function create_list($arr, $ord) { if ($ord == 0) { $html = "\n<ul class='sidebar-menu'>\n"; } else { $html = "\n<ul class='treeview-menu'>\n"; } $html .= "<li class='header'>" . (isset($menu_header) ? $menu_header : "") . "</li>\n"; foreach ($arr as $key => $v) { if (array_key_exists('children', $v)) { $html .= "<li class='treeview'>\n"; $html .= '<a href="#"> <i class="' . $v['icon'] . '"></i> <span>' . $v['menu_item_name'] . '</span> <i class="fa fa-angle-left pull-right"></i> </a>'; $html .= create_list($v['children'], 1); $html .= "</li>\n"; } else { $html .= '<li><a href="' . $v['url'] . '">'; if ($ord == 0) { $html .= '<i class="' . $v['icon'] . '"></i>'; } if ($ord == 1) { $html .= '<i class="fa fa-angle-double-right"></i>'; } $html .= $v['menu_item_name'] . "</a></li>\n"; } } $html .= "</ul>\n"; return $html; }
function menuLayout($name) { $nombre_archivo = $_SERVER['REQUEST_URI']; $url = explode("/", $nombre_archivo); $posicion_coincidencia = strpos($url[4], "?"); if ($posicion_coincidencia) { $dominio = substr($url[4], 0, $posicion_coincidencia); $url[4] = $dominio; } $url[4] = '../../' . $url[2] . '/' . $url[3] . '/' . $url[4]; echo ' <section class="sidebar" > <!-- Sidebar user panel --> <div class="user-panel"> <div class="pull-left image"> <img src="../../static/css/img/avatar5.png" class="img-circle" alt="User Image" /> </div> <div class="pull-left info"> <p>Hola, ' . htmlentities($name) . '</p> <a href="#"><i class="fa fa-circle text-success"></i> Online</a> </div> </div> <!-- sidebar menu: : style can be found in sidebar.less --> <ul class="sidebar-menu">'; $servicios = new servicios(); $valores = create_list(); foreach ($valores as $value) { if ($value['hijos']) { $re = $servicios->filter_by_value($value['hijos'], 'url', $url[4]); // foreach ($value['hijos'] as $va) { // $niet[] = $servicios->filter_by_value($va['nietos'], 'url', $url[2]); // } // var_dump($niet[0][0]["url"]);exit; // $nieto = $servicios->filter_by_value($value['nietos'], 'url', $url[2]); if (isset($re)) { $info = 'treeview active'; echo '<li class="' . $info . '">'; } else { $info = 'treeview'; echo '<li class="' . $info . '">'; } } else { $nieto = $servicios->filter_by_value($value['nietos'], 'url', $url[4]); if ($nieto || $value['url'] == $url[4]) { echo '<li class="active">'; } else { echo '<li class="">'; } } echo '<a href="' . $value['url'] . '"> <i class="fa fa-table"></i> <span>' . $value['descripcion'] . '</span>'; if ($value['hijos']) { echo '<i class="fa fa-angle-left pull-right"></i>'; } echo ' </a>'; if ($value['hijos']) { echo '<ul class="treeview-menu">'; foreach ($value['hijos'] as $valor) { echo $valor['url'] == $url[4] ? '<li class="active">' : '<li class="">'; echo ' <a href="' . $valor['url'] . '"><i class="fa fa-angle-double-right"></i>' . $valor['descripcion'] . '</a> </li>'; } echo '</ul>'; } echo ' </li>'; } echo ' </ul> </section> <!-- /.sidebar --> </aside>'; }
echo $row["assessment_id"]; ?> '><?php echo $row['expected_outcome']; ?> </a> <?php echo "<br>"; echo $string1; } } } // Set user name and password $wwwuser = '******'; $wwwpass = '******'; // last updated 03/26/15 mh $username = '******'; $dbh = new PDO('mysql:host=localhost;dbname=Assessment_2', $wwwuser, $wwwpass); // $dbh = new PDO('mysql:host=localhost;dbname=Assessment_2', root, 'europe-guilty-kaleidoscope-head'); // foreach($dbh->query("select * from users where users_username='******'") ->fetchAll(PDO::FETCH_ASSOC) as $row) foreach ($dbh->query("select * from users as us\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tinner join user_team as ut\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ton us.users_id = ut.users_id\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tinner join team te\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ton ut.team_id=te.team_id where users_username='******'")->fetchAll(PDO::FETCH_ASSOC) as $row) { //print_r($row); $users_id = $row['users_id']; $fname = $row['users_fname']; $lname = $row['users_lname']; $team = $row['team_name']; } $reassessment_sql = "select expected_outcome, assessment_id from assessment where users_id = '{$users_id}' AND ReAssessment='1'"; //echo $reassessment_sql; create_list("reassessment", $reassessment_sql);
function build_listado_acordes() { // Grid de acordes global $ins, $dic, $Path; $searchbox = $ins['searchbox'] ? $ins['searchbox'] : false; $sqlData = select_acordes($searchbox); $y = 0; if ($sqlData) { foreach ($sqlData as $row) { $seccion = 'acordes'; $id = $row[id_acorde]; $valor = $row[acorde]; $tblData[$y] = $row; unset($tblData[$y][combo], $tblData[$y][img_guitar], $tblData[$y][img_piano], $tblData[$y][img_bass]); $tblData[$y][acorde] = '<span class="editar campo-editable" data-pk="' . $id . '" data-title="' . $dic[ico][editar] . '" title="' . $dic[ico][editar] . '">' . $valor . '</span> <span id="frm-msj_' . $id . '"></span>'; $tblData[$y][notas] = '<span class="editar campo-editable" data-name="notas" data-pk="' . $id . '" data-title="' . $dic[ico][editar] . '" title="' . $dic[ico][editar] . '">' . create_list(explode('|', implode(',|', explode(',', $row[notas])))) . '</span>'; $tblData[$y][guitarra] = '<span style="text-align:center; vertical-align:middle;" class="editar campo-editable" data-type="file" data-name="img_guitar" data-pk="' . $id . '" data-title="' . $dic[ico][editar] . '" title="' . $dic[ico][editar] . '">' . '<img class="img-zoom" src="' . $Path[chordsurl] . $row[img_guitar] . '" data-zoom-image="' . $Path[chordsurl] . $row[img_guitar] . '" width="50%"/></span>'; $tblData[$y][piano] = '<span style="text-align:center; vertical-align:middle; margin-top: 8%;" class="editar campo-editable" data-type="file" data-name="img_piano" data-pk="' . $id . '" data-title="' . $dic[ico][editar] . '" title="' . $dic[ico][editar] . '">' . '<img class="img-zoom" src="' . $Path[chordsurl] . $row[img_piano] . '" data-zoom-image="' . $Path[chordsurl] . $row[img_piano] . '" width="50%"/></span>'; $tblData[$y][bajo] = '<span style="text-align:center; vertical-align:middle;" class="editar campo-editable" data-type="file" data-name="img_bass" data-pk="' . $id . '" data-title="' . $dic[ico][editar] . '" title="' . $dic[ico][editar] . '">' . '<img class="img-zoom" src="' . $Path[chordsurl] . $row[img_bass] . '" data-zoom-image="' . $Path[chordsurl] . $row[img_bass] . '" width="50%"/></span>'; $tblData[$y][quitar] = ico_eliminar($id, "activate('frm-captura-" . $seccion . "','" . $seccion . "'," . $id . ');'); $y++; } } return build_grid_paginado($tblData, $titulos); }
function filterByElement($s3ql, $user_id, $db) { switch ($s3ql['from']) { case 'users': #$user_query_const .= " and account_type !=".$regexp." '(u|p|a|r)'"; $user_query_const .= " and account_type != 'g'"; if (!user_is_admin($user_id, $db) || $s3ql['where']['account_status'] == '') { $user_query_const .= " and account_status = 'A'"; } if ($s3ql['where']['group_id'] != '') { $group_info = s3info('group', $s3ql['where']['group_id'], $db); if (!is_array($group_info)) { return False; echo formatReturn($GLOBALS['error_codes']['something_does_not_exist'], 'Group ' . $s3ql['where']['group_id'] . ' does not exist', $s3ql['format'], ''); } else { #$group_members_query=str_replace("*", "substr(uid, 2, length(uid))", select(array('uid'=>'U'.$s3ql['where']['user_id'], 'shared_with'=>'G'.$s3ql['where']['group_id']))); $group_members_query = str_replace("*", "replace(substr(uid, 2, length(uid)), '" . $GLOBALS['Did'] . '/U' . "', '')", select(array('uid' => 'U' . $s3ql['where']['user_id'], 'shared_with' => 'G' . $s3ql['where']['group_id']))); $user_query_const .= " and account_id in (" . $group_members_query . ")"; #group_id is artifical, don't use it in determining output $s3ql['where'] = array_diff_key($s3ql['where'], array('group_id' => '')); $s3ql['where'] = array_filter($s3ql['where']); } } #if there is any coreID, this is a check on permissions. Check first if user can query the resource, then check for permission $COREids = $GLOBALS['COREids']; foreach ($COREids as $s3code => $s3coreId) { if ($s3ql['where'][$s3coreId] != '' && $s3coreId != 'user_id') { $stream = "upstream"; $id_name = $s3coreId; $code_id = $s3ql['where'][$s3coreId]; $uid = strtoupper(substr($s3code, 0, 1)) . $s3ql['where'][$s3coreId]; $element_info = URIinfo($uid, $user_id, $s3ql['key'], $db); if (!is_array($element_info)) { echo formatReturn($GLOBALS['error_codes']['something_missing'], $uid . ' was not found', $s3ql['format'], ''); return false; } if (!$element_info['view']) { echo formatReturn($GLOBALS['error_codes']['no_permission_message'], $uid . ' was not found', $s3ql['format'], ''); return false; } $user_query_const .= " and account_id in (" . str_replace('*', 'substr(shared_with,2,length(shared_with))', select(array('shared_with' => 'U', 'uid' => $uid, 'stream' => 'upstream'))) . ")"; } } break; case 'groups': #secial query will be pefrformed on listS3DB. $user_query_const .= " and account_type " . $GLOBALS['regexp'] . " '(g)'"; if ($group_id != '1' || $s3ql['where']['account_status'] != 'I') { $user_query_const .= " and account_status = 'A'"; } if ($s3ql['where']['user_id'] != '') { $user_members = select(array('uid' => 'U' . $s3ql['where']['user_id'], 'shared_with' => 'G' . $s3ql['where']['group_id'], 'stream' => 'upstream')); $user_members_query = str_replace("*", "substr(shared_with, 2, length(shared_with))", $user_members); $user_query_const .= " and account_id in (" . $user_members_query . ")"; #$user_query_const .= " and account_id in (select group_id from s3db_account_group where account_id ".$regexp." ".$s3ql['where']['user_id'].")"; $s3ql['where'] = array_diff_key($s3ql['where'], array('user_id' => '')); $s3ql['where'] = array_filter($s3ql['where']); } #implicated user id. When queried with user_id, this query gives all the groups where user_id is involved, which are all the groups he can change. break; case 'accesslog': #if(!user_is_admin($user_id, $db)) if ($user_id != '1' && !user_is_admin($user_id, $db)) { echo formatReturn($GLOBALS['error_codes']['no_permission_message'], 'User does not have permission to see accesslog', $s3ql['format'], ''); return False; } break; case 'rulelog': if ($user_id != '1') { $user_projects = findUserProjects($user_id, $db); $user_query_const .= " and project_id " . $regexp . " " . create_list($user_projects) . ""; } break; case 'keys': $P['table'] = 'access_keys'; if ($user_id != '1') { $user_query_const .= " and account_id = '" . $user_id . "'"; } break; case 'filekeys': $P['table'] = 'file_transfer'; if ($user_id != '1') { $user_query_const .= " and created_by = '" . $user_id . "'"; } break; case 'projects': if ($user_id != '1' && $s3ql['where']['project_status'] != 'I') { $user_query_const .= " and project_status = 'A'"; } break; case 'requests': if ($user_id != '1') { $user_rules = findUserRules($user_id, $db); $user_query_const .= " and rule_id " . $regexp . " '" . create_list($user_rules) . "'"; } break; case 'rules': if ($s3ql['where']['class_id'] != '') { $class_info = URI('C' . $s3ql['where']['class_id'], $user_id, $db); $user_query_const .= " and (subject_id = '" . $class_info['resource_id'] . "' or object_id = '" . $class_info['resource_id'] . "')"; } break; case 'statements': # if ($s3ql['where']['class_id'] != '') { $class_info = URI('C' . $s3ql['where']['class_id'], $user_id, $db); $user_query_const .= " and rule_id = '" . $class_info['rule_id'] . "'"; } break; case 'collections': $user_query_const .= " and iid = '0'"; if ($s3ql['where']['rule_id'] != '') { $element_info = URI('R' . $s3ql['where']['rule_id'], $user_id, $db); $user_query_const .= " and resource_id '^" . $regexp . " " . fastClassID(array('entity' => $element_info['subject'], 'project_id' => $element_info['project_id'], 'db' => $db)) . "'\$'"; } break; case 'items': $user_query_const .= " and iid = '1'"; if ($s3ql['where']['rule_id'] != '') { $element_info = URI('R' . $s3ql['where']['rule_id'], $user_id, $db); $user_query_const .= " and resource_class_id '^" . $regexp . " " . fastClassID(array('entity' => $element_info['subject'], 'project_id' => $element_info['project_id'], 'db' => $db)) . "'\$'"; } break; } return $user_query_const; }
function filterByElement($s3ql, $user_id, $db) { switch ($s3ql['from']) { case 'users': #$user_query_const .= " and account_type !=".$regexp." '(u|p|a|r)'"; $user_query_const .= " and account_type != 'g'"; if (!user_is_admin($user_id, $db) || $s3ql['where']['account_status'] == '') { $user_query_const .= " and account_status = 'A'"; } if ($s3ql['where']['group_id'] != '') { $group_info = s3info('group', $s3ql['where']['group_id'], $db); if (!is_array($group_info)) { return False; echo formatReturn($GLOBALS['error_codes']['something_does_not_exist'], 'Group ' . $s3ql['where']['group_id'] . ' does not exist', $s3ql['format'], ''); } else { #$group_members_query=str_replace("*", "substr(uid, 2, length(uid))", select(array('uid'=>'U'.$s3ql['where']['user_id'], 'shared_with'=>'G'.$s3ql['where']['group_id']))); #$group_members_query=str_replace("*", "replace(substr(uid, 2, length(uid)), '".$GLOBALS['Did'].'/U'."', '')", select(array('uid'=>'U'.$s3ql['where']['user_id'], 'shared_with'=>'G'.$s3ql['where']['group_id']))); $group_members_query = "select id from s3db_permission where shared_with = 'G" . $s3ql['where']['group_id'] . "' and uid " . $GLOBALS['regexp'] . " '^U'"; $user_query_const .= " and account_id in (" . $group_members_query . ")"; #group_id is artifical, don't use it in determining output $s3ql['where'] = array_diff_key($s3ql['where'], array('group_id' => '')); $s3ql['where'] = array_filter($s3ql['where']); } } break; case 'groups': #secial query will be pefrformed on listS3DB. $user_query_const .= " and account_type " . $GLOBALS['regexp'] . " '(g)'"; if ($group_id != '1' || $s3ql['where']['account_status'] != 'I') { $user_query_const .= " and account_status = 'A'"; } if ($s3ql['where']['user_id'] != '') { $user2query = $s3ql['where']['user_id']; $user_members_query = "select shared_with_num from s3db_permission where shared_with " . $GLOBALS['regexp'] . " '^G' and uid = 'U" . $user2query . "'"; $user_query_const .= " and account_id in (" . $user_members_query . ")"; #$user_members = select(array('uid'=>'U'.$s3ql['where']['user_id'], 'shared_with'=>'G'.$s3ql['where']['group_id'], 'stream'=>'upstream')); #$user_members_query=str_replace("*", "substr(shared_with, 2, length(shared_with))", $user_members); #$user_query_const .= " and account_id in (select group_id from s3db_account_group where account_id ".$regexp." ".$s3ql['where']['user_id'].")"; $s3ql['where'] = array_diff_key($s3ql['where'], array('user_id' => '')); $s3ql['where'] = array_filter($s3ql['where']); } #implicated user id. When queried with user_id, this query gives all the groups where user_id is involved, which are all the groups he can change. break; case 'accesslog': #if(!user_is_admin($user_id, $db)) if ($user_id != '1' && !user_is_admin($user_id, $db)) { echo formatReturn($GLOBALS['error_codes']['no_permission_message'], 'User does not have permission to see accesslog', $s3ql['format'], ''); exit; //return (False); } break; case 'rulelog': if ($user_id != '1') { $user_projects = findUserProjects($user_id, $db); $user_query_const .= " and project_id " . $GLOBALS['regexp'] . " '" . create_list($user_projects) . "'"; } break; case 'keys': $P['table'] = 'access_keys'; if ($user_id != '1') { $user_query_const .= " and account_id = '" . $user_id . "'"; } break; case 'filekeys': $P['table'] = 'file_transfer'; if ($user_id != '1') { $user_query_const .= " and created_by = '" . $user_id . "'"; } break; case 'projects': if ($user_id != '1' && $s3ql['where']['project_status'] != 'I') { $user_query_const .= " and project_status = 'A'"; } break; case 'requests': if ($user_id != '1') { $user_rules = findUserRules($user_id, $db); $user_query_const .= " and rule_id " . $regexp . " '" . create_list($user_rules) . "'"; } break; case 'rules': if ($s3ql['where']['class_id'] != '') { $class_info = URI('C' . $s3ql['where']['class_id'], $user_id, $db); $user_query_const .= " and (subject_id = '" . $class_info['resource_id'] . "' or object_id = '" . $class_info['resource_id'] . "')"; } $user_query_const .= " and object!='UID'"; break; case 'statements': # if ($s3ql['where']['class_id'] != '') { $class_info = URI('C' . $s3ql['where']['class_id'], $user_id, $db); $user_query_const .= " and rule_id = '" . $class_info['rule_id'] . "'"; } $user_query_const .= " and rule_id not in (select rule_id from s3db_rule where object='UID')"; $user_query_const .= " and rule_id!=''"; break; case 'collections': $user_query_const .= " and iid = '0'"; if ($s3ql['where']['rule_id'] != '') { $element_info = URI('R' . $s3ql['where']['rule_id'], $user_id, $db); $user_query_const .= " and resource_id '^" . $regexp . " " . fastClassID(array('entity' => $element_info['subject'], 'project_id' => $element_info['project_id'], 'db' => $db)) . "'\$'"; } break; case 'items': $user_query_const .= " and iid = '1'"; if ($s3ql['where']['rule_id'] != '') { $element_info = URI('R' . $s3ql['where']['rule_id'], $user_id, $db); $user_query_const .= " and resource_class_id '^" . $regexp . " " . fastClassID(array('entity' => $element_info['subject'], 'project_id' => $element_info['project_id'], 'db' => $db)) . "'\$'"; } break; } return $user_query_const; }
function main() { create_html_start(); check_post_values(); $path = 'users/' . $_SESSION['ms_username'] . '/'; if (!isset($_GET['catalog'])) { echo 'You must give catalog name!'; } else { // Catalog file not found! if (!file_exists($path . $_GET['catalog̈́'])) { echo 'You don\'t have catalogue with that name!'; } else { create_list($_GET['catalog']); } echo '<center>'; echo '<br />'; echo '<a href="index.php">Back to main page</a>'; echo '</center><br />'; create_html_end(); } }
</div> <?php echo $my_profile->print_blocks("primary_bar"); ?> </div> <div id="text"> <?php echo $my_profile->print_blocks("header"); ?> <header> <h1><?php echo $my_profile->get_name(); ?> </h1> <h2 class="subh1"><?php echo create_list(array($my_profile->job_title, $my_profile->job_role, $my_profile->job_description), " | "); ?> </h2> <div id="frases"> <?php $result = mysqli_query($con, "SELECT phrase FROM profile_phrases WHERE pid = " . $my_profile->id); while ($row = mysqli_fetch_array($result)) { echo "<p>" . $row['phrase'] . "</p>"; } ?> </div> </header> <?php echo $my_profile->print_blocks("body"); ?> </div>
$sql = "UPDATE " . TMPINTER . " SET date = '" . $date . "' , am = '" . $am . "' , pm = '" . $pm . "' , intervenantid = '" . $lstagent . "',evtidam = '" . $evtam . "',evtidpm = '" . $evtpm . "' WHERE idtmpintervention='" . $id . "'"; if (!$db->query($sql)) { message(ERROR, 'Impossible de mettre à jour la base de données', __FILE__, __LINE__, $sql); } $meta = '<meta http-equiv="Refresh" content="2;url=' . $_SERVER["PHP_SELF"] . '">'; $message = 'Evénement planning modifié avec succès'; $message .= '<br /><br />' . sprintf($lang['update']['retour'], '<a href="' . $_SERVER["PHP_SELF"] . '">', '</a>'); message(INFO, $message); } include $header; //mode affichage du formulaire $template->set_filenames(array('body' => 'insert_pla_body.tpl')); // Sélection de l'enregistrement $sql = "SELECT * FROM " . TMPINTER . "," . EVENT . "," . AGENT . " WHERE " . AGENT . ".idintervenant = " . TMPINTER . ".intervenantid AND " . EVENT . ".idevenement = " . TMPINTER . ".evenementid AND idtmpintervention = '" . $id . "' "; if (!($result = $db->query($sql))) { message(ERROR, 'Impossible de selectionner les dates d\'interventions', __FILE__, __LINE__, $sql); } if ($db->num_rows($result)) { $row = $db->fetch_array($result); //selection des categories $check = $row['am'] == '1' && $row['pm'] == '0' ? 'checked' : ''; $nockeck = $row['pm'] == '1' && $row['am'] == '0' ? 'checked' : ''; $nockeck2 = $row['pm'] == '1' && $row['am'] == '1' ? 'checked' : ''; $template->assign_vars(array('L_ENTETE' => 'Modifier un événement planning', 'L_EXPLAIN' => 'Tous les champs suivis d\'une étoile sont obligatoires', 'L_AJOUT' => $lang['Button']['update'], 'L_RESET' => $lang['Button']['reset2'], 'L_DATE' => $lang['insert']['date2'], 'L_AMPM' => $lang['insert']['ampm'], 'L_AGENT' => $lang['insert']['agent'], 'L_EVENT' => $lang['insert']['event'], 'LSTAGENT' => create_list("lstagent", AGENT, 'idintervenant', 'nom', 'prenom', $row['intervenantid'], 'code'), 'LSTEVENT' => create_list("lstevent", EVENT, 'idevenement', 'libevent', '', $row['evenementid'], 'libevent'), 'DATE' => make_date($row['date'], 'date'), 'TRAITCHECK' => $check, 'TRAITNOCHECK' => $nockeck, 'TRAITNOCHECK2' => $nockeck2, 'F_ACTION' => $_SERVER["PHP_SELF"] . '?mode=update&id=' . $id, 'F_ENCTYPE' => 'enctype="multipart/form-data"')); } break; } $template->pparse('body'); include $footer; $db->free_result(); $db->close_connexion();
public function commit() { require_once 'emails.inc.php'; if ($this->asso == 'alias') { foreach ($this->members as $member) { add_to_list_alias($member, $this->liste, $this->domain); } } else { $members = User::getBulkForlifeEmails($this->members, true, array('ListsModule', 'no_login_callback')); $owners = User::getBulkForlifeEmails($this->owners, true, array('ListsModule', 'no_login_callback')); // Make sure we send a list (array_values) of unique (array_unique) // emails. $owners = array_values(array_unique($owners)); $members = array_values(array_unique($members)); $success = MailingList::create($this->liste, $this->domain, S::user(), $this->desc, $this->advertise, $this->modlevel, $this->inslevel, $owners, $members); if ($success) { create_list($this->liste, $this->domain); } return $success; } }
function findUserInstances($user_id, $db) { $regexp = $GLOBALS['regexp']; #start with finding projects where user is allowed; $user_classes = findUserClasses($user_id, $db); $classlist = create_list($user_classes); #$sql = "select distinct(resource_id) as resource_id from s3db_resource where resource_class_id ".$regexp." '".$classlist; $sql = "select distinct(resource_id) as resource_id from s3db_resource where (resource_class_id " . $regexp . " '" . $classlist . "' or resource_id in (select id from s3db_permission where shared_with regexp 'U" . $user_id . "\$' and uid regexp '^I' and permission_level regexp '^(1|2)'))"; #echo $sql; $db->query($sql, __LINE__, __FILE__); while ($db->next_record()) { $instances[] = $db->f('resource_id'); } return $instances; }
function CORElist($C) { #function CORElist lists all the resources in the element downstream of the "uid" in the s3core structure. For example, if element == rules, then s3list will list all the rules on a given project_id, provided project_id is specified. If element is statements, then s3list wil be expecting rule_id and resource_id or just one of them #Syntax CORElist(compact($child, array('rule_id'=>$rule_id, 'item_id'=>$item_id), $db)); where child is the name of the elements to retrieve; parante_ids is an array where the type of id is specified in the key $regexp = $GLOBALS['regexp']; $dbstruct = $GLOBALS['dbstruct']; $messages = $GLOBALS['messages']; extract($C); extract($parent_ids); $from = $child; if (!$from) { $from = 'projects'; } if (!$select) { $select = '*'; } $equality = '='; #by default, equality on query end be this, unless specified that equality should be a regular expression #Error messages $syntax_message = "Please provide all the necessary fields. For syntax instructions refer to <a href='http://www.s3db.org/documentation.html'>S3DB Documentation</a>"; $success = '<error>0</error><message>' . $from . ' ' . $action . 'ed ' . $element_id . '</message>'; $not_a_query = '<error>1</error><message>' . $from . ' is not a valid S3element. Valid elements: groups, users, keys, projects, rules, statements, collections, items, rulelog";</message>'; $something_went_wrong = '<error>2</error><message>Failed to ' . $action . ' ' . $from . '</message>'; $something_missing = '<error>3</error><message>' . $syntax_message . '</message>'; $repeating_action = '<error>4</error>'; $no_permission_message = '<error>5</error>'; $something_does_not_exist = '<error>5</error>'; $wrong_query_for_purpose = '<error>6</error>'; $wrong_input = '<error>7</error>'; $no_output = '<error>8</error>'; #alternative IDs that can be used for the query $alt = array('keys' => array('key_id'), 'rulelog' => array('rule_id'), 'users' => array('group_id', 'project_id'), 'groups' => array('user_id'), 'projects' => array('user_id'), 'collections' => array('project_id', 'rule_id'), 'rules' => array('project_id', 'collection_id', 'subject_id', 'object_id'), 'items' => array('collection_id', 'project_id'), 'statements' => array('rule_id', 'item_id', 'collection_id', 'project_id'), 'files' => array('statement_id', 'rule_id', 'item_id', 'project_id')); #if from is not one of these elements, sent the user back, query is invalid! if (!in_array($from, array_keys($alt))) { #check if user is inputing a sigular of one of the alt plurals $plurals = array_keys($alt); $singulars = array('key', 'rulelog', 'user', 'group', 'project', 'collection', 'rule', 'item', 'statement', 'file'); $from = str_replace($singulars, $plurals, $from); $cols = $dbstruct[$from]; #if still not in array, definitelly exit; if (!in_array($from, array_keys($alt))) { return $not_a_query; } } #now replace on "where" the correct s3db names $s3map = array('users' => array('user_id' => 'account_id', 'login' => 'account_lid', 'password' => 'account_pwd', 'username' => 'account_uname', 'email' => 'account_email', 'phone' => 'account_phone', 'address' => 'addr1', 'address2' => 'addr2', 'city' => 'city', 'state' => 'state', 'postal_code' => 'postal_code', 'country' => 'country'), 'groups' => array('group_id' => 'account_id', 'groupname' => 'account_lid'), 'keys' => array(), 'accesslog' => array('account_lid' => 'login_id', 'time' => 'login_timestamp'), 'projects' => array(), 'project' => array(), 'items' => array('collection_id' => 'resource_class_id', 'item_id' => 'resource_id'), 'item' => array('collection_id' => 'resource_class_id', 'item_id' => 'resource_id'), 'collections' => array('collection_id' => 'resource_id'), 'collection' => array('collection_id' => 'resource_id'), 'rules' => array(), 'rule' => array(), 'statements' => array('item_id' => 'resource_id'), 'statement' => array('item_id' => 'resource_id'), 'files' => array()); foreach ($alt[$from] as $s3id) { $s3dbId = $s3map[$from][$s3id]; if ($s3dbId == '') { $s3dbId = $s3id; } if ($parent_ids[$s3id] != '') { #does it exist? What sort of resource is this? Type of id should be identified in the first letter (collection_id is C, rule_id is R...) $CRISP = strtoupper(substr($s3id, 0, 1)); $id = $CRISP . $parent_ids[$s3id]; $info[$parent_ids[$s3id]] = s3info(str_replace('_id', '', $s3id), $parent_ids[$s3id], $db); if (!is_array($info)) { return $something_does_not_exist . '<message>' . $s3id . ' ' . $parent_ids[$s3id] . ' does not exist</message>'; } #does user have permission on this/these resources? $query_end .= " and " . $s3dbId . " " . $equality . " '" . $parent_ids[$s3id] . "'"; } } $toreplace = array_keys($s3map[$from]); $replacements = array_values($s3map[$from]); $s3ql['select'] = str_replace($toreplace, $replacements, $query_end); #all queries will run AS IF ADMIN WAS RUNNING THEM switch ($from) { case 'keys': $table = 'access_keys'; $required = "expires > '" . date('Y-m-d') . "'"; if ($user_id != '1') { $required .= " and (account_id = '" . $user_id . "')"; } break; case 'rulelog': $table = 'rule_change_log'; $required = "rule_id !=''"; break; case 'users': #expecting group_id or project_id #remove password from query fields $table = 'account'; $required = "account_type = 'u' and account_status = 'A'"; break; case 'groups': $table = 'account'; $required = "account_type = 'g' and account_status = 'A'"; break; case 'projects': $table = 'project'; $required = "project_status = 'A'"; #if user is not admin, retrict this query to the projects user can view by extending queryend if ($user_id != '1') { $required .= " and (project_owner = '" . $user_id . "' or project_id in (select acl_project_id from s3db_project_acl where acl_account = '" . $user_id . "' and acl_rights!='0'))"; } break; case 'collections': #$table = 'resource'; $table = 'resource, s3db_rule'; $required = "iid = '0' and s3db_rule.status = 'A'"; $select = str_replace('project_id', 's3db_rule.project_id', $select); $select = str_replace('notes', 's3db_resource.notes', $select); if ($parent_ids['project_id'] != '') { $query_end = str_replace("and project_id = '" . $project_id . "'", "and (entity = subject and verb = 'has UID' and object = 'UID' and s3db_resource.project_id = s3db_rule.project_id and (s3db_rule.project_id = '" . $project_id . "' or s3db_rule.permission " . $regexp . " '(_|^)" . $project_id . "_'))", $query_end); } #restrict the query to the rules where user is allowed $query_end = str_replace("and project_id " . $regexp . " '" . $user_project_list . "'", "and subject = entity and object = 'UID' and s3db_rule.project_id = s3db_resource.project_id and (s3db_rule.project_id " . $regexp . " '" . $user_project_list . "' or s3db_rule.permission " . $regexp . " '" . $user_permission_list . "')", $query_end); break; case 'items': $table = 'resource'; $required = "iid = '1' and status = 'A'"; #to avoid having to call s3list again, created this function that simulates finding user collections $classes = findUserClasses($user_id, $db); if (!is_array($classes)) { return $no_output . '<message>User does not have permission in any collections</message>'; } $classes_list = create_class_id_list($classes); $query_end = str_replace("and project_id " . $regexp . " '" . $user_project_list . "'", "and resource_class_id " . $regexp . " '" . $classes_list . "'", $query_end); break; case 'rules': $table = 'rule'; $required = "status ='A'"; if ($parent_ids['project_id'] != '') { $query_end = str_replace("and project_id = '" . $project_id . "'", "and (project_id " . $regexp . " '^" . $project_id . "\$' or permission " . $regexp . " '(_|^)" . $project_id . "_')", $query_end); if ($parent_ids['collection_id'] != '') { $class_info = s3info('collection', $parent_ids['collection_id'], $db); $query_end = str_replace("and collection_id = '" . $parent_ids['collection_id'] . "'", "and (subject_id = '" . $parent_ids['collection_id'] . "' or object_id = '" . $parent_ids['collection_id'] . "')", $query_end); } } elseif ($parent_ids['collection_id'] != '') { #no project_id but w/ collection_id. If no project_id is indicated, it will have to find the correct subjects (which can be repeated if queried on several projects) $class_info = s3info('collection', $parent_ids['collection_id'], $db); #$query_end = str_replace("and collection_id = '".$parent_ids['collection_id']."'", "and (subject_id = '".$parent_ids['collection_id']."' or (subject = '".$class_info['entity']."' and project_id = '".$class_info['project_id']."'))",$query_end); #all that don't belong to this project will have to be queried by collection_id. $query_end = str_replace("and collection_id = '" . $parent_ids['collection_id'] . "'", "and (subject_id = '" . $parent_ids['collection_id'] . "' or object_id = '" . $parent_ids['collection_id'] . "')", $query_end); } else { $query_end = str_replace("and project_id " . $regexp . " '" . $user_project_list . "'", " and (project_id " . $regexp . " '" . $user_project_list . "' or permission " . $regexp . " '" . $user_permission_list . "')", $query_end); } break; case 'statements': $table = 'statement'; $required = "status = 'A'"; if ($parent_ids['collection_id'] != '') { #find all the statements in items that belong to this collection. $instance_ids = findClassInstances($parent_ids['collection_id'], $db); $rule_ids = findClassRules($parent_ids['collection_id'], $db); #these would be all the rules that use the collection as either subject or object $instance_list = create_list($instance_ids); $rule_list = create_list($rule_ids); if (is_array($instance_ids) && is_array($rule_ids)) { $query_end = str_replace("and collection_id = '" . $parent_ids['collection_id'] . "'", "and (resource_id " . $regexp . " '" . $instance_list . "' or rule_id " . $regexp . " '" . $rule_list . "')", $query_end); } elseif (is_array($instance_ids) && !is_array($rule_ids)) { $query_end = str_replace("and collection_id = '" . $parent_ids['collection_id'] . "'", "and (resource_id " . $regexp . " '" . $instance_list . "')", $query_end); } elseif (!is_array($instance_ids) && is_array($rule_ids)) { $query_end = str_replace("and collection_id = '" . $parent_ids['collection_id'] . "'", "and (rule_id " . $regexp . " '" . $rule_list . "')", $query_end); } } break; } #POSSIBLY MOVE THIS PART TO A SEPARATE FUNCTION!! $sql = "select " . $select . " from s3db_" . $table . " where " . $required . " " . $query_end . $order_by; #echo $sql.'<br>'; #exit; $db->query($sql, __LINE__, __FILE__); $cols = $dbstruct[$from]; while ($db->next_record()) { $resultStr .= "\$data[] = Array("; if ($extracol != '') { $resultStr .= "'" . $extracol . "'=>'" . $db->f($SQLfun) . "',"; } foreach ($cols as $col) { $resultStr .= "'" . $col . "'=>'" . addslashes($db->f($col)) . "'"; if ($col != end($cols)) { $resultStr .= ","; } } $resultStr .= ");"; } #evaluate the long string eval($resultStr); #echo '<pre>';print_r($data); if (is_array($data)) { if (!$nomap) { #include stuff relevant for each element foreach ($data as $element_info) { #$element_info['dataAcl'] = instanceAcl(array('instance_info'=>$element_info, 'user_id'=>$user_id, 'db'=>$db)); $data1[] = include_all(array('elements' => $from, 'element_info' => $element_info, 'user_id' => $user_id, 'db' => $db)); } $data = $data1; } } else { $data = $no_output . '<message>Your query returned no results</message>'; } #echo '<pre>';print_r($data); return $data; }
function handler_create($page) { if (!$this->get_lists_domain()) { return PL_NOT_FOUND; } $page->changeTpl('xnetlists/create.tpl'); if (!Post::has('submit')) { return; } else { S::assert_xsrf_token(); } if (!Post::has('liste') || !Post::t('liste')) { $page->trigError('Le champs « adresse souhaitée » est vide.'); return; } $list = strtolower(Post::t('liste')); if (!preg_match("/^[a-zA-Z0-9\\-]*\$/", $list)) { $page->trigError('le nom de la liste ne doit contenir que des lettres non accentuées, chiffres et tirets'); return; } require_once 'emails.inc.php'; if (list_exist($list, $this->get_lists_domain())) { $page->trigError('Cet alias est déjà pris.'); return; } if (!Post::t('desc')) { $page->trigError('Le sujet est vide.'); return; } $mlist = $this->prepare_list($list); $success = MailingList::create($mlist->mbox, $mlist->domain, S::user(), Post::t('desc'), Post::t('advertise'), Post::t('modlevel'), Post::t('inslevel'), array(S::user()->forlifeEmail()), array(S::user()->forlifeEmail())); if (!$success) { $page->kill("Un problème est survenu, contacter " . "<a href='mailto:support@m4x.org'>support@m4x.org</a>"); return; } create_list($mlist->mbox, $mlist->domain); global $globals; XDB::execute("UPDATE groups\n SET flags = CONCAT_WS(',', IF(flags = '', NULL, flags), 'has_ml')\n WHERE id = {?}", $globals->asso('id')); pl_redirect('lists/admin/' . $list); }