示例#1
0
/**
 * Login a user. Originally in login.php
 * @author FrozenMinds.com and Bruce Clement (http://www.clement.co.nz)
 *
 * @param string user code
 * @param string user's password
 * @return boolean logon succeeded
 */
function login($user, $password, $admin_only = false)
{
    global $db, $tables;
    $sql = "SELECT `ID`, `NAME`, `ADMIN` FROM `{$tables['user']['name']}` WHERE `LOGIN` = " . $db->qstr($user) . " AND `PASSWORD` = " . $db->qstr(encrypt_password($password));
    $row = $db->GetRow($sql);
    if (empty($row['ID'])) {
        return false;
    }
    // get permissions for this editor
    if ($row['ADMIN'] != 1) {
        if ($admin_only) {
            return false;
        }
        $user_permission = "";
        $user_grant_permission = "";
        $user_permission_array = array();
        $user_grant_permission_array = array();
        get_editor_permission($row['ID']);
        $_SESSION['user_permission'] = $user_permission;
        $_SESSION['user_grant_permission'] = $user_grant_permission;
        $_SESSION['user_permission_array'] = $user_permission_array;
        $_SESSION['user_grant_permission_array'] = $user_grant_permission_array;
    }
    if ($row['ADMIN'] || count($user_permission_array) > 0) {
        $_SESSION['user_id'] = $row['ID'];
        $_SESSION['is_admin'] = $row['ADMIN'] == 1 ? 1 : 0;
        return true;
    }
    return false;
}
 if (SmartyValidate::is_valid($data, 'dir_categs_edit')) {
     if ($action == 'N') {
         $data['DATE_ADDED'] = gmdate('Y-m-d H:i:s');
     }
     if (empty($id)) {
         $id = $db->GenID($tables['category']['name'] . '_SEQ');
     }
     $data['ID'] = $id;
     if ($db->Replace($tables['category']['name'], $data, 'ID', true) > 0) {
         // Refresh editor permissions
         if (!$_SESSION['is_admin']) {
             $user_permission = "";
             $user_grant_permission = "";
             $user_permission_array = array();
             $user_grant_permission_array = array();
             get_editor_permission($_SESSION['user_id']);
             $_SESSION['user_permission'] = $user_permission;
             $_SESSION['user_grant_permission'] = $user_grant_permission;
             $_SESSION['user_permission_array'] = $user_permission_array;
             $_SESSION['user_grant_permission_array'] = $user_grant_permission_array;
         }
         $tpl->assign('posted', true);
         if ($action == 'N') {
             $oldStatus = $data['STATUS'];
             $data = array();
             $data['STATUS'] = $oldStatus;
             unset($oldStatus);
         } else {
             if (isset($_SESSION['return'])) {
                 @header('Location: ' . $_SESSION['return']);
                 @exit;