if ($user == null) { if ($debug) { print "User doesn't exist " . $parms->getParm('username') . "\n"; } loginFail(); } // Get username and password and check - first check shouldn't hit but additional check if ($user->getUsername() != $parms->getParm('username') || md5($parms->getParm('password')) != $user->getPassword()) { if ($debug) { print "Login failure user: "******" password: "******" \n"; } loginFail(); } // check we have sufficient permission - ie. admin if (!$user->isAdmin()) { noPermission(); } // If we get here we are logged in so can add entry if ($debug) { print "Login successful " . $user->getUsername() . " \n"; } // create rule object with defaults - populate below $rule = new Rule(); $siteentry = $kdb->getSiteSitename($parms->getParm('site')); // Does sitename exist - if not null already have an entry if ($siteentry != null) { // we need the siteid for the rules entry $siteid = $siteentry->getId(); } else { // only sitename known - perhaps comments or default '' - siteid is autogen $siteentry = new Site(array('sitename' => $parms->getParm('site'), 'comments' => $parms->getParm('comments')));
$subcat = "guides"; $page_title = "Modify Guide"; $tertiary_nav = "yes"; ob_start(); include "../includes/header.php"; $postvar_subject_id = scrubData($_GET['subject_id']); $this_id = $_GET["subject_id"]; $clone = 0; // See if they have permission to edit this guide if (!isset($_SESSION["admin"]) || $_SESSION["admin"] != 1) { $q = "SELECT staff_id from staff_subject WHERE subject_id = '{$this_id}'\n AND staff_id = '" . $_SESSION["staff_id"] . "'"; $r = $db->query($q); $num_rows = count($r); if ($num_rows < 1) { $no_permission = _("You do not have permission to edit this guide. Ask the guide's creator to add you as a co-editor."); print noPermission($no_permission); include "../includes/footer.php"; exit; } } // See if anything has been added through the Find button if (isset($_GET["insert_pluslet"])) { $qa = "SELECT p.pluslet_id, p.title, p.body, ps.pcolumn, p.type, p.extra\n FROM pluslet p WHERE p.pluslet_id = '" . $_GET["insert_pluslet"] . "'"; $ra = $db->query($qa); } if (isset($this_id)) { $subject_id = $_GET["subject_id"]; // get name of quide $q = "SELECT subject, shortform, active, extra from subject where subject_id = '{$subject_id}'"; $r = $db->query($q); // If this guide doesn't exist, send them away