Пример #1
0
 public function settings()
 {
     if (!$this->authedUser) {
         redirect(base_url('app/novp/'));
     } else {
         if (!check_access($this->authedUser, 'use_novp_api')) {
             redirect(base_url('app/novp/start/'));
         }
     }
     // Get token
     $r_token = $this->db->get_where('novp_tokens', array('user_id' => $this->authedUser->getId()));
     if ($r_token->num_rows() == 1) {
         $token = $r_token->result()[0]->token;
     } else {
         $token = "Click Refresh icon to get token";
     }
     $this->data['user'] = $this->authedUser;
     $this->data['token'] = $token;
     $this->data['user_details'] = $this->authedUser->toArray()['details'][0];
     $this->data['page_title'] = 'Settings | NOVP - Power your video with NOVP';
     $this->data['menu_active'] = "settings";
     $this->load->view('novp/views/header', $this->data);
     $this->load->view('novp/views/nav');
     $this->load->view('novp/views/settings');
     $this->load->view('novp/views/footer');
 }
Пример #2
0
function call_move_text()
{
    global $local_stats,$id,$confirm,$target,$tool;

    include_once('inc/functions/resort_tools.php');
    check_access($tool);

    echo "<form method=\"post\" action=\"".$_SERVER['REQUEST_URI']."\">" .
         "Input user id: <input name=id size=5><br>" .
         "Move to alliance: <input name=target size=5><br>" .
         '<label>Check if touring:</label>' .
         '<input type="checkbox" name="tourer">' .
         "<input type=submit value=Move name=confirm>" .
         "</form>" .
         "<br><br>";

    if ($confirm && $id && $target)
    {
        //if ($target == 1 && $local_stats[LEVEL] < 5)
        //    $target = 2;

        echo "User $id has been move to alliance $target";

        $orkTime = date(TIMESTAMP_FORMAT);
        $search = mysql_query("SELECT * FROM stats WHERE id = $id");
        $search =  mysql_fetch_array($search);
        //mysql_query("UPDATE stats SET kingdom = $target, type ='player', invested = 0 where id = $id");
        //mysql_query("UPDATE rankings_personal SET alli_id = $target where id = $id");
        //mysql_query("UPDATE stats SET vote = 0, invested = 0 WHERE vote = $id");
        //mysql_query("UPDATE goods SET credits = 0, market_money = 0, market_food = 0, market_soldiers = 0, market_wood = 0 WHERE id = $id");
        move_tribe($id, $target);
        mysql_query("INSERT INTO news (id, time, ip, type, duser, ouser, result, text, kingdom_text, kingdoma, kingdomb) VALUES ('', '$orkTime', '---', 'Mod Move', '0', '0', '1', '', '<font class=\"indicator\">$search[tribe] was moved from #$search[kingdom] to #$target!</font>', '$search[kingdom]', '$target')");
    }

}
Пример #3
0
 function index()
 {
     $this->load->dbutil();
     $this->load->helper('download');
     /* Check access */
     if (!check_access('backup account')) {
         $this->messages->add('Permission denied.', 'error');
         redirect('setting');
         return;
     }
     $backup_filename = "backup" . date("dmYHis") . ".gz";
     /* Backup your entire database and assign it to a variable */
     $backup_data =& $this->dbutil->backup();
     /* Write the backup file to server */
     if (!write_file($this->config->item('backup_path') . $backup_filename, $backup_data)) {
         $this->messages->add('Error saving backup file to server.' . ' Check if "' . $this->config->item('backup_path') . '" folder is writable.', 'error');
         redirect('setting');
         return;
     }
     /* Send the file to your desktop */
     force_download($backup_filename, $backup_data);
     $this->logger->write_message("success", "Downloaded account backup");
     redirect('setting');
     return;
 }
Пример #4
0
 public function register()
 {
     check_access(TRUE, TRUE);
     $data = array('title' => 'Register', 'button' => 'Register', 'fields' => array('id' => array('label' => 'Registration ID', 'type' => 'text', 'attr' => array('required' => '', 'autofocus' => '')), 'email' => array('label' => 'Email', 'type' => 'email', 'attr' => array('required' => '')), 'password' => array('label' => 'Password', 'type' => 'password'), 'title' => array('label' => 'Title', 'type' => 'select', 'values' => array('Mr' => 'Mr', 'Ms' => 'Ms', 'Mrs' => 'Mrs', 'Dr' => 'Dr', 'Prof' => 'Prof')), 'first_name' => array('label' => 'First Name', 'type' => 'text'), 'last_name' => array('label' => 'Last Name', 'type' => 'text'), 'address' => array('label' => 'Address', 'type' => 'textarea'), 'city' => array('label' => 'City', 'type' => 'text'), 'country' => array('label' => 'Country', 'type' => 'text'), 'attendee_type' => array('label' => 'Attendee Type', 'type' => 'select', 'values' => array('student' => 'Student', 'participant' => 'Participant', 'sponsor' => 'Sponsor', 'vip' => 'VIP', 'speaker' => 'Speaker')), 'department' => array('label' => 'Department', 'type' => 'text'), 'company' => array('label' => 'Company', 'type' => 'text'), 'phone_number' => array('label' => 'Phone Number', 'type' => 'tel'), 'fax_number' => array('label' => 'Fax Number', 'type' => 'tel'), 'payment_status' => array('label' => 'Payment Status', 'type' => 'select', 'values' => array('unpaid' => 'Unpaid', 'cash' => 'Paid by Cash', 'credit' => 'Paid by Credit Card', 'epa' => 'Paid by EPS', 'cheque' => 'Paid by Cheque')), 'remarks' => array('label' => 'Remarks', 'type' => 'textarea'), 'is_admin' => array('label' => 'Is administrator?', 'type' => 'checkbox')));
     if ($this->input->method() == 'post') {
         $this->load->database();
         $fields = $this->input->post();
         foreach ($fields as &$v) {
             if ($v == "") {
                 $v = NULL;
             }
         }
         $fields['is_admin'] = empty($fields['is_admin']);
         if ($this->db->set('registration_date', 'now()', FALSE)->insert('member', $fields) === FALSE) {
             $e = $this->db->error();
             $e = json_encode($e['message']);
             $this->output->append_output("<script>\n                        alert('Database Error:\\n' + {$e});\n                    </script>");
         } else {
             $x = json_encode(site_url());
             $this->output->append_output("<script>\n                        if(confirm('Register Success!\\nClick OK to enter a new record or cancel to go back to Home . '))\n                            window.parent.location.reload();\n                        else\n                            window.parent.location = {$x};\n                    </script>");
         }
         return;
     }
     $data['menu'] = $this->load->view('menu', NULL, TRUE);
     $this->load->view('simple_form', $data);
 }
Пример #5
0
 public function adminSideBar($param)
 {
     if (check_access("Weixin/Index/index")) {
         echo '<li><a href="' . U('Weixin/Index/index') . '">
     <i class="fa fa-angle-double-right"></i>微信模块</a></li>';
     } else {
     }
 }
Пример #6
0
 public function index()
 {
     check_access(TRUE);
     $data = array('title' => $this->title, 'menu' => $this->load->view('menu', NULL, TRUE), 'detail_url' => site_url(uri_string() . '/detail/{id}'), 'create_url' => site_url(uri_string() . '/create'), 'edit_url' => site_url(uri_string() . '/edit/{id}'), 'delete_url' => site_url(uri_string() . '/delete/{id}'), 'fields' => $this->fields);
     $r = $this->db->where('receiver_id', $this->auth->user()->id)->get($this->table);
     $data['data'] = $r->result_array();
     $this->load->view($this->view[__FUNCTION__], $data);
 }
Пример #7
0
 function Status()
 {
     parent::Controller();
     /* Check access */
     if (!check_access('administer')) {
         $this->messages->add('Permission denied.', 'error');
         redirect('');
         return;
     }
     return;
 }
Пример #8
0
 public function index()
 {
     check_access(TRUE, TRUE);
     $data = array('title' => $this->title, 'menu' => $this->load->view('menu', NULL, TRUE), 'create_url' => site_url('/auth/register'), 'edit_url' => !isset($this->view['edit']) || $this->view['edit'] !== FALSE ? site_url(uri_string() . '/edit/{id}') : NULL, 'delete_url' => !isset($this->view['delete']) || $this->view['delete'] !== FALSE ? site_url(uri_string() . '/delete/{id}') : NULL, 'fields' => $this->processDynamicSource($this->fields, array(__FUNCTION__)));
     $r = $this->db->get($this->table);
     $data['data'] = $r->result_array();
     foreach ($data['data'] as &$v) {
         $v = $this->processItemSource($v, __FUNCTION__);
     }
     $this->load->view($this->view[__FUNCTION__], $data);
 }
Пример #9
0
 function Welcome()
 {
     parent::Controller();
     /* Check access */
     if (!check_access('change account settings')) {
         $this->messages->add('Permission denied.', 'error');
         redirect('');
         return;
     }
     return;
 }
Пример #10
0
 function Printer()
 {
     parent::Controller();
     $this->load->model('Setting_model');
     /* Check access */
     if (!check_access('change account settings')) {
         $this->messages->add('Permission denied.', 'error');
         redirect('');
         return;
     }
     return;
 }
Пример #11
0
 function Report()
 {
     parent::Controller();
     $this->load->model('Ledger_model');
     /* Check access */
     if (!check_access('view reports')) {
         $this->messages->add('Permission denied.', 'error');
         redirect('');
         return;
     }
     return;
 }
Пример #12
0
function call_tour_move_text()
{
    global $local_stats, $id, $confirm, $target, $tool;
    include_once 'inc/functions/resort_tools.php';
    check_access($tool);
    $alli_id = '';
    if (isset($_POST['alli_id'])) {
        $alli_id = intval($_POST['alli_id']);
    }
    echo '<h2>ORKFiA Tour!</h2>';
    $strForm = "<form method=\"post\" action=\"" . $_SERVER['REQUEST_URI'] . "\">" . '<label>Where is our touring tribe? Alliance #</label> ' . '<input name="alli_id" size="3" value="' . $alli_id . '"/><br /><br />';
    if (isset($_POST['alli_id']) && !empty($_POST['alli_id'])) {
        $iAlliance = intval($_POST['alli_id']);
        include 'inc/functions/vote.php';
        // select everyone in this alliance
        $strSQL = "SELECT * " . "  FROM stats " . " WHERE kingdom = " . $iAlliance . " ORDER BY tribe ASC";
        $result = mysql_query($strSQL) or die("Elder Defect:" . mysql_error());
        $strForm .= "<label>Select the lucky tribe</label>: " . '<select name="id" size="1">' . render_option_list($result, TRIBE, ID, 0) . '</select><br /><br />' . '<label>Where will they apparate to? Alliance #</label>: ' . '<input name="target" size="5" /><br /><br />' . '<input type="submit" value="Move Tourer" name="confirm">';
    } else {
        $strForm .= '<input type="submit" value="Choose Alliance" name="confirm">';
    }
    $strForm .= "</form>";
    echo $strForm;
    if (isset($_POST['confirm']) && isset($_POST['id']) && !empty($_POST['id']) && isset($_POST['target']) && !empty($_POST['target'])) {
        $id = intval($_POST['id']);
        $target = intval($_POST['target']);
        $trgTmpUser = new clsUser($id);
        $strTribeName = ucwords(stripslashes($trgTmpUser->get_stat(TRIBE)));
        if ($trgTmpUser->get_build(LAND) != 1) {
            echo '<p>"W-T-F mate?" That was not a tourer tribe.</p></div>';
            include_game_down();
            exit;
        } elseif ($target < 11) {
            echo '<p>"W-T-F mate?" No apparating into staff alliances.</p></div>';
            include_game_down();
            exit;
        }
        echo "<p>Leader! The tribe of " . $strTribeName . " has now apparated to alliance #<strong>{$target}</strong>. Let us hope that neither of their citizens got splinched.</p>";
        $orkTime = date(TIMESTAMP_FORMAT);
        $search = mysql_query("SELECT * FROM stats WHERE id = {$id}");
        $search = mysql_fetch_array($search);
        //mysql_query("UPDATE stats SET kingdom = $target, type ='player', invested = 0 where id = $id");
        //mysql_query("UPDATE rankings_personal SET alli_id = $target where id = $id");
        //mysql_query("UPDATE stats SET vote = 0, invested = 0 WHERE vote = $id");
        //mysql_query("UPDATE goods SET credits = 0, market_money = 0, market_food = 0, market_soldiers = 0, market_wood = 0 WHERE id = $id");
        include_once 'inc/staff/move.inc.php';
        move_tribe($id, $target);
        mysql_query("INSERT INTO news (id, time, ip, type, duser, ouser, result, text, kingdom_text, kingdoma, kingdomb) VALUES ('', '{$orkTime}', '---', 'Tour Move', '0', '0', '1', '', '<span class=\"indicator\">{$search['tribe']} has joined our alliance. Long live Orkfia! Long live the tour!</span>', '', '{$target}')");
    }
}
Пример #13
0
 public function create_post($survey_id = 0)
 {
     check_access(TRUE);
     $set = array('survey_id' => $survey_id, 'writer_id' => $this->auth->user()->id, 'response_json' => json_encode($_POST));
     if ($this->db->insert($this->table, $set) !== FALSE) {
         $list = json_encode(site_url(dirname(uri_string())));
         $this->output->append_output("<script>\n                    alert('Thank you for your participation!');\n                    window.parent.location = {$list};\n                </script>");
     } else {
         $e = $this->db->error();
         if ($e['code'] == 1062) {
             $this->output->append_output("<script>alert('You have done this survey already!');</script>");
         } else {
             $this->dbError();
         }
     }
 }
Пример #14
0
function call_update_text()
{
    $tool = $_GET['tool'];
    include_once 'inc/functions/resort_tools.php';
    check_access($tool);
    echo "'Updating' a tribe means updating the rankings and alliscreen, " . "not giving an actual update.<br /><br />" . "<form method='post' action='{$_SERVER['REQUEST_URI']}'>" . "User id to update: <input name='id' size='5' /><br /><br />" . "<input type='submit' value='Update' name='op' />" . "</form>";
    if (isset($_POST['op']) && !empty($_POST['id'])) {
        $id = $_POST['id'];
        $op = $_POST['op'];
        include_once 'inc/functions/update.php';
        include_once 'inc/functions/update_ranking.php';
        $objTrgUser = new clsUser($id);
        doUpdateRankings($objTrgUser, 'yes');
        check_to_update($objTrgUser->get_userid());
        echo "<br /><br />User " . $objTrgUser->get_userid() . " updated =)";
    }
}
Пример #15
0
function call_unsuspend_text()
{
    $tool = $_GET['tool'];
    include_once 'inc/functions/resort_tools.php';
    check_access($tool);
    echo "<form method='post' action='{$_SERVER['REQUEST_URI']}'>" . "User id to unsuspend: <input name='id' size='5' /><br /><br />" . "<input type='submit' value='Unsuspend' name='op' />" . "</form>";
    if (isset($_POST['op']) && !empty($_POST['id'])) {
        $id = $_POST['id'];
        $objTrgUser = new clsUser($id);
        $arrTrgUser = array(PAUSE_ACCOUNT => 0);
        $objTrgUser->set_user_infos($arrTrgUser);
        // Forced Ranking Update
        include_once 'inc/functions/update_ranking.php';
        doUpdateRankings($objTrgUser, 'yes');
        echo "<br /><br />User " . $objTrgUser->get_userid() . " unsuspended =)";
    }
}
Пример #16
0
function call_tourers_text()
{
    require_once 'inc/functions/resort_tools.php';
    check_access($_GET['tool']);
    require_once 'inc/functions/mail.php';
    // first the "actually do something if asked" thing
    if (isset($_POST['id']) && isset($_POST['submit']) && isset($_POST['sure']) && $_POST['sure'] == 'yes') {
        //get the old values
        $objTrgUser = new clsUser($_POST['id']);
        $arrBuilds = $objTrgUser->get_builds();
        $arrArmys = $objTrgUser->get_armys();
        $intFame = $objTrgUser->get_stat(FAME);
        //make the new values
        $keysBuilds = array_keys($arrBuilds);
        $valsBuilds = array_fill(0, count($arrBuilds), 0);
        $arrBuilds = array_combine($keysBuilds, $valsBuilds);
        $arrBuilds[ID] = $_POST['id'];
        //DO NOT FORGET
        $arrBuilds[LAND] = 1;
        //prevent div0s
        $keysArmys = array_keys($arrArmys);
        $valsArmys = array_fill(0, count($arrArmys), 0);
        $arrArmys = array_combine($keysArmys, $valsArmys);
        $arrArmys[ID] = $_POST['id'];
        //DO NOT FORGET
        $intFame = 0;
        $arrUserInfo = array(NEXT_ATTACK => 1, PAUSE_ACCOUNT => 48);
        //set the new values
        $objTrgUser->set_builds($arrBuilds);
        $objTrgUser->set_armys($arrArmys);
        $objTrgUser->set_stat(FAME, $intFame);
        //update the tribe too
        require_once 'inc/functions/update.php';
        require_once 'inc/functions/update_ranking.php';
        doUpdateRankings($objTrgUser, true);
        check_to_update($objTrgUser->get_userid());
        //do this afterwards, otherwise the updaterankings doesn't work too well
        $objTrgUser->set_user_infos($arrUserInfo);
        //tell them about it
        send_mail($GLOBALS['objSrcUser']->get_userid(), $_POST['id'], "You have been tourified", "This is an automated message indicating that I have used the 'Tourify' tool to turn your tribe into a tourer tribe.");
        echo "User {$_POST['id']} has been tourified. ORKFiA mail has been sent to let him know.<br /><br /><br />";
    }
    echo "'Tourifying' a tribe means setting it to 1 land, 0 fame, removing all military and suspending it. " . "Please make sure you're tourifying the right tribe, because the only way to undo this is resetting." . "<br /><br /><form method=\"post\" action=\"{$_SERVER['REQUEST_URI']}\">" . "<label for=\"id\">User id of tribe to tourify </label>" . "<input type=\"text\" id=\"id\" name=\"id\" size=\"5\" maxlength=\"5\" /><br />" . "<input type=\"checkbox\" id=\"sure\" name=\"sure\" value=\"yes\" />" . "<label for=\"sure\"> I'm sure I want to tourify this tribe</label><br />" . "<input type=\"submit\" name=\"submit\" value=\"tourify\" />" . "</form>";
}
Пример #17
0
 function clear()
 {
     /* Check access */
     if (!check_access('clear log')) {
         $this->messages->add('Permission denied.', 'error');
         redirect('log');
         return;
     }
     /* Check for account lock */
     if ($this->config->item('account_locked') == 1) {
         $this->messages->add('Account is locked.', 'error');
         redirect('log');
         return;
     }
     if ($this->db->truncate('logs')) {
         $this->messages->add('Log cleared.', 'success');
         redirect('log');
     } else {
         $this->messages->add('Error clearing Log.', 'error');
         redirect('log');
     }
     return;
 }
Пример #18
0
if ($_SESSION['logged_in'] == 1) {
    require_once "../includes/inc_functions.php";
    //Contains functions: add_line, rm_line, get_incidents
    require_once "../classes/mydb_class.php";
    if (isset($_GET['sort_by'])) {
        $_SESSION['sort_view_by'] = $_GET['sort_by'];
    } elseif (!isset($_SESSION['sort_view_by'])) {
        $_SESSION['sort_view_by'] = "date";
    }
    if (isset($_GET['function'])) {
        $function = $_GET['function'];
    } else {
        $function = "";
    }
    $allow_edit = 0;
    if (check_access("edit_incidents")) {
        $allow_edit = 1;
    }
} else {
    header('location: http://www.siskiyourappellers.com/admin/index.php');
}
?>




<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml2/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">

<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
Пример #19
0
*/
require_once '../includes/auth_functions.php';
//	require_once('../classes/roster_class.php');
require_once '../classes/person_class.php';
//	require_once('../classes/course_enrollment_class.php');
include "../includes/g_calendar_functions.php";
//if(substr(strtolower($_SERVER['PHP_SELF']),1,9) == "incidents") header('location: http://incidents.siskiyourappellers.com');
//$php_self = "http://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
$php_self = $_SERVER['PHP_SELF'];
if ($_GET['logout'] == 1) {
    session_destroy();
    session_start();
}
if ($_SESSION['logged_in'] == 1) {
    $allow_edit = 0;
    if (check_access("edit_training")) {
        $allow_edit = 1;
    }
} else {
    header('location: http://www.siskiyourappellers.com/admin/index.php');
}
?>




<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml2/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">

<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<?php

include __DIR__ . "/include.php";
check_access(ADMIN);
list($id) = apiCheckParams("id");
apiAction(function () use($id) {
    dbExecute("DELETE FROM feedback WHERE challenge = :id", ['id' => $id]);
    dbExecute("DELETE FROM solved_challenge WHERE challenge = :id", ['id' => $id]);
    dbExecute("DELETE FROM challenge WHERE id = :id", ['id' => $id]);
});
Пример #21
0
 function delete($id)
 {
     /* Check access */
     if (!check_access('delete inventory item')) {
         $this->messages->add('Permission denied.', 'error');
         redirect('inventory/account');
         return;
     }
     /* Check for account lock */
     if ($this->config->item('account_locked') == 1) {
         $this->messages->add('Account is locked.', 'error');
         redirect('inventory/account');
         return;
     }
     /* Checking for valid data */
     $id = $this->input->xss_clean($id);
     $id = (int) $id;
     if ($id < 1) {
         $this->messages->add('Invalid Inventory Item.', 'error');
         redirect('inventory/account');
         return;
     }
     /* Get the inventory item details */
     $this->db->from('inventory_items')->where('id', $id);
     $inventory_item_q = $this->db->get();
     if ($inventory_item_q->num_rows() < 1) {
         $this->messages->add('Invalid Inventory Item.', 'error');
         redirect('inventory/account');
         return;
     } else {
         $inventory_item_data = $inventory_item_q->row();
     }
     /* Deleting item */
     $this->db->trans_start();
     if (!$this->db->delete('inventory_items', array('id' => $id))) {
         $this->db->trans_rollback();
         $this->messages->add('Error deleting Inventory Item - ' . $inventory_item_data->name . '.', 'error');
         $this->logger->write_message("error", "Error deleting Inventory Item called " . $inventory_item_data->name . " [id:" . $id . "]");
         redirect('inventory/account');
         return;
     } else {
         $this->db->trans_complete();
         $this->messages->add('Deleted Inventory Item - ' . $inventory_item_data->name . '.', 'success');
         $this->logger->write_message("success", "Deleted Inventory Item called " . $inventory_item_data->name . " [id:" . $id . "]");
         redirect('inventory/account');
         return;
     }
     return;
 }
Пример #22
0
</head>
<body>
<div id="container">
	<div id="header">
		<div id="logo">
			<?php 
echo anchor('', 'Webzash', array('class' => 'anchor-link-b'));
?>
		</div>
		<?php 
if ($this->session->userdata('user_name')) {
    echo "<div id=\"admin\">";
    echo anchor('', 'Accounts', array('title' => "Accounts", 'class' => 'anchor-link-b'));
    echo " | ";
    /* Check if allowed administer rights */
    if (check_access('administer')) {
        echo anchor('admin', 'Administer', array('title' => "Administer", 'class' => 'anchor-link-b'));
        echo " | ";
    }
    echo anchor('user/profile', 'Profile', array('title' => "Profile", 'class' => 'anchor-link-b'));
    echo " | ";
    echo anchor('user/logout', 'Logout', array('title' => "Logout", 'class' => 'anchor-link-b'));
    echo "</div>";
}
?>
		<div id="info">
			<?php 
echo $this->config->item('account_name');
echo " (";
echo anchor('user/account', 'change', array('title' => 'Change active account', 'class' => 'anchor-link-a'));
echo ")<br />";
Пример #23
0
if (isset($id_area)) {
    settype($id_area, "integer");
    $id_site = mrbsGetAreaSite($id_area);
}
if (!isset($id_site)) {
    $id_site = isset($_POST['id_site']) ? $_POST['id_site'] : (isset($_GET['id_site']) ? $_GET['id_site'] : -1);
}
settype($id_site, "integer");
$back = '';
if (isset($_SERVER['HTTP_REFERER'])) {
    $back = htmlspecialchars($_SERVER['HTTP_REFERER']);
}
$day = date("d");
$month = date("m");
$year = date("Y");
check_access(4, $back);
//print the page header
print_header("", "", "", $type = "with_session");
// Affichage de la colonne de gauche
include "admin_col_gauche.php";
// If area is set but area name is not known, get the name.
if (isset($_GET['msg'])) {
    $msg = $_GET['msg'];
    affiche_pop_up($msg, "admin");
}
if (isset($id_area)) {
    if (empty($area_name)) {
        $res = grr_sql_query("SELECT area_name, access FROM " . TABLE_PREFIX . "_area WHERE id={$id_area}");
        if (!$res) {
            fatal_error(0, grr_sql_error());
        }
Пример #24
0
 function account()
 {
     $this->template->set('page_title', 'Change Account');
     $this->load->library('general');
     /* Show manage accounts links if user has permission */
     if (check_access('administer')) {
         $this->template->set('nav_links', array('admin/create' => 'Create account', 'admin/manage' => 'Manage accounts'));
     }
     /* Check access */
     if (!$this->session->userdata('user_name')) {
         $this->messages->add('Permission denied.', 'error');
         redirect('');
         return;
     }
     /* Currently active account */
     $data['active_account'] = $this->session->userdata('active_account');
     /* Getting list of files in the config - accounts directory */
     $accounts_list = get_filenames($this->config->item('config_path') . 'accounts');
     $data['accounts'] = array();
     if ($accounts_list) {
         foreach ($accounts_list as $row) {
             /* Only include file ending with .ini */
             if (substr($row, -4) == ".ini") {
                 $ini_label = substr($row, 0, -4);
                 $data['accounts'][$ini_label] = $ini_label;
             }
         }
     }
     /* Check user ini file */
     if (!($active_user = $this->general->check_user($this->session->userdata('user_name')))) {
         redirect('user/profile');
         return;
     }
     /* Filter user access to accounts */
     if ($active_user['accounts'] != '*') {
         $valid_accounts = explode(",", $active_user['accounts']);
         $data['accounts'] = array_intersect($data['accounts'], $valid_accounts);
     }
     /* Form validations */
     $this->form_validation->set_rules('account', 'Account', 'trim|required');
     /* Repopulating form */
     if ($_POST) {
         $data['active_account'] = $this->input->post('account', TRUE);
     }
     /* Validating form : only if label name is not set from URL */
     if ($this->form_validation->run() == FALSE) {
         $this->messages->add(validation_errors(), 'error');
         $this->template->load('user_template', 'user/account', $data);
         return;
     } else {
         $data_active_account = $this->input->post('account', TRUE);
         /* Check for valid account */
         if (!array_key_exists($data_active_account, $data['accounts'])) {
             $this->messages->add('Invalid account selected.', 'error');
             $this->template->load('user_template', 'user/account', $data);
             return;
         }
         if (!$this->general->check_account($data_active_account)) {
             $this->template->load('user_template', 'user/account', $data);
             return;
         }
         /* Setting new account database details in session */
         $this->session->set_userdata('active_account', $data_active_account);
         $this->messages->add('Account changed.', 'success');
         redirect('');
     }
     return;
 }
Пример #25
0
<?
     $use_title="Template Manager"; 
     
     $_SESSION['selected_doc_type_id']=0;
     
     include('header.php'); 
     
     $valid_access=check_access($page_name);
     
	$template_list="";	
	$template_form="";
	
	if(!isset($_GET['id']))			$_GET['id']=0;

	//list templates

	$template_list="<a href='templates.php?id=0'><div class='tempate_editor_adder'>Add New Template</div></a>";	
	$sql = "
		select * 
		from templates
		where deleted=0	
		order by archived asc,template_name asc,id asc
	";
	$data=simple_query($sql);
	while($row=mysqli_fetch_array($data))
	{
		$template_list.="<a href='templates.php?id=".$row['id']."'><div class='tempate_editor_list".($row['archived'] > 0 ? " archived" : "")."'>".$row['template_name']."</div></a>";	
	}
		
		
	//template set-up for selected template.
Пример #26
0
     if ($_POST[save_status]) {
         //echo "status";
         check_access("revision_action");
         $query = "UPDATE {$table}\r\n                      SET status=" . sec_input(sec_sql($_POST["status"])) . "\r\n                      WHERE id=\"{$order}\"";
         sql_update($query);
     }
     if ($_POST[save_zakaznik]) {
         //echo "status";
         check_access("revision_action");
         $query = "UPDATE {$table}\r\n                      SET id_zakaznik=" . sec_input(sec_sql($_POST["zakaznik"])) . "\r\n                      WHERE id=\"{$order}\"";
         sql_update($query);
     }
     display_all_revisions($order);
     // ak je vybratá objednavka, zobrazi vsetky jej revizie
 } else {
     check_access("objednavka_edit");
     $form_data = sql_query("SELECT meno, adresa, mesto, ico_icdph, telefon, email, id_material as material,\r\n                                    id_hrubka as hrubka_rev, id_vyrobca as vyrobca, id_dekor as dekor, dekor_vlastny, komentar,\r\n                                    komentar_private\r\n                                    FROM revizia \r\n                                    WHERE id_obj=\"{$order}\" AND id=\"{$revision}\" \r\n                                    LIMIT 1");
     $form_data_narez = sql_query("SELECT ks, dlzka, sirka, nazov, poznamka, hrubka, orientacia,\r\n                                    hrana1, hrana2, hrana3, hrana4, duplak_paska, roh1x, roh1y, roh2x, roh2y,\r\n                                    roh3x, roh3y, roh4x, roh4y\r\n                                    FROM porez \r\n                                    WHERE id_revizia=\"{$revision}\"");
     //var_dump($form_data_narez);
     $form_data = $form_data[0];
     $fieldsets_c = count($form_data_narez);
     for ($i = 0; $i < $fieldsets_c; $i++) {
         $ks[$i] = $form_data_narez[$i][ks];
         $dlzka[$i] = $form_data_narez[$i][dlzka];
         $sirka[$i] = $form_data_narez[$i][sirka];
         $nazov[$i] = $form_data_narez[$i][nazov];
         $poznamka[$i] = $form_data_narez[$i][poznamka];
         $hrubka[$i] = $form_data_narez[$i][hrubka];
         $orientacia[$i] = $form_data_narez[$i][orientacia];
         $hrana1[$i] = $form_data_narez[$i][hrana1];
         $hrana2[$i] = $form_data_narez[$i][hrana2];
Пример #27
0
 *
 * You should have received a copy of the GNU General Public License
 * along with GRR; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */
include "include/admin.inc.php";
$grr_script_name = "admin_config_sso.php";
$back = '';
if (isset($_SERVER['HTTP_REFERER'])) {
    $back = htmlspecialchars($_SERVER['HTTP_REFERER']);
}
if (Settings::get("sso_ac_corr_profil_statut") != 'y') {
    showAccessDenied($back);
    exit;
}
check_access(5, $back);
$themessage = str_replace("'", "\\'", get_vocab("confirmdel"));
$themessage2 = str_replace("'", "\\'", get_vocab("confirm_del"));
//
// Ajout d'une correspondance fonction/statut
//
$msg = "";
if (isset($_GET['action_add']) && $_GET['action_add'] == 'yes') {
    if ($_POST['codefonc'] != "" && $_POST['libfonc'] != "" && $_POST['statutgrr'] != "") {
        $sql = "INSERT INTO " . TABLE_PREFIX . "_correspondance_statut (code_fonction, libelle_fonction, statut_grr) VALUES ('" . strtoupper(protect_data_sql($_POST['codefonc'])) . "', '" . ucfirst(protect_data_sql($_POST['libfonc'])) . "','" . $_POST['statutgrr'] . "')";
        if (grr_sql_command($sql) < 0) {
            fatal_error(0, "<p>" . grr_sql_error());
        } else {
            $msg = get_vocab("message_records");
        }
    } else {
<?php

include __DIR__ . "/include.php";
check_access(TEACHER);
list($class, $challenge) = apiCheckParams("class", "challenge");
$user = $_SESSION["user"];
$extra = isset($_POST["extra"]);
apiCheck(dbExists(isTeacher() ? "SELECT id FROM class WHERE id = :class AND teacher = :teacher" : "SELECT id FROM class WHERE id = :class AND :teacher != -1", ['class' => $class, "teacher" => $user]), "Ungültige Klasse");
apiCheck(dbExists("SELECT id FROM challenge WHERE id = :id", ["id" => $challenge]), "Ungültige Challenge");
apiCheck(!dbExists("SELECT * FROM solved_challenge WHERE class = :class AND challenge = :challenge", ["class" => $class, "challenge" => $challenge]), "Challenge wurde von der Klasse schon gelöst");
apiCheck(!$extra || dbExists("SELECT id FROM challenge WHERE id = :id AND extrapoints IS NOT NULL", ["id" => $challenge]), "Kann keine Extrapunkte für Challenge ohne Extrapunkte setzen!");
apiAction(function () use($class, $challenge, $extra) {
    checkMilestone($class, function () use($class, $challenge, $extra) {
        dbExecute("INSERT INTO solved_challenge (class, challenge, extra, at) VALUES (:class, :challenge, :extra, NOW())", ["class" => $class, "challenge" => $challenge, "extra" => $extra]);
    });
});
Пример #29
0
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with GRR; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */
include "include/admin.inc.php";
$grr_script_name = "admin_view_connexions.php";
$back = '';
if (isset($_SERVER['HTTP_REFERER'])) {
    $back = htmlspecialchars($_SERVER['HTTP_REFERER']);
}
$day = date("d");
$month = date("m");
$year = date("Y");
check_access(6, $back);
if (isset($_POST['cleanDay']) && isset($_POST['cleanMonth']) && isset($_POST['cleanYear'])) {
    $sql = "DELETE FROM " . TABLE_PREFIX . "_log WHERE START < '" . $_POST['cleanYear'] . "-" . $_POST['cleanMonth'] . "-" . $_POST['cleanDay'] . "' and END < now()";
    $res = grr_sql_query($sql);
}
print_header("", "", "", $type = "with_session");
include "admin_col_gauche.php";
echo "<h2>" . get_vocab('admin_view_connexions.php') . "</h2>";
echo "<h3>" . get_vocab("users_connected") . "</h3>";
?>
<div title="Utilisateur connecté">
	<ul>
		<?php 
$sql = "SELECT u.login, concat(u.prenom, ' ', u.nom) utilisa, u.email FROM " . TABLE_PREFIX . "_log l, " . TABLE_PREFIX . "_utilisateurs u WHERE (l.LOGIN = u.login and l.END > now())";
$res = grr_sql_query($sql);
if ($res) {
Пример #30
0
 /**
  * @param $tag
  * @param $content
  * @usage <control access="Admin/Posts/NOVERIFY">需要权限而显示的内容</control>
  * access="Group/Controller/action"
  * @return bool
  */
 public function _accesscontrol($tag, $content)
 {
     $access = isset($tag['access']) ? $tag['access'] : "";
     if (check_access($access)) {
         return $content;
     } else {
         return false;
     }
 }