public function loadExtras(array &$storage, w2p_Core_CAppUI $AppUI, $m, $type = 'tabs') { //Set up extra $type if (!isset($storage['all_' . $type][$m])) { // For some reason on some systems if you don't set this up // first you get recursive pointers to the all_$type array, creating // phantom tabs. if (!isset($storage['all_' . $type])) { $storage['all_' . $type] = array(); } $storage['all_' . $type][$m] = array(); $all_items =& $storage['all_' . $type][$m]; foreach ($AppUI->getActiveModules() as $dir => $notUsed) { if (!canAccess($dir)) { continue; } $loader = new w2p_FileSystem_Loader(); $modules_items = $loader->readFiles(W2P_BASE_DIR . '/modules/' . $dir . '/', '^' . $m . '_' . substr($type, 0, -1) . '.*\\.php'); foreach ($modules_items as $item) { // Get the name as the subextension // cut the module_tab. and the .php parts of the filename // (begining and end) $nameparts = explode('.', $item); $filename = substr($item, 0, -4); if (count($nameparts) > 3) { $file = $nameparts[1]; if (!isset($all_items[$file])) { $all_items[$file] = array(); } $tabArray =& $all_items[$file]; $name = $nameparts[2]; } else { $tabArray =& $all_items; $name = $nameparts[1]; } $tabArray[] = array('name' => ucfirst(str_replace('_', ' ', $name)), 'file' => W2P_BASE_DIR . '/modules/' . $dir . '/' . $filename, 'module' => $dir); } } } else { $all_items =& $storage['all_' . $type][$m]; } }
public function buildHeaderNavigation($rootTag = '', $innerTag = '', $dividingToken = '') { $s = ''; $nav = $this->_AppUI->getMenuModules(); $s .= $rootTag != '' ? "<{$rootTag} id=\"headerNav\">" : ''; $links = array(); foreach ($nav as $module) { if ($module['mod_directory'] == 'system' || $module['mod_directory'] == 'users') { continue; } if (canAccess($module['mod_directory'])) { $link = $innerTag != '' ? "<{$innerTag}>" : ''; $class = $this->_m == $module['mod_directory'] ? ' class="module"' : ''; $link .= '<a href="?m=' . $module['mod_directory'] . '"' . $class . '>' . $this->_AppUI->_($module['mod_ui_name']) . '</a>'; $link .= $innerTag != '' ? "</{$innerTag}>" : ''; $links[] = $link; } } $s .= implode($dividingToken, $links); $s .= $rootTag != '' ? "</{$rootTag}>" : ''; return $s; }
"><span><?php echo $AppUI->_('My Info'); ?> </span></a> </td> <?php if (canAccess('tasks')) { ?> <td nowrap="nowrap" align="right"> <a class="button" href="./index.php?m=tasks&a=todo"><span><b><?php echo $AppUI->_('Todo'); ?> </b></span></a> </td><?php } if (canAccess('calendar')) { $now = new w2p_Utilities_Date(); ?> <td nowrap="nowrap" align="right"> <a class="button" href="./index.php?m=calendar&a=day_view&date=<?php echo $now->format(FMT_TIMESTAMP_DATE); ?> "><span><?php echo $AppUI->_('Today'); ?> </span></a> </td><?php } ?> <td nowrap="nowrap" align="right"> <a class="button" href="./index.php?logout=-1"><span><?php
function getReadableModule() { global $AppUI; $perms =& $AppUI->acl(); $q = new w2p_Database_Query(); $q->addTable('modules'); $q->addQuery('mod_directory'); $q->addWhere('mod_active = 1'); $q->addOrder('mod_ui_order'); $modules = $q->loadColumn(); foreach ($modules as $mod) { if (canAccess($mod)) { return $mod; } } return null; }
include "pages/auditorMailPage.class.php"; include "pages/auditorMembersPage.class.php"; include "pages/auditorNotificationsPage.class.php"; include "pages/auditorAssetsPage.class.php"; include "pages/auditorJournalPage.class.php"; include "pages/auditorTransactionsPage.class.php"; include "pages/auditorOrdersPage.class.php"; include "pages/auditorContractsPage.class.php"; include "pages/auditorContactsPage.class.php"; foreach ($registered_pages as $name => $page) { if (CORP_MODE && $page->GetAccMode() != ACC_CHAR_ONLY || !CORP_MODE && $page->GetAccMode() != ACC_CORP_ONLY) { $eligible_pages[$page->GetName()] = $page; $mask = $page->GetAccMask(CORP_MODE); if (is_array($mask)) { foreach ($mask as $submask) { if (canAccess($submask)) { $enabled_pages[$page->GetName()] = $page; break; } } } else { if (canAccess($mask)) { $enabled_pages[$page->GetName()] = $page; } } } } if (count($enabled_pages) > 1) { $eligible_pages["onepage"] = "onepage"; $enabled_pages["onepage"] = "onepage"; }
', 'editFrm', null, true)"> <img src="<?php echo w2PfindImage('calendar.gif'); ?> " width="24" height="12" alt="<?php echo $AppUI->_('Calendar'); ?> " border="0" /> </a> </td> <td rowspan="6" valign="top"> <?php if ($AppUI->isActiveModule('contacts') && canView('contacts')) { echo '<input type="button" class="button" value="' . $AppUI->_('Select contacts...') . '" onclick="javascript:popContacts();" />'; } if ($AppUI->isActiveModule('departments') && canAccess('departments')) { //Build display list for departments $company_id = $project->project_company; $selected_departments = array(); if ($project_id) { $myDepartments = CProject::getDepartments($AppUI, $project_id); $selected_departments = count($myDepartments) > 0 ? array_keys($myDepartments) : array(); } $departments_count = 0; $department_selection_list = getDepartmentSelectionList($company_id, $selected_departments); if ($department_selection_list != '' || $project_id) { $department_selection_list = $AppUI->_('Departments') . '<br /><select name="project_departments[]" multiple="multiple" class="text"><option value="0"></option>' . $department_selection_list . '</select>'; } else { $department_selection_list = '<input type="button" class="button" value="' . $AppUI->_('Select department...') . '" onclick="javascript:popDepartment();" /><input type="hidden" name="project_departments"'; } // Let's check if the actual company has departments registered
function buildHeaderNavigation($AppUI, $rootTag = '', $innerTag = '', $dividingToken = '') { $s = ''; $nav = $AppUI->getMenuModules(); $perms = $AppUI->acl(); $s .= $rootTag != '' ? "<{$rootTag} id=\"headerNav\">" : ''; $links = array(); foreach ($nav as $module) { if (canAccess($module['mod_directory'])) { $link = $innerTag != '' ? "<{$innerTag}>" : ''; //$link .= '<a href="?m=' . $module['mod_directory'] . '">' . $AppUI->_($module['mod_ui_name']) . '</a>'; $link .= '<input type="button" class="button" value="' . $AppUI->_($module['mod_ui_name']) . '" onclick=\'javascript:window.location="?m=' . $module['mod_directory'] . '"\' />'; $link .= $innerTag != '' ? "</{$innerTag}>" : ''; $links[] = $link; } } $s .= implode($dividingToken, $links); $s .= $rootTag != '' ? "</{$rootTag}>" : ''; return $s; }
<?php /* $Id$ $URL$ */ global $a, $AppUI; $links = array(); if (canAccess('users')) { $links[] = '<a href="./index.php?m=admin">' . $AppUI->_('User Management') . '</a>'; } if (canAccess('system')) { $links[] = '<a href="./index.php?m=system">' . $AppUI->_('System Administration') . '</a>'; } ?> </td> </tr> </table> <hr /> <div class="center footer"> <?php echo implode('|', $links); ?> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="./style/<?php echo $uistyle; ?> /assets/js/jquery.js"></script> <script src="./style/<?php echo $uistyle; ?>
public function loadFooterJS() { $s = '<script type="text/javascript">'; $s .= '$(document).ready(function() {'; // Attach tooltips to "span" elements $s .= ' $("span").tipTip({maxWidth: "600px;", delay: 200, fadeIn: 150, fadeOut: 150});'; // Move the focus to the first textbox available, while avoiding the "Global Search..." textbox if (canAccess('smartsearch')) { $s .= ' $("input[type=\'text\']:eq(1)").focus();'; } else { $s .= ' $("input[type=\'text\']:eq(0)").focus();'; } $s .= '});'; $s .= '</script>'; if (is_array($this->footerJavascriptFiles) and !empty($this->footerJavascriptFiles)) { while ($jsFile = array_pop($this->footerJavascriptFiles)) { $s .= "<script type='text/javascript' src='" . $jsFile . "'></script>"; } } return $s; }
/** +---------------------------------------------------------- * 初始化当前登录用户信息 +---------------------------------------------------------- * @access protected +---------------------------------------------------------- */ protected function initUser() { $this->mid = intval($_SESSION['mid']); $this->uid = intval($_REQUEST['uid']); if ($this->uid == 0) { $this->uid = $this->mid; } // 获取userInfo数据 if ($this->mid > 0 && (empty($_SESSION['userInfo']) || !$_SESSION['userInfo']['is_init'] || !$_SESSION['userInfo']['is_active'])) { $_SESSION['userInfo'] = D('User', 'home')->getUserByIdentifier($this->mid); } else { if (empty($_SESSION['userInfo'])) { return true; } D('User', 'home')->setUserObjectCache(array($_SESSION['userInfo'])); } //缓存登录用户个人资料 $userInfo = D('User', 'home')->getUserInfoCache($this->mid); $this->assign('userInfoCache', $userInfo); // 赋值当前用户 $this->user = $_SESSION['userInfo']; global $ts; $ts['user'] = $this->user; $this->assign('mid', $this->mid); $this->assign('uid', $this->uid); $this->assign('user', $this->user); //add By lenghaoran 2011-01-16 判断用户是否为管理员 $isSystemAdmin = service('SystemPopedom')->hasPopedom($this->user['uid'], 'admin/*/*', false); $this->assign('isSystemAdmin', $isSystemAdmin); // 检查是否用户初始化 if (!$ts['user']['is_init'] && !canAccess()) { $this->assign('jumpUrl', U('home/Public/userinfo')); $this->error('请先完善个人资料'); exit; } }
<?php /* $Id$ $URL$ */ if (!defined('W2P_BASE_DIR')) { die('You should not access this file directly'); } ob_start(); if (isset($perms)) { foreach ($AppUI->getActiveModules() as $dir => $module) { if (!canAccess($dir)) { continue; } $modules_tabs_crumbs = $AppUI->readFiles(W2P_BASE_DIR . '/modules/' . $dir . '/', '^' . $m . '_(tab|crumb).*\\.php'); if (count($modules_tabs_crumbs) > 0) { if (file_exists(W2P_BASE_DIR . '/modules/' . $dir . '/locales/' . $AppUI->user_locale . '/' . $dir . '.inc')) { readfile(W2P_BASE_DIR . '/modules/' . $dir . '/locales/' . $AppUI->user_locale . '/' . $dir . '.inc'); } elseif (file_exists(W2P_BASE_DIR . '/locales/' . $AppUI->user_locale . '/' . $dir . '.inc')) { readfile(W2P_BASE_DIR . '/locales/' . $AppUI->user_locale . '/' . $dir . '.inc'); } elseif (file_exists(W2P_BASE_DIR . '/modules/' . $dir . '/locales/' . $AppUI->user_locale . '.inc')) { readfile(W2P_BASE_DIR . '/modules/' . $dir . '/locales/' . $AppUI->user_locale . '.inc'); } } } } if (W2P_BASE_DIR . '/locales/' . $AppUI->user_locale . '/common.inc') { readfile(W2P_BASE_DIR . '/locales/' . $AppUI->user_locale . '/common.inc'); } // language files for specific locales and specific modules (for external modules) should be // put in modules/[the-module]/locales/[the-locale]/[the-module].inc or // modules/[the-module]/locales/[the-locale].inc // this allows for module specific translations to be distributed with the module
/** +---------------------------------------------------------- * 用户访问权限验证 +---------------------------------------------------------- * @access private +---------------------------------------------------------- * @return void +---------------------------------------------------------- */ private static function checkUser() { global $ts; // 邀请 if ($_GET['validationcode'] && $_GET['validationid']) { service('Validation')->dispatchValidation(); } // 验证登陆 if (!service('Passport')->isLogged()) { // 未登陆 // 邀请 if (APP_NAME == 'home' && MODULE_NAME == 'Index' && ACTION_NAME == 'index' && isset($_REQUEST['invite'])) { redirect(SITE_URL . '/index.php?app=home&mod=Public&act=register&invite=' . $_REQUEST['invite']); } // 是否开启游客访问 if (APP_NAME == 'home' && MODULE_NAME == 'Space' && !$ts['site']['site_anonymous']) { redirect(U('home/Public/login')); } // 匿名访问控制 if (!canAccess()) { if (App::isAjax() || strpos($_SERVER['REQUEST_URI'], "addon") != FALSE) { // Ajax访问禁止匿名的资源时, 不做自动跳转 exit; } else { // 记录登陆前的url地址 $_SESSION['refer_url'] = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; redirect(U('home/Public/login')); } } } else { // 已登录 // 设为在线 setOnline($_SESSION['mid']); // 检查用户权限. 管理后台的权限由它自己控制. if (!service('SystemPopedom')->hasPopedom()) { if (APP_NAME == 'admin') { redirect(U('home/Public/adminlogin'), 5, '您无权查看'); } else { redirect(U('home'), 5, '您无权查看'); } } } return; }
function character_select($Db, $chars) { if (canAccess(33554432)) { $account = new eveApiAccount($Db); if (!$account->fetch(USER_ID, API_KEY)) { $account = false; } } else { $account = false; } if (!$chars || count($chars) == 0) { fatal_error("Failed to load characters. Verify API is valid and account has characters."); } else { insert_header("API Jackknife: Char Selection"); ?> <h3>Select character</h3><table><tr> <?php if (isset($_GET['key'])) { $auth = SELF_URL . "key=" . $_GET['key']; } else { $auth = SELF_URL . "usid=" . USER_ID . "&apik=" . API_KEY; } foreach ($chars as $ch_id => $char) { echo "<td align=center><a href=\"" . $auth . "&chid={$ch_id}" . (isset($_GET['fittingid']) ? "&fittingid={$_GET['fittingid']}" : "") . (isset($_GET['save']) && $_GET['save'] == "1" ? "&save=1" : "") . "\">"; echo "<img src=\"http://image.eveonline.com/Character/" . $ch_id . "_256.jpg\" height=150 width=150><br>"; echo "<b>" . $char["name"] . "</b></a><br><span style=\"font-size:70%\">" . $char["corporationName"] . ($char["allianceID"] != 0 ? "<br>" . $char["allianceName"] : "<br> ") . "</span>"; if (!LOGGED_IN) { echo "<br><input style=\"font-size:80%;align:left\" type=\"button\" onclick=\"getCharacterInfo({$ch_id}," . USER_ID . ",'" . API_KEY . "');this.style.display='none';document.getElementById('iskTable" . $ch_id . "').style.display='block' \" value='Load Char Info'/>"; $Hide = ";display:none;"; } else { $Hide = ""; echo "<script type=\"text/javascript\">getCharacterInfo({$ch_id}," . USER_ID . ",'" . API_KEY . "')</script>"; } echo "<br><table id=\"iskTable" . $ch_id . "\" style=\"font-size:90%;align:left;width:100%" . $Hide . "\"> <tr><td>Isk: </td><td id=\"isk" . $ch_id . "\"></td></tr>"; echo "<tr><td>SP: </td><td id=\"sp" . $ch_id . "\"></td></tr>"; echo "<tr><td>Born: </td><td id=\"bday" . $ch_id . "\"></td></tr>"; echo "</table>"; echo "</td>\n"; } ?> </tr></table> <br><table style="font-size:80%"><tr><td>Total Isk: </td><td id="tIsk"></td></tr> <tr><td>Total SP: </td><td id="tSp"></td></tr> </table> <?php if ($account) { ?> <span style="font-size:80%">Created <?php echo date("Y-m-d", strtotime($account->created)); ?> , <?php echo $account->paidUntil; ?> of subscription left</span> <?php } ?> <br><span style="font-size:80%"><a href="<?php SELF_URL . (isset($_GET['fittingid']) ? "&fittingid={$_GET['fittingid']}" : ""); ?> ">back</a></span><br> </body> </html> <?php $Db->close(); exit; } /// END CHAR SELECT /////////////////////////////////////////////////////////////////////////////// }
/* This check for $u implies that a file located in a subdirectory of higher depth than 1 * in relation to the module base can't be executed. So it would'nt be possible to * run for example the file module/directory1/directory2/file.php * Also it won't be possible to run modules/module/abc.zyz.class.php for that dots are * not allowed in the request parameters. */ $u = $AppUI->checkFileName(w2PgetCleanParam($_GET, 'u', '')); // load module based locale settings @(include_once W2P_BASE_DIR . '/locales/' . $AppUI->user_locale . '/locales.php'); include_once W2P_BASE_DIR . '/locales/core.php'; setlocale(LC_TIME, $AppUI->user_lang); $m_config = w2PgetConfig($m); // TODO: canRead/Edit assignements should be moved into each file // check overall module permissions // these can be further modified by the included action files $canAccess = canAccess($m); $canRead = canView($m); $canEdit = canEdit($m); $canAuthor = canAdd($m); $canDelete = canDelete($m); if (!$suppressHeaders) { // output the character set header if (isset($locale_char_set)) { header('Content-type: text/html;charset=' . $locale_char_set); } } // include the module class file - we use file_exists instead of @ so // that any parse errors in the file are reported, rather than errors // further down the track. $modclass = $AppUI->getModuleClass($m); if (file_exists($modclass)) {
<?php /* $Id$ $URL$ */ if (!defined('W2P_BASE_DIR')) { die('You should not access this file directly.'); } $AppUI->savePlace(); // pull all the key types $perms =& $AppUI->acl(); // Get the permissions for this module $canAccess = canAccess('roles'); if (!$canAccess) { $AppUI->redirect('m=public&a=access_denied'); } $canRead = canView('roles'); $canAdd = canAdd('roles'); $canEdit = canEdit('roles'); $canDelete = canDelete('roles'); $crole = new CSystem_Role(); $roles = $crole->getRoles(); $role_id = (int) w2PgetParam($_GET, 'role_id', 0); // setup the title block $titleBlock = new w2p_Theme_TitleBlock('Roles', 'main-settings.png', $m, $m . '.' . $a); $titleBlock->addCrumb('?m=system', 'System Admin'); $titleBlock->show(); $crumbs = array(); $crumbs['?m=system'] = 'System Admin'; ?> <script language="javascript" type="text/javascript"> <?php
echo $AppUI->_('Item'); ?> </th> <th nowrap="nowrap"><?php echo $AppUI->_('Type'); ?> </th> <th nowrap="nowrap"><?php echo $AppUI->_('Status'); ?> </th> <th> </th> </tr> <?php $canDelete = canAccess('system'); foreach ($role_acls as $acl) { $buf = ''; $permission = $perms->get_acl($acl); $style = ''; // TODO: Do we want to make the colour depend on the allow/deny/inherit flag? // Module information. if (is_array($permission)) { $buf .= '<td ' . $style . '>'; $modlist = array(); $itemlist = array(); if (is_array($permission['axo_groups'])) { foreach ($permission['axo_groups'] as $group_id) { $group_data = $perms->get_group_data($group_id, 'axo'); $modlist[] = $AppUI->_($group_data[3]); }
break; //show the list of versions for this document //show the list of versions for this document default: $rows = null; $current = null; if ($id > 0) { $group_id = 0; //check that the user is authorized to approve if (function_exists('getParameterValue')) { $group_id = (int) getParameterValue('approval_user_group'); } if ($group_id > 0) { $user =& JFactory::getUser(); //if they are at or above the selected user group if (canAccess($user->gid, $group_id)) { $query = "SELECT * FROM #__version WHERE content_id=" . $id . " AND (autosaved != '1' or autosaved is null) ORDER BY id DESC"; } else { //no access to staging versions $query = "SELECT * FROM #__version WHERE content_id=" . $id . " AND (stage != '1' or stage is null) AND (autosaved != '1' or autosaved is null) ORDER BY id DESC"; } } else { $query = "SELECT * FROM #__version WHERE content_id=" . $id . " AND (autosaved != '1' or autosaved is null) ORDER BY id DESC"; } $db->setQuery($query); $rows = $db->loadObjectList(); //get the current article $query = "SELECT * FROM #__content WHERE id=" . $id . " LIMIT 1"; $db->setQuery($query); $current = $db->loadObject(); }