private function getPermission()
{
$sql = 'SELECT p.key, p.description FROM permissions p WHERE p.key = :key';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':key', Sanitizer::getInstance()->filterString('id'));
$stmt->execute();
return $stmt->fetchRow();
}
public function __construct()
{
parent::__construct('formSeatingPlanMoveUser', 'Move user');
$eventId = Sanitizer::getInstance()->filterUint('event');
$this->addElement(new ElementInput('username', 'Username'));
$this->addElement(new ElementNumeric('seat', 'New seat number'));
$this->addElementHidden('event', $eventId);
$this->addDefaultButtons();
}
public function __construct()
{
parent::__construct('swapSeats', 'Swap Seats');
requirePrivOrRedirect('SWAP_USERS_SEATS');
$this->eventId = Sanitizer::getInstance()->filterUint('event');
$this->addElement(new ElementInput('username1', 'First username'));
$this->addElement(new ElementInput('username2', 'Second username'));
$this->addElementHidden('event', $this->eventId);
$this->addDefaultButtons();
}
public function __construct()
{
parent::__construct('formGroupEdit', 'Edit Group');
$id = Sanitizer::getInstance()->filterUint('id');
$group = new Group($id);
$this->addElement(new ElementHidden('id', null, $group->getId()));
$this->addElement(new ElementInput('title', 'Title', $group->getTitle()));
$this->addElement(new ElementInput('css', 'CSS', $group->getAttribute('css'), 'Additional styles to be applied to this group title (eg: color: red) '));
$this->getElement('css')->setMinMaxLengths(0, 128);
$this->addDefaultButtons();
}
public function __construct()
{
parent::__construct('updateSeatingPlan', 'Update Seating Plan');
$id = Sanitizer::getInstance()->filterUint('id');
$sql = 'SELECT sp.id, sp.layout, sp.seatCount FROM seatingplans sp WHERE sp.id = :id';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':id', $id);
$stmt->execute();
$seatingPlan = $stmt->fetchRow();
$this->addElementHidden('id', $id);
$this->addElement(new ElementTextbox('layout', 'Layout', $seatingPlan['layout']));
$this->getElement('layout')->classes = "codeEditor";
$this->addElement(new ElementNumeric('seatCount', 'Seat Count', $seatingPlan['seatCount']));
$this->addDefaultButtons();
}
public function __construct()
{
parent::__construct('editGallery', 'Edit Gallery');
$gallery = Galleries::getById(Sanitizer::getInstance()->filterUint('id'));
$this->addElement(new ElementHidden('mode', null, 'edit'));
$this->addElement(new ElementHidden('id', null, $gallery['id']));
$this->addElement(new ElementInput('title', 'Title', $gallery['title']));
$this->addElement(new ElementInput('folderName', 'Folder Name', $gallery['folderName']));
$this->addElement(new ElementInput('coverImage', 'Cover Image', $gallery['coverImage'], 'The filename of the THUMBNAIL already in the gallery that will be the cover image.'));
$this->addElement(new ElementNumeric('ordinal', 'Ordinal', $gallery['ordinal'], 'Used for organizing the gallery.'));
$this->addElement(new ElementAlphaNumeric('description', 'Description', $gallery['description'], 'A description that is shown when people view the gallery.'));
$this->getElement('description')->setPunctuationAllowed(true);
$this->getElement('description')->setMinMaxLengths(0, 64);
$elStatus = new ElementSelect('status', 'Status', $gallery['status']);
$elStatus->addOption('Open');
$elStatus->addOption('Closed');
$elStatus->addOption('Staff');
$this->addElement($elStatus);
$this->addDefaultButtons();
}
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->execute();
$event = $stmt->fetchRowNotNull();
return $event;
}
function getAuthenticatedMachines($user, $event)
{
$sql = 'SELECT a.id FROM authenticated_machines a WHERE a.user = :user AND a.event = :event';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':user', $user);
$stmt->bindValue(':event', $event);
$stmt->execute();
$authenticatedMachines = $stmt->fetchAll();
return $authenticatedMachines;
}
$sanitizer = Sanitizer::getInstance();
$username = $sanitizer->filterString('username');
$password = $sanitizer->filterString('password');
$isStaff = $sanitizer->filterString('fullrequest');
try {
Session::checkCredentials($username, $password);
$user = User::getUser($username);
} catch (\libAllure\UserNotFoundException $e) {
apiReturn('reject-authentication', 'User not found');
} catch (\libAllure\IncorrectPasswordException $e) {
apiReturn('reject-authentication', 'Password is incorrect');
}
$event = getEvent();
$signupStatus = getSignupStatus($user->getId(), $event['id']);
switch ($signupStatus) {
case 'PAID':
if (!$f instanceof \libAllure\Form) {
require_once 'includes/widgets/header.php';
echo 'No settings for that plugin.';
return;
}
if ($f->validate()) {
$f->process();
redirect('plugins.php', 'Plugin settings saved.');
}
require_once 'includes/widgets/header.php';
$tpl->assignForm($f);
$tpl->display('form.tpl');
require_once 'includes/widgets/footer.php';
break;
case 'toggle':
$id = Sanitizer::getInstance()->filterUint('id');
$sql = 'UPDATE plugins SET enabled = !enabled WHERE id = :id';
$stmt = $db->prepare($sql);
$stmt->bindValue(':id', $id);
$stmt->execute();
redirect('plugins.php', 'Plugin status toggled. ');
break;
default:
require_once 'includes/widgets/header.php';
require_once 'includes/widgets/sidebar.php';
$sql = 'SELECT id, title, enabled FROM plugins';
$result = $db->query($sql);
$tpl->assign('listPlugins', $result->fetchAll());
$tpl->display('listPlugins.tpl');
}
require_once 'includes/widgets/footer.php';
protected function processUpdate()
{
global $db;
if ($this->getElementValue('status') == "DELETE") {
$this->processDelete();
}
$sanitizer = Sanitizer::getInstance();
$sql = 'UPDATE signups SET status = :status, numberMachinesAllowed = :machinesAllowed, comments = concat(comments, "\\n", now(), " (", :staffUsername, ") - ", :comments, :changeMetadata), gigabit = :gigabit, ticketCost = :ticketCost WHERE id = :id';
$stmt = $db->prepare($sql);
$stmt->bindValue(':id', $this->getElementValue('id'));
$stmt->bindValue(':status', $this->getElementValue('status'));
$stmt->bindValue(':comments', $sanitizer->formatString($this->getElementValue('comments')));
$stmt->bindValue(':gigabit', $sanitizer->formatBool($this->getElementValue('gigabit')));
$stmt->bindValue(':ticketCost', $this->getElementValue('ticketCost'));
$stmt->bindValue(':staffUsername', Session::getUser()->getUsername());
$stmt->bindValue(':changeMetadata', $this->getChangeMetadata());
$stmt->bindValue(':machinesAllowed', $this->getElementValue('numberMachinesAllowed'));
$stmt->execute();
$this->signup = $this->getSignup();
if ($this->getElementValue('status') == 'CANCELLED') {
require_once 'includes/functions.seatingPlan.php';
removeSeat($this->signup['event'], $this->signup['userId']);
}
$sql = 'SELECT e.id FROM events e WHERE e.id = :eventId LIMIT 1';
$stmt = $db->prepare($sql);
$stmt->bindValue(':eventId', $this->signup['event']);
$stmt->execute();
logActivity('Signup updated for _u_ to event _e_ ' . $this->getElementValue('comments') . '. ' . $this->getChangeMetadata(), null, array('user' => $this->signup['user'], 'event' => $this->signup['event']));
redirect('viewEvent.php?id=' . $this->signup['event'], 'Signup edited.');
}
<?php
require_once 'includes/common.php';
require_once 'includes/classes/News.php';
require_once 'includes/classes/FormNewsEdit.php';
require_once 'includes/classes/FormNewsCreate.php';
use libAllure\Sanitizer;
use libAllure\Session;
if (!getSiteSetting('newsFeature')) {
redirect('index.php', 'News feature is disabled.');
}
$action = Sanitizer::getInstance()->filterString('action');
switch ($action) {
case 'add':
case 'new':
if (!Session::hasPriv('NEWS_ADD')) {
throw new PermissionsException();
}
$f = new FormNewsCreate();
if ($f->validate()) {
$f->process();
logAndRedirect('news.php', 'News item added: ' . $f->getElementValue('title'));
}
require_once 'includes/widgets/header.php';
require_once 'includes/widgets/sidebar.php';
$tpl->displayForm($f);
break;
case 'edit':
$id = intval($_REQUEST['id']);
$f = new FormNewsEdit($id);
if ($f->validate()) {
<?php
require_once '../../includes/common.php';
use libAllure\Sanitizer;
use libAllure\DatabaseFactory;
$ipAddress = Sanitizer::getInstance()->filterString('ipAddress');
if ($ipAddress == null) {
die('ERROR:IP Address not specified');
}
$sql = 'SELECT u.username FROM authenticated_machines a JOIN events e ON a.event = e.id JOIN users u ON a.user = u.id WHERE a.ip = :ipAddress ORDER BY e.date DESC LIMIT 1';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':ipAddress', $ipAddress);
$stmt->execute();
if ($stmt->numRows() == 0) {
die('Error:IP Address not found.');
} else {
$machineAuthentication = $stmt->fetchRow();
die($machineAuthentication['username']);
}
<?php
require_once 'includes/widgets/header.php';
require_once 'includes/widgets/sidebar.php';
use libAllure\Sanitizer;
use libAllure\Session;
$gallery = Galleries::getById(Sanitizer::getInstance()->filterUint('id'));
$files = $gallery->fetchImages();
try {
$tpl->assign('event', Events::getByGalleryId($gallery['id']));
} catch (Exception $e) {
$tpl->assign('event', null);
}
$tpl->assign('privViewUnpublished', Session::hasPriv('GALLERY_VIEW_UNPUBLISHED'));
$tpl->assign('files', $files);
$tpl->assign('gallery', $gallery);
$tpl->display('viewGallery.tpl');
require_once 'includes/widgets/footer.php';
<?php
set_include_path(get_include_path() . PATH_SEPARATOR . '../../');
require_once 'includes/common.php';
require_once 'includes/functions.seatingPlan.php';
use libAllure\Sanitizer;
use libAllure\DatabaseFactory;
use libAllure\Session;
$eventId = Sanitizer::getInstance()->filterUint('event');
$seatChanges = array();
foreach (getSeats($eventId) as $seatSelection) {
$seatChanges[] = getJsonSeatChange('set', $seatSelection['seat'], $seatSelection['username'], $seatSelection['usernameCss'], $seatSelection['seatCss']);
}
header('Content-Type: application/json');
echo json_encode($seatChanges);
?>
<?php
require_once 'includes/common.php';
require_once 'includes/classes/FormSudo.php';
require_once 'libAllure/FormHandler.php';
requirePrivOrRedirect('SUDO');
use libAllure\FormHandler;
use libAllure\Sanitizer;
$handler = new FormHandler('formSudo', $tpl);
$handler->setConstructorArgument(0, Sanitizer::getInstance()->filterString('username'));
$handler->setRedirect('index.php');
$handler->handle();
<?php
require_once 'jsonCommon.php';
use libAllure\DatabaseFactory;
use libAllure\Sanitizer;
$sql = 'SELECT u.username, m.ip, m.mac FROM authenticated_machines m LEFT JOIN users u ON m.user = u.id WHERE m.event = :eventId';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':eventId', Sanitizer::getInstance()->filterUint('event'));
$stmt->execute();
$ipAddresses = $stmt->fetchAll();
$ret = array();
foreach ($ipAddresses as $key => $addr) {
$ret[$addr['ip']] = $addr;
}
header('Content-Type: application/json');
echo json_encode($ret);
<?php
require_once 'includes/widgets/header.php';
use libAllure\Session;
use libAllure\Sanitizer;
use libAllure\DatabaseFactory;
Session::requirePriv('GALLERY_DELETE_IMAGE');
$filename = Sanitizer::getInstance()->filterString('filename');
$gallery = Sanitizer::getInstance()->filterUint('gallery');
$image = Galleries::getImage($filename, $gallery);
if ($image == false) {
redirect('index.php', 'Image does not exist.');
}
if (is_int($gallery) && $image['inDatabase'] && !empty($filename)) {
$sql = 'DELETE FROM images WHERE filename = :filename AND gallery = :gallery';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':filename', $filename);
$stmt->bindValue(':gallery', $gallery);
$stmt->execute();
@unlink($image['fullPath']);
@unlink($image['thumbPath']);
}
redirect('viewGallery.php?id=' . $image['galleryId'], 'Image deleted');
require_once 'includes/widgets/footer.php';
<?php
set_include_path(get_include_path() . PATH_SEPARATOR . '../../');
require_once 'includes/common.php';
require_once 'includes/functions.seatingPlan.php';
use libAllure\Sanitizer;
requirePrivOrRedirect('SUPERUSER');
$eventId = Sanitizer::getInstance()->filterUint('event');
$userId = Sanitizer::getInstance()->filterUint('user');
removeSeat($eventId, $userId);
echo 'OK';
<?php
require_once 'includes/widgets/header.php';
use libAllure\User;
use libAllure\Session;
use libAllure\Sanitizer;
if (!Session::isLoggedIn()) {
redirect('index.php', 'Guests do not have attendance records.');
}
if (!Session::hasPriv('VIEW_ATTENDANCE')) {
redirect('account.php', 'Do you not have permission to view your attendance record');
}
if (!isset($_REQUEST['user'])) {
$user = Session::getUser();
} else {
$user = User::getUserById(Sanitizer::getInstance()->filterUint('user'));
}
$attendance = getUserSignups($user->getId());
require_once 'includes/widgets/sidebar.php';
$tpl->assign('stats', getSignupStatistics($attendance));
$tpl->assign('username', $user->getUsername());
$tpl->assign('userId', $user->getId());
$tpl->assign('attendance', $attendance);
$tpl->assign('privViewSignupComments', Session::hasPriv('VIEW_SIGNUP_COMMENTS'));
$tpl->display('attendanceRecord.tpl');
require_once 'includes/widgets/footer.php';
