Menu
▾
▴
[mxbb-commits] core/includes mx_functions_admincp.php,NONE,1.1 mx_functions_auth.php,NONE,1.1 mx_functions_blockcp.php,NONE,1.1 mx_functions_core.php,NONE,1.1 mx_functions_parameter.php,NONE,1.1 mx_form.php,1.4,1.5 mx_functions.php,1.43,1.44 mx_functions_ch.php,1.1,1.2 mx_functions_phpbb.php,1.9,1.10 template.php,1.12,1.13 mx_admincp.php,1.2,NONE mx_auth.php,1.9,NONE mx_cache.php,1.6,NONE
|
From: Jon O. <jon...@us...> - 2005-08-20 18:19:31
|
Update of /cvsroot/mxbb/core/includes In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21797/includes Modified Files: mx_form.php mx_functions.php mx_functions_ch.php mx_functions_phpbb.php template.php Added Files: mx_functions_admincp.php mx_functions_auth.php mx_functions_blockcp.php mx_functions_core.php mx_functions_parameter.php Removed Files: mx_admincp.php mx_auth.php mx_cache.php Log Message: Major commit Adding new adminCP, blockCP and many new oo components Finally finalizing latest months hard work :-) Index: mx_functions_ch.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/mx_functions_ch.php,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** mx_functions_ch.php 25 Apr 2005 01:40:01 -0000 1.1 --- mx_functions_ch.php 20 Aug 2005 18:19:11 -0000 1.2 *************** *** 20,23 **** --- 20,28 ---- ***************************************************************************/ + if ( !defined( 'IN_PORTAL' ) ) + { + die( "Hacking attempt" ); + } + // // This code is part of common.php in Categories Hierarchy 2.1.0 --- NEW FILE: mx_functions_auth.php --- <?php /** ------------------------------------------------------------------------ * subject : mx-portal, CMS & portal * begin : june, 2002 * copyright : (C) 2002-2005 MX-System * email : jon...@ho... * project site : www.mx-system.com * * description : * ------------------------------------------------------------------------- * * $Id: mx_functions_auth.php,v 1.1 2005/08/20 18:19:11 jonohlsson Exp $ */ /** * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License', or * ('at your option) any later version. */ /** * Included functions in this file: * - block_auth * - page_auth * - menu_auth * - get_auth_forum * - mx_auth_group * - mx_get_groups */ /********************************************************************************\ | $type's accepted (pre-pend with AUTH_): | VIEW, READ, POST, REPLY, EDIT, DELETE, STICKY, ANNOUNCE, VOTE, POLLCREATE | | Possible options ($type/module_id combinations): | | * If you include a type and module_id then a specific lookup will be done and | the single result returned | | * If you set type to AUTH_ALL and specify a module_id an array of all auth types | will be returned | | * If you provide a module_id a specific lookup on that module will be done | | * If you set module_id to AUTH_LIST_ALL and specify a type an array listing the | results for all modules will be returned | | * If you set module_id to AUTH_LIST_ALL and type to AUTH_ALL a multidimensional | array containing the auth permissions for all types and all modules for that | user is returned | | All results are returned as associative arrays, even when a single auth type is | specified. | | If available you can send an array (either one or two dimensional) containing the | module auth levels, this will prevent the auth function having to do its own | lookup \********************************************************************************/ if ( !defined( 'IN_PORTAL' ) ) { die( "Hacking attempt" ); } function block_auth($type, $module_id, $userdata, $f_access = '', $f_access_group = '') { global $db, $lang; switch( $type ) { // case AUTH_ALL: // $a_sql = 'a.auth_view, a.auth_edit, a.auth_delete'; // $a_sql_groups = 'a.auth_view_group, a.auth_edit_group, a.auth_delete_group'; // $auth_fields = array('auth_view', 'auth_edit', 'auth_delete'); // $auth_fields_groups = array('auth_view_group', 'auth_edit_group', 'auth_delete_group'); // break; case AUTH_VIEW: $a_sql = 'a.auth_view'; $a_sql_groups = 'a.auth_view_group'; $auth_fields = array('auth_view'); $auth_fields_groups = array('auth_view_group'); break; case AUTH_EDIT: $a_sql = 'a.auth_edit'; $a_sql_groups = 'a.auth_edit_group'; $auth_fields = array('auth_edit'); $auth_fields_groups = array('auth_edit_group'); break; case AUTH_DELETE: $a_sql = 'a.auth_delete'; $a_sql_groups = 'a.auth_delete_group'; $auth_fields = array('auth_delete'); $auth_fields_groups = array('auth_delete_group'); break; default: break; } if( $module_id == 0 ) { if( $userdata['user_level'] == ADMIN && $userdata['session_logged_in'] ) { $auth_user[$auth_fields[0]] = 1; $auth_user[$auth_fields[0] . '_type'] = $lang['Auth_Moderators']; } else { $auth_user[$auth_fields[0]] = 0; $auth_user[$auth_fields[0] . '_type'] = $lang['Auth_Moderators']; } return $auth_user; } $is_admin = ( $userdata['user_level'] == ADMIN && $userdata['session_logged_in'] ) ? TRUE : 0; $auth_user = array(); for( $i = 0; $i < count($auth_fields); $i++ ) { $key = $auth_fields[$i]; $key_groups = $auth_fields_groups[$i]; // // If the user is logged on and the module type is either ALL or REG then the user has access // // If the type if ACL, MOD or ADMIN then we need to see if the user has specific permissions // to do whatever it is they want to do ... to do this we pull relevant information for the // user (and any groups they belong to) // // Now we compare the users access level against the modules. We assume here that a moderator // and admin automatically have access to an ACL module, similarly we assume admins meet an // auth requirement of MOD // $value = $f_access[$key]; // $value_groups = $f_access_group[$key_groups]; $value_groups = $f_access_group; switch( $value ) { case AUTH_ALL: $auth_user[$key] = TRUE; $auth_user[$key . '_type'] = $lang['Auth_Anonymous_users']; break; case AUTH_REG: $auth_user[$key] = ( $userdata['session_logged_in'] ) ? TRUE : 0; $auth_user[$key . '_type'] = $lang['Auth_Registered_Users']; break; case AUTH_ANONYMOUS: $auth_user[$key] = ( ! $userdata['session_logged_in'] ) ? TRUE : 0; $auth_user[$key . '_type'] = $lang['Auth_Anonymous_users']; break; case AUTH_ACL: // PRIVATE $auth_user[$key] = ( $userdata['session_logged_in'] ) ? mx_is_group_member($value_groups) || $is_admin : 0; $auth_user[$key . '_type'] = $lang['Auth_Users_granted_access']; break; case AUTH_MOD: $auth_user[$key] = ( $userdata['session_logged_in'] ) ? mx_is_group_member($f_access_group['auth_moderator_group']) || $is_admin : 0; $auth_user[$key . '_type'] = $lang['Auth_Moderators']; break; case AUTH_ADMIN: $auth_user[$key] = $is_admin; $auth_user[$key . '_type'] = $lang['Auth_Administrators']; break; default: $auth_user[$key] = 0; break; } } // // Is user a moderator? $auth_user['auth_mod'] = ( $userdata['session_logged_in'] ) ? mx_is_group_member($f_access_group['auth_moderator_group']) || $is_admin : 0; return $auth_user; } /********************************************************************************\ | \********************************************************************************/ function page_auth($type, $userdata, $f_access = '', $f_access_group = '') { global $db, $lang; $a_sql = 'a.auth_view'; $a_sql_groups = 'a.auth_view_group'; $auth_fields = array('auth_view'); $auth_fields_groups = array('auth_view_group'); $is_admin = ( $userdata['user_level'] == ADMIN && $userdata['session_logged_in'] ) ? TRUE : 0; $auth_user = array(); for( $i = 0; $i < count($auth_fields); $i++ ) { $key = $auth_fields[$i]; $key_groups = $auth_fields_groups[$i]; $value = $f_access[$key]; // $value_groups = $f_access_group[$key_groups]; $value_groups = $f_access_group; switch( $value ) { case AUTH_ALL: $auth_user[$key] = TRUE; $auth_user[$key . '_type'] = $lang['Auth_Anonymous_users']; break; case AUTH_REG: $auth_user[$key] = ( $userdata['session_logged_in'] ) ? TRUE : 0; $auth_user[$key . '_type'] = $lang['Auth_Registered_Users']; break; case AUTH_ANONYMOUS: $auth_user[$key] = ( ! $userdata['session_logged_in'] ) ? TRUE : 0; $auth_user[$key . '_type'] = $lang['Auth_Anonymous_users']; break; case AUTH_ACL: // PRIVATE $auth_user[$key] = ( $userdata['session_logged_in'] ) ? mx_is_group_member($value_groups) || $is_admin : 0; $auth_user[$key . '_type'] = $lang['Auth_Users_granted_access']; break; case AUTH_MOD: $auth_user[$key] = ( $userdata['session_logged_in'] ) ? mx_is_group_member($f_access_group['auth_moderator_group']) || $is_admin : 0; $auth_user[$key . '_type'] = $lang['Auth_Moderators']; break; case AUTH_ADMIN: $auth_user[$key] = $is_admin; $auth_user[$key . '_type'] = $lang['Auth_Administrators']; break; default: $auth_user[$key] = 0; break; } } // // Is user a moderator? $auth_user['auth_mod'] = ( $userdata['session_logged_in'] ) ? mx_is_group_member($f_access_group['auth_moderator_group']) || $is_admin : 0; return $auth_user; } /********************************************************************************\ | \********************************************************************************/ function menu_auth($type, $menu_id, $userdata, $f_access = '', $f_access_group = '') { global $db, $lang; switch( $type ) { case AUTH_ALL: $a_sql = 'a.auth_view'; $auth_fields = array('auth_view'); break; case AUTH_VIEW: $a_sql = 'a.auth_view'; $auth_fields = array('auth_view'); break; default: break; } // // If f_access has been passed, or auth is needed to return an array of menus // then we need to pull the auth information on the given menu (or all menus) // $is_admin = ( $userdata['user_level'] == ADMIN && $userdata['session_logged_in'] ) ? TRUE : 0; $auth_user = array(); for( $i = 0; $i < count($auth_fields); $i++ ) { $key = $auth_fields[$i]; // // If the user is logged on and the menu type is either ALL or REG then the user has access // // If the type if ACL, MOD or ADMIN then we need to see if the user has specific permissions // to do whatever it is they want to do ... to do this we pull relevant information for the // user (and any groups they belong to) // // Now we compare the users access level against the menus. We assume here that a moderator // and admin automatically have access to an ACL menu, similarly we assume admins meet an // auth requirement of MOD // $value = $f_access[$key]; switch( $value ) { case AUTH_ALL: $auth_user[$key] = TRUE; $auth_user[$key . '_type'] = $lang['Auth_Anonymous_users']; break; case AUTH_REG: $auth_user[$key] = ( $userdata['session_logged_in'] ) ? TRUE : 0; $auth_user[$key . '_type'] = $lang['Auth_Registered_Users']; break; case AUTH_ANONYMOUS: $auth_user[$key] = ( ! $userdata['session_logged_in'] ) ? TRUE : 0; $auth_user[$key . '_type'] = $lang['Auth_Anonymous_users']; break; case AUTH_ACL: $auth_user[$key] = ( $userdata['session_logged_in'] ) ? mx_is_group_member($f_access_group) || $is_admin : 0; $auth_user[$key . '_type'] = $lang['Auth_Users_granted_access']; break; case AUTH_MOD: $auth_user[$key] = ( $userdata['session_logged_in'] ) ? mx_is_group_member($f_access_group) || $is_admin : 0; $auth_user[$key . '_type'] = $lang['Auth_Moderators']; break; case AUTH_ADMIN: $auth_user[$key] = $is_admin; $auth_user[$key . '_type'] = $lang['Auth_Administrators']; break; default: $auth_user[$key] = 0; break; } } // // Is user a moderator? // $auth_user['auth_mod'] = ( $userdata['session_logged_in'] ) ? mx_is_group_member($f_access_group) || $is_admin : 0; return $auth_user; } /********************************************************************************\ | Temporary function for getting all block_ids vith auth_edit \********************************************************************************/ function get_auth_blocks() { global $userdata, $mx_root_path, $phpEx, $db; // // Try to reuse auth_view query result. // $userdata_key = 'mx_get_auth_block' . $userdata['user_id']; if( !empty($userdata[$userdata_key]) ) { $auth_data_sql = $userdata[$userdata_key]; return $auth_data_sql; } // // Get block data // // Generate dynamic block select $sql = "SELECT * FROM " . BLOCK_TABLE . " ORDER BY block_id"; if( !($result = $db->sql_query($sql)) ) { mx_message_die(GENERAL_ERROR, "Couldn't get blocks", '', __LINE__, __FILE__, $sql); } // // Loop through the list of forums to retrieve the ids for // those with AUTH_VIEW allowed. // $auth_data_sql = ''; while ( $row = $db->sql_fetchrow($result) ) { $block_edit_auth = block_auth( AUTH_EDIT, $row['block_id'] , $userdata, $row['auth_edit'], $row['auth_edit_group'] ); if( $block_edit_auth['auth_edit'] ) { $auth_data_sql .= ( $auth_data_sql != '' ) ? ', ' . $row['block_id'] : $row['block_id']; } } if( empty($auth_data_sql) ) { $auth_data_sql = -1; } $userdata[$userdata_key] = $auth_data_sql; return $auth_data_sql; } /********************************************************************************\ | New optimized get_auth_forum | Credits to Markus_Petrux :-) \********************************************************************************/ function get_auth_forum($mode = 'phpbb') { global $userdata, $mx_root_path, $phpEx; // // Try to reuse auth_view query result. // $userdata_key = 'mx_get_auth_' . $mode . $userdata['user_id']; if( !empty($userdata[$userdata_key]) ) { $auth_data_sql = $userdata[$userdata_key]; return $auth_data_sql; } // // Now, this tries to optimize DB access involved in auth(), // passing AUTH_LIST_ALL will load info for all forums at once. // if( $mode == 'kb' ) { include_once($mx_root_path . 'modules/mx_kb/includes/functions_kb_auth.' . $phpEx); $auth_func = 'kb_auth'; } else { $auth_func = 'auth'; } $is_auth_ary = $auth_func(AUTH_VIEW, AUTH_LIST_ALL, $userdata); // // Loop through the list of forums to retrieve the ids for // those with AUTH_VIEW allowed. // $auth_data_sql = ''; foreach( $is_auth_ary as $fid => $is_auth_row ) { if( $is_auth_row['auth_view'] ) { $auth_data_sql .= ( $auth_data_sql != '' ) ? ', ' . $fid : $fid; } } if( empty($auth_data_sql) ) { $auth_data_sql = -1; } $userdata[$userdata_key] = $auth_data_sql; return $auth_data_sql; } /********************************************************************************\ | Validates if user belongs to group included in group_ids list | Also, adds all usergroups to userdata array \********************************************************************************/ function mx_is_group_member($group_ids = '', $group_mod_mode = false) { global $userdata, $db; if( empty($group_ids) ) { return false; } // // Try to reuse group_id results. // $userdata_key = 'mx_usergroups' . ( $group_mod_mode ? '_mod' : '' ) . $userdata['user_id']; if( empty($userdata[$userdata_key]) ) { if( $group_mod_mode ) // Get the groups the user is moderator of. { $sql = "SELECT group_id FROM " . GROUPS_TABLE . " WHERE group_moderator = '" . $userdata['user_id'] . "' AND group_single_user = 0"; } else // Get the groups the user is member of. { $sql = "SELECT group_id FROM " . USER_GROUP_TABLE . " WHERE user_id = '" . $userdata['user_id'] . "' AND user_pending = 0"; } if ( !($result = $db->sql_query($sql)) ) { mx_message_die(GENERAL_ERROR, "Could not query group rights information"); } $userdata[$userdata_key] = $db->sql_fetchrowset($result); } $group_ids_array = explode(',', $group_ids); for( $i = 0; $i < count($userdata[$userdata_key]); $i++ ) { if( in_array($userdata[$userdata_key][$i]['group_id'], $group_ids_array) ) { return true; } } return false; } /********************************************************************************\ | \********************************************************************************/ function mx_get_groups($sel_id, $field_entry = 'auth_view_group') { global $db, $lang; $sql = "SELECT group_id, group_name FROM " . GROUPS_TABLE . " WHERE group_single_user <> " . TRUE . " ORDER BY group_name"; if( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, "Couldn't get list of groups", '', __LINE__, __FILE__, $sql); } $grouplist = '<select name="'.$field_entry.'">'; $grouplist .= '<option value="0">' . $lang['Select_group'] . '</option>'; while( $row = $db->sql_fetchrow($result) ) { $selected = ( $sel_id == $row['group_id'] ? ' selected="selected"' : '' ); $grouplist .= '<option value="' .$row['group_id'] . '"' . $selected . '>' . $row['group_name'] . '</option>'; } $grouplist .= '</select>'; return $grouplist; } ?> --- NEW FILE: mx_functions_blockcp.php --- <?php /** ------------------------------------------------------------------------ * subject : mx-portal, CMS & portal * begin : june, 2002 * copyright : (C) 2002-2005 MX-System * email : jon...@ho... * project site : www.mx-system.com * * description : * ------------------------------------------------------------------------- * * $Id: mx_functions_blockcp.php,v 1.1 2005/08/20 18:19:11 jonohlsson Exp $ */ /** * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License', or * ('at your option) any later version. */ if ( !defined( 'IN_PORTAL' ) ) { die( "Hacking attempt" ); } /********************************************************************************\ | Class: mx_blockcp | The mx_blockcp class will provide a block control panel. | This class will load additional module specific parameters, eg advanced textblocks (bbcode/html/mxBB/wysiwyg) and serialized data types | | // | // Methods | // | $mx_blockcp->panel($block_id); | $mx_blockcp->do_it(ACTION, TYPE, $block_id) | | // | // Usage examples: | // | | $mx_blockcp->panel($block_id, $new_block); : This will create new block dialog | $mx_blockcp->panel($block_id); : This will create edit block dialog | | $mx_blockcp->do_it(ACTION, TYPE, $block_id) | \********************************************************************************/ define('MX_BLOCKCP_DEBUG' , false); class mx_blockcp extends mx_block { // ------------------------------ // Private Methods // // // ****************************************************************** // DIALOG // ****************************************************************** function _controlpanel( $id, $new_block ) { global $blockcptemplate, $lang, $db, $board_config, $theme, $HTTP_GET_VARS, $HTTP_POST_VARS, $phpEx, $mx_root_path, $s_hidden_fields, $userdata, $portalpage, $cookie_states, $module_nav_icon_url, $portalpage; if (empty($id)) { die('Invalid block panel call - no id'); } // // Main parameters // $block_keys = array( 'block_title' => 'block_title', 'block_desc' => 'block_desc', 'show_block' => 'show_block', 'show_title' => 'show_title', 'show_stats' => 'show_stats'); // // Instantiate the Block Class // //$mx_block = new mx_block(); // // Toggle add/edit action // if( !$new_block ) { if ( MX_BLOCKCP_DEBUG ) { echo('DIALOG - BLOCK - EDIT <br>'); } $mode_general = MX_BLOCK_TYPE; $mode_permissions = MX_BLOCK_PRIVATE_TYPE; $mode_settings = MX_BLOCK_SETTINGS_TYPE; $action = MX_DO_UPDATE; $block_id = $id; //$this->init($block_id); $function_id = $this->function_id; $l_title = $lang['Edit_block']; $newmode = 'modify_block'; $buttonvalue = $lang['Update']; $block_title = ( isset($HTTP_POST_VARS[$block_keys['block_title']]) ) ? stripslashes(htmlspecialchars($HTTP_POST_VARS[$block_keys['block_title']])) : $this->$block_keys['block_title']; $block_desc = ( isset($HTTP_POST_VARS[$block_keys['block_desc']]) ) ? stripslashes(htmlspecialchars($HTTP_POST_VARS[$block_keys['block_desc']])) : $this->$block_keys['block_desc']; $show_block = ( isset($HTTP_POST_VARS[$block_keys['show_block']]) ) ? intval($HTTP_POST_VARS[$block_keys['show_block']]) : intval($this->$block_keys['show_block']); $show_title = ( isset($HTTP_POST_VARS[$block_keys['show_title']]) ) ? intval($HTTP_POST_VARS[$block_keys['show_title']]) : intval($this->$block_keys['show_title']); $show_stats = ( isset($HTTP_POST_VARS[$block_keys['show_stats']]) ) ? intval($HTTP_POST_VARS[$block_keys['show_stats']]) : intval($this->$block_keys['show_stats']); } else { if ( MX_BLOCKCP_DEBUG ) { echo('DIALOG - BLOCK - ADD <br>'); } $mode_general = MX_BLOCK_TYPE; $mode_permissions = MX_BLOCK_PRIVATE_TYPE; $mode_settings = MX_BLOCK_SETTINGS_TYPE; $action = MX_DO_INSERT; $function_id = $id; $l_title = $lang['Create_block']; $newmode = 'create_block'; $buttonvalue = $lang['Create_block']; $block_title = ''; $block_desc = ''; $show_block = '1'; $show_title = '1'; $show_stats = '0'; $this->$block_keys['auth_view'] = AUTH_ALL; $this->$block_keys['auth_edit'] = AUTH_ADMIN; } $functionlist = get_list_formatted('function_list', $function_id); // // Define auth constants // $block_auth_fields = array('auth_view', 'auth_edit'); // , 'auth_delete' $block_auth_ary = array( 'auth_view' => AUTH_ALL, 'auth_edit' => AUTH_MOD, ); $block_auth_levels = array('ALL', 'REG', 'PRIVATE', 'MOD', 'ADMIN', 'ANONYMOUS'); $block_auth_const = array(AUTH_ALL, AUTH_REG, AUTH_ACL, AUTH_MOD, AUTH_ADMIN, AUTH_ANONYMOUS); $field_names = array( 'auth_view' => $lang['View'], 'auth_edit' => $lang['Edit'], ); /* // // Populate missing parameters (if any) // $sql = "INSERT INTO " . BLOCK_SYSTEM_PARAMETER_TABLE . " (block_id, parameter_id, parameter_value) SELECT " . $block_id . ", parameter_id, parameter_default FROM " . PARAMETER_TABLE . " par " . " WHERE function_id = " . $block_row['function_id']; if( !($result = $db->sql_query($sql)) ) { mx_message_die(GENERAL_ERROR, "Couldn't insert parameter information", "", __LINE__, __FILE__, $sql); } */ // // Hidden fields // $s_hidden_fields .= '<input type="hidden" name="mode" value="' . $mode . '" /> <input type="hidden" name="action" value="' . $action . '" />'; $show_title_yes = ( $show_title == 1 ) ? 'checked="checked"' : ''; $show_title_no = ( $show_title == 0 ) ? 'checked="checked"' : ''; $show_block_yes = ( $show_block == 1 ) ? 'checked="checked"' : ''; $show_block_no = ( $show_block == 0 ) ? 'checked="checked"' : ''; $show_stats_yes = ( $show_stats == 1 ) ? 'checked="checked"' : ''; $show_stats_no = ( $show_stats == 0 ) ? 'checked="checked"' : ''; // // Define some graphics // $module_nav_icon_url = PORTAL_URL . TEMPLATE_ROOT_PATH . 'images/admin_icons/'; $admin_icon['contract'] = $module_nav_icon_url . 'contract.gif'; $admin_icon['expand'] = $module_nav_icon_url . 'expand.gif'; $admin_icon['module'] = $module_nav_icon_url . 'icon_module.gif'; $admin_icon['function'] = $module_nav_icon_url . 'icon_function.gif'; $admin_icon['parameter'] = $module_nav_icon_url . 'icon_parameter.gif'; $admin_icon['block'] = $module_nav_icon_url . 'icon_block.gif'; $admin_icon['edit_block'] = $module_nav_icon_url . 'icon_edit.gif'; // // Variables // $blockcptemplate->assign_vars(array( 'L_TITLE' => $lang['Block_admin'], 'L_EXPLAIN' => $lang['Block_admin_explain'], 'SID' => $userdata['session_id'], 'RESULT_MESSAGE' => !empty($result_message) ? '<div style="overflow:auto; height:50px;"><span class="gensmall">-::-<br/>' . $result_message . '<br/> -::-</span></div>': '', // // General // "L_ACTION" => $lang['Action'], "L_DELETE" => $lang['Delete'], 'L_SETTING' => $lang['Settings'], 'L_VIEW' => $lang['View'], "L_EDIT" => $lang['Edit'], "L_ADD" => $lang['Create_parameter'], 'L_YES' => $lang['Yes'], 'L_NO' => $lang['No'], 'L_SETTING' => $new_block ? '' : $l_setting, 'L_DELETE' => $new_block ? '' : $lang['Delete'], 'L_EDIT' => $new_block ? '' : $lang['Edit'], 'L_AUTH_TITLE' => $lang['Auth_Block'], 'L_AUTH_TITLE_EXPLAIN' => $lang['Auth_Block_explain'], 'L_FUNCTION' => $lang['Function'], 'L_BLOCK_TITLE' => $lang['Block_title'], 'L_BLOCK_DESC' => $lang['Block_desc'], 'L_SHOW_BLOCK' => $lang['Show_block'], 'L_SHOW_BLOCK_EXPLAIN' => $lang['Show_block_explain'], 'L_SHOW_TITLE' => $lang['Show_title'], 'L_SHOW_TITLE_EXPLAIN' => $lang['Show_title_explain'], 'L_SHOW_STATS' => $lang['Show_stats'], 'L_SHOW_STATS_EXPLAIN' => $lang['Show_stats_explain'], 'BLOCK_ID' => $block_id, 'BLOCK_TITLE' => $new_block ? '<span class="cattitle">'. $lang['Create_block'] . '</span>' : ' ' . $block_title, 'BLOCK_DESC' => ( $block_desc != '' ) ? ' - ' . $block_desc : '', 'U_BLOCK_SETTINGS' => append_sid(PORTAL_URL . "admin/admin_mx_blockcp.$phpEx?block_id=$block_id"), 'U_BLOCK_DELETE' => append_sid(PORTAL_URL . "admin/admin_mx_block.$phpEx?mode=delete_block&block_id=$block_id"), 'U_BLOCK_PERMISSIONS' => append_sid(PORTAL_URL . "admin/admin_mx_block_auth.$phpEx?cat_id=$block_id"), 'E_BLOCK_TITLE' => $block_title, 'E_BLOCK_DESC' => $block_desc, 'S_FUNCTION_LIST' => $functionlist, 'S_SHOW_BLOCK_YES' => $show_block_yes, 'S_SHOW_BLOCK_NO' => $show_block_no, 'S_SHOW_TITLE_YES' => $show_title_yes, 'S_SHOW_TITLE_NO' => $show_title_no, 'S_SHOW_STATS_YES' => $show_stats_yes, 'S_SHOW_STATS_NO' => $show_stats_no, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_SUBMIT_UPDATE' => $buttonvalue, 'S_SUBMIT' => $lang['Update'], 'L_GROUPS' => $lang['Usergroups'], 'L_IS_MODERATOR' => $lang['Is_Moderator'], // // Graphics // 'IMG_URL_CONTRACT' => $admin_icon['contract'], 'IMG_URL_EXPAND' => $admin_icon['expand'], 'IMG_ICON_MODULE' => $admin_icon['module'], 'IMG_ICON_FUNCTION' => $admin_icon['function'], 'IMG_ICON_PARAMETER' => $admin_icon['parameter'], 'IMG_ICON_BLOCK' => $admin_icon['block'], 'IMG_ICON_EDIT_BLOCK' => $admin_icon['edit_block'], )); // // Hidden fields // $s_hidden_general_fields = '<input type="hidden" name="mode" value="' . $mode_general . '" /> <input type="hidden" name="action" value="' . $action . '" /> <input type="hidden" name="id" value="' . $block_id . '" /> <input type="hidden" name="portalpage" value="' . $portalpage . '" /> <input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />'; $s_hidden_permissions_fields = '<input type="hidden" name="mode" value="' . $mode_permissions . '" /> <input type="hidden" name="action" value="' . $action . '" /> <input type="hidden" name="id" value="' . $block_id . '" /> <input type="hidden" name="portalpage" value="' . $portalpage . '" /> <input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />'; $s_hidden_settings_fields = '<input type="hidden" name="mode" value="' . $mode_settings . '" /> <input type="hidden" name="action" value="' . $action . '" /> <input type="hidden" name="id" value="' . $block_id . '" /> <input type="hidden" name="portalpage" value="' . $portalpage . '" /> <input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />'; // // Activate BlockCP SubPanels, based on auth // $blockcptemplate->assign_block_vars('blockcp_general', array( 'L_TITLE' => $lang['Block_quick_edit'], 'S_HIDDEN_FIELDS' => $s_hidden_general_fields, 'S_SUBMIT' => $buttonvalue )); if (!empty($this->block_parameters)) { $blockcptemplate->assign_block_vars('blockcp_settings', array( 'L_TITLE' => $lang['Settings'], 'S_HIDDEN_FIELDS' => $s_hidden_settings_fields, 'S_SUBMIT' => $buttonvalue )); } if ($this->auth_mod) { $blockcptemplate->assign_block_vars('blockcp_permissions', array( 'L_TITLE' => $lang['Permissions_adv'], 'S_HIDDEN_FIELDS' => $s_hidden_permissions_fields, 'S_SUBMIT' => $buttonvalue )); // // Some general blockcp settings are moderator only // $blockcptemplate->assign_block_vars('blockcp_general.is_auth', array()); // // Now query all permissions data (not needed if not authorized ;) // // // Output values of individual auth fields // for( $j = 0; $j < count($block_auth_fields); $j++ ) { $custom_auth[$j] = ' <select name="' . $block_auth_fields[$j] . '">'; for( $k = 0; $k < count($block_auth_levels); $k++ ) { $selected = ( $this->block_info[$block_auth_fields[$j]] == $block_auth_const[$k] ) ? ' selected="selected"' : ''; $custom_auth[$j] .= '<option value="' . $block_auth_const[$k] . '"' . $selected . '>' . $lang['AUTH_' . $block_auth_levels[$k]] . "</option>\n"; } $custom_auth[$j] .= '</select> '; $cell_title = $field_names[$block_auth_fields[$j]]; $blockcptemplate->assign_block_vars('blockcp_general.block_auth_titles', array( 'CELL_TITLE' => $cell_title )); $blockcptemplate->assign_block_vars('blockcp_general.block_auth_data', array( 'S_AUTH_LEVELS_SELECT' => $custom_auth[$j] )); } // // PRIVATE auth // // // Get the list of phpBB usergroups // $sql = "SELECT group_id, group_name FROM " . GROUPS_TABLE . " WHERE group_single_user <> " . TRUE . " ORDER BY group_name ASC"; if( !($result = $db->sql_query($sql)) ) { mx_message_die(GENERAL_ERROR, 'Could not get group list', '', __LINE__, __FILE__, $sql); } while( $row = $db->sql_fetchrow($result) ) { $groupdata[] = $row; } $view_groups = @explode(',', $this->block_info['auth_view_group']); $edit_groups = @explode(',', $this->block_info['auth_edit_group']); $delete_groups = @explode(',', $this->block_info['auth_delete_group']); $moderator_groups = @explode(',', $this->block_info['auth_moderator_group']); $row_private = ''; for( $i = 0; $i < count($groupdata); $i++ ) { $row_color = ( !( $i % 2 ) ) ? 'row1' : 'row2'; $row_private .= '<tr>'; $row_private .= '<td width="40%" class="'.$row_color.'" align="center"><span class="gen">'.$groupdata[$i]['group_name'].'</span></td>'; $row_private .= '<td width="20%" class="'.$row_color.'" align="center">'; if ( $this->block_info['auth_view'] == AUTH_ACL ) { $view_checked = in_array($groupdata[$i]['group_id'], $view_groups) ? 'checked="checked"' : ''; $row_private .= '<input name="view[]" type="checkbox" ' . $view_checked . 'value="'.$groupdata[$i]['group_id'].'" />'; } else { $row_private .= '-'; } $row_private .= '</td>'; $row_private .= '<td width="20%" class="'.$row_color.'" align="center">'; if ( $this->block_info['auth_edit'] == AUTH_ACL ) { $edit_checked = in_array($groupdata[$i]['group_id'], $edit_groups) ? 'checked="checked"' : ''; $row_private .= '<input name="edit[]" type="checkbox" ' . $edit_checked . 'value="'.$groupdata[$i]['group_id'].'" />'; } else { $row_private .= '-'; } $row_private .= '</td>'; $row_private .= '<td width="20%" class="'.$row_color.'" align="center">'; $row_private .= '<input name="moderator[]" type="checkbox" '. (( in_array($groupdata[$i]['group_id'], $moderator_groups) ) ? 'checked="checked"' : '') . '" value="'.$groupdata[$i]['group_id'].'" />'; $row_private .= '</td>'; $row_private .= '</tr>'; } $blockcptemplate->assign_block_vars('blockcp_permissions.grouprows', array( 'GROUP_ROWS' => $row_private )); } // // Load and display additional blockcp panels (if any) // $this->get_blockcp_panels($block_id); // // Load and display additional blockcp parameters (if any) // if (!empty($this->block_parameters)) { $this->get_blockcp_parameters($block_id); } return $template; } /* function _get_parameter_option($parameter_id, $id) { global $db; $table = PARAMETER_OPTION_TABLE; $idfield = 'option_code'; $namefield = 'option_desc'; $sql = "SELECT * FROM " . $table; $sql .= " WHERE parameter_id = $parameter_id"; $sql .= " ORDER BY $namefield "; if( !($result = $db->sql_query($sql)) ) { mx_message_die(GENERAL_ERROR, "Couldn't get list options parameter", "", __LINE__, __FILE__, $sql); } $column_list = ''; while( $row = $db->sql_fetchrow($result) ) { $s = ''; if( $row[$idfield] == $id ) { $s = " selected=\"selected\""; } $columnlist .= "<option value=\"$row[$idfield]\"$s>" . $row[$namefield] . "</option>\n"; } return $columnlist; } */ function _do_update($block_id) { global $template, $lang, $phpEx, $db, $board_config, $theme, $HTTP_POST_VARS, $portalpage, $phpbb_root_path, $mx_root_path, $phpEx; while( list($param_id, $param_value) = each($HTTP_POST_VARS) ) { if( !( $param_id == 'mode' || $param_id == 'submit' || $param_id == 'block_title' || $param_id == 'block_desc' || $param_id == 'show_block' ) ) { if( is_array($param_value) ) { $param_value = implode(',' , $param_value); } $param_info = get_info(PARAMETER_TABLE, 'parameter_id', intval($param_id)); if( $param_info['parameter_type'] == 'BBText' ) { $bbcode_uid = make_bbcode_uid(); $param_value = prepare_message($param_value, true, true, true, $bbcode_uid); } $sql = "UPDATE " . BLOCK_SYSTEM_PARAMETER_TABLE . " SET parameter_value = '$param_value', bbcode_uid = '$bbcode_uid' WHERE block_id = '$block_id' AND parameter_id = '$param_id'"; if( !($db->sql_query($sql)) ) { mx_message_die(GENERAL_ERROR, "Couldn't update system parameter table", "", __LINE__, __FILE__, $sql); } } } $block_title = ( isset($HTTP_POST_VARS['block_title']) ) ? trim(strip_tags($HTTP_POST_VARS['block_title'])) : $block_config[$block_id]['block_title']; $block_desc = trim(strip_tags($HTTP_POST_VARS['block_desc'])); $show_block = intval($HTTP_POST_VARS['show_block']); $show_title = intval($HTTP_POST_VARS['show_title']); $show_stats = intval($HTTP_POST_VARS['show_stats']); $block_time = time(); $block_editor_id = $userdata['user_id']; $sql = "UPDATE " . BLOCK_TABLE . " SET block_title = '" . str_replace("\'", "''", $block_title) . "', block_desc = '" . str_replace("\'", "''", $block_desc) . "', block_time = '" . str_replace("\'", "''", $block_time) . "', block_editor_id = '" . intval($block_editor_id) . "', show_block = '" . intval($show_block) . "', show_title = '" . intval($show_title) . "', show_stats = '" . intval($show_stats) . "' WHERE block_id = $block_id"; if( !($result = $db->sql_query($sql, BEGIN_TRANSACTION)) ) { mx_message_die(GENERAL_ERROR, "Could not update block title information.", "", __LINE__, __FILE__, $sql); } // // Update cache // update_session_cache($block_id); if( !empty($portalpage) ) { $message = $lang['Portal_Config_updated'] . "<br /><br />" . sprintf($lang['Click_return_portal_config'], '<a href="' . append_sid(PORTAL_URL . "index.$phpEx?page=$portalpage") . '">', '</a>') . "<br /><br />" . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.php?pane=right" ) . '">', '</a>'); } else { $message = $lang['Portal_Config_updated'] . "<br /><br />" . sprintf($lang['Click_return_portal_config'], '<a href="' . append_sid("admin_mx_block.$phpEx") . '">', '</a>') . "<br /><br />" . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.php?pane=right") . '">', '</a>'); } mx_message_die(GENERAL_MESSAGE, $message); } // ------------------------------ // Public Methods // // // $action: MX_ADD, MX_EDIT // $type: MX_MODULE, MX_BLOCK, MX_BLOCK_SETTINGS, MX_FUNCTION, MX_PARAMETER, MX_PAGE, MX_PAGE_COLUMN, MX_PAGE_ITEM // function generate_cp( $id = '', $new_block = false ) { $action = $new_block ? MX_ADD : MX_EDIT; switch ( $action ) { case MX_ADD: $function_id = $id; $this->_controlpanel($function_id, $new_block ); break; case MX_EDIT: $block_id = $id; $this->_controlpanel($block_id, $new_block ); break; } } // // $action: MX_DO_INSERT, MX_DO_UPDATE, MX_DO_DELETE, MX_DO_SAVE_SETTINGS // function submit( $action = '', $id = 0, $parent = false, $recache = true ) { $mx_status = ''; switch ( $action ) { case MX_DO_INSERT: $mx_status = $this->_do_insert( $id ); break; case MX_DO_UPDATE: $mx_status = $this->_do_update( $id ); break; case MX_DO_DELETE: $mx_status = $this->_do_delete( $id, $parent, $recache ); break; } if (!empty($mx_status)) { //mx_message_die( GENERAL_MESSAGE, $message ); return $mx_status; } } } // class mx_blockcp ?> --- NEW FILE: mx_functions_core.php --- <?php /** ------------------------------------------------------------------------ * subject : mx-portal, CMS & portal * begin : june, 2002 * copyright : (C) 2002-2005 MX-System * email : jon...@ho... * project site : www.mx-system.com * * description : * ------------------------------------------------------------------------- * * $Id: mx_functions_core.php,v 1.1 2005/08/20 18:19:11 jonohlsson Exp $ */ /** * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. [...1732 lines suppressed...] } function update_session_cache( $id = '' ) { global $mx_cache; if ($id == MX_ALL_BLOCKS) { $mx_cache->update( MX_ALL_BLOCKS ); } else if ($id == MX_ALL_PAGES) { $mx_cache->update( MX_ALL_PAGES ); } else { $mx_cache->update( MX_BLOCK, $id ); } } ?> Index: mx_functions_phpbb.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/mx_functions_phpbb.php,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** mx_functions_phpbb.php 25 Apr 2005 23:56:08 -0000 1.9 --- mx_functions_phpbb.php 20 Aug 2005 18:19:11 -0000 1.10 *************** *** 33,36 **** --- 33,41 ---- */ + if ( !defined( 'IN_PORTAL' ) ) + { + die( "Hacking attempt" ); + } + // // Hacking smilies_pass from phpbb/includes/bbcode.php --- mx_admincp.php DELETED --- --- NEW FILE: mx_functions_parameter.php --- <?php /** * mx_functions_parameter.php * ------------------- * begin : Saturday, Feb 13, 2001 * copyright : (C) 2001 The phpBB Group, 2005 mxBB * email : jon...@ho... * * $Id: mx_functions_parameter.php,v 1.1 2005/08/20 18:19:11 jonohlsson Exp $ */ /** * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. */ if ( !defined( 'IN_PORTAL' ) ) { die( "Hacking attempt" ); } ?> --- mx_auth.php DELETED --- Index: template.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/template.php,v retrieving revision 1.12 retrieving revision 1.13 diff -C2 -d -r1.12 -r1.13 *** template.php 1 May 2005 19:46:54 -0000 1.12 --- template.php 20 Aug 2005 18:19:11 -0000 1.13 *************** *** 19,22 **** --- 19,39 ---- */ + if ( !defined( 'IN_PORTAL' ) ) + { + die( "Hacking attempt" ); + } + + /********************************************************************************\ + | Class: mx_Template + | The mx_Template class extends the native phpBB Template class, in reality only redefining the make_filename method. + | Thus modded phpBB templates (eg eXtreme Styles MOD) will also be available for mxBB. + | + | + | // + | // Usage examples: + | // + | + | Nothing new... + \********************************************************************************/ // Index: mx_form.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/mx_form.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** mx_form.php 9 Jan 2005 21:55:44 -0000 1.4 --- mx_form.php 20 Aug 2005 18:19:11 -0000 1.5 *************** *** 19,22 **** --- 19,27 ---- */ + if ( !defined( 'IN_PORTAL' ) ) + { + die( "Hacking attempt" ); + } + class form { --- NEW FILE: mx_functions_admincp.php --- <?php /** ------------------------------------------------------------------------ * subject : mx-portal, CMS & portal * begin : june, 2002 * copyright : (C) 2002-2005 MX-System * email : jon...@ho... * project site : www.mx-system.com * * description : * ------------------------------------------------------------------------- * * $Id: mx_functions_admincp.php,v 1.1 2005/08/20 18:19:11 jonohlsson Exp $ */ /** * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License', or * ('at your option) any later version. [...1679 lines suppressed...] case MX_DO_UPGRADE: // GET VARS $message = $this->_do_upgrade($mode); break; case MX_DO_EXPORT: // GET VARS $message = $this->_do_export($mode); break; } if (!empty($message)) { return $message; } } } // class mx_admin ?> --- mx_cache.php DELETED --- Index: mx_functions.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/mx_functions.php,v retrieving revision 1.43 retrieving revision 1.44 diff -C2 -d -r1.43 -r1.44 *** mx_functions.php 1 May 2005 16:02:12 -0000 1.43 --- mx_functions.php 20 Aug 2005 18:19:11 -0000 1.44 *************** *** 48,51 **** --- 48,56 ---- */ + if ( !defined( 'IN_PORTAL' ) ) + { + die( "Hacking attempt" ); + } + /********************************************************************************\ | [...1088 lines suppressed...] - // Note: _x and _y are used by (at least IE) to return the mouse position at onclick of INPUT TYPE="img" elements. - return ( isset($HTTP_POST_VARS[$var]) || ( isset($HTTP_POST_VARS[$var.'_x']) && isset($HTTP_POST_VARS[$var.'_y']) ) ); - } - function is_get($var) - { - global $HTTP_GET_VARS; - return ( isset($HTTP_GET_VARS[$var]) ); - } - function is_request($var) - { - return ( $this->is_get($var) || $this->is_post($var) ); - } - - } // class mx_request_vars - - - ?> \ No newline at end of file --- 1526,1528 ---- |
