function cn_api_add_news($id, $data) { $nloc = db_get_nloc($id); $db = db_news_load($nloc); $db[$id] = $data; // add data db_save_news($db, $nloc); $user = db_user_by_name($data['u']); db_index_add($id, $data['c'], $user['id'], $data['is_draft']); }
$is_true_user = TRUE; foreach ($db[$id]['co'] as $dnews) { if ($dnews['u'] == $name && $dnews['e'] != $mail) { $is_true_user = FALSE; break; } } if (!$is_true_user) { echo '<div class="cn_error_comment">' . i18n('This user name already exist, choose another') . '. <a href="' . $refer . '">Go back</a></div>'; return FALSE; } } // Can edit comment? $acl_edit_comment = FALSE; $edit_id = intval(REQ('edit_id')); $_target_user = isset($db[$id]['co'][$edit_id]) ? db_user_by_name($db[$id]['co'][$edit_id]['u']) : FALSE; // Check: self [if can], group, and edit all if ($edit_id && (test('Mes') && $_target_user && $_target_user['name'] == $user['name'] || test('Meg', $_target_user) || test('Mea'))) { $acl_edit_comment = TRUE; } // Check access for edit comment if ($acl_edit_comment && REQ('cm_edit_comment', 'POST')) { $cid = $edit_id; } else { $cid = ctime(); while (isset($db['co'][$cid])) { $cid++; } } //convert to right encoding if (getoption('frontend_encoding') != 'UTF-8' && function_exists('iconv')) {
function cn_modify_comm_input_commentbox($e) { $edit_id = intval(REQ('edit_id')); $cm_text = REQ('comments', 'POST'); if (!empty($edit_id)) { $username = $e['co'][$edit_id]['u']; $member = member_get(); $target_user = db_user_by_name($username); // Check ACL for edit if (test('Mes') && $username == $member['name'] || test('Meg', $target_user) || test('Mea')) { $cm_text = str_replace('[', '[', $e['co'][$edit_id]['c']); } } return '<textarea cols="40" rows="6" name="comments" class="cn_comm_textarea" id="ncomm_' . $e['id'] . '">' . cn_htmlspecialchars($cm_text) . '</textarea>'; }
function dashboard_userman() { list($section, $st, $delete) = GET('section, st, delete'); list($user_name, $user_pass, $user_confirm, $user_nick, $user_email, $user_acl) = GET('user_name, user_pass, user_confirm, user_nick, user_email, user_acl'); $per_page = 100; $section = intval($section); $st = intval($st); $grp = getoption('#grp'); $is_edit = FALSE; //visability Edit btton if (request_type('POST')) { cn_dsi_check(); // Do Delete if ($delete) { db_user_delete($user_name); cn_throw_message('User [' . cn_htmlspecialchars($user_name) . '] deleted'); $user_name = $user_nick = $user_email = $user_acl = ''; } else { $user_data = db_user_by_name($user_name); if (REQ('edit')) { if ($user_data === null) { $is_edit = FALSE; cn_throw_message("User not exists", 'e'); } } else { // Check user if (!$user_name) { cn_throw_message("Fill required field: username", 'e'); } if (!$user_pass) { cn_throw_message("Fill required field: password", 'e'); } if ($user_data !== null) { cn_throw_message("Username already exist", 'e'); } if ($user_confirm != $user_pass) { cn_throw_message('Confirm not match', 'e'); } // Invalid email if (!check_email($user_email)) { cn_throw_message("Email not valid", "e"); } elseif (db_user_by($user_email, 'email')) { cn_throw_message('Email already exists', 'e'); } } // Must be correct all if (cn_get_message('e', 'c') == 0) { // Edit user [user exist] if (REQ('edit')) { db_user_update($user_name, "email={$user_email}", "nick={$user_nick}", "acl={$user_acl}"); // Update exists (change password) if ($user_pass) { if ($user_confirm == $user_pass) { db_user_update($user_name, 'pass='******'User password / user info updated'); } else { cn_throw_message('Confirm not match', 'e'); } } else { cn_throw_message('User info updated'); } } else { if ($user_id = db_user_add($user_name, $user_acl)) { if (db_user_update($user_name, "email={$user_email}", "nick={$user_nick}", 'pass='******'t update user", 'e'); } } else { cn_throw_message("User not added: internal error", 'e'); } } } } } // ---- $userlist = db_user_list(); // Get users by ACL from index if ($section) { foreach ($userlist as $id => $dt) { if ($dt['acl'] != $section) { unset($userlist[$id]); } } } // Sort by latest & make pagination krsort($userlist); $userlist = array_slice($userlist, $st, $per_page, TRUE); // Fetch estimate user list foreach ($userlist as $id => $data) { $user = db_user_by($id); $userlist[$id] = $user; } // Retrieve info about user if ($user = db_user_by_name($user_name)) { $user_nick = isset($user['nick']) ? $user['nick'] : ''; $user_email = isset($user['email']) ? $user['email'] : ''; $user_acl = isset($user['acl']) ? $user['acl'] : ''; $is_edit = TRUE; } // By default for section if (!$user_acl) { $user_acl = $section; } cn_assign('users, section, st, per_page, grp', $userlist, $section, $st, $per_page, $grp); cn_assign('user_name, user_nick, user_email, user_acl, is_edit', $user_name, $user_nick, $user_email, $user_acl, $is_edit); echoheader('-@dashboard/style.css', "Users manager"); echo exec_tpl('dashboard/users'); echofooter(); }
function load_users_id($ufilter) { foreach ($ufilter as $key => $user_name) { $u = db_user_by_name($user_name); $ufilter[$key] = $u['id']; } return $ufilter; }
function edit_news_action_list() { // init list($source, $archive_id, $per_page, $sort, $dir, $YS, $MS, $DS, $page) = GET('source, archive_id, per_page, sort, dir, year, mon, day, page', 'GET,POST'); list($add_category, $add_user, $rm_cat, $rm_user, $cat_filter) = GET('add_category_filter, add_user_filter, rm_category_filter, rm_user_filter, cat_filter', 'GET'); // defaults $has_next = FALSE; $page = intval($page); $ctime = ctime(); $nocat = FALSE; if ($per_page == 0) { $per_page = 25; } if ($sort == '') { $sort = 'date'; } if ($sort == 'date' && !$dir) { $dir = 'd'; } if ($dir == '') { $dir = 'a'; } // --- changes in acp filters --- list($cfilter, $ufilter) = cn_cookie_unpack('filter_cat, filter_user'); if ($add_category) { $sp = spsep($add_category); foreach ($sp as $id) { if (test_cat($id)) { $cfilter[$id] = $id; } } } if ($add_user) { $sp = spsep($add_user); foreach ($sp as $id) { $ufilter[$id] = $id; } } if ($rm_cat) { $sp = spsep($rm_cat); foreach ($sp as $id) { unset($cfilter[$id]); } } if ($rm_user) { $sp = spsep($rm_user); foreach ($sp as $id) { unset($ufilter[$id]); } } // Add concrete filter if ($cat_filter) { if ($cat_filter !== '-') { $filter = intval($cat_filter); if (test_cat($filter)) { $cfilter[$filter] = $filter; } } else { $nocat = TRUE; } } cn_cookie_pack('filter_cat, filter_user', $cfilter, $ufilter); // ---------------------------------------------------- $opts = array('source' => $source, 'archive_id' => $archive_id, 'sort' => $sort, 'dir' => $dir, 'start' => $page, 'per_page' => $per_page + 1, 'cfilter' => $cfilter, 'ufilter' => $ufilter, 'nocat' => $nocat, 'nlpros' => TRUE, 'by_date' => "{$YS}-{$MS}-{$DS}"); list($entries, $rev) = cn_get_news($opts); // Detect next exists if (count($entries) > $per_page) { end($entries); unset($entries[key($entries)]); $has_next = TRUE; } $meta = array(); // Load meta-data (and userlist data) if ($archive_id && $source == 'archive') { $meta = db_index_meta_load("archive-{$archive_id}", TRUE); } else { $meta = db_index_meta_load($source, TRUE); } // Meta-data for draft only $meta_draft = db_index_meta_load('draft'); $ptree = isset($meta['locs']) ? $meta['locs'] : false; $userlist = $meta['uids']; $nprospect = intval($rev['cpostponed']); $ndraft = is_array($meta_draft['locs']) ? intval(array_sum($meta_draft['locs'])) : 0; $found_rows = isset($meta['locs']) && is_array($meta['locs']) ? intval(array_sum($meta['locs'])) : 0; $archives = count(db_get_archives()); // --- // Decode proto tree for list news $tree_years = array(); $tree_mons = array(); $tree_days = array(); // Is draft or active (or prospected) if ($source !== 'archive') { if ($ptree) { foreach ($ptree as $nloc => $c) { list($Y, $M, $D) = explode('-', $nloc); if (isset($tree_years[$Y])) { $tree_years[$Y] += $c; } else { $tree_years[$Y] = $c; } if ($Y == $YS) { if (isset($tree_mons[$M])) { $tree_mons[$M] += $c; } else { $tree_mons[$M] = $c; } if ($M == $MS) { $tree_days[$D] = $c; } } } } } else { $found_rows = 0; $ptree = db_get_archives(); // Archive Id exists if ($archive_id) { $found_rows = $ptree[$archive_id]['c']; } else { foreach ($ptree as $item) { $found_rows += $item['c']; } $entries = array(); } $nprospect = 0; } // ---------------------------------------------------- foreach ($entries as $id => $entry) { $can = FALSE; $nv_user = db_user_by_name($entry['u']); // User not exists, deny, except admins if (!$nv_user && !test('Nva')) { $can = FALSE; } elseif (test('Nvs', $nv_user, TRUE) || test('Nvg', $nv_user) || test('Nva')) { $can = test_cat($entry['c']); } $entries[$id]['user'] = $entry['u']; $entries[$id]['date'] = $YS ? date('M, d H:i', $id) : date('M, d Y H:i', $id); $entries[$id]['date_full'] = date('Y M d, H:i:s', $id); $entries[$id]['user'] = $entry['u']; $entries[$id]['comments'] = count($entry['co']); $entries[$id]['title'] = $entry['t']; $entries[$id]['cats'] = spsep($entry['c']); $entries[$id]['is_pros'] = $id > $ctime ? TRUE : FALSE; $entries[$id]['can'] = $can; } // clear differs for cn_url_* unset($_GET['add_category_filter'], $_GET['add_user_filter'], $_GET['rm_category_filter'], $_GET['rm_user_filter']); // ------ cn_assign('sort, dir, source, per_page, entries_showed, entries_total, entries, page, userlist, category_filters, user_filters, cat_filter', $sort, $dir, $source, $per_page, count($entries), $found_rows, $entries, $page, $userlist, $cfilter, $ufilter, $cat_filter); cn_assign('year_selected, mon_selected, day_selected, TY, TM, TD, ptree', $YS, $MS, $DS, $tree_years, $tree_mons, $tree_days, $ptree); cn_assign('nprospect, ndraft, has_next, archives', $nprospect, $ndraft, $has_next, $archives); echoheader('editnews@editnews/main.css', 'News list'); echo exec_tpl('editnews/list'); echofooter(); }