; Session::requirePriv('GALLERY_DELETE_IMAGE'); $filename = Sanitizer::getInstance()->filterString('filename'); $gallery = Sanitizer::getInstance()->filterUint('gallery'); $image = Galleries::getImage($filename, $gallery); if ($image == false) { redirect('index.php', 'Image does not exist.'); } if (is_int($gallery) && $image['inDatabase'] && !empty($filename)) { $sql = 'DELETE FROM images WHERE filename = :filename AND gallery = :gallery'; $stmt = DatabaseFactory::getInstance()->prepare($sql); $stmt->bindValue(':filename', $filename); $stmt->bindValue(':gallery', $gallery); $stmt->execute(); @unlink($image['fullPath']); @unlink($image['thumbPath']); } redirect('viewGallery.php?id=' . $image['galleryId'], 'Image deleted'); require_once 'includes/widgets/footer.php';
<?php set_include_path(get_include_path() . PATH_SEPARATOR . '../../'); require_once 'includes/common.php'; require_once 'includes/functions.seatingPlan.php'; use libAllure\Sanitizer; requirePrivOrRedirect('SUPERUSER'); $eventId = Sanitizer::getInstance()->filterUint('event'); $userId = Sanitizer::getInstance()->filterUint('user'); removeSeat($eventId, $userId); echo 'OK';
<?php require_once 'includes/widgets/header.php'; use libAllure\User; use libAllure\Session; use libAllure\Sanitizer; if (!Session::isLoggedIn()) { redirect('index.php', 'Guests do not have attendance records.'); } if (!Session::hasPriv('VIEW_ATTENDANCE')) { redirect('account.php', 'Do you not have permission to view your attendance record'); } if (!isset($_REQUEST['user'])) { $user = Session::getUser(); } else { $user = User::getUserById(Sanitizer::getInstance()->filterUint('user')); } $attendance = getUserSignups($user->getId()); require_once 'includes/widgets/sidebar.php'; $tpl->assign('stats', getSignupStatistics($attendance)); $tpl->assign('username', $user->getUsername()); $tpl->assign('userId', $user->getId()); $tpl->assign('attendance', $attendance); $tpl->assign('privViewSignupComments', Session::hasPriv('VIEW_SIGNUP_COMMENTS')); $tpl->display('attendanceRecord.tpl'); require_once 'includes/widgets/footer.php';