@@ -79,8 +79,8 @@ function comment_reply($pid, $id) {
global$theme;
if($pid){
$item=db_fetch_object(db_query("SELECT c.*, u.name FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.cid = '$pid'"));
comment_view(newComment($item->name,$item->subject,$item->comment,$item->timestamp,$item->url,$item->fake_email,comment_score($comment),$comment->votes,$item->cid,$item->lid),t("reply to this comment"));
$item=db_fetch_object(db_query("SELECT c.*, u.name FROM comments c LEFT JOIN user u ON c.author = u.uid WHERE c.cid = '$pid'"));
comment_view(newComment($item->uid,$item->name,$item->subject,$item->comment,$item->timestamp,$item->url,comment_score($comment),$comment->votes,$item->cid,$item->lid),t("reply to this comment"));
}
else{
node_view(node_get_object(array("nid"=>$id)));
...
...
@@ -99,7 +99,7 @@ function comment_preview($edit) {
global$REQUEST_URI,$theme,$user;
// Preview comment:
comment_view(newComment($user->name,check_preview($edit[subject]),check_preview($edit[comment]),time(),check_preview($user->url),check_preview($user->fake_email),0,0,0,0),t("reply to this comment"));
comment_view(newComment($user->uid,$user->name,check_preview($edit[subject]),check_preview($edit[comment]),time(),check_preview($user->homepage),0,0,0,0),t("reply to this comment"));
$theme->box(t("Reply"),comment_form($edit));
}
...
...
@@ -125,7 +125,7 @@ function comment_post($edit) {
@@ -181,7 +181,7 @@ function comment_order($order) {
}
functioncomment_query($lid,$order,$pid=-1){
$query.="SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.lid = '$lid'";
$query.="SELECT c.*, u.* FROM comments c LEFT JOIN user u ON c.author = u.uid WHERE c.lid = '$lid'";
if($pid>=0)$query.=" AND pid = '$pid'";
if($order==1)$query.=" ORDER BY c.timestamp DESC";
elseif($order==2)$query.=" ORDER BY c.timestamp";
...
...
@@ -216,13 +216,13 @@ function comment_view($comment, $folded = 0) {
// display comment:
if($folded)$theme->comment($comment,$folded);
elseprint"<A HREF=\"".comment_uri("id=$comment->lid&cid=$comment->cid#$comment->cid")."\">".check_output($comment->subject)."</A> by ".format_name($comment->name)." <SMALL>($comment->score)</SMALL><P>";
elseprint"<A HREF=\"".comment_uri("id=$comment->lid&cid=$comment->cid#$comment->cid")."\">".check_output($comment->subject)."</A> by ".format_name($comment)." <SMALL>($comment->score)</SMALL><P>";
}
functioncomment_thread_min($cid,$threshold){
global$user;
$result=db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.pid = '$cid' ORDER BY c.timestamp, c.cid");
$result=db_query("SELECT c.*, u.* FROM comments c LEFT JOIN user u ON c.author = u.uid WHERE c.pid = '$cid' ORDER BY c.timestamp, c.cid");
@@ -16,7 +16,7 @@ function _node_get($conditions) {
}
if($type){
returndb_query("SELECT n.*, l.*, u.name FROM node n LEFT JOIN $type l ON n.lid = l.lid AND n.nid = l.nid LEFT JOIN users u ON n.author = u.id WHERE $where ORDER BY n.timestamp DESC");
returndb_query("SELECT n.*, l.*, u.uid, u.name FROM node n LEFT JOIN $type l ON n.lid = l.lid AND n.nid = l.nid LEFT JOIN user u ON n.author = u.uid WHERE $where ORDER BY n.timestamp DESC");
if($user->id)$result=db_query("SELECT * FROM blocks b LEFT JOIN layout l ON b.name = l.block WHERE (b.status = 2 OR (b.status = 1 AND l.user = '$user->id'))".(($region=="left"||$region=="right")?($region=="left"?" AND b.region = 0":" AND b.region = 1"):"")." ORDER BY weight");
if($user->uid)$result=db_query("SELECT * FROM blocks b LEFT JOIN layout l ON b.name = l.block WHERE (b.status = 2 OR (b.status = 1 AND l.user = '$user->uid'))".(($region=="left"||$region=="right")?($region=="left"?" AND b.region = 0":" AND b.region = 1"):"")." ORDER BY weight");
else$result=db_query("SELECT * FROM blocks WHERE status = 2".(($region=="left"||$region=="right")?($region=="left"?" AND region = 0":" AND region = 1"):"")." ORDER BY weight");
while($block=db_fetch_object($result)){
$blocks=module_invoke($block->module,"block");
...
...
@@ -109,8 +87,8 @@ function theme_moderation_results($theme, $node, $region) {
$result=db_query("SELECT u.*, r.perm FROM users u LEFT JOIN role r ON u.role = r.name WHERE (LOWER(u.userid) = LOWER('$userid') OR LOWER(u.name) = LOWER('$userid')) AND u.passwd = PASSWORD('$passwd') AND u.status = 2");
<P>Users have roles that define what kinds of actions they can take. Roles define classes of users such as <I>anonymous user</I>, <I>authenticated user</I>, <I>moderator</I>, <I>administrator</I> and so on. Every user can have one role.</P>
<P>Roles make it easier for you to manage security. Instead of defining what every single user can do, you can simply set a couple different permissions for different user roles.</P>
<P>Drupal comes with three built-in roles:</P>
<UL>
<LI>Anonymous user: this role is used for users that don't have a user account or that are not authenticated.</LI>
<LI>Registered user: this role is assigned automatically to authenticated users. Most users will belong to this user role unless specified otherwise.</LI>
</UL>
<P>For basic Drupal sites you can get by with <I>anonymous user</I> and <I>authenticated user</I> but for more complex sites where you want other users to be able to perform maintainance or administrative duties, you may want to create your own roles to classify your users into different groups.</P>
<H3>Permissions</H3>
<P>Each Drupal's permission describes a fine-grained logical operation such as <I>access administration pages</I> or <I>add and modify user accounts</I>. You could say a permission represents access granted to a user to perform a set of operations.</P>
<H3>Access control</H3>
<P>Roles tie users to permissions. The combination of roles and permissions represent a way to tie user authorization to the performance of actions, which is how Drupal can determine what users can do.</P>
<?php
}
functionaccess_perm(){
returnarray("access administration pages","administer roles and permissions");
}
functionaccess_link($type){
if($type=="admin"&&user_access("administer roles and permissions")){
$links[]="<a href=\"admin.php?mod=access\">roles and permissions</a>";
}
return$links?$links:array();
}
functionaccess_get_role($rid){
returndb_fetch_array(db_query("SELECT * FROM role WHERE rid = '".check_input($rid)."'"));
}
functionaccess_get_roles(){
$result=db_query("SELECT * FROM role ORDER BY name");
while($role=db_fetch_object($result)){
$roles[$role->name]=$role->name;
}
return$roles;
}
functionaccess_role_form($edit=array()){
global$REQUEST_URI;
$form.=form_textfield("Role name","name",$edit[name],50,64,"The name for this role. Example: 'moderator', 'editorial board', 'site architect'.");
$form.=form_submit("Submit");
if($edit[rid]){
$form.=form_submit(t("Delete"));
$form.=form_hidden("rid",$edit[rid]);
}
returnform($REQUEST_URI,$form);
}
functionaccess_role_save($edit){
if($edit[rid]&&$edit[name]){
db_query("UPDATE role SET name = '".check_input($edit[name])."' WHERE rid = '$edit[rid]'");
}
elseif($edit[rid]){
db_query("DELETE FROM role WHERE rid = '".check_input($edit[rid])."'");
}
else{
db_query("INSERT INTO role (name) VALUES ('".check_input($edit[name])."')");
}
}
functionaccess_role_view(){
$result=db_query("SELECT * FROM role ORDER BY name");