[geeklog-cvs] geeklog-1.3/public_html lib-common.php,1.301,1.301.2.1
dhaun at iowaoutdoors.org
dhaun at iowaoutdoors.org
Mon May 31 06:50:40 EDT 2004
Update of /var/cvs/geeklog-1.3/public_html
In directory www:/tmp/cvs-serv13614
Modified Files:
Tag: geeklog_1_3_9_1
lib-common.php
Log Message:
Various fixes ported over from CVS HEAD (1.3.10).
Index: lib-common.php
===================================================================
RCS file: /var/cvs/geeklog-1.3/public_html/lib-common.php,v
retrieving revision 1.301
retrieving revision 1.301.2.1
diff -C2 -d -r1.301 -r1.301.2.1
*** lib-common.php 13 Mar 2004 11:54:48 -0000 1.301
--- lib-common.php 31 May 2004 10:50:38 -0000 1.301.2.1
***************
*** 299,306 ****
// Insert anonymous user session
! DB_query( "INSERT INTO {$_TABLES['sessions']} (sess_id, start_time, remote_ip, uid) VALUES ($sess_id,$curtime,'$REMOTE_ADDR',1)", 1 );
$tries++;
}
! while( DB_error() && ( $tries < 5 ));
}
--- 299,306 ----
// Insert anonymous user session
! $result = DB_query( "INSERT INTO {$_TABLES['sessions']} (sess_id, start_time, remote_ip, uid) VALUES ($sess_id,$curtime,'$REMOTE_ADDR',1)", 1 );
$tries++;
}
! while(( $result === false ) && ( $tries < 5 ));
}
***************
*** 1906,1918 ****
$page, $newstories;
! $sql = "SELECT tid,topic,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']}" . COM_getPermSQL();
if( $_USER['uid'] > 1 ) {
$tids = DB_getItem( $_TABLES['userindex'], 'tids',
"uid = '{$_USER['uid']}'" );
if (!empty ($tids)) {
! $sql .= " AND (tid NOT IN ('" . str_replace( ' ', "','", $tids )
! . "'))";
}
}
if( $_CONF['sortmethod'] == 'alpha' )
{
--- 1906,1926 ----
$page, $newstories;
! $sql = "SELECT tid,topic,imageurl FROM {$_TABLES['topics']}";
if( $_USER['uid'] > 1 ) {
$tids = DB_getItem( $_TABLES['userindex'], 'tids',
"uid = '{$_USER['uid']}'" );
if (!empty ($tids)) {
! $sql .= " WHERE (tid NOT IN ('" . str_replace( ' ', "','", $tids )
! . "'))" . COM_getPermSQL( 'AND' );
! }
! else
! {
! $sql .= COM_getPermSQL();
}
}
+ else
+ {
+ $sql .= COM_getPermSQL();
+ }
if( $_CONF['sortmethod'] == 'alpha' )
{
***************
*** 4045,4073 ****
. "WHERE draft_flag = 0 AND date <= NOW() AND date >= '{$lastrun}'";
if( !empty( $U['etids'] ))
{
$ETIDS = explode( ' ', $U['etids'] );
! $storysql .= " AND (tid='" . implode( "' OR tid='", $ETIDS ) . "')";
}
! else // get all topics this user has access to
{
! $topicsql = "SELECT tid FROM {$_TABLES['topics']}"
! . COM_getPermSQL( 'WHERE', $U['uuid'] );
! $tresult = DB_query( $topicsql );
! $trows = DB_numRows( $tresult );
! if( $trows > 0 )
! {
! $storysql .= " AND (";
! for( $i = 1; $i <= $trows; $i++ )
! {
! $T = DB_fetchArray ($tresult);
! if ($i > 1)
! {
! $storysql .= " OR ";
! }
! $storysql .= "tid = '{$T['tid']}'";
! }
! $storysql .= ")";
! }
}
--- 4053,4083 ----
. "WHERE draft_flag = 0 AND date <= NOW() AND date >= '{$lastrun}'";
+ $topicsql = "SELECT tid FROM {$_TABLES['topics']}"
+ . COM_getPermSQL( 'WHERE', $U['uuid'] );
+ $tresult = DB_query( $topicsql );
+ $trows = DB_numRows( $tresult );
+
+ if( $trows == 0 )
+ {
+ // this user doesn't seem to have access to any topics ...
+ continue;
+ }
+
+ $TIDS = array();
+ for( $i = 1; $i <= $trows; $i++ )
+ {
+ $T = DB_fetchArray( $tresult );
+ $TIDS[] = $T['tid'];
+ }
+
if( !empty( $U['etids'] ))
{
$ETIDS = explode( ' ', $U['etids'] );
! $TIDS = array_intersect( $TIDS, $ETIDS );
}
!
! if( sizeof( $TIDS ) > 0)
{
! $storysql .= " AND (tid IN ('" . implode( "','", $TIDS ) . "'))";
}
***************
*** 4101,4104 ****
--- 4111,4118 ----
$authors[$S['uid']] = $storyauthor;
}
+ else
+ {
+ $storyauthor = $authors[$S['uid']];
+ }
$mailtext .= "$LANG24[7]: " . $storyauthor . "\n";
}
***************
*** 5234,5237 ****
--- 5248,5316 ----
}
+ /**
+ * Return SQL expression to check for allowed topics.
+ *
+ * Creates part of an SQL expression that can be used to only request stories
+ * from topics to which the user has access to.
+ *
+ * @param string $type part of the SQL expr. e.g. 'WHERE', 'AND'
+ * @param int $u_id user id or 0 = current user
+ * @param string $table table name if ambiguous (e.g. in JOINs)
+ * @return string SQL expression string (may be empty)
+ *
+ */
+ function COM_getTopicSQL( $type = 'WHERE', $u_id = 0, $table = '' )
+ {
+ global $_TABLES, $_USER, $_GROUPS;
+
+ $topicsql = ' ' . $type . ' ';
+
+ if( !empty( $table ))
+ {
+ $table .= '.';
+ }
+
+ if(( $u_id <= 0 ) || ( $u_id == $_USER['uid'] ))
+ {
+ $uid = $_USER['uid'];
+ $GROUPS = $_GROUPS;
+ }
+ else
+ {
+ $uid = $u_id;
+ $GROUPS = SEC_getUserGroups( $uid );
+ }
+
+ if( empty( $_GROUPS ))
+ {
+ // this shouldn't really happen, but if it does, handle user
+ // like an anonymous user
+ $uid = 1;
+ }
+
+ if( SEC_inGroup( 'Root', $uid ))
+ {
+ return '';
+ }
+
+ $result = DB_query( "SELECT tid FROM {$_TABLES['topics']}"
+ . COM_getPermSQL( 'WHERE', $uid ));
+ $tids = array();
+ while( $T = DB_fetchArray( $result ))
+ {
+ $tids[] = $T['tid'];
+ }
+
+ if( sizeof( $tids ) > 0 )
+ {
+ $topicsql .= "({$table}tid IN ('" . implode( "','", $tids ) . "'))";
+ }
+ else
+ {
+ $topicsql .= '0';
+ }
+
+ return $topicsql;
+ }
/**
More information about the geeklog-cvs
mailing list