From bde164393aa3b8c59ee15c0ae80c4268b236fb47 Mon Sep 17 00:00:00 2001 From: neoraider Date: Sun, 16 Apr 2006 20:21:01 +0000 Subject: Rechteverwaltung ?berarbeitet. --- code/links.inc.php | 4 +- code/pages.inc.php | 64 ++++++++++++++++++++---------- code/user.inc.php | 12 ++++++ config/neon.sql | 12 +++--- pages/Login.c.xml | 2 +- pages/Login.n.xml | 2 +- pages/Logout.c.xml | 2 +- pages/Pages.c.xml | 3 +- pages/Pages/Copy.c.xml | 2 +- pages/Pages/Delete.c.xml | 2 +- pages/Pages/Edit.c.xml | 2 +- pages/Pages/Handle.c.xml | 58 +++++++++++++++++++++++++-- pages/Pages/New.c.xml | 2 +- pages/Pages/Privs.c.xml | 62 +++++++++++++++++++++++++++++ pages/Pages/Rename.c.xml | 2 +- pages/Privileges.c.xml | 91 ------------------------------------------- pages/Privileges/Update.c.xml | 48 ----------------------- pages/Users.c.xml | 2 +- pages/Users/Delete.c.xml | 2 +- pages/Users/Group.c.xml | 2 +- pages/Users/Handle.c.xml | 2 +- pages/Users/New.c.xml | 2 +- pages/Users/Password.c.xml | 2 +- pages/Users/Rename.c.xml | 2 +- pages/default.e.xml | 2 +- pages/phpexec.e.xml | 2 +- styles/TheWhiteOne/style.css | 2 +- 27 files changed, 200 insertions(+), 190 deletions(-) create mode 100644 pages/Pages/Privs.c.xml delete mode 100644 pages/Privileges.c.xml delete mode 100644 pages/Privileges/Update.c.xml diff --git a/code/links.inc.php b/code/links.inc.php index b5ae18e..d65eea1 100644 --- a/code/links.inc.php +++ b/code/links.inc.php @@ -3,7 +3,7 @@ class Links { function GetNeonLink($page, $extra = '', $html = true) { - if($GLOBALS['pages']->HasAccess($page, 'c')) { + if($GLOBALS['pages']->HasReadAccess($page, 'c')) { if($GLOBALS['user']->login_type == 'url') $ret = 'index.php?page=' . $page . '&login=' . $GLOBALS['user']->login_key . ($extra ? '&' . $extra : ''); @@ -27,7 +27,7 @@ } function GetNavPage($page) { - if($GLOBALS['pages']->HasAccess($page, 'n')) { + if($GLOBALS['pages']->HasReadAccess($page, 'n')) { $page = $GLOBALS['pages']->Get($page, 'n'); return $page['content']; } diff --git a/code/pages.inc.php b/code/pages.inc.php index 50ca2b7..c696836 100644 --- a/code/pages.inc.php +++ b/code/pages.inc.php @@ -15,9 +15,8 @@ 'Pages:Edit.c' => null, 'Pages:Handle.c' => null, 'Pages:New.c' => null, + 'Pages:Privs.c' => null, 'Pages:Rename.c' => null, - 'Privileges.c' => null, - 'Privileges:Update.c' => null, 'Users.c' => null, 'Users:Delete.c' => null, 'Users:Group.c' => null, @@ -35,7 +34,7 @@ return array('title' => $page, 'content' => ErrorMessage('PageNotFound', array('page' => $page))); - if(!$this->HasAccess($page, $type)) + if(!$this->HasReadAccess($page, $type)) return array('title' => $page, 'content' => ErrorMessage('Forbidden', array('page' => $page))); @@ -54,7 +53,7 @@ return array('title' => $page, 'content' => ErrorMessage('PageNotFound', array('page' => $page))); - if(!$GLOBALS['user']->IsAdmin()) + if(!$this->HasWriteAccess($page, $type)) return array('title' => $page, 'content' => ErrorMessage('Forbidden', array('page' => $page))); @@ -79,7 +78,7 @@ return ($res->RecordCount() > 0); } - function HasAccess($page, $type) { + function HasReadAccess($page, $type) { if(!$this->Exists($page, $type)) return false; if($GLOBALS['user']->IsAdmin()) return true; @@ -87,7 +86,18 @@ $access = $this->GetAccess($page, $type); - return ((hexdec($access[$gid/4]) & (1 << ($gid%4))) != 0); + return ((hexdec($access[0][$gid/4]) & (1 << ($gid%4))) != 0); + } + + function HasWriteAccess($page, $type) { + if(!$this->Exists($page, $type)) return false; + if($GLOBALS['user']->IsAdmin()) return true; + + $gid = $GLOBALS['user']->gid; + + $access = $this->GetAccess($page, $type); + + return ((hexdec($access[1][$gid/4]) & (1 << ($gid%4))) != 0); } function GetPageData($page, $type) { @@ -123,7 +133,7 @@ if(!$access) return null; if(count($access['children']) != 1) return; if(!is_string($access['children'][0])) return; - $access = $access['children'][0]; + $access = explode(':', $access['children'][0]); $rawdata = $GLOBALS['xmlparser']->FindTag($xmldata, 'data'); @@ -140,10 +150,10 @@ 'access' => $access, 'data' => $data); } - $res = $GLOBALS['db']->Execute('SELECT readaccess FROM privs WHERE name = ? AND type = ?', array($page, $type)); + $res = $GLOBALS['db']->Execute('SELECT readaccess, writeaccess FROM privs WHERE name = ? AND type = ?', array($page, $type)); if($res->RecordCount()) - $this->pages[$page . '.' . $type]['access'] = $res->fields[0]; + $this->pages[$page . '.' . $type]['access'] = array($res->fields[0], $res->fields[1]); } return $this->pages[$page . '.' . $type]; @@ -176,8 +186,8 @@ $pagedata = $this->GetPageData($page, $type); - $GLOBALS['db']->Execute('INSERT INTO privs (name, type, readaccess) VALUES (?, ?, ?)', - array($page, $type, $pagedata['access'])); + $GLOBALS['db']->Execute('INSERT INTO privs (name, type, readaccess, writeaccess) VALUES (?, ?, ?, ?)', + array($page, $type, $pagedata['access'][0], $pagedata['access'][1])); $GLOBALS['db']->Execute('INSERT INTO pages (name, template, data, type) VALUES (?, ?, ?, ?)', array($page, $pagedata['template'], $string, $type)); @@ -233,10 +243,10 @@ } function GetAccess($page, $type) { - $res = $GLOBALS['db']->Execute('SELECT readaccess FROM privs WHERE name = ? AND type = ?', array($page, $type)); + $res = $GLOBALS['db']->Execute('SELECT readaccess, writeaccess FROM privs WHERE name = ? AND type = ?', array($page, $type)); if($res->RecordCount()) - return $res->fields[0]; + return array($res->fields[0], $res->fields[1]); $pagedata = $this->GetPageData($page, $type); @@ -247,24 +257,38 @@ $res = $GLOBALS['db']->Execute('SELECT id FROM privs WHERE name = ? AND type = ?', array($page, $type)); if($res->RecordCount()) { - $GLOBALS['db']->Execute('UPDATE privs SET readaccess = ? WHERE name = ? AND type = ?', array($access, $page, $type)); + $GLOBALS['db']->Execute('UPDATE privs SET readaccess = ?, writeaccess = ? WHERE name = ? AND type = ?', array($access[0], $access[1], $page, $type)); return true; } $pagedata = $this->GetPageData($page, $type); - if(strlen($access) > strlen($pagedata['access'])) { - if(eregi('^' . $pagedata['access'] . '0+$', $access)) return true; + $changed = false; + + if(strlen($access[0]) > strlen($pagedata['access'][0])) { + if(!eregi('^' . $pagedata['access'][0] . '0+$', $access[0])) $changed = true; } - elseif(strlen($access) < strlen($pagedata['access'])) { - if(eregi('^' . $access . '0+$', $pagedata['access'])) return true; + elseif(strlen($access[0]) < strlen($pagedata['access'][0])) { + if(!eregi('^' . $access[0] . '0+$', $pagedata['access'][0])) $changed = true; } else { - if(strcasecmp($access, $pagedata['access']) == 0) return true; + if(strcasecmp($access[0], $pagedata['access'][0]) != 0) $changed = true; + } + + if(!$changed) { + if(strlen($access[1]) > strlen($pagedata['access'][1])) { + if(eregi('^' . $pagedata['access'][1] . '0+$', $access[1])) return true; + } + elseif(strlen($access[1]) < strlen($pagedata['access'][1])) { + if(eregi('^' . $access[1] . '0+$', $pagedata['access'][1])) return true; + } + else { + if(strcasecmp($access[1], $pagedata['access'][1]) == 0) return true; + } } - $GLOBALS['db']->Execute('INSERT INTO privs (name, type, readaccess) VALUES (?, ?, ?)', array($page, $type, $access)); + $GLOBALS['db']->Execute('INSERT INTO privs (name, type, readaccess, writeaccess) VALUES (?, ?, ?, ?)', array($page, $type, $access[0], $access[1])); return ($GLOBALS['db']->Affected_Rows() > 0); } diff --git a/code/user.inc.php b/code/user.inc.php index b9cab2d..4912bcc 100644 --- a/code/user.inc.php +++ b/code/user.inc.php @@ -136,6 +136,18 @@ return ($GLOBALS['db']->Affected_Rows() > 0); } + + function ListUsers() { + $res = $GLOBALS['db']->Execute('SELECT id, name FROM users ORDER BY id'); + + return $res->GetArray(); + } + + function ListGroups() { + $res = $GLOBALS['db']->Execute('SELECT id, name FROM groups ORDER BY id'); + + return $res->GetArray(); + } } $GLOBALS['user'] = new User; diff --git a/config/neon.sql b/config/neon.sql index 4d663dd..21fec04 100644 --- a/config/neon.sql +++ b/config/neon.sql @@ -3,7 +3,7 @@ -- http://www.phpmyadmin.net -- -- Host: localhost --- Erstellungszeit: 14. April 2006 um 02:13 +-- Erstellungszeit: 16. April 2006 um 22:17 -- Server Version: 5.0.19 -- PHP-Version: 5.1.2-1+b1 -- @@ -58,7 +58,6 @@ INSERT INTO `nav` VALUES (9, 0, 'Mitglieder', ''); INSERT INTO `nav` VALUES (10, 0, 'Test', ''); INSERT INTO `nav` VALUES (11, 10, 'Lorem Ipsum', ':Test:LoremIpsum'); INSERT INTO `nav` VALUES (12, 8, 'Seiten', ':Pages'); -INSERT INTO `nav` VALUES (13, 8, 'Rechte', ':Privileges'); INSERT INTO `nav` VALUES (14, 8, 'Benutzer', ':Users'); -- -------------------------------------------------------- @@ -96,6 +95,7 @@ CREATE TABLE `privs` ( `name` varchar(255) NOT NULL, `type` enum('c','n','e') NOT NULL, `readaccess` text NOT NULL, + `writeaccess` text NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `name` (`name`,`type`) ) TYPE=MyISAM AUTO_INCREMENT=9 ; @@ -104,9 +104,9 @@ CREATE TABLE `privs` ( -- Daten für Tabelle `privs` -- -INSERT INTO `privs` VALUES (6, 'Home:Startseite', 'c', '9'); -INSERT INTO `privs` VALUES (2, 'Test:LoremIpsum', 'c', '9'); -INSERT INTO `privs` VALUES (3, 'Test:BBCode', 'c', '9'); +INSERT INTO `privs` VALUES (6, 'Home:Startseite', 'c', '9', '0'); +INSERT INTO `privs` VALUES (2, 'Test:LoremIpsum', 'c', '9', '0'); +INSERT INTO `privs` VALUES (3, 'Test:BBCode', 'c', '9', '0'); -- -------------------------------------------------------- @@ -129,6 +129,6 @@ CREATE TABLE `users` ( -- Daten für Tabelle `users` -- -INSERT INTO `users` VALUES (1, '', 0, 'NeoRaider', 'gamezock', '2006-04-14 02:13:08'); +INSERT INTO `users` VALUES (1, '', 0, 'NeoRaider', 'gamezock', '2006-04-16 22:17:42'); INSERT INTO `users` VALUES (3, '', 0, 'sicarius', 'armleuchter', '2006-03-05 23:46:46'); INSERT INTO `users` VALUES (4, '', 0, 'morti', 'return', '2006-03-05 22:02:27'); diff --git a/pages/Login.c.xml b/pages/Login.c.xml index 666bf4e..3f69400 100644 --- a/pages/Login.c.xml +++ b/pages/Login.c.xml @@ -3,7 +3,7 @@ Login - 1 + 1:0 c diff --git a/pages/Login.n.xml b/pages/Login.n.xml index 4e58e32..71fb2b3 100644 --- a/pages/Login.n.xml +++ b/pages/Login.n.xml @@ -3,7 +3,7 @@ Login - 1 + 1:0 n diff --git a/pages/Logout.c.xml b/pages/Logout.c.xml index 88bbae3..9447dca 100644 --- a/pages/Logout.c.xml +++ b/pages/Logout.c.xml @@ -3,7 +3,7 @@ Logout - 8 + 8:0 c diff --git a/pages/Pages.c.xml b/pages/Pages.c.xml index 7722ac5..f9db838 100644 --- a/pages/Pages.c.xml +++ b/pages/Pages.c.xml @@ -3,7 +3,7 @@ Pages - 0 + 0:0 c @@ -47,6 +47,7 @@ echo ' '; echo ' '; echo ' '; + echo ' '; echo ' '; echo ' '; echo ''; diff --git a/pages/Pages/Copy.c.xml b/pages/Pages/Copy.c.xml index e0b2ea8..79becca 100644 --- a/pages/Pages/Copy.c.xml +++ b/pages/Pages/Copy.c.xml @@ -3,7 +3,7 @@ Pages:Copy - 0 + 0:0 c diff --git a/pages/Pages/Delete.c.xml b/pages/Pages/Delete.c.xml index 60d7cb6..07e6ff3 100644 --- a/pages/Pages/Delete.c.xml +++ b/pages/Pages/Delete.c.xml @@ -3,7 +3,7 @@ Pages:Delete - 0 + 0:0 c diff --git a/pages/Pages/Edit.c.xml b/pages/Pages/Edit.c.xml index 6680ef6..dfe9a51 100644 --- a/pages/Pages/Edit.c.xml +++ b/pages/Pages/Edit.c.xml @@ -3,7 +3,7 @@ Pages:Edit - 0 + 0:0 c diff --git a/pages/Pages/Handle.c.xml b/pages/Pages/Handle.c.xml index 47fa776..734c62d 100644 --- a/pages/Pages/Handle.c.xml +++ b/pages/Pages/Handle.c.xml @@ -3,7 +3,7 @@ Pages:Handle - 0 + 0:0 c @@ -51,9 +51,59 @@ echo $data['content']; } } + elseif(isset($_POST['privs'])) { + if($_POST['name']) { + $name = htmlspecialchars(Unquote($_POST['name'])); + + $title = 'Rechte von \'' . $name . '\' ändern'; + + echo '

Rechte von \'' . $name . '\' ändern

'; + + $access = $GLOBALS['pages']->GetAccess(Unquote($_POST['name']), $_POST['type']); + $groups = $GLOBALS['user']->ListGroups(); + + array_unshift($groups, array(0, 'Gast')); + + echo '
'; + + echo ''; + echo ''; + + echo ''; + + foreach($groups as $group) { + echo ''; + } + + echo '
' . htmlspecialchars($group[1]) . ''; + + echo '
'; + + echo ' '; + echo ''; + + echo '
'; + } + } elseif(isset($_POST['copy'])) { if($_POST['name']) { - $name = strtr(Unquote($_POST['name']), array('<' => '<', '>' => '>', '&' => '&', '"' => '"')); + $name = htmlspecialchars(Unquote($_POST['name'])); $title = '\'' . $name . '\' kopieren'; @@ -70,7 +120,7 @@ } elseif(isset($_POST['rename'])) { if($_POST['name']) { - $name = strtr(Unquote($_POST['name']), array('<' => '<', '>' => '>', '&' => '&', '"' => '"')); + $name = htmlspecialchars(Unquote($_POST['name'])); $title = '\'' . $name . '\' umbenennen'; @@ -88,7 +138,7 @@ } elseif(isset($_POST['delete'])) { if($_POST['name']) { - $name = strtr(Unquote($_POST['name']), array('<' => '<', '>' => '>', '&' => '&', '"' => '"')); + $name = htmlspecialchars(Unquote($_POST['name'])); $title = '\'' . $name . '\' löschen'; diff --git a/pages/Pages/New.c.xml b/pages/Pages/New.c.xml index aae764d..6dd1b68 100644 --- a/pages/Pages/New.c.xml +++ b/pages/Pages/New.c.xml @@ -3,7 +3,7 @@ Pages:New - 0 + 0:0 c diff --git a/pages/Pages/Privs.c.xml b/pages/Pages/Privs.c.xml new file mode 100644 index 0000000..5023d1e --- /dev/null +++ b/pages/Pages/Privs.c.xml @@ -0,0 +1,62 @@ + + + + Pages:Privs + + 0:0 + c + + + + GetNeonLink('Pages', 'type=' . $_POST['type'], false)); + exit(); + } + + if(!$_POST['name']) exit(); + + $groups = $GLOBALS['user']->ListGroups(); + array_unshift($groups, array(0)); + + $group_max = $groups[count($groups)-1][0]; + + $readaccess = implode('', array_fill(0, $group_max/4 + 1, '0')); + $writeaccess = $readaccess; + + foreach($groups as $group) { + if(!isset($_POST['group_' . $group[0]])) exit(); + + switch($_POST['group_' . $group[0]]) { + case 0: + break; + case 1: + $readaccess[$group[0]/4] = dechex(hexdec($readaccess[$group[0]/4]) | (1 << ($group[0]%4))); + break; + case 2: + $readaccess[$group[0]/4] = dechex(hexdec($readaccess[$group[0]/4]) | (1 << ($group[0]%4))); + $writeaccess[$group[0]/4] = dechex(hexdec($writeaccess[$group[0]/4]) | (1 << ($group[0]%4))); + break; + default: + exit(); + } + } + + $GLOBALS['pages']->SetAccess(Unquote($_POST['name']), $_POST['type'], array($readaccess, $writeaccess)); + + header('Location: ' . $GLOBALS['links']->GetNeonLink('Pages', 'type=' . $_POST['type'], false)); + exit(); +?> + ]]> + + + diff --git a/pages/Pages/Rename.c.xml b/pages/Pages/Rename.c.xml index 9744a85..236b709 100644 --- a/pages/Pages/Rename.c.xml +++ b/pages/Pages/Rename.c.xml @@ -3,7 +3,7 @@ Pages:Rename - 0 + 0:0 c diff --git a/pages/Privileges.c.xml b/pages/Privileges.c.xml deleted file mode 100644 index dd263ac..0000000 --- a/pages/Privileges.c.xml +++ /dev/null @@ -1,91 +0,0 @@ - - - - Privileges - - 0 - c - - - - Rechte'; - - $type = $_GET['type']; - if($type != 'c' && $type != 'n' && $type != 'e') $type = 'c'; - - echo 'Seitentyp: '; - echo 'Inhalt | '; - echo 'Navigation | '; - echo 'Editor

'; - - echo '
'; - - echo ''; - - echo ''; - - $groupres = $GLOBALS['db']->Execute('SELECT * FROM groups ORDER BY id'); - $pages = $GLOBALS['pages']->GetList(); - - $groups = $groupres->GetArray(); - array_unshift($groups, array(0, 'Gast')); - - echo ''; - - echo ''; - - foreach($groups as $group) { - echo ''; - } - - echo ''; - - $linex = true; - - foreach($pages as $page) { - if($page[strlen($page)-1] != $type) continue; - - $page = substr($page, 0, -2); - - $access = $GLOBALS['pages']->GetAccess($page, $type); - - echo ''; - $linex = !$linex; - - echo ''; - - foreach($groups as $group) { - echo ''; - } - - echo ''; - } - - echo ''; - - echo '
' . $group[1] . '
' . $page . '
'; - echo ''; - echo '
'; - - echo '
'; -?> - ]]> - - - diff --git a/pages/Privileges/Update.c.xml b/pages/Privileges/Update.c.xml deleted file mode 100644 index a8a8c54..0000000 --- a/pages/Privileges/Update.c.xml +++ /dev/null @@ -1,48 +0,0 @@ - - - - Privileges:Update - - 0 - c - - - - Execute('SELECT id FROM groups ORDER by id'); - $pages = $GLOBALS['pages']->GetList(); - - $groups = $groupres->GetArray(); - array_unshift($groups, array(0)); - - $group_max = $groups[count($groups)-1][0]; - - foreach($pages as $page) { - if($page[strlen($page)-1] != $_POST['type']) continue; - - $page = substr($page, 0, -2); - - $access = join('', array_fill(0, $group_max/4 + 1, '0')); - - foreach($groups as $group) - if(isset($_POST[$page . ':' . $group[0]])) - $access[$group[0]/4] = dechex(hexdec($access[$group[0]/4]) | (1 << ($group[0]%4))); - - $GLOBALS['pages']->SetAccess($page, $_POST['type'], $access); - } - - header('Location: ' . $GLOBALS['links']->GetNeonLink('Privileges', 'type=' . $_POST['type'], false)); - exit(); -?> - ]]> - - - diff --git a/pages/Users.c.xml b/pages/Users.c.xml index d268cb9..2dcd181 100644 --- a/pages/Users.c.xml +++ b/pages/Users.c.xml @@ -3,7 +3,7 @@ Users - 0 + 0:0 c diff --git a/pages/Users/Delete.c.xml b/pages/Users/Delete.c.xml index b5307db..8c32935 100644 --- a/pages/Users/Delete.c.xml +++ b/pages/Users/Delete.c.xml @@ -3,7 +3,7 @@ Users:Delete - 0 + 0:0 c diff --git a/pages/Users/Group.c.xml b/pages/Users/Group.c.xml index ae3b487..b48e369 100644 --- a/pages/Users/Group.c.xml +++ b/pages/Users/Group.c.xml @@ -3,7 +3,7 @@ Users:Group - 0 + 0:0 c diff --git a/pages/Users/Handle.c.xml b/pages/Users/Handle.c.xml index 138873a..abed354 100644 --- a/pages/Users/Handle.c.xml +++ b/pages/Users/Handle.c.xml @@ -3,7 +3,7 @@ Users:Handle - 0 + 0:0 c diff --git a/pages/Users/New.c.xml b/pages/Users/New.c.xml index 41334e4..ac6bed9 100644 --- a/pages/Users/New.c.xml +++ b/pages/Users/New.c.xml @@ -3,7 +3,7 @@ Users:New - 0 + 0:0 c diff --git a/pages/Users/Password.c.xml b/pages/Users/Password.c.xml index 30663c0..c08cd02 100644 --- a/pages/Users/Password.c.xml +++ b/pages/Users/Password.c.xml @@ -3,7 +3,7 @@ Users:Password - 0 + 0:0 c diff --git a/pages/Users/Rename.c.xml b/pages/Users/Rename.c.xml index 3484aba..def6aa4 100644 --- a/pages/Users/Rename.c.xml +++ b/pages/Users/Rename.c.xml @@ -3,7 +3,7 @@ Users:Rename - 0 + 0:0 c diff --git a/pages/default.e.xml b/pages/default.e.xml index 65d2229..3c0c79e 100644 --- a/pages/default.e.xml +++ b/pages/default.e.xml @@ -3,7 +3,7 @@ phpexec - 0 + 0:0 e diff --git a/pages/phpexec.e.xml b/pages/phpexec.e.xml index 82f0ed9..a2c390d 100644 --- a/pages/phpexec.e.xml +++ b/pages/phpexec.e.xml @@ -3,7 +3,7 @@ phpexec - 0 + 0:0 e diff --git a/styles/TheWhiteOne/style.css b/styles/TheWhiteOne/style.css index 9821725..b64835b 100644 --- a/styles/TheWhiteOne/style.css +++ b/styles/TheWhiteOne/style.css @@ -41,7 +41,7 @@ a.active_page_link { } select.pagelist, select.userlist, select.grouplist { - width:35em; + width:100%; } textarea.pageedit { -- cgit v1.2.3