function mw_post_form($edit = 0) { global $xoopsConfig, $xoopsUser, $xoopsSecurity; if (!$xoopsUser) { redirect_header(MWFunctions::get_url(), 1, __('You are not allowed to do this action!', 'mywords')); die; } // Check if user is a editor $author = new MWEditor(); if (!$author->from_user($xoopsUser->uid()) && !$xoopsUser->isAdmin()) { redirect_header(MWFunctions::get_url(), 1, __('You are not allowed to do this action!', 'mywords')); die; } RMTemplate::get()->add_script(RMCURL . '/include/js/jquery.min.js'); RMTemplate::get()->add_script(RMCURL . '/include/js/jquery-ui.min.js'); if ($edit) { $id = rmc_server_var($_GET, 'id', 0); if ($id <= 0) { redirect_header(MWFunctions::get_url(), __('Please, specify a valid post ID', 'mywords'), 1); die; } $post = new MWPost($id); if ($post->isNew()) { redirect_header(MWFunctions::get_url(), __('Specified post does not exists!', 'mywords'), 1); die; } // Check if user is the admin or a editor of this this post if ($author->id() != $post->getVar('author') && !$xoopsUser->isAdmin()) { redirect_header($post->permalink(), 1, __('You are not allowed to do this action!', 'mywords')); die; } } // Read privileges $perms = @$author->getVar('privileges'); $perms = is_array($perms) ? $perms : array(); $allowed_tracks = in_array("tracks", $perms) || $xoopsUser->isAdmin() ? true : false; $allowed_tags = in_array("tags", $perms) || $xoopsUser->isAdmin() ? true : false; $allowed_cats = in_array("cats", $perms) || $xoopsUser->isAdmin() ? true : false; $allowed_comms = in_array("comms", $perms) || $xoopsUser->isAdmin() ? true : false; $xoopsOption['module_subpage'] = 'submit'; include 'header.php'; $form = new RMForm('', '', ''); $editor = new RMFormEditor('', 'content', '99%', '300px', $edit ? $post->getVar('content') : ''); $meta_names = MWFunctions::get()->get_metas(); RMTemplate::get()->add_xoops_style('submit.css', 'mywords'); RMTemplate::get()->add_script(XOOPS_URL . '/modules/mywords/include/js/scripts.php?file=posts.js&front=1'); include RMTemplate::get()->get_template('mywords_submit_form.php', 'module', 'mywords'); include 'footer.php'; }
/** * Verify if a user is a registered editor */ public function is_editor($uid = 0) { if ($uid <= 0) { return false; } $editor = new MWEditor(); $editor->from_user($uid); return !$editor->isNew(); }
// Author: Eduardo Cortés <*****@*****.**> // Email: i.bitcero@gmail.com // License: GPL 2.0 // -------------------------------------------------------------- require '../../mainfile.php'; global $xoopsUser, $xoopsOption, $xoopsModuleConfig, $xoopsConfig, $rmTpl, $xoopsSecurity; if (!$xoopsModuleConfig['submit']) { RMUris::redirect_with_message(__('Posts submission is currently disabled', 'mywords'), XOOPS_URL, RMMSG_INFO); } if (!$xoopsUser) { redirect_header(MWFunctions::get_url(), 1, __('You are not allowed to do this action!', 'mywords')); die; } // Check if user is a editor $author = new MWEditor(); if (!$author->from_user($xoopsUser->uid()) && !$xoopsUser->isAdmin()) { redirect_header(MWFunctions::get_url(), 1, __('You are not allowed to do this action!', 'mywords')); die; } RMTemplate::get()->add_jquery(); $edit = isset($edit) ? $edit : 0; if ($edit > 0) { $id = $edit; if ($id <= 0) { redirect_header(MWFunctions::get_url(), __('Please, specify a valid post ID', 'mywords'), 1); die; } $post = new MWPost($id); if ($post->isNew()) { redirect_header(MWFunctions::get_url(), __('Specified post does not exists!', 'mywords'), 1); die;
$xoopsLogger->activated = false; $frontend = 0; extract($_POST); /*if(!$xoopsSecurity->check() || !$xoopsSecurity->checkReferer()){ $ret = array( 'error'=>__('You are not allowed to do this operation!','mywords') ); echo json_encode($ret); die(); }*/ $mc = RMSettings::module_settings('mywords'); if (!isset($xoopsUser) || !$xoopsUser->isAdmin() && !$mc->submit) { return_error(__('You are not allowed to do this action!', 'mywords'), false, MW_URL); } $editor = new MWEditor(); $editor->from_user($author); if ($op == 'saveedit') { if (!isset($id) || $id <= 0) { return_error(__('You must provide a valid post ID', 'mywords'), 0, 'posts.php'); die; } $post = new MWPost($id); if ($post->isNew()) { return_error(__('You must provide an existing post ID', 'mywords'), 0, 'posts.php'); die; } if (!$editor->id() == $post->getVar('author') && !$xoopsUser->isAdmin()) { return_error(__('You are not allowed to do this action!', 'mywords'), false, MW_URL); } $query = 'op=edit&id=' . $id; $edit = true;