/** * Check user access * * @param array $curatorgroups * @param integer $curator * @return mixed False if no access, string if has access */ protected function _authorize($curatorgroups = array(), $curator = 0) { // Check if they are logged in if (User::isGuest()) { return false; } $authorized = false; // Check if they're a site admin (from Joomla) if (User::authorize($this->_option, 'manage')) { $authorized = 'admin'; } if ($curator && $curator == User::get('id')) { $authorized = 'owner'; return $authorized; } $curatorgroup = $this->config->get('curatorgroup', ''); if ($curatorgroup) { $curatorgroups[] = $curatorgroup; } if (!empty($curatorgroups)) { foreach ($curatorgroups as $curatorgroup) { if ($group = \Hubzero\User\Group::getInstance($curatorgroup)) { // Check if they're a member of this group $ugs = \Hubzero\User\Helper::getGroups(User::get('id')); if ($ugs && count($ugs) > 0) { foreach ($ugs as $ug) { if ($group && $ug->cn == $group->get('cn')) { $authorized = $ug->cn == $curatorgroup ? 'curator' : 'limited'; } } } } } } return $authorized; }
<?php echo (int) $item->id; ?> </td> </tr> <?php } ?> </tbody> </table> <?php //Load the batch processing form.is user is allowed ?> <?php if (User::authorize('core.create', 'com_modules') && User::authorize('core.edit', 'com_modules') && User::authorize('core.edit.state', 'com_modules')) { ?> <?php echo $this->loadTemplate('batch'); ?> <?php } ?> <input type="hidden" name="task" value="" autocomplete="off" /> <input type="hidden" name="boxchecked" value="0" /> <input type="hidden" name="filter_order" value="<?php echo $listOrder; ?> " /> <input type="hidden" name="filter_order_Dir" value="<?php
<?php echo (int) $item->id; ?> </td> </tr> <?php } ?> </tbody> </table> <?php //Load the batch processing form. ?> <?php if (User::authorize('core.create', 'com_content') && User::authorize('core.edit', 'com_content') && User::authorize('core.edit.state', 'com_content')) { ?> <?php echo $this->loadTemplate('batch'); ?> <?php } ?> <input type="hidden" name="task" value="" autocomplete="off" /> <input type="hidden" name="boxchecked" value="0" /> <input type="hidden" name="filter_order" value="<?php echo $listOrder; ?> " /> <input type="hidden" name="filter_order_Dir" value="<?php
* @copyright Copyright 2005-2015 HUBzero Foundation, LLC. * @license http://opensource.org/licenses/MIT MIT */ defined('_HZEXEC_') or die; $this->css(); //get whos online summary $siteUserCount = 0; $adminUserCount = 0; foreach ($this->rows as $row) { if ($row->client_id == 0) { $siteUserCount++; } else { $adminUserCount++; } } $editAuthorized = User::authorize('com_users', 'manage'); ?> <div class="<?php echo $this->module->module; ?> " id="<?php echo $this->module->module . $this->module->id; ?> "> <table class="adminlist whosonline-summary"> <thead> <tr> <th scope="col"><?php echo Lang::txt('MOD_WHOSONLINE_COL_SITE'); ?>
/** * Return data on a resource view (this will be some form of HTML) * * @param object $resource Current resource * @param string $option Name of the component * @param array $areas Active area(s) * @param string $rtrn Data to be returned * @return array */ public function onResources($model, $option, $areas, $rtrn = 'all') { $arr = array('area' => $this->_name, 'html' => '', 'metadata' => ''); // Check if our area is in the array of areas we want to return results for if (is_array($areas)) { if (!array_intersect($areas, $this->onResourcesAreas($model)) && !array_intersect($areas, array_keys($this->onResourcesAreas($model)))) { $rtrn = 'metadata'; } } if (!$model->type->params->get('plg_' . $this->_name)) { return $arr; } $this->config = Component::params('com_wishlist'); Lang::load('com_wishlist', PATH_APP . DS . 'bootstrap' . DS . 'site') || Lang::load('com_wishlist', Component::path('com_wishlist') . DS . 'site'); $database = App::get('db'); $option = 'com_wishlist'; $cat = 'resource'; $refid = $model->resource->id; $items = 0; $admin = 0; $html = ''; // Include some classes & scripts require_once PATH_CORE . DS . 'components' . DS . $option . DS . 'models' . DS . 'wishlist.php'; require_once PATH_CORE . DS . 'components' . DS . $option . DS . 'site' . DS . 'controllers' . DS . 'wishlists.php'; // Configure controller $controller = new \Components\Wishlist\Site\Controllers\Wishlists(); // Get filters $filters = $controller->getFilters(0); $filters['limit'] = $this->params->get('limit'); // Load some objects $obj = new \Components\Wishlist\Tables\Wishlist($database); $objWish = new \Components\Wishlist\Tables\Wish($database); $objOwner = new \Components\Wishlist\Tables\Owner($database); // Get wishlist id $id = $obj->get_wishlistID($refid, $cat); // Create a new list if necessary if (!$id) { if ($model->resource->title && $model->resource->standalone == 1 && $model->resource->published == 1) { $rtitle = $model->istool() ? Lang::txt('COM_WISHLIST_NAME_RESOURCE_TOOL') . ' ' . $model->resource->alias : Lang::txt('COM_WISHLIST_NAME_RESOURCE_ID') . ' ' . $model->resource->id; $id = $obj->createlist($cat, $refid, 1, $rtitle, $model->resource->title); } } // get wishlist data $wishlist = $obj->get_wishlist($id, $refid, $cat); if (!$wishlist) { $html = '<p class="error">' . Lang::txt('ERROR_WISHLIST_NOT_FOUND') . '</p>'; } else { // Get list owners $owners = $objOwner->get_owners($id, $this->config->get('group'), $wishlist); // Authorize admins & list owners if (!User::isGuest()) { if (User::authorize($option, 'manage')) { $admin = 1; } if (isset($owners['individuals']) && in_array(User::get('id'), $owners['individuals'])) { $admin = 2; } else { if (isset($owners['advisory']) && in_array(User::get('id'), $owners['advisory'])) { $admin = 3; } } } else { if (!$wishlist->public && $rtrn != 'metadata') { // not authorized App::abort(403, Lang::txt('ALERTNOTAUTH')); return; } } $items = $objWish->get_count($id, $filters, $admin); if ($rtrn != 'metadata') { // Get wishes $wishlist->items = $objWish->get_wishes($wishlist->id, $filters, $admin, User::getRoot()); $title = $admin ? Lang::txt('COM_WISHLIST_TITLE_PRIORITIZED') : Lang::txt('COM_WISHLIST_TITLE_RECENT_WISHES'); if (count($wishlist->items) > 0 && $items > $filters['limit']) { $title .= ' (<a href="' . Route::url('index.php?option=' . $option . '&task=wishlist&category=' . $wishlist->category . '&rid=' . $wishlist->referenceid) . '">' . Lang::txt('PLG_RESOURCES_WISHLIST_VIEW_ALL') . '</a>)'; } else { $title .= ' (' . $items . ')'; } // HTML output // Instantiate a view $view = $this->view('default', 'browse'); // Pass the view some info $view->option = $option; $view->resource = $model->resource; $view->title = $title; $view->wishlist = $wishlist; $view->filters = $filters; $view->admin = $admin; $view->config = $this->config; foreach ($this->getErrors() as $error) { $view->setError($error); } // Return the output $arr['html'] = $view->loadTemplate(); } } // Build the HTML meant for the "about" tab's metadata overview if ($rtrn == 'all' || $rtrn == 'metadata') { $view = $this->view('default', 'metadata'); $view->resource = $model->resource; $view->items = $items; $view->wishlistid = $id; $arr['metadata'] = $view->loadTemplate(); } return $arr; }
<?php echo (int) $item->id; ?> </td> </tr> <?php } ?> </tbody> </table> <?php //Load the batch processing form. ?> <?php if (User::authorize('core.create', 'com_newsfeeds') && User::authorize('core.edit', 'com_newsfeeds') && User::authorize('core.edit.state', 'com_newsfeeds')) { ?> <?php echo $this->loadTemplate('batch'); ?> <?php } ?> <input type="hidden" name="task" value="" /> <input type="hidden" name="boxchecked" value="0" /> <input type="hidden" name="filter_order" value="<?php echo $listOrder; ?> " /> <input type="hidden" name="filter_order_Dir" value="<?php
/** * Check if a user has access to a tool * * @param integer $toolid Tool ID * @return boolean True if user has access, false if not */ private function _checkToolaccess($toolid) { // Check if they're a site admin if (User::authorize($this->_option, 'manage')) { return true; } // Create a Tool object $obj = new \Components\Tools\Tables\Tool($this->database); // check if user in tool dev team $developers = $obj->getToolDevelopers($toolid); if ($developers) { foreach ($developers as $dv) { if ($dv->uidNumber == User::get('id')) { return true; } } } return false; }
/** * Return data on a resource view (this will be some form of HTML) * * @param object $publication Current publication * @param string $option Name of the component * @param array $areas Active area(s) * @param string $rtrn Data to be returned * @param string $version Version name * @param boolean $extended Whether or not to show panel * @return array */ public function onPublication($publication, $option, $areas, $rtrn = 'all', $version = 'default', $extended = true) { $arr = array('html' => '', 'metadata' => ''); // Check if our area is in the array of areas we want to return results for if (is_array($areas)) { if (!array_intersect($areas, $this->onPublicationAreas($publication)) && !array_intersect($areas, array_keys($this->onPublicationAreas($publication)))) { $rtrn = 'metadata'; } } if (!$publication->_category->_params->get('plg_wishlist') || !$extended) { return $arr; } $database = App::get('db'); // Load component language file Lang::load('com_wishlist') || Lang::load('com_wishlist', PATH_CORE . DS . 'components' . DS . 'com_wishlist' . DS . 'site'); $option = 'com_wishlist'; $cat = 'publication'; $refid = $publication->id; $items = 0; $admin = 0; $html = ''; // Include some classes & scripts require_once PATH_CORE . DS . 'components' . DS . $option . DS . 'models' . DS . 'wishlist.php'; require_once PATH_CORE . DS . 'components' . DS . $option . DS . 'site' . DS . 'controllers' . DS . 'wishlists.php'; // Configure controller $controller = new \Components\Wishlist\Site\Controllers\Wishlists(); // Get filters $filters = $controller->getFilters(0); $filters['limit'] = $this->params->get('limit'); // Load some objects $obj = new \Components\Wishlist\Tables\Wishlist($database); $objWish = new \Components\Wishlist\Tables\Wish($database); $objOwner = new \Components\Wishlist\Tables\Owner($database); // Get wishlist id $id = $obj->get_wishlistID($refid, $cat); // Create a new list if necessary if (!$id) { if ($publication->title && $publication->state == 1) { $rtitle = isset($publication->alias) && $publication->alias ? Lang::txt('COM_WISHLIST_NAME_RESOURCE') . ' ' . $publication->alias : Lang::txt('COM_WISHLIST_NAME_PUB_ID') . ' ' . $publication->id; $id = $obj->createlist($cat, $refid, 1, $rtitle, $publication->title); } } // get wishlist data $wishlist = $obj->get_wishlist($id, $refid, $cat); if (!$wishlist) { $html = '<p class="error">' . Lang::txt('COM_WISHLIST_ERROR_LIST_NOT_FOUND') . '</p>'; } else { // Get the component parameters $this->config = Component::params('com_wishlist'); // Get list owners $owners = $objOwner->get_owners($id, $this->config->get('group'), $wishlist); // Authorize admins & list owners if (!User::isGuest()) { if (User::authorize($option, 'manage')) { $admin = 1; } if (in_array(User::get('id'), $owners['individuals'])) { $admin = 2; } elseif (in_array(User::get('id'), $owners['advisory'])) { $admin = 3; } } elseif (!$wishlist->public && $rtrn != 'metadata') { // not authorized throw new Exception(Lang::txt('COM_WISHLIST_ERROR_ALERTNOTAUTH'), 403); return; } $items = $objWish->get_count($id, $filters, $admin); if ($rtrn != 'metadata') { // Get wishes $wishlist->items = $objWish->get_wishes($wishlist->id, $filters, $admin, User::getRoot()); $title = $admin ? Lang::txt('COM_WISHLIST_TITLE_PRIORITIZED') : Lang::txt('COM_WISHLIST_TITLE_RECENT_WISHES'); if (count($wishlist->items) > 0 && $items > $filters['limit']) { $title .= ' (<a href="' . Route::url('index.php?option=' . $option . '&task=wishlist&category=' . $wishlist->category . '&rid=' . $wishlist->referenceid) . '">' . Lang::txt('view all') . ' ' . $items . '</a>)'; } else { $title .= ' (' . $items . ')'; } // HTML output // Instantiate a view $view = new \Hubzero\Plugin\View(array('folder' => 'publications', 'element' => 'wishlist', 'name' => 'browse')); // Pass the view some info $view->option = $option; $view->publication = $publication; $view->title = $title; $view->wishlist = $wishlist; $view->filters = $filters; $view->admin = $admin; $view->config = $this->config; if ($this->getError()) { $view->setError($this->getError()); } // Return the output $html = $view->loadTemplate(); } } // Build the HTML meant for the "about" tab's metadata overview $metadata = ''; if ($rtrn == 'all' || $rtrn == 'metadata') { $view = new \Hubzero\Plugin\View(array('folder' => 'publications', 'element' => 'wishlist', 'name' => 'metadata')); $view->publication = $publication; $view->items = $items; $view->wishlistid = $id; $metadata = $view->loadTemplate(); } $arr = array('html' => $html, 'metadata' => $metadata); if ($publication->state == 1) { $arr['count'] = $items; $arr['name'] = 'wishlist'; } return $arr; }
include '../includes/config.php'; include '../includes/classes.php'; $session = new Session(); $database = new Database(); if ($_SESSION['authorized'] == true && $_GET['action'] == "logout") { session_destroy(); header("Location: http://gotospeakup.com/admin"); } if ($_SESSION['authorized'] == true && $_GET['action'] == "purge") { $database->purgeOldApps(); header("Location: http://gotospeakup.com/admin"); } if ($_POST['username'] && $_POST['password']) { $user = new User(); if ($user->authorize()) { $_SESSION['authorized'] = 1; } unset($_POST['username']); unset($_POST['password']); if ($_SESSION['authorized'] == true) { Header("Location: index.php"); } } // echo "<p>POST Data:<br />\n"; print_r($_POST); // echo "\n</p>\n<p>SESSION Data: </br >\n"; print_r($_SESSION); echo "</p>"; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 STRICT//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html> <head>
<?php echo (int) $item->id; ?> </span> </td> </tr> <?php } ?> </tbody> </table> <?php //Load the batch processing form. ?> <?php if (User::authorize('core.create', $extension) & User::authorize('core.edit', $extension) && User::authorize('core.edit.state', $extension)) { ?> <?php echo $this->loadTemplate('batch'); ?> <?php } ?> <input type="hidden" name="extension" value="<?php echo $extension; ?> " /> <input type="hidden" name="task" value="" autocomplete="off" /> <input type="hidden" name="boxchecked" value="0" /> <input type="hidden" name="filter_order" value="<?php
/** * @param array * @return array|false */ function selectEmailAndPasswordLogInProcess($props) { $u = User::authorize($props['u_email'], $props['u_password']); return $u ? $u->getProps(TRUE) : false; }
/** * Return data on a resource sub view (this will be some form of HTML) * * @param object $resource Current resource * @param string $option Name of the component * @param integer $miniview View style * @return array */ public function onResourcesSub($resource, $option, $miniview = 0) { $arr = array('area' => $this->_name, 'html' => '', 'metadata' => ''); $database = App::get('db'); // Build the query that checks topic pages $sql1 = "SELECT v.id, v.pageid, MAX(v.version) AS version, w.title, w.pagename AS alias, v.pagetext AS introtext,\n\t\t\t\t\tNULL AS type, NULL AS published, NULL AS publish_up, w.scope, w.rating, w.times_rated, w.ranking, 'Topic' AS section, w.`group_cn`\n\t\t\t\tFROM `#__wiki_page` AS w\n\t\t\t\tJOIN `#__wiki_version` AS v ON w.id=v.pageid\n\t\t\t\tJOIN `#__wiki_page_links` AS wl ON wl.page_id=w.id\n\t\t\t\tWHERE v.approved=1 AND wl.scope='resource' AND wl.scope_id=" . $database->Quote($resource->id); if (!User::isGuest()) { if (User::authorize('com_resources', 'manage') || User::authorize('com_groups', 'manage')) { $sql1 .= ''; } else { $ugs = \Hubzero\User\Helper::getGroups(User::get('id'), 'members'); $groups = array(); if ($ugs && count($ugs) > 0) { foreach ($ugs as $ug) { $groups[] = $ug->cn; } } $g = "'" . implode("','", $groups) . "'"; $sql1 .= "AND (w.access!=1 OR (w.access=1 AND (w.group_cn IN ({$g}) OR w.created_by='" . User::get('id') . "'))) "; } } else { $sql1 .= "AND w.access!=1 "; } $sql1 .= "GROUP BY pageid ORDER BY ranking DESC, title LIMIT 10"; // Build the query that checks resource parents $sql2 = "SELECT DISTINCT r.id, NULL AS pageid, NULL AS version, r.title, r.alias, r.introtext, r.type, r.published, r.publish_up, " . " NULL AS scope, r.rating, r.times_rated, r.ranking, rt.type AS section, NULL AS `group` " . " FROM #__resource_types AS rt, #__resources AS r" . " JOIN #__resource_assoc AS a ON r.id=a.parent_id" . " LEFT JOIN #__resource_types AS t ON r.logical_type=t.id" . " WHERE r.published=1 AND a.child_id=" . $resource->id . " AND r.type=rt.id AND r.type!=8 "; if (!User::isGuest()) { if (User::authorize('com_resources', 'manage') || User::authorize('com_groups', 'manage')) { $sql2 .= ''; } else { $sql2 .= "AND (r.access!=1 OR (r.access=1 AND (r.group_owner IN ({$g}) OR r.created_by='" . User::get('id') . "'))) "; } } else { $sql2 .= "AND r.access=0 "; } $sql2 .= "ORDER BY r.ranking LIMIT 10"; // Build the final query $query = "SELECT k.* FROM (({$sql1}) UNION ({$sql2})) AS k ORDER BY ranking DESC LIMIT 10"; // Execute the query $database->setQuery($query); $view = new \Hubzero\Plugin\View(array('folder' => $this->_type, 'element' => $this->_name, 'name' => 'browse')); // Instantiate a view if ($miniview) { $view->setLayout('mini'); } // Pass the view some info $view->option = $option; $view->resource = $resource; $view->related = $database->loadObjectList(); foreach ($this->getErrors() as $error) { $view->setError($error); } // Return the output $arr['html'] = $view->loadTemplate(); // Return the an array of content return $arr; }
/** * Show a form for editing an entry * * @return void */ public function editTask() { // Check if they're logged in if (User::isGuest()) { $this->loginTask(); return; } // Check if admin $isAdmin = false; if (User::authorize($this->_option, 'manage')) { $isAdmin = true; } // are we allowing user to add citation $allowImport = $this->config->get('citation_import', 1); if ($allowImport == 0 || $allowImport == 2 && User::get('usertype') == 'Super Administrator') { // Redirect App::redirect(Route::url('index.php?option=' . $this->_option, false), Lang::txt('COM_CITATION_EDIT_NOTALLOWED'), 'warning'); return; } // get the citation types $ct = new Type($this->database); $types = $ct->getType(); $fields = array(); foreach ($types as $type) { if (isset($type['fields'])) { $f = $type['fields']; if (strpos($f, ',') !== false) { $f = str_replace(',', "\n", $f); } $f = array_map('trim', explode("\n", $f)); $f = array_values(array_filter($f)); $fields[strtolower(str_replace(' ', '', $type['type_title']))] = $f; } } // add an empty value for the first type array_unshift($types, array('type' => '', 'type_title' => ' - Select a Type —')); // Incoming - expecting an array id[]=4232 $id = Request::getInt('id', 0); // Pub author $pubAuthor = false; // Load the associations object $assoc = new Association($this->database); // Get associations if ($id) { $this->view->assocs = $assoc->getRecords(array('cid' => $id), $isAdmin); $pubAuthor = $this->isPubAuthor($this->view->assocs); } // Is user authorized to edit citations? if (!$isAdmin && !$pubAuthor) { $id = 0; } // Load the object $this->view->row = new Citation($this->database); $this->view->row->load($id); //make sure title isnt too long $maxTitleLength = 30; $shortenedTitle = strlen($this->view->row->title) > $maxTitleLength ? substr($this->view->row->title, 0, $maxTitleLength) . '…' : $this->view->row->title; // Set the pathway Pathway::append(Lang::txt(strtoupper($this->_option)), 'index.php?option=' . $this->_option); if ($id && $id != 0) { Pathway::append($shortenedTitle, 'index.php?option=' . $this->_option . '&task=view&id=' . $this->view->row->id); } Pathway::append(Lang::txt('COM_CITATIONS_EDIT'), 'index.php?option=' . $this->_option . '&task=edit&id=' . $this->view->row->id); // Set the page title Document::setTitle(Lang::txt('COM_CITATIONS_CITATION') . $shortenedTitle); //push jquery to doc Document::addScriptDeclaration('var fields = ' . json_encode($fields) . ';'); // Instantiate a new view $this->view->title = Lang::txt(strtoupper($this->_option)) . ': ' . Lang::txt(strtoupper($this->_option) . '_' . strtoupper($this->_task)); $this->view->config = $this->config; // No ID, so we're creating a new entry // Set the ID of the creator if (!$id) { $this->view->row->uid = User::get('id'); // It's new - no associations to get $this->view->assocs = array(); //tags & badges $this->view->tags = array(); $this->view->badges = array(); } else { //tags & badges $this->view->tags = Format::citationTags($this->view->row, $this->database, false); $this->view->badges = Format::citationBadges($this->view->row, $this->database, false); } //get the citation types $ct = new Type($this->database); $this->view->types = $ct->getType(); // Output HTML foreach ($this->getErrors() as $error) { $this->view->setError($error); } $this->view->setLayout('edit')->display(); }
/** * Return data on a publication sub view (this will be some form of HTML) * * @param object $publication Current publication * @param string $option Name of the component * @param integer $miniview View style * @return array */ public function onPublicationSub($publication, $option, $miniview = 0) { $arr = array('html' => '', 'metadata' => ''); // Check if our area is in the array of areas we want to return results for $areas = array('related'); if (!array_intersect($areas, $this->onPublicationSubAreas($publication)) && !array_intersect($areas, array_keys($this->onPublicationSubAreas($publication)))) { return false; } $database = App::get('db'); // Build the query that checks topic pages $sql1 = "SELECT v.id, v.pageid, MAX(v.version) AS version, w.title, w.pagename AS alias,\n\t\t\t\tv.pagetext AS abstract, NULL AS type, NULL AS published, NULL AS published_up,\n\t\t\t\tw.scope, w.rating, w.times_rated, w.ranking, 'wiki' AS class, 'Topic' AS section, w.`group_cn`\n\t\t\t\tFROM #__wiki_page AS w, #__wiki_version AS v\n\t\t\t\tWHERE w.id=v.pageid AND v.approved=1 AND (v.pagetext LIKE '%[[Resource(" . $publication->id . ")]]%'\n\t\t\t\tOR v.pagetext LIKE '%[[Resource(" . $publication->id . ",%' OR v.pagetext LIKE '%[/Resource/" . $publication->id . " %'"; $sql1 .= $publication->alias ? " OR v.pagetext LIKE '%[[Resource(" . $publication->alias . "%') " : ") "; if (!User::isGuest()) { if (User::authorize('com_publications', 'manage') || User::authorize('com_groups', 'manage')) { $sql1 .= ''; } else { $ugs = \Hubzero\User\Helper::getGroups(User::get('id'), 'members'); $groups = array(); if ($ugs && count($ugs) > 0) { foreach ($ugs as $ug) { $groups[] = $ug->cn; } } $g = "'" . implode("','", $groups) . "'"; $sql1 .= "AND (w.access!=1 OR (w.access=1 AND (w.group_cn IN ({$g}) OR w.created_by='" . User::get('id') . "'))) "; } } else { $sql1 .= "AND w.access!=1 "; } $sql1 .= "AND w.`group_cn` IS NULL "; // only get topic pages $sql1 .= "GROUP BY pageid ORDER BY ranking DESC, title LIMIT 10"; // Initiate a helper class $model = new \Components\Publications\Models\Publication($publication); $tags = $model->getTags(); // Get version authors $authors = isset($publication->_authors) ? $publication->_authors : array(); // Build the query that get publications related by tag $sql2 = "SELECT DISTINCT r.publication_id as id, NULL AS pageid, r.id AS version,\n\t\t\t\tr.title, C.alias, r.abstract, C.category, r.state as published,\n\t\t\t\tr.published_up, NULL AS scope, C.rating, C.times_rated, C.ranking,\n\t\t\t\trt.alias AS class, rt.name AS section, NULL AS `group` " . "\n FROM #__publications as C, #__publication_categories AS rt, #__publication_versions AS r " . "\n JOIN #__tags_object AS a ON r.publication_id=a.objectid AND a.tbl='publications'" . "\n JOIN #__publication_authors AS PA ON PA.publication_version_id=r.id " . "\n WHERE C.id=r.publication_id "; if ($tags) { $tquery = ''; foreach ($tags as $tagg) { $tquery .= "'" . $tagg['id'] . "',"; } $tquery = substr($tquery, 0, strlen($tquery) - 1); $sql2 .= " AND ( a.tagid IN (" . $tquery . ")"; $sql2 .= count($authors) > 0 ? " OR " : ""; } if (count($authors) > 0) { $aquery = ''; foreach ($authors as $author) { $aquery .= "'" . $author->user_id . "',"; } $aquery = substr($aquery, 0, strlen($aquery) - 1); $sql2 .= $tags ? "" : " AND ( "; $sql2 .= " PA.user_id IN (" . $aquery . ")"; } $sql2 .= $tags || count($authors) > 0 ? ")" : ""; $sql2 .= " AND r.publication_id !=" . $publication->id; $sql2 .= " AND C.category = rt.id AND C.category!=8 "; $sql2 .= "AND r.access=0 "; $sql2 .= "AND r.state=1 "; $sql2 .= "GROUP BY r.publication_id ORDER BY r.ranking LIMIT 10"; // Build the final query $query = "SELECT k.* FROM (({$sql1}) UNION ({$sql2})) AS k ORDER BY ranking DESC LIMIT 10"; // Execute the query $database->setQuery($query); $related = $database->loadObjectList(); // Instantiate a view if ($miniview) { $view = new \Hubzero\Plugin\View(array('folder' => 'publications', 'element' => 'related', 'name' => 'browse', 'layout' => 'mini')); } else { $view = new \Hubzero\Plugin\View(array('folder' => 'publications', 'element' => 'related', 'name' => 'browse')); } // Pass the view some info $view->option = $option; $view->publication = $publication; $view->related = $related; if ($this->getError()) { $view->setError($this->getError()); } // Return the output $arr['html'] = $view->loadTemplate(); // Return the an array of content return $arr; }
if ($_POST['SCRIPT'] == "") { throw new Exception("You Have to Select an Username"); } $username = clearInput($_POST['USERNAME']); $scriptId = clearInput($_POST['SCRIPT']); $usernameN = strip_tags($username); if ($usernameN != $username) { throw new Exception("Inserted Username is not valid"); } if (!is_numeric($scriptId)) { throw new Exception("Inserted Script id is not valid"); } $username = strtolower($username); $u = new User($username); $script = new Script($scriptId); $u->authorize($script); $msg = "User successfully authorized"; } } } catch (Exception $e) { $error = $e->getMessage(); } } ?> <html> <head> <title>RaspiControl</title> <meta charset="utf-8"/> <meta name="viewport"