1 Topic by John/Will (edited by 2008-08-23 12:29:28)

  • Registered: 2004-07-03
  • Posts: 2,986

Topic: [HACK] Restrict Userlevel to Category

Name: Restrict Userlevel to Category
Author: StealthEye, John/Will, Yeah!Mac
CuteNews Compatibility: 1.3.6 - 1.4.1. Higher version have this option built in.
Description: Alright, the "restricting journalists to categories hack" is back, and is 100% safe atleast in cutenews 1.3.6 and most probably in any other version aswell
(also called "Limiting journalists to categories hack"... thought I'd say "Limiting" so the forum search function will find this thread when lookiing for that...)
Requirements:
Demo:
Discussion Topic:
Instructions:

This script is made in part by StealthEye, in part by someone else, and now I added the final part aswell.. it's perfect now.

so let's get started, it's a lot of work.

there are 3 major steps:
* Editing categories.mdu
* Editing addnews.mdu
* Editing editnews.mdu

all these files are found in your /cutenews/inc/ directory.

<!--coloro:purple--><span style="color:purple"><!--/coloro-->step 1) Out with the old in with the new[/color]

the first thing you need to do is make a backup of all three files in case something bad should happen.. you just never know..

now replace all the text in your categories.mdu file with this:
(just empty it totally and put this code in there instead)

<div class='codetop'>CODE</div><div class='codemain' style='height:200px;white-space:pre;overflow:auto'><?PHP
$result="";
if($member_db[1] != 1){ msg("error", "Access Denied", "You don't have permission to edit categories"); }

// ********************************************************************************
// Add Category
// ********************************************************************************
if($action == "add")
{
$cat_name = htmlspecialchars(stripslashes($cat_name));
if(!$cat_name){ msg("error","Error !!!","Please enter name of the category", "java script:history.go(-1)"); }
$cat_icon = preg_replace("/ /", "", $cat_icon);
if($cat_icon == "(optional)"){ $cat_icon = ""; }

$big_num = file("./data/cat.num.php");
$big_num = $big_num[0];
if(!$big_num or $big_num == ""){ $big_num = 1; }

$all_cats = file("./data/category.db.php");
foreach($all_cats as $cat_line)
{
$cat_arr = explode("|", $cat_line);
if($cat_arr[1] == $cat_name){ msg("error", "Error !!!", "Category with this name already exist", "?mod=categories"); }
if($cat_arr[0] == $big_num){ $big_num = 33; }
}
$new_cats = fopen("./data/category.db.php", "a");
$cat_name = stripslashes( preg_replace(array("'\|'",), array("|",), $cat_name) );
fwrite($new_cats, "$big_num|$cat_name|$cat_icon|$cat_level||\n");
fclose($new_cats);
$big_num ++;

$num_file = fopen("./data/cat.num.php", "w");
fwrite($num_file, $big_num);
fclose($num_file);
}
// ********************************************************************************
// Remove Category
// ********************************************************************************
elseif($action == "remove")
{
if(!$catid){ msg("error","Error !!!","No category ID", "$PHP_SELF?mod=categories"); }

$old_cats = file("./data/category.db.php");
$new_cats = fopen("./data/category.db.php", "w");

foreach($old_cats as $old_cats_line){
$cat_arr = explode("|", $old_cats_line);
if($cat_arr[0] != $catid){
fwrite($new_cats, $old_cats_line);
}
}
fclose($new_cats);
}
// ********************************************************************************
// Edit Category
// ********************************************************************************
elseif($action == "edit")
{
if(!$catid){ msg("error","Error !!!","No category ID", "$PHP_SELF?mod=categories"); }

$all_cats = file("./data/category.db.php");
foreach($all_cats as $cat_line){
$cat_arr = explode("|", $cat_line);
if($cat_arr[0] == $catid){

$msg .= "<form action=$PHP_SELF?mod=categories method=post>
<table border=\"0\" width=\"421\" >
<tr>
<td width=\"64\" >Name</td>
<td width=\"341\" ><input value=\"$cat_arr[1]\" type=text name=cat_name></td>
</tr>
<tr>
<td width=\"64\" >Icon</td>
<td width=\"341\" ><input value=\"$cat_arr[2]\" type=text name=cat_icon></td>
</tr>
<tr>
<td width=\"64\" >Access Level</td>
<td width=\"341\">
<input type=text name=cat_level value=\"$cat_arr[3]\" />
</tr>
<tr>
<td width=\"64\" ></td>
<td width=\"341\" ><input type=submit value=\"Save Changes\"</td>
</tr>
</table>
<input type=hidden name=action value=doedit>
<input type=hidden name=catid value=$catid>
</form>
";

msg("options", "Edit Category", $msg);

}
}
}
// ********************************************************************************
// DO Edit Category
// ********************************************************************************
elseif($action == "doedit")
{
$cat_name = htmlspecialchars(stripslashes($cat_name));
if(!$catid){ msg("error","Error !!!","No category ID", "$PHP_SELF?mod=categories"); }
if($cat_name == ""){ msg("error", "Error !!!", "Category name can not be blank", "java script:history.go(-1)"); }

$old_cats = file("./data/category.db.php");
$new_cats = fopen("./data/category.db.php", "w");
foreach($old_cats as $cat_line){
$cat_arr = explode("|", $cat_line);
if($cat_arr[0] == $catid){
fwrite($new_cats, "$catid|$cat_name|$cat_icon|$cat_level||\n");
}else{
fwrite($new_cats, "$cat_line");
}
}
fclose($new_cats);
}
// ********************************************************************************
// List all Categories
// ********************************************************************************
echoheader("options", "Categories");
echo<<<HTML

<table border=0 cellpading=0 cellspacing=0 width="645" >
<form method=post action="$PHP_SELF">
<td width=321 height="33">
Add Category
<table border=0 cellpading=0 cellspacing=0 width=300 class="panel" >
<tr>
<td width=98 height="25">
 Name
<td width=206 height="25">
<input type=text name=cat_name>
</tr>
<tr>
<td width=98 height="22">
 Icon URL
<td width=206 height="22">
<input onFocus="this.select()" value="(optional)" type=text name=cat_icon>
</tr>
<tr>
<td width=98 height="22">
 Access Level
<td width=206 height="22">
<input type=text name=cat_level>
</td>
</tr>
<tr>
<td width=98 height="32">
 
<td width=206 height="32">
<input type=submit value=" Add Category ">
<input type=hidden name=mod value=categories>
<input type=hidden name=action value=add>
</tr>
</form>
</table>


<td width=320 height="33" align="center">
<!-- HELP -->
<table height="25" cellspacing="0" cellpadding="0">
<tr>
<td width="25" align=middle><img border="0" src="skins/images/help_small.gif"></td>
<td > <a onClick="java script:Help('categories')" href="#">What are categories and

 How to use them</a></td>
</tr>
</table>

<!-- END HELP -->

<tr>
<td width=654 colspan="2" height="11">
<img height=20 border=0 src="skins/images/blank.gif" width=1>
</tr>
HTML;


$all_cats = file("./data/category.db.php");
$count_categories = 0;
foreach($all_cats as $cat_line)
{
if($i%2 != 0){ $bg_NOT_IN_USE = "bgcolor=#F7F6F4"; }else{ $bg = ""; }
$i++;
$cat_arr = explode("|", $cat_line);
$cat_arr[1] = stripslashes( preg_replace(array("'\"'", "'\''"), array(""", "'"), $cat_arr[1]) );
$cat_help_names[] = $cat_arr[1];
$cat_help_ids[] = $cat_arr[0];
$result .= "

<tr>
<td $bg > $cat_arr[0]</td>
<td $bg >$cat_arr[1]</td>
<td $bg >";
if($cat_arr[2] != ""){ $result .= "<img border=0 src=\"$cat_arr[2]\" high=40 width=40 alt=\"$cat_arr[2]\">"; }
else{ $result .= "---"; }
$result .= "</td>
<td $bg >$cat_arr[3]</td>
<td $bg >[url=][edit][/url] [url=][delete][/url]</td>
</tr>";
$count_categories ++;
}

if($count_categories == 0){
echo"<tr>
<td width=654 colspan=2 height=14>
<p align=center>
You havn't defined any categories yet

categories are optional and you can write your news without having categories

</tr>
<tr>";
}else{
echo"<tr>
<td width=654 colspan=2 height=14>
Categories
</tr>
<tr>
<td width=654 colspan=2 height=1>
<table width=100% height=100% cellspacing=0 cellpadding=0>
<tr>
<td width=5% bgcolor=#F7F6F4> ID</td>
<td width=35% bgcolor=#F7F6F4>name</td>
<td width=20% bgcolor=#F7F6F4>icon</td>
<td width=20% bgcolor=#F7F6F4>access level</td>
<td width=20% bgcolor=#F7F6F4>action</td>
</tr>";

echo $result;

echo"</table>";
}

echo"
</table>";
echofooter();
?></div>

Now the reason we did that was because Stealtheye changed alot of things in this file for this hack and just replacing the whole thing is way easier than trying to replace each item.

Besides, It's not like you're gonna lose any edited info by doing that.. as far as I know, no other hacks change anything in that file anyway...
Anyway, that's all there is to step 1... easy right?

<!--coloro:purple--><span style="color:purple"><!--/coloro-->step 2) A soft start[/color]

now open addnews.mdu and find this line: (unless you've made some sort of alterations before, it should be lines 48 - 53 in cutenews 1.3.6) 

         foreach($cat_lines as $single_line){
   $cat_arr = explode("|", $single_line);
               $if_is_selected = "";
               if($cat_arr[0] == 1){ $if_is_selected = " selected "; }
               if($category == $cat_arr[0]){ $if_is_selected = " selected "; }
               echo"<option $if_is_selected value=\"$cat_arr[0]\">$cat_arr[1]</option>\n";
     }

and replace it with 

         foreach($cat_lines as $single_line){
   $cat_arr = explode("|", $single_line);
               if($member_db[1] <= $cat_arr[3]){
               $if_is_selected = "";
               if($cat_arr[0] == 1){ $if_is_selected = " selected "; }
               if($category == $cat_arr[0]){ $if_is_selected = " selected "; }
               echo"<option $if_is_selected value=\"$cat_arr[0]\">$cat_arr[1]</option>\n";
               }
     }

no big whoop right? so far, so easy!

<!--coloro:purple--><span style="color:purple"><!--/coloro-->step 3) The Good Part![/color]

We move on to editnews.mdu, the third and last instalment of our trilogy.

I "made" this part myself (rather than just fixing it like I did the stuff in step 2) and you should keep in mind that I'm not really a good programmer.. I just sort of figured out what StealthEye had done and copied his way of doing it..

editnews.mdu is a bit more tricky than addnews.mdu because you have to replace a snippet not once, not twice, not even thrice but four times..
this is so your untrusted journalist scumbags wont just go to the edit room and simply use the edit button to move their posts from one category to another.

journalists are such louts!

step 3.1:
replace in lines 12 - 15 

    foreach($cat_lines as $single_line){
                $cat_arr = explode("|", $single_line);
        $cat[$cat_arr[0]] = $cat_arr[1];
    }


with 

    foreach($cat_lines as $single_line){
                $cat_arr = explode("|", $single_line);
        if($member_db[1] <= $cat_arr[3]){
        $cat[$cat_arr[0]] = $cat_arr[1];
    }
   }

step 3.2:
<!--coloro:red--><span style="color:red"><!--/coloro-->I'm not sure this step is needed, but it doesn't seem to do any damage, so I did it just to be safe. this is the exact same change as what was done in addnews.mdu.[/color]
replace in lines 178 - 183  (all lines based on where it was before any of the above changes were made) 

        foreach($cat_lines as $single_line){
                $cat_arr = explode("|", $single_line);
                $ifselected = "";
                if($category == $cat_arr[0]){ $ifselected = "selected"; }
        echo"<option $ifselected value=\"$cat_arr[0]\">$cat_arr[1]</option>\n";
           }


with 

        foreach($cat_lines as $single_line){
                $cat_arr = explode("|", $single_line);
        if($member_db[1] <= $cat_arr[3]){
                $ifselected = "";
                if($category == $cat_arr[0]){ $ifselected = "selected"; }
        echo"<option $ifselected value=\"$cat_arr[0]\">$cat_arr[1]</option>\n";
           }
        }


step 3.3:
replace in lines 435 - 441  (all lines based on where it was before any of the above changes were made) 

        foreach($cat_lines as $single_line){
                $cat_arr = explode("|", $single_line);
        if($item_db[6] == $cat_arr[0]){
                        echo"<option selected=\"selected\" value=\"$cat_arr[0]\">$cat_arr[1]</option>\n";
            $selected = TRUE;
                }else{ echo"<option value=\"$cat_arr[0]\">$cat_arr[1]</option>\n"; }
        }


with 

        foreach($cat_lines as $single_line){
                $cat_arr = explode("|", $single_line);
        if($member_db[1] <= $cat_arr[3]){
        if($item_db[6] == $cat_arr[0]){
                        echo"<option selected=\"selected\" value=\"$cat_arr[0]\">$cat_arr[1]</option>\n";
            $selected = TRUE;
                }else{ echo"<option value=\"$cat_arr[0]\">$cat_arr[1]</option>\n"; }
        }
      }

step 3.4:
replace in lines 334 - 336  (all lines based on where it was before any of the above changes were made) 

echo<<<HTML
<option title="move all selected news to one category" value="mass_move_to_cat">Change Category</option>
</select>


with 

if($member_db[1] == 1){ echo"<option title=\"move all selected news to one category\" value=\"mass_move_to_cat\">Change Category</option>"; }
echo<<<HTML
</select>

You're done!

and if you're as lucky as I am, it actually works too (well whaddayaknow?)

// Yeah!Mac

how to use the Hack once it's installed
You use it by Putting the number of the level that should be able to access the category in the access level field.

eg.
admin = 1
editor = 2
journalist = 3
whatever it is that low low level poster is called that can only reply to posts = 4

(to change the access level on a category, simply go to the "edit categories" screen and click "edit" next to your category.)

ofcourse an editor can always post on a category on journalist level and an admin can always post on all levels. You get the idea.