From 4371b627d51ffc5af9498fa1877d8e519a5f2c6e Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Sun, 18 Feb 2001 15:14:56 +0000
Subject: [PATCH] - added fine-grained user permission system which allows us
to give certain users access to specific administration sections only.
Ex. a FAQ maintainer can only edit the FAQ, and members of an
"editorial board" can only edit comments, diaries and stories, .. -
code review => rewrote include/user.inc which is much easier now - fixed 4
small bugs
---
INSTALL | 6 +--
account.php | 39 ++++--------------
admin.php | 12 +++---
database/database.mysql | 2 +-
includes/comment.inc | 13 ++----
includes/common.inc | 10 ++---
includes/function.inc | 2 +-
includes/locale.inc | 2 +-
includes/story.inc | 2 +-
includes/theme.inc | 8 ++--
includes/user.inc | 72 +++++++++++++++-------------------
includes/watchdog.inc | 6 +--
modules/account.module | 39 ++++++++++--------
modules/comment.module | 2 +-
modules/comment/comment.module | 2 +-
modules/diary.module | 2 +-
modules/story.module | 2 +-
modules/story/story.module | 2 +-
modules/submission.module | 10 ++---
updates/1.00-to-1.xx | 35 +++++++++--------
20 files changed, 120 insertions(+), 148 deletions(-)
diff --git a/INSTALL b/INSTALL
index 362dec0abf62..3be4e3b954c6 100644
--- a/INSTALL
+++ b/INSTALL
@@ -3,7 +3,5 @@
- online installation guidelines
* http://drop.org/module.php?mod=drupal
- - drupal project page if you would like to get involved in the
- ongoing development
-
-
+ - drupal project page for those willing to get involved in the
+ ongoing development
\ No newline at end of file
diff --git a/account.php b/account.php
index 6a2ff7b5f5fa..8cd7be4e5d88 100644
--- a/account.php
+++ b/account.php
@@ -41,15 +41,9 @@ function account_create($user = "", $error = "") {
function account_session_start($userid, $passwd) {
global $user;
-
- $user = new User($userid, $passwd);
- if ($user->id) {
- session_register("user");
- watchdog("message", "session opened for user `$user->userid'");
- }
- else {
- watchdog("warning", "failed login for user `$userid'");
- }
+ if ($userid && $passwd) $user = new User($userid, $passwd);
+ if ($user->id) session_register("user");
+ watchdog("message", ($user->id ? "session opened for user `$user->userid'" : "failed login for user `$userid'"));
}
function account_session_close() {
@@ -117,17 +111,9 @@ function account_user_edit() {
function account_user_save($edit) {
global $user;
-
if ($user->id) {
- $data[name] = $edit[name];
- $data[fake_email] = $edit[fake_email];
- $data[url] = $edit[url];
- $data[bio] = $edit[bio];
- $data[signature] = $edit[signature];
-
- if ($edit[pass1] && $edit[pass1] == $edit[pass2]) $data[passwd] = $edit[pass1];
-
- user_save($data, $user->id);
+ $user = user_save($user, array("name" => $edit[name], "fake_email" => $edit[fake_email], "url" => $edit[url], "bio" => $edit[bio], "signature" => $edit[signature]));
+ if ($edit[pass1] && $edit[pass1] == $edit[pass2]) $user = user_save($user, array("passwd" => $edit[pass1]));
}
}
@@ -188,16 +174,8 @@ function account_site_edit() {
function account_site_save($edit) {
global $user;
-
if ($user->id) {
- $data[theme] = $edit[theme];
- $data[timezone] = $edit[timezone];
- $data[language] = $edit[language];
- $data[stories] = $edit[stories];
- $data[mode] = $edit[mode];
- $data[sort] = $edit[sort];
- $data[threshold] = $edit[threshold];
- user_save($data, $user->id);
+ $user = user_save($user, array("theme" => $edit[theme], "timezone" => $edit[timezone], "language" => $edit[language], "stories" => $edit[stories], "mode" => $edit[mode], "sort" => $edit[sort], "threshold" => $edit[threshold]));
}
}
@@ -363,10 +341,9 @@ function account_create_submit($userid, $email) {
}
else {
$new[passwd] = account_password();
- $new[status] = 1;
- $new[hash] = substr(md5("$new[userid]. ". time() .""), 0, 12);
+ $new[hash] = substr(md5("$new[userid]. ". time()), 0, 12);
- user_save($new);
+ $user = user_save("", array("userid" => $new[userid], "real_email" => $new[real_email], "passwd" => $new[passwd], "status" => 1, "hash" => $new[hash]));
$link = $site_url ."account.php?op=confirm&name=$new[userid]&hash=$new[hash]";
$subject = strtr(t("Account details for %a"), array("%a" => $site_name));
diff --git a/admin.php b/admin.php
index 74d575ed1fb6..5281cc9d1030 100644
--- a/admin.php
+++ b/admin.php
@@ -2,15 +2,15 @@
include_once "includes/common.inc";
-// validate user permission:
-if (!user_permission($user)) exit();
+// validate user access:
+if (!user_access($user)) exit();
function admin_page($mod) {
- global $repository, $site_name, $menu, $modules;
+ global $repository, $site_name, $menu, $modules, $user;
function module($name, $module) {
- global $menu, $modules;
- if ($module["admin"]) $output .= "<A HREF=\"admin.php?mod=$name\">$name</A> | ";
+ global $menu, $modules, $user;
+ if ($module["admin"]) $output .= (user_access($user, $name) ? "<A HREF=\"admin.php?mod=$name\">$name</A> | " : " $name | ");
$menu .= $output;
}
@@ -37,7 +37,7 @@ function module($name, $module) {
<HR><? echo $menu; ?><A HREF="">home</A><HR>
<?
- module_execute($mod, "admin");
+ if (user_access($user, $mod)) module_execute($mod, "admin");
?>
</BODY>
diff --git a/database/database.mysql b/database/database.mysql
index 07cd2813e669..e91d313eb467 100644
--- a/database/database.mysql
+++ b/database/database.mysql
@@ -170,7 +170,7 @@ CREATE TABLE users (
signature varchar(255) DEFAULT '' NOT NULL,
last_access int(10) unsigned,
last_host varchar(255),
- permissions int(10) unsigned DEFAULT '0' NOT NULL,
+ access varchar(255) DEFAULT '' NOT NULL,
status tinyint(4) DEFAULT '0' NOT NULL,
history text NOT NULL,
hash varchar(12) DEFAULT '' NOT NULL,
diff --git a/includes/comment.inc b/includes/comment.inc
index c64a3e4ddf2c..44909ac651ec 100644
--- a/includes/comment.inc
+++ b/includes/comment.inc
@@ -32,12 +32,12 @@ function comment_moderate($moderate) {
$none = $comment_votes[key($comment_votes)];
foreach ($moderate as $id=>$vote) {
- if ($vote != $comment_votes[$none] && !user_get_history($user->history, "c$id")) {
+ if ($vote != $comment_votes[$none] && !user_get($user, "history", "c$id")) {
// Update the comment's score:
$result = db_query("UPDATE comments SET score = score $vote, votes = votes + 1 WHERE cid = $id");
// Update the user's history:
- user_set_history("c$id", $vote);
+ $user = user_set($user, "history", "c$id", $vote);
}
}
}
@@ -45,12 +45,7 @@ function comment_moderate($moderate) {
function comment_settings($mode, $order, $threshold) {
global $user;
- if ($user->id) {
- $data[mode] = $mode;
- $data[sort] = $order;
- $data[threshold] = $threshold;
- user_save($data, $user->id);
- }
+ if ($user->id) $user = user_save($user, array("mode" => $mode, "sort" => $order, "threshold" => $threshold));
}
function comment_reply($pid, $id) {
@@ -180,7 +175,7 @@ function comment_moderation($comment) {
if ($op == "reply") {
$output .= " ";
}
- else if ($user->id && $user->userid != $comment->userid && !user_get_history($user->history, "c$comment->cid")) {
+ else if ($user->id && $user->userid != $comment->userid && !user_get($user, "history", "c$comment->cid")) {
$output .= "<SELECT NAME=\"moderate[$comment->cid]\">\n";
foreach ($comment_votes as $key=>$value) $output .= " <OPTION VALUE=\"$value\">$key</OPTION>\n";
$output .= "</SELECT>\n";
diff --git a/includes/common.inc b/includes/common.inc
index 7ee1034c6877..046f6a1cf204 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -1,6 +1,6 @@
<?
-function conf_load() {
+function conf_init() {
global $HTTP_HOST, $REQUEST_URI;
$file = strtr($HTTP_HOST ."". substr($REQUEST_URI, 0, strrpos($REQUEST_URI, "/")), "/:", "..");
while ($file && !file_exists("includes/$file.conf")) {
@@ -9,7 +9,7 @@ function conf_load() {
return $file;
}
-$conf = conf_load();
+$conf = conf_init();
include_once "includes/$conf.conf";
include_once "includes/database.inc";
@@ -21,8 +21,8 @@ function conf_load() {
include_once "includes/theme.inc";
include_once "includes/user.inc";
-user_load();
-$locale = locale_load();
-$theme = theme_load();
+user_init();
+$locale = locale_init();
+$theme = theme_init();
?>
\ No newline at end of file
diff --git a/includes/function.inc b/includes/function.inc
index 04402f5a7783..44ec40baaaff 100644
--- a/includes/function.inc
+++ b/includes/function.inc
@@ -76,7 +76,7 @@ function format_date($timestamp, $type = "medium") {
function format_username($username) {
global $user;
- if ($username) return (user_permission($user) ? "<A HREF=\"admin.php?mod=account&op=view&name=$username\">$username</A>" : "<A HREF=\"account.php?op=view&name=$username\">$username</A>");
+ if ($username) return (user_access($user, "account") ? "<A HREF=\"admin.php?mod=account&op=view&name=$username\">$username</A>" : "<A HREF=\"account.php?op=view&name=$username\">$username</A>");
else { global $anonymous; return $anonymous; }
}
diff --git a/includes/locale.inc b/includes/locale.inc
index 50d07a7dd028..8b717b3ef1fc 100644
--- a/includes/locale.inc
+++ b/includes/locale.inc
@@ -1,6 +1,6 @@
<?
-function locale_load() {
+function locale_init() {
global $languages, $user;
return ($user->id && $user->language) ? $user->language : key($languages);
}
diff --git a/includes/story.inc b/includes/story.inc
index 04e93661a869..5d99505d6904 100644
--- a/includes/story.inc
+++ b/includes/story.inc
@@ -13,7 +13,7 @@ function Story($userid, $subject, $abstract, $article, $section, $timestamp) {
function story_visible($story) {
global $user;
- return ($story->status == 2) || ($story->status == 1 && $user->id) || user_permission($user);
+ return ($story->status == 2) || ($story->status == 1 && $user->id) || user_access($user, "story");
}
?>
\ No newline at end of file
diff --git a/includes/theme.inc b/includes/theme.inc
index 1bdff7b410c4..d5ea7dc87b01 100644
--- a/includes/theme.inc
+++ b/includes/theme.inc
@@ -1,6 +1,6 @@
<?
-function theme_load() {
+function theme_init() {
global $user, $themes;
if ($user->theme && file_exists($themes[$user->theme][0])) {
@@ -39,7 +39,7 @@ function menu($name, $module) {
$content .= "<LI><A HREF=\"account.php?op=edit&topic=content\">". t("edit your content") ."</A></LI>\n";
$content .= "<P>\n";
- if (user_permission($user)) {
+ if (user_access($user)) {
$content .= "<LI><A HREF=\"admin.php\">administer ". $site_name ."</A></LI>\n";
$content .= "<P>\n";
}
@@ -95,10 +95,10 @@ function theme_morelink($theme, $story) {
function theme_moderation_results($theme, $story) {
global $user;
- if ($user->id && $story->id && ($user->id == $story->author || user_get_history($user->history, "s$story->id"))) {
+ if ($user->id && $story->id && ($user->id == $story->author || user_get($user, "history", "s$story->id"))) {
$result = db_query("SELECT * FROM users WHERE history LIKE '%s$story->id%'");
while ($account = db_fetch_object($result)) {
- $output .= format_username($account->userid) ." voted `". user_get_history($account->history, "s$story->id") ."'.<BR>";
+ $output .= format_username($account->userid) ." voted `". user_get($account, "history", "s$story->id") ."'.<BR>";
}
$theme->box("Moderation results", ($output ? $output : "This story has not been moderated yet."));
diff --git a/includes/user.inc b/includes/user.inc
index 9c4f38f66834..0bb12d0ec4ac 100644
--- a/includes/user.inc
+++ b/includes/user.inc
@@ -6,46 +6,46 @@ function User($userid, $passwd = 0) {
$result = db_query("SELECT * FROM users WHERE LOWER(userid) = LOWER('$userid') && passwd = PASSWORD('$passwd') && STATUS = 2");
if (db_num_rows($result) == 1) {
foreach (db_fetch_row($result) as $key=>$value) { $field = mysql_field_name($result, $key); $this->$field = stripslashes($value); $this->field[] = $field; }
- db_query("UPDATE users SET last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_HOST]' WHERE id = $this->id");
+ db_query("UPDATE users SET last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_ADDR]' WHERE id = $this->id");
}
}
else {
$result = db_query("SELECT * FROM users WHERE userid = '$userid' && STATUS = 2");
if (db_num_rows($result) == 1) {
foreach (db_fetch_row($result) as $key=>$value) { $field = mysql_field_name($result, $key); $this->$field = stripslashes($value); $this->field[] = $field; }
- db_query("UPDATE users SET last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_HOST]' WHERE id = $this->id");
+ db_query("UPDATE users SET last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_ADDR]' WHERE id = $this->id");
}
}
}
}
-function user_load() {
+function user_init() {
global $db_name;
session_name($db_name);
session_start();
}
-function user_save($data, $id = 0) {
- global $user;
+function user_load($username) {
+ return new User($username);
+}
- foreach ($data as $key=>$value) {
+function user_save($account, $array) {
+ // dynamically compose query:
+ foreach ($array as $key=>$value) {
if ($key == "passwd") $query .= "$key = PASSWORD('". addslashes($value) ."'), ";
else $query .= "$key = '". addslashes($value) ."', ";
}
- if (empty($id)) {
- db_query("INSERT INTO users SET $query last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_HOST]'");
- }
- else {
- db_query("UPDATE users SET $query last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_HOST]' WHERE id = $id");
- $result = db_query("SELECT * FROM users WHERE id = $id AND status = 2");
- if (db_num_rows($result) == 1) foreach (db_fetch_array($result) as $key=>$value) { $user->$key = stripslashes($value); }
- else $user = 0;
- }
+ // update or instert account:
+ if ($account->id) db_query("UPDATE users SET $query last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_ADDR]' WHERE id = '$account->id'");
+ else db_query("INSERT INTO users SET $query last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_ADDR]'");
+
+ // return account:
+ return user_load(($account->userid ? $account->userid : $array["userid"]));
}
-function user_get_history($history, $field) {
- $data = explode(";", $history);
+function user_get($account, $column, $field) {
+ $data = explode(";", $account->$column);
for (reset($data); current($data); next($data)) {
$entry = explode(":", current($data));
if (reset($entry) == $field) $rval = end($entry);
@@ -53,46 +53,38 @@ function user_get_history($history, $field) {
return $rval;
}
-function user_set_history($field, $value) {
- global $user;
- $history = $user->history;
+function user_set($account, $column, $name, $value) {
+ $field = $account->$column;
+
if (!$value) {
// remove entry:
- $data = explode(";", $history);
+ $data = explode(";", $field);
for (reset($data); current($data); next($data)) {
$entry = explode(":", current($data));
- if ($entry[0] != $field) $rval .= "$entry[0]:$entry[1];";
+ if ($entry[0] != $name) $rval .= "$entry[0]:$entry[1];";
}
}
- else if (strstr($history, "$field:")) {
+ else if (strstr($field, "$name:")) {
// found: update exsisting entry:
- $data = explode(";", $history);
+ $data = explode(";", $field);
for (reset($data); current($data); next($data)) {
$entry = explode(":", current($data));
- if ($entry[0] == $field) $entry[1] = $value;
+ if ($entry[0] == $name) $entry[1] = $value;
$rval .= "$entry[0]:$entry[1];";
}
}
else {
- // not found: add new entry:
- $rval = "$history$field:$value;";
+ // not found:
+ $rval = "$field$name:$value;";
}
- $user->history = $rval;
-
- // save new history:
- $query .= "UPDATE users SET ";
- foreach ($user->field as $key=>$field) { $value = $user->$field; $query .= "$field = '". addslashes($value) ."', "; }
- $query .= " id = $user->id WHERE id = $user->id";
- db_query($query);
-}
-function user_rehash() {
- global $user;
- if ($user->id) $user = new User($user->userid);
+ return user_save($account, array($column => $rval));
}
-function user_permission($account) {
- return ($account->permissions == 1 || $account->id == 1);
+function user_access($account, $section = 0) {
+// print $account->userid ." ". $account->access ."<P>";
+ if ($section) return (user_get($account, "access", $section) || $account->id == 1);
+ else return ($account->access || $account->id == 1);
}
?>
\ No newline at end of file
diff --git a/includes/watchdog.inc b/includes/watchdog.inc
index 2eb0baf2c1ec..da24d79d877d 100644
--- a/includes/watchdog.inc
+++ b/includes/watchdog.inc
@@ -9,8 +9,8 @@
function watchdog($id, $message) {
global $user, $watchdog, $watchdog_history;
-/*
- if ($watchdog[$id][1] && !user_permission($user)) {
+
+ if ($watchdog[$id][1] && !user_access($user, "watchdog")) {
if ($log = db_fetch_object(db_query("SELECT * FROM watchdog WHERE hostname = '". getenv("REMOTE_ADDR") ."' AND level = '". $watchdog[$id][0] ."'"))) {
if (time() - $log->timestamp < $watchdog[$id][1]) {
watchdog("warning", "'". getenv("REMOTE_ADDR") ."' exceeded '$id' submission rate");
@@ -19,7 +19,7 @@ function watchdog($id, $message) {
}
}
}
-*/
+
// Perform query to add new watchdog entry:
db_query("INSERT INTO watchdog (level, timestamp, user, message, location, hostname) VALUES ('". $watchdog[$id][0] ."', '". time() ."', '". check_input($user->id) ."', '". check_input($message) ."', '". check_input(getenv("REQUEST_URI")) ."', '". check_input(getenv("REMOTE_ADDR")) ."')");
}
diff --git a/modules/account.module b/modules/account.module
index 26466e6b54b7..c92cbfbd55be 100644
--- a/modules/account.module
+++ b/modules/account.module
@@ -63,7 +63,7 @@ function account_find($keys) {
$find = array();
$result = db_query("SELECT * FROM users WHERE userid LIKE '%". check_input($keys) ."%' LIMIT 20");
while ($account = db_fetch_object($result)) {
- array_push($find, array("subject" => $account->userid, "link" => (user_permission($user) ? "admin.php?mod=account&op=view&name=$account->userid" : "account.php?op=view&name=$account->userid"), "user" => $account->userid));
+ array_push($find, array("subject" => $account->userid, "link" => (user_access($user, "account") ? "admin.php?mod=account&op=view&name=$account->userid" : "account.php?op=view&name=$account->userid"), "user" => $account->userid));
}
return $find;
}
@@ -75,7 +75,7 @@ function account_search() {
}
function account_display($order = "username") {
- $sort = array("ID" => "id", "fake e-mail address" => "fake_email", "hostname" => "last_host DESC", "last access date" => "last_access DESC", "real e-mail address" => "real_email", "real name" => "name", "permissions" => "permissions", "rating" => "rating DESC", "status" => "status", "theme" => "theme", "timezone" => "timezone DESC", "username" => "userid");
+ $sort = array("ID" => "id", "fake e-mail address" => "fake_email", "hostname" => "last_host DESC", "last access date" => "last_access DESC", "real e-mail address" => "real_email", "real name" => "name", "rating" => "rating DESC", "status" => "status", "theme" => "theme", "timezone" => "timezone DESC", "username" => "userid");
$show = array("ID" => "id", "username" => "userid", "$order" => "$sort[$order]", "homepage" => "url");
$stat = array(0 => "blocked", 1 => "not confirmed", 2 => "open");
$perm = array(0 => "regular user", 1 => "administrator");
@@ -118,9 +118,6 @@ function account_display($order = "username") {
case "status":
$output .= " <TD ALIGN=\"center\">". $stat[$account[$value]] ."</TD>\n";
break;
- case "permissions":
- $output .= " <TD ALIGN=\"center\">". $perm[$account[$value]] ."</TD>\n";
- break;
case "timezone":
$output .= " <TD ALIGN=\"center\">". check_output($account[$value] / 3600) ."</TD>\n";
break;
@@ -142,6 +139,15 @@ function account_display($order = "username") {
print $output;
}
+function account_access($account) {
+ $data = explode(";", $account->access);
+ foreach ($data as $array) {
+ $access = explode(":", $array);
+ if ($access[0]) $output .= " <A HREF=\"admin.php?mod=$access[0]\">$access[0]</A>";
+ }
+ return $output;
+}
+
function account_blocks($id) {
$result = db_query("SELECT * FROM layout WHERE user = $id");
while ($layout = db_fetch_object($result)) {
@@ -167,17 +173,22 @@ function account_comments($id) {
}
function account_edit_save($name, $edit) {
- foreach ($edit as $key=>$value) {
- $query .= "$key = '". addslashes($value) ."', ";
- }
+ foreach ($edit as $key=>$value) if ($key != "access") $query .= "$key = '". addslashes($value) ."', ";
db_query("UPDATE users SET $query last_access = '". time() ."' WHERE userid = '$name'");
+ foreach ($edit[access] as $key=>$value) user_set(user_load($name), "access", $value, 1);
watchdog("message", "account: modified user '$name'");
}
function account_edit($name) {
+ global $access, $account;
+
+ function access($name, $module) {
+ global $access, $account;
+ $access .= "<OPTION VALUE=\"$name\"". (user_access($account, $name) ? " SELECTED" : "") .">$name</OPTION>";
+ }
+
$status = array(0 => "blocked", 1 => "not confirmed", 2 => "open");
- $permissions = array(0 => "regular user", 1 => "administrator");
$result = db_query("SELECT * FROM users WHERE userid = '$name'");
@@ -187,21 +198,18 @@ function account_edit($name) {
}
$stat = "<SELECT NAME=\"edit[status]\">\n$stat</SELECT>\n";
- foreach ($permissions as $key=>$value) {
- $perm .= " <OPTION VALUE=\"$key\"". (($account->permissions == $key) ? " SELECTED" : "") .">$value</OPTION>\n";
- }
- $perm = "<SELECT NAME=\"edit[permissions]\">\n$perm</SELECT>\n";
+ module_iterate("access");
$output .= "<FORM ACTION=\"admin.php?mod=account\" METHOD=\"post\">\n";
$output .= "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n";
$output .= " <TR><TD ALIGN=\"right\"><B>ID:</B></TD><TD>$account->id</TD></TR>\n";
$output .= " <TR><TD ALIGN=\"right\"><B>Status:</B></TD><TD>$stat</TD></TR>\n";
+ $output .= " <TR><TD ALIGN=\"right\"><B>Access:</B></TD><TD><SELECT NAME=\"edit[access][]\" MULTIPLE=\"true\" SIZE=\"10\">$access</SELECT></TD></TR>\n";
$output .= " <TR><TD ALIGN=\"right\"><B>Username:</B></TD><TD>$account->userid</TD></TR>\n";
$output .= " <TR><TD ALIGN=\"right\"><B>Real name:</B></TD><TD>". check_output($account->name) ."</TD></TR>\n";
$output .= " <TR><TD ALIGN=\"right\"><B>Real e-mail address:</B></TD><TD>". format_email($account->real_email) ."</TD></TR>\n";
$output .= " <TR><TD ALIGN=\"right\"><B>Fake e-mail address:</B></TD><TD><INPUT NAME=\"edit[fake_email]\" SIZE=\"55\" VALUE=\"$account->fake_email\"></TD></TR>\n";
$output .= " <TR><TD ALIGN=\"right\"><B>URL of homepage:</B></TD><TD><INPUT NAME=\"edit[url]\" SIZE=\"55\" VALUE=\"$account->url\"></TD></TR>\n";
- $output .= " <TR><TD ALIGN=\"right\"><B>Permissions:</B></TD><TD>$perm</TD></TR>\n";
$output .= " <TR><TD ALIGN=\"right\"><B>Last access:</B></TD><TD>". format_date($account->last_access) ." from ". check_output($account->last_host) ."</TD></TR>\n";
$output .= " <TR><TD ALIGN=\"right\"><B>User rating:</B></TD><TD>". check_output($account->rating) ."</TD></TR>\n";
$output .= " <TR><TD ALIGN=\"right\"><B>Bio information:</B></TD><TD><TEXTAREA NAME=\"edit[bio]\" COLS=\"35\" ROWS=\"5\" WRAP=\"virtual\">$account->bio</TEXTAREA></TD></TR>\n";
@@ -221,7 +229,6 @@ function account_edit($name) {
function account_view($name) {
$status = array(0 => "blocked", 1 => "not confirmed", 2 => "open");
- $permissions = array(0 => "regular user", 1 => "administrator");
$result = db_query("SELECT * FROM users WHERE userid = '$name'");
@@ -229,12 +236,12 @@ function account_view($name) {
$output .= "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n";
$output .= " <TR><TD ALIGN=\"right\"><B>ID:</B></TD><TD><A HREF=\"admin.php?mod=account&op=edit&name=$account->userid\">$account->id</A></TD></TR>\n";
$output .= " <TR><TD ALIGN=\"right\"><B>Status:</B></TD><TD>". $status[$account->status] ."</TD></TR>\n";
+ $output .= " <TR><TD ALIGN=\"right\"><B>Access:</B></TD><TD>". check_output(account_access($account)) ."</TD></TR>\n";
$output .= " <TR><TD ALIGN=\"right\"><B>Username:</B></TD><TD>$account->userid</TD></TR>\n";
$output .= " <TR><TD ALIGN=\"right\"><B>Real name:</B></TD><TD>". check_output($account->name) ."</TD></TR>\n";
$output .= " <TR><TD ALIGN=\"right\"><B>Real e-mail address:</B></TD><TD>". format_email($account->real_email) ."</TD></TR>\n";
$output .= " <TR><TD ALIGN=\"right\"><B>Fake e-mail address:</B></TD><TD>". check_output($account->fake_email) ."</TD></TR>\n";
$output .= " <TR><TD ALIGN=\"right\"><B>URL of homepage:</B></TD><TD>". format_url($account->url) ."</TD></TR>\n";
- $output .= " <TR><TD ALIGN=\"right\"><B>Permissions:</B></TD><TD>". $permissions[$account->permissions] ."</TD></TR>\n";
$output .= " <TR><TD ALIGN=\"right\"><B>Last access:</B></TD><TD>". format_date($account->last_access) ." from ". check_output($account->last_host) ."</TD></TR>\n";
$output .= " <TR><TD ALIGN=\"right\"><B>User rating:</B></TD><TD>". check_output($account->rating) ."</TD></TR>\n";
$output .= " <TR><TD ALIGN=\"right\"><B>Bio information:</B></TD><TD>". check_output($account->bio) ."</TD></TR>\n";
diff --git a/modules/comment.module b/modules/comment.module
index 4d73e3cafc19..ef0bce34a4e6 100644
--- a/modules/comment.module
+++ b/modules/comment.module
@@ -8,7 +8,7 @@ function comment_find($keys) {
$find = array();
$result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.subject LIKE '%". check_input($keys) ."%' OR c.comment LIKE '%". check_input($keys) ."%' ORDER BY c.timestamp DESC LIMIT 20");
while ($comment = db_fetch_object($result)) {
- array_push($find, array("subject" => check_output($comment->subject), "link" => (user_permission($user) ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "story.php?id=$comment->lid&cid=$comment->cid"), "user" => $story->userid, "date" => $comment->timestamp));
+ array_push($find, array("subject" => check_output($comment->subject), "link" => (user_access($user, "comment") ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "story.php?id=$comment->lid&cid=$comment->cid"), "user" => $story->userid, "date" => $comment->timestamp));
}
return $find;
}
diff --git a/modules/comment/comment.module b/modules/comment/comment.module
index 4d73e3cafc19..ef0bce34a4e6 100644
--- a/modules/comment/comment.module
+++ b/modules/comment/comment.module
@@ -8,7 +8,7 @@ function comment_find($keys) {
$find = array();
$result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.subject LIKE '%". check_input($keys) ."%' OR c.comment LIKE '%". check_input($keys) ."%' ORDER BY c.timestamp DESC LIMIT 20");
while ($comment = db_fetch_object($result)) {
- array_push($find, array("subject" => check_output($comment->subject), "link" => (user_permission($user) ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "story.php?id=$comment->lid&cid=$comment->cid"), "user" => $story->userid, "date" => $comment->timestamp));
+ array_push($find, array("subject" => check_output($comment->subject), "link" => (user_access($user, "comment") ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "story.php?id=$comment->lid&cid=$comment->cid"), "user" => $story->userid, "date" => $comment->timestamp));
}
return $find;
}
diff --git a/modules/diary.module b/modules/diary.module
index c8e93c6be900..0f366a84f559 100644
--- a/modules/diary.module
+++ b/modules/diary.module
@@ -16,7 +16,7 @@ function diary_find($keys) {
$find = array();
$result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id WHERE d.text LIKE '%". check_input($keys) ."%' ORDER BY d.timestamp DESC LIMIT 20");
while ($diary = db_fetch_object($result)) {
- array_push($find, array("subject" => "$diary->userid's diary", "link" => (user_permission($user) ? "admin.php?mod=diary&op=edit&id=$diary->id" : "module.php?mod=diary&op=view&name=$diary->userid"), "user" => $diary->userid, "date" => $diary->timestamp));
+ array_push($find, array("subject" => "$diary->userid's diary", "link" => (user_access($user, "diary") ? "admin.php?mod=diary&op=edit&id=$diary->id" : "module.php?mod=diary&op=view&name=$diary->userid"), "user" => $diary->userid, "date" => $diary->timestamp));
}
return $find;
diff --git a/modules/story.module b/modules/story.module
index 47671033e8bb..535821ccd010 100644
--- a/modules/story.module
+++ b/modules/story.module
@@ -20,7 +20,7 @@ function story_find($keys) {
$find = array();
$result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.status = 2 AND (s.subject LIKE '%". check_input($keys) ."%' OR s.abstract LIKE '%". check_input($keys) ."%' OR s.article LIKE '%". check_input($keys) ."%') ORDER BY s.timestamp DESC LIMIT 20");
while ($story = db_fetch_object($result)) {
- array_push($find, array("subject" => check_output($story->subject), "link" => (user_permission($user) ? "admin.php?mod=story&op=edit&id=$story->id" : "story.php?id=$story->id"), "user" => $story->userid, "date" => $story->timestamp));
+ array_push($find, array("subject" => check_output($story->subject), "link" => (user_access($user, "story") ? "admin.php?mod=story&op=edit&id=$story->id" : "story.php?id=$story->id"), "user" => $story->userid, "date" => $story->timestamp));
}
return $find;
}
diff --git a/modules/story/story.module b/modules/story/story.module
index 47671033e8bb..535821ccd010 100644
--- a/modules/story/story.module
+++ b/modules/story/story.module
@@ -20,7 +20,7 @@ function story_find($keys) {
$find = array();
$result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.status = 2 AND (s.subject LIKE '%". check_input($keys) ."%' OR s.abstract LIKE '%". check_input($keys) ."%' OR s.article LIKE '%". check_input($keys) ."%') ORDER BY s.timestamp DESC LIMIT 20");
while ($story = db_fetch_object($result)) {
- array_push($find, array("subject" => check_output($story->subject), "link" => (user_permission($user) ? "admin.php?mod=story&op=edit&id=$story->id" : "story.php?id=$story->id"), "user" => $story->userid, "date" => $story->timestamp));
+ array_push($find, array("subject" => check_output($story->subject), "link" => (user_access($user, "story") ? "admin.php?mod=story&op=edit&id=$story->id" : "story.php?id=$story->id"), "user" => $story->userid, "date" => $story->timestamp));
}
return $find;
}
diff --git a/modules/submission.module b/modules/submission.module
index 338408d4c200..3cc666f5526d 100644
--- a/modules/submission.module
+++ b/modules/submission.module
@@ -22,7 +22,7 @@ function submission_score($id) {
function submission_vote($id, $vote, $comment) {
global $user;
- if (!user_get_history($user->history, "s$id")) {
+ if (!user_get($user, "history", "s$id")) {
// Update submission's score- and votes-field:
db_query("UPDATE stories SET score = score $vote, votes = votes + 1 WHERE id = $id");
@@ -33,7 +33,7 @@ function submission_vote($id, $vote, $comment) {
}
// Update user's history record:
- user_set_history("s$id", $vote);
+ $user = user_set($user, "history", "s$id", $vote);
// Update story table (if required):
$result = db_query("SELECT * FROM stories WHERE id = $id");
@@ -65,7 +65,7 @@ function submission_page_main() {
$content .= "<TABLE BORDER=\"0\" CELLSPACING=\"4\" CELLPADDING=\"4\">\n";
$content .= " <TR BGCOLOR=\"$bgcolor1\"><TH>". t("Subject") ."</TH><TH>". t("Section") ."</TH><TH>". t("Date") ."</TH><TH>". t("Author") ."</TH><TH>". t("Score") ."</TH></TR>\n";
while ($submission = db_fetch_object($result)) {
- if ($user->id == $submission->author || user_get_history($user->history, "s$submission->id")) $content .= " <TR><TD WIDTH=\"100%\"><A HREF=\"module.php?mod=submission&op=view&id=$submission->id\">". check_output($submission->subject) ."</A></TD><TD>$submission->section</TD><TD ALIGN=\"center\">". date("Y-m-d", $submission->timestamp) ."<BR>". date("H:m:s", $submission->timestamp) ."</TD><TD ALIGN=\"center\">". format_username($submission->userid) ."</TD><TD ALIGN=\"center\">". submission_score($submission->id) ."</TD></TR>\n";
+ if ($user->id == $submission->author || user_get($user, "history", "s$submission->id")) $content .= " <TR><TD WIDTH=\"100%\"><A HREF=\"module.php?mod=submission&op=view&id=$submission->id\">". check_output($submission->subject) ."</A></TD><TD>$submission->section</TD><TD ALIGN=\"center\">". date("Y-m-d", $submission->timestamp) ."<BR>". date("H:m:s", $submission->timestamp) ."</TD><TD ALIGN=\"center\">". format_username($submission->userid) ."</TD><TD ALIGN=\"center\">". submission_score($submission->id) ."</TD></TR>\n";
else $content .= " <TR><TD WIDTH=\"100%\"><A HREF=\"module.php?mod=submission&op=view&id=$submission->id\">". check_output($submission->subject) ."</A></TD><TD>$submission->section</TD><TD ALIGN=\"center\">". date("Y-m-d", $submission->timestamp) ."<BR>". date("H:m:s", $submission->timestamp) ."</TD><TD ALIGN=\"center\">". format_username($submission->userid) ."</TD><TD ALIGN=\"center\"><A HREF=\"module.php?mod=submission&op=view&id=$submission->id\">". t("vote") ."</A></TD></TR>\n";
}
$content .= "</TABLE>\n";
@@ -81,7 +81,7 @@ function submission_display_item($id) {
$result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.id = $id");
$submission = db_fetch_object($result);
- if ($user->id == $submission->author || user_get_history($user->history, "s$submission->id")) {
+ if ($user->id == $submission->author || user_get($user, "history", "s$submission->id")) {
header("Location: story.php?id=$submission->id");
}
else {
@@ -111,7 +111,7 @@ function submission_page() {
global $comment, $id, $op, $user, $vote;
if ($user->id) {
- user_rehash();
+ $user = user_load($user->userid);
switch($op) {
case "view":
diff --git a/updates/1.00-to-1.xx b/updates/1.00-to-1.xx
index 7cc514ec03a2..be556a23ebfd 100644
--- a/updates/1.00-to-1.xx
+++ b/updates/1.00-to-1.xx
@@ -1,18 +1,9 @@
+# 18/02/2001: permissions / access / group
+alter table users drop permissions;
+alter table users add access varchar(255) DEFAULT '' NOT NULL;
-# 20/01/2001: comment/discussion code rewrite:
-alter table users modify mode tinyint(1) DEFAULT '' NOT NULL;
-alter table comments change sid lid int(6) DEFAULT '0' NOT NULL;
-alter table comments add link varchar(16) DEFAULT '' NOT NULL;
-update comments set link = 'article';
-
-# 21/01/2001: section manager
-alter table stories change category section varchar(64) DEFAULT '' NOT NULL;
-
-# 31/01/2001: block rehashing
-alter table blocks add remove tinyint(1) DEFAULT '0' NOT NULL;
-
-# 07/02/2001: value calculation
-alter table users add rating decimal(8,4) DEFAULT '0' NOT NULL;
+# 14/02/2001: locale / internationalisation
+alter table users add language varchar(2) DEFAULT '' NOT NULL;
# 12/02/2001: locale / internationalisation
create table locales (
@@ -22,5 +13,17 @@ create table locales (
PRIMARY KEY (id)
);
-# 14/02/2001: locale / internationalisation
-alter table users add language varchar(2) DEFAULT '' NOT NULL;
+# 07/02/2001: value calculation
+alter table users add rating decimal(8,4) DEFAULT '0' NOT NULL;
+
+# 31/01/2001: block rehashing
+alter table blocks add remove tinyint(1) DEFAULT '0' NOT NULL;
+
+# 21/01/2001: section manager
+alter table stories change category section varchar(64) DEFAULT '' NOT NULL;
+
+# 20/01/2001: comment/discussion code rewrite:
+alter table users modify mode tinyint(1) DEFAULT '' NOT NULL;
+alter table comments change sid lid int(6) DEFAULT '0' NOT NULL;
+alter table comments add link varchar(16) DEFAULT '' NOT NULL;
+update comments set link = 'article';
--
GitLab