ConLite
/
ConLite
1
0
Fork 0
Code Issues 22 Pull-Requests Projekte 2 Releases 2 Wiki Aktivität

Tagging version 2.1.0

Dieser Commit ist enthalten in:
Oldperl 2019-12-28 11:21:12 +00:00
Ursprung a0ea0e7255
Commit ad75f4b3fc
2 geänderte Dateien mit 318 neuen und 270 gelöschten Zeilen
Statistiken anzeigen Patch-Datei herunterladen Vergleichs-Datei herunterladen Alle Dateien ausklappen Alle Dateien einklappen

585
cms/includes/functions.navigation.php
Datei anzeigen

@ -1,5 +1,4 @@
<?php <?php
/** /**
* Project: * Project:
* Contenido Content Management System * Contenido Content Management System
@ -18,17 +17,20 @@
* *
* $Id$: * $Id$:
*/ */
if (!defined('CON_FRAMEWORK')) {
die('Illegal call'); if(!defined('CON_FRAMEWORK')) {
die('Illegal call');
} }
// create Navigation array for one level // create Navigation array for one level
function createNavigationArray($start_id, $db) { function createNavigationArray($start_id, $db)
{
global $user, $cfg, $client, $lang, $auth; global $user, $cfg, $client, $lang, $auth;
$navigation = array(); $navigation = array();
$FrontendPermissionCollection = new FrontendPermissionCollection; $FrontendPermissionCollection = new FrontendPermissionCollection;
// SECURITY-FIX // SECURITY-FIX
$sql = "SELECT $sql = "SELECT
A.idcat, A.idcat,
@ -36,224 +38,255 @@ function createNavigationArray($start_id, $db) {
C.public, C.public,
C.idcatlang C.idcatlang
FROM FROM
" . $cfg["tab"]["cat_tree"] . " AS A, ".$cfg["tab"]["cat_tree"]." AS A,
" . $cfg["tab"]["cat"] . " AS B, ".$cfg["tab"]["cat"]." AS B,
" . $cfg["tab"]["cat_lang"] . " AS C ".$cfg["tab"]["cat_lang"]." AS C
WHERE WHERE
A.idcat = B.idcat AND A.idcat = B.idcat AND
B.idcat = C.idcat AND B.idcat = C.idcat AND
B.idclient = '" . Contenido_Security::escapeDB($client, $db) . "' AND B.idclient = '".Contenido_Security::escapeDB($client, $db)."' AND
C.idlang = '" . Contenido_Security::escapeDB($lang, $db) . "' AND C.idlang = '".Contenido_Security::escapeDB($lang, $db)."' AND
C.visible = '1' AND C.visible = '1' AND
B.parentid = '" . Contenido_Security::escapeDB($start_id, $db) . "' B.parentid = '".Contenido_Security::escapeDB($start_id, $db)."'
ORDER BY ORDER BY
A.idtree"; A.idtree";
$db->query($sql); $db->query($sql);
while ($db->next_record()) { while($db->next_record())
$cat_id = $db->f("idcat"); {
$cat_idlang = $db->f("idcatlang"); $cat_id = $db->f("idcat");
$visible = false; $cat_idlang = $db->f("idcatlang");
if ($db->f("public") != 0) { $visible=false;
$visible = true; if($db->f("public")!=0){
} elseif (($auth->auth['uid'] != '') && ($auth->auth['uid'] != 'nobody')) { $visible = true;
$FrontendGroupMemberCollection = new FrontendGroupMemberCollection; }elseif(($auth->auth['uid']!='')&&($auth->auth['uid']!='nobody')){
$FrontendGroupMemberCollection = new FrontendGroupMemberCollection;
$FrontendGroupMemberCollection->setWhere("idfrontenduser", $auth->auth['uid']); $FrontendGroupMemberCollection->setWhere("idfrontenduser",$auth->auth['uid']);
$FrontendGroupMemberCollection->query(); $FrontendGroupMemberCollection->query();
$groups = array(); $groups = array();
while ($member = $FrontendGroupMemberCollection->next()) { while ($member = $FrontendGroupMemberCollection->next()){
$groups[] = $member->get("idfrontendgroup"); $groups[] = $member->get("idfrontendgroup");
} }
} }
if (count($groups) > 0) { if(count($groups)>0){
for ($i = 0; $i < count($groups); $i++) { for($i=0;$i<count($groups);$i++){
if ($FrontendPermissionCollection->checkPerm($groups[$i], 'category', 'access', $cat_idlang, true)) { if($FrontendPermissionCollection->checkPerm($groups[$i],'category','access',$cat_idlang, true)){
$visible = true; $visible=true;
} }
} }
} }
if ($visible) { if($visible){
$navigation[$cat_id] = array("idcat" => $cat_id, $navigation[$cat_id] = array("idcat" => $cat_id,
"name" => $db->f("name"), "name" => $db->f("name"),
"target" => '_self', # you can not call getTarget($cat_id, &$db) at this point with the same db instance! "target" => '_self', # you can not call getTarget($cat_id, &$db) at this point with the same db instance!
"public" => $db->f("public")); "public" => $db->f("public"));
} }
} // end while } // end while
$db->free(); $db->free();
return $navigation; return $navigation;
} }
/** /**
* Return target of a given category id * Return target of a given category id
* *
* @deprecated * @deprecated
*/ */
function getTarget($cat_id, $db) { function getTarget($cat_id, $db) {
global $cfg, $client, $lang; global $cfg, $client, $lang;
// SECURITY-FIX // SECURITY-FIX
$sql = "SELECT $sql = "SELECT
a.external_redirect AS ext a.external_redirect AS ext
FROM FROM
" . $cfg["tab"]["art_lang"] . " AS a, ".$cfg["tab"]["art_lang"]." AS a,
" . $cfg["tab"]["cat_art"] . " AS b, ".$cfg["tab"]["cat_art"]." AS b,
" . $cfg["tab"]["cat"] . " AS c ".$cfg["tab"]["cat"]." AS c
WHERE WHERE
b.idcat = '" . Contenido_Security::escapeDB($cat_id, $db) . "' AND b.idcat = '".Contenido_Security::escapeDB($cat_id, $db)."' AND
c.idclient = '" . Contenido_Security::escapeDB($client, $db) . "' AND c.idclient = '".Contenido_Security::escapeDB($client, $db)."' AND
c.idcat = b.idcat AND c.idcat = b.idcat AND
a.idart = b.idart AND a.idart = b.idart AND
a.idlang = '" . Contenido_Security::escapeDB($lang, $db) . "'"; a.idlang = '".Contenido_Security::escapeDB($lang, $db)."'";
$db->query($sql); $db->query($sql);
$db->next_record(); $db->next_record();
$target = ( $db->f('ext') == 0 ) ? '_self' : '_blank'; $target = ( $db->f('ext') == 0 ) ? '_self' : '_blank';
$db->free(); $db->free();
return $target; return $target;
} }
/** /**
* Return true if $parentid is parent of $catid * Return true if $parentid is parent of $catid
*/ */
function isParent($parentid, $catid, $db) { function isParent($parentid, $catid, $db) {
global $cfg, $client, $lang;
global $cfg, $client, $lang; // SECURITY-FIX
// SECURITY-FIX $sql = "SELECT
$sql = "SELECT
a.parentid a.parentid
FROM FROM
" . $cfg["tab"]["cat"] . " AS a, ".$cfg["tab"]["cat"]." AS a,
" . $cfg["tab"]["cat_lang"] . " AS b ".$cfg["tab"]["cat_lang"]." AS b
WHERE WHERE
a.idclient = '" . Contenido_Security::escapeDB($client, $db) . "' AND a.idclient = '". Contenido_Security::escapeDB($client, $db)."' AND
b.idlang = '" . Contenido_Security::escapeDB($lang, $db) . "' AND b.idlang = '".Contenido_Security::escapeDB($lang, $db)."' AND
a.idcat = b.idcat AND a.idcat = b.idcat AND
a.idcat = '" . Contenido_Security::escapeDB($catid, $db) . "'"; a.idcat = '".Contenido_Security::escapeDB($catid, $db)."'";
$db->query($sql); $db->query($sql);
$db->next_record(); $db->next_record();
$pre = $db->f("parentid"); $pre = $db->f("parentid");
if ($parentid == $pre) { if($parentid == $pre)
return true; {
} else { return true;
return false; }
} else
{
return false;
}
} }
function getParent($preid, &$db) { function getParent($preid, &$db) {
global $cfg, $client, $lang; global $cfg, $client, $lang;
// SECURITY-FIX // SECURITY-FIX
$sql = "SELECT $sql = "SELECT
a.parentid a.parentid
FROM FROM
" . $cfg["tab"]["cat"] . " AS a, ".$cfg["tab"]["cat"]." AS a,
" . $cfg["tab"]["cat_lang"] . " AS b ".$cfg["tab"]["cat_lang"]." AS b
WHERE WHERE
a.idclient = '" . Contenido_Security::escapeDB($client, $db) . "' AND a.idclient = '".Contenido_Security::escapeDB($client, $db)."' AND
b.idlang = '" . Contenido_Security::escapeDB($lang, $db) . "' AND b.idlang = '".Contenido_Security::escapeDB($lang, $db)."' AND
a.idcat = b.idcat AND a.idcat = b.idcat AND
a.idcat = '" . Contenido_Security::escapeDB($preid, $db) . "'"; a.idcat = '".Contenido_Security::escapeDB($preid, $db)."'";
$db->query($sql); $db->query($sql);
if ($db->next_record())
{
return $db->f("parentid");
}else
{
return false;
}
if ($db->next_record()) {
return $db->f("parentid");
} else {
return false;
}
} }
function getLevel($catid, &$db) { function getLevel($catid, &$db)
global $cfg, $client, $lang; {
global $cfg, $client, $lang;
// SECURITY-FIX // SECURITY-FIX
$sql = "SELECT $sql = "SELECT
level level
FROM FROM
" . $cfg["tab"]["cat_tree"] . " ".$cfg["tab"]["cat_tree"]."
WHERE WHERE
idcat = '" . Contenido_Security::escapeDB($catid, $db) . "' "; idcat = '". Contenido_Security::escapeDB($catid, $db)."' ";
$db->query($sql);
$db->query($sql); if ($db->next_record())
{
if ($db->next_record()) { return $db->f("level");
return $db->f("level"); }else
} else { {
return false; return false;
} }
} }
/** /**
* Return path of a given category up to a certain level * Return path of a given category up to a certain level
*/ */
function getCategoryPath($cat_id, $level, $reverse = true, &$db) { function getCategoryPath($cat_id, $level, $reverse = true, &$db) {
$root_path = array(); $root_path = array();
array_push($root_path, $cat_id); array_push($root_path, $cat_id);
$parent_id = $cat_id; $parent_id = $cat_id;
while (getLevel($parent_id, $db) != false AND getLevel($parent_id, $db) > $level AND getLevel($parent_id, $db) >= 0) { while (getLevel($parent_id, $db) != false AND getLevel($parent_id, $db) > $level AND getLevel($parent_id, $db) >= 0)
{
$parent_id = getParent($parent_id, $db);
if ($parent_id != false) { $parent_id = getParent($parent_id, $db);
array_push($root_path, $parent_id); if ($parent_id != false)
} {
} array_push($root_path, $parent_id);
}
if ($reverse == true) {
$root_path = array_reverse($root_path); }
}
if ($reverse == true)
return $root_path; {
$root_path = array_reverse($root_path);
}
return $root_path;
} }
/** /**
* Return location string of a given category * Return location string of a given category
*/ */
function getLocationString($iStartCat, $level, $seperator, $sLinkStyleClass, $sTextStyleClass, $fullweblink = false, $reverse = true, $mod_rewrite = true, $db) { function getLocationString($iStartCat, $level, $seperator, $sLinkStyleClass, $sTextStyleClass, $fullweblink = false, $reverse = true, $mod_rewrite = true, $db)
global $sess, $cfgClient, $client; {
global $sess, $cfgClient, $client;
$aCatPath = getCategoryPath($iStartCat, $level, $reverse, $db);
$aCatPath = getCategoryPath($iStartCat, $level, $reverse, $db);
if (is_array($aCatPath) AND count($aCatPath) > 0) {
$aLocation = array(); if(is_array($aCatPath) AND count($aCatPath) > 0)
foreach ($aCatPath as $value) { {
if (!$fullweblink) { $aLocation = array();
if ($mod_rewrite == true) { foreach($aCatPath as $value)
$linkUrl = $sess->url("index-a-$value.html"); {
} else { if (!$fullweblink)
$linkUrl = $sess->url("front_content.php?idcat=$value"); {
} if ($mod_rewrite == true)
} else { {
if ($mod_rewrite == true) { $linkUrl = $sess->url("index-a-$value.html");
$linkUrl = $sess->url($cfgClient[$client]["path"]["htmlpath"] . "index-a-$value.html"); }else
} else { {
$linkUrl = $sess->url($cfgClient[$client]["path"]["htmlpath"] . "front_content.php?idcat=$value"); $linkUrl = $sess->url("front_content.php?idcat=$value");
} }
} }else
$name = getCategoryName($value, $db); {
$aLocation[] = '<a href="' . $linkUrl . '" class="' . $sLinkStyleClass . '"><nobr>' . $name . '</nobr></a>'; if ($mod_rewrite == true)
} {
} $linkUrl = $sess->url($cfgClient[$client]["path"]["htmlpath"] . "index-a-$value.html");
}else
$sLocation = implode($seperator, $aLocation); {
$sLocation = '<span class="' . $sTextStyleClass . '">' . $sLocation . '</span>'; $linkUrl = $sess->url($cfgClient[$client]["path"]["htmlpath"] . "front_content.php?idcat=$value");
}
}
return $sLocation; $name = getCategoryName($value, $db);
$aLocation[] = '<a href="'.$linkUrl.'" class="'.$sLinkStyleClass.'"><nobr>'.$name.'</nobr></a>';
}
}
$sLocation = implode($seperator, $aLocation);
$sLocation = '<span class="'.$sTextStyleClass.'">'.$sLocation.'</span>';
return $sLocation;
} }
/** /**
* *
* get subtree by a given id * get subtree by a given id
@ -263,33 +296,38 @@ function getLocationString($iStartCat, $level, $seperator, $sLinkStyleClass, $sT
* *
* @copyright four for business AG <www.4fb.de> * @copyright four for business AG <www.4fb.de>
*/ */
function getSubTree($idcat_start, $db) {
function getSubTree($idcat_start, $db)
{
global $client, $cfg; global $client, $cfg;
// SECURITY-FIX // SECURITY-FIX
$sql = "SELECT $sql = "SELECT
B.idcat, A.level B.idcat, A.level
FROM FROM
" . $cfg["tab"]["cat_tree"] . " AS A, ".$cfg["tab"]["cat_tree"]." AS A,
" . $cfg["tab"]["cat"] . " AS B ".$cfg["tab"]["cat"]." AS B
WHERE WHERE
A.idcat = B.idcat AND A.idcat = B.idcat AND
idclient = '" . Contenido_Security::escapeDB($client, $db) . "' idclient = '". Contenido_Security::escapeDB($client, $db)."'
ORDER BY ORDER BY
idtree"; idtree";
$db->query($sql); $db->query($sql);
$subCats = false; $subCats = false;
$curLevel = 0; $curLevel = 0;
while ($db->next_record()) { while ($db->next_record())
if ($db->f("idcat") == $idcat_start) { {
$curLevel = $db->f("level"); if ($db->f("idcat") == $idcat_start)
$subCats = true; {
} else if ($db->f("level") <= $curLevel) { // ending part of tree $curLevel = $db->f("level");
$subCats = false; $subCats = true;
} } else if ($db->f("level") <= $curLevel) // ending part of tree
{
$subCats = false;
}
if ($subCats == true) { //echo "true"; echo $db->f("idcat"); echo "<br>"; if ($subCats == true) { //echo "true"; echo $db->f("idcat"); echo "<br>";
$deeper_cats[] = $db->f("idcat"); $deeper_cats[] = $db->f("idcat");
} }
@ -297,36 +335,39 @@ function getSubTree($idcat_start, $db) {
return $deeper_cats; return $deeper_cats;
} }
function getTeaserDeeperCategories($iIdcat, $db) { function getTeaserDeeperCategories($iIdcat, $db)
global $client, $cfg, $lang; {
global $client, $cfg, $lang;
// SECURITY-FIX
$sql = "SELECT // SECURITY-FIX
$sql = "SELECT
B.parentid, B.idcat B.parentid, B.idcat
FROM FROM
" . $cfg["tab"]["cat_tree"] . " AS A, ".$cfg["tab"]["cat_tree"]." AS A,
" . $cfg["tab"]["cat"] . " AS B, ".$cfg["tab"]["cat"]." AS B,
" . $cfg["tab"]["cat_lang"] . " AS C ".$cfg["tab"]["cat_lang"]." AS C
WHERE WHERE
A.idcat = B.idcat AND A.idcat = B.idcat AND
B.idcat = C.idcat AND B.idcat = C.idcat AND
C.idlang = '" . Contenido_Security::escapeDB($lang, $db) . "' AND C.idlang = '". Contenido_Security::escapeDB($lang, $db)."' AND
C.visible = '1' AND C.visible = '1' AND
B.idclient = '" . Contenido_Security::escapeDB($client, $db) . "' B.idclient = '". Contenido_Security::escapeDB($client, $db) ."'
ORDER BY ORDER BY
idtree"; idtree";
$db->query($sql); $db->query($sql);
$subCats = false;
$curLevel = 0;
while ($db->next_record()) {
if ($db->f("idcat") == $iIdcat) {
$curLevel = $db->f("level");
$subCats = true;
} else if ($curLevel == $db->f("level")) { // ending part of tree
$subCats = false;
}
$subCats = false;
$curLevel = 0;
while ($db->next_record()) {
if ($db->f("idcat") == $iIdcat)
{
$curLevel = $db->f("level");
$subCats = true;
} else if ($curLevel == $db->f("level")) // ending part of tree
{
$subCats = false;
}
if ($subCats == true) { if ($subCats == true) {
$deeper_cats[] = $db->f("idcat"); $deeper_cats[] = $db->f("idcat");
} }
@ -343,38 +384,42 @@ function getTeaserDeeperCategories($iIdcat, $db) {
* *
* @copyright four for business AG <www.4fb.de> * @copyright four for business AG <www.4fb.de>
*/ */
function getProtectedSubTree($idcat_start, $db) {
function getProtectedSubTree($idcat_start, $db)
{
global $client, $cfg, $lang; global $client, $cfg, $lang;
// SECURITY-FIX // SECURITY-FIX
$sql = "SELECT $sql = "SELECT
B.parentid, B.idcat B.parentid, B.idcat
FROM FROM
" . $cfg["tab"]["cat_tree"] . " AS A, ".$cfg["tab"]["cat_tree"]." AS A,
" . $cfg["tab"]["cat"] . " AS B, ".$cfg["tab"]["cat"]." AS B,
" . $cfg["tab"]["cat_lang"] . " AS C ".$cfg["tab"]["cat_lang"]." AS C
WHERE WHERE
A.idcat = B.idcat AND A.idcat = B.idcat AND
B.idcat = C.idcat AND B.idcat = C.idcat AND
C.idlang = '" . Contenido_Security::escapeDB($lang, $db) . "' AND C.idlang = '".Contenido_Security::escapeDB($lang, $db)."' AND
C.visible = '1' AND C.visible = '1' AND
C.public = '1' AND C.public = '1' AND
B.idclient = '" . Contenido_Security::escapeDB($client, $db) . "' B.idclient = '".Contenido_Security::escapeDB($client, $db)."'
ORDER BY ORDER BY
idtree"; idtree";
$db->query($sql); $db->query($sql);
$subCats = false; $subCats = false;
$curLevel = 0; $curLevel = 0;
while ($db->next_record()) { while ( $db->next_record() ) {
if ($db->f("idcat") == $idcat_start) { if ($db->f("idcat") == $idcat_start)
$curLevel = $db->f("level"); {
$subCats = true; $curLevel = $db->f("level");
} else if ($curLevel == $db->f("level")) { // ending part of tree $subCats = true;
$subCats = false; } else if ($curLevel == $db->f("level")) // ending part of tree
} {
$subCats = false;
}
if ($subCats == true) { //echo "true"; echo $db->f("idcat"); echo "<br>"; if ($subCats == true) { //echo "true"; echo $db->f("idcat"); echo "<br>";
$deeper_cats[] = $db->f("idcat"); $deeper_cats[] = $db->f("idcat");
} }
@ -382,37 +427,42 @@ function getProtectedSubTree($idcat_start, $db) {
return $deeper_cats; return $deeper_cats;
} }
/** /**
* Return category name * Return category name
*/ */
function getCategoryName($cat_id, &$db) { function getCategoryName($cat_id, &$db) {
global $cfg, $client, $lang; global $cfg, $client, $lang;
// SECURITY-FIX // SECURITY-FIX
$sql = "SELECT $sql = "SELECT
* *
FROM FROM
" . $cfg["tab"]["cat"] . " AS A, ".$cfg["tab"]["cat"]." AS A,
" . $cfg["tab"]["cat_lang"] . " AS B ".$cfg["tab"]["cat_lang"]." AS B
WHERE WHERE
A.idcat = B.idcat AND A.idcat = B.idcat AND
A.idcat = '" . Contenido_Security::escapeDB($cat_id, $db) . "' AND A.idcat = '". Contenido_Security::escapeDB($cat_id, $db)."' AND
A.idclient = '" . Contenido_Security::escapeDB($client, $db) . "' AND A.idclient = '".Contenido_Security::escapeDB($client, $db)."' AND
B.idlang = '" . Contenido_Security::escapeDB($lang, $db) . "' B.idlang = '".Contenido_Security::escapeDB($lang, $db)."'
"; ";
$db->query($sql); $db->query($sql);
if ($db->next_record()) { if ($db->next_record())
$cat_name = $db->f("name"); {
return $cat_name; $cat_name = $db->f("name");
} else { return $cat_name;
return '';
} }
} else
{
// end function return '';
}
} // end function
// get direct subcategories of a given category // get direct subcategories of a given category
function getSubCategories($parent_id, $db) { function getSubCategories($parent_id, $db) {
@ -420,36 +470,37 @@ function getSubCategories($parent_id, $db) {
$subcategories = array(); $subcategories = array();
global $cfg, $client, $lang; global $cfg, $client, $lang;
// SECURITY-FIX // SECURITY-FIX
$sql = "SELECT $sql = "SELECT
A.idcat A.idcat
FROM FROM
" . $cfg["tab"]["cat_tree"] . " AS A, ".$cfg["tab"]["cat_tree"]." AS A,
" . $cfg["tab"]["cat"] . " AS B, ".$cfg["tab"]["cat"]." AS B,
" . $cfg["tab"]["cat_lang"] . " AS C ".$cfg["tab"]["cat_lang"]." AS C
WHERE WHERE
A.idcat = B.idcat AND A.idcat = B.idcat AND
B.idcat = C.idcat AND B.idcat = C.idcat AND
B.idclient = '" . Contenido_Security::escapeDB($client, $db) . "' AND B.idclient = '". Contenido_Security::escapeDB($client, $db)."' AND
C.idlang = '" . Contenido_Security::escapeDB($lang, $db) . "' AND C.idlang = '".Contenido_Security::escapeDB($lang, $db)."' AND
C.visible = '1' AND C.visible = '1' AND
C.public = '1' AND C.public = '1' AND
B.parentid = '" . Contenido_Security::escapeDB($parent_id, $db) . "' B.parentid = '".Contenido_Security::escapeDB($parent_id, $db)."'
ORDER BY ORDER BY
A.idtree"; A.idtree";
$db->query($sql); $db->query($sql);
while ($db->next_record()) { while ( $db->next_record() ) {
$subcategories[] = $db->f("idcat"); $subcategories[] = $db->f("idcat");
} // end while } // end while
return $subcategories; return $subcategories;
}
} // end function
// end function
// get direct subcategories with protected categories // get direct subcategories with protected categories
function getProtectedSubCategories($parent_id, $db) { function getProtectedSubCategories($parent_id, $db) {
@ -463,59 +514,59 @@ function getProtectedSubCategories($parent_id, $db) {
$sql = "SELECT $sql = "SELECT
A.idcat A.idcat
FROM FROM
" . $cfg["tab"]["cat_tree"] . " AS A, ".$cfg["tab"]["cat_tree"]." AS A,
" . $cfg["tab"]["cat"] . " AS B, ".$cfg["tab"]["cat"]." AS B,
" . $cfg["tab"]["cat_lang"] . " AS C ".$cfg["tab"]["cat_lang"]." AS C
WHERE WHERE
A.idcat = B.idcat AND A.idcat = B.idcat AND
B.idcat = C.idcat AND B.idcat = C.idcat AND
B.idclient = '" . Contenido_Security::escapeDB($client, $db) . "' AND B.idclient = '".Contenido_Security::escapeDB($client, $db)."' AND
C.idlang = '" . Contenido_Security::escapeDB($lang, $db) . "' AND C.idlang = '".Contenido_Security::escapeDB($lang, $db)."' AND
B.parentid = '" . Contenido_Security::escapeDB($parent_id, $db) . "' B.parentid = '".Contenido_Security::escapeDB($parent_id, $db)."'
ORDER BY ORDER BY
A.idtree"; A.idtree";
$db->query($sql); $db->query($sql);
while ($db->next_record()) { while ( $db->next_record() ) {
$subcategories[] = $db->f("idcat"); $subcategories[] = $db->f("idcat");
} // end while } // end while
return $subcategories; return $subcategories;
}
// end function } // end function
function checkCatPermission($idcatlang, $public) { function checkCatPermission($idcatlang, $public) {
#Check if current user has permissions to access cat #Check if current user has permissions to access cat
global $auth; global $auth;
$oDB = new DB_Contenido;
$FrontendPermissionCollection = new FrontendPermissionCollection;
$visible=false;
$oDB = new DB_ConLite(); if($public!=0){
$visible = true;
$FrontendPermissionCollection = new FrontendPermissionCollection; }elseif(($auth->auth['uid']!='')&&($auth->auth['uid']!='nobody')){
$visible = false; $FrontendGroupMemberCollection = new FrontendGroupMemberCollection;
$FrontendGroupMemberCollection->setWhere("idfrontenduser",$auth->auth['uid']);
if ($public != 0) { $FrontendGroupMemberCollection->query();
$visible = true; $groups = array();
$groups = array(); while ($member = $FrontendGroupMemberCollection->next()){
} elseif (($auth->auth['uid'] != '') && ($auth->auth['uid'] != 'nobody')) { $groups[] = $member->get("idfrontendgroup");
$FrontendGroupMemberCollection = new FrontendGroupMemberCollection; }
$FrontendGroupMemberCollection->setWhere("idfrontenduser", $auth->auth['uid']); }
$FrontendGroupMemberCollection->query(); if(count($groups)>0){
$groups = array(); for($i=0;$i<count($groups);$i++){
while ($member = $FrontendGroupMemberCollection->next()) { if($FrontendPermissionCollection->checkPerm($groups[$i],'category','access',$idcatlang, true)){
$groups[] = $member->get("idfrontendgroup"); $visible=true;
} }
} }
if (count($groups) > 0) { }
for ($i = 0; $i < count($groups); $i++) {
if ($FrontendPermissionCollection->checkPerm($groups[$i], 'category', 'access', $idcatlang, true)) { return $visible;
$visible = true; }
} ?>
}
}
return $visible;
}

3
setup/data/base/base_area1.sql
Datei anzeigen

@ -43,7 +43,6 @@ INSERT INTO !PREFIX!_area VALUES('47', 'lang', 'lang_edit', '1', '1', '0');
INSERT INTO !PREFIX!_area VALUES('48', 'client', 'client_edit', '1', '1', '0'); INSERT INTO !PREFIX!_area VALUES('48', 'client', 'client_edit', '1', '1', '0');
INSERT INTO !PREFIX!_area VALUES('49', '0', 'logs', '1', '1', '1'); INSERT INTO !PREFIX!_area VALUES('49', '0', 'logs', '1', '1', '1');
INSERT INTO !PREFIX!_area VALUES('50', '0', 'recipients', '1', '1', '0'); INSERT INTO !PREFIX!_area VALUES('50', '0', 'recipients', '1', '1', '0');
INSERT INTO !PREFIX!_area VALUES('51', '0', 'myArea', '1', '1', '1');
INSERT INTO !PREFIX!_area VALUES('52', '0', 'info', '0', '1', '1'); INSERT INTO !PREFIX!_area VALUES('52', '0', 'info', '0', '1', '1');
INSERT INTO !PREFIX!_area VALUES('53', '0', 'symbolhelp', '0', '1', '1'); INSERT INTO !PREFIX!_area VALUES('53', '0', 'symbolhelp', '0', '1', '1');
INSERT INTO !PREFIX!_area VALUES('54', '0', 'groups', '1', '1', '0'); INSERT INTO !PREFIX!_area VALUES('54', '0', 'groups', '1', '1', '0');
@ -85,8 +84,6 @@ INSERT INTO !PREFIX!_area VALUES('91', 'recipients', 'recipients_import', '1', '
INSERT INTO !PREFIX!_area VALUES('92', 'mod', 'mod_package', '1', '1', '0'); INSERT INTO !PREFIX!_area VALUES('92', 'mod', 'mod_package', '1', '1', '0');
INSERT INTO !PREFIX!_area VALUES('93', 'mod', 'mod_sync', '1', '1', '0'); INSERT INTO !PREFIX!_area VALUES('93', 'mod', 'mod_sync', '1', '1', '0');
INSERT INTO !PREFIX!_area VALUES('96', '0', 'cl_sample_plugin', '1', '1', '1'); INSERT INTO !PREFIX!_area VALUES('96', '0', 'cl_sample_plugin', '1', '1', '1');
INSERT INTO !PREFIX!_area VALUES('97', '0', 'myArea', '1', '1', '1');
INSERT INTO !PREFIX!_area VALUES('98', '0', 'myArea', '1', '1', '1');
INSERT INTO !PREFIX!_area VALUES('400', 'lay', 'lay_history', '1', '1', '0'); INSERT INTO !PREFIX!_area VALUES('400', 'lay', 'lay_history', '1', '1', '0');
INSERT INTO !PREFIX!_area VALUES('401', 'style', 'style_history', '1', '1', '0'); INSERT INTO !PREFIX!_area VALUES('401', 'style', 'style_history', '1', '1', '0');
INSERT INTO !PREFIX!_area VALUES('402', 'js', 'js_history', '1', '1', '0'); INSERT INTO !PREFIX!_area VALUES('402', 'js', 'js_history', '1', '1', '0');