Project

General

Profile

« Previous | Next » 

Revision 319

Added by stefan over 19 years ago

Added permission check to admin/pages/add.php to fix ticket #68. Also used get_page_permission, get_user_details, get_page_details in some places.

View differences:

modify.php
37 37 
$admin = new admin('Pages', 'pages_modify');
38 38 

  		




  39
  39
  
    
// Get perms


  		




  40
  
  
    
$database = new database();


  		




  41
  
  
    
$results = $database->query("SELECT admin_groups,admin_users FROM ".TABLE_PREFIX."pages WHERE page_id = '$page_id'");


  		




  42
  
  
    
$results_array = $results->fetchRow();


  		




  43
  
  
    
$old_admin_groups = explode(',', str_replace('_', '', $results_array['admin_groups']));


  		




  44
  
  
    
$old_admin_users = explode(',', str_replace('_', '', $results_array['admin_users']));


  		




  45
  
  
    
if(!is_numeric(array_search($admin->get_group_id(), $old_admin_groups)) AND !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) {


  		




  
  40
  
    
if(!$admin->get_page_permission($page_id,'admin')) {


  		




  46
  41
  
    
	$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']);


  		




  47
  42
  
    
}


  		




  48
  43
  
    

  		




  49
  44
  
    
// Get page details


  		




  50
  
  
    
$database = new database();


  		




  51
  
  
    
$query = "SELECT page_id,page_title,modified_by,modified_when FROM ".TABLE_PREFIX."pages WHERE page_id = '$page_id'";


  		




  52
  
  
    
$results = $database->query($query);


  		




  53
  
  
    
if($database->is_error()) {


  		




  54
  
  
    
	$admin->print_header();


  		




  55
  
  
    
	$admin->print_error($database->get_error());


  		




  56
  
  
    
}


  		




  57
  
  
    
if($results->numRows() == 0) {


  		




  58
  
  
    
	$admin->print_header();


  		




  59
  
  
    
	$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']);


  		




  60
  
  
    
}


  		




  61
  
  
    
$results_array = $results->fetchRow();


  		




  
  45
  
    
$results_array=$admin->get_page_details($page_id);


  		




  62
  46
  
    

  		




  63
  47
  
    
// Get display name of person who last modified the page


  		




  64
  
  
    
$query_user = "SELECT username,display_name FROM ".TABLE_PREFIX."users WHERE user_id = '".$results_array['modified_by']."'";


  		




  65
  
  
    
$get_user = $database->query($query_user);


  		




  66
  
  
    
if($get_user->numRows() != 0) {


  		




  67
  
  
    
	$user = $get_user->fetchRow();


  		




  68
  
  
    
} else {


  		




  69
  
  
    
	$user['display_name'] = 'Unknown';


  		




  70
  
  
    
	$user['username'] = 'unknown';


  		




  71
  
  
    
}


  		




  
  48
  
    
$user=$admin->get_user_details($results_array['modified_by']);


  		




  
  49
  
    

  		




  72
  50
  
    
// Convert the unix ts for modified_when to human a readable form


  		




  73
  51
  
    
if($results_array['modified_when'] != 0) {


  		




  74
  52
  
    
	$modified_ts = gmdate(TIME_FORMAT.', '.DATE_FORMAT, $results_array['modified_when']+TIMEZONE);


  		












Also available in:  Unified diff