PHP Permissions::checkPermAndLevel方法代码示例

 function remove($checkperm = true)
 {
     global $db;
     if ($checkperm && !Permissions::checkPermAndLevel('delete_comments', $this->_dbo->user_id)) {
         throw new Exception2("Nie mona usun�komentarza", "Brak uprawnie�");
     }
     $q = $db->prepare("DELETE FROM phph_comments WHERE comment_id = ?");
     $db->execute($q, array($this->_cmid));
     return true;
 }

}
if (!Permissions::checkPerm('admin_panel')) {
    die("Permission denied.");
}
HTML::startHTML();
HTML::head();
HTML::startBODY("a_body");
$action = Utils::pg("action", "edit");
$cmid = Utils::pg("cmid");
$ref = urldecode(Utils::pg("ref"));
$comment_title = "";
$comment_text = "";
$comment = new Comment($cmid);
$comment_title = $comment->_dbo->comment_title;
$comment_text = $comment->_dbo->comment_text;
if (!Permissions::checkPermAndLevel('edit_comments', $comment->_dbo->user_id)) {
    die("Permission denied.");
}
?>

<div class="a_white_pane">
<h1 class="a_title">Edycja komentarza</h1>
</div>

<br />

<?php 
if (!empty($_POST['submit'])) {
    try {
        $comment->update($_POST['comment_title'], $_POST['comment_text']);
        if (!empty($ref)) {

require_once "includes/db.php";
require_once "includes/html.php";
require_once "includes/permissions.php";
require_once "includes/lang.php";
$session = Session::singletone();
if ($session->requireLogin()) {
    exit;
}
if (!Permissions::checkPerm('admin_panel')) {
    die("Permission denied.");
}
$uid = Utils::pg("uid");
if (empty($uid)) {
    header("Location: " . $session->addSID(Config::get("site_url") . "/admin/users.php"));
}
if (!Permissions::checkPermAndLevel('edit_users', $uid)) {
    die("Permission denied.");
}
HTML::startHTML();
HTML::head();
HTML::startBODY("a_body");
$err_login = false;
$err_pass1 = false;
$err_pass2 = false;
$err_email = false;
$user_login = "";
$user_pass1 = "";
$user_pass2 = "";
$user_email = "";
?>

	function renderContent() {

		$comments = $this->_photo->getComments();
		$session = Session::singletone();

		if (!empty($comments)) {
			foreach ($comments as $cmnt) {
?>
<div class="a_comment">
<div class="a_comment_hdr"><?=htmlspecialchars($cmnt->_dbo->comment_title)?></div>
<div class="a_comment_text">
<div class="a_table_list_details"><?=htmlspecialchars($cmnt->_user->user_login)?>, <?=Utils::formatTime($cmnt->_dbo->comment_date)?></div>
<?=nl2br(htmlspecialchars($cmnt->_dbo->comment_text))?>
</div>

<div class="a_comment_actions">
<?php if ($cmnt->_dbo->user_id == $session->_uid || Permissions::checkPermAndLevel('edit_comments', $cmnt->_dbo->user_id)) { ?>
	<a href="<?php echo HTML::addRef($session->addSID("edit_comment.php?cmid=" . $cmnt->_cmid));?>" title="Edytuj komentarz"><?php HTML::img("edit.gif", "Edytuj komentarz"); ?></a>
<? } ?>
<?php if ($cmnt->_dbo->user_id == $session->_uid || Permissions::checkPermAndLevel('delete_comments', $cmnt->_dbo->user_id)) { ?>
	<a href="<?php echo HTML::addRef($session->addSID("remove_comment.php?cmid=" . $cmnt->_cmid));?>" onclick='return confirm("Czy na pewno usun±æ komentarz?");' title="Usuñ komentarz"><?php HTML::img("trash.gif", "Usuñ komentarz"); ?></a>
<?php } ?>
</div>
</div>
<?php
			}
		} else {
?>
<div class="a_comment">Brak komentarzy.</div>
<?php
		}
	}

    function renderContent()
    {
        global $session, $db, $gid;
        $q = $db->prepare("SELECT " . "u.user_id AS memb_id, " . "u.user_login AS memb_login, " . "u.user_name AS memb_name, " . "gu.add_time, " . "ua.user_id AS add_id, " . "ua.user_login AS add_login, " . "ua.user_name AS add_name, " . "u.user_email AS memb_email, " . "u.user_www AS memb_www " . "FROM phph_group_users gu " . "INNER JOIN phph_users u ON gu.user_id = u.user_id " . "LEFT OUTER JOIN phph_users ua ON gu.added_by = ua.user_id " . "LIMIT " . $this->_start . ", " . $this->_count);
        $res = $db->execute($q);
        if (PEAR::isError($res)) {
            die($res->getMessage());
        }
        while ($res->fetchInto($row)) {
            $added = strftime("%Y-%m-%d %T", $row['add_time']);
            ?>
			<tr>
				<td><a href="<?php 
            echo HTML::addRef($session->addSID("user_info.php?uid=" . $row['memb_id']));
            ?>
"><?php 
            echo $row['memb_id'];
            ?>
</a></td>
				<td>
				<a href="<?php 
            echo HTML::addRef($session->addSID("user_info.php?uid=" . $row['memb_id']));
            ?>
"><?php 
            echo htmlspecialchars($row['memb_login']);
            ?>
</a>
				<div class="a_table_list_details"><?php 
            echo htmlspecialchars($row['memb_login']);
            ?>
</div>
				</td>
				<td><?php 
            echo $added;
            ?>
</td>
				<td>
				<a href="<?php 
            echo HTML::addRef($session->addSID("user_info.php?uid=" . $row['add_id']));
            ?>
"><?php 
            echo htmlspecialchars($row['add_login']);
            ?>
</a>
				<div class="a_table_list_details"><?php 
            echo htmlspecialchars($row['add_name']);
            ?>
</div>
				</td>
				<td>
<?php 
            if ($row['memb_id'] == $session->_uid || Permissions::checkPermAndLevel('remove_group_members', $row['memb_id'])) {
                ?>
	<a href="<?php 
                echo HTML::addRef($session->addSID("remove_member.php?uid=" . $row['memb_id'] . "&amp;gid=" . $gid));
                ?>
" onclick='return confirm("<?php 
                echo _ADMIN_CONFIRM_REMOVE_MEMBER;
                ?>
");' title="<?php 
                echo _ADMIN_REMOVE_MEMBER;
                ?>
"><?php 
                HTML::img("remove.gif", _ADMIN_REMOVE_MEMBER);
                ?>
</a>
<?php 
            }
            ?>

<?php 
            if ($row['memb_id'] == $session->_uid || Permissions::checkPermAndLevel('edit_users', $row['memb_id'])) {
                ?>
	<a href="<?php 
                echo HTML::addRef($session->addSID("edit_user.php?uid=" . $row['memb_id']));
                ?>
" title="<?php 
                echo _ADMIN_EDIT_USER;
                ?>
"><?php 
                HTML::img("edit.gif", _ADMIN_EDIT_USER);
                ?>
</a>
<?php 
            }
            ?>

<?php 
            if ($row['memb_id'] == $session->_uid || Permissions::checkPermAndLevel('delete_users', $row['memb_id'])) {
                ?>
	<a href="<?php 
                echo HTML::addRef($session->addSID("remove_user.php?uid=" . $row['memb_id']));
                ?>
" onclick='return confirm("<?php 
                echo sprintf(_ADMIN_CONFIRM_DELETE_USER, $row['memb_login']);
                ?>
");' title="<?php 
                echo _ADMIN_REMOVE_USER;
                ?>
"><?php 
//.........这里部分代码省略.........

set_include_path(get_include_path() . ":../");
require_once "includes/session.php";
require_once "XML/Tree.php";
require_once "DB/DataObject.php";
require_once "DB/DataObject/Cast.php";
require_once "includes/config.php";
require_once "includes/utils.php";
require_once "includes/db.php";
require_once "includes/html.php";
require_once "includes/lang.php";
require_once "includes/permissions.php";
$session = Session::singletone();
if ($session->requireLogin()) {
    exit;
}
if (!Permissions::checkPerm('admin_panel')) {
    die("Permission denied.");
}
$ref = urldecode(Utils::pg("ref"));
$uid = urldecode(Utils::pg("uid"));
$gid = urldecode(Utils::pg("gid"));
if (!Permissions::checkPermAndLevel('remove_group_members', $uid)) {
    die("Permission denied.");
}
$q = $db->prepare("DELETE FROM phph_group_users WHERE user_id = ? AND group_id = ?");
$r = $db->execute($q, array($uid, $gid));
if (PEAR::isError($r)) {
    die($r->getMessage());
}
header("Location: {$ref}");
ini_restore('include_path');