function attachfile_check_upload_permission_plugin($target_id) { //$mydirname , $module_dirname , $mytrustdirname , $targettrustdirname // emulate d3diary $mytrustdirname = $this->target_trustdirname; $mytrustdirpath = XOOPS_TRUST_PATH . '/modules/' . $mytrustdirname; $mydirname = $this->target_dirname; include_once $mytrustdirpath . '/class/diary.class.php'; include_once $mytrustdirpath . '/class/category.class.php'; include_once $mytrustdirpath . '/class/d3diaryConf.class.php'; $diary =& D3diaryDiary::getInstance(); $cat =& D3diaryCategory::getInstance(); $diary->bid = $target_id; $diary->readdb($mydirname); if (empty($diary->uid)) { return false; } $d3dConf =& D3diaryConf::getInstance($mydirname, (int) $diary->uid, "attachfile"); $d3dConf->mPerm->get_allowed_openarea(); $uid = $d3dConf->uid; $editperm = 0; $owner = 0; $_tempGperm = $d3dConf->gPerm->getUidsByName(array('allow_edit')); // check edit permission by group if (in_array($uid, $_tempGperm['allow_edit'])) { if ($diary->uid == $uid) { $owner = 1; $editperm = 1; } if ($d3dConf->mPerm->isadmin) { $editperm = 1; } } unset($_tempGperm); if ($editperm == 1) { return true; } else { return false; } }
<?php //-------------------------------------------------------------------- // Config //-------------------------------------------------------------------- include_once dirname( dirname(__FILE__) ).'/class/diary.class.php'; include_once dirname( dirname(__FILE__) ).'/class/category.class.php'; include_once dirname( dirname(__FILE__) ).'/class/d3diaryConf.class.php'; include_once dirname( dirname(__FILE__) ).'/class/photo.class.php'; $diaryObj =& D3diaryDiary::getInstance(); $category =& D3diaryCategory::getInstance(); $photoObj =& D3diaryPhoto::getInstance(); //-------------------------------------------------------------------- // GET Initial Valuses //-------------------------------------------------------------------- $myname = "photolist.php"; $yd_list=array(); $yd_com_key=""; $yd_monthnavi=""; $d3dConf =& D3diaryConf::getInstance($mydirname, 0, "photolist"); $func =& $d3dConf->func ; $myts =& $d3dConf->myts; $mPerm =& $d3dConf->mPerm ; $gPerm =& $d3dConf->gPerm ; $mod_config =& $d3dConf->mod_config ; // query values $uid = $d3dConf->uid; $req_uid = $d3dConf->req_uid;
<?php include_once dirname(dirname(__FILE__)) . '/class/diary.class.php'; include_once dirname(dirname(__FILE__)) . '/class/photo.class.php'; include_once dirname(dirname(__FILE__)) . '/class/tag.class.php'; include_once dirname(dirname(__FILE__)) . '/class/d3diaryConf.class.php'; $myname = "mailpost.php"; $diary =& D3diaryDiary::getInstance(); $photo =& D3diaryPhoto::getInstance(); $tag =& D3diaryTag::getInstance(); $d3dConf =& D3diaryConf::getInstance($mydirname, 0, "mailpost"); $func =& $d3dConf->func; $uid = $d3dConf->uid; // overrides $d3dConf->req_uid $d3dConf->req_uid = $req_uid = isset($_GET['req_uid']) ? (int) $_GET['req_uid'] : $uid; $mPerm =& $d3dConf->mPerm; $mPerm->ini_set(); $gPerm =& $d3dConf->gPerm; $mod_config =& $d3dConf->mod_config; if ($mPerm->isadmin && 0 < $req_uid) { $query_req_uid = "&req_uid=" . $req_uid; $rtn = $func->get_xoopsuname($req_uid); $uname = $rtn['uname']; $name = !empty($rtn['name']) ? $rtn['name'] : ""; $rtn = $func->get_xoopsuname($uid); $myuname = $rtn['uname']; $myname = !empty($rtn['name']) ? $rtn['name'] : ""; } elseif (!$mPerm->isadmin && 0 < $req_uid && $req_uid != $uid) { redirect_header(XOOPS_URL . '/user.php', 2, _MD_NOPERM_EDIT); exit; } else {