khanat-opennel-code/code/web/public_php/ams/inc/change_permission.php

<?php
/**
* This function is beign used to change the permission of a ticket_user.
* It will first check if the user who executed this function is an admin. If this is not the case the page will be redirected to an error page.
* in case the $_GET['value'] is smaller than 4 and the user whoes permission is being changed is different from the admin(id 1), the change will be executed and the page will
* redirect to the users profile page.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function change_permission(){
    global $INGAME_WEBPATH;
    global $WEBPATH;
    //if logged in
    if(WebUsers::isLoggedIn()){

        //check if user who executed this function is an admin
        if(ticket_user::isAdmin(unserialize($_SESSION['ticket_user']))){

            //in case the $_GET['value'] is smaller than 4 and the user whoes permission is being changed is different from the admin(id 1)
            if(isset($_GET['user_id']) && isset($_GET['value']) && $_GET['user_id'] != 1 && $_GET['value'] < 4 ){
                $user_id = filter_var($_GET['user_id'], FILTER_SANITIZE_NUMBER_INT);
                $value = filter_var($_GET['value'], FILTER_SANITIZE_NUMBER_INT);

                //execute change.
                Ticket_User::change_permission(Ticket_User::constr_ExternId($user_id)->getTUserId(), $value);
                header("Cache-Control: max-age=1");
                if (Helpers::check_if_game_client()) {
                    header("Location: ".$INGAME_WEBPATH."?page=show_user&id=".$user_id);
                }else{
                    header("Location: ".$WEBPATH."?page=show_user&id=".$user_id);
                }
                throw new SystemExit();


            }else{
                //ERROR: GET PARAMS not given or trying to change admin
                header("Cache-Control: max-age=1");
                if (Helpers::check_if_game_client()) {
                    header("Location: ".$INGAME_WEBPATH."?page=show_user&id=".$user_id);
                }else{
                    header("Location: ".$WEBPATH."?page=show_user&id=".$user_id);
                }
                throw new SystemExit();
            }

        }else{
            //ERROR: No access!
            $_SESSION['error_code'] = "403";
                header("Cache-Control: max-age=1");
            header("Location: index.php?page=error");
            throw new SystemExit();

        }

    }else{
        //ERROR: not logged in!
                header("Cache-Control: max-age=1");
        header("Location: index.php");
        throw new SystemExit();
    }


}
Promoting a user to mod/admin or mod to admin, or demoting mod to user, admin to mod/user is now possible! 2013-07-19 01:05:12 +00:00			`<?php`
Added more documentations, this time also the inc/func files are documented and changed the doxygen config file with the help of Botanic 2013-09-13 22:39:03 +00:00			`/**`
			`* This function is beign used to change the permission of a ticket_user.`
			`* It will first check if the user who executed this function is an admin. If this is not the case the page will be redirected to an error page.`
			`* in case the $_GET['value'] is smaller than 4 and the user whoes permission is being changed is different from the admin(id 1), the change will be executed and the page will`
			`* redirect to the users profile page.`
			`* @author Daan Janssens, mentored by Matthew Lagoe`
			`*/`
Promoting a user to mod/admin or mod to admin, or demoting mod to user, admin to mod/user is now possible! 2013-07-19 01:05:12 +00:00			`function change_permission(){`
Biggest push ever! :D Kinda made it possible to only need a few files in the inc/func of the drupal module, all others can be copied of the www version 2013-09-09 01:47:32 +00:00			`global $INGAME_WEBPATH;`
			`global $WEBPATH;`
			`//if logged in`
Promoting a user to mod/admin or mod to admin, or demoting mod to user, admin to mod/user is now possible! 2013-07-19 01:05:12 +00:00			`if(WebUsers::isLoggedIn()){`
Die, don't exit 2014-09-03 05:06:43 +00:00
Added more documentations, this time also the inc/func files are documented and changed the doxygen config file with the help of Botanic 2013-09-13 22:39:03 +00:00			`//check if user who executed this function is an admin`
Biggest push ever! :D Kinda made it possible to only need a few files in the inc/func of the drupal module, all others can be copied of the www version 2013-09-09 01:47:32 +00:00			`if(ticket_user::isAdmin(unserialize($_SESSION['ticket_user']))){`
Die, don't exit 2014-09-03 05:06:43 +00:00
Added more documentations, this time also the inc/func files are documented and changed the doxygen config file with the help of Botanic 2013-09-13 22:39:03 +00:00			`//in case the $_GET['value'] is smaller than 4 and the user whoes permission is being changed is different from the admin(id 1)`
Promoting a user to mod/admin or mod to admin, or demoting mod to user, admin to mod/user is now possible! 2013-07-19 01:05:12 +00:00			`if(isset($_GET['user_id']) && isset($_GET['value']) && $_GET['user_id'] != 1 && $_GET['value'] < 4 ){`
			`$user_id = filter_var($_GET['user_id'], FILTER_SANITIZE_NUMBER_INT);`
			`$value = filter_var($_GET['value'], FILTER_SANITIZE_NUMBER_INT);`
Die, don't exit 2014-09-03 05:06:43 +00:00
Added more documentations, this time also the inc/func files are documented and changed the doxygen config file with the help of Botanic 2013-09-13 22:39:03 +00:00			`//execute change.`
userlist ingame works + fixed a bug in demoting/promoting users with roles, which was looking at the wrong id 2013-08-06 02:31:01 +00:00			`Ticket_User::change_permission(Ticket_User::constr_ExternId($user_id)->getTUserId(), $value);`
Don't cache redirects 2014-09-03 05:36:10 +00:00			`header("Cache-Control: max-age=1");`
Biggest push ever! :D Kinda made it possible to only need a few files in the inc/func of the drupal module, all others can be copied of the www version 2013-09-09 01:47:32 +00:00			`if (Helpers::check_if_game_client()) {`
			`header("Location: ".$INGAME_WEBPATH."?page=show_user&id=".$user_id);`
			`}else{`
			`header("Location: ".$WEBPATH."?page=show_user&id=".$user_id);`
			`}`
Throw exception instead of exit. 2014-09-03 05:23:39 +00:00			`throw new SystemExit();`
Die, don't exit 2014-09-03 05:06:43 +00:00

Promoting a user to mod/admin or mod to admin, or demoting mod to user, admin to mod/user is now possible! 2013-07-19 01:05:12 +00:00			`}else{`
			`//ERROR: GET PARAMS not given or trying to change admin`
Don't cache redirects 2014-09-03 05:36:10 +00:00			`header("Cache-Control: max-age=1");`
Biggest push ever! :D Kinda made it possible to only need a few files in the inc/func of the drupal module, all others can be copied of the www version 2013-09-09 01:47:32 +00:00			`if (Helpers::check_if_game_client()) {`
			`header("Location: ".$INGAME_WEBPATH."?page=show_user&id=".$user_id);`
			`}else{`
			`header("Location: ".$WEBPATH."?page=show_user&id=".$user_id);`
			`}`
Throw exception instead of exit. 2014-09-03 05:23:39 +00:00			`throw new SystemExit();`
Promoting a user to mod/admin or mod to admin, or demoting mod to user, admin to mod/user is now possible! 2013-07-19 01:05:12 +00:00			`}`
Die, don't exit 2014-09-03 05:06:43 +00:00
Promoting a user to mod/admin or mod to admin, or demoting mod to user, admin to mod/user is now possible! 2013-07-19 01:05:12 +00:00			`}else{`
			`//ERROR: No access!`
			`$_SESSION['error_code'] = "403";`
Don't cache redirects 2014-09-03 05:36:10 +00:00			`header("Cache-Control: max-age=1");`
Promoting a user to mod/admin or mod to admin, or demoting mod to user, admin to mod/user is now possible! 2013-07-19 01:05:12 +00:00			`header("Location: index.php?page=error");`
Throw exception instead of exit. 2014-09-03 05:23:39 +00:00			`throw new SystemExit();`
Die, don't exit 2014-09-03 05:06:43 +00:00
Promoting a user to mod/admin or mod to admin, or demoting mod to user, admin to mod/user is now possible! 2013-07-19 01:05:12 +00:00			`}`
Die, don't exit 2014-09-03 05:06:43 +00:00
Promoting a user to mod/admin or mod to admin, or demoting mod to user, admin to mod/user is now possible! 2013-07-19 01:05:12 +00:00			`}else{`
			`//ERROR: not logged in!`
Don't cache redirects 2014-09-03 05:36:10 +00:00			`header("Cache-Control: max-age=1");`
Promoting a user to mod/admin or mod to admin, or demoting mod to user, admin to mod/user is now possible! 2013-07-19 01:05:12 +00:00			`header("Location: index.php");`
Throw exception instead of exit. 2014-09-03 05:23:39 +00:00			`throw new SystemExit();`
Promoting a user to mod/admin or mod to admin, or demoting mod to user, admin to mod/user is now possible! 2013-07-19 01:05:12 +00:00			`}`
Die, don't exit 2014-09-03 05:06:43 +00:00

			`}`