Author Topic: [MOD - Plugin - Gallery] - User page permission  (Read 10111 times)

0 Members and 1 Guest are viewing this topic.

Offline thunderstrike

  • 4images Guru
  • *******
  • Posts: 2.327
    • View Profile
[MOD - Plugin - Gallery] - User page permission
« on: February 17, 2008, 06:15:22 PM »
This is very special MOD. Thank to Jan for add function for format textarea for each value. ;)

// Description:

- Is check for each user ID, each user level and each action name (if have action name) with ROOT PHP file.
- Is auto-create SQL table if no exist in DB.
- Is auto-add filename in SQL table if no exist in SQL table (or add in exclude list).
- Exclude filename list for detect in ROOT_PATH.
- Active / Inactive MOD check.
- Auto-add setting in SETTINGS_TABLE.
- Add multiple user IDs
- Add multiple user groups (axcept admin tag with user level - for gallery safety - if need debug - create test user account).
- FAQ include in MOD in plugin page - read instruction how all switch work.
- Search filename include.

- Is auto-detect file include this:

Quote
/**************************************************************************
 *                                                                        *
 *    4images - A Web Based Image Gallery Management System               *
 *    ----------------------------------------------------------------    *
 *                                                                        *
 *             File: filename.php                                            *
 *        Copyright: (C) 2002 Jan Sorgalla                                *
 *            Email: jan@4homepages.de                                    *
 *              Web: http://www.4homepages.de                             *
 *    Scriptversion: 1.7.4                                                *
 *                                                                        *
 *    Never released without support from: Nicky (http://www.nicky.net)   *
 *                                                                        *
 **************************************************************************
 *                                                                        *
 *    Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz-       *
 *    bedingungen (Lizenz.txt) fweitere Informationen.                 *
 *    ---------------------------------------------------------------     *
 *    This script is NOT freeware! Please read the Copyright Notice       *
 *    (Licence.txt) for further information.                              *
 *                                                                        *
 *************************************************************************/

// If have other user level - is possible for add in MOD ?
Yes, is possible. E.g - moderator MOD . If have, is possible for integrate. ;)

NO KAI - NO DEMO KAI :!:

I post screenshot.

// Note:

Backup full gallery (SQL include).

// Step 1

In includes/page_header.php file,

find:

Code: [Select]
$site_template->register_vars(array(
  "media_url" => MEDIA_PATH,

add before:

Code: [Select]
//-----------------------------------------------------
//--- Check page permission table ---------------------
//-----------------------------------------------------
if (function_exists('check_page_permission_table')) {
    check_page_permission_table();
}

// Step 2

In lang/english/admin.php file,

find:

Code: [Select]
//-----------------------------------------------------
//--- Settings ----------------------------------------
//-----------------------------------------------------
$lang['save_settings_success'] = "Settings saved";

add before:

Code: [Select]
//-----------------------------------------------------
//--- User page permission ----------------------------
//-----------------------------------------------------
$lang['user_page_permission_title'] = "User page permission";
$lang['user_page_permission_page_name'] = "Page name";
$lang['user_page_permission_page_date'] = "Date";
$lang['user_page_permission_page_options'] = "Options";
$lang['user_page_permission_search_page_text'] = "Search page (full filename): ";
$lang['user_page_permission_search_page_result'] = "Search result";
$lang['user_page_permission_search_no_result'] = "<font color=\"red\">No result.</font>";
$lang['user_page_permission_edit_permission'] = "<span class=\"smalltext\">Edit permission</span>";
$lang['user_page_permission_delete_page'] = "<span class=\"smalltext\">Delete page</span>";
$lang['user_page_permission_go_back'] = "<span class=\"smalltext\">[ Go back ]</span>";
$lang['user_page_permission_delete_success'] = "<font color=\"green\">Delete success !</font>";
$lang['user_page_permission_confirm_delete_page_message'] = "This is for delete filename ONLY if no exist in FTP / file manager or no 4images tag. Is ok ?";
$lang['user_page_permission_update_success'] = "<font color=\"green\">Update success !</font>";
$lang['user_page_permission_edit_action'] = "<span class=\"smalltext\">Edit action</span>";
$lang['user_page_permission_faq_title'] = "FAQ";
$lang['user_page_permission_instructions'] = "&nbsp;This is key use for <b>edit permission</b> textarea of each (action include if like).<br /><br />

&nbsp;User level:<br /><br />

&nbsp;// guest = all<br />
&nbsp;// user = kick guest but allow for user and admin.<br />
&nbsp;// admin = kick all axcept admin.<br />
&nbsp;// self = self user (e.g: private page for each user ID session so other user ID is no see content - like PM inbox).<br /><br />

&nbsp;// Is possible for grant access for all user and no user ID + action empty ?<br />
&nbsp;Yes, is possible. In <b>edit permission</b> use: <b>guest</b> .<br /><br />

&nbsp;// Is possible for grant access for user level and no user ID + action empty ?<br />
&nbsp;Yes, is possible. In <b>edit permission</b> use: <b>user</b> .<br /><br />

&nbsp;// Is possible for grant access for admin and no user ID + action empty ?<br />
&nbsp;Yes, is possible. In <b>edit permission</b> use: <b>admin</b> .<br /><br />

&nbsp;// Is possible for grant access for self user and no user ID + action empty ?<br />
&nbsp;Yes, is possible. In <b>edit permission</b> use: <b>self</b> .<br /><br />

&nbsp;// Is possible for use multiple keys for user ID with user level ?<br />
&nbsp;Yes, is possible. Each user ID and user level is link for each and <b>" . strtolower($lang['user_page_permission_title']) . "</b> MOD is detect each.<br /><br />

&nbsp;// Is possible for use single / multiple key for user ID, user level and action ?<br />
&nbsp;Yes, is possible. all is work if like (foreach user or for user level with action).<br /><br />

&nbsp;// Is work for user ID (no action or user level) ?<br />
&nbsp;Ok, how is work -<br /><br />

&nbsp;<b>edit permission</b> link: <b>1 2 3 4 5 6</b><br />
&nbsp;<b>" . strtolower($lang['user_page_permission_title']) . "</b> MOD is check for each user ID and see if match with user info to access page (use space for each user ID).<br /><br />

&nbsp;// Is work for user ID and action name ?<br />
&nbsp;Ok, how is work - e.g: member.php file - (use space for each action name) -<br /><br />

&nbsp;<b>edit permission</b> link: <b>1 2</b><br />
&nbsp;<b>edit action</b> link: <b>showprofile editprofile</b> .<br /><br />

&nbsp;Is mean: User ID <b>1</b> is access <b>showprofile</b> and user ID <b>2</b> is access <b>editprofile</b> (is for each user ID).<br /><br />

&nbsp;// How I get what I add in SQL after install this MOD ?<br />
&nbsp;Nothing. <b>" . strtolower($lang['user_page_permission_title']) . "</b> MOD is detect if SQL table exist. If !exist, is create auto, is detect ROOT files, is add <b>guest</b> in <b>edit permission</b> link (default).<br /><br />

&nbsp;// Is ROOT filename add in SQL table each time I visit gallery ?<br />
&nbsp;No need. Each file is detect each visit <b>but " . strtolower($lang['user_page_permission_title']) . "</b> MOD is check if exist filename in SQL table. If exist, is skip.<br /><br />

&nbsp;// I use <b>Delete page</b> link and page is back after I visit gallery.<br />
&nbsp;If see this, is no problem. <b>ACP - > Setting - > User page permission - > Set exclude filename so MOD is no scan 4images file you add</b> and set ROOT filename in textarea so detect is skip.<br /><br />

&nbsp;// Is <b>user_info['user_level']</b> need after install this MOD ?<br />
&nbsp;No ! - Jan object is no need after install this MOD but need replace object with <b>" . strtolower($lang['user_page_permission_title']) . " function</b>.<br /><br />

&nbsp;// Is possible for add <b>admin</b> tag and add user ID of user (no admin, guest but USER level) ?<br />
&nbsp;For safety, is <u>!possible</u>. <b>admin</b> is use override for all gallery from Jan session class file.<br /><br />

&nbsp;// Is possible for add <b>user</b> tag and add <b>admin</b> tag ?<br />
&nbsp;Yes, is possible. Is mean - <b>admin level</b> and <b>user level</b> is grant access (with action or no action add).<br />

";

// Step 2.1

Same file - add in top ?>:

Code: [Select]
/*-- Setting-Group XX --*/
$setting_group[XX] = "User page permission";
$setting['user_page_permission_use'] = "Activate user page permission";
$setting['user_page_permission_exclude_file'] = "Set exclude filename so MOD is no scan 4images file you add<br /><span class=\"smalltext\">(Note: E.g: <b>categories.php details.php</b> - <b>and 'yes' - use space for each add filename</b>)</span>.";

Note: Replace XXs with last value.

// Step 3

In admin/settings.php file,

find:

Code: [Select]
show_form_footer($lang['save_changes'], "", 2);

add before:

Code: [Select]
show_table_separator($setting_group[XX], 2, "setting_group_XX");
show_setting_row("user_page_permission_use", "radio");
show_setting_row("user_page_permission_exclude_file", "textarea");    

Note: Replace XXs with last value.

// Step 4

In admin/plugins , create new file: user_page_permission.php .

Add:

Code: [Select]
<?php // PLUGIN_TITLE: User page permission

$nozip 1;
define('IN_CP'1);
define('ROOT_PATH'"./../../");
require(
ROOT_PATH.'admin/admin_global.php');

if (!
defined('PAGES_RESTRICT_TABLE')) {
    
define('PAGES_RESTRICT_TABLE'$table_prefix 'pages_restrict');
}

show_admin_header();

if (
$action == "") {
    
$action "main_menu";
}

if (
$action == "delete_page") {
    
    if (isset(
$HTTP_GET_VARS['page_id']) || isset($HTTP_POST_VARS['page_id'])) {
        
$page_id = (isset($HTTP_GET_VARS['page_id'])) ? intval(trim($HTTP_GET_VARS['page_id'])) : intval(trim($HTTP_POST_VARS['page_id']));
    } else {
        
$page_id 0;
    }
    
    if (empty(
$page_id)) {
        
$action "main_menu";
    }
    
    if (isset(
$page_id) && !empty($page_id)) {
        
$result $site_db->query("DELETE FROM " PAGES_RESTRICT_TABLE " WHERE page_id = " $page_id);
        if (
$result) {
            
$msg $lang['user_page_permission_delete_success'];            
        }
        
$action "main_menu";
    }
}

if (
$action == "search_page") {
    
    if (isset(
$HTTP_POST_VARS['search_result'])) {
        
$search_result = (isset($HTTP_POST_VARS['search_result'])) ? un_htmlspecialchars(trim((string)$HTTP_POST_VARS['search_result'])) : "";
    } else {
        
$search_result "";
    }
    
    if (empty(
$search_result)) {
        
$action "main_menu";
    }
    
    if (isset(
$search_result) && !empty($search_result)) {
        
        
$sql "
        
        SELECT page_id, page_name, page_date
        FROM " 
PAGES_RESTRICT_TABLE "
        WHERE page_name = '" 
$search_result "'
        
        "
;
        
        
$result $site_db->query($sql);
        
$num_rows $site_db->get_numrows($result);        
        
        
?>
       
        <table border="0" width="100%" cellpadding="0" cellspacing="0" class="tableborder" />
        <tr class="tableseparator">
        <td width="100%" class="tableheader">&nbsp;<?php echo $lang['user_page_permission_title']; ?></td>    
        </tr>    
        </table>        
        <table border="0" width="100%" cellpadding="0" cellspacing="0">
        <tr>
        <td width="100%" class="tablerow" valign="top" align="left"><a href="<?php echo $site_sess->url('user_page_permission.php'); ?>"><span class=\"smalltext\"><?php echo $lang['user_page_permission_go_back']; ?></a></span><br /><br /></td>
        </tr>    
        </table>
        <table border="0" width="100%" cellpadding="0" cellspacing="0">
        <tr>
        <td width="100%" class="tableheader">&nbsp;<?php echo $lang['search']; ?><br /></td>    
        </tr>    
        </table>
        <table border="0" width="100%" cellpadding="0" cellspacing="0">
        <tr>
        <td width="100%" class="tablerow" align="right"><br />
        <form method="post" action="<?php echo $site_sess->url('user_page_permission.php'); ?>">
        <input type="hidden" name="action" value="search_page">
        <?php echo $lang['user_page_permission_search_page_text']; ?><input type="text" name="search_result">&nbsp;<input type="submit" name="submit" value="<?php echo $lang['search']; ?>" class="button" />&nbsp;
        </form>    
        </td>    
        </tr>    
        </table>
        <?php
        
if (empty($num_rows)) {
        
?>

        <table border="0" width="100%" cellpadding="0" cellspacing="0">
        <tr>    
        <td width="100%" class="tableheader">&nbsp;<?php echo $lang['user_page_permission_search_page_result']; ?></td>        
        </tr>
        </table>
        <table border="0" width="100%" cellpadding="0" cellspacing="0">
        <tr>    
        <td width="100%" class="tablerow">&nbsp;</td>        
        </tr>
        </table>
        <table border="0" width="100%" cellpadding="0" cellspacing="0">
        <tr>    
        <td width="100%" class="tablerow" align="center"><?php echo $lang['user_page_permission_search_no_result']; ?></td>
        </tr>
        </table>        
        <?php
        
} else {
        
?>

        <table border="0" width="100%" cellpadding="0" cellspacing="0">
        <tr>    
        <td width="33%" class="tableheader" align="center"><?php echo $lang['user_page_permission_page_name']; ?></td>
        <td width="33%" class="tableheader" align="center"><?php echo $lang['user_page_permission_page_date']; ?></td>    
        <td width="33%" class="tableheader" align="center"><?php echo $lang['user_page_permission_page_options']; ?></td>    
        </tr>
        </table>
        <table border="0" width="100%" cellpadding="0" cellspacing="0">
        <tr>
        <td width="100%" class="tablerow">&nbsp;</td>    
        </tr>    
        </table>
        <table border="1" width="100%" cellpadding="0" cellspacing="0" class="tableheader" />    
        
        <?php    
        
while ($page_row $site_db->fetch_array($result)) {
            
$page_id $page_row['page_id'];
            
$page_name format_text(trim($page_row['page_name']), 2);
            
$page_date = (function_exists('get_universal_field_date')) ? get_universal_field_date($page_row['page_date']) : format_date($config['date_format'], $page_row['page_date']);        
        
?>
           
        <tr class="tableseparator">
        <td width="33%" class="tablerow" align="center"><?php echo $page_name?></td>    
        <td width="33%" class="tablerow" align="center"><?php echo $page_date?></td>            
        <td width="33%" class="tablerow" align="center"><a href="<?php echo $site_sess->url('user_page_permission.php?action=edit_permission&page_id=' $page_id); ?>">[ <?php echo $lang['user_page_permission_edit_permission']; ?> ]</a> | <a href="<?php echo $site_sess->url('user_page_permission.php?action=edit_action&page_id=' $page_id); ?>">[ <?php echo $lang['user_page_permission_edit_action']; ?> ]</a> | <a href="<?php echo $site_sess->url('user_page_permission.php?action=delete_page&page_id=' $page_id); ?>" onclick="return confirm('<?php echo $lang['user_page_permission_confirm_delete_page_message']; ?>')">[ <?php echo $lang['user_page_permission_delete_page']; ?></a> ]</td>
        </tr>            
        <?php
        
}
    }
    
?>

    </table>    
    <table border="0" width="100%" cellpadding="0" cellspacing="0">
    <tr>
    <td width="100%" class="tablerow">&nbsp;</td>    
    </tr>    
    </table>
    <table border="0" width="100%" cellpadding="0" cellspacing="0">
    <tr>
    <td width="100%" class="tableheader">&nbsp;</td>    
    </tr>    
    </table>
    <?php
    
}
}

if (
$action == "exec_edit_permission") {
    
    if (isset(
$HTTP_GET_VARS['page_id']) || isset($HTTP_POST_VARS['page_id'])) {
        
$page_id = (isset($HTTP_POST_VARS['page_id'])) ? intval(trim($HTTP_POST_VARS['page_id'])) : intval(trim($HTTP_GET_VARS['page_id']));
    } else {
        
$page_id 0;
    }
    
    if (isset(
$HTTP_GET_VARS['page_user_ids']) || isset($HTTP_POST_VARS['page_user_ids'])) {
        
$page_user_ids = (isset($HTTP_POST_VARS['page_user_ids'])) ? un_htmlspecialchars(trim((string)$HTTP_POST_VARS['page_user_ids'])) : un_htmlspecialchars(trim((string)$HTTP_GET_VARS['page_user_ids']));
    } else {
        
$page_user_ids "";
    }
    
    if (empty(
$page_id)) {
        
$action "main_menu";
    }
    
    if (isset(
$page_user_ids)) {        
        
$result $site_db->query("UPDATE " PAGES_RESTRICT_TABLE " SET page_user_ids = '" $page_user_ids "', page_date = '" time() . "' WHERE page_id = " $page_id);
        if (
$result) {
            
$msg $lang['user_page_permission_update_success'];
        }
        
$action "main_menu";
    }
}

if (
$action == "edit_permission") {
    
    if (isset(
$HTTP_GET_VARS['page_id'])) {
        
$page_id = (isset($HTTP_GET_VARS['page_id'])) ? intval(trim($HTTP_GET_VARS['page_id'])) : 0;
    } else {
        
$page_id 0;
    }
    
    if (empty(
$page_id)) {
        
$action "main_menu";
    }
    
    if (isset(
$page_id) && !empty($page_id)) {
        
        
$sql "
        
        SELECT page_user_ids
        FROM " 
PAGES_RESTRICT_TABLE "
        WHERE page_id = " 
$page_id;
        
        
$row $site_db->query_firstrow($sql);
        
$page_user_ids format_text($row['page_user_ids'], 101);
        
?>

        <table border="0" width="100%" cellpadding="0" cellspacing="0" class="tableborder" />
        <tr class="tableseparator">
        <td width="100%" class="tableheader">&nbsp;<?php echo $lang['user_page_permission_title']; ?></td>    
        </tr>    
        </table>
        <table border="0" width="100%" cellpadding="0" cellspacing="0">
        <tr>
        <td width="100%" class="tablerow" valign="top" align="left"><a href="<?php echo $site_sess->url('user_page_permission.php'); ?>"><span class=\"smalltext\"><?php echo $lang['user_page_permission_go_back']; ?></a></span><br /><br /></td>
        </tr>    
        </table>
        <table border="0" width="100%" cellpadding="0" cellspacing="0">
        <tr>
        <td width="100%" class="tableheader">&nbsp;<?php echo $lang['search']; ?><br /></td>    
        </tr>    
        </table>
        <table border="0" width="100%" cellpadding="0" cellspacing="0">
        <tr>
        <td width="100%" class="tablerow" align="right"><br />
        <form method="post" action="<?php echo $site_sess->url('user_page_permission.php'); ?>">
        <input type="hidden" name="action" value="search_page">
        <?php echo $lang['user_page_permission_search_page_text']; ?><input type="text" name="search_result">&nbsp;<input type="submit" name="submit" value="<?php echo $lang['search']; ?>" class="button" />&nbsp;
        </form>    
        </td>    
        </tr>
        </table>
        <table border="0" width="100%" cellpadding="0" cellspacing="0">
        <tr>    
        <td width="100%" class="tableheader">&nbsp;<?php echo $lang['user_page_permission_edit_permission']; ?></td>        
        </tr>
        </table>
        <table border="0" width="100%" cellpadding="0" cellspacing="0">
        <tr>
        <td width="100%" class="tablerow">&nbsp;</td>    
        </tr>    
        </table>
        <table border="0" width="100%" cellpadding="0" cellspacing="0">
        <tr>
        <td width="100%" class="tablerow" align="center">
        <form method="post" action="<?php echo $site_sess->url('user_page_permission.php'); ?>">
        <input type="hidden" name="action" value="exec_edit_permission">
        <input type="hidden" name="page_id" value="<?php echo $page_id?>">
        <textarea name="page_user_ids" rows="20" cols="60" value="<?php echo $page_user_ids?>" class="textarea" /><?php echo $page_user_ids?></textarea><br />
        <input type="submit" name="submit" value="<?php echo $lang['edit']; ?>" class="button" />        
        </td>    
        </tr>    
        </table>        
        <table border="0" width="100%" cellpadding="0" cellspacing="0">
        <tr>
        <td width="100%" class="tableheader">&nbsp;</td>    
        </tr>    
        </table>
        <?php
    
}
}

if (
$action == "exec_edit_action") {
    
    if (isset(
$HTTP_GET_VARS['page_id']) || isset($HTTP_POST_VARS['page_id'])) {
        
$page_id = (isset($HTTP_POST_VARS['page_id'])) ? intval(trim($HTTP_POST_VARS['page_id'])) : intval(trim($HTTP_GET_VARS['page_id']));
    } else {
        
$page_id 0;
    }
    
    if (isset(
$HTTP_GET_VARS['page_action']) || isset($HTTP_POST_VARS['page_action'])) {
        
$page_action = (isset($HTTP_POST_VARS['page_action'])) ? un_htmlspecialchars(trim((string)$HTTP_POST_VARS['page_action'])) : un_htmlspecialchars(trim((string)$HTTP_GET_VARS['page_action']));
    } else {
        
$page_action "";
    }
    
    if (empty(
$page_id)) {
        
$action "main_menu";
    }
    
    if (isset(
$page_action)) {        
        
$result $site_db->query("UPDATE " PAGES_RESTRICT_TABLE " SET page_action = '" $page_action "', page_date = '" time() . "' WHERE page_id = " $page_id);
        if (
$result) {
            
$msg $lang['user_page_permission_update_success'];
        }
        
$action "main_menu";
    }
}

if (
$action == "edit_action") {
    
    if (isset(
$HTTP_GET_VARS['page_id'])) {
        
$page_id = (isset($HTTP_GET_VARS['page_id'])) ? intval(trim($HTTP_GET_VARS['page_id'])) : 0;
    } else {
        
$page_id 0;
    }
    
    if (empty(
$page_id)) {
        
$action "main_menu";
    }
    
    if (isset(
$page_id) && !empty($page_id)) {
        
        
$sql "
        
        SELECT page_action
        FROM " 
PAGES_RESTRICT_TABLE "
        WHERE page_id = " 
$page_id;
        
        
$row $site_db->query_firstrow($sql);
        
$page_action format_text($row['page_action'], 101);
        
?>

        <table border="0" width="100%" cellpadding="0" cellspacing="0" class="tableborder" />
        <tr class="tableseparator">
        <td width="100%" class="tableheader">&nbsp;<?php echo $lang['user_page_permission_title']; ?></td>    
        </tr>    
        </table>
        <table border="0" width="100%" cellpadding="0" cellspacing="0">
        <tr>
        <td width="100%" class="tablerow" valign="top" align="left"><a href="<?php echo $site_sess->url('user_page_permission.php'); ?>"><span class=\"smalltext\"><?php echo $lang['user_page_permission_go_back']; ?></a></span><br /><br /></td>
        </tr>    
        </table>
        <table border="0" width="100%" cellpadding="0" cellspacing="0">
        <tr>
        <td width="100%" class="tableheader">&nbsp;<?php echo $lang['search']; ?><br /></td>    
        </tr>    
        </table>
        <table border="0" width="100%" cellpadding="0" cellspacing="0">
        <tr>
        <td width="100%" class="tablerow" align="right"><br />
        <form method="post" action="<?php echo $site_sess->url('user_page_permission.php'); ?>">
        <input type="hidden" name="action" value="search_page">
        <?php echo $lang['user_page_permission_search_page_text']; ?><input type="text" name="search_result">&nbsp;<input type="submit" name="submit" value="<?php echo $lang['search']; ?>" class="button" />&nbsp;
        </form>    
        </td>    
        </tr>
        </table>
        <table border="0" width="100%" cellpadding="0" cellspacing="0">
        <tr>    
        <td width="100%" class="tableheader">&nbsp;<?php echo $lang['user_page_permission_edit_action']; ?></td>        
        </tr>
        </table>
        <table border="0" width="100%" cellpadding="0" cellspacing="0">
        <tr>
        <td width="100%" class="tablerow">&nbsp;</td>    
        </tr>    
        </table>
        <table border="0" width="100%" cellpadding="0" cellspacing="0">
        <tr>
        <td width="100%" class="tablerow" align="center">
        <form method="post" action="<?php echo $site_sess->url('user_page_permission.php'); ?>">
        <input type="hidden" name="action" value="exec_edit_action">
        <input type="hidden" name="page_id" value="<?php echo $page_id?>">
        <textarea name="page_action" rows="20" cols="60" value="<?php echo $page_action?>" class="textarea" /><?php echo $page_action?></textarea><br />
        <input type="submit" name="submit" value="<?php echo $lang['edit']; ?>" class="button" />        
        </td>    
        </tr>    
        </table>        
        <table border="0" width="100%" cellpadding="0" cellspacing="0">
        <tr>
        <td width="100%" class="tableheader">&nbsp;</td>    
        </tr>    
        </table>
        <?php
    
}
}

if (
$action == "main_menu") {
            
    
$sql "
    
    SELECT page_id, page_name, page_date
    FROM " 
PAGES_RESTRICT_TABLE "    
    ORDER BY page_name ASC"
;
    
    
$result $site_db->query($sql);
    
?>

    
    <table border="0" width="100%" cellpadding="0" cellspacing="0" class="tableborder" />
    <tr class="tableseparator">
    <td width="100%" class="tableheader">&nbsp;<?php echo $lang['user_page_permission_title']; ?></td>    
    </tr>    
    </table>
    <table border="0" width="100%" cellpadding="0" cellspacing="0">
    <tr>
    <td width="100%" class="tablerow" align="center"><?php echo (isset($msg) && !empty($msg)) ? "<br />" $msg "<br /><br />" REPLACE_EMPTY "<br />"?></td>
    </tr>    
    </table>
    <table border="0" width="100%" cellpadding="0" cellspacing="0">
    <tr>
    <td width="100%" class="tableheader">&nbsp;<?php echo $lang['user_page_permission_faq_title']; ?><br /></td>    
    </tr>    
    </table>    
    <table border="0" width="100%" cellpadding="0" cellspacing="0">
    <tr>
    <td width="100%" class="tablerow"><?php echo $lang['user_page_permission_instructions']; ?><br /></td>    
    </tr>    
    </table>  
    <table border="0" width="100%" cellpadding="0" cellspacing="0">
    <tr>
    <td width="100%" class="tableheader">&nbsp;<?php echo $lang['search']; ?><br /></td>    
    </tr>    
    </table>
    <table border="0" width="100%" cellpadding="0" cellspacing="0">
    <tr>
    <td width="100%" class="tablerow" align="right"><br />
    <form method="post" action="<?php echo $site_sess->url('user_page_permission.php'); ?>">
    <input type="hidden" name="action" value="search_page">
    <?php echo $lang['user_page_permission_search_page_text']; ?><input type="text" name="search_result">&nbsp;<input type="submit" name="submit" value="<?php echo $lang['search']; ?>" class="button" />&nbsp;
    </form>    
    </td>    
    </tr>    
    </table>
    <table border="0" width="100%" cellpadding="0" cellspacing="0">
    <tr>    
    <td width="33%" class="tableheader" align="center"><?php echo $lang['user_page_permission_page_name']; ?></td>
    <td width="33%" class="tableheader" align="center"><?php echo $lang['user_page_permission_page_date']; ?></td>    
    <td width="33%" class="tableheader" align="center"><?php echo $lang['user_page_permission_page_options']; ?></td>    
    </tr>
    </table>
    <table border="0" width="100%" cellpadding="0" cellspacing="0">
    <tr>
    <td width="100%" class="tablerow">&nbsp;</td>    
    </tr>    
    </table>
    <table border="1" width="100%" cellpadding="0" cellspacing="0" class="tableheader" />    
    
    <?php    
    
while ($page_row $site_db->fetch_array($result)) {
        
$page_id $page_row['page_id'];
        
$page_name format_text(trim($page_row['page_name']), 2);
        
$page_date = (function_exists('get_universal_field_date')) ? get_universal_field_date($page_row['page_date']) : format_date($config['date_format'], $page_row['page_date']);        
        
?>
       
        
        <tr class="tableseparator">
        <td width="33%" class="tablerow" align="center"><?php echo $page_name?></td>    
        <td width="33%" class="tablerow" align="center"><?php echo $page_date?></td>            
        <td width="33%" class="tablerow" align="center"><a href="<?php echo $site_sess->url('user_page_permission.php?action=edit_permission&page_id=' $page_id); ?>">[ <?php echo $lang['user_page_permission_edit_permission']; ?> ]</a> | <a href="<?php echo $site_sess->url('user_page_permission.php?action=edit_action&page_id=' $page_id); ?>">[ <?php echo $lang['user_page_permission_edit_action']; ?> ]</a> | <a href="<?php echo $site_sess->url('user_page_permission.php?action=delete_page&page_id=' $page_id); ?>" onclick="return confirm('<?php echo $lang['user_page_permission_confirm_delete_page_message']; ?>')">[ <?php echo $lang['user_page_permission_delete_page']; ?></a> ]</td>
        </tr>            
        <?php
    
}
    
?>

    </table>
    <table border="0" width="100%" cellpadding="0" cellspacing="0">
    <tr>
    <td width="100%" class="tablerow">&nbsp;</td>    
    </tr>    
    </table>
    <table border="0" width="100%" cellpadding="0" cellspacing="0">
    <tr>
    <td width="100%" class="tableheader">&nbsp;</td>    
    </tr>    
    </table>
    <table border="0" width="100%" cellpadding="0" cellspacing="0">
    <tr>
    <td width="100%" align="center" class="tablerow"><br /><span class="smalltext"><b>User page permission</b> - created by <a href="http://www.4homepages.de/forum/index.php?topic=19856.0" target="_blank" />Thunderstrike</a> - 2007-2008<br />Version 2.0</span><br /><br /></td>
    </tr>    
    </table>
    <table border="0" width="100%" cellpadding="0" cellspacing="0">
    <tr>
    <td width="100%" class="tableheader">&nbsp;</td>    
    </tr>    
    </table>
    <?php
}

show_admin_footer();
?>

« Last Edit: August 27, 2011, 02:17:00 PM by thunderstrike »
8 steps need when ask question -

- PHP version (ACP - > phpinfo())
- mySQL version (ACP - > phpinfo())
- 4images version
- Post screenshot / URL
- Post code in BB Code (no need full file for code) or post attach file
- It doesn't work. What is say - what is do for no work
- Install MOD ? If so - please say (troubleshooting)
- Read FAQ ? Install Bug fixes ?

Offline thunderstrike

  • 4images Guru
  • *******
  • Posts: 2.327
    • View Profile
Re: [MOD - Plugin - Gallery] - User page permission
« Reply #1 on: February 17, 2008, 06:18:16 PM »
// Step 5

In includes/functions.php file,

add in top ?>:

Code: [Select]
if (!function_exists('check_page_permission_table')) {
    function check_page_permission_table() {
        global $site_db, $table_prefix, $config;
        
        if (!defined('PAGES_RESTRICT_TABLE')) {
            define('PAGES_RESTRICT_TABLE', $table_prefix . 'pages_restrict');
        }
        
        if (!isset($config['user_page_permission_use'])) {
            $site_db->query("INSERT INTO " . SETTINGS_TABLE . " (setting_name, setting_value) VALUES ('user_page_permission_use', '1')");
        }        
        if (!isset($config['user_page_permission_exclude_file'])) {
            $site_db->query("INSERT INTO " . SETTINGS_TABLE . " (setting_name, setting_value) VALUES ('user_page_permission_exclude_file', 'captcha.php config.new.php config.php global.php install.php login.php logout.php')");
        }            

        $sql = "
        
        CREATE TABLE IF NOT EXISTS " . PAGES_RESTRICT_TABLE . " (
        page_id INT(11) NOT NULL AUTO_INCREMENT,
        page_name VARCHAR(255) NOT NULL DEFAULT '',        
        page_date int(11) NOT NULL DEFAULT '0',
        page_user_ids TEXT NOT NULL DEFAULT '',
        page_action TEXT NOT NULL DEFAULT '',
        PRIMARY KEY (page_id)
        ) TYPE=MyISAM";

        $result = $site_db->query($sql);
        unset ($result);

        $sql = "
  
        SELECT page_name
        FROM " . PAGES_RESTRICT_TABLE;        

        $result = $site_db->query($sql);

        $page_filename_row = array();
        while ($row = $site_db->fetch_array($result)) {
            $page_filename_row[] = format_text(trim($row['page_name']), 2);
        }
        $site_db->free_result();

        $handle = @opendir(ROOT_PATH);        
        $config['user_page_permission_exclude_file'] = explode (" ", $config['user_page_permission_exclude_file']);
        while (false !== ($file = @readdir($handle))) {
            if ($file != '..' && $file != '.' && preg_match("/\.php$/", $file) && !in_array($file, $config['user_page_permission_exclude_file'])) {
                $read_file = @fopen($file, "r");
                while (!feof($read_file)) {
                    $buffer = @fgets($read_file, 4096);
                    if (preg_match("/get_page_permission/", $buffer)) {                        
                        if (!in_array($file, $page_filename_row) && !in_array($file, $config['user_page_permission_exclude_file'])) {
                            $site_db->query("INSERT INTO " . PAGES_RESTRICT_TABLE . " (page_id, page_name, page_date, page_user_ids) VALUES (NULL, '" . $file . "', '" . time() . "', 'guest')");
                            break;                        
                        }
                    }                    
                }
                @fclose($read_file);
            } elseif (in_array($file, $config['user_page_permission_exclude_file']) && in_array($file, $page_filename_row)) {
                $site_db->query("DELETE FROM " . PAGES_RESTRICT_TABLE . " WHERE page_name = '" . $file . "'");                
            }
                
        }
        @closedir($handle);
        unset($page_filename_row);
    }
}

if (!function_exists('check_user_ids_page_permission')) {
    function check_user_ids_page_permission($user_id, $user_level, $page_user_ids, $action, $action_array) {
        global $split_user_ids, $split_actions, $user_info;  
        if (!isset($split_user_ids)) {
            $ids = trim($page_user_ids);
            $ids = preg_replace("/[\n\r]/is", " ", $ids);
            $ids = str_replace(",", " ", $ids);
            $ids = preg_quote($ids);
            $ids = str_replace('/', '\\/', $ids);
            $split_user_ids = preg_split("/\s+/", $ids);
        }
        if (!isset($split_actions)) {
            $ids2 = trim($action_array);
            $ids2 = preg_replace("/[\n\r]/is", " ", $ids2);
            $ids2 = str_replace(",", " ", $ids2);
            $ids2 = preg_quote($ids2);
            $ids2 = str_replace('/', '\\/', $ids2);
            $split_actions = preg_split("/\s+/", $ids2);
        }
        foreach ($split_user_ids as $key => $val) {
            foreach ($split_actions as $key1 => $val1) {                
                if ($action == $val1 && $key == $key1) {
                    if ($user_id == $val) {
                        return $user_id;
                        return $user_level;
                        return $page_user_ids;
                        return $action;
                        return $action_array;
                        break;
                    } elseif ($val == "guest") {
                        if ($user_level >= GUEST) {
                            return $user_id;
                            return $user_level;
                            return $page_user_ids;
                            return $action;
                            return $action_array;
                            break;
                        }                    
                    } elseif ($val == "user") {
                        if ($user_level == GUEST || $user_level == USER_AWAITING) {
                            return;              
                            break;
                        } elseif ($user_level >= USER) {
                            return $user_id;
                            return $user_level;
                            return $page_user_ids;
                            return $action;
                            return $action_array;
                            break;
                        }
                    } elseif ($val == "admin") {                    
                        if ($user_level != ADMIN) {
                            return;
                            break;
                        } else {
                            return $user_id;
                            return $user_level;
                            return $page_user_ids;
                            return $action;
                            return $action_array;
                            break;
                        }
                    } elseif ($val == "self" && $user_id == $user_info['user_id']) {
                        return $user_id;
                        return $user_level;
                        return $page_user_ids;
                        return $action;
                        return $action_array;
                        break;
                    }
                }
            }
            if (empty($action)) {
                if ($user_id == $val) {
                    return $user_id;
                    return $user_level;
                    return $page_user_ids;
                    break;
                } elseif ($val == "guest") {
                    if ($user_level >= GUEST) {
                        return $user_id;
                        return $user_level;
                        return $page_user_ids;                
                        break;
                    }
                } elseif ($val == "user") {
                    if ($user_level == GUEST || $user_level == USER_AWAITING) {
                        return;
                        break;            
                    } elseif ($user_level >= USER) {
                        return $user_id;
                        return $user_level;
                        return $page_user_ids;
                        break;
                    }
                } elseif ($val == "admin") {
                    if ($user_level != ADMIN) {
                        return;
                        break;
                    }
                } elseif ($val == "self" && $user_id == $val && $val == $user_info['user_id']) {
                    return $user_id;
                    return $user_level;
                    return $page_user_ids;                
                    break;
                }
            }
        }
    }
}

if (!function_exists('get_page_permission')) {
    function get_page_permission($user_id, $user_level, $page_name, $action) {
        global $site_db, $table_prefix, $config;
        
        $user_level = preg_replace("/[^0-9-]+/i", GUEST, $user_level);
        
        if (isset($config['user_page_permission_use']) && $config['user_page_permission_use'] == 0) {
            return $user_id;
            return $user_level;
            return $page_name;
        }
        
        if (isset($config['user_page_permission_use']) && $config['user_page_permission_use'] == 1) {
            
            if (!defined('PAGES_RESTRICT_TABLE')) {
                define('PAGES_RESTRICT_TABLE', $table_prefix . 'pages_restrict');
            }
            
            if (empty($user_id) || !get_file_name($page_name)) {
                return;
            }
            
            $sql = "
            
            SELECT page_user_ids, page_action
            FROM " . PAGES_RESTRICT_TABLE . "
            WHERE page_name = '" . $page_name . "'
            
            ";
            
            $result = $site_db->query($sql);
            
            if (function_exists('check_user_ids_page_permission')) {
                while ($row = $site_db->fetch_array($result)) {
                    if (check_user_ids_page_permission($user_id, $user_level, $row['page_user_ids'], $action, $row['page_action'])) {
                        return $user_id;
                        return $user_level;
                        return $page_name;
                    }
                }
            }
        }
    }
}

// Step 6 - E.g (how use function) -

In member.php file - showprofile action -

find:

Code: [Select]
if ($user_row = get_user_info($user_id)) {
    $user_homepage = (isset($user_row['user_homepage'])) ? format_url($user_row['user_homepage']) : REPLACE_EMPTY;

add before:

Code: [Select]
// MOD: User page permission.
if (function_exists('get_page_permission') && !get_page_permission($user_info['user_id'], $user_info['user_level'], $self_url, $action)) {    
    show_error_page($lang['no_permission']);    
}
// End of MOD: User page permission.

If permission fail, user is redirect to 4images error page (edit if no like). ;)

// Is work

1 - Visit gallery (must).
2 - ACP - > Setting. Set active MOD.
3 - ACP - > Setting. Set file exclude so no auto-detect in gallery.
4 - ACP - > Plugins - > User page permission and edit action (if filename include action in code).

Finish. :)
« Last Edit: February 18, 2011, 01:58:01 PM by thunderstrike »
8 steps need when ask question -

- PHP version (ACP - > phpinfo())
- mySQL version (ACP - > phpinfo())
- 4images version
- Post screenshot / URL
- Post code in BB Code (no need full file for code) or post attach file
- It doesn't work. What is say - what is do for no work
- Install MOD ? If so - please say (troubleshooting)
- Read FAQ ? Install Bug fixes ?