diff options
| -rw-r--r-- | INSTALL | 6 | ||||
| -rw-r--r-- | account.php | 39 | ||||
| -rw-r--r-- | admin.php | 12 | ||||
| -rw-r--r-- | database/database.mysql | 2 | ||||
| -rw-r--r-- | includes/comment.inc | 13 | ||||
| -rw-r--r-- | includes/common.inc | 10 | ||||
| -rw-r--r-- | includes/function.inc | 2 | ||||
| -rw-r--r-- | includes/locale.inc | 2 | ||||
| -rw-r--r-- | includes/story.inc | 2 | ||||
| -rw-r--r-- | includes/theme.inc | 8 | ||||
| -rw-r--r-- | includes/user.inc | 72 | ||||
| -rw-r--r-- | includes/watchdog.inc | 6 | ||||
| -rw-r--r-- | modules/account.module | 39 | ||||
| -rw-r--r-- | modules/comment.module | 2 | ||||
| -rw-r--r-- | modules/comment/comment.module | 2 | ||||
| -rw-r--r-- | modules/diary.module | 2 | ||||
| -rw-r--r-- | modules/story.module | 2 | ||||
| -rw-r--r-- | modules/story/story.module | 2 | ||||
| -rw-r--r-- | modules/submission.module | 10 | ||||
| -rw-r--r-- | updates/1.00-to-1.xx | 35 |
20 files changed, 120 insertions, 148 deletions
@@ -3,7 +3,5 @@ - online installation guidelines * http://drop.org/module.php?mod=drupal - - drupal project page if you would like to get involved in the - ongoing development - - + - drupal project page for those willing to get involved in the + ongoing development
\ No newline at end of file diff --git a/account.php b/account.php index 6a2ff7b5f..8cd7be4e5 100644 --- a/account.php +++ b/account.php @@ -41,15 +41,9 @@ function account_create($user = "", $error = "") { function account_session_start($userid, $passwd) { global $user; - - $user = new User($userid, $passwd); - if ($user->id) { - session_register("user"); - watchdog("message", "session opened for user `$user->userid'"); - } - else { - watchdog("warning", "failed login for user `$userid'"); - } + if ($userid && $passwd) $user = new User($userid, $passwd); + if ($user->id) session_register("user"); + watchdog("message", ($user->id ? "session opened for user `$user->userid'" : "failed login for user `$userid'")); } function account_session_close() { @@ -117,17 +111,9 @@ function account_user_edit() { function account_user_save($edit) { global $user; - if ($user->id) { - $data[name] = $edit[name]; - $data[fake_email] = $edit[fake_email]; - $data[url] = $edit[url]; - $data[bio] = $edit[bio]; - $data[signature] = $edit[signature]; - - if ($edit[pass1] && $edit[pass1] == $edit[pass2]) $data[passwd] = $edit[pass1]; - - user_save($data, $user->id); + $user = user_save($user, array("name" => $edit[name], "fake_email" => $edit[fake_email], "url" => $edit[url], "bio" => $edit[bio], "signature" => $edit[signature])); + if ($edit[pass1] && $edit[pass1] == $edit[pass2]) $user = user_save($user, array("passwd" => $edit[pass1])); } } @@ -188,16 +174,8 @@ function account_site_edit() { function account_site_save($edit) { global $user; - if ($user->id) { - $data[theme] = $edit[theme]; - $data[timezone] = $edit[timezone]; - $data[language] = $edit[language]; - $data[stories] = $edit[stories]; - $data[mode] = $edit[mode]; - $data[sort] = $edit[sort]; - $data[threshold] = $edit[threshold]; - user_save($data, $user->id); + $user = user_save($user, array("theme" => $edit[theme], "timezone" => $edit[timezone], "language" => $edit[language], "stories" => $edit[stories], "mode" => $edit[mode], "sort" => $edit[sort], "threshold" => $edit[threshold])); } } @@ -363,10 +341,9 @@ function account_create_submit($userid, $email) { } else { $new[passwd] = account_password(); - $new[status] = 1; - $new[hash] = substr(md5("$new[userid]. ". time() .""), 0, 12); + $new[hash] = substr(md5("$new[userid]. ". time()), 0, 12); - user_save($new); + $user = user_save("", array("userid" => $new[userid], "real_email" => $new[real_email], "passwd" => $new[passwd], "status" => 1, "hash" => $new[hash])); $link = $site_url ."account.php?op=confirm&name=$new[userid]&hash=$new[hash]"; $subject = strtr(t("Account details for %a"), array("%a" => $site_name)); @@ -2,15 +2,15 @@ include_once "includes/common.inc"; -// validate user permission: -if (!user_permission($user)) exit(); +// validate user access: +if (!user_access($user)) exit(); function admin_page($mod) { - global $repository, $site_name, $menu, $modules; + global $repository, $site_name, $menu, $modules, $user; function module($name, $module) { - global $menu, $modules; - if ($module["admin"]) $output .= "<A HREF=\"admin.php?mod=$name\">$name</A> | "; + global $menu, $modules, $user; + if ($module["admin"]) $output .= (user_access($user, $name) ? "<A HREF=\"admin.php?mod=$name\">$name</A> | " : " $name | "); $menu .= $output; } @@ -37,7 +37,7 @@ function admin_page($mod) { <HR><? echo $menu; ?><A HREF="">home</A><HR> <? - module_execute($mod, "admin"); + if (user_access($user, $mod)) module_execute($mod, "admin"); ?> </BODY> diff --git a/database/database.mysql b/database/database.mysql index 07cd2813e..e91d313eb 100644 --- a/database/database.mysql +++ b/database/database.mysql @@ -170,7 +170,7 @@ CREATE TABLE users ( signature varchar(255) DEFAULT '' NOT NULL, last_access int(10) unsigned, last_host varchar(255), - permissions int(10) unsigned DEFAULT '0' NOT NULL, + access varchar(255) DEFAULT '' NOT NULL, status tinyint(4) DEFAULT '0' NOT NULL, history text NOT NULL, hash varchar(12) DEFAULT '' NOT NULL, diff --git a/includes/comment.inc b/includes/comment.inc index c64a3e4dd..44909ac65 100644 --- a/includes/comment.inc +++ b/includes/comment.inc @@ -32,12 +32,12 @@ function comment_moderate($moderate) { $none = $comment_votes[key($comment_votes)]; foreach ($moderate as $id=>$vote) { - if ($vote != $comment_votes[$none] && !user_get_history($user->history, "c$id")) { + if ($vote != $comment_votes[$none] && !user_get($user, "history", "c$id")) { // Update the comment's score: $result = db_query("UPDATE comments SET score = score $vote, votes = votes + 1 WHERE cid = $id"); // Update the user's history: - user_set_history("c$id", $vote); + $user = user_set($user, "history", "c$id", $vote); } } } @@ -45,12 +45,7 @@ function comment_moderate($moderate) { function comment_settings($mode, $order, $threshold) { global $user; - if ($user->id) { - $data[mode] = $mode; - $data[sort] = $order; - $data[threshold] = $threshold; - user_save($data, $user->id); - } + if ($user->id) $user = user_save($user, array("mode" => $mode, "sort" => $order, "threshold" => $threshold)); } function comment_reply($pid, $id) { @@ -180,7 +175,7 @@ function comment_moderation($comment) { if ($op == "reply") { $output .= " "; } - else if ($user->id && $user->userid != $comment->userid && !user_get_history($user->history, "c$comment->cid")) { + else if ($user->id && $user->userid != $comment->userid && !user_get($user, "history", "c$comment->cid")) { $output .= "<SELECT NAME=\"moderate[$comment->cid]\">\n"; foreach ($comment_votes as $key=>$value) $output .= " <OPTION VALUE=\"$value\">$key</OPTION>\n"; $output .= "</SELECT>\n"; diff --git a/includes/common.inc b/includes/common.inc index 7ee1034c6..046f6a1cf 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -1,6 +1,6 @@ <? -function conf_load() { +function conf_init() { global $HTTP_HOST, $REQUEST_URI; $file = strtr($HTTP_HOST ."". substr($REQUEST_URI, 0, strrpos($REQUEST_URI, "/")), "/:", ".."); while ($file && !file_exists("includes/$file.conf")) { @@ -9,7 +9,7 @@ function conf_load() { return $file; } -$conf = conf_load(); +$conf = conf_init(); include_once "includes/$conf.conf"; include_once "includes/database.inc"; @@ -21,8 +21,8 @@ include_once "includes/search.inc"; include_once "includes/theme.inc"; include_once "includes/user.inc"; -user_load(); -$locale = locale_load(); -$theme = theme_load(); +user_init(); +$locale = locale_init(); +$theme = theme_init(); ?>
\ No newline at end of file diff --git a/includes/function.inc b/includes/function.inc index 04402f5a7..44ec40baa 100644 --- a/includes/function.inc +++ b/includes/function.inc @@ -76,7 +76,7 @@ function format_date($timestamp, $type = "medium") { function format_username($username) { global $user; - if ($username) return (user_permission($user) ? "<A HREF=\"admin.php?mod=account&op=view&name=$username\">$username</A>" : "<A HREF=\"account.php?op=view&name=$username\">$username</A>"); + if ($username) return (user_access($user, "account") ? "<A HREF=\"admin.php?mod=account&op=view&name=$username\">$username</A>" : "<A HREF=\"account.php?op=view&name=$username\">$username</A>"); else { global $anonymous; return $anonymous; } } diff --git a/includes/locale.inc b/includes/locale.inc index 50d07a7dd..8b717b3ef 100644 --- a/includes/locale.inc +++ b/includes/locale.inc @@ -1,6 +1,6 @@ <? -function locale_load() { +function locale_init() { global $languages, $user; return ($user->id && $user->language) ? $user->language : key($languages); } diff --git a/includes/story.inc b/includes/story.inc index 04e93661a..5d99505d6 100644 --- a/includes/story.inc +++ b/includes/story.inc @@ -13,7 +13,7 @@ class Story { function story_visible($story) { global $user; - return ($story->status == 2) || ($story->status == 1 && $user->id) || user_permission($user); + return ($story->status == 2) || ($story->status == 1 && $user->id) || user_access($user, "story"); } ?>
\ No newline at end of file diff --git a/includes/theme.inc b/includes/theme.inc index 1bdff7b41..d5ea7dc87 100644 --- a/includes/theme.inc +++ b/includes/theme.inc @@ -1,6 +1,6 @@ <? -function theme_load() { +function theme_init() { global $user, $themes; if ($user->theme && file_exists($themes[$user->theme][0])) { @@ -39,7 +39,7 @@ function theme_account($theme) { $content .= "<LI><A HREF=\"account.php?op=edit&topic=content\">". t("edit your content") ."</A></LI>\n"; $content .= "<P>\n"; - if (user_permission($user)) { + if (user_access($user)) { $content .= "<LI><A HREF=\"admin.php\">administer ". $site_name ."</A></LI>\n"; $content .= "<P>\n"; } @@ -95,10 +95,10 @@ function theme_morelink($theme, $story) { function theme_moderation_results($theme, $story) { global $user; - if ($user->id && $story->id && ($user->id == $story->author || user_get_history($user->history, "s$story->id"))) { + if ($user->id && $story->id && ($user->id == $story->author || user_get($user, "history", "s$story->id"))) { $result = db_query("SELECT * FROM users WHERE history LIKE '%s$story->id%'"); while ($account = db_fetch_object($result)) { - $output .= format_username($account->userid) ." voted `". user_get_history($account->history, "s$story->id") ."'.<BR>"; + $output .= format_username($account->userid) ." voted `". user_get($account, "history", "s$story->id") ."'.<BR>"; } $theme->box("Moderation results", ($output ? $output : "This story has not been moderated yet.")); diff --git a/includes/user.inc b/includes/user.inc index 9c4f38f66..0bb12d0ec 100644 --- a/includes/user.inc +++ b/includes/user.inc @@ -6,46 +6,46 @@ class User { $result = db_query("SELECT * FROM users WHERE LOWER(userid) = LOWER('$userid') && passwd = PASSWORD('$passwd') && STATUS = 2"); if (db_num_rows($result) == 1) { foreach (db_fetch_row($result) as $key=>$value) { $field = mysql_field_name($result, $key); $this->$field = stripslashes($value); $this->field[] = $field; } - db_query("UPDATE users SET last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_HOST]' WHERE id = $this->id"); + db_query("UPDATE users SET last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_ADDR]' WHERE id = $this->id"); } } else { $result = db_query("SELECT * FROM users WHERE userid = '$userid' && STATUS = 2"); if (db_num_rows($result) == 1) { foreach (db_fetch_row($result) as $key=>$value) { $field = mysql_field_name($result, $key); $this->$field = stripslashes($value); $this->field[] = $field; } - db_query("UPDATE users SET last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_HOST]' WHERE id = $this->id"); + db_query("UPDATE users SET last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_ADDR]' WHERE id = $this->id"); } } } } -function user_load() { +function user_init() { global $db_name; session_name($db_name); session_start(); } -function user_save($data, $id = 0) { - global $user; +function user_load($username) { + return new User($username); +} - foreach ($data as $key=>$value) { +function user_save($account, $array) { + // dynamically compose query: + foreach ($array as $key=>$value) { if ($key == "passwd") $query .= "$key = PASSWORD('". addslashes($value) ."'), "; else $query .= "$key = '". addslashes($value) ."', "; } - if (empty($id)) { - db_query("INSERT INTO users SET $query last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_HOST]'"); - } - else { - db_query("UPDATE users SET $query last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_HOST]' WHERE id = $id"); - $result = db_query("SELECT * FROM users WHERE id = $id AND status = 2"); - if (db_num_rows($result) == 1) foreach (db_fetch_array($result) as $key=>$value) { $user->$key = stripslashes($value); } - else $user = 0; - } + // update or instert account: + if ($account->id) db_query("UPDATE users SET $query last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_ADDR]' WHERE id = '$account->id'"); + else db_query("INSERT INTO users SET $query last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_ADDR]'"); + + // return account: + return user_load(($account->userid ? $account->userid : $array["userid"])); } -function user_get_history($history, $field) { - $data = explode(";", $history); +function user_get($account, $column, $field) { + $data = explode(";", $account->$column); for (reset($data); current($data); next($data)) { $entry = explode(":", current($data)); if (reset($entry) == $field) $rval = end($entry); @@ -53,46 +53,38 @@ function user_get_history($history, $field) { return $rval; } -function user_set_history($field, $value) { - global $user; - $history = $user->history; +function user_set($account, $column, $name, $value) { + $field = $account->$column; + if (!$value) { // remove entry: - $data = explode(";", $history); + $data = explode(";", $field); for (reset($data); current($data); next($data)) { $entry = explode(":", current($data)); - if ($entry[0] != $field) $rval .= "$entry[0]:$entry[1];"; + if ($entry[0] != $name) $rval .= "$entry[0]:$entry[1];"; } } - else if (strstr($history, "$field:")) { + else if (strstr($field, "$name:")) { // found: update exsisting entry: - $data = explode(";", $history); + $data = explode(";", $field); for (reset($data); current($data); next($data)) { $entry = explode(":", current($data)); - if ($entry[0] == $field) $entry[1] = $value; + if ($entry[0] == $name) $entry[1] = $value; $rval .= "$entry[0]:$entry[1];"; } } else { - // not found: add new entry: - $rval = "$history$field:$value;"; + // not found: + $rval = "$field$name:$value;"; } - $user->history = $rval; - - // save new history: - $query .= "UPDATE users SET "; - foreach ($user->field as $key=>$field) { $value = $user->$field; $query .= "$field = '". addslashes($value) ."', "; } - $query .= " id = $user->id WHERE id = $user->id"; - db_query($query); -} -function user_rehash() { - global $user; - if ($user->id) $user = new User($user->userid); + return user_save($account, array($column => $rval)); } -function user_permission($account) { - return ($account->permissions == 1 || $account->id == 1); +function user_access($account, $section = 0) { +// print $account->userid ." ". $account->access ."<P>"; + if ($section) return (user_get($account, "access", $section) || $account->id == 1); + else return ($account->access || $account->id == 1); } ?>
\ No newline at end of file diff --git a/includes/watchdog.inc b/includes/watchdog.inc index 2eb0baf2c..da24d79d8 100644 --- a/includes/watchdog.inc +++ b/includes/watchdog.inc @@ -9,8 +9,8 @@ $watchdog = array("comment" => array("0", $submission_rate["comment"]), function watchdog($id, $message) { global $user, $watchdog, $watchdog_history; -/* - if ($watchdog[$id][1] && !user_permission($user)) { + + if ($watchdog[$id][1] && !user_access($user, "watchdog")) { if ($log = db_fetch_object(db_query("SELECT * FROM watchdog WHERE hostname = '". getenv("REMOTE_ADDR") ."' AND level = '". $watchdog[$id][0] ."'"))) { if (time() - $log->timestamp < $watchdog[$id][1]) { watchdog("warning", "'". getenv("REMOTE_ADDR") ."' exceeded '$id' submission rate"); @@ -19,7 +19,7 @@ function watchdog($id, $message) { } } } -*/ + // Perform query to add new watchdog entry: db_query("INSERT INTO watchdog (level, timestamp, user, message, location, hostname) VALUES ('". $watchdog[$id][0] ."', '". time() ."', '". check_input($user->id) ."', '". check_input($message) ."', '". check_input(getenv("REQUEST_URI")) ."', '". check_input(getenv("REMOTE_ADDR")) ."')"); } diff --git a/modules/account.module b/modules/account.module index 26466e6b5..c92cbfbd5 100644 --- a/modules/account.module +++ b/modules/account.module @@ -63,7 +63,7 @@ function account_find($keys) { $find = array(); $result = db_query("SELECT * FROM users WHERE userid LIKE '%". check_input($keys) ."%' LIMIT 20"); while ($account = db_fetch_object($result)) { - array_push($find, array("subject" => $account->userid, "link" => (user_permission($user) ? "admin.php?mod=account&op=view&name=$account->userid" : "account.php?op=view&name=$account->userid"), "user" => $account->userid)); + array_push($find, array("subject" => $account->userid, "link" => (user_access($user, "account") ? "admin.php?mod=account&op=view&name=$account->userid" : "account.php?op=view&name=$account->userid"), "user" => $account->userid)); } return $find; } @@ -75,7 +75,7 @@ function account_search() { } function account_display($order = "username") { - $sort = array("ID" => "id", "fake e-mail address" => "fake_email", "hostname" => "last_host DESC", "last access date" => "last_access DESC", "real e-mail address" => "real_email", "real name" => "name", "permissions" => "permissions", "rating" => "rating DESC", "status" => "status", "theme" => "theme", "timezone" => "timezone DESC", "username" => "userid"); + $sort = array("ID" => "id", "fake e-mail address" => "fake_email", "hostname" => "last_host DESC", "last access date" => "last_access DESC", "real e-mail address" => "real_email", "real name" => "name", "rating" => "rating DESC", "status" => "status", "theme" => "theme", "timezone" => "timezone DESC", "username" => "userid"); $show = array("ID" => "id", "username" => "userid", "$order" => "$sort[$order]", "homepage" => "url"); $stat = array(0 => "blocked", 1 => "not confirmed", 2 => "open"); $perm = array(0 => "regular user", 1 => "administrator"); @@ -118,9 +118,6 @@ function account_display($order = "username") { case "status": $output .= " <TD ALIGN=\"center\">". $stat[$account[$value]] ."</TD>\n"; break; - case "permissions": - $output .= " <TD ALIGN=\"center\">". $perm[$account[$value]] ."</TD>\n"; - break; case "timezone": $output .= " <TD ALIGN=\"center\">". check_output($account[$value] / 3600) ."</TD>\n"; break; @@ -142,6 +139,15 @@ function account_display($order = "username") { print $output; } +function account_access($account) { + $data = explode(";", $account->access); + foreach ($data as $array) { + $access = explode(":", $array); + if ($access[0]) $output .= " <A HREF=\"admin.php?mod=$access[0]\">$access[0]</A>"; + } + return $output; +} + function account_blocks($id) { $result = db_query("SELECT * FROM layout WHERE user = $id"); while ($layout = db_fetch_object($result)) { @@ -167,17 +173,22 @@ function account_comments($id) { } function account_edit_save($name, $edit) { - foreach ($edit as $key=>$value) { - $query .= "$key = '". addslashes($value) ."', "; - } + foreach ($edit as $key=>$value) if ($key != "access") $query .= "$key = '". addslashes($value) ."', "; db_query("UPDATE users SET $query last_access = '". time() ."' WHERE userid = '$name'"); + foreach ($edit[access] as $key=>$value) user_set(user_load($name), "access", $value, 1); watchdog("message", "account: modified user '$name'"); } function account_edit($name) { + global $access, $account; + + function access($name, $module) { + global $access, $account; + $access .= "<OPTION VALUE=\"$name\"". (user_access($account, $name) ? " SELECTED" : "") .">$name</OPTION>"; + } + $status = array(0 => "blocked", 1 => "not confirmed", 2 => "open"); - $permissions = array(0 => "regular user", 1 => "administrator"); $result = db_query("SELECT * FROM users WHERE userid = '$name'"); @@ -187,21 +198,18 @@ function account_edit($name) { } $stat = "<SELECT NAME=\"edit[status]\">\n$stat</SELECT>\n"; - foreach ($permissions as $key=>$value) { - $perm .= " <OPTION VALUE=\"$key\"". (($account->permissions == $key) ? " SELECTED" : "") .">$value</OPTION>\n"; - } - $perm = "<SELECT NAME=\"edit[permissions]\">\n$perm</SELECT>\n"; + module_iterate("access"); $output .= "<FORM ACTION=\"admin.php?mod=account\" METHOD=\"post\">\n"; $output .= "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n"; $output .= " <TR><TD ALIGN=\"right\"><B>ID:</B></TD><TD>$account->id</TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>Status:</B></TD><TD>$stat</TD></TR>\n"; + $output .= " <TR><TD ALIGN=\"right\"><B>Access:</B></TD><TD><SELECT NAME=\"edit[access][]\" MULTIPLE=\"true\" SIZE=\"10\">$access</SELECT></TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>Username:</B></TD><TD>$account->userid</TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>Real name:</B></TD><TD>". check_output($account->name) ."</TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>Real e-mail address:</B></TD><TD>". format_email($account->real_email) ."</TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>Fake e-mail address:</B></TD><TD><INPUT NAME=\"edit[fake_email]\" SIZE=\"55\" VALUE=\"$account->fake_email\"></TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>URL of homepage:</B></TD><TD><INPUT NAME=\"edit[url]\" SIZE=\"55\" VALUE=\"$account->url\"></TD></TR>\n"; - $output .= " <TR><TD ALIGN=\"right\"><B>Permissions:</B></TD><TD>$perm</TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>Last access:</B></TD><TD>". format_date($account->last_access) ." from ". check_output($account->last_host) ."</TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>User rating:</B></TD><TD>". check_output($account->rating) ."</TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>Bio information:</B></TD><TD><TEXTAREA NAME=\"edit[bio]\" COLS=\"35\" ROWS=\"5\" WRAP=\"virtual\">$account->bio</TEXTAREA></TD></TR>\n"; @@ -221,7 +229,6 @@ function account_edit($name) { function account_view($name) { $status = array(0 => "blocked", 1 => "not confirmed", 2 => "open"); - $permissions = array(0 => "regular user", 1 => "administrator"); $result = db_query("SELECT * FROM users WHERE userid = '$name'"); @@ -229,12 +236,12 @@ function account_view($name) { $output .= "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n"; $output .= " <TR><TD ALIGN=\"right\"><B>ID:</B></TD><TD><A HREF=\"admin.php?mod=account&op=edit&name=$account->userid\">$account->id</A></TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>Status:</B></TD><TD>". $status[$account->status] ."</TD></TR>\n"; + $output .= " <TR><TD ALIGN=\"right\"><B>Access:</B></TD><TD>". check_output(account_access($account)) ."</TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>Username:</B></TD><TD>$account->userid</TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>Real name:</B></TD><TD>". check_output($account->name) ."</TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>Real e-mail address:</B></TD><TD>". format_email($account->real_email) ."</TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>Fake e-mail address:</B></TD><TD>". check_output($account->fake_email) ."</TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>URL of homepage:</B></TD><TD>". format_url($account->url) ."</TD></TR>\n"; - $output .= " <TR><TD ALIGN=\"right\"><B>Permissions:</B></TD><TD>". $permissions[$account->permissions] ."</TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>Last access:</B></TD><TD>". format_date($account->last_access) ." from ". check_output($account->last_host) ."</TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>User rating:</B></TD><TD>". check_output($account->rating) ."</TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>Bio information:</B></TD><TD>". check_output($account->bio) ."</TD></TR>\n"; diff --git a/modules/comment.module b/modules/comment.module index 4d73e3caf..ef0bce34a 100644 --- a/modules/comment.module +++ b/modules/comment.module @@ -8,7 +8,7 @@ function comment_find($keys) { $find = array(); $result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.subject LIKE '%". check_input($keys) ."%' OR c.comment LIKE '%". check_input($keys) ."%' ORDER BY c.timestamp DESC LIMIT 20"); while ($comment = db_fetch_object($result)) { - array_push($find, array("subject" => check_output($comment->subject), "link" => (user_permission($user) ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "story.php?id=$comment->lid&cid=$comment->cid"), "user" => $story->userid, "date" => $comment->timestamp)); + array_push($find, array("subject" => check_output($comment->subject), "link" => (user_access($user, "comment") ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "story.php?id=$comment->lid&cid=$comment->cid"), "user" => $story->userid, "date" => $comment->timestamp)); } return $find; } diff --git a/modules/comment/comment.module b/modules/comment/comment.module index 4d73e3caf..ef0bce34a 100644 --- a/modules/comment/comment.module +++ b/modules/comment/comment.module @@ -8,7 +8,7 @@ function comment_find($keys) { $find = array(); $result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.subject LIKE '%". check_input($keys) ."%' OR c.comment LIKE '%". check_input($keys) ."%' ORDER BY c.timestamp DESC LIMIT 20"); while ($comment = db_fetch_object($result)) { - array_push($find, array("subject" => check_output($comment->subject), "link" => (user_permission($user) ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "story.php?id=$comment->lid&cid=$comment->cid"), "user" => $story->userid, "date" => $comment->timestamp)); + array_push($find, array("subject" => check_output($comment->subject), "link" => (user_access($user, "comment") ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "story.php?id=$comment->lid&cid=$comment->cid"), "user" => $story->userid, "date" => $comment->timestamp)); } return $find; } diff --git a/modules/diary.module b/modules/diary.module index c8e93c6be..0f366a84f 100644 --- a/modules/diary.module +++ b/modules/diary.module @@ -16,7 +16,7 @@ function diary_find($keys) { $find = array(); $result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id WHERE d.text LIKE '%". check_input($keys) ."%' ORDER BY d.timestamp DESC LIMIT 20"); while ($diary = db_fetch_object($result)) { - array_push($find, array("subject" => "$diary->userid's diary", "link" => (user_permission($user) ? "admin.php?mod=diary&op=edit&id=$diary->id" : "module.php?mod=diary&op=view&name=$diary->userid"), "user" => $diary->userid, "date" => $diary->timestamp)); + array_push($find, array("subject" => "$diary->userid's diary", "link" => (user_access($user, "diary") ? "admin.php?mod=diary&op=edit&id=$diary->id" : "module.php?mod=diary&op=view&name=$diary->userid"), "user" => $diary->userid, "date" => $diary->timestamp)); } return $find; diff --git a/modules/story.module b/modules/story.module index 47671033e..535821ccd 100644 --- a/modules/story.module +++ b/modules/story.module @@ -20,7 +20,7 @@ function story_find($keys) { $find = array(); $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.status = 2 AND (s.subject LIKE '%". check_input($keys) ."%' OR s.abstract LIKE '%". check_input($keys) ."%' OR s.article LIKE '%". check_input($keys) ."%') ORDER BY s.timestamp DESC LIMIT 20"); while ($story = db_fetch_object($result)) { - array_push($find, array("subject" => check_output($story->subject), "link" => (user_permission($user) ? "admin.php?mod=story&op=edit&id=$story->id" : "story.php?id=$story->id"), "user" => $story->userid, "date" => $story->timestamp)); + array_push($find, array("subject" => check_output($story->subject), "link" => (user_access($user, "story") ? "admin.php?mod=story&op=edit&id=$story->id" : "story.php?id=$story->id"), "user" => $story->userid, "date" => $story->timestamp)); } return $find; } diff --git a/modules/story/story.module b/modules/story/story.module index 47671033e..535821ccd 100644 --- a/modules/story/story.module +++ b/modules/story/story.module @@ -20,7 +20,7 @@ function story_find($keys) { $find = array(); $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.status = 2 AND (s.subject LIKE '%". check_input($keys) ."%' OR s.abstract LIKE '%". check_input($keys) ."%' OR s.article LIKE '%". check_input($keys) ."%') ORDER BY s.timestamp DESC LIMIT 20"); while ($story = db_fetch_object($result)) { - array_push($find, array("subject" => check_output($story->subject), "link" => (user_permission($user) ? "admin.php?mod=story&op=edit&id=$story->id" : "story.php?id=$story->id"), "user" => $story->userid, "date" => $story->timestamp)); + array_push($find, array("subject" => check_output($story->subject), "link" => (user_access($user, "story") ? "admin.php?mod=story&op=edit&id=$story->id" : "story.php?id=$story->id"), "user" => $story->userid, "date" => $story->timestamp)); } return $find; } diff --git a/modules/submission.module b/modules/submission.module index 338408d4c..3cc666f55 100644 --- a/modules/submission.module +++ b/modules/submission.module @@ -22,7 +22,7 @@ function submission_score($id) { function submission_vote($id, $vote, $comment) { global $user; - if (!user_get_history($user->history, "s$id")) { + if (!user_get($user, "history", "s$id")) { // Update submission's score- and votes-field: db_query("UPDATE stories SET score = score $vote, votes = votes + 1 WHERE id = $id"); @@ -33,7 +33,7 @@ function submission_vote($id, $vote, $comment) { } // Update user's history record: - user_set_history("s$id", $vote); + $user = user_set($user, "history", "s$id", $vote); // Update story table (if required): $result = db_query("SELECT * FROM stories WHERE id = $id"); @@ -65,7 +65,7 @@ function submission_page_main() { $content .= "<TABLE BORDER=\"0\" CELLSPACING=\"4\" CELLPADDING=\"4\">\n"; $content .= " <TR BGCOLOR=\"$bgcolor1\"><TH>". t("Subject") ."</TH><TH>". t("Section") ."</TH><TH>". t("Date") ."</TH><TH>". t("Author") ."</TH><TH>". t("Score") ."</TH></TR>\n"; while ($submission = db_fetch_object($result)) { - if ($user->id == $submission->author || user_get_history($user->history, "s$submission->id")) $content .= " <TR><TD WIDTH=\"100%\"><A HREF=\"module.php?mod=submission&op=view&id=$submission->id\">". check_output($submission->subject) ."</A></TD><TD>$submission->section</TD><TD ALIGN=\"center\">". date("Y-m-d", $submission->timestamp) ."<BR>". date("H:m:s", $submission->timestamp) ."</TD><TD ALIGN=\"center\">". format_username($submission->userid) ."</TD><TD ALIGN=\"center\">". submission_score($submission->id) ."</TD></TR>\n"; + if ($user->id == $submission->author || user_get($user, "history", "s$submission->id")) $content .= " <TR><TD WIDTH=\"100%\"><A HREF=\"module.php?mod=submission&op=view&id=$submission->id\">". check_output($submission->subject) ."</A></TD><TD>$submission->section</TD><TD ALIGN=\"center\">". date("Y-m-d", $submission->timestamp) ."<BR>". date("H:m:s", $submission->timestamp) ."</TD><TD ALIGN=\"center\">". format_username($submission->userid) ."</TD><TD ALIGN=\"center\">". submission_score($submission->id) ."</TD></TR>\n"; else $content .= " <TR><TD WIDTH=\"100%\"><A HREF=\"module.php?mod=submission&op=view&id=$submission->id\">". check_output($submission->subject) ."</A></TD><TD>$submission->section</TD><TD ALIGN=\"center\">". date("Y-m-d", $submission->timestamp) ."<BR>". date("H:m:s", $submission->timestamp) ."</TD><TD ALIGN=\"center\">". format_username($submission->userid) ."</TD><TD ALIGN=\"center\"><A HREF=\"module.php?mod=submission&op=view&id=$submission->id\">". t("vote") ."</A></TD></TR>\n"; } $content .= "</TABLE>\n"; @@ -81,7 +81,7 @@ function submission_display_item($id) { $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.id = $id"); $submission = db_fetch_object($result); - if ($user->id == $submission->author || user_get_history($user->history, "s$submission->id")) { + if ($user->id == $submission->author || user_get($user, "history", "s$submission->id")) { header("Location: story.php?id=$submission->id"); } else { @@ -111,7 +111,7 @@ function submission_page() { global $comment, $id, $op, $user, $vote; if ($user->id) { - user_rehash(); + $user = user_load($user->userid); switch($op) { case "view": diff --git a/updates/1.00-to-1.xx b/updates/1.00-to-1.xx index 7cc514ec0..be556a23e 100644 --- a/updates/1.00-to-1.xx +++ b/updates/1.00-to-1.xx @@ -1,18 +1,9 @@ +# 18/02/2001: permissions / access / group +alter table users drop permissions; +alter table users add access varchar(255) DEFAULT '' NOT NULL; -# 20/01/2001: comment/discussion code rewrite: -alter table users modify mode tinyint(1) DEFAULT '' NOT NULL; -alter table comments change sid lid int(6) DEFAULT '0' NOT NULL; -alter table comments add link varchar(16) DEFAULT '' NOT NULL; -update comments set link = 'article'; - -# 21/01/2001: section manager -alter table stories change category section varchar(64) DEFAULT '' NOT NULL; - -# 31/01/2001: block rehashing -alter table blocks add remove tinyint(1) DEFAULT '0' NOT NULL; - -# 07/02/2001: value calculation -alter table users add rating decimal(8,4) DEFAULT '0' NOT NULL; +# 14/02/2001: locale / internationalisation +alter table users add language varchar(2) DEFAULT '' NOT NULL; # 12/02/2001: locale / internationalisation create table locales ( @@ -22,5 +13,17 @@ create table locales ( PRIMARY KEY (id) ); -# 14/02/2001: locale / internationalisation -alter table users add language varchar(2) DEFAULT '' NOT NULL; +# 07/02/2001: value calculation +alter table users add rating decimal(8,4) DEFAULT '0' NOT NULL; + +# 31/01/2001: block rehashing +alter table blocks add remove tinyint(1) DEFAULT '0' NOT NULL; + +# 21/01/2001: section manager +alter table stories change category section varchar(64) DEFAULT '' NOT NULL; + +# 20/01/2001: comment/discussion code rewrite: +alter table users modify mode tinyint(1) DEFAULT '' NOT NULL; +alter table comments change sid lid int(6) DEFAULT '0' NOT NULL; +alter table comments add link varchar(16) DEFAULT '' NOT NULL; +update comments set link = 'article'; |