function check_access($mid) { global $xoopsDB, $xoopsUser, $xoopsModule; if ($xoopsUser->isAdmin($xoopsModule->getVar('mid'))) { return true; } if ($mid) { $uid = $xoopsUser->getVar('uid'); $res = $xoopsDB->query("SELECT mid FROM " . MAIN . " LEFT JOIN " . ACLS . " ON mid=amid AND auid={$uid} WHERE mid={$mid} AND (poster={$uid} OR auid)"); return $res && $xoopsDB->getRowsNum($res) > 0; } return check_groups('post_group'); }
<?php # contents upload script # $Id: uploads.php,v 1.4 2007/12/28 08:39:08 nobu Exp $ include "../../mainfile.php"; include_once "perm.php"; require_once XOOPS_ROOT_PATH . '/class/template.php'; // check access $mid = isset($_REQUEST['mid']) ? intval($_REQUEST['mid']) : 0; if (!is_object($xoopsUser) || !check_access($mid) || !check_groups('user_upload')) { die(_NOPERM); } $myts =& MyTextSanitizer::getInstance(); if (isset($_POST['a'])) { $a = intval($_POST['a']); $errors = array(); $file = ml_image_uploads_file($mid, 'imagefile', !empty($_POST['conv'])); if ($file) { echo "<html>\n<head>\n<script language='javascript'>\nvar dom=opener.xoopsGetElementById('linkurl[{$a}]');\ndom.value = '{$file}';\nclose();\n</script></head>\n</html>"; } else { echo "<html>\n<head>\n<title>Error in Upload file</title>\n</head>\n<body><p style='color:red; font: large bold;'>" . join("<br/>", $errors) . "</p>\n<div style='text-align:center'><button onClick='window.close();'>Close</button></div></body>\n</html>"; } exit; } $a = $myts->stripSlashesGPC($_GET['a']); include XOOPS_ROOT_PATH . "/header.php"; $xoopsTpl->assign(array('target' => $a, 'mid' => $mid)); $xoopsTpl->assign('max_filesize', ini_get('upload_max_filesize')); $xoopsTpl->assign('upload_ext', preg_replace('/\\|/', ' ', $xoopsModuleConfig['upload_ext'])); echo $xoopsTpl->fetch('db:medialinks_uploads.html'); function size_format($n)
$rname = $field['name']; $require[$rname] = preg_replace('/\\*$/', '', $field['label']); } if ($field['weight']) { $form[$k] = $field; } } // status setting only by admin if ($isadmin) { $status = new XoopsFormSelect('', 'status', $content->getVar('status')); $status->addOptionArray($status_sel); $form['status'] = array('name' => 'status', 'label' => _MD_CONTENT_STATUS, 'input' => $status->render()); } $xoopsTpl->assign('form', $form); $xoopsTpl->assign('check', $require); $xoopsTpl->assign('is_uploads', check_groups('user_upload')); if ($isadmin || !empty($xoopsModuleConfig['user_acl'])) { $acls = $preview ? ml_parse_acl() : ml_get_acl($mid); $xoopsTpl->assign('acls', $acls); } $xoopsTpl->assign('form', $form); include XOOPS_ROOT_PATH . "/footer.php"; function store_entry(&$content) { $myts =& MyTextSanitizer::getInstance(); $nop = array('mtime', 'ctime', 'poster', 'hits'); $keys = array(); foreach ($_POST['keywords'] as $v) { $keys = array_merge($keys, explode(',', $v)); } $content->setKeywords($keys);