// Called by 'page' from index.php.
// This is the generik page in Min Bok that builds from the database.
// Input: 'idPage'
// Output:
//
///////////////////////////////////////////////////////////////////////////////////////////////////
// Check that the page is reached from the front controller and authority etc.
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
$intFilter->UserIsSignedInOrRedirectToSignIn();
///////////////////////////////////////////////////////////////////////////////////////////////////
// Take care of input.
$idPage = isset($_GET['idPage']) ? $_GET['idPage'] : NULL;
///////////////////////////////////////////////////////////////////////////////////////////////////
// Prepare database.
$dbAccess = new CdbAccess();
$tableChild = DB_PREFIX . 'Child';
$tableBook = DB_PREFIX . 'Book';
$tablePage = DB_PREFIX . 'Page';
$tableField = DB_PREFIX . 'Field';
$idPage = $dbAccess->WashParameter($idPage);
///////////////////////////////////////////////////////////////////////////////////////////////////
// Sheck if session id is approved to see the page and edit the page.
///////////////////////////////////////////////////////////////////////////////////////////////////
// Get info about this page.
$query = "SELECT * FROM {$tablePage} WHERE idPage = {$idPage};";
$result = $dbAccess->SingleQuery($query);
$row = $result->fetch_object();
$style = $row->stylePage;
$header = $row->headerPage;
$result->close();
}
$intFilter = new CAccessControl();
$intFilter->UserIsSignedInOrRedirect();
$redirect = "glry";
/*
* Process input 'id' if exists.
* Decide next page 'redirect' depending on if 'id' exists or not.
*/
$idAlbum = isset($_GET['id']) ? $_GET['id'] : NULL;
if ($debugEnable) {
$debug .= "idAlbum: " . $idAlbum . "<br /> \r\n";
}
/*
* Prepare the database.
*/
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
$tableAlbum = DB_PREFIX . 'Album';
$tablePicture = DB_PREFIX . 'Picture';
/*
* If $idAlbum exists the DB will be updated. Get the existing info.
*/
if ($idAlbum) {
$idAlbum = $dbAccess->WashParameter($idAlbum);
$query = "SELECT * FROM {$tableAlbum} WHERE idAlbum = {$idAlbum};";
$result = $dbAccess->SingleQuery($query);
$arrayAlbum = $result->fetch_row();
$result->close();
} else {
// Clear all parameters if a new user will be created.
$arrayAlbum = array("", "", "", "", "", "", "");
$intFilter->UserIsSignedInOrRedirect();
// Input idPicture.
$idPicture = isset($_GET['id']) ? $_GET['id'] : NULL;
$stylesheet = WS_STYLESHEET;
$mainTextHTML = <<<HTMLCode
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link href="{$stylesheet}" rel="stylesheet" type="text/css" />
<title> </title>
</head>
<body id="if">
HTMLCode;
if ($idPicture) {
// Prepare the database.
$dbAccess = new CdbAccess();
$tablePicture = DB_PREFIX . 'Picture';
// Get picture information from the DB.
$query = "SELECT * FROM {$tablePicture} WHERE idPicture = {$idPicture};";
$result = $dbAccess->SingleQuery($query);
$row = $result->fetch_object();
$imageTitle = $row->namePicture;
$imageDesc = nl2br($row->descriptionPicture);
$normalImage = WS_PICTUREARCHIVE . PA_NORMALPREFIX . $idPicture . ".jpg";
$mainTextHTML .= <<<HTMLCode
<img src='{$normalImage}' alt='a' /><br/>
<div id='imgInfo'>
<h2>{$imageTitle}</h2>
<p>{$imageDesc}</p>
</div>
HTMLCode;
*
*/
/*
* Check if allowed to access.
* If $nextPage is not set, the page is not reached via the page controller.
* Then check if the viewer is signed in.
*/
if (!isset($nextPage)) {
die('Direct access to the page is not allowed.');
}
$intFilter = new CAccessControl();
$intFilter->UserIsSignedInOrRedirect();
/*
* Prepare the database.
*/
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
$tableBostad = DB_PREFIX . 'Bostad';
$tableFunktionar = DB_PREFIX . 'Funktionar';
$tableElev = DB_PREFIX . 'Elev';
$tableMalsman = DB_PREFIX . 'Malsman';
$tableRelation = DB_PREFIX . 'Relation';
/*
* Handle input to the page.
*/
$idPerson = isset($_GET['id']) ? $_GET['id'] : NULL;
$idPerson = $dbAccess->WashParameter($idPerson);
if ($debugEnable) {
$debug .= "Input: id=" . $idPerson . " Authority = " . $_SESSION['authorityUser'] . "<br />\r\n";
}
/*
$intFilter->FrontControllerIsVisitedOrDie();
///////////////////////////////////////////////////////////////////////////////////////////////////
// Döda eventuella gamla sessioner.
$hitCounter = $_SESSION["hitCounter"];
//Spara hitCounter innan vi dödar sessionen.
require_once TP_SOURCE . 'FDestroySession.php';
///////////////////////////////////////////////////////////////////////////////////////////////////
// Ta hand om inparametrar till sidan.
$accountPerson = isset($_POST['account']) ? $_POST['account'] : NULL;
$passwordPerson = isset($_POST['password']) ? $_POST['password'] : NULL;
$redirect = isset($_POST['redirect']) ? $_POST['redirect'] : 'main';
if ($debugEnable) {
$debug .= "Input: account={$accountPerson} password={$passwordPerson} redirect={$redirect}<br /> \n";
}
// Förbered databasen.
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
$tableFunktionar = DB_PREFIX . 'Funktionar';
// Tvätta inparametrarna.
$accountPerson = $dbAccess->WashParameter($accountPerson);
$passwordPerson = $dbAccess->WashParameter($passwordPerson);
///////////////////////////////////////////////////////////////////////////////////////////////////
// Kolla om account med det lösenordet finns i databasen och använd resultatet för att skapa en
// session med userId, userPassword och behörighet.
$query = <<<Query
SELECT * FROM {$tablePerson}
WHERE
\taccountPerson = '{$accountPerson}' AND
\tpasswordPerson \t= md5('{$passwordPerson}')
;
Query;
///////////////////////////////////////////////////////////////////////////////////////////////////
// Check that the page is reached from the front controller and authority etc.
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
$intFilter->UserIsSignedInOrRedirectToSignIn();
///////////////////////////////////////////////////////////////////////////////////////////////////
// Take care of input.
$idBook = isset($_GET['idBook']) ? $_GET['idBook'] : NULL;
$idChild = isset($_GET['idChild']) ? $_GET['idChild'] : NULL;
// Initiate aBook if we are going to generate a new account.
$aBook = array("", "", "", "", "", "");
///////////////////////////////////////////////////////////////////////////////////////////////////
// If $idBook has a value then idBook shall be edited. Get the old info.
$redirect = "my_page";
if ($idBook) {
$dbAccess = new CdbAccess();
$idBook = $dbAccess->WashParameter($idBook);
$tableBook = DB_PREFIX . 'Book';
$query = "SELECT * FROM {$tableBook} WHERE idBook = {$idBook};";
$result = $dbAccess->SingleQuery($query);
$aBook = $result->fetch_row();
$result->close();
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// Make a form for editing the book.
$mainTextHTML = <<<HTMLCode
<form action='?p=save_book' method='post'>
<table>
<tr><td>Boktitel</td>
<td><input type='text' name='nameBook' size='20' maxlength='20' value='{$aBook[1]}' /></td></tr>
<tr><td>
//
// PDelAccount.php
// Called by 'del_account' from index.php.
// This page deletes a user from all tables.
// Input: 'idUser'
// Output:
//
///////////////////////////////////////////////////////////////////////////////////////////////////
// Check that the page is reached from the front controller and authority etc.
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
$intFilter->UserIsSignedInOrRedirectToSignIn();
$intFilter->UserIsAuthorisedOrDie('adm');
///////////////////////////////////////////////////////////////////////////////////////////////////
// Prepare the database.
$dbAccess = new CdbAccess();
$tableUser = DB_PREFIX . 'User';
///////////////////////////////////////////////////////////////////////////////////////////////////
// Take care of input to the page.
$idUser = isset($_GET['id']) ? $_GET['id'] : NULL;
$idUser = $dbAccess->WashParameter($idUser);
if ($debugEnable) {
$debug .= "Input: idUser="******"<br /> \n";
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// Remove the user from all tables.
$totalStatements = 1;
$query = <<<QUERY
DELETE FROM {$tableUser} WHERE idUser = '******';
QUERY;
// Uppdate with code for removing everything related to the user.
$ePost->addRule('regex', 'Det är inte en korrekt e-postadress.', "/^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,4}\$/");
// Knappar
$buttons = $form->addGroup('buttons')->setSeparator(' ');
$buttons->addElement('image', 'submitButton', array('src' => '../images/b_enter.gif', 'title' => 'Skicka'));
$buttons->addElement('static', 'cancelButton')->setContent('<a title="Avbryt" href="?p=main" >
<img src="../images/b_cancel.gif" alt="Avbryt" /></a>');
/*
* Behandla informationen i formuläret.
*/
// Ta bort 'space' först och sist på alla värden.
$form->addRecursiveFilter('trim');
$mainTextHTML = "";
if ($form->validate()) {
// Om sidan är riktigt ifylld.
// Förbered databasen
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
//Tvätta inparametrarna.
$formValues = $form->getValue();
$eMailAdr = $dbAccess->WashParameter($formValues['ePost']);
// Skapa ett slumplösenord.
$min = 5;
// minimum length of password
$max = 10;
// maximum length of password
$pwd = "";
// to store generated password
for ($i = 0; $i < rand($min, $max); $i++) {
$num = rand(48, 122);
if ($num > 97 && $num < 122) {
$pwd .= chr($num);
// PEditChild.php
// Called by 'edit_child' from index.php.
// The page generates a form for editing details of a child. If no id is provided a new child is
// generated.
// From this page you are sent to PSaveChild and then to PMyPage.
// Input: 'id'
// Output: 'firstName', 'famillyNamn', 'birthDate', 'id', 'redirect' as POST.
//
///////////////////////////////////////////////////////////////////////////////////////////////////
// Check that the page is reached from the front controller and authority etc.
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
$intFilter->UserIsSignedInOrRedirectToSignIn();
///////////////////////////////////////////////////////////////////////////////////////////////////
// Prepare the database and clean input.
$dbAccess = new CdbAccess();
$tableChild = DB_PREFIX . 'Child';
$idChild = isset($_GET['id']) ? $_GET['id'] : NULL;
$idChild = $dbAccess->WashParameter($idChild);
if ($debugEnable) {
$debug .= "Input: id=" . $idChild . "<br /> \n";
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// Fetch the present information regarding the child if the child exists.
$aChild = array("", "", "", "", "", "");
// Initiate arrayUser if we are going to generate a new account.
if ($idChild) {
$query = "SELECT * FROM {$tableChild} WHERE idChild = {$idChild};";
$result = $dbAccess->SingleQuery($query);
$aChild = $result->fetch_row();
if ($debugEnable) {
/*
* Check if allowed to access.
* If $nextPage is not set, the page is not reached via the page controller.
* Then check if the viewer is signed in.
*/
if (!isset($nextPage)) {
die('Direct access to the page is not allowed.');
}
$intFilter = new CAccessControl();
$intFilter->UserIsSignedInOrRedirect();
$intFilter->UserIsAuthorisedOrDie('adm');
//Must be adm to access the page.
/*
* Prepare the data base.
*/
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
/*
* Handle input to the page.
*/
$accountPerson = isset($_POST['account']) ? $_POST['account'] : NULL;
$fornamnPerson = isset($_POST['fornamn']) ? $_POST['fornamn'] : NULL;
$efternamnPerson = isset($_POST['efternamn']) ? $_POST['efternamn'] : NULL;
$accountPerson = $dbAccess->WashParameter($accountPerson);
$fornamnPerson = $dbAccess->WashParameter($fornamnPerson);
$efternamnPerson = $dbAccess->WashParameter($efternamnPerson);
if ($debugEnable) {
$debug .= $accountPerson . $fornamnPerson . $efternamnPerson . "<br />\r\n";
}
/*
* Definiera query utifrån sökkriterie.
/*
* Check if allowed to access.
* If $nextPage is not set, the page is not reached via the page controller.
* Then check if the viewer is signed in.
*/
if (!isset($nextPage)) {
die('Direct access to the page is not allowed.');
}
$intFilter = new CAccessControl();
$intFilter->UserIsSignedInOrRedirect();
$intFilter->UserIsAuthorisedOrDie('adm');
//Must be adm to access the page.
/*
* Initiate the DB.
*/
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
$tableBostad = DB_PREFIX . 'Bostad';
$tableFunktionar = DB_PREFIX . 'Funktionar';
$tableMalsman = DB_PREFIX . 'Malsman';
$tableElev = DB_PREFIX . 'Elev';
$tableRelation = DB_PREFIX . 'Relation';
$tableBlogg = DB_PREFIX . 'Blogg';
$tableAlbum = DB_PREFIX . 'Album';
$tablePicture = DB_PREFIX . 'Picture';
$dumpFileName = "DB_dump.txt";
$delimiter = "¤";
$maxTextLength = 65535;
// Length of datatyp TEXT in MqSQL.
/*
* Open the file and add the title.
// PEditUser.php
// Called by 'edit_user' from index.php.
// The page generates a form for editing details of an user.
// From this page you are sent to PSaveUser and after that redirected to PShowUser.
// Input: 'id'
// Output: 'firstName', 'familyNamn', 'eMail1', 'eMail2', 'id', 'redirect' as POST.
//
///////////////////////////////////////////////////////////////////////////////////////////////////
// Check that the page is reached from the front controller and authority etc.
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
$intFilter->UserIsSignedInOrRedirectToSignIn();
$intFilter->UserIsAuthorisedOrDie('adm');
///////////////////////////////////////////////////////////////////////////////////////////////////
// Prepare the database and clean input.
$dbAccess = new CdbAccess();
$tableUser = DB_PREFIX . 'User';
$idUser = isset($_GET['id']) ? $_GET['id'] : NULL;
$idUser = $dbAccess->WashParameter($idUser);
if ($debugEnable) {
$debug .= "Input: id=" . $idUser . "<br /> \n";
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// Fetch the present information regarding the user.
$totalStatements = 1;
$query = <<<QUERY
SELECT * FROM {$tableUser} WHERE idUser = {$idUser};
QUERY;
$statements = $dbAccess->MultiQuery($query, $arrayResult);
if ($debugEnable) {
$debug .= "{$statements} statements av {$totalStatements} kördes.<br /> \n";
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
$intFilter->UserIsSignedInOrRedirectToSignIn();
$intFilter->UserIsAuthorisedOrDie('adm');
///////////////////////////////////////////////////////////////////////////////////////////////////
// Take care of input to the page.
//
$accountUser = isset($_POST['account']) ? $_POST['account'] : NULL;
$firstNameUser = isset($_POST['firstName']) ? $_POST['firstName'] : NULL;
$familyNameUser = isset($_POST['familyName']) ? $_POST['familyName'] : NULL;
if ($debugEnable) {
$debug .= $accountUser . $firstNameUser . $familyNameUser . "<br /> \n";
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// Query the database and clean input.
$dbAccess = new CdbAccess();
$tableUser = DB_PREFIX . 'User';
$accountUser = $dbAccess->WashParameter($accountUser);
$firstNameUser = $dbAccess->WashParameter($firstNameUser);
$familyNameUser = $dbAccess->WashParameter($familyNameUser);
$query = "SELECT * FROM {$tableUser} ";
if ($accountUser) {
$query .= "WHERE accountUser LIKE '%{$accountUser}%'";
} elseif ($familyNameUser) {
$query .= "WHERE familyNameUser LIKE '%{$familyNameUser}%'";
} elseif ($firstNameUser) {
$query .= "WHERE firstNameUser LIKE '%{$firstNameUser}%'";
}
$query .= " ORDER BY familyNameUser;";
$result = $dbAccess->SingleQuery($query);
///////////////////////////////////////////////////////////////////////////////////////////////////
* Input: 'id'
*/
/*
* Check if allowed to access.
* If $nextPage is not set, the page is not reached via the page controller.
* Then check if the viewer is signed in.
*/
if (!isset($nextPage)) {
die('Direct access to the page is not allowed.');
}
$intFilter = new CAccessControl();
$intFilter->UserIsSignedInOrRedirect();
/*
* Prepare the data base.
*/
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
$tableRelationon = DB_PREFIX . 'Relation';
/*
* Handle input to the page.
*/
$idPerson = isset($_GET['id']) ? $_GET['id'] : NULL;
$idPerson = $dbAccess->WashParameter($idPerson);
if ($debugEnable) {
$debug .= "Input: id=" . $idPerson . " Authority = " . $_SESSION['authorityUser'] . "<br />\r\n";
}
/*
* Kontrollera om personen har behörighet till sidan, d v s är personen på
* sidan, målsman till personen på sidan eller adm.
*/
$showPage = FALSE;
$intFilter->FrontControllerIsVisitedOrDie();
///////////////////////////////////////////////////////////////////////////////////////////////////
// Kill old sessions
$hitCounter = $_SESSION["hitCounter"];
//Spara hitCounter innan vi dödar sessionen.
require_once TP_SOURCEPATH . 'FDestroySession.php';
///////////////////////////////////////////////////////////////////////////////////////////////////
// Take care of input to the page.
$accountUser = isset($_POST['account']) ? $_POST['account'] : NULL;
$passwordUser = isset($_POST['password']) ? $_POST['password'] : NULL;
$redirect = isset($_POST['redirect']) ? $_POST['redirect'] : 'main';
if ($debugEnable) {
$debug .= "Input: account={$accountUser} password={$passwordUser} redirect={$redirect}<br /> \n";
}
// Prepare the database.
$dbAccess = new CdbAccess();
$tableUser = DB_PREFIX . 'User';
// Clean input.
$accountUser = $dbAccess->WashParameter($accountUser);
$passwordUser = $dbAccess->WashParameter($passwordUser);
///////////////////////////////////////////////////////////////////////////////////////////////////
// Check if an account with this password exists in the database and if so start a new session with
// userId, userPassword and authority.
$query = <<<Query
SELECT * FROM {$tableUser}
WHERE
\taccountUser = '******' AND
\tpasswordUser \t= md5('{$passwordUser}')
;
Query;
session_start();
/*
* Check if allowed to access.
* If $nextPage is not set, the page is not reached via the page controller.
* Then check if the viewer is signed in.
*/
if (!isset($nextPage)) {
die('Direct access to the page is not allowed.');
}
$intFilter = new CAccessControl();
$intFilter->UserIsSignedInOrRedirect();
$intFilter->UserIsAuthorisedOrDie('adm');
//Must be adm to access the page.
/*
* Prepare the data base.
*/
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
$tableBostad = DB_PREFIX . 'Bostad';
$tableFunktionar = DB_PREFIX . 'Funktionar';
$tableElev = DB_PREFIX . 'Elev';
$tableMalsman = DB_PREFIX . 'Malsman';
$tableRelation = DB_PREFIX . 'Relation';
$tableBlogg = DB_PREFIX . 'Blogg';
/*
* Handle input to the page.
*/
$idPerson = isset($_GET['id']) ? $_GET['id'] : NULL;
$idPerson = $dbAccess->WashParameter($idPerson);
if ($debugEnable) {
$debug .= "Input: idPerson=" . $idPerson . " Authority = " . $_SESSION['authorityUser'] . "<br />\r\n";
}
//
// PSaveBook.php
// Called by 'save_book' from index.php.
// The page saves a new or edited book title. If it's a new book a first page is also added.
// You are redirected to 'redirect'.
// Output: 'nameBook', 'idBook', 'idChild', 'redirect' as POST's.
// Output: 'id'
//
///////////////////////////////////////////////////////////////////////////////////////////////////
// Check that the page is reached from the front controller and authority etc.
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
$intFilter->UserIsSignedInOrRedirectToSignIn();
///////////////////////////////////////////////////////////////////////////////////////////////////
// Prepare the database.
$dbAccess = new CdbAccess();
$tableBook = DB_PREFIX . 'Book';
$tableChild = DB_PREFIX . 'Child';
$tablePage = DB_PREFIX . 'Page';
///////////////////////////////////////////////////////////////////////////////////////////////////
// Get input for the book and clean it.
$nameBook = isset($_POST['nameBook']) ? $_POST['nameBook'] : NULL;
$idBook = isset($_POST['idBook']) ? $_POST['idBook'] : NULL;
$idChild = isset($_POST['idChild']) ? $_POST['idChild'] : NULL;
$redirect = isset($_POST['redirect']) ? $_POST['redirect'] : NULL;
// Clean the input parameters.
$idBook = $dbAccess->WashParameter($idBook);
$idChild = $dbAccess->WashParameter($idChild);
$nameBook = $dbAccess->WashParameter(strip_tags($nameBook));
if ($idBook) {
// Edit an existing book
}
if (!$idAlbum) {
$_SESSION['ErrorMessage'] = "Inget album-id presenterades.";
header('Location: ' . WS_SITELINK . "?p=glry");
exit;
}
$mainTextHTML = "<div id='content'>";
if (isset($_POST['submitBtn'])) {
// If the submit button has been pressed, process the form information.
require_once 'src/maxImageUpload.class.php';
$maxPhoto = new maxImageUpload();
$result = TRUE;
$msg = "";
$error = "";
// Prepare the database.
$dbAccess = new CdbAccess();
$tablePicture = DB_PREFIX . 'Picture';
$tableAlbum = DB_PREFIX . 'Album';
// Get form values.
$namePicture = $dbAccess->WashParameter(strip_tags($_POST['mytitle']));
$descriptionPicture = $dbAccess->WashParameter(strip_tags($_POST['mydesc']));
// Register picture in DB and store the information.
$query = "\n INSERT INTO {$tablePicture} (\n picture_idAlbum, \n namePicture, \n descriptionPicture)\n VALUES (\n '{$idAlbum}', \n '{$namePicture}',\n '{$descriptionPicture}'\n );\n ";
$dbAccess->SingleQuery($query);
// Get the picture id.
$idPicture = $dbAccess->LastId();
if ($debugEnable) {
$debug .= "idPicture=" . $idPicture . " Type=" . $_FILES['myfile']['type'] . " Name=" . $_FILES['myfile']['name'] . "<br />\r\n";
}
//Check image type. Only jpeg images are allowed
if (strcasecmp($_FILES['myfile']['type'], 'image/pjpeg') && strcasecmp($_FILES['myfile']['type'], 'image/jpeg') && strcasecmp($_FILES['myfile']['type'], 'image/jpg')) {
/*
* Handle input to the page.
*/
$idPerson = isset($_GET['id']) ? $_GET['id'] : NULL;
if ($idPerson) {
$redirect = "show_usr&id=" . $idPerson;
} else {
$redirect = "srch_usr";
}
if ($debugEnable) {
$debug .= "Input: id=" . $idPerson . " Authority = " . $_SESSION['authorityUser'] . "<br />\r\n";
}
/*
* Prepare the data base.
*/
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
$tableElev = DB_PREFIX . 'Elev';
$viewMalsman = DB_PREFIX . 'ListaMalsman';
/*
* Om $idPerson har ett värde så ska en användare editeras. Hämta då den
* nuvarande informationen ur databasen.
*/
if ($idPerson) {
$idPerson = $dbAccess->WashParameter($idPerson);
$query = "SELECT * FROM {$tablePerson} WHERE idPerson = {$idPerson};";
$result = $dbAccess->SingleQuery($query);
$arrayPerson = $result->fetch_row();
$result->close();
} else {
// Nollställ alla parametrar om vi ska skapa en ny person.
//
// PSaveChild.php
// Called by 'save_child' from index.php.
// The page saves information for the child id.
// Input: 'firstName', 'famillyNamn', 'birthDate', 'id', 'redirect' as POST.
// Output:
//
///////////////////////////////////////////////////////////////////////////////////////////////////
// Check that the page is reached from the front controller and authority etc.
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
$intFilter->UserIsSignedInOrRedirectToSignIn();
///////////////////////////////////////////////////////////////////////////////////////////////////
// Prepare the database and clean input and query the database.
//
$dbAccess = new CdbAccess();
$tableChild = DB_PREFIX . 'Child';
$idChild = isset($_POST['id']) ? $_POST['id'] : NULL;
$firstNameChild = isset($_POST['firstName']) ? $_POST['firstName'] : NULL;
$famillyNameChild = isset($_POST['famillyName']) ? $_POST['famillyName'] : NULL;
$birthDateChild = isset($_POST['birthDate']) ? $_POST['birthDate'] : NULL;
$redirect = isset($_POST['redirect']) ? $_POST['redirect'] : NULL;
$idChild = $dbAccess->WashParameter($idChild);
$firstNameChild = $dbAccess->WashParameter(strip_tags($firstNameChild));
$famillyNameChild = $dbAccess->WashParameter(strip_tags($famillyNameChild));
$birthDateChild = $dbAccess->WashParameter(strip_tags($birthDateChild));
$idUser = $_SESSION['idUser'];
if ($idChild) {
// If the child exists check that it's the users child and update the database.
$query = "SELECT child_idUser FROM {$tableChild} WHERE idChild = {$idChild};";
$result = $dbAccess->SingleQuery($query);
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
$intFilter->UserIsSignedInOrRedirectToSignIn();
$intFilter->UserIsAuthorisedOrDie('fnk');
// Måste vara minst funktionär för att nå sidan.
///////////////////////////////////////////////////////////////////////////////////////////////////
// Input till sidan plus rensa bort HTML-taggar.
//
$idPost = isset($_GET['idPost']) ? $_GET['idPost'] : NULL;
$post_idPerson = $_SESSION['idUser'];
if ($debugEnable) {
$debug .= "Input: idPost=" . $idPost . ", post_idPerson=" . $post_idPerson . "<br /> \n";
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// Radera idPost från databasen om du är ägare eller adm.
$dbAccess = new CdbAccess();
$tableBlogg = DB_PREFIX . 'Blogg';
$idPost = $dbAccess->WashParameter($idPost);
// Kolla först om du är ägare till posten.
$query = "SELECT post_idPerson FROM {$tableBlogg} WHERE idPost = '{$idPost}'";
$result = $dbAccess->SingleQuery($query);
$row = $result->fetch_object();
$postOwner = $row->post_idPerson;
$result->close();
if ($_SESSION['idUser'] == $postOwner || $_SESSION['authorityUser'] == "adm") {
$query = "DELETE FROM {$tableBlogg} WHERE idPost = '{$idPost}'";
$dbAccess->SingleQuery($query);
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// Redirect to another page
//
* Input: 'id'
*/
/*
* Check if allowed to access.
* If $nextPage is not set, the page is not reached via the page controller.
* Then check if the viewer is signed in.
*/
if (!isset($nextPage)) {
die('Direct access to the page is not allowed.');
}
$intFilter = new CAccessControl();
$intFilter->UserIsSignedInOrRedirect();
/*
* Förbered databasen.
*/
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
$tableBostad = DB_PREFIX . 'Bostad';
$tableFunktionar = DB_PREFIX . 'Funktionar';
$tableElev = DB_PREFIX . 'Elev';
$tableMalsman = DB_PREFIX . 'Malsman';
$tableRelation = DB_PREFIX . 'Relation';
/*
* Tag hand om inparametrar till sidan.
*/
$idPerson = isset($_GET['id']) ? $_GET['id'] : NULL;
$idPerson = $dbAccess->WashParameter($idPerson);
if ($debugEnable) {
$debug .= "Input: id=" . $idPerson . " Authority = " . $_SESSION['authorityUser'] . "<br /> \n";
}
/*
*/
/*
* Check if allowed to access.
* If $nextPage is not set, the page is not reached via the page controller.
* Then check if the viewer is signed in.
*/
if (!isset($nextPage)) {
die('Direct access to the page is not allowed.');
}
$intFilter = new CAccessControl();
$intFilter->UserIsSignedInOrRedirect();
//$intFilter->UserIsAuthorisedOrDie('adm'); //Must be adm to access the page.
/*
* Prepare the database.
*/
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
$tableAlbum = DB_PREFIX . 'Album';
$tablePicture = DB_PREFIX . 'Picture';
/*
* Process input if exists.
*/
$idAlbum = isset($_GET['album']) ? $_GET['album'] : NULL;
$idPicture = isset($_GET['pict']) ? $_GET['pict'] : NULL;
$idAlbum = $dbAccess->WashParameter($idAlbum);
$idPicture = $dbAccess->WashParameter($idPicture);
if ($debugEnable) {
$debug .= "idAlbum=" . $idAlbum . " idPicture=" . $idPicture . "<br /> \r\n";
}
/*
* Update the DB.
// FillDb.php
// Called by 'fill_db' from index.php.
// Fills the database with information from the file DB_dump.txt.
//
// Input:
// Output:
//
///////////////////////////////////////////////////////////////////////////////////////////////////
// Check that the page is reached from the front controller and authority etc.
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
$intFilter->UserIsSignedInOrRedirectToSignIn();
$intFilter->UserIsAuthorisedOrDie('adm');
///////////////////////////////////////////////////////////////////////////////////////////////////
// Prepare the database
$dbAccess = new CdbAccess();
$tableUser = DB_PREFIX . 'User';
$tableChild = DB_PREFIX . 'Child';
$tableBook = DB_PREFIX . 'Book';
$tablePage = DB_PREFIX . 'Page';
$tableField = DB_PREFIX . 'Field';
$tableRelation = DB_PREFIX . 'Relation';
$delimiter = "¤";
// Open the file.
$dumpFileName = TP_DOCUMENTSPATH . "DB_dump.txt";
$fh = fopen($dumpFileName, "rt");
if ($debugEnable) {
$debug .= "dumpFileName = " . $dumpFileName . " fh=" . $fh . "<br /> \n";
}
$mainTextHTML = "<p>Databasen har från filen " . $dumpFileName . " fyllts med följande information:<p><br /> \n";
do {
$intFilter->UserIsSignedInOrRedirect();
$intFilter->UserIsAuthorisedOrDie('fnk');
///////////////////////////////////////////////////////////////////////////////////////////////////
// Input till sidan.
//
$idPost = isset($_POST['idPost']) ? $_POST['idPost'] : NULL;
$titelPost = isset($_POST['titelPost']) ? $_POST['titelPost'] : NULL;
$textPost = isset($_POST['textPost']) ? $_POST['textPost'] : NULL;
$internPost = isset($_POST['internPost']) ? $_POST['internPost'] : 0;
$post_idPerson = $_SESSION['idUser'];
if ($debugEnable) {
$debug .= "idPost=" . $idPost . " idPerson=" . $post_idPerson . " titelPost=" . $titelPost . " textPost=" . $textPost . " internPost=" . $internPost . "<br /> \n";
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// Uppdatera idPost om den är satt annars skapa ett nytt inlägg.
$dbAccess = new CdbAccess();
$tableBlogg = DB_PREFIX . 'Blogg';
$tidPost = time();
//Tvätta inparametrarna.
$idPost = $dbAccess->WashParameter($idPost);
$internPost = $dbAccess->WashParameter($internPost);
$tagsAllowed = '<h1><h2><h3><h4><h5><h6><p><a><br><i><em><b><strong><li><ol>
<ul><a><style><font><span><img>';
$titelPost = $dbAccess->WashParameter(strip_tags($titelPost));
$textPost = $dbAccess->WashParameter(strip_tags($textPost, $tagsAllowed));
if ($idPost) {
$query = <<<QUERY
UPDATE {$tableBlogg} SET
post_idPerson = '{$post_idPerson}',
titelPost = '{$titelPost}',
textPost = '{$textPost}',
/*
* Check if allowed to access.
* If $nextPage is not set, the page is not reached via the page controller.
* Then check if the viewer is signed in.
*/
if (!isset($nextPage)) {
die('Direct access to the page is not allowed.');
}
$intFilter = new CAccessControl();
$intFilter->UserIsSignedInOrRedirect();
$intFilter->UserIsAuthorisedOrDie('adm');
//Must be adm to access the page.
/*
* Initiate the DB.
*/
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
$tableBostad = DB_PREFIX . 'Bostad';
$tableFunktionar = DB_PREFIX . 'Funktionar';
$tableElev = DB_PREFIX . 'Elev';
$tableMalsman = DB_PREFIX . 'Malsman';
$tableRelation = DB_PREFIX . 'Relation';
$tableBlogg = DB_PREFIX . 'Blogg';
$viewMalsman = DB_PREFIX . 'ListaMalsman';
$tableAlbum = DB_PREFIX . 'Album';
$tablePicture = DB_PREFIX . 'Picture';
// $totalStatements must be edited manually. Count the statements in the
// query below and enter the number here. Only used for debug help.
$totalStatements = 21;
$query = <<<QUERY
// Nollställ alla parametrar om vi ska skapa en ny person.
$arrayPerson = array("", "", "", "", "", "");
///////////////////////////////////////////////////////////////////////////////////////////////////
// Kontrollera om personen har behörighet till sidan, d v s är personen på sidan, målsman till
// personen på sidan eller adm.
$showPage = FALSE;
if ($idPerson == $_SESSION['idUser']) {
$showPage = TRUE;
}
if ($_SESSION['authorityUser'] == "adm") {
$showPage = TRUE;
}
// Målsman kontrolleras längre ner.
///////////////////////////////////////////////////////////////////////////////////////////////////
// Hämta den nuvarande informationen ur databasen.
$dbAccess = new CdbAccess();
$idPerson = $dbAccess->WashParameter($idPerson);
$tablePerson = DB_PREFIX . 'Person';
$tableRelationon = DB_PREFIX . 'Relation';
$query = "SELECT * FROM {$tablePerson} WHERE idPerson = {$idPerson};";
$result = $dbAccess->SingleQuery($query);
$arrayPerson = $result->fetch_row();
$result->close();
///////////////////////////////////////////////////////////////////////////////////////////////////
// Kontrollera om SESSION idUser är målsman till idPerson.
$query = "SELECT * FROM {$tableRelationon} WHERE relation_idElev = {$idPerson};";
if ($result = $dbAccess->SingleQuery($query)) {
while ($row = $result->fetch_object()) {
if ($row->relation_idMalsman == $_SESSION['idUser']) {
$showPage = TRUE;
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// Check that the page is reached from the front controller and authority etc.
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
$intFilter->UserIsSignedInOrRedirectToSignIn();
$intFilter->UserIsAuthorisedOrDie('adm');
///////////////////////////////////////////////////////////////////////////////////////////////////
// Take care of input.
$idUser = isset($_GET['id']) ? $_GET['id'] : NULL;
// Initiate arrayUser if we are going to generate a new account.
$arrayUser = array("", "", "", "", "", "");
///////////////////////////////////////////////////////////////////////////////////////////////////
// If $idUser has a value then idUser shall be edited. Get the old info.
$redirect = "search_user";
if ($idUser) {
$dbAccess = new CdbAccess();
$idUser = $dbAccess->WashParameter($idUser);
$tableUser = DB_PREFIX . 'User';
$query = "SELECT * FROM {$tableUser} WHERE idUser = {$idUser};";
$result = $dbAccess->SingleQuery($query);
$arrayUser = $result->fetch_row();
$result->close();
$redirect = "show_user&id=" . $idUser;
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// Generate a random password.
$min = 5;
// minimum length of password
$max = 10;
// maximum length of password
$pwd = "";
// PSaveUser.php
// Called by 'save_user' from index.php.
// The page saves user information for idUser.
// Input: 'firstName', 'familyName', 'eMail1', 'eMail2', 'id', 'redirect' as POST.
// Output:
//
///////////////////////////////////////////////////////////////////////////////////////////////////
// Check that the page is reached from the front controller and authority etc.
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
$intFilter->UserIsSignedInOrRedirectToSignIn();
$intFilter->UserIsAuthorisedOrDie('adm');
///////////////////////////////////////////////////////////////////////////////////////////////////
// Prepare the database and clean input and query the database.
//
$dbAccess = new CdbAccess();
$tableUser = DB_PREFIX . 'User';
$idUser = isset($_POST['id']) ? $_POST['id'] : NULL;
$firstNameUser = isset($_POST['firstName']) ? $_POST['firstName'] : NULL;
$familyNameUser = isset($_POST['familyName']) ? $_POST['familyName'] : NULL;
$eMail1User = isset($_POST['eMail1']) ? $_POST['eMail1'] : NULL;
$eMail2User = isset($_POST['eMail2']) ? $_POST['eMail2'] : NULL;
$redirect = isset($_POST['redirect']) ? $_POST['redirect'] : NULL;
$idUser = $dbAccess->WashParameter($idUser);
$firstNameUser = $dbAccess->WashParameter(strip_tags($firstNameUser));
$familyNameUser = $dbAccess->WashParameter(strip_tags($familyNameUser));
$eMail1User = $dbAccess->WashParameter(strip_tags($eMail1User));
$eMail2User = $dbAccess->WashParameter(strip_tags($eMail2User));
$query = <<<QUERY
UPDATE {$tableUser} SET
firstNameUser = '******',
// PNewPassw2.php
// Anropas med 'new_passw2' från index.php.
// Sidan genererar ett nytt lösenord, lagrar det och skickar det till ePost om adressen finns i
// registret.
// Input: 'ePost' som POSTs.
//
///////////////////////////////////////////////////////////////////////////////////////////////////
//
// Kolla behörighet med mera.
//
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
///////////////////////////////////////////////////////////////////////////////////////////////////
// Förbered databasen.
//
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
///////////////////////////////////////////////////////////////////////////////////////////////////
// Hämta input och tvätta.
//
$ePost = isset($_POST['ePost']) ? $_POST['ePost'] : NULL;
$ePost = $dbAccess->WashParameter($ePost);
///////////////////////////////////////////////////////////////////////////////////////////////////
// Skapa ett slumplösenord.
$min = 5;
// minimum length of password
$max = 10;
// maximum length of password
$pwd = "";
// to store generated password
for ($i = 0; $i < rand($min, $max); $i++) {