forked from sdc/xerte_2.0
-
Notifications
You must be signed in to change notification settings - Fork 0
/
preview.php
64 lines (46 loc) · 2.43 KB
/
preview.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
<?php
/**
*
* preview page, brings up a preview page for the editor to see their changes
*
* @author Patrick Lockley
* @version 1.0
* @copyright Copyright (c) 2008,2009 University of Nottingham
* @package
*/
require_once(dirname(__FILE__) . "/config.php");
_load_language_file("/preview.inc");
require $xerte_toolkits_site->php_library_path . "screen_size_library.php";
require $xerte_toolkits_site->php_library_path . "template_status.php";
require $xerte_toolkits_site->php_library_path . "user_library.php";
/*
* Check the ID is numeric
*/
if(isset($_SESSION['toolkits_logon_id'])) {
if(is_numeric($_GET['template_id'])) {
$safe_template_id = (int) $_GET['template_id'];
/*
* Standard query
*/
$query_for_preview_content = "select otd.template_name, ld.username, otd.template_framework, tr.user_id, tr.folder, tr.template_id, td.access_to_whom, td.extra_flags";
$query_for_preview_content .= " from " . $xerte_toolkits_site->database_table_prefix . "originaltemplatesdetails otd, " . $xerte_toolkits_site->database_table_prefix . "templaterights tr, " . $xerte_toolkits_site->database_table_prefix . "templatedetails td, " . $xerte_toolkits_site->database_table_prefix . "logindetails ld";
$query_for_preview_content .= " where td.template_type_id = otd.template_type_id and td.creator_id = ld.login_id and tr.template_id = td.template_id and tr.template_id=" . $safe_template_id . " and role='creator'";
$row = db_query_one($query_for_preview_content);
if(!empty($row)) {
// get their username from the db which matches their login_id from the $_SESSION
// ???? This is just the same user as in the previous query, NOT from the session. WHY?
//$row_username = db_query_one("select username from {$xerte_toolkits_site->database_table_prefix}logindetails where login_id=?", array($row['user_id']));
require $xerte_toolkits_site->root_file_path . "modules/" . $row['template_framework'] . "/preview.php";
// is there a matching template?
// if they're an admin or have rights to see the template, then show it.
if(is_user_admin() || has_rights_to_this_template($row['template_id'], $_SESSION['toolkits_logon_id'])){
show_preview_code($row);
exit(0);
}
}
}else{
echo PREVIEW_RESOURCE_FAIL;
}
}else{
echo PREVIEW_RESOURCE_FAIL;
}