0byt3m1n1
Path:
/
data
/
applications
/
aps.bak
/
postnuke
/
0.764-3
/
standard
/
htdocs
/
modules
/
AvantGo
/
[
Home
]
File: pnadmin.php
<?php // $Id: pnadmin.php 17528 2006-01-12 13:37:48Z markwest $ // ---------------------------------------------------------------------- // PostNuke Content Management System // Copyright (C) 2002 by the PostNuke Development Team. // http://www.postnuke.com/ // ---------------------------------------------------------------------- // Based on: // PHP-NUKE Web Portal System - http://phpnuke.org/ // Thatware - http://thatware.org/ // ---------------------------------------------------------------------- // LICENSE // // This program is free software; you can redistribute it and/or // modify it under the terms of the GNU General Public License (GPL) // as published by the Free Software Foundation; either version 2 // of the License, or (at your option) any later version. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // To read the license please visit http://www.gnu.org/copyleft/gpl.html // ---------------------------------------------------------------------- // Original Author of file: Mark West // Purpose of file: AvantGo administration display functions // ---------------------------------------------------------------------- /** * @package PostNuke_Content_Modules * @subpackage AvantGo * @license http://www.gnu.org/copyleft/gpl.html */ /** * the main administration function * This function is the default function, and is called whenever the * module is initiated without defining arguments. As such it can * be used for a number of things, but most commonly it either just * shows the module menu and returns or calls whatever the module * designer feels should be the default function (often this is the * view() function) * @author Mark West * @link http://www.markwest.me.uk * @return string HTML string */ function AvantGo_admin_main() { // Security check - important to do this as early as possible to avoid // potential security holes or just too much wasted processing. For the // main function we want to check that the user has at least edit privilege // for some item within this component, or else they won't be able to do // anything and so we refuse access altogether. The lowest level of access // for administration depends on the particular module, but it is generally // either 'edit' or 'delete' if (!pnSecAuthAction(0, 'AvantGo::', '::', ACCESS_EDIT)) { return pnVarPrepHTMLDisplay(_MODULENOAUTH); } // Create output object - this object will store all of our output so that // we can return it easily when required $pnRender =& new pnRender('AvantGo'); // Return the output that has been generated by this function return $pnRender->fetch('avantgo_admin_main.htm'); } /** * View items that would be displayed by the module within PN framework * @author Mark West * @link http://www.markwest.me.uk * @param 'startnum' the starting article numbner * @return strong HTML string * @todo change avantgo api to news api once news module is api compliant */ function AvantGo_admin_view() { // Security check - important to do this as early as possible to avoid // potential security holes or just too much wasted processing if (!pnSecAuthAction(0, 'AvantGo::', '::', ACCESS_EDIT)) { return pnVarPrepHTMLDisplay(_MODULENOAUTH); } // Get parameters from whatever input we need. All arguments to this // function should be obtained from pnVarCleanFromInput(), getting them // from other places such as the environment is not allowed, as that makes // assumptions that will not hold in future versions of PostNuke $startnum = pnVarCleanFromInput('startnum'); // Create output object - this object will store all of our output so that // we can return it easily when required $pnRender =& new pnRender('AvantGo'); // We need the pnsecgenauthkey plugin, so we must not cache here. $pnRender->caching = false; // The user API function is called. This takes the number of items // required and the first number in the list of all items, which we // obtained from the input and gets us the information on the appropriate // items. $items = pnModAPIFunc('AvantGo', 'user', 'getall', array('startnum' => $startnum, 'numitems' => pnModGetVar('AvantGo', 'itemsperpage'))); // Loop through each returned item adding in the options that the user has over // each item based on the permissions the user has. $storyitems = array(); foreach ($items as $item) { $row = array(); // The API function is called. The arguments to the function are passed in // as their own arguments array $item['cattitle'] = pnModAPIFunc('AvantGo', 'user', 'getcattitle', array('catid' => $item['catid'])); // Check permissions on the item if (pnSecAuthAction(0, 'Stories::Story', "$item[aid]:$item[cattitle]:$item[sid]", ACCESS_READ)) { $storyitems[] = $item; } } $pnRender->assign('storyitems', $storyitems); // Return the output that has been generated by this function return $pnRender->fetch('avantgo_admin_view.htm'); } /** * This is a standard function to modify the configuration parameters of the * module * @author Mark West * @link http://www.markwest.me.uk * @return string HTML string */ function AvantGo_admin_modifyconfig() { // Security check - important to do this as early as possible to avoid // potential security holes or just too much wasted processing if (!pnSecAuthAction(0, 'AvantGo::', '::', ACCESS_ADMIN)) { return pnVarPrepHTMLDisplay(_MODULENOAUTH); } // Create output object - this object will store all of our output so that // we can return it easily when required $pnRender =& new pnRender('AvantGo'); // We need the pnsecgenauthkey plugin, so we must not cache here. $pnRender->caching = false; // assign all module vars $pnRender->assign(pnModGetVar('AvantGo')); // Return the output that has been generated by this function return $pnRender->fetch('avantgo_admin_modifyconfig.htm'); } /** * This is a standard function to update the configuration parameters of the * module given the information passed back by the modification form * @author Mark West * @link http://www.markwest.me.uk * @param 'itemsperpage' the number of items to display on the module page * @return bool true if update successful, false otherwise */ function AvantGo_admin_updateconfig() { // Security check - important to do this as early as possible to avoid // potential security holes or just too much wasted processing if (!pnSecAuthAction(0, 'AvantGo::', '::', ACCESS_EDIT)) { return pnVarPrepHTMLDisplay(_MODULENOAUTH); } // Get parameters from whatever input we need. All arguments to this // function should be obtained from pnVarCleanFromInput(), getting them // from other places such as the environment is not allowed, as that makes // assumptions that will not hold in future versions of PostNuke $itemsperpage = pnVarCleanFromInput('itemsperpage'); // Confirm authorisation code. This checks that the form had a valid // authorisation code attached to it. If it did not then the function will // proceed no further as it is possible that this is an attempt at sending // in false data to the system if (!pnSecConfirmAuthKey()) { pnSessionSetVar('errormsg', _BADAUTHKEY); pnRedirect(pnModURL('AvantGo', 'admin', 'view')); return true; } // Update module variables. Note that depending on the HTML structure used // to obtain the information from the user it is possible that the values // might be unset, so it is important to check them all and assign them // default values if required if (empty($itemsperpage)) { $itemsperpage = 10; } pnModSetVar('AvantGo', 'itemsperpage', $itemsperpage); // the module configuration has been updated successfuly pnSessionSetVar('statusmsg', _CONFIGUPDATED); // This function generated no output, and so now it is complete we redirect // the user to an appropriate page for them to carry on their work pnRedirect(pnModURL('AvantGo', 'admin', 'view')); // Return return true; } ?>