function nc_prepare_message_form($form, $action, $admin_mode, $user_table_mode, $sys_table_id, $current_cc, $f_Checked = null, $f_Priority = '', $f_Keyword = '', $f_ncTitle = '', $f_ncKeywords = '', $f_ncDescription = '', $have_seo = true, $eval_ready = false) { global $isNaked, $inside_admin; $nc_core = nc_Core::get_object(); if (!CheckUserRights($current_cc['Sub_Class_ID'], "moderate", 0) || !$admin_mode || !$inside_admin && !$isNaked) { return $form; } if (null === $f_Checked && 1 == $current_cc['Moderation_ID']) { $f_Checked = 1; } $seo = "<div class='nc_seo_fields'>"; if ('change' == $action && !$user_table_mode) { global $message; $SQL = "SELECT `uAdd`.`{$nc_core->AUTHORIZE_BY}` as `user_add`,\n `uEdit`.`{$nc_core->AUTHORIZE_BY}` as `user_edit`,\n a.`IP`,\n a.`LastIP`,\n UNIX_TIMESTAMP(a.`Created`) as `Created`,\n UNIX_TIMESTAMP(a.`LastUpdated`) as `LastUpdated`\n FROM `Message{$current_cc['Class_ID']}` AS `a`\n LEFT JOIN `User` as `uAdd` ON `uAdd`.`User_ID` = `a`.`User_ID`\n LEFT JOIN `User` as `uEdit` ON `uEdit`.`User_ID` = `a`.`LastUser_ID`\n WHERE `Message_ID` = " . +$message; $info = $nc_core->db->get_row($SQL, ARRAY_A); $seo .= "<div class='nc_admin_settings_info nc_seo_edit_info'>\n <div class='nc_admin_settings_info_actions'>\n <div>\n <span>" . CLASS_TAB_CUSTOM_ADD . ":</span> " . date("d.m.Y H:i:s", $info['Created']) . " {$info['user_add']} ({$info['IP']})\n </div>"; if ($info['user_edit']) { $seo .= " <div>\n <span>" . CLASS_TAB_CUSTOM_EDIT . ":</span> " . date('d.m.Y H:i:s', $info['LastUpdated']) . " {$info['user_edit']} ({$info['LastIP']})\n </div>"; } $seo .= ' </div>'; $seo .= '</div>'; } $seo .= "<div class='nc_admin_settings_info_checked'>\n <input id='chk' name='f_Checked' type='checkbox' value='1' " . ($f_Checked ? "checked='checked'" : "") . " />\n <label for='chk'>" . NETCAT_MODERATION_TURNON . "</label>\n </div>\n <div class='nc_admin_settings_info_priority'>\n <div>" . CONTROL_CONTENT_CATALOUGE_FUNCS_CATALOGUEFORM_PRIORITY . ":</div>\n <div><input name='f_Priority' type='text' size='3' maxlength='10' value='" . ($f_Priority ? +$f_Priority : '') . "' /></div>\n </div>"; if ($current_cc['File_Mode'] && is_object($class_view = nc_class_view::get_instanse()) || !$current_cc['File_Mode']) { $seo .= "\n <div>\n <div>" . CONTROL_CONTENT_SUBDIVISION_FUNCS_MAINDATA_KEYWORD . ":</div>\n <div><input name='f_Keyword' type='text' size='20' maxlength='255' value='" . htmlspecialchars($f_Keyword, ENT_QUOTES) . "'></div>\n </div>\n <div>\n <div>" . NETCAT_MODERATION_SEO_TITLE . ":</div>\n <div><input type='text' name='f_ncTitle' value='" . htmlspecialchars($f_ncTitle, ENT_QUOTES) . "' /></div>\n </div>\n <div>\n <div>" . NETCAT_MODERATION_SEO_KEYWORDS . ":</div>\n <div><textarea name='f_ncKeywords'>" . htmlspecialchars($f_ncKeywords, ENT_QUOTES) . "</textarea></div>\n </div>\n <div>\n <div>" . NETCAT_MODERATION_SEO_DESCRIPTION . ":</div>\n <div><textarea name='f_ncDescription'>" . htmlspecialchars($f_ncDescription, ENT_QUOTES) . "</textarea></div>\n </div>"; } $seo .= "</div><!--.nc_seo_fields-->"; if (nc_module_check_by_keyword('comments')) { require_once $nc_core->ADMIN_FOLDER . "subdivision/function.inc.php"; $current_cc['Message_ID'] = $message ? $message : -1; $comments = nc_subdivision_show_comments($current_cc); if ($eval_ready) { $comments = str_replace('$nc', '\\$nc', $comments); } } return "<div class='nc_admin_form_menu' style='padding-top: 20px;'>\n <h2>" . htmlspecialchars($current_cc['Sub_Class_Name']) . "</h2>\n\n <div id='nc_object_slider_menu' class='slider_block_2' style='padding-top: 0px; padding-bottom: 15px;'>\n <ul>\n " . ($have_seo ? "\n <li class='button_on' id='nc_show_main' onClick='return false;'>" . NETCAT_MESSAGE_FORM_MAIN . "</li>\n <li id='nc_show_seo' onClick='return false;'>" . NETCAT_MESSAGE_FORM_ADDITIONAL . "</li>\n " : "<li />") . "\n </ul>\n </div>\n\n <div class='nc_admin_form_menu_hr'></div>\n </div>\n <div id='nc_seo_append'><div class='nc_admin_form_seo' style='display: none;'>{$seo} {$comments}</div></div>\n <div class='nc_admin_form_body nc-admin'>{$form}</div>" . (!$sys_table_id ? "\n <div class='nc_admin_form_buttons'>\n <button type='button' class='nc_admin_metro_button nc-btn nc--blue' disable>" . NETCAT_REMIND_SAVE_SAVE . "</button>\n <button type='button' class='nc_admin_metro_button_cancel nc-btn nc--red nc--bordered nc--right'>" . CONTROL_BUTTON_CANCEL . "</button>\n </div>\n\n <style>\n a {color:#1a87c2;}\n a:hover {text-decoration:none;}\n a img {border:none;}\n p {margin:0px; padding:0px 0px 18px 0px;}\n h2 {font-size:20px; font-family:'Segoe UI', SegoeWP, Arial; color:#333333; font-weight:normal; margin:0px; padding:20px 0px 10px 0px; line-height:20px;}\n form {margin:0px; padding:0px;}\n input {outline:none;}\n .clear {margin:0px; padding:0px; font-size:0px; line-height:0px; height:1px; clear:both; float:none;}\n select, input, textarea {border:1px solid #dddddd;}\n :focus {outline:none;}\n .input {outline:none; border:1px solid #dddddd;}\n </style>\n\n <script type='text/javascript'>prepare_message_form();</script>" : ""); }
} nc_check_availability_candidates_for_delete_in_multifile_and_delete(); nc_rename_multifile(); if (!$user_table_mode && !$message && !$delete && !$export && !$import && !$nc_recovery) { nc_print_status(NETCAT_MODERATION_ERROR_NORIGHTS, "error"); break; } if ($posting && $nc_core->token->is_use($delete ? "delete" : "change")) { if (!$nc_core->token->verify()) { echo NETCAT_TOKEN_INVALID; break; } } $is_there_any_files = $user_table_mode ? getFileCount(0, $systemTableID) : getFileCount($classID, 0); # права модератора $modRights = CheckUserRights($current_cc['Sub_Class_ID'], "moderate", $posting); # формирование обратной ссылки $alter_goBackLink = ""; $alter_goBackLink_true = false; if (isset($_REQUEST['goBackLink'])) { $alter_goBackLink = $_REQUEST['goBackLink']; if ($admin_mode && preg_match("/^[\\/a-z0-9_-]+\\?catalogue=[[:digit:]]+&sub=[[:digit:]]+&cc=[[:digit:]]+(&curPos=[[:digit:]]{0,12})?\$/im", $alter_goBackLink)) { $alter_goBackLink_true = true; } if (!$admin_mode && preg_match("/^[\\/a-z0-9_-]+(\\.html)?(\\?curPos=[[:digit:]]{0,12})?\$/im", $alter_goBackLink)) { $alter_goBackLink_true = true; } } # если путь не задан в форме if (!$alter_goBackLink_true) { if ($admin_mode) {
function s_auth($cc_env, $action, $posting) { global $nc_core; global $admin_mode, $AUTHORIZATION_TYPE, $user_table_mode; global $AUTH_USER_ID; // редактирование пользователя через лицевую часть if ($action == "change" && $user_table_mode && ($AUTH_USER_ID || Authorize())) { return true; } if ($action == "index" || $action == "full" || $action == "search") { $action = "read"; } $cc = $cc_env["Sub_Class_ID"]; $MODULE_VARS = $nc_core->modules->get_module_vars(); // для модуля подписки версии 2 своя проверка прав if ($action == 'subscribe' && $MODULE_VARS['subscriber']['VERSION'] > 1) { try { $nc_s = nc_subscriber::get_object(); $mailer_id = $nc_s->get_mailer_by_cc($cc, 'Mailer_ID'); return $nc_s = $nc_s->check_rights($mailer_id); } catch (Exception $e) { } } // параметры текущего раздела $sub_env = $nc_core->subdivision->get_current(); // Если нет сс, то права на доступ нужно взять из раздела $instance = is_array($cc_env) && $cc ? "cc_env" : "sub_env"; switch ($action) { case "add": $f_access = ${$instance}["Write_Access_ID"]; break; case "change": $f_access = ${$instance}["Edit_Access_ID"]; break; case "subscribe": $f_access = ${$instance}["Subscribe_Access_ID"]; break; case "comment": $f_access = ${$instance}["Comment_Access_ID"]; break; case "moderate": $f_access = 3; break; //модерирование, надо провреить, не забанен ли, а потом проверить на наличие соответ. права //модерирование, надо провреить, не забанен ли, а потом проверить на наличие соответ. права default: $f_access = ${$instance}["Read_Access_ID"]; break; } // действия с объектами (изменение, удаление) не доступно неавторизованным if ($f_access == 1 && $action == "change") { $f_access = 2; } switch ($f_access) { case 1: // все if ($admin_mode) { if (!Authorize()) { return false; } if (!CheckUserRights($cc, $action, 1)) { return false; } } break; case 2: // только зарегистрированные if (!Authorize()) { return false; } global $perm; if ($perm->isBanned($cc_env, $action)) { return false; } break; case 3: // только уполномочнные if (!Authorize()) { return false; } global $perm; if ($perm->isBanned($cc_env, $action)) { return false; } if (!CheckUserRights($cc, $action, $posting)) { return false; } break; default: break; } return true; }
function nc_AdminCommon($sub, $cc, $cc_env, $f_AdminCommon_package, $f_AdminCommon_add, $f_AdminCommon_delete_all) { $nc_core = nc_Core::get_object(); $system_env = $nc_core->get_settings(); $ADMIN_TEMPLATE = $nc_core->get_variable("ADMIN_TEMPLATE"); $f_AdminCommon_cc_name = $cc_env['Sub_Class_Name']; $f_AdminCommon_cc = $cc; if ($system_env['AdminButtonsType']) { eval("\$f_AdminCommon = \"" . $system_env['AdminCommon'] . "\";"); } else { $f_AdminCommon_buttons = "\n <li><span>" . $cc_env['Sub_Class_ID'] . "</span></li>\n <li><a onClick='parent.nc_form(this.href); return false' href='{$f_AdminCommon_add}'>" . NETCAT_MODERATION_BUTTON_ADD . "</a></li>\n " . nc_get_AdminCommon_multiedit_button($cc_env) . "\n " . ($nc_core->InsideAdminAccess ? "\n <li><a onClick='parent.nc_form(this.href); return false;' href='{$nc_core->SUB_FOLDER}admin/class/index.php?phase=4&ClassID=" . ($cc_env['Class_Template_ID'] ? $cc_env['Class_Template_ID'] : $cc_env['Class_ID']) . "'>\n <i class='nc-icon nc--dev-components' title='" . CONTROL_CLASS_DOEDIT . "'></i>\n </a></li>\n " : "") . "\n <li><a onClick='parent.nc_form(this.href); return false;' href='{$nc_core->ADMIN_PATH}subdivision/SubClass.php?SubdivisionID={$sub}&sub_class_id={$cc}'>\n <i class='nc-icon nc--settings' title='" . CONTROL_CLASS_CLASS_SETTINGS . "'></i>\n </a></li>\n <li><a href='{$f_AdminCommon_delete_all}'>\n <i class='nc-icon nc--remove' title='" . NETCAT_MODERATION_REMALL . "'></i>\n </a></li>"; if ($nc_core->get_settings('PacketOperations')) { $f_AdminCommon_buttons .= "<li class='nc-divider'></li>\n <li class='nc--alt'><a href='#' onclick='nc_package_obj.process(\"checkOn\", " . $cc . "); return false;'>\n <i class='nc-icon nc--selected-on' title='" . NETCAT_MODERATION_SELECTEDON . "'></i>\n </a></li>\n <li class='nc--alt'><a href='#' onclick='nc_package_obj.process(\"checkOff\", " . $cc . "); return false;'>\n <i class='nc-icon nc--selected-off' title='" . NETCAT_MODERATION_SELECTEDOFF . "'></i>\n </a></li>\n <li class='nc--alt'><a href='#' onclick='nc_package_obj.process(\"delete\", " . $cc . "); return false;'>\n <i class='nc-icon nc--selected-remove' title='" . NETCAT_MODERATION_DELETESELECTED . "'></i>\n </a></li>\n "; } $f_AdminCommon = "<div class='nc_idtab nc_admincommon'>"; if (CheckUserRights($cc, 'add', 1) == 1) { $f_AdminCommon = "<ul class='nc-toolbar nc--right'>" . $f_AdminCommon_buttons . "</ul>\n <div class='nc--clearfix'></div>"; $f_AdminCommon .= $f_AdminCommon_package; } else { $f_AdminCommon .= "<div class='nc_idtab_id'>\n <div class='nc_idtab_messageid error' title='" . NETCAT_MODERATION_ERROR_NORIGHT . "'>\n " . NETCAT_MODERATION_ERROR_NORIGHT . "\n </div>\n </div>\n <div class='ncf_row nc_clear'></div>"; } $f_AdminCommon .= "<div class='nc--clearfix'></div>"; } return $f_AdminCommon; }