Please login or register.

Login with username, password and session length
Advanced search  

News:

You need/want an older version of sNews ? Download an older/unsupported version here.

Author Topic: Access Privilege Options for all Editor and Super Editors  (Read 1595 times)

Keyrocks

  • Doug
  • ULTIMATE member
  • ******
  • Karma: 449
  • Posts: 6019
  • Semantically Challenged
    • snews.ca
Access Privilege Options for all Editor and Super Editors
« on: January 15, 2010, 06:10:39 PM »

On January 15, 2010, I posted a new thread here titled "Controlling Admin Panel Access with Permission Checks" which demonstrated how to make one administation panel visible or hidden from view to any Editor or Super Editor, through a check-box setting in the account's Profile Privileges panel. This new thread replaces the old one, and it now applies to all admin panels instead of just one.

Applications:
This modification applies to sNews MU 1.6.3 (by Bakercad) and any other MU (multiple users) version of sNews 1.6 based on MU 1.6.3 including sNews 1.6 MEMU by me (keyrocks).

Purpose:

The Administrators (Admin - Level 1) are the only Site Users who can access the Users List panel. From that panel, the Admin clicks any User's Profile Panel and, from there, clicks the User Privilege Level text-link to access the Permissions panel for that User.

By default, there are four settings in the User's Permissions Panel:
   1 - A drop-down to set the User Level:
        Admin (level 1)
        Super Editor (level 2)
        Editor (level 3)
        User (level 4), no admin permissions

   2 - Three check-boxes for specific permissions:
        "Allow this user to admin pending Comments"
        "Allow this user access to Files section"
        "Site Owner"

This mod adds Privilege check-boxes to choose which admin panels each Editor or Super Editor will have access to. By default - like the Pending Comments and Files panels, all administration panels will not be visible to an Editor or Super Editor in the Main Admin panel unless they have been checked by the Admin (site owner) in the User's Profile Privileges panel, when creating a new account or editing the User's privileges at any time afterward.

Step One - Users Table (Database) Modification:
The two existing permission setting values for Pending Comments and Files are located in the users table in the database. We can add any number of new setting values to the existing users table.

Below is the default Users table script with four new Privilege values - for Categories, Articles, Extras and Pages - added just under - permit_upload char(3) NOT NULL DEFAULT 'NO',.

Using your code editor, open a new SQL file and copy the following (excluding the PHP-tags) into it.
Then save the file in an SQL folder within your project's root directory as - users_privileges.sql.
Code: [Select]
<?php

-- 
-- 
Modified Users Table for sNews MU 1.6.3 or 1.6 MEMU
-- Addsdo_categoriesdo_articlesdo_extrasdo_pages Privileges under "menu_items" access permission under permit_upload
-- and adds the extra valuesset to YESto the INSERT string for default Admin login.
-- -----------------------------------------------------------------------

-- 
Drop an existing users table if it exists
DROP TABLE 
IF EXISTS users;

-- 
Create a new users table
CREATE TABLE users 
(
id int(8primary key auto_increment,
username varchar(255NOT NULL default '',
username_real varchar(255NOT NULL default '',
password varchar(255NOT NULL default '',
realname varchar(255) default NULL,
location varchar(255) default NULL,
email varchar(250NOT NULL default '',
website varchar(250NOT NULL default '',
level enum('1','2','3','4'NOT NULL default '4',
ipaddy varchar(255NOT NULL default '',
banned int(3NOT NULL default '0',
show_rname char(3NOT NULL default 'YES',
show_email char(3NOT NULL default 'YES',
first_login char(3NOT NULL default 'YES',
edit_comments char(3NOT NULL default 'NO',
permit_upload char(3NOT NULL default 'NO',
do_categories char(3NOT NULL DEFAULT 'NO',
do_articles char(3NOT NULL DEFAULT 'NO',
do_extras char(3NOT NULL DEFAULT 'NO',
do_pages char(3NOT NULL DEFAULT 'NO',
frozen char(3NOT NULL default 'NO',
site_owner char(3NOT NULL default 'NO',
online char(3NOT NULL default 'NO'
);

INSERT INTO `usersVALUES (1'21232f297a57a5a743894a0e4a801fc3''admin''21232f297a57a5a743894a0e4a801fc3''Admin''''admin@your-site.com''http://your-site.com''1'''0'YES''YES''YES''YES''YES''YES','YES''YES''YES''NO''YES''NO');

?>


If you are creating a new database, just replace the existing users table part in the default table script with the above before running it.
If you are updating an existing default database and you haven't added other Users to your project yet, use the IMPORT tab in phpMyAdmin to over-write your database's existing Users table with the SQL file you created. If you have created other User accounts in the database's uses table, and want to keep them, you'll need to run a back-up of the users table, modify and save it with a new file-name, then update your existing users table with it.


Function Modifications: All function modifications are made within the snewsMU.php (engine) file.

Step Two - Language Variables:

Locate (search for) these 2 strings:
Code: [Select]
<?php

$l['mu_edit_comments'] = 'Allow this user to admin pending Comments';
$l['mu_permit_upload'] = 'Allow this user access to <strong>Files</strong> section';

?>


and replace them with (do not include the PHP-tags):
Code: [Select]
<?php

# User Privileges Mod - 2 strings revised:
$l['mu_edit_comments'] = 'Manage Un-approved Comments';
$l['mu_permit_upload'] = 'Upload and Manage Files';
# User Privileges Mod - 4 strings added:
$l['mu_do_categories'] = 'Create & Edit Categories';
$l['mu_do_articles'] = 'Create & Edit own Articles';
$l['mu_do_extras'] = 'Create & Edit own Extras';
$l['mu_do_pages'] = 'Create & Edit own Pages';
$l['mu_permission_checks'] = 'Check allowed permissions for this User:';

?>


Step Three - Function administration()
Replace your existing default administration function with this new one (excluding the PHP-tags).
This one queries the users table in the database to fetch all Privilege setting values for any Editor that is logged in
by using the Session ID assigned to the Editor when he/she logged in, and displays admin links to panels he/she is permitted to use:

Code: [Select]
<?php

// ADMINISTRATION FORM - Includes User Privilege checks on all admin panels
function administration() {
## MULTI_USER
if (isset($_SESSION['is_frozen'])){
echo l('mu_frozen_yes');
} else {
if ($_SESSION[db('website').'Logged_In'] != token()) {echo notification(1,l('err_Login'),'','login');
} else {
$first_time retrieve('first_login''users''id'$_SESSION['id']);
if ($first_time == 'YES') {
echo '<meta http-equiv="refresh" content="0; url='.db('website').'?action=profile&id='.$_SESSION['id'].'">';
mysql_query ("UPDATE ".db('prefix')."users SET first_login = 'NO' WHERE id = '".$_SESSION['id']."'");
} else {
    if (get_identity($_SESSION['id'], 'level') < '4') {
## END MULTI_USER
foreach ($_POST as $key) {unset($_POST[$key]);}
# User Permissions mod - Oct.02.10: Added Users table query to get User 'Privilege Check' values
$id $_SESSION['id']; // Logged users' ID
$query "SELECT * FROM ".db('prefix')."users WHERE id = '$id'";
$result mysql_query($query);
$r mysql_fetch_array($result);
$do_categories $r['do_categories']; $do_articles $r['do_articles'];
$do_extras $r['do_extras']; $do_pages $r['do_pages'];
$edit_comments $r['edit_comments']; $permit_upload $r['permit_upload'];

                
$link ' '.l('divider').' <a href="';
echo html_input('fieldset''''''''''''''''''''''''''','<a href="http://snewscms.com/" title="sNews CMS">sNews</a> '.l('administration'));
# Categories - add new and view links: Privilege Check
if ($do_categories == 'YES' || get_identity($_SESSION['id'], 'level') == '1') {
    echo '<p>'.l('categories').': <a href="admin_category/" title="'.l('add_new').'">'.l('add_new').'</a>';
    if (stats('categories','') > 0) {echo $link.'categories/" title="'.l('view').'">'.l('view').'</a>';}
echo '</p>'; }
# Articles - add new and view links: Privilege Check
if ($do_articles == 'YES' || get_identity($_SESSION['id'], 'level') == '1') {
    echo '<p>'.l('articles').': <a href="article_new/" title="'.l('add_new').'">'.l('add_new').'</a>';
    if (stats('articles',1) > 0) {echo $link.'articles/" title="'.l('view').'">'.l('view').'</a>';}
echo '</p>'; }
# Articles - add new and view links: Privilege Check
if ($do_extras == 'YES' || get_identity($_SESSION['id'], 'level') == '1') {
    echo '<p>'.l('extra_contents').': <a href="extra_new/" title="'.l('add_new').'">'.l('add_new').'</a>';
    if (stats('articles',2) > 0) {echo $link.'extra_contents/" title="'.l('view').'">'.l('view').'</a>';}
echo '</p>'; }
# Pages - add new and view links: Privilege Check
if ($do_pages == 'YES' || get_identity($_SESSION['id'], 'level') == '1') {
    echo '<p>'.l('pages').': <a href="page_new/" title="'.l('add_new').'">'.l('add_new').'</a>';
    if (stats('articles',3) > 0) {echo $link.'pages/" title="'.l('view').'">'.l('view').'</a>';}
echo '</p>'; }
echo '</fieldset>';
## MULTI_USER - Manage Comments Panel: Privilege Check
if ($edit_comments == 'YES' || get_identity($_SESSION['id'], 'level') == '1') {
    ## END MULTI_USER
    $query_comm "SELECT * FROM ".db('prefix')."comments WHERE approved <> 'True'";
    $result_comm mysql_query($query_comm);
    $unapproved mysql_num_rows($result_comm);
    if ($unapproved 0) {
echo html_input('fieldset'''''''''''''''''''''''''''l('comments'));
echo '<p><a onclick="toggle(\'sub1\')" style="cursor: pointer;" title="'.l('unapproved').'">'.$unapproved.' '.l('wait_approval').'</a></p>';
echo '<div id="sub1" style="display: none;">';
while ($r mysql_fetch_array($result_comm)) {
$articleTITLE retrieve(titlearticlesid$r['articleid']);
echo '<p>'.$r['name'].' (<strong>'.$articleTITLE.'</strong>) '.l('divider').' <a href="'.db('website').'index.php?action=editcomment&amp;commentid='.$r['id'].'">'.l('edit').'</a></p>';
}
echo '</div>';
    }
    if ($unapproved 0) {echo '</fieldset>';}
    ## MULTI_USER
}
# Site Setting Panel - Admin Only: Privilege Check
if (get_identity($_SESSION['id'], 'level') == '1') {
## END MULTI_USER
echo html_input('fieldset'''''''''''''''''''''''''''l('site_settings'));
echo '<p><a href="settings/" title="'.l('settings').'">'.l('settings').'</a><br /><a href="users/" title="'.l('users').'">'.l('users').'</a><br />';## MULTI_USER users link
echo '<a href="bulk_users/" title="'.l('mu_bulk_users').'">'.l('mu_bulk_users').'</a></p>'## MULTI_USER add users link
echo '</fieldset>';
}
# Files Manager Panel: Privilege Check
if ($permit_upload == 'YES' || get_identity($_SESSION['id'], 'level') == '1') {
    echo html_input('fieldset'''''''''''''''''''''''''''l('mu_upload files'));
    echo '<p><a href="files/" title="'.l('files').'">'.l('files').'</a></p>';
    echo '</fieldset>';
    ## MULTI_USER
}}
if (get_identity($_SESSION['id'], 'level') == '4') {
    echo '<meta http-equiv="refresh" content="0; url='.db('website').'">';
}
}
}
## END MULTI_USER
}
}

?>

« Last Edit: October 03, 2010, 12:23:48 AM by Keyrocks »
Logged
Do it now... later may not come.
-------------------------------------------------------------------------------------------------
sNews 1.6 MESU | sNews 1.6 MEMU

Keyrocks

  • Doug
  • ULTIMATE member
  • ******
  • Karma: 449
  • Posts: 6019
  • Semantically Challenged
    • snews.ca
Re: Access Privilege Options for all Editor and Super Editors
« Reply #1 on: October 03, 2010, 12:24:22 AM »

Continued...

Step Four - Replace Function bulk_users()
This new function contains the mods adding Privilege check-box options for all default admin panels.
Replace your existing bulk_users function with it (excluding the PHP-tags):
Code: [Select]
<?php

// BULK USERS - includes Admin Privilege Options
function bulk_users(){
if (
$_SESSION[db('website').'Logged_In'] == token() && get_identity($_SESSION['id'], 'level') == '1') { # IF Admin is logged in
if (!isset($_POST['bulkusers'])) {
echo html_input('fieldset''''''''''''''''''''''''''',l('mu_bulk_users'));
echo '<p>'.l('mu_uname_limit').'</p>';
echo html_input('form''''post''''''''''''''''''''post'db('website'), '');
echo html_input('text''username''username''''* '.l('username'), 'text''''''''''''''''''');
echo '<p>'.l('mu_pwd_limit').'</p>';
echo html_input('password''password1''password1''''* '.l('password'), 'text''''''''''''''''''');
echo html_input('password''password2''password2''''* '.l('password_repeat'), 'text''''''''''''''''''');
echo '* '.l('mu_user_level').'<br />';
echo '<select id="level" name="user_level">';
echo '<option value="1">'.l('mu_level_admin').'</option>';
echo '<option value="2">'.l('mu_level_supereditor').'</option>';
echo '<option value="3" selected="selected">'.l('mu_level_editor').'</option>';
echo '<option value="4">'.l('mu_level_user').'</option></select>';
echo html_input('text''email''email''''* '.l('email'), 'text''''''''''''''''''');
echo html_input('text''weblink''weblink'''l('url'), 'text''''''''''''''''''');
# User Privilege Options - 4 strings added: categories, articles, extras, pages.
echo html_input('checkbox''do_categories''docats''YES'l('mu_do_categories'), '''''''''''''''''''''');
echo html_input('checkbox''do_articles''doarts''YES'l('mu_do_articles'), '''''''''''''''''''''');
echo html_input('checkbox''do_pages''dopages''YES'l('mu_do_pages'), '''''''''''''''''''''');
echo html_input('checkbox''do_extras''doext''YES'l('mu_do_extras'), '''''''''''''''''''''');
echo html_input('checkbox''edit_comments''edcomm''YES'l('mu_edit_comments'), '''''''''''''''''''''');
echo html_input('checkbox''permit_upload''perupl''YES'l('mu_permit_upload'), '''''''''''''''''''''');
if (get_identity($_SESSION['id'], 'site_owner') == 'YES') { # IF Site Owner is logged in
    echo html_input('checkbox''site_owner''siteown''YES'l('mu_site_owner'), '''''''''''''''''''''');
} else {
    echo html_input('hidden''site_owner''siteown''NO''''''''''''''''''''''');
}
echo '<br />';
echo html_input('checkbox''alert_user''alusr''YES'l('mu_bulk_user_alert'), '''''''''''''''''''''');
echo '<p>';
echo html_input('submit''bulkusers''bulkusers'l('mu_bulk_user_button'), '''button''''''''''''''''''');
echo '</p></form></fieldset>';
} else {
$level $_POST['user_level'];
$alert_user $_POST['alert_user'] == 'on' 'YES' 'NO';
# User Privileges - 4 strings
$do_categories $_POST['do_categories'] == 'on' 'YES' 'NO';
$do_articles $_POST['do_articles'] == 'on' 'YES' 'NO';
$do_extras $_POST['do_extras'] == 'on' 'YES' 'NO';
$do_pages $_POST['do_pages'] == 'on' 'YES' 'NO';
$edit_comments $_POST['edit_comments'] == 'on' 'YES' 'NO';
$permit_upload $_POST['permit_upload'] == 'on' 'YES' 'NO';
$site_owner $_POST['site_owner'] == 'on' 'YES' 'NO';
$replyemail s('website_email');
$replyname s('website_title');
$subject l('mu_reg_subject');
$name trim($_POST['username']);
$name checkUserPass($name); # name: min 4 characters
$pass1 trim($_POST['password1']);
$pass1 checkUserPass($pass1); # pass1: min 4 characters
$pass2 trim($_POST['password2']);

$pass2 checkUserPass($pass2); # pass2: min 4 characters
$mail trim($_POST['email']); # email: min 8 characters
$mail = (strlen($mail) > && preg_match'/^[A-Z0-9._-]+@[A-Z0-9][A-Z0-9.-]{0,61}[A-Z0-9]\.[A-Z.]{2,6}$/i' $mail)) ? clean(cleanXSS($mail)) : null;
$url trim($_POST['weblink']); # URL: min 6 characters
$url = (strlen($url) > && strpos($url'?') === false) ? clean(cleanXSS($url)) : null;
if ($pass1 === $pass2) {
    $username_check get_identity($name'username''check');
    $mail_check get_identity($mail'email''check');
    if ($username_check == '1' || $mail_check == '1'){
if ($username_check == '1') { $message_error l('mu_reg_uname_exists').'<br />';}
if ($mail_check == '1') { $message_error .= l('mu_reg_email_exists').'<br />';}
echo notification(1,l('mu_bulk_not_add'),'bulk_users');
echo $message_error;
    } else {
$md5_name md5($name);
$md5_pass md5($pass1);
# User Privileges added after permit_upload: do_categories, do_articles, do_extras, do_pages,
$sql mysql_query("INSERT INTO ".db('prefix')."users (username, username_real, password, email, website, level, ipaddy, first_login, edit_comments, permit_upload, do_categories, do_articles, do_extras, do_pages, site_owner) VALUES ('$md5_name', '$name', '$md5_pass', '$mail', '$url', '$level', '$ip', 'YES', '$edit_comments', '$permit_upload', '$do_categories', '$do_articles', '$do_extras', '$do_pages', '$site_owner')");
if (!$sql) { echo notification(1,l('mu_bulk_error'),'bulk_users'); }
else {
    if ($alert_user == 'YES') {
$header "MIME-Version: 1.0\n";
$header .= "Content-type: text/plain; charset=".s('charset')."\n";
$header .= "From: ".$replyname." <".$replyemail.">\r\nReply-To: ".$replyname." <".$replyemail.">";
$body "
    
$name,
"
.l('mu_reg_email_to_login').": ".db('website')."login/
"
.l('mu_reg_email_bookmark')."
"
.l('a_username').": $name
"
.l('a_password').": $pass2
"
.l('mu_reg_email_message')."
"
.l('mu_email_thanks')."
$replyname";
mail($mail$subject$body$header);
    }
    echo notification('','','');
    echo '<p>'.l('mu_bulk_added').'</p>';
    echo '<p><a href="'.db('website').'bulk_users/" title="'.l('back').'">'.l('back').'</a></p>';
}
    }
} else {
                    echo 
'<h2>'.l('mu_bulk_not_add').'</h2>';
                    echo 
l('mu_message_error');
    echo '<p><a href="'.db('website').'bulk_users/" title="'.l('back').'">'.l('back').'</a></p>';
}
}
}}

?>


Step Five - Replace Function Profile()
This new function includes the mods adding all default administration Privilege check-box options.
Replace your existing profile() function with this one (excluding the PHP-tags):

Code: [Select]
<?php

// PROFILE - includes Admin Privilege Options
function profile() {
$id $_GET['id'];
$query "SELECT * FROM ".db('prefix')."users WHERE id = '$id'";
$result mysql_query($query);
$num mysql_num_rows($result);
if ($num '1'){ echo l('mu_user_not_found'); }
else {
# Profile Panel
echo '<h2>'.l('mu_level_user').' '.l('profile').'</h2>';
$r mysql_fetch_array($result);
$show_rname $r['show_rname'] == 'YES' 'ok' '';
$show_email $r['show_email'] == 'YES' 'ok' '';
# User Privileges - 4 strings
$do_categories $r['do_categories'] == 'YES' 'ok' '';
$do_articles $r['do_articles'] == 'YES' 'ok' '';
$do_extras $r['do_extras'] == 'YES' 'ok' '';
$do_pages $r['do_pages'] == 'YES' 'ok' '';
$edit_comments $r['edit_comments'] == 'YES' 'ok' '';
$permit_upload $r['permit_upload'] == 'YES' 'ok' '';
$site_owner $r['site_owner'] == 'YES' 'ok' '';
if ($_SESSION[db('website').'Logged_In'] == token()) { echo '<p><a href="'.db('website').'users/" title="'.l('mu_userlist').'">'.l('mu_userlist').'</a></p>';}
if (get_identity($_SESSION['id'], 'level') == '1' || ($_SESSION[db('website').'Logged_In'] == token() && $_SESSION['id'] == $id)){
if (get_identity($_SESSION['id'], 'level') == '1') { $level get_identity($id'level'); }
echo html_input('form''''''''''''''''''''''''post''index.php?action=process&amp;task=profile''');
echo html_input('fieldset'''''''''''''''''''''''''''l('mu_editing_profile').' <strong>'.$r['username_real'].'</strong>');
echo '<div id="profile">';
echo '<p>'.l('title').': '.get_identity($r['level']).'<br />';
echo html_input('text''rname''rname'$r['realname'], l('mu_rname'), '''''''''''''''''''');
echo html_input('checkbox''show_rname''sr''YES'l('mu_rname_show'), ''''''''$show_rname'''''''''''');
echo html_input('text''mail''mail'$r['email'], l('email'), '''''''''''''''''''');
echo html_input('checkbox''show_email''se''YES'l('mu_email_show'), ''''''''$show_email'''''''''''');
echo html_input('text''weblink''weblink'$r['website'], l('url'), 'text''''''''''''''''''');
echo html_input('text''loc''loc'$r['location'], l('mu_loc'), 'text''''''''''''''''''');
echo '<p>';
echo html_input('hidden''task''task''profile''''''''''''''''''''''');
echo html_input('hidden''id''id'$id'''''''''''''''''''''');
echo '</p></div></fieldset>';
echo html_input('fieldset''''''''''''''''''''''''''','<a title="'.l('mu_change_password').'" onclick="toggle(\'sub1\')" style="cursor: pointer;">'.l('mu_change_password').'</a>');
echo '<div id="sub1" style="display: none;">';
echo '<p>'.l('mu_pwd_limit').'</p>';
echo html_input('password''pass1''pass1',''l('a_password'), '''''''''''''''''''');
echo html_input('password''pass2''pass2',''l('a_password2'), '''''''''''''''''''');
echo '</div></fieldset>';

# START: User Privilege Panel
if (get_identity($_SESSION['id'], 'level') == '1') { # User Privilege Panel visible only to Head Admin
    echo html_input('fieldset''''''''''''''''''''''''''','<a title="'.l('mu_userlevel').'" onclick="toggle(\'sub2\')" style="cursor: pointer;">'.l('mu_userlevel').'</a>');
    echo '<div id="sub2" style="display: none;">';
    # User level drop-down, 5 strings
    echo '<select id="level" name="user_level">';
    echo '<option value="1"'.($level == '1' ' selected="selected"' '').'>'.l('mu_level_admin').'</option>';
    echo '<option value="2"'.($level == '2' ' selected="selected"' '').'>'.l('mu_level_supereditor').'</option>';
    echo '<option value="3"'.($level == '3' ' selected="selected"' '').'>'.l('mu_level_editor').'</option>';
    echo '<option value="4"'.($level == '4' ' selected="selected"' '').'>'.l('mu_level_user').'</option></select>';
    # User Privilege Check-box Options - 4: categories, articles, extras, pages, edit_comments, permit file uploads.
    echo html_input('checkbox''do_categories''docats''YES'l('mu_do_categories'), ''''''''$do_categories'''''''''''');
    echo html_input('checkbox''do_articles''doarts''YES'l('mu_do_articles'), ''''''''$do_articles'''''''''''');
    echo html_input('checkbox''do_pages''dopages''YES'l('mu_do_pages'), ''''''''$do_pages'''''''''''');
    echo html_input('checkbox''do_extras''doext''YES'l('mu_do_extras'), ''''''''$do_extras'''''''''''');
    echo html_input('checkbox''edit_comments''edcom''YES'l('mu_edit_comments'), ''''''''$edit_comments'''''''''''');
    echo html_input('checkbox''permit_upload''pfiles''YES'l('mu_permit_upload'), ''''''''$permit_upload'''''''''');
    # If logged-in user's is a Site Owner, show Site Owner status as checked
    if (get_identity($_SESSION['id'], 'site_owner') == 'YES'){
      echo html_input('checkbox''site_owner''sowner''YES'l('mu_site_owner'), ''''''''$site_owner'''''''''');
    } else { # show as un-checked
      echo html_input('hidden''site_owner''siteown''NO''''''''''''''''''''''');
    }
    echo '</div></fieldset>';
}
# END: User Privilege Level Panel
echo '<p>';
echo html_input('submit''edit_profile''edit_profile'l('save'), '''button''''''''''''''''''');
echo '</p></form>';
}
else {
echo html_input('fieldset'''''''''''''''''''''''''''l('profile'));
echo '<div id="profile">';
echo '<p><strong>'.l('username').': </strong>'.$r['username_real'].'<br />';
echo '<p><strong>'.l('title').': </strong>'.get_identity($r['level']).'<br />';
if (!empty($r['realname']) && $r['show_rname'] == 'YES') { echo '<p><strong>'.l('mu_rname').': </strong>'.$r['realname'].'<br />';}
if ($r['show_email'] == 'YES') {echo '<p><strong>'.l('email').': </strong><a href="mailto:'.obfuscation($r['email']).'">'.obfuscation($r['email']).'</a><br />';}
if (!empty($r['website'])) {echo '<p><strong>'.l('url').': </strong><a href="'.obfuscation($r['website']).'">'.obfuscation($r['website']).'</a><br />';}
if (!empty($r['location'])) {echo '<p><strong>'.l('mu_loc').': </strong>'.$r['location'].'<br />';}
echo '</p></div></fieldset>';
}
$query "SELECT * FROM ".db('prefix')."articles WHERE author_id = '$id' && published = '1'";
$result mysql_query($query);
$num mysql_num_rows($result);
if (get_identity($_SESSION['id'], 'level') < '4') {
echo html_input('fieldset'''''''''''''''''''''''''''l('mu_author_articles').' <strong>'.get_identity($id'username_real').'</strong>');
echo '<div id="author_articles">';
echo '<strong>'.$num.'</strong> '.l('mu_total_articles').'<br />';
if ($num '0'){
$i 0;
   while ($r mysql_fetch_array($result)) {
$articleSEF $contents != 'extra_view' $r['seftitle'].'/' '';
echo '<p><strong><a href="'.db('website').find_cat_sef($r['category']).'/'.$articleSEF.'">'.$r['title'].'</a></strong> '.l('divider').' '.date(s('date_format'), strtotime($r['date'])).'';
if ($_SESSION[db('website').'Logged_In'] == token() && ($r['allow_edit'] == 'YES' || $r['author_id'] == $_SESSION['id'] || get_identity($_SESSION['id'], 'level') < '3')){
echo  ' '.l('divider').' <a href="'.db('website').'index.php?action=admin_article&amp;id='.$r['id'].'">'.l('edit').'</a> ';
     }
echo '</p>';
$i++;
}
}
echo '</div></fieldset>';
}
}
}

?>


Step Six - Function processing()
Admin Privelage settings are saved by updating the users table in the database and this is done by a user profile specific block of script added into function processing() - which, in turn -  is responsible for saving just about everything as data in sNews.
The section we're looking for starts with - case 'profile':.

1.   Search and locate this string within this section:
Code: [Select]
<?php

$edit_comments $_POST['edit_comments'] == 'on' 'YES' 'NO';

?>


And, above it, insert these new strings (without the PHP-tags):
Code: [Select]
<?php

    
# User Privileges - 4 strings
    $do_categories $r['do_categories'] == 'YES' 'ok' '';
    $do_articles $r['do_articles'] == 'YES' 'ok' '';
    $do_extras $r['do_extras'] == 'YES' 'ok' '';
    $do_pages $r['do_pages'] == 'YES' 'ok' '';

?>


2.  About 10 strings below this point, locate the query string that updates the Users table.
    It begins with - mysql_query("UPDATE ".db('prefix')."users
    Replace the complete string with this (excluding the PHP-tags), which keeps the default string intact but commented out (under it), for future reference.

Code: [Select]
<?php

# User Privileges added after permit_upload:
// do_categories='$do_categories',do_articles='$do_articles',do_extras='$do_extras',do_pages='$do_pages',
mysql_query("UPDATE ".db('prefix')."users SET ".$pass_query."realname='$rname',location='$loc',email='$mail',website='$url',show_rname='$show_rname',show_email='$show_email',permit_upload='$permit_upload',do_categories='$do_categories',do_articles='$do_articles',do_extras='$do_extras',do_pages='$do_pages',site_owner='$site_owner',edit_comments='$edit_comments'".$level." WHERE id='$id' LIMIT 1;");
//mysql_query("UPDATE ".db('prefix')."users SET ".$pass_query."realname='$rname',location='$loc',email='$mail',website='$url',show_rname='$show_rname',show_email='$show_email',permit_upload='$permit_upload',site_owner='$site_owner',edit_comments='$edit_comments'".$level." WHERE id='$id' LIMIT 1;");

?>


testing
Log in as the Admin, view the User Privilege Level panel for any Editor or Super Editor, and you should see the new permission check-box options.
All of them will be un-checked. To make any of them visible to an account owner, check it (them) and SAVE the changes.
Go back and view the panel again to see that the checked ones are still checked (that the change was saved).
Log out, log in as that User, and only those Privileges that are checked will be visible.

I hope you find this mod useful.
Logged
Do it now... later may not come.
-------------------------------------------------------------------------------------------------
sNews 1.6 MESU | sNews 1.6 MEMU