/** * Usergroups::delete() * Function responsible to delete a user group. * @return void */ public function add() { $clang = Yii::app()->lang; $aData = array(); $aViewUrls = array(); if (Permission::model()->hasGlobalPermission('CMS', 'create')) { //echo $test = getBasePath(); $controllername = $this->getId(); $newPath = "application.views."; $newPath = YiiBase::getPathOfAlias($newPath); //$filepath = $newPath . '\admin\cms\template\default.tpl.php'; $filepath = $newPath . '/admin/cms/template/default.tpl.php'; $page_content = $_POST['template_editor']; // $page_content = html_entity_decode($page_content, ENT_QUOTES, "UTF-8"); // $page_content = fixCKeditorText($page_content); if (file_put_contents($filepath, $page_content, LOCK_EX)) { Yii::app()->setFlashMessage($clang->gT("Template updated successfully")); $this->getController()->redirect(array("admin/template/index")); } } else { Yii::app()->setFlashMessage($clang->gT("You do not have sufficient rights to access page."), 'error'); $this->getController()->redirect(array("admin/index")); } $this->_renderWrappedTemplate('cms/cms', $aViewUrls, $aData); }
public function project() { $clang = Yii::app()->lang; if (!Permission::model()->hasGlobalPermission('Reports', 'read')) { Yii::app()->setFlashMessage($clang->gT("You do not have sufficient rights to access this page."), 'error'); $this->getController()->redirect(array("admin/index")); } App()->getClientScript()->registerCssFile(Yii::app()->getConfig('styleurl') . "jquery.dataTables.css"); App()->getClientScript()->registerScriptFile(Yii::app()->getConfig('adminscripts') . 'jquery.dataTables.min.js'); $sql = "SELECT Company_name,AVG(IFNULL(cpc,0)) AS avg_ven_cpc, AVG(IFNULL(proj_CPC,0)) AS avg_comp_cpc\n , SUM(IFNULL(cpc*total_completed,0)) AS tot_cost, SUM(IFNULL(proj_CPC,0)) AS tot_revenues\n , SUM(IFNULL(proj_CPC*total_completed,0)-IFNULL(cpc*total_completed,0)) AS tot_profit, SUM(IFNULL(total_completed,0)) AS tot_completed\n FROM {{view_project_master_vendors}} WHERE ifnull(total_completed,0)>0 GROUP BY company_name"; $sqlsum = ' SELECT SUM(IFNULL(tot_completed,0)) AS total_completed, SUM(IFNULL(tot_profit,0)) AS total_profit , SUM(IFNULL(tot_cost,0)) AS total_cost,SUM(IFNULL(tot_revenues,0)) AS total_revenues FROM ( ' . $sql . ' ) AS totals'; $dr_det1 = Yii::app()->db->createCommand($sql . ' ORDER BY tot_profit ')->query()->readAll(); $dr_sum1 = Yii::app()->db->createCommand($sqlsum)->query()->readAll(); $sql = "SELECT sales_name,AVG(IFNULL(cpc,0)) AS avg_ven_cpc, AVG(IFNULL(proj_CPC,0)) AS avg_comp_cpc\n , SUM(IFNULL(cpc*total_completed,0)) AS tot_cost, SUM(IFNULL(proj_CPC,0)) AS tot_revenues\n , SUM(IFNULL(proj_CPC*total_completed,0)-IFNULL(cpc*total_completed,0)) AS tot_profit, SUM(IFNULL(total_completed,0)) AS tot_completed\n FROM {{view_project_master_vendors}} WHERE ifnull(total_completed,0)>0 GROUP BY sales_name"; $dr_det2 = Yii::app()->db->createCommand($sql . ' ORDER BY tot_profit ')->query()->readAll(); $aData['row'] = 0; $aData['dr_det1'] = $dr_det1; $aData['dr_det2'] = $dr_det2; $aData['dr_sum1'] = $dr_sum1; $aData['imageurl'] = Yii::app()->getConfig("adminimageurl"); if (strpos($_SERVER['REQUEST_URI'], '/print')) { $aData['display']['header'] = false; $aData['display']['menu_bars'] = false; $aData['display']['footer'] = false; } else { $aData['display']['header'] = true; $aData['display']['menu_bars'] = true; $aData['display']['footer'] = true; } $this->_renderWrappedTemplate('reports', 'view_project', $aData); }
/** * Displays a particular model. * @param integer $id the ID of the model to be displayed */ public function actionSetpermission() { // echo "set permission"; $user = $_REQUEST['user']; $permission_id = $_REQUEST['per_id']; $bool = $_REQUEST['bool']; echo $bool; if ($bool == "true") { $bool = 1; } else { $bool = 0; } // $ = $_REQUEST['per_id']; $model = Permission::model()->count("username = '******' and permission_id = '{$permission_id}' "); if ($model == 0) { $p = new Permission(); $p->username = $user; $p->permission_id = $permission_id; $p->status = 1; if ($p->save()) { echo "added"; } else { print_r($p->getErrors()); } } else { $p = Permission::model()->find("username = '******' and permission_id = '{$permission_id}' "); $p->status = $bool; if ($p->save()) { echo "updated"; } else { print_r($p->getErrors()); } } }
public static function isAllowPermission($uid, $module, $controller, $action) { if ($action == 'login' || $action == 'logout') { return true; } if (!isset(Yii::app()->user->isAdmin)) { header('location:' . Yii::app()->homeUrl . 'adminuser/default/login'); exit; } if ($action == 'error') { return true; } $criteria = new CDbCriteria(); $criteria->select = '*'; $criteria->join = 'INNER JOIN user_permissions ON `t`.id=user_permissions.permission_id'; $criteria->condition = 'userid = :uid'; $criteria->params = array(":uid" => $uid); $permissions = Permission::model()->findAll($criteria); foreach ($permissions as $item) { if ($item->module == $module && $item->controller == $controller && $item->action == $action) { return true; } } return false; }
public function run() { App()->loadHelper('surveytranslator'); $aData['issuperadmin'] = false; if (Permission::model()->hasGlobalPermission('superadmin', 'read')) { $aData['issuperadmin'] = true; } // We get the last survey visited by user $setting_entry = 'last_survey_' . Yii::app()->user->getId(); $lastsurvey = getGlobalSetting($setting_entry); $survey = Survey::model()->findByPk($lastsurvey); if ($lastsurvey != null && $survey) { $aData['showLastSurvey'] = true; $iSurveyID = $lastsurvey; $surveyinfo = $survey->surveyinfo; $aData['surveyTitle'] = $surveyinfo['surveyls_title'] . "(" . gT("ID") . ":" . $iSurveyID . ")"; $aData['surveyUrl'] = $this->getController()->createUrl("admin/survey/sa/view/surveyid/{$iSurveyID}"); } else { $aData['showLastSurvey'] = false; } // We get the last question visited by user $setting_entry = 'last_question_' . Yii::app()->user->getId(); $lastquestion = getGlobalSetting($setting_entry); // the question group of this question $setting_entry = 'last_question_gid_' . Yii::app()->user->getId(); $lastquestiongroup = getGlobalSetting($setting_entry); // the sid of this question : last_question_sid_1 $setting_entry = 'last_question_sid_' . Yii::app()->user->getId(); $lastquestionsid = getGlobalSetting($setting_entry); $survey = Survey::model()->findByPk($lastquestionsid); if ($lastquestion && $lastquestiongroup && $survey) { $baselang = $survey->language; $aData['showLastQuestion'] = true; $qid = $lastquestion; $gid = $lastquestiongroup; $sid = $lastquestionsid; $qrrow = Question::model()->findByAttributes(array('qid' => $qid, 'gid' => $gid, 'sid' => $sid, 'language' => $baselang)); if ($qrrow) { $aData['last_question_name'] = $qrrow['title']; if ($qrrow['question']) { $aData['last_question_name'] .= ' : ' . $qrrow['question']; } $aData['last_question_link'] = $this->getController()->createUrl("admin/questions/sa/view/surveyid/{$sid}/gid/{$gid}/qid/{$qid}"); } else { $aData['showLastQuestion'] = false; } } else { $aData['showLastQuestion'] = false; } $aData['countSurveyList'] = count(getSurveyList(true)); // We get the home page display setting $aData['bShowSurveyList'] = getGlobalSetting('show_survey_list') == "show"; $aData['bShowSurveyListSearch'] = getGlobalSetting('show_survey_list_search') == "show"; $aData['bShowLogo'] = getGlobalSetting('show_logo') == "show"; $aData['oSurveySearch'] = new Survey('search'); $aData['bShowLastSurveyAndQuestion'] = getGlobalSetting('show_last_survey_and_question') == "show"; $aData['iBoxesByRow'] = (int) getGlobalSetting('boxes_by_row'); $aData['sBoxesOffSet'] = (string) getGlobalSetting('boxes_offset'); $this->_renderWrappedTemplate('super', 'welcome', $aData); }
function index() { $aData = array(); $needpermission = false; $aData['surveyid'] = $surveyid = sanitize_int(Yii::app()->request->getQuery('sid')); $aData['sa'] = $sa = sanitize_paranoid_string(Yii::app()->request->getQuery('sa', 'index')); if (($aData['sa'] == 'survey_logic_file' || $aData['sa'] == 'navigation_test') && $surveyid) { $needpermission = true; } if ($needpermission && !Permission::model()->hasSurveyPermission($surveyid, 'surveycontent', 'read')) { App()->getClientScript()->registerPackage('jquery-superfish'); $message['title'] = gT('Access denied!'); $message['message'] = gT('You do not have sufficient rights to access this page.'); $message['class'] = "error"; $this->_renderWrappedTemplate('survey', array("message" => $message), $aData); } else { App()->getClientScript()->registerPackage('jqueryui'); App()->getClientScript()->registerScriptFile(Yii::app()->getConfig('generalscripts') . "survey_runtime.js"); App()->getClientScript()->registerScriptFile(Yii::app()->getConfig('generalscripts') . "expressions/em_javascript.js"); App()->getClientScript()->registerCssFile(Yii::app()->getConfig('adminstyleurl') . "adminstyle.css"); $this->_printOnLoad(Yii::app()->request->getQuery('sa', 'index')); $aData['pagetitle'] = "ExpressionManager: {$aData['sa']}"; //header("Content-type: text/html; charset=UTF-8"); // needed for correct UTF-8 encoding if (isset($_GET['sa'])) { $this->test($aData['sa'], $aData); } else { $this->_renderWrappedTemplate('expressions', 'test_view', $aData); } } }
public function checkAccess($operation, $params = array(), $allowCaching = true) { if ($operation == 'administrator') { return Permission::model()->hasGlobalPermission('superadmin', 'read'); } else { return parent::checkAccess($operation, $params, $allowCaching); } }
public function __construct() { if (Yii::app()->getConfig('DBVersion') < 172) { // Permission::model exist only after 172 DB version return $this->xssfilter = $this->xssfilter && Yii::app()->getConfig('filterxsshtml'); } $this->xssfilter = $this->xssfilter && Yii::app()->getConfig('filterxsshtml') && !Permission::model()->hasGlobalPermission('superadmin', 'read'); }
function __construct($controller, $id) { parent::__construct($controller, $id); if (!Permission::model()->hasGlobalPermission('superadmin', 'read')) { die; } if (!in_array(Yii::app()->db->getDriverName(), array('mysql', 'mysqli')) || Yii::app()->getConfig('demoMode') == true) { die($this->getController()->lang->gT('This feature is only available for MySQL databases.')); } }
function mod() { $clang = Yii::app()->lang; if (!Permission::model()->hasGlobalPermission('panellist', 'update')) { Yii::app()->setFlashMessage($clang->gT("You do not have sufficient rights to access this page."), 'error'); $this->getController()->redirect(array("admin/index")); } $clang = Yii::app()->lang; $action = isset($_POST['action']) ? $_POST['action'] : ''; $aData = array(); $aViewUrls = array(); if (Permission::model()->hasGlobalPermission('', 'create')) { if ($action == "editcategory") { // Project details $category_id = (int) Yii::app()->request->getPost("category_id"); $category_title = flattenText($_POST['category_title'], false, true, 'UTF-8', true); $sort_order = flattenText($_POST['sort_order'], false, true, 'UTF-8', true); $IsActive = flattenText(Yii::app()->request->getPost("IsActive")); $is_Active = 0; if ($IsActive) { $is_Active = 1; } if ($category_title == '') { $aViewUrls['message'] = array('title' => $clang->gT("Failed to add Category"), 'message' => $clang->gT("Category Name is invalid."), 'class' => 'warningheader'); } else { $oUser = category::model()->findByPk($category_id); $oUser->title = $category_title; $oUser->sorder = $sort_order; $oUser->IsActive = $is_Active; $oUser->modified_date = Date('y-m-d h:i:s'); $NewCategory = $oUser->save(); if ($NewCategory) { Yii::app()->setFlashMessage($clang->gT("Profile Category Updated successfully")); $this->getController()->redirect(array("admin/profilecategory/index")); } } } else { if (isset($_POST['category_id'])) { $aData['row'] = 0; $aData['usr_arr'] = array(); // Project detail $category_id = (int) Yii::app()->request->getPost("category_id"); $action = Yii::app()->request->getPost("action"); $sresult = profilecategoryview($category_id); // only use in view_editcompany $aData['category_id'] = $category_id; $aData['mur'] = $sresult; $this->_renderWrappedTemplate('panellist/category', 'editcategory_view', $aData); return; } } } Yii::app()->setFlashMessage(Yii::app()->lang->gT("You do not have sufficient rights to access this page."), 'error'); $this->getController()->redirect(array("admin/profilecategory/index")); }
public function selectPermissionsByName($name = 'Guest') { // пошук прав за назвою ролі $permissionList = Role::model()->findByAttributes(array('name' => $name)); $data = array(array()); if ($permissionList->permission_list[0] != ',' && $permissionList->permission_list != '') { $data = Permission::model()->selectByRole($permissionList->permission_list); } elseif ($permissionList->permission_list != '') { $list = substr($permissionList->permission_list, 1); $data = Permission::model()->selectByRole($list); } /*error_log(print_r($data,1));*/ return $data; }
/** * Show users table */ public function index() { App()->getClientScript()->registerCssFile(Yii::app()->getConfig('styleurl') . "jquery.dataTables.css"); App()->getClientScript()->registerScriptFile(Yii::app()->getConfig('adminscripts') . 'jquery.dataTables.min.js'); if (Permission::model()->hasGlobalPermission('superadmin', 'read')) { $msglist = Supoort_center::model()->findAll(array('condition' => 'parent = 0')); } else { $msglist = Supoort_center::model()->findAll(array('condition' => 'email_to = ' . Yii::app()->session['loginID'] . ' AND parent = 0')); } //$msglist = getCountry(); $aData['row'] = 0; $aData['msglist'] = $msglist; $aData['imageurl'] = Yii::app()->getConfig("adminimageurl"); $this->_renderWrappedTemplate('message', 'view_addmessage', $aData); }
public function index() { $clang = Yii::app()->lang; if (!Permission::model()->hasGlobalPermission('superadmin', 'read') && !Permission::model()->hasGlobalPermission('panellist', 'read')) { Yii::app()->setFlashMessage($clang->gT("You do not have sufficient rights to access page."), 'error'); $this->getController()->redirect(array("admin/index")); } App()->getClientScript()->registerCssFile(Yii::app()->getConfig('styleurl') . "jquery.dataTables.css"); App()->getClientScript()->registerScriptFile(Yii::app()->getConfig('adminscripts') . 'jquery.dataTables.min.js'); //$userlist = profilecategoryview(); $aData['row'] = 0; //$aData['usr_arr'] = $userlist; $aData['imageurl'] = Yii::app()->getConfig("adminimageurl"); $this->_renderWrappedTemplate('panellist', 'view_panellist', $aData); }
public function newUserSession() { // Do nothing if this user is not Authwebserver type $identity = $this->getEvent()->get('identity'); if ($identity->plugin != 'Authwebserver') { return; } /* @var $identity LSUserIdentity */ $sUser = $this->getUserName(); $oUser = $this->api->getUserByName($sUser); if (is_null($oUser)) { if (function_exists("hook_get_auth_webserver_profile")) { // If defined this function returns an array // describing the default profile for this user $aUserProfile = hook_get_auth_webserver_profile($sUser); } elseif ($this->api->getConfigKey('auth_webserver_autocreate_user')) { $aUserProfile = $this->api->getConfigKey('auth_webserver_autocreate_profile'); } } else { if (Permission::model()->hasGlobalPermission('auth_webserver', 'read', $oUser->uid)) { $this->setAuthSuccess($oUser); return; } else { $this->setAuthFailure(self::ERROR_AUTH_METHOD_INVALID, gT('Web server authentication method is not allowed for this user')); return; } } if ($this->api->getConfigKey('auth_webserver_autocreate_user') && isset($aUserProfile) && is_null($oUser)) { // user doesn't exist but auto-create user is set $oUser = new User(); $oUser->users_name = $sUser; $oUser->password = hash('sha256', createPassword()); $oUser->full_name = $aUserProfile['full_name']; $oUser->parent_id = 1; $oUser->lang = $aUserProfile['lang']; $oUser->email = $aUserProfile['email']; if ($oUser->save()) { $permission = new Permission(); $permission->setPermissions($oUser->uid, 0, 'global', $this->api->getConfigKey('auth_webserver_autocreate_permissions'), true); Permission::model()->setGlobalPermission($oUser->uid, 'auth_webserver'); // read again user from newly created entry $this->setAuthSuccess($oUser); return; } else { $this->setAuthFailure(self::ERROR_USERNAME_INVALID); } } }
public function run() { App()->loadHelper('surveytranslator'); App()->getClientScript()->registerPackage('panel-clickable'); App()->getClientScript()->registerPackage('panels-animation'); $aData['issuperadmin'] = false; if (Permission::model()->hasGlobalPermission('superadmin', 'read')) { $aData['issuperadmin'] = true; } // We get the last survey visited by user $setting_entry = 'last_survey_' . Yii::app()->user->getId(); $lastsurvey = getGlobalSetting($setting_entry); if ($lastsurvey != null) { $aData['showLastSurvey'] = true; $iSurveyID = $lastsurvey; $surveyinfo = Survey::model()->findByPk($iSurveyID)->surveyinfo; $aData['surveyTitle'] = $surveyinfo['surveyls_title'] . "(" . gT("ID") . ":" . $iSurveyID . ")"; $aData['surveyUrl'] = $this->getController()->createUrl("admin/survey/sa/view/surveyid/{$iSurveyID}"); } else { $aData['showLastSurvey'] = false; } // We get the last question visited by user $setting_entry = 'last_question_' . Yii::app()->user->getId(); $lastquestion = getGlobalSetting($setting_entry); // the question group of this question $setting_entry = 'last_question_gid_' . Yii::app()->user->getId(); $lastquestiongroup = getGlobalSetting($setting_entry); // the sid of this question : last_question_sid_1 $setting_entry = 'last_question_sid_' . Yii::app()->user->getId(); $lastquestionsid = getGlobalSetting($setting_entry); if ($lastquestion != null && $lastquestiongroup != null) { $baselang = Survey::model()->findByPk($iSurveyID)->language; $aData['showLastQuestion'] = true; $qid = $lastquestion; $gid = $lastquestiongroup; $sid = $lastquestionsid; $qrrow = Question::model()->findByAttributes(array('qid' => $qid, 'gid' => $gid, 'sid' => $sid, 'language' => $baselang)); $aData['last_question_name'] = $qrrow['title']; if ($qrrow['question']) { $aData['last_question_name'] .= ' : ' . $qrrow['question']; } $aData['last_question_link'] = $this->getController()->createUrl("admin/questions/sa/view/surveyid/{$iSurveyID}/gid/{$gid}/qid/{$qid}"); } else { $aData['showLastQuestion'] = false; } $aData['countSurveyList'] = count(getSurveyList(true)); $this->_renderWrappedTemplate('super', 'welcome', $aData); }
function initKcfinder() { Yii::app()->session['KCFINDER'] = array(); $sAllowedExtensions = implode(' ', array_map('trim', explode(',', Yii::app()->getConfig('allowedresourcesuploads')))); $_SESSION['KCFINDER']['types'] = array('files' => $sAllowedExtensions, 'flash' => $sAllowedExtensions, 'images' => $sAllowedExtensions); if (Yii::app()->getRequest()->enableCsrfValidation && !empty(Yii::app()->getRequest()->csrfCookie)) { $_SESSION['KCFINDER']['cookieDomain'] = Yii::app()->getRequest()->csrfCookie->domain; } if (Yii::app()->getConfig('demoMode') === false && isset(Yii::app()->session['loginID']) && isset(Yii::app()->session['FileManagerContext'])) { // disable upload at survey creation time // because we don't know the sid yet if (preg_match('/^(create|edit):(question|group|answer)/', Yii::app()->session['FileManagerContext']) != 0 || preg_match('/^edit:survey/', Yii::app()->session['FileManagerContext']) != 0 || preg_match('/^edit:assessments/', Yii::app()->session['FileManagerContext']) != 0 || preg_match('/^edit:emailsettings/', Yii::app()->session['FileManagerContext']) != 0) { $contextarray = explode(':', Yii::app()->session['FileManagerContext'], 3); $surveyid = $contextarray[2]; if (Permission::model()->hasSurveyPermission($surveyid, 'surveycontent', 'update')) { $_SESSION['KCFINDER']['disabled'] = false; if (preg_match('/^edit:emailsettings/', $_SESSION['FileManagerContext']) != 0) { // Uploadurl use public url or getBaseUrl(true); // Maybe need external function $sBaseAbsoluteUrl = Yii::app()->getBaseUrl(true); $sPublicUrl = Yii::app()->getConfig("publicurl"); $aPublicUrl = parse_url($sPublicUrl); if (isset($aPublicUrl['scheme']) && isset($aPublicUrl['host'])) { $sBaseAbsoluteUrl = $sPublicUrl; } $sBaseUrl = Yii::app()->getBaseUrl(); $sUploadUrl = Yii::app()->getConfig('uploadurl'); if (substr($sUploadUrl, 0, strlen($sBaseUrl)) == $sBaseUrl) { $sUploadUrl = substr($sUploadUrl, strlen($sBaseUrl)); } $_SESSION['KCFINDER']['uploadURL'] = trim($sBaseAbsoluteUrl, "/") . $sUploadUrl . "/surveys/{$surveyid}/"; } else { $_SESSION['KCFINDER']['uploadURL'] = Yii::app()->getConfig('uploadurl') . "/surveys/{$surveyid}/"; } $_SESSION['KCFINDER']['uploadDir'] = realpath(Yii::app()->getConfig('uploaddir')) . DIRECTORY_SEPARATOR . 'surveys' . DIRECTORY_SEPARATOR . $surveyid . DIRECTORY_SEPARATOR; } } elseif (preg_match('/^edit:label/', Yii::app()->session['FileManagerContext']) != 0) { $contextarray = explode(':', Yii::app()->session['FileManagerContext'], 3); $labelid = $contextarray[2]; // check if the user has label management right and labelid defined if (Permission::model()->hasGlobalPermission('labelsets', 'update') && isset($labelid) && $labelid != '') { $_SESSION['KCFINDER']['disabled'] = false; $_SESSION['KCFINDER']['uploadURL'] = Yii::app()->getConfig('uploadurl') . "/labels/{$labelid}/"; $_SESSION['KCFINDER']['uploadDir'] = realpath(Yii::app()->getConfig('uploaddir')) . DIRECTORY_SEPARATOR . 'labels' . DIRECTORY_SEPARATOR . $labelid . DIRECTORY_SEPARATOR; } } } }
public function allowOnlyOwner() { $c = Yii::app()->controller->id; $a = Yii::app()->controller->action->id; $id = Yii::app()->user->id; $p_id = MasterPermission::model()->find("controllerID = '{$c}' and actionID='{$a}' ")->id; $cek = Permission::model()->count("username = '******' and permission_id = '{$p_id}' "); if ($cek > 0) { return true; } else { return false; } // $action = $this->action->Id; // if(Yii::app()->user->level()==1) // return true; }
public function view($iSurveyId) { $iSurveyId = sanitize_int($iSurveyId); $aViewUrls = array(); if (!Permission::model()->hasSurveyPermission($iSurveyId, 'responses', 'read')) { die; } App()->getClientScript()->registerPackage('jquery-tablesorter'); App()->getClientScript()->registerScriptFile(Yii::app()->getConfig('adminscripts') . 'saved.js'); $aThisSurvey = getSurveyInfo($iSurveyId); $aData['sSurveyName'] = $aThisSurvey['name']; $aData['iSurveyId'] = $iSurveyId; $aViewUrls[] = 'savedbar_view'; $aViewUrls['savedlist_view'][] = $this->_showSavedList($iSurveyId); $this->_renderWrappedTemplate('saved', $aViewUrls, $aData); }
/** * Function responsible to process any change in email template. * @return */ function update($iSurveyId) { $uploadUrl = Yii::app()->getBaseUrl(true) . substr(Yii::app()->getConfig('uploadurl'), strlen(Yii::app()->getConfig('publicurl')) - 1); // We need the real path since we check that the resolved file name starts with this path. $uploadDir = realpath(Yii::app()->getConfig('uploaddir')); $sSaveMethod = Yii::app()->request->getPost('save', ''); $clang = $this->getController()->lang; if (Permission::model()->hasSurveyPermission($iSurveyId, 'surveylocale', 'update') && $sSaveMethod != '') { $languagelist = Survey::model()->findByPk($iSurveyId)->additionalLanguages; $languagelist[] = Survey::model()->findByPk($iSurveyId)->language; array_filter($languagelist); foreach ($languagelist as $langname) { if (isset($_POST['attachments'][$langname])) { foreach ($_POST['attachments'][$langname] as $template => &$attachments) { foreach ($attachments as $index => &$attachment) { // We again take the real path. $localName = realpath(urldecode(str_replace($uploadUrl, $uploadDir, $attachment['url']))); if ($localName !== false) { if (strpos($localName, $uploadDir) === 0) { $attachment['url'] = $localName; $attachment['size'] = filesize($localName); } else { unset($attachments[$index]); } } else { unset($attachments[$index]); } } unset($attachments); } } else { $_POST['attachments'][$langname] = array(); } $attributes = array('surveyls_email_invite_subj' => $_POST['email_invitation_subj_' . $langname], 'surveyls_email_invite' => $_POST['email_invitation_' . $langname], 'surveyls_email_remind_subj' => $_POST['email_reminder_subj_' . $langname], 'surveyls_email_remind' => $_POST['email_reminder_' . $langname], 'surveyls_email_register_subj' => $_POST['email_registration_subj_' . $langname], 'surveyls_email_register' => $_POST['email_registration_' . $langname], 'surveyls_email_confirm_subj' => $_POST['email_confirmation_subj_' . $langname], 'surveyls_email_confirm' => $_POST['email_confirmation_' . $langname], 'email_admin_notification_subj' => $_POST['email_admin_notification_subj_' . $langname], 'email_admin_notification' => $_POST['email_admin_notification_' . $langname], 'email_admin_responses_subj' => $_POST['email_admin_detailed_notification_subj_' . $langname], 'email_admin_responses' => $_POST['email_admin_detailed_notification_' . $langname], 'attachments' => serialize($_POST['attachments'][$langname])); $usquery = SurveyLanguageSetting::model()->updateAll($attributes, 'surveyls_survey_id = :ssid AND surveyls_language = :sl', array(':ssid' => $iSurveyId, ':sl' => $langname)); } Yii::app()->session['flashmessage'] = $clang->gT("Email templates successfully saved."); $this->getController()->redirect(array('admin/emailtemplates/sa/index/surveyid/' . $iSurveyId)); } if ($sSaveMethod == 'saveclose') { $this->getController()->redirect(array('admin/survey/sa/view/surveyid/' . $iSurveyId)); } else { self::index($iSurveyId); } }
function index() { $aData = array(); $needpermission = false; $aData['surveyid'] = $surveyid = $iSurveyID = sanitize_int(Yii::app()->request->getQuery('sid')); $aData['sa'] = $sa = sanitize_paranoid_string(Yii::app()->request->getQuery('sa', 'index')); $aData['fullpagebar']['closebutton']['url'] = 'admin/'; if (($aData['sa'] == 'survey_logic_file' || $aData['sa'] == 'navigation_test') && $surveyid) { $needpermission = true; } if ($needpermission && !Permission::model()->hasSurveyPermission($surveyid, 'surveycontent', 'read')) { $message['title'] = gT('Access denied!'); $message['message'] = gT('You do not have sufficient rights to access this page.'); $message['class'] = "error"; $this->_renderWrappedTemplate('survey', array("message" => $message), $aData); } else { App()->getClientScript()->registerPackage('jqueryui'); App()->getClientScript()->registerScriptFile(Yii::app()->getConfig('generalscripts') . "survey_runtime.js"); App()->getClientScript()->registerScriptFile(Yii::app()->getConfig('generalscripts') . "expressions/em_javascript.js"); //App()->getClientScript()->registerCssFile(Yii::app()->getConfig('adminstyleurl') . "adminstyle.css" ); $this->_printOnLoad(Yii::app()->request->getQuery('sa', 'index')); $aData['pagetitle'] = "ExpressionManager: {$aData['sa']}"; if (isset($iSurveyID)) { $aData['sidebar']['state'] = "close"; $surveyinfo = Survey::model()->findByPk($iSurveyID)->surveyinfo; $aData['title_bar']['title'] = $surveyinfo['surveyls_title'] . "(" . gT("ID") . ":" . $iSurveyID . ")"; if (Yii::app()->request->getQuery('gid') != '') { $aData['questiongroupbar']['closebutton']['url'] = 'admin/questiongroups/sa/view/surveyid/' . $aData['surveyid'] . '/gid/' . sanitize_int(Yii::app()->request->getQuery('gid')); } else { $aData['surveybar']['closebutton']['url'] = 'admin/survey/sa/view/surveyid/' . $aData['surveyid']; } if (Yii::app()->request->getQuery('qid') != '') { $aData['questiongroupbar']['closebutton']['url'] = 'admin/questions/sa/view/surveyid/' . $aData['surveyid'] . '/gid/' . sanitize_int(Yii::app()->request->getQuery('gid')) . '/qid/' . sanitize_int(Yii::app()->request->getQuery('qid')); $aData['gid'] = sanitize_int(Yii::app()->request->getQuery('gid')); } } //header("Content-type: text/html; charset=UTF-8"); // needed for correct UTF-8 encoding if (isset($_GET['sa'])) { $this->test($aData['sa'], $aData); } else { $this->_renderWrappedTemplate('expressions', 'test_view', $aData); } } }
public function selectPremissionByRole($id) { $result = Role::model()->findByPk($id); $premissionsByRole = explode(',', $result->permission_list); $result = Permission::model()->findAll(); $data = array(); foreach ($result as $key => $value) { $data[$key]['id'] = $id; $data[$key]['premId'] = $value->id; if (in_array($value->id, $premissionsByRole)) { $data[$key]['check'] = true; } else { $data[$key]['check'] = false; } $data[$key]['alias'] = $value->alias; } //error_log(print_r($data,true)); return $data; }
public function view($iSurveyId) { $iSurveyId = sanitize_int($iSurveyId); $aViewUrls = array(); if (!Permission::model()->hasSurveyPermission($iSurveyId, 'responses', 'read')) { die; } $aThisSurvey = getSurveyInfo($iSurveyId); $aData['sSurveyName'] = $aThisSurvey['name']; $aData['iSurveyId'] = $iSurveyId; $aViewUrls[] = 'savedbar_view'; $aViewUrls['savedlist_view'][] = $this->_showSavedList($iSurveyId); // saved.js bugs if table is empty if (count($aViewUrls['savedlist_view'][0]['aResults'])) { App()->getClientScript()->registerPackage('jquery-tablesorter'); $this->registerScriptFile('ADMIN_SCRIPT_PATH', 'saved.js'); } $this->_renderWrappedTemplate('saved', $aViewUrls, $aData); }
function delcron() { $clang = Yii::app()->lang; if (!Permission::model()->hasGlobalPermission('superadmin', 'read') && !Permission::model()->hasGlobalPermission('cron', 'delete')) { Yii::app()->setFlashMessage($clang->gT("You do not have sufficient rights to access page."), 'error'); $this->getController()->redirect(array("admin/index")); } $action = $_GET["action"]; if ($action == "Clear_Previous_Data") { $sql = "DELETE FROM {{CronLog}} WHERE Start_DateTime < DATE_SUB(NOW(), INTERVAL 2 DAY) "; $result = Yii::app()->db->createCommand($sql)->execute(); if ($result > 0) { Yii::app()->setFlashMessage($clang->gT("Cron delete successfully")); } else { Yii::app()->setFlashMessage($clang->gT("Cron does not deleted"), 'error'); } $this->getController()->redirect(array("admin/cron/view_cron")); return true; } }
/** * dataentry::view() * view a dataentry * @param mixed $surveyid * @param mixed $lang * @return */ public function view($surveyid, $lang = NULL) { $surveyid = sanitize_int($surveyid); $lang = isset($_GET['lang']) ? $_GET['lang'] : NULL; if (isset($lang)) { $lang = sanitize_languagecode($lang); } $aViewUrls = array(); if (Permission::model()->hasSurveyPermission($surveyid, 'responses', 'create')) { $sDataEntryLanguage = Survey::model()->findByPk($surveyid)->language; $surveyinfo = getSurveyInfo($surveyid); $slangs = Survey::model()->findByPk($surveyid)->additionalLanguages; $baselang = Survey::model()->findByPk($surveyid)->language; array_unshift($slangs, $baselang); if (is_null($lang) || !in_array($lang, $slangs)) { $sDataEntryLanguage = $baselang; } else { $sDataEntryLanguage = $lang; } $langlistbox = languageDropdown($surveyid, $sDataEntryLanguage); $thissurvey = getSurveyInfo($surveyid); //This is the default, presenting a blank dataentry form LimeExpressionManager::StartSurvey($surveyid, 'survey', NULL, false, LEM_PRETTY_PRINT_ALL_SYNTAX); $moveResult = LimeExpressionManager::NavigateForwards(); $aData['thissurvey'] = $thissurvey; $aData['langlistbox'] = $langlistbox; $aData['surveyid'] = $surveyid; $aData['sDataEntryLanguage'] = $sDataEntryLanguage; $aData['site_url'] = Yii::app()->homeUrl; LimeExpressionManager::StartProcessingPage(true, Yii::app()->baseUrl); // means that all variables are on the same page $aViewUrls[] = 'caption_view'; Yii::app()->loadHelper('database'); // SURVEY NAME AND DESCRIPTION TO GO HERE $degquery = "SELECT * FROM {{groups}} WHERE sid={$surveyid} AND language='{$sDataEntryLanguage}' ORDER BY {{groups}}.group_order"; $degresult = dbExecuteAssoc($degquery); // GROUP NAME $aDataentryoutput = ''; foreach ($degresult->readAll() as $degrow) { LimeExpressionManager::StartProcessingGroup($degrow['gid'], $thissurvey['anonymized'] != "N", $surveyid); $deqquery = "SELECT * FROM {{questions}} WHERE sid={$surveyid} AND parent_qid=0 AND gid={$degrow['gid']} AND language='{$sDataEntryLanguage}'"; $deqrows = (array) dbExecuteAssoc($deqquery)->readAll(); $aDataentryoutput .= "\t<tr class='info'>\n" . "<!-- Inside controller dataentry.php -->" . "<td colspan='3'><h4>" . flattenText($degrow['group_name'], true) . "</h4></td>\n" . "\t</tr>\n"; $gid = $degrow['gid']; $aDataentryoutput .= "\t<tr class='data-entry-separator'><td colspan='3'></td></tr>\n"; // Perform a case insensitive natural sort on group name then question title of a multidimensional array usort($deqrows, 'groupOrderThenQuestionOrder'); $bgc = 'odd'; foreach ($deqrows as $deqrow) { $cdata = array(); $qidattributes = getQuestionAttributeValues($deqrow['qid']); $cdata['qidattributes'] = $qidattributes; $hidden = isset($qidattributes['hidden']) ? $qidattributes['hidden'] : 0; // TODO - can questions be hidden? Are JavaScript variables names used? Consistently with everywhere else? // LimeExpressionManager::ProcessRelevance($qidattributes['relevance'],$deqrow['qid'],NULL,$deqrow['type'],$hidden); // TMSW Condition->Relevance: Show relevance equation instead of conditions here - better yet, have data entry use survey-at-a-time but with different view $qinfo = LimeExpressionManager::GetQuestionStatus($deqrow['qid']); $relevance = trim($qinfo['info']['relevance']); $explanation = trim($qinfo['relEqn']); $validation = trim($qinfo['prettyValidTip']); $qidattributes = getQuestionAttributeValues($deqrow['qid']); $array_filter_help = flattenText($this->_array_filter_help($qidattributes, $sDataEntryLanguage, $surveyid)); if ($relevance != '' && $relevance != '1' || $validation != '' || $array_filter_help != '') { $showme = '<div class="alert alert-warning col-sm-8 col-sm-offset-2" role="alert">'; if ($bgc == "even") { $bgc = "odd"; } else { $bgc = "even"; } //Do no alternate on explanation row if ($relevance != '' && $relevance != '1') { $showme = '<strong>' . gT("Only answer this if the following conditions are met:", 'html', $sDataEntryLanguage) . "</strong><br />{$explanation}\n"; } if ($validation != '') { $showme .= '<strong>' . gT("The answer(s) must meet these validation criteria:", 'html', $sDataEntryLanguage) . "</strong><br />{$validation}\n"; } if ($showme != '' && $array_filter_help != '') { $showme .= '<br/>'; } if ($array_filter_help != '') { $showme .= '<strong>' . gT("The answer(s) must meet these array_filter criteria:", 'html', $sDataEntryLanguage) . "</strong><br />{$array_filter_help}\n"; } $showme .= '</div>'; $cdata['explanation'] = "<tr class ='data-entry-explanation'><td class='data-entry-small-text' colspan='3' align='left'>{$showme}</td></tr>\n"; } //END OF GETTING CONDITIONS //Alternate bgcolor for different groups if (!isset($bgc)) { $bgc = "even"; } if ($bgc == "even") { $bgc = "odd"; } else { $bgc = "even"; } $qid = $deqrow['qid']; $fieldname = "{$surveyid}" . "X" . "{$gid}" . "X" . "{$qid}"; $cdata['bgc'] = $bgc; $cdata['fieldname'] = $fieldname; $cdata['deqrow'] = $deqrow; $cdata['thissurvey'] = $thissurvey; if ($deqrow['help']) { $hh = addcslashes($deqrow['help'], "..'\""); //Escape ASCII decimal 0-32 plus single and double quotes to make JavaScript happy. $hh = htmlspecialchars($hh, ENT_QUOTES); //Change & " ' < > to HTML entities to make HTML happy. $cdata['hh'] = $hh; } switch ($deqrow['type']) { case "Q": //MULTIPLE SHORT TEXT //MULTIPLE SHORT TEXT case "K": $deaquery = "SELECT question,title FROM {{questions}} WHERE parent_qid={$deqrow['qid']} AND language='{$sDataEntryLanguage}' ORDER BY question_order"; $dearesult = dbExecuteAssoc($deaquery); $cdata['dearesult'] = $dearesult->readAll(); break; case "1": // multi scale^ $deaquery = "SELECT * FROM {{questions}} WHERE parent_qid={$deqrow['qid']} AND language='{$baselang}' ORDER BY question_order"; $dearesult = dbExecuteAssoc($deaquery); $cdata['dearesult'] = $dearesult->readAll(); $oquery = "SELECT other FROM {{questions}} WHERE qid={$deqrow['qid']} AND language='{$baselang}'"; $oresult = dbExecuteAssoc($oquery) or safeDie("Couldn't get other for list question<br />" . $oquery); foreach ($oresult->readAll() as $orow) { $cdata['fother'] = $orow['other']; } break; case "L": //LIST drop-down/radio-button list //LIST drop-down/radio-button list case "!": // $qidattributes=getQuestionAttributeValues($deqrow['qid']); if ($deqrow['type'] == '!' && trim($qidattributes['category_separator']) != '') { $optCategorySeparator = $qidattributes['category_separator']; } else { unset($optCategorySeparator); } $defexists = ""; $deaquery = "SELECT * FROM {{answers}} WHERE qid={$deqrow['qid']} AND language='{$sDataEntryLanguage}' ORDER BY sortorder, answer"; $dearesult = dbExecuteAssoc($deaquery); //$aDataentryoutput .= "\t<select name='$fieldname' class='form-control' >\n"; $aDatatemp = ''; if (!isset($optCategorySeparator)) { foreach ($dearesult->readAll() as $dearow) { $aDatatemp .= "<option value='{$dearow['code']}'"; //if ($dearow['default_value'] == "Y") {$aDatatemp .= " selected='selected'"; $defexists = "Y";} $aDatatemp .= ">{$dearow['answer']}</option>\n"; } } else { $defaultopts = array(); $optgroups = array(); foreach ($dearesult->readAll() as $dearow) { list($categorytext, $answertext) = explode($optCategorySeparator, $dearow['answer']); if ($categorytext == '') { $defaultopts[] = array('code' => $dearow['code'], 'answer' => $answertext, 'default_value' => $dearow['assessment_value']); } else { $optgroups[$categorytext][] = array('code' => $dearow['code'], 'answer' => $answertext, 'default_value' => $dearow['assessment_value']); } } foreach ($optgroups as $categoryname => $optionlistarray) { $aDatatemp .= "<optgroup class=\"dropdowncategory\" label=\"" . $categoryname . "\">\n"; foreach ($optionlistarray as $optionarray) { $aDatatemp .= "\t<option value='{$optionarray['code']}'"; //if ($optionarray['default_value'] == "Y") {$aDatatemp .= " selected='selected'"; $defexists = "Y";} $aDatatemp .= ">{$optionarray['answer']}</option>\n"; } $aDatatemp .= "</optgroup>\n"; } foreach ($defaultopts as $optionarray) { $aDatatemp .= "\t<option value='{$optionarray['code']}'"; //if ($optionarray['default_value'] == "Y") {$aDatatemp .= " selected='selected'"; $defexists = "Y";} $aDatatemp .= ">{$optionarray['answer']}</option>\n"; } } $oquery = "SELECT other FROM {{questions}} WHERE qid={$deqrow['qid']} AND language='{$sDataEntryLanguage}'"; $oresult = dbExecuteAssoc($oquery) or safeDie("Couldn't get other for list question<br />"); foreach ($oresult->readAll() as $orow) { $fother = $orow['other']; } $cdata['fother'] = $fother; $cdata['defexists'] = $defexists; $cdata['datatemp'] = $aDatatemp; break; case "O": //LIST WITH COMMENT drop-down/radio-button list + textarea $defexists = ""; $deaquery = "SELECT * FROM {{answers}} WHERE qid={$deqrow['qid']} AND language='{$sDataEntryLanguage}' ORDER BY sortorder, answer"; $dearesult = dbExecuteAssoc($deaquery); //$aDataentryoutput .= "\t<select name='$fieldname'>\n"; $aDatatemp = ''; foreach ($dearesult->readAll() as $dearow) { $aDatatemp .= "<option value='{$dearow['code']}'"; //if ($dearow['default_value'] == "Y") {$aDatatemp .= " selected='selected'"; $defexists = "Y";} $aDatatemp .= ">{$dearow['answer']}</option>\n"; } $cdata['datatemp'] = $aDatatemp; $cdata['defexists'] = $defexists; break; case "R": //RANKING TYPE QUESTION $thisqid = $deqrow['qid']; $ansquery = "SELECT * FROM {{answers}} WHERE qid={$thisqid} AND language='{$sDataEntryLanguage}' ORDER BY sortorder, answer"; $ansresult = dbExecuteAssoc($ansquery); $ansresult = $ansresult->readAll(); $anscount = count($ansresult); $cdata['thisqid'] = $thisqid; $cdata['anscount'] = $anscount; $ansresult = Yii::app()->db->createCommand($ansquery)->query()->readAll(); //Checked $anscount = count($ansresult); $answers = array(); foreach ($ansresult as $ansrow) { $answers[] = $ansrow; } $cdata['answers'] = $answers; App()->getClientScript()->registerPackage('jquery-actual'); App()->getClientScript()->registerScriptFile(Yii::app()->getConfig('generalscripts') . 'ranking.js'); App()->getClientScript()->registerCssFile(Yii::app()->getConfig('publicstyleurl') . 'ranking.css'); unset($answers); break; case "M": //Multiple choice checkbox (Quite tricky really!) if (trim($qidattributes['display_columns']) != '') { $dcols = $qidattributes['display_columns']; } else { $dcols = 0; } $meaquery = "SELECT title, question FROM {{questions}} WHERE parent_qid={$deqrow['qid']} AND language='{$sDataEntryLanguage}' ORDER BY question_order"; $mearesult = dbExecuteAssoc($meaquery); $cdata['mearesult'] = $mearesult->readAll(); $meacount = count($cdata['mearesult']); $cdata['meacount'] = $meacount; $cdata['dcols'] = $dcols; break; case "I": //Language Switch $slangs = Survey::model()->findByPk($surveyid)->additionalLanguages; $sbaselang = Survey::model()->findByPk($surveyid)->language; array_unshift($slangs, $sbaselang); $cdata['slangs'] = $slangs; break; case "P": //Multiple choice with comments checkbox + text //$aDataentryoutput .= "<table border='0'>\n"; $meaquery = "SELECT * FROM {{questions}} WHERE parent_qid={$deqrow['qid']} AND language='{$sDataEntryLanguage}' ORDER BY question_order, question"; $mearesult = dbExecuteAssoc($meaquery); $cdata['mearesult'] = $mearesult->readAll(); break; case "|": // $qidattributes = getQuestionAttributeValues($deqrow['qid']); $cdata['qidattributes'] = $qidattributes; $maxfiles = $qidattributes['max_num_of_files']; $cdata['maxfiles'] = $maxfiles; break; case "A": //ARRAY (5 POINT CHOICE) radio-buttons $meaquery = "SELECT title, question FROM {{questions}} WHERE parent_qid={$deqrow['qid']} AND language='{$sDataEntryLanguage}' ORDER BY question_order"; $mearesult = dbExecuteAssoc($meaquery); $cdata['mearesult'] = $mearesult->readAll(); break; case "B": //ARRAY (10 POINT CHOICE) radio-buttons $meaquery = "SELECT title, question FROM {{questions}} WHERE parent_qid={$deqrow['qid']} AND language='{$sDataEntryLanguage}' ORDER BY question_order"; $mearesult = dbExecuteAssoc($meaquery); $cdata['mearesult'] = $mearesult->readAll(); case "C": //ARRAY (YES/UNCERTAIN/NO) radio-buttons $meaquery = "SELECT title, question FROM {{questions}} WHERE parent_qid={$deqrow['qid']} AND language='{$sDataEntryLanguage}' ORDER BY question_order"; $mearesult = dbExecuteAssoc($meaquery); $cdata['mearesult'] = $mearesult->readAll(); break; case "E": //ARRAY (YES/UNCERTAIN/NO) radio-buttons $meaquery = "SELECT title, question FROM {{questions}} WHERE parent_qid={$deqrow['qid']} AND language='{$sDataEntryLanguage}' ORDER BY question_order"; $mearesult = dbExecuteAssoc($meaquery) or safeDie("Couldn't get answers, Type \"E\"<br />{$meaquery}<br />"); $cdata['mearesult'] = $mearesult->readAll(); break; case ":": //ARRAY (Multi Flexi) // $qidattributes=getQuestionAttributeValues($deqrow['qid']); $minvalue = 1; $maxvalue = 10; if (trim($qidattributes['multiflexible_max']) != '' && trim($qidattributes['multiflexible_min']) == '') { $maxvalue = $qidattributes['multiflexible_max']; $minvalue = 1; } if (trim($qidattributes['multiflexible_min']) != '' && trim($qidattributes['multiflexible_max']) == '') { $minvalue = $qidattributes['multiflexible_min']; $maxvalue = $qidattributes['multiflexible_min'] + 10; } if (trim($qidattributes['multiflexible_min']) != '' && trim($qidattributes['multiflexible_max']) != '') { if ($qidattributes['multiflexible_min'] < $qidattributes['multiflexible_max']) { $minvalue = $qidattributes['multiflexible_min']; $maxvalue = $qidattributes['multiflexible_max']; } } if (trim($qidattributes['multiflexible_step']) != '') { $stepvalue = $qidattributes['multiflexible_step']; } else { $stepvalue = 1; } if ($qidattributes['multiflexible_checkbox'] != 0) { $minvalue = 0; $maxvalue = 1; $stepvalue = 1; } $cdata['minvalue'] = $minvalue; $cdata['maxvalue'] = $maxvalue; $cdata['stepvalue'] = $stepvalue; $lquery = "SELECT question, title FROM {{questions}} WHERE parent_qid={$deqrow['qid']} and scale_id=1 and language='{$sDataEntryLanguage}' ORDER BY question_order"; $lresult = dbExecuteAssoc($lquery) or die("Couldn't get labels, Type \":\"<br />{$lquery}<br />"); $cdata['lresult'] = $lresult->readAll(); $meaquery = "SELECT question, title FROM {{questions}} WHERE parent_qid={$deqrow['qid']} and scale_id=0 and language='{$sDataEntryLanguage}' ORDER BY question_order"; $mearesult = dbExecuteAssoc($meaquery) or die("Couldn't get answers, Type \":\"<br />{$meaquery}<br />"); $cdata['mearesult'] = $mearesult->readAll(); break; case ";": //ARRAY (Multi Flexi) $lquery = "SELECT * FROM {{questions}} WHERE scale_id=1 and parent_qid={$deqrow['qid']} and language='{$sDataEntryLanguage}' ORDER BY question_order"; $lresult = dbExecuteAssoc($lquery) or die("Couldn't get labels, Type \":\"<br />{$lquery}<br />"); $cdata['lresult'] = $lresult->readAll(); $meaquery = "SELECT * FROM {{questions}} WHERE scale_id=0 and parent_qid={$deqrow['qid']} and language='{$sDataEntryLanguage}' ORDER BY question_order"; $mearesult = dbExecuteAssoc($meaquery) or die("Couldn't get answers, Type \":\"<br />{$meaquery}<br />"); $cdata['mearesult'] = $mearesult->readAll(); break; case "F": //ARRAY (Flexible Labels) //ARRAY (Flexible Labels) case "H": $meaquery = "SELECT * FROM {{questions}} WHERE parent_qid={$deqrow['qid']} and language='{$sDataEntryLanguage}' ORDER BY question_order"; $mearesult = dbExecuteAssoc($meaquery) or safeDie("Couldn't get answers, Type \"E\"<br />{$meaquery}<br />"); $cdata['mearesult'] = $mearesult->readAll(); $fquery = "SELECT * FROM {{answers}} WHERE qid={$deqrow['qid']} and language='{$sDataEntryLanguage}' ORDER BY sortorder, code"; $fresult = dbExecuteAssoc($fquery); $cdata['fresult'] = $fresult->readAll(); break; } $cdata['sDataEntryLanguage'] = $sDataEntryLanguage; $viewdata = $this->getController()->renderPartial("/admin/dataentry/content_view", $cdata, TRUE); $viewdata_em = LimeExpressionManager::ProcessString($viewdata, $deqrow['qid'], NULL, false, 1, 1); $aDataentryoutput .= $viewdata_em; } LimeExpressionManager::FinishProcessingGroup(); } LimeExpressionManager::FinishProcessingPage(); $aDataentryoutput .= LimeExpressionManager::GetRelevanceAndTailoringJavaScript(); $aViewUrls['output'] = $aDataentryoutput; $aData['thissurvey'] = $thissurvey; $aData['surveyid'] = $surveyid; $aData['sDataEntryLanguage'] = $sDataEntryLanguage; if ($thissurvey['active'] == "Y" && $thissurvey['allowsave'] == "Y") { $slangs = Survey::model()->findByPk($surveyid)->additionalLanguages; $sbaselang = Survey::model()->findByPk($surveyid)->language; array_unshift($slangs, $sbaselang); $aData['slangs'] = $slangs; $aData['baselang'] = $baselang; } $aViewUrls[] = 'active_html_view'; $aData['sidemenu']['state'] = false; $aData['menu']['edition'] = true; $aData['menu']['save'] = true; $aData['menu']['close'] = true; $this->_renderWrappedTemplate('dataentry', $aViewUrls, $aData); } }
/** * Modify User POST */ function modcountry() { $clang = Yii::app()->lang; $countries_id = (int) Yii::app()->request->getPost("country_id"); $countries_name = flattenText(Yii::app()->request->getPost("country_name")); $continent_name = flattenText(Yii::app()->request->getPost("continent_name")); $IsActive = flattenText(Yii::app()->request->getPost("IsActive")); $c_name = flattenText(Yii::app()->request->getPost("c_name")); $addsummary = ''; $aViewUrls = array(); $is_Active = 0; if ($IsActive) { $is_Active = 1; } $sresult = Country::model()->findAllByAttributes(array('country_id' => $countries_id)); $sresultcount = count($sresult); if (Permission::model()->hasGlobalPermission('superadmin', 'read') || $sresultcount > 0 && Permission::model()->hasGlobalPermission('Regions', 'update')) { if ($c_name == '') { $aViewUrls['mboxwithredirect'][] = $this->_messageBoxWithRedirect($clang->gT("Editing country"), $clang->gT("Could not modify country."), "warningheader", $clang->gT("Country name not be empty."), $this->getController()->createUrl('admin/country/modifycountry'), $clang->gT("Back"), array('country_id' => $countries_id)); } elseif (Country::model()->findByAttributes(array('country_name' => $c_name, 'continent' => $continent_name, 'IsActive' => $is_Active))) { $aViewUrls['message'] = array('title' => $clang->gT("Failed to add Contry"), 'message' => $clang->gT("The Country already exists."), 'class' => 'warningheader'); } else { $oRecord = Country::model()->findByPk($countries_id); $oRecord->country_name = $this->escape($c_name); $oRecord->continent = $this->escape($continent_name); $oRecord->IsActive = $this->escape($is_Active); $uresult = $oRecord->save(); // store result of save in uresult if ($uresult) { // When saved successfully Yii::app()->setFlashMessage($clang->gT("Country updated successfully")); $this->getController()->redirect(array("admin/country/index")); } else { //Saving the user failed for some reason, message about email is not helpful here // Username and/or email adress already exists. $aViewUrls['mboxwithredirect'][] = $this->_messageBoxWithRedirect($clang->gT("Editing country"), $clang->gT("Could not modify country."), 'warningheader'); } } } else { Yii::app()->setFlashMessage(Yii::app()->lang->gT("You do not have sufficient rights to access this page."), 'error'); $this->getController()->redirect(array("admin/index")); } $this->_renderWrappedTemplate('region/country', $aViewUrls); }
<tr class="evenrow"> <td> </td> <td><strong><?php eT("Questions"); ?> </strong></td> <td><strong><?php eT("Answers"); ?> </strong></td> <td> </td> <td> </td> <td style="padding: 3px;"> <?php if (Permission::model()->hasSurveyPermission($iSurveyId, 'quotas', 'update')) { ?> <?php echo CHtml::form(array("admin/quotas/sa/new_answer/surveyid/{$iSurveyId}"), 'post'); ?> <input name="submit" type="submit" class="quota_new btn btn-default" value="<?php eT("Add answer"); ?> " /> <input type="hidden" name="sid" value="<?php echo $iSurveyId; ?> " /> <input type="hidden" name="action" value="quotas" /> <input type="hidden" name="quota_id" value="<?php echo $quotalisting['id'];
/** * Forgot Password screen */ public function forgotpassword() { $this->_redirectIfLoggedIn(); if (!Yii::app()->request->getPost('action')) { $this->_renderWrappedTemplate('authentication', 'forgotpassword'); } else { $sUserName = Yii::app()->request->getPost('user'); $sEmailAddr = Yii::app()->request->getPost('email'); $aFields = User::model()->findAllByAttributes(array('users_name' => $sUserName, 'email' => $sEmailAddr)); // Preventing attacker from easily knowing whether the user and email address are valid or not (and slowing down brute force attacks) usleep(rand(Yii::app()->getConfig("minforgottenpasswordemaildelay"), Yii::app()->getConfig("maxforgottenpasswordemaildelay"))); if (count($aFields) < 1 || $aFields[0]['uid'] != 1 && !Permission::model()->hasGlobalPermission('auth_db', 'read', $aFields[0]['uid'])) { // Wrong or unknown username and/or email. For security reasons, we don't show a fail message $aData['message'] = '<br>' . gT($this->sent_email_message) . '<br>'; } else { $aData['message'] = '<br>' . $this->_sendPasswordEmail($sEmailAddr, $aFields) . '</br>'; } $this->_renderWrappedTemplate('authentication', 'message', $aData); } }
function getUserGroupList($ugid = NULL, $outputformat = 'optionlist') { //$squery = "SELECT ugid, name FROM ".db_table_name('user_groups') ." WHERE owner_id = {Yii::app()->session['loginID']} ORDER BY name"; $sQuery = "SELECT distinct a.ugid, a.name, a.owner_id FROM {{user_groups}} AS a LEFT JOIN {{user_in_groups}} AS b ON a.ugid = b.ugid WHERE 1=1 "; if (!Permission::model()->hasGlobalPermission('superadmin', 'read')) { $sQuery .= "AND uid = " . Yii::app()->session['loginID']; } $sQuery .= " ORDER BY name"; $sresult = Yii::app()->db->createCommand($sQuery)->query(); //Checked if (!$sresult) { return "Database Error"; } $selecter = ""; foreach ($sresult->readAll() as $row) { $groupnames[] = $row; } //$groupnames = $sresult->GetRows(); $simplegidarray = array(); if (isset($groupnames)) { foreach ($groupnames as $gn) { $selecter .= "<option "; if (Yii::app()->session['loginID'] == $gn['owner_id']) { $selecter .= " style=\"font-weight: bold;\""; } //if (isset($_GET['ugid']) && $gn['ugid'] == $_GET['ugid']) {$selecter .= " selected='selected'"; $svexist = 1;} if ($gn['ugid'] == $ugid) { $selecter .= " selected='selected'"; $svexist = 1; } $link = Yii::app()->getController()->createUrl("/admin/usergroups/sa/view/ugid/" . $gn['ugid']); $selecter .= " value='{$link}'>{$gn['name']}</option>\n"; $simplegidarray[] = $gn['ugid']; } } if (!isset($svexist)) { $selecter = "<option value='-1' selected='selected'>" . gT("Please choose...") . "</option>\n" . $selecter; } //else {$selecter = "<option value='-1'>".gT("None")."</option>\n".$selecter;} if ($outputformat == 'simplegidarray') { return $simplegidarray; } else { return $selecter; } }
<a style="" href="<?php echo $this->createUrl("admin/survey/sa/listsurveys"); ?> "> <?php eT("Surveys"); ?> </a> </li> <li class="dropdown dropdown-split-right"> <a style="padding-left: 5px;padding-right: 5px;" href="#" class="dropdown-toggle" data-toggle="dropdown"> <span style="margin-left: 0px;" class="caret"></span> </a> <ul class="dropdown-menu" role="menu"> <?php if (Permission::model()->hasGlobalPermission('surveys', 'create')) { ?> <!-- Create a new survey --> <li> <a href="<?php echo $this->createUrl("admin/survey/sa/newsurvey"); ?> "> <?php eT("Create a new survey"); ?> </a> </li> <!-- Import a survey --> <li>
public function __construct() { $this->xssfilter = $this->xssfilter && Yii::app()->getConfig('filterxsshtml') && !Permission::model()->hasGlobalPermission('superadmin', 'read'); }