// Called by 'page' from index.php. // This is the generik page in Min Bok that builds from the database. // Input: 'idPage' // Output: // /////////////////////////////////////////////////////////////////////////////////////////////////// // Check that the page is reached from the front controller and authority etc. $intFilter = new CAccessControl(); $intFilter->FrontControllerIsVisitedOrDie(); $intFilter->UserIsSignedInOrRedirectToSignIn(); /////////////////////////////////////////////////////////////////////////////////////////////////// // Take care of input. $idPage = isset($_GET['idPage']) ? $_GET['idPage'] : NULL; /////////////////////////////////////////////////////////////////////////////////////////////////// // Prepare database. $dbAccess = new CdbAccess(); $tableChild = DB_PREFIX . 'Child'; $tableBook = DB_PREFIX . 'Book'; $tablePage = DB_PREFIX . 'Page'; $tableField = DB_PREFIX . 'Field'; $idPage = $dbAccess->WashParameter($idPage); /////////////////////////////////////////////////////////////////////////////////////////////////// // Sheck if session id is approved to see the page and edit the page. /////////////////////////////////////////////////////////////////////////////////////////////////// // Get info about this page. $query = "SELECT * FROM {$tablePage} WHERE idPage = {$idPage};"; $result = $dbAccess->SingleQuery($query); $row = $result->fetch_object(); $style = $row->stylePage; $header = $row->headerPage; $result->close();
} $intFilter = new CAccessControl(); $intFilter->UserIsSignedInOrRedirect(); $redirect = "glry"; /* * Process input 'id' if exists. * Decide next page 'redirect' depending on if 'id' exists or not. */ $idAlbum = isset($_GET['id']) ? $_GET['id'] : NULL; if ($debugEnable) { $debug .= "idAlbum: " . $idAlbum . "<br /> \r\n"; } /* * Prepare the database. */ $dbAccess = new CdbAccess(); $tablePerson = DB_PREFIX . 'Person'; $tableAlbum = DB_PREFIX . 'Album'; $tablePicture = DB_PREFIX . 'Picture'; /* * If $idAlbum exists the DB will be updated. Get the existing info. */ if ($idAlbum) { $idAlbum = $dbAccess->WashParameter($idAlbum); $query = "SELECT * FROM {$tableAlbum} WHERE idAlbum = {$idAlbum};"; $result = $dbAccess->SingleQuery($query); $arrayAlbum = $result->fetch_row(); $result->close(); } else { // Clear all parameters if a new user will be created. $arrayAlbum = array("", "", "", "", "", "", "");
$intFilter->UserIsSignedInOrRedirect(); // Input idPicture. $idPicture = isset($_GET['id']) ? $_GET['id'] : NULL; $stylesheet = WS_STYLESHEET; $mainTextHTML = <<<HTMLCode <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <link href="{$stylesheet}" rel="stylesheet" type="text/css" /> <title> </title> </head> <body id="if"> HTMLCode; if ($idPicture) { // Prepare the database. $dbAccess = new CdbAccess(); $tablePicture = DB_PREFIX . 'Picture'; // Get picture information from the DB. $query = "SELECT * FROM {$tablePicture} WHERE idPicture = {$idPicture};"; $result = $dbAccess->SingleQuery($query); $row = $result->fetch_object(); $imageTitle = $row->namePicture; $imageDesc = nl2br($row->descriptionPicture); $normalImage = WS_PICTUREARCHIVE . PA_NORMALPREFIX . $idPicture . ".jpg"; $mainTextHTML .= <<<HTMLCode <img src='{$normalImage}' alt='a' /><br/> <div id='imgInfo'> <h2>{$imageTitle}</h2> <p>{$imageDesc}</p> </div> HTMLCode;
* */ /* * Check if allowed to access. * If $nextPage is not set, the page is not reached via the page controller. * Then check if the viewer is signed in. */ if (!isset($nextPage)) { die('Direct access to the page is not allowed.'); } $intFilter = new CAccessControl(); $intFilter->UserIsSignedInOrRedirect(); /* * Prepare the database. */ $dbAccess = new CdbAccess(); $tablePerson = DB_PREFIX . 'Person'; $tableBostad = DB_PREFIX . 'Bostad'; $tableFunktionar = DB_PREFIX . 'Funktionar'; $tableElev = DB_PREFIX . 'Elev'; $tableMalsman = DB_PREFIX . 'Malsman'; $tableRelation = DB_PREFIX . 'Relation'; /* * Handle input to the page. */ $idPerson = isset($_GET['id']) ? $_GET['id'] : NULL; $idPerson = $dbAccess->WashParameter($idPerson); if ($debugEnable) { $debug .= "Input: id=" . $idPerson . " Authority = " . $_SESSION['authorityUser'] . "<br />\r\n"; } /*
$intFilter->FrontControllerIsVisitedOrDie(); /////////////////////////////////////////////////////////////////////////////////////////////////// // Döda eventuella gamla sessioner. $hitCounter = $_SESSION["hitCounter"]; //Spara hitCounter innan vi dödar sessionen. require_once TP_SOURCE . 'FDestroySession.php'; /////////////////////////////////////////////////////////////////////////////////////////////////// // Ta hand om inparametrar till sidan. $accountPerson = isset($_POST['account']) ? $_POST['account'] : NULL; $passwordPerson = isset($_POST['password']) ? $_POST['password'] : NULL; $redirect = isset($_POST['redirect']) ? $_POST['redirect'] : 'main'; if ($debugEnable) { $debug .= "Input: account={$accountPerson} password={$passwordPerson} redirect={$redirect}<br /> \n"; } // Förbered databasen. $dbAccess = new CdbAccess(); $tablePerson = DB_PREFIX . 'Person'; $tableFunktionar = DB_PREFIX . 'Funktionar'; // Tvätta inparametrarna. $accountPerson = $dbAccess->WashParameter($accountPerson); $passwordPerson = $dbAccess->WashParameter($passwordPerson); /////////////////////////////////////////////////////////////////////////////////////////////////// // Kolla om account med det lösenordet finns i databasen och använd resultatet för att skapa en // session med userId, userPassword och behörighet. $query = <<<Query SELECT * FROM {$tablePerson} WHERE \taccountPerson = '{$accountPerson}' AND \tpasswordPerson \t= md5('{$passwordPerson}') ; Query;
/////////////////////////////////////////////////////////////////////////////////////////////////// // Check that the page is reached from the front controller and authority etc. $intFilter = new CAccessControl(); $intFilter->FrontControllerIsVisitedOrDie(); $intFilter->UserIsSignedInOrRedirectToSignIn(); /////////////////////////////////////////////////////////////////////////////////////////////////// // Take care of input. $idBook = isset($_GET['idBook']) ? $_GET['idBook'] : NULL; $idChild = isset($_GET['idChild']) ? $_GET['idChild'] : NULL; // Initiate aBook if we are going to generate a new account. $aBook = array("", "", "", "", "", ""); /////////////////////////////////////////////////////////////////////////////////////////////////// // If $idBook has a value then idBook shall be edited. Get the old info. $redirect = "my_page"; if ($idBook) { $dbAccess = new CdbAccess(); $idBook = $dbAccess->WashParameter($idBook); $tableBook = DB_PREFIX . 'Book'; $query = "SELECT * FROM {$tableBook} WHERE idBook = {$idBook};"; $result = $dbAccess->SingleQuery($query); $aBook = $result->fetch_row(); $result->close(); } /////////////////////////////////////////////////////////////////////////////////////////////////// // Make a form for editing the book. $mainTextHTML = <<<HTMLCode <form action='?p=save_book' method='post'> <table> <tr><td>Boktitel</td> <td><input type='text' name='nameBook' size='20' maxlength='20' value='{$aBook[1]}' /></td></tr> <tr><td>
// // PDelAccount.php // Called by 'del_account' from index.php. // This page deletes a user from all tables. // Input: 'idUser' // Output: // /////////////////////////////////////////////////////////////////////////////////////////////////// // Check that the page is reached from the front controller and authority etc. $intFilter = new CAccessControl(); $intFilter->FrontControllerIsVisitedOrDie(); $intFilter->UserIsSignedInOrRedirectToSignIn(); $intFilter->UserIsAuthorisedOrDie('adm'); /////////////////////////////////////////////////////////////////////////////////////////////////// // Prepare the database. $dbAccess = new CdbAccess(); $tableUser = DB_PREFIX . 'User'; /////////////////////////////////////////////////////////////////////////////////////////////////// // Take care of input to the page. $idUser = isset($_GET['id']) ? $_GET['id'] : NULL; $idUser = $dbAccess->WashParameter($idUser); if ($debugEnable) { $debug .= "Input: idUser="******"<br /> \n"; } /////////////////////////////////////////////////////////////////////////////////////////////////// // Remove the user from all tables. $totalStatements = 1; $query = <<<QUERY DELETE FROM {$tableUser} WHERE idUser = '******'; QUERY; // Uppdate with code for removing everything related to the user.
$ePost->addRule('regex', 'Det är inte en korrekt e-postadress.', "/^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,4}\$/"); // Knappar $buttons = $form->addGroup('buttons')->setSeparator(' '); $buttons->addElement('image', 'submitButton', array('src' => '../images/b_enter.gif', 'title' => 'Skicka')); $buttons->addElement('static', 'cancelButton')->setContent('<a title="Avbryt" href="?p=main" > <img src="../images/b_cancel.gif" alt="Avbryt" /></a>'); /* * Behandla informationen i formuläret. */ // Ta bort 'space' först och sist på alla värden. $form->addRecursiveFilter('trim'); $mainTextHTML = ""; if ($form->validate()) { // Om sidan är riktigt ifylld. // Förbered databasen $dbAccess = new CdbAccess(); $tablePerson = DB_PREFIX . 'Person'; //Tvätta inparametrarna. $formValues = $form->getValue(); $eMailAdr = $dbAccess->WashParameter($formValues['ePost']); // Skapa ett slumplösenord. $min = 5; // minimum length of password $max = 10; // maximum length of password $pwd = ""; // to store generated password for ($i = 0; $i < rand($min, $max); $i++) { $num = rand(48, 122); if ($num > 97 && $num < 122) { $pwd .= chr($num);
// PEditChild.php // Called by 'edit_child' from index.php. // The page generates a form for editing details of a child. If no id is provided a new child is // generated. // From this page you are sent to PSaveChild and then to PMyPage. // Input: 'id' // Output: 'firstName', 'famillyNamn', 'birthDate', 'id', 'redirect' as POST. // /////////////////////////////////////////////////////////////////////////////////////////////////// // Check that the page is reached from the front controller and authority etc. $intFilter = new CAccessControl(); $intFilter->FrontControllerIsVisitedOrDie(); $intFilter->UserIsSignedInOrRedirectToSignIn(); /////////////////////////////////////////////////////////////////////////////////////////////////// // Prepare the database and clean input. $dbAccess = new CdbAccess(); $tableChild = DB_PREFIX . 'Child'; $idChild = isset($_GET['id']) ? $_GET['id'] : NULL; $idChild = $dbAccess->WashParameter($idChild); if ($debugEnable) { $debug .= "Input: id=" . $idChild . "<br /> \n"; } /////////////////////////////////////////////////////////////////////////////////////////////////// // Fetch the present information regarding the child if the child exists. $aChild = array("", "", "", "", "", ""); // Initiate arrayUser if we are going to generate a new account. if ($idChild) { $query = "SELECT * FROM {$tableChild} WHERE idChild = {$idChild};"; $result = $dbAccess->SingleQuery($query); $aChild = $result->fetch_row(); if ($debugEnable) {
/* * Check if allowed to access. * If $nextPage is not set, the page is not reached via the page controller. * Then check if the viewer is signed in. */ if (!isset($nextPage)) { die('Direct access to the page is not allowed.'); } $intFilter = new CAccessControl(); $intFilter->UserIsSignedInOrRedirect(); $intFilter->UserIsAuthorisedOrDie('adm'); //Must be adm to access the page. /* * Prepare the data base. */ $dbAccess = new CdbAccess(); $tablePerson = DB_PREFIX . 'Person'; /* * Handle input to the page. */ $accountPerson = isset($_POST['account']) ? $_POST['account'] : NULL; $fornamnPerson = isset($_POST['fornamn']) ? $_POST['fornamn'] : NULL; $efternamnPerson = isset($_POST['efternamn']) ? $_POST['efternamn'] : NULL; $accountPerson = $dbAccess->WashParameter($accountPerson); $fornamnPerson = $dbAccess->WashParameter($fornamnPerson); $efternamnPerson = $dbAccess->WashParameter($efternamnPerson); if ($debugEnable) { $debug .= $accountPerson . $fornamnPerson . $efternamnPerson . "<br />\r\n"; } /* * Definiera query utifrån sökkriterie.
/* * Check if allowed to access. * If $nextPage is not set, the page is not reached via the page controller. * Then check if the viewer is signed in. */ if (!isset($nextPage)) { die('Direct access to the page is not allowed.'); } $intFilter = new CAccessControl(); $intFilter->UserIsSignedInOrRedirect(); $intFilter->UserIsAuthorisedOrDie('adm'); //Must be adm to access the page. /* * Initiate the DB. */ $dbAccess = new CdbAccess(); $tablePerson = DB_PREFIX . 'Person'; $tableBostad = DB_PREFIX . 'Bostad'; $tableFunktionar = DB_PREFIX . 'Funktionar'; $tableMalsman = DB_PREFIX . 'Malsman'; $tableElev = DB_PREFIX . 'Elev'; $tableRelation = DB_PREFIX . 'Relation'; $tableBlogg = DB_PREFIX . 'Blogg'; $tableAlbum = DB_PREFIX . 'Album'; $tablePicture = DB_PREFIX . 'Picture'; $dumpFileName = "DB_dump.txt"; $delimiter = "¤"; $maxTextLength = 65535; // Length of datatyp TEXT in MqSQL. /* * Open the file and add the title.
// PEditUser.php // Called by 'edit_user' from index.php. // The page generates a form for editing details of an user. // From this page you are sent to PSaveUser and after that redirected to PShowUser. // Input: 'id' // Output: 'firstName', 'familyNamn', 'eMail1', 'eMail2', 'id', 'redirect' as POST. // /////////////////////////////////////////////////////////////////////////////////////////////////// // Check that the page is reached from the front controller and authority etc. $intFilter = new CAccessControl(); $intFilter->FrontControllerIsVisitedOrDie(); $intFilter->UserIsSignedInOrRedirectToSignIn(); $intFilter->UserIsAuthorisedOrDie('adm'); /////////////////////////////////////////////////////////////////////////////////////////////////// // Prepare the database and clean input. $dbAccess = new CdbAccess(); $tableUser = DB_PREFIX . 'User'; $idUser = isset($_GET['id']) ? $_GET['id'] : NULL; $idUser = $dbAccess->WashParameter($idUser); if ($debugEnable) { $debug .= "Input: id=" . $idUser . "<br /> \n"; } /////////////////////////////////////////////////////////////////////////////////////////////////// // Fetch the present information regarding the user. $totalStatements = 1; $query = <<<QUERY SELECT * FROM {$tableUser} WHERE idUser = {$idUser}; QUERY; $statements = $dbAccess->MultiQuery($query, $arrayResult); if ($debugEnable) { $debug .= "{$statements} statements av {$totalStatements} kördes.<br /> \n";
$intFilter = new CAccessControl(); $intFilter->FrontControllerIsVisitedOrDie(); $intFilter->UserIsSignedInOrRedirectToSignIn(); $intFilter->UserIsAuthorisedOrDie('adm'); /////////////////////////////////////////////////////////////////////////////////////////////////// // Take care of input to the page. // $accountUser = isset($_POST['account']) ? $_POST['account'] : NULL; $firstNameUser = isset($_POST['firstName']) ? $_POST['firstName'] : NULL; $familyNameUser = isset($_POST['familyName']) ? $_POST['familyName'] : NULL; if ($debugEnable) { $debug .= $accountUser . $firstNameUser . $familyNameUser . "<br /> \n"; } /////////////////////////////////////////////////////////////////////////////////////////////////// // Query the database and clean input. $dbAccess = new CdbAccess(); $tableUser = DB_PREFIX . 'User'; $accountUser = $dbAccess->WashParameter($accountUser); $firstNameUser = $dbAccess->WashParameter($firstNameUser); $familyNameUser = $dbAccess->WashParameter($familyNameUser); $query = "SELECT * FROM {$tableUser} "; if ($accountUser) { $query .= "WHERE accountUser LIKE '%{$accountUser}%'"; } elseif ($familyNameUser) { $query .= "WHERE familyNameUser LIKE '%{$familyNameUser}%'"; } elseif ($firstNameUser) { $query .= "WHERE firstNameUser LIKE '%{$firstNameUser}%'"; } $query .= " ORDER BY familyNameUser;"; $result = $dbAccess->SingleQuery($query); ///////////////////////////////////////////////////////////////////////////////////////////////////
* Input: 'id' */ /* * Check if allowed to access. * If $nextPage is not set, the page is not reached via the page controller. * Then check if the viewer is signed in. */ if (!isset($nextPage)) { die('Direct access to the page is not allowed.'); } $intFilter = new CAccessControl(); $intFilter->UserIsSignedInOrRedirect(); /* * Prepare the data base. */ $dbAccess = new CdbAccess(); $tablePerson = DB_PREFIX . 'Person'; $tableRelationon = DB_PREFIX . 'Relation'; /* * Handle input to the page. */ $idPerson = isset($_GET['id']) ? $_GET['id'] : NULL; $idPerson = $dbAccess->WashParameter($idPerson); if ($debugEnable) { $debug .= "Input: id=" . $idPerson . " Authority = " . $_SESSION['authorityUser'] . "<br />\r\n"; } /* * Kontrollera om personen har behörighet till sidan, d v s är personen på * sidan, målsman till personen på sidan eller adm. */ $showPage = FALSE;
$intFilter->FrontControllerIsVisitedOrDie(); /////////////////////////////////////////////////////////////////////////////////////////////////// // Kill old sessions $hitCounter = $_SESSION["hitCounter"]; //Spara hitCounter innan vi dödar sessionen. require_once TP_SOURCEPATH . 'FDestroySession.php'; /////////////////////////////////////////////////////////////////////////////////////////////////// // Take care of input to the page. $accountUser = isset($_POST['account']) ? $_POST['account'] : NULL; $passwordUser = isset($_POST['password']) ? $_POST['password'] : NULL; $redirect = isset($_POST['redirect']) ? $_POST['redirect'] : 'main'; if ($debugEnable) { $debug .= "Input: account={$accountUser} password={$passwordUser} redirect={$redirect}<br /> \n"; } // Prepare the database. $dbAccess = new CdbAccess(); $tableUser = DB_PREFIX . 'User'; // Clean input. $accountUser = $dbAccess->WashParameter($accountUser); $passwordUser = $dbAccess->WashParameter($passwordUser); /////////////////////////////////////////////////////////////////////////////////////////////////// // Check if an account with this password exists in the database and if so start a new session with // userId, userPassword and authority. $query = <<<Query SELECT * FROM {$tableUser} WHERE \taccountUser = '******' AND \tpasswordUser \t= md5('{$passwordUser}') ; Query; session_start();
/* * Check if allowed to access. * If $nextPage is not set, the page is not reached via the page controller. * Then check if the viewer is signed in. */ if (!isset($nextPage)) { die('Direct access to the page is not allowed.'); } $intFilter = new CAccessControl(); $intFilter->UserIsSignedInOrRedirect(); $intFilter->UserIsAuthorisedOrDie('adm'); //Must be adm to access the page. /* * Prepare the data base. */ $dbAccess = new CdbAccess(); $tablePerson = DB_PREFIX . 'Person'; $tableBostad = DB_PREFIX . 'Bostad'; $tableFunktionar = DB_PREFIX . 'Funktionar'; $tableElev = DB_PREFIX . 'Elev'; $tableMalsman = DB_PREFIX . 'Malsman'; $tableRelation = DB_PREFIX . 'Relation'; $tableBlogg = DB_PREFIX . 'Blogg'; /* * Handle input to the page. */ $idPerson = isset($_GET['id']) ? $_GET['id'] : NULL; $idPerson = $dbAccess->WashParameter($idPerson); if ($debugEnable) { $debug .= "Input: idPerson=" . $idPerson . " Authority = " . $_SESSION['authorityUser'] . "<br />\r\n"; }
// // PSaveBook.php // Called by 'save_book' from index.php. // The page saves a new or edited book title. If it's a new book a first page is also added. // You are redirected to 'redirect'. // Output: 'nameBook', 'idBook', 'idChild', 'redirect' as POST's. // Output: 'id' // /////////////////////////////////////////////////////////////////////////////////////////////////// // Check that the page is reached from the front controller and authority etc. $intFilter = new CAccessControl(); $intFilter->FrontControllerIsVisitedOrDie(); $intFilter->UserIsSignedInOrRedirectToSignIn(); /////////////////////////////////////////////////////////////////////////////////////////////////// // Prepare the database. $dbAccess = new CdbAccess(); $tableBook = DB_PREFIX . 'Book'; $tableChild = DB_PREFIX . 'Child'; $tablePage = DB_PREFIX . 'Page'; /////////////////////////////////////////////////////////////////////////////////////////////////// // Get input for the book and clean it. $nameBook = isset($_POST['nameBook']) ? $_POST['nameBook'] : NULL; $idBook = isset($_POST['idBook']) ? $_POST['idBook'] : NULL; $idChild = isset($_POST['idChild']) ? $_POST['idChild'] : NULL; $redirect = isset($_POST['redirect']) ? $_POST['redirect'] : NULL; // Clean the input parameters. $idBook = $dbAccess->WashParameter($idBook); $idChild = $dbAccess->WashParameter($idChild); $nameBook = $dbAccess->WashParameter(strip_tags($nameBook)); if ($idBook) { // Edit an existing book
} if (!$idAlbum) { $_SESSION['ErrorMessage'] = "Inget album-id presenterades."; header('Location: ' . WS_SITELINK . "?p=glry"); exit; } $mainTextHTML = "<div id='content'>"; if (isset($_POST['submitBtn'])) { // If the submit button has been pressed, process the form information. require_once 'src/maxImageUpload.class.php'; $maxPhoto = new maxImageUpload(); $result = TRUE; $msg = ""; $error = ""; // Prepare the database. $dbAccess = new CdbAccess(); $tablePicture = DB_PREFIX . 'Picture'; $tableAlbum = DB_PREFIX . 'Album'; // Get form values. $namePicture = $dbAccess->WashParameter(strip_tags($_POST['mytitle'])); $descriptionPicture = $dbAccess->WashParameter(strip_tags($_POST['mydesc'])); // Register picture in DB and store the information. $query = "\n INSERT INTO {$tablePicture} (\n picture_idAlbum, \n namePicture, \n descriptionPicture)\n VALUES (\n '{$idAlbum}', \n '{$namePicture}',\n '{$descriptionPicture}'\n );\n "; $dbAccess->SingleQuery($query); // Get the picture id. $idPicture = $dbAccess->LastId(); if ($debugEnable) { $debug .= "idPicture=" . $idPicture . " Type=" . $_FILES['myfile']['type'] . " Name=" . $_FILES['myfile']['name'] . "<br />\r\n"; } //Check image type. Only jpeg images are allowed if (strcasecmp($_FILES['myfile']['type'], 'image/pjpeg') && strcasecmp($_FILES['myfile']['type'], 'image/jpeg') && strcasecmp($_FILES['myfile']['type'], 'image/jpg')) {
/* * Handle input to the page. */ $idPerson = isset($_GET['id']) ? $_GET['id'] : NULL; if ($idPerson) { $redirect = "show_usr&id=" . $idPerson; } else { $redirect = "srch_usr"; } if ($debugEnable) { $debug .= "Input: id=" . $idPerson . " Authority = " . $_SESSION['authorityUser'] . "<br />\r\n"; } /* * Prepare the data base. */ $dbAccess = new CdbAccess(); $tablePerson = DB_PREFIX . 'Person'; $tableElev = DB_PREFIX . 'Elev'; $viewMalsman = DB_PREFIX . 'ListaMalsman'; /* * Om $idPerson har ett värde så ska en användare editeras. Hämta då den * nuvarande informationen ur databasen. */ if ($idPerson) { $idPerson = $dbAccess->WashParameter($idPerson); $query = "SELECT * FROM {$tablePerson} WHERE idPerson = {$idPerson};"; $result = $dbAccess->SingleQuery($query); $arrayPerson = $result->fetch_row(); $result->close(); } else { // Nollställ alla parametrar om vi ska skapa en ny person.
// // PSaveChild.php // Called by 'save_child' from index.php. // The page saves information for the child id. // Input: 'firstName', 'famillyNamn', 'birthDate', 'id', 'redirect' as POST. // Output: // /////////////////////////////////////////////////////////////////////////////////////////////////// // Check that the page is reached from the front controller and authority etc. $intFilter = new CAccessControl(); $intFilter->FrontControllerIsVisitedOrDie(); $intFilter->UserIsSignedInOrRedirectToSignIn(); /////////////////////////////////////////////////////////////////////////////////////////////////// // Prepare the database and clean input and query the database. // $dbAccess = new CdbAccess(); $tableChild = DB_PREFIX . 'Child'; $idChild = isset($_POST['id']) ? $_POST['id'] : NULL; $firstNameChild = isset($_POST['firstName']) ? $_POST['firstName'] : NULL; $famillyNameChild = isset($_POST['famillyName']) ? $_POST['famillyName'] : NULL; $birthDateChild = isset($_POST['birthDate']) ? $_POST['birthDate'] : NULL; $redirect = isset($_POST['redirect']) ? $_POST['redirect'] : NULL; $idChild = $dbAccess->WashParameter($idChild); $firstNameChild = $dbAccess->WashParameter(strip_tags($firstNameChild)); $famillyNameChild = $dbAccess->WashParameter(strip_tags($famillyNameChild)); $birthDateChild = $dbAccess->WashParameter(strip_tags($birthDateChild)); $idUser = $_SESSION['idUser']; if ($idChild) { // If the child exists check that it's the users child and update the database. $query = "SELECT child_idUser FROM {$tableChild} WHERE idChild = {$idChild};"; $result = $dbAccess->SingleQuery($query);
$intFilter = new CAccessControl(); $intFilter->FrontControllerIsVisitedOrDie(); $intFilter->UserIsSignedInOrRedirectToSignIn(); $intFilter->UserIsAuthorisedOrDie('fnk'); // Måste vara minst funktionär för att nå sidan. /////////////////////////////////////////////////////////////////////////////////////////////////// // Input till sidan plus rensa bort HTML-taggar. // $idPost = isset($_GET['idPost']) ? $_GET['idPost'] : NULL; $post_idPerson = $_SESSION['idUser']; if ($debugEnable) { $debug .= "Input: idPost=" . $idPost . ", post_idPerson=" . $post_idPerson . "<br /> \n"; } /////////////////////////////////////////////////////////////////////////////////////////////////// // Radera idPost från databasen om du är ägare eller adm. $dbAccess = new CdbAccess(); $tableBlogg = DB_PREFIX . 'Blogg'; $idPost = $dbAccess->WashParameter($idPost); // Kolla först om du är ägare till posten. $query = "SELECT post_idPerson FROM {$tableBlogg} WHERE idPost = '{$idPost}'"; $result = $dbAccess->SingleQuery($query); $row = $result->fetch_object(); $postOwner = $row->post_idPerson; $result->close(); if ($_SESSION['idUser'] == $postOwner || $_SESSION['authorityUser'] == "adm") { $query = "DELETE FROM {$tableBlogg} WHERE idPost = '{$idPost}'"; $dbAccess->SingleQuery($query); } /////////////////////////////////////////////////////////////////////////////////////////////////// // Redirect to another page //
* Input: 'id' */ /* * Check if allowed to access. * If $nextPage is not set, the page is not reached via the page controller. * Then check if the viewer is signed in. */ if (!isset($nextPage)) { die('Direct access to the page is not allowed.'); } $intFilter = new CAccessControl(); $intFilter->UserIsSignedInOrRedirect(); /* * Förbered databasen. */ $dbAccess = new CdbAccess(); $tablePerson = DB_PREFIX . 'Person'; $tableBostad = DB_PREFIX . 'Bostad'; $tableFunktionar = DB_PREFIX . 'Funktionar'; $tableElev = DB_PREFIX . 'Elev'; $tableMalsman = DB_PREFIX . 'Malsman'; $tableRelation = DB_PREFIX . 'Relation'; /* * Tag hand om inparametrar till sidan. */ $idPerson = isset($_GET['id']) ? $_GET['id'] : NULL; $idPerson = $dbAccess->WashParameter($idPerson); if ($debugEnable) { $debug .= "Input: id=" . $idPerson . " Authority = " . $_SESSION['authorityUser'] . "<br /> \n"; } /*
*/ /* * Check if allowed to access. * If $nextPage is not set, the page is not reached via the page controller. * Then check if the viewer is signed in. */ if (!isset($nextPage)) { die('Direct access to the page is not allowed.'); } $intFilter = new CAccessControl(); $intFilter->UserIsSignedInOrRedirect(); //$intFilter->UserIsAuthorisedOrDie('adm'); //Must be adm to access the page. /* * Prepare the database. */ $dbAccess = new CdbAccess(); $tablePerson = DB_PREFIX . 'Person'; $tableAlbum = DB_PREFIX . 'Album'; $tablePicture = DB_PREFIX . 'Picture'; /* * Process input if exists. */ $idAlbum = isset($_GET['album']) ? $_GET['album'] : NULL; $idPicture = isset($_GET['pict']) ? $_GET['pict'] : NULL; $idAlbum = $dbAccess->WashParameter($idAlbum); $idPicture = $dbAccess->WashParameter($idPicture); if ($debugEnable) { $debug .= "idAlbum=" . $idAlbum . " idPicture=" . $idPicture . "<br /> \r\n"; } /* * Update the DB.
// FillDb.php // Called by 'fill_db' from index.php. // Fills the database with information from the file DB_dump.txt. // // Input: // Output: // /////////////////////////////////////////////////////////////////////////////////////////////////// // Check that the page is reached from the front controller and authority etc. $intFilter = new CAccessControl(); $intFilter->FrontControllerIsVisitedOrDie(); $intFilter->UserIsSignedInOrRedirectToSignIn(); $intFilter->UserIsAuthorisedOrDie('adm'); /////////////////////////////////////////////////////////////////////////////////////////////////// // Prepare the database $dbAccess = new CdbAccess(); $tableUser = DB_PREFIX . 'User'; $tableChild = DB_PREFIX . 'Child'; $tableBook = DB_PREFIX . 'Book'; $tablePage = DB_PREFIX . 'Page'; $tableField = DB_PREFIX . 'Field'; $tableRelation = DB_PREFIX . 'Relation'; $delimiter = "¤"; // Open the file. $dumpFileName = TP_DOCUMENTSPATH . "DB_dump.txt"; $fh = fopen($dumpFileName, "rt"); if ($debugEnable) { $debug .= "dumpFileName = " . $dumpFileName . " fh=" . $fh . "<br /> \n"; } $mainTextHTML = "<p>Databasen har från filen " . $dumpFileName . " fyllts med följande information:<p><br /> \n"; do {
$intFilter->UserIsSignedInOrRedirect(); $intFilter->UserIsAuthorisedOrDie('fnk'); /////////////////////////////////////////////////////////////////////////////////////////////////// // Input till sidan. // $idPost = isset($_POST['idPost']) ? $_POST['idPost'] : NULL; $titelPost = isset($_POST['titelPost']) ? $_POST['titelPost'] : NULL; $textPost = isset($_POST['textPost']) ? $_POST['textPost'] : NULL; $internPost = isset($_POST['internPost']) ? $_POST['internPost'] : 0; $post_idPerson = $_SESSION['idUser']; if ($debugEnable) { $debug .= "idPost=" . $idPost . " idPerson=" . $post_idPerson . " titelPost=" . $titelPost . " textPost=" . $textPost . " internPost=" . $internPost . "<br /> \n"; } /////////////////////////////////////////////////////////////////////////////////////////////////// // Uppdatera idPost om den är satt annars skapa ett nytt inlägg. $dbAccess = new CdbAccess(); $tableBlogg = DB_PREFIX . 'Blogg'; $tidPost = time(); //Tvätta inparametrarna. $idPost = $dbAccess->WashParameter($idPost); $internPost = $dbAccess->WashParameter($internPost); $tagsAllowed = '<h1><h2><h3><h4><h5><h6><p><a><br><i><em><b><strong><li><ol> <ul><a><style><font><span><img>'; $titelPost = $dbAccess->WashParameter(strip_tags($titelPost)); $textPost = $dbAccess->WashParameter(strip_tags($textPost, $tagsAllowed)); if ($idPost) { $query = <<<QUERY UPDATE {$tableBlogg} SET post_idPerson = '{$post_idPerson}', titelPost = '{$titelPost}', textPost = '{$textPost}',
/* * Check if allowed to access. * If $nextPage is not set, the page is not reached via the page controller. * Then check if the viewer is signed in. */ if (!isset($nextPage)) { die('Direct access to the page is not allowed.'); } $intFilter = new CAccessControl(); $intFilter->UserIsSignedInOrRedirect(); $intFilter->UserIsAuthorisedOrDie('adm'); //Must be adm to access the page. /* * Initiate the DB. */ $dbAccess = new CdbAccess(); $tablePerson = DB_PREFIX . 'Person'; $tableBostad = DB_PREFIX . 'Bostad'; $tableFunktionar = DB_PREFIX . 'Funktionar'; $tableElev = DB_PREFIX . 'Elev'; $tableMalsman = DB_PREFIX . 'Malsman'; $tableRelation = DB_PREFIX . 'Relation'; $tableBlogg = DB_PREFIX . 'Blogg'; $viewMalsman = DB_PREFIX . 'ListaMalsman'; $tableAlbum = DB_PREFIX . 'Album'; $tablePicture = DB_PREFIX . 'Picture'; // $totalStatements must be edited manually. Count the statements in the // query below and enter the number here. Only used for debug help. $totalStatements = 21; $query = <<<QUERY
// Nollställ alla parametrar om vi ska skapa en ny person. $arrayPerson = array("", "", "", "", "", ""); /////////////////////////////////////////////////////////////////////////////////////////////////// // Kontrollera om personen har behörighet till sidan, d v s är personen på sidan, målsman till // personen på sidan eller adm. $showPage = FALSE; if ($idPerson == $_SESSION['idUser']) { $showPage = TRUE; } if ($_SESSION['authorityUser'] == "adm") { $showPage = TRUE; } // Målsman kontrolleras längre ner. /////////////////////////////////////////////////////////////////////////////////////////////////// // Hämta den nuvarande informationen ur databasen. $dbAccess = new CdbAccess(); $idPerson = $dbAccess->WashParameter($idPerson); $tablePerson = DB_PREFIX . 'Person'; $tableRelationon = DB_PREFIX . 'Relation'; $query = "SELECT * FROM {$tablePerson} WHERE idPerson = {$idPerson};"; $result = $dbAccess->SingleQuery($query); $arrayPerson = $result->fetch_row(); $result->close(); /////////////////////////////////////////////////////////////////////////////////////////////////// // Kontrollera om SESSION idUser är målsman till idPerson. $query = "SELECT * FROM {$tableRelationon} WHERE relation_idElev = {$idPerson};"; if ($result = $dbAccess->SingleQuery($query)) { while ($row = $result->fetch_object()) { if ($row->relation_idMalsman == $_SESSION['idUser']) { $showPage = TRUE; }
/////////////////////////////////////////////////////////////////////////////////////////////////// // Check that the page is reached from the front controller and authority etc. $intFilter = new CAccessControl(); $intFilter->FrontControllerIsVisitedOrDie(); $intFilter->UserIsSignedInOrRedirectToSignIn(); $intFilter->UserIsAuthorisedOrDie('adm'); /////////////////////////////////////////////////////////////////////////////////////////////////// // Take care of input. $idUser = isset($_GET['id']) ? $_GET['id'] : NULL; // Initiate arrayUser if we are going to generate a new account. $arrayUser = array("", "", "", "", "", ""); /////////////////////////////////////////////////////////////////////////////////////////////////// // If $idUser has a value then idUser shall be edited. Get the old info. $redirect = "search_user"; if ($idUser) { $dbAccess = new CdbAccess(); $idUser = $dbAccess->WashParameter($idUser); $tableUser = DB_PREFIX . 'User'; $query = "SELECT * FROM {$tableUser} WHERE idUser = {$idUser};"; $result = $dbAccess->SingleQuery($query); $arrayUser = $result->fetch_row(); $result->close(); $redirect = "show_user&id=" . $idUser; } /////////////////////////////////////////////////////////////////////////////////////////////////// // Generate a random password. $min = 5; // minimum length of password $max = 10; // maximum length of password $pwd = "";
// PSaveUser.php // Called by 'save_user' from index.php. // The page saves user information for idUser. // Input: 'firstName', 'familyName', 'eMail1', 'eMail2', 'id', 'redirect' as POST. // Output: // /////////////////////////////////////////////////////////////////////////////////////////////////// // Check that the page is reached from the front controller and authority etc. $intFilter = new CAccessControl(); $intFilter->FrontControllerIsVisitedOrDie(); $intFilter->UserIsSignedInOrRedirectToSignIn(); $intFilter->UserIsAuthorisedOrDie('adm'); /////////////////////////////////////////////////////////////////////////////////////////////////// // Prepare the database and clean input and query the database. // $dbAccess = new CdbAccess(); $tableUser = DB_PREFIX . 'User'; $idUser = isset($_POST['id']) ? $_POST['id'] : NULL; $firstNameUser = isset($_POST['firstName']) ? $_POST['firstName'] : NULL; $familyNameUser = isset($_POST['familyName']) ? $_POST['familyName'] : NULL; $eMail1User = isset($_POST['eMail1']) ? $_POST['eMail1'] : NULL; $eMail2User = isset($_POST['eMail2']) ? $_POST['eMail2'] : NULL; $redirect = isset($_POST['redirect']) ? $_POST['redirect'] : NULL; $idUser = $dbAccess->WashParameter($idUser); $firstNameUser = $dbAccess->WashParameter(strip_tags($firstNameUser)); $familyNameUser = $dbAccess->WashParameter(strip_tags($familyNameUser)); $eMail1User = $dbAccess->WashParameter(strip_tags($eMail1User)); $eMail2User = $dbAccess->WashParameter(strip_tags($eMail2User)); $query = <<<QUERY UPDATE {$tableUser} SET firstNameUser = '******',
// PNewPassw2.php // Anropas med 'new_passw2' från index.php. // Sidan genererar ett nytt lösenord, lagrar det och skickar det till ePost om adressen finns i // registret. // Input: 'ePost' som POSTs. // /////////////////////////////////////////////////////////////////////////////////////////////////// // // Kolla behörighet med mera. // $intFilter = new CAccessControl(); $intFilter->FrontControllerIsVisitedOrDie(); /////////////////////////////////////////////////////////////////////////////////////////////////// // Förbered databasen. // $dbAccess = new CdbAccess(); $tablePerson = DB_PREFIX . 'Person'; /////////////////////////////////////////////////////////////////////////////////////////////////// // Hämta input och tvätta. // $ePost = isset($_POST['ePost']) ? $_POST['ePost'] : NULL; $ePost = $dbAccess->WashParameter($ePost); /////////////////////////////////////////////////////////////////////////////////////////////////// // Skapa ett slumplösenord. $min = 5; // minimum length of password $max = 10; // maximum length of password $pwd = ""; // to store generated password for ($i = 0; $i < rand($min, $max); $i++) {