You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ // check for valid session session_start(); include 'odm-load.php'; if (!isset($_SESSION['uid'])) { redirect_visitor(); } //Fb::log($_REQUEST);exit; $last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : ''; $secureurl = new phpsecureurl(); $user_obj = new User($_SESSION['uid'], $GLOBALS['connection'], DB_NAME); if (!$user_obj->isAdmin()) { header('Location:' . $secureurl->encode('error.php?ec=4')); exit; } if (isset($_REQUEST['cancel']) and $_REQUEST['cancel'] != 'Cancel') { draw_menu($_SESSION['uid']); } if (isset($_GET['submit']) && $_GET['submit'] == 'add') { draw_header(msg('area_add_new_udf'), $last_message); // Check to see if user is admin ?> <form id="udfAddForm" action="udf.php?last_message=<?php echo $last_message; ?> " method="GET" enctype="multipart/form-data"> <table border="0" cellspacing="5" cellpadding="5"> <tr>
session_start(); include 'odm-load.php'; if (!isset($_SESSION['uid'])) { redirect_visitor(); } $last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : ''; // includes $secureurl = new phpsecureurl(); /////////////////////////////////////////////////////////////////////////// // Any person who is accessing this page, if they access their own account, then it's ok. // If they are not accessing their own account, then they have to be an admin. $user_obj = new User($_SESSION['uid'], $GLOBALS['connection'], DB_NAME); // Make sure the item and uid are set, then check to make sure they are the same and they have admin privs, otherwise, user is not able to modify another users' info if (isset($_SESSION['uid']) & isset($_GET['item'])) { if ($_SESSION['uid'] != $_GET['item'] && $user_obj->isAdmin() != true) { header('Location:' . $secureurl->encode('error.php?ec=4')); exit; } } $redirect = 'admin.php'; //If the user is not an admin and he/she is trying to access other account that // is not his, error out. if ($user_obj->isAdmin() == true) { $mode = 'enabled'; } else { $mode = 'disabled'; } if ($mode == 'disabled' && isset($_GET['item']) && $_GET['item'] != $_SESSION['uid']) { header('Location:' . $secureurl->encode('error.php?ec=4')); exit; }
if ($user_obj->isRoot()) { echo '<th bgcolor ="#83a9f7"><font color="#FFFFFF">' . msg('file') . '</th></font>'; } ?> <?php if ($user_obj->isRoot()) { udf_admin_header(); } ?> <tr> <td> <!-- User Admin --> <table border="0"> <tr> <td><b><a href="<?php echo $secureurl->encode('user.php?submit=adduser&state=' . ($_REQUEST['state'] + 1)); ?> "><?php echo msg('label_add'); ?> </a></b></td> </tr> <tr> <td><b><a href="<?php echo $secureurl->encode('user.php?submit=deletepick&state=' . ($_REQUEST['state'] + 1)); ?> "><?php echo msg('label_delete'); ?> </a></b></td> </tr>
$file_under_review = $filedata->isPublishable() == -1 ? true : false; $to_value = isset($reviewer_comments_fields[0]) ? substr($reviewer_comments_fields[0], 3) : ''; $subject_value = isset($reviewer_comments_fields[1]) ? substr($reviewer_comments_fields[1], 8) : ''; $comments_value = isset($reviewer_comments_fields[2]) ? substr($reviewer_comments_fields[2], 9) : ''; $file_detail = array('file_unlocked' => $file_unlocked, 'to_value' => $subject_value, 'subject_value' => $subject_value, 'comments_value' => $comments_value, 'realname' => $realname, 'category' => $category, 'filesize' => $filesize, 'created' => fix_date($created), 'owner_email' => $user_obj->getEmailAddress(), 'owner' => $owner, 'owner_fullname' => $owner_fullname, 'description' => wordwrap($description, 50, '<br />'), 'comment' => wordwrap($comment, 50, '<br />'), 'udf_details_display' => udf_details_display($lrequest_id), 'revision' => $revision, 'file_under_review' => $file_under_review, 'reviewer' => $reviewer, 'status' => $status); if ($status > 0) { // status != 0 -> file checked out to another user. status = uid of the check-out person // query to find out who... $checkout_person_obj = $filedata->getCheckerOBJ(); $fullname = $checkout_person_obj->getFullName(); $GLOBALS['smarty']->assign('checkout_person_full_name', $fullname); $GLOBALS['smarty']->assign('checkout_person_email', $checkout_person_obj->getEmailAddress()); } // Can they Read? if ($userPermObj->getAuthority($_REQUEST['id'], $filedata) >= $userPermObj->READ_RIGHT) { $view_link = $secureurl->encode("view_file.php?id={$full_requestId}" . '&state=' . ($_REQUEST['state'] + 1)); $GLOBALS['smarty']->assign('view_link', $view_link); } // Lets figure out which buttons to show if ($status == 0 || $status == -1 && $filedata->isOwner($_SESSION['uid'])) { // status = 0 -> file available for checkout // check if user has modify rights $query2 = "SELECT status FROM {$GLOBALS['CONFIG']['db_prefix']}data, {$GLOBALS['CONFIG']['db_prefix']}user_perms WHERE {$GLOBALS['CONFIG']['db_prefix']}user_perms.fid = '{$_REQUEST['id']}' AND {$GLOBALS['CONFIG']['db_prefix']}user_perms.uid = '{$_SESSION['uid']}' AND {$GLOBALS['CONFIG']['db_prefix']}user_perms.rights = '2' AND {$GLOBALS['CONFIG']['db_prefix']}data.status = '0' AND {$GLOBALS['CONFIG']['db_prefix']}data.id = {$GLOBALS['CONFIG']['db_prefix']}user_perms.fid"; $result2 = mysql_query($query2, $GLOBALS['connection']) or die("Error in query: {$query2}. " . mysql_error()); $user_perms = new UserPermission($_SESSION['uid'], $GLOBALS['connection'], DB_NAME); if ($user_perms->getAuthority($_REQUEST['id'], $filedata) >= $user_perms->WRITE_RIGHT && !isset($lrevision_id) && !$filedata->isArchived()) { // if so, display link for checkout $check_out_link = $secureurl->encode("check-out.php?id={$lrequest_id}" . '&state=' . ($_REQUEST['state'] + 1) . '&access_right=modify'); $GLOBALS['smarty']->assign('check_out_link', $check_out_link); } mysql_free_result($result2);
function udf_functions_add_udf() { if (empty($_REQUEST['table_name'])) { $secureurl = new phpsecureurl(); header('Location: ' . $secureurl->encode('admin.php?last_message=' . msg('message_udf_cannot_be_blank'))); exit; } if (empty($_REQUEST['display_name'])) { $secureurl = new phpsecureurl(); header('Location: ' . $secureurl->encode('admin.php?last_message=' . msg('message_udf_cannot_be_blank'))); exit; } $table_name = str_replace(' ', '', $GLOBALS['CONFIG']['db_prefix'] . 'udftbl_' . $_REQUEST['table_name']); if (!preg_match('/^\\w+$/', $table_name)) { $secureurl = new phpsecureurl(); header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Invalid+Name+(A-Z 0-9 Only)')); exit; } // Check for duplicate table name $query = "SELECT * FROM {$GLOBALS['CONFIG']['db_prefix']}udf WHERE table_name='{$table_name}'"; $result = mysql_query($query); //echo mysql_num_rows($result); if (mysql_numrows($result) == "0") { if ($_REQUEST['field_type'] == 1 || $_REQUEST['field_type'] == 2) { // They have chosen Select list of Radio list // // First we add a new column in the data table $query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data ADD COLUMN ' . $table_name . ' int AFTER category'; $result = mysql_query($query); if (!$result) { $secureurl = new phpsecureurl(); header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Problem+With+Alter')); exit; } // Now we need to create a new table to store the UDF Info $query = 'CREATE TABLE ' . $table_name . ' ( id int auto_increment unique, value varchar(64) )'; $result = mysql_query($query); if (!$result) { // If the CREATE fails, rollback the ALTER $query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data DROP COLUMN ' . $table_name; $result = mysql_query($query); $secureurl = new phpsecureurl(); header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Problem+With+Create')); exit; } // And finally, add an entry into the udf table $query = 'INSERT into ' . $GLOBALS['CONFIG']['db_prefix'] . 'udf (table_name,display_name,field_type) VALUES ("' . $table_name . '","' . $_REQUEST['display_name'] . '",' . $_REQUEST['field_type'] . ')'; $result = mysql_query($query); if (!$result) { // If the INSERT fails, rollback the CREATE and ALTER $query = 'DROP TABLE ' . $table_name; $result = mysql_query($query); $query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data DROP COLUMN ' . $table_name; $result = mysql_query($query); $secureurl = new phpsecureurl(); header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Problem+With+INSERT')); exit; } } elseif ($_REQUEST['field_type'] == 4) { // They have chosen Select list of Radio list // // First we add a new column in the data table $query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data ADD COLUMN ' . $table_name . '_primary int AFTER category, ADD COLUMN ' . $table_name . '_secondary int AFTER ' . $table_name . '_primary'; //$query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data ADD COLUMN ' . $table_name . ' int AFTER category'; $result = mysql_query($query); if (!$result) { $secureurl = new phpsecureurl(); header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Problem+With+Alter')); exit; } // Now we need to create a new table to store the UDF Info $query = 'CREATE TABLE ' . $table_name . '_primary ( id int auto_increment unique, value varchar(64) )'; $result = mysql_query($query); if (!$result) { // If the CREATE fails, rollback the ALTER $query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data DROP COLUMN ' . $table_name . '_primary'; //$query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data DROP COLUMN ' . $table_name . '_primary, DROP COLUMN ' . $table_name . '_secondary'; $result = mysql_query($query); $secureurl = new phpsecureurl(); header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Problem+With+Create')); exit; } $query = 'CREATE TABLE ' . $table_name . '_secondary ( id int auto_increment unique, value varchar(64), pr_id int )'; $result = mysql_query($query); if (!$result) { // If the CREATE fails, rollback the ALTER $query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data DROP COLUMN ' . $table_name . '_secondary'; $result = mysql_query($query); $secureurl = new phpsecureurl(); header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Problem+With+Create')); exit; } // And finally, add an entry into the udf table $query = 'INSERT into ' . $GLOBALS['CONFIG']['db_prefix'] . 'udf (table_name,display_name,field_type) VALUES ("' . $table_name . '_primary","' . $_REQUEST['display_name'] . '",' . $_REQUEST['field_type'] . ')'; $result = mysql_query($query); if (!$result) { // If the INSERT fails, rollback the CREATE and ALTER $query = 'DROP TABLE ' . $table_name . '_primary'; $result = mysql_query($query); $query = 'DROP TABLE ' . $table_name . '_secondary'; $result = mysql_query($query); //$query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data DROP COLUMN ' . $table_name; $query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data DROP COLUMN ' . $table_name . '_primary, DROP COLUMN ' . $table_name . '_secondary'; $result = mysql_query($query); $secureurl = new phpsecureurl(); header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Problem+With+INSERT')); exit; } } elseif ($_REQUEST['field_type'] == 3) { // The have chosen a text field $query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data ADD COLUMN ' . $table_name . ' varchar(255) AFTER category'; $result = mysql_query($query); if (!$result) { $secureurl = new phpsecureurl(); header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Problem+With+Alter')); exit; } $query = 'INSERT into ' . $GLOBALS['CONFIG']['db_prefix'] . 'udf (table_name,display_name,field_type) VALUES ("' . $table_name . '","' . $_REQUEST['display_name'] . '",' . $_REQUEST['field_type'] . ')'; $result = mysql_query($query); if (!$result) { // If the INSERT fails, rollback the ALTER $query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data DROP COLUMN ' . $table_name; $result = mysql_query($query); $secureurl = new phpsecureurl(); header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Problem+With+INSERT')); exit; } } } else { $secureurl = new phpsecureurl(); header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Duplicate+Table+Name')); exit; } }
*/ // check for valid session session_start(); // includes include 'odm-load.php'; if (!isset($_SESSION['uid'])) { redirect_visitor(); } $last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : ''; $user_obj = new User($_SESSION['uid'], $GLOBALS['connection'], DB_NAME); $secureurl = new phpsecureurl(); $settings = new Settings(); //If the user is not an admin and he/she is trying to access other account that // is not his, error out. if (!$user_obj->isRoot() == true) { header('Location:' . $secureurl->encode('error.php?ec=24')); exit; } if (isset($_REQUEST['submit']) && $_REQUEST['submit'] == 'update') { draw_header(msg('label_settings'), $last_message); $settings->edit(); draw_footer(); } elseif (isset($_REQUEST['submit']) && $_REQUEST['submit'] == 'Save') { draw_header(msg('label_settings'), $last_message); // Clean up the datadir a bit to make sure it ends with slash if (!empty($_POST['dataDir'])) { if (substr($_POST['dataDir'], -1) != '/') { $_POST['dataDir'] .= '/'; } } // Perform Input Validation
/** * list_files - Display a list of files * @return NULL * @param array $fileid_array * @param object $userperms_obj * @param string $dataDir * @param boolean $showCheckBox * @param boolean $rejectpage */ function list_files($fileid_array, $userperms_obj, $dataDir, $showCheckBox = 'false', $rejectpage = 'false') { // print_r($fileid_array);exit; $secureurl = new phpsecureurl(); if (sizeof($fileid_array) == 0 || !isset($fileid_array[0])) { echo '<img src="images/exclamation.gif">' . msg('message_no_files_found') . "\n"; return -1; } foreach ($fileid_array as $fileid) { $file_obj = new FileData($fileid, $GLOBALS['connection'], DB_NAME); $userAccessLevel = $userperms_obj->getAuthority($fileid, $file_obj); $description = $file_obj->getDescription(); if ($file_obj->getStatus() == 0 and $userAccessLevel >= $userperms_obj->VIEW_RIGHT) { $lock = false; } else { $lock = true; } if ($description == '') { $description = msg('message_no_description_available'); } // set filename for filesize() call below //$filename = $dataDir . $file_obj->getId() . '.dat'; // begin displaying file list with basic information //$comment = $file_obj->getComment(); $created_date = fix_date($file_obj->getCreatedDate()); if ($file_obj->getModifiedDate()) { $modified_date = fix_date($file_obj->getModifiedDate()); } else { $modified_date = $created_date; } $full_name_array = $file_obj->getOwnerFullName(); $owner_name = $full_name_array[1] . ', ' . $full_name_array[0]; //$user_obj = new User($file_obj->getOwner(), $file_obj->connection, $file_obj->database); $dept_name = $file_obj->getDeptName(); $realname = $file_obj->getRealname(); //$filesize = $file_obj->getFileSize(); //Get the file size in bytes. $filesize = display_filesize($GLOBALS['CONFIG']['dataDir'] . $fileid . '.dat'); if ($userAccessLevel >= $userperms_obj->READ_RIGHT) { $suffix = strtolower(substr($realname, strrpos($realname, ".") + 1)); $lmimetype = File::mime_by_ext($suffix); $view_link = 'view_file.php?submit=view&id=' . urlencode($fileid) . '&mimetype=' . urlencode("{$lmimetype}"); } else { $view_link = 'none'; } $details_link = $secureurl->encode('details.php?id=' . $fileid . '&state=' . ($_REQUEST['state'] + 1)); $read = array($userperms_obj->READ_RIGHT, 'r'); $write = array($userperms_obj->WRITE_RIGHT, 'w'); $admin = array($userperms_obj->ADMIN_RIGHT, 'a'); $rights = array($read, $write, $admin); $index_found = -1; //$rights[max][0] = admin, $rights[max-1][0]=write, ..., $right[min][0]=view //if $userright matches with $rights[max][0], then this user has all the rights of $rights[max][0] //and everything below it. for ($i = sizeof($rights) - 1; $i >= 0; $i--) { if ($userAccessLevel == $rights[$i][0]) { $index_found = $i; $i = 0; } } //Found the user right, now bold every below it. For those that matches, make them different. for ($i = $index_found; $i >= 0; $i--) { $rights[$i][1] = '<b>' . $rights[$i][1] . '</b>'; } //For everything above it, blank out for ($i = $index_found + 1; $i < sizeof($rights); $i++) { $rights[$i][1] = '-'; } $file_list_arr[] = array('id' => $fileid, 'view_link' => $view_link, 'details_link' => $details_link, 'filename' => $realname, 'description' => $description, 'rights' => $rights, 'created_date' => $created_date, 'modified_date' => $modified_date, 'owner_name' => $owner_name, 'dept_name' => $dept_name, 'filesize' => $filesize, 'lock' => $lock, 'showCheckbox' => $showCheckBox, 'rejectpage' => $rejectpage); //print_r($file_list_arr);exit; } $limit_reached = false; if (count($file_list_arr) >= $GLOBALS['CONFIG']['max_query']) { $limit_reached = true; } $GLOBALS['smarty']->assign('limit_reached', $limit_reached); $GLOBALS['smarty']->assign('showCheckBox', $showCheckBox); //print_r($file_list_arr);exit; $GLOBALS['smarty']->assign('file_list_arr', $file_list_arr); //print_r($GLOBALS['smarty']); // Call the plugin API callPluginMethod('onBeforeListFiles', $file_list_arr); display_smarty_template('out.tpl'); callPluginMethod('onAfterListFiles'); }
redirect_visitor(); } $last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : ''; draw_header(msg('label_file_listing'), $last_message); sort_browser(); $secureurl_obj = new phpsecureurl(); $user_obj = new User($_SESSION['uid'], $GLOBALS['connection'], DB_NAME); if ($user_obj->isAdmin()) { $reviewIdCount = sizeof($user_obj->getAllRevieweeIds()); } elseif ($user_obj->isReviewer()) { $reviewIdCount = sizeof($user_obj->getRevieweeIds()); } else { $reviewIdCount = 0; } if ($reviewIdCount > 0) { echo '<img src="images/exclamation.gif" /> <a href="' . $secureurl_obj->encode('toBePublished.php?state=1') . '">' . msg('message_documents_waiting') . '</a>: ' . $reviewIdCount . '</a><br />'; } $rejected_files_obj = $user_obj->getRejectedFileIds(); if (isset($rejected_files_obj[0]) && $rejected_files_obj[0] != null) { echo '<img src="images/exclamation_red.gif" /> <a href="' . $secureurl_obj->encode('rejects.php?state=1') . '">' . msg('message_documents_rejected') . '</a>: ' . sizeof($rejected_files_obj) . '<br />'; } $llen = $user_obj->getNumExpiredFiles(); if ($llen > 0) { echo '<img src="images/exclamation_red.gif"><a href="javascript:window.location=\'search.php?submit=submit&sort_by=id&where=author_locked_files&sort_order=asc&keyword=-1&exact_phrase=on\'">' . msg('message_documents_expired') . ': ' . $llen . '</a><br />'; } // get a list of documents the user has "view" permission for // get current user's information-->department //set values $user_perms = new UserPermission($_SESSION['uid'], $GLOBALS['connection'], DB_NAME); //$start_P = getmicrotime(); $file_id_array = $user_perms->getViewableFileIds(true);
along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ // check for session and $_REQUEST['id'] session_start(); include 'odm-load.php'; if (!isset($_SESSION['uid'])) { redirect_visitor(); } include 'udf_functions.php'; $secureurl = new phpsecureurl(); // open a connection to the database $user_obj = new User($_SESSION['uid'], $GLOBALS['connection'], DB_NAME); // Check to see if user is admin if (!$user_obj->isAdmin()) { header('Location:error.php?ec=4'); exit; } $last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : ''; draw_header(msg('accesslogpage_access_log'), $last_message); $query = "SELECT \n {$GLOBALS['CONFIG']['db_prefix']}access_log.*, \n {$GLOBALS['CONFIG']['db_prefix']}data.realname, \n {$GLOBALS['CONFIG']['db_prefix']}user.username\n FROM \n {$GLOBALS['CONFIG']['db_prefix']}access_log \n INNER JOIN \n {$GLOBALS['CONFIG']['db_prefix']}data ON {$GLOBALS['CONFIG']['db_prefix']}access_log.file_id={$GLOBALS['CONFIG']['db_prefix']}data.id\n INNER JOIN \n {$GLOBALS['CONFIG']['db_prefix']}user ON {$GLOBALS['CONFIG']['db_prefix']}access_log.user_id = {$GLOBALS['CONFIG']['db_prefix']}user.id\n "; $result = mysql_query($query, $GLOBALS['connection']) or die("Error in query: {$query}. " . mysql_error()); $actions_array = array("A" => msg('accesslogpage_file_added'), "B" => msg('accesslogpage_reserved'), "C" => msg('accesslogpage_reserved'), "V" => msg('accesslogpage_file_viewed'), "D" => msg('accesslogpage_file_downloaded'), "M" => msg('accesslogpage_file_modified'), "I" => msg('accesslogpage_file_checked_in'), "O" => msg('accesslogpage_file_checked_out'), "X" => msg('accesslogpage_file_deleted'), "Y" => msg('accesslogpage_file_authorized'), "R" => msg('accesslogpage_file_rejected')); $accesslog_array = array(); while ($row = mysql_fetch_array($result)) { $details_link = $secureurl->encode('details.php?id=' . $row['file_id'] . '&state=' . ($_REQUEST['state'] + 1)); $accesslog_array[] = array('user_id' => $row['user_id'], 'file_id' => $row['file_id'], 'user_name' => $row['username'], 'realname' => $row['realname'], 'action' => $actions_array[$row['action']], 'details_link' => $details_link, 'timestamp' => $row['timestamp']); } $GLOBALS['smarty']->assign('accesslog_array', $accesslog_array); display_smarty_template('access_log.tpl'); draw_footer();
<?php /* secureurl.php - provides integration to secure url class Copyright (C) 2002, 2003, 2004 Stephen Lawrence Jr., Khoa Nguyen Copyright (C) 2005-2011 Stephen Lawrence Jr. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ if ($GLOBALS['CONFIG']['secureurl'] == 'True' && (isset($_GET['id']) || isset($_GET['state']) || isset($_GET['id0']) || isset($_GET['where']) || isset($_GET['sort_order']) || isset($_GET['submit']))) { $secureurl = new phpsecureurl(); header('Location:' . $secureurl->encode("{$_SERVER['SCRIPT_NAME']}?{$_SERVER['QUERY_STRING']}")); exit; } elseif (isset($_GET['aku'])) { $secureurl = new phpsecureurl(); $secureurl->decode(); //echo 'dkakdkdk'.$_REQUEST['id']; //echo("Location:$_SERVER[SCRIPT_NAME]?" . $_SERVER['QUERY_STRING']); exit; }
*/ // check for valid session session_start(); // includes include 'odm-load.php'; if (!isset($_SESSION['uid'])) { redirect_visitor(); } $last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : ''; // Make sure user is admin $user_obj = new User($_SESSION['uid'], $GLOBALS['connection'], DB_NAME); $secureurl = new phpsecureurl(); //If the user is not an admin and he/she is trying to access other account that // is not his, error out. if (!$user_obj->isAdmin() == true) { header('Location:' . $secureurl->encode('error.php?ec=4')); exit; } /* Add A New Department */ if (isset($_GET['submit']) && $_GET['submit'] == 'add') { draw_header(msg('area_add_new_department'), $last_message); ?> <form id="addDepartmentForm" action="department.php" method="POST" enctype="multipart/form-data"> <table border="0" cellspacing="5" cellpadding="5"> <tr> <td> <b><?php echo msg('department');