/** * @return array von Userinformationen * @param $id integer id des Users * @param $password = "" Passwort des users in md5, (optional) * @desc Liefert Userinformationen anhand von id und passwort */ function getUserByID($id, $password = "") { Assert::isId($id); if ($password) { $user = selectsqlLine("select u.*,ga.aid,a.name,a.tag,\n\t\t\t\t g.name as groupname, g.descr as groupdescr,g.usertitle\n\t\t\t\t\tfrom user u\n\t\t\t\t left join groups g using(gid)\n left join galaxy ga on(ga.gala = u.gala)\n left join alliance a on(a.aid = ga.aid)\n\t\t\t\t\twhere u.uid = {$id} and u.password = '******'\n\t\t\t\t\t\t\t"); } else { $user = selectsqlLine("select u.*,ga.aid,a.name,a.tag,\n\t\t\t\t\tg.name as groupname, g.descr as groupdescr,g.usertitle\n from user u\n\t\t\t\t\tleft join groups g using(gid)\n left join galaxy ga on(ga.gala = u.gala)\n left join alliance a on(a.aid = ga.aid)\n\t\t\t\t\t\t\t\twhere u.uid = {$id}\n\t\t\t\t\t\t\t"); } if (is_numeric($user['gid']) && (int) $user['gid'] > 0) { getUserRights($user['gid'], &$user); } return $user; }
<?php session_start(); include 'utils.php'; if (empty($_SESSION['session_name'])) { ajaxLoginRedirect(); } else { include '../../connectionString.php'; try { //open connection $dbconn = pg_connect($connectionString) or die('Could not connect: ' . pg_last_error()); // Get user rights from database $userRights = getUserRights($dbconn, $_SESSION["user_id"]); $_SESSION["canAddNewSearch"] = $userRights["canAddNewSearch"]; $canSeeAll = $userRights["canSeeAll"]; if (!$userRights["canAddNewSearch"]) { ajaxLoginRedirect(); } else { $possibleValues = array(); $getFieldValues = array("enzymes" => array("q" => "SELECT id, name from enzyme ORDER by name"), "ions" => array("q" => "SELECT id, name from ion ORDER by name"), "xlinkers" => array("q" => "SELECT id, name from crosslinker ORDER by name"), "losses" => array("q" => "SELECT id, name from loss ORDER by name"), "modifications" => array("q" => "SELECT id, name from modification ORDER by name"), "previousAcqui" => $canSeeAll ? array("q" => "SELECT acquisition.id, name AS Name, to_char(upload_date, 'YYYY-MM-DD HH24:MI') AS Date, users.user_name AS User FROM acquisition JOIN users ON (acquisition.uploadedby = users.id) ORDER BY acquisition.id DESC") : array("q" => "SELECT acquisition.id, name AS Name, to_char(upload_date, 'YYYY-MM-DD HH24:MI') AS Date, users.user_name AS User FROM acquisition JOIN users ON (users.id = \$1 AND acquisition.uploadedby = users.id) ORDER BY acquisition.id DESC", "params" => [$_SESSION["user_id"]]), "previousSeq" => $canSeeAll ? array("q" => "SELECT sequence_file.id, name AS Name, to_char(upload_date, 'YYYY-MM-DD HH24:MI') AS Date, users.user_name AS User, file_name as file FROM sequence_file JOIN users ON (sequence_file.uploadedby = users.id) ORDER BY upload_date DESC") : array("q" => "SELECT sequence_file.id, name AS Name, to_char(upload_date, 'YYYY-MM-DD HH24:MI') AS Date, users.user_name AS User, file_name as file FROM sequence_file JOIN users ON (users.id = \$1 AND sequence_file.uploadedby = users.id) ORDER BY upload_date DESC", "params" => [$_SESSION["user_id"]]), "filenames" => array("q" => "SELECT acq_id, name FROM run ORDER by acq_id DESC")); foreach ($getFieldValues as $key => $value) { $query = $value["q"]; $params = isset($value["params"]) ? $value["params"] : array(); pg_prepare($dbconn, $key, $query); $result = pg_execute($dbconn, $key, $params); $possibleValues[$key] = resultsAsArray($result); } // Get basedir for file uploads $query = "SELECT setting FROM base_setting WHERE name='base_directory_path';"; $baseDir = pg_fetch_row(pg_query($query))[0]; // Store this server side 'cos we don't need it client side
function isSuperUser($dbconn, $userID) { $rights = getUserRights($dbconn, $userID); return $rights["isSuperUser"]; }
<?php /* * Created on 20.09.2005 * * author: coster */ include_once $root . "/include/benutzerFunctions.inc.php"; include_once $root . "/include/mietobjektFunctions.inc.php"; include_once $root . "/include/sessionFunctions.inc.php"; $benutzer_id = getSessionWert(BENUTZER_ID); $benutzerrechte = getUserRights($benutzer_id); $anzahlVorhandenerMietobjekte = getAnzahlVorhandeneMietobjekte($vermieter_id); ?> <table cellpadding="3" cellspacing="0" border="0" class="<?php echo TABLE_STANDARD; ?> "> <tr> <?php //prüfen ob benutzer das recht hat den folgenden link auszuführen: if ($benutzerrechte >= 1 && $anzahlVorhandenerMietobjekte > 0) { ?> <form action="<?php echo $root; ?> /webinterface/reservierung/index.php" method="post" name="resEingebenAendern" target="_self"> <tr><td><input name="resEingebenAendern" type="submit" class="<?php echo BUTTON; ?> " onMouseOver="this.className='<?php
//Treat error //("Erreur de connexion : " . $error->getMessage() ); //header('location:errorPage.php'); die($error->getMessage()); } $query = $cnx->prepare($sql); //Prepare the SQL $query->execute(); //Execute prepared SQL => $query $_SESSION['GL_USER'] = array(); //Session Variable for User if ($query->rowCount()) { $row = $query->fetch(PDO::FETCH_ASSOC); //Fetch data $exercice = getLastExercice(); $droit = getUserRights($row['IDPROFIL']); //Session $_SESSION['GL_USER']['NAME'] = trim($row['PERS_PRENOMS'] . ' ' . $row['PERS_NOM']); $_SESSION['GL_USER']['LOGIN'] = $row['LOGIN']; $_SESSION['GL_USER']['MLLE'] = $row['NUM_MLLE']; $_SESSION['GL_USER']['DTLOG'] = date('d-m-Y H:i:s'); $_SESSION['GL_USER']['EXERCICE'] = $exercice['EXERCICE']; $_SESSION['GL_USER']['DEBUT_EXERCICE'] = frFormat2($exercice['DEBUT_EXERCICE']); $_SESSION['GL_USER']['FIN_EXERCICE'] = frFormat2($exercice['FIN_EXERCICE']); $_SESSION['GL_USER']['EX_LIBELLE'] = $exercice['EX_LIBELLE']; $_SESSION['GL_USER']['STATUT_EXERCICE'] = $exercice['STATUT_EXERCICE']; $_SESSION['GL_USER']['GROUPE'] = $row['IDPROFIL']; $_SESSION['GL_USER']['SESSIONID'] = session_id(); $_SESSION['GL_USER']['JOUR'] = ''; //$mag = preg_split('/ /',getUsermagasin($row['LOGIN'])); $_SESSION['GL_USER']['MAGASIN'] = '';
include_once $root . "/templates/stylesheetsIE9.php"; ?> </style> <?php include_once "../templates/headerB.php"; ?> <script language="JavaScript" type="text/javascript" src="./benutzerDaten.php"> </script> <?php include_once "../templates/bodyA.php"; //passwortprüfung: if (checkPass($benutzername, $passwort, $unterkunft_id, $link)) { //daten des ausgewählten benutzers auslesen: $name = getUserName($id, $link); $pass = getPassword($id, $link); $rechte = getUserRights($id, $link); $testuser = "******"; if ($name == "test") { $testuser = "******"; } ?> </head> <body> <h2><?php echo getUebersetzung("Benutzer bearbeiten", $sprache, $link); ?> </h2> <div class="panel panel-default"> <div class="panel-body">
//Set the filter page session variable $_SESSION['filter_page'] = isset($_SESSION['filter_page']) ? $_SESSION['filter_page'] : "filter_" . $_SESSION['language'] . ".php"; $_SESSION['filter_page'] = isset($_GET['home_page']) ? "filter_" . $_SESSION['language'] . ".php" : $_SESSION['filter_page']; $_SESSION['filter_page'] = isset($_GET['filter_page']) ? urldecode($_GET['filter_page']) : $_SESSION['filter_page']; // Remove the lock status when unloading an editor page $cancel_user_now = isset($_GET['cancel']) ? $_GET['cancel'] == "True" : false; if ($cancel_user_now) { $cid = isset($_GET['cid']) ? $_GET['cid'] : ''; $ccat = isset($_GET['ccat']) ? $_GET['ccat'] : ''; if ($cid != "") { backOver($ccat, $cid); } } //Get the user's rights $user_id_for_rights = isset($_SESSION['user_id']) ? $_SESSION['user_id'] : 0; $_SESSION['user_rights'] = isset($_SESSION['user_rights']) ? $_SESSION['user_rights'] : getUserRights($user_id_for_rights); //Show the coords converter if needed $_SESSION['show_converter'] = isset($_GET['c']) ? true : (isset($_SESSION['show_converter']) ? $_SESSION['show_converter'] : false); define("USER_IS_CONNECTED", userIsConnected(), true); $FAQPages = array("Fr" => array("home" => 13), "En" => array("home" => 14), "Es" => array("home" => 19)); define("LEADER_GROUP_ID", 5, true); define("ENTRY_COUNT_MAX", 3000, true); define("Max_detail_level", 1000, true); define("Select_default", "00", true); define("start_comment", "<!--", true); define("end_comment", "-->", true); define("Contact_for_nobody", "0", true); define("Contact_for_registered", "1", true); define("Contact_for_everybody", "2", true); define("Google_key", "ABQIAAAABppewhix0m2aGtrxzFsM1hTUoYxFMVJ0pZ8eIP2qT6O2FCqTDBSrYiCqarW5lo9hEXEt4pCtZ6bVVA", true); //GMaps API Key for grottocenter.org
date: 24.9.05 author: christian osterrieder utilo.net */ //header einfuegen: include_once $root . "/webinterface/templates/header.inc.php"; include_once $root . "/include/benutzerFunctions.inc.php"; if (!isset($fehler) || $fehler != true) { $id = $_POST["id"]; $name = getUserName($id); $pass = getPassword($id); if ($name == "test" && $pass == "test") { $testuser = true; } else { $testuser = false; } $rechte = getUserRights($id); } include_once $root . "/webinterface/templates/bodyStart.inc.php"; ?> <form action="./benutzerAendernDurchfuehren.php" method="post" name="benutzer" id="benutzer" target="_self"> <input name="id" type="hidden" value="<?php echo $id; ?> "> <input name="testuser" type="hidden" value="<?php echo $testuser; ?> "> <table border="0" cellpadding="0" cellspacing="3" class="<?php
function setSession($status, $data = "") { $_SESSION['user_connected'] = $status; if ($status) { $_SESSION['user_id'] = $data['Id']; $_SESSION['user_name'] = $data['Name']; $_SESSION['user_surname'] = $data['Surname']; $_SESSION['user_login'] = $data['Login']; $_SESSION['user_nickname'] = $data['Nickname']; $_SESSION['user_last_connection'] = cDate($data['Date_last_connection'], false); $_SESSION['user_country'] = $data['Country']; $_SESSION['user_region'] = $data['Region']; $_SESSION['user_city'] = $data['City']; $_SESSION['user_postal'] = $data['Postal_code']; $_SESSION['user_address'] = $data['Address']; $_SESSION['user_birth'] = cDate($data['Date_birth'], false); $_SESSION['user_contact'] = $data['Contact']; $_SESSION['user_initiation'] = $data['Year_initiation']; $_SESSION['user_language'] = $data['Language']; $_SESSION['language'] = $_SESSION['user_language']; $_SESSION['user_public'] = $data['Contact_is_public']; $_SESSION['user_hover'] = $data['Show_links']; $_SESSION['user_detail_level'] = $data['Detail_level']; $_SESSION['user_latitude'] = $data['Latitude']; $_SESSION['user_longitude'] = $data['Longitude']; $_SESSION['user_default_lat'] = $data['Default_latitude']; $_SESSION['user_default_lng'] = $data['Default_longitude']; $_SESSION['user_default_zoom'] = $data['Default_zoom']; $_SESSION['user_message'] = $data['Custom_message']; $_SESSION['user_facebook'] = $data['Facebook']; $_SESSION['user_file'] = $data['Picture_file_name']; $_SESSION['user_banned'] = $data['Banned']; $_SESSION['user_news'] = $data['Alert_for_news']; $_SESSION['user_utcoffset'] = $data['Utc_offset']; $_SESSION['user_timezone'] = $data['Id_time_zone']; // $_SESSION['user_timeformat'] = $data['Time_format']; $_SESSION['user_rights'] = getUserRights($_SESSION['user_id']); $_SESSION['user_lastactivitydate'] = 0; } }
$sprache = $_POST["sprache"]; setSessionWert(SPRACHE, $sprache); } else { $sprache = getSessionWert(SPRACHE); } //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //unterkünfte sperren: // 4 = la vielle maison if ($unterkunft_id == -1) { echo "Zugang gesperrt!"; $fehlgeschlagen = true; include_once "./index.php"; } else { //benutzerrechte auslesen: $benutzerrechte = getUserRights($benutzer_id, $link); $anzahlVorhandenerZimmer = getAnzahlVorhandeneZimmer($unterkunft_id, $link); ?> <?php include_once "./templates/headerA.php"; ?> <style type="text/css"> <?php include_once $root . "/templates/stylesheetsIE9.php"; ?> </style> <?php include_once "./templates/headerB.php"; ?> <?php include_once "./templates/bodyA.php";
} exit; } // if the cookie is that check whether there uchetku with hash if (isset($_COOKIE[$config["cookiename"]])) { $cn = isset($config["cookiename"]) ? $config["cookiename"] : ''; if (!is_string($_COOKIE[$cn])) { die('err...'); } $cookie_data = addslashes($_COOKIE[$cn]); $value = cdim('db', 'query', "SELECT * FROM `users` WHERE `sid` = '" . $cookie_data . "'"); // if the hash is not that show login if (count($value) <= 0) { if (!file_exists('../auth/index.php')) { include '../auth/index.php'; } else { include '../auth/index.php'; } exit; } else { // If everything is OK then put user data in the config foreach ($value[0] as $k => $v) { $config['user'][$k] = $v; } $config['user']['rights'] = getUserRights($config['user']['id']); // update last_time $cookie_data = addslashes($_COOKIE[$config["cookiename"]]); cdim('db', 'query', "UPDATE `users` SET `last_time` = '" . time() . "' WHERE `sid` = '" . $_COOKIE[$config["cookiename"]] . "'"); } } // cookie is ok, go on...