claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove isMaintainer() and isSuperMaintainer and instead use the user

Browse Source 
classes is_maintainer() and is_super_maintainer.
This commit is contained in:
Chris Morgan
2004-12-19 19:30:27 +00:00
committed by WineHQ
parent ddbd9ed0cc
commit 77a038d4f9
10 changed files with 41 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
admin/addAppNote.php
View File

@@ -10,7 +10,7 @@ require(BASE."include/"."application.php");
global $apidb_root; global $apidb_root;
//check for admin privs //check for admin privs
if(!loggedin() || (!havepriv("admin") && !isMaintainer($appId,$versionId)) ) if(!loggedin() || (!havepriv("admin") && !$_SESSION['current']->is_maintainer($appId,$versionId)) )
{ {
errorpage("Insufficient Privileges!"); errorpage("Insufficient Privileges!");
exit; exit;

10
admin/adminAppDataQueue.php
View File

@@ -61,7 +61,10 @@ if (!$_REQUEST['queueId'])
$c = 1; $c = 1;
while($ob = mysql_fetch_object($result)) while($ob = mysql_fetch_object($result))
{ {
if(isMaintainer($ob->queueappId,$ob->queueversionId) || havepriv("admin")) { if($_SESSION['current']->is_maintainer($ob->queueappId,
$ob->queueversionId)
|| havepriv("admin"))
{
if ($c % 2 == 1) { $bgcolor = 'color0'; } else { $bgcolor = 'color1'; } if ($c % 2 == 1) { $bgcolor = 'color0'; } else { $bgcolor = 'color1'; }
echo "<tr class=$bgcolor>\n"; echo "<tr class=$bgcolor>\n";
echo " <td>".date("Y-n-t h:i:sa", $ob->submitTime)." &nbsp;</td>\n"; echo " <td>".date("Y-n-t h:i:sa", $ob->submitTime)." &nbsp;</td>\n";
@@ -83,7 +86,10 @@ if (!$_REQUEST['queueId'])
} else // shows a particular appdata } else // shows a particular appdata
{ {
if(!(havepriv("admin") || isMaintainer($obj_row->queueAppId,$obj_row->queueVersionId))) { if(!(havepriv("admin") ||
$_SESSION['current']->is_maintainer($obj_row->queueAppId,
$obj_row->queueVersionId)))
{
errorpage("You don't have sufficient priviledges to use this page."); errorpage("You don't have sufficient priviledges to use this page.");
exit; exit;
} }

2
admin/editAppNote.php
View File

@@ -11,7 +11,7 @@ global $apidb_root;
//check for admin privs //check for admin privs
if(!loggedin() || (!havepriv("admin") && !isMaintainer($appId,$versionId)) ) if(!loggedin() || (!havepriv("admin") && !$_SESSION['current']->is_maintainer($appId,$versionId)) )
{ {
errorpage("Insufficient Privileges!"); errorpage("Insufficient Privileges!");
exit; exit;

2
admin/editAppVersion.php
View File

@@ -9,7 +9,7 @@ require(BASE."include/"."application.php");
//check for admin privs //check for admin privs
if(!loggedin() || (!havepriv("admin") && !isMaintainer($_REQUEST['appId'], $_REQUEST['versionId'])) ) if(!loggedin() || (!havepriv("admin") && !$_SESSION['current']->is_maintainer($_REQUEST['appId'], $_REQUEST['versionId'])) )
{ {
errorpage("Insufficient Privileges!"); errorpage("Insufficient Privileges!");
exit; exit;

14
appview.php
View File

@@ -180,7 +180,7 @@ function display_notes($appId, $versionId = 0)
} }
// display row // display row
if (havepriv("admin") || isMaintainer($appId,$versionId) ) if (havepriv("admin") || $_SESSION['current']->is_maintainer($appId,$versionId) )
echo " <a href='admin/editAppNote.php?noteId=".$ob->noteId."&appId=$appId".$versionLink."'> $c. ".substr(stripslashes($ob->noteTitle),0,30)."</a><br>\n"; echo " <a href='admin/editAppNote.php?noteId=".$ob->noteId."&appId=$appId".$versionLink."'> $c. ".substr(stripslashes($ob->noteTitle),0,30)."</a><br>\n";
else else
echo " <a href='noteview.php?noteId=".$ob->noteId."&appId=$appId".$versionLink."'> $c. ".substr(stripslashes($ob->noteTitle),0,30)."</a><br>\n"; echo " <a href='noteview.php?noteId=".$ob->noteId."&appId=$appId".$versionLink."'> $c. ".substr(stripslashes($ob->noteTitle),0,30)."</a><br>\n";
@@ -367,7 +367,7 @@ if($appId && !$versionId)
if(loggedin()) if(loggedin())
{ {
/* are we already a maintainer? */ /* are we already a maintainer? */
if(isSuperMaintainer($appId, $versionId)) /* yep */ if($_SESSION['current']->is_super_maintainer($appId) /* yep */
{ {
echo ' <form method=post name=message action="maintainerdelete.php"><input type=submit value="Remove yourself as a super maintainer" class=button>'; echo ' <form method=post name=message action="maintainerdelete.php"><input type=submit value="Remove yourself as a super maintainer" class=button>';
} else /* nope */ } else /* nope */
@@ -505,14 +505,14 @@ else if($appId && $versionId)
{ {
/* is this user a maintainer of this version by virtue of being a super maintainer */ /* is this user a maintainer of this version by virtue of being a super maintainer */
/* of this app family? */ /* of this app family? */
if(isSuperMaintainer($appId) && !isMaintainer($appId, $versionId)) if($_SESSION['current']->is_super_maintainer($appId) && !$_SESSION['current']->is_maintainer($appId, $versionId))
{ {
echo '<form method=post name=message action="maintainerdelete.php"><input type=submit value="Remove yourself as a supermaintainer" class=button>'; echo '<form method=post name=message action="maintainerdelete.php"><input type=submit value="Remove yourself as a supermaintainer" class=button>';
echo "<input type=hidden name='superMaintainer' value=1>"; echo "<input type=hidden name='superMaintainer' value=1>";
} else } else
{ {
/* are we already a maintainer? */ /* are we already a maintainer? */
if(isMaintainer($appId, $versionId)) /* yep */ if($_SESSION['current']->is_maintainer($appId, $versionId)) /* yep */
{ {
echo '<form method=post name=message action="maintainerdelete.php"><input type=submit value="Remove yourself as a maintainer" class=button>'; echo '<form method=post name=message action="maintainerdelete.php"><input type=submit value="Remove yourself as a maintainer" class=button>';
echo "<input type=hidden name='superMaintainer' value=0>"; echo "<input type=hidden name='superMaintainer' value=0>";
@@ -534,7 +534,7 @@ else if($appId && $versionId)
echo "</center></td></tr>"; echo "</center></td></tr>";
if (loggedin() && (havepriv("admin") || isMaintainer($appId, $versionId))) if (loggedin() && (havepriv("admin") || $_SESSION['current']->is_maintainer($appId, $versionId)))
{ {
echo "<tr><td colspan = 2><center>"; echo "<tr><td colspan = 2><center>";
echo '<form method=post name=message action=admin/editAppVersion.php?appId='.$appId.'&versionId='.$versionId.'>'; echo '<form method=post name=message action=admin/editAppVersion.php?appId='.$appId.'&versionId='.$versionId.'>';
@@ -582,7 +582,7 @@ else if($appId && $versionId)
echo add_br(stripslashes($ob->noteDesc)); echo add_br(stripslashes($ob->noteDesc));
echo "</td></tr>\n"; echo "</td></tr>\n";
if (loggedin() && (havepriv("admin") || isMaintainer($appId, $versionId))) if (loggedin() && (havepriv("admin") || $_SESSION['current']->is_maintainer($appId, $versionId)))
{ {
echo "<tr width='100%' class=color1 align=center valign=top><td>"; echo "<tr width='100%' class=color1 align=center valign=top><td>";
echo '<form method=post name=message action=admin/editAppNote.php?noteId='.$ob->noteId.'&appId='.$appId.'&versionId='.$versionId.'>'; echo '<form method=post name=message action=admin/editAppNote.php?noteId='.$ob->noteId.'&appId='.$appId.'&versionId='.$versionId.'>';
@@ -608,7 +608,7 @@ else if($appId && $versionId)
echo add_br(stripslashes($ob->noteDesc)); echo add_br(stripslashes($ob->noteDesc));
echo "</td></tr>\n"; echo "</td></tr>\n";
if (loggedin() && (havepriv("admin") || isMaintainer($appId, $versionId))) if (loggedin() && (havepriv("admin") || $_SESSION['current']->is_maintainer($appId, $versionId)))
{ {
echo "<tr width='100%' class=color1 align=center valign=top><td>"; echo "<tr width='100%' class=color1 align=center valign=top><td>";
echo '<form method=post name=message action=admin/editAppNote.php?noteId='.$ob->noteId.'&appId='.$appId.'&versionId='.$versionId.'>'; echo '<form method=post name=message action=admin/editAppNote.php?noteId='.$ob->noteId.'&appId='.$appId.'&versionId='.$versionId.'>';

10
deletecomment.php
View File

@@ -10,9 +10,17 @@ $_REQUEST['versionId'] = strip_tags($_REQUEST['versionId']);
$_REQUEST['commentId'] = strip_tags($_REQUEST['commentId']); $_REQUEST['commentId'] = strip_tags($_REQUEST['commentId']);
$_REQUEST['commentId'] = mysql_escape_string($_REQUEST['commentId']); $_REQUEST['commentId'] = mysql_escape_string($_REQUEST['commentId']);
if(!loggedin())
{
errorpage("You need to be logged in to delete a comment.");
exit;
}
/* if we aren't an admin or the maintainer of this app we shouldn't be */ /* if we aren't an admin or the maintainer of this app we shouldn't be */
/* allowed to delete any comments */ /* allowed to delete any comments */
if(!havepriv("admin") && !isMaintainer($_REQUEST['appId'], $_REQUEST['versionId'])) if(!havepriv("admin") &&
!$_SESSION['current']->is_maintainer($_REQUEST['appId'],
$_REQUEST['versionId']))
{ {
errorpage('You don\'t have admin privilages'); errorpage('You don\'t have admin privilages');
exit; exit;

2
include/comments.php
View File

@@ -64,7 +64,7 @@ function view_app_comment($ob)
echo "</td></tr>\n"; echo "</td></tr>\n";
// delete message button, for admins // delete message button, for admins
if(havepriv("admin") || isMaintainer($ob->appId, $ob->versionId)) if(havepriv("admin") || $_SESSION['current']->is_maintainer($ob->appId, $ob->versionId))
{ {
echo "<tr>"; echo "<tr>";
echo "<td><form method=\"post\" name=\"message\" action=\"".$apidb_root."deletecomment.php\"><input type=submit value='Delete' class=button>\n"; echo "<td><form method=\"post\" name=\"message\" action=\"".$apidb_root."deletecomment.php\"><input type=submit value='Delete' class=button>\n";

23
include/user.php
View File

@@ -217,7 +217,7 @@ class User {
*/ */
function is_maintainer($appId, $versionId) function is_maintainer($appId, $versionId)
{ {
if(!loggedin() || !$this->userid) if(!$this->userid)
return false; return false;
/* if this user is a super maintainer of this appid then they */ /* if this user is a super maintainer of this appid then they */
@@ -240,7 +240,7 @@ class User {
*/ */
function is_super_maintainer($appId) function is_super_maintainer($appId)
{ {
if(!loggedin() || !$this->userid) if(!$this->userid)
return false; return false;
$query = "SELECT * FROM appMaintainers WHERE userid = '$this->userid' AND appId = '$appId' AND superMaintainer = '1'"; $query = "SELECT * FROM appMaintainers WHERE userid = '$this->userid' AND appId = '$appId' AND superMaintainer = '1'";
@@ -304,25 +304,6 @@ function havepriv($priv)
return $_SESSION['current']->checkpriv($priv); return $_SESSION['current']->checkpriv($priv);
} }
function isMaintainer($appId, $versionId)
{
if(!loggedin())
return false;
return $_SESSION['current']->is_maintainer($appId, $versionId);
}
function isSuperMaintainer($appId)
{
if(!loggedin())
return false;
return $_SESSION['current']->is_super_maintainer($appId);
}
function debugging() function debugging()
{ {
return ((loggedin() && $_SESSION['current']->getpref("debug") == "yes") || APPDB_DEBUG == 1); return ((loggedin() && $_SESSION['current']->getpref("debug") == "yes") || APPDB_DEBUG == 1);

4
maintainersubmit.php
View File

@@ -39,14 +39,14 @@ $versionId = strip_tags($_POST['versionId']);
$superMaintainer = strip_tags($_POST['superMaintainer']); $superMaintainer = strip_tags($_POST['superMaintainer']);
/* if the user is already a maintainer don't add them again */ /* if the user is already a maintainer don't add them again */
if(isMaintainer($appId, $versionId)) if($_SESSION['current']->is_maintainer($appId, $versionId))
{ {
echo "You are already a maintainer of this app!"; echo "You are already a maintainer of this app!";
exit; exit;
} }
/* if this user is a super maintainer they maintain all of the versionIds of this appId */ /* if this user is a super maintainer they maintain all of the versionIds of this appId */
if(isSuperMaintainer($appId)) if($_SESSION['current']->is_super_maintainer($appId))
{ {
echo "You are already a supermaintainer of the whole application family!"; echo "You are already a supermaintainer of the whole application family!";
exit; exit;

12
screenshots.php
View File

@@ -17,7 +17,9 @@ if($_REQUEST['cmd'])
//process screenshot upload //process screenshot upload
if($_REQUEST['cmd'] == "screenshot_upload") if($_REQUEST['cmd'] == "screenshot_upload")
{ {
if(havepriv("admin") || isMaintainer($_REQUEST['appId'], $_REQUEST['versionId'])) if(havepriv("admin") ||
$_SESSION['current']->is_maintainer($_REQUEST['appId'],
$_REQUEST['versionId']))
{ {
if(!copy($_FILES['imagefile']['tmp_name'], "data/screenshots/".$_REQUEST['appId']."-".$_REQUEST['versionId']."-".basename($_FILES['imagefile']['name']))) if(!copy($_FILES['imagefile']['tmp_name'], "data/screenshots/".$_REQUEST['appId']."-".$_REQUEST['versionId']."-".basename($_FILES['imagefile']['name'])))
{ {
@@ -105,7 +107,9 @@ if($_REQUEST['cmd'])
} }
} elseif($_REQUEST['cmd'] == "delete") } elseif($_REQUEST['cmd'] == "delete")
{ {
if(havepriv("admin") || isMaintainer($_REQUEST['appId'], $_REQUEST['versionId'])) if(havepriv("admin") ||
$_SESSION['current']->is_maintainer($_REQUEST['appId'],
$_REQUEST['versionId']))
{ {
$result = mysql_query("DELETE FROM appData WHERE id = ".$_REQUEST['imageId']); $result = mysql_query("DELETE FROM appData WHERE id = ".$_REQUEST['imageId']);
if($result) if($result)
@@ -193,7 +197,9 @@ if($result && mysql_num_rows($result))
echo $img; echo $img;
//show admin delete link //show admin delete link
if(loggedin() && (havepriv("admin") || isMaintainer($_REQUEST['appId'], $_REQUEST['versionId']))) if(loggedin() && (havepriv("admin") ||
$_SESSION['current']->is_maintainer($_REQUEST['appId'],
$_REQUEST['versionId'])))
{ {
echo "<div align=center>[<a href='screenshots.php?cmd=delete&imageId=$ob->id&appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']."'>Delete Image</a>]</div>"; echo "<div align=center>[<a href='screenshots.php?cmd=delete&imageId=$ob->id&appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']."'>Delete Image</a>]</div>";
} }