# HG changeset patch # User peter # Date 1207259316 0 # Node ID cb06e3e29ed83f5eac2b40f7e3cafc61dd64da31 # Parent 700a3674b72e97259230a110b559ba6244f05c9f [feladat @ 230] Fixed a lot of notices which where shown when php was running in E_ALL instead of E_ALL & ~E_NOTICE Bugfix: In the index.php the Add supermaster wasn't displayed due to a wrong parameter in the check. diff -r 700a3674b72e -r cb06e3e29ed8 add_perm_templ.php --- a/add_perm_templ.php Thu Apr 03 18:57:11 2008 +0000 +++ b/add_perm_templ.php Thu Apr 03 21:48:36 2008 +0000 @@ -22,7 +22,7 @@ require_once("inc/toolkit.inc.php"); include_once("inc/header.inc.php"); -if (!verify_permission(templ_perm_edit)) { +if (!verify_permission('templ_perm_edit')) { error(ERR_PERM_EDIT_PERM_TEMPL); } else { diff -r 700a3674b72e -r cb06e3e29ed8 add_record.php --- a/add_record.php Thu Apr 03 18:57:11 2008 +0000 +++ b/add_record.php Thu Apr 03 21:48:36 2008 +0000 @@ -22,16 +22,16 @@ require_once("inc/toolkit.inc.php"); include_once("inc/header.inc.php"); -if (verify_permission(zone_content_view_others)) { $perm_view = "all" ; } -elseif (verify_permission(zone_content_view_own)) { $perm_view = "own" ; } +if (verify_permission('zone_content_view_others')) { $perm_view = "all" ; } +elseif (verify_permission('zone_content_view_own')) { $perm_view = "own" ; } else { $perm_view = "none" ; } -if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; } -elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; } +if (verify_permission('zone_content_edit_others')) { $perm_content_edit = "all" ; } +elseif (verify_permission('zone_content_edit_own')) { $perm_content_edit = "own" ; } else { $perm_content_edit = "none" ; } -if (verify_permission(zone_meta_edit_others)) { $perm_meta_edit = "all" ; } -elseif (verify_permission(zone_meta_edit_own)) { $perm_meta_edit = "own" ; } +if (verify_permission('zone_meta_edit_others')) { $perm_meta_edit = "all" ; } +elseif (verify_permission('zone_meta_edit_own')) { $perm_meta_edit = "own" ; } else { $perm_meta_edit = "none" ; } $zone_id = "-1"; diff -r 700a3674b72e -r cb06e3e29ed8 add_supermaster.php --- a/add_supermaster.php Thu Apr 03 18:57:11 2008 +0000 +++ b/add_supermaster.php Thu Apr 03 21:48:36 2008 +0000 @@ -26,7 +26,7 @@ $ns_name = $_POST["ns_name"]; $account = $_POST["account"]; -(verify_permission(supermaster_add)) ? $supermasters_add = "1" : $supermasters_add = "0"; +(verify_permission('supermaster_add')) ? $supermasters_add = "1" : $supermasters_add = "0"; if($_POST["submit"]) { diff -r 700a3674b72e -r cb06e3e29ed8 add_user.php --- a/add_user.php Thu Apr 03 18:57:11 2008 +0000 +++ b/add_user.php Thu Apr 03 21:48:36 2008 +0000 @@ -22,7 +22,7 @@ require_once("inc/toolkit.inc.php"); include_once("inc/header.inc.php"); -if (!verify_permission(user_add_new)) { +if (!verify_permission('user_add_new')) { error(ERR_PERM_ADD_USER); } else { if($_POST["commit"]) { diff -r 700a3674b72e -r cb06e3e29ed8 add_zone_master.php --- a/add_zone_master.php Thu Apr 03 18:57:11 2008 +0000 +++ b/add_zone_master.php Thu Apr 03 21:48:36 2008 +0000 @@ -37,7 +37,7 @@ $mailip = $_POST["mailip"]; $empty = $_POST["empty"]; -(verify_permission(zone_master_add)) ? $zone_master_add = "1" : $zone_master_add = "0" ; +(verify_permission('zone_master_add')) ? $zone_master_add = "1" : $zone_master_add = "0" ; if ($_POST['submit'] && $zone_master_add == "1" ) { diff -r 700a3674b72e -r cb06e3e29ed8 add_zone_slave.php --- a/add_zone_slave.php Thu Apr 03 18:57:11 2008 +0000 +++ b/add_zone_slave.php Thu Apr 03 21:48:36 2008 +0000 @@ -31,7 +31,7 @@ $master = $_POST['slave_master']; $type = "SLAVE"; -(verify_permission(zone_slave_add)) ? $zone_slave_add = "1" : $zone_slave_add = "0" ; +(verify_permission('zone_slave_add')) ? $zone_slave_add = "1" : $zone_slave_add = "0" ; if ($_POST['submit'] && $zone_slave_add == "1") { if (!is_valid_domain($zone)) { diff -r 700a3674b72e -r cb06e3e29ed8 delete_domain.php --- a/delete_domain.php Thu Apr 03 18:57:11 2008 +0000 +++ b/delete_domain.php Thu Apr 03 21:48:36 2008 +0000 @@ -22,8 +22,8 @@ require_once("inc/toolkit.inc.php"); include_once("inc/header.inc.php"); -if (verify_permission(zone_content_edit_others)) { $perm_edit = "all" ; } -elseif (verify_permission(zone_content_edit_own)) { $perm_edit = "own" ;} +if (verify_permission('zone_content_edit_others')) { $perm_edit = "all" ; } +elseif (verify_permission('zone_content_edit_own')) { $perm_edit = "own" ;} else { $perm_edit = "none" ; } $zone_id = "-1"; diff -r 700a3674b72e -r cb06e3e29ed8 delete_perm_templ.php --- a/delete_perm_templ.php Thu Apr 03 18:57:11 2008 +0000 +++ b/delete_perm_templ.php Thu Apr 03 21:48:36 2008 +0000 @@ -35,7 +35,7 @@ if ($perm_templ == "-1"){ error(ERR_INV_INPUT); } else { - if (!(verify_permission(user_edit_templ_perm))) { + if (!(verify_permission('user_edit_templ_perm'))) { error(ERR_PERM_DEL_PERM_TEMPL); } else { $templ_details = get_permission_template_details($perm_templ); diff -r 700a3674b72e -r cb06e3e29ed8 delete_record.php --- a/delete_record.php Thu Apr 03 18:57:11 2008 +0000 +++ b/delete_record.php Thu Apr 03 21:48:36 2008 +0000 @@ -32,8 +32,8 @@ $confirm = $_GET['confirm']; } -if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; } -elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; } +if (verify_permission('zone_content_edit_others')) { $perm_content_edit = "all" ; } +elseif (verify_permission('zone_content_edit_own')) { $perm_content_edit = "own" ; } else { $perm_content_edit = "none" ; } $user_is_zone_owner = verify_user_is_owner_zoneid($_GET["domain"]); diff -r 700a3674b72e -r cb06e3e29ed8 delete_supermaster.php --- a/delete_supermaster.php Thu Apr 03 18:57:11 2008 +0000 +++ b/delete_supermaster.php Thu Apr 03 21:48:36 2008 +0000 @@ -35,7 +35,7 @@ if ($master_ip == "-1"){ error(ERR_INV_INPUT); } else { - (verify_permission(supermaster_edit)) ? $perm_sm_edit = "1" : $perm_sm_edit = "0" ; + (verify_permission('supermaster_edit')) ? $perm_sm_edit = "1" : $perm_sm_edit = "0" ; if ($perm_sm_edit == "0") { error(ERR_PERM_DEL_SM); } else { diff -r 700a3674b72e -r cb06e3e29ed8 delete_user.php --- a/delete_user.php Thu Apr 03 18:57:11 2008 +0000 +++ b/delete_user.php Thu Apr 03 21:48:36 2008 +0000 @@ -22,8 +22,8 @@ require_once("inc/toolkit.inc.php"); include_once("inc/header.inc.php"); -verify_permission(user_edit_own) ? $perm_edit_own = "1" : $perm_edit_own = "0" ; -verify_permission(user_edit_others) ? $perm_edit_others = "1" : $perm_edit_others = "0" ; +verify_permission('user_edit_own') ? $perm_edit_own = "1" : $perm_edit_own = "0" ; +verify_permission('user_edit_others') ? $perm_edit_others = "1" : $perm_edit_others = "0" ; if (!(isset($_GET['id']) && v_num($_GET['id']))) { error(ERR_INV_INPUT); @@ -39,7 +39,7 @@ } } else { - if (($uid != $_SESSION['userid'] && !verify_permission(user_edit_others)) || ($uid == $_SESSION['userid'] && !verify_permission(user_edit_own))) { + if (($uid != $_SESSION['userid'] && !verify_permission('user_edit_others')) || ($uid == $_SESSION['userid'] && !verify_permission('user_edit_own'))) { error(ERR_PERM_DEL_USER); include_once("inc/footer.inc.php"); exit; diff -r 700a3674b72e -r cb06e3e29ed8 edit.php --- a/edit.php Thu Apr 03 18:57:11 2008 +0000 +++ b/edit.php Thu Apr 03 21:48:36 2008 +0000 @@ -39,16 +39,16 @@ } } -if (verify_permission(zone_content_view_others)) { $perm_view = "all" ; } -elseif (verify_permission(zone_content_view_own)) { $perm_view = "own" ; } +if (verify_permission('zone_content_view_others')) { $perm_view = "all" ; } +elseif (verify_permission('zone_content_view_own')) { $perm_view = "own" ; } else { $perm_view = "none" ; } -if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; } -elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; } +if (verify_permission('zone_content_edit_others')) { $perm_content_edit = "all" ; } +elseif (verify_permission('zone_content_edit_own')) { $perm_content_edit = "own" ; } else { $perm_content_edit = "none" ; } -if (verify_permission(zone_meta_edit_others)) { $perm_meta_edit = "all" ; } -elseif (verify_permission(zone_meta_edit_own)) { $perm_meta_edit = "own" ; } +if (verify_permission('zone_meta_edit_others')) { $perm_meta_edit = "all" ; } +elseif (verify_permission('zone_meta_edit_own')) { $perm_meta_edit = "own" ; } else { $perm_meta_edit = "none" ; } $user_is_zone_owner = verify_user_is_owner_zoneid($zone_id); @@ -181,7 +181,7 @@ echo " \n"; foreach($server_types as $type) { - unset($add); + $add = ''; if ($type == $domain_type) { $add = " SELECTED"; } diff -r 700a3674b72e -r cb06e3e29ed8 edit_perm_templ.php --- a/edit_perm_templ.php Thu Apr 03 18:57:11 2008 +0000 +++ b/edit_perm_templ.php Thu Apr 03 21:48:36 2008 +0000 @@ -29,7 +29,7 @@ if ($id == "-1") { error(ERR_INV_INPUT); -} elseif (!verify_permission(templ_perm_edit)) { +} elseif (!verify_permission('templ_perm_edit')) { error(ERR_PERM_EDIT_PERM_TEMPL); } else { $id = $_GET['id']; diff -r 700a3674b72e -r cb06e3e29ed8 edit_record.php --- a/edit_record.php Thu Apr 03 18:57:11 2008 +0000 +++ b/edit_record.php Thu Apr 03 21:48:36 2008 +0000 @@ -22,16 +22,16 @@ require_once("inc/toolkit.inc.php"); include_once("inc/header.inc.php"); -if (verify_permission(zone_content_view_others)) { $perm_view = "all" ; } -elseif (verify_permission(zone_content_view_own)) { $perm_view = "own" ; } +if (verify_permission('zone_content_view_others')) { $perm_view = "all" ; } +elseif (verify_permission('zone_content_view_own')) { $perm_view = "own" ; } else { $perm_view = "none" ; } -if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; } -elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; } +if (verify_permission('zone_content_edit_others')) { $perm_content_edit = "all" ; } +elseif (verify_permission('zone_content_edit_own')) { $perm_content_edit = "own" ; } else { $perm_content_edit = "none" ; } -if (verify_permission(zone_meta_edit_others)) { $perm_meta_edit = "all" ; } -elseif (verify_permission(zone_meta_edit_own)) { $perm_meta_edit = "own" ; } +if (verify_permission('zone_meta_edit_others')) { $perm_meta_edit = "all" ; } +elseif (verify_permission('zone_meta_edit_own')) { $perm_meta_edit = "own" ; } else { $perm_meta_edit = "none" ; } $zid = get_zone_id_from_record_id($_GET["id"]); diff -r 700a3674b72e -r cb06e3e29ed8 edit_user.php --- a/edit_user.php Thu Apr 03 18:57:11 2008 +0000 +++ b/edit_user.php Thu Apr 03 21:48:36 2008 +0000 @@ -27,8 +27,8 @@ $edit_id = $_GET['id']; } -verify_permission(user_edit_own) ? $perm_edit_own = "1" : $perm_edit_own = "0" ; -verify_permission(user_edit_others) ? $perm_edit_others = "1" : $perm_edit_others = "0" ; +verify_permission('user_edit_own') ? $perm_edit_own = "1" : $perm_edit_own = "0" ; +verify_permission('user_edit_others') ? $perm_edit_others = "1" : $perm_edit_others = "0" ; if ($edit_id == "-1") { error(ERR_INV_INPUT); diff -r 700a3674b72e -r cb06e3e29ed8 inc/auth.inc.php --- a/inc/auth.inc.php Thu Apr 03 18:57:11 2008 +0000 +++ b/inc/auth.inc.php Thu Apr 03 21:48:36 2008 +0000 @@ -53,7 +53,7 @@ $rowObj = $result->fetchRow(); $_SESSION["userid"] = $rowObj["id"]; $_SESSION["name"] = $rowObj["fullname"]; - if($_POST["authenticate"]) + if(isset($_POST["authenticate"])) { //If a user has just authenticated, redirect him to index with timestamp, so post-data gets lost. session_write_close(); diff -r 700a3674b72e -r cb06e3e29ed8 inc/header.inc.php --- a/inc/header.inc.php Thu Apr 03 18:57:11 2008 +0000 +++ b/inc/header.inc.php Thu Apr 03 21:48:36 2008 +0000 @@ -37,13 +37,13 @@ if (isset($_SESSION["userid"])) { - verify_permission(search) ? $perm_search = "1" : $perm_search = "0" ; - verify_permission(zone_content_view_own) ? $perm_view_zone_own = "1" : $perm_view_zone_own = "0" ; - verify_permission(zone_content_view_other) ? $perm_view_zone_other = "1" : $perm_view_zone_other = "0" ; - verify_permission(supermaster_view) ? $perm_supermaster_view = "1" : $perm_supermaster_view = "0" ; - verify_permission(zone_master_add) ? $perm_zone_master_add = "1" : $perm_zone_master_add = "0" ; - verify_permission(zone_slave_add) ? $perm_zone_slave_add = "1" : $perm_zone_slave_add = "0" ; - verify_permission(supermaster_add) ? $perm_supermaster_add = "1" : $perm_supermaster_add = "0" ; + verify_permission('search') ? $perm_search = "1" : $perm_search = "0" ; + verify_permission('zone_content_view_own') ? $perm_view_zone_own = "1" : $perm_view_zone_own = "0" ; + verify_permission('zone_content_view_other') ? $perm_view_zone_other = "1" : $perm_view_zone_other = "0" ; + verify_permission('supermaster_view') ? $perm_supermaster_view = "1" : $perm_supermaster_view = "0" ; + verify_permission('zone_master_add') ? $perm_zone_master_add = "1" : $perm_zone_master_add = "0" ; + verify_permission('zone_slave_add') ? $perm_zone_slave_add = "1" : $perm_zone_slave_add = "0" ; + verify_permission('supermaster_add') ? $perm_supermaster_add = "1" : $perm_supermaster_add = "0" ; echo "
\n"; echo " " . _('Index') . "\n"; diff -r 700a3674b72e -r cb06e3e29ed8 inc/record.inc.php --- a/inc/record.inc.php Thu Apr 03 18:57:11 2008 +0000 +++ b/inc/record.inc.php Thu Apr 03 21:48:36 2008 +0000 @@ -94,8 +94,8 @@ */ function edit_record($record) { - if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; } - elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; } + if (verify_permission('zone_content_edit_others')) { $perm_content_edit = "all" ; } + elseif (verify_permission('zone_content_edit_own')) { $perm_content_edit = "own" ; } else { $perm_content_edit = "none" ; } $user_is_zone_owner = verify_user_is_owner_zoneid($record['zid']); @@ -148,8 +148,8 @@ function add_record($zoneid, $name, $type, $content, $ttl, $prio) { global $db; - if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; } - elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; } + if (verify_permission('zone_content_edit_others')) { $perm_content_edit = "all" ; } + elseif (verify_permission('zone_content_edit_own')) { $perm_content_edit = "own" ; } else { $perm_content_edit = "none" ; } $user_is_zone_owner = verify_user_is_owner_zoneid($zoneid); @@ -264,8 +264,8 @@ { global $db; - if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; } - elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; } + if (verify_permission('zone_content_edit_others')) { $perm_content_edit = "all" ; } + elseif (verify_permission('zone_content_edit_own')) { $perm_content_edit = "own" ; } else { $perm_content_edit = "none" ; } // Determine ID of zone first. @@ -301,8 +301,8 @@ */ function add_domain($domain, $owner, $webip, $mailip, $empty, $type, $slave_master) { - if(verify_permission(zone_master_add)) { $zone_master_add = "1" ; } ; - if(verify_permission(zone_slave_add)) { $zone_slave_add = "1" ; } ; + if(verify_permission('zone_master_add')) { $zone_master_add = "1" ; } ; + if(verify_permission('zone_slave_add')) { $zone_slave_add = "1" ; } ; // TODO: make sure only one is possible if only one is enabled if($zone_master_add == "1" || $zone_slave_add == "1") { @@ -394,8 +394,8 @@ { global $db; - if (verify_permission(zone_content_edit_others)) { $perm_edit = "all" ; } - elseif (verify_permission(zone_content_edit_own)) { $perm_edit = "own" ; } + if (verify_permission('zone_content_edit_others')) { $perm_edit = "all" ; } + elseif (verify_permission('zone_content_edit_own')) { $perm_edit = "own" ; } else { $perm_edit = "none" ; } $user_is_zone_owner = verify_user_is_owner_zoneid($id); @@ -442,7 +442,7 @@ function add_owner_to_zone($zone_id, $user_id) { global $db; - if ( (verify_permission(zone_meta_edit_others)) || (verify_permission(zone_meta_edit_own)) && verify_user_is_owner_zoneid($_GET["id"])) { + if ( (verify_permission('zone_meta_edit_others')) || (verify_permission('zone_meta_edit_own')) && verify_user_is_owner_zoneid($_GET["id"])) { // User is allowed to make change to meta data of this zone. if (is_numeric($zone_id) && is_numeric($user_id) && is_valid_user($user_id)) { @@ -463,7 +463,7 @@ function delete_owner_from_zone($zone_id, $user_id) { global $db; - if ( (verify_permission(zone_meta_edit_others)) || (verify_permission(zone_meta_edit_own)) && verify_user_is_owner_zoneid($_GET["id"])) { + if ( (verify_permission('zone_meta_edit_others')) || (verify_permission('zone_meta_edit_own')) && verify_user_is_owner_zoneid($_GET["id"])) { // User is allowed to make change to meta data of this zone. if (is_numeric($zone_id) && is_numeric($user_id) && is_valid_user($user_id)) { @@ -586,8 +586,8 @@ function get_zone_info_from_id($zone_id) { - if (verify_permission(zone_content_view_others)) { $perm_view = "all" ; } - elseif (verify_permission(zone_content_view_own)) { $perm_view = "own" ; } + if (verify_permission('zone_content_view_others')) { $perm_view = "all" ; } + elseif (verify_permission('zone_content_view_own')) { $perm_view = "own" ; } else { $perm_view = "none" ;} if ($perm_view == "none") { @@ -688,10 +688,11 @@ } -function get_zones($perm,$userid=0,$letterstart=all,$rowstart=0,$rowamount=999999) +function get_zones($perm,$userid=0,$letterstart='all',$rowstart=0,$rowamount=999999) { global $db; global $sql_regexp; + $sql_add = ''; if ($perm != "own" && $perm != "all") { error(ERR_PERM_VIEW_ZONE); return false; @@ -702,7 +703,7 @@ $sql_add = " AND zones.domain_id = domains.id AND zones.owner = ".$db->quote($userid); } - if ($letterstart!=all && $letterstart!=1) { + if ($letterstart!='all' && $letterstart!=1) { $sql_add .=" AND domains.name LIKE ".$db->quote($letterstart."%")." "; } elseif ($letterstart==1) { $sql_add .=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'"; @@ -736,11 +737,12 @@ } // TODO: letterstart limitation and userid permission limitiation should be applied at the same time? -function zone_count_ng($perm, $letterstart=all) { +function zone_count_ng($perm, $letterstart='all') { global $db; global $sql_regexp; $fromTable = 'domains'; + $sql_add = ''; if ($perm != "own" && $perm != "all") { $zone_count = "0"; @@ -752,7 +754,7 @@ AND zones.owner = ".$db->quote($_SESSION['userid']); $fromTable .= ',zones'; } - if ($letterstart!=all && $letterstart!=1) { + if ($letterstart!='all' && $letterstart!=1) { $sql_add .=" AND domains.name LIKE ".$db->quote($letterstart."%")." "; } elseif ($letterstart==1) { $sql_add .=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'"; @@ -828,7 +830,7 @@ function get_records_from_domain_id($id,$rowstart=0,$rowamount=999999) { global $db; if (is_numeric($id)) { - if ($_SESSION[$id."_ispartial"] == 1) { + if ((isset($_SESSION[$id."_ispartial"])) && ($_SESSION[$id."_ispartial"] == 1)) { $db->setLimit($rowamount, $rowstart); $result = $db->query("SELECT record_owners.record_id as id FROM record_owners,domains,records @@ -907,16 +909,21 @@ $holy_grail = trim($holy_grail); - if (verify_permission(zone_content_view_others)) { $perm_view = "all" ; } - elseif (verify_permission(zone_content_view_own)) { $perm_view = "own" ; } + $sql_add_from = ''; + $sql_add_where = ''; + + $return_zones = array(); + $return_records = array(); + + if (verify_permission('zone_content_view_others')) { $perm_view = "all" ; } + elseif (verify_permission('zone_content_view_own')) { $perm_view = "own" ; } else { $perm_view = "none" ; } - if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; } - elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; } + if (verify_permission('zone_content_edit_others')) { $perm_content_edit = "all" ; } + elseif (verify_permission('zone_content_edit_own')) { $perm_content_edit = "own" ; } else { $perm_content_edit = "none" ; } // Search for matching domains - if ($perm == "own") { $sql_add_from = ", zones "; $sql_add_where = " AND zones.domain_id = domains.id AND zones.owner = " . $db->quote($userid); diff -r 700a3674b72e -r cb06e3e29ed8 inc/users.inc.php --- a/inc/users.inc.php Thu Apr 03 18:57:11 2008 +0000 +++ b/inc/users.inc.php Thu Apr 03 21:48:36 2008 +0000 @@ -144,7 +144,7 @@ "fullname" => $r["fullname"], "email" => $r["email"], "description" => $r["description"], - "level" => $r["level"], +// "level" => $r["level"], "active" => $r["active"], "numdomains" => $r["aantal"] ); @@ -207,7 +207,7 @@ { global $db; - if (($uid != $_SESSION['userid'] && !verify_permission(user_edit_others)) || ($uid == $_SESSION['userid'] && !verify_permission(user_edit_own))) { + if (($uid != $_SESSION['userid'] && !verify_permission('user_edit_others')) || ($uid == $_SESSION['userid'] && !verify_permission('user_edit_own'))) { error(ERR_PERM_DEL_USER); return false; } else { @@ -236,7 +236,7 @@ function delete_perm_templ($ptid) { global $db; - if (!(verify_permission(user_edit_templ_perm))) { + if (!(verify_permission('user_edit_templ_perm'))) { error(ERR_PERM_DEL_PERM_TEMPL); } else { $query = "SELECT id FROM users WHERE perm_templ = " . $ptid; @@ -268,8 +268,8 @@ { global $db; - verify_permission(user_edit_own) ? $perm_edit_own = "1" : $perm_edit_own = "0" ; - verify_permission(user_edit_others) ? $perm_edit_others = "1" : $perm_edit_others = "0" ; + verify_permission('user_edit_own') ? $perm_edit_own = "1" : $perm_edit_own = "0" ; + verify_permission('user_edit_others') ? $perm_edit_others = "1" : $perm_edit_others = "0" ; if (($id == $_SESSION["userid"] && $perm_edit_own == "1") || ($id != $_SESSION["userid"] && $perm_edit_others == "1" )) { @@ -474,7 +474,7 @@ if (v_num($specific)) { $sql_add = "AND users.id = " . $db->quote($specific) ; } else { - if (verify_permission(user_view_others)) { + if (verify_permission('user_view_others')) { $sql_add = ""; } else { $sql_add = "AND users.id = " . $db->quote($userid) ; @@ -659,8 +659,8 @@ global $db; - verify_permission(user_edit_own) ? $perm_edit_own = "1" : $perm_edit_own = "0" ; - verify_permission(user_edit_others) ? $perm_edit_others = "1" : $perm_edit_others = "0" ; + verify_permission('user_edit_own') ? $perm_edit_own = "1" : $perm_edit_own = "0" ; + verify_permission('user_edit_others') ? $perm_edit_others = "1" : $perm_edit_others = "0" ; if (($details['uid'] == $_SESSION["userid"] && $perm_edit_own == "1") || ($details['uid'] != $_SESSION["userid"] && $perm_edit_others == "1" )) { @@ -738,7 +738,7 @@ function add_new_user($details) { global $db; - if (!verify_permission(user_add_new)) { + if (!verify_permission('user_add_new')) { error(ERR_PERM_ADD_USER); } elseif (user_exists($details['username'])) { diff -r 700a3674b72e -r cb06e3e29ed8 index.php --- a/index.php Thu Apr 03 18:57:11 2008 +0000 +++ b/index.php Thu Apr 03 21:48:36 2008 +0000 @@ -25,13 +25,13 @@ echo "

" . _('Welcome') . " " . $_SESSION["name"] . "

\n"; -verify_permission(search) ? $perm_search = "1" : $perm_search = "0" ; -verify_permission(zone_content_view_own) ? $perm_view_zone_own = "1" : $perm_view_zone_own = "0" ; -verify_permission(zone_content_view_other) ? $perm_view_zone_other = "1" : $perm_view_zone_other = "0" ; -verify_permission(supermaster_view) ? $perm_supermaster_view = "1" : $perm_supermaster_view = "0" ; -verify_permission(zone_master_add) ? $perm_zone_master_add = "1" : $perm_zone_master_add = "0" ; -verify_permission(zone_slave_add) ? $perm_zone_slave_add = "1" : $perm_zone_slave_add = "0" ; -verify_permission(supermaster_add) ? $perm_supermaster_add = "1" : $perm_supermaster_add = "0" ; +verify_permission('search') ? $perm_search = "1" : $perm_search = "0" ; +verify_permission('zone_content_view_own') ? $perm_view_zone_own = "1" : $perm_view_zone_own = "0" ; +verify_permission('zone_content_view_other') ? $perm_view_zone_other = "1" : $perm_view_zone_other = "0" ; +verify_permission('supermaster_view') ? $perm_supermaster_view = "1" : $perm_supermaster_view = "0" ; +verify_permission('zone_master_add') ? $perm_zone_master_add = "1" : $perm_zone_master_add = "0" ; +verify_permission('zone_slave_add') ? $perm_zone_slave_add = "1" : $perm_zone_slave_add = "0" ; +verify_permission('supermaster_add') ? $perm_supermaster_add = "1" : $perm_supermaster_add = "0" ; echo " \n";