예제 #1
0
// Called by 'page' from index.php.
// This is the generik page in Min Bok that builds from the database.
// Input: 'idPage'
// Output:
//
///////////////////////////////////////////////////////////////////////////////////////////////////
// Check that the page is reached from the front controller and authority etc.
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
$intFilter->UserIsSignedInOrRedirectToSignIn();
///////////////////////////////////////////////////////////////////////////////////////////////////
// Take care of input.
$idPage = isset($_GET['idPage']) ? $_GET['idPage'] : NULL;
///////////////////////////////////////////////////////////////////////////////////////////////////
// Prepare database.
$dbAccess = new CdbAccess();
$tableChild = DB_PREFIX . 'Child';
$tableBook = DB_PREFIX . 'Book';
$tablePage = DB_PREFIX . 'Page';
$tableField = DB_PREFIX . 'Field';
$idPage = $dbAccess->WashParameter($idPage);
///////////////////////////////////////////////////////////////////////////////////////////////////
// Sheck if session id is approved to see the page and edit the page.
///////////////////////////////////////////////////////////////////////////////////////////////////
// Get info about this page.
$query = "SELECT * FROM {$tablePage} WHERE idPage = {$idPage};";
$result = $dbAccess->SingleQuery($query);
$row = $result->fetch_object();
$style = $row->stylePage;
$header = $row->headerPage;
$result->close();
예제 #2
0
}
$intFilter = new CAccessControl();
$intFilter->UserIsSignedInOrRedirect();
$redirect = "glry";
/*
 * Process input 'id' if exists.
 * Decide next page 'redirect' depending on if 'id' exists or not.
 */
$idAlbum = isset($_GET['id']) ? $_GET['id'] : NULL;
if ($debugEnable) {
    $debug .= "idAlbum: " . $idAlbum . "<br /> \r\n";
}
/*
 * Prepare the database.
 */
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
$tableAlbum = DB_PREFIX . 'Album';
$tablePicture = DB_PREFIX . 'Picture';
/*
 * If $idAlbum exists the DB will be updated. Get the existing info.
 */
if ($idAlbum) {
    $idAlbum = $dbAccess->WashParameter($idAlbum);
    $query = "SELECT * FROM {$tableAlbum} WHERE idAlbum = {$idAlbum};";
    $result = $dbAccess->SingleQuery($query);
    $arrayAlbum = $result->fetch_row();
    $result->close();
} else {
    // Clear all parameters if a new user will be created.
    $arrayAlbum = array("", "", "", "", "", "", "");
예제 #3
0
$intFilter->UserIsSignedInOrRedirect();
// Input idPicture.
$idPicture = isset($_GET['id']) ? $_GET['id'] : NULL;
$stylesheet = WS_STYLESHEET;
$mainTextHTML = <<<HTMLCode
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <link href="{$stylesheet}" rel="stylesheet" type="text/css" />
   <title> </title>
</head>
<body id="if">   
HTMLCode;
if ($idPicture) {
    // Prepare the database.
    $dbAccess = new CdbAccess();
    $tablePicture = DB_PREFIX . 'Picture';
    // Get picture information from the DB.
    $query = "SELECT * FROM {$tablePicture} WHERE idPicture = {$idPicture};";
    $result = $dbAccess->SingleQuery($query);
    $row = $result->fetch_object();
    $imageTitle = $row->namePicture;
    $imageDesc = nl2br($row->descriptionPicture);
    $normalImage = WS_PICTUREARCHIVE . PA_NORMALPREFIX . $idPicture . ".jpg";
    $mainTextHTML .= <<<HTMLCode
<img src='{$normalImage}' alt='a' /><br/>
<div id='imgInfo'>
    <h2>{$imageTitle}</h2>
    <p>{$imageDesc}</p>
</div>
HTMLCode;
예제 #4
0
 *
 */
/*
 * Check if allowed to access.
 * If $nextPage is not set, the page is not reached via the page controller.
 * Then check if the viewer is signed in.
 */
if (!isset($nextPage)) {
    die('Direct access to the page is not allowed.');
}
$intFilter = new CAccessControl();
$intFilter->UserIsSignedInOrRedirect();
/*
 * Prepare the database.
 */
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
$tableBostad = DB_PREFIX . 'Bostad';
$tableFunktionar = DB_PREFIX . 'Funktionar';
$tableElev = DB_PREFIX . 'Elev';
$tableMalsman = DB_PREFIX . 'Malsman';
$tableRelation = DB_PREFIX . 'Relation';
/*
 * Handle input to the page.
 */
$idPerson = isset($_GET['id']) ? $_GET['id'] : NULL;
$idPerson = $dbAccess->WashParameter($idPerson);
if ($debugEnable) {
    $debug .= "Input: id=" . $idPerson . " Authority = " . $_SESSION['authorityUser'] . "<br />\r\n";
}
/*
예제 #5
0
$intFilter->FrontControllerIsVisitedOrDie();
///////////////////////////////////////////////////////////////////////////////////////////////////
// Döda eventuella gamla sessioner.
$hitCounter = $_SESSION["hitCounter"];
//Spara hitCounter innan vi dödar sessionen.
require_once TP_SOURCE . 'FDestroySession.php';
///////////////////////////////////////////////////////////////////////////////////////////////////
// Ta hand om inparametrar till sidan.
$accountPerson = isset($_POST['account']) ? $_POST['account'] : NULL;
$passwordPerson = isset($_POST['password']) ? $_POST['password'] : NULL;
$redirect = isset($_POST['redirect']) ? $_POST['redirect'] : 'main';
if ($debugEnable) {
    $debug .= "Input: account={$accountPerson} password={$passwordPerson} redirect={$redirect}<br /> \n";
}
// Förbered databasen.
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
$tableFunktionar = DB_PREFIX . 'Funktionar';
// Tvätta inparametrarna.
$accountPerson = $dbAccess->WashParameter($accountPerson);
$passwordPerson = $dbAccess->WashParameter($passwordPerson);
///////////////////////////////////////////////////////////////////////////////////////////////////
// Kolla om account med det lösenordet finns i databasen och använd resultatet för att skapa en
// session med userId, userPassword och behörighet.
$query = <<<Query
SELECT * FROM {$tablePerson}
WHERE
\taccountPerson   = '{$accountPerson}' AND
\tpasswordPerson \t= md5('{$passwordPerson}')
;
Query;
예제 #6
0
///////////////////////////////////////////////////////////////////////////////////////////////////
// Check that the page is reached from the front controller and authority etc.
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
$intFilter->UserIsSignedInOrRedirectToSignIn();
///////////////////////////////////////////////////////////////////////////////////////////////////
// Take care of input.
$idBook = isset($_GET['idBook']) ? $_GET['idBook'] : NULL;
$idChild = isset($_GET['idChild']) ? $_GET['idChild'] : NULL;
// Initiate aBook if we are going to generate a new account.
$aBook = array("", "", "", "", "", "");
///////////////////////////////////////////////////////////////////////////////////////////////////
// If $idBook has a value then idBook shall be edited. Get the old info.
$redirect = "my_page";
if ($idBook) {
    $dbAccess = new CdbAccess();
    $idBook = $dbAccess->WashParameter($idBook);
    $tableBook = DB_PREFIX . 'Book';
    $query = "SELECT * FROM {$tableBook} WHERE idBook = {$idBook};";
    $result = $dbAccess->SingleQuery($query);
    $aBook = $result->fetch_row();
    $result->close();
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// Make a form for editing the book.
$mainTextHTML = <<<HTMLCode
<form action='?p=save_book' method='post'>
<table>
<tr><td>Boktitel</td>
<td><input type='text' name='nameBook' size='20' maxlength='20' value='{$aBook[1]}' /></td></tr>
<tr><td>
예제 #7
0
//
// PDelAccount.php
// Called by 'del_account' from index.php.
// This page deletes a user from all tables.
// Input: 'idUser'
// Output:
//
///////////////////////////////////////////////////////////////////////////////////////////////////
// Check that the page is reached from the front controller and authority etc.
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
$intFilter->UserIsSignedInOrRedirectToSignIn();
$intFilter->UserIsAuthorisedOrDie('adm');
///////////////////////////////////////////////////////////////////////////////////////////////////
// Prepare the database.
$dbAccess = new CdbAccess();
$tableUser = DB_PREFIX . 'User';
///////////////////////////////////////////////////////////////////////////////////////////////////
// Take care of input to the page.
$idUser = isset($_GET['id']) ? $_GET['id'] : NULL;
$idUser = $dbAccess->WashParameter($idUser);
if ($debugEnable) {
    $debug .= "Input: idUser="******"<br /> \n";
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// Remove the user from all tables.
$totalStatements = 1;
$query = <<<QUERY
DELETE FROM {$tableUser} WHERE idUser = '******';
QUERY;
// Uppdate with code for removing everything related to the user.
예제 #8
0
$ePost->addRule('regex', 'Det är inte en korrekt e-postadress.', "/^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,4}\$/");
// Knappar
$buttons = $form->addGroup('buttons')->setSeparator('&nbsp;');
$buttons->addElement('image', 'submitButton', array('src' => '../images/b_enter.gif', 'title' => 'Skicka'));
$buttons->addElement('static', 'cancelButton')->setContent('<a title="Avbryt" href="?p=main" >
        <img src="../images/b_cancel.gif" alt="Avbryt" /></a>');
/*
 * Behandla informationen i formuläret.
 */
// Ta bort 'space' först och sist på alla värden.
$form->addRecursiveFilter('trim');
$mainTextHTML = "";
if ($form->validate()) {
    // Om sidan är riktigt ifylld.
    // Förbered databasen
    $dbAccess = new CdbAccess();
    $tablePerson = DB_PREFIX . 'Person';
    //Tvätta inparametrarna.
    $formValues = $form->getValue();
    $eMailAdr = $dbAccess->WashParameter($formValues['ePost']);
    // Skapa ett slumplösenord.
    $min = 5;
    // minimum length of password
    $max = 10;
    // maximum length of password
    $pwd = "";
    // to store generated password
    for ($i = 0; $i < rand($min, $max); $i++) {
        $num = rand(48, 122);
        if ($num > 97 && $num < 122) {
            $pwd .= chr($num);
예제 #9
0
// PEditChild.php
// Called by 'edit_child' from index.php.
// The page generates a form for editing details of a child. If no id is provided a new child is
// generated.
// From this page you are sent to PSaveChild and then to PMyPage.
// Input: 'id'
// Output: 'firstName', 'famillyNamn', 'birthDate', 'id', 'redirect' as POST.
//
///////////////////////////////////////////////////////////////////////////////////////////////////
// Check that the page is reached from the front controller and authority etc.
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
$intFilter->UserIsSignedInOrRedirectToSignIn();
///////////////////////////////////////////////////////////////////////////////////////////////////
// Prepare the database and clean input.
$dbAccess = new CdbAccess();
$tableChild = DB_PREFIX . 'Child';
$idChild = isset($_GET['id']) ? $_GET['id'] : NULL;
$idChild = $dbAccess->WashParameter($idChild);
if ($debugEnable) {
    $debug .= "Input: id=" . $idChild . "<br /> \n";
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// Fetch the present information regarding the child if the child exists.
$aChild = array("", "", "", "", "", "");
// Initiate arrayUser if we are going to generate a new account.
if ($idChild) {
    $query = "SELECT * FROM {$tableChild} WHERE idChild = {$idChild};";
    $result = $dbAccess->SingleQuery($query);
    $aChild = $result->fetch_row();
    if ($debugEnable) {
예제 #10
0
/*
 * Check if allowed to access.
 * If $nextPage is not set, the page is not reached via the page controller.
 * Then check if the viewer is signed in.
 */
if (!isset($nextPage)) {
    die('Direct access to the page is not allowed.');
}
$intFilter = new CAccessControl();
$intFilter->UserIsSignedInOrRedirect();
$intFilter->UserIsAuthorisedOrDie('adm');
//Must be adm to access the page.
/*
 * Prepare the data base.
 */
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
/*
 * Handle input to the page.
 */
$accountPerson = isset($_POST['account']) ? $_POST['account'] : NULL;
$fornamnPerson = isset($_POST['fornamn']) ? $_POST['fornamn'] : NULL;
$efternamnPerson = isset($_POST['efternamn']) ? $_POST['efternamn'] : NULL;
$accountPerson = $dbAccess->WashParameter($accountPerson);
$fornamnPerson = $dbAccess->WashParameter($fornamnPerson);
$efternamnPerson = $dbAccess->WashParameter($efternamnPerson);
if ($debugEnable) {
    $debug .= $accountPerson . $fornamnPerson . $efternamnPerson . "<br />\r\n";
}
/*
 * Definiera query utifrån sökkriterie.
예제 #11
0
/*
 * Check if allowed to access.
 * If $nextPage is not set, the page is not reached via the page controller.
 * Then check if the viewer is signed in.
 */
if (!isset($nextPage)) {
    die('Direct access to the page is not allowed.');
}
$intFilter = new CAccessControl();
$intFilter->UserIsSignedInOrRedirect();
$intFilter->UserIsAuthorisedOrDie('adm');
//Must be adm to access the page.
/*
 * Initiate the DB.
 */
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
$tableBostad = DB_PREFIX . 'Bostad';
$tableFunktionar = DB_PREFIX . 'Funktionar';
$tableMalsman = DB_PREFIX . 'Malsman';
$tableElev = DB_PREFIX . 'Elev';
$tableRelation = DB_PREFIX . 'Relation';
$tableBlogg = DB_PREFIX . 'Blogg';
$tableAlbum = DB_PREFIX . 'Album';
$tablePicture = DB_PREFIX . 'Picture';
$dumpFileName = "DB_dump.txt";
$delimiter = "¤";
$maxTextLength = 65535;
// Length of datatyp TEXT in MqSQL.
/*
 * Open the file and add the title.
예제 #12
0
// PEditUser.php
// Called by 'edit_user' from index.php.
// The page generates a form for editing details of an user.
// From this page you are sent to PSaveUser and after that redirected to PShowUser.
// Input: 'id'
// Output: 'firstName', 'familyNamn', 'eMail1', 'eMail2', 'id', 'redirect' as POST.
//
///////////////////////////////////////////////////////////////////////////////////////////////////
// Check that the page is reached from the front controller and authority etc.
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
$intFilter->UserIsSignedInOrRedirectToSignIn();
$intFilter->UserIsAuthorisedOrDie('adm');
///////////////////////////////////////////////////////////////////////////////////////////////////
// Prepare the database and clean input.
$dbAccess = new CdbAccess();
$tableUser = DB_PREFIX . 'User';
$idUser = isset($_GET['id']) ? $_GET['id'] : NULL;
$idUser = $dbAccess->WashParameter($idUser);
if ($debugEnable) {
    $debug .= "Input: id=" . $idUser . "<br /> \n";
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// Fetch the present information regarding the user.
$totalStatements = 1;
$query = <<<QUERY
SELECT * FROM {$tableUser} WHERE idUser = {$idUser};
QUERY;
$statements = $dbAccess->MultiQuery($query, $arrayResult);
if ($debugEnable) {
    $debug .= "{$statements} statements av {$totalStatements} kördes.<br /> \n";
예제 #13
0
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
$intFilter->UserIsSignedInOrRedirectToSignIn();
$intFilter->UserIsAuthorisedOrDie('adm');
///////////////////////////////////////////////////////////////////////////////////////////////////
// Take care of input to the page.
//
$accountUser = isset($_POST['account']) ? $_POST['account'] : NULL;
$firstNameUser = isset($_POST['firstName']) ? $_POST['firstName'] : NULL;
$familyNameUser = isset($_POST['familyName']) ? $_POST['familyName'] : NULL;
if ($debugEnable) {
    $debug .= $accountUser . $firstNameUser . $familyNameUser . "<br /> \n";
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// Query the database and clean input.
$dbAccess = new CdbAccess();
$tableUser = DB_PREFIX . 'User';
$accountUser = $dbAccess->WashParameter($accountUser);
$firstNameUser = $dbAccess->WashParameter($firstNameUser);
$familyNameUser = $dbAccess->WashParameter($familyNameUser);
$query = "SELECT * FROM {$tableUser} ";
if ($accountUser) {
    $query .= "WHERE accountUser     LIKE '%{$accountUser}%'";
} elseif ($familyNameUser) {
    $query .= "WHERE familyNameUser LIKE '%{$familyNameUser}%'";
} elseif ($firstNameUser) {
    $query .= "WHERE firstNameUser   LIKE '%{$firstNameUser}%'";
}
$query .= " ORDER BY familyNameUser;";
$result = $dbAccess->SingleQuery($query);
///////////////////////////////////////////////////////////////////////////////////////////////////
예제 #14
0
 * Input: 'id'
 */
/*
 * Check if allowed to access.
 * If $nextPage is not set, the page is not reached via the page controller.
 * Then check if the viewer is signed in.
 */
if (!isset($nextPage)) {
    die('Direct access to the page is not allowed.');
}
$intFilter = new CAccessControl();
$intFilter->UserIsSignedInOrRedirect();
/*
 * Prepare the data base.
 */
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
$tableRelationon = DB_PREFIX . 'Relation';
/*
 * Handle input to the page.
 */
$idPerson = isset($_GET['id']) ? $_GET['id'] : NULL;
$idPerson = $dbAccess->WashParameter($idPerson);
if ($debugEnable) {
    $debug .= "Input: id=" . $idPerson . " Authority = " . $_SESSION['authorityUser'] . "<br />\r\n";
}
/*
 * Kontrollera om personen har behörighet till sidan, d v s är personen på 
 * sidan, målsman till personen på sidan eller adm.
 */
$showPage = FALSE;
예제 #15
0
$intFilter->FrontControllerIsVisitedOrDie();
///////////////////////////////////////////////////////////////////////////////////////////////////
// Kill old sessions
$hitCounter = $_SESSION["hitCounter"];
//Spara hitCounter innan vi dödar sessionen.
require_once TP_SOURCEPATH . 'FDestroySession.php';
///////////////////////////////////////////////////////////////////////////////////////////////////
// Take care of input to the page.
$accountUser = isset($_POST['account']) ? $_POST['account'] : NULL;
$passwordUser = isset($_POST['password']) ? $_POST['password'] : NULL;
$redirect = isset($_POST['redirect']) ? $_POST['redirect'] : 'main';
if ($debugEnable) {
    $debug .= "Input: account={$accountUser} password={$passwordUser} redirect={$redirect}<br /> \n";
}
// Prepare the database.
$dbAccess = new CdbAccess();
$tableUser = DB_PREFIX . 'User';
// Clean input.
$accountUser = $dbAccess->WashParameter($accountUser);
$passwordUser = $dbAccess->WashParameter($passwordUser);
///////////////////////////////////////////////////////////////////////////////////////////////////
// Check if an account with this password exists in the database and if so start a new session with
// userId, userPassword and authority.
$query = <<<Query
SELECT * FROM {$tableUser}
WHERE
\taccountUser   = '******' AND
\tpasswordUser \t= md5('{$passwordUser}')
;
Query;
session_start();
예제 #16
0
/*
 * Check if allowed to access.
 * If $nextPage is not set, the page is not reached via the page controller.
 * Then check if the viewer is signed in.
 */
if (!isset($nextPage)) {
    die('Direct access to the page is not allowed.');
}
$intFilter = new CAccessControl();
$intFilter->UserIsSignedInOrRedirect();
$intFilter->UserIsAuthorisedOrDie('adm');
//Must be adm to access the page.
/*
 * Prepare the data base.
 */
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
$tableBostad = DB_PREFIX . 'Bostad';
$tableFunktionar = DB_PREFIX . 'Funktionar';
$tableElev = DB_PREFIX . 'Elev';
$tableMalsman = DB_PREFIX . 'Malsman';
$tableRelation = DB_PREFIX . 'Relation';
$tableBlogg = DB_PREFIX . 'Blogg';
/*
 * Handle input to the page.
 */
$idPerson = isset($_GET['id']) ? $_GET['id'] : NULL;
$idPerson = $dbAccess->WashParameter($idPerson);
if ($debugEnable) {
    $debug .= "Input: idPerson=" . $idPerson . " Authority = " . $_SESSION['authorityUser'] . "<br />\r\n";
}
예제 #17
0
//
// PSaveBook.php
// Called by 'save_book' from index.php.
// The page saves a new or edited book title. If it's a new book a first page is also added.
// You are redirected to 'redirect'.
// Output: 'nameBook', 'idBook', 'idChild', 'redirect' as POST's.
// Output: 'id'
//
///////////////////////////////////////////////////////////////////////////////////////////////////
// Check that the page is reached from the front controller and authority etc.
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
$intFilter->UserIsSignedInOrRedirectToSignIn();
///////////////////////////////////////////////////////////////////////////////////////////////////
// Prepare the database.
$dbAccess = new CdbAccess();
$tableBook = DB_PREFIX . 'Book';
$tableChild = DB_PREFIX . 'Child';
$tablePage = DB_PREFIX . 'Page';
///////////////////////////////////////////////////////////////////////////////////////////////////
// Get input for the book and clean it.
$nameBook = isset($_POST['nameBook']) ? $_POST['nameBook'] : NULL;
$idBook = isset($_POST['idBook']) ? $_POST['idBook'] : NULL;
$idChild = isset($_POST['idChild']) ? $_POST['idChild'] : NULL;
$redirect = isset($_POST['redirect']) ? $_POST['redirect'] : NULL;
// Clean the input parameters.
$idBook = $dbAccess->WashParameter($idBook);
$idChild = $dbAccess->WashParameter($idChild);
$nameBook = $dbAccess->WashParameter(strip_tags($nameBook));
if ($idBook) {
    // Edit an existing book
예제 #18
0
}
if (!$idAlbum) {
    $_SESSION['ErrorMessage'] = "Inget album-id presenterades.";
    header('Location: ' . WS_SITELINK . "?p=glry");
    exit;
}
$mainTextHTML = "<div id='content'>";
if (isset($_POST['submitBtn'])) {
    // If the submit button has been pressed, process the form information.
    require_once 'src/maxImageUpload.class.php';
    $maxPhoto = new maxImageUpload();
    $result = TRUE;
    $msg = "";
    $error = "";
    // Prepare the database.
    $dbAccess = new CdbAccess();
    $tablePicture = DB_PREFIX . 'Picture';
    $tableAlbum = DB_PREFIX . 'Album';
    // Get form values.
    $namePicture = $dbAccess->WashParameter(strip_tags($_POST['mytitle']));
    $descriptionPicture = $dbAccess->WashParameter(strip_tags($_POST['mydesc']));
    // Register picture in DB and store the information.
    $query = "\n        INSERT INTO {$tablePicture} (\n            picture_idAlbum, \n            namePicture, \n            descriptionPicture)\n        VALUES (\n            '{$idAlbum}', \n            '{$namePicture}',\n            '{$descriptionPicture}'\n        );\n    ";
    $dbAccess->SingleQuery($query);
    // Get the picture id.
    $idPicture = $dbAccess->LastId();
    if ($debugEnable) {
        $debug .= "idPicture=" . $idPicture . " Type=" . $_FILES['myfile']['type'] . " Name=" . $_FILES['myfile']['name'] . "<br />\r\n";
    }
    //Check image type. Only jpeg images are allowed
    if (strcasecmp($_FILES['myfile']['type'], 'image/pjpeg') && strcasecmp($_FILES['myfile']['type'], 'image/jpeg') && strcasecmp($_FILES['myfile']['type'], 'image/jpg')) {
예제 #19
0
/*
 * Handle input to the page.
 */
$idPerson = isset($_GET['id']) ? $_GET['id'] : NULL;
if ($idPerson) {
    $redirect = "show_usr&id=" . $idPerson;
} else {
    $redirect = "srch_usr";
}
if ($debugEnable) {
    $debug .= "Input: id=" . $idPerson . " Authority = " . $_SESSION['authorityUser'] . "<br />\r\n";
}
/*
 * Prepare the data base.
 */
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
$tableElev = DB_PREFIX . 'Elev';
$viewMalsman = DB_PREFIX . 'ListaMalsman';
/*
 * Om $idPerson har ett värde så ska en användare editeras. Hämta då den 
 * nuvarande informationen ur databasen.
 */
if ($idPerson) {
    $idPerson = $dbAccess->WashParameter($idPerson);
    $query = "SELECT * FROM {$tablePerson} WHERE idPerson = {$idPerson};";
    $result = $dbAccess->SingleQuery($query);
    $arrayPerson = $result->fetch_row();
    $result->close();
} else {
    // Nollställ alla parametrar om vi ska skapa en ny person.
예제 #20
0
//
// PSaveChild.php
// Called by 'save_child' from index.php.
// The page saves information for the child id.
// Input: 'firstName', 'famillyNamn', 'birthDate', 'id', 'redirect' as POST.
// Output:
//
///////////////////////////////////////////////////////////////////////////////////////////////////
// Check that the page is reached from the front controller and authority etc.
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
$intFilter->UserIsSignedInOrRedirectToSignIn();
///////////////////////////////////////////////////////////////////////////////////////////////////
// Prepare the database and clean input and query the database.
//
$dbAccess = new CdbAccess();
$tableChild = DB_PREFIX . 'Child';
$idChild = isset($_POST['id']) ? $_POST['id'] : NULL;
$firstNameChild = isset($_POST['firstName']) ? $_POST['firstName'] : NULL;
$famillyNameChild = isset($_POST['famillyName']) ? $_POST['famillyName'] : NULL;
$birthDateChild = isset($_POST['birthDate']) ? $_POST['birthDate'] : NULL;
$redirect = isset($_POST['redirect']) ? $_POST['redirect'] : NULL;
$idChild = $dbAccess->WashParameter($idChild);
$firstNameChild = $dbAccess->WashParameter(strip_tags($firstNameChild));
$famillyNameChild = $dbAccess->WashParameter(strip_tags($famillyNameChild));
$birthDateChild = $dbAccess->WashParameter(strip_tags($birthDateChild));
$idUser = $_SESSION['idUser'];
if ($idChild) {
    // If the child exists check that it's the users child and update the database.
    $query = "SELECT child_idUser FROM {$tableChild} WHERE idChild = {$idChild};";
    $result = $dbAccess->SingleQuery($query);
예제 #21
0
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
$intFilter->UserIsSignedInOrRedirectToSignIn();
$intFilter->UserIsAuthorisedOrDie('fnk');
// Måste vara minst funktionär för att nå sidan.
///////////////////////////////////////////////////////////////////////////////////////////////////
// Input till sidan plus rensa bort HTML-taggar.
//
$idPost = isset($_GET['idPost']) ? $_GET['idPost'] : NULL;
$post_idPerson = $_SESSION['idUser'];
if ($debugEnable) {
    $debug .= "Input: idPost=" . $idPost . ", post_idPerson=" . $post_idPerson . "<br /> \n";
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// Radera idPost från databasen om du är ägare eller adm.
$dbAccess = new CdbAccess();
$tableBlogg = DB_PREFIX . 'Blogg';
$idPost = $dbAccess->WashParameter($idPost);
// Kolla först om du är ägare till posten.
$query = "SELECT post_idPerson FROM {$tableBlogg} WHERE idPost = '{$idPost}'";
$result = $dbAccess->SingleQuery($query);
$row = $result->fetch_object();
$postOwner = $row->post_idPerson;
$result->close();
if ($_SESSION['idUser'] == $postOwner || $_SESSION['authorityUser'] == "adm") {
    $query = "DELETE FROM {$tableBlogg} WHERE idPost  = '{$idPost}'";
    $dbAccess->SingleQuery($query);
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// Redirect to another page
//
예제 #22
0
 * Input: 'id'
 */
/*
 * Check if allowed to access.
 * If $nextPage is not set, the page is not reached via the page controller.
 * Then check if the viewer is signed in.
 */
if (!isset($nextPage)) {
    die('Direct access to the page is not allowed.');
}
$intFilter = new CAccessControl();
$intFilter->UserIsSignedInOrRedirect();
/*
 * Förbered databasen.
 */
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
$tableBostad = DB_PREFIX . 'Bostad';
$tableFunktionar = DB_PREFIX . 'Funktionar';
$tableElev = DB_PREFIX . 'Elev';
$tableMalsman = DB_PREFIX . 'Malsman';
$tableRelation = DB_PREFIX . 'Relation';
/*
 * Tag hand om inparametrar till sidan.
 */
$idPerson = isset($_GET['id']) ? $_GET['id'] : NULL;
$idPerson = $dbAccess->WashParameter($idPerson);
if ($debugEnable) {
    $debug .= "Input: id=" . $idPerson . " Authority = " . $_SESSION['authorityUser'] . "<br /> \n";
}
/*
예제 #23
0
 */
/*
 * Check if allowed to access.
 * If $nextPage is not set, the page is not reached via the page controller.
 * Then check if the viewer is signed in.
 */
if (!isset($nextPage)) {
    die('Direct access to the page is not allowed.');
}
$intFilter = new CAccessControl();
$intFilter->UserIsSignedInOrRedirect();
//$intFilter->UserIsAuthorisedOrDie('adm'); //Must be adm to access the page.
/*
 * Prepare the database.
 */
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
$tableAlbum = DB_PREFIX . 'Album';
$tablePicture = DB_PREFIX . 'Picture';
/*
 * Process input if exists.
 */
$idAlbum = isset($_GET['album']) ? $_GET['album'] : NULL;
$idPicture = isset($_GET['pict']) ? $_GET['pict'] : NULL;
$idAlbum = $dbAccess->WashParameter($idAlbum);
$idPicture = $dbAccess->WashParameter($idPicture);
if ($debugEnable) {
    $debug .= "idAlbum=" . $idAlbum . " idPicture=" . $idPicture . "<br /> \r\n";
}
/*
 * Update the DB.
예제 #24
0
// FillDb.php
// Called by 'fill_db' from index.php.
// Fills the database with information from the file DB_dump.txt.
//
// Input:
// Output:
//
///////////////////////////////////////////////////////////////////////////////////////////////////
// Check that the page is reached from the front controller and authority etc.
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
$intFilter->UserIsSignedInOrRedirectToSignIn();
$intFilter->UserIsAuthorisedOrDie('adm');
///////////////////////////////////////////////////////////////////////////////////////////////////
// Prepare the database
$dbAccess = new CdbAccess();
$tableUser = DB_PREFIX . 'User';
$tableChild = DB_PREFIX . 'Child';
$tableBook = DB_PREFIX . 'Book';
$tablePage = DB_PREFIX . 'Page';
$tableField = DB_PREFIX . 'Field';
$tableRelation = DB_PREFIX . 'Relation';
$delimiter = "¤";
// Open the file.
$dumpFileName = TP_DOCUMENTSPATH . "DB_dump.txt";
$fh = fopen($dumpFileName, "rt");
if ($debugEnable) {
    $debug .= "dumpFileName = " . $dumpFileName . " fh=" . $fh . "<br /> \n";
}
$mainTextHTML = "<p>Databasen har från filen " . $dumpFileName . " fyllts med följande information:<p><br /> \n";
do {
예제 #25
0
$intFilter->UserIsSignedInOrRedirect();
$intFilter->UserIsAuthorisedOrDie('fnk');
///////////////////////////////////////////////////////////////////////////////////////////////////
// Input till sidan.
//
$idPost = isset($_POST['idPost']) ? $_POST['idPost'] : NULL;
$titelPost = isset($_POST['titelPost']) ? $_POST['titelPost'] : NULL;
$textPost = isset($_POST['textPost']) ? $_POST['textPost'] : NULL;
$internPost = isset($_POST['internPost']) ? $_POST['internPost'] : 0;
$post_idPerson = $_SESSION['idUser'];
if ($debugEnable) {
    $debug .= "idPost=" . $idPost . " idPerson=" . $post_idPerson . " titelPost=" . $titelPost . " textPost=" . $textPost . " internPost=" . $internPost . "<br /> \n";
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// Uppdatera idPost om den är satt annars skapa ett nytt inlägg.
$dbAccess = new CdbAccess();
$tableBlogg = DB_PREFIX . 'Blogg';
$tidPost = time();
//Tvätta inparametrarna.
$idPost = $dbAccess->WashParameter($idPost);
$internPost = $dbAccess->WashParameter($internPost);
$tagsAllowed = '<h1><h2><h3><h4><h5><h6><p><a><br><i><em><b><strong><li><ol>
    <ul><a><style><font><span><img>';
$titelPost = $dbAccess->WashParameter(strip_tags($titelPost));
$textPost = $dbAccess->WashParameter(strip_tags($textPost, $tagsAllowed));
if ($idPost) {
    $query = <<<QUERY
UPDATE {$tableBlogg} SET
    post_idPerson = '{$post_idPerson}',
    titelPost     = '{$titelPost}',
    textPost      = '{$textPost}',
예제 #26
0
/*
 * Check if allowed to access.
 * If $nextPage is not set, the page is not reached via the page controller.
 * Then check if the viewer is signed in.
 */
if (!isset($nextPage)) {
    die('Direct access to the page is not allowed.');
}
$intFilter = new CAccessControl();
$intFilter->UserIsSignedInOrRedirect();
$intFilter->UserIsAuthorisedOrDie('adm');
//Must be adm to access the page.
/*
 * Initiate the DB.
 */
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
$tableBostad = DB_PREFIX . 'Bostad';
$tableFunktionar = DB_PREFIX . 'Funktionar';
$tableElev = DB_PREFIX . 'Elev';
$tableMalsman = DB_PREFIX . 'Malsman';
$tableRelation = DB_PREFIX . 'Relation';
$tableBlogg = DB_PREFIX . 'Blogg';
$viewMalsman = DB_PREFIX . 'ListaMalsman';
$tableAlbum = DB_PREFIX . 'Album';
$tablePicture = DB_PREFIX . 'Picture';
// $totalStatements must be edited manually. Count the statements in the
// query below and enter the number here. Only used for debug help.
$totalStatements = 21;
$query = <<<QUERY
예제 #27
0
// Nollställ alla parametrar om vi ska skapa en ny person.
$arrayPerson = array("", "", "", "", "", "");
///////////////////////////////////////////////////////////////////////////////////////////////////
// Kontrollera om personen har behörighet till sidan, d v s är personen på sidan, målsman till
// personen på sidan eller adm.
$showPage = FALSE;
if ($idPerson == $_SESSION['idUser']) {
    $showPage = TRUE;
}
if ($_SESSION['authorityUser'] == "adm") {
    $showPage = TRUE;
}
// Målsman kontrolleras längre ner.
///////////////////////////////////////////////////////////////////////////////////////////////////
// Hämta den nuvarande informationen ur databasen.
$dbAccess = new CdbAccess();
$idPerson = $dbAccess->WashParameter($idPerson);
$tablePerson = DB_PREFIX . 'Person';
$tableRelationon = DB_PREFIX . 'Relation';
$query = "SELECT * FROM {$tablePerson} WHERE idPerson = {$idPerson};";
$result = $dbAccess->SingleQuery($query);
$arrayPerson = $result->fetch_row();
$result->close();
///////////////////////////////////////////////////////////////////////////////////////////////////
// Kontrollera om SESSION idUser är målsman till idPerson.
$query = "SELECT * FROM {$tableRelationon} WHERE relation_idElev = {$idPerson};";
if ($result = $dbAccess->SingleQuery($query)) {
    while ($row = $result->fetch_object()) {
        if ($row->relation_idMalsman == $_SESSION['idUser']) {
            $showPage = TRUE;
        }
예제 #28
0
///////////////////////////////////////////////////////////////////////////////////////////////////
// Check that the page is reached from the front controller and authority etc.
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
$intFilter->UserIsSignedInOrRedirectToSignIn();
$intFilter->UserIsAuthorisedOrDie('adm');
///////////////////////////////////////////////////////////////////////////////////////////////////
// Take care of input.
$idUser = isset($_GET['id']) ? $_GET['id'] : NULL;
// Initiate arrayUser if we are going to generate a new account.
$arrayUser = array("", "", "", "", "", "");
///////////////////////////////////////////////////////////////////////////////////////////////////
// If $idUser has a value then idUser shall be edited. Get the old info.
$redirect = "search_user";
if ($idUser) {
    $dbAccess = new CdbAccess();
    $idUser = $dbAccess->WashParameter($idUser);
    $tableUser = DB_PREFIX . 'User';
    $query = "SELECT * FROM {$tableUser} WHERE idUser = {$idUser};";
    $result = $dbAccess->SingleQuery($query);
    $arrayUser = $result->fetch_row();
    $result->close();
    $redirect = "show_user&amp;id=" . $idUser;
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// Generate a random password.
$min = 5;
// minimum length of password
$max = 10;
// maximum length of password
$pwd = "";
예제 #29
0
// PSaveUser.php
// Called by 'save_user' from index.php.
// The page saves user information for idUser.
// Input: 'firstName', 'familyName', 'eMail1', 'eMail2', 'id', 'redirect' as POST.
// Output:
//
///////////////////////////////////////////////////////////////////////////////////////////////////
// Check that the page is reached from the front controller and authority etc.
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
$intFilter->UserIsSignedInOrRedirectToSignIn();
$intFilter->UserIsAuthorisedOrDie('adm');
///////////////////////////////////////////////////////////////////////////////////////////////////
// Prepare the database and clean input and query the database.
//
$dbAccess = new CdbAccess();
$tableUser = DB_PREFIX . 'User';
$idUser = isset($_POST['id']) ? $_POST['id'] : NULL;
$firstNameUser = isset($_POST['firstName']) ? $_POST['firstName'] : NULL;
$familyNameUser = isset($_POST['familyName']) ? $_POST['familyName'] : NULL;
$eMail1User = isset($_POST['eMail1']) ? $_POST['eMail1'] : NULL;
$eMail2User = isset($_POST['eMail2']) ? $_POST['eMail2'] : NULL;
$redirect = isset($_POST['redirect']) ? $_POST['redirect'] : NULL;
$idUser = $dbAccess->WashParameter($idUser);
$firstNameUser = $dbAccess->WashParameter(strip_tags($firstNameUser));
$familyNameUser = $dbAccess->WashParameter(strip_tags($familyNameUser));
$eMail1User = $dbAccess->WashParameter(strip_tags($eMail1User));
$eMail2User = $dbAccess->WashParameter(strip_tags($eMail2User));
$query = <<<QUERY
UPDATE {$tableUser} SET 
    firstNameUser   = '******',
예제 #30
0
// PNewPassw2.php
// Anropas med 'new_passw2' från index.php.
// Sidan genererar ett nytt lösenord, lagrar det och skickar det till ePost om adressen finns i
// registret.
// Input: 'ePost' som POSTs.
//
///////////////////////////////////////////////////////////////////////////////////////////////////
//
// Kolla behörighet med mera.
//
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
///////////////////////////////////////////////////////////////////////////////////////////////////
// Förbered databasen.
//
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
///////////////////////////////////////////////////////////////////////////////////////////////////
// Hämta input och tvätta.
//
$ePost = isset($_POST['ePost']) ? $_POST['ePost'] : NULL;
$ePost = $dbAccess->WashParameter($ePost);
///////////////////////////////////////////////////////////////////////////////////////////////////
// Skapa ett slumplösenord.
$min = 5;
// minimum length of password
$max = 10;
// maximum length of password
$pwd = "";
// to store generated password
for ($i = 0; $i < rand($min, $max); $i++) {