$action = $key; } $params = array_merge($params, $val->getParams()); } } $bypass_auth = false; if ($params['id'] && $action == 'show') { // owner can always see his file $owner = File::GetAttrib($params['id'], 'owner'); $bypass_auth = $owner && $owner == User::GetAuthenticatedID(); } if ($action && $ACTIONS[$action]) { check_perms($ACTIONS[$action]); } else { // index check_perms(User::HasPermissions($CONTROLLER_PERMS) || $bypass_auth); } if ($action == 'show') { $id = $params['id']; $args['fileinfo'] = File::GetAttribs($id); if (!$args['fileinfo']) { Error::generate('notice', 'Invalid file ID in action show.'); header("Location: {$PAGE_REL_URL}"); } else { foreach ($args['fileinfo'] as $key => $param) { switch (strtolower($param[0])) { case 'path': $path = $param[1]; $link = $ACTIONS['get']->getLink(array('id' => $id)); $args['fileinfo'][$key][1] = "<a href=\"{$link}\">{$path}</a>"; break;
} $params = array_merge($params, $val->getParams()); } } if ($action == 'create2') { $action = 'create'; } else { if ($action == 'create') { $params['id'] = 1; } } if ($action && $ACTIONS[$action]) { check_perms($ACTIONS[$action]); } else { // index check_perms(User::HasPermissions($CONTROLLER_PERMS)); } if ($action == 'create') { $params['owner'] = User::GetAuthenticatedID(); if (!$params['owner']) { check_perms(false); } else { if (!Comment::Create($params)) { Error::generate('warn', 'Could not create comment.', Error::$FLAGS['single']); include 'views/create.view.php'; } else { Error::generate('success', 'Comment created.', Error::$FLAGS['single']); $args['list'] = Comment::ListAll(); redirect('comment', 'list'); } }
} } else { foreach ($args['userinfo'] as $key => $param) { switch (strtolower($param[0])) { case 'file': $id = $param[1]; $fname = File::GetAttrib($id, 'name'); $frole = File::GetAttrib($id, 'roles'); $fowner = File::GetAttrib($id, 'owner'); if (!User::HasPermissions($frole)) { // if you can see it, you're the owner $prefix = '(Pending approval) '; } else { $prefix = ''; } if (User::HasPermissions($frole) || User::GetAuthenticatedID() == $fowner) { $args['userinfo'][$key] = array($prefix . $param[0], "<a href=\"{$HTMLROOT}/file/show?id={$id}\">{$fname}</a>"); } else { unset($args['userinfo'][$key]); } break; default: } } User::leaveStatusMode(); include "views/show.view.php"; } } } else { if ($action == 'login') { $vid = get_viewer_id();
function checkPerms() { return $this->perms == 'any' || User::HasPermissions($this->perms); }
<td class="status"> <!--<div class="password-meter"> <div class="password-meter-message"> </div> <div class="password-meter-bg"> <div class="password-meter-bar"></div> </div> </div>--> </td> </tr> <tr> <td class="label"><label for="password_confirm">Confirm Password</label><em>*</em></td> <td class="field"><input type="password" id="password_confirm" name="password_confirm" /></td> <td class="status"></td> </tr> <?php if (User::HasPermissions('admin')) { ?> <tr> <td class="label"><label for="role">Role</label></td> <td class="field"><input type="text" id="role" name="role" value="banned,admin" /></td> <td class="status"></td> </tr> <?php } ?> <tr> <td></td> <td colspan="2"> <input id="terms" type="checkbox" name="terms" /> <label for="terms">I have read and accept the terms of use.</label> </td>