UPDATED : USER LEVEL SYSTEM
This commit is contained in:
Arslan Hassan
parent
b2a15248ea
commit
187a122bdf
10 changed files with 149 additions and 44 deletions
|
|
@ -16,5 +16,5 @@ $value = $_POST['value'];
|
|||
|
||||
$lang_obj->update_phrase($phrase_id,$value);
|
||||
|
||||
echo mysql_clean($value);
|
||||
echo ($value);
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ $pages->page_redir();
|
|||
if(isset($_POST['add_phrase']))
|
||||
{
|
||||
$name = mysql_clean($_POST['name']);
|
||||
$text = mysql_clean($_POST['text']);
|
||||
$text = mysql_real_escape_string($_POST['text']);
|
||||
$lang_code = mysql_clean($_POST['lang_code']);
|
||||
$lang_obj->add_phrase($name,$text);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
</tr>
|
||||
</table>
|
||||
{assign var=perms value=$userquery->get_permissions($types[t].user_permission_type_id)}
|
||||
<table width="99%" border="0" cellpadding="0" cellspacing="0">
|
||||
<table width="99%" border="0" align="center" cellpadding="0" cellspacing="0">
|
||||
{assign var = bgcolor value = ""}
|
||||
{foreach from=$perms item=perm}
|
||||
{if $perm.permission_id !=""}
|
||||
|
|
|
|||
|
|
@ -31,33 +31,77 @@
|
|||
{elseif $view=='edit'}
|
||||
|
||||
<form action="" method="post">
|
||||
<table width="99%" border="0" cellspacing="2" cellpadding="2">
|
||||
<tr class="tr_head">
|
||||
<td>Edit Level</td>
|
||||
</tr>
|
||||
<table width="98%" border="0" align="center" cellpadding="0" cellspacing="0">
|
||||
<tr>
|
||||
<td width="30" class="left_head"> </td>
|
||||
<td align="left" class="head">Edit Level Permissions</td>
|
||||
<td width="30" class="right_head"> </td>
|
||||
</tr>
|
||||
</table>
|
||||
<table width="99%" border="0" cellspacing="2" cellpadding="2">
|
||||
<tr class="td_body">
|
||||
<td width="13%">Level Name</td>
|
||||
<td width="87%"><label for="level_name"></label>
|
||||
<input name="level_name" type="text" id="level_name" value="{$level_details.user_level_name}" /></td>
|
||||
</tr>
|
||||
{foreach from=$userquery->access_type_list key=access item=name}
|
||||
<tr class="td_body">
|
||||
<td width="13%">{$name}</td>
|
||||
<td width="87%">
|
||||
<label>
|
||||
<input type="radio" name="{$access}" value="yes"{if $level_perms.$access==yes} checked="checked"{/if}/>
|
||||
Yes</label>
|
||||
<label>
|
||||
<input type="radio" name="{$access}" value="no"{if $level_perms.$access==no} checked="checked"{/if}/>
|
||||
No</label>
|
||||
</td>
|
||||
</tr>
|
||||
<table width="98%" border="0" cellpadding="0" cellspacing="0" align="center" >
|
||||
<tr bgcolor="{$bgcolor}" class="item_listing">
|
||||
<td style="padding:5px 0px 5px 10px"><strong>Level Name</strong></td>
|
||||
<td style="padding:5px 0px 5px 10px" width="250"><span class="tips">
|
||||
<input name="level_name" type="text" id="level_name2" value="{$level_details.user_level_name|form_val}" />
|
||||
</span></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|
||||
{assign var='types' value=$userquery->get_level_types()}
|
||||
{section name=t loop=$types}
|
||||
<table width="98%" border="0" align="center" cellpadding="0" cellspacing="0">
|
||||
<tr>
|
||||
<td width="30" class="left_head"> </td>
|
||||
<td align="left" class="head">{$types[t].user_permission_type_name}</td>
|
||||
<td width="30" class="right_head"> </td>
|
||||
</tr>
|
||||
</table>
|
||||
{assign var=perms value=$userquery->get_permissions($types[t].user_permission_type_id)}
|
||||
<table width="98%" border="0" cellpadding="0" cellspacing="0" align="center" >
|
||||
{assign var = bgcolor value = ""}
|
||||
{foreach from=$perms item=perm}
|
||||
{if $perm.permission_id !=""}
|
||||
|
||||
|
||||
<tr bgcolor="{$bgcolor}" class="item_listing">
|
||||
<td style="padding:5px 0px 5px 10px"><strong>{$perm.permission_name}</strong><br />
|
||||
<em>{$perm.permission_desc}</em></td>
|
||||
<td style="padding:5px 0px 5px 10px" width="250">
|
||||
{assign var="perm_code" value=$perm.permission_code}
|
||||
<label>
|
||||
<input type="radio" name="{$perm.permission_code}" value="yes" id="{$perm.permission_id}_yes" {if $level_perms.$perm_code=='yes'} checked="checked"{/if}/>
|
||||
Yes</label>
|
||||
<label>
|
||||
<input type="radio" name="{$perm.permission_code}" value="no" id="{$perm.permission_id}_no" {if $level_perms.$perm_code==no} checked="checked"{/if}/>
|
||||
No</label>
|
||||
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
{else}
|
||||
<tr><td><div style="width:100%; margin:auto" align="center"><em>No Permission Found</em></div></td></tr>
|
||||
{/if}
|
||||
|
||||
{if $bgcolor == ""}
|
||||
{assign var = bgcolor value = "#EEEEEE"}
|
||||
{else}
|
||||
{assign var = bgcolor value = ""}
|
||||
{/if}
|
||||
|
||||
{foreachelse}
|
||||
<tr><td><div style="width:100%; margin:auto" align="center"><em>No Permission Found</em></div></td></tr>
|
||||
{/foreach}
|
||||
</table>
|
||||
|
||||
{/section}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
<table width="99%" border="0" cellspacing="2" cellpadding="2">
|
||||
<tr>
|
||||
<tr>
|
||||
<td><label for="button"></label>
|
||||
<input type="submit" name="update_level_perms" id="button" value="Update" /></td>
|
||||
</tr>
|
||||
|
|
@ -68,7 +112,7 @@
|
|||
<table width="98%" border="0" align="center" cellpadding="0" cellspacing="0">
|
||||
<tr>
|
||||
<td width="30" class="left_head"> </td>
|
||||
<td align="center" class="head">User Level Details</td>
|
||||
<td align="left" class="head">User Level Details</td>
|
||||
<td width="30" class="right_head"> </td>
|
||||
</tr>
|
||||
</table>
|
||||
|
|
@ -86,7 +130,7 @@
|
|||
<table width="98%" border="0" align="center" cellpadding="0" cellspacing="0">
|
||||
<tr>
|
||||
<td width="30" class="left_head"> </td>
|
||||
<td align="center" class="head">{$types[t].user_permission_type_name}</td>
|
||||
<td align="left" class="head">{$types[t].user_permission_type_name}</td>
|
||||
<td width="30" class="right_head"> </td>
|
||||
</tr>
|
||||
</table>
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@ switch($mode)
|
|||
{
|
||||
$array = $_POST;
|
||||
if($userquery->add_user_level($array))
|
||||
redirect_to('user_levels.php');
|
||||
redirect_to('user_levels.php?added=true');
|
||||
}
|
||||
Assign('view','add');
|
||||
}
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@ class language
|
|||
global $db;
|
||||
//First checking if phrase already exists or not
|
||||
if($this->get_phrase($id,$lang_code))
|
||||
$db->update("phrases",array('text'),array($text)," id = '".mysql_clean($id)."' ");
|
||||
$db->update("phrases",array('text'),array(mysql_real_escape_string($text))," id = '".mysql_real_escape_string($id)."' ");
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -188,10 +188,10 @@ class userquery {
|
|||
//Now user have passed all the stages, now checking if user has level access or not
|
||||
elseif($access)
|
||||
{
|
||||
$access_details = $this->get_user_level(userid());
|
||||
//$access_details = $this->get_user_level(userid());
|
||||
$access_details = $this->permission;
|
||||
if(is_numeric($access))
|
||||
{
|
||||
$access_details = $this->get_user_level(userid());
|
||||
if($access_details['level_id'] == $access)
|
||||
{
|
||||
return true;
|
||||
|
|
@ -1199,12 +1199,18 @@ class userquery {
|
|||
* Function used to get user level and its details
|
||||
* @param INT userid
|
||||
*/
|
||||
function get_user_level($uid)
|
||||
function get_user_level($uid,$is_level=false)
|
||||
{
|
||||
global $db;
|
||||
if(!$uid)
|
||||
$uid = userid();
|
||||
$level = $this->get_user_field($uid,'level');
|
||||
if($is_level)
|
||||
$level['level'] = $uid;
|
||||
else
|
||||
{
|
||||
if(!$uid)
|
||||
$uid = userid();
|
||||
$level = $this->get_user_field($uid,'level');
|
||||
}
|
||||
|
||||
$results = $db->select('user_levels','*'," user_level_id='".$level['level']."'");
|
||||
if($db->num_rows == 0)
|
||||
//incase user level is not valid, it will consider it as registered user
|
||||
|
|
@ -1231,7 +1237,7 @@ class userquery {
|
|||
function get_levels($filter=NULL)
|
||||
{
|
||||
global $db;
|
||||
$results = $db->select("user_levels","*");
|
||||
$results = $db->select("user_levels","*",NULL,NULL," user_level_id ASC" );
|
||||
if($db->num_rows > 0)
|
||||
{
|
||||
return $results;
|
||||
|
|
@ -1302,7 +1308,8 @@ class userquery {
|
|||
$fields_array[] = $access;
|
||||
$value_array[] = $array[$access] ? $array[$access] : 'no';
|
||||
}
|
||||
$db->insert("user_levels_permissions",$fields_array,$value_array);
|
||||
$db->insert("user_levels_permissions",$fields_array,$value_array);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -1398,8 +1405,8 @@ class userquery {
|
|||
//CHeck if leve is deleteable or not
|
||||
if($level_details['user_level_is_default']=='no')
|
||||
{
|
||||
$db->delete("user_levels",array("user_level_id"),$id);
|
||||
$db->delete("user_levels_permissions",array("user_level_id"),$id);
|
||||
$db->delete("user_levels",array("user_level_id"),array($id));
|
||||
$db->delete("user_levels_permissions",array("user_level_id"),array($id));
|
||||
e("User level has been deleted,
|
||||
all users of this level has been transfered to '".$de_level['user_level_name']."' ");
|
||||
|
||||
|
|
@ -1569,5 +1576,55 @@ class userquery {
|
|||
}else
|
||||
e("Permission does not exist");
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Function used to check weather current user has permission
|
||||
* to view page or not
|
||||
* it will also check weather current page requires login
|
||||
* if login is required, user will be redirected to signup page
|
||||
*/
|
||||
function perm_check($access='',$check_login=FALSE)
|
||||
{
|
||||
global $Cbucket;
|
||||
/*if($check_login)
|
||||
{
|
||||
return $this->login_check($access);
|
||||
}else
|
||||
{*/
|
||||
$access_details = $this->permission;
|
||||
if(is_numeric($access))
|
||||
{
|
||||
if($access_details['level_id'] == $access)
|
||||
{
|
||||
return true;
|
||||
}else{
|
||||
if(!$check_only)
|
||||
e($LANG['insufficient_privileges']);
|
||||
$Cbucket->show_page(false);
|
||||
return false;
|
||||
}
|
||||
}else
|
||||
{
|
||||
if($access_details[$access] == 'yes')
|
||||
{
|
||||
return true;
|
||||
}
|
||||
else
|
||||
{
|
||||
if(!$check_login)
|
||||
e(lang('insufficient_privileges'));
|
||||
else
|
||||
{ if(userid())
|
||||
e(lang('insufficient_privileges'));
|
||||
else
|
||||
e(sprintf(lang('insufficient_privileges_loggin'),cblink(array('name'=>'signup')),cblink(array('name'=>'signup'))));
|
||||
}
|
||||
$Cbucket->show_page(false);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
//}
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
|
@ -351,7 +351,8 @@ require('modules.php');
|
|||
if(user_id())
|
||||
{
|
||||
$userquery->permission = $userquery->get_user_level(userid());
|
||||
}
|
||||
}else
|
||||
$userquery->permission = $userquery->get_user_level(4,TRUE);
|
||||
|
||||
//Checking Website Template
|
||||
$Cbucket->set_the_template();
|
||||
|
|
|
|||
|
|
@ -813,7 +813,8 @@
|
|||
for($i=0;$i<$total_fields;$i++)
|
||||
{
|
||||
$count++;
|
||||
$val = mysql_clean($vls[$i]);
|
||||
//$val = mysql_clean($vls[$i]);
|
||||
$val = ($vls[$i]);
|
||||
$needle = substr($val,0,3);
|
||||
if($needle != '|f|')
|
||||
$fields_query .= $flds[$i]."='".$val."'";
|
||||
|
|
@ -1672,7 +1673,8 @@
|
|||
{
|
||||
if(file_exists(LAYOUT.'/'.$file))
|
||||
{
|
||||
$new_list[] = $file;
|
||||
if($ClipBucket->show_page)
|
||||
$new_list[] = $file;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -1885,7 +1887,7 @@
|
|||
/**
|
||||
* Function used to assign link
|
||||
*/
|
||||
function cblink($params,&$Smarty)
|
||||
function cblink($params,&$Smarty=NULL)
|
||||
{
|
||||
global $ClipBucket;
|
||||
$name = $params['name'];
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@
|
|||
|
||||
define("THIS_PAGE",'watch_video');
|
||||
require 'includes/config.inc.php';
|
||||
$userquery->perm_check('view_video',true);
|
||||
|
||||
$pages->page_redir();
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue