Changeset 727 for trunk/phpbms
- Timestamp:
- 01/07/10 11:16:05 (2 years ago)
- Location:
- trunk/phpbms
- Files:
-
- 15 modified
-
include/createmodifiedby.php (modified) (3 diffs)
-
include/tables.php (modified) (1 diff)
-
install/generateuuids.php (modified) (1 diff)
-
modules/base/adminsettings_ajax.php (modified) (1 diff)
-
modules/base/files_addedit.php (modified) (1 diff)
-
modules/base/notes_addedit.php (modified) (2 diffs)
-
modules/base/scheduler_delete_logs.php (modified) (1 diff)
-
modules/base/scheduler_delete_tempimport.php (modified) (1 diff)
-
modules/base/tabledefs_columns.php (modified) (1 diff)
-
modules/base/tabledefs_custom.php (modified) (1 diff)
-
modules/base/tabledefs_groupings.php (modified) (1 diff)
-
modules/base/tabledefs_options.php (modified) (1 diff)
-
modules/base/tabledefs_searchfields.php (modified) (1 diff)
-
modules/recurringinvoices/scheduler_recurr.php (modified) (1 diff)
-
report/report_class.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/phpbms/include/createmodifiedby.php
r285 r727 1 <?php if(isset($db) && isset($therecord)){?> 1 2 <div id="createmodifiedby" > 2 3 <div id="savecancel2"><?php showSaveCancel(2)?></div> … … 6 7 <input name="createdby" type="hidden" value="<?php $therecord["createdby"] ?>" /> 7 8 <input name="creationdate" type="hidden" value="<?php echo formatFromSQLDatetime($therecord["creationdate"]) ?>"/> 8 created 9 created 9 10 </td> 10 11 <td><?php echo htmlQuotes($phpbms->getUserName($therecord["createdby"]))?></td> … … 23 24 </table> 24 25 </div> 26 <?php }//endif ?> -
trunk/phpbms/include/tables.php
r703 r727 822 822 case "save": 823 823 824 if(!hasRights($this->editroleid)) 825 goURL(APP_PATH."noaccess.php"); 826 824 827 $variables = $this->prepareVariables($_POST); 825 828 $errorArray = $this->verifyVariables($variables); -
trunk/phpbms/install/generateuuids.php
r721 r727 667 667 //============================================================================== 668 668 669 if(!isset($no Process)){669 if(!isset($noOutput)){ 670 670 $genUUIDS = new generateUUIDS(); 671 671 echo $genUUIDS->process(); -
trunk/phpbms/modules/base/adminsettings_ajax.php
r649 r727 97 97 98 98 }//end class 99 /*--[Processing]-------------------------------------------------------------*/100 /*---------------------------------------------------------------------------*/101 if(!isset($_GET["m"]))102 exit;103 require_once("../../include/session.php");104 99 105 $checkUpdate = new checkUpdate($db);106 $response = array();107 if($checkUpdate->needUpdateCheck($_GET["m"])){108 $response = $checkUpdate->checkForUpdate();109 }else{110 $response["checked"] = false;111 $response = json_encode($response);112 }//end if113 100 114 echo $response; 101 /** 102 * Processing ================================================================== 103 */ 104 if(!isset($noOutput)){ 105 106 require_once("../../include/session.php"); 107 108 $db->errorFormat = "json"; 109 110 if(!isset($_GET["m"])) 111 $error = new appError(200, "invalid passed paramaters", "", true, true, "json"); 112 113 if(!$_SESSION["userinfo"]["admin"]) 114 $error = new appError(970, "no rights to function", "", true, true, "json"); 115 116 $checkUpdate = new checkUpdate($db); 117 $response = array(); 118 119 if($checkUpdate->needUpdateCheck($_GET["m"])) 120 $response = $checkUpdate->checkForUpdate(); 121 else{ 122 $response["checked"] = false; 123 $response = json_encode($response); 124 }//end if 125 126 echo $response; 127 128 }//endif 115 129 ?> -
trunk/phpbms/modules/base/files_addedit.php
r703 r727 60 60 61 61 $therecord = $thetable->processAddEditPage(); 62 63 if(!hasRights($therecord["roleid"])) 64 goURL("../../noaccess.php"); 62 65 63 66 if(isset($therecord["phpbmsStatus"])) -
trunk/phpbms/modules/base/notes_addedit.php
r703 r727 37 37 +-------------------------------------------------------------------------+ 38 38 */ 39 //var_dump($_POST); 40 //exit; 39 41 40 require_once("../../include/session.php"); 42 41 require_once("include/fields.php"); … … 58 57 $thetable = new notes($db, "tbld:a4cdd991-cf0a-916f-1240-49428ea1bdd1", $backurl); 59 58 $therecord = $thetable->processAddEditPage(); 59 60 if($therecord["private"] && $therecord["createdby"] != $_SESSION["userinfo"]["id"] && !$_SESSION["userinfo"]["admin"]) 61 goURL("../../noaccess.php"); 60 62 61 63 if(isset($therecord["phpbmsStatus"])) -
trunk/phpbms/modules/base/scheduler_delete_logs.php
r485 r727 48 48 }//end class --cleanImports-- 49 49 50 if(!isset($noProcess)){ 51 $clean = new cleanSysLog($db); 52 $clean->removeExcessLogs(); 50 if(!isset($noOutput) && isset($db)){ 51 52 $clean = new cleanSysLog($db); 53 $clean->removeExcessLogs(); 54 53 55 }//end if 54 56 ?> -
trunk/phpbms/modules/base/scheduler_delete_tempimport.php
r485 r727 29 29 }//end class --cleanImports-- 30 30 31 if(!isset($noProcess)){ 32 $clean = new cleanImports($db); 33 $clean->removeTempCSV(); 31 if(!isset($noOutput) && isset($db)){ 32 33 $clean = new cleanImports($db); 34 $clean->removeTempCSV(); 35 34 36 }//end if 35 37 ?> -
trunk/phpbms/modules/base/tabledefs_columns.php
r704 r727 47 47 48 48 if(!isset($_GET["id"])) 49 $error = new appError( -200, "Passed parameter missing", "Invalid request", true);49 $error = new appError(200, "Passed parameter missing", "Invalid request", true); 50 50 51 51 $columns = new tableColumns($db, $_GET["id"]); -
trunk/phpbms/modules/base/tabledefs_custom.php
r704 r727 45 45 //Make sure table definition id is set 46 46 if(!isset($_GET["id"])) 47 $error = new appError(300,"Passed variable not set (id)"); 47 $error = new appError(200,"Passed variable not set"); 48 49 if(!hasRights("Admin")) 50 goURL(APP_PATH."noaccess.php"); 48 51 49 52 $customFields = new customFields($db, ((int) $_GET["id"])); -
trunk/phpbms/modules/base/tabledefs_groupings.php
r704 r727 43 43 include("include/tablegroupings.php"); 44 44 45 if(!hasRights("Admin")) 46 goURL(APP_PATH."noaccess.php"); 47 48 if(!isset($_GET["id"])) 49 $error = new appError(-200, "Passed parameter missing", "Invalid request", true); 45 50 46 51 //grab the table name -
trunk/phpbms/modules/base/tabledefs_options.php
r704 r727 44 44 if(!isset($_GET["id"])) 45 45 $error = new appError(100, "Passed Parameter not present."); 46 47 if(!hasRights("Admin")) 48 goURL(APP_PATH."noaccess.php"); 46 49 47 50 $options = new tableOptions($db, $_GET["id"]); -
trunk/phpbms/modules/base/tabledefs_searchfields.php
r704 r727 42 42 include("include/tabledefs_searchfields_include.php"); 43 43 44 if(!hasRights("Admin")) 45 goURL(APP_PATH."noaccess.php"); 46 47 if(!isset($_GET["id"])) 48 $error = new appError(-200, "Passed parameter missing", "Invalid request", true); 44 49 45 50 $searchfields = new tableSearchFields($db, $_GET["id"]); -
trunk/phpbms/modules/recurringinvoices/scheduler_recurr.php
r722 r727 415 415 //PROCESSOR 416 416 //============================================================================================= 417 if(!isset($no Process)){417 if(!isset($noOutput)){ 418 418 $recurr = new recurr($db); 419 419 $invoiceArray = $recurr->getInvoicesToRepeat(); -
trunk/phpbms/report/report_class.php
r703 r727 115 115 $this->tabledefUUID = mysql_real_escape_string($tabledefUUID); 116 116 117 if($reportUUID) 118 $this->retrieveReportSettings(); 117 $this->checkRights(); 118 119 $this->retrieveReportSettings(); 119 120 120 121 }//end function init 121 122 123 124 /** 125 * function checkRight 126 * 127 * Checks report record and current user to make sure they have rights to run this report 128 */ 129 function checkRights(){ 130 131 $querystatement = " 132 SELECT 133 `roleid` 134 FROM 135 `reports` 136 WHERE 137 `uuid` = '".$this->reportUUID."' 138 "; 139 140 $queryresult = $this->db->query($querystatement); 141 142 if($this->db->numRows($queryresult)){ 143 144 $therecord = $this->db->fetchArray($queryresult); 145 146 if(!hasRights($therecord["roleid"])) 147 goURL(APP_PATH."noaccess.php"); 148 149 } else 150 $error = new appError(500, "Bad report uuid"); 151 152 }//end function checkRights 122 153 123 154 /**
