当前位置: 首页>>代码示例>>PHP>>正文


PHP SEC_hasTopicAccess函数代码示例

本文整理汇总了PHP中SEC_hasTopicAccess函数的典型用法代码示例。如果您正苦于以下问题:PHP SEC_hasTopicAccess函数的具体用法?PHP SEC_hasTopicAccess怎么用?PHP SEC_hasTopicAccess使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。


在下文中一共展示了SEC_hasTopicAccess函数的12个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: hasBlockTopicAccess

/**
* Check for block topic access (need to handle 'all' and 'homeonly' as
* special cases)
*
* @param    string  $tid    ID for topic to check on
* @return   int             returns 3 for read/edit 2 for read only 0 for no access
*
*/
function hasBlockTopicAccess($tid)
{
    $access = 0;
    if ($tid == 'all' || $tid == 'homeonly') {
        $access = 3;
    } else {
        $access = SEC_hasTopicAccess($tid);
    }
    return $access;
}
开发者ID:alxstuart,项目名称:ajfs.me,代码行数:18,代码来源:block.php

示例2: COM_applyFilter

    }
}
$display = '';
if ($mode == $LANG_ADMIN['delete'] && !empty($LANG_ADMIN['delete'])) {
    $sid = COM_applyFilter($_POST['sid']);
    $type = '';
    if (isset($_POST['type'])) {
        $type = COM_applyFilter($_POST['type']);
    }
    if (!isset($sid) || empty($sid)) {
        COM_errorLog('Attempted to delete story sid=' . $sid);
        echo COM_refresh($_CONF['site_admin_url'] . '/story.php');
    } else {
        if ($type == 'submission') {
            $tid = DB_getItem($_TABLES['storysubmission'], 'tid', "sid = '{$sid}'");
            if (SEC_hasTopicAccess($tid) < 3) {
                COM_accessLog("User {$_USER['username']} tried to illegally delete story submission {$sid}.");
                echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
            } else {
                if (SEC_checkToken()) {
                    DB_delete($_TABLES['storysubmission'], 'sid', $sid, $_CONF['site_admin_url'] . '/moderation.php');
                } else {
                    COM_accessLog("User {$_USER['username']} tried to illegally delete story submission {$sid} and failed CSRF checks.");
                    echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
                }
            }
        } else {
            if (SEC_checkToken()) {
                echo STORY_deleteStory($sid);
            } else {
                COM_accessLog("User {$_USER['username']} tried to delete story and failed CSRF checks {$sid}.");
开发者ID:alxstuart,项目名称:ajfs.me,代码行数:31,代码来源:story.php

示例3: service_get_story


//.........这里部分代码省略.........
        $args['mode'] = 'view';
    }
    if (!$svc_msg['gl_feed']) {
        $sid = $args['sid'];
        $mode = $args['mode'];
        $story = new Story();
        $retval = $story->loadFromDatabase($sid, $mode);
        if ($retval != STORY_LOADED_OK) {
            $output = $retval;
            return PLG_RET_ERROR;
        }
        reset($story->_dbFields);
        while (list($fieldname, $save) = each($story->_dbFields)) {
            $varname = '_' . $fieldname;
            $output[$fieldname] = $story->{$varname};
        }
        $output['username'] = $story->_username;
        $output['fullname'] = $story->_fullname;
        if ($args['gl_svc']) {
            if ($output['statuscode'] == STORY_ARCHIVE_ON_EXPIRE || $output['statuscode'] == STORY_DELETE_ON_EXPIRE) {
                // This date format is PHP 5 only,
                // but only the web-service uses the value
                $output['expire_date'] = date('c', $output['expire']);
            }
            $output['id'] = $output['sid'];
            $output['category'] = array($output['tid']);
            $output['published'] = date('c', $output['date']);
            $output['updated'] = date('c', $output['date']);
            if (empty($output['bodytext'])) {
                $output['content'] = $output['introtext'];
            } else {
                $output['content'] = $output['introtext'] . LB . '[page_break]' . LB . $output['bodytext'];
            }
            $output['content_type'] = $output['postmode'] == 'html' ? 'html' : 'text';
            $owner_data = SESS_getUserDataFromId($output['owner_id']);
            $output['author_name'] = $owner_data['username'];
            $output['link_edit'] = $sid;
        }
    } else {
        $output = array();
        $mode = $args['mode'];
        $sql = array();
        if (isset($args['offset'])) {
            $offset = COM_applyBasicFilter($args['offset'], true);
        } else {
            $offset = 0;
        }
        $max_items = $_CONF['atom_max_stories'] + 1;
        $limit = " LIMIT {$offset}, {$max_items}";
        $limit_pgsql = " LIMIT {$max_items} OFFSET {$offset}";
        $order = " ORDER BY unixdate DESC";
        $sql['mysql'] = "SELECT s.*, UNIX_TIMESTAMP(s.date) AS unixdate, UNIX_TIMESTAMP(s.expire) as expireunix, " . "u.username, u.fullname, u.photo, u.email, t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t " . "WHERE (s.uid = u.uid) AND (s.tid = t.tid)" . COM_getPermSQL('AND', $_USER['uid'], 2, 's') . $order . $limit;
        $sql['pgsql'] = "SELECT  s.*, UNIX_TIMESTAMP(s.date) AS unixdate, UNIX_TIMESTAMP(s.expire) as expireunix, u.username, u.fullname, u.photo, u.email, t.topic, t.imageurl  FROM stories s, users u, topics t WHERE (s.uid = u.uid) AND (s.tid = t.tid) FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t WHERE (s.uid = u.uid) AND (s.tid = t.tid)" . COM_getPermSQL('AND', $_USER['uid'], 2, 's') . $order . $limit_pgsql;
        $result = DB_query($sql);
        $count = 0;
        while (($story_array = DB_fetchArray($result, false)) !== false) {
            $count += 1;
            if ($count == $max_items) {
                $svc_msg['offset'] = $offset + $_CONF['atom_max_stories'];
                break;
            }
            $story = new Story();
            $story->loadFromArray($story_array);
            // This access check is not strictly necessary
            $access = SEC_hasAccess($story_array['owner_id'], $story_array['group_id'], $story_array['perm_owner'], $story_array['perm_group'], $story_array['perm_members'], $story_array['perm_anon']);
            $story->_access = min($access, SEC_hasTopicAccess($story->_tid));
            if ($story->_access == 0) {
                continue;
            }
            $story->sanitizeData();
            reset($story->_dbFields);
            $output_item = array();
            while (list($fieldname, $save) = each($story->_dbFields)) {
                $varname = '_' . $fieldname;
                $output_item[$fieldname] = $story->{$varname};
            }
            if ($args['gl_svc']) {
                if ($output_item['statuscode'] == STORY_ARCHIVE_ON_EXPIRE || $output_item['statuscode'] == STORY_DELETE_ON_EXPIRE) {
                    // This date format is PHP 5 only,
                    // but only the web-service uses the value
                    $output_item['expire_date'] = date('c', $output_item['expire']);
                }
                $output_item['id'] = $output_item['sid'];
                $output_item['category'] = array($output_item['tid']);
                $output_item['published'] = date('c', $output_item['date']);
                $output_item['updated'] = date('c', $output_item['date']);
                if (empty($output_item['bodytext'])) {
                    $output_item['content'] = $output_item['introtext'];
                } else {
                    $output_item['content'] = $output_item['introtext'] . LB . '[page_break]' . LB . $output_item['bodytext'];
                }
                $output_item['content_type'] = $output_item['postmode'] == 'html' ? 'html' : 'text';
                $owner_data = SESS_getUserDataFromId($output_item['owner_id']);
                $output_item['author_name'] = $owner_data['username'];
            }
            $output[] = $output_item;
        }
    }
    return PLG_RET_OK;
}
开发者ID:mystralkk,项目名称:geeklog,代码行数:101,代码来源:lib-story.php

示例4: COM_checkList

/**
* Creates a <input> checklist from a database list for use in forms
*
* Creates a group of checkbox form fields with given arguments
*
* @param    string  $table      DB Table to pull data from
* @param    string  $selection  Comma delimited list of fields to pull from table
* @param    string  $where      Where clause of SQL statement
* @param    string  $selected   Value to set to CHECKED
* @param    string  $fieldname  Name to use for the checkbox array
* @return   string              HTML with Checkbox code
* @see      COM_optionList
*
*/
function COM_checkList($table, $selection, $where = '', $selected = '', $fieldname = '')
{
    global $_TABLES, $_COM_VERBOSE;
    $sql = "SELECT {$selection} FROM {$table}";
    if (!empty($where)) {
        $sql .= " WHERE {$where}";
    }
    $result = DB_query($sql);
    $nrows = DB_numRows($result);
    if (!empty($selected)) {
        if ($_COM_VERBOSE) {
            COM_errorLog("exploding selected array: {$selected} in COM_checkList", 1);
        }
        $S = explode(' ', $selected);
    } else {
        if ($_COM_VERBOSE) {
            COM_errorLog('selected string was empty COM_checkList', 1);
        }
        $S = array();
    }
    $retval = '<ul class="checkboxes-list">' . LB;
    for ($i = 0; $i < $nrows; $i++) {
        $access = true;
        $A = DB_fetchArray($result, true);
        if ($table == $_TABLES['topics'] and SEC_hasTopicAccess($A['tid']) == 0) {
            $access = false;
        }
        if (empty($fieldname)) {
            // Not a good idea, as that will expose our table name and prefix!
            // Make sure you pass a distinct field name!
            $fieldname = $table;
        }
        if ($access) {
            $retval .= '<li><input type="checkbox" name="' . $fieldname . '[]" value="' . $A[0] . '"';
            $sizeS = count($S);
            for ($x = 0; $x < $sizeS; $x++) {
                if ($A[0] == $S[$x]) {
                    $retval .= ' checked="checked"';
                    break;
                }
            }
            if ($table == $_TABLES['blocks'] && isset($A[2]) && $A[2] == 'gldefault') {
                $retval .= XHTML . '><span class="gldefault">' . stripslashes($A[1]) . '</span></li>' . LB;
            } else {
                $retval .= XHTML . '><span>' . stripslashes($A[1]) . '</span></li>' . LB;
            }
        }
    }
    $retval .= '</ul>' . LB;
    return $retval;
}
开发者ID:alxstuart,项目名称:ajfs.me,代码行数:65,代码来源:lib-common.php

示例5: plugin_autotags_topic

/**
* Implements the [topic:] autotag.
*
* @param    string  $op         operation to perform
* @param    string  $content    item (e.g. topic text), including the autotag
* @param    array   $autotag    parameters used in the autotag
* @param    mixed               tag names (for $op='tagname') or formatted content
*
*/
function plugin_autotags_topic($op, $content = '', $autotag = '')
{
    global $_CONF, $_TABLES, $LANG27, $_GROUPS;
    if ($op == 'tagname') {
        return array('topic', 'related_topics', 'related_items');
    } elseif ($op == 'permission' || $op == 'nopermission') {
        if ($op == 'permission') {
            $flag = true;
        } else {
            $flag = false;
        }
        $tagnames = array();
        if (isset($_GROUPS['Topic Admin'])) {
            $group_id = $_GROUPS['Topic Admin'];
        } else {
            $group_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Topic Admin'");
        }
        $owner_id = SEC_getDefaultRootUser();
        if (COM_getPermTag($owner_id, $group_id, $_CONF['autotag_permissions_topic'][0], $_CONF['autotag_permissions_topic'][1], $_CONF['autotag_permissions_topic'][2], $_CONF['autotag_permissions_topic'][3]) == $flag) {
            $tagnames[] = 'topic';
        }
        if (COM_getPermTag($owner_id, $group_id, $_CONF['autotag_permissions_related_topics'][0], $_CONF['autotag_permissions_related_topics'][1], $_CONF['autotag_permissions_related_topics'][2], $_CONF['autotag_permissions_related_topics'][3]) == $flag) {
            $tagnames[] = 'related_topics';
        }
        if (COM_getPermTag($owner_id, $group_id, $_CONF['autotag_permissions_related_items'][0], $_CONF['autotag_permissions_related_items'][1], $_CONF['autotag_permissions_related_items'][2], $_CONF['autotag_permissions_related_items'][3]) == $flag) {
            $tagnames[] = 'related_items';
        }
        if (count($tagnames) > 0) {
            return $tagnames;
        }
    } elseif ($op == 'description') {
        return array('topic' => $LANG27['autotag_desc_topic'], 'related_topics' => $LANG27['autotag_desc_related_topics'], 'related_items' => $LANG27['autotag_desc_related_items']);
    } elseif ($op == 'parse') {
        if ($autotag['tag'] != 'topic' && $autotag['tag'] != 'related_topics' && $autotag['tag'] != 'related_items') {
            return $content;
        }
        if ($autotag['tag'] == 'topic') {
            $tid = COM_applyFilter($autotag['parm1']);
            if (!empty($tid) && SEC_hasTopicAccess($tid) > 0) {
                $tid = DB_escapeString($tid);
                $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['topics']} WHERE tid = '{$tid}'";
                $result = DB_query($sql);
                $A = DB_fetchArray($result);
                if ($A['count'] == 1) {
                    $url = COM_buildUrl($_CONF['site_url'] . '/index.php?topic=' . $tid);
                    $linktext = $autotag['parm2'];
                    if (empty($linktext)) {
                        $linktext = stripslashes(DB_getItem($_TABLES['topics'], 'topic', "tid = '{$tid}'"));
                    }
                    $link = COM_createLink($linktext, $url);
                    $content = str_replace($autotag['tagstr'], $link, $content);
                }
            }
        } elseif ($autotag['tag'] == 'related_topics') {
            $id = COM_applyFilter($autotag['parm1']);
            $type = '';
            $max = $_CONF['related_topics_max'];
            // Article Default
            $tids = array();
            $skip = 0;
            $px = explode(' ', trim($autotag['parm2']));
            if (is_array($px)) {
                foreach ($px as $part) {
                    if (substr($part, 0, 5) == 'type:') {
                        $a = explode(':', $part);
                        $type = $a[1];
                        $skip++;
                    } elseif (substr($part, 0, 4) == 'max:') {
                        $a = explode(':', $part);
                        $max = $a[1];
                        $skip++;
                    } elseif (substr($part, 0, 6) == 'topic:') {
                        $a = explode(':', $part);
                        $tids[] = $a[1];
                        // Add each topic when found
                        $skip++;
                    } else {
                        break;
                    }
                }
            }
            $related_topics = '';
            if (!empty($type) and !empty($id)) {
                // Return topics of object
                $related_topics = TOPIC_relatedTopics($type, $id, $max);
            } elseif (!empty($tids)) {
                // Since list of topics specified add id to topic list (since really a topic)
                if (!empty($id)) {
                    $tids[] = $id;
                }
                $related_topics = TOPIC_relatedTopics('', '', $max, $tids);
//.........这里部分代码省略.........
开发者ID:Geeklog-Core,项目名称:geeklog,代码行数:101,代码来源:lib-topic.php

示例6: loadFromArgsArray

 /**
  * Loads a story from the post data. This is the most exciting function in
  * the whole entire world. First it'll clean up that horrible Magic Quotes
  * crap. Then it'll do all Geeklog's funky security stuff, anti XSS, anti
  * SQL Injection. Yay.
  */
 function loadFromArgsArray(&$array)
 {
     global $_TABLES;
     /* magic_quotes_gpc cleanup routine now in submitstory() in
      * /public_html/admin/story.php
      */
     $retval = STORY_LOADED_OK;
     // default to success
     /* Load the trivial stuff: */
     $this->_loadBasics($array);
     /* Check to see if we have permission to edit this sid, and that this
      * sid is not a duplicate or anything horrible like that. ewww.
      */
     $sql = 'SELECT owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon ' . ' FROM ' . $_TABLES['stories'] . ' WHERE sid=\'' . $this->_sid . '\'';
     $result = DB_query($sql);
     if ($result && DB_numRows($result) > 0) {
         /* Sid exists! Is it our article? */
         if ($this->_sid != $this->_originalSid) {
             // for story preview: don't abort
             $retval = STORY_DUPLICATE_SID;
         }
         $article = DB_fetchArray($result);
         /* Check Security */
         if (SEC_hasAccess($article['owner_id'], $article['group_id'], $article['perm_owner'], $article['perm_group'], $article['perm_members'], $article['perm_anon']) < 3) {
             return STORY_EXISTING_NO_EDIT_PERMISSION;
         }
     }
     $access = SEC_hasAccess($this->_owner_id, $this->_group_id, $this->_perm_owner, $this->_perm_group, $this->_perm_members, $this->_perm_anon);
     if ($access < 3 || !SEC_hasTopicAccess($this->_tid) || !SEC_inGroup($this->_group_id)) {
         return STORY_NO_ACCESS_PARAMS;
     }
     /* Load up the topic name and icon */
     $topic = DB_query("SELECT topic, imageurl FROM {$_TABLES['topics']} WHERE tid='{$this->_tid}'");
     $topic = DB_fetchArray($topic);
     $this->_topic = $topic['topic'];
     $this->_imageurl = $topic['imageurl'];
     //$title = COM_stripSlashes( $array['title'] );
     //$intro = COM_stripSlashes( $array['introtext'] );
     //$body = COM_stripSlashes( $array['bodytext'] );
     /* Then load the title, intro and body */
     if ($array['postmode'] == 'html' || $array['postmode'] == 'adveditor' || $array['postmode'] == 'wikitext') {
         $this->_htmlLoadStory($array['title'], $array['introtext'], $array['bodytext']);
         if ($this->_postmode == 'adveditor') {
             $this->_advanced_editor_mode = 1;
             $this->_postmode = 'html';
         } else {
             $this->_advanced_editor_mode = 0;
         }
     } else {
         $this->_advanced_editor_mode = 0;
         $this->_plainTextLoadStory($array['title'], $array['introtext'], $array['bodytext']);
     }
     if (empty($this->_title) || empty($this->_introtext)) {
         return STORY_EMPTY_REQUIRED_FIELDS;
     }
     $this->_sanitizeData();
     return $retval;
 }
开发者ID:hostellerie,项目名称:nexpro,代码行数:64,代码来源:story.class.php

示例7: USER_getAllowedTopics

/**
* Get topics the current user has access to
*
* @return   array   Array of topic IDs
*
*/
function USER_getAllowedTopics()
{
    global $_TABLES;
    $topics = array();
    $result = DB_query("SELECT tid FROM {$_TABLES['topics']}");
    $numrows = DB_numRows($result);
    for ($i = 0; $i < $numrows; $i++) {
        $A = DB_fetchArray($result);
        if (SEC_hasTopicAccess($A['tid'])) {
            $topics[] = $A['tid'];
        }
    }
    return $topics;
}
开发者ID:hostellerie,项目名称:nexpro,代码行数:20,代码来源:lib-user.php

示例8: ADMIN_getListField_stories

/**
 * used for the list of stories in admin/story.php
 *
 */
function ADMIN_getListField_stories($fieldname, $fieldvalue, $A, $icon_arr)
{
    global $_CONF, $_TABLES, $LANG_ADMIN, $LANG24, $LANG_ACCESS, $_IMAGE_TYPE;
    static $topics, $topic_access, $topic_anon;
    if (!isset($topics)) {
        $topics = array();
    }
    if (!isset($topic_access)) {
        $topic_access = array();
    }
    $retval = '';
    switch ($fieldname) {
        case 'unixdate':
            $curtime = COM_getUserDateTimeFormat($A['unixdate']);
            $retval = strftime($_CONF['daytime'], $curtime[1]);
            break;
        case 'title':
            $A['title'] = str_replace('$', '&#36;', $A['title']);
            $article_url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']);
            $retval = COM_createLink(stripslashes($A['title']), $article_url);
            break;
        case 'draft_flag':
            if ($A['draft_flag'] == 1) {
                $retval = $LANG24[35];
            } else {
                $retval = $LANG24[36];
            }
            break;
        case 'access':
        case 'edit':
        case 'edit_adv':
            $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
            if ($access == 3) {
                if (!isset($topic_access[$A['tid']])) {
                    $topic_access[$A['tid']] = SEC_hasTopicAccess($A['tid']);
                }
                if ($topic_access[$A['tid']] == 3) {
                    $access = $LANG_ACCESS['edit'];
                } else {
                    $access = $LANG_ACCESS['readonly'];
                }
            } else {
                $access = $LANG_ACCESS['readonly'];
            }
            if ($fieldname == 'access') {
                $retval = $access;
            } elseif ($access == $LANG_ACCESS['edit']) {
                if ($fieldname == 'edit_adv') {
                    $editmode = 'adv';
                } elseif ($fieldname == 'edit') {
                    $editmode = 'std';
                }
                $editurl = $_CONF['site_admin_url'] . '/story.php?mode=edit&amp;editor=' . $editmode . '&amp;sid=' . $A['sid'];
                $retval = COM_createLink($icon_arr['edit'], $editurl);
            }
            break;
        case 'featured':
            if ($A['featured'] == 1) {
                $retval = $LANG24[35];
            } else {
                $retval = $LANG24[36];
            }
            break;
        case 'ping':
            if (!isset($topic_anon[$A['tid']])) {
                $topic_anon[$A['tid']] = DB_getItem($_TABLES['topics'], 'perm_anon', "tid = '" . addslashes($A['tid']) . "'");
            }
            if ($A['draft_flag'] == 0 && $A['unixdate'] < time() && $A['perm_anon'] != 0 && $topic_anon[$A['tid']] != 0) {
                $pingico = '<img src="' . $_CONF['layout_url'] . '/images/sendping.' . $_IMAGE_TYPE . '" alt="' . $LANG24[21] . '" title="' . $LANG24[21] . '"' . XHTML . '>';
                $url = $_CONF['site_admin_url'] . '/trackback.php?mode=sendall&amp;id=' . $A['sid'];
                $retval = COM_createLink($pingico, $url);
            } else {
                $retval = '';
            }
            break;
        case 'tid':
            if (!isset($topics[$A['tid']])) {
                $topics[$A['tid']] = DB_getItem($_TABLES['topics'], 'topic', "tid = '{$A['tid']}'");
            }
            $retval = $topics[$A['tid']];
            break;
        case 'username':
            $retval = COM_getDisplayName($A['uid'], $A['username'], $A['fullname']);
            break;
        default:
            $retval = $fieldvalue;
            break;
    }
    return $retval;
}
开发者ID:hostellerie,项目名称:nexpro,代码行数:94,代码来源:lib-admin.php

示例9: loadFromArgsArray

 /**
  * Loads a story from the post data. This is the most exciting function in
  * the whole entire world. First it'll clean up that horrible Magic Quotes
  * crap. Then it'll do all glFusion's funky security stuff, anti XSS, anti
  * SQL Injection. Yay.
  */
 function loadFromArgsArray(&$array)
 {
     global $_TABLES;
     $retval = STORY_LOADED_OK;
     /* magic_quotes_gpc cleanup routine now in submitstory() in
      * /public_html/admin/story.php
      */
     /* Load the trivial stuff: */
     $this->_loadBasics($array);
     /* Check to see if we have permission to edit this sid, and that this
      * sid is not a duplicate or anything horrible like that. ewww.
      */
     $sql = 'SELECT owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon ' . ' FROM ' . $_TABLES['stories'] . ' WHERE sid=\'' . DB_escapeString($this->_sid) . '\'';
     $result = DB_query($sql);
     if ($result && DB_numRows($result) > 0) {
         /* Sid exists! Is it our article? */
         if ($this->_sid != $this->_originalSid) {
             $retval = STORY_DUPLICATE_SID;
         } else {
             $article = DB_fetchArray($result);
             /* Check Security */
             if (SEC_hasRights('story.edit') and $this->checkAccess() == 3 and SEC_hasTopicAccess($this->DisplayElements('tid')) == 3) {
                 $access = 3;
             }
             if ($access < 3) {
                 return STORY_EXISTING_NO_EDIT_PERMISSION;
             }
             if (!empty($array['owner_id'])) {
                 $this->_owner_id = $array['owner_id'];
             } else {
                 $this->_owner_id = $article['owner_id'];
             }
         }
     }
     if (SEC_hasRights('story.edit')) {
         $access = 3;
     } else {
         $access = SEC_hasAccess($this->_owner_id, $this->_group_id, $this->_perm_owner, $this->_perm_group, $this->_perm_members, $this->_perm_anon);
         if ($access < 3 || !SEC_hasTopicAccess($this->_tid) || !SEC_inGroup($this->_group_id)) {
             return STORY_NO_ACCESS_PARAMS;
         }
     }
     /* Load up the topic name and icon */
     $topic = DB_query("SELECT topic, imageurl FROM {$_TABLES['topics']} WHERE tid='" . DB_escapeString($this->_tid) . "'");
     $topic = DB_fetchArray($topic);
     $this->_topic = $topic['topic'];
     $this->_imageurl = $topic['imageurl'];
     $alternate_topic = '';
     if ($this->_alternate_tid != NULL) {
         $alternate_topic = DB_getItem($_TABLES['topics'], 'topic', 'tid="' . DB_escapeString($this->_alternate_tid) . '"');
     }
     $this->_alternate_topic = $alternate_topic;
     /* Then load the title, intro and body */
     if ($array['postmode'] == 'html' || $array['postmode'] == 'adveditor') {
         $this->_htmlLoadStory($array['title'], $array['introtext'], $array['bodytext']);
         if ($this->_postmode == 'adveditor') {
             $this->_postmode = 'html';
         }
     } else {
         $this->_plainTextLoadStory($array['title'], $array['introtext'], $array['bodytext']);
     }
     if (empty($this->_title) || empty($this->_introtext)) {
         return STORY_EMPTY_REQUIRED_FIELDS;
     }
     if ($this->_tid == $this->_alternate_tid) {
         $this->_alternate_tid = NULL;
     }
     $this->_sanitizeData();
     return $retval;
 }
开发者ID:NewRoute,项目名称:glfusion,代码行数:76,代码来源:story.class.php

示例10: CMED_hasMenuitemTopicAccess

/**
* Check for menuitem topic access (need to handle 'all' and 'homeonly' as special cases)
*
* @param    string  $tid    ID for topic to check on
* @return   int             returns 3 for read/edit 2 for read only 0 for no access
*
*/
function CMED_hasMenuitemTopicAccess($tid)
{
    if ($tid == 'all' || $tid == 'homeonly') {
        $access = 3;
    } else {
        $access = SEC_hasTopicAccess($tid);
    }
    return $access;
}
开发者ID:milk54,项目名称:geeklog-japan,代码行数:16,代码来源:index.php

示例11: STORY_getListField

/**
 * used for the list of stories in admin/story.php
 *
 */
function STORY_getListField($fieldname, $fieldvalue, $A, $icon_arr, $token)
{
    global $_CONF, $_USER, $_TABLES, $LANG_ADMIN, $LANG24, $LANG_ACCESS, $_IMAGE_TYPE;
    static $topics;
    if (!isset($topics)) {
        $topics = array();
    }
    $retval = '';
    switch ($fieldname) {
        case "access":
        case "edit":
        case "edit_adv":
            if (SEC_inGroup('Story Admin')) {
                $access = $LANG_ACCESS['edit'];
            } else {
                $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
                if ($access == 3) {
                    if (SEC_hasTopicAccess($A['tid']) == 3) {
                        $access = $LANG_ACCESS['edit'];
                    } else {
                        $access = $LANG_ACCESS['readonly'];
                    }
                } else {
                    $access = $LANG_ACCESS['readonly'];
                }
            }
            if ($fieldname == 'access') {
                $retval = $access;
            } else {
                if ($access == $LANG_ACCESS['edit']) {
                    if ($fieldname == 'edit_adv' || $fieldname == 'edit') {
                        $retval = COM_createLink($icon_arr['edit'], "{$_CONF['site_admin_url']}/story.php?edit=x&amp;sid={$A['sid']}");
                    }
                }
            }
            break;
        case "copy":
        case "copy_adv":
            if (SEC_inGroup('Story Admin')) {
                $access = $LANG_ACCESS['copy'];
            } else {
                $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
                if ($access == 3) {
                    if (SEC_hasTopicAccess($A['tid']) == 3) {
                        $access = $LANG_ACCESS['copy'];
                    } else {
                        $access = $LANG_ACCESS['readonly'];
                    }
                } else {
                    $access = $LANG_ACCESS['readonly'];
                }
            }
            if ($fieldname == 'access') {
                $retval = $access;
            } else {
                if ($access == $LANG_ACCESS['copy']) {
                    if ($fieldname == 'copy_adv') {
                        $retval = COM_createLink($icon_arr['copy'], "{$_CONF['site_admin_url']}/story.php?clone=x&amp;editor=adv&amp;sid={$A['sid']}");
                    } else {
                        if ($fieldname == 'copy') {
                            $retval = COM_createLink($icon_arr['copy'], "{$_CONF['site_admin_url']}/story.php?clone=x&amp;editor=std&amp;sid={$A['sid']}");
                        }
                    }
                }
            }
            break;
        case "title":
            $A['title'] = str_replace('$', '&#36;', $A['title']);
            $article_url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']);
            $retval = COM_createLink($A['title'], $article_url);
            break;
        case 'tid':
            if (!isset($topics[$A['tid']])) {
                $topics[$A['tid']] = DB_getItem($_TABLES['topics'], 'topic', "tid = '" . DB_escapeString($A['tid']) . "'");
            }
            $retval = $topics[$A['tid']];
            break;
        case "draft_flag":
            $retval = $A['draft_flag'] == 1 ? $icon_arr['check'] : '';
            break;
        case "featured":
            $retval = $A['featured'] == 1 ? $icon_arr['check'] : '';
            break;
        case 'username':
            $retval = COM_getDisplayName($A['uid'], $A['username'], $A['fullname']);
            break;
        case "unixdate":
            $dt = new Date($A['unixdate'], $_USER['tzid']);
            $retval = $dt->format($_CONF['daytime'], true);
            break;
        case "ping":
            $pingico = '<img src="' . $_CONF['layout_url'] . '/images/sendping.' . $_IMAGE_TYPE . '" alt="' . $LANG24[21] . '" title="' . $LANG24[21] . '"/>';
            if ($A['draft_flag'] == 0 && $A['unixdate'] < time()) {
                $url = $_CONF['site_admin_url'] . '/trackback.php?mode=sendall&amp;id=' . $A['sid'];
                $retval = COM_createLink($pingico, $url);
            } else {
//.........这里部分代码省略.........
开发者ID:spacequad,项目名称:glfusion,代码行数:101,代码来源:story.php

示例12: USER_buildTopicList

/**
* Build a list of all topics the current user has access to
*
* @return   string   List of topic IDs, separated by spaces
*
*/
function USER_buildTopicList()
{
    global $_TABLES;
    $topics = '';
    $result = DB_query("SELECT tid FROM {$_TABLES['topics']}");
    $numrows = DB_numRows($result);
    for ($i = 1; $i <= $numrows; $i++) {
        $A = DB_fetchArray($result);
        if (SEC_hasTopicAccess($A['tid'])) {
            if ($i > 1) {
                $topics .= ' ';
            }
            $topics .= $A['tid'];
        }
    }
    return $topics;
}
开发者ID:NewRoute,项目名称:glfusion,代码行数:23,代码来源:lib-user.php


注:本文中的SEC_hasTopicAccess函数示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。