Update of /cvsroot/php-blog/serendipity
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv29447
Modified Files:
compat.php rss.php serendipity_admin_category.inc.php
serendipity_admin_images.inc.php
serendipity_admin_installer.inc.php
serendipity_admin_templates.inc.php serendipity_config.inc.php
serendipity_entries.php serendipity_functions.inc.php
serendipity_functions_config.inc.php
serendipity_functions_images.inc.php
serendipity_functions_installer.inc.php
Added Files:
serendipity_admin_users.inc.php
Removed Files:
serendipity_config_local.tpl
Log Message:
multi-user #5
Index: serendipity_admin_installer.inc.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/serendipity_admin_installer.inc.php,v
retrieving revision 1.59
retrieving revision 1.60
diff -u -d -r1.59 -r1.60
--- serendipity_admin_installer.inc.php 21 Mar 2004 16:35:31 -0000 1.59
+++ serendipity_admin_installer.inc.php 4 Apr 2004 16:24:46 -0000 1.60
@@ -6,515 +6,12 @@
require_once($serendipity['serendipityPath'] . 'serendipity_config.inc.php');
require_once(S9Y_INCLUDE_PATH . 'serendipity_functions_installer.inc.php');
-define('S9Y_CONFIG_TEMPLATE', S9Y_INCLUDE_PATH . 'serendipity_config_local.tpl');
-
-function serendipity_query_default($optname, $default) {
- switch ($optname) {
- case 'serendipityPath':
- return $_SERVER['DOCUMENT_ROOT'] . rtrim(dirname($_SERVER['PHP_SELF']), '/') . '/';
-
- case 'serendipityHTTPPath':
- return rtrim(dirname($_SERVER['PHP_SELF']), '/') .'/';
-
- case 'baseURL':
- $ssl = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on';
- $port = $_SERVER['SERVER_PORT'];
-
- return sprintf('http%s://%s%s%s',
-
- $ssl ? 's' : '',
- preg_replace('@^([^:]+):?.*$@', '\1', $_SERVER['HTTP_HOST']),
- (($ssl && $port != 443) || (!$ssl && $port != 80)) ? (':' . $port) : '',
- rtrim(dirname($_SERVER['PHP_SELF']), '/') .'/'
- );
-
- case 'convert':
- if (isset($_EVN['PATH'])) {
- $path = explode(':', $_ENV['PATH']);
- } else {
- $path = '';
- }
-
- /* add some other possible locations to the path while we are at it,
- * as these are not always included in the apache path */
- $path[] = '/usr/X11R6/bin';
- $path[] = '/usr/bin';
-
- foreach ($path as $dir) {
- if (function_exists('is_executable') && @is_executable($dir . '/convert') || @is_file($dir . '/convert')) {
- return $dir . '/convert';
- }
- }
- return $default;
-
- default:
- return $default;
- }
-}
-
-function serendipity_parseTemplate($n, $raw = false) {
- global $serendipity;
- $config = array();
-
- $t = file($n, 1);
- for ($x=0; $x<count($t); $x++) {
- $l = $t[$x];
- $l = trim($l);
-
- if ($l != '') {
- switch ($l[0]) {
-
- // New Configure section
- case '/':
- if ($l[1] == '/') {
- $current = trim(substr($l, 2));
- $config['categories'][$current] = array();
- }
- break;
-
- case '#':
- $config['descriptions'][$current] = trim(substr($l, 1));
- break;
-
- // A configure option
- case '$':
- // Grep out the name, type and default
- preg_match('#\{([^|]+\|[^|]+\|([^}]+)?)\}[^/]+/{2}(.+)#msi', $l, $match);
- $c = explode('|', $match[1]);
- $cdef = serendipity_query_default($c[1], $c[3]);
- $config['categories'][$current][] = $configRaw[] = array(
- 'longname' => $c[0],
- 'name' => $c[1],
- 'type' => $c[2],
- 'default' => $cdef,
- 'distdefault' => $c[3],
- 'desc' => $match[3]
- );
- break;
- }
- }
- }
-
- if ($raw) {
- return $configRaw;
- } else {
- return $config;
- }
-}
-
-function serendipity_guessInput($type, $name, $value='', $default='') {
-global $serendipity;
-
- if ($name == 'rewrite' && $default == $value && isset($serendipity['rewrite_default']) && $serendipity['rewrite_default'] != '') {
- $value = $serendipity['rewrite_default'];
- }
-
- switch ($type) {
- case 'bool' :
- $value = serendipity_get_bool($value);
- echo '<input id="radio_cfg_' . $name . '_yes" type="radio" name="' . $name . '" value="true" ';
- echo (($value == true) ? 'checked="checked"' : ''). ' /><label for="radio_cfg_' . $name . '_yes"> ' . YES . '</label> ';
- echo '<input id="radio_cfg_' . $name . '_no" type="radio" name="' . $name . '" value="false" ';
- echo (($value == true) ? '' : 'checked="checked"'). ' /><label for="radio_cfg_' . $name . '_no"> ' . NO . '</label>';
- break;
-
- case 'protected' :
- echo '<input type="password" size="30" name="' . $name . '" value="' . htmlentities($value) . '" />';
- break;
- case 'list' :
- preg_match_all("/([^\=]+)\=\>([^\,]+)\,?/i", $default, $res);
- echo '<select name="'. $name .'">';
- for ($x=0; $x<sizeof($res[1]); $x++) {
- printf('<option value="%s"%s>%s</option>'. "\n",
- $res[1][$x],
- (($res[1][$x] == $value) ? ' selected="selected"' : ''),
- $res[2][$x]);
- }
- echo '</select>';
- break;
- default :
- echo '<input type="text" size="30" name="' . $name . '" value="' . htmlentities($value) . '" />';
- break;
- }
-}
-
-function serendipity_printConfigTemplate($t, $from = false) {
- global $serendipity;
-
- if (!isset($serendipity['XHTML11'])) {
- $serendipity['XHTML11'] = FALSE;
- }
-
- // If not yet installed, do some magic:
- $abort = false;
- if (IS_installed !== true) {
- $old_htaccess = @file_get_contents('./.htaccess');
- $fp = @fopen('./.htaccess', 'w');
- $serendipity_root = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']);
-
- if (!$fp) {
- printf(HTACCESS_ERROR,
- '<b>chmod go+rwx ' . getcwd() . '/</b>'
- );
- $abort = true;
- } else {
- fwrite($fp, 'ErrorDocument 404 ' . $serendipity_root . 'index.php');
- fclose($fp);
-
- // Do a request on a nonexistant file to see, if our htaccess allows ErrorDocument
- $sock = fsockopen(preg_replace('@^([^:]+):?.*$@', '\1', $_SERVER['HTTP_HOST']), $_SERVER['SERVER_PORT'], $errorno, $errorstring, 10);
- $response = '';
-
- if ($sock) {
- fputs($sock, "GET {$_SERVER['REQUEST_URI']}nonexistant HTTP/1.0\n\n");
- while (!feof($sock) && strlen($response) < 4096) {
- $response .= fgets($sock, 400);
- }
- fclose($sock);
- }
-
- if (preg_match('@^HTTP/\d\.\d 200@', $response)) {
- $serendipity['rewrite_default'] = 'errordocs';
- } else {
- $serendipity['rewrite_default'] = 'none';
- }
-
- if (!empty($old_htacces)) {
- $fp = @fopen('./.htaccess', 'w');
- fwrite($fp, $old_htaccess);
- fclose($fp);
- } else {
- unlink('./.htaccess');
- }
- }
- }
-
- if ($abort === false) {
-?>
-<script type="text/javascript" language="JavaScript">
-function showConfig(id) {
- if (document.getElementById) {
- el = document.getElementById(id);
- if (el.style.display == 'none') {
- document.getElementById('option' + id).src = 'pixel/minus.png';
- el.style.display = '';
- } else {
- document.getElementById('option' + id).src = 'pixel/plus.png';
- el.style.display = 'none';
- }
- }
-}
-
-var state='';
-function showConfigAll(count) {
- if (document.getElementById) {
- for (i = 1; i <= count; i++) {
- document.getElementById('el' + i).style.display = state;
- document.getElementById('optionel' + i).src = 'pixel/' + (state == '' ? 'minus.png' : 'plus.png');
- }
-
- if (state == '') {
- document.getElementById('optionall').src = 'pixel/minus.png';
- state = 'none';
- } else {
- document.getElementById('optionall').src = 'pixel/plus.png';
- state = '';
- }
- }
-}
-</script>
-
-<form action="?" method="POST">
- <div>
- <input type="hidden" name="serendipity[adminModule]" value="installer" />
- <input type="hidden" name="installAction" value="check" />
- <br />
- <div align="right">
- <a style="border:0; text-decoration: none" href="#" onclick="showConfigAll(<?php echo count($t['categories']); ?>)" title="<?php echo TOGGLE_ALL; ?>"><img src="pixel/plus.png" id="optionall" alt="+/-" border="0" /> <?php echo TOGGLE_ALL; ?></a></a><br />
- </div>
-<?php
- $el_count = 0;
- foreach ($t['categories'] as $key => $value) {
- $el_count++;
-?>
- <table width="100%" cellspacing="2">
- <tr>
- <th align="left" colspan="2" style="padding-left: 15px;">
- <a style="border:0; text-decoration: none" href="#" onclick="showConfig('el<?php echo $el_count; ?>'); return false" title="<?php echo TOGGLE_OPTION; ?>"><img src="pixel/plus.png" id="optionel<?php echo $el_count; ?>" alt="+/-" border="0" /> <?php echo $key; ?></a></th>
- </tr>
-
- <tr>
- <td>
- <table width="100%" cellspacing="0" cellpadding="3" style="<?php echo (IS_installed === true ? 'display: none;' : ''); ?>" id="el<?php echo $el_count; ?>">
- <tr>
- <td style="padding-left: 20px;" colspan="2">
- <?php echo $t['descriptions'][$key] ?>
- </td>
- </tr>
-
-
-<?php
- for ($x=0; $x<count($value); $x++) {
- /* If we have a valuelist, then use the value from there */
- if (@is_array($from)) {
- $value[$x]['value'] = $from[$value[$x]['name']];
- }
-
- /* If the value is never assigned in the valuelist, then use our default value */
- if (!isset($from[$value[$x]['name']])) {
- $value[$x]['value'] = $value[$x]['default'];
- }
-?>
- <tr>
- <td style="border-bottom: 1px #000000 solid" align="left" valign="top" width="75%">
- <strong><?php echo $value[$x]['longname']; ?></strong>
- <br />
- <span style="color: #5E7A94; font-size: 8pt;"><?php echo '(' . $value[$x]['type'] . ') ' . $value[$x]['desc']; ?></span>
- </td>
- <td style="border-bottom: 1px #000000 solid; font-size: 8pt" align="left" valign="middle" width="25%">
- <?php echo ($serendipity['XHTML11'] ? '<span style="white-space: nowrap">' : '<nobr>'); ?><?php echo serendipity_guessInput($value[$x]['type'], $value[$x]['name'], $value[$x]['value'], $value[$x]['distdefault']); ?><?php echo ($serendipity['XHTML11'] ? '</span>' : '</nobr>'); ?>
- </td>
- </tr>
-<?php
- }
-?>
- </table><br /><br />
- </td>
- </tr>
- </table>
-<?php
- }
-?>
- <input type="submit" value="<?php echo CHECK_N_SAVE; ?>" />
- </div>
-</form>
-<?php
- }
-}
-
-function serendipity_parse_sql_tables($filename) {
- $in_table = 0;
- $queries = array();
-
- $fp = fopen($filename, 'r', 1);
- if ($fp) {
- while (!@feof($fp)) {
- $line = trim(fgets($fp, 4096));
- if ($in_table) {
- $def .= $line;
- if (preg_match('/^\)\s*(type\=\S+)?\s*\;$/i', $line)) {
- $in_table = 0;
- array_push($queries, $def);
- }
- } else {
- if (preg_match('#^create table \{PREFIX\}\S+\s*\(#i', $line)) {
- $in_table = 1;
- $def = $line;
- }
-
- if (preg_match('#^create\s*(\{fulltext\}|unique)\s*index#i', $line)) {
- array_push($queries, $line);
- }
- }
- }
- fclose($fp);
- }
-
- return $queries;
-}
-
-function serendipity_checkInstallation() {
- global $serendipity, $umask;
-
- $errs = array();
-
- // Check dirs
- if (!is_dir($_POST['serendipityPath'])) {
- $errs[] = sprintf(DIRECTORY_NON_EXISTANT, $_POST['serendipityPath']);
- }
- elseif (!is_writable($_POST['serendipityPath']) ) {
- $errs[] = sprintf(DIRECTORY_WRITE_ERROR, $_POST['serendipityPath']);
- }
- elseif (!is_dir($_POST['serendipityPath'] . $_POST['uploadPath'] ) && @mkdir($_POST['serendipityPath'] . $_POST['uploadPath'], $umask) !== true) {
- $errs[] = sprintf(DIRECTORY_CREATE_ERROR, $_POST['serendipityPath'] . $_POST['uploadPath']);
- }
- elseif (!is_writable($_POST['serendipityPath'] . $_POST['uploadPath'])) {
- $errs[] = sprintf(DIRECTORY_WRITE_ERROR, $_POST['serendipityPath'] . $_POST['uploadPath']);
- $errs[] = sprintf(DIRECTORY_RUN_CMD , 'chmod go+rws', $_POST['serendipityPath'] . $_POST['uploadPath']);
- }
-
- // Attempt to create the archives directory
- if (!is_dir($_POST['serendipityPath'] . PATH_ARCHIVES) && @mkdir($_POST['serendipityPath'] . PATH_ARCHIVES, $umask) !== true) {
- $errs[] = sprintf(DIRECTORY_CREATE_ERROR, $_POST['serendipityPath'] . PATH_ARCHIVES);
- $errs[] = sprintf(DIRECTORY_RUN_CMD , 'mkdir' , $_POST['serendipityPath'] . PATH_ARCHIVES);
- $errs[] = sprintf(DIRECTORY_RUN_CMD , 'chmod go+rwx', $_POST['serendipityPath'] . PATH_ARCHIVES);
- }
-
- // plugins directory now part of basic CVS
-
- // Check imagick
- if ($_POST['magick'] == 'true' && !@is_executable($_POST['convert'])) {
- $errs[] = sprintf(CANT_EXECUTE_BINARY, 'convert imagemagick');
- }
-
- $serendipity['dbType'] = $_POST['dbType'];
- // Probe database
- // (do it after the dir stuff, as we need to be able to create the sqlite database)
- @include_once($_POST['serendipityPath'] . 'serendipity_db.inc.php');
- // For shared installations, probe the file on include path
- @include_once(S9Y_INCLUDE_PATH . 'serendipity_db.inc.php');
-
- if (S9Y_DB_INCLUDED) {
- serendipity_db_probe($_POST, $errs);
- }
-
- return (count($errs) > 0 ? $errs : '');
-}
-
-function serendipity_installDatabase() {
- global $serendipity;
-
- /* Try and check if the database/tables are already installed,
- if they are... exit the function */
- echo CHECK_DATABASE_EXISTS;
- $t = serendipity_db_query("SELECT * FROM {$_POST['dbPrefix']}authors");
- echo ' ' . DONE . '<br />';
-
- if (is_array($t)) {
- return false;
- }
-
- echo CREATE_DATABASE;
- // Create tables
- $queries = serendipity_parse_sql_tables($serendipity['serendipityPath'] . 'sql/db.sql');
- $queries = str_replace('{PREFIX}', $_POST['dbPrefix'], $queries);
-
- foreach ($queries as $query) {
- serendipity_db_schema_import($query);
- }
-
- if ($_POST['want_mail'] == true) {
- $mail_comments = 1;
- } else {
- $mail_comments = 0;
- }
- echo ' ' . DONE . '<br />';
-
- /*
- ------------- Install main author ------------
- */
- $enc_pass = md5($_POST['pass']);
- $query = "INSERT INTO {$_POST['dbPrefix']}authors (
- username,
- password,
- email,
- mail_comments
- )
- VALUES (
- '{$_POST['user']}',
- '$enc_pass',
- '{$_POST['email']}',
- $mail_comments
- )";
- serendipity_db_query($query);
-
- include_once S9Y_INCLUDE_PATH . 'serendipity_functions_config.inc.php';
-
- $serendipity['dbPrefix'] = $_POST['dbPrefix'];
- serendipity_set_config_var('template', 'default');
-
- $text = serendipity_db_escape_string(file_get_contents(S9Y_INCLUDE_PATH . 'serendipity.css'));
- $query = "INSERT into {$_POST['dbPrefix']}css (name, data) values ('default', '$text')";
- return serendipity_db_query($query);
-}
-
-function serendipity_installFiles() {
- global $serendipity;
-
- $htaccess = @file_get_contents('./.htaccess');
-
- if ($_POST['rewrite'] == 'rewrite') {
- $template = 'htaccess.rewrite.tpl';
- } elseif ($_POST['rewrite'] == 'errordocs') {
- $template = 'htaccess.errordocs.tpl';
- } else {
- $template = 'htaccess.normal.tpl';
- }
-
- if (!($a = file($serendipity['serendipityPath'] . $template, 1))) {
- $err[] = ERROR_TEMPLATE_FILE;
- }
-
- $fp = @fopen('./.htaccess', 'w');
-
- $content = str_replace(
- array(
- '{PREFIX}',
- '{indexFile}',
- '{PAT_UNSUBSCRIBE}', '{PATH_UNSUBSCRIBE}',
- '{PAT_ARCHIVES}', '{PATH_ARCHIVES}',
- '{PAT_ARCHIVES_SHORT}',
- '{PAT_FEEDS}', '{PATH_FEEDS}',
- '{PAT_FEED}',
- '{PAT_ADMIN}', '{PATH_ADMIN}',
- '{PAT_ENTRIES}', '{PATH_ENTRIES}',
- '{PAT_ARCHIVE}', '{PATH_ARCHIVE}',
- '{PAT_CATEGORIES}', '{PATH_CATEGORIES}',
- ),
-
- array(
- $_POST['serendipityHTTPPath'],
- $_POST['indexFile'],
- trim(PAT_UNSUBSCRIBE, '@/i'), PATH_UNSUBSCRIBE,
- trim(PAT_ARCHIVES, '@/i'), PATH_ARCHIVES,
- trim(PAT_ARCHIVES_SHORT, '@/i'),
- trim(PAT_FEEDS, '@/i'), PATH_FEEDS,
- trim(PAT_FEED, '@/i'),
- trim(PAT_ADMIN, '@/i'), PATH_ADMIN,
- trim(PAT_ENTRIES, '@/i'), PATH_ENTRIES,
- trim(PAT_ARCHIVE, '@/i'), PATH_ARCHIVE,
- trim(PAT_CATEGORIES, '@/i'), PATH_CATEGORIES,
- ),
-
- implode('', $a)
- );
-
- if (!$fp) {
- $errs[] = sprintf(FILE_WRITE_ERROR, '.htaccess') . ' ' . FILE_CREATE_YOURSELF;
- $errs[] = sprintf(COPY_CODE_BELOW , '.htaccess', 'serendipity', htmlspecialchars($content));
- return $errs;
- } else {
- // Check if an old htaccess file existed and try to preserve its contents. Otherwise completely wipe the file.
- if ($htaccess != '' && preg_match('@^(.*)#\s+BEGIN\s+s9y.*#\s+END\s+s9y(.*)$@isU', $htaccess, $match)) {
- // Code outside from s9y-code was found.
- fwrite($fp, $match[1] . $content . $match[2]);
- } else {
- fwrite($fp, $content);
- }
- fclose($fp);
- return true;
- }
-
-}
-
-function serendipity_updateConfiguration() {
- global $serendipity, $umask;
-
- // Save all basic config variables to the database
- $p = serendipity_parseTemplate(S9Y_CONFIG_TEMPLATE, true);
-
- foreach($p as $key => $entry) {
- serendipity_set_config_var($entry['name'], $_POST[$entry['name']]);
- }
-
- return serendipity_updateLocalConfig($_POST['dbName'],
- $_POST['dbPrefix'],
- $_POST['dbHost'],
- $_POST['dbUser'],
- $_POST['dbPass'],
- $_POST['dbType'],
- 'serendipity_config_local.inc.php',
- $_POST['serendipityPath']);
+if (isset($serendipity['lang']) && !empty($serendipity['lang']) && file_exists(S9Y_INCLUDE_PATH . 'lang/serendipity_config_local_' . $serendipity['lang'] . '.tpl')) {
+ define('S9Y_CONFIG_TEMPLATE', S9Y_INCLUDE_PATH . 'lang/serendipity_config_local_' . $serendipity['lang'] . '.tpl');
+ define('S9Y_CONFIG_USERTEMPLATE', S9Y_INCLUDE_PATH . 'lang/serendipity_config_user_' . $serendipity['lang'] . '.tpl');
+} else {
+ define('S9Y_CONFIG_TEMPLATE', S9Y_INCLUDE_PATH . 'lang/serendipity_config_local_en.tpl');
+ define('S9Y_CONFIG_USERTEMPLATE', S9Y_INCLUDE_PATH . 'lang/serendipity_config_user_en.tpl');
}
if (!isset($_POST['installAction'])) {
@@ -594,7 +91,7 @@
echo '<span style="color: #FF0000">- ' . implode('<br />', $res) . '</span><br /><br />';
} else {
/* If we have new rewrite rules, then install them */
- if ($serendipity['rewrite'] != $_POST['rewrite']) {
+ if (isset($_POST['rewrite']) && $serendipity['serendipityUserLevel'] >= USERLEVEL_ADMIN && $serendipity['rewrite'] != $_POST['rewrite']) {
printf(ATTEMPT_WRITE_FILE, '.htaccess');
$res = serendipity_installFiles();
if (is_array($res)) {
@@ -622,7 +119,14 @@
$from = false;
}
- serendipity_printConfigTemplate(serendipity_parseTemplate(S9Y_CONFIG_TEMPLATE), $from);
+ $t = serendipity_parseTemplate(S9Y_CONFIG_TEMPLATE);
+
+ // If s9y is installed, append the current userconfiguration
+ if (IS_installed === true) {
+ $t = serendipity_parseTemplate(S9Y_CONFIG_USERTEMPLATE, false, &$t);
+ }
+
+ serendipity_printConfigTemplate($t, $from);
}
/* vim: set sts=4 ts=4 expandtab : */
Index: serendipity_admin_templates.inc.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/serendipity_admin_templates.inc.php,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- serendipity_admin_templates.inc.php 5 Aug 2003 14:07:40 -0000 1.4
+++ serendipity_admin_templates.inc.php 4 Apr 2004 16:24:46 -0000 1.5
@@ -4,6 +4,10 @@
die ("Don't hack!");
}
+if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF) {
+ return;
+}
+
if ($serendipity['GET']['adminAction'] == 'save' ) {
serendipity_saveTemplateSelection($serendipity['POST']['theme']);
}
Index: serendipity_entries.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/serendipity_entries.php,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -d -r1.27 -r1.28
--- serendipity_entries.php 26 Mar 2004 16:47:22 -0000 1.27
+++ serendipity_entries.php 4 Apr 2004 16:24:47 -0000 1.28
@@ -42,7 +42,7 @@
<?php
}
?>
-
+ <h2>[<?php printf(USER_SELF_INFO, $serendipity['authorid'], $serendipity['serendipityUser'], $serendipity['serendipityUserlevel']); ?>]</h2>
</div>
<table id="mainpane">
Index: serendipity_admin_images.inc.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/serendipity_admin_images.inc.php,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -d -r1.20 -r1.21
--- serendipity_admin_images.inc.php 3 Apr 2004 17:36:16 -0000 1.20
+++ serendipity_admin_images.inc.php 4 Apr 2004 16:24:46 -0000 1.21
@@ -40,6 +40,11 @@
case 'delete':
$file = serendipity_fetchImageFromDatabase($serendipity['GET']['fid']);
+
+ if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid']) {
+ return;
+ }
+
$abortLoc = $serendipity['serendipityHTTPPath'] . 'serendipity_entries.php?serendipity[adminModule]=images';
$newLoc = $abortLoc . '&serendipity[adminAction]=DoDelete&serendipity[fid]=' . $serendipity['GET']['fid'];
@@ -57,6 +62,11 @@
case 'rename':
$file = serendipity_fetchImageFromDatabase($serendipity['GET']['fid']);
+
+ if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid']) {
+ return;
+ }
+
$newfile = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $serendipity['GET']['newname'] . '.' . $file['extension'];
$oldfile = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $file['name'] . '.'. $file['extension'];
if ($serendipity['GET']['newname'] != '' && file_exists($oldfile) && !file_exists($newfile)) {
@@ -95,6 +105,8 @@
<br /><br />
<?php
+ $authorid = (isset($serendipity['POST']['all_authors']) && $serendipity['POST']['all_authors'] == 'true') ? '0' : $serendipity['authorid'];
+
// First find out whether to fetch a file or accept an upload
if ($serendipity['POST']['imageurl'] != '' && $serendipity['POST']['imageurl'] != 'http://') {
if (!empty($serendipity['POST']['target_filename'])) {
@@ -119,7 +131,7 @@
printf(FILE_FETCHED . '<br />', $serendipity['POST']['imageurl'], $tfile);
// Create thumbnail
- serendipity_makeThumbnail($tfile);
+ serendipity_makeThumbnail($tfile, false, $authorid);
echo THUMB_CREATED_DONE . '<br />';
}
}
@@ -142,7 +154,7 @@
@chmod($target, 0664);
// Create thumbnail
- serendipity_makeThumbnail($tfile);
+ serendipity_makeThumbnail($tfile, false, $authorid);
echo THUMB_CREATED_DONE . '<br />';
} else {
echo ERROR_UNKNOWN_NOUPLOAD . '<br />';
@@ -194,7 +206,7 @@
</tr>
<tr>
- <td align="right" colspan="2"><input type="submit" value="<?php echo GO; ?>" /></td>
+ <td align="right" colspan="2"><input type="checkbox" name="serendipity[all_authors]" value="true" checked="checked" id="all_authors" /><label for="all_authors"><?php echo ALL_AUTHORS; ?></label> <input type="submit" value="<?php echo GO; ?>" /></td>
</tr>
</table>
</div>
@@ -204,6 +216,11 @@
case 'scale':
$file = serendipity_fetchImageFromDatabase($serendipity['GET']['fid']);
+
+ if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid']) {
+ return;
+ }
+
printf(
SCALING_IMAGE . '<br />',
@@ -224,6 +241,11 @@
case 'scaleSelect':
$file = serendipity_fetchImageFromDatabase($serendipity['GET']['fid']);
+
+ if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid']) {
+ return;
+ }
+
$s = getimagesize($serendipity['serendipityPath'] . $serendipity['uploadPath'] . '/' . $file['name'] .'.'. $file['extension']);
?>
<script type="text/javascript" language="javascript">
Index: serendipity_functions.inc.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/serendipity_functions.inc.php,v
retrieving revision 1.248
retrieving revision 1.249
diff -u -d -r1.248 -r1.249
--- serendipity_functions.inc.php 2 Apr 2004 12:34:58 -0000 1.248
+++ serendipity_functions.inc.php 4 Apr 2004 16:24:47 -0000 1.249
@@ -29,8 +29,7 @@
}
if (serendipity_authenticate_author($serendipity['POST']['user'], $serendipity['POST']['pass'])) {
-
- if ( empty($serendipity['POST']['auto']) ) {
+ if (empty($serendipity['POST']['auto'])) {
serendipity_deleteCookie('author_information');
return false;
} else {
@@ -41,7 +40,7 @@
}
} elseif ( isset($serendipity['COOKIE']['author_information']) ) {
$cookie = unserialize(base64_decode($serendipity['COOKIE']['author_information']));
- if ( serendipity_authenticate_author($cookie['username'], $cookie['password']) ) {
+ if (serendipity_authenticate_author($cookie['username'], $cookie['password'])) {
return true;
} else {
serendipity_deleteCookie('author_information');
@@ -98,7 +97,7 @@
global $serendipity;
$directories = array(
- (isset($serendipity['CONFIG']) ? $serendipity['CONFIG']['template'] . '/' : ''),
+ (isset($serendipity['template']) ? $serendipity['template'] . '/' : ''),
'default/'
);
@@ -597,6 +596,14 @@
}
}
+ if (isset($serendipity['GET']['adminModule']) && $serendipity['GET']['adminModule'] == 'entries' && $serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF) {
+ if (!empty($and)) {
+ $and .= " AND e.authorid = '" . $serendipity['authorid'] . "'";
+ } else {
+ $and = "WHERE e.authorid = '" . $serendipity['authorid'] . "'";
+ }
+ }
+
$query = "SELECT
e.id,
e.title,
@@ -646,6 +653,11 @@
if ($fetchDrafts == 'false') {
$drafts = "AND isdraft = 'false'";
}
+
+ $admin = '';
+ if (isset($serendipity['GET']['adminModule']) && $serendipity['GET']['adminModule'] == 'entries' && $serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF) {
+ $admin = " AND e.authorid = '" . $serendipity['authorid'] . "'";
+ }
$querystring = "SELECT
*,
@@ -661,6 +673,7 @@
WHERE
a.authorid = e.authorid
AND $key LIKE $val
+ $admin
$drafts
LIMIT 1";
@@ -674,20 +687,32 @@
global $serendipity;
if (!isset($authorid) || $authorid === null) {
- $authorid = (isset($serendipity['authorid']) ? $serendipity['authorid'] : 1);
+ $authorid = ((isset($serendipity['authorid']) && !empty($serendipity['GET']['adminModule'])) ? $serendipity['authorid'] : 1);
}
if ($authorid != 'all') {
- $where = "WHERE authorid = $authorid";
+ $where = " AND (authorid = $authorid OR authorid = 0)";
} else {
$where = '';
}
- $querystring = "SELECT * FROM {$serendipity['dbPrefix']}category $where ORDER BY category_name";
+ $querystring = "SELECT c.*, a.username FROM {$serendipity['dbPrefix']}category AS c LEFT OUTER JOIN {$serendipity['dbPrefix']}authors AS a ON c.authorid = a.authorid $where ORDER BY category_name";
return serendipity_db_query($querystring);
}
+function serendipity_fetchUsers($user = '') {
+ global $serendipity;
+
+ $where = '';
+ if (!empty($user)) {
+ $where = 'WHERE authorid = ' . serendipity_db_escape_string($user);
+ }
+
+ $querystring = "SELECT * FROM {$serendipity['dbPrefix']}authors $where ORDER BY username ASC";
+
+ return serendipity_db_query($querystring);
+}
/**
* Give it a raw searchstring, it'll search
@@ -870,7 +895,7 @@
echo '>' . $label . ' (' . $entry['trackbacks'] . ')</a>';
}
- if ($_SESSION['serendipityAuthedUser'] === true) {
+ if ($_SESSION['serendipityAuthedUser'] === true && ($_SESSION['serendipityUserlevel'] >= USERLEVEL_CHIEF || $_SESSION['serendipityAuthorid'] == $entry['authorid'])) {
echo ' | <a href="' . $serendipity['baseURL'] . 'serendipity_entries.php?serendipity[action]=admin&serendipity[adminModule]=entries&serendipity[adminAction]=edit&serendipity[id]=' . $entry['id'] . '">' . EDIT_ENTRY . '</a>';
}
?>
@@ -982,11 +1007,16 @@
{
global $serendipity;
- if ($_SESSION['serendipityAuthedUser'] === true ) {
- $query = "DELETE FROM {$serendipity['dbPrefix']}comments WHERE entry_id = $entry_id AND id = $id";
+ if ($_SESSION['serendipityAuthedUser'] === true) {
+ $admin = '';
+ if ($_SESSION['serendipityUserlevel'] < USERLEVEL_CHIEF) {
+ $admin = ' AND authorid = ' . $_SESSION['serendipityAuthorid'];
+ }
+
+ $query = "DELETE FROM {$serendipity['dbPrefix']}comments WHERE entry_id = $entry_id AND id = $id $admin";
serendipity_db_query($query);
- $query = "UPDATE {$serendipity['dbPrefix']}entries SET $type = $type-1 WHERE id = $entry_id";
+ $query = "UPDATE {$serendipity['dbPrefix']}entries SET $type = $type-1 WHERE id = $entry_id $admin";
serendipity_db_query($query);
header('Location: '. $_SERVER['HTTP_REFERER']);
} else {
@@ -997,8 +1027,13 @@
function serendipity_allowCommentsToggle($entry_id, $switch = 'disable') {
global $serendipity;
- if ($_SESSION['serendipityAuthedUser'] === true ) {
- $query = "UPDATE {$serendipity['dbPrefix']}entries SET allow_comments = '" . ($switch == 'disable' ? 'false' : 'true') . "' WHERE id = $entry_id";
+ if ($_SESSION['serendipityAuthedUser'] === true) {
+ $admin = '';
+ if ($_SESSION['serendipityUserlevel'] < USERLEVEL_CHIEF) {
+ $admin = ' AND authorid = ' . $_SESSION['serendipityAuthorid'];
+ }
+
+ $query = "UPDATE {$serendipity['dbPrefix']}entries SET allow_comments = '" . ($switch == 'disable' ? 'false' : 'true') . "' WHERE id = $entry_id $admin";
serendipity_db_query($query);
header('Location: '. $_SERVER['HTTP_REFERER']);
} else {
@@ -1011,7 +1046,7 @@
global $serendipity;
if (!empty($limit)) {
- if ( strtolower($serendipity['dbType']) == 'postgres' ) {
+ if (strtolower($serendipity['dbType']) == 'postgres') {
$limit = 'LIMIT ' . join (' OFFSET ', split(',', $limit));
} else {
$limit = 'LIMIT '. $limit;
@@ -1029,6 +1064,7 @@
co.author AS username,
e.title,
e.id AS entryid,
+ e.authorid,
co.id AS commentid,
c.category_name
FROM
@@ -1082,7 +1118,7 @@
foreach ($comments as $comment) {
$x++;
/* Protect submitted mails against spam, by replacing @ with [at]*/
- if ( !empty($comment['email']) ) {
+ if (!empty($comment['email'])) {
$comment['email'] = str_replace('@', '[at]', $comment['email']);
}
@@ -1114,7 +1150,7 @@
/* Show when the entry was made */
echo ' ' . ON . ' ' . ucfirst(strftime('%b %e %Y, %H:%M', $comment['timestamp']));
- if ($show_admin && $_SESSION['serendipityAuthedUser'] === true) {
+ if ($show_admin && $_SESSION['serendipityAuthedUser'] === true && ($_SESSION['serendipityUserlevel'] >= USERLEVEL_CHIEF || $_SESSION['serendipityAuthorid'] == $comment['authorid'])) {
echo ' (<a href="' . $serendipity['baseURL'] . 'comment.php?serendipity[delete]=' . $comment['id'] . '&serendipity[entry]=' . $comment['entry_id'] . '&serendipity[type]=comments">' . DELETE . '</a>)';
}
?>
@@ -1125,7 +1161,7 @@
<?php
}
- if ($show_admin && $_SESSION['serendipityAuthedUser'] === true) {
+ if ($show_admin && $_SESSION['serendipityAuthedUser'] === true && ($_SESSION['serendipityUserlevel'] >= USERLEVEL_CHIEF || $_SESSION['serendipityAuthorid'] == $comment['authorid'])) {
if (!isset($comment)) {
$comment = array('entry_id' => $serendipity['GET']['id']);
}
@@ -1170,7 +1206,7 @@
<b>Weblog: </b> <?php echo strip_tags($name); ?><br />
<b><?php echo TRACKED; ?>: </b> <?php echo date('M d, h:i', $comment['timestamp']); ?>
<?php
- if ($_SESSION["serendipityAuthedUser"] === true) {
+ if ($_SESSION["serendipityAuthedUser"] === true && ($_SESSION['serendipityUserlevel'] >= USERLEVEL_CHIEF || $_SESSION['serendipityAuthorid'] == $comment['authorid'])) {
echo ' (<a href="' . $serendipity['baseURL'] . 'comment.php?serendipity[delete]=' . $comment['id'] . '&serendipity[entry]=' . $comment['entry_id'] . '&serendipity[type]=trackbacks">' . DELETE . '</a>)';
}
?>
@@ -1875,8 +1911,10 @@
$entry['exflag'] = $exflag;
$entry['author'] = $serendipity['user'];
- $entry['authorid'] = $serendipity['authorid'];
-
+ if (!isset($entry['authorid']) || empty($entry['authorid'])) {
+ $entry['authorid'] = $serendipity['authorid'];
+ }
+
if (!is_numeric($entry['id'])) {
/* we need to insert */
@@ -1894,6 +1932,10 @@
$newEntry = 1;
} else {
/* we need to update */
+ if (isset($serendipity['GET']['adminModule']) && $serendipity['GET']['adminModule'] == 'entries' && $serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF && $entry['authorid'] != $serendipity['authorid']) {
+ // Only chiefs and admins can change other's entry. Else update fails.
+ return;
+ }
$res = serendipity_db_update('entries', array('id' => $entry['id']), $entry);
$newEntry = 0;
@@ -1903,7 +1945,7 @@
return $res;
}
- if ( $entry['isdraft'] == 'false' ) {
+ if ($entry['isdraft'] == 'false') {
serendipity_handle_references($entry['id'], $serendipity['blogTitle'], $entry['title'], $entry['body'] . $entry['extended'], $newEntry);
}
@@ -1929,7 +1971,13 @@
}
// Purge the daily/monthly entries so they can be rebuilt
- $result = serendipity_db_query("SELECT timestamp FROM {$serendipity['dbPrefix']}entries WHERE id=$id", true);
+ $result = serendipity_db_query("SELECT timestamp, authorid FROM {$serendipity['dbPrefix']}entries WHERE id=$id", true);
+
+ if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF && $result[1] != $serendipity['authorid']) {
+ // Only admins and chief users can delete entries which do not belong to the author
+ return;
+ }
+
serendipity_purgeEntry($id, $result[0]);
serendipity_db_query("DELETE FROM {$serendipity["dbPrefix"]}entries WHERE id=$id");
@@ -2136,11 +2184,10 @@
function serendipity_authenticate_author($username = '', $password = '', $is_md5 = false) {
global $serendipity;
- if (isset($_SESSION['serendipityUser']) && isset($_SESSION['serendipityPassword']) && isset($_SESSION['serendipityEmail']) && isset($_SESSION['serendipityAuthorid']) && isset($_SESSION['serendipityAuthedUser']) && $_SESSION['serendipityAuthedUser'] == true) {
- $serendipity['serendipityUser'] = $username = $_SESSION['serendipityUser'];
- $serendipity['serendipityEmail'] = $_SESSION['serendipityEmail'];
- $serendipity['authorid'] = $_SESSION['serendipityAuthorid'];
- $serendipity['serendipityPassword'] = $password = $_SESSION['serendipityPassword'];
+ if (isset($_SESSION['serendipityUser']) && isset($_SESSION['serendipityPassword']) && isset($_SESSION['serendipityAuthedUser']) && $_SESSION['serendipityAuthedUser'] == true) {
+ $username = $_SESSION['serendipityUser'];
+ $password = $_SESSION['serendipityPassword'];
+ // For safety reasons when multiple blogs are installed on the same host, we need to check the current author each time to not let him log into a different blog with the same sessiondata
$is_md5 = true;
}
@@ -2150,7 +2197,7 @@
}
$query = "SELECT DISTINCT
- email, authorid
+ email, authorid, userlevel
FROM
$serendipity[dbPrefix]authors
WHERE
@@ -2163,7 +2210,9 @@
$_SESSION['serendipityPassword'] = $serendipity['serendipityPassword'] = $password;
$_SESSION['serendipityEmail'] = $serendipity['serendipityEmail'] = $row['email'];
$_SESSION['serendipityAuthorid'] = $serendipity['authorid'] = $row['authorid'];
+ $_SESSION['serendipityUserlevel'] = $serendipity['serendipityUserlevel'] = $row['userlevel'];
$_SESSION['serendipityAuthedUser'] = $serendipity['serendipityAuthedUser'] = true;
+ serendipity_load_configuration($serendipity['authorid']);
return true;
} else {
$_SESSION['serendipityAuthedUser'] = false;
@@ -2562,6 +2611,29 @@
return $ver;
}
+function serendipity_load_configuration($author = null) {
+ global $serendipity;
+
+ if (!empty($author)) {
+ // Replace default configuration directives with user-relevant data
+ $rows = serendipity_db_query("SELECT name,value
+ FROM {$serendipity['dbPrefix']}config
+ WHERE authorid = $author");
+ } else {
+ // Only get default variables, user-independent (frontend)
+ $rows = serendipity_db_query("SELECT name,value
+ FROM {$serendipity['dbPrefix']}config
+ WHERE authorid = 0");
+ }
+
+ if (is_array($rows)) {
+ foreach ($rows as $row) {
+ // Convert 'true' and 'false' into booleans
+ $serendipity[$row['name']] = serendipity_get_bool($row['value']);
+ }
+ }
+}
+
define("serendipity_FUNCTIONS_LOADED", true);
/* vim: set sts=4 ts=4 expandtab : */
?>
Index: rss.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/rss.php,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -d -r1.23 -r1.24
--- rss.php 2 Apr 2004 09:09:28 -0000 1.23
+++ rss.php 4 Apr 2004 16:24:46 -0000 1.24
@@ -108,7 +108,7 @@
<title>$title</title>
<link>{$serendipity['baseURL']}</link>
<description>$description</description>
-<language>{$serendipity['CONFIG']['lang']}</language>
+<language>{$serendipity['lang']}</language>
{$additional_fields['image']}
HEAD;
@@ -136,7 +136,7 @@
<link>{$serendipity['baseURL']}</link>
<description>$description</description>
<dc:language>{$serendipity['lang']}</dc:language>
- <admin:errorReportsTo rdf:resource="mailto:{$serendipity['CONFIG']['email']}" />
+ <admin:errorReportsTo rdf:resource="mailto:{$serendipity['email']}" />
{$additional_fields['image_rss1.0_channel']}
@@ -167,7 +167,7 @@
<link>{$serendipity['baseURL']}</link>
<description>$description</description>
<dc:language>{$serendipity['lang']}</dc:language>
- <admin:errorReportsTo rdf:resource="mailto:{$serendipity['CONFIG']['email']}" />
+ <admin:errorReportsTo rdf:resource="mailto:{$serendipity['email']}" />
<generator>Serendipity {$serendipity['version']} - http://www.s9y.org/</generator>
{$additional_fields['channel']}
{$additional_fields['image']}
@@ -193,7 +193,7 @@
<modified>$modified</modified>
<generator url="http://www.s9y.org/" version="{$serendipity['version']}">Serendipity {$serendipity['version']} - http://www.s9y.org/</generator>
<dc:language>{$serendipity['lang']}</dc:language>
- <admin:errorReportsTo rdf:resource="mailto:{$serendipity['CONFIG']['email']}" />
+ <admin:errorReportsTo rdf:resource="mailto:{$serendipity['email']}" />
<info mode="xml" type="text/html">
<div xmlns="http://www.w3.org/1999/xhtml">You are viewing an ATOM formatted XML site feed. Usually this file is inteded to be viewed in an aggregator or syndication software. If you want to know more about ATOM, please visist <a href="http://atomenabled.org/">Atomenabled.org</a></div>
</info>
--- NEW FILE: serendipity_admin_users.inc.php ---
<?php # $Id: serendipity_admin_users.inc.php,v 1.1 2004/04/04 16:24:46 garvinhicking Exp $
if (IN_serendipity !== true) {
die ('Don\'t hack!');
}
session_start();
if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF) {
return;
}
require_once(S9Y_INCLUDE_PATH . 'serendipity_functions_installer.inc.php');
define('S9Y_CONFIG_TEMPLATE', S9Y_INCLUDE_PATH . 'lang/serendipity_config_local_' . $serendipity['lang'] . '.tpl');
define('S9Y_CONFIG_USERTEMPLATE', S9Y_INCLUDE_PATH . 'lang/serendipity_config_user_' . $serendipity['lang'] . '.tpl');
/*
* User information
*/
?>
<h3><?php printf(USER_SELF_INFO, $serendipity['authorid'], $serendipity['serendipityUser'], $serendipity['serendipityUserlevel']); ?></h2>
<br />
<?php
/*
* User actions
*/
if (!empty($_POST['DELETE_YES'])) {
$user = serendipity_fetchUsers($serendipity['POST']['user']);
if ($user[0]['userlevel'] >= $serendipity['serendipityUserlevel'] && $serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN) {
echo '<strong>' . CREATE_NOT_AUTHORIZED . '</strong>';
} elseif ($_POST['userlevel'] > $serendipity['serendipityUserlevel']) {
echo '<strong>' . CREATE_NOT_AUTHORIZED_USERLEVEL . '</strong>';
} else {
serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}authos WHERE authorid={$serendipity['POST']['user']}");
printf('<strong>' . DELETED_USER . '</strong>', $serendipity['POST']['user'], $user[0]['username']);
}
}
if (!empty($_POST['SAVE_NEW'])) {
if ($serendipity['POST']['userlevel'] >= $serendipity['serendipityUserlevel'] && $serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN) {
echo '<strong>' . CREATE_NOT_AUTHORIZED . '</strong>';
} else {
$enc_pass = md5($_POST['pass']);
$query = "INSERT INTO {$serendipity['dbPrefix']}authors (
username,
password
)
VALUES (
'{$_POST['username']}',
'$enc_pass'
)";
serendipity_db_query($query);
$serendipity['POST']['user'] = serendipity_db_insert_id();
printf('<strong>' . CREATED_USER . '</strong>', '#' . $serendipity['POST']['user'] . ', ' . $_POST['username']);
}
echo '<br />';
}
if (!empty($_POST['SAVE']) || !empty($_POST['SAVE_NEW'])) {
$user = serendipity_fetchUsers($serendipity['POST']['authorid']);
if ($user[0]['userlevel'] >= $serendipity['serendipityUserlevel'] && $serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN) {
echo '<strong>' . CREATE_NOT_AUTHORIZED . '</strong>';
} elseif ($_POST['userlevel'] > $serendipity['serendipityUserlevel']) {
echo '<strong>' . CREATE_NOT_AUTHORIZED_USERLEVEL . '</strong>';
} else {
$u = serendipity_parseTemplate(S9Y_CONFIG_USERTEMPLATE, true);
foreach($u AS $key => $entry) {
serendipity_set_user_var(
$entry['name'],
$_POST[$entry['name']],
$serendipity['POST']['user'],
($serendipity['authorid'] == $serendipity['POST']['authorid'] ? true : false)
);
}
printf('<strong>' . MODIFIED_USER . '</strong>', $_POST['username']);
}
}
/*
* User chooser
*/
?>
<hr />
<form action="?serendipity[adminModule]=users" method="post">
<table>
<tr>
<th><?php echo EDIT_USERS; ?>:</th>
<td><div>
<select name="serendipity[user]">
<?php
$users = serendipity_fetchUsers();
foreach($users AS $user) {
if ($user['userlevel'] < $serendipity['serendipityUserlevel'] || $user['authorid'] == $serendipity['authorid']) {
?>
<option value="<?php echo $user['authorid']; ?>"<?php echo ($user['authorid'] == $serendipity['POST']['user'] ? ' selected="selected"' : ''); ?>><?php echo htmlentities($user['username']); ?> (<?php printf(USER_LEVEL, $user['userlevel']); ?>) </option>
<?php
}
}
?>
</select></div>
</td>
<td><div>
<input type="submit" name="EDIT" value="<?php echo EDIT; ?>" />
<input type="submit" name="DELETE" value="<?php echo DELETE; ?>" /></div>
</td>
</tr>
<tr>
<th colspan="3"><br />- <?php echo WORD_OR; ?> -<br /><br /></td>
</tr>
<tr>
<th><?php echo CREATE_USERS; ?>:</th>
<td> </td>
<td><div>
<input type="submit" name="NEW" value="<?php echo CREATE_NEW_USER; ?>" />
</td>
</tr>
</table>
</form>
<hr />
<?php
/*
* User editing/creation
*/
if (!empty($_POST['NEW']) || !empty($_POST['EDIT'])) {
?>
<form action="?serendipity[adminModule]=users" method="post">
<div>
<h3>
<?php
if (!empty($_POST['EDIT'])) {
$user = serendipity_fetchUsers($serendipity['POST']['user']);
if ($user[0]['userlevel'] >= $serendipity['serendipityUserlevel']) {
echo '<strong>' . CREATE_NOT_AUTHORIZED . '</strong><br />';
echo CREATE;
$from = array();
} else {
echo EDIT;
$from = &$user[0];
unset($from['password']);
echo '<input type="hidden" name="serendipity[user]" value="' . $from['authorid'] . '" />';
}
} else {
echo CREATE;
$from = array();
}
?>
</h3>
<?php
$t = array();
$t = serendipity_parseTemplate(S9Y_CONFIG_USERTEMPLATE, false, &$t, false);
serendipity_printConfigTemplate($t, $from, true, false);
if (!empty($_POST['EDIT'])) { ?>
<input type="submit" name="SAVE" value="<?php echo SAVE; ?>" />
<?php } else { ?>
<input type="submit" name="SAVE_NEW" value="<?php echo CREATE_NEW_USER; ?>" />
<?php } ?>
</div>
</form>
<?php
} elseif (!empty($_POST['DELETE'])) {
$user = serendipity_fetchUsers($serendipity['POST']['user']);
?>
<form action="?serendipity[adminModule]=users" method="post">
<div>
<?php printf(DELETE_USER, $serendipity['POST']['user'], $user[0]['username']); ?>
<br /><br />
<input type="hidden" name="serendipity[user]" value="<?php echo $serendipity['POST']['user']; ?>" />
<input type="submit" name="DELETE_YES" value="<?php echo DUMP_IT; ?>" />
<input type="submit" name="NO" value="<?php echo NOT_REALLY; ?>" />
</div>
</form>
<?php
}
/* vim: set sts=4 ts=4 expandtab : */
?>
Index: serendipity_config.inc.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/serendipity_config.inc.php,v
retrieving revision 1.63
retrieving revision 1.64
diff -u -d -r1.63 -r1.64
--- serendipity_config.inc.php 4 Apr 2004 15:59:27 -0000 1.63
+++ serendipity_config.inc.php 4 Apr 2004 16:24:46 -0000 1.64
@@ -38,9 +38,9 @@
*/
include($serendipity['serendipityPath'] . 'serendipity_lang.inc.php');
-/* URI paths
+/* URI paths
* These could be defined in the language headers, except that would break
- * backwards URL compatibility
+ * backwards URL compatibility
*/
@define('PATH_ARCHIVES', 'archives');
@define('PATH_ARCHIVE', 'archive');
@@ -50,7 +50,7 @@
@define('PATH_ENTRIES', 'entries');
@define('PATH_CATEGORIES', 'categories');
-/* URI patterns
+/* URI patterns
* Note that it's important to use @ as the pattern delimiter.
*/
@define('PAT_UNSUBSCRIBE', '@/'.PATH_UNSUBSCRIBE.'/(.*)/([0-9]+)@');
@@ -64,6 +64,10 @@
@define('PAT_ARCHIVE', '@/'.PATH_ARCHIVE.'$@');
@define('PAT_CATEGORIES', '@/'.PATH_CATEGORIES.'/(.*)@');
+@define('USERLEVEL_ADMIN', 255);
+@define('USERLEVEL_CHIEF', 1);
+@define('USERLEVEL_EDITOR', 0);
+
/*
* Kill the script if we are not installed, and not inside the installer
*/
@@ -71,7 +75,8 @@
die(sprintf(SERENDIPITY_NOT_INSTALLED, 'serendipity_admin.php'));
}
-if ( defined('IN_installer') && IS_installed === false) {
+if (defined('IN_installer') && IS_installed === false) {
+ $serendipity['lang'] = $serendipity['autolang'];
return 1;
}
@@ -109,18 +114,14 @@
/*
* Load Configuration options from the database
*/
-$rows = serendipity_db_query("SELECT name,value
- FROM {$serendipity['dbPrefix']}config");
-foreach ($rows as $row) {
- /* fixme: temp. workaround */
- $serendipity['CONFIG'][$row['name']] = $row['value'];
- /*
- * Convert 'true' and 'false' into booleans
- */
- $row['value'] = serendipity_get_bool($row['value']);
+serendipity_load_configuration();
- $serendipity[$row['name']] = $row['value'];
+/*
+ * If a user is logged in, fetch his preferences. He possibly wants to have a different language
+ */
+if (isset($_SESSION['serendipityAuthorid'])) {
+ serendipity_load_configuration($_SESSION['serendipityAuthorid']);
}
/*
@@ -156,7 +157,7 @@
*/
define('IS_up2date', version_compare(serendipity_version($serendipity['version']), serendipity_version($serendipity['versionInstalled']), '<='));
-if ( IS_up2date === false && $serendipity['production'] && !defined('IN_upgrader') ) {
+if (IS_up2date === false && $serendipity['production'] && !defined('IN_upgrader')) {
die(sprintf(SERENDIPITY_NEEDS_UPGRADE, $serendipity['versionInstalled'], $serendipity['version'], 'serendipity_admin.php'));
}
@@ -190,3 +191,4 @@
serendipity_plugin_api::hook_event('frontend_configure', $serendipity);
/* vim: set sts=4 ts=4 expandtab : */
?>
+
Index: serendipity_functions_config.inc.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/serendipity_functions_config.inc.php,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- serendipity_functions_config.inc.php 4 Sep 2003 16:23:46 -0000 1.5
+++ serendipity_functions_config.inc.php 4 Apr 2004 16:24:47 -0000 1.6
@@ -1,11 +1,11 @@
<?php # $Id$
-function serendipity_set_config_var($name, $val) {
+function serendipity_set_config_var($name, $val, $authorid = 0) {
global $serendipity;
- serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}config where name='" . serendipity_db_escape_string($name) . "'");
- $r = serendipity_db_insert('config', array('name' => $name, 'value' => $val));
- $serendipity['CONFIG'][$name] = $val;
+ serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}config where name='" . serendipity_db_escape_string($name) . "' AND authorid = " . serendipity_db_escape_string($authorid));
+ $r = serendipity_db_insert('config', array('name' => $name, 'value' => $val, 'authorid' => $authorid));
+ $serendipity[$name] = $val;
if (is_string($r)) {
echo $r;
}
@@ -13,12 +13,65 @@
function serendipity_get_config_var($name, $defval = false) {
global $serendipity;
- if ( isset($serendipity['CONFIG'][$name]) ) {
- return $serendipity['CONFIG'][$name];
+ if (isset($serendipity[$name])) {
+ return $serendipity[$name];
} else {
return $defval;
}
}
+function serendipity_get_user_var($name, $authorid, $default) {
+ global $serendipity;
+
+ $r = serendipity_db_query("SELECT $name FROM {$serendipity['dbPrefix']}authors WHERE authorid = " . serendipity_db_escape_string($authorid), true);
+
+ if (is_array($r)) {
+ return $r[0];
+ } else {
+ return $default;
+ }
+}
+
+function serendipity_set_user_var($name, $val, $authorid, $copy_to_s9y = true) {
+ global $serendipity;
+
+ // When inserting a DB value, this array maps the new values to the corresponding s9y variables
+ static $user_map_array = array(
+ 'username' => 'serendipityUser',
+ 'email' => 'serendipityEmail',
+ 'userlevel' => 'serendipityUserlevel'
+ );
+
+ // Special case for inserting a password
+ switch($name) {
+ case 'password':
+ if (empty($val)) {
+ return;
+ }
+
+ $val = md5($val);
+ $copy_to_s9y = false;
+ break;
+
+ case 'mail_comments':
+ case 'mail_trackbacks':
+ $val = (serendipity_db_bool($val) ? 1 : '0');
+ break;
+ }
+
+ serendipity_db_query("UPDATE {$serendipity['dbPrefix']}authors SET $name = '" . serendipity_db_escape_string($val) . "' WHERE authorid = " . serendipity_db_escape_string($authorid));
+
+ if ($copy_to_s9y) {
+ if (isset($user_map_array[$name])) {
+ $key = $user_map_array[$name];
+ } else {
+ $key = 'serendipity' . ucfirst($name);
+ }
+
+ $_SESSION[$key] = $serendipity[$key] = $val;
+ }
+}
+
/* vim: set sts=4 ts=4 expandtab : */
?>
+
Index: serendipity_functions_images.inc.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/serendipity_functions_images.inc.php,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- serendipity_functions_images.inc.php 3 Apr 2004 17:36:16 -0000 1.8
+++ serendipity_functions_images.inc.php 4 Apr 2004 16:24:47 -0000 1.9
@@ -15,7 +15,7 @@
$ordermode = 'DESC';
}
- $rs = serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}images ORDER BY $order $ordermode", false, 'assoc');
+ $rs = serendipity_db_query("SELECT i.*, a.username AS authorname FROM {$serendipity['dbPrefix']}images AS i LEFT OUTER JOIN {$serendipity['dbPrefix']}authors AS a on i.authorid = a.authorid ORDER BY $order $ordermode", false, 'assoc');
if (!is_array($rs)) {
return array();
}
@@ -35,12 +35,18 @@
function serendipity_updateImageInDatabase($updates, $id) {
global $serendipity;
+
+ $admin = '';
+ if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF) {
+ $admin = ' AND (authorid = ' . $serendipity['authorid'] . ' OR authorid = 0)';
+ }
+
$i=0;
if (sizeof($updates) > 0) {
- foreach ( $updates as $k => $v ) {
+ foreach ($updates as $k => $v) {
$q[] = $k ." = '". $v ."'";
}
- serendipity_db_query("UPDATE {$serendipity['dbPrefix']}images SET ". implode($q, ',') ." WHERE id = ". $id);
+ serendipity_db_query("UPDATE {$serendipity['dbPrefix']}images SET ". implode($q, ',') ." WHERE id = $id $admin");
$i++;
}
return $i;
@@ -52,6 +58,12 @@
$dFile = $file['name'] .'.'. $file['extension'];
$dThumb = $file['name'] .'.'. $file['thumbnail_name'] .'.'. $file['extension'];
+ $admin = '';
+ if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid']) {
+ // A non-admin user may not delete private files from other users.
+ return;
+ }
+
if (file_exists($serendipity['serendipityPath'] . $serendipity['uploadPath'] . $dFile)) {
if (@unlink($serendipity['serendipityPath'] . $serendipity['uploadPath'] . $dFile)) {
printf(DELETE_IMAGE . '<br />', $dFile);
@@ -91,11 +103,11 @@
}
-function serendipity_insertImageInDatabase($filename, $extension, $mimetype, $filesize, $width, $height, $thumbnail, $date) {
+function serendipity_insertImageInDatabase($filename, $extension, $mimetype, $filesize, $width, $height, $thumbnail, $date, $authorid) {
global $serendipity;
$sql = serendipity_db_query("INSERT INTO {$serendipity['dbPrefix']}images
- (name, extension, mime, size, dimensions_width, dimensions_height, thumbnail_name, date)
- VALUES('". $filename ."', '". $extension ."', '". $mimetype ."', ". $filesize .", ". $width.", ". $height .", '". $thumbnail ."', ". $date .")");
+ (name, extension, mime, size, dimensions_width, dimensions_height, thumbnail_name, date, authorid)
+ ...
[truncated message content] |