public function listAll()
 {
     $toReturn = array();
     $toReturn['grades'] = gradeLevels::get()->toArray();
     $toReturn['userRole'] = $this->data['users']->role;
     $toReturn['newuserRole'] = $this->data['users']->newrole;
     $toReturn['userRole'] = $this->data['users']->role;
     $newrole = $this->data['users']->newrole;
     $newrole_array = json_decode($newrole);
     $params = permissions::where('moduleId', 3)->where('permission', 1)->get();
     foreach ($params as $param) {
         $uniparam[] = $param->roleId;
     }
     if ($toReturn['userRole'] == "teacher") {
         if (array_intersect($newrole_array, $uniparam)) {
             $toReturn['access'] = 1;
         } else {
             $toReturn['access'] = 0;
         }
     } elseif ($toReturn['userRole'] == "admin") {
         $toReturn['access'] = 1;
     } else {
         $toReturn['access'] = 0;
     }
     return $toReturn;
 }
示例#2
0
 public function listAll()
 {
     $toReturn['exams'] = examsList::where('examAcYear', $this->panelInit->selectAcYear)->get()->toArray();
     if ($this->data['users']->role == "teacher") {
         $toReturn['classes'] = classes::where('classAcademicYear', $this->panelInit->selectAcYear)->where('classTeacher', 'LIKE', '%"' . $this->data['users']->id . '"%')->get()->toArray();
     } else {
         $toReturn['classes'] = classes::where('classAcademicYear', $this->panelInit->selectAcYear)->get()->toArray();
     }
     $toReturn['userRole'] = $this->data['users']->role;
     $newrole = $this->data['users']->newrole;
     $newrole_array = json_decode($newrole);
     $params = permissions::where('moduleId', 1)->where('permission', 1)->get();
     $uniparam = array(5, 6, 7, 8, 15);
     if ($toReturn['userRole'] == "teacher") {
         if (array_intersect($newrole_array, $uniparam)) {
             $toReturn['access'] = 1;
         } else {
             $toReturn['access'] = 0;
         }
     } elseif ($toReturn['userRole'] == "admin") {
         $toReturn['access'] = 1;
     } else {
         $toReturn['access'] = 0;
     }
     $toReturn['newuserRole'] = $this->data['users']->newrole;
     return $toReturn;
 }
function smarty_function_get_nodes_by_parent($params, &$smarty)
{
    global $node;
    $sql_time = "";
    $sql_type = "";
    $parent = $params['parent'];
    $permissions = permissions::checkPerms($parent);
    if (!$permissions['r']) {
        $error = $error_messages['READ_PERMISSION_ERROR'];
        return false;
    }
    $parent_vectot = $parent['node_vector'];
    if ($params['listing_amount'] == 'all') {
        $listing_amount = DEF_MAX_LISTING_AMMOUNT;
    } else {
        $listing_amount = $params['listing_amount'];
    }
    if (empty($params['offset'])) {
        $offset = 0;
    } else {
        $offset = $params['offset'];
    }
    if (isset($params['orderby'])) {
        $orderby = db_escape_string($params['orderby']);
    }
    global $db, $node;
    $node_id = $node['node_id'];
    $user_id = $_SESSION['user_id'];
    if (isset($params['time'])) {
        $sql_time = " nodes.node_created > '" . db_escape_string($params['time']) . "' and ";
    }
    $q = "select parent.node_name as parent_name,users.*,nodes.*,node_access.node_user_subchild_count from nodes left join nodes as parent on parent.node_id=nodes.node_parent left join node_access on node_access.node_id=nodes.node_id and node_access.user_id='{$user_id}' left  join users on users.user_id=nodes.node_creator where ";
    $q .= " {$sql_time} nodes.node_parent='{$parent}' and nodes.node_system_access!='private'";
    if (isset($_POST['template_event']) && $_POST['template_event'] == 'filter_by') {
        if (isset($_POST['search_type']) && $_POST['search_type'] == 'content') {
            $sql_type .= " and node_content like '%" . db_escape_string($_POST['node_content']) . "%' ";
        } else {
            $q2 = "select user_id from users where login='******'node_content']) . "'";
            $userset = $db->query($q2);
            $userset->next();
            $id = $userset->getString('user_id');
            $sql_type = " and nodes.node_creator='{$id}'";
        }
        $q .= $sql_type;
    }
    if (isset($orderby)) {
        $q .= " order by {$orderby} ";
    } else {
        $q .= " order by nodes.node_id desc ";
    }
    $q .= " LIMIT {$offset},{$listing_amount} ";
    $set = $db->query($q);
    while ($set->next()) {
        $pole[] = $set->getRecord();
    }
    $smarty->assign('get_nodes_by_parent', $pole);
}
 public function update()
 {
     $moduleId = Input::get('moduleId');
     $roleId = Input::get('roleId');
     $permissionValue = Input::get('permission');
     $matchThese = ['moduleId' => $moduleId, 'roleId' => $roleId];
     $permissions = permissions::where('roleId', '=', $roleId)->first();
     $query = 'update permissions set permission= ' . $permissionValue . ' where moduleId =' . $moduleId . ' and roleId=' . $roleId;
     $result = DB::update($query);
     return 1;
 }
示例#5
0
/**
 * Возвращает список предупреждение пользователя для попап окна.
 * 
 * @param int    $uid       UID пользователя
 * @param array  $contextId Контекст (для лога админских действий)
 * @param string $draw_func способ отображения
 *
 * @return object xajaxResponse
 */
function getUserWarns($uid = 0, $contextId = '', $draw_func = '')
{
    session_start();
    $objResponse = new xajaxResponse();
    if (hasPermissions('users')) {
        require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/permissions.php';
        require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/users.php';
        $user = new users();
        $user->GetUserByUID($uid);
        if ($user->uid) {
            $aPermissions = permissions::getUserPermissions($_SESSION['uid']);
            $admin_log = new admin_log('user', $_SESSION['uid'], $aPermissions);
            $aWarns = $admin_log->getUserWarns($nCount, $uid);
            $sCount = $nCount ? $nCount : '0';
            $sWarns = $user->warn ? $user->warn : '0';
            $objResponse->assign('a_user_warns', 'href', '/users/' . $user->login);
            $objResponse->assign('s_user_warns', 'innerHTML', $user->uname . ' ' . $user->usurname . ' [' . $user->login . ']');
            $objResponse->assign('e_user_warns', 'innerHTML', $sWarns);
            $objResponse->assign('n_user_warns', 'innerHTML', $sCount);
            if ($nCount) {
                $sTable = '<table id="t_user_warns" class="notice-table">';
                $nCount = 1;
                foreach ($aWarns as $aOne) {
                    $sReason = $aOne['admin_comment'] ? hyphen_words($aOne['admin_comment'], true) : '&lt;без причины&gt;';
                    $sAdmin = $aOne['adm_login'] ? '<a target="_blank" href="/users/' . $aOne['adm_login'] . '">' . $aOne['adm_login'] . '</a>' : 'не известно';
                    $sDate = $aOne['act_time'] ? date('d.m.Y H:i', strtotime($aOne['act_time'])) : 'не известно';
                    $sTable .= '<tr>
                    	<td class="cell-number">' . $nCount . '.</td>
                    	<td class="cell-uwarn">' . $sReason . '</td>
                    	<td class="cell-who">Выдан: [' . $sAdmin . ']
                    	<td class="cell-date">' . $sDate . '</td>
                        <td' . ($aOne['src_id'] ? ' id="i_user_warns_' . $aOne['src_id'] . '"' : '') . '>' . ($aOne['src_id'] ? '<a href="javascript:void(0);" onclick="banned.warnUser(' . $uid . ',' . $aOne['src_id'] . ',\'' . $draw_func . '\',\'' . $contextId . '\',0);"><img src="/images/btn-remove2.png" alt="" width="11" height="11" /></a>' : '') . '</td>
                    </tr>';
                    ++$nCount;
                }
                $sTable .= '</table>';
                $objResponse->assign('d_user_warns', 'innerHTML', $sTable);
            } else {
                $objResponse->assign('d_user_warns', 'innerHTML', '&nbsp;');
            }
            $sBanTitle = $user->is_banned || $user->ban_where ? 'Разбанить' : 'Забанить';
            $objResponse->script('adminLogOverlayClose();');
            $objResponse->script("\$('ov-notice4').setStyle('display', '');");
            $objResponse->script('adjustUserWarnsHTML();');
            $objResponse->assign('b_user_warns', 'innerHTML', '<button onclick="adminLogOverlayClose();banned.userBan(' . $uid . ', \'' . $contextId . '\',0)">' . $sBanTitle . '</button><a class="lnk-dot-grey" href="javascript:void(0);" onclick="adminLogOverlayClose();">Отмена</a>');
        }
    }
    return $objResponse;
}
示例#6
0
 public function __construct()
 {
     $this->panelInit = new \DashboardInit();
     $this->data['panelInit'] = $this->panelInit;
     $this->data['breadcrumb']['User Settings'] = \URL::to('/dashboard/user');
     $this->data['users'] = \Auth::user();
     $params = permissions::where('moduleId', 2)->where('permission', 1)->get();
     foreach ($params as $param) {
         $uniparam[] = $param->roleId;
     }
     $params = permissions::where('moduleId', 4)->where('permission', 1)->get();
     foreach ($params as $param) {
         $uniparam2[] = $param->roleId;
     }
     $this->data['attendancepermission'] = $uniparam;
     $this->data['staffattendancepermission'] = $uniparam2;
 }
示例#7
0
function checkUserDat()
{
    global $returnedDBdata;
    if (!empty($_GET['Char']) && !empty($_GET['Server'])) {
        // First run check for currently searched character
        $charTOfetch = $_GET['Char'];
        $fromWHATserver = $_GET['Server'];
        // Lookup character in local DB
        $resp = roster_db::lookup($charTOfetch, $fromWHATserver);
        $returnedDBdata = $resp->lookupData;
        // If <is || not> in local DB
        if ($resp->count == 1) {
            viewChar($charTOfetch, $fromWHATserver);
        } else {
            permissions::verify($functWanted = 'fetchCharDat', $functElse = 'recentlySyncd', $rankWanted = '0');
        }
    } else {
        // Else if no get data to use
        nochar();
    }
}
示例#8
0
get_mysql_server_version();
$lang = get_config('language_set');
require_once 'i18n/' . $lang . '/i18n.php';
require_once PATH_TO_CLASSES . '/cls_fast_template.php';
require_once PATH_TO_CLASSES . '/cls_permissions.php';
// inicjowanie klasy, wkazanie katalogu przechowuj±cego szablony
$ft = new FastTemplate('./templates/' . $lang . '/tpl');
// egzemplarz klasy obs³uguj±cej bazê danych Core
$db = new DB_SQL();
// pobieramy poziom uprawnieñ
$query = sprintf("\r\n    SELECT \r\n        permission_level \r\n    FROM \r\n        %1\$s \r\n    WHERE \r\n        login = '******'", TABLE_USERS, $_SESSION['login']);
$db->query($query);
$db->next_record();
$privileges = $db->f('permission_level');
// egzemplarz klasy do obs³ugi uprawnieñ
$perms = new permissions();
$permarr = $perms->getPermissions($privileges);
$ft->assign(array('PERMS_USER' => false, 'PERMS_WRITER' => false, 'PERMS_MODERATOR' => false, 'PERMS_TPLEDITOR' => false, 'PERMS_ADMIN' => false));
switch ($privileges) {
    case '1':
        $privilege_level = 1;
        $ft->assign('PERMS_USER', true);
        break;
    case '3':
        $privilege_level = 2;
        $ft->assign('PERMS_USER', true);
        $ft->assign('PERMS_WRITER', true);
        break;
    case '7':
        $privilege_level = 3;
        $ft->assign('PERMS_USER', true);
示例#9
0
 /**
  * Add a dialplan for call center
  * @var string $domain_uuid		the multi-tenant id
  * @var string $value	string to be cached
  */
 public function dialplan()
 {
     //delete previous dialplan
     if (strlen($this->dialplan_uuid) > 0) {
         //delete the previous dialplan
         $sql = "delete from v_dialplans ";
         $sql .= "where dialplan_uuid = '" . $this->dialplan_uuid . "' ";
         $sql .= "and domain_uuid = '" . $this->domain_uuid . "' ";
         $this->db->exec($sql);
         $sql = "delete from v_dialplan_details ";
         $sql .= "where dialplan_uuid = '" . $this->dialplan_uuid . "' ";
         $sql .= "and domain_uuid = '" . $this->domain_uuid . "' ";
         $this->db->exec($sql);
         unset($sql);
     }
     unset($prep_statement);
     //build the dialplan array
     $dialplan["app_uuid"] = "95788e50-9500-079e-2807-fd530b0ea370";
     $dialplan["domain_uuid"] = $this->domain_uuid;
     $dialplan["dialplan_name"] = $this->queue_name != '' ? $this->queue_name : format_phone($this->destination_number);
     $dialplan["dialplan_number"] = $this->destination_number;
     $dialplan["dialplan_context"] = $_SESSION['context'];
     $dialplan["dialplan_continue"] = "false";
     $dialplan["dialplan_order"] = "210";
     $dialplan["dialplan_enabled"] = "true";
     $dialplan["dialplan_description"] = $this->queue_description;
     $dialplan_detail_order = 10;
     //add the public condition
     $y = 1;
     $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid;
     $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "condition";
     $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "\${caller_id_name}";
     $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = "^([^#]+#)(.*)\$";
     $dialplan["dialplan_details"][$y]["dialplan_detail_break"] = "never";
     $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "1";
     $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10;
     $y++;
     $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid;
     $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "action";
     $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "set";
     $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = "caller_id_name=\$2";
     $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "1";
     $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10;
     $y++;
     $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid;
     $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "condition";
     $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "destination_number";
     $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = "^" . $this->destination_number . "\$";
     $dialplan["dialplan_details"][$y]["dialplan_detail_break"] = "";
     $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "2";
     $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10;
     $y++;
     $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid;
     $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "action";
     $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "answer";
     $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = "";
     $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "2";
     $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10;
     $y++;
     $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid;
     $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "action";
     $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "set";
     $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = "hangup_after_bridge=true";
     $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "2";
     $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10;
     $y++;
     if (strlen($this->queue_cid_prefix) > 0) {
         $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid;
         $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "action";
         $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "set";
         $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = "effective_caller_id_name=" . $this->queue_cid_prefix . "#\${caller_id_name}";
         $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "2";
         $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10;
         $y++;
     }
     $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid;
     $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "action";
     $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "callcenter";
     $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = $this->queue_name . '@' . $_SESSION["domain_name"];
     $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "2";
     $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10;
     $y++;
     if (strlen($this->queue_timeout_action) > 0) {
         $action_array = explode(":", $this->queue_timeout_action);
         $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid;
         $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "action";
         $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = $action_array[0];
         $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = substr($this->queue_timeout_action, strlen($action_array[0]) + 1, strlen($this->queue_timeout_action));
         $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "2";
         $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10;
         $y++;
     }
     $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid;
     $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "action";
     $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "hangup";
     $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = "";
     $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "2";
     $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10;
     //add the dialplan permission
     $p = new permissions();
     $p->add("dialplan_add", 'temp');
     $p->add("dialplan_detail_add", 'temp');
     $p->add("dialplan_edit", 'temp');
     $p->add("dialplan_detail_edit", 'temp');
     //save the dialplan
     $orm = new orm();
     $orm->name('dialplans');
     $orm->save($dialplan);
     $dialplan_response = $orm->message;
     $this->dialplan_uuid = $dialplan_response['uuid'];
     //if new dialplan uuid then update the call center queue
     $sql = "update v_call_center_queues ";
     $sql .= "set dialplan_uuid = '" . $this->dialplan_uuid . "' ";
     $sql .= "where call_center_queue_uuid = '" . $this->call_center_queue_uuid . "' ";
     $sql .= "and domain_uuid = '" . $this->domain_uuid . "' ";
     $this->db->exec($sql);
     unset($sql);
     //remove the temporary permission
     $p->delete("dialplan_add", 'temp');
     $p->delete("dialplan_detail_add", 'temp');
     $p->delete("dialplan_edit", 'temp');
     $p->delete("dialplan_detail_edit", 'temp');
     //synchronize the xml config
     save_dialplan_xml();
     //clear the cache
     $cache = new cache();
     $cache->delete("dialplan:" . $_SESSION['context']);
     //return the dialplan_uuid
     return $dialplan_response;
 }
示例#10
0
"> 
<input type="submit" value=" Показать ">
</form>

<br><br>

<table width="100%" border="0" cellspacing="5" cellpadding="5">
<?php 
if ($users) {
    ?>
    <?php 
    foreach ($users as $user) {
        ?>
        <?php 
        $user_groups = permissions::getUserGroups($user['uid']);
        $user_rights = permissions::getUserExtraRights($user['uid']);
        $utype = is_emp($user['role']) ? 'emp' : 'frl';
        ?>
        <tr>
            <td>
                <table width="100%" cellspacing="0" cellpadding="0" border="0">
            		<tr valign="top" class="n_qpr">
            			<td width="70" align="center"><a name="user_<?php 
        echo $user['uid'];
        ?>
"></a><a href="/users/<?php 
        echo $user['login'];
        ?>
" class="<?php 
        echo $utype;
        ?>
示例#11
0
 /**
  * Adds a forum with parameters from $this->post
  *
  * @author Mark Elliot <*****@*****.**>
  * @since Beta 2.1
  * @return string Completion message
  **/
 function AddForum()
 {
     if (trim($this->post['name']) == '') {
         return "The forum name is empty. (Please press back and enter a name)";
     }
     $forums = $this->forum_grab();
     $forums_arr = $this->forum_array($forums, $this->post['parent']);
     $position = $forums_arr ? count($forums_arr) : 0;
     $this->db->query("INSERT INTO {$this->pre}forums\r\n\t\t(forum_tree, forum_parent, forum_name, forum_description, forum_position) VALUES\r\n\t\t('" . $this->CreateTree($forums, $this->post['parent']) . "', '{$this->post['parent']}', '{$this->post['name']}', '{$this->post['description']}', '{$position}')");
     $id = $this->db->insert_id();
     $perms = new permissions();
     $perms->db =& $this->db;
     $perms->pre =& $this->pre;
     while ($perms->get_group()) {
         // Full permissions (note: the banned group is still false)
         if ($this->post['sync'] == -2) {
             $perms->add_z($id, $perms->group != USER_BANNED);
             // Default permissions (only works if there are no forums already created)
         } elseif ($this->post['sync'] == -3) {
             $perms->add_z($id);
             // No permissions
         } elseif ($this->post['sync'] == -1) {
             $perms->add_z($id, false);
             // Copy another forum
         } else {
             $perms->add_z($id, false);
             foreach ($perms->standard as $perm => $false) {
                 if (!isset($perms->globals[$perm])) {
                     $perms->set_xyz($perm, $id, $perms->auth($perm, $this->post['sync']));
                 }
             }
         }
         $perms->update();
     }
     return "Forum added!<br/><br/><a href='{$this->self}'>Continue</a>";
 }
示例#12
0
         $p_level = 1;
         break;
     case '3':
         $p_level = 2;
         break;
     case '7':
         $p_level = 3;
         break;
     case '15':
         $p_level = 4;
         break;
     case '31':
         $p_level = 5;
         break;
 }
 $new_permissions = new permissions();
 if ($plevel == "down") {
     if ($p_level == 1) {
         $ft->assign('CONFIRM', $i18n['edit_users'][8]);
     } else {
         $p_level = $p_level - 1;
         switch ($p_level) {
             case '3':
                 $new_permissions->permissions["user"] = TRUE;
                 $new_permissions->permissions["writer"] = TRUE;
                 $new_permissions->permissions["moderator"] = TRUE;
                 break;
             case '2':
                 $new_permissions->permissions["user"] = TRUE;
                 $new_permissions->permissions["writer"] = TRUE;
                 break;
 function listar($tpl)
 {
     if (isset($_POST['submit_corps_search'])) {
         //Se toma el n�mero de registros y se guarda en varable de sesi�n
         //que se cumpla en todos los accesos del usuario
         $_SESSION['num_regs'] = $_POST['regs'];
     }
     $num = $this->get_list_emps($_SESSION['ident_corp']);
     $tabla_listado = new table(true);
     $per = new permissions();
     $per->get_permissions_list('emps');
     if ($num == 0) {
         $cadena = '' . $cadena . $tabla_listado->tabla_vacia('emps', $per->add);
         $variables = $tabla_listado->nombres_variables;
     } else {
         $cadena = '' . $tabla_listado->make_tables('emps', $this->emps_list, array('Nombre', 20, 'Primer Apellido', 20, 'Segundo Apellido', 20), array($this->ddbb_id_emp, $this->ddbb_name, $this->ddbb_last_name, $this->ddbb_last_name2), $_SESSION['num_regs'], $per->permissions_module, $per->add);
         $variables = $tabla_listado->nombres_variables;
     }
     $tpl->assign('variables', $variables);
     $tpl->assign('cadena', $cadena);
     return $tpl;
 }
示例#14
0
 /**
  * Изменить информацию о группах и правах пользователя
  *
  * @param   integer     $uid                ID пользователя
  * @param   array       $groups             Информация о группах
  * @param   array       $rights_allow       Информация о разрешенных правах
  */
 function updateUser($uid, $groups, $rights_allow)
 {
     global $DB;
     $user_groups_rights = array();
     if (!is_array($rights_allow)) {
         $rights_allow = array();
     }
     if (!is_array($rights_disallow)) {
         $rights_disallow = array();
     }
     $sql = "DELETE FROM permissions_groups_users WHERE user_id=?i";
     $DB->query($sql, $uid);
     $sql = "DELETE FROM permissions_rights_users WHERE user_id=?i";
     $DB->query($sql, $uid);
     if (is_array($groups)) {
         $sql = "";
         if ($groups) {
             foreach ($groups as $group) {
                 $g_rights = permissions::getGroupInfo($group);
                 if ($g_rights['rights']) {
                     foreach ($g_rights['rights'] as $g_right) {
                         if (!in_array($g_right, $user_groups_rights)) {
                             array_push($user_groups_rights, $g_right);
                         }
                     }
                 }
                 $sql .= "INSERT INTO permissions_groups_users(group_id,user_id) VALUES({$group},{$uid});\n ";
             }
             $DB->query($sql);
             $DB->query("UPDATE users SET is_chuck = true WHERE uid = {$uid}");
         }
     }
     $tr_allow = array_diff($rights_allow, $user_groups_rights);
     $tr_disallow = array_diff($user_groups_rights, $rights_allow);
     $rights_allow = $tr_allow;
     $rights_disallow = $tr_disallow;
     if (is_array($rights_allow)) {
         $sql = "";
         if ($rights_allow) {
             foreach ($rights_allow as $right) {
                 $sql .= "INSERT INTO permissions_rights_users(right_id,user_id,is_allow) VALUES({$right},{$uid},'t');\n ";
             }
             $DB->query($sql);
         }
     }
     if (is_array($rights_disallow)) {
         $sql = "";
         if ($rights_disallow) {
             foreach ($rights_disallow as $right) {
                 $sql .= "INSERT INTO permissions_rights_users(right_id,user_id,is_allow) VALUES({$right},{$uid},'f');\n ";
             }
             $DB->query($sql);
         }
     }
 }
 function view($id, $tpl)
 {
     /*
     	Cosas que faltan por hacer:
     		De forma general, mirar los permisos del usuario que vaya a acceder aqui, para saber si tiene permisos de borrar editar ver etc...
     		Averiguar como pasar el numero de registros, si va a ser a grupos a grupos, si va a ser a modulos, a modulos
     		Order By (y mantener la b�squeda en el caso de que hubiera hecha una y averiguar la "pesta�a" a la que hace referencia)
     		Busquedas
     */
     $cadena = '';
     // Leemos la empresa y se lo pasamos a la plantilla
     $this->read($id);
     $tpl->assign('objeto', $this);
     $_SESSION['id_client'] = $this->id_client;
     //listado de contactos
     $tabla_contactos = new table(false);
     $contactos = new contacts();
     if ($contactos->get_list_contacts($_SESSION['id_client']) == 0) {
         $per = new permissions();
         $per->get_permissions_list('clients');
         $cadena = $cadena . $tabla_contactos->tabla_vacia('contacts', $per->add);
         $variables_empleados = $tabla_contactos->nombres_variables;
     } else {
         $per = new permissions();
         $per->get_permissions_list('clients');
         $cadena = $cadena . $tabla_contactos->make_tables('contacts', $contactos->contacts_list, array('Nombre', 20, 'Primer Apellido', 20, 'Segundo Apellido', 20), array('id_contact', 'name', 'last_name', 'last_name2'), $_SESSION['num_regs'], $per->permissions_module, $per->add);
         $variables_contactos = $tabla_contactos->nombres_variables;
     }
     $facturaspen = new table(false);
     $facturascob = new table(false);
     $albaranes = new table(false);
     $partes = new table(false);
     $cadena = $cadena . $facturaspen->dont_show('facturaspen');
     $cadena = $cadena . $facturascob->dont_show('facturascob');
     $cadena = $cadena . $albaranes->dont_show('albaranes');
     $cadena = $cadena . $partes->dont_show('partes');
     $variables_facturaspen = $facturaspen->nombres_variables;
     $variables_facturascob = $facturascobs->nombres_variables;
     $variables_albaranes = $albaranes->nombres_variables;
     $variables_partes = $partes->nombres_variables;
     $i = 0;
     while ($i < count($variables_contactos) + count($variables_facturaspen) + count($variables_facturascob) + count($variables_products) + count($variables_services) + count($variables_albaranes) + count($variables_partes)) {
         for ($j = 0; $j < count($variables_contactos); $j++) {
             $variables[$i] = $variables_contactos[$j];
             $i++;
         }
         for ($j = 0; $j < count($variables_facturaspen); $j++) {
             $variables[$i] = $variables_facturaspen[$j];
             $i++;
         }
         for ($j = 0; $j < count($variables_facturascob); $j++) {
             $variables[$i] = $variables_facturascob[$j];
             $i++;
         }
         for ($j = 0; $j < count($variables_albaranes); $j++) {
             $variables[$i] = $variables_albaranes[$j];
             $i++;
         }
         for ($j = 0; $j < count($variables_partes); $j++) {
             $variables[$i] = $variables_partes[$j];
             $i++;
         }
     }
     //Se comprueba si hay permiso para borrar o modificar
     $permisos_mod_del = new permissions();
     $permisos_mod_del->get_permissions_modify_delete('clients');
     $tpl->assign('acciones', $permisos_mod_del->per_mod_del);
     $tpl->assign('variables', $variables);
     $tpl->assign('cadena', $cadena);
     //
     return $tpl;
 }
示例#16
0
/**
 * Проверяем входит ли пользователь в группу прав доступа
 *
 * @param   string      код группы(administrator - администраторы, moderator - модераторы)
 * @param   integer     ID пользователя
 * @return  boolean     true - входит, false - не входит
 */
function hasGroupPermissions($group, $uid = 0)
{
    require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/permissions.php";
    if (!$uid) {
        $uid = get_uid(false);
    }
    return permissions::getUserGroupPermissions($uid, $group);
}
示例#17
0
 /**
  * Checks Subscriptions to make sure subscribed members can  
  * still view the forum where the topic has been moved too
  *
  * @param $newtopic integer of the selected topic
  * @author Jonathan West <*****@*****.**>
  * @since 1.1.6
  **/
 function update_subscriptions($newtopic)
 {
     $query = $this->db->query("SELECT s.subscription_user, s.subscription_item, s.subscription_type,\r\n\t\t\t\t\t\t\t\t\tu.user_id, u.user_group, u.user_perms,\r\n\t\t\t\t\t\t\t\t\tg.group_id, g.group_perms,\r\n\t\t\t\t\t\t\t\t\tt.topic_forum\r\n\t\t\t\t\t\t\t\t\tFROM ({$this->pre}subscriptions s, {$this->pre}users u, {$this->pre}groups g, {$this->pre}topics t)\r\n\t\t\t\t\t\t\t\t\tWHERE s.subscription_user = u.user_id\r\n\t\t\t\t\t\t\t\t\tAND u.user_group = g.group_id\r\n\t\t\t\t\t\t\t\t\tAND t.topic_id = {$this->get['t']}\r\n\t\t\t\t\t\t\t\t\t");
     while ($sub = $this->db->nqfetch($query)) {
         $perms = new permissions();
         $perms->db =& $this->db;
         $perms->pre =& $this->pre;
         $perms->get_perms($sub['user_group'], $sub['user_id'], $sub['user_perms'] ? $sub['user_perms'] : $sub['group_perms']);
         if (!$perms->auth('forum_view', $sub['topic_forum'])) {
             $this->db->query("DELETE FROM {$this->pre}subscriptions WHERE subscription_user={$sub['user_id']} AND subscription_item={$sub['subscription_item']}");
         } else {
             $this->db->query('UPDATE ' . $this->pre . 'subscriptions SET subscription_item=' . $newtopic . ' WHERE subscription_item=' . $this->get['t'] . " AND subscription_type='topic'");
         }
         if (!$perms->auth('forum_subscribe', $sub['topic_forum'])) {
             $this->db->query("DELETE FROM {$this->pre}subscriptions WHERE subscription_user={$sub['user_id']} AND subscription_item={$sub['subscription_item']}");
         }
     }
 }
示例#18
0
 /**
  * Аутентификация пользователя и заполнение его сессии необходимыми данными.
  *
  * @param string $login логин пользователя
  * @param string $pwd   пароль пользователя
  * @param array &params             данные пользователя
  * @param boolean $is_2fa_off принудительное откулючение 2х этапной проверки
  *
  * @return integer id сессии
  *
  * @global DB $DB
  */
 public function Auth($login, $pwd, &$params, $is_2fa_off = false)
 {
     //////////////////////////////////////////////////////////
     // Ахтунг! Изменение логики нужно отражать также в новом движке.
     // Например, при добавлении новый полей в сессию, добавьте их в Web_Front::login()
     //////////////////////////////////////////////////////////
     global $DB;
     $plogin = preg_replace('/[+ ()-]/', '', $login);
     $phoneType = preg_replace("/\\D/", '', $plogin);
     if ($phoneType == $plogin) {
         $plogin = '******' . $plogin;
         $sql = "SELECT user_id FROM sbr_reqv WHERE (_1_mob_phone = ? OR _2_mob_phone = ?) AND is_activate_mob = 't'";
         $uids = $DB->rows($sql, $plogin, $plogin);
         if ($uids) {
             foreach ($uids as $u) {
                 $sql_uids .= $u['user_id'] . ',';
             }
             $sql_uids = preg_replace('/,$/', '', $sql_uids);
         }
     }
     $sql = '
       SELECT 
         u.email, u.role, u.uname, u.usurname, u.uid, u.is_banned, u.ban_where, u.active, 
         a.sum, a.bonus_sum,
         u.login, u.anti_uid, u.is_pro_test, u.is_pro_new, u.is_chuck, 
         u.sex, u.settings, u.splash_show, u.is_verify,
         u.reg_date, ac.code, u.photo, u.is_profi,
         u.birthday
       FROM users AS u
       LEFT JOIN activate_code ac ON ac.user_id = u.uid  
       LEFT JOIN account AS a ON a.uid = u.uid
       WHERE ((lower(u.login) = ? OR lower(u.email) = ?) AND u.passwd = ?) ' . ($sql_uids ? "OR ( u.uid IN ({$sql_uids}) AND u.passwd = ?)" : '');
     $res = $DB->rows($sql, strtolower($login), mb_strtolower($login), $pwd, $pwd);
     if ($res) {
         $qres = $res;
         $uvisits = array();
         $n = 0;
         foreach ($qres as $k => $v) {
             $uvisits[$this->getLastVisit($v['uid']) . '-' . $n] = $k;
             ++$n;
         }
         asort($uvisits);
         $res = $qres[array_pop($uvisits)];
     }
     $error .= $DB->error;
     $first_login = $this->getLastVisit($res['uid']);
     $ip = getRemoteIP();
     /**
      * Дополнительная проверка логина. 
      * Нужна для исправления паролей, содержащих 
      * теги (или похожие на теги последовательности).
      * 
      * !!Убрать после следующей глобальной смены паролей.
      */
     if (!$res) {
         // попробуем убрать (0018079)
         //$res = $this->FixPassword($sql, $login);
     }
     /**
      * Определяем нужна ли 2хэтапная авторизация.
      */
     if (!$is_2fa_off && count($res) && $first_login) {
         //не первый вход
         //если на 2ом этапе ввели другой аккаунт то направить
         //обратно на 2ой этап и сообщить обэтом
         if (isset($params['2fa_provider']['uid']) && $params['2fa_provider']['uid'] != $res['uid']) {
             $is_login = $params['2fa_provider']['type'] == 0;
             session::setFlashMessage($is_login ? self::TXT_AUTH_2FA_LOG_FAIL : self::TXT_AUTH_2FA_SOC_FAIL, '/auth/second/');
             return self::AUTH_STATUS_2FA;
         }
         $is_opauth = defined('IS_OPAUTH');
         if (!isset($params['2fa_provider']) || $params['2fa_provider']['type'] > 0 != $is_opauth) {
             //несовпадают типы авторизаций на 2ом этапе
             require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/opauth/OpauthModel.php';
             $opauthModel = new OpauthModel();
             $is_2fa = $opauthModel->getMultilevel($res['uid']);
             if (isset($is_2fa['type'])) {
                 //$is_2fa - авторизация через выбранную соцсеть
                 //0 - нужна обычная авторизация так как вход был выполнен через соцсеть
                 $params['2fa_provider'] = array('type' => !$is_opauth ? $is_2fa['type'] : 0, 'uid' => $res['uid'], 'login' => $res['login']);
                 //Сбрасываем авторизацию
                 $res = array();
                 //переходим ко 2ой стадии
                 return self::AUTH_STATUS_2FA;
             }
         }
     }
     //Более нам параметр этапов авторизации не нужен
     unset($params['2fa_provider']);
     /**
      * Успешная авторизация.
      */
     if (count($res)) {
         list($email, $trole, $tname, $tsurname, $tid, $is_banned, $ban_where, $active, $sum, $bonus_sum, $log, $anti_uid, $is_pro_test, $is_pro_new, $is_chuck, $sex, $settings, $splash_show, $is_verify, $reg_date, $activate_code, $photo, $is_profi, $birthday) = array_values($res);
         if ($activate_code != '' && $active == 't') {
             $this->checkRegDate($tid, $reg_date);
         }
         if ($is_banned) {
             return -1;
         }
         //if ($active=='f') return -2; //##0027983
         if (!$this->CheckUserAllowIP($ip, $tid)) {
             return -3;
         }
         $params['birthday'] = $birthday ? strtotime($birthday) : null;
         $params['age'] = $params['birthday'] ? intval(ElapsedYears($params['birthday'])) : null;
         require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/permissions.php';
         $params['permissions'] = permissions::getUserPermissions($tid);
         $params['email'] = $email;
         $params['role'] = $trole;
         $params['name'] = $tname;
         $params['surname'] = $tsurname;
         $params['uid'] = $tid;
         $params['user_ip'] = $ip;
         $params['ac_sum'] = zin($sum);
         $params['bn_sum'] = zin($bonus_sum);
         $params['login'] = $log;
         $params['is_pro_new'] = $is_pro_new;
         $params['pro_test'] = $is_pro_test;
         $params['is_chuck'] = $is_chuck;
         $params['is_verify'] = $is_verify;
         $params['sex'] = $sex;
         $params['reg_date'] = $reg_date;
         $params['photo'] = $photo;
         if (!is_emp($trole)) {
             $params['is_profi'] = $is_profi === 't';
         }
         if ($anti_uid) {
             $anti_class = is_emp($trole) ? 'freelancer' : 'employer';
             require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/{$anti_class}.php";
             $anti = new $anti_class();
             $anti->GetUserByUID($anti_uid);
             $params['anti_uid'] = $anti->uid;
             $params['anti_login'] = $anti->login;
             $params['anti_surname'] = $anti->usurname;
             $params['anti_name'] = $anti->uname;
         }
         if (!is_emp($params['role'])) {
             require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/projects_offers.php';
             if ($po_summary = projects_offers::GetFrlOffersSummary($params['uid'])) {
                 $params['po_count'] = $po_summary['total'];
             }
         }
         $sql = 'UPDATE users SET last_time = now(), last_ip = ?, is_active = true WHERE uid = ?i';
         $res = $DB->query($sql, $ip, $tid);
         $this->SaveLoginIPLog($tid, $ip);
         $this->increaseLoginsCnt($tid);
         // количество операций
         $sQuery = 'SELECT COUNT(ao.id) FROM account_operations ao 
             INNER JOIN account a ON a.id = ao.billing_id WHERE a.uid = ?i AND (ao.ammount <> 0 OR ao.trs_sum <> 0)';
         $params['account_operations'] = $DB->val($sQuery, $tid);
         $params['question_button_hide'] = $settings[1];
         // Показывать/скрывать кнопку "У вас есть вопрос?"
         $params['promo_block_hide'] = $settings[2];
         // показывать Блок "Быстрый доступ к основным функциям сайта"
         $params['direct_external_links'] = $settings[3];
         // Не показывать страницу "Переход по внешней ссылке" a.php
         $params['sbr_slash_show'] = $settings[4] && $first_login < strtotime('2012-08-08');
         // Показывать/скрыть СБР промо-слеш
         $params['splash_show'] = $splash_show;
         $params['chat'] = $settings[5];
         $params['chat_sound'] = $settings[6];
         // #0017182 > Вопрос можем ли мы вытащить эту настройку из кук пользователей и сохранить ее в базу?
         if (empty($settings[3]) && $_COOKIE['direct_external_links'] == 1) {
             $this->setDirectExternalLinks($tid, 1);
             if ($anti_uid) {
                 $this->setDirectExternalLinks($anti_uid, 1);
             }
             setcookie('direct_external_links', '', time() - 60 * 60 * 24 * 365, '/');
             setcookie('no_a_php', '1', time() + 60 * 60 * 24 * 365 * 2, '/');
         }
         //генерация куки для userecho
         require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/userecho.php';
         setcookie('ue_sso_token', UserEcho::get_sso_token(USERECHO_API_KEY, USERECHO_PROJECT_KEY, array()), 0, '/', preg_replace('/^https?\\:\\/\\/(?:www\\.)?/', '.', 'fl.ru'));
         // Первый заход, регистрация через мастер, мастер не закончен
         if ($first_login == 0) {
             require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/wizard/wizard.php';
             require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/wizard/wizard_registration.php';
             require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/wizard/step_employer.php';
             require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/wizard/step_freelancer.php';
             if (is_emp($params['role'])) {
                 $wiz_user = wizard::isUserWizard($tid, step_employer::STEP_REGISTRATION_CONFIRM, wizard_registration::REG_EMP_ID);
             } else {
                 $wiz_user = wizard::isUserWizard($tid, step_freelancer::STEP_REGISTRATION_CONFIRM, wizard_registration::REG_FRL_ID);
             }
             if ($wiz_user['id'] > 0) {
                 $role = is_emp($params['role']) ? wizard_registration::REG_EMP_ID : wizard_registration::REG_FRL_ID;
                 header('Location: /registration/activated.php?role=' . $role);
                 //header("Location: /wizard/registration/?role={$role}");
                 exit;
             } elseif (!is_emp($params['role'])) {
                 require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/payed.php';
                 $pro_last = payed::ProLast($_SESSION['login']);
                 $_SESSION['pro_last'] = $pro_last['is_freezed'] ? false : $pro_last['cnt'];
                 if ($_SESSION['pro_last'] && $_SESSION['is_pro_new'] != 't') {
                     payed::checkNewPro($id);
                 }
                 if ($pro_last['freeze_to']) {
                     $_SESSION['freeze_from'] = $pro_last['freeze_from'];
                     $_SESSION['freeze_to'] = $pro_last['freeze_to'];
                     $_SESSION['is_freezed'] = $pro_last['is_freezed'];
                     $_SESSION['payed_to'] = $pro_last['cnt'];
                 }
                 if ($_SESSION['anti_login']) {
                     $pro_last = payed::ProLast($_SESSION['anti_login']);
                     $_SESSION['anti_pro_last'] = $pro_last['freeze_to'] ? false : $pro_last['cnt'];
                 }
                 //отправляем письмо с инфой, как работать на сайте
                 /*
                 require_once($_SERVER['DOCUMENT_ROOT'] . "/classes/smail.php");
                 $mail = new smail();
                 
                 if (is_emp()) {                
                     $mail->employerQuickStartGuide(get_uid(false));
                 } else {
                    $mail->freelancerQuickStartGuide(get_uid(false));
                 }
                 */
                 return $tid;
                 if (!defined('IN_API')) {
                     // для API мобильного приложения не нужно
                     header("Location: /users/{$login}/");
                     exit;
                 }
             }
         }
         //-----------------------------------
     } else {
         $tid = 0;
         require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/annoy.php';
         $annoy = new annoy();
         $annoy->Add($ip);
     }
     return $tid;
 }
示例#19
0
                }
            }
        }
        $user_rights_data = permissions::getUserExtraRights($user_id);
        $user_rights_allow = array();
        $user_rights_disallow = array();
        foreach ($user_rights_data as $user_right) {
            if ($user_right['is_allow'] == 't') {
                array_push($user_rights_allow, $user_right['id']);
            } else {
                array_push($user_rights_disallow, $user_right['id']);
            }
        }
        $inner_page = 'inner_user_form.php';
        break;
    case 'user_update':
        $user_id = __paramInit('int', 'uid', 'uid');
        permissions::updateUser($user_id, array($_POST['groups']), $_POST['rights_allow']);
        header('Location: /siteadmin/permissions/?action=user_list');
        exit;
        break;
    default:
        header('Location: /siteadmin/permissions/?action=group_list');
        exit;
        break;
}
$content = '../content.php';
$header = $rpath . 'header.php';
$footer = $rpath . 'footer.html';
$css_file = array('moderation.css', 'new-admin.css', 'nav.css');
include $rpath . 'template.php';
 function view($id, $tpl)
 {
     /*
     	Cosas que faltan por hacer:
     		De forma general, mirar los permisos del usuario que vaya a acceder aqui, para saber si tiene permisos de borrar editar ver etc...
     		Averiguar como pasar el numero de registros, si va a ser a grupos a grupos, si va a ser a modulos, a modulos
     		Order By (y mantener la búsqueda en el caso de que hubiera hecha una y averiguar la "pestaña" a la que hace referencia)
     		Busquedas
     */
     $cadena = '';
     // Leemos la empresa y se lo pasamos a la plantilla
     $this->read($id);
     $tpl->assign('objeto', $this);
     //listado de empleados
     $tabla_empleados = new table(false);
     $empleados = new emps();
     if ($empleados->get_list_emps($_SESSION['ident_corp']) == 0) {
         $per = new permissions();
         $per->get_permissions_list('corps');
         $cadena = $cadena . $tabla_empleados->tabla_vacia('emps', $per->add);
         $variables_empleados = $tabla_empleados->nombres_variables;
     } else {
         $per = new permissions();
         $per->get_permissions_list('corps');
         $cadena = $cadena . $tabla_empleados->make_tables('emps', $empleados->emps_list, array('Nombre', 20, 'Primer Apellido', 20, 'Segundo Apellido', 20), array('id_emp', 'name', 'last_name', 'last_name2'), $_SESSION['num_regs'], $per->permissions_module, $per->add);
         $variables_empleados = $tabla_empleados->nombres_variables;
     }
     //Productos
     $products = new products(false);
     $tabla_productos = new table(false);
     if ($products->get_list_products_corps($_SESSION['ident_corp']) == 0) {
         $per = new permissions();
         $per->get_permissions_list('corps');
         $cadena = $cadena . $tabla_productos->tabla_vacia('products', $per->add);
         $variables_products = $tabla_productos->nombres_variables;
     } else {
         $per = new permissions();
         $per->get_permissions_list('corps');
         $cadena = $cadena . $tabla_productos->make_tables('products', $products->products_list, array('Nombre', 20, 'Nombre Web', 40), array('id_product', 'name', 'name_web'), $_SESSION['num_regs'], $per->permissions_module, $per->add);
         $variables_products = $tabla_productos->nombres_variables;
     }
     //servicios
     $services = new services(false);
     $tabla_servicios = new table(false);
     if ($services->get_list_services_corp($_SESSION['ident_corp']) == 0) {
         $per = new permissions();
         $per->get_permissions_list('corps');
         $cadena = $cadena . $tabla_servicios->tabla_vacia('services', $per->add);
         $variables_services = $tabla_servicios->nombres_variables;
     } else {
         $per = new permissions();
         $per->get_permissions_list('corps');
         $cadena = $cadena . $tabla_servicios->make_tables('services', $services->services_list, array('Nombre', 20, 'Nombre Web', 40), array('id_service', 'name', 'name_web'), $_SESSION['num_regs'], $per->permissions_module, $per->add);
         $variables_services = $tabla_servicios->nombres_variables;
     }
     //clientes
     $clients = new clients(false);
     $tabla_clientes = new table(false);
     if ($clients->get_list_clients($_SESSION['ident_corp']) == 0) {
         $per = new permissions();
         $per->get_permissions_list('clients');
         $cadena = $cadena . $tabla_clientes->tabla_vacia('clients', $per->add);
         $variables_clients = $tabla_clientes->nombres_variables;
     } else {
         $per = new permissions();
         $per->get_permissions_list('corps');
         $cadena = $cadena . $tabla_clientes->make_tables('clients', $clients->clients_list, array('Nombre', 20, 'Nombre Completo', 40, 'Tel&eacute;fono', 20), array('id_client', 'name', 'full_name', 'phone'), 10, $per->permissions_module, $per->add);
         $variables_clients = $tabla_clientes->nombres_variables;
     }
     //Rellenamos de forma provisional las variables con un "no se puede mostrar"
     $facturaspen = new table(false);
     $facturascob = new table(false);
     $gestionalm = new table(false);
     $partes = new table(false);
     $cadena = $cadena . $facturaspen->dont_show('facturaspen');
     $cadena = $cadena . $facturascob->dont_show('facturascob');
     $cadena = $cadena . $gestionalm->dont_show('gestionalm');
     $cadena = $cadena . $partes->dont_show('partes');
     $variables_facturaspen = $facturaspen->nombres_variables;
     $variables_facturascob = $facturascobs->nombres_variables;
     $variables_gestionalm = $gestionalm->nombres_variables;
     $variables_partes = $partes->nombres_variables;
     $i = 0;
     while ($i < count($variables_empleados) + count($variables_clients) + count($variables_facturaspen) + count($variables_facturascob) + count($variables_products) + count($variables_services) + count($variables_gestionalm) + count($variables_partes)) {
         for ($j = 0; $j < count($variables_empleados); $j++) {
             $variables[$i] = $variables_empleados[$j];
             $i++;
         }
         for ($j = 0; $j < count($variables_clients); $j++) {
             $variables[$i] = $variables_clients[$j];
             $i++;
         }
         for ($j = 0; $j < count($variables_facturaspen); $j++) {
             $variables[$i] = $variables_facturaspen[$j];
             $i++;
         }
         for ($j = 0; $j < count($variables_facturascob); $j++) {
             $variables[$i] = $variables_facturascob[$j];
             $i++;
         }
         for ($j = 0; $j < count($variables_products); $j++) {
             $variables[$i] = $variables_products[$j];
             $i++;
         }
         for ($j = 0; $j < count($variables_services); $j++) {
             $variables[$i] = $variables_services[$j];
             $i++;
         }
         for ($j = 0; $j < count($variables_gestionalm); $j++) {
             $variables[$i] = $variables_gestionalm[$j];
             $i++;
         }
         for ($j = 0; $j < count($variables_partes); $j++) {
             $variables[$i] = $variables_partes[$j];
             $i++;
         }
     }
     //Se comprueba si hay permiso para borrar o modificar
     $permisos_mod_del = new permissions();
     $permisos_mod_del->get_permissions_modify_delete('corps');
     $tpl->assign('acciones', $permisos_mod_del->per_mod_del);
     $tpl->assign('variables', $variables);
     $tpl->assign('cadena', $cadena);
     //
     return $tpl;
 }
 function view($id, $tpl)
 {
     $this->read($id);
     $tpl->assign('objeto', $this);
     //Se comprueba si hay permiso para borrar o modificar
     $permisos_mod_del = new permissions();
     $permisos_mod_del->get_permissions_modify_delete('services');
     $tpl->assign('acciones', $permisos_mod_del->per_mod_del);
     return $tpl;
 }
示例#22
0
<?php

if (!defined('IS_SITE_ADMIN')) {
    header('Location: /404.php');
    exit;
}
$s = 'style="color: #666;"';
if (!isset($aPermissions)) {
    require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/permissions.php';
    $aPermissions = permissions::getUserPermissions($uid);
}
foreach ($aPermissions as $sPermission) {
    $sVar = 'bHas' . ucfirst($sPermission);
    ${$sVar} = true;
}
if ($bHasAll || $bHasAdm) {
    ?>

    <?php 
    if ($bHasAll || $bHasUsers || $bHasProjects || $bHasBlogs || $bHasCommunes) {
        ?>
    <div class="admin-menu">
    	<h3>Действия</h3>
    	<ul>
            <?php 
        if ($bHasAll || $bHasUsers || $bHasProjects || $bHasBlogs || $bHasCommunes) {
            ?>
    		<li><a <?php 
            echo $menu_item == 1 ? $s : '';
            ?>
 href="/siteadmin/admin_log/?site=log">Лента всех действий</a></li>
     //synchronize the xml config
     save_dialplan_xml();
     //clear the cache
     $cache = new cache();
     $cache->delete("dialplan:" . $destination_context);
 } else {
     //remove empty dialplan details from POST array so doesn't attempt to insert below
     unset($_POST["dialplan_details"]);
 }
 //get the destination_uuid
 if (strlen($dialplan_response['uuid']) > 0) {
     $_POST["dialplan_uuid"] = $dialplan_response['uuid'];
 }
 //add the dialplan permission
 $permission = "dialplan_edit";
 $p = new permissions();
 $p->add($permission, 'temp');
 //save the destination
 $orm = new orm();
 $orm->name('destinations');
 if (strlen($destination_uuid) > 0) {
     $orm->uuid($destination_uuid);
 }
 $orm->save($_POST);
 $message = $orm->message;
 $destination_response = $orm->message;
 //remove the temporary permission
 $p->delete($permission, 'temp');
 //get the destination_uuid
 if (strlen($destination_response['uuid']) > 0) {
     $destination_uuid = $destination_response['uuid'];
示例#24
0
文件: fax.php 项目: bitplus/fusionpbx
 /**
  * Add a dialplan for call center
  * @var string $domain_uuid		the multi-tenant id
  * @var string $value	string to be cached
  */
 public function dialplan()
 {
     //normalize the fax forward number
     if (strlen($this->fax_forward_number) > 3) {
         //$fax_forward_number = preg_replace("~[^0-9]~", "",$fax_forward_number);
         $this->fax_forward_number = str_replace(" ", "", $this->fax_forward_number);
         $this->fax_forward_number = str_replace("-", "", $this->fax_forward_number);
     }
     //set the forward prefix
     if (strripos($this->fax_forward_number, '$1') === false) {
         $this->forward_prefix = '';
         //not found
     } else {
         $this->forward_prefix = $this->forward_prefix . $this->fax_forward_number . '#';
         //found
     }
     //delete previous dialplan
     if (strlen($this->dialplan_uuid) > 0) {
         //delete the previous dialplan
         $sql = "delete from v_dialplans ";
         $sql .= "where dialplan_uuid = '" . $this->dialplan_uuid . "' ";
         $sql .= "and domain_uuid = '" . $this->domain_uuid . "' ";
         $this->db->exec($sql);
         $sql = "delete from v_dialplan_details ";
         $sql .= "where dialplan_uuid = '" . $this->dialplan_uuid . "' ";
         $sql .= "and domain_uuid = '" . $this->domain_uuid . "' ";
         $this->db->exec($sql);
         unset($sql);
     }
     unset($prep_statement);
     //build the dialplan array
     $dialplan["app_uuid"] = "24108154-4ac3-1db6-1551-4731703a4440";
     $dialplan["domain_uuid"] = $this->domain_uuid;
     $dialplan["dialplan_name"] = $this->fax_name != '' ? $this->fax_name : format_phone($this->destination_number);
     $dialplan["dialplan_number"] = $this->fax_extension;
     $dialplan["dialplan_context"] = $_SESSION['context'];
     $dialplan["dialplan_continue"] = "false";
     $dialplan["dialplan_order"] = "310";
     $dialplan["dialplan_enabled"] = "true";
     $dialplan["dialplan_description"] = $this->fax_description;
     $dialplan_detail_order = 10;
     //add the public condition
     $y = 1;
     $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid;
     $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "condition";
     $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "destination_number";
     $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = "^" . $this->destination_number . "\$";
     $dialplan["dialplan_details"][$y]["dialplan_detail_break"] = "";
     $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "1";
     $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10;
     $y++;
     $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid;
     $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "action";
     $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "answer";
     $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = "";
     $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "1";
     $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10;
     $y++;
     $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid;
     $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "action";
     $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "set";
     $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = "fax_uuid=" . $this->fax_uuid;
     $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "1";
     $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10;
     $y++;
     $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid;
     $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "action";
     $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "set";
     $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = "api_hangup_hook=lua app/fax/resources/scripts/hangup_rx.lua";
     $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "1";
     $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10;
     $y++;
     foreach ($_SESSION['fax']['variable'] as $data) {
         $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid;
         $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "action";
         $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "set";
         if (substr($data, 0, 8) == "inbound:") {
             $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = substr($data, 8, strlen($data));
         } elseif (substr($data, 0, 9) == "outbound:") {
         } else {
             $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = $data;
         }
         $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "1";
         $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10;
         $y++;
     }
     $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid;
     $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "action";
     $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "set";
     if (strlen($_SESSION['fax']['last_fax']['text']) > 0) {
         $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = "last_fax=" . $_SESSION['fax']['last_fax']['text'];
     } else {
         $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = "last_fax=\${caller_id_number}-\${strftime(%Y-%m-%d-%H-%M-%S)}";
     }
     $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "1";
     $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10;
     $y++;
     $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid;
     $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "action";
     $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "playback";
     $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = "silence_stream://2000";
     $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "1";
     $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10;
     $y++;
     $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid;
     $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "action";
     $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "rxfax";
     $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = $_SESSION['switch']['storage']['dir'] . '/fax/' . $_SESSION['domain_name'] . '/' . $this->fax_extension . '/inbox/' . $this->forward_prefix . '${last_fax}.tif';
     $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "1";
     $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10;
     $y++;
     $dialplan["dialplan_details"][$y]["domain_uuid"] = $this->domain_uuid;
     $dialplan["dialplan_details"][$y]["dialplan_detail_tag"] = "action";
     $dialplan["dialplan_details"][$y]["dialplan_detail_type"] = "hangup";
     $dialplan["dialplan_details"][$y]["dialplan_detail_data"] = "";
     $dialplan["dialplan_details"][$y]["dialplan_detail_group"] = "1";
     $dialplan["dialplan_details"][$y]["dialplan_detail_order"] = $y * 10;
     $y++;
     //add the dialplan permission
     $p = new permissions();
     $p->add("dialplan_add", 'temp');
     $p->add("dialplan_detail_add", 'temp');
     $p->add("dialplan_edit", 'temp');
     $p->add("dialplan_detail_edit", 'temp');
     //save the dialplan
     $orm = new orm();
     $orm->name('dialplans');
     $orm->save($dialplan);
     $dialplan_response = $orm->message;
     $this->dialplan_uuid = $dialplan_response['uuid'];
     //if new dialplan uuid then update the call center queue
     $sql = "update v_fax ";
     $sql .= "set dialplan_uuid = '" . $this->dialplan_uuid . "' ";
     $sql .= "where fax_uuid = '" . $this->fax_uuid . "' ";
     $sql .= "and domain_uuid = '" . $this->domain_uuid . "' ";
     $this->db->exec($sql);
     unset($sql);
     //remove the temporary permission
     $p->delete("dialplan_add", 'temp');
     $p->delete("dialplan_detail_add", 'temp');
     $p->delete("dialplan_edit", 'temp');
     $p->delete("dialplan_detail_edit", 'temp');
     //synchronize the xml config
     save_dialplan_xml();
     //clear the cache
     $cache = new cache();
     $cache->delete("dialplan:" . $_SESSION['context']);
     //return the dialplan_uuid
     return $dialplan_response;
 }
    //set the message
    if ($action == "add") {
        $_SESSION['message'] = $text['message-add'];
    } else {
        if ($action == "update") {
            $_SESSION['message'] = $text['message-update'];
        }
    }
    header("Location: time_condition_edit.php?id=" . $dialplan_uuid . ($app_uuid != '' ? "&app_uuid=" . $app_uuid : null));
    return;
}
//end if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0)
//get existing data to pre-populate form
if ($dialplan_uuid != '' && $_POST["persistformvar"] != "true") {
    //add the dialplan permission
    $p = new permissions();
    $p->add("dialplan_add", 'temp');
    $p->add("dialplan_detail_add", 'temp');
    $p->add("dialplan_edit", 'temp');
    $p->add("dialplan_detail_edit", 'temp');
    //get main dialplan entry
    $orm = new orm();
    $orm->name('dialplans');
    $orm->uuid($dialplan_uuid);
    $result = $orm->find()->get();
    //$message = $orm->message;
    foreach ($result as &$row) {
        $domain_uuid = $row["domain_uuid"];
        //$app_uuid = $row["app_uuid"];
        $dialplan_name = $row["dialplan_name"];
        $dialplan_number = $row["dialplan_number"];
示例#26
0
 public function listAll()
 {
     $toReturn = array();
     $toReturn['classes'] = classes::where('classAcademicYear', $this->panelInit->selectAcYear)->get()->toArray();
     $classesArray = array();
     while (list(, $class) = each($toReturn['classes'])) {
         $classesArray[$class['id']] = $class['className'];
     }
     $toReturn['assignments'] = array();
     if (count($classesArray) > 0) {
         $assignments = new assignments();
         if ($this->data['users']->role == "student") {
             $assignments = $assignments->where('classId', 'LIKE', '%"' . $this->data['users']->studentClass . '"%');
         } else {
             while (list($key, ) = each($classesArray)) {
                 $assignments = $assignments->orWhere('classId', 'LIKE', '%"' . $key . '"%');
             }
         }
         if ($this->data['users']->role == "teacher") {
             $assignments = $assignments->where('teacherId', $this->data['users']->id);
         }
         $assignments = $assignments->get();
         foreach ($assignments as $key => $assignment) {
             $classId = json_decode($assignment->classId);
             if ($this->data['users']->role == "student" and !in_array($this->data['users']->studentClass, $classId)) {
                 continue;
             }
             $toReturn['assignments'][$key]['id'] = $assignment->id;
             $toReturn['assignments'][$key]['subjectId'] = $assignment->subjectId;
             $toReturn['assignments'][$key]['AssignTitle'] = $assignment->AssignTitle;
             $toReturn['assignments'][$key]['AssignDescription'] = $assignment->AssignDescription;
             $toReturn['assignments'][$key]['AssignFile'] = $assignment->AssignFile;
             $toReturn['assignments'][$key]['AssignDeadLine'] = $assignment->AssignDeadLine;
             $toReturn['assignments'][$key]['classes'] = "";
             while (list(, $value) = each($classId)) {
                 if (isset($classesArray[$value])) {
                     $toReturn['assignments'][$key]['classes'] .= $classesArray[$value] . ", ";
                 }
             }
         }
     }
     $toReturn['userRole'] = $this->data['users']->role;
     $newrole = $this->data['users']->newrole;
     $newrole_array = json_decode($newrole);
     $params = permissions::where('moduleId', 1)->where('permission', 1)->get();
     foreach ($params as $param) {
         $uniparam[] = $param->roleId;
     }
     if ($toReturn['userRole'] == "teacher") {
         if (array_intersect($newrole_array, $uniparam)) {
             $toReturn['access'] = 1;
         } else {
             $toReturn['access'] = 0;
         }
     } elseif ($toReturn['userRole'] == "admin") {
         $toReturn['access'] = 1;
     } else {
         $toReturn['access'] = 0;
     }
     $toReturn['newuserRole'] = $this->data['users']->newrole;
     return $toReturn;
 }
示例#27
0
 $file .= "define('TABLE_PAGES',         PREFIX . 'pages');\n";
 $file .= "define('TABLE_LINKS',         PREFIX . 'links');\n";
 $file .= "define('TABLE_NEWSLETTER',    PREFIX . 'newsletter');\n\n";
 $file .= "define('CORE_INSTALLED',  true);\n\n";
 $file .= '//mail address to person who can repair if something in Your code is broken' . "\n";
 $file .= "define('ADMIN_MAIL',      '*****@*****.**');\n\n\n";
 $file .= "error_reporting(2047);\n\n";
 $file .= '?' . '>';
 $fp = @fopen('../administration/inc/config.php', 'w');
 $result = @fputs($fp, $file, strlen($file));
 @fclose($fp);
 $pass = md5($corepass_1);
 $t1 = $dbprefix . 'users';
 $t2 = $dbprefix . 'category';
 $t3 = $dbprefix . 'config';
 $perms = new permissions();
 // Nadajemu stosowne uprawnienia u¿ytkownikowi
 $perms->permissions["user"] = TRUE;
 $perms->permissions["writer"] = TRUE;
 $perms->permissions["moderator"] = TRUE;
 $perms->permissions["tpl_editor"] = TRUE;
 $perms->permissions["admin"] = TRUE;
 $bitmask = $perms->toBitmask();
 // wstawiamy pocz±tkowego u¿ytkownika
 $query = sprintf("\r\n            INSERT INTO\r\n                %1\$s\r\n            VALUES\r\n                ('language_set', '%2\$s')", $t3, $lang);
 $db->query($query);
 // wstawiamy pocz±tkowego u¿ytkownika
 $query = sprintf("\r\n            INSERT INTO\r\n                %1\$s\r\n            VALUES\r\n                ('', '%2\$s', '%3\$s', '%4\$s', '%5\$d', 'Y', '', '', '', '', '', '', '', '', '', '')", $t1, $coreuser, $pass, $coremail, $bitmask);
 $db->query($query);
 if ($fp == FALSE) {
     $err .= $i18n['main_content'][5];
示例#28
0
 function execute()
 {
     $perms_obj = new permissions();
     $perms_obj->db =& $this->db;
     $perms_obj->pre =& $this->pre;
     if (isset($this->get['s']) && $this->get['s'] == 'user') {
         if (!isset($this->get['id'])) {
             header("Location: {$this->self}?a=member&amp;s=perms");
         }
         $this->post['group'] = intval($this->get['id']);
         $mode = 'user';
         $title = 'User Control';
         $link = '&amp;s=user&amp;id=' . $this->post['group'];
         $perms_obj->get_perms(-1, $this->post['group']);
     } else {
         if (!isset($this->post['group'])) {
             return $this->message('User Groups', "\n\t\t\t\t<form action='{$this->self}?a=perms' method='post'><div>\n\t\t\t\t\t{$this->lang->perms_edit_for}\n\t\t\t\t\t<select name='group'>\n\t\t\t\t\t" . $this->select_groups(-1) . "\n\t\t\t\t\t</select>\n\t\t\t\t\t<input type='submit' value='{$this->lang->submit}' /></div>\n\t\t\t\t</form>");
         }
         $this->post['group'] = intval($this->post['group']);
         $mode = 'group';
         $title = $this->lang->perms_title;
         $link = null;
         $perms_obj->get_perms($this->post['group'], -1);
     }
     $this->set_title($title);
     $this->tree($title);
     $forums_only = $this->db->query('SELECT forum_id, forum_name FROM ' . $this->pre . 'forums ORDER BY forum_name');
     $forums_list = array();
     while ($forum = $this->db->nqfetch($forums_only)) {
         $forums_list[] = $forum;
     }
     $perms = array('board_view' => $this->lang->perms_board_view, 'board_view_closed' => $this->lang->perms_board_view_closed, 'do_anything' => $this->lang->perms_do_anything, 'is_admin' => $this->lang->perms_is_admin, 'email_use' => $this->lang->perms_email_use, 'topic_global' => $this->lang->perms_topic_global, 'pm_noflood' => $this->lang->perms_pm_noflood, 'search_noflood' => $this->lang->perms_search_noflood, 'forum_view' => $this->lang->perms_forum_view, 'post_viewip' => $this->lang->perms_post_viewip, 'topic_view' => $this->lang->perms_topic_view, 'poll_create' => $this->lang->perms_poll_create, 'poll_vote' => $this->lang->perms_poll_vote, 'post_create' => $this->lang->perms_post_create, 'topic_create' => $this->lang->perms_topic_create, 'post_noflood' => $this->lang->perms_post_noflood, 'post_delete' => $this->lang->perms_post_delete, 'post_delete_own' => $this->lang->perms_post_delete_own, 'topic_delete' => $this->lang->perms_topic_delete, 'topic_delete_own' => $this->lang->perms_topic_delete_own, 'post_edit' => $this->lang->perms_post_edit, 'post_edit_own' => $this->lang->perms_post_edit_own, 'topic_edit' => $this->lang->perms_topic_edit, 'topic_edit_own' => $this->lang->perms_topic_edit_own, 'topic_lock' => $this->lang->perms_topic_lock, 'topic_lock_own' => $this->lang->perms_topic_lock_own, 'topic_unlock' => $this->lang->perms_topic_unlock, 'topic_unlock_mod' => $this->lang->perms_topic_unlock_mod, 'topic_unlock_own' => $this->lang->perms_topic_unlock_own, 'topic_pin' => $this->lang->perms_topic_pin, 'topic_pin_own' => $this->lang->perms_topic_pin_own, 'topic_split' => $this->lang->perms_topic_split, 'topic_split_own' => $this->lang->perms_topic_split_own, 'topic_unpin' => $this->lang->perms_topic_unpin, 'topic_unpin_own' => $this->lang->perms_topic_unpin_own, 'topic_move' => $this->lang->perms_topic_move, 'topic_move_own' => $this->lang->perms_topic_move_own, 'post_attach' => $this->lang->perms_post_attach, 'post_attach_download' => $this->lang->perms_post_attach_download);
     if (!isset($this->post['submit'])) {
         $count = count($forums_list) + 1;
         if ($mode == 'user') {
             $query = $this->db->fetch("SELECT user_name, user_perms FROM {$this->pre}users WHERE user_id={$this->post['group']}");
             $label = "User '{$query['user_name']}'";
         } else {
             $query = $this->db->fetch("SELECT group_name FROM {$this->pre}groups WHERE group_id={$this->post['group']}");
             $label = "Group '{$query['group_name']}'";
         }
         $out = "\n\t\t\t<script type='text/javascript'>\n\t\t\t<!--\n\t\t\tfunction checkrow(element, check)\n\t\t\t{\n\t\t\t\tvar elements = document.forms['form'].elements;\n\t\t\t\tvar count    = elements.length;\n\n\t\t\t\tfor (var i=0; i<count; i++) {\n\t\t\t\t\tvar current = elements[i];\n\t\t\t\t\tvar temp = current.name.split('[');\n\n\t\t\t\t\tif (!temp[1]) continue;\n\t\t\t\t\ttemp2 = temp[1].split(']');\n\n\t\t\t\t\tif (temp2[0] == element) {\n\t\t\t\t\t\tcurrent.checked = check;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tfunction changeall(element, check)\n\t\t\t{\n\t\t\t\tif (!check) {\n\t\t\t\t\tcheckallbox(element, false);\n\t\t\t\t} else if (areallchecked(element)) {\n\t\t\t\t\tcheckallbox(element, true);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tfunction checkallbox(element, check)\n\t\t\t{\n\t\t\t\tvar elements = document.forms['form'].elements;\n\t\t\t\tvar count    = elements.length;\n\n\t\t\t\tvar allchecked = true;\n\n\t\t\t\tfor (var i=0; i<count; i++) {\n\t\t\t\t\tvar current = elements[i];\n\n\t\t\t\t\tif (current.name == ('perms[' + element + '][-1]')) {\n\t\t\t\t\t\tcurrent.checked = check;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tfunction areallchecked(element)\n\t\t\t{\n\t\t\t\tvar elements = document.forms['form'].elements;\n\t\t\t\tvar count    = elements.length;\n\n\t\t\t\tvar allchecked = true;\n\n\t\t\t\tfor (var i=0; i<count; i++) {\n\t\t\t\t\tvar current = elements[i];\n\n\t\t\t\t\tif (current.name == ('perms[' + element + '][-1]')) {\n\t\t\t\t\t\tcontinue;\n\t\t\t\t\t}\n\n\t\t\t\t\tvar temp = current.name.split('[');\n\n\t\t\t\t\tif (!temp[1]) continue;\n\t\t\t\t\ttemp2 = temp[1].split(']');\n\n\t\t\t\t\tif (temp2[0] == element) {\n\t\t\t\t\t\tif (!current.checked) {\n\t\t\t\t\t\t\tallchecked = false;\n\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\treturn allchecked;\n\t\t\t}\n\t\t\t//-->\n\t\t\t</script>\n\n\t\t\t<form id='form' action='{$this->self}?a=perms{$link}' method='post'>\n\t\t\t<div align='center'><span style='font-size:14px;'><b>Permissions For {$label}</b></span>";
         if ($mode == 'user') {
             $out .= "<br />{$this->lang->perms_override_user}<br /><br />\n\t\t\t\t<div style='border:1px dashed #ff0000; width:25%; padding:5px'><input type='checkbox' name='usegroup' id='usegroup' style='vertical-align:middle'" . (!$query['user_perms'] ? ' checked' : '') . " /> <label for='usegroup' style='vertical-align:middle'>{$this->lang->perms_only_user}</label></div>";
         }
         $out .= "</div>" . $this->table . "\n\t\t\t<tr>\n\t\t\t\t<td colspan='" . ($count + 1) . "' class='header'>{$label}</td>\n\t\t\t</tr>";
         $out .= $this->show_headers($forums_list);
         $this->iterator_init('tablelight', 'tabledark');
         $i = 0;
         foreach ($perms as $perm => $label) {
             $out .= "\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='" . $this->iterate() . "'>{$label}</td>\n\t\t\t\t\t<td class='" . $this->lastValue() . "' align='center'>\n\t\t\t\t\t\t<input type='checkbox' name='perms[{$perm}][-1]' id='perms_{$perm}' onclick='checkrow(\"{$perm}\", this.checked)'" . ($perms_obj->auth($perm) ? ' checked=\'checked\'' : '') . " />All\n\t\t\t\t\t</td>";
             if (!isset($perms_obj->globals[$perm])) {
                 foreach ($forums_list as $forum) {
                     if ($perms_obj->auth($perm, $forum['forum_id'])) {
                         $checked = " checked='checked'";
                     } else {
                         $checked = '';
                     }
                     $out .= "\n<td class='" . $this->lastValue() . "' align='center'><input type='checkbox' name='perms[{$perm}][{$forum['forum_id']}]' onclick='changeall(\"{$perm}\", this.checked)'{$checked} /></td>";
                 }
             } elseif ($forums_list) {
                 $out .= "\n<td class='" . $this->lastValue() . "' colspan='{$count}' align='center'>N/A</td>";
             }
             $out .= "\n\t\t\t\t</tr>";
             $i++;
             if ($i % 12 == 0) {
                 $out .= $this->show_headers($forums_list);
             }
         }
         return $out . "\n\t\t\t<tr>\n\t\t\t\t<td colspan='" . ($count + 1) . "' class='footer' align='center'><input type='hidden' name='group' value='{$this->post['group']}' /><input type='submit' name='submit' value='Update Permissions' /></td>\n\t\t\t</tr>" . $this->etable . "</form>";
     } else {
         if ($mode == 'user' && isset($this->post['usegroup'])) {
             $perms_obj->cube = '';
             $perms_obj->update();
             return $this->message($this->lang->perms, $this->lang->perms_user_inherit);
         }
         $perms_obj->reset_cube(false);
         if (!isset($this->post['perms'])) {
             $this->post['perms'] = array();
         }
         foreach ($this->post['perms'] as $name => $data) {
             if (isset($data[-1]) || isset($data['-1']) || count($data) == count($forums_list)) {
                 $perms_obj->set_xy($name, true);
             } else {
                 foreach ($data as $forum => $on) {
                     $perms_obj->set_xyz($name, intval($forum), true);
                 }
             }
         }
         $perms_obj->update();
         return $this->message($this->lang->perms, $this->lang->perms_updated);
     }
 }
示例#29
0
 /**
  * Delete subscriptions that have now been made
  * illegal due to permissions change
  *
  * @param string $mode contains group or user
  * @param integer $group group or user id
  * @author Jonathan West <*****@*****.**>
  * @since 1.1.6
  **/
 function check_subscriptions($mode, $group)
 {
     if ($mode == 'user') {
         $query = $this->db->query("SELECT s.subscription_user, s.subscription_item, s.subscription_type, u.user_id, u.user_group, u.user_perms\r\n\t\t\t\t\t\t\t\t\tFROM ({$this->pre}subscriptions s, {$this->pre}users u)\r\n\t\t\t\t\t\t\t\t\tWHERE s.subscription_user = {$group}\r\n\t\t\t\t\t\t\t\t\tAND s.subscription_user = u.user_id\r\n\t\t\t\t\t\t\t\t\t");
         while ($sub = $this->db->nqfetch($query)) {
             $perms = new permissions();
             $perms->db =& $this->db;
             $perms->pre =& $this->pre;
             $perms->get_perms($sub['user_group'], $sub['user_id'], $sub['user_perms']);
             if ($sub['subscription_type'] == 'forum') {
                 if (!$perms->auth('forum_view', $sub['subscription_item'])) {
                     //if user can no longer view forum
                     $this->db->query("DELETE FROM {$this->pre}subscriptions WHERE subscription_user={$sub['user_id']} AND subscription_item={$sub['subscription_item']}");
                 }
                 if (!$perms->auth('forum_subscribe', $sub['subscription_item'])) {
                     //if user can no longer subscribe to a forum
                     $this->db->query("DELETE FROM {$this->pre}subscriptions WHERE subscription_user={$sub['user_id']} AND subscription_item={$sub['subscription_item']}");
                 }
             } else {
                 $check = $this->db->fetch("SELECT topic_forum FROM {$this->pre}topics WHERE topic_id={$sub['subscription_item']}");
                 if (!$perms->auth('forum_view', $check['topic_forum'])) {
                     //if user can no longer view forum
                     $this->db->query("DELETE FROM {$this->pre}subscriptions WHERE subscription_user={$sub['user_id']} AND subscription_item={$sub['subscription_item']}");
                 }
                 if (!$perms->auth('forum_subscribe', $check['topic_forum'])) {
                     //if user can no longer subscribe to a forum
                     $this->db->query("DELETE FROM {$this->pre}subscriptions WHERE subscription_user={$sub['user_id']} AND subscription_item={$sub['subscription_item']}");
                 }
             }
         }
     } else {
         //if a member of the group has subscriptions
         $query = $this->db->query("SELECT s.subscription_user, s.subscription_item, s.subscription_type, u.user_id, u.user_group, g.group_perms\r\n\t\t\t\t\t\t\t\t\tFROM ({$this->pre}subscriptions s, {$this->pre}users u, {$this->pre}groups g)\r\n\t\t\t\t\t\t\t\t\tWHERE g.group_id = {$group}\r\n\t\t\t\t\t\t\t\t\tAND u.user_group = g.group_id\r\n\t\t\t\t\t\t\t\t\tAND s.subscription_user = u.user_id\r\n\t\t\t\t\t\t\t\t\t");
         while ($sub = $this->db->nqfetch($query)) {
             $perms = new permissions();
             $perms->db =& $this->db;
             $perms->pre =& $this->pre;
             $perms->get_perms($sub['user_group'], $sub['user_id'], $sub['group_perms']);
             if ($sub['subscription_type'] == 'forum') {
                 if (!$perms->auth('forum_view', $sub['subscription_item'])) {
                     //if user can no longer view forum
                     $this->db->query("DELETE FROM {$this->pre}subscriptions WHERE subscription_user={$sub['user_id']} AND subscription_item={$sub['subscription_item']}");
                 }
                 if (!$perms->auth('forum_subscribe', $sub['subscription_item'])) {
                     //if user can no longer subscribe to a forum
                     $this->db->query("DELETE FROM {$this->pre}subscriptions WHERE subscription_user={$sub['user_id']} AND subscription_item={$sub['subscription_item']}");
                 }
             } else {
                 $check = $this->db->fetch("SELECT topic_forum FROM {$this->pre}topics WHERE topic_id={$sub['subscription_item']}");
                 if (!$perms->auth('forum_view', $check['topic_forum'])) {
                     //if user can no longer view forum
                     $this->db->query("DELETE FROM {$this->pre}subscriptions WHERE subscription_user={$sub['user_id']} AND subscription_item={$sub['subscription_item']}");
                 }
                 if (!$perms->auth('forum_subscribe', $check['topic_forum'])) {
                     //if user can no longer subscribe to a forum
                     $this->db->query("DELETE FROM {$this->pre}subscriptions WHERE subscription_user={$sub['user_id']} AND subscription_item={$sub['subscription_item']}");
                 }
             }
         }
     }
 }
 function listar($tpl)
 {
     if (isset($_POST['client'])) {
         $this->client = $_POST['client'];
         $_SESSION['id_client'] = $this->client;
     }
     if (!isset($_SESSION['id_client'])) {
         $this->client = 0;
     } else {
         $this->client = $_SESSION['id_client'];
     }
     $num = $this->get_list_contacts($this->client);
     $tabla_listado = new table(true);
     $per = new permissions();
     $per->get_permissions_list('contacts');
     if ($num == 0) {
         if ($this->client == 0) {
             $per->add = false;
         }
         $cadena = '' . $cadena . $tabla_listado->tabla_vacia('contacts', $per->add);
         $variables = $tabla_listado->nombres_variables;
     } else {
         $cadena = '' . $tabla_listado->make_tables('contacts', $this->contacts_list, array('Nombre', 30, 'Primer Apellido', 20, 'Segundo Apellido', 20), array($this->ddbb_id_contact, $this->ddbb_name, $this->ddbb_last_name, $this->ddbb_last_name2), 10, $per->permissions_module, $per->add);
         $variables = $tabla_listado->nombres_variables;
     }
     $tpl->assign('variables', $variables);
     $tpl->assign('cadena', $cadena);
     return $tpl;
 }