public function init()
{
$token = isset($_SESSION['token']) ? $_SESSION['token'] : $_COOKIE['token'];
$personal_id = isset($_SESSION['person']) ? $_SESSION['person'] : $_COOKIE['person'];
$user_ip = system::getInstance()->getRealIp();
// data 1st raw check before sql is used
if (strlen($token) == 32 && (filter_var($personal_id, FILTER_VALIDATE_EMAIL) || strlen($personal_id) > 0 && system::getInstance()->isLatinOrNumeric($personal_id))) {
$query = "SELECT * FROM\r\n " . property::getInstance()->get('db_prefix') . "_user a,\r\n " . property::getInstance()->get('db_prefix') . "_user_access_level b,\r\n " . property::getInstance()->get('db_prefix') . "_user_custom c\r\n WHERE (a.email = ? OR a.login = ?) AND a.token = ? AND a.token_ip = ? AND a.aprove = 0 AND a.access_level = b.group_id AND a.id = c.id";
$stmt = database::getInstance()->con()->prepare($query);
$stmt->bindParam(1, $personal_id, \PDO::PARAM_STR);
$stmt->bindParam(2, $personal_id, \PDO::PARAM_STR);
$stmt->bindParam(3, $token, \PDO::PARAM_STR, 32);
$stmt->bindParam(4, $user_ip, \PDO::PARAM_STR);
$stmt->execute();
if ($stmt->rowCount() == 1) {
$result = $stmt->fetchAll(\PDO::FETCH_ASSOC);
$stmt = null;
if (time() - $result[0]['token_start'] < property::getInstance()->get('token_time')) {
$this->userindex = $result[0]['id'];
foreach ($result[0] as $column_index => $column_data) {
$this->userdata[$this->userindex][$column_index] = $column_data;
}
// set template variables
template::getInstance()->set(template::TYPE_USER, 'id', $this->userindex);
template::getInstance()->set(template::TYPE_USER, 'name', $this->userdata[$this->userindex]['nick']);
template::getInstance()->set(template::TYPE_USER, 'admin', permission::getInstance()->have('global/owner'));
template::getInstance()->set(template::TYPE_USER, 'admin_panel', permission::getInstance()->have('admin/main'));
template::getInstance()->set(template::TYPE_USER, 'news_add', extension::getInstance()->getConfig('enable_useradd', 'news', extension::TYPE_COMPONENT, 'bol'));
template::getInstance()->set(template::TYPE_USER, 'balance', $this->userdata[$this->userindex]['balance']);
}
}
}
}
public function update_permission($array)
{
global $webdb;
if ($array["group_id"]) {
$id_category = "group_id";
} else {
$id_category = "admin_id";
}
$id = $array[$id_category];
$pary = $array['perm'];
if (permission::check('_sys_group_perm', 'e_tag')) {
$sql = "delete from _sys_group_perm where " . $id_category . "='" . $id . "';";
$webdb->query($sql);
// foreach($pary as $perm_id => $data){
// if(in_array($perm_id,$array['perm_id'])){
// $data['group_id']=$id;
// $data['perm_id']=$perm_id;
// $webdb->insert($data,'_sys_group_perm');
// }
// }
foreach ($array['perm_id'] as $perm_id) {
$data = array();
if ($pary[$perm_id]) {
$data = $pary[$perm_id];
}
$data[$id_category] = $id;
$data['perm_id'] = $perm_id;
$webdb->insert($data, '_sys_group_perm');
unset($data);
}
}
}
public static function permissions_page()
{
page::title("Permissions");
$out = page::link("admin/permissions/scan", "scan for more permissions");
$out .= "<form method='post' action='" . page::url("admin/permissions/update") . "'>";
$array = array();
$header = array("permissions");
$groups = user_access::get_all_roles();
foreach ($groups as $g) {
$header[] = $g->groupname;
}
$perms = permission::get_all_permissions();
foreach ($perms as $p) {
$t_array = array();
$t_array[] = "<b>{$p->permission}</b> <i>{$p->description}</i>";
foreach ($groups as $g) {
$o = "<input type='checkbox' name='permissions[" . $p->permission . "][" . $g->gid . "]' ";
if (user::has_permission($p->permission, $g->gid)) {
$o .= "checked";
}
$o .= "/>";
$t_array[] = $o;
}
$array[] = $t_array;
}
$out .= theme::t_table($array, $header);
$out .= "<input type='submit' value='update'/>";
$out .= "</form>";
return $out;
}
private static function getCacheFile()
{
self::$accessRule = F('access/rule');
if (!self::$accessRule) {
//生成公共模块缓存
$rsPub = M('admin_node')->field('n_group,n_action')->where(array('is_public_action' => 1))->findAll();
if ($rsPub) {
foreach ($rsPub as $val) {
self::$accessRule['public'][$val['n_group']][$val['n_action']] = 1;
}
} else {
self::$accessRule['public'] = array();
}
//生成用户组缓存
$rsUser = M('admin_access')->field('group_id,n_group,n_action,n_model')->findAll();
if ($rsUser) {
foreach ($rsUser as $val) {
self::$accessRule['user'][$val['group_id']][$val['n_group']][$val['n_action']][$val['n_model']] = 1;
}
} else {
self::$accessRule['user'] = array();
}
F('access/rule', self::$accessRule);
}
return true;
}
public function getCMSFields()
{
$fields = parent::getCMSFields();
$fields->addFieldToTab("Root.Main", new HTMLEditorField("RedirectText", "Text Explaining PayPal Redirect"), "Metadata");
if (permission::check('ADMIN')) {
$fields->addFieldToTab("Root.PayPalSettings", new TextField("PayPalAccount", "PayPal Account (email address)"));
}
return $fields;
}
function show_permission_list($template_name)
{
global $TPL;
$roles = permission::get_roles();
if ($_REQUEST["submit"] || $_REQUEST["filter"] != "") {
$where = " where tableName like '%" . db_esc($_REQUEST["filter"]) . "%' ";
// TODO: Add filtering to permission list
}
$db = new db_alloc();
$db->query("SELECT * FROM permission {$where} ORDER BY tableName, sortKey");
while ($db->next_record()) {
$permission = new permission();
$permission->read_db_record($db);
$permission->set_values();
$TPL["actions"] = $permission->describe_actions();
$TPL["odd_even"] = $TPL["odd_even"] == "odd" ? "even" : "odd";
$TPL["roleName"] = $roles[$TPL["roleName"]];
include_template($template_name);
}
}
/**
* Run the database seeds.
*
* @return void
*/
public function run()
{
permission::create(['id' => 1, 'permission' => 'Administrar Permisos', 'key_permission' => 'all_task']);
permission::create(['id' => 2, 'permission' => 'Crear Anuncio', 'key_permission' => 'store_post']);
permission::create(['id' => 3, 'permission' => 'Ver Anuncio', 'key_permission' => 'show_post']);
permission::create(['id' => 4, 'permission' => 'Editar Anuncio', 'key_permission' => 'update_post']);
permission::create(['id' => 5, 'permission' => 'Eliminar Anuncio', 'key_permission' => 'destroy_post']);
permission::create(['id' => 6, 'permission' => 'Crear usuario', 'key_permission' => 'store_user']);
permission::create(['id' => 7, 'permission' => 'Ver usuario', 'key_permission' => 'show_user']);
permission::create(['id' => 8, 'permission' => 'Editar usuario', 'key_permission' => 'update_user']);
permission::create(['id' => 9, 'permission' => 'Eliminar usuario', 'key_permission' => 'destroy_user']);
}
public function updateCMSFields(FieldList $fields)
{
$fields->addFieldToTab('Root.Main.Metadata', $keywordsField = new TextareaField('MetaKeywords', 'Meta Keywords'), "ExtraMeta");
$fields->addFieldToTab('Root.Main.Metadata', new TextField('MetaTitle', 'Meta Title'), 'MetaDescription');
foreach (array('MetaTitle', 'MetaDescription', 'MetaKeywords') as $MetaFieldName) {
$oldField = $fields->dataFieldByName($MetaFieldName);
$oldField->setTitle($oldField->Title() . '<span class="field_count">' . strlen($this->owner->{$MetaFieldName}) . '</span>');
}
$keywordsField->setRows(1);
if (permission::check('ADMIN')) {
$fields->addFieldToTab("Root.Main", new CheckboxField("NoFollow", "Set nav link to no-follow?"), "MetaDescription");
$fields->addFieldToTab('Root.Main.Metadata', new TextareaField('URLRedirects', '301 Redirects'));
}
return $fields;
}
public function make()
{
if (!property::getInstance()->get('maintenance')) {
// is not a maintenance mod
return;
}
if (permission::getInstance()->have('admin/main')) {
// not show for admin
return;
}
$login_form = extension::getInstance()->call(extension::TYPE_COMPONENT, 'user')->viewLogin();
// call to login view & worker
$tpl = template::getInstance()->twigRender('maintenance.tpl', array('login_form' => $login_form));
// render with login form
template::getInstance()->justPrint($tpl, array());
}
public function updateCMSFields(FieldList $fields)
{
if (permission::check('ADMIN')) {
$fields->addFieldToTab('Root.AdditionalCode', $codeField = new CodeEditorField('AdditionalCode', 'Additional HTML/JS/CSS Code', 50));
$codeField->addExtraClass('stacked');
$codeField->setRows(45);
$codeField->setMode('html');
}
if ($this->owner->ClassName == "Page") {
$fields->addFieldToTab("Root.Columns", new HTMLEditorField("LeftColumn", "Left Column Content"));
$fields->addFieldToTab("Root.Columns", new HTMLEditorField("CenterColumn", "Center Column Content"));
$fields->addFieldToTab("Root.Columns", new HTMLEditorField("RightColumn", "Right Column Content"));
$fields->addFieldToTab("Root.Sidebar", new HTMLEditorField("SidebarContent", "Sidebar Content"));
}
return $fields;
}
/**
* 用户登出
* @return true删除成功,不为true是删除失败提示
*/
public static function userLoginOut()
{
if (isset($_SESSION['userid']) && !empty($_SESSION['userid'])) {
permission::usermodeDeleteByUserid($_SESSION['userid']);
//删除状态临时表该用户的数据
}
$static_session = self::$static_session;
foreach ($static_session as $s_key => $value) {
if (isset($_SESSION[$s_key])) {
$static_session[$s_key] = $_SESSION[$s_key];
//session 保存
}
}
$_SESSION = array();
foreach ($static_session as $s_key => $value) {
if (!empty($value)) {
$_SESSION[$s_key] = $static_session[$s_key];
}
}
$cookie = new CHttpCookie('userinfo', Yii::app()->params['web_server_host']);
$cookie->expire = time() - 3600 * 24;
//删除cookie
Yii::app()->request->cookies['userinfo'] = $cookie;
}
protected function twigLoader()
{
$twig_cache = root . '/cache/';
$tpl_name = $this->getIfaceTemplate();
switch (loader) {
case 'front':
case 'api':
$twig_cache .= user::getInstance()->get('id') < 1 ? 'guest' : 'uid' . user::getInstance()->get('id');
break;
case 'back':
$twig_cache .= 'admintmp';
break;
case 'install':
$twig_cache .= 'installtmp';
break;
}
$template_path_root = root . '/' . property::getInstance()->get('tpl_dir') . '/' . $tpl_name;
if (!file_exists($template_path_root)) {
// mb default template is available ?
if (file_exists(root . '/' . property::getInstance()->get('tpl_dir') . '/default') && in_array(loader, array('front', 'api'))) {
property::getInstance()->set('tpl_name', 'default');
$template_path_root = root . '/' . property::getInstance()->get('tpl_dir') . '/default';
} else {
exit("Template " . $tpl_name . " is not founded! Exit");
}
logger::getInstance()->log(logger::LEVEL_ERR, 'Template ' . $tpl_name . ' is not founded. Use default template.');
}
require_once root . "/resource/Twig/Autoloader.php";
\Twig_Autoloader::register();
$this->twig_file = new \Twig_Environment(new \Twig_Loader_Filesystem($template_path_root), array('cache' => $twig_cache, 'charset' => 'utf-8', 'autoescape' => false, 'strict_variables' => false));
if (loader == 'install' || permission::getInstance()->have('global/owner')) {
// auto rebuild cache for owner
$this->twig_file->enableAutoReload();
}
$this->twig_string = new \Twig_Environment(new \Twig_Loader_String());
}
public static function update_permissions($changes = array(), $profile_id = 0, $user_id = 0)
{
if (!is_array($changes)) {
return;
}
foreach ($changes as $key => $value) {
$key = str_replace(array('[', ']'), '', $key);
$ws = null;
if (strpos($key, "wid") === 0) {
list($ws, $key) = explode('.', $key, 2);
$ws = str_replace("wid", "", $ws);
}
$permission = new permission();
$permission->load($key, intval($profile_id), intval($user_id), $ws);
$permission->value = $value;
$permission->save();
}
}
function system_update_cache()
{
permission::update_list();
module_manager::scan_and_update_list();
theme::scan_theme_folder();
}
* Created by PhpStorm.
* User: Alex
* Date: 28.05.2015
* Time: 12:09
*/
require_once dirname(dirname(dirname(__DIR__))) . '/config.php';
$group = new Group();
$groupAngebotseingabe = $group->getGroupLKByName('Angebotseingabe');
$groupAngebotseinkauf = $group->getGroupLKByName('Angebotseinkauf');
$groupGesucheingabe = $group->getGroupLKByName('Gesucheingabe');
$groupGesuchverkauf = $group->getGroupLKByName('Gesuchverkauf');
$groupSammelbestellung = $group->getGroupLKByName('Sammelbestellung');
$permission = new permission();
$permissionAngebotseingabe = $permission->getPermissionLKByName('Angebotseingabe');
$permissionAngebotseinkauf = $permission->getPermissionLKByName('Angebotseinkauf');
$permissionGesucheingabe = $permission->getPermissionLKByName('Gesucheingabe');
$permissionGesuchverkauf = $permission->getPermissionLKByName('Gesuchverkauf');
$permissionSammelbestellung = $permission->getPermissionLKByName('Sammelbestellung');
$connections = [
'ConnUserGroup' => [
1 => [
$groupAngebotseingabe,
$groupAngebotseinkauf,
$groupGesucheingabe,
$groupGesuchverkauf,
$groupSammelbestellung
]
} else {
Permission::denyAccess(PERM_USER);
}
} elseif ($_GET['section'] == 'insert_add') {
if (Permission::checkPermission(PERM_USER)) {
$dns_ressource_record = new DnsRessourceRecord(false, (int) $_POST['dns_zone_id'], (int) $_SESSION['user_id'], $_POST['host'], $_POST['type'], $_POST['pri'], (int) $_POST['destination']);
if ($dns_ressource_record->store()) {
$message[] = array('Der Ressource Record ' . $dns_ressource_record->getHost() . ' wurde gespeichert.', 1);
} else {
$message[] = array('Der Ressource Record konnte nicht gespeichert werden.', 2);
}
Message::setMessage($message);
header('Location: ./dns_zone.php?dns_zone_id=' . $_POST['dns_zone_id']);
} else {
Permission::denyAccess(PERM_USER);
}
} elseif ($_GET['section'] == 'delete') {
$dns_ressource_record = new DnsRessourceRecord((int) $_GET['dns_ressource_record_id']);
$dns_ressource_record->fetch();
if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, $dns_ressource_record->getUserId())) {
if ($dns_ressource_record->delete()) {
$message[] = array('Der Ressource Record ' . $dns_ressource_record->getHost() . ' wurde gelöscht.', 1);
} else {
$message[] = array('Der Ressource Record ' . $dns_ressource_record->getHost() . ' konnte nicht gelöscht werden.', 2);
}
Message::setMessage($message);
header('Location: ./dns_zone.php?dns_zone_id=' . $dns_ressource_record->getDnsZoneId());
} else {
Permission::denyAccess(PERM_ROOT, $dns_ressource_record->getUserId());
}
}
public static function getRolesByPermission($permission)
{
$roles = permission::getAllRoles();
$roles_edit = array();
foreach ($roles as $key => $role) {
if (Permission::checkPermissionByPermission(pow(2, $role), $permission)) {
$roles_edit[] = $role;
}
}
return $roles_edit;
}
$class = new $className();
if ($_POST) {
if ($_POST['id']) {
$_POST['id'] = (int) $_GET["id"];
$class->edit($_POST, $_POST['id']);
$altmsg = '修改' . $classStr . '成功';
} else {
$class->add($_POST);
// go(urlkill('altmsg').'&altmsg='.urlencode('新增'.$classStr.'成功'));
$altmsg = '新增' . $classStr . '成功';
}
}
if ($_GET['id']) {
$info = $class->getInfo($_GET['id']);
} else {
if (!permission::check($class->tableName, "a_tag")) {
echo "<script>alert('對不起你沒有該操作的權限');</script>";
exit;
}
}
?>
<form method="post" onsubmit="return checkForm(this);" enctype="multipart/form-data">
<?php
if ($_GET['id']) {
?>
<input type="hidden" name="id" value="<?php
echo $_GET['id'];
?>
"><?php
}
?>
/**
Sets the permissions for a group.
*/
function set_permissions()
{
global $__in, $__out;
try {
$group = new group($__in['id']);
$__out['group'] = $group->this_to_array();
$permission = new permission();
$__out['arr_permissions'] = $permission->assoc_array_from_result_array($permission->getall(), "id", "description");
$__out['selected_permission_ids'] = $group->get_selected_permission_ids();
if ($__in['__is_form_submitted']) {
// if form is submitted
$group->set_permissions($__in['group']['permissions']);
return dispatcher::redirect(array("action" => "getall"), "updated_successfully");
}
} catch (ValidationException $ex) {
$ex->publish_errors();
} catch (Exception $ex) {
throw $ex;
}
return true;
}
public function getCMSFields()
{
$fields = parent::getCMSFields();
$fields->addFieldToTab("Root.Sidebar", new HTMLEditorField("SidebarContent", "Sidebar Content Top"));
$fields->addFieldToTab("Root.Sidebar", new HTMLEditorField("SidebarBottom", "Sidebar Content Bottom"));
$fields->addFieldToTab('Root.MapDetails', new GridField('ServiceAreasLocations', 'Locations', $this->ServiceAreasLocations(), GridFieldConfig_RecordEditor::create()->addComponent(new GridFieldSortableRows('SortOrder'), 'GridFieldButtonRow')));
if (permission::check('ADMIN')) {
$fields->addFieldToTab("Root.MapDetails", new UploadField("MapIcon", "Map Marker Image"));
}
$fields->addFieldToTab("Root.MapDetails", new DropdownField("MapType", "Map Display Type", array("ROADMAP" => "Roadmap", "SATELLITE" => "Satellite", "HYBRID" => "Hybrid", "TERRAIN" => "Terrain"), "Roadmap"));
$fields->addFieldToTab("Root.FormControls.Fields", new CheckboxSetField("FirstName_Control", "First Name", array("Enabled" => "Enabled", "Required" => "Required")));
$fields->addFieldToTab("Root.FormControls.Fields", new CheckboxSetField("LastName_Control", "Last Name", array("Enabled" => "Enabled", "Required" => "Required")));
$fields->addFieldToTab("Root.FormControls.Fields", new CheckboxSetField("Address_Control", "Address", array("Enabled" => "Enabled", "Required" => "Required")));
$fields->addFieldToTab("Root.FormControls.Fields", new CheckboxSetField("Address2_Control", "Address 2", array("Enabled" => "Enabled", "Required" => "Required")));
$fields->addFieldToTab("Root.FormControls.Fields", new CheckboxSetField("City_Control", "City", array("Enabled" => "Enabled", "Required" => "Required")));
$fields->addFieldToTab("Root.FormControls.Fields", new CheckboxSetField("State_Control", "State", array("Enabled" => "Enabled", "Required" => "Required")));
$fields->addFieldToTab("Root.FormControls.Fields", new CheckboxSetField("ZipCode_Control", "Zip Code", array("Enabled" => "Enabled", "Required" => "Required")));
$fields->addFieldToTab("Root.FormControls.Fields", new CheckboxSetField("Phone_Control", "Phone Number", array("Enabled" => "Enabled", "Required" => "Required")));
$fields->addFieldToTab("Root.FormControls.Fields", new CheckboxSetField("Email_Control", "Email Address", array("Enabled" => "Enabled", "Required" => "Required")));
$fields->addFieldToTab("Root.FormControls.Fields", new CheckboxSetField("Comments_Control", "Comments", array("Enabled" => "Enabled", "Required" => "Required")));
$fields->addFieldToTab('Root.FormSubmissions', new GridField('ServiceAreasFormSubmissions', 'Submissions', $this->ServiceAreasFormSubmissions(), GridFieldConfig_RecordEditor::create()->addComponent($exportBtn = new GridFieldExportButton(), 'GridFieldButtonRow')));
$ExportFields = array("Date" => "Date", "FirstName" => "First Name", "LastName" => "Last Name", "Address" => "Address", "City" => "City", "State" => "State", "ZipCode" => "Zip Code", "Email" => "Email Address", "Phone" => "Phone Number", "PageURL" => "Page URL", "Comments" => "Comments");
$this->extend('updateExportFields', $ExportFields);
$exportBtn->setExportColumns($ExportFields);
$fields->addFieldToTab("Root.FormControls.Recipients", new LiteralField("Desc1", "<h3>Forms will be submitted to all addresses below.</h3><br>"));
$fields->addFieldToTab('Root.FormControls.Recipients', new GridField('FormRecipients', 'Recipients', $this->FormRecipients(), GridFieldConfig_RecordEditor::create()->addComponent(new GridFieldSortableRows('SortOrder'), 'GridFieldButtonRow')));
$fields->addFieldToTab("Root.FormControls.ThankYouText", new HTMLEditorField("ThankYouText", "Text on Submission"));
if (permission::check('ADMIN')) {
$fields->addFieldToTab("Root.PageCreation", new LiteralField("M0", "<h1>This tool lets you create service area pages with base content. YOU MUST REFRESH the admin area after saving this page to see your new content.</h1>"));
$fields->addFieldToTab("Root.PageCreation", new LiteralField("M1", "<p>Enter some content below, and it will be the default content for all pages made with this tool.</p><p>You may optionally add {NAME} to the content, and it will be magically replaced with the page name</p>"));
$fields->addFieldToTab("Root.PageCreation", new HTMLEditorField("BaseContent", "Base Content"));
$fields->addFieldToTab("Root.PageCreation", new TextField("BasePageTitle", "Base Page Title"));
$fields->addFieldToTab("Root.PageCreation", new TextField("BaseMetaTitle", "Base Meta Title"));
$fields->addFieldToTab("Root.PageCreation", new TextAreaField("BaseMetaKeywords", "Base Meta Keywords"));
$fields->addFieldToTab("Root.PageCreation", new TextAreaField("BaseMetaDescription", "Base Meta Description"));
$fields->addFieldToTab("Root.PageCreation", new LiteralField("M2", "<br><br><h3>Below you can enter page names for automatic generation.</h3><p>One page name per line</p><p>First level pages can simply be typed on a line.</p><p>Children pages must start with a tilde ~ for each level of nesting.</p><h4>Example:</h4><p>Heading Page Name</p><p>~Child Page Name</p><p>~Child Page Name</p><p>~~Sub Child Page Name</p><p>Heading Page Name</p><p>~Child Page Name</p>"));
$fields->addFieldToTab("Root.PageCreation", new TextAreaField("PageStructure", "Page Structure"));
}
return $fields;
}
/**
* 添加用户
* @param $userinfo数组
* (
* username:用户名, password:密码,
* permissions:权限, type:类型,
* brandid:品牌号, touchid:触摸屏id
* createtime:创建时间,endtime到期时间
* )
* @return "true"为成功,不为"true"为失败提示
*/
public static function userForAdd($userinfo = NULL)
{
$message = "true";
if (!empty($userinfo)) {
$beuUserArray = new beu_users();
//首先判断这些字段是否存在,这些都是必填项
if (isset($userinfo['username']) && isset($userinfo['password']) && isset($userinfo['permissions']) && isset($userinfo['type']) && isset($userinfo['brandid']) && isset($userinfo['touchid']) && isset($userinfo['createtime']) && isset($userinfo['endtime'])) {
try {
Comm::checkValue($userinfo['username'], yii::t('beu_users', "用户名"), 0, 1, 20);
//用户名
//查询该用户是否注册过,如果被注册就返回
$count = permission::userSelectByParm("", $userinfo['username'], "");
if (count($count) > 0) {
$message = yii::t('beu_users', "该账号已被占用");
} else {
$beuUserArray->username = $userinfo['username'];
}
} catch (BeubeuException $e) {
$message = $e->getMessage();
}
try {
Comm::checkValue($userinfo['password'], yii::t('beu_users', "密码"), 0, 1);
//密码
$beuUserArray->password = md5("beubeu" . md5($userinfo['password']));
} catch (BeubeuException $e) {
$message = $e->getMessage();
}
try {
Comm::checkValue($userinfo['permissions'], yii::t('beu_users', "权限"), 0, 1, 512);
//权限
$beuUserArray->permissions = $userinfo['permissions'];
} catch (BeubeuException $e) {
$message = $e->getMessage();
}
try {
Comm::checkValue($userinfo['type'], yii::t('beu_users', "用户类型"), 1, 1, 127);
//用户类型
$beuUserArray->type = $userinfo['type'];
} catch (BeubeuException $e) {
$message = $e->getMessage();
}
try {
Comm::checkValue($userinfo['brandid'], yii::t('public', "品牌号"), 0, 1, 255);
//品牌ID号
$beuUserArray->brandid = $userinfo['brandid'];
} catch (BeubeuException $e) {
$message = $e->getMessage();
}
try {
Comm::checkValue($userinfo['touchid'], yii::t('public', "触摸屏号"), 0, 1, 255);
//触摸屏ID号
$beuUserArray->touchid = $userinfo['touchid'];
} catch (BeubeuException $e) {
$message = $e->getMessage();
}
try {
Comm::checkValue($userinfo['createtime'], yii::t('beu_users', "创建时间"), 1, 1);
//创建时间
$beuUserArray->createtime = $userinfo['createtime'];
} catch (BeubeuException $e) {
$message = $e->getMessage();
}
try {
Comm::checkValue($userinfo['endtime'], yii::t('beu_users', "到期时间"), 1, 1);
//到期时间
$beuUserArray->endtime = $userinfo['endtime'];
} catch (BeubeuException $e) {
$message = $e->getMessage();
}
if ($message == "true") {
try {
$count = $beuUserArray->save();
if ($count > 0) {
} else {
$message = yii::t('public', "插入数据失败");
//插入数据失败
}
} catch (Exception $e) {
$message = yii::t('public', "插入数据失败");
}
}
} else {
$message = yii::t('public', "插入数据失败");
//插入数据失败
}
} else {
$message = yii::t('public', "插入数据失败");
}
return $message;
}
<?php
if ($_POST) {
group_perm::update($_POST['group_id'], 'group_id', $_POST['perm']);
$altmsg = '權限修改成功';
}
!$_GET['group_id'] && ($_GET['group_id'] = 1);
$group = new group();
$group->setLimit(0, 1000);
$group = $group->getArray();
$permission = permission::getList();
$group_perm = new group_perm();
$tmpary = $group_perm->getGroupPerm($_GET['group_id']);
$perm = array();
foreach ($tmpary as $ary) {
$perm[$ary['perm_id']] = $ary;
}
?>
<form id="editForm" method="post" onsubmit="return checkForm(this)">
<h1 class="title"><span>權限管理</span></h1>
<div class="pidding_5">
<div class="search">
<span>
<select name="group_id" onchange="window.location.href='<?php
echo urlkill('group_id');
?>
&group_id='+this.value">
<?php
foreach ($group as $gp) {
?>
<option <?php
Contributor(s):
Mark J Crane <*****@*****.**>
*/
//check permisions
if (!$included) {
include "root.php";
require_once "resources/require.php";
require_once "resources/check_auth.php";
if (permission_exists('group_edit')) {
//access granted
} else {
echo "access denied";
return;
}
}
//add multi-lingual support
$language = new text();
$text = $language->get();
//permission restore default
require_once "core/users/resources/classes/permission.php";
$permission = new permission();
$permission->db = $db;
$permission->restore();
//redirect the users
if (!$included) {
//show a message to the user
$_SESSION["message"] = $text['message-restore'];
header("Location: groups.php");
return;
}
function run()
{
global $user;
global $layout;
global $DB;
$out = '';
$item = new profile();
switch ($_REQUEST['act']) {
case 'json':
case 1:
// json data retrieval & operations
switch ($_REQUEST['oper']) {
case 'del':
// remove rows
$ids = $_REQUEST['ids'];
foreach ($ids as $id) {
$item->load($id);
$item->delete();
}
echo json_encode(true);
break;
default:
// list or search
$page = intval($_REQUEST['page']);
$max = intval($_REQUEST['rows']);
$offset = ($page - 1) * $max;
$orderby = $_REQUEST['sidx'] . ' ' . $_REQUEST['sord'];
$where = " 1=1 ";
if ($_REQUEST['_search'] == 'true' || isset($_REQUEST['quicksearch'])) {
if (isset($_REQUEST['quicksearch'])) {
$where .= $item->quicksearch($_REQUEST['quicksearch']);
} else {
if (isset($_REQUEST['filters'])) {
$where .= navitable::jqgridsearch($_REQUEST['filters']);
} else {
// single search
$where .= ' AND ' . navitable::jqgridcompare($_REQUEST['searchField'], $_REQUEST['searchOper'], $_REQUEST['searchString']);
}
}
}
$DB->queryLimit('id,name', 'nv_profiles', $where, $orderby, $offset, $max);
$dataset = $DB->result();
$total = $DB->foundRows();
//echo $DB->get_last_error();
$out = array();
for ($i = 0; $i < count($dataset); $i++) {
$out[$i] = array(0 => $dataset[$i]['id'], 1 => $dataset[$i]['name']);
}
navitable::jqgridJson($out, $page, $offset, $max, $total);
break;
}
session_write_close();
exit;
break;
case 'edit':
case 2:
// edit/new form
if (!empty($_REQUEST['id'])) {
$item->load(intval($_REQUEST['id']));
}
if (isset($_REQUEST['form-sent'])) {
$item->load_from_post();
try {
$item->save();
permission::update_permissions(json_decode($_REQUEST['navigate_permissions_changes'], true), $item->id, 0);
$layout->navigate_notification(t(53, "Data saved successfully."), false, false, 'fa fa-check');
} catch (Exception $e) {
$layout->navigate_notification($e->getMessage(), true, true);
}
}
$out = profiles_form($item);
break;
case 'delete':
case 4:
// remove
if (!empty($_REQUEST['id'])) {
$item->load(intval($_REQUEST['id']));
if ($item->delete() > 0) {
$layout->navigate_notification(t(55, 'Item removed successfully.'), false);
$out = profiles_list();
} else {
$layout->navigate_notification(t(56, 'Unexpected error.'), false);
$out = profiles_form($item);
}
}
break;
case 'list':
case 0:
// list / search result
// list / search result
default:
$out = profiles_list();
break;
}
return $out;
}
<?php
/**
* Created by PhpStorm.
* User: Alex
* Date: 28.05.2015
* Time: 12:09
*/
require_once dirname(dirname(dirname(__DIR__))) . '/config.php';
$group = new Group();
$groupBenutzer = $group->getGroupLKByName('Benutzer');
$groupModerator = $group->getGroupLKByName('Moderator');
$groupAdministrator = $group->getGroupLKByName('Administrator');
$permission = new permission();
$permissionBenutzer = $permission->getpermissionLKByName('Benutzer');
$permissionModerator = $permission->getpermissionLKByName('Moderator');
$permissionAdministrator = $permission->getpermissionLKByName('Administrator');
$connections = [
'ConnUserGroup' => [
1 => [
$groupBenutzer,
$groupModerator,
$groupAdministrator
]
],
'ConnGroupRight' => [
$groupBenutzer => [$permissionBenutzer],
$groupModerator => [$permissionModerator],
} else {
Permission::denyAccess(PERM_ROOT, $networkinterface->getRouter()->getUserId());
}
} elseif ($_GET['section'] == 'insert_add') {
$networkinterface = new Networkinterface((int) $_GET['interface_id']);
$networkinterface->fetch();
if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, $networkinterface->getRouter()->getUserId())) {
$ip = new Ip(false, (int) $_GET['interface_id'], (int) $_POST['network_id'], $_POST['ip']);
if ($ip->store()) {
$message[] = array('Die IP ' . $_POST['ip'] . ' wurde angelegt.', 1);
Message::setMessage($message);
} else {
$message[] = array('Die IP ' . $_POST['ip'] . ' konnte nicht angelegt werden.', 2);
Message::setMessage($message);
}
header('Location: ./router.php?router_id=' . $_GET['router_id']);
} else {
Permission::denyAccess(PERM_ROOT, $networkinterface->getRouter()->getUserId());
}
} elseif ($_GET['section'] == 'delete') {
$ip = new Ip((int) $_GET['ip_id']);
$ip->fetch();
if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, $ip->getNetworkinterface()->getRouter()->getUserId())) {
$ip->delete();
$message[] = array('Die IP ' . $ip->getIp() . '/' . $ip->getNetwork()->getNetmask() . ' wurde gelöscht.', 1);
Message::setMessage($message);
header('Location: ./router.php?router_id=' . $_GET['router_id']);
} else {
Permission::denyAccess(PERM_ROOT, $ip->getNetworkinterface()->getRouter()->getUserId());
}
}
function getone()
{
global $__in, $__out;
$permission = new permission($__in['id']);
$__out['permission'] = $permission->this_to_array();
return true;
}
function delete($id)
{
global $webdb;
//print_r($this->permCheck && !permission::check($this->tableName,'d_tag'));exit;
if ($this->tableName && $this->permCheck && !permission::check($this->tableName, 'd_tag')) {
permission::errMsg();
return false;
}
return $webdb->query("delete from " . $this->tableName . " where " . $this->key . "='" . $id . "'");
}
*
* allocPSA is free software: you can redistribute it and/or modify it
* under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or (at
* your option) any later version.
*
* allocPSA is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
* License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with allocPSA. If not, see <http://www.gnu.org/licenses/>.
*/
require_once "../alloc.php";
$permission = new permission();
$permissionID = $_POST["permissionID"] or $permissionID = $_GET["permissionID"];
if ($permissionID) {
$permission->set_id($permissionID);
$permission->select();
}
$actions_array = $_POST["actions_array"];
if (is_array($actions_array)) {
$actions = 0;
foreach ($actions_array as $k => $a) {
$actions = $actions | $a;
}
}
$permission->read_globals();
$permission->set_values();
if (!$permission->get_value("tableName")) {
/**
* 验证表单
* */
public function actiongetlogin()
{
$ret = array('status' => 1, 'msg' => '', 'data' => 10);
try {
$unmae = trim(urldecode(Yii::app()->request->getParam("unmae")));
$upwo = Yii::app()->request->getParam('upwo');
$code = Yii::app()->request->getParam('code');
if (!$this->login_type && $code != $_SESSION['Checknum']) {
$ret['data'] = 1;
//验证码错误
throw new Exception('验证码错误');
}
$ret = permission::userLogin($unmae, $upwo);
if ($this->login_type) {
//C# 软件登录
$ret['msg'] = $ret['data'];
$ret['data'] = array();
if ($ret['msg'] == 4) {
//获取用户访问权限
$user = WebUser::getusersById($_SESSION['user_id']);
if ($user['status'] == 0) {
throw new Exception(2);
}
if (empty($user['data']->touchid)) {
throw new Exception(6);
}
$touch_arr = json_decode($user['data']->touchid, true);
//用户绑定的搭配屏
$touch_ret = Touch::touchSelectById($touch_arr[0]);
//根据搭配屏获取品牌
if ($touch_ret['status'] == 0 || empty($touch_ret['data']['brandid'])) {
throw new Exception(6);
}
try {
$brand_ret = Brand::brandSelectById($touch_ret['data']['brandid']);
if (count($brand_ret) == 0) {
throw new Exception('');
}
$qiniu = new erp_qiniu();
//七牛的接口类
$brand_qiniu_account = $qiniu->getAccountByBrand($touch_ret['data']['brandid']);
//获取品牌的七牛子账号信息
if (count($brand_qiniu_account) == 0) {
throw new Exception('品牌暂未绑定七牛帐号');
}
$ret['data']['domain'] = $brand_qiniu_account[0]['domain'];
$ret['data']['brandname'] = $brand_ret[0]['name'];
$ret['data']['erpak'] = empty($brand_ret[0]['erpak']) ? '' : $brand_ret[0]['erpak'];
$ret['data']['erpsk'] = empty($brand_ret[0]['erpsk']) ? '' : $brand_ret[0]['erpsk'];
$ret['data']['code_start'] = $brand_ret[0]['code_start'];
$ret['data']['code_end'] = $brand_ret[0]['code_end'];
} catch (Exception $e) {
throw new Exception(6);
}
$ret['data']['brandid'] = $touch_ret['data']['brandid'];
$ret['data']['type'] = $_SESSION['type'];
}
} else {
$ret['href'] = '/erp/manage';
}
$ret['status'] = 1;
} catch (Exception $e) {
$ret['mag'] = $e->getMessage();
}
echo json_encode($ret);
}