function permissions($parameters, $arg1 = '', $arg2 = '', $arg3 = '') { if ($arg1 or $arg2 or $arg3) { $module = $arg1 ? $arg1 : $GLOBALS['zig']['current']['module']; $script = $arg2 ? $arg2 : $GLOBALS['zig']['current']['script']; $action = $arg3 ? $arg3 : $GLOBALS['zig']['current']['action']; $field_name = "all"; $field_value = "all"; } else { if (is_array($parameters)) { $module = array_key_exists("module", $parameters) ? $parameters['module'] : $GLOBALS['zig']['current']['module']; $script = array_key_exists("script", $parameters) ? $parameters['script'] : $GLOBALS['zig']['current']['script']; $action = array_key_exists("action", $parameters) ? $parameters['action'] : $GLOBALS['zig']['current']['action']; $tab = array_key_exists("tab", $parameters) ? $parameters['tab'] : NULL; $field_name = array_key_exists("field_name", $parameters) ? $parameters['field_name'] : "all"; $field_value = array_key_exists("field_value", $parameters) ? $parameters['field_value'] : "all"; } } $module = $module == "{any}" ? NULL : $module; $directory = $module; $script = $script == "{any}" ? NULL : $script; $action = $action == "{any}" ? NULL : $action; $zig_info_obj = new zig_info(); $user = zig("info", "user"); $user_id = zig("info", "user_id"); $group = $zig_info_obj->group(); $pre = zig("config", "pre"); $zig_global_database = zig("config", "global_database"); $script = $script ? $script : $GLOBALS['zig']['current']['script']; $script = addslashes($script); $sql = "SELECT `{$pre}applications`.`name` AS module,`{$pre}tabs`.`name` AS tab \n\t\t\t\t\tFROM `{$zig_global_database}`.`{$pre}tabs`,`{$zig_global_database}`.`{$pre}applications` \n\t\t\t\t\tWHERE \n\t\t\t\t\t\t`directory`='{$directory}' \n\t\t\t\t\tAND `{$pre}tabs`.`module`=`{$pre}applications`.`name` \n\t\t\t\t\tAND `{$pre}tabs`.`link`='{$script}' LIMIT 1"; $result = zig("query", $sql); $fetch = $result->fetchRow(); $module = $fetch['module']; $tab = $fetch['tab']; $where_tab = $tab ? " AND (tab='{$tab}' OR tab='all') " : NULL; $where_action = $tab ? " AND (action='{$action}' OR action='all') " : NULL; $sql = "SELECT users \n\t\t\t\tFROM `{$zig_global_database}`.`{$pre}permissions` \n\t\t\t\tWHERE \n\t\t\t\t\t(zig_parent_id='{$user_id}' OR users='{$user}' OR users='{$group}' OR users='all') \n\t\t\t\tAND (module='{$module}' OR module='all') {$where_tab} {$where_action} \n\t\t\t\tAND (field_name='{$field_name}' OR field_name='all') \n\t\t\t\tAND (field_value='{$field_value}' OR field_value='all') \n\t\t\t\tAND permission='allow' LIMIT 1"; $result = zig("query", $sql, "permissions.lib.php", false); $permission = $result->RecordCount(); if ($permission == 1) { $sql = "SELECT users \n\t\t\t\t\tFROM {$zig_global_database}.{$pre}permissions \n\t\t\t\t\tWHERE \n\t\t\t\t\t\t(zig_parent_id='{$user_id}' OR users='{$user}' OR users='{$group}' OR users='all') \n\t\t\t\t\tAND (module='{$module}' OR module='all') {$where_tab} {$where_action} \n\t\t\t\t\tAND (field_name='{$field_name}' OR field_name='all') \n\t\t\t\t\tAND (field_value='{$field_value}' OR field_value='all') \n\t\t\t\t\tAND permission='deny' LIMIT 1"; $result = zig("query", $sql); $permission = $result->RecordCount() ? false : true; /* if($module=="zig-helpdesk") { print " m=".$module ; print " t=".$tab ; print " a=".$action ; print " u=".$user ; print " p=".$permission ; print " sql=".$sql ; print "<br /><br />" ; // exit() ; }*/ } $zig_return['value'] = $permission; $zig_return['return'] = 1; return $zig_return; }