73 Zeilen
1.8 KiB
PHP
73 Zeilen
1.8 KiB
PHP
<?php
|
|
/**
|
|
* Project:
|
|
* Contenido Content Management System
|
|
*
|
|
* Description:
|
|
*
|
|
* Requirements:
|
|
* @con_php_req 5.0
|
|
*
|
|
*
|
|
* @package Contenido Backend classes
|
|
* @version 1.0
|
|
* @author Unknown
|
|
* @copyright four for business AG <www.4fb.de>
|
|
* @license http://www.contenido.org/license/LIZENZ.txt
|
|
* @link http://www.4fb.de
|
|
* @link http://www.contenido.org
|
|
*
|
|
* {@internal
|
|
* created
|
|
* modified 2008-07-04, bilal arslan, added security fix
|
|
* modified 2008-09-14, Murat Purc, CON-206: fixed backend access logic
|
|
* modified 2008-10-30, Andreas Lindner, also consider group memnership of backend users
|
|
* $Id$:
|
|
* }}
|
|
*
|
|
*/
|
|
|
|
if(!defined('CON_FRAMEWORK')) {
|
|
die('Illegal call');
|
|
}
|
|
|
|
|
|
function cecFrontendCategoryAccess_Backend($idlang, $idcat, $user)
|
|
{
|
|
global $cfg, $perm;
|
|
|
|
if ($perm->have_perm()) {
|
|
// sysadmin or client admin can always access to protected areas
|
|
return true;
|
|
}
|
|
|
|
$db2 = new DB_ConLite;
|
|
|
|
$arrSearchFor = array("'".Contenido_Security::escapeDB($user, $db2)."'");
|
|
|
|
$sql = "SELECT * FROM ".$cfg['tab']['groupmembers']." WHERE user_id = '".Contenido_Security::escapeDB($user, $db2)."'";
|
|
|
|
$db2->query($sql);
|
|
|
|
while ($db2->next_record()) {
|
|
$arrSearchFor[] = "'".Contenido_Security::escapeDB($db2->f('group_id'), $db2)."'";
|
|
}
|
|
|
|
$sSearchFor = implode(",", $arrSearchFor);
|
|
|
|
$sql = "SELECT idright
|
|
FROM ".$cfg["tab"]["rights"]." AS A,
|
|
".$cfg["tab"]["actions"]." AS B,
|
|
".$cfg["tab"]["area"]." AS C
|
|
WHERE B.name = 'front_allow' AND C.name = 'str' AND A.user_id IN (". $sSearchFor .") AND A.idcat = '".Contenido_Security::toInteger($idcat)."'
|
|
AND A.idarea = C.idarea AND B.idaction = A.idaction AND A.idlang = '".Contenido_Security::toInteger($idlang)."'";
|
|
|
|
$db2->query($sql);
|
|
|
|
if (!$db2->next_record()) {
|
|
return false;
|
|
} else {
|
|
return true;
|
|
}
|
|
}?>
|