public function fetchImages()
{
if (!file_exists($this->fullPath)) {
throw new Exception('Gallery path does not exist: ' . $this->fullPath);
}
$sql = 'SELECT i.id, i.filename, i.published FROM images i WHERE i.gallery = :gallery';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':gallery', $this->id);
$stmt->execute();
$databaseImages = assignKeys($stmt->fetchAll(), 'filename');
$privViewUnpublished = Session::hasPriv('GALLERY_VIEW_UNPUBLISHED');
$images = array();
foreach (scandir($this->fullPath) as $filename) {
if (strpos($filename, '.') == 0) {
continue;
}
$potentialImage = array('filename' => $filename, 'published' => true);
$dbEntry =& $databaseImages[$filename];
$dbEntry = is_array($dbEntry) ? $dbEntry : array();
$imageMerged = array_merge($potentialImage, $dbEntry);
if ($imageMerged['published'] || !$imageMerged['published'] && $privViewUnpublished) {
$images[] = $imageMerged;
}
}
return $images;
}
public function __construct()
{
parent::__construct('formAdditionalMenuItems', 'Additional Menu Items');
Session::requirePriv('ADDITIONAL_MENU_ITEMS');
$this->addElement(new ElementTextbox('links', 'Links', $this->getLinks(), 'Format: title=url<newline>...'));
$this->addDefaultButtons();
}
function getTurns($username)
{
$waitTimePerTurn = 100;
$turns = array('time' => null, 'total' => null, 'used' => null, 'remaining' => null);
if ($username == \libAllure\Session::getUser()->getUsername()) {
$registerd = \libAllure\Session::getUser()->getData('registered');
} else {
global $db;
$sql = 'SELECT `usedturns`, `registerd` FROM `pfrog_users` WHERE "' . $username . '" LIMIT 1 ';
$result = $db->query($sql);
$result = $result->fetchRow();
$registerd = $result['registerd'];
$turns['used'] = $result['usedTurns'];
}
$now = time();
$timelapse = $now - $registerd;
$blocks = $timelapse / $waitTimePerTurn;
$temp = explode('.', $blocks);
if (strlen($temp[1]) == 1) {
$temp[1] = $temp[1] . 0;
}
$time_left = $waitTimePerTurn - $temp[1];
$temp[0] = $temp[0] - $turns['used'];
$turns['time'] = $time_left;
$turns['total'] = $blocks;
$turns['total_turns'] = $blocks;
$turns['remaining'] = $temp[0];
return $turns;
}
public function renderSidebar()
{
global $event, $signups, $db;
if (!Session::hasPriv('FORCE_SIGNUPS')) {
return;
}
if (!isset($event) || empty($signups)) {
return;
}
$sql = 'SELECT u.id, u.username FROM plugin_regulars r INNER JOIN users u ON r.user = u.id WHERE r.user NOT IN (SELECT s.user FROM signups s WHERE s.event = :eventId) ';
$stmt = $db->prepare($sql);
$stmt->bindValue(':eventId', $event['id']);
$stmt->execute();
$regularUsers = $stmt->fetchAll();
startBox();
if (count($regularUsers) > 0) {
echo '<p>The following regulars are not signed up:</p> ';
echo '<ul>';
foreach ($regularUsers as $user) {
echo '<li><a href = "profile.php?id=' . $user['id'] . '">' . $user['username'] . '</a> (<span class = "dummyLink" onclick = "document.getElementById(\'username\').value = \'' . $user['username'] . '\'" >force</span>)</li>';
}
echo '</ul>';
} else {
echo 'All the regulars are signed up to this event!';
}
echo '<p><a href = "plugins.php">Plugin admin</a></p>';
stopBox('Regulars');
}
public static function isEmpty()
{
$sql = 'SELECT bi.id FROM basket_items bi WHERE bi.basketOwner = :userId';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':userId', Session::getUser()->getId());
$stmt->execute();
return $stmt->numRows() == 0;
}
public function __construct($groupId)
{
parent::__construct('updateGroupPrivs', 'Update group privs');
Session::requirePriv('SUPERUSER');
$this->addElement(new ElementHidden('id', 'Group', $groupId));
$this->addElement($this->getPermissionElement());
$this->addDefaultButtons('Grant priv');
}
public function process()
{
$event = Events::getById($this->getElementValue('id'));
Events::setSignupStatus($this->user->getId(), $event['id'], 'SIGNEDUP');
Events::appendSignupComment($this->user->getId(), $event['id'], 'Forced signup.', Session::getUser()->getUsername());
logActivity('Forced signup of:' . $this->getElementValue('username') . ' to event: ' . $event['id'] . ' (' . $event['name'] . ')');
redirect('viewEvent.php?id=' . $event['id'], 'They have been signed up.');
}
public function process()
{
$sql = 'INSERT INTO basket_items (user, event, basketOwner) VALUES (:user, :event, :basketOwner)';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':user', $this->user->getId());
$stmt->bindValue(':event', $this->getElementValue('event'));
$stmt->bindValue(':basketOwner', Session::getUser()->getId());
$stmt->execute();
}
public function __construct($userId)
{
parent::__construct('addUserToGroup', 'Add user to group');
Session::requirePriv('GROUP_EDIT');
$this->addElement(new ElementHidden('id', 'User', $userId));
$elGroup = $this->getGroupSelection();
$this->addElement($elGroup);
$this->addDefaultButtons();
}
public function process()
{
global $db;
$sql = 'INSERT INTO plugin_shoutbox (user, content) VALUES (:user, :content) ';
$stmt = $db->prepare($sql);
$stmt->bindValue(':user', Session::getUser()->getId());
$stmt->bindValue(':content', $this->getElementValue('shout'));
$stmt->execute();
}
function getQuadrants()
{
global $db;
$sql = 'SELECT q.id, q.name FROM quadrents q WHERE owner = :userId';
$stmt = $db->prepare($sql);
$stmt->bindValue(':userId', Session::getUser()->getId());
$stmt->execute();
return $stmt->fetchAll();
}
private function shouldNotDisplay()
{
if (Session::hasPriv('ADMIN')) {
$excludesPages = explode("\n", getSiteSetting('plugin.teamspeak3.ignorePages.admin'));
} else {
$excludesPages = explode("\n", getSiteSetting('plugin.teamspeak3.ignorePages'));
}
return in_array(basename($_SERVER['PHP_SELF']), $excludesPages);
}
public function process()
{
global $db;
$sql = 'INSERT INTO news (title, content, author, date) VALUES (:title, :content, :author, now())';
$stmt = $db->prepare($sql);
$stmt->bindValue(':title', $this->getElementValue('title'));
$stmt->bindValue(':content', $this->getElementValue('content'));
$stmt->bindValue(':author', Session::getUser()->getId());
$stmt->execute();
}
public function __construct()
{
parent::__construct('formPermissionCreate', 'Create permission');
Session::requirePriv('SUPERUSER');
$this->addElement(new ElementAlphaNumeric('permission', 'Permission name', null, 'Even after creating a permission, it needs to be implemented in code for it to take affect.'));
$this->getElement('permission')->setPatternToIdentifier();
$this->addElement(new ElementInput('description', 'Description'));
$this->getElement('description')->setMinMaxLengths(0, 2555);
$this->addButtons(Form::BTN_SUBMIT);
}
function deleteSeatsForUser($eventId, $userId = null)
{
if (empty($userId)) {
$userId = Session::getUser()->getId();
}
$sql = 'DELETE FROM seatingplan_seat_selections WHERE event = :event AND user = :user ';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':event', $eventId);
$stmt->bindValue(':user', $userId);
$stmt->execute();
}
public function __construct($user)
{
parent::__construct('avatar');
Session::requirePriv('CHANGE_AVATAR');
$this->enctype = 'multipart/form-data';
$this->addElement(new ElementFile('avatar', 'Avatar', null, 'You may upload a png or jpg, maximum size ' . getSiteSetting('avatarMaxWidth') . ' x ' . getSiteSetting('avatarMaxHeight') . ' pixels. Remember to press F5 to refresh your avatar after you have uploaded it!'));
$this->getElement('avatar')->destinationDir = 'resources/images/avatars/';
$this->getElement('avatar')->imageMaxW = getSiteSetting('avatarMaxWidth');
$this->getElement('avatar')->imageMaxH = getSiteSetting('avatarMaxHeight');
$this->addElement(new ElementHidden('user', 'User', $user));
$this->addDefaultButtons();
}
public function processNew()
{
global $db;
$sql = 'INSERT INTO page_content (page, content, updatedBy) VALUES (:title, :content, :userId) ';
$stmt = $db->prepare($sql);
$stmt->bindValue(':title', $this->getElementValue('title'));
$stmt->bindValue(':content', $this->getElementValue('content'));
$stmt->bindValue(':userId', Session::getUser()->getId());
$stmt->execute();
logActivity('Content created: ' . $this->getElementValue('title'));
return true;
}
public function process()
{
if (!empty($_SESSION['userHidden'])) {
$_SESSION['user'] = $_SESSION['userHidden'];
$_SESSION['userHidden'] = null;
} else {
// Directly manipulate the session to workaround the security restrictions.
if ($this->user->getId() == Session::getUser()->getId()) {
return;
}
$_SESSION['userHidden'] = $_SESSION['user'];
$_SESSION['user'] = $this->user;
}
}
function setUserInSeat($eventId, $seatId, $userId = null)
{
if (empty($userId)) {
$userId = Session::getUser()->getId();
}
logActivity('_u_' . ' selected seat ' . $seatId . ' for event _e_', null, array('user' => $userId, 'event' => $eventId));
$sql = 'INSERT INTO seatingplan_seat_selections (seat, event, user) VALUES (:seat, :event, :user1) ON DUPLICATE KEY UPDATE user = :user2';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':seat', $seatId);
$stmt->bindValue(':event', $eventId);
$stmt->bindValue(':user1', $userId);
$stmt->bindValue(':user2', $userId);
$stmt->execute();
}
public static function getAll()
{
global $db;
if (Session::hasPriv('SUPERUSER')) {
$sql = 'SELECT g.id, g.title, g.coverImage, g.folderName, e.date, g.status FROM galleries g LEFT JOIN events e ON e.gallery = g.id ORDER BY e.date DESC, g.title ASC, g.ordinal ASC';
} else {
$sql = 'SELECT g.id, g.title, g.coverImage, g.folderName, e.date, g.status FROM galleries g LEFT JOIN events e ON e.gallery = g.id WHERE g.status = "Open" ORDER BY e.date DESC, g.title ASC, g.ordinal ASC';
}
$result = $db->query($sql);
$galleries = array();
foreach ($result->fetchAll() as $itemGallery) {
$galleries[] = ItemGallery::fromArray($itemGallery);
}
return $galleries;
}
private function removeEventsAlreadySignedupFor($events)
{
$sql = 'SELECT s.event, s.status FROM signups s WHERE s.user = :user AND s.status != "SIGNEDUP" ';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':user', Session::getUser()->getId());
$stmt->execute();
$eventIds = array();
foreach ($stmt->fetchAll() as $event) {
$eventIds[] = $event['event'];
}
foreach ($events as $key => $event) {
if (in_array($event['id'], $eventIds)) {
unset($events[$key]);
}
}
return $events;
}
public function process()
{
global $db;
$db->beginTransaction();
$sql = 'DELETE FROM survey_votes WHERE opt IN (SELECT id FROM survey_options WHERE survey = :survey) AND user = :user ';
$stmt = $db->prepare($sql);
$stmt->bindValue(':survey', $this->survey['id']);
$stmt->bindValue(':user', Session::getUser()->getId());
$stmt->execute();
$sql = 'INSERT INTO survey_votes (user, opt) VALUES (:user, :option)';
$stmt = $db->prepare($sql);
$count = 0;
foreach ($this->getElementValue('voteValue') as $vote) {
if ($count >= $this->survey['count']) {
break;
} else {
$count++;
}
$stmt->bindValue(':user', Session::getUser()->getId());
$stmt->bindValue(':option', $vote);
$stmt->execute();
}
$db->commit();
}
public function fetch()
{
global $db;
$sql = 'SELECT es.id, es.message, es.start, es.duration, es.icon FROM event_schedule es WHERE es.event = :event ORDER BY start';
$stmt = $db->prepare($sql);
$stmt->bindValue(':event', $this->eventId, Database::PARAM_INT);
$stmt->execute();
$ret = array();
foreach ($stmt->fetchAll() as $scheduleItem) {
$scheduleItem['actions'] = array();
if (Session::hasPriv('SCHEDULE_CHANGE')) {
$scheduleItem['actions'][] = '<a href = "?action=delete&schId=' . $scheduleItem['id'] . '&id=' . $this->eventId . '">Delete</a>';
}
$scheduleItem['actions'] = implode(', ', $scheduleItem['actions']);
$scheduleItem['start'] = formatDtString($scheduleItem['start']);
if (!empty($scheduleItem['icon'])) {
$scheduleItem['iconUrl'] = 'resources/images/icons/games/' . $scheduleItem['icon'];
} else {
$scheduleItem['iconUrl'] = null;
}
$ret[] = $scheduleItem;
}
return $ret;
}
set_include_path(get_include_path() . PATH_SEPARATOR . 'src/main/php/' . PATH_SEPARATOR . '/usr/share/php/' . PATH_SEPARATOR . 'vendor/jwread/lib-allure/src/main/php/');
date_default_timezone_set('Europe/London');
function __autoload($class)
{
$class = DIRECTORY_SEPARATOR . $class . '.php';
foreach (explode(PATH_SEPARATOR, get_include_path()) as $path) {
if (file_exists($path . $class)) {
require_once $path . $class;
return;
}
}
}
require_once 'includes/functions.php';
require_once 'libAllure/Exceptions.php';
require_once 'libAllure/ErrorHandler.php';
require_once 'libAllure/Database.php';
require_once 'libAllure/Form.php';
require_once 'libAllure/Logger.php';
require_once 'libAllure/User.php';
require_once 'libAllure/Inflector.php';
require_once 'libAllure/Session.php';
require_once 'libAllure/AuthBackend.php';
require_once 'libAllure/AuthBackendDatabase.php';
require_once 'libAllure/HtmlLinksCollection.php';
require_once 'config.php';
\libAllure\ErrorHandler::getInstance()->beGreedy();
$db = new \libAllure\Database(CFG_DB_DSN, CFG_DB_USER, CFG_DB_PASS);
\libAllure\DatabaseFactory::registerInstance($db);
\libAllure\AuthBackend::setBackend(new \libAllure\AuthBackendDatabase());
\libAllure\Session::checkCredentials('SYSTEM', '');
<?php
use libAllure\HtmlLinksCollection;
use libAllure\Session;
$links = new HtmlLinksCollection('Permissions admin');
$links->addIf(Session::hasPriv('CREATE_PERMISSION'), 'createPermission.php', 'Create permission', null, 'create');
$tpl->assign('links', $links);
$tpl->display('sidebarLinks.tpl');
?>
<?php
/*******************************************************************************
Copyright (C) 2004-2006 xconspirisist (xconspirisist@gmail.com)
This file is part of pFrog.
pFrog is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
pFrog is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with pFrog; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*******************************************************************************/
require_once 'includes/common.php';
if (\libAllure\Session::isLoggedIn()) {
\libAllure\Session::logout();
}
$core->redirect('index.php', 'You are now logged out.');
require_once 'includes/widgets/footer.php';
$standardLinks->addIfPriv('UPLOAD_GALLERY_IMAGE', 'formUploadImage.php', 'Upload gallery image');
$standardLinks->addIfPriv('VIEW_SURVEYS', 'listSurveys.php', 'Survey', 'survey');
$tpl->assign('standardLinks', $standardLinks);
$privilegedLinks = new HtmlLinksCollection();
$privilegedLinks->addIfPriv('ADMIN_USERS', 'users.php', 'Users', 'users');
$privilegedLinks->addIfPriv('ADMIN_GROUPS', 'listGroups.php', 'Groups');
$privilegedLinks->addIfPriv('ADMIN_USERS', 'formFlagEmail.php', 'Flag bad emails', 'users');
$privilegedLinks->addIfPriv('VIEW_PRIVS', 'listPermissions.php', 'Permissions');
$privilegedLinks->addIfPriv('VIEW_VENUES', 'listVenues.php', 'Venues');
$privilegedLinks->addIfPriv('EDIT_CONTENT', 'listContent.php', 'Content blocks', 'contentBlocks');
$privilegedLinks->addIfPriv('VIEW_LOG', 'listLogs.php', 'Log');
$privilegedLinks->addIfPriv('MAILING_LIST', 'viewMailingList.php', 'Mailing list');
$privilegedLinks->addIfPriv('SITE_SETTINGS', 'siteSettings.php', 'Site settings', 'siteSettings');
$privilegedLinks->addIfPriv('ADMIN_PLUGINS', 'plugins.php', 'Plugins');
$privilegedLinks->addIfPriv('ADDITIONAL_MENU_ITEMS', 'form.php?form=FormAdditionalMenuItems', 'Additional menu items');
$privilegedLinks->addIfPriv('FINANCES', 'listFinanceAccounts.php', 'Finances');
$privilegedLinks->addIfPriv('SUDO', 'formSudo.php', 'SUDO');
$privilegedLinks->addIfPriv('VIEW_SYSTEM_STATISTICS', 'viewSystemStatus.php', 'System Status');
$privilegedLinks->addIfPriv('MACHINE_AUTHENTICATIONS', 'listMachineAuthentications.php', 'Machine Authentications');
$privilegedLinks->addIfPriv('LIST_SEATINGPLANS', 'listSeatingPlans.php', 'Seating plans');
$tpl->assign('privilegedLinks', $privilegedLinks);
$tpl->display('account.tpl');
$tpl->assign('acheivements', getAcheivements());
$tpl->display('acheivements.tpl');
$userEventSignups = getUserSignups();
$userSignupStatistics = getSignupStatistics($userEventSignups);
$tpl->assign('userEventSignups', $userEventSignups);
$tpl->assign('userSignupStatistics', $userSignupStatistics);
$tpl->assign('privViewAttendance', Session::hasPriv('VIEW_ATTENDANCE'));
$tpl->display('accountSignupOverview.tpl');
require_once 'includes/widgets/footer.php';
}
require_once 'includes/widgets/header.php';
$tpl->assignForm($f);
$tpl->display('form.tpl');
break;
case 'view':
$id = $sanitizer->filterUint('id');
$group = new Group($id);
require_once 'includes/widgets/header.php';
require_once 'includes/widgets/sidebar.php';
$tpl->assign('group', $group->getArray());
$tpl->assign('groupMembers', $group->getMembers());
$tpl->assign('groupPrivilegesList', $group->getPrivs());
$tpl->display('viewGroup.tpl');
break;
case 'create':
Session::requirePriv('GROUP_CREATE');
$f = new FormGroupCreate();
$f->addElement(new ElementHidden('action', null, 'create'));
if ($f->validate()) {
$f->process();
}
require_once 'includes/widgets/header.php';
require_once 'includes/widgets/sidebar.php';
$tpl->assignForm($f);
$tpl->display('form.tpl');
break;
default:
throw new Exception();
}
require_once 'includes/widgets/footer.php';
<?php
use libAllure\HtmlLinksCollection;
use libAllure\Session;
$menu = new HtmlLinksCollection('Gallery admin');
$menu->addIf(Session::hasPriv('GALLERY_SCAN'), 'doScanImageGallery.php', 'Scan gallery for problems');
$menu->addIf(Session::hasPriv('GALLERY_CREATE'), 'createGallery.php', 'Create');
if ($menu->hasLinks()) {
$tpl->assign('links', $menu);
$tpl->display('sidebarLinks.tpl');
}
<?php
require_once 'includes/common.php';
use libAllure\Session;
if (!Session::hasPriv('VIEW_GROUPS')) {
$tpl->error('You dont have permission to view groups.');
}
require_once 'includes/widgets/header.php';
require_once 'includes/widgets/sidebar.php';
$sql = 'SELECT g.id, g.title, g.css, count(mem.id) membershipCount FROM groups g LEFT JOIN group_memberships mem ON mem.`group` = g.id GROUP BY g.id';
$stmt = $db->prepare($sql);
$stmt->execute();
$tpl->assign('listGroups', $stmt->fetchAll());
$tpl->display('listGroups.tpl');