diff options
author | neoraider <devnull@localhost> | 2006-01-14 03:14:01 +0100 |
---|---|---|
committer | neoraider <devnull@localhost> | 2006-01-14 03:14:01 +0100 |
commit | c630a2d50349c57660cfc98eb13ec71444b27610 (patch) | |
tree | 4fa7ad9b755a4d8ae9045062cb4fefab248187e4 /code/pages.inc.php | |
parent | 8b89c8c8a9001c5f5b38465ceb58306fc6f0659e (diff) | |
download | neon-c630a2d50349c57660cfc98eb13ec71444b27610.tar neon-c630a2d50349c57660cfc98eb13ec71444b27610.zip |
Login implementiert. Puh... Und dabei auch den Handler phpexec und die Nav-Pages eingebaut.
Diffstat (limited to 'code/pages.inc.php')
-rw-r--r-- | code/pages.inc.php | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/code/pages.inc.php b/code/pages.inc.php index d529602..541b0ea 100644 --- a/code/pages.inc.php +++ b/code/pages.inc.php @@ -7,8 +7,8 @@ include('code/handlers.inc.php'); class Pages { - function Get($name) { - if(!$this->Exists($name)) { + function Get($name, $type) { + if(!$this->Exists($name, $type)) { $message = $GLOBALS['handlers']['default']->HandleErrorMessage('PageNotFound', array('page' => $name)); if(!$message['title']) $message['title'] = $name; @@ -16,9 +16,9 @@ return $message; } - $res = DBQuery('SELECT handler, data FROM pages WHERE name = ?', $name); + $res = DBQuery('SELECT handler, data FROM pages WHERE name = ? AND type = ?', array($name, $type)); - if(!$this->HasAccess($name)) { + if(!$this->HasAccess($name, $type)) { $message = $GLOBALS['handlers'][$res->fields[0]]->HandleErrorMessage('Forbidden', array('page' => $name)); if(!$message['title']) $message['title'] = $name; @@ -27,21 +27,22 @@ } parse_str($res->fields[1], $data); + $data = array_map('stripslashes', $data); $data['_page'] = $name; return $GLOBALS['handlers'][$res->fields[0]]->HandleContentData($data); } - function Exists($name) { - $res = DBQuery('SELECT id FROM pages WHERE name = ?', $name); + function Exists($name, $type) { + $res = DBQuery('SELECT id FROM pages WHERE name = ? AND type = ?', array($name, $type)); return ($res->RecordCount() > 0); } - function HasAccess($name) { + function HasAccess($name, $type) { $user = $GLOBALS['user']; - $res = DBQuery('SELECT access FROM pages WHERE name = ?', $name); + $res = DBQuery('SELECT access FROM pages WHERE name = ? AND type = ?', array($name, $type)); return ((($user->GetUid() != 0) && ($user->GetGid() == 0)) || ($res->fields[0] & (1 << $user->GetGid())) != 0); |