/**
* Look for all rangeIDs for my permissions
* @param object Perm &$permObj PHP-LIB-Perm-Object
* @param object User &$userObj PHP-LIB-User-Object
* @param string $rangeID RangeID of actual page
*/
function getValidRangeIDs(&$permObj, &$userObj, $rangeID)
{
$range_ids = array();
$username = get_username($userObj->id);
$range_ids += array($username => array("name" => _("Profil")));
/* is root ------------------------------------------------------------ */
if ($permObj->have_perm("root")) {
$range_ids += array("studip" => array("name" => _("Stud.IP-System")));
if (($adminRange = $this->getRangename($rangeID)) && $rangeID != $userObj->id) {
$range_ids += array($rangeID => array("name" => $adminRange));
}
} else {
if ($permObj->have_perm("admin")) {
if (($adminRange = $this->getRangename($rangeID)) && $rangeID != $userObj->id) {
$range_ids += array($rangeID => array("name" => $adminRange));
}
} else {
if ($permObj->have_perm("dozent") || $permObj->have_perm("tutor")) {
if ($ranges = search_range("")) {
$range_ids += $ranges;
}
} else {
if ($permObj->have_perm("autor")) {
}
}
}
}
/* --------------------------------------------------------- end: autor */
return $range_ids;
}
<?php
include "../config.php";
include "../functions.php";
include "../private_functions.php";
if (isset($_GET['keyword']) && $_GET['coorx'] && $_GET['coory'] && $_GET['range']) {
$dbh = db_connect($MY_HOST, $MY_DB_PORT, $MY_DB, $DB_USER, $DB_PW);
$num = 10;
if (isset($_GET['count']) && is_numeric($_GET['count'])) {
$num = $_GET['count'];
}
$res = search_range($dbh, $_GET['keyword'], $_GET['coorx'], $_GET['coory'], $_GET['range'], $num);
close_db_connection($dbh);
echo json_encode($res);
} else {
echo json_encode(array("status" => -1));
}
/**
*
* @access public
* @param string $search_str
* @return array
*/
function search_range($search_str)
{
return search_range($search_str, true);
}
<?php
$num_results = 0;
if (isset($_POST['keyword'])) {
$coorX = $_POST['coorX'];
$coorY = $_POST['coorY'];
$locRange = $_POST['range'];
$numHashTag = $_POST['numHashTag'];
$keyword = $_POST['keyword'];
error_log("Key:" . $keyword . ", location:" . strval($coorX) . "," . strval($coorY) . "," . strval($locRange) . ", No hashtag:" . strval($numHashTag));
$include_range = $_POST['includeLoc'];
if (!isset($_POST['includeLoc'])) {
error_log("A regular search on keyworld (" . $_POST['keyword'] . ")");
$resp = search($dbh, $_POST['keyword'], 100);
} else {
error_log("Should call another search function!");
$resp = search_range($dbh, $keyword, $coorX, $coorY, $locRange, 100);
}
if ($resp['status'] == 1) {
$posts = $resp['posts'];
for ($i = 0; $i < count($posts); $i++) {
html_post($dbh, $posts[$i]);
$num_results++;
}
if ($num_results == 0) {
echo '<p>There appears to be no posts here</p>';
}
} else {
echo "There was an error with your search";
}
}
?>
function index_action()
{
if (!$GLOBALS['perm']->have_perm("admin")) {
throw new AccessDeniedException(_("Sie sind nicht berechtigt, dieses Plugin zu benutzen."));
}
$db = DBManager::get();
if (Request::submitted('do_search_source')) {
$result = search_range(Request::quoted('search_source'));
if (is_array($result)) {
$result = array_filter($result, function ($r) {
return $r["type"] == "sem";
});
if (count($result)) {
PageLayout::postMessage(MessageBox::success(sprintf(_("Ihre Sucher ergab %s Treffer."), count($result))));
$show_source_result = true;
}
} else {
PageLayout::postMessage(MessageBox::info(_("Ihre Suche ergab keine Treffer.")));
}
}
if (Request::submitted('do_choose_source')) {
$source_id = Request::option('search_source_result');
$copy_count = 5;
Request::set('to_copy', null);
} else {
if (Request::submitted('source_id')) {
$source_id = Request::option('source_id');
$copy_count = Request::int('copy_count');
if ($copy_count < 1) {
$copy_count = 1;
}
}
}
if ($source_id) {
$source = Seminar::getInstance($source_id);
$source_name = $source->getName() . ' (' . $source->getStartSemesterName() . ')';
$copy_type = Request::int('copy_type', $source->status);
if (SeminarCategories::getByTypeId($copy_type)->course_creation_forbidden) {
$copy_type = 0;
}
if (SeminarCategories::getByTypeId($source->status)->only_inst_user) {
$search_template = "user_inst";
} else {
$search_template = "user";
}
$bet_inst = $db->query("SELECT institut_id FROM seminar_inst WHERE seminar_id=" . $db->quote($source_id))->fetchAll(PDO::FETCH_COLUMN);
$source_dozenten = array_keys($source->getMembers('dozent'));
if ($copy_count) {
$r = Request::getArray('to_copy');
$delete_lecturer = Request::getArray('delete_lecturer');
$add_lecturer = count(Request::getArray('add_lecturer')) ? (int) key(Request::getArray('add_lecturer')) : null;
for ($i = 0; $i < $copy_count; $i++) {
$to_copy['nr'][$i] = isset($r['nr'][$i]) ? $r['nr'][$i] : $source->getNumber();
$to_copy['name'][$i] = isset($r['name'][$i]) ? $r['name'][$i] : $source->getName();
$to_copy['participants'][$i] = isset($r['participants'][$i]) ? 1 : 0;
$to_copy['lecturers'][$i] = $r['lecturers'][$i];
if (empty($to_copy['lecturers'][$i])) {
$to_copy['lecturers'][$i] = $source_dozenten;
} else {
if (isset($delete_lecturer[$i]) && count($to_copy['lecturers'][$i]) > 1) {
$to_delete = array_search(key($delete_lecturer[$i]), $to_copy['lecturers'][$i]);
if ($to_delete !== false) {
unset($to_copy['lecturers'][$i][$to_delete]);
}
}
}
if ($add_lecturer === $i && Request::option('add_doz_' . $add_lecturer)) {
$to_copy['lecturers'][$i][] = Request::option('add_doz_' . $add_lecturer);
}
$to_copy['search_lecturer'][$i] = new PermissionSearch($search_template, sprintf(_("%s auswählen"), get_title_for_status('dozent', 1, $source->status)), "user_id", array('permission' => 'dozent', 'exclude_user' => $to_copy['lecturers'][$i], 'institute' => $bet_inst));
}
}
if (Request::submitted('do_copy') && count($to_copy)) {
$copied = array();
$lecturer_insert = $db->prepare("INSERT INTO seminar_user (seminar_id,user_id,status,position,gruppe,comment,visible,mkdate) VALUES (?,?,'dozent',?,?,'','yes',UNIX_TIMESTAMP())");
$copy_seminar_inst = $db->prepare("INSERT INTO seminar_inst (seminar_id,institut_id) SELECT ?,institut_id FROM seminar_inst WHERE seminar_id=?");
$copy_seminar_sem_tree = $db->prepare("INSERT INTO seminar_sem_tree (seminar_id,sem_tree_id) SELECT ?,sem_tree_id FROM seminar_sem_tree WHERE seminar_id=?");
$copy_seminar_user = $db->prepare("INSERT IGNORE INTO seminar_user (seminar_id,user_id,status,gruppe, mkdate,comment,position) SELECT ?,user_id,status,gruppe,UNIX_TIMESTAMP(),'',0 FROM seminar_user WHERE status IN ('user','autor','tutor') AND seminar_id=?");
$copy_seminar_userdomains = $db->prepare("INSERT INTO seminar_userdomains (seminar_id,userdomain_id) SELECT ?,userdomain_id FROM seminar_userdomains WHERE seminar_id=?");
$copy_statusgruppen = $db->prepare("INSERT INTO statusgruppen (statusgruppe_id,name,range_id,position,size,selfassign,mkdate) SELECT MD5(CONCAT(statusgruppe_id, ?)),name,?,position,size,selfassign,UNIX_TIMESTAMP() FROM statusgruppen WHERE range_id=?");
$copy_statusgruppe_user = $db->prepare("INSERT INTO statusgruppe_user (statusgruppe_id,user_id,position) SELECT MD5(CONCAT(statusgruppe_user.statusgruppe_id, ?)),user_id,statusgruppe_user.position FROM statusgruppen INNER JOIN statusgruppe_user USING(statusgruppe_id) WHERE range_id=?");
for ($i = 0; $i < $copy_count; $i++) {
$new_sem = Course::build($source->toArray());
$new_sem->setId($new_sem->getNewId());
$new_sem_id = $new_sem->id;
$new_sem->status = Request::int('copy_type', 1);
$new_sem->name = $to_copy['name'][$i];
$new_sem->veranstaltungsnummer = $to_copy['nr'][$i];
$new_sem->store();
if (!$new_sem->isNew()) {
log_event("SEM_CREATE", $new_sem_id);
$gruppe = (int) select_group($new_sem->start_time);
$position = 1;
foreach ($to_copy['lecturers'][$i] as $lecturer) {
$lecturer_insert->execute(array($new_sem_id, $lecturer, $position, $gruppe));
}
$copy_seminar_inst->execute(array($new_sem_id, $source_id));
$copy_seminar_sem_tree->execute(array($new_sem_id, $source_id));
$copy_seminar_userdomains->execute(array($new_sem_id, $source_id));
if ($to_copy['participants'][$i]) {
$copy_seminar_user->execute(array($new_sem_id, $source_id));
$copy_statusgruppen->execute(array($new_sem_id, $new_sem_id, $source_id));
$copy_statusgruppe_user->execute(array($new_sem_id, $source_id));
}
$copied[] = $new_sem;
}
}
PageLayout::postMessage(MessageBox::success(sprintf(_("Es wurden %s Kopien erstellt."), count($copied))));
$source_id = null;
}
}
PageLayout::setTitle(_("Veranstaltungs-Vervielfältiger"));
$template_factory = new Flexi_TemplateFactory(dirname(__FILE__) . "/templates");
$template = $template_factory->open('index.php');
$template->set_layout($GLOBALS['template_factory']->open('layouts/base.php'));
echo $template->render(compact('source_id', 'source_name', 'show_source_result', 'result', 'copy_count', 'copy_type', 'to_copy', 'copied'));
}
<?
if ($msg) {
echo "<tr><td class='blank' colspan=3> ";
parse_msg($msg);
echo "</td></tr>";
}
if ($question) {
echo $question;
}
//Ordner die fehlen, anlegen: Allgemeiner, wenn nicht da, Ordner zu Terminen, die keinen Ordner haben
if ($rechte){
if ($folder_system_data['mode']){
$module_check = new Modules();
$my_sem = $my_inst = array();
foreach(search_range('%') as $key => $value){
if ($module_check->getStatus('documents', $key, $value['type']) && $key != $SessSemName[1]){
if ($value['type'] == 'sem'){
$my_sem[$key] = $value['name'];
} else {
$my_inst[$key] = $value['name'];
}
}
}
asort($my_sem, SORT_STRING);
asort($my_inst, SORT_STRING);
$button_name = $folder_system_data["mode"] == 'move' ? _('verschieben') : _('kopieren');
echo '<form action="'.URLHelper::getLink('').'" method="post">';
echo CSRFProtection::tokenTag();
echo "\n" . '<tr><td class="blank" colspan="3" width="100%" style="font-size:80%;">';
echo "\n" . '<div style="margin-left:25px;">';
/**
* Searchs for studip areas using given search term
*
* @param string $term search term
* @return array area data
*/
function search_area($term)
{
global $perm;
$result = array();
if (strlen($term) < 3) {
PageLayout::postMessage(MessageBox::error(_('Der Suchbegriff muss mindestens drei Zeichen lang sein.')));
return $result;
} elseif ($term == '__THIS_SEMESTER__') {
$nr = 0;
$current_semester = Semester::findCurrent();
$query = "SELECT seminare.Name AS sem_name, seminare.Seminar_id, seminare.visible\n FROM seminar_user LEFT JOIN seminare USING (Seminar_id)\n WHERE seminar_user.user_id = :user_id AND seminar_user.status IN('tutor', 'dozent')\n AND seminare.start_time <= :start\n AND (:start <= (seminare.start_time + seminare.duration_time)\n OR seminare.duration_time = -1)";
if (get_config('DEPUTIES_ENABLE')) {
$query .= " UNION SELECT CONCAT(seminare.Name, ' [" . _("Vertretung") . "]') AS sem_name, seminare.Seminar_id,\n seminare.visible\n FROM deputies JOIN seminare ON (deputies.range_id=seminare.Seminar_id)\n WHERE deputies.user_id = :user_id\n AND seminare.start_time <= :start\n AND (:start <= (seminare.start_time + seminare.duration_time)\n OR seminare.duration_time = -1)";
}
$query .= " ORDER BY sem_name ASC";
$statement = DBManager::get()->prepare($query);
$statement->bindValue(':user_id', $GLOBALS['auth']->auth['uid']);
$statement->bindValue(':start', $current_semester["beginn"]);
$statement->execute();
$seminars = $statement->fetchAll(PDO::FETCH_ASSOC);
foreach ($seminars as $key => $sem) {
$tmp_result[$sem['Seminar_id']] = array('name' => $sem['sem_name'], 'type' => 'sem');
}
$term = '';
} elseif ($term == '__MY_INSTITUTES__') {
$term = '';
if ($perm->have_perm('root')) {
$tmp_result['studip'] = array('name' => 'Stud.IP', 'type' => 'global');
}
$inst_list = Institute::getMyInstitutes();
if (count($inst_list)) {
foreach ($inst_list as $data) {
$tmp_result[$data['Institut_id']] = array('name' => $data['Name'], 'type' => $data['is_fak'] ? 'fak' : 'inst');
}
}
} else {
$tmp_result = search_range($term, true);
// add users
if (stripos(get_fullname(), $term) !== false) {
$tmp_result[$GLOBALS['auth']->auth['uid']] = array('name' => get_fullname(), 'type' => 'user');
}
if (isDeputyEditAboutActivated()) {
$query = "SELECT DISTINCT a.user_id " . "FROM deputies d " . "JOIN auth_user_md5 a ON (d.range_id = a.user_id) " . "JOIN user_info u ON (a.user_id=u.user_id) " . "WHERE d.user_id = ? " . "AND CONCAT(u.title_front, ' ', a.Vorname, ' ', a.Nachname, ', ', u.title_rear) LIKE CONCAT('%',?,'%')";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($GLOBALS['auth']->auth['uid'], $term));
while ($data = $statement->fetch(PDO::FETCH_ASSOC)) {
$tmp_result[$data['user_id']] = array('name' => get_fullname($data['user_id']), 'type' => 'user');
}
}
}
// workaround: apply search term (ignored by search_range below admin)
if (count($tmp_result) and !$GLOBALS['perm']->have_perm('admin') and $term) {
foreach ($tmp_result as $id => $data) {
if (stripos($data['name'], $term) === false) {
unset($tmp_result[$id]);
}
}
}
// prepare result
if (count($tmp_result)) {
foreach ($tmp_result as $id => $data) {
$result[$data['type'] == 'fak' ? 'inst' : $data['type']][$id] = $data['name'];
}
} elseif ($term) {
PageLayout::postMessage(MessageBox::error(_('Zu diesem Suchbegriff wurden keine Bereiche gefunden.')));
}
return $result;
}