Ignore:
Timestamp:
Feb 19, 2011, 11:13:22 PM (13 years ago)
Author:
patdenice
Message:

Lot of optimization.
Add privacy level management.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • extensions/AdditionalPages/additional_page.php

    r9272 r9310  
    88$identifier = $page['ap_homepage'] ? $conf['additional_pages']['homepage'] : $tokens[1];
    99
    10 load_language('plugin.lang.php', AP_PATH);
    11 
    1210if (function_exists('get_extended_desc'))
    1311  add_event_handler('AP_render_content', 'get_extended_desc');
    1412
    15 // Récupération des données de la page
    16 $query = 'SELECT id, title , content, users, groups, permalink, standalone
     13// Retrieve page data
     14$query = 'SELECT id, title , content, users, groups, level, permalink, standalone
    1715FROM ' . ADD_PAGES_TABLE . '
    1816';
     
    2119  'WHERE permalink = "'.$identifier.'";';
    2220
    23 $row = mysql_fetch_assoc(pwg_query($query));
     21$row = pwg_db_fetch_assoc(pwg_query($query));
    2422
    2523if (empty($row))
     
    4745);
    4846
    49 // Utilisateurs autorisés
    50 if (!empty($row['users']))
     47if (!is_admin() and !$page['ap_homepage'])
    5148{
    52   $authorized_users = explode(',', $row['users']);
    53   if (!is_admin() and $conf['additional_pages']['user_perm'] and !in_array($user['status'], $authorized_users))
     49  // authorized users
     50  if (!empty($row['users']))
    5451  {
    55     if ($page['ap_homepage']) return;
    56         page_forbidden(l10n('You are not authorized to access the requested page'));
     52    $authorized_users = explode(',', $row['users']);
     53    if (!is_admin() and $conf['additional_pages']['user_perm'] and !in_array($user['status'], $authorized_users))
     54    {
     55      if ($page['ap_homepage']) return;
     56      page_forbidden(l10n('You are not authorized to access the requested page'));
     57    }
     58  }
     59
     60  // authorized groups
     61  if (!empty($row['groups']))
     62  {
     63    $q = 'SELECT *
     64  FROM ' . USER_GROUP_TABLE . '
     65  WHERE user_id = ' . $user['id'] . ' AND group_id IN (' . $row['groups'] . ');';
     66    $array = mysql_fetch_array(pwg_query($q));
     67    if (!is_admin() and $conf['additional_pages']['group_perm'] and empty($array))
     68    {
     69      if ($page['ap_homepage']) return;
     70      page_forbidden(l10n('You are not authorized to access the requested page'));
     71    }
     72  }
     73
     74  // authorized level
     75  if ($user['level'] < $row['level'])
     76  {
     77    page_forbidden(l10n('You are not authorized to access the requested page'));
    5778  }
    5879}
    5980
    60 // Groupe autorisé
    61 if (!empty($row['groups']))
    62 {
    63   $q = 'SELECT *
    64 FROM ' . USER_GROUP_TABLE . '
    65 WHERE user_id = ' . $user['id'] . ' AND group_id IN (' . $row['groups'] . ');';
    66   $array = mysql_fetch_array(pwg_query($q));
    67   if (!is_admin() and $conf['additional_pages']['group_perm'] and empty($array))
    68   {
    69     if ($page['ap_homepage']) return;
    70         page_forbidden(l10n('You are not authorized to access the requested page'));
    71   }
    72 }
    73 
     81// Display standalone page
    7482if ($page['additional_page']['standalone'])
    7583{
Note: See TracChangeset for help on using the changeset viewer.