[Linpha-cvs] SF.net SVN: linpha: [4489] trunk/linpha2
Status: Inactive
Brought to you by:
bzrudi
Menu
▾
▴
[Linpha-cvs] SF.net SVN: linpha: [4489] trunk/linpha2
|
From: <fan...@us...> - 2006-04-08 15:41:56
|
Revision: 4489 Author: fangehrn Date: 2006-04-08 08:41:24 -0700 (Sat, 08 Apr 2006) ViewCVS: http://svn.sourceforge.net/linpha/?rev=4489&view=rev Log Message: ----------- * finished permission and user/group system * finished permissions: - image view - metadata comments - metadata edit - admin section Modified Paths: -------------- trunk/linpha2/ChangeLog trunk/linpha2/admin/home.php trunk/linpha2/admin/import.php trunk/linpha2/admin/index.php trunk/linpha2/admin/permissions_groups.php trunk/linpha2/admin/permissions_read.php trunk/linpha2/admin/permissions_usergroup.php trunk/linpha2/admin/permissions_users.php trunk/linpha2/get_thumb.php trunk/linpha2/install/sql/sql.data.php trunk/linpha2/install/step10_postsettings.php trunk/linpha2/install/step11_finish.php trunk/linpha2/install/step1_license.php trunk/linpha2/lib/classes/linpha.imgview.class.php trunk/linpha2/lib/classes/linpha.sql.class.php trunk/linpha2/lib/modules/module.albums.php trunk/linpha2/lib/modules/module.browse.php trunk/linpha2/lib/plugins/watermark/func.watermark.php trunk/linpha2/templates/default/css/home.css trunk/linpha2/templates/default/global.html.php trunk/linpha2/templates/default/view_img.html.php trunk/linpha2/templates/default/view_meta.html.php Added Paths: ----------- trunk/linpha2/admin/permissions_others.php Modified: trunk/linpha2/ChangeLog =================================================================== --- trunk/linpha2/ChangeLog 2006-04-08 13:35:57 UTC (rev 4488) +++ trunk/linpha2/ChangeLog 2006-04-08 15:41:24 UTC (rev 4489) @@ -1,3 +1,12 @@ +2006-04-08 flo + * remove PHP NOTICE in phpmeta/IPTC.php + * finished permission and user/group system + * finished permissions: + - image view + - metadata comments + - metadata edit + - admin section + 2006-04-07 flo * implemented admin section for user, groups and group memberships Modified: trunk/linpha2/admin/home.php =================================================================== --- trunk/linpha2/admin/home.php 2006-04-08 13:35:57 UTC (rev 4488) +++ trunk/linpha2/admin/home.php 2006-04-08 15:41:24 UTC (rev 4489) @@ -0,0 +1,4 @@ +<?php +if(!defined('LINPHA_DIR')) { exit(1); } + +?> \ No newline at end of file Modified: trunk/linpha2/admin/import.php =================================================================== --- trunk/linpha2/admin/import.php 2006-04-08 13:35:57 UTC (rev 4488) +++ trunk/linpha2/admin/import.php 2006-04-08 15:41:24 UTC (rev 4489) @@ -9,7 +9,7 @@ if($linpha->sql->config->value['sys_import_autoimport']) { - linImport::updateDir( $parent_id = 0, $recursive = true ); + LinImport::updateDir( $parent_id = 0, $recursive = true ); } /** @@ -19,19 +19,12 @@ /** * first, only for images */ - $query = $GLOBALS['linpha']->db->Execute("SELECT id, img_type FROM ".PREFIX."photos WHERE img_type <> 0"); + $query = $GLOBALS['linpha']->db->Execute("SELECT id, img_type FROM ".PREFIX."photos WHERE img_type <> 0 AND img_type <> 9999999"); while($data = $query->FetchRow()) { - linImage::createThumbnail($data['id'],$data['img_type'],$force=false); + LinImage::createThumbnail($data['id'],$data['img_type'],$force=false); } - if( isset($GLOBALS['linpha']->template->output['sys_log']) ) - { - echo 'Linpha Syslog:<br />'; - echo $GLOBALS['linpha']->template->output['sys_log']; - } - - /** * @todo should we create the folder thumbnails here? * they will be automatically created on each visit @@ -40,10 +33,4 @@ */ -linImport::printfiles( 1 ); - -//$rs = $linpha->db->Execute("SELECT * FROM ".PREFIX."photos"); -//rs2html($rs,'',array('id','parent_id','img_type','name')); - - ?> \ No newline at end of file Modified: trunk/linpha2/admin/index.php =================================================================== --- trunk/linpha2/admin/index.php 2006-04-08 13:35:57 UTC (rev 4488) +++ trunk/linpha2/admin/index.php 2006-04-08 15:41:24 UTC (rev 4489) @@ -9,6 +9,11 @@ $linpha = new linpha(); $linpha->sql->startSession(); + if(!$linpha->sql->isAdmin()) + { + echo i18n("Only Admin Has Access To This Area"); + exit(1); + } /** * @todo admin permission check */ @@ -39,9 +44,11 @@ } } ?> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> -<link rel='stylesheet' href='admin.css' type='text/css'> +<link rel='stylesheet' href='<?php echo LINPHA_DIR.'/admin/admin.css'; ?>' type='text/css'> +<link rel='stylesheet' href='<?php echo LINPHA_DIR.'/templates/'.$GLOBALS['linpha']->template->template_name.'/css/syslog.css'; ?>' type='text/css'> </head> <body> @@ -73,6 +80,19 @@ } ?> + +<?php if( isset($GLOBALS['linpha']->template->output['sys_log']) ) { ?> + <!-- syslog --> + <div id="sys_log"> + <div id="sys_log_close"><a href="javascript:toggleWindow()">X</a></div> + <div id="sys_log_text"> + <?php echo i18n("Linpha Syslog"); ?>:<br /> + <?php echo $GLOBALS['linpha']->template->output['sys_log']; ?> + </div> + </div> + <script type="text/javascript" language="javascript" src="<?php echo LINPHA_DIR; ?>/lib/classes/syslog.js"> </script> +<?php } ?> + </body> </html> @@ -87,17 +107,17 @@ { if($value['link']=='linpha_home') { - echo '<li><a href="../">'.$value['name'].'</a></li>'; + echo '<li><a href="../">'.i18n($value['name']).'</a></li>'; } else { if($active==$key) { - echo '<li class="active"><a href="./?cat='.$value['link'].'" class="current">'.$value['name'].'</a></li>'; + echo '<li class="active"><a href="./?cat='.$value['link'].'" class="current">'.i18n($value['name']).'</a></li>'; } else { - echo '<li><a href="./?cat='.$value['link'].'">'.$value['name'].'</a></li>'; + echo '<li><a href="./?cat='.$value['link'].'">'.i18n($value['name']).'</a></li>'; } } } Modified: trunk/linpha2/admin/permissions_groups.php =================================================================== --- trunk/linpha2/admin/permissions_groups.php 2006-04-08 13:35:57 UTC (rev 4488) +++ trunk/linpha2/admin/permissions_groups.php 2006-04-08 15:41:24 UTC (rev 4489) @@ -9,21 +9,62 @@ /** * @todo use something like htmlspecialchars() ? */ - switch($_POST['cmd']) + + /** + * prevent changes on admin group + */ + switch($_POST['cmd']) + { + case 'ren_group': + case 'del_group': + $data = $GLOBALS['linpha']->db->GetRow("SELECT id FROM ".PREFIX."groups WHERE group_name = 'admin'"); + $admingroup_id = $data['id']; + if($_POST['id'] == $admingroup_id) + { + linSysLog(i18n("Error").' trying to edit admin, something went wrong!'); + $error = 1; + } + break; + } + + /** + * check if group already exists + */ + switch($_POST['cmd']) + { + case 'ren_group': + case 'new_group': + $data = $GLOBALS['linpha']->db->GetRow("SELECT id FROM ".PREFIX."groups " . + "WHERE group_name = '".LinSql::linAddslashes($_POST['group_name'])."'"); + if(isset($data['id'])) + { + linSysLog(i18n("Error: Group Already Exists")); + $error = 2; + } + break; + } + + if(!isset($error)) { - case 'ren_group': - $GLOBALS['linpha']->db->Execute("UPDATE ".PREFIX."groups " . - "SET group_name='".LinSql::linAddslashes($_POST['group_name'])."' " . - "WHERE id='".LinSql::linAddslashes($_POST['id'])."'"); - break; - case 'del_group': - $GLOBALS['linpha']->db->Execute("DELETE FROM ".PREFIX."groups ". - "WHERE id='".LinSql::linAddslashes($_POST['id'])."'"); - break; - case 'new_group': - $GLOBALS['linpha']->db->Execute("INSERT INTO ".PREFIX."groups (group_name) ". - "VALUES ('".LinSql::linAddslashes($_POST['new_group_name'])."')"); - break; + switch($_POST['cmd']) + { + case 'ren_group': + $GLOBALS['linpha']->db->Execute("UPDATE ".PREFIX."groups " . + "SET group_name='".LinSql::linAddslashes($_POST['group_name'])."' " . + "WHERE id='".LinSql::linAddslashes($_POST['id'])."'"); + linSysLog("Group Renamed"); + break; + case 'del_group': + $GLOBALS['linpha']->db->Execute("DELETE FROM ".PREFIX."groups ". + "WHERE id='".LinSql::linAddslashes($_POST['id'])."'"); + linSysLog("Group Deleted"); + break; + case 'new_group': + $GLOBALS['linpha']->db->Execute("INSERT INTO ".PREFIX."groups (group_name) ". + "VALUES ('".LinSql::linAddslashes($_POST['group_name'])."')"); + linSysLog("Group Created"); + break; + } } } ?> @@ -38,24 +79,26 @@ { ?> <tr> - <form name="mod_group" method="POST" action="<?php echo LINPHA_DIR.'/admin/?cat=permissions_groups'; ?>"> + <form method="POST" action="<?php echo LINPHA_DIR.'/admin/?cat=permissions_groups'; ?>"> <td> <input style="width: 200;" type="text" name="group_name" value="<?php echo $data['group_name']; ?>" maxsize="255"> </td> <td> + <?php if($data['group_name'] != 'admin') { ?> <input type="hidden" name="id" value="<?php echo $data['id']; ?>"> <input type="hidden" name="cmd" value="ren_group"> <input type="submit" value="<?php echo i18n("Rename Group"); ?>" style="float: left;"> </form> - <form name="del_group" method="POST" action="<?php echo LINPHA_DIR.'/admin/?cat=permissions_groups'; ?>"> + <form method="POST" action="<?php echo LINPHA_DIR.'/admin/?cat=permissions_groups'; ?>"> <input type="submit" value="<?php echo i18n("Delete Group"); ?>" style="float: left;"> <input type="hidden" name="cmd" value="del_group"> <input type="hidden" name="id" value="<?php echo $data['id']; ?>"> + <?php } ?> </form> - <form name="edit_members" method="POST" action="<?php echo LINPHA_DIR.'/admin/?cat=permissions_usergroup?groupid='.$data['id']; ?>"> + <form method="POST" action="<?php echo LINPHA_DIR.'/admin/?cat=permissions_usergroup&edit=group&id='.$data['id']; ?>"> <input type="submit" value="<?php echo i18n("Edit Group Members"); ?>" style="float: left;"> </form> </td> @@ -64,8 +107,8 @@ } ?> <tr> - <form name="new_user" method="POST" action="<?php echo LINPHA_DIR.'/admin/?cat=permissions_groups'; ?>"> - <td><input style="width: 200;" type="text" name="new_group_name" maxsize="255"></td> + <form method="POST" action="<?php echo LINPHA_DIR.'/admin/?cat=permissions_groups'; ?>"> + <td><input style="width: 200;" type="text" name="group_name" maxsize="255"></td> <td> <input type="hidden" name="cmd" value="new_group"> <input type="submit" value="<?php echo i18n("Create Group"); ?>"> Added: trunk/linpha2/admin/permissions_others.php =================================================================== --- trunk/linpha2/admin/permissions_others.php (rev 0) +++ trunk/linpha2/admin/permissions_others.php 2006-04-08 15:41:24 UTC (rev 4489) @@ -0,0 +1,150 @@ +<?php +if(!defined('LINPHA_DIR')) { exit(1); } + +if(!isset($cat3)) +{ + $cat3 = ''; +} + +switch($cat2) +{ +case 'basket': + $array_menu = array( + 'print' => Array('name' => "Print", 'link' => 'permissions_basket_print'), + 'mail' => Array('name' => "Mail", 'link' => 'permissions_basket_mail'), + 'download' => Array('name' => "Download", 'link' => 'permissions_basket_download'), + ); + break; +case 'metadata': + $array_menu = array( + 'comments' => Array('name' => "Write Comments", 'link' => 'permissions_metadata_comments'), + 'deletecomments' => Array('name' => "Delete Comments", 'link' => 'permissions_metadata_deletecomments'), + 'edit' => Array('name' => "Edit Image Informations", 'link' => 'permissions_metadata_edit'), + ); + break; +case 'others': + $array_menu = array( + 'watermark' => Array('name' => "Watermark", 'link' => 'permissions_others_watermark'), + 'stats' => Array('name' => "Statistics", 'link' => 'permissions_others_stats'), + 'download' => Array('name' => "Download", 'link' => 'permissions_others_download'), + ); + break; +} + +print_admin_menu($array_menu,$cat3); + +if(!empty($cat3)) +{ + if($cat2 == 'basket' OR $cat2 == 'metadata') + { + $key = $cat2.'_'.$cat3; + } + elseif($cat2 == 'others') + { + $key = $cat3; + } + + /** + * save data + */ + if(isset($_POST['cmd']) && $_POST['cmd'] == 'edit') + { + if($_POST['allowall'] == 'allowall') + { + $GLOBALS['linpha']->db->Execute("UPDATE ".PREFIX."permissions " . + "SET permission = ';public;' " . + "WHERE perm_type = '".LinSql::linAddslashes($key)."'"); + } + else + { + if(!isset($_POST['groups'])) + { + $str = ''; + } + else + { + $str = ';'.implode(';',$_POST['groups']).';'; + } + + $GLOBALS['linpha']->db->Execute("UPDATE ".PREFIX."permissions " . + "SET permission = '".LinSql::linAddslashes($str)."' " . + "WHERE perm_type = '".LinSql::linAddslashes($key)."'"); + } + } + + + echo '<b>'.i18n("Edit").': '.i18n($array_menu[$cat3]['name']).'</b><br />'; + + $data = $GLOBALS['linpha']->db->GetRow("SELECT permission FROM ".PREFIX."permissions " . + "WHERE perm_type = '".LinSql::linAddslashes($key)."'"); + $array_permissions = explodeAndSlice(';',$data['permission']); + + if(in_array('public',$array_permissions)) + { + $allowall_checked = ' checked="checked"'; + $allowgroups_checked = ''; + } + else + { + $allowall_checked = ''; + $allowgroups_checked = ' checked="checked"'; + } +?> + <form method="POST" action="<?php echo LINPHA_DIR.'/admin/?cat=permissions_'.$cat2.'_'.$cat3; ?>"> + <br /> + <input type="radio" id="allowall" name="allowall" value="allowall"<?php echo $allowall_checked; ?>onClick="update_forms()" /> + <label for="allowall"><?php echo i18n("Allow All"); ?></label> + <br /><br /> + <input type="radio" id="allowgroups" name="allowall" value="allowgroups"<?php echo $allowgroups_checked; ?>onClick="update_forms()" /> + <label for="allowgroups"><?php echo i18n("Allow Only This Groups:"); ?></label> + <br /> + + <select id="selectgroups" name="groups[]" size="5" style="width: 200;" multiple="multiple"> + <?php + $query = $GLOBALS['linpha']->db->Execute("SELECT id, group_name FROM ".PREFIX."groups ORDER by group_name"); + while($data = $query->FetchRow()) + { + if(in_array($data['id'],$array_permissions)) + { + $checked = ' selected="selected"'; + } + else + { + $checked = ''; + } + + echo '<option value="'.$data['id'].'"'.$checked.'>'.$data['group_name'].'</option>'; + } + ?> + <input type="hidden" name="cmd" value="edit" /> + <br /> + <input type="submit" name="submit" value="<?php echo i18n("Submit"); ?>" /> + </select> + </form> + + <script language="JavaScript" type="text/javascript"> + + function update_forms() + { + var allowall = document.getElementById('allowall'); + var allowgroups = document.getElementById('allowgroups'); + var selectgroups = document.getElementById('selectgroups'); + + if(allowall.checked) + { + selectgroups.disabled = true; + selectgroups.selectedIndex = -1; + } + + if(allowgroups.checked) + { + selectgroups.disabled = false; + } + } + update_forms(); + + </script> + +<?php +} +?> \ No newline at end of file Modified: trunk/linpha2/admin/permissions_read.php =================================================================== --- trunk/linpha2/admin/permissions_read.php 2006-04-08 13:35:57 UTC (rev 4488) +++ trunk/linpha2/admin/permissions_read.php 2006-04-08 15:41:24 UTC (rev 4489) @@ -87,7 +87,8 @@ /** * get groups */ - $query = $GLOBALS['linpha']->db->Execute("SELECT id, group_name FROM ".PREFIX."groups"); + $array_groups = Array(); + $query = $GLOBALS['linpha']->db->Execute("SELECT id, group_name FROM ".PREFIX."groups WHERE group_name <> 'admin'"); while($data = $query->FetchRow()) { $array_groups[$data[0]] = $data[1]; @@ -206,10 +207,11 @@ list($i, $perm) = $GLOBALS['linpha']->sql->getPerm( $data['id'] ); /** - * exclude files with inherited permissions - * (-> show only files which have permission explicitly set) + * exclude files */ - if($data['img_type'] == 0 || $GLOBALS['view_mode']=='files' || ( $data['img_type'] != 0 && $i == 0 ) ) + if($data['img_type'] == 0 // show folders + || $GLOBALS['view_mode']=='files' // show files if we not on top + || ( $data['img_type'] != 0 && $i == 0 ) ) // show files which have permissions explicitly set (not inherited) { echo '<tr><td>'; echo str_repeat(' >',$stage).' '; Modified: trunk/linpha2/admin/permissions_usergroup.php =================================================================== --- trunk/linpha2/admin/permissions_usergroup.php 2006-04-08 13:35:57 UTC (rev 4488) +++ trunk/linpha2/admin/permissions_usergroup.php 2006-04-08 15:41:24 UTC (rev 4489) @@ -23,9 +23,7 @@ echo '<a href="'.LINPHA_DIR.'/admin/?cat=permissions_usergroup&edit=user&id='.$data['id'].'">'.$data['username'].'</a><br />'; } ?> -<br /><br /> -<hr /> -<br /><br /> +<br /><hr /><br /> <?php /** * edit group members @@ -89,13 +87,22 @@ * get informations */ $data = $GLOBALS['linpha']->db->GetRow("SELECT ".$select_name." FROM ".PREFIX.$table_name." WHERE id = '".LinSql::linAddslashes($_GET['id'])."'"); - echo '<b>'.i18n("Edit").': '.$data[$select_name].'</b><br />'; + echo '<b>'; + if($_GET['edit']=='user') + { + echo i18n("Edit Memberships Of User:"); + } + else + { + echo i18n("Edit Members Of Group:"); + } + echo ' '.$data[$select_name].'</b><br />'; /** * get all groups/users */ ?> - <form method="POST" action="<?php echo LINPHA_DIR.'/admin/?cat=permissions_usergroup&edit=user&id='.$_GET['id']; ?>"> + <form method="POST" action="<?php echo LINPHA_DIR.'/admin/?cat=permissions_usergroup&edit='.$_GET['edit'].'&id='.$_GET['id']; ?>"> <select name="usergroup[]" size="5" style="width: 200;" multiple="multiple"> <?php $query = $GLOBALS['linpha']->db->Execute("SELECT id, ".$other_select_name." FROM ".PREFIX.$other_table_name." ORDER by ".$other_select_name); Modified: trunk/linpha2/admin/permissions_users.php =================================================================== --- trunk/linpha2/admin/permissions_users.php 2006-04-08 13:35:57 UTC (rev 4488) +++ trunk/linpha2/admin/permissions_users.php 2006-04-08 15:41:24 UTC (rev 4489) @@ -3,6 +3,10 @@ /** * save data + * @todo create new user: check if name does not already exists + * @todo rename user: check if name does not already exists + * -> will not be easy + * @todo check if username and password not empty */ if(isset($_POST['cmd'])) { @@ -43,8 +47,8 @@ /** * does not work, because headers are already sent * - if(isset($_COOKIE["linpha_userid"]) && - isset($_COOKIE["linpha_password"]) && + if(isset($_COOKIE['linpha_userid']) && + isset($_COOKIE['linpha_password']) && isset($md5_pass)) { $GLOBALS['linpha']->sql->setLinphaCookie($_POST['id'], $md5_pass); @@ -111,7 +115,7 @@ <input type="submit" value="<?php echo i18n("Modify User"); ?>" style="float: left;"> </form> - <form name="edit_groups" method="POST" action="<?php echo LINPHA_DIR.'/admin/?cat=permissions_usergroup&userid='.$data['id']; ?>"> + <form name="edit_groups" method="POST" action="<?php echo LINPHA_DIR.'/admin/?cat=permissions_usergroup&edit=user&id='.$data['id']; ?>"> <input type="submit" name="edit_groups" value="<?php echo i18n("Edit Groups"); ?>" style="float: left;"> </form> Modified: trunk/linpha2/get_thumb.php =================================================================== --- trunk/linpha2/get_thumb.php 2006-04-08 13:35:57 UTC (rev 4488) +++ trunk/linpha2/get_thumb.php 2006-04-08 15:41:24 UTC (rev 4489) @@ -26,9 +26,8 @@ if(!defined('LINPHA_DIR')) { define('LINPHA_DIR','.'); } include_once(LINPHA_DIR.'/lib/classes/linpha.class.php'); - $linpha = new linpha(); -$linpha->sql->dbConnect(); +$linpha->sql->startSession(); /** * check for valid id @@ -39,7 +38,7 @@ { throw new Exception("no id supplied!"); } - $query = $GLOBALS['linpha']->db->Execute("SELECT id, img_type FROM ".PREFIX."photos WHERE id = '".linSql::linAddslashes( $_GET['id'] )."'"); + $query = $GLOBALS['linpha']->db->Execute("SELECT id, img_type FROM ".PREFIX."photos WHERE id = '".LinSql::linAddslashes( $_GET['id'] )."'"); if($query->RecordCount() != 1) { @@ -48,7 +47,7 @@ $data = $query->FetchRow(ADODB_FETCH_ASSOC); - if( ! $GLOBALS['linpha']->sql->photoIsAllowed( $data['id'] ) ) + if( ! LinSql::photoIsAllowed( $data['id'] ) ) { throw new Exception("not permitted!"); } Modified: trunk/linpha2/install/sql/sql.data.php =================================================================== --- trunk/linpha2/install/sql/sql.data.php 2006-04-08 13:35:57 UTC (rev 4488) +++ trunk/linpha2/install/sql/sql.data.php 2006-04-08 15:41:24 UTC (rev 4489) @@ -40,6 +40,7 @@ 'sys_path_cache_dir' => $_SESSION['cache_dir'], 'sys_path_tmp_dir' => $_SESSION['tmp_dir'], 'sys_style_img_quality' => '75', + 'sys_style_nrrandomimages' => '4', 'sys_style_template' => 'default', 'sys_style_tn_size' => '150', 'sys_user_autologin' => '1' @@ -57,8 +58,7 @@ /** * groups */ -$sql_queries[] = "INSERT INTO ".PREFIX."groups (group_name) VALUES ('group1')"; -$sql_queries[] = "INSERT INTO ".PREFIX."groups (group_name) VALUES ('group2')"; +$sql_queries[] = "INSERT INTO ".PREFIX."groups (group_name) VALUES ('admin')"; /** * permissions @@ -66,6 +66,25 @@ $sql_queries[] = "INSERT INTO ".PREFIX."permissions (photos_id, perm_type, permission) " . "VALUES (0, 'read', ';public;')"; +$sql_queries[] = "INSERT INTO ".PREFIX."permissions (perm_type, permission) " . + "VALUES ('basket_print', '')"; +$sql_queries[] = "INSERT INTO ".PREFIX."permissions (perm_type, permission) " . + "VALUES ('basket_mail', '')"; +$sql_queries[] = "INSERT INTO ".PREFIX."permissions (perm_type, permission) " . + "VALUES ('basket_download', '')"; +$sql_queries[] = "INSERT INTO ".PREFIX."permissions (perm_type, permission) " . + "VALUES ('metadata_comments', ';public;')"; +$sql_queries[] = "INSERT INTO ".PREFIX."permissions (perm_type, permission) " . + "VALUES ('metadata_deletecomments', '')"; +$sql_queries[] = "INSERT INTO ".PREFIX."permissions (perm_type, permission) " . + "VALUES ('metadata_edit', '')"; +$sql_queries[] = "INSERT INTO ".PREFIX."permissions (perm_type, permission) " . + "VALUES ('watermark', '')"; +$sql_queries[] = "INSERT INTO ".PREFIX."permissions (perm_type, permission) " . + "VALUES ('stats', '')"; +$sql_queries[] = "INSERT INTO ".PREFIX."permissions (perm_type, permission) " . + "VALUES ('download', '')"; + /** * metadata */ Modified: trunk/linpha2/install/step10_postsettings.php =================================================================== --- trunk/linpha2/install/step10_postsettings.php 2006-04-08 13:35:57 UTC (rev 4488) +++ trunk/linpha2/install/step10_postsettings.php 2006-04-08 15:41:24 UTC (rev 4489) @@ -54,7 +54,7 @@ echo success_msg(); /** - * add new linpha user + * add new linpha admin user */ echo "<br /><br />"; echo "<h2>".tr("Setup Linpha Admin User").".</h2>"; Modified: trunk/linpha2/install/step11_finish.php =================================================================== --- trunk/linpha2/install/step11_finish.php 2006-04-08 13:35:57 UTC (rev 4488) +++ trunk/linpha2/install/step11_finish.php 2006-04-08 15:41:24 UTC (rev 4489) @@ -59,11 +59,18 @@ "'".LinSql::linAddslashes($_POST['admin_name'])."', " . "'".md5($_POST['admin_pass'])."', " . "'".LinSql::linAddslashes($_POST['admin_email'])."')"); - if(!$result) { echo failed_msg(); } else { + $userid = $GLOBALS['linpha']->db->Insert_ID(); + + /** + * adding user to group 'admin' + */ + $data = $GLOBALS['linpha']->db->GetRow("SELECT id FROM ".PREFIX."groups WHERE group_name = 'admin'"); + $GLOBALS['linpha']->db->Execute("INSERT into ".PREFIX."user_group (user_id, group_id) VALUES ('".$userid."','".$data['id']."')"); + echo success_msg(); } @@ -74,7 +81,7 @@ if( isset( $_POST['sys_style_tn_size'] ) ) { $result = $linpha->db->Execute("UPDATE ".PREFIX."config " . - "SET option_value = '".$linpha->sql->linAddslashes($_POST['sys_style_tn_size'])."' " . + "SET option_value = '".LinSql::linAddslashes($_POST['sys_style_tn_size'])."' " . "WHERE option_name = 'sys_style_tn_size'"); if(!$result) { Modified: trunk/linpha2/install/step1_license.php =================================================================== --- trunk/linpha2/install/step1_license.php 2006-04-08 13:35:57 UTC (rev 4488) +++ trunk/linpha2/install/step1_license.php 2006-04-08 15:41:24 UTC (rev 4489) @@ -32,8 +32,9 @@ <br /> <input type="hidden" name="language" value="<?php echo isset($_POST['language']) ? $_POST['language'] : ''; ?>"> <input type="checkbox" id="check01" onChange="checkForm()"> -<?php echo tr("Please Accept The GNU General Public License")."<br />"; - +<label for="check01"><?php echo tr("Please Accept The GNU General Public License"); ?></label> +<br /> +<?php $array_check = array('check01' => 'checkbox'); $do_javascript_disable_button = true; include_once(LINPHA_DIR.'/install/footer.php'); Modified: trunk/linpha2/lib/classes/linpha.imgview.class.php =================================================================== --- trunk/linpha2/lib/classes/linpha.imgview.class.php 2006-04-08 13:35:57 UTC (rev 4488) +++ trunk/linpha2/lib/classes/linpha.imgview.class.php 2006-04-08 15:41:24 UTC (rev 4489) @@ -31,7 +31,6 @@ */ $show_subfolders_separate = 0; $nr_prev_next_thumbs = 3; -$nr_random_images = 4; $array_tn_sizes = Array(50,75,100,150,200,250,300,400,500); $def_tn_size = 150; $array_nr_images = Array('auto',10,25,50,100,200,'all'); @@ -219,13 +218,15 @@ { if( ! ($this->mode == 'image' && $value['img_type']==0 ) ) // exclude subfolders from img_view { - if( $GLOBALS['linpha']->sql->photoIsAllowed( $value['id'] ) ) + if( LinSql::photoIsAllowed( $value['id'] ) ) { $this->photos_filtered[] = $value; } } } } + + unset($this->photos); } @@ -236,43 +237,41 @@ { /** - * all modes (thumb, image and home) + * Menu Admin */ - $GLOBALS['linpha']->template->output['menu_Admin'] = Array( - 'import' => Array( - 'name' => i18n("Import"), - 'value' => Array( - Array('name' => i18n("Detect File Changes"), 'value' => $GLOBALS['linpha']->template->URL_full.'&force_update') - ) - ) - ); - - /** - * thumb and image, except home - */ - switch($this->mode) - { - case 'thumb': - case 'image': - /** - * append to "admin - import" entry - */ - $GLOBALS['linpha']->template->output['menu_Admin']['import']['value'][] = Array( - 'name' => i18n("Recreate This Thumbnail"), - 'value' => $GLOBALS['linpha']->template->URL_full.'&admin_cmd=recreate' - ); + if($GLOBALS['linpha']->sql->isAdmin()) + { + $GLOBALS['linpha']->template->output['menu_Admin']['import'] = + Array( + 'name' => i18n("Import"), + 'value' => Array( + Array('name' => i18n("Detect File Changes"), 'value' => $GLOBALS['linpha']->template->URL_full.'&force_update') + ) + ); $GLOBALS['linpha']->template->output['menu_Admin']['permissions'] = Array( 'name' => i18n("Permissions"), 'value' => Array( - Array('name' => i18n("Set Permissions"), 'value' => LINPHA_DIR.'/admin/?cat=permissions&cmd=edit&id='.$this->id_current) + Array('name' => i18n("Set Permissions"), 'value' => LINPHA_DIR.'/admin/?cat=permissions_view&cmd=edit&id='.$this->id_current) ) ); - } + + + if($this->mode == 'thumb' OR $this->mode == 'image') + { + /** + * append to "admin - import" entry + */ + $GLOBALS['linpha']->template->output['menu_Admin']['import']['value'][] = Array( + 'name' => i18n("Recreate This Thumbnail"), + 'value' => $GLOBALS['linpha']->template->URL_full.'&admin_cmd=recreate' + ); + } + } /** - * thumb and image mode separate, without home mode + * Menu More */ if($this->mode != 'home') { @@ -303,7 +302,7 @@ $array_views_links[] = Array('name' => i18n('Detail'), 'value' => $GLOBALS['linpha']->template->URL_full.'&view=thumbdetail'); - $GLOBALS['linpha']->template->output['menu_More'] = Array( + $GLOBALS['linpha']->template->output['menu_More']['basket'] = Array( 'name' => i18n("Basket"), 'value' => Array( @@ -311,8 +310,10 @@ Array('name' => i18n("Switch To Basket View"), 'value' => $GLOBALS['linpha']->template->URL_full.'&view=basket'), Array('name' => i18n("Open Basket"), 'value' => $open_basket_link), Array('name' => i18n("Images In Basket").': '.count($_SESSION['basket_ids']), 'value' => '#') - ) - ), + ) + ); + + $GLOBALS['linpha']->template->output['menu_More']['view'] = Array( 'name' => i18n("View"), 'value' => Array( @@ -320,16 +321,20 @@ Array('name' => i18n("View"), 'value' => $array_views_links), Array('name' => i18n("Thumb Size"), 'value' => $array_tn_sizes_links), Array('name' => i18n("Thumb Nr"), 'value' => $array_nr_links) - ) - ), - Array( - 'name' => i18n("Metainfo"), - 'value' => Array( - Array('name' => i18n("Edit Album Comment"), 'value' => $GLOBALS['linpha']->template->URL_full.'&view=albcomment'), - Array('name' => i18n("Edit Album Information"), 'value' => $GLOBALS['linpha']->template->URL_full.'&view=meta') - ) - ) - ); + ) + ); + + if($GLOBALS['linpha']->sql->checkPermission('metadata_edit')) + { + $GLOBALS['linpha']->template->output['menu_More']['metainfo'] = + Array( + 'name' => i18n("Metainfo"), + 'value' => Array( + Array('name' => i18n("Edit Album Comment"), 'value' => $GLOBALS['linpha']->template->URL_full.'&view=albcomment'), + Array('name' => i18n("Edit Album Information"), 'value' => $GLOBALS['linpha']->template->URL_full.'&view=meta') + ) + ); + } break; case 'image': @@ -723,13 +728,28 @@ $str_random = 'random()'; break; } + + $nr_random_images = $GLOBALS['linpha']->sql->config->value['sys_style_nrrandomimages']; + $GLOBALS['linpha']->template->output['random_images'] = Array(); + $query = $GLOBALS['linpha']->db->Execute("SELECT id FROM ".PREFIX."photos WHERE img_type <> 0 AND img_type <> 9999999 ORDER BY ".$str_random); - $GLOBALS['linpha']->template->output['random_images'] = Array(); - $query = $GLOBALS['linpha']->db->SelectLimit("SELECT id FROM ".PREFIX."photos WHERE img_type <> 0 AND img_type <> 9999999 ORDER BY ".$str_random, $GLOBALS['nr_random_images']); - while($data = $query->FetchRow()) + for($i = 1; $i <= $nr_random_images ; ) { - $path = implode('/',linSql::getFullFilenameFromId($data['id'])); - $GLOBALS['linpha']->template->output['random_images'][] = Array('id'=>$data['id'],'path'=>$path); + $data = $query->FetchRow(); + if(isset($data['id'])) + { + $path = implode('/',LinSql::getFullFilenameFromId($data['id'])); + + if(file_exists(LinFilesys::getFullPath($path)) && LinSql::photoIsAllowed($data['id'])) + { + $GLOBALS['linpha']->template->output['random_images'][] = Array('id'=>$data['id'],'path'=>$path); + $i++; + } + } + else + { + break; + } } } @@ -818,6 +838,8 @@ /** * image comments */ + if($GLOBALS['linpha']->sql->checkPermission('metadata_comments')) + { /** * save comment */ @@ -842,6 +864,7 @@ */ $GLOBALS['linpha']->template->output['image_comments'] = $GLOBALS['linpha']->db->Execute("SELECT id, time, author, comment FROM ".PREFIX."meta_comments " . "WHERE md5sum = '".$GLOBALS['linpha']->imgview->md5sum."'"); + } } /** @@ -924,32 +947,35 @@ $this->viewImgCommon(); - /** - * save metadata - */ - if(isset($_POST['cmd']) && $_POST['cmd']=='insert_metadata') + if($GLOBALS['linpha']->sql->checkPermission('metadata_edit')) { - if(isset($_POST['field'])) + /** + * save metadata + */ + if(isset($_POST['cmd']) && $_POST['cmd']=='insert_metadata') { - /** - * delete existing entries - */ - $query = $GLOBALS['linpha']->db->Execute("DELETE FROM ".PREFIX."meta_data " . - "WHERE md5sum = '".$GLOBALS['linpha']->imgview->md5sum."'"); - - foreach($_POST['field'] AS $key=>$value) + if(isset($_POST['field'])) { - if(is_array($value)) // coming from a select (categories etc.) + /** + * delete existing entries + */ + $query = $GLOBALS['linpha']->db->Execute("DELETE FROM ".PREFIX."meta_data " . + "WHERE md5sum = '".$GLOBALS['linpha']->imgview->md5sum."'"); + + foreach($_POST['field'] AS $key=>$value) { - $value = ';'.implode(';',$value).';'; + if(is_array($value)) // coming from a select (categories etc.) + { + $value = ';'.implode(';',$value).';'; + } + + if(! empty($value)) + { + $GLOBALS['linpha']->db->Execute("INSERT into ".PREFIX."meta_data ". + "(field_id, md5sum, meta_data) VALUES " . + "('".linSql::linAddslashes($key)."','".$GLOBALS['linpha']->imgview->md5sum."','".linSql::linAddslashes($value)."')"); + } } - - if(! empty($value)) - { - $GLOBALS['linpha']->db->Execute("INSERT into ".PREFIX."meta_data ". - "(field_id, md5sum, meta_data) VALUES " . - "('".linSql::linAddslashes($key)."','".$GLOBALS['linpha']->imgview->md5sum."','".linSql::linAddslashes($value)."')"); - } } } } Modified: trunk/linpha2/lib/classes/linpha.sql.class.php =================================================================== --- trunk/linpha2/lib/classes/linpha.sql.class.php 2006-04-08 13:35:57 UTC (rev 4488) +++ trunk/linpha2/lib/classes/linpha.sql.class.php 2006-04-08 15:41:24 UTC (rev 4489) @@ -25,7 +25,7 @@ class LinSql { -public $passed; +private $isLoggedIn, $isAdmin; public $config; // sub class $linpha->sql->config /** @@ -154,7 +154,7 @@ */ function startSession() { - $this->passed = false; + $this->isLoggedIn = false; /** * connect to db if not already done @@ -171,23 +171,23 @@ */ if($this->config->value['sys_user_autologin']) { if(!isset($_SESSION['user_name']) && - isset($_COOKIE["linpha_userid"])&&$_COOKIE["linpha_userid"]!=""&& - isset($_COOKIE["linpha_password"])&&$_COOKIE["linpha_password"]!="") + isset($_COOKIE['linpha_userid'])&&$_COOKIE['linpha_userid']!=""&& + isset($_COOKIE['linpha_password'])&&$_COOKIE['linpha_password']!="") { $query = $GLOBALS['linpha']->db->Execute("SELECT username, display_name FROM ".PREFIX."users ". - "WHERE id = '".LinSql::linAddslashes($_COOKIE["linpha_userid"])."' ". - "AND password = '".LinSql::linAddslashes($_COOKIE["linpha_password"])."'"); + "WHERE id = '".LinSql::linAddslashes($_COOKIE['linpha_userid'])."' ". + "AND password = '".LinSql::linAddslashes($_COOKIE['linpha_password'])."'"); if($data = $query->FetchRow()) { //linpha_log('login','notice','User '.$_POST['user_name'].": successfully logged in."); linSysLog(i18n("Successfully Logged In!<br />")); - $this->setUserInformation($data['username'],$_COOKIE["linpha_userid"],$data['display_name']); + $this->setUserInformation($data['username'],$_COOKIE['linpha_userid'],$data['display_name']); } else // wrong cookie { - setcookie("linpha_userid"); // delete cookie linpha_userid - setcookie("linpha_password"); // delete cookie linpha_password + setcookie('linpha_userid'); // delete cookie linpha_userid + setcookie('linpha_password'); // delete cookie linpha_password } } } @@ -203,13 +203,12 @@ * @todo */ //linpha_log('login','notice','User '.@$_SESSION['user_name'].": logged out"); - //$this->passed=false; $_SESSION = array(); // delete all session data session_destroy(); // destroy session - if(isset($_COOKIE["linpha_userid"])) { - setcookie("linpha_userid"); // delete cookie linpha_userid - setcookie("linpha_password"); // delete cookie linpha_password + if(isset($_COOKIE['linpha_userid'])) { + setcookie('linpha_userid'); // delete cookie linpha_userid + setcookie('linpha_password'); // delete cookie linpha_password } } elseif($_POST['cmd']=='login') @@ -262,40 +261,57 @@ } /** - * set passed - * check remote_addr + * set isLoggedIn and isAdmin, check REMOTE_ADDR + * if $_SERVER['REMOTE_ADDR'] doesnt exists, we cant do this -> disable ip check */ - if(isset($_SESSION['user_id']) && isset($_SESSION['user_name']) && !empty($_SESSION['user_id']) && !empty($_SESSION['user_name']) ) - { - if( isset($_SERVER['REMOTE_ADDR']) && ($_SESSION["REMOTE_ADDR"] != $_SERVER["REMOTE_ADDR"]) ) + $this->isAdmin = false; + if(isset($_SESSION['user_id']) && isset($_SESSION['user_name']) && !empty($_SESSION['user_id']) && !empty($_SESSION['user_name']) ) { - /** - * ip check wrong! - */ - $this->passed=false; - - $_SESSION = array(); - session_destroy(); + if( isset($_SERVER['REMOTE_ADDR']) && ($_SESSION['REMOTE_ADDR'] != $_SERVER['REMOTE_ADDR']) ) + { + /** + * ip check wrong! + */ + $this->isLoggedIn=false; + + $_SESSION = array(); + session_destroy(); + } + else + { + $this->isLoggedIn=true; + + /** + * set isAdmin + */ + $data = $GLOBALS['linpha']->db->GetRow("SELECT id FROM ".PREFIX."groups WHERE group_name = 'admin'"); + if(in_array($data['id'],$_SESSION['user_groups'])) + { + $this->isAdmin = true; + } + } } else { - $this->passed=true; + $this->isLoggedIn=false; } - } - else - { - $this->passed=false; - } - + /** - * initialize basket - * it's much nicer if we can later just use count($_SESSION['basket_ids']) etc. - * without additional isset() and so on.. + * initialize some session variables */ - if( ! isset( $_SESSION['basket_ids'] ) ) - { - $_SESSION['basket_ids'] = Array(); - } + if( ! isset( $_SESSION['user_groups']) ) + { + $_SESSION['user_groups'] = Array(); + } + + /** + * it's much nicer if we can later just use count($_SESSION['basket_ids']) etc. + * without additional isset() and so on.. + */ + if( ! isset( $_SESSION['basket_ids'] ) ) + { + $_SESSION['basket_ids'] = Array(); + } } // end function startSession /** @@ -315,6 +331,14 @@ */ $_SESSION['user_displayname'] = (empty($displayname)) ? $_SESSION['user_name'] : $displayname; + /** + * get user_groups + */ + $query = $GLOBALS['linpha']->db->Execute("SELECT group_id FROM ".PREFIX."user_group WHERE user_id = '".$userid."'"); + while($data = $query->FetchRow()) + { + $_SESSION['user_groups'][] = $data['group_id']; + } } @@ -331,6 +355,20 @@ */ function getPerm( $photos_id ) { + /** + * special behaviour for top permission + * the top permission is only for inheritation + * for example: + * top perm = ;admin; + * perm folder1 = ;public; + * perm folder2 = ;admin; + * users must be able to see folder1 + */ + if($photos_id == 0) + { + return array(0, ';public;'); + } + for($i = 0 ; true ; $i++) { $data = $GLOBALS['linpha']->db->GetRow("SELECT permission FROM ".PREFIX."permissions WHERE perm_type = 'read' " . @@ -342,7 +380,7 @@ } else { - $data = $GLOBALS['linpha']->db->GetRow("SELECT parent_id FROM ".PREFIX."photos WHERE id = '".linSql::linAddslashes($photos_id)."'"); + $data = $GLOBALS['linpha']->db->GetRow("SELECT parent_id FROM ".PREFIX."photos WHERE id = '".LinSql::linAddslashes($photos_id)."'"); if( isset( $data[0] ) ) { @@ -360,66 +398,77 @@ } // end function getPerm /** - * This function checks if we are in the specific group - * - * return always true if group_id is 'public' - * if we are in the group "admin", we are automatically in - * every group + * returns true if we're allowed to see this photo */ -function inGroup($group_id) +function photoIsAllowed( $photo_id ) { - if($group_id == 'public') + /** + * admin sees always all photos + */ + if($GLOBALS['linpha']->sql->isAdmin()) { return true; } - if(!isset($_SESSION["user_groups"])) + list($stage,$perm) = LinSql::getPerm( $photo_id ); + $array_photo_perm = explodeAndSlice(';',$perm); + + foreach($array_photo_perm AS $value) { - return false; + if( $value == 'public' OR in_array($value, $_SESSION['user_groups']) ) + { + return true; + } } + return false; +} - /** - * create array with all groups, user is member of - */ - $group_member_of = explodeAndSlice(";",$_SESSION["user_groups"]); +/** + * method to check if we are logged in + */ +function isLoggedIn() +{ + return $this->isLoggedIn; +} - /** - * admin's have permissions for all groups - */ - if(in_array('admin', $group_member_of)) { - return true; - } - - - if(in_array($group_id, $group_member_of)) { - return true; - } else { - return false; - } +/** + * method to check if we are admin + */ +function isAdmin() +{ + return $this->isAdmin; } /** - * returns true if we're allowed to see this photo + * check permissions, basket_*, metadata_*, download, statistics, watermark, ... */ -function photoIsAllowed( $photo_id ) +function checkPermission($perm_type) { - list($stage,$perm) = linSql::getPerm( $photo_id ); - $array_photo_perm = explodeAndSlice(';',$perm); + if($GLOBALS['linpha']->sql->isAdmin()) + { + return true; + } - foreach($array_photo_perm AS $value) + $data = $GLOBALS['linpha']->db->GetRow("SELECT permission FROM ".PREFIX."permissions " . + "WHERE perm_type = '".LinSql::linAddslashes($perm_type)."'"); + $array_permissions = explodeAndSlice(';',$data['permission']); + + if(in_array('public',$array_permissions)) { - - if( $GLOBALS['linpha']->sql->inGroup( $value ) ) - { - return true; - } + return true; } - return false; + + $array = array_intersect($_SESSION['user_groups'],$array_permissions); + if(count($array) > 0) + { + return true; + } + else + { + return false; + } } - - - /** * other stuff */ Modified: trunk/linpha2/lib/modules/module.albums.php =================================================================== --- trunk/linpha2/lib/modules/module.albums.php 2006-04-08 13:35:57 UTC (rev 4488) +++ trunk/linpha2/lib/modules/module.albums.php 2006-04-08 15:41:24 UTC (rev 4489) @@ -25,9 +25,8 @@ if(!defined('LINPHA_DIR')) { exit(1); } /** - * @todo temporary set permission string and configs + * @todo temporary set configs */ -$_SESSION["user_groups"] = ';1;'; $order_by = 'name ASC'; /** @@ -37,6 +36,15 @@ $linpha->imgview = new linImgview(); /** + * check permission + */ + if(isset($_GET['id']) && !LinSql::photoIsAllowed( $_GET['id']) ) + { + echo i18n("Error: No Access"); + exit(1); + } + +/** * set some infos */ $linpha->template->URL_base = LINPHA_DIR.'/?cat=alb'; Modified: trunk/linpha2/lib/modules/module.browse.php =================================================================== --- trunk/linpha2/lib/modules/module.browse.php 2006-04-08 13:35:57 UTC (rev 4488) +++ trunk/linpha2/lib/modules/module.browse.php 2006-04-08 15:41:24 UTC (rev 4489) @@ -25,9 +25,8 @@ if(!defined('LINPHA_DIR')) { exit(1); } /** - * @todo temporary set permission string and configs + * @todo temporary set configs */ -$_SESSION["user_groups"] = ';1;'; $order_by = 'name ASC'; /** Modified: trunk/linpha2/lib/plugins/watermark/func.watermark.php =================================================================== --- trunk/linpha2/lib/plugins/watermark/func.watermark.php 2006-04-08 13:35:57 UTC (rev 4488) +++ trunk/linpha2/lib/plugins/watermark/func.watermark.php 2006-04-08 15:41:24 UTC (rev 4489) @@ -25,11 +25,6 @@ */ function need_watermark($imgid) { - /*if(!isset($GLOBALS['passed'])) { - $passed = false; - } else { - global $passed; - }*/ if( read_plugins_config('watermark') && read_config('wm_active') && !check_permissions('watermark',$imgid) ) { Modified: trunk/linpha2/templates/default/css/home.css =================================================================== --- trunk/linpha2/templates/default/css/home.css 2006-04-08 13:35:57 UTC (rev 4488) +++ trunk/linpha2/templates/default/css/home.css 2006-04-08 15:41:24 UTC (rev 4489) @@ -62,7 +62,7 @@ left: 20px; width: 130px; - height: auto; + height: 130px; border: 0; } \ No newline at end of file Modified: trunk/linpha2/templates/default/global.html.php =================================================================== --- trunk/linpha2/templates/default/global.html.php 2006-04-08 13:35:57 UTC (rev 4488) +++ trunk/linpha2/templates/default/global.html.php 2006-04-08 15:41:24 UTC (rev 4489) @@ -94,7 +94,7 @@ <li> <div> <form action="<?php echo $GLOBALS['linpha']->template->URL_full; ?>" method="POST"> - <?php if($GLOBALS['linpha']->sql->passed) { ?> + <?php if($GLOBALS['linpha']->sql->isLoggedIn()) { ?> <!-- logout infos --> <?php echo i18n("You Are Currently Logged In As:").' '.$_SESSION['user_name'].' ('.$_SESSION['user_displayname'].')<br />'; ?> <input type="hidden" name="cmd" value="logout" /> Modified: trunk/linpha2/templates/default/view_img.html.php =================================================================== --- trunk/linpha2/templates/default/view_img.html.php 2006-04-08 13:35:57 UTC (rev 4488) +++ trunk/linpha2/templates/default/view_img.html.php 2006-04-08 15:41:24 UTC (rev 4489) @@ -30,14 +30,16 @@ </div> <div id="main"> <!-- edit meta data - include view_meta.html --> - <?php if($_SESSION['mode_imageview']=='meta') { - include_once(LINPHA_DIR.'/templates/'.$GLOBALS['linpha']->template->template_name.'/view_meta.html.php'); - } else { ?> + <?php if($_SESSION['mode_imageview']=='meta') { + include_once(LINPHA_DIR.'/templates/'.$GLOBALS['linpha']->template->template_name.'/view_meta.html.php'); + } else { ?> <!-- show image --> <?php echo $GLOBALS['linpha']->template->output['image']; ?> <br /><br /> - + + <!-- comments --> + <?php if($GLOBALS['linpha']->sql->checkPermission('metadata_comments')) { ?> <!-- show add comment form --> <div class="add_comment"> <form action="<?php echo $GLOBALS['linpha']->template->URL_full; ?>" method="POST"> @@ -73,8 +75,9 @@ document.getElementById('comment_textarea').value = document.getElementById('comment_input_text').value; } </script> + <?php } /* end if checkPermission('metadata_comments') */ ?> - <?php } /* end if view==meta */ ?> + <?php } /* end if view!=meta */ ?> </div> <div class="roundbottom"> Modified: trunk/linpha2/templates/default/view_meta.html.php =================================================================== --- trunk/linpha2/templates/default/view_meta.html.php 2006-04-08 13:35:57 UTC (rev 4488) +++ trunk/linpha2/templates/default/view_meta.html.php 2006-04-08 15:41:24 UTC (rev 4489) @@ -1,9 +1,18 @@ +<?php +/** + * this file is included from view_img.html.php + */ + +?> <a href="<?php echo $GLOBALS['linpha']->template->URL_full.'&view=img'; ?>">Back to normal view</a> <h1><?php i18n("Edit Image Imformation"); ?></h1> <?php -$query = $GLOBALS['linpha']->db->Execute("SELECT id, name, field_type FROM ".PREFIX."meta_fields " . - "WHERE flags = '5' OR flags = '7' ORDER by id"); -$num = $query->RecordCount(); + +if($GLOBALS['linpha']->sql->checkPermission('metadata_edit')) +{ + $query = $GLOBALS['linpha']->db->Execute("SELECT id, name, field_type FROM ".PREFIX."meta_fields " . + "WHERE flags = '5' OR flags = '7' ORDER by id"); + $num = $query->RecordCount(); ?> <form action="<?php echo $GLOBALS['linpha']->template->URL_full; ?>" method="POST"> <table border='1'> @@ -70,4 +79,5 @@ </table> <input type="hidden" name="cmd" value="insert_metadata" /> <input type="submit" name="submit" value="submit" /> -</form> \ No newline at end of file +</form> +<?php } /* end if checkPermission('metadata_edit') */ ?> \ No newline at end of file This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
