WebSVN – Applications.papyrus – Blame – /branches/v1.0-menes/client/phorum/bibliotheque/phorum/include/posting/check_permissions.php

Rev	Author	Line No.	Line
831	florian	1	`<?php`
		2
		3	`////////////////////////////////////////////////////////////////////////////////`
		4	`// //`
		5	`// Copyright (C) 2006 Phorum Development Team //`
		6	`// http://www.phorum.org //`
		7	`// //`
		8	`// This program is free software. You can redistribute it and/or modify //`
		9	`// it under the terms of either the current Phorum License (viewable at //`
		10	`// phorum.org) or the Phorum License that was distributed with this file //`
		11	`// //`
		12	`// This program is distributed in the hope that it will be useful, //`
		13	`// but WITHOUT ANY WARRANTY, without even the implied warranty of //`
		14	`// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. //`
		15	`// //`
		16	`// You should have received a copy of the Phorum License //`
		17	`// along with this program. //`
		18	`////////////////////////////////////////////////////////////////////////////////`
		19
		20	`if(!defined("PHORUM")) return;`
		21
		22	`// Check if the user is allowed to post a new message or a reply.`
		23	`if( ($mode == "post" && !phorum_user_access_allowed(PHORUM_USER_ALLOW_NEW_TOPIC)) \|\|`
		24	`($mode == "reply" && !phorum_user_access_allowed(PHORUM_USER_ALLOW_REPLY)) ) { if ($PHORUM["DATA"]["LOGGEDIN"]) {`
		25	`// If users are logged in and can't post, they don't have rights to do so.`
		26	`$PHORUM["DATA"]["MESSAGE"] = $PHORUM["DATA"]["LANG"]["NoPost"];`
		27	`} else {`
		28	`// Check if they could post if logged in. If so, let them know to log in.`
		29	`if( ($mode == "reply" && $PHORUM["reg_perms"] & PHORUM_USER_ALLOW_REPLY) \|\|`
		30	`($mode == "post" && $PHORUM["reg_perms"] & PHORUM_USER_ALLOW_NEW_TOPIC) ) {`
		31	`$PHORUM["DATA"]["MESSAGE"] = $PHORUM["DATA"]["LANG"]["PleaseLoginPost"];`
		32	`} else {`
		33	`$PHORUM["DATA"]["MESSAGE"] = $PHORUM["DATA"]["LANG"]["NoPost"];`
		34	`}`
		35	`}`
		36	`$error_flag = true;`
		37	`return;`
		38
		39	`// Check that they are logged in according to the security settings in`
		40	`// the admin. If they aren't then either set a message with a login link`
		41	`// (when running as include) or redirect to the login page.`
		42	`} elseif($PHORUM["DATA"]["LOGGEDIN"] && !$PHORUM["DATA"]["FULLY_LOGGEDIN"]){`
		43
		44	`if (isset($PHORUM["postingargs"]["as_include"])) {`
		45
		46	`// Generate the URL to return to after logging in.`
		47	`$args = array(PHORUM_REPLY_URL, $PHORUM["args"][1]);`
		48	`if (isset($PHORUM["args"][2])) $args[] = $PHORUM["args"][2];`
		49	`if (isset($PHORUM["args"]["quote"])) $args[] = "quote=1";`
		50	`$redir = urlencode(call_user_func_array('phorum_get_url', $args));`
		51	`$url = phorum_get_url(PHORUM_LOGIN_URL, "redir=$redir");`
		52
		53	`$PHORUM["DATA"]["URL"]["REDIRECT"] = $url;`
		54	`$PHORUM["DATA"]["BACKMSG"] = $PHORUM["DATA"]["LANG"]["LogIn"];`
		55	`$PHORUM["DATA"]["MESSAGE"] = $PHORUM["DATA"]["LANG"]["PeriodicLogin"];`
		56	`$error_flag = true;`
		57	`return;`
		58
		59	`} else {`
		60
		61	`// Generate the URL to return to after logging in.`
		62	`$args = array(PHORUM_POSTING_URL);`
		63	`if (isset($PHORUM["args"][1])) $args[] = $PHORUM["args"][1];`
		64	`if (isset($PHORUM["args"][2])) $args[] = $PHORUM["args"][2];`
		65	`if (isset($PHORUM["args"]["quote"])) $args[] = "quote=1";`
		66	`$redir = urlencode(call_user_func_array('phorum_get_url', $args));`
		67
		68	`phorum_redirect_by_url(phorum_get_url(PHORUM_LOGIN_URL,"redir=$redir"));`
		69	`exit();`
		70
		71	`}`
		72	`}`
		73
		74	`// Put read-only user info in the message.`
		75	`if ($mode == "post" \|\| $mode == "reply")`
		76	`{`
		77	`if ($PHORUM["DATA"]["LOGGEDIN"]){`
		78	`$message["user_id"] = $PHORUM["user"]["user_id"];`
		79	`$message["author"] = $PHORUM["user"]["username"];`
		80	`} else {`
		81	`$message["user_id"] = 0;`
		82	`}`
		83	`}`
		84
		85	`// On finishing up, find the original message data in case we're`
		86	`// editing or replying. Put read-only data in the message to prevent`
		87	`// data tampering.`
		88	`if ($finish && ($mode == 'edit' \|\| $mode == 'reply'))`
		89	`{`
		90	`$id = $mode == "edit" ? "message_id" : "parent_id";`
		91	`$origmessage = phorum_db_get_message($message[$id]);`
		92	`if (! $origmessage) {`
		93	`phorum_redirect_by_url(phorum_get_url(PHORUM_INDEX_URL));`
		94	`exit();`
		95	`}`
		96
		97	`// Copy read-only information for editing messages.`
		98	`if ($mode == "edit") {`
		99	`$message = phorum_posting_merge_db2form($message, $origmessage, READONLYFIELDS);`
		100	`// Copy read-only information for replying to messages.`
		101	`} else {`
		102	`$message["parent_id"] = $origmessage["message_id"];`
		103	`$message["thread"] = $origmessage["thread"];`
		104	`}`
		105	`}`
		106
		107	`// We never store the email address in the message in case it`
		108	`// was posted by a registered user.`
		109	`if ($message["user_id"]) {`
		110	`$message["email"] = "";`
		111	`}`
		112
		113	`// Find the startmessage for the thread.`
		114	`if ($mode == "reply" \|\| $mode == "edit") {`
		115	`$top_parent = phorum_db_get_message($message["thread"]);`
		116	`}`
		117
		118	`// Do permission checks for replying to messages.`
		119	`if ($mode == "reply")`
		120	`{`
		121	`// Find the direct parent for this message.`
		122	`if ($message["thread"] != $message["parent_id"]) {`
		123	`$parent = phorum_db_get_message($message["parent_id"]);`
		124	`} else {`
		125	`$parent = $top_parent;`
		126	`}`
		127
		128	`// If this thread is unapproved, then get out.`
		129	`$unapproved =`
		130	`empty($top_parent) \|\|`
		131	`empty($parent) \|\|`
		132	`$top_parent["closed"] \|\|`
		133	`$top_parent["status"] != PHORUM_STATUS_APPROVED \|\|`
		134	`$parent["status"] != PHORUM_STATUS_APPROVED;`
		135
		136	`if ($unapproved)`
		137	`{`
		138	`// In case we run the editor included in the read page,`
		139	`// we should not redirect to the listpage for moderators.`
		140	`// Else a moderator can never read an unapproved message.`
		141	`if (isset($PHORUM["postingargs"]["as_include"])) {`
		142	`if ($PHORUM["DATA"]["MODERATOR"]) {`
		143	`$PHORUM["DATA"]["MESSAGE"] = $PHORUM["DATA"]["LANG"]["UnapprovedMessage"];`
		144	`$error_flag = true;`
		145	`return;`
		146	`}`
		147	`}`
		148
		149	`// In other cases, redirect users that are replying to`
		150	`// unapproved messages to the message list.`
		151	`phorum_redirect_by_url(phorum_get_url(PHORUM_LIST_URL));`
		152	`exit;`
		153	`}`
		154
		155	`}`
		156
		157	`// Do permission checks for editing messages.`
		158	`if ($mode == "edit")`
		159	`{`
		160	`// Check if the user is allowed to edit this post.`
		161	`$timelim = $PHORUM["user_edit_timelimit"];`
		162	`$useredit =`
		163	`$message["user_id"] == $PHORUM["user"]["user_id"] &&`
		164	`phorum_user_access_allowed(PHORUM_USER_ALLOW_EDIT) &&`
		165	`! empty($top_parent) &&`
		166	`! $top_parent["closed"] &&`
		167	`(! $timelim \|\| $message["datestamp"] + ($timelim * 60) >= time());`
		168
		169	`// Moderators are allowed to edit message, but not messages from`
		170	`// announcement threads. Announcements may only be edited by users`
		171	`// for which the option "announcement" is set as allowed.`
		172	`$moderatoredit =`
		173	`$PHORUM["DATA"]["MODERATOR"] &&`
		174	`$message["forum_id"] == $PHORUM["forum_id"] &&`
		175	`($message["special"] != "announcement" \|\|`
		176	`$PHORUM["DATA"]["OPTION_ALLOWED"]["announcement"]);`
		177
		178	`if (!$useredit && !$moderatoredit) {`
		179	`$PHORUM["DATA"]["MESSAGE"] =`
		180	`$PHORUM["DATA"]["LANG"]["EditPostForbidden"];`
		181	`$error_flag = true;`
		182	`return;`
		183	`}`
		184	`}`
		185
		186
		187	`?>`

Subversion Repositories Applications.papyrus

(root)/branches/v1.0-menes/client/phorum/bibliotheque/phorum/include/posting/check_permissions.php – Rev 1974