From 236c4e3b78408f92d60be904cef25c45b0ff6a3e Mon Sep 17 00:00:00 2001 From: Michael R Sweet Date: Wed, 19 May 2004 14:02:38 +0000 Subject: [PATCH] Add account info page, enforce access levels, cosmetic cleanup. --- www/account.php | 135 ++++++++++++++++++++++++++++------------- www/articles.php | 103 ++++++++++++++++++++----------- www/comment.php | 29 +++++---- www/index.php | 22 +++---- www/phplib/auth.php | 13 +++- www/phplib/globals.php | 13 ++-- www/software.php | 13 ++-- www/str.php | 55 ++++++++++------- 8 files changed, 249 insertions(+), 134 deletions(-) diff --git a/www/account.php b/www/account.php index 142d020..20f4d9f 100644 --- a/www/account.php +++ b/www/account.php @@ -1,6 +1,6 @@ "User", - 50 => "Devel", - 100 => "Admin" + AUTH_USER => "User", + AUTH_DEVEL => "Devel", + AUTH_ADMIN => "Admin" ); @@ -32,13 +32,17 @@ $levels = array( function account_header($title) { + global $PHP_SELF, $LOGIN_USER, $LOGIN_LEVEL; + html_header("$title"); html_start_links(1); - html_link("$title", "$PHP_SELF?L"); - html_link("Manage Accounts", "$PHP_SELF?A"); - html_link("Manage Comments", "comment.php?l"); + html_link("$LOGIN_USER", "$PHP_SELF"); html_link("Change Password", "$PHP_SELF?P"); + if ($LOGIN_LEVEL == AUTH_ADMIN) + html_link("Manage Accounts", "$PHP_SELF?A"); + if ($LOGIN_LEVEL > AUTH_USER) + html_link("New/Pending", "$PHP_SELF?L"); html_link("Logout", "$PHP_SELF?X"); html_end_links(); @@ -61,12 +65,18 @@ if ($argc >= 1) $data = substr($argv[0], 1); } else - $op = "L"; + $op = ""; switch ($op) { case 'A' : // Manage accounts... + if ($LOGIN_LEVEL < AUTH_ADMIN) + { + header("Location: $PHP_SELF"); + exit(); + } + if ($data == "add") { if ($REQUEST_METHOD == "POST") @@ -100,7 +110,7 @@ switch ($op) if (array_key_exists("LEVEL", $_POST)) $level = (int)$_POST["LEVEL"]; else - $level = 0; + $level = AUTH_USER; if ($name != "" && $email != "" && (($password == "" && $password2 == "") || @@ -121,7 +131,7 @@ switch ($op) $havedata = 0; } - account_header("Manage Accounts"); + account_header("Add Account"); if ($havedata) { @@ -161,20 +171,14 @@ switch ($op) ."Access Level:" ."\n" ."Password:" @@ -248,7 +252,7 @@ switch ($op) if (array_key_exists("LEVEL", $_POST)) $level = (int)$_POST["LEVEL"]; else - $level = 0; + $level = AUTH_USER; if ($email != "" && (($password == "" && $password2 == "") || @@ -279,7 +283,7 @@ switch ($op) db_free($result); } - account_header("Manage Accounts"); + account_header("Modify $name"); if ($havedata) { @@ -330,20 +334,14 @@ switch ($op) { print(""); } @@ -410,6 +408,12 @@ switch ($op) case 'L' : // List + if ($LOGIN_LEVEL < AUTH_DEVEL) + { + header("Location: $PHP_SELF"); + exit(); + } + account_header("New/Pending"); $email = db_escape($_COOKIE["FROM"]); @@ -515,6 +519,36 @@ switch ($op) db_free($result); + // Show hidden comments... + print("

Hidden Comments:

\n"); + + $result = db_query("SELECT * FROM comment WHERE status = 0 ORDER BY id"); + + if (db_count($result) == 0) + print("

No hidden comments.

\n"); + else + { + print("\n"); + } + + db_free($result); + html_footer(); break; @@ -547,10 +581,29 @@ switch ($op) html_footer(); break; + + default : + // Show account info... + account_header($LOGIN_USER); + + if (array_key_exists("FROM", $_COOKIE)) + $email = htmlspecialchars($_COOKIE["FROM"]); + else + $email = "unknown"; + + print("
\n" + ."\n" + ."\n" + ."" + ."\n" + ."
Username:$LOGIN_USER
EMail:$email
Access Level:$levels[$LOGIN_LEVEL]
\n"); + + html_footer(); + break; } // -// End of "$Id: account.php,v 1.7 2004/05/19 02:57:18 mike Exp $". +// End of "$Id: account.php,v 1.8 2004/05/19 14:02:38 mike Exp $". // ?> diff --git a/www/articles.php b/www/articles.php index ae0ee17..6236230 100644 --- a/www/articles.php +++ b/www/articles.php @@ -1,6 +1,6 @@ Command '$op' requires a login!\n"); + print("

You don't have permission to use command '$op'!\n"); html_footer(); exit(); } @@ -221,7 +221,7 @@ switch ($op) html_start_links(1); html_link("Return to Articles", "$PHP_SELF?L$options"); html_link("Show Comments", "#_USER_COMMENTS"); - if ($LOGIN_USER) + if ($LOGIN_LEVEL >= AUTH_DEVEL) { html_link("Modify Article", "$PHP_SELF?M$id$options"); html_link("Delete Article #$id", "$PHP_SELF?D$id$options"); @@ -261,7 +261,7 @@ switch ($op) html_header("Articles"); html_start_links(1); - html_link("Post New Article", "$PHP_SELF?N$options"); + html_link("Submit Article", "$PHP_SELF?N$options"); html_end_links(); print("

Articles

\n"); @@ -276,7 +276,7 @@ switch ($op) $query = ""; $prefix = "WHERE "; - if (!$LOGIN_USER) + if ($LOGIN_LEVEL < AUTH_DEVEL) { $query .= "${prefix}is_published = 1"; $prefix = " AND "; @@ -367,7 +367,7 @@ switch ($op) print("

$count article(s) found, showing $start to $end:

\n"); - if ($LOGIN_USER) + if ($LOGIN_LEVEL >= AUTH_DEVEL) print("
\n"); if ($count > $PAGE_MAX) @@ -401,7 +401,7 @@ switch ($op) $link = ""; print(""); - if ($LOGIN_USER) + if ($LOGIN_LEVEL >= AUTH_DEVEL) print(""); print("$link$id"); @@ -415,8 +415,8 @@ switch ($op) $temp = date("M d, Y", $row['modify_date']); print("$link$temp"); - $count = count_comments("articles.php_L$id"); - print("$link$count"); + $ccount = count_comments("articles.php_L$id"); + print("$link$ccount"); html_end_row(); @@ -426,7 +426,7 @@ switch ($op) html_end_row(); } - if ($LOGIN_USER) + if ($LOGIN_LEVEL > 0) { html_start_row("header"); @@ -486,8 +486,8 @@ switch ($op) else $contents = ""; - if (($is_published == 0 || $LOGIN_USER) && $title != "" && - $abstract != "" && $contents != "") + if (($is_published == 0 || $LOGIN_LEVEL >= AUTH_DEVEL) && + $title != "" && $abstract != "" && $contents != "") $havedata = 1; else $havedata = 0; @@ -577,7 +577,9 @@ switch ($op) case 'N' : // Post new Article if ($REQUEST_METHOD == "POST") { - if (array_key_exists("IS_PUBLISHED", $_POST)) + if ($LOGIN_LEVEL < AUTH_DEVEL) + $is_published = 0; + else if (array_key_exists("IS_PUBLISHED", $_POST)) $is_published = (int)$_POST["IS_PUBLISHED"]; else $is_published = 0; @@ -602,8 +604,8 @@ switch ($op) else $create_user = ""; - if (($is_published == 0 || $LOGIN_USER) && $title != "" && - $abstract != "" && $contents != "") + if (($is_published == 0 || $LOGIN_LEVEL >= AUTH_DEVEL) && + $title != "" && $abstract != "" && $contents != "") $havedata = 1; else $havedata = 0; @@ -641,25 +643,40 @@ switch ($op) break; } - html_header("Post New Article"); + html_header("Submit Article"); html_start_links(1); html_link("Return to Articles", "$PHP_SELF?L$options"); html_end_links(); - print("

Post New Article

\n"); + print("

Submit Article

\n"); - print("

Please use this form to post announcements, how-to's, " - ."examples, and case studies showing how you use $PROJECT. " - ."We will proofread your article, and if we determine it is " - ."appropriate for the site, we will make the article public " - ."on the site. Thank you for supporting $PROJECT!

\n" - ."
\n"); + if ($REQUEST_METHOD == "POST") + { + print("

Error: Please fill in the fields marked in " + ."bold red below and resubmit " + ."your article.


\n"); + + $hstart = ""; + $hend = ""; + } + else + { + print("

Please use this form to post announcements, how-to's, " + ."examples, and case studies showing how you use $PROJECT. " + ."We will proofread your article, and if we determine it is " + ."appropriate for the site, we will make the article public " + ."on the site. Thank you for supporting $PROJECT!

\n" + ."
\n"); + + $hstart = ""; + $hend = ""; + } print("" ."

\n"); - if ($LOGIN_USER != "") + if ($LOGIN_LEVEL >= AUTH_DEVEL) { print("" - .""); + else + print(""); + print("\n"); $abstract = htmlspecialchars($abstract, ENT_QUOTES); - print("" - .""); + else + print(""); + print("\n"); - $author = htmlspecialchars($author, ENT_QUOTES); + $create_user = htmlspecialchars($create_user, ENT_QUOTES); - print("" - ."\n"); + if ($create_user == "") + print(""); + else + print(""); + print("\n"); $contents = htmlspecialchars($contents, ENT_QUOTES); - print("" - ."\n"); print("\n"); + ."\n"); print("
Published:"); select_is_published($is_published); @@ -670,26 +687,38 @@ switch ($op) $title = htmlspecialchars($title, ENT_QUOTES); - print("
Title:${hstart}Title:${hend}
Title:
Abstract:${hstart}Abstract:${hend}
Abstract:
Author:
${hstart}Author:${hend}
Author:
Contents:\n" ."

The contents of the article may contain the following " @@ -700,7 +729,7 @@ switch ($op) ."TT, U, UL

" - ."

\n"); html_footer(); @@ -709,6 +738,6 @@ switch ($op) // -// End of "$Id: articles.php,v 1.7 2004/05/19 03:26:36 mike Exp $". +// End of "$Id: articles.php,v 1.8 2004/05/19 14:02:38 mike Exp $". // ?> diff --git a/www/comment.php b/www/comment.php index 2f7b736..e4f2bb0 100644 --- a/www/comment.php +++ b/www/comment.php @@ -1,6 +1,6 @@ \n"); - if ($LOGIN_USER) + if ($LOGIN_LEVEL >= AUTH_DEVEL) { print("File Path:" ."Comments\n"); - if (!$LOGIN_USER) + if ($LOGIN_LEVEL < AUTH_DEVEL) { $result = db_query("SELECT * FROM comment WHERE status = 1 AND " ."url LIKE '${listpath}%' ORDER BY id"); @@ -276,19 +279,19 @@ else { $result = db_query("SELECT * FROM comment WHERE " ."url LIKE '${listpath}%' ORDER BY id"); - print("

[ Show Hidden Comments ]

\n"); + print("

Show Hidden Comments ]

\n"); } else { $result = db_query("SELECT * FROM comment WHERE status = 0 AND " ."url LIKE '${listpath}%' ORDER BY id"); - print("

[ Show All Comments ]

\n"); + print("

Show All Comments ]

\n"); } } if (db_count($result) == 0) { - if ($LOGIN_USER && $op == 'l') + if ($LOGIN_LEVEL >= AUTH_DEVEL && $op == 'l') print("

No hidden comments.

\n"); else print("

No visible comments.

\n"); @@ -304,10 +307,10 @@ else $contents = sanitize_text($row['contents']); $location = str_replace("_", "?", $row['url']); - print("
  • $row[url] " + print("
  • $row[url] " ." by $create_user on $create_date " - ."[ Edit " - ."| Delete " + ."[ Edit " + ."| Delete " ."]
    $contents
  • \n"); } @@ -357,6 +360,6 @@ else } // -// End of "$Id: comment.php,v 1.4 2004/05/19 03:26:36 mike Exp $". +// End of "$Id: comment.php,v 1.5 2004/05/19 14:02:38 mike Exp $". // ?> diff --git a/www/index.php b/www/index.php index fa9afec..5702475 100644 --- a/www/index.php +++ b/www/index.php @@ -1,6 +1,6 @@ " - ."

    Current Release: v1.3, " - ."December 21, 2003

    \n" + ."

    Stable Release: v1.3, " + ."December 21, 2003
    " + ."Developer Release: v2.0rc1, " + ."May 20, 2004

    \n" ."

    Mini-XML is a small XML parsing library that you can use to " ."read XML and XML-like data files in your application without " ."requiring large non-standard libraries. Mini-XML only requires " @@ -46,7 +48,9 @@ html_end_row(); html_end_table(); print("

    " - ."\n" ."
        "); + ."" + ."

    Recent Articles [ View All" + ." ]

    \n"); $result = db_query("SELECT * FROM article WHERE is_published = 1 " ."ORDER BY modify_date DESC LIMIT 4"); @@ -69,7 +73,7 @@ else else $count .= " comments"; - print("

    $title

    \n" + print("

    $title

    \n" ."

    $date, $count
    $abstract [ " ."Read ]

    \n"); } @@ -77,18 +81,12 @@ else db_free($result); -html_start_links(); -html_link("View Articles", "articles.php"); -html_link("Submit Bug Report", "str.php"); -html_link("Download Software", "software.php"); -html_end_links(); - print("

    \n"); html_footer(); // -// End of "$Id: index.php,v 1.2 2004/05/19 01:39:04 mike Exp $". +// End of "$Id: index.php,v 1.3 2004/05/19 14:02:38 mike Exp $". // ?> diff --git a/www/phplib/auth.php b/www/phplib/auth.php index 087f103..3ec2e14 100644 --- a/www/phplib/auth.php +++ b/www/phplib/auth.php @@ -1,6 +1,6 @@ diff --git a/www/phplib/globals.php b/www/phplib/globals.php index 8beda7b..3eaf06e 100644 --- a/www/phplib/globals.php +++ b/www/phplib/globals.php @@ -1,8 +1,8 @@ diff --git a/www/software.php b/www/software.php index 26a6168..71ebe0a 100644 --- a/www/software.php +++ b/www/software.php @@ -1,6 +1,6 @@ Download"); html_start_table(array("Version", "Filename", "Size", "MD5 Sum")); -$curversion = ""; -$firstversion = current($files); +$curversion = ""; reset($files); + +if ($argc >= 1) + $firstversion = $argv[0]; +else + $firstversion = current($files); + while (list($file, $version) = each($files)) { html_start_row(); @@ -109,6 +114,6 @@ html_end_table(); html_footer(); // -// End of "$Id: software.php,v 1.2 2004/05/19 12:15:20 mike Exp $". +// End of "$Id: software.php,v 1.3 2004/05/19 14:02:38 mike Exp $". // ?> diff --git a/www/str.php b/www/str.php index 6c8ee3c..6d39a98 100644 --- a/www/str.php +++ b/www/str.php @@ -1,6 +1,6 @@ "Michael Sweet " -); - $messages = array( "Fixed in CVS" => "Fixed in CVS - the anonymous CVS repository will be updated at " @@ -53,7 +49,9 @@ $subsystems = array( ); $versions = array( - "2.0cvs", + "CVS", + "+2.0rc2", + "2.0rc1", "1.3", "1.2", "1.1.2", @@ -64,6 +62,20 @@ $versions = array( ); +// +// Get the list of valid developers from the users table... +// + +$managers = array(); + +$result = db_query("SELECT * FROM users WHERE is_published = 1 AND " + ."level >= " . AUTH_DEVEL); +while ($row = db_next($result)) + $managers[$row["name"]] = $row["email"]; + +db_free($result); + + // // 'notify_creator()' - Notify creator of a STR of changes... // @@ -219,7 +231,7 @@ if ($argc) exit(); } - if (($op == 'M' || $op == 'B') && !$LOGIN_USER) + if (($op == 'M' || $op == 'B') && $LOGIN_LEVEL < AUTH_DEVEL) { html_header("STR Error"); print("

    The '$op' command is not available to you!

    \n"); @@ -404,7 +416,7 @@ switch ($op) html_link("Post File", "$PHP_SELF?F$id$options"); } - if ($LOGIN_USER) + if ($LOGIN_LEVEL >= AUTH_DEVEL) html_link("Modify STR", "$PHP_SELF?M$id$options"); html_end_links(); @@ -545,7 +557,7 @@ switch ($op) html_header("Support"); html_start_links(1); - html_link("Post New Software Trouble Report", "$PHP_SELF?N$options'"); + html_link("Submit Support Request", "$PHP_SELF?N$options'"); html_end_links(); print("

    Support

    \n"); @@ -605,7 +617,7 @@ switch ($op) print(""); else print(">Only Mine"); @@ -646,7 +658,7 @@ switch ($op) $prefix = " AND "; } - if (!$LOGIN_USER) + if ($LOGIN_LEVEL < AUTH_DEVEL) { $query .= "${prefix}is_published = 1"; $prefix = " AND "; @@ -659,7 +671,7 @@ switch ($op) else $email = ""; - if ($LOGIN_USER) + if ($LOGIN_LEVEL >= AUTH_DEVEL) { $query .= "${prefix}(manager_email = '' OR manager_email = '$email')"; $prefix = " AND "; @@ -764,7 +776,7 @@ switch ($op) print("

    $count STR(s) found, showing $start to $end:

    \n"); - if ($LOGIN_USER) + if ($LOGIN_LEVEL >= AUTH_DEVEL) print("
    \n"); if ($count > $PAGE_MAX) @@ -814,7 +826,7 @@ switch ($op) ."border='0' align='middle' alt='Private'/>"; print(""); - if ($LOGIN_USER) + if ($LOGIN_LEVEL >= AUTH_DEVEL) print(""); print("$link$row[id]" ."$link$prtext" @@ -860,7 +872,7 @@ switch ($op) db_free($result); - if ($LOGIN_USER) + if ($LOGIN_LEVEL >= AUTH_DEVEL) { html_start_row("header"); print(" 
    "); @@ -929,12 +941,13 @@ switch ($op) print("

    \n"); } - if ($LOGIN_USER) + if ($LOGIN_LEVEL >= AUTH_DEVEL) print("
    "); print("

    " ."MACH = Machine, " - ."OS = Operating System." + ."OS = Operating System, " + ."STR = Software Trouble Report" ."

    \n"); } @@ -1640,13 +1653,13 @@ switch ($op) } else { - html_header("Post New Software Trouble Report"); + html_header("Submit Support Request"); html_start_links(1); html_link("Return to Support", "$PHP_SELF?L$options"); html_end_links(); - print("

    Post New Software Trouble Report

    \n"); + print("

    Submit Support Request

    \n"); if ($REQUEST_METHOD == "POST") { @@ -1773,7 +1786,7 @@ switch ($op) print("\n"); print("" - ."\n"); + ."\n"); print("

    \n"); html_footer(); } @@ -1852,6 +1865,6 @@ switch ($op) } // -// End of "$Id: str.php,v 1.8 2004/05/19 02:57:18 mike Exp $". +// End of "$Id: str.php,v 1.9 2004/05/19 14:02:38 mike Exp $". // ?>