public function settings()
{
if (!$this->authedUser) {
redirect(base_url('app/novp/'));
} else {
if (!check_access($this->authedUser, 'use_novp_api')) {
redirect(base_url('app/novp/start/'));
}
}
// Get token
$r_token = $this->db->get_where('novp_tokens', array('user_id' => $this->authedUser->getId()));
if ($r_token->num_rows() == 1) {
$token = $r_token->result()[0]->token;
} else {
$token = "Click Refresh icon to get token";
}
$this->data['user'] = $this->authedUser;
$this->data['token'] = $token;
$this->data['user_details'] = $this->authedUser->toArray()['details'][0];
$this->data['page_title'] = 'Settings | NOVP - Power your video with NOVP';
$this->data['menu_active'] = "settings";
$this->load->view('novp/views/header', $this->data);
$this->load->view('novp/views/nav');
$this->load->view('novp/views/settings');
$this->load->view('novp/views/footer');
}
function call_move_text()
{
global $local_stats,$id,$confirm,$target,$tool;
include_once('inc/functions/resort_tools.php');
check_access($tool);
echo "<form method=\"post\" action=\"".$_SERVER['REQUEST_URI']."\">" .
"Input user id: <input name=id size=5><br>" .
"Move to alliance: <input name=target size=5><br>" .
'<label>Check if touring:</label>' .
'<input type="checkbox" name="tourer">' .
"<input type=submit value=Move name=confirm>" .
"</form>" .
"<br><br>";
if ($confirm && $id && $target)
{
//if ($target == 1 && $local_stats[LEVEL] < 5)
// $target = 2;
echo "User $id has been move to alliance $target";
$orkTime = date(TIMESTAMP_FORMAT);
$search = mysql_query("SELECT * FROM stats WHERE id = $id");
$search = mysql_fetch_array($search);
//mysql_query("UPDATE stats SET kingdom = $target, type ='player', invested = 0 where id = $id");
//mysql_query("UPDATE rankings_personal SET alli_id = $target where id = $id");
//mysql_query("UPDATE stats SET vote = 0, invested = 0 WHERE vote = $id");
//mysql_query("UPDATE goods SET credits = 0, market_money = 0, market_food = 0, market_soldiers = 0, market_wood = 0 WHERE id = $id");
move_tribe($id, $target);
mysql_query("INSERT INTO news (id, time, ip, type, duser, ouser, result, text, kingdom_text, kingdoma, kingdomb) VALUES ('', '$orkTime', '---', 'Mod Move', '0', '0', '1', '', '<font class=\"indicator\">$search[tribe] was moved from #$search[kingdom] to #$target!</font>', '$search[kingdom]', '$target')");
}
}
function index()
{
$this->load->dbutil();
$this->load->helper('download');
/* Check access */
if (!check_access('backup account')) {
$this->messages->add('Permission denied.', 'error');
redirect('setting');
return;
}
$backup_filename = "backup" . date("dmYHis") . ".gz";
/* Backup your entire database and assign it to a variable */
$backup_data =& $this->dbutil->backup();
/* Write the backup file to server */
if (!write_file($this->config->item('backup_path') . $backup_filename, $backup_data)) {
$this->messages->add('Error saving backup file to server.' . ' Check if "' . $this->config->item('backup_path') . '" folder is writable.', 'error');
redirect('setting');
return;
}
/* Send the file to your desktop */
force_download($backup_filename, $backup_data);
$this->logger->write_message("success", "Downloaded account backup");
redirect('setting');
return;
}
public function register()
{
check_access(TRUE, TRUE);
$data = array('title' => 'Register', 'button' => 'Register', 'fields' => array('id' => array('label' => 'Registration ID', 'type' => 'text', 'attr' => array('required' => '', 'autofocus' => '')), 'email' => array('label' => 'Email', 'type' => 'email', 'attr' => array('required' => '')), 'password' => array('label' => 'Password', 'type' => 'password'), 'title' => array('label' => 'Title', 'type' => 'select', 'values' => array('Mr' => 'Mr', 'Ms' => 'Ms', 'Mrs' => 'Mrs', 'Dr' => 'Dr', 'Prof' => 'Prof')), 'first_name' => array('label' => 'First Name', 'type' => 'text'), 'last_name' => array('label' => 'Last Name', 'type' => 'text'), 'address' => array('label' => 'Address', 'type' => 'textarea'), 'city' => array('label' => 'City', 'type' => 'text'), 'country' => array('label' => 'Country', 'type' => 'text'), 'attendee_type' => array('label' => 'Attendee Type', 'type' => 'select', 'values' => array('student' => 'Student', 'participant' => 'Participant', 'sponsor' => 'Sponsor', 'vip' => 'VIP', 'speaker' => 'Speaker')), 'department' => array('label' => 'Department', 'type' => 'text'), 'company' => array('label' => 'Company', 'type' => 'text'), 'phone_number' => array('label' => 'Phone Number', 'type' => 'tel'), 'fax_number' => array('label' => 'Fax Number', 'type' => 'tel'), 'payment_status' => array('label' => 'Payment Status', 'type' => 'select', 'values' => array('unpaid' => 'Unpaid', 'cash' => 'Paid by Cash', 'credit' => 'Paid by Credit Card', 'epa' => 'Paid by EPS', 'cheque' => 'Paid by Cheque')), 'remarks' => array('label' => 'Remarks', 'type' => 'textarea'), 'is_admin' => array('label' => 'Is administrator?', 'type' => 'checkbox')));
if ($this->input->method() == 'post') {
$this->load->database();
$fields = $this->input->post();
foreach ($fields as &$v) {
if ($v == "") {
$v = NULL;
}
}
$fields['is_admin'] = empty($fields['is_admin']);
if ($this->db->set('registration_date', 'now()', FALSE)->insert('member', $fields) === FALSE) {
$e = $this->db->error();
$e = json_encode($e['message']);
$this->output->append_output("<script>\n alert('Database Error:\\n' + {$e});\n </script>");
} else {
$x = json_encode(site_url());
$this->output->append_output("<script>\n if(confirm('Register Success!\\nClick OK to enter a new record or cancel to go back to Home . '))\n window.parent.location.reload();\n else\n window.parent.location = {$x};\n </script>");
}
return;
}
$data['menu'] = $this->load->view('menu', NULL, TRUE);
$this->load->view('simple_form', $data);
}
public function adminSideBar($param)
{
if (check_access("Weixin/Index/index")) {
echo '<li><a href="' . U('Weixin/Index/index') . '">
<i class="fa fa-angle-double-right"></i>微信模块</a></li>';
} else {
}
}
public function index()
{
check_access(TRUE);
$data = array('title' => $this->title, 'menu' => $this->load->view('menu', NULL, TRUE), 'detail_url' => site_url(uri_string() . '/detail/{id}'), 'create_url' => site_url(uri_string() . '/create'), 'edit_url' => site_url(uri_string() . '/edit/{id}'), 'delete_url' => site_url(uri_string() . '/delete/{id}'), 'fields' => $this->fields);
$r = $this->db->where('receiver_id', $this->auth->user()->id)->get($this->table);
$data['data'] = $r->result_array();
$this->load->view($this->view[__FUNCTION__], $data);
}
function Status()
{
parent::Controller();
/* Check access */
if (!check_access('administer')) {
$this->messages->add('Permission denied.', 'error');
redirect('');
return;
}
return;
}
public function index()
{
check_access(TRUE, TRUE);
$data = array('title' => $this->title, 'menu' => $this->load->view('menu', NULL, TRUE), 'create_url' => site_url('/auth/register'), 'edit_url' => !isset($this->view['edit']) || $this->view['edit'] !== FALSE ? site_url(uri_string() . '/edit/{id}') : NULL, 'delete_url' => !isset($this->view['delete']) || $this->view['delete'] !== FALSE ? site_url(uri_string() . '/delete/{id}') : NULL, 'fields' => $this->processDynamicSource($this->fields, array(__FUNCTION__)));
$r = $this->db->get($this->table);
$data['data'] = $r->result_array();
foreach ($data['data'] as &$v) {
$v = $this->processItemSource($v, __FUNCTION__);
}
$this->load->view($this->view[__FUNCTION__], $data);
}
function Welcome()
{
parent::Controller();
/* Check access */
if (!check_access('change account settings')) {
$this->messages->add('Permission denied.', 'error');
redirect('');
return;
}
return;
}
function Printer()
{
parent::Controller();
$this->load->model('Setting_model');
/* Check access */
if (!check_access('change account settings')) {
$this->messages->add('Permission denied.', 'error');
redirect('');
return;
}
return;
}
function Report()
{
parent::Controller();
$this->load->model('Ledger_model');
/* Check access */
if (!check_access('view reports')) {
$this->messages->add('Permission denied.', 'error');
redirect('');
return;
}
return;
}
function call_tour_move_text()
{
global $local_stats, $id, $confirm, $target, $tool;
include_once 'inc/functions/resort_tools.php';
check_access($tool);
$alli_id = '';
if (isset($_POST['alli_id'])) {
$alli_id = intval($_POST['alli_id']);
}
echo '<h2>ORKFiA Tour!</h2>';
$strForm = "<form method=\"post\" action=\"" . $_SERVER['REQUEST_URI'] . "\">" . '<label>Where is our touring tribe? Alliance #</label> ' . '<input name="alli_id" size="3" value="' . $alli_id . '"/><br /><br />';
if (isset($_POST['alli_id']) && !empty($_POST['alli_id'])) {
$iAlliance = intval($_POST['alli_id']);
include 'inc/functions/vote.php';
// select everyone in this alliance
$strSQL = "SELECT * " . " FROM stats " . " WHERE kingdom = " . $iAlliance . " ORDER BY tribe ASC";
$result = mysql_query($strSQL) or die("Elder Defect:" . mysql_error());
$strForm .= "<label>Select the lucky tribe</label>: " . '<select name="id" size="1">' . render_option_list($result, TRIBE, ID, 0) . '</select><br /><br />' . '<label>Where will they apparate to? Alliance #</label>: ' . '<input name="target" size="5" /><br /><br />' . '<input type="submit" value="Move Tourer" name="confirm">';
} else {
$strForm .= '<input type="submit" value="Choose Alliance" name="confirm">';
}
$strForm .= "</form>";
echo $strForm;
if (isset($_POST['confirm']) && isset($_POST['id']) && !empty($_POST['id']) && isset($_POST['target']) && !empty($_POST['target'])) {
$id = intval($_POST['id']);
$target = intval($_POST['target']);
$trgTmpUser = new clsUser($id);
$strTribeName = ucwords(stripslashes($trgTmpUser->get_stat(TRIBE)));
if ($trgTmpUser->get_build(LAND) != 1) {
echo '<p>"W-T-F mate?" That was not a tourer tribe.</p></div>';
include_game_down();
exit;
} elseif ($target < 11) {
echo '<p>"W-T-F mate?" No apparating into staff alliances.</p></div>';
include_game_down();
exit;
}
echo "<p>Leader! The tribe of " . $strTribeName . " has now apparated to alliance #<strong>{$target}</strong>. Let us hope that neither of their citizens got splinched.</p>";
$orkTime = date(TIMESTAMP_FORMAT);
$search = mysql_query("SELECT * FROM stats WHERE id = {$id}");
$search = mysql_fetch_array($search);
//mysql_query("UPDATE stats SET kingdom = $target, type ='player', invested = 0 where id = $id");
//mysql_query("UPDATE rankings_personal SET alli_id = $target where id = $id");
//mysql_query("UPDATE stats SET vote = 0, invested = 0 WHERE vote = $id");
//mysql_query("UPDATE goods SET credits = 0, market_money = 0, market_food = 0, market_soldiers = 0, market_wood = 0 WHERE id = $id");
include_once 'inc/staff/move.inc.php';
move_tribe($id, $target);
mysql_query("INSERT INTO news (id, time, ip, type, duser, ouser, result, text, kingdom_text, kingdoma, kingdomb) VALUES ('', '{$orkTime}', '---', 'Tour Move', '0', '0', '1', '', '<span class=\"indicator\">{$search['tribe']} has joined our alliance. Long live Orkfia! Long live the tour!</span>', '', '{$target}')");
}
}
public function create_post($survey_id = 0)
{
check_access(TRUE);
$set = array('survey_id' => $survey_id, 'writer_id' => $this->auth->user()->id, 'response_json' => json_encode($_POST));
if ($this->db->insert($this->table, $set) !== FALSE) {
$list = json_encode(site_url(dirname(uri_string())));
$this->output->append_output("<script>\n alert('Thank you for your participation!');\n window.parent.location = {$list};\n </script>");
} else {
$e = $this->db->error();
if ($e['code'] == 1062) {
$this->output->append_output("<script>alert('You have done this survey already!');</script>");
} else {
$this->dbError();
}
}
}
function call_update_text()
{
$tool = $_GET['tool'];
include_once 'inc/functions/resort_tools.php';
check_access($tool);
echo "'Updating' a tribe means updating the rankings and alliscreen, " . "not giving an actual update.<br /><br />" . "<form method='post' action='{$_SERVER['REQUEST_URI']}'>" . "User id to update: <input name='id' size='5' /><br /><br />" . "<input type='submit' value='Update' name='op' />" . "</form>";
if (isset($_POST['op']) && !empty($_POST['id'])) {
$id = $_POST['id'];
$op = $_POST['op'];
include_once 'inc/functions/update.php';
include_once 'inc/functions/update_ranking.php';
$objTrgUser = new clsUser($id);
doUpdateRankings($objTrgUser, 'yes');
check_to_update($objTrgUser->get_userid());
echo "<br /><br />User " . $objTrgUser->get_userid() . " updated =)";
}
}
function call_unsuspend_text()
{
$tool = $_GET['tool'];
include_once 'inc/functions/resort_tools.php';
check_access($tool);
echo "<form method='post' action='{$_SERVER['REQUEST_URI']}'>" . "User id to unsuspend: <input name='id' size='5' /><br /><br />" . "<input type='submit' value='Unsuspend' name='op' />" . "</form>";
if (isset($_POST['op']) && !empty($_POST['id'])) {
$id = $_POST['id'];
$objTrgUser = new clsUser($id);
$arrTrgUser = array(PAUSE_ACCOUNT => 0);
$objTrgUser->set_user_infos($arrTrgUser);
// Forced Ranking Update
include_once 'inc/functions/update_ranking.php';
doUpdateRankings($objTrgUser, 'yes');
echo "<br /><br />User " . $objTrgUser->get_userid() . " unsuspended =)";
}
}
function call_tourers_text()
{
require_once 'inc/functions/resort_tools.php';
check_access($_GET['tool']);
require_once 'inc/functions/mail.php';
// first the "actually do something if asked" thing
if (isset($_POST['id']) && isset($_POST['submit']) && isset($_POST['sure']) && $_POST['sure'] == 'yes') {
//get the old values
$objTrgUser = new clsUser($_POST['id']);
$arrBuilds = $objTrgUser->get_builds();
$arrArmys = $objTrgUser->get_armys();
$intFame = $objTrgUser->get_stat(FAME);
//make the new values
$keysBuilds = array_keys($arrBuilds);
$valsBuilds = array_fill(0, count($arrBuilds), 0);
$arrBuilds = array_combine($keysBuilds, $valsBuilds);
$arrBuilds[ID] = $_POST['id'];
//DO NOT FORGET
$arrBuilds[LAND] = 1;
//prevent div0s
$keysArmys = array_keys($arrArmys);
$valsArmys = array_fill(0, count($arrArmys), 0);
$arrArmys = array_combine($keysArmys, $valsArmys);
$arrArmys[ID] = $_POST['id'];
//DO NOT FORGET
$intFame = 0;
$arrUserInfo = array(NEXT_ATTACK => 1, PAUSE_ACCOUNT => 48);
//set the new values
$objTrgUser->set_builds($arrBuilds);
$objTrgUser->set_armys($arrArmys);
$objTrgUser->set_stat(FAME, $intFame);
//update the tribe too
require_once 'inc/functions/update.php';
require_once 'inc/functions/update_ranking.php';
doUpdateRankings($objTrgUser, true);
check_to_update($objTrgUser->get_userid());
//do this afterwards, otherwise the updaterankings doesn't work too well
$objTrgUser->set_user_infos($arrUserInfo);
//tell them about it
send_mail($GLOBALS['objSrcUser']->get_userid(), $_POST['id'], "You have been tourified", "This is an automated message indicating that I have used the 'Tourify' tool to turn your tribe into a tourer tribe.");
echo "User {$_POST['id']} has been tourified. ORKFiA mail has been sent to let him know.<br /><br /><br />";
}
echo "'Tourifying' a tribe means setting it to 1 land, 0 fame, removing all military and suspending it. " . "Please make sure you're tourifying the right tribe, because the only way to undo this is resetting." . "<br /><br /><form method=\"post\" action=\"{$_SERVER['REQUEST_URI']}\">" . "<label for=\"id\">User id of tribe to tourify </label>" . "<input type=\"text\" id=\"id\" name=\"id\" size=\"5\" maxlength=\"5\" /><br />" . "<input type=\"checkbox\" id=\"sure\" name=\"sure\" value=\"yes\" />" . "<label for=\"sure\"> I'm sure I want to tourify this tribe</label><br />" . "<input type=\"submit\" name=\"submit\" value=\"tourify\" />" . "</form>";
}
function clear()
{
/* Check access */
if (!check_access('clear log')) {
$this->messages->add('Permission denied.', 'error');
redirect('log');
return;
}
/* Check for account lock */
if ($this->config->item('account_locked') == 1) {
$this->messages->add('Account is locked.', 'error');
redirect('log');
return;
}
if ($this->db->truncate('logs')) {
$this->messages->add('Log cleared.', 'success');
redirect('log');
} else {
$this->messages->add('Error clearing Log.', 'error');
redirect('log');
}
return;
}
if ($_SESSION['logged_in'] == 1) {
require_once "../includes/inc_functions.php";
//Contains functions: add_line, rm_line, get_incidents
require_once "../classes/mydb_class.php";
if (isset($_GET['sort_by'])) {
$_SESSION['sort_view_by'] = $_GET['sort_by'];
} elseif (!isset($_SESSION['sort_view_by'])) {
$_SESSION['sort_view_by'] = "date";
}
if (isset($_GET['function'])) {
$function = $_GET['function'];
} else {
$function = "";
}
$allow_edit = 0;
if (check_access("edit_incidents")) {
$allow_edit = 1;
}
} else {
header('location: http://www.siskiyourappellers.com/admin/index.php');
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml2/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
*/
require_once '../includes/auth_functions.php';
// require_once('../classes/roster_class.php');
require_once '../classes/person_class.php';
// require_once('../classes/course_enrollment_class.php');
include "../includes/g_calendar_functions.php";
//if(substr(strtolower($_SERVER['PHP_SELF']),1,9) == "incidents") header('location: http://incidents.siskiyourappellers.com');
//$php_self = "http://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
$php_self = $_SERVER['PHP_SELF'];
if ($_GET['logout'] == 1) {
session_destroy();
session_start();
}
if ($_SESSION['logged_in'] == 1) {
$allow_edit = 0;
if (check_access("edit_training")) {
$allow_edit = 1;
}
} else {
header('location: http://www.siskiyourappellers.com/admin/index.php');
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml2/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<?php
include __DIR__ . "/include.php";
check_access(ADMIN);
list($id) = apiCheckParams("id");
apiAction(function () use($id) {
dbExecute("DELETE FROM feedback WHERE challenge = :id", ['id' => $id]);
dbExecute("DELETE FROM solved_challenge WHERE challenge = :id", ['id' => $id]);
dbExecute("DELETE FROM challenge WHERE id = :id", ['id' => $id]);
});
function delete($id)
{
/* Check access */
if (!check_access('delete inventory item')) {
$this->messages->add('Permission denied.', 'error');
redirect('inventory/account');
return;
}
/* Check for account lock */
if ($this->config->item('account_locked') == 1) {
$this->messages->add('Account is locked.', 'error');
redirect('inventory/account');
return;
}
/* Checking for valid data */
$id = $this->input->xss_clean($id);
$id = (int) $id;
if ($id < 1) {
$this->messages->add('Invalid Inventory Item.', 'error');
redirect('inventory/account');
return;
}
/* Get the inventory item details */
$this->db->from('inventory_items')->where('id', $id);
$inventory_item_q = $this->db->get();
if ($inventory_item_q->num_rows() < 1) {
$this->messages->add('Invalid Inventory Item.', 'error');
redirect('inventory/account');
return;
} else {
$inventory_item_data = $inventory_item_q->row();
}
/* Deleting item */
$this->db->trans_start();
if (!$this->db->delete('inventory_items', array('id' => $id))) {
$this->db->trans_rollback();
$this->messages->add('Error deleting Inventory Item - ' . $inventory_item_data->name . '.', 'error');
$this->logger->write_message("error", "Error deleting Inventory Item called " . $inventory_item_data->name . " [id:" . $id . "]");
redirect('inventory/account');
return;
} else {
$this->db->trans_complete();
$this->messages->add('Deleted Inventory Item - ' . $inventory_item_data->name . '.', 'success');
$this->logger->write_message("success", "Deleted Inventory Item called " . $inventory_item_data->name . " [id:" . $id . "]");
redirect('inventory/account');
return;
}
return;
}
</head>
<body>
<div id="container">
<div id="header">
<div id="logo">
<?php
echo anchor('', 'Webzash', array('class' => 'anchor-link-b'));
?>
</div>
<?php
if ($this->session->userdata('user_name')) {
echo "<div id=\"admin\">";
echo anchor('', 'Accounts', array('title' => "Accounts", 'class' => 'anchor-link-b'));
echo " | ";
/* Check if allowed administer rights */
if (check_access('administer')) {
echo anchor('admin', 'Administer', array('title' => "Administer", 'class' => 'anchor-link-b'));
echo " | ";
}
echo anchor('user/profile', 'Profile', array('title' => "Profile", 'class' => 'anchor-link-b'));
echo " | ";
echo anchor('user/logout', 'Logout', array('title' => "Logout", 'class' => 'anchor-link-b'));
echo "</div>";
}
?>
<div id="info">
<?php
echo $this->config->item('account_name');
echo " (";
echo anchor('user/account', 'change', array('title' => 'Change active account', 'class' => 'anchor-link-a'));
echo ")<br />";
if (isset($id_area)) {
settype($id_area, "integer");
$id_site = mrbsGetAreaSite($id_area);
}
if (!isset($id_site)) {
$id_site = isset($_POST['id_site']) ? $_POST['id_site'] : (isset($_GET['id_site']) ? $_GET['id_site'] : -1);
}
settype($id_site, "integer");
$back = '';
if (isset($_SERVER['HTTP_REFERER'])) {
$back = htmlspecialchars($_SERVER['HTTP_REFERER']);
}
$day = date("d");
$month = date("m");
$year = date("Y");
check_access(4, $back);
//print the page header
print_header("", "", "", $type = "with_session");
// Affichage de la colonne de gauche
include "admin_col_gauche.php";
// If area is set but area name is not known, get the name.
if (isset($_GET['msg'])) {
$msg = $_GET['msg'];
affiche_pop_up($msg, "admin");
}
if (isset($id_area)) {
if (empty($area_name)) {
$res = grr_sql_query("SELECT area_name, access FROM " . TABLE_PREFIX . "_area WHERE id={$id_area}");
if (!$res) {
fatal_error(0, grr_sql_error());
}
function account()
{
$this->template->set('page_title', 'Change Account');
$this->load->library('general');
/* Show manage accounts links if user has permission */
if (check_access('administer')) {
$this->template->set('nav_links', array('admin/create' => 'Create account', 'admin/manage' => 'Manage accounts'));
}
/* Check access */
if (!$this->session->userdata('user_name')) {
$this->messages->add('Permission denied.', 'error');
redirect('');
return;
}
/* Currently active account */
$data['active_account'] = $this->session->userdata('active_account');
/* Getting list of files in the config - accounts directory */
$accounts_list = get_filenames($this->config->item('config_path') . 'accounts');
$data['accounts'] = array();
if ($accounts_list) {
foreach ($accounts_list as $row) {
/* Only include file ending with .ini */
if (substr($row, -4) == ".ini") {
$ini_label = substr($row, 0, -4);
$data['accounts'][$ini_label] = $ini_label;
}
}
}
/* Check user ini file */
if (!($active_user = $this->general->check_user($this->session->userdata('user_name')))) {
redirect('user/profile');
return;
}
/* Filter user access to accounts */
if ($active_user['accounts'] != '*') {
$valid_accounts = explode(",", $active_user['accounts']);
$data['accounts'] = array_intersect($data['accounts'], $valid_accounts);
}
/* Form validations */
$this->form_validation->set_rules('account', 'Account', 'trim|required');
/* Repopulating form */
if ($_POST) {
$data['active_account'] = $this->input->post('account', TRUE);
}
/* Validating form : only if label name is not set from URL */
if ($this->form_validation->run() == FALSE) {
$this->messages->add(validation_errors(), 'error');
$this->template->load('user_template', 'user/account', $data);
return;
} else {
$data_active_account = $this->input->post('account', TRUE);
/* Check for valid account */
if (!array_key_exists($data_active_account, $data['accounts'])) {
$this->messages->add('Invalid account selected.', 'error');
$this->template->load('user_template', 'user/account', $data);
return;
}
if (!$this->general->check_account($data_active_account)) {
$this->template->load('user_template', 'user/account', $data);
return;
}
/* Setting new account database details in session */
$this->session->set_userdata('active_account', $data_active_account);
$this->messages->add('Account changed.', 'success');
redirect('');
}
return;
}
<?
$use_title="Template Manager";
$_SESSION['selected_doc_type_id']=0;
include('header.php');
$valid_access=check_access($page_name);
$template_list="";
$template_form="";
if(!isset($_GET['id'])) $_GET['id']=0;
//list templates
$template_list="<a href='templates.php?id=0'><div class='tempate_editor_adder'>Add New Template</div></a>";
$sql = "
select *
from templates
where deleted=0
order by archived asc,template_name asc,id asc
";
$data=simple_query($sql);
while($row=mysqli_fetch_array($data))
{
$template_list.="<a href='templates.php?id=".$row['id']."'><div class='tempate_editor_list".($row['archived'] > 0 ? " archived" : "")."'>".$row['template_name']."</div></a>";
}
//template set-up for selected template.
if ($_POST[save_status]) {
//echo "status";
check_access("revision_action");
$query = "UPDATE {$table}\r\n SET status=" . sec_input(sec_sql($_POST["status"])) . "\r\n WHERE id=\"{$order}\"";
sql_update($query);
}
if ($_POST[save_zakaznik]) {
//echo "status";
check_access("revision_action");
$query = "UPDATE {$table}\r\n SET id_zakaznik=" . sec_input(sec_sql($_POST["zakaznik"])) . "\r\n WHERE id=\"{$order}\"";
sql_update($query);
}
display_all_revisions($order);
// ak je vybratá objednavka, zobrazi vsetky jej revizie
} else {
check_access("objednavka_edit");
$form_data = sql_query("SELECT meno, adresa, mesto, ico_icdph, telefon, email, id_material as material,\r\n id_hrubka as hrubka_rev, id_vyrobca as vyrobca, id_dekor as dekor, dekor_vlastny, komentar,\r\n komentar_private\r\n FROM revizia \r\n WHERE id_obj=\"{$order}\" AND id=\"{$revision}\" \r\n LIMIT 1");
$form_data_narez = sql_query("SELECT ks, dlzka, sirka, nazov, poznamka, hrubka, orientacia,\r\n hrana1, hrana2, hrana3, hrana4, duplak_paska, roh1x, roh1y, roh2x, roh2y,\r\n roh3x, roh3y, roh4x, roh4y\r\n FROM porez \r\n WHERE id_revizia=\"{$revision}\"");
//var_dump($form_data_narez);
$form_data = $form_data[0];
$fieldsets_c = count($form_data_narez);
for ($i = 0; $i < $fieldsets_c; $i++) {
$ks[$i] = $form_data_narez[$i][ks];
$dlzka[$i] = $form_data_narez[$i][dlzka];
$sirka[$i] = $form_data_narez[$i][sirka];
$nazov[$i] = $form_data_narez[$i][nazov];
$poznamka[$i] = $form_data_narez[$i][poznamka];
$hrubka[$i] = $form_data_narez[$i][hrubka];
$orientacia[$i] = $form_data_narez[$i][orientacia];
$hrana1[$i] = $form_data_narez[$i][hrana1];
$hrana2[$i] = $form_data_narez[$i][hrana2];
*
* You should have received a copy of the GNU General Public License
* along with GRR; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
include "include/admin.inc.php";
$grr_script_name = "admin_config_sso.php";
$back = '';
if (isset($_SERVER['HTTP_REFERER'])) {
$back = htmlspecialchars($_SERVER['HTTP_REFERER']);
}
if (Settings::get("sso_ac_corr_profil_statut") != 'y') {
showAccessDenied($back);
exit;
}
check_access(5, $back);
$themessage = str_replace("'", "\\'", get_vocab("confirmdel"));
$themessage2 = str_replace("'", "\\'", get_vocab("confirm_del"));
//
// Ajout d'une correspondance fonction/statut
//
$msg = "";
if (isset($_GET['action_add']) && $_GET['action_add'] == 'yes') {
if ($_POST['codefonc'] != "" && $_POST['libfonc'] != "" && $_POST['statutgrr'] != "") {
$sql = "INSERT INTO " . TABLE_PREFIX . "_correspondance_statut (code_fonction, libelle_fonction, statut_grr) VALUES ('" . strtoupper(protect_data_sql($_POST['codefonc'])) . "', '" . ucfirst(protect_data_sql($_POST['libfonc'])) . "','" . $_POST['statutgrr'] . "')";
if (grr_sql_command($sql) < 0) {
fatal_error(0, "<p>" . grr_sql_error());
} else {
$msg = get_vocab("message_records");
}
} else {
<?php
include __DIR__ . "/include.php";
check_access(TEACHER);
list($class, $challenge) = apiCheckParams("class", "challenge");
$user = $_SESSION["user"];
$extra = isset($_POST["extra"]);
apiCheck(dbExists(isTeacher() ? "SELECT id FROM class WHERE id = :class AND teacher = :teacher" : "SELECT id FROM class WHERE id = :class AND :teacher != -1", ['class' => $class, "teacher" => $user]), "Ungültige Klasse");
apiCheck(dbExists("SELECT id FROM challenge WHERE id = :id", ["id" => $challenge]), "Ungültige Challenge");
apiCheck(!dbExists("SELECT * FROM solved_challenge WHERE class = :class AND challenge = :challenge", ["class" => $class, "challenge" => $challenge]), "Challenge wurde von der Klasse schon gelöst");
apiCheck(!$extra || dbExists("SELECT id FROM challenge WHERE id = :id AND extrapoints IS NOT NULL", ["id" => $challenge]), "Kann keine Extrapunkte für Challenge ohne Extrapunkte setzen!");
apiAction(function () use($class, $challenge, $extra) {
checkMilestone($class, function () use($class, $challenge, $extra) {
dbExecute("INSERT INTO solved_challenge (class, challenge, extra, at) VALUES (:class, :challenge, :extra, NOW())", ["class" => $class, "challenge" => $challenge, "extra" => $extra]);
});
});
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with GRR; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
include "include/admin.inc.php";
$grr_script_name = "admin_view_connexions.php";
$back = '';
if (isset($_SERVER['HTTP_REFERER'])) {
$back = htmlspecialchars($_SERVER['HTTP_REFERER']);
}
$day = date("d");
$month = date("m");
$year = date("Y");
check_access(6, $back);
if (isset($_POST['cleanDay']) && isset($_POST['cleanMonth']) && isset($_POST['cleanYear'])) {
$sql = "DELETE FROM " . TABLE_PREFIX . "_log WHERE START < '" . $_POST['cleanYear'] . "-" . $_POST['cleanMonth'] . "-" . $_POST['cleanDay'] . "' and END < now()";
$res = grr_sql_query($sql);
}
print_header("", "", "", $type = "with_session");
include "admin_col_gauche.php";
echo "<h2>" . get_vocab('admin_view_connexions.php') . "</h2>";
echo "<h3>" . get_vocab("users_connected") . "</h3>";
?>
<div title="Utilisateur connecté">
<ul>
<?php
$sql = "SELECT u.login, concat(u.prenom, ' ', u.nom) utilisa, u.email FROM " . TABLE_PREFIX . "_log l, " . TABLE_PREFIX . "_utilisateurs u WHERE (l.LOGIN = u.login and l.END > now())";
$res = grr_sql_query($sql);
if ($res) {
/**
* @param $tag
* @param $content
* @usage <control access="Admin/Posts/NOVERIFY">需要权限而显示的内容</control>
* access="Group/Controller/action"
* @return bool
*/
public function _accesscontrol($tag, $content)
{
$access = isset($tag['access']) ? $tag['access'] : "";
if (check_access($access)) {
return $content;
} else {
return false;
}
}