public function require_login($userlvl = "user") { switch ($userlvl) { case "user": $allowed = $this->is_logged_in; break; case "moderator": $allowed = $this->is_moderator; break; case "admin": $allowed = $this->is_admin; break; default: $allowed = FALSE; break; } if (!$allowed && !$this->is_logged_in) { //Redirect to login page $urlnew = encode_decode_redirect_url($_SERVER["REQUEST_URI"]); if ($urlnew == "") { redirect_to_url('/login.php'); } else { redirect_to_url('/login.php?url=' . urlencode($urlnew)); } } else { if (!$allowed && $this->is_logged_in) { //They Shouldn't be here. Redirect to homepage. redirect_to_url(''); } else { return TRUE; } } }
$item_id = (int)$_GET['id']; } $item = new Item($item_id); QR::item($item_id); $valid_actions = array('delete', 'checkout', 'return'); if(isset($_GET['action']) && in_array($_GET['action'], $valid_actions)){ $auth->require_login(); $action = $_GET['action']; if( $action == 'delete' && $item->get_owner_id() == $user_id ){ Item::delete($item_id); redirect_to_url('/items/view_items.php?u=' . $user_id); } //TODO: May want to add check if item is available to be checked out else if( $action == 'checkout' ){ Item::checkout_by_ids($item_id, $user_id); redirect_to_url('/items/view_items.php?u=' . $user_id); } else if( $action == 'return' ){ Item::return_by_id($item_id, $user_id); //redirect_to_url('/items/view_items.php?u=' . $user_id); } } $page->assign('item', $item->to_array()); $page->assign('page_title', 'Item Details'); $page->display('items/item.tpl');
$type_id = $name = $location = null; if(isset($_POST['type_id'])){ $type_id = $_POST['type_id']; } if(isset($_POST['name'])){ $name = $_POST['name']; } if(isset($_POST['location'])){ $location = $_POST['location']; } if($type_id != null && $name != null && $location != null){ $new_item_id = Item::create($db->escape_string($name), $type_id, $user_id); Item::set_location_by_id($new_item_id, $db->escape_string($location)); if(isset($_POST['attributes'])){ $attributes = $_POST['attributes']; foreach($attributes as $attribute){ $attribute_id = (int)$attribute['id']; $value = $db->escape_string($attribute['value']); //echo "ID: $attribute_id V: $value"; $new_attribute = new Attribute($new_item_id, $attribute_id); $new_attribute->set_value($value); } } redirect_to_url("/items/item.php?id=$new_item_id"); }
<?php namespace tatt; require_once 'tatt/webcommon.php'; if(isset($_GET['url'])){ $redirect_url = encode_decode_redirect_url($_GET['url']); } else { $redirect_url = ''; } if(isset($_GET['action'])){ if($_GET['action'] == 'logout'){ $auth->logout(); redirect_to_url('/' . $redirect_url); } $username = $_POST['username']; $password = $_POST['password']; $auth->login($username,$password); if($auth->is_logged_in()){ redirect_to_url('/' . $redirect_url); } } //TODO Bad login, display login pagei $page->assign('redirect_url',$redirect_url); $page->assign('page_title', 'Login Failed'); $page->display('login.tpl');