$action = $key;
}
$params = array_merge($params, $val->getParams());
}
}
$bypass_auth = false;
if ($params['id'] && $action == 'show') {
// owner can always see his file
$owner = File::GetAttrib($params['id'], 'owner');
$bypass_auth = $owner && $owner == User::GetAuthenticatedID();
}
if ($action && $ACTIONS[$action]) {
check_perms($ACTIONS[$action]);
} else {
// index
check_perms(User::HasPermissions($CONTROLLER_PERMS) || $bypass_auth);
}
if ($action == 'show') {
$id = $params['id'];
$args['fileinfo'] = File::GetAttribs($id);
if (!$args['fileinfo']) {
Error::generate('notice', 'Invalid file ID in action show.');
header("Location: {$PAGE_REL_URL}");
} else {
foreach ($args['fileinfo'] as $key => $param) {
switch (strtolower($param[0])) {
case 'path':
$path = $param[1];
$link = $ACTIONS['get']->getLink(array('id' => $id));
$args['fileinfo'][$key][1] = "<a href=\"{$link}\">{$path}</a>";
break;
}
$params = array_merge($params, $val->getParams());
}
}
if ($action == 'create2') {
$action = 'create';
} else {
if ($action == 'create') {
$params['id'] = 1;
}
}
if ($action && $ACTIONS[$action]) {
check_perms($ACTIONS[$action]);
} else {
// index
check_perms(User::HasPermissions($CONTROLLER_PERMS));
}
if ($action == 'create') {
$params['owner'] = User::GetAuthenticatedID();
if (!$params['owner']) {
check_perms(false);
} else {
if (!Comment::Create($params)) {
Error::generate('warn', 'Could not create comment.', Error::$FLAGS['single']);
include 'views/create.view.php';
} else {
Error::generate('success', 'Comment created.', Error::$FLAGS['single']);
$args['list'] = Comment::ListAll();
redirect('comment', 'list');
}
}
}
} else {
foreach ($args['userinfo'] as $key => $param) {
switch (strtolower($param[0])) {
case 'file':
$id = $param[1];
$fname = File::GetAttrib($id, 'name');
$frole = File::GetAttrib($id, 'roles');
$fowner = File::GetAttrib($id, 'owner');
if (!User::HasPermissions($frole)) {
// if you can see it, you're the owner
$prefix = '(Pending approval) ';
} else {
$prefix = '';
}
if (User::HasPermissions($frole) || User::GetAuthenticatedID() == $fowner) {
$args['userinfo'][$key] = array($prefix . $param[0], "<a href=\"{$HTMLROOT}/file/show?id={$id}\">{$fname}</a>");
} else {
unset($args['userinfo'][$key]);
}
break;
default:
}
}
User::leaveStatusMode();
include "views/show.view.php";
}
}
} else {
if ($action == 'login') {
$vid = get_viewer_id();
function checkPerms()
{
return $this->perms == 'any' || User::HasPermissions($this->perms);
}
<td class="status">
<!--<div class="password-meter">
<div class="password-meter-message"> </div>
<div class="password-meter-bg">
<div class="password-meter-bar"></div>
</div>
</div>-->
</td>
</tr>
<tr>
<td class="label"><label for="password_confirm">Confirm Password</label><em>*</em></td>
<td class="field"><input type="password" id="password_confirm" name="password_confirm" /></td>
<td class="status"></td>
</tr>
<?php
if (User::HasPermissions('admin')) {
?>
<tr>
<td class="label"><label for="role">Role</label></td>
<td class="field"><input type="text" id="role" name="role" value="banned,admin" /></td>
<td class="status"></td>
</tr>
<?php
}
?>
<tr>
<td></td>
<td colspan="2">
<input id="terms" type="checkbox" name="terms" />
<label for="terms">I have read and accept the terms of use.</label>
</td>
