function p_quickedit_html($id)
{
if (admin()) {
return "<a style='z-index:9000' target=_blank href=admin/edit/pages/content/{$id}><img style='z-index:9000' src=images/edit.png></a>";
}
return "";
}
public function login()
{
$login = parent::getLogin();
$password = parent::getPassword();
$identity = new AdminIdentity($login, $password);
$identity->authenticate();
switch ($identity->errorCode) {
case AdminIdentity::ERROR_USERNAME_INVALID:
case AdminIdentity::ERROR_PASSWORD_INVALID:
$this->addError('login', Yii::t('backend', 'Аккаунт не найден.'));
break;
case AdminIdentity::ERROR_STATUS_BANNED:
$this->addError('login', Yii::t('backend', 'Аккаунт забанен.'));
break;
case AdminIdentity::ERROR_STATUS_INACTIVE:
$this->addError('login', Yii::t('backend', 'Аккаунт не активирован.'));
break;
case AdminIdentity::ERROR_STATUS_IP_NO_ACCESS:
$this->addError('login', Yii::t('backend', 'Доступ к аккаунту для вашего IP запрещён.'));
break;
default:
$duration = 3600 * 24 * 7;
// 7 days
admin()->login($identity, $duration);
return TRUE;
}
return FALSE;
}
function page_by_title($title, $edit = false)
{
$ret = db_fetch_object(db_query("SELECT * FROM pages WHERE short='%s' LIMIT 1", $title));
if ($edit && admin()) {
$ret->content = p_quickedit_html($ret->id) . $ret->content;
}
return $ret->content;
}
public function isAdmin()
{
if (sys()->isSapcms1()) {
return admin();
} else {
return null;
}
}
function imagenes($print = true)
{
$data = admin(false) . '/assets/images';
if ($print) {
echo $data;
} else {
return $data;
}
}
public function store()
{
$this->validate($this->request(), $rules = array('title' => 'required|max:255', 'description' => 'required', 'content' => 'required|min:10'), $message = ['title.required' => '请填写标题', 'title.max' => '标题太长', 'description.required' => '描述不能为空', 'content.required' => '文章内容不能为空', 'content.min' => '文章内容太短'], $customAttributes = []);
$form = $this->request()->all();
$form['admin_id'] = admin()->admin_id;
if ($model = with(new $this->model())->create($form)) {
return $this->success('添加成功', $model);
}
return $this->error('添加失败');
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if ($this->auth->guest()) {
return redirect()->guest('login');
} else {
if (!admin()) {
return redirect()->back();
}
}
return $next($request);
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @return mixed
*/
public function handle($request, Closure $next)
{
if ($this->auth->guest() || admin()->admin_role != AdminEnum::ROLE_SUPERADMIN) {
if ($request->ajax()) {
return response('Unauthorized.', 401);
} else {
abort(404);
}
}
return $next($request);
}
function mcs_CreateAccount($params)
{
$serviceid = $params["serviceid"];
$pid = $params["pid"];
$producttype = $params["producttype"];
$domain = $params["domain"];
$username = $params["username"];
$password = $params["password"];
$clientsdetails = $params["clientsdetails"];
$customfields = $params["customfields"];
$configoptions = $params["configoptions"];
$clientid = $params["userid"];
$configoption1 = $params["configoption1"];
$configoption2 = $params["configoption2"];
$configoption3 = $params["configoption3"];
$configoption4 = $params["configoption4"];
$params["admin"] = admin();
$server = $params["server"];
$serverid = $params["serverid"];
$serverip = $params["serverip"];
$serverusername = $params["serverusername"];
$serverpassword = $params["serverpassword"];
$serveraccesshash = $params["serveraccesshash"];
$serversecure = $params["serversecure"];
$json = json_encode($params);
$json = json_decode($json);
$ip = $json->customfields;
foreach ($ip as $j => $v) {
$ipaddr = $v;
}
$hasil = json_encode(_getclientsproducts($clientid, $serviceid, $pid));
$billingcycle = _get_order_duration_months(json_decode($hasil)->products->product[0]->billingcycle);
$data = array('api_key' => apikey(), 'ip' => $ipaddr, 'pname' => $configoption1, 'billingcycle' => $billingcycle);
$buatorder = Mcs::exec('order', 'addorder', http_build_query($data));
if ($buatorder->result == 'success') {
$result = 'success';
} else {
$result = "error";
}
return $result;
}
function author_delete()
{
require_privs('admin.edit');
$user_id = assert_int(ps('user_id'));
$name = fetch('Realname', 'txp_users', 'user_id', $user_id);
if ($name) {
$rs = safe_delete('txp_users', "user_id = {$user_id}");
if ($rs) {
admin(gTxt('author_deleted', array('{name}' => $name)));
}
}
}
function formAddChannels($form, $table, $column)
{
if (getOption('channels')) {
if (admin()) {
$form->set_field(array('name' => 'channels', 'type' => 'checkboxes', 'label' => getString('channels_label'), 'option_title' => 'title' . langExt(), 'options_table' => 'channels', 'linking_table' => $table . '_to_channels', 'object_id' => $column, 'option_id' => 'channel_id', 'default' => 'all'));
} else {
$form->set_field(array('name' => 'channels', 'type' => 'checkboxes', 'label' => getString('channels_label'), 'sql' => 'SELECT id, title' . langExt() . ' FROM channels WHERE is_active = 1 AND is_private = 0 ORDER BY title', 'default' => 'all'));
}
}
}
function showNewsId($news, $db)
{
foreach ($news as $i => $row) {
if ($i > 0) {
//if repeating news (because of tags)
echo " <a href=\"./?tag=" . $row['tagname'] . "\">#" . $row['tagname'] . "</a>";
} else {
echo "<div class=\"noticia\" id=" . $row['id'] . ">";
if (loggedIn()) {
//favorites
if (hasFavorite($row['id'], $db)) {
echo "<div class=\"del_favorite\" id=\"" . $row['id'] . "\"><img width=\"30px\" src=\"common/star_filled.png\">";
} else {
echo "<div class=\"add_favorite\" id=\"" . $row['id'] . "\"><img width=\"30px\" src=\"common/star_empty.png\">";
}
echo "</div>";
}
echo "<h3>" . stripslashes($row['title']) . "</h3>\n\t\t\t\t<img src=\"http://lorempixel.com/300/200/\" alt=\"300x200\">\t\t\t\t\n\t\t\t\t<div class=\"newsbody\">" . nl2br(stripslashes($row['text'])) . "</div>\n\t\t\t\t<div class=\"newsdetails\">\n\t\t\t\t<br />";
if (!empty($row['url'])) {
//display URL if news is imported
echo "<b>URL original:</b> <a target=\"_blank\" href=\"" . stripslashes($row['url']) . "\">" . $row['url'] . "</a><br>";
}
echo "<b>Submetida por:</b> " . getUserProfileLink($row['posted_by'], $db) . "<br>";
if (!empty($row['imported_by'])) {
echo "<b>Importada por:</b> " . getUserProfileLink($row['imported_by'], $db) . "<br>";
}
echo displayDate($row['date']);
if ($row['tagname'] != "") {
echo "</div><div class=\"newstags\"><a href=\"./?tag=" . stripslashes($row['tagname']) . "\">#" . stripslashes($row['tagname']) . "</a>";
}
//first tag (close news details and start tags div)
}
if (++$i == sizeof($news)) {
//if next row is the end
echo "</div>";
echo "<div class=comment" . $row['id'] . "><h2>Comentários:</h2><div id=comments_server></div>";
echo "</div>";
if (isset($_SESSION['user_id'])) {
echo "<div id=new_comment><textarea id=textarea_new_comment rows=4 placeholder=\"Novo Comentário...\"/></textarea><br><input id=send_comment type=button value=\"Enviar Comentário\"></div>";
}
if (loggedIn() && (editor() || admin())) {
echo "<ul>";
echo "<li><a href=./>Ver Todas</a></li>";
if (loggedIn() && (admin() || editor() && ($_SESSION['username'] == $row['posted_by'] || $_SESSION['username'] == $row['imported_by']))) {
echo "<li><a href=\"editar_noticia.php?id=" . $row['id'] . "\">Editar</a></li><li><a href=\"apagar_noticia.php?id=" . $row['id'] . "\">Apagar</a></li>";
}
echo "<li style=\"border:0;\"></li>";
//display full height <ul>
echo "</ul>";
}
echo "</div>";
}
}
}
function show_admin($dir)
{
// Execute Admin Action
$pwd = ($GLOBALS["permissions"] & 2) == 2;
$admin = ($GLOBALS["permissions"] & 4) == 4;
if (!$GLOBALS["require_login"]) {
show_error($GLOBALS["error_msg"]["miscnofunc"]);
}
if (!$pwd && !$admin) {
show_error($GLOBALS["error_msg"]["accessfunc"]);
}
if (isset($GLOBALS['__GET']["action2"])) {
$action2 = $GLOBALS['__GET']["action2"];
} elseif (isset($GLOBALS['__POST']["action2"])) {
$action2 = $GLOBALS['__POST']["action2"];
} else {
$action2 = "";
}
switch ($action2) {
case "chpwd":
changepwd($dir);
break;
case "adduser":
if (!$admin) {
show_error($GLOBALS["error_msg"]["accessfunc"]);
}
adduser($dir);
break;
case "edituser":
if (!$admin) {
show_error($GLOBALS["error_msg"]["accessfunc"]);
}
edituser($dir);
break;
case "rmuser":
if (!$admin) {
show_error($GLOBALS["error_msg"]["accessfunc"]);
}
removeuser($dir);
break;
default:
admin($admin, $dir);
}
}
if (zalogowany()) {
echo "<a class='navbar-brand' href='index.php?v=tresc/strona_glowna'><img src='img/logo.png'></a>";
} else {
echo "<a class='navbar-brand' href='index.php'><img src='img/logo.png'></a>";
}
?>
</div>
<!-- Collect the nav links, forms, and other content for toggling -->
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<ul class="nav navbar-nav navbar-right">
<?php
// jeśli zalogowano, wyświetlamy inne menu
if (zalogowany()) {
standardowy_przycisk("?v=tresc/panele_userow/panel_glowny", "<b>{$_SESSION['imie']} {$_SESSION['nazwisko']}</b>");
// jeśli zalogowano jako admin lub nauczyciel, to wyświetlamy przycisk z zarządzniem kursami
if (admin() || nauczyciel()) {
standardowy_przycisk("?v=tresc/panele_userow/panel_glowny&prawa=tresc/panele_userow/nauczyciel/n_lista_kursow", "Zarządzanie kursami", 0);
} else {
standardowy_przycisk("?v=tresc/u_kursy/lista_kursow_uzytkownika", "Moje kursy");
}
standardowy_przycisk("tresc/logowanie/wyloguj.php?wyloguj=tak", "Wyloguj");
} else {
standardowy_przycisk("?v=tresc/logowanie/logowanie", "Logowanie");
standardowy_przycisk("index.php?v=tresc/rejestracja/rejestracja", "Rejestracja");
}
?>
<!--<li><a href="index.php" class=""></a></li> -->
</ul>
</div><!-- /.navbar-collapse -->
</div><!-- /.container-fluid -->
if ($_GET['topic']) {
include 'login_status.php';
require_once 'csign.php';
$verified_corner_name = "";
$verified_room = "";
$verified_corner_name_1 = "";
if (login_check($mysqli) == true) {
if (isset($_SESSION['u_ID'], $_SESSION['u_name'], $_SESSION['u_email'], $_SESSION['xploded_u_email'], $_SESSION['login_string'])) {
$u_ID = $_SESSION['u_ID'];
$xploded_u_email = $_SESSION['xploded_u_email'];
$u_email = $_SESSION['u_email'];
$u_name = $_SESSION['u_name'];
$flag_options = "logged";
include 'infogiver.php';
$tumb_array = tumb();
$admin_array = admin("true");
$nav = navbar_info();
}
}
include_once "infogiver.php";
$config['topic_id'] = intval($_GET['topic']);
$config['start'] = -10;
$config['end'] = 0;
if ($topic_array = topic_info_single_non($config)) {
//print_r($topic_array);
} else {
if ($topic_array[0]['topic_id'] == '') {
header("location:404.html");
}
}
}
include "adminDB.php";
$id = $_POST['id'];
$passwd = $_POST['passwd'];
$passwd = $_POST['passwdconfirm'];
$name = $_POST['name'];
$birthyear = $_POST['birthyear'];
$birthmonth = $_POST['birthmonth'];
$birthday = $_POST['birthday'];
$userkind = $_POST['userkind'];
$writetime = $_POST['writetime'];
/*$now= date("Y-m-d H:i:s",time());*/
//초까지 현재시간 구해줌
/*$writetime= date("YmdHis",time());*/
$bir_date = $birthyear . "" . $birthmonth . "" . $birthday;
/*if(is_id_ok($id, $passwd))*/
if (admin($id, $passwd, $name, $bir_date, $userkind, $writetime)) {
/*$_SESSION['id']=$id;
$_SESSION['name']=$name;
$_SESSION['flash']=$name."님이 접속하였습니다.";*/
echo "<script>\talert(\"회원가입을 완료하였습니다.\")\r\n\t\twindow.location.href='temp.html';</script>";
/*header("Location:haniumboard.html");*/
} else {
/*$_SESSION['flash']=$id."로그인이 실패! 다시입력해주세요";*/
echo "<script>window.alert(\"뭘 잘못입력했는데 다시 입력하세요.\")\r\n\t\twindow.location.href='haniumadmin.php';</script>";
}
?>
<title><?php
echo "Now:" . $now;
?>
</title>
<body><?php
<?php include 'includes/api.php'; logged_in(); admin(); include 'head.php'; include 'menu.php'; ?> <div class='container container-admin'> <div class='col-md-2'> <h3><?php echo $m['settings_menu']; ?> </h3> <nav> <ul class='nav nav-pills nav-stacked span2'> <li><a href='?page=main'><span class='glyphicon glyphicon-dashboard' aria-hidden='true'></span> <?php echo $m['main_menu']; ?> </a></li> <li><a href='?page=login'><span class='glyphicon glyphicon-log-in' aria-hidden='true'></span> <?php echo $m['login_menu']; ?> </a></li> <li><a href='?page=registration'><span class='glyphicon glyphicon-pencil' aria-hidden='true'></span> <?php echo $m['registration_menu']; ?> </a></li> <li><a href='?page=permissions'><span class='glyphicon glyphicon-asterisk' aria-hidden='true'></span> <?php echo $m['permissions_menu'];
function get_parser()
{
$conf = configurations();
if (!$_GET) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'listprojects');
}
if (isset($_GET['mod'])) {
if (is_array(myfilter($_GET['mod'], 'mod'))) {
trigger_error('potential attack using mod');
return deconnect();
} else {
$mod = $_GET['mod'];
}
} else {
$mod = null;
}
switch ($_GET['action']) {
case 'adduser':
if (admin(true)) {
if ($_POST['usr_email'] && $_POST['username']) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'adduser', add_user(myfilter($_POST['usr_email'], 'email'), myfilter($_POST['username'], 'user'), myfilter($_POST['lvl'], 'lvl')));
}
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'adduser');
}
break;
case 'listusers':
if (admin(true)) {
$list_users = list_users(array(null));
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'listusers', $list_users);
}
break;
case 'deco':
return deconnect();
break;
case 'modpass':
if ($_POST['oldpass'] && $_POST['password1'] && $_POST['password2']) {
$pass = array(myfilter($_POST['oldpass'], 'password'), myfilter($_POST['password1'], 'password'), myfilter($_POST['password2'], 'password'));
if (is_string($pass[0]) && is_string($pass[1]) && is_string($pass[2])) {
$change = change_password($_SESSION['db_data']['_id'], $pass);
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'changepass', $change);
}
}
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'changepass', null);
break;
case 'resetpass':
if (isset($_GET['user_id']) && isset($_GET['resetcode']) && !is_array($_GET['user_id']) && !is_array($_GET['resetcode'])) {
return reset_password($_GET['user_id'], $_GET['resetcode']);
} elseif (isset($_GET['user_id']) && !is_array($_GET['user_id']) && admin(true)) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'edit_user', reset_password($_GET['user_id']));
}
break;
case 'edituser':
if (isset($_GET['user_id'])) {
if (user(true) && $_GET['user_id'] == $_SESSION['db_data']['_id']) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'edit_user', change_user_data($_SESSION['db_data']));
}
if (admin(true) && !is_array($_GET['user_id'])) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'edit_user', change_user_data(check_user(array('_id' => new MongoID(myfilter($_GET['user_id'], '_id'))))));
}
}
break;
case 'changemail':
if (isset($_GET['user_id']) && isset($_GET['code'])) {
$db = check_user(array('_id' => new MongoID(myfilter($_GET['user_id'], '_id'))));
if ($db['mail_change_id'] == $_GET['code']) {
return change_email_user(array('email' => $db['new_mail'], 'new_mail' => null, 'mail_change_id' => null), myfilter($_GET['user_id'], '_id'), 'postmail');
}
}
break;
case 'deluser':
if (admin(true) && !is_array($_GET['user_id'])) {
return delete_user(myfilter($_GET['user_id'], '_id'));
}
break;
case 'addproject':
if (admin(true)) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'add_project', addproject());
}
break;
case 'project':
if (isset($_GET['project_id'])) {
if (!is_array(myfilter($_GET['project_id'], '_id'))) {
$_SESSION['currentprojet'] = myfilter($_GET['project_id'], '_id');
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'project', check_projects_mod($mod));
}
}
break;
case 'getfile':
if (isset($_GET['file']) && isset($_GET['key']) && isset($_GET['id']) && isset($_GET['os']) && isset($_GET['arch'])) {
if (!is_array(myfilter($_GET['file'], 'sha1')) && !is_array(myfilter($_GET['key'], 'timestamp')) && !is_array(myfilter($_GET['id'], '_id')) && !is_array($_GET['os']) && !is_array($_GET['arch'])) {
return down_file(myfilter($_GET['file'], 'sha1'), myfilter($_GET['key'], 'timestamp'), base64_decode(urldecode($_GET['os'])), base64_decode(urldecode($_GET['arch'])), myfilter($_GET['id'], '_id'));
}
}
break;
case 'addfile':
if (admin(true) && isset($_GET['id'])) {
if (!is_array(myfilter($_GET['id'], '_id'))) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'add_file', addfile(myfilter($_GET['id'], '_id')));
}
}
break;
case 'deletefile':
if (admin(true) && isset($_GET['id']) && isset($_GET['key'])) {
if (!is_array(myfilter($_GET['id'], '_id')) && !is_array(myfilter($_GET['key'], 'timestamp'))) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'project', delete_file(myfilter($_GET['id'], '_id'), myfilter($_GET['key'], 'timestamp')));
}
}
break;
case 'usersetting':
if (isset($_GET['user_id'])) {
if (user(true) && $_GET['user_id'] == $_SESSION['db_data']['_id']) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'setting', change_user_setting($_SESSION['db_data']['_id']));
}
}
break;
case 'bug':
if (isset($_GET['id'])) {
if (!is_array(myfilter($_GET['id'], '_id'))) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'bug', check_bug($mod));
}
}
break;
case 'submitbug':
if (isset($_GET['id'])) {
if (user(true) && in_array($_GET['id'], $_SESSION['db_data']['projects'])) {
$_SESSION['idbug'] = $_GET['id'];
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'submitbug', add_bug($_POST, $_GET['id']));
}
if (admin(true) || vip(true)) {
if (!is_array(myfilter($_GET['id'], '_id'))) {
$_SESSION['idbug'] = $_GET['id'];
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'submitbug', add_bug($_POST, $_GET['id']));
}
}
}
break;
case 'listprojects':
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'listprojects', $mod);
break;
case 'editbug':
if (strlen($_POST['status']) && isset($_GET['id']) && admin(true)) {
if (!is_array($_POST['status']) && !is_array(myfilter($_GET['id'], '_id'))) {
if (in_array($_POST['status'], $conf['bugs']['Open']) || in_array($_POST['status'], $conf['bugs']['Closed'])) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'bug', edit_bug($_POST['status']));
}
}
}
break;
case 'resetpassmail':
if (strlen($_POST['usr_email'])) {
return echo_front_page(reset_password_mail(myfilter($_POST['usr_email'], 'email')));
}
break;
case 'editproject':
if (isset($_GET['id']) && admin(true)) {
if (!is_array(myfilter($_GET['id'], '_id'))) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'edit_project', edit_project($_POST));
}
}
break;
}
return echo_front_page();
}
function author_delete()
{
$user_id = ps('user_id');
$name = fetch('Realname', 'txp_users', 'user_id', $user_id);
if ($name) {
$rs = safe_delete("txp_users", "user_id = '{$user_id}'");
if ($rs) {
admin(messenger('author', $name, 'deleted'));
}
}
}
<?php
require 'lib/common.php';
if (!admin()) {
header("location: login.php");
}
require 'inc/header.php';
require 'inc/menu.php';
if (empty($_GET['cat'])) {
$category = 0;
} else {
$category = $_GET['cat'];
}
if (isset($_POST['insert_cat'])) {
insert_category($_POST['category'], $category);
}
if (isset($_GET['deletecat'])) {
delete_category($_GET['deletecat']);
}
?>
<div class='col-12'>
<h1>Categories</h1>
<?php
$sql = "SELECT * FROM Categories WHERE parent_cat = ?";
$stm = $conn->prepare($sql);
$stm->execute(array($cat));
$category = $stm->fetchAll();
<div class="row">
<div class="col-md-6 col-sm-12">
<h4>{{trans('labs.title')}}</h4>
@foreach($result['labs'] as $lab)
<div class="panel panel-default" style="background: #ECF0F1">
<div class="panel-body">
<?php
if (status($lab->id)) {
$color = "#1abc9c";
$btn = 'btn-primary';
$status = 'Disponível';
$title = '';
$txt = trans('interface.access');
} else {
$color = "#f44336";
if (admin() || guest()) {
$btn = 'btn-danger';
} else {
$btn = 'btn-default disabled';
}
$status = 'Indisponível';
$title = 'Este experimento está indisponível no momento';
$txt = trans('interface.test');
}
?>
<div class="row">
<div class='col-lg-5 col-md-5 col-sm-2'>
<img src="{{asset($lab->thumbnail)}}" class="img-responsive">
</div>
<div class="col-lg-7 col-md-7 col-sm-10">
<h5>{{$lab->$name}}</h5>
$html .= '</div>';
$html .= '<div class="b_d_d">';
$html .= '<p class="b_d-desc b_d_d-desc">Adjunta los archivos de 700 x 400 px con máximo de 800k de peso.</p>';
foreach ($ubicacion->galeria as $k => $galeria) {
$style_foto = $galeria !== '' ? 'style="background-image:url(' . $galeria . ')"' : '';
$html .= '<div id="galeria_ub_' . $k . '" data-name="galeria[]" data-value="' . $galeria . '" class="b_d-attach" ' . $style_foto . '></div>';
}
$html .= '</div>';
$html .= '</div>';
$html .= '<div class="editor_texto">';
$html .= '<div class="cabecera">';
$html .= '<div class="editor_option subrayar">';
$html .= '<img src="' . imagenes(false) . '/subrayar.png" />';
$html .= '</div>';
$html .= '<div class="editor_option tachar">';
$html .= '<img src="' . imagenes(false) . '/tachar.png" />';
$html .= '</div>';
$html .= '<div class="editor_option negrita">';
$html .= '<img src="' . imagenes(false) . '/upercase.png" />';
$html .= '</div>';
/*$html.='<div class="editor_option">';
$html.='<img src="'.imagenes(false).'/subrayar.png" />';
$html.='</div>';*/
$html .= '</div>';
$html .= '</div>';
$html .= '<textarea class="gre" name="descripcion" placeholder="Escribe la descripcion de este estudio con un maximo de 500 caracteres">' . $ubicacion->descripcion . '</textarea>';
$html .= '</div>';
$html .= '<script type="text/javascript">$(".gre").gre({
content_css_url : "' . admin(false) . '/assets/js/gre/editor.css",
width : "100%",
});$("iframe.gre").width("100%");</script>';
<?php
// $plik to adres do tego pliku. Zrobiono dla wygody
$plik = "?v=tresc/panele_userow/panel_glowny";
// przyciski do podstron
standardowy_przycisk("{$plik}&prawa=tresc/panele_userow/uczen/u_info", "Główne informacje");
standardowy_przycisk("{$plik}&prawa=tresc/panele_userow/uczen/u_zmiana_hasla", "Zmiana hasła");
// jeśli jesteśmy nauczycielem lub adminem, mamy dostęp do dodatkowych opcji (przycisków)
if (nauczyciel() || admin()) {
echo "<hr><center><p>Panel Nauczyciela</p></center>";
standardowy_przycisk("{$plik}&prawa=tresc/panele_userow/nauczyciel/n_lista_kursow", "Lista kursów");
standardowy_przycisk("{$plik}&prawa=tresc/panele_userow/nauczyciel/n_lista_lekcji_w_kursie", "Lista lekcji");
standardowy_przycisk("{$plik}&prawa=tresc/panele_userow/nauczyciel/n_podglad_lekcji", "Podgląd lekcji");
standardowy_przycisk("{$plik}&prawa=tresc/panele_userow/nauczyciel/n_stworz_kurs", "Stwórz nowy kurs");
standardowy_przycisk("{$plik}&prawa=tresc/panele_userow/nauczyciel/n_usun_z_kursu1", "Usuń użytkownika z kursu");
}
if (admin()) {
echo "<hr><center><p>Panel Administratora</p></center>";
standardowy_przycisk("{$plik}&prawa=tresc/panele_userow/admin/a_zarzadzanie_uzytkownikami", "Zarządzanie użytkownikami");
standardowy_przycisk("{$plik}&prawa=tresc/panele_userow/admin/a_dodawanie_usera_do_kursu1", "Dodaj użytkownika do kursu");
standardowy_przycisk("{$plik}&prawa=tresc/panele_userow/admin/a_zablokuj_kurs1", "Blokada kursu");
}
?>
</ul>
</div>
<div id="z_panel_tresc_prawa" class="col-md-9">
<div class="thumbnail">
<?php
// dołączmy plik z $_GET['prawa']
dolacz_plik("prawa", "tresc/panele_userow/uczen/u_info");
?>
function getContent($pageId, $action, $userId, $permission, $recursed = 0)
{
if ($action == "login") {
if ($userId == 0) {
///Commented the requirement of login.lib.php because it is already included in /index.php
//require_once("login.lib.php");
$newUserId = login();
if (is_numeric($newUserId)) {
return getContent($pageId, "view", $newUserId, getPermissions($newUserId, $pageId, "view"), 0);
} else {
return $newUserId;
}
///<The login page
} else {
displayinfo("You are logged in as " . getUserName($userId) . "! Click <a href=\"./+logout\">here</a> to logout.");
}
return getContent($pageId, "view", $userId, getPermissions($userId, $pageId, "view"), $recursed = 0);
}
if ($action == "profile") {
if ($userId != 0) {
require_once "profile.lib.php";
return profile($userId);
} else {
displayinfo("You need to <a href=\"./+login\">login</a> to view your profile.!");
}
}
if ($action == "logout") {
if ($userId != 0) {
$newUserId = resetAuth();
displayinfo("You have been logged out!");
global $openid_enabled;
if ($openid_enabled == 'true') {
displaywarning("If you logged in via Open ID, make sure you also log out from your Open ID service provider's website. Until then your session in this website will remain active !");
}
return getContent($pageId, "view", $newUserId, getPermissions($newUserId, $pageId, "view"), 0);
} else {
displayinfo("You need to <a href=\"./+login\">login</a> first to logout!");
}
}
if ($action == "search") {
require_once "search.lib.php";
$ret = getSearchBox();
if (isset($_POST['query'])) {
$ret .= getSearchResultString($_POST['query']);
} elseif (isset($_GET['query'])) {
$ret .= getSearchResultString($_GET['query']);
}
return $ret;
}
if (isset($_GET['subaction']) && $_GET['subaction'] == 'getchildren') {
if (isset($_GET['parentpath'])) {
global $urlRequestRoot;
require_once 'menu.lib.php';
$pidarr = array();
parseUrlReal(escape($_GET['parentpath']), $pidarr);
$pid = $pidarr[count($pidarr) - 1];
$children = getChildren($pid, $userId);
$response = array();
$response['path'] = escape($_GET['parentpath']);
$response['items'] = array();
foreach ($children as $child) {
$response['items'][] = array($urlRequestRoot . '/home' . escape($_GET['parentpath']) . $child[1], $child[2]);
}
//echo json_encode($response);
exit;
}
}
if ($permission != true) {
if ($userId == 0) {
$suggestion = "(Try <a href=\"./+login\">logging in?</a>)";
} else {
$suggestion = "";
}
displayerror("You do not have the permissions to view this page. {$suggestion}<br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
return '';
}
if ($action == "admin") {
require_once "admin.lib.php";
return admin($pageId, $userId);
}
///default actions also to be defined here (and not outside)
/// Coz work to be done after these actions do involve the page
$pagetype_query = "SELECT page_module, page_modulecomponentid FROM " . MYSQL_DATABASE_PREFIX . "pages WHERE page_id='" . escape($pageId) . "'";
$pagetype_result = mysql_query($pagetype_query);
$pagetype_values = mysql_fetch_assoc($pagetype_result);
if (!$pagetype_values) {
displayerror("The requested page does not exist.");
return "";
}
$moduleType = $pagetype_values['page_module'];
$moduleComponentId = $pagetype_values['page_modulecomponentid'];
if ($action == "settings") {
///<done here because we needed to check if the page exists for sure.
require_once "pagesettings.lib.php";
return pagesettings($pageId, $userId);
}
if ($action == "widgets") {
return handleWidgetPageSettings($pageId);
}
if ($recursed == 0) {
$pagetypeupdate_query = "UPDATE " . MYSQL_DATABASE_PREFIX . "pages SET page_lastaccesstime=NOW() WHERE page_id='" . escape($pageId) . "'";
$pagetypeupdate_result = mysql_query($pagetypeupdate_query);
if (!$pagetypeupdate_result) {
return '<div class="cms-error">Error No. 563 - An error has occured. Contact the site administators.</div>';
}
}
if ($moduleType == "link") {
return getContent($moduleComponentId, $action, $userId, true, 1);
}
if ($action == "grant") {
return grantPermissions($userId, $pageId);
}
if ($moduleType == "menu") {
return getContent(getParentPage($pageId), $action, $userId, true, 1);
}
if ($moduleType == "external") {
$query = "SELECT `page_extlink` FROM `" . MYSQL_DATABASE_PREFIX . "external` WHERE `page_modulecomponentid` =\n\t\t\t\t\t(SELECT `page_modulecomponentid` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_id`= '" . escape($pageId) . "')";
$result = mysql_query($query);
$values = mysql_fetch_array($result);
$link = $values[0];
header("Location: {$link}");
}
global $sourceFolder;
global $moduleFolder;
require_once $sourceFolder . "/" . $moduleFolder . "/" . $moduleType . ".lib.php";
$page = new $moduleType();
if (!$page instanceof module) {
displayerror("The module \"{$moduleType}\" does not implement the inteface module</div>");
return "";
}
$createperms_query = " SELECT * FROM " . MYSQL_DATABASE_PREFIX . "permissionlist where perm_action = 'create' AND page_module = '" . $moduleType . "'";
$createperms_result = mysql_query($createperms_query);
if (mysql_num_rows($createperms_result) < 1) {
displayerror("The action \"create\" does not exist in the module \"{$moduleType}\"</div>");
return "";
}
$availableperms_query = "SELECT * FROM " . MYSQL_DATABASE_PREFIX . "permissionlist where perm_action != 'create' AND page_module = '" . $moduleType . "'";
$availableperms_result = mysql_query($availableperms_query);
$permlist = array();
while ($value = mysql_fetch_assoc($availableperms_result)) {
array_push($permlist, $value['perm_action']);
}
array_push($permlist, "view");
$class_methods = get_class_methods($moduleType);
foreach ($permlist as $perm) {
if (!in_array("action" . ucfirst($perm), $class_methods)) {
displayerror("The action \"{$perm}\" does not exist in the module \"{$moduleType}\"</div>");
return "";
}
}
if ($action == "pdf") {
if (isset($_GET['depth'])) {
$depth = $_GET['depth'];
} else {
$depth = 0;
}
if (!is_numeric($depth)) {
$depth = 0;
}
global $TITLE;
global $sourceFolder;
require_once "{$sourceFolder}/modules/pdf/html2fpdf.php";
$pdf = new HTML2FPDF();
$pdf->setModuleComponentId($moduleComponentId);
$pdf->AddPage();
$pdf->WriteHTML($page->getHtml($userId, $moduleComponentId, "view"));
$cp = array();
$j = 0;
if ($depth == -1) {
$cp = child($pageId, $userId, $depth);
if ($cp[0][0]) {
for ($i = 0; $cp[$i][0] != NULL; $i++) {
require_once $sourceFolder . "/" . $moduleFolder . "/" . $cp[$i][2] . ".lib.php";
$page1 = new $cp[$i][2]();
$modCompId = $cp[$i][5];
$pdf->setModuleComponentId($modCompId);
$pdf->AddPage();
$pdf->WriteHTML($page1->getHtml($userId, $modCompId, "view"));
}
}
} else {
if ($depth > 0) {
$cp = child($pageId, $userId, $depth);
--$depth;
while ($depth > 0) {
$count = count($cp);
for ($j; $j < $count; $j++) {
$cp = array_merge((array) $cp, (array) child($cp[$j][0], $userId, $depth));
}
--$depth;
}
if ($cp[0][0]) {
for ($i = 0; isset($cp[$i]); $i++) {
require_once $sourceFolder . "/" . $moduleFolder . "/" . $cp[$i][2] . ".lib.php";
$page1 = new $cp[$i][2]();
$modCompId = $cp[$i][5];
$pdf->setModuleComponentId($modCompId);
$pdf->AddPage();
$pdf->WriteHTML($page1->getHtml($userId, $modCompId, "view"));
}
}
}
}
$filePath = $sourceFolder . "/uploads/temp/" . $TITLE . ".pdf";
while (file_exists($filePath)) {
$filePath = $sourceFolder . "/uploads/temp/" . $TITLE . "-" . rand() . ".pdf";
}
$pdf->Output($filePath);
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private", false);
header("Content-Type: application/pdf");
header("Content-Disposition: attachment; filename=\"" . basename($filePath) . "\";");
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . filesize($filePath));
@readfile("{$filePath}");
unlink($filePath);
}
return $page->getHtml($userId, $moduleComponentId, $action);
}
function admin_multi_edit()
{
global $txp_user;
require_privs('admin.edit');
$selected = ps('selected');
$method = ps('edit_method');
$changed = array();
if (!$selected or !is_array($selected)) {
return admin();
}
$names = safe_column('name', 'txp_users', "name IN ('" . join("','", doSlash($selected)) . "') AND name != '" . doSlash($txp_user) . "'");
if (!$names) {
return admin();
}
switch ($method) {
case 'delete':
if (safe_delete('txp_users', "name IN ('" . join("','", doSlash($names)) . "')")) {
$changed = $names;
$msg = 'author_deleted';
}
break;
case 'changeprivilege':
global $levels;
$privilege = ps('privs');
if (!isset($levels[$privilege])) {
return admin();
}
if (safe_update('txp_users', 'privs = ' . intval($privilege), "name IN ('" . join("','", doSlash($names)) . "')")) {
$changed = $names;
$msg = 'author_updated';
}
break;
case 'resetpassword':
$failed = array();
foreach ($names as $name) {
$passwd = generate_password(6);
if (safe_update('txp_users', "pass = password(lower('" . doSlash($passwd) . "'))", "name = '" . doSlash($name) . "'")) {
}
$email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'");
if (send_new_password($passwd, $email, $name)) {
$changed[] = $name;
$msg = 'author_updated';
} else {
return admin(gTxt('could_not_mail') . ' ' . htmlspecialchars($name));
}
}
break;
}
if ($changed) {
return admin(gTxt($msg, array('{name}' => htmlspecialchars(join(', ', $changed)))));
}
admin();
}
function requires_admin()
{
global $apptitle;
if (admin()) {
set_lang("ru");
return true;
} else {
$pass = db_result(db_query("SELECT admin_pass FROM settings"));
if ($pass == "") {
session_set("admin", true);
return true;
}
redir("admin/login");
}
}
function w_osatnie_lekcje($id_usera, $ilosc = 3)
{
// wyświetlenie nagłówka
echo '<div class="thumbnail">' . '<div class="caption">' . '<h4>Ostatnio dodane lekcje</h4><br>' . '<table class="table">' . '<tbody>';
// wyświetlenie małej tabelki z ostatnimi (ostatnio dodanymi) lekcjami dla danego użytkownika
// pierwsza pętla podaje tylko te kursy, do których jest zapisany użytkownik.
$wynik = mysql_query("SELECT * FROM `zapisy` WHERE id_uzytkownika={$id_usera} ORDER BY id_zapisu DESC LIMIT {$ilosc}");
while ($r = mysql_fetch_assoc($wynik)) {
// druga pętla wyświetla po dwie ostatnie lekcje z każdego kursu
$nazwa_lekcji = mysql_query("SELECT * FROM `lekcje` WHERE id_kursu={$r['id_kursu']} ORDER BY id_lekcji DESC LIMIT 2");
while ($g = mysql_fetch_assoc($nazwa_lekcji)) {
// trzecia pętla sprawdza, jak nazywa się dany kurs
$nazwa_kursu = mysql_query("SELECT * FROM `kursy` WHERE id_kursu={$r['id_kursu']}");
while ($gg = mysql_fetch_assoc($nazwa_kursu)) {
$kursik = $gg['nazwa'];
}
$link = "?v=tresc/u_kursy/dana_lekcja&id={$g['id_lekcji']}&id_kursu={$g['id_kursu']}";
echo '<tr>';
// wyświetlenie wiersza w tabelce z linkiem do lekcji
echo "<td><a href='{$link}'>{$g['temat']}</a> <br><small><b>{$kursik}</b>, <i>{$r['data_zapisu']}</i></small><td>";
echo '</tr>';
}
}
// jeżeli to nauczyciel lub admin, nie wyświetlamy ich kursów, tylko komunikat
if (nauczyciel() || admin()) {
komunikat("Aby zobaczyć lekcje, przejdź do zarządzania");
}
// zakończenie tabeli i ramki
echo '</tbody>' . '</table>' . '</div>' . '</div>';
}
<?php
require_once 'common/functions.php';
if (!loggedIn() || !admin()) {
//if not logged in or not administrator, go away
redirectMsg("./", 'Operação não permitida');
}
require_once 'db/db.php';
if (!isset($_POST['submit_insert'])) {
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Obter Notícias</title>
<link rel="stylesheet" href="common/style.css">
<link rel="stylesheet" href="http://code.jquery.com/ui/1.9.2/themes/base/jquery-ui.css" />
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script>
<script src="//ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js"></script>
<script src="https://raw.github.com/jquery/jquery-ui/master/ui/i18n/jquery.ui.datepicker-pt.js"></script>
<script src="common/get_news.js"></script>
</head>
<body>
<?php
showHeader('Obter notícias de outros servidores');
?>
<div id="menu">
<ul>
<a href="./"><img src="common/home.png"></a>
</ul>
<ul style="display:inline;" class="login"> <!-- had to define style because there was a bug in Chrome where the display:inline wouldnt work from the css file-->
public function actionLogout()
{
admin()->logout();
$this->redirect(array('/index/default/index'));
}
function show_admin($dir)
{
$admin = permissions_grant(NULL, NULL, "admin");
if (!login_is_user_logged_in()) {
show_error($GLOBALS["error_msg"]["miscnofunc"]);
}
if (!$admin && !permissions_grant(NULL, NULL, "password")) {
show_error($GLOBALS["error_msg"]["accessfunc"]);
}
if (isset($GLOBALS['__GET']["action2"])) {
$action2 = $GLOBALS['__GET']["action2"];
} elseif (isset($GLOBALS['__POST']["action2"])) {
$action2 = $GLOBALS['__POST']["action2"];
} else {
$action2 = "";
}
switch ($action2) {
case "chpwd":
changepwd($dir);
break;
case "adduser":
if (!$admin) {
show_error($GLOBALS["error_msg"]["accessfunc"]);
}
adduser($dir);
break;
case "edituser":
if (!$admin) {
show_error($GLOBALS["error_msg"]["accessfunc"]);
}
edituser($dir);
break;
case "rmuser":
if (!$admin) {
show_error($GLOBALS["error_msg"]["accessfunc"]);
}
removeuser($dir);
break;
default:
admin($admin, $dir);
}
}