public function addRole($role) { if ($this > hasRole($role)) { return; } $this->recordThat(new RoleWasAddedToGroup($this->getIdentity(), $role)); $this->roles[] = $role; return $this; }
<?php die; header('Content-type: application/json'); require_once "include.php"; require_once "../../configuration.php"; require_once "../../include.php"; session_start(); $con = mysql_connect($MYSQL_HOSTNAME, $MYSQL_USERNAME, $MYSQL_PASSWORD); if (!$con) { die("-2"); } if (!mysql_select_db($MYSQL_DATABASE, $con)) { mysql_close($con); die("-3"); } if (!hasRole($_GET["googleid"], "ROLE_USER", $con)) { mysql_close($con); die("-4"); } $paymentObject = executePayment(getPaypalAccessToken(), $_SESSION["paypalPaymentId"], $_GET["PayerID"]); if ($paymentObject->state === "approved") { addRole($_GET["googleid"], "ROLE_PRO", $con); //grant user pro echo json_encode($paymentObject); } else { echo "-1"; } unset($_SESSION["paypalPaymentId"]); mysql_close($con);
function initBrowseProposalsByTypeLayout($owner_only = false) { $only_mine_query = (bool) $owner_only ? '&mine_only=true' : ''; $only_mine_js = (bool) $owner_only ? 'true' : 'false'; // ORG ADMIN & MENTOR VIEWS if (hasRole(array(_ORGADMIN_TYPE)) || hasRole(array(_MENTOR_TYPE))) { $org_id = 0; if (isset($_GET['organisation'])) { $org_id = $_GET['organisation']; } echo "<a href='" . _WEB_URL . "/dashboard/proposals/browsebytype'>" . t('Show all proposals for my organisation') . "</a>"; echo " | "; echo "<a href='" . _WEB_URL . "/dashboard/proposals/browsebytype/mine'>" . t('Show only mine') . "</a>"; ?> <div class="filtering" style="width: 800px;"> <span id="infotext" style="margin-left: 34px"></span> <form id="proposal_filter"> <?php echo t('Filter by Organisation'); ?> : <?php // echo t('Organisations'); ?> <select id="organisation" name="organisation"> <option <?php echo !$org_id ? 'selected="selected"' : ''; ?> value="0"><?php echo t('All My Organisations'); ?> </option><?php $result = Organisations::getInstance()->getMyOrganisations(TRUE); foreach ($result as $record) { $selected = $record->org_id == $org_id ? 'selected="selected" ' : ''; echo '<option ' . $selected . 'value="' . $record->org_id . '">' . $record->name . '</option>'; } ?> </select> </form> </div> <div id="TableContainer" style="width: 800px;"></div> <script type="text/javascript"> jQuery(document).ready(function($){ window.view_settings = {}; function loadFilteredProposals(){ $("#TableContainer").jtable("load", { organisation: $("#organisation").val(), }); } //Prepare jTable $("#TableContainer").jtable({ paging: true, pageSize: 10, sorting: true, defaultSorting: "pid ASC", actions: { listAction: moduleUrl + "actions/project_actions.php?action=list_search_proposal_count<?php echo $only_mine_query; ?> " }, fields: { pid: { key: true, create: false, edit: false, list: false }, title: { title: "Project", width: "49%", display: function (data) { return "<a title=\"View project details\" href=\"javascript:void(0);\" onclick=\"getProjectDetail("+data.record.pid+")\">" + data.record.title+"</a>"; }, }, org_name: { title: "Organisation", width: "35%", display: function (data){return data.record.org_name;} }, proposal_count : { title: "Proposals", width: "10%", display: function (data){return data.record.proposal_count;} }, proposal_view : { width: "6%", title: "View", sorting: false, display: function (data) { if(data.record.proposal_count > 0){ return "<a title=\"View Proposals\" href=\"javascript:void(0);\" "+ "onclick=\"getProposalsForProject("+data.record.pid+",<?php echo $only_mine_js; ?> )\">"+ "<span class=\"ui-icon ui-icon-info\">See detail</span></a>"; } }, create: false, edit: false }, }, }); //Load proposal list from server on initial page load loadFilteredProposals(); $("#organisation").change(function(e) { e.preventDefault(); loadFilteredProposals(); }); $("#proposal_filter").submit(function(e){ e.preventDefault(); loadFilteredProposals() }); }); </script><?php } else { if (hasRole(array(_INSTADMIN_TYPE)) || hasRole(array(_SUPERVISOR_TYPE))) { $studentgroup_id = 0; if (isset($_GET['group'])) { $studentgroup_id = $_GET['group']; } echo "<a href='" . _WEB_URL . "/dashboard/proposals/browsebytype'>" . t('Show all proposals from my Institution') . "</a>"; echo " | "; echo "<a href='" . _WEB_URL . "/dashboard/proposals/browsebytype/mine'>" . t('Show only mine') . "</a>"; ?> <div class="filtering" style="width: 800px;"> <span id="infotext" style="margin-left: 34px"></span> <form id="proposal_filter"> <?php echo t('Filter by Group'); ?> : <?php // echo t('Organisations'); $option_text = (bool) $owner_only ? t('All My Groups') : t('All Groups from my Institution'); if ($owner_only) { $result = Groups::getGroups(_STUDENT_GROUP, $GLOBALS['user']->uid); } else { $institutes = Users::getInstituteForUser($GLOBALS['user']->uid); if ($institutes->rowCount() > 0) { $result = Groups::getGroups(_STUDENT_GROUP, 'all', $institutes->fetchObject()->inst_id); } else { // give up, just get their own $result = Groups::getGroups(_STUDENT_GROUP, $GLOBALS['user']->uid); } } ?> <select id="group" name="group"> <option <?php echo !$studentgroup_id ? 'selected="selected"' : ''; ?> value="0"><?php echo $option_text; ?> </option><?php foreach ($result as $record) { $selected = $record->studentgroup_id == $studentgroup_id ? 'selected="selected" ' : ''; echo '<option ' . $selected . 'value="' . $record->studentgroup_id . '">' . $record->name . '</option>'; } ?> </select> </form> </div> <div id="TableContainer" style="width: 800px;"></div> <script type="text/javascript"> jQuery(document).ready(function($){ window.view_settings = {}; function loadFilteredProposals(){ $("#TableContainer").jtable("load", { group: $("#group").val(), }); } //Prepare jTable $("#TableContainer").jtable({ paging: true, pageSize: 10, sorting: true, defaultSorting: "pid ASC", actions: { listAction: moduleUrl + "actions/institute_actions.php?action=list_search_proposal_count_student<?php echo $only_mine_query; ?> " }, fields: { uid: { key: true, create: false, edit: false, list: false }, username: { title: "Student", width: "42%", display: function (data) { return data.record.username; }, }, groupname: { title: "Group name", width: "42%", display: function (data){return data.record.groupname;} }, proposal_count : { title: "Proposals", width: "10%", display: function (data){return data.record.proposal_count;} }, proposal_view : { width: "6%", title: "View", sorting: false, display: function (data) { if(data.record.proposal_count > 0){ return "<a title=\"View Proposals\" href=\"javascript:void(0);\" "+ "onclick=\"getProposalsForStudent("+data.record.uid+",<?php echo $only_mine_js; ?> )\">"+ "<span class=\"ui-icon ui-icon-info\">See detail</span></a>"; } }, create: false, edit: false }, }, }); //Load proposal list from server on initial page load loadFilteredProposals(); $("#group").change(function(e) { e.preventDefault(); loadFilteredProposals(); }); $("#proposal_filter").submit(function(e){ e.preventDefault(); loadFilteredProposals() }); }); </script><?php } else { } } }
<?php header('Content-type: application/json'); require_once "../../configuration.php"; require_once "../../include.php"; if ($AUTO_ESCAPE) { $google_token = stripslashes($_GET["googletoken"]); } else { $google_token = $_GET["googletoken"]; } $google_id = getGoogleId($google_token); $con = mysql_connect($MYSQL_HOSTNAME, $MYSQL_USERNAME, $MYSQL_PASSWORD); mysql_select_db($MYSQL_DATABASE, $con); if (hasRole($google_id, "ROLE_ADMIN", $con)) { $query = mysql_query("select count(*) from emailUpdates;", $con); if ($row = mysql_fetch_row($query)) { echo json_encode(["status" => "success", "numEmails" => $row[0]]); } else { echo json_encode(["status" => "failed", "error" => "SERVER_ERROR"]); } } else { echo json_encode(["status" => "failed", "error" => "PERMISSION_DENIED"]); } mysql_close($con);
// Il doit aussi redéfinir la variable $ROLE qui donne le role nécessaire // à l'appel de ce service. Si $ROLE est vide, tout le monde est autorisé. $ROLE = "ADMINISTRATOR"; try { include "svc/{$service}.php"; } catch (Exception $e) { echo "<pre>"; echo $e->getMessage(); echo "</pre>\n"; $fatal = 'SYNTAX'; } echo "<pre>SERVER:"; print_r($_SERVER); echo "</pre>"; $fatal = ''; if (hasRole($ROLE)) { try { $output = execService($input, new System()); } catch (Exception $e) { $msg = $e->getMessage(); echo "<pre>{$msg}</pre>\n"; if (substr($msg, 0, 1) == '!') { $fatal = $msg; } else { $fatal = 'ERROR'; } } } else { // Pas de droits. Role insuffisant. $fatal = '!' . $ROLE; }
} else { $google_token = $_POST["googleToken"]; } $google_id = getGoogleId($google_token); $con = mysql_connect($MYSQL_HOSTNAME, $MYSQL_USERNAME, $MYSQL_PASSWORD); if (!$con) { header("HTTP/1.1 307 Temporary Redirect"); header("Location: http://{$PREFERRED_HOSTNAME}/goPro"); die; } if (!mysql_select_db($MYSQL_DATABASE, $con)) { header("HTTP/1.1 307 Temporary Redirect"); header("Location: http://{$PREFERRED_HOSTNAME}/goPro"); die; } if (hasRole($google_id, "ROLE_PRO", $con)) { header("HTTP/1.1 307 Temporary Redirect"); header("Location: http://{$PREFERRED_HOSTNAME}/home"); die; } mysql_close($con); if ($google_id == null || $_POST["payAmount"] < 5) { header("HTTP/1.1 307 Temporary Redirect"); header("Location: http://{$PREFERRED_HOSTNAME}/goPro"); die; } session_start(); $paymentObject = createPaypalPayment(getpayPalAccessToken(), getPaymentDataObject("http://{$PREFERRED_HOSTNAME}/goPro?finishPurchase=true&googleid={$google_id}", "http://{$PREFERRED_HOSTNAME}/goPro", $_POST["payAmount"], "USD", "PWYW Lifetime Googulator Pro", "Lifetime Googulator Pro", "PWYWGOOGPRO")); foreach ($paymentObject->links as $link) { if ($link->rel == "approval_url") { $redirectUrl = $link->href;
function getListView() { if (hasRole(array(_ORGADMIN_TYPE)) || hasRole(array(_MENTOR_TYPE)) || hasRole(array(_INSTADMIN_TYPE)) || hasRole(array(_SUPERVISOR_TYPE))) { ?> <div id="TableContainer" style="width: 800px;"></div> <script type="text/javascript"> jQuery(document).ready(function($){ window.view_settings = {}; function loadFilteredProjects(){ $("#TableContainer").jtable("load", { //organisation: $("#organisation").val(), }); } //Prepare jTable $("#TableContainer").jtable({ paging: true, pageSize: 10, sorting: true, defaultSorting: "pid ASC", actions: { listAction: moduleUrl + "actions/agreement_actions.php?action=list_search" }, fields: { agreement_id: { key: true, create: false, edit: false, list: false }, title: { title: "Project", width: "34%", display: function (data) { return "<a title=\"View project details\" href=\"javascript:void(0);\" onclick=\"getProjectDetail("+data.record.project_id+")\">" + data.record.title+"</a>"; }, }, name: { title: "Student", width: "30%", display: function (data){ var op = data.record.name; if(data.record.student_name != null){ op += ' (' +data.record.student_name + ')'; } return op; } }, <?php if (hasRole(array(_ORGADMIN_TYPE)) || hasRole(array(_MENTOR_TYPE))) { ?> supervisor_user_name: { title: "Supervisor", width: "30%", display: function (data){ var op = data.record.supervisor_user_name; if(data.record.supervisor_name != null){ op += ' (' +data.record.supervisor_name + ')'; } return op; } }, <?php } ?> <?php if (hasRole(array(_INSTADMIN_TYPE)) || hasRole(array(_SUPERVISOR_TYPE))) { ?> mentor_user_name: { title: "Mentor", width: "30%", display: function (data){ var op = data.record.mentor_user_name; if(data.record.mentor_name != null){ op += ' (' +data.record.mentor_name + ')'; } return op; } }, <?php } ?> proposal_view : { width: "6%", title: "View", sorting: false, display: function (data) { return "<a title=\"View Project\" href=\"javascript:void(0);\" "+ "onclick=\"getAcceptedProjectOverview("+data.record.agreement_id+")\">"+ "<span class=\"ui-icon ui-icon-info\">See detail</span></a>"; }, create: false, edit: false }, }, }); //Load projects list from server on initial page load loadFilteredProjects(); }); </script><?php } else { echo t('Sorry you are not allowed to access this page'); } }
if ($google_id == null) { die("-1"); } //we know this is a valid token, now we need to confirm it's the primary administrator if (strcmp($PRIMARY_ADMIN_USER, $google_id) != 0) { //we can also try checking the database to see if this user is set as an administrator //during this process we have to check for errors all along the way in case the database isn't there or is broken $sql = mysql_connect($MYSQL_HOSTNAME, $MYSQL_USERNAME, $MYSQL_PASSWORD); if (mysqli_connect_errno()) { die(json_encode(["status" => "failed", "error" => "PERMISSION_DENIED"])); } if (!mysql_select_db($MYSQL_DATABASE, $sql)) { mysql_close($sql); die(json_encode(["status" => "failed", "error" => "PERMISSION_DENIED"])); } if (!hasRole($google_id, "ROLE_ADMIN", $sql)) { mysql_close($sql); die(json_encode(["status" => "failed", "error" => "PERMISSION_DENIED"])); } mysql_close($sql); } $sql = new mysqli($MYSQL_HOSTNAME, $MYSQL_USERNAME, $MYSQL_PASSWORD); if (mysqli_connect_errno()) { die(json_encode(["status" => "failed", "error" => "MYSQL_CONFIG_ERROR"])); } if (!$sql->select_db($MYSQL_DATABASE)) { $sql->query("create schema {$MYSQL_DATABASE} default character set utf8mb4 collate utf8mb4_unicode_ci;"); if (!$sql->select_db($MYSQL_DATABASE)) { $sql->close(); die(json_encode(["status" => "failed", "error" => "MYSQL_SCHEMA_CREATE_FAIL"])); }