public function set() { daocall('setting', 'add', array('view_dir', $_REQUEST['view_dir'])); daocall('setting', 'add', array('reg_user_price', $_REQUEST['reg_user_price'] * 100)); daocall('setting', 'add', array('reg_off', $_REQUEST['reg_off'])); daocall('setting', 'add', array('findpasswd_off', $_REQUEST['findpasswd_off'])); daocall('setting', 'add', array('try_day', $_REQUEST['try_day'])); if ($_REQUEST['view_dir'] != $this->setting['view_dir']) { $log = array('operate_object' => 'view_dir=' . $_REQUEST['view_dir'], 'admin' => getRole('admin'), 'operate' => $_REQUEST['c'] . "&a=" . $_REQUEST['a']); apicall('operatelog', 'operatelogAdd', array($log)); } if ($_REQUEST['reg_user_price'] * 100 != $this->setting['reg_user_price']) { $log = array('operate_object' => 'reg_user_price=' . $_REQUEST['reg_user_price'], 'admin' => getRole('admin'), 'operate' => $_REQUEST['c'] . "&a=" . $_REQUEST['a']); apicall('operatelog', 'operatelogAdd', array($log)); } if ($_REQUEST['reg_off'] != $this->setting['reg_off']) { $log = array('operate_object' => 'reg_off=' . $_REQUEST['reg_off'], 'admin' => getRole('admin'), 'operate' => $_REQUEST['c'] . "&a=" . $_REQUEST['a']); apicall('operatelog', 'operatelogAdd', array($log)); } if ($_REQUEST['findpasswd_off'] != $this->setting['findpasswd_off']) { $log = array('operate_object' => 'findpasswd_off=' . $_REQUEST['findpasswd_off'], 'admin' => getRole('admin'), 'operate' => $_REQUEST['c'] . "&a=" . $_REQUEST['a']); apicall('operatelog', 'operatelogAdd', array($log)); } return header('Location: ?c=function&a=setFrom'); }
public function index() { if (isset($_SESSION[C('USER_AUTH_KEY')])) { //显示菜单项 $menu = array(); $model = M("AdminMenu"); if (session("administrator")) { //echo 'dd'; } else { //echo 'bb'; $uid = getMemberId(); $role = getRole($uid); //继续。。 //获取用户 } $list = $model->where('display=1')->order(array('fid' => 'asc', 'sort' => 'asc'))->select(); $menu = fetchMenu($list, 0); $menu_html = displayMenu($menu, false); $this->assign('menu', $menu_html); } C('SHOW_RUN_TIME', false); // 运行时间显示 C('SHOW_PAGE_TRACE', false); $this->display(); }
function login($ip, $nick, $password) { /*$intentos = 0; if (isset($_COOKIE['intentos'])){ $intentos = $_COOKIE['intentos']; } if ($intentos <= 3){*/ $hashedPassword = hash("sha256", $password, false); if (checkNickPassword($nick, $hashedPassword)) { $email = getEmail($nick); $_SESSION['nick'] = $nick; $_SESSION['email'] = $email; $_SESSION['role'] = getRole($email); //setcookie( 'intentos', 0, time() + 1800 ); //30 minutos addAction($nick, $email, $ip, 'logged_in'); addConnection($nick, $email, $ip); return '0'; // Logged. } else { //if ($intentos < 3) { //setcookie( 'intentos', $intentos + 1, time() + 1800 ); //30 minutos return '1'; // Log in failed. } /*} setcookie( 'intentos', 0, time() + 1800); return '2'; // Superado el límite de intentos. */ }
function getListByQuery($query, $department, $rtype = '') { $sDeptCondition = ''; $sCondition = ''; $sYear = getSchoolYear($this); if (getRole($this) == 2) { $sDept = $this->mod->getDeptOfEmployee(getUserId($this)); $sDept = $sDept[0]->department_id; $sDeptCondition = "employees.department_id = {$sDept} and"; } $sDeptCondition = ''; $rCondition = ''; if (getRole($this) != 2 && ($department != -1 && !empty($department))) { $sDeptCondition = "(employees.department_id = {$department}) and"; } if (!empty($query)) { $sCondition = "(employees.empno like '%{$query}%' or employees.fname like '%{$query}%' or employees.lname like '%{$query}%') and"; } $iProfileId = getUserId($this); if (getRole($this) == 2) { $sdep = $this->mod->getDeptOfEmployee($iProfileId); $sDeptCondition = "(employees.department_id = {$sdep[0]->department_id}) and "; } if (!empty($rtype)) { if (strpos($rtype, 'nal') !== false) { $rCondition = "and if(emp_types.time_unit = 'd', \r\n\r\n (select (sum(abs(datediff(g.end_date, g.start_date)) - abs(g.end_date_hw + g.start_date_hw)) +1)\r\n from \r\n leave_transactions g, leave_credits \r\n where \r\n\r\n employment_id = employment.id and \r\n leave_credits.id = leave_credits_id and \r\n leave_credits.is_base = 1 and g.schoolyear = '{$sYear}'),\r\n\r\n\r\n\r\n\r\n round(( select (sum(timediff(g.end_time,g.start_time)))/10000 from \r\n leave_transactions g \r\n where \r\n\r\n g.employment_id = employment.id and g.schoolyear = '{$sYear}'\r\n\r\n ),2)) is null"; } } $query = $this->db->query("\r\n select \r\n employees.id as myid, \r\n employment.*, \r\n employees.*,\r\n ranks.*,\r\n roles.*,\r\n departments.*,\r\n emp_types.*,\r\n status.*,\r\n emp_types.time_unit as timeunit\r\n from \r\n employment, \r\n emp_types, \r\n status, \r\n employees, \r\n emp_types_stat,\r\n ranks,\r\n departments,\r\n roles\r\n where \r\n ({$sCondition} {$sDeptCondition} \r\n employment.emp_types_stat_id = emp_types_stat.id and\r\n \r\n emp_types.id = emp_types_stat.emp_types_id and \r\n \r\n status.id = emp_types_stat.status_id and \r\n \r\n employment.employee_id = employees.id and\r\n \r\n employees.rank_id = ranks.id and\r\n \r\n employees.department_id = departments.id and\r\n \r\n employees.role_id = roles.id) {$rCondition} \r\n\r\n group by employees.department_id, lname, fname\r\n "); if ($query->num_rows() > 0) { return $query->result(); } else { return ""; } }
function getQueryList($sEmployeeId = '', $sDept = '', $sStat = '', $rType = '') { $sCondition = ''; $sDeptCondition = ''; $sStatCondition = ''; $sRtype = ''; if (!empty($sEmployeeId)) { $sCondition = "and e.id = {$sEmployeeId}"; } if (!empty($sStat) && strpos($sStat, "All") === false) { $sStatCondition = "and g.status = '{$sStat}'"; } if (!empty($sDept) && $sDept != -1) { $sDeptCondition = "and e.department_id = {$sDept}"; } if (!empty($rType)) { $sRtype = ''; } $iProfileId = getUserId($this); if (getRole($this) == 2) { $sdep = $this->mod->getDeptOfEmployee($iProfileId); $sDeptCondition = "and (e.department_id = {$sdep[0]->department_id})"; } else { if (getRole($this) == 3) { $sDeptCondition = "and (e.id = {$iProfileId})"; } } $query = $this->db->query("\r\n select \r\n g.*,\r\n concat(e.fname,' ',e.lname) as employee,\r\n datediff(g.end_date, g.start_date) as leaves \r\n from \r\n leave_transactions g, \r\n employees e,\r\n employment em \r\n where (g.employment_id = em.id and em.employee_id = e.id) \r\n {$sCondition} \r\n {$sStatCondition} \r\n {$sDeptCondition}\r\n order by g.filing_date desc"); $aResult = $query->result(); return $query->result(); }
function adminOnly($role) { // Redirect all if not admin. if (getRole() < 3) { header('Location: /'); exit; } }
public function del() { $ret = daocall('admin_user', 'delUser', array($_REQUEST['username'])); if ($ret) { $log = array('admin' => getRole('admin'), 'operate' => $_REQUEST['a'], 'operate_object' => 'username='******'username']); apicall('operatelog', 'operatelogAdd', array($log)); } header("Location: ?c=adminuser&a=listUser"); }
public function verificaRespostaCriterio($enterpriseId, $perguntaId, $competitionId) { $configDb = Zend_Registry::get('configDb'); $query = $this->select()->setIntegrityCheck(false)->from(array('CHEKEV' => 'CheckerEvaluation'))->join(array('CHEKente' => 'CheckerEnterprise'), 'CHEKEV.CheckerEnterpriseId = CHEKente.ID', NULL)->where('CHEKente.EnterpriseId = ?', $enterpriseId)->where('CHEKEV.QuestionCheckerId = ?', $perguntaId); $query->reset(Zend_Db_Select::COLUMNS)->columns(array('CHEKEV.QuestionCheckerId', 'CHEKEV.Resposta')); $objResult = getRole($this->fetchRow($query)); $resposta = array(); $resposta[$objResult['QuestionCheckerId']] = $objResult['Resposta']; return $resposta; }
/** * 用户充值成功,但没有到账,管理员手动给用户确认到账 * Enter description here ... */ public function manPayReturn() { if (apicall('money', 'payReturn', array($_REQUEST['id']))) { $this->_tpl->assign('msg', '充值成功'); $log = array('operate_object' => 'id=' . $_REQUEST['id'], 'admin' => getRole('admin'), 'operate' => $_REQUEST['a']); apicall('operatelog', 'operatelogAdd', array($log)); } else { $this->_tpl->assign('msg', '充值失败'); } return $this->display('msg.html'); }
public function delMproductorder() { $result = daocall('mproductorder', 'del', array(intval($_REQUEST['id']))); if (!$result) { $this->_tpl->assign('msg', '删除失败'); return $this->_tpl->fetch('msg.html'); } $log = array('operate_object' => 'id=' . $_REQUEST['id'], 'admin' => getRole('admin'), 'operate' => $_REQUEST['a']); apicall('operatelog', 'operatelogAdd', array($log)); return $this->pageListMproductorder(); }
public function delAgent() { if (!daocall('agent', 'del', array($_REQUEST['id']))) { $this->_tpl->assign('msg', "删除失败"); return $this->_tpl->fetch('msg.html'); } $log = array('operate_object' => 'id=' . $_REQUEST['id'], 'admin' => getRole('admin'), 'operate' => $_REQUEST['a']); apicall('operatelog', 'operatelogAdd', array($log)); daocall('user', 'updateUserAgent_idByAent_id', array($_REQUEST['id'])); daocall('agentprice', 'delAgentpriceByAgent_id', array($_REQUEST['id'])); return $this->listAgent(); }
public function login() { $user = $this->checkPassword($_REQUEST['username'], $_REQUEST['passwd']); if (!$user) { return $this->_tpl->display('login_error.html'); //die('登录错误![<a href="javascript:history.go(-1);">返回</a>]'); } registerRole('admin', $user['username']); $_SESSION['admin_last_login'] = $user['last_login']; $_SESSION['admin_last_ip'] = $user['last_ip']; $log = array('operate_object' => 'username='******'username'], 'mem' => 'ip=' . $_SERVER["REMOTE_ADDR"], 'admin' => getRole('admin'), 'operate' => $_REQUEST['c'] . "&a=" . $_REQUEST['a']); apicall('operatelog', 'operatelogAdd', array($log)); header("Location: index.php"); }
function showMyProposalPage() { //TODO check for the role of current user $role = getRole(); if (!Users::isStudent()) { echo t('You can only see this page as a student'); return; } //Get my groups $my_proposals = Proposal::getInstance()->getMyProposals(); //::getGroups(_ORGANISATION_GROUP); if (!$my_proposals) { echo t('You have no proposal at the moment.') . '<br/>'; echo "<a href='" . _WEB_URL . "/projects/browse'>" . t('Please find yourself a project') . "</a>."; } else { $current_tab = getRequestVar('new_tab', 0); showMyProposals($my_proposals, $current_tab); } }
public function getSysadmin() { $c = new Criteria(); $users = UserPeer::doSelect($c); foreach ($users as $user1) { $userrole = $user1->getUserRoles(); $found = false; foreach ($userroles as $userrole) { if ($userrole . getRole()->getName() == 'sysadmin') { $found = true; break; } } if (found == true) { return $user1; } } return null; }
public function moneyout() { $page = intval($_REQUEST['page']); if ($page <= 0) { $page = 1; } $page_count = 15; $count = 0; $list = daocall('moneyout', 'pageByUser', array(getRole('user'), $page, $page_count, &$count)); $total_page = ceil($count / $page_count); if ($page >= $total_page) { $page = $total_page; } $this->_tpl->assign('count', $count); $this->_tpl->assign('total_page', $total_page); $this->_tpl->assign('page', $page); $this->_tpl->assign('page_count', $page_count); $this->_tpl->assign('list', $list); return $this->_tpl->fetch('money/moneyout.html'); }
public function pageByuser() { $sortname = $_REQUEST['sortname']; $page = intval($_REQUEST['page']); if ($page <= 0) { $page = 1; } $page_count = 30; $count = 0; $list = daocall('question', 'pageByuser', array(getRole('user'), $page, $page_count, &$count, $sortname)); $total_page = ceil($count / $page_count); if ($page >= $total_page) { $page = $total_page; } $this->_tpl->assign('sortname', $sortname); $this->_tpl->assign('count', $count); $this->_tpl->assign('total_page', $total_page); $this->_tpl->assign('page', $page); $this->_tpl->assign('page_count', $page_count); $this->_tpl->assign('list', $list); return $this->_tpl->fetch('question/pagelist.html'); }
function chronology($type, $product_id) { if ($type == 0) { $query = "SELECT pp_ref_no,pp_nama_brand,pp_nama_generic,pp_nama,\n DATE_FORMAT(pp_pkk_screen_tkh,'%d/%m/%Y %h:%i:%s %p') AS pp_pkk_screen_tkh FROM p_product\n WHERE pp_kod='{$product_id}'"; $result = selQuery($query); $row = mysqli_fetch_assoc($result); $query = "SELECT la_ru_kod,DATE_FORMAT(lab_assign_date,'%d/%m/%Y %h:%i:%s %p') AS lab_assign_date FROM lab_assign\n WHERE la_pp_kod='{$product_id}'"; $result = selQuery($query); $assign = mysqli_fetch_assoc($result); ?> <div class="admin-form" id="previewChrono"> <div class="row"> <div class="alert alert-sm alert-border-left alert-primary"><b>Product Information</b></div> <div class="col-md-6"> <b>Reference No : </b> <p><?php echo isEmpty($row['pp_ref_no']); ?> </p> </div> <div class="col-md-6"> <b>Brand Name : </b> <p><?php echo isEmpty($row["pp_nama_brand"]); ?> </p> </div> <div class="col-md-6"> <b>Generic Name : </b> <p><?php echo isEmpty($row["pp_nama_generic"]); ?> </p> </div> <div class="col-md-6"> <b>Full product name : </b> <p><?php echo isEmpty($row["pp_nama"]); ?> </p> </div> </div> <div class="row"> <div class="section-divider mb40"></div> </div> <div class="row"> <ol class="timeline-list"> <!-- <li class="timeline-item"> <div class="timeline-icon bg-warning"> <span class="fa fa-calendar"></span> </div> <div class="timeline-desc"> <p>Screening Date</p> </div> <div class="timeline-date"><?php //echo $row['pp_pkk_screen_tkh']; ?> </div> </li> <li class="timeline-item"> <div class="timeline-icon bg-warning"> <span class="fa fa-calendar"></span> </div> <div class="timeline-desc"> <p>Product Distribution</p> <?php // $labs = ""; // while($lab = mysqli_fetch_assoc($result)) { // $labs = $labs."<small>".retriveLab($lab['la_ru_kod'])."</small><br />"; // } // echo $labs; ?> </div> <div class="timeline-date"><?php //echo $assign['lab_assign_date']; ?> </div> </li> --> <?php $query = "SELECT plc_user,plc_comment,plc_location,DATE_FORMAT(plc_tkh_upd,'%d/%m/%Y %h:%i:%s %p') AS tkh_upd FROM p_lab_comment\n WHERE plc_product_id='{$product_id}' ORDER BY plc_tkh_upd ASC"; $result = selQuery($query); while ($rows = mysqli_fetch_assoc($result)) { ?> <li class="timeline-item"> <div class="timeline-icon bg-primary light"> <span class="fa fa-comments-o"></span> </div> <div class="timeline-desc"> <div class="chat-widget"> <div class="media" align="left"> <div class="media-left"> <i class="fa fa-user-md fa-3x text-primary"></i> </div> <div class="media-body" align="left"> <h5 class="media-heading"> <small><?php echo getUsername($rows['plc_user']) . " / " . getRole($rows['plc_location']); ?> </small> </h5><?php echo nl2br($rows['plc_comment']); ?> </div> </div> </div> </div> <div class="timeline-date"><?php echo $rows['tkh_upd']; ?> </div> </li> <?php } ?> </ol> </div> </div> <?php } else { $query = "SELECT kp_sampel_no,kp_product_name FROM k_produk\n WHERE kp_id='{$product_id}'"; $result = selQuery($query); $row = mysqli_fetch_assoc($result); ?> <div class="admin-form" id="previewChrono"> <div class="row"> <div class="alert alert-sm alert-border-left alert-alert"><b>Sample Information</b></div> <div class="col-md-6"> <b>Sample No : </b> <p><?php echo isEmpty($row['kp_sampel_no']); ?> </p> </div> <div class="col-md-6"> <b>Product Name : </b> <p><?php echo isEmpty($row['kp_product_name']); ?> </p> </div> </div> <div class="row"> <div class="section-divider mb40"></div> </div> <div class="row"> <ol class="timeline-list"> <?php $query = "SELECT plc_user,plc_comment,plc_location,DATE_FORMAT(plc_tkh_upd,'%d/%m/%Y %h:%i:%s %p') AS tkh_upd FROM p_lab_comment\n WHERE plc_product_id='{$product_id}' ORDER BY plc_tkh_upd ASC"; $result = selQuery($query); while ($rows = mysqli_fetch_assoc($result)) { ?> <li class="timeline-item"> <div class="timeline-icon bg-alert light"> <span class="fa fa-comments-o"></span> </div> <div class="timeline-desc"> <div class="chat-widget"> <div class="media" align="left"> <div class="media-left"> <i class="fa fa-user-md fa-3x text-alert"></i> </div> <div class="media-body" align="left"> <h5 class="media-heading"> <small><?php echo getUsername($rows['plc_user']) . " / " . getRole($rows['plc_location']); ?> </small> </h5><?php echo nl2br($rows['plc_comment']); ?> </div> </div> </div> </div> <div class="timeline-date"><?php echo $rows['tkh_upd']; ?> </div> </li> <?php } ?> </ol> </div> </div> <?php } }
function getUser() { return getRole(1); }
function checkBoolPermission($action) { global $db, $userdata, $lang; $role = getRole(); switch ($action) { case 'VIEW_ALL': $sql = "SELECT view_all\r\n FROM " . AUCTION_ROLE_TABLE . "\r\n WHERE auction_role_title='" . $role . "'"; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not query role permissions', '', __LINE__, __FILE__, $sql); } // End if $row = $db->sql_fetchrow($result); if ($row['view_all'] == 0) { return 0; } else { return 1; } break; case 'VIEW_OFFER': $sql = "SELECT view_offer\r\n FROM " . AUCTION_ROLE_TABLE . "\r\n WHERE auction_role_title='" . $role . "'"; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not query role permissions', '', __LINE__, __FILE__, $sql); } // End if $row = $db->sql_fetchrow($result); if ($row['view_offer'] == 0) { return 0; } else { return 1; } break; case 'VIEW_BID_HISTORY': $sql = "SELECT view_bid_history\r\n FROM " . AUCTION_ROLE_TABLE . "\r\n WHERE auction_role_title='" . $role . "'"; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not query role permissions', '', __LINE__, __FILE__, $sql); } // End if $row = $db->sql_fetchrow($result); if ($row['view_bid_history'] == 0) { return 0; } else { return 1; } break; case 'NEW': $sql = "SELECT new\r\n FROM " . AUCTION_ROLE_TABLE . "\r\n WHERE auction_role_title='" . $role . "'"; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not query role permissions', '', __LINE__, __FILE__, $sql); } // End if $row = $db->sql_fetchrow($result); if ($row['new'] == 0) { return 0; } else { return 1; } break; case 'BID': $sql = "SELECT bid\r\n FROM " . AUCTION_ROLE_TABLE . "\r\n WHERE auction_role_title='" . $role . "'"; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not query role permissions', '', __LINE__, __FILE__, $sql); } // End if $row = $db->sql_fetchrow($result); if ($row['bid'] == 0) { return 0; } else { return 1; } break; case 'COMMENT': $sql = "SELECT comment\r\n FROM " . AUCTION_ROLE_TABLE . "\r\n WHERE auction_role_title='" . $role . "'"; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not query role permissions', '', __LINE__, __FILE__, $sql); } // End if $row = $db->sql_fetchrow($result); if ($row['comment'] == 0) { return 0; } else { return 1; } break; case 'MOVE': $sql = "SELECT move\r\n FROM " . AUCTION_ROLE_TABLE . "\r\n WHERE auction_role_title='" . $role . "'"; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not query role permissions', '', __LINE__, __FILE__, $sql); } // End if $row = $db->sql_fetchrow($result); if ($row['move'] == 0) { return 0; } else { return 1; } break; case 'DELETE_OFFER': $sql = "SELECT delete_offer\r\n FROM " . AUCTION_ROLE_TABLE . "\r\n WHERE auction_role_title='" . $role . "'"; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not query role permissions', '', __LINE__, __FILE__, $sql); } // End if $row = $db->sql_fetchrow($result); if ($row['delete_offer'] == 0) { return 0; } else { return 1; } break; case 'DELETE_BID': $sql = "SELECT delete_bid\r\n FROM " . AUCTION_ROLE_TABLE . "\r\n WHERE auction_role_title='" . $role . "'"; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not query role permissions', '', __LINE__, __FILE__, $sql); } // End if $row = $db->sql_fetchrow($result); if ($row['delete_bid'] == 0) { return 0; } else { return 1; } break; case 'SPECIAL': $sql = "SELECT special\r\n FROM " . AUCTION_ROLE_TABLE . "\r\n WHERE auction_role_title='" . $role . "'"; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not query role permissions', '', __LINE__, __FILE__, $sql); } // End if $row = $db->sql_fetchrow($result); if ($row['special'] == 0) { return 0; } else { return 1; } break; case 'DIRECT_SELL': $sql = "SELECT direct_sell\r\n FROM " . AUCTION_ROLE_TABLE . "\r\n WHERE auction_role_title='" . $role . "'"; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not query role permissions', '', __LINE__, __FILE__, $sql); } // End if $row = $db->sql_fetchrow($result); if ($row['direct_sell'] == 0) { return 0; } else { return 1; } break; case 'IMAGE_UPLOAD': $sql = "SELECT image_upload\r\n FROM " . AUCTION_ROLE_TABLE . "\r\n WHERE auction_role_title='" . $role . "'"; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not query role permissions', '', __LINE__, __FILE__, $sql); } // End if $row = $db->sql_fetchrow($result); if ($row['image_upload'] == 0) { return 0; } else { return 1; } break; } }
$sql = "SELECT username, role FROM users WHERE id = {$id}"; $result = $db->query($sql); $results = $result->fetch_assoc(); return $results; } function updateRole($role, $id) { $db = new mysqli(SERVERNAME, USERNAME, PASSWORD, DBNAME); $sql = "UPDATE users SET role='{$role}' WHERE id = {$id}"; $result = $db->query($sql); $db->close(); } if (isset($_POST['role'])) { $role = $_POST['role']; $id = $_POST['id']; updateRole($role, $id); header("Location: users.php"); } if (isset($_GET['id'])) { $id = $_GET['id']; $results = getRole($id); $role = $results["role"]; $username = $results["username"]; if ($role == "admin") { $selected = '<option value="moderator">Moderator</option> <option selected="selected" value="admin">Admin</option>'; } elseif ($role == "moderator") { $selected = '<option selected="selected" value="moderator">Moderator</option> <option value="admin">Admin</option>'; } }
public function randPassword() { $passwd = getRandPasswd(); if (daocall('user', 'updatePassword', array($_REQUEST['username'], $passwd))) { $msg = "新密码是: " . $passwd; } else { $msg = "重设密码出错"; } $log = array('operate_object' => 'username='******'username'], 'admin' => getRole('admin'), 'operate' => $_REQUEST['a']); apicall('operatelog', 'operatelogAdd', array($log)); $this->_tpl->assign('msg', $msg); return $this->listUser(); }
$pagestart = ($page - 1) * $pagesize; $query = "select id,name,role,mall_id,shop_id,time,last_ip,now_ip,log_num from admin_manage" . $area . "order by role asc limit " . $pagestart . "," . $pagesize; $res = mysql_query($query); while ($row = mysql_fetch_array($res)) { ?> <tr> <td><?php echo $row["id"]; ?> </td> <td><?php echo $row["name"]; ?> </td> <td><?php echo getRole($row["role"]); ?> </td> <td><?php echo getRoleArea($row["role"], $row["shop_id"], $row["mall_id"]); ?> </td> <td><?php echo $row["last_ip"]; ?> </td> <td><?php echo $row["now_ip"]; ?> </td> <td><?php
private function _edit() { $this->verifyForm(); $data = array(); $data['shop_id'] = session('shop_id'); $data['shop_name'] = session('shop_name'); $data['username'] = post('username'); $data['email'] = post('email'); $data['name'] = post('name'); $data['sex'] = post('sex'); $data['phone'] = post('phone'); $data['role_id'] = post('role_id'); $data['role_name'] = getRole($data['role_id']); $data['status'] = post('status'); $password = post('password'); if (!empty($password)) { if ($password != post('repassword')) { $this->error('两次密码不一致!'); } $data['password'] = md5($password); } $shop_mod = m('User'); $r = $shop_mod->update($data, 'id=' . post('id')); if ($r === false) { $this->error($shop_mod->error()); } else { $this->success('保存成功!'); } }
<?php include_once './business_logic/functions/database_logic.php'; include_once './business_logic/functions/menu_logic.php'; session_start(); if (!isset($_SESSION['nick'])) { header('Location: main.php'); } //$ip = get_client_ip(); $nick = $_SESSION['nick']; $role = getRole($nick); //$email = $_SESSION['email']; if ($role != "admin") { header('Location: main.php'); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Bigou - Mis Álbumes</title> <link href="style/bigou_style.css" rel="stylesheet" type="text/css" /> <script language="JavaScript" src="./business_logic/ajax_bl.js"></script> <script language="JavaScript" type="text/javascript" src="./business_logic/lib/jquery-1.11.3.min.js"></script> <script> var role = "<?php echo $role; ?> "; if(role=="admin"){
function renderProject($project = '', $target = '', $inline = FALSE, $all_can_edit = _VALS_SOC_MENTOR_ACCESS_ALL) { if (!$project) { return t('I cannot show this project. It seems empty.'); } if (is_object($project)) { $project = objectToArray($project); } else { //It is NOT an object, so: array } $key_name = Groups::keyField(_PROJECT_OBJ); $id = $project[$key_name]; $type = _PROJECT_OBJ; $role = getRole(); $content = "<div class=\"totheright\">"; if (_STUDENT_TYPE == getRole()) { $content .= "<br/><br/><input type='button' onclick=\"getProposalFormForProject(" . $project['pid'] . ")\" value='.t( 'Submit proposal for this project').'/>"; } $is_inproject_organisation = Groups::isAssociate(_PROJECT_OBJ, $id); //If not inline and either owner or mentor and mentors allowed to edit... if (!$inline && ($all_can_edit && $is_inproject_organisation || Groups::isOwner(_PROJECT_OBJ, $id))) { $delete_action = "onclick='if(confirm(\"" . t('Are you sure you want to delete this project?') . "\")){ajaxCall(\"project\", \"delete\", {type: \"{$type}\", id: {$id}, target: \"{$target}\"}, \"refreshTabs\", \"json\", [\"{$type}\", \"{$target}\", \"project\"]);}'"; $edit_action = "onclick='ajaxCall(\"project\", \"edit\", {type: \"{$type}\", id: {$id}, target: \"{$target}\"}, \"formResult\", \"html\", [\"{$target}\", \"project\"]);'"; $content .= "<input type='button' value='" . t('edit') . "' {$edit_action}/>"; $content .= "<input type='button' value='" . t('delete') . "' {$delete_action}/>"; } $content .= "</div>"; $content .= "<h2>" . $project['title'] . "</h2>"; if ($is_inproject_organisation) { $content .= "<h3>Statistics</h3>"; $content .= "<p>Number of student views: " . $project['views'] . "<BR>" . "Number of times marked by a student: " . $project['likes'] . "</p>"; } $content .= '<p>' . $project['description'] . '</p>'; if ($project['url']) { $content .= '<p>' . tt('More information can be found at %1$s', "<a href='{$project['url']}'> {$project['url']}</a>") . '</p>'; } if (!$inline) { if (getRole() != _ANONYMOUS_TYPE) { module_load_include('inc', 'vals_soc', 'includes/ui/comments/threaded_comments'); $content .= initComments($id, _PROJECT_OBJ); } } return $content; }
public function insert() { // $os = $this->getOs(); // if(!$os){ // return false; // } $data = array('name' => $_REQUEST['name'], 'host' => $_REQUEST['host'], 'nickname' => $_REQUEST['nickname'], 'port' => intval($_REQUEST['port']), 'passwd' => $_REQUEST['passwd']); $ret = daocall("nodes", "insertNode", array($data)); if ($ret !== false) { // header("Location: ?c=nodes&a=listNode"); } $log = array('operate_object' => 'name=' . $_REQUEST['name'], 'admin' => getRole('admin'), 'operate' => $_REQUEST['a']); apicall('operatelog', 'operatelogAdd', array($log)); $this->flush(); }
$deleteReturnMessage = _("Your request failed because your inputs were invalid."); } else { if ($deleteReturn == "success0") { $deleteReturnMessage = _("Your request was completed successfully."); $class = "success"; } } } } } print "<div class='{$class}'>"; print $deleteReturnMessage; print "</div>"; } //Get role within learning area $role = getRole($_SESSION[$guid]["gibbonPersonID"], $gibbonDepartmentID, $connection2); if ($role != "Coordinator" and $role != "Assistant Coordinator" and $role != "Teacher (Curriculum)" and $role != "Director" and $role != "Manager") { print "<div class='error'>"; print _("The selected record does not exist, or you do not have access to it."); print "</div>"; } else { ?> <form method="post" action="<?php print $_SESSION[$guid]["absoluteURL"] . "/modules/" . $_SESSION[$guid]["module"] . "/department_editProcess.php?gibbonDepartmentID={$gibbonDepartmentID}&address=" . $_GET["q"]; ?> " enctype="multipart/form-data"> <table class='smallIntBorder' cellspacing='0' style="width: 100%"> <tr class='break'> <td colspan=2> <h3><?php print _('Overview');
// Check auction_permission checkPermission('DELETE_OFFER'); // Check if bid exists - this is for cheaters who are not coming via the delete_confirm $sql = "SELECT FK_auction_offer_last_bid_user_id\r\n FROM " . AUCTION_OFFER_TABLE . "\r\n WHERE PK_auction_offer_id= " . $HTTP_GET_VARS[POST_AUCTION_OFFER_URL] . ""; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not query auction-start and stop date', '', __LINE__, __FILE__, $sql); } // if $auction_corresponding_bids_start_stop_row = $db->sql_fetchrow($result); // if a bid already exists just admins and mods can delete the offer if ($auction_corresponding_bids_start_stop_row['FK_auction_offer_last_bid_user_id'] != '' and getRole() != 'administrator' and getRole() != 'moderator' and $userdata['user_level'] != ADMIN) { message_die(GENERAL_MESSAGE, $lang['auction_no_permission_delete_bid_exists']); } // if // registered and auctioneers can only move their own offers $role = getRole(); if ($role == 'registered' or $role == 'auctioneer') { $sql = "SELECT FK_auction_offer_user_id\r\n FROM " . AUCTION_OFFER_TABLE . "\r\n WHERE PK_auction_offer_id=" . $HTTP_GET_VARS[POST_AUCTION_OFFER_URL]; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not query offer-seller', '', __LINE__, __FILE__, $sql); } $auction_offer = $db->sql_fetchrow($result); // stop the evil person moving the offer if ($auction_offer['FK_auction_offer_user_id'] != $userdata['user_id']) { message_die(GENERAL_MESSAGE, $lang['auction_no_permission_delete']); } } $sql = "SELECT pic_filename\r\n FROM " . AUCTION_IMAGE_TABLE . "\r\n WHERE pic_auction_id = " . $HTTP_GET_VARS[POST_AUCTION_OFFER_URL]; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not select pic information', '', __LINE__, __FILE__, $sql); }
/** * @brief Checks if the currently logged-in user is an administrator. * @returns boolean */ function isAdmin() { return getRole() == 'Admin'; }
function showProjectPage($show_last = FALSE, $owner_only = false) { global $base_url; //TODO check for the role of current user $role = getRole(); if (!Users::isMentor()) { //true for both mentors and organisation admins. Also, they will see their own stuff only echo t('You are not allowed to see the projects in this view.'); return; } //Get my groups $my_organisations = Groups::getGroups(_ORGANISATION_GROUP); if (!$my_organisations->rowCount()) { //There are no organisations yet for this user if ($role == _ORGADMIN_TYPE) { echo t('You have no organisation yet.') . '<br/>'; echo "<a href='" . _WEB_URL . "/dashboard/organisation/administer'>" . t('Please go to the organisation register page') . "</a>"; } else { echo t('You are not connected to any organisation yet.') . '<br/>'; echo "<a href='" . _WEB_URL . "/user/" . Users::getMyId() . "/edit'>" . t('Please edit your account to connect') . "</a>"; } } else { $show_all = !(bool) $owner_only; $owner_id = $GLOBALS['user']->uid; $orgs = array(); $orgids = array(); foreach ($my_organisations as $org) { $orgs[] = $org; $orgids[] = $org->org_id; } $projects = Project::getProjectsByUser($owner_id, $orgids, $show_all); //$my_organisations->fetchCol()); if (!$projects) { echo $owner_only ? t('You have no project yet registered') : t('There are no projects yet registered.'); echo $owner_only ? "<BR>" . '<a href="' . $base_url . '/dashboard/projects/administer" ' . 'title="Manage all my organisation\'s projects">Manage all my organisation\'s projects</a>' : ''; echo '<h2>' . t('Add a project') . '</h2>'; $tab_prefix = 'project_page-'; $target = "{$tab_prefix}1"; $form = drupal_get_form("vals_soc_project_form", '', 'project_page-1'); $form['submit'] = ajax_pre_render_element($form['submit']); $add_tab = renderForm($form, $target, true); $data = array(); $data[] = array(1, 'Add', 'add', _PROJECT_OBJ, '0', "target=admin_container", true, 'adding from the right'); echo renderTabs(1, null, 'project_page-', _PROJECT_OBJ, $data, null, TRUE, $add_tab, 1, _PROJECT_OBJ); ?> <script type="text/javascript"> transform_into_rte(); activatetabs('tab_', ['project_page-1']); </script><?php } else { echo "<a href='" . _WEB_URL . "/dashboard/projects/administer'>" . t('Show all') . "</a>"; echo " | "; echo "<a href='" . _WEB_URL . "/dashboard/projects/administer/mine'>" . t('Show only mine') . "</a>"; $org = 1; $show_org_title = $my_organisations->rowCount() > 1; $org_key = AbstractEntity::keyField(_ORGANISATION_GROUP); foreach ($orgs as $organisation) { $projects = Project::getProjectsByUser($owner_id, array($organisation->{$org_key}), $show_all); showOrganisationProjects($org, $projects, $organisation, $show_org_title, $show_last, TRUE, $owner_only); $org++; } } } }