[geeklog-cvs] geeklog-1.3/public_html/admin poll.php,1.30,1.31
geeklog-cvs-admin at lists.geeklog.net
geeklog-cvs-admin at lists.geeklog.net
Fri Jun 20 13:36:22 EDT 2003
Update of /usr/cvs/geeklog/geeklog-1.3/public_html/admin
In directory internal.geeklog.net:/tmp/cvs-serv5642/public_html/admin
Modified Files:
poll.php
Log Message:
Added support for '_admin_block' and '_msg_block' template overrides,
fixed error handling for incomplete polls.
Index: poll.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/admin/poll.php,v
retrieving revision 1.30
retrieving revision 1.31
diff -C2 -d -r1.30 -r1.31
*** poll.php 22 Apr 2003 16:59:35 -0000 1.30
--- poll.php 20 Jun 2003 17:36:20 -0000 1.31
***************
*** 6,17 ****
// +---------------------------------------------------------------------------+
// | poll.php |
- // | Geeklog poll administration page |
// | |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000,2001 by the following authors: |
// | |
! // | Authors: Tony Bibbs - tony at tonybibbs.com |
! // | Mark Limburg - mlimburg at users.sourceforge.net |
! // | Jason Wittenburg - jwhitten at securitygeeks.com |
// +---------------------------------------------------------------------------+
// | |
--- 6,18 ----
// +---------------------------------------------------------------------------+
// | poll.php |
// | |
+ // | Geeklog poll administration page |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2003 by the following authors: |
// | |
! // | Authors: Tony Bibbs - tony at tonybibbs.com |
! // | Mark Limburg - mlimburg at users.sourceforge.net |
! // | Jason Whittenburg - jwhitten at securitygeeks.com |
! // | Dirk Haun - dirk at haun-online.de |
// +---------------------------------------------------------------------------+
// | |
***************
*** 37,51 ****
$_POLL_VERBOSE = false;
! include("../lib-common.php");
! include('auth.inc.php');
$display = '';
if (!SEC_hasRights('poll.edit')) {
! $display .= COM_siteHeader('menu');
! $display .= COM_startBlock($MESSAGE[30]);
$display .= $MESSAGE[36];
! $display .= COM_endBlock();
! $display .= COM_siteFooter();
$display .= COM_errorLog("User {$_USER['username']} tried to illegally access the poll administration screen",1);
echo $display;
--- 38,53 ----
$_POLL_VERBOSE = false;
! require_once('../lib-common.php');
! require_once('auth.inc.php');
$display = '';
if (!SEC_hasRights('poll.edit')) {
! $display .= COM_siteHeader ('menu');
! $display .= COM_startBlock ($MESSAGE[30], '',
! COM_getBlockTemplate ('_msg_block', 'header'));
$display .= $MESSAGE[36];
! $display .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
! $display .= COM_siteFooter ();
$display .= COM_errorLog("User {$_USER['username']} tried to illegally access the poll administration screen",1);
echo $display;
***************
*** 56,60 ****
// to the script. This will sometimes cause errors but it will allow you to see
// the data being passed in a POST operation
! // debug($HTTP_POST_VARS);
/**
--- 58,62 ----
// to the script. This will sometimes cause errors but it will allow you to see
// the data being passed in a POST operation
! // echo COM_debug($HTTP_POST_VARS);
/**
***************
*** 80,85 ****
*/
function savepoll($qid,$mainpage,$question,$voters,$statuscode,$commentcode,$A,$V,$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon)
! {
! global $_TABLES, $LANG25, $_CONF, $MESSAGE, $_POLL_VERBOSE;
// Convert array values to numeric permission values
--- 82,87 ----
*/
function savepoll($qid,$mainpage,$question,$voters,$statuscode,$commentcode,$A,$V,$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon)
! {
! global $_TABLES, $LANG21, $LANG25, $_CONF, $MESSAGE, $_POLL_VERBOSE;
// Convert array values to numeric permission values
***************
*** 87,164 ****
$question = COM_stripslashes ($question);
! for ($i = 0; $i < sizeof($A); $i++) {
$A[$i] = COM_stripslashes ($A[$i]);
}
! if ($_POLL_VERBOSE) {
! COM_errorLog('**** Inside savepoll() in ' . $_CONF['site_admin_url'] . '/poll.php ***');
! }
! $access = 0;
! if (DB_count ($_TABLES['pollquestions'], 'qid', $qid) > 0) {
! $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['pollquestions']} WHERE qid = '{$qid}'");
! $P = DB_fetchArray ($result);
! $access = SEC_hasAccess ($P['owner_id'], $P['group_id'],
! $P['perm_owner'], $P['perm_group'], $P['perm_members'],
! $P['perm_anon']);
! } else {
! $access = SEC_hasAccess ($owner_id, $group_id, $perm_owner, $perm_group,
! $perm_members, $perm_anon);
! }
! if (($access < 3) || !SEC_inGroup ($group_id)) {
! $display .= COM_siteHeader('menu');
! $display .= COM_startBlock($MESSAGE[30]);
! $display .= $MESSAGE[31];
! $display .= COM_endBlock();
! $display .= COM_siteFooter();
! COM_errorLog("User {$_USER['username']} tried to illegally submit or edit poll $pid",1);
! echo $display;
! exit;
! }
! if (empty($voters)) {
! $voters = '0';
! }
! if ($_POLL_VERBOSE) {
! COM_errorLog('owner permissions: ' . $perm_owner, 1);
! COM_errorLog('group permissions: ' . $perm_group, 1);
! COM_errorLog('member permissions: ' . $perm_member, 1);
! COM_errorLog('anonymous permissions: ' . $perm_anon, 1);
! }
! DB_delete($_TABLES['pollquestions'],'qid',$qid);
! DB_delete($_TABLES['pollanswers'],'qid',$qid);
! $question = addslashes ($question);
! $sql = "'$qid','$question',$voters,'" . date("Y-m-d H:i:s");
! if ($mainpage == 'on') {
! $sql .= "',1";
! } else {
! $sql .= "',0";
! }
! $sql .= ",'$statuscode','$commentcode',$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon";
! // Save poll question
! DB_save($_TABLES['pollquestions'],"qid, question, voters, date, display, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon",$sql);
! // Save poll answers
! for ($i = 0; $i < sizeof($A); $i++) {
! if (!empty($A[$i])) {
! if (empty($V[$i])) {
! $V[$i] = "0";
}
- $A[$i] = addslashes ($A[$i]);
- DB_save($_TABLES['pollanswers'],'qid, aid, answer, votes',"'$qid', $i+1, '$A[$i]', $V[$i]");
}
- }
! if ($_POLL_VERBOSE) {
! COM_errorLog('**** Leaving savepoll() in ' . $_CONF['site_admin_url'] . '/poll.php ***');
! }
! echo COM_refresh($_CONF['site_admin_url'] . '/poll.php?msg=19');
}
--- 89,187 ----
$question = COM_stripslashes ($question);
! for ($i = 0; $i < sizeof ($A); $i++) {
$A[$i] = COM_stripslashes ($A[$i]);
}
! if (!empty ($question) && (sizeof ($A) > 0) && !empty ($A[0])) {
! if ($_POLL_VERBOSE) {
! COM_errorLog ('**** Inside savepoll() in '
! . $_CONF['site_admin_url'] . '/poll.php ***');
! }
! $qid = str_replace (' ', '', $qid); // strip spaces from poll id
! $access = 0;
! if (DB_count ($_TABLES['pollquestions'], 'qid', $qid) > 0) {
! $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['pollquestions']} WHERE qid = '{$qid}'");
! $P = DB_fetchArray ($result);
! $access = SEC_hasAccess ($P['owner_id'], $P['group_id'],
! $P['perm_owner'], $P['perm_group'], $P['perm_members'],
! $P['perm_anon']);
! } else {
! $access = SEC_hasAccess ($owner_id, $group_id, $perm_owner,
! $perm_group, $perm_members, $perm_anon);
! }
! if (($access < 3) || !SEC_inGroup ($group_id)) {
! $display .= COM_siteHeader ('menu');
! $display .= COM_startBlock ($MESSAGE[30], '',
! COM_getBlockTemplate ('_msg_block', 'header'));
! $display .= $MESSAGE[31];
! $display .= COM_endBlock ();
! $display .= COM_siteFooter (COM_getBlockTemplate ('_msg_block',
! 'footer'));
! COM_errorLog("User {$_USER['username']} tried to illegally submit or edit poll $pid",1);
! echo $display;
! exit;
! }
! if (empty($voters)) {
! $voters = '0';
! }
! if ($_POLL_VERBOSE) {
! COM_errorLog('owner permissions: ' . $perm_owner, 1);
! COM_errorLog('group permissions: ' . $perm_group, 1);
! COM_errorLog('member permissions: ' . $perm_member, 1);
! COM_errorLog('anonymous permissions: ' . $perm_anon, 1);
! }
! DB_delete($_TABLES['pollquestions'],'qid',$qid);
! DB_delete($_TABLES['pollanswers'],'qid',$qid);
! $question = addslashes ($question);
! $sql = "'$qid','$question',$voters,'" . date("Y-m-d H:i:s");
! if ($mainpage == 'on') {
! $sql .= "',1";
! } else {
! $sql .= "',0";
! }
! $sql .= ",'$statuscode','$commentcode',$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon";
!
! // Save poll question
! DB_save($_TABLES['pollquestions'],"qid, question, voters, date, display, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon",$sql);
!
! // Save poll answers
! for ($i = 0; $i < sizeof($A); $i++) {
! if (!empty($A[$i])) {
! if (empty($V[$i])) {
! $V[$i] = "0";
! }
! $A[$i] = addslashes ($A[$i]);
! DB_save ($_TABLES['pollanswers'], 'qid, aid, answer, votes',
! "'$qid', $i+1, '$A[$i]', $V[$i]");
}
}
! if ($_POLL_VERBOSE) {
! COM_errorLog ('**** Leaving savepoll() in '
! . $_CONF['site_admin_url'] . '/poll.php ***');
! }
! return COM_refresh($_CONF['site_admin_url'] . '/poll.php?msg=19');
!
! } else {
! $retval .= COM_siteHeader ('menu');
! $retval .= COM_startBlock ($LANG21[32], '',
! COM_getBlockTemplate ('_msg_block', 'header'));
! $retval .= $LANG25[2];
! $retval .= COM_endBlock(COM_getBlockTemplate ('_msg_block', 'footer'));
! $retval .= editpoll ($qid);
! $retval .= COM_siteFooter ();
!
! return $retval;
! }
}
***************
*** 171,175 ****
*
*/
! function editpoll($qid='')
{
global $_TABLES, $LANG25, $_CONF, $_USER, $LANG_ACCESS;
--- 194,198 ----
*
*/
! function editpoll($qid='')
{
global $_TABLES, $LANG25, $_CONF, $_USER, $LANG_ACCESS;
***************
*** 183,187 ****
$poll_templates->set_var('layout_url', $_CONF['layout_url']);
! if (!empty($qid)) {
$question = DB_query("SELECT * FROM {$_TABLES["pollquestions"]} WHERE qid='$qid'");
$answers = DB_query("SELECT answer,aid,votes FROM {$_TABLES["pollanswers"]} WHERE qid='$qid' ORDER BY aid");
--- 206,210 ----
$poll_templates->set_var('layout_url', $_CONF['layout_url']);
! if (!empty ($qid)) {
$question = DB_query("SELECT * FROM {$_TABLES["pollquestions"]} WHERE qid='$qid'");
$answers = DB_query("SELECT answer,aid,votes FROM {$_TABLES["pollanswers"]} WHERE qid='$qid' ORDER BY aid");
***************
*** 194,211 ****
if ($access == 0 OR $access == 2) {
// User doesn't have access...bail
! $retval .= COM_startBlock($LANG25[21]);
$retval .= $LANG25[22];
! $retval .= COM_endBlock();
return $retval;
}
}
! $retval .= COM_startBlock($LANG25[5]);
! if (!empty($qid) AND $access == 3) {
! $poll_templates->set_var('delete_option', "<input type=\"submit\" name=\"mode\" value=\"$LANG25[16]\">");
} else {
$Q['owner_id'] = $_USER['uid'];
! $Q['group_id'] = DB_getItem($_TABLES['groups'],'grp_id',"grp_name = 'Poll Admin'");
$Q['perm_owner'] = 3;
$Q['perm_group'] = 2;
--- 217,238 ----
if ($access == 0 OR $access == 2) {
// User doesn't have access...bail
! $retval .= COM_startBlock ($LANG25[21], '',
! COM_getBlockTemplate ('_msg_block', 'header'));
$retval .= $LANG25[22];
! $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
return $retval;
}
}
! $retval .= COM_startBlock ($LANG25[5], '',
! COM_getBlockTemplate ('_admin_block', 'header'));
! if (!empty ($qid) AND ($access == 3) AND !empty ($Q['owner_id'])) {
! $poll_templates->set_var('delete_option',
! '<input type="submit" name="mode" value="' . $LANG25[16] . '">');
} else {
$Q['owner_id'] = $_USER['uid'];
! $Q['group_id'] = DB_getItem ($_TABLES['groups'], 'grp_id',
! "grp_name = 'Poll Admin'");
$Q['perm_owner'] = 3;
$Q['perm_group'] = 2;
***************
*** 277,281 ****
$retval .= $poll_templates->finish($poll_templates->get_var('output'));
! $retval .= COM_endBlock();
return $retval;
--- 304,308 ----
$retval .= $poll_templates->finish($poll_templates->get_var('output'));
! $retval .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer'));
return $retval;
***************
*** 292,296 ****
$retval = '';
! $retval .= COM_startBlock($LANG25[18]);
$poll_templates = new Template($_CONF['path_layout'] . 'admin/poll');
--- 319,324 ----
$retval = '';
! $retval .= COM_startBlock ($LANG25[18], '',
! COM_getBlockTemplate ('_admin_block', 'header'));
$poll_templates = new Template($_CONF['path_layout'] . 'admin/poll');
***************
*** 336,340 ****
$poll_templates->parse('output', 'list');
$retval .= $poll_templates->finish($poll_templates->get_var('output'));
! $retval .= COM_endBlock();
return $retval;
--- 364,368 ----
$poll_templates->parse('output', 'list');
$retval .= $poll_templates->finish($poll_templates->get_var('output'));
! $retval .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer'));
return $retval;
***************
*** 346,359 ****
if ($mode == 'edit') {
! $display .= COM_siteHeader('menu');
! $display .= editpoll($qid);
! $display .= COM_siteFooter();
} else if (($mode == $LANG25[14]) && !empty ($LANG25[14])) { // save
! if (!empty($qid)) {
$voters = 0;
! for ($i = 0; $i < sizeof($answer); $i++) {
$voters = $voters + $votes[$i];
}
! savepoll($qid,$mainpage,$question,$voters,$statuscode,$commentcode,$answer,$votes,$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon);
}
} else if (($mode == $LANG25[16]) && !empty ($LANG25[16])) { // delete
--- 374,397 ----
if ($mode == 'edit') {
! $display .= COM_siteHeader ('menu');
! $display .= editpoll ($qid);
! $display .= COM_siteFooter ();
} else if (($mode == $LANG25[14]) && !empty ($LANG25[14])) { // save
! if (!empty ($qid)) {
$voters = 0;
! for ($i = 0; $i < sizeof ($answer); $i++) {
$voters = $voters + $votes[$i];
}
! $display .= savepoll ($qid, $mainpage, $question, $voters, $statuscode,
! $commentcode, $answer, $votes, $owner_id, $group_id,
! $perm_owner, $perm_group, $perm_members, $perm_anon);
! } else {
! $display .= COM_siteHeader ('menu');
! $display .= COM_startBlock ($LANG21[32], '',
! COM_getBlockTemplate ('_msg_block', 'header'));
! $display .= $LANG25[17];
! $display .= COM_endBlock(COM_getBlockTemplate ('_msg_block', 'footer'));
! $display .= editpoll ();
! $display .= COM_siteFooter ();
}
} else if (($mode == $LANG25[16]) && !empty ($LANG25[16])) { // delete
More information about the geeklog-cvs
mailing list