function get_content_object_from_id($id) { // returns an object for the content with id == $id global $db, $config_vars, $userdata, $filetypes; // get content $uncontent = new album_content(); if ($uncontent->generate_from_id($id) == OP_SUCCESSFUL) { // check if user has view perms to that content if (check_content_action_allowed($uncontent->get_contentgroup_id(), $userdata['user_id'], 'view')) { $objtyp = $filetypes[getext($uncontent->file)]; if (isset($objtyp)) { $incontent = new $objtyp(); //this sucks (additional sql query) but its ok for now $incontent->generate_from_id($id); } else { // unsupported filetype } return $incontent; } else { return OP_MISSING_VIEW; } } else { return OP_FAILED; } }
function delete() { global $db, $config_vars, $userdata; // remove from content table // check is user is allowed $content = new album_content(); $content->generate_from_id($this->owner_id); if ($userdata['user_id'] == $this->user_id or check_content_action_allowed($content->get_contentgroup_id(), $userdata['user_id'], 'content_edit')) { // check wether the comment has child comments if (is_array($this->get_childs())) { // comment has childs $this->set_feedback('DELETED'); $this->commit(); } else { // comment has no childs $sql = "DELETE FROM " . $config_vars['table_prefix'] . "content_comments WHERE id = " . $this->id; if (!($result = $db->sql_query($sql))) { error_report(SQL_ERROR, 'delete', __LINE__, __FILE__, $sql); } $content->dec_comments_amount(); $content->commit(); unset($this->id); } } }
function set_contentgroup_id($contentgroup_id) { global $userdata; // $result = new phreak_error(); // $result->set_object_id($this->id); // $result->set_is_value($this->contentgroup_id); // $result->set_should_value($contentgroup_id); // // $result->set_operation('set_contentgroup_id'); //set the contentgroup_id of the actual object. checks if actual user is allwoed to. if ($this->id == 0 or check_content_action_allowed($this->contentgroup_id, $userdata['user_id'], "edit")) { $this->contentgroup_id = $contentgroup_id; // $result->set_type(NO_ERROR); return OP_SUCCESSFUL; } else { // $result->set_why(OP_NP_MISSING_EDIT); // $result->set_type(AUTH_ERROR); $error = new phreak_error(E_WARNING, AUTH_ERROR, __LINE__, __FILE__, 'set_contentgroup_id', $this->id, $this->contentgroup_id, $contentgroup_id); $error->commit(); return $result; } }
$cat_obj = new categorie(); $cat_obj->generate_from_id($HTTP_GET_VARS['cat_id']); if (check_cat_action_allowed($cat_obj->get_catgroup_id(), $userdata['user_id'], 'content_remove')) { $smarty->assign('allow_content_remove', 1); } if ($redirect_to_cat) { $header_location = @preg_match("/Microsoft|WebSTAR|Xitami/", getenv("SERVER_SOFTWARE")) ? "Refresh: 0; URL=" : "Location: "; header($header_location . append_sid("view_cat.php?cat_id={$HTTP_GET_VARS['cat_id']}", true)); } //Show comments $root_comments = get_comments_of_content($HTTP_GET_VARS['content_id']); for ($i = 0; $i < sizeof($root_comments); $i++) { make_comments($root_comments[$i], 0, $content->check_perm('comment_edit')); } $smarty->assign('comments', $comments); if (check_content_action_allowed($content->get_contentgroup_id(), $userdata['user_id'], 'comment_edit')) { $smarty->assign('allow_comment_edit', true); } // show content $nav_string = build_nav_string($HTTP_GET_VARS['cat_id']); $nav_content['name'] = htmlspecialchars($content->get_name()); $nav_string[] = $nav_content; $smarty->assign('nav_string', $nav_string); $content->inc_views(); $smarty->assign('html', $content->get_html()); $smarty->assign('name', htmlspecialchars($content->get_name())); $smarty->assign('content_id', $content->get_id()); $smarty->assign('views', $content->get_views()); $smarty->assign('current_rating', $content->get_current_rating()); $smarty->assign('cat_id', $HTTP_GET_VARS['cat_id']); $smarty->assign('redirect', PHREAKPIC_PATH . 'view_content.php');