** If a node type has been specified, validate it existence. If no
** (valid) node type has been provied, display a node type overview.
...
...
@@ -916,6 +919,10 @@ function node_add($type) {
functionnode_edit($id){
global$user;
if(!user_access("post content")){
returnmessage_access();
}
$node=node_load(array("nid"=>$id));
if(node_access("update",$node)){
...
...
@@ -930,6 +937,10 @@ function node_edit($id) {
functionnode_preview($node){
if(!user_access("post content")){
returnmessage_access();
}
/*
** Convert the array to an object:
*/
...
...
@@ -989,6 +1000,10 @@ function node_preview($node) {
functionnode_submit($node){
global$theme,$user,$tid;
if(!user_access("post content")){
returnmessage_access();
}
$context->tid=$tid;
if(user_access("post content",$context)){
...
...
@@ -1125,6 +1140,10 @@ function node_submit($node) {
functionnode_delete($edit){
if(!user_access("post content")){
returnmessage_access();
}
$node=node_load(array("nid"=>$edit["nid"]));
if(node_access("delete",$node)){
...
...
@@ -1212,32 +1231,34 @@ function node_page() {
$theme->box($title,node_delete($edit));
break;
default:
// prepare query
if($or){
foreach((explode(",",$or))as$t){
$terms[]="'".check_query($t)."'";
if(user_access("access content")){
// prepare query
if($or){
foreach((explode(",",$or))as$t){
$terms[]="'".check_query($t)."'";
}
}
}
elseif($and){
foreach((explode(",",$and))as$t){
$terms[]="'".check_query($t)."'";
elseif($and){
foreach((explode(",",$and))as$t){
$terms[]="'".check_query($t)."'";
}
}
}
if($or){
// this is an OR of terms
$result=db_query("SELECT DISTINCT(n.nid), type FROM node n LEFT JOIN term_node r ON n.nid = r.nid WHERE tid IN (".implode(",",$terms).") AND ".($id?"nid = '$id'":"promote = '1'")." AND status = '1' ORDER BY static DESC, created DESC LIMIT ".($user->nodes?$user->nodes:variable_get("default_nodes_main",10)));
}
elseif($and){
// this is an AND
$result=db_query("SELECT n.nid, type, count(*) AS c FROM node n LEFT JOIN term_node r ON n.nid = r.nid WHERE tid IN (".implode(",",$terms).") AND ".($id?"nid = '$id'":"promote = '1'")." AND status = '1' GROUP BY n.nid HAVING c = ".count($terms)." ORDER BY static DESC, created DESC LIMIT ".($user->nodes?$user->nodes:variable_get("default_nodes_main",10)));
}
else{
$result=db_query("SELECT nid, type FROM node WHERE ".($id?"nid = '$id'":"promote = '1'")." AND status = '1' ORDER BY static DESC, created DESC LIMIT ".($user->nodes?$user->nodes:variable_get("default_nodes_main",10)));
}
if($or){
// this is an OR of terms
$result=db_query("SELECT DISTINCT(n.nid), type FROM node n LEFT JOIN term_node r ON n.nid = r.nid WHERE tid IN (".implode(",",$terms).") AND ".($id?"nid = '$id'":"promote = '1'")." AND status = '1' ORDER BY static DESC, created DESC LIMIT ".($user->nodes?$user->nodes:variable_get("default_nodes_main",10)));
}
elseif($and){
// this is an AND
$result=db_query("SELECT n.nid, type, count(*) AS c FROM node n LEFT JOIN term_node r ON n.nid = r.nid WHERE tid IN (".implode(",",$terms).") AND ".($id?"nid = '$id'":"promote = '1'")." AND status = '1' GROUP BY n.nid HAVING c = ".count($terms)." ORDER BY static DESC, created DESC LIMIT ".($user->nodes?$user->nodes:variable_get("default_nodes_main",10)));
}
else{
$result=db_query("SELECT nid, type FROM node WHERE ".($id?"nid = '$id'":"promote = '1'")." AND status = '1' ORDER BY static DESC, created DESC LIMIT ".($user->nodes?$user->nodes:variable_get("default_nodes_main",10)));
@@ -1263,4 +1284,4 @@ function node_update_index() {
"select"=>"SELECT n.nid as lno, n.title as text1, n.body as text2 FROM node n WHERE n.status = 1 AND moderate = 0 and (created > ".variable_get("node_cron_last",1)." or changed > ".variable_get("node_cron_last",1).")");
** If a node type has been specified, validate it existence. If no
** (valid) node type has been provied, display a node type overview.
...
...
@@ -916,6 +919,10 @@ function node_add($type) {
functionnode_edit($id){
global$user;
if(!user_access("post content")){
returnmessage_access();
}
$node=node_load(array("nid"=>$id));
if(node_access("update",$node)){
...
...
@@ -930,6 +937,10 @@ function node_edit($id) {
functionnode_preview($node){
if(!user_access("post content")){
returnmessage_access();
}
/*
** Convert the array to an object:
*/
...
...
@@ -989,6 +1000,10 @@ function node_preview($node) {
functionnode_submit($node){
global$theme,$user,$tid;
if(!user_access("post content")){
returnmessage_access();
}
$context->tid=$tid;
if(user_access("post content",$context)){
...
...
@@ -1125,6 +1140,10 @@ function node_submit($node) {
functionnode_delete($edit){
if(!user_access("post content")){
returnmessage_access();
}
$node=node_load(array("nid"=>$edit["nid"]));
if(node_access("delete",$node)){
...
...
@@ -1212,32 +1231,34 @@ function node_page() {
$theme->box($title,node_delete($edit));
break;
default:
// prepare query
if($or){
foreach((explode(",",$or))as$t){
$terms[]="'".check_query($t)."'";
if(user_access("access content")){
// prepare query
if($or){
foreach((explode(",",$or))as$t){
$terms[]="'".check_query($t)."'";
}
}
}
elseif($and){
foreach((explode(",",$and))as$t){
$terms[]="'".check_query($t)."'";
elseif($and){
foreach((explode(",",$and))as$t){
$terms[]="'".check_query($t)."'";
}
}
}
if($or){
// this is an OR of terms
$result=db_query("SELECT DISTINCT(n.nid), type FROM node n LEFT JOIN term_node r ON n.nid = r.nid WHERE tid IN (".implode(",",$terms).") AND ".($id?"nid = '$id'":"promote = '1'")." AND status = '1' ORDER BY static DESC, created DESC LIMIT ".($user->nodes?$user->nodes:variable_get("default_nodes_main",10)));
}
elseif($and){
// this is an AND
$result=db_query("SELECT n.nid, type, count(*) AS c FROM node n LEFT JOIN term_node r ON n.nid = r.nid WHERE tid IN (".implode(",",$terms).") AND ".($id?"nid = '$id'":"promote = '1'")." AND status = '1' GROUP BY n.nid HAVING c = ".count($terms)." ORDER BY static DESC, created DESC LIMIT ".($user->nodes?$user->nodes:variable_get("default_nodes_main",10)));
}
else{
$result=db_query("SELECT nid, type FROM node WHERE ".($id?"nid = '$id'":"promote = '1'")." AND status = '1' ORDER BY static DESC, created DESC LIMIT ".($user->nodes?$user->nodes:variable_get("default_nodes_main",10)));
}
if($or){
// this is an OR of terms
$result=db_query("SELECT DISTINCT(n.nid), type FROM node n LEFT JOIN term_node r ON n.nid = r.nid WHERE tid IN (".implode(",",$terms).") AND ".($id?"nid = '$id'":"promote = '1'")." AND status = '1' ORDER BY static DESC, created DESC LIMIT ".($user->nodes?$user->nodes:variable_get("default_nodes_main",10)));
}
elseif($and){
// this is an AND
$result=db_query("SELECT n.nid, type, count(*) AS c FROM node n LEFT JOIN term_node r ON n.nid = r.nid WHERE tid IN (".implode(",",$terms).") AND ".($id?"nid = '$id'":"promote = '1'")." AND status = '1' GROUP BY n.nid HAVING c = ".count($terms)." ORDER BY static DESC, created DESC LIMIT ".($user->nodes?$user->nodes:variable_get("default_nodes_main",10)));
}
else{
$result=db_query("SELECT nid, type FROM node WHERE ".($id?"nid = '$id'":"promote = '1'")." AND status = '1' ORDER BY static DESC, created DESC LIMIT ".($user->nodes?$user->nodes:variable_get("default_nodes_main",10)));
@@ -1263,4 +1284,4 @@ function node_update_index() {
"select"=>"SELECT n.nid as lno, n.title as text1, n.body as text2 FROM node n WHERE n.status = 1 AND moderate = 0 and (created > ".variable_get("node_cron_last",1)." or changed > ".variable_get("node_cron_last",1).")");