function _allowedFields($fields)
{
$permission_manager =& AMPSystem_PermissionManager::instance();
//clear non-allowed fields as specified by 'per' element in XML
foreach ($fields as $fieldname => $field_def) {
if (!isset($field_def['per'])) {
continue;
}
$per_constant = $permission_manager->convertDescriptor($field_def['per']);
if (!AMP_Authorized($per_constant)) {
unset($fields[$fieldname]);
}
}
//clear non_allowed submit actions as specified by the map
$map =& $this->_get_map();
foreach ($this->submit_button[$this->_submit_group]['elements'] as $action => $field_def) {
if (!$map) {
continue;
}
if (!$map->isAllowed($action)) {
$this->removeSubmit($action);
}
}
return $fields;
}
function _after_init()
{
$this->addTranslation('order', '_makeInput');
$this->addLookup('class', AMPContent_Lookup::instance('classes'));
$this->addLookup('section', AMPContent_Lookup::instance('sections'));
if (!AMP_Authorized(AMP_PERMISSION_CONTENT_EDIT)) {
$this->suppress['editcolumn'] = true;
$this->suppress['selectcolumn'] = true;
}
}
function AMP_init_user()
{
if (!isset($_SERVER['REMOTE_USER'])) {
return false;
}
$AMP_Permission =& AMPSystem_PermissionManager::instance();
$AMP_CurrentUser = false;
$AMP_CurrentUser =& $AMP_Permission->readUser($_SERVER['REMOTE_USER']);
if ($AMP_CurrentUser) {
if (!defined('AMP_SYSTEM_USER_ID')) {
define('AMP_SYSTEM_USER_ID', $AMP_CurrentUser->id);
}
$content_roots = AMP_lookup('userSiteRoots');
if (isset($content_roots[AMP_SYSTEM_USER_ID])) {
if (!defined('AMP_CONTENT_MAP_ROOT_SECTION')) {
define('AMP_CONTENT_MAP_ROOT_SECTION', $content_roots[AMP_SYSTEM_USER_ID]);
}
$sections = AMP_lookup('sections');
if (!defined('AMP_CONTENT_SECTION_NAME_ROOT')) {
if (AMP_CONTENT_MAP_ROOT_SECTION != AMP_CONTENT_SECTION_ID_ROOT) {
define('AMP_CONTENT_SECTION_NAME_ROOT', $sections[AMP_CONTENT_MAP_ROOT_SECTION]);
} else {
define('AMP_CONTENT_SECTION_NAME_ROOT', AMP_SITE_NAME);
}
}
} else {
define('AMP_CONTENT_MAP_ROOT_SECTION', AMP_CONTENT_SECTION_ID_ROOT);
define('AMP_CONTENT_SECTION_NAME_ROOT', AMP_SITE_NAME);
}
//ACL user def code
if (!defined('AMP_SYSTEM_USER_TYPE')) {
define('AMP_SYSTEM_USER_TYPE', 'users');
}
if (!defined('AMP_SYSTEM_USER_ID_ACL')) {
define('AMP_SYSTEM_USER_ID_ACL', 'user_' . $AMP_CurrentUser->id);
}
if (!AMP_Authorized(AMP_PERMISSION_CONTENT_ACCESS)) {
trigger_error('content access not authorized for user ' . $AMP_CurrentUser->getName());
ampredirect(AMP_SITE_URL);
}
//ENSURE THAT THE current user is allowed to see this page
if (!$AMP_Permission->authorizedPage()) {
trigger_error('unauthorized page access attempt by ' . $AMP_CurrentUser->getName());
ampredirect($AMP_Permission->userHome());
}
}
}
unset($url_vars['id']);
ampredirect(AMP_url_add_vars(AMP_SYSTEM_URL_FORM_ENTRY, $url_vars));
}
}
if ($modin) {
$form_id_nav = $modin;
$form_permissions =& AMPSystem_Lookup::instance('PermissionsbyForm');
$tools = AMP_lookup('ToolsbyForm');
$modin_permission = isset($form_permissions[$modin]) && $form_permissions[$modin] ? $form_permissions[$modin] : false;
//$modidselect=$dbcon->GetRow("SELECT id, perid from modules where userdatamodid=" . $modin) or DIE($dbcon->ErrorMsg());
//$modid=$modidselect['id'];
$modid = isset($tools[$modin]) && $tools[$modin] ? $tools[$modin] : false;
} else {
ampredirect("modinput4_list.php");
}
$admin = AMP_Authorized(AMP_PERMISSION_FORM_DATA_EDIT) && AMP_Authorized($modin_permission);
// Fetch the form instance specified by submitted modin value.
$udm = new UserDataInput($dbcon, $modin, $admin);
// User ID.
$udm->authorized = true;
$udm->uid = $uid;
// Was data submitted via the web?
$sub = isset($_REQUEST['btnUdmSubmit']) ? $_REQUEST['btnUdmSubmit'] : false;
// Fetch or save user data.
if ($sub) {
// Save only if submitted data is present, and the user is
// authenticated, or if the submission is anonymous (i.e., !$uid)
if ($udm->saveUser()) {
ampredirect(AMP_SYSTEM_URL_FORM_DATA . "?modin=" . $udm->instance);
}
$udm->showForm = true;
*****/
$mod_name='udm';
require_once( 'AMP/System/Base.php' );
require_once('AMP/UserData/Set.inc.php');
if (isset($_REQUEST['modin']) && $_REQUEST['modin']) {
$modin=$form_id_nav = $_REQUEST['modin'];
} else {
ampredirect( AMP_SYSTEM_URL_FORMS );
}
$form_permissions = &System_Lookup::instance( 'PermissionsbyForm');
$modin_permission = ( isset( $form_permissions[$modin]) && $form_permissions[$modin]) ? $form_permissions[$modin] : false;
$view_permission = (AMP_Authorized(AMP_PERMISSION_FORM_DATA_EDIT)
&& ( $modin_permission ? AMP_Authorized($modin_permission) : true ));
$tool_set = &System_Lookup::instance( 'ToolsbyForm');
$modid = isset( $tool_set[$modin]) ? $tool_set[$modin] : null;
$admin=true;
$userlist=&new UserDataSet($dbcon, $modin, $admin);
$userlist->_register_default_plugins();
$uid= isset( $_REQUEST['uid'] ) ? $_REQUEST['uid'] : false;
if ($uid && $modin) {
$userlist->uid=$uid;
$output= $userlist->output('DisplayHTML');
function checkPermission($item = null)
{
$per = false;
if (isset($item['per'])) {
$per = $item['per'];
}
if (!isset($item)) {
$per = $this->permission;
}
if (!$per) {
return true;
}
return AMP_Authorized($per);
}
function allow($action)
{
if (isset($this->_map)) {
return $this->_map->isAllowed($action, $this->_model_id);
}
if (!isset($this->_model)) {
return true;
}
if (!isset($this->_model->protected_actions[$action])) {
return true;
}
return AMP_Authorized($this->_model->protected_actions[$action]);
}
require_once 'AMP/UserData/Set.inc.php';
require_once 'AMP/System/Base.php';
require_once 'utility.functions.inc.php';
$show_template = false;
$modin = false;
$flash = AMP_System_Flash::instance();
if (isset($_REQUEST['modin']) && $_REQUEST['modin']) {
$modin = $_REQUEST['modin'];
} else {
$flash->add_error(sprintf(AMP_TEXT_ERROR_NO_SELECTION, AMP_TEXT_FORM));
ampredirect(AMP_SYSTEM_URL_FORMS);
exit;
}
$form_permissions =& AMPSystem_Lookup::instance('PermissionsbyForm');
$modin_permission = isset($form_permissions[$modin]) && $form_permissions[$modin] ? $form_permissions[$modin] : false;
$view_permission = AMP_Authorized(AMP_PERMISSION_FORM_DATA_EXPORT) && ($modin_permission ? AMP_Authorized($modin_permission) : true);
if ($view_permission) {
$admin = true;
// Fetch the form instance specified by submitted modin value.
$userlist = new UserDataSet($dbcon, $_REQUEST['modin'], $admin);
/* Output the file
*/
$userlist->unregisterPlugin('Pager', 'Output');
$search_form = $userlist->getPlugins('SearchForm');
$search = $userlist->getPlugins('Search');
if (!$search_form) {
$userlist->registerPlugin('Output', 'SearchForm');
}
if (!$search) {
$userlist->registerPlugin('AMP', 'Search');
}
function _verifyConditionals($field_def)
{
if (!isset($this->conditionals)) {
return true;
}
foreach ($this->conditionals as $key => $requirement) {
if (!isset($field_def[$key])) {
return false;
}
if ($field_def[$key] != $requirement) {
return false;
}
}
if (isset($field_def['per'])) {
$this->_loadPermissionManager();
$per = $this->_per_manager->convertDescriptor($field_def['per']);
return AMP_Authorized($per);
}
return true;
}
function _allowedItems($set)
{
if (empty($set)) {
return false;
}
$result_set = array();
foreach ($set as $key => $item) {
if (!is_array($item)) {
continue;
}
if (isset($item['per']) && !AMP_Authorized($item['per'])) {
continue;
}
$result_set[$key] = $item;
if (isset($item['item'])) {
$result_set[$key]['item'] = $this->_allowedItems($item['item']);
}
}
return $result_set;
}
<td><A HREF="<?php
echo $filename;
?>
?<?php
echo $MM_keepNone . ($MM_keepNone != "" ? "&" : "") . "id=" . $new->Fields("id");
?>
">edit</A></td>
</tr>
<?php
$new->MoveNext();
}
?>
</table>
<?php
}
if (AMP_Authorized(AMP_PERMISSION_MESSAGES_ADMIN)) {
?>
<h2>Messages that have been received or sent as email</h2>
<table width="90%" border="0" cellspacing="2" cellpadding="3" align="center">
<tr class="intitle">
<td>From</td>
<td>To</td>
<td>Date</td>
<td> </td>
</tr>
<?php
while (!$old->EOF) {
?>
<tr bgcolor="#CCCCCC">
<td> <?php
<td> </td>
</tr><?php
$i = 0;
while (!$Recordset1->EOF) {
$i++;
$bgcolor = $i % 2 ? "#D5D5D5" : "#E5E5E5";
?>
<tr bordercolor="#333333" bgcolor="<?php
echo $bgcolor;
?>
" onMouseover="this.bgColor='#CCFFCC'" onMouseout="this.bgColor='<?php
echo $bgcolor;
?>
'">
<td><?php
if (AMP_Authorized(AMP_PERMISSION_CONTENT_EDIT)) {
?>
<input type="checkbox" name="id[]" value="<?php
echo $Recordset1->Fields("id");
?>
"><?php
}
?>
</td>
<td><a href="<?php
if ($class == 2) {
echo "article_fpedit.php";
} else {
echo "article_edit.php";
}
?>
*
* (c) 2004 Radical Designs
* Written by Blaine Cook, blaine@radicaldesigns.org
*
*****/
$mod_name = 'calendar';
require_once 'AMP/UserData/Input.inc.php';
require_once 'Connections/freedomrising.php';
require_once 'utility.functions.inc.php';
#set_error_handler( 'e' );
if (!defined(AMP_CALENDAR_ENTRY_FORM_DEFAULT)) {
define('AMP_CALENDAR_ENTRY_FORM_DEFAULT', 50);
}
// Fetch the form instance specified by submitted modin value.
$modin = isset($_REQUEST['modin']) ? $_REQUEST['modin'] : AMP_CALENDAR_ENTRY_FORM_DEFAULT;
$admin = AMP_Authorized(AMP_PERMISSION_FORM_ADMIN);
$udm = new UserDataInput($dbcon, $modin, $admin);
$modidselect = $dbcon->Execute("SELECT id, perid from modules where userdatamodid=" . $dbcon->qstr($udm->instance)) or die("Couldn't get module information for form: " . $dbcon->ErrorMsg());
$modid = $modidselect->Fields("id");
$modin_permission = $modidselect->Fields("perid");
// User ID.
if (isset($_REQUEST['calid']) && $_REQUEST['calid']) {
$uidset = $dbcon->Execute("Select uid from calendar where id=" . $_REQUEST['calid']);
$uid = $uidset->Fields("uid");
$calid = $_REQUEST['calid'];
} else {
$uid = isset($_REQUEST['uid']) ? $_REQUEST['uid'] : false;
}
$udm->authorized = true;
$udm->uid = $uid;
// Was data submitted via the web?
}
if ($modin) {
$form_id_nav = $modin;
$form_permissions = &System_Lookup::instance( 'PermissionsbyForm');
$tools = AMP_lookup( 'ToolsbyForm');
$modin_permission = ( isset( $form_permissions[$modin]) && $form_permissions[$modin]) ? $form_permissions[$modin] : false;
//$modidselect=$dbcon->GetRow("SELECT id, perid from modules where userdatamodid=" . $modin) or DIE($dbcon->ErrorMsg());
//$modid=$modidselect['id'];
$modid = ( isset( $tools[$modin]) && $tools[$modin]) ? $tools[$modin] : false;
} else {
ampredirect("modinput4_list.php");
}
$admin = (AMP_Authorized(AMP_PERMISSION_FORM_DATA_EDIT)
&& AMP_Authorized($modin_permission) );
// Fetch the form instance specified by submitted modin value.
$udm = &new UserDataInput( $dbcon, $modin ,$admin );
// User ID.
$udm->authorized = true;
$udm->uid = $uid;
// Was data submitted via the web?
$sub = (isset($_REQUEST['btnUdmSubmit'])) ? $_REQUEST['btnUdmSubmit'] : false;
// Fetch or save user data.
if ( $sub ) {
// Save only if submitted data is present, and the user is
</table></div>
<table width = "100%">
<tr class="intitle">
<td colspan="2" valign="top"> </td>
</tr>
<tr>
<td colspan="2" valign="top"><input type="submit" name="<?php
if (empty($_GET['id']) == TRUE) {
echo "MM_insert";
} else {
echo "MM_update";
}
?>
" value="Save Changes"><?php
if (AMP_Authorized(AMP_PERMISSION_CONTENT_DELETE)) {
?>
<input name="MM_delete" type="submit" value="Delete Record" onclick="return confirmSubmit('Are you sure you want to DELETE this record?')">
<?php
}
?>
</td>
</tr>
</table>
<input type="hidden" name="MM_recordId" value="<?php
echo $id;
?>
">
function isAllowed($action, $id = false)
{
if ($this->_gacl_obj && $id) {
if (!AMP_allow($action, $this->_gacl_obj, $id)) {
return false;
}
}
$allow_var = '_allow_' . $action;
if (!isset($this->{$allow_var})) {
//if edit is not allowed -- allow nothing
$allow_any_action = 'edit';
if ($action != $allow_any_action && $action != 'search') {
if (!$this->isAllowed($allow_any_action)) {
return false;
}
}
return true;
}
if (!$this->{$allow_var}) {
return false;
}
if ($this->{$allow_var} === true) {
return true;
}
return AMP_Authorized($this->{$allow_var});
}
