/** * Submit a comment to an article * @param Int $id */ public function add($id = false) { requirePermission("canAddComment"); if (!$id) { die; } // Check if article exist and if you can comment it if ($this->news_model->articleExists($id, true) && $this->user->isOnline()) { $message = $this->input->post('content'); if (strlen($message) > 0 && $message && strlen($message) <= 255) { // Format the comment $comment = array("timestamp" => time(), "article_id" => $id, "author_id" => $this->user->getId(), "content" => $message, "is_gm" => hasPermission('postCommentAsStaff') ? 1 : 0); $this->comments_model->addComment($comment); // Add log $this->logger->createLog('Added comment', $id); $this->plugins->onAddComment($id, $message); // Get last comment $comment_arr = $this->comments_model->getLastComment($id); // Add values $comment_arr['profile'] = $this->template->page_url . "profile/" . $comment_arr['author_id']; $comment_arr['avatar'] = $this->user->getAvatar($comment_arr['author_id'], "small"); $comment_arr['author'] = $this->user->getNickname($comment_arr['author_id']); $comment_arr['content'] = $this->template->format($message, true, true, true, 45); $comment_arr['url'] = $this->template->page_url; $comment_arr['is_gm'] = $comment['is_gm']; // Clear cache $this->cache->delete('news_*.cache'); $this->cache->delete('comments_' . $id . '_*.cache'); // Load the comment template, also check if we are a staff member $data = array('comments' => array($comment_arr), 'user_is_gm' => hasPermission('postCommentAsStaff'), 'url' => $this->template->page_url); die($this->template->loadPage("comments.tpl", $data)); } } }
public function get($id = false) { // Is it loaded via ajax or not? if ($id === false) { $id = 0; $die = false; } else { $die = true; } $cache = $this->cache->get("shoutbox_" . $id . "_" . getLang()); if ($cache !== false) { $shouts = $cache; } else { // Load the shouts $shouts = $this->shoutbox_model->getShouts($id, $this->config->item('shouts_per_page')); // Format the shout data foreach ($shouts as $key => $value) { $shouts[$key]['nickname'] = $this->internal_user_model->getNickname($shouts[$key]['author']); $shouts[$key]['content'] = $this->template->format($shouts[$key]['content'], true, true, true, 40); } $this->cache->save("shoutbox_" . $id . "_" . getLang(), $shouts); } foreach ($shouts as $key => $value) { $shouts[$key]['date'] = $this->template->formatTime(time() - $shouts[$key]['date']); } // Prepare the data $data = array("module" => "sidebox_shoutbox", "shouts" => $shouts, "url" => $this->template->page_url, "user_is_gm" => hasPermission("removeShout", "sidebox_shoutbox")); $shouts = $this->template->loadPage("shouts.tpl", $data); // To be or not to be, that's the question :-) if ($die) { die($shouts); } else { return $shouts; } }
public function __construct() { parent::__construct(); if (!hasPermission('access_help_page')) { redirect(BASE_URL . 'dashboard/'); } }
public function index() { requirePermission("view"); $this->template->setTitle(lang("user_panel", "ucp")); $cache = $this->cache->get("profile_characters_" . $this->user->getId()); if ($cache !== false) { $characters = $cache; } else { $characters_data = array("characters" => $this->realms->getTotalCharacters(), "realms" => $this->realms->getRealms(), "url" => $this->template->page_url, "realmObj" => $this->realms); $characters = $this->template->loadPage("ucp_characters.tpl", $characters_data); $this->cache->save("profile_characters_" . $this->user->getId(), $characters, 60 * 60); } $links = $this->menu_model->getMenuLinks(); if ($links) { foreach ($links as $key => $value) { // Check if we have the permission, otherwise unset the row if ($value['permission'] != '') { if (hasPermission($value['permission'], $value['permissionModule']) !== true) { unset($links[$key]); continue; } } // Add the website path if internal link if (!preg_match("/https?:\\/\\//", $value['link'])) { $links[$key]['link'] = $this->template->page_url . $value['link']; } $links[$key]['name'] = langColumn($links[$key]['name']); } } $data = array("username" => $this->user->getNickname(), "expansion" => $this->realms->getEmulator()->getExpansionName($this->external_account_model->getExpansion()), "vp" => $this->internal_user_model->getVp(), "dp" => $this->internal_user_model->getDp(), "url" => $this->template->page_url, "location" => $this->internal_user_model->getLocation(), "groups" => $this->acl_model->getGroupsByUser($this->user->getId()), "register_date" => $this->user->getRegisterDate(), "status" => $this->user->getAccountStatus(), "characters" => $characters, "avatar" => $this->user->getAvatar($this->user->getId()), "id" => $this->user->getId(), "menu_links" => $links, "config" => array("vote" => $this->config->item('ucp_vote'), "donate" => $this->config->item('ucp_donate'), "store" => $this->config->item('ucp_store'), "settings" => $this->config->item('ucp_settings'), "expansion" => $this->config->item('ucp_expansion'), "teleport" => $this->config->item('ucp_teleport'), "admin" => $this->config->item('ucp_admin'), "gm" => $this->config->item('ucp_gm'))); $this->template->view($this->template->loadPage("page.tpl", array("module" => "default", "headline" => lang("user_panel", "ucp"), "content" => $this->template->loadPage("ucp.tpl", $data))), "modules/ucp/css/ucp.css"); }
public function save($id = false) { if (!hasPermission("editAccounts")) { die("UI.alert('You do not have permission to edit accounts')"); } if (!$id || !is_numeric($id)) { die; } $external_account_data[column("account", "expansion")] = $this->input->post("expansion"); $external_account_data[column("account", "email")] = $this->input->post("email"); if (hasPermission("editPermissions")) { $this->acl_model->removePermissionsFromUser($id); foreach ($_POST as $k => $v) { if ($v !== '' && !in_array($k, array("vp", "dp", "nickname", "email", "group", "expansion", "password", "gm_level"))) { $permissionParts = explode("-", $k); // UserID, permissionName, moduleName $this->acl_model->assignPermissionToUser($id, $permissionParts[1], $permissionParts[0], $v); } } } // Make sure to check if we got something filled in here. if ($this->input->post("password")) { $external_account_data[column("account", "password")] = $this->realms->getEmulator()->encrypt($this->user->getUsername($id), $this->input->post("password")); } $external_account_access_data[column("account_access", "gmlevel")] = $this->input->post("gm_level"); $internal_account_data["vp"] = $this->input->post("vp"); $internal_account_data["dp"] = $this->input->post("dp"); $internal_account_data["nickname"] = $this->input->post("nickname"); if (!$external_account_data[column("account", "email")] || !$internal_account_data["nickname"]) { die("UI.alert('The fields can\\'t be empty')"); } $this->accounts_model->save($id, $external_account_data, $external_account_access_data, $internal_account_data); die('UI.alert("The account has been saved")'); }
/** * Determine if the user is authorized to make this request. * * @return bool */ public function authorize() { $hackedRoute = 'admin.page_category.update'; if (!is_null($this->segment(4))) { $hackedRoute .= '#####' . $this->segment(3); } return hasPermission($hackedRoute); }
public function __construct() { parent::__construct(); $this->_auth = new \tinyPHP\Classes\Libraries\Cookies(); if (!hasPermission('manage_roles')) { redirect(BASE_URL . 'dashboard/'); } }
function getAddService() { include 'func/hasPerm.php'; if (hasPermission("addService")) { if (isset($_POST['nazwa']) && ($_POST['nazwa'] == "" || $_POST['id_uslugi'] == "" || $_POST['serwer_id'] == "" || $_POST['opis'] == "" || $_POST['zdjecie'] == "" || $_POST['sms_tresc'] == "" || $_POST['sms_numer'] == "" || $_POST['sms_cena'] == "" || $_POST['api_konta'] == "" || $_POST['api_sms'] == "")) { echo ' <div class="alert alert-danger" role="alert"> Zostawiłeś puste pola! Spróbuj ponownie! </div> '; echoServiceForm(); } else { if (!isset($_POST['nazwa'])) { echoServiceForm(); } else { if (ctype_alnum($_POST['nazwa'])) { include '../config/mysql.php'; $sql = "INSERT INTO services (server_id, nazwa, tresc, numer, koszt_sms, payment, acc_api, param, krotki_opis, img)\n\t\t\t\t\t\t\tVALUES ('" . $_POST['serwer_id'] . "', '" . $_POST['nazwa'] . "', '" . $_POST['sms_tresc'] . "', '" . $_POST['sms_numer'] . "', '" . $_POST['sms_cena'] . "', '" . $_POST['payment_id'] . "', '" . $_POST['api_konta'] . "', '" . $_POST['api_sms'] . "', '" . $_POST['opis'] . "', '" . $_POST['zdjecie'] . "')"; if ($conn->query($sql) === TRUE) { echo ' <div class="alert alert-success" role="alert"> Usługa została dodana!<br> Możesz teraz przystąpić do testowania! </div> '; echo '<meta http-equiv="refresh" content="3; url=index.php" />'; } else { echo ' <div class="alert alert-danger" role="alert"> Wystąpił błąd podczas dodawania wpisu do bazy danych! </div> '; } } else { echo ' <div class="alert alert-danger" role="alert"> Podałeś nie poprawne dane! </div> '; echoServiceForm(); } } } } else { echo ' <div class="alert alert-danger" role="alert"> Nie masz uprawnień do dodawania usług! </div> '; } }
function getAddServer() { include 'func/hasPerm.php'; if (hasPermission("addServer")) { if (isset($_POST['nazwa']) && ($_POST['nazwa'] == "" || $_POST['serv_id'] == "" || $_POST['serv_ip'] == "" || $_POST['port_q'] == "" || $_POST['port_r'] == "" || $_POST['pass_r'] == "")) { echo ' <div class="alert alert-danger" role="alert"> Zostawiłeś puste pola! Spróbuj ponownie! </div> '; echoForm(); } else { if (!isset($_POST['nazwa'])) { echoForm(); } else { if (is_numeric($_POST['port_q']) && is_numeric($_POST['port_r']) && ctype_alnum($_POST['nazwa']) && ctype_alnum($_POST['serv_id']) && ctype_alnum($_POST['pass_r']) && ip2long($_POST['serv_ip']) !== false) { include '../config/mysql.php'; $sql = "INSERT INTO servers (server_id, nazwa, ip, port_query, port_rcon, pasw_rcon)\n\t\t\t\t\t\t\tVALUES ('" . $_POST['serv_id'] . "', '" . $_POST['nazwa'] . "', '" . $_POST['serv_ip'] . "', '" . $_POST['port_q'] . "', '" . $_POST['port_r'] . "', '" . $_POST['pass_r'] . "')"; if ($conn->query($sql) === TRUE) { echo ' <div class="alert alert-success" role="alert"> Nowy serwer został dodany!<br> Możesz teraz przystąpić do dodawania usług. </div> '; echo '<meta http-equiv="refresh" content="3; url=index.php?page=serverList" />'; } else { echo ' <div class="alert alert-danger" role="alert"> Wystąpił błąd podczas dodawania wpisu do bazy danych! </div> '; } } else { echo ' <div class="alert alert-danger" role="alert"> Porty muszą być cyframi, nazwa, ID serwera oraz hasło RCON nie może zawierać znaków specjalnych, lub IP jest nie poprawne. </div> '; } } } } else { echo ' <div class="alert alert-danger" role="alert"> Nie masz uprawnień do dodawania serwerów! </div> '; } }
/** * init menus * * @param string $type */ public function menuInit($type) { Menu::make($type, function ($menu) use($type) { $menus = $type . 'Menus'; foreach ($this->{$menus} as $action) { $action::addMenu($menu); } })->filter(function ($item) { if (is_null($item->data('permissions'))) { return true; } return $this->user->is_super_admin || hasPermission($item->data('permissions')) ?: false; }); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $route = Route::currentRouteName(); $method = $request->method(); $parameters = Route::current()->parameters(); $hackedRoute = routeHack($route, $parameters); // if user destroy route if ($method == 'GET' && in_array($route, $this->userDestroyRoutes) && !is_null(Request::route('users')) && Request::route('users')->id === Sentinel::getUser()->id) { abort(403); } // dd($hackedRoute); if ($method == 'GET' && !in_array($route, $this->exceptRoutes) && !Sentinel::getUser()->is_super_admin && ((!in_array($route, $this->userRoutes) || is_null(Request::route('users')) || Request::route('users')->id !== Sentinel::getUser()->id) && !hasPermission($hackedRoute))) { abort(403); } return $next($request); }
/** * set routes * * @return void */ private function setRoutes() { foreach ($this->myModules as $module) { $scModule = snake_case($module, '-'); $subModules = config("{$scModule}.permissions"); if (!is_null($subModules)) { foreach ($subModules as $sub => $routes) { $hasRoutes = array_filter(array_keys($routes['routes']), function ($item) { return hasPermission($item); }); if (count($hasRoutes) > 0) { $this->routes[$scModule . '_' . $sub] = $routes; } } } } }
function hasPermissions($permissions, $conjuction = 'and') { if ($conjuction == 'and') { foreach ($permissions as $permission) { if (!hasPermission($permission)) { return false; } } return true; } elseif ($conjuction == 'or') { foreach ($permissions as $permission) { if (hasPermission($permission)) { return true; } } return false; } else { throw new Exception("Illegal grammatical conjuction: {$conjuction}"); } }
public function index() { if (isAdmin() || hasPermission('roles.content.CUD')) { // echo "valid"; if (strtolower($_SERVER['REQUEST_METHOD']) == 'post') { $to_do_with_post = $_POST["todo"]; /*echo $to_do_with_post;*/ /*print_r($this->input->post());*/ if (isset($to_do_with_post)) { if ($to_do_with_post == 'insert_roles') { $this->_insertRoles($this->input->post()); } } } else { $this->load->view('index.php'); } } else { echo "Please login first. Or you do not have the permission [access roles]"; } }
/** * Register any application authentication / authorization services. * * @param \Illuminate\Contracts\Auth\Access\Gate $gate * @return void */ public function boot(GateContract $gate) { $this->registerPolicies($gate); // The current user must be on the same crew as the user being destroyed, unless the current user is a Global Admin $gate->define('destroy_user', function ($current_user, $user_to_destroy) { return $current_user->crew_id === $user_to_destroy->crew_id; })->before(function ($current_user, $ability) { // Global Admin users will always be granted this permission if ($current_user->isGlobalAdmin()) { return true; } }); // The current user must be on the same crew as the Crew object passed in AND have the specified User->permission // If $action is null, User->hasPermission($action) will return TRUE $gate->define('performActionForCrew', function ($current_user, $target_crew, $action = null) { return $current_user->crew_id === $target_crew->id && $current_user . hasPermission($action); })->before(function ($current_user, $ability) { // Global Admin users will always be granted this permission if ($current_user->isGlobalAdmin()) { return true; } }); // The current user must be a Crew Admin for the target Crew $gate->define('actAsAdminForCrew', function ($current_user, $target_crew) { // Allow $target_crew to be passed in as either a Crew object OR an Integer crew_id // If $target_crew is NULL, return FALSE.... UNLESS the $current_user is a Global Admin if (is_object($target_crew)) { return $current_user->isAdminForCrew($target_crew->id); } elseif (is_numeric($target_crew)) { return $current_user->isAdminForCrew(intval($target_crew)); } else { return false; } // An invalid data type was passed in for $target_crew (only integer or Crew Object are allowed) })->before(function ($current_user, $ability) { // Global Admin users will always be granted this permission if ($current_user->isGlobalAdmin()) { return true; } }); }
public function index() { if (isAdmin() || hasPermission('roles_permissions.content.CUD')) { // echo "valid"; if (strtolower($_SERVER['REQUEST_METHOD']) == 'post') { $to_do_with_post = $_POST["todo"]; /*echo $to_do_with_post;*/ /*print_r($this->input->post());*/ if (isset($to_do_with_post)) { if ($to_do_with_post == 'add_permissions_to_roles') { $this->_insertRolesPermissions($this->input->post()); } } } else { $this->load->Model('user_roles/Mdl_roles'); $this->load->Model('permissions/Mdl_permissions'); $roles = $this->Mdl_roles->getRolesName(); foreach ($roles as $role) { /*print_r($role['eduworkers_roles_name']); die;*/ $roles1[$role['eduworkers_roles_id']] = $role['eduworkers_roles_name']; } $permissions = $this->Mdl_permissions->getpermissionsName(); foreach ($permissions as $permission) { /*print_r($role['eduworkers_roles_name']); die;*/ $permissions1[$permission['eduworkers_permissions_id']] = $permission['eduworkers_permissions_name']; } /*echo "<pre/>"; print_r($roles1); echo "<br/>"; print_r($permissions1);*/ $data['roles'] = $roles1; $data['permissions'] = $permissions1; $this->load->view('admin/header/header'); $this->load->view('index.php', $data); } } else { echo "Please login first. Or you do not have the permission [give permissions to roles]"; } }
<li <?php if ($controller == 'team') { ?> class="active"<?php } ?> ><a href="<?php echo BASE_URL; ?> team">Team</a></li> <?php } ?> <?php if (hasPermission(1)) { ?> <li <?php if ($controller == 'connect') { ?> class="active"<?php } ?> ><a href="<?php echo BASE_URL; ?> connect">Connect</a></li> <?php } ?>
} include '../../share/global_config.php'; include $sr . '/bin/share/db_connect1.php'; include $sr . '/bin/share/functions/permissions.php'; $mod = $_GET['mod']; $id = $_GET['id']; $gruppe = $_POST['gruppe']; /* $result1 = mysql_query( "SELECT * FROM $table1 WHERE username = '******' AND aktiv = '1'"); $user_id = mysql_result($result1, isset($i1), 'id'); $result2 = mysql_query( "SELECT * FROM $table7 WHERE user_id = '$user_id' AND enabled = '1' AND permission_id = '999'"); $num2 = mysql_num_rows($result2); IF($num2 == '1') */ if (hasPermission($c_username, 'adminlogin')) { switch ($mod) { case 'user': //echo $gruppe."<BR>"; //Dem benutzer wird die neue Gruppe zugewiesen: $result3 = mysql_query("UPDATE {$table1} SET group_id = '{$gruppe}' WHERE id='{$id}'"); //die alten Benutzer-Rechte werden geloescht: $result4 = mysql_query("DELETE FROM {$table7} WHERE user_id = '{$id}'"); //Die neuen Benutzer-Rechte werden entsprechend der neuen Gruppe zugewiesen: $result5 = mysql_query("SELECT * FROM {$table6} WHERE group_id = '{$gruppe}'"); $num5 = mysql_num_rows($result5); for ($i5 = 0; $i5 < $num5; $i5++) { $perm_id = mysql_result($result5, $i5, 'permission_id'); $enabled = mysql_result($result5, $i5, 'enabled'); $result6 = mysql_query("INSERT INTO {$table7} (user_id, permission_id, enabled) VALUES ('{$id}', '{$perm_id}', '{$enabled}')"); }
* Dipl.-Ing. Klaus Henneberg * 38889 Blankenburg, BRD * * This file is licensed under the terms of the Open Software License * http://www.opensource.org/licenses/osl-2.1.php * */ unset($username); if ($_COOKIE['login']) { list($c_username) = preg_split('#,#', $_COOKIE['login']); //echo $c_username; } include '../../share/global_config.php'; include $sr . '/bin/share/db_connect1.php'; include $sr . '/bin/share/functions/permissions.php'; if (hasPermission($c_username, 'editkattree')) { $navigation = "\n\t\t\t<a class='navi' href='kat_sort1.php'>Sortierung</a>\n\t\t\t<a class='navi' href='kat_repair1.php'>Wartung</a>\n\t\t\t<a class='navi' href='../../html/admin/adminframe.php'>Zurück</a>\n\t\t\t<a class='navi_blind'></a>\n\t\t\t<a class='navi_blind'></a>\n\t\t\t<a class='navi_blind'></a>\n\t\t\t<a class='navi_blind'></a>\n\t\t\t<a class='navi' href='../../html/start.php'>zur Startseite</a>\n\t\t\t<a class='navi' href='../../html/help/help1.php?page=5'>Hilfe</a>\n\t\t\t<a class='navi' href='{$inst_path}/pic2base/index.php'>Logout</a>"; } else { header('Location: ../../../index.php'); } echo "\n<div class='page'>\n\n\t<p id='kopf'>pic2base :: Admin-Bereich - Kategorieverwaltung</p>\n\t\n\t<div class='navi' style='clear:right;'>\n\t\t<div class='menucontainer'>" . $navigation . "</div>\n\t</div>\n\t\n\t<div id='spalte1'>"; //Erzeugung der Baumstruktur: //Beim ersten Aufruf der Seite wird nur das Wurzel-Element angezeigt. // ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ // fuer register_globals = off if (array_key_exists('kat_id', $_GET)) { $kat_id = $_GET['kat_id']; } else { $kat_id = 0; } $KAT_ID = $kat_id;
$tmpl->setvar('dir', $dir); $tmpl->setvar('_REN_FILE', $cfg['_REN_FILE']); $tmpl->setvar('_REN_STRING', $cfg['_REN_STRING']); } else { $file = tfb_getRequestVar('fileFrom'); $fileTo = tfb_getRequestVar('fileTo'); $dir = tfb_getRequestVar('dir'); $sourceDir = $cfg["path"] . $dir; $targetDir = $cfg["path"] . $dir . $fileTo; // Add slashes if magic_quotes off: if (get_magic_quotes_gpc() !== 1) { $targetDir = addslashes($targetDir); $sourceDir = addslashes($sourceDir); } // only valid dirs + entries with permission if (!(tfb_isValidPath($sourceDir) && tfb_isValidPath($sourceDir . $file) && tfb_isValidPath($targetDir) && isValidEntry($file) && isValidEntry($fileTo) && hasPermission($dir, $cfg["user"], 'w'))) { AuditAction($cfg["constants"]["error"], "ILLEGAL RENAME: " . $cfg["user"] . " tried to rename " . $file . " in " . $dir . " to " . $fileTo); @error("Illegal rename. Action has been logged.", "", ""); } // Use single quote to escape mv args: $cmd = "mv '" . $sourceDir . $file . "' '" . $targetDir . "'"; $cmd .= ' 2>&1'; $handle = popen($cmd, 'r'); $gotError = -1; $buff = fgets($handle); $gotError = $gotError + 1; pclose($handle); // template $tmpl->setvar('is_start', 0); $tmpl->setvar('messages', nl2br($buff)); if ($gotError <= 0) {
/* Importando classes e bibliotecas. */ require_once '../includes/functions.php'; require_once '../includes/conexao.class.php'; /* Retomando a sessão. */ session_start(); /* Testando se o usuário está autenticado. */ if (isAuthenticated() == false) { echo "<p class='error_message'>Por favor, efetue o login.</p>"; exit; } elseif (hasPermission($_SESSION['id'], 'Admin') == false) { echo "<p class='error_message'>Você não possui privilégios para acessar esta área.</p>"; exit; } /* Verifica se a configuração de log está ligada ou desligada. Se estiver ligada, ele irá fazer uso da função logAction. */ /*$c = new conexao; $c->set_charset('utf8'); $q = "SELECT * FROM configuracoes WHERE opcao = 'log';"; $r = $c->query($q); $log = $r->fetch_object(); if($log->valor == 'ligado') logAction($_SESSION['id'], $_SERVER['REQUEST_URI'], var_export($_POST, true), var_export($_GET, true));*/ ?>
<?php include '../../share/global_config.php'; include $sr . '/bin/share/db_connect1.php'; include $sr . '/bin/share/functions/main_functions.php'; include $sr . '/bin/share/functions/permissions.php'; //Zugriffskontrolle ###################################################### if (!$_COOKIE['uid']) { //var_dump($sr); header('Location: ../../../index.php'); } else { $uid = $_COOKIE['uid']; if (!hasPermission($uid, 'searchpic', $sr)) { header('Location: ../../../index.php'); } } //######################################################################## //var_dump($_COOKIE); if (array_key_exists('bewertung', $_POST) and !empty($_POST['bewertung'])) { setcookie('bewertung', $_POST['bewertung']); } else { if (array_key_exists('bewertung', $_COOKIE)) { $bewertung = $_COOKIE['bewertung']; } else { $bewertung = ''; setcookie('bewertung', $bewertung); } } ?> <script language="JavaScript">
// Order by if (isset($_REQUEST['orderBy']) && ($orderBy = $_REQUEST['orderBy'])) { $_SESSION['orderScriptsBy'] = $orderBy; } if (isset($_SESSION['orderScriptsBy'])) { $orderBy = $_SESSION['orderScriptsBy']; } else { $orderBy = "s.Id"; } // $orderBy = "s." . $orderBy; $smarty->assign('orderScriptsBy', $orderBy); $q = Doctrine_Query::create()->from('WPTScript s, s.WPTScriptFolder f')->orderBy($orderBy); if ($scriptsFilterField && $scriptsFilterValue) { $q->andWhere('s.' . $scriptsFilterField . ' LIKE ?', '%' . $scriptsFilterValue . '%'); } if ($folderId > -1 && hasPermission('WPTScript', $folderId, PERMISSION_READ)) { $q->andWhere('s.WPTScriptFolderId = ?', $folderId); } else { $q->andWhere('s.UserId = ?', $user_id); } $pager = new Doctrine_Pager($q, $scriptsCurrentPage, $resultsPerPage); $result = $pager->execute(); $shares = getFolderShares($user_id, 'WPTScript'); $smarty->assign('shares', $shares); $smarty->assign('scriptsFilterField', $scriptsFilterField); $smarty->assign('scriptsFilterValue', $scriptsFilterValue); $smarty->assign('scriptsCurrentPage', $scriptsCurrentPage); $smarty->assign('currentPage', $scriptsCurrentPage); $smarty->assign('maxpages', $pager->getLastPage()); $smarty->assign('result', $result); } catch (Exception $e) {
/** * Determine if the user is authorized to make this request. * * @return bool */ public function authorize() { return hasPermission('api.user.avatarPhoto'); }
fwrite($fh, "##########\n" . date('d.m.Y H:i:s') . ": Doublette " . utf8_decode($FileNameOri) . " zum Original " . utf8_decode($FileNameOri_ori) . " wurde von " . utf8_decode($username) . " gel" . utf8_decode(ö) . "scht. (Aufruf von " . $_SERVER['REMOTE_ADDR'] . ")\nBild-Daten:\nKategorie: " . utf8_decode($Keywords) . "\nBeschreibung: " . utf8_decode($CaptionAbstract) . "\n##########\n"); fclose($fh); } else { //es wurde ein normales Bild geloescht $fh = fopen($p2b_path . 'pic2base/log/p2b.log', 'a'); fwrite($fh, "##########\n" . date('d.m.Y H:i:s') . ": Bild " . $pic_id . " (" . utf8_decode($FileNameOri) . ") wurde von " . utf8_decode($username) . " gel" . utf8_decode(ö) . "scht. (Aufruf von " . $_SERVER['REMOTE_ADDR'] . ")\nBild-Daten:\nKategorie: " . utf8_decode($Keywords) . "\nBeschreibung: " . utf8_decode($CaptionAbstract) . "\n##########\n"); fclose($fh); } echo "<BR>Die Original-Datei wurde gelöscht.<BR><BR>\n\t\t<BR><CENTER><FORM name='zu'><INPUT TYPE='button' name='close' VALUE='Fenster schließen' OnClick='javascript:window.close();window.opener.location.reload();' tabindex='1'></FORM></CENTER></p>"; } else { echo "Sie haben keine ausreichenden Rechte, um diese Aktion auszuführen!<BR>\n\t\t<A HREF='javascript:window.close()'>Fenster schliessen</A></p>"; } } else { //echo "User darf nur vormerken<BR>"; //darf der user ueberhaupt loeschen? if (hasPermission($uid, 'deletemypics', $sr) or hasPermission($uid, 'deleteallpics', $sr)) { //Bild-Status wird auf inaktiv gesetzt (aktiv = 0) $result1 = mysql_query("UPDATE {$table2} SET aktiv = 0 WHERE pic_id = '{$pic_id}'"); echo mysql_error(); if (!mysql_error()) { echo "<p style='color:white; font-wight:bold;'>Bild " . $pic_id . " wurde gelöscht.</p><BR>\n\t\t\t<BR><CENTER><FORM name='zu'><INPUT TYPE='button' name='close' VALUE='Fenster schließen' OnClick='javascript:window.close();window.opener.location.reload();' tabindex='1'></FORM></CENTER></p>"; //log-file im Klartext schreiben: $fh = fopen($p2b_path . 'pic2base/log/p2b.log', 'a'); fwrite($fh, ">>>>>>>>>>\n" . date('d.m.Y H:i:s') . ": Bild " . $pic_id . " wurde von " . utf8_decode($username) . " zum l" . utf8_decode(ö) . "schen vorgemerkt. (Aufruf von " . $_SERVER['REMOTE_ADDR'] . ")\n<<<<<<<<<<\n"); fclose($fh); } } else { echo "<p style='color:yellow; font-wight:bold;'>Sie haben keine ausreichenden Rechte, um diese Aktion auszuführen!<BR>\n\t\t<A HREF='javascript:window.close()'>Fenster schliessen</A></p>"; } } ?>
/** * get dashboard breadcrumb * * @return string */ public function getDashboardBreadcrumb() { if (!hasPermission('admin.dashboard.index')) { return ''; } $breadcrumbs = '<li>'; $breadcrumbs .= '<a href="' . lmbRoute('admin.dashboard.index') . '">'; $breadcrumbs .= trans('laravel-modules-core::laravel-dashboard-module/admin.dashboard.index'); $breadcrumbs .= '</a>'; $breadcrumbs .= '<i class="fa fa-circle"></i>'; $breadcrumbs .= '</li>'; return $breadcrumbs; }
function hasPermission($permission_id) { if ($this->obj->config->item('auth') && $this->obj->config->item('auth_security_roles') && $this->obj->db_session && $this->isValidUser()) { $security = $this->obj->db_session->userdata(AUTH_SECURITY_SECURITY); if ($security != null && isset($security[AUTH_SECURITY_ROLE]) && isset($security[AUTH_SECURITY_ROLE][AUTH_SECURITY_ROLE_ID]) && isset($security[AUTH_SECURITY_PERMISSIONS])) { return hasPermission($permission_id, $this->isValidUser(), $security[AUTH_SECURITY_ROLE][AUTH_SECURITY_ROLE_ID], $security[AUTH_SECURITY_PERMISSIONS]); } } return true; }
//print_r($supp_rawformats); $ext = strtolower(substr($FileNameOri, -3, 3)); if (($Owner == $c_username and hasPermission($c_username, 'editmypics') or $Owner !== $c_username and hasPermission($c_username, 'editallpics')) and in_array($ext, $supp_rawformats)) { $symb3 = "<SPAN style='cursor:pointer;'>\n\t\t\t<img src=\"{$inst_path}/pic2base/bin/share/images/reload.png\" width=\"15\" height=\"15\" hspace=\"0\" vspace=\"0\" title=\"Vorschaubilder mit neuen Parametern einlesen\" onClick=\"reloadPreviews('{$pic_id}', '{$c_username}')\" />\n\t\t\t</SPAN>"; } else { $symb3 = "<SPAN style='cursor:pointer;'>\n\t\t\t<img src=\"{$inst_path}/pic2base/bin/share/images/no_reload.gif\" width=\"15\" height=\"15\" hspace=\"0\" vspace=\"0\" title=\"kein RAW-Format!\" />\n\t\t\t</SPAN>"; } //wenn der User Bilder loeschen darf, wird das Trash-Icon angezeigt: if ($Owner == $c_username and hasPermission($c_username, 'deletemypics') or $Owner !== $c_username and hasPermission($c_username, 'deleteallpics')) { $symb2 = "<A HREF = '#' onClick=\"showDelWarning('{$FileName}', '{$c_username}', '{$pic_id}')\";><img src='{$inst_path}/pic2base/bin/share/images/trash.gif' style='width:15px; height:15px; border:none;' title=\"Bild aus dem Archiv löschen\" /></A>"; } else { $symb2 = "<SPAN style='cursor:pointer;'>\n\t\t\t<img src='{$inst_path}/pic2base/bin/share/images/notrash.gif' style='width:15px; height:15px; border:none;' title='keine Berechtigung' />\n\t\t\t</span>"; } echo "\n\t\t<TD id='detailoro1'>" . $symb1 . "</TD>\n\t\t<TD id='detailorlo1'>" . $symb2 . "</TD>\n\t\t<TD id='detailorlo1'>" . $symb3 . "</TD>\n\t\t<TD id='detailorlo1'>" . $symb4 . "</TD>\n\t\t<TD id='detailolo1'>" . $symb5 . "</TD>\n\t\t</TR>\n\t\t\n\t\t<TR id='detail2'>\n\t\t<TD id='detail4' colspan='8' bgcolor='#bdbec6' height=5px></TD>\n\t\t</TR>"; if ($base_file == 'edit_remove_kat') { $text = '<BR>Klicken Sie auf eine Kategorie um diese und alle ihre Unterkategorien zu löschen.'; } else { $text = ''; } echo "\n\t\t<TR id='detail2'>\n\t\t<TD id='detail4' colspan='8' height=70px valign=top><b>zugewiesene Kategorien:</b><BR>" . $kat_info . $text . "</TD>\n\t\t</TR>\n\t\t\n\t\t<TR id='detail2'>\n\t\t<TD id='detail4' colspan='8' bgcolor='#bdbec6' height=5px></TD>\n\t\t</TR>\n\t\t\n\t\t<TR id='detail2'>\n\t\t<TD id='detail4' colspan='8'><b>Bildbeschreibung:</b><BR>\n\t\t<div id='description'>\n\t\t\t<textarea name='description' wordwrap style='width:380px; height:105px; background-color:#DFEFFf; font-size:9pt; font-family:Helvitica,Arial;'>" . htmlentities($Description) . "</textarea>\n\t\t</div>\n\t\t</TD>\n\t\t</TR>\n\t\t\n\t\t</TABLE>"; if ($Owner == $c_username and hasPermission($c_username, 'editmypics') or $Owner !== $c_username and hasPermission($c_username, 'editallpics')) { //saveChanges ist in ajax_functions.php: echo "<CENTER><input type=button value=\"Änderungen speichern\" OnClick='saveChanges(\"{$pic_id}\", beschr.description.value, beschr.aufn_dat.value)'></CENTER>"; } else { echo "<span style='color:grey; font-size:10px;'><center>Sie haben keine Berechtigung, die Bildbeschreibung zu ändern.</center></span>"; } echo "\n\t\t</FORM>\n\t\t<input type='hidden' name='PIC_id' value='{$pic_id}'>"; } else { echo "<p class='zwoelf' style='background-color:white; padding: 5px; margin-top: 4px; margin-left: 0px; text-align:center; color:red;'>Das ausgewählte Bild befindet sich nicht mehr in der Datenbank!<BR><BR>\n\t\tBitte aktualisieren Sie die Browser-Ansicht, bevor Sie fortfahren.<BR><BR>\n\t\t<input type='button' value='Browser-Ansicht aktualisieren' onClick='location.reload()'></P>"; } }
//2 Spaltengruppen ; je Gruppe eine Spalte Parameter und eine Spalte Erlaubnis echo "\n\t<tr>\n\t<td colspan='4' style='font-size:12pt; text-align:center;'>Erteilte Berechtigungen</td>\n\t</tr>\n\t\n\t<tr style='height:3px;'>\n\t<td class='normal' align='center' bgcolor='darkred' colspan='4'></TD>\n\t</TR>\n\t\t\n\t<tr>\n\t<td colspan='4'> </td>\n\t</tr>"; $result = mysql_query("select * from permissions ORDER BY perm_id DESC"); $num = mysql_num_rows($result); $rows = ceil($num / 2); for ($r = 0; $r < $rows; $r++) { $i = $r * 2; $content = $content . "<TR>"; for ($cg = '0'; $cg < $col_groups; $cg++) { $i = $r * 2 + $cg; @($description = trim(mysql_result($result, $i, "description"))); @($shortdescription = mysql_result($result, $i, "shortdescription")); @($perm_id = mysql_result($result, $i, "perm_id")); if ($description !== '') { $content = $content . "<td class='tdbreit'>" . $description . "</td>"; if (hasPermission($user_id, $shortdescription, $sr)) { $checked = 'checked'; $text = 'Berechtigung erteilt'; } else { $checked = ''; $text = 'keine Berechtigung'; } $content = $content . "<TD class='tdschmal'>\n\t\t\t\t<div id = '{$perm_id}'>\n\t\t\t\t<input type=checkbox name='cb' {$checked} title= '{$text}' onClick='changeUserpermission(\"{$user_id}\", \"{$perm_id}\", \"{$checked}\", \"{$sr}\")'>\n\t\t\t\t</div>\n\t\t\t\t</td>"; } else { $content = $content . "<td class='tdbreit'></td><TD class='tdschmal'></td>"; } } $content = $content . "</TR>"; } echo $content . "<tr>\n\t<td colspan='4'> </td>\n\t</tr>\n\n\t<tr style='height:3px;'>\n\t<td class='normal' align='center' bgcolor='darkred' colspan='4'></TD>\n\t</TR>\n\t\n\t<tr style='height:30px;'>\n\t<td class='normal' align='left' colspan='4'>\n\tHinweis: Ein Klick in das jeweilige Auswahlfeld ändert sofort <b>und ohne Rückfrage</b> den Status der Berechtigung.</TD>\n\t</TR>"; }
$pic_id = $_GET['pic_id']; } include 'global_config.php'; include $sr . '/bin/share/db_connect1.php'; include $sr . '/bin/share/functions/main_functions.php'; include $sr . '/bin/share/functions/permissions.php'; $exiftool = buildExiftoolCommand($sr); $result0 = mysql_query("SELECT * FROM {$table1} WHERE id = '{$uid}' AND aktiv = '1'"); $username = mysql_result($result0, isset($i0), 'username'); $datei = $pic_path . "/" . $FileName; $target = $ftp_path . "/" . $uid . "/downloads/" . $FileName; if (@copy($datei, $target)) { $result1 = mysql_query("UPDATE {$table2} SET ranking = ranking + 1 WHERE pic_id = '{$pic_id}'"); $result2 = mysql_query("SELECT FileNameV FROM {$table2} WHERE pic_id = '{$pic_id}'"); $FileNameV = mysql_result($result2, isset($i2), 'FileNameV'); if (hasPermission($uid, 'rotatepicture', $sr)) { echo "\n\t\t<SPAN style='cursor:pointer;' onClick='rotPrevPic(\"8\", \"{$FileNameV}\", \"{$pic_id}\", \"{$fs_hoehe}\")'><img src=\"{$inst_path}/pic2base/bin/share/images/90-ccw.gif\" width=\"8\" height=\"8\" style='margin-right:5px;' title='Vorschaubild 90° links drehen' /></span>\n\t\t<SPAN style='cursor:pointer;' onClick='delPicture(\"{$FileName}\",\"{$uid}\",\"{$pic_id}\")'><img src='{$inst_path}/pic2base/bin/share/images/selected.gif' width='12' height='12' hspace='0' vspace='0' title='Bild aus dem FTP-Download-Ordner entfernen' /></SPAN>\n\t\t<SPAN style='cursor:pointer;' onClick='rotPrevPic(\"6\", \"{$FileNameV}\", \"{$pic_id}\", \"{$fs_hoehe}\")'><img src=\"{$inst_path}/pic2base/bin/share/images/90-cw.gif\" width=\"8\" height=\"8\" style='margin-left:5px;' title='Vorschaubild 90° rechts drehen' /></span>"; } else { echo "<SPAN style='cursor:pointer;' onClick='delPicture(\"{$FileName}\",\"{$uid}\",\"{$pic_id}\")'><img src='{$inst_path}/pic2base/bin/share/images/selected.gif' width='12' height='12' hspace='0' vspace='0' title='Bild aus dem FTP-Download-Ordner entfernen' /></SPAN>"; } //Log-Datei schreiben: $fh = fopen($p2b_path . 'pic2base/log/p2b.log', 'a'); fwrite($fh, date('d.m.Y H:i:s') . ": Bild " . $pic_id . " wurde von " . $username . " heruntergeladen. (Zugriff von " . $_SERVER['REMOTE_ADDR'] . ")\n"); fclose($fh); } else { echo "Konnte die Datei {$FileName} nicht kopieren!<BR>"; } //es wird geprueft, ob ggf. ein Originalbild als NICHT-JPG vorliegt $file_info = pathinfo($datei); $base_name = substr($file_info['basename'], 0, -4); //echo $base_name;