public function __construct($title = null) { parent::__construct($title); $this->user = new PSUPerson($_SESSION['wp_id']); $this->params = new FinaidParams(); $this->params['admin'] = IDMObject::authZ('permission', 'mis') || IDMObject::authZ('permission', 'finaid_myfinaid_admin'); $this->tpl->assign('params', $this->params); $this->_init_person($this->params['id']); $this->params['aid_year'] = $this->_init_aid_years($this->params['aid_year']); // // setup testing data // $this->testing = new FinaidTesting(); // admins can do test mode if ($this->params['admin']) { $this->params['testable'] = true; } if ($this->params['testable']) { $this->testing->mock($this->target); } $this->tpl->assign('testing', $this->testing); // Warn user about pending relationships, no more than once every 5 minutes if ($this->params['warned-pending'] < time() - 300 && ($pending = $this->user->myrelationships->get('pending'))) { $this->params['warned-pending'] = time(); $count = count($pending); $_SESSION['warnings']['finaid-pending'] = sprintf('You have %d pending relationship%s. Please note that you can\'t see another person\'s financial aid information until your relationship with that person is confirmed. Visit <a href="http://go.plymouth.edu/familychannel">Family Access</a> for more details.', $count, $count == 1 ? '' : 's'); } }
public static function from_idmobject() { $perm = new Permissions(); $grant = array(); if (\IDMObject::authZ('role', 'tcert')) { $grant[] = 'tcert'; } if (\IDMObject::authz('permission', 'tcert_admin')) { $grant[] = 'admin'; } if (\IDMObject::authz('permission', 'tcert_gatesystem_ug')) { $grant[] = 'gatesystem_ug'; } if (\IDMObject::authz('permission', 'tcert_gatesystem_gr')) { $grant[] = 'gatesystem_gr'; } if (\IDMObject::authz('permission', 'mis')) { $grant[] = 'superadmin'; } if (\IDMObject::authz('role', 'faculty')) { $grant[] = 'faculty'; } $perm->grant($grant); $perm->pidm = $_SESSION['pidm']; return $perm; }
/** * initializeSession * * Set up necessary session variables. */ function initializeSession() { if (!isset($_SESSION['errors'])) { $_SESSION['errors'] = array(); } if (!isset($_SESSION['messages'])) { $_SESSION['messages'] = array(); } $_SESSION['student'] = array(); $_SESSION['user_type'] = null; $_SESSION['editing'] = true; // first time through means we're editing $_SESSION['ae_init'] = true; $_SESSION['pidm'] = $GLOBALS['BannerIDM']->getIdentifier($_SESSION['username'], 'username', 'pidm'); if (IDMObject::authZ('permission', 'academic_excellence_admin')) { $_SESSION['user_type'] = 'admin'; } else { $gpa = $GLOBALS['BannerStudent']->getOverallGPA($_SESSION['pidm']); $_SESSION['gpa'] = $gpa['r_gpa']; unset($gpa); if ($_SESSION['username'] == 'ambackstrom') { $_SESSION['gpa'] = 3.5; // DEBUG: always let student through } // they're 'aestudent' only if their gpa qualifies if ($_SESSION['gpa'] < 3.5) { return; } $_SESSION['user_type'] = 'aestudent'; $name = $GLOBALS['BannerStudent']->getName($_SESSION['pidm']); $_SESSION['student']['full_name'] = sprintf('%s %s %s', $name['r_first_name'], $name['r_mi'], $name['r_last_name']); $_SESSION['student']['first_name'] = $name['r_first_name']; $_SESSION['student']['middle_name'] = $name['r_mi']; $_SESSION['student']['last_name'] = $name['r_last_name']; unset($name); $student = AEStudent::getStudentData($_SESSION['pidm'], $GLOBALS['TERM']); $_SESSION['student'] = array_merge($_SESSION['student'], $student); // (confirmed != -1) means that they have already submitted the form in a previous session if ($student['confirmed'] > -1) { $_SESSION['editing'] = false; } } }
/** * Routing provided by klein.php (https://github.com/chriso/klein.php) * Make some objects available elsewhere. */ respond(function ($request, $response, $app) { PSU::session_start(); // force ssl + start a session $GLOBALS['BASE_URL'] = '/app/address-verification'; $GLOBALS['TITLE'] = 'Address Verification'; $GLOBALS['TEMPLATES'] = PSU_BASE_DIR . '/app/address-verification/templates'; if (file_exists(PSU_BASE_DIR . '/debug/address-verification-debug.php')) { include PSU_BASE_DIR . '/debug/address-verification-debug.php'; } IDMObject::authN(); if (!IDMObject::authZ('permission', 'mis') && !IDMObject::authZ('role', 'address_verification')) { die('You do not have access to this application.'); } // get the logged in user $app->user = PSUPerson::get($_SESSION['wp_id']); // create template object $app->tpl = new PSU\Template(); // assign user to template $app->tpl->assign('user', $app->user); }); respond('/', function ($request, $response, $app) { $app->tpl->display("index.tpl"); }); respond('GET', '/[:table]', function ($request, $response, $app) { $table = strtolower($request->param('table')); if ('spraddr' != $table) {
$pdf->SetFillColor(5, 66, 6); $pdf->SetTextColor(255, 255, 255); $fill = true; $pdf->SetFont('Arial', '', 13); $pdf->Cell(190, 7, 'Employee Clearance Checklist for ' . $person->formatName('f m l'), 0, 1, 'C', $fill); $pdf->SetFont('Arial', '', 10); $pdf->Cell(190, 6, 'Username: '******'C', $fill); $pdf->setTextColor(5, 66, 6); $pdf->ln(5); $checklist_items = array(); $categories = array(); $checklist = HRChecklist::get($person->pidm, $list); $categories = HRChecklist::categories($checklist['type']); $checklist_id = HRChecklist::get($person->pidm, $list, 'id'); $closed = HRChecklist::meta_exists($checklist_id, 'closed', 1); if (IDMObject::authZ('permission', 'ape_checklist_employee_exit_hr')) { if ($_POST['checklist_closed'] && !$closed) { HRChecklist::add_meta($checklist_id, 'closed', 1); HRChecklist::toggle_checklist($checklist_id, $_REQUEST['identifier'], true); HRChecklist::add_meta($checklist_id, 'closed_marked_by', $_SESSION['pidm']); } elseif (!$_POST['checklist_closed'] && $closed) { HRChecklist::add_meta($checklist_id, 'closed', 0); HRChecklist::toggle_checklist($checklist_id, $_REQUEST['identifier'], false); HRChecklist::add_meta($checklist_id, 'closed_marked_by', $_SESSION['pidm']); } //end elseif } //end if $closed_person = HRChecklist::get_meta($checklist['id'], 'closed_marked_by', 1); $closed_person = $closed_person['meta_value']; if ($closed_person) {
exit; } // Local Includes $GLOBALS['LOCAL_INCLUDES'] = $GLOBALS['BASE_DIR'] . '/includes'; $GLOBALS['TEMPORARY_FILES'] = '/web/temp'; // Directory to hold Smarty's compiled templates $GLOBALS['SMARTY_COMPILE'] = $GLOBALS['TEMPORARY_FILES'] . '/phonebook'; if (!is_writable($GLOBALS['SMARTY_COMPILE'])) { mkdir($GLOBALS['SMARTY_COMPILE'], 0700); } /*******************[End Site Constants]*******************/ $GLOBALS['TITLE'] = 'Public Directory'; /*******************[Authorization]*****************/ $can_see_images = false; if ($_SESSION['pidm']) { /**** TODO: make this based off of APE *****/ $GLOBALS['BANNER'] = PSUDatabase::connect('oracle/psc1_psu/fixcase'); if (IDMObject::authZ('department', 'University Police')) { $can_see_images = true; } //end if /**** END TODO: make this based off of APE *****/ IDMObject::loadAuthZ($_SESSION['pidm']); if (IDMObject::authZ('permission', 'view_idcard_images')) { $can_see_images = true; } //end if } //end if /*******************[End Authorization]*****************/ $tpl = new PSUTemplate();
<?php // TODO: move the functionality in this file into an API // // action page for deleting windows profiles (vista roaming or terminal services) // $response = array('status' => 'error', 'message' => null); try { // can the user perform this action? if (!IDMObject::authZ('permission', 'ape_profilereset')) { throw new Exception('You are not authorized to reset profiles.'); } // did we get all the needed data? if (!isset($_GET['username']) || !isset($_GET['profile'])) { throw new Exception('Username or profile type was missing in request.'); } $args = array('username' => $_GET['username'], 'profile' => $_GET['profile'] == 0 ? 0 : 1); // validate the username $pidm = $GLOBALS['BannerIDM']->getIdentifier($args['username'], 'username', 'pid'); if ($pidm === false) { throw new Exception('An invalid username was specified (pidm not found).'); } // // everything's good, insert the record // $systems = PSUDatabase::connect('mysql/systems'); $sql = "INSERT INTO profile_reset (uname, profile) VALUES (?, ?)"; $systems->Execute($sql, $args); $profile_type = $args['profile'] == 0 ? 'Vista roaming' : 'Terminal Services'; $GLOBALS['LOG']->write('Profile reset (' . $profile_type . ')', $args['username']); $response['message'] = sprintf("%s profile queued for deletion, this may take up to three minutes.", $profile_type);
$response['status'] = 'success'; $response['message'] = sprintf('%s "%s" was sucessfully added.', ucfirst($type), $attribute['attribute']); $name = $GLOBALS['BannerIDM']->getName($person->pidm, 'f,l'); list($response['first_name'], $response['last_name']) = explode(',', $name); $response['username'] = $person->username; $response['source'] = $attribute['source']; $response['pid'] = $person->pidm; $GLOBALS['ape']->log($person->pidm, $action, $action_status, $type, $log_attribute); } } elseif ($action == 'remove') { $id = $_REQUEST['id']; $role = $GLOBALS['BannerIDM']->getLog($id); if ($role['source'] !== $GLOBALS['IDM_SOURCE']) { throw new Exception(sprintf('That role was added via %s, and cannot be deleted through %s.', $role['source'], $GLOBALS['IDM_SOURCE'])); } if (!$global_attribute_admin && !IDMObject::authZ('admin', $role['attribute'])) { throw new Exception("You cannot administer the {$role['attribute']} attribute"); } $GLOBALS['BannerIDM']->removeAttribute($person->pidm, $id); list($type_id, $type) = $GLOBALS['BannerIDM']->any2type($role['type_id']); $log_attribute = $role['attribute']; $response['status'] = 'success'; $response['message'] = sprintf('%s "%s" has been removed.', ucfirst($type), $role['attribute']); $GLOBALS['ape']->log($person->pidm, $action, $action_status, $type, $log_attribute); } else { $GLOBALS['ape']->log($person->pidm, $action, $action_status, $type, $log_attribute); } } catch (Exception $e) { $response['message'] = $e->GetMessage() . ($e->GetCode() ? '(' . $e->GetCode() . ')' : ''); $GLOBALS['ape']->log($person->pidm, $action, $action_status, $type, $log_attribute); }
<?php require dirname(dirname(__DIR__)) . '/legacy/git-bootstrap.php'; require_once 'autoload.php'; PSU::session_start(); $GLOBALS['BASE_DIR'] = dirname(__FILE__); $GLOBALS['BASE_URL'] = '/webapp/cdn'; $GLOBALS['TEMPLATES'] = $GLOBALS['BASE_DIR'] . '/templates'; $GLOBALS['TITLE'] = 'CDN Manager'; require_once 'includes/CDNController.class.php'; require_once 'includes/CDNAPI.class.php'; IDMObject::authN(); if (!IDMObject::authZ('permission', 'web_developer')) { die('You don\'t have access to ski on the moon.'); } CDNController::delegate();
<?php /** * Utility script to dump email addresses for every portal user who * has done some customization. Currently, this includes adding a * relationship and modifying the layout. * * Append ?simple=1 to URL to hide names. */ require __DIR__ . '/init.php'; require_once 'autoload.php'; IDMObject::authN(); if (!IDMObject::authZ('role', 'myplymouth')) { die('no access'); } echo '<pre>'; PSU::get()->portal = PSU::db('portal_dev'); $sql = "SELECT DISTINCT wpid1 FROM relsearch WHERE substr(wpid1, 1, 1) <> 't'"; $wpids = PSU::db('portal')->GetCol($sql); $sql = "SELECT DISTINCT wp_id FROM usertabs WHERE wp_id != 0 AND substr(wp_id, 1, 1) <> 't'"; $wpids2 = PSU::db('portal')->GetCol($sql); $wpids = array_merge($wpids, $wpids2); $wpids = array_unique($wpids); sort($wpids); if (!$_GET['simple']) { echo "// append ?simple=1 to url to hide names\n\n"; } foreach ($wpids as $wpid) { $p = new PSUPerson($wpid); if ($_GET['simple'] == 1) { if ($p->wp_email) {
<?php $person = new PSUPerson($_REQUEST['pidm']); $action = $_REQUEST['action']; $value = $_REQUEST['value']; if (!$person->pidm) { $person = new PSUPerson($_REQUEST['username']); } $logs = $GLOBALS['BannerIDM']->getLogs($person->pidm); $attribute_log = current(current($logs[$action])); if ($attribute_log['source'] == 'ape') { $log = $GLOBALS['BannerIDM']->getLog($attribute_log['origin_id']); if (IDMObject::authZ('admin', $log['attribute']) || IDMObject::authZ('permission', 'ape_attribute_admin')) { $GLOBALS['BannerIDM']->setAttribute($person->pidm, $action, $value, 'ape', false, 'parent_id=' . $attribute_log['parent_id'] . '&origin_id=' . $attribute_log['origin_id']); } } //end if // bail here if request was javascript if (isset($_GET['method']) && $_GET['method'] == 'js') { header('Content-type: text/javascript'); $response['pidm'] = $person->pidm; $response['type'] = $type; $response['attribute'] = $log_attribute; die($value); } PSUHTML::redirect($GLOBALS['BASE_URL'] . '/user/' . $person->pidm);
public function user_level() { if (IDMObject::authZ('permission', 'cts_admin')) { return 1; } elseif (IDMObject::authZ('permission', 'cts')) { return 2; } elseif (IDMObject::authZ('role', 'calllog')) { return 3; } else { return 4; } }
<?php if (!IDMObject::authZ('permission', 'commonapp_upload')) { $_SESSION['errors'][] = 'You do not have permission to upload Common App feeds.'; PSUHTML::redirect($GLOBALS['BASE_URL']); } $tmp_name = $_FILES['feed']['tmp_name']; $new_name = $GLOBALS['TMP'] . '/' . $_FILES['feed']['name']; if (!is_uploaded_file($tmp_name)) { $_SESSION['errors'][] = "Uploaded file not found."; PSUHTML::redirect($GLOBALS['BASE_URL'] . '/upload.html'); } if (!is_dir($GLOBALS['TMP'])) { mkdir($GLOBALS['TMP']); } move_uploaded_file($tmp_name, $new_name); if (!is_file($new_name)) { $_SESSION['errors'][] = 'Could not find renamed file at ' . $new_name; PSUHTML::redirect($GLOBALS['BASE_URL'] . '/upload.html'); } $result = chmod($new_name, 0600); if ($result == false) { $_SESSION['errors'][] = 'Could not chmod ' . $new_name; PSUHTML::redirect($GLOBALS['BASE_URL'] . '/upload.html'); } $ca = new CommonApp($new_name); $ca->import(); if (count($ca->errors)) { // there were errors $_SESSION['errors'][] = 'Some records file failed to import.'; $_SESSION['errors'] = array_merge($_SESSION['errors'], $ca->errors);
<?php respond(function ($request, $response, $app) { PSU::session_start(); // Base directory of application $GLOBALS['BASE_DIR'] = dirname(__FILE__); // Base URL $GLOBALS['BASE_URL'] = 'https://' . $_SERVER['HTTP_HOST'] . '/app/ar'; // Base URL $GLOBALS['WEBAPP_URL'] = 'https://' . $_SERVER['HTTP_HOST'] . '/webapp'; // Templates $GLOBALS['TEMPLATES'] = PSU_BASE_DIR . '/app/ar/templates'; $GLOBALS['TITLE'] = 'Student Account Services Dashboard'; IDMObject::authN(); if (!IDMObject::authZ('permission', 'mis') && !IDMObject::authZ('role', 'bursar')) { die('You do not have access to this application.'); } $app->tpl = new \PSU\Template(); }); respond('/?', function ($request, $response, $app) { $contract = new PSU\AR\PaymentPlan\Feed\Contracts(4); $disbursement = new PSU\AR\PaymentPlan\Feed\Disbursements(2); $types = array('contract', 'disbursement'); foreach ($types as $type) { $report[$type] = array(); foreach (${$type} as $feed) { $report[$type]['invalid_id'] += $feed->invalid_id_count(); $report[$type]['unprocessed'] += $feed->date_processed_timestamp() ? 0 : 1; if ($diff = $feed->processed_difference()) { $report[$type]['difference'][$feed->id] = $diff; }
function __construct() { parent::__construct(); // general template vars $this->assign('title', 'Analysis and Provisioning Engine'); $this->assign('icon', $GLOBALS['ape']->icons); $this->template_dir = $GLOBALS['BASE_DIR'] . '/templates'; // custom template functions $this->register_function('ape_bool', array($this, 'ape_bool')); $this->assign('username', $_SESSION['username']); $this->assign('ape', $GLOBALS['ape']); $this->assign('myuser', $GLOBALS['myuser']); $this->assign('infodesk', APEAuthZ::infodesk()); // get svn dataz for this application $this->assign('svninfo', PSU::get_svn_info()); $this->xhtml = false; $this->load_authz(); /*** set up navigation links ***/ $links = array('nav-home' => $this->createLink('Home', $GLOBALS['BASE_URL'] . '/', 'nav-icon nav-home', 'home'), 'nav-identity' => $this->createLink('Identity/Access', $GLOBALS['BASE_URL'] . '/user/' . $_SESSION['ape_identifier'], 'nav-identity', 'person')); if (APEAuthZ::advancement()) { $links['nav-advancement'] = $this->createLink('Advancement', $GLOBALS['BASE_URL'] . '/user/advancement/' . $_SESSION['ape_identifier'], 'nav-advancement', 'advancement'); $this->assign('advancement_link', true); } //end if if (APEAuthZ::hr()) { $links['nav-hr'] = $this->createLink('HR', '#', 'nav-advancement', 'hr'); $this->assign('hr_link', true); } //end if if (APEAuthZ::family()) { $links['nav-family'] = $this->createLink('Family', $GLOBALS['BASE_URL'] . '/user/family/' . $_SESSION['ape_identifier'], 'nav-family', 'family'); $this->assign('family_link', true); } //end if if (APEAuthZ::student()) { $links['nav-student'] = $this->createLink('Student', $GLOBALS['BASE_URL'] . '/user/student/' . $_SESSION['ape_identifier'], 'nav-student', 'student'); $this->assign('student_link', true); } //end if if ($_SESSION['AUTHZ']['admin']) { $links['nav-identity']['children'][] = $this->createLink('Access Management', $GLOBALS['BASE_URL'] . '/authz.html', 'nav-access', 'access'); } if (IDMObject::authZ('permission', 'ape_mailing')) { $links['nav-identity']['children'][] = $this->createLink('Mailing Lists', $GLOBALS['BASE_URL'] . '/lists/', 'nav-mailing', 'mail'); } if (IDMObject::authZ('oracle', 'reporting_security')) { $links['nav-identity']['children'][] = $this->createLink('Banner Security', $GLOBALS['BASE_URL'] . '/banner/', 'nav-banner', 'banner-security'); } if ($GLOBALS['ape']->canResetPassword()) { $links['nav-identity']['children'][] = $this->createLink('Password Test', $GLOBALS['BASE_URL'] . '/password-test.html', 'nav-pass', 'password'); $links['nav-identity']['children'][] = $this->createLink('Locked (' . $GLOBALS['ape']->locks_count() . ')', $GLOBALS['BASE_URL'] . '/locks.html', 'nav-locked', 'lock'); } //end if $links['nav-identity']['children'][] = $this->createLink('Creation (' . $GLOBALS['ape']->pending_accounts_count() . ')', $GLOBALS['BASE_URL'] . '/pending.html', 'nav-pend-create', 'pending-creation'); $links['nav-identity']['children'][] = $this->createLink('Deletion (' . $GLOBALS['ape']->pending_deletion_count() . ')', $GLOBALS['BASE_URL'] . '/deletion.html', 'nav-pend-delete', 'pending-deletion'); if (IDMObject::authz('permission', 'mis')) { $links['nav-identity']['children'][] = $this->createLink('Provision/Deprovision Docs', 'https://docs.google.com/Doc?docid=0AcDtIeWVN6nGYWNmZ3dxamRqOW5jXzE0N2dndHBqNmZn&hl=en', 'nav-identity', 'identity'); } //end if if (APEAuthZ::hr()) { $links['nav-hr']['children'][] = $this->createLink('Employee Clearance', $GLOBALS['BASE_URL'] . '/checklist-admin.html', 'nav-advancement', 'identity'); } //end if // if there are only 2 root links, replace root link #2 with its children if (count($links) == 2) { $parent_link = array_pop($links); $links = array_merge($links, $parent_link['children']); } //end if $this->assign('nav_links', $links); }
$options['domain_controllers'] = array($conf['hostname'], $conf['hostname2']); $options['ad_username'] = $conf['username']; $options['ad_password'] = $conf['password']; $options['real_primarygroup'] = true; $options['use_ssl'] = true; $options['recursive_groups'] = true; $GLOBALS['AD'] = new adLDAP($options); } $GLOBALS['SYSTEMS_DB'] = PSU::db('systems'); // do whatever you do to authenticate the user....set the // username into a session variable. // at PSU we use phpCAS: if ($GLOBALS['IS_HD'] || $GLOBALS['IP'][2] == 112 || $GLOBALS['IP'][2] == 114 || $GLOBALS['IP'][2] == 33 || $GLOBALS['IP'][2] == 32 || $GLOBALS['IP'][2] == 115 || $GLOBALS['IP'][2] == 1) { // make sure we're either on an acceptable helpdesk computer, or on the 112 or 114 networks, otherwise deny access IDMObject::authN(); if (!(IDMObject::authZ('banner', 'student_active') || IDMObject::authZ('banner', 'employee') || IDMObject::authZ('banner', 'alumni') || IDMObject::authZ('banner', 'alumni_campus') || IDMObject::authZ('banner', 'alumni_emeritus') || IDMObject::authZ('banner', 'psu_friend'))) { echo "You must be a current student, employee, alumni, or retiree to use this service"; exit; } } else { echo "You do not have access to use this service from this location"; exit; } /*******************[End Authentication]********************/ /*******************[Authorization]********************/ /*$auth_query = "select id from authorized_users where uid='".$_SESSION['username']."'"; $result = $GLOBALS['SYSTEMS_DB']->Execute($auth_query); if($result->RecordCount()<1) { echo 'You do not have access to use this service'; exit;
public static function visit_plymouth_state() { return IDMObject::authZ('banner', 'ug_app') && !IDMObject::authZ('banner', 'ug_app_denied'); }
throw new Exception('An identity confirmation must be provided.'); } if (!$GLOBALS['ape']->canResetPassword()) { $GLOBALS['LOG']->write('Password Reset Attempt Failed: Not authorized to reset passwords.', $username); throw new Exception('You are not allowed to perform password resets (missing role, or not in IP whitelist).'); } if (!$username) { throw new Exception('Username missing from password reset request.'); } $person = new PSUPerson($username); if (!$reason && ($ssn != substr($person->ssn, -4) || $dob != $person->birth_date)) { $GLOBALS['LOG']->write('Password Reset Attempt Failed: invalid DOB & SSN portion provided.', $username); throw new Exception('The identity verification failed. Either the last 4 of the SSN OR the Date of Birth did not match.'); } //end if if ($reason && !IDMObject::authZ('permission', 'ape_pw')) { throw new Exception('You are not allowed to perform password resets without the last 4 of the SSN and Birth Date.'); } //end if if (!$reason) { $reason = 'Private Data Provided and Verified'; } //end if list($username, $password) = $GLOBALS['PWMAN']->defaultCredentials($username); $GLOBALS['PWMAN']->setPassword($username, $password); $GLOBALS['PWMAN']->expire($username, 'reset'); $GLOBALS['LOG']->write('Resetting password: '******'Password Reset', 'Reset password.', array('call_status' => 'closed'))) { $message .= ' Ticket #<a href="http://go.plymouth.edu/log/' . $call_id . '">' . $call_id . '</a> has been logged.'; }
/** * Return the SQL code used to target elements. */ public static function targetSQL(PSUPerson $person, $class) { $response = array('tables' => '', 'where' => array("(t.type = 'public' AND t.value = 'public')")); // don't use targeting if the global identifier is 0 (editing the default layout) if (!$GLOBALS['identifier']) { self::use_targeting(false); } //end if // should we show everything, regardless of targeting? if (!self::use_targeting() || IDMObject::authZ('role', 'myplymouth')) { $response['where'] = 'AND 1=1'; return $response; } // join with center table and targets table $response['tables'] = sprintf(' LEFT JOIN %3$s ON %1$s.id = %3$s.%2$s LEFT JOIN targets t ON %3$s.target_id = t.id ', self::dbstr($class, 'table'), self::dbstr($class, 'fk'), self::dbstr($class, 'targets')); foreach ($_SESSION['AUTHZ']['sql'] as $subtype => $in_sql) { $response['where'][] = sprintf("(t.type = 'authz' AND t.subtype = '%s' AND value IN %s)", $subtype, $in_sql); } if ($person->ad_rules_sql) { $response['where'][] = sprintf("(t.type = 'ad' AND value IN %s)", $person->ad_roles_sql); } if ($person->banner_roles_sql) { $response['where'][] = sprintf("(t.type = 'banner' AND value IN %s)", $person->banner_roles_sql); } $response['where'] = sprintf("AND (%s)", implode(' OR ', $response['where'])); return $response; }
/** * redirects if not admin */ private function _force_admin() { if (!IDMObject::authZ('role', 'myplymouth')) { $_SESSION['errors'][] = 'You are not allowed to view the MyPlymouth administration interface.'; PSU::redirect($GLOBALS['BASE_URL']); } //end if }
<?php require dirname(dirname(__DIR__)) . '/legacy/git-bootstrap.php'; require_once 'autoload.php'; PSU::session_start(); require_once 'PSUWordPress.php'; $GLOBALS['BASE_URL'] = $GLOBALS['RELATIVE_URL'] = '/webapp/els'; $GLOBALS['BASE_DIR'] = __DIR__; $GLOBALS['UPLOAD_DIR'] = PSU::UPLOAD_DIR . $GLOBALS['BASE_URL']; $GLOBALS['TITLE'] = 'ELS Administration'; $GLOBALS['META_WEBAPP'] = 'webapp_els'; require_once $GLOBALS['BASE_DIR'] . '/includes/ELS.class.php'; IDMObject::authN(); if (!IDMObject::authZ('permission', 'els_admin')) { die('You do not have access to this application.'); }
$GLOBALS['USER_DB'] = PSUDatabase::connect('mysql/user_info-admin'); //$GLOBALS['EPO'] = PSUDatabase::connect('mssql/epo_mercury'); $GLOBALS['ASTER'] = PSUDatabase::connect('mysql/aster-misuser'); $GLOBALS['MYPLYMOUTH'] = PSUDatabase::connect('mysql/myplymouth'); /*******************[End Database Connections]*****************/ // which portal we are working in, for now there is only one, and we hardcode it! $GLOBALS['Workflow'] = new Workflow(); $GLOBALS['BannerGeneral'] = new BannerGeneral($GLOBALS['BANNER']); $GLOBALS['BannerStudent'] = new BannerStudent($GLOBALS['BANNER']); $GLOBALS['PWMAN'] = new PasswordManager($GLOBALS['MYPLYMOUTH'], $_ = false, $GLOBALS['USER_DB']); $GLOBALS['LOG'] = new PSULog('ape', $_SESSION['username']); $GLOBALS['ZimbraAdmin'] = new zimbraAdmin(); /*******************[Authorization Stuff]*****************/ $GLOBALS['user_roles'] = PSU::get('idmobject')->getAllBannerRoles($_SESSION['username']); $path_parts = pathinfo($_SERVER['SCRIPT_FILENAME']); if (!IDMObject::authZ('role', 'staff') && !IDMObject::authZ('role', 'ape') && !APEAuthZ::infodesk() && !APEAuthZ::family() && !APEAuthZ::student() && !APEAuthZ::advancement() && !$_SESSION['impersonate']) { echo 'You (' . $_SESSION['username'] . ') do not have access to use this application. If ' . $_SESSION['username'] . ' is not your username, please log in to <a href="http://go.plymouth.edu/logout">myPlymouth</a> and try again.'; exit; } //end if /*******************[End Authorization Stuff]*****************/ if ($_GET['mobile']) { $_SESSION['psu_mobile'] = true; } elseif ($_GET['nomobile']) { $_SESSION['psu_mobile'] = false; } //end else $GLOBALS['myuser'] = new PSUPerson($_SESSION['username']); // first-time init. of error and message vars if (!isset($_SESSION['errors'])) { $_SESSION['errors'] = $_SESSION['messages'] = array();
<?php /** * Save changes to hardware from hardware.html. */ if (!IDMObject::authZ('permission', 'ape_hardware')) { die('You do not have hardware privileges.'); } $pidm = (int) $_GET['pidm']; $id = (int) $_GET['id']; $person = new PSUPerson($pidm); $person->hardware->deleteHardware($id); PSUHTML::redirect($BASE_URL . '/hardware/u/' . $person->username);
/** * Return true if current user is a portal admin, false if not */ public function is_admin() { return IDMObject::authZ('role', 'myplymouth'); }
<?php /** * reset the expiration date on person_phone so that they are prompted to sign up with and re-confirm mobile number when logging into myPlymouth */ try { // can the user perform this action? if (!IDMObject::authZ('permission', 'mis') && !APEAuthZ::infodesk()) { throw new Exception('You are not authorized to reset emergency phone information.'); } // end if // did we get all the needed data? if (!isset($_GET['wp_id'])) { throw new Exception('wp_id was missing in request.'); } // end if $person = PSUPerson::get($_GET['wp_id']); if ($ok = $person->emergency_phone->unconfirm()) { $GLOBALS['LOG']->write('Emergency phone reset', $_GET['wp_id']); $response['message'] = 'Emergency number reset. They will be prompted to confirm on next login (assuming they are a student/employee)'; $response['status'] = 'success'; } else { throw new Exception('Error resetting: ' . $ok); } // end else } catch (Exception $e) { $response['message'] = $e->getMessage(); } // end catch // // ajax requests end here
/** * Convenience function to test if the user can administer this role. * * @param $role \b array an associative array of the role data */ function canAdminRole($role = null) { // can't admin attributes if (!IDMObject::authZ('permission', 'ape_attribute_admin')) { return false; } // wasn't a role-specific query, user is allowed if ($role == null) { return true; } // allowed to edit this role? if ($role['origin_id'] == null && $role['source'] == $GLOBALS['IDM_SOURCE']) { return true; } return false; }
<?php try { if (!IDMObject::authZ('permission', 'ape_wp_email_reset')) { throw new Exception('You are not authorized to reset profiles.'); } require_once '/web/connect.plymouth.edu/wp-includes/registration.php'; $person = new PSUPerson($_GET['identifier']); if (!$person->pidm) { throw new Exception('Could not load person for pidm: ' . $_GET['pidm']); } //end if $user = get_userdatabypidm($person->pidm); update_usermeta($user->ID, 'psuname', $person->login_name); delete_usermeta($user->ID, 'ac_pwreset'); $response['message'] = 'WP psuname has been synched.'; $email = trim($_GET['email']); if ($email) { if ($_GET['type'] == 'primary') { $user_data = array('ID' => $user->ID, 'user_email' => $email); $which = "Email"; $old_email = $user->user_email; $result = wp_update_user((array) $user_data); } else { $which = "Alt. email"; $old_email = $user->email_alt; $result = update_usermeta($user->ID, 'email_alt', $email); } if ($result) { $response['message'] .= sprintf(' %s changed from "%s" to "%s"', $which, $old_email, $email); }
}); respond('/?', function ($request, $response, $app) { $contracts = new PSU\AR\PaymentPlan\Feed\Contracts(10); $disbursements = new PSU\AR\PaymentPlan\Feed\Disbursements(4); $app->tpl->assign('date_format', '%b %e @ %l:%M %P'); $app->tpl->assign('contracts', $contracts); $app->tpl->assign('disbursements', $disbursements); $app->tpl->display('payment-plans.tpl'); }); respond('/process/[contract|disbursement:script]', function ($request, $response, $app) { $script = $request->script; if ($app->running[$script]) { PSU::redirect($GLOBALS['BASE_URL'] . '/payment-plans'); } //end if $user = PSU::isDev() ? 'nrporter' : 'webguru'; if (PSU::isDev() && !IDMObject::authZ('permission', 'mis')) { $_SESSION['errors'][] = 'Only MIS can run this script in development'; PSU::redirect($GLOBALS['BASE_URL'] . '/payment-plans'); } //end if if ('contract' == $script) { $command = '/usr/local/bin/php ~' . $user . '/scripts/payment_plan_' . $script . '.php -i ' . strtolower(PSU::db('banner')->database) . ' &'; } else { $command = '/usr/local/bin/php ~' . $user . '/scripts/payment_plan_' . $script . '.php --instance=' . strtolower(PSU::db('banner')->database) . ' &'; } //end else exec($command); $_SESSION['successes'][] = 'The Payment Plan ' . ucwords($script) . ' processing script has begun. Please check back shortly.'; PSU::redirect($GLOBALS['BASE_URL'] . '/payment-plans'); });
require_once 'BannerStudent.class.php'; //student class require_once 'PSUECommerce.class.php'; require_once 'PSUECommerceInterface.class.php'; require_once 'PSUECommerceTransaction.class.php'; require_once 'ecommerce/ETrans.class.php'; require_once 'channel.class.php'; /*******************[End Common Includes]**********************/ /*******************[Local Includes]**********************/ require_once $GLOBALS['LOCAL_INCLUDES'] . '/ECommerceSmarty.class.php'; /*******************[End Local Includes]**********************/ /*******************[Database Connections]*****************/ $which = 'test'; if ($_GET['which'] == 'psc1') { $which = 'psc1'; } elseif (preg_match('/https?\\:\\/\\/www\\./', $GLOBALS['BASE_URL']) && $_GET['which'] != 'test') { $which = 'psc1'; } //end else $GLOBALS['BANNER'] = PSUDatabase::connect('oracle/' . $which . '_psu/fixcase'); /*******************[End Database Connections]*****************/ $GLOBALS['BannerStudent'] = new BannerStudent($GLOBALS['BANNER']); $GLOBALS['BannerIDM'] = new IDMObject(); if (strchr($_SERVER['SCRIPT_NAME'], '/admin/')) { $_SESSION['username'] = IDMObject::authN(); if (!IDMObject::authZ('permission', 'mis')) { exit("You do not have sufficient permissions to view this page."); } //end if } //end if
<?php require_once 'autoload.php'; PSU::session_start(); $GLOBALS['BASE_DIR'] = dirname(__FILE__); $GLOBALS['BASE_URL'] = '/webapp/faculty'; $GLOBALS['TEMPLATES'] = $GLOBALS['BASE_DIR'] . '/templates'; $GLOBALS['TITLE'] = 'Faculty Database'; IDMObject::authN(); if (!IDMObject::authZ('permission', 'faculty_admin')) { exit('You do not have access to this service.'); }