| [ Index ] |
|
Code source de GeekLog 1.4.1 |
1 <?php 2 3 /* Reminder: always indent with 4 spaces (no tabs). */ 4 // +---------------------------------------------------------------------------+ 5 // | Geeklog 1.4 | 6 // +---------------------------------------------------------------------------+ 7 // | index.php | 8 // | | 9 // | Geeklog poll administration page | 10 // +---------------------------------------------------------------------------+ 11 // | Copyright (C) 2000-2006 by the following authors: | 12 // | | 13 // | Authors: Tony Bibbs - tony AT tonybibbs DOT com | 14 // | Mark Limburg - mlimburg AT users DOT sourceforge DOT net | 15 // | Jason Whittenburg - jwhitten AT securitygeeks DOT com | 16 // | Dirk Haun - dirk AT haun-online DOT de | 17 // +---------------------------------------------------------------------------+ 18 // | | 19 // | This program is free software; you can redistribute it and/or | 20 // | modify it under the terms of the GNU General Public License | 21 // | as published by the Free Software Foundation; either version 2 | 22 // | of the License, or (at your option) any later version. | 23 // | | 24 // | This program is distributed in the hope that it will be useful, | 25 // | but WITHOUT ANY WARRANTY; without even the implied warranty of | 26 // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | 27 // | GNU General Public License for more details. | 28 // | | 29 // | You should have received a copy of the GNU General Public License | 30 // | along with this program; if not, write to the Free Software Foundation, | 31 // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | 32 // | | 33 // +---------------------------------------------------------------------------+ 34 // 35 // $Id: index.php,v 1.40 2006/12/12 09:50:03 ospiess Exp $ 36 37 // Set this to true if you want to log debug messages to error.log 38 $_POLL_VERBOSE = false; 39 40 require_once ('../../../lib-common.php'); 41 require_once ('../../auth.inc.php'); 42 43 // number of polls to list per page 44 define ('POLLS_PER_PAGE', 50); 45 46 $display = ''; 47 48 if (!SEC_hasRights ('polls.edit')) { 49 $display .= COM_siteHeader ('menu', $MESSAGE[30]); 50 $display .= COM_startBlock ($MESSAGE[30], '', 51 COM_getBlockTemplate ('_msg_block', 'header')); 52 $display .= $MESSAGE[36]; 53 $display .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 54 $display .= COM_siteFooter (); 55 COM_accessLog ("User {$_USER['username']} tried to illegally access the poll administration screen."); 56 echo $display; 57 exit; 58 } 59 60 // Uncomment the line below if you need to debug the HTTP variables being passed 61 // to the script. This will sometimes cause errors but it will allow you to see 62 // the data being passed in a POST operation 63 // echo COM_debug($_POST); 64 65 function listpolls() 66 { 67 global $_CONF, $_TABLES, $_IMAGE_TYPE, $LANG_ADMIN, $LANG25, $LANG_ACCESS; 68 69 require_once( $_CONF['path_system'] . 'lib-admin.php' ); 70 71 $retval = ''; 72 73 $header_arr = array( # dislay 'text' and use table field 'field' 74 array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false), 75 array('text' => $LANG25[9], 'field' => 'question', 'sort' => true), 76 array('text' => $LANG25[20], 'field' => 'voters', 'sort' => true), 77 array('text' => $LANG_ACCESS['access'], 'field' => 'access', 'sort' => false), 78 array('text' => $LANG25[3], 'field' => 'unixdate', 'sort' => true), 79 array('text' => $LANG25[8], 'field' => 'display', 'sort' => true)); 80 81 $defsort_arr = array('field' => 'unixdate', 'direction' => 'desc'); 82 83 $menu_arr = array ( 84 array('url' => $_CONF['site_admin_url'] . '/plugins/polls/index.php?mode=edit', 85 'text' => $LANG_ADMIN['create_new']), 86 array('url' => $_CONF['site_admin_url'], 87 'text' => $LANG_ADMIN['admin_home'])); 88 89 $text_arr = array('has_menu' => true, 90 'has_extras' => true, 91 'title' => $LANG25[18], 'instructions' => $LANG25[19], 92 'icon' => $_CONF['site_url'] . '/polls/images/polls.png', 93 'form_url' => $_CONF['site_admin_url'] . "/plugins/polls/index.php"); 94 95 $query_arr = array('table' => 'pollquestions', 96 'sql' => "SELECT *,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['pollquestions']} WHERE 1=1", 97 'query_fields' => array('question'), 98 'default_filter' => COM_getPermSql ('AND')); 99 100 $retval = ADMIN_list ('polls', 'plugin_getListField_polls', $header_arr, 101 $text_arr, $query_arr, $menu_arr, $defsort_arr); 102 103 return $retval; 104 } 105 106 /** 107 * Saves a poll 108 * 109 * Saves a poll question and potential answers to the database 110 * 111 * @param string $qid Question ID 112 * @param int $display Flag to indicate if poll appears on homepage 113 * @param string $question The text for the question 114 * @param int $voters Number of votes 115 * @param int $statuscode (unused) 116 * @param int $commentcode Indicates if users can comment on poll 117 * @param array $A Array of possible answers 118 * @param array $V Array of vote per each answer 119 * @param int $owner_id ID of poll owner 120 * @param int $group_id ID of group poll belongs to 121 * @param int $perm_owner Permissions the owner has on poll 122 * @param int $perm_grup Permissions the group has on poll 123 * @param int $perm_members Permissions logged in members have on poll 124 * @param int $perm_anon Permissions anonymous users have on poll 125 * @return string HTML redirect or error message 126 * 127 */ 128 function savepoll ($qid, $mainpage, $question, $voters, $statuscode, $commentcode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon) 129 { 130 global $_CONF, $_TABLES, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE; 131 132 $retval = ''; 133 134 // Convert array values to numeric permission values 135 list($perm_owner,$perm_group,$perm_members,$perm_anon) = SEC_getPermissionValues($perm_owner,$perm_group,$perm_members,$perm_anon); 136 137 $qid = COM_sanitizeID ($qid); 138 139 $question = COM_stripslashes ($question); 140 for ($i = 0; $i < sizeof ($A); $i++) { 141 $A[$i] = COM_stripslashes ($A[$i]); 142 } 143 if (!empty ($question) && (sizeof ($A) > 0) && strlen ($A[0]) > 0) { 144 145 if ($_POLL_VERBOSE) { 146 COM_errorLog ('**** Inside savepoll() in ' 147 . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***'); 148 } 149 150 $qid = str_replace (' ', '', $qid); // strip spaces from poll id 151 152 $access = 0; 153 if (DB_count ($_TABLES['pollquestions'], 'qid', $qid) > 0) { 154 $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['pollquestions']} WHERE qid = '{$qid}'"); 155 $P = DB_fetchArray ($result); 156 $access = SEC_hasAccess ($P['owner_id'], $P['group_id'], 157 $P['perm_owner'], $P['perm_group'], $P['perm_members'], 158 $P['perm_anon']); 159 } else { 160 $access = SEC_hasAccess ($owner_id, $group_id, $perm_owner, 161 $perm_group, $perm_members, $perm_anon); 162 } 163 if (($access < 3) || !SEC_inGroup ($group_id)) { 164 $display .= COM_siteHeader ('menu', $MESSAGE[30]); 165 $display .= COM_startBlock ($MESSAGE[30], '', 166 COM_getBlockTemplate ('_msg_block', 'header')); 167 $display .= $MESSAGE[31]; 168 $display .= COM_endBlock (); 169 $display .= COM_siteFooter (COM_getBlockTemplate ('_msg_block', 170 'footer')); 171 COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll $qid."); 172 echo $display; 173 exit; 174 } 175 176 if (empty ($voters)) { 177 $voters = 0; 178 } 179 180 if ($_POLL_VERBOSE) { 181 COM_errorLog('owner permissions: ' . $perm_owner, 1); 182 COM_errorLog('group permissions: ' . $perm_group, 1); 183 COM_errorLog('member permissions: ' . $perm_members, 1); 184 COM_errorLog('anonymous permissions: ' . $perm_anon, 1); 185 } 186 187 DB_delete ($_TABLES['pollquestions'], 'qid', $qid); 188 DB_delete ($_TABLES['pollanswers'], 'qid', $qid); 189 190 $question = addslashes ($question); 191 $sql = "'$qid','$question',$voters,'" . date ('Y-m-d H:i:s'); 192 193 if ($mainpage == 'on') { 194 $sql .= "',1"; 195 } else { 196 $sql .= "',0"; 197 } 198 199 $sql .= ",'$statuscode','$commentcode',$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon"; 200 201 // Save poll question 202 DB_save($_TABLES['pollquestions'],"qid, question, voters, date, display, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon",$sql); 203 204 // Save poll answers 205 for ($i = 0; $i < sizeof($A); $i++) { 206 if (strlen ($A[$i]) > 0) { 207 if (empty($V[$i]) or !is_numeric($V[$i])) { 208 $V[$i] = "0"; 209 } 210 $A[$i] = addslashes ($A[$i]); 211 $R[$i] = addslashes ($R[$i]); 212 DB_save ($_TABLES['pollanswers'], 'qid, aid, answer, votes, remark', 213 "'$qid', $i+1, '$A[$i]', $V[$i], '$R[$i]'"); 214 } 215 } 216 217 if ($_POLL_VERBOSE) { 218 COM_errorLog ('**** Leaving savepoll() in ' 219 . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***'); 220 } 221 222 return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php?msg=19'); 223 224 } else { 225 $retval .= COM_siteHeader ('menu', $LANG25[5]); 226 $retval .= COM_startBlock ($LANG21[32], '', 227 COM_getBlockTemplate ('_msg_block', 'header')); 228 $retval .= $LANG25[2]; 229 $retval .= COM_endBlock(COM_getBlockTemplate ('_msg_block', 'footer')); 230 $retval .= editpoll ($qid); 231 $retval .= COM_siteFooter (); 232 233 return $retval; 234 } 235 } 236 237 /** 238 * Shows poll editor 239 * 240 * Diplays the poll editor form 241 * 242 * @param string $qid ID of poll to edit 243 * @return string HTML for poll editor form 244 * 245 */ 246 function editpoll ($qid = '') 247 { 248 global $_CONF, $_PO_CONF, $_GROUPS, $_TABLES, $_USER, $LANG25, $LANG_ACCESS, 249 $LANG_ADMIN, $MESSAGE; 250 251 $retval = ''; 252 253 $poll_templates = new Template ($_CONF['path'] 254 . 'plugins/polls/templates/admin/'); 255 $poll_templates->set_file (array ('editor' => 'polleditor.thtml', 256 'answer' => 'pollansweroption.thtml')); 257 $poll_templates->set_var ('site_url', $_CONF['site_url']); 258 $poll_templates->set_var ('site_admin_url', $_CONF['site_admin_url']); 259 $poll_templates->set_var ('layout_url', $_CONF['layout_url']); 260 261 if (!empty ($qid)) { 262 $question = DB_query("SELECT * FROM {$_TABLES['pollquestions']} WHERE qid='$qid'"); 263 $answers = DB_query("SELECT answer,aid,votes,remark FROM {$_TABLES['pollanswers']} WHERE qid='$qid' ORDER BY aid"); 264 $Q = DB_fetchArray($question); 265 266 // Get permissions for poll 267 268 $access = SEC_hasAccess($Q['owner_id'],$Q['group_id'],$Q['perm_owner'],$Q['perm_group'],$Q['perm_members'],$Q['perm_anon']); 269 270 if ($access == 0 OR $access == 2) { 271 // User doesn't have access...bail 272 $retval .= COM_startBlock ($LANG25[21], '', 273 COM_getBlockTemplate ('_msg_block', 'header')); 274 $retval .= $LANG25[22]; 275 $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 276 COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll $qid."); 277 return $retval; 278 } 279 } 280 281 $retval .= COM_startBlock ($LANG25[5], '', 282 COM_getBlockTemplate ('_admin_block', 'header')); 283 284 if (!empty ($qid) AND ($access == 3) AND !empty ($Q['owner_id'])) { 285 $delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] 286 . '" name="mode"%s>'; 287 $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"'; 288 $poll_templates->set_var ('delete_option', 289 sprintf ($delbutton, $jsconfirm)); 290 $poll_templates->set_var ('delete_option_no_confirmation', 291 sprintf ($delbutton, '')); 292 } else { 293 $Q['qid'] = COM_makeSid (); 294 $Q['question'] = ''; 295 $Q['voters'] = 0; 296 $Q['display'] = 1; 297 $Q['owner_id'] = $_USER['uid']; 298 if (isset ($_GROUPS['Polls Admin'])) { 299 $Q['group_id'] = $_GROUPS['Polls Admin']; 300 } else { 301 $Q['group_id'] = SEC_getFeatureGroup ('polls.edit'); 302 } 303 SEC_setDefaultPermissions ($Q, $_PO_CONF['default_permissions']); 304 $Q['statuscode'] = 0; 305 $Q['commentcode'] = $_CONF['comment_code']; 306 $access = 3; 307 } 308 309 $poll_templates->set_var('lang_pollid', $LANG25[6]); 310 $poll_templates->set_var('poll_id', $Q['qid']); 311 $poll_templates->set_var('lang_donotusespaces', $LANG25[7]); 312 $poll_templates->set_var('lang_question', $LANG25[9]); 313 $poll_templates->set_var('poll_question', htmlspecialchars ($Q['question'])); 314 $poll_templates->set_var('lang_mode', $LANG25[1]); 315 $poll_templates->set_var ('status_options', COM_optionList ($_TABLES['statuscodes'], 'code,name', $Q['statuscode'])); 316 $poll_templates->set_var('comment_options', COM_optionList($_TABLES['commentcodes'],'code,name',$Q['commentcode'])); 317 $poll_templates->set_var('lang_appearsonhomepage', $LANG25[8]); 318 319 if ($Q['display'] == 1) { 320 $poll_templates->set_var('poll_display', 'checked="checked"'); 321 } 322 323 // user access info 324 $poll_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']); 325 $poll_templates->set_var('lang_owner', $LANG_ACCESS['owner']); 326 $ownername = COM_getDisplayName ($Q['owner_id']); 327 $poll_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 328 'username', "uid = {$Q['owner_id']}")); 329 $poll_templates->set_var('owner_name', $ownername); 330 $poll_templates->set_var('owner', $ownername); 331 $poll_templates->set_var('owner_id', $Q['owner_id']); 332 $poll_templates->set_var('lang_group', $LANG_ACCESS['group']); 333 $poll_templates->set_var('group_dropdown', 334 SEC_getGroupDropdown ($Q['group_id'], $access)); 335 $poll_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']); 336 $poll_templates->set_var('lang_permissionskey', $LANG_ACCESS['permissionskey']); 337 $poll_templates->set_var('permissions_editor', SEC_getPermissionsHTML($Q['perm_owner'],$Q['perm_group'],$Q['perm_members'],$Q['perm_anon'])); 338 $poll_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']); 339 $poll_templates->set_var('lang_answersvotes', $LANG25[10]); 340 $poll_templates->set_var('lang_save', $LANG_ADMIN['save']); 341 $poll_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']); 342 343 if (isset ($answers)) { 344 for ($i = 1; $i <= $_PO_CONF['maxanswers']; $i++) { 345 $A = DB_fetchArray ($answers); 346 $poll_templates->set_var ('answer_text', 347 htmlspecialchars ($A['answer'])); 348 $poll_templates->set_var ('answer_votes', $A['votes']); 349 $poll_templates->set_var ('remark_text', $A['remark']); 350 if ($i < $_PO_CONF['maxanswers']) { 351 $poll_templates->parse ('answer_option', 'answer', true); 352 } 353 } 354 } else { 355 for ($i = 1; $i <= $_PO_CONF['maxanswers']; $i++) { 356 $poll_templates->set_var ('answer_text', ''); 357 $poll_templates->set_var ('answer_votes', ''); 358 $poll_templates->set_var ('remark_text', ''); 359 if ($i < $_PO_CONF['maxanswers']) { 360 $poll_templates->parse ('answer_option', 'answer', true); 361 } 362 } 363 } 364 365 $poll_templates->parse('output','editor'); 366 $retval .= $poll_templates->finish($poll_templates->get_var('output')); 367 368 $retval .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer')); 369 370 return $retval; 371 } 372 373 /** 374 * Delete a poll 375 * 376 * @param string $qid ID of poll to delete 377 * @return string HTML redirect 378 * 379 */ 380 function deletePoll ($qid) 381 { 382 global $_CONF, $_TABLES, $_USER; 383 384 $qid = addslashes ($qid); 385 $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['pollquestions']} WHERE qid = '$qid'"); 386 $Q = DB_fetchArray ($result); 387 $access = SEC_hasAccess ($Q['owner_id'], $Q['group_id'], $Q['perm_owner'], 388 $Q['perm_group'], $Q['perm_members'], $Q['perm_anon']); 389 if ($access < 3) { 390 COM_accessLog ("User {$_USER['username']} tried to illegally delete poll $qid."); 391 return COM_refresh ($_CONF['site_admin_url'] . '/plugins/polls/index.php'); 392 } 393 394 DB_delete ($_TABLES['pollquestions'], 'qid', $qid); 395 DB_delete ($_TABLES['pollanswers'], 'qid', $qid); 396 DB_query ("DELETE FROM {$_TABLES['comments']} WHERE sid = '$qid' AND type = 'polls'"); 397 398 return COM_refresh ($_CONF['site_admin_url'] . '/plugins/polls/index.php?msg=20'); 399 } 400 401 // MAIN 402 403 $display = ''; 404 405 $mode = ''; 406 if (isset ($_REQUEST['mode'])) { 407 $mode = COM_applyFilter($_REQUEST['mode']); 408 } 409 410 if ($mode == 'edit') { 411 $display .= COM_siteHeader ('menu', $LANG25[5]); 412 $qid = ''; 413 if (isset ($_GET['qid'])) { 414 $qid = COM_applyFilter ($_GET['qid']); 415 } 416 $display .= editpoll ($qid); 417 $display .= COM_siteFooter (); 418 } else if (($mode == $LANG_ADMIN['save']) && !empty ($LANG_ADMIN['save'])) { 419 $qid = COM_applyFilter ($_POST['qid']); 420 if (!empty ($qid)) { 421 $voters = 0; 422 for ($i = 0; $i < sizeof ($_POST['answer']); $i++) { 423 $voters = $voters + COM_applyFilter ($_POST['votes'][$i], true); 424 } 425 $statuscode = 0; 426 if (isset ($_POST['statuscode'])) { 427 $statuscode = COM_applyFilter ($_POST['statuscode'], true); 428 } 429 $mainpage = ''; 430 if (isset ($_POST['mainpage'])) { 431 $mainpage = COM_applyFilter ($_POST['mainpage']); 432 } 433 $display .= savepoll ($qid, $mainpage, $_POST['question'], $voters, 434 $statuscode, 435 COM_applyFilter ($_POST['commentcode'], true), 436 $_POST['answer'], $_POST['votes'], $_POST['remark'], 437 COM_applyFilter ($_POST['owner_id'], true), 438 COM_applyFilter ($_POST['group_id'], true), 439 $_POST['perm_owner'], $_POST['perm_group'], 440 $_POST['perm_members'], $_POST['perm_anon']); 441 } else { 442 $display .= COM_siteHeader ('menu', $LANG25[5]); 443 $display .= COM_startBlock ($LANG21[32], '', 444 COM_getBlockTemplate ('_msg_block', 'header')); 445 $display .= $LANG25[17]; 446 $display .= COM_endBlock(COM_getBlockTemplate ('_msg_block', 'footer')); 447 $display .= editpoll (); 448 $display .= COM_siteFooter (); 449 } 450 } else if (($mode == $LANG_ADMIN['delete']) && !empty ($LANG_ADMIN['delete'])) { 451 $qid = ''; 452 if (isset ($_POST['qid'])) { 453 $qid = COM_applyFilter ($_POST['qid']); 454 } 455 if (empty ($qid)) { 456 COM_errorLog ('Ignored possibly manipulated request to delete a poll.'); 457 $display .= COM_refresh ($_CONF['site_admin_url'] . '/plugins/polls/index.php'); 458 } else { 459 $display .= deletePoll ($qid); 460 } 461 } else { // 'cancel' or no mode at all 462 463 $display .= COM_siteHeader ('menu', $LANG25[18]); 464 if (isset ($_REQUEST['msg'])) { 465 $msg = COM_applyFilter ($_REQUEST['msg'], true); 466 if ($msg > 0) { 467 $display .= COM_showMessage ($msg, 'polls'); 468 } 469 } 470 $display .= listpolls(); 471 $display .= COM_siteFooter (); 472 } 473 474 echo $display; 475 476 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Wed Nov 21 12:27:40 2007 | par Balluche grâce à PHPXref 0.7 |
|
|