if (password.value.length < 4) {
alert('Office password must be more than 3 characters in length');
return false;
}
}
return true;
}
function show_password_form() {
var editor_access = document.getElementById('editor_level_access');
var password_form = document.getElementById('password_form');
password_form.style.display = (editor_access.checked ? 'block' : 'none');
}
// ]]>
</script>
<?php
if ('manage' === VipMode()) {
?>
<div class='BlueBox'>
<h2>Office Access</h2>
<form action="<?php
echo vip_url('members/info/' . $membership['user_id']);
?>
" class="form" method='POST' onSubmit="return submit_checker();">
<fieldset>
<label for='office_access_level'>Access level:</label>
<input style="float:none;" type="radio" onChange="show_password_form()" id="none_level_access" name="office_access_level" value="none" <?php
if (!($membership['office_writer_access'] || $membership['office_editor_access'])) {
echo 'checked="checked"';
}
?>
> No Access
<label for="filter_payment">Payment, Showing:</label>
<select id="filter_payment" onchange="searchMemberList();">
<option value="all" selected="selected">All</option>
<option value="paid">Paid</option>
<option value="notpaid">Non-paid</option>
</select>
<label for="filter_businesscard">Business Card, Showing:</label>
<select id="filter_businesscard" onchange="searchMemberList();">
<option value="all" selected="selected">All</option>
<option value="ok">Has business card</option>
<option value="approval">Waiting for approval</option>
<option value="expired">Business card expired</option>
<option value="none">No business card</option>
</select>
<?php
if ('manage' !== VipMode()) {
?>
<label for="filter_vip">VIP, Showing:</label>
<select id="filter_vip" onchange="searchMemberList();">
<option value="all" selected="selected">All</option>
<option value="vip">Is a VIP</option>
<option value="requested">Has requested to be a VIP</option>
<option value="none">Is not a VIP</option>
</select>
<?php
} else {
?>
<label for="filter_byline">Byline, Showing:</label>
<select id="filter_byline" onchange="searchMemberList();">
<option value="all" selected="selected">All</option>
<option value="ok">Has byline</option>
/**
* @param $Permission string or array of the following levels (in the order that
* they are to be obtained:
* - 'public' - anyone
* - 'student' - must be logged on
* - 'vip' - must be logged on as a vip
* - 'vip+pr' - must be logged on as a vip or a pr rep
* - 'office' - must be in the office
* - 'pr' - must be in the office as a pr rep
* - 'editor' - must be in the office as an editor
* - 'admin' - must be in the office as an administrator
* @param $LoadMainFrame bool Whether to load the mainframe if permision hasn't
* yet been acquired (for the login screen).
* @return bool Whether enough privilages.
*/
function CheckPermissions($Permission = 'public', $LoadMainFrame = TRUE, $NoPost = FALSE)
{
// Start a session
$CI =& get_instance();
// Initialisation stuff
$CI->load->library('messages');
$CI->load->model('user_auth');
$CI->load->model('pages_model');
// Decide on output format
if (isset($_POST['fb_sig'])) {
/// @todo AUTHENTICATE FACEBOOK
OutputMode('fbml');
global $_SESSION;
$_SESSION = array();
} else {
if (isset($_GET['opmode'])) {
OutputMode($_GET['opmode']);
} else {
OutputMode(DefaultOutputMode());
}
}
// If the output mode is not supported, show a 404
if (!in_array(OutputMode(), OutputModes())) {
show_404();
}
// Translate some auxilliary permissions
$auxilliary_permissions = array('moderator' => 'editor');
if (array_key_exists($Permission, $auxilliary_permissions)) {
$Permission = $auxilliary_permissions[$Permission];
}
$user_level = GetUserLevel();
// URL analysis regarding vip area
$thru_viparea = $CI->uri->total_segments() >= 1 && $CI->uri->segment(1) === 'viparea';
$thru_office_pr = $CI->uri->total_segments() >= 3 && $CI->uri->segment(1) === 'office' && $CI->uri->segment(2) === 'pr' && $CI->uri->segment(3) === 'org';
$thru_office_manage = $CI->uri->total_segments() >= 2 && $CI->uri->segment(1) === 'office' && $CI->uri->segment(2) === 'manage';
$company_short_name = $CI->config->Item('company_organisation_id');
$organisation_specified = FALSE;
if ($thru_viparea) {
if ($CI->uri->total_segments() > 1) {
$organisation_shortname = $CI->uri->segment(2);
$organisation_specified = TRUE;
VipSegments(2);
} else {
$organisation_shortname = $CI->user_auth->organisationShortName;
}
// don't allow access to vip area of the company, only through office/manage
if ($organisation_shortname === $company_short_name) {
$organisation_shortname = '';
$CI->user_auth->logoutOrganisation();
redirect('');
}
vip_url('viparea/' . $organisation_shortname . '/', TRUE);
} elseif ($thru_office_pr) {
$organisation_shortname = $CI->uri->segment(4);
$organisation_specified = TRUE;
VipSegments(4);
vip_url('office/pr/org/' . $organisation_shortname . '/', TRUE);
} elseif ($thru_office_manage) {
$organisation_shortname = $company_short_name;
$organisation_specified = TRUE;
VipSegments(2);
vip_url('office/manage/', TRUE);
} else {
$organisation_shortname = '';
}
VipOrganisation(FALSE, $organisation_shortname);
VipOrganisation(TRUE, $CI->user_auth->organisationShortName);
// Login actions for student/vip/office logins
$student_login_action = array('redirect+url', 'login/main', 'post' => TRUE);
if ($organisation_specified) {
$vip_login_action = array('redirect+url', 'login/vipswitch/' . $organisation_shortname, 'post' => TRUE);
} else {
$vip_login_action = array('redirect+url', 'login/vip', 'post' => TRUE);
}
$office_login_action = array('redirect+url', 'login/office', 'post' => TRUE);
// If vip+pr, use URI to decide which
if ($Permission === 'vip+pr') {
$Permission = $thru_viparea ? 'vip' : ($thru_office_pr ? 'pr' : ($thru_office_manage ? 'manage' : ''));
} elseif ($Permission === 'vip') {
$Permission = $thru_viparea ? 'vip' : ($thru_office_manage ? 'manage' : '');
} elseif ($thru_office_pr && $Permission !== 'pr' || $thru_viparea && $Permission !== 'vip' || $thru_office_manage && $Permission !== 'manage') {
$Permission = '';
}
// Matrix indexed by user level, then page level, of behaviour
// Possible values:
// NULL/notset http error 404
// TRUE allowed
// array specially handled
// otherwise access denied
if ($user_level === 'public') {
$action_levels = array('public' => TRUE, 'student' => $student_login_action, 'vip' => $student_login_action, 'office' => $student_login_action, 'pr' => $student_login_action, 'editor' => $student_login_action, 'manage' => $student_login_action, 'admin' => $student_login_action);
} elseif ($user_level === 'student') {
$action_levels = array('public' => TRUE, 'student' => TRUE, 'vip' => $vip_login_action, 'office' => $office_login_action, 'pr' => $office_login_action, 'editor' => $office_login_action, 'manage' => $office_login_action, 'admin' => $office_login_action);
} elseif ($user_level === 'organisation') {
// Logged in from public as organisation
$allow_vip = array_key_exists($organisation_shortname, $CI->user_auth->allTeams);
$action_levels = array('public' => TRUE, 'student' => TRUE, 'vip' => $allow_vip, 'office' => FALSE, 'pr' => FALSE, 'editor' => FALSE, 'manage' => FALSE, 'admin' => FALSE);
if ($allow_vip) {
VipOrganisationId(FALSE, $CI->user_auth->allTeams[$organisation_shortname][0]);
VipOrganisationName(FALSE, $CI->user_auth->allTeams[$organisation_shortname][1]);
VipOrganisationId(TRUE, $CI->user_auth->organisationLogin);
VipOrganisationName(TRUE, $CI->user_auth->organisationName);
VipMode('viparea');
VipLevel('write', TRUE);
}
} elseif ($user_level === 'vip') {
// Logged in as student and in VIP area
$vip_door_open_action = array('message', 'warning', HtmlButtonLink(site_url('logout/vip' . $CI->uri->uri_string()), 'Leave VIP Area') . $CI->pages_model->GetPropertyText('login:warn_open_vip', TRUE), TRUE);
$allow_vip = array_key_exists($organisation_shortname, $CI->user_auth->allTeams);
if ($allow_vip) {
$vip_accessible = TRUE;
VipOrganisationId(FALSE, $CI->user_auth->allTeams[$organisation_shortname][0]);
VipOrganisationName(FALSE, $CI->user_auth->allTeams[$organisation_shortname][1]);
VipOrganisationId(TRUE, $CI->user_auth->organisationLogin);
VipOrganisationName(TRUE, $CI->user_auth->organisationName);
VipMode('viparea');
VipLevel('write', TRUE);
} else {
// check permissions to access this organisation
$vip_organisations = $CI->user_auth->getOrganisationLogins();
foreach ($vip_organisations as $organisation) {
if ($organisation['organisation_directory_entry_name'] == $organisation_shortname) {
$vip_accessible = $vip_login_action;
break;
}
}
if (!isset($vip_accessible)) {
$vip_accessible = FALSE;
}
}
$action_levels = array('public' => $vip_door_open_action, 'student' => $vip_door_open_action, 'vip' => $vip_accessible, 'office' => $office_login_action, 'pr' => $office_login_action, 'editor' => $office_login_action, 'manage' => $office_login_action, 'admin' => $office_login_action);
} else {
// Office
// Door left open actions
$office_door_open_action = array('message', 'warning', HtmlButtonLink(site_url('logout/office' . $CI->uri->uri_string()), 'Leave Office') . $CI->pages_model->GetPropertyText('login:warn_open_office', TRUE), TRUE);
$admin_door_open_action = $office_door_open_action;
// check permissions to access this organisation
$manage_accessible = FALSE;
$vip_organisations = $CI->user_auth->getOrganisationLogins();
foreach ($vip_organisations as $organisation) {
if ($organisation['organisation_directory_entry_name'] == $company_short_name) {
$manage_accessible = TRUE;
break;
}
}
// Refine further
if ($user_level === 'office') {
$action_levels = array('public' => $office_door_open_action, 'student' => $office_door_open_action, 'vip' => $vip_login_action, 'office' => TRUE, 'pr' => 'pr', 'editor' => FALSE, 'manage' => FALSE, 'admin' => FALSE);
} elseif ($user_level === 'editor') {
$action_levels = array('public' => $office_door_open_action, 'student' => $office_door_open_action, 'vip' => $vip_login_action, 'office' => TRUE, 'pr' => TRUE, 'editor' => TRUE, 'manage' => $manage_accessible, 'admin' => FALSE);
} elseif ($user_level === 'admin') {
$action_levels = array('public' => $admin_door_open_action, 'student' => $admin_door_open_action, 'vip' => $vip_login_action, 'office' => TRUE, 'pr' => TRUE, 'editor' => TRUE, 'manage' => $manage_accessible, 'admin' => TRUE);
}
// Change an office user to pr if they rep for the organisation
static $vipModes = array('pr' => 'office', 'manage' => 'manage');
if (array_key_exists($Permission, $vipModes)) {
// Get organisation information
$CI->db->select('organisation_entity_id AS id,' . 'organisation_name AS name,' . 'organisation_pr_rep AS rep');
$CI->db->join('entities', 'organisation_entity_id = entity_id', 'inner');
$CI->db->where(array('organisation_directory_entry_name' => $organisation_shortname, 'entity_deleted = FALSE'));
$matching_org = $CI->db->get('organisations')->result_array();
if (empty($matching_org)) {
$action_levels[$Permission] = FALSE;
} else {
$matching_org = $matching_org[0];
if ($action_levels[$Permission] === 'pr') {
$action_levels[$Permission] = TRUE;
$rep = $matching_org['rep'] == $CI->user_auth->entityId;
if ($rep) {
VipLevel('rep', TRUE);
} else {
VipLevel('read', TRUE);
}
} elseif ($action_levels[$Permission]) {
VipLevel('write', TRUE);
}
VipOrganisationId(FALSE, $matching_org['id']);
VipOrganisationName(FALSE, $matching_org['name']);
VipOrganisationId(TRUE, $matching_org['id']);
VipOrganisationName(TRUE, $matching_org['name']);
VipMode($vipModes[$Permission]);
}
}
}
$access_allowed = FALSE;
// No permission set or NULL indicates page doesn't exist at this URI
if (!array_key_exists($Permission, $action_levels) || NULL === $action_levels[$Permission]) {
return show_404();
} else {
$action = $action_levels[$Permission];
// True is allow
if (TRUE === $action) {
$access_allowed = TRUE;
} elseif (is_array($action)) {
// Array is special decider
// Perform action
switch ($action[0]) {
case 'handle':
$access_allowed = $action[1]($action[2], $Permission);
if (array_key_exists(3, $action)) {
$CI->messages->AddMessage($action[3], $action[4], FALSE);
}
break;
case 'redirect+url':
$action[1] .= $CI->uri->uri_string();
case 'redirect':
if (array_key_exists(2, $action)) {
$CI->messages->AddMessage($action[2], $action[3]);
}
if (array_key_exists('post', $action) && $action['post']) {
// store post data
if (!empty($_POST)) {
SetRedirectData($action[1], serialize($_POST));
}
}
// Before redirecting, forward on the redirected post data
$post_data = GetRedirectData();
if (NULL !== $post_data) {
SetRedirectData($action[1], $post_data);
}
// Do the redirect
redirect($action[1]);
return FALSE;
case 'message':
$CI->messages->AddMessage($action[1], $action[2], FALSE);
$access_allowed = $action[3];
break;
default:
break;
}
} else {
// Anything else is disallow
$CI->messages->AddMessage('warning', 'You do not have the ' . $Permission . ' privilages required!');
//redirect('');
}
// Restore post data
if ((TRUE === $action || is_array($action)) && !$NoPost) {
$post_data = GetRedirectData();
if (NULL !== $post_data) {
$post_data = @unserialize($post_data);
if (is_array($post_data)) {
if (!isset($_POST)) {
global $_POST;
$_POST = array();
}
foreach ($post_data as $key => $value) {
$_POST[$key] = $value;
}
}
}
}
}
if ('fbml' === OutputMode()) {
$Permission = 'facebookapp';
} elseif ('ajax' === OutputMode()) {
$Permission = 'ajax';
} elseif (FeedOutputMode()) {
$Permission = 'feed';
}
SetupMainFrame($Permission, FALSE);
if (!$access_allowed && $LoadMainFrame) {
$CI->load->library('Custom_pages');
$page = new CustomPageView('error:permissions');
$CI->main_frame->SetContent($page);
$CI->main_frame->Load();
}
return $access_allowed;
}
/**
* @param $EntityId integer Entity id.
* @param $Page [string] Page name.
*/
function info($EntityId = NULL, $Page = NULL)
{
if (!CheckPermissions('vip')) {
return;
}
$this->_SetupTabs('members');
// If no entity id was provided, redirect back to members list.
if (NULL === $EntityId) {
return redirect(vip_url('members/list'));
}
// Read the post data for changing office access (MANAGE ONLY)
if ('manage' === VipMode()) {
$access_level = $this->input->post('office_access_level');
if (FALSE !== $access_level) {
$access_password = $this->input->post('password');
$access_password_confirm = $this->input->post('confirm_password');
if ($access_level == 'editor') {
if ($access_password != $access_password_confirm) {
$this->messages->AddMessage('error', 'Passwords do not match, please confirm your password.');
} elseif (strlen($access_password) == 0) {
$this->messages->AddMessage('information', 'You must assign editors a password.');
} elseif (strlen($access_password) < 4) {
$this->messages->AddMessage('error', 'Office password must be more than 3 characters in length.');
} else {
$success_rows = $this->members_model->UpdateAccessLevel('1', null, $EntityId);
$this->user_auth->setOfficePassword($access_password, $EntityId);
$user = $this->members_model->GetUsername($EntityId);
$to = $user->entity_username . $this->config->Item('username_email_postfix');
$from = $this->pages_model->GetPropertyText('system_email', true);
$subject = $this->pages_model->GetPropertyText('office_password_email_subject', true);
$message = str_replace('%%password%%', $access_password, str_replace('%%nickname%%', $user->nickname, $this->pages_model->GetPropertyText('office_password_email_body', true)));
if ($to && $subject && $message && $from) {
$this->load->helper('yorkermail');
try {
yorkermail($to, $subject, $message, $from);
$this->main_frame->AddMessage('success', 'The e-mail containing the password was sent successfully.');
} catch (Exception $e) {
$this->main_frame->AddMessage('error', 'E-mail Sending Failed: ' . $e->getMessage());
}
} else {
$this->messages->AddMessage('error', 'E-mail Sending Failed.');
}
}
} elseif ($EntityId == $this->user_auth->entityId) {
// Ensure that the privilages user isn't trying to demote themselves.
$this->messages->AddMessage('error', 'You cannot reduce your own access privilages. You must ask another editor to do so for you.');
} elseif ($access_level == 'writer') {
$success_rows = $this->members_model->UpdateAccessLevel('1', null, $EntityId);
if ($success_rows > 0) {
$this->messages->AddMessage('success', 'User has been set to "Writer".');
} else {
$this->messages->AddMessage('error', 'Operation Failed. User has not been set to "Writer".');
}
} elseif ($access_level == 'none') {
$success_rows = $this->members_model->UpdateAccessLevel('0', null, $EntityId);
if ($success_rows > 0) {
$this->messages->AddMessage('success', 'User has been set to "No Access".');
} else {
$this->messages->AddMessage('error', 'Operation Failed. User has not been set to "No Access".');
}
}
}
}
// Get membership information for the first time
// This will determine whether the entity is a member.
$membership = $this->members_model->GetMemberDetails(VipOrganisationId(), $EntityId, 'TRUE', array(), FALSE);
if (!empty($membership)) {
$membership = $membership[0];
// Read the post data
$button = $this->input->post('member_byline_reset');
if ($button === 'Set Default Byline') {
if ($this->members_model->SetDefaultByline($EntityId, VipOrganisationId())) {
$this->messages->AddMessage('success', 'Byline was added successfully.');
} else {
$this->messages->AddMessage('error', 'Byline could not be added, a byline might already exist.');
}
return redirect(vip_url('members/info/' . $EntityId));
}
// Read the post data
$button = $this->input->post('member_cmd');
if ($button === 'Remove') {
if ($this->members_model->RemoveSubscription($EntityId, VipOrganisationId())) {
$this->messages->AddMessage('success', 'Member removed successfully.');
return redirect(vip_url('members/list'));
} else {
$this->messages->AddMessage('error', 'No changes were made to the membership.');
return redirect(vip_url('members/info/' . $EntityId));
}
} elseif ($button === 'Invite') {
if ($this->members_model->InviteMember($EntityId, VipOrganisationId())) {
$this->messages->AddMessage('success', 'User invited successfully.');
} else {
$this->messages->AddMessage('error', 'No changes were made to the membership.');
}
return redirect(vip_url('members/info/' . $EntityId));
} elseif ($button === 'Withdraw Invite') {
if ($this->members_model->WithdrawInvite($EntityId, VipOrganisationId())) {
$this->messages->AddMessage('success', 'Invite withdrawn successfully.');
return redirect(vip_url('members/list'));
} else {
$this->messages->AddMessage('error', 'No changes were made to the membership.');
return redirect(vip_url('members/info/' . $EntityId));
}
} elseif ($button === 'Accept') {
if ($this->members_model->ConfirmMember($EntityId, VipOrganisationId())) {
$this->messages->AddMessage('success', 'Member accepted successfully.');
} else {
$this->messages->AddMessage('error', 'No changes were made to the membership.');
}
return redirect(vip_url('members/info/' . $EntityId));
}
// Read the post data
$button = $this->input->post('vip_cmd');
if ($button === 'Demote' || $button === 'Reject') {
if ($this->members_model->UpdateVipStatus('none', $EntityId, VipOrganisationId())) {
$this->messages->AddMessage('success', 'Member demoted successfully.');
} else {
$this->messages->AddMessage('error', 'No changes were made to the membership.');
}
return redirect(vip_url('members/info/' . $EntityId));
} elseif ($button === 'Promote' || $button === 'Accept') {
if ($this->members_model->UpdateVipStatus('approved', $EntityId, VipOrganisationId())) {
$this->messages->AddMessage('success', 'Member promoted successfully.');
} else {
$this->messages->AddMessage('error', 'No changes were made to the membership.');
}
return redirect(vip_url('members/info/' . $EntityId));
}
// Read the post data
$button = $this->input->post('member_update');
if ($button === 'Update') {
$member_paid = FALSE !== $this->input->post('member_paid');
$changes = array();
if ($member_paid !== (bool) $membership['paid']) {
// Paid has changed
$membership['paid'] = $changes['paid'] = $member_paid;
}
// If changes save them
// If no changes don't save them
if (empty($changes)) {
$this->messages->AddMessage('information', 'No changes were made to the membership.');
} else {
/// @todo Do in single update to db
$successes = array();
$failures = array();
if (array_key_exists('paid', $changes)) {
$num_changes = $this->members_model->UpdatePaidStatus($changes['paid'] ? '1' : '0', $EntityId, VipOrganisationId());
if ($num_changes) {
$successes[] = 'paid';
} else {
$failures[] = 'paid';
}
}
if (!count($failures)) {
$this->messages->AddMessage('success', 'The membership\'s ' . implode(', ', $successes) . ' flags were successfully updated');
} elseif (!count($successes)) {
$this->messages->AddMessage('error', 'The membership\'s ' . implode(', ', $failures) . ' flags could not be updated');
} else {
$this->messages->AddMessage('error', 'The membership\'s ' . implode(', ', $failures) . ' flags could not be updated (the flags ' . implode(', ', $successes) . ' were successfully updated)');
}
}
}
// DISPLAY USER INFORMATION --------------------------------- //
$this->pages_model->SetPageCode('viparea_members_info');
// Stringify gender
$membership['gender'] = $membership['gender'] == 'm' ? 'male' : ($membership['gender'] == 'f' ? 'female' : 'unknown');
// Stringify status
if (!$membership['user_confirmed'] && !$membership['org_confirmed']) {
$membership['status'] = 'Non-member';
$membership['cmd_string'] = 'This user is <b>not a member</b> of your organisation, click below to invite them.';
$membership['cmd_action'] = 'Invite';
$membership['cmd_js'] = '';
} elseif (!$membership['user_confirmed'] && $membership['org_confirmed']) {
$membership['status'] = 'Invited';
$membership['cmd_string'] = 'You have <b>invited</b> this user to join your organisation, but they have not yet replied, click below to withdraw your invitation.';
$membership['cmd_action'] = 'Withdraw Invite';
$membership['cmd_js'] = "return confirm('Are you sure that you want to withdraw the invite for this user?');";
} elseif ($membership['user_confirmed'] && !$membership['org_confirmed']) {
$membership['status'] = 'Requested to join';
$membership['cmd_string'] = 'This user has <b>requested</b> to become a member of your organisation, click below to accept their request.';
$membership['cmd_action'] = 'Accept';
$membership['cmd_js'] = '';
} else {
$membership['status'] = 'Member';
$membership['cmd_string'] = 'This user is a <b>member</b> of your organisation, click below to remove them.';
$membership['cmd_action'] = 'Remove';
$membership['cmd_js'] = "return confirm('Are you sure that you want to remove this member from your organisation?');";
}
if ('manage' === VipMode() && (!$membership['has_byline'] || $membership['byline_needs_approval'] || $membership['byline_expired'])) {
$membership['byline_reset'] = true;
}
$data = array('main_text' => $this->pages_model->GetPropertyWikitext('main_text'), 'membership' => $membership);
// Set up the content
$this->main_frame->SetContentSimple('members/editmembers', $data);
// Set the title parameters
$this->main_frame->SetTitleParameters(array('organisation' => VipOrganisationName(), 'firstname' => $membership['firstname'], 'surname' => $membership['surname']));
} else {
// The entity isn't a member of the organisation
$this->load->library('custom_pages');
$this->main_frame->SetContent(new CustomPageView('vip_members_notmember', 'error'));
}
$this->main_frame->Load();
}
