<?php fSession::open(); $idUser = fSession::get(SESSION_ID_USER); if (empty($idUser) || !fAuthorization::checkACL('news', 'delete')) { header('Location: ' . SITE); exit("No se ha podido acceder a esta secci&oacite;n"); } $id = fRequest::encode('id', 'string'); if (strstr($id, ",")) { fORMDatabase::retrieve()->query("DELETE FROM economic_units WHERE economic_unit_id IN ({$id})"); } else { $author = new EconomicUnit($id); $author->delete(); } fORMDatabase::retrieve()->query("DELETE FROM economic_units_has_economic_unit_categories WHERE economic_units_economic_unit_id IN ({$id})");
<?php fSession::open(); $idUser = fSession::get(SESSION_ID_USER); if (empty($idUser) || !fAuthorization::checkACL('banner', 'add')) { if (empty($idUser)) { header('Location: ' . SITE); exit("No se ha podido acceder a esta secci&oacite;n"); } } //echo fRequest::encode('id_zone','integer'); //echo fRequest::encode('id_section','integer'); /* * Add Article */ $banner = new Banner(); $banner->setId_zone(fRequest::encode('id_zone', 'integer')); $banner->setLink(fRequest::encode('link', 'string')); $banner->setOrder(fRequest::encode('order', 'integer')); $banner->setId_section(fRequest::encode('id_section', 'integer')); /* Limited By User Permissions */ $banner->setStatus(fRequest::get('id_state', 'integer')); try { $banner->store(); } catch (Exception $e) { exit("Ha ocurrido un error."); } $lastId = $banner->prepareIdBanner(); /* * Add Region * Limited By User Permissions
<?php $typeOfUser = fAuthorization::checkAuthLevel('super'); $where = " WHERE "; $canEdit = fAuthorization::checkACL('banner', 'edit'); $canDelete = fAuthorization::checkACL('banner', 'delete'); $section = 'banners'; $section_id = 1; $sub = 'list'; $query = fRequest::encode('query', 'string'); ?> <?php $limit = fRequest::encode('limit', 'integer'); $page = fRequest::encode('p', 'integer'); if ($page < 1) { exit; } $start = ($page - 1) * $limit; //echo $start; echo $page; $banners = fRecordSet::buildFromSQL('Banner', "SELECT * FROM banner {$where} (link LIKE '%{$query}%' OR id_section IN (SELECT id_section FROM section WHERE name LIKE '%{$query}%')) LIMIT {$start},{$limit}", "SELECT count(*) FROM banner {$where} (link LIKE '%{$query}%' OR id_section IN (SELECT id_section FROM section WHERE name LIKE '%{$query}%'))", $limit, $page); $p = new Pagination($banners->getPages(), $banners->getPage(), 3); $pagination = $p->getPaginationLinks(); ?> <center> <table class="contenttoc" style="width:auto; float:left"> <tr> <th> <input type="checkbox" name="check" id="check" /> </th> <th> Imagen </th> <th> Link </th> <th> Seccióln </th>
<?php fSession::open(); $idUser = fSession::get(SESSION_ID_USER); if (empty($idUser) || !fAuthorization::checkACL('geolocation', 'edit')) { exit("No se ha podido acceder a esta secci&oacite;n"); } $id = fRequest::encode('id', 'integer'); if (empty($id)) { exit("Ha ocurrido un error"); } if (!fAuthorization::checkAuthLevel('super')) { $isOwner = fRecordSet::build('EconomicUnit', array('economic_unit_id =' => $id, 'economic_unit_region=' => fSession::get('regs'))); $count = $isxOwner->count() > 0; if (!$count) { header('Location: ' . SITE); } } try { $av = new EconomicUnit($id); } catch (Exception $e) { header("Location: " . SITE); } $av->setEconomicUnitName(fRequest::encode('title', 'string')); //$av->setCreatedAt(date('Y-m-d H:m:s')); $av->setEconomicUnitStreetType(fRequest::encode('type', 'string')); $av->setEconomicUnitLatitude(fRequest::encode('latitude', 'string')); $av->setEconomicUnitLongitude(fRequest::encode('longitude', 'string')); $av->setEconomicUnitDescription(fRequest::encode('description', 'string')); $av->setEconomicUnitStreetName(fRequest::encode('street', 'string')); $av->setEconomicUnitLocationNumber(fRequest::encode('number', 'string'));
<?php require_once '../init.php'; $section = 'observatorio'; $sub = 'addObs'; fSession::open(); $idUser = fSession::get(SESSION_ID_USER); if (empty($idUser) || !fAuthorization::checkACL($section, "add")) { header('Location: ' . SITE); exit("No se ha podido acceder a esta secci&oacite;n"); } require_once INCLUDES . 'header.php'; ?> <link rel="stylesheet" href="<?php echo CSS; ?> ui-lightness/jquery-ui-1.8.16.custom.css" type="text/css" /> <link rel="stylesheet" href="<?php echo JS; ?> jwysiwyg/jquery.wysiwyg.css" type="text/css" /> <script type="text/javascript" src="<?php echo JS; ?> jwysiwyg/jquery.wysiwyg.js"></script> <script type="text/javascript" src="<?php echo JS;
<?php if (fAuthorization::checkACL('geolocation', 'edit') || fAuthorization::checkACL('geolocation', 'delete')) { ?> <li<?php if ($sub == 'list') { echo ' class="active"'; } ?> ><a href="<?php echo GEOLOCATION; ?> list.php">Listar</a></li><?php } ?> <?php if (fAuthorization::checkACL('geolocation', 'add')) { ?> <li<?php if ($sub == 'add') { echo ' class="active"'; } ?> ><a href="<?php echo GEOLOCATION; ?> add.php">Agregar</a></li><?php } ?> </div> </ul>
public function testCheckUserACLs() { $acls = array('news' => array('*'), 'events' => array('read')); fAuthorization::setUserACLs($acls); $this->assertEquals(TRUE, fAuthorization::checkACL('news', 'foo')); $this->assertEquals(TRUE, fAuthorization::checkACL('news', 'anything')); $this->assertEquals(TRUE, fAuthorization::checkACL('events', 'read')); $this->assertEquals(FALSE, fAuthorization::checkACL('events', 'write')); }
<?php /* if (fAuthorization::checkAuthLevel('super') && fAuthorization::checkAuthLevel('admin')) header("Location: " . SITE); */ /* $typeOfUser = (fAuthorization::checkAuthLevel('admin') || fAuthorization::checkAuthLevel('super')); $where = ""; if (!$typeOfUser) $where = " WHERE id_user = $idUser"; */ $canEdit = fAuthorization::checkACL('geolocation', 'edit'); $canDelete = fAuthorization::checkACL('geolocation', 'delete'); fSession::open(); $idUser = fSession::get(SESSION_ID_USER); if (empty($idUser) || !fAuthorization::checkACL("geolocation", "delete") && !fAuthorization::checkACL("geolocation", "edit")) { //header('Location: '.SITE); exit("No se ha podido acceder a esta secci&oacite;n"); } $canEdit = true; $canDelete = true; $typeOfUser = fAuthorization::checkAuthLevel('super'); $where = " WHERE "; if (!$typeOfUser) { $where = " WHERE " . fSession::get('where_at') . " AND "; } $section = 'geolocation'; $section_id = 25; $sub = 'list'; ?> <?php
<?php require_once '../init.php'; $section = 'banner'; $sub = 'add'; fSession::open(); $idUser = fSession::get(SESSION_ID_USER); if (empty($idUser) || !fAuthorization::checkACL($section, $sub)) { header('Location: ' . SITE); exit("No se ha podido acceder a esta secci&oacite;n"); } require_once INCLUDES . 'header.php'; ?> <link rel="stylesheet" href="<?php echo JS; ?> jwysiwyg/jquery.wysiwyg.css" type="text/css" /> <link rel="stylesheet" href="<?php echo CSS; ?> ui-lightness/jquery-ui-1.8.16.custom.css" type="text/css" /> <script type="text/javascript" src="<?php echo JS; ?> jwysiwyg/jquery.wysiwyg.js"></script> <script type="text/javascript" src="<?php echo JS; ?> upload/jquery.MultiFile.js"></script>
<?php fSession::open(); $idUser = fSession::get(SESSION_ID_USER); if (empty($idUser) || !fAuthorization::checkACL('user', 'edit')) { header('Location: ' . SITE); exit("No se ha podido acceder a esta secci&oacite;n"); } $id = fRequest::encode('id', 'integer'); if (empty($id)) { exit; } $u = new User($id); $p = fRequest::encode('password', 'string'); if (!empty($p)) { $p = md5($p . SALT); $p = base64_encode($p); $p = hash('sha256', $p); $u->setPassword($p); } $u->setIdRole(fRequest::encode('role', 'integer')); $u->setEmail(fRequest::encode('email', 'string')); $u->setFirstName(fRequest::encode('firstName', 'string')); $u->setLastName(fRequest::encode('lastName', 'string')); $u->setBirthday(fRequest::encode('birthday', 'date')); $u->setPhone(fRequest::encode('phone', 'string')); $u->setCellphone(fRequest::encode('cellphone', 'string')); $u->setNextel(fRequest::encode('nextel', 'string')); $u->setFax(fRequest::encode('fax', 'string')); $u->setAddress(fRequest::encode('address', 'string')); try {
<?php require_once '../init.php'; $section = 'geolocation'; $section_id = 25; $sub = 'list'; fSession::open(); $idUser = fSession::get(SESSION_ID_USER); if (empty($idUser) || !fAuthorization::checkACL($section, "delete") && !fAuthorization::checkACL($section, "edit")) { header('Location: ' . SITE); exit("No se ha podido acceder a esta secci&oacite;n"); } require_once INCLUDES . 'header.php'; ?> <script type="text/javascript" src="<?php echo SCRIPT . $section . "/" . "list"; ?> .js"></script> <!-- MAIN CONTAINER --> <div id="ja-container" class="wrap ja-r2"> <div class="main clearfix"> <input type="text" value="Búsqueda.." class="text" title="Búsqueda.." name="query" id="query" style="width:200px;margin-left:930px" /> <br/>
?> </td> <?php if (fAuthorization::checkACL('user', 'edit')) { ?> <td><a href="<?php echo USER . 'edit.php?id=' . $item->getIdUser(); ?> " title="edit" class="edit"><img src="<?php echo ICON; ?> edit.png" /></a></td><?php } ?> <?php if (fAuthorization::checkACL('user', 'delete')) { ?> <td><a href="" title="<?php echo $item->getIdUser(); ?> " class="delete"><img src="<?php echo ICON; ?> delete.png" /></a></td><?php } ?> </tr> <?php } ?> </table>