public function testIssetSessionVariableShouldReturnTrue() { $variableName = "thisShouldBeSet"; setSessionVariable($variableName, "testtesttest"); $actualValue = issetSessionVariable('thisShouldBeSet'); $this->assertTrue($actualValue, "issetSessionVariable(variable_name) returned false for set variable."); }
<?php if(issetSessionVariable('user_level')){ if(getSessionVariable('user_level') >= RES_USERLEVEL_ADMIN){ } else{ echo "Error: You don't have permissions to access this page!"; die(""); } } else{ echo "Error: You don't have permissions to access this page!"; die(""); } function saveEquipment($equipid, $name, $type , $serial, $maxlength, $minuserlevel, $checkoutfrom, $description){ $equipid = makeStringSafe($equipid); $name = makeStringSafe($name); $type = makeStringSafe($type); $serial = makeStringSafe($serial); $maxlength = makeStringSafe($maxlength);
} } $page = $page . "<center><h3>You need to be logged in to view this page.</h3>\n\t\t<font color=\"#FF0000\">" . $errormessage . "</font></center>\n\t\t<form action=\"./confirmReservation.php\" method=\"POST\">\n\t\t\t<input type=\"hidden\" name=\"resid\" value=\"" . $resid . "\"><input type=\"hidden\" name=\"page\" value=\"login\">\n\t\t\t<table class=\"login\">\n\t\t\t\t<tr>\n\t\t\t\t\t<td colspan=2 class=\"header\">User Login</td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td class=\"centeredcellbold\">Username</td>\n\t\t\t\t\t<td class=\"centeredcell\"><input type=\"text\" name=\"id\"></td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td class=\"centeredcellbold\">Password</td>\n\t\t\t\t\t<td class=\"centeredcell\"><input type=\"password\" name=\"pass\"></td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td colspan=2 class=\"centeredcellbold\"><input type=\"submit\" value=\"Login\"></td>\n\t\t\t\t</tr>\n\t\t\t</table>\n\t\t</form>"; } } } ?> <html> <head> <LINK REL=StyleSheet HREF="./style.css" TYPE="text/css"> <title><?php if (issetSessionVariable('user_level') && getSessionVariable('user_level') >= RES_USERLEVEL_ADMIN) { echo "Reservation Confirmation Page"; } ?> </title> </head> <body> <?php echo $page; ?>
<?php if(issetSessionVariable('user_level')){ if(getSessionVariable('user_level') >= RES_USERLEVEL_ADMIN){ } else{ echo "Error: You don't have permissions to access this page!"; die(""); } } else{ echo "Error: You don't have permissions to access this page!"; die(""); } if($pageid == "messages"){ $messages = getAllMessages(); $select = "<select name=\"messageid\">"; while($row = mysql_fetch_assoc($messages)){ $select = $select . "<option value=\"".$row['message_id']."\">".$row['start_date']." to ".$row['end_date']." - Priority ".$row['priority']."</option>"; } $select = $select . "</select>";
<td class=\"centeredcellbold\">Password</td> <td class=\"centeredcell\"><input type=\"password\" name=\"pass\"></td> </tr> <tr> <td colspan=2 class=\"centeredcellbold\"><input type=\"submit\" value=\"Login\"></td> </tr> </table> </form>"; } ?> <html> <head> <LINK REL=StyleSheet HREF="./style.css" TYPE="text/css"> <title><?php if(issetSessionVariable('user_level') && getSessionVariable('user_level') >= RES_USERLEVEL_ADMIN) echo "Reservation Confirmation Page"; ?></title> </head> <body> <?php echo $page; ?> </body> </html>
<?php if(!issetSessionVariable('user_level') || getSessionVariable('user_level') < RES_USERLEVEL_ADMIN){ die("You don't have permission to access this page!"); }else{ $displayhome = true; $equipmessage = ""; if(isset($_POST['myaction']) && $_POST['myaction'] == "new"){ if($_POST['form'] == "equipment"){ $displayhome = false; require 'newequip.php'; } } else if(isset($_POST['myaction']) && $_POST['myaction'] == "delete"){ if($_POST['form'] == "equipment"){ deleteEquipmentByID($_POST['selector']); }
$checkin = ""; $userinfo = "\r\n\t\t<tr>\r\n\t\t\t\r\n\t\t\t<td class=\"centeredcellbold\">Name</th>\r\n\t\t\t<td class=\"centeredcell\">" . $user['name'] . "</td>\r\n\t\t\t<td class=\"centeredcellbold\">Warnings</th>\r\n\t\t\t<td class=\"centeredcell\">" . mysql_num_rows(getActiveWarningsForUser($user['user_id'])) . "(" . mysql_num_rows(getWarningsForUser($user['user_id'])) . ")</td>\r\n\t\t\t\r\n\t\t</tr>"; $checkinCell = " - "; if ($reservation['mod_status'] == RES_STATUS_CONFIRMED) { $checkinCell = "<input type=\"hidden\" value=\"checkout\" name=\"action\">\r\n\t\t\t\t<input type=\"hidden\" value=\"" . $resid . "\" name=\"resid\">\r\n\t\t\t\t<input type=\"submit\" value=\"Check Out\">"; } else { if ($reservation['mod_status'] == RES_STATUS_CHECKED_OUT) { $checkinCell = "<input type=\"hidden\" value=\"checkin\" name=\"action\">\r\n\t\t\t\t<input type=\"hidden\" value=\"" . $resid . "\" name=\"resid\">\r\n\t\t\t\t<input type=\"submit\" value=\"Check In\">"; } } /* If the logged in user is an admin, display the "check-in button" */ if (issetSessionVariable('user_level') && getSessionVariable('user_level') >= RES_USERLEVEL_ADMIN) { $userinfo = "<tr>\r\n\t\t\t\r\n\t\t\t<td class=\"centeredcellbold\">Name</th>\r\n\t\t\t<td class=\"centeredcell\"><a href=\"./index.php?pageid=edituser&user="******"\">" . $user['name'] . "</a></td>\r\n\t\t\t<td class=\"centeredcellbold\">Warnings</th>\r\n\t\t\t<td class=\"centeredcell\"><a href=\"./index.php?pageid=viewwarnings&user_id=" . $user['user_id'] . "\">" . mysql_num_rows(getActiveWarningsForUser($user['user_id'])) . "(" . mysql_num_rows(getWarningsForUser($user['user_id'])) . ")</a></td>\r\n\t\t\t\r\n\t\t</tr>"; $checkin = "<tr>\r\n\t\t\t\t\t\r\n\t\t\t\t\t<form action=\"./index.php?pageid=viewreservation\" method=\"POST\">\r\n\t\t\t\t\t<td class=\"centeredcellbold\">\r\n\t\t\t\t\t" . $checkinCell . "\r\n\t\t\t\t\t</td>\r\n\t\t\t\t\t</form>\r\n\t\t\t\t\t<form action=\"./index.php?pageid=viewreservation\" method=\"POST\" onSubmit=\"return confirm('Are you sure you want to delete this reservation?')\">\r\n\t\t\t\t\t<td class=\"centeredcellbold\">\r\n\t\t\t\t\t\t<input type=\"hidden\" value=\"delete\" name=\"action\">\r\n\t\t\t\t\t\t<input type=\"hidden\" value=\"" . $resid . "\" name=\"resid\">\r\n\t\t\t\t\t\t<input type=\"submit\" value=\"Delete\">\r\n\t\t\t\t\t</td>\r\n\t\t\t\t\t</form>\r\n\t\t\t\t\t<form action=\"./index.php?pageid=viewreservation\" method=\"POST\">\r\n\t\t\t\t\t<td class=\"centeredcellbold\">\r\n\t\t\t\t\t\t<input type=\"hidden\" value=\"update\" name=\"action\">\r\n\t\t\t\t\t\t<input type=\"hidden\" value=\"" . $resid . "\" name=\"resid\">\r\n\t\t\t\t\t\t<select name=\"status\">\r\n\t\t\t\t\t\t\t<option value=1>Approve</option>\r\n\t\t\t\t\t\t\t<option value=2>Deny</option>\r\n\t\t\t\t\t\t</select>\r\n\t\t\t\t\t</td>\r\n\t\t\t\t\t<td class=\"centeredcellbold\">\r\n\t\t\t\t\t\t<input type=\"hidden\" value=\"update\" name=\"action\">\r\n\t\t\t\t\t\t<input type=\"hidden\" value=\"" . $resid . "\" name=\"resid\">\r\n\t\t\t\t\t\t<input type=\"submit\" value=\"Update\">\r\n\t\t\t\t\t</td>\r\n\t\t\t\t\t</form>\r\n\t\t\t\t\t\r\n\t\t\t\t</tr>"; } else { if (issetSessionVariable('user_level') && getSessionVariable('user_level') == RES_USERLEVEL_LEADER) { if ($checkinCell == " - ") { $checkinCell = "No Available Action (Reservation Pending, Denied, or Checked-in)"; } $checkin = "<tr><form action=\"./index.php?pageid=viewreservation\" method=\"POST\"><td class=\"centeredcellbold\" colspan=4>" . $checkinCell . "</td></form></tr>"; } } $page = $page . "\r\n\t<center><h3>Reseravation Info</h3></center>\r\n\t<table class=\"viewreservation\">\r\n\t\t<tr>\r\n\t\t\t\r\n\t\t\t<td colspan=4 class=\"header\">User Information</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t" . $userinfo . "\r\n\t\t<tr>\r\n\t\t\t\r\n\t\t\t<td colspan=4 class=\"header\">Equipment Information</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t<tr>\r\n\t\t\t\r\n\t\t\t<td colspan=2 class=\"centeredcellbold\">Name</th>\r\n\t\t\t<td colspan=2 class=\"centeredcell\"><a href=\"./index.php?pageid=moreinfo&equipid=" . $equipment['equip_id'] . "\">" . $equipment['name'] . "</a></td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t<tr>\r\n\t\t\t\r\n\t\t\t<td colspan=4 class=\"header\">Reservation Information</td>\r\n\t\t\r\n\t\t</tr>\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td class=\"centeredcellbold\">Start Date</td>\r\n\t\t\t<td class=\"centeredcell\">" . $reservation['start_date'] . "</td>\r\n\t\t\t<td class=\"centeredcellbold\">End Date</td>\r\n\t\t\t<td class=\"centeredcell\">" . $reservation['end_date'] . "</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t<tr>\r\n\t\t\t<td colspan=4 class=\"centeredcellbold\">" . $status . "</td>\r\n\t\t</tr>\r\n\t\t<tr>\r\n\t\t\t\r\n\t\t\t<td colspan=4 class=\"centeredcellbold\">User Comment</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t<tr>\r\n\t\t\t\r\n\t\t\t<td colspan=4 class=\"topaligncell\"> " . $reservation['user_comment'] . "</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t<tr>\r\n\t\t\t\r\n\t\t\t<td colspan=4 class=\"centeredcellbold\">Admin Comment</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t<tr>\r\n\t\t\t\r\n\t\t\t<td colspan=4 class=\"topaligncell\"> " . $reservation['admin_comment'] . "</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t" . $checkin . "\r\n\t\r\n\t</table>\r\n\r\n"; } else { if (isset($_POST['action']) && $_POST['action'] == "delete") { $page = $page . "<br><h3>Reservation Deleted</h3>"; } } echo $page;