host = ''; $this->user = ''; $this->password = ''; $this->database = ''; $this->assoc_only = false; unset($link); unset($sql); unset($result); } function DoError($sql = "") { $SQL_ERR = mysql_errno(); $SQL_ERRSTR = mysql_error(); echo "status=err
"; echo "SQL error=$SQL_ERR
"; echo "SQL error string=$SQL_ERRSTR
"; echo "SQL=$sql
"; exit; } function connect($host = "", $user = "", $password = "", $database = "") { if(!empty($host)) $this->host = $host; if(!empty($user)) $this->user = $user; if(!empty($password)) $this->password = $password; if(!empty($database)) $this->database = $database; $this->link = mysql_pconnect($this->host, $this->user, $this->password); mysql_select_db($this->database, $this->link); } function connectdb($login, $database) { $this->connect($login["host"],$login["username"],$login["password"],$database); } function assoc_only($assoc = false) { $this->assoc_only = $assoc; } function query($sql) { if(!isset($this->link)) $this->connect(); $this->sql = $sql; mysql_select_db($this->database, $this->link); $this->result = mysql_query($sql, $this->link) or $this->DoError($sql); return $this->result; } function open($sql) { $this->query($sql); } //Same as query - except //this does NOT save query result function execsql($sql) { if(!isset($this->link)) $this->connect(); $this->sql = $sql; mysql_select_db($this->database, $this->link); mysql_query($sql, $this->link) or $this->DoError($sql); } function next() { if ($this->assoc_only) { return mysql_fetch_assoc($this->result); echo "assoc
"; }else{ return mysql_fetch_array($this->result); echo "array
"; } } function getrow() { return $this->next(); } function row($table = '', $ID = '', $where = '') { //Quick way to get complete record if(!empty($table)) { $this->open("SELECT *, ID as ".$table."ID FROM $table WHERE ID = $ID $where "); } return $this->next(); } function getrows() { $data = array(); while ($row = $this->getrow()) $data[] = $row; return $data; } function rows() { return $this->getrows(); } function insert($table,$data) { global $commonpath; require_once("$commonpath/form.php"); createSQLQuery($data,$fields,$values,"INSERT"); $this->execsql("INSERT INTO $table ($fields) VALUES($values)"); } function replace($table,$data) { global $commonpath; require_once("$commonpath/form.php"); createSQLQuery($data,$fields,$values,"INSERT"); $this->execsql("REPLACE INTO $table ($fields) VALUES($values)"); } function update($table, $data, $where) { global $commonpath; require_once("$commonpath/form.php"); createSQLQuery($data,$fields,$values,"UPDATE"); $this->execsql("UPDATE $table SET $values WHERE $where "); } function delete($table, $where) { $this->execsql("DELETE FROM $table WHERE $where "); } function insert_id() { return mysql_insert_id($this->link); } function recordcount() { return mysql_num_rows($this->result); } function num_rows() { return $this->recordcount(); } function affected_rows() { return mysql_affected_rows($this->link); } }; // end of class ?>structureid = $structureid; global $hostname_connection, $username_connection, $password_connection, $database_connection; $this->db = new DBTable(); $this->db->connect($hostname_connection, $username_connection, $password_connection, $database_connection); $checkvisiblesql = "SELECT id_str, published_str, publishstart_str, publishend_str FROM sys_structure_str WHERE idsit_str=$SITE_ID AND id_str=" . $structureid; $this->db->open($checkvisiblesql); $result = $this->db->rows(); reset($result); if ($this->db->recordcount() > 0) { if ($result[0]["published_str"] == 1) { if ($this->checkpublished($result[0]["publishstart_str"],$result[0]["publishend_str"])) { #if ($userid != -1 || $userid != "") # EVIL bugfix 14:59 4.9.2006 if ($userid != -1 || ($userid."" != "" && $userid != "-1")) { /* # Inloggad # Testa först om användaren har egna rättigheter #$sql = "SELECT sys_users_usr.id_usr, sys_user_role_uro.id_uro, sys_user_role_uro.role_name_uro, sys_role_right_structure_rrs.* FROM sys_users_usr INNER JOIN sys_users_in_role_uir ON (sys_users_usr.id_usr = sys_users_in_role_uir.idusr_uir) INNER JOIN sys_user_role_uro ON (sys_users_in_role_uir.iduro_uir = sys_user_role_uro.id_uro) INNER JOIN sys_role_right_structure_rrs ON (sys_user_role_uro.id_uro = sys_role_right_structure_rrs.iduro_rrs) WHERE ((sys_users_usr.id_usr=$userid) AND (sys_users_usr.active_usr=1) AND (sys_users_usr.idsit_usr=$SITE_ID)) AND (sys_role_right_structure_rrs.idsit_rrs=$SITE_ID) AND (sys_role_right_structure_rrs.idstr_rrs=$structureid)"; $sql = "SELECT sys_users_usr.id_usr, sys_user_role_uro.id_uro, sys_user_role_uro.role_name_uro, sys_role_right_structure_rrs.* FROM sys_users_usr INNER JOIN sys_users_in_role_uir ON (sys_users_usr.id_usr = sys_users_in_role_uir.idusr_uir) INNER JOIN sys_user_role_uro ON (sys_users_in_role_uir.iduro_uir = sys_user_role_uro.id_uro) INNER JOIN sys_role_right_structure_rrs ON (sys_user_role_uro.id_uro = sys_role_right_structure_rrs.iduro_rrs) WHERE ((sys_users_usr.id_usr=$userid) AND (sys_users_usr.active_usr=1) AND (sys_users_usr.idsit_usr=$SITE_ID)) AND (sys_role_right_structure_rrs.idsit_rrs=$SITE_ID) AND (sys_role_right_structure_rrs.idstr_rrs=$structureid)"; $this->db->open($sql); $result = $this->db->rows(); reset($result); if ($this->db->recordcount() == 0) { # Inga egna rättigheter, kolla om authenticated har rätt #$sql = "SELECT sys_user_role_uro.id_uro, sys_user_role_uro.role_name_uro, sys_role_right_structure_rrs.* FROM sys_user_role_uro INNER JOIN sys_role_right_structure_rrs ON sys_user_role_uro.id_uro = sys_role_right_structure_rrs.iduro_rrs WHERE (sys_user_role_uro.idsit_uro=$SITE_ID) AND (sys_role_right_structure_rrs.idsit_rrs=$SITE_ID) AND (sys_user_role_uro.type_uro='AUTH') AND (sys_role_right_structure_rrs.idstr_rrs=$structureid)"; $sql = "SELECT sys_user_role_uro.id_uro, sys_user_role_uro.role_name_uro, sys_role_right_structure_rrs.* FROM sys_user_role_uro INNER JOIN sys_role_right_structure_rrs ON sys_user_role_uro.id_uro = sys_role_right_structure_rrs.iduro_rrs WHERE (sys_user_role_uro.idsit_uro=$SITE_ID) AND (sys_role_right_structure_rrs.idsit_rrs=$SITE_ID) AND (sys_user_role_uro.type_uro='AUTH') AND (sys_role_right_structure_rrs.idstr_rrs=$structureid)"; } */ $sql = "SELECT sys_user_role_uro.id_uro, sys_user_role_uro.role_name_uro, sys_role_right_structure_rrs.* FROM sys_user_role_uro INNER JOIN sys_role_right_structure_rrs ON sys_user_role_uro.id_uro = sys_role_right_structure_rrs.iduro_rrs WHERE (sys_user_role_uro.idsit_uro=$SITE_ID) AND (sys_role_right_structure_rrs.idsit_rrs=$SITE_ID) AND (sys_user_role_uro.type_uro='AUTH') AND (sys_role_right_structure_rrs.idstr_rrs=$structureid) UNION SELECT sys_user_role_uro.id_uro, sys_user_role_uro.role_name_uro, sys_role_right_structure_rrs.* FROM sys_users_usr INNER JOIN sys_users_in_role_uir ON (sys_users_usr.id_usr = sys_users_in_role_uir.idusr_uir) INNER JOIN sys_user_role_uro ON (sys_users_in_role_uir.iduro_uir = sys_user_role_uro.id_uro) INNER JOIN sys_role_right_structure_rrs ON (sys_user_role_uro.id_uro = sys_role_right_structure_rrs.iduro_rrs) WHERE ((sys_users_usr.id_usr=$userid) AND (sys_users_usr.active_usr=1) AND (sys_users_usr.idsit_usr=$SITE_ID)) AND (sys_role_right_structure_rrs.idsit_rrs=$SITE_ID) AND (sys_role_right_structure_rrs.idstr_rrs=$structureid)"; }else{ # Oinloggad $sql = "SELECT sys_user_role_uro.id_uro, sys_user_role_uro.role_name_uro, sys_role_right_structure_rrs.* FROM sys_user_role_uro INNER JOIN sys_role_right_structure_rrs ON sys_user_role_uro.id_uro = sys_role_right_structure_rrs.iduro_rrs WHERE (sys_user_role_uro.idsit_uro = $SITE_ID) AND (sys_role_right_structure_rrs.idsit_rrs = $SITE_ID) AND (sys_user_role_uro.type_uro='ANON') AND (sys_role_right_structure_rrs.idstr_rrs=$structureid)"; } $this->db->open($sql); $result = $this->db->rows(); reset($result); #echo "
"; #echo $sql; #echo "
view:" . $result[0]["view"]; #echo "
"; $this->restrictions["structureid"] = $structureid; $this->restrictions["view"] = 0; $this->restrictions["edit"] = 0; #echo $this->db->recordcount() . "-----" . $structureid . "
"; while(list($key, $sec) = each($result)) { #echo "v:" . $sec["view_rrs"] ."
"; #echo "e:" . $sec["edit_rrs"] ."
"; if ($sec["view_rrs"] == 1 || ($system == 1 && $SITE_ID == $_SESSION["user"]["site"])) { $this->restrictions["view"] = 1; #Skapa rättighets array för varje modul i sidan if ($system == 1 && $SITE_ID == $_SESSION["user"]["site"]) { $mod_sql = "SELECT sys_role_right_module_rrm.view_rrm, sys_role_right_module_rrm.create_rrm, sys_role_right_module_rrm.edit_rrm, sys_role_right_module_rrm.delete_rrm, sys_module_in_structure_mis.id_mis, sys_module_in_structure_mis.idstr_mis FROM sys_module_in_structure_mis LEFT OUTER JOIN sys_role_right_module_rrm ON (sys_module_in_structure_mis.id_mis = sys_role_right_module_rrm.idmis_rrm) INNER JOIN sys_user_role_uro ON (sys_role_right_module_rrm.iduro_rrm = sys_user_role_uro.id_uro) LEFT OUTER JOIN sys_users_in_role_uir ON (sys_user_role_uro.id_uro = sys_users_in_role_uir.iduro_uir) WHERE (sys_module_in_structure_mis.idsit_mis = $SITE_ID) AND (sys_role_right_module_rrm.idsit_rrm = $SITE_ID) AND (sys_user_role_uro.idsit_uro = $SITE_ID) AND (sys_module_in_structure_mis.idstr_mis = $structureid) ORDER BY id_mis"; }else{ if ($_SESSION["user"]["userid"] == -1) { # Anonym $mod_sql = "SELECT sys_role_right_module_rrm.view_rrm, sys_role_right_module_rrm.create_rrm, sys_role_right_module_rrm.edit_rrm, sys_role_right_module_rrm.delete_rrm, sys_module_in_structure_mis.id_mis, sys_module_in_structure_mis.idstr_mis FROM sys_module_in_structure_mis LEFT OUTER JOIN sys_role_right_module_rrm ON (sys_module_in_structure_mis.id_mis = sys_role_right_module_rrm.idmis_rrm) INNER JOIN sys_user_role_uro ON (sys_role_right_module_rrm.iduro_rrm = sys_user_role_uro.id_uro) LEFT OUTER JOIN sys_users_in_role_uir ON (sys_user_role_uro.id_uro = sys_users_in_role_uir.iduro_uir) WHERE (sys_module_in_structure_mis.idsit_mis = $SITE_ID) AND (sys_role_right_module_rrm.idsit_rrm = $SITE_ID) AND (sys_user_role_uro.idsit_uro = $SITE_ID) AND (sys_module_in_structure_mis.idstr_mis = $structureid) AND (sys_user_role_uro.type_uro='ANON') ORDER BY id_mis"; }elseif ($_SESSION["user"]["userid"] != -1) { # Inloggad #$mod_sql = "SELECT sys_role_right_module_rrm.view_rrm, sys_role_right_module_rrm.create_rrm, sys_role_right_module_rrm.edit_rrm, sys_role_right_module_rrm.delete_rrm, sys_module_in_structure_mis.id_mis, sys_module_in_structure_mis.idstr_mis FROM sys_module_in_structure_mis LEFT OUTER JOIN sys_role_right_module_rrm ON (sys_module_in_structure_mis.id_mis = sys_role_right_module_rrm.idmis_rrm) INNER JOIN sys_user_role_uro ON (sys_role_right_module_rrm.iduro_rrm = sys_user_role_uro.id_uro) LEFT OUTER JOIN sys_users_in_role_uir ON (sys_user_role_uro.id_uro = sys_users_in_role_uir.iduro_uir) WHERE (sys_module_in_structure_mis.idsit_mis = $SITE_ID) AND (sys_role_right_module_rrm.idsit_rrm = $SITE_ID) AND (sys_user_role_uro.idsit_uro = $SITE_ID) AND (sys_module_in_structure_mis.idstr_mis = $structureid) AND ( (sys_users_in_role_uir.idusr_uir=$userid) OR (sys_user_role_uro.type_uro='ANON') OR (sys_user_role_uro.type_uro='AUTH') ) ORDER BY id_mis"; $mod_sql = "SELECT sys_role_right_module_rrm.view_rrm, sys_role_right_module_rrm.create_rrm, sys_role_right_module_rrm.edit_rrm, sys_role_right_module_rrm.delete_rrm, sys_module_in_structure_mis.id_mis, sys_module_in_structure_mis.idstr_mis FROM sys_module_in_structure_mis LEFT OUTER JOIN sys_role_right_module_rrm ON (sys_module_in_structure_mis.id_mis = sys_role_right_module_rrm.idmis_rrm) INNER JOIN sys_user_role_uro ON (sys_role_right_module_rrm.iduro_rrm = sys_user_role_uro.id_uro) LEFT OUTER JOIN sys_users_in_role_uir ON (sys_user_role_uro.id_uro = sys_users_in_role_uir.iduro_uir) WHERE (sys_module_in_structure_mis.idsit_mis = $SITE_ID) AND (sys_role_right_module_rrm.idsit_rrm = $SITE_ID) AND (sys_user_role_uro.idsit_uro = $SITE_ID) AND (sys_module_in_structure_mis.idstr_mis = $structureid) AND ( (sys_users_in_role_uir.idusr_uir=$userid) OR (sys_user_role_uro.type_uro='AUTH') ) ORDER BY id_mis"; } } #echo $mod_sql; #exit; $this->db->open($mod_sql); $mod_result = $this->db->rows(); reset($mod_result); $last_mod = -1; while(list($mkey, $m) = each($mod_result)) { $mod_id = $m["id_mis"]; if ($last_mod != $mod_id) { $mod_view = 0; $mod_create = 0; $mod_edit = 0; $mod_delete = 0; } if ($m["view_rrm"] == 1 && $SITE_ID == $_SESSION["user"]["site"]) { $mod_view = 1; } if ($m["create_rrm"] == 1 && $SITE_ID == $_SESSION["user"]["site"]) { $mod_create = 1; } if ($m["edit_rrm"] == 1 && $SITE_ID == $_SESSION["user"]["site"]) { $mod_edit = 1; } if ($m["delete_rrm"] == 1 && $SITE_ID == $_SESSION["user"]["site"]) { $mod_delete = 1; } if ($system == 1 && $SITE_ID == $_SESSION["user"]["site"]) { $mod_view = 1; $mod_create = 1; $mod_edit = 1; $mod_delete = 1; } $this->restrictions[$mod_id] = array("view" => $mod_view, "create" => $mod_create, "edit" => $mod_edit, "delete" => $mod_delete); $last_mod = $mod_id; } } if ($sec["edit_rrs"] == 1 && $SITE_ID == $_SESSION["user"]["site"]) { $this->restrictions["edit"] = 1; } } if ($system == 1 && $SITE_ID == $_SESSION["user"]["site"]) { $this->restrictions["structureid"] = $structureid; $this->restrictions["view"] = 1; $this->restrictions["edit"] = 1; } #print_r ($restrictions); return $this->restrictions; } } } }else{ $this->restrictions["structureid"] = $structureid; $this->restrictions["view"] = 0; $this->restrictions["edit"] = 0; } } function getallaccess() { return $this->restrictions; } function getmoduleaccess($moduleid) { reset($this->restrictions); while(list($item) = each($this->restrictions)) { if ($item == $moduleid) { return $this->restrictions[$item]; } } } function getpageaccess() { return array("structureid" => $this->restrictions["structureid"],"view" => $this->restrictions["view"],"edit" => $this->restrictions["edit"]); } function structureid() { echo (isset($this->structureid)) ? $this->structureid : ""; } function checkpublished($start,$end) { #if ($start == "0000-00-00 00:00:00") if ($start == "") { $startvar1 = -1; }else{ $startvar1 = intval(strtotime($start)); } #if ($start == "0000-00-00 00:00:00") if ($start == "") { $startvar2 = 0; }else{ $startvar2 = intval(time()); } #if ($end == "0000-00-00 00:00:00") if ($end == "") { $endvar1 = 1; }else{ $endvar1 = intval(strtotime($end)); } #if ($end == "0000-00-00 00:00:00") if ($end == "") { $endvar2 = 0; }else{ $endvar2 = intval(time()); } if ($startvar1 < $startvar2 && $endvar1 > $endvar2) { return true; }else{ return false; } /*($result[0]["publishstart"] == "0000-00-00 00:00:00") ? -1 : intval(strtotime($result[0]["publishstart"])) < ($result[0]["publishstart"] == "0000-00-00 00:00:00") ? 0 : intval(time()) && ($result[0]["publishend"] == "0000-00-00 00:00:00") ? 1 : intval(strtotime($result[0]["publishend"])) > ($result[0]["publishend"] == "0000-00-00 00:00:00") ? 0 : intval(time()) */ } } ?>