public function createChecklist($newClArr) { $sqlInsert = ""; $sqlValues = ""; foreach ($newClArr as $k => $v) { $sqlInsert .= ',' . $k; if ($v) { $sqlValues .= ',"' . $this->cleanInStr($v) . '"'; } else { $sqlValues .= ',NULL'; } } $sql = "INSERT INTO fmchecklists (" . substr($sqlInsert, 1) . ") VALUES (" . substr($sqlValues, 1) . ")"; //echo $sql; exit; $newClId = 0; if ($this->conn->query($sql)) { $newClId = $this->conn->insert_id; //Set permissions to allow creater to be an editor $this->conn->query('INSERT INTO userroles (uid, role, tablename, tablepk) VALUES(' . $GLOBALS["SYMB_UID"] . ',"ClAdmin","fmchecklists",' . $newClId . ') '); //$this->conn->query("INSERT INTO userpermissions (uid, pname) VALUES(".$GLOBALS["symbUid"].",'ClAdmin-".$newClId."') "); $newPManager = new ProfileManager(); $newPManager->setUserName($GLOBALS['USERNAME']); $newPManager->authenticate(); } return $newClId; }
<?php include_once '../config/symbini.php'; include_once $serverRoot . '/classes/PermissionsManager.php'; include_once $serverRoot . '/classes/ProfileManager.php'; header("Content-Type: text/html; charset=" . $charset); $loginAs = array_key_exists("loginas", $_REQUEST) ? trim($_REQUEST["loginas"]) : ""; $searchTerm = array_key_exists("searchterm", $_REQUEST) ? trim($_REQUEST["searchterm"]) : ""; $userId = array_key_exists("userid", $_REQUEST) ? $_REQUEST["userid"] : ""; $delRole = array_key_exists("delrole", $_REQUEST) ? $_REQUEST["delrole"] : ""; $tablePk = array_key_exists("tablepk", $_REQUEST) ? $_REQUEST["tablepk"] : ""; $userManager = new PermissionsManager(); if ($isAdmin) { if ($loginAs) { $pHandler = new ProfileManager(); $pHandler->setUserName($loginAs); $pHandler->authenticate(); header("Location: ../index.php"); } elseif ($delRole) { $userManager->deletePermission($userId, $delRole, $tablePk); } elseif (array_key_exists("apsubmit", $_POST)) { foreach ($_POST["p"] as $pname) { $role = $pname; $tablePk = ''; if (strpos($pname, '-')) { $tok = explode('-', $pname); $role = $tok[0]; $tablePk = $tok[1]; } $userManager->addPermission($userId, $role, $tablePk); }
$useRecaptcha = true; } header("Content-Type: text/html; charset=" . $charset); header('Cache-Control: no-cache, no-cache="set-cookie", no-store, must-revalidate'); header('Pragma: no-cache'); // HTTP 1.0. header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past $login = array_key_exists('login', $_POST) ? $_POST['login'] : ''; $emailAddr = array_key_exists('emailaddr', $_POST) ? $_POST['emailaddr'] : ''; $action = array_key_exists("submit", $_REQUEST) ? $_REQUEST["submit"] : ''; $pHandler = new ProfileManager(); $displayStr = ''; //Sanitation if ($login) { if (!$pHandler->setUserName($login)) { $login = ''; $displayStr = 'Invalid login name'; } } if ($emailAddr) { if (!$pHandler->validateEmailAddress($emailAddr)) { $emailAddr = ''; $displayStr = 'Invalid login name'; } } if ($action && !preg_match('/^[a-zA-Z0-9\\s_]+$/', $action)) { $action = ''; } if ($action == "Create Login") { $okToCreateLogin = true;
public function createChecklist($postArr) { $sqlInsert = ""; $sqlValues = ""; $fieldArr = array('name' => 's', 'authors' => 's', 'type' => 's', 'locality' => 's', 'publication' => 's', 'abstract' => 's', 'notes' => 's', 'latcentroid' => 'n', 'longcentroid' => 'n', 'pointradiusmeters' => 'n', 'footprintWKT' => 's', 'parentclid' => 'n', 'access' => 's', 'uid' => 'n'); foreach ($fieldArr as $fieldName => $fieldType) { $sqlInsert .= ',' . $fieldName; $v = $this->cleanInStr($postArr[$fieldName]); if ($fieldName != 'abstract') { $v = strip_tags($v, '<i><u><b><a>'); } if ($v) { if ($fieldType == 's') { $sqlValues .= ',"' . $v . '"'; } else { if (is_numeric($v)) { $sqlValues .= ',' . $v; } else { $sqlValues .= ',NULL'; } } } else { $sqlValues .= ',NULL'; } } $sql = "INSERT INTO fmchecklists (" . substr($sqlInsert, 1) . ") VALUES (" . substr($sqlValues, 1) . ")"; $newClId = 0; if ($this->conn->query($sql)) { $newClId = $this->conn->insert_id; //Set permissions to allow creater to be an editor $this->conn->query('INSERT INTO userroles (uid, role, tablename, tablepk) VALUES(' . $GLOBALS["SYMB_UID"] . ',"ClAdmin","fmchecklists",' . $newClId . ') '); //$this->conn->query("INSERT INTO userpermissions (uid, pname) VALUES(".$GLOBALS["symbUid"].",'ClAdmin-".$newClId."') "); $newPManager = new ProfileManager(); $newPManager->setUserName($GLOBALS['USERNAME']); $newPManager->authenticate(); } return $newClId; }