Seditio Source
Root |
./othercms/Cotonti-0.6.25/system/core/admin/admin.rights.inc.php
<?php
/**
 * Administration panel - Rights editor
 *
 * @package Cotonti
 * @version 0.1.0
 * @author Neocrome, Cotonti Team
 * @copyright Copyright (c) Cotonti Team 2008-2009
 * @license BSD
 */

(defined('SED_CODE') && defined('SED_ADMIN')) or die('Wrong URL.');

list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = sed_auth('users', 'a');
$usr['isadmin'] &= sed_auth('admin', 'a', 'A');
sed_block($usr['isadmin']);

$t = new XTemplate(sed_skinfile('admin.rights.inc', false, true));

$g = sed_import('g', 'G', 'INT');
$advanced = sed_import('advanced', 'G', 'BOL');
$ajax = sed_import('ajax', 'G', 'INT');
$ajax = empty($ajax) ? 0 : (int) $ajax;

$L['adm_code']['admin'] = $L['Administration'];
$L['adm_code']['comments'] = $L['Comments'];
$L['adm_code']['forums'] = $L['Forums'];
$L['adm_code']['index'] = $L['Home'];
$L['adm_code']['message'] = $L['Messages'];
$L['adm_code']['page'] = $L['Pages'];
$L['adm_code']['pfs'] = $L['PFS'];
$L['adm_code']['plug'] = $L['Plugins'];
$L['adm_code']['pm'] = $L['Private_Messages'];
$L['adm_code']['polls'] = $L['Polls'];
$L['adm_code']['ratings'] = $L['Ratings'];
$L['adm_code']['users'] = $L['Users'];

/* === Hook === */
$extp = sed_getextplugins('admin.rights.first');
if (is_array($extp))
{ foreach($extp as $k => $pl) { include_once($cfg['plugins_dir'].'/'.$pl['pl_code'].'/'.$pl['pl_file'].'.php'); } }
/* ===== */

if($a == 'update')
{
    $ncopyrightsconf = sed_import('ncopyrightsconf', 'P', 'BOL');
    $ncopyrightsfrom = sed_import('ncopyrightsfrom', 'P', 'INT');

    /* === Hook === */
    $extp = sed_getextplugins('admin.rights.update');
    if (is_array($extp))
    { foreach($extp as $k => $pl) { include_once($cfg['plugins_dir'].'/'.$pl['pl_code'].'/'.$pl['pl_file'].'.php'); } }
    /* ===== */

    if($ncopyrightsconf && !empty($sed_groups[$ncopyrightsfrom]['title']) && $g > 5)
    {
        $sql = sed_sql_query("SELECT * FROM $db_auth WHERE auth_groupid='".$ncopyrightsfrom."' order by auth_code ASC, auth_option ASC");
        if(sed_sql_numrows($sql) > 0)
        {
            $sql1 = sed_sql_query("DELETE FROM $db_auth WHERE auth_groupid='".$g."'");

            while($row = sed_sql_fetcharray($sql))
            {
                $sql1 = sed_sql_query("INSERT into $db_auth (auth_groupid, auth_code, auth_option, auth_rights, auth_rights_lock, auth_setbyuserid) VALUES (".(int)$g.", '".$row['auth_code']."', '".$row['auth_option']."', ".(int)$row['auth_rights'].", 0, ".(int)$usr['id'].")");
            }
        }

        sed_auth_reorder();
        sed_auth_clear('all');

        $adminwarnings = $L['Added'];
    }
    elseif(is_array($_POST['auth']))
    {
        $mask = array();
        $auth = sed_import('auth', 'P', 'ARR');

        $sql = sed_sql_query("UPDATE $db_auth SET auth_rights=0 WHERE auth_groupid='$g'");

        foreach($auth as $k => $v)
        {
            foreach($v as $i => $j)
            {
                if(is_array($j))
                {
                    $mask = 0;
                    foreach($j as $l => $m)
                    {
                        $mask += sed_auth_getvalue($l);
                    }
                    $sql = sed_sql_query("UPDATE $db_auth SET auth_rights='$mask' WHERE auth_groupid='$g' AND auth_code='".sed_sql_prep($k)."' AND auth_option='".sed_sql_prep($i)."'");
                }
            }
        }

        sed_auth_reorder();
        sed_auth_clear('all');

        $adminwarnings = $L['Updated'];
    }
}

$jj=1;

/* === Hook for the plugins === */
$extp = sed_getextplugins('admin.rights.main');
if(is_array($extp))
{
    foreach($extp as $k => $pl)
    {
        include_once($cfg['plugins_dir'].'/'.$pl['pl_code'].'/'.$pl['pl_file'].'.php');
    }
}
/* ===== */

$sql1 = sed_sql_query("SELECT a.*, u.user_name FROM $db_auth as a
LEFT JOIN $db_users AS u ON u.user_id=a.auth_setbyuserid
WHERE auth_groupid='$g' AND auth_code IN ('admin', 'comments', 'index', 'message', 'pfs', 'polls', 'pm', 'ratings', 'users')
ORDER BY auth_code ASC");

sed_die(sed_sql_numrows($sql1) == 0);

$sql2 = sed_sql_query("SELECT a.*, u.user_name, f.fs_id, f.fs_title, f.fs_category FROM $db_auth as a
LEFT JOIN $db_users AS u ON u.user_id=a.auth_setbyuserid
LEFT JOIN $db_forum_sections AS f ON f.fs_id=a.auth_option
LEFT JOIN $db_forum_structure AS n ON n.fn_code=f.fs_category
WHERE auth_groupid='$g' AND auth_code='forums'
ORDER BY fn_path ASC, fs_order ASC, fs_title ASC");
$sql3 = sed_sql_query("SELECT a.*, u.user_name, s.structure_path FROM $db_auth as a
LEFT JOIN $db_users AS u ON u.user_id=a.auth_setbyuserid
LEFT JOIN $db_structure AS s ON s.structure_code=a.auth_option
WHERE auth_groupid='$g' AND auth_code='page'
ORDER BY structure_path ASC");
$sql4 = sed_sql_query("SELECT a.*, u.user_name FROM $db_auth as a
LEFT JOIN $db_users AS u ON u.user_id=a.auth_setbyuserid
WHERE auth_groupid='$g' AND auth_code='plug'
ORDER BY auth_option ASC");

$adminpath[] = ($advanced) ? array(sed_url('admin', 'm=rights&g='.$g.'&advanced=1'), $L['Rights']." / ".htmlspecialchars($sed_groups[$g]['title'])." (".$L['More'].")") : array(sed_url('admin', "m=rights&g=".$g), $L['Rights']." / ".htmlspecialchars($sed_groups[$g]['title']));

$adv_columns = ($advanced) ? 8 : 4;

function sed_rights_parseline($row, $title, $link, $name)
{
    global $L, $advanced, $t, $out;

    $mn['R'] = 1;
    $mn['W'] = 2;

    $mn['1'] = 4;

    if($advanced)
    {
        $mn['2'] = 8;
        $mn['3'] = 16;
        $mn['4'] = 32;
        $mn['5'] = 64;
    }
    else
    {
        $rv['2'] = 8;
        $rv['3'] = 16;
        $rv['4'] = 32;
        $rv['5'] = 64;
    }
    $mn['A'] = 128;

    foreach($mn as $code => $value)
    {
        $state[$code] = (($row['auth_rights'] & $value) == $value) ? TRUE : FALSE;
        $locked[$code] = (($row['auth_rights_lock'] & $value) == $value) ? TRUE : FALSE;
        $out['tpl_rights_parseline_locked'] = $locked[$code];
        $out['tpl_rights_parseline_state'] = $state[$code];

        $t -> assign(array(
            "ADMIN_RIGHTS_ROW_ITEMS_NAME" => "auth[".$row['auth_code']."][".$row['auth_option']."][".$code."]",
            "ADMIN_RIGHTS_ROW_ITEMS_CHECKED" => ($state[$code]) ? " checked=\"checked\"" : '',
            "ADMIN_RIGHTS_ROW_ITEMS_DISABLED" => ($locked[$code]) ? " disabled=\"disabled\"" : ''
        ));
        $t -> parse("RIGHTS.RIGHTS_ROW".$name.".ROW".$name."_ITEMS");
    }
   
    if (!$advanced)
    {
        $preserve = '';
        foreach($rv as $code => $value)
        {
            if (($row['auth_rights'] & $value) == $value)
            {
                $preserve .= '<input type="hidden" name="auth['.$row['auth_code'].']['.$row['auth_option'].']['.$code.']" value="1" />';
            }
        }
        $t->assign('ADMIN_RIGHTS_ROW_PRESERVE', $preserve);
    }

    $t -> assign(array(
        "ADMIN_RIGHTS_ROW_AUTH_CODE" => $row['auth_code'],
        "ADMIN_RIGHTS_ROW_TITLE" => $title,
        "ADMIN_RIGHTS_ROW_LINK" => $link,
        "ADMIN_RIGHTS_ROW_RIGHTSBYITEM" => sed_url('admin', "m=rightsbyitem&ic=".$row['auth_code']."&io=".$row['auth_option']),
        "ADMIN_RIGHTS_ROW_USER" => sed_build_user($row['auth_setbyuserid'], htmlspecialchars($row['user_name'])),
    ));
    $t -> parse("RIGHTS.RIGHTS_ROW".$name);
}

while($row = sed_sql_fetcharray($sql1))
{
    $link = sed_url('admin', "m=".$row['auth_code']);
    $title = $L['adm_code'][$row['auth_code']];
    sed_rights_parseline($row, $title, $link, '_CORE');
}

while($row = sed_sql_fetcharray($sql2))
{
    $link = sed_url('admin', "m=forums&n=edit&id=".$row['auth_option']);
    $title = htmlspecialchars(sed_build_forums($row['fs_id'], sed_cutstring($row['fs_title'],24), sed_cutstring($row['fs_category'],32), FALSE));
    sed_rights_parseline($row, $title, $link, '_FORUMS');
}

while($row = sed_sql_fetcharray($sql3))
{
    $link = sed_url('admin', "m=page");
    $title = $sed_cat[$row['auth_option']]['tpath'];
    sed_rights_parseline($row, $title, $link, '_PAGES');
}

while($row = sed_sql_fetcharray($sql4))
{
    $link = sed_url('admin', "m=plug&a=details&pl=".$row['auth_option']);
    $title = $L['Plugin']." : ".$row['auth_option'];
    sed_rights_parseline($row, $title, $link, '_PLUGINS');
}

/* === Hook for the plugins === */
$extp = sed_getextplugins('admin.rights.end');
if(is_array($extp))
{
    foreach($extp as $k => $pl)
    {
        include_once($cfg['plugins_dir'].'/'.$pl['pl_code'].'/'.$pl['pl_file'].'.php');
    }
}
/* ===== */

$is_adminwarnings = isset($adminwarnings);
$adv_for_url = ($advanced) ? '&advanced=1' : '';

$t -> assign(array(
    "ADMIN_RIGHTS_FORM_URL" => sed_url('admin', "m=rights&a=update&g=".$g.$adv_for_url),
    "ADMIN_RIGHTS_FORM_URL_AJAX" => ($cfg['jquery'] AND $cfg['turnajax']) ? " onsubmit=\"return ajaxSend({method: 'POST', formId: 'saverights', url: '".sed_url('admin','m=rights&ajax=1&a=update&g='.$g.$adv_for_url)."', divId: 'pagtab', errMsg: '".$L['ajaxSenderror']."'});\"" : "",
    "ADMIN_RIGHTS_ADVANCED_URL" => sed_url('admin', 'm=rights&g='.$g.'&advanced=1'),
    "ADMIN_RIGHTS_SELECTBOX_GROUPS" => sed_selectbox_groups(4, 'ncopyrightsfrom', array('5', $g)),
    "ADMIN_RIGHTS_ADV_COLUMNS" => $adv_columns,
    "ADMIN_RIGHTS_3ADV_COLUMNS" => 3 + $adv_columns,
    "ADMIN_RIGHTS_ADMINWARNINGS" => $adminwarnings
));

/* === Hook === */
$extp = sed_getextplugins('admin.rights.tags');
if (is_array($extp))
{ foreach($extp as $k => $pl) { include_once($cfg['plugins_dir'].'/'.$pl['pl_code'].'/'.$pl['pl_file'].'.php'); } }
/* ===== */

$t -> parse("RIGHTS");
$adminmain = $t -> text("RIGHTS");

$t -> parse("RIGHTS_HELP");
$adminhelp = $t -> text("RIGHTS_HELP");

if($ajax)
{
    sed_sendheaders();
    echo $adminmain;
    exit;
}

?>