// $option_credit = "<tr><td>" . _('Credit') . "</td><td><input type=text maxlength=14 name=up_credit value=\"$credit\"></td></tr>"; if ($is_parent) { $button_delete = "<input type=button class=button value='" . _('Delete') . "' onClick=\"javascript: ConfirmURL('" . _('Are you sure you want to delete subuser ?') . " (" . _('username') . ": " . $c_username . ")','index.php?app=main&inc=core_user&route=subuser_mgmnt&op=subuser_del" . $url_uname . "')\">"; $button_back = _back('index.php?app=main&inc=core_user&route=subuser_mgmnt&op=subuser_list'); } else { $button_delete = "<input type=button class=button value='" . _('Delete') . "' onClick=\"javascript: ConfirmURL('" . _('Are you sure you want to delete user ?') . " (" . _('username') . ": " . $c_username . ")','index.php?app=main&inc=core_user&route=user_mgmnt&op=user_del" . $url_uname . "&view=" . $view . "')\">"; $button_back = _back('index.php?app=main&inc=core_user&route=user_mgmnt&op=user_list&view=' . $view); } } else { $form_title = _('User configuration'); // fixme anton - now disabled since plugin/feature/credit exists // $option_credit = "<tr><td>" . _('Credit') . "</td><td>$credit</td></tr>"; } // get access control list $c_option_acl = array_flip(acl_getall()); $option_acl = _input('text', '', acl_getname($acl_id), array('readonly')); if (auth_isadmin()) { $option_acl = _select('up_acl_id', $c_option_acl, $acl_id); } if ($user_edited['status'] == 4) { $parent_id = user_getparentbyuid($user_edited['uid']); if ($parent_id == $user_config['uid']) { $c_option_acl = array_flip(acl_getallbyuid($user_config['uid'])); $option_acl = _select('up_acl_id', $c_option_acl, $acl_id); } } // additional user's config available on registry $data = registry_search($c_uid, 'core', 'user_config'); // credit unicodes messages as single message $option_enable_credit_unicode = _options(array(_('yes') => 1, _('no') => 0), $data['core']['user_config']['enable_credit_unicode']); if (auth_isadmin()) {
* (at your option) any later version. * * playSMS is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with playSMS. If not, see <http://www.gnu.org/licenses/>. */ defined('_SECURE_') or die('Forbidden'); if (!auth_isadmin()) { auth_block(); } $id = $_REQUEST['id']; $acl_name = acl_getname($id); switch (_OP_) { case "user_list": $search_var = array(_('Registered') => 'register_datetime', _('Username') => 'username', _('Name') => 'name', _('Mobile') => 'mobile'); $search = themes_search($search_var, ''); $conditions = array('flag_deleted' => 0, 'acl_id' => $id); $keywords = $search['dba_keywords']; $count = dba_count(_DB_PREF_ . '_tblUser', $conditions, $keywords); $nav = themes_nav($count, "index.php?app=main&inc=core_acl&route=view&op=user_list&id=" . $id); $extras = array('ORDER BY' => 'register_datetime DESC, username', 'LIMIT' => $nav['limit'], 'OFFSET' => $nav['offset']); $list = dba_search(_DB_PREF_ . '_tblUser', '*', $conditions, $keywords, $extras); $content .= _dialog() . "\n\t\t\t<h2>" . _('Manage ACL') . "</h2>\n\t\t\t<h3>" . _('View report') . "</h3>\n\n\t\t\t<table class=playsms-table cellpadding=1 cellspacing=2 border=0>\n\t\t\t\t<tr>\n\t\t\t\t\t<td class=label-sizer>" . _('ACL ID') . "</td>\n\t\t\t\t\t<td>" . $id . "</td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td>" . _('ACL name') . "</td>\n\t\t\t\t\t<td>" . $acl_name . "</td>\n\t\t\t\t</tr>\n\t\t\t</table>\t\t\t\n\t\t\t<h4>" . _('List of accounts') . "</h4>\n\t\t\t<p>" . $search['form'] . "</p>\n\t\t\t<div class=table-responsive>\n\t\t\t<table class=playsms-table-list>\n\t\t\t<thead><tr>\n\t\t\t\t<th width='20%'>" . _('Registered') . "</th>\n\t\t\t\t<th width='20%'>" . _('Username') . "</th>\n\t\t\t\t<th width='20%'>" . _('Name') . "</th>\n\t\t\t\t<th width='20%'>" . _('Mobile') . "</th>\n\t\t\t\t<th width='20%'>" . _('Credit') . "</th>\n\t\t\t</tr></thead>\n\t\t\t<tbody>"; $j = $nav['top']; for ($i = 0; $i < count($list); $i++) { $action = ""; if ($list[$i]['uid'] != '1' || $list[$i]['uid'] != $user_config['uid']) {
/** * Check if visitor has certain ACL * * @param string $acl * Access Control List * @return boolean TRUE if valid and visitor has certain ACL */ function auth_isacl($acl) { if (auth_isvalid()) { if (auth_isadmin()) { return TRUE; } else { $user_acl_id = user_getfieldbyuid($_SESSION['uid'], 'acl_id'); $user_acl_name = acl_getname($user_acl_id); if ($acl && $user_acl_name && strtoupper($acl) == strtoupper($user_acl_name)) { return TRUE; } } } return FALSE; }
function acl_setbyuid($acl_id, $uid) { $ret = FALSE; if ((int) $uid && ($acl_name = acl_getname($acl_id))) { if (dba_update(_DB_PREF_ . '_tblUser', array('acl_id' => $acl_id), array('flag_deleted' => 0, 'uid' => $uid))) { return TRUE; } } return $ret; }