function admEnforceAccess()
{
if (!admCheckAccess()) {
// no access. stop right now.
// should print error message, but hey. let's just dump back to homepage
header('HTTP/1.0 403 Forbidden');
print "not logged in.";
exit;
}
}
function view()
{
if (!admCheckAccess()) {
exit;
}
// should return error code?
$j = get_http_var('j');
$j = strtolower($j);
$journo = db_getRow("SELECT id,ref,prettyname,oneliner,status FROM journo WHERE ref=?", $j);
if (is_null($journo)) {
// TODO: 404
return;
}
$sql = <<<EOT
SELECT p.id,p.email,p.name,perm.permission
FROM person p INNER JOIN person_permission perm ON perm.person_id=p.id
WHERE perm.permission='edit' AND perm.journo_id=?
EOT;
$users = db_getAll($sql, $journo['id']);
$journo['arts'] = journo_collectArticles($journo, 5);
$journo['num_arts'] = db_getOne("SELECT COUNT(*) FROM journo_attr WHERE journo_id=?", $journo['id']);
$journo['linked_users'] = $users;
template($journo);
}
<?php
/* frontend dispatcher for various widgets, to save lots of messy little php files.
* using this file means widgets don't have to care which page they're embedded on
*/
// sigh... stupid php include-path trainwreck...
chdir(dirname(dirname(__FILE__)));
require_once '../conf/general';
require_once '../../phplib/utility.php';
require_once '../phplib/adm.php';
require_once 'missingarticle_widget.php';
require_once 'otherarticle_widget.php';
require_once 'weblink_widget.php';
require_once 'submitted_article_widget.php';
if (!admCheckAccess()) {
exit;
}
// should return error code?
header("Cache-Control: no-cache");
$widget = get_http_var('widget');
switch ($widget) {
case 'missingarticle':
MissingArticleWidget::dispatch();
break;
case 'otherarticle':
OtherArticleWidget::dispatch();
break;
case WeblinkWidget::PREFIX:
WeblinkWidget::dispatch();
break;
case SubmittedArticleWidget::PREFIX:
