public function require_login($userlvl = "user")
{
switch ($userlvl) {
case "user":
$allowed = $this->is_logged_in;
break;
case "moderator":
$allowed = $this->is_moderator;
break;
case "admin":
$allowed = $this->is_admin;
break;
default:
$allowed = FALSE;
break;
}
if (!$allowed && !$this->is_logged_in) {
//Redirect to login page
$urlnew = encode_decode_redirect_url($_SERVER["REQUEST_URI"]);
if ($urlnew == "") {
redirect_to_url('/login.php');
} else {
redirect_to_url('/login.php?url=' . urlencode($urlnew));
}
} else {
if (!$allowed && $this->is_logged_in) {
//They Shouldn't be here. Redirect to homepage.
redirect_to_url('');
} else {
return TRUE;
}
}
}
$item_id = (int)$_GET['id'];
}
$item = new Item($item_id);
QR::item($item_id);
$valid_actions = array('delete', 'checkout', 'return');
if(isset($_GET['action']) && in_array($_GET['action'], $valid_actions)){
$auth->require_login();
$action = $_GET['action'];
if( $action == 'delete' && $item->get_owner_id() == $user_id ){
Item::delete($item_id);
redirect_to_url('/items/view_items.php?u=' . $user_id);
}
//TODO: May want to add check if item is available to be checked out
else if( $action == 'checkout' ){
Item::checkout_by_ids($item_id, $user_id);
redirect_to_url('/items/view_items.php?u=' . $user_id);
}
else if( $action == 'return' ){
Item::return_by_id($item_id, $user_id);
//redirect_to_url('/items/view_items.php?u=' . $user_id);
}
}
$page->assign('item', $item->to_array());
$page->assign('page_title', 'Item Details');
$page->display('items/item.tpl');
$type_id = $name = $location = null;
if(isset($_POST['type_id'])){
$type_id = $_POST['type_id'];
}
if(isset($_POST['name'])){
$name = $_POST['name'];
}
if(isset($_POST['location'])){
$location = $_POST['location'];
}
if($type_id != null && $name != null && $location != null){
$new_item_id = Item::create($db->escape_string($name), $type_id, $user_id);
Item::set_location_by_id($new_item_id, $db->escape_string($location));
if(isset($_POST['attributes'])){
$attributes = $_POST['attributes'];
foreach($attributes as $attribute){
$attribute_id = (int)$attribute['id'];
$value = $db->escape_string($attribute['value']);
//echo "ID: $attribute_id V: $value";
$new_attribute = new Attribute($new_item_id, $attribute_id);
$new_attribute->set_value($value);
}
}
redirect_to_url("/items/item.php?id=$new_item_id");
}
<?php
namespace tatt;
require_once 'tatt/webcommon.php';
if(isset($_GET['url'])){
$redirect_url = encode_decode_redirect_url($_GET['url']);
} else {
$redirect_url = '';
}
if(isset($_GET['action'])){
if($_GET['action'] == 'logout'){
$auth->logout();
redirect_to_url('/' . $redirect_url);
}
$username = $_POST['username'];
$password = $_POST['password'];
$auth->login($username,$password);
if($auth->is_logged_in()){
redirect_to_url('/' . $redirect_url);
}
}
//TODO Bad login, display login pagei
$page->assign('redirect_url',$redirect_url);
$page->assign('page_title', 'Login Failed');
$page->display('login.tpl');
