/** This gets a little tricky... */
public static function getPolicyFromRequest($strName, $objUser)
{
/* Create the object that'll be able to read the request. */
$objPolicy = new clsDB($strName);
/* Load the fields from the request. */
$objPolicy->getFromRequest(array('id', 'allow_post_picture', 'allow_post_comment', 'allow_rate', 'allow_view', 'allow_delete_picture', 'allow_create_subalbum'));
/* Set the name so we can access the database. */
$objPolicy->setName('albumpolicy');
/* Load it (to get the user_id). */
$objPolicy->load();
/* Check the user_id to see if we have any issues. */
if (!$objUser->get('is_admin') && $objPolicy->get('user_id') != $objUser->get('id')) {
throw new Exception('exception_accessdenied');
}
/* Set the name back so we can read the request again. */
$objPolicy->setName($strName);
/* Read the user's input from the request. */
$objPolicy->getFromRequest(array('id', 'allow_post_picture', 'allow_post_comment', 'allow_rate', 'allow_view', 'allow_delete_picture', 'allow_create_subalbum'));
/* Set the name back to what it ought to be (so we can save it). */
$objPolicy->setName('albumpolicy');
/* And that it! */
return $objPolicy;
}
$objNewsUser = $objNews->getForeignObject('user');
$objAlbum = $objNews->getForeignObject('album');
$objNewsTemplate->setText('ID', $objNews->get('id'));
$objNewsTemplate->setText('USERID', $objNewsUser->get('id'));
$objNewsTemplate->setText('USERNAME', $objNewsUser->get('username'));
$objNewsTemplate->setText('DATE', date('Y-m-d', strtotime($objNews->get('date'))));
$objNewsTemplate->setText('TITLE', $objNews->get('title'));
$objNewsTemplate->setText('TEXT', bbcode_format($objNews->get('text')));
echo $objNewsTemplate->get();
}
} else {
if (!$objUser || $objUser->get('is_admin') != 1) {
throw new Exception("exception_accessdenied");
}
$objNews = new clsDB('news');
$objNews->getFromRequest(array('id', 'title', 'text'));
if ($strSubAction == 'edit') {
$objNews->load();
echo "<form action='index.php' method='post'>";
echo "<input type='hidden' name='subaction' value='save'>";
echo $objNews->getHiddenField('id');
echo "Title:<br>";
echo $objNews->getTextField('title', new clsParameters('size', 40)) . "<br><br>";
echo "Post:<br>";
echo $objNews->getTextArea('text', 4, 45) . "<br><br>";
echo $objNews->getSubmit('Post');
} else {
if ($strSubAction == 'save') {
if ($objNews->isNew()) {
$objNews->set('user_id', $objUser->get('id'));
$objNews->set('date', date('Y-m-d H:i:s'));
$objPicture->save();
print "<img src='" . clsThumbnail::getUrl($objPicture, 70, 70) . "'> ";
if (++$i % 6 == 0) {
print "<br>";
}
}
print "<br><br>";
}
}
}
}
}
}
if ($strSubAction == 'settings_save') {
$objSetting = new clsDB('setting');
$objSetting->getFromRequest(array('id', 'value'));
$objSetting->save();
$strSubAction = 'settings';
}
if ($strSubAction == 'settings') {
$arrSettings = clsDB::getListStatic('setting');
print "<table>";
print "<tr>";
print "<td>Name</td><td>Value</td><td>Comments</td><td>Save</td>";
print "</tr>";
foreach ($arrSettings as $objSetting) {
print "<form action='index.php' method='get'>";
print $objSetting->getHiddenField('id');
print "<input type='hidden' name='action' value='admin'>";
print "<input type='hidden' name='subaction' value='settings_save'>";
print "<tr>";