[ros-diffs] [dgoette] 37569: * moved login.php -> Login::required() * use new class ThisUser to reference the logged in user * use new class to get rid of more global vars * fix minor bugs

dgoette at svn.reactos.org dgoette at svn.reactos.org
Sun Nov 23 00:51:18 CET 2008 

Author: dgoette
Date: Sat Nov 22 17:51:18 2008
New Revision: 37569

URL: http://svn.reactos.org/svn/reactos?rev=37569&view=rev
Log:
* moved login.php -> Login::required()
* use new class ThisUser to reference the logged in user
* use new class to get rid of more global vars
* fix minor bugs

Added:
    branches/danny-web/reactos.org/htdocs/roscms/lib/ThisUser.class.php
Modified:
    branches/danny-web/reactos.org/htdocs/roscms/index.php
    branches/danny-web/reactos.org/htdocs/roscms/js/cms_website.js.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/CMSWebsiteFilter.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/CMSWebsiteSaveEntry.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/Data.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/Date.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/Editor.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/Editor_Website.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/Export.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/Export_HTML.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/Export_Maintain.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/Export_QuickInfo.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/Export_User.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/Export_XML.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Maintain.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_User.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Website.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Welcome.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Profile.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_ProfileEdit.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/Log.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/Login.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/ROSUser.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/Security.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/Tag.class.php

Modified: branches/danny-web/reactos.org/htdocs/roscms/index.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/roscms/index.php?rev=37569&r1=37568&r2=37569&view=diff
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/index.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/index.php [iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -46,10 +46,6 @@
 	// Global Vars:
 	$rpm_page="";
 	$rpm_lang="";
-		
-	
-	// this vars will be removed soon
-	$roscms_intern_login_check_username="";
 
 	if (array_key_exists("page", $_GET)) $rpm_page=htmlspecialchars($_GET["page"]);
 	if (array_key_exists("lang", $_GET)) $rpm_lang=htmlspecialchars($_GET["lang"]);
@@ -112,7 +108,7 @@
   $text = str_replace('  ','',$text);
   $text = str_replace("\t",'',$text);
   $text = str_replace("\n",'',$text);
-  echo str_replace("\n",'',$text);
+  echo   str_replace("\r",'',$text);
 }
 
 

Modified: branches/danny-web/reactos.org/htdocs/roscms/js/cms_website.js.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/roscms/js/cms_website.js.php?rev=37569&r1=37568&r2=37569&view=diff
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/js/cms_website.js.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/js/cms_website.js.php [iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -20,8 +20,7 @@
 
   define('ROSCMS_PATH', '../');
   require('../lib/RosCMS_Autoloader.class.php');
-  require('../login.php');
-  global $roscms_intern_account_id;
+  Login::required();
 ?>
 										function filtpopulatehelper(objidval, objidval2, filterid) {
 											var filtentryselstr = '';
@@ -72,7 +71,7 @@
 														filtentryselstrs1 = '<select id="sfb'+filterid+'"><option value="is">is</option><option value="no">is not</option></select>';
 														filtentryselstrs2 = '<select id="sfc'+filterid+'"><?php
 
-  $user_lang = ROSUser::getLanguage($roscms_intern_account_id, true);
+  $user_lang = ROSUser::getLanguage(ThisUser::getInstance()->id(), true);
 
   $stmt=DBConnection::getInstance()->prepare("SELECT lang_id, lang_name FROM languages WHERE lang_level > '0' ORDER BY lang_name ASC");
   $stmt->execute();

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/CMSWebsiteFilter.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/roscms/lib/CMSWebsiteFilter.class.php?rev=37569&r1=37568&r2=37569&view=diff
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/CMSWebsiteFilter.class.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/CMSWebsiteFilter.class.php [iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -30,9 +30,8 @@
 
   public function __construct(  )
   {
-    require('login.php');
-  
-  
+    Login::required();
+
     $this->manage();
   } // end of member function __construct
 
@@ -49,7 +48,7 @@
    */
   private function manage( )
   {
-    global $roscms_intern_account_id;
+    $thisuser = &ThisUser::getInstance();
 
     // they need some standard values
     $action = (isset($_GET['d_val']) ? $_GET['d_val'] : '');
@@ -66,7 +65,7 @@
 
       // check if filter already exists
       $stmt=DBConnection::getInstance()->prepare("SELECT 1 FROM data_user_filter WHERE filt_usrid = :user_id AND filt_title = :title AND filt_type = :type LIMIT 1");
-      $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+      $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
       $stmt->bindParam('title',$filter_title,PDO::PARAM_STR); 
       $stmt->bindParam('type',$this->type_num,PDO::PARAM_INT);
       $stmt->execute();
@@ -74,7 +73,7 @@
 
         // insert new filter
         $stmt=DBConnection::getInstance()->prepare("INSERT INTO data_user_filter ( filt_id , filt_usrid , filt_title , filt_type , filt_string , filt_datetime , filt_usage , filt_usagedate ) VALUES ( NULL, :user_id, :title, :type, :string, NOW(), 1, NOW() )");
-        $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+        $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
         $stmt->bindParam('title',$filter_title,PDO::PARAM_STR); 
         $stmt->bindParam('type',$this->type_num,PDO::PARAM_INT);
         $stmt->bindParam('string',$filter_string,PDO::PARAM_STR);
@@ -85,13 +84,13 @@
       // delete a label
       $stmt=DBConnection::getInstance()->prepare("DELETE FROM data_user_filter WHERE filt_id = :filter_id AND filt_usrid = :user_id LIMIT 1");
       $stmt->bindParam('filter_id',$filter_title,PDO::PARAM_INT);
-      $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+      $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
       $stmt->execute();
     }
 
     // echo current list of filters
     $stmt=DBConnection::getInstance()->prepare("SELECT filt_id, filt_title, filt_string FROM data_user_filter WHERE filt_usrid = :user_id AND filt_type = :type ORDER BY filt_title ASC");
-    $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+    $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
     $stmt->bindParam('type',$this->type_num,PDO::PARAM_INT);
     $stmt->execute();
     while ($filter = $stmt->fetch(PDO::FETCH_ASSOC)) {

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/CMSWebsiteSaveEntry.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/roscms/lib/CMSWebsiteSaveEntry.class.php?rev=37569&r1=37568&r2=37569&view=diff
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/CMSWebsiteSaveEntry.class.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/CMSWebsiteSaveEntry.class.php [iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -28,8 +28,8 @@
 
   public function __construct()
   {
-    require('login.php');
-  
+    Login::required();
+
     if (!isset($_GET['d_id']) || !isset($_GET['d_r_lang'])){
       echo 'Missing params';
       return;
@@ -51,7 +51,7 @@
    */
   private function save( $tag_value = 'no' )
   {
-    global $roscms_intern_account_id;
+    $thisuser = &ThisUser::getInstance();
 
     $type = (isset($_GET['d_val3']) ? $_GET['d_val3'] : '');
     $tag_value = (isset($_GET['d_val4']) ? $_GET['d_val4'] : 'no');
@@ -68,7 +68,7 @@
         $stmt=DBConnection::getInstance()->prepare("SELECT rev_id FROM data_revision WHERE data_id = :data_id AND rev_usrid = :user_id AND rev_date = :date AND rev_language = :lang ORDER BY rev_id DESC LIMIT 1");
       }
       $stmt->bindParam('data_id',$_GET['d_id'],PDO::PARAM_INT);
-      $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+      $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
       $stmt->bindValue('date',date("Y-m-d"),PDO::PARAM_STR);
       $stmt->bindParam('lang',$_GET['d_r_lang'],PDO::PARAM_STR);
       $stmt->execute();
@@ -87,14 +87,14 @@
       $stmt=DBConnection::getInstance()->prepare("INSERT INTO data_revision ( rev_id , data_id , rev_version , rev_language , rev_usrid , rev_datetime , rev_date , rev_time ) VALUES ( NULL, :data_id, 0, :lang, :user_id, NOW(), CURDATE(), CURTIME() )");
       $stmt->bindParam('data_id',$_GET['d_id'],PDO::PARAM_INT);
       $stmt->bindParam('lang',$_GET['d_r_lang'],PDO::PARAM_STR);
-      $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+      $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
       $stmt->execute();
 
       // get inserted rev_id
       $stmt=DBConnection::getInstance()->prepare("SELECT rev_id FROM data_revision WHERE data_id = :data_id AND rev_version = 0 AND rev_language = :lang AND rev_usrid = :user_id ORDER BY rev_datetime DESC;");
       $stmt->bindParam('data_id',$_GET['d_id'],PDO::PARAM_INT);
       $stmt->bindParam('lang',$_GET['d_r_lang'],PDO::PARAM_STR);
-      $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+      $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
       $stmt->execute();
       $rev_id = $stmt->fetchColumn();
 

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Data.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/roscms/lib/Data.class.php?rev=37569&r1=37568&r2=37569&view=diff
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Data.class.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Data.class.php [iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -239,9 +239,8 @@
    */
   public static function deleteFile( $rev_id )
   {
-    global $roscms_security_level;
     // only for admins
-    if ($roscms_security_level < 3) {
+    if (ThisUser::getInstance()->securityLevel() < 3) {
       return;
     }
 
@@ -594,7 +593,7 @@
    */
   public static function add($data_type = null, $lang = null, $show_output = false, $dynamic_content = false, $entry_status = 'draft', $layout_template = '')
   {
-    global $roscms_intern_account_id;
+    $thisuser = &ThisUser::getInstance();
 
     $data_name = @htmlspecialchars($_GET['d_name']);
 
@@ -628,13 +627,13 @@
       $stmt=DBConnection::getInstance()->prepare("INSERT INTO data_revision ( rev_id , data_id , rev_version , rev_language , rev_usrid , rev_datetime , rev_date , rev_time ) VALUES ( NULL, :data_id, 0, :lang, :user_id, NOW(), CURDATE(), CURTIME() )");
       $stmt->bindParam('data_id',$data_id,PDO::PARAM_INT);
       $stmt->bindParam('lang',$lang,PDO::PARAM_STR);
-      $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+      $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
       $stmt->execute();
       
       $stmt=DBConnection::getInstance()->prepare("SELECT rev_id FROM data_revision WHERE data_id = :data_id AND rev_version = '0' AND rev_language = :lang AND rev_usrid = :user_id ORDER BY rev_datetime DESC");
       $stmt->bindParam('data_id',$data_id,PDO::PARAM_INT);
       $stmt->bindParam('lang',$lang,PDO::PARAM_STR);
-      $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+      $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
       $stmt->execute();
       $rev_id = $stmt->fetchColumn();
 
@@ -695,7 +694,7 @@
         Tag::add($data_id, $rev_id, 'number', $dynamic_number, -1);
         Tag::add($data_id, $rev_id, 'number_sort', str_pad($dynamic_number, 5, '0', STR_PAD_LEFT), -1); // padding with '0'
         Tag::add($data_id, $rev_id, 'pub_date', date('Y-m-d'), -1);
-        Tag::add($data_id, $rev_id, 'pub_user', $roscms_intern_account_id, -1);
+        Tag::add($data_id, $rev_id, 'pub_user', $thisuser->id(), -1);
       }
 
       if ($data_type == 'page') {
@@ -716,8 +715,8 @@
    */
   public static function evalAction( $id_list, $action, $lang = null, $label_name = null )
   {
-    global $roscms_intern_account_id;
-    global $roscms_security_level;
+    $thisuser = &ThisUser::getInstance();
+
     global $roscms_standard_language;
 
     $id_list = preg_replace('/(^|-)[0-9]+\_([0-9]+)/','$2|',$id_list);
@@ -740,7 +739,7 @@
     
       // get user language
       $stmt_lang=DBConnection::getInstance()->prepare("SELECT user_language FROM users WHERE user_id = :user_id LIMIT 1");
-      $stmt_lang->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+      $stmt_lang->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
       $stmt_lang->execute();
       $user_lang = $stmt_lang->fetchColumn();
 
@@ -762,7 +761,7 @@
 
           // mark as stable
           case 'ms':
-            if ($roscms_security_level > 1 && ROSUser::isMemberOfGroup('transmaint')) {
+            if ($thisuser->securityLevel() > 1 && $thisuser->isMemberOfGroup('transmaint')) {
 
               // check for user language
               if ($user_lang == '') {
@@ -779,7 +778,7 @@
             // renew tag
             $tag_id = Tag::getIdByUser($revision['data_id'], $revision['rev_id'], 'status', -1);
             if ($tag_id > 0) {
-              Tag::deleteById($tag_id, $roscms_intern_account_id);
+              Tag::deleteById($tag_id, $thisuser->id());
             }
             Tag::add($revision['data_id'], $revision['rev_id'], 'status', 'stable', -1);
 
@@ -855,7 +854,7 @@
 
           // mark as new
           case 'mn':
-            if ($roscms_security_level > 1 && ROSUser::isMemberOfGroup('transmaint')) {
+            if ($thisuser->securityLevel() > 1 && $thisuser->isMemberOfGroup('transmaint')) {
 
               // check for user language
               if ($user_lang == '') {
@@ -870,7 +869,7 @@
             //
             $tag_id = Tag::getIdByUser($revision['data_id'], $revision['rev_id'], 'status', -1);
             if ($tag_id > 0) {
-              Tag::deleteById($tag_id, $roscms_intern_account_id);
+              Tag::deleteById($tag_id, $thisuser->id());
             }
             Tag::add($revision['data_id'], $revision['rev_id'], 'status', 'new', -1);
 
@@ -881,32 +880,32 @@
 
           // add star
           case 'as':
-            $tag_id = Tag::getIdByUser($revision['data_id'], $revision['rev_id'], 'star', $roscms_intern_account_id);
+            $tag_id = Tag::getIdByUser($revision['data_id'], $revision['rev_id'], 'star', $thisuser->id());
             if ($tag_id > 0) {
-              Tag::deleteById($t_tagid, $roscms_intern_account_id);
+              Tag::deleteById($t_tagid, $thisuser->id());
             }
-            Tag::add($revision['data_id'], $revision['rev_id'], 'star', 'on', $roscms_intern_account_id);
+            Tag::add($revision['data_id'], $revision['rev_id'], 'star', 'on', $thisuser->id());
             break;
 
           // delete star
           case 'xs':
-            $tag_id = Tag::getIdByUser($revision['data_id'], $revision['rev_id'], 'star', $roscms_intern_account_id);
+            $tag_id = Tag::getIdByUser($revision['data_id'], $revision['rev_id'], 'star', $thisuser->id());
             if ($tag_id > 0) {
-              Tag::deleteById($tag_id, $roscms_intern_account_id);
+              Tag::deleteById($tag_id, $thisuser->id());
             }
             break;
 
           // add label
           case 'tg':
-            Tag::add($revision['data_id'], $revision['rev_id'], 'tag', $label_name, $roscms_intern_account_id);
+            Tag::add($revision['data_id'], $revision['rev_id'], 'tag', $label_name, $thisuser->id());
             break;
 
           // delete entry
           case 'xe':
-            if ($roscms_security_level > 1 || $revision['rev_usrid'] == $roscms_intern_account_id) {
+            if ($thisuser->securityLevel() > 1 || $revision['rev_usrid'] == $thisuser->id()) {
 
               // copy to Archive if no admin
-              if ($roscms_security_level < 3) {
+              if ($thisuser->securityLevel() < 3) {
                 Data::copy($revision['data_id'], $revision['rev_id'], 0, $lang);
               }
               Data::deleteFile($revision['rev_id']);
@@ -941,8 +940,6 @@
    */
   public static function copy( $data_id, $rev_id, $archive_mode, $lang = '' )
   {
-    global $roscms_intern_account_id;
-
     // set archive mode dependent vars
     if ($archive_mode == 0) {
       // copy to archive
@@ -1006,7 +1003,7 @@
     if ($archive_mode === false) {
       $revision = array(
         'rev_version' => '0',
-        'rev_usrid' => $roscms_intern_account_id,
+        'rev_usrid' => ThisUser::getInstance()->id(),
         'rev_language' => $lang,
         'rev_datetime' => date('Y-m-d H:i:s'),
         'rev_date' => date('Y-m-d'),

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Date.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/roscms/lib/Date.class.php?rev=37569&r1=37568&r2=37569&view=diff
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Date.class.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Date.class.php [iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -43,10 +43,9 @@
     global $rdf_user_timezone;
     global $rdf_user_timezone_name;
     global $rdf_server_timezone;
-    global $roscms_intern_account_id;
 
     // calculate only for registered users
-    if ($roscms_intern_account_id > 1) {
+    if (ThisUser::getInstance()->id() > 0) {
       $basedate = strtotime($date);
       $date_new = strtotime(($rdf_user_timezone+$rdf_server_timezone).' hours', $basedate);
       return date($format, $date_new).' '.$rdf_user_timezone_name;

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Editor.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/roscms/lib/Editor.class.php?rev=37569&r1=37568&r2=37569&view=diff
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Editor.class.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Editor.class.php [iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -36,7 +36,7 @@
    */
   public function __construct( $data_id, $rev_id, $action = null )
   {
-    require('login.php');
+    Login::required();
     $this->preventCaching();
     if (!empty($data_id) && !empty($rev_id)) {
       $this->data_id = $data_id;

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Editor_Website.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/roscms/lib/Editor_Website.class.php?rev=37569&r1=37568&r2=37569&view=diff
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Editor_Website.class.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Editor_Website.class.php [iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -47,7 +47,8 @@
    */
   protected function evalAction( $action )
   {
-    global $roscms_security_level;
+    $thisuser = &ThisUser::getInstance();
+
     global $roscms_standard_language;
     global $RosCMS_GET_d_value, $RosCMS_GET_d_value2, $RosCMS_GET_d_value3, $RosCMS_GET_d_value4;
     global $RosCMS_GET_d_id, $RosCMS_GET_d_r_id;
@@ -59,7 +60,7 @@
       case 'newentry':
 
         // add a new entry only with higher security level
-        if ($roscms_security_level > 1) {
+        if ($thisuser->securityLevel() > 1) {
           switch ($RosCMS_GET_d_value) {
             case 'dynamic':
               $this->showAddEntry(self::DYNAMIC);
@@ -146,7 +147,7 @@
       case 'deltag':
       
         // only delete, if user has a higher level than translator, or it's requested by the user itself
-        if ($roscms_security_level > 1 || $RosCMS_GET_d_value2 == $roscms_intern_account_id) {
+        if ($thisuser->securityLevel() > 1 || $RosCMS_GET_d_value2 == $thisuser->id()) {
           Tag::deleteById($RosCMS_GET_d_value, $RosCMS_GET_d_value2);
         }
 
@@ -158,7 +159,7 @@
       case 'changetag':
         Tag::deleteById($RosCMS_GET_d_value4, $RosCMS_GET_d_value3);
         Tag::add($RosCMS_GET_d_id, $RosCMS_GET_d_r_id, $RosCMS_GET_d_value, $RosCMS_GET_d_value2, $RosCMS_GET_d_value3);
-        echo Tag::getIdByUser($RosCMS_GET_d_id, $RosCMS_GET_d_r_id, $RosCMS_GET_d_value, $roscms_intern_account_id);
+        echo Tag::getIdByUser($RosCMS_GET_d_id, $RosCMS_GET_d_r_id, $RosCMS_GET_d_value, $thisuser->id());
         break;
 
       // update tag by name/user
@@ -200,7 +201,6 @@
   protected function performDefaultAction()
   {
     global $RosCMS_GET_d_r_lang;
-    global $roscms_intern_account_id;
 
     // normal (contains NO "tr")
     if (!isset($_GET['d_r_id']) || strpos($_GET['d_r_id'], 'tr') === false) {
@@ -221,7 +221,7 @@
         if (Data::copy($revision['data_id'], $revision['rev_id'], 1 /* copy mode */, $RosCMS_GET_d_r_lang)) {
           $stmt=DBConnection::getInstance()->prepare("SELECT data_id, rev_id, rev_language FROM data_revision WHERE data_id = :data_id AND rev_usrid = :user_id AND rev_version = 0 AND rev_language = :lang AND rev_date = :date ORDER BY rev_id DESC LIMIT 1");
           $stmt->bindParam('data_id',$revision['data_id'],PDO::PARAM_STR);
-          $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+          $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
           $stmt->bindParam('lang',$_GET['d_r_lang'],PDO::PARAM_STR);
           $stmt->bindParam('date',date('Y-m-d'),PDO::PARAM_STR);
           $stmt->execute();
@@ -265,7 +265,6 @@
   {
     global $roscms_standard_language;
     global $roscms_standard_language_full;
-    global $roscms_security_level;
     global $h_a,$h_a2;
 
     echo_strip('
@@ -543,9 +542,10 @@
    */
   protected function showEntryData( )
   {
-    global $roscms_intern_account_id;
     global $h_a;
     global $h_a2;
+
+    $thisuser = &ThisUser::getInstance();
 
     // get Database Entry
     $stmt=DBConnection::getInstance()->prepare("SELECT d.data_id, d.data_name, d.data_type, r.rev_id, r.rev_version, r.rev_language, r.rev_datetime, u.user_name FROM data_".$h_a2." d JOIN data_revision".$h_a." r ON  r.data_id = d.data_id JOIN users u ON r.rev_usrid = u.user_id WHERE r.rev_id = :rev_id LIMIT 1");
@@ -556,8 +556,8 @@
     echo_strip('
       <div style="padding-bottom: 3px;">
         <span class="frmeditheader">
-          <span onclick="'."bchangestar(".$revision['data_id'].",".$revision['rev_id'].",'star','addtagn', ".$roscms_intern_account_id.", 'editstar')".'" style="cursor: pointer;">
-           <img id="editstar" class="'.Tag::getIdByUser($revision['data_id'], $revision['rev_id'], 'star', $roscms_intern_account_id).'" src="images/star_'.Tag::getValueByUser($revision['data_id'], $revision['rev_id'], 'star', $roscms_intern_account_id).'_small.gif" alt="" style="width:13px; height:13px; border:0px;" />
+          <span onclick="'."bchangestar(".$revision['data_id'].",".$revision['rev_id'].",'star','addtagn', ".$thisuser->id().", 'editstar')".'" style="cursor: pointer;">
+           <img id="editstar" class="'.Tag::getIdByUser($revision['data_id'], $revision['rev_id'], 'star', $thisuser->id()).'" src="images/star_'.Tag::getValueByUser($revision['data_id'], $revision['rev_id'], 'star', $thisuser->id()).'_small.gif" alt="" style="width:13px; height:13px; border:0px;" />
           </span>
           &nbsp;');
     echo $revision['data_name'];
@@ -600,11 +600,10 @@
 
   protected function showEntryDetails( $mode = self::METADATA)
   {
-    global $roscms_intern_account_id;
-    global $roscms_security_level;
-
     global $h_a;
     global $h_a2;
+
+    $thisuser = &ThisUser::getInstance();
 
     echo_strip('
       <div class="detailbody">
@@ -615,7 +614,7 @@
       echo '<strong>Metadata</strong>';
     }
     else {
-      echo '<span class="detailmenu" onclick="'."bshowtag(".$this->data_id.",".$this->rev_id.",'a','b', '".$roscms_intern_account_id."')".'">Metadata</span>';
+      echo '<span class="detailmenu" onclick="'."bshowtag(".$this->data_id.",".$this->rev_id.",'a','b', '".$thisuser->id()."')".'">Metadata</span>';
     }
     echo "&nbsp;|&nbsp;";
 
@@ -624,7 +623,7 @@
       echo '<strong>History</strong>';
     }
     else {
-      echo '<span class="detailmenu" onclick="'."bshowhistory(".$this->data_id.",".$this->rev_id.",'a','b', '".$roscms_intern_account_id."')".'">History</span>';
+      echo '<span class="detailmenu" onclick="'."bshowhistory(".$this->data_id.",".$this->rev_id.",'a','b', '".$thisuser->id()."')".'">History</span>';
     }
 
     // allowed only for someone with "add" rights
@@ -636,7 +635,7 @@
         echo '<strong>Fields</strong>';
       }
       else {
-        echo '<span class="detailmenu" onclick="'."balterfields(".$this->data_id.",".$this->rev_id.", '".$roscms_intern_account_id."')".'">Fields</span>';
+        echo '<span class="detailmenu" onclick="'."balterfields(".$this->data_id.",".$this->rev_id.", '".$thisuser->id()."')".'">Fields</span>';
       }
       echo "&nbsp;|&nbsp;";
 
@@ -644,19 +643,19 @@
         echo '<strong>Entry</strong>';
       }
       else {
-        echo '<span class="detailmenu" onclick="'."bshowentry(".$this->data_id.",".$this->rev_id.", '".$roscms_intern_account_id."')".'">Entry</span>';
+        echo '<span class="detailmenu" onclick="'."bshowentry(".$this->data_id.",".$this->rev_id.", '".$thisuser->id()."')".'">Entry</span>';
       }
     }
 
     // allowed only for related super administrators
-    if (ROSUser::isMemberOfGroup("ros_sadmin") || (Security::hasRight($this->data_id, 'add') && ROSUser::isMemberOfGroup('ros_admin'))) { 
+    if ($thisuser->isMemberOfGroup('ros_sadmin') || (Security::hasRight($this->data_id, 'add') && $thisuser->isMemberOfGroup('ros_admin'))) { 
       echo "&nbsp;|&nbsp;";
 
       if ($mode == self::SECURITY) {
         echo '<strong>Security</strong>';
       }
       else {
-        echo '<span class="detailmenu" onclick="'."bshowsecurity(".$this->data_id.",".$this->rev_id.", '".$roscms_intern_account_id."')".'">Security</span>';
+        echo '<span class="detailmenu" onclick="'."bshowsecurity(".$this->data_id.",".$this->rev_id.", '".$thisuser->id()."')".'">Security</span>';
       }
     }
     echo_strip('
@@ -692,14 +691,14 @@
    */
   private function showEntryDetailsMetadata( )
   {
-    global $roscms_security_level;
-    global $roscms_intern_account_id;
     global $h_a,$h_a2;
+
+    $thisuser = &ThisUser::getInstance();
 
     // helper vars
     $last_user = null; // used in first while, to recognize the last type
 
-    if ($roscms_security_level > 1) {
+    if ($thisuser->securityLevel() > 1) {
       $stmt=DBConnection::getInstance()->prepare("SELECT a.tag_id, a.tag_usrid, n.tn_name, v.tv_value FROM data_".$h_a2." d, data_revision".$h_a." r, data_tag".$h_a." a, data_tag_name".$h_a." n, data_tag_value".$h_a." v WHERE (a.data_id = 0 OR (a.data_id = :data_id AND a.data_id = d.data_id) ) AND (a.data_rev_id = 0 OR (a.data_rev_id = :rev_id AND a.data_rev_id = r.rev_id) ) AND a.tag_usrid IN(-1, 0,:user_id) AND a.tag_name_id = n.tn_id AND a.tag_value_id  = v.tv_id ORDER BY tag_usrid ASC, tn_name ASC");
     }
     else {
@@ -707,7 +706,7 @@
     }
     $stmt->bindParam('data_id',$this->data_id,PDO::PARAM_INT);
     $stmt->bindParam('rev_id',$this->rev_id,PDO::PARAM_INT);
-    $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+    $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
     $stmt->execute();
     while($tag = $stmt->fetch()) {
       if ($tag['tag_usrid'] != $last_user) {
@@ -724,7 +723,7 @@
             echo 'Labels';
             break;
           default:
-            if ($tag['tag_usrid'] == $roscms_intern_account_id) {
+            if ($tag['tag_usrid'] == $thisuser->id()) {
               echo 'Private Labels';
             }
         } // end switch
@@ -738,9 +737,9 @@
         // allow to delete label if SecLev > 1
         // allow to delete sys metadata if user has the rights
         // allow someone to delete his metadata he set and the user-id > 0
-      if (($roscms_security_level > 1 && $tag['tag_usrid'] == 0) || (Security::hasRight($this->data_id, 'add') && $tag['tag_usrid'] == -1) || ($tag['tag_usrid'] == $roscms_intern_account_id && $tag['tag_usrid'] > 0)) {
+      if (($thisuser->securityLevel() > 1 && $tag['tag_usrid'] == 0) || (Security::hasRight($this->data_id, 'add') && $tag['tag_usrid'] == -1) || ($tag['tag_usrid'] == $thisuser->id() && $tag['tag_usrid'] > 0)) {
         echo_strip('&nbsp;&nbsp;
-          <span class="frmeditbutton" onclick="'."bdeltag(".$this->data_id.",".$this->rev_id.",'".$tag['tag_id']."', '".$roscms_intern_account_id."')".'">
+          <span class="frmeditbutton" onclick="'."bdeltag(".$this->data_id.",".$this->rev_id.",'".$tag['tag_id']."', '".$thisuser->id()."')".'">
             <img src="images/remove.gif" alt="" style="width:11px; height:11px; border:0px;" />
             &nbsp;Delete
           </span>');
@@ -756,10 +755,10 @@
       <div class="frmeditheadline">Add Private Label</div>
       <label for="addtagn"><b>Tag:</b></label>&nbsp;
       <input type="text" id="addtagn" size="15" maxlength="100" value="" />&nbsp;
-      <button type="button" onclick="'."baddtag(".$this->data_id.",".$this->rev_id.",'tag','addtagn', '".$roscms_intern_account_id."')".'">Add</button>
+      <button type="button" onclick="'."baddtag(".$this->data_id.",".$this->rev_id.",'tag','addtagn', '".$thisuser->id()."')".'">Add</button>
       <br />');
 
-    if ($roscms_security_level > 1) {
+    if ($thisuser->securityLevel() > 1) {
       echo_strip('
         <br />
         <div class="frmeditheadline">Add Label'.(Security::hasRight($this->data_id, 'add') ? ' or System Metadata' : '').'</div>
@@ -823,7 +822,6 @@
    */
   private function showEntryDetailsSecurity( )
   {
-    global $roscms_intern_account_id;
     global $h_a2;
 
     $stmt=DBConnection::getInstance()->prepare("SELECT data_id, data_name, data_type, data_acl FROM data_".$h_a2." WHERE data_id = :data_id LIMIT 1");
@@ -865,7 +863,7 @@
       <br />
       <br />
       <button type="button" id="beditsavefields" onclick="'."editsavesecuritychanges('".$this->data_id."','".$this->rev_id."')".'">Save Changes</button> &nbsp; 
-      <button type="button" id="beditclear" onclick="'."bshowsecurity(".$this->data_id.",".$this->rev_id.", '".$roscms_intern_account_id."')".'">Clear</button>');
+      <button type="button" id="beditclear" onclick="'."bshowsecurity(".$this->data_id.",".$this->rev_id.", '".$thisuser->id()."')".'">Clear</button>');
   }
 
 
@@ -877,7 +875,6 @@
   private function showEntryDetailsFields( )
   {
     global $h_a;
-    global $roscms_intern_account_id;
   
     echo_strip(
       '<br />
@@ -934,7 +931,7 @@
       </span>
       <br /><br /><br />
       <button type="button" id="beditsavefields" onclick="'."editsavefieldchanges('".$this->data_id."','".$this->rev_id."')".'">Save Changes</button> &nbsp; 
-      <button type="button" id="beditclear" onclick="'."balterfields(".$this->data_id.",".$this->rev_id.", '".$roscms_intern_account_id."')".'">Clear</button>');
+      <button type="button" id="beditclear" onclick="'."balterfields(".$this->data_id.",".$this->rev_id.", '".$thisuser->id()."')".'">Clear</button>');
   }
 
 
@@ -995,7 +992,7 @@
       <br />
       <br />
       <button type="button" id="beditsaveentry" onclick="editsaveentrychanges('.$this->data_id.','.$this->rev_id.')">Save Changes</button> &nbsp;
-      <button type="button" id="beditclear" onclick="'."bshowentry(".$this->data_id.",".$this->rev_id.", '".$roscms_intern_account_id."')".'">Clear</button>');
+      <button type="button" id="beditclear" onclick="'."bshowentry(".$this->data_id.",".$this->rev_id.", '".$thisuser->id()."')".'">Clear</button>');
   }
 
 
@@ -1034,7 +1031,6 @@
    */
   private function showDifference( $rev_id1, $rev_id2 )
   {
-    global $roscms_security_level;
 
     // get archive mode for entry 1
     if (substr($rev_id1, 0, 2) == 'ar') {
@@ -1129,7 +1125,7 @@
               <li>Type: '.$revision1['data_type'].'</li>
               <li>Language: '.$revision1['lang_name'].'</li>
               <li>User: '.$revision1['user_name'].'</li>');
-    if ($roscms_security_level > 1) {
+    if (ThisUser::getInstance()->securityLevel() > 1) {
       echo '<li>ID: '.$revision1['rev_id'].'</li>';
     }
     echo_strip('
@@ -1141,7 +1137,7 @@
               <li>Type: '.$revision2['data_type'].'</li>
               <li>Language: '.$revision2['lang_name'].'</li>
               <li>User: '.$revision2['user_name'].'</li>');
-    if ($roscms_security_level > 1) {
+    if (ThisUser::getInstance()->securityLevel() > 1) {
       echo '<li>ID: '.$revision2['rev_id'].'</li>';
     }
     echo_strip('

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Export.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/roscms/lib/Export.class.php?rev=37569&r1=37568&r2=37569&view=diff
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Export.class.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Export.class.php [iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -28,7 +28,7 @@
 
   public function __construct( )
   {
-    require('login.php');
+    Login::required();
   }
 
 

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Export_HTML.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/roscms/lib/Export_HTML.class.php?rev=37569&r1=37568&r2=37569&view=diff
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Export_HTML.class.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Export_HTML.class.php [iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -330,7 +330,6 @@
    */
   public function processText( $rev_id, $output_type = '' )
   {
-    global $roscms_intern_account_id;
     global $roscms_standard_language_full;
     global $roscms_intern_webserver_pages;
     global $roscms_intern_webserver_roscms;
@@ -396,7 +395,7 @@
     // replace with user_name
     // @FIXME broken logic, or one link too much, which should be removed from Database
     $stmt=DBConnection::getInstance()->prepare("SELECT user_name FROM users WHERE user_id = :user_id LIMIT 1");
-    $stmt->bindParam('user_id',$roscms_intern_account_id);
+    $stmt->bindParam('user_id',ThisUser::getInstance()->id());
     $stmt->execute();
     $user_name = $stmt->fetchColumn();
     $content = str_replace('[#roscms_user]', $user_name, $content); // account that generate
@@ -470,7 +469,6 @@
    */
   private function insertHyperlink( $matches )
   {
-    global $roscms_intern_account_id;
     global $roscms_intern_webserver_pages;
     global $roscms_intern_webserver_roscms;
 
@@ -617,8 +615,6 @@
    */
   private function insertTemplate( $matches )
   {
-    global $roscms_intern_account_id;
-
     // extract the name, e.g. [#templ_about] -> 'about'
     $content_name = substr($matches[0], 8, (strlen($matches[0])-9)); 
 

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Export_Maintain.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/roscms/lib/Export_Maintain.class.php?rev=37569&r1=37568&r2=37569&view=diff
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Export_Maintain.class.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Export_Maintain.class.php [iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -51,9 +51,6 @@
    */
   public function maintain( )
   {
-    global $roscms_security_level;
-    global $roscms_intern_account_id;
-
     global $RosCMS_GET_d_use;
     global $RosCMS_GET_d_value;
     global $RosCMS_GET_d_value2;
@@ -66,13 +63,13 @@
       case 'optimize':
         $stmt=DBConnection::getInstance()->prepare("OPTIMIZE TABLE data_, data_a, data_revision, data_revision_a, data_security, data_stext, data_stext_a, data_tag, data_tag_a, data_tag_name, data_tag_name_a, data_tag_value, data_tag_value_a, data_text, data_text_a, data_user_filter, languages, subsys_mappings, usergroups, usergroup_members, users, user_sessions");
         $stmt->execute();
-        Log::writeHigh('optimize database tables: done by '.$roscms_intern_account_id.' {data_maintain_out}');
+        Log::writeHigh('optimize database tables: done by '.ThisUser::getInstance()->id().' {data_maintain_out}');
         break;
 
       case 'analyze':
         $stmt=DBConnection::getInstance()->exec("ANALYZE TABLE data_, data_a, data_revision, data_revision_a, data_security, data_stext, data_stext_a, data_tag, data_tag_a, data_tag_name, data_tag_name_a, data_tag_value, data_tag_value_a, data_text, data_text_a, data_user_filter, languages, subsys_mappings, usergroups, usergroup_members, users, user_sessions");
         $stmt->execute();
-        Log::writeHigh('analyze database tables: done by '.$roscms_intern_account_id.' {data_maintain_out}');
+        Log::writeHigh('analyze database tables: done by '.ThisUser::getInstance()->id().' {data_maintain_out}');
         break;
 
       case 'genpages':

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Export_QuickInfo.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/roscms/lib/Export_QuickInfo.class.php?rev=37569&r1=37568&r2=37569&view=diff
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Export_QuickInfo.class.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Export_QuickInfo.class.php [iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -45,9 +45,6 @@
    */
   private function getInfo( )
   {
-    global $roscms_intern_account_id;
-    global $roscms_security_level;
-
     global $h_a;
     global $h_a2;
 
@@ -79,14 +76,14 @@
     $stmt=DBConnection::getInstance()->prepare("SELECT n.tn_name, v.tv_value  FROM data_tag".$h_a." a JOIN data_".$h_a2." d ON a.data_id = d.data_id JOIN data_revision".$h_a." r ON a.data_rev_id = r.rev_id JOIN data_tag_name".$h_a." n ON a.tag_name_id = n.tn_id JOIN data_tag_value".$h_a." v ON a.tag_value_id  = v.tv_id WHERE a.data_id IN(0, :data_id) AND a.data_rev_id IN(0, :rev_id) AND a.tag_usrid IN(-1, 0, :user_id) ORDER BY tag_usrid ASC, tn_name ASC");
     $stmt->bindParam('data_id',$revision['data_id'],PDO::PARAM_INT);
     $stmt->bindParam('rev_id',$revision['rev_id'],PDO::PARAM_INT);
-    $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+    $stmt->bindParam('user_id',ThisUser::getInstance()->id(),PDO::PARAM_INT);
     $stmt->execute();
     while ($tag = $stmt->fetch(PDO::FETCH_ASSOC)) {
       echo $t_s.ucfirst($tag['tn_name']).$t_e . $tag['tv_value'].$t_lb;
     }
 
     // show additional data for security level > 1
-    if ($roscms_security_level > 1) {
+    if (ThisUser::getInstance()->securityLevel() > 1) {
       echo $t_s.'Rev-ID'.$t_e.$revision['rev_id'].$t_lb;
       echo $t_s.'Data-ID'.$t_e.$revision['data_id'].$t_lb;
       echo $t_s.'ACL'.$t_e.$revision['data_acl'].$t_lb;

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Export_User.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/roscms/lib/Export_User.class.php?rev=37569&r1=37568&r2=37569&view=diff
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Export_User.class.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Export_User.class.php [iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -51,13 +51,12 @@
    */
   public function search( )
   {
-    global $roscms_security_level;
-    global $roscms_intern_account_id;
-
     global $RosCMS_GET_d_use;
     global $RosCMS_GET_d_flag;
     global $RosCMS_GET_d_value;
     global $RosCMS_GET_d_value2;
+
+    $thisuser = &ThisUser::getInstance();
 
     $usage = $RosCMS_GET_d_use;
     $flag = $RosCMS_GET_d_flag;
@@ -67,12 +66,12 @@
     $new_lang = $RosCMS_GET_d_value2;
     $search_type = $RosCMS_GET_d_value2;
 
-    if (ROSUser::isMemberOfGroup('transmaint') || $roscms_security_level == 3) {
+    if ($thisuser->isMemberOfGroup('transmaint') || $thisuser->securityLevel() == 3) {
       if ($usage == 'usrtbl') {
 
-        if (ROSUser::isMemberOfGroup('transmaint')) {
+        if ($thisuser->isMemberOfGroup('transmaint')) {
           $stmt=DBConnection::getInstance()->prepare("SELECT user_language FROM users WHERE user_id = :user_id LIMIT 1");
-          $stmt->bindParam('user_id',$roscms_intern_account_id);
+          $stmt->bindParam('user_id',$thisuser->id());
           $stmt->execute();
           $user_lang = $stmt->fetchColumn();
 
@@ -88,17 +87,23 @@
         switch ($flag) {
           case 'addmembership':
             // check if user is already member, so we don't add him twice
-            if (!ROSUser::isMemberOfGroup($user_id,$group_id)) {
-            
+            // also check that you don't give accounts a higher seclevel
+            $stmt=DBConnection::getInstance()->prepare("SELECT 1 FROM usergroup_members m JOIN usergroups g ON m.usergroupmember_usergroupid = g.usrgroup_name_id WHERE usergroupmember_userid = :user_id AND usergroupmember_usergroupid = :group_id AND usrgroup_seclev <= :security_level LIMIT 1");
+            $stmt->bindParam('user_id',$user_id,PDO::PARAM_INT);
+            $stmt->bindParam('group_id',$group_id,PDO::PARAM_STR);
+            $stmt->bindParam('security_level',$thisuser->securityLevel(),PDO::PARAM_INT);
+            $stmt->execute();
+            if ($stmt->fetchColumn() === false) {
+
               // insert new membership
               $stmt=DBConnection::getInstance()->prepare("INSERT INTO usergroup_members ( usergroupmember_userid , usergroupmember_usergroupid ) VALUES ( :user_id, :group_id )");
               $stmt->bindParam('user_id',$user_id,PDO::PARAM_INT);
               $stmt->bindParam('group_id',$group_id,PDO::PARAM_INT);
               $stmt->execute();
               if ($user_lang !== false) {
-                Log::writeLangMedium("add user account membership: user-id=".$user_id.", group-id=".$RosCMS_GET_d_value2." done by ".$roscms_intern_account_id." {data_user_out}", $user_lang);
-              }
-              Log::writeMedium('add user account membership: user-id='.$user_id.', group-id='.$group_id.' done by '.$roscms_intern_account_id.' {data_user_out}');
+                Log::writeLangMedium("add user account membership: user-id=".$user_id.", group-id=".$RosCMS_GET_d_value2." done by ".$thisuser->id()." {data_user_out}", $user_lang);
+              }
+              Log::writeMedium('add user account membership: user-id='.$user_id.', group-id='.$group_id.' done by '.$thisuser->id().' {data_user_out}');
             }
             // preselect displayed content
             $flag = 'detail';
@@ -110,16 +115,16 @@
             $stmt->bindParam('group_id',$group_id,PDO::PARAM_INT);
             $stmt->execute();
             if ($user_lang !== false) {
-              Log::writeLangMedium('delete user account membership: user-id='.$user_id.', group-id='.$group_id.' done by '.$roscms_intern_account_id.' {data_user_out}', $user_lang);
-            }
-            Log::writeMedium('delete user account membership: user-id='.$user_id.', group-id='.$group_id.' done by '.$roscms_intern_account_id.' {data_user_out}');
+              Log::writeLangMedium('delete user account membership: user-id='.$user_id.', group-id='.$group_id.' done by '.$thisuser->id().' {data_user_out}', $user_lang);
+            }
+            Log::writeMedium('delete user account membership: user-id='.$user_id.', group-id='.$group_id.' done by '.$thisuser->id().' {data_user_out}');
             // preselect displayed content
             $flag = 'detail';
             break;
 
           case 'accountdisable':
             // only with admin rights
-            if ($roscms_security_level == 3) {
+            if ($thisuser->securityLevel() == 3) {
               $stmt=DBConnection::getInstance()->prepare("UPDATE users SET user_account_enabled = 'no' WHERE user_id = :user_id");
               $stmt->bindParam('user_id',$user_id,PDO::PARAM_INT);
               $stmt->execute();
@@ -130,7 +135,7 @@
 
           case 'accountenable':
             // enable account only with admin rights
-            if ($roscms_security_level == 3) {
+            if ($thisuser->securityLevel() == 3) {
               // enable account only, if he has already activated his account
               $stmt=DBConnection::getInstance()->prepare("UPDATE users SET user_account_enabled = 'yes' WHERE user_register_activation = '' AND user_id = :user_id");
               $stmt->bindParam('user_id',$user_id,PDO::PARAM_INT);
@@ -146,9 +151,9 @@
             $stmt->bindParam('user_id',$user_id);
             $stmt->execute();
             if ($user_lang) {
-              Log::writeLangMedium('change user account language: user-id='.$user_id.', lang-id='.$group_id.' done by '.$roscms_intern_account_id.' {data_user_out}', $user_lang);
-            }
-            Log::writeMedium('change user account language: user-id='.$user_id.', lang-id='.$group_id.' done by '.$roscms_intern_account_id.' {data_user_out}');
+              Log::writeLangMedium('change user account language: user-id='.$user_id.', lang-id='.$group_id.' done by '.$thisuser->id().' {data_user_out}', $user_lang);
+            }
+            Log::writeMedium('change user account language: user-id='.$user_id.', lang-id='.$group_id.' done by '.$thisuser->id().' {data_user_out}');
             // preselect displayed content
             $flag = 'detail';
             break;
@@ -217,7 +222,7 @@
                 <legend>Details for \''.$user['user_name'].'\'</legend>
                 <p><strong>Name:</strong> '.$user['user_name'].' ('.$user['user_fullname'].') ['.$user['user_id'].']</p>
                 <p><strong>Lang:</strong> '.$user['user_language'].'</p>');
-            if ($roscms_security_level == 3) {
+            if ($thisuser->securityLevel() == 3) {
               echo_strip('
                 <p><strong>E-Mail:</strong> '.$user['user_email'].'</p>
                 <p><strong>Latest Login:</strong> '.$user['visit'].'; '.$user['visitcount'].' logins</p>
@@ -239,7 +244,7 @@
             while ($user = $stmt->fetch(PDO::FETCH_ASSOC)) {
 
               echo '<li>'.$user['usrgroup_name'].' ';
-              if ($roscms_security_level == 3) {
+              if ($thisuser->securityLevel() == 3) {
                 echo_strip('
                   &nbsp;
                   <span class="frmeditbutton" onclick="'."delmembership(".$user_id.", '".$user['usrgroup_name_id']."')".'">
@@ -251,15 +256,15 @@
             } // end while
             echo '</ul>';
 
-            if ($roscms_security_level == 3) {
+            if ($thisuser->securityLevel() == 3) {
               echo '<select id="cbmmemb" name="cbmmemb">';
               $stmt=DBConnection::getInstance()->prepare("SELECT usrgroup_name_id, usrgroup_name FROM usergroups WHERE usrgroup_seclev  <= :sec_level ORDER BY usrgroup_name ASC");
-              $stmt->bindParam('sec_level',$roscms_security_level,PDO::PARAM_INT);
+              $stmt->bindParam('sec_level',$thisuser->securityLevel(),PDO::PARAM_INT);
               $stmt->execute();
               while ($group = $stmt->fetch(PDO::FETCH_ASSOC)) {
 
                 // only super admin can give super admin rights
-                if (ROSUser::isMemberOfGroup('ros_sadmin') || $group['usrgroup_name_id'] != 'ros_sadmin') {
+                if ($group['usrgroup_name'] != 'sadmin' || $thisuser->isMemberOfGroup('ros_sadmin')) {
                   echo '<option value="'.$group['usrgroup_name_id'].'">'.$group['usrgroup_name'].'</option>';
                 }
               }
@@ -276,12 +281,12 @@
               echo_strip('</select>
               <input type="button" name="addusrlang" id="addusrlang" value="Update User language" onclick="'."updateusrlang(".$user_id.", document.getElementById('cbmusrlang').value)".'" /><br />');
             }
-            elseif (ROSUser::isMemberOfGroup('transmaint')) {
+            elseif ($thisuser->isMemberOfGroup('transmaint')) {
               echo_strip('<input type="button" name="addmemb" id="addmemb" value="Make this User a Translator" onclick="'."addmembership(".$user_id.", 'translator')".'" />
                 <br />
                 <br />');
               $stmt=DBConnection::getInstance()->prepare("SELECT user_language FROM users WHERE user_id = :user_id LIMIT 1");
-              $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+              $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
               $stmt->execute();
               $user_lang = $stmt->fetchColumn();
 

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Export_XML.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/roscms/lib/Export_XML.class.php?rev=37569&r1=37568&r2=37569&view=diff
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Export_XML.class.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Export_XML.class.php [iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -89,9 +89,6 @@
    */
   public function page_table_main( $data_name, $filter, $page_offset = 0 )
   {
-    global $roscms_intern_account_id;
-    global $roscms_security_level;
-
     // set headers, do not cache !
     header('Content-type: text/xml');
     header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');    // Date in the past
@@ -124,12 +121,18 @@
    */
   private function generateXML( $page_offset = 0 )
   {
-    global $roscms_intern_account_id;
-    global $roscms_security_level;
+    $thisuser = &ThisUser::getInstance();
 
     $tdata = '';
     $row_counter = 1;
-    $column_array = explode('|', substr($this->column_list,1,-1)); // prevent from additional entries caused by '|' at start and end
+    $this->column_list = substr($this->column_list,1,-1);// prevent from additional entries caused by '|' at start and end
+    if ($this->column_list === '') {
+      $column_array = array();
+    }
+    else {
+      $column_array = explode('|', $this->column_list);
+    
+    }
 
     // check if there are entries which are found by filter settings
     $stmt=DBConnection::getInstance()->prepare("SELECT COUNT('d.data_id') FROM data_revision".$this->a." r, data_".$this->a2." d ".$this->sql_from." , data_security y WHERE r.rev_version >= 0 AND r.data_id = d.data_id  AND d.data_acl = y.sec_name AND y.sec_branch = 'website' ". Security::getACL('read') ." ". $this->sql_where);
@@ -145,7 +148,7 @@
       echo $ptm_entries.'<table>';
 
       // start table header
-      $tdata .= "    <view curpos=\"".$page_offset."\" pagelimit=\"".$this->page_limit."\" pagemax=\"".$ptm_entries."\" tblcols=\"".$this->column_list."\" /> \n";
+      $tdata .= "    <view curpos=\"".$page_offset."\" pagelimit=\"".$this->page_limit."\" pagemax=\"".$ptm_entries."\" tblcols=\"|".$this->column_list."|\" /> \n";
 
       // prepare for usage in loop
       $stmt_trans=DBConnection::getInstance()->prepare("SELECT d.data_id, d.data_name, d.data_type, r.rev_id, r.rev_version, r.rev_language, r.rev_datetime, r.rev_date, r.rev_usrid FROM data_".$this->a2." d, data_revision".$this->a." r WHERE d.data_id = :data_id AND r.rev_version > 0 AND d.data_id = r.data_id AND r.rev_language = :lang LIMIT 1");
@@ -166,7 +169,7 @@
       }
 
       // proceed entries
-      $stmt=DBConnection::getInstance()->prepare("SELECT d.data_id, d.data_name, d.data_type, d.data_acl, r.rev_id, r.rev_version, r.rev_language, r.rev_datetime, r.rev_date, r.rev_usrid  ".$this->sql_select." , y.sec_lev".$roscms_security_level."_write FROM data_revision".$this->a." r, data_".$this->a2." d ".$this->sql_from." , data_security y WHERE r.rev_version >= 0 AND r.data_id = d.data_id AND d.data_acl = y.sec_name AND y.sec_branch = 'website' ". Security::getACL('read') ." ". $this->sql_where ." ". $this->sql_order ." LIMIT :limit OFFSET :offset");
+      $stmt=DBConnection::getInstance()->prepare("SELECT d.data_id, d.data_name, d.data_type, d.data_acl, r.rev_id, r.rev_version, r.rev_language, r.rev_datetime, r.rev_date, r.rev_usrid  ".$this->sql_select." , y.sec_lev".$thisuser->securityLevel()."_write FROM data_revision".$this->a." r, data_".$this->a2." d ".$this->sql_from." , data_security y WHERE r.rev_version >= 0 AND r.data_id = d.data_id AND d.data_acl = y.sec_name AND y.sec_branch = 'website' ". Security::getACL('read') ." ". $this->sql_where ." ". $this->sql_order ." LIMIT :limit OFFSET :offset");
       $stmt->bindValue('limit',0+$this->page_limit,PDO::PARAM_INT);
       $stmt->bindValue('offset',0+$page_offset,PDO::PARAM_INT);
       $stmt->execute();
@@ -250,10 +253,10 @@
         }
 
         // care about bookmark visibility
-        if (Tag::getValueByUser($row['data_id'], $row['rev_id'], 'star', $roscms_intern_account_id) == 'on') {
+        if (Tag::getValueByUser($row['data_id'], $row['rev_id'], 'star', $thisuser->id()) == 'on') {
           $star_state = '1';
         }
-        $star_id = Tag::getIdByUser($row['data_id'], $row['rev_id'], 'star', $roscms_intern_account_id);
+        $star_id = Tag::getIdByUser($row['data_id'], $row['rev_id'], 'star', $thisuser->id());
 
         // get page title
         $stmt_stext->bindParam('rev_id',$row['rev_id'],PDO::PARAM_INT);
@@ -346,9 +349,8 @@
    */
   private function generateFilterSQL( $filter )
   {
-    global $roscms_intern_account_id;
-    global $roscms_security_level;
-
+    $thisuser = &ThisUser::getInstance();
+  
     // check if there is something to do
     if ($filter == '') {
       return;
@@ -672,12 +674,12 @@
     if ($entries_private <= 0 && $entries_system <= 0 && $entries_public <= 0) { 
 
       // everything except draft
-      if ($roscms_security_level == 3) { 
+      if ($thisuser->securityLevel() == 3) { 
         $this->sql_where .= " AND (n.tn_name = 'status' AND v.tv_value != 'draft') ";
       }
 
       // new, stable and unknown (if more than translator)
-      if ($roscms_security_level == 2) { 
+      if ($thisuser->securityLevel() == 2) { 
         $this->sql_where .= " AND (n.tn_name = 'status' AND (v.tv_value = 'new' OR v.tv_value = 'stable' OR v.tv_value = 'unknown')) ";
       }
       else {
@@ -687,7 +689,7 @@
       // set additional needed sql
       $this->sql_select .= ", n.tn_name, v.tv_value ";
       $this->sql_from .= ", data_tag".$this->a." a, data_tag_name".$this->a." n, data_tag_value".$this->a." v ";
-      $this->sql_where .= " AND r.data_id = a.data_id AND r.rev_id = a.data_rev_id AND a.tag_usrid IN(-1, 0, ".DBConnection::getInstance()->quote($roscms_intern_account_id,PDO::PARAM_INT).") AND a.tag_name_id = n.tn_id AND a.tag_value_id  = v.tv_id ";
+      $this->sql_where .= " AND r.data_id = a.data_id AND r.rev_id = a.data_rev_id AND a.tag_usrid IN(-1, 0, ".DBConnection::getInstance()->quote($thisuser->id(),PDO::PARAM_INT).") AND a.tag_name_id = n.tn_id AND a.tag_value_id  = v.tv_id ";
     }
 
     // construct additioanl sql for tag-usage from filter
@@ -695,17 +697,17 @@
       for ($i = 1; $i <= $tag_counter; $i++) {
         $this->sql_select .= ", n".$i.".tn_name, v".$i.".tv_value ";
         $this->sql_from .= ", data_tag".$this->a." a".$i.", data_tag_name".$this->a." n".$i.", data_tag_value".$this->a." v".$i." ";
-        $this->sql_where .= " AND r.data_id = a".$i.".data_id AND r.rev_id = a".$i.".data_rev_id AND (a".$i.".tag_usrid = '-1' OR a".$i.".tag_usrid = '0' OR a".$i.".tag_usrid = ".DBConnection::getInstance()->quote($roscms_intern_account_id,PDO::PARAM_INT).") AND a".$i.".tag_name_id = n".$i.".tn_id AND a".$i.".tag_value_id  = v".$i.".tv_id ";
+        $this->sql_where .= " AND r.data_id = a".$i.".data_id AND r.rev_id = a".$i.".data_rev_id AND (a".$i.".tag_usrid = '-1' OR a".$i.".tag_usrid = '0' OR a".$i.".tag_usrid = ".DBConnection::getInstance()->quote($thisuser->id(),PDO::PARAM_INT).") AND a".$i.".tag_name_id = n".$i.".tn_id AND a".$i.".tag_value_id  = v".$i.".tv_id ";
       }
     }
 
     // make sure only private drafts are visible
-    if ($roscms_security_level < 3 && $entries_private > 0) {
-      $this->sql_where .= " AND r.rev_usrid = '".$roscms_intern_account_id."' ";
+    if ($thisuser->securityLevel() < 3 && $entries_private > 0) {
+      $this->sql_where .= " AND r.rev_usrid = '".$thisuser->id()."' ";
     }
 
     // either show draft (private) OR stable & new (public) entries,   private AND public entries together are NOT allowed => block 
-    if ($roscms_security_level < 2 && (($entries_private > 0 && $entries_public > 0) || $entries_system > 0)) {
+    if ($thisuser->securityLevel() < 2 && (($entries_private > 0 && $entries_public > 0) || $entries_system > 0)) {
       $this->sql_select = "";
       $this->sql_from   = "";
       $this->sql_where  = " FALSE ";

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS.class.php?rev=37569&r1=37568&r2=37569&view=diff
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS.class.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS.class.php [iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -37,8 +37,8 @@
   public function __construct( $page_title = '' )
   {
     // need to have a logged in user with minimum security level 1
-    require('login.php');
-    if ($roscms_security_level == 0) {
+    Login::required();
+    if (ThisUser::getInstance()->securityLevel() == 0) {
       header('location:?page=nopermission');
     }
 
@@ -65,17 +65,26 @@
    */
   private function navigation( )
   {
-    global $roscms_security_level;
-    global $roscms_security_memberships;
-    global $roscms_intern_login_check_username;
     global $roscms_intern_page_link;
     global $roscms_intern_webserver_pages, $roscms_intern_page_link;
+
+    $thisuser = &ThisUser::getInstance();
+
+    // generate list of memberships
+    $group_list = '';
+    $groups = $thisuser->getGroups();
+    foreach($groups as $group_name => $security_level) {
+      $group_list .= ($group_list!=''?',':'').$group_name;
+    }
+
+    // get security level
+    $security_level = $thisuser->securityLevel();
 
     // get selected navigation entry
     echo_strip('
       <div id="myReactOS" style="padding-right: 10px;">
-        <strong>'.$roscms_intern_login_check_username.'</strong>
-        '.(($roscms_security_level > 1) ? '| SecLev: '.$roscms_security_level.' ('. str_replace('|', ', ', substr($roscms_security_memberships, 1, -2)) .')' : '').'
+        <strong>'.$thisuser->name().'</strong>
+        '.(($security_level > 1) ? '| SecLev: '.$security_level.' ('. $group_list .')' : '').'
         |
         <span onclick="pagerefresh()" style="color:#006090; cursor:pointer;">
           <img src="images/reload.gif" alt="reload page" width="16" height="16" />
@@ -108,7 +117,7 @@
               </th>
               <td>&nbsp;&nbsp;</td>');
 
-    if (ROSUser::isMemberOfGroup('transmaint','ros_admin','ros_sadmin')) {
+    if ($thisuser->isMemberOfGroup('transmaint','ros_admin','ros_sadmin')) {
       echo_strip('
         <th class="int'.(($this->branch == 'user') ? '2' : '1').'" onclick="'."roscms_mainmenu('user')".'">
           <div class="tc1">
@@ -121,7 +130,7 @@
         <td>&nbsp;&nbsp;</td>');
     }
 
-    if ($roscms_security_level == 3) {
+    if ($thisuser->securityLevel() == 3) {
       echo_strip('
         <th class="int'.(($this->branch == 'maintain') ? '2' : '1').'" onclick="'."roscms_mainmenu('maintain')".'">
           <div class="tc1">

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Maintain.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Maintain.class.php?rev=37569&r1=37568&r2=37569&view=diff
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Maintain.class.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Maintain.class.php [iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -52,10 +52,9 @@
   protected function body( )
   {
     global $roscms_intern_page_link;
-    global $roscms_security_level;
 
     // check if user has rights for this area
-    if ($roscms_security_level > 3) {
+    if (ThisUser::getInstance()->securityLevel() < 3) {
       return;
     }
 
@@ -97,7 +96,7 @@
       <img id="ajaxloading" style="display:none;" src="images/ajax_loading.gif" width="13" height="13" alt="" />
       <br />');
 
-    if (ROSUser::isMemberOfGroup('ros_sadmin')) {
+    if (ThisUser::getInstance()->isMemberOfGroup('ros_sadmin')) {
 
       // display logs
       echo_strip('

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_User.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_User.class.php?rev=37569&r1=37568&r2=37569&view=diff
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_User.class.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_User.class.php [iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -52,8 +52,10 @@
   protected function body( )
   {
     global $roscms_standard_language;
-  
-    if (!ROSUser::isMemberOfGroup('transmaint','ros_admin','ros_sadmin')) {
+
+    $thisuser = &ThisUser::getInstance();
+
+    if (!$thisuser->isMemberOfGroup('transmaint','ros_admin','ros_sadmin')) {
       return;
     }
 
@@ -63,10 +65,10 @@
       <p style="font-weight: bold;">User Account Management Interface</p>
       <br />');
       
-    if (ROSUser::isMemberOfGroup('ros_admin','ros_sadmin')) {
+    if ($thisuser->isMemberOfGroup('ros_admin','ros_sadmin')) {
       echo '<h3>Administrator</h3>';
     }
-    elseif (ROSUser::isMemberOfGroup('transmaint')) {
+    elseif ($thisuser->isMemberOfGroup('transmaint')) {
       echo '<h3>Language Maintainer</h3>';
       $stmt=DBConnection::getInstance()->prepare("SELECT d.data_id, u.user_id, u.user_name, u.user_fullname, u.user_language, COUNT(r.data_id) as 'editcounter' FROM data_a d, data_revision r, users u WHERE r.data_id = d.data_id AND r.rev_usrid = u.user_id AND rev_version  > 0  AND r.rev_language = :lang GROUP BY u.user_name ORDER BY editcounter DESC, u.user_name");
       $stmt->bindParam('lang',$roscms_standard_language,PDO::PARAM_STR);

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Website.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Website.class.php?rev=37569&r1=37568&r2=37569&view=diff
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Website.class.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Website.class.php [iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -56,13 +56,12 @@
    */
   protected function body( )
   {
-    global $roscms_intern_account_id;
-    global $roscms_intern_login_check_username;
-    global $roscms_security_level;
     global $roscms_standard_language;
     global $roscms_standard_language_trans;
     global $roscms_intern_webserver_roscms;
     global $roscms_intern_page_link;
+
+    $thisuser = &ThisUser::getInstance();
 
     echo_strip('
       <noscript>
@@ -98,21 +97,21 @@
         var roscms_page_load_finished = false;
 
         // map php vars
-        var roscms_intern_account_id = ".$roscms_intern_account_id.";
+        var roscms_intern_account_id = ".$thisuser->id().";
         var roscms_standard_language = '".$roscms_standard_language."';
         var roscms_standard_language_trans = '".$roscms_standard_language_trans."';
-        var roscms_intern_login_check_username = '".$roscms_intern_login_check_username."';
+        var roscms_intern_login_check_username = '".$thisuser->name()."';
         var roscms_intern_webserver_roscms = '".$roscms_intern_webserver_roscms."';
         var roscms_intern_page_link = '".$roscms_intern_page_link."';
         var roscms_get_edit = '".(isset($_GET['edit']) ? $RosCMS_GET_cms_edit : '')."';
-        var roscms_access_level = ".$roscms_security_level.";
-        var roscms_cbm_hide = '".(($roscms_security_level > 1) ? '' : ' disabled="disabled" style="color:#CCCCCC;"')."'; // disable combobox entries for novice user
+        var roscms_access_level = ".$thisuser->securityLevel().";
+        var roscms_cbm_hide = '".(($thisuser->securityLevel() > 1) ? '' : ' disabled="disabled" style="color:#CCCCCC;"')."'; // disable combobox entries for novice user
 
         // favorite user language
         ";
 
     $stmt=DBConnection::getInstance()->prepare("SELECT user_language FROM users WHERE user_id = :user_id LIMIT 1");
-    $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+    $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
     $stmt->execute();
     $user_lang = $stmt->fetchColumn();
 
@@ -150,13 +149,13 @@
 
       <div class="roscms_container" style="border: 1px dashed white; z-index: 2;">
         <div class="tabmenu" style="position: absolute; top: 0px; width: 150px; left: 0px; border: 0px; z-index:1;">
-          <div id="smenutab1" class="submb" onclick="smenutab_open(this.id)"'.(($roscms_security_level == 1 || ROSUser::isMemberOfGroup("transmaint")) ? ' style="display:none;"' : '').'>
+          <div id="smenutab1" class="submb" onclick="smenutab_open(this.id)"'.(($thisuser->securityLevel() == 1 || $thisuser->isMemberOfGroup('transmaint')) ? ' style="display:none;"' : '').'>
             <div class="subm1">
               <div id="smenutabc1" class="subm2" style="font-weight: bold;">New Entry</div>
             </div>
           </div>');
 
-    if ($roscms_security_level > 1) {
+    if ($thisuser->securityLevel() > 1) {
       echo '<div style="background: white none repeat scroll 0%;">&nbsp;</div>';
     }
 
@@ -167,7 +166,7 @@
             </div>
           </div>
 
-          <div id="smenutab3" class="submb" onclick="smenutab_open(this.id)"'.(($roscms_security_level == 1 || ROSUser::isMemberOfGroup("transmaint")) ? ' style="display:none;"' : '').'>
+          <div id="smenutab3" class="submb" onclick="smenutab_open(this.id)"'.(($thisuser->securityLevel() == 1 || $thisuser->isMemberOfGroup('transmaint')) ? ' style="display:none;"' : '').'>
             <div class="subm1">
               <div id="smenutabc3" class="subm2">Page</div>
             </div>
@@ -177,12 +176,12 @@
               <div id="smenutabc4" class="subm2">Content</div>
             </div>
           </div>
-          <div id="smenutab5" class="submb" onclick="smenutab_open(this.id)"'.(($roscms_security_level == 1 || ROSUser::isMemberOfGroup("transmaint")) ? ' style="display:none;"' : '').'>
+          <div id="smenutab5" class="submb" onclick="smenutab_open(this.id)"'.(($thisuser->securityLevel() == 1 || $thisuser->isMemberOfGroup('transmaint')) ? ' style="display:none;"' : '').'>
             <div class="subm1">
               <div id="smenutabc5" class="subm2">Template</div>
             </div>
           </div>
-          <div id="smenutab6" class="submb" onclick="smenutab_open(this.id)"'.(($roscms_security_level == 1 || ROSUser::isMemberOfGroup("transmaint")) ? ' style="display:none;"' : '').'>
+          <div id="smenutab6" class="submb" onclick="smenutab_open(this.id)"'.(($thisuser->securityLevel() == 1 || $thisuser->isMemberOfGroup('transmaint')) ? ' style="display:none;"' : '').'>
             <div class="subm1">
               <div id="smenutabc6" class="subm2">Script</div>
             </div>
@@ -303,7 +302,7 @@
                       <div style="border: 0px dashed red; position: absolute; top: 9px; right: 13px; text-align:right; white-space: nowrap;">
                         <select name="favlangopt" id="favlangopt" style="vertical-align: top; width: 22ex;" onchange="setlang(this.value)">');
 
-    $user_lang = ROSUser::getLanguage($roscms_intern_account_id, true);
+    $user_lang = ROSUser::getLanguage($thisuser->id(), true);
 
     $stmt=DBConnection::getInstance()->prepare("SELECT lang_id, lang_name FROM languages WHERE lang_level > '0' ORDER BY lang_name ASC");
     $stmt->execute();

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Welcome.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Welcome.class.php?rev=37569&r1=37568&r2=37569&view=diff
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Welcome.class.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Welcome.class.php [iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -47,7 +47,6 @@
    */
   protected function body( )
   {
-    global $roscms_intern_account_id;
     global $roscms_standard_language;
 
     echo_strip('
@@ -65,10 +64,10 @@
       <p style="font-weight: bold;">');echo Data::getContent('web_news', 'system', 'en', 'heading', 'stext').'</p>'.
       Data::getContent('web_news', 'system', 'en', 'content', 'text').'<br />';
 
-      if (ROSUser::isMemberOfGroup('translator', 'transmaint')) {
+      if (ThisUser::getInstance()->isMemberOfGroup('translator', 'transmaint')) {
     
         $stmt=DBConnection::getInstance()->prepare("SELECT user_language FROM users WHERE user_id = :user_id LIMIT 1");
-        $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+        $stmt->bindParam('user_id',ThisUser::getInstance()->id(),PDO::PARAM_INT);
         $stmt->execute();
         $user_lang = $stmt->fetchColumn();
 

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User.class.php?rev=37569&r1=37568&r2=37569&view=diff
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User.class.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User.class.php [iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -54,15 +54,14 @@
    */
   private function navigation( )
   {
-    global $roscms_intern_account_id;
     global $roscms_intern_webserver_pages;
     global $roscms_intern_webserver_roscms;
     global $roscms_SET_path_ex;
     global $rdf_uri_str;
     global $rpm_lang;
     global $roscms_langres;
-    global $roscms_intern_login_check_username;
-    global $roscms_security_level;
+
+    $thisuser = &ThisUser::getInstance();
 
     echo_strip('
       <table style="border:0" width="100%" cellpadding="0" cellspacing="0">
@@ -78,15 +77,15 @@
             </ol>
             <br />');
 
-    if ($roscms_intern_account_id > 0) {
+    if ($thisuser->id() > 0) {
       echo_strip('
         <div class="navTitle">'.$roscms_langres['Account'].'</div>
         <ol>
-          <li title="'.$roscms_intern_login_check_username.'">&nbsp;Nick:&nbsp;'.substr($roscms_intern_login_check_username, 0, 9).'</li>
+          <li title="'.$thisuser->name().'">&nbsp;Nick:&nbsp;'.substr($thisuser->name(), 0, 9).'</li>
           <li><a href="'.$roscms_SET_path_ex.'my/">My Profile</a></li>
           <li><a href="'.$roscms_SET_path_ex.'search/">User Search</a></li>
           <li><a href="'.$roscms_intern_webserver_pages.'peoplemap/">User Map</a></li>');
-      if ($roscms_security_level > 0) {
+      if ($thisuser->securityLevel() > 0) {
         echo '<li><a href="'.$roscms_intern_webserver_roscms.'?page=data&amp;branch=welcome">RosCMS Interface</a></li>';
       }
       echo_strip('

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Profile.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Profile.class.php?rev=37569&r1=37568&r2=37569&view=diff
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Profile.class.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Profile.class.php [iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -36,7 +36,7 @@
    */
   public function __construct( $page_title = '', $search = false)
   {
-    require('login.php');
+    Login::required();
     $this->search = $search;
     parent::__construct( $page_title );
   }
@@ -49,7 +49,6 @@
    */
   protected function body( )
   {
-    global $roscms_intern_account_id;
     global $rdf_uri_2;
     global $roscms_SET_path_ex;
 
@@ -115,7 +114,7 @@
       }
     }
     else {
-      $this->profile($roscms_intern_account_id);
+      $this->profile(ThisUser::getInstance()->id());
     }
   }
 
@@ -126,11 +125,11 @@
    */
   private function profile( $user_id = null )
   {
-    global $roscms_intern_account_id;
     global $roscms_SET_path_ex;
     global $roscms_intern_webserver_pages;
     global $rdf_name;
-    global $roscms_security_level;
+
+    $thisuser = &ThisUser::getInstance();
 
     $stmt=DBConnection::getInstance()->prepare("SELECT user_id, user_name, user_register, user_fullname, user_email, user_email_activation, user_website, user_country, user_timezone, user_occupation, user_setting_multisession, user_setting_browseragent, user_setting_ipaddress, user_setting_timeout, user_language FROM users WHERE user_id = :user_id LIMIT 1");
     $stmt->bindparam('user_id',$user_id,PDO::PARAM_INT);
@@ -177,7 +176,7 @@
     }
 
     // email only for the user itself or admins
-    if ($profile['user_id'] == $roscms_intern_account_id || $roscms_security_level == 3) {
+    if ($profile['user_id'] == $thisuser->id() || $thisuser->securityLevel() == 3) {
       echo_strip('
         <div class="login-form">
           <div class="u-desc">E-Mail Address </div>
@@ -241,7 +240,7 @@
     }
 
     // Groups (only for user itself) and admins
-    if ($profile['user_id'] == $roscms_intern_account_id || $roscms_security_level == 3) {
+    if ($profile['user_id'] == $thisuser->id() || $thisuser->securityLevel() == 3) {
       echo_strip('
         <div class="login-form">
           <div class="u-desc">User Groups</div>
@@ -261,12 +260,12 @@
     // Location
     echo_Strip('
         <div class="login-form">
-          <a href="'.$roscms_intern_webserver_pages.'peoplemap/" style="color:#333333 !important; text-decoration:underline; font-weight:bold;">'.($profile['user_id']==$roscms_intern_account_id ? 'My ' : '').'Location on the Map</a>
+          <a href="'.$roscms_intern_webserver_pages.'peoplemap/" style="color:#333333 !important; text-decoration:underline; font-weight:bold;">'.($profile['user_id']==$thisuser->id() ? 'My ' : '').'Location on the Map</a>
         </div>
       </div>');
 
     // show edit or search link (depending if the current user is searched user)
-    if ($profile['user_id'] == $roscms_intern_account_id) {
+    if ($profile['user_id'] == $thisuser->id()) {
       echo_strip('
         <div>&nbsp;</div>
         <div class="u-link"><a href="'.$roscms_SET_path_ex.'my/edit/">Edit My Profile</a></div>

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_ProfileEdit.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_ProfileEdit.class.php?rev=37569&r1=37568&r2=37569&view=diff
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_ProfileEdit.class.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_ProfileEdit.class.php [iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -33,7 +33,7 @@
    */
   public function __construct()
   {
-    require('login.php');
+    Login::required();
     session_start();
     parent::__construct();
   }
@@ -46,7 +46,6 @@
    */
   protected function body( )
   {
-    global $roscms_intern_account_id;
     global $roscms_SET_path_ex;
     global $rdf_uri_3;
     global $rdf_name_long;
@@ -89,7 +88,7 @@
                     <div style="text-align:center; padding: 4px; ">');
 
     $stmt=DBConnection::getInstance()->prepare("SELECT user_id, user_name, user_fullname, user_email, user_email_activation, user_website, user_country, user_timezone, user_occupation, user_setting_multisession, user_setting_browseragent, user_setting_ipaddress, user_setting_timeout FROM users WHERE user_id = :user_id LIMIT 1");
-    $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+    $stmt->bindParam('user_id',ThisUser::getInstance()->id(),PDO::PARAM_INT);
     $stmt->execute();
     $profile = $stmt->fetchOnce();
 

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Log.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/roscms/lib/Log.class.php?rev=37569&r1=37568&r2=37569&view=diff
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Log.class.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Log.class.php [iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -44,9 +44,7 @@
    */
   public static function prepareInfo( $data_id,  $rev_id )
   {
-    global $roscms_intern_account_id;
-
-    return ' [dataid: '.$data_id.'; revid: '.$rev_id.'; userid: '.$roscms_intern_account_id.'; security: '.Security::rightsOverview($data_id).'] ';
+    return ' [dataid: '.$data_id.'; revid: '.$rev_id.'; userid: '.ThisUser::getInstance()->id().'; security: '.Security::rightsOverview($data_id).'] ';
   } // end of member function prepare_info
 
 
@@ -170,7 +168,6 @@
    */
   private function write( $log_str,  $log_mode = 3,  $log_entry = 'log_website_' )
   {
-    global $roscms_intern_account_id;
     global $roscms_standard_language;
 
     // get current log id
@@ -204,7 +201,7 @@
       $stmt=DBConnection::getInstance()->prepare("INSERT INTO data_revision_a ( rev_id , data_id , rev_version , rev_language , rev_usrid , rev_datetime , rev_date , rev_time ) VALUES ( NULL, :data_id, '1', :lang, :user_id, NOW(), CURDATE(), CURTIME() )");
       $stmt->bindParam('data_id',$log_id,PDO::PARAM_INT);
       $stmt->bindParam('lang',$roscms_standard_language,PDO::PARAM_STR);
-      $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+      $stmt->bindParam('user_id',ThisUser::getInstance()->id(),PDO::PARAM_INT);
       $stmt->execute();
 
       // get the new log revison id
@@ -261,7 +258,7 @@
 
       // get a username, who is responsible for this log
       $stmt=DBConnection::getInstance()->prepare("SELECT user_name FROM users WHERE user_id = :user_id LIMIT 1");
-      $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+      $stmt->bindParam('user_id',ThisUser::getInstance()->id(),PDO::PARAM_INT);
       $stmt->execute();
       $username = $stmt->fetchColumn();
 

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Login.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/roscms/lib/Login.class.php?rev=37569&r1=37568&r2=37569&view=diff
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Login.class.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Login.class.php [iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -2,6 +2,7 @@
     /*
     RosCMS - ReactOS Content Management System
     Copyright (C) 2005  Ge van Geldorp <gvg at reactos.org>
+                  2005  Klemens Friedl <frik85 at reactos.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -150,5 +151,60 @@
     exit;
   } // end of member function login
 
+
+  /**
+   * User Settings:
+   * user_setting_multisession == "true" (default: false) [multi sessions are allowed for this user]
+   * user_setting_browseragent == "true" (default: true) [no one should deactivate ("false") this option or only if he change the user agent very often (e.g. in opera: IE <=> Opera)]
+   * user_setting_ipaddress == "true" (default: true) [IP address check; avoid this setting if the user is behind a proxy or use more than one pc the same time (a possible security risk, but some persons wanted that behavior ...); Note: this is a per user setting, everyone can change it!]
+   * user_setting_timeout == "true" (default: false) [NO timeout; so user can use the ros homepage systems without to login everytime]
+   *
+   * @access public
+   */
+  public static function required( )
+  {
+
+    // check if user wants to logout
+    if (isset($_POST['logout'])) {
+      header('location:?page=logout');
+    }
+
+    // get current location (for redirection, if the login succeds)
+    $target = $_SERVER[ 'PHP_SELF' ];
+    if ( IsSet( $_SERVER[ 'QUERY_STRING' ] ) ) {
+      $target .= '?'.$_SERVER[ 'QUERY_STRING' ];
+    }
+
+    // get information about script executer
+    $user_id = Login::in(Login::REQUIRED, $target);
+    if ($user_id == 0) {
+      die('Could not Login.');
+    }
+
+    // get user data
+    $stmt=DBConnection::getInstance()->prepare("SELECT user_id, user_name, user_roscms_password, user_timestamp_touch, user_setting_timeout, user_login_counter, user_account_enabled, user_setting_multisession, user_setting_browseragent, user_setting_ipaddress FROM users WHERE user_id = :user_id LIMIT 1");
+    $stmt->bindparam('user_id',$user_id,PDO::PARAM_INT);
+    $stmt->execute() or die('DB error (login script #1)!');
+    $user = $stmt->fetchOnce(PDO::FETCH_ASSOC);
+    if($user === false) {
+      die('DB error (login script #2)');
+    }
+
+    // if the account is NOT enabled; e.g. a reason could be that a member of the admin group has disabled this account because of spamming, etc.
+    if ($user['user_account_enabled'] != 'yes') { 
+      die('Account is not enabled!<br /><br />System message: '.$user['user_account_enabled']);
+    }
+
+    // collect memberships for current user
+    $stmt=DBConnection::getInstance()->prepare("SELECT m.usergroupmember_usergroupid AS name, usrgroup_seclev AS security_level FROM usergroup_members m JOIN usergroups g ON m.usergroupmember_usergroupid = g.usrgroup_name_id WHERE usergroupmember_userid = :user_id");
+    $stmt->bindparam('user_id',$user['user_id'],PDO::PARAM_INT);
+    $stmt->execute();
+    while($membership = $stmt->fetch()) {
+      ThisUser::getInstance()->addGroup($membership);
+    }
+
+    ThisUser::getInstance()->setData($user);
+  } // end of member function require
+
 } // end of Login
 ?>

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/ROSUser.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/roscms/lib/ROSUser.class.php?rev=37569&r1=37568&r2=37569&view=diff
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/ROSUser.class.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/ROSUser.class.php [iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -151,36 +151,6 @@
 
 
   /**
-   * checks if the user is member of at least in one of the groups
-   *
-   * @param string group_name 
-   * @param string group_name2 
-   * @param string group_name3 
-   * @return bool
-   * @access public
-   */
-  public static function isMemberOfGroup( $group_name, $group_name2 = null, $group_name3 = null )
-  {
-    global $roscms_intern_account_id;
-
-    // construct SQL for group membership check
-    $group = DBConnection::getInstance()->quote($group_name,PDO::PARAM_STR);
-    if ($group_name2 !== null) {
-      $group .= ",".DBConnection::getInstance()->quote($group_name2,PDO::PARAM_STR);
-    }
-    if ($group_name3 !== null) {
-      $group .= ",".DBConnection::getInstance()->quote($group_name3,PDO::PARAM_STR);
-    }
-
-    $stmt=DBConnection::getInstance()->prepare("SELECT TRUE FROM usergroup_members WHERE usergroupmember_userid = :user_id AND usergroupmember_usergroupid IN(".$group.") LIMIT 1");
-    $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
-    $stmt->execute();
-
-    return ($stmt->fetchColumn() !== false);
-  } // end of member isGroupMember
-
-
-  /**
    * 
    *
    * @param string email

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Security.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/roscms/lib/Security.class.php?rev=37569&r1=37568&r2=37569&view=diff
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Security.class.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Security.class.php [iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -42,18 +42,17 @@
    */
   public function getACL( $kind )
   {
-    global $roscms_intern_account_id;
-    global $roscms_security_level;
+    $thisuser = &ThisUser::getInstance();
 
     $acl = '';
     $sec_access = false;  // security access already granted ?
 
     // only if user has rights to access the interface
-    if ($roscms_security_level > 0) {
+    if ($thisuser->securityLevel() > 0) {
 
       // for usage in the while loop
       $stmt=DBConnection::getInstance()->prepare("SELECT usergroupmember_usergroupid FROM usergroup_members WHERE usergroupmember_userid = :user_id");
-      $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+      $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
       $stmt->execute();
       $usergroups = $stmt->fetchAll(PDO::FETCH_ASSOC);
 
@@ -63,7 +62,7 @@
       while ($sec_entry = $stmt->fetch(PDO::FETCH_ASSOC)) {
       
         // add entries, remove them if they're on the deny list
-        if ($sec_entry['sec_lev'.$roscms_security_level.'_'.$kind] == 1) {
+        if ($sec_entry['sec_lev'.$thisuser->securityLevel().'_'.$kind] == 1) {
           if ($sec_access) {
             $acl .= " OR";
           }
@@ -143,11 +142,10 @@
   {
     global $h_a2;
 
-    global $roscms_intern_account_id;
-    global $roscms_security_level;
+    $thisuser = &ThisUser::getInstance();
 
     // roscms interface access ?
-    if ($roscms_security_level < 1) {
+    if ($thisuser->securityLevel() < 1) {
       return;
     }
 
@@ -163,7 +161,7 @@
 
     // check for membership in allowed groups
     $stmt=DBConnection::getInstance()->prepare("SELECT usergroupmember_usergroupid FROM usergroup_members WHERE usergroupmember_userid = :user_id");
-    $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+    $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
     $stmt->execute();
     while($usergroup = $stmt->fetch(PDO::FETCH_ASSOC)) {
 
@@ -176,7 +174,7 @@
 
     // check for membership in denied list
     $stmt=DBConnection::getInstance()->prepare("SELECT usergroupmember_usergroupid FROM usergroup_members WHERE usergroupmember_userid = :user_id");
-    $stmt->bindParam('user_id',$roscms_intern_account_id,PDO::PARAM_INT);
+    $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
     $stmt->execute();
     while($usergroup = $stmt->fetch(PDO::FETCH_ASSOC)) {
 
@@ -189,19 +187,19 @@
 
     // create a list with rights
     //@CHECKME is this type of checks a good idea ??
-    if (($rights['sec_lev'.$roscms_security_level.'_read'] == 1 || $acl_allow === true) && $acl_deny === false) {
+    if (($rights['sec_lev'.$thisuser->securityLevel().'_read'] == 1 || $acl_allow === true) && $acl_deny === false) {
       $rights_list .= 'read|';
     }
-    if (($rights['sec_lev'.$roscms_security_level.'_write'] == 1 || $acl_allow === true) && $acl_deny === false) {
+    if (($rights['sec_lev'.$thisuser->securityLevel().'_write'] == 1 || $acl_allow === true) && $acl_deny === false) {
       $rights_list .= 'write|';
     }
-    if (($rights['sec_lev'.$roscms_security_level.'_add'] == 1 || ($acl_allow === true && $roscms_security_level == 3)) && $acl_deny === false) {
+    if (($rights['sec_lev'.$thisuser->securityLevel().'_add'] == 1 || ($acl_allow === true && $thisuser->securityLevel() == 3)) && $acl_deny === false) {
       $rights_list .= 'add|';
     }
-    if (($rights['sec_lev'.$roscms_security_level.'_pub'] == 1 || ($acl_allow === true && $roscms_security_level == 3)) && $acl_deny === false) {
+    if (($rights['sec_lev'.$thisuser->securityLevel().'_pub'] == 1 || ($acl_allow === true && $thisuser->securityLevel() == 3)) && $acl_deny === false) {
       $rights_list .= 'pub|';
     }
-    if (($rights['sec_lev'.$roscms_security_level.'_trans'] == 1 || ($acl_allow === true && $roscms_security_level == 3)) && $acl_deny === false) {
+    if (($rights['sec_lev'.$thisuser->securityLevel().'_trans'] == 1 || ($acl_allow === true && $thisuser->securityLevel() == 3)) && $acl_deny === false) {
       $rights_list .= 'trans|';
     }
 
@@ -218,11 +216,8 @@
    */
   public function hasRight( $data_id, $kind )
   {
-    global $roscms_security_level;
-
     // only if roscms interface access is granted
-    if ($roscms_security_level < 1) {
-echo $roscms_security_level;
+    if (ThisUser::getInstance()->securityLevel() < 1) {
       return false;
     }
 
@@ -241,10 +236,8 @@
    */
   public function rightsOverview( $data_id )
   {
-    global $roscms_security_level;
-
     // only if roscms interface access is granted
-    if ($roscms_security_level < 1) {
+    if (ThisUser::getInstance()->securityLevel() < 1) {
       return;
     }
 
@@ -259,7 +252,7 @@
     $explanation .= (strpos($rights_list, '|trans|') === false)   ? '-' : 'p';
 
     // add also security level
-    $explanation .= ' '.$roscms_security_level;
+    $explanation .= ' '.ThisUser::getInstance()->securityLevel();
 
     return $explanation;
   } // end of member function rightsOverview

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Tag.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/roscms/lib/Tag.class.php?rev=37569&r1=37568&r2=37569&view=diff
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Tag.class.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Tag.class.php [iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -83,10 +83,9 @@
   public static function deleteById( $tag_id, $user_id )
   {
     global $h_a;
-    global $roscms_intern_account_id;
 
     // @unimplemented: account group membership check
-    if ($user_id == $roscms_intern_account_id || $user_id == 0 || $user_id == -1) {
+    if ($user_id == ThisUser::getInstance()->id() || $user_id == 0 || $user_id == -1) {
 
       // get tag data
       $stmt=DBConnection::getInstance()->prepare("SELECT tag_name_id, tag_value_id FROM data_tag".$h_a." WHERE tag_id = :tag_id LIMIT 1");
@@ -139,10 +138,9 @@
   public static function add( $data_id, $rev_id, $tag_name, $tag_value, $user_id )
   {
     global $h_a;
-    global $roscms_intern_account_id;
 
     //@ADD group membership check
-    if ($user_id != $roscms_intern_account_id && $user_id != 0 && $user_id != -1) {
+    if ($user_id != ThisUser::getInstance()->id() && $user_id != 0 && $user_id != -1) {
       die('ERROR: no rights to access this function');
     }
 

Added: branches/danny-web/reactos.org/htdocs/roscms/lib/ThisUser.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/roscms/lib/ThisUser.class.php?rev=37569&view=auto
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/ThisUser.class.php (added)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/ThisUser.class.php [iso-8859-1] Sat Nov 22 17:51:18 2008
@@ -1,0 +1,142 @@
+<?php
+    /*
+    RosCMS - ReactOS Content Management System
+    Copyright (C) 2008  Danny Götte <dangerground at web.de>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+    */
+
+/**
+ * class ThisUser
+ * 
+ */
+class ThisUser
+{
+  private $security_level = 0;
+  private $user = array('id'=>0,'name'=>'');
+  private $groups = array();
+
+
+  /**
+   * adds a new membership for this user and registers maximum security level
+   *
+   * @access public
+   */
+  public function addGroup( $group )
+  {
+    $this->groups[$group['name']] = $group['security_level'];
+    if ($group['security_level'] > $this->security_level) $this->security_level = $group['security_level'];
+  } // end of member function setId
+
+
+  /**
+   * adds a new membership for this user
+   *
+   * @return array
+   * @access public
+   */
+  public function getGroups( )
+  {
+    return $this->groups;
+  } // end of member function setId
+
+
+  /**
+   * checks if the user is member of at least in one of the groups
+   *
+   * @param string group_name 
+   * @param string group_name2 
+   * @param string group_name3 
+   * @return bool
+   * @access public
+   */
+  public function isMemberOfGroup( $group_name, $group_name2 = null, $group_name3 = null )
+  {
+    if (@$this->groups[$group_name] > -1 || @$this->groups[$group_name2] > -1 || @$this->groups[$group_name3] > -1) {
+      return true;
+    }
+    return false;
+  } // end of member isGroupMember
+
+
+  /**
+   * returns highest security level of users group memberships
+   *
+   * @return int
+   * @access public
+   */
+  public function securityLevel( )
+  {
+    return $this->security_level;
+  } // end of member function securityLevel
+
+
+  /**
+   * returns the id of the user, which has requested the script
+   *
+   * @return int
+   * @access public
+   */
+  public function id( )
+  {
+    return $this->user['id'];
+  } // end of member function securityLevel
+
+
+  /**
+   * returns the name of the user, which has requested the script
+   *
+   * @return string
+   * @access public
+   */
+  public function name( )
+  {
+    return $this->user['name'];
+  } // end of member function securityLevel
+
+
+  /**
+   * set the current user data, of the user which has requested the script
+   *
+   * @access public
+   */
+  public function setData( $user )
+  {
+    if($user !== false){
+      $this->user['id'] = $user['user_id'];
+      $this->user['name'] = $user['user_name'];
+    }
+  } // end of member function setId
+
+
+  /**
+   * returns the instance
+   *
+   * @return object
+   * @access public
+   */
+  public static function getInstance( )
+  {
+    static $instance;
+    
+    if (empty($instance)) {
+      $instance = new ThisUser();
+    }
+
+    return $instance;
+  } // end of member function check_lang
+
+} // end of ThisUser
+?>

More information about the Ros-diffs mailing list