[geeklog-cvs] geeklog-1.3/public_html users.php,1.77,1.78
dhaun at iowaoutdoors.org
dhaun at iowaoutdoors.org
Mon May 10 14:20:42 EDT 2004
Update of /var/cvs/geeklog-1.3/public_html
In directory www:/tmp/cvs-serv8521/public_html
Modified Files:
users.php
Log Message:
Don't list stories or comments in the user profile if the current user isn't allowed to see the topics they were posted under (bug #208)
Index: users.php
===================================================================
RCS file: /var/cvs/geeklog-1.3/public_html/users.php,v
retrieving revision 1.77
retrieving revision 1.78
diff -C2 -d -r1.77 -r1.78
*** users.php 21 Feb 2004 19:15:56 -0000 1.77
--- users.php 10 May 2004 18:20:40 -0000 1.78
***************
*** 139,147 ****
$user_templates->set_var('headline_postingstats', $LANG04[83]);
// list of last 10 stories by this user
! $sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} WHERE (uid = $user) AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL ('AND');
! $sql .= " ORDER BY unixdate DESC LIMIT 10";
! $result = DB_query($sql);
! $nrows = DB_numRows($result);
if ($nrows > 0) {
for ($i = 1; $i <= $nrows; $i++) {
--- 139,161 ----
$user_templates->set_var('headline_postingstats', $LANG04[83]);
+ $result = DB_query ("SELECT tid FROM {$_TABLES['topics']}"
+ . COM_getPermSQL ());
+ $nrows = DB_numRows ($result);
+ $tids = array ();
+ for ($i = 0; $i < $nrows; $i++) {
+ $T = DB_fetchArray ($result);
+ $tids[] = $T['tid'];
+ }
+ $topics = "'" . implode ("','", $tids) . "'";
+
// list of last 10 stories by this user
! if (sizeof ($tids) > 0) {
! $sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} WHERE (uid = $user) AND (draft_flag = 0) AND (date <= NOW()) AND (tid IN ($topics))" . COM_getPermSQL ('AND');
! $sql .= " ORDER BY unixdate DESC LIMIT 10";
! $result = DB_query($sql);
! $nrows = DB_numRows($result);
! } else {
! $nrows = 0;
! }
if ($nrows > 0) {
for ($i = 1; $i <= $nrows; $i++) {
***************
*** 162,174 ****
// list of last 10 comments by this user
- // first, get a list of all stories the current visitor has access to
- $sql = "SELECT sid FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL ('AND');
- $result = DB_query($sql);
- $numsids = DB_numRows($result);
$sidArray = array();
! for ($i = 1; $i <= $numsids; $i++) {
! $S = DB_fetchArray ($result);
! $sidArray[] = $S['sid'];
}
// add all polls the current visitor has access to
$sql = "SELECT qid FROM {$_TABLES['pollquestions']}" . COM_getPermSQL ();
--- 176,191 ----
// list of last 10 comments by this user
$sidArray = array();
! if (sizeof ($tids) > 0) {
! // first, get a list of all stories the current visitor has access to
! $sql = "SELECT sid FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW()) AND (tid IN ($topics))" . COM_getPermSQL ('AND');
! $result = DB_query($sql);
! $numsids = DB_numRows($result);
! for ($i = 1; $i <= $numsids; $i++) {
! $S = DB_fetchArray ($result);
! $sidArray[] = $S['sid'];
! }
}
+
// add all polls the current visitor has access to
$sql = "SELECT qid FROM {$_TABLES['pollquestions']}" . COM_getPermSQL ();
More information about the geeklog-cvs
mailing list