function check_page($page, $param = '') { // This function checks whether the currently logged on user has permission to access // the page passed as parameter $page. The function returns 'true' if the user is // allowed access to the page, and 'false' otherwise (including when the page is auto // inserted - see below for more details). global $db; // Most entries (normal case) have their own pages. However, everything on the Config // and Modules menus are handled by the single pages config.php and modules.php which // must be broken down into subpages for display on the Admin Profiles permissions page. // If the page name is passed with a .php suffix, it is stripped. if ($page == 'modules') { $page = 'modulesset=' . $_GET['set']; } elseif ($page == 'configuration') { $cid = str_replace('gID=', '', $param) . $_GET['gID']; $config = $db->Execute("select configuration_group_title from " . TABLE_CONFIGURATION_GROUP . " where configuration_group_id = '" . $cid . "'"); $page = $config->fields['configuration_group_title']; } else { $page = strip_suffix($page, ".php"); } // Look up the the ID for the page name passed as parameter $page. If no ID is found // assume that this is a new function (e.g. a 3rd party mod) and insert the page into // the admin_files table. Otherwise compile a list of users allowed access to the page. // If the currently logged in user is on the list return 'true'. If not (including for // a new insertion) return 'false'. $query = "select id from " . TABLE_ADMIN_FILES . " where page = '" . $page . "'"; $included = $db->Execute($query); if ($included->fields['id'] == '') { $sql = "insert into " . TABLE_ADMIN_FILES . " set page = '" . $page . "'"; $db->Execute($sql); } else { $query = "select admin_id from " . TABLE_ADMIN_ALLOWED_PAGES . " where page_id = '" . $included->fields['id'] . "'"; $who_allow = $db->Execute($query); while (!$who_allow->EOF) { if ($who_allow->fields['admin_id'] == $_SESSION['admin_id']) { return 'true'; } $who_allow->MoveNext(); } } return 'false'; }
public static function bind($model_arg, $assoc_type_name, $assoc_model_name) { if ($model_arg === null || $model_arg === []) { return; } if (is_array($model_arg)) { $model_type = 'multiple_models'; $model = current($model_arg); } else { $model_type = 'single_model'; $model = $model_arg; } if (!$model instanceof model) { throw new developer_error('bad model, expect object, but get ' . gettype($model)); } $binder = 'bind_' . $model_type . '_with_assoc_model_of_' . $assoc_type_name; $assoc_class_name = $assoc_model_name . '_model'; $model_class_name = get_class($model); $model_name = strip_suffix($model_class_name); $func_args = func_get_args(); switch ($assoc_type_name) { case 'points_to': case 'belongs_to': case 'has_one': $refer_field_name = array_key_exists(3, $func_args) ? $func_args[3] : $assoc_model_name . '_id'; $as_field_name = array_key_exists(4, $func_args) ? $func_args[4] : $assoc_model_name; self::$binder($model_arg, $assoc_class_name, $refer_field_name, $as_field_name); break; case 'has_many': $order_limit = array_key_exists(3, $func_args) ? $func_args[3] : 0; $refer_field_name = array_key_exists(4, $func_args) ? $func_args[4] : $assoc_model_name . '_id'; $as_field_name = array_key_exists(5, $func_args) ? $func_args[5] : $assoc_model_name; self::$binder($model_arg, $assoc_class_name, $order_limit, $refer_field_name, $as_field_name); break; case 'many_many': $through = $func_args[3]; $through_field_names = array_key_exists(4, $func_args) ? $func_args[4] : array($model_name . '_id', $assoc_model_name . '_id'); $as_field_name = array_key_exists(5, $func_args) ? $func_args[5] : $through[0]; self::$binder($model_arg, $assoc_class_name, $through, $through_field_names, $as_field_name); break; default: throw new developer_error('未知的关联类型:' . $assoc_type_name); } }