function checkReadSecurity($p) { $current_user = BILO_uid(); if (BILO_isAdmin()) { debug("Sec passed by Group Administrador Is God(TM)", 'red'); return True; } if ($p->inode == 0) { debug("Sec passed by root dir", 'red'); return True; } // We are creating a new file or new folder // Check if directory has write access for all if (strpos($p->p_other, 'r') !== False) { debug("Sec passed by Other:r {$p->p_other} {$p->nombre}", 'red'); return True; } // Check if directory has write access for group if (BILO_checkGroup($p->gid)) { if (strpos($p->p_group, 'r') !== False) { debug("Sec passed by Group:r", 'red'); return True; } } // Check if directory has write access for user if (BILO_uid() == $p->uid) { if (strpos($p->p_owner, 'r') !== False) { debug("Sec passed by Owner:r " . BILO_uid() . "|" . $p->uid, 'red'); return True; } } return false; }
function BILO_block_user() { global $SYS; ob_start(); if (BILO_isLogged()) { $u = newObject("user", BILO_uid()); $u->username = BILO_username(); $u->clase = "login"; plantHTML($u, "Public/block_ok_login"); } else { $u = newObject("user"); debug(BILO_username(), "blue"); $u->clase = "logoff"; plantHTML($u, "Public/block_no_login"); } $data = ob_get_contents(); ob_end_clean(); return $data; }
function save() { global $prefix; debug("Info: Calling Extended save"); $old = newObject("gtasklog", $this->ID); if ($this->inicio < 3600) { $this->inicio = time(); } if ($old->estado == 'No Iniciada' && $this->estado == 'En Curso') { // Accion implicita de iniciar tarea. debug("Info: Creando pasos", "white"); $s = newObject("gstep"); $steps = $s->listAll("ID", false, "gtask_id={$this->gtask_id}", 0, "secuencia ASC"); foreach ($steps as $sid => $ssid) { $fechadeevaluacion = $this->inicio > 3600 ? $this->inicio + $this->diasderetraso * 24 * 60 * 60 : $this->inicio + $this->diasderetraso * 24 * 60 * 60; $origstep = newObject("gstep", $sid); $step = newObject("gsteplog"); $step->setAll($origstep->properties); $step->ID = 0; $step->gtask_id = $this->gtask_id; $step->gstep_id = $sid; $step->gtasklog_id = $this->ID; $step->secuencia = $origstep->secuencia; $step->comando = strftime($origstep->comando, $fechadeevaluacion); $step->script = preg_replace("/__FECHA{([^\\{]{1,100}?)}/e", 'strftime("$1",' . $fechadeevaluacion . ')', $origstep->script); $step->ficheros = strftime($origstep->ficheros, $fechadeevaluacion); $step->estado = 'No Iniciada'; $step->maxreturnstatus = $origstep->maxreturnstatus; $step->save(); } } if ($old->estado == 'En Curso' && $this->estado == 'Cancelada') { $this->enviarAviso("cancelada"); } $this->ejecutor = BILO_uid() > 1 ? BILO_uid() : $this->ejecutor; $par = new Ente($this->name); $par = typecast($this, "Ente"); //dataDump($par); return $par->save(); }
function save() { $obj = newObject($this->campos["entity"]); $this->usuario_id = BILO_uid(); $this->vista = $this->campos['entity']; foreach ($this->campos as $key => $value) { if (!in_array($key, array_keys($obj->properties))) { unset($this->campos[$key]); } } $this->campos_ser = serialize($this->campos); setLimitRows(15000); $this->searchResults = $this->select("usuario_id={$this->usuario_id} AND vista='{$this->vista}'"); resetLimitRows(); if ($this->nRes > 0) { $this->ID = $this->searchResults[0]->ID; } else { $this->ID = 1; } $par = new Ente($this->name); $par = typecast($this, "Ente"); return $par->save(); }
<?php require_once "coreg2.php"; HTML("action_header"); $url = urldecode($params); $b = newObject("bookmark"); $b->url = $url; $b->nombre = $name; $b->user_id = BILO_uid(); if (!$b->save()) { echo $b->ERROR; } else { echo "Guardado correctamente [{$name}]"; } HTML("action_footer");
/*********************** Extended URI featuring MODULE APP ACTION ************************/ require_once "coreg2.php"; set_include_dir(dirname(__FILE__) . "/local/Tmpl/-"); require_once "Bilo/API_exports.php"; set_include_dir(dirname(__FILE__) . "/Bilo/-"); require_once "Lib/lib_session.php"; setLimitRows(20); $up = newobject("user_pref"); $up->getPrefByUser(BILO_uid()); $up->setPrefs(); if (!$isLoginScreen && !$SYS["GLOBAL"]["void_login"]) { if (BILO_isLogged() == false) { PlantHTML(array("location" => $SYS["ROOT"] . "/Login/login.php"), "opener"); die; } else { if (BILO_isOperator() || BILO_isAdmin()) { echo ''; } else { PlantHTML(array("location" => $SYS["ROOT"] . "/Login/login.php"), "opener"); die; } } } if (!BILO_isAdmin() && !BILo_isOperator()) {
function BILO_checkGroup($group) { global $SYS; if ($SYS["config"]["authentication"] === false) { debug(__FILE__ . " " . __LINE__ . ' Auth disabled by $SYS["config"]["authentication"]', "red"); return true; } $user = newObject("user", BILO_uid()); if ($user->inGroup($group)) { return True; } else { return False; } }
<?php if (!isset($_SESSION['fecha'])) { $us = newObject("user", BILO_uid()); //BILO-uid nos da el id del usuario actual. $us->searchResults = $us->select("ID = 'BILO_uid'"); //$_SESSION['fecha']=$us->fecha_hoy; $_SESSION['fecha'] = $us->fecha_hoy; } require_once "Forus.php"; setNavVars(array("ID", "foro_id")); $sort = isset($sort) ? $sort : "fecha DESC"; $us = newObject("user", BILO_uid()); //BILO-uid nos da el id del usuario actual. $us->searchResults = $us->select("ID = 'BILO_uid'"); //$_SESSION['fecha']=$us->fecha_hoy; //$_COOKIE['fecha']=$us->fecha_hoy; $us->fecha_hoy = date(time()); $us->save(); $u = newObject("foro"); $u->searchResults = $u->selectAll($offset, $sort); if ($u->nRes == 0) { echo "<tr><td colspan=\"6\" ALIGN=\"CENTER\">NO EXISTE EN ESTE MOMENTO NINGÚN FORO DISPONIBLE</TD></TR></TABLE>"; } else { $total = $u->sumaMsg(); $external_data = array("grafica" => 'code#return $object->msgBar(' . $total . ');', "nuevo" => 'code#if ($object->fecha >= ' . ($_SESSION['fecha'] + 1) . ') return "Nuevos Mensajes";'); listList($u, $external_data, "list_foro"); }
require_once "Memo.php"; require_once "security.php"; HTML("action_header"); if (isset($_POST["ID"])) { if ($ID < 2) { $form = newObject("data_object", $ID); $form->setAll($_POST); if (!BILO_isAdmin()) { $form->uid = BILO_uid(); } if ($form->save()) { echo $form->nombre . _(" guardado"); frameGo("fbody", "list.php?inode=" . $form->inode); } else { echo $form->nombre . _(" no guardado"); } } else { $form = newObject("data_object", $ID); $form->setAll($_POST); if (!BILO_isAdmin()) { $form->uid = BILO_uid(); } if ($form->save()) { echo $form->nombre . _(" guardado"); frameGo("fbody", "list.php?inode=" . $form->inode); } else { echo $form->nombre . _(" no guardado"); } } } HTML("action_footer");
<?php require_once "coreg2.php"; HTML("action_header"); $form = newObject("bookmark", $ID); if ($form->user_id == BILO_uid()) { if ($form->delete()) { echo _("Borrado correctamente"); } else { echo _("No borrado"); } } else { echo _("Sin permiso"); }
<?php require_once "Memo.php"; require_once "security.php"; if (!BILO_isAdmin()) { $p->security_option = "disabled"; } $auth = newObject("user"); $uuids = $auth->listAll("username"); $gauth = newObject("group"); $guids = $gauth->listAll("groupname"); $external_data = array("gid" => $guids, "uid" => $uuids); $p = newObject("data_object", $ID); $p->inode = $inode; if (empty($p->uid)) { $p->uid = BILO_uid(); } if (empty($type)) { $type = $p->type; } else { $p->type = $type; } if (!BILO_isAdmin()) { $p->security_option = disabled; } if (checkSecurity($p)) { formAction("action_save.php", "footer", "editForm"); $p->boton0 = gfxBotonAction("Guardar", "getElementById('editForm').submit()", True); debug("type of edit element: {$type} ", "red"); if ($type == "archive") { plantHTML($p, "add_form", $external_data);
<?php require_once "coreg2.php"; setNavVars(array("void_framming")); $u = newObject("bookmark", 1); $uid = BILO_uid(); $u->searchResults = $u->select("user_id={$uid}", $offset, $sort); listList($u, array(), "lbookmarks"); ?>