public function __construct()
{
parent::__construct('swapSeats', 'Swap Seats');
requirePrivOrRedirect('SWAP_USERS_SEATS');
$this->eventId = Sanitizer::getInstance()->filterUint('event');
$this->addElement(new ElementInput('username1', 'First username'));
$this->addElement(new ElementInput('username2', 'Second username'));
$this->addElementHidden('event', $this->eventId);
$this->addDefaultButtons();
}
public function __construct($userId = null)
{
parent::__construct('formUpdateProfile', 'Update profile');
if ($userId == null) {
$user = Session::getUser();
} else {
if ($userId != Session::getUser()->getId()) {
requirePrivOrRedirect('EDIT_USERS', 'index.php');
$user = User::getUserById($userId);
} else {
$user = Session::getUser();
}
}
$this->user = $user;
$this->addSection('Bio');
$this->addElement(new ElementHidden('action', null, 'edit'));
$this->addElement(new ElementHidden('user', null, $user->getId()));
$this->addElement(new ElementEmail('email', 'E-Mail Address', $user->getData('email')));
$elementRealName = $this->addElement(new ElementAlphaNumeric('realName', 'Real Name', $user->getData('real_name')));
$elementRealName->setMinMaxLengths(0, 32);
$elementLocation = $this->addElement(new ElementAlphaNumeric('location', 'Location', $user->getData('location')));
$elementLocation->setMinMaxLengths(0, 64);
$this->addElement(new ElementInputRegex('mobileNo', 'Mobile No.', $user->getData('mobileNo')))->setMinMaxLengths(0, 16);
$this->getElement('mobileNo')->setPattern('#^[\\d ]+$#', 'numbers and spaces');
$this->getElement('mobileNo')->setMinMaxLengths(11, 15);
$this->addSection('Preferences');
$this->addElement(new ElementCheckbox('mailingList', 'Mailing list', $user->getData('mailingList')));
$now = date_create();
$elementDateFormat = $this->addElement(new ElementSelect('dateFormat', 'Date format', $user->getData('dateFormat')));
$elementDateFormat->addOption('ISO date format (recommended): ' . formatDt($now, 'Y-m-d'), 'Y-m-d H:i');
$elementDateFormat->addOption('UK, numeric date format: ' . formatDt($now, 'd-m-Y'), 'd-m-Y');
$elementDateFormat->addOption('UK, long date format: ' . formatDt($now, 'jS M Y'), 'jS M Y');
$elementDateFormat->addOption('USA, numeric date format: ' . formatDt($now, 'm-d-Y'), 'm-d-Y');
$elementDateFormat->addOption('Opus date format: ' . formatDtOpus($now), 'opus');
$this->addSection('Change password');
if (Session::getUser()->getUsername() == $user->getUsername()) {
$this->addElement(new ElementPassword('passwordCurrent', 'Current password', null, 'Fill this field out if you would like to change your password.'));
$this->getElement('passwordCurrent')->setOptional(true);
}
$this->addElement(new ElementPassword('password1', 'New Password', null))->setOptional(true);
$this->addElement(new ElementPassword('password2', 'New Password (confirm)', null))->setOptional(true);
if (Session::getUser()->hasPriv('EDIT_BANS')) {
$this->addSection('Banning and admin stuff');
$this->addElement(new ElementInput('bannedReason', 'Banned reason', $user->getData('bannedReason'), 'Enter a reason to ban this user. Leave it blank to keep the user active.'));
$this->getElement('bannedReason')->addSuggestedValue('', 'Clear ban');
$this->getElement('bannedReason')->setMinMaxLengths(0, 256);
$this->addElement(new ElementCheckbox('emailFlagged', 'Email flagged?', $user->getData('emailFlagged')));
}
$this->addButtons(Form::BTN_SUBMIT);
}
<?php
set_include_path(get_include_path() . PATH_SEPARATOR . '../../');
require_once 'includes/common.php';
require_once 'includes/functions.seatingPlan.php';
use libAllure\Sanitizer;
requirePrivOrRedirect('SUPERUSER');
$eventId = Sanitizer::getInstance()->filterUint('event');
$userId = Sanitizer::getInstance()->filterUint('user');
removeSeat($eventId, $userId);
echo 'OK';
<?php
require_once 'includes/common.php';
require_once 'includes/classes/FormFlagEmails.php';
requirePrivOrRedirect('FLAG_EMAILS');
use libAllure\FormHandler;
$handler = new FormHandler('FormFlagEmails', $tpl);
$handler->handle();
<?php
require_once 'includes/common.php';
require_once 'includes/classes/FormSiteSettings.php';
use libAllure\Session;
requirePrivOrRedirect('SITE_SETTINGS');
$f = new FormSiteSettings();
if ($f->validate()) {
$f->process();
}
require_once 'includes/widgets/header.php';
require_once 'includes/widgets/sidebar.php';
$tpl->assignForm($f);
$tpl->display('form.tpl');
require_once 'includes/widgets/footer.php';
<?php
require_once 'includes/common.php';
require_once 'includes/widgets/header.php';
requirePrivOrRedirect('LIST_LOGS');
$sql = 'SELECT l.id, u.id AS user_id, u.username, l.date, l.message, l.ipAddress, g.css AS userGroupCss, l.associatedUser, au.username AS associatedUsername, l.associatedEvent, ae.name AS associatedEventName FROM log l LEFT JOIN users u on l.user = u.id JOIN `groups` g ON u.`group` = g.id LEFT JOIN users au ON l.associatedUser = au.id LEFT JOIN events ae ON l.associatedEvent = ae.id ORDER BY id DESC LIMIT 250';
$result = $db->query($sql);
$logs = $result->fetchAll();
for ($i = 0; $i < sizeof($logs); $i++) {
$logs[$i]['message'] = str_replace('_u_', '<a href = "profile.php?id=' . $logs[$i]['associatedUser'] . '">' . $logs[$i]['associatedUsername'] . '</a>', $logs[$i]['message']);
$logs[$i]['message'] = str_replace('_e_', '<a href = "viewEvent.php?id=' . $logs[$i]['associatedEvent'] . '">' . $logs[$i]['associatedEventName'] . '</a>', $logs[$i]['message']);
}
$tpl->assign('listLogs', $logs);
$tpl->display('listLogs.tpl');
require_once 'includes/widgets/footer.php';
<?php
require_once 'includes/widgets/header.php';
require_once 'includes/widgets/sidebar.php';
requirePrivOrRedirect('LIST_FINANCE_ACCOUNTS');
use libAllure\DatabaseFactory;
$sql = 'SELECT a.id, a.title, u.id AS managerId, u.username AS managerUsername, sum(t.amount) AS amount FROM finance_accounts a LEFT JOIN finance_transactions t ON t.account = a.id LEFT JOIN users u ON a.assigned_to = u.id GROUP BY a.id ORDER BY a.title ASC';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->execute();
$tpl->assign('listAccounts', $stmt->fetchAll());
$tpl->display('listFinancialAccounts.tpl');
require_once 'includes/widgets/footer.php';
<?php
require_once 'includes/widgets/header.php';
use libAllure\FormHandler;
use libAllure\Form;
use libAllure\Session;
use libAllure\ElementSelect;
use libAllure\DatabaseFactory;
use libAllure\ElementFile;
requirePrivOrRedirect('UPLOAD_GALLERY_IMAGE');
class FormUploadImage extends Form
{
private $directorySettings = array();
private $directoryAliases = array();
public function __construct()
{
parent::__construct('uploadImage', 'Upload Image');
$this->enctype = 'multipart/form-data';
$this->directorySettings['gallery'] = array('maxWidth' => 800, 'maxHeight' => 600);
$this->directorySettings['schedule'] = array('maxWidth' => 16, 'maxHeight' => 16);
$this->addElement($this->getElementImageDirectories());
$this->addElement(new ElementFile('file', 'File', null));
// $this->getElement('file')->isImage = true;
$this->getElement('file')->destinationDir = 'tempUploads';
$this->getElement('file')->setMaxImageBounds(1000, 1000);
$this->addDefaultButtons();
}
private function validateFilename()
{
$directory = $this->getElement('dir')->getValue();
if (!in_array($directory, array_keys($this->directoryAliases))) {
<?php
require_once 'includes/common.php';
require_once 'includes/classes/FormSudo.php';
require_once 'libAllure/FormHandler.php';
requirePrivOrRedirect('SUDO');
use libAllure\FormHandler;
use libAllure\Sanitizer;
$handler = new FormHandler('formSudo', $tpl);
$handler->setConstructorArgument(0, Sanitizer::getInstance()->filterString('username'));
$handler->setRedirect('index.php');
$handler->handle();
<?php
require_once 'includes/common.php';
require_once 'includes/classes/FormSearchMachineAuthentications.php';
requirePrivOrRedirect('SEARCH_MACHINE_AUTHS');
use libAllure\FormHandler;
$handler = new FormHandler('SearchMachineAuthentications', $tpl);
$handler->handle();
if ($handler->getForm()->validate()) {
echo 'list';
}
}
switch ($mode) {
case 'editImage':
requirePrivOrRedirect('GALLERY_UPDATE_IMAGE');
require_once 'updateGalleryImage.php';
break;
case 'addImage':
requirePrivOrRedirect('GALLERY_CREATE_IMAGE');
$gallery = intval($_REQUEST['gallery']);
$filename = $_REQUEST['filename'];
$sql = 'INSERT INTO images (gallery, filename) VALUES (:gallery, :filename) ';
$stmt = $db->prepare($sql);
$stmt->bindValue(':gallery', $gallery);
$stmt->bindValue(':filename', $filename);
$stmt->execute();
redirect('viewGalleryImage.php?filename=' . $filename . '&gallery=' . $gallery, 'Image added to database.');
break;
case 'makeCoverImage':
requirePrivOrRedirect('GALLERY_SET_COVER_IMAGE');
$gallery = intval($_REQUEST['gallery']);
$sql = 'UPDATE galleries SET coverImage = :filename WHERE id = :gallery ';
$stmt = $db->prepare($sql);
$stmt->bindValue(':filename', $_REQUEST['filename']);
$stmt->bindValue(':gallery', $gallery);
$stmt->execute();
redirect('viewGallery.php?id=' . $gallery, 'Gallery cover image updated');
break;
case null:
default:
}
require_once 'includes/widgets/footer.php';
if (!Session::getUser()->hasPriv('USER_DELETE')) {
throw new SimpleFatalError('Oh gnoes! You dont have permission to do that.');
}
$sql = 'DELETE FROM users WHERE id = "' . $id . '" LIMIT 1 ';
$result = $db->query($sql);
logActivity('User deleted: ' . $id);
redirect('users.php', 'Used deleted... I hope they dont mind..');
break;
case 'edit':
require_once 'includes/common.php';
require_once 'includes/classes/FormUpdateProfile.php';
$userId = Sanitizer::getInstance()->filterUint('user');
$f = new FormUpdateProfile($userId);
if ($f->validate()) {
$f->process();
redirect('profile.php?id=' . $userId, 'User edited.');
}
require_once 'includes/widgets/header.php';
require_once 'includes/widgets/sidebar.php';
$tpl->assignForm($f);
$tpl->display('form.tpl');
require_once 'includes/widgets/footer.php';
break;
default:
require_once 'includes/widgets/header.php';
require_once 'includes/widgets/sidebar.php';
requirePrivOrRedirect('VIEW_USERS', 'index.php');
$tpl->assign('listUsers', $users);
$tpl->display('listUsers.tpl');
}
require_once 'includes/widgets/footer.php';
<?php
require_once 'includes/common.php';
require_once 'includes/classes/FormTargetedMailingList.php';
requirePrivOrRedirect('VIEW_MAILING_LIST');
$f = new FormTargetedMailingList();
require_once 'includes/widgets/header.php';
require_once 'includes/widgets/sidebar.php';
if ($f->validate()) {
$eventList = $f->getElementvalue('eventList');
$tpl->assign('isEventSpecific', true);
if ($f->getElementValue('ignoreOptOut')) {
$sql = 'SELECT u.email, e.name AS eventName, e.id AS eventId FROM users u, signups s, events e WHERE s.user = u.id AND u.emailFlagged = 0 AND s.status IS NOT NULL AND s.event = e.id AND e.id = :event ';
} else {
$sql = 'SELECT u.email, e.name AS eventName, e.id AS eventId FROM users u, signups s, events e WHERE s.user = u.id AND u.emailFlagged = 0 AND s.status IS NOT NULL AND s.event = e.id AND e.id = :event AND u.mailingList = 1';
}
$stmt = $db->prepare($sql);
$stmt->bindValue(':event', $eventList);
$stmt->execute();
} else {
$tpl->assign('isEventSpecific', false);
$sql = 'SELECT u.email FROM users u WHERE u.mailingList = 1 AND u.email IS NOT NULL AND u.emailFlagged = 0';
$stmt = $db->query($sql);
}
$addresses = array();
foreach ($stmt->fetchAll() as $user) {
$addresses[] = $user['email'];
}
$tpl->assignForm($f);
$tpl->assign('mailingListRecipients', $addresses);
$tpl->display('mailingList.tpl');
<?php
require_once 'includes/common.php';
requirePrivOrRedirect('CREATE_FINANCE_ACCOUNT');
$_REQUEST['form'] = 'FormCreateFinanceAccount';
require_once 'form.php';
