fixes #11, only FULL_ADMIN can delete pilots

phpvms · Apr 10, 2011 · 96be6d5 · 96be6d5
1 parent 85e9484
commit 96be6d5
Show file tree

Hide file tree

Showing 3 changed files with 83 additions and 108 deletions.
diff --git a/admin/templates/pilots_options.tpl b/admin/templates/pilots_options.tpl
@@ -1,6 +1,5 @@
 <?php
-if(PilotGroups::group_has_perm(Auth::$usergroups, FULL_ADMIN)) 
-{
+if(PilotGroups::group_has_perm(Auth::$usergroups, FULL_ADMIN)) {
 $pilotid = $_GET['pilotid'];
 ?>
 <h3>Reset Pilot Password</h3>
@@ -20,8 +19,14 @@ $pilotid = $_GET['pilotid'];
 </dl>
 </form>
 <?php
-if($pilotid != Auth::$userinfo->pilotid)
-{?>
+}
+
+
+if($pilotid != Auth::$userinfo->pilotid 
+    && PilotGroups::group_has_perm(Auth::$usergroups, FULL_ADMIN))
+{
+    
+?>
 <h3>Delete Pilot</h3>
 <p><strong>Warning!</strong> This is NOT reversible. This removes all of this pilot's information and data,
 	including PIREPS and their registration.</p>
@@ -35,7 +40,6 @@ if($pilotid != Auth::$userinfo->pilotid)
 </form>
 <?php
 }
-}
 ?>
 <script type="text/javascript">
 function doublecheck()

diff --git a/core/common/StatsData.class.php b/core/common/StatsData.class.php
@@ -31,9 +31,9 @@ public static function getTotalForCol($params) {
         $params = array_merge(array(
             'table' => '',
             'column' => '',
-            'airline_code' => '',
-            'where' => array(),
-            'func' => 'COUNT',
+            'airline_code' => '', // optional
+            'where' => array(),  // optional
+            'func' => 'COUNT', //optional
             ), $params
         );
 

diff --git a/install/checkinstall.php b/install/checkinstall.php
@@ -16,8 +16,8 @@
 <?php
 
 /* Check install
-	This checks a set of directories against a hash list generated by md5sum
-	
+This checks a set of directories against a hash list generated by md5sum
+
 */
 error_reporting(E_ALL);
 ini_set('display_errors', 'on');
@@ -26,98 +26,76 @@
 define('DS', DIRECTORY_SEPARATOR);
 
 # Path to this file
-define('ROOT_PATH', dirname(dirname(__FILE__)));
+define('ROOT_PATH', dirname(dirname(__file__)));
 
 # Path to the hash list
-define('HASH_LIST', ROOT_PATH.DS.'install'.DS.'hashlist');
+define('HASH_LIST', ROOT_PATH . DS . 'install' . DS . 'hashlist');
 define('PHPVMS_API_SERVER', 'http://api.phpvms.net');
 
 /* includes
 */
-include ROOT_PATH.DS.'core'.DS.'classes'.DS.'CodonWebService.class.php';
+include ROOT_PATH . DS . 'core' . DS . 'classes' . DS . 'CodonWebService.class.php';
 
 
-function error($title, $txt)
-{
-	echo "<span style=\"color: red\">[{$title}]</span> {$txt}<br />";
+function error($title, $txt) {
+    echo "<span style=\"color: red\">[{$title}]</span> {$txt}<br />";
 }
 
-function success($title, $txt)
-{
-	echo "<span style=\"color: #006600\">[{$title}]</span> {$txt}<br />";
+function success($title, $txt) {
+    echo "<span style=\"color: #006600\">[{$title}]</span> {$txt}<br />";
 }
 
 
-
-
-
 /* Rest of the script begins here */
-echo "<strong>phpVMS Build Number: </strong> ".file_get_contents(ROOT_PATH.'/core/version');
+echo "<strong>phpVMS Build Number: </strong> " . file_get_contents(ROOT_PATH . '/core/version');
 echo '<br /><br />';
 
 echo '<strong>Checking PHP version</strong><br />';
 $version = phpversion();
 $version = substr($version, 0, 3);
 
-if($version[0] == '4' || $version == '5.0' || $version == '5.1')
-{
-	error('Error!', 'Must be running at least PHP 5.2');
+if ($version[0] == '4' || $version == '5.0' || $version == '5.1') {
+    error('Error!', 'Must be running at least PHP 5.2');
+} else {
+    $version = phpversion();
+    success('OK', "PHP version is {$version}.x");
 }
-else
-{
-	$version = phpversion();
-	success('OK', "PHP version is {$version}.x");
-}
-echo '<br />';
 
+echo '<br />';
 echo '<strong>ASP Tags</strong><br />';
 
 $val = ini_get('asp_tags');
-if(!empty($val))
-{
-	error('Error!', 'The setting "asp_tags" in php.ini must be off!');
-}
-else
-{
-	success('OK', 'ASP-style tags are disabled');
+if (!empty($val)) {
+    error('Error!', 'The setting "asp_tags" in php.ini must be off!');
+} else {
+    success('OK', 'ASP-style tags are disabled');
 }
 
 
-
-
-
-
 echo '<br />';
 echo '<strong>Checking connectivity...</strong><br />';
 $file = new CodonWebService();
-$contents = @$file->get(PHPVMS_API_SERVER.'/version');
+$contents = @$file->get(PHPVMS_API_SERVER . '/version');
 
-if($contents == '')
-{
-	$error = $file->errors[count($file->errors)-1];
-	error('Connection failed', 'Could not connect to remote server - error is "'.$error.'"');
-}
-else
-{
-	success('OK', 'Can contact outside servers');
+if ($contents == '') {
+    $error = $file->errors[count($file->errors) - 1];
+    error('Connection failed', 'Could not connect to remote server - error is "' . $error . '"');
+} else {
+    success('OK', 'Can contact outside servers');
 }
 
 unset($file);
 
 
-
 /* Simple XML? */
 
 echo '<br />';
 echo '<strong>Checking for SimpleXML module...</strong><br />';
 
-if(function_exists('simplexml_load_string') == true)
-{
-	success('OK', 'SimpleXML module exists!');
-}
-else
-{
-	error('Fail', 'SimpleXML module doesn\'t exist or is not installed. Contact your host');
+if (function_exists('simplexml_load_string') == true) {
+    success('OK', 'SimpleXML module exists!');
+} else {
+    error('Fail', 'SimpleXML module doesn\'t exist or is not installed. Contact your host');
 }
 
 /* File hashes check */
@@ -127,63 +105,56 @@ function success($title, $txt)
 
 $fp = fopen(HASH_LIST, 'r');
 
-if(!$fp)
-{
-	error('Fatal', 'Could not read '.HASH_LIST);
-	exit;
+if (!$fp) {
+    error('Fatal', 'Could not read ' . HASH_LIST);
+    exit;
 }
 
 $total = 0;
 $errors = 0;
-while(!feof($fp))
-{
-	$line = fgets($fp);
-
-	$line = trim($line);
-	if(empty($line))
-		continue;
-
-	fscanf($fp, '%s %s', $checksum, $file);
-	$total ++;
-	$file = str_replace('*./', '../', $file);
-
-	if($file == '../core/local.config.php' || substr_count($file, 'unittest') > 0 || empty($file))
-	{
-		continue;
-	}
-
-	if(!file_exists($file))
-	{
-		$errors++;
-		error('Error', "{$file} doesn't exist");
-		continue;
-	}
-
-	$calc_sum = md5_file($file);
-	$file = str_replace('../', '/', $file); # make pretty
-	if($calc_sum === false)
-	{
-		$errors++;
-		error('Checksum failed', "{$file} - permissions might be incorrect!");
-		continue;
-	}
-
-	if($calc_sum != $checksum)
-	{
-		$errors++;
-		error('Checksum failed', "{$file} did not match, possibly corrupt or out of date");
-		continue;
-	}
-
-	$file = '';
+while (!feof($fp)) {
+    $line = fgets($fp);
+
+    $line = trim($line);
+    if (empty($line)) continue;
+
+    fscanf($fp, '%s %s', $checksum, $file);
+    $total++;
+    $file = str_replace('*./', '../', $file);
+
+    if ($file == '../core/local.config.php' || substr_count($file, 'unittest') > 0 || empty($file)) {
+        continue;
+    }
+
+    if (!file_exists($file)) {
+        $errors++;
+        error('Error', "{$file} doesn't exist");
+        continue;
+    }
+
+    $calc_sum = md5_file($file);
+    $file = str_replace('../', '/', $file); # make pretty
+    if ($calc_sum === false) {
+        $errors++;
+        error('Checksum failed', "{$file} - permissions might be incorrect!");
+        continue;
+    }
+
+    if ($calc_sum != $checksum) {
+        $errors++;
+        error('Checksum failed', "{$file} did not match, possibly corrupt or out of date");
+        continue;
+    }
+
+    $file = '';
 }
 
-if($errors == 0)
-{
-	success('OK', 'No errors found!');
+if ($errors == 0) {
+    success('OK', 'No errors found!');
 }
 
 echo "<br /><strong> -- Checked {$total} files, found {$errors} errors</strong><br />";
+
 ?>
 </body>
 </html>