コード例 #1
0
ファイル: fn.php プロジェクト: yrahman/playSMS
/**
 * Get HTML component select all users
 *
 * @return string HTML component select
 */
function credit_html_select_user()
{
    global $user_config;
    if (auth_isadmin()) {
        $admins = user_getallwithstatus(2);
        $users = user_getallwithstatus(3);
    }
    $subusers = user_getsubuserbyuid($user_config['uid']);
    if (count($admins) > 0) {
        $option_user .= '<optgroup label="' . _('Administrators') . '">';
        foreach ($admins as $admin) {
            $option_user .= '<option value="' . $admin['uid'] . '">' . $admin['name'] . ' (' . $admin['username'] . ') - ' . _('Administrator') . '</option>';
        }
        $option_user .= '</optgroup>';
    }
    if (count($users) > 0) {
        $option_user .= '<optgroup label="' . _('Users') . '">';
        foreach ($users as $user) {
            $option_user .= '<option value="' . $user['uid'] . '">' . $user['name'] . ' (' . $user['username'] . ') - ' . _('User') . '</option>';
        }
        $option_user .= '</optgroup>';
    }
    if (count($subusers) > 0) {
        $option_user .= '<optgroup label="' . _('Subusers') . '">';
        foreach ($subusers as $subuser) {
            $option_user .= '<option value="' . $subuser['uid'] . '">' . $subuser['name'] . ' (' . $subuser['username'] . ') - ' . _('Subuser') . '</option>';
        }
        $option_user .= '</optgroup>';
    }
    $select_user = '******' . $option_user . '</select>';
    return $select_user;
}
コード例 #2
0
 function siteexport_add_page_export(&$event)
 {
     global $ID;
     if ($this->getConf('allowallusers') || auth_isadmin() || auth_ismanager()) {
         $event->data['items'][] = '<li>' . tpl_link(wl($ID, array('do' => 'siteexport_addpage')), '<span>Export Page</span>', 'class="action siteexport_addpage" title="Add page"', 1) . '</li>';
     }
 }
コード例 #3
0
ファイル: action.php プロジェクト: rsnitsch/dokuwiki
 /**
  * Create the detail info for a single plugin
  *
  * @param Doku_Event $event
  * @param            $param
  */
 public function info(Doku_Event &$event, $param)
 {
     global $USERINFO;
     global $INPUT;
     if ($event->data != 'plugin_extension') {
         return;
     }
     $event->preventDefault();
     $event->stopPropagation();
     if (empty($_SERVER['REMOTE_USER']) || !auth_isadmin($_SERVER['REMOTE_USER'], $USERINFO['grps'])) {
         http_status(403);
         echo 'Forbidden';
         exit;
     }
     header('Content-Type: text/html; charset=utf-8');
     $ext = $INPUT->str('ext');
     if (!$ext) {
         echo 'no extension given';
         return;
     }
     /** @var helper_plugin_extension_extension $extension */
     $extension = plugin_load('helper', 'extension_extension');
     $extension->setExtension($ext);
     /** @var helper_plugin_extension_list $list */
     $list = plugin_load('helper', 'extension_list');
     echo $list->make_info($extension);
 }
コード例 #4
0
ファイル: code.php プロジェクト: neutrinog/Door43
/**
 * Injects the necessary trackingcodes for piwik tracking (v2.x) into DOM
 * like specified in the plugin manager fields
 */
function piwik_code()
{
	global $conf;

	if (isset($conf['plugin']['piwik2']['js_tracking_code'])
        || (isset($conf['plugin']['piwik2']['img_tracking_code']))
    ) {
		// Config does not contain keys if they are default;
		// so check whether they are set & to non-default value
		
		// default 0, so check if it's not set or 0
		if (!isset($conf['plugin']['piwik2']['track_admin_user']) || $conf['plugin']['piwik2']['track_admin_user'] == 0) {
			if (isset($_SERVER['REMOTE_USER']) && auth_isadmin()) { return; }
		}
		
		// default 1, so check if it's set and 0
		if (isset($conf['plugin']['piwik2']['track_user']) && $conf['plugin']['piwik2']['track_user'] == 0) {
			if (isset($_SERVER['REMOTE_USER'])) { return; }
		}

        //changes made by Marcel Lange (info@bravehartk2.de)
        $trackingCode = (isset($conf['plugin']['piwik2']['js_tracking_code']))? $conf['plugin']['piwik2']['js_tracking_code'] : '';
        if(isset($conf['plugin']['piwik2']['use_img_tracking']) && $conf['plugin']['piwik2']['use_img_tracking'] == 1 && isset($conf['plugin']['piwik2']['img_tracking_code'])){
            $trackingCode = $conf['plugin']['piwik2']['img_tracking_code'];
        }
        ptln($trackingCode);
	} else {
		// Show configuration tip for admin
		if (isset($_SERVER['REMOTE_USER']) && auth_isadmin()) {
			msg('Please configure the piwik2 plugin');
		}
	}
}
コード例 #5
0
 public function doDownload($filename)
 {
     if (!auth_isadmin()) {
         throw new Exception('you must have AUTH_ADMIN permissions to download backup');
     }
     Backup::downloadFile($filename);
 }
コード例 #6
0
ファイル: remote.php プロジェクト: yjliugit/dokuwiki
 /**
  * Remove an entry from ACL config
  *
  * @param string $scope
  * @param string $user
  * @throws RemoteAccessDeniedException
  * @return bool
  */
 public function delAcl($scope, $user)
 {
     if (!auth_isadmin()) {
         throw new RemoteAccessDeniedException('You are not allowed to access ACLs, superuser permission is required', 114);
     }
     /** @var admin_plugin_acl $apa */
     $apa = plugin_load('admin', 'acl');
     return $apa->_acl_del($scope, $user);
 }
コード例 #7
0
ファイル: action.php プロジェクト: kevinlovesing/dokuwiki
 /**
  * Adds the preview parameter to the stylesheet loading in non-js mode
  *
  * @param Doku_Event $event  event object by reference
  * @param mixed      $param  [the parameters passed as fifth argument to register_hook() when this
  *                           handler was registered]
  * @return void
  */
 public function handle_header(Doku_Event &$event, $param)
 {
     global $ACT;
     global $INPUT;
     if ($ACT != 'admin' || $INPUT->str('page') != 'styling') {
         return;
     }
     if (!auth_isadmin()) {
         return;
     }
     // set preview
     $len = count($event->data['link']);
     for ($i = 0; $i < $len; $i++) {
         if ($event->data['link'][$i]['rel'] == 'stylesheet' && strpos($event->data['link'][$i]['href'], 'lib/exe/css.php') !== false) {
             $event->data['link'][$i]['href'] .= '&preview=1&tseed=' . time();
         }
     }
 }
コード例 #8
0
ファイル: action.php プロジェクト: wernerflamme/dokuwiki
 /**
  * Create the detail info for a single plugin
  *
  * @param Doku_Event $event
  * @param            $param
  */
 public function info(Doku_Event &$event, $param)
 {
     global $USERINFO;
     global $INPUT;
     if ($event->data != 'plugin_extension') {
         return;
     }
     $event->preventDefault();
     $event->stopPropagation();
     if (empty($_SERVER['REMOTE_USER']) || !auth_isadmin($_SERVER['REMOTE_USER'], $USERINFO['grps'])) {
         http_status(403);
         echo 'Forbidden';
         exit;
     }
     $ext = $INPUT->str('ext');
     if (!$ext) {
         http_status(400);
         echo 'no extension given';
         return;
     }
     /** @var helper_plugin_extension_extension $extension */
     $extension = plugin_load('helper', 'extension_extension');
     $extension->setExtension($ext);
     $act = $INPUT->str('act');
     switch ($act) {
         case 'enable':
         case 'disable':
             $json = new JSON();
             $extension->{$act}();
             //enables/disables
             $reverse = $act == 'disable' ? 'enable' : 'disable';
             $return = array('state' => $act . 'd', 'reverse' => $reverse, 'label' => $extension->getLang('btn_' . $reverse));
             header('Content-Type: application/json');
             echo $json->encode($return);
             break;
         case 'info':
         default:
             /** @var helper_plugin_extension_list $list */
             $list = plugin_load('helper', 'extension_list');
             header('Content-Type: text/html; charset=utf-8');
             echo $list->make_info($extension);
     }
 }
コード例 #9
0
ファイル: action.php プロジェクト: wernerflamme/dokuwiki
 /**
  * AJAX call handler for ACL plugin
  *
  * @param Doku_Event $event  event object by reference
  * @param mixed $param  empty
  * @return void
  */
 public function handle_ajax_call_acl(Doku_Event &$event, $param)
 {
     if ($event->data !== 'plugin_acl') {
         return;
     }
     $event->stopPropagation();
     $event->preventDefault();
     global $ID;
     global $INPUT;
     if (!auth_isadmin()) {
         echo 'for admins only';
         return;
     }
     if (!checkSecurityToken()) {
         echo 'CRSF Attack';
         return;
     }
     $ID = getID();
     /** @var $acl admin_plugin_acl */
     $acl = plugin_load('admin', 'acl');
     $acl->handle();
     $ajax = $INPUT->str('ajax');
     header('Content-Type: text/html; charset=utf-8');
     if ($ajax == 'info') {
         $acl->_html_info();
     } elseif ($ajax == 'tree') {
         $ns = $INPUT->str('ns');
         if ($ns == '*') {
             $ns = '';
         }
         $ns = cleanID($ns);
         $lvl = count(explode(':', $ns));
         $ns = utf8_encodeFN(str_replace(':', '/', $ns));
         $data = $acl->_get_tree($ns, $ns);
         foreach (array_keys($data) as $item) {
             $data[$item]['level'] = $lvl + 1;
         }
         echo html_buildlist($data, 'acl', array($acl, '_html_list_acl'), array($acl, '_html_li_acl'));
     }
 }
コード例 #10
0
ファイル: config.php プロジェクト: 10corp/playSMS
<?php

defined('_SECURE_') or die('Forbidden');
// sms_command bin path should be secured from unwanted access
$plugin_config['sms_command']['bin'] = '/var/lib/playsms/sms_command';
// set to TRUE will allow regular users in playSMS to access this feature
// since 1.0 by default its FALSE (read: https://github.com/antonraharja/playSMS/pull/146)
$plugin_config['sms_command']['allow_user_access'] = FALSE;
if (auth_isadmin() || $plugin_config['sms_command']['allow_user_access']) {
    // insert to left menu array
    $menutab = $core_config['menutab']['features'];
    $menu_config[$menutab][] = array("index.php?app=main&inc=feature_sms_command&op=sms_command_list", _('Manage command'));
}
コード例 #11
0
ファイル: sender_id.php プロジェクト: 10corp/playSMS
        }
        header("Location: " . _u('index.php?app=main&inc=core_sender_id&op=sender_id_edit&id=' . $_REQUEST['id']));
        exit;
        break;
    case "toggle_status":
        $search = array('id' => $_REQUEST['id'], 'registry_family' => 'sender_id');
        foreach (registry_search_record($search) as $row) {
            $status = $row['registry_value'] == 0 ? 1 : 0;
            $items[$row['registry_key']] = $status;
            registry_update($row['uid'], 'features', 'sender_id', $items);
        }
        $_SESSION['dialog']['info'][] = ($status == 1 ? _('Sender ID is now approved') : _('Sender ID is now disabled')) . ' (' . _('Sender ID') . ': ' . $row['registry_key'] . ')';
        header("Location: " . _u('index.php?app=main&inc=core_sender_id&op=sender_id_list'));
        exit;
        break;
    case "sender_id_delete":
        $nav = themes_nav_session();
        $search = themes_search_session();
        $ref = $nav['url'] . '&search_keyword=' . $search['keyword'] . '&page=' . $nav['page'] . '&nav=' . $nav['nav'];
        $uid = auth_isadmin() && $data_sender_id[0]['uid'] ? $data_sender_id[0]['uid'] : $user_config['uid'];
        registry_remove($uid, 'features', 'sender_id', $data_sender_id[0]['registry_key']);
        registry_remove($uid, 'features', 'sender_id_description', $data_sender_id[0]['registry_key']);
        $default_sender_id = sender_id_default_get($uid);
        if (strtoupper($data_sender_id[0]['registry_key']) == strtoupper($default_sender_id)) {
            sender_id_default_set($data_sender_id[0]['uid'], '');
        }
        $_SESSION['dialog']['info'][] = _('Sender ID has been removed') . ' (' . _('Sender ID') . ': ' . $data_sender_id[0]['registry_key'] . ')';
        header("Location: " . _u($ref));
        exit;
        break;
}
コード例 #12
0
ファイル: fn.php プロジェクト: 10corp/playSMS
/**
 * Update sender ID
 *
 * @param integer $uid
 *        User ID
 * @param string $sender_id
 *        Sender ID
 * @param string $sender_id_description
 *        Sender ID description
 * @param integer $isdefault
 *        Flag 1 for default sender ID
 * @param integer $isapproved
 *        Flag 1 for approved sender ID
 * @return boolean TRUE when new sender ID has been updated
 */
function sender_id_update($uid, $sender_id, $sender_id_description = '', $isdefault = '_', $isapproved = '_')
{
    global $user_config;
    if (sender_id_check($uid, $sender_id)) {
        $default = '_';
        if ($isdefault !== '_') {
            $default = (int) $isdefault ? 1 : 0;
        }
        if ($isapproved !== '_') {
            if (auth_isadmin()) {
                $approved = (int) $isapproved ? 1 : 0;
                $data_sender_id = array($sender_id => $approved);
            }
        }
        $sender_id_description = trim($sender_id_description) ? trim($sender_id_description) : $sender_id;
        $data_description = array($sender_id => $sender_id_description);
        $uid = auth_isadmin() && $uid ? $uid : $user_config['uid'];
        if ($uid) {
            if ($data_sender_id) {
                registry_update($uid, 'features', 'sender_id', $data_sender_id);
            }
            registry_update($uid, 'features', 'sender_id_desc', $data_description);
        } else {
            // unknown error
            return FALSE;
        }
        // set default
        if ($default !== '_') {
            if (auth_isadmin() && $default && $approved) {
                // set default if isadmin, default and approved
                sender_id_default_set($uid, $sender_id);
            } else {
                // set to empty (remove default)
                sender_id_default_set($uid, '');
            }
        }
        return TRUE;
    } else {
        // not found
        return FALSE;
    }
}
コード例 #13
0
ファイル: subuser_mgmnt.php プロジェクト: yrahman/playSMS
 $keywords = $search['dba_keywords'];
 $count = dba_count(_DB_PREF_ . '_tblUser', $conditions, $keywords);
 $nav = themes_nav($count, "index.php?app=main&inc=core_user&route=subuser_mgmnt&op=subuser_list");
 $extras = array('ORDER BY' => 'register_datetime DESC, username', 'LIMIT' => $nav['limit'], 'OFFSET' => $nav['offset']);
 $list = dba_search(_DB_PREF_ . '_tblUser', '*', $conditions, $keywords, $extras);
 if ($err = $_SESSION['error_string']) {
     $content = "<div class=error_string>{$err}</div>";
 }
 $content .= "\n\t\t\t<h2>" . _('Manage subuser') . "</h2>\n\t\t\t<h3>" . _('List of subusers') . "</h3>\n\t\t\t<p>" . $search['form'] . "</p>\t\t\t\n\t\t\t<div class=actions_box>\n\t\t\t\t<div class=pull-left>\n\t\t\t\t\t<a href=\"" . _u('index.php?app=main&inc=core_user&route=subuser_mgmnt&op=subuser_add') . "\">" . $icon_config['add'] . "</a>\n\t\t\t\t</div>\n\t\t\t\t<div class=pull-right>\n\t\t\t\t</div>\n\t\t\t</div>\n\t\t\t<div class=table-responsive>\n\t\t\t<table class=playsms-table-list>\n\t\t\t<thead><tr>\n\t\t\t\t<th width='20%'>" . _('Registered') . "</th>\n\t\t\t\t<th width='15%'>" . _('Username') . "</th>\n\t\t\t\t<th width='20%'>" . _('Name') . "</th>\n\t\t\t\t<th width='15%'>" . _('Mobile') . "</th>\n\t\t\t\t<th width='15%'>" . _('Credit') . "</th>\n\t\t\t\t<th width='15%'>" . _('Action') . "</th>\n\t\t\t</tr></thead>\n\t\t\t<tbody>";
 $j = $nav['top'];
 for ($i = 0; $i < count($list); $i++) {
     $action = "";
     // login as
     if ($list[$i]['uid'] != $user_config['uid']) {
         $main_config = $core_config['main'];
         if (!$main_config['disable_login_as'] || auth_isadmin()) {
             $action = "<a href=\"" . _u('index.php?app=main&inc=core_user&route=subuser_mgmnt&op=login_as&uname=' . $list[$i]['username']) . "\">" . $icon_config['login_as'] . "</a>";
         }
     }
     // subuser preferences
     $action .= "<a href=\"" . _u('index.php?app=main&inc=core_user&route=user_pref&op=user_pref&uname=' . $list[$i]['username']) . "\">" . $icon_config['user_pref'] . "</a>";
     // subuser configurations
     $action .= "<a href=\"" . _u('index.php?app=main&inc=core_user&route=user_config&op=user_config&uname=' . $list[$i]['username']) . "\">" . $icon_config['user_config'] . "</a>";
     if ($list[$i]['uid'] != '1' || $list[$i]['uid'] != $user_config['uid']) {
         if (user_banned_get($list[$i]['uid'])) {
             // unban
             $action .= "<a href=\"javascript: ConfirmURL('" . addslashes(_("Are you sure you want to unban subuser")) . " " . $list[$i]['username'] . " ?','" . _u('index.php?app=main&inc=core_user&route=subuser_mgmnt&op=subuser_unban&uname=' . $list[$i]['username']) . "')\">" . $icon_config['unban'] . "</a>";
             $banned_icon = $icon_config['ban'];
         } else {
             // ban
             $action .= "<a href=\"javascript: ConfirmURL('" . addslashes(_("Are you sure you want to ban subuser")) . " " . $list[$i]['username'] . " ?','" . _u('index.php?app=main&inc=core_user&route=subuser_mgmnt&op=subuser_ban&uname=' . $list[$i]['username']) . "')\">" . $icon_config['ban'] . "</a>";
コード例 #14
0
/**
 * Returns the maximum rights a user has for
 * the given ID or its namespace
 *
 * @author  Andreas Gohr <*****@*****.**>
 *
 * @param  string  $id     page ID
 * @param  string  $user   Username
 * @param  array   $groups Array of groups the user is in
 * @return int             permission level
 */
function auth_aclcheck($id, $user, $groups)
{
    global $conf;
    global $AUTH_ACL;
    // if no ACL is used always return upload rights
    if (!$conf['useacl']) {
        return AUTH_UPLOAD;
    }
    //make sure groups is an array
    if (!is_array($groups)) {
        $groups = array();
    }
    //if user is superuser or in superusergroup return 255 (acl_admin)
    if (auth_isadmin($user, $groups)) {
        return AUTH_ADMIN;
    }
    $user = auth_nameencode($user);
    //prepend groups with @ and nameencode
    $cnt = count($groups);
    for ($i = 0; $i < $cnt; $i++) {
        $groups[$i] = '@' . auth_nameencode($groups[$i]);
    }
    $ns = getNS($id);
    $perm = -1;
    if ($user || count($groups)) {
        //add ALL group
        $groups[] = '@ALL';
        //add User
        if ($user) {
            $groups[] = $user;
        }
        //build regexp
        $regexp = join('|', $groups);
    } else {
        $regexp = '@ALL';
    }
    //check exact match first
    $matches = preg_grep('/^' . preg_quote($id, '/') . '\\s+(' . $regexp . ')\\s+/', $AUTH_ACL);
    if (count($matches)) {
        foreach ($matches as $match) {
            $match = preg_replace('/#.*$/', '', $match);
            //ignore comments
            $acl = preg_split('/\\s+/', $match);
            if ($acl[2] > AUTH_DELETE) {
                $acl[2] = AUTH_DELETE;
            }
            //no admins in the ACL!
            if ($acl[2] > $perm) {
                $perm = $acl[2];
            }
        }
        if ($perm > -1) {
            //we had a match - return it
            return $perm;
        }
    }
    //still here? do the namespace checks
    if ($ns) {
        $path = $ns . ':\\*';
    } else {
        $path = '\\*';
        //root document
    }
    do {
        $matches = preg_grep('/^' . $path . '\\s+(' . $regexp . ')\\s+/', $AUTH_ACL);
        if (count($matches)) {
            foreach ($matches as $match) {
                $match = preg_replace('/#.*$/', '', $match);
                //ignore comments
                $acl = preg_split('/\\s+/', $match);
                if ($acl[2] > AUTH_DELETE) {
                    $acl[2] = AUTH_DELETE;
                }
                //no admins in the ACL!
                if ($acl[2] > $perm) {
                    $perm = $acl[2];
                }
            }
            //we had a match - return it
            return $perm;
        }
        //get next higher namespace
        $ns = getNS($ns);
        if ($path != '\\*') {
            $path = $ns . ':\\*';
            if ($path == ':\\*') {
                $path = '\\*';
            }
        } else {
            //we did this already
            //looks like there is something wrong with the ACL
            //break here
            msg('No ACL setup yet! Denying access to everyone.');
            return AUTH_NONE;
        }
    } while (1);
    //this should never loop endless
    //still here? return no permissions
    return AUTH_NONE;
}
コード例 #15
0
ファイル: database2.php プロジェクト: elaratain/database2
 /**
  * Checks if current user is authorized according to given rule.
  *
  * The rule is a comma-separated list of usernames and groups (after
  * preceeding @ character), e.g.
  *
  *   admin,@user
  *
  * authorizing user admin and every user in group "user".
  *
  * @param string $rule rule describing authorizations
  * @return boolean true if current user is authorized, false otherwise
  */
 protected function isAuthorized($rule)
 {
     global $USERINFO;
     if (auth_isadmin()) {
         return true;
     }
     if ($rule) {
         $granted = true;
         foreach (explode(',', $rule) as $role) {
             $role = trim($role);
             if ($role === '') {
                 continue;
             }
             if (!strcasecmp($role, '@ALL')) {
                 return true;
             }
             if (!strcasecmp($role, '@NONE')) {
                 return false;
             }
             if ($_SERVER['REMOTE_USER']) {
                 if ($role[0] == '!') {
                     $role = substr($role, 1);
                     $match = false;
                 } else {
                     $match = true;
                 }
                 if ($role[0] == '@') {
                     if (in_array(substr($role, 1), $USERINFO['grps'])) {
                         if ($match && $granted) {
                             return true;
                         }
                         if (!$match) {
                             $granted = false;
                         }
                     }
                 } else {
                     if ($role == $_SERVER['REMOTE_USER']) {
                         if ($match && $granted) {
                             return true;
                         }
                         if (!$match) {
                             $granted = false;
                         }
                     }
                 }
             }
         }
     }
     return false;
 }
コード例 #16
0
ファイル: fn.php プロジェクト: 10corp/playSMS
function phonebook_hook_phonebook_search_user($uid, $keyword = "", $count = 0, $exact = FALSE)
{
    $ret = array();
    $keywords = $keyword;
    $fields = 'username, name, mobile, email';
    if ((int) $count) {
        $extras = 'LIMIT ' . (int) $count;
    }
    $users = user_search($keywords, $fields, $extras, $exact);
    foreach ($users as $user) {
        if ($name = phonebook_number2name($uid, $user['mobile'])) {
            $user['name'] = $name . '/' . $user['name'];
        }
        if (auth_isadmin()) {
            $ret[] = $user;
        } else {
            if ($name) {
                $ret[] = $user;
            }
        }
    }
    return $ret;
}
コード例 #17
0
ファイル: fn.php プロジェクト: yrahman/playSMS
function themes_select_users_single($select_field_name, $selected_value = '', $tag_params = array(), $css_id = '', $css_class = '')
{
    global $user_config;
    $ret = '';
    if (core_themes_get()) {
        $ret = core_hook(core_themes_get(), 'themes_select_users_single', array($select_field_name, $selected_value, $tag_params, $css_id, $css_class));
    }
    if (!$ret) {
        if (!is_array($selected_value)) {
            $selected_value = array($selected_value);
        }
        if (auth_isadmin()) {
            $admins = user_getallwithstatus(2);
            $users = user_getallwithstatus(3);
        }
        $subusers = user_getsubuserbyuid($user_config['uid']);
        $option_user .= '<option value="0">' . _('Select users') . '</option>';
        if (count($admins) > 0) {
            $option_user .= '<optgroup label="' . _('Administrators') . '">';
            foreach ($admins as $admin) {
                $selected = '';
                foreach ($selected_value as $sv) {
                    if ($admin['uid'] == $sv) {
                        $selected = 'selected';
                        break;
                    }
                }
                $option_user .= '<option value="' . $admin['uid'] . '" ' . $selected . '>' . $admin['name'] . ' (' . $admin['username'] . ') - ' . _('Administrator') . '</option>';
            }
            $option_user .= '</optgroup>';
        }
        if (count($users) > 0) {
            $option_user .= '<optgroup label="' . _('Users') . '">';
            foreach ($users as $user) {
                $selected = '';
                foreach ($selected_value as $sv) {
                    if ($user['uid'] == $sv) {
                        $selected = 'selected';
                        break;
                    }
                }
                $option_user .= '<option value="' . $user['uid'] . '" ' . $selected . '>' . $user['name'] . ' (' . $user['username'] . ') - ' . _('User') . '</option>';
            }
            $option_user .= '</optgroup>';
        }
        if (count($subusers) > 0) {
            $option_user .= '<optgroup label="' . _('Subusers') . '">';
            foreach ($subusers as $subuser) {
                $selected = '';
                foreach ($selected_value as $sv) {
                    if ($subuser['uid'] == $sv) {
                        $selected = 'selected';
                        break;
                    }
                }
                $option_user .= '<option value="' . $subuser['uid'] . '"' . $selected . '>' . $subuser['name'] . ' (' . $subuser['username'] . ') - ' . _('Subuser') . '</option>';
            }
            $option_user .= '</optgroup>';
        }
        $css_id = trim($css_id) ? trim($css_id) : 'playsms-select-users-single-' . core_sanitize_alphanumeric($select_field_name);
        if (is_array($tag_params)) {
            foreach ($tag_params as $key => $val) {
                $params .= ' ' . $key . '="' . $val . '"';
            }
        }
        $placeholder = $tag_params['placeholder'] ? $tag_params['placeholder'] : _('Select users');
        $width = $tag_params['width'] ? $tag_params['width'] : 'resolve';
        $js = '
			<script language="javascript" type="text/javascript">
				$(document).ready(function() {
					$("#' . $css_id . '").select2({
						placeholder: "' . $placeholder . '",
						width: "' . $width . '",
						separator: [\',\'],
						tokenSeparators: [\',\'],
					});
				});
			</script>
		';
        $ret = $js . PHP_EOL . '<select name="' . $select_field_name . '" id="' . $css_id . '" class="playsms-select ' . $css_class . '" ' . $params . '>' . $option_user . '</select>';
        return $ret;
    }
}
コード例 #18
0
ファイル: user_pref.php プロジェクト: 10corp/playSMS
     $show_personal_information = FALSE;
 }
 // get country option
 $option_country = "<option value=\"0\">--" . _('Please select') . "--</option>\n";
 $result = country_search();
 for ($i = 0; $i < count($result); $i++) {
     $country_id = $result[$i]['country_id'];
     $country_name = $result[$i]['country_name'];
     $selected = "";
     if ($country_id == $country) {
         $selected = "selected";
     }
     $option_country .= "<option value=\"{$country_id}\" {$selected}>{$country_name}</option>\n";
 }
 // admin or users
 if ($uname && (auth_isadmin() || $is_parent)) {
     $form_title = _('Manage account');
     if ($is_parent) {
         $button_delete = "<input type=button class=button value='" . _('Delete') . "' onClick=\"javascript: ConfirmURL('" . _('Are you sure you want to delete subuser ?') . " (" . _('username') . ": " . $c_username . ")','index.php?app=main&inc=core_user&route=subuser_mgmnt&op=subuser_del" . $url_uname . "')\">";
         $button_back = _back('index.php?app=main&inc=core_user&route=subuser_mgmnt&op=subuser_list');
     } else {
         $button_delete = "<input type=button class=button value='" . _('Delete') . "' onClick=\"javascript: ConfirmURL('" . _('Are you sure you want to delete user ?') . " (" . _('username') . ": " . $c_username . ")','index.php?app=main&inc=core_user&route=user_mgmnt&op=user_del" . $url_uname . "&view=" . $view . "')\">";
         $button_back = _back('index.php?app=main&inc=core_user&route=user_mgmnt&op=user_list&view=' . $view);
     }
 } else {
     $form_title = _('Preferences');
 }
 // error string
 if ($err = TRUE) {
     $error_content = _dialog();
 }
コード例 #19
0
 /**
  * Checks if the current user may edit data in this schema
  *
  * @return bool
  */
 public function isEditable()
 {
     global $USERINFO;
     if ($this->editors == '') {
         return true;
     }
     if (blank($_SERVER['REMOTE_USER'])) {
         return false;
     }
     if (auth_isadmin()) {
         return true;
     }
     return auth_isMember($this->editors, $_SERVER['REMOTE_USER'], $USERINFO['grps']);
 }
コード例 #20
0
ファイル: auth.php プロジェクト: amondot/dokuwiki_ynh
/**
 * default ACL check method
 *
 * DO NOT CALL DIRECTLY, use auth_aclcheck() instead
 *
 * @author  Andreas Gohr <*****@*****.**>
 * @param  array $data event data
 * @return int   permission level
 */
function auth_aclcheck_cb($data)
{
    $id =& $data['id'];
    $user =& $data['user'];
    $groups =& $data['groups'];
    global $conf;
    global $AUTH_ACL;
    /* @var DokuWiki_Auth_Plugin $auth */
    global $auth;
    // if no ACL is used always return upload rights
    if (!$conf['useacl']) {
        return AUTH_UPLOAD;
    }
    if (!$auth) {
        return AUTH_NONE;
    }
    //make sure groups is an array
    if (!is_array($groups)) {
        $groups = array();
    }
    //if user is superuser or in superusergroup return 255 (acl_admin)
    if (auth_isadmin($user, $groups)) {
        return AUTH_ADMIN;
    }
    if (!$auth->isCaseSensitive()) {
        $user = utf8_strtolower($user);
        $groups = array_map('utf8_strtolower', $groups);
    }
    $user = $auth->cleanUser($user);
    $groups = array_map(array($auth, 'cleanGroup'), (array) $groups);
    $user = auth_nameencode($user);
    //prepend groups with @ and nameencode
    $cnt = count($groups);
    for ($i = 0; $i < $cnt; $i++) {
        $groups[$i] = '@' . auth_nameencode($groups[$i]);
    }
    $ns = getNS($id);
    $perm = -1;
    if ($user || count($groups)) {
        //add ALL group
        $groups[] = '@ALL';
        //add User
        if ($user) {
            $groups[] = $user;
        }
    } else {
        $groups[] = '@ALL';
    }
    //check exact match first
    $matches = preg_grep('/^' . preg_quote($id, '/') . '[ \\t]+([^ \\t]+)[ \\t]+/', $AUTH_ACL);
    if (count($matches)) {
        foreach ($matches as $match) {
            $match = preg_replace('/#.*$/', '', $match);
            //ignore comments
            $acl = preg_split('/[ \\t]+/', $match);
            if (!$auth->isCaseSensitive() && $acl[1] !== '@ALL') {
                $acl[1] = utf8_strtolower($acl[1]);
            }
            if (!in_array($acl[1], $groups)) {
                continue;
            }
            if ($acl[2] > AUTH_DELETE) {
                $acl[2] = AUTH_DELETE;
            }
            //no admins in the ACL!
            if ($acl[2] > $perm) {
                $perm = $acl[2];
            }
        }
        if ($perm > -1) {
            //we had a match - return it
            return (int) $perm;
        }
    }
    //still here? do the namespace checks
    if ($ns) {
        $path = $ns . ':*';
    } else {
        $path = '*';
        //root document
    }
    do {
        $matches = preg_grep('/^' . preg_quote($path, '/') . '[ \\t]+([^ \\t]+)[ \\t]+/', $AUTH_ACL);
        if (count($matches)) {
            foreach ($matches as $match) {
                $match = preg_replace('/#.*$/', '', $match);
                //ignore comments
                $acl = preg_split('/[ \\t]+/', $match);
                if (!$auth->isCaseSensitive() && $acl[1] !== '@ALL') {
                    $acl[1] = utf8_strtolower($acl[1]);
                }
                if (!in_array($acl[1], $groups)) {
                    continue;
                }
                if ($acl[2] > AUTH_DELETE) {
                    $acl[2] = AUTH_DELETE;
                }
                //no admins in the ACL!
                if ($acl[2] > $perm) {
                    $perm = $acl[2];
                }
            }
            //we had a match - return it
            if ($perm != -1) {
                return (int) $perm;
            }
        }
        //get next higher namespace
        $ns = getNS($ns);
        if ($path != '*') {
            $path = $ns . ':*';
            if ($path == ':*') {
                $path = '*';
            }
        } else {
            //we did this already
            //looks like there is something wrong with the ACL
            //break here
            msg('No ACL setup yet! Denying access to everyone.');
            return AUTH_NONE;
        }
    } while (1);
    //this should never loop endless
    return AUTH_NONE;
}
コード例 #21
0
ファイル: config.php プロジェクト: 10corp/playSMS
<?php

defined('_SECURE_') or die('Forbidden');
if (auth_isadmin()) {
    $menutab = $core_config['menutab']['settings'];
    $menu_config[$menutab][] = array('index.php?app=main&inc=feature_outgoing&op=outgoing_list', _('Route outgoing SMS'), 2);
}
コード例 #22
0
ファイル: fn.php プロジェクト: 10corp/playSMS
/**
 * Delete existing user
 *
 * @param integer $uid
 *        User ID
 * @return array $ret('error_string', 'status')
 */
function user_remove($uid, $forced = FALSE)
{
    global $user_config;
    $ret['error_string'] = _('Unknown error has occurred');
    $ret['status'] = FALSE;
    if ($forced || auth_isadmin() || $user_config['status'] == 3) {
        if ($username = user_uid2username($uid)) {
            if (!($uid == 1)) {
                if ($uid == $user_config['uid']) {
                    $ret['error_string'] = _('Currently logged in user is immune to deletion');
                } else {
                    $subusers = user_getsubuserbyuid($uid);
                    if (count($subusers) > 0) {
                        $ret['error_string'] = _('Unable to delete this user until all subusers under this user have been removed');
                        return $ret;
                    }
                    if ($user_config['status'] == 3) {
                        $parent_uid = user_getparentbyuid($uid);
                        if ($parent_uid != $user_config['uid']) {
                            $ret['error_string'] = _('Unable to delete other users');
                            return $ret;
                        }
                    }
                    if (dba_update(_DB_PREF_ . '_tblUser', array('c_timestamp' => mktime(), 'flag_deleted' => 1), array('flag_deleted' => 0, 'uid' => $uid))) {
                        user_banned_remove($uid);
                        _log('user removed u:' . $username . ' uid:' . $uid, 2, 'user_remove');
                        $ret['error_string'] = _('Account has been removed') . " (" . _('username') . ": " . $username . ")";
                        $ret['status'] = TRUE;
                    }
                }
            } else {
                $ret['error_string'] = _('User is immune to deletion') . " (" . _('username') . ": " . $username . ")";
            }
        } else {
            $ret['error_string'] = _('User does not exist');
        }
    } else {
        $ret['error_string'] = _('User deletion unavailable');
    }
    return $ret;
}
コード例 #23
0
ファイル: action.php プロジェクト: x42/dokuoauth
 private function oauth_isadmin()
 {
     /*{{{*/
     if (auth_isadmin() || $this->getConf('manager_admin') && auth_ismanager()) {
         return true;
     }
     return false;
 }
コード例 #24
0
ファイル: auth.php プロジェクト: AlexanderS/Part-DB
/**
 * Returns the maximum rights a user has for
 * the given ID or its namespace
 *
 * @author  Andreas Gohr <*****@*****.**>
 *
 * @param  string       $id     page ID (needs to be resolved and cleaned)
 * @param  string       $user   Username
 * @param  array|null   $groups Array of groups the user is in
 * @return int             permission level
 */
function auth_aclcheck($id, $user, $groups)
{
    global $conf;
    global $AUTH_ACL;
    /* @var auth_basic $auth */
    global $auth;
    // for PART-DB
    return !$conf['useacl'] && file_exists(DOKU_INC . '../../data/ENABLE-DOKUWIKI-WRITE-PERMS.txt') ? AUTH_ADMIN : AUTH_READ;
    // if no ACL is used always return upload rights
    if (!$conf['useacl']) {
        return AUTH_UPLOAD;
    }
    if (!$auth) {
        return AUTH_NONE;
    }
    //make sure groups is an array
    if (!is_array($groups)) {
        $groups = array();
    }
    //if user is superuser or in superusergroup return 255 (acl_admin)
    if (auth_isadmin($user, $groups)) {
        return AUTH_ADMIN;
    }
    $ci = '';
    if (!$auth->isCaseSensitive()) {
        $ci = 'ui';
    }
    $user = $auth->cleanUser($user);
    $groups = array_map(array($auth, 'cleanGroup'), (array) $groups);
    $user = auth_nameencode($user);
    //prepend groups with @ and nameencode
    $cnt = count($groups);
    for ($i = 0; $i < $cnt; $i++) {
        $groups[$i] = '@' . auth_nameencode($groups[$i]);
    }
    $ns = getNS($id);
    $perm = -1;
    if ($user || count($groups)) {
        //add ALL group
        $groups[] = '@ALL';
        //add User
        if ($user) {
            $groups[] = $user;
        }
    } else {
        $groups[] = '@ALL';
    }
    //check exact match first
    $matches = preg_grep('/^' . preg_quote($id, '/') . '\\s+(\\S+)\\s+/' . $ci, $AUTH_ACL);
    if (count($matches)) {
        foreach ($matches as $match) {
            $match = preg_replace('/#.*$/', '', $match);
            //ignore comments
            $acl = preg_split('/\\s+/', $match);
            if (!in_array($acl[1], $groups)) {
                continue;
            }
            if ($acl[2] > AUTH_DELETE) {
                $acl[2] = AUTH_DELETE;
            }
            //no admins in the ACL!
            if ($acl[2] > $perm) {
                $perm = $acl[2];
            }
        }
        if ($perm > -1) {
            //we had a match - return it
            return $perm;
        }
    }
    //still here? do the namespace checks
    if ($ns) {
        $path = $ns . ':*';
    } else {
        $path = '*';
        //root document
    }
    do {
        $matches = preg_grep('/^' . preg_quote($path, '/') . '\\s+(\\S+)\\s+/' . $ci, $AUTH_ACL);
        if (count($matches)) {
            foreach ($matches as $match) {
                $match = preg_replace('/#.*$/', '', $match);
                //ignore comments
                $acl = preg_split('/\\s+/', $match);
                if (!in_array($acl[1], $groups)) {
                    continue;
                }
                if ($acl[2] > AUTH_DELETE) {
                    $acl[2] = AUTH_DELETE;
                }
                //no admins in the ACL!
                if ($acl[2] > $perm) {
                    $perm = $acl[2];
                }
            }
            //we had a match - return it
            if ($perm != -1) {
                return $perm;
            }
        }
        //get next higher namespace
        $ns = getNS($ns);
        if ($path != '*') {
            $path = $ns . ':*';
            if ($path == ':*') {
                $path = '*';
            }
        } else {
            //we did this already
            //looks like there is something wrong with the ACL
            //break here
            msg('No ACL setup yet! Denying access to everyone.');
            return AUTH_NONE;
        }
    } while (1);
    //this should never loop endless
    return AUTH_NONE;
}
コード例 #25
0
ファイル: fn.php プロジェクト: yrahman/playSMS
function dba_valid($db_table, $field, $value)
{
    global $user_config;
    $ret = false;
    if ($db_table && $field && $value) {
        $conditions[$field] = $value;
        if (!auth_isadmin()) {
            $conditions['uid'] = $user_config['uid'];
        }
        if ($list = dba_search($db_table, $field, $conditions)) {
            $ret = $list[0][$field];
        }
    }
    return $ret;
}
コード例 #26
0
ファイル: dev.php プロジェクト: 10corp/playSMS
/**
 * This file is part of playSMS.
 *
 * playSMS is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * playSMS is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with playSMS. If not, see <http://www.gnu.org/licenses/>.
 */
defined('_SECURE_') or die('Forbidden');
if (!auth_isadmin()) {
    auth_block();
}
include $core_config['apps_path']['plug'] . "/gateway/dev/config.php";
switch (_OP_) {
    case "manage":
        if ($err = TRUE) {
            $content = _dialog();
        }
        $content .= "\n\t\t\t<h2>" . _('Manage dev') . "</h2>\n\t\t\t<table class=playsms-table>\n\t\t\t\t<tbody><tr><td class=label-sizer>" . _('Gateway name') . "</td><td>dev</td></tr></tbody>\n\t\t\t</table>\n\t\t";
        $content .= _back('index.php?app=main&inc=core_gateway&op=gateway_list');
        _p($content);
        break;
}
コード例 #27
0
ファイル: fn.php プロジェクト: 10corp/playSMS
/**
 * Check if visitor has certain ACL
 *
 * @param string $acl
 *        Access Control List
 * @return boolean TRUE if valid and visitor has certain ACL
 */
function auth_isacl($acl)
{
    if (auth_isvalid()) {
        if (auth_isadmin()) {
            return TRUE;
        } else {
            $user_acl_id = user_getfieldbyuid($_SESSION['uid'], 'acl_id');
            $user_acl_name = acl_getname($user_acl_id);
            if ($acl && $user_acl_name && strtoupper($acl) == strtoupper($user_acl_name)) {
                return TRUE;
            }
        }
    }
    return FALSE;
}