. */ require_once(ROOTPATH . "include/classes/AbstractLayout.php"); class AdminLayout extends AbstractLayout { private $noMenu = false; public function __construct($noHtml = false, $loginRequired = NULL) { parent::__construct($noHtml, ($loginRequired==NULL ? true : $loginRequired)); } public function setNoMenu($noMenu) { $this->noMenu = $noMenu; } public function agreePrivacyStatement() { $query = "UPDATE `users` SET `privstatementagree`='yes' WHERE `id`=" . $GLOBALS['sql']->escape($_SESSION['sess_uid']); if( $GLOBALS['sql']->query($query) ) { $this->info("User '".$_SESSION['sess_user']."' agreed to privacy statement."); $_SESSION['sess_privStatementAgree'] = "yes"; $this->loadAccess(); }else { $this->error("Failed processing agree to privacy statement for user '".$_SESSION['sess_user']."'."); } } public function hasFunction($function) { return in_array($function, $_SESSION['sess_events'][EVENT_ID]['functions']); } protected function startSession() { session_name("AEGEE_Statutory_Admin"); session_set_cookie_params(0, "/", preg_replace('/\w+\/\.\.\//', '', $_SERVER['HTTP_HOST']), true); session_start(); } protected function tryAndHandleLogin($user, $password) { if( ($this->loginLdap($user, $password) || $this->loginMySQL($user, $password)) && $this->loginUser($user, $password) ) { if( $_SESSION['sess_privStatementAgree']!="yes" ) { $this->redirect(ROOTPATH . "admin/index.php"); } }else { $this->error("Login failed for '".$user."' from ".$_SERVER['REMOTE_ADDR']); $this->displayLogin(); exit(); } $_SERVER['REQUEST_METHOD'] = "GET"; } protected function afterLogout() { $this->sslRedirect(); $this->displayLogin(); exit(); } protected function displayTop() { if( !$this->getNoHtml() ) { echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo "Event applications admin pages"; echo ""; if( $this->noMenu ) { echo ""; }else { echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo "

"; } } } protected function displayBottom() { if( !$this->getNoHtml() ) { if( !$this->noMenu ) { echo "

"; } echo ""; echo ""; echo ""; } $this->getLdap()->__destruct(); } protected function displayLogin() { $this->layoutItem("login"); } private function displayMenuCore() { echo "

Events
Roles
Users
Debug session

"; } private function displayMenuEvent() { // Selections echo "

Selection: [Change]

"; echo "

Accepted status:"; echo "".( $_SESSION['sess_sel_accept_nosel']=="yes" ? "no selection yet; " : "" ) . ( $_SESSION['sess_sel_accept_yes']=="yes" ? "accepted; " : "" ) . ( $_SESSION['sess_sel_accept_pending']=="yes" ? "confirmation pending; " : "" ) . ( $_SESSION['sess_sel_accept_confirm']=="yes" ? "confirmed; " : "" ); echo " ".( $_SESSION['sess_sel_accept_no']=="yes" ? "not accepted; " : "" ) . ( $_SESSION['sess_sel_accept_cancel']=="yes" ? "canceled; " : "" ) . ( $_SESSION['sess_sel_accept_arrived']=="yes" ? "arrived; " : "" ) . "
Registration desk: " . ( !isset($_SESSION['sess_sel_registrationdesk']) || $_SESSION['sess_sel_registrationdesk']==0 ? "all desks" : "Desk ".$_SESSION['sess_sel_registrationdesk'] ) . "
Gym: " . ( $_SESSION['sess_sel_gym']==0 ? "all gyms" : "Gym ".$_SESSION['sess_sel_gym'] ) . "

"; // Overviews echo "

Overviews:

"; echo "

Applications
Workshop choices
Participants list *
Visa
Visa invitations
Remarks
Custom overview
Candidates *
Mailing list export
Birthdays
Photos

"; // Totals and statistics echo "

Totals and statistics:

"; echo "

Applications per country
Applications per body
Applications per day
Quorum
Fee expectations
Fee incomes
Workshops
Meals
Arrivals per hour
Departures per hour
Other totals

"; // Registration functions echo "

Registration:

"; echo "

Register participants * #
Register fees *
Registration list + *
Registration detail + *
Number of members + *
JC registration + *
Attendance list + *
Prytanium list + *

"; // Administrator functions echo "

Administrator:

"; echo "

Setup *
New application
Invite person
Mass mailer *
Mass mails send *
Gym selection *
Candidates *
Workshops
AEGEE Bodies *
Information *
Roles *
Users *
Activity log *
Changelog *
Mass accepter *
Export

"; echo "

Explanation:"; echo "
+: opens in new window"; echo "
*: independent of selection"; echo "
#: open and hide menu"; } private function displayHeader() { echo "

" . $_SESSION['sess_events'][EVENT_ID]['event_title'] . " [" . $_SESSION['sess_events'][EVENT_ID]['role_name'] . "]

"; echo "

"; echo ""; echo "

"; } private function loginLdap($user, $password) { if( $this->getLdap()->auth(stripslashes($user), stripslashes($password)) ) { $this->info("Successful login for '" . $user . "' via LDAP from " . $_SERVER['REMOTE_ADDR'] . "."); return true; }else { return false; } } private function loginMySQL($user, $password) { $query = "SELECT `id` FROM `users` WHERE `username`='" . $GLOBALS['sql']->escape($user) . "' AND `password`='" . $GLOBALS['sql']->escape(md5($password)) . "'"; if( $GLOBALS['sql']->query($query) && $GLOBALS['sql']->getNumRows()==1 ) { $this->info("Successful login for '" . $user . "' via MySQL from " . $_SERVER['REMOTE_ADDR'] . "."); return true; }else { return false; } } private function loginUser($user, $password) { $query = "SELECT `id`, `username`, `name`, `email`, `privstatementagree`, `password` FROM `users` WHERE `username`='" . $GLOBALS['sql']->escape($user) . "'"; if( $GLOBALS['sql']->query($query) && $GLOBALS['sql']->getNumRows()==1 ) { $data = $GLOBALS['sql']->fetchAssoc(); if( $data['password']!=md5($password) && strlen($password)>=8 ) { $query = "UPDATE `users` SET `password`='" . $GLOBALS['sql']->escape(md5($password)) . "' WHERE `id`=" . $GLOBALS['sql']->escape($data['id']); if( $GLOBALS['sql']->query($query) ) { $this->info("Successfully updated local password for '" . $user . "."); }else { $this->error("Failed updating local password for '" . $user . "."); } } session_regenerate_id(true); $_SESSION['sess_uid'] = $data['id']; $_SESSION['sess_user'] = $data['username']; $_SESSION['sess_name'] = $data['name']; $_SESSION['sess_email'] = $data['email']; $_SESSION['sess_privStatementAgree'] = $data['privstatementagree']; if( $_SESSION['sess_privStatementAgree']=="yes" ) { $this->loadAccess(); }else { $_SESSION['sess_events'] = array(); } $loginLog = array(); $loginLog['lastlogindate'] = date("Y-m-d H:i:s"); $loginLog['lastloginip'] = $_SERVER['REMOTE_ADDR']; if( !$GLOBALS['sql']->update('users', $loginLog, 'id', $data['id']) ) { $this->error("Failed saving last login"); } return true; }else { return false; } } private function loadAccess() { $_SESSION['sess_events'] = array(); $query = "SELECT `events`.`id` AS `event_id`, `events`.`key` AS `event_key`, `events`.`title` AS `event_title`, `roles`.`id` AS `role_id`, `roles`.`name` AS `role_name` "; $query .= "FROM `event_users` LEFT JOIN `events` ON `event_users`.`event_id`=`events`.`id` LEFT JOIN `roles` ON `event_users`.`role_id`=`roles`.`id` "; $query .= "WHERE `user_id`=" . $GLOBALS['sql']->escape($_SESSION['sess_uid']) . " "; $query .= "ORDER BY `events`.`startdate`"; if( $GLOBALS['sql']->query($query) && $GLOBALS['sql']->getNumRows()>0 ) { while( $data = $GLOBALS['sql']->fetchAssoc() ) { $_SESSION['sess_events'][$data['event_id']] = $data; $query2 = "SELECT `functions`.`name` "; $query2 .= "FROM `function_roles` "; $query2 .= "LEFT JOIN `functions` ON `function_roles`.`function_id`=`functions`.`id` "; $query2 .= "WHERE `role_id`=" . $data['role_id']; $_SESSION['sess_events'][$data['event_id']]['functions'] = array(); if( $GLOBALS['sql2']->query($query2) && $GLOBALS['sql2']->getNumRows()>0 ) { while( $function = $GLOBALS['sql2']->fetchAssoc() ) { $_SESSION['sess_events'][$data['event_id']]['functions'][] = $function['name']; } } } } if( !isset($_SESSION['sess_events'][1]) ) { // Create a no-access admin event (no event) $query = "SELECT `key`, `title` FROM `events` WHERE `id`=" . MAIN_ADMIN_EVENT_ID; if( $GLOBALS['sql']->query($query) && $GLOBALS['sql']->getNumRows()==1 ) { $data = $GLOBALS['sql']->fetchAssoc(); $_SESSION['sess_events'][MAIN_ADMIN_EVENT_ID]['event_id'] = MAIN_ADMIN_EVENT_ID; $_SESSION['sess_events'][MAIN_ADMIN_EVENT_ID]['event_key'] = $data['key']; $_SESSION['sess_events'][MAIN_ADMIN_EVENT_ID]['event_title'] = $data['title']; }else { $this->error("Invalid configuration. MAIN_ADMIN_EVENT_ID does not point to an existing event."); } $query = "SELECT `name` FROM `roles` WHERE `id`=" . MAIN_ADMIN_EVENT_ROLE_NO_ACCESS; if( $GLOBALS['sql']->query($query) && $GLOBALS['sql']->getNumRows()==1 ) { $data = $GLOBALS['sql']->fetchAssoc(); $_SESSION['sess_events'][MAIN_ADMIN_EVENT_ID]['role_id'] = MAIN_ADMIN_EVENT_ROLE_NO_ACCESS; $_SESSION['sess_events'][MAIN_ADMIN_EVENT_ID]['role_name'] = $data['name']; }else { $this->error("Invalid configuration. MAIN_ADMIN_EVENT_ROLE_NO_ACCESS does not point to an existing role."); } $query = "SELECT `functions`.`name` "; $query .= "FROM `function_roles` "; $query .= "LEFT JOIN `functions` ON `function_roles`.`function_id`=`functions`.`id` "; $query .= "WHERE `role_id`=" . MAIN_ADMIN_EVENT_ROLE_NO_ACCESS; $_SESSION['sess_events'][MAIN_ADMIN_EVENT_ID]['functions'] = array(); if( $GLOBALS['sql']->query($query) && $GLOBALS['sql']->getNumRows()>0 ) { while( $function = $GLOBALS['sql']->fetchAssoc() ) { $_SESSION['sess_events'][MAIN_ADMIN_EVENT_ID]['functions'][] = $function['name']; } } } } } ?>