Revision 1441
Added by Dietmar over 13 years ago
- recoded /modules/admin.php info_banner, now compare with modify in pages
- security fixes remove defined WB_PATH for backend templates
- fixed class.admin.php missing $TEXT declaration, add get_section_details
| class.admin.php | ||
|---|---|---|
| 223 | 223 |
} |
| 224 | 224 |
} |
| 225 | 225 |
} |
| 226 |
|
|
| 226 |
/* |
|
| 227 | 227 |
function get_user_details($user_id) {
|
| 228 | 228 |
global $database; |
| 229 |
$query_user = "SELECT username,display_name FROM ".TABLE_PREFIX."users WHERE user_id = '$user_id'";
|
|
| 230 |
$get_user = $database->query($query_user);
|
|
| 231 |
if($get_user->numRows() != 0) {
|
|
| 232 |
$user = $get_user->fetchRow();
|
|
| 233 |
} else {
|
|
| 234 |
$user['display_name'] = 'Unknown';
|
|
| 235 |
$user['username'] = 'unknown';
|
|
| 229 |
$sql = 'SELECT * FROM `'.TABLE_PREFIX.'users` ';
|
|
| 230 |
$sql .= 'WHERE `user_id`='.(int)$user_id.' LIMIT 1';
|
|
| 231 |
if(($resUser = $database->query($sql))){
|
|
| 232 |
if(!($recUser = $resUser->fetchRow())) {
|
|
| 233 |
$recUser['display_name'] = 'Unknown';
|
|
| 234 |
$recUser['username'] = 'unknown';
|
|
| 235 |
}
|
|
| 236 | 236 |
} |
| 237 |
return $user; |
|
| 238 |
} |
|
| 239 |
|
|
| 240 |
function get_page_details($page_id) {
|
|
| 241 |
global $database; |
|
| 242 |
$query = "SELECT page_id,page_title,menu_title,modified_by,modified_when FROM ".TABLE_PREFIX."pages WHERE page_id = '$page_id'"; |
|
| 243 |
$results = $database->query($query); |
|
| 244 |
if($database->is_error()) {
|
|
| 245 |
$this->print_header(); |
|
| 246 |
$this->print_error($database->get_error()); |
|
| 247 |
} |
|
| 248 |
if($results->numRows() == 0) {
|
|
| 249 |
$this->print_header(); |
|
| 250 |
$this->print_error($MESSAGE['PAGES']['NOT_FOUND']); |
|
| 251 |
} |
|
| 252 |
$results_array = $results->fetchRow(); |
|
| 253 |
return $results_array; |
|
| 254 |
} |
|
| 255 |
|
|
| 237 |
return $recUser; |
|
| 238 |
} |
|
| 239 |
*/ |
|
| 240 |
function get_user_details($user_id) {
|
|
| 241 |
global $database; |
|
| 242 |
$retval = array('username'=>'unknown','display_name'=>'Unknown','email'=>'');
|
|
| 243 |
$sql = 'SELECT `username`,`display_name`,`email` '; |
|
| 244 |
$sql .= 'FROM `'.TABLE_PREFIX.'users` '; |
|
| 245 |
$sql .= 'WHERE `user_id`='.(int)$user_id.' '; |
|
| 246 |
// $sql .= 'AND (`statusflags` & '.USERS_DELETED.') > 0'; |
|
| 247 |
if( ($resUsers = $database->query($sql)) ) {
|
|
| 248 |
if( ($recUser = $resUsers->fetchRow()) ) {
|
|
| 249 |
$retval = $recUser; |
|
| 250 |
} |
|
| 251 |
} |
|
| 252 |
return $retval; |
|
| 253 |
} |
|
| 254 |
|
|
| 255 |
// |
|
| 256 |
function get_section_details( $section_id, $backLink = 'index.php' ) {
|
|
| 257 |
global $database, $TEXT; |
|
| 258 |
$sql = 'SELECT * FROM `'.TABLE_PREFIX.'sections` '; |
|
| 259 |
$sql .= 'WHERE `section_id`='.intval($section_id).' LIMIT 1'; |
|
| 260 |
if(($resSection = $database->query($sql))){
|
|
| 261 |
if(!($recSection = $resSection->fetchRow())) {
|
|
| 262 |
$this->print_header(); |
|
| 263 |
$this->print_error($TEXT['SECTION'].' '.$TEXT['NOT_FOUND'], $backLink, true); |
|
| 264 |
} |
|
| 265 |
} else {
|
|
| 266 |
$this->print_header(); |
|
| 267 |
$this->print_error($database->get_error(), $backLink, true); |
|
| 268 |
} |
|
| 269 |
return $recSection; |
|
| 270 |
} |
|
| 271 |
|
|
| 272 |
function get_page_details( $page_id, $backLink = 'index.php' ) {
|
|
| 273 |
global $database, $TEXT; |
|
| 274 |
$sql = 'SELECT * FROM `'.TABLE_PREFIX.'pages` '; |
|
| 275 |
$sql .= 'WHERE `page_id`='.(int)$page_id.' LIMIT 1'; |
|
| 276 |
if(($resPages = $database->query($sql))){
|
|
| 277 |
if(!($recPage = $resPages->fetchRow())) {
|
|
| 278 |
$this->print_header(); |
|
| 279 |
$this->print_error($TEXT['PAGE'].' '.$TEXT['NOT_FOUND'], $backLink, true); |
|
| 280 |
} |
|
| 281 |
} else {
|
|
| 282 |
$this->print_header(); |
|
| 283 |
$this->print_error($database->get_error(), $backLink, true); |
|
| 284 |
} |
|
| 285 |
return $recPage; |
|
| 286 |
} |
|
| 287 |
|
|
| 256 | 288 |
/** Function get_page_permission takes either a numerical page_id, |
| 257 | 289 |
* upon which it looks up the permissions in the database, |
| 258 |
* or an array with keys admin_groups and admin_users
|
|
| 290 |
* or an array with keys admin_groups and admin_users |
|
| 259 | 291 |
*/ |
| 292 |
/* |
|
| 260 | 293 |
function get_page_permission($page,$action='admin') {
|
| 261 | 294 |
if ($action!='viewing') $action='admin'; |
| 262 | 295 |
$action_groups=$action.'_groups'; |
| ... | ... | |
| 264 | 297 |
if (is_array($page)) {
|
| 265 | 298 |
$groups=$page[$action_groups]; |
| 266 | 299 |
$users=$page[$action_users]; |
| 267 |
} else {
|
|
| 300 |
} else {
|
|
| 268 | 301 |
global $database; |
| 269 | 302 |
$results = $database->query("SELECT $action_groups,$action_users FROM ".TABLE_PREFIX."pages WHERE page_id = '$page'");
|
| 270 | 303 |
$result = $results->fetchRow(); |
| ... | ... | |
| 283 | 316 |
} |
| 284 | 317 |
return true; |
| 285 | 318 |
} |
| 286 |
|
|
| 319 |
*/ |
|
| 287 | 320 |
|
| 321 |
function get_page_permission($page,$action='admin') {
|
|
| 322 |
if($action != 'viewing') { $action = 'admin'; }
|
|
| 323 |
$action_groups = $action.'_groups'; |
|
| 324 |
$action_users = $action.'_users'; |
|
| 325 |
$groups = $users = '0'; |
|
| 326 |
if(is_array($page)) {
|
|
| 327 |
$groups = $page[$action_groups]; |
|
| 328 |
$users = $page[$action_users]; |
|
| 329 |
} else {
|
|
| 330 |
global $database; |
|
| 331 |
$sql = 'SELECT `'.$action_groups.'`,`'.$action_users.'` '; |
|
| 332 |
$sql .= 'FROM `'.TABLE_PREFIX.'pages` '; |
|
| 333 |
$sql .= 'WHERE `page_id`='.(int)$page; |
|
| 334 |
if( ($res = $database->query($sql)) ) {
|
|
| 335 |
if( ($rec = $res->fetchRow()) ) {
|
|
| 336 |
$groups = $rec[$action_groups]; |
|
| 337 |
$users = $rec[$action_users]; |
|
| 338 |
} |
|
| 339 |
} |
|
| 340 |
} |
|
| 341 |
return ($this->ami_group_member($groups) || $this->is_group_match($this->get_user_id(), $users)); |
|
| 342 |
} |
|
| 343 |
|
|
| 288 | 344 |
// Returns a system permission for a menu link |
| 289 | 345 |
function get_link_permission($title) {
|
| 290 | 346 |
$title = str_replace('_blank', '', $title);
|
| ... | ... | |
| 318 | 374 |
$body_links = ""; |
| 319 | 375 |
// define default baselink and filename for optional module javascript and stylesheet files |
| 320 | 376 |
if($file_id == "js") {
|
| 321 |
$base_link = '<script type="text/javascript" src="'.WB_URL.'/modules/{MODULE_DIRECTORY}/backend_body.js"></script>';
|
|
| 377 |
$base_link = '<script src="'.WB_URL.'/modules/{MODULE_DIRECTORY}/backend_body.js" type="text/javascript"></script>';
|
|
| 322 | 378 |
$base_file = "backend_body.js"; |
| 323 | 379 |
} |
| 324 | 380 |
// check if backend_body.js files needs to be included to the <body></body> section of the backend |
| ... | ... | |
| 382 | 438 |
$base_link.= ' rel="stylesheet" type="text/css" media="screen" />'; |
| 383 | 439 |
$base_file = "backend.css"; |
| 384 | 440 |
} else {
|
| 385 |
$base_link = '<script type="text/javascript" src="'.WB_URL.'/modules/{MODULE_DIRECTORY}/backend.js"></script>';
|
|
| 441 |
$base_link = '<script src="'.WB_URL.'/modules/{MODULE_DIRECTORY}/backend.js" type="text/javascript"></script>';
|
|
| 386 | 442 |
$base_file = "backend.js"; |
| 387 | 443 |
} |
| 388 | 444 |
|
| ... | ... | |
| 400 | 456 |
return str_replace("{MODULE_DIRECTORY}", $tool['directory'], $base_link);
|
| 401 | 457 |
} |
| 402 | 458 |
} |
| 403 |
} elseif(isset($_GET['page_id']) or isset($_POST['page_id'])) {
|
|
| 459 |
} elseif(isset($_GET['page_id']) || isset($_POST['page_id'])) {
|
|
| 404 | 460 |
// check if displayed page in the backend contains a page module |
| 405 | 461 |
if (isset($_GET['page_id'])) {
|
| 406 | 462 |
$page_id = (int)$_GET['page_id']; |
Also available in: Unified diff