예제 #1
0
/**
* This function is beign used to load info that's needed for the show_user page.
* Users can only browse their own user page, while mods/admins can browse all user pages. The current settings of the user being browsed will be loaded, as also their created tickets
* and this info will be returned so it can be used by the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function show_user()
{
    //if logged in
    if (WebUsers::isLoggedIn()) {
        //Users can only browse their own user page, while mods/admins can browse all user pages
        if (!isset($_GET['id']) || Ticket_User::isMod(unserialize($_SESSION['ticket_user'])) || $_GET['id'] == $_SESSION['id']) {
            if (isset($_GET['id'])) {
                $result['target_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
            } else {
                $result['target_id'] = $_SESSION['id'];
            }
            $webUser = new WebUsers($result['target_id']);
            $result['target_name'] = $webUser->getUsername();
            $result['mail'] = $webUser->getEmail();
            $info = $webUser->getInfo();
            $result['firstName'] = $info['FirstName'];
            $result['lastName'] = $info['LastName'];
            $result['country'] = $info['Country'];
            $result['gender'] = $info['Gender'];
            $ticket_user = Ticket_User::constr_ExternId($result['target_id']);
            $result['userPermission'] = $ticket_user->getPermission();
            if (Ticket_User::isAdmin(unserialize($_SESSION['ticket_user']))) {
                $result['isAdmin'] = "TRUE";
            }
            $ticketlist = Ticket::getTicketsOf($ticket_user->getTUserId());
            $result['ticketlist'] = Gui_Elements::make_table($ticketlist, array("getTId", "getTimestamp", "getTitle", "getStatus", "getStatusText", "getStatusText", "getCategoryName"), array("tId", "timestamp", "title", "status", "statustext", "statusText", "category"));
            global $INGAME_WEBPATH;
            $result['ingame_webpath'] = $INGAME_WEBPATH;
            return $result;
        } else {
            //ERROR: No access!
            $_SESSION['error_code'] = "403";
            header("Cache-Control: max-age=1");
            header("Location: index.php?page=error");
            throw new SystemExit();
        }
    } else {
        //ERROR: not logged in!
        header("Cache-Control: max-age=1");
        header("Location: index.php");
        throw new SystemExit();
    }
}
예제 #2
0
/**
* This function is beign used to change the users personal info.
* It will first check if the user who executed this function is the person of whom the information is or if it's a mod/admin. If this is not the case the page will be redirected to an error page.
* afterwards the current info will be loaded, which will be used to determine what to update. After updating the information, the settings template will be reloaded. Errors made by invalid data will be shown
* also after reloading the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function change_info()
{
    try {
        //if logged in
        if (WebUsers::isLoggedIn()) {
            if (isset($_POST['target_id'])) {
                // check if the user who executed this function is the person of whom the information is or if it's a mod/admin.
                if ($_POST['target_id'] == $_SESSION['id'] || Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
                    if ($_POST['target_id'] == $_SESSION['id']) {
                        //if the info is of the executing user himself
                        $target_username = $_SESSION['user'];
                    } else {
                        //if the info is from someone else.
                        $webUser = new WebUsers($_POST['target_id']);
                        $target_username = $webUser->getUsername();
                    }
                    $webUser = new WebUsers($_POST['target_id']);
                    //use current info to check for changes
                    $current_info = $webUser->getInfo();
                    $current_info['FirstName'] = filter_var($current_info['FirstName'], FILTER_SANITIZE_STRING);
                    $current_info['LastName'] = filter_var($current_info['LastName'], FILTER_SANITIZE_STRING);
                    $current_info['Country'] = filter_var($current_info['Country'], FILTER_SANITIZE_STRING);
                    $current_info['Gender'] = filter_var($current_info['Gender'], FILTER_SANITIZE_NUMBER_INT);
                    $updated = false;
                    $values = array();
                    $values['user'] = $target_username;
                    //make the query that will update the data.
                    $query = "UPDATE ams_user SET ";
                    if ($_POST['FirstName'] != "" && $_POST['FirstName'] != $current_info['FirstName']) {
                        $query = $query . "FirstName = :fName ";
                        $updated = true;
                        $values['fName'] = filter_var($_POST['FirstName'], FILTER_SANITIZE_STRING);
                    }
                    if ($_POST['LastName'] != "" && $_POST['LastName'] != $current_info['LastName']) {
                        if ($updated) {
                            $query = $query . ", LastName = :lName ";
                        } else {
                            $query = $query . "LastName = :lName ";
                        }
                        $updated = true;
                        $values['lName'] = filter_var($_POST['LastName'], FILTER_SANITIZE_STRING);
                    }
                    if ($_POST['Country'] != "AA" && $_POST['Country'] != $current_info['Country']) {
                        if ($updated) {
                            $query = $query . ", Country = :country ";
                        } else {
                            $query = $query . "Country = :country ";
                        }
                        $updated = true;
                        $values['country'] = filter_var($_POST['Country'], FILTER_SANITIZE_STRING);
                    }
                    if ($_POST['Gender'] != $current_info['Gender']) {
                        if ($updated) {
                            $query = $query . ", Gender = :gender ";
                        } else {
                            $query = $query . "Gender = :gender ";
                        }
                        $updated = true;
                        $values['gender'] = filter_var($_POST['Gender'], FILTER_SANITIZE_NUMBER_INT);
                    }
                    //finish the query!
                    $query = $query . "WHERE Login = :user";
                    //if some field is update then:
                    if ($updated) {
                        //execute the query in the web DB.
                        $dbw = new DBLayer("web");
                        $dbw->execute($query, $values);
                    }
                    //reload the settings inc function before recalling the settings template.
                    global $SITEBASE;
                    require_once $SITEBASE . '/inc/settings.php';
                    $result = settings();
                    if ($updated) {
                        $result['info_updated'] = "OK";
                    }
                    $result['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
                    $result['username'] = $_SESSION['user'];
                    $result['no_visible_elements'] = 'FALSE';
                    $result['target_id'] = $_POST['target_id'];
                    global $INGAME_WEBPATH;
                    $result['ingame_webpath'] = $INGAME_WEBPATH;
                    helpers::loadtemplate('settings', $result);
                    throw new SystemExit();
                } else {
                    //ERROR: permission denied!
                    $_SESSION['error_code'] = "403";
                    header("Cache-Control: max-age=1");
                    header("Location: index.php?page=error");
                    throw new SystemExit();
                }
            } else {
                //ERROR: The form was not filled in correclty
                header("Cache-Control: max-age=1");
                header("Location: index.php?page=settings");
                throw new SystemExit();
            }
        } else {
            //ERROR: user is not logged in
            header("Cache-Control: max-age=1");
            header("Location: index.php");
            throw new SystemExit();
        }
    } catch (PDOException $e) {
        //go to error page or something, because can't access website db
        print_r($e);
        throw new SystemExit();
    }
}