public function index() { # Log out a user HTTPSession::getInstance()->LogOut(); # Redirect back to home page header('Location: ' . SITE_URL); }
public function __construct($objId = null, $action = null, $NotificationId = null, $autoSave = true) { # We call super, because there are some essential steps that need to be performed # before we start (also this is used when retrieving an existing Object from DB) parent::__construct($NotificationId); # If we want to create a new Notification if ($objId) { $this->Controller = "notes"; $this->CreatorUserId = HTTPSession::getInstance()->GetUserID(); $this->ObjectId = $objId; $this->ObjectType = "Note"; $this->ProjectId = HTTPSession::getInstance()->PROJECT_ID; $this->Action = $action; # We have just set the values above, however unless we use set methods, DataBoundObject # won't recognize these as modified, therefore we have to add them to modified relations table $this->arModifiedRelations['Controller'] = "1"; $this->arModifiedRelations['CreatorUserId'] = "1"; $this->arModifiedRelations['ObjectId'] = "1"; $this->arModifiedRelations['ObjectType'] = "1"; $this->arModifiedRelations['ProjectId'] = "1"; $this->arModifiedRelations['Action'] = "1"; # Save the notification if ($autoSave) { $this->Save(); } } }
/** * A method to check whether a user is allowed to remove a notification * In particular, if it's the student who created the notification, only a supervisor can * remove it from the list (it is necessary for the supervisor to see every student action) * @param Notification $notif the notification object */ private function checkAuthCreatedByStudent(Notification $notif) { # If it's the student who created the notification, only a supervisor can # remove it from the list (it is necessary for the supervisor to see every student action) $creatorUserType = $this->model('User', $notif->getCreatorUserId())->getType(); if ($creatorUserType == User::USER_TYPE_STUDENT && HTTPSession::getInstance()->USER_TYPE != User::USER_TYPE_SUPERVISOR) { header('Location: ' . SITE_URL . 'notifications'); } }
public function index($id = null) { # If we have ID provided, we have to switch to a different project if (is_numeric($id)) { # Switch by changing PROJECT_ID session HTTPSession::getInstance()->PROJECT_ID = $id; } # Redirect back to homepage header('Location: ' . SITE_URL); }
/** * Checks whether an object (this can be ActionPoint, Note, ...) a user is trying to display/edit/remove * has the same projectId associated with it as the one stored in the current logged in session * @param $objectProjectId int the ID of the associated project * * @return true if user has access */ protected function checkAuthProjectScope($objectProjectId) { if ($objectProjectId != HTTPSession::getInstance()->PROJECT_ID) { # Redirect to the warning page header('Location: ' . SITE_URL . 'accessDenied'); # Do not continue to execute code die; } else { return true; } }
static function stLogin($userName, $password) { $password = sha1($password); $filters = array("userName" => array($userName)); $user = UserSearch::stVirtualConstructor(array("filters" => $filters, "limit" => 1))->getResult(); if (!$user) { LogsErrors::stCreate(array("errorCode" => User::ERROR_CODE_USER_NOT_EXISTS, "param" => "userName", "value" => $userName)); return false; } if ($user["password"] != $password) { LogsErrors::stCreate(array("errorCode" => User::ERROR_CODE_PASSWORD_NOT_MATCH, "param" => "password")); return false; } $token = sha1($password . time()); if (!HTTPSession::stCreate(array("userName" => $userName, "password" => $password, "token" => $token))) { return false; } return array("token" => $token); }
/** * A method to return note objects from database * @param null $meeting filter by a specific meeting * @param bool $agenda if it should be agenda notes returned * @return array the note objects */ public static function getNotes($meeting = null, $agenda = false) { # Get database connection $objPDO = PDOFactory::get(); # Get project ID from session $projectId = HTTPSession::getInstance()->PROJECT_ID; # Get user ID from session $userID = HTTPSession::getInstance()->getUserId(); # If notes for specific meeting are requested if ($meeting) { $meeting = " AND meeting_id = " . $meeting; } else { $meeting = ""; } # If notes for agenda are requested if ($agenda) { $agenda = " AND is_agenda = 1"; } else { $agenda = " AND is_agenda = 0"; } # Get all notes associated with a given project with the following condition: # – Apart from notes that are private AND associated with a different user than logged in $strQuery = "SELECT id FROM Note WHERE project_id = :project_id AND NOT (user_id != :user_id AND is_private = 1) AND is_deleted = 0 " . $meeting . $agenda . " ORDER BY datetime_created DESC"; $objStatement = $objPDO->prepare($strQuery); $objStatement->bindValue(':project_id', $projectId, PDO::PARAM_INT); $objStatement->bindValue(':user_id', $userID, PDO::PARAM_INT); $objStatement->execute(); # Define empty array $myArr = array(); # Add all notes to an array if ($result = $objStatement->fetchAll(PDO::FETCH_ASSOC)) { foreach ($result as $row) { $myArr[$row["id"]] = new Note($row["id"]); } } # Return the note objects return $myArr; }
/** * A method to process POST request for logging in * @param null $post the $_POST array */ public function loginPost($post) { # Get the values $user = $post['user']; $pass = $post['pass']; # Try to log in the user with provided values $loggedIn = HTTPSession::getInstance()->Login($user, $pass); # If successfully logged in, set following variables and redirect to the index if ($loggedIn) { # Get user $user = HTTPSession::getInstance()->GetUserObject(); # Set project id session HTTPSession::getInstance()->PROJECT_ID = $user->getProjectId(); # Set user type session (authorization purposes) HTTPSession::getInstance()->USER_TYPE = $user->getType(); # Set username session HTTPSession::getInstance()->USERNAME = $user->getUsername(); # Redirect to index header('Location: ' . SITE_URL); } else { header('Location: ' . SITE_URL . 'login/error'); } die; }
/** * Check ID against the logged in user if the user is authorized to view/edit the Note * - only user that created the note can edit it * - private notes are visible only to user who creates them * - notes are visible only within a scope of a project * @param $noteUserId * @param $noteProjectId */ private function checkAuth($noteUserId, $noteProjectId) { if ($noteUserId != HTTPSession::getInstance()->GetUserID() || $noteProjectId != HTTPSession::getInstance()->PROJECT_ID) { # Redirect back to notes if user is not authorized header('Location: ' . SITE_URL . 'notes'); # Do not continue to execute code die; } }
/** * A method to return the email associated with the google account * @return String the user email */ public function getUserEmail() { # Get ID token from session $idToken = json_decode(HTTPSession::getInstance()->ACCESS_TOKEN)->{'id_token'}; # Get user payload $payload = $this->client->verifyIdToken($idToken)->getAttributes()['payload']; # And email from it $email = $payload['email']; return $email; }
protected function checkAuthStudentAfterApproval($actionPointSentForApproval) { # If it has been sent for approval and a user is a student, then the student # is not able to access it if ($actionPointSentForApproval && HTTPSession::getInstance()->USER_TYPE == User::USER_TYPE_STUDENT) { header('Location: ' . SITE_URL . 'actionpoints'); # Do not execute code any longer die; } else { return true; } }
</div> <div class="large-4 columns right"> <!-- Display options based on action that has been done on the object --> <?php switch ($notification->getAction()) { case NotificationMeeting::ADDED: case NotificationMeeting::CANCELLED: ?> <!-- Display Edit and Approve only if the meeting is not cancelled and removed --> <?php if (!$notification->getObject()->getIsCancelled() && !$notification->getObject()->getIsDeleted()) { ?> <!-- Display the options only for a supervisor --> <?php if (!HTTPSession::getInstance()->USER_TYPE == User::USER_TYPE_STUDENT) { ?> <!-- Display edit and approve only if it hasn't been approved --> <?php if (!$notification->getObject()->getIsApproved()) { ?> <a href="<?php echo SITE_URL . $notification->getController() . "/edit/" . $notification->getObjectId(); ?> " class="button small top-10 right">Edit</a> <a href="<?php echo SITE_URL . $notification->getController() . "/approve/" . $notification->getObjectId(); ?> " class="button success small top-10 right">Approve</a> <!-- Otherwise display only edit if it was approved --> <?php
# Define site URL constant, which is further used in controllers define('SITE_URL', $config->{'site_url'}); # Set time zone date_default_timezone_set($config->{'timezone'}); # Include essential classes require_once 'core/DatetimeConverter.php'; require_once 'core/App.php'; require_once 'core/Controller.php'; require_once 'core/GoogleAuth.php'; require_once 'models/DataBoundObject.php'; require_once 'models/ProjectFactory.php'; require_once 'models/HTTPSession.php'; require_once 'models/Notification.php'; require_once 'models/NotificationAP.php'; require_once 'models/NotificationMeeting.php'; require_once 'models/NotificationNote.php'; # Start a more secure session $objSession = HTTPSession::getInstance(); # Update the inactivity time on every reload of the page $objSession->Impress(); # Start up a GoogleAuth # TODO: This must be commented out for ssms.emilc.cz, because there's wrong redirect_uri GoogleAuth::getInstance(); # Check if user is NOT logged in if (!$objSession->IsLoggedIn()) { # Redirect to login page only if we're not already on login page # otherwise we would get a redirect loop if (isset($_GET['url']) && !(strpos($_GET['url'], 'login') !== false)) { header("Location: " . SITE_URL . "login"); } }
if (HTTPSession::getInstance()->USER_TYPE == User::USER_TYPE_SUPERVISOR && !$data['id']->getIsApproved() && $data['id']->getIsDone()) { ?> <div class="large-12 columns"> <input name="isDone" id="checkbox1" type="checkbox" <?php if ($data['id']->getIsDone()) { echo "checked"; } ?> ><label for="checkbox1">Is this action point done?</label> </div> <?php } ?> <?php if (HTTPSession::getInstance()->USER_TYPE == User::USER_TYPE_SUPERVISOR && !$data['id']->getIsApproved()) { ?> <!-- If we're logged in as a supervisor and the changes hasn't been approved yet TODO: Do I need this? It will be approved automatically since it's the supervisor who's approving it --> <!--<div class="large-12 columns"> <input name="isApproved" id="checkboxApproved" type="checkbox" <?php if ($data['id']->getIsApproved()) { echo "checked"; } ?> ><label for="checkboxApproved">Approve changes</label> </div>--> <?php } ?> <div class="large-12 columns top-10">
<span class="label alert round">deleted</span> <?php } ?> </div> <div class="large-4 columns right"> <!-- Display options based on action that has been done on the object --> <?php switch ($notification->getAction()) { case NotificationAP::SENT_FOR_APPROVAL: case NotificationAP::DONE: ?> <?php if ((!$notification->getObject()->getIsApproved() || $notification->getObject()->getIsApproved() && !$notification->getObject()->getIsDone()) && HTTPSession::getInstance()->USER_TYPE == User::USER_TYPE_SUPERVISOR) { ?> <?php if (!$notification->getObject()->getIsApproved()) { ?> <a href="<?php echo SITE_URL . $notification->getController() . "/approve/" . $notification->getObjectId(); ?> " class="button success small top-10 right">Approve</a> <?php } ?> <a href="<?php echo SITE_URL . $notification->getController() . "/edit/" . $notification->getObjectId(); ?> " class="button small top-10 right">Edit</a>
/** * A method to check if user is allowed to perform certain actions on meeting * No access if: * 1. User is a student and a meeting has been approved * 2. Meeting has taken place * @param Meeting $meeting the meeting object * @return bool true if allowed */ protected function checkAuthIsApproved($meeting) { # No access if: # 1. User is a student and a meeting has been approved # 2. Meeting has taken place if ($meeting->getIsApproved() && HTTPSession::getInstance()->USER_TYPE == User::USER_TYPE_STUDENT || $meeting->getTakenPlace()) { header('Location: ' . SITE_URL . 'meetings'); # Do not execute code any longer die; } else { return true; } }
/** * A method to return action points' counts for RAG algorithm purposes * @param int $factor what kind of count should be returned * @return int the count */ public static function getActionPointsCount($factor) { # Get database connection $objPDO = PDOFactory::get(); # Get project ID from session $projectId = HTTPSession::getInstance()->PROJECT_ID; # Beginning of the select statement $select = "COUNT(id) AS ap_count"; # Decide what count to get from DB switch ($factor) { case RedAmberGreen::TO_BE_DONE: $factor = " AND is_done = 0"; break; case RedAmberGreen::RUNNING_OVER_DEADLINE: $factor = " AND is_done = 0 AND deadline < NOW()"; break; case RedAmberGreen::FINISHED: $factor = " AND is_done = 1"; break; case RedAmberGreen::FINISHED_AFTER_DEADLINE: $factor = " AND is_done = 1 AND deadline < datetime_done"; break; case RedAmberGreen::AVG_GRADE: $factor = " AND is_done = 1 AND grade <> 0"; $select = "TRUNCATE(AVG(grade),1) AS ap_count"; break; default: $factor = ""; } # Get a certain number of action points $strQuery = "SELECT " . $select . " FROM ActionPoint WHERE project_id = :project_id AND is_approved = 1" . $factor . " AND is_deleted = 0"; $objStatement = $objPDO->prepare($strQuery); $objStatement->bindValue(':project_id', $projectId, PDO::PARAM_INT); $objStatement->execute(); # Return the value $result = $objStatement->fetch()['ap_count']; # Return the count if ($result) { return $result; } else { return 0; } }
<div class="note-wrapper large-12 columns"> <!-- If it's agenda, we want to go back to agenda, not to notes --> <?php $agenda = $data['note']->getIsAgenda() ? "agenda" : "notes"; ?> <a href="<?php echo SITE_URL; echo $agenda; ?> " class="button small info">←</a> <?php if (HTTPSession::getInstance()->GetUserID() == $data['note']->getUserId()) { ?> <!-- Display option for editing and removing only for the creator of the note --> <!-- If it's agenda, we have to add /agenda to the url --> <?php $agenda = $data['note']->getIsAgenda() ? "/agenda" : ""; ?> <a href="<?php echo SITE_URL; ?> notes/edit/<?php echo $data['note']->getID(); echo $agenda; ?> " class="fa fa-edit button small"></a> <a href="<?php echo SITE_URL;
/** * A method to logout a user * @return bool */ public function LogOut() { # If user is logged in if ($this->logged_in == true) { # Update the session accordingly $strQuery = "UPDATE http_session SET logged_in = 0, user_id = 0 WHERE id = " . $this->native_session_id; $objStatement = $this->objPDO->prepare($strQuery); $objStatement->execute(); # In case it was a google sign in if (!empty(GoogleAuth::$auth)) { # Unset access token HTTPSession::getInstance()->ACCESS_TOKEN = null; } # Update instance variables $this->logged_in = false; $this->user_id = 0; return true; } else { return false; } }
><label for="checkbox0">Should this meeting repeat?</label> </div> <div class="large-12 columns"> <label>Choose repeat until date: <input name="repeatUntil" placeholder="Choose date" type="text" id="dp2" value="<?php echo $data['id']->getIsRepeating() ? $data['datetime']['dateRepeatUntil'] : ""; ?> "> </label> </div> <hr>--> <?php if (HTTPSession::getInstance()->USER_TYPE == User::USER_TYPE_SUPERVISOR) { ?> <!-- If we're logged in as a supervisor --> <!--<div class="large-12 columns"> <input name="isApproved" id="checkbox1" type="checkbox" <?php echo $data['id']->getIsApproved() ? "checked" : ""; ?> ><label for="checkbox1">Is this meeting approved?</label> </div>--> <!-- Display only if the meeting was in the past --> <?php $thisMeetingDatetime = DateTime::createFromFormat('Y-m-d H:i:s', $data['id']->getDatetime()); $timeNow = new DateTime(); ?> <?php
<?php } ?> </ul> </li> <?php } ?> <li><a data-dropdown="drop-project" data-options="align:right" aria-controls="drop-project" aria-expanded="false"><i class="fa fa-info-circle"></i></a></li> <?php } ?> </ul> <?php if (HTTPSession::getInstance()->IsLoggedIn()) { ?> <div id="drop-project" data-dropdown-content class="f-dropdown content small" aria-hidden="true" tabindex="-1"> <h5>Project information</h5> <h6><?php echo $data['project']->getName(); ?> </h6> <p><?php echo $data['project']->getDescription(); ?> </p> <hr> <h5>Participants</h5> <?php foreach ($data['projectUsers'] as $user) {
/** * A method to return meetings' counts for RAG algorithm purposes * @param int $factor what kind of count should be returned * @return int the count */ public static function getMeetingsCount($factor) { # Get database connection $objPDO = PDOFactory::get(); # Get project ID from session $projectId = HTTPSession::getInstance()->PROJECT_ID; $select = "COUNT(id) AS m_count"; # Decide what count to get from DB switch ($factor) { case RedAmberGreen::TAKEN_PLACE: $factor = " AND taken_place = 1"; break; case RedAmberGreen::STUDENT_ARRIVED_ON_TIME: $factor = " AND taken_place = 1 AND arrived_on_time = 1"; break; case RedAmberGreen::CANCELLED: $factor = " AND is_cancelled = 1"; break; case RedAmberGreen::NO_SHOW: $factor = " AND datetime < NOW() AND taken_place = 0 AND is_cancelled = 0"; break; # Cancelled can be in the future and we want to include it in the total # Cancelled can be in the future and we want to include it in the total case RedAmberGreen::M_TOTAL: $factor = " AND (datetime < NOW() OR is_cancelled = 1)"; break; default: $factor = ""; } # Get a certain number of meetings $strQuery = "SELECT " . $select . " FROM Meeting WHERE project_id = :project_id AND is_approved = 1" . $factor . " AND is_deleted = 0"; $objStatement = $objPDO->prepare($strQuery); $objStatement->bindValue(':project_id', $projectId, PDO::PARAM_INT); $objStatement->execute(); # Return the value return $objStatement->fetch()['m_count']; }