22 Nov
2008
22 Nov
'08
11:51 p.m.
Author: dgoette
Date: Sat Nov 22 17:51:18 2008
New Revision: 37569
URL: http://svn.reactos.org/svn/reactos?rev=37569&view=rev
Log:
* moved login.php -> Login::required()
* use new class ThisUser to reference the logged in user
* use new class to get rid of more global vars
* fix minor bugs
Added:
branches/danny-web/reactos.org/htdocs/roscms/lib/ThisUser.class.php
Modified:
branches/danny-web/reactos.org/htdocs/roscms/index.php
branches/danny-web/reactos.org/htdocs/roscms/js/cms_website.js.php
branches/danny-web/reactos.org/htdocs/roscms/lib/CMSWebsiteFilter.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/CMSWebsiteSaveEntry.class.…
branches/danny-web/reactos.org/htdocs/roscms/lib/Data.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/Date.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/Editor.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/Editor_Website.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/Export.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/Export_HTML.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/Export_Maintain.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/Export_QuickInfo.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/Export_User.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/Export_XML.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Maintain.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_User.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Website.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Welcome.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Profile.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_ProfileEdit.clas…
branches/danny-web/reactos.org/htdocs/roscms/lib/Log.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/Login.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/ROSUser.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/Security.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/Tag.class.php
Modified: branches/danny-web/reactos.org/htdocs/roscms/index.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/index.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/index.php [iso-8859-1] Sat Nov 22
17:51:18 2008
@@ -46,10 +46,6 @@
// Global Vars:
$rpm_page="";
$rpm_lang="";
-
-
- // this vars will be removed soon
- $roscms_intern_login_check_username="";
if (array_key_exists("page", $_GET))
$rpm_page=htmlspecialchars($_GET["page"]);
if (array_key_exists("lang", $_GET))
$rpm_lang=htmlspecialchars($_GET["lang"]);
@@ -112,7 +108,7 @@
$text = str_replace(' ','',$text);
$text = str_replace("\t",'',$text);
$text = str_replace("\n",'',$text);
- echo str_replace("\n",'',$text);
+ echo str_replace("\r",'',$text);
}
Modified: branches/danny-web/reactos.org/htdocs/roscms/js/cms_website.js.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/js/cms_website.js.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/js/cms_website.js.php [iso-8859-1] Sat
Nov 22 17:51:18 2008
@@ -20,8 +20,7 @@
define('ROSCMS_PATH', '../');
require('../lib/RosCMS_Autoloader.class.php');
- require('../login.php');
- global $roscms_intern_account_id;
+ Login::required();
?>
function filtpopulatehelper(objidval, objidval2, filterid) {
var filtentryselstr = '';
@@ -72,7 +71,7 @@
filtentryselstrs1 = '<select
id="sfb'+filterid+'"><option
value="is">is</option><option value="no">is
not</option></select>';
filtentryselstrs2 = '<select
id="sfc'+filterid+'"><?php
- $user_lang = ROSUser::getLanguage($roscms_intern_account_id, true);
+ $user_lang = ROSUser::getLanguage(ThisUser::getInstance()->id(), true);
$stmt=DBConnection::getInstance()->prepare("SELECT lang_id, lang_name FROM
languages WHERE lang_level > '0' ORDER BY lang_name ASC");
$stmt->execute();
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/CMSWebsiteFilter.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/CMSWebsiteFilter.class.php
[iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/CMSWebsiteFilter.class.php
[iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -30,9 +30,8 @@
public function __construct( )
{
- require('login.php');
-
-
+ Login::required();
+
$this->manage();
} // end of member function __construct
@@ -49,7 +48,7 @@
*/
private function manage( )
{
- global $roscms_intern_account_id;
+ $thisuser = &ThisUser::getInstance();
// they need some standard values
$action = (isset($_GET['d_val']) ? $_GET['d_val'] : '');
@@ -66,7 +65,7 @@
// check if filter already exists
$stmt=DBConnection::getInstance()->prepare("SELECT 1 FROM data_user_filter
WHERE filt_usrid = :user_id AND filt_title = :title AND filt_type = :type LIMIT 1");
- $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+ $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
$stmt->bindParam('title',$filter_title,PDO::PARAM_STR);
$stmt->bindParam('type',$this->type_num,PDO::PARAM_INT);
$stmt->execute();
@@ -74,7 +73,7 @@
// insert new filter
$stmt=DBConnection::getInstance()->prepare("INSERT INTO data_user_filter
( filt_id , filt_usrid , filt_title , filt_type , filt_string , filt_datetime , filt_usage
, filt_usagedate ) VALUES ( NULL, :user_id, :title, :type, :string, NOW(), 1, NOW()
)");
- $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+ $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
$stmt->bindParam('title',$filter_title,PDO::PARAM_STR);
$stmt->bindParam('type',$this->type_num,PDO::PARAM_INT);
$stmt->bindParam('string',$filter_string,PDO::PARAM_STR);
@@ -85,13 +84,13 @@
// delete a label
$stmt=DBConnection::getInstance()->prepare("DELETE FROM data_user_filter
WHERE filt_id = :filter_id AND filt_usrid = :user_id LIMIT 1");
$stmt->bindParam('filter_id',$filter_title,PDO::PARAM_INT);
- $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+ $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
$stmt->execute();
}
// echo current list of filters
$stmt=DBConnection::getInstance()->prepare("SELECT filt_id, filt_title,
filt_string FROM data_user_filter WHERE filt_usrid = :user_id AND filt_type = :type ORDER
BY filt_title ASC");
- $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+ $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
$stmt->bindParam('type',$this->type_num,PDO::PARAM_INT);
$stmt->execute();
while ($filter = $stmt->fetch(PDO::FETCH_ASSOC)) {
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/CMSWebsiteSaveEntry.class.…
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/CMSWebsiteSaveEntry.class.…
[iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/CMSWebsiteSaveEntry.class.…
[iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -28,8 +28,8 @@
public function __construct()
{
- require('login.php');
-
+ Login::required();
+
if (!isset($_GET['d_id']) || !isset($_GET['d_r_lang'])){
echo 'Missing params';
return;
@@ -51,7 +51,7 @@
*/
private function save( $tag_value = 'no' )
{
- global $roscms_intern_account_id;
+ $thisuser = &ThisUser::getInstance();
$type = (isset($_GET['d_val3']) ? $_GET['d_val3'] : '');
$tag_value = (isset($_GET['d_val4']) ? $_GET['d_val4'] :
'no');
@@ -68,7 +68,7 @@
$stmt=DBConnection::getInstance()->prepare("SELECT rev_id FROM
data_revision WHERE data_id = :data_id AND rev_usrid = :user_id AND rev_date = :date AND
rev_language = :lang ORDER BY rev_id DESC LIMIT 1");
}
$stmt->bindParam('data_id',$_GET['d_id'],PDO::PARAM_INT);
- $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+ $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
$stmt->bindValue('date',date("Y-m-d"),PDO::PARAM_STR);
$stmt->bindParam('lang',$_GET['d_r_lang'],PDO::PARAM_STR);
$stmt->execute();
@@ -87,14 +87,14 @@
$stmt=DBConnection::getInstance()->prepare("INSERT INTO data_revision (
rev_id , data_id , rev_version , rev_language , rev_usrid , rev_datetime , rev_date ,
rev_time ) VALUES ( NULL, :data_id, 0, :lang, :user_id, NOW(), CURDATE(), CURTIME()
)");
$stmt->bindParam('data_id',$_GET['d_id'],PDO::PARAM_INT);
$stmt->bindParam('lang',$_GET['d_r_lang'],PDO::PARAM_STR);
- $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+ $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
$stmt->execute();
// get inserted rev_id
$stmt=DBConnection::getInstance()->prepare("SELECT rev_id FROM
data_revision WHERE data_id = :data_id AND rev_version = 0 AND rev_language = :lang AND
rev_usrid = :user_id ORDER BY rev_datetime DESC;");
$stmt->bindParam('data_id',$_GET['d_id'],PDO::PARAM_INT);
$stmt->bindParam('lang',$_GET['d_r_lang'],PDO::PARAM_STR);
- $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+ $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
$stmt->execute();
$rev_id = $stmt->fetchColumn();
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Data.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Data.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Data.class.php [iso-8859-1] Sat Nov
22 17:51:18 2008
@@ -239,9 +239,8 @@
*/
public static function deleteFile( $rev_id )
{
- global $roscms_security_level;
// only for admins
- if ($roscms_security_level < 3) {
+ if (ThisUser::getInstance()->securityLevel() < 3) {
return;
}
@@ -594,7 +593,7 @@
*/
public static function add($data_type = null, $lang = null, $show_output = false,
$dynamic_content = false, $entry_status = 'draft', $layout_template = '')
{
- global $roscms_intern_account_id;
+ $thisuser = &ThisUser::getInstance();
$data_name = @htmlspecialchars($_GET['d_name']);
@@ -628,13 +627,13 @@
$stmt=DBConnection::getInstance()->prepare("INSERT INTO data_revision (
rev_id , data_id , rev_version , rev_language , rev_usrid , rev_datetime , rev_date ,
rev_time ) VALUES ( NULL, :data_id, 0, :lang, :user_id, NOW(), CURDATE(), CURTIME()
)");
$stmt->bindParam('data_id',$data_id,PDO::PARAM_INT);
$stmt->bindParam('lang',$lang,PDO::PARAM_STR);
- $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+ $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
$stmt->execute();
$stmt=DBConnection::getInstance()->prepare("SELECT rev_id FROM
data_revision WHERE data_id = :data_id AND rev_version = '0' AND rev_language =
:lang AND rev_usrid = :user_id ORDER BY rev_datetime DESC");
$stmt->bindParam('data_id',$data_id,PDO::PARAM_INT);
$stmt->bindParam('lang',$lang,PDO::PARAM_STR);
- $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+ $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
$stmt->execute();
$rev_id = $stmt->fetchColumn();
@@ -695,7 +694,7 @@
Tag::add($data_id, $rev_id, 'number', $dynamic_number, -1);
Tag::add($data_id, $rev_id, 'number_sort', str_pad($dynamic_number, 5,
'0', STR_PAD_LEFT), -1); // padding with '0'
Tag::add($data_id, $rev_id, 'pub_date', date('Y-m-d'), -1);
- Tag::add($data_id, $rev_id, 'pub_user', $roscms_intern_account_id, -1);
+ Tag::add($data_id, $rev_id, 'pub_user', $thisuser->id(), -1);
}
if ($data_type == 'page') {
@@ -716,8 +715,8 @@
*/
public static function evalAction( $id_list, $action, $lang = null, $label_name = null
)
{
- global $roscms_intern_account_id;
- global $roscms_security_level;
+ $thisuser = &ThisUser::getInstance();
+
global $roscms_standard_language;
$id_list = preg_replace('/(^|-)[0-9]+\_([0-9]+)/','$2|',$id_list);
@@ -740,7 +739,7 @@
// get user language
$stmt_lang=DBConnection::getInstance()->prepare("SELECT user_language FROM
users WHERE user_id = :user_id LIMIT 1");
-
$stmt_lang->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+ $stmt_lang->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
$stmt_lang->execute();
$user_lang = $stmt_lang->fetchColumn();
@@ -762,7 +761,7 @@
// mark as stable
case 'ms':
- if ($roscms_security_level > 1 &&
ROSUser::isMemberOfGroup('transmaint')) {
+ if ($thisuser->securityLevel() > 1 &&
$thisuser->isMemberOfGroup('transmaint')) {
// check for user language
if ($user_lang == '') {
@@ -779,7 +778,7 @@
// renew tag
$tag_id = Tag::getIdByUser($revision['data_id'],
$revision['rev_id'], 'status', -1);
if ($tag_id > 0) {
- Tag::deleteById($tag_id, $roscms_intern_account_id);
+ Tag::deleteById($tag_id, $thisuser->id());
}
Tag::add($revision['data_id'], $revision['rev_id'],
'status', 'stable', -1);
@@ -855,7 +854,7 @@
// mark as new
case 'mn':
- if ($roscms_security_level > 1 &&
ROSUser::isMemberOfGroup('transmaint')) {
+ if ($thisuser->securityLevel() > 1 &&
$thisuser->isMemberOfGroup('transmaint')) {
// check for user language
if ($user_lang == '') {
@@ -870,7 +869,7 @@
//
$tag_id = Tag::getIdByUser($revision['data_id'],
$revision['rev_id'], 'status', -1);
if ($tag_id > 0) {
- Tag::deleteById($tag_id, $roscms_intern_account_id);
+ Tag::deleteById($tag_id, $thisuser->id());
}
Tag::add($revision['data_id'], $revision['rev_id'],
'status', 'new', -1);
@@ -881,32 +880,32 @@
// add star
case 'as':
- $tag_id = Tag::getIdByUser($revision['data_id'],
$revision['rev_id'], 'star', $roscms_intern_account_id);
+ $tag_id = Tag::getIdByUser($revision['data_id'],
$revision['rev_id'], 'star', $thisuser->id());
if ($tag_id > 0) {
- Tag::deleteById($t_tagid, $roscms_intern_account_id);
+ Tag::deleteById($t_tagid, $thisuser->id());
}
- Tag::add($revision['data_id'], $revision['rev_id'],
'star', 'on', $roscms_intern_account_id);
+ Tag::add($revision['data_id'], $revision['rev_id'],
'star', 'on', $thisuser->id());
break;
// delete star
case 'xs':
- $tag_id = Tag::getIdByUser($revision['data_id'],
$revision['rev_id'], 'star', $roscms_intern_account_id);
+ $tag_id = Tag::getIdByUser($revision['data_id'],
$revision['rev_id'], 'star', $thisuser->id());
if ($tag_id > 0) {
- Tag::deleteById($tag_id, $roscms_intern_account_id);
+ Tag::deleteById($tag_id, $thisuser->id());
}
break;
// add label
case 'tg':
- Tag::add($revision['data_id'], $revision['rev_id'],
'tag', $label_name, $roscms_intern_account_id);
+ Tag::add($revision['data_id'], $revision['rev_id'],
'tag', $label_name, $thisuser->id());
break;
// delete entry
case 'xe':
- if ($roscms_security_level > 1 || $revision['rev_usrid'] ==
$roscms_intern_account_id) {
+ if ($thisuser->securityLevel() > 1 || $revision['rev_usrid'] ==
$thisuser->id()) {
// copy to Archive if no admin
- if ($roscms_security_level < 3) {
+ if ($thisuser->securityLevel() < 3) {
Data::copy($revision['data_id'], $revision['rev_id'], 0,
$lang);
}
Data::deleteFile($revision['rev_id']);
@@ -941,8 +940,6 @@
*/
public static function copy( $data_id, $rev_id, $archive_mode, $lang = '' )
{
- global $roscms_intern_account_id;
-
// set archive mode dependent vars
if ($archive_mode == 0) {
// copy to archive
@@ -1006,7 +1003,7 @@
if ($archive_mode === false) {
$revision = array(
'rev_version' => '0',
- 'rev_usrid' => $roscms_intern_account_id,
+ 'rev_usrid' => ThisUser::getInstance()->id(),
'rev_language' => $lang,
'rev_datetime' => date('Y-m-d H:i:s'),
'rev_date' => date('Y-m-d'),
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Date.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Date.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Date.class.php [iso-8859-1] Sat Nov
22 17:51:18 2008
@@ -43,10 +43,9 @@
global $rdf_user_timezone;
global $rdf_user_timezone_name;
global $rdf_server_timezone;
- global $roscms_intern_account_id;
// calculate only for registered users
- if ($roscms_intern_account_id > 1) {
+ if (ThisUser::getInstance()->id() > 0) {
$basedate = strtotime($date);
$date_new = strtotime(($rdf_user_timezone+$rdf_server_timezone).' hours',
$basedate);
return date($format, $date_new).' '.$rdf_user_timezone_name;
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Editor.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Editor.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Editor.class.php [iso-8859-1] Sat Nov
22 17:51:18 2008
@@ -36,7 +36,7 @@
*/
public function __construct( $data_id, $rev_id, $action = null )
{
- require('login.php');
+ Login::required();
$this->preventCaching();
if (!empty($data_id) && !empty($rev_id)) {
$this->data_id = $data_id;
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Editor_Website.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Editor_Website.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Editor_Website.class.php [iso-8859-1]
Sat Nov 22 17:51:18 2008
@@ -47,7 +47,8 @@
*/
protected function evalAction( $action )
{
- global $roscms_security_level;
+ $thisuser = &ThisUser::getInstance();
+
global $roscms_standard_language;
global $RosCMS_GET_d_value, $RosCMS_GET_d_value2, $RosCMS_GET_d_value3,
$RosCMS_GET_d_value4;
global $RosCMS_GET_d_id, $RosCMS_GET_d_r_id;
@@ -59,7 +60,7 @@
case 'newentry':
// add a new entry only with higher security level
- if ($roscms_security_level > 1) {
+ if ($thisuser->securityLevel() > 1) {
switch ($RosCMS_GET_d_value) {
case 'dynamic':
$this->showAddEntry(self::DYNAMIC);
@@ -146,7 +147,7 @@
case 'deltag':
// only delete, if user has a higher level than translator, or it's requested
by the user itself
- if ($roscms_security_level > 1 || $RosCMS_GET_d_value2 ==
$roscms_intern_account_id) {
+ if ($thisuser->securityLevel() > 1 || $RosCMS_GET_d_value2 ==
$thisuser->id()) {
Tag::deleteById($RosCMS_GET_d_value, $RosCMS_GET_d_value2);
}
@@ -158,7 +159,7 @@
case 'changetag':
Tag::deleteById($RosCMS_GET_d_value4, $RosCMS_GET_d_value3);
Tag::add($RosCMS_GET_d_id, $RosCMS_GET_d_r_id, $RosCMS_GET_d_value,
$RosCMS_GET_d_value2, $RosCMS_GET_d_value3);
- echo Tag::getIdByUser($RosCMS_GET_d_id, $RosCMS_GET_d_r_id, $RosCMS_GET_d_value,
$roscms_intern_account_id);
+ echo Tag::getIdByUser($RosCMS_GET_d_id, $RosCMS_GET_d_r_id, $RosCMS_GET_d_value,
$thisuser->id());
break;
// update tag by name/user
@@ -200,7 +201,6 @@
protected function performDefaultAction()
{
global $RosCMS_GET_d_r_lang;
- global $roscms_intern_account_id;
// normal (contains NO "tr")
if (!isset($_GET['d_r_id']) || strpos($_GET['d_r_id'], 'tr')
=== false) {
@@ -221,7 +221,7 @@
if (Data::copy($revision['data_id'], $revision['rev_id'], 1 /*
copy mode */, $RosCMS_GET_d_r_lang)) {
$stmt=DBConnection::getInstance()->prepare("SELECT data_id, rev_id,
rev_language FROM data_revision WHERE data_id = :data_id AND rev_usrid = :user_id AND
rev_version = 0 AND rev_language = :lang AND rev_date = :date ORDER BY rev_id DESC LIMIT
1");
$stmt->bindParam('data_id',$revision['data_id'],PDO::PARAM_STR);
-
$stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+ $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
$stmt->bindParam('lang',$_GET['d_r_lang'],PDO::PARAM_STR);
$stmt->bindParam('date',date('Y-m-d'),PDO::PARAM_STR);
$stmt->execute();
@@ -265,7 +265,6 @@
{
global $roscms_standard_language;
global $roscms_standard_language_full;
- global $roscms_security_level;
global $h_a,$h_a2;
echo_strip('
@@ -543,9 +542,10 @@
*/
protected function showEntryData( )
{
- global $roscms_intern_account_id;
global $h_a;
global $h_a2;
+
+ $thisuser = &ThisUser::getInstance();
// get Database Entry
$stmt=DBConnection::getInstance()->prepare("SELECT d.data_id, d.data_name,
d.data_type, r.rev_id, r.rev_version, r.rev_language, r.rev_datetime, u.user_name FROM
data_".$h_a2." d JOIN data_revision".$h_a." r ON r.data_id =
d.data_id JOIN users u ON r.rev_usrid = u.user_id WHERE r.rev_id = :rev_id LIMIT
1");
@@ -556,8 +556,8 @@
echo_strip('
<div style="padding-bottom: 3px;">
<span class="frmeditheader">
- <span
onclick="'."bchangestar(".$revision['data_id'].",".$revision['rev_id'].",'star','addtagn',
".$roscms_intern_account_id.", 'editstar')".'"
style="cursor: pointer;">
- <img id="editstar"
class="'.Tag::getIdByUser($revision['data_id'],
$revision['rev_id'], 'star', $roscms_intern_account_id).'"
src="images/star_'.Tag::getValueByUser($revision['data_id'],
$revision['rev_id'], 'star',
$roscms_intern_account_id).'_small.gif" alt="" style="width:13px;
height:13px; border:0px;" />
+ <span
onclick="'."bchangestar(".$revision['data_id'].",".$revision['rev_id'].",'star','addtagn',
".$thisuser->id().", 'editstar')".'"
style="cursor: pointer;">
+ <img id="editstar"
class="'.Tag::getIdByUser($revision['data_id'],
$revision['rev_id'], 'star', $thisuser->id()).'"
src="images/star_'.Tag::getValueByUser($revision['data_id'],
$revision['rev_id'], 'star', $thisuser->id()).'_small.gif"
alt="" style="width:13px; height:13px; border:0px;" />
</span>
');
echo $revision['data_name'];
@@ -600,11 +600,10 @@
protected function showEntryDetails( $mode = self::METADATA)
{
- global $roscms_intern_account_id;
- global $roscms_security_level;
-
global $h_a;
global $h_a2;
+
+ $thisuser = &ThisUser::getInstance();
echo_strip('
<div class="detailbody">
@@ -615,7 +614,7 @@
echo '<strong>Metadata</strong>';
}
else {
- echo '<span class="detailmenu"
onclick="'."bshowtag(".$this->data_id.",".$this->rev_id.",'a','b',
'".$roscms_intern_account_id."')".'">Metadata</span>';
+ echo '<span class="detailmenu"
onclick="'."bshowtag(".$this->data_id.",".$this->rev_id.",'a','b',
'".$thisuser->id()."')".'">Metadata</span>';
}
echo " | ";
@@ -624,7 +623,7 @@
echo '<strong>History</strong>';
}
else {
- echo '<span class="detailmenu"
onclick="'."bshowhistory(".$this->data_id.",".$this->rev_id.",'a','b',
'".$roscms_intern_account_id."')".'">History</span>';
+ echo '<span class="detailmenu"
onclick="'."bshowhistory(".$this->data_id.",".$this->rev_id.",'a','b',
'".$thisuser->id()."')".'">History</span>';
}
// allowed only for someone with "add" rights
@@ -636,7 +635,7 @@
echo '<strong>Fields</strong>';
}
else {
- echo '<span class="detailmenu"
onclick="'."balterfields(".$this->data_id.",".$this->rev_id.",
'".$roscms_intern_account_id."')".'">Fields</span>';
+ echo '<span class="detailmenu"
onclick="'."balterfields(".$this->data_id.",".$this->rev_id.",
'".$thisuser->id()."')".'">Fields</span>';
}
echo " | ";
@@ -644,19 +643,19 @@
echo '<strong>Entry</strong>';
}
else {
- echo '<span class="detailmenu"
onclick="'."bshowentry(".$this->data_id.",".$this->rev_id.",
'".$roscms_intern_account_id."')".'">Entry</span>';
+ echo '<span class="detailmenu"
onclick="'."bshowentry(".$this->data_id.",".$this->rev_id.",
'".$thisuser->id()."')".'">Entry</span>';
}
}
// allowed only for related super administrators
- if (ROSUser::isMemberOfGroup("ros_sadmin") ||
(Security::hasRight($this->data_id, 'add') &&
ROSUser::isMemberOfGroup('ros_admin'))) {
+ if ($thisuser->isMemberOfGroup('ros_sadmin') ||
(Security::hasRight($this->data_id, 'add') &&
$thisuser->isMemberOfGroup('ros_admin'))) {
echo " | ";
if ($mode == self::SECURITY) {
echo '<strong>Security</strong>';
}
else {
- echo '<span class="detailmenu"
onclick="'."bshowsecurity(".$this->data_id.",".$this->rev_id.",
'".$roscms_intern_account_id."')".'">Security</span>';
+ echo '<span class="detailmenu"
onclick="'."bshowsecurity(".$this->data_id.",".$this->rev_id.",
'".$thisuser->id()."')".'">Security</span>';
}
}
echo_strip('
@@ -692,14 +691,14 @@
*/
private function showEntryDetailsMetadata( )
{
- global $roscms_security_level;
- global $roscms_intern_account_id;
global $h_a,$h_a2;
+
+ $thisuser = &ThisUser::getInstance();
// helper vars
$last_user = null; // used in first while, to recognize the last type
- if ($roscms_security_level > 1) {
+ if ($thisuser->securityLevel() > 1) {
$stmt=DBConnection::getInstance()->prepare("SELECT a.tag_id, a.tag_usrid,
n.tn_name, v.tv_value FROM data_".$h_a2." d, data_revision".$h_a." r,
data_tag".$h_a." a, data_tag_name".$h_a." n,
data_tag_value".$h_a." v WHERE (a.data_id = 0 OR (a.data_id = :data_id AND
a.data_id = d.data_id) ) AND (a.data_rev_id = 0 OR (a.data_rev_id = :rev_id AND
a.data_rev_id = r.rev_id) ) AND a.tag_usrid IN(-1, 0,:user_id) AND a.tag_name_id = n.tn_id
AND a.tag_value_id = v.tv_id ORDER BY tag_usrid ASC, tn_name ASC");
}
else {
@@ -707,7 +706,7 @@
}
$stmt->bindParam('data_id',$this->data_id,PDO::PARAM_INT);
$stmt->bindParam('rev_id',$this->rev_id,PDO::PARAM_INT);
- $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+ $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
$stmt->execute();
while($tag = $stmt->fetch()) {
if ($tag['tag_usrid'] != $last_user) {
@@ -724,7 +723,7 @@
echo 'Labels';
break;
default:
- if ($tag['tag_usrid'] == $roscms_intern_account_id) {
+ if ($tag['tag_usrid'] == $thisuser->id()) {
echo 'Private Labels';
}
} // end switch
@@ -738,9 +737,9 @@
// allow to delete label if SecLev > 1
// allow to delete sys metadata if user has the rights
// allow someone to delete his metadata he set and the user-id > 0
- if (($roscms_security_level > 1 && $tag['tag_usrid'] == 0) ||
(Security::hasRight($this->data_id, 'add') && $tag['tag_usrid']
== -1) || ($tag['tag_usrid'] == $roscms_intern_account_id &&
$tag['tag_usrid'] > 0)) {
+ if (($thisuser->securityLevel() > 1 && $tag['tag_usrid'] ==
0) || (Security::hasRight($this->data_id, 'add') &&
$tag['tag_usrid'] == -1) || ($tag['tag_usrid'] == $thisuser->id()
&& $tag['tag_usrid'] > 0)) {
echo_strip('
- <span class="frmeditbutton"
onclick="'."bdeltag(".$this->data_id.",".$this->rev_id.",'".$tag['tag_id']."',
'".$roscms_intern_account_id."')".'">
+ <span class="frmeditbutton"
onclick="'."bdeltag(".$this->data_id.",".$this->rev_id.",'".$tag['tag_id']."',
'".$thisuser->id()."')".'">
<img src="images/remove.gif" alt=""
style="width:11px; height:11px; border:0px;" />
Delete
</span>');
@@ -756,10 +755,10 @@
<div class="frmeditheadline">Add Private Label</div>
<label
for="addtagn"><b>Tag:</b></label>
<input type="text" id="addtagn" size="15"
maxlength="100" value="" />
- <button type="button"
onclick="'."baddtag(".$this->data_id.",".$this->rev_id.",'tag','addtagn',
'".$roscms_intern_account_id."')".'">Add</button>
+ <button type="button"
onclick="'."baddtag(".$this->data_id.",".$this->rev_id.",'tag','addtagn',
'".$thisuser->id()."')".'">Add</button>
<br />');
- if ($roscms_security_level > 1) {
+ if ($thisuser->securityLevel() > 1) {
echo_strip('
<br />
<div class="frmeditheadline">Add
Label'.(Security::hasRight($this->data_id, 'add') ? ' or System
Metadata' : '').'</div>
@@ -823,7 +822,6 @@
*/
private function showEntryDetailsSecurity( )
{
- global $roscms_intern_account_id;
global $h_a2;
$stmt=DBConnection::getInstance()->prepare("SELECT data_id, data_name,
data_type, data_acl FROM data_".$h_a2." WHERE data_id = :data_id LIMIT
1");
@@ -865,7 +863,7 @@
<br />
<br />
<button type="button" id="beditsavefields"
onclick="'."editsavesecuritychanges('".$this->data_id."','".$this->rev_id."')".'">Save
Changes</button>
- <button type="button" id="beditclear"
onclick="'."bshowsecurity(".$this->data_id.",".$this->rev_id.",
'".$roscms_intern_account_id."')".'">Clear</button>');
+ <button type="button" id="beditclear"
onclick="'."bshowsecurity(".$this->data_id.",".$this->rev_id.",
'".$thisuser->id()."')".'">Clear</button>');
}
@@ -877,7 +875,6 @@
private function showEntryDetailsFields( )
{
global $h_a;
- global $roscms_intern_account_id;
echo_strip(
'<br />
@@ -934,7 +931,7 @@
</span>
<br /><br /><br />
<button type="button" id="beditsavefields"
onclick="'."editsavefieldchanges('".$this->data_id."','".$this->rev_id."')".'">Save
Changes</button>
- <button type="button" id="beditclear"
onclick="'."balterfields(".$this->data_id.",".$this->rev_id.",
'".$roscms_intern_account_id."')".'">Clear</button>');
+ <button type="button" id="beditclear"
onclick="'."balterfields(".$this->data_id.",".$this->rev_id.",
'".$thisuser->id()."')".'">Clear</button>');
}
@@ -995,7 +992,7 @@
<br />
<br />
<button type="button" id="beditsaveentry"
onclick="editsaveentrychanges('.$this->data_id.','.$this->rev_id.')">Save
Changes</button>
- <button type="button" id="beditclear"
onclick="'."bshowentry(".$this->data_id.",".$this->rev_id.",
'".$roscms_intern_account_id."')".'">Clear</button>');
+ <button type="button" id="beditclear"
onclick="'."bshowentry(".$this->data_id.",".$this->rev_id.",
'".$thisuser->id()."')".'">Clear</button>');
}
@@ -1034,7 +1031,6 @@
*/
private function showDifference( $rev_id1, $rev_id2 )
{
- global $roscms_security_level;
// get archive mode for entry 1
if (substr($rev_id1, 0, 2) == 'ar') {
@@ -1129,7 +1125,7 @@
<li>Type: '.$revision1['data_type'].'</li>
<li>Language: '.$revision1['lang_name'].'</li>
<li>User:
'.$revision1['user_name'].'</li>');
- if ($roscms_security_level > 1) {
+ if (ThisUser::getInstance()->securityLevel() > 1) {
echo '<li>ID: '.$revision1['rev_id'].'</li>';
}
echo_strip('
@@ -1141,7 +1137,7 @@
<li>Type: '.$revision2['data_type'].'</li>
<li>Language: '.$revision2['lang_name'].'</li>
<li>User:
'.$revision2['user_name'].'</li>');
- if ($roscms_security_level > 1) {
+ if (ThisUser::getInstance()->securityLevel() > 1) {
echo '<li>ID: '.$revision2['rev_id'].'</li>';
}
echo_strip('
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Export.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Export.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Export.class.php [iso-8859-1] Sat Nov
22 17:51:18 2008
@@ -28,7 +28,7 @@
public function __construct( )
{
- require('login.php');
+ Login::required();
}
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Export_HTML.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Export_HTML.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Export_HTML.class.php [iso-8859-1]
Sat Nov 22 17:51:18 2008
@@ -330,7 +330,6 @@
*/
public function processText( $rev_id, $output_type = '' )
{
- global $roscms_intern_account_id;
global $roscms_standard_language_full;
global $roscms_intern_webserver_pages;
global $roscms_intern_webserver_roscms;
@@ -396,7 +395,7 @@
// replace with user_name
// @FIXME broken logic, or one link too much, which should be removed from Database
$stmt=DBConnection::getInstance()->prepare("SELECT user_name FROM users WHERE
user_id = :user_id LIMIT 1");
- $stmt->bindParam('user_id',$roscms_intern_account_id);
+ $stmt->bindParam('user_id',ThisUser::getInstance()->id());
$stmt->execute();
$user_name = $stmt->fetchColumn();
$content = str_replace('[#roscms_user]', $user_name, $content); // account
that generate
@@ -470,7 +469,6 @@
*/
private function insertHyperlink( $matches )
{
- global $roscms_intern_account_id;
global $roscms_intern_webserver_pages;
global $roscms_intern_webserver_roscms;
@@ -617,8 +615,6 @@
*/
private function insertTemplate( $matches )
{
- global $roscms_intern_account_id;
-
// extract the name, e.g. [#templ_about] -> 'about'
$content_name = substr($matches[0], 8, (strlen($matches[0])-9));
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Export_Maintain.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Export_Maintain.class.php
[iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Export_Maintain.class.php
[iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -51,9 +51,6 @@
*/
public function maintain( )
{
- global $roscms_security_level;
- global $roscms_intern_account_id;
-
global $RosCMS_GET_d_use;
global $RosCMS_GET_d_value;
global $RosCMS_GET_d_value2;
@@ -66,13 +63,13 @@
case 'optimize':
$stmt=DBConnection::getInstance()->prepare("OPTIMIZE TABLE data_, data_a,
data_revision, data_revision_a, data_security, data_stext, data_stext_a, data_tag,
data_tag_a, data_tag_name, data_tag_name_a, data_tag_value, data_tag_value_a, data_text,
data_text_a, data_user_filter, languages, subsys_mappings, usergroups, usergroup_members,
users, user_sessions");
$stmt->execute();
- Log::writeHigh('optimize database tables: done by
'.$roscms_intern_account_id.' {data_maintain_out}');
+ Log::writeHigh('optimize database tables: done by
'.ThisUser::getInstance()->id().' {data_maintain_out}');
break;
case 'analyze':
$stmt=DBConnection::getInstance()->exec("ANALYZE TABLE data_, data_a,
data_revision, data_revision_a, data_security, data_stext, data_stext_a, data_tag,
data_tag_a, data_tag_name, data_tag_name_a, data_tag_value, data_tag_value_a, data_text,
data_text_a, data_user_filter, languages, subsys_mappings, usergroups, usergroup_members,
users, user_sessions");
$stmt->execute();
- Log::writeHigh('analyze database tables: done by
'.$roscms_intern_account_id.' {data_maintain_out}');
+ Log::writeHigh('analyze database tables: done by
'.ThisUser::getInstance()->id().' {data_maintain_out}');
break;
case 'genpages':
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Export_QuickInfo.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Export_QuickInfo.class.php
[iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Export_QuickInfo.class.php
[iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -45,9 +45,6 @@
*/
private function getInfo( )
{
- global $roscms_intern_account_id;
- global $roscms_security_level;
-
global $h_a;
global $h_a2;
@@ -79,14 +76,14 @@
$stmt=DBConnection::getInstance()->prepare("SELECT n.tn_name, v.tv_value
FROM data_tag".$h_a." a JOIN data_".$h_a2." d ON a.data_id = d.data_id
JOIN data_revision".$h_a." r ON a.data_rev_id = r.rev_id JOIN
data_tag_name".$h_a." n ON a.tag_name_id = n.tn_id JOIN
data_tag_value".$h_a." v ON a.tag_value_id = v.tv_id WHERE a.data_id IN(0,
:data_id) AND a.data_rev_id IN(0, :rev_id) AND a.tag_usrid IN(-1, 0, :user_id) ORDER BY
tag_usrid ASC, tn_name ASC");
$stmt->bindParam('data_id',$revision['data_id'],PDO::PARAM_INT);
$stmt->bindParam('rev_id',$revision['rev_id'],PDO::PARAM_INT);
- $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+
$stmt->bindParam('user_id',ThisUser::getInstance()->id(),PDO::PARAM_INT);
$stmt->execute();
while ($tag = $stmt->fetch(PDO::FETCH_ASSOC)) {
echo $t_s.ucfirst($tag['tn_name']).$t_e . $tag['tv_value'].$t_lb;
}
// show additional data for security level > 1
- if ($roscms_security_level > 1) {
+ if (ThisUser::getInstance()->securityLevel() > 1) {
echo $t_s.'Rev-ID'.$t_e.$revision['rev_id'].$t_lb;
echo $t_s.'Data-ID'.$t_e.$revision['data_id'].$t_lb;
echo $t_s.'ACL'.$t_e.$revision['data_acl'].$t_lb;
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Export_User.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Export_User.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Export_User.class.php [iso-8859-1]
Sat Nov 22 17:51:18 2008
@@ -51,13 +51,12 @@
*/
public function search( )
{
- global $roscms_security_level;
- global $roscms_intern_account_id;
-
global $RosCMS_GET_d_use;
global $RosCMS_GET_d_flag;
global $RosCMS_GET_d_value;
global $RosCMS_GET_d_value2;
+
+ $thisuser = &ThisUser::getInstance();
$usage = $RosCMS_GET_d_use;
$flag = $RosCMS_GET_d_flag;
@@ -67,12 +66,12 @@
$new_lang = $RosCMS_GET_d_value2;
$search_type = $RosCMS_GET_d_value2;
- if (ROSUser::isMemberOfGroup('transmaint') || $roscms_security_level == 3) {
+ if ($thisuser->isMemberOfGroup('transmaint') ||
$thisuser->securityLevel() == 3) {
if ($usage == 'usrtbl') {
- if (ROSUser::isMemberOfGroup('transmaint')) {
+ if ($thisuser->isMemberOfGroup('transmaint')) {
$stmt=DBConnection::getInstance()->prepare("SELECT user_language FROM
users WHERE user_id = :user_id LIMIT 1");
- $stmt->bindParam('user_id',$roscms_intern_account_id);
+ $stmt->bindParam('user_id',$thisuser->id());
$stmt->execute();
$user_lang = $stmt->fetchColumn();
@@ -88,17 +87,23 @@
switch ($flag) {
case 'addmembership':
// check if user is already member, so we don't add him twice
- if (!ROSUser::isMemberOfGroup($user_id,$group_id)) {
-
+ // also check that you don't give accounts a higher seclevel
+ $stmt=DBConnection::getInstance()->prepare("SELECT 1 FROM
usergroup_members m JOIN usergroups g ON m.usergroupmember_usergroupid =
g.usrgroup_name_id WHERE usergroupmember_userid = :user_id AND usergroupmember_usergroupid
= :group_id AND usrgroup_seclev <= :security_level LIMIT 1");
+ $stmt->bindParam('user_id',$user_id,PDO::PARAM_INT);
+ $stmt->bindParam('group_id',$group_id,PDO::PARAM_STR);
+
$stmt->bindParam('security_level',$thisuser->securityLevel(),PDO::PARAM_INT);
+ $stmt->execute();
+ if ($stmt->fetchColumn() === false) {
+
// insert new membership
$stmt=DBConnection::getInstance()->prepare("INSERT INTO
usergroup_members ( usergroupmember_userid , usergroupmember_usergroupid ) VALUES (
:user_id, :group_id )");
$stmt->bindParam('user_id',$user_id,PDO::PARAM_INT);
$stmt->bindParam('group_id',$group_id,PDO::PARAM_INT);
$stmt->execute();
if ($user_lang !== false) {
- Log::writeLangMedium("add user account membership:
user-id=".$user_id.", group-id=".$RosCMS_GET_d_value2." done by
".$roscms_intern_account_id." {data_user_out}", $user_lang);
- }
- Log::writeMedium('add user account membership:
user-id='.$user_id.', group-id='.$group_id.' done by
'.$roscms_intern_account_id.' {data_user_out}');
+ Log::writeLangMedium("add user account membership:
user-id=".$user_id.", group-id=".$RosCMS_GET_d_value2." done by
".$thisuser->id()." {data_user_out}", $user_lang);
+ }
+ Log::writeMedium('add user account membership:
user-id='.$user_id.', group-id='.$group_id.' done by
'.$thisuser->id().' {data_user_out}');
}
// preselect displayed content
$flag = 'detail';
@@ -110,16 +115,16 @@
$stmt->bindParam('group_id',$group_id,PDO::PARAM_INT);
$stmt->execute();
if ($user_lang !== false) {
- Log::writeLangMedium('delete user account membership:
user-id='.$user_id.', group-id='.$group_id.' done by
'.$roscms_intern_account_id.' {data_user_out}', $user_lang);
- }
- Log::writeMedium('delete user account membership:
user-id='.$user_id.', group-id='.$group_id.' done by
'.$roscms_intern_account_id.' {data_user_out}');
+ Log::writeLangMedium('delete user account membership:
user-id='.$user_id.', group-id='.$group_id.' done by
'.$thisuser->id().' {data_user_out}', $user_lang);
+ }
+ Log::writeMedium('delete user account membership:
user-id='.$user_id.', group-id='.$group_id.' done by
'.$thisuser->id().' {data_user_out}');
// preselect displayed content
$flag = 'detail';
break;
case 'accountdisable':
// only with admin rights
- if ($roscms_security_level == 3) {
+ if ($thisuser->securityLevel() == 3) {
$stmt=DBConnection::getInstance()->prepare("UPDATE users SET
user_account_enabled = 'no' WHERE user_id = :user_id");
$stmt->bindParam('user_id',$user_id,PDO::PARAM_INT);
$stmt->execute();
@@ -130,7 +135,7 @@
case 'accountenable':
// enable account only with admin rights
- if ($roscms_security_level == 3) {
+ if ($thisuser->securityLevel() == 3) {
// enable account only, if he has already activated his account
$stmt=DBConnection::getInstance()->prepare("UPDATE users SET
user_account_enabled = 'yes' WHERE user_register_activation = '' AND
user_id = :user_id");
$stmt->bindParam('user_id',$user_id,PDO::PARAM_INT);
@@ -146,9 +151,9 @@
$stmt->bindParam('user_id',$user_id);
$stmt->execute();
if ($user_lang) {
- Log::writeLangMedium('change user account language:
user-id='.$user_id.', lang-id='.$group_id.' done by
'.$roscms_intern_account_id.' {data_user_out}', $user_lang);
- }
- Log::writeMedium('change user account language:
user-id='.$user_id.', lang-id='.$group_id.' done by
'.$roscms_intern_account_id.' {data_user_out}');
+ Log::writeLangMedium('change user account language:
user-id='.$user_id.', lang-id='.$group_id.' done by
'.$thisuser->id().' {data_user_out}', $user_lang);
+ }
+ Log::writeMedium('change user account language:
user-id='.$user_id.', lang-id='.$group_id.' done by
'.$thisuser->id().' {data_user_out}');
// preselect displayed content
$flag = 'detail';
break;
@@ -217,7 +222,7 @@
<legend>Details for
\''.$user['user_name'].'\'</legend>
<p><strong>Name:</strong>
'.$user['user_name'].' ('.$user['user_fullname'].')
['.$user['user_id'].']</p>
<p><strong>Lang:</strong>
'.$user['user_language'].'</p>');
- if ($roscms_security_level == 3) {
+ if ($thisuser->securityLevel() == 3) {
echo_strip('
<p><strong>E-Mail:</strong>
'.$user['user_email'].'</p>
<p><strong>Latest Login:</strong>
'.$user['visit'].'; '.$user['visitcount'].'
logins</p>
@@ -239,7 +244,7 @@
while ($user = $stmt->fetch(PDO::FETCH_ASSOC)) {
echo '<li>'.$user['usrgroup_name'].' ';
- if ($roscms_security_level == 3) {
+ if ($thisuser->securityLevel() == 3) {
echo_strip('
<span class="frmeditbutton"
onclick="'."delmembership(".$user_id.",
'".$user['usrgroup_name_id']."')".'">
@@ -251,15 +256,15 @@
} // end while
echo '</ul>';
- if ($roscms_security_level == 3) {
+ if ($thisuser->securityLevel() == 3) {
echo '<select id="cbmmemb"
name="cbmmemb">';
$stmt=DBConnection::getInstance()->prepare("SELECT
usrgroup_name_id, usrgroup_name FROM usergroups WHERE usrgroup_seclev <= :sec_level
ORDER BY usrgroup_name ASC");
-
$stmt->bindParam('sec_level',$roscms_security_level,PDO::PARAM_INT);
+
$stmt->bindParam('sec_level',$thisuser->securityLevel(),PDO::PARAM_INT);
$stmt->execute();
while ($group = $stmt->fetch(PDO::FETCH_ASSOC)) {
// only super admin can give super admin rights
- if (ROSUser::isMemberOfGroup('ros_sadmin') ||
$group['usrgroup_name_id'] != 'ros_sadmin') {
+ if ($group['usrgroup_name'] != 'sadmin' ||
$thisuser->isMemberOfGroup('ros_sadmin')) {
echo '<option
value="'.$group['usrgroup_name_id'].'">'.$group['usrgroup_name'].'</option>';
}
}
@@ -276,12 +281,12 @@
echo_strip('</select>
<input type="button" name="addusrlang"
id="addusrlang" value="Update User language"
onclick="'."updateusrlang(".$user_id.",
document.getElementById('cbmusrlang').value)".'" /><br
/>');
}
- elseif (ROSUser::isMemberOfGroup('transmaint')) {
+ elseif ($thisuser->isMemberOfGroup('transmaint')) {
echo_strip('<input type="button" name="addmemb"
id="addmemb" value="Make this User a Translator"
onclick="'."addmembership(".$user_id.",
'translator')".'" />
<br />
<br />');
$stmt=DBConnection::getInstance()->prepare("SELECT user_language
FROM users WHERE user_id = :user_id LIMIT 1");
-
$stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+ $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
$stmt->execute();
$user_lang = $stmt->fetchColumn();
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Export_XML.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Export_XML.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Export_XML.class.php [iso-8859-1] Sat
Nov 22 17:51:18 2008
@@ -89,9 +89,6 @@
*/
public function page_table_main( $data_name, $filter, $page_offset = 0 )
{
- global $roscms_intern_account_id;
- global $roscms_security_level;
-
// set headers, do not cache !
header('Content-type: text/xml');
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); // Date in the past
@@ -124,12 +121,18 @@
*/
private function generateXML( $page_offset = 0 )
{
- global $roscms_intern_account_id;
- global $roscms_security_level;
+ $thisuser = &ThisUser::getInstance();
$tdata = '';
$row_counter = 1;
- $column_array = explode('|', substr($this->column_list,1,-1)); // prevent
from additional entries caused by '|' at start and end
+ $this->column_list = substr($this->column_list,1,-1);// prevent from additional
entries caused by '|' at start and end
+ if ($this->column_list === '') {
+ $column_array = array();
+ }
+ else {
+ $column_array = explode('|', $this->column_list);
+
+ }
// check if there are entries which are found by filter settings
$stmt=DBConnection::getInstance()->prepare("SELECT COUNT('d.data_id')
FROM data_revision".$this->a." r, data_".$this->a2." d
".$this->sql_from." , data_security y WHERE r.rev_version >= 0 AND
r.data_id = d.data_id AND d.data_acl = y.sec_name AND y.sec_branch = 'website'
". Security::getACL('read') ." ". $this->sql_where);
@@ -145,7 +148,7 @@
echo $ptm_entries.'<table>';
// start table header
- $tdata .= " <view curpos=\"".$page_offset."\"
pagelimit=\"".$this->page_limit."\"
pagemax=\"".$ptm_entries."\"
tblcols=\"".$this->column_list."\" /> \n";
+ $tdata .= " <view curpos=\"".$page_offset."\"
pagelimit=\"".$this->page_limit."\"
pagemax=\"".$ptm_entries."\"
tblcols=\"|".$this->column_list."|\" /> \n";
// prepare for usage in loop
$stmt_trans=DBConnection::getInstance()->prepare("SELECT d.data_id,
d.data_name, d.data_type, r.rev_id, r.rev_version, r.rev_language, r.rev_datetime,
r.rev_date, r.rev_usrid FROM data_".$this->a2." d,
data_revision".$this->a." r WHERE d.data_id = :data_id AND r.rev_version >
0 AND d.data_id = r.data_id AND r.rev_language = :lang LIMIT 1");
@@ -166,7 +169,7 @@
}
// proceed entries
- $stmt=DBConnection::getInstance()->prepare("SELECT d.data_id, d.data_name,
d.data_type, d.data_acl, r.rev_id, r.rev_version, r.rev_language, r.rev_datetime,
r.rev_date, r.rev_usrid ".$this->sql_select." ,
y.sec_lev".$roscms_security_level."_write FROM
data_revision".$this->a." r, data_".$this->a2." d
".$this->sql_from." , data_security y WHERE r.rev_version >= 0 AND
r.data_id = d.data_id AND d.data_acl = y.sec_name AND y.sec_branch = 'website'
". Security::getACL('read') ." ". $this->sql_where ."
". $this->sql_order ." LIMIT :limit OFFSET :offset");
+ $stmt=DBConnection::getInstance()->prepare("SELECT d.data_id, d.data_name,
d.data_type, d.data_acl, r.rev_id, r.rev_version, r.rev_language, r.rev_datetime,
r.rev_date, r.rev_usrid ".$this->sql_select." ,
y.sec_lev".$thisuser->securityLevel()."_write FROM
data_revision".$this->a." r, data_".$this->a2." d
".$this->sql_from." , data_security y WHERE r.rev_version >= 0 AND
r.data_id = d.data_id AND d.data_acl = y.sec_name AND y.sec_branch = 'website'
". Security::getACL('read') ." ". $this->sql_where ."
". $this->sql_order ." LIMIT :limit OFFSET :offset");
$stmt->bindValue('limit',0+$this->page_limit,PDO::PARAM_INT);
$stmt->bindValue('offset',0+$page_offset,PDO::PARAM_INT);
$stmt->execute();
@@ -250,10 +253,10 @@
}
// care about bookmark visibility
- if (Tag::getValueByUser($row['data_id'], $row['rev_id'],
'star', $roscms_intern_account_id) == 'on') {
+ if (Tag::getValueByUser($row['data_id'], $row['rev_id'],
'star', $thisuser->id()) == 'on') {
$star_state = '1';
}
- $star_id = Tag::getIdByUser($row['data_id'], $row['rev_id'],
'star', $roscms_intern_account_id);
+ $star_id = Tag::getIdByUser($row['data_id'], $row['rev_id'],
'star', $thisuser->id());
// get page title
$stmt_stext->bindParam('rev_id',$row['rev_id'],PDO::PARAM_INT);
@@ -346,9 +349,8 @@
*/
private function generateFilterSQL( $filter )
{
- global $roscms_intern_account_id;
- global $roscms_security_level;
-
+ $thisuser = &ThisUser::getInstance();
+
// check if there is something to do
if ($filter == '') {
return;
@@ -672,12 +674,12 @@
if ($entries_private <= 0 && $entries_system <= 0 &&
$entries_public <= 0) {
// everything except draft
- if ($roscms_security_level == 3) {
+ if ($thisuser->securityLevel() == 3) {
$this->sql_where .= " AND (n.tn_name = 'status' AND v.tv_value !=
'draft') ";
}
// new, stable and unknown (if more than translator)
- if ($roscms_security_level == 2) {
+ if ($thisuser->securityLevel() == 2) {
$this->sql_where .= " AND (n.tn_name = 'status' AND (v.tv_value =
'new' OR v.tv_value = 'stable' OR v.tv_value = 'unknown'))
";
}
else {
@@ -687,7 +689,7 @@
// set additional needed sql
$this->sql_select .= ", n.tn_name, v.tv_value ";
$this->sql_from .= ", data_tag".$this->a." a,
data_tag_name".$this->a." n, data_tag_value".$this->a." v
";
- $this->sql_where .= " AND r.data_id = a.data_id AND r.rev_id =
a.data_rev_id AND a.tag_usrid IN(-1, 0,
".DBConnection::getInstance()->quote($roscms_intern_account_id,PDO::PARAM_INT).")
AND a.tag_name_id = n.tn_id AND a.tag_value_id = v.tv_id ";
+ $this->sql_where .= " AND r.data_id = a.data_id AND r.rev_id =
a.data_rev_id AND a.tag_usrid IN(-1, 0,
".DBConnection::getInstance()->quote($thisuser->id(),PDO::PARAM_INT).")
AND a.tag_name_id = n.tn_id AND a.tag_value_id = v.tv_id ";
}
// construct additioanl sql for tag-usage from filter
@@ -695,17 +697,17 @@
for ($i = 1; $i <= $tag_counter; $i++) {
$this->sql_select .= ", n".$i.".tn_name,
v".$i.".tv_value ";
$this->sql_from .= ", data_tag".$this->a."
a".$i.", data_tag_name".$this->a." n".$i.",
data_tag_value".$this->a." v".$i." ";
- $this->sql_where .= " AND r.data_id = a".$i.".data_id AND
r.rev_id = a".$i.".data_rev_id AND (a".$i.".tag_usrid = '-1'
OR a".$i.".tag_usrid = '0' OR a".$i.".tag_usrid =
".DBConnection::getInstance()->quote($roscms_intern_account_id,PDO::PARAM_INT).")
AND a".$i.".tag_name_id = n".$i.".tn_id AND
a".$i.".tag_value_id = v".$i.".tv_id ";
+ $this->sql_where .= " AND r.data_id = a".$i.".data_id AND
r.rev_id = a".$i.".data_rev_id AND (a".$i.".tag_usrid = '-1'
OR a".$i.".tag_usrid = '0' OR a".$i.".tag_usrid =
".DBConnection::getInstance()->quote($thisuser->id(),PDO::PARAM_INT).")
AND a".$i.".tag_name_id = n".$i.".tn_id AND
a".$i.".tag_value_id = v".$i.".tv_id ";
}
}
// make sure only private drafts are visible
- if ($roscms_security_level < 3 && $entries_private > 0) {
- $this->sql_where .= " AND r.rev_usrid =
'".$roscms_intern_account_id."' ";
+ if ($thisuser->securityLevel() < 3 && $entries_private > 0) {
+ $this->sql_where .= " AND r.rev_usrid =
'".$thisuser->id()."' ";
}
// either show draft (private) OR stable & new (public) entries, private AND
public entries together are NOT allowed => block
- if ($roscms_security_level < 2 && (($entries_private > 0 &&
$entries_public > 0) || $entries_system > 0)) {
+ if ($thisuser->securityLevel() < 2 && (($entries_private > 0
&& $entries_public > 0) || $entries_system > 0)) {
$this->sql_select = "";
$this->sql_from = "";
$this->sql_where = " FALSE ";
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS.class.php [iso-8859-1] Sat
Nov 22 17:51:18 2008
@@ -37,8 +37,8 @@
public function __construct( $page_title = '' )
{
// need to have a logged in user with minimum security level 1
- require('login.php');
- if ($roscms_security_level == 0) {
+ Login::required();
+ if (ThisUser::getInstance()->securityLevel() == 0) {
header('location:?page=nopermission');
}
@@ -65,17 +65,26 @@
*/
private function navigation( )
{
- global $roscms_security_level;
- global $roscms_security_memberships;
- global $roscms_intern_login_check_username;
global $roscms_intern_page_link;
global $roscms_intern_webserver_pages, $roscms_intern_page_link;
+
+ $thisuser = &ThisUser::getInstance();
+
+ // generate list of memberships
+ $group_list = '';
+ $groups = $thisuser->getGroups();
+ foreach($groups as $group_name => $security_level) {
+ $group_list .= ($group_list!=''?',':'').$group_name;
+ }
+
+ // get security level
+ $security_level = $thisuser->securityLevel();
// get selected navigation entry
echo_strip('
<div id="myReactOS" style="padding-right: 10px;">
- <strong>'.$roscms_intern_login_check_username.'</strong>
- '.(($roscms_security_level > 1) ? '| SecLev:
'.$roscms_security_level.' ('. str_replace('|', ', ',
substr($roscms_security_memberships, 1, -2)) .')' : '').'
+ <strong>'.$thisuser->name().'</strong>
+ '.(($security_level > 1) ? '| SecLev: '.$security_level.'
('. $group_list .')' : '').'
|
<span onclick="pagerefresh()" style="color:#006090;
cursor:pointer;">
<img src="images/reload.gif" alt="reload page"
width="16" height="16" />
@@ -108,7 +117,7 @@
</th>
<td> </td>');
- if
(ROSUser::isMemberOfGroup('transmaint','ros_admin','ros_sadmin'))
{
+ if
($thisuser->isMemberOfGroup('transmaint','ros_admin','ros_sadmin'))
{
echo_strip('
<th class="int'.(($this->branch == 'user') ? '2' :
'1').'"
onclick="'."roscms_mainmenu('user')".'">
<div class="tc1">
@@ -121,7 +130,7 @@
<td> </td>');
}
- if ($roscms_security_level == 3) {
+ if ($thisuser->securityLevel() == 3) {
echo_strip('
<th class="int'.(($this->branch == 'maintain') ?
'2' : '1').'"
onclick="'."roscms_mainmenu('maintain')".'">
<div class="tc1">
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Maintain.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Maintain.class.php
[iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Maintain.class.php
[iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -52,10 +52,9 @@
protected function body( )
{
global $roscms_intern_page_link;
- global $roscms_security_level;
// check if user has rights for this area
- if ($roscms_security_level > 3) {
+ if (ThisUser::getInstance()->securityLevel() < 3) {
return;
}
@@ -97,7 +96,7 @@
<img id="ajaxloading" style="display:none;"
src="images/ajax_loading.gif" width="13" height="13"
alt="" />
<br />');
- if (ROSUser::isMemberOfGroup('ros_sadmin')) {
+ if (ThisUser::getInstance()->isMemberOfGroup('ros_sadmin')) {
// display logs
echo_strip('
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_User.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_User.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_User.class.php [iso-8859-1]
Sat Nov 22 17:51:18 2008
@@ -52,8 +52,10 @@
protected function body( )
{
global $roscms_standard_language;
-
- if
(!ROSUser::isMemberOfGroup('transmaint','ros_admin','ros_sadmin'))
{
+
+ $thisuser = &ThisUser::getInstance();
+
+ if
(!$thisuser->isMemberOfGroup('transmaint','ros_admin','ros_sadmin'))
{
return;
}
@@ -63,10 +65,10 @@
<p style="font-weight: bold;">User Account Management
Interface</p>
<br />');
- if (ROSUser::isMemberOfGroup('ros_admin','ros_sadmin')) {
+ if ($thisuser->isMemberOfGroup('ros_admin','ros_sadmin')) {
echo '<h3>Administrator</h3>';
}
- elseif (ROSUser::isMemberOfGroup('transmaint')) {
+ elseif ($thisuser->isMemberOfGroup('transmaint')) {
echo '<h3>Language Maintainer</h3>';
$stmt=DBConnection::getInstance()->prepare("SELECT d.data_id, u.user_id,
u.user_name, u.user_fullname, u.user_language, COUNT(r.data_id) as 'editcounter'
FROM data_a d, data_revision r, users u WHERE r.data_id = d.data_id AND r.rev_usrid =
u.user_id AND rev_version > 0 AND r.rev_language = :lang GROUP BY u.user_name ORDER
BY editcounter DESC, u.user_name");
$stmt->bindParam('lang',$roscms_standard_language,PDO::PARAM_STR);
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Website.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Website.class.php
[iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Website.class.php
[iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -56,13 +56,12 @@
*/
protected function body( )
{
- global $roscms_intern_account_id;
- global $roscms_intern_login_check_username;
- global $roscms_security_level;
global $roscms_standard_language;
global $roscms_standard_language_trans;
global $roscms_intern_webserver_roscms;
global $roscms_intern_page_link;
+
+ $thisuser = &ThisUser::getInstance();
echo_strip('
<noscript>
@@ -98,21 +97,21 @@
var roscms_page_load_finished = false;
// map php vars
- var roscms_intern_account_id = ".$roscms_intern_account_id.";
+ var roscms_intern_account_id = ".$thisuser->id().";
var roscms_standard_language =
'".$roscms_standard_language."';
var roscms_standard_language_trans =
'".$roscms_standard_language_trans."';
- var roscms_intern_login_check_username =
'".$roscms_intern_login_check_username."';
+ var roscms_intern_login_check_username =
'".$thisuser->name()."';
var roscms_intern_webserver_roscms =
'".$roscms_intern_webserver_roscms."';
var roscms_intern_page_link = '".$roscms_intern_page_link."';
var roscms_get_edit = '".(isset($_GET['edit']) ?
$RosCMS_GET_cms_edit : '')."';
- var roscms_access_level = ".$roscms_security_level.";
- var roscms_cbm_hide = '".(($roscms_security_level > 1) ? '' :
' disabled="disabled" style="color:#CCCCCC;"')."'; //
disable combobox entries for novice user
+ var roscms_access_level = ".$thisuser->securityLevel().";
+ var roscms_cbm_hide = '".(($thisuser->securityLevel() > 1) ?
'' : ' disabled="disabled"
style="color:#CCCCCC;"')."'; // disable combobox entries for novice
user
// favorite user language
";
$stmt=DBConnection::getInstance()->prepare("SELECT user_language FROM users
WHERE user_id = :user_id LIMIT 1");
- $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+ $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
$stmt->execute();
$user_lang = $stmt->fetchColumn();
@@ -150,13 +149,13 @@
<div class="roscms_container" style="border: 1px dashed white;
z-index: 2;">
<div class="tabmenu" style="position: absolute; top: 0px;
width: 150px; left: 0px; border: 0px; z-index:1;">
- <div id="smenutab1" class="submb"
onclick="smenutab_open(this.id)"'.(($roscms_security_level == 1 ||
ROSUser::isMemberOfGroup("transmaint")) ? '
style="display:none;"' : '').'>
+ <div id="smenutab1" class="submb"
onclick="smenutab_open(this.id)"'.(($thisuser->securityLevel() == 1 ||
$thisuser->isMemberOfGroup('transmaint')) ? '
style="display:none;"' : '').'>
<div class="subm1">
<div id="smenutabc1" class="subm2"
style="font-weight: bold;">New Entry</div>
</div>
</div>');
- if ($roscms_security_level > 1) {
+ if ($thisuser->securityLevel() > 1) {
echo '<div style="background: white none repeat scroll
0%;"> </div>';
}
@@ -167,7 +166,7 @@
</div>
</div>
- <div id="smenutab3" class="submb"
onclick="smenutab_open(this.id)"'.(($roscms_security_level == 1 ||
ROSUser::isMemberOfGroup("transmaint")) ? '
style="display:none;"' : '').'>
+ <div id="smenutab3" class="submb"
onclick="smenutab_open(this.id)"'.(($thisuser->securityLevel() == 1 ||
$thisuser->isMemberOfGroup('transmaint')) ? '
style="display:none;"' : '').'>
<div class="subm1">
<div id="smenutabc3"
class="subm2">Page</div>
</div>
@@ -177,12 +176,12 @@
<div id="smenutabc4"
class="subm2">Content</div>
</div>
</div>
- <div id="smenutab5" class="submb"
onclick="smenutab_open(this.id)"'.(($roscms_security_level == 1 ||
ROSUser::isMemberOfGroup("transmaint")) ? '
style="display:none;"' : '').'>
+ <div id="smenutab5" class="submb"
onclick="smenutab_open(this.id)"'.(($thisuser->securityLevel() == 1 ||
$thisuser->isMemberOfGroup('transmaint')) ? '
style="display:none;"' : '').'>
<div class="subm1">
<div id="smenutabc5"
class="subm2">Template</div>
</div>
</div>
- <div id="smenutab6" class="submb"
onclick="smenutab_open(this.id)"'.(($roscms_security_level == 1 ||
ROSUser::isMemberOfGroup("transmaint")) ? '
style="display:none;"' : '').'>
+ <div id="smenutab6" class="submb"
onclick="smenutab_open(this.id)"'.(($thisuser->securityLevel() == 1 ||
$thisuser->isMemberOfGroup('transmaint')) ? '
style="display:none;"' : '').'>
<div class="subm1">
<div id="smenutabc6"
class="subm2">Script</div>
</div>
@@ -303,7 +302,7 @@
<div style="border: 0px dashed red; position: absolute;
top: 9px; right: 13px; text-align:right; white-space: nowrap;">
<select name="favlangopt" id="favlangopt"
style="vertical-align: top; width: 22ex;"
onchange="setlang(this.value)">');
- $user_lang = ROSUser::getLanguage($roscms_intern_account_id, true);
+ $user_lang = ROSUser::getLanguage($thisuser->id(), true);
$stmt=DBConnection::getInstance()->prepare("SELECT lang_id, lang_name FROM
languages WHERE lang_level > '0' ORDER BY lang_name ASC");
$stmt->execute();
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Welcome.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Welcome.class.php
[iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Welcome.class.php
[iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -47,7 +47,6 @@
*/
protected function body( )
{
- global $roscms_intern_account_id;
global $roscms_standard_language;
echo_strip('
@@ -65,10 +64,10 @@
<p style="font-weight: bold;">');echo
Data::getContent('web_news', 'system', 'en', 'heading',
'stext').'</p>'.
Data::getContent('web_news', 'system', 'en',
'content', 'text').'<br />';
- if (ROSUser::isMemberOfGroup('translator', 'transmaint')) {
+ if (ThisUser::getInstance()->isMemberOfGroup('translator',
'transmaint')) {
$stmt=DBConnection::getInstance()->prepare("SELECT user_language FROM
users WHERE user_id = :user_id LIMIT 1");
- $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+
$stmt->bindParam('user_id',ThisUser::getInstance()->id(),PDO::PARAM_INT);
$stmt->execute();
$user_lang = $stmt->fetchColumn();
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User.class.php [iso-8859-1] Sat
Nov 22 17:51:18 2008
@@ -54,15 +54,14 @@
*/
private function navigation( )
{
- global $roscms_intern_account_id;
global $roscms_intern_webserver_pages;
global $roscms_intern_webserver_roscms;
global $roscms_SET_path_ex;
global $rdf_uri_str;
global $rpm_lang;
global $roscms_langres;
- global $roscms_intern_login_check_username;
- global $roscms_security_level;
+
+ $thisuser = &ThisUser::getInstance();
echo_strip('
<table style="border:0" width="100%"
cellpadding="0" cellspacing="0">
@@ -78,15 +77,15 @@
</ol>
<br />');
- if ($roscms_intern_account_id > 0) {
+ if ($thisuser->id() > 0) {
echo_strip('
<div
class="navTitle">'.$roscms_langres['Account'].'</div>
<ol>
- <li
title="'.$roscms_intern_login_check_username.'"> Nick: '.substr($roscms_intern_login_check_username,
0, 9).'</li>
+ <li
title="'.$thisuser->name().'"> Nick: '.substr($thisuser->name(),
0, 9).'</li>
<li><a href="'.$roscms_SET_path_ex.'my/">My
Profile</a></li>
<li><a href="'.$roscms_SET_path_ex.'search/">User
Search</a></li>
<li><a
href="'.$roscms_intern_webserver_pages.'peoplemap/">User
Map</a></li>');
- if ($roscms_security_level > 0) {
+ if ($thisuser->securityLevel() > 0) {
echo '<li><a
href="'.$roscms_intern_webserver_roscms.'?page=data&branch=welcome">RosCMS
Interface</a></li>';
}
echo_strip('
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Profile.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Profile.class.php
[iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Profile.class.php
[iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -36,7 +36,7 @@
*/
public function __construct( $page_title = '', $search = false)
{
- require('login.php');
+ Login::required();
$this->search = $search;
parent::__construct( $page_title );
}
@@ -49,7 +49,6 @@
*/
protected function body( )
{
- global $roscms_intern_account_id;
global $rdf_uri_2;
global $roscms_SET_path_ex;
@@ -115,7 +114,7 @@
}
}
else {
- $this->profile($roscms_intern_account_id);
+ $this->profile(ThisUser::getInstance()->id());
}
}
@@ -126,11 +125,11 @@
*/
private function profile( $user_id = null )
{
- global $roscms_intern_account_id;
global $roscms_SET_path_ex;
global $roscms_intern_webserver_pages;
global $rdf_name;
- global $roscms_security_level;
+
+ $thisuser = &ThisUser::getInstance();
$stmt=DBConnection::getInstance()->prepare("SELECT user_id, user_name,
user_register, user_fullname, user_email, user_email_activation, user_website,
user_country, user_timezone, user_occupation, user_setting_multisession,
user_setting_browseragent, user_setting_ipaddress, user_setting_timeout, user_language
FROM users WHERE user_id = :user_id LIMIT 1");
$stmt->bindparam('user_id',$user_id,PDO::PARAM_INT);
@@ -177,7 +176,7 @@
}
// email only for the user itself or admins
- if ($profile['user_id'] == $roscms_intern_account_id ||
$roscms_security_level == 3) {
+ if ($profile['user_id'] == $thisuser->id() ||
$thisuser->securityLevel() == 3) {
echo_strip('
<div class="login-form">
<div class="u-desc">E-Mail Address </div>
@@ -241,7 +240,7 @@
}
// Groups (only for user itself) and admins
- if ($profile['user_id'] == $roscms_intern_account_id ||
$roscms_security_level == 3) {
+ if ($profile['user_id'] == $thisuser->id() ||
$thisuser->securityLevel() == 3) {
echo_strip('
<div class="login-form">
<div class="u-desc">User Groups</div>
@@ -261,12 +260,12 @@
// Location
echo_Strip('
<div class="login-form">
- <a href="'.$roscms_intern_webserver_pages.'peoplemap/"
style="color:#333333 !important; text-decoration:underline;
font-weight:bold;">'.($profile['user_id']==$roscms_intern_account_id ?
'My ' : '').'Location on the Map</a>
+ <a href="'.$roscms_intern_webserver_pages.'peoplemap/"
style="color:#333333 !important; text-decoration:underline;
font-weight:bold;">'.($profile['user_id']==$thisuser->id() ?
'My ' : '').'Location on the Map</a>
</div>
</div>');
// show edit or search link (depending if the current user is searched user)
- if ($profile['user_id'] == $roscms_intern_account_id) {
+ if ($profile['user_id'] == $thisuser->id()) {
echo_strip('
<div> </div>
<div class="u-link"><a
href="'.$roscms_SET_path_ex.'my/edit/">Edit My
Profile</a></div>
Modified:
branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_ProfileEdit.clas…
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_ProfileEdit.clas…
[iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_ProfileEdit.clas…
[iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -33,7 +33,7 @@
*/
public function __construct()
{
- require('login.php');
+ Login::required();
session_start();
parent::__construct();
}
@@ -46,7 +46,6 @@
*/
protected function body( )
{
- global $roscms_intern_account_id;
global $roscms_SET_path_ex;
global $rdf_uri_3;
global $rdf_name_long;
@@ -89,7 +88,7 @@
<div style="text-align:center; padding: 4px;
">');
$stmt=DBConnection::getInstance()->prepare("SELECT user_id, user_name,
user_fullname, user_email, user_email_activation, user_website, user_country,
user_timezone, user_occupation, user_setting_multisession, user_setting_browseragent,
user_setting_ipaddress, user_setting_timeout FROM users WHERE user_id = :user_id LIMIT
1");
- $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+
$stmt->bindParam('user_id',ThisUser::getInstance()->id(),PDO::PARAM_INT);
$stmt->execute();
$profile = $stmt->fetchOnce();
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Log.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Log.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Log.class.php [iso-8859-1] Sat Nov 22
17:51:18 2008
@@ -44,9 +44,7 @@
*/
public static function prepareInfo( $data_id, $rev_id )
{
- global $roscms_intern_account_id;
-
- return ' [dataid: '.$data_id.'; revid: '.$rev_id.'; userid:
'.$roscms_intern_account_id.'; security:
'.Security::rightsOverview($data_id).'] ';
+ return ' [dataid: '.$data_id.'; revid: '.$rev_id.'; userid:
'.ThisUser::getInstance()->id().'; security:
'.Security::rightsOverview($data_id).'] ';
} // end of member function prepare_info
@@ -170,7 +168,6 @@
*/
private function write( $log_str, $log_mode = 3, $log_entry = 'log_website_'
)
{
- global $roscms_intern_account_id;
global $roscms_standard_language;
// get current log id
@@ -204,7 +201,7 @@
$stmt=DBConnection::getInstance()->prepare("INSERT INTO data_revision_a (
rev_id , data_id , rev_version , rev_language , rev_usrid , rev_datetime , rev_date ,
rev_time ) VALUES ( NULL, :data_id, '1', :lang, :user_id, NOW(), CURDATE(),
CURTIME() )");
$stmt->bindParam('data_id',$log_id,PDO::PARAM_INT);
$stmt->bindParam('lang',$roscms_standard_language,PDO::PARAM_STR);
- $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+
$stmt->bindParam('user_id',ThisUser::getInstance()->id(),PDO::PARAM_INT);
$stmt->execute();
// get the new log revison id
@@ -261,7 +258,7 @@
// get a username, who is responsible for this log
$stmt=DBConnection::getInstance()->prepare("SELECT user_name FROM users
WHERE user_id = :user_id LIMIT 1");
- $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+
$stmt->bindParam('user_id',ThisUser::getInstance()->id(),PDO::PARAM_INT);
$stmt->execute();
$username = $stmt->fetchColumn();
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Login.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Login.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Login.class.php [iso-8859-1] Sat Nov
22 17:51:18 2008
@@ -2,6 +2,7 @@
/*
RosCMS - ReactOS Content Management System
Copyright (C) 2005 Ge van Geldorp <gvg(a)reactos.org>
+ 2005 Klemens Friedl <frik85(a)reactos.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -150,5 +151,60 @@
exit;
} // end of member function login
+
+ /**
+ * User Settings:
+ * user_setting_multisession == "true" (default: false) [multi sessions are
allowed for this user]
+ * user_setting_browseragent == "true" (default: true) [no one should
deactivate ("false") this option or only if he change the user agent very often
(e.g. in opera: IE <=> Opera)]
+ * user_setting_ipaddress == "true" (default: true) [IP address check; avoid
this setting if the user is behind a proxy or use more than one pc the same time (a
possible security risk, but some persons wanted that behavior ...); Note: this is a per
user setting, everyone can change it!]
+ * user_setting_timeout == "true" (default: false) [NO timeout; so user can
use the ros homepage systems without to login everytime]
+ *
+ * @access public
+ */
+ public static function required( )
+ {
+
+ // check if user wants to logout
+ if (isset($_POST['logout'])) {
+ header('location:?page=logout');
+ }
+
+ // get current location (for redirection, if the login succeds)
+ $target = $_SERVER[ 'PHP_SELF' ];
+ if ( IsSet( $_SERVER[ 'QUERY_STRING' ] ) ) {
+ $target .= '?'.$_SERVER[ 'QUERY_STRING' ];
+ }
+
+ // get information about script executer
+ $user_id = Login::in(Login::REQUIRED, $target);
+ if ($user_id == 0) {
+ die('Could not Login.');
+ }
+
+ // get user data
+ $stmt=DBConnection::getInstance()->prepare("SELECT user_id, user_name,
user_roscms_password, user_timestamp_touch, user_setting_timeout, user_login_counter,
user_account_enabled, user_setting_multisession, user_setting_browseragent,
user_setting_ipaddress FROM users WHERE user_id = :user_id LIMIT 1");
+ $stmt->bindparam('user_id',$user_id,PDO::PARAM_INT);
+ $stmt->execute() or die('DB error (login script #1)!');
+ $user = $stmt->fetchOnce(PDO::FETCH_ASSOC);
+ if($user === false) {
+ die('DB error (login script #2)');
+ }
+
+ // if the account is NOT enabled; e.g. a reason could be that a member of the admin
group has disabled this account because of spamming, etc.
+ if ($user['user_account_enabled'] != 'yes') {
+ die('Account is not enabled!<br /><br />System message:
'.$user['user_account_enabled']);
+ }
+
+ // collect memberships for current user
+ $stmt=DBConnection::getInstance()->prepare("SELECT
m.usergroupmember_usergroupid AS name, usrgroup_seclev AS security_level FROM
usergroup_members m JOIN usergroups g ON m.usergroupmember_usergroupid =
g.usrgroup_name_id WHERE usergroupmember_userid = :user_id");
+ $stmt->bindparam('user_id',$user['user_id'],PDO::PARAM_INT);
+ $stmt->execute();
+ while($membership = $stmt->fetch()) {
+ ThisUser::getInstance()->addGroup($membership);
+ }
+
+ ThisUser::getInstance()->setData($user);
+ } // end of member function require
+
} // end of Login
?>
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/ROSUser.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/ROSUser.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/ROSUser.class.php [iso-8859-1] Sat
Nov 22 17:51:18 2008
@@ -151,36 +151,6 @@
/**
- * checks if the user is member of at least in one of the groups
- *
- * @param string group_name
- * @param string group_name2
- * @param string group_name3
- * @return bool
- * @access public
- */
- public static function isMemberOfGroup( $group_name, $group_name2 = null, $group_name3
= null )
- {
- global $roscms_intern_account_id;
-
- // construct SQL for group membership check
- $group = DBConnection::getInstance()->quote($group_name,PDO::PARAM_STR);
- if ($group_name2 !== null) {
- $group .=
",".DBConnection::getInstance()->quote($group_name2,PDO::PARAM_STR);
- }
- if ($group_name3 !== null) {
- $group .=
",".DBConnection::getInstance()->quote($group_name3,PDO::PARAM_STR);
- }
-
- $stmt=DBConnection::getInstance()->prepare("SELECT TRUE FROM
usergroup_members WHERE usergroupmember_userid = :user_id AND usergroupmember_usergroupid
IN(".$group.") LIMIT 1");
- $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
- $stmt->execute();
-
- return ($stmt->fetchColumn() !== false);
- } // end of member isGroupMember
-
-
- /**
*
*
* @param string email
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Security.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Security.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Security.class.php [iso-8859-1] Sat
Nov 22 17:51:18 2008
@@ -42,18 +42,17 @@
*/
public function getACL( $kind )
{
- global $roscms_intern_account_id;
- global $roscms_security_level;
+ $thisuser = &ThisUser::getInstance();
$acl = '';
$sec_access = false; // security access already granted ?
// only if user has rights to access the interface
- if ($roscms_security_level > 0) {
+ if ($thisuser->securityLevel() > 0) {
// for usage in the while loop
$stmt=DBConnection::getInstance()->prepare("SELECT
usergroupmember_usergroupid FROM usergroup_members WHERE usergroupmember_userid =
:user_id");
- $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+ $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
$stmt->execute();
$usergroups = $stmt->fetchAll(PDO::FETCH_ASSOC);
@@ -63,7 +62,7 @@
while ($sec_entry = $stmt->fetch(PDO::FETCH_ASSOC)) {
// add entries, remove them if they're on the deny list
- if ($sec_entry['sec_lev'.$roscms_security_level.'_'.$kind] == 1)
{
+ if ($sec_entry['sec_lev'.$thisuser->securityLevel().'_'.$kind]
== 1) {
if ($sec_access) {
$acl .= " OR";
}
@@ -143,11 +142,10 @@
{
global $h_a2;
- global $roscms_intern_account_id;
- global $roscms_security_level;
+ $thisuser = &ThisUser::getInstance();
// roscms interface access ?
- if ($roscms_security_level < 1) {
+ if ($thisuser->securityLevel() < 1) {
return;
}
@@ -163,7 +161,7 @@
// check for membership in allowed groups
$stmt=DBConnection::getInstance()->prepare("SELECT
usergroupmember_usergroupid FROM usergroup_members WHERE usergroupmember_userid =
:user_id");
- $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+ $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
$stmt->execute();
while($usergroup = $stmt->fetch(PDO::FETCH_ASSOC)) {
@@ -176,7 +174,7 @@
// check for membership in denied list
$stmt=DBConnection::getInstance()->prepare("SELECT
usergroupmember_usergroupid FROM usergroup_members WHERE usergroupmember_userid =
:user_id");
- $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+ $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
$stmt->execute();
while($usergroup = $stmt->fetch(PDO::FETCH_ASSOC)) {
@@ -189,19 +187,19 @@
// create a list with rights
//@CHECKME is this type of checks a good idea ??
- if (($rights['sec_lev'.$roscms_security_level.'_read'] == 1 ||
$acl_allow === true) && $acl_deny === false) {
+ if (($rights['sec_lev'.$thisuser->securityLevel().'_read'] == 1 ||
$acl_allow === true) && $acl_deny === false) {
$rights_list .= 'read|';
}
- if (($rights['sec_lev'.$roscms_security_level.'_write'] == 1 ||
$acl_allow === true) && $acl_deny === false) {
+ if (($rights['sec_lev'.$thisuser->securityLevel().'_write'] == 1
|| $acl_allow === true) && $acl_deny === false) {
$rights_list .= 'write|';
}
- if (($rights['sec_lev'.$roscms_security_level.'_add'] == 1 ||
($acl_allow === true && $roscms_security_level == 3)) && $acl_deny ===
false) {
+ if (($rights['sec_lev'.$thisuser->securityLevel().'_add'] == 1 ||
($acl_allow === true && $thisuser->securityLevel() == 3)) && $acl_deny
=== false) {
$rights_list .= 'add|';
}
- if (($rights['sec_lev'.$roscms_security_level.'_pub'] == 1 ||
($acl_allow === true && $roscms_security_level == 3)) && $acl_deny ===
false) {
+ if (($rights['sec_lev'.$thisuser->securityLevel().'_pub'] == 1 ||
($acl_allow === true && $thisuser->securityLevel() == 3)) && $acl_deny
=== false) {
$rights_list .= 'pub|';
}
- if (($rights['sec_lev'.$roscms_security_level.'_trans'] == 1 ||
($acl_allow === true && $roscms_security_level == 3)) && $acl_deny ===
false) {
+ if (($rights['sec_lev'.$thisuser->securityLevel().'_trans'] == 1
|| ($acl_allow === true && $thisuser->securityLevel() == 3)) &&
$acl_deny === false) {
$rights_list .= 'trans|';
}
@@ -218,11 +216,8 @@
*/
public function hasRight( $data_id, $kind )
{
- global $roscms_security_level;
-
// only if roscms interface access is granted
- if ($roscms_security_level < 1) {
-echo $roscms_security_level;
+ if (ThisUser::getInstance()->securityLevel() < 1) {
return false;
}
@@ -241,10 +236,8 @@
*/
public function rightsOverview( $data_id )
{
- global $roscms_security_level;
-
// only if roscms interface access is granted
- if ($roscms_security_level < 1) {
+ if (ThisUser::getInstance()->securityLevel() < 1) {
return;
}
@@ -259,7 +252,7 @@
$explanation .= (strpos($rights_list, '|trans|') === false) ? '-' :
'p';
// add also security level
- $explanation .= ' '.$roscms_security_level;
+ $explanation .= ' '.ThisUser::getInstance()->securityLevel();
return $explanation;
} // end of member function rightsOverview
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Tag.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Tag.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Tag.class.php [iso-8859-1] Sat Nov 22
17:51:18 2008
@@ -83,10 +83,9 @@
public static function deleteById( $tag_id, $user_id )
{
global $h_a;
- global $roscms_intern_account_id;
// @unimplemented: account group membership check
- if ($user_id == $roscms_intern_account_id || $user_id == 0 || $user_id == -1) {
+ if ($user_id == ThisUser::getInstance()->id() || $user_id == 0 || $user_id == -1)
{
// get tag data
$stmt=DBConnection::getInstance()->prepare("SELECT tag_name_id,
tag_value_id FROM data_tag".$h_a." WHERE tag_id = :tag_id LIMIT 1");
@@ -139,10 +138,9 @@
public static function add( $data_id, $rev_id, $tag_name, $tag_value, $user_id )
{
global $h_a;
- global $roscms_intern_account_id;
//@ADD group membership check
- if ($user_id != $roscms_intern_account_id && $user_id != 0 &&
$user_id != -1) {
+ if ($user_id != ThisUser::getInstance()->id() && $user_id != 0 &&
$user_id != -1) {
die('ERROR: no rights to access this function');
}
Added: branches/danny-web/reactos.org/htdocs/roscms/lib/ThisUser.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/ThisUser.class.php (added)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/ThisUser.class.php [iso-8859-1] Sat
Nov 22 17:51:18 2008
@@ -1,0 +1,142 @@
+<?php
+ /*
+ RosCMS - ReactOS Content Management System
+ Copyright (C) 2008 Danny Götte <dangerground(a)web.de>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+/**
+ * class ThisUser
+ *
+ */
+class ThisUser
+{
+ private $security_level = 0;
+ private $user = array('id'=>0,'name'=>'');
+ private $groups = array();
+
+
+ /**
+ * adds a new membership for this user and registers maximum security level
+ *
+ * @access public
+ */
+ public function addGroup( $group )
+ {
+ $this->groups[$group['name']] = $group['security_level'];
+ if ($group['security_level'] > $this->security_level)
$this->security_level = $group['security_level'];
+ } // end of member function setId
+
+
+ /**
+ * adds a new membership for this user
+ *
+ * @return array
+ * @access public
+ */
+ public function getGroups( )
+ {
+ return $this->groups;
+ } // end of member function setId
+
+
+ /**
+ * checks if the user is member of at least in one of the groups
+ *
+ * @param string group_name
+ * @param string group_name2
+ * @param string group_name3
+ * @return bool
+ * @access public
+ */
+ public function isMemberOfGroup( $group_name, $group_name2 = null, $group_name3 = null
)
+ {
+ if (@$this->groups[$group_name] > -1 || @$this->groups[$group_name2] > -1
|| @$this->groups[$group_name3] > -1) {
+ return true;
+ }
+ return false;
+ } // end of member isGroupMember
+
+
+ /**
+ * returns highest security level of users group memberships
+ *
+ * @return int
+ * @access public
+ */
+ public function securityLevel( )
+ {
+ return $this->security_level;
+ } // end of member function securityLevel
+
+
+ /**
+ * returns the id of the user, which has requested the script
+ *
+ * @return int
+ * @access public
+ */
+ public function id( )
+ {
+ return $this->user['id'];
+ } // end of member function securityLevel
+
+
+ /**
+ * returns the name of the user, which has requested the script
+ *
+ * @return string
+ * @access public
+ */
+ public function name( )
+ {
+ return $this->user['name'];
+ } // end of member function securityLevel
+
+
+ /**
+ * set the current user data, of the user which has requested the script
+ *
+ * @access public
+ */
+ public function setData( $user )
+ {
+ if($user !== false){
+ $this->user['id'] = $user['user_id'];
+ $this->user['name'] = $user['user_name'];
+ }
+ } // end of member function setId
+
+
+ /**
+ * returns the instance
+ *
+ * @return object
+ * @access public
+ */
+ public static function getInstance( )
+ {
+ static $instance;
+
+ if (empty($instance)) {
+ $instance = new ThisUser();
+ }
+
+ return $instance;
+ } // end of member function check_lang
+
+} // end of ThisUser
+?>