コード例 #1
0
ファイル: index.php プロジェクト: ksb1712/pragyan
    } else {
        $pageFullPath = "home";
    }
}
///Retrieve the action, default is "view"
if (isset($_GET['action'])) {
    $action = strtolower(escape($_GET['action']));
} else {
    $action = "view";
}
///Just to check if server is alive, an alternative of Ping
if ($action == 'keepalive') {
    die("OK: " . rand());
}
///Get all the global settings from the database and convert into variables
$globals = getGlobalSettings();
foreach ($globals as $var => $val) {
    ${$var} = $val;
}
if ($openid_enabled == 'true') {
    set_include_path('cms/openid/');
    require_once 'cms/openid/class.dopeopenid.php';
}
///Check the status of URL rewriting taken from database
$rewriteEngineEnabled = $url_rewrite;
///Some of the previously defined global settings variables are converted into constants
///Title of the Website
define("CMS_TITLE", $cms_title);
///Default template name
define("DEF_TEMPLATE", $default_template);
///Upload size limit for the CMS. All the modules use this constant as the upload limit.
コード例 #2
0
ファイル: admin.lib.php プロジェクト: nobelium/pragyan
function securitySettingsForm()
{
    global $pageFullPath;
    global $CMSTEMPLATE;
    global $urlRequestRoot, $templateFolder, $cmsFolder;
    $globals = getGlobalSettings();
    $blacklist = getBlacklistTable();
    foreach ($globals as $var => $val) {
        ${$var} = $val;
    }
    $openidno_ischecked = $openid_enabled == 'false' ? 'checked' : '';
    $openidyes_ischecked = $openid_enabled == 'false' ? '' : 'checked';
    $recapt_ischecked = $recaptcha == '1' ? 'checked' : '';
    $globalform = <<<globalform
\t<table style="width:100%">
\t<tr>
\t<td style="width:35%">Upload Limit (bytes) </td>
\t<td style="width:"65%"><input type="text" name='upload_limit' value='{$upload_limit}'></td>
\t</tr>
\t<tr>
\t<td>Site Reindex Frequency (days) </td>
\t<td><input type="text" name='reindex_frequency' value='{$reindex_frequency}'></td>
\t</tr>
        <tr>
\t\t\t<td><label for="optEnableOpenID">Enable OpenID?</label></td>
\t\t\t<td>
\t\t\t<labe><input type="radio" name="openid_enabled" id="optEnableOpenIDNo" value="false" {$openidno_ischecked} />No</label>
\t\t\t<label><input type="radio" name="openid_enabled" id="optEnableOpenIDYes" value="true" {$openidyes_ischecked} />Yes</label>
\t\t\t</td>
\t</tr>
\t<tr>
\t\t<td>Censor Words (use | to seperate the words. Please dont use spaces) </td>
\t\t<td><textarea style="width:98%" rows=10 cols=10 name='censor_words' />{$censor_words}</textarea></td>
\t</tr>
\t<tr>
\t<td>Use ReCAPTCHA ?</td>
        <td>
\t\t\t\t<label><input type="checkbox" name="recaptcha_enable" id="recaptcha_enable" value="Yes" {$recapt_ischecked}/>Yes</label>
\t\t\t</td>
\t\t</tr>
\t\t<tr>
\t\t\t<td><label for="public_key">ReCAPTCHA Public Key:</label></td>
\t\t\t<td><input type="text" id="public_key" name="public_key" value='{$recaptcha_public}' /></td>
\t\t</tr>
\t\t<tr>
\t\t\t<td><label for="private_key">ReCAPTCHA Private Key:</label></td>
\t\t\t<td><input type="text" id="private_key" name="private_key" value='{$recaptcha_private}' /></td>
\t\t</tr>
\t</table>
\t{$blacklist}
globalform;
    return $globalform;
}
コード例 #3
0
ファイル: permission.lib.php プロジェクト: ksb1712/pragyan
/**
 * Determines which permissions a user can grant, and to which groups and users on a given page
 * @param $userid User id of the user attempting to grant permissions
 * @param $pagepath Array containing the page ids of the nodes on the path to the given page
 * @param $modifiableGroups Buffer to store the groups the user can grant permissions to
 * @param $grantableActions Buffer to store the list of actions the user can grant permissions for
 * @return Boolean, indicating whether the function was successful
 */
function grantPermissions($userid, $pageid)
{
    //serving change permission requests
    if (isset($_GET['doaction']) && $_GET['doaction'] == "changePerm") {
        $permtype = escape($_GET['permtype']);
        $pageid = escape($_GET['pageid']);
        $usergroupid = escape($_GET['usergroupid']);
        $permid = escape($_GET['permid']);
        $perm = escape($_GET['perm']);
        $flag = true;
        if ($perm == 'Y' || $perm == 'N') {
            if ($permission = mysql_fetch_array(mysql_query("SELECT `perm_permission` FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'"))) {
                if ($permission['perm_permission'] != $perm) {
                    mysql_query("UPDATE `" . MYSQL_DATABASE_PREFIX . "userpageperm` SET `perm_permission` = '{$perm}' WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'");
                    if (mysql_affected_rows() == 0) {
                        $flag = false;
                    }
                }
            } else {
                mysql_query("INSERT `" . MYSQL_DATABASE_PREFIX . "userpageperm`(`perm_type`, `page_id`, `usergroup_id`, `perm_id`, `perm_permission`) VALUES('{$permtype}','{$pageid}','{$usergroupid}','{$permid}','{$perm}')");
                if (mysql_affected_rows() == 0) {
                    $flag = false;
                }
            }
        } else {
            if ($permission = mysql_fetch_array(mysql_query("SELECT `perm_permission` FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'"))) {
                mysql_query("DELETE FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'");
                if (mysql_affected_rows() == 0) {
                    $flag = false;
                }
            }
        }
        if ($flag) {
            echo "1";
        } else {
            echo "0";
        }
        disconnect();
        exit;
    }
    //serving refresh permissions request
    if (isset($_GET['doaction']) && $_GET['doaction'] == 'getpermvars' && isset($_GET['pageid'])) {
        global $cmsFolder, $urlRequestRoot, $templateFolder;
        $pageid = escape($_GET['pageid']);
        if (mysql_fetch_array(mysql_query("SELECT `page_name` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_id` = '{$pageid}'"))) {
            $pagepath = array();
            parseUrlDereferenced($pageid, $pagepath);
            $pageid = $pagepath[count($pagepath) - 1];
            $groups = array_reverse(getGroupIds($userid));
            $virtue = '';
            $maxPriorityGroup = getMaxPriorityGroup($pagepath, $userid, $groups, $virtue);
            if ($maxPriorityGroup == -1) {
                return 'You do not have the required permissions to view this page.';
            }
            if ($virtue == 'user') {
                $grantableActions = getGroupPermissions($groups, $pagepath, $userid);
            } else {
                $grantableActions = getGroupPermissions($groups, $pagepath);
            }
            $actionCount = count($_POST['permission']);
            $checkedActions = array();
            for ($i = 0; $i < $actionCount; $i++) {
                list($modTemp, $actTemp) = explode('_', escape($_POST['permission'][$i]), 2);
                if (isset($_POST[$modTemp . $actTemp])) {
                    if (isset($grantableActions[$modTemp])) {
                        for ($j = 0; $j < count($grantableActions[$modTemp]); $j++) {
                            if ($grantableActions[$modTemp][$j][1] == $actTemp) {
                                $checkedActions[$modTemp][] = $grantableActions[$modTemp][$j];
                                break;
                            }
                        }
                    }
                }
            }
            if (count($checkedActions) > 0) {
                $grantableActions = $checkedActions;
            }
            $modifiableGroups = getModifiableGroups($userid, $maxPriorityGroup);
            $modifiableGroupIds = array(0, 1);
            for ($i = 0; $i < count($modifiableGroups); $i++) {
                $modifiableGroupIds[] = $modifiableGroups[$i]['group_id'];
            }
            $permissions = formattedPermissions($pagepath, $modifiableGroupIds, $grantableActions);
            $ret = <<<RET
pageid = {$pageid};
{$permissions}
RET;
            echo $ret;
        } else {
            echo "Error: Invalid Pageid passed";
        }
        disconnect();
        exit;
    }
    global $cmsFolder, $urlRequestRoot;
    $pagepath = array();
    parseUrlDereferenced($pageid, $pagepath);
    $pageid = $pagepath[count($pagepath) - 1];
    $groups = array_reverse(getGroupIds($userid));
    $virtue = '';
    $maxPriorityGroup = getMaxPriorityGroup($pagepath, $userid, $groups, $virtue);
    if ($maxPriorityGroup == -1) {
        return 'You do not have the required permissions to view this page.';
    }
    if ($virtue == 'user') {
        $grantableActions = getGroupPermissions($groups, $pagepath, $userid);
    } else {
        $grantableActions = getGroupPermissions($groups, $pagepath);
    }
    if (isset($_POST['permission'])) {
        $actionCount = count($_POST['permission']);
    } else {
        $actionCount = "";
    }
    $checkedActions = array();
    for ($i = 0; $i < $actionCount; $i++) {
        list($modTemp, $actTemp) = explode('_', escape($_POST['permission'][$i]), 2);
        if (isset($_POST[$modTemp . $actTemp])) {
            if (isset($grantableActions[$modTemp])) {
                for ($j = 0; $j < count($grantableActions[$modTemp]); $j++) {
                    if ($grantableActions[$modTemp][$j][1] == $actTemp) {
                        $checkedActions[$modTemp][] = $grantableActions[$modTemp][$j];
                        break;
                    }
                }
            }
        }
    }
    if (count($checkedActions) > 0) {
        $grantableActions = $checkedActions;
    }
    $modifiableGroups = getModifiableGroups($userid, $maxPriorityGroup);
    $modifiableGroupIds = array(0, 1);
    for ($i = 0; $i < count($modifiableGroups); $i++) {
        $modifiableGroupIds[] = $modifiableGroups[$i]['group_id'];
    }
    $perms = json_encode(formatPermissions($grantableActions));
    $permissions = formattedPermissions($pagepath, $modifiableGroupIds, $grantableActions);
    $groups = customGetGroups($maxPriorityGroup);
    $users = customGetAllUsers();
    global $templateFolder;
    $smarttableconfig = array('permtable' => array('sPaginationType' => 'two_button', 'bAutoWidth' => 'false', 'aoColumns' => '{ "sWidth": "100px" }'), 'permtable2' => array('sPaginationType' => 'two_button', 'bAutoWidth' => 'false', 'aoColumns' => '{ "sWidth": "100px" }'));
    $ret = smarttable::render(array('permtable', 'permtable2'), $smarttableconfig);
    $globals = getGlobalSettings();
    $baseURL = "./+grant&doaction=changePerm";
    if ($globals['url_rewrite'] == 'false') {
        $baseURL = prettyurl($baseURL);
    }
    $selected = "var selected = {'permissions' : [], 'users' : [], 'groups' : []};";
    if (isset($_GET['doaction']) && $_GET['doaction'] == 'getUserPerm') {
        $get_selectedPerms = array();
        $get_selectedGroups = array();
        $get_selectedUsers = array();
        foreach ($_POST as $key => $var) {
            if (substr($key, 0, 12) == "permissions_") {
                $get_selectedPerms[] = (int) substr($key, 12);
            }
        }
        list($get_sortedGroupPerms, $get_sortedUserPerms) = getAllPermissionsOnPage($pagepath, $modifiableGroupIds, $grantableActions);
        $save = 0;
        foreach ($get_sortedGroupPerms['Y'] as $get_groupId => $get_data) {
            $found = false;
            foreach ($get_sortedGroupPerms['Y'][$get_groupId] as $get_permId) {
                foreach ($get_selectedPerms as $selected_perm) {
                    if ($selected_perm == $get_permId) {
                        $get_selectedGroups[] = (int) $get_groupId;
                        $found = true;
                    }
                }
                if ($found) {
                    break;
                }
            }
            if ($get_groupId == 0 && $found) {
                $save += 1;
            }
            if ($get_groupId == 1 && $found) {
                $save += 2;
            }
        }
        foreach ($get_sortedUserPerms['Y'] as $get_userId => $get_data) {
            $found = false;
            foreach ($get_sortedUserPerms['Y'][$get_userId] as $get_permId) {
                foreach ($get_selectedPerms as $selected_perm) {
                    if ($selected_perm == $get_permId) {
                        $get_selectedUsers[] = (int) $get_userId;
                        $found = true;
                    }
                }
                if ($found) {
                    break;
                }
            }
        }
        $get_selectedGroups = filterByPriority($maxPriorityGroup, $get_selectedGroups);
        if ($save % 2 == 1) {
            $get_selectedGroups[] = 0;
        }
        if ($save / 2 == 1) {
            $get_selectedGroups[] = 1;
        }
        $selected = "var selected = {'permissions' : " . json_encode($get_selectedPerms) . ", 'users' : " . json_encode($get_selectedUsers) . ", 'groups' : " . json_encode($get_selectedGroups) . "};";
    }
    if (isset($_GET['doaction']) && $_GET['doaction'] == 'getPermUser') {
        $get_selectedPerms = array();
        $get_selectedGroups = array();
        $get_selectedUsers = array();
        foreach ($_POST as $key => $var) {
            if (substr($key, 0, 6) == "users_") {
                $get_selectedUsers[] = (int) substr($key, 6);
            } else {
                if (substr($key, 0, 7) == "groups_") {
                    $get_selectedGroups[] = (int) substr($key, 7);
                }
            }
        }
        list($get_sortedGroupPerms, $get_sortedUserPerms) = getAllPermissionsOnPage($pagepath, $modifiableGroupIds, $grantableActions);
        $save = 0;
        foreach ($get_sortedGroupPerms['Y'] as $get_groupId => $get_data) {
            if (isPresent($get_groupId, $get_selectedGroups)) {
                foreach ($get_sortedGroupPerms['Y'][$get_groupId] as $get_permId) {
                    if (!isPresent($get_permId, $get_selectedPerms)) {
                        $get_selectedPerms[] = $get_permId;
                    }
                }
            }
        }
        foreach ($get_sortedUserPerms['Y'] as $get_userId => $get_data) {
            if (isPresent($get_userId, $get_selectedUsers)) {
                foreach ($get_sortedUserPerms['Y'][$get_userId] as $get_permId) {
                    if (!isPresent($get_permId, $get_selectedPerms)) {
                        $get_selectedPerms[] = $get_permId;
                    }
                }
            }
        }
        $selected = "var selected = {'permissions' : " . json_encode($get_selectedPerms) . ", 'users' : " . json_encode($get_selectedUsers) . ", 'groups' : " . json_encode($get_selectedGroups) . "};";
    }
    $ret .= <<<RET
<style type="text/css" title="currentStyle">
\tdiv#permtable_filter input { width: 90px; }
\tdiv#permtable2_filter input { width: 90px; }
</style>
<script type="text/javascript" language="javascript" src="{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/scripts/permissionsTable.js"></script>
<script type="text/javascript">
var baseURL = "{$baseURL}";
var pageid = {$pageid};
var permissions = {$perms};
var permGroups;
var permUsers;
var groups = {{$groups}};
var users = {{$users}};
{$permissions}
{$selected}
</script>
<div id='info'></div>
<INPUT type=checkbox id='skipAlerts'> Skip Alerts <br>
<div id='permTable'>

</div>
<table width=100%>
<tr>
<td width=50%>
<a href='javascript:selectAll1()'>Select All</a> <a href='javascript:clearAll1()'>Clear All</a> <a href='javascript:toggle1()'>Toggle</a> <a href='javascript:getuserperm()'>Check Users having selected Permission</a><br>
<form action='./+grant&doaction=getUserPerm' method="POST" id='getuserperm'>
<table class="userlisttable display" id='permtable' name='permtable'><thead><tr><th>Permissions</th></thead><tbody id='actionsList'>

</tbody></table>
</form>
</td>
<td width=50%>
<a href='javascript:selectAll2()'>Select All</a> <a href='javascript:clearAll2()'>Clear All</a> <a href='javascript:toggle2()'>Toggle</a> <a href='javascript:getpermuser()'>Check Permissions selected User is having</a><br>
<form action='./+grant&doaction=getPermUser' method="POST" id='getpermuser'>
<table class="userlisttable display" id='permtable2' name='permtable2'><thead><tr><th>Users</th></thead><tbody id='usersList'>

</tbody></table>
</form>
</td>
</tr>
</table>

<a href='javascript:populateList()'>Click here if the lists are empty</a>
RET;
    global $STARTSCRIPTS;
    $STARTSCRIPTS .= " populateList();";
    return $ret;
}
コード例 #4
0
ファイル: news.lib.php プロジェクト: nobelium/pragyan
 public function createModule($moduleComponentId)
 {
     $globalSettings = getGlobalSettings();
     mysql_query("INSERT INTO `news_desc` (`page_modulecomponentid` ,`news_copyright`)VALUES ('{$compId}', '{$globalSettings['cms_footer']}')");
 }