// Initialize the Flow Subsystem. if (!defined('SYS_FLOW')) { require_once BASE . 'subsystems/flow.php'; } // Validate session exponent_sessions_validate(); // Initialize permissions variables exponent_permissions_initialize(); #$section = (exponent_sessions_isset('last_section') ? exponent_sessions_get('last_section') : SITE_DEFAULT_SECTION); if (isset($_REQUEST['action']) && isset($_REQUEST['module'])) { $section = exponent_sessions_isset('last_section') ? exponent_sessions_get('last_section') : SITE_DEFAULT_SECTION; } else { $section = isset($_REQUEST['section']) ? $_REQUEST['section'] : SITE_DEFAULT_SECTION; } $section = $db->selectObject('section', 'id=' . intval($section)); if (!NavigationModule::canView($section)) { define('AUTHORIZED_SECTION', 0); } else { define('AUTHORIZED_SECTION', 1); } if (!NavigationModule::isPublic($section)) { define('PUBLIC_SECTION', 0); } else { define('PUBLIC_SECTION', 1); } function eDebug($var) { if (DEVELOPMENT) { echo "<xmp>"; print_r($var); echo "</xmp>";
function canView($section) { global $db; if ($section->public == 0) { // Not a public section. Check permissions. return exponent_permissions_check('view', exponent_core_makeLocation('NavigationModule', '', $section->id)); } else { // Is public. check parents. if ($section->parent <= 0) { // Out of parents, and since we are still checking, we haven't hit a private section. return true; } else { $s = $db->selectObject('section', 'id=' . $section->parent); return NavigationModule::canView($s); } } }
include_once BASE . "subsystems/search.php"; } $search_string = trim(strtolower(strip_tags($_GET['search_string']))); if ($search_string == "") { echo exponent_lang_loadKey('modules/SearchModule/actions/search.php', 'need_term'); return; } $term_status = exponent_search_cleanSearchQuery(array_map("addslashes", array_map("trim", split(" ", $search_string)))); $terms = $term_status['valid']; $results = array(); foreach ($db->selectObjects("search", exponent_search_whereClause(array("title", "body"), $terms, SEARCH_TYPE_ANY)) as $r) { $result = null; $rloc = unserialize($r->location_data); $sectionref = $db->selectObject("sectionref", "module='" . $rloc->mod . "' AND source='" . $rloc->src . "'"); $section = $db->selectObject("section", "id=" . $sectionref->section); $canview = NavigationModule::canView($section); if ($canview && $r->view_perm != '') { // No point in checking the perm stuff if they cant even see the section $canview = false; // They need to have specific perms on the module. foreach (explode(',', $r->view_perm) as $p) { if (exponent_permissions_check($p, $rloc)) { $canview = true; break; } } } if ($canview) { $weight = 0; $body_l = strtolower($r->body); $title_l = strtolower($r->title);