本文整理匯總了PHP中SEC_getUserPermissions函數的典型用法代碼示例。如果您正苦於以下問題:PHP SEC_getUserPermissions函數的具體用法?PHP SEC_getUserPermissions怎麽用?PHP SEC_getUserPermissions使用的例子?那麽, 這裏精選的函數代碼示例或許可以為您提供幫助。
在下文中一共展示了SEC_getUserPermissions函數的12個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的PHP代碼示例。
示例1: MG_editCategory
function MG_editCategory($cat_id, $mode)
{
global $album_jumpbox, $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG03, $LANG_ACCESS;
$retval = '';
$T = new Template($_MG_CONF['template_path'] . '/admin');
$T->set_var('site_url', $_CONF['site_url']);
$T->set_var('site_admin_url', $_CONF['site_admin_url']);
if ($cat_id == 0 && $mode == 'create') {
// set the album_id
$sql = "SELECT MAX(cat_id) + 1 AS nextcat_id FROM " . $_TABLES['mg_category'];
$result = DB_query($sql);
$row = DB_fetchArray($result);
$A['cat_id'] = $row['nextcat_id'];
if ($A['cat_id'] < 1) {
$A['cat_id'] = 1;
}
if ($A['cat_id'] == 0) {
COM_errorLog("Media Gallery Error - Returned 0 as cat_id");
$A['cat_id'] = 1;
}
$A['cat_name'] = '';
$A['cat_description'] = '';
} else {
$A['cat_id'] = $cat_id;
// pull info from DB
$sql = "SELECT * FROM {$_TABLES['mg_category']} WHERE cat_id=" . (int) $cat_id;
$result = DB_query($sql);
$numRows = DB_numRows($result);
if ($numRows > 0) {
$A = DB_fetchArray($result);
}
}
$T->set_var('cat_id', $A['cat_id']);
// If edit, pull up the existing album information...
$T->set_file(array('admin' => 'editcategory.thtml'));
$T->set_var(array('action' => 'category', 'cat_id' => $A['cat_id'], 'cat_name' => $A['cat_name'], 'cat_description' => $A['cat_description'], 'lang_save' => $LANG_MG01['save'], 'lang_edit_category' => $mode == 'create' ? $LANG_MG01['create_category'] : $LANG_MG01['edit_category'], 's_form_action' => $_MG_CONF['admin_url'] . 'category.php', 'lang_cat_edit_help' => $LANG_MG01['cat_edit_help'], 'lang_title' => $LANG_MG01['title'], 'lang_description' => $LANG_MG01['description'], 'lang_cancel' => $LANG_MG01['cancel'], 'lang_delete' => $LANG_MG01['delete'], 'lang_delete_confirm' => $LANG_MG01['delete_item_confirm'], 'gltoken_name' => CSRF_TOKEN, 'gltoken' => SEC_createToken()));
if ($_MG_CONF['htmlallowed'] == 1) {
$T->set_var('allowed_html', COM_allowedHTML(SEC_getUserPermissions(), false, 'mediagallery', 'category_title'));
}
$T->parse('output', 'admin');
$retval .= $T->finish($T->get_var('output'));
return $retval;
}
示例2: COM_updateSpeedlimit
COM_updateSpeedlimit('login');
COM_errorLog("OAuth Error: " . $consumer->error);
echo COM_refresh($_CONF['site_url'] . '/users.php?msg=111');
// OAuth authentication error
}
$consumer->doAction($oauth_userinfo);
}
// end OAuth authentication method(s)
} else {
$status = -2;
}
if ($status == USER_ACCOUNT_ACTIVE || $status == USER_ACCOUNT_AWAITING_ACTIVATION) {
// logged in AOK.
SESS_completeLogin($uid);
$_GROUPS = SEC_getUserGroups($_USER['uid']);
$_RIGHTS = explode(',', SEC_getUserPermissions());
if ($_SYSTEM['admin_session'] > 0 && $local_login) {
if (SEC_isModerator() || SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit', 'OR') || count(PLG_getAdminOptions()) > 0) {
$admin_token = SEC_createTokenGeneral('administration', $_SYSTEM['admin_session']);
SEC_setCookie('token', $admin_token, 0, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
}
}
if (!isset($_USER['theme'])) {
$_USER['theme'] = $_CONF['theme'];
$_CONF['path_layout'] = $_CONF['path_themes'] . $_USER['theme'] . '/';
$_CONF['layout_url'] = $_CONF['site_url'] . '/layout/' . $_USER['theme'];
if ($_CONF['allow_user_themes'] == 1) {
if (isset($_COOKIE[$_CONF['cookie_theme']])) {
$theme = COM_sanitizeFilename($_COOKIE[$_CONF['cookie_theme']], true);
if (is_dir($_CONF['path_themes'] . $theme)) {
$_USER['theme'] = $theme;
示例3: WS_authenticate
//.........這裏部分代碼省略.........
if ($pwdigest == $mydigest) {
$password = $pwd;
}
}
}
if ($WS_VERBOSE) {
COM_errorLog("WS: Attempting to log in user '$username' (via WSSE)");
}
******************************************************************************/
} elseif (!empty($_SERVER['REMOTE_USER'])) {
/* PHP installed as CGI may not have access to authorization headers of
* Apache. In that case, use .htaccess to store the auth header as
* explained at
* http://wiki.geeklog.net/wiki/index.php/Webservices_API#Authentication
*/
list($auth_type, $auth_data) = explode(' ', $_SERVER['REMOTE_USER']);
list($username, $password) = explode(':', base64_decode($auth_data));
$username = COM_applyBasicFilter($username);
if ($WS_VERBOSE) {
COM_errorLog("WS: Attempting to log in user '{$username}' (via \$_SERVER['REMOTE_USER'])");
}
} else {
if ($WS_VERBOSE) {
COM_errorLog("WS: No login given");
}
// fallthrough (see below)
}
COM_clearSpeedlimit($_CONF['login_speedlimit'], 'wsauth');
if (COM_checkSpeedlimit('wsauth', $_CONF['login_attempts']) > 0) {
WS_error(PLG_RET_PERMISSION_DENIED, 'Speed Limit exceeded');
}
if (!empty($username) && !empty($password)) {
if ($_CONF['user_login_method']['3rdparty']) {
// remote users will have to use username@servicename
$u = explode('@', $username);
if (count($u) > 1) {
$sv = $u[count($u) - 1];
if (!empty($sv)) {
$modules = SEC_collectRemoteAuthenticationModules();
foreach ($modules as $smod) {
if (strcasecmp($sv, $smod) == 0) {
array_pop($u);
// drop the service name
$uname = implode('@', $u);
$status = SEC_remoteAuthentication($uname, $password, $smod, $uid);
break;
}
}
}
}
}
if ($status == -1 && $_CONF['user_login_method']['standard']) {
$status = SEC_authenticate($username, $password, $uid);
}
}
if ($status == USER_ACCOUNT_ACTIVE) {
$_USER = SESS_getUserDataFromId($uid);
PLG_loginUser($_USER['uid']);
// Global array of groups current user belongs to
$_GROUPS = SEC_getUserGroups($_USER['uid']);
// Global array of current user permissions [read,edit]
$_RIGHTS = explode(',', SEC_getUserPermissions());
if ($_CONF['restrict_webservices']) {
if (!SEC_hasRights('webservices.atompub')) {
COM_updateSpeedlimit('wsauth');
if ($WS_VERBOSE) {
COM_errorLog("WS: User '{$_USER['username']}' ({$_USER['uid']}) does not have permission to use the webservices");
}
// reset user, groups, and rights, just in case ...
$_USER = array();
$_GROUPS = array();
$_RIGHTS = array();
WS_error(PLG_RET_AUTH_FAILED);
}
}
if ($WS_VERBOSE) {
COM_errorLog("WS: User '{$_USER['username']}' ({$_USER['uid']}) successfully logged in");
}
// if there were less than 2 failed login attempts, reset speedlimit
if (COM_checkSpeedlimit('wsauth', 2) == 0) {
if ($WS_VERBOSE) {
COM_errorLog("WS: Successful login - resetting speedlimit");
}
COM_resetSpeedlimit('wsauth');
}
} else {
COM_updateSpeedlimit('wsauth');
if (!empty($username) && !empty($password)) {
COM_updateSpeedlimit('wsauth');
if ($WS_VERBOSE) {
COM_errorLog("WS: Wrong login credentials - counting as 2 failed attempts");
}
} elseif ($WS_VERBOSE) {
COM_errorLog("WS: Empty login credentials - counting as 1 failed attempt");
}
WS_error(PLG_RET_AUTH_FAILED);
}
}
示例4: PAGE_form
//.........這裏部分代碼省略.........
if (isset($A['sp_nf']) && $A['sp_nf'] == 1) {
$sp_template->set_var('exit_checked', 'checked="checked"');
} else {
$sp_template->set_var('exit_checked', '');
}
$sp_template->set_var('exit_msg', $LANG_STATIC['exit_msg']);
$sp_template->set_var('exit_info', $LANG_STATIC['exit_info']);
if (isset($A['sp_inblock']) && $A['sp_inblock'] == 1) {
$sp_template->set_var('inblock_checked', 'checked="checked"');
} else {
$sp_template->set_var('inblock_checked', '');
}
$sp_template->set_var('inblock_msg', $LANG_STATIC['inblock_msg']);
$sp_template->set_var('inblock_info', $LANG_STATIC['inblock_info']);
$curtime = COM_getUserDateTimeFormat($A['unixdate']);
$sp_template->set_var('lang_lastupdated', $LANG_STATIC['date']);
$sp_template->set_var('sp_formateddate', $curtime[0]);
$sp_template->set_var('sp_date', $curtime[1]);
$sp_template->set_var('lang_title', $LANG_STATIC['title']);
$title = '';
if (isset($A['sp_title'])) {
$title = htmlspecialchars($A['sp_title']);
}
$sp_template->set_var('sp_title', $title);
$sp_template->set_var('lang_addtomenu', $LANG_STATIC['addtomenu']);
if (isset($A['sp_onmenu']) && $A['sp_onmenu'] == 1) {
$sp_template->set_var('onmenu_checked', 'checked="checked"');
} else {
$sp_template->set_var('onmenu_checked', '');
}
$sp_template->set_var('lang_label', $LANG_STATIC['label']);
if (isset($A['sp_label'])) {
$sp_template->set_var('sp_label', $A['sp_label']);
} else {
$sp_template->set_var('sp_label', '');
}
$sp_template->set_var('lang_pageformat', $LANG_STATIC['pageformat']);
$sp_template->set_var('lang_blankpage', $LANG_STATIC['blankpage']);
$sp_template->set_var('lang_noblocks', $LANG_STATIC['noblocks']);
$sp_template->set_var('lang_leftblocks', $LANG_STATIC['leftblocks']);
$sp_template->set_var('lang_rightblocks', $LANG_STATIC['rightblocks']);
$sp_template->set_var('lang_leftrightblocks', $LANG_STATIC['leftrightblocks']);
if (!isset($A['sp_format'])) {
$A['sp_format'] = '';
}
if ($A['sp_format'] == 'noblocks') {
$sp_template->set_var('noblock_selected', 'selected="selected"');
} else {
$sp_template->set_var('noblock_selected', '');
}
if ($A['sp_format'] == 'leftblocks') {
$sp_template->set_var('leftblocks_selected', 'selected="selected"');
} else {
$sp_template->set_var('leftblocks_selected', '');
}
if ($A['sp_format'] == 'rightblocks') {
$sp_template->set_var('rightblocks_selected', 'selected="selected"');
} else {
$sp_template->set_var('rightblocks_selected', '');
}
if ($A['sp_format'] == 'blankpage') {
$sp_template->set_var('blankpage_selected', 'selected="selected"');
} else {
$sp_template->set_var('blankpage_selected', '');
}
if ($A['sp_format'] == 'allblocks' or empty($A['sp_format'])) {
$sp_template->set_var('allblocks_selected', 'selected="selected"');
} else {
$sp_template->set_var('allblocks_selected', '');
}
$sp_template->set_var('lang_content', $LANG_STATIC['content']);
$content = '';
if (isset($A['sp_content'])) {
$content = htmlspecialchars($A['sp_content']);
}
$sp_template->set_var('sp_content', $content);
if ($_SP_CONF['filter_html'] == 1) {
$sp_template->set_var('lang_allowedhtml', COM_allowedHTML(SEC_getUserPermissions(), false, 'staticpages', 'page'));
} else {
$sp_template->set_var('lang_allowedhtml', $LANG_STATIC['all_html_allowed']);
}
$sp_template->set_var('lang_hits', $LANG_STATIC['hits']);
if (empty($A['sp_hits'])) {
$sp_template->set_var('sp_hits', '0');
$sp_template->set_var('sp_hits_formatted', '0');
} else {
$sp_template->set_var('sp_hits', $A['sp_hits']);
$sp_template->set_var('sp_hits_formatted', COM_numberFormat($A['sp_hits']));
}
$sp_template->set_var('end_block', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')));
$sp_template->set_var('owner_dropdown', COM_buildOwnerList('owner_id', $A['owner_id']));
$sp_template->set_var('writtenby_dropdown', COM_buildOwnerList('sp_uid', $A['sp_uid']));
$sp_template->set_var('gltoken_name', CSRF_TOKEN);
$sp_template->set_var('gltoken', SEC_createToken());
$sp_template->set_var('admin_menu', ADMIN_createMenu($menu_arr, $LANG_STATIC['instructions_edit'], plugin_geticon_staticpages()));
PLG_templateSetVars('sp_editor', $sp_template);
$retval .= $sp_template->parse('output', 'form');
}
return $retval;
}
示例5: MG_mediaEdit
//.........這裏部分代碼省略.........
$scale_select .= '</select>';
$wmode_select = '<select name="wmode">';
$wmode_select .= '<option value="window" ' . ($playback_options['wmode'] == 'window' ? ' selected="selected"' : '') . '>' . $LANG_MG07['window'] . '</option>';
$wmode_select .= '<option value="opaque" ' . ($playback_options['wmode'] == 'opaque' ? ' selected="selected"' : '') . '>' . $LANG_MG07['opaque'] . '</option>';
$wmode_select .= '<option value="transparent" ' . ($playback_options['wmode'] == 'transparent' ? ' selected="selected"' : '') . '>' . $LANG_MG07['transparent'] . '</option>';
$wmode_select .= '</select>';
$asa_select = '<select name="allowscriptaccess">';
$asa_select .= '<option value="always" ' . ($playback_options['allowscriptaccess'] == 'always' ? ' selected="selected"' : '') . '>' . $LANG_MG07['always'] . '</option>';
$asa_select .= '<option value="sameDomain" ' . ($playback_options['allowscriptaccess'] == 'sameDomain' ? ' selected="selected"' : '') . '>' . $LANG_MG07['sameDomain'] . '</option>';
$asa_select .= '<option value="never" ' . ($playback_options['allowscriptaccess'] == 'never' ? ' selected="selected"' : '') . '>' . $LANG_MG07['never'] . '</option>';
$asa_select .= '</select>';
$T->set_var(array('play_enabled' => $playback_options['play'] ? ' checked="checked"' : '', 'play_disabled' => $playback_options['play'] ? '' : ' checked="checked"', 'menu_enabled' => $playback_options['menu'] ? ' checked="checked"' : '', 'menu_disabled' => $playback_options['menu'] ? '' : ' checked="checked"', 'loop_enabled' => $playback_options['loop'] ? ' checked="checked"' : '', 'loop_disabled' => $playback_options['loop'] ? '' : ' checked="checked"', 'quality_select' => $quality_select, 'scale_select' => $scale_select, 'wmode_select' => $wmode_select, 'asa_select' => $asa_select, 'flashvars' => isset($playback_options['flashvars']) ? $playback_options['flashvars'] : '', 'height' => $playback_options['height'], 'width' => $playback_options['width'], 'bgcolor' => $playback_options['bgcolor'], 'swf_version' => $playback_options['swf_version'], 'lang_playback_options' => $LANG_MG07['playback_options'], 'lang_option' => $LANG_MG07['option'], 'lang_description' => $LANG_MG07['description'], 'lang_on' => $LANG_MG07['on'], 'lang_off' => $LANG_MG07['off'], 'lang_height' => $LANG_MG07['height'], 'lang_width' => $LANG_MG07['width'], 'lang_height_help' => $LANG_MG07['height_help'], 'lang_width_help' => $LANG_MG07['width_help'], 'lang_auto_start' => $LANG_MG07['auto_start'], 'lang_auto_start_help' => $LANG_MG07['auto_start_help'], 'lang_menu' => $LANG_MG07['menu'], 'lang_menu_help' => $LANG_MG07['menu_help'], 'lang_scale' => $LANG_MG07['scale'], 'lang_swf_scale_help' => $LANG_MG07['swf_scale_help'], 'lang_wmode' => $LANG_MG07['wmode'], 'lang_wmode_help' => $LANG_MG07['wmode_help'], 'lang_loop' => $LANG_MG07['loop'], 'lang_loop_help' => $LANG_MG07['loop_help'], 'lang_quality' => $LANG_MG07['quality'], 'lang_quality_help' => $LANG_MG07['quality_help'], 'lang_flash_vars' => $LANG_MG07['flash_vars'], 'lang_asa' => $LANG_MG07['asa'], 'lang_asa_help' => $LANG_MG07['asa_help'], 'lang_bgcolor' => $LANG_MG07['bgcolor'], 'lang_bgcolor_help' => $LANG_MG07['bgcolor_help'], 'lang_swf_version_help' => $LANG_MG07['swf_version_help']));
if ($row['mime_type'] == 'application/x-shockwave-flash') {
$T->parse('playback_options', 'swf_options');
} else {
$T->parse('playback_options', 'flv_options');
}
}
if ($row['media_mime_ext'] == 'mov' || $row['media_mime_ext'] == 'mp4' || $row['mime_type'] == 'video/quicktime' || $row['mime_type'] == 'video/mpeg') {
// pull defaults, then override...
$playback_options['autoref'] = $_MG_CONF['mov_autoref'];
$playback_options['autoplay'] = $_MG_CONF['mov_autoplay'];
$playback_options['controller'] = $_MG_CONF['mov_controller'];
$playback_options['kioskmode'] = isset($_MG_CONF['mov_kioskmod']) ? $_MG_CONF['mov_kiokmode'] : '';
$playback_options['scale'] = $_MG_CONF['mov_scale'];
$playback_options['loop'] = $_MG_CONF['mov_loop'];
$playback_options['height'] = $_MG_CONF['mov_height'];
$playback_options['width'] = $_MG_CONF['mov_width'];
$playback_options['bgcolor'] = $_MG_CONF['mov_bgcolor'];
$poResult = DB_query("SELECT * FROM {$_TABLES['mg_playback_options']} WHERE media_id='" . DB_escapeString($row['media_id']) . "'");
$poNumRows = DB_numRows($poResult);
for ($i = 0; $i < $poNumRows; $i++) {
$poRow = DB_fetchArray($poResult);
$playback_options[$poRow['option_name']] = $poRow['option_value'];
}
$scale_select = '<select name="scale">';
$scale_select .= '<option value="tofit" ' . ($playback_options['scale'] == 'tofit' ? ' selected="selected"' : '') . '>' . $LANG_MG07['to_fit'] . '</option>';
$scale_select .= '<option value="aspect" ' . ($playback_options['scale'] == 'aspect' ? ' selected="selected"' : '') . '>' . $LANG_MG07['aspect'] . '</option>';
$scale_select .= '<option value="1" ' . ($playback_options['scale'] == '1' ? ' selected="selected"' : '') . '>' . $LANG_MG07['normal_size'] . '</option>';
$scale_select .= '</select>';
$T->set_var(array('autoref_enabled' => $playback_options['autoref'] ? ' checked="checked"' : '', 'autoref_disabled' => $playback_options['autoref'] ? '' : ' checked="checked"', 'autoplay_enabled' => $playback_options['autoplay'] ? ' checked="checked"' : '', 'autoplay_disabled' => $playback_options['autoplay'] ? '' : ' checked="checked"', 'controller_enabled' => $playback_options['controller'] ? ' checked="checked"' : '', 'controller_disabled' => $playback_options['controller'] ? '' : ' checked="checked"', 'kioskmode_enabled' => $playback_options['kioskmode'] ? ' checked="checked"' : '', 'kioskmode_disabled' => $playback_options['kioskmode'] ? '' : ' checked="checked"', 'scale_select' => $scale_select, 'loop_enabled' => $playback_options['loop'] ? ' checked="checked"' : '', 'loop_disabled' => $playback_options['loop'] ? '' : ' checked="checked"', 'height' => $playback_options['height'], 'width' => $playback_options['width'], 'bgcolor' => $playback_options['bgcolor'], 'lang_playback_options' => $LANG_MG07['playback_options'], 'lang_option' => $LANG_MG07['option'], 'lang_description' => $LANG_MG07['description'], 'lang_on' => $LANG_MG07['on'], 'lang_off' => $LANG_MG07['off'], 'lang_height' => $LANG_MG07['height'], 'lang_width' => $LANG_MG07['width'], 'lang_height_help' => $LANG_MG07['height_help'], 'lang_width_help' => $LANG_MG07['width_help'], 'lang_auto_start' => $LANG_MG07['auto_start'], 'lang_auto_start_help' => $LANG_MG07['auto_start_help'], 'lang_auto_ref' => $LANG_MG07['auto_ref'], 'lang_auto_ref_help' => $LANG_MG07['auto_ref_help'], 'lang_controller' => $LANG_MG07['controller'], 'lang_controller_help' => $LANG_MG07['controller_help'], 'lang_kiosk_mode' => $LANG_MG07['kiosk_mode'], 'lang_kiosk_mode_help' => $LANG_MG07['kiosk_mode_help'], 'lang_scale' => $LANG_MG07['scale'], 'lang_scale_help' => $LANG_MG07['scale_help'], 'lang_loop' => $LANG_MG07['loop'], 'lang_loop_help' => $LANG_MG07['loop_help'], 'lang_bgcolor' => $LANG_MG07['bgcolor'], 'lang_bgcolor_help' => $LANG_MG07['bgcolor_help']));
$T->parse('playback_options', 'mov_options');
}
$T->set_var(array('original_filename' => $row['media_original_filename'], 'attach_tn' => $row['media_tn_attached'], 'at_tn_checked' => $row['media_tn_attached'] == 1 ? ' checked="checked"' : '', 'album_id' => $album_id, 'media_thumbnail' => $thumbnail, 'nocache' => time(), 'media_id' => $row['media_id'], 'media_title' => $row['media_title'], 'media_desc' => $row['media_desc'], 'media_time' => $media_time[0], 'media_views' => $row['media_views'], 'media_comments' => $row['media_comments'], 'media_exif_info' => $exif_info, 'media_rating_max' => 5, 'height' => $size[1] + 50, 'width' => $size[0] + 40, 'queue' => $mqueue, 'month_select' => $month_select, 'day_select' => $day_select, 'year_select' => $year_select, 'hour_select' => $hour_select, 'minute_select' => $minute_select, 'user_ip' => $row['media_user_ip'], 'album_select' => $album_jumpbox, 'media_rating' => $row['media_rating'] / 2, 'media_votes' => $row['media_votes'], 's_mode' => 'edit', 's_title' => $LANG_MG01['edit_media'], 's_rotate_right' => $rotate_right, 's_rotate_left' => $rotate_left, 's_form_action' => $actionURL, 'allowed_html' => COM_allowedHTML(SEC_getUserPermissions(), false, 'mediagallery', 'media_title'), 'site_url' => $_MG_CONF['site_url'], 'preview' => $preview, 'preview_end' => $preview_end));
if ($row['remote_media'] == 1) {
$T->set_var(array('remoteurl' => $row['remote_url'], 'lang_remote_url' => $LANG_MG01['remote_url']));
} else {
$T->set_var(array('remoteurl' => $row['remote_url'], 'lang_remote_url' => $LANG_MG01['alternate_url']));
}
if ($row['media_type'] == 1) {
$T->set_var(array('lang_resolution' => $LANG_MG07['resolution'], 'resolution' => $row['media_resolution_x'] > 0 && $row['media_resolution_y'] > 0 ? $row['media_resolution_x'] . 'x' . $row['media_resolution_y'] : 'unknown'));
} else {
$T->set_var(array('lang_resolution' => '', 'resolution' => ''));
}
// Pull user information now
if ($row['media_user_id'] != '') {
if ($_CONF['show_fullname']) {
$displayname = 'fullname';
} else {
$displayname = 'username';
}
$username = DB_getItem($_TABLES['users'], $displayname, "uid={$row['media_user_id']}");
} else {
$username = '';
}
$userselect = '<select name="owner_name"> ';
$sql = "SELECT * FROM {$_TABLES['users']} WHERE status=3 AND uid > 1 ORDER BY username ASC";
$result = DB_query($sql);
while ($userRow = DB_fetchArray($result)) {
$userselect .= '<option value="' . $userRow['uid'] . '"' . ($userRow['uid'] == $row['media_user_id'] ? ' selected="selected"' : '') . '>' . $userRow['username'] . '</option>' . LB;
}
$userselect .= '</select>';
if (SEC_hasRights('mediagallery.admin')) {
$T->set_var('username', $userselect);
} else {
$T->set_var('username', $username);
}
$cat_select = '<select name="cat_id" id="cat_id">';
$cat_select .= '<option value="">' . $LANG_MG01['no_category'] . '</option>';
$result = DB_query("SELECT * FROM {$_TABLES['mg_category']} ORDER BY cat_id ASC");
while ($catRow = DB_fetchArray($result)) {
$cat_select .= '<option value="' . $catRow['cat_id'] . '" ' . ($catRow['cat_id'] == $row['media_category'] ? ' selected="selected"' : '') . '>' . $catRow['cat_name'] . '</option>';
}
$cat_select .= '</select>';
// keywords
$keywords = $row['media_keywords'];
if ($back != '') {
$T->set_var(array('rpath' => htmlentities($back, ENT_QUOTES, COM_getEncodingt())));
} else {
$T->set_var(array('rpath' => ''));
}
$artist = $row['artist'];
$musicalbum = $row['album'];
$genre = $row['genre'];
// language items...
$T->set_var(array('lang_original_filename' => $LANG_MG01['original_filename'], 'lang_media_item' => $LANG_MG00['media_col_header'], 'lang_media_attributes' => $LANG_MG01['media_attributes'], 'lang_mediaattributes' => $LANG_MG01['mediaattributes'], 'lang_attached_thumbnail' => $LANG_MG01['attached_thumbnail'], 'lang_category' => $LANG_MG01['category'], 'lang_keywords' => $LANG_MG01['keywords'], 'lang_rating' => $LANG_MG03['rating'], 'lang_comments' => $LANG_MG03['comments'], 'lang_votes' => $LANG_MG03['votes'], 'media_edit_title' => $LANG_MG01['media_edit'], 'media_edit_help' => $LANG_MG01['media_edit_help'], 'rotate_left' => $LANG_MG01['rotate_left'], 'rotate_right' => $LANG_MG01['rotate_right'], 'lang_title' => $LANG_MG01['title'], 'albums' => $LANG_MG01['albums'], 'description' => $LANG_MG01['description'], 'capture_time' => $LANG_MG01['capture_time'], 'views' => $LANG_MG03['views'], 'uploaded_by' => $LANG_MG01['uploaded_by'], 'submit' => $LANG_MG01['submit'], 'cancel' => $LANG_MG01['cancel'], 'reset' => $LANG_MG01['reset'], 'lang_save' => $LANG_MG01['save'], 'lang_reset' => $LANG_MG01['reset'], 'lang_cancel' => $LANG_MG01['cancel'], 'lang_reset_rating' => $LANG_MG01['reset_rating'], 'lang_reset_views' => $LANG_MG01['reset_views'], 'cat_select' => $cat_select, 'media_keywords' => $keywords, 'lang_replacefile' => $LANG_MG01['replace_file'], 'artist' => $artist, 'musicalbum' => $musicalbum, 'genre' => $genre, 'lang_artist' => $LANG_MG01['artist'], 'lang_genre' => $LANG_MG01['genre'], 'lang_music_album' => $LANG_MG01['music_album']));
$T->parse('output', 'admin');
$retval .= $T->finish($T->get_var('output'));
return $retval;
}
示例6: savegroup
/**
* Save a group to the database
*
* @param string $grp_id ID of group to save
* @param string $grp_name Group Name
* @param string $grp_descr Description of group
* @param boolean $grp_admin Flag that indicates this is an admin use group
* @param boolean $grp_gl_core Flag that indicates if this is a core Geeklog group
* @param boolean $grp_default Flag that indicates if this is a default group
* @param boolean $grp_applydefault Flag that indicates whether to apply a change in $grp_default to all existing user accounts
* @param array $features Features the group has access to
* @param array $groups Groups this group will belong to
* @return string HTML refresh or error message
*
*/
function savegroup($grp_id, $grp_name, $grp_descr, $grp_admin, $grp_gl_core, $grp_default, $grp_applydefault, $features, $groups)
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $_GROUP_VERBOSE;
$retval = '';
if (!empty($grp_name) && !empty($grp_descr)) {
$GroupAdminGroups = SEC_getUserGroups();
if (!empty($grp_id) && $grp_id > 0 && !in_array($grp_id, $GroupAdminGroups) && !SEC_groupIsRemoteUserAndHaveAccess($grp_id, $GroupAdminGroups)) {
COM_accessLog("User {$_USER['username']} tried to edit group '{$grp_name}' ({$grp_id}) with insufficient privileges.");
return COM_refresh($_CONF['site_admin_url'] . '/group.php');
}
if ($grp_gl_core == 1 and !is_array($features)) {
COM_errorLog("Sorry, no valid features were passed to this core group ({$grp_id}) and saving could cause problem...bailing.");
return COM_refresh($_CONF['site_admin_url'] . '/group.php');
}
// group names have to be unique, so check if this one exists already
$g_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = '{$grp_name}'");
if ($g_id > 0) {
if (empty($grp_id) || $grp_id != $g_id) {
// there already is a group with that name - complain
$retval .= COM_showMessageText($LANG_ACCESS['groupexistsmsg'], $LANG_ACCESS['groupexists']) . editgroup($grp_id);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_ACCESS['groupeditor']));
return $retval;
}
}
$grp_descr = COM_stripslashes($grp_descr);
$grp_descr = DB_escapeString($grp_descr);
$grp_applydefault_add = true;
if (empty($grp_id)) {
DB_save($_TABLES['groups'], 'grp_name,grp_descr,grp_gl_core,grp_default', "'{$grp_name}','{$grp_descr}',{$grp_gl_core},{$grp_default}");
$grp_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = '{$grp_name}'");
$new_group = true;
} else {
if ($grp_applydefault == 1) {
// check if $grp_default changed
$old_default = DB_getItem($_TABLES['groups'], 'grp_default', "grp_id = {$grp_id}");
if ($old_default == $grp_default) {
// no change required
$grp_applydefault = 0;
} elseif ($old_default == 1) {
$grp_applydefault_add = false;
}
}
DB_save($_TABLES['groups'], 'grp_id,grp_name,grp_descr,grp_gl_core,grp_default', "{$grp_id},'{$grp_name}','{$grp_descr}',{$grp_gl_core},{$grp_default}");
$new_group = false;
}
if (empty($grp_id) || $grp_id < 1) {
// "this shouldn't happen"
COM_errorLog("Internal error: invalid group id");
$retval .= COM_showMessage(95);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_ACCESS['groupeditor']));
return $retval;
}
// Use the field grp_gl_core to indicate if this non-core GL Group
// is an Admin related group
if ($grp_gl_core != 1 and $grp_id > 1) {
if ($grp_admin == 1) {
DB_query("UPDATE {$_TABLES['groups']} SET grp_gl_core=2 WHERE grp_id={$grp_id}");
} else {
DB_query("UPDATE {$_TABLES['groups']} SET grp_gl_core=0 WHERE grp_id={$grp_id}");
}
}
// now save the features
DB_delete($_TABLES['access'], 'acc_grp_id', $grp_id);
$num_features = count($features);
if (SEC_inGroup('Root')) {
foreach ($features as $f) {
DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id,acc_grp_id) VALUES ({$f},{$grp_id})");
}
} else {
$GroupAdminFeatures = SEC_getUserPermissions();
$availableFeatures = explode(',', $GroupAdminFeatures);
foreach ($features as $f) {
if (in_array($f, $availableFeatures)) {
DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id,acc_grp_id) VALUES ({$f},{$grp_id})");
}
}
}
if ($_GROUP_VERBOSE) {
COM_errorLog('groups = ' . $groups);
COM_errorLog("deleting all group_assignments for group {$grp_id}/{$grp_name}", 1);
}
DB_delete($_TABLES['group_assignments'], 'ug_grp_id', $grp_id);
if (!empty($groups)) {
foreach ($groups as $g) {
if (in_array($g, $GroupAdminGroups)) {
//.........這裏部分代碼省略.........
示例7: MG_editAlbum
//.........這裏部分代碼省略.........
$wm_opacity_select .= '<option value="50"' . ($A['opacity'] == 50 ? 'selected="selected"' : '') . '>50%</option>';
$wm_opacity_select .= '<option value="60"' . ($A['opacity'] == 60 ? 'selected="selected"' : '') . '>60%</option>';
$wm_opacity_select .= '<option value="70"' . ($A['opacity'] == 70 ? 'selected="selected"' : '') . '>70%</option>';
$wm_opacity_select .= '<option value="80"' . ($A['opacity'] == 80 ? 'selected="selected"' : '') . '>80%</option>';
$wm_opacity_select .= '<option value="90"' . ($A['opacity'] == 90 ? 'selected="selected"' : '') . '>90%</option>';
$wm_opacity_select .= '</select>';
$wm_location_select = '<select name="wm_location">';
$wm_location_select .= '<option value="1"' . ($A['wm_location'] == 1 ? 'selected="selected"' : '') . '>' . $LANG_MG01['top_left'] . '</option>';
$wm_location_select .= '<option value="2"' . ($A['wm_location'] == 2 ? 'selected="selected"' : '') . '>' . $LANG_MG01['top_center'] . '</option>';
$wm_location_select .= '<option value="3"' . ($A['wm_location'] == 3 ? 'selected="selected"' : '') . '>' . $LANG_MG01['top_right'] . '</option>';
$wm_location_select .= '<option value="4"' . ($A['wm_location'] == 4 ? 'selected="selected"' : '') . '>' . $LANG_MG01['middle_left'] . '</option>';
$wm_location_select .= '<option value="5"' . ($A['wm_location'] == 5 ? 'selected="selected"' : '') . '>' . $LANG_MG01['middle_center'] . '</option>';
$wm_location_select .= '<option value="6"' . ($A['wm_location'] == 6 ? 'selected="selected"' : '') . '>' . $LANG_MG01['middle_right'] . '</option>';
$wm_location_select .= '<option value="7"' . ($A['wm_location'] == 7 ? 'selected="selected"' : '') . '>' . $LANG_MG01['bottom_left'] . '</option>';
$wm_location_select .= '<option value="8"' . ($A['wm_location'] == 8 ? 'selected="selected"' : '') . '>' . $LANG_MG01['bottom_center'] . '</option>';
$wm_location_select .= '<option value="9"' . ($A['wm_location'] == 9 ? 'selected="selected"' : '') . '>' . $LANG_MG01['bottom_right'] . '</option>';
$wm_location_select .= '</select>';
// now select what watermarks we have permission to use...
$whereClause = " WHERE wm_id<>0 AND ";
if (SEC_hasRights('mediagallery.admin')) {
$whereClause .= "1=1";
} else {
$whereClause .= "(owner_id=" . $_USER['uid'] . " OR owner_id=0)";
}
$sql = "SELECT * FROM {$_TABLES['mg_watermarks']} " . $whereClause . " ORDER BY owner_id";
$result = DB_query($sql);
$nRows = DB_numRows($result);
$wm_select = '<select name="wm_id" onchange="change(this)">';
$wm_select .= '<option value="blank.png">' . $LANG_MG01['no_watermark'] . '</option>';
$wm_current = '<img src="' . $_MG_CONF['site_url'] . '/watermarks/blank.png" name="myImage" alt=""/>';
for ($i = 0; $i < $nRows; $i++) {
$row = DB_fetchArray($result);
$wm_select .= '<option value="' . $row['filename'] . '"' . ($A['wm_id'] == $row['wm_id'] ? 'selected="selected"' : '') . '>' . $row['filename'] . '</option>';
if ($A['wm_id'] == $row['wm_id']) {
$wm_current = '<img src="' . $_MG_CONF['site_url'] . '/watermarks/' . $row['filename'] . '" name="myImage" alt=""/>';
}
}
$wm_select .= '</select>';
$frames = new mgFrame();
$skins = array();
$skins = $frames->getFrames();
$skin_select = '<select name="skin">';
$askin_select = '<select name="askin">';
$dskin_select = '<select name="dskin">';
for ($i = 0; $i < count($skins); $i++) {
$skin_select .= '<option value="' . $skins[$i]['dir'] . '"' . ($A['image_skin'] == $skins[$i]['dir'] ? ' selected="selected" ' : '') . '>' . $skins[$i]['name'] . '</option>';
$askin_select .= '<option value="' . $skins[$i]['dir'] . '"' . ($A['album_skin'] == $skins[$i]['dir'] ? ' selected="selected" ' : '') . '>' . $skins[$i]['name'] . '</option>';
$dskin_select .= '<option value="' . $skins[$i]['dir'] . '"' . ($A['display_skin'] == $skins[$i]['dir'] ? ' selected="selected" ' : '') . '>' . $skins[$i]['name'] . '</option>';
}
$skin_select .= '</select>';
$askin_select .= '</select>';
$dskin_select .= '</select>';
// permission template
$usergroups = SEC_getUserGroups();
$groupdd = '';
$moddd = '';
$groupdd .= '<select name="group_id">';
$moddd .= '<select name="mod_id">';
for ($i = 0; $i < count($usergroups); $i++) {
if ($usergroups[key($usergroups)] != 2 && $usergroups[key($usergroups)] != 13) {
$groupdd .= '<option value="' . $usergroups[key($usergroups)] . '"';
$moddd .= '<option value="' . $usergroups[key($usergroups)] . '"';
if ($A['group_id'] == $usergroups[key($usergroups)]) {
$groupdd .= ' selected="selected"';
}
if ($A['mod_group_id'] == $usergroups[key($usergroups)]) {
$moddd .= ' selected="selected"';
}
$groupdd .= '>' . key($usergroups) . '</option>';
$moddd .= '>' . key($usergroups) . '</option>';
}
next($usergroups);
}
$groupdd .= '</select>';
$moddd .= '</select>';
$upload_select = '<input type="checkbox" name="uploads" value="1" ' . ($A['member_uploads'] ? ' checked="checked"' : '') . '/>';
$moderate_select = '<input type="checkbox" name="moderate" value="1" ' . ($A['moderate'] ? ' checked="checked"' : '') . '/>';
$child_update_select = '<input type="checkbox" name="force_child_update" value="1"/>';
$hidden_select = '<input type="checkbox" name="hidden" value="1" ' . ($A['hidden'] ? ' checked="checked"' : '') . '/>';
$allow_download_select = '<input type="checkbox" name="allow_download" value="1" ' . ($A['allow_download'] ? ' checked="checked"' : '') . '/>';
if (SEC_hasRights('mediagallery.admin')) {
$perm_editor = SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$perm_editor = MG_getMemberPermissionsHTML($A['perm_members'], $A['perm_anon']);
}
$T->set_var(array('lang_uploads' => $LANG_MG01['anonymous_uploads_prompt'], 'lang_accessrights' => $LANG_ACCESS['accessrights'], 'lang_owner' => $LANG_ACCESS['owner'], 'owner_username' => DB_getItem($_TABLES['users'], 'username', "uid={$A['owner_id']}"), 'owner_id' => $A['owner_id'], 'lang_group' => $LANG_ACCESS['group'], 'lang_permissions' => $LANG_ACCESS['permissions'], 'lang_perm_key' => $LANG_ACCESS['permissionskey'], 'lang_hidden' => $LANG_MG01['hidden'], 'permissions_msg' => $LANG_ACCESS['permmsg'], 'permissions_editor' => $perm_editor, 'origaid' => '<input type="hidden" name="origaid" value="' . $oldaid . '"/>', 'group_dropdown' => $groupdd, 'mod_dropdown' => $moddd, 'lang_member_upload' => $LANG_MG01['member_upload'], 'lang_moderate_album' => $LANG_MG01['mod_album'], 'lang_mod_group' => $LANG_MG01['moderation_group'], 'uploads' => $upload_select, 'moderate' => $moderate_select, 'hidden' => $hidden_select, 'force_child_update' => $child_update_select, 'lang_force_child_update' => $LANG_MG01['force_child_update'], 'lang_allow_download' => $LANG_MG01['allow_download'], 'owner_select' => $owner_select, 'email_mod_select' => $email_mod_select, 'lang_email_mods_on_submission' => $LANG_MG01['email_mods_on_submission']));
if (SEC_hasRights('mediagallery.admin')) {
$T->parse('perm_editor', 'perms_admin');
} else {
$T->parse('perm_editor', 'perms_member');
}
$T->set_var(array('action' => 'album', 'path_mg' => $_MG_CONF['site_url'], 'attach_select' => $attach_select, 'comment_select' => $comment_select, 'exif_select' => $exif_select, 'ranking_select' => $ranking_select, 'podcast_select' => $podcast_select, 'mp3ribbon_select' => $mp3ribbon_select, 'rsschildren_select' => $rsschildren_select, 'full_select' => $full_select, 'ss_select' => $ss_select, 'sf_select' => $sf_select, 'views_select' => $views_select, 'keywords_select' => $keywords_select, 'album_views_select' => $album_views_select, 'display_album_desc_select' => $display_album_desc_select, 'sort_select' => $sort_select, 'rss_select' => $rss_select, 'postcard_select' => $postcard_select, 'afirst_select' => $afirst_select, 'tn_size_select' => $tn_size_select, 'display_image_size' => $display_image_size_select, 'rows_input' => $rows_input, 'columns_input' => $columns_input, 'playback_type' => $playback_type, 'album_title' => $A['album_title'], 'album_desc' => $A['album_desc'], 'album_id' => $A['album_id'], 'parent_select' => $album_select, 'album_cover' => $A['album_cover'], 'album_owner' => $A['owner_id'], 'album_order' => $A['album_order'], 'album_cover_filename' => $A['album_cover_filename'], 'last_update' => $A['last_update'], 'media_count' => $A['media_count'], 'wm_auto_select' => $wm_auto_select, 'wm_opacity_select' => $wm_opacity_select, 'wm_location_select' => $wm_location_select, 'wm_select' => $wm_select, 'wm_current' => $wm_current, 'album_theme_select' => $album_theme_select, 'album_sort_select' => $album_sort_select, 'allow_download_select' => $allow_download_select, 'filename_title_select' => $filename_title_select, 'skin_select' => $skin_select, 'askin_select' => $askin_select, 'dskin_select' => $dskin_select, 'tnheight_input' => $tnheight_input, 'tnwidth_input' => $tnwidth_input, 'usealternate_select' => $usealternate_select, 'lang_usealternate' => $LANG_MG01['use_alternate_url'], 'lang_tnheight' => $LANG_MG01['tn_height'], 'lang_tnwidth' => $LANG_MG01['tn_width'], 'lang_save' => $LANG_MG01['save'], 'lang_edit_title' => $mode == 'create' ? $LANG_MG01['create_album'] : $LANG_MG01['edit_album'], 's_form_action' => $actionURL, 'lang_image_skin' => $LANG_MG01['image_skin'], 'lang_album_skin' => $LANG_MG01['album_skin'], 'lang_display_skin' => $LANG_MG01['display_skin'], 'lang_album_edit_help' => $LANG_MG01['album_edit_help'], 'lang_title' => $LANG_MG01['title'], 'lang_podcast' => $LANG_MG01['podcast'], 'lang_mp3ribbon' => $LANG_MG01['mp3ribbon'], 'lang_rsschildren' => $LANG_MG01['rsschildren'], 'lang_parent_album' => $LANG_MG01['parent_album'], 'lang_description' => $LANG_MG01['description'], 'lang_cancel' => $LANG_MG01['cancel'], 'lang_delete' => $LANG_MG01['delete'], 'lang_comments' => $LANG_MG01['comments_prompt'], 'lang_enable_exif' => $LANG_MG01['enable_exif'], 'lang_enable_ratings' => $LANG_MG01['enable_ratings'], 'lang_ss_enable' => $LANG_MG01['ss_enable'], 'lang_sf_enable' => $LANG_MG01['sf_enable'], 'lang_tn_size' => $LANG_MG01['tn_size'], 'lang_rows' => $LANG_MG01['rows'], 'lang_columns' => $LANG_MG01['columns'], 'lang_av_play_album' => $LANG_MG01['av_play_album'], 'lang_av_play_options' => $LANG_MG01['av_play_options'], 'lang_attached_thumbnail' => $LANG_MG01['attached_thumbnail'], 'lang_thumbnail' => $LANG_MG01['thumbnail'], 'lang_album_attributes' => $LANG_MG01['album_attributes'], 'lang_album_cover' => $LANG_MG01['album_cover'], 'lang_enable_views' => $LANG_MG01['enable_views'], 'lang_enable_keywords' => $LANG_MG01['enable_keywords'], 'lang_enable_album_views' => $LANG_MG01['enable_album_views'], 'lang_enable_sort' => $LANG_MG01['enable_sort'], 'lang_enable_rss' => $LANG_MG01['enable_rss'], 'lang_enable_postcard' => $LANG_MG01['enable_postcard'], 'lang_albums_first' => $LANG_MG01['albums_first'], 'lang_full_display' => $LANG_MG01['full_display'], 'lang_display_image_size' => $LANG_MG01['display_image_size'], 'lang_album_sort' => $LANG_MG01['default_album_sort'], 'lang_watermark' => $LANG_MG01['watermark'], 'lang_wm_auto' => $LANG_MG01['watermark_auto'], 'lang_wm_opacity' => $LANG_MG01['watermark_opacity'], 'lang_wm_location' => $LANG_MG01['watermark_location'], 'lang_wm_id' => $LANG_MG01['watermark_image'], 'lang_unlimited' => $LANG_MG01['zero_unlimited'], 'lang_display_album_desc' => $LANG_MG01['display_album_desc'], 'lang_filename_title' => $LANG_MG01['filename_title'], 'lang_media_attributes' => $LANG_MG01['media_attributes'], 'lang_theme_select' => $LANG_MG01['album_theme']));
if ($_MG_CONF['htmlallowed'] == 1) {
$T->set_var('allowed_html', COM_allowedHTML(SEC_getUserPermissions(), false, 'mediagallery', 'album_title'));
}
$T->parse('output', 'admin');
$retval .= $T->finish($T->get_var('output'));
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $retval;
}
示例8: WS_authenticate
/**
* Authenticates the user if authentication headers are present
*
* Our handling of the speedlimit here requires some explanation ...
* Atompub clients will usually try to do everything without logging in first.
* Since that would mean that we can't provide feeds for drafts, items with
* special permissions, etc. we ask them to log in (PLG_RET_AUTH_FAILED).
* That, however, means that every request from an Atompub client will count
* as one failed login attempt. So doing a couple of requests in quick
* succession will surely get the client blocked. Therefore
* - a request without any login credentials counts as one failed login attempt
* - a request with wrong login credentials counts as two failed login attempts
* - if, after a successful login, we have only one failed attempt on record,
* we reset the speedlimit
* This still ensures that
* - repeated failed logins (without or with invalid credentials) will cause the
* client to be blocked eventually
* - this can not be used for dictionary attacks
*
*/
function WS_authenticate()
{
global $_CONF, $_TABLES, $_USER, $_GROUPS, $_RIGHTS, $WS_VERBOSE;
$uid = '';
$username = '';
$password = '';
$status = -1;
if (isset($_SERVER['PHP_AUTH_USER'])) {
$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
$username = COM_applyFilter($username);
$password = COM_applyFilter($password);
if ($WS_VERBOSE) {
COM_errorLog("WS: Attempting to log in user '{$username}'");
}
} elseif (!empty($_SERVER['REMOTE_USER'])) {
/* PHP installed as CGI may not have access to authorization headers of
* Apache. In that case, use .htaccess to store the auth header
*/
list($auth_type, $auth_data) = explode(' ', $_SERVER['REMOTE_USER']);
list($username, $password) = explode(':', base64_decode($auth_data));
$username = COM_applyFilter($username);
$password = COM_applyFilter($password);
if ($WS_VERBOSE) {
COM_errorLog("WS: Attempting to log in user '{$username}' (via \$_SERVER['REMOTE_USER'])");
}
} else {
if ($WS_VERBOSE) {
COM_errorLog("WS: No login given");
}
// fallthrough (see below)
}
COM_clearSpeedlimit($_CONF['login_speedlimit'], 'wsauth');
if (COM_checkSpeedlimit('wsauth', $_CONF['login_attempts']) > 0) {
WS_error(PLG_RET_PERMISSION_DENIED, 'Speed Limit exceeded');
}
if (!empty($username) && !empty($password)) {
if ($_CONF['user_login_method']['3rdparty']) {
// remote users will have to use username@servicename
$u = explode('@', $username);
if (count($u) > 1) {
$sv = $u[count($u) - 1];
if (!empty($sv)) {
$modules = SEC_collectRemoteAuthenticationModules();
foreach ($modules as $smod) {
if (strcasecmp($sv, $smod) == 0) {
array_pop($u);
// drop the service name
$uname = implode('@', $u);
$status = SEC_remoteAuthentication($uname, $password, $smod, $uid);
break;
}
}
}
}
}
if ($status == -1 && $_CONF['user_login_method']['standard']) {
$status = SEC_authenticate($username, $password, $uid);
}
}
if ($status == USER_ACCOUNT_ACTIVE) {
$_USER = SESS_getUserDataFromId($uid);
PLG_loginUser($_USER['uid']);
// Global array of groups current user belongs to
$_GROUPS = SEC_getUserGroups($_USER['uid']);
// Global array of current user permissions [read,edit]
$_RIGHTS = explode(',', SEC_getUserPermissions());
if ($_CONF['restrict_webservices']) {
if (!SEC_hasRights('webservices.atompub')) {
COM_updateSpeedlimit('wsauth');
if ($WS_VERBOSE) {
COM_errorLog("WS: User '{$_USER['username']}' ({$_USER['uid']}) does not have permission to use the webservices");
}
// reset user, groups, and rights, just in case ...
$_USER = array();
$_GROUPS = array();
$_RIGHTS = array();
WS_error(PLG_RET_AUTH_FAILED);
}
}
//.........這裏部分代碼省略.........
示例9: submitstory
/**
* Shows the story submission form
*
*/
function submitstory($topic = '')
{
global $_CONF, $_TABLES, $_USER, $LANG12, $LANG24, $REMOTE_ADDR;
$retval = '';
$story = new Story();
if (isset($_POST['mode']) && $_POST['mode'] == $LANG12[32]) {
// preview
$story->loadSubmission();
$retval .= COM_startBlock($LANG12[32]) . STORY_renderArticle($story, 'p') . COM_endBlock();
$retval .= '<div style="border-bottom:1px solid #cccccc"></div>';
} else {
$story->initSubmission($topic);
$story->loadSubmission();
}
if ($_CONF['story_submit_by_perm_only']) {
$topicList = COM_topicList('tid,topic', $story->EditElements('tid'), 1, false, 3);
} else {
$topicList = COM_topicList('tid,topic', $story->EditElements('tid'));
}
// no topics
if ($topicList == '') {
$retval = COM_showMessageText($LANG24[66], '', 1, 'error');
return $retval;
}
$retval .= COM_startBlock($LANG12[6]);
$storyform = new Template($_CONF['path_layout'] . 'submit');
$storyform->set_file('storyform', 'submitstory.thtml');
if ($story->EditElements('postmode') == 'html') {
$storyform->set_var('show_htmleditor', true);
} else {
$storyform->unset_var('show_htmleditor');
}
$storyform->set_var('site_admin_url', $_CONF['site_admin_url']);
$storyform->set_var('lang_username', $LANG12[27]);
if (!COM_isAnonUser()) {
$storyform->set_var('story_username', $_USER['username']);
$storyform->set_var('author', COM_getDisplayName());
$storyform->set_var('status_url', $_CONF['site_url'] . '/users.php?mode=logout');
$storyform->set_var('lang_loginout', $LANG12[34]);
} else {
$storyform->set_var('status_url', $_CONF['site_url'] . '/users.php');
$storyform->set_var('lang_loginout', $LANG12[2]);
if (!$_CONF['disable_new_user_registration']) {
$storyform->set_var('separator', ' | ');
$storyform->set_var('seperator', ' | ');
$storyform->set_var('create_account', COM_createLink($LANG12[53], $_CONF['site_url'] . '/users.php?mode=new', array('rel' => "nofollow")));
}
}
$storyform->set_var('lang_title', $LANG12[10]);
$storyform->set_var('story_title', $story->EditElements('title'));
$storyform->set_var('lang_topic', $LANG12[28]);
$storyform->set_var('story_topic_options', $topicList);
/*
if ( $_CONF['story_submit_by_perm_only'] ) {
$storyform->set_var('story_topic_options', COM_topicList('tid,topic',$story->EditElements('tid'),1,false,3));
} else {
$storyform->set_var('story_topic_options', COM_topicList('tid,topic',$story->EditElements('tid')));
}
*/
$storyform->set_var('lang_story', $LANG12[29]);
$storyform->set_var('lang_introtext', $LANG12[54]);
$storyform->set_var('lang_bodytext', $LANG12[55]);
$storyform->set_var('story_introtext', $story->EditElements('introtext'));
$storyform->set_var('story_bodytext', $story->EditElements('bodytext'));
$storyform->set_var('lang_postmode', $LANG12[36]);
$storyform->set_var('story_postmode_options', COM_optionList($_TABLES['postmodes'], 'code,name', $story->EditElements('postmode')));
$storyform->set_var('postmode', $story->EditElements('postmode'));
$storyform->set_var('allowed_html', COM_allowedHTML(SEC_getUserPermissions(), false, 'glfusion', 'story') . '<br/>' . COM_allowedAutotags(SEC_getUserPermissions(), false, 'glfusion', 'story'));
$storyform->set_var('story_uid', $story->EditElements('uid'));
$storyform->set_var('story_sid', $story->EditElements('sid'));
$storyform->set_var('story_date', $story->EditElements('unixdate'));
PLG_templateSetVars('story', $storyform);
if ($_CONF['skip_preview'] == 1 || isset($_POST['mode']) && $_POST['mode'] == $LANG12[32]) {
$storyform->set_var('save_button', '<input name="mode" type="submit" value="' . $LANG12[8] . '"' . XHTML . '>');
}
$storyform->set_var('lang_preview', $LANG12[32]);
$storyform->parse('theform', 'storyform');
$retval .= $storyform->finish($storyform->get_var('theform'));
$retval .= COM_endBlock();
$urlfor = 'advancededitor';
if (COM_isAnonUser()) {
$urlfor = 'advancededitor' . md5($REMOTE_ADDR);
}
$rc = @setcookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral($urlfor), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']);
return $retval;
}
示例10: CALENDAR_edit
/**
* Shows event editor
*
* @param string $action action we are performing: 'edit', 'clone' or 'moderate'
* @param array $A array holding the event's details
* @param string $msg an optional error message to display
* @return string HTML for event editor or error message
*
*/
function CALENDAR_edit($action, $A, $msg = '')
{
global $_CONF, $_USER, $_GROUPS, $_TABLES, $_USER, $_CA_CONF, $LANG_CAL_1, $LANG_CAL_ADMIN, $LANG10, $LANG12, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE;
USES_lib_admin();
$retval = '';
$menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/plugins/calendar/index.php', 'text' => $LANG_CAL_ADMIN[40]), array('url' => $_CONF['site_admin_url'] . '/moderation.php', 'text' => $LANG_ADMIN['submissions']), array('url' => $_CONF['site_admin_url'] . '/plugins/calendar/index.php?batchadmin=x', 'text' => $LANG_CAL_ADMIN[38]), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']));
switch ($action) {
case 'edit':
case 'clone':
$blocktitle = $LANG_CAL_ADMIN[1];
// Event Editor
$saveoption = $LANG_ADMIN['save'];
// Save
break;
case 'moderate':
$blocktitle = $LANG_CAL_ADMIN[37];
// Moderate Event
$saveoption = $LANG_ADMIN['moderate'];
// Save & Approve
break;
}
if (!empty($msg)) {
$retval .= COM_showMessageText($msg, $LANG_CAL_ADMIN[2], true);
}
$event_templates = new Template($_CONF['path'] . 'plugins/calendar/templates/admin');
$event_templates->set_file('editor', 'eventeditor.thtml');
$event_templates->set_var('lang_allowed_html', COM_allowedHTML(SEC_getUserPermissions(), false, 'calendar', 'description'));
$event_templates->set_var('lang_postmode', $LANG_CAL_ADMIN[3]);
if (!isset($A['perm_owner'])) {
$A['perm_owner'][0] = "0";
}
if (!isset($A['perm_group'])) {
$A['perm_group'][0] = "0";
}
if (!isset($A['perm_members'])) {
$A['perm_members'][0] = "0";
}
if (!isset($A['perm_anon'])) {
$A['perm_anon'][0] = "0";
}
if ($action != 'moderate' and !empty($A['eid'])) {
// Get what level of access user has to this object
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access == 0 or $access == 2) {
// Uh, oh! User doesn't have access to this object
$retval .= COM_showMessageText($LANG_CAL_ADMIN[17], $LANG_ACCESS['accessdenied'], true);
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit event {$eid}.");
return $retval;
}
} else {
if (!isset($A['owner_id']) || $A['owner_id'] == '') {
$A['owner_id'] = $_USER['uid'];
}
if (isset($_GROUPS['Calendar Admin'])) {
$A['group_id'] = $_GROUPS['Calendar Admin'];
} else {
$A['group_id'] = SEC_getFeatureGroup('calendar.edit');
}
SEC_setDefaultPermissions($A, $_CA_CONF['default_permissions']);
$access = 3;
}
if ($action == 'moderate') {
$event_templates->set_var('post_options', COM_optionList($_TABLES['postmodes'], 'code,name', 'plaintext'));
} else {
if (!isset($A['postmode'])) {
$A['postmode'] = $_CONF['postmode'];
}
$event_templates->set_var('post_options', COM_optionList($_TABLES['postmodes'], 'code,name', $A['postmode']));
}
$retval .= COM_startBlock($blocktitle, '', COM_getBlockTemplate('_admin_block', 'header'));
$retval .= ADMIN_createMenu($menu_arr, $LANG_CAL_ADMIN[41], plugin_geticon_calendar());
if (!empty($A['eid'])) {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="delete"%s/>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$event_templates->set_var('lang_delete_confirm', $MESSAGE[76]);
$event_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm));
$event_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
if ($action == 'moderate') {
$event_templates->set_var('submission_option', '<input type="hidden" name="type" value="submission"/>');
}
} else {
// new event
$A['eid'] = COM_makesid();
$A['status'] = 1;
$A['title'] = '';
$A['description'] = '';
$A['url'] = '';
$A['hits'] = 0;
// in case a start date/time has been passed from the calendar,
// pick it up for the end date/time
if (empty($A['dateend'])) {
//.........這裏部分代碼省略.........
示例11: STORY_edit
//.........這裏部分代碼省略.........
}
$story_templates->set_var('cmt_close_ampm_selection', $ampm_select);
if ($_CONF['hour_mode'] == 24) {
$hour_options = COM_getHourFormOptions($story->EditElements('cmt_close_hour'), 24);
} else {
$hour_options = COM_getHourFormOptions($cmt_close_hour);
}
$story_templates->set_var('cmt_close_hour_options', $hour_options);
$minute_options = COM_getMinuteFormOptions($story->EditElements('cmt_close_minute'));
$story_templates->set_var('cmt_close_minute_options', $minute_options);
$story_templates->set_var('cmt_close_second', $story->EditElements('cmt_close_second'));
if ($_CONF['onlyrootfeatures'] == 1 && SEC_inGroup('Root') or $_CONF['onlyrootfeatures'] !== 1) {
$featured_options = "<select name=\"featured\">" . LB . COM_optionList($_TABLES['featurecodes'], 'code,name', $story->EditElements('featured')) . "</select>" . LB;
$featured_options_data = COM_optionList($_TABLES['featurecodes'], 'code,name', $story->EditElements('featured'));
$story_templates->set_var('featured_options_data', $featured_options_data);
} else {
$featured_options = "<input type=\"hidden\" name=\"featured\" value=\"0\"/>";
$story_templates->unset_var('featured_options_data');
}
$story_templates->set_var('featured_options', $featured_options);
$story_templates->set_var('frontpage_options', COM_optionList($_TABLES['frontpagecodes'], 'code,name', $story->EditElements('frontpage')));
$story_templates->set_var('story_introtext', $story->EditElements('introtext'));
$story_templates->set_var('story_bodytext', $story->EditElements('bodytext'));
$story_templates->set_var('lang_introtext', $LANG24[16]);
$story_templates->set_var('lang_bodytext', $LANG24[17]);
$story_templates->set_var('lang_postmode', $LANG24[4]);
$story_templates->set_var('lang_publishoptions', $LANG24[76]);
$story_templates->set_var('lang_publishdate', $LANG24[69]);
$story_templates->set_var('lang_nojavascript', $LANG24[77]);
$story_templates->set_var('postmode', $story->EditElements('postmode'));
if ($story->EditElements('postmode') == 'plaintext' || $story->EditElements('postmode') == 'text') {
$allowedHTML = '';
} else {
$allowedHTML = COM_allowedHTML(SEC_getUserPermissions(), false, 'glfusion', 'story') . '<br/>';
}
$allowedHTML .= COM_allowedAutotags(SEC_getUserPermissions(), false, 'glfusion', 'story');
$story_templates->set_var('lang_allowed_html', $allowedHTML);
$fileinputs = '';
$saved_images = '';
if ($_CONF['maximagesperarticle'] > 0) {
$story_templates->set_var('lang_images', $LANG24[47]);
$icount = DB_count($_TABLES['article_images'], 'ai_sid', DB_escapeString($story->getSid()));
if ($icount > 0) {
$result_articles = DB_query("SELECT * FROM {$_TABLES['article_images']} WHERE ai_sid = '" . DB_escapeString($story->getSid()) . "'");
for ($z = 1; $z <= $icount; $z++) {
$I = DB_fetchArray($result_articles);
$saved_images .= $z . ') ' . COM_createLink($I['ai_filename'], $_CONF['site_url'] . '/images/articles/' . $I['ai_filename']) . ' ' . $LANG_ADMIN['delete'] . ': <input type="checkbox" name="delete[' . $I['ai_img_num'] . ']" /><br />';
}
}
$newallowed = $_CONF['maximagesperarticle'] - $icount;
for ($z = $icount + 1; $z <= $_CONF['maximagesperarticle']; $z++) {
$fileinputs .= $z . ') <input type="file" dir="ltr" name="file[]' . '" />';
if ($z < $_CONF['maximagesperarticle']) {
$fileinputs .= '<br />';
}
}
$fileinputs .= '<br />' . $LANG24[51];
if ($_CONF['allow_user_scaling'] == 1) {
$fileinputs .= $LANG24[27];
}
$fileinputs .= $LANG24[28] . '<br />';
}
$story_templates->set_var('saved_images', $saved_images);
$story_templates->set_var('image_form_elements', $fileinputs);
$story_templates->set_var('lang_hits', $LANG24[18]);
$story_templates->set_var('story_hits', $story->EditElements('hits'));
示例12: USER_mergeAccounts
/**
* Merge User Accounts
*
* This validates the entered password and then merges a remote
* account with a local account.
*
* @return string HTML merge form if error, redirect on success
*
*/
function USER_mergeAccounts()
{
global $_CONF, $_SYSTEM, $_TABLES, $_USER, $LANG04, $LANG12, $LANG20;
$retval = '';
$remoteUID = COM_applyFilter($_POST['remoteuid'], true);
$localUID = COM_applyFilter($_POST['localuid'], true);
$localpwd = $_POST['localp'];
$localResult = DB_query("SELECT * FROM {$_TABLES['users']} WHERE uid=" . (int) $localUID);
$localRow = DB_fetchArray($localResult);
if (SEC_check_hash($localpwd, $localRow['passwd'])) {
// password is valid
$sql = "SELECT * FROM {$_TABLES['users']} WHERE remoteusername <> '' and email='" . DB_escapeString($localRow['email']) . "'";
$result = DB_query($sql);
$numRows = DB_numRows($result);
if ($numRows == 1) {
$remoteRow = DB_fetchArray($result);
if ($remoteUID == $remoteRow['uid']) {
$remoteUID = (int) $remoteRow['uid'];
$remoteService = substr($remoteRow['remoteservice'], 6);
} else {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
} else {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
$sql = "UPDATE {$_TABLES['users']} SET remoteusername='" . DB_escapeString($remoteRow['remoteusername']) . "'," . "remoteservice='" . DB_escapeString($remoteRow['remoteservice']) . "', " . "account_type=3 " . " WHERE uid=" . (int) $localUID;
DB_query($sql);
$_USER['uid'] = $localRow['uid'];
$local_login = true;
SESS_completeLogin($localUID);
$_GROUPS = SEC_getUserGroups($_USER['uid']);
$_RIGHTS = explode(',', SEC_getUserPermissions());
if ($_SYSTEM['admin_session'] > 0 && $local_login) {
if (SEC_isModerator() || SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit', 'OR') || count(PLG_getAdminOptions()) > 0) {
$admin_token = SEC_createTokenGeneral('administration', $_SYSTEM['admin_session']);
SEC_setCookie('token', $admin_token, 0, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
}
}
COM_resetSpeedlimit('login');
// log the user out
SESS_endUserSession($remoteUID);
// Let plugins know a user is being merged
PLG_moveUser($remoteUID, $_USER['uid']);
// Ok, now delete everything related to this user
// let plugins update their data for this user
PLG_deleteUser($remoteUID);
if (function_exists('CUSTOM_userDeleteHook')) {
CUSTOM_userDeleteHook($remoteUID);
}
// Call custom account profile delete function if enabled and exists
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userDelete')) {
CUSTOM_userDelete($remoteUID);
}
// remove from all security groups
DB_delete($_TABLES['group_assignments'], 'ug_uid', $remoteUID);
// remove user information and preferences
DB_delete($_TABLES['userprefs'], 'uid', $remoteUID);
DB_delete($_TABLES['userindex'], 'uid', $remoteUID);
DB_delete($_TABLES['usercomment'], 'uid', $remoteUID);
DB_delete($_TABLES['userinfo'], 'uid', $remoteUID);
// delete user photo, if enabled & exists
if ($_CONF['allow_user_photo'] == 1) {
$photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$remoteUID}");
USER_deletePhoto($photo, false);
}
// delete subscriptions
DB_delete($_TABLES['subscriptions'], 'uid', $remoteUID);
// in case the user owned any objects that require Admin access, assign
// them to the Root user with the lowest uid
$rootgroup = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Root'");
$result = DB_query("SELECT DISTINCT ug_uid FROM {$_TABLES['group_assignments']} WHERE ug_main_grp_id = '{$rootgroup}' ORDER BY ug_uid LIMIT 1");
$A = DB_fetchArray($result);
$rootuser = $A['ug_uid'];
if ($rootuser == '' || $rootuser < 2) {
$rootuser = 2;
}
DB_query("UPDATE {$_TABLES['blocks']} SET owner_id = {$rootuser} WHERE owner_id = {$remoteUID}");
DB_query("UPDATE {$_TABLES['topics']} SET owner_id = {$rootuser} WHERE owner_id = {$remoteUID}");
// now delete the user itself
DB_delete($_TABLES['users'], 'uid', $remoteUID);
} else {
// invalid password - let's try one more time
// need to set speed limit and give them 3 tries
COM_clearSpeedlimit($_CONF['login_speedlimit'], 'merge');
$last = COM_checkSpeedlimit('merge', 4);
if ($last > 0) {
COM_setMsg($LANG04[190], 'error');
echo COM_refresh($_CONF['site_url'] . '/users.php');
} else {
COM_updateSpeedlimit('merge');
USER_mergeAccountScreen($remoteUID, $localUID, $LANG20[3]);
//.........這裏部分代碼省略.........