예제 #1
0
 public function removeProgramChair()
 {
     $user = new User_model();
     if (!$user->loadPropertiesFromPrimaryKey($_SESSION['UserID']) || !$user->isAdmin()) {
         header("Content-type: text/plain", true, 403);
         echo "Invalid session user credentials";
         return;
     }
     if (!isset($_POST['userid'])) {
         header("Content-type: text/plain", true, 400);
         echo "Missing User ID";
         return;
     }
     $m_user = new User_model();
     if (!$m_user->loadPropertiesFromPrimaryKey($_POST['userid'])) {
         header("Content-type: text/plain", true, 400);
         echo "Invalid User ID";
         return;
     }
     if ($m_user->isProgramChair()) {
         $m_user->removeRole(User_model::ROLE_PROGRAM_CHAIR);
     }
     header("Content-type: text/plain", true, 200);
     echo " ";
 }
예제 #2
0
 public function submit()
 {
     $user = new User_model();
     if (!$user->loadPropertiesFromPrimaryKey($_SESSION['UserID'])) {
         redirect('Login/logout');
     }
     if (!$user->isAdmin()) {
         header("Content-type: text/plain", true, 401);
         echo "Unauthorized access";
         return;
     }
     // Check $_FILES['upfile']['error'] value.
     switch ($_FILES['boss_file']['error']) {
         case UPLOAD_ERR_OK:
             break;
         case UPLOAD_ERR_NO_FILE:
             header("Content-type: text/plain", true, 400);
             echo "No file sent";
             return;
         case UPLOAD_ERR_INI_SIZE:
         case UPLOAD_ERR_FORM_SIZE:
             header("Content-type: text/plain", true, 400);
             echo "Exceeded file size limit";
             return;
         default:
             header("Content-type: text/plain", true, 500);
             echo "Unknown error occurred";
             return;
     }
     // You should also check filesize here.
     if ($_FILES['boss_file']['size'] > self::MAX_FILE_SIZE) {
         header("Content-type: text/plain", true, 400);
         echo "Exceeded file size limit";
         return;
     }
     $file_name = hash("md5", time() . $_FILES['boss_file']['tmp_name']);
     $file_path = self::UPLOAD_FILE_DIR . "/" . $file_name . ".txt";
     if (!move_uploaded_file($_FILES['boss_file']['tmp_name'], $file_path)) {
         header("Content-type: text/plain", true, 500);
         echo "Failed to move uploaded file";
         return;
     }
     include_once 'application/libraries/boss_import/ParserServerTest.php';
     $result = ParseFile($file_path);
     // In future, possibly check to make sure file was successfully deleted here
     unlink($file_path);
     if ($result == null) {
         header("Content-type: text/plain", true, 200);
         echo "Success";
     } else {
         header("Content-type: text/plain", true, 400);
         echo $result;
     }
 }
예제 #3
0
 public function submit()
 {
     $user = new User_model();
     if (!$user->loadPropertiesFromPrimaryKey($_SESSION['UserID'])) {
         redirect('Login/logout');
     }
     if (!$user->isAdmin()) {
         header("Content-type: text/plain", true, 401);
         echo "Unauthorized access";
         return;
     }
     if (!isset($_POST['year']) || !isset($_POST['quarter'])) {
         header("Content-type: text/plain", true, 400);
         echo "Missing required academic quarter information";
         return;
     }
     $academic_quarter = new Academic_quarter_model();
     if (!$academic_quarter->loadPropertiesFromNameAndYear($_POST['quarter'], $_POST['year'])) {
         $academic_quarter->setName($_POST['quarter']);
         $academic_quarter->setYear($_POST['year']);
         if (!$academic_quarter->create()) {
             header("Content-type: text/plain", true, 500);
             echo "Unable to load academic quarter";
             return;
         }
     }
     // Check $_FILES['upfile']['error'] value.
     switch ($_FILES['boss_file']['error']) {
         case UPLOAD_ERR_OK:
             break;
         case UPLOAD_ERR_NO_FILE:
             header("Content-type: text/plain", true, 400);
             echo "No file sent";
             return;
         case UPLOAD_ERR_INI_SIZE:
         case UPLOAD_ERR_FORM_SIZE:
             header("Content-type: text/plain", true, 400);
             echo "Exceeded file size limit";
             return;
         default:
             header("Content-type: text/plain", true, 500);
             echo "Unknown error occurred";
             return;
     }
     // You should also check filesize here.
     if ($_FILES['boss_file']['size'] > self::MAX_FILE_SIZE) {
         header("Content-type: text/plain", true, 400);
         echo "Exceeded file size limit";
         return;
     }
     $file_name = hash("md5", time() . $_FILES['boss_file']['tmp_name']);
     $file_path = self::UPLOAD_FILE_DIR . "/" . $file_name . ".txt";
     if (!move_uploaded_file($_FILES['boss_file']['tmp_name'], $file_path)) {
         header("Content-type: text/plain", true, 500);
         echo "Failed to move uploaded file";
         return;
     }
     $result = self::parseFutureCourseOfferingsFile($file_path, $academic_quarter->getAcademicQuarterID());
     // In future, possibly check to make sure file was successfully deleted here
     unlink($file_path);
     if ($result == null) {
         header("Content-type: text/plain", true, 200);
         echo "Success";
     } else {
         header("Content-type: text/plain", true, 400);
         echo $result;
     }
 }
예제 #4
0
 public function admin()
 {
     //Load the admin mainpage if user is a admin
     if (!isset($_SESSION['UserID'])) {
         redirect('Login/logout');
     }
     $user = new User_model();
     if (!$user->loadPropertiesFromPrimaryKey($_SESSION['UserID'])) {
         redirect('Login/logout');
     }
     if ($user->isAdmin()) {
         $this->load->view('MainPages/admin_main_page', array('user' => $user));
     } else {
         index();
     }
 }
예제 #5
0
 public function submit()
 {
     $user = new User_model();
     if (!$user->loadPropertiesFromPrimaryKey($_SESSION['UserID'])) {
         redirect('Login/logout');
     }
     if (!$user->isAdmin()) {
         header("Content-type: text/plain", true, 401);
         echo "Unauthorized access";
         return;
     }
     // Check $_FILES['upfile']['error'] value.
     switch ($_FILES['boss_file']['error']) {
         case UPLOAD_ERR_OK:
             break;
         case UPLOAD_ERR_NO_FILE:
             header("Content-type: text/plain", true, 400);
             echo "No file sent";
             return;
         case UPLOAD_ERR_INI_SIZE:
         case UPLOAD_ERR_FORM_SIZE:
             header("Content-type: text/plain", true, 400);
             echo "Exceeded file size limit";
             return;
         default:
             header("Content-type: text/plain", true, 500);
             echo "Unknown error occurred";
             return;
     }
     // You should also check filesize here.
     if ($_FILES['boss_file']['size'] > self::MAX_FILE_SIZE) {
         header("Content-type: text/plain", true, 400);
         echo "Exceeded file size limit";
         return;
     }
     $file_name = hash("md5", time() . $_FILES['boss_file']['tmp_name']);
     $file_path = self::BACKUP_FILE_DIR . "/" . $file_name . ".backup";
     if (!move_uploaded_file($_FILES['boss_file']['tmp_name'], $file_path)) {
         header("Content-type: text/plain", true, 500);
         echo "Failed to move uploaded file";
         return;
     }
     if ($result == null) {
         header("Content-type: text/plain", true, 200);
         echo "Success";
     } else {
         header("Content-type: text/plain", true, 400);
         echo $result;
     }
 }
예제 #6
0
파일: User.php 프로젝트: Troutzorz/csapp
 private function checkSec()
 {
     //todo change this to false to enable security.
     $authorized = false;
     if (isset($_SESSION['UserID'])) {
         $userID = $_SESSION['UserID'];
         $loggedInUser = new User_model();
         if ($loggedInUser->loadPropertiesFromPrimaryKey($userID)) {
             if ($loggedInUser->isAdmin() || $loggedInUser->isProgramChair()) {
                 $authorized = true;
             }
         }
     }
     if (!$authorized) {
         redirect('Login/logout');
     }
 }