[geeklog-cvs] geeklog-1.3/public_html/admin block.php,1.44,1.45 event.php,1.34,1.35 link.php,1.29,1.30 poll.php,1.27,1.28 story.php,1.78,1.79 topic.php,1.30,1.31
dhaun at geeklog.net
dhaun at geeklog.net
Fri Jan 10 09:21:30 EST 2003
Update of /usr/cvs/geeklog/geeklog-1.3/public_html/admin
In directory internal.geeklog.net:/tmp/cvs-serv18368
Modified Files:
block.php event.php link.php poll.php story.php topic.php
Log Message:
Check for proper permissions before saving. Also fixed some of the "access
denied" screens.
Index: block.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/admin/block.php,v
retrieving revision 1.44
retrieving revision 1.45
diff -C2 -d -r1.44 -r1.45
*** block.php 15 Dec 2002 13:34:44 -0000 1.44
--- block.php 10 Jan 2003 14:21:28 -0000 1.45
***************
*** 53,56 ****
--- 53,77 ----
/**
+ * Check for block topic access (need to handle 'all' and 'homeonly' as
+ * special cases)
+ *
+ * @param string $tid ID for topic to check on
+ * @return int returns 3 for read/edit 2 for read only 0 for no access
+ *
+ */
+ function hasBlockTopicAccess ($tid)
+ {
+ $access = 0;
+
+ if (($tid == 'all') || ($tid == 'homeonly')) {
+ $access = 3;
+ } else {
+ $access = SEC_hasTopicAccess ($tid);
+ }
+
+ return $access;
+ }
+
+ /**
* Shows default block editor
*
***************
*** 141,145 ****
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']);
! if ($access == 2 || $access == 0) {
$retval .= COM_startBlock($LANG21[44])
.$LANG21[45]
--- 162,166 ----
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']);
! if ($access == 2 || $access == 0 || hasBlockTopicAccess ($A['tid']) < 3) {
$retval .= COM_startBlock($LANG21[44])
.$LANG21[45]
***************
*** 201,205 ****
$block_templates->set_var('homeonly_selected', 'selected="selected"');
}
! $block_templates->set_var('topic_options', COM_optionList($_TABLES['topics'],'tid,topic',$A['tid']));
$block_templates->set_var('lang_side', $LANG21[39]);
$block_templates->set_var('lang_left', $LANG21[40]);
--- 222,226 ----
$block_templates->set_var('homeonly_selected', 'selected="selected"');
}
! $block_templates->set_var('topic_options', COM_topicList('tid,topic',$A['tid']));
$block_templates->set_var('lang_side', $LANG21[39]);
$block_templates->set_var('lang_left', $LANG21[40]);
***************
*** 298,304 ****
function saveblock($bid,$name,$title,$help,$type,$blockorder,$content,$tid,$rdfurl,$rdfupdated,$phpblockfn,$onleft,$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon,$is_enabled)
{
! global $_TABLES, $_CONF,$LANG21,$LANG01,$HTTP_POST_VARS;
! if (($type == 'normal' && !empty($title) && !empty($content)) OR ($type == 'portal' && !empty($title) && !empty($rdfurl)) OR ($type == 'layout' && !empty($content)) OR ($type == 'gldefault' && (strlen($blockorder)>0)) OR ($type == 'phpblock' && !empty($phpblockfn) && !empty($title))) {
if ($is_enabled == 'on') {
$is_enabled = 1;
--- 319,345 ----
function saveblock($bid,$name,$title,$help,$type,$blockorder,$content,$tid,$rdfurl,$rdfupdated,$phpblockfn,$onleft,$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon,$is_enabled)
{
! global $_TABLES, $_CONF, $LANG21, $LANG01, $MESSAGE, $HTTP_POST_VARS;
! $access = 0;
! if (DB_count ($_TABLES['blocks'], 'bid', $bid) > 0) {
! $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid = '{$bid}'");
! $A = DB_fetchArray ($result);
! $access = SEC_hasAccess ($A['owner_id'], $A['group_id'],
! $A['perm_owner'], $A['perm_group'], $A['perm_members'],
! $A['perm_anon']);
! } else {
! $access = SEC_hasAccess ($owner_id, $group_id, $perm_owner, $perm_group,
! $perm_members, $perm_anon);
! }
! if (($access < 3) || !hasBlockTopicAccess ($tid) || !SEC_inGroup ($group_id)) {
! $display .= COM_siteHeader('menu');
! $display .= COM_startBlock($MESSAGE[30]);
! $display .= $MESSAGE[31];
! $display .= COM_endBlock();
! $display .= COM_siteFooter();
! COM_errorLog("User {$_USER['username']} tried to illegally create or edit block $bid",1);
! echo $display;
! exit;
! } elseif (($type == 'normal' && !empty($title) && !empty($content)) OR ($type == 'portal' && !empty($title) && !empty($rdfurl)) OR ($type == 'layout' && !empty($content)) OR ($type == 'gldefault' && (strlen($blockorder)>0)) OR ($type == 'phpblock' && !empty($phpblockfn) && !empty($title))) {
if ($is_enabled == 'on') {
$is_enabled = 1;
***************
*** 416,445 ****
$A = DB_fetchArray($result);
- $block_templates->set_var('block_id', $A['bid']);
- $block_templates->set_var('block_title', stripslashes ($A['title']));
-
$access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']);
! if ($access > 0) {
if ($access == 3) {
! $access = $LANG_ACCESS[edit];
} else {
! $access = $LANG_ACCESS[readonly];
}
! } else {
! $access = $LANG_ACCESS[none];
! }
! $block_templates->set_var('block_access', $access);
! $block_templates->set_var('block_type',$A['type']);
! if ($A['onleft'] == 1) {
! $side = $LANG21[40];
! } else {
! $side = $LANG21[41];
! }
! $block_templates->set_var('block_side', $side);
! $block_templates->set_var('block_order', $A['blockorder']);
! $block_templates->set_var('block_topic', $A['tid']);
! $block_templates->parse('blocklist_item', 'row', true);
}
--- 457,483 ----
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']);
! if (($access > 0) && (hasBlockTopicAccess ($A['tid']) > 0)) {
if ($access == 3) {
! $access = $LANG_ACCESS['edit'];
} else {
! $access = $LANG_ACCESS['readonly'];
}
! $block_templates->set_var('block_access', $access);
! $block_templates->set_var('block_type',$A['type']);
! $block_templates->set_var('block_id', $A['bid']);
! $block_templates->set_var('block_title', stripslashes ($A['title']));
! if ($A['onleft'] == 1) {
! $side = $LANG21[40];
! } else {
! $side = $LANG21[41];
! }
! $block_templates->set_var('block_side', $side);
! $block_templates->set_var('block_order', $A['blockorder']);
! $block_templates->set_var('block_topic', $A['tid']);
! $block_templates->parse('blocklist_item', 'row', true);
! }
}
***************
*** 447,451 ****
$retval .= $block_templates->finish($block_templates->get_var('output'));
$retval .= COM_endBlock();
!
return $retval;
}
--- 485,489 ----
$retval .= $block_templates->finish($block_templates->get_var('output'));
$retval .= COM_endBlock();
!
return $retval;
}
Index: event.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/admin/event.php,v
retrieving revision 1.34
retrieving revision 1.35
diff -C2 -d -r1.34 -r1.35
*** event.php 15 Dec 2002 13:34:44 -0000 1.34
--- event.php 10 Jan 2003 14:21:28 -0000 1.35
***************
*** 73,78 ****
$retval = '';
- $retval .= COM_startBlock($LANG22[1]);
-
$event_templates = new Template($_CONF['path_layout'] . 'admin/event');
$event_templates->set_file('editor','eventeditor.thtml');
--- 73,76 ----
***************
*** 87,93 ****
// Uh, oh! User doesn't have access to this object
$retval .= COM_startBlock($LANG22[16]);
! $retval .= $LANG22[17];
$retval .= COM_endBlock();
! return $retval ;
}
} else {
--- 85,91 ----
// Uh, oh! User doesn't have access to this object
$retval .= COM_startBlock($LANG22[16]);
! $retval .= $LANG22[17];
$retval .= COM_endBlock();
! return $retval;
}
} else {
***************
*** 101,104 ****
--- 99,104 ----
}
+ $retval .= COM_startBlock($LANG22[1]);
+
if ($A['eid'] == '') {
$A['eid'] = COM_makesid();
***************
*** 401,405 ****
{
global $_TABLES, $_CONF, $LANG22;
!
if ($allday == 'on') {
$allday = 1;
--- 401,428 ----
{
global $_TABLES, $_CONF, $LANG22;
!
! $access = 0;
! if (DB_count ($_TABLES['events'], 'eid', $eid) > 0) {
! $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['events']} WHERE eid = '{$eid}'");
! $A = DB_fetchArray ($result);
! $access = SEC_hasAccess ($A['owner_id'], $A['group_id'],
! $A['perm_owner'], $A['perm_group'], $A['perm_members'],
! $A['perm_anon']);
! } else {
! $access = SEC_hasAccess ($owner_id, $group_id, $perm_owner, $perm_group,
! $perm_members, $perm_anon);
! }
! if (($access < 3) || !SEC_inGroup ($group_id)) {
! $display .= COM_siteHeader('menu');
! $display .= COM_startBlock($MESSAGE[30]);
! $display .= $MESSAGE[31];
! $display .= COM_endBlock();
! $display .= COM_siteFooter();
! COM_errorLog("User {$_USER['username']} tried to illegally submit or edi
! t story $sid",1);
! echo $display;
! exit;
! }
!
if ($allday == 'on') {
$allday = 1;
***************
*** 407,411 ****
$allday = 0;
}
!
// Make sure start date is before end date
if (checkdate($start_month, $start_day, $start_year)) {
--- 430,434 ----
$allday = 0;
}
!
// Make sure start date is before end date
if (checkdate($start_month, $start_day, $start_year)) {
Index: link.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/admin/link.php,v
retrieving revision 1.29
retrieving revision 1.30
diff -C2 -d -r1.29 -r1.30
*** link.php 1 Jan 2003 20:02:18 -0000 1.29
--- link.php 10 Jan 2003 14:21:28 -0000 1.30
***************
*** 68,73 ****
$retval = '';
- $retval .= COM_startBlock($LANG23[1]);
-
$link_templates = new Template($_CONF['path_layout'] . 'admin/link');
$link_templates->set_file('editor','linkeditor.thtml');
--- 68,71 ----
***************
*** 83,87 ****
$retval .= $LANG23[17];
$retval .= COM_endBlock();
! return;
}
} else {
--- 81,85 ----
$retval .= $LANG23[17];
$retval .= COM_endBlock();
! return $retval;
}
} else {
***************
*** 99,102 ****
--- 97,102 ----
$access = 3;
}
+ $retval .= COM_startBlock($LANG23[1]);
+
$link_templates->set_var('link_id', $A['lid']);
if (!empty($lid) && SEC_hasRights('link.edit')) {
***************
*** 170,174 ****
###############################################################################
! # Svaes the links to the database
/**
* Saves link to the database
--- 170,174 ----
###############################################################################
! # Saves the links to the database
/**
* Saves link to the database
***************
*** 191,217 ****
function savelink($lid,$category,$categorydd,$url,$description,$title,$hits,$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon)
{
! global $_TABLES, $_CONF, $LANG23, $_USER;
! // clean 'em up
! $description = addslashes(COM_checkHTML(COM_checkWords($description)));
! $title = addslashes(COM_checkHTML(COM_checkWords($title)));
$category = addslashes ($category);
! if (!empty($title) && !empty($description) && !empty($url)) {
! if (!empty($lid)) {
! DB_delete($_TABLES['linksubmission'],'lid',$lid);
! DB_delete($_TABLES['links'],'lid',$lid);
! } else {
! // this is a submission, set default values
! $lid = COM_makesid();
! if (empty($owner_id)) {
! $owner_id = $_USER['uid'];
! $group_id = DB_getItem($_TABLES['groups'],'grp_id',"grp_name = 'Link Admin'");
! $perm_owner = 3;
! $perm_group = 3;
! $perm_members = 2;
! $perm_anon = 2;
! }
! }
if ($categorydd != $LANG23[7] && !empty($categorydd)) {
--- 191,236 ----
function savelink($lid,$category,$categorydd,$url,$description,$title,$hits,$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon)
{
! global $_TABLES, $_CONF, $LANG23, $MESSAGE, $_USER;
! // clean 'em up
! $description = addslashes (COM_checkHTML (COM_checkWords ($description)));
! $title = addslashes (COM_checkHTML (COM_checkWords ($title)));
$category = addslashes ($category);
! if (empty ($lid)) {
! // this is a submission, set default values
! $lid = COM_makesid();
! if (empty($owner_id)) {
! $owner_id = $_USER['uid'];
! $group_id = DB_getItem ($_TABLES['groups'], 'grp_id',
! "grp_name = 'Link Admin'");
! $perm_owner = 3;
! $perm_group = 2;
! $perm_members = 2;
! $perm_anon = 2;
! }
! }
!
! $access = 0;
! if (DB_count ($_TABLES['links'], 'lid', $lid) > 0) {
! $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$lid}'");
! $A = DB_fetchArray ($result);
! $access = SEC_hasAccess ($A['owner_id'], $A['group_id'],
! $A['perm_owner'], $A['perm_group'], $A['perm_members'],
! $A['perm_anon']);
! } else {
! $access = SEC_hasAccess ($owner_id, $group_id, $perm_owner, $perm_group,
! $perm_members, $perm_anon);
! }
! if (($access < 3) || !SEC_inGroup ($group_id)) {
! $display .= COM_siteHeader('menu');
! $display .= COM_startBlock($MESSAGE[30]);
! $display .= $MESSAGE[31];
! $display .= COM_endBlock();
! $display .= COM_siteFooter();
! COM_errorLog("User {$_USER['username']} tried to illegally submit or edit link $lid",1);
! echo $display;
! exit;
! } elseif (!empty($title) && !empty($description) && !empty($url)) {
if ($categorydd != $LANG23[7] && !empty($categorydd)) {
***************
*** 225,228 ****
--- 244,250 ----
list($perm_owner,$perm_group,$perm_members,$perm_anon) = SEC_getPermissionValues($perm_owner,$perm_group,$perm_members,$perm_anon);
}
+ DB_delete($_TABLES['linksubmission'],'lid',$lid);
+ DB_delete($_TABLES['links'],'lid',$lid);
+
DB_save($_TABLES['links'],'lid,category,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon',"$lid,'$category','$url','$description','$title',NOW(),'$hits',$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon",$_CONF['site_admin_url'] . '/link.php?msg=15');
} else {
***************
*** 267,283 ****
if ($access > 0) {
if ($access == 3) {
! $access = $LANG_ACCESS[edit];
} else {
! $access = $LANG_ACCESS[readonly];
}
! } else {
! $access = $LANG_ACCESS[none];
! }
! $link_templates->set_var('link_id', $A['lid']);
! $link_templates->set_var('link_name', stripslashes($A['title']));
! $link_templates->set_var('link_access', $access);
! $link_templates->set_var('link_category', $A['category']);
! $link_templates->set_var('link_url', $A['url']);
! $link_templates->parse('link_row', 'row', true);
}
$link_templates->parse('output','list');
--- 289,303 ----
if ($access > 0) {
if ($access == 3) {
! $access = $LANG_ACCESS['edit'];
} else {
! $access = $LANG_ACCESS['readonly'];
}
! $link_templates->set_var('link_id', $A['lid']);
! $link_templates->set_var('link_name', stripslashes($A['title']));
! $link_templates->set_var('link_access', $access);
! $link_templates->set_var('link_category', $A['category']);
! $link_templates->set_var('link_url', $A['url']);
! $link_templates->parse('link_row', 'row', true);
! }
}
$link_templates->parse('output','list');
Index: poll.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/admin/poll.php,v
retrieving revision 1.27
retrieving revision 1.28
diff -C2 -d -r1.27 -r1.28
*** poll.php 15 Dec 2002 13:34:44 -0000 1.27
--- poll.php 10 Jan 2003 14:21:28 -0000 1.28
***************
*** 81,85 ****
function savepoll($qid,$mainpage,$question,$voters,$statuscode,$commentcode,$A,$V,$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon)
{
! global $_TABLES, $LANG25, $_CONF, $_POLL_VERBOSE;
$question = COM_stripslashes ($question);
--- 81,85 ----
function savepoll($qid,$mainpage,$question,$voters,$statuscode,$commentcode,$A,$V,$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon)
{
! global $_TABLES, $LANG25, $_CONF, $MESSAGE, $_POLL_VERBOSE;
$question = COM_stripslashes ($question);
***************
*** 92,95 ****
--- 92,117 ----
}
+ $access = 0;
+ if (DB_count ($_TABLES['pollquestions'], 'qid', $qid) > 0) {
+ $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['pollquestions']} WHERE qid = '{$qid}'");
+ $P = DB_fetchArray ($result);
+ $access = SEC_hasAccess ($P['owner_id'], $P['group_id'],
+ $P['perm_owner'], $P['perm_group'], $P['perm_members'],
+ $P['perm_anon']);
+ } else {
+ $access = SEC_hasAccess ($owner_id, $group_id, $perm_owner, $perm_group,
+ $perm_members, $perm_anon);
+ }
+ if (($access < 3) || !SEC_inGroup ($group_id)) {
+ $display .= COM_siteHeader('menu');
+ $display .= COM_startBlock($MESSAGE[30]);
+ $display .= $MESSAGE[31];
+ $display .= COM_endBlock();
+ $display .= COM_siteFooter();
+ COM_errorLog("User {$_USER['username']} tried to illegally submit or edit poll $pid",1);
+ echo $display;
+ exit;
+ }
+
if (empty($voters)) {
$voters = '0';
***************
*** 155,160 ****
$retval .= '';
- $retval .= COM_startBlock($LANG25[5]);
-
$poll_templates = new Template($_CONF['path_layout'] . 'admin/poll');
$poll_templates->set_file(array('editor'=>'polleditor.thtml','answer'=>'pollansweroption.thtml'));
--- 177,180 ----
***************
*** 175,179 ****
// User doesn't have access...bail
$retval .= COM_startBlock($LANG25[21]);
! $retval .= $retval .= $LANG25[22];
$retval .= COM_endBlock();
return $retval;
--- 195,199 ----
// User doesn't have access...bail
$retval .= COM_startBlock($LANG25[21]);
! $retval .= $LANG25[22];
$retval .= COM_endBlock();
return $retval;
***************
*** 181,184 ****
--- 201,206 ----
}
+ $retval .= COM_startBlock($LANG25[5]);
+
if (!empty($qid) AND $access == 3) {
$poll_templates->set_var('delete_option', "<input type=\"submit\" name=\"mode\" value=\"$LANG25[16]\">");
***************
*** 291,314 ****
if ($access > 0) {
if ($access == 3) {
! $access = $LANG_ACCESS[edit];
} else {
! $access = $LANG_ACCESS[readonly];
}
! } else {
! $access = $LANG_ACCESS[none];
! }
! $curtime = COM_getUserDateTimeFormat($A["date"]);
! if ($A['display'] == 1) {
! $A['display'] = $LANG25[25];
! } else {
! $A['display'] = $LANG25[26];
}
- $poll_templates->set_var('question_id', $A['qid']);
- $poll_templates->set_var('poll_question', $A['question']);
- $poll_templates->set_var('poll_access', $access);
- $poll_templates->set_var('poll_votes', $A['voters']);
- $poll_templates->set_var('poll_createdate', $curtime[0]);
- $poll_templates->set_var('poll_homepage', $A['display']);
- $poll_templates->parse('poll_row','row',true);
}
$poll_templates->parse('output', 'list');
--- 313,334 ----
if ($access > 0) {
if ($access == 3) {
! $access = $LANG_ACCESS['edit'];
} else {
! $access = $LANG_ACCESS['readonly'];
}
! $curtime = COM_getUserDateTimeFormat($A["date"]);
! if ($A['display'] == 1) {
! $A['display'] = $LANG25[25];
! } else {
! $A['display'] = $LANG25[26];
! }
! $poll_templates->set_var('question_id', $A['qid']);
! $poll_templates->set_var('poll_question', $A['question']);
! $poll_templates->set_var('poll_access', $access);
! $poll_templates->set_var('poll_votes', $A['voters']);
! $poll_templates->set_var('poll_createdate', $curtime[0]);
! $poll_templates->set_var('poll_homepage', $A['display']);
! $poll_templates->parse('poll_row','row',true);
}
}
$poll_templates->parse('output', 'list');
Index: story.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/admin/story.php,v
retrieving revision 1.78
retrieving revision 1.79
diff -C2 -d -r1.78 -r1.79
*** story.php 5 Jan 2003 20:48:56 -0000 1.78
--- story.php 10 Jan 2003 14:21:28 -0000 1.79
***************
*** 637,653 ****
{
global $_TABLES, $_CONF, $LANG24, $MESSAGE, $HTTP_POST_FILES;
!
$access = 0;
if (DB_count ($_TABLES['stories'], 'sid', $sid) > 0) {
- // if this story already exists, check if the submitter is allowed to
- // save / modify it
$result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '{$sid}'");
$A = DB_fetchArray ($result);
! $access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']);
} else {
! // on new stories, check for proper topic access
! $access = SEC_hasTopicAccess ($tid);
}
! if ($access < 3) {
$display .= COM_siteHeader('menu');
$display .= COM_startBlock($MESSAGE[30]);
--- 637,653 ----
{
global $_TABLES, $_CONF, $LANG24, $MESSAGE, $HTTP_POST_FILES;
!
$access = 0;
if (DB_count ($_TABLES['stories'], 'sid', $sid) > 0) {
$result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '{$sid}'");
$A = DB_fetchArray ($result);
! $access = SEC_hasAccess ($A['owner_id'], $A['group_id'],
! $A['perm_owner'], $A['perm_group'], $A['perm_members'],
! $A['perm_anon']);
} else {
! $access = SEC_hasAccess ($owner_id, $group_id, $perm_owner, $perm_group,
! $perm_members, $perm_anon);
}
! if (($access < 3) || (SEC_hasTopicAccess ($tid) < 3) || !SEC_inGroup ($group_id)) {
$display .= COM_siteHeader('menu');
$display .= COM_startBlock($MESSAGE[30]);
Index: topic.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/admin/topic.php,v
retrieving revision 1.30
retrieving revision 1.31
diff -C2 -d -r1.30 -r1.31
*** topic.php 15 Dec 2002 13:34:44 -0000 1.30
--- topic.php 10 Jan 2003 14:21:28 -0000 1.31
***************
*** 62,66 ****
global $_TABLES, $LANG27, $_CONF, $_USER, $LANG_ACCESS;
- $retval .= COM_startBlock($LANG27[1]);
if (!empty($tid)) {
$result = DB_query("SELECT * FROM {$_TABLES['topics']} WHERE tid ='$tid'");
--- 62,65 ----
***************
*** 74,77 ****
--- 73,78 ----
}
}
+
+ $retval .= COM_startBlock($LANG27[1]);
if (!is_array ($A) || empty ($A['owner_id'])) {
$A['owner_id'] = $_USER['uid'];
***************
*** 159,165 ****
# Saves $tid to the database
function savetopic($tid,$topic,$imageurl,$sortnum,$limitnews,$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon) {
! global $_TABLES, $_CONF, $LANG27;
! if (!empty($tid) && !empty($topic)) {
if ($imageurl == '/images/topics/') {
$imageurl = '';
--- 160,186 ----
# Saves $tid to the database
function savetopic($tid,$topic,$imageurl,$sortnum,$limitnews,$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon) {
! global $_TABLES, $_CONF, $LANG27, $MESSAGE;
! $access = 0;
! if (DB_count ($_TABLES['topics'], 'tid', $tid) > 0) {
! $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$tid}'");
! $A = DB_fetchArray ($result);
! $access = SEC_hasAccess ($A['owner_id'], $A['group_id'],
! $A['perm_owner'], $A['perm_group'], $A['perm_members'],
! $A['perm_anon']);
! } else {
! $access = SEC_hasAccess ($owner_id, $group_id, $perm_owner, $perm_group,
! $perm_members, $perm_anon);
! }
! if (($access < 3) || !SEC_inGroup ($group_id)) {
! $display .= COM_siteHeader('menu');
! $display .= COM_startBlock($MESSAGE[30]);
! $display .= $MESSAGE[31];
! $display .= COM_endBlock();
! $display .= COM_siteFooter();
! COM_errorLog("User {$_USER['username']} tried to illegally create or edit topic $tid",1);
! echo $display;
! exit;
! } elseif (!empty($tid) && !empty($topic)) {
if ($imageurl == '/images/topics/') {
$imageurl = '';
***************
*** 212,243 ****
$access = $LANG_ACCESS['readonly'];
}
! } else {
! $access = $LANG_ACCESS['none'];
! }
!
! $topic_templates->set_var('topic_id', $A['tid']);
! $topic_templates->set_var('topic_name', stripslashes ($A['topic']));
! $topic_templates->set_var('topic_access', $access);
! if (!empty($A["imageurl"])) {
! if (isset ($_THEME_URL)) {
! $imagebase = $_THEME_URL;
! } else {
! $imagebase = $_CONF['site_url'];
! }
! $topic_templates->set_var('image_tag', '<img src="' . $imagebase . $A['imageurl'] . '" border="0" alt=""><br>');
! } else {
! $topic_templates->set_var('image_tag', '');
! }
! if ($counter == 5) {
! $counter = 1;
! $topic_templates->set_var('end_row','</tr>');
! $topic_templates->parse('list_row','item',true);
! $topic_templates->set_var('begin_row','<tr align="center" valign="bottom">');
! } else {
! $topic_templates->set_var('end_row','');
! $topic_templates->parse('list_row','item',true);
! $topic_templates->set_var('begin_row','');
! $counter = $counter + 1;
! }
}
$topic_templates->set_var('end_row','</tr>');
--- 233,262 ----
$access = $LANG_ACCESS['readonly'];
}
!
! $topic_templates->set_var('topic_id', $A['tid']);
! $topic_templates->set_var('topic_name', stripslashes ($A['topic']));
! $topic_templates->set_var('topic_access', $access);
! if (!empty($A["imageurl"])) {
! if (isset ($_THEME_URL)) {
! $imagebase = $_THEME_URL;
! } else {
! $imagebase = $_CONF['site_url'];
! }
! $topic_templates->set_var('image_tag', '<img src="' . $imagebase . $A['imageurl'] . '" border="0" alt=""><br>');
! } else {
! $topic_templates->set_var('image_tag', '');
! }
! if ($counter == 5) {
! $counter = 1;
! $topic_templates->set_var('end_row','</tr>');
! $topic_templates->parse('list_row','item',true);
! $topic_templates->set_var('begin_row','<tr align="center" valign="bottom">');
! } else {
! $topic_templates->set_var('end_row','');
! $topic_templates->parse('list_row','item',true);
! $topic_templates->set_var('begin_row','');
! $counter = $counter + 1;
! }
! }
}
$topic_templates->set_var('end_row','</tr>');
More information about the geeklog-cvs
mailing list