[geeklog-cvs] geeklog-1.3/public_html/admin link.php,1.42,1.43
dhaun at iowaoutdoors.org
dhaun at iowaoutdoors.org
Mon Jul 26 03:51:38 EDT 2004
Update of /var/cvs/geeklog-1.3/public_html/admin
In directory www:/tmp/cvs-serv20083
Modified Files:
link.php
Log Message:
Added parameter filtering; source code cosmetics
Index: link.php
===================================================================
RCS file: /var/cvs/geeklog-1.3/public_html/admin/link.php,v
retrieving revision 1.42
retrieving revision 1.43
diff -C2 -d -r1.42 -r1.43
*** link.php 8 Feb 2004 19:00:49 -0000 1.42
--- link.php 26 Jul 2004 07:51:36 -0000 1.43
***************
*** 43,49 ****
// echo COM_debug($HTTP_POST_VARS);
$display = '';
! if (!SEC_hasRights('link.edit')) {
$display .= COM_siteHeader ('menu');
$display .= COM_startBlock ($MESSAGE[30], '',
--- 43,52 ----
// echo COM_debug($HTTP_POST_VARS);
+ // number of links to list per page
+ define ('LINKS_PER_PAGE', 50);
+
$display = '';
! if (!SEC_hasRights ('link.edit')) {
$display .= COM_siteHeader ('menu');
$display .= COM_startBlock ($MESSAGE[30], '',
***************
*** 52,56 ****
$display .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
$display .= COM_siteFooter ();
! COM_accessLog("User {$_USER['username']} tried to illegally access the link administration screen.");
echo $display;
exit;
--- 55,59 ----
$display .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
$display .= COM_siteFooter ();
! COM_accessLog ("User {$_USER['username']} tried to illegally access the link administration screen.");
echo $display;
exit;
***************
*** 60,70 ****
* Shows the link editor
*
! * $mode string Used to see if we are moderating a link or simply editing one
! * $lid string ID of link to edit
*
*/
! function editlink($mode, $lid = '')
{
! global $_TABLES, $LANG23, $_CONF, $_USER, $LANG_ACCESS;
$retval = '';
--- 63,74 ----
* Shows the link editor
*
! * @param string $mode Used to see if we are moderating a link or simply editing one
! * @param string $lid ID of link to edit
! * @return string HTML for the link editor form
*
*/
! function editlink ($mode, $lid = '')
{
! global $_CONF, $_TABLES, $_USER, $LANG23, $LANG_ACCESS;
$retval = '';
***************
*** 75,82 ****
$link_templates->set_var('site_admin_url', $_CONF['site_admin_url']);
$link_templates->set_var('layout_url',$_CONF['layout_url']);
! if ($mode <> 'editsubmission' AND !empty($lid)) {
! $result = DB_query("SELECT * FROM {$_TABLES['links']} WHERE lid ='$lid'");
! $A = DB_fetchArray($result);
! $access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']);
if ($access == 0 OR $access == 2) {
$retval .= COM_startBlock($LANG24[16], '',
--- 79,86 ----
$link_templates->set_var('site_admin_url', $_CONF['site_admin_url']);
$link_templates->set_var('layout_url',$_CONF['layout_url']);
! if ($mode <> 'editsubmission' AND !empty($lid)) {
! $result = DB_query("SELECT * FROM {$_TABLES['links']} WHERE lid ='$lid'");
! $A = DB_fetchArray($result);
! $access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']);
if ($access == 0 OR $access == 2) {
$retval .= COM_startBlock($LANG24[16], '',
***************
*** 87,109 ****
return $retval;
}
! } else {
! if ($mode == 'editsubmission') {
! $result = DB_query ("SELECT * FROM {$_TABLES['linksubmission']} WHERE lid = '$lid'");
! $A = DB_fetchArray($result);
! }
! $A['hits'] = 0;
! $A['owner_id'] = $_USER['uid'];
! $A['group_id'] = DB_getItem($_TABLES['groups'],'grp_id',"grp_name = 'Link Admin'");
! $A['perm_owner'] = 3;
$A['perm_group'] = 2;
$A['perm_members'] = 2;
$A['perm_anon'] = 2;
! $access = 3;
! }
! $retval .= COM_startBlock ($LANG23[1], '',
COM_getBlockTemplate ('_admin_block', 'header'));
$link_templates->set_var('link_id', $A['lid']);
! if (!empty($lid) && SEC_hasRights('link.edit')) {
$link_templates->set_var ('delete_option', '<input type="submit" value="' . $LANG23[23] . '" name="mode">');
}
--- 91,113 ----
return $retval;
}
! } else {
! if ($mode == 'editsubmission') {
! $result = DB_query ("SELECT * FROM {$_TABLES['linksubmission']} WHERE lid = '$lid'");
! $A = DB_fetchArray($result);
! }
! $A['hits'] = 0;
! $A['owner_id'] = $_USER['uid'];
! $A['group_id'] = DB_getItem($_TABLES['groups'],'grp_id',"grp_name = 'Link Admin'");
! $A['perm_owner'] = 3;
$A['perm_group'] = 2;
$A['perm_members'] = 2;
$A['perm_anon'] = 2;
! $access = 3;
! }
! $retval .= COM_startBlock ($LANG23[1], '',
COM_getBlockTemplate ('_admin_block', 'header'));
$link_templates->set_var('link_id', $A['lid']);
! if (!empty($lid) && SEC_hasRights('link.edit')) {
$link_templates->set_var ('delete_option', '<input type="submit" value="' . $LANG23[23] . '" name="mode">');
}
***************
*** 116,133 ****
$link_templates->set_var('lang_includehttp', $LANG23[6]);
$link_templates->set_var('lang_category', $LANG23[5]);
! $result = DB_query("SELECT DISTINCT category FROM {$_TABLES['links']}");
! $nrows = DB_numRows($result);
$catdd = '<option value="' . $LANG23[7] . '">' . $LANG23[7] . '</option>';
! if ($nrows > 0) {
! for ($i = 1; $i <= $nrows; $i++) {
$C = DB_fetchArray($result);
$category = $C['category'];
! $catdd .= '<option value="' . $category . '"';
! if ($A["category"] == $category) {
$catdd .= ' selected="selected"';
}
! $catdd .= '>' . $category . '</option>';
! }
! }
$link_templates->set_var('category_options', $catdd);
$link_templates->set_var('lang_ifotherspecify', $LANG23[20]);
--- 120,137 ----
$link_templates->set_var('lang_includehttp', $LANG23[6]);
$link_templates->set_var('lang_category', $LANG23[5]);
! $result = DB_query("SELECT DISTINCT category FROM {$_TABLES['links']}");
! $nrows = DB_numRows($result);
$catdd = '<option value="' . $LANG23[7] . '">' . $LANG23[7] . '</option>';
! if ($nrows > 0) {
! for ($i = 1; $i <= $nrows; $i++) {
$C = DB_fetchArray($result);
$category = $C['category'];
! $catdd .= '<option value="' . $category . '"';
! if ($A['category'] == $category) {
$catdd .= ' selected="selected"';
}
! $catdd .= '>' . $category . '</option>';
! }
! }
$link_templates->set_var('category_options', $catdd);
$link_templates->set_var('lang_ifotherspecify', $LANG23[20]);
***************
*** 139,143 ****
$link_templates->set_var('lang_cancel', $LANG23[22]);
! // user access info
$link_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$link_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
--- 143,147 ----
$link_templates->set_var('lang_cancel', $LANG23[22]);
! // user access info
$link_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$link_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
***************
*** 158,166 ****
}
$groupdd .= '</select>' . LB;
! } else {
! // they can't set the group then
$groupdd .= DB_getItem($_TABLES['groups'],'grp_name',"grp_id = {$A['group_id']}");
! $groupdd .= '<input type="hidden" name="group_id" value="' . $A['group_id'] . '">';
! }
$link_templates->set_var('group_dropdown', $groupdd);
$link_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
--- 162,170 ----
}
$groupdd .= '</select>' . LB;
! } else {
! // they can't set the group then
$groupdd .= DB_getItem($_TABLES['groups'],'grp_name',"grp_id = {$A['group_id']}");
! $groupdd .= '<input type="hidden" name="group_id" value="' . $A['group_id'] . '">';
! }
$link_templates->set_var('group_dropdown', $groupdd);
$link_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
***************
*** 176,202 ****
}
- ###############################################################################
- # Saves the links to the database
/**
* Saves link to the database
*
! * $lid string ID for link
! * $category string Category link belongs to
! * $categorydd string Category links belong to
! * $url string URL of link to save
! * $description string Description of link
! * $title string Title of link
! * $hits int Number of hits for link
! * $owner_id string ID of owner
! * $group_id string ID of group link belongs to
! * $perm_owner string Permissions the owner has
! * $perm_group string Permissions the group has
! * $perm_members string Permissions members have
! * $perm_anon string Permissions anonymous users have
*
*/
! function savelink($lid,$category,$categorydd,$url,$description,$title,$hits,$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon)
{
! global $_TABLES, $_CONF, $LANG23, $MESSAGE, $_USER;
// Convert array values to numeric permission values
--- 180,205 ----
}
/**
* Saves link to the database
*
! * @param string $lid ID for link
! * @param string $category Category link belongs to
! * @param string $categorydd Category links belong to
! * @param string $url URL of link to save
! * @param string $description Description of link
! * @param string $title Title of link
! * @param int $hits Number of hits for link
! * @param int $owner_id ID of owner
! * @param int $group_id ID of group link belongs to
! * @param int $perm_owner Permissions the owner has
! * @param int $perm_group Permissions the group has
! * @param int $perm_members Permissions members have
! * @param int $perm_anon Permissions anonymous users have
! * @return string HTML redirect or error message
*
*/
! function savelink ($lid, $category, $categorydd, $url, $description, $title, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
! global $_CONF, $_TABLES, $_USER, $LANG23, $MESSAGE;
// Convert array values to numeric permission values
***************
*** 212,217 ****
if (empty ($lid)) {
// this is a submission, set default values
! $lid = COM_makesid();
! if (empty($owner_id)) {
$owner_id = $_USER['uid'];
$group_id = DB_getItem ($_TABLES['groups'], 'grp_id',
--- 215,220 ----
if (empty ($lid)) {
// this is a submission, set default values
! $lid = COM_makesid ();
! if (empty ($owner_id)) {
$owner_id = $_USER['uid'];
$group_id = DB_getItem ($_TABLES['groups'], 'grp_id',
***************
*** 220,228 ****
$perm_group = 2;
$perm_members = 2;
! $perm_anon = 2;
}
}
$access = 0;
if (DB_count ($_TABLES['links'], 'lid', $lid) > 0) {
$result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$lid}'");
--- 223,232 ----
$perm_group = 2;
$perm_members = 2;
! $perm_anon = 2;
}
}
$access = 0;
+ $lid = addslashes ($lid);
if (DB_count ($_TABLES['links'], 'lid', $lid) > 0) {
$result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$lid}'");
***************
*** 247,274 ****
} elseif (!empty($title) && !empty($description) && !empty($url)) {
! if ($categorydd != $LANG23[7] && !empty($categorydd)) {
! $category = addslashes ($categorydd);
! } else if ($categorydd != $LANG23[7]) {
! echo COM_refresh($_CONF['site_admin_url'] . '/link.php');
! }
! DB_delete($_TABLES['linksubmission'],'lid',$lid);
! DB_delete($_TABLES['links'],'lid',$lid);
! DB_save($_TABLES['links'],'lid,category,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon',"$lid,'$category','$url','$description','$title',NOW(),'$hits',$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon");
COM_rdfUpToDateCheck ();
return COM_refresh ($_CONF['site_admin_url'] . '/link.php?msg=15');
! } else {
! $retval .= COM_siteHeader('menu');
! $retval .= COM_errorLog($LANG23[10],2);
if (DB_count ($_TABLES['links'], 'lid', $lid) > 0) {
! $retval .= editlink ($mode, $lid);
} else {
! $retval .= editlink ($mode, '');
}
! $retval .= COM_siteFooter();
return $retval;
! }
}
--- 251,278 ----
} elseif (!empty($title) && !empty($description) && !empty($url)) {
! if ($categorydd != $LANG23[7] && !empty($categorydd)) {
! $category = addslashes ($categorydd);
! } else if ($categorydd != $LANG23[7]) {
! echo COM_refresh($_CONF['site_admin_url'] . '/link.php');
! }
! DB_delete ($_TABLES['linksubmission'], 'lid', $lid);
! DB_delete ($_TABLES['links'], 'lid', $lid);
! DB_save ($_TABLES['links'], 'lid,category,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "$lid,'$category','$url','$description','$title',NOW(),'$hits',$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon");
COM_rdfUpToDateCheck ();
return COM_refresh ($_CONF['site_admin_url'] . '/link.php?msg=15');
! } else {
! $retval .= COM_siteHeader('menu');
! $retval .= COM_errorLog($LANG23[10],2);
if (DB_count ($_TABLES['links'], 'lid', $lid) > 0) {
! $retval .= editlink ($mode, $lid);
} else {
! $retval .= editlink ($mode, '');
}
! $retval .= COM_siteFooter();
return $retval;
! }
}
***************
*** 276,281 ****
* Lists all the links in the database
*
*/
! function listlinks($page = 1)
{
global $_CONF, $_TABLES, $LANG23, $LANG_ACCESS;
--- 280,288 ----
* Lists all the links in the database
*
+ * @param int $page page number to display
+ * @return string HTML for list of links
+ *
*/
! function listlinks ($page = 1)
{
global $_CONF, $_TABLES, $LANG23, $LANG_ACCESS;
***************
*** 303,313 ****
$link_templates->set_var('lang_linkurl', $LANG23[15]);
! $limit = (50 * $page) - 50;
! $result = DB_query("SELECT * FROM {$_TABLES['links']}" . COM_getPermSQL () . " ORDER BY category ASC,title LIMIT $limit,50");
! $nrows = DB_numRows($result);
! for ($i = 0; $i < $nrows; $i++) {
! $lcount = (50 * $page) - 50 + ($i + 1);
! $A = DB_fetchArray($result);
! $access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']);
if ($access > 0) {
if ($access == 3) {
--- 310,320 ----
$link_templates->set_var('lang_linkurl', $LANG23[15]);
! $limit = (LINKS_PER_PAGE * $page) - LINKS_PER_PAGE;
! $result = DB_query("SELECT * FROM {$_TABLES['links']}" . COM_getPermSQL () . " ORDER BY category ASC,title LIMIT $limit," . LINKS_PER_PAGE);
! $nrows = DB_numRows($result);
! for ($i = 0; $i < $nrows; $i++) {
! $lcount = (LINKS_PER_PAGE * ($page - 1)) + $i + 1;
! $A = DB_fetchArray($result);
! $access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']);
if ($access > 0) {
if ($access == 3) {
***************
*** 324,334 ****
$link_templates->parse('link_row', 'row', true);
}
! }
$nresult = DB_query ("SELECT COUNT(*) AS count FROM {$_TABLES['links']}" . COM_getPermSQL ());
$N = DB_fetchArray ($nresult);
$numlinks = $N['count'];
! if ($numlinks > 50) {
$baseurl = $_CONF['site_admin_url'] . '/link.php';
! $numpages = ceil ($numlinks / 50);
$link_templates->set_var ('google_paging',
COM_printPageNavigation ($baseurl, $page, $numpages));
--- 331,341 ----
$link_templates->parse('link_row', 'row', true);
}
! }
$nresult = DB_query ("SELECT COUNT(*) AS count FROM {$_TABLES['links']}" . COM_getPermSQL ());
$N = DB_fetchArray ($nresult);
$numlinks = $N['count'];
! if ($numlinks > LINKS_PER_PAGE) {
$baseurl = $_CONF['site_admin_url'] . '/link.php';
! $numpages = ceil ($numlinks / LINKS_PER_PAGE);
$link_templates->set_var ('google_paging',
COM_printPageNavigation ($baseurl, $page, $numpages));
***************
*** 347,350 ****
--- 354,360 ----
* Delete a link
*
+ * @param string $lid id of link to delete
+ * @return string HTML redirect
+ *
*/
function deleteLink ($lid)
***************
*** 367,372 ****
--- 377,388 ----
// MAIN
+ if (isset ($HTTP_POST_VARS['mode'])) {
+ $mode = $HTTP_POST_VARS['mode'];
+ } else {
+ $mode = $HTTP_GET_VARS['mode'];
+ }
if (($mode == $LANG23[23]) && !empty ($LANG23[23])) { // delete
+ $lid = COM_applyFilter ($HTTP_POST_VARS['lid']);
if (!isset ($lid) || empty ($lid) || ($lid == 0)) {
COM_errorLog ('Attempted to delete link lid=' . $lid);
***************
*** 376,397 ****
}
} else if (($mode == $LANG23[21]) && !empty ($LANG23[21])) { // save
! $display .= savelink($lid,$category,$categorydd,$url,$description,$title,
! $hits,$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,
! $perm_anon);
} else if ($mode == 'editsubmission') {
! $display .= COM_siteHeader('menu');
! $display .= editlink($mode,$id);
! $display .= COM_siteFooter();
} else if ($mode == 'edit') {
! $display .= COM_siteHeader('menu');
! $display .= editlink($mode,$lid);
! $display .= COM_siteFooter();
} else { // 'cancel' or no mode at all
! $display .= COM_siteHeader('menu');
! if (isset ($msg)) {
! $display .= COM_showMessage($msg);
}
! $display .= listlinks(COM_applyFilter($HTTP_GET_VARS['page'], true));
! $display .= COM_siteFooter();
}
--- 392,423 ----
}
} else if (($mode == $LANG23[21]) && !empty ($LANG23[21])) { // save
! $display .= savelink (COM_applyFilter ($HTTP_POST_VARS['lid']),
! $HTTP_POST_VARS['category'], $HTTP_POST_VARS['categorydd'],
! $HTTP_POST_VARS['url'], $HTTP_POST_VARS['description'],
! $HTTP_POST_VARS['title'],
! COM_applyFilter ($HTTP_POST_VARS['hits'], true),
! $HTTP_POST_VARS['owner_id'], $HTTP_POST_VARS['group_id'],
! $HTTP_POST_VARS['perm_owner'], $HTTP_POST_VARS['perm_group'],
! $HTTP_POST_VARS['perm_members'], $HTTP_POST_VARS['perm_anon']);
} else if ($mode == 'editsubmission') {
! $display .= COM_siteHeader ('menu');
! $display .= editlink ($mode, COM_applyFilter ($HTTP_GET_VARS['id']));
! $display .= COM_siteFooter ();
} else if ($mode == 'edit') {
! $display .= COM_siteHeader ('menu');
! $display .= editlink ($mode, COM_applyFilter ($HTTP_GET_VARS['lid']));
! $display .= COM_siteFooter ();
} else { // 'cancel' or no mode at all
! $display .= COM_siteHeader ('menu');
! if (isset ($HTTP_POST_VARS['msg'])) {
! $msg = COM_applyFilter ($HTTP_POST_VARS['msg'], true);
! } else {
! $msg = COM_applyFilter ($HTTP_GET_VARS['msg'], true);
}
! if (isset ($msg) && ($msg > 0)) {
! $display .= COM_showMessage ($msg);
! }
! $display .= listlinks (COM_applyFilter ($HTTP_GET_VARS['page'], true));
! $display .= COM_siteFooter ();
}
More information about the geeklog-cvs
mailing list