/index.php |
---|
27,10 → 27,14 |
{ |
$id = $ids[$i]; |
$post = $page->getBlogPost($id); |
write('<h4><a href="blog/post.php?id=' . $post->ID . '">' . $post->title. '</a></h4>'); |
$comment_count = 0; |
$ids2 = $page->findIDs('BlogPosts', 'WHERE ParentID=' . $id); |
write('<a href="blog/post.php?id=' . $id . '"><h3>' . $post->title. '</h3></a>'); |
write('<h5 style="color: #666666;">Posted On ' . date('l j F Y', $post->datePosted) . ' by ' . $post->user->name . ' (' . $post->user->username . ')</h5>'); |
write('<p>' . $page->replaceBBCode($post->content) . '</p>'); |
write('<h5 style="color: #666666;">' . count($ids2) . ' Comments</h5>'); |
write('<br />'); |
} |
/blog/index.php |
---|
30,10 → 30,18 |
{ |
$id = $ids[$i]; |
$post = $page->getBlogPost($id); |
$comment_count = 0; |
$ids2 = $page->findIDs('BlogPosts', 'WHERE ParentID=' . $id); |
for ($i = 0; $i < count($ids2); $i++) |
{ |
$comment_count++; |
} |
write('<a href="post.php?id=' . $id . '"><h3>' . $post->title. '</h3></a>'); |
write('<h5 style="color: #666666;">Posted On ' . date('l j F Y', $post->datePosted) . ' by ' . $post->user->name . ' (' . $post->user->username . ')</h5>'); |
write('<p>' . $page->replaceBBCode($post->content) . '</p>'); |
write('<h5 style="color: #666666;">' . $comment_count . ' Comments</h5>'); |
write('<br />'); |
} |
/blog/add-post.php |
---|
40,7 → 40,7 |
} |
else |
{ |
if ($page->getLoggedInUser()->accessID >= 2 && $parentID == -1) |
if (($page->getLoggedInUser()->accessID >= 2 && $parentID == -1) || $page->getLoggedInUser()->accessID > 2) |
{ |
$page->drawError('You do not have permission to access this page.'); |
} |
/blog/del-post.php |
---|
7,7 → 7,7 |
$id = $_GET['id']; |
if ($id) |
{ |
if ($page->isUserAdmin($page->getLoggedInUser()) || $page->getLoggedInUser()->ID == $page->getBlogPost($id)->author->ID) |
if ($page->isUserAdmin($page->getLoggedInUser()) || $page->getLoggedInUser()->ID == $page->getBlogPost($id)->author->ID && $page->isUserNormal($page->getLoggedInUser())) |
{ |
$page->delBlogPost($id); |
} |
/blog/edit-post.php |
---|
20,7 → 20,7 |
$page->checkLoggedIn(); |
$post = $page->getBlogPost($id); |
if (!$page->isUserAdmin($page->getLoggedInUser()) && $page->getLoggedInUser()->ID != $post->author->ID) |
if ((!$page->isUserAdmin($page->getLoggedInUser()) && $page->getLoggedInUser()->ID != $post->author->ID) || !$page->isUserNormal($page->getLoggedInUser())) |
{ |
$page->drawError('You do not have permission to access this page.'); |
} |
/_taios.php |
---|
50,11 → 50,19 |
$this->drawMenuItem('Wiki', 'wiki/'); |
$this->drawMenuItem('Photos', 'photos/'); |
write('<br />'); |
if ($this->isLoggedIn()) |
if ($this->isLoggedIn() && $this->isUserNormal($this->getLoggedInUser())) |
{ |
$this->drawMenuItem('Administration', 'admin/'); |
$this->drawMenuItem('Logout', 'logout-do.php'); |
} |
else if ($this->isLoggedIn()) |
{ |
$this->drawMenuItem('Logout', 'logout-do.php'); |
if ($this->getLoggedInUser()->username != "cake") |
$this->drawMenuItem('You are banned', NULL); |
else |
$this->drawMenuItem('<span style="color:#032865">#undefined</span>', '/challenge/cakefolder'); |
} |
else |
{ |
$this->drawMenuItem('Login', 'login.php'); |
61,7 → 69,6 |
$this->drawMenuItem('Register', 'register.php'); |
} |
write('<br />'); |
$this->drawnHeader = true; |
} |
} |
68,7 → 75,14 |
function drawMenuItem($t, $u) |
{ |
write('<p><a href="' . $this->url . $u . '">' . $t . '</a></p>'); |
if($u == NULL) |
{ |
write('<p style="color:red">' . $t . '</p>'); |
} |
else |
{ |
write('<p><a href="' . $this->url . $u . '">' . $t . '</a></p>'); |
} |
} |
function drawMiddle() |
300,6 → 314,19 |
return false; |
} |
function isUserBanned() |
{ |
if ($this->isLoggedIn()) |
{ |
if ($this->getLoggedInUser()->accessID >= 3) |
{ |
return true; |
} |
} |
return false; |
} |
function checkChallengeStatus($challengeID, $previous, $next) |
{ |
$currentChallengeID = $this->getLoggedInUser()->challengeID; |
/admin/account-do.php |
---|
13,7 → 13,7 |
$name = $_POST['name']; |
$user = $page->getUserByID($userID); |
if (($page->getLoggedInUser()->ID == $userID || $page->isUserAdmin($page->getLoggedInUser())) && $user) |
if (($page->getLoggedInUser()->ID == $userID || $page->isUserAdmin($page->getLoggedInUser())) && $user && $page->isUserNormal($page->getLoggedInUser())) |
{ |
if (isset($accessID) && $page->isUserAdmin($page->getLoggedInUser())) |
{ |
/admin/account.php |
---|
11,7 → 11,7 |
$userID = $page->getGetID(); |
$user = $page->getUserByID($userID); |
if (($page->getLoggedInUser()->ID == $userID || $page->isUserAdmin($page->getLoggedInUser())) && $user) |
if (($page->getLoggedInUser()->ID == $userID || $page->isUserAdmin($page->getLoggedInUser())) && $user && $page->isUserNormal($page->getLoggedInUser())) |
{ |
?> |
/admin/index.php |
---|
9,7 → 9,14 |
$page->checkLoggedIn(); |
$user = $page->getLoggedInUser(); |
write('<h4><a href="account.php?id=' . $user->ID. '">Manage Account</a></h4>'); |
if ($page->isUserNormal($user)) |
{ |
write('<h4><a href="account.php?id=' . $user->ID. '">Manage Account</a></h4>'); |
} |
else |
{ |
$page->drawError('You do not have permission to access this page.'); |
} |
if ($page->isUserAdmin($user)) |
{ |
/forums/add-post-do.php |
---|
20,6 → 20,11 |
$title = $_POST['title']; |
$content = $_POST['content']; |
if (!$page->isUserNormal($page->getLoggedInUser())) |
{ |
$page->redirect('add-post.php?error=You do not have permission to access this page'); |
} |
if (empty($title)) |
{ |
$page->redirect('add-post.php?error=No Title Specified'); |
/forums/add-post.php |
---|
20,7 → 20,7 |
$categoryID = -1; |
} |
if ($page->isLoggedIn()) |
if ($page->isLoggedIn() && $page->isUserNormal($page->getLoggedInUser)) |
{ |
if (isset($_GET['error'])) |
/forums/delete-post-do.php |
---|
9,7 → 9,7 |
$id = $page->getGetID(); |
$post = $page->getForumPost($id); |
if (($page->isUserAdmin($page->getLoggedInUser()) || $post->author->ID == $page->getLoggedInUser()->ID) && $post) |
if (($page->isUserAdmin($page->getLoggedInUser()) || $post->author->ID == $page->getLoggedInUser()->ID) && $post && $page->isUserNormal($page->getLoggedInUser())) |
{ |
$page->query('DELETE FROM ForumPosts WHERE ID = ' . $id); |
$page->redirect('index.php'); |
/forums/index.php |
---|
24,7 → 24,7 |
{ |
write('<a href="index.php?parentID=-1">Back to root</a>'); |
} |
if ($page->isLoggedIn()) |
if ($page->isLoggedIn() && $page->isUserNormal($page->getLoggedInUser())) |
{ |
if ($parentID != -1) |
{ |
/wiki/pages/Index.txt |
---|
File deleted |
\ No newline at end of file |
Property changes: |
Deleted: svn:executable |
## -1 +0,0 ## |
-* |
\ No newline at end of property |