public function listAll() { $toReturn = array(); $toReturn['grades'] = gradeLevels::get()->toArray(); $toReturn['userRole'] = $this->data['users']->role; $toReturn['newuserRole'] = $this->data['users']->newrole; $toReturn['userRole'] = $this->data['users']->role; $newrole = $this->data['users']->newrole; $newrole_array = json_decode($newrole); $params = permissions::where('moduleId', 3)->where('permission', 1)->get(); foreach ($params as $param) { $uniparam[] = $param->roleId; } if ($toReturn['userRole'] == "teacher") { if (array_intersect($newrole_array, $uniparam)) { $toReturn['access'] = 1; } else { $toReturn['access'] = 0; } } elseif ($toReturn['userRole'] == "admin") { $toReturn['access'] = 1; } else { $toReturn['access'] = 0; } return $toReturn; }
public function listAll() { $toReturn['exams'] = examsList::where('examAcYear', $this->panelInit->selectAcYear)->get()->toArray(); if ($this->data['users']->role == "teacher") { $toReturn['classes'] = classes::where('classAcademicYear', $this->panelInit->selectAcYear)->where('classTeacher', 'LIKE', '%"' . $this->data['users']->id . '"%')->get()->toArray(); } else { $toReturn['classes'] = classes::where('classAcademicYear', $this->panelInit->selectAcYear)->get()->toArray(); } $toReturn['userRole'] = $this->data['users']->role; $newrole = $this->data['users']->newrole; $newrole_array = json_decode($newrole); $params = permissions::where('moduleId', 1)->where('permission', 1)->get(); $uniparam = array(5, 6, 7, 8, 15); if ($toReturn['userRole'] == "teacher") { if (array_intersect($newrole_array, $uniparam)) { $toReturn['access'] = 1; } else { $toReturn['access'] = 0; } } elseif ($toReturn['userRole'] == "admin") { $toReturn['access'] = 1; } else { $toReturn['access'] = 0; } $toReturn['newuserRole'] = $this->data['users']->newrole; return $toReturn; }
function smarty_function_get_nodes_by_parent($params, &$smarty) { global $node; $sql_time = ""; $sql_type = ""; $parent = $params['parent']; $permissions = permissions::checkPerms($parent); if (!$permissions['r']) { $error = $error_messages['READ_PERMISSION_ERROR']; return false; } $parent_vectot = $parent['node_vector']; if ($params['listing_amount'] == 'all') { $listing_amount = DEF_MAX_LISTING_AMMOUNT; } else { $listing_amount = $params['listing_amount']; } if (empty($params['offset'])) { $offset = 0; } else { $offset = $params['offset']; } if (isset($params['orderby'])) { $orderby = db_escape_string($params['orderby']); } global $db, $node; $node_id = $node['node_id']; $user_id = $_SESSION['user_id']; if (isset($params['time'])) { $sql_time = " nodes.node_created > '" . db_escape_string($params['time']) . "' and "; } $q = "select parent.node_name as parent_name,users.*,nodes.*,node_access.node_user_subchild_count from nodes left join nodes as parent on parent.node_id=nodes.node_parent left join node_access on node_access.node_id=nodes.node_id and node_access.user_id='{$user_id}' left join users on users.user_id=nodes.node_creator where "; $q .= " {$sql_time} nodes.node_parent='{$parent}' and nodes.node_system_access!='private'"; if (isset($_POST['template_event']) && $_POST['template_event'] == 'filter_by') { if (isset($_POST['search_type']) && $_POST['search_type'] == 'content') { $sql_type .= " and node_content like '%" . db_escape_string($_POST['node_content']) . "%' "; } else { $q2 = "select user_id from users where login='******'node_content']) . "'"; $userset = $db->query($q2); $userset->next(); $id = $userset->getString('user_id'); $sql_type = " and nodes.node_creator='{$id}'"; } $q .= $sql_type; } if (isset($orderby)) { $q .= " order by {$orderby} "; } else { $q .= " order by nodes.node_id desc "; } $q .= " LIMIT {$offset},{$listing_amount} "; $set = $db->query($q); while ($set->next()) { $pole[] = $set->getRecord(); } $smarty->assign('get_nodes_by_parent', $pole); }
public function update() { $moduleId = Input::get('moduleId'); $roleId = Input::get('roleId'); $permissionValue = Input::get('permission'); $matchThese = ['moduleId' => $moduleId, 'roleId' => $roleId]; $permissions = permissions::where('roleId', '=', $roleId)->first(); $query = 'update permissions set permission= ' . $permissionValue . ' where moduleId =' . $moduleId . ' and roleId=' . $roleId; $result = DB::update($query); return 1; }
/** * Возвращает список предупреждение пользователя для попап окна. * * @param int $uid UID пользователя * @param array $contextId Контекст (для лога админских действий) * @param string $draw_func способ отображения * * @return object xajaxResponse */ function getUserWarns($uid = 0, $contextId = '', $draw_func = '') { session_start(); $objResponse = new xajaxResponse(); if (hasPermissions('users')) { require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/permissions.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/users.php'; $user = new users(); $user->GetUserByUID($uid); if ($user->uid) { $aPermissions = permissions::getUserPermissions($_SESSION['uid']); $admin_log = new admin_log('user', $_SESSION['uid'], $aPermissions); $aWarns = $admin_log->getUserWarns($nCount, $uid); $sCount = $nCount ? $nCount : '0'; $sWarns = $user->warn ? $user->warn : '0'; $objResponse->assign('a_user_warns', 'href', '/users/' . $user->login); $objResponse->assign('s_user_warns', 'innerHTML', $user->uname . ' ' . $user->usurname . ' [' . $user->login . ']'); $objResponse->assign('e_user_warns', 'innerHTML', $sWarns); $objResponse->assign('n_user_warns', 'innerHTML', $sCount); if ($nCount) { $sTable = '<table id="t_user_warns" class="notice-table">'; $nCount = 1; foreach ($aWarns as $aOne) { $sReason = $aOne['admin_comment'] ? hyphen_words($aOne['admin_comment'], true) : '<без причины>'; $sAdmin = $aOne['adm_login'] ? '<a target="_blank" href="/users/' . $aOne['adm_login'] . '">' . $aOne['adm_login'] . '</a>' : 'не известно'; $sDate = $aOne['act_time'] ? date('d.m.Y H:i', strtotime($aOne['act_time'])) : 'не известно'; $sTable .= '<tr> <td class="cell-number">' . $nCount . '.</td> <td class="cell-uwarn">' . $sReason . '</td> <td class="cell-who">Выдан: [' . $sAdmin . '] <td class="cell-date">' . $sDate . '</td> <td' . ($aOne['src_id'] ? ' id="i_user_warns_' . $aOne['src_id'] . '"' : '') . '>' . ($aOne['src_id'] ? '<a href="javascript:void(0);" onclick="banned.warnUser(' . $uid . ',' . $aOne['src_id'] . ',\'' . $draw_func . '\',\'' . $contextId . '\',0);"><img src="/images/btn-remove2.png" alt="" width="11" height="11" /></a>' : '') . '</td> </tr>'; ++$nCount; } $sTable .= '</table>'; $objResponse->assign('d_user_warns', 'innerHTML', $sTable); } else { $objResponse->assign('d_user_warns', 'innerHTML', ' '); } $sBanTitle = $user->is_banned || $user->ban_where ? 'Разбанить' : 'Забанить'; $objResponse->script('adminLogOverlayClose();'); $objResponse->script("\$('ov-notice4').setStyle('display', '');"); $objResponse->script('adjustUserWarnsHTML();'); $objResponse->assign('b_user_warns', 'innerHTML', '<button onclick="adminLogOverlayClose();banned.userBan(' . $uid . ', \'' . $contextId . '\',0)">' . $sBanTitle . '</button><a class="lnk-dot-grey" href="javascript:void(0);" onclick="adminLogOverlayClose();">Отмена</a>'); } } return $objResponse; }
public function __construct() { $this->panelInit = new \DashboardInit(); $this->data['panelInit'] = $this->panelInit; $this->data['breadcrumb']['User Settings'] = \URL::to('/dashboard/user'); $this->data['users'] = \Auth::user(); $params = permissions::where('moduleId', 2)->where('permission', 1)->get(); foreach ($params as $param) { $uniparam[] = $param->roleId; } $params = permissions::where('moduleId', 4)->where('permission', 1)->get(); foreach ($params as $param) { $uniparam2[] = $param->roleId; } $this->data['attendancepermission'] = $uniparam; $this->data['staffattendancepermission'] = $uniparam2; }
function checkUserDat() { global $returnedDBdata; if (!empty($_GET['Char']) && !empty($_GET['Server'])) { // First run check for currently searched character $charTOfetch = $_GET['Char']; $fromWHATserver = $_GET['Server']; // Lookup character in local DB $resp = roster_db::lookup($charTOfetch, $fromWHATserver); $returnedDBdata = $resp->lookupData; // If <is || not> in local DB if ($resp->count == 1) { viewChar($charTOfetch, $fromWHATserver); } else { permissions::verify($functWanted = 'fetchCharDat', $functElse = 'recentlySyncd', $rankWanted = '0'); } } else { // Else if no get data to use nochar(); } }
get_mysql_server_version(); $lang = get_config('language_set'); require_once 'i18n/' . $lang . '/i18n.php'; require_once PATH_TO_CLASSES . '/cls_fast_template.php'; require_once PATH_TO_CLASSES . '/cls_permissions.php'; // inicjowanie klasy, wkazanie katalogu przechowuj±cego szablony $ft = new FastTemplate('./templates/' . $lang . '/tpl'); // egzemplarz klasy obs³uguj±cej bazê danych Core $db = new DB_SQL(); // pobieramy poziom uprawnieñ $query = sprintf("\r\n SELECT \r\n permission_level \r\n FROM \r\n %1\$s \r\n WHERE \r\n login = '******'", TABLE_USERS, $_SESSION['login']); $db->query($query); $db->next_record(); $privileges = $db->f('permission_level'); // egzemplarz klasy do obs³ugi uprawnieñ $perms = new permissions(); $permarr = $perms->getPermissions($privileges); $ft->assign(array('PERMS_USER' => false, 'PERMS_WRITER' => false, 'PERMS_MODERATOR' => false, 'PERMS_TPLEDITOR' => false, 'PERMS_ADMIN' => false)); switch ($privileges) { case '1': $privilege_level = 1; $ft->assign('PERMS_USER', true); break; case '3': $privilege_level = 2; $ft->assign('PERMS_USER', true); $ft->assign('PERMS_WRITER', true); break; case '7': $privilege_level = 3; $ft->assign('PERMS_USER', true);
/** * Add a dialplan for call center * @var string $domain_uuid the multi-tenant id * @var string $value string to be cached */ public function dialplan() { //delete previous dialplan if (strlen($this->dialplan_uuid) > 0) { //delete the previous dialplan $sql = "delete from v_dialplans "; $sql .= "where dialplan_uuid = '" . $this->dialplan_uuid . "' "; $sql .= "and domain_uuid = '" . $this->domain_uuid . "' "; $this->db->exec($sql); $sql = "delete from v_dialplan_details "; $sql .= "where dialplan_uuid = '" . $this->dialplan_uuid . "' "; $sql .= "and domain_uuid = '" . $this->domain_uuid . "' "; $this->db->exec($sql); unset($sql); } unset($prep_statement); //build the dialplan array $dialplan["app_uuid"] = "95788e50-9500-079e-2807-fd530b0ea370"; $dialplan["domain_uuid"] = $this->domain_uuid; $dialplan["dialplan_name"] = $this->queue_name != '' ? $this->queue_name : format_phone($this->destination_number); $dialplan["dialplan_number"] = $this->destination_number; $dialplan["dialplan_context"] = $_SESSION['context']; $dialplan["dialplan_continue"] = "false"; $dialplan["dialplan_order"] = "210"; $dialplan["dialplan_enabled"] = "true"; $dialplan["dialplan_description"] = $this->queue_description; $dialplan_detail_order = 10; //add the public condition $y = 1; $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid; $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "condition"; $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "\${caller_id_name}"; $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = "^([^#]+#)(.*)\$"; $dialplan["dialplan_details"][$y]["dialplan_detail_break"] = "never"; $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "1"; $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10; $y++; $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid; $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "action"; $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "set"; $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = "caller_id_name=\$2"; $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "1"; $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10; $y++; $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid; $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "condition"; $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "destination_number"; $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = "^" . $this->destination_number . "\$"; $dialplan["dialplan_details"][$y]["dialplan_detail_break"] = ""; $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "2"; $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10; $y++; $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid; $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "action"; $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "answer"; $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = ""; $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "2"; $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10; $y++; $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid; $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "action"; $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "set"; $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = "hangup_after_bridge=true"; $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "2"; $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10; $y++; if (strlen($this->queue_cid_prefix) > 0) { $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid; $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "action"; $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "set"; $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = "effective_caller_id_name=" . $this->queue_cid_prefix . "#\${caller_id_name}"; $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "2"; $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10; $y++; } $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid; $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "action"; $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "callcenter"; $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = $this->queue_name . '@' . $_SESSION["domain_name"]; $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "2"; $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10; $y++; if (strlen($this->queue_timeout_action) > 0) { $action_array = explode(":", $this->queue_timeout_action); $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid; $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "action"; $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = $action_array[0]; $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = substr($this->queue_timeout_action, strlen($action_array[0]) + 1, strlen($this->queue_timeout_action)); $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "2"; $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10; $y++; } $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid; $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "action"; $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "hangup"; $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = ""; $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "2"; $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10; //add the dialplan permission $p = new permissions(); $p->add("dialplan_add", 'temp'); $p->add("dialplan_detail_add", 'temp'); $p->add("dialplan_edit", 'temp'); $p->add("dialplan_detail_edit", 'temp'); //save the dialplan $orm = new orm(); $orm->name('dialplans'); $orm->save($dialplan); $dialplan_response = $orm->message; $this->dialplan_uuid = $dialplan_response['uuid']; //if new dialplan uuid then update the call center queue $sql = "update v_call_center_queues "; $sql .= "set dialplan_uuid = '" . $this->dialplan_uuid . "' "; $sql .= "where call_center_queue_uuid = '" . $this->call_center_queue_uuid . "' "; $sql .= "and domain_uuid = '" . $this->domain_uuid . "' "; $this->db->exec($sql); unset($sql); //remove the temporary permission $p->delete("dialplan_add", 'temp'); $p->delete("dialplan_detail_add", 'temp'); $p->delete("dialplan_edit", 'temp'); $p->delete("dialplan_detail_edit", 'temp'); //synchronize the xml config save_dialplan_xml(); //clear the cache $cache = new cache(); $cache->delete("dialplan:" . $_SESSION['context']); //return the dialplan_uuid return $dialplan_response; }
"> <input type="submit" value=" Показать "> </form> <br><br> <table width="100%" border="0" cellspacing="5" cellpadding="5"> <?php if ($users) { ?> <?php foreach ($users as $user) { ?> <?php $user_groups = permissions::getUserGroups($user['uid']); $user_rights = permissions::getUserExtraRights($user['uid']); $utype = is_emp($user['role']) ? 'emp' : 'frl'; ?> <tr> <td> <table width="100%" cellspacing="0" cellpadding="0" border="0"> <tr valign="top" class="n_qpr"> <td width="70" align="center"><a name="user_<?php echo $user['uid']; ?> "></a><a href="/users/<?php echo $user['login']; ?> " class="<?php echo $utype; ?>
/** * Adds a forum with parameters from $this->post * * @author Mark Elliot <*****@*****.**> * @since Beta 2.1 * @return string Completion message **/ function AddForum() { if (trim($this->post['name']) == '') { return "The forum name is empty. (Please press back and enter a name)"; } $forums = $this->forum_grab(); $forums_arr = $this->forum_array($forums, $this->post['parent']); $position = $forums_arr ? count($forums_arr) : 0; $this->db->query("INSERT INTO {$this->pre}forums\r\n\t\t(forum_tree, forum_parent, forum_name, forum_description, forum_position) VALUES\r\n\t\t('" . $this->CreateTree($forums, $this->post['parent']) . "', '{$this->post['parent']}', '{$this->post['name']}', '{$this->post['description']}', '{$position}')"); $id = $this->db->insert_id(); $perms = new permissions(); $perms->db =& $this->db; $perms->pre =& $this->pre; while ($perms->get_group()) { // Full permissions (note: the banned group is still false) if ($this->post['sync'] == -2) { $perms->add_z($id, $perms->group != USER_BANNED); // Default permissions (only works if there are no forums already created) } elseif ($this->post['sync'] == -3) { $perms->add_z($id); // No permissions } elseif ($this->post['sync'] == -1) { $perms->add_z($id, false); // Copy another forum } else { $perms->add_z($id, false); foreach ($perms->standard as $perm => $false) { if (!isset($perms->globals[$perm])) { $perms->set_xyz($perm, $id, $perms->auth($perm, $this->post['sync'])); } } } $perms->update(); } return "Forum added!<br/><br/><a href='{$this->self}'>Continue</a>"; }
$p_level = 1; break; case '3': $p_level = 2; break; case '7': $p_level = 3; break; case '15': $p_level = 4; break; case '31': $p_level = 5; break; } $new_permissions = new permissions(); if ($plevel == "down") { if ($p_level == 1) { $ft->assign('CONFIRM', $i18n['edit_users'][8]); } else { $p_level = $p_level - 1; switch ($p_level) { case '3': $new_permissions->permissions["user"] = TRUE; $new_permissions->permissions["writer"] = TRUE; $new_permissions->permissions["moderator"] = TRUE; break; case '2': $new_permissions->permissions["user"] = TRUE; $new_permissions->permissions["writer"] = TRUE; break;
function listar($tpl) { if (isset($_POST['submit_corps_search'])) { //Se toma el n�mero de registros y se guarda en varable de sesi�n //que se cumpla en todos los accesos del usuario $_SESSION['num_regs'] = $_POST['regs']; } $num = $this->get_list_emps($_SESSION['ident_corp']); $tabla_listado = new table(true); $per = new permissions(); $per->get_permissions_list('emps'); if ($num == 0) { $cadena = '' . $cadena . $tabla_listado->tabla_vacia('emps', $per->add); $variables = $tabla_listado->nombres_variables; } else { $cadena = '' . $tabla_listado->make_tables('emps', $this->emps_list, array('Nombre', 20, 'Primer Apellido', 20, 'Segundo Apellido', 20), array($this->ddbb_id_emp, $this->ddbb_name, $this->ddbb_last_name, $this->ddbb_last_name2), $_SESSION['num_regs'], $per->permissions_module, $per->add); $variables = $tabla_listado->nombres_variables; } $tpl->assign('variables', $variables); $tpl->assign('cadena', $cadena); return $tpl; }
/** * Изменить информацию о группах и правах пользователя * * @param integer $uid ID пользователя * @param array $groups Информация о группах * @param array $rights_allow Информация о разрешенных правах */ function updateUser($uid, $groups, $rights_allow) { global $DB; $user_groups_rights = array(); if (!is_array($rights_allow)) { $rights_allow = array(); } if (!is_array($rights_disallow)) { $rights_disallow = array(); } $sql = "DELETE FROM permissions_groups_users WHERE user_id=?i"; $DB->query($sql, $uid); $sql = "DELETE FROM permissions_rights_users WHERE user_id=?i"; $DB->query($sql, $uid); if (is_array($groups)) { $sql = ""; if ($groups) { foreach ($groups as $group) { $g_rights = permissions::getGroupInfo($group); if ($g_rights['rights']) { foreach ($g_rights['rights'] as $g_right) { if (!in_array($g_right, $user_groups_rights)) { array_push($user_groups_rights, $g_right); } } } $sql .= "INSERT INTO permissions_groups_users(group_id,user_id) VALUES({$group},{$uid});\n "; } $DB->query($sql); $DB->query("UPDATE users SET is_chuck = true WHERE uid = {$uid}"); } } $tr_allow = array_diff($rights_allow, $user_groups_rights); $tr_disallow = array_diff($user_groups_rights, $rights_allow); $rights_allow = $tr_allow; $rights_disallow = $tr_disallow; if (is_array($rights_allow)) { $sql = ""; if ($rights_allow) { foreach ($rights_allow as $right) { $sql .= "INSERT INTO permissions_rights_users(right_id,user_id,is_allow) VALUES({$right},{$uid},'t');\n "; } $DB->query($sql); } } if (is_array($rights_disallow)) { $sql = ""; if ($rights_disallow) { foreach ($rights_disallow as $right) { $sql .= "INSERT INTO permissions_rights_users(right_id,user_id,is_allow) VALUES({$right},{$uid},'f');\n "; } $DB->query($sql); } } }
function view($id, $tpl) { /* Cosas que faltan por hacer: De forma general, mirar los permisos del usuario que vaya a acceder aqui, para saber si tiene permisos de borrar editar ver etc... Averiguar como pasar el numero de registros, si va a ser a grupos a grupos, si va a ser a modulos, a modulos Order By (y mantener la b�squeda en el caso de que hubiera hecha una y averiguar la "pesta�a" a la que hace referencia) Busquedas */ $cadena = ''; // Leemos la empresa y se lo pasamos a la plantilla $this->read($id); $tpl->assign('objeto', $this); $_SESSION['id_client'] = $this->id_client; //listado de contactos $tabla_contactos = new table(false); $contactos = new contacts(); if ($contactos->get_list_contacts($_SESSION['id_client']) == 0) { $per = new permissions(); $per->get_permissions_list('clients'); $cadena = $cadena . $tabla_contactos->tabla_vacia('contacts', $per->add); $variables_empleados = $tabla_contactos->nombres_variables; } else { $per = new permissions(); $per->get_permissions_list('clients'); $cadena = $cadena . $tabla_contactos->make_tables('contacts', $contactos->contacts_list, array('Nombre', 20, 'Primer Apellido', 20, 'Segundo Apellido', 20), array('id_contact', 'name', 'last_name', 'last_name2'), $_SESSION['num_regs'], $per->permissions_module, $per->add); $variables_contactos = $tabla_contactos->nombres_variables; } $facturaspen = new table(false); $facturascob = new table(false); $albaranes = new table(false); $partes = new table(false); $cadena = $cadena . $facturaspen->dont_show('facturaspen'); $cadena = $cadena . $facturascob->dont_show('facturascob'); $cadena = $cadena . $albaranes->dont_show('albaranes'); $cadena = $cadena . $partes->dont_show('partes'); $variables_facturaspen = $facturaspen->nombres_variables; $variables_facturascob = $facturascobs->nombres_variables; $variables_albaranes = $albaranes->nombres_variables; $variables_partes = $partes->nombres_variables; $i = 0; while ($i < count($variables_contactos) + count($variables_facturaspen) + count($variables_facturascob) + count($variables_products) + count($variables_services) + count($variables_albaranes) + count($variables_partes)) { for ($j = 0; $j < count($variables_contactos); $j++) { $variables[$i] = $variables_contactos[$j]; $i++; } for ($j = 0; $j < count($variables_facturaspen); $j++) { $variables[$i] = $variables_facturaspen[$j]; $i++; } for ($j = 0; $j < count($variables_facturascob); $j++) { $variables[$i] = $variables_facturascob[$j]; $i++; } for ($j = 0; $j < count($variables_albaranes); $j++) { $variables[$i] = $variables_albaranes[$j]; $i++; } for ($j = 0; $j < count($variables_partes); $j++) { $variables[$i] = $variables_partes[$j]; $i++; } } //Se comprueba si hay permiso para borrar o modificar $permisos_mod_del = new permissions(); $permisos_mod_del->get_permissions_modify_delete('clients'); $tpl->assign('acciones', $permisos_mod_del->per_mod_del); $tpl->assign('variables', $variables); $tpl->assign('cadena', $cadena); // return $tpl; }
/** * Проверяем входит ли пользователь в группу прав доступа * * @param string код группы(administrator - администраторы, moderator - модераторы) * @param integer ID пользователя * @return boolean true - входит, false - не входит */ function hasGroupPermissions($group, $uid = 0) { require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/permissions.php"; if (!$uid) { $uid = get_uid(false); } return permissions::getUserGroupPermissions($uid, $group); }
/** * Checks Subscriptions to make sure subscribed members can * still view the forum where the topic has been moved too * * @param $newtopic integer of the selected topic * @author Jonathan West <*****@*****.**> * @since 1.1.6 **/ function update_subscriptions($newtopic) { $query = $this->db->query("SELECT s.subscription_user, s.subscription_item, s.subscription_type,\r\n\t\t\t\t\t\t\t\t\tu.user_id, u.user_group, u.user_perms,\r\n\t\t\t\t\t\t\t\t\tg.group_id, g.group_perms,\r\n\t\t\t\t\t\t\t\t\tt.topic_forum\r\n\t\t\t\t\t\t\t\t\tFROM ({$this->pre}subscriptions s, {$this->pre}users u, {$this->pre}groups g, {$this->pre}topics t)\r\n\t\t\t\t\t\t\t\t\tWHERE s.subscription_user = u.user_id\r\n\t\t\t\t\t\t\t\t\tAND u.user_group = g.group_id\r\n\t\t\t\t\t\t\t\t\tAND t.topic_id = {$this->get['t']}\r\n\t\t\t\t\t\t\t\t\t"); while ($sub = $this->db->nqfetch($query)) { $perms = new permissions(); $perms->db =& $this->db; $perms->pre =& $this->pre; $perms->get_perms($sub['user_group'], $sub['user_id'], $sub['user_perms'] ? $sub['user_perms'] : $sub['group_perms']); if (!$perms->auth('forum_view', $sub['topic_forum'])) { $this->db->query("DELETE FROM {$this->pre}subscriptions WHERE subscription_user={$sub['user_id']} AND subscription_item={$sub['subscription_item']}"); } else { $this->db->query('UPDATE ' . $this->pre . 'subscriptions SET subscription_item=' . $newtopic . ' WHERE subscription_item=' . $this->get['t'] . " AND subscription_type='topic'"); } if (!$perms->auth('forum_subscribe', $sub['topic_forum'])) { $this->db->query("DELETE FROM {$this->pre}subscriptions WHERE subscription_user={$sub['user_id']} AND subscription_item={$sub['subscription_item']}"); } } }
/** * Аутентификация пользователя и заполнение его сессии необходимыми данными. * * @param string $login логин пользователя * @param string $pwd пароль пользователя * @param array ¶ms данные пользователя * @param boolean $is_2fa_off принудительное откулючение 2х этапной проверки * * @return integer id сессии * * @global DB $DB */ public function Auth($login, $pwd, &$params, $is_2fa_off = false) { ////////////////////////////////////////////////////////// // Ахтунг! Изменение логики нужно отражать также в новом движке. // Например, при добавлении новый полей в сессию, добавьте их в Web_Front::login() ////////////////////////////////////////////////////////// global $DB; $plogin = preg_replace('/[+ ()-]/', '', $login); $phoneType = preg_replace("/\\D/", '', $plogin); if ($phoneType == $plogin) { $plogin = '******' . $plogin; $sql = "SELECT user_id FROM sbr_reqv WHERE (_1_mob_phone = ? OR _2_mob_phone = ?) AND is_activate_mob = 't'"; $uids = $DB->rows($sql, $plogin, $plogin); if ($uids) { foreach ($uids as $u) { $sql_uids .= $u['user_id'] . ','; } $sql_uids = preg_replace('/,$/', '', $sql_uids); } } $sql = ' SELECT u.email, u.role, u.uname, u.usurname, u.uid, u.is_banned, u.ban_where, u.active, a.sum, a.bonus_sum, u.login, u.anti_uid, u.is_pro_test, u.is_pro_new, u.is_chuck, u.sex, u.settings, u.splash_show, u.is_verify, u.reg_date, ac.code, u.photo, u.is_profi, u.birthday FROM users AS u LEFT JOIN activate_code ac ON ac.user_id = u.uid LEFT JOIN account AS a ON a.uid = u.uid WHERE ((lower(u.login) = ? OR lower(u.email) = ?) AND u.passwd = ?) ' . ($sql_uids ? "OR ( u.uid IN ({$sql_uids}) AND u.passwd = ?)" : ''); $res = $DB->rows($sql, strtolower($login), mb_strtolower($login), $pwd, $pwd); if ($res) { $qres = $res; $uvisits = array(); $n = 0; foreach ($qres as $k => $v) { $uvisits[$this->getLastVisit($v['uid']) . '-' . $n] = $k; ++$n; } asort($uvisits); $res = $qres[array_pop($uvisits)]; } $error .= $DB->error; $first_login = $this->getLastVisit($res['uid']); $ip = getRemoteIP(); /** * Дополнительная проверка логина. * Нужна для исправления паролей, содержащих * теги (или похожие на теги последовательности). * * !!Убрать после следующей глобальной смены паролей. */ if (!$res) { // попробуем убрать (0018079) //$res = $this->FixPassword($sql, $login); } /** * Определяем нужна ли 2хэтапная авторизация. */ if (!$is_2fa_off && count($res) && $first_login) { //не первый вход //если на 2ом этапе ввели другой аккаунт то направить //обратно на 2ой этап и сообщить обэтом if (isset($params['2fa_provider']['uid']) && $params['2fa_provider']['uid'] != $res['uid']) { $is_login = $params['2fa_provider']['type'] == 0; session::setFlashMessage($is_login ? self::TXT_AUTH_2FA_LOG_FAIL : self::TXT_AUTH_2FA_SOC_FAIL, '/auth/second/'); return self::AUTH_STATUS_2FA; } $is_opauth = defined('IS_OPAUTH'); if (!isset($params['2fa_provider']) || $params['2fa_provider']['type'] > 0 != $is_opauth) { //несовпадают типы авторизаций на 2ом этапе require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/opauth/OpauthModel.php'; $opauthModel = new OpauthModel(); $is_2fa = $opauthModel->getMultilevel($res['uid']); if (isset($is_2fa['type'])) { //$is_2fa - авторизация через выбранную соцсеть //0 - нужна обычная авторизация так как вход был выполнен через соцсеть $params['2fa_provider'] = array('type' => !$is_opauth ? $is_2fa['type'] : 0, 'uid' => $res['uid'], 'login' => $res['login']); //Сбрасываем авторизацию $res = array(); //переходим ко 2ой стадии return self::AUTH_STATUS_2FA; } } } //Более нам параметр этапов авторизации не нужен unset($params['2fa_provider']); /** * Успешная авторизация. */ if (count($res)) { list($email, $trole, $tname, $tsurname, $tid, $is_banned, $ban_where, $active, $sum, $bonus_sum, $log, $anti_uid, $is_pro_test, $is_pro_new, $is_chuck, $sex, $settings, $splash_show, $is_verify, $reg_date, $activate_code, $photo, $is_profi, $birthday) = array_values($res); if ($activate_code != '' && $active == 't') { $this->checkRegDate($tid, $reg_date); } if ($is_banned) { return -1; } //if ($active=='f') return -2; //##0027983 if (!$this->CheckUserAllowIP($ip, $tid)) { return -3; } $params['birthday'] = $birthday ? strtotime($birthday) : null; $params['age'] = $params['birthday'] ? intval(ElapsedYears($params['birthday'])) : null; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/permissions.php'; $params['permissions'] = permissions::getUserPermissions($tid); $params['email'] = $email; $params['role'] = $trole; $params['name'] = $tname; $params['surname'] = $tsurname; $params['uid'] = $tid; $params['user_ip'] = $ip; $params['ac_sum'] = zin($sum); $params['bn_sum'] = zin($bonus_sum); $params['login'] = $log; $params['is_pro_new'] = $is_pro_new; $params['pro_test'] = $is_pro_test; $params['is_chuck'] = $is_chuck; $params['is_verify'] = $is_verify; $params['sex'] = $sex; $params['reg_date'] = $reg_date; $params['photo'] = $photo; if (!is_emp($trole)) { $params['is_profi'] = $is_profi === 't'; } if ($anti_uid) { $anti_class = is_emp($trole) ? 'freelancer' : 'employer'; require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/{$anti_class}.php"; $anti = new $anti_class(); $anti->GetUserByUID($anti_uid); $params['anti_uid'] = $anti->uid; $params['anti_login'] = $anti->login; $params['anti_surname'] = $anti->usurname; $params['anti_name'] = $anti->uname; } if (!is_emp($params['role'])) { require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/projects_offers.php'; if ($po_summary = projects_offers::GetFrlOffersSummary($params['uid'])) { $params['po_count'] = $po_summary['total']; } } $sql = 'UPDATE users SET last_time = now(), last_ip = ?, is_active = true WHERE uid = ?i'; $res = $DB->query($sql, $ip, $tid); $this->SaveLoginIPLog($tid, $ip); $this->increaseLoginsCnt($tid); // количество операций $sQuery = 'SELECT COUNT(ao.id) FROM account_operations ao INNER JOIN account a ON a.id = ao.billing_id WHERE a.uid = ?i AND (ao.ammount <> 0 OR ao.trs_sum <> 0)'; $params['account_operations'] = $DB->val($sQuery, $tid); $params['question_button_hide'] = $settings[1]; // Показывать/скрывать кнопку "У вас есть вопрос?" $params['promo_block_hide'] = $settings[2]; // показывать Блок "Быстрый доступ к основным функциям сайта" $params['direct_external_links'] = $settings[3]; // Не показывать страницу "Переход по внешней ссылке" a.php $params['sbr_slash_show'] = $settings[4] && $first_login < strtotime('2012-08-08'); // Показывать/скрыть СБР промо-слеш $params['splash_show'] = $splash_show; $params['chat'] = $settings[5]; $params['chat_sound'] = $settings[6]; // #0017182 > Вопрос можем ли мы вытащить эту настройку из кук пользователей и сохранить ее в базу? if (empty($settings[3]) && $_COOKIE['direct_external_links'] == 1) { $this->setDirectExternalLinks($tid, 1); if ($anti_uid) { $this->setDirectExternalLinks($anti_uid, 1); } setcookie('direct_external_links', '', time() - 60 * 60 * 24 * 365, '/'); setcookie('no_a_php', '1', time() + 60 * 60 * 24 * 365 * 2, '/'); } //генерация куки для userecho require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/userecho.php'; setcookie('ue_sso_token', UserEcho::get_sso_token(USERECHO_API_KEY, USERECHO_PROJECT_KEY, array()), 0, '/', preg_replace('/^https?\\:\\/\\/(?:www\\.)?/', '.', 'fl.ru')); // Первый заход, регистрация через мастер, мастер не закончен if ($first_login == 0) { require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/wizard/wizard.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/wizard/wizard_registration.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/wizard/step_employer.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/wizard/step_freelancer.php'; if (is_emp($params['role'])) { $wiz_user = wizard::isUserWizard($tid, step_employer::STEP_REGISTRATION_CONFIRM, wizard_registration::REG_EMP_ID); } else { $wiz_user = wizard::isUserWizard($tid, step_freelancer::STEP_REGISTRATION_CONFIRM, wizard_registration::REG_FRL_ID); } if ($wiz_user['id'] > 0) { $role = is_emp($params['role']) ? wizard_registration::REG_EMP_ID : wizard_registration::REG_FRL_ID; header('Location: /registration/activated.php?role=' . $role); //header("Location: /wizard/registration/?role={$role}"); exit; } elseif (!is_emp($params['role'])) { require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/payed.php'; $pro_last = payed::ProLast($_SESSION['login']); $_SESSION['pro_last'] = $pro_last['is_freezed'] ? false : $pro_last['cnt']; if ($_SESSION['pro_last'] && $_SESSION['is_pro_new'] != 't') { payed::checkNewPro($id); } if ($pro_last['freeze_to']) { $_SESSION['freeze_from'] = $pro_last['freeze_from']; $_SESSION['freeze_to'] = $pro_last['freeze_to']; $_SESSION['is_freezed'] = $pro_last['is_freezed']; $_SESSION['payed_to'] = $pro_last['cnt']; } if ($_SESSION['anti_login']) { $pro_last = payed::ProLast($_SESSION['anti_login']); $_SESSION['anti_pro_last'] = $pro_last['freeze_to'] ? false : $pro_last['cnt']; } //отправляем письмо с инфой, как работать на сайте /* require_once($_SERVER['DOCUMENT_ROOT'] . "/classes/smail.php"); $mail = new smail(); if (is_emp()) { $mail->employerQuickStartGuide(get_uid(false)); } else { $mail->freelancerQuickStartGuide(get_uid(false)); } */ return $tid; if (!defined('IN_API')) { // для API мобильного приложения не нужно header("Location: /users/{$login}/"); exit; } } } //----------------------------------- } else { $tid = 0; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/annoy.php'; $annoy = new annoy(); $annoy->Add($ip); } return $tid; }
} } } $user_rights_data = permissions::getUserExtraRights($user_id); $user_rights_allow = array(); $user_rights_disallow = array(); foreach ($user_rights_data as $user_right) { if ($user_right['is_allow'] == 't') { array_push($user_rights_allow, $user_right['id']); } else { array_push($user_rights_disallow, $user_right['id']); } } $inner_page = 'inner_user_form.php'; break; case 'user_update': $user_id = __paramInit('int', 'uid', 'uid'); permissions::updateUser($user_id, array($_POST['groups']), $_POST['rights_allow']); header('Location: /siteadmin/permissions/?action=user_list'); exit; break; default: header('Location: /siteadmin/permissions/?action=group_list'); exit; break; } $content = '../content.php'; $header = $rpath . 'header.php'; $footer = $rpath . 'footer.html'; $css_file = array('moderation.css', 'new-admin.css', 'nav.css'); include $rpath . 'template.php';
function view($id, $tpl) { /* Cosas que faltan por hacer: De forma general, mirar los permisos del usuario que vaya a acceder aqui, para saber si tiene permisos de borrar editar ver etc... Averiguar como pasar el numero de registros, si va a ser a grupos a grupos, si va a ser a modulos, a modulos Order By (y mantener la búsqueda en el caso de que hubiera hecha una y averiguar la "pestaña" a la que hace referencia) Busquedas */ $cadena = ''; // Leemos la empresa y se lo pasamos a la plantilla $this->read($id); $tpl->assign('objeto', $this); //listado de empleados $tabla_empleados = new table(false); $empleados = new emps(); if ($empleados->get_list_emps($_SESSION['ident_corp']) == 0) { $per = new permissions(); $per->get_permissions_list('corps'); $cadena = $cadena . $tabla_empleados->tabla_vacia('emps', $per->add); $variables_empleados = $tabla_empleados->nombres_variables; } else { $per = new permissions(); $per->get_permissions_list('corps'); $cadena = $cadena . $tabla_empleados->make_tables('emps', $empleados->emps_list, array('Nombre', 20, 'Primer Apellido', 20, 'Segundo Apellido', 20), array('id_emp', 'name', 'last_name', 'last_name2'), $_SESSION['num_regs'], $per->permissions_module, $per->add); $variables_empleados = $tabla_empleados->nombres_variables; } //Productos $products = new products(false); $tabla_productos = new table(false); if ($products->get_list_products_corps($_SESSION['ident_corp']) == 0) { $per = new permissions(); $per->get_permissions_list('corps'); $cadena = $cadena . $tabla_productos->tabla_vacia('products', $per->add); $variables_products = $tabla_productos->nombres_variables; } else { $per = new permissions(); $per->get_permissions_list('corps'); $cadena = $cadena . $tabla_productos->make_tables('products', $products->products_list, array('Nombre', 20, 'Nombre Web', 40), array('id_product', 'name', 'name_web'), $_SESSION['num_regs'], $per->permissions_module, $per->add); $variables_products = $tabla_productos->nombres_variables; } //servicios $services = new services(false); $tabla_servicios = new table(false); if ($services->get_list_services_corp($_SESSION['ident_corp']) == 0) { $per = new permissions(); $per->get_permissions_list('corps'); $cadena = $cadena . $tabla_servicios->tabla_vacia('services', $per->add); $variables_services = $tabla_servicios->nombres_variables; } else { $per = new permissions(); $per->get_permissions_list('corps'); $cadena = $cadena . $tabla_servicios->make_tables('services', $services->services_list, array('Nombre', 20, 'Nombre Web', 40), array('id_service', 'name', 'name_web'), $_SESSION['num_regs'], $per->permissions_module, $per->add); $variables_services = $tabla_servicios->nombres_variables; } //clientes $clients = new clients(false); $tabla_clientes = new table(false); if ($clients->get_list_clients($_SESSION['ident_corp']) == 0) { $per = new permissions(); $per->get_permissions_list('clients'); $cadena = $cadena . $tabla_clientes->tabla_vacia('clients', $per->add); $variables_clients = $tabla_clientes->nombres_variables; } else { $per = new permissions(); $per->get_permissions_list('corps'); $cadena = $cadena . $tabla_clientes->make_tables('clients', $clients->clients_list, array('Nombre', 20, 'Nombre Completo', 40, 'Teléfono', 20), array('id_client', 'name', 'full_name', 'phone'), 10, $per->permissions_module, $per->add); $variables_clients = $tabla_clientes->nombres_variables; } //Rellenamos de forma provisional las variables con un "no se puede mostrar" $facturaspen = new table(false); $facturascob = new table(false); $gestionalm = new table(false); $partes = new table(false); $cadena = $cadena . $facturaspen->dont_show('facturaspen'); $cadena = $cadena . $facturascob->dont_show('facturascob'); $cadena = $cadena . $gestionalm->dont_show('gestionalm'); $cadena = $cadena . $partes->dont_show('partes'); $variables_facturaspen = $facturaspen->nombres_variables; $variables_facturascob = $facturascobs->nombres_variables; $variables_gestionalm = $gestionalm->nombres_variables; $variables_partes = $partes->nombres_variables; $i = 0; while ($i < count($variables_empleados) + count($variables_clients) + count($variables_facturaspen) + count($variables_facturascob) + count($variables_products) + count($variables_services) + count($variables_gestionalm) + count($variables_partes)) { for ($j = 0; $j < count($variables_empleados); $j++) { $variables[$i] = $variables_empleados[$j]; $i++; } for ($j = 0; $j < count($variables_clients); $j++) { $variables[$i] = $variables_clients[$j]; $i++; } for ($j = 0; $j < count($variables_facturaspen); $j++) { $variables[$i] = $variables_facturaspen[$j]; $i++; } for ($j = 0; $j < count($variables_facturascob); $j++) { $variables[$i] = $variables_facturascob[$j]; $i++; } for ($j = 0; $j < count($variables_products); $j++) { $variables[$i] = $variables_products[$j]; $i++; } for ($j = 0; $j < count($variables_services); $j++) { $variables[$i] = $variables_services[$j]; $i++; } for ($j = 0; $j < count($variables_gestionalm); $j++) { $variables[$i] = $variables_gestionalm[$j]; $i++; } for ($j = 0; $j < count($variables_partes); $j++) { $variables[$i] = $variables_partes[$j]; $i++; } } //Se comprueba si hay permiso para borrar o modificar $permisos_mod_del = new permissions(); $permisos_mod_del->get_permissions_modify_delete('corps'); $tpl->assign('acciones', $permisos_mod_del->per_mod_del); $tpl->assign('variables', $variables); $tpl->assign('cadena', $cadena); // return $tpl; }
function view($id, $tpl) { $this->read($id); $tpl->assign('objeto', $this); //Se comprueba si hay permiso para borrar o modificar $permisos_mod_del = new permissions(); $permisos_mod_del->get_permissions_modify_delete('services'); $tpl->assign('acciones', $permisos_mod_del->per_mod_del); return $tpl; }
<?php if (!defined('IS_SITE_ADMIN')) { header('Location: /404.php'); exit; } $s = 'style="color: #666;"'; if (!isset($aPermissions)) { require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/permissions.php'; $aPermissions = permissions::getUserPermissions($uid); } foreach ($aPermissions as $sPermission) { $sVar = 'bHas' . ucfirst($sPermission); ${$sVar} = true; } if ($bHasAll || $bHasAdm) { ?> <?php if ($bHasAll || $bHasUsers || $bHasProjects || $bHasBlogs || $bHasCommunes) { ?> <div class="admin-menu"> <h3>Действия</h3> <ul> <?php if ($bHasAll || $bHasUsers || $bHasProjects || $bHasBlogs || $bHasCommunes) { ?> <li><a <?php echo $menu_item == 1 ? $s : ''; ?> href="/siteadmin/admin_log/?site=log">Лента всех действий</a></li>
//synchronize the xml config save_dialplan_xml(); //clear the cache $cache = new cache(); $cache->delete("dialplan:" . $destination_context); } else { //remove empty dialplan details from POST array so doesn't attempt to insert below unset($_POST["dialplan_details"]); } //get the destination_uuid if (strlen($dialplan_response['uuid']) > 0) { $_POST["dialplan_uuid"] = $dialplan_response['uuid']; } //add the dialplan permission $permission = "dialplan_edit"; $p = new permissions(); $p->add($permission, 'temp'); //save the destination $orm = new orm(); $orm->name('destinations'); if (strlen($destination_uuid) > 0) { $orm->uuid($destination_uuid); } $orm->save($_POST); $message = $orm->message; $destination_response = $orm->message; //remove the temporary permission $p->delete($permission, 'temp'); //get the destination_uuid if (strlen($destination_response['uuid']) > 0) { $destination_uuid = $destination_response['uuid'];
/** * Add a dialplan for call center * @var string $domain_uuid the multi-tenant id * @var string $value string to be cached */ public function dialplan() { //normalize the fax forward number if (strlen($this->fax_forward_number) > 3) { //$fax_forward_number = preg_replace("~[^0-9]~", "",$fax_forward_number); $this->fax_forward_number = str_replace(" ", "", $this->fax_forward_number); $this->fax_forward_number = str_replace("-", "", $this->fax_forward_number); } //set the forward prefix if (strripos($this->fax_forward_number, '$1') === false) { $this->forward_prefix = ''; //not found } else { $this->forward_prefix = $this->forward_prefix . $this->fax_forward_number . '#'; //found } //delete previous dialplan if (strlen($this->dialplan_uuid) > 0) { //delete the previous dialplan $sql = "delete from v_dialplans "; $sql .= "where dialplan_uuid = '" . $this->dialplan_uuid . "' "; $sql .= "and domain_uuid = '" . $this->domain_uuid . "' "; $this->db->exec($sql); $sql = "delete from v_dialplan_details "; $sql .= "where dialplan_uuid = '" . $this->dialplan_uuid . "' "; $sql .= "and domain_uuid = '" . $this->domain_uuid . "' "; $this->db->exec($sql); unset($sql); } unset($prep_statement); //build the dialplan array $dialplan["app_uuid"] = "24108154-4ac3-1db6-1551-4731703a4440"; $dialplan["domain_uuid"] = $this->domain_uuid; $dialplan["dialplan_name"] = $this->fax_name != '' ? $this->fax_name : format_phone($this->destination_number); $dialplan["dialplan_number"] = $this->fax_extension; $dialplan["dialplan_context"] = $_SESSION['context']; $dialplan["dialplan_continue"] = "false"; $dialplan["dialplan_order"] = "310"; $dialplan["dialplan_enabled"] = "true"; $dialplan["dialplan_description"] = $this->fax_description; $dialplan_detail_order = 10; //add the public condition $y = 1; $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid; $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "condition"; $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "destination_number"; $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = "^" . $this->destination_number . "\$"; $dialplan["dialplan_details"][$y]["dialplan_detail_break"] = ""; $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "1"; $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10; $y++; $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid; $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "action"; $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "answer"; $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = ""; $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "1"; $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10; $y++; $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid; $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "action"; $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "set"; $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = "fax_uuid=" . $this->fax_uuid; $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "1"; $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10; $y++; $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid; $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "action"; $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "set"; $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = "api_hangup_hook=lua app/fax/resources/scripts/hangup_rx.lua"; $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "1"; $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10; $y++; foreach ($_SESSION['fax']['variable'] as $data) { $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid; $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "action"; $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "set"; if (substr($data, 0, 8) == "inbound:") { $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = substr($data, 8, strlen($data)); } elseif (substr($data, 0, 9) == "outbound:") { } else { $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = $data; } $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "1"; $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10; $y++; } $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid; $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "action"; $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "set"; if (strlen($_SESSION['fax']['last_fax']['text']) > 0) { $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = "last_fax=" . $_SESSION['fax']['last_fax']['text']; } else { $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = "last_fax=\${caller_id_number}-\${strftime(%Y-%m-%d-%H-%M-%S)}"; } $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "1"; $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10; $y++; $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid; $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "action"; $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "playback"; $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = "silence_stream://2000"; $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "1"; $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10; $y++; $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid; $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "action"; $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "rxfax"; $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = $_SESSION['switch']['storage']['dir'] . '/fax/' . $_SESSION['domain_name'] . '/' . $this->fax_extension . '/inbox/' . $this->forward_prefix . '${last_fax}.tif'; $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "1"; $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10; $y++; $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid; $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "action"; $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "hangup"; $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = ""; $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "1"; $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10; $y++; //add the dialplan permission $p = new permissions(); $p->add("dialplan_add", 'temp'); $p->add("dialplan_detail_add", 'temp'); $p->add("dialplan_edit", 'temp'); $p->add("dialplan_detail_edit", 'temp'); //save the dialplan $orm = new orm(); $orm->name('dialplans'); $orm->save($dialplan); $dialplan_response = $orm->message; $this->dialplan_uuid = $dialplan_response['uuid']; //if new dialplan uuid then update the call center queue $sql = "update v_fax "; $sql .= "set dialplan_uuid = '" . $this->dialplan_uuid . "' "; $sql .= "where fax_uuid = '" . $this->fax_uuid . "' "; $sql .= "and domain_uuid = '" . $this->domain_uuid . "' "; $this->db->exec($sql); unset($sql); //remove the temporary permission $p->delete("dialplan_add", 'temp'); $p->delete("dialplan_detail_add", 'temp'); $p->delete("dialplan_edit", 'temp'); $p->delete("dialplan_detail_edit", 'temp'); //synchronize the xml config save_dialplan_xml(); //clear the cache $cache = new cache(); $cache->delete("dialplan:" . $_SESSION['context']); //return the dialplan_uuid return $dialplan_response; }
//set the message if ($action == "add") { $_SESSION['message'] = $text['message-add']; } else { if ($action == "update") { $_SESSION['message'] = $text['message-update']; } } header("Location: time_condition_edit.php?id=" . $dialplan_uuid . ($app_uuid != '' ? "&app_uuid=" . $app_uuid : null)); return; } //end if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) //get existing data to pre-populate form if ($dialplan_uuid != '' && $_POST["persistformvar"] != "true") { //add the dialplan permission $p = new permissions(); $p->add("dialplan_add", 'temp'); $p->add("dialplan_detail_add", 'temp'); $p->add("dialplan_edit", 'temp'); $p->add("dialplan_detail_edit", 'temp'); //get main dialplan entry $orm = new orm(); $orm->name('dialplans'); $orm->uuid($dialplan_uuid); $result = $orm->find()->get(); //$message = $orm->message; foreach ($result as &$row) { $domain_uuid = $row["domain_uuid"]; //$app_uuid = $row["app_uuid"]; $dialplan_name = $row["dialplan_name"]; $dialplan_number = $row["dialplan_number"];
public function listAll() { $toReturn = array(); $toReturn['classes'] = classes::where('classAcademicYear', $this->panelInit->selectAcYear)->get()->toArray(); $classesArray = array(); while (list(, $class) = each($toReturn['classes'])) { $classesArray[$class['id']] = $class['className']; } $toReturn['assignments'] = array(); if (count($classesArray) > 0) { $assignments = new assignments(); if ($this->data['users']->role == "student") { $assignments = $assignments->where('classId', 'LIKE', '%"' . $this->data['users']->studentClass . '"%'); } else { while (list($key, ) = each($classesArray)) { $assignments = $assignments->orWhere('classId', 'LIKE', '%"' . $key . '"%'); } } if ($this->data['users']->role == "teacher") { $assignments = $assignments->where('teacherId', $this->data['users']->id); } $assignments = $assignments->get(); foreach ($assignments as $key => $assignment) { $classId = json_decode($assignment->classId); if ($this->data['users']->role == "student" and !in_array($this->data['users']->studentClass, $classId)) { continue; } $toReturn['assignments'][$key]['id'] = $assignment->id; $toReturn['assignments'][$key]['subjectId'] = $assignment->subjectId; $toReturn['assignments'][$key]['AssignTitle'] = $assignment->AssignTitle; $toReturn['assignments'][$key]['AssignDescription'] = $assignment->AssignDescription; $toReturn['assignments'][$key]['AssignFile'] = $assignment->AssignFile; $toReturn['assignments'][$key]['AssignDeadLine'] = $assignment->AssignDeadLine; $toReturn['assignments'][$key]['classes'] = ""; while (list(, $value) = each($classId)) { if (isset($classesArray[$value])) { $toReturn['assignments'][$key]['classes'] .= $classesArray[$value] . ", "; } } } } $toReturn['userRole'] = $this->data['users']->role; $newrole = $this->data['users']->newrole; $newrole_array = json_decode($newrole); $params = permissions::where('moduleId', 1)->where('permission', 1)->get(); foreach ($params as $param) { $uniparam[] = $param->roleId; } if ($toReturn['userRole'] == "teacher") { if (array_intersect($newrole_array, $uniparam)) { $toReturn['access'] = 1; } else { $toReturn['access'] = 0; } } elseif ($toReturn['userRole'] == "admin") { $toReturn['access'] = 1; } else { $toReturn['access'] = 0; } $toReturn['newuserRole'] = $this->data['users']->newrole; return $toReturn; }
$file .= "define('TABLE_PAGES', PREFIX . 'pages');\n"; $file .= "define('TABLE_LINKS', PREFIX . 'links');\n"; $file .= "define('TABLE_NEWSLETTER', PREFIX . 'newsletter');\n\n"; $file .= "define('CORE_INSTALLED', true);\n\n"; $file .= '//mail address to person who can repair if something in Your code is broken' . "\n"; $file .= "define('ADMIN_MAIL', '*****@*****.**');\n\n\n"; $file .= "error_reporting(2047);\n\n"; $file .= '?' . '>'; $fp = @fopen('../administration/inc/config.php', 'w'); $result = @fputs($fp, $file, strlen($file)); @fclose($fp); $pass = md5($corepass_1); $t1 = $dbprefix . 'users'; $t2 = $dbprefix . 'category'; $t3 = $dbprefix . 'config'; $perms = new permissions(); // Nadajemu stosowne uprawnienia u¿ytkownikowi $perms->permissions["user"] = TRUE; $perms->permissions["writer"] = TRUE; $perms->permissions["moderator"] = TRUE; $perms->permissions["tpl_editor"] = TRUE; $perms->permissions["admin"] = TRUE; $bitmask = $perms->toBitmask(); // wstawiamy pocz±tkowego u¿ytkownika $query = sprintf("\r\n INSERT INTO\r\n %1\$s\r\n VALUES\r\n ('language_set', '%2\$s')", $t3, $lang); $db->query($query); // wstawiamy pocz±tkowego u¿ytkownika $query = sprintf("\r\n INSERT INTO\r\n %1\$s\r\n VALUES\r\n ('', '%2\$s', '%3\$s', '%4\$s', '%5\$d', 'Y', '', '', '', '', '', '', '', '', '', '')", $t1, $coreuser, $pass, $coremail, $bitmask); $db->query($query); if ($fp == FALSE) { $err .= $i18n['main_content'][5];
function execute() { $perms_obj = new permissions(); $perms_obj->db =& $this->db; $perms_obj->pre =& $this->pre; if (isset($this->get['s']) && $this->get['s'] == 'user') { if (!isset($this->get['id'])) { header("Location: {$this->self}?a=member&s=perms"); } $this->post['group'] = intval($this->get['id']); $mode = 'user'; $title = 'User Control'; $link = '&s=user&id=' . $this->post['group']; $perms_obj->get_perms(-1, $this->post['group']); } else { if (!isset($this->post['group'])) { return $this->message('User Groups', "\n\t\t\t\t<form action='{$this->self}?a=perms' method='post'><div>\n\t\t\t\t\t{$this->lang->perms_edit_for}\n\t\t\t\t\t<select name='group'>\n\t\t\t\t\t" . $this->select_groups(-1) . "\n\t\t\t\t\t</select>\n\t\t\t\t\t<input type='submit' value='{$this->lang->submit}' /></div>\n\t\t\t\t</form>"); } $this->post['group'] = intval($this->post['group']); $mode = 'group'; $title = $this->lang->perms_title; $link = null; $perms_obj->get_perms($this->post['group'], -1); } $this->set_title($title); $this->tree($title); $forums_only = $this->db->query('SELECT forum_id, forum_name FROM ' . $this->pre . 'forums ORDER BY forum_name'); $forums_list = array(); while ($forum = $this->db->nqfetch($forums_only)) { $forums_list[] = $forum; } $perms = array('board_view' => $this->lang->perms_board_view, 'board_view_closed' => $this->lang->perms_board_view_closed, 'do_anything' => $this->lang->perms_do_anything, 'is_admin' => $this->lang->perms_is_admin, 'email_use' => $this->lang->perms_email_use, 'topic_global' => $this->lang->perms_topic_global, 'pm_noflood' => $this->lang->perms_pm_noflood, 'search_noflood' => $this->lang->perms_search_noflood, 'forum_view' => $this->lang->perms_forum_view, 'post_viewip' => $this->lang->perms_post_viewip, 'topic_view' => $this->lang->perms_topic_view, 'poll_create' => $this->lang->perms_poll_create, 'poll_vote' => $this->lang->perms_poll_vote, 'post_create' => $this->lang->perms_post_create, 'topic_create' => $this->lang->perms_topic_create, 'post_noflood' => $this->lang->perms_post_noflood, 'post_delete' => $this->lang->perms_post_delete, 'post_delete_own' => $this->lang->perms_post_delete_own, 'topic_delete' => $this->lang->perms_topic_delete, 'topic_delete_own' => $this->lang->perms_topic_delete_own, 'post_edit' => $this->lang->perms_post_edit, 'post_edit_own' => $this->lang->perms_post_edit_own, 'topic_edit' => $this->lang->perms_topic_edit, 'topic_edit_own' => $this->lang->perms_topic_edit_own, 'topic_lock' => $this->lang->perms_topic_lock, 'topic_lock_own' => $this->lang->perms_topic_lock_own, 'topic_unlock' => $this->lang->perms_topic_unlock, 'topic_unlock_mod' => $this->lang->perms_topic_unlock_mod, 'topic_unlock_own' => $this->lang->perms_topic_unlock_own, 'topic_pin' => $this->lang->perms_topic_pin, 'topic_pin_own' => $this->lang->perms_topic_pin_own, 'topic_split' => $this->lang->perms_topic_split, 'topic_split_own' => $this->lang->perms_topic_split_own, 'topic_unpin' => $this->lang->perms_topic_unpin, 'topic_unpin_own' => $this->lang->perms_topic_unpin_own, 'topic_move' => $this->lang->perms_topic_move, 'topic_move_own' => $this->lang->perms_topic_move_own, 'post_attach' => $this->lang->perms_post_attach, 'post_attach_download' => $this->lang->perms_post_attach_download); if (!isset($this->post['submit'])) { $count = count($forums_list) + 1; if ($mode == 'user') { $query = $this->db->fetch("SELECT user_name, user_perms FROM {$this->pre}users WHERE user_id={$this->post['group']}"); $label = "User '{$query['user_name']}'"; } else { $query = $this->db->fetch("SELECT group_name FROM {$this->pre}groups WHERE group_id={$this->post['group']}"); $label = "Group '{$query['group_name']}'"; } $out = "\n\t\t\t<script type='text/javascript'>\n\t\t\t<!--\n\t\t\tfunction checkrow(element, check)\n\t\t\t{\n\t\t\t\tvar elements = document.forms['form'].elements;\n\t\t\t\tvar count = elements.length;\n\n\t\t\t\tfor (var i=0; i<count; i++) {\n\t\t\t\t\tvar current = elements[i];\n\t\t\t\t\tvar temp = current.name.split('[');\n\n\t\t\t\t\tif (!temp[1]) continue;\n\t\t\t\t\ttemp2 = temp[1].split(']');\n\n\t\t\t\t\tif (temp2[0] == element) {\n\t\t\t\t\t\tcurrent.checked = check;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tfunction changeall(element, check)\n\t\t\t{\n\t\t\t\tif (!check) {\n\t\t\t\t\tcheckallbox(element, false);\n\t\t\t\t} else if (areallchecked(element)) {\n\t\t\t\t\tcheckallbox(element, true);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tfunction checkallbox(element, check)\n\t\t\t{\n\t\t\t\tvar elements = document.forms['form'].elements;\n\t\t\t\tvar count = elements.length;\n\n\t\t\t\tvar allchecked = true;\n\n\t\t\t\tfor (var i=0; i<count; i++) {\n\t\t\t\t\tvar current = elements[i];\n\n\t\t\t\t\tif (current.name == ('perms[' + element + '][-1]')) {\n\t\t\t\t\t\tcurrent.checked = check;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tfunction areallchecked(element)\n\t\t\t{\n\t\t\t\tvar elements = document.forms['form'].elements;\n\t\t\t\tvar count = elements.length;\n\n\t\t\t\tvar allchecked = true;\n\n\t\t\t\tfor (var i=0; i<count; i++) {\n\t\t\t\t\tvar current = elements[i];\n\n\t\t\t\t\tif (current.name == ('perms[' + element + '][-1]')) {\n\t\t\t\t\t\tcontinue;\n\t\t\t\t\t}\n\n\t\t\t\t\tvar temp = current.name.split('[');\n\n\t\t\t\t\tif (!temp[1]) continue;\n\t\t\t\t\ttemp2 = temp[1].split(']');\n\n\t\t\t\t\tif (temp2[0] == element) {\n\t\t\t\t\t\tif (!current.checked) {\n\t\t\t\t\t\t\tallchecked = false;\n\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\treturn allchecked;\n\t\t\t}\n\t\t\t//-->\n\t\t\t</script>\n\n\t\t\t<form id='form' action='{$this->self}?a=perms{$link}' method='post'>\n\t\t\t<div align='center'><span style='font-size:14px;'><b>Permissions For {$label}</b></span>"; if ($mode == 'user') { $out .= "<br />{$this->lang->perms_override_user}<br /><br />\n\t\t\t\t<div style='border:1px dashed #ff0000; width:25%; padding:5px'><input type='checkbox' name='usegroup' id='usegroup' style='vertical-align:middle'" . (!$query['user_perms'] ? ' checked' : '') . " /> <label for='usegroup' style='vertical-align:middle'>{$this->lang->perms_only_user}</label></div>"; } $out .= "</div>" . $this->table . "\n\t\t\t<tr>\n\t\t\t\t<td colspan='" . ($count + 1) . "' class='header'>{$label}</td>\n\t\t\t</tr>"; $out .= $this->show_headers($forums_list); $this->iterator_init('tablelight', 'tabledark'); $i = 0; foreach ($perms as $perm => $label) { $out .= "\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='" . $this->iterate() . "'>{$label}</td>\n\t\t\t\t\t<td class='" . $this->lastValue() . "' align='center'>\n\t\t\t\t\t\t<input type='checkbox' name='perms[{$perm}][-1]' id='perms_{$perm}' onclick='checkrow(\"{$perm}\", this.checked)'" . ($perms_obj->auth($perm) ? ' checked=\'checked\'' : '') . " />All\n\t\t\t\t\t</td>"; if (!isset($perms_obj->globals[$perm])) { foreach ($forums_list as $forum) { if ($perms_obj->auth($perm, $forum['forum_id'])) { $checked = " checked='checked'"; } else { $checked = ''; } $out .= "\n<td class='" . $this->lastValue() . "' align='center'><input type='checkbox' name='perms[{$perm}][{$forum['forum_id']}]' onclick='changeall(\"{$perm}\", this.checked)'{$checked} /></td>"; } } elseif ($forums_list) { $out .= "\n<td class='" . $this->lastValue() . "' colspan='{$count}' align='center'>N/A</td>"; } $out .= "\n\t\t\t\t</tr>"; $i++; if ($i % 12 == 0) { $out .= $this->show_headers($forums_list); } } return $out . "\n\t\t\t<tr>\n\t\t\t\t<td colspan='" . ($count + 1) . "' class='footer' align='center'><input type='hidden' name='group' value='{$this->post['group']}' /><input type='submit' name='submit' value='Update Permissions' /></td>\n\t\t\t</tr>" . $this->etable . "</form>"; } else { if ($mode == 'user' && isset($this->post['usegroup'])) { $perms_obj->cube = ''; $perms_obj->update(); return $this->message($this->lang->perms, $this->lang->perms_user_inherit); } $perms_obj->reset_cube(false); if (!isset($this->post['perms'])) { $this->post['perms'] = array(); } foreach ($this->post['perms'] as $name => $data) { if (isset($data[-1]) || isset($data['-1']) || count($data) == count($forums_list)) { $perms_obj->set_xy($name, true); } else { foreach ($data as $forum => $on) { $perms_obj->set_xyz($name, intval($forum), true); } } } $perms_obj->update(); return $this->message($this->lang->perms, $this->lang->perms_updated); } }
/** * Delete subscriptions that have now been made * illegal due to permissions change * * @param string $mode contains group or user * @param integer $group group or user id * @author Jonathan West <*****@*****.**> * @since 1.1.6 **/ function check_subscriptions($mode, $group) { if ($mode == 'user') { $query = $this->db->query("SELECT s.subscription_user, s.subscription_item, s.subscription_type, u.user_id, u.user_group, u.user_perms\r\n\t\t\t\t\t\t\t\t\tFROM ({$this->pre}subscriptions s, {$this->pre}users u)\r\n\t\t\t\t\t\t\t\t\tWHERE s.subscription_user = {$group}\r\n\t\t\t\t\t\t\t\t\tAND s.subscription_user = u.user_id\r\n\t\t\t\t\t\t\t\t\t"); while ($sub = $this->db->nqfetch($query)) { $perms = new permissions(); $perms->db =& $this->db; $perms->pre =& $this->pre; $perms->get_perms($sub['user_group'], $sub['user_id'], $sub['user_perms']); if ($sub['subscription_type'] == 'forum') { if (!$perms->auth('forum_view', $sub['subscription_item'])) { //if user can no longer view forum $this->db->query("DELETE FROM {$this->pre}subscriptions WHERE subscription_user={$sub['user_id']} AND subscription_item={$sub['subscription_item']}"); } if (!$perms->auth('forum_subscribe', $sub['subscription_item'])) { //if user can no longer subscribe to a forum $this->db->query("DELETE FROM {$this->pre}subscriptions WHERE subscription_user={$sub['user_id']} AND subscription_item={$sub['subscription_item']}"); } } else { $check = $this->db->fetch("SELECT topic_forum FROM {$this->pre}topics WHERE topic_id={$sub['subscription_item']}"); if (!$perms->auth('forum_view', $check['topic_forum'])) { //if user can no longer view forum $this->db->query("DELETE FROM {$this->pre}subscriptions WHERE subscription_user={$sub['user_id']} AND subscription_item={$sub['subscription_item']}"); } if (!$perms->auth('forum_subscribe', $check['topic_forum'])) { //if user can no longer subscribe to a forum $this->db->query("DELETE FROM {$this->pre}subscriptions WHERE subscription_user={$sub['user_id']} AND subscription_item={$sub['subscription_item']}"); } } } } else { //if a member of the group has subscriptions $query = $this->db->query("SELECT s.subscription_user, s.subscription_item, s.subscription_type, u.user_id, u.user_group, g.group_perms\r\n\t\t\t\t\t\t\t\t\tFROM ({$this->pre}subscriptions s, {$this->pre}users u, {$this->pre}groups g)\r\n\t\t\t\t\t\t\t\t\tWHERE g.group_id = {$group}\r\n\t\t\t\t\t\t\t\t\tAND u.user_group = g.group_id\r\n\t\t\t\t\t\t\t\t\tAND s.subscription_user = u.user_id\r\n\t\t\t\t\t\t\t\t\t"); while ($sub = $this->db->nqfetch($query)) { $perms = new permissions(); $perms->db =& $this->db; $perms->pre =& $this->pre; $perms->get_perms($sub['user_group'], $sub['user_id'], $sub['group_perms']); if ($sub['subscription_type'] == 'forum') { if (!$perms->auth('forum_view', $sub['subscription_item'])) { //if user can no longer view forum $this->db->query("DELETE FROM {$this->pre}subscriptions WHERE subscription_user={$sub['user_id']} AND subscription_item={$sub['subscription_item']}"); } if (!$perms->auth('forum_subscribe', $sub['subscription_item'])) { //if user can no longer subscribe to a forum $this->db->query("DELETE FROM {$this->pre}subscriptions WHERE subscription_user={$sub['user_id']} AND subscription_item={$sub['subscription_item']}"); } } else { $check = $this->db->fetch("SELECT topic_forum FROM {$this->pre}topics WHERE topic_id={$sub['subscription_item']}"); if (!$perms->auth('forum_view', $check['topic_forum'])) { //if user can no longer view forum $this->db->query("DELETE FROM {$this->pre}subscriptions WHERE subscription_user={$sub['user_id']} AND subscription_item={$sub['subscription_item']}"); } if (!$perms->auth('forum_subscribe', $check['topic_forum'])) { //if user can no longer subscribe to a forum $this->db->query("DELETE FROM {$this->pre}subscriptions WHERE subscription_user={$sub['user_id']} AND subscription_item={$sub['subscription_item']}"); } } } } }
function listar($tpl) { if (isset($_POST['client'])) { $this->client = $_POST['client']; $_SESSION['id_client'] = $this->client; } if (!isset($_SESSION['id_client'])) { $this->client = 0; } else { $this->client = $_SESSION['id_client']; } $num = $this->get_list_contacts($this->client); $tabla_listado = new table(true); $per = new permissions(); $per->get_permissions_list('contacts'); if ($num == 0) { if ($this->client == 0) { $per->add = false; } $cadena = '' . $cadena . $tabla_listado->tabla_vacia('contacts', $per->add); $variables = $tabla_listado->nombres_variables; } else { $cadena = '' . $tabla_listado->make_tables('contacts', $this->contacts_list, array('Nombre', 30, 'Primer Apellido', 20, 'Segundo Apellido', 20), array($this->ddbb_id_contact, $this->ddbb_name, $this->ddbb_last_name, $this->ddbb_last_name2), 10, $per->permissions_module, $per->add); $variables = $tabla_listado->nombres_variables; } $tpl->assign('variables', $variables); $tpl->assign('cadena', $cadena); return $tpl; }