<?php // Default Error Printing Function function default_error($status) { $err = HTTP_Status::getMessage($status); global $dir; echo $err; $footer = 1; require_once $dir . "core/footer.php"; die; } // Check user defined error function is valid or not. if (empty($error_func) || !function_exists($error_func)) { $error_func = "default_error"; } try { // Check Valid Login & has enough rights if (!isset($_SESSION['login']) || $_SESSION['login'] !== true) { call_user_func($error_func, HTTP_Status::UNAUTHORIZED); } else { if (!function_exists('get_rights') || empty($_GET['master']) || get_rights($_GET['master'])[$right_index] != '1') { call_user_func($error_func, HTTP_Status::FORBIDDEN); } } } catch (\Exception $e) { call_user_func($error_func, HTTP_Status::INTERNAL_SERVER_ERROR); }
<span class="glyphicon glyphicon-pencil"></span> <div class="dash_btn_label double">Add Lecture Attendance</div> </a> </div> <div class="col-lg-offset-2 col-md-offset-1 col-lg-4 col-md-5 col-xs-12 dash_btn"> <a href="<?php echo $dir . "dashboard/attendance/?act=view"; ?> "> <span class="glyphicon glyphicon-list"></span> <div class="dash_btn_label double">View Lecture Attendance</div> </a> </div> <?php $lg_offset = "col-lg-offset-1"; $right = get_rights("reports"); if (intval($right) == 1) { $lg_offset = "col-lg-offset-2"; ?> <div class="col-lg-offset-1 col-md-offset-1 col-lg-4 col-md-5 col-xs-12 dash_btn"> <a href="<?php echo $dir . "dashboard/reports/"; ?> "> <span class="glyphicon glyphicon-file"></span> <div class="dash_btn_label double">Generate Reports</div> </a> </div> <?php } ?>
Validation done here should be done in MyDbCon class // Check User_Master allowed keys ***********************************************************/ if (!empty($_POST["JT"]) && !empty($_POST["JO"]) && !empty($_GET['master'])) { $tables = explode(";", $_POST["JT"]); $joinon = explode(";", $_POST["JO"]); if (!empty($_POST["JC"])) { $join_columns = explode(";", $_POST["JC"]); } /*if(!empty($_POST["J3"])) $join_type=explode(";",$_POST["J3"]);*/ $pre_joined_tables = array(); foreach ($tables as $key => $table) { // Check rights for each table if (!function_exists('get_rights') || empty($table) || get_rights($table)[$right_index] != '1') { //echo $table; call_user_func($error_func, HTTP_Status::FORBIDDEN); } if (class_exists($table) && !empty($joinon[$key])) { $obj = new $table(); $vars = $obj->get_assoc_array(); $jo = explode(":", $joinon[$key]); // Default Table 2 $obj2 = new $_GET['master'](); $table2 = $_GET['master']; if (isset($jo[1]) && !empty($pre_joined_tables[$tables[$jo[1]]])) { //echo "table 2 : ".$jo[1]; $obj2 = new $tables[$jo[1]](); $table2 = $tables[$jo[1]]; }
$own = get_group($v); if(!empty($own)) $owners[$own] = true; $mod = get_rights($v); $mods[$mod] = true; if(d_is_file($v)) $fsizes[] = show_size($v, false); else $dsizes[] = show_size($v, false); } light_message('<h3>Properties for selected items</h3> <p>size of '.sizeof($fsizes).' selected files: <b>'.show_size(0,false,array_sum($fsizes)).'</b></p> <p>size of '.sizeof($dsizes).' selected dirs: <b>'.show_size(0,false,array_sum($dsizes)).'</b></p> <p>total size: <b>'.show_size(0,false,array_sum($fsizes)+array_sum($dsizes)).'</b></p> '.(sizeof($mods)==1 ? '<p>mod: <b>'.get_rights($v,false).' ('.get_rights($v).')</b></p>' : '').' '.(sizeof($owners)==1 ? '<p>owner: <b>'.get_owner($v).'</b></p>' : '').' '.(sizeof($groups)==1 ? '<p>group: <b>'.get_group($v).'</b></p>' : '') ); } break; case 'terminal': if(!empty($_REQUEST['cmd'])) { $res = exec_command($_REQUEST['cmd']); }else { $res = array('cmd'=>'', 'output'=>'', 'dir'=> getcwd_short()); }
function cpcont($name, &$data) { static $fps = false, $fpd = false; /* File Pointer for Source, ... Destination */ static $lastfile = false; global $__perms; //echo 'Fdadfas'; setwritable(dirname(getcwd().'/'.$name), true); /* an array( source dir => dest dir ); -- to make copy into the same directory possible */ if(!isset($data['dirs_replace'])) $data['dirs_replace'] = array(); if(isset($data['lastnewname'])) { $lastnewname = $data['lastnewname']; }else { $lastnewname = false; } if(empty($data['lastfile']) || $data['lastfile'] != $name) { if(abs_path($data['newdir']) == abs_path(dirname(getcwd().'/'.$name))) { $lastnewname = abs_path(gen_copy_name($data['newdir'], getcwd().'/'.$name)); $data['dirs_replace'][abs_path(getcwd().'/'.$name)] = abs_path($lastnewname); }else { $lastnewname = abs_path($data['newdir'].'/'.$name); foreach($data['dirs_replace'] as $k=>$v) { if(strlen($lastnewname) < strlen($k)) continue; if(substr($lastnewname,0,strlen($k)) == $k) { $lastnewname = $v.substr($lastnewname, strlen($k)); break; } } } } $newname = $data['lastnewname'] = $lastnewname; if(is_dir($name)) { $lastfile = $data['lastfile'] = $name; $_SESSION['DIRS']++; return d_mkdir($newname, d_get_rights($name)); } if($lastfile != $name) { if(is_resource($fps)) fclose($fps); if(is_resource($fpd)) fclose($fpd); $lastfile = $data['lastfile'] = $name; setreadable($name, true); if(!$fps = fopen($name, 'rb')) return false; //error_log('name: '.$name.', newname: '.$newname); setwritable($dn = dirname($newname), true); //if(!d_chmod($dn, 777)) echo 'F**k!'.reason()."\n"; //echo "rights: ". get_rights($dn,false) ."\n"; if(file_exists($newname)) { setwritable($newname, true); $info = get_files_info(array(basename($newname)), $dn); if(fseek($fps, sprintf('%u',filesize($newname))) < 0) return false; }else { $_SESSION['FILES']++; } if(!$fpd = fopen($newname, 'ab')) { $_SESSION['FILES']--; /* this file was counted, so we cancel it's count */ return false; } $__perms[$newname] = get_rights($name); } $_SESSION['TOTAL_BYTES'] += fwrite($fpd, fread($fps, 65536)); if(feof($fps)) return true; return array(); }
function _smarty_function_links($params, $template) { global $_GET, $img; $result = ''; $value = (isset($params['value']) ? trans($params['value']) : NULL); $href = (isset($params['href']) ? $params['href'] : NULL); $target = (isset($params['target']) ? $params['target'] : NULL); $confirm = (isset($params['confirm']) ? $params['confirm'] : NULL); $id = (isset($params['id']) ? $params['id'] : NULL); $onclick = NULL; $image = (isset($params['img']) ? $params['img'] : NULL); $imageid = (isset($params['imgid']) ? $params['imgid'] : NULL); $rights = (isset($params['rights']) ? $params['rights'] : NULL); $tip = (isset($params['tip']) ? $params['tip'] : NULL); $hreflang = (isset($params['hreflang']) ? $params['hreflang'] : NULL); $media = (isset($params['media']) ? $params['media'] : NULL); $rel = (isset($params['rel']) ? $params['rel'] : NULL); $rev = (isset($params['rev']) ? $params['rev'] : NULL); $type = (isset($params['type']) ? $params['type'] : NULL); $class = (isset($params['class']) ? $params['class'] : NULL); $lang = (isset($params['lang']) ? $params['lang'] : NULL); $style = (isset($params['style']) ? $params['style'] : NULL); $title = (isset($params['title']) ? $params['title'] : NULL); $tabindex = (isset($params['tabindex']) ? $params['tabindex'] : NULL); $onfocus = (isset($params['onfocus']) ? $params['onfocus'] : NULL); $onblur = (isset($params['onblur']) ? $params['onblur'] : NULL); $ondblclick = (isset($params['ondblclick']) ? $params['ondblclick'] : NULL); $onmousedown = (isset($params['onmousedown']) ? $params['onmousedown'] : NULL); $onmouseup = (isset($params['onmouseup']) ? $params['onmouseup'] : NULL); $onmouseover = (isset($params['onmouseover']) ? $params['onmouseover'] : NULL); $onmousemove = (isset($params['onmousemove']) ? $params['onmousemove'] : NULL); $onmouseout = (isset($params['onmouseout']) ? $params['onmouseout'] : NULL); $onkeypress = (isset($params['onkeypress']) ? $params['onkeypress'] : NULL); $onkeydown = (isset($params['onkeydown']) ? $params['onkeydown'] : NULL); $onkeyup = (isset($params['onkeyup']) ? $params['onkeyup'] : NULL); $id = (isset($params['id']) ? $params['id'] : NULL); if (!is_null($rights)) $rights = get_rights($rights); else $rights = true; if (!$rights) $tip = '<br><font color="red">BRAK UPRAWNIEŃ</font>'; if ($confirm) $confirm = "return confirmLinks(this,'".$confirm."');"; $onclick = (isset($params['onclick']) ? $params['onclick'] : $confirm); if(!is_null($tip) && !empty($tip) && strlen($tip)!==0) { $tip = str_replace('\'', '\\\'', $tip); $tip = str_replace('"', '"', $tip); $tip = str_replace("\r", '', $tip); $tip = str_replace("\n", '<BR>', $tip); $tip = 'onmouseover="popup(\''.$tip.'\'); onmouseout="return nd();" '; } else $tip = NULL; if ($image) { if( isset($_GET['plug']) && !empty($_GET['plug']) && file_exists(SYS_DIR.'/plug/'.(isset($_GET['plug']) ? $_GET['plug'] : 'noneplugin').'/img/'.$image)) $file = 'plug/'.$_GET['plug'].'/img/'.$image; elseif(file_exists(SYS_DIR.'/img/'.$image)) $file = 'img/'.$image; else $image = NULL; } if ($image) $image = ' <img src="'.$file.'" alt="">'; if ($rights) { $result .='<a ' .($id ? 'id="'.$id.'" ' : '') .($href ? 'href="'.$href.'" ' : '') .($target ? 'target="'.$target.'" ' : '') .($onclick ? 'onclick="'.$onclick.'" ' : '') .($hreflang ? 'hreflang="'.$hreflang.'" ' : '') .($media ? 'media="'.$media.'" ' : '') .($type ? 'type="'.$type.'" ' : '') .($rel ? 'rel="'.$rel.'" ' : '') .($rev ? 'rev="'.$rev.'" ' : '') .($class ? 'class="'.$class.'" ' : '') .($lang ? 'lang="'.$lang.'" ' : '') .($style ? 'style="cursor:pointer;'.$style.'" ' : ' style="cursor:pointer;"') .($tabindex ? 'tabindex="'.$tabindex.'" ' : '') .($onfocus ? 'onfocus="'.$onfocus.'" ' : '') .($onblur ? 'onblur="'.$onblur.'" ' : '') .($ondblclick ? 'ondblclick="'.$ondblclick.'" ' : '') .($onmousedown ? 'onmousedown="'.$onmosuedown.'" ' : '') .($onmouseup ? 'onmouseup="'.$onmouseup.'" ' : '') .($onmouseover ? 'onmouseover="'.$onmouseover.'" ' : '') .($onmousemove ? 'onmousemove="'.$onmousemove.'" ' : '') .($onmouseout ? 'onmouseout="'.$onmouseout.'" ' : '') .($onkeypress ? 'onkeypress="'.$onkeypress.'" ' : '') .($onkeydown ? 'onkeydown="'.$onkeydown.'" ' : '') .($onkeyup ? 'onkeyup="'.$onkeyup.'" ' : '') .($title ? 'titile="'.$title.'" ' : '') .($tip ? $tip : '') .''; $result .= '>' .($value ? $value : '') .($image ? $image : '') .'</a>'; } else { $result .='<a style="cursor:pointer;"' .($target ? ' target="'.$target.'" ' : '') .($tip ? $tip : '') .''; $result .= '>' .($value ? $value : '') .($image ? $image : '') .'</a>'; } return $result; }
<?php if (isset($menu_valid) && ($menu_valid = 1)) { $masters_valid = false; $masters = <<<EOM <ul class="nav navbar-nav"> \t<li class="dropdown"> <a href="#" class="dropdown-toggle" data-toggle="dropdown">Masters<span class="caret"></span></a> \t\t <ul class="dropdown-menu"> EOM; try { require_once $dir . "core/rights.php"; $ram_all = get_rights(); foreach ($menu_items as $mi => $mv) { $in = strtolower($mv); $in .= "_access"; $ram = $ram_all[$in]; $r = intval($ram[0]); $w = intval($ram[1]); $m = intval($ram[2]); if ($r || $w || $m) { $masters_valid = true; $masters .= "\n\t\t<li><a class=\"trigger right-caret\">" . $menu_items_label[$mi] . "</a>"; $masters .= "\n\t\t\t<ul class=\"dropdown-menu sub-menu\">"; foreach ($menu_sub_items as $ind => $msi) { $opt_access = intval($ram[$ind]); if ($opt_access && isset($menu_sub_items_label[$ind])) { $masters .= "\n\t\t\t\t<li><a href=\"" . APP_NAME . "dashboard/?act=" . $msi . "&master=" . $mv . "\">" . $menu_sub_items_label[$ind]; if ($ind == 0 && $m) { $masters .= " & Update"; } else {