[geeklog-cvs] geeklog-1.3/public_html comment.php,1.63,1.64 index.php,1.58,1.59 lib-common.php,1.329,1.330

dhaun at iowaoutdoors.org dhaun at iowaoutdoors.org
Mon May 31 04:45:10 EDT 2004 

Update of /var/cvs/geeklog-1.3/public_html
In directory www:/tmp/cvs-serv9438/public_html

Modified Files:
	comment.php index.php lib-common.php 
Log Message:
Introduced COM_getTopicSQL which returns part of an SQL request to check for a user's topic access.


Index: comment.php
===================================================================
RCS file: /var/cvs/geeklog-1.3/public_html/comment.php,v
retrieving revision 1.63
retrieving revision 1.64
diff -C2 -d -r1.63 -r1.64
*** comment.php	20 May 2004 18:57:45 -0000	1.63
--- comment.php	31 May 2004 08:45:08 -0000	1.64
***************
*** 721,725 ****
          $allowed = 1;
          if ($type == 'article') {
!             $result = DB_query ("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (sid = '$sid') AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL ('AND'));
              $A = DB_fetchArray ($result);
              $allowed = $A['count'];
--- 721,725 ----
          $allowed = 1;
          if ($type == 'article') {
!             $result = DB_query ("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (sid = '$sid') AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL ('AND') . COM_getTopicSQL ('AND'));
              $A = DB_fetchArray ($result);
              $allowed = $A['count'];

Index: lib-common.php
===================================================================
RCS file: /var/cvs/geeklog-1.3/public_html/lib-common.php,v
retrieving revision 1.329
retrieving revision 1.330
diff -C2 -d -r1.329 -r1.330
*** lib-common.php	30 May 2004 23:27:28 -0000	1.329
--- lib-common.php	31 May 2004 08:45:08 -0000	1.330
***************
*** 5500,5503 ****
--- 5500,5504 ----
  * @param        string      $table    table name if ambiguous (e.g. in JOINs)
  * @return       string      SQL expression string (may be empty)
+ *
  */
  function COM_getPermSQL( $type = 'WHERE', $u_id = 0, $access = 2, $table = '' )
***************
*** 5552,5555 ****
--- 5553,5621 ----
  }
  
+ /**
+ * Return SQL expression to check for allowed topics.
+ *
+ * Creates part of an SQL expression that can be used to only request stories
+ * from topics to which the user has access to.
+ *
+ * @param        string      $type     part of the SQL expr. e.g. 'WHERE', 'AND'
+ * @param        int         $u_id     user id or 0 = current user
+ * @param        string      $table    table name if ambiguous (e.g. in JOINs)
+ * @return       string      SQL expression string (may be empty)
+ *
+ */
+ function COM_getTopicSQL( $type = 'WHERE', $u_id = 0, $table = '' )
+ {
+     global $_TABLES, $_USER, $_GROUPS;
+ 
+     $topicsql = ' ' . $type . ' ';
+ 
+     if( !empty( $table ))
+     {
+         $table .= '.';
+     }
+ 
+     if(( $u_id <= 0 ) || ( $u_id == $_USER['uid'] ))
+     {
+         $uid = $_USER['uid'];
+         $GROUPS = $_GROUPS;
+     }
+     else
+     {
+         $uid = $u_id;
+         $GROUPS = SEC_getUserGroups( $uid );
+     }
+ 
+     if( empty( $_GROUPS ))
+     {
+         // this shouldn't really happen, but if it does, handle user
+         // like an anonymous user
+         $uid = 1;
+     }
+ 
+     if( SEC_inGroup( 'Root', $uid ))
+     {
+         return '';
+     }
+ 
+     $result = DB_query( "SELECT tid FROM {$_TABLES['topics']}"
+                         . COM_getPermSQL( 'WHERE', $uid ));
+     $tids = array();
+     while( $T = DB_fetchArray( $result ))
+     {
+         $tids[] = $T['tid'];
+     }
+ 
+     if( sizeof( $tids ) > 0 )
+     {
+         $topicsql .= "({$table}tid IN ('" . implode( "','", $tids ) . "'))";
+     }
+     else
+     {
+         $topicsql .= '0';
+     }
+ 
+     return $topicsql;
+ }
  
  /**

Index: index.php
===================================================================
RCS file: /var/cvs/geeklog-1.3/public_html/index.php,v
retrieving revision 1.58
retrieving revision 1.59
diff -C2 -d -r1.58 -r1.59
*** index.php	30 May 2004 23:27:28 -0000	1.58
--- index.php	31 May 2004 08:45:08 -0000	1.59
***************
*** 144,159 ****
  }
  
! $tresult = DB_query ("SELECT tid FROM {$_TABLES['topics']}" . COM_getPermSQL());
! $trows = DB_numRows ($tresult);
! if ($trows > 0) {
!     $tids = array ();
!     while ( $T = DB_fetchArray ($tresult) ) {
!         $tids[] = $T['tid'];
!     }
!     if (sizeof ($tids) > 0) {
!         $sql .= "AND (s.tid IN ('" . implode ("','", $tids) . "')) ";
!     }
!     /* HELPME -- what happens when sizeof($tids) == 0 ? */
! }
  
  if ($newstories) {
--- 144,148 ----
  }
  
! $sql .= COM_getTopicSQL ('AND', 0, 's') . ' ';
  
  if ($newstories) {

More information about the geeklog-cvs mailing list