function IsAdmin() { global $USER, $APPLICATION; if (!is_object($USER)) $USER = new CUser; if ($USER->IsAdmin()) return true; $FORM_RIGHT = $APPLICATION->GetGroupRight("form"); if ($FORM_RIGHT>="W") return true; }
/** * <p>Возвращает "true", если текущий пользователь имеет административные <a href="http://dev.1c-bitrix.ru/api_help/form/permissions.php#module">права</a> на модуль <b>Веб-формы</b>, в противном случае - "false".</p> * * * * * @return bool * * * <h4>Example</h4> * <pre> * <? * if (<b>CForm::IsAdmin</b>()) * { * echo "У вас административные права на модуль Веб-форм."; * } * ?> * </pre> * * * * <h4>See Also</h4> * <ul><li> <a href="http://dev.1c-bitrix.ru/api_help/form/permissions.php#module">Права на модуль</a> * </li></ul> <a name="examples"></a> * * * @static * @link http://dev.1c-bitrix.ru/api_help/form/classes/cform/isadmin.php * @author Bitrix */ public static function IsAdmin() { global $USER, $APPLICATION; if (!is_object($USER)) { $USER = new CUser(); } if ($USER->IsAdmin()) { return true; } $FORM_RIGHT = $APPLICATION->GetGroupRight("form"); if ($FORM_RIGHT >= "W") { return true; } }
public function getAllAsList() { $sql = 'SELECT *, (published <= NOW()) AS available FROM rm_news;'; $res = $this->db->ExecuteSelectQueryAndFetchAll($sql); $html = '<ul>'; foreach ($res as $val) { $html .= "<li>" . htmlentities($val->title, null, 'UTF-8') . ": är" . (!$val->available ? ' inte' : null) . " publicerad "; if (CUser::IsAdmin()) { $html .= "(<a href='?id={$val->id}'>editera</a> | <a href='" . (!$val->available ? "?publish={$val->id}" : "news.php?slug={$val->slug}") . "'>" . (!$val->available ? 'publisera' : 'visa') . "</a> | <a href='?delete={$val->id}'>ta bort</a>)</li>"; } else { $html .= $val->available ? "(<a href='news.php?slug={$val->slug}'>visa</a>)</li>" : null; } } $html .= '</ul>'; return $html; }
public function getAllAsList() { $hits = isset($_GET['hits']) ? htmlentities($_GET['hits'], null, 'UTF-8') : 10; $page = isset($_GET['page']) ? htmlentities($_GET['page'], null, 'UTF-8') : 1; $orderby = isset($_GET['orderby']) ? htmlentities(strtolower($_GET['orderby']), null, 'UTF-8') : 'id'; $order = isset($_GET['order']) ? htmlentities(strtolower($_GET['order']), null, 'UTF-8') : 'desc'; // Check that incoming parameters are valid is_numeric($hits) or header("Location: 404.php?error=Hits must be numeric."); is_numeric($page) or header("Location: 404.php?error=Page must be numeric."); // Get rows and max $sql = "SELECT COUNT(id) AS rows FROM rm_movie;"; $rowsArr = $this->db->ExecuteSelectQueryAndFetchAll($sql); $rows = $rowsArr[0]->rows; $max = ceil($rows / $hits); $sort = " ORDER BY {$orderby} {$order}"; // Pagination $limit = null; if ($hits && $page) { $limit = " LIMIT {$hits} OFFSET " . ($page - 1) * $hits; } $sql = 'SELECT id, title, (published <= NOW()) AS available FROM rm_vmovie' . $sort . $limit; $res = $this->db->ExecuteSelectQueryAndFetchAll($sql); // Put results into a HTML-table $tr = "<div style='text-align: right; float:right;'>{$rows} träffar. " . $this->getHitsPerPage(array(5, 10, 20)) . "</div>\n"; $tr .= "<table class='admin'>\n"; $tr .= "<tr><th>Id{$this->orderby('id', true)}</th><th>Titel{$this->orderby('title', true)}</th><th>Status</th>" . (CUser::IsAdmin() ? "<th>Editera</th><th>Ta bort</th>" : null) . "</tr>"; foreach ($res as $key => $val) { $id = htmlentities($val->id, null, 'UTF-8'); $tr .= "<tr>"; $tr .= "<td>{$id}</td>"; $tr .= "<td style='text-align: left;'>" . htmlentities($val->title, null, 'UTF-8') . "</td>"; if (CUser::IsAdmin()) { $tr .= "<td>" . (!$val->available ? ' inte' : null) . " publicerad<br>"; $tr .= "<a href='" . (!$val->available ? "?publish={$val->id}" : "movies.php?id={$id}") . "'>" . (!$val->available ? 'publisera' : 'visa') . "</a></td>"; $tr .= "<td><a href='?id={$id}'><img src='img.php?src=edit.png&width=25' alt='edit'/></a></td>"; $tr .= "<td><a href='?delete={$id}'><img src='img.php?src=delete.png&width=25' alt='delete'/></a></td>"; } else { $tr .= "<td>" . (!$val->available ? ' inte' : null) . " publicerad<br>"; $tr .= ($val->available ? "<a href='movies.php?id={$id}'>visa</a></li>" : null) . "</td>"; } $tr .= "</tr>\n"; } $tr .= "</table>\n"; $tr .= "<div style='text-align: center;'>" . $this->getPageNavigation($hits, $page, $max) . "</div>\n"; return $tr; }
public static function var_dump($data, $echo = true, $isAdmin = true) { global $USER; if (!is_object($USER)) { $USER = new CUser(); } if ($isAdmin && !$USER->IsAdmin()) { return false; } ob_start(); echo '<pre>'; var_dump($data); echo '</pre>'; $result = ob_get_clean(); if ($echo) { echo $result; } else { return $result; } }
/** * Checking all forms for spam * @return null|boolean NULL when success or FALSE when spam detected */ public function OnPageStartHandler() { global $APPLICATION, $USER; if (!is_object($USER)) { $USER = new CUser(); } $ct_status = COption::GetOptionString('cleantalk.antispam', 'status', '0'); $ct_global = COption::GetOptionString('cleantalk.antispam', 'form_global_check', '0'); $key = COption::GetOptionString('cleantalk.antispam', 'key', ''); $last_checked = COption::GetOptionString('cleantalk.antispam', 'last_checked', 0); $last_status = COption::GetOptionString('cleantalk.antispam', 'is_paid', 0); $new_checked = time(); $is_sfw = COption::GetOptionString('cleantalk.antispam', 'form_sfw', 0); $sfw_last_updated = COption::GetOptionString('cleantalk.antispam', 'sfw_last_updated', 0); if ($is_sfw == 1 && time() - $sfw_last_updated > 10) { global $DB; $data = array('auth_key' => $key, 'method_name' => '2s_blacklists_db'); $result = CleantalkAntispam::CleantalkSendRequest('https://api.cleantalk.org/2.1', $data, false); $result = json_decode($result, true); if (isset($result['data'])) { $result = $result['data']; $query = "INSERT INTO `" . $wpdb->base_prefix . "cleantalk_sfw` VALUES "; //$wpdb->query("TRUNCATE TABLE `".$wpdb->base_prefix."cleantalk_sfw`;"); for ($i = 0; $i < sizeof($result); $i++) { if ($i == sizeof($result) - 1) { $query .= "(" . $result[$i][0] . "," . $result[$i][1] . ");"; } else { $query .= "(" . $result[$i][0] . "," . $result[$i][1] . "), "; } } $DB->Query($query); } include_once "cleantalk-sfw.class.php"; $sfw = new CleanTalkSFW(); $sfw->send_logs(); COption::SetOptionString('cleantalk.antispam', 'sfw_last_updated', time()); } if ($is_sfw == 1 && !$USER->IsAdmin()) { include_once "cleantalk-sfw.class.php"; $is_sfw_check = true; $ip = CleantalkAntispam::CleantalkGetIP(); $ip = array_unique($ip); $sfw_log = COption::GetOptionString('cleantalk.antispam', 'sfw_log', ''); for ($i = 0; $i < sizeof($ip); $i++) { if (isset($_COOKIE['ct_sfw_pass_key']) && $_COOKIE['ct_sfw_pass_key'] == md5($ip[$i] . $key)) { $is_sfw_check = false; if (isset($_COOKIE['ct_sfw_passed'])) { if ($sfw_log == '') { $sfw_log = array(); $sfw_log[$ip[$i]] = array(); } else { $sfw_log = json_decode($sfw_log, true); } $sfw_log[$ip[$i]]['allow']++; COption::SetOptionString('cleantalk.antispam', 'sfw_log', json_encode($sfw_log)); @setcookie('ct_sfw_passed', '0', 1, "/"); } } } if ($is_sfw_check) { include_once "cleantalk-sfw.class.php"; $sfw = new CleanTalkSFW(); $sfw->cleantalk_get_real_ip(); $sfw->check_ip(); if ($sfw->result) { $sfw->sfw_die(); } } } if ($key != '' && $key != 'enter key' && $USER->IsAdmin()) { $new_status = $last_status; if ($new_checked - $last_checked > 86400) { $url = 'https://api.cleantalk.org'; $dt = array('auth_key' => $key, 'method_name' => 'get_account_status'); $result = CleantalkAntispam::CleantalkSendRequest($url, $dt, false); if ($result !== null) { $result = json_decode($result); if (isset($result->data) && isset($result->data->paid)) { $new_status = intval($result->data->paid); if ($last_status != 1 && $new_status == 1) { COption::SetOptionString('cleantalk.antispam', 'is_paid', 1); $show_notice = 1; if (LANGUAGE_ID == 'ru') { $review_message = "Нравится антиспам от CleanTalk? Расскажите другим об этом! <a target='_blank' href='http://marketplace.1c-bitrix.ru/solutions/cleantalk.antispam/#rating'>Оставьте отзыв в Bitrix.Marketplace</a>"; } else { $review_mess = "Like Anti-spam by CleanTalk? Help others learn about CleanTalk! <a target='_blank' href='http://marketplace.1c-bitrix.ru/solutions/cleantalk.antispam/#rating'>Leave a review at the Bitrix.Marketplace</a>"; } CAdminNotify::Add(array('MESSAGE' => $review_mess, 'TAG' => 'review_notify', 'MODULE_ID' => 'main', 'ENABLE_CLOSE' => 'Y')); } } } $url = 'https://api.cleantalk.org'; $dt = array('auth_key' => $key, 'method_name' => 'notice_paid_till'); $result = CleantalkAntispam::CleantalkSendRequest($url, $dt, false); if ($result !== null) { $result = json_decode($result); if (isset($result->moderate_ip) && $result->moderate_ip == 1) { COption::SetOptionString('cleantalk.antispam', 'moderate_ip', 1); COption::SetOptionString('cleantalk.antispam', 'ip_license', $result['ip_license']); } else { COption::SetOptionString('cleantalk.antispam', 'moderate_ip', 0); COption::SetOptionString('cleantalk.antispam', 'ip_license', 0); } } COption::SetOptionString('cleantalk.antispam', 'last_checked', $new_checked); } } if (!$USER->IsAdmin() && $ct_status == 1 && $ct_global == 1) { $sender_email = null; $message = ''; CleantalkAntispam::CleantalkGetFields($sender_email, $message, $_POST); if ($sender_email !== null) { $arUser = array(); $arUser["type"] = "comment"; $arUser["sender_email"] = $sender_email; $arUser["sender_nickname"] = ''; $arUser["sender_ip"] = $_SERVER['REMOTE_ADDR']; $arUser["message_title"] = ""; $arUser["message_body"] = $message; $arUser["example_title"] = ""; $arUser["example_body"] = ""; $arUser["example_comments"] = ""; $aResult = CleantalkAntispam::CheckAllBefore($arUser, FALSE); if (isset($aResult) && is_array($aResult)) { if ($aResult['errno'] == 0) { if ($aResult['allow'] == 1) { //Not spammer - just return; return; } else { CleantalkAntispam::CleantalkDie($aResult['ct_result_comment']); return false; } } } } } }
public function GetViewTasksFilter() { if (parent::IsAdmin()) { return array(); } $arFilter = array('PROPERTY_PROJECT' => $this->getMyProjects()); return $arFilter; }
$IBLOCK_DESC = $xCatNode->GetAttribute($nameUTF['Description']); $res = CIBlock::GetList(array(), Array("=TYPE" => $IBLOCK_TYPE_ID, "=XML_ID"=>$IBLOCK_XML_ID, 'CHECK_PERMISSIONS' => 'Y', 'MIN_PERMISSION' => 'W')); $bNewRecord_tmp = False; if ($res_arr = $res->Fetch()) { $IBLOCK_ID = $res_arr["ID"]; $res = $ib->Update($IBLOCK_ID, Array( "NAME"=>$IBLOCK_NAME, "TMP_ID"=>$tmpid, "DESCRIPTION"=>$IBLOCK_DESC ) ); } elseif ($USER->IsAdmin()) { $bNewRecord_tmp = True; $arFields = Array( "ACTIVE"=>"Y", "NAME"=>$IBLOCK_NAME, "XML_ID"=>$IBLOCK_XML_ID, "TMP_ID"=>$tmpid, "IBLOCK_TYPE_ID"=>$IBLOCK_TYPE_ID, "LID" => $SITE_ID, "WORKFLOW" => "N", ); if ('Y' == $USE_TRANSLIT && 'Y' == $ADD_TRANSLIT) { $arFields['FIELDS'] = array( 'CODE' => array(
//login-info $user = new CUser($db); //edit class $edit = new CEditMovies($db); if ($user->IsAuthenticated()) { if (isset($_GET['new'])) { $hera['main'] = $edit->printAndPostAdd(); } elseif (isset($_GET['delete'])) { $edit->getEntryByID($_GET['delete']); $hera['main'] = $edit->printAndPostDelete(); } elseif (isset($_GET['id'])) { $edit->getEntryByID($_GET['id']); $hera['main'] = $edit->printAndPostUpdate(); } else { if (isset($_GET['publish'])) { $edit->publish($_GET['publish']); } $list = $edit->getAllAsList(); $new = $user->IsAdmin() ? "<p><a class='as-button' href='?new'>Lägg till en ny film</a></p>" : "<p>För att skapa, radera och ändra filmer behöver man vara inloggad som admin.</p>"; $hera['main'] = <<<EOD <h1>{$hera['title']}</h1> {$new} <p>Här är en lista på allt innehåll i film-databasen</p> {$list} EOD; } } else { $hera['main'] = "<h1>{$hera['title']}</h1>För att visa innehållet behöver du <a href='login.php'>logga in</a>."; } //Finally, leave it all to the rendering phase of Hera. include HERA_THEME_PATH;
//login-info $user = new CUser($db); //content handler $content = new CContent($db); if ($user->IsAuthenticated()) { if (isset($_GET['new'])) { $hera['main'] = $content->printAndPostAdd(); } elseif (isset($_GET['delete'])) { $content->getEntryById($_GET['delete']); $hera['main'] = $content->printAndPostDelete(); } elseif (isset($_GET['id'])) { $content->getEntryById($_GET['id']); $hera['main'] = $content->printAndPostUpdate(); } else { if (isset($_GET['publish'])) { $content->publish($_GET['publish']); } $list = $content->getAllAsList(); $new = $user->IsAdmin() ? "<a href='?new' class='as-button'>Skapa ett nytt inlägg</a>" : "<p>För att skapa, radera och ändra inlägg behöver man vara inloggad som admin.</p>"; $hera['main'] = <<<EOD <h1>{$hera['title']}</h1> <p>Här är en lista på allt innehåll i nyhets-databasen</p> {$list} {$new} EOD; } } else { $hera['main'] = "<h1>{$hera['title']}</h1>För att visa innehållet behöver du <a href='login.php'>logga in</a>."; } //Finally, leave it all to the rendering phase of Hera. include HERA_THEME_PATH;
function Init($Params) { global $USER; $access = new CAccess(); $access->UpdateCodes(); if (!$USER || !is_object($USER)) { $USER = new CUser(); } // Owner params self::$siteId = isset($Params['siteId']) ? $Params['siteId'] : SITE_ID; self::$type = $Params['type']; self::$arTypes = CCalendarType::GetList(); self::$bIntranet = CCalendar::IsIntranetEnabled(); self::$bSocNet = self::IsSocNet(); self::$userId = isset($Params['userId']) ? intVal($Params['userId']) : CCalendar::GetCurUserId(); self::$bOwner = self::$type == 'user' || self::$type == 'group'; self::$settings = self::GetSettings(); self::$userSettings = self::GetUserSettings(); self::$pathesForSite = self::GetPathes(self::$siteId); self::$pathToUser = self::$pathesForSite['path_to_user']; self::$bSuperpose = $Params['allowSuperpose'] != false && self::$bSocNet; self::$bAnonym = !$USER || !$USER->IsAuthorized(); self::$userNameTemplate = self::$settings['user_name_template']; self::$bAMPM = IsAmPmMode(); self::$bWideDate = strpos(FORMAT_DATETIME, 'MMMM') !== false; if (isset($Params['SectionControlsDOMId'])) { self::$SectionsControlsDOMId = $Params['SectionControlsDOMId']; } if (self::$bOwner && isset($Params['ownerId']) && $Params['ownerId'] > 0) { self::$ownerId = intVal($Params['ownerId']); } self::$bTasks = self::$type == 'user' && $Params['showTasks'] !== false && CModule::IncludeModule('tasks'); if (self::$bTasks && self::$ownerId != self::$userId) { self::$bTasks = false; } self::GetPermissions(array('type' => self::$type, 'bOwner' => self::$bOwner, 'userId' => self::$userId, 'ownerId' => self::$ownerId)); // Cache params if (isset($Params['cachePath'])) { self::$cachePath = $Params['cachePath']; } if (isset($Params['cacheTime'])) { self::$cacheTime = $Params['cacheTime']; } self::$bCache = self::$cacheTime > 0; // Urls $page = preg_replace(array("/EVENT_ID=.*?\\&/i", "/CHOOSE_MR=.*?\\&/i", "/action=.*?\\&/i", "/bx_event_calendar_request=.*?\\&/i", "/clear_cache=.*?\\&/i", "/bitrix_include_areas=.*?\\&/i", "/bitrix_show_mode=.*?\\&/i", "/back_url_admin=.*?\\&/i"), "", $Params['pageUrl'] . '&'); $page = preg_replace(array("/^(.*?)\\&\$/i", "/^(.*?)\\?\$/i"), "\$1", $page); self::$actionUrl = $page; if (self::$bOwner && !empty(self::$ownerId)) { self::$path = self::GetPath(self::$type, self::$ownerId, true); } else { self::$path = CCalendar::GetServerPath() . $page; } self::$outerUrl = $GLOBALS['APPLICATION']->GetCurPageParam('', array("action", "bx_event_calendar_request", "clear_cache", "bitrix_include_areas", "bitrix_show_mode", "back_url_admin", "SEF_APPLICATION_CUR_PAGE_URL", "EVENT_ID", "CHOOSE_MR"), false); // Superposing self::$bCanAddToSuperpose = false; if (self::$bSuperpose) { if (self::$type == 'user' || self::$type == 'group') { self::$bCanAddToSuperpose = true; } foreach (self::$arTypes as $t) { if (is_array(self::$settings['denied_superpose_types']) && !in_array($t['XML_ID'], self::$settings['denied_superpose_types'])) { self::$arSPTypes[] = $t['XML_ID']; } } self::$bCanAddToSuperpose = is_array(self::$arSPTypes) && in_array(self::$type, self::$arSPTypes); } // **** Reserve meeting and reserve video meeting // *** Meeting room params *** $RMiblockId = self::$settings['rm_iblock_id']; self::$allowReserveMeeting = $Params["allowResMeeting"] && $RMiblockId > 0; if (self::$allowReserveMeeting && !$USER->IsAdmin() && CIBlock::GetPermission($RMiblockId) < "R") { self::$allowReserveMeeting = false; } // *** Video meeting room params *** $VMiblockId = self::$settings['vr_iblock_id']; self::$allowVideoMeeting = $Params["allowVideoMeeting"] && $VMiblockId > 0; if (self::$allowVideoMeeting && !$USER->IsAdmin() && CIBlock::GetPermission($VMiblockId) < "R" || !CModule::IncludeModule("video")) { self::$allowVideoMeeting = false; } }
<?php /** * This is a Hera pagecontroller. * */ // Include the essential config-file which also creates the $anax variable with its defaults. include __DIR__ . '/config.php'; // Get user functions $db = new CDatabase($hera['database']); $user = new CUser($db); if ($user->IsAdmin()) { $html = "<p>Som admin har du tillgång till många funktioner som andra användare inte har.</p>\n"; $html .= "<p><a class='as-button' href='edit_movies.php'>Hantera filmer</a> - Skapa, updatera eller radera filmer. Du kan även publicera och opublicera dem.</p>\n"; $html .= "<p><a class='as-button' href='edit_news.php'>Hantera nyheter</a> - Skapa, updatera eller radera nyhets-inlägg. Du kan även publicera och opublicera dem.</p>\n"; $html .= "<p><a class='as-button' href='edit_users.php'>Hantera användare</a> - Skapa, updatera eller radera användare. Befodra en vanlig användare till admin, samt återställa deras lösenord.</p>\n"; $html .= "<br><p><a class='as-button' href='logout.php'>Logga ut</a></p>\n"; } else { $html = "För att komma åt adimn-funktionerna behöver du <a href='login.php'>logga in som admin</a>."; } // Do it and store it all in variables in the Hera container. $hera['title'] = "Admin"; $hera['main'] = <<<EOD <h1>{$hera['title']}</h1> {$html} EOD; //Finally, leave it all to the rendering phase of Hera. include HERA_THEME_PATH;