function AllowUse($modname = false) { global $_openSIS; if (!$modname) { $modname = $_REQUEST['modname']; } if ($modname == 'Students/Student.php' && $_REQUEST['category_id']) { $modname = $modname . '&category_id=' . $_REQUEST['category_id']; } if (!$_openSIS['AllowUse']) { if (User('PROFILE_ID') != '') { $_openSIS['AllowUse'] = DBGet(DBQuery("SELECT MODNAME FROM PROFILE_EXCEPTIONS WHERE PROFILE_ID='" . User('PROFILE_ID') . "' AND CAN_USE='Y'"), array(), array('MODNAME')); } else { $_openSIS['AllowUse'] = DBGet(DBQuery("SELECT MODNAME FROM STAFF_EXCEPTIONS WHERE USER_ID='" . User('STAFF_ID') . "' AND CAN_USE='Y'"), array(), array('MODNAME')); } } if (!$_openSIS['AllowUse']) { $_openSIS['AllowUse'] = array(true); } if (count($_openSIS['AllowUse'][$modname])) { return true; } else { return false; } }
/** * @param \yii\authclient\ClientInterface $Client * @return bool * @throws \yii\base\InvalidConfigException */ public function save(\yii\authclient\ClientInterface $Client) { /** @var Account\backend\Module $Module */ $Module = \Yii::$app->getModule($this->accountModule); $roles = $Module->roles; /** @var AccountModel $Account */ $Account = \Yii::createObject(AccountModel::class); $Account->appendClientAttributes($Client); $Account->setAttributes(['email' => $this->email]); $Account->validate() && $Account->save(); $AuthResponse = AccountAuthResponseModel::createLog($Client); if ($Account->hasErrors()) { $AuthResponse->result = Json::encode($Account->getErrors()); } else { $AuthResponse->result = (string) $Account->id; $Account->pushSocialLink($Client); AuthManager()->assign(RbacFactory::Role($roles['user']), $Account->id); $SignInFormModel = \Yii::createObject(SignInForm::class); User()->login($Account, $SignInFormModel::REMEMBER_TIME); } $AuthResponse->validate() && $AuthResponse->save(); if ($Account->hasErrors()) { $this->populateErrors($Account, 'name'); } return !$Account->hasErrors(); }
function AllowUse($modname = false) { global $_openSIS; if (!$modname) { $modname = $_REQUEST['modname']; } if ($modname == 'Students/Student.php' && $_REQUEST['category_id']) { $modname = $modname . '&category_id=' . $_REQUEST['category_id']; } if (!$_openSIS['AllowUse']) { if (User('PROFILE_ID') != '') { $_openSIS['AllowUse'] = DBGet(DBQuery('SELECT MODNAME FROM profile_exceptions WHERE PROFILE_ID=\'' . User('PROFILE_ID') . '\' AND CAN_USE=\'Y\''), array(), array('MODNAME')); } else { $_openSIS['AllowUse'] = DBGet(DBQuery('SELECT MODNAME FROM staff_exceptions WHERE USER_ID=\'' . User('STAFF_ID') . '\' AND CAN_USE=\'Y\''), array(), array('MODNAME')); } } if (!$_openSIS['AllowUse']) { $_openSIS['AllowUse'] = array(true); } if (count($_openSIS['AllowUse'][$modname])) { return true; } else { return false; } }
public static function get_pages($lang = NULL) { if ($lang == NULL) { $lang = Settings::get_lang('current'); } self::$ci->load->model('page_model'); $pages = self::$ci->page_model->get_lang_list(NULL, $lang); // Should never be displayed : no pages are set. if (empty($pages)) { show_error('Internal error : <b>No pages found.</b><br/>Solution: <b>Create at least one online page.</b>', 500); exit; } /* Spread authorizations from parents pages to chidrens. * This adds the group ID to the childrens pages of a protected page * If you don't want this, just uncomment this line. */ // self::$ci->page_model->spread_authorizations($pages); // Filter pages regarding the authorizations if (User()->get('role_level') < 1000) { $pages = array_values(array_filter($pages, array(__CLASS__, '_filter_pages_authorization'))); } // Set all abolute URLs one time, for perf. self::init_absolute_urls($pages, $lang); return $pages; }
function core_user_update_users_object() { //first, gather the necessary variables global $_REQUEST; //gather the Moodle user ID if (User('PROFILE') == 'student') { $rosario_id = UserStudentID(); $moodle_id = DBGet(DBQuery("SELECT moodle_id FROM moodlexrosario WHERE rosario_id='" . $rosario_id . "' AND \"column\"='student_id'")); } else { $rosario_id = User('STAFF_ID'); $moodle_id = DBGet(DBQuery("SELECT moodle_id FROM moodlexrosario WHERE rosario_id='" . $rosario_id . "' AND \"column\"='staff_id'")); } if (count($moodle_id)) { $moodle_id = (double) $moodle_id[1]['MOODLE_ID']; } else { return ''; } //then, convert variables for the Moodle object: /* list of ( object { id double //ID of the user password string Optional //Plain text password consisting of any characters //note Francois: the password must respect the Moodle policy: 8 chars min., 1 number, 1 min, 1 maj and 1 non-alphanum at least. } ) */ $password = $_REQUEST['values']['new']; $users = array(array('id' => $moodle_id, 'password' => $password)); return array($users); }
public function getIslove() { $category_id = $this->id; $user_id = User()->id; $record = ManyCategoryUser::model()->findByAttributes(array('category_id' => $category_id, 'user_id' => $user_id)); return $record === null ? false : true; }
function GetStaffList(&$extra) { global $profiles_RET; $functions = array('PROFILE' => 'makeProfile'); switch (User('PROFILE')) { case 'admin': $profiles_RET = DBGet(DBQuery("SELECT * FROM USER_PROFILES"), array(), array('ID')); $sql = "SELECT CONCAT(\n\t\t\t\t\tCOALESCE(s.LAST_NAME,' '),', ',COALESCE(s.FIRST_NAME,' '),' ',COALESCE(s.MIDDLE_NAME,' ')) AS FULL_NAME,\n\t\t\t\t\ts.PROFILE,s.PROFILE_ID,s.STAFF_ID,s.SCHOOLS " . $extra['SELECT'] . "\n\t\t\t\tFROM\n\t\t\t\t\tSTAFF s " . $extra['FROM'] . "\n\t\t\t\tWHERE\n\t\t\t\t\ts.SYEAR='" . UserSyear() . "'"; if ($_REQUEST['_search_all_schools'] != 'Y') { $sql .= " AND (s.SCHOOLS LIKE '%," . UserSchool() . ",%' OR s.SCHOOLS IS NULL OR s.SCHOOLS='') "; } if ($_REQUEST['username']) { $sql .= "AND UPPER(s.USERNAME) LIKE '" . strtoupper($_REQUEST['username']) . "%' "; } if ($_REQUEST['last']) { $sql .= "AND UPPER(s.LAST_NAME) LIKE '" . strtoupper($_REQUEST['last']) . "%' "; } if ($_REQUEST['first']) { $sql .= "AND UPPER(s.FIRST_NAME) LIKE '" . strtoupper($_REQUEST['first']) . "%' "; } if ($_REQUEST['profile']) { $sql .= "AND s.PROFILE='" . $_REQUEST['profile'] . "' "; } $sql .= $extra['WHERE'] . ' '; $sql .= "ORDER BY FULL_NAME"; if ($extra['functions']) { $functions += $extra['functions']; } return DBGet(DBQuery($sql), $functions); break; } }
function user_news_comments() { global $user; $html = '<div class="col-md-12"><h1>' . user_news_comments_title() . '</h1>'; if (isset($_REQUEST["nid"]) && preg_match("/^[0-9]{1,}\$/", $_REQUEST['nid']) && sql_num_query("SELECT * FROM `News` WHERE `ID`='" . sql_escape($_REQUEST['nid']) . "' LIMIT 1") > 0) { $nid = $_REQUEST["nid"]; list($news) = sql_select("SELECT * FROM `News` WHERE `ID`='" . sql_escape($nid) . "' LIMIT 1"); if (isset($_REQUEST["text"])) { $text = preg_replace("/([^\\p{L}\\p{P}\\p{Z}\\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text'])); sql_query("INSERT INTO `NewsComments` (`Refid`, `Datum`, `Text`, `UID`) VALUES ('" . sql_escape($nid) . "', '" . date("Y-m-d H:i:s") . "', '" . sql_escape($text) . "', '" . sql_escape($user["UID"]) . "')"); engelsystem_log("Created news_comment: " . $text); $html .= success(_("Entry saved."), true); } $html .= display_news($news); $comments = sql_select("SELECT * FROM `NewsComments` WHERE `Refid`='" . sql_escape($nid) . "' ORDER BY 'ID'"); foreach ($comments as $comment) { $user_source = User($comment['UID']); if ($user_source === false) { engelsystem_error(_("Unable to load user.")); } $html .= '<div class="panel panel-default">'; $html .= '<div class="panel-body">' . nl2br($comment['Text']) . '</div>'; $html .= '<div class="panel-footer text-muted">'; $html .= '<span class="glyphicon glyphicon-time"></span> ' . $comment['Datum'] . ' '; $html .= User_Nick_render($user_source); $html .= '</div>'; $html .= '</div>'; } $html .= '<hr /><h2>' . _("New Comment:") . '</h2>'; $html .= form(array(form_textarea('text', _("Message"), ''), form_submit('submit', _("Save"))), page_link_to('news_comments') . '&nid=' . $news['ID']); } else { $html .= _("Invalid request."); } return $html . '</div>'; }
function HackingLog() { echo "You're not allowed to use this program! This attempted violation has been logged and your IP address was captured."; Warehouse('footer'); if ($_SERVER['HTTP_X_FORWARDED_FOR']) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip = $_SERVER['REMOTE_ADDR']; } if ($openSISNotifyAddress) { mail($openSISNotifyAddress, 'HACKING ATTEMPT', "INSERT INTO HACKING_LOG (HOST_NAME,IP_ADDRESS,LOGIN_DATE,VERSION,PHP_SELF,DOCUMENT_ROOT,SCRIPT_NAME,MODNAME,USERNAME) values('{$_SERVER['SERVER_NAME']}','{$ip}','" . date('Y-m-d') . "','{$openSISVersion}','{$_SERVER['PHP_SELF']}','{$_SERVER['DOCUMENT_ROOT']}','{$_SERVER['SCRIPT_NAME']}','{$_REQUEST['modname']}','" . User('USERNAME') . "')"); } /*if($openSISNotifyAddress) mail($openSISNotifyAddress,'HACKING ATTEMPT',"INSERT INTO HACKING_LOG (HOST_NAME,IP_ADDRESS,LOGIN_DATE,VERSION,PHP_SELF,DOCUMENT_ROOT,SCRIPT_NAME,MODNAME,USERNAME) values('$_SERVER[SERVER_NAME]','$_SERVER[REMOTE_ADDR]','".date('Y-m-d')."','$openSISVersion','$_SERVER[PHP_SELF]','$_SERVER[DOCUMENT_ROOT]','$_SERVER[SCRIPT_NAME]','$_REQUEST[modname]','".User('USERNAME')."')");*/ if (false && function_exists('mysql_query')) { if ($_SERVER['HTTP_X_FORWARDED_FOR']) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip = $_SERVER['REMOTE_ADDR']; } $link = @mysql_connect('os4ed.com', 'openSIS_log', 'openSIS_log'); @mysql_select_db('openSIS_log'); @mysql_query("INSERT INTO HACKING_LOG (HOST_NAME,IP_ADDRESS,LOGIN_DATE,VERSION,PHP_SELF,DOCUMENT_ROOT,SCRIPT_NAME,MODNAME,USERNAME) values('{$_SERVER['SERVER_NAME']}','{$ip}','" . date('Y-m-d') . "','{$openSISVersion}','{$_SERVER['PHP_SELF']}','{$_SERVER['DOCUMENT_ROOT']}','{$_SERVER['SCRIPT_NAME']}','{$_REQUEST['modname']}','" . User('USERNAME') . "')"); @mysql_close($link); /*$link = @mysql_connect('os4ed.com','openSIS_log','openSIS_log'); @mysql_select_db('openSIS_log'); @mysql_query("INSERT INTO HACKING_LOG (HOST_NAME,IP_ADDRESS,LOGIN_DATE,VERSION,PHP_SELF,DOCUMENT_ROOT,SCRIPT_NAME,MODNAME,USERNAME) values('$_SERVER[SERVER_NAME]','$_SERVER[REMOTE_ADDR]','".date('Y-m-d')."','$openSISVersion','$_SERVER[PHP_SELF]','$_SERVER[DOCUMENT_ROOT]','$_SERVER[SCRIPT_NAME]','$_REQUEST[modname]','".User('USERNAME')."')"); @mysql_close($link);*/ } }
function PortalPollsDisplay($value, $name) { global $THIS_RET; static $js_included = false; $poll_id = $THIS_RET['ID']; //get poll: $poll_RET = DBGet(DBQuery("SELECT EXCLUDED_USERS, VOTES_NUMBER, DISPLAY_VOTES FROM PORTAL_POLLS WHERE ID='" . $poll_id . "'")); $poll_questions_RET = DBGet(DBQuery("SELECT ID, QUESTION, OPTIONS, TYPE, VOTES FROM PORTAL_POLL_QUESTIONS WHERE PORTAL_POLL_ID='" . $poll_id . "' ORDER BY ID")); if (!$poll_RET || !$poll_questions_RET) { return ErrorMessage(array('Poll does not exist')); } //should never be displayed, so do not translate //verify if user is in excluded users list (format = '|[profile_id]:[user_id]') $profile_id = User('PROFILE_ID'); if ($profile_id != 0) { //modif Francois: call right Student/Staff ID $user_id = UserStaffID(); } else { $user_id = UserStudentID(); } $excluded_user = '******' . $profile_id . ':' . $user_id; if (mb_strpos($poll_RET[1]['EXCLUDED_USERS'], $excluded_user) !== false) { return PortalPollsVotesDisplay($poll_id, $poll_RET[1]['DISPLAY_VOTES'], $poll_questions_RET, $poll_RET[1]['VOTES_NUMBER']); } //user already voted, display votes $PollForm = ''; if (!$js_included) { $PollForm .= includeOnceJquery(); $PollForm .= '<script type="text/javascript" src="assets/js/jquery.form.js"></script>'; $PollForm .= '<script type="text/javascript"> $(document).ready(function() { $(\'.formPortalPoll\').ajaxForm({ //send the votes in AJAX success: function(data,status,xhr,form) { $(form).parent().html(data); } }); }); </script>'; $js_included = true; } $PollForm .= '<div id="divPortalPoll' . $poll_id . '" style="max-height:350px; overflow-y:auto;"><form method="POST" class="formPortalPoll" action="ProgramFunctions/PortalPolls.fnc.php"><input type="hidden" name="profile_id" value="' . $profile_id . '" /><input type="hidden" name="user_id" value="' . $user_id . '" /><input type="hidden" name="total_votes_string" value="' . _('Total Participants') . '" /><input type="hidden" name="poll_completed_string" value="' . _('Poll completed') . '" /><TABLE class="width-100p cellspacing-0">'; foreach ($poll_questions_RET as $question) { $PollForm .= '<TR><TD><b>' . $question['QUESTION'] . '</b></TD><TD><TABLE class="width-100p cellspacing-0">'; $options_array = explode('<br />', nl2br($question['OPTIONS'])); $checked = true; foreach ($options_array as $option_nb => $option_label) { if ($question['TYPE'] == 'multiple_radio') { $PollForm .= '<TR><TD><label><input type="radio" name="votes[' . $poll_id . '][' . $question['ID'] . ']" value="' . $option_nb . '" ' . ($checked ? 'checked' : '') . ' /> ' . $option_label . '</label></TD></TR>' . "\n"; } else { //multiple $PollForm .= '<TR><TD><label><input type="checkbox" name="votes[' . $poll_id . '][' . $question['ID'] . '][]" value="' . $option_nb . '" /> ' . $option_label . '</label></TD></TR>' . "\n"; } $checked = false; } $PollForm .= '</TABLE></TD></TR>'; } $PollForm .= '</TD></TR></TABLE><P><input type="submit" value="' . _('Submit') . '" /></P></form></div>'; return $PollForm; }
function UserStudentID() { if (User('PROFILE') == 'student') { return $_SESSION['STUDENT_ID']; } else { return $_SESSION['student_id']; } }
/** * Constructor * */ public function __construct() { parent::__construct(); // Models $this->load->model(array('role_model', 'resource_model', 'rule_model', 'user_model'), '', TRUE); // Current connected user level $this->current_role = User()->get_role(); }
public function isAccept() { $r = false; $record = ManyAttackAccept::model()->findByAttributes(array('attack_id' => User()->id, 'accept_id' => $this->id)); if ($record != null) { $r = true; } return $r; }
function Developer($name, $title, $skills) { $user = User($name, $title); if (!is_array($skills)) { $skills = array($skills); } $user['skills'] = $skills; return $user; return $user; }
public function actionLove() { $record = ManyCategoryUser::model()->deleteAll(array('user_id' => User()->id)); $nodes = $_POST['nodes']; foreach ($nodes as $node) { $rel = new ManyCategoryUser(); $rel->category_id = $node; $rel->user_id = User()->id; $rel->save(); } $this->redirect(rurl()); }
function getCSS() { $css = 'Blue'; if (User('STAFF_ID')) { $sql = "select value from PROGRAM_USER_CONFIG where title='THEME' and user_id=" . User('STAFF_ID'); $data = DBGet(DBQuery($sql)); if (count($data[1])) { $css = $data[1]['VALUE']; } } return $css; }
function _makeLetterGrade($percent, $course_period_id = 0, $staff_id = 0, $ret = 'TITLE') { global $programconfig, $_ROSARIO; if (!$course_period_id) { $course_period_id = UserCoursePeriod(); } if (!$staff_id) { $staff_id = User('STAFF_ID'); } if (!$programconfig[$staff_id]) { $config_RET = DBGet(DBQuery("SELECT TITLE,VALUE FROM PROGRAM_USER_CONFIG WHERE USER_ID='" . $staff_id . "' AND PROGRAM='Gradebook'"), array(), array('TITLE')); if (count($config_RET)) { foreach ($config_RET as $title => $value) { $programconfig[$staff_id][$title] = $value[1]['VALUE']; } } else { $programconfig[$staff_id] = true; } } if (!$_ROSARIO['_makeLetterGrade']['courses'][$course_period_id]) { $_ROSARIO['_makeLetterGrade']['courses'][$course_period_id] = DBGet(DBQuery("SELECT DOES_BREAKOFF,GRADE_SCALE_ID FROM COURSE_PERIODS WHERE COURSE_PERIOD_ID='" . $course_period_id . "'")); } $does_breakoff = $_ROSARIO['_makeLetterGrade']['courses'][$course_period_id][1]['DOES_BREAKOFF']; $grade_scale_id = $_ROSARIO['_makeLetterGrade']['courses'][$course_period_id][1]['GRADE_SCALE_ID']; $percent *= 100; if ($does_breakoff == 'Y') { if ($programconfig[$staff_id]['ROUNDING'] == 'UP') { $percent = ceil($percent); } elseif ($programconfig[$staff_id]['ROUNDING'] == 'DOWN') { $percent = floor($percent); } elseif ($programconfig[$staff_id]['ROUNDING'] == 'NORMAL') { $percent = round($percent); } } else { $percent = round($percent); } // school default if ($ret == '%') { return $percent; } if (!$_ROSARIO['_makeLetterGrade']['grades'][$grade_scale_id]) { $_ROSARIO['_makeLetterGrade']['grades'][$grade_scale_id] = DBGet(DBQuery("SELECT TITLE,ID,BREAK_OFF,COMMENT FROM REPORT_CARD_GRADES WHERE SYEAR='" . UserSyear() . "' AND SCHOOL_ID='" . UserSchool() . "' AND GRADE_SCALE_ID='{$grade_scale_id}' ORDER BY BREAK_OFF IS NOT NULL DESC,BREAK_OFF DESC,SORT_ORDER")); } //$grades = array('A+','A','A-','B+','B','B-','C+','C','C-','D+','D','D-','F'); foreach ($_ROSARIO['_makeLetterGrade']['grades'][$grade_scale_id] as $grade) { if ($does_breakoff == 'Y' ? $percent >= $programconfig[$staff_id][$course_period_id . '-' . $grade['ID']] && is_numeric($programconfig[$staff_id][$course_period_id . '-' . $grade['ID']]) : $percent >= $grade['BREAK_OFF']) { //modif Francois: use Report Card Grades comments //return $ret=='ID' ? $grade['ID'] : $grade['TITLE']; return $grade[$ret]; } } }
/** * @inheritdoc * * In case, when the [[value]] property is `null`, the value of `Yii::$app->user->id` will be used as the value. */ protected function getValue($event) { if ($this->value === null) { if (\Yii::$app instanceof \yii\web\Application) { $this->value = !User()->isGuest ? User()->id : null; } else { $this->value = null; } } if ($this->value instanceof \Closure || is_array($this->value) && is_callable($this->value)) { return call_user_func($this->value, $event); } return $this->value; }
function _makeLetterGrade($percent, $course_period_id = 0, $staff_id = 0, $ret = '') { global $programconfig, $_openSIS; if (!$course_period_id) { $course_period_id = UserCoursePeriod(); } if (!$staff_id) { $staff_id = User('STAFF_ID'); } if (!$programconfig[$staff_id]) { $config_RET = DBGet(DBQuery('SELECT TITLE,VALUE FROM program_user_config WHERE USER_ID=\'' . $staff_id . '\' AND PROGRAM=\'Gradebook\''), array(), array('TITLE')); if (count($config_RET)) { foreach ($config_RET as $title => $value) { $programconfig[$staff_id][$title] = $value[1]['VALUE']; } } else { $programconfig[$staff_id] = true; } } if (!$_openSIS['_makeLetterGrade']['courses'][$course_period_id]) { $_openSIS['_makeLetterGrade']['courses'][$course_period_id] = DBGet(DBQuery('SELECT DOES_BREAKOFF,GRADE_SCALE_ID FROM course_periods WHERE COURSE_PERIOD_ID=\'' . $course_period_id . '\'')); } $does_breakoff = $_openSIS['_makeLetterGrade']['courses'][$course_period_id][1]['DOES_BREAKOFF']; $grade_scale_id = $_openSIS['_makeLetterGrade']['courses'][$course_period_id][1]['GRADE_SCALE_ID']; $percent *= 100; // if ($does_breakoff=='Y') // { if ($programconfig[$staff_id]['ROUNDING'] == 'UP') { $percent = ceil($percent); } elseif ($programconfig[$staff_id]['ROUNDING'] == 'DOWN') { $percent = floor($percent); } elseif ($programconfig[$staff_id]['ROUNDING'] == 'NORMAL') { $percent = round($percent, 2); } else { $percent = round($percent, 2); } // school default if ($ret == '%') { return $percent; } if (!$_openSIS['_makeLetterGrade']['grades'][$grade_scale_id]) { $_openSIS['_makeLetterGrade']['grades'][$grade_scale_id] = DBGet(DBQuery('SELECT TITLE,ID,BREAK_OFF FROM report_card_grades WHERE SYEAR=\'' . UserSyear() . '\' AND SCHOOL_ID=\'' . UserSchool() . '\' AND GRADE_SCALE_ID=\'' . $grade_scale_id . '\' ORDER BY BREAK_OFF IS NOT NULL DESC,BREAK_OFF DESC,SORT_ORDER')); } //$grades = array('A+','A','A-','B+','B','B-','C+','C','C-','D+','D','D-','F'); foreach ($_openSIS['_makeLetterGrade']['grades'][$grade_scale_id] as $grade) { if ($does_breakoff == 'Y' ? $percent >= $programconfig[$staff_id][$course_period_id . '-' . $grade['ID']] && is_numeric($programconfig[$staff_id][$course_period_id . '-' . $grade['ID']]) : $percent >= $grade['BREAK_OFF']) { return $ret == 'ID' ? $grade['ID'] : $grade['TITLE']; } } }
public function actionSignout() { $user = User::model()->findByPk(User()->id); if ($user) { $user->last_logout_time = Time::now(); $user->last_ip = API::get_ip(); $user->save(); } Yii::app()->user->logout(); if (isset($_GET['rurl'])) { $this->redirect(array($_GET['rurl'])); } else { $this->redirect(Yii::app()->homeUrl); } }
function HackingLog() { global $RosarioNotifyAddress; echo _('You\'re not allowed to use this program!') . ' ' . _('This attempted violation has been logged and your IP address was captured.'); Warehouse('footer'); if ($RosarioNotifyAddress) { //modif Francois: add email headers $headers = 'From:' . $RosarioNotifyAddress . "\r\n"; $headers .= 'Return-Path:' . $RosarioNotifyAddress . "\r\n"; $headers .= 'Reply-To:' . $RosarioNotifyAddress . "\r\n" . 'X-Mailer:PHP/' . phpversion(); $params = '-f ' . $RosarioNotifyAddress; @mail($RosarioNotifyAddress, 'HACKING ATTEMPT', "INSERT INTO HACKING_LOG (HOST_NAME,IP_ADDRESS,LOGIN_DATE,VERSION,PHP_SELF,DOCUMENT_ROOT,SCRIPT_NAME,MODNAME,QUERY_STRING,USERNAME) values('{$_SERVER['SERVER_NAME']}','{$_SERVER['REMOTE_ADDR']}','" . date('Y-m-d') . "','{$RosarioVersion}','{$_SERVER['PHP_SELF']}','{$_SERVER['DOCUMENT_ROOT']}','{$_SERVER['SCRIPT_NAME']}','{$_REQUEST['modname']}','{$_SERVER['QUERY_STRING']}','" . User('USERNAME') . "')", $headers, $params); } exit; }
function ErrorMessage($errors, $code = 'error') { $errors = array_unique($errors); if ($errors) { $return = "<div style=text-align:left><table cellpadding=5 cellspacing=5 class=alert_box ><tr>"; if (count($errors) == 1) { if ($code == 'error' || $code == 'fatal') { $return .= '<td class=note></td><td class=note_msg >'; } else { $return .= '<td class=alert></td><td class=alert_msg >'; } $return .= $errors[0] ? $errors[0] : $errors[1]; } else { if ($code == 'error' || $code == 'fatal') { $return .= "<td class=note></td><td class=note_msg >"; } else { $return .= '<td class=alert></td><td class=alert_msg >'; } $return .= '<ul>'; foreach ($errors as $value) { $return .= "<LI>{$value}</LI>\n"; } $return .= '</ul>'; } $return .= "</td></tr></table></div>"; if ($code == 'fatal') { $css = getCSS(); $return .= "</td></tr></table>"; $return .= "</td></tr></table></div>"; $return .= "</td></tr></table>"; $return .= "</td></tr></table>"; $return .= "</td></tr></table>"; $return .= "</td></tr>"; if (User('PROFILE') != 'teacher') { $return .= "<tr>\r\n\t\t\t\t\t\t\t\t<td class=\"footer\">\r\n\t\t\t\t\t\t\t\t<table width=\"100%\" border=\"0\">\r\n\t\t\t\t\t\t\t\t<tr>\r\n <td align='center' class='copyright'>\r\n <center>Copyright@2016 Feng Hua Language Studies Centre/丰华语言学习中心. All rights reserved.</center></td>\r\n </tr>\r\n\t\t\t\t\t\t\t\t</table>\r\n\t\t\t\t\t\t\t\t</td>\r\n\t\t\t\t\t\t\t\t</tr>\r\n\t\t\t\t\t\t\t\t</table>"; } $return .= "</td></tr></table></td></tr></table>"; if ($isajax == "") { echo $return; } if (!$_REQUEST['_openSIS_PDF']) { Warehouse('footer'); } exit; } return $return; } }
function ErrorMessage($errors, $code = 'error') { $errors = array_unique($errors); if ($errors) { $return = "<div style=text-align:left><table cellpadding=5 cellspacing=5 class=alert_box ><tr>"; if (count($errors) == 1) { if ($code == 'error' || $code == 'fatal') { $return .= '<td class=note></td><td class=note_msg >'; } else { $return .= '<td class=alert></td><td class=alert_msg >'; } $return .= $errors[0] ? $errors[0] : $errors[1]; } else { if ($code == 'error' || $code == 'fatal') { $return .= "<td class=note></td><td class=note_msg >"; } else { $return .= '<td class=alert></td><td class=alert_msg >'; } $return .= '<ul>'; foreach ($errors as $value) { $return .= "<LI>{$value}</LI>\n"; } $return .= '</ul>'; } $return .= "</td></tr></table></div>"; if ($code == 'fatal') { $css = getCSS(); $return .= "</td></tr></table>"; $return .= "</td></tr></table></div>"; $return .= "</td></tr></table>"; $return .= "</td></tr></table>"; $return .= "</td></tr></table>"; $return .= "</td></tr>"; if (User('PROFILE') != 'teacher') { $return .= "<tr>\r\n\t\t\t\t\t\t\t\t<td class=\"footer\">\r\n\t\t\t\t\t\t\t\t<table width=\"100%\" border=\"0\">\r\n\t\t\t\t\t\t\t\t<tr>\r\n <td align='center' class='copyright'>\r\n <center>openSIS is a product of Open Solutions for Education, Inc. (<a href='http://www.os4ed.com' target='_blank'>OS4Ed</a>).\r\n and is licensed under the <a href='http://www.gnu.org/licenses/gpl.html' target='_blank'>GPL License</a>.\r\n </center></td>\r\n </tr>\r\n\t\t\t\t\t\t\t\t</table>\r\n\t\t\t\t\t\t\t\t</td>\r\n\t\t\t\t\t\t\t\t</tr>\r\n\t\t\t\t\t\t\t\t</table>"; } $return .= "</td></tr></table></td></tr></table>"; if ($isajax == "") { echo $return; } if (!$_REQUEST['_openSIS_PDF']) { Warehouse('footer'); } exit; } return $return; } }
function Preferences($item, $program = 'Preferences') { global $_openSIS; if ($_SESSION['STAFF_ID'] && !$_openSIS['Preferences'][$program]) { $QI = DBQuery('SELECT TITLE,VALUE FROM program_user_config WHERE USER_ID=' . $_SESSION[STAFF_ID] . ' AND PROGRAM=\'' . $program . '\''); $_openSIS['Preferences'][$program] = DBGet($QI, array(), array('TITLE')); } $defaults = array('NAME' => 'Common', 'SORT' => 'Name', 'SEARCH' => 'Y', 'DELIMITER' => 'Tab', 'COLOR' => '#FFFFCC', 'HIGHLIGHT' => '#85E1FF', 'TITLES' => 'gray', 'THEME' => 'Brushed-Steel', 'HIDDEN' => 'Y', 'MONTH' => 'M', 'DAY' => 'j', 'YEAR' => 'Y', 'DEFAULT_ALL_SCHOOLS' => 'N', 'ASSIGNMENT_SORTING' => 'ASSIGNMENT_ID', 'ANOMALOUS_MAX' => '100'); if (!isset($_openSIS['Preferences'][$program][$item][1]['VALUE'])) { $_openSIS['Preferences'][$program][$item][1]['VALUE'] = $defaults[$item]; } if ($_SESSION['STAFF_ID'] && User('PROFILE') == 'parent' || $_SESSION['STUDENT_ID']) { $_openSIS['Preferences'][$program]['SEARCH'][1]['VALUE'] = 'N'; } return $_openSIS['Preferences'][$program][$item][1]['VALUE']; }
function admin_news() { global $user; if (!isset($_GET["action"])) { redirect(page_link_to("news")); } else { $html = '<div class="col-md-12"><h1>' . _("Edit news entry") . '</h1>' . msg(); if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}\$/", $_REQUEST['id'])) { $id = $_REQUEST['id']; } else { return error("Incomplete call, missing News ID.", true); } $news = sql_select("SELECT * FROM `News` WHERE `ID`='" . sql_escape($id) . "' LIMIT 1"); if (count($news) > 0) { switch ($_REQUEST["action"]) { default: redirect(page_link_to('news')); case 'edit': list($news) = $news; $user_source = User($news['UID']); if ($user_source === false) { engelsystem_error("Unable to load user."); } $html .= form(array(form_info(_("Date"), date("Y-m-d H:i", $news['Datum'])), form_info(_("Author"), User_Nick_render($user_source)), form_text('eBetreff', _("Subject"), $news['Betreff']), form_textarea('eText', _("Message"), $news['Text']), form_checkbox('eTreffen', _("Meeting"), $news['Treffen'] == 1, 1), form_submit('submit', _("Save"))), page_link_to('admin_news&action=save&id=' . $id)); $html .= '<a class="btn btn-danger" href="' . page_link_to('admin_news&action=delete&id=' . $id) . '"><span class="glyphicon glyphicon-trash"></span> ' . _("Delete") . '</a>'; break; case 'save': list($news) = $news; sql_query("UPDATE `News` SET \n `Datum`='" . sql_escape(time()) . "', \n `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', \n `Text`='" . sql_escape($_POST["eText"]) . "', \n `UID`='" . sql_escape($user['UID']) . "', \n `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' \n WHERE `ID`='" . sql_escape($id) . "'"); engelsystem_log("News updated: " . $_POST["eBetreff"]); success(_("News entry updated.")); redirect(page_link_to("news")); break; case 'delete': list($news) = $news; sql_query("DELETE FROM `News` WHERE `ID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("News deleted: " . $news['Betreff']); success(_("News entry deleted.")); redirect(page_link_to("news")); break; } } else { return error("No News found.", true); } } return $html . '</div>'; }
function ErrorMessage($errors, $code = 'error') { if ($errors) { $return = "<div style=text-align:left><table cellpadding=5 cellspacing=5 class=alert_box ><tr>"; if (count($errors) == 1) { if ($code == 'error' || $code == 'fatal') { $return .= '<td class=note></td><td class=note_msg >'; } else { $return .= '<td class=alert></td><td class=alert_msg >'; } $return .= $errors[0] ? $errors[0] : $errors[1]; } else { if ($code == 'error' || $code == 'fatal') { $return .= "<td class=note></td><td class=note_msg >"; } else { $return .= '<td class=alert></td><td class=alert_msg >'; } $return .= '<ul>'; foreach ($errors as $value) { $return .= "<LI>{$value}</LI>\n"; } $return .= '</ul>'; } $return .= "</td></tr></table></div>"; if ($code == 'fatal') { $css = getCSS(); $return .= "</td></tr></table>"; $return .= "</td></tr></table></div>"; $return .= "</td></tr></table>"; $return .= "</td></tr></table>"; $return .= "</td></tr></table>"; $return .= "</td></tr>"; if (User('PROFILE') != 'teacher') { $return .= "<tr>\n\t\t\t\t\t\t\t\t<td class=\"footer\">\n\t\t\t\t\t\t\t\t<table width=\"100%\" border=\"0\">\n\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t<td valign=middle class=\"copyright\">Copyright © 2007-2008 Open Solutions for Education, Inc. (<a href='http://www.os4ed.com' target='_blank'>OS4Ed</a>).</td>\n\t\t\t\t\t\t\t\t<td valign=bottom class=\"credits\"><a href='http://www.os4ed.com' target='_blank'><img src=\"themes/" . $css . "/os4ed_logo.png\" /></a></td>\n\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t</table>"; } $return .= "</td></tr></table></td></tr></table>"; if ($isajax == "") { echo $return; } if (!$_REQUEST['_CENTRE_PDF']) { Warehouse('footer'); } exit; } return $return; } }
function user_questions() { global $user; if (!isset($_REQUEST['action'])) { $open_questions = sql_select("SELECT * FROM `Questions` WHERE `AID` IS NULL AND `UID`='" . sql_escape($user['UID']) . "'"); $answered_questions = sql_select("SELECT * FROM `Questions` WHERE NOT `AID` IS NULL AND `UID`='" . sql_escape($user['UID']) . "'"); foreach ($answered_questions as &$question) { $answer_user_source = User($question['AID']); if ($answer_user_source === false) { engelsystem_error(_("Unable to load user.")); } $question['answer_user'] = User_Nick_render($answer_user_source); } return Questions_view($open_questions, $answered_questions, page_link_to("user_questions") . '&action=ask'); } else { switch ($_REQUEST['action']) { case 'ask': $question = strip_request_item_nl('question'); if ($question != "") { $result = sql_query("INSERT INTO `Questions` SET `UID`='" . sql_escape($user['UID']) . "', `Question`='" . sql_escape($question) . "'"); if ($result === false) { engelsystem_error(_("Unable to save question.")); } success(_("You question was saved.")); redirect(page_link_to("user_questions")); } else { return page_with_title(questions_title(), array(error(_("Please enter a question!"), true))); } break; case 'delete': if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}\$/", $_REQUEST['id'])) { $id = $_REQUEST['id']; } else { return error(_("Incomplete call, missing Question ID."), true); } $question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1"); if (count($question) > 0 && $question[0]['UID'] == $user['UID']) { sql_query("DELETE FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1"); redirect(page_link_to("user_questions")); } else { return page_with_title(questions_title(), array(error(_("No question found."), true))); } break; } } }
/** * @return bool */ public function login() { $Account = $this->getAccount(); if (true === ($reason = $Account->isAvailable())) { return User()->login($Account, $this->remember === 'true' ? static::REMEMBER_TIME : 0); } else { switch ($reason) { case 'deleted': $this->addError('email', \Yii::t('account', 'Account removed.')); break; case 'not-activated': $this->addError('email', \Yii::t('account', 'Account is not activated.')); break; } } return false; }
/** * @inheritdoc * @throws \yii\web\ForbiddenHttpException */ public function init() { parent::init(); $this->on(self::EVENT_BEFORE_ACTION, function (\yii\base\ActionEvent $ActionEvent) { $Action = $ActionEvent->action; if (!User()->isGuest && !in_array($Action->getUniqueId(), ['site/error'], true)) { $Account = Account(); if (($reason = $Account->isAvailable()) !== true) { switch ($reason) { case 'not-activated': throw new \yii\web\ForbiddenHttpException('You account is not activated.'); case 'deleted': throw new \yii\web\ForbiddenHttpException('You account removed.'); } } } }); }
public function actionV() { $model = Inbox::model()->findByPk($_GET['id']); if ($model == null && ($model->source_id != User()->id || $model->dest_id != User()->id)) { throw new CHttpException(404, 'The requested Node does not exist.'); } $nmodel = new Inbox(); $nmodel->dest_id = User()->id == $model->source_id ? $model->dest_id : $model->source_id; $nmodel->parent_id = $model->id; $u =& $this->iuser; if ($u->id == $model->dest_id) { // dest user read the mail $model->is_read = 1; $model->save(false); } Inbox::model()->updateAll(array('is_read' => 1), " dest_id = {$u->id} AND parent_id = {$model->id} "); $this->render('view', array('m' => $u, 'model' => $model, 'nmodel' => $nmodel), false, true); }