/**
* Submit a comment to an article
* @param Int $id
*/
public function add($id = false)
{
requirePermission("canAddComment");
if (!$id) {
die;
}
// Check if article exist and if you can comment it
if ($this->news_model->articleExists($id, true) && $this->user->isOnline()) {
$message = $this->input->post('content');
if (strlen($message) > 0 && $message && strlen($message) <= 255) {
// Format the comment
$comment = array("timestamp" => time(), "article_id" => $id, "author_id" => $this->user->getId(), "content" => $message, "is_gm" => hasPermission('postCommentAsStaff') ? 1 : 0);
$this->comments_model->addComment($comment);
// Add log
$this->logger->createLog('Added comment', $id);
$this->plugins->onAddComment($id, $message);
// Get last comment
$comment_arr = $this->comments_model->getLastComment($id);
// Add values
$comment_arr['profile'] = $this->template->page_url . "profile/" . $comment_arr['author_id'];
$comment_arr['avatar'] = $this->user->getAvatar($comment_arr['author_id'], "small");
$comment_arr['author'] = $this->user->getNickname($comment_arr['author_id']);
$comment_arr['content'] = $this->template->format($message, true, true, true, 45);
$comment_arr['url'] = $this->template->page_url;
$comment_arr['is_gm'] = $comment['is_gm'];
// Clear cache
$this->cache->delete('news_*.cache');
$this->cache->delete('comments_' . $id . '_*.cache');
// Load the comment template, also check if we are a staff member
$data = array('comments' => array($comment_arr), 'user_is_gm' => hasPermission('postCommentAsStaff'), 'url' => $this->template->page_url);
die($this->template->loadPage("comments.tpl", $data));
}
}
}
public function get($id = false)
{
// Is it loaded via ajax or not?
if ($id === false) {
$id = 0;
$die = false;
} else {
$die = true;
}
$cache = $this->cache->get("shoutbox_" . $id . "_" . getLang());
if ($cache !== false) {
$shouts = $cache;
} else {
// Load the shouts
$shouts = $this->shoutbox_model->getShouts($id, $this->config->item('shouts_per_page'));
// Format the shout data
foreach ($shouts as $key => $value) {
$shouts[$key]['nickname'] = $this->internal_user_model->getNickname($shouts[$key]['author']);
$shouts[$key]['content'] = $this->template->format($shouts[$key]['content'], true, true, true, 40);
}
$this->cache->save("shoutbox_" . $id . "_" . getLang(), $shouts);
}
foreach ($shouts as $key => $value) {
$shouts[$key]['date'] = $this->template->formatTime(time() - $shouts[$key]['date']);
}
// Prepare the data
$data = array("module" => "sidebox_shoutbox", "shouts" => $shouts, "url" => $this->template->page_url, "user_is_gm" => hasPermission("removeShout", "sidebox_shoutbox"));
$shouts = $this->template->loadPage("shouts.tpl", $data);
// To be or not to be, that's the question :-)
if ($die) {
die($shouts);
} else {
return $shouts;
}
}
public function __construct()
{
parent::__construct();
if (!hasPermission('access_help_page')) {
redirect(BASE_URL . 'dashboard/');
}
}
public function index()
{
requirePermission("view");
$this->template->setTitle(lang("user_panel", "ucp"));
$cache = $this->cache->get("profile_characters_" . $this->user->getId());
if ($cache !== false) {
$characters = $cache;
} else {
$characters_data = array("characters" => $this->realms->getTotalCharacters(), "realms" => $this->realms->getRealms(), "url" => $this->template->page_url, "realmObj" => $this->realms);
$characters = $this->template->loadPage("ucp_characters.tpl", $characters_data);
$this->cache->save("profile_characters_" . $this->user->getId(), $characters, 60 * 60);
}
$links = $this->menu_model->getMenuLinks();
if ($links) {
foreach ($links as $key => $value) {
// Check if we have the permission, otherwise unset the row
if ($value['permission'] != '') {
if (hasPermission($value['permission'], $value['permissionModule']) !== true) {
unset($links[$key]);
continue;
}
}
// Add the website path if internal link
if (!preg_match("/https?:\\/\\//", $value['link'])) {
$links[$key]['link'] = $this->template->page_url . $value['link'];
}
$links[$key]['name'] = langColumn($links[$key]['name']);
}
}
$data = array("username" => $this->user->getNickname(), "expansion" => $this->realms->getEmulator()->getExpansionName($this->external_account_model->getExpansion()), "vp" => $this->internal_user_model->getVp(), "dp" => $this->internal_user_model->getDp(), "url" => $this->template->page_url, "location" => $this->internal_user_model->getLocation(), "groups" => $this->acl_model->getGroupsByUser($this->user->getId()), "register_date" => $this->user->getRegisterDate(), "status" => $this->user->getAccountStatus(), "characters" => $characters, "avatar" => $this->user->getAvatar($this->user->getId()), "id" => $this->user->getId(), "menu_links" => $links, "config" => array("vote" => $this->config->item('ucp_vote'), "donate" => $this->config->item('ucp_donate'), "store" => $this->config->item('ucp_store'), "settings" => $this->config->item('ucp_settings'), "expansion" => $this->config->item('ucp_expansion'), "teleport" => $this->config->item('ucp_teleport'), "admin" => $this->config->item('ucp_admin'), "gm" => $this->config->item('ucp_gm')));
$this->template->view($this->template->loadPage("page.tpl", array("module" => "default", "headline" => lang("user_panel", "ucp"), "content" => $this->template->loadPage("ucp.tpl", $data))), "modules/ucp/css/ucp.css");
}
public function save($id = false)
{
if (!hasPermission("editAccounts")) {
die("UI.alert('You do not have permission to edit accounts')");
}
if (!$id || !is_numeric($id)) {
die;
}
$external_account_data[column("account", "expansion")] = $this->input->post("expansion");
$external_account_data[column("account", "email")] = $this->input->post("email");
if (hasPermission("editPermissions")) {
$this->acl_model->removePermissionsFromUser($id);
foreach ($_POST as $k => $v) {
if ($v !== '' && !in_array($k, array("vp", "dp", "nickname", "email", "group", "expansion", "password", "gm_level"))) {
$permissionParts = explode("-", $k);
// UserID, permissionName, moduleName
$this->acl_model->assignPermissionToUser($id, $permissionParts[1], $permissionParts[0], $v);
}
}
}
// Make sure to check if we got something filled in here.
if ($this->input->post("password")) {
$external_account_data[column("account", "password")] = $this->realms->getEmulator()->encrypt($this->user->getUsername($id), $this->input->post("password"));
}
$external_account_access_data[column("account_access", "gmlevel")] = $this->input->post("gm_level");
$internal_account_data["vp"] = $this->input->post("vp");
$internal_account_data["dp"] = $this->input->post("dp");
$internal_account_data["nickname"] = $this->input->post("nickname");
if (!$external_account_data[column("account", "email")] || !$internal_account_data["nickname"]) {
die("UI.alert('The fields can\\'t be empty')");
}
$this->accounts_model->save($id, $external_account_data, $external_account_access_data, $internal_account_data);
die('UI.alert("The account has been saved")');
}
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
$hackedRoute = 'admin.page_category.update';
if (!is_null($this->segment(4))) {
$hackedRoute .= '#####' . $this->segment(3);
}
return hasPermission($hackedRoute);
}
public function __construct()
{
parent::__construct();
$this->_auth = new \tinyPHP\Classes\Libraries\Cookies();
if (!hasPermission('manage_roles')) {
redirect(BASE_URL . 'dashboard/');
}
}
function getAddService()
{
include 'func/hasPerm.php';
if (hasPermission("addService")) {
if (isset($_POST['nazwa']) && ($_POST['nazwa'] == "" || $_POST['id_uslugi'] == "" || $_POST['serwer_id'] == "" || $_POST['opis'] == "" || $_POST['zdjecie'] == "" || $_POST['sms_tresc'] == "" || $_POST['sms_numer'] == "" || $_POST['sms_cena'] == "" || $_POST['api_konta'] == "" || $_POST['api_sms'] == "")) {
echo '
<div class="alert alert-danger" role="alert">
Zostawiłeś puste pola! Spróbuj ponownie!
</div>
';
echoServiceForm();
} else {
if (!isset($_POST['nazwa'])) {
echoServiceForm();
} else {
if (ctype_alnum($_POST['nazwa'])) {
include '../config/mysql.php';
$sql = "INSERT INTO services (server_id, nazwa, tresc, numer, koszt_sms, payment, acc_api, param, krotki_opis, img)\n\t\t\t\t\t\t\tVALUES ('" . $_POST['serwer_id'] . "', '" . $_POST['nazwa'] . "', '" . $_POST['sms_tresc'] . "', '" . $_POST['sms_numer'] . "', '" . $_POST['sms_cena'] . "', '" . $_POST['payment_id'] . "', '" . $_POST['api_konta'] . "', '" . $_POST['api_sms'] . "', '" . $_POST['opis'] . "', '" . $_POST['zdjecie'] . "')";
if ($conn->query($sql) === TRUE) {
echo '
<div class="alert alert-success" role="alert">
Usługa została dodana!<br>
Możesz teraz przystąpić do testowania!
</div>
';
echo '<meta http-equiv="refresh" content="3; url=index.php" />';
} else {
echo '
<div class="alert alert-danger" role="alert">
Wystąpił błąd podczas dodawania wpisu do bazy danych!
</div>
';
}
} else {
echo '
<div class="alert alert-danger" role="alert">
Podałeś nie poprawne dane!
</div>
';
echoServiceForm();
}
}
}
} else {
echo '
<div class="alert alert-danger" role="alert">
Nie masz uprawnień do dodawania usług!
</div>
';
}
}
function getAddServer()
{
include 'func/hasPerm.php';
if (hasPermission("addServer")) {
if (isset($_POST['nazwa']) && ($_POST['nazwa'] == "" || $_POST['serv_id'] == "" || $_POST['serv_ip'] == "" || $_POST['port_q'] == "" || $_POST['port_r'] == "" || $_POST['pass_r'] == "")) {
echo '
<div class="alert alert-danger" role="alert">
Zostawiłeś puste pola! Spróbuj ponownie!
</div>
';
echoForm();
} else {
if (!isset($_POST['nazwa'])) {
echoForm();
} else {
if (is_numeric($_POST['port_q']) && is_numeric($_POST['port_r']) && ctype_alnum($_POST['nazwa']) && ctype_alnum($_POST['serv_id']) && ctype_alnum($_POST['pass_r']) && ip2long($_POST['serv_ip']) !== false) {
include '../config/mysql.php';
$sql = "INSERT INTO servers (server_id, nazwa, ip, port_query, port_rcon, pasw_rcon)\n\t\t\t\t\t\t\tVALUES ('" . $_POST['serv_id'] . "', '" . $_POST['nazwa'] . "', '" . $_POST['serv_ip'] . "', '" . $_POST['port_q'] . "', '" . $_POST['port_r'] . "', '" . $_POST['pass_r'] . "')";
if ($conn->query($sql) === TRUE) {
echo '
<div class="alert alert-success" role="alert">
Nowy serwer został dodany!<br>
Możesz teraz przystąpić do dodawania usług.
</div>
';
echo '<meta http-equiv="refresh" content="3; url=index.php?page=serverList" />';
} else {
echo '
<div class="alert alert-danger" role="alert">
Wystąpił błąd podczas dodawania wpisu do bazy danych!
</div>
';
}
} else {
echo '
<div class="alert alert-danger" role="alert">
Porty muszą być cyframi, nazwa, ID serwera oraz hasło RCON nie może zawierać znaków specjalnych, lub IP jest nie poprawne.
</div>
';
}
}
}
} else {
echo '
<div class="alert alert-danger" role="alert">
Nie masz uprawnień do dodawania serwerów!
</div>
';
}
}
/**
* init menus
*
* @param string $type
*/
public function menuInit($type)
{
Menu::make($type, function ($menu) use($type) {
$menus = $type . 'Menus';
foreach ($this->{$menus} as $action) {
$action::addMenu($menu);
}
})->filter(function ($item) {
if (is_null($item->data('permissions'))) {
return true;
}
return $this->user->is_super_admin || hasPermission($item->data('permissions')) ?: false;
});
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$route = Route::currentRouteName();
$method = $request->method();
$parameters = Route::current()->parameters();
$hackedRoute = routeHack($route, $parameters);
// if user destroy route
if ($method == 'GET' && in_array($route, $this->userDestroyRoutes) && !is_null(Request::route('users')) && Request::route('users')->id === Sentinel::getUser()->id) {
abort(403);
}
// dd($hackedRoute);
if ($method == 'GET' && !in_array($route, $this->exceptRoutes) && !Sentinel::getUser()->is_super_admin && ((!in_array($route, $this->userRoutes) || is_null(Request::route('users')) || Request::route('users')->id !== Sentinel::getUser()->id) && !hasPermission($hackedRoute))) {
abort(403);
}
return $next($request);
}
/**
* set routes
*
* @return void
*/
private function setRoutes()
{
foreach ($this->myModules as $module) {
$scModule = snake_case($module, '-');
$subModules = config("{$scModule}.permissions");
if (!is_null($subModules)) {
foreach ($subModules as $sub => $routes) {
$hasRoutes = array_filter(array_keys($routes['routes']), function ($item) {
return hasPermission($item);
});
if (count($hasRoutes) > 0) {
$this->routes[$scModule . '_' . $sub] = $routes;
}
}
}
}
}
function hasPermissions($permissions, $conjuction = 'and')
{
if ($conjuction == 'and') {
foreach ($permissions as $permission) {
if (!hasPermission($permission)) {
return false;
}
}
return true;
} elseif ($conjuction == 'or') {
foreach ($permissions as $permission) {
if (hasPermission($permission)) {
return true;
}
}
return false;
} else {
throw new Exception("Illegal grammatical conjuction: {$conjuction}");
}
}
public function index()
{
if (isAdmin() || hasPermission('roles.content.CUD')) {
// echo "valid";
if (strtolower($_SERVER['REQUEST_METHOD']) == 'post') {
$to_do_with_post = $_POST["todo"];
/*echo $to_do_with_post;*/
/*print_r($this->input->post());*/
if (isset($to_do_with_post)) {
if ($to_do_with_post == 'insert_roles') {
$this->_insertRoles($this->input->post());
}
}
} else {
$this->load->view('index.php');
}
} else {
echo "Please login first. Or you do not have the permission [access roles]";
}
}
/**
* Register any application authentication / authorization services.
*
* @param \Illuminate\Contracts\Auth\Access\Gate $gate
* @return void
*/
public function boot(GateContract $gate)
{
$this->registerPolicies($gate);
// The current user must be on the same crew as the user being destroyed, unless the current user is a Global Admin
$gate->define('destroy_user', function ($current_user, $user_to_destroy) {
return $current_user->crew_id === $user_to_destroy->crew_id;
})->before(function ($current_user, $ability) {
// Global Admin users will always be granted this permission
if ($current_user->isGlobalAdmin()) {
return true;
}
});
// The current user must be on the same crew as the Crew object passed in AND have the specified User->permission
// If $action is null, User->hasPermission($action) will return TRUE
$gate->define('performActionForCrew', function ($current_user, $target_crew, $action = null) {
return $current_user->crew_id === $target_crew->id && $current_user . hasPermission($action);
})->before(function ($current_user, $ability) {
// Global Admin users will always be granted this permission
if ($current_user->isGlobalAdmin()) {
return true;
}
});
// The current user must be a Crew Admin for the target Crew
$gate->define('actAsAdminForCrew', function ($current_user, $target_crew) {
// Allow $target_crew to be passed in as either a Crew object OR an Integer crew_id
// If $target_crew is NULL, return FALSE.... UNLESS the $current_user is a Global Admin
if (is_object($target_crew)) {
return $current_user->isAdminForCrew($target_crew->id);
} elseif (is_numeric($target_crew)) {
return $current_user->isAdminForCrew(intval($target_crew));
} else {
return false;
}
// An invalid data type was passed in for $target_crew (only integer or Crew Object are allowed)
})->before(function ($current_user, $ability) {
// Global Admin users will always be granted this permission
if ($current_user->isGlobalAdmin()) {
return true;
}
});
}
public function index()
{
if (isAdmin() || hasPermission('roles_permissions.content.CUD')) {
// echo "valid";
if (strtolower($_SERVER['REQUEST_METHOD']) == 'post') {
$to_do_with_post = $_POST["todo"];
/*echo $to_do_with_post;*/
/*print_r($this->input->post());*/
if (isset($to_do_with_post)) {
if ($to_do_with_post == 'add_permissions_to_roles') {
$this->_insertRolesPermissions($this->input->post());
}
}
} else {
$this->load->Model('user_roles/Mdl_roles');
$this->load->Model('permissions/Mdl_permissions');
$roles = $this->Mdl_roles->getRolesName();
foreach ($roles as $role) {
/*print_r($role['eduworkers_roles_name']);
die;*/
$roles1[$role['eduworkers_roles_id']] = $role['eduworkers_roles_name'];
}
$permissions = $this->Mdl_permissions->getpermissionsName();
foreach ($permissions as $permission) {
/*print_r($role['eduworkers_roles_name']);
die;*/
$permissions1[$permission['eduworkers_permissions_id']] = $permission['eduworkers_permissions_name'];
}
/*echo "<pre/>";
print_r($roles1);
echo "<br/>";
print_r($permissions1);*/
$data['roles'] = $roles1;
$data['permissions'] = $permissions1;
$this->load->view('admin/header/header');
$this->load->view('index.php', $data);
}
} else {
echo "Please login first. Or you do not have the permission [give permissions to roles]";
}
}
<li <?php
if ($controller == 'team') {
?>
class="active"<?php
}
?>
><a href="<?php
echo BASE_URL;
?>
team">Team</a></li>
<?php
}
?>
<?php
if (hasPermission(1)) {
?>
<li <?php
if ($controller == 'connect') {
?>
class="active"<?php
}
?>
><a href="<?php
echo BASE_URL;
?>
connect">Connect</a></li>
<?php
}
?>
}
include '../../share/global_config.php';
include $sr . '/bin/share/db_connect1.php';
include $sr . '/bin/share/functions/permissions.php';
$mod = $_GET['mod'];
$id = $_GET['id'];
$gruppe = $_POST['gruppe'];
/*
$result1 = mysql_query( "SELECT * FROM $table1 WHERE username = '******' AND aktiv = '1'");
$user_id = mysql_result($result1, isset($i1), 'id');
$result2 = mysql_query( "SELECT * FROM $table7 WHERE user_id = '$user_id' AND enabled = '1' AND permission_id = '999'");
$num2 = mysql_num_rows($result2);
IF($num2 == '1')
*/
if (hasPermission($c_username, 'adminlogin')) {
switch ($mod) {
case 'user':
//echo $gruppe."<BR>";
//Dem benutzer wird die neue Gruppe zugewiesen:
$result3 = mysql_query("UPDATE {$table1} SET group_id = '{$gruppe}' WHERE id='{$id}'");
//die alten Benutzer-Rechte werden geloescht:
$result4 = mysql_query("DELETE FROM {$table7} WHERE user_id = '{$id}'");
//Die neuen Benutzer-Rechte werden entsprechend der neuen Gruppe zugewiesen:
$result5 = mysql_query("SELECT * FROM {$table6} WHERE group_id = '{$gruppe}'");
$num5 = mysql_num_rows($result5);
for ($i5 = 0; $i5 < $num5; $i5++) {
$perm_id = mysql_result($result5, $i5, 'permission_id');
$enabled = mysql_result($result5, $i5, 'enabled');
$result6 = mysql_query("INSERT INTO {$table7} (user_id, permission_id, enabled) VALUES ('{$id}', '{$perm_id}', '{$enabled}')");
}
* Dipl.-Ing. Klaus Henneberg
* 38889 Blankenburg, BRD
*
* This file is licensed under the terms of the Open Software License
* http://www.opensource.org/licenses/osl-2.1.php
*
*/
unset($username);
if ($_COOKIE['login']) {
list($c_username) = preg_split('#,#', $_COOKIE['login']);
//echo $c_username;
}
include '../../share/global_config.php';
include $sr . '/bin/share/db_connect1.php';
include $sr . '/bin/share/functions/permissions.php';
if (hasPermission($c_username, 'editkattree')) {
$navigation = "\n\t\t\t<a class='navi' href='kat_sort1.php'>Sortierung</a>\n\t\t\t<a class='navi' href='kat_repair1.php'>Wartung</a>\n\t\t\t<a class='navi' href='../../html/admin/adminframe.php'>Zurück</a>\n\t\t\t<a class='navi_blind'></a>\n\t\t\t<a class='navi_blind'></a>\n\t\t\t<a class='navi_blind'></a>\n\t\t\t<a class='navi_blind'></a>\n\t\t\t<a class='navi' href='../../html/start.php'>zur Startseite</a>\n\t\t\t<a class='navi' href='../../html/help/help1.php?page=5'>Hilfe</a>\n\t\t\t<a class='navi' href='{$inst_path}/pic2base/index.php'>Logout</a>";
} else {
header('Location: ../../../index.php');
}
echo "\n<div class='page'>\n\n\t<p id='kopf'>pic2base :: Admin-Bereich - Kategorieverwaltung</p>\n\t\n\t<div class='navi' style='clear:right;'>\n\t\t<div class='menucontainer'>" . $navigation . "</div>\n\t</div>\n\t\n\t<div id='spalte1'>";
//Erzeugung der Baumstruktur:
//Beim ersten Aufruf der Seite wird nur das Wurzel-Element angezeigt.
// ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
// fuer register_globals = off
if (array_key_exists('kat_id', $_GET)) {
$kat_id = $_GET['kat_id'];
} else {
$kat_id = 0;
}
$KAT_ID = $kat_id;
$tmpl->setvar('dir', $dir);
$tmpl->setvar('_REN_FILE', $cfg['_REN_FILE']);
$tmpl->setvar('_REN_STRING', $cfg['_REN_STRING']);
} else {
$file = tfb_getRequestVar('fileFrom');
$fileTo = tfb_getRequestVar('fileTo');
$dir = tfb_getRequestVar('dir');
$sourceDir = $cfg["path"] . $dir;
$targetDir = $cfg["path"] . $dir . $fileTo;
// Add slashes if magic_quotes off:
if (get_magic_quotes_gpc() !== 1) {
$targetDir = addslashes($targetDir);
$sourceDir = addslashes($sourceDir);
}
// only valid dirs + entries with permission
if (!(tfb_isValidPath($sourceDir) && tfb_isValidPath($sourceDir . $file) && tfb_isValidPath($targetDir) && isValidEntry($file) && isValidEntry($fileTo) && hasPermission($dir, $cfg["user"], 'w'))) {
AuditAction($cfg["constants"]["error"], "ILLEGAL RENAME: " . $cfg["user"] . " tried to rename " . $file . " in " . $dir . " to " . $fileTo);
@error("Illegal rename. Action has been logged.", "", "");
}
// Use single quote to escape mv args:
$cmd = "mv '" . $sourceDir . $file . "' '" . $targetDir . "'";
$cmd .= ' 2>&1';
$handle = popen($cmd, 'r');
$gotError = -1;
$buff = fgets($handle);
$gotError = $gotError + 1;
pclose($handle);
// template
$tmpl->setvar('is_start', 0);
$tmpl->setvar('messages', nl2br($buff));
if ($gotError <= 0) {
/*
Importando classes e bibliotecas.
*/
require_once '../includes/functions.php';
require_once '../includes/conexao.class.php';
/*
Retomando a sessão.
*/
session_start();
/*
Testando se o usuário está autenticado.
*/
if (isAuthenticated() == false) {
echo "<p class='error_message'>Por favor, efetue o login.</p>";
exit;
} elseif (hasPermission($_SESSION['id'], 'Admin') == false) {
echo "<p class='error_message'>Você não possui privilégios para acessar esta área.</p>";
exit;
}
/*
Verifica se a configuração de log está ligada ou desligada. Se estiver ligada, ele irá fazer uso da
função logAction.
*/
/*$c = new conexao;
$c->set_charset('utf8');
$q = "SELECT * FROM configuracoes WHERE opcao = 'log';";
$r = $c->query($q);
$log = $r->fetch_object();
if($log->valor == 'ligado')
logAction($_SESSION['id'], $_SERVER['REQUEST_URI'], var_export($_POST, true), var_export($_GET, true));*/
?>
<?php
include '../../share/global_config.php';
include $sr . '/bin/share/db_connect1.php';
include $sr . '/bin/share/functions/main_functions.php';
include $sr . '/bin/share/functions/permissions.php';
//Zugriffskontrolle ######################################################
if (!$_COOKIE['uid']) {
//var_dump($sr);
header('Location: ../../../index.php');
} else {
$uid = $_COOKIE['uid'];
if (!hasPermission($uid, 'searchpic', $sr)) {
header('Location: ../../../index.php');
}
}
//########################################################################
//var_dump($_COOKIE);
if (array_key_exists('bewertung', $_POST) and !empty($_POST['bewertung'])) {
setcookie('bewertung', $_POST['bewertung']);
} else {
if (array_key_exists('bewertung', $_COOKIE)) {
$bewertung = $_COOKIE['bewertung'];
} else {
$bewertung = '';
setcookie('bewertung', $bewertung);
}
}
?>
<script language="JavaScript">
// Order by
if (isset($_REQUEST['orderBy']) && ($orderBy = $_REQUEST['orderBy'])) {
$_SESSION['orderScriptsBy'] = $orderBy;
}
if (isset($_SESSION['orderScriptsBy'])) {
$orderBy = $_SESSION['orderScriptsBy'];
} else {
$orderBy = "s.Id";
}
// $orderBy = "s." . $orderBy;
$smarty->assign('orderScriptsBy', $orderBy);
$q = Doctrine_Query::create()->from('WPTScript s, s.WPTScriptFolder f')->orderBy($orderBy);
if ($scriptsFilterField && $scriptsFilterValue) {
$q->andWhere('s.' . $scriptsFilterField . ' LIKE ?', '%' . $scriptsFilterValue . '%');
}
if ($folderId > -1 && hasPermission('WPTScript', $folderId, PERMISSION_READ)) {
$q->andWhere('s.WPTScriptFolderId = ?', $folderId);
} else {
$q->andWhere('s.UserId = ?', $user_id);
}
$pager = new Doctrine_Pager($q, $scriptsCurrentPage, $resultsPerPage);
$result = $pager->execute();
$shares = getFolderShares($user_id, 'WPTScript');
$smarty->assign('shares', $shares);
$smarty->assign('scriptsFilterField', $scriptsFilterField);
$smarty->assign('scriptsFilterValue', $scriptsFilterValue);
$smarty->assign('scriptsCurrentPage', $scriptsCurrentPage);
$smarty->assign('currentPage', $scriptsCurrentPage);
$smarty->assign('maxpages', $pager->getLastPage());
$smarty->assign('result', $result);
} catch (Exception $e) {
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
return hasPermission('api.user.avatarPhoto');
}
fwrite($fh, "##########\n" . date('d.m.Y H:i:s') . ": Doublette " . utf8_decode($FileNameOri) . " zum Original " . utf8_decode($FileNameOri_ori) . " wurde von " . utf8_decode($username) . " gel" . utf8_decode(ö) . "scht. (Aufruf von " . $_SERVER['REMOTE_ADDR'] . ")\nBild-Daten:\nKategorie: " . utf8_decode($Keywords) . "\nBeschreibung: " . utf8_decode($CaptionAbstract) . "\n##########\n");
fclose($fh);
} else {
//es wurde ein normales Bild geloescht
$fh = fopen($p2b_path . 'pic2base/log/p2b.log', 'a');
fwrite($fh, "##########\n" . date('d.m.Y H:i:s') . ": Bild " . $pic_id . " (" . utf8_decode($FileNameOri) . ") wurde von " . utf8_decode($username) . " gel" . utf8_decode(ö) . "scht. (Aufruf von " . $_SERVER['REMOTE_ADDR'] . ")\nBild-Daten:\nKategorie: " . utf8_decode($Keywords) . "\nBeschreibung: " . utf8_decode($CaptionAbstract) . "\n##########\n");
fclose($fh);
}
echo "<BR>Die Original-Datei wurde gelöscht.<BR><BR>\n\t\t<BR><CENTER><FORM name='zu'><INPUT TYPE='button' name='close' VALUE='Fenster schließen' OnClick='javascript:window.close();window.opener.location.reload();' tabindex='1'></FORM></CENTER></p>";
} else {
echo "Sie haben keine ausreichenden Rechte, um diese Aktion auszuführen!<BR>\n\t\t<A HREF='javascript:window.close()'>Fenster schliessen</A></p>";
}
} else {
//echo "User darf nur vormerken<BR>";
//darf der user ueberhaupt loeschen?
if (hasPermission($uid, 'deletemypics', $sr) or hasPermission($uid, 'deleteallpics', $sr)) {
//Bild-Status wird auf inaktiv gesetzt (aktiv = 0)
$result1 = mysql_query("UPDATE {$table2} SET aktiv = 0 WHERE pic_id = '{$pic_id}'");
echo mysql_error();
if (!mysql_error()) {
echo "<p style='color:white; font-wight:bold;'>Bild " . $pic_id . " wurde gelöscht.</p><BR>\n\t\t\t<BR><CENTER><FORM name='zu'><INPUT TYPE='button' name='close' VALUE='Fenster schließen' OnClick='javascript:window.close();window.opener.location.reload();' tabindex='1'></FORM></CENTER></p>";
//log-file im Klartext schreiben:
$fh = fopen($p2b_path . 'pic2base/log/p2b.log', 'a');
fwrite($fh, ">>>>>>>>>>\n" . date('d.m.Y H:i:s') . ": Bild " . $pic_id . " wurde von " . utf8_decode($username) . " zum l" . utf8_decode(ö) . "schen vorgemerkt. (Aufruf von " . $_SERVER['REMOTE_ADDR'] . ")\n<<<<<<<<<<\n");
fclose($fh);
}
} else {
echo "<p style='color:yellow; font-wight:bold;'>Sie haben keine ausreichenden Rechte, um diese Aktion auszuführen!<BR>\n\t\t<A HREF='javascript:window.close()'>Fenster schliessen</A></p>";
}
}
?>
/**
* get dashboard breadcrumb
*
* @return string
*/
public function getDashboardBreadcrumb()
{
if (!hasPermission('admin.dashboard.index')) {
return '';
}
$breadcrumbs = '<li>';
$breadcrumbs .= '<a href="' . lmbRoute('admin.dashboard.index') . '">';
$breadcrumbs .= trans('laravel-modules-core::laravel-dashboard-module/admin.dashboard.index');
$breadcrumbs .= '</a>';
$breadcrumbs .= '<i class="fa fa-circle"></i>';
$breadcrumbs .= '</li>';
return $breadcrumbs;
}
function hasPermission($permission_id)
{
if ($this->obj->config->item('auth') && $this->obj->config->item('auth_security_roles') && $this->obj->db_session && $this->isValidUser()) {
$security = $this->obj->db_session->userdata(AUTH_SECURITY_SECURITY);
if ($security != null && isset($security[AUTH_SECURITY_ROLE]) && isset($security[AUTH_SECURITY_ROLE][AUTH_SECURITY_ROLE_ID]) && isset($security[AUTH_SECURITY_PERMISSIONS])) {
return hasPermission($permission_id, $this->isValidUser(), $security[AUTH_SECURITY_ROLE][AUTH_SECURITY_ROLE_ID], $security[AUTH_SECURITY_PERMISSIONS]);
}
}
return true;
}
//print_r($supp_rawformats);
$ext = strtolower(substr($FileNameOri, -3, 3));
if (($Owner == $c_username and hasPermission($c_username, 'editmypics') or $Owner !== $c_username and hasPermission($c_username, 'editallpics')) and in_array($ext, $supp_rawformats)) {
$symb3 = "<SPAN style='cursor:pointer;'>\n\t\t\t<img src=\"{$inst_path}/pic2base/bin/share/images/reload.png\" width=\"15\" height=\"15\" hspace=\"0\" vspace=\"0\" title=\"Vorschaubilder mit neuen Parametern einlesen\" onClick=\"reloadPreviews('{$pic_id}', '{$c_username}')\" />\n\t\t\t</SPAN>";
} else {
$symb3 = "<SPAN style='cursor:pointer;'>\n\t\t\t<img src=\"{$inst_path}/pic2base/bin/share/images/no_reload.gif\" width=\"15\" height=\"15\" hspace=\"0\" vspace=\"0\" title=\"kein RAW-Format!\" />\n\t\t\t</SPAN>";
}
//wenn der User Bilder loeschen darf, wird das Trash-Icon angezeigt:
if ($Owner == $c_username and hasPermission($c_username, 'deletemypics') or $Owner !== $c_username and hasPermission($c_username, 'deleteallpics')) {
$symb2 = "<A HREF = '#' onClick=\"showDelWarning('{$FileName}', '{$c_username}', '{$pic_id}')\";><img src='{$inst_path}/pic2base/bin/share/images/trash.gif' style='width:15px; height:15px; border:none;' title=\"Bild aus dem Archiv löschen\" /></A>";
} else {
$symb2 = "<SPAN style='cursor:pointer;'>\n\t\t\t<img src='{$inst_path}/pic2base/bin/share/images/notrash.gif' style='width:15px; height:15px; border:none;' title='keine Berechtigung' />\n\t\t\t</span>";
}
echo "\n\t\t<TD id='detailoro1'>" . $symb1 . "</TD>\n\t\t<TD id='detailorlo1'>" . $symb2 . "</TD>\n\t\t<TD id='detailorlo1'>" . $symb3 . "</TD>\n\t\t<TD id='detailorlo1'>" . $symb4 . "</TD>\n\t\t<TD id='detailolo1'>" . $symb5 . "</TD>\n\t\t</TR>\n\t\t\n\t\t<TR id='detail2'>\n\t\t<TD id='detail4' colspan='8' bgcolor='#bdbec6' height=5px></TD>\n\t\t</TR>";
if ($base_file == 'edit_remove_kat') {
$text = '<BR>Klicken Sie auf eine Kategorie um diese und alle ihre Unterkategorien zu löschen.';
} else {
$text = '';
}
echo "\n\t\t<TR id='detail2'>\n\t\t<TD id='detail4' colspan='8' height=70px valign=top><b>zugewiesene Kategorien:</b><BR>" . $kat_info . $text . "</TD>\n\t\t</TR>\n\t\t\n\t\t<TR id='detail2'>\n\t\t<TD id='detail4' colspan='8' bgcolor='#bdbec6' height=5px></TD>\n\t\t</TR>\n\t\t\n\t\t<TR id='detail2'>\n\t\t<TD id='detail4' colspan='8'><b>Bildbeschreibung:</b><BR>\n\t\t<div id='description'>\n\t\t\t<textarea name='description' wordwrap style='width:380px; height:105px; background-color:#DFEFFf; font-size:9pt; font-family:Helvitica,Arial;'>" . htmlentities($Description) . "</textarea>\n\t\t</div>\n\t\t</TD>\n\t\t</TR>\n\t\t\n\t\t</TABLE>";
if ($Owner == $c_username and hasPermission($c_username, 'editmypics') or $Owner !== $c_username and hasPermission($c_username, 'editallpics')) {
//saveChanges ist in ajax_functions.php:
echo "<CENTER><input type=button value=\"Änderungen speichern\" OnClick='saveChanges(\"{$pic_id}\", beschr.description.value, beschr.aufn_dat.value)'></CENTER>";
} else {
echo "<span style='color:grey; font-size:10px;'><center>Sie haben keine Berechtigung, die Bildbeschreibung zu ändern.</center></span>";
}
echo "\n\t\t</FORM>\n\t\t<input type='hidden' name='PIC_id' value='{$pic_id}'>";
} else {
echo "<p class='zwoelf' style='background-color:white; padding: 5px; margin-top: 4px; margin-left: 0px; text-align:center; color:red;'>Das ausgewählte Bild befindet sich nicht mehr in der Datenbank!<BR><BR>\n\t\tBitte aktualisieren Sie die Browser-Ansicht, bevor Sie fortfahren.<BR><BR>\n\t\t<input type='button' value='Browser-Ansicht aktualisieren' onClick='location.reload()'></P>";
}
}
//2 Spaltengruppen ; je Gruppe eine Spalte Parameter und eine Spalte Erlaubnis
echo "\n\t<tr>\n\t<td colspan='4' style='font-size:12pt; text-align:center;'>Erteilte Berechtigungen</td>\n\t</tr>\n\t\n\t<tr style='height:3px;'>\n\t<td class='normal' align='center' bgcolor='darkred' colspan='4'></TD>\n\t</TR>\n\t\t\n\t<tr>\n\t<td colspan='4'> </td>\n\t</tr>";
$result = mysql_query("select * from permissions ORDER BY perm_id DESC");
$num = mysql_num_rows($result);
$rows = ceil($num / 2);
for ($r = 0; $r < $rows; $r++) {
$i = $r * 2;
$content = $content . "<TR>";
for ($cg = '0'; $cg < $col_groups; $cg++) {
$i = $r * 2 + $cg;
@($description = trim(mysql_result($result, $i, "description")));
@($shortdescription = mysql_result($result, $i, "shortdescription"));
@($perm_id = mysql_result($result, $i, "perm_id"));
if ($description !== '') {
$content = $content . "<td class='tdbreit'>" . $description . "</td>";
if (hasPermission($user_id, $shortdescription, $sr)) {
$checked = 'checked';
$text = 'Berechtigung erteilt';
} else {
$checked = '';
$text = 'keine Berechtigung';
}
$content = $content . "<TD class='tdschmal'>\n\t\t\t\t<div id = '{$perm_id}'>\n\t\t\t\t<input type=checkbox name='cb' {$checked} title= '{$text}' onClick='changeUserpermission(\"{$user_id}\", \"{$perm_id}\", \"{$checked}\", \"{$sr}\")'>\n\t\t\t\t</div>\n\t\t\t\t</td>";
} else {
$content = $content . "<td class='tdbreit'></td><TD class='tdschmal'></td>";
}
}
$content = $content . "</TR>";
}
echo $content . "<tr>\n\t<td colspan='4'> </td>\n\t</tr>\n\n\t<tr style='height:3px;'>\n\t<td class='normal' align='center' bgcolor='darkred' colspan='4'></TD>\n\t</TR>\n\t\n\t<tr style='height:30px;'>\n\t<td class='normal' align='left' colspan='4'>\n\tHinweis: Ein Klick in das jeweilige Auswahlfeld ändert sofort <b>und ohne Rückfrage</b> den Status der Berechtigung.</TD>\n\t</TR>";
}
$pic_id = $_GET['pic_id'];
}
include 'global_config.php';
include $sr . '/bin/share/db_connect1.php';
include $sr . '/bin/share/functions/main_functions.php';
include $sr . '/bin/share/functions/permissions.php';
$exiftool = buildExiftoolCommand($sr);
$result0 = mysql_query("SELECT * FROM {$table1} WHERE id = '{$uid}' AND aktiv = '1'");
$username = mysql_result($result0, isset($i0), 'username');
$datei = $pic_path . "/" . $FileName;
$target = $ftp_path . "/" . $uid . "/downloads/" . $FileName;
if (@copy($datei, $target)) {
$result1 = mysql_query("UPDATE {$table2} SET ranking = ranking + 1 WHERE pic_id = '{$pic_id}'");
$result2 = mysql_query("SELECT FileNameV FROM {$table2} WHERE pic_id = '{$pic_id}'");
$FileNameV = mysql_result($result2, isset($i2), 'FileNameV');
if (hasPermission($uid, 'rotatepicture', $sr)) {
echo "\n\t\t<SPAN style='cursor:pointer;' onClick='rotPrevPic(\"8\", \"{$FileNameV}\", \"{$pic_id}\", \"{$fs_hoehe}\")'><img src=\"{$inst_path}/pic2base/bin/share/images/90-ccw.gif\" width=\"8\" height=\"8\" style='margin-right:5px;' title='Vorschaubild 90° links drehen' /></span>\n\t\t<SPAN style='cursor:pointer;' onClick='delPicture(\"{$FileName}\",\"{$uid}\",\"{$pic_id}\")'><img src='{$inst_path}/pic2base/bin/share/images/selected.gif' width='12' height='12' hspace='0' vspace='0' title='Bild aus dem FTP-Download-Ordner entfernen' /></SPAN>\n\t\t<SPAN style='cursor:pointer;' onClick='rotPrevPic(\"6\", \"{$FileNameV}\", \"{$pic_id}\", \"{$fs_hoehe}\")'><img src=\"{$inst_path}/pic2base/bin/share/images/90-cw.gif\" width=\"8\" height=\"8\" style='margin-left:5px;' title='Vorschaubild 90° rechts drehen' /></span>";
} else {
echo "<SPAN style='cursor:pointer;' onClick='delPicture(\"{$FileName}\",\"{$uid}\",\"{$pic_id}\")'><img src='{$inst_path}/pic2base/bin/share/images/selected.gif' width='12' height='12' hspace='0' vspace='0' title='Bild aus dem FTP-Download-Ordner entfernen' /></SPAN>";
}
//Log-Datei schreiben:
$fh = fopen($p2b_path . 'pic2base/log/p2b.log', 'a');
fwrite($fh, date('d.m.Y H:i:s') . ": Bild " . $pic_id . " wurde von " . $username . " heruntergeladen. (Zugriff von " . $_SERVER['REMOTE_ADDR'] . ")\n");
fclose($fh);
} else {
echo "Konnte die Datei {$FileName} nicht kopieren!<BR>";
}
//es wird geprueft, ob ggf. ein Originalbild als NICHT-JPG vorliegt
$file_info = pathinfo($datei);
$base_name = substr($file_info['basename'], 0, -4);
//echo $base_name;
