Project

General

Profile

« Previous | Next » 

Revision 1441

Added by Dietmar over 13 years ago

  1. recoded /modules/admin.php info_banner, now compare with modify in pages
  2. security fixes remove defined WB_PATH for backend templates
  3. fixed class.admin.php missing $TEXT declaration, add get_section_details

View differences:

class.admin.php
223 223
			}
224 224
		}
225 225
	}
226
		
226
/*
227 227
	function get_user_details($user_id) {
228 228
		global $database;
229
		$query_user = "SELECT username,display_name FROM ".TABLE_PREFIX."users WHERE user_id = '$user_id'";
230
		$get_user = $database->query($query_user);
231
		if($get_user->numRows() != 0) {
232
			$user = $get_user->fetchRow();
233
		} else {
234
			$user['display_name'] = 'Unknown';
235
			$user['username'] = 'unknown';
229
		$sql  = 'SELECT * FROM `'.TABLE_PREFIX.'users` ';
230
		$sql .= 'WHERE `user_id`='.(int)$user_id.' LIMIT 1';
231
		if(($resUser = $database->query($sql))){
232
			if(!($recUser = $resUser->fetchRow())) {
233
				$recUser['display_name'] = 'Unknown';
234
				$recUser['username'] = 'unknown';
235
			}
236 236
		}
237
		return $user;
238
	}	
239
	
240
	function get_page_details($page_id) {
241
		global $database;
242
		$query = "SELECT page_id,page_title,menu_title,modified_by,modified_when FROM ".TABLE_PREFIX."pages WHERE page_id = '$page_id'";
243
		$results = $database->query($query);
244
		if($database->is_error()) {
245
			$this->print_header();
246
			$this->print_error($database->get_error());
247
		}
248
		if($results->numRows() == 0) {
249
			$this->print_header();
250
			$this->print_error($MESSAGE['PAGES']['NOT_FOUND']);
251
		}
252
		$results_array = $results->fetchRow();
253
		return $results_array;
254
	}	
255
	
237
		return $recUser;
238
	}
239
*/
240
 function get_user_details($user_id) {
241
  global $database;
242
  $retval = array('username'=>'unknown','display_name'=>'Unknown','email'=>'');
243
  $sql  = 'SELECT `username`,`display_name`,`email` ';
244
  $sql .= 'FROM `'.TABLE_PREFIX.'users` ';
245
  $sql .= 'WHERE `user_id`='.(int)$user_id.' ';
246
  // $sql .= 'AND (`statusflags` & '.USERS_DELETED.') > 0';
247
  if( ($resUsers = $database->query($sql)) ) {
248
   if( ($recUser = $resUsers->fetchRow()) ) {
249
    $retval = $recUser;
250
   }
251
  }
252
  return $retval;
253
 }
254

  
255
    //
256
	function get_section_details( $section_id, $backLink = 'index.php' ) {
257
	global $database, $TEXT;
258
		$sql  = 'SELECT * FROM `'.TABLE_PREFIX.'sections` ';
259
		$sql .= 'WHERE `section_id`='.intval($section_id).' LIMIT 1';
260
		if(($resSection = $database->query($sql))){
261
			if(!($recSection = $resSection->fetchRow())) {
262
				$this->print_header();
263
				$this->print_error($TEXT['SECTION'].' '.$TEXT['NOT_FOUND'], $backLink, true);
264
			}
265
			} else {
266
				$this->print_header();
267
				$this->print_error($database->get_error(), $backLink, true);
268
			}
269
		return $recSection;
270
	}
271

  
272
	function get_page_details( $page_id, $backLink = 'index.php' ) {
273
	  global $database, $TEXT;
274
	  $sql  = 'SELECT * FROM `'.TABLE_PREFIX.'pages` ';
275
	  $sql .= 'WHERE `page_id`='.(int)$page_id.' LIMIT 1';
276
	  if(($resPages = $database->query($sql))){
277
	   if(!($recPage = $resPages->fetchRow())) {
278
	    $this->print_header();
279
	    $this->print_error($TEXT['PAGE'].' '.$TEXT['NOT_FOUND'], $backLink, true);
280
	   }
281
	  } else {
282
	   $this->print_header();
283
	   $this->print_error($database->get_error(), $backLink, true);
284
	  }
285
	  return $recPage;
286
	 }
287

  
256 288
	/** Function get_page_permission takes either a numerical page_id,
257 289
	 * upon which it looks up the permissions in the database,
258
	 * or an array with keys admin_groups and admin_users  
290
	 * or an array with keys admin_groups and admin_users
259 291
	 */
292
/*
260 293
	function get_page_permission($page,$action='admin') {
261 294
		if ($action!='viewing') $action='admin';
262 295
		$action_groups=$action.'_groups';
......
264 297
		if (is_array($page)) {
265 298
				$groups=$page[$action_groups];
266 299
				$users=$page[$action_users];
267
		} else {				
300
		} else {
268 301
			global $database;
269 302
			$results = $database->query("SELECT $action_groups,$action_users FROM ".TABLE_PREFIX."pages WHERE page_id = '$page'");
270 303
			$result = $results->fetchRow();
......
283 316
		}
284 317
		return true;
285 318
	}
286
		
319
*/
287 320

  
321
	function get_page_permission($page,$action='admin') {
322
		if($action != 'viewing') { $action = 'admin'; }
323
		$action_groups = $action.'_groups';
324
		$action_users  = $action.'_users';
325
		$groups = $users = '0';
326
		if(is_array($page)) {
327
			$groups = $page[$action_groups];
328
			$users  = $page[$action_users];
329
		} else {
330
			global $database;
331
			$sql  = 'SELECT `'.$action_groups.'`,`'.$action_users.'` ';
332
			$sql .= 'FROM `'.TABLE_PREFIX.'pages` ';
333
			$sql .= 'WHERE `page_id`='.(int)$page;
334
			if( ($res = $database->query($sql)) ) {
335
				if( ($rec = $res->fetchRow()) ) {
336
					$groups = $rec[$action_groups];
337
					$users  = $rec[$action_users];
338
				}
339
			}
340
		}
341
		return ($this->ami_group_member($groups) || $this->is_group_match($this->get_user_id(), $users));
342
	}
343

  
288 344
	// Returns a system permission for a menu link
289 345
	function get_link_permission($title) {
290 346
		$title = str_replace('_blank', '', $title);
......
318 374
        $body_links = "";
319 375
		// define default baselink and filename for optional module javascript and stylesheet files
320 376
		if($file_id == "js") {
321
			$base_link = '<script type="text/javascript" src="'.WB_URL.'/modules/{MODULE_DIRECTORY}/backend_body.js"></script>';
377
			$base_link = '<script src="'.WB_URL.'/modules/{MODULE_DIRECTORY}/backend_body.js" type="text/javascript"></script>';
322 378
			$base_file = "backend_body.js";
323 379
		}
324 380
		// check if backend_body.js files needs to be included to the <body></body> section of the backend
......
382 438
			$base_link.= ' rel="stylesheet" type="text/css" media="screen" />';
383 439
			$base_file = "backend.css";
384 440
		} else {
385
			$base_link = '<script type="text/javascript" src="'.WB_URL.'/modules/{MODULE_DIRECTORY}/backend.js"></script>';
441
			$base_link = '<script src="'.WB_URL.'/modules/{MODULE_DIRECTORY}/backend.js" type="text/javascript"></script>';
386 442
			$base_file = "backend.js";
387 443
		}
388 444

  
......
400 456
					return str_replace("{MODULE_DIRECTORY}", $tool['directory'], $base_link);
401 457
				}
402 458
			}
403
		} elseif(isset($_GET['page_id']) or isset($_POST['page_id'])) {
459
		} elseif(isset($_GET['page_id']) || isset($_POST['page_id'])) {
404 460
			// check if displayed page in the backend contains a page module
405 461
			if (isset($_GET['page_id'])) {
406 462
				$page_id = (int)$_GET['page_id'];

Also available in: Unified diff