Changeset 7126
- Timestamp:
- Jul 29, 2008, 2:31:45 PM (16 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
TabularUnified trunk/inc/classes/BxDolArticles.php ¶
r7104 r7126 356 356 } 357 357 358 function CheckLogged() { 359 global $logged; 360 if( !$logged['member'] && !$logged['admin'] ) { 361 member_auth(0); 362 } 363 } 364 358 365 function getArticleEditForm( $iArticleID = '' ) { 366 $this->CheckLogged(); 367 359 368 $sEditArticleC = _t('_Edit Article'); 360 369 $sArticlesC = _t('_Articles'); … … 368 377 if( (int)$iArticleID ) { 369 378 $articleQuery = " 370 SELECT `Articles`.`ArticlesID`, `Articles`.`CategoryID`, `Articles`.`Date`, 379 SELECT `Articles`.`ArticlesID`, `Articles`.`CategoryID`, `Articles`.`Date`, `Articles`.`ownerID`, 371 380 `Articles`.`Title`, `Articles`.`Text`, `Articles`.`ArticleFlag`, `ArticlesCategory`.`CategoryName` 372 381 FROM `Articles` … … 375 384 "; 376 385 $aArticle = db_arr( $articleQuery ); 386 if((int)$aArticle['ownerID'] != $this->iVisitorID && $this->bAdminMode==false) { 387 return MsgBox(_t('_Hacker String')); 388 } 377 389 } 378 390 … … 530 542 } 531 543 } else { 544 return MsgBox(_t('_Hacker String')); 532 545 } 533 546 return MsgBox($sRetVal); … … 535 548 536 549 function deleteArticle( $iArticleID ) { 537 538 550 $sADS = _t('_Article was deleted successfully'); 539 551 $sADF = _t('_Article was not deleted'); 540 552 541 553 $sRetVal = _t('_Error Occured'); 542 if( $this->bAdminMode ) 543 $sArticleDeleteQuery = "DELETE FROM `Articles` WHERE `ArticlesID` = '{$iArticleID}'"; 544 else 545 $sArticleDeleteQuery = "DELETE FROM `Articles` WHERE `ArticlesID` = '{$iArticleID}' AND `ownerID`='{$this->iVisitorID}'"; 546 547 if( db_res( $sArticleDeleteQuery ) ) 548 $sRetVal = $sADS; 549 else 550 $sRetVal = $sADF; 554 555 $iOwnerID = (int)db_value("SELECT `ownerID` FROM `Articles` WHERE `ArticlesID` = '{$iArticleID}'"); 556 557 if ($iOwnerID>0 || $this->bAdminMode) { 558 if($iOwnerID != $this->iVisitorID && $this->bAdminMode==false) { 559 return MsgBox(_t('_Hacker String')); 560 } 561 562 if( $this->bAdminMode ) 563 $sArticleDeleteQuery = "DELETE FROM `Articles` WHERE `ArticlesID` = '{$iArticleID}'"; 564 else 565 $sArticleDeleteQuery = "DELETE FROM `Articles` WHERE `ArticlesID` = '{$iArticleID}' AND `ownerID`='{$this->iVisitorID}'"; 566 567 if( db_res( $sArticleDeleteQuery ) ) 568 $sRetVal = $sADS; 569 else 570 $sRetVal = $sADF; 571 } 551 572 552 573 return MsgBox($sRetVal); … … 556 577 $sActionText = ''; 557 578 if( $_POST['add_category'] ) { 579 //$this->CheckLogged(); 580 if($this->bAdminMode==false) { 581 return MsgBox(_t('_Hacker String')); 582 } 558 583 $sCategorySubject = process_db_input( $_POST['caption'], 1 ); 559 584 $sCategoryDesc = process_db_input( $_POST['description'], 1 ); … … 569 594 } 570 595 } elseif( $_POST['edit_category'] ) { 596 //$this->CheckLogged(); 597 if($this->bAdminMode==false) { 598 return MsgBox(_t('_Hacker String')); 599 } 571 600 $sCategorySubject = process_db_input( $_POST['caption'], 1 ); 572 601 $sCategoryDesc = process_db_input( $_POST['description'], 1 ); … … 582 611 } 583 612 } elseif( $_POST['add_article'] ) { 613 $this->CheckLogged(); 584 614 $sArticleTitle = process_db_input( $_POST['title'], 1 ); 585 615 $sArticle = $this->process_html_db_input( $_POST['article'] ); … … 603 633 } 604 634 } elseif( $_POST['edit_article'] ) { 635 $this->CheckLogged(); 605 636 $sArticleTitle = process_db_input( $_POST['title'], 1 ); 606 637 $sArticle = $this->process_html_db_input( $_POST['article'] ); 607 638 $iCategoryID = (int)$_POST['categoryID']; 608 639 $iArticleID = (int)$_POST['articleID']; 609 $sArticleUri = uriGenerate($sArticleTitle, 'Articles', 'Title', 100); 610 if( $_POST['flag'] == 'HTML') { 611 $sFlag = 'HTML'; 612 } else { 613 $sFlag = 'Text'; 614 } 615 616 if ($this->bAdminMode) { 617 $sOwner = ", `ownerID`='0'"; 618 $sOwnerCond = ""; 619 } else { 620 $sOwner = ", `ownerID`='{$this->iVisitorID}'"; 621 $sOwnerCond = " AND `ownerID`='{$this->iVisitorID}'"; 622 } 623 $sAddQuery = "UPDATE `Articles` SET `Title` = '{$sArticleTitle}', `Text` = '{$sArticle}', `CategoryID` = '{$iCategoryID}', `Date` = NOW(), `ArticleFlag` = '{$sFlag}', `ArticleUri`='{$sArticleUri}' {$sOwner} WHERE `ArticlesID` = '{$iArticleID}' {$sOwnerCond}"; 624 if ($sArticleTitle=='' || $sArticle=='') { 625 $sActionText = 'Article Updated'; 626 } elseif( db_res( $sAddQuery ) ) { 627 $sActionText = 'Article Updated'; 628 } else { 629 $sActionText = 'Article Not Updated'; 640 641 $iOwnerID = (int)db_value("SELECT `ownerID` FROM `Articles` WHERE `ArticlesID` = '{$iArticleID}'"); 642 643 if ($iOwnerID>0 || $this->bAdminMode) { 644 if($iOwnerID != $this->iVisitorID && $this->bAdminMode==false) { 645 return MsgBox(_t('_Hacker String')); 646 } 647 648 $sArticleUri = uriGenerate($sArticleTitle, 'Articles', 'Title', 100); 649 if( $_POST['flag'] == 'HTML') { 650 $sFlag = 'HTML'; 651 } else { 652 $sFlag = 'Text'; 653 } 654 655 if ($this->bAdminMode) { 656 $sOwner = ", `ownerID`='0'"; 657 $sOwnerCond = ""; 658 } else { 659 $sOwner = ", `ownerID`='{$this->iVisitorID}'"; 660 $sOwnerCond = " AND `ownerID`='{$this->iVisitorID}'"; 661 } 662 $sAddQuery = "UPDATE `Articles` SET `Title` = '{$sArticleTitle}', `Text` = '{$sArticle}', `CategoryID` = '{$iCategoryID}', `Date` = NOW(), `ArticleFlag` = '{$sFlag}', `ArticleUri`='{$sArticleUri}' {$sOwner} WHERE `ArticlesID` = '{$iArticleID}' {$sOwnerCond}"; 663 if ($sArticleTitle=='' || $sArticle=='') { 664 $sActionText = 'Article Updated'; 665 } elseif( db_res( $sAddQuery ) ) { 666 $sActionText = 'Article Updated'; 667 } else { 668 $sActionText = 'Article Not Updated'; 669 } 630 670 } 631 671 }
Note: See TracChangeset
for help on using the changeset viewer.