Tobias
10-04-2006, 08:47 AM
This was originally posted on August 19, 2006 by myself. The use of this modification was actively discussed at that time. General conclusion: make file backups and use it at your own risk. ;)
Hello,
there was a tempting idea recently in the SD forum to allow the Admin to edit an Article when viewing it on the regular "frontend" display page.
After some trials I found a way to allow this - probably not only for the News plugin (p2).
My code allows site-internal referrals under following circumstances (for security reasons):
a pluginid has to be passed
the user must have admin access to that plugin (usergroup setup)
it specifically checks for parameter "&inadmin=1" which has to be part of the link (I just felt like it, so you may throw it out)
Main admin/index.php change
The main required change is to the "admin/index.php" file to allow at all a referral call. Normally the regular Control Panel "Home" page is displayed.
This is tested and requires Subdreamer 2.3.5.
FIND in "admin/index.php" at line 120 find these lines:
if($userinfo['adminaccess'])
{
echo '<frame src="cphome.php" name="mainFrame" scrolling="YES" />';
}
REPLACE them with these lines:
if($userinfo['adminaccess'])
{
//CONDEV 20060819
//Default frame to regular Control Panel homepage:
$cdtargetframe = '<frame src="cphome.php" name="mainFrame" scrolling="YES" />';
if($userinfo['loggedin']==1)
{
$cdref = (strlen($_SERVER['HTTP_REFERER'])>0)?$_SERVER['HTTP_REFERER']:$HTTP_SERVER_VARS['HTTP_REFERER'];
if(($userinfo['loggedin']==1) && (strpos($cdref,$sdurl.'admin/myplugins?')==0))
{
// extract new frame target
$cdnewframe = substr($cdref,strlen($sdurl.'admin/'));
// parse and check url for required entries
$cdpref = parse_url($cdref);
$cduriparams = @explode('&',$cdpref['query']);
// Check if a pluginid was included
$cdpluginid = -1;
foreach($cduriparams as $param)
{
$p = @explode('=',$param);
if(strtolower($p[0])=='pluginid')
{
$cdpluginid = $p[1];
}
}
// ONLY allow referral if "inadmin" was passed AND
// the user has actually admin access to the plugin
if(in_array('inadmin=1',$cduriparams) && (in_array($cdpluginid, $userinfo['pluginadminids'])))
{
$cdtargetframe = '<frame src="'.$cdnewframe.'" name="mainFrame" scrolling="YES" />';
}
}
}
echo $cdtargetframe;
}
Article plugin (p2)
And here is the practical use of it in in the "p2_news" plugin.
To adapt it for use within other plugins just make sure to include the correct pluginid (clones!) and also the "inadmin=1" extra parameter - unless you remove it from the above checkings in the code.
The added code uses a hardcoded pluginid ("2"), so you have to change it when used in clones!
FIND around line 459 these lines:
else
{
// display link to article
echo ' <a href="' . RewriteLink('index.php?categoryid=' . $categoryid . '&p2_articleid=' . $article['articleid']) . '">' . $p2_language['read_more'] . '</a>';
}
INSERT BELOW those lines the following lines (code uses TABs):
// CONDEV 20060819 display "Edit" link for Admin
// This, however, requires changes in "admin/index.php" to work.
// My solution requires the "isadmin=1" in the link for security.
if(($userinfo['adminaccess']==1) &&
in_array(2, $userinfo['pluginadminids'])) // check here!
{
echo '<a href="' .
RewriteLink('admin/myplugins.php?inadmin=1&pluginid=2'. // check here!
'&action=displayarticleform&loadwysiwyg=1&articleid=' .
$article['articleid']) . '"><br/>[Edit as Admin]</a>';
}
This will display an edit link for admin users below each article. Change the actual link from "[Edit as Admin]" to whatever you like. I didn't add any further code to make it show up on the same line as the other links (Submit etc.), because this would mean several other changes.
Mass Media Pro Plugin - Live Demo : Mass Media Pro (http://www.sddepot.com/mass_media/)
My SDDepot Blog (http://www.sddepot.com/community/blog/tobias/) - SDDepot - Skins and Plugins (http://www.sddepot.com/)
Hello,
there was a tempting idea recently in the SD forum to allow the Admin to edit an Article when viewing it on the regular "frontend" display page.
After some trials I found a way to allow this - probably not only for the News plugin (p2).
My code allows site-internal referrals under following circumstances (for security reasons):
a pluginid has to be passed
the user must have admin access to that plugin (usergroup setup)
it specifically checks for parameter "&inadmin=1" which has to be part of the link (I just felt like it, so you may throw it out)
Main admin/index.php change
The main required change is to the "admin/index.php" file to allow at all a referral call. Normally the regular Control Panel "Home" page is displayed.
This is tested and requires Subdreamer 2.3.5.
FIND in "admin/index.php" at line 120 find these lines:
if($userinfo['adminaccess'])
{
echo '<frame src="cphome.php" name="mainFrame" scrolling="YES" />';
}
REPLACE them with these lines:
if($userinfo['adminaccess'])
{
//CONDEV 20060819
//Default frame to regular Control Panel homepage:
$cdtargetframe = '<frame src="cphome.php" name="mainFrame" scrolling="YES" />';
if($userinfo['loggedin']==1)
{
$cdref = (strlen($_SERVER['HTTP_REFERER'])>0)?$_SERVER['HTTP_REFERER']:$HTTP_SERVER_VARS['HTTP_REFERER'];
if(($userinfo['loggedin']==1) && (strpos($cdref,$sdurl.'admin/myplugins?')==0))
{
// extract new frame target
$cdnewframe = substr($cdref,strlen($sdurl.'admin/'));
// parse and check url for required entries
$cdpref = parse_url($cdref);
$cduriparams = @explode('&',$cdpref['query']);
// Check if a pluginid was included
$cdpluginid = -1;
foreach($cduriparams as $param)
{
$p = @explode('=',$param);
if(strtolower($p[0])=='pluginid')
{
$cdpluginid = $p[1];
}
}
// ONLY allow referral if "inadmin" was passed AND
// the user has actually admin access to the plugin
if(in_array('inadmin=1',$cduriparams) && (in_array($cdpluginid, $userinfo['pluginadminids'])))
{
$cdtargetframe = '<frame src="'.$cdnewframe.'" name="mainFrame" scrolling="YES" />';
}
}
}
echo $cdtargetframe;
}
Article plugin (p2)
And here is the practical use of it in in the "p2_news" plugin.
To adapt it for use within other plugins just make sure to include the correct pluginid (clones!) and also the "inadmin=1" extra parameter - unless you remove it from the above checkings in the code.
The added code uses a hardcoded pluginid ("2"), so you have to change it when used in clones!
FIND around line 459 these lines:
else
{
// display link to article
echo ' <a href="' . RewriteLink('index.php?categoryid=' . $categoryid . '&p2_articleid=' . $article['articleid']) . '">' . $p2_language['read_more'] . '</a>';
}
INSERT BELOW those lines the following lines (code uses TABs):
// CONDEV 20060819 display "Edit" link for Admin
// This, however, requires changes in "admin/index.php" to work.
// My solution requires the "isadmin=1" in the link for security.
if(($userinfo['adminaccess']==1) &&
in_array(2, $userinfo['pluginadminids'])) // check here!
{
echo '<a href="' .
RewriteLink('admin/myplugins.php?inadmin=1&pluginid=2'. // check here!
'&action=displayarticleform&loadwysiwyg=1&articleid=' .
$article['articleid']) . '"><br/>[Edit as Admin]</a>';
}
This will display an edit link for admin users below each article. Change the actual link from "[Edit as Admin]" to whatever you like. I didn't add any further code to make it show up on the same line as the other links (Submit etc.), because this would mean several other changes.
Mass Media Pro Plugin - Live Demo : Mass Media Pro (http://www.sddepot.com/mass_media/)
My SDDepot Blog (http://www.sddepot.com/community/blog/tobias/) - SDDepot - Skins and Plugins (http://www.sddepot.com/)