Exemple #1
0
        $objNewsTemplate->setText('ID', $objNews->get('id'));
        $objNewsTemplate->setText('USERID', $objNewsUser->get('id'));
        $objNewsTemplate->setText('USERNAME', $objNewsUser->get('username'));
        $objNewsTemplate->setText('DATE', date('Y-m-d', strtotime($objNews->get('date'))));
        $objNewsTemplate->setText('TITLE', $objNews->get('title'));
        $objNewsTemplate->setText('TEXT', bbcode_format($objNews->get('text')));
        echo $objNewsTemplate->get();
    }
} else {
    if (!$objUser || $objUser->get('is_admin') != 1) {
        throw new Exception("exception_accessdenied");
    }
    $objNews = new clsDB('news');
    $objNews->getFromRequest(array('id', 'title', 'text'));
    if ($strSubAction == 'edit') {
        $objNews->load();
        echo "<form action='index.php' method='post'>";
        echo "<input type='hidden' name='subaction' value='save'>";
        echo $objNews->getHiddenField('id');
        echo "Title:<br>";
        echo $objNews->getTextField('title', new clsParameters('size', 40)) . "<br><br>";
        echo "Post:<br>";
        echo $objNews->getTextArea('text', 4, 45) . "<br><br>";
        echo $objNews->getSubmit('Post');
    } else {
        if ($strSubAction == 'save') {
            if ($objNews->isNew()) {
                $objNews->set('user_id', $objUser->get('id'));
                $objNews->set('date', date('Y-m-d H:i:s'));
            }
            $objNews->save();
Exemple #2
0
 /** This gets a little tricky... */
 public static function getPolicyFromRequest($strName, $objUser)
 {
     /* Create the object that'll be able to read the request. */
     $objPolicy = new clsDB($strName);
     /* Load the fields from the request. */
     $objPolicy->getFromRequest(array('id', 'allow_post_picture', 'allow_post_comment', 'allow_rate', 'allow_view', 'allow_delete_picture', 'allow_create_subalbum'));
     /* Set the name so we can access the database. */
     $objPolicy->setName('albumpolicy');
     /* Load it (to get the user_id). */
     $objPolicy->load();
     /* Check the user_id to see if we have any issues. */
     if (!$objUser->get('is_admin') && $objPolicy->get('user_id') != $objUser->get('id')) {
         throw new Exception('exception_accessdenied');
     }
     /* Set the name back so we can read the request again. */
     $objPolicy->setName($strName);
     /* Read the user's input from the request. */
     $objPolicy->getFromRequest(array('id', 'allow_post_picture', 'allow_post_comment', 'allow_rate', 'allow_view', 'allow_delete_picture', 'allow_create_subalbum'));
     /* Set the name back to what it ought to be (so we can save it). */
     $objPolicy->setName('albumpolicy');
     /* And that it! */
     return $objPolicy;
 }