Changeset 457

Timestamp:

Jan 20, 2014 9:42:13 PM (10 years ago)

Author:

anonymous

Message:

Removed use of requireAccessClearance(). Adjusted sequence of sslOn() and requireLogin(). Added ACL::requireAllow() method. Added arguments to SortOrder::set(). Changed behavior of Validator::validateStrDate(). Added use of Validator::validateStrDate() to module maker templates.

Location:

trunk

Files:

• bin/module_maker/_config.inc.php (modified) (3 diffs)
• bin/module_maker/list_template.cli.php (modified) (4 diffs)
• bin/module_maker/skel/adm_list.ihtml (modified) (1 diff)
• css/admin.inc.css (modified) (2 diffs)
• css/admin2.inc.css (modified) (4 diffs)
• lib/ACL.inc.php (modified) (38 diffs)
• lib/SortOrder.inc.php (modified) (2 diffs)
• lib/Utilities.inc.php (modified) (1 diff)
• lib/Validator.inc.php (modified) (10 diffs)
• services/admins.php (modified) (1 diff)
• services/lock.php (modified) (1 diff)
• services/logs.php (modified) (7 diffs)
• services/templates/admin_list.ihtml (modified) (2 diffs)
• services/templates/log_list.ihtml (modified) (1 diff)
• services/templates/versions_diff.ihtml (modified) (1 diff)
• services/templates/versions_view.ihtml (modified) (1 diff)
• services/versions.php (modified) (4 diffs)
• tests/Auth_SQLTest.php (modified) (1 diff)

trunk/bin/module_maker/_config.inc.php

@@ -4 +4 @@
  * For details visit the project site: <http://trac.strangecode.com/codebase/>
  * Copyright 2001-2012 Strangecode, LLC
- * 
+ *
  * This file is part of The Strangecode Codebase.
  *
@@ -11 +11 @@
  * Free Software Foundation, either version 3 of the License, or (at your option)
  * any later version.
- * 
+ *
  * The Strangecode Codebase is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  * details.
- * 
+ *
  * You should have received a copy of the GNU General Public License along with
  * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>.
@@ -27 +27 @@
     // Determine common site directory.
     $common_base = realpath($_SERVER['argv'][1]);
-    
+
     // First arg is path to current site. Realpath removes trailing /s
     define('COMMON_BASE', $common_base);

trunk/bin/module_maker/list_template.cli.php

@@ -5 +5 @@
  * For details visit the project site: <http://trac.strangecode.com/codebase/>
  * Copyright 2001-2012 Strangecode, LLC
- * 
+ *
  * This file is part of The Strangecode Codebase.
  *
@@ -12 +12 @@
  * Free Software Foundation, either version 3 of the License, or (at your option)
  * any later version.
- * 
+ *
  * The Strangecode Codebase is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  * details.
- * 
+ *
  * You should have received a copy of the GNU General Public License along with
  * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>.
@@ -116 +116 @@
             $listrows[] = "<\x3fphp echo '9999-12-31' == \$list[\$i]['$field'] ? '' : date(\$app->getParam('date_format'), strtotime(\$list[\$i]['$field'])); \x3f>";
         } else if (preg_match('/datetime/i', $type)) {
-            $listrows[] = "<\x3fphp echo '0000-00-00 00:00:00' == \$list[\$i]['$field'] ? '' : date(\$app->getParam('date_format'), strtotime(\$list[\$i]['$field'])); \x3f>";
+            $listrows[] = "<\x3fphp echo Validator::validateStrDate(\$list[\$i]['$field']) ? date(\$app->getParam('date_format'), strtotime(\$list[\$i]['$field'])) : ''; \x3f>";
         } else if (preg_match('/date/i', $type)) {
-            $listrows[] = "<\x3fphp echo '0000-00-00' == \$list[\$i]['$field'] ? '' : date(\$app->getParam('date_format'), strtotime(\$list[\$i]['$field'])); \x3f>";
+            $listrows[] = "<\x3fphp echo Validator::validateStrDate(\$list[\$i]['$field']) ? date(\$app->getParam('date_format'), strtotime(\$list[\$i]['$field'])) : ''; \x3f>";
         } else if (preg_match('/(amount|_rate)/i', $field)) {
             $listrows[] = "<\x3fphp printf('$%01.2f', \$list[\$i]['$field']); \x3f>";
@@ -140 +140 @@
 <\x3fphp \$fv->printErrorMessages(); \x3f>
 
-<div id="commandbox">
+<div class="commandbox">
 <form action="<\x3fphp echo oTxt(\$_SERVER['PHP_SELF']); \x3f>" method="get">
 <\x3fphp \$app->printHiddenSession(false); \x3f>

trunk/bin/module_maker/skel/adm_list.ihtml

@@ -2 +2 @@
 <?php $fv->printErrorMessages(); ?>
 
-<div id="commandbox">
+<div class="commandbox">
     <span class="sc-nowrap commandtext"><a href="<?php echo $app->oHREF($_SERVER['PHP_SELF'] . '?op=add'); ?>"><?php echo _("Add %ITEM_TITLE%"); ?></a></span>
     <form action="<?php echo oTxt($_SERVER['PHP_SELF']); ?>" method="get" class="sc-form">

trunk/css/admin.inc.css

@@ -249 +249 @@
 
 /* Should this be an ID??? */
-#commandbox
+#commandbox, .commandbox
 {
     padding: 3px 5px 5px 5px;
@@ -264 +264 @@
 }
 
-#commandbox .form {
+#commandbox .form, .commandbox .form, #commandbox form, .commandbox form, {
     margin-top: 8px;
 }

trunk/css/admin2.inc.css

@@ -211 +211 @@
 }
 
-table.list td, #commandbox table td {
+table.list td, #commandbox table td, .commandbox table td {
     font-size: 70%;
     padding: 2px 6px 2px 2px;
@@ -218 +218 @@
 }
 
-table.list tr:hover, #commandbox table tr:hover {
+table.list tr:hover, #commandbox table tr:hover, .commandbox table tr:hover {
     background: #FAF8C7;
 }
@@ -224 +224 @@
 /*_____________________ COMMANDS ____________________*/
 
-/* Should this be an ID??? */
-#commandbox
+/* We were using an ID, now using class. */
+#commandbox, .commandbox
 {
     padding: 3px 5px 5px 5px;
@@ -240 +240 @@
 }
 
-#commandbox form {
+#commandbox form, .commandbox form {
     margin: 8px 0 0 0;
 }

trunk/lib/ACL.inc.php

@@ -4 +4 @@
  * For details visit the project site: <http://trac.strangecode.com/codebase/>
  * Copyright 2001-2012 Strangecode, LLC
- * 
+ *
  * This file is part of The Strangecode Codebase.
  *
@@ -11 +11 @@
  * Free Software Foundation, either version 3 of the License, or (at your option)
  * any later version.
- * 
+ *
  * The Strangecode Codebase is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  * details.
- * 
+ *
  * You should have received a copy of the GNU General Public License along with
  * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>.
@@ -23 +23 @@
 /*
 * ACL.inc.php
-* 
+*
 * Uses the ARO/ACO/AXO model of Access Control Lists.
 * Uses Modified Preorder Tree Traversal to maintain a tree-structure.
 * See: http://www.sitepoint.com/print/hierarchical-data-database
 * Includes a command-line tool for managing rights (codebase/bin/acl.cli.php).
-* 
+*
 *
 * @author   Quinn Comendant <quinn@strangecode.com>
@@ -41 +41 @@
     // Configuration parameters for this object.
     var $_params = array(
-        
+
         // If false nothing will be cached or retrieved. Useful for testing realtime data requests.
         'enable_cache' => true,
@@ -94 +94 @@
     {
         $app =& App::getInstance();
-    
+
         if (isset($params) && is_array($params)) {
             // Merge new parameters with old overriding only those passed.
@@ -113 +113 @@
     {
         $app =& App::getInstance();
-    
+
         if (isset($this->_params[$param])) {
             return $this->_params[$param];
@@ -145 +145 @@
                 $app->logMsg(sprintf('Dropping and recreating tables acl_tbl, aro_tbl, aco_tbl, axo_tbl.', null), LOG_INFO, __FILE__, __LINE__);
             }
-            
+
             // acl_tbl
             $db->query("
@@ -171 +171 @@
                 $qid = $db->query("SELECT 1 FROM acl_tbl");
                 if (mysql_num_rows($qid) == 0) {
-                    $qid = $db->query("REPLACE INTO acl_tbl VALUES ('1', '1', '1', 'deny', NOW())");                    
-                }                
+                    $qid = $db->query("REPLACE INTO acl_tbl VALUES ('1', '1', '1', 'deny', NOW())");
+                }
             }
 
@@ -202 +202 @@
                     $qid = $db->query("SELECT 1 FROM {$a_o}_tbl WHERE name = 'root'");
                     if (mysql_num_rows($qid) == 0) {
-                        $qid = $db->query("REPLACE INTO {$a_o}_tbl (name, lft, rgt, added_datetime) VALUES ('root', 1, 2, NOW())");                    
-                    }                    
+                        $qid = $db->query("REPLACE INTO {$a_o}_tbl (name, lft, rgt, added_datetime) VALUES ('root', 1, 2, NOW())");
+                    }
                 }
 
@@ -228 +228 @@
         $app =& App::getInstance();
         $db =& DB::getInstance();
-        
+
         $this->initDB();
-        
+
         switch ($type) {
         case 'aro' :
@@ -246 +246 @@
             break;
         }
-        
+
         // If $parent is null, use root object.
         if (is_null($parent)) {
             $parent = 'root';
         }
-        
+
         // Ensure node and parent name aren't empty.
         if ('' == trim($name) || '' == trim($parent)) {
@@ -257 +257 @@
             return false;
         }
-        
+
         // Ensure node is unique.
         $qid = $db->query("SELECT 1 FROM $tbl WHERE name = '" . $db->escapeString($name) . "'");
@@ -264 +264 @@
             return false;
         }
-        
+
         // Select the rgt of $parent.
         $qid = $db->query("SELECT rgt FROM $tbl WHERE name = '" . $db->escapeString($parent) . "'");
@@ -275 +275 @@
         $db->query("UPDATE $tbl SET lft = lft + 2 WHERE lft >= $parent_rgt");
         $db->query("UPDATE $tbl SET rgt = rgt + 2 WHERE rgt >= $parent_rgt");
-        
+
         // Insert new node just below parent. Lft is parent's old rgt.
         $db->query("
-            INSERT INTO $tbl (name, lft, rgt, added_datetime) 
+            INSERT INTO $tbl (name, lft, rgt, added_datetime)
             VALUES ('" . $db->escapeString($name) . "', $parent_rgt, $parent_rgt + 1, NOW())
         ");
@@ -315 +315 @@
         $app =& App::getInstance();
         $db =& DB::getInstance();
-        
+
         $this->initDB();
 
@@ -336 +336 @@
             break;
         }
-        
+
         // Ensure node name isn't empty.
         if ('' == trim($name)) {
@@ -342 +342 @@
             return false;
         }
-        
+
         // Select the lft and rgt of $name to use for selecting children and reordering transversals.
         $qid = $db->query("SELECT lft, rgt FROM $tbl WHERE name = '" . $db->escapeString($name) . "'");
@@ -349 +349 @@
             return false;
         }
-        
+
         // Remove node and all children of node, as well as acl_tbl links.
         $db->query("
-            DELETE $tbl, acl_tbl 
+            DELETE $tbl, acl_tbl
             FROM $tbl
             LEFT JOIN acl_tbl ON ($tbl.$primary_key = acl_tbl.$primary_key)
@@ -366 +366 @@
         return true;
     }
-    
+
     // Alias functions for the different object types.
     function removeRequestObject($name)
@@ -397 +397 @@
         $app =& App::getInstance();
         $db =& DB::getInstance();
-        
+
         $this->initDB();
 
@@ -418 +418 @@
             break;
         }
-        
+
         // If $new_parent is null, use root object.
         if (is_null($new_parent)) {
             $new_parent = 'root';
         }
-        
+
         // Ensure node and parent name aren't empty.
         if ('' == trim($name) || '' == trim($new_parent)) {
@@ -429 +429 @@
             return false;
         }
-        
+
         // Select the lft and rgt of $name to use for selecting children and reordering transversals.
         $qid = $db->query("SELECT lft, rgt FROM $tbl WHERE name = '" . $db->escapeString($name) . "'");
@@ -436 +436 @@
             return false;
         }
-        
+
         // Total number of transversal values (that is, the count of self plus all children times two).
         $total_transversal_value = ($rgt - $lft + 1);
@@ -446 +446 @@
             return false;
         }
-        
+
         // Ensure the new parent is not a child of the node being moved.
         if ($new_parent_rgt <= $rgt && $new_parent_rgt >= $lft) {
@@ -452 +452 @@
             return false;
         }
-        
+
         // Collect unique ids of all nodes being moved. The transversal numbers will become duplicated so these will be needed to identify these.
         $qid = $db->query("
@@ -472 +472 @@
         // Apply transformation to new parent rgt also.
         $new_parent_rgt = $new_parent_rgt > $rgt ? $new_parent_rgt - $total_transversal_value : $new_parent_rgt;
-        
+
         // Update transversal values of moved node and children.
         $db->query("
-            UPDATE $tbl SET 
+            UPDATE $tbl SET
                 lft = lft - ($lft - $new_parent_rgt),
                 rgt = rgt - ($lft - $new_parent_rgt)
@@ -488 +488 @@
         return true;
     }
-    
+
     // Alias functions for the different object types.
     function moveRequestObject($name, $new_parent=null)
@@ -502 +502 @@
         return $this->move($name, $new_parent, 'axo');
     }
-    
+
     /*
     * Add an entry to the acl_tbl to allow (or deny) a truple with the specified
@@ -528 +528 @@
         $aco = is_null($aco) ? 'root' : $aco;
         $axo = is_null($axo) ? 'root' : $axo;
-        
+
         // Flush old cached values.
         $cache_hash = $aro . '|' . $aco . '|' . $axo;
@@ -552 +552 @@
         // Access must be 'allow' or 'deny'.
         $allow = 'allow' == $access ? 'allow' : 'deny';
-        
+
         $db->query("REPLACE INTO acl_tbl VALUES ('$aro_id', '$aco_id', '$axo_id', '$allow', NOW())");
         $app->logMsg(sprintf('Set %s: %s -> %s -> %s.', $allow, $aro, $aco, $axo), LOG_INFO, __FILE__, __LINE__);
-        
+
         return true;
     }
@@ -577 +577 @@
         return $this->grant($aro, $aco, $axo, 'deny');
     }
-    
+
     /*
     * Delete an entry from the acl_tbl completely to allow other permissions to cascade down.
@@ -610 +610 @@
         $aco = is_null($aco) ? 'root' : $aco;
         $axo = is_null($axo) ? 'root' : $axo;
-        
+
         // Flush old cached values.
         $cache_hash = $aro . '|' . $aco . '|' . $axo;
@@ -621 +621 @@
             return false;
         }
-        
+
         $qid = $db->query("
             DELETE acl_tbl
@@ -632 +632 @@
 
         $app->logMsg(sprintf('Deleted %s acl_tbl links: %s -> %s -> %s', mysql_affected_rows($db->getDBH()), $aro, $aco, $axo), LOG_INFO, __FILE__, __LINE__);
-        
+
         return true;
     }
-    
+
     /*
     * Calculates the most specific cascading privilege found for a requested
-    * ARO -> ACO -> AXO entry. Returns FALSE if the entry is denied. By default, 
+    * ARO -> ACO -> AXO entry. Returns FALSE if the entry is denied. By default,
     * all entries are denied, unless some point in the hierarchy is set to "allow."
     *
@@ -654 +654 @@
         $app =& App::getInstance();
         $db =& DB::getInstance();
-        
+
         $this->initDB();
 
@@ -661 +661 @@
         $aco = is_null($aco) || '' == trim($aco) ? 'root' : $aco;
         $axo = is_null($axo) || '' == trim($axo) ? 'root' : $axo;
-        
+
         $cache_hash = $aro . '|' . $aco . '|' . $axo;
         if ($this->cache->exists($cache_hash) && true === $this->getParam('enable_cache')) {
@@ -687 +687 @@
             $this->cache->set($cache_hash, $access);
         }
-        
+
         if ('allow' == $access) {
             $app->logMsg(sprintf('Access granted: %s -> %s -> %s.', $aro, $aco, $axo), LOG_DEBUG, __FILE__, __LINE__);
@@ -697 +697 @@
     }
 
+    /*
+    * Bounce user if they are denied access. Because this function calls dieURL() it must be called before any other HTTP header output.
+    *
+    * @access   public
+    * @param    string $aro Identifier of an existing ARO object.
+    * @param    string $aco Identifier of an existing ACO object (or null to use root).
+    * @param    string $axo Identifier of an existing AXO object (or null to use root).
+    * @param    string $message The text description of a message to raise.
+    * @param    int    $type    The type of message: MSG_NOTICE,
+    *                           MSG_SUCCESS, MSG_WARNING, or MSG_ERR.
+    * @param    string $file    __FILE__.
+    * @param    string $line    __LINE__.
+    * @author   Quinn Comendant <quinn@strangecode.com>
+    * @version  1.0
+    * @since    20 Jan 2014 12:09:03
+    */
+    function requireAllow($aro, $aco=null, $axo=null, $message='', $type=MSG_NOTICE, $file=null, $line=null)
+    {
+        $app =& App::getInstance();
+
+        if (!$this->check($aro, $aco, $axo)) {
+            $message = '' == trim($message) ? sprintf(_("You have insufficient privileges to view <em>%s %s</em>"), $aco, $axo) : $message;
+            $app->raiseMsg($message, $type, $file, $line);
+            $app->dieBoomerangURL();
+        }
+    }
+
 } // End class.
 

trunk/lib/SortOrder.inc.php

@@ -139 +139 @@
      *                               for example, for an alphabetical sort)
      */
-    function set($sort = null, $order = null)
+    function set($sort=null, $order=null, $save_value=true)
     {
         // Set new sort value.
         if (isset($sort)) {
             $this->sort_by = $sort;
-            $this->prefs->set('sort_by', $this->sort_by);
+            if ($save_value) {
+                $this->prefs->set('sort_by', $this->sort_by);
+            }
         }
 
@@ -150 +152 @@
         if (isset($order)) {
             $this->order = $order;
-            $this->prefs->set('sort_order', $this->order);
+            if ($save_value) {
+                $this->prefs->set('sort_order', $this->order);
+            }
         }
     }

trunk/lib/Utilities.inc.php

@@ -65 +65 @@
     $d = ob_get_contents();
     ob_end_clean();
-    return $serialize ? preg_replace('/\s+/m', '', $d) : $d;
+    return $serialize ? preg_replace('/\s+/m', ' ', $d) : $d;
 }
 

trunk/lib/Validator.inc.php

@@ -4 +4 @@
  * For details visit the project site: <http://trac.strangecode.com/codebase/>
  * Copyright 2001-2012 Strangecode, LLC
- * 
+ *
  * This file is part of The Strangecode Codebase.
  *
@@ -11 +11 @@
  * Free Software Foundation, either version 3 of the License, or (at your option)
  * any later version.
- * 
+ *
  * The Strangecode Codebase is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  * details.
- * 
+ *
  * You should have received a copy of the GNU General Public License along with
  * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>.
@@ -24 +24 @@
  * Validator.inc.php
  *
- * The Validator class provides a methods for validating input against different criteria. 
+ * The Validator class provides a methods for validating input against different criteria.
  * All functions return true if the input passes the test.
  *
@@ -192 +192 @@
             return VALIDATE_EMAIL_REGEX_FAIL;
         }
-        
+
         // We have a match! Here are the captured subpatterns, on which further tests are run.
-        // The part before the @. 
+        // The part before the @.
         $local = $e_parts[2];
 
-        // The part after the @. 
+        // The part after the @.
         // If domain is an IP [XXX.XXX.XXX.XXX] strip off the brackets.
         $domain = $e_parts[3]{0} == '[' ? mb_substr($e_parts[3], 1, -1) : $e_parts[3];
@@ -225 +225 @@
     {
         $app =& App::getInstance();
-        
-        if ('' == trim($val)) {
+
+        if (is_string($val) && '' === trim($val)) {
             // Don't be too bothered about empty strings.
             return true;
@@ -232 +232 @@
 
         $timestamp = strtotime($val);
-        // Return values change between php4 and php5.
-        if ('' != trim($val) && ($timestamp === -1 || $timestamp === false)) {
+        if (!$timestamp || $timestamp < 1) {
             return false;
         } else {
@@ -239 +238 @@
         }
     }
-
 
     /**
@@ -279 +277 @@
                  break;
          }
-         
+
          if ('' != $regex && !preg_match($regex, $cc_num)) {
              // Invalid format.
@@ -324 +322 @@
             return false;
         }
-        
+
         if (is_array($_FILES[$form_name]['name'])) {
             foreach($_FILES[$form_name]['name'] as $f) {
@@ -336 +334 @@
             }
         }
-        
+
         return true;
     }

trunk/services/admins.php

@@ -27 +27 @@
 // require_once dirname(__FILE__) . '/_config.inc.php';
 
+$app->sslOn();
 $auth->requireLogin();
-$app->sslOn();
 
 require_once 'codebase/lib/PageNumbers.inc.php';

trunk/services/lock.php

@@ -28 +28 @@
 require_once 'codebase/lib/Lock.inc.php';
 
+$app->sslOn();
 $auth->requireLogin();
-$app->sslOn();
 
 if (getFormData('boomerang', false)) {

trunk/services/logs.php

@@ -4 +4 @@
  * For details visit the project site: <http://trac.strangecode.com/codebase/>
  * Copyright 2001-2012 Strangecode, LLC
- * 
+ *
  * This file is part of The Strangecode Codebase.
  *
@@ -11 +11 @@
  * Free Software Foundation, either version 3 of the License, or (at your option)
  * any later version.
- * 
+ *
  * The Strangecode Codebase is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  * details.
- * 
+ *
  * You should have received a copy of the GNU General Public License along with
  * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>.
@@ -27 +27 @@
 // require_once dirname(__FILE__) . '/_config.inc.php';
 
+$app->sslOn();
 $auth->requireLogin();
-// $auth->requireAccessClearance(ZONE_ADMIN_APPLOG);
-$app->sslOn();
 
 require_once 'codebase/lib/PageNumbers.inc.php';
@@ -64 +63 @@
 ));
 if (getFormData('log', false)) {
-    $tmp_prefs->set('log_file', getFormData('log'));    
+    $tmp_prefs->set('log_file', getFormData('log'));
 }
 
@@ -80 +79 @@
 switch (getFormData('op')) {
 case 'delete' :
-//     $auth->requireAccessClearance(ZONE_ADMIN_APPLOG_FUNC_RESET);
     deleteLog($tmp_prefs->get('log_file'));
     $tmp_prefs->set('log_file', $app->getParam('log_filename'));
@@ -92 +90 @@
 
 case 'clear' :
-//     $auth->requireAccessClearance(ZONE_ADMIN_APPLOG_FUNC_RESET);
     clearLog($tmp_prefs->get('log_file'));
     if ($app->validBoomerangURL('app_log')) {
@@ -103 +100 @@
 
 case 'archive' :
-//     $auth->requireAccessClearance(ZONE_ADMIN_APPLOG_FUNC_RESET);
     if (archiveLog($tmp_prefs->get('log_file'))) {
         // Now flush current log.

trunk/services/templates/admin_list.ihtml

@@ -2 +2 @@
 <?php $fv->printErrorMessages(); ?>
 
-<div id="commandbox">
+<div class="commandbox">
     <span class="sc-nowrap commanditem"><a href="<?php echo $app->oHREF($_SERVER['PHP_SELF'] . '?op=add'); ?>"><?php echo _("Add Administrator"); ?></a></span>
     <form action="<?php echo oTxt($_SERVER['PHP_SELF']); ?>" method="get" class="sc-form">
@@ -38 +38 @@
         <td class="sc-nowrap"><?php echo oTxt($list[$i]['first_name'], true); ?> <?php echo oTxt($list[$i]['last_name'], true); ?> &nbsp;</td>
         <td class="sc-nowrap"><?php echo round($list[$i]['seconds_online'] / 60); ?> &nbsp;</td>
-        <td class="sc-nowrap"><?php 
+        <td class="sc-nowrap"><?php
             if ($auth->isLoggedIn($list[$i]['admin_id'])) {
                 ?><strong><?php echo date($app->getParam('date_format'), strtotime($list[$i]['last_login_datetime'])) ?></strong><?php
             } else {
-                echo '0000-00-00 00:00:00' == $list[$i]['last_login_datetime'] ? '' : date($app->getParam('date_format'), strtotime($list[$i]['last_login_datetime'])); 
+                echo Validator::validateStrDate($list[$i]['last_login_datetime']) ? date($app->getParam('date_format'), strtotime($list[$i]['last_login_datetime'])) : '';
             }
         ?> &nbsp;</td>
         <td class="sc-nowrap"><?php echo gethostbyaddr($list[$i]['last_login_ip']); ?> &nbsp;</td>
-        <td class="sc-nowrap"><?php echo '0000-00-00 00:00:00' == $list[$i]['added_datetime'] ? '' : date($app->getParam('date_format'), strtotime($list[$i]['added_datetime'])); ?> &nbsp;</td>
+        <td class="sc-nowrap"><?php echo Validator::validateStrDate($list[$i]['added_datetime']) ? date($app->getParam('date_format'), strtotime($list[$i]['added_datetime'])) : ''; ?> &nbsp;</td>
         <td class="sc-nowrap"><?php echo oTxt($list[$i]['added_admin_username'], true); ?> &nbsp;</td>
-        <td class="sc-nowrap"><?php echo '0000-00-00 00:00:00' == $list[$i]['modified_datetime'] ? '' : date($app->getParam('date_format'), strtotime($list[$i]['modified_datetime'])); ?> &nbsp;</td>
+        <td class="sc-nowrap"><?php echo Validator::validateStrDate($list[$i]['modified_datetime']) ? date($app->getParam('date_format'), strtotime($list[$i]['modified_datetime'])) : ''; ?> &nbsp;</td>
         <td class="sc-nowrap"><?php echo oTxt($list[$i]['modified_admin_username'], true); ?> &nbsp;</td>
         <td class="sc-padleft sc-nowrap" align="right"><a title="<?php printf(_("Delete %s"), oTxt($list[$i]['username'])) ?>" href="<?php echo $app->oHREF($_SERVER['PHP_SELF'] . "?op=del&admin_id=" . $list[$i]['admin_id']); ?>" onclick="javascript:return confirm('<?php printf(_("Are you sure you want to delete the record %s? This action is permanent and cannot be undone."), oTxt($list[$i]['username'])) ?>')"><img src="/admin/i/trash.gif" alt="Delete" width="10" height="10" border="0" /></a> &nbsp;</td>

trunk/services/templates/log_list.ihtml

@@ -1 +1 @@
 <form action="<?php echo oTxt($_SERVER['PHP_SELF']); ?>" method="get" class="sc-form">
 <?php $app->printHiddenSession(false); ?>
-<div id="commandbox">
+<div class="commandbox">
 <?php if (is_array($logs) && !empty($logs)) { ?>
     <table>

trunk/services/templates/versions_diff.ihtml

@@ -1 @@
-<div id="commandbox">
+<div class="commandbox">
 <?php if (!getFormData('current', false)) { ?>
     <span class="sc-nowrap commanditem"><a href="<?php echo $app->oHREF($_SERVER['PHP_SELF'] . '?op=restore', array('version_id', 'version_title')); ?>"><?php echo _("Restore this saved version"); ?></a></span>

trunk/services/templates/versions_view.ihtml

@@ -1 @@
-<div id="commandbox">
+<div class="commandbox">
 <span class="sc-nowrap commanditem"><a href="<?php echo $app->ohref(oTxt($_SERVER['PHP_SELF'])); ?>"><?php echo _("Back to the Versions List"); ?></a></span>
 <?php if (!getFormData('current', false)) { ?>

trunk/services/versions.php

@@ -4 +4 @@
  * For details visit the project site: <http://trac.strangecode.com/codebase/>
  * Copyright 2001-2012 Strangecode, LLC
- * 
+ *
  * This file is part of The Strangecode Codebase.
  *
@@ -11 +11 @@
  * Free Software Foundation, either version 3 of the License, or (at your option)
  * any later version.
- * 
+ *
  * The Strangecode Codebase is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  * details.
- * 
+ *
  * You should have received a copy of the GNU General Public License along with
  * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>.
@@ -27 +27 @@
 // require_once dirname(__FILE__) . '/_config.inc.php';
 
+$app->sslOn();
 $auth->requireLogin();
-$app->sslOn();
 
 require_once 'codebase/lib/Version.inc.php';
@@ -38 +38 @@
 
 // Since we're using the singleton pattern we can instantiate a Version object earlier with custom parameters.
-$version =& Version::getInstance($auth);    
+$version =& Version::getInstance($auth);
 
 // Query arguments to retain their values between page requests.

trunk/tests/Auth_SQLTest.php

@@ -256 +256 @@
         $this->assertType('array', $result);
     }
-
-//     function test_inclearancezone()
-//     {
-//         $result = $this->Auth_SQL->inclearancezone(PARAM);
-//         $expected = EXPECTED_VAL;
-//         $this->assertEquals($expected, $result);
-//     }
-//
-//     function test_requireaccessclearance()
-//     {
-//         $result = $this->Auth_SQL->requireaccessclearance(PARAM);
-//         $expected = EXPECTED_VAL;
-//         $this->assertEquals($expected, $result);
-//     }
-
 }
 // Running the test.