include "include/dbcommon.php"; add_nocache_headers(); include 'include/xtempl.php'; include "include/public_tmp_bank_2013_variables.php"; include 'classes/runnerpage.php'; include 'classes/listpage.php'; include "classes/searchpanel.php"; include "classes/searchcontrol.php"; include "classes/searchclause.php"; include "classes/panelsearchcontrol.php"; if (!isLogged()) { $_SESSION["MyURL"] = $_SERVER["SCRIPT_NAME"] . "?" . $_SERVER["QUERY_STRING"]; header("Location: login.php?message=expired"); return; } if (isLoggedAsGuest()) { $_SESSION["MyURL"] = $_SERVER["SCRIPT_NAME"] . "?" . $_SERVER["QUERY_STRING"]; } if (CheckPermissionsEvent($strTableName, 'S') && !CheckSecurity(@$_SESSION["_" . $strTableName . "_OwnerID"], "Search") && !CheckSecurity(@$_SESSION["_" . $strTableName . "_OwnerID"], "Add")) { if (IsAdmin()) { echo "<p>" . "You don't have permissions to access this table" . "<br><a href=\"admin_rights_list.php\">" . "Proceed to Admin Area" . "</a> " . "to set up user permissions" . "</p>"; } else { echo "<p>" . "You don't have permissions to access this table" . " <a href=\"login.php\">" . "Back to login page" . "</a></p>"; } exit; } $layout = new TLayout("list2", "RoundedGreen", "MobileGreen"); $layout->blocks["center"] = array(); $layout->skins["recordcontrols"] = "1"; $layout->blocks["center"][] = "recordcontrols"; $layout->containers["message"] = array();
/** * Returns true if logged out * @return Boolean */ static function processLogoutRequest() { // no need to logout if (postvalue("a") != "logout" || !isLogged() || isLoggedAsGuest()) { return false; } // logout and redirect (refresh current page) $loginPageObject = Security::createLoginPageObject(); $loginPageObject->Logout(); // login as guest Security::doGuestLogin(); global $logoutPerformed; $logoutPerformed = true; return true; }
/** * Common assign for diferent mode on list page * Branch classes add to this method its individualy code */ function commonAssign() { parent::commonAssign(); $this->xt->assign("id", $this->id); $this->xt->assignbyref("body", $this->body); $this->xt->enable_section("style_block"); $this->xt->enable_section("iestyle_block"); $this->xt->assign("newrecord_controls_block", $this->permis[$this->tName]['add']); $this->xt->assign("record_controls_block", $this->permis[$this->tName]['add'] || $this->isDispGrid()); //$this->xt->assign("grid_controls", $this->isDispGrid()); $this->importLinksAttrs(); $this->xt->assign("changepwd_link", $_SESSION["AccessLevel"] != ACCESS_LEVEL_GUEST); $this->xt->assign("changepwdlink_attrs", "href=\"changepwd.php\" onclick=\"window.location.href='changepwd.php';return false;\""); if ($this->isShowMenu() || $this->isAdminTable()) { $this->xt->assign("quickjump_attrs", 'class="runner-quickjump"'); } if ($this->createLoginPage) { $this->xt->assign("security_block", true); $this->xt->assign("username", htmlspecialchars($_SESSION["UserName"])); $this->xt->assign("logoutlink_attrs", "onclick=\"window.location.href='login.php?a=logout';return false;\""); $this->xt->assign("guestloginlink_attrs", "onclick=\"window.location.href='login.php';return false;\""); $this->xt->assign("loggedas_message", !isLoggedAsGuest()); $this->xt->assign("guestloginbutton", isLoggedAsGuest()); $this->xt->assign("logoutbutton", isSingleSign() && !isLoggedAsGuest()); } foreach ($this->googleMapCfg['mainMapIds'] as $mapId) { $this->xt->assign_event($mapId, $this, 'createMapDiv', array('mapId' => $mapId, 'width' => $this->googleMapCfg['mapsData'][$mapId]['width'], 'height' => $this->googleMapCfg['mapsData'][$mapId]['height'])); } //add assign for grid block $this->addAssignForGrid(); }
/** * @param String table */ public static function processAddPageSecurity($table) { // user has necessary permissions if (Security::checkPagePermissions($table, "A")) { return true; } // display entered data. Give the user chance to relogin. Do nothing for now. if (postvalue("a") == "added") { return true; } // page can not be displayed. Redirect or return error // return error if the page is requested by AJAX $pageMode = AddPage::readAddModeFromRequest(); if ($pageMode != ADD_SIMPLE) { Security::sendPermissionError(); return false; } // The user is logged in but lacks necessary permissions // redirect to List page or Menu. if (isLogged() && !isLoggedAsGuest()) { Security::redirectToList($table); return false; } redirectToLogin(); return false; }
{ $changedValues[$fieldName] = $value; } } //check if some values are duplicated for the fields not allowing duplicates $retval = !$pageObject->hasDeniedDuplicateValues($changedValues, $usermessage); } // if get save data and user is logged and not check permission if ($evalues && !CheckTablePermissions($strTableName, "E") && isLogged()) { $retval = false; $usermessage = 'You have no permissions to complete this action.'; } // if get save data and user is not logged or guest if ($evalues && ((!CheckTablePermissions($strTableName, "E") && isLoggedAsGuest()) || !isLogged())) { $retval = false; $usermessage = "Your session has expired." . "<a href='#' id='loginButtonContinue" . $pageObject->id . "'>" . "Login" . "</a>" . " to save data."; } if($retval && $pageObject->isCaptchaOk) { if($inlineedit!=EDIT_INLINE) $_SESSION[$strTableName."_count_captcha"] = $_SESSION[$strTableName."_count_captcha"]+1; //set updated lat-lng values for all map fileds with 'UpdateLatLng' ticked if( $pageObject->isTableGeoUpdatable() ) $pageObject->setUpdatedLatLng( $evalues, $dataold ); $customEditResult = true; if($eventObj->exists("CustomEdit"))
//fill jsSettings and ControlsHTMLMap $pageObject->fillSetCntrlMaps(); $pageObject->body['end'] .= '<script>'; $pageObject->body['end'] .= "window.controlsMap = " . my_json_encode($pageObject->controlsHTMLMap) . ";"; $pageObject->body['end'] .= "window.viewControlsMap = " . my_json_encode($pageObject->viewControlsHTMLMap) . ";"; $pageObject->body['end'] .= "window.settings = " . my_json_encode($pageObject->jsSettings) . ";</script>"; $pageObject->body["end"] .= "<script type=\"text/javascript\" src=\"" . GetRootPathForResources("include/runnerJS/RunnerAll.js") . "\"></script>"; $pageObject->body["end"] .= '<script>' . $pageObject->PrepareJS() . "</script>"; $xt->assignbyref("body", $pageObject->body); // The user might rewrite $_SESSION["UserName"] value with HTML code in an event, so no encoding will be performed while printing this value. $xt->assign("username", $_SESSION["UserName"]); $xt->assign("changepwd_link", $_SESSION["AccessLevel"] != ACCESS_LEVEL_GUEST && $_SESSION["fromFacebook"] == false); $xt->assign("changepwdlink_attrs", "onclick=\"window.location.href='" . GetTableLink("changepwd") . "';return false;\""); $xt->assign("logoutlink_attrs", "onclick=\"window.location.href='" . GetTableLink("login", "", "a=logout") . "';return false;\""); $xt->assign("guestloginlink_attrs", "onclick=\"window.location.href='" . GetTableLink("login") . "';return false;\""); $xt->assign("loggedas_block", !isLoggedAsGuest()); $xt->assign("loggedas_message", !isLoggedAsGuest()); $xt->assign("logout_link", true); $xt->assign("guestloginbutton", isLoggedAsGuest()); $xt->assign("logoutbutton", isSingleSign() && !isLoggedAsGuest()); // get redirect location for menu page $redirect = $pageObject->getRedirectForMenuPage(); if ($redirect) { header("Location: " . $redirect); exit; } $xt->assign("menu_block", true); if ($globalEvents->exists("BeforeShowMenu")) { $globalEvents->BeforeShowMenu($xt, $pageObject->templatefile, $pageObject); } $pageObject->display($pageObject->templatefile);
protected function recheckUserPermissions() { if (CheckTablePermissions($this->tName, "E")) { return true; } if (isLoggedAsGuest() || !isLogged()) { $this->setMessage("Your session has expired." . "<a href='#' id='loginButtonContinue" . $this->id . "'>" . "Login" . "</a>" . " to save data."); } else { $this->setMessage('You have no permissions to complete this action.'); } return false; }
public static function processListPageSecurity($table) { // user has necessary permissions if (Security::checkPagePermissions($table, "S")) { return true; } $mode = ListPage::readListModeFromRequest(); // check special permissions like lookup mode if ($mode == LIST_LOOKUP && ListPage::checkLookupPermissions($table)) { return true; } // page can not be displayed. Redirect or return error // return error if the page is requested by AJAX if ($mode != LIST_SIMPLE) { Security::sendPermissionError(); return false; } // The user is logged in but lacks necessary permissions // redirect to List page or Menu. if (isLogged() && !isLoggedAsGuest()) { HeaderRedirect("menu"); return false; } // Not logged in // redirect to Login // Current URL is already saved in session redirectToLogin(); return false; }
static function reloginAndLogoutProcess($permission) { global $strTableName; include_once(getabspath('classes/loginpage.php')); $loginXt = new Xtempl(); $loginParams = array("pageType" => PAGE_LOGIN); $loginParams['xt'] = &$loginXt; $loginParams["tName"]= NOT_TABLE_BASED_TNAME; $loginParams['needSearchClauseObj'] = false; $loginPageObject = new LoginPage($loginParams); $loginPageObject->init(); // login automatically, if username and password are in cookies. if( !isLogged() || isLoggedAsGuest() ) { $username = $_COOKIE["username"]; $password = $_COOKIE["password"]; if( $username != "" && $password != "" ) { $loginPageObject->LogIn($username, $password); } } $url = $_SERVER["SCRIPT_NAME"].(!empty($_SERVER["QUERY_STRING"]) ? "?".$_SERVER["QUERY_STRING"] : ''); if (!postvalue("onFly")) { $_SESSION["MyURL"] = $url; } if (postvalue("a")=="logout") { $_SESSION["MyURL"] = $_SERVER["SCRIPT_NAME"]; if (!CheckTablePermissions($strTableName, $permission) || !isLogged()) { HeaderRedirect("login", "", ""); exit(); } if (isLogged() && !isLoggedAsGuest()) { $loginPageObject->LogoutAndRedirect($url); } } }
<?php @ini_set("display_errors", "1"); @ini_set("display_startup_errors", "1"); require_once "include/dbcommon.php"; if ($_SESSION["MyURL"] == "" || !isLoggedAsGuest()) { Security::saveRedirectURL(); } $layout = new TLayout("menu2", "Rounded1DeliciousLavender1", "MobileDeliciousLavender1"); $layout->version = 2; $layout->blocks["top"] = array(); $layout->containers["menu"] = array(); $layout->container_properties["menu"] = array(); $layout->containers["menu"][] = array("name" => "vmenu", "block" => "menu_block", "substyle" => 1); $layout->skins["menu"] = "1"; $layout->blocks["top"][] = "menu"; $page_layouts["menu"] = $layout; $layout->skinsparams = array(); $layout->skinsparams["empty"] = array("button" => "button2"); $layout->skinsparams["menu"] = array("button" => "button1"); $layout->skinsparams["hmenu"] = array("button" => "button1"); $layout->skinsparams["undermenu"] = array("button" => "button1"); $layout->skinsparams["fields"] = array("button" => "button1"); $layout->skinsparams["form"] = array("button" => "button1"); $layout->skinsparams["1"] = array("button" => "button1"); $layout->skinsparams["2"] = array("button" => "button1"); $layout->skinsparams["3"] = array("button" => "button1"); require_once 'include/xtempl.php'; require_once getabspath("classes/cipherer.php"); $xt = new Xtempl(); $id = postvalue("id") !== "" ? postvalue("id") : 1;
/** * Init login form */ function initLogin() { $this->settingsMap["globalSettings"]["loginFormType"] = GetGlobalData("nLoginForm", 0); $this->xt->assign("security_block", true); // The user might rewrite $_SESSION["UserName"] value with HTML code in an event, so no encoding will be performed while printing this value. $this->xt->assign("username", $_SESSION["UserName"]); $this->xt->assign("logoutlink_attrs", 'id="logoutButton' . $this->id . '"'); $loggedAsGuest = isLoggedAsGuest(); $this->xt->assign("loggedas_message", !$loggedAsGuest); $this->xt->assign("guestloginbutton", $loggedAsGuest); $this->xt->assign("logoutbutton", isSingleSign() && !$loggedAsGuest); if (isMobile()) { $this->xt->assign("guestloginlink_attrs", 'id="loginButton' . $this->id . '"'); return; } $this->xt->assign("guestloginlink_attrs", 'id="loginButton' . $this->id . '"'); return; }