Esempio n. 1
0
/**
* Prints administration menu
*
* This will return the administration menu items that the user has
* sufficient rights to -- Admin Block on the left side.
*
* @param        string      $help       Help file to show
* @param        string      $title      Menu Title
* @param        string      $position   Side being shown on 'left', 'right' or blank.
* @see function COM_userMenu
*
*/
function COM_adminMenu($help = '', $title = '', $position = '')
{
    global $_TABLES, $_CONF, $_CONF_FT, $LANG01, $LANG_ADMIN, $_BLOCK_TEMPLATE, $_DB_dbms, $config;
    $retval = '';
    if (COM_isAnonUser()) {
        return $retval;
    }
    $plugin_options = PLG_getAdminOptions();
    $num_plugins = count($plugin_options);
    if (SEC_isModerator() or SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit', 'OR') or $num_plugins > 0 or SEC_hasConfigAcess()) {
        // what's our current URL?
        $thisUrl = COM_getCurrentURL();
        $adminmenu = COM_newTemplate($_CONF['path_layout']);
        if (isset($_BLOCK_TEMPLATE['adminoption'])) {
            $templates = explode(',', $_BLOCK_TEMPLATE['adminoption']);
            $adminmenu->set_file(array('option' => $templates[0], 'current' => $templates[1]));
        } else {
            $adminmenu->set_file(array('option' => 'adminoption.thtml', 'current' => 'adminoption_off.thtml'));
        }
        $adminmenu->set_var('block_name', str_replace('_', '-', 'admin_block'));
        if (empty($title)) {
            $title = DB_getItem($_TABLES['blocks'], 'title', "name = 'admin_block'");
        }
        $retval .= COM_startBlock($title, $help, COM_getBlockTemplate('admin_block', 'header', $position));
        $topicsql = '';
        if (SEC_isModerator() || SEC_hasRights('story.edit')) {
            $tresult = DB_query("SELECT tid FROM {$_TABLES['topics']}" . COM_getPermSQL());
            $trows = DB_numRows($tresult);
            if ($trows > 0) {
                $tids = array();
                for ($i = 0; $i < $trows; $i++) {
                    $T = DB_fetchArray($tresult);
                    $tids[] = $T['tid'];
                }
                if (count($tids) > 0) {
                    $topicsql = " (tid IN ('" . implode("','", $tids) . "'))";
                }
            }
        }
        $modnum = 0;
        if (SEC_hasRights('story.edit,story.moderate', 'OR') || $_CONF['commentsubmission'] == 1 && SEC_hasRights('comment.moderate') || $_CONF['usersubmission'] == 1 && SEC_hasRights('user.edit,user.delete')) {
            if (SEC_hasRights('story.moderate')) {
                if (empty($topicsql)) {
                    $modnum += DB_count($_TABLES['storysubmission']);
                } else {
                    $sresult = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['storysubmission']} WHERE" . $topicsql);
                    $S = DB_fetchArray($sresult);
                    $modnum += $S['count'];
                }
            }
            if ($_CONF['listdraftstories'] == 1 && SEC_hasRights('story.edit')) {
                $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (draft_flag = 1)";
                if (!empty($topicsql)) {
                    $sql .= ' AND' . $topicsql;
                }
                $result = DB_query($sql . COM_getPermSQL('AND', 0, 3));
                $A = DB_fetchArray($result);
                $modnum += $A['count'];
            }
            if ($_CONF['commentsubmission'] == 1 && SEC_hasRights('comment.moderate')) {
                $modnum += DB_count($_TABLES['commentsubmissions']);
            }
            if ($_CONF['usersubmission'] == 1) {
                if (SEC_hasRights('user.edit') && SEC_hasRights('user.delete')) {
                    $modnum += DB_count($_TABLES['users'], 'status', '2');
                }
            }
        }
        if (SEC_hasConfigAcess()) {
            $url = $_CONF['site_admin_url'] . '/configuration.php';
            $adminmenu->set_var('option_url', $url);
            $adminmenu->set_var('option_label', $LANG01[129]);
            $adminmenu->set_var('option_count', count($config->_get_groups()));
            $menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option');
            $link_array[$LANG01[129]] = $menu_item;
        }
        // now handle submissions for plugins
        $modnum += PLG_getSubmissionCount();
        if (SEC_hasRights('story.edit')) {
            $url = $_CONF['site_admin_url'] . '/story.php';
            $adminmenu->set_var('option_url', $url);
            $adminmenu->set_var('option_label', $LANG01[11]);
            if (empty($topicsql)) {
                $numstories = DB_count($_TABLES['stories']);
            } else {
                $nresult = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE" . $topicsql . COM_getPermSql('AND'));
                $N = DB_fetchArray($nresult);
                $numstories = $N['count'];
            }
            $adminmenu->set_var('option_count', COM_numberFormat($numstories));
            $menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option');
            $link_array[$LANG01[11]] = $menu_item;
        }
        if (SEC_hasRights('block.edit')) {
            $result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['blocks']}" . COM_getPermSql());
            list($count) = DB_fetchArray($result);
            $url = $_CONF['site_admin_url'] . '/block.php';
            $adminmenu->set_var('option_url', $url);
            $adminmenu->set_var('option_label', $LANG01[12]);
            $adminmenu->set_var('option_count', COM_numberFormat($count));
            $menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option');
            $link_array[$LANG01[12]] = $menu_item;
        }
        if (SEC_hasRights('topic.edit')) {
            $result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['topics']}" . COM_getPermSql());
            list($count) = DB_fetchArray($result);
            $url = $_CONF['site_admin_url'] . '/topic.php';
            $adminmenu->set_var('option_url', $url);
            $adminmenu->set_var('option_label', $LANG01[13]);
            $adminmenu->set_var('option_count', COM_numberFormat($count));
            $menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option');
            $link_array[$LANG01[13]] = $menu_item;
        }
        if (SEC_hasRights('user.edit')) {
            $url = $_CONF['site_admin_url'] . '/user.php';
            $adminmenu->set_var('option_url', $url);
            $adminmenu->set_var('option_label', $LANG01[17]);
            $active_users = DB_count($_TABLES['users'], 'status', USER_ACCOUNT_ACTIVE);
            $adminmenu->set_var('option_count', COM_numberFormat($active_users - 1));
            $menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option');
            $link_array[$LANG01[17]] = $menu_item;
        }
        if (SEC_hasRights('group.edit')) {
            if (SEC_inGroup('Root')) {
                $grpFilter = '';
            } else {
                $thisUsersGroups = SEC_getUserGroups();
                $grpFilter = 'WHERE (grp_id IN (' . implode(',', $thisUsersGroups) . '))';
            }
            $result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['groups']} {$grpFilter};");
            $A = DB_fetchArray($result);
            $url = $_CONF['site_admin_url'] . '/group.php';
            $adminmenu->set_var('option_url', $url);
            $adminmenu->set_var('option_label', $LANG01[96]);
            $adminmenu->set_var('option_count', COM_numberFormat($A['count']));
            $menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option');
            $link_array[$LANG01[96]] = $menu_item;
        }
        if (SEC_hasRights('user.mail')) {
            $url = $_CONF['site_admin_url'] . '/mail.php';
            $adminmenu->set_var('option_url', $url);
            $adminmenu->set_var('option_label', $LANG01[105]);
            $adminmenu->set_var('option_count', $LANG_ADMIN['na']);
            $menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option');
            $link_array[$LANG01[105]] = $menu_item;
        }
        if ($_CONF['backend'] == 1 && SEC_hasRights('syndication.edit')) {
            $url = $_CONF['site_admin_url'] . '/syndication.php';
            $adminmenu->set_var('option_url', $url);
            $adminmenu->set_var('option_label', $LANG01[38]);
            $count = COM_numberFormat(DB_count($_TABLES['syndication']));
            $adminmenu->set_var('option_count', $count);
            $menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option');
            $link_array[$LANG01[38]] = $menu_item;
        }
        if (($_CONF['trackback_enabled'] || $_CONF['pingback_enabled'] || $_CONF['ping_enabled']) && SEC_hasRights('story.ping')) {
            $url = $_CONF['site_admin_url'] . '/trackback.php';
            $adminmenu->set_var('option_url', $url);
            $adminmenu->set_var('option_label', $LANG01[116]);
            if ($_CONF['ping_enabled']) {
                $count = COM_numberFormat(DB_count($_TABLES['pingservice']));
                $adminmenu->set_var('option_count', $count);
            } else {
                $adminmenu->set_var('option_count', $LANG_ADMIN['na']);
            }
            $menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option');
            $link_array[$LANG01[116]] = $menu_item;
        }
        if (SEC_hasRights('plugin.edit')) {
            $url = $_CONF['site_admin_url'] . '/plugins.php';
            $adminmenu->set_var('option_url', $url);
            $adminmenu->set_var('option_label', $LANG01[77]);
            $adminmenu->set_var('option_count', COM_numberFormat(DB_count($_TABLES['plugins'], 'pi_enabled', 1)));
            $menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option');
            $link_array[$LANG01[77]] = $menu_item;
        }
        // This will show the admin options for all installed plugins (if any)
        for ($i = 0; $i < $num_plugins; $i++) {
            $plg = current($plugin_options);
            $adminmenu->set_var('option_url', $plg->adminurl);
            $adminmenu->set_var('option_label', $plg->adminlabel);
            if (isset($plg->numsubmissions) && is_numeric($plg->numsubmissions)) {
                $adminmenu->set_var('option_count', COM_numberFormat($plg->numsubmissions));
            } elseif (!empty($plg->numsubmissions)) {
                $adminmenu->set_var('option_count', $plg->numsubmissions);
            } else {
                $adminmenu->set_var('option_count', $LANG_ADMIN['na']);
            }
            $menu_item = $adminmenu->parse('item', $thisUrl == $plg->adminurl ? 'current' : 'option', true);
            $link_array[$plg->adminlabel] = $menu_item;
            next($plugin_options);
        }
        if ($_CONF['allow_mysqldump'] == 1 and $_DB_dbms == 'mysql' and SEC_inGroup('Root')) {
            $url = $_CONF['site_admin_url'] . '/database.php';
            $adminmenu->set_var('option_url', $url);
            $adminmenu->set_var('option_label', $LANG01[103]);
            $adminmenu->set_var('option_count', $LANG_ADMIN['na']);
            $menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option');
            $link_array[$LANG01[103]] = $menu_item;
        }
        if ($_CONF['link_documentation'] == 1) {
            $doclang = COM_getLanguageName();
            $docs = 'docs/' . $doclang . '/index.html';
            if (file_exists($_CONF['path_html'] . $docs)) {
                $adminmenu->set_var('option_url', $_CONF['site_url'] . '/' . $docs);
            } else {
                $adminmenu->set_var('option_url', $_CONF['site_url'] . '/docs/english/index.html');
            }
            $adminmenu->set_var('option_label', $LANG01[113]);
            $adminmenu->set_var('option_count', $LANG_ADMIN['na']);
            $menu_item = $adminmenu->parse('item', 'option');
            $link_array[$LANG01[113]] = $menu_item;
        }
        if ($_CONF['link_versionchecker'] == 1 and SEC_inGroup('Root')) {
            $adminmenu->set_var('option_url', 'http://www.geeklog.net/versionchecker.php?version=' . VERSION);
            $adminmenu->set_var('option_label', $LANG01[107]);
            $adminmenu->set_var('option_count', VERSION);
            $menu_item = $adminmenu->parse('item', 'option');
            $link_array[$LANG01[107]] = $menu_item;
        }
        if ($_CONF['sort_admin']) {
            uksort($link_array, 'strcasecmp');
        }
        $url = $_CONF['site_admin_url'] . '/moderation.php';
        $adminmenu->set_var('option_url', $url);
        $adminmenu->set_var('option_label', $LANG01[10]);
        $adminmenu->set_var('option_count', COM_numberFormat($modnum));
        $menu_item = $adminmenu->finish($adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option'));
        $link_array = array($menu_item) + $link_array;
        foreach ($link_array as $link) {
            $retval .= $link;
        }
        $retval .= COM_endBlock(COM_getBlockTemplate('admin_block', 'footer', $position));
    }
    return $retval;
}
Esempio n. 2
0
        // Either their cookie expired or they are new
        $cooktime = COM_getUserCookieTimeout();
        if (!empty($cooktime)) {
            // They want their cookie to persist for some amount of time so set it now
            SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $cooktime);
        }
    }
    if (!SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,syndication.edit', 'OR')) {
        $display .= COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
    } else {
        $display .= COM_refresh($_CONF['site_url'] . '/index.php');
    }
    echo $display;
    exit;
} else {
    if (!SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit', 'OR') && count(PLG_getAdminOptions()) == 0 && !SEC_hasConfigAcess()) {
        COM_updateSpeedlimit('login');
        $display .= COM_siteHeader('menu');
        $display .= COM_startBlock($LANG20[1]);
        if (!$_CONF['user_login_method']['standard']) {
            $display .= '<p>' . $LANG_LOGIN[2] . '</p>';
        } else {
            if (isset($_POST['warn'])) {
                $display .= $LANG20[2] . '<br' . XHTML . '><br' . XHTML . '>' . COM_accessLog($LANG20[3] . ' ' . $_POST['loginname']);
            }
            $display .= '<form action="' . $_CONF['site_admin_url'] . '/moderation.php" method="post">' . '<table cellspacing="0" cellpadding="3" border="0" width="100%">' . LB . '<tr><td class="alignright"><b><label for="loginname">' . $LANG20[4] . '</label></b></td>' . LB . '<td><input type="text" name="loginname" id="loginname" size="16" maxlength="16"' . XHTML . '></td>' . LB . '</tr>' . LB . '<tr>' . LB . '<td class="alignright"><b><label for="passwd">' . $LANG20[5] . '</label></b></td>' . LB . '<td><input type="password" name="passwd" id="passwd" size="16"' . XHTML . '></td>' . '</tr>' . LB . '<tr>' . LB . '<td colspan="2" align="center" class="warning">' . $LANG20[6] . '<input type="hidden" name="warn" value="1"' . XHTML . '>' . '<br' . XHTML . '><input type="submit" name="mode" value="' . $LANG20[7] . '"' . XHTML . '></td>' . LB . '</tr>' . LB . '</table></form>';
        }
        $display .= COM_endBlock() . COM_siteFooter();
        COM_output($display);
        exit;
    }