throw new Exception("You cannot administer the {$role['attribute']} attribute");
}
$GLOBALS['BannerIDM']->removeAttribute($person->pidm, $id);
list($type_id, $type) = $GLOBALS['BannerIDM']->any2type($role['type_id']);
$log_attribute = $role['attribute'];
$response['status'] = 'success';
$response['message'] = sprintf('%s "%s" has been removed.', ucfirst($type), $role['attribute']);
$GLOBALS['ape']->log($person->pidm, $action, $action_status, $type, $log_attribute);
} else {
$GLOBALS['ape']->log($person->pidm, $action, $action_status, $type, $log_attribute);
}
} catch (Exception $e) {
$response['message'] = $e->GetMessage() . ($e->GetCode() ? '(' . $e->GetCode() . ')' : '');
$GLOBALS['ape']->log($person->pidm, $action, $action_status, $type, $log_attribute);
}
// bail here if request was javascript
if (isset($_GET['method']) && $_GET['method'] == 'js') {
header('Content-type: text/javascript');
$response['pidm'] = $person->pidm;
$response['type'] = $type;
$response['attribute'] = $log_attribute;
die(json_encode($response));
}
// pass along our message
if ($response['status'] == 'success') {
$_SESSION['messages'][] = $response['message'];
} else {
$_SESSION['errors'][] = $response['message'];
}
PSUHTML::redirect($GLOBALS['BASE_URL'] . '/user/' . $person->pidm);
<?php
PSU::db('banner')->debug = true;
$filename = $_FILES['uploadedfile']['tmp_name'];
$datafile = fopen($filename, "r");
if ($datafile) {
while (!feof($datafile)) {
$items[] = fgetcsv($datafile, 8192);
}
fclose($datafile);
}
if (!CommonAppCountries::deleteOldCountryCodes()) {
$_SESSION['errors'][] = 'Unable to clear the country table before processing.';
} elseif (!CommonAppCountries::insertCountryCodes($items)) {
$_SESSION['errors'][] = 'Unable to insert all countries.';
} elseif (!CommonAppCountries::updateCountryCodes()) {
$_SESSION['errors'][] = 'Unable to link country tables.';
} else {
$_SESSION['messages'][] = 'Country code file was successfully uploaded.';
}
PSUHTML::redirect($GLOBALS['BASE_URL'] . '/countries.html');
<?php
$_SESSION = array();
session_destroy();
PSUHTML::redirect('http://www.plymouth.edu/');
PSUHTML::redirect($GLOBALS['BASE_URL'] . '/' . $GLOBALS['SSH_HOST'] . ':browse' . $parent);
} else {
jsonAndExit($json);
}
}
$result = $GLOBALS['SCP']->unlink($path);
if ($result === null) {
$log_data['result'] = 'failure';
$json['error'] = true;
$json['message'] = 'File did not exist.';
} elseif ($result === false) {
$log_data['result'] = 'failure';
$json['error'] = true;
$json['message'] = 'File could not be deleted.';
} else {
$log_data['result'] = 'success';
$json['success'] = true;
$json['row_id'] = $_GET['row_id'];
}
rf_log($log_data);
if ($redirect) {
if ($json['success']) {
$_SESSION['messages'][] = 'File ' . htmlentities(basename($path)) . ' was deleted.';
} else {
$_SESSION['errors'][] = $json['message'];
}
PSUHTML::redirect($GLOBALS['BASE_URL'] . '/' . $GLOBALS['SSH_HOST'] . ':browse' . $parent);
} else {
jsonAndExit($json);
}
// vim:ts=2:sw=2:noet:
/**
* checks for an invalid person object and redirects if there is a problem
*/
public static function validate_person($identifier, &$person)
{
// if this pidm is bogus, display an error
if (!$person->wp_id && !$person->pidm) {
if ($person->identifier_type) {
$_SESSION['errors'][] = sprintf('"%s" is not a recognized ' . $person->identifier_type . '.', htmlentities($person->initial_identifier));
} else {
$_SESSION['errors'][] = sprintf('"%s" is not a unique identifier. A skilled and helpful APE has executed a search on your behalf. Rejoice!', htmlentities($person->initial_identifier));
}
//end else
PSUHTML::redirect($GLOBALS['BASE_URL'] . '/search.html?type=name&identifier=' . urlencode($identifier));
exit;
}
//end if
return true;
}
if (strpos($key, 'ape_') === 0) {
unset($_SESSION['AUTHZ']['permission'][$key]);
}
//end if
}
//end foreach
$message = 'Now impersonating: ' . $_SESSION['username'] . ' (' . $_SESSION['wp_id'] . ')';
$_SESSION['messages'][] = $message;
} elseif ($action == 'cancel') {
if (isset($_SESSION['impersonate'])) {
$GLOBALS['LOG']->write('Finished impersonating account', $_SESSION['username']);
$_SESSION['wp_id'] = $_SESSION['impersonate_store']['wp_id'];
$_SESSION['username'] = $_SESSION['impersonate_store']['username'];
$_SESSION['pidm'] = $_SESSION['impersonate_store']['pidm'];
$_SESSION['fullname'] = $_SESSION['impersonate_store']['fullname'];
$_SESSION['phpCAS']['user'] = $_SESSION['impersonate_store']['username'];
unset($_SESSION['AUTHZ']);
PSU::get('idmobject')->loadAuthZ($_SESSION['pidm']);
unset($_SESSION['impersonate_store'], $_SESSION['impersonate']);
}
//end if
PSU::redirect($_SERVER['HTTP_REFERER']);
} else {
throw new Exception('Stop trying to sneak in here!!!');
}
//end else
} catch (Exception $e) {
$_SESSION['errors'][] = sprintf("%s (%d)", $e->GetMessage(), $e->GetCode());
}
PSUHTML::redirect($GLOBALS['BASE_URL'] . '/user/' . $redirect_id);
<?php
PSU::get()->banner = PSU::db('test');
PSU::db('banner')->debug = true;
$args = array('pidm' => $_REQUEST['pidm'], 'term_code' => $_REQUEST['term_code'], 'comment_text' => $_REQUEST['note']);
$query = "INSERT INTO sgrscmt(\n\t\t\t\t\tsgrscmt_pidm,\n\t\t\t\t\tsgrscmt_seq_no,\n\t\t\t\t\tsgrscmt_term_code,\n\t\t\t\t\tsgrscmt_comment_text,\n\t\t\t\t\tsgrscmt_activity_date\n\t\t\t\t)\n\t\t\t\tVALUES\n\t\t\t\t(\n\t\t\t\t\t:pidm,\n\t\t\t\t\t(SELECT MAX(NVL(sgrscmt_seq_no,0))+1 FROM sgrscmt WHERE sgrscmt_pidm=:pidm),\n\t\t\t\t\t:term_code,\n\t\t\t\t\t:comment_text,\n\t\t\t\t\tSYSDATE\n\t\t\t\t)";
$action = PSU::db('banner')->Execute($query, $args);
PSUHTML::redirect($GLOBALS['BASE_URL'] . '/student/' . $person->pidm);
throw new Exception('Username missing from password reset request.');
}
$person = new PSUPerson($username);
if (!$reason && ($ssn != substr($person->ssn, -4) || $dob != $person->birth_date)) {
$GLOBALS['LOG']->write('Password Reset Attempt Failed: invalid DOB & SSN portion provided.', $username);
throw new Exception('The identity verification failed. Either the last 4 of the SSN OR the Date of Birth did not match.');
}
//end if
if ($reason && !IDMObject::authZ('permission', 'ape_pw')) {
throw new Exception('You are not allowed to perform password resets without the last 4 of the SSN and Birth Date.');
}
//end if
if (!$reason) {
$reason = 'Private Data Provided and Verified';
}
//end if
list($username, $password) = $GLOBALS['PWMAN']->defaultCredentials($username);
$GLOBALS['PWMAN']->setPassword($username, $password);
$GLOBALS['PWMAN']->expire($username, 'reset');
$GLOBALS['LOG']->write('Resetting password: '******'Password Reset', 'Reset password.', array('call_status' => 'closed'))) {
$message .= ' Ticket #<a href="http://go.plymouth.edu/log/' . $call_id . '">' . $call_id . '</a> has been logged.';
}
//end if
$_SESSION['messages'][] = $message;
} catch (Exception $e) {
$_SESSION['errors'][] = sprintf("%s (%d)", $e->GetMessage(), $e->GetCode());
}
PSUHTML::redirect($GLOBALS['BASE_URL'] . '/user/' . $username);
/**
* action_cleanup() creates an HTTP response for a page that is responding
* to a form submission. This response might be a redirect to another page,
* or outputting a JSON string. This function causes script processing to end.
*
* @param string $url the url to redirect to
* @param mixed $response any messages that should be passed to the user
* @param bool $is_ajax whether or not the response should be done in json
*/
function action_cleanup($url, $response = '', $is_ajax = false)
{
if ($is_ajax) {
PSUTools::jsonAndExit($response);
} else {
$_SESSION['messages'] = array_merge($_SESSION['messages'], $response['messages']);
$_SESSION['errors'] = array_merge($_SESSION['errors'], $response['errors']);
PSUHTML::redirect($url);
}
}
$tmp_name = $_FILES['feed']['tmp_name'];
$new_name = $GLOBALS['TMP'] . '/' . $_FILES['feed']['name'];
if (!is_uploaded_file($tmp_name)) {
$_SESSION['errors'][] = "Uploaded file not found.";
PSUHTML::redirect($GLOBALS['BASE_URL'] . '/upload.html');
}
if (!is_dir($GLOBALS['TMP'])) {
mkdir($GLOBALS['TMP']);
}
move_uploaded_file($tmp_name, $new_name);
if (!is_file($new_name)) {
$_SESSION['errors'][] = 'Could not find renamed file at ' . $new_name;
PSUHTML::redirect($GLOBALS['BASE_URL'] . '/upload.html');
}
$result = chmod($new_name, 0600);
if ($result == false) {
$_SESSION['errors'][] = 'Could not chmod ' . $new_name;
PSUHTML::redirect($GLOBALS['BASE_URL'] . '/upload.html');
}
$ca = new CommonApp($new_name);
$ca->import();
if (count($ca->errors)) {
// there were errors
$_SESSION['errors'][] = 'Some records file failed to import.';
$_SESSION['errors'] = array_merge($_SESSION['errors'], $ca->errors);
} else {
$_SESSION['messages'][] = 'Feed file imported successfully.';
}
unlink($new_name);
PSUHTML::redirect($GLOBALS['BASE_URL'] . '/upload.html');
/**
* Default handler to redirect to /tab/welcome
*/
public function index()
{
PSUHTML::redirect($GLOBALS['BASE_URL'] . '/tab/welcome');
}
<?php $from = $_GET['from']; $_SESSION['javascript'] = !$_SESSION['javascript']; PSUHTML::redirect($from);
<?php $list = $_GET['list']; PSUHTML::redirect($GLOBALS['BASE_URL'] . '/lists/' . $list);
require_once $GLOBALS['BASE_DIR'] . '/rfutil/rfutil.inc.php';
IDMObject::authN();
$GLOBALS['BANNER'] = PSUDatabase::connect('oracle/psc1_psu/fixcase');
$GLOBALS['RemoteFiles'] = PSUDatabase::connect('mysql/myplymouth');
$GLOBALS['BannerIDM'] = new IDMObject($GLOBALS['BANNER']);
$GLOBALS['PHPSESSID'] = $_COOKIE['PHPSESSID'];
// make sure our session variables are set up
if (!isset($_SESSION['javascript'])) {
$_SESSION['javascript'] = true;
}
if (isset($_GET['go'])) {
$go = $_GET['go'];
if (empty($go)) {
$go = $GLOBALS['DEFAULT_HOST'];
} elseif (!ctype_lower($go)) {
$go = $GLOBALS['DEFAULT_HOST'];
$_SESSION['errors'][] = 'An invalid server name was provided via go.plymouth.edu.';
}
PSUHTML::redirect($GLOBALS['BASE_URL'] . "/" . $go . ":");
}
$remote_files = new PSU\RemoteFiles();
$config = \PSU\Config\Factory::get_config();
if (isset($_GET['ssh-fixup']) && $_GET['ssh-fixup'] && $_GET['ssh-fixup'] === $config->get('remote-files', 'ssh_fixup')) {
$fixup_dir = '/tmp/remote-files-feed';
$remote_files->ssh_config_update($fixup_dir);
die('Complete.');
}
$GLOBALS['SSH_HOST'] = isset($_REQUEST['server']) ? $_REQUEST['server'] : $GLOBALS['DEFAULT_HOST'];
$GLOBALS['SCP'] = new SCPlib($GLOBALS['SSH_HOST']);
$GLOBALS['RFP'] = new RFPermissions($GLOBALS['BannerIDM'], $GLOBALS['RemoteFiles'], $GLOBALS['SSH_HOST']);
// vim:ts=2:sw=2:noet:
<?php
/**
* Save changes to hardware from hardware.html.
*/
if (!IDMObject::authZ('permission', 'ape_hardware')) {
die('You do not have hardware privileges.');
}
$pidm = (int) $_GET['pidm'];
$id = (int) $_GET['id'];
$person = new PSUPerson($pidm);
$person->hardware->deleteHardware($id);
PSUHTML::redirect($BASE_URL . '/hardware/u/' . $person->username);
// Web Path To JS Files
define('JS_WEB_DIR', $GLOBALS['BASE_URL'] . '/js');
$GLOBALS['JS_WEB_DIR'] = JS_WEB_DIR;
$GLOBALS['HELPDESK_EMAIL'] = '*****@*****.**';
define('INCLUDES_DIR', __DIR__ . '/includes');
define('FUNCTIONS_DIR', INCLUDES_DIR . '/functions');
// Callog functions
$INCLUDES = __DIR__ . "/includes";
// use the include variable to reference all app specific includes
$IMAGES = $GLOBALS['BASE_URL'] . '/images';
// End variable definitions
define('MAGPIE_CACHE_ON', false);
require_once 'magpierss/rss_fetch.inc';
require_once 'functions.php';
if (isset($_GET['go'])) {
PSUHTML::redirect($GLOBALS['BASE_URL'] . '/ticket/' . $_GET['go']);
}
require_once INCLUDES_DIR . "/functions.php";
include FUNCTIONS_DIR . "/add_update.class.php";
include FUNCTIONS_DIR . "/call_log_graph_functions.php";
include FUNCTIONS_DIR . "/call_log_keyword_admin_functions.php";
include FUNCTIONS_DIR . "/call_log_search.php";
include FUNCTIONS_DIR . "/call_log_stats_and_reports_functions.php";
include FUNCTIONS_DIR . "/employee_calls_function.php";
include FUNCTIONS_DIR . "/my_options_functions.php";
include FUNCTIONS_DIR . "/news_functions.php";
include FUNCTIONS_DIR . "/open_call_functions.php";
include FUNCTIONS_DIR . "/recovered_data.php";
include FUNCTIONS_DIR . "/restore.class.php";
include FUNCTIONS_DIR . "/tlc_users_functions.php";
include FUNCTIONS_DIR . "/user.class.php";
$log_data['result'] = 'denied';
throw new Exception('You do not have write access to ' . htmlentities($path . $rf_file['name']));
}
try {
$GLOBALS['SCP']->put($rf_file['tmp_name'], $path . $rf_file['name']);
} catch (SCPException $e) {
$log_data['result'] = 'failure';
throw new Exception('There was an error uploading your file: ' . $e->getMessage() . ' (' . $e->getCode() . ')');
}
$log_data['result'] = 'success';
$msg = 'File "' . htmlentities($rf_file['name']) . '" was uploaded successfully.';
if ($swfupload) {
$json['message'] = $rf_file['name'];
$json['html'] = $msg;
} else {
$_SESSION['messages'][] = $msg;
}
} catch (Exception $e) {
if ($swfupload) {
$json['status'] = 'error';
$json['message'] = $e->getMessage();
} else {
$_SESSION['errors'][] = $e->getMessage();
}
}
rf_log($log_data);
if ($swfupload) {
PSUTools::jsonAndExit($json);
}
PSUHTML::redirect($GLOBALS['BASE_URL'] . '/' . $GLOBALS['SSH_HOST'] . ':browse' . $fullpath);
// vim:ts=2:sw=2:noet:
/**
* Remove custom layout for the logged-in user.
*/
public function reset()
{
if (!$this->portal->person->wp_id) {
$_SESSION['errors'][] = "No wp_id, refusing to reset layout.";
PSUHTML::redirect($GLOBALS['BASE_URL']);
}
$wp_id = array($this->portal->person->wp_id);
$sql = "\n\t\t\tDELETE c, m\n\t\t\tFROM\n\t\t\t\tusertabs t LEFT JOIN\n\t\t\t\tuserchannels c ON t.id = c.usertab_id LEFT JOIN\n\t\t\t\tuserchannels_meta m ON c.id = m.userchannel_id\n\t\t\tWHERE t.wp_id = ?\n\t\t";
PSU::db('portal')->Execute($sql, $wp_id);
$sql = "\n\t\t\tDELETE t, m\n\t\t\tFROM usertabs t LEFT JOIN usertabs_meta m ON t.id = m.usertab_id\n\t\t\tWHERE t.wp_id = ?\n\t\t";
PSU::db('portal')->Execute($sql, $wp_id);
PSUHTML::redirect($GLOBALS['BASE_URL']);
}
}
//end if
}
//end if
$GLOBALS['LOG']->write($response['message'], $person->login_name);
$response['status'] = 'success';
} catch (Exception $e) {
$response['message'] = $e->getMessage();
}
//
// ajax requests end here
//
if (isset($_GET['method']) && $_GET['method'] == 'js') {
header('Content-type: application/json');
die(json_encode($response));
}
//
// otherwise, redirect back to the user page
//
$redirect_to = $GLOBALS['BASE_URL'];
// pass along our message
if ($response['status'] == 'success') {
$_SESSION['messages'][] = $response['message'];
} else {
$_SESSION['errors'][] = $response['message'];
}
if (isset($_GET['identifier'])) {
$redirect_to .= '/user/' . $_GET['identifier'];
}
PSUHTML::redirect($redirect_to);
<?php $path = $_GET['path']; $filter = $_GET['filter']; PSUHTML::redirect($GLOBALS['BASE_URL'] . '/' . $GLOBALS['SSH_HOST'] . ':browse' . $path . $filter);