Пример #1
0
function check_page($page, $param = '')
{
    // This function checks whether the currently logged on user has permission to access
    // the page passed as parameter $page. The function returns 'true' if the user is
    // allowed access to the page, and 'false' otherwise (including when the page is auto
    // inserted - see below for more details).
    global $db;
    // Most entries (normal case) have their own pages. However, everything on the Config
    // and Modules menus are handled by the single pages config.php and modules.php which
    // must be broken down into subpages for display on the Admin Profiles permissions page.
    // If the page name is passed with a .php suffix, it is stripped.
    if ($page == 'modules') {
        $page = 'modulesset=' . $_GET['set'];
    } elseif ($page == 'configuration') {
        $cid = str_replace('gID=', '', $param) . $_GET['gID'];
        $config = $db->Execute("select configuration_group_title from " . TABLE_CONFIGURATION_GROUP . " where configuration_group_id = '" . $cid . "'");
        $page = $config->fields['configuration_group_title'];
    } else {
        $page = strip_suffix($page, ".php");
    }
    // Look up the the ID for the page name passed as parameter $page. If no ID is found
    // assume that this is a new function (e.g. a 3rd party mod) and insert the page into
    // the admin_files table. Otherwise compile a list of users allowed access to the page.
    // If the currently logged in user is on the list return 'true'. If not (including for
    // a new insertion) return 'false'.
    $query = "select id from " . TABLE_ADMIN_FILES . " where page = '" . $page . "'";
    $included = $db->Execute($query);
    if ($included->fields['id'] == '') {
        $sql = "insert into " . TABLE_ADMIN_FILES . "  set page = '" . $page . "'";
        $db->Execute($sql);
    } else {
        $query = "select admin_id from " . TABLE_ADMIN_ALLOWED_PAGES . " where page_id = '" . $included->fields['id'] . "'";
        $who_allow = $db->Execute($query);
        while (!$who_allow->EOF) {
            if ($who_allow->fields['admin_id'] == $_SESSION['admin_id']) {
                return 'true';
            }
            $who_allow->MoveNext();
        }
    }
    return 'false';
}
Пример #2
0
 public static function bind($model_arg, $assoc_type_name, $assoc_model_name)
 {
     if ($model_arg === null || $model_arg === []) {
         return;
     }
     if (is_array($model_arg)) {
         $model_type = 'multiple_models';
         $model = current($model_arg);
     } else {
         $model_type = 'single_model';
         $model = $model_arg;
     }
     if (!$model instanceof model) {
         throw new developer_error('bad model, expect object, but get ' . gettype($model));
     }
     $binder = 'bind_' . $model_type . '_with_assoc_model_of_' . $assoc_type_name;
     $assoc_class_name = $assoc_model_name . '_model';
     $model_class_name = get_class($model);
     $model_name = strip_suffix($model_class_name);
     $func_args = func_get_args();
     switch ($assoc_type_name) {
         case 'points_to':
         case 'belongs_to':
         case 'has_one':
             $refer_field_name = array_key_exists(3, $func_args) ? $func_args[3] : $assoc_model_name . '_id';
             $as_field_name = array_key_exists(4, $func_args) ? $func_args[4] : $assoc_model_name;
             self::$binder($model_arg, $assoc_class_name, $refer_field_name, $as_field_name);
             break;
         case 'has_many':
             $order_limit = array_key_exists(3, $func_args) ? $func_args[3] : 0;
             $refer_field_name = array_key_exists(4, $func_args) ? $func_args[4] : $assoc_model_name . '_id';
             $as_field_name = array_key_exists(5, $func_args) ? $func_args[5] : $assoc_model_name;
             self::$binder($model_arg, $assoc_class_name, $order_limit, $refer_field_name, $as_field_name);
             break;
         case 'many_many':
             $through = $func_args[3];
             $through_field_names = array_key_exists(4, $func_args) ? $func_args[4] : array($model_name . '_id', $assoc_model_name . '_id');
             $as_field_name = array_key_exists(5, $func_args) ? $func_args[5] : $through[0];
             self::$binder($model_arg, $assoc_class_name, $through, $through_field_names, $as_field_name);
             break;
         default:
             throw new developer_error('未知的关联类型:' . $assoc_type_name);
     }
 }