function currUserHasRole($role)
{
if (isset($_SESSION['id']) && $_SESSION['id'] >= 0) {
return userHasRole($_SESSION['id'], $role);
}
return false;
}
<?php
$DEV = strpos($_SERVER['REQUEST_URI'], '~') != 0;
set_include_path(get_include_path() . PATH_SEPARATOR . ($DEV ? '/home/mgorman/public_html/_resources/php' : '/var/www/php.iwu.edu/htdocs/_resources/php'));
require_once '_class.IWU_DB.php';
require_once '_class.IWU_DataRow.php';
require_once '_class.IWU_Auth.php';
require_once '_class.IWU_Template.php';
require_once '_class.IWU_Paginate.php';
require_once '_db.php';
IWU_Auth::forceAuthentication();
if (userHasRole(IWU_Auth::getUser(), 'admin') && isset($_GET['impersonate'])) {
$user = $_GET['impersonate'];
} else {
$user = IWU_Auth::getUser();
}
$roles = getRoles($user);
class Channel
{
protected $slug = '';
protected $heading = '';
protected $styles = array();
protected $classes = array('highlight');
protected $context = '';
protected $contexts = array();
protected $contentHTML = '';
public function __construct($slug, $heading, $content = '', $max_height = NULL)
{
$this->slug = $slug;
$this->heading = $heading;
$this->contentHTML = $content;
<?php
include_once $_SERVER['DOCUMENT_ROOT'] . '/voteonline/include/magicquotes.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/voteonline/include/access.inc.php';
if (!userIsLoggedIn()) {
$loginstate = 'Zaloguj';
include '../templates/login.html.php';
exit;
} else {
$loginstate = 'Wyloguj(' . $_SESSION['userlogin'] . ')';
}
if (!userHasRole('Administrator')) {
$error = 'Dostęp do tej strony mają tylko Administratorzy';
include '../templates/accessdenied.html.php';
exit;
}
include $_SERVER['DOCUMENT_ROOT'] . '/voteonline/include/db.inc.php';
//wybór danych użytkownika do edycji
if (isset($_GET['action']) and $_GET['action'] == 'Edytuj') {
try {
$sql = 'SELECT id, login, email, roleid FROM users WHERE login = :login';
$s = $pdo->prepare($sql);
$s->bindValue(':login', $_GET['login']);
$s->execute();
} catch (PDOException $e) {
$error = 'Błąd podczas pobierania danych użytkownika.';
include '../templates/error.html.php';
exit;
}
foreach ($s as $row) {
$menageuserid = $row['id'];
<?php
include_once $_SERVER['DOCUMENT_ROOT'] . '/includes/magicquotes.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/access.inc.php';
if (!userIsLoggedIn()) {
include '../login.html.php';
exit;
}
if (!userHasRole('Account Administrator')) {
$error = 'Only Account Administrators may access this page.';
include '../accessdenied.html.php';
exit;
}
if (isset($_GET['add'])) {
include $_SERVER['DOCUMENT_ROOT'] . '/includes/db.inc.php';
$pageTitle = 'New Author';
$action = 'addform';
$name = '';
$email = '';
$id = '';
$button = 'Add author';
// Build the list of roles
try {
$result = $pdo->query('SELECT id, description FROM role');
} catch (PDOException $e) {
$error = 'Error fetching list of roles.';
include 'error.html.php';
exit;
}
foreach ($result as $row) {
$roles[] = array('id' => $row['id'], 'description' => $row['description'], 'selected' => FALSE);
<?php
}
if (userHasRole($user, 'Moodle')) {
?>
<li><a href="http://courses.iwu.edu/">Moodle</a></li>
<?php
}
if (userHasRole($user, 'BSS')) {
?>
<li><a href="https://luna.iwu.edu/PPRD/twbkwbis.P_GenMenu?name=bmenu.P_MainMnu">Banner Self-Service</a></li>
<?php
}
if (userHasRole($user, 'INB')) {
?>
<li><a href="http://luna.iwu.edu:9099/forms/frmservlet?config=pprd_jpi">Internet Native Banner</a></li>
<?php
}
?>
<li><a href="http://answers.iwu.edu/3900/ask">ITS Helpdesk</a></li>
<li><a href="https://php.iwu.edu/directory/">Campus Directory</a></li>
<li><a href="http://lists.iwu.edu/">Mailing Lists</a></li>
<li><a href="http://theiwubookstore.com/">Bookstore</a></li>
<?php
if (userHasRole($user, 'Adirondack')) {
?>
<!-- <li><a href="https://luna.iwu.edu:443/PPRD/zwgkthouse.p_redirect_housdir">MyHousing Information</a></li> -->
<li><a href="https://iwu.datacenter.adirondacksolutions.com/iwu_thdss_test/security/iwu_login.cfm">MyHousing</a></li>
<?php
}
header("Location: index.php");
exit;
}
/*
* check to see if session is set
*/
if (!isset($_SESSION['loggedIn'])) {
$title = 'Unauthorized User';
$longdesc = "You need to log in as a user with appropriate credentials to view this part of the site.";
include '/home/simpleco/demo2/app/pages_eventadmin/confirmation.inc.html.php';
exit;
}
/*
* checks to see if user is logged in
*/
if (!userHasRole(3)) {
$title = 'Unauthorized User';
$longdesc = "You do not have permission to access this part of the site.";
include '/home/simpleco/demo2/app/pages_eventadmin/confirmation.inc.html.php';
exit;
}
/*
* --------------------------------------------------------------------
* |
* event admin |
* |
* --------------------------------------------------------------------
*/
/*
* responds to request to view all events
*/
<?php
include_once $_SERVER['DOCUMENT_ROOT'] . '/includes/magicquotes.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/access.inc.php';
if (!userIsLoggedIn()) {
include '../login.html.php';
exit;
}
if (!userHasRole('Content Editor')) {
$error = 'Only Content Editors may access this page.';
include '../accessdenied.html.php';
exit;
}
if (isset($_GET['add'])) {
$pagetitle = 'New Joke';
$action = 'addform';
$text = '';
$authorid = '';
$id = '';
$button = 'Add joke';
include $_SERVER['DOCUMENT_ROOT'] . '/includes/db.inc.php';
// Build the list of authors
$sql = "SELECT id, name FROM author";
$result = mysqli_query($link, $sql);
if (!$result) {
$error = 'Error fetching list of authors.';
include 'error.html.php';
exit;
}
while ($row = mysqli_fetch_array($result)) {
$authors[] = array('id' => $row['id'], 'name' => $row['name']);
<?php
//CATEGORIES
include_once $_SERVER['DOCUMENT_ROOT'] . '/inc/access.inc.php';
if (!userIsLoggedIn()) {
include $_SERVER['DOCUMENT_ROOT'] . '/chapter9/admin/login.html.php';
exit;
}
if (!userHasRole('Administrator of categories')) {
$error = 'Only Site Administrators may access this page.';
include '../accessdenied.html.php';
exit;
}
if (isset($_GET['add'])) {
include $_SERVER['DOCUMENT_ROOT'] . '/inc/db.inc.php';
$pageTitle = 'Add new category';
$action = 'addcategory';
$name = '';
$id = '';
$button = 'Add';
include 'form.html.php';
exit;
}
if (isset($_GET['addcategory'])) {
include $_SERVER['DOCUMENT_ROOT'] . '/inc/db.inc.php';
try {
$sql = 'INSERT INTO category SET name = :name';
$s = $pdo->prepare($sql);
$s->bindValue(':name', $_POST['name']);
$s->execute();
} catch (PDOException $e) {
<?php
include_once $_SERVER['DOCUMENT_ROOT'] . '/includes/magicquotes.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/access.inc.php';
if (!userIsLoggedIn()) {
include '../login.html.php';
exit;
}
if (!userHasRole('Site Administrator')) {
$error = 'Only Site Administrators may access this page.';
include '../accessdenied.html.php';
exit;
}
if (isset($_GET['add'])) {
$pagetitle = 'New Category';
$action = 'addform';
$name = '';
$id = '';
$button = 'Add category';
include 'form.html.php';
exit;
}
if (isset($_GET['addform'])) {
include $_SERVER['DOCUMENT_ROOT'] . '/includes/db.inc.php';
$name = mysqli_real_escape_string($link, $_POST['name']);
$sql = "INSERT INTO category SET\n\t\t\tname='{$name}'";
if (!mysqli_query($link, $sql)) {
$error = 'Error adding submitted category.';
include 'error.html.php';
exit;
}
<?php
session_start();
if (isset($_SESSION['loggedIn'])) {
if ($_SESSION['loggedIn'] = TRUE) {
$menu_login_status = TRUE;
} else {
$menu_login_status = FALSE;
}
} else {
$menu_login_status = FALSE;
}
if ($menu_login_status == 'TRUE' and userHasRole(5) == TRUE) {
echo ' <ul class="nav nav-list">
<li><a href="?register_new">register new user</a></li>
<li class="nav-header"></li>
<li><a href="?register_existing">register existing user</a></li>
<li class="nav-header"></li>
<li><a href="?logout">logout</a></li>
</ul>';
} else {
echo ' <ul class="nav nav-list">
<li><a href="?logout">logout</a></li>
<li><a href="?loginform">login</a></li>
</ul>';
}
exit;
}
}
/*
* check to see if session is set
*/
if (!isset($_SESSION['loggedIn'])) {
$title = 'Unauthorized User';
$longdesc = "You need to log in to view this part of the site.";
include $siteroot . 'demo2/app/pages_storeadmin/confirmation.inc.html.php';
exit;
}
/*
* checks to see if user has required role
*/
if (!userHasRole(6)) {
$title = 'Unauthorized User';
$longdesc = "You do not have permission to access this part of the site.";
include $siteroot . 'demo2/app/pages_storeadmin/confirmation.inc.html.php';
exit;
}
/*
* responds to logout attempt
*/
if (isset($_GET['logout'])) {
logevent($user_info['id'], NULL, 'logout');
unset($_SESSION['loggedIn']);
unset($_SESSION['email']);
unset($_SESSION['password']);
$longdesc = "You are now logged out.";
include $siteroot . 'demo2/app/pages_storeadmin/confirmation.inc.html.php';
<?php
if (isset($_SESSION['loggedIn'])) {
if ($_SESSION['loggedIn'] = TRUE) {
$menu_login_status = TRUE;
} else {
$menu_login_status = FALSE;
}
} else {
$menu_login_status = FALSE;
}
if ($menu_login_status == 'TRUE') {
if (userHasRole(6)) {
echo ' <ul class="nav nav-list">
<li><a href="?logout">logout</a></li>
<li class="nav-header">STORE</li>
<li><a href="?items">items</a></li>
<li><a href="?categories">categories</a></li>
</ul>';
} else {
echo ' <ul class="nav nav-list">
<li><a href="?loginform">login</a></li>
</ul>';
}
} else {
echo ' <ul class="nav nav-list">
<li><a href="?loginform">login</a></li>
</ul>';
}
<?php
if (isset($_SESSION['loggedIn'])) {
if ($_SESSION['loggedIn'] = TRUE) {
$menu_login_status = TRUE;
} else {
$menu_login_status = FALSE;
}
} else {
$menu_login_status = FALSE;
}
if ($menu_login_status == 'TRUE') {
if (userHasRole(2)) {
echo ' <ul class="nav nav-list">
<li><a href="?">home</a></li>
<li><a href="?logout">logout</a></li>
<li class="nav-header">EVENTS</li>
<li><a href="?view_events">view events</a></li>
<li><a href="?view_event_types">edit types</a></li>
<li><a href="?view_event_properties">edit properties</a></li>
<li class="nav-header">USERS</li>
<li><a href="?view_users">view users</a></li>
<li><a href="?duty_roster">duty roster</a></li>
<li><a href="?badges">badges</a></li>
<li class="nav-header">GUESTS</li>
<li><a href="?guests">manage</a></li>
<li><a href="?guest_schedule_check">check schedule</a></li>
<li class="nav-header">STORE</li>
<li><a href="?items">items</a></li>
<li><a href="?categories">categories</a></li>
<li class="nav-header">HTML</li>
<?php
//AUTHORS
include_once $_SERVER['DOCUMENT_ROOT'] . '/inc/access.inc.php';
if (!userIsLoggedIn()) {
include $_SERVER['DOCUMENT_ROOT'] . '/chapter9/admin/login.html.php';
exit;
}
if (!userHasRole('Administrator registered users')) {
$error = 'Only Account Administrators may access this page.';
include '../accessdenied.html.php';
exit;
}
if (isset($_GET['add'])) {
include $_SERVER['DOCUMENT_ROOT'] . '/inc/db.inc.php';
$pageTitle = 'Add author';
$action = 'addauthor';
$name = '';
$email = '';
$id = '';
$button = 'Add';
//формируем список ролей
try {
$result = $pdo->query('SELECT id, description FROM role');
} catch (PDOException $e) {
errorText('Unable to create list of roles', $e);
}
foreach ($result as $row) {
$roles[] = array('id' => $row['id'], 'description' => $row['description'], 'selected' => false);
}
include 'form.html.php';
// Assign global UI defaults here
$t->assign('page_title', $CFG->page_title_default);
$t->assign('currentURI', $_SERVER['REQUEST_URI']);
$t->assign('currentUser_isAdmin', FALSE);
$t->assign('currentUser_isAuthStaff', FALSE);
if ($login_state == DELPHI_LOGGED_IN || $login_state == DELPHI_REG_PENDING) {
$details = getUserDetails($_SESSION['username']);
$t->assign('currentUser_loggedIn', TRUE);
$t->assign('currentUser_name', $details['username']);
$t->assign('currentUser_email', $details['email']);
$t->assign('currentUser_id', $details['id']);
$_SESSION['id'] = $details['id'];
$_SESSION['email'] = $details['email'];
if (userHasRole($details['id'], 'Admin')) {
$t->assign('currentUser_isAdmin', TRUE);
}
if (userHasRole($details['id'], 'AuthorizedStaff')) {
$t->assign('currentUser_isAuthStaff', TRUE);
}
} else {
$t->assign('currentUser_loggedIn', FALSE);
$t->assign('currentUser_name', null);
$t->assign('currentUser_email', null);
$t->assign('currentUser_id', null);
// Get the name of the file being called
// $scriptName = end(explode("/", $_SERVER['SCRIPT_NAME']) );
// if ( $scriptName != "login.php" ) {
// header( 'Location: ' . $CFG->wwwroot . '/modules/auth/login.php' );
// die();
// }
}
$longdesc = "Email and password combination not found.";
include $siteroot . 'demo2/app/pages_admin/confirmation.inc.html.php';
exit;
}
}
// make sure user is logged in
if (!isset($_SESSION['loggedIn'])) {
if (!isset($_SESSION['loggedIn'])) {
$title = 'Unauthorized User';
$longdesc = "You need to log in to view this part of the site.";
include $siteroot . 'demo2/app/pages_admin/confirmation.inc.html.php';
exit;
}
}
// make sure user has role 2
if (!userHasRole(2)) {
$title = 'Unauthorized User';
$longdesc = "You do not have permission to access this part of the site.";
include $siteroot . 'demo2/app/pages_admin/confirmation.inc.html.php';
exit;
}
// logs user out
if (isset($_GET['logout'])) {
// get the user id and log the event
logevent($user_info['id'], NULL, 'logout');
unset($_SESSION['loggedIn']);
unset($_SESSION['email']);
unset($_SESSION['password']);
$longdesc = "You are now logged out.";
include $siteroot . 'demo2/app/pages_admin/confirmation.inc.html.php';
exit;