Revision 319
Added by stefan over 19 years ago
| trunk/wb/admin/pages/settings.php | ||
|---|---|---|
| 59 | 59 |
$results_array = $results->fetchRow(); |
| 60 | 60 |
|
| 61 | 61 |
// Get display name of person who last modified the page |
| 62 |
$query_user = "SELECT username,display_name FROM ".TABLE_PREFIX."users WHERE user_id = '".$results_array['modified_by']."'"; |
|
| 63 |
$get_user = $database->query($query_user); |
|
| 64 |
if($get_user->numRows() != 0) {
|
|
| 65 |
$user = $get_user->fetchRow(); |
|
| 66 |
} else {
|
|
| 67 |
$user['display_name'] = 'Unknown'; |
|
| 68 |
$user['username'] = 'unknown'; |
|
| 69 |
} |
|
| 62 |
$user=$admin->get_user_details($results_array['modified_by']); |
|
| 63 |
|
|
| 70 | 64 |
// Convert the unix ts for modified_when to human a readable form |
| 71 | 65 |
if($results_array['modified_when'] != 0) {
|
| 72 | 66 |
$modified_ts = gmdate(TIME_FORMAT.', '.DATE_FORMAT, $results_array['modified_when']+TIMEZONE); |
| trunk/wb/admin/pages/delete.php | ||
|---|---|---|
| 40 | 40 |
require_once(WB_PATH.'/framework/functions.php'); |
| 41 | 41 |
|
| 42 | 42 |
// Get perms |
| 43 |
$results = $database->query("SELECT admin_groups,admin_users FROM ".TABLE_PREFIX."pages WHERE page_id = '$page_id'");
|
|
| 44 |
$results_array = $results->fetchRow(); |
|
| 43 |
if (!$admin->get_page_permission($page_id,'admin')) {
|
|
| 44 |
$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']); |
|
| 45 |
} |
|
| 45 | 46 |
|
| 46 | 47 |
// Find out more about the page |
| 47 | 48 |
$query = "SELECT * FROM ".TABLE_PREFIX."pages WHERE page_id = '$page_id'"; |
| ... | ... | |
| 52 | 53 |
if($results->numRows() == 0) {
|
| 53 | 54 |
$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']); |
| 54 | 55 |
} |
| 56 |
|
|
| 55 | 57 |
$results_array = $results->fetchRow(); |
| 56 |
$old_admin_groups = explode(',', str_replace('_', '', $results_array['admin_groups']));
|
|
| 57 |
$old_admin_users = explode(',', str_replace('_', '', $results_array['admin_users']));
|
|
| 58 |
if(!is_numeric(array_search($admin->get_group_id(), $old_admin_groups)) AND !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) {
|
|
| 59 |
$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']); |
|
| 60 |
} |
|
| 61 | 58 |
|
| 62 | 59 |
$visibility = $results_array['visibility']; |
| 63 | 60 |
|
| trunk/wb/admin/pages/modify.php | ||
|---|---|---|
| 37 | 37 |
$admin = new admin('Pages', 'pages_modify');
|
| 38 | 38 |
|
| 39 | 39 |
// Get perms |
| 40 |
$database = new database(); |
|
| 41 |
$results = $database->query("SELECT admin_groups,admin_users FROM ".TABLE_PREFIX."pages WHERE page_id = '$page_id'");
|
|
| 42 |
$results_array = $results->fetchRow(); |
|
| 43 |
$old_admin_groups = explode(',', str_replace('_', '', $results_array['admin_groups']));
|
|
| 44 |
$old_admin_users = explode(',', str_replace('_', '', $results_array['admin_users']));
|
|
| 45 |
if(!is_numeric(array_search($admin->get_group_id(), $old_admin_groups)) AND !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) {
|
|
| 40 |
if(!$admin->get_page_permission($page_id,'admin')) {
|
|
| 46 | 41 |
$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']); |
| 47 | 42 |
} |
| 48 | 43 |
|
| 49 | 44 |
// Get page details |
| 50 |
$database = new database(); |
|
| 51 |
$query = "SELECT page_id,page_title,modified_by,modified_when FROM ".TABLE_PREFIX."pages WHERE page_id = '$page_id'"; |
|
| 52 |
$results = $database->query($query); |
|
| 53 |
if($database->is_error()) {
|
|
| 54 |
$admin->print_header(); |
|
| 55 |
$admin->print_error($database->get_error()); |
|
| 56 |
} |
|
| 57 |
if($results->numRows() == 0) {
|
|
| 58 |
$admin->print_header(); |
|
| 59 |
$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']); |
|
| 60 |
} |
|
| 61 |
$results_array = $results->fetchRow(); |
|
| 45 |
$results_array=$admin->get_page_details($page_id); |
|
| 62 | 46 |
|
| 63 | 47 |
// Get display name of person who last modified the page |
| 64 |
$query_user = "SELECT username,display_name FROM ".TABLE_PREFIX."users WHERE user_id = '".$results_array['modified_by']."'"; |
|
| 65 |
$get_user = $database->query($query_user); |
|
| 66 |
if($get_user->numRows() != 0) {
|
|
| 67 |
$user = $get_user->fetchRow(); |
|
| 68 |
} else {
|
|
| 69 |
$user['display_name'] = 'Unknown'; |
|
| 70 |
$user['username'] = 'unknown'; |
|
| 71 |
} |
|
| 48 |
$user=$admin->get_user_details($results_array['modified_by']); |
|
| 49 |
|
|
| 72 | 50 |
// Convert the unix ts for modified_when to human a readable form |
| 73 | 51 |
if($results_array['modified_when'] != 0) {
|
| 74 | 52 |
$modified_ts = gmdate(TIME_FORMAT.', '.DATE_FORMAT, $results_array['modified_when']+TIMEZONE); |
| trunk/wb/admin/pages/add.php | ||
|---|---|---|
| 39 | 39 |
$admin_groups = $admin->get_post('admin_groups');
|
| 40 | 40 |
$viewing_groups = $admin->get_post('viewing_groups');
|
| 41 | 41 |
|
| 42 |
if ($parent!=0) {
|
|
| 43 |
if (!$admin->get_page_permission($parent,'admin')) |
|
| 44 |
$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']); |
|
| 45 |
} elseif (!$admin->get_permission('pages_add_l0','system')) {
|
|
| 46 |
$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']); |
|
| 47 |
} |
|
| 48 |
|
|
| 42 | 49 |
// Validate data |
| 43 | 50 |
if($title == '') {
|
| 44 | 51 |
$admin->print_error($MESSAGE['PAGES']['BLANK_TITLE']); |
| ... | ... | |
| 74 | 81 |
} |
| 75 | 82 |
|
| 76 | 83 |
// Check if a page with same page filename exists |
| 77 |
$database = new database(); |
|
| 78 | 84 |
$get_same_page = $database->query("SELECT page_id FROM ".TABLE_PREFIX."pages WHERE link = '$link'");
|
| 79 | 85 |
if($get_same_page->numRows() > 0 OR file_exists(WB_PATH.PAGES_DIRECTORY.$link.'.php') OR file_exists(WB_PATH.PAGES_DIRECTORY.$link.'/')) {
|
| 80 | 86 |
$admin->print_error($MESSAGE['PAGES']['PAGE_EXISTS']); |
| ... | ... | |
| 99 | 105 |
|
| 100 | 106 |
// Insert page into pages table |
| 101 | 107 |
$query = "INSERT INTO ".TABLE_PREFIX."pages (page_title,menu_title,parent,template,target,position,visibility,searching,menu,language,admin_groups,viewing_groups,modified_when,modified_by) VALUES ('$title','$title','$parent','$template','_top','$position','$visibility','1','1','".DEFAULT_LANGUAGE."','$admin_groups','$viewing_groups','".mktime()."','".$admin->get_user_id()."')";
|
| 102 |
$database = new database(); |
|
| 103 | 108 |
$database->query($query); |
| 104 | 109 |
if($database->is_error()) {
|
| 105 | 110 |
$admin->print_error($database->get_error()); |
| trunk/wb/modules/admin.php | ||
|---|---|---|
| 108 | 108 |
$results_array = $results->fetchRow(); |
| 109 | 109 |
|
| 110 | 110 |
// Get display name of person who last modified the page |
| 111 |
$query_user = "SELECT username,display_name FROM ".TABLE_PREFIX."users WHERE user_id = '".$results_array['modified_by']."'"; |
|
| 112 |
$get_user = $database->query($query_user); |
|
| 113 |
if($get_user->numRows() != 0) {
|
|
| 114 |
$user = $get_user->fetchRow(); |
|
| 115 |
} else {
|
|
| 116 |
$user['display_name'] = 'Unknown'; |
|
| 117 |
$user['username'] = 'unknown'; |
|
| 118 |
} |
|
| 111 |
$user=$admin->get_user_details($results_array['modified_by']); |
|
| 112 |
|
|
| 119 | 113 |
// Convert the unix ts for modified_when to human a readable form |
| 120 | 114 |
if($results_array['modified_when'] != 0) {
|
| 121 | 115 |
$modified_ts = gmdate(TIME_FORMAT.', '.DATE_FORMAT, $results_array['modified_when']+TIMEZONE); |
Also available in: Unified diff
Added permission check to admin/pages/add.php to fix ticket #68. Also used get_page_permission, get_user_details, get_page_details in some places.