/**
* Get permissions from messagin_group table
* @return void
*/
function __construct()
{
try {
$sth = DB::prep("SELECT groups,banned,history FROM messaging_groups WHERE id = (SELECT `group` FROM messaging_admin WHERE id = :id)");
$sth->bindParam(":id", $_SESSION['userid'], PDO::PARAM_INT);
$this->result = DB::getFirst($sth, null, PDO::FETCH_OBJ);
} catch (Exception $e) {
Exceptions::PrintOut($e);
}
}
public function __construct($m, $to_user, $html = false)
{
$this->to_user = $to_user;
try {
$this->SetMsg($m, $html);
$this->InsertMessage();
$this->InsertHistory();
} catch (Exception $e) {
Exceptions::PrintOut($e);
}
}
/**
* Check if user is banned or not
*
* @param Integer
* @return Integer
* @author
*/
public static function IsBanned($ip)
{
try {
$sth = DB::prep("SELECT COUNT(*) as c FROM messaging_ban WHERE ip = INET_ATON(:ip)");
$sth->bindParam(":ip", $ip, PDO::PARAM_STR);
$result = DB::getFirst($sth, null, PDO::FETCH_OBJ);
return $result->c;
} catch (Exception $e) {
Exceptions::PrintOut($e);
}
}
/**
* Ban user with id
*
* @param Integer User id
* @return void
* @author
*/
public static function BanUser($id)
{
try {
$user = self::GetUser($id);
$ip = $user->ip;
$host = gethostbyaddr($ip);
$sth = DB::prep("INSERT INTO messaging_ban (ip,host) VALUES( INET_ATON(:ip), :host) ");
$sth->bindParam(":ip", $ip, PDO::PARAM_STR);
$sth->bindParam(":host", $host, PDO::PARAM_STR);
$sth->execute();
self::DeleteUser($id);
} catch (Exception $e) {
Exceptions::PrintOut($e);
}
}
public static function Length($min, $max, $string, $exception = 0, $ex_code = 0)
{
try {
$min = (int) $min;
$max = (int) $max;
if ($min == 0 or $max == 0) {
throw new Exception(e400, 400);
}
} catch (Exception $e) {
Exceptions::PrintOut($e);
}
if (strlen($string) >= $min and strlen($string) <= $max) {
return true;
} else {
throw new Exception($exception, $ex_code);
}
}
/**
* Returns group information from database
*
* @return Object
* @author Gregor Kuplenik, gregor.kuplenik@insis.si
*/
public static function GetGroup($id)
{
try {
$sth = DB::prep("SELECT * FROM messaging_groups WHERE id = :id");
$sth->bindParam(":id", $id, PDO::PARAM_INT);
return DB::getFirst($sth, null, PDO::FETCH_OBJ);
} catch (Exception $e) {
Exceptions::PrintOut($e);
}
}
<?php
$perms = new Permission();
if (!$perms->IsAllowed('history')) {
Exceptions::PrintOut("You do not have access to the History");
}
/**
* Check $_POST variables for "search"
*/
$post_check = Post::Check(array("search"));
if ($post_check) {
/**
* If variable is passed, search for the historic messages with passed variable
*/
$historic = History::SearchHistory($_POST['search']);
} else {
/**
* Else output the default historic messages
*/
$historic = History::ListHistory();
}
include 'views/template/history.html';
<?php
$perms = new Permission();
if (!$perms->IsAllowed('groups')) {
Exceptions::PrintOut("You do not have access to the Users and groups");
}
/**
* Check if post names are set
*/
$post_check = Post::Check(array("title", "users", "banned", "history"));
/**
* If post names are all set, try to insert the group
*/
if ($post_check) {
$new_user = new UsersAndGroups();
$result = $new_user->NewGroup($_POST['title'], array($_POST['users'], $_POST['banned'], $_POST['history']));
/*
* If result is not true, output the error variable
*/
if (!$result) {
$error = $new_user->error;
}
}
/**
* Include view template file
*/
include 'views/template/new_group.html';
<?php
$perms = new Permission();
if (!$perms->IsAllowed('history')) {
Exceptions::PrintOut("You do not have access to the History");
}
/**
* Check $_GET for "sess" and "email"
*/
$check = Post::GCheck(array("sess", "email"));
if ($check) {
/**
* If passed, we delete the specific historic messages
*/
$delete = History::DeleteConv($_GET['sess'], $_GET['email']);
if ($delete) {
/**
* Delete success, return to history page
*/
header("Location: index.php?page=history");
} else {
/**
* Print out the error
*/
Exceptions::PrintOut("There is a problem deleting the historic conversation. Either no id has been passed or id does not exists in database");
}
}
/**
* Delete historic conversation from database
*
* @return Integer
* @author
*/
public static function DeleteConv($session, $email)
{
try {
$sth = DB::prep("DELETE FROM messaging_history WHERE email = :email AND sess = :sess");
$sth->bindParam(":sess", $session, PDO::PARAM_STR);
$sth->bindParam(":email", $email, PDO::PARAM_STR);
$sth->execute();
return $sth->rowCount();
} catch (Exception $e) {
Exceptions::PrintOut($e);
}
}
<?php
$perms = new Permission();
if (!$perms->IsAllowed('banned')) {
Exceptions::PrintOut("You do not have access to the Banned area");
}
/**
* Check for $_GET variable "id"
*/
$delcheck = Post::GCheck(array("id"));
/**
* If variable is set, delete the user and return to page
*/
if ($delcheck) {
UserBan::BanDelete($_GET['id']);
header("Location: index.php?page=UserBan");
}
<?php
$perms = new Permission();
if (!$perms->IsAllowed('groups')) {
Exceptions::PrintOut("You do not have access to the Users and groups");
}
/**
* Check if $_GET['id] is set and is greater than 0
*/
$id_check = Post::GCheck(array('id'));
/*
* If id is ok and we are not editing administrators group proceed with operation
*/
if ($id_check && $_GET['id'] != 1) {
$id = $_GET['id'];
$post_check = Post::Check(array("title", "users", "banned", "history"));
if ($post_check) {
$edit = new UsersAndGroups();
$result = $edit->GroupEditor($_POST['title'], $id, array($_POST['users'], $_POST['banned'], $_POST['history']));
if (!$result) {
$error = $edit->error;
}
}
$group = UsersAndGroups::GetGroup($id);
include 'views/template/groupedit.html';
} else {
/*
* End with message
*/
Exceptions::PrintOut("You cannot edit the Administrators group");
}
* Check if $_GET variables for id are set
*/
if (isset($_GET['id']) && !empty($_GET['id'])) {
/**
* If variable id equals 1. stop the execution and print out error.
* We cannot delete the administrator group. It is a superuser group and must
* remain safe at all times.
*/
if ($_GET['id'] == 1) {
/**
* Print out the error
*/
Exceptions::PrintOut("You cannot delete the Administrator Group");
} else {
/**
* If id is not equal to 1, continue to group delete function
*/
$delete = UsersAndGroups::GroupDelete($_GET['id']);
}
/**
* If delete is successful, retun the user to back page
*/
if ($delete) {
header("Location: index.php?page=users_and_groups");
} else {
/**
* If the group delete failed for some reason, output this as an error
*/
Exceptions::PrintOut("There is a problem with deleting your group. Either no id has been passed or id does not exists in database");
}
}
Exceptions::PrintOut("You do not have access to the Users and groups");
}
/**
* Check if $_GET['id] is set and is greater than 0
*/
$id_check = Post::GCheck(array('id'));
/*
* If id is ok and we are not editing administrators group proceed with operation
*/
if ($id_check) {
$id = $_GET['id'];
$post_check = Post::Check(array("username", "group"));
if ($post_check) {
$edit = new UsersAndGroups();
$result = $edit->UserEditor($id, $_POST['password'], $_POST['password2'], $_POST['group']);
if (!$result) {
$error = $edit->error;
}
}
$user = UsersAndGroups::GetUser($id);
/**
* List groups to select element
*/
$groups = UsersAndGroups::ListGroups();
include 'views/template/useredit.html';
} else {
/*
* End with message
*/
Exceptions::PrintOut("You cannot edit the Administrator Super User Account.");
}