public function updateAction()
 {
     $id = Auth::getUserId();
     $screenname = Request::postParam('screenname', '');
     $login = Request::postParam('login', '');
     $password = Request::postParam('password', '');
     $preferred_language = Request::postParam('preferred-language');
     if (trim($screenname) == '' || trim($login) == '') {
         $this->error(self::RESULT_ERROR_BAD_REQUEST);
         return;
     }
     $user = $this->users->getById($id);
     if ($user === false) {
         $this->error(self::RESULT_ERROR_DOES_NOT_EXIST);
         return;
     }
     $res = array('action' => 'update', 'loginAlreadyExists' => true, 'accountUpdated' => false);
     if (!$this->users->loginExists($login, $id)) {
         $res['loginAlreadyExists'] = false;
         $properties = array('screenname' => trim($screenname), 'login' => trim($login), 'preferred-language' => $preferred_language);
         if (trim($password) != '') {
             $properties['password'] = trim($password);
         }
         $updated = $this->users->update($id, $properties);
         if ($updated !== false) {
             $res['accountUpdated'] = true;
         }
     }
     $this->success($res);
 }
 public static function saveTabAsXml($title)
 {
     //echo Auth::getUserId();
     header('Content-Type: application/xml');
     header('Content-Disposition: attachment; filename=widget_space_' . $title . '.xml');
     header('Content-Transfer-Encoding: binary');
     $r = WidgetSpace::getManifest(Auth::getUserId(), array($title));
     echo $r->saveXML();
 }
 public function defaultAction()
 {
     $users = new Users();
     $account = $users->getById(Auth::getUserId());
     if ($account === false) {
         $this->doesNotExist();
         return;
     }
     $this->view->assign('account', $account);
 }
Esempio n. 4
0
 static function getUser()
 {
     global $_MYSQLI;
     $user_result = $_MYSQLI->query('SELECT * FROM user WHERE user_id = ' . Auth::getUserId());
     if ($user_result->num_rows == 0) {
         header("Location: logout.php");
         exit;
     }
     return $user_result->fetch_object();
 }
Esempio n. 5
0
 private function getUser()
 {
     if (isset($_COOKIE['blogAuthId']) && $_COOKIE['blogAuthId'] !== '') {
         $authId = $_COOKIE['blogAuthId'];
         $auth = new Auth($authId);
         $userId = $auth->getUserId();
         if (isset($userId) && $userId !== '') {
             return new User($userId);
         }
     }
     return null;
 }
 public function editAction()
 {
     // Die wichtigsten Parameter auslesen
     $pageId = Request::postParam('pageId');
     $name = Request::postParam('name');
     $caption = Request::postParam('caption');
     $recursive = $this->sanitizeBoolean(Request::postParam('recursive', '0'));
     // �berpr�fen, ob pageId gesetzt ist
     if ($pageId === null) {
         $this->error(self::RESULT_ERROR_BAD_REQUEST);
         return;
     }
     // Feststellen, ob sich das ganze auf eine oder mehrere Seiten bezieht
     if (is_array($pageId)) {
         $batchEdit = true;
         $pageIdList = $pageId;
     } else {
         $batchEdit = false;
         $pageIdList = array($pageId);
     }
     // ggf. �berpr�fen, ob Name und Titel gesetzt sind
     if (!$batchEdit) {
         if ($name === null || $caption === null) {
             $this->error(self::RESULT_ERROR_BAD_REQUEST);
             return;
         }
     }
     // �berpr�fen, ob die Seite �berhaupt (noch) existiert
     $elements = array();
     foreach ($pageIdList as $id) {
         $element = $this->pages->getProperties($id);
         if ($element === false) {
             $this->error(self::RESULT_ERROR_DOES_NOT_EXIST);
             return;
         } else {
             $elements[] = $element;
         }
     }
     // �berpf�fen, ob der eingloggte Benutzer �berhaupt die n�tigen Rechte besitzt
     if (!$this->helpers->canAccessAllElements($elements, Acl::ACTION_EDIT, $recursive)) {
         $this->error(self::RESULT_ERROR_NOT_AUHTORIZED);
         return;
     }
     // OnPageTreeBeginBatchEditPageProperties
     $parameters = array();
     $data = null;
     Plugins::call(Plugins::PAGETREE_BEGIN_BATCH_EDIT_PAGE_PROPERTIES, $parameters, $data);
     // Standard R�ckgabe-Werte annehmen
     $res = array('action' => 'edit', 'validName' => false, 'nameAlreadyExists' => true, 'propertiesSaved' => false, 'validAliases' => false, 'aliasAlreadyExists' => true, 'offendingAliasLanguageId' => '');
     // Wenn nur eine Seite ge�ndert werden soll, Namen und Titel, etc. �bernehmen
     if (!$batchEdit) {
         // ggf. Aliasse �berpr�fen
         $aliases_are_valid = true;
         $an_alias_already_exists = false;
         $offending_alias_language_id = '';
         if (Config::get()->allowPageAliases === true) {
             $languages = Config::get()->languages->list;
             $postAliases = Request::postParam('alias', array());
             foreach ($languages as $language_id => $language) {
                 if (isset($postAliases[$language_id])) {
                     if (trim($postAliases[$language_id]) != '') {
                         if (!$this->pages->isValidName($postAliases[$language_id])) {
                             $aliases_are_valid = false;
                             $offending_alias_language_id = $language_id;
                             break;
                         }
                     }
                 }
             }
             if ($aliases_are_valid) {
                 foreach ($languages as $language_id => $language) {
                     if (isset($postAliases[$language_id])) {
                         if (trim($postAliases[$language_id]) != '') {
                             if ($this->pages->pageAliasExistsForLanguage($elements[0]['parent-id'], $postAliases[$language_id], $language_id, $pageId)) {
                                 $an_alias_already_exists = true;
                                 $offending_alias_language_id = $language_id;
                                 break;
                             }
                         }
                     }
                 }
             }
         }
         $res['validAliases'] = $aliases_are_valid;
         $res['aliasAlreadyExists'] = $an_alias_already_exists;
         $res['offendingAliasLanguageId'] = $offending_alias_language_id;
         // Wenn die Aliasse OK sind, dann weitermachen...
         if ($res['validAliases'] === true && $res['aliasAlreadyExists'] === false) {
             $name = $this->pages->normalizeName($name);
             if ($this->pages->isValidName($name)) {
                 // Der Name ist schonmal g�ltig...
                 $res['validName'] = true;
                 if (!$this->pages->nameExists($elements[0]['parent-id'], $name, $pageId)) {
                     // Der Name existiert auch nocht nicht
                     $res['nameAlreadyExists'] = false;
                     // ggf. umbenennen
                     if ($elements[0]['name'] != $name) {
                         if (!$this->pages->rename($pageId, $name)) {
                             $this->error();
                             return;
                         }
                     }
                     // Titel speichern
                     $this->pages->setCaption($pageId, $caption);
                     // Soll der Template-Typ ge�ndert werden?
                     $new_template_id = Request::postParam('template-id');
                     if ($new_template_id === 'NULL') {
                         $new_template_id = null;
                     }
                     $old_template_id = $elements[0]['template-id'];
                     if ($new_template_id != $old_template_id) {
                         $this->switchTemplate($pageId, $new_template_id, $elements[0]);
                     }
                     // Wenn die Seite ein Link ist, dann die Link-Eigenschaften �bernehmen
                     if ($new_template_id == null) {
                         $linkTranslated = Request::postParam('link-translated', 0);
                         if ($linkTranslated) {
                             $linkUrl = '';
                             $translatedLinkUrls = Request::postParam('translated-link-urls');
                             $this->pages->setTranslatedLinkUrls($pageId, $translatedLinkUrls);
                         } else {
                             $linkUrl = Request::postParam('link-url', '');
                             $this->pages->deleteTranslatedLinkUrls($pageId);
                         }
                         $link_properties = array('link-translated' => $linkTranslated, 'link-url' => $linkUrl, 'link-new-window' => Request::postParam('link-new-window', 0));
                         $this->pages->setProperties($pageId, $link_properties);
                     } else {
                         $link_properties = array('link-translated' => 0, 'link-url' => '', 'link-new-window' => 0);
                         $this->pages->setProperties($pageId, $link_properties);
                         $this->pages->deleteTranslatedLinkUrls($pageId);
                     }
                     // Seiten-Aliasse
                     if (Config::get()->allowPageAliases === true) {
                         $aliases = Request::postParam('alias');
                         $this->pages->setPageAliases($pageId, $aliases);
                     }
                     // Und noch weitere Eigenschaften speichern, die nur f�r eine einzelne Seite ge�ndert werden k�nnen
                     $single_page_properties = array('unique-id' => Request::postParam('unique-id', ''));
                     $this->pages->setProperties($pageId, $single_page_properties);
                     // OnPageTreeEditPageProperties ausl�sen
                     $parameters = array('pageId' => $pageId);
                     $data = null;
                     Plugins::call(Plugins::PAGETREE_EDIT_PAGE_PROPERTIES, $parameters, $data);
                 }
             }
         }
     } else {
         $res['validName'] = true;
         $res['nameAlreadyExists'] = false;
         $res['validAliases'] = true;
         $res['aliasAlreadyExists'] = false;
     }
     if ($res['validName'] == true && $res['nameAlreadyExists'] == false) {
         // Nun alle Eigenschaften �bernehmen, die ggf. auch f�r mehrere Seiten gespeichert werden k�nnen
         $properties = array('last-change-date' => time(), 'last-change-user-id' => Auth::getUserId(), 'last-change-user-name' => Auth::getScreenName());
         if (Request::postParam('applyVisibility', 0) > 0) {
             $properties['visibility'] = Request::postParam('visibility', 0);
         }
         if (Request::postParam('applyMiscellaneous', 0) > 0) {
             $properties['active'] = Request::postParam('active', 0);
             $properties['cachable'] = Request::postParam('cachable', 0);
         }
         $this->setPropertiesOfElements($elements, $properties, $recursive);
         // Sprach-spefizische Sichtbarkeit speichern
         if (Request::postParam('applyVisibility', 0) > 0) {
             $languages = Config::get()->languages->list;
             $visibility = array();
             $postVisibility = Request::postParam('visible-in', array());
             foreach ($languages as $key => $language) {
                 $visibility[$key] = 0;
                 if (isset($postVisibility[$key])) {
                     if ($postVisibility[$key] == 1) {
                         $visibility[$key] = 1;
                     }
                 }
             }
             $this->setVisibilityOfElements($elements, $visibility, $recursive);
         }
         // Zugriff-Steuerung
         if (Request::postParam('applyAcl', 0) > 0) {
             $this->applyAclSettingsToElements($elements, $recursive);
         }
         // Plugins aufrufen
         $this->callOnPagetreeEditPropetiesPluginsForElements($elements, true);
         // alles war gut
         $res['propertiesSaved'] = true;
     }
     // Cache l�schen (da �nderung am Seitenbaum, die Navigation erscheint i.d.R. auf allen Seiten)
     PageCache::invalidateAll();
     // OnPageTreeEndBatchEditPageProperties
     $parameters = array();
     $data = null;
     Plugins::call(Plugins::PAGETREE_END_BATCH_EDIT_PAGE_PROPERTIES, $parameters, $data);
     // War anscheinend erfolgreich
     $this->success($res);
 }
Esempio n. 7
0
<?php

require_once "include/database.inc.php";
require_once "include/auth.class.php";
require_once "include/validation.class.php";
$auth = new Auth();
$user = Auth::getUser();
$error = true;
$data = array();
if (Validation::Query($_GET, array("id")) && is_numeric($_GET["id"])) {
    $questionnaire_result = $_MYSQLI->query('SELECT * FROM questionnaire INNER JOIN user ON user_id = questionnaire_user_id WHERE questionnaire_id  = "' . $_MYSQLI->real_escape_string($_GET["id"]) . '" LIMIT 1');
    if ($questionnaire_result->num_rows == 1) {
        $error = false;
        $questionnaire = $questionnaire_result->fetch_object();
        $data["questionnaire"] = $questionnaire;
        $own = $questionnaire->questionnaire_user_id == Auth::getUserId();
        $data["questionnaire"]->own = $own;
        if (!$own && !($questionnaire->questionnaire_start_date < time() && time() < $questionnaire->questionnaire_end_date)) {
            $error = true;
        }
    }
}
if ($error) {
    header("Location: 404.php");
    exit;
}
?>
<!DOCTYPE html>
<html>

	<head>
								
								score += sumup - sumdown;
								// $("#statresult").append(sumup + " - " + sumdown + " = " + (sumup-sumdown) + "<br />");
							}
							
							if(first) {
								first=false;
								
								$("#statresult").append("<tr><th>Nom</th><th>Note sur "+max_score+" </th><th>Note sur 20</tr></tr>");
								$("#statresult").append("<tr id=\"avgtr\"><td><b>Moyenne</b></td><td id=\"avgscore\"></td><td id=\"avgscore20\"></tr></tr>");
							}
							
							avg += score;
							
							mytr = (parseInt(user) == <?php 
echo Auth::getUserId();
?>
) ? 'id="mytr"' : '';
							
							$("#statresult").append("<tr "+mytr+"><td>" + data.answers[user].identity + "</td><td>" + parseFloat(score).toFixed(2) + "</td><td>" + parseFloat(score/max_score*20, 2).toFixed(2) + "</tr></tr>");
							
							
						}
						
						if(total > 0) {
						avg = parseFloat(avg / total);
						
						$("#avgscore").text(avg.toFixed(2)) ;
						$("#avgscore20").text( parseFloat(avg / max_score * 20).toFixed(2) );
						
						$("#mytr").insertAfter("#avgtr");
Esempio n. 9
0
require_once "../include/rules.inc.php";
require_once "../include/database.inc.php";
require_once "../include/auth.class.php";
require_once "../include/ajax.class.php";
require_once "../include/validation.class.php";
$auth = new Auth();
$ajax = new Ajax();
$correspondance = array("same" => 0, "middle" => 1, "zero" => 2, "all" => 3);
if ($auth->isLogged()) {
    if (Validation::Query($_GET, array("questionnaire_id", "rule"))) {
        $questionnaire_result = $_MYSQLI->query('SELECT * FROM questionnaire WHERE questionnaire_id  = "' . $_MYSQLI->real_escape_string($_GET["questionnaire_id"]) . '" LIMIT 1');
        if ($questionnaire_result->num_rows == 1) {
            $questionnaire = $questionnaire_result->fetch_object();
            $ajax->data["questionnaire"] = $questionnaire;
            $ajax->data["questionnaire"]->own = $questionnaire->questionnaire_user_id == Auth::getUserId();
            if ($ajax->data["questionnaire"]->own && isset($correspondance[$_GET["rule"]])) {
                $_MYSQLI->query('UPDATE questionnaire SET questionnaire_notation_rule = ' . $correspondance[$_GET["rule"]] . ' WHERE questionnaire_id  = "' . $_MYSQLI->real_escape_string($_GET["questionnaire_id"]) . '"');
            }
            $query = '	SELECT *
								FROM question q
								JOIN choice c ON c.choice_question_id = q.question_id
								LEFT JOIN answer a ON a.answer_choice_id = c.choice_id
								WHERE question_questionnaire_id = ' . $_MYSQLI->real_escape_string($_GET["questionnaire_id"]) . '
								GROUP BY choice_id
								ORDER BY question_num ASC, question_id ASC
							';
            $ajax->data["questions"] = array();
            $questions_result = $_MYSQLI->query($query);
            while ($question = $questions_result->fetch_object()) {
                if (!isset($ajax->data["questions"][$question->question_id])) {
$_RULES = array("questionnaire_title" => Validation::$f->notEmpty_String, "questionnaire_description" => Validation::$f->notEmpty_String, "questionnaire_start_date" => Validation::$f->datetime, "questionnaire_end_date" => Validation::$f->datetime);
$v = new Validation($_POST, array("questionnaire_title", "questionnaire_description", "questionnaire_start_date", "questionnaire_end_date"), $_RULES);
if ($v->fieldsExists()) {
    $startdate_instance = DateTime::createFromFormat('d/m/Y H:i', $_POST["questionnaire_start_date"]);
    $enddate_instance = DateTime::createFromFormat('d/m/Y H:i', $_POST["questionnaire_end_date"]);
    $datetimes = false;
    if ($startdate_instance instanceof DateTime && $enddate_instance instanceof DateTime) {
        $startdate = $startdate_instance->format('U');
        $enddate = $enddate_instance->format('U');
        $datetimes = $enddate > $startdate;
    }
    if ($v->testAll() && $datetimes) {
        $statement = new SQLBuilder($_MYSQLI);
        if ($new) {
            $inserted = true;
            $q = $statement->insertInto('questionnaire')->set($v->export(null, array("questionnaire_title", "questionnaire_description"), array("questionnaire_start_date" => $startdate, "questionnaire_end_date" => $enddate, "questionnaire_user_id" => Auth::getUserId())))->build();
            $_MYSQLI->query($q);
            echo "<html><head><title></title></head><body><script>parent.location.href='form.php?id=" . $_MYSQLI->insert_id . "';</script></body></html>";
            exit;
        } else {
            $q = $statement->update('questionnaire')->set($v->export(null, array("questionnaire_title", "questionnaire_description"), array("questionnaire_start_date" => $startdate, "questionnaire_end_date" => $enddate)))->where("questionnaire_id", "=", $_GET["id"])->build();
            $_MYSQLI->query($q);
            header("Location: frame_form_edit.php?refresh=true&id=" . $_GET["id"]);
            exit;
        }
    }
    if ($v->fail("questionnaire_title")) {
        echo "questionnaire_title fail";
    }
    if ($v->fail("questionnaire_description")) {
        echo "questionnaire_description fail";
Esempio n. 11
0
 public function editPreferences()
 {
     // Note : because the number of parameters may vary in the future,
     // I will use $_POST to retrieve request params.
     $currentUser = Auth::getUserName();
     // -- Identifiers.
     $oldPassword = $_POST['old_password'];
     $newPassword = $_POST['new_password'];
     $confirmPassword = $_POST['new_password_confirm'];
     // OpenId
     $openId = isset($_POST['openid']) ? $_POST['openid'] : '';
     // -- I18n.
     $language = $_POST['language'];
     try {
         UsersManagement::updatePreferences(array('old_password' => $oldPassword, 'new_password' => $newPassword, 'confirm_password' => $confirmPassword, 'language' => $language, 'openid' => $openId, 'username' => $currentUser, 'userid' => Auth::getUserId()));
         // Don't forget to change the language before generating the message to
         // the user.
         $GLOBALS['lang'] = $language;
         l10n::init();
         l10n::set(dirname(__FILE__) . '/../locales/' . $GLOBALS['lang'] . '/messages');
         $_SESSION['isError'] = false;
         $_SESSION['message'] = __("Your preferences were successfuly changed.");
     } catch (PreferencesException $e) {
         $_SESSION['isError'] = true;
         $_SESSION['message'] = '';
         switch ($e->getCode()) {
             case PreferencesException::WRONG_OLD_PASSWORD:
                 $_SESSION['message'] = __("Wrong old password. Please try again.");
                 break;
             case PreferencesException::NEW_PASSWORD_TOO_SHORT:
                 $_SESSION['message'] = sprintf(__("The new password you provided is too short and must be at least composed of %s characters."), PASSWORDS_MIN_LENGTH);
                 break;
             case PreferencesException::NEW_PASSWORDS_DIFFERENT:
                 $_SESSION['message'] = __("The new and confirmation passwords are different. Please try again.");
                 break;
         }
     }
     DefaultFC::redirection('users/preferences');
 }
Esempio n. 12
0
 public static function getWidgetsByCategory($categoryId, $offset, $count)
 {
     $userLevel = Auth::getUserLevel();
     $userId = Auth::getUserId();
     $format = 'raw';
     if ($categoryId == 'null') {
         $categoryId = null;
     }
     $jsonWidgets = Widgets::retrieveWidgetListByCategory($userId, $categoryId, $userLevel, $format);
     $chunkedWidgets = array();
     for ($i = $offset; $i < $offset + $count && $i < count($jsonWidgets); $i++) {
         $chunkedWidgets[] = $jsonWidgets[$i];
     }
     echo json_encode($chunkedWidgets);
 }
$ajax = new Ajax();
if ($auth->isLogged()) {
    if (Validation::Query($_POST, array("questionnaire_id", "questions_order"))) {
        $questionnaire_id = $_POST["questionnaire_id"];
        $raw_orders = $_POST["questions_order"];
        $orders = explode("|", $raw_orders);
        $set = array();
        $break = false;
        foreach ($orders as $val) {
            $set[(int) $val] = 1;
            if (!is_numeric($val)) {
                $break = true;
            }
        }
        if (!$break && is_numeric($questionnaire_id)) {
            $questionnaire_result = $_MYSQLI->query('SELECT questionnaire_id, questionnaire_user_id FROM questionnaire WHERE questionnaire_id=' . $questionnaire_id . ' AND questionnaire_user_id=' . $auth->getUserId());
            if ($questionnaire_result->num_rows != 0) {
                $questions_result = $_MYSQLI->query('SELECT question_id FROM question WHERE question_questionnaire_id=' . $questionnaire_id);
                $questions_list = array();
                if ($questions_result->num_rows == count($orders)) {
                    $break = false;
                    while ($question = $questions_result->fetch_object()) {
                        if (!isset($set[(int) $question->question_id])) {
                            $break = true;
                            break;
                        }
                    }
                    if (!$break) {
                        $i = 1;
                        foreach ($set as $k => $v) {
                            // echo 'UPDATE question SET question_num='.$i.' WHERE question_id='.$k.' AND question_questionnaire_id='.$questionnaire_id;
 public function updateAction()
 {
     $id = Request::postParam('pageId');
     $jsonData = Request::postParam('jsonData');
     $preview = $this->sanitizeBoolean(Request::postParam('preview'));
     $preview_language_id = Request::postParam('previewLanguageId');
     // �berpr�fen, ob die Lebenswichtigen Parameter gesetzt sind
     if ($id === null || $jsonData === null || $preview === null || $preview_language_id === null) {
         $this->error(self::RESULT_ERROR_BAD_REQUEST);
         return;
     }
     // �berpr�fen, ob die Seite �berhaupt (noch) existiert
     $properties = $this->pages->getProperties($id);
     if ($properties === false) {
         $this->error(self::RESULT_ERROR_DOES_NOT_EXIST);
         return;
     }
     // Nutzerrechte �berpr�fen
     if (!$this->helpers->canAccessPage($id, Acl::ACTION_EDIT)) {
         $this->error(self::RESULT_ERROR_NOT_AUHTORIZED);
         return;
     }
     // Daten der gew�nschten Seite speichern
     if ($this->pages->setData($id, $jsonData) === false) {
         $this->error();
         return;
     }
     // �nderungs-Datum setzen
     $properties = array('last-change-date' => time(), 'last-change-user-id' => Auth::getUserId(), 'last-change-user-name' => Auth::getScreenName());
     $this->pages->setProperties($id, $properties);
     $properties = $this->pages->getProperties($id);
     // Wenn das die Seite mit den globalen Elementen ist,
     // muss sie sofort ver�ffentlich werden und der Cache muss geleert werden,
     // da die �nderungen potenziell die Ausgabe aller Seiten betreffen k�nnte
     if ($properties['template-id'] == Pages::GLOBAL_ELEMENTS) {
         $this->pages->publish($id);
         PageCache::invalidateAll();
     }
     // R�ckgabe
     $res = array('preview' => $preview);
     // Wenn Vorschau-Modus, dann Frontend-URL zur Vorschau-Version der gespeicherten Seite zur�ckgeben
     if ($preview) {
         $res['previewUrl'] = $this->pages->getPageUrl($id, $preview_language_id, $properties) . '?pixelmanager-preview=true';
     }
     // Yo.
     $this->success($res);
 }
Esempio n. 15
0
 public static function canAccessById($id, $action)
 {
     if (Auth::isAdmin()) {
         // Admins d�rfen immer alles, YEAH!
         return true;
     } else {
         // I can haz?
         // Resource laden
         $resource = self::getResourceDataById($id);
         $resource_assigned_ugroup_ids = self::getUserGroupsById($id);
         // �berpr�fen, ob die Resource geladen werden konnte
         if ($resource === false || $resource_assigned_ugroup_ids === false) {
             return false;
         }
         // ggf. die Benutzer-Gruppen des aktuellen Benutzers laden und in statischer Veriable ablegen, damit sie nicht mehrfach geladen werden m�ssen
         if (self::$user_assigned_ugroups === null) {
             self::$user_assigned_ugroups = array();
             $result = Db::get('SELECT `user-id`, `user-group-id` FROM [prefix]users_to_user_groups WHERE `user-id`=:userId', array(':userId' => Auth::getUserId()));
             if ($result !== false) {
                 if (count($result) > 0) {
                     foreach ($result as $row) {
                         $group_properties = Db::getFirst("SELECT * FROM [prefix]user_groups WHERE `id`=:id", array(':id' => $row['user-group-id']));
                         if ($group_properties !== false) {
                             self::$user_assigned_ugroups[$row['user-group-id']] = $group_properties;
                         }
                     }
                 }
             }
         }
         // In Abh�ngigkeit der gew�hlten Einstellung den Zugriff ablehnen oder zulassen
         switch ($resource['user-groups-mode']) {
             // "Nur Administratoren d�rfen diese Resource bearbeiten"
             case Acl::RESOURCE_SUPERUSER_ONLY:
                 return Auth::isAdmin();
                 break;
                 // "Alle Benutzer..."
             // "Alle Benutzer..."
             case Acl::RESOURCE_ALL_USERS:
                 return true;
                 break;
                 // "Nur Benutzer in einer der folgenden Benutzergruppen..."
             // "Nur Benutzer in einer der folgenden Benutzergruppen..."
             case Acl::RESOURCE_USER_WHITELIST:
                 $result = false;
                 // Pr�fen, ob der Benutzer �berhaupt in irgendeiner Gruppe ist
                 // und der angeforderten Resource auch Benutzer-Gruppen zugeordnet sind...
                 if (count(self::$user_assigned_ugroups) > 0 && count($resource_assigned_ugroup_ids) > 0) {
                     // Pr�fen, ob der Benutzer in einer dieser Resource zugewiesenen Benutzer-Gruppen ist...
                     foreach (self::$user_assigned_ugroups as $ugroup_id => $ugroup_properties) {
                         if (in_array($ugroup_id, $resource_assigned_ugroup_ids)) {
                             // Eine �berschneidung wurde gefunden, jetzt noch pr�fen, ob der gefundenen Gruppe die gew�nschte Aktion erlaubt ist...
                             $result = self::isActionPermitted($action, $ugroup_properties);
                             // Wenn eine Gruppe mit der gew�nschten Aktion gefunden wurde, abbrechen
                             if ($result) {
                                 break;
                             }
                         }
                     }
                     // Falls keine Gruppe gefunden werden konnte, die die Voraussetzungen erf�llt,
                     // alle Gruppen, die ein h�heres Level als die explizit zugewiesenen aufweisen, pr�fen
                     if (!$result) {
                         // Dazu m�ssen wir erstmal das niedrigste Level der der Resource zugewiesenen Benutzergruppen herausfinden
                         $min_level = PHP_INT_MAX;
                         $ugroup_lowest_level = Db::getFirst("\n\t\t\t\t\t\t\t\t\t\t\tSELECT\n\t\t\t\t\t\t\t\t\t\t\t\t[prefix]user_groups.*\n\t\t\t\t\t\t\t\t\t\t\tFROM\n\t\t\t\t\t\t\t\t\t\t\t\t[prefix]user_groups\n\t\t\t\t\t\t\t\t\t\t\tJOIN\n\t\t\t\t\t\t\t\t\t\t\t\t[prefix]user_groups_to_acl_resources\n\t\t\t\t\t\t\t\t\t\t\tON\n\t\t\t\t\t\t\t\t\t\t\t\t[prefix]user_groups.`id` = [prefix]user_groups_to_acl_resources.`user-group-id`\n\t\t\t\t\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\t\t\t\t\t[prefix]user_groups_to_acl_resources.`acl-resource-id` = :aclResourceId\n\t\t\t\t\t\t\t\t\t\t\tORDER BY\n\t\t\t\t\t\t\t\t\t\t\t\t[prefix]user_groups.`level` ASC\n\t\t\t\t\t\t\t\t\t\t\tLIMIT\n\t\t\t\t\t\t\t\t\t\t\t\t0,1\n\t\t\t\t\t\t\t\t\t\t", array(':aclResourceId' => $id));
                         if ($ugroup_lowest_level !== false) {
                             $min_level = $ugroup_lowest_level['level'];
                         }
                         // Dann gehen wir alle dem Benutzer zugeordnete Gruppen durch und suchen alle,
                         // die ein h�heres Level haben und die gew�nschte Aktion durchf�hren d�rfen
                         foreach (self::$user_assigned_ugroups as $ugroup_id => $ugroup_properties) {
                             if ($ugroup_properties['level'] > $min_level) {
                                 $result = self::isActionPermitted($action, $ugroup_properties);
                                 // Wenn eine Gruppe mit der gew�nschten Aktion gefunden wurde, abbrechen
                                 if ($result) {
                                     break;
                                 }
                             }
                         }
                     }
                 }
                 return $result;
                 break;
                 // Zur Sicherheit...
             // Zur Sicherheit...
             default:
                 return false;
                 break;
         }
         return false;
     }
 }
Esempio n. 16
0
 /**
  * This action should be triggered through a HTTP POST request in order to
  * install a widget.
  *
  * @param integory $category The category's identifier to which the installed widget must be added.
  */
 public function install($category)
 {
     // Security check.
     if (!Auth::isAuth() && (Auth::isAdmin() || Auth::isGod())) {
         DefaultFC::redirection('users/index?ref=admin');
     }
     try {
         // Action : Install the widget.
         $widgetName = Widgets::install($category, Auth::getUserId(), $_FILES['widget']['name'], $_FILES['widget']['tmp_name']);
         $_SESSION['isError'] = false;
         $_SESSION['message'] = sprintf(__("Widget '%s' has been successfully installed."), $widgetName);
     } catch (Exception $e) {
         $_SESSION['isError'] = true;
         $_SESSION['message'] = __("An error occured during widget installation.");
     }
     DefaultFC::redirection('admin/index');
 }
Esempio n. 17
0
 /**
  * Utilitaire pour appeler les autres methodes de facon transparente
  *
  * @static
  * @access public
  * @param  string $name
  * @param  integer $userId
  * @return string
  */
 public static function getRealName($name, $userId = 0)
 {
     $userId = !$userId ? Auth::getUserId() : $userId;
     return $name . '_' . $userId;
 }
		<meta charset="utf-8" />
		<title>QCManager</title>
		
	</head>
	<body>
	
		<script>
<?php 
if ($auth->isLogged()) {
    if (isset($_FILES['file'])) {
        $path_parts = pathinfo($_FILES['file']['name']);
        $filename = $path_parts['filename'];
        $extension = $path_parts['extension'];
        $new_filename = "media/user/" . md5($filename) . '-' . time() . '.' . strtolower($extension);
        if (move_uploaded_file($_FILES['file']['tmp_name'], $new_filename)) {
            $mine_query = "UPDATE user SET user_photo_path = '" . $new_filename . "' WHERE user_id = " . Auth::getUserId();
            $mine_result = $_MYSQLI->query($mine_query);
            echo "parent.parent.location.href = parent.parent.location.href";
        } else {
            echo "alert('Le fichier est trop volumineux')";
        }
    } else {
        echo "POST file upload missing";
    }
} else {
    echo "You're not logged";
}
?>
 
		</script>
	
Esempio n. 19
0
 function deleteAction()
 {
     $users = Request::postParam('users');
     if ($users === null || !is_array($users)) {
         $this->error(self::RESULT_ERROR_BAD_REQUEST);
         return;
     }
     if (count($users) > 0) {
         foreach ($users as $user_id => $value) {
             if ($value == '1') {
                 if (is_numeric($user_id)) {
                     // Verhindern, dass der eingeloggte Administrator sich selber l�scht
                     if ($user_id == Auth::getUserId()) {
                         $this->error(self::RESULT_ERROR_NOT_AUHTORIZED);
                         return;
                     }
                     $this->users->delete($user_id);
                 }
             }
         }
     }
     $this->success();
 }
require_once "include/validation.class.php";
$auth = new Auth(true);
$mine_query = '	SELECT * 
				FROM questionnaire
				WHERE questionnaire_user_id = ' . Auth::getUserId();
$mine_result = $_MYSQLI->query($mine_query);
$mine_collection = array();
while ($row = $mine_result->fetch_object()) {
    $mine_collection[] = array("id" => $row->questionnaire_id, "title" => $row->questionnaire_title, "finished" => time() > $row->questionnaire_end_date);
}
$other_query = 'SELECT questionnaire.*
				FROM answer
				INNER JOIN choice ON choice_id = answer_choice_id
				INNER JOIN question ON question_id = choice_question_id
				INNER JOIN questionnaire ON questionnaire_id = question_questionnaire_id
				WHERE answer_student_user_id = ' . Auth::getUserId() . '
				GROUP BY questionnaire_id
';
$other_result = $_MYSQLI->query($other_query);
$other_collection = array();
while ($row = $other_result->fetch_object()) {
    $other_collection[] = array("id" => $row->questionnaire_id, "title" => $row->questionnaire_title, "finished" => time() > $row->questionnaire_end_date);
}
?>
<!DOCTYPE html>
<html>

	<head>
		<meta charset="utf-8" />
		<title>QCManager</title>
		<link rel="stylesheet" type="text/css" href="css/main.css">
        $new = $new ? 1 : 0;
        header("Location: frame_form_answer.php?new=" . $new . "&refresh=true&id=" . $_GET["id"]);
        exit;
    }
} else {
    if (!$own && Validation::Query($_POST, array("post")) && $data["question"]->questionnaire_end_date > time()) {
        foreach ($choice_ids as $cid) {
            $data["choices"][$cid]->checked = 0;
        }
        $delquery = '	DELETE FROM answer 
					WHERE answer_student_user_id = ' . Auth::getUserId() . ' AND answer_choice_id IN (' . implode(', ', $choice_ids) . ')';
        $_MYSQLI->query($delquery);
        if (isset($_POST["choices"])) {
            $insertion = array();
            foreach ($_POST["choices"] as $cid) {
                $insertion[] = '(NULL, ' . Auth::getUserId() . ', ' . $cid . ')';
                $data["choices"][$cid]->checked = 1;
            }
            $addquery = 'INSERT INTO answer (answer_id, answer_student_user_id, answer_choice_id) VALUES ' . join(', ', $insertion);
            $_MYSQLI->query($addquery);
        }
    }
}
?>
<!DOCTYPE html>
<html>

	<head>
		<meta charset="utf-8" />
		<title>QCManager</title>
		<link rel="stylesheet" type="text/css" href="css/main.css">
 public function subscribe()
 {
     $keys = array_keys($_GET);
     $widgetId = $keys[0];
     if (!isset($widgetId)) {
         throw new BadArgumentException(MwwException::CONTROLLER, 'You must provide a widget identifier to subscribe to a widget.');
     }
     if (!Auth::isAuth()) {
         // forward to the login script.
         DefaultFC::redirection('users/index?ref=subscribe');
         exit;
     }
     // No failure for authentication and parameters. We just carry on !
     UserInterface::subscribe(Auth::getUserId(), $widgetId);
     DefaultFC::redirection('wall/index');
 }
$_RULES = array("user_firstname" => Validation::$f->notEmpty_String, "user_lastname" => Validation::$f->notEmpty_String, "user_email" => Validation::$f->Email, "user_schoolname" => Validation::$f->notEmpty_String);
$v = new Validation($_POST, array("user_firstname", "user_lastname", "user_email", "user_schoolname", "user_password", "user_repassword"), $_RULES);
if ($v->fieldsExists()) {
    $setrepassword = Validation::Query($_POST, array("user_password", "user_repassword"));
    $repassword = $setrepassword ? $_POST["user_password"] == $_POST["user_repassword"] : false;
    $email_available = Auth::user_exists($_POST["user_email"]) == 0 || $_POST["user_email"] == $user->user_email;
    if ($v->testAll() && $email_available) {
        $set = $v->export($_MYSQLI, array("user_firstname", "user_lastname", "user_email", "user_schoolname", "user_password"));
        if (false) {
            $set["user_photo_path"] = "";
        }
        if ($repassword) {
            $set["user_password"] = Security::CryptPassword($_POST["user_password"]);
        }
        $statement = new SQLBuilder($_MYSQLI);
        $q = $statement->update('user')->set($set)->where("user_id", "=", Auth::getUserId())->build();
        $r = $_MYSQLI->query($q);
    }
}
$user = Auth::getUser();
/*

$other_query_photo = 'SELECT user_photo_path
				FROM user
				WHERE user_id = '.Auth::getUserId();


$other_result_photo = $_MYSQLI->query($other_query_photo);

$row = $other_result_photo->fetch_object();*/
?>
Esempio n. 24
0
 /**
  * test #14.
  * Overriding automatic attributes using a future date. Because
  * a future date is used, the record can no longer be changed after
  * it was saved.
  * @depends testSaveEmptyObject
  * @depends testSetAttributes
  * @depends testUpdate
  * @depends testOverrideAutomaticAttributesNewRecord
  */
 public function testOverrideAutomaticAttributesFutureDate()
 {
     global $testAuthId1, $testUserId1;
     global $testUserId2;
     // Create the object, which automatically gets the current date
     $object = new Auth($testAuthId1);
     $object->setUserId($testUserId1);
     $object->setExpiration('2015-09-30');
     $this->assertTrue($object->save());
     $this->assertEquals(1, $this->countTestRows());
     $originalCreated = $object->getCreated();
     $originalUpdated = $object->getUpdated();
     // Change the object with different values, using a guaranteed
     // future date for the Created and Updated fields. Note that
     // the mySQL timestamp values allow for dates up to January 19,
     // 2038. Select as the future date for this test January 18, 2038
     // values after first save are unchanged
     $object->setCreated('2038-01-18 10:10:10.000000');
     $object->setUpdated('2038-01-18 10:10:11.000000');
     $object->setUserId($testUserId2);
     $object->setExpiration('2015-10-01');
     // Check the values before saving
     $this->assertEquals($testAuthId1, $object->getAuthId());
     $this->assertEquals('2038-01-18 10:10:10.000000', $object->getCreated());
     $this->assertEquals('2038-01-18 10:10:11.000000', $object->getUpdated());
     $this->assertEquals($testUserId2, $object->getUserId());
     $this->assertEquals('2015-10-01', $object->getExpiration());
     // update the record, this adds a row in the database
     $this->assertTrue($object->save());
     $this->assertEquals(2, $this->countTestRows());
     // after the update, the information has been saved
     $this->assertEquals($testAuthId1, $object->getAuthId());
     $this->assertEquals('2038-01-18 10:10:10.000000', $object->getCreated());
     $this->assertEquals('2038-01-18 10:10:11.000000', $object->getUpdated());
     $this->assertEquals($testUserId2, $object->getUserId());
     $this->assertEquals('2015-10-01', $object->getExpiration());
     // Try to update the record. This will add a row in the database
     $object->setExpiration('2015-09-30');
     $object->setUserId($testUserId1);
     $this->assertTrue($object->save());
     $this->assertEquals(3, $this->countTestRows());
     // but the new information is not saved. The previously saved
     // information cannot be overwritten without manually setting the
     // updated field.
     $this->assertEquals($testAuthId1, $object->getAuthId());
     $this->assertEquals('2038-01-18 10:10:10.000000', $object->getCreated());
     $this->assertEquals('2038-01-18 10:10:11.000000', $object->getUpdated());
     $this->assertEquals($testUserId2, $object->getUserId());
     $this->assertEquals('2015-10-01', $object->getExpiration());
     // Note: this will FAIL in the current implementation!
     //$this->assertEquals('future date hash', $object->getHash());
 }