public function updateAction()
{
$id = Auth::getUserId();
$screenname = Request::postParam('screenname', '');
$login = Request::postParam('login', '');
$password = Request::postParam('password', '');
$preferred_language = Request::postParam('preferred-language');
if (trim($screenname) == '' || trim($login) == '') {
$this->error(self::RESULT_ERROR_BAD_REQUEST);
return;
}
$user = $this->users->getById($id);
if ($user === false) {
$this->error(self::RESULT_ERROR_DOES_NOT_EXIST);
return;
}
$res = array('action' => 'update', 'loginAlreadyExists' => true, 'accountUpdated' => false);
if (!$this->users->loginExists($login, $id)) {
$res['loginAlreadyExists'] = false;
$properties = array('screenname' => trim($screenname), 'login' => trim($login), 'preferred-language' => $preferred_language);
if (trim($password) != '') {
$properties['password'] = trim($password);
}
$updated = $this->users->update($id, $properties);
if ($updated !== false) {
$res['accountUpdated'] = true;
}
}
$this->success($res);
}
public static function saveTabAsXml($title)
{
//echo Auth::getUserId();
header('Content-Type: application/xml');
header('Content-Disposition: attachment; filename=widget_space_' . $title . '.xml');
header('Content-Transfer-Encoding: binary');
$r = WidgetSpace::getManifest(Auth::getUserId(), array($title));
echo $r->saveXML();
}
public function defaultAction()
{
$users = new Users();
$account = $users->getById(Auth::getUserId());
if ($account === false) {
$this->doesNotExist();
return;
}
$this->view->assign('account', $account);
}
static function getUser()
{
global $_MYSQLI;
$user_result = $_MYSQLI->query('SELECT * FROM user WHERE user_id = ' . Auth::getUserId());
if ($user_result->num_rows == 0) {
header("Location: logout.php");
exit;
}
return $user_result->fetch_object();
}
private function getUser()
{
if (isset($_COOKIE['blogAuthId']) && $_COOKIE['blogAuthId'] !== '') {
$authId = $_COOKIE['blogAuthId'];
$auth = new Auth($authId);
$userId = $auth->getUserId();
if (isset($userId) && $userId !== '') {
return new User($userId);
}
}
return null;
}
public function editAction()
{
// Die wichtigsten Parameter auslesen
$pageId = Request::postParam('pageId');
$name = Request::postParam('name');
$caption = Request::postParam('caption');
$recursive = $this->sanitizeBoolean(Request::postParam('recursive', '0'));
// �berpr�fen, ob pageId gesetzt ist
if ($pageId === null) {
$this->error(self::RESULT_ERROR_BAD_REQUEST);
return;
}
// Feststellen, ob sich das ganze auf eine oder mehrere Seiten bezieht
if (is_array($pageId)) {
$batchEdit = true;
$pageIdList = $pageId;
} else {
$batchEdit = false;
$pageIdList = array($pageId);
}
// ggf. �berpr�fen, ob Name und Titel gesetzt sind
if (!$batchEdit) {
if ($name === null || $caption === null) {
$this->error(self::RESULT_ERROR_BAD_REQUEST);
return;
}
}
// �berpr�fen, ob die Seite �berhaupt (noch) existiert
$elements = array();
foreach ($pageIdList as $id) {
$element = $this->pages->getProperties($id);
if ($element === false) {
$this->error(self::RESULT_ERROR_DOES_NOT_EXIST);
return;
} else {
$elements[] = $element;
}
}
// �berpf�fen, ob der eingloggte Benutzer �berhaupt die n�tigen Rechte besitzt
if (!$this->helpers->canAccessAllElements($elements, Acl::ACTION_EDIT, $recursive)) {
$this->error(self::RESULT_ERROR_NOT_AUHTORIZED);
return;
}
// OnPageTreeBeginBatchEditPageProperties
$parameters = array();
$data = null;
Plugins::call(Plugins::PAGETREE_BEGIN_BATCH_EDIT_PAGE_PROPERTIES, $parameters, $data);
// Standard R�ckgabe-Werte annehmen
$res = array('action' => 'edit', 'validName' => false, 'nameAlreadyExists' => true, 'propertiesSaved' => false, 'validAliases' => false, 'aliasAlreadyExists' => true, 'offendingAliasLanguageId' => '');
// Wenn nur eine Seite ge�ndert werden soll, Namen und Titel, etc. �bernehmen
if (!$batchEdit) {
// ggf. Aliasse �berpr�fen
$aliases_are_valid = true;
$an_alias_already_exists = false;
$offending_alias_language_id = '';
if (Config::get()->allowPageAliases === true) {
$languages = Config::get()->languages->list;
$postAliases = Request::postParam('alias', array());
foreach ($languages as $language_id => $language) {
if (isset($postAliases[$language_id])) {
if (trim($postAliases[$language_id]) != '') {
if (!$this->pages->isValidName($postAliases[$language_id])) {
$aliases_are_valid = false;
$offending_alias_language_id = $language_id;
break;
}
}
}
}
if ($aliases_are_valid) {
foreach ($languages as $language_id => $language) {
if (isset($postAliases[$language_id])) {
if (trim($postAliases[$language_id]) != '') {
if ($this->pages->pageAliasExistsForLanguage($elements[0]['parent-id'], $postAliases[$language_id], $language_id, $pageId)) {
$an_alias_already_exists = true;
$offending_alias_language_id = $language_id;
break;
}
}
}
}
}
}
$res['validAliases'] = $aliases_are_valid;
$res['aliasAlreadyExists'] = $an_alias_already_exists;
$res['offendingAliasLanguageId'] = $offending_alias_language_id;
// Wenn die Aliasse OK sind, dann weitermachen...
if ($res['validAliases'] === true && $res['aliasAlreadyExists'] === false) {
$name = $this->pages->normalizeName($name);
if ($this->pages->isValidName($name)) {
// Der Name ist schonmal g�ltig...
$res['validName'] = true;
if (!$this->pages->nameExists($elements[0]['parent-id'], $name, $pageId)) {
// Der Name existiert auch nocht nicht
$res['nameAlreadyExists'] = false;
// ggf. umbenennen
if ($elements[0]['name'] != $name) {
if (!$this->pages->rename($pageId, $name)) {
$this->error();
return;
}
}
// Titel speichern
$this->pages->setCaption($pageId, $caption);
// Soll der Template-Typ ge�ndert werden?
$new_template_id = Request::postParam('template-id');
if ($new_template_id === 'NULL') {
$new_template_id = null;
}
$old_template_id = $elements[0]['template-id'];
if ($new_template_id != $old_template_id) {
$this->switchTemplate($pageId, $new_template_id, $elements[0]);
}
// Wenn die Seite ein Link ist, dann die Link-Eigenschaften �bernehmen
if ($new_template_id == null) {
$linkTranslated = Request::postParam('link-translated', 0);
if ($linkTranslated) {
$linkUrl = '';
$translatedLinkUrls = Request::postParam('translated-link-urls');
$this->pages->setTranslatedLinkUrls($pageId, $translatedLinkUrls);
} else {
$linkUrl = Request::postParam('link-url', '');
$this->pages->deleteTranslatedLinkUrls($pageId);
}
$link_properties = array('link-translated' => $linkTranslated, 'link-url' => $linkUrl, 'link-new-window' => Request::postParam('link-new-window', 0));
$this->pages->setProperties($pageId, $link_properties);
} else {
$link_properties = array('link-translated' => 0, 'link-url' => '', 'link-new-window' => 0);
$this->pages->setProperties($pageId, $link_properties);
$this->pages->deleteTranslatedLinkUrls($pageId);
}
// Seiten-Aliasse
if (Config::get()->allowPageAliases === true) {
$aliases = Request::postParam('alias');
$this->pages->setPageAliases($pageId, $aliases);
}
// Und noch weitere Eigenschaften speichern, die nur f�r eine einzelne Seite ge�ndert werden k�nnen
$single_page_properties = array('unique-id' => Request::postParam('unique-id', ''));
$this->pages->setProperties($pageId, $single_page_properties);
// OnPageTreeEditPageProperties ausl�sen
$parameters = array('pageId' => $pageId);
$data = null;
Plugins::call(Plugins::PAGETREE_EDIT_PAGE_PROPERTIES, $parameters, $data);
}
}
}
} else {
$res['validName'] = true;
$res['nameAlreadyExists'] = false;
$res['validAliases'] = true;
$res['aliasAlreadyExists'] = false;
}
if ($res['validName'] == true && $res['nameAlreadyExists'] == false) {
// Nun alle Eigenschaften �bernehmen, die ggf. auch f�r mehrere Seiten gespeichert werden k�nnen
$properties = array('last-change-date' => time(), 'last-change-user-id' => Auth::getUserId(), 'last-change-user-name' => Auth::getScreenName());
if (Request::postParam('applyVisibility', 0) > 0) {
$properties['visibility'] = Request::postParam('visibility', 0);
}
if (Request::postParam('applyMiscellaneous', 0) > 0) {
$properties['active'] = Request::postParam('active', 0);
$properties['cachable'] = Request::postParam('cachable', 0);
}
$this->setPropertiesOfElements($elements, $properties, $recursive);
// Sprach-spefizische Sichtbarkeit speichern
if (Request::postParam('applyVisibility', 0) > 0) {
$languages = Config::get()->languages->list;
$visibility = array();
$postVisibility = Request::postParam('visible-in', array());
foreach ($languages as $key => $language) {
$visibility[$key] = 0;
if (isset($postVisibility[$key])) {
if ($postVisibility[$key] == 1) {
$visibility[$key] = 1;
}
}
}
$this->setVisibilityOfElements($elements, $visibility, $recursive);
}
// Zugriff-Steuerung
if (Request::postParam('applyAcl', 0) > 0) {
$this->applyAclSettingsToElements($elements, $recursive);
}
// Plugins aufrufen
$this->callOnPagetreeEditPropetiesPluginsForElements($elements, true);
// alles war gut
$res['propertiesSaved'] = true;
}
// Cache l�schen (da �nderung am Seitenbaum, die Navigation erscheint i.d.R. auf allen Seiten)
PageCache::invalidateAll();
// OnPageTreeEndBatchEditPageProperties
$parameters = array();
$data = null;
Plugins::call(Plugins::PAGETREE_END_BATCH_EDIT_PAGE_PROPERTIES, $parameters, $data);
// War anscheinend erfolgreich
$this->success($res);
}
<?php
require_once "include/database.inc.php";
require_once "include/auth.class.php";
require_once "include/validation.class.php";
$auth = new Auth();
$user = Auth::getUser();
$error = true;
$data = array();
if (Validation::Query($_GET, array("id")) && is_numeric($_GET["id"])) {
$questionnaire_result = $_MYSQLI->query('SELECT * FROM questionnaire INNER JOIN user ON user_id = questionnaire_user_id WHERE questionnaire_id = "' . $_MYSQLI->real_escape_string($_GET["id"]) . '" LIMIT 1');
if ($questionnaire_result->num_rows == 1) {
$error = false;
$questionnaire = $questionnaire_result->fetch_object();
$data["questionnaire"] = $questionnaire;
$own = $questionnaire->questionnaire_user_id == Auth::getUserId();
$data["questionnaire"]->own = $own;
if (!$own && !($questionnaire->questionnaire_start_date < time() && time() < $questionnaire->questionnaire_end_date)) {
$error = true;
}
}
}
if ($error) {
header("Location: 404.php");
exit;
}
?>
<!DOCTYPE html>
<html>
<head>
score += sumup - sumdown;
// $("#statresult").append(sumup + " - " + sumdown + " = " + (sumup-sumdown) + "<br />");
}
if(first) {
first=false;
$("#statresult").append("<tr><th>Nom</th><th>Note sur "+max_score+" </th><th>Note sur 20</tr></tr>");
$("#statresult").append("<tr id=\"avgtr\"><td><b>Moyenne</b></td><td id=\"avgscore\"></td><td id=\"avgscore20\"></tr></tr>");
}
avg += score;
mytr = (parseInt(user) == <?php
echo Auth::getUserId();
?>
) ? 'id="mytr"' : '';
$("#statresult").append("<tr "+mytr+"><td>" + data.answers[user].identity + "</td><td>" + parseFloat(score).toFixed(2) + "</td><td>" + parseFloat(score/max_score*20, 2).toFixed(2) + "</tr></tr>");
}
if(total > 0) {
avg = parseFloat(avg / total);
$("#avgscore").text(avg.toFixed(2)) ;
$("#avgscore20").text( parseFloat(avg / max_score * 20).toFixed(2) );
$("#mytr").insertAfter("#avgtr");
require_once "../include/rules.inc.php";
require_once "../include/database.inc.php";
require_once "../include/auth.class.php";
require_once "../include/ajax.class.php";
require_once "../include/validation.class.php";
$auth = new Auth();
$ajax = new Ajax();
$correspondance = array("same" => 0, "middle" => 1, "zero" => 2, "all" => 3);
if ($auth->isLogged()) {
if (Validation::Query($_GET, array("questionnaire_id", "rule"))) {
$questionnaire_result = $_MYSQLI->query('SELECT * FROM questionnaire WHERE questionnaire_id = "' . $_MYSQLI->real_escape_string($_GET["questionnaire_id"]) . '" LIMIT 1');
if ($questionnaire_result->num_rows == 1) {
$questionnaire = $questionnaire_result->fetch_object();
$ajax->data["questionnaire"] = $questionnaire;
$ajax->data["questionnaire"]->own = $questionnaire->questionnaire_user_id == Auth::getUserId();
if ($ajax->data["questionnaire"]->own && isset($correspondance[$_GET["rule"]])) {
$_MYSQLI->query('UPDATE questionnaire SET questionnaire_notation_rule = ' . $correspondance[$_GET["rule"]] . ' WHERE questionnaire_id = "' . $_MYSQLI->real_escape_string($_GET["questionnaire_id"]) . '"');
}
$query = ' SELECT *
FROM question q
JOIN choice c ON c.choice_question_id = q.question_id
LEFT JOIN answer a ON a.answer_choice_id = c.choice_id
WHERE question_questionnaire_id = ' . $_MYSQLI->real_escape_string($_GET["questionnaire_id"]) . '
GROUP BY choice_id
ORDER BY question_num ASC, question_id ASC
';
$ajax->data["questions"] = array();
$questions_result = $_MYSQLI->query($query);
while ($question = $questions_result->fetch_object()) {
if (!isset($ajax->data["questions"][$question->question_id])) {
$_RULES = array("questionnaire_title" => Validation::$f->notEmpty_String, "questionnaire_description" => Validation::$f->notEmpty_String, "questionnaire_start_date" => Validation::$f->datetime, "questionnaire_end_date" => Validation::$f->datetime);
$v = new Validation($_POST, array("questionnaire_title", "questionnaire_description", "questionnaire_start_date", "questionnaire_end_date"), $_RULES);
if ($v->fieldsExists()) {
$startdate_instance = DateTime::createFromFormat('d/m/Y H:i', $_POST["questionnaire_start_date"]);
$enddate_instance = DateTime::createFromFormat('d/m/Y H:i', $_POST["questionnaire_end_date"]);
$datetimes = false;
if ($startdate_instance instanceof DateTime && $enddate_instance instanceof DateTime) {
$startdate = $startdate_instance->format('U');
$enddate = $enddate_instance->format('U');
$datetimes = $enddate > $startdate;
}
if ($v->testAll() && $datetimes) {
$statement = new SQLBuilder($_MYSQLI);
if ($new) {
$inserted = true;
$q = $statement->insertInto('questionnaire')->set($v->export(null, array("questionnaire_title", "questionnaire_description"), array("questionnaire_start_date" => $startdate, "questionnaire_end_date" => $enddate, "questionnaire_user_id" => Auth::getUserId())))->build();
$_MYSQLI->query($q);
echo "<html><head><title></title></head><body><script>parent.location.href='form.php?id=" . $_MYSQLI->insert_id . "';</script></body></html>";
exit;
} else {
$q = $statement->update('questionnaire')->set($v->export(null, array("questionnaire_title", "questionnaire_description"), array("questionnaire_start_date" => $startdate, "questionnaire_end_date" => $enddate)))->where("questionnaire_id", "=", $_GET["id"])->build();
$_MYSQLI->query($q);
header("Location: frame_form_edit.php?refresh=true&id=" . $_GET["id"]);
exit;
}
}
if ($v->fail("questionnaire_title")) {
echo "questionnaire_title fail";
}
if ($v->fail("questionnaire_description")) {
echo "questionnaire_description fail";
public function editPreferences()
{
// Note : because the number of parameters may vary in the future,
// I will use $_POST to retrieve request params.
$currentUser = Auth::getUserName();
// -- Identifiers.
$oldPassword = $_POST['old_password'];
$newPassword = $_POST['new_password'];
$confirmPassword = $_POST['new_password_confirm'];
// OpenId
$openId = isset($_POST['openid']) ? $_POST['openid'] : '';
// -- I18n.
$language = $_POST['language'];
try {
UsersManagement::updatePreferences(array('old_password' => $oldPassword, 'new_password' => $newPassword, 'confirm_password' => $confirmPassword, 'language' => $language, 'openid' => $openId, 'username' => $currentUser, 'userid' => Auth::getUserId()));
// Don't forget to change the language before generating the message to
// the user.
$GLOBALS['lang'] = $language;
l10n::init();
l10n::set(dirname(__FILE__) . '/../locales/' . $GLOBALS['lang'] . '/messages');
$_SESSION['isError'] = false;
$_SESSION['message'] = __("Your preferences were successfuly changed.");
} catch (PreferencesException $e) {
$_SESSION['isError'] = true;
$_SESSION['message'] = '';
switch ($e->getCode()) {
case PreferencesException::WRONG_OLD_PASSWORD:
$_SESSION['message'] = __("Wrong old password. Please try again.");
break;
case PreferencesException::NEW_PASSWORD_TOO_SHORT:
$_SESSION['message'] = sprintf(__("The new password you provided is too short and must be at least composed of %s characters."), PASSWORDS_MIN_LENGTH);
break;
case PreferencesException::NEW_PASSWORDS_DIFFERENT:
$_SESSION['message'] = __("The new and confirmation passwords are different. Please try again.");
break;
}
}
DefaultFC::redirection('users/preferences');
}
public static function getWidgetsByCategory($categoryId, $offset, $count)
{
$userLevel = Auth::getUserLevel();
$userId = Auth::getUserId();
$format = 'raw';
if ($categoryId == 'null') {
$categoryId = null;
}
$jsonWidgets = Widgets::retrieveWidgetListByCategory($userId, $categoryId, $userLevel, $format);
$chunkedWidgets = array();
for ($i = $offset; $i < $offset + $count && $i < count($jsonWidgets); $i++) {
$chunkedWidgets[] = $jsonWidgets[$i];
}
echo json_encode($chunkedWidgets);
}
$ajax = new Ajax();
if ($auth->isLogged()) {
if (Validation::Query($_POST, array("questionnaire_id", "questions_order"))) {
$questionnaire_id = $_POST["questionnaire_id"];
$raw_orders = $_POST["questions_order"];
$orders = explode("|", $raw_orders);
$set = array();
$break = false;
foreach ($orders as $val) {
$set[(int) $val] = 1;
if (!is_numeric($val)) {
$break = true;
}
}
if (!$break && is_numeric($questionnaire_id)) {
$questionnaire_result = $_MYSQLI->query('SELECT questionnaire_id, questionnaire_user_id FROM questionnaire WHERE questionnaire_id=' . $questionnaire_id . ' AND questionnaire_user_id=' . $auth->getUserId());
if ($questionnaire_result->num_rows != 0) {
$questions_result = $_MYSQLI->query('SELECT question_id FROM question WHERE question_questionnaire_id=' . $questionnaire_id);
$questions_list = array();
if ($questions_result->num_rows == count($orders)) {
$break = false;
while ($question = $questions_result->fetch_object()) {
if (!isset($set[(int) $question->question_id])) {
$break = true;
break;
}
}
if (!$break) {
$i = 1;
foreach ($set as $k => $v) {
// echo 'UPDATE question SET question_num='.$i.' WHERE question_id='.$k.' AND question_questionnaire_id='.$questionnaire_id;
public function updateAction()
{
$id = Request::postParam('pageId');
$jsonData = Request::postParam('jsonData');
$preview = $this->sanitizeBoolean(Request::postParam('preview'));
$preview_language_id = Request::postParam('previewLanguageId');
// �berpr�fen, ob die Lebenswichtigen Parameter gesetzt sind
if ($id === null || $jsonData === null || $preview === null || $preview_language_id === null) {
$this->error(self::RESULT_ERROR_BAD_REQUEST);
return;
}
// �berpr�fen, ob die Seite �berhaupt (noch) existiert
$properties = $this->pages->getProperties($id);
if ($properties === false) {
$this->error(self::RESULT_ERROR_DOES_NOT_EXIST);
return;
}
// Nutzerrechte �berpr�fen
if (!$this->helpers->canAccessPage($id, Acl::ACTION_EDIT)) {
$this->error(self::RESULT_ERROR_NOT_AUHTORIZED);
return;
}
// Daten der gew�nschten Seite speichern
if ($this->pages->setData($id, $jsonData) === false) {
$this->error();
return;
}
// �nderungs-Datum setzen
$properties = array('last-change-date' => time(), 'last-change-user-id' => Auth::getUserId(), 'last-change-user-name' => Auth::getScreenName());
$this->pages->setProperties($id, $properties);
$properties = $this->pages->getProperties($id);
// Wenn das die Seite mit den globalen Elementen ist,
// muss sie sofort ver�ffentlich werden und der Cache muss geleert werden,
// da die �nderungen potenziell die Ausgabe aller Seiten betreffen k�nnte
if ($properties['template-id'] == Pages::GLOBAL_ELEMENTS) {
$this->pages->publish($id);
PageCache::invalidateAll();
}
// R�ckgabe
$res = array('preview' => $preview);
// Wenn Vorschau-Modus, dann Frontend-URL zur Vorschau-Version der gespeicherten Seite zur�ckgeben
if ($preview) {
$res['previewUrl'] = $this->pages->getPageUrl($id, $preview_language_id, $properties) . '?pixelmanager-preview=true';
}
// Yo.
$this->success($res);
}
public static function canAccessById($id, $action)
{
if (Auth::isAdmin()) {
// Admins d�rfen immer alles, YEAH!
return true;
} else {
// I can haz?
// Resource laden
$resource = self::getResourceDataById($id);
$resource_assigned_ugroup_ids = self::getUserGroupsById($id);
// �berpr�fen, ob die Resource geladen werden konnte
if ($resource === false || $resource_assigned_ugroup_ids === false) {
return false;
}
// ggf. die Benutzer-Gruppen des aktuellen Benutzers laden und in statischer Veriable ablegen, damit sie nicht mehrfach geladen werden m�ssen
if (self::$user_assigned_ugroups === null) {
self::$user_assigned_ugroups = array();
$result = Db::get('SELECT `user-id`, `user-group-id` FROM [prefix]users_to_user_groups WHERE `user-id`=:userId', array(':userId' => Auth::getUserId()));
if ($result !== false) {
if (count($result) > 0) {
foreach ($result as $row) {
$group_properties = Db::getFirst("SELECT * FROM [prefix]user_groups WHERE `id`=:id", array(':id' => $row['user-group-id']));
if ($group_properties !== false) {
self::$user_assigned_ugroups[$row['user-group-id']] = $group_properties;
}
}
}
}
}
// In Abh�ngigkeit der gew�hlten Einstellung den Zugriff ablehnen oder zulassen
switch ($resource['user-groups-mode']) {
// "Nur Administratoren d�rfen diese Resource bearbeiten"
case Acl::RESOURCE_SUPERUSER_ONLY:
return Auth::isAdmin();
break;
// "Alle Benutzer..."
// "Alle Benutzer..."
case Acl::RESOURCE_ALL_USERS:
return true;
break;
// "Nur Benutzer in einer der folgenden Benutzergruppen..."
// "Nur Benutzer in einer der folgenden Benutzergruppen..."
case Acl::RESOURCE_USER_WHITELIST:
$result = false;
// Pr�fen, ob der Benutzer �berhaupt in irgendeiner Gruppe ist
// und der angeforderten Resource auch Benutzer-Gruppen zugeordnet sind...
if (count(self::$user_assigned_ugroups) > 0 && count($resource_assigned_ugroup_ids) > 0) {
// Pr�fen, ob der Benutzer in einer dieser Resource zugewiesenen Benutzer-Gruppen ist...
foreach (self::$user_assigned_ugroups as $ugroup_id => $ugroup_properties) {
if (in_array($ugroup_id, $resource_assigned_ugroup_ids)) {
// Eine �berschneidung wurde gefunden, jetzt noch pr�fen, ob der gefundenen Gruppe die gew�nschte Aktion erlaubt ist...
$result = self::isActionPermitted($action, $ugroup_properties);
// Wenn eine Gruppe mit der gew�nschten Aktion gefunden wurde, abbrechen
if ($result) {
break;
}
}
}
// Falls keine Gruppe gefunden werden konnte, die die Voraussetzungen erf�llt,
// alle Gruppen, die ein h�heres Level als die explizit zugewiesenen aufweisen, pr�fen
if (!$result) {
// Dazu m�ssen wir erstmal das niedrigste Level der der Resource zugewiesenen Benutzergruppen herausfinden
$min_level = PHP_INT_MAX;
$ugroup_lowest_level = Db::getFirst("\n\t\t\t\t\t\t\t\t\t\t\tSELECT\n\t\t\t\t\t\t\t\t\t\t\t\t[prefix]user_groups.*\n\t\t\t\t\t\t\t\t\t\t\tFROM\n\t\t\t\t\t\t\t\t\t\t\t\t[prefix]user_groups\n\t\t\t\t\t\t\t\t\t\t\tJOIN\n\t\t\t\t\t\t\t\t\t\t\t\t[prefix]user_groups_to_acl_resources\n\t\t\t\t\t\t\t\t\t\t\tON\n\t\t\t\t\t\t\t\t\t\t\t\t[prefix]user_groups.`id` = [prefix]user_groups_to_acl_resources.`user-group-id`\n\t\t\t\t\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\t\t\t\t\t[prefix]user_groups_to_acl_resources.`acl-resource-id` = :aclResourceId\n\t\t\t\t\t\t\t\t\t\t\tORDER BY\n\t\t\t\t\t\t\t\t\t\t\t\t[prefix]user_groups.`level` ASC\n\t\t\t\t\t\t\t\t\t\t\tLIMIT\n\t\t\t\t\t\t\t\t\t\t\t\t0,1\n\t\t\t\t\t\t\t\t\t\t", array(':aclResourceId' => $id));
if ($ugroup_lowest_level !== false) {
$min_level = $ugroup_lowest_level['level'];
}
// Dann gehen wir alle dem Benutzer zugeordnete Gruppen durch und suchen alle,
// die ein h�heres Level haben und die gew�nschte Aktion durchf�hren d�rfen
foreach (self::$user_assigned_ugroups as $ugroup_id => $ugroup_properties) {
if ($ugroup_properties['level'] > $min_level) {
$result = self::isActionPermitted($action, $ugroup_properties);
// Wenn eine Gruppe mit der gew�nschten Aktion gefunden wurde, abbrechen
if ($result) {
break;
}
}
}
}
}
return $result;
break;
// Zur Sicherheit...
// Zur Sicherheit...
default:
return false;
break;
}
return false;
}
}
/**
* This action should be triggered through a HTTP POST request in order to
* install a widget.
*
* @param integory $category The category's identifier to which the installed widget must be added.
*/
public function install($category)
{
// Security check.
if (!Auth::isAuth() && (Auth::isAdmin() || Auth::isGod())) {
DefaultFC::redirection('users/index?ref=admin');
}
try {
// Action : Install the widget.
$widgetName = Widgets::install($category, Auth::getUserId(), $_FILES['widget']['name'], $_FILES['widget']['tmp_name']);
$_SESSION['isError'] = false;
$_SESSION['message'] = sprintf(__("Widget '%s' has been successfully installed."), $widgetName);
} catch (Exception $e) {
$_SESSION['isError'] = true;
$_SESSION['message'] = __("An error occured during widget installation.");
}
DefaultFC::redirection('admin/index');
}
/**
* Utilitaire pour appeler les autres methodes de facon transparente
*
* @static
* @access public
* @param string $name
* @param integer $userId
* @return string
*/
public static function getRealName($name, $userId = 0)
{
$userId = !$userId ? Auth::getUserId() : $userId;
return $name . '_' . $userId;
}
<meta charset="utf-8" />
<title>QCManager</title>
</head>
<body>
<script>
<?php
if ($auth->isLogged()) {
if (isset($_FILES['file'])) {
$path_parts = pathinfo($_FILES['file']['name']);
$filename = $path_parts['filename'];
$extension = $path_parts['extension'];
$new_filename = "media/user/" . md5($filename) . '-' . time() . '.' . strtolower($extension);
if (move_uploaded_file($_FILES['file']['tmp_name'], $new_filename)) {
$mine_query = "UPDATE user SET user_photo_path = '" . $new_filename . "' WHERE user_id = " . Auth::getUserId();
$mine_result = $_MYSQLI->query($mine_query);
echo "parent.parent.location.href = parent.parent.location.href";
} else {
echo "alert('Le fichier est trop volumineux')";
}
} else {
echo "POST file upload missing";
}
} else {
echo "You're not logged";
}
?>
</script>
function deleteAction()
{
$users = Request::postParam('users');
if ($users === null || !is_array($users)) {
$this->error(self::RESULT_ERROR_BAD_REQUEST);
return;
}
if (count($users) > 0) {
foreach ($users as $user_id => $value) {
if ($value == '1') {
if (is_numeric($user_id)) {
// Verhindern, dass der eingeloggte Administrator sich selber l�scht
if ($user_id == Auth::getUserId()) {
$this->error(self::RESULT_ERROR_NOT_AUHTORIZED);
return;
}
$this->users->delete($user_id);
}
}
}
}
$this->success();
}
require_once "include/validation.class.php";
$auth = new Auth(true);
$mine_query = ' SELECT *
FROM questionnaire
WHERE questionnaire_user_id = ' . Auth::getUserId();
$mine_result = $_MYSQLI->query($mine_query);
$mine_collection = array();
while ($row = $mine_result->fetch_object()) {
$mine_collection[] = array("id" => $row->questionnaire_id, "title" => $row->questionnaire_title, "finished" => time() > $row->questionnaire_end_date);
}
$other_query = 'SELECT questionnaire.*
FROM answer
INNER JOIN choice ON choice_id = answer_choice_id
INNER JOIN question ON question_id = choice_question_id
INNER JOIN questionnaire ON questionnaire_id = question_questionnaire_id
WHERE answer_student_user_id = ' . Auth::getUserId() . '
GROUP BY questionnaire_id
';
$other_result = $_MYSQLI->query($other_query);
$other_collection = array();
while ($row = $other_result->fetch_object()) {
$other_collection[] = array("id" => $row->questionnaire_id, "title" => $row->questionnaire_title, "finished" => time() > $row->questionnaire_end_date);
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<title>QCManager</title>
<link rel="stylesheet" type="text/css" href="css/main.css">
$new = $new ? 1 : 0;
header("Location: frame_form_answer.php?new=" . $new . "&refresh=true&id=" . $_GET["id"]);
exit;
}
} else {
if (!$own && Validation::Query($_POST, array("post")) && $data["question"]->questionnaire_end_date > time()) {
foreach ($choice_ids as $cid) {
$data["choices"][$cid]->checked = 0;
}
$delquery = ' DELETE FROM answer
WHERE answer_student_user_id = ' . Auth::getUserId() . ' AND answer_choice_id IN (' . implode(', ', $choice_ids) . ')';
$_MYSQLI->query($delquery);
if (isset($_POST["choices"])) {
$insertion = array();
foreach ($_POST["choices"] as $cid) {
$insertion[] = '(NULL, ' . Auth::getUserId() . ', ' . $cid . ')';
$data["choices"][$cid]->checked = 1;
}
$addquery = 'INSERT INTO answer (answer_id, answer_student_user_id, answer_choice_id) VALUES ' . join(', ', $insertion);
$_MYSQLI->query($addquery);
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<title>QCManager</title>
<link rel="stylesheet" type="text/css" href="css/main.css">
public function subscribe()
{
$keys = array_keys($_GET);
$widgetId = $keys[0];
if (!isset($widgetId)) {
throw new BadArgumentException(MwwException::CONTROLLER, 'You must provide a widget identifier to subscribe to a widget.');
}
if (!Auth::isAuth()) {
// forward to the login script.
DefaultFC::redirection('users/index?ref=subscribe');
exit;
}
// No failure for authentication and parameters. We just carry on !
UserInterface::subscribe(Auth::getUserId(), $widgetId);
DefaultFC::redirection('wall/index');
}
$_RULES = array("user_firstname" => Validation::$f->notEmpty_String, "user_lastname" => Validation::$f->notEmpty_String, "user_email" => Validation::$f->Email, "user_schoolname" => Validation::$f->notEmpty_String);
$v = new Validation($_POST, array("user_firstname", "user_lastname", "user_email", "user_schoolname", "user_password", "user_repassword"), $_RULES);
if ($v->fieldsExists()) {
$setrepassword = Validation::Query($_POST, array("user_password", "user_repassword"));
$repassword = $setrepassword ? $_POST["user_password"] == $_POST["user_repassword"] : false;
$email_available = Auth::user_exists($_POST["user_email"]) == 0 || $_POST["user_email"] == $user->user_email;
if ($v->testAll() && $email_available) {
$set = $v->export($_MYSQLI, array("user_firstname", "user_lastname", "user_email", "user_schoolname", "user_password"));
if (false) {
$set["user_photo_path"] = "";
}
if ($repassword) {
$set["user_password"] = Security::CryptPassword($_POST["user_password"]);
}
$statement = new SQLBuilder($_MYSQLI);
$q = $statement->update('user')->set($set)->where("user_id", "=", Auth::getUserId())->build();
$r = $_MYSQLI->query($q);
}
}
$user = Auth::getUser();
/*
$other_query_photo = 'SELECT user_photo_path
FROM user
WHERE user_id = '.Auth::getUserId();
$other_result_photo = $_MYSQLI->query($other_query_photo);
$row = $other_result_photo->fetch_object();*/
?>
/**
* test #14.
* Overriding automatic attributes using a future date. Because
* a future date is used, the record can no longer be changed after
* it was saved.
* @depends testSaveEmptyObject
* @depends testSetAttributes
* @depends testUpdate
* @depends testOverrideAutomaticAttributesNewRecord
*/
public function testOverrideAutomaticAttributesFutureDate()
{
global $testAuthId1, $testUserId1;
global $testUserId2;
// Create the object, which automatically gets the current date
$object = new Auth($testAuthId1);
$object->setUserId($testUserId1);
$object->setExpiration('2015-09-30');
$this->assertTrue($object->save());
$this->assertEquals(1, $this->countTestRows());
$originalCreated = $object->getCreated();
$originalUpdated = $object->getUpdated();
// Change the object with different values, using a guaranteed
// future date for the Created and Updated fields. Note that
// the mySQL timestamp values allow for dates up to January 19,
// 2038. Select as the future date for this test January 18, 2038
// values after first save are unchanged
$object->setCreated('2038-01-18 10:10:10.000000');
$object->setUpdated('2038-01-18 10:10:11.000000');
$object->setUserId($testUserId2);
$object->setExpiration('2015-10-01');
// Check the values before saving
$this->assertEquals($testAuthId1, $object->getAuthId());
$this->assertEquals('2038-01-18 10:10:10.000000', $object->getCreated());
$this->assertEquals('2038-01-18 10:10:11.000000', $object->getUpdated());
$this->assertEquals($testUserId2, $object->getUserId());
$this->assertEquals('2015-10-01', $object->getExpiration());
// update the record, this adds a row in the database
$this->assertTrue($object->save());
$this->assertEquals(2, $this->countTestRows());
// after the update, the information has been saved
$this->assertEquals($testAuthId1, $object->getAuthId());
$this->assertEquals('2038-01-18 10:10:10.000000', $object->getCreated());
$this->assertEquals('2038-01-18 10:10:11.000000', $object->getUpdated());
$this->assertEquals($testUserId2, $object->getUserId());
$this->assertEquals('2015-10-01', $object->getExpiration());
// Try to update the record. This will add a row in the database
$object->setExpiration('2015-09-30');
$object->setUserId($testUserId1);
$this->assertTrue($object->save());
$this->assertEquals(3, $this->countTestRows());
// but the new information is not saved. The previously saved
// information cannot be overwritten without manually setting the
// updated field.
$this->assertEquals($testAuthId1, $object->getAuthId());
$this->assertEquals('2038-01-18 10:10:10.000000', $object->getCreated());
$this->assertEquals('2038-01-18 10:10:11.000000', $object->getUpdated());
$this->assertEquals($testUserId2, $object->getUserId());
$this->assertEquals('2015-10-01', $object->getExpiration());
// Note: this will FAIL in the current implementation!
//$this->assertEquals('future date hash', $object->getHash());
}