| [ Index ] |
|
Code source de GeekLog 1.4.1 |
1 <?php 2 3 // Reminder: always indent with 4 spaces (no tabs). 4 // +---------------------------------------------------------------------------+ 5 // | Links Plugin 1.0 | 6 // +---------------------------------------------------------------------------+ 7 // | index.php | 8 // | | 9 // | Geeklog Links Plugin administration page. | 10 // +---------------------------------------------------------------------------+ 11 // | Copyright (C) 2000-2006 by the following authors: | 12 // | | 13 // | Authors: Tony Bibbs - tony AT tonybibbs DOT com | 14 // | Mark Limburg - mlimburg AT users DOT sourceforge DOT net | 15 // | Jason Whittenburg - jwhitten AT securitygeeks DOT com | 16 // | Dirk Haun - dirk AT haun-online DOT de | 17 // +---------------------------------------------------------------------------+ 18 // | | 19 // | This program is free software; you can redistribute it and/or | 20 // | modify it under the terms of the GNU General Public License | 21 // | as published by the Free Software Foundation; either version 2 | 22 // | of the License, or (at your option) any later version. | 23 // | | 24 // | This program is distributed in the hope that it will be useful, | 25 // | but WITHOUT ANY WARRANTY; without even the implied warranty of | 26 // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | 27 // | GNU General Public License for more details. | 28 // | | 29 // | You should have received a copy of the GNU General Public License | 30 // | along with this program; if not, write to the Free Software Foundation, | 31 // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | 32 // | | 33 // +---------------------------------------------------------------------------+ 34 // 35 36 /** 37 * Geeklog links administration page. 38 * 39 * @package Links 40 * @subpackage admin 41 * @filesource 42 * @version 1.0 43 * @since GL 1.4.0 44 * @copyright Copyright © 2005-2006 45 * @license http://opensource.org/licenses/gpl-license.php GNU Public License 46 * @author Trinity Bays <trinity93@steubentech.com> 47 * @author Tony Bibbs <tony@tonybibbs.com> 48 * @author Tom Willett <twillett@users.sourceforge.net> 49 * @author Blaine Lang <langmail@sympatico.ca> 50 * @author Dirk Haun <dirk@haun-online.de> 51 */ 52 53 // $Id: index.php,v 1.39 2006/09/23 20:52:44 dhaun Exp $ 54 55 require_once ('../../../lib-common.php'); 56 require_once ('../../auth.inc.php'); 57 58 // Uncomment the lines below if you need to debug the HTTP variables being passed 59 // to the script. This will sometimes cause errors but it will allow you to see 60 // the data being passed in a POST operation 61 // echo COM_debug($_POST); 62 // exit; 63 64 $display = ''; 65 66 if (!SEC_hasRights ('links.edit')) { 67 $display .= COM_siteHeader ('menu', $MESSAGE[30]); 68 $display .= COM_startBlock ($MESSAGE[30], '', 69 COM_getBlockTemplate ('_msg_block', 'header')); 70 $display .= $MESSAGE[34]; 71 $display .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 72 $display .= COM_siteFooter (); 73 COM_accessLog ("User {$_USER['username']} tried to illegally access the links administration screen."); 74 echo $display; 75 exit; 76 } 77 78 /** 79 * Shows the links editor 80 * 81 * @param string $mode Used to see if we are moderating a link or simply editing one 82 * @param string $lid ID of link to edit 83 * @global array core config vars 84 * @global array core group data 85 * @global array core table data 86 * @global array core user data 87 * @global array links plugin config vars 88 * @global array links plugin lang vars 89 * @global array core lang access vars 90 * @return string HTML for the link editor form 91 * 92 */ 93 function editlink ($mode, $lid = '') 94 { 95 global $_CONF, $_GROUPS, $_TABLES, $_USER, $_LI_CONF, 96 $LANG_LINKS_ADMIN, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE; 97 98 $retval = ''; 99 100 $link_templates = new Template($_CONF['path'] . 'plugins/links/templates/admin/'); 101 $link_templates->set_file('editor','linkeditor.thtml'); 102 $link_templates->set_var('site_url', $_CONF['site_url']); 103 $link_templates->set_var('site_admin_url', $_CONF['site_admin_url']); 104 $link_templates->set_var('layout_url',$_CONF['layout_url']); 105 if ($mode <> 'editsubmission' AND !empty($lid)) { 106 $result = DB_query("SELECT * FROM {$_TABLES['links']} WHERE lid ='$lid'"); 107 $A = DB_fetchArray($result); 108 $access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']); 109 if ($access == 0 OR $access == 2) { 110 $retval .= COM_startBlock($LANG_LINKS_ADMIN[16], '', 111 COM_getBlockTemplate ('_msg_block', 'header')); 112 $retval .= $LANG_LINKS_ADMIN[17]; 113 $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 114 COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link $lid."); 115 return $retval; 116 } 117 } else { 118 if ($mode == 'editsubmission') { 119 $result = DB_query ("SELECT * FROM {$_TABLES['linksubmission']} WHERE lid = '$lid'"); 120 $A = DB_fetchArray($result); 121 } else { 122 $A['lid'] = COM_makesid(); 123 $A['category'] = ''; 124 $A['url'] = ''; 125 $A['description'] = ''; 126 $A['title']= ''; 127 } 128 $A['hits'] = 0; 129 $A['owner_id'] = $_USER['uid']; 130 if (isset ($_GROUPS['Links Admin'])) { 131 $A['group_id'] = $_GROUPS['Links Admin']; 132 } else { 133 $A['group_id'] = SEC_getFeatureGroup ('links.edit'); 134 } 135 SEC_setDefaultPermissions ($A, $_LI_CONF['default_permissions']); 136 $access = 3; 137 } 138 $retval .= COM_startBlock ($LANG_LINKS_ADMIN[1], '', 139 COM_getBlockTemplate ('_admin_block', 'header')); 140 141 $link_templates->set_var('link_id', $A['lid']); 142 if (!empty($lid) && SEC_hasRights('links.edit')) { 143 $delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] 144 . '" name="mode"%s>'; 145 $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"'; 146 $link_templates->set_var ('delete_option', 147 sprintf ($delbutton, $jsconfirm)); 148 $link_templates->set_var ('delete_option_no_confirmation', 149 sprintf ($delbutton, '')); 150 } 151 $link_templates->set_var('lang_linktitle', $LANG_LINKS_ADMIN[3]); 152 $link_templates->set_var('link_title', 153 htmlspecialchars (stripslashes ($A['title']))); 154 $link_templates->set_var('lang_linkid', $LANG_LINKS_ADMIN[2]); 155 $link_templates->set_var('lang_linkurl', $LANG_LINKS_ADMIN[4]); 156 $link_templates->set_var('max_url_length', 255); 157 $link_templates->set_var('link_url', $A['url']); 158 $link_templates->set_var('lang_includehttp', $LANG_LINKS_ADMIN[6]); 159 $link_templates->set_var('lang_category', $LANG_LINKS_ADMIN[5]); 160 $othercategory = $A['category']; 161 $link_templates->set_var('category_options', 162 links_getCategoryList ($othercategory)); 163 $link_templates->set_var('lang_ifotherspecify', $LANG_LINKS_ADMIN[20]); 164 $link_templates->set_var('category', $othercategory); 165 $link_templates->set_var('lang_linkhits', $LANG_LINKS_ADMIN[8]); 166 $link_templates->set_var('link_hits', $A['hits']); 167 $link_templates->set_var('lang_linkdescription', $LANG_LINKS_ADMIN[9]); 168 $link_templates->set_var('link_description', stripslashes($A['description'])); 169 $link_templates->set_var('lang_save', $LANG_ADMIN['save']); 170 $link_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']); 171 172 // user access info 173 $link_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']); 174 $link_templates->set_var('lang_owner', $LANG_ACCESS['owner']); 175 $ownername = COM_getDisplayName ($A['owner_id']); 176 $link_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 177 'username', "uid = {$A['owner_id']}")); 178 $link_templates->set_var('owner_name', $ownername); 179 $link_templates->set_var('owner', $ownername); 180 $link_templates->set_var('link_ownerid', $A['owner_id']); 181 $link_templates->set_var('lang_group', $LANG_ACCESS['group']); 182 $link_templates->set_var('group_dropdown', 183 SEC_getGroupDropdown ($A['group_id'], $access)); 184 $link_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']); 185 $link_templates->set_var('lang_permissionskey', $LANG_ACCESS['permissionskey']); 186 $link_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon'])); 187 $link_templates->set_var('lang_lockmsg', $LANG_ACCESS['permmsg']); 188 $link_templates->parse('output', 'editor'); 189 $retval .= $link_templates->finish($link_templates->get_var('output')); 190 191 $retval .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer')); 192 193 return $retval; 194 } 195 196 /** 197 * Saves link to the database 198 * 199 * @param string $lid ID for link 200 * @param string $old_lid old ID for link 201 * @param string $category Category link belongs to 202 * @param string $categorydd Category links belong to 203 * @param string $url URL of link to save 204 * @param string $description Description of link 205 * @param string $title Title of link 206 * @param int $hits Number of hits for link 207 * @param int $owner_id ID of owner 208 * @param int $group_id ID of group link belongs to 209 * @param int $perm_owner Permissions the owner has 210 * @param int $perm_group Permissions the group has 211 * @param int $perm_members Permissions members have 212 * @param int $perm_anon Permissions anonymous users have 213 * @return string HTML redirect or error message 214 * @global array core config vars 215 * @global array core group data 216 * @global array core table data 217 * @global array core user data 218 * @global array core msg data 219 * @global array links plugin lang admin vars 220 * 221 */ 222 function savelink ($lid, $old_lid, $category, $categorydd, $url, $description, $title, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon) 223 { 224 global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_LINKS_ADMIN; 225 226 $retval = ''; 227 228 // Convert array values to numeric permission values 229 if (is_array($perm_owner) OR is_array($perm_group) OR is_array($perm_members) OR is_array($perm_anon)) { 230 list($perm_owner,$perm_group,$perm_members,$perm_anon) = SEC_getPermissionValues($perm_owner,$perm_group,$perm_members,$perm_anon); 231 } 232 233 // clean 'em up 234 $description = addslashes (COM_checkHTML (COM_checkWords ($description))); 235 $title = addslashes (COM_checkHTML (COM_checkWords ($title))); 236 $category = addslashes ($category); 237 238 if (empty ($owner_id)) { 239 // this is new link from admin, set default values 240 $owner_id = $_USER['uid']; 241 if (isset ($_GROUPS['Links Admin'])) { 242 $group_id = $_GROUPS['Links Admin']; 243 } else { 244 $group_id = SEC_getFeatureGroup ('links.edit'); 245 } 246 $perm_owner = 3; 247 $perm_group = 2; 248 $perm_members = 2; 249 $perm_anon = 2; 250 } 251 252 $lid = COM_sanitizeID ($lid); 253 if (empty ($lid)) { 254 if (empty ($old_lid)) { 255 $lid = COM_makeSid (); 256 } else { 257 $lid = $old_lid; 258 } 259 } 260 261 $access = 0; 262 $old_lid = addslashes ($old_lid); 263 if (DB_count ($_TABLES['links'], 'lid', $old_lid) > 0) { 264 $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$old_lid}'"); 265 $A = DB_fetchArray ($result); 266 $access = SEC_hasAccess ($A['owner_id'], $A['group_id'], 267 $A['perm_owner'], $A['perm_group'], $A['perm_members'], 268 $A['perm_anon']); 269 } else { 270 $access = SEC_hasAccess ($owner_id, $group_id, $perm_owner, $perm_group, 271 $perm_members, $perm_anon); 272 } 273 if (($access < 3) || !SEC_inGroup ($group_id)) { 274 $display .= COM_siteHeader ('menu', $MESSAGE[30]); 275 $display .= COM_startBlock ($MESSAGE[30], '', 276 COM_getBlockTemplate ('_msg_block', 'header')); 277 $display .= $MESSAGE[31]; 278 $display .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 279 $display .= COM_siteFooter (); 280 COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link $lid."); 281 echo $display; 282 exit; 283 } elseif (!empty($title) && !empty($description) && !empty($url)) { 284 285 if ($categorydd != $LANG_LINKS_ADMIN[7] && !empty($categorydd)) { 286 $category = addslashes ($categorydd); 287 } else if ($categorydd != $LANG_LINKS_ADMIN[7]) { 288 echo COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php'); 289 } 290 291 DB_delete ($_TABLES['linksubmission'], 'lid', $old_lid); 292 DB_delete ($_TABLES['links'], 'lid', $old_lid); 293 294 DB_save ($_TABLES['links'], 'lid,category,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'$lid','$category','$url','$description','$title',NOW(),'$hits',$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon"); 295 COM_rdfUpToDateCheck ('links', $category, $lid); 296 297 return COM_refresh ($_CONF['site_admin_url'] . '/plugins/links/index.php?msg=2'); 298 } else { // missing fields 299 $retval .= COM_siteHeader('menu', $LANG_LINKS_ADMIN[1]); 300 $retval .= COM_errorLog($LANG_LINKS_ADMIN[10],2); 301 if (DB_count ($_TABLES['links'], 'lid', $old_lid) > 0) { 302 $retval .= editlink ('edit', $old_lid); 303 } else { 304 $retval .= editlink ('edit', ''); 305 } 306 $retval .= COM_siteFooter(); 307 308 return $retval; 309 } 310 } 311 312 /** 313 * List links 314 * @global array core config vars 315 * @global array core table data 316 * @global array core user data 317 * @global array core lang admin vars 318 * @global array links plugin lang vars 319 * @global array core lang access vars 320 */ 321 function listlinks () 322 { 323 global $_CONF, $_TABLES, $LANG_ADMIN, $LANG_LINKS_ADMIN, $LANG_ACCESS, $_IMAGE_TYPE; 324 require_once( $_CONF['path_system'] . 'lib-admin.php' ); 325 $retval = ''; 326 327 $header_arr = array( # display 'text' and use table field 'field' 328 array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false), 329 array('text' => $LANG_LINKS_ADMIN[2], 'field' => 'lid', 'sort' => true), 330 array('text' => $LANG_ADMIN['title'], 'field' => 'title', 'sort' => true), 331 array('text' => $LANG_ACCESS['access'], 'field' => 'access', 'sort' => false), 332 array('text' => $LANG_LINKS_ADMIN[14], 'field' => 'category', 'sort' => true)); 333 334 $defsort_arr = array('field' => 'title', 'direction' => 'asc'); 335 336 $menu_arr = array ( 337 array('url' => $_CONF['site_admin_url'] . '/plugins/links/index.php?mode=edit', 338 'text' => $LANG_ADMIN['create_new']), 339 array('url' => $_CONF['site_admin_url'], 340 'text' => $LANG_ADMIN['admin_home'])); 341 342 $text_arr = array('has_menu' => true, 343 'has_extras' => true, 344 'title' => $LANG_LINKS_ADMIN[11], 'instructions' => $LANG_LINKS_ADMIN[12], 345 'icon' => $_CONF['site_url'] . '/links/images/links.png', 346 'form_url' => $_CONF['site_admin_url'] . "/plugins/links/index.php"); 347 348 $query_arr = array('table' => 'links', 349 'sql' => "SELECT * FROM {$_TABLES['links']} WHERE 1=1", 350 'query_fields' => array('title', 'category', 'url', 'description'), 351 'default_filter' => COM_getPermSql ('AND')); 352 353 $retval .= ADMIN_list ("links", "plugin_getListField_links", $header_arr, $text_arr, 354 $query_arr, $menu_arr, $defsort_arr); 355 356 return $retval; 357 } 358 359 /** 360 * Delete a link 361 * 362 * @param string $lid id of link to delete 363 * @return string HTML redirect 364 * 365 */ 366 function deleteLink ($lid) 367 { 368 global $_CONF, $_TABLES, $_USER; 369 370 $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid ='$lid'"); 371 $A = DB_fetchArray ($result); 372 $access = SEC_hasAccess ($A['owner_id'], $A['group_id'], $A['perm_owner'], 373 $A['perm_group'], $A['perm_members'], $A['perm_anon']); 374 if ($access < 3) { 375 COM_accessLog ("User {$_USER['username']} tried to illegally delete link $lid."); 376 return COM_refresh ($_CONF['site_admin_url'] . '/plugins/links/index.php'); 377 } 378 379 DB_delete ($_TABLES['links'], 'lid', $lid); 380 381 return COM_refresh ($_CONF['site_admin_url'] 382 . '/plugins/links/index.php?msg=3'); 383 } 384 385 // MAIN 386 $mode = ''; 387 if (isset ($_REQUEST['mode'])) { 388 $mode = $_REQUEST['mode']; 389 } 390 391 if (($mode == $LANG_ADMIN['delete']) && !empty ($LANG_ADMIN['delete'])) { 392 $lid = COM_applyFilter ($_POST['lid']); 393 if (!isset ($lid) || empty ($lid)) { // || ($lid == 0) 394 COM_errorLog ('Attempted to delete link lid=' . $lid ); 395 $display .= COM_refresh ($_CONF['site_admin_url'] . '/plugins/links/index.php'); 396 } else { 397 $display .= deleteLink ($lid); 398 } 399 } else if (($mode == $LANG_ADMIN['save']) && !empty ($LANG_ADMIN['save'])) { 400 $display .= savelink (COM_applyFilter ($_POST['lid']), 401 COM_applyFilter ($_POST['old_lid']), 402 $_POST['category'], $_POST['categorydd'], 403 $_POST['url'], $_POST['description'], $_POST['title'], 404 COM_applyFilter ($_POST['hits'], true), 405 COM_applyFilter ($_POST['owner_id'], true), 406 COM_applyFilter ($_POST['group_id'], true), 407 $_POST['perm_owner'], $_POST['perm_group'], 408 $_POST['perm_members'], $_POST['perm_anon']); 409 } else if ($mode == 'editsubmission') { 410 $display .= COM_siteHeader ('menu', $LANG_LINKS_ADMIN[1]); 411 $display .= editlink ($mode, COM_applyFilter ($_GET['id'])); 412 $display .= COM_siteFooter (); 413 } else if ($mode == 'edit') { 414 $display .= COM_siteHeader ('menu', $LANG_LINKS_ADMIN[1]); 415 if (empty ($_GET['lid'])) { 416 $display .= editlink ($mode); 417 } else { 418 $display .= editlink ($mode, COM_applyFilter ($_GET['lid'])); 419 } 420 $display .= COM_siteFooter (); 421 } else { // 'cancel' or no mode at all 422 $display .= COM_siteHeader ('menu', $LANG_LINKS_ADMIN[11]); 423 if (isset ($_REQUEST['msg'])) { 424 $msg = COM_applyFilter ($_REQUEST['msg'], true); 425 if ($msg > 0) { 426 $display .= COM_showMessage ($msg, 'links'); 427 } 428 } 429 $display .= listlinks(); 430 $display .= COM_siteFooter (); 431 } 432 433 echo $display; 434 435 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Wed Nov 21 12:27:40 2007 | par Balluche grâce à PHPXref 0.7 |
|
|