if ($debugEnable) { $debug .= "Input: id=" . $idPerson . " Authority = " . $_SESSION['authorityUser'] . "<br />\r\n"; } /* * Prepare the data base. */ $dbAccess = new CdbAccess(); $tablePerson = DB_PREFIX . 'Person'; $tableElev = DB_PREFIX . 'Elev'; $viewMalsman = DB_PREFIX . 'ListaMalsman'; /* * Om $idPerson har ett värde så ska en användare editeras. Hämta då den * nuvarande informationen ur databasen. */ if ($idPerson) { $idPerson = $dbAccess->WashParameter($idPerson); $query = "SELECT * FROM {$tablePerson} WHERE idPerson = {$idPerson};"; $result = $dbAccess->SingleQuery($query); $arrayPerson = $result->fetch_row(); $result->close(); } else { // Nollställ alla parametrar om vi ska skapa en ny person. $arrayPerson = array("", "", "", "", "", "", "", "", "", ""); } /* * Skapa ett slumplösenord. */ $min = 5; // minimum length of password $max = 10; // maximum length of password
$intFilter->FrontControllerIsVisitedOrDie(); $intFilter->UserIsSignedInOrRedirectToSignIn(); /////////////////////////////////////////////////////////////////////////////////////////////////// // Prepare the database. $dbAccess = new CdbAccess(); $tableBook = DB_PREFIX . 'Book'; $tableChild = DB_PREFIX . 'Child'; $tablePage = DB_PREFIX . 'Page'; /////////////////////////////////////////////////////////////////////////////////////////////////// // Get input for the book and clean it. $nameBook = isset($_POST['nameBook']) ? $_POST['nameBook'] : NULL; $idBook = isset($_POST['idBook']) ? $_POST['idBook'] : NULL; $idChild = isset($_POST['idChild']) ? $_POST['idChild'] : NULL; $redirect = isset($_POST['redirect']) ? $_POST['redirect'] : NULL; // Clean the input parameters. $idBook = $dbAccess->WashParameter($idBook); $idChild = $dbAccess->WashParameter($idChild); $nameBook = $dbAccess->WashParameter(strip_tags($nameBook)); if ($idBook) { // Edit an existing book // Check if the session id is owner of the book. $query = <<<QUERY SELECT child_idUser FROM ({$tableBook} JOIN {$tableChild} ON book_idChild = idChild) WHERE idBook = {$idBook}; QUERY; } else { // Add a new book. $query = <<<QUERY INSERT INTO {$tableBook} (nameBook, book_idChild) VALUES ('{$nameBook}', '{$idChild}');
// Check that the page is reached from the front controller and authority etc. $intFilter = new CAccessControl(); $intFilter->FrontControllerIsVisitedOrDie(); $intFilter->UserIsSignedInOrRedirectToSignIn(); /////////////////////////////////////////////////////////////////////////////////////////////////// // Take care of input. $idBook = isset($_GET['idBook']) ? $_GET['idBook'] : NULL; $idChild = isset($_GET['idChild']) ? $_GET['idChild'] : NULL; // Initiate aBook if we are going to generate a new account. $aBook = array("", "", "", "", "", ""); /////////////////////////////////////////////////////////////////////////////////////////////////// // If $idBook has a value then idBook shall be edited. Get the old info. $redirect = "my_page"; if ($idBook) { $dbAccess = new CdbAccess(); $idBook = $dbAccess->WashParameter($idBook); $tableBook = DB_PREFIX . 'Book'; $query = "SELECT * FROM {$tableBook} WHERE idBook = {$idBook};"; $result = $dbAccess->SingleQuery($query); $aBook = $result->fetch_row(); $result->close(); } /////////////////////////////////////////////////////////////////////////////////////////////////// // Make a form for editing the book. $mainTextHTML = <<<HTMLCode <form action='?p=save_book' method='post'> <table> <tr><td>Boktitel</td> <td><input type='text' name='nameBook' size='20' maxlength='20' value='{$aBook[1]}' /></td></tr> <tr><td> <input type='image' title='Spara' src='../images/b_enter.gif' alt='Spara' />
$arrayPerson = array("", "", "", "", "", ""); /////////////////////////////////////////////////////////////////////////////////////////////////// // Kontrollera om personen har behörighet till sidan, d v s är personen på sidan, målsman till // personen på sidan eller adm. $showPage = FALSE; if ($idPerson == $_SESSION['idUser']) { $showPage = TRUE; } if ($_SESSION['authorityUser'] == "adm") { $showPage = TRUE; } // Målsman kontrolleras längre ner. /////////////////////////////////////////////////////////////////////////////////////////////////// // Hämta den nuvarande informationen ur databasen. $dbAccess = new CdbAccess(); $idPerson = $dbAccess->WashParameter($idPerson); $tablePerson = DB_PREFIX . 'Person'; $tableRelationon = DB_PREFIX . 'Relation'; $query = "SELECT * FROM {$tablePerson} WHERE idPerson = {$idPerson};"; $result = $dbAccess->SingleQuery($query); $arrayPerson = $result->fetch_row(); $result->close(); /////////////////////////////////////////////////////////////////////////////////////////////////// // Kontrollera om SESSION idUser är målsman till idPerson. $query = "SELECT * FROM {$tableRelationon} WHERE relation_idElev = {$idPerson};"; if ($result = $dbAccess->SingleQuery($query)) { while ($row = $result->fetch_object()) { if ($row->relation_idMalsman == $_SESSION['idUser']) { $showPage = TRUE; } //Behörighet till sidan som målsman.
/////////////////////////////////////////////////////////////////////////////////////////////////// // Check that the page is reached from the front controller and authority etc. $intFilter = new CAccessControl(); $intFilter->FrontControllerIsVisitedOrDie(); $intFilter->UserIsSignedInOrRedirectToSignIn(); /////////////////////////////////////////////////////////////////////////////////////////////////// // Take care of input. $idPage = isset($_GET['idPage']) ? $_GET['idPage'] : NULL; /////////////////////////////////////////////////////////////////////////////////////////////////// // Prepare database. $dbAccess = new CdbAccess(); $tableChild = DB_PREFIX . 'Child'; $tableBook = DB_PREFIX . 'Book'; $tablePage = DB_PREFIX . 'Page'; $tableField = DB_PREFIX . 'Field'; $idPage = $dbAccess->WashParameter($idPage); /////////////////////////////////////////////////////////////////////////////////////////////////// // Sheck if session id is approved to see the page and edit the page. /////////////////////////////////////////////////////////////////////////////////////////////////// // Get info about this page. $query = "SELECT * FROM {$tablePage} WHERE idPage = {$idPage};"; $result = $dbAccess->SingleQuery($query); $row = $result->fetch_object(); $style = $row->stylePage; $header = $row->headerPage; $result->close(); /////////////////////////////////////////////////////////////////////////////////////////////////// // Fetch data about the page. $query = "SELECT * FROM {$tableField} WHERE field_idPage = {$idPage};"; if ($result = $dbAccess->SingleQuery($query)) { while ($row = $result->fetch_object()) {
$intFilter = new CAccessControl(); $intFilter->UserIsSignedInOrRedirect(); //$intFilter->UserIsAuthorisedOrDie('adm'); //Must be adm to access the page. /* * Prepare the database. */ $dbAccess = new CdbAccess(); $tablePerson = DB_PREFIX . 'Person'; $tableAlbum = DB_PREFIX . 'Album'; $tablePicture = DB_PREFIX . 'Picture'; /* * Process input if exists. */ $idAlbum = isset($_GET['album']) ? $_GET['album'] : NULL; $idPicture = isset($_GET['pict']) ? $_GET['pict'] : NULL; $idAlbum = $dbAccess->WashParameter($idAlbum); $idPicture = $dbAccess->WashParameter($idPicture); if ($debugEnable) { $debug .= "idAlbum=" . $idAlbum . " idPicture=" . $idPicture . "<br /> \r\n"; } /* * Update the DB. */ $timeEditedAlbum = time(); $query = "\n UPDATE {$tableAlbum} SET \n signaturePictId = '{$idPicture}',\n timeEditedAlbum = '{$timeEditedAlbum}'\n WHERE idAlbum = '{$idAlbum}';\n"; $dbAccess->SingleQuery($query); if ($debugEnable) { $mainTextHTML = "<a title='Vidare' href='?p=glry'>\n <img src='../images/b_enter.gif' alt='Vidare' /></a>\n <br />\r\n"; } else { // Annars hoppa vidare. header('Location: ' . WS_SITELINK . "?p=glry");
// $idPost = isset($_POST['idPost']) ? $_POST['idPost'] : NULL; $titelPost = isset($_POST['titelPost']) ? $_POST['titelPost'] : NULL; $textPost = isset($_POST['textPost']) ? $_POST['textPost'] : NULL; $internPost = isset($_POST['internPost']) ? $_POST['internPost'] : 0; $post_idPerson = $_SESSION['idUser']; if ($debugEnable) { $debug .= "idPost=" . $idPost . " idPerson=" . $post_idPerson . " titelPost=" . $titelPost . " textPost=" . $textPost . " internPost=" . $internPost . "<br /> \n"; } /////////////////////////////////////////////////////////////////////////////////////////////////// // Uppdatera idPost om den är satt annars skapa ett nytt inlägg. $dbAccess = new CdbAccess(); $tableBlogg = DB_PREFIX . 'Blogg'; $tidPost = time(); //Tvätta inparametrarna. $idPost = $dbAccess->WashParameter($idPost); $internPost = $dbAccess->WashParameter($internPost); $tagsAllowed = '<h1><h2><h3><h4><h5><h6><p><a><br><i><em><b><strong><li><ol> <ul><a><style><font><span><img>'; $titelPost = $dbAccess->WashParameter(strip_tags($titelPost)); $textPost = $dbAccess->WashParameter(strip_tags($textPost, $tagsAllowed)); if ($idPost) { $query = <<<QUERY UPDATE {$tableBlogg} SET post_idPerson = '{$post_idPerson}', titelPost = '{$titelPost}', textPost = '{$textPost}', tidPost = '{$tidPost}', internPost = '{$internPost}' WHERE idPost = '{$idPost}'; QUERY;
// generated. // From this page you are sent to PSaveChild and then to PMyPage. // Input: 'id' // Output: 'firstName', 'famillyNamn', 'birthDate', 'id', 'redirect' as POST. // /////////////////////////////////////////////////////////////////////////////////////////////////// // Check that the page is reached from the front controller and authority etc. $intFilter = new CAccessControl(); $intFilter->FrontControllerIsVisitedOrDie(); $intFilter->UserIsSignedInOrRedirectToSignIn(); /////////////////////////////////////////////////////////////////////////////////////////////////// // Prepare the database and clean input. $dbAccess = new CdbAccess(); $tableChild = DB_PREFIX . 'Child'; $idChild = isset($_GET['id']) ? $_GET['id'] : NULL; $idChild = $dbAccess->WashParameter($idChild); if ($debugEnable) { $debug .= "Input: id=" . $idChild . "<br /> \n"; } /////////////////////////////////////////////////////////////////////////////////////////////////// // Fetch the present information regarding the child if the child exists. $aChild = array("", "", "", "", "", ""); // Initiate arrayUser if we are going to generate a new account. if ($idChild) { $query = "SELECT * FROM {$tableChild} WHERE idChild = {$idChild};"; $result = $dbAccess->SingleQuery($query); $aChild = $result->fetch_row(); if ($debugEnable) { $debug .= "Child = " . print_r($aChild, TRUE) . "<br /> \n"; } $result->close();
exit; } $mainTextHTML = "<div id='content'>"; if (isset($_POST['submitBtn'])) { // If the submit button has been pressed, process the form information. require_once 'src/maxImageUpload.class.php'; $maxPhoto = new maxImageUpload(); $result = TRUE; $msg = ""; $error = ""; // Prepare the database. $dbAccess = new CdbAccess(); $tablePicture = DB_PREFIX . 'Picture'; $tableAlbum = DB_PREFIX . 'Album'; // Get form values. $namePicture = $dbAccess->WashParameter(strip_tags($_POST['mytitle'])); $descriptionPicture = $dbAccess->WashParameter(strip_tags($_POST['mydesc'])); // Register picture in DB and store the information. $query = "\n INSERT INTO {$tablePicture} (\n picture_idAlbum, \n namePicture, \n descriptionPicture)\n VALUES (\n '{$idAlbum}', \n '{$namePicture}',\n '{$descriptionPicture}'\n );\n "; $dbAccess->SingleQuery($query); // Get the picture id. $idPicture = $dbAccess->LastId(); if ($debugEnable) { $debug .= "idPicture=" . $idPicture . " Type=" . $_FILES['myfile']['type'] . " Name=" . $_FILES['myfile']['name'] . "<br />\r\n"; } //Check image type. Only jpeg images are allowed if (strcasecmp($_FILES['myfile']['type'], 'image/pjpeg') && strcasecmp($_FILES['myfile']['type'], 'image/jpeg') && strcasecmp($_FILES['myfile']['type'], 'image/jpg')) { $error = "Bara jpeg-bilder kan laddas upp!"; $result = false; } if ($result) {
$debug .= "row = " . $row . "<br /> \n"; } if (preg_match("/-*-/", $row)) { $header = trim(trim($row, "-*")); } } while (!feof($fh) && !$header); if ($debugEnable) { $debug .= "header = " . $header . "<br /> \n"; } // Read the file row by row and fill the DB untill there is an empty row or // eof. $i = 0; while (!feof($fh) && ($row = trim(fgets($fh, $maxTextLength)))) { $segments = explode($delimiter, $row); for ($j = 0; $j < count($segments); $j++) { $segments[$j] = $dbAccess->WashParameter($segments[$j]); } if ($debugEnable) { $debug .= "segments = " . print_r($segments, TRUE) . "<br />\r\n"; } // Different querys dependent on the header. switch ($header) { case 'tableBostad': $query = "\n INSERT INTO {$tableBostad} (\n idBostad, \n telefonBostad, \n adressBostad, \n stadsdelBostad, \n postnummerBostad, \n statBostad)\n VALUES (\n '{$segments[0]}', \n '{$segments[1]}', \n '{$segments[2]}', \n '{$segments[3]}', \n '{$segments[4]}', \n '{$segments[5]}'\n );\n "; break; case 'tablePerson': $query = "\n INSERT INTO {$tablePerson} (\n idPerson, \n accountPerson, \n passwordPerson, \n behorighetPerson, \n fornamnPerson, \n efternamnPerson, \n ePostPerson, \n mobilPerson, \n person_idBostad, \n senastInloggadPerson)\n VALUES (\n '{$segments[0]}', \n '{$segments[1]}', \n '{$segments[2]}', \n '{$segments[3]}', \n '{$segments[4]}', \n '{$segments[5]}', \n '{$segments[6]}', \n '{$segments[7]}', \n '{$segments[8]}', \n '{$segments[9]}'\n );\n "; break; case 'tableFunktionar': $query = "\n INSERT INTO {$tableFunktionar} (\n idFunktion, \n funktionar_idPerson, \n funktionFunktionar)\n VALUES (\n '{$segments[0]}', \n '{$segments[1]}', \n '{$segments[2]}'\n );\n "; break;
$buttons->addElement('static', 'cancelButton')->setContent('<a title="Avbryt" href="?p=main" > <img src="../images/b_cancel.gif" alt="Avbryt" /></a>'); /* * Behandla informationen i formuläret. */ // Ta bort 'space' först och sist på alla värden. $form->addRecursiveFilter('trim'); $mainTextHTML = ""; if ($form->validate()) { // Om sidan är riktigt ifylld. // Förbered databasen $dbAccess = new CdbAccess(); $tablePerson = DB_PREFIX . 'Person'; //Tvätta inparametrarna. $formValues = $form->getValue(); $eMailAdr = $dbAccess->WashParameter($formValues['ePost']); // Skapa ett slumplösenord. $min = 5; // minimum length of password $max = 10; // maximum length of password $pwd = ""; // to store generated password for ($i = 0; $i < rand($min, $max); $i++) { $num = rand(48, 122); if ($num > 97 && $num < 122) { $pwd .= chr($num); } else { if ($num > 65 && $num < 90) { $pwd .= chr($num); } else {
$intFilter = new CAccessControl(); $intFilter->UserIsSignedInOrRedirect(); $intFilter->UserIsAuthorisedOrDie('adm'); //Must be adm to access the page. /* * Prepare the data base. */ $dbAccess = new CdbAccess(); $tablePerson = DB_PREFIX . 'Person'; /* * Handle input to the page. */ $accountPerson = isset($_POST['account']) ? $_POST['account'] : NULL; $fornamnPerson = isset($_POST['fornamn']) ? $_POST['fornamn'] : NULL; $efternamnPerson = isset($_POST['efternamn']) ? $_POST['efternamn'] : NULL; $accountPerson = $dbAccess->WashParameter($accountPerson); $fornamnPerson = $dbAccess->WashParameter($fornamnPerson); $efternamnPerson = $dbAccess->WashParameter($efternamnPerson); if ($debugEnable) { $debug .= $accountPerson . $fornamnPerson . $efternamnPerson . "<br />\r\n"; } /* * Definiera query utifrån sökkriterie. */ $query = "SELECT * FROM {$tablePerson} "; if ($accountPerson) { $query .= "WHERE accountPerson LIKE '%{$accountPerson}%'"; } elseif ($efternamnPerson) { $query .= "WHERE efternamnPerson LIKE '%{$efternamnPerson}%'"; } elseif ($fornamnPerson) { $query .= "WHERE fornamnPerson LIKE '%{$fornamnPerson}%'";
$intFilter->UserIsSignedInOrRedirectToSignIn(); $intFilter->UserIsAuthorisedOrDie('adm'); /////////////////////////////////////////////////////////////////////////////////////////////////// // Take care of input to the page. // $accountUser = isset($_POST['account']) ? $_POST['account'] : NULL; $firstNameUser = isset($_POST['firstName']) ? $_POST['firstName'] : NULL; $familyNameUser = isset($_POST['familyName']) ? $_POST['familyName'] : NULL; if ($debugEnable) { $debug .= $accountUser . $firstNameUser . $familyNameUser . "<br /> \n"; } /////////////////////////////////////////////////////////////////////////////////////////////////// // Query the database and clean input. $dbAccess = new CdbAccess(); $tableUser = DB_PREFIX . 'User'; $accountUser = $dbAccess->WashParameter($accountUser); $firstNameUser = $dbAccess->WashParameter($firstNameUser); $familyNameUser = $dbAccess->WashParameter($familyNameUser); $query = "SELECT * FROM {$tableUser} "; if ($accountUser) { $query .= "WHERE accountUser LIKE '%{$accountUser}%'"; } elseif ($familyNameUser) { $query .= "WHERE familyNameUser LIKE '%{$familyNameUser}%'"; } elseif ($firstNameUser) { $query .= "WHERE firstNameUser LIKE '%{$firstNameUser}%'"; } $query .= " ORDER BY familyNameUser;"; $result = $dbAccess->SingleQuery($query); /////////////////////////////////////////////////////////////////////////////////////////////////// // Prepare a table // Headers
if (!isset($nextPage)) { die('Direct access to the page is not allowed.'); } $intFilter = new CAccessControl(); $intFilter->UserIsSignedInOrRedirect(); /* * Prepare the data base. */ $dbAccess = new CdbAccess(); $tablePerson = DB_PREFIX . 'Person'; $tableRelationon = DB_PREFIX . 'Relation'; /* * Handle input to the page. */ $idPerson = isset($_GET['id']) ? $_GET['id'] : NULL; $idPerson = $dbAccess->WashParameter($idPerson); if ($debugEnable) { $debug .= "Input: id=" . $idPerson . " Authority = " . $_SESSION['authorityUser'] . "<br />\r\n"; } /* * Kontrollera om personen har behörighet till sidan, d v s är personen på * sidan, målsman till personen på sidan eller adm. */ $showPage = FALSE; if ($idPerson == $_SESSION['idUser']) { $showPage = TRUE; } if ($_SESSION['authorityUser'] == "adm") { $showPage = TRUE; } // Kontrollera om SESSION idUser är målsman till idPerson.
// Output: // /////////////////////////////////////////////////////////////////////////////////////////////////// // Check that the page is reached from the front controller and authority etc. $intFilter = new CAccessControl(); $intFilter->FrontControllerIsVisitedOrDie(); $intFilter->UserIsSignedInOrRedirectToSignIn(); $intFilter->UserIsAuthorisedOrDie('adm'); /////////////////////////////////////////////////////////////////////////////////////////////////// // Prepare the database. $dbAccess = new CdbAccess(); $tableUser = DB_PREFIX . 'User'; /////////////////////////////////////////////////////////////////////////////////////////////////// // Take care of input to the page. $idUser = isset($_GET['id']) ? $_GET['id'] : NULL; $idUser = $dbAccess->WashParameter($idUser); if ($debugEnable) { $debug .= "Input: idUser="******"<br /> \n"; } /////////////////////////////////////////////////////////////////////////////////////////////////// // Remove the user from all tables. $totalStatements = 1; $query = <<<QUERY DELETE FROM {$tableUser} WHERE idUser = '******'; QUERY; // Uppdate with code for removing everything related to the user. $statements = $dbAccess->MultiQueryNoResultSet($query); if ($debugEnable) { $debug .= "{$statements} statements av {$totalStatements} kördes.<br /> \n"; } ///////////////////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////// // Check that the page is reached from the front controller and authority etc. $intFilter = new CAccessControl(); $intFilter->FrontControllerIsVisitedOrDie(); $intFilter->UserIsSignedInOrRedirectToSignIn(); /////////////////////////////////////////////////////////////////////////////////////////////////// // Prepare the database and clean input and query the database. // $dbAccess = new CdbAccess(); $tableChild = DB_PREFIX . 'Child'; $idChild = isset($_POST['id']) ? $_POST['id'] : NULL; $firstNameChild = isset($_POST['firstName']) ? $_POST['firstName'] : NULL; $famillyNameChild = isset($_POST['famillyName']) ? $_POST['famillyName'] : NULL; $birthDateChild = isset($_POST['birthDate']) ? $_POST['birthDate'] : NULL; $redirect = isset($_POST['redirect']) ? $_POST['redirect'] : NULL; $idChild = $dbAccess->WashParameter($idChild); $firstNameChild = $dbAccess->WashParameter(strip_tags($firstNameChild)); $famillyNameChild = $dbAccess->WashParameter(strip_tags($famillyNameChild)); $birthDateChild = $dbAccess->WashParameter(strip_tags($birthDateChild)); $idUser = $_SESSION['idUser']; if ($idChild) { // If the child exists check that it's the users child and update the database. $query = "SELECT child_idUser FROM {$tableChild} WHERE idChild = {$idChild};"; $result = $dbAccess->SingleQuery($query); $row = $result->fetch_object(); $result->close(); if ($idUser != $row->child_idUser) { $_SESSION['errorMessage'] = "Du har inte behörighet att ändra informationen om det här barnet"; header('Location: ' . WS_SITELINK . "?p=main"); exit; }
$intFilter->UserIsSignedInOrRedirectToSignIn(); $intFilter->UserIsAuthorisedOrDie('fnk'); // Måste vara minst funktionär för att nå sidan. /////////////////////////////////////////////////////////////////////////////////////////////////// // Input till sidan plus rensa bort HTML-taggar. // $idPost = isset($_GET['idPost']) ? $_GET['idPost'] : NULL; $post_idPerson = $_SESSION['idUser']; if ($debugEnable) { $debug .= "Input: idPost=" . $idPost . ", post_idPerson=" . $post_idPerson . "<br /> \n"; } /////////////////////////////////////////////////////////////////////////////////////////////////// // Radera idPost från databasen om du är ägare eller adm. $dbAccess = new CdbAccess(); $tableBlogg = DB_PREFIX . 'Blogg'; $idPost = $dbAccess->WashParameter($idPost); // Kolla först om du är ägare till posten. $query = "SELECT post_idPerson FROM {$tableBlogg} WHERE idPost = '{$idPost}'"; $result = $dbAccess->SingleQuery($query); $row = $result->fetch_object(); $postOwner = $row->post_idPerson; $result->close(); if ($_SESSION['idUser'] == $postOwner || $_SESSION['authorityUser'] == "adm") { $query = "DELETE FROM {$tableBlogg} WHERE idPost = '{$idPost}'"; $dbAccess->SingleQuery($query); } /////////////////////////////////////////////////////////////////////////////////////////////////// // Redirect to another page // // Om i debugmode så visa och avbryt innan redirect. if ($debugEnable) {
$intFilter->UserIsSignedInOrRedirect(); /* * Förbered databasen. */ $dbAccess = new CdbAccess(); $tablePerson = DB_PREFIX . 'Person'; $tableBostad = DB_PREFIX . 'Bostad'; $tableFunktionar = DB_PREFIX . 'Funktionar'; $tableElev = DB_PREFIX . 'Elev'; $tableMalsman = DB_PREFIX . 'Malsman'; $tableRelation = DB_PREFIX . 'Relation'; /* * Tag hand om inparametrar till sidan. */ $idPerson = isset($_GET['id']) ? $_GET['id'] : NULL; $idPerson = $dbAccess->WashParameter($idPerson); if ($debugEnable) { $debug .= "Input: id=" . $idPerson . " Authority = " . $_SESSION['authorityUser'] . "<br /> \n"; } /* * Kontrollera om personen har behörighet till sidan, d v s är personen på * sidan, målsman till personen på sidan eller adm. Om inte avbryt. */ $showPage = FALSE; if ($idPerson == $_SESSION['idUser']) { $showPage = TRUE; } if ($_SESSION['authorityUser'] == "adm") { $showPage = TRUE; } // Kontrollera om SESSION idUser är målsman till idPerson.
//Spara hitCounter innan vi dödar sessionen. require_once TP_SOURCE . 'FDestroySession.php'; /////////////////////////////////////////////////////////////////////////////////////////////////// // Ta hand om inparametrar till sidan. $accountPerson = isset($_POST['account']) ? $_POST['account'] : NULL; $passwordPerson = isset($_POST['password']) ? $_POST['password'] : NULL; $redirect = isset($_POST['redirect']) ? $_POST['redirect'] : 'main'; if ($debugEnable) { $debug .= "Input: account={$accountPerson} password={$passwordPerson} redirect={$redirect}<br /> \n"; } // Förbered databasen. $dbAccess = new CdbAccess(); $tablePerson = DB_PREFIX . 'Person'; $tableFunktionar = DB_PREFIX . 'Funktionar'; // Tvätta inparametrarna. $accountPerson = $dbAccess->WashParameter($accountPerson); $passwordPerson = $dbAccess->WashParameter($passwordPerson); /////////////////////////////////////////////////////////////////////////////////////////////////// // Kolla om account med det lösenordet finns i databasen och använd resultatet för att skapa en // session med userId, userPassword och behörighet. $query = <<<Query SELECT * FROM {$tablePerson} WHERE \taccountPerson = '{$accountPerson}' AND \tpasswordPerson \t= md5('{$passwordPerson}') ; Query; session_start(); // Återstartar efter stängningen ovan. session_regenerate_id(); $_SESSION["hitCounter"] = $hitCounter;
if ($debugEnable) { $debug .= "row = " . $row . "<br /> \n"; } if (preg_match("/-*-/", $row)) { $header = trim(trim($row, "-*")); } } while (!feof($fh) && !$header); if ($debugEnable) { $debug .= "header = " . $header . "<br /> \n"; } //Write row by row to the DB untill an empty row or an eof. $i = 0; while (!feof($fh) && ($row = trim(fgets($fh)))) { $row = explode($delimiter, $row); for ($i = 0; $i < count($row); $i++) { $row[$i] = $dbAccess->WashParameter($row[$i]); } if ($debugEnable) { $debug .= "row = " . print_r($row, TRUE) . "<br /> \n"; } // Different querys depending on the header. switch ($header) { case 'tableUser': $query = <<<Query INSERT INTO {$tableUser} (idUser, accountUser, passwordUser, authorityUser, firstNameUser, familyNameUser, email1User, email2User) VALUES ('{$row[0]}', '{$row[1]}', '{$row[2]}', '{$row[3]}', '{$row[4]}', '{$row[5]}', '{$row[6]}', '{$row[7]}'); Query; break; case 'tableChild': $query = <<<Query
$idAlbum = isset($_GET['id']) ? $_GET['id'] : NULL; if ($debugEnable) { $debug .= "idAlbum: " . $idAlbum . "<br /> \r\n"; } /* * Prepare the database. */ $dbAccess = new CdbAccess(); $tablePerson = DB_PREFIX . 'Person'; $tableAlbum = DB_PREFIX . 'Album'; $tablePicture = DB_PREFIX . 'Picture'; /* * If $idAlbum exists the DB will be updated. Get the existing info. */ if ($idAlbum) { $idAlbum = $dbAccess->WashParameter($idAlbum); $query = "SELECT * FROM {$tableAlbum} WHERE idAlbum = {$idAlbum};"; $result = $dbAccess->SingleQuery($query); $arrayAlbum = $result->fetch_row(); $result->close(); } else { // Clear all parameters if a new user will be created. $arrayAlbum = array("", "", "", "", "", "", ""); } /* * Create the form with QuickForm2. */ require_once 'HTML/QuickForm2.php'; require_once 'HTML/QuickForm2/Renderer.php'; // Point back to the same page for validation. $formAction = WS_SITELINK . "?p=edit_alb&id=" . $idAlbum;
$hitCounter = $_SESSION["hitCounter"]; //Spara hitCounter innan vi dödar sessionen. require_once TP_SOURCEPATH . 'FDestroySession.php'; /////////////////////////////////////////////////////////////////////////////////////////////////// // Take care of input to the page. $accountUser = isset($_POST['account']) ? $_POST['account'] : NULL; $passwordUser = isset($_POST['password']) ? $_POST['password'] : NULL; $redirect = isset($_POST['redirect']) ? $_POST['redirect'] : 'main'; if ($debugEnable) { $debug .= "Input: account={$accountUser} password={$passwordUser} redirect={$redirect}<br /> \n"; } // Prepare the database. $dbAccess = new CdbAccess(); $tableUser = DB_PREFIX . 'User'; // Clean input. $accountUser = $dbAccess->WashParameter($accountUser); $passwordUser = $dbAccess->WashParameter($passwordUser); /////////////////////////////////////////////////////////////////////////////////////////////////// // Check if an account with this password exists in the database and if so start a new session with // userId, userPassword and authority. $query = <<<Query SELECT * FROM {$tableUser} WHERE \taccountUser = '******' AND \tpasswordUser \t= md5('{$passwordUser}') ; Query; session_start(); // Restart the session after closing abowe. session_regenerate_id(); $_SESSION["hitCounter"] = $hitCounter;
$intFilter = new CAccessControl(); $intFilter->FrontControllerIsVisitedOrDie(); $intFilter->UserIsSignedInOrRedirectToSignIn(); $intFilter->UserIsAuthorisedOrDie('adm'); /////////////////////////////////////////////////////////////////////////////////////////////////// // Prepare the database and clean input and query the database. // $dbAccess = new CdbAccess(); $tableUser = DB_PREFIX . 'User'; $idUser = isset($_POST['id']) ? $_POST['id'] : NULL; $firstNameUser = isset($_POST['firstName']) ? $_POST['firstName'] : NULL; $familyNameUser = isset($_POST['familyName']) ? $_POST['familyName'] : NULL; $eMail1User = isset($_POST['eMail1']) ? $_POST['eMail1'] : NULL; $eMail2User = isset($_POST['eMail2']) ? $_POST['eMail2'] : NULL; $redirect = isset($_POST['redirect']) ? $_POST['redirect'] : NULL; $idUser = $dbAccess->WashParameter($idUser); $firstNameUser = $dbAccess->WashParameter(strip_tags($firstNameUser)); $familyNameUser = $dbAccess->WashParameter(strip_tags($familyNameUser)); $eMail1User = $dbAccess->WashParameter(strip_tags($eMail1User)); $eMail2User = $dbAccess->WashParameter(strip_tags($eMail2User)); $query = <<<QUERY UPDATE {$tableUser} SET firstNameUser = '******', familyNameUser = '******', eMail1User = '******', eMail2User = '******' WHERE idUser = '******'; QUERY; $dbAccess->SingleQuery($query); /////////////////////////////////////////////////////////////////////////////////////////////////// // Redirect to another page
/////////////////////////////////////////////////////////////////////////////////////////////////// // Prepare the database. $dbAccess = new CdbAccess(); $tableUser = DB_PREFIX . 'User'; /////////////////////////////////////////////////////////////////////////////////////////////////// // Get account input for the user, clean the parameters, check if the user exists ($idUser is set) // and update the database. $idUser = isset($_POST['id']) ? $_POST['id'] : NULL; $accountUser = isset($_POST['account']) ? $_POST['account'] : NULL; $password1User = isset($_POST['password1']) ? $_POST['password1'] : NULL; $password2User = isset($_POST['password2']) ? $_POST['password2'] : NULL; $authorityUser = isset($_POST['authority']) ? $_POST['authority'] : NULL; $redirect = isset($_POST['redirect']) ? $_POST['redirect'] : NULL; $send = isset($_POST['send']) ? $_POST['send'] : NULL; // Clean the input parameters. $idUser = $dbAccess->WashParameter($idUser); $accountUser = $dbAccess->WashParameter(strip_tags($accountUser)); $authorityUser = $dbAccess->WashParameter(strip_tags($authorityUser)); $password1User = $dbAccess->WashParameter(strip_tags($password1User)); // If the password is not entered or they are different then exit and go to edit_account. if (!$idUser) { $redirect = "edit_account"; } if (!$password1User || $password1User != $password2User) { $_SESSION['errorMessage'] = "Fel på lösenordet!"; header("Location: " . WS_SITELINK . $redirect); exit; } if ($idUser) { // If the user exists update the database. $query = <<<QUERY