[geeklog-cvs] geeklog-1.3/public_html comment.php,1.63,1.64 index.php,1.58,1.59 lib-common.php,1.329,1.330
dhaun at iowaoutdoors.org
dhaun at iowaoutdoors.org
Mon May 31 04:45:10 EDT 2004
Update of /var/cvs/geeklog-1.3/public_html
In directory www:/tmp/cvs-serv9438/public_html
Modified Files:
comment.php index.php lib-common.php
Log Message:
Introduced COM_getTopicSQL which returns part of an SQL request to check for a user's topic access.
Index: comment.php
===================================================================
RCS file: /var/cvs/geeklog-1.3/public_html/comment.php,v
retrieving revision 1.63
retrieving revision 1.64
diff -C2 -d -r1.63 -r1.64
*** comment.php 20 May 2004 18:57:45 -0000 1.63
--- comment.php 31 May 2004 08:45:08 -0000 1.64
***************
*** 721,725 ****
$allowed = 1;
if ($type == 'article') {
! $result = DB_query ("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (sid = '$sid') AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL ('AND'));
$A = DB_fetchArray ($result);
$allowed = $A['count'];
--- 721,725 ----
$allowed = 1;
if ($type == 'article') {
! $result = DB_query ("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (sid = '$sid') AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL ('AND') . COM_getTopicSQL ('AND'));
$A = DB_fetchArray ($result);
$allowed = $A['count'];
Index: lib-common.php
===================================================================
RCS file: /var/cvs/geeklog-1.3/public_html/lib-common.php,v
retrieving revision 1.329
retrieving revision 1.330
diff -C2 -d -r1.329 -r1.330
*** lib-common.php 30 May 2004 23:27:28 -0000 1.329
--- lib-common.php 31 May 2004 08:45:08 -0000 1.330
***************
*** 5500,5503 ****
--- 5500,5504 ----
* @param string $table table name if ambiguous (e.g. in JOINs)
* @return string SQL expression string (may be empty)
+ *
*/
function COM_getPermSQL( $type = 'WHERE', $u_id = 0, $access = 2, $table = '' )
***************
*** 5552,5555 ****
--- 5553,5621 ----
}
+ /**
+ * Return SQL expression to check for allowed topics.
+ *
+ * Creates part of an SQL expression that can be used to only request stories
+ * from topics to which the user has access to.
+ *
+ * @param string $type part of the SQL expr. e.g. 'WHERE', 'AND'
+ * @param int $u_id user id or 0 = current user
+ * @param string $table table name if ambiguous (e.g. in JOINs)
+ * @return string SQL expression string (may be empty)
+ *
+ */
+ function COM_getTopicSQL( $type = 'WHERE', $u_id = 0, $table = '' )
+ {
+ global $_TABLES, $_USER, $_GROUPS;
+
+ $topicsql = ' ' . $type . ' ';
+
+ if( !empty( $table ))
+ {
+ $table .= '.';
+ }
+
+ if(( $u_id <= 0 ) || ( $u_id == $_USER['uid'] ))
+ {
+ $uid = $_USER['uid'];
+ $GROUPS = $_GROUPS;
+ }
+ else
+ {
+ $uid = $u_id;
+ $GROUPS = SEC_getUserGroups( $uid );
+ }
+
+ if( empty( $_GROUPS ))
+ {
+ // this shouldn't really happen, but if it does, handle user
+ // like an anonymous user
+ $uid = 1;
+ }
+
+ if( SEC_inGroup( 'Root', $uid ))
+ {
+ return '';
+ }
+
+ $result = DB_query( "SELECT tid FROM {$_TABLES['topics']}"
+ . COM_getPermSQL( 'WHERE', $uid ));
+ $tids = array();
+ while( $T = DB_fetchArray( $result ))
+ {
+ $tids[] = $T['tid'];
+ }
+
+ if( sizeof( $tids ) > 0 )
+ {
+ $topicsql .= "({$table}tid IN ('" . implode( "','", $tids ) . "'))";
+ }
+ else
+ {
+ $topicsql .= '0';
+ }
+
+ return $topicsql;
+ }
/**
Index: index.php
===================================================================
RCS file: /var/cvs/geeklog-1.3/public_html/index.php,v
retrieving revision 1.58
retrieving revision 1.59
diff -C2 -d -r1.58 -r1.59
*** index.php 30 May 2004 23:27:28 -0000 1.58
--- index.php 31 May 2004 08:45:08 -0000 1.59
***************
*** 144,159 ****
}
! $tresult = DB_query ("SELECT tid FROM {$_TABLES['topics']}" . COM_getPermSQL());
! $trows = DB_numRows ($tresult);
! if ($trows > 0) {
! $tids = array ();
! while ( $T = DB_fetchArray ($tresult) ) {
! $tids[] = $T['tid'];
! }
! if (sizeof ($tids) > 0) {
! $sql .= "AND (s.tid IN ('" . implode ("','", $tids) . "')) ";
! }
! /* HELPME -- what happens when sizeof($tids) == 0 ? */
! }
if ($newstories) {
--- 144,148 ----
}
! $sql .= COM_getTopicSQL ('AND', 0, 's') . ' ';
if ($newstories) {
More information about the geeklog-cvs
mailing list