function userAccess($minPrivilegeLevel) { $minPrivilegeLevel = strtolower($minPrivilegeLevel); if (sessioned('permissions')) { $_SESSION['permissions'] = strtolower($_SESSION['permissions']); } else { $_SESSION['permissions'] = 'x'; } $hierarchy = 'xuca'; //hierarchy, from lowest to highest if (count($minPrivilegeLevel) !== 1) { err("Invalid permission level '{$minPrivilegeLevel}'"); } if (!sessioned('email')) { $nUser = 0; } else { $nUser = strpos($hierarchy, $_SESSION['permissions']); } $nAllowed = strpos($hierarchy, $minPrivilegeLevel); if ($nUser === false) { err("Invalid session permission level '{$_SESSION["permissions"]}'"); } if ($nAllowed === false) { err("Invalid input permission level '{$minPrivilegeLevel}'"); } else { return $nUser >= $nAllowed; } }
function fetch_alerts_html() { $page_name = ''; //basename($_SERVER['REQUEST_URI']); $sp = 'alerts_' . $page_name; $html = ''; if (sessioned($sp)) { foreach ($_SESSION[$sp] as $alert) { if ($alert[1] > 0) { $disposition = 'pos'; } else { if ($alert[1] < 0) { $disposition = 'neg'; } else { $disposition = 'neut'; } } $html .= "<div class='alert_{$disposition}'>{$alert[0]}</div>"; } unset($_SESSION[$sp]); } return $html; }
} elseif ($_POST['docexport'] == 'HTML') { sendfile('text/html', 'html', $q->clear()->addByQID(explode(',', $_POST['qidcsv']))->allToHTML('<div>[QID %QID%]<br><center><b>%PART%</b></center><br>%SUBJECT% <i>%TYPE%</i> %QUESTION%<br><small>%MCOPTIONS%</small><br>ANSWER: <b>%ANSWER%</b></div><br><br>')); } else { alert('Invalid format for export.', -1); } } //MarkBad functionality if (csrfVerify() && posted("markBad", "qids")) { //--todo-- should be able to EDIT instead of just marking wrong. Also store history of questions viewed - "Views" table (hugeness) so can look back, mark for look back, etc. alert('Marked question(s) ' . arrayToRanges($q->clear()->addByQID(array_intersect_key($_POST["qids"], array_flip($_POST["markBad"])))->markBad()->getQIDs()) . ' as bad.', 1); } $counts = array("QParts" => count($ruleSet["QParts"]), "Subjects" => count($ruleSet["Subjects"]), "QTypes" => count($ruleSet["QTypes"])); $fullname = array("QParts" => "Question Part", "Subjects" => "Subject", "QTypes" => "Question Type"); //Config options, and setting the SESSION variables to new values based on POST variables $checkboxoptions = "<div style='font-size:1.5em;font-weight:bold;'>Options</div>"; if (!sessioned('randq')) { $_SESSION["randq"] = array(); } foreach ($fullname as $name => $full) { $count = count($ruleSet[$name]); $checkboxoptions .= '<div><b>' . $full . '</b> '; if (csrfVerify() && posted($name)) { $_SESSION["randq"][$name] = $_POST[$name]; } elseif (!array_key_exists($name, $_SESSION["randq"])) { $_SESSION["randq"][$name] = NULL; } //Remembering in $_SESSION for ($i = 0; $i < $count; $i++) { $checkboxoptions .= '<label>' . $ruleSet[$name][$i] . ' <input type="checkbox" name="' . $name . '[]" value="' . $i . '" ' . (is_array($_SESSION["randq"][$name]) && in_array($i, $_SESSION["randq"][$name]) || $_SESSION["randq"][$name] === NULL ? 'checked' : '') . ' /></label> '; } $checkboxoptions .= '</div>';
function SESSION($index) { if (sessioned($index)) { return $_SESSION[$index]; } else { return NULL; } }