Revision 1441
Added by Dietmar over 13 years ago
- recoded /modules/admin.php info_banner, now compare with modify in pages
- security fixes remove defined WB_PATH for backend templates
- fixed class.admin.php missing $TEXT declaration, add get_section_details
class.admin.php | ||
---|---|---|
223 | 223 |
} |
224 | 224 |
} |
225 | 225 |
} |
226 |
|
|
226 |
/* |
|
227 | 227 |
function get_user_details($user_id) { |
228 | 228 |
global $database; |
229 |
$query_user = "SELECT username,display_name FROM ".TABLE_PREFIX."users WHERE user_id = '$user_id'";
|
|
230 |
$get_user = $database->query($query_user);
|
|
231 |
if($get_user->numRows() != 0) {
|
|
232 |
$user = $get_user->fetchRow();
|
|
233 |
} else {
|
|
234 |
$user['display_name'] = 'Unknown';
|
|
235 |
$user['username'] = 'unknown';
|
|
229 |
$sql = 'SELECT * FROM `'.TABLE_PREFIX.'users` ';
|
|
230 |
$sql .= 'WHERE `user_id`='.(int)$user_id.' LIMIT 1';
|
|
231 |
if(($resUser = $database->query($sql))){
|
|
232 |
if(!($recUser = $resUser->fetchRow())) {
|
|
233 |
$recUser['display_name'] = 'Unknown';
|
|
234 |
$recUser['username'] = 'unknown';
|
|
235 |
}
|
|
236 | 236 |
} |
237 |
return $user; |
|
238 |
} |
|
239 |
|
|
240 |
function get_page_details($page_id) { |
|
241 |
global $database; |
|
242 |
$query = "SELECT page_id,page_title,menu_title,modified_by,modified_when FROM ".TABLE_PREFIX."pages WHERE page_id = '$page_id'"; |
|
243 |
$results = $database->query($query); |
|
244 |
if($database->is_error()) { |
|
245 |
$this->print_header(); |
|
246 |
$this->print_error($database->get_error()); |
|
247 |
} |
|
248 |
if($results->numRows() == 0) { |
|
249 |
$this->print_header(); |
|
250 |
$this->print_error($MESSAGE['PAGES']['NOT_FOUND']); |
|
251 |
} |
|
252 |
$results_array = $results->fetchRow(); |
|
253 |
return $results_array; |
|
254 |
} |
|
255 |
|
|
237 |
return $recUser; |
|
238 |
} |
|
239 |
*/ |
|
240 |
function get_user_details($user_id) { |
|
241 |
global $database; |
|
242 |
$retval = array('username'=>'unknown','display_name'=>'Unknown','email'=>''); |
|
243 |
$sql = 'SELECT `username`,`display_name`,`email` '; |
|
244 |
$sql .= 'FROM `'.TABLE_PREFIX.'users` '; |
|
245 |
$sql .= 'WHERE `user_id`='.(int)$user_id.' '; |
|
246 |
// $sql .= 'AND (`statusflags` & '.USERS_DELETED.') > 0'; |
|
247 |
if( ($resUsers = $database->query($sql)) ) { |
|
248 |
if( ($recUser = $resUsers->fetchRow()) ) { |
|
249 |
$retval = $recUser; |
|
250 |
} |
|
251 |
} |
|
252 |
return $retval; |
|
253 |
} |
|
254 |
|
|
255 |
// |
|
256 |
function get_section_details( $section_id, $backLink = 'index.php' ) { |
|
257 |
global $database, $TEXT; |
|
258 |
$sql = 'SELECT * FROM `'.TABLE_PREFIX.'sections` '; |
|
259 |
$sql .= 'WHERE `section_id`='.intval($section_id).' LIMIT 1'; |
|
260 |
if(($resSection = $database->query($sql))){ |
|
261 |
if(!($recSection = $resSection->fetchRow())) { |
|
262 |
$this->print_header(); |
|
263 |
$this->print_error($TEXT['SECTION'].' '.$TEXT['NOT_FOUND'], $backLink, true); |
|
264 |
} |
|
265 |
} else { |
|
266 |
$this->print_header(); |
|
267 |
$this->print_error($database->get_error(), $backLink, true); |
|
268 |
} |
|
269 |
return $recSection; |
|
270 |
} |
|
271 |
|
|
272 |
function get_page_details( $page_id, $backLink = 'index.php' ) { |
|
273 |
global $database, $TEXT; |
|
274 |
$sql = 'SELECT * FROM `'.TABLE_PREFIX.'pages` '; |
|
275 |
$sql .= 'WHERE `page_id`='.(int)$page_id.' LIMIT 1'; |
|
276 |
if(($resPages = $database->query($sql))){ |
|
277 |
if(!($recPage = $resPages->fetchRow())) { |
|
278 |
$this->print_header(); |
|
279 |
$this->print_error($TEXT['PAGE'].' '.$TEXT['NOT_FOUND'], $backLink, true); |
|
280 |
} |
|
281 |
} else { |
|
282 |
$this->print_header(); |
|
283 |
$this->print_error($database->get_error(), $backLink, true); |
|
284 |
} |
|
285 |
return $recPage; |
|
286 |
} |
|
287 |
|
|
256 | 288 |
/** Function get_page_permission takes either a numerical page_id, |
257 | 289 |
* upon which it looks up the permissions in the database, |
258 |
* or an array with keys admin_groups and admin_users
|
|
290 |
* or an array with keys admin_groups and admin_users |
|
259 | 291 |
*/ |
292 |
/* |
|
260 | 293 |
function get_page_permission($page,$action='admin') { |
261 | 294 |
if ($action!='viewing') $action='admin'; |
262 | 295 |
$action_groups=$action.'_groups'; |
... | ... | |
264 | 297 |
if (is_array($page)) { |
265 | 298 |
$groups=$page[$action_groups]; |
266 | 299 |
$users=$page[$action_users]; |
267 |
} else {
|
|
300 |
} else { |
|
268 | 301 |
global $database; |
269 | 302 |
$results = $database->query("SELECT $action_groups,$action_users FROM ".TABLE_PREFIX."pages WHERE page_id = '$page'"); |
270 | 303 |
$result = $results->fetchRow(); |
... | ... | |
283 | 316 |
} |
284 | 317 |
return true; |
285 | 318 |
} |
286 |
|
|
319 |
*/ |
|
287 | 320 |
|
321 |
function get_page_permission($page,$action='admin') { |
|
322 |
if($action != 'viewing') { $action = 'admin'; } |
|
323 |
$action_groups = $action.'_groups'; |
|
324 |
$action_users = $action.'_users'; |
|
325 |
$groups = $users = '0'; |
|
326 |
if(is_array($page)) { |
|
327 |
$groups = $page[$action_groups]; |
|
328 |
$users = $page[$action_users]; |
|
329 |
} else { |
|
330 |
global $database; |
|
331 |
$sql = 'SELECT `'.$action_groups.'`,`'.$action_users.'` '; |
|
332 |
$sql .= 'FROM `'.TABLE_PREFIX.'pages` '; |
|
333 |
$sql .= 'WHERE `page_id`='.(int)$page; |
|
334 |
if( ($res = $database->query($sql)) ) { |
|
335 |
if( ($rec = $res->fetchRow()) ) { |
|
336 |
$groups = $rec[$action_groups]; |
|
337 |
$users = $rec[$action_users]; |
|
338 |
} |
|
339 |
} |
|
340 |
} |
|
341 |
return ($this->ami_group_member($groups) || $this->is_group_match($this->get_user_id(), $users)); |
|
342 |
} |
|
343 |
|
|
288 | 344 |
// Returns a system permission for a menu link |
289 | 345 |
function get_link_permission($title) { |
290 | 346 |
$title = str_replace('_blank', '', $title); |
... | ... | |
318 | 374 |
$body_links = ""; |
319 | 375 |
// define default baselink and filename for optional module javascript and stylesheet files |
320 | 376 |
if($file_id == "js") { |
321 |
$base_link = '<script type="text/javascript" src="'.WB_URL.'/modules/{MODULE_DIRECTORY}/backend_body.js"></script>';
|
|
377 |
$base_link = '<script src="'.WB_URL.'/modules/{MODULE_DIRECTORY}/backend_body.js" type="text/javascript"></script>';
|
|
322 | 378 |
$base_file = "backend_body.js"; |
323 | 379 |
} |
324 | 380 |
// check if backend_body.js files needs to be included to the <body></body> section of the backend |
... | ... | |
382 | 438 |
$base_link.= ' rel="stylesheet" type="text/css" media="screen" />'; |
383 | 439 |
$base_file = "backend.css"; |
384 | 440 |
} else { |
385 |
$base_link = '<script type="text/javascript" src="'.WB_URL.'/modules/{MODULE_DIRECTORY}/backend.js"></script>';
|
|
441 |
$base_link = '<script src="'.WB_URL.'/modules/{MODULE_DIRECTORY}/backend.js" type="text/javascript"></script>';
|
|
386 | 442 |
$base_file = "backend.js"; |
387 | 443 |
} |
388 | 444 |
|
... | ... | |
400 | 456 |
return str_replace("{MODULE_DIRECTORY}", $tool['directory'], $base_link); |
401 | 457 |
} |
402 | 458 |
} |
403 |
} elseif(isset($_GET['page_id']) or isset($_POST['page_id'])) {
|
|
459 |
} elseif(isset($_GET['page_id']) || isset($_POST['page_id'])) {
|
|
404 | 460 |
// check if displayed page in the backend contains a page module |
405 | 461 |
if (isset($_GET['page_id'])) { |
406 | 462 |
$page_id = (int)$_GET['page_id']; |
Also available in: Unified diff