<?php
/**
* @file views/pages/error.php
* @author James Hogan (jh559)
* @brief Simple view for displaying an error and back button.
*
* These are designed for when the user doesn't have permission to see some page.
* It can provide an optional login button if the user is not already logged in.
*/
?>
<div class="BlueBox">
<img align="left" src="<?php
echo site_url('/images/prototype/homepage/error.png');
?>
" alt="error" width="30" height="30" />
<?php
echo @$_wikitext;
$CI =& get_instance();
if (isset($try_login['_text']) && !$CI->user_auth->isLoggedIn) {
echo '<p>You are not currently logged in. ' . xml_escape($try_login['_text']) . '</p>';
//echo('<p><a href="'.site_url('login/main'.$this->uri->uri_string()).'">Log in now</a></p>');
echo HtmlButtonLink(site_url('login/main' . $this->uri->uri_string()), 'Log in');
}
if (isset($return['_text']) && isset($referer)) {
echo HtmlButtonLink($referer, $return['_text']);
}
?>
</div>
<?php /** * @file views/general/return.php * @brief Simple view for displaying an error and back button. */ ?> <div class="BlueBox"> <img align="left" src="/images/prototype/homepage/error.png" alt="error" width="30" height="30" /> <h2><?php echo $Title; ?> </h2> <?php echo $Description; ?> <?php echo HtmlButtonLink($Target, $Caption); ?> </div>
/**
* @param $Permission string or array of the following levels (in the order that
* they are to be obtained:
* - 'public' - anyone
* - 'student' - must be logged on
* - 'vip' - must be logged on as a vip
* - 'vip+pr' - must be logged on as a vip or a pr rep
* - 'office' - must be in the office
* - 'pr' - must be in the office as a pr rep
* - 'editor' - must be in the office as an editor
* - 'admin' - must be in the office as an administrator
* @param $LoadMainFrame bool Whether to load the mainframe if permision hasn't
* yet been acquired (for the login screen).
* @return bool Whether enough privilages.
*/
function CheckPermissions($Permission = 'public', $LoadMainFrame = TRUE, $NoPost = FALSE)
{
// Start a session
$CI =& get_instance();
// Initialisation stuff
$CI->load->library('messages');
$CI->load->model('user_auth');
$CI->load->model('pages_model');
// Decide on output format
if (isset($_POST['fb_sig'])) {
/// @todo AUTHENTICATE FACEBOOK
OutputMode('fbml');
global $_SESSION;
$_SESSION = array();
} else {
if (isset($_GET['opmode'])) {
OutputMode($_GET['opmode']);
} else {
OutputMode(DefaultOutputMode());
}
}
// If the output mode is not supported, show a 404
if (!in_array(OutputMode(), OutputModes())) {
show_404();
}
// Translate some auxilliary permissions
$auxilliary_permissions = array('moderator' => 'editor');
if (array_key_exists($Permission, $auxilliary_permissions)) {
$Permission = $auxilliary_permissions[$Permission];
}
$user_level = GetUserLevel();
// URL analysis regarding vip area
$thru_viparea = $CI->uri->total_segments() >= 1 && $CI->uri->segment(1) === 'viparea';
$thru_office_pr = $CI->uri->total_segments() >= 3 && $CI->uri->segment(1) === 'office' && $CI->uri->segment(2) === 'pr' && $CI->uri->segment(3) === 'org';
$thru_office_manage = $CI->uri->total_segments() >= 2 && $CI->uri->segment(1) === 'office' && $CI->uri->segment(2) === 'manage';
$company_short_name = $CI->config->Item('company_organisation_id');
$organisation_specified = FALSE;
if ($thru_viparea) {
if ($CI->uri->total_segments() > 1) {
$organisation_shortname = $CI->uri->segment(2);
$organisation_specified = TRUE;
VipSegments(2);
} else {
$organisation_shortname = $CI->user_auth->organisationShortName;
}
// don't allow access to vip area of the company, only through office/manage
if ($organisation_shortname === $company_short_name) {
$organisation_shortname = '';
$CI->user_auth->logoutOrganisation();
redirect('');
}
vip_url('viparea/' . $organisation_shortname . '/', TRUE);
} elseif ($thru_office_pr) {
$organisation_shortname = $CI->uri->segment(4);
$organisation_specified = TRUE;
VipSegments(4);
vip_url('office/pr/org/' . $organisation_shortname . '/', TRUE);
} elseif ($thru_office_manage) {
$organisation_shortname = $company_short_name;
$organisation_specified = TRUE;
VipSegments(2);
vip_url('office/manage/', TRUE);
} else {
$organisation_shortname = '';
}
VipOrganisation(FALSE, $organisation_shortname);
VipOrganisation(TRUE, $CI->user_auth->organisationShortName);
// Login actions for student/vip/office logins
$student_login_action = array('redirect+url', 'login/main', 'post' => TRUE);
if ($organisation_specified) {
$vip_login_action = array('redirect+url', 'login/vipswitch/' . $organisation_shortname, 'post' => TRUE);
} else {
$vip_login_action = array('redirect+url', 'login/vip', 'post' => TRUE);
}
$office_login_action = array('redirect+url', 'login/office', 'post' => TRUE);
// If vip+pr, use URI to decide which
if ($Permission === 'vip+pr') {
$Permission = $thru_viparea ? 'vip' : ($thru_office_pr ? 'pr' : ($thru_office_manage ? 'manage' : ''));
} elseif ($Permission === 'vip') {
$Permission = $thru_viparea ? 'vip' : ($thru_office_manage ? 'manage' : '');
} elseif ($thru_office_pr && $Permission !== 'pr' || $thru_viparea && $Permission !== 'vip' || $thru_office_manage && $Permission !== 'manage') {
$Permission = '';
}
// Matrix indexed by user level, then page level, of behaviour
// Possible values:
// NULL/notset http error 404
// TRUE allowed
// array specially handled
// otherwise access denied
if ($user_level === 'public') {
$action_levels = array('public' => TRUE, 'student' => $student_login_action, 'vip' => $student_login_action, 'office' => $student_login_action, 'pr' => $student_login_action, 'editor' => $student_login_action, 'manage' => $student_login_action, 'admin' => $student_login_action);
} elseif ($user_level === 'student') {
$action_levels = array('public' => TRUE, 'student' => TRUE, 'vip' => $vip_login_action, 'office' => $office_login_action, 'pr' => $office_login_action, 'editor' => $office_login_action, 'manage' => $office_login_action, 'admin' => $office_login_action);
} elseif ($user_level === 'organisation') {
// Logged in from public as organisation
$allow_vip = array_key_exists($organisation_shortname, $CI->user_auth->allTeams);
$action_levels = array('public' => TRUE, 'student' => TRUE, 'vip' => $allow_vip, 'office' => FALSE, 'pr' => FALSE, 'editor' => FALSE, 'manage' => FALSE, 'admin' => FALSE);
if ($allow_vip) {
VipOrganisationId(FALSE, $CI->user_auth->allTeams[$organisation_shortname][0]);
VipOrganisationName(FALSE, $CI->user_auth->allTeams[$organisation_shortname][1]);
VipOrganisationId(TRUE, $CI->user_auth->organisationLogin);
VipOrganisationName(TRUE, $CI->user_auth->organisationName);
VipMode('viparea');
VipLevel('write', TRUE);
}
} elseif ($user_level === 'vip') {
// Logged in as student and in VIP area
$vip_door_open_action = array('message', 'warning', HtmlButtonLink(site_url('logout/vip' . $CI->uri->uri_string()), 'Leave VIP Area') . $CI->pages_model->GetPropertyText('login:warn_open_vip', TRUE), TRUE);
$allow_vip = array_key_exists($organisation_shortname, $CI->user_auth->allTeams);
if ($allow_vip) {
$vip_accessible = TRUE;
VipOrganisationId(FALSE, $CI->user_auth->allTeams[$organisation_shortname][0]);
VipOrganisationName(FALSE, $CI->user_auth->allTeams[$organisation_shortname][1]);
VipOrganisationId(TRUE, $CI->user_auth->organisationLogin);
VipOrganisationName(TRUE, $CI->user_auth->organisationName);
VipMode('viparea');
VipLevel('write', TRUE);
} else {
// check permissions to access this organisation
$vip_organisations = $CI->user_auth->getOrganisationLogins();
foreach ($vip_organisations as $organisation) {
if ($organisation['organisation_directory_entry_name'] == $organisation_shortname) {
$vip_accessible = $vip_login_action;
break;
}
}
if (!isset($vip_accessible)) {
$vip_accessible = FALSE;
}
}
$action_levels = array('public' => $vip_door_open_action, 'student' => $vip_door_open_action, 'vip' => $vip_accessible, 'office' => $office_login_action, 'pr' => $office_login_action, 'editor' => $office_login_action, 'manage' => $office_login_action, 'admin' => $office_login_action);
} else {
// Office
// Door left open actions
$office_door_open_action = array('message', 'warning', HtmlButtonLink(site_url('logout/office' . $CI->uri->uri_string()), 'Leave Office') . $CI->pages_model->GetPropertyText('login:warn_open_office', TRUE), TRUE);
$admin_door_open_action = $office_door_open_action;
// check permissions to access this organisation
$manage_accessible = FALSE;
$vip_organisations = $CI->user_auth->getOrganisationLogins();
foreach ($vip_organisations as $organisation) {
if ($organisation['organisation_directory_entry_name'] == $company_short_name) {
$manage_accessible = TRUE;
break;
}
}
// Refine further
if ($user_level === 'office') {
$action_levels = array('public' => $office_door_open_action, 'student' => $office_door_open_action, 'vip' => $vip_login_action, 'office' => TRUE, 'pr' => 'pr', 'editor' => FALSE, 'manage' => FALSE, 'admin' => FALSE);
} elseif ($user_level === 'editor') {
$action_levels = array('public' => $office_door_open_action, 'student' => $office_door_open_action, 'vip' => $vip_login_action, 'office' => TRUE, 'pr' => TRUE, 'editor' => TRUE, 'manage' => $manage_accessible, 'admin' => FALSE);
} elseif ($user_level === 'admin') {
$action_levels = array('public' => $admin_door_open_action, 'student' => $admin_door_open_action, 'vip' => $vip_login_action, 'office' => TRUE, 'pr' => TRUE, 'editor' => TRUE, 'manage' => $manage_accessible, 'admin' => TRUE);
}
// Change an office user to pr if they rep for the organisation
static $vipModes = array('pr' => 'office', 'manage' => 'manage');
if (array_key_exists($Permission, $vipModes)) {
// Get organisation information
$CI->db->select('organisation_entity_id AS id,' . 'organisation_name AS name,' . 'organisation_pr_rep AS rep');
$CI->db->join('entities', 'organisation_entity_id = entity_id', 'inner');
$CI->db->where(array('organisation_directory_entry_name' => $organisation_shortname, 'entity_deleted = FALSE'));
$matching_org = $CI->db->get('organisations')->result_array();
if (empty($matching_org)) {
$action_levels[$Permission] = FALSE;
} else {
$matching_org = $matching_org[0];
if ($action_levels[$Permission] === 'pr') {
$action_levels[$Permission] = TRUE;
$rep = $matching_org['rep'] == $CI->user_auth->entityId;
if ($rep) {
VipLevel('rep', TRUE);
} else {
VipLevel('read', TRUE);
}
} elseif ($action_levels[$Permission]) {
VipLevel('write', TRUE);
}
VipOrganisationId(FALSE, $matching_org['id']);
VipOrganisationName(FALSE, $matching_org['name']);
VipOrganisationId(TRUE, $matching_org['id']);
VipOrganisationName(TRUE, $matching_org['name']);
VipMode($vipModes[$Permission]);
}
}
}
$access_allowed = FALSE;
// No permission set or NULL indicates page doesn't exist at this URI
if (!array_key_exists($Permission, $action_levels) || NULL === $action_levels[$Permission]) {
return show_404();
} else {
$action = $action_levels[$Permission];
// True is allow
if (TRUE === $action) {
$access_allowed = TRUE;
} elseif (is_array($action)) {
// Array is special decider
// Perform action
switch ($action[0]) {
case 'handle':
$access_allowed = $action[1]($action[2], $Permission);
if (array_key_exists(3, $action)) {
$CI->messages->AddMessage($action[3], $action[4], FALSE);
}
break;
case 'redirect+url':
$action[1] .= $CI->uri->uri_string();
case 'redirect':
if (array_key_exists(2, $action)) {
$CI->messages->AddMessage($action[2], $action[3]);
}
if (array_key_exists('post', $action) && $action['post']) {
// store post data
if (!empty($_POST)) {
SetRedirectData($action[1], serialize($_POST));
}
}
// Before redirecting, forward on the redirected post data
$post_data = GetRedirectData();
if (NULL !== $post_data) {
SetRedirectData($action[1], $post_data);
}
// Do the redirect
redirect($action[1]);
return FALSE;
case 'message':
$CI->messages->AddMessage($action[1], $action[2], FALSE);
$access_allowed = $action[3];
break;
default:
break;
}
} else {
// Anything else is disallow
$CI->messages->AddMessage('warning', 'You do not have the ' . $Permission . ' privilages required!');
//redirect('');
}
// Restore post data
if ((TRUE === $action || is_array($action)) && !$NoPost) {
$post_data = GetRedirectData();
if (NULL !== $post_data) {
$post_data = @unserialize($post_data);
if (is_array($post_data)) {
if (!isset($_POST)) {
global $_POST;
$_POST = array();
}
foreach ($post_data as $key => $value) {
$_POST[$key] = $value;
}
}
}
}
}
if ('fbml' === OutputMode()) {
$Permission = 'facebookapp';
} elseif ('ajax' === OutputMode()) {
$Permission = 'ajax';
} elseif (FeedOutputMode()) {
$Permission = 'feed';
}
SetupMainFrame($Permission, FALSE);
if (!$access_allowed && $LoadMainFrame) {
$CI->load->library('Custom_pages');
$page = new CustomPageView('error:permissions');
$CI->main_frame->SetContent($page);
$CI->main_frame->Load();
}
return $access_allowed;
}
function HandleException($E)
{
$this->Disable();
$CI =& get_instance();
$CI->messages->AddMessage('information', 'You have logged out of facebook (reason: ' . xml_escape($E->getMessage()) . ')' . HtmlButtonLink(site_url('login/facebook' . $CI->uri->uri_string()), 'Log back in'));
}
function password()
{
if (!CheckPermissions('vip+pr')) {
return;
}
$this->pages_model->SetPageCode('viparea_settings_password');
if ($this->user_auth->isUser) {
$this->messages->AddMessage('error', 'Only accessible when logged in as ' . VipOrganisationName() . '.' . HtmlButtonLink(site_url('logout/main/login/main' . $this->uri->uri_string()), 'Relogin'));
} else {
$this->_SetupTabs('password');
$data = array('main_text' => 'hello world! main text goes here. this will only be accessible when logged in as organisation as oposed to student/vip', 'change_password_target' => vip_url('account/password'));
$this->load->helper('string');
$this->main_frame->SetContentSimple('account/password_change', $data);
}
$this->main_frame->SetTitleParameters(array('organisation' => VipOrganisationName()));
$this->main_frame->Load();
}