diff options
| author | neoraider <devnull@localhost> | 2006-04-14 02:20:03 +0200 |
|---|---|---|
| committer | neoraider <devnull@localhost> | 2006-04-14 02:20:03 +0200 |
| commit | 9b75fe7dbb5d0facae0ad516b580886c3e5a7aec (patch) | |
| tree | 55e2c642398b0502c618c87ae297e867b85a1bef /code | |
| parent | 1f93dbaae6aa262ae32592e08605e26af9d98a0f (diff) | |
| download | neon-9b75fe7dbb5d0facae0ad516b580886c3e5a7aec.tar neon-9b75fe7dbb5d0facae0ad516b580886c3e5a7aec.zip | |
Rechteverwaltung ?berarbeitet.
Diffstat (limited to 'code')
| -rw-r--r-- | code/pages.inc.php | 90 |
1 files changed, 64 insertions, 26 deletions
diff --git a/code/pages.inc.php b/code/pages.inc.php index d712242..50ca2b7 100644 --- a/code/pages.inc.php +++ b/code/pages.inc.php @@ -80,30 +80,28 @@ } function HasAccess($page, $type) { - if($GLOBALS['user']->IsAdmin()) return $this->Exists($page, $type); + if(!$this->Exists($page, $type)) return false; + if($GLOBALS['user']->IsAdmin()) return true; $gid = $GLOBALS['user']->gid; - $pagedata = $this->GetPageData($page, $type); - - if(!$pagedata) - return false; + $access = $this->GetAccess($page, $type); - return ((hexdec(substr($pagedata['access'], ($gid/8)*2, 2)) & (1 << ($gid%8))) != 0); + return ((hexdec($access[$gid/4]) & (1 << ($gid%4))) != 0); } function GetPageData($page, $type) { if(!$this->Exists($page, $type)) return null; if(!$this->pages[$page . '.' . $type]) { - $res = $GLOBALS['db']->Execute('SELECT template, HEX(access), data FROM pages WHERE name = ? AND type = ?', array($page, $type)); + $res = $GLOBALS['db']->Execute('SELECT template, data FROM pages WHERE name = ? AND type = ?', array($page, $type)); if($res->RecordCount()) { - parse_str($res->fields[2], $data); + parse_str($res->fields[1], $data); $data = array_map('Unquote', $data); $this->pages[$page . '.' . $type] = array('name' => $page, 'type' => $type, 'template' => $res->fields[0], - 'access' => $res->fields[1], 'data' => $data); + 'access' => '', 'data' => $data); } else { $filename = $GLOBALS['modules']->pages[$page . '.' . $type]; @@ -141,6 +139,11 @@ $this->pages[$page . '.' . $type] = array('name' => $page, 'type' => $type, 'template' => $template, 'access' => $access, 'data' => $data); } + + $res = $GLOBALS['db']->Execute('SELECT readaccess FROM privs WHERE name = ? AND type = ?', array($page, $type)); + + if($res->RecordCount()) + $this->pages[$page . '.' . $type]['access'] = $res->fields[0]; } return $this->pages[$page . '.' . $type]; @@ -149,7 +152,7 @@ function Add($name, $type, $template) { if($this->Exists($name, $type)) return false; - $GLOBALS['db']->Execute('INSERT INTO pages (name, template, access, data, type) VALUES (?, ?, "", "", ?)', + $GLOBALS['db']->Execute('INSERT INTO pages (name, template, data, type) VALUES (?, ?, "", ?)', array($name, $template, $type)); return ($GLOBALS['db']->Affected_Rows() > 0); @@ -161,26 +164,22 @@ foreach($data as $key => $val) $string .= urlencode($key) . '=' . urlencode($val) . '&'; - $GLOBALS['db']->Execute('UPDATE pages SET data = ? WHERE name = ? AND type = ?', + $res = $GLOBALS['db']->Execute('SELECT id FROM pages WHERE name = ? AND type = ?', + array($page, $type)); + + if($res->RecordCount()) { + $GLOBALS['db']->Execute('UPDATE pages SET data = ? WHERE name = ? AND type = ?', array(substr($string, 0, -1), $page, $type)); - if($GLOBALS['db']->Affected_Rows()) return true; + return true; + } $pagedata = $this->GetPageData($page, $type); - $string = ''; - - foreach($pagedata['data'] as $key => $val) - $string .= urlencode($key) . '=' . urlencode($val) . '&'; - - $access = ''; - - for($i = 0; $i < strlen($pagedata['access']); $i+=2) - $access .= chr(hexdec(substr($pagedata['access'], $i, 2))); - - - $GLOBALS['db']->Execute('INSERT INTO pages (name, template, access, data, type) VALUES (?, ?, ?, ?, ?)', - array($page, $pagedata['template'], $access, $string, $type)); + $GLOBALS['db']->Execute('INSERT INTO privs (name, type, readaccess) VALUES (?, ?, ?)', + array($page, $type, $pagedata['access'])); + $GLOBALS['db']->Execute('INSERT INTO pages (name, template, data, type) VALUES (?, ?, ?, ?)', + array($page, $pagedata['template'], $string, $type)); return ($GLOBALS['db']->Affected_Rows() > 0); } @@ -188,6 +187,7 @@ function Rename($page, $type, $new_name) { if($this->Exists($new_name, $type)) return false; + $GLOBALS['db']->Execute('UPDATE privs SET name = ? WHERE name = ? AND type = ?', array($new_name, $page, $type)); $GLOBALS['db']->Execute('UPDATE pages SET name = ? WHERE name = ? AND type = ?', array($new_name, $page, $type)); return ($GLOBALS['db']->Affected_Rows() > 0); @@ -204,13 +204,14 @@ foreach($pagedata['data'] as $key => $val) $string .= urlencode($key) . '=' . urlencode($val) . '&'; - $GLOBALS['db']->Execute('INSERT INTO pages (name, template, access, data, type) VALUES (?, ?, "", ?, ?)', + $GLOBALS['db']->Execute('INSERT INTO pages (name, template, data, type) VALUES (?, ?, ?, ?)', array($new_name, $pagedata['template'], $string, $type)); return ($GLOBALS['db']->Affected_Rows() > 0); } function Delete($page, $type) { + $GLOBALS['db']->Execute('DELETE FROM privs WHERE name = ? AND type = ?', array($page, $type)); $GLOBALS['db']->Execute('DELETE FROM pages WHERE name = ? AND type = ?', array($page, $type)); return ($GLOBALS['db']->Affected_Rows() > 0); @@ -230,6 +231,43 @@ return $pages; } + + function GetAccess($page, $type) { + $res = $GLOBALS['db']->Execute('SELECT readaccess FROM privs WHERE name = ? AND type = ?', array($page, $type)); + + if($res->RecordCount()) + return $res->fields[0]; + + $pagedata = $this->GetPageData($page, $type); + + return $pagedata['access']; + } + + function SetAccess($page, $type, $access) { + $res = $GLOBALS['db']->Execute('SELECT id FROM privs WHERE name = ? AND type = ?', array($page, $type)); + + if($res->RecordCount()) { + $GLOBALS['db']->Execute('UPDATE privs SET readaccess = ? WHERE name = ? AND type = ?', array($access, $page, $type)); + + return true; + } + + $pagedata = $this->GetPageData($page, $type); + + if(strlen($access) > strlen($pagedata['access'])) { + if(eregi('^' . $pagedata['access'] . '0+$', $access)) return true; + } + elseif(strlen($access) < strlen($pagedata['access'])) { + if(eregi('^' . $access . '0+$', $pagedata['access'])) return true; + } + else { + if(strcasecmp($access, $pagedata['access']) == 0) return true; + } + + $GLOBALS['db']->Execute('INSERT INTO privs (name, type, readaccess) VALUES (?, ?, ?)', array($page, $type, $access)); + + return ($GLOBALS['db']->Affected_Rows() > 0); + } } $GLOBALS['pages'] = new Pages; |