Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

- Added a brand-new access.module which allows you to manage 'roles' 

(groups) and 'permissions' ... (inspired by Zope's system).

    + Once installed, click the help-link for more information.

    + See updates/2.00-to-x.xx.sql for the SQL updates.

- Modified loads of code to use our new access.module.  The system
  still has to mature though: new permissions have to be added and
  existing permissions need stream-lining.  Awaiting suggestions.

- As a direct result of the new access system, I had to rewrite the
  way the top-level links in admin.php are rendered and displayed,
  and xhtml-ified admin.php while I was at it.

TODO

- Home-brewed modules need updating, home-brewed themes not.
  (Examples: file.module, trip_link.module)

- As soon we *finished* the refactoring of the user system (KJ has
  been working on this refactoring already) we should consider to
  embed this role and permission code into account.module ...
3-00
Dries Buytaert 2001-06-20 20:00:40 +00:00
parent 7752dc4c7c
commit 72065fb835
45 changed files with 1211 additions and 934 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
account.php
View File

@ -269,7 +269,7 @@ function account_create_submit($userid, $email) {
$new[passwd] = user_password();
$new[hash] = substr(md5("$new[userid]. ". time()), 0, 12);
$user = user_save("", array("userid" => $new[userid], "real_email" => $new[real_email], "passwd" => $new[passwd], "status" => 1, "hash" => $new[hash]));
$user = user_save("", array("userid" => $new[userid], "real_email" => $new[real_email], "passwd" => $new[passwd], "role" => "authenticated user", "status" => 1, "hash" => $new[hash]));
$link = path_uri() ."account.php?op=confirm&name=$new[userid]&hash=$new[hash]";
$subject = strtr(t("Account details for %a"), array("%a" => variable_get(site_name, "drupal")));

43
admin.php
View File

@ -2,9 +2,6 @@
include_once "includes/common.inc";
// validate user access:
if (!user_access($user)) exit();
function status($message) {
if ($message) return "<B>Status:</B> $message<HR>\n";
}
@ -14,33 +11,43 @@ function admin_page($mod) {
function module($name) {
global $menu, $user;
if (function_exists($name. "_admin") && user_access($user, $name)) $output .= "<A HREF=\"admin.php?mod=$name\">$name</A> | ";
if (module_hook($name, "admin")) $output .= "<A HREF=\"admin.php?mod=$name\">$name</A> | ";
$menu .= $output;
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD><TITLE><?php echo variable_get(site_name, "drupal"); ?> administration</TITLE></HEAD>
<STYLE>
<html>
<head>
<title><?php echo variable_get(site_name, "drupal"); ?> administration pages</title>
</head>
<style>
body { font-family: helvetica, arial; }
h1 { font-famile: helvetica, arial; font-size: 18pt; font-weight: bold; color: #660000; }
h2 { font-family: helvetica, arial; font-size: 18pt; font-weight: bold; color: #000066; }
h3 { font-family: helvetica, arial; font-size: 14pt; font-weight: bold; color: #006600; }
th { font-family: helvetica, arial; text-align: center; vertical-align: top; background-color: #CCCCCC; color: #995555; }
td { font-family: helvetica, arial; }
</STYLE>
<BODY BGCOLOR="#FFFFFF" LINK="#005599" VLINK="#004499" ALINK="#FF0000">
<H1>Administration</H1>
<?php module_iterate("module"); ?>
<HR><?php echo $menu; ?><A HREF="index.php">home</A><HR>
<?php if (user_access($user, $mod)) module_invoke($mod, "admin"); ?>
</BODY>
</HTML>
</style>
<body bgcolor="#FFFFFF" link="#005599" vlink="#004499" alink="#FF0000">
<h1>Administration</h1>
<?php
foreach (module_list() as $name) {
if (module_hook($name, "admin")) $links[] = "<a href=\"admin.php?mod=$name\">$name</a>";
}
$links[] = "<a href=\"index.php\">home</a>";
print implode(" | ", $links) ."<hr />";
if ($mod) module_invoke($mod, "admin");
?>
</body>
</html>
<?php
}
user_rehash();
admin_page($mod);
if (user_access($user, "access administration pages")) {
user_rehash();
admin_page($mod);
}
?>

150
includes/comment.inc
View File

@ -50,16 +50,16 @@ function comment_settings($mode, $order, $threshold) {
function comment_form($edit) {
global $REQUEST_URI, $user;
// Name field:
// name field:
$form .= form_item(t("Your name"), format_username($user->userid));
// Subject field:
// subject field:
$form .= form_textfield(t("Subject"), "subject", check_input($edit[subject]), 50, 60);
// Comment field:
// comment field:
$form .= form_textarea(t("Comment"), "comment", check_input($edit[comment]), 50, 10, t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
// Preview button:
// preview button:
$form .= form_hidden("pid", check_input($edit[pid]));
$form .= form_hidden("id", check_input($edit[id]));
@ -87,7 +87,12 @@ function comment_reply($pid, $id) {
$pid = 0;
}
$theme->box(t("Reply"), comment_form(array(pid=>$pid, id=>$id)));
if (user_access($user, "post comments")) {
$theme->box(t("Reply"), comment_form(array(pid=>$pid, id=>$id)));
}
else {
$theme->box(t("Reply"), t("You are not authorized to post comments."));
}
}
function comment_preview($edit) {
@ -102,24 +107,26 @@ function comment_preview($edit) {
function comment_post($edit) {
global $theme, $user;
// check comment submission rate:
throttle("post comment", variable_get(max_comment_rate, 60));
if (user_access($user, "post comments")) {
// check comment submission rate:
throttle("post comment", variable_get(max_comment_rate, 60));
// check for duplicate comments:
$duplicate = db_result(db_query("SELECT COUNT(cid) FROM comments WHERE pid = '". check_input($edit[pid]) ."' AND lid = '". check_input($edit[id]) ."' AND subject = '". check_input($edit[subject]) ."' AND comment = '". check_input($edit[comment]) ."'"), 0);
// check for duplicate comments:
$duplicate = db_result(db_query("SELECT COUNT(cid) FROM comments WHERE pid = '". check_input($edit[pid]) ."' AND lid = '". check_input($edit[id]) ."' AND subject = '". check_input($edit[subject]) ."' AND comment = '". check_input($edit[comment]) ."'"), 0);
if ($duplicate != 0) {
watchdog("warning", "comment: duplicate '$subject'");
}
else {
// validate subject:
$subject = ($subject) ? $subject : substr($comment, 0, 29);
if ($duplicate != 0) {
watchdog("warning", "comment: duplicate '$subject'");
}
else {
// validate subject:
$subject = ($subject) ? $subject : substr($comment, 0, 29);
// add watchdog entry:
watchdog("special", "comment: added '$subject'");
// add watchdog entry:
watchdog("special", "comment: added '$subject'");
// add comment to database:
db_query("INSERT INTO comments (lid, pid, author, subject, comment, hostname, timestamp, score) VALUES ('". check_input($edit[id]) ."', '". check_input($edit[pid]) ."', '$user->id', '". check_input($edit[subject]) ."', '". check_input($edit[comment]) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."', '". ($user->userid ? 1 : 0) ."')");
// add comment to database:
db_query("INSERT INTO comments (lid, pid, author, subject, comment, hostname, timestamp, score) VALUES ('". check_input($edit[id]) ."', '". check_input($edit[pid]) ."', '$user->id', '". check_input($edit[subject]) ."', '". check_input($edit[comment]) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."', '". ($user->userid ? 1 : 0) ."')");
}
}
}
@ -250,68 +257,71 @@ function comment_thread_max($cid, $mode, $threshold, $level = 0, $dummy = 0) {
}
function comment_render($lid, $cid) {
global $theme, $REQUEST_URI, $user;
global $user, $theme, $REQUEST_URI;
// Pre-process variables:
$lid = empty($lid) ? 0 : $lid;
$cid = empty($cid) ? 0 : $cid;
$mode = ($user->id) ? $user->mode : variable_get(default_comment_mode, 4);
$order = ($user->id) ? $user->sort : variable_get(default_comment_order, 1);
$threshold = ($user->id) ? $user->threshold : variable_get(default_comment_threshold, 3);
if (user_access($user, "view comments")) {
if ($user->id) {
// Comment control:
$theme->box(t("Comment control"), comment_controls($threshold, $mode, $order));
// Pre-process variables:
$lid = empty($lid) ? 0 : $lid;
$cid = empty($cid) ? 0 : $cid;
$mode = ($user->id) ? $user->mode : variable_get(default_comment_mode, 4);
$order = ($user->id) ? $user->sort : variable_get(default_comment_order, 1);
$threshold = ($user->id) ? $user->threshold : variable_get(default_comment_threshold, 3);
// Print moderation form:
print "<FORM METHOD=\"post\" ACTION=\"$REQUEST_URI\">\n";
}
if ($user->id) {
// Comment control:
$theme->box(t("Comment control"), comment_controls($threshold, $mode, $order));
if ($cid > 0) {
$result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE cid = '$cid'");
if ($comment = db_fetch_object($result)) {
comment_view($comment, comment_link($comment));
// Print moderation form:
print "<FORM METHOD=\"post\" ACTION=\"$REQUEST_URI\">\n";
}
}
else {
if ($mode == 1) {
$result = comment_query($lid, $order);
print "<TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
print " <TR><TH>Subject</TH><TH>Author</TH><TH>Date</TH><TH>Score</TH></TR>\n";
while ($comment = db_fetch_object($result)) {
if (comment_visible($comment, $threshold)) {
print " <TR><TD><A HREF=\"". comment_uri("id=$comment->lid&cid=$comment->cid#$comment->cid") ."\">". check_output($comment->subject) ."</A></TD><TD>". format_username($comment->userid) ."</TD><TD>". format_date($comment->timestamp, "small") ."</TD><TD>". comment_score($comment) ."</TD></TR>\n";
}
}
print "</TABLE>\n";
}
else if ($mode == 2) {
$result = comment_query($lid, $order);
while ($comment = db_fetch_object($result)) {
comment_view($comment, (comment_visible($comment, $threshold) ? comment_link($comment, 0) : 0));
}
}
else if ($mode == 3) {
$result = comment_query($lid, $order, 0);
while ($comment = db_fetch_object($result)) {
comment_view($comment);
comment_thread_min($comment->cid, $threshold);
if ($cid > 0) {
$result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE cid = '$cid'");
if ($comment = db_fetch_object($result)) {
comment_view($comment, comment_link($comment));
}
}
else {
$result = comment_query($lid, $order, 0);
while ($comment = db_fetch_object($result)) {
comment_view($comment, (comment_visible($comment, $threshold) ? comment_link($comment, 0) : 0));
comment_thread_max($comment->cid, $mode, $threshold, $level + 1);
if ($mode == 1) {
$result = comment_query($lid, $order);
print "<TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
print " <TR><TH>Subject</TH><TH>Author</TH><TH>Date</TH><TH>Score</TH></TR>\n";
while ($comment = db_fetch_object($result)) {
if (comment_visible($comment, $threshold)) {
print " <TR><TD><A HREF=\"". comment_uri("id=$comment->lid&cid=$comment->cid#$comment->cid") ."\">". check_output($comment->subject) ."</A></TD><TD>". format_username($comment->userid) ."</TD><TD>". format_date($comment->timestamp, "small") ."</TD><TD>". comment_score($comment) ."</TD></TR>\n";
}
}
print "</TABLE>\n";
}
else if ($mode == 2) {
$result = comment_query($lid, $order);
while ($comment = db_fetch_object($result)) {
comment_view($comment, (comment_visible($comment, $threshold) ? comment_link($comment, 0) : 0));
}
}
else if ($mode == 3) {
$result = comment_query($lid, $order, 0);
while ($comment = db_fetch_object($result)) {
comment_view($comment);
comment_thread_min($comment->cid, $threshold);
}
}
else {
$result = comment_query($lid, $order, 0);
while ($comment = db_fetch_object($result)) {
comment_view($comment, (comment_visible($comment, $threshold) ? comment_link($comment, 0) : 0));
comment_thread_max($comment->cid, $mode, $threshold, $level + 1);
}
}
}
}
if ($user->id) {
// Print moderation form:
print " <INPUT TYPE=\"hidden\" NAME=\"id\" VALUE=\"$lid\">\n";
print " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Moderate comments") ."\">\n";
print "</FORM>\n";
if ($user->id) {
// Print moderation form:
print " <INPUT TYPE=\"hidden\" NAME=\"id\" VALUE=\"$lid\">\n";
print " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Moderate comments") ."\">\n";
print "</FORM>\n";
}
}
}

8
includes/common.inc
View File

@ -25,7 +25,7 @@ function watchdog($type, $message) {
function throttle($type, $rate) {
global $user;
if (!user_access($user)) {
if (!user_access($user, "access administration pages")) {
if ($throttle = db_fetch_object(db_query("SELECT * FROM watchdog WHERE type = '$type' AND hostname = '". getenv("REMOTE_ADDR") ."' AND ". time() ." - timestamp < $rate"))) {
watchdog("warning", "throttle: '". getenv("REMOTE_ADDR") ."' exceeded submission rate - $throttle->type");
die(message_throttle());
@ -46,8 +46,8 @@ function path_img() {
return "./images/";
}
function message_account() {
return t("This page requires a valid user account. Please <A HREF=\"account.php\">create a user account</A> and <A HREF=\"account.php\">login</A> prior to accessing it.");
function message_access() {
return t("You are not authorized to access to this page.");
}
function message_throttle() {
@ -136,7 +136,7 @@ function format_date($timestamp, $type = "medium", $format = "") {
function format_username($username) {
global $user;
if ($username) return (user_access($user, "account") ? "<A HREF=\"admin.php?mod=account&op=view&name=". urlencode($username) ."\">$username</A>" : "<A HREF=\"account.php?op=view&name=". urlencode($username) ."\">$username</A>");
if ($username) return (user_access($user, "add and edit user accounts") ? "<A HREF=\"admin.php?mod=account&op=view&name=". urlencode($username) ."\">$username</A>" : "<A HREF=\"account.php?op=view&name=". urlencode($username) ."\">$username</A>");
else return variable_get(anonymous, "Anonymous");
}

2
includes/node.inc
View File

@ -236,7 +236,7 @@ function node_index($node) {
function node_visible($node) {
global $user, $status;
return ($node->status == $status[posted]) || ($node->status == $status[queued] && $user->id) || user_access($user, $node->type) || user_access($user, "node");
return ($node->status == $status[posted]) || ($node->status == $status[queued] && $user->id) || user_access($user, $node->type) || user_access($user, "add and edit nodes");
}
function node_access($account, $node) {

4
includes/theme.inc
View File

@ -59,9 +59,9 @@ function theme_account($theme) {
$content .= "<A HREF=\"account.php?op=edit&topic=content\">". t("edit your content") ."</A><BR>\n";
$content .= "<P>\n";
if (user_access($user)) {
if (user_access($user, "access administration pages")) {
$content .= "<A HREF=\"admin.php\">". strtr(t("administer %a"), array("%a" => variable_get("site_name", "drupal"))) ."</A><BR>\n";
$content .= "<P>\n";
$content .= "<P>\n";
}
foreach (module_list() as $name) {

18
includes/user.inc
View File

@ -3,14 +3,14 @@
class User {
function User($userid, $passwd = 0) {
if ($passwd) {
$result = db_query("SELECT * FROM users WHERE LOWER(userid) = LOWER('$userid') && passwd = PASSWORD('$passwd') && STATUS = 2");
$result = db_query("SELECT u.*, r.perm FROM users u LEFT JOIN role r ON u.role = r.name WHERE LOWER(userid) = LOWER('$userid') && passwd = PASSWORD('$passwd') AND status = 2");
if (db_num_rows($result) == 1) {
foreach (db_fetch_row($result) as $key=>$value) { $field = mysql_field_name($result, $key); $this->$field = stripslashes($value); $this->field[] = $field; }
db_query("UPDATE users SET last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_ADDR]' WHERE id = $this->id");
}
}
else {
$result = db_query("SELECT * FROM users WHERE userid = '$userid' && STATUS = 2");
$result = db_query("SELECT u.*, r.perm FROM users u LEFT JOIN role r ON u.role = r.name WHERE u.userid = '$userid' AND u.status = 2");
if (db_num_rows($result) == 1) {
foreach (db_fetch_row($result) as $key=>$value) { $field = mysql_field_name($result, $key); $this->$field = stripslashes($value); $this->field[] = $field; }
db_query("UPDATE users SET last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_ADDR]' WHERE id = $this->id");
@ -52,10 +52,16 @@ function user_save($account, $array) {
return user_load(($account->userid ? $account->userid : $array[userid]));
}
function user_access($account, $section = 0) {
global $user;
if ($section) return (field_get($account->access, $section) || $account->id == 1);
else return ($account->access || $account->id == 1);
function user_access($account, $perm) {
if ($account->id == 1) {
return 1;
}
else if ($account->perm) {
return strstr($account->perm, $perm);
}
else {
return db_fetch_object(db_query("SELECT * FROM role WHERE name = 'anonymous user' AND perm LIKE '%$perm%'"));
}
}
function user_ban($mask, $type) {

13
index.php
View File

@ -4,12 +4,19 @@ include_once "includes/common.inc";
page_header();
$result = db_query("SELECT nid, type FROM node WHERE ". ($meta ? "attributes LIKE '%". check_input($meta) ."%' AND " : "") ." promote = '1' AND status = '". node_status("posted") ."' AND timestamp <= '". ($date > 0 ? check_input($date) : time()) ."' ORDER BY timestamp DESC LIMIT ". ($user->nodes ? $user->nodes : variable_get(default_nodes_main, 10)));
$theme->header();
while ($node = db_fetch_object($result)) {
node_view(node_get_object(array("nid" => $node->nid, "type" => $node->type)), 1);
if (user_access($user, "view content")) {
$result = db_query("SELECT nid, type FROM node WHERE ". ($meta ? "attributes LIKE '%". check_input($meta) ."%' AND " : "") ." promote = '1' AND status = '". node_status("posted") ."' AND timestamp <= '". ($date > 0 ? check_input($date) : time()) ."' ORDER BY timestamp DESC LIMIT ". ($user->nodes ? $user->nodes : variable_get(default_nodes_main, 10)));
while ($node = db_fetch_object($result)) {
node_view(node_get_object(array("nid" => $node->nid, "type" => $node->type)), 1);
}
}
else {
$theme->box("Access denied", message_access());
}
$theme->footer();
page_footer();

176
modules/account.module
View File

@ -32,6 +32,10 @@ function account_help() {
<?php
}
function account_perm() {
return array("add and edit user accounts");
}
function account_conf_options() {
$output .= form_select(t("Public accounts"), "account_register", variable_get("account_register", 1), array("Disabled", "Enabled"), "If enabled, everyone can create a new user account. If disabled, new user accounts can only be created by site administrators.");
return $output;
@ -41,7 +45,7 @@ function account_search($keys) {
global $user;
$result = db_query("SELECT * FROM users WHERE userid LIKE '%$keys%' LIMIT 20");
while ($account = db_fetch_object($result)) {
$find[$i++] = array("title" => $account->userid, "link" => (user_access($user, "account") ? "admin.php?mod=account&op=view&name=". urlencode($account->userid) : "account.php?op=view&name=". urlencode($account->userid)), "user" => $account->userid);
$find[$i++] = array("title" => $account->userid, "link" => (user_access($user, "add and edit user accounts") ? "admin.php?mod=account&op=view&name=". urlencode($account->userid) : "account.php?op=view&name=". urlencode($account->userid)), "user" => $account->userid);
}
return $find;
}
@ -99,15 +103,6 @@ function account_overview($query = array()) {
return $output;
}
function account_access($account) {
$data = explode(",", $account->access);
foreach ($data as $array) {
$access = explode("=", $array);
if ($access[0]) $output .= " $access[0]";
}
return $output;
}
function account_blocks($id) {
$result = db_query("SELECT * FROM layout WHERE user = '$id'");
while ($layout = db_fetch_object($result)) {
@ -143,24 +138,11 @@ function account_delete($name) {
}
function account_form($account = 0) {
global $access;
function access($name) {
global $access, $account;
if (module_hook($name, "admin")) $access[$name] = $name;
}
module_iterate("access");
$account->access = explode(",", $account->access);
foreach ($account->access as $key=>$value) {
$account->access[$key] = substr($value, 0, -2);
}
$form .= $account->id ? form_item("ID", $account->id) . form_hidden("id", $account->id) : "";
$form .= $account->userid ? form_item(t("Username"), check_output($account->userid)) . form_hidden("userid", $account->userid) : form_textfield(t("Username"), "userid", $account->userid, 15, 15);
$form .= form_select(t("Status"), "status", ($account->status ? $account->status : 1), array("blocked", "not confirmed", "open"));
$form .= form_select(t("Administrator access"), "access", $account->access, $access, 0, "multiple=\"true\" size=\"10\"");
// $form .= form_item(t("Administrator access"), "<SELECT NAME=\"edit[access][]\" MULTIPLE=\"true\" SIZE=\"10\">$access</SELECT>");
$form .= form_select(t("Status"), "status", $account->status, array("blocked", "not confirmed", "open"));
$form .= form_select(t("Role"), "role", $account->role, access_get_roles());
$form .= form_textfield(t("Real name"), "name", $account->name, 30, 55);
$form .= form_textfield(t("Real e-mail address"), "real_email", $account->real_email, 30, 55);
$form .= form_textfield(t("Fake e-mail address"), "fake_email", $account->fake_email, 30, 55);
@ -179,18 +161,8 @@ function account_save($edit) {
if ($edit[id]) {
// Updating existing account
foreach ($edit as $key=>$value) {
if ($key != "access") {
$query .= "$key = '". addslashes($value) ."', ";
}
}
if ($edit[access]) {
foreach ($edit[access] as $key=>$value) {
$access = field_set($access, $value, 1);
}
}
$query .= "access = '$access'";
db_query("UPDATE users SET $query WHERE id = $edit[id]");
watchdog("account", "account: modified user '$edit[userid]'");
return $edit[userid];
@ -208,14 +180,7 @@ function account_save($edit) {
$edit[passwd] = user_password();
$edit[hash] = substr(md5("$edit[userid]. ". time()), 0, 12);
if ($edit[access]) {
foreach ($edit[access] as $key=>$value) {
$access = field_set($access, $value, 1);
}
$edit[access] = $access;
}
$user = user_save("", array("userid" => $edit[userid], "access" => $edit[access], "real_email" => $edit[real_email], "passwd" => $edit[passwd], "status" => $edit[status], "hash" => $edit[hash]));
$user = user_save("", array("userid" => $edit[userid], "role" => $edit[role], "real_email" => $edit[real_email], "passwd" => $edit[passwd], "status" => $edit[status], "hash" => $edit[hash]));
$link = path_uri() ."account.php?op=confirm&name=". urlencode($edit[userid]) ."&hash=$edit[hash]";
$subject = strtr(t("Account details for %a"), array("%a" => variable_get(site_name, "drupal")));
@ -231,8 +196,6 @@ function account_save($edit) {
}
function account_edit($name) {
$status = array("blocked", "not confirmed", "open");
$result = db_query("SELECT * FROM users WHERE userid = '$name'");
if ($account = db_fetch_object($result)) {
@ -258,7 +221,7 @@ function account_view($name) {
$output .= " <TR><TH>ID:</TH><TD>$account->id</TD></TR>\n";
$output .= " <TR><TH>Username:</TH><TD>$account->userid</TD></TR>\n";
$output .= " <TR><TH>Status:</TH><TD>". $status[$account->status] ."</TD></TR>\n";
$output .= " <TR><TH>Access:</TH><TD>". check_output(account_access($account)) ."</TD></TR>\n";
$output .= " <TR><TH>Role:</TH><TD>". check_output($account->role) ."</TD></TR>\n";
$output .= " <TR><TH>Real name:</TH><TD>". check_output($account->name) ."</TD></TR>\n";
$output .= " <TR><TH>Real e-mail address:</TH><TD>". format_email($account->real_email) ."</TD></TR>\n";
$output .= " <TR><TH>Fake e-mail address:</TH><TD>". check_output($account->fake_email) ."</TD></TR>\n";
@ -280,72 +243,77 @@ function account_view($name) {
}
function account_query($type = "") {
$queries = array(array("users recently visiting", "ORDER BY last_access DESC"), array("users recently joining", "ORDER BY id DESC"), array("users with access rights", "WHERE access != '' ORDER BY last_access DESC"), array("users with pending accounts", "WHERE status = 1 ORDER BY last_access DESC"), array("users with blocked accounts", "WHERE status = 0 ORDER BY last_access DESC"));
$queries = array(array("users recently visiting", "ORDER BY last_access DESC"), array("users recently joining", "ORDER BY id DESC"), array("users with pending accounts", "WHERE status = 1 ORDER BY last_access DESC"), array("users with blocked accounts", "WHERE status = 0 ORDER BY last_access DESC"));
return ($queries[$type] ? $queries[$type] : $queries);
}
function account_admin() {
global $op, $edit, $id, $mod, $keys, $order, $name, $query;
global $user, $op, $edit, $id, $mod, $keys, $order, $name, $query;
print "<SMALL><A HREF=\"admin.php?mod=account&op=access\">access control</A> | <A HREF=\"admin.php?mod=account&op=add\">add new account</A> | <A HREF=\"admin.php?mod=account&op=listing\">account listings</A> | <A HREF=\"admin.php?mod=account&op=search\">search account</A> | <A HREF=\"admin.php?mod=account\">overview</A> | <A HREF=\"admin.php?mod=account&op=help\">help</A></SMALL><HR>";
if (user_access($user, "add and edit user accounts")) {
print "<SMALL><A HREF=\"admin.php?mod=account&op=access\">access control</A> | <A HREF=\"admin.php?mod=account&op=add\">add new account</A> | <A HREF=\"admin.php?mod=account&op=listing\">account listings</A> | <A HREF=\"admin.php?mod=account&op=search\">search account</A> | <A HREF=\"admin.php?mod=account\">overview</A> | <A HREF=\"admin.php?mod=account&op=help\">help</A></SMALL><HR>";
$query = $query ? $query : 0;
$name = $name ? $name : $edit[name];
$query = $query ? $query : 0;
$name = $name ? $name : $edit[name];
switch ($op) {
case "access":
print account_ac();
break;
case "Add rule":
print status(account_ac_add($edit));
print account_ac();
break;
case "Check":
print status(account_ac_check($edit));
print account_ac();
break;
case "delete":
print status(account_ac_del($id));
print account_ac();
break;
case "Delete account":
print status(account_delete($name));
print account_overview(account_query($query));
break;
case "add":
print account_add();
break;
case "Edit account":
case "edit":
print account_edit($name);
break;
case "help":
print account_help();
break;
case "listing":
print node_listing(account_query());
break;
case "search":
print search_form($keys);
print search_data($keys, $mod);
break;
case "Save account":
$name = account_save($edit);
if ($name)
print account_view($name);
else {
foreach ($edit as $key=>$value) {
$account->$key = $value;
switch ($op) {
case "access":
print account_ac();
break;
case "Add rule":
print status(account_ac_add($edit));
print account_ac();
break;
case "Check":
print status(account_ac_check($edit));
print account_ac();
break;
case "delete":
print status(account_ac_del($id));
print account_ac();
break;
case "Delete account":
print status(account_delete($name));
print account_overview(account_query($query));
break;
case "add":
print account_add();
break;
case "Edit account":
case "edit":
print account_edit($name);
break;
case "help":
print account_help();
break;
case "listing":
print node_listing(account_query());
break;
case "search":
print search_form($keys);
print search_data($keys, $mod);
break;
case "Save account":
$name = account_save($edit);
if ($name)
print account_view($name);
else {
foreach ($edit as $key=>$value) {
$account->$key = $value;
}
print account_form($account);
}
print account_form($account);
}
break;
case "View account":
case "view":
print account_view($name);
break;
default:
print account_overview(account_query($query));
break;
case "View account":
case "view":
print account_view($name);
break;
default:
print account_overview(account_query($query));
}
}
else {
print message_access();
}
}

100
modules/aggregator.module
View File

@ -6,6 +6,10 @@ function import_help() {
<?php
}
function import_perm() {
return array("add and edit news feeds");
}
function import_cron() {
$result = db_query("SELECT * FROM feed");
while ($feed = db_fetch_array($result)) {
@ -232,54 +236,60 @@ function import_view_item() {
}
function import_admin() {
global $op, $id, $type, $edit;
global $user, $op, $id, $type, $edit;
print "<SMALL><A HREF=\"admin.php?mod=import&type=bundle&op=add\">add new bundle</A> | <A HREF=\"admin.php?mod=import&type=feed&op=add\">add new feed</A> | <A HREF=\"admin.php?mod=import&type=bundle&op=view\">available bundles</A> | <A HREF=\"admin.php?mod=import&type=item&op=view\">available items</A> | <A HREF=\"admin.php?mod=import&op=view\">overview</A> | <A HREF=\"admin.php?mod=import&op=help\">help</A></SMALL><HR>";
if (user_access($user, "add and edit news feeds")) {
switch($op) {
case "help":
print import_help();
break;
case "add":
if ($type == "bundle")
print import_form_bundle();
else
print import_form_feed();
break;
case "edit":
if ($type == "bundle")
print import_form_bundle(import_get_bundle($id));
else
print import_form_feed(import_get_feed($id));
break;
case "remove":
print status(import_remove(import_get_feed($id)));
print import_view_feed();
break;
case "update":
print status(import_update(import_get_feed($id)));
print import_view_feed();
break;
case "Save attributes":
print status(import_save_attributes($edit));
print import_view_item();
break;
case "Delete":
$edit[title] = 0;
// fall through:
case "Submit":
if ($type == "bundle")
print status(import_save_bundle($edit));
else
print status(import_save_feed($edit));
// fall through:
default:
if ($type == "bundle")
print import_view_bundle();
else if ($type == "item")
print import_view_item();
else
print "<SMALL><A HREF=\"admin.php?mod=import&type=bundle&op=add\">add new bundle</A> | <A HREF=\"admin.php?mod=import&type=feed&op=add\">add new feed</A> | <A HREF=\"admin.php?mod=import&type=bundle&op=view\">available bundles</A> | <A HREF=\"admin.php?mod=import&type=item&op=view\">available items</A> | <A HREF=\"admin.php?mod=import&op=view\">overview</A> | <A HREF=\"admin.php?mod=import&op=help\">help</A></SMALL><HR>";
switch($op) {
case "help":
print import_help();
break;
case "add":
if ($type == "bundle")
print import_form_bundle();
else
print import_form_feed();
break;
case "edit":
if ($type == "bundle")
print import_form_bundle(import_get_bundle($id));
else
print import_form_feed(import_get_feed($id));
break;
case "remove":
print status(import_remove(import_get_feed($id)));
print import_view_feed();
break;
case "update":
print status(import_update(import_get_feed($id)));
print import_view_feed();
break;
case "Save attributes":
print status(import_save_attributes($edit));
print import_view_item();
break;
case "Delete":
$edit[title] = 0;
// fall through:
case "Submit":
if ($type == "bundle")
print status(import_save_bundle($edit));
else
print status(import_save_feed($edit));
// fall through:
default:
if ($type == "bundle")
print import_view_bundle();
else if ($type == "item")
print import_view_item();
else
print import_view_feed();
}
}
else {
print message_access();
}
}

100
modules/aggregator/aggregator.module
View File

@ -6,6 +6,10 @@ function import_help() {
<?php
}
function import_perm() {
return array("add and edit news feeds");
}
function import_cron() {
$result = db_query("SELECT * FROM feed");
while ($feed = db_fetch_array($result)) {
@ -232,54 +236,60 @@ function import_view_item() {
}
function import_admin() {
global $op, $id, $type, $edit;
global $user, $op, $id, $type, $edit;
print "<SMALL><A HREF=\"admin.php?mod=import&type=bundle&op=add\">add new bundle</A> | <A HREF=\"admin.php?mod=import&type=feed&op=add\">add new feed</A> | <A HREF=\"admin.php?mod=import&type=bundle&op=view\">available bundles</A> | <A HREF=\"admin.php?mod=import&type=item&op=view\">available items</A> | <A HREF=\"admin.php?mod=import&op=view\">overview</A> | <A HREF=\"admin.php?mod=import&op=help\">help</A></SMALL><HR>";
if (user_access($user, "add and edit news feeds")) {
switch($op) {
case "help":
print import_help();
break;
case "add":
if ($type == "bundle")
print import_form_bundle();
else
print import_form_feed();
break;
case "edit":
if ($type == "bundle")
print import_form_bundle(import_get_bundle($id));
else
print import_form_feed(import_get_feed($id));
break;
case "remove":
print status(import_remove(import_get_feed($id)));
print import_view_feed();
break;
case "update":
print status(import_update(import_get_feed($id)));
print import_view_feed();
break;
case "Save attributes":
print status(import_save_attributes($edit));
print import_view_item();
break;
case "Delete":
$edit[title] = 0;
// fall through:
case "Submit":
if ($type == "bundle")
print status(import_save_bundle($edit));
else
print status(import_save_feed($edit));
// fall through:
default:
if ($type == "bundle")
print import_view_bundle();
else if ($type == "item")
print import_view_item();
else
print "<SMALL><A HREF=\"admin.php?mod=import&type=bundle&op=add\">add new bundle</A> | <A HREF=\"admin.php?mod=import&type=feed&op=add\">add new feed</A> | <A HREF=\"admin.php?mod=import&type=bundle&op=view\">available bundles</A> | <A HREF=\"admin.php?mod=import&type=item&op=view\">available items</A> | <A HREF=\"admin.php?mod=import&op=view\">overview</A> | <A HREF=\"admin.php?mod=import&op=help\">help</A></SMALL><HR>";
switch($op) {
case "help":
print import_help();
break;
case "add":
if ($type == "bundle")
print import_form_bundle();
else
print import_form_feed();
break;
case "edit":
if ($type == "bundle")
print import_form_bundle(import_get_bundle($id));
else
print import_form_feed(import_get_feed($id));
break;
case "remove":
print status(import_remove(import_get_feed($id)));
print import_view_feed();
break;
case "update":
print status(import_update(import_get_feed($id)));
print import_view_feed();
break;
case "Save attributes":
print status(import_save_attributes($edit));
print import_view_item();
break;
case "Delete":
$edit[title] = 0;
// fall through:
case "Submit":
if ($type == "bundle")
print status(import_save_bundle($edit));
else
print status(import_save_feed($edit));
// fall through:
default:
if ($type == "bundle")
print import_view_bundle();
else if ($type == "item")
print import_view_item();
else
print import_view_feed();
}
}
else {
print message_access();
}
}

38
modules/block.module
View File

@ -9,6 +9,10 @@ function block_help() {
<?php
}
function block_perm() {
return array("add and edit blocks");
}
function block_admin_save($edit) {
foreach ($edit as $key=>$value) {
db_query("UPDATE blocks SET region = '". check_input($value[region]) ."', status = '". check_input($value[status]) ."', weight = '". check_input($value[weight]) ."' WHERE name = '". check_input($key) ."'");
@ -99,24 +103,28 @@ function block_admin_preview() {
}
function block_admin() {
global $op, $edit;
global $user, $op, $edit;
print "<SMALL><A HREF=\"admin.php?mod=block\">configure</A> | <A HREF=\"admin.php?mod=block&op=preview\">preview</A> | <A HREF=\"admin.php?mod=block&op=help\">help</A></SMALL><HR>\n";
if (user_access($user, "add and edit blocks")) {
print "<SMALL><A HREF=\"admin.php?mod=block\">configure</A> | <A HREF=\"admin.php?mod=block&op=preview\">preview</A> | <A HREF=\"admin.php?mod=block&op=help\">help</A></SMALL><HR>\n";
switch ($op) {
case "help":
block_help();
break;
case "preview":
block_admin_preview();
break;
case "Save blocks":
block_admin_save($edit);
// fall through
default:
block_admin_display();
switch ($op) {
case "help":
block_help();
break;
case "preview":
block_admin_preview();
break;
case "Save blocks":
block_admin_save($edit);
// fall through
default:
block_admin_display();
}
}
else {
print message_access();
}
}
?>

38
modules/block/block.module
View File

@ -9,6 +9,10 @@ function block_help() {
<?php
}
function block_perm() {
return array("add and edit blocks");
}
function block_admin_save($edit) {
foreach ($edit as $key=>$value) {
db_query("UPDATE blocks SET region = '". check_input($value[region]) ."', status = '". check_input($value[status]) ."', weight = '". check_input($value[weight]) ."' WHERE name = '". check_input($key) ."'");
@ -99,24 +103,28 @@ function block_admin_preview() {
}
function block_admin() {
global $op, $edit;
global $user, $op, $edit;
print "<SMALL><A HREF=\"admin.php?mod=block\">configure</A> | <A HREF=\"admin.php?mod=block&op=preview\">preview</A> | <A HREF=\"admin.php?mod=block&op=help\">help</A></SMALL><HR>\n";
if (user_access($user, "add and edit blocks")) {
print "<SMALL><A HREF=\"admin.php?mod=block\">configure</A> | <A HREF=\"admin.php?mod=block&op=preview\">preview</A> | <A HREF=\"admin.php?mod=block&op=help\">help</A></SMALL><HR>\n";
switch ($op) {
case "help":
block_help();
break;
case "preview":
block_admin_preview();
break;
case "Save blocks":
block_admin_save($edit);
// fall through
default:
block_admin_display();
switch ($op) {
case "help":
block_help();
break;
case "preview":
block_admin_preview();
break;
case "Save blocks":
block_admin_save($edit);
// fall through
default:
block_admin_display();
}
}
else {
print message_access();
}
}
?>

43
modules/book.module
View File

@ -9,6 +9,10 @@ class Book {
}
}
function book_perm() {
return array("maintain book structure");
}
function book_status() {
return array(dumped, expired, queued, posted);
}
@ -69,7 +73,7 @@ function book_search($keys) {
global $status, $user;
$result = db_query("SELECT n.*, u.userid FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid LEFT JOIN users u ON n.author = u.id WHERE n.type = 'book' AND n.status = '$status[posted]' AND (n.title LIKE '%". check_input($keys) ."%' OR b.body LIKE '%". check_input($keys) ."%') ORDER BY n.timestamp DESC LIMIT 20");
while ($node = db_fetch_object($result)) {
$find[$i++] = array("title" => check_output($node->title), "link" => (user_access($user, "book") ? "admin.php?mod=node&type=book&op=edit&id=$node->nid" : "node.php?id=$node->nid"), "user" => $node->userid, "date" => $node->timestamp);
$find[$i++] = array("title" => check_output($node->title), "link" => (user_access($user, "add and edit nodes") ? "admin.php?mod=node&type=book&op=edit&id=$node->nid" : "node.php?id=$node->nid"), "user" => $node->userid, "date" => $node->timestamp);
}
return $find;
}
@ -92,7 +96,7 @@ function book_toc($parent = "", $indent = "", $toc = array()) {
$result = db_query("SELECT n.*, b.* FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid WHERE n.type = 'book' AND n.status = '$status[posted]' AND ". book_parent_query($parent) ." ORDER BY b.weight");
// add root node:
if (user_access($user, "book")) {
if (user_access($user, "add and edit nodes")) {
$toc[0] = "&nbsp;";
}
@ -126,7 +130,7 @@ function book_form($edit = array()) {
$form .= form_textarea(t("Content"), "body", $edit[body], 70, 20, t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
$form .= form_textarea(t("Log message"), "log", $edit[log], 70, 5, t("An explanation of the additions or updates being made to help the group understand your motivations."));
if (user_access($user, "book")) {
if (user_access($user, "add and edit nodes")) {
$form .= form_select(t("Weight"), "weight", $edit[weight], array(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30), t("The heavier nodes will sink and the lighter nodes will be positioned nearer the top."));
}
@ -152,7 +156,7 @@ function book_save($edit) {
if (!$edit[nid]) {
node_save($edit, array(author => $user->id, body, comment => variable_get("book_comment", 0), log, moderate => variable_get("book_moderate", ""), parent, pid, promote => variable_get("book_promote", 0), score => 0, status => variable_get("book_status", $status[queued]), timestamp => time(), title, type => "book", votes => 0, weight));
}
else if (user_access($user)) {
else if (user_access($user, "add and edit nodes")) {
node_save($edit, array(body, log, parent, title, type => "book", weight));
}
}
@ -204,21 +208,34 @@ function book_tree($parent = "", $depth = 0) {
}
function book_admin() {
print book_tree();
global $user;
if (user_access($user, "maintain book structure")) {
print book_tree();
}
else {
print message_access();
}
}
function book_page() {
global $status, $theme;
global $user, $status, $theme;
$result = db_query("SELECT n.*, b.* FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid WHERE b.parent = 0 AND n.status = $status[posted] ORDER BY b.weight");
if (user_access($user, "view content")) {
$result = db_query("SELECT n.*, b.* FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid WHERE b.parent = 0 AND n.status = $status[posted] ORDER BY b.weight");
while ($node = db_fetch_object($result)) {
$output .= "<DT><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A></DT><DD>". check_output($node->body, 1) ."<BR><BR></DD>";
while ($node = db_fetch_object($result)) {
$output .= "<DT><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A></DT><DD>". check_output($node->body, 1) ."<BR><BR></DD>";
}
$theme->header();
$theme->box(t("Handbook"), "<DL>$output</DL>");
$theme->footer();
}
else {
$theme->header();
$theme->box(t("Access denied"), message_access());
$theme->footer();
}
$theme->header();
$theme->box(t("Handbook"), "<DL>$output</DL>");
$theme->footer();
}
function book_edit($id) {

43
modules/book/book.module
View File

@ -9,6 +9,10 @@ class Book {
}
}
function book_perm() {
return array("maintain book structure");
}
function book_status() {
return array(dumped, expired, queued, posted);
}
@ -69,7 +73,7 @@ function book_search($keys) {
global $status, $user;
$result = db_query("SELECT n.*, u.userid FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid LEFT JOIN users u ON n.author = u.id WHERE n.type = 'book' AND n.status = '$status[posted]' AND (n.title LIKE '%". check_input($keys) ."%' OR b.body LIKE '%". check_input($keys) ."%') ORDER BY n.timestamp DESC LIMIT 20");
while ($node = db_fetch_object($result)) {
$find[$i++] = array("title" => check_output($node->title), "link" => (user_access($user, "book") ? "admin.php?mod=node&type=book&op=edit&id=$node->nid" : "node.php?id=$node->nid"), "user" => $node->userid, "date" => $node->timestamp);
$find[$i++] = array("title" => check_output($node->title), "link" => (user_access($user, "add and edit nodes") ? "admin.php?mod=node&type=book&op=edit&id=$node->nid" : "node.php?id=$node->nid"), "user" => $node->userid, "date" => $node->timestamp);
}
return $find;
}
@ -92,7 +96,7 @@ function book_toc($parent = "", $indent = "", $toc = array()) {
$result = db_query("SELECT n.*, b.* FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid WHERE n.type = 'book' AND n.status = '$status[posted]' AND ". book_parent_query($parent) ." ORDER BY b.weight");
// add root node:
if (user_access($user, "book")) {
if (user_access($user, "add and edit nodes")) {
$toc[0] = "&nbsp;";
}
@ -126,7 +130,7 @@ function book_form($edit = array()) {
$form .= form_textarea(t("Content"), "body", $edit[body], 70, 20, t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
$form .= form_textarea(t("Log message"), "log", $edit[log], 70, 5, t("An explanation of the additions or updates being made to help the group understand your motivations."));
if (user_access($user, "book")) {
if (user_access($user, "add and edit nodes")) {
$form .= form_select(t("Weight"), "weight", $edit[weight], array(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30), t("The heavier nodes will sink and the lighter nodes will be positioned nearer the top."));
}
@ -152,7 +156,7 @@ function book_save($edit) {
if (!$edit[nid]) {
node_save($edit, array(author => $user->id, body, comment => variable_get("book_comment", 0), log, moderate => variable_get("book_moderate", ""), parent, pid, promote => variable_get("book_promote", 0), score => 0, status => variable_get("book_status", $status[queued]), timestamp => time(), title, type => "book", votes => 0, weight));
}
else if (user_access($user)) {
else if (user_access($user, "add and edit nodes")) {
node_save($edit, array(body, log, parent, title, type => "book", weight));
}
}
@ -204,21 +208,34 @@ function book_tree($parent = "", $depth = 0) {
}
function book_admin() {
print book_tree();
global $user;
if (user_access($user, "maintain book structure")) {
print book_tree();
}
else {
print message_access();
}
}
function book_page() {
global $status, $theme;
global $user, $status, $theme;
$result = db_query("SELECT n.*, b.* FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid WHERE b.parent = 0 AND n.status = $status[posted] ORDER BY b.weight");
if (user_access($user, "view content")) {
$result = db_query("SELECT n.*, b.* FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid WHERE b.parent = 0 AND n.status = $status[posted] ORDER BY b.weight");
while ($node = db_fetch_object($result)) {
$output .= "<DT><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A></DT><DD>". check_output($node->body, 1) ."<BR><BR></DD>";
while ($node = db_fetch_object($result)) {
$output .= "<DT><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A></DT><DD>". check_output($node->body, 1) ."<BR><BR></DD>";
}
$theme->header();
$theme->box(t("Handbook"), "<DL>$output</DL>");
$theme->footer();
}
else {
$theme->header();
$theme->box(t("Access denied"), message_access());
$theme->footer();
}
$theme->header();
$theme->box(t("Handbook"), "<DL>$output</DL>");
$theme->footer();
}
function book_edit($id) {

66
modules/box.module
View File

@ -29,6 +29,10 @@ function box_help() {
<?php
}
function box_perm() {
return array("add and edit boxes");
}
function box_block() {
$result = db_query("SELECT * FROM boxes ORDER BY subject");
$i = 0;
@ -142,36 +146,42 @@ function box_admin_save($id, $subject, $content, $info, $link, $type) {
}
function box_admin() {
global $op, $id, $subject, $content, $info, $link, $type;
global $user, $op, $id, $subject, $content, $info, $link, $type;
print "<SMALL><A HREF=\"admin.php?mod=box&op=add\">add new box</A> | <A HREF=\"admin.php?mod=box\">overview</A> | <A HREF=\"admin.php?mod=box&op=help\">help</A></SMALL><HR>\n";
if (user_access($user, "add and edit boxes")) {
switch ($op) {
case "Add box":
box_admin_add(check_input($subject), check_code($content), check_input($info), check_input($link), check_input($type));
box_admin_display();
box_admin_rehash();
break;
case "Save box":
box_admin_save(check_input($id), check_input($subject), check_code($content), check_input($info), check_input($link), check_input($type));
box_admin_display();
box_admin_rehash();
break;
case "help":
box_help();
break;
case "add":
box_admin_new();
break;
case "edit":
box_admin_edit(check_input($id));
break;
case "delete":
box_admin_delete(check_input($id));
box_admin_rehash();
// fall through
default:
box_admin_display();
print "<SMALL><A HREF=\"admin.php?mod=box&op=add\">add new box</A> | <A HREF=\"admin.php?mod=box\">overview</A> | <A HREF=\"admin.php?mod=box&op=help\">help</A></SMALL><HR>\n";
switch ($op) {
case "Add box":
box_admin_add(check_input($subject), check_code($content), check_input($info), check_input($link), check_input($type));
box_admin_display();
box_admin_rehash();
break;
case "Save box":
box_admin_save(check_input($id), check_input($subject), check_code($content), check_input($info), check_input($link), check_input($type));
box_admin_display();
box_admin_rehash();
break;
case "help":
box_help();
break;
case "add":
box_admin_new();
break;
case "edit":
box_admin_edit(check_input($id));
break;
case "delete":
box_admin_delete(check_input($id));
box_admin_rehash();
// fall through
default:
box_admin_display();
}
}
else {
print message_access();
}
}

44
modules/comment.module
View File

@ -4,11 +4,15 @@ function comment_search($keys) {
global $user;
$result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.subject LIKE '%$keys%' OR c.comment LIKE '%$keys%' ORDER BY c.timestamp DESC LIMIT 20");
while ($comment = db_fetch_object($result)) {
$find[$i++] = array("title" => check_output($comment->subject), "link" => (user_access($user, "comment") ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "node.php?id=$comment->lid&cid=$comment->cid"), "user" => $comment->userid, "date" => $comment->timestamp);
$find[$i++] = array("title" => check_output($comment->subject), "link" => (user_access($user, "edit user comments") ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "node.php?id=$comment->lid&cid=$comment->cid"), "user" => $comment->userid, "date" => $comment->timestamp);
}
return $find;
}
function comment_perm() {
return array("view comments", "post comments", "edit comments");
}
function comment_edit($id) {
global $REQUEST_URI;
@ -42,24 +46,30 @@ function comment_overview() {
}
function comment_admin() {
global $op, $id, $edit, $mod, $keys, $order;
global $user, $op, $id, $edit, $mod, $keys, $order;
print "<SMALL><A HREF=\"admin.php?mod=comment\">overview</A> | <A HREF=\"admin.php?mod=comment&op=search\">search comment</A></SMALL><HR>\n";
if (user_access($user, "edit comments")) {
switch ($op) {
case "edit":
print comment_edit($id);
break;
case "search":
print search_form($keys);
print search_data($keys, $mod);
break;
case t("Submit"):
print status(comment_save(check_input($id), $edit));
print comment_overview();
break;
default:
print comment_overview();
print "<SMALL><A HREF=\"admin.php?mod=comment\">overview</A> | <A HREF=\"admin.php?mod=comment&op=search\">search comment</A></SMALL><HR>\n";
switch ($op) {
case "edit":
print comment_edit($id);
break;
case "search":
print search_form($keys);
print search_data($keys, $mod);
break;
case t("Submit"):
print status(comment_save(check_input($id), $edit));
print comment_overview();
break;
default:
print comment_overview();
}
}
else {
print message_access();
}
}

44
modules/comment/comment.module
View File

@ -4,11 +4,15 @@ function comment_search($keys) {
global $user;
$result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.subject LIKE '%$keys%' OR c.comment LIKE '%$keys%' ORDER BY c.timestamp DESC LIMIT 20");
while ($comment = db_fetch_object($result)) {
$find[$i++] = array("title" => check_output($comment->subject), "link" => (user_access($user, "comment") ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "node.php?id=$comment->lid&cid=$comment->cid"), "user" => $comment->userid, "date" => $comment->timestamp);
$find[$i++] = array("title" => check_output($comment->subject), "link" => (user_access($user, "edit user comments") ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "node.php?id=$comment->lid&cid=$comment->cid"), "user" => $comment->userid, "date" => $comment->timestamp);
}
return $find;
}
function comment_perm() {
return array("view comments", "post comments", "edit comments");
}
function comment_edit($id) {
global $REQUEST_URI;
@ -42,24 +46,30 @@ function comment_overview() {
}
function comment_admin() {
global $op, $id, $edit, $mod, $keys, $order;
global $user, $op, $id, $edit, $mod, $keys, $order;
print "<SMALL><A HREF=\"admin.php?mod=comment\">overview</A> | <A HREF=\"admin.php?mod=comment&op=search\">search comment</A></SMALL><HR>\n";
if (user_access($user, "edit comments")) {
switch ($op) {
case "edit":
print comment_edit($id);
break;
case "search":
print search_form($keys);
print search_data($keys, $mod);
break;
case t("Submit"):
print status(comment_save(check_input($id), $edit));
print comment_overview();
break;
default:
print comment_overview();
print "<SMALL><A HREF=\"admin.php?mod=comment\">overview</A> | <A HREF=\"admin.php?mod=comment&op=search\">search comment</A></SMALL><HR>\n";
switch ($op) {
case "edit":
print comment_edit($id);
break;
case "search":
print search_form($keys);
print search_data($keys, $mod);
break;
case t("Submit"):
print status(comment_save(check_input($id), $edit));
print comment_overview();
break;
default:
print comment_overview();
}
}
else {
print message_access();
}
}

42
modules/conf.module
View File

@ -12,6 +12,10 @@ function conf_help() {
<?php
}
function conf_perm() {
return array("edit configuration options");
}
function conf_view_options() {
global $conf, $cmodes, $corder, $themes;
@ -97,24 +101,30 @@ function conf_view($type) {
}
function conf_admin() {
global $edit, $op, $type;
global $user, $edit, $op, $type;
print "<SMALL><A HREF=\"admin.php?mod=conf&type=options\">site settings</A> | <A HREF=\"admin.php?mod=conf&type=filter\">content filters</A> | <A HREF=\"admin.php?mod=conf&op=help\">help</A></SMALL><HR>\n";
if (user_access($user, "edit configuration options")) {
switch ($op) {
case "help":
conf_help();
break;
case "Reset to defaults":
print status(conf_default($edit));
print conf_view($type);
break;
case "Save configuration":
print status(conf_save($edit));
print conf_view($type);
break;
default:
print conf_view($type);
print "<SMALL><A HREF=\"admin.php?mod=conf&type=options\">site settings</A> | <A HREF=\"admin.php?mod=conf&type=filter\">content filters</A> | <A HREF=\"admin.php?mod=conf&op=help\">help</A></SMALL><HR>\n";
switch ($op) {
case "help":
conf_help();
break;
case "Reset to defaults":
print status(conf_default($edit));
print conf_view($type);
break;
case "Save configuration":
print status(conf_save($edit));
print conf_view($type);
break;
default:
print conf_view($type);
}
}
else {
print message_access();
}
}

33
modules/cvs.module
View File

@ -1,5 +1,9 @@
<?php
function cvs_perm() {
return array("view CVS messages");
}
function cvs_cron() {
if (time() - variable_get("cvs_cron_last", 0) > variable_get("cvs_cron_time", time())) {
variable_set("cvs_cron_last", time());
@ -22,20 +26,27 @@ function cvs_conf_options() {
}
function cvs_page() {
global $theme;
global $user, $theme;
$result = db_query("SELECT * FROM cvs ORDER BY timestamp DESC LIMIT 50");
if (user_access($user, "view CVS messages")) {
$result = db_query("SELECT * FROM cvs ORDER BY timestamp DESC LIMIT 50");
while ($cvs = db_fetch_object($result)) {
$output .= "<b>File:</b> $cvs->files<br />";
$output .= "<b>Date:</b> ". format_date($cvs->timestamp) ."<br />";
$output .= "<b>User:</b> $cvs->user<br />";
$output .= "\n". nl2br(htmlentities($cvs->message)) ."<hr />";
while ($cvs = db_fetch_object($result)) {
$output .= "<b>File:</b> $cvs->files<br />";
$output .= "<b>Date:</b> ". format_date($cvs->timestamp) ."<br />";
$output .= "<b>User:</b> $cvs->user<br />";
$output .= "\n". nl2br(htmlentities($cvs->message)) ."<hr />";
}
$theme->header();
$theme->box("CVS commit messages", "<div style=\"font-family: monospace;\">$output</div>");
$theme->footer();
}
else {
$theme->header();
$theme->box(t("Access denied"), message_access());
$theme->footer();
}
$theme->header();
$theme->box("CVS commit messages", "<div style=\"font-family: monospace;\">$output</div>");
$theme->footer();
}
?>

108
modules/diary.module
View File

@ -1,10 +1,14 @@
<?php
function diary_perm() {
return array("view diary entries", "edit diary entries");
}
function diary_search($keys) {
global $user;
$result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id WHERE d.text LIKE '%$keys%' ORDER BY d.timestamp DESC LIMIT 20");
while ($diary = db_fetch_object($result)) {
$find[$i++] = array("title" => "$diary->userid's diary", "link" => (user_access($user, "diary") ? "admin.php?mod=diary&op=edit&id=$diary->id" : "module.php?mod=diary&op=view&name=$diary->userid"), "user" => $diary->userid, "date" => $diary->timestamp);
$find[$i++] = array("title" => "$diary->userid's diary", "link" => (user_access($user, "edit diary entries") ? "admin.php?mod=diary&op=edit&id=$diary->id" : "module.php?mod=diary&op=view&name=$diary->userid"), "user" => $diary->userid, "date" => $diary->timestamp);
}
return $find;
@ -13,25 +17,31 @@ function diary_search($keys) {
function diary_page_overview($num = 20) {
global $theme, $user;
$result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id ORDER BY d.timestamp DESC LIMIT $num");
if (user_access($user, "view diary entries")) {
$result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id ORDER BY d.timestamp DESC LIMIT $num");
while ($diary = db_fetch_object($result)) {
if ($time != date("F jS", $diary->timestamp)) {
$output .= "<B>". $date = t(date("l", $diary->timestamp)) .", ". t(date("F", $diary->timestamp)) ." ". date("j", $diary->timestamp) ."</B>\n";
$time = date("F jS", $diary->timestamp);
while ($diary = db_fetch_object($result)) {
if ($time != date("F jS", $diary->timestamp)) {
$output .= "<B>". $date = t(date("l", $diary->timestamp)) .", ". t(date("F", $diary->timestamp)) ." ". date("j", $diary->timestamp) ."</B>\n";
$time = date("F jS", $diary->timestamp);
}
$output .= "<DL>\n";
$output .= " <DD><P><B>$diary->userid ". t("wrote") .":</B></P></DD>\n";
$output .= " <DL>\n";
$output .= " <DD><P>". check_output($diary->text, 1) ."</P><P>[ <A HREF=\"module.php?mod=diary&op=view&name=$diary->userid\">". t("more") ."</A> ]</P></DD>\n";
$output .= " </DL>\n";
$output .= "</DL>\n";
}
$output .= "<DL>\n";
$output .= " <DD><P><B>$diary->userid ". t("wrote") .":</B></P></DD>\n";
$output .= " <DL>\n";
$output .= " <DD><P>". check_output($diary->text, 1) ."</P><P>[ <A HREF=\"module.php?mod=diary&op=view&name=$diary->userid\">". t("more") ."</A> ]</P></DD>\n";
$output .= " </DL>\n";
$output .= "</DL>\n";
$theme->header();
$theme->box(t("Online diary"), $output);
$theme->footer();
}
else {
$theme->header();
$theme->box(t("Access denied"), message_access());
$theme->footer();
}
$theme->header();
$theme->box(t("Online diary"), $output);
$theme->footer();
}
function diary_page_entry($timestamp, $text, $id = 0) {
@ -177,7 +187,7 @@ function diary_page() {
diary_page_delete(check_input($id));
diary_page_display(check_input($name));
break;
case "edit":
case "edit":
diary_page_edit(check_input($id));
break;
case "view":
@ -299,40 +309,40 @@ function diary_admin_display($order = "date") {
function diary_admin() {
global $op, $id, $mod, $keys, $text, $order;
global $user, $op, $id, $mod, $keys, $text, $order;
print "<SMALL><A HREF=\"admin.php?mod=diary\">overview</A> | <A HREF=\"admin.php?mod=diary&op=search\">search diary</A> | <A HREF=\"admin.php?mod=diary&op=help\">help</A></SMALL><HR>\n";
if (user_access($user, "edit diary entries")) {
switch ($op) {
case "delete":
diary_admin_delete(check_input($id));
diary_admin_display();
break;
case "edit":
diary_admin_edit(check_input($id));
break;
case "help":
diary_help();
break;
case "search":
print search_form($keys);
print search_data($keys, $mod);
break;
case "Save diary entry":
diary_admin_save(check_input($id), check_input($text));
diary_admin_display();
break;
case "Update":
diary_admin_display(check_input($order));
break;
default:
diary_admin_display();
print "<SMALL><A HREF=\"admin.php?mod=diary\">overview</A> | <A HREF=\"admin.php?mod=diary&op=search\">search diary</A> | <A HREF=\"admin.php?mod=diary&op=help\">help</A></SMALL><HR>\n";
switch ($op) {
case "delete":
diary_admin_delete(check_input($id));
diary_admin_display();
break;
case "edit":
diary_admin_edit(check_input($id));
break;
case "help":
diary_help();
break;
case "search":
print search_form($keys);
print search_data($keys, $mod);
break;
case "Save diary entry":
diary_admin_save(check_input($id), check_input($text));
diary_admin_display();
break;
case "Update":
diary_admin_display(check_input($order));
break;
default:
diary_admin_display();
}
}
}
function diary_export($uri) {
if ($uri[2] == "diary") {
print "TODO: export diary for user $uri[3]";
else {
print message_access();
}
}

35
modules/forum.module
View File

@ -24,9 +24,7 @@ function forum_form($edit = array()) {
function forum_save($edit) {
global $user, $status;
if (user_access($user)) {
node_save($edit, array(author => $user->id, body, comment => variable_get("forum_comment", 0), moderate => variable_get("forum_moderate", ""), promote => variable_get("forum_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "forum", votes => 0));
}
node_save($edit, array(author => $user->id, body, comment => variable_get("forum_comment", 0), moderate => variable_get("forum_moderate", ""), promote => variable_get("forum_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "forum", votes => 0));
}
function forum_num_comments($nid) {
@ -40,21 +38,28 @@ function forum_last_comment($nid) {
}
function forum_page() {
global $theme;
global $user, $theme;
$result = db_query("SELECT nid FROM node WHERE type = 'forum' ORDER BY title");
if (user_access($user, "view content")) {
$result = db_query("SELECT nid FROM node WHERE type = 'forum' ORDER BY title");
$output .= "<TABLE BORDER=\"0\" CELLSPACING=\"4\" CELLPADDING=\"4\">\n";
$output .= " <TR><TH>". t("Forum") ."</TH><TH>". t("Comments") ."</TH><TH>". t("Last comment") ."</TH><TH>". t("Moderators") ."</TH></TR>";
while ($node = db_fetch_object($result)) {
$node = node_get_object(array("nid" => $node->nid));
$output .= " <TR><TD><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A><BR><SMALL>". check_output($node->body, 1) ."</SMALL></TD><TD ALIGN=\"center\">". forum_num_comments($node->nid) ."</TD><TD ALIGN=\"center\">". forum_last_comment($node->nid) ."</TD><TD ALIGN=\"center\"><SMALL>". check_output($node->moderate) ."</SMALL></TD></TR>";
$output .= "<TABLE BORDER=\"0\" CELLSPACING=\"4\" CELLPADDING=\"4\">\n";
$output .= " <TR><TH>". t("Forum") ."</TH><TH>". t("Comments") ."</TH><TH>". t("Last comment") ."</TH><TH>". t("Moderators") ."</TH></TR>";
while ($node = db_fetch_object($result)) {
$node = node_get_object(array("nid" => $node->nid));
$output .= " <TR><TD><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A><BR><SMALL>". check_output($node->body, 1) ."</SMALL></TD><TD ALIGN=\"center\">". forum_num_comments($node->nid) ."</TD><TD ALIGN=\"center\">". forum_last_comment($node->nid) ."</TD><TD ALIGN=\"center\"><SMALL>". check_output($node->moderate) ."</SMALL></TD></TR>";
}
$output .= "</TABLE>\n";
$theme->header();
$theme->box(t("Discussion forum"), $output);
$theme->footer();
}
else {
$theme->header();
$theme->box(t("Access denied"), message_access());
$theme->footer();
}
$output .= "</TABLE>\n";
$theme->header();
$theme->box(t("Discussion forum"), $output);
$theme->footer();
}
?>

35
modules/forum/forum.module
View File

@ -24,9 +24,7 @@ function forum_form($edit = array()) {
function forum_save($edit) {
global $user, $status;
if (user_access($user)) {
node_save($edit, array(author => $user->id, body, comment => variable_get("forum_comment", 0), moderate => variable_get("forum_moderate", ""), promote => variable_get("forum_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "forum", votes => 0));
}
node_save($edit, array(author => $user->id, body, comment => variable_get("forum_comment", 0), moderate => variable_get("forum_moderate", ""), promote => variable_get("forum_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "forum", votes => 0));
}
function forum_num_comments($nid) {
@ -40,21 +38,28 @@ function forum_last_comment($nid) {
}
function forum_page() {
global $theme;
global $user, $theme;
$result = db_query("SELECT nid FROM node WHERE type = 'forum' ORDER BY title");
if (user_access($user, "view content")) {
$result = db_query("SELECT nid FROM node WHERE type = 'forum' ORDER BY title");
$output .= "<TABLE BORDER=\"0\" CELLSPACING=\"4\" CELLPADDING=\"4\">\n";
$output .= " <TR><TH>". t("Forum") ."</TH><TH>". t("Comments") ."</TH><TH>". t("Last comment") ."</TH><TH>". t("Moderators") ."</TH></TR>";
while ($node = db_fetch_object($result)) {
$node = node_get_object(array("nid" => $node->nid));
$output .= " <TR><TD><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A><BR><SMALL>". check_output($node->body, 1) ."</SMALL></TD><TD ALIGN=\"center\">". forum_num_comments($node->nid) ."</TD><TD ALIGN=\"center\">". forum_last_comment($node->nid) ."</TD><TD ALIGN=\"center\"><SMALL>". check_output($node->moderate) ."</SMALL></TD></TR>";
$output .= "<TABLE BORDER=\"0\" CELLSPACING=\"4\" CELLPADDING=\"4\">\n";
$output .= " <TR><TH>". t("Forum") ."</TH><TH>". t("Comments") ."</TH><TH>". t("Last comment") ."</TH><TH>". t("Moderators") ."</TH></TR>";
while ($node = db_fetch_object($result)) {
$node = node_get_object(array("nid" => $node->nid));
$output .= " <TR><TD><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A><BR><SMALL>". check_output($node->body, 1) ."</SMALL></TD><TD ALIGN=\"center\">". forum_num_comments($node->nid) ."</TD><TD ALIGN=\"center\">". forum_last_comment($node->nid) ."</TD><TD ALIGN=\"center\"><SMALL>". check_output($node->moderate) ."</SMALL></TD></TR>";
}
$output .= "</TABLE>\n";
$theme->header();
$theme->box(t("Discussion forum"), $output);
$theme->footer();
}
else {
$theme->header();
$theme->box(t("Access denied"), message_access());
$theme->footer();
}
$output .= "</TABLE>\n";
$theme->header();
$theme->box(t("Discussion forum"), $output);
$theme->footer();
}
?>

100
modules/import.module
View File

@ -6,6 +6,10 @@ function import_help() {
<?php
}
function import_perm() {
return array("add and edit news feeds");
}
function import_cron() {
$result = db_query("SELECT * FROM feed");
while ($feed = db_fetch_array($result)) {
@ -232,54 +236,60 @@ function import_view_item() {
}
function import_admin() {
global $op, $id, $type, $edit;
global $user, $op, $id, $type, $edit;
print "<SMALL><A HREF=\"admin.php?mod=import&type=bundle&op=add\">add new bundle</A> | <A HREF=\"admin.php?mod=import&type=feed&op=add\">add new feed</A> | <A HREF=\"admin.php?mod=import&type=bundle&op=view\">available bundles</A> | <A HREF=\"admin.php?mod=import&type=item&op=view\">available items</A> | <A HREF=\"admin.php?mod=import&op=view\">overview</A> | <A HREF=\"admin.php?mod=import&op=help\">help</A></SMALL><HR>";
if (user_access($user, "add and edit news feeds")) {
switch($op) {
case "help":
print import_help();
break;
case "add":
if ($type == "bundle")
print import_form_bundle();
else
print import_form_feed();
break;
case "edit":
if ($type == "bundle")
print import_form_bundle(import_get_bundle($id));
else
print import_form_feed(import_get_feed($id));
break;
case "remove":
print status(import_remove(import_get_feed($id)));
print import_view_feed();
break;
case "update":
print status(import_update(import_get_feed($id)));
print import_view_feed();
break;
case "Save attributes":
print status(import_save_attributes($edit));
print import_view_item();
break;
case "Delete":
$edit[title] = 0;
// fall through:
case "Submit":
if ($type == "bundle")
print status(import_save_bundle($edit));
else
print status(import_save_feed($edit));
// fall through:
default:
if ($type == "bundle")
print import_view_bundle();
else if ($type == "item")
print import_view_item();
else
print "<SMALL><A HREF=\"admin.php?mod=import&type=bundle&op=add\">add new bundle</A> | <A HREF=\"admin.php?mod=import&type=feed&op=add\">add new feed</A> | <A HREF=\"admin.php?mod=import&type=bundle&op=view\">available bundles</A> | <A HREF=\"admin.php?mod=import&type=item&op=view\">available items</A> | <A HREF=\"admin.php?mod=import&op=view\">overview</A> | <A HREF=\"admin.php?mod=import&op=help\">help</A></SMALL><HR>";
switch($op) {
case "help":
print import_help();
break;
case "add":
if ($type == "bundle")
print import_form_bundle();
else
print import_form_feed();
break;
case "edit":
if ($type == "bundle")
print import_form_bundle(import_get_bundle($id));
else
print import_form_feed(import_get_feed($id));
break;
case "remove":
print status(import_remove(import_get_feed($id)));
print import_view_feed();
break;
case "update":
print status(import_update(import_get_feed($id)));
print import_view_feed();
break;
case "Save attributes":
print status(import_save_attributes($edit));
print import_view_item();
break;
case "Delete":
$edit[title] = 0;
// fall through:
case "Submit":
if ($type == "bundle")
print status(import_save_bundle($edit));
else
print status(import_save_feed($edit));
// fall through:
default:
if ($type == "bundle")
print import_view_bundle();
else if ($type == "item")
print import_view_item();
else
print import_view_feed();
}
}
else {
print message_access();
}
}

45
modules/locale.module
View File

@ -24,6 +24,10 @@ function locale_help() {
<?php
}
function locale_perm() {
return array("add and edit locales");
}
function locale_conf_options() {
return form_select(t("Locale support"), "locale", variable_get("locale", 0), array("Disabled", "Enabled"), t("Disable locale support if your site does not require translation or internationalization support."));
}
@ -83,26 +87,31 @@ function locale_overview() {
}
function locale_admin() {
global $id, $edit, $op;
global $user, $id, $edit, $op;
print "<SMALL><A HREF=\"admin.php?mod=locale\">overview</A> | <A HREF=\"admin.php?mod=locale&op=help\">help</A></SMALL><HR>\n";
if (user_access($user, "add and edit locales")) {
print "<SMALL><A HREF=\"admin.php?mod=locale\">overview</A> | <A HREF=\"admin.php?mod=locale&op=help\">help</A></SMALL><HR>\n";
switch ($op) {
case "delete":
print status(locale_delete(check_input($id)));
print locale_overview();
break;
case "help":
print locale_help();
break;
case "edit":
print locale_edit(check_input($id));
break;
case "Save translations":
print locale_save(check_input($id), $edit);
// fall through
default:
print locale_overview();
switch ($op) {
case "delete":
print status(locale_delete(check_input($id)));
print locale_overview();
break;
case "help":
print locale_help();
break;
case "edit":
print locale_edit(check_input($id));
break;
case "Save translations":
print locale_save(check_input($id), $edit);
// fall through
default:
print locale_overview();
}
}
else {
print message_access();
}
}

45
modules/locale/locale.module
View File

@ -24,6 +24,10 @@ function locale_help() {
<?php
}
function locale_perm() {
return array("add and edit locales");
}
function locale_conf_options() {
return form_select(t("Locale support"), "locale", variable_get("locale", 0), array("Disabled", "Enabled"), t("Disable locale support if your site does not require translation or internationalization support."));
}
@ -83,26 +87,31 @@ function locale_overview() {
}
function locale_admin() {
global $id, $edit, $op;
global $user, $id, $edit, $op;
print "<SMALL><A HREF=\"admin.php?mod=locale\">overview</A> | <A HREF=\"admin.php?mod=locale&op=help\">help</A></SMALL><HR>\n";
if (user_access($user, "add and edit locales")) {
print "<SMALL><A HREF=\"admin.php?mod=locale\">overview</A> | <A HREF=\"admin.php?mod=locale&op=help\">help</A></SMALL><HR>\n";
switch ($op) {
case "delete":
print status(locale_delete(check_input($id)));
print locale_overview();
break;
case "help":
print locale_help();
break;
case "edit":
print locale_edit(check_input($id));
break;
case "Save translations":
print locale_save(check_input($id), $edit);
// fall through
default:
print locale_overview();
switch ($op) {
case "delete":
print status(locale_delete(check_input($id)));
print locale_overview();
break;
case "help":
print locale_help();
break;
case "edit":
print locale_edit(check_input($id));
break;
case "Save translations":
print locale_save(check_input($id), $edit);
// fall through
default:
print locale_overview();
}
}
else {
print message_access();
}
}

74
modules/meta.module
View File

@ -6,6 +6,10 @@ function meta_help() {
<?php
}
function meta_conf() {
return array("add and edit meta tags");
}
function meta_form($type, $edit = array()) {
$c = db_query("SELECT * FROM collection WHERE types LIKE '%". check_input($type) ."%'");
while ($collection = db_fetch_object($c)) {
@ -125,40 +129,46 @@ function meta_overview() {
}
function meta_admin() {
global $edit, $type, $op, $id;
global $user, $edit, $type, $op, $id;
print "<SMALL><A HREF=\"admin.php?mod=meta&type=collection&op=add\">add new collection</A> | <A HREF=\"admin.php?mod=meta&type=tag&op=add\">add new meta-tag</A> | <A HREF=\"admin.php?mod=meta&op=preview\">preview node forms</A> | <A HREF=\"admin.php?mod=meta\">overview</A> | <A HREF=\"admin.php?mod=meta&op=help\">help</A></SMALL><HR>\n";
if (user_access($user, "add and edit meta tags")) {
switch ($op) {
case "add":
if ($type == "collection")
print meta_form_collection();
else
print meta_form_tag();
break;
case "edit":
if ($type == "collection")
print meta_form_collection(meta_get_collection($id));
else
print meta_form_tag(meta_get_tag($id));
break;
case "help":
print meta_help();
break;
case "preview":
print meta_preview();
break;
case "Delete":
$edit[name] = 0;
// fall through:
case "Submit":
if ($type == "collection")
print status(meta_save_collection($edit));
else
print status(meta_save_tag($edit));
// fall through:
default:
print meta_overview();
print "<SMALL><A HREF=\"admin.php?mod=meta&type=collection&op=add\">add new collection</A> | <A HREF=\"admin.php?mod=meta&type=tag&op=add\">add new meta-tag</A> | <A HREF=\"admin.php?mod=meta&op=preview\">preview node forms</A> | <A HREF=\"admin.php?mod=meta\">overview</A> | <A HREF=\"admin.php?mod=meta&op=help\">help</A></SMALL><HR>\n";
switch ($op) {
case "add":
if ($type == "collection")
print meta_form_collection();
else
print meta_form_tag();
break;
case "edit":
if ($type == "collection")
print meta_form_collection(meta_get_collection($id));
else
print meta_form_tag(meta_get_tag($id));
break;
case "help":
print meta_help();
break;
case "preview":
print meta_preview();
break;
case "Delete":
$edit[name] = 0;
// fall through:
case "Submit":
if ($type == "collection")
print status(meta_save_collection($edit));
else
print status(meta_save_tag($edit));
// fall through:
default:
print meta_overview();
}
}
else {
print message_access();
}
}

68
modules/moderate.module
View File

@ -1,5 +1,9 @@
<?php
function moderate_perm() {
return array("access moderation pages");
}
function moderate_comment_access($cid) {
global $user;
return db_fetch_object(db_query("SELECT n.moderate FROM comments c LEFT JOIN node n ON c.lid = n.nid WHERE c.cid = '". check_input($cid) ."' AND n.moderate LIKE '%$user->userid%'"));
@ -37,7 +41,7 @@ function moderate_node($edit, $name) {
return node_invoke($edit, $name);
}
else {
return status(t("access denied"));
return status(message_access());
}
}
@ -54,7 +58,7 @@ function moderate_comment_edit($id) {
return comment_edit($id);
}
else {
return "access denied";
return status(message_access());
}
}
@ -63,41 +67,47 @@ function moderate_comment_save($id, $edit) {
return comment_save($id, $edit);
}
else {
return "access denied";
return status(message_access());
}
}
function moderate_admin() {
global $op, $id, $edit, $type;
global $user, $op, $id, $edit, $type;
switch ($type) {
case "comment":
switch ($op) {
case "edit":
print moderate_comment_edit($id);
break;
case t("Submit"):
print status(moderate_comment_save($id, $edit));
// fall through:
default:
print moderate_overview();
if (user_access($user, "access moderation pages")) {
switch ($type) {
case "comment":
switch ($op) {
case "edit":
print moderate_comment_edit($id);
break;
case t("Submit"):
print status(moderate_comment_save($id, $edit));
// fall through:
default:
print moderate_overview();
}
break;
default:
switch ($op) {
case "edit":
print moderate_node_edit(node_get_array(array("nid" => $id)));
break;
case t("Preview"):
print moderate_node_edit($edit);
break;
case t("Submit"):
print status(moderate_node_save($edit));
// fall through:
default:
print moderate_overview();
}
break;
default:
switch ($op) {
case "edit":
print moderate_node_edit(node_get_array(array("nid" => $id)));
break;
case t("Preview"):
print moderate_node_edit($edit);
break;
case t("Submit"):
print status(moderate_node_save($edit));
// fall through:
default:
print moderate_overview();
}
}
else {
print message_access();
}
}
?>

42
modules/module.module
View File

@ -6,6 +6,10 @@ function module_help() {
<?php
}
function module_perm() {
return array("install and uninstall modules");
}
function module_admin_rehash() {
$result = db_query("SELECT * FROM modules");
while ($module = db_fetch_object($result)) {
@ -33,24 +37,30 @@ function module_admin_overview() {
}
function module_admin() {
global $op, $name;
global $user, $op, $name;
print "<SMALL><A HREF=\"admin.php?mod=module\">overview</A> | <A HREF=\"admin.php?mod=module&op=help\">help</A></SMALL><HR>\n";
if (user_access($user, "install and uninstall modules")) {
switch ($op) {
case "help":
module_help();
break;
case "rehash":
module_rehash($name);
module_admin_overview();
break;
case "Rehash modules":
module_admin_rehash();
module_admin_overview();
break;
default:
module_admin_overview();
print "<SMALL><A HREF=\"admin.php?mod=module\">overview</A> | <A HREF=\"admin.php?mod=module&op=help\">help</A></SMALL><HR>\n";
switch ($op) {
case "help":
module_help();
break;
case "rehash":
module_rehash($name);
module_admin_overview();
break;
case "Rehash modules":
module_admin_rehash();
module_admin_overview();
break;
default:
module_admin_overview();
}
}
else {
print message_access();
}
}

146
modules/node.module
View File

@ -26,6 +26,10 @@ function node_help() {
}
}
function node_perm() {
return array("add and edit nodes");
}
function node_conf_options() {
$output .= form_select(t("Default number of nodes to display"), "default_nodes_main", variable_get("default_nodes_main", 10), array(1 => 1, 2 => 2, 3 => 3, 4 => 4, 5 => 5, 6 => 6, 7 => 7, 8 => 8, 9 => 9, 10 => 10, 15 => 15, 20 => 20, 25 => 25, 30 => 30), t("The default maximum number of nodes to display on the main page."));
return $output;
@ -260,77 +264,83 @@ function node_edit($node) {
}
function node_admin() {
global $op, $id, $edit, $query, $type, $keys;
global $user, $op, $id, $edit, $query, $type, $keys;
foreach (module_list() as $name) {
if (module_hook($name, "status") && $name != "node") {
$link[] = "<A HREF=\"admin.php?mod=node&type=$name&op=add\">add $name</A>";
if (user_access($user, "add and edit nodes")) {
foreach (module_list() as $name) {
if (module_hook($name, "status") && $name != "node") {
$link[] = "<A HREF=\"admin.php?mod=node&type=$name&op=add\">add $name</A>";
}
}
print "<SMALL>". implode(" | ", $link) ." | <A HREF=\"admin.php?mod=node&op=default\">node settings</A> | <A HREF=\"admin.php?mod=node&op=listing\">node listings</A> | <A HREF=\"admin.php?mod=node&op=search\">search node</A> | <A HREF=\"admin.php?mod=node\">overview</A> | <A HREF=\"admin.php?mod=node&op=help\">help</A></SMALL><HR>\n";
$id = check_input($edit[nid] ? $edit[nid] : $id);
switch ($op) {
case "add":
print module_invoke($type, "form");
break;
case "help":
print node_help();
break;
case "search":
print node_module_find($id);
print search_data($keys, $type);
break;
case "status":
print node_edit_status($id);
break;
case "option":
print node_edit_option($id);
break;
case "attribute":
print node_edit_attribute($id);
break;
case "content":
print node_edit_content(node_get_array(array("nid" => $id)), $type);
break;
case "default":
print node_setting();
break;
case "delete":
print status(node_delete($id));
print node_overview($query);
break;
case "listing":
print node_listing(node_query());
break;
case "Save settings":
print status(conf_save($edit));
print node_setting();
break;
case "Reset to defaults":
print status(conf_default($edit));
print node_setting();
break;
case "Save node":
print node_admin_save($edit);
print node_overview($query);
break;
case "edit":
print node_edit(node_get_object(array("nid" => $id)));
break;
case "view":
print node_module_view(node_get_array(array("nid" => $id)), $type);
break;
case "Preview":
print node_edit_content($edit, $type);
break;
case "Submit":
print status(node_save_content($edit, $type));
// fall through:
default:
print node_overview($query);
}
}
print "<SMALL>". implode(" | ", $link) ." | <A HREF=\"admin.php?mod=node&op=default\">node settings</A> | <A HREF=\"admin.php?mod=node&op=listing\">node listings</A> | <A HREF=\"admin.php?mod=node&op=search\">search node</A> | <A HREF=\"admin.php?mod=node\">overview</A> | <A HREF=\"admin.php?mod=node&op=help\">help</A></SMALL><HR>\n";
$id = check_input($edit[nid] ? $edit[nid] : $id);
switch ($op) {
case "add":
print module_invoke($type, "form");
break;
case "help":
print node_help();
break;
case "search":
print node_module_find($id);
print search_data($keys, $type);
break;
case "status":
print node_edit_status($id);
break;
case "option":
print node_edit_option($id);
break;
case "attribute":
print node_edit_attribute($id);
break;
case "content":
print node_edit_content(node_get_array(array("nid" => $id)), $type);
break;
case "default":
print node_setting();
break;
case "delete":
print status(node_delete($id));
print node_overview($query);
break;
case "listing":
print node_listing(node_query());
break;
case "Save settings":
print status(conf_save($edit));
print node_setting();
break;
case "Reset to defaults":
print status(conf_default($edit));
print node_setting();
break;
case "Save node":
print node_admin_save($edit);
print node_overview($query);
break;
case "edit":
print node_edit(node_get_object(array("nid" => $id)));
break;
case "view":
print node_module_view(node_get_array(array("nid" => $id)), $type);
break;
case "Preview":
print node_edit_content($edit, $type);
break;
case "Submit":
print status(node_save_content($edit, $type));
// fall through:
default:
print node_overview($query);
else {
print message_access();
}
}

146
modules/node/node.module
View File

@ -26,6 +26,10 @@ function node_help() {
}
}
function node_perm() {
return array("add and edit nodes");
}
function node_conf_options() {
$output .= form_select(t("Default number of nodes to display"), "default_nodes_main", variable_get("default_nodes_main", 10), array(1 => 1, 2 => 2, 3 => 3, 4 => 4, 5 => 5, 6 => 6, 7 => 7, 8 => 8, 9 => 9, 10 => 10, 15 => 15, 20 => 20, 25 => 25, 30 => 30), t("The default maximum number of nodes to display on the main page."));
return $output;
@ -260,77 +264,83 @@ function node_edit($node) {
}
function node_admin() {
global $op, $id, $edit, $query, $type, $keys;
global $user, $op, $id, $edit, $query, $type, $keys;
foreach (module_list() as $name) {
if (module_hook($name, "status") && $name != "node") {
$link[] = "<A HREF=\"admin.php?mod=node&type=$name&op=add\">add $name</A>";
if (user_access($user, "add and edit nodes")) {
foreach (module_list() as $name) {
if (module_hook($name, "status") && $name != "node") {
$link[] = "<A HREF=\"admin.php?mod=node&type=$name&op=add\">add $name</A>";
}
}
print "<SMALL>". implode(" | ", $link) ." | <A HREF=\"admin.php?mod=node&op=default\">node settings</A> | <A HREF=\"admin.php?mod=node&op=listing\">node listings</A> | <A HREF=\"admin.php?mod=node&op=search\">search node</A> | <A HREF=\"admin.php?mod=node\">overview</A> | <A HREF=\"admin.php?mod=node&op=help\">help</A></SMALL><HR>\n";
$id = check_input($edit[nid] ? $edit[nid] : $id);
switch ($op) {
case "add":
print module_invoke($type, "form");
break;
case "help":
print node_help();
break;
case "search":
print node_module_find($id);
print search_data($keys, $type);
break;
case "status":
print node_edit_status($id);
break;
case "option":
print node_edit_option($id);
break;
case "attribute":
print node_edit_attribute($id);
break;
case "content":
print node_edit_content(node_get_array(array("nid" => $id)), $type);
break;
case "default":
print node_setting();
break;
case "delete":
print status(node_delete($id));
print node_overview($query);
break;
case "listing":
print node_listing(node_query());
break;
case "Save settings":
print status(conf_save($edit));
print node_setting();
break;
case "Reset to defaults":
print status(conf_default($edit));
print node_setting();
break;
case "Save node":
print node_admin_save($edit);
print node_overview($query);
break;
case "edit":
print node_edit(node_get_object(array("nid" => $id)));
break;
case "view":
print node_module_view(node_get_array(array("nid" => $id)), $type);
break;
case "Preview":
print node_edit_content($edit, $type);
break;
case "Submit":
print status(node_save_content($edit, $type));
// fall through:
default:
print node_overview($query);
}
}
print "<SMALL>". implode(" | ", $link) ." | <A HREF=\"admin.php?mod=node&op=default\">node settings</A> | <A HREF=\"admin.php?mod=node&op=listing\">node listings</A> | <A HREF=\"admin.php?mod=node&op=search\">search node</A> | <A HREF=\"admin.php?mod=node\">overview</A> | <A HREF=\"admin.php?mod=node&op=help\">help</A></SMALL><HR>\n";
$id = check_input($edit[nid] ? $edit[nid] : $id);
switch ($op) {
case "add":
print module_invoke($type, "form");
break;
case "help":
print node_help();
break;
case "search":
print node_module_find($id);
print search_data($keys, $type);
break;
case "status":
print node_edit_status($id);
break;
case "option":
print node_edit_option($id);
break;
case "attribute":
print node_edit_attribute($id);
break;
case "content":
print node_edit_content(node_get_array(array("nid" => $id)), $type);
break;
case "default":
print node_setting();
break;
case "delete":
print status(node_delete($id));
print node_overview($query);
break;
case "listing":
print node_listing(node_query());
break;
case "Save settings":
print status(conf_save($edit));
print node_setting();
break;
case "Reset to defaults":
print status(conf_default($edit));
print node_setting();
break;
case "Save node":
print node_admin_save($edit);
print node_overview($query);
break;
case "edit":
print node_edit(node_get_object(array("nid" => $id)));
break;
case "view":
print node_module_view(node_get_array(array("nid" => $id)), $type);
break;
case "Preview":
print node_edit_content($edit, $type);
break;
case "Submit":
print status(node_save_content($edit, $type));
// fall through:
default:
print node_overview($query);
else {
print message_access();
}
}

4
modules/page.module
View File

@ -57,9 +57,7 @@ function page_form($edit = array()) {
function page_save($edit) {
global $status, $user;
if (user_access($user)) {
node_save($edit, array(author => $user->id, body, comment => variable_get("page_comment", 0), format, moderate => variable_get("page_moderate", ""), promote => variable_get("page_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "page", votes => 0));
}
node_save($edit, array(author => $user->id, body, comment => variable_get("page_comment", 0), format, moderate => variable_get("page_moderate", ""), promote => variable_get("page_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "page", votes => 0));
}
?>

4
modules/page/page.module
View File

@ -57,9 +57,7 @@ function page_form($edit = array()) {
function page_save($edit) {
global $status, $user;
if (user_access($user)) {
node_save($edit, array(author => $user->id, body, comment => variable_get("page_comment", 0), format, moderate => variable_get("page_moderate", ""), promote => variable_get("page_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "page", votes => 0));
}
node_save($edit, array(author => $user->id, body, comment => variable_get("page_comment", 0), format, moderate => variable_get("page_moderate", ""), promote => variable_get("page_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "page", votes => 0));
}
?>

6
modules/poll.module
View File

@ -78,7 +78,7 @@ function poll_search($keys) {
global $status, $user;
$result = db_query("SELECT n.*, p.* FROM poll p LEFT JOIN node n ON n.nid = p.nid AND n.lid = p.lid WHERE n.status = '$status[posted]' AND (n.title LIKE '%$keys%') LIMIT 20");
while ($poll = db_fetch_object($result)) {
$find[$i++] = array("title" => check_output($poll->title), "link" => (user_access($user, "poll") ? "admin.php?mod=poll&op=edit&id=$poll->nid" : "node.php?id=$poll->nid"), "user" => $poll->userid, "date" => $poll->timestamp);
$find[$i++] = array("title" => check_output($poll->title), "link" => (user_access($user, "add and edit nodes") ? "admin.php?mod=poll&op=edit&id=$poll->nid" : "node.php?id=$poll->nid"), "user" => $poll->userid, "date" => $poll->timestamp);
}
return $find;
}
@ -176,7 +176,7 @@ function poll_form($edit = array(), $nocheck = 0) {
$active = array(0 => "Closed", 1 => "Active");
$admin = ($edit[nid] && user_access($user,"poll")) ? 1 : 0;
$admin = ($edit[nid] && user_access($user, "add and edit nodes")) ? 1 : 0;
if ($edit[title]) {
$form .= poll_view(new Poll(node_preview($edit)));
@ -234,7 +234,7 @@ function poll_save($edit) {
if (!$edit[nid]) {
$nid = node_save($edit, array(active => 1, attributes => node_attributes_save("poll", $edit), author => $user->id, comment => variable_get("poll_comment", 0), moderate => variable_get("poll_moderate", ""), promote => variable_get("poll_promote", 0), runtime, score => 0, status => variable_get("poll_status", $status[queued]), timestamp => time(), title, type => "poll", votes => 0, voters => ""));
}
else if (user_access($user)) {
else if (user_access($user, "add and edit nodes")) {
$nid = node_save($edit, array(active, attributes => node_attributes_save("poll", $edit), runtime, title, type => "poll"));
db_query("DELETE FROM poll_choices WHERE nid='" . $nid . "'");
}

6
modules/poll/poll.module
View File

@ -78,7 +78,7 @@ function poll_search($keys) {
global $status, $user;
$result = db_query("SELECT n.*, p.* FROM poll p LEFT JOIN node n ON n.nid = p.nid AND n.lid = p.lid WHERE n.status = '$status[posted]' AND (n.title LIKE '%$keys%') LIMIT 20");
while ($poll = db_fetch_object($result)) {
$find[$i++] = array("title" => check_output($poll->title), "link" => (user_access($user, "poll") ? "admin.php?mod=poll&op=edit&id=$poll->nid" : "node.php?id=$poll->nid"), "user" => $poll->userid, "date" => $poll->timestamp);
$find[$i++] = array("title" => check_output($poll->title), "link" => (user_access($user, "add and edit nodes") ? "admin.php?mod=poll&op=edit&id=$poll->nid" : "node.php?id=$poll->nid"), "user" => $poll->userid, "date" => $poll->timestamp);
}
return $find;
}
@ -176,7 +176,7 @@ function poll_form($edit = array(), $nocheck = 0) {
$active = array(0 => "Closed", 1 => "Active");
$admin = ($edit[nid] && user_access($user,"poll")) ? 1 : 0;
$admin = ($edit[nid] && user_access($user, "add and edit nodes")) ? 1 : 0;
if ($edit[title]) {
$form .= poll_view(new Poll(node_preview($edit)));
@ -234,7 +234,7 @@ function poll_save($edit) {
if (!$edit[nid]) {
$nid = node_save($edit, array(active => 1, attributes => node_attributes_save("poll", $edit), author => $user->id, comment => variable_get("poll_comment", 0), moderate => variable_get("poll_moderate", ""), promote => variable_get("poll_promote", 0), runtime, score => 0, status => variable_get("poll_status", $status[queued]), timestamp => time(), title, type => "poll", votes => 0, voters => ""));
}
else if (user_access($user)) {
else if (user_access($user, "add and edit nodes")) {
$nid = node_save($edit, array(active, attributes => node_attributes_save("poll", $edit), runtime, title, type => "poll"));
db_query("DELETE FROM poll_choices WHERE nid='" . $nid . "'");
}

8
modules/queue.module
View File

@ -5,6 +5,10 @@ function queue_conf_options() {
$output .= form_select(t("Discard entries older than"), "queue_clear", variable_get("queue_clear", 604800), $period, t("The time nodes should be kept in the moderation queue. Older entries will be automatically discarded. Requires crontab.")); return $output;
}
function queue_perm() {
return array("access moderation queue");
}
function queue_cron() {
global $status;
db_query("UPDATE node SET status = '$status[dumped]' WHERE status = '$status[queued]' AND ". time() ." - timestamp > ". variable_get("queue_clear", 604800));
@ -110,7 +114,7 @@ function queue_node($id) {
function queue_page() {
global $id, $op, $theme, $user, $vote;
if ($user->id) {
if ($user->id && user_access($user, "access moderation queue")) {
switch($op) {
case "Vote";
queue_vote(check_input($id), check_input($vote));
@ -125,7 +129,7 @@ function queue_page() {
}
else {
$theme->header();
$theme->box(t("Moderation queue"), message_account());
$theme->box(t("Moderation queue"), message_access());
$theme->footer();
}
}

20
modules/rating.module
View File

@ -1,5 +1,9 @@
<?php
function rating_perm() {
return array("view user ratings");
}
function rating_conf_options() {
$period = array(3600 => format_interval(3600), 10800 => format_interval(10800), 21600 => format_interval(21600), 32400 => format_interval(32400), 43200 => format_interval(43200), 86400 => format_interval(86400), 172800 => format_interval(172800), 259200 => format_interval(259200), 604800 => format_interval(604800), 1209600 => format_interval(1209600), 1000000000 => t("Never"));
$output .= form_select(t("Update interval"), "rating_cron_time" , variable_get("rating_cron_time", 86400), $period, t("The update interval for the user ratings. Requires crontab."));
@ -79,10 +83,18 @@ function rating_list($limit) {
}
function rating_page() {
global $theme;
$theme->header();
$theme->box("Top 100 users", rating_list(100));
$theme->footer();
global $user, $theme;
if (user_access($user, "view user ratings")) {
$theme->header();
$theme->box(t("Top 100 users"), rating_list(100));
$theme->footer();
}
else {
$theme->header();
$theme->box(t("Access denied"), message_access());
$theme->footer();
}
}
function rating_block() {

4
modules/story.module
View File

@ -16,7 +16,7 @@ function story_search($keys) {
global $status, $user;
$result = db_query("SELECT n.*, s.* FROM story s LEFT JOIN node n ON n.nid = s.nid AND n.lid = s.lid WHERE n.status = '$status[posted]' AND (n.title LIKE '%$keys%' OR s.abstract LIKE '%$keys%' OR s.body LIKE '%$keys%') LIMIT 20");
while ($story = db_fetch_object($result)) {
$find[$i++] = array("title" => check_output($story->title), "link" => (user_access($user, "story") ? "admin.php?mod=node&type=story&op=edit&id=$story->nid" : "node.php?id=$story->nid"), "user" => $story->userid, "date" => $story->timestamp);
$find[$i++] = array("title" => check_output($story->title), "link" => (user_access($user, "add and edit nodes") ? "admin.php?mod=node&type=story&op=edit&id=$story->nid" : "node.php?id=$story->nid"), "user" => $story->userid, "date" => $story->timestamp);
}
return $find;
}
@ -75,7 +75,7 @@ function story_save($edit) {
if (!$edit[nid]) {
node_save($edit, array(abstract, attributes => node_attributes_save("story", $edit), author => $user->id, body, comment => variable_get("story_comment", 0), moderate => variable_get("story_moderate", ""), promote => variable_get("story_promote", 0), score => 0, status => variable_get("story_status", $status[queued]), timestamp => time(), title, type => "story", votes => 0));
}
else if (user_access($user)) {
else if (user_access($user, "add and edit nodes")) {
node_save($edit, array(abstract, attributes => node_attributes_save("story", $edit), body, title, type => "story"));
}
}

4
modules/story/story.module
View File

@ -16,7 +16,7 @@ function story_search($keys) {
global $status, $user;
$result = db_query("SELECT n.*, s.* FROM story s LEFT JOIN node n ON n.nid = s.nid AND n.lid = s.lid WHERE n.status = '$status[posted]' AND (n.title LIKE '%$keys%' OR s.abstract LIKE '%$keys%' OR s.body LIKE '%$keys%') LIMIT 20");
while ($story = db_fetch_object($result)) {
$find[$i++] = array("title" => check_output($story->title), "link" => (user_access($user, "story") ? "admin.php?mod=node&type=story&op=edit&id=$story->nid" : "node.php?id=$story->nid"), "user" => $story->userid, "date" => $story->timestamp);
$find[$i++] = array("title" => check_output($story->title), "link" => (user_access($user, "add and edit nodes") ? "admin.php?mod=node&type=story&op=edit&id=$story->nid" : "node.php?id=$story->nid"), "user" => $story->userid, "date" => $story->timestamp);
}
return $find;
}
@ -75,7 +75,7 @@ function story_save($edit) {
if (!$edit[nid]) {
node_save($edit, array(abstract, attributes => node_attributes_save("story", $edit), author => $user->id, body, comment => variable_get("story_comment", 0), moderate => variable_get("story_moderate", ""), promote => variable_get("story_promote", 0), score => 0, status => variable_get("story_status", $status[queued]), timestamp => time(), title, type => "story", votes => 0));
}
else if (user_access($user)) {
else if (user_access($user, "add and edit nodes")) {
node_save($edit, array(abstract, attributes => node_attributes_save("story", $edit), body, title, type => "story"));
}
}

32
modules/watchdog.module
View File

@ -7,6 +7,10 @@ function watchdog_help() {
<?php
}
function watchdog_perm() {
return array("access watchdog");
}
function watchdog_conf_options() {
$period = array(3600 => format_interval(3600), 10800 => format_interval(10800), 21600 => format_interval(21600), 32400 => format_interval(32400), 43200 => format_interval(43200), 86400 => format_interval(86400), 172800 => format_interval(172800), 259200 => format_interval(259200), 604800 => format_interval(604800), 1209600 => format_interval(1209600), 2419200 => format_interval(2419200), 1000000000 => t("Never"));
$output .= form_select(t("Discard entries older than"), "watchdog_clear", variable_get("watchdog_clear", 604800), $period, t("The time watchdog entries should be kept. Older entries will be automatically discarded. Requires crontab."));
@ -53,19 +57,25 @@ function watchdog_view($id) {
}
function watchdog_admin() {
global $op, $id, $type, $order;
global $user, $op, $id, $type, $order;
print "<SMALL><A HREF=\"admin.php?mod=watchdog&type=account\">account messages</A> | <A HREF=\"admin.php?mod=watchdog&type=regular\">regular messages</A> | <A HREF=\"admin.php?mod=watchdog&type=special\">special messages</A> | <A HREF=\"admin.php?mod=watchdog&type=warning\">warning messages</A> | <A HREF=\"admin.php?mod=watchdog&type=error\">error messages</A> | <A HREF=\"admin.php?mod=watchdog&type=httpd\">httpd messages</A> | <A HREF=\"admin.php?mod=watchdog\">overview</A> | <A HREF=\"admin.php?mod=watchdog&op=help\">help</A></SMALL><HR>\n";
if (user_access($user, "access watchdog")) {
switch ($op) {
case "help":
watchdog_help();
break;
case "view":
print watchdog_view(check_input($id));
break;
default:
print watchdog_overview($type);
print "<SMALL><A HREF=\"admin.php?mod=watchdog&type=account\">account messages</A> | <A HREF=\"admin.php?mod=watchdog&type=regular\">regular messages</A> | <A HREF=\"admin.php?mod=watchdog&type=special\">special messages</A> | <A HREF=\"admin.php?mod=watchdog&type=warning\">warning messages</A> | <A HREF=\"admin.php?mod=watchdog&type=error\">error messages</A> | <A HREF=\"admin.php?mod=watchdog&type=httpd\">httpd messages</A> | <A HREF=\"admin.php?mod=watchdog\">overview</A> | <A HREF=\"admin.php?mod=watchdog&op=help\">help</A></SMALL><HR>\n";
switch ($op) {
case "help":
watchdog_help();
break;
case "view":
print watchdog_view(check_input($id));
break;
default:
print watchdog_overview($type);
}
}
else {
print message_access();
}
}

32
modules/watchdog/watchdog.module
View File

@ -7,6 +7,10 @@ function watchdog_help() {
<?php
}
function watchdog_perm() {
return array("access watchdog");
}
function watchdog_conf_options() {
$period = array(3600 => format_interval(3600), 10800 => format_interval(10800), 21600 => format_interval(21600), 32400 => format_interval(32400), 43200 => format_interval(43200), 86400 => format_interval(86400), 172800 => format_interval(172800), 259200 => format_interval(259200), 604800 => format_interval(604800), 1209600 => format_interval(1209600), 2419200 => format_interval(2419200), 1000000000 => t("Never"));
$output .= form_select(t("Discard entries older than"), "watchdog_clear", variable_get("watchdog_clear", 604800), $period, t("The time watchdog entries should be kept. Older entries will be automatically discarded. Requires crontab."));
@ -53,19 +57,25 @@ function watchdog_view($id) {
}
function watchdog_admin() {
global $op, $id, $type, $order;
global $user, $op, $id, $type, $order;
print "<SMALL><A HREF=\"admin.php?mod=watchdog&type=account\">account messages</A> | <A HREF=\"admin.php?mod=watchdog&type=regular\">regular messages</A> | <A HREF=\"admin.php?mod=watchdog&type=special\">special messages</A> | <A HREF=\"admin.php?mod=watchdog&type=warning\">warning messages</A> | <A HREF=\"admin.php?mod=watchdog&type=error\">error messages</A> | <A HREF=\"admin.php?mod=watchdog&type=httpd\">httpd messages</A> | <A HREF=\"admin.php?mod=watchdog\">overview</A> | <A HREF=\"admin.php?mod=watchdog&op=help\">help</A></SMALL><HR>\n";
if (user_access($user, "access watchdog")) {
switch ($op) {
case "help":
watchdog_help();
break;
case "view":
print watchdog_view(check_input($id));
break;
default:
print watchdog_overview($type);
print "<SMALL><A HREF=\"admin.php?mod=watchdog&type=account\">account messages</A> | <A HREF=\"admin.php?mod=watchdog&type=regular\">regular messages</A> | <A HREF=\"admin.php?mod=watchdog&type=special\">special messages</A> | <A HREF=\"admin.php?mod=watchdog&type=warning\">warning messages</A> | <A HREF=\"admin.php?mod=watchdog&type=error\">error messages</A> | <A HREF=\"admin.php?mod=watchdog&type=httpd\">httpd messages</A> | <A HREF=\"admin.php?mod=watchdog\">overview</A> | <A HREF=\"admin.php?mod=watchdog&op=help\">help</A></SMALL><HR>\n";
switch ($op) {
case "help":
watchdog_help();
break;
case "view":
print watchdog_view(check_input($id));
break;
default:
print watchdog_overview($type);
}
}
else {
print message_access();
}
}

98
node.php
View File

@ -5,56 +5,64 @@ include_once "includes/common.inc";
page_header();
function node_render($node) {
global $id, $cid, $op, $moderate, $pid, $edit, $theme, $mode, $order, $threshold, $PHP_SELF;
global $user, $id, $cid, $op, $moderate, $pid, $edit, $theme, $mode, $order, $threshold, $PHP_SELF;
if ($node->comment) {
switch($op) {
case t("Preview comment"):
$theme->header();
comment_preview($edit);
$theme->footer();
break;
case t("Post comment"):
comment_post($edit);
$theme->header();
node_view($node);
comment_render($edit[id], $cid);
$theme->footer();
break;
case t("Add comment"):
$theme->header();
comment_reply(check_input($cid), check_input($id));
$theme->footer();
break;
case "reply":
$theme->header();
comment_reply(check_input($pid), check_input($id));
$theme->footer();
break;
case t("Update settings"):
comment_settings(check_input($mode), check_input($order), check_input($threshold));
$theme->header();
node_view($node);
comment_render($id, $cid);
$theme->footer();
break;
case t("Moderate comments"):
comment_moderate($moderate);
$theme->header();
node_view($node);
comment_render($id, $cid);
$theme->footer();
break;
default:
$theme->header();
node_view($node);
comment_render($id, $cid);
$theme->footer();
if (user_access($node, "view content")) {
if ($node->comment) {
switch($op) {
case t("Preview comment"):
$theme->header();
comment_preview($edit);
$theme->footer();
break;
case t("Post comment"):
comment_post($edit);
$theme->header();
node_view($node);
comment_render($edit[id], $cid);
$theme->footer();
break;
case t("Add comment"):
$theme->header();
comment_reply(check_input($cid), check_input($id));
$theme->footer();
break;
case "reply":
$theme->header();
comment_reply(check_input($pid), check_input($id));
$theme->footer();
break;
case t("Update settings"):
comment_settings(check_input($mode), check_input($order), check_input($threshold));
$theme->header();
node_view($node);
comment_render($id, $cid);
$theme->footer();
break;
case t("Moderate comments"):
comment_moderate($moderate);
$theme->header();
node_view($node);
comment_render($id, $cid);
$theme->footer();
break;
default:
$theme->header();
node_view($node);
comment_render($id, $cid);
$theme->footer();
}
}
else {
$theme->header();
node_view($node);
$theme->footer();
}
}
else {
$theme->header();
node_view($node);
$theme->box(t("Access denied"), message_access());
$theme->footer();
}
}

59
search.php
View File

@ -4,37 +4,44 @@ include_once "includes/common.inc";
page_header();
// verify input:
$type = check_input($type);
$keys = check_input($keys);
if (user_access($user, "search content")) {
// verify input:
$type = check_input($type);
$keys = check_input($keys);
// build options list:
foreach (module_list() as $name) {
if (module_hook($name, "search")) {
$options .= "<OPTION VALUE=\"$name\"". ($name == $type ? " SELECTED" : "") .">$name</OPTION>\n";
// build options list:
foreach (module_list() as $name) {
if (module_hook($name, "search")) {
$options .= "<OPTION VALUE=\"$name\"". ($name == $type ? " SELECTED" : "") .">$name</OPTION>\n";
}
}
// build form:
$form .= "<FORM ACTION=\"search.php\" METHOD=\"POST\">\n";
$form .= " <INPUT SIZE=\"50\" VALUE=\"". check_form($keys) ."\" NAME=\"keys\" TYPE=\"text\">\n";
$form .= " <SELECT NAME=\"type\">$options</SELECT>\n";
$form .= " <INPUT TYPE=\"submit\" VALUE=\"". t("Search") ."\">\n";
$form .= "</FORM>\n";
// visualize form:
$theme->header();
if ($form) {
$theme->box(t("Search"), $form);
}
if ($keys) {
$theme->box(t("Result"), search_data($keys, $type));
}
$theme->footer();
}
// build form:
$form .= "<FORM ACTION=\"search.php\" METHOD=\"POST\">\n";
$form .= " <INPUT SIZE=\"50\" VALUE=\"". check_form($keys) ."\" NAME=\"keys\" TYPE=\"text\">\n";
$form .= " <SELECT NAME=\"type\">$options</SELECT>\n";
$form .= " <INPUT TYPE=\"submit\" VALUE=\"". t("Search") ."\">\n";
$form .= "</FORM>\n";
// visualize form:
$theme->header();
if ($form) {
$theme->box(t("Search"), $form);
else {
$theme->header();
$theme->box("Access denied", message_access());
$theme->footer();
}
if ($keys) {
$theme->box(t("Result"), search_data($keys, $type));
}
$theme->footer();
page_footer();
?>

4
submit.php
View File

@ -6,7 +6,7 @@ page_header();
$theme->header();
if ($user->id) {
if (user_access($user, "post content")) {
if ($mod) {
module_invoke($mod, "user");
}
@ -25,7 +25,7 @@ if ($user->id) {
}
}
else {
$theme->box("Submit", message_account());
$theme->box("Submit", message_access());
}
$theme->footer();

13
updates/2.00-to-x.xx.sql
View File

@ -265,3 +265,16 @@ ALTER TABLE book ADD log text NOT NULL;
ALTER TABLE node DROP pid;
ALTER TABLE node DROP log;
DROP TABLE headlines;
# 20/06/01
CREATE TABLE role (
rid int(10) unsigned DEFAULT '0' NOT NULL auto_increment,
name varchar(32) DEFAULT '' NOT NULL,
perm text DEFAULT '' NOT NULL,
UNIQUE name (name),
PRIMARY KEY (rid)
);
ALTER TABLE users ADD role varchar(32) DEFAULT '' NOT NULL;
ALTER TABLE users DROP access;
UPDATE users SET role = 'registered user';