source code: ./othercms/Cotonti-0.6.25/system/core/admin/admin.rightsbyitem.inc.php

Seditio Source
./othercms/Cotonti-0.6.25/system/core/admin/admin.rightsbyitem.inc.php

<?php


/**


 * Administration panel - Rights by item editor


 *


 * @package Cotonti


 * @version 0.1.0


 * @author Neocrome, Cotonti Team


 * @copyright Copyright (c) Cotonti Team 2008-2009


 * @license BSD


 */





(defined('SED_CODE') && defined('SED_ADMIN')) or die('Wrong URL.');





list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = sed_auth('users', 'a');


$usr['isadmin'] &= sed_auth('admin', 'a', 'A');


sed_block($usr['isadmin']);





$t = new XTemplate(sed_skinfile('admin.rightsbyitem.inc', false, true));





$ic = sed_import('ic', 'G', 'ALP');


$io = sed_import('io', 'G', 'ALP');


$advanced = sed_import('advanced', 'G', 'BOL');


$ajax = sed_import('ajax', 'G', 'INT');


$ajax = empty($ajax) ? 0 : (int) $ajax;





$L['adm_code']['admin'] = $L['Administration'];


$L['adm_code']['comments'] = $L['Comments'];


$L['adm_code']['forums'] = $L['Forums'];


$L['adm_code']['index'] = $L['Home'];


$L['adm_code']['message'] = $L['Messages'];


$L['adm_code']['page'] = $L['Pages'];


$L['adm_code']['pfs'] = $L['PFS'];


$L['adm_code']['plug'] = $L['Plugin'];


$L['adm_code']['pm'] = $L['Private_Messages'];


$L['adm_code']['polls'] = $L['Polls'];


$L['adm_code']['ratings'] = $L['Ratings'];


$L['adm_code']['users'] = $L['Users'];





/* === Hook === */


$extp = sed_getextplugins('admin.rightsbyitem.first');


if (is_array($extp))


{ foreach($extp as $k => $pl) { include_once($cfg['plugins_dir'].'/'.$pl['pl_code'].'/'.$pl['pl_file'].'.php'); } }


/* ===== */





if($a == 'update')


{


    $mask = array();


    $auth = sed_import('auth', 'P', 'ARR');





    /* === Hook === */


    $extp = sed_getextplugins('admin.rightsbyitem.update');


    if (is_array($extp))


    { foreach($extp as $k => $pl) { include_once($cfg['plugins_dir'].'/'.$pl['pl_code'].'/'.$pl['pl_file'].'.php'); } }


    /* ===== */





    $sql = sed_sql_query("UPDATE $db_auth SET auth_rights=0 WHERE auth_code='$ic' AND auth_option='$io'");





    foreach($auth as $i => $j)


    {


        if(is_array($j))


        {


            $mask = 0;


            foreach($j as $l => $m)


            {


                $mask += sed_auth_getvalue($l);


            }


            $i = (int) $i;


            $sql = sed_sql_query("UPDATE $db_auth SET auth_rights='$mask' WHERE auth_groupid='$i' AND auth_code='$ic' AND auth_option='$io'");


        }


    }





    sed_auth_reorder();


    sed_auth_clear('all');





    $adminwarnings = $L['Updated'];


}





$sql = sed_sql_query("SELECT a.*, u.user_name, g.grp_title, g.grp_level FROM $db_auth as a


LEFT JOIN $db_users AS u ON u.user_id=a.auth_setbyuserid


LEFT JOIN $db_groups AS g ON g.grp_id=a.auth_groupid


WHERE auth_code='$ic' AND auth_option='$io' ORDER BY grp_level DESC");





sed_die(sed_sql_numrows($sql) == 0);





switch($ic)


{


    case 'page':


        $title = " : ".$sed_cat[$io]['title'];


    break;





    case 'forums':


        $forum = sed_forum_info($io);


        $title = " : ".htmlspecialchars($forum['fs_title'])." (#".$io.")";


    break;





    case 'plug':


        $title = " : ".$io;


    break;





    default:


        $title = ($io == 'a') ? '' : $io;


    break;


}





/* === Hook for the plugins === */


$extp = sed_getextplugins('admin.rightsbyitem.case');


if(is_array($extp))


{


    foreach($extp as $k => $pl)


    {


        include_once($cfg['plugins_dir'].'/'.$pl['pl_code'].'/'.$pl['pl_file'].'.php');


    }


}


/* ===== */





$adminpath[] = ($advanced) ? array(sed_url('admin', 'm=rightsbyitem&ic='.$ic.'&io='.$io.'&advanced=1'), $L['Rights']." / ".$L['adm_code'][$ic].$title.' ('.$L['More'].')') : array(sed_url('admin', 'm=rightsbyitem&ic='.$ic.'&io='.$io), $L['Rights']." / ".$L['adm_code'][$ic].$title);





$adv_columns = ($advanced) ? 8 : 3;


$adv_columns = (!$advanced && $ic == 'page') ? 4 : $adv_columns;





$l_custom1 = ($ic == 'page') ? $L['Download'] : $L['Custom'].' #1';





function sed_rights_parseline($row, $title, $link)


{


    global $L, $advanced, $t, $out, $ic;





    $mn['R'] = 1;


    $mn['W'] = 2;





    if($advanced || $ic == 'page')


    {


        $mn['1'] = 4;


    }


    else


    {


        $rv['1'] = 4;


    }





    if($advanced)


    {


        $mn['2'] = 8;


        $mn['3'] = 16;


        $mn['4'] = 32;


        $mn['5'] = 64;


    }


    else


    {


        $rv['2'] = 8;


        $rv['3'] = 16;


        $rv['4'] = 32;


        $rv['5'] = 64;


    }


    $mn['A'] = 128;





    foreach($mn as $code => $value)


    {


        $state[$code] = (($row['auth_rights'] & $value) == $value) ? TRUE : FALSE;


        $locked[$code] = (($row['auth_rights_lock'] & $value) == $value) ? TRUE : FALSE;


        $out['tpl_rights_parseline_locked'] = $locked[$code];


        $out['tpl_rights_parseline_state'] = $state[$code];





        $t -> assign(array(


            "ADMIN_RIGHTSBYITEM_ROW_ITEMS_NAME" => "auth[".$row['auth_groupid']."][".$code."]",


            "ADMIN_RIGHTSBYITEM_ROW_ITEMS_CHECKED" => ($state[$code]) ? " checked=\"checked\"" : '',


            "ADMIN_RIGHTSBYITEM_ROW_ITEMS_DISABLED" => ($locked[$code]) ? " disabled=\"disabled\"" : ''


        ));


        $t -> parse("RIGHTSBYITEM.RIGHTSBYITEM_ROW.ROW_ITEMS");


    }





    if (!$advanced)


    {


        $preserve = '';


        foreach($rv as $code => $value)


        {


            if (($row['auth_rights'] & $value) == $value)


            {


                $preserve .= '<input type="hidden" name="auth['.$row['auth_groupid'].']['.$code.']" value="1" />';


            }


        }


        $t->assign('ADMIN_RIGHTSBYITEM_ROW_PRESERVE', $preserve);


    }





    $t -> assign(array(


        "ADMIN_RIGHTSBYITEM_ROW_TITLE" => $title,


        "ADMIN_RIGHTSBYITEM_ROW_LINK" => $link,


        "ADMIN_RIGHTSBYITEM_ROW_USER" => sed_build_user($row['auth_setbyuserid'], htmlspecialchars($row['user_name'])),


        "ADMIN_RIGHTSBYITEM_ROW_JUMPTO" => sed_url('users', "g=".$row['auth_groupid']),


    ));


    $t -> parse("RIGHTSBYITEM.RIGHTSBYITEM_ROW");


}





while($row = sed_sql_fetcharray($sql))


{


    $link = sed_url('admin', "m=rights&g=".$row['auth_groupid']);


    $title = htmlspecialchars($row['grp_title']);


    sed_rights_parseline($row, $title, $link);


}





$is_adminwarnings = isset($adminwarnings);


$adv_for_url = ($advanced) ? '&advanced=1' : '';





$t -> assign(array(


    "ADMIN_RIGHTSBYITEM_FORM_URL" => sed_url('admin', "m=rightsbyitem&a=update&ic=".$ic."&io=".$io.$adv_for_url),


    "ADMIN_RIGHTSBYITEM_FORM_URL_AJAX" => ($cfg['jquery'] AND $cfg['turnajax']) ? " onsubmit=\"return ajaxSend({method: 'POST', formId: 'saverightsbyitem', url: '".sed_url('admin','m=rightsbyitem&ajax=1&a=update&ic='.$ic.'&io='.$io.$adv_for_url)."', divId: 'pagtab', errMsg: '".$L['ajaxSenderror']."'});\"" : "",


    "ADMIN_RIGHTSBYITEM_ADVANCED_URL" => sed_url('admin', 'm=rightsbyitem&ic='.$ic.'&io='.$io.'&advanced=1'),


    "ADMIN_RIGHTSBYITEM_ADV_COLUMNS" => $adv_columns,


    "ADMIN_RIGHTSBYITEM_3ADV_COLUMNS" => 3 + $adv_columns,


    "ADMIN_RIGHTSBYITEM_ADMINWARNINGS" => $adminwarnings


));





/* === Hook === */


$extp = sed_getextplugins('admin.rightsbyitem.tags');


if (is_array($extp))


{ foreach($extp as $k => $pl) { include_once($cfg['plugins_dir'].'/'.$pl['pl_code'].'/'.$pl['pl_file'].'.php'); } }


/* ===== */





$t -> parse("RIGHTSBYITEM");


$adminmain = $t -> text("RIGHTSBYITEM");





$t -> parse("RIGHTSBYITEM_HELP");


$adminhelp = $t -> text("RIGHTSBYITEM_HELP");





if($ajax)


{


    sed_sendheaders();


    echo $adminmain;


    exit;


}





?>