User Permissions
This document describes how the user permissions system is set up in osDate so that you, as a programmer, can modify it.
How it Works
osDate's init.php file contains a function, "hasRight( $field )", that can be used to check the user permissions, where $field is a single-word unique key that matches a field name in the osdate_membership table.
For example, hasRight( 'message' ) will check to see if the "message" field has a value of 0 (false) or 1 (true) for the currently logged-in user. If true, then this user has permission to view the tool.
You can check for this in the PHP file, then assign the result to the Smarty object (denoted by $t), like this (from mymatches.php):
The permission information is also added to the $_SESSION['security'] array, which can also be directly accessed from Smarty. For example, if the user has permission to view messages, then $_SESSION['security']['message'] will be set to "1".
In the template, you could perform this check before displaying protected data to the user. In this case, we're also checking to ensure that the user is "active" - i.e., their profile has not expired or been disabled by an administrator.
If you wish to add additional permissions, there are a couple of things that you should do. First, you'll need to add an additional field to the osdate_membership table, probably a char(1) field, to hold a single character, like "1" or "0".
Adding a New Permission
As an example, I've added a new permission called "hot_list". If set to true (1), then the user can hot list other users. If false, then the hot list feature is not visible.
Now we'll modify the /admin/membership.php file to accomodate for this new field. Find this line:
$vchat = $_POST['chat'] == 'on' ? 1 : 0;
And after it, add this:
$hot_list = $_POST['hot_list'] == 'on' ? 1 : 0;
Then, find this line:
$sql = 'UPDATE ! ' .
" SET name = '$vname',
chat = '$vchat',
forum = '$vforum',
includeinsearch = '$vincludeinsearch',
message = '$vmessage',
uploadpicture = '$vuploadpicture',
uploadpicturecnt = '$vuploadpicturecnt',
allowalbum = '$vallowalbum',
seepictureprofile = '$vseepictureprofile',
favouritelist = '$vfavouritelist',
sendwinks = '$vsendwinks',
extsearch = '$vextsearch',
fullsignup = '$vfullsignup',
price = '$vprice',
currency = '$vcurrency',
activedays = '$activedays'
WHERE roleid = ? AND id = ?";
And change it to this:
$sql = 'UPDATE ! ' .
" SET name = '$vname',
chat = '$vchat',
forum = '$vforum',
hot_list = '$hot_list',
includeinsearch = '$vincludeinsearch',
message = '$vmessage',
uploadpicture = '$vuploadpicture',
uploadpicturecnt = '$vuploadpicturecnt',
allowalbum = '$vallowalbum',
seepictureprofile = '$vseepictureprofile',
favouritelist = '$vfavouritelist',
sendwinks = '$vsendwinks',
extsearch = '$vextsearch',
fullsignup = '$vfullsignup',
price = '$vprice',
currency = '$vcurrency',
activedays = '$activedays'
WHERE roleid = ? AND id = ?";
That will ensure that the hot_list field is correctly populated when a change is made to the user permissions. Finally, open the lang_english.php file within the /languages folder, and locate this array:
$lang['privileges'] = array ( 'chat' => 'Participate in chat.', 'forum' => 'Participate in forum.', 'includeinsearch' => 'Include in search results.', 'message' => 'Send message to mailbox.', 'allowim' => 'Allow instant messaging.', 'uploadpicture' => 'Upload pictures.', 'uploadpicturecnt' => 'Upload pictures count.', 'allowalbum' => 'Allow private albums.', 'seepictureprofile' => 'View profile pictures.', 'favouritelist' => 'Manage buddy/ban/hot list.', 'sendwinks' => 'Send Winks.', 'extsearch' => 'Perform extended search.', 'fullsignup' => 'Full signup.', 'activedays' => 'Valid days for this level.' );
Add a new array item for the "hot_list" permission, like this (new item in bold at the bottom):
$lang['privileges'] = array ( 'chat' => 'Participate in chat.', 'forum' => 'Participate in forum.', 'includeinsearch' => 'Include in search results.', 'message' => 'Send message to mailbox.', 'allowim' => 'Allow instant messaging.', 'uploadpicture' => 'Upload pictures.', 'uploadpicturecnt' => 'Upload pictures count.', 'allowalbum' => 'Allow private albums.', 'seepictureprofile' => 'View profile pictures.', 'favouritelist' => 'Manage buddy/ban/hot list.', 'sendwinks' => 'Send Winks.', 'extsearch' => 'Perform extended search.', 'fullsignup' => 'Full signup.', 'activedays' => 'Valid days for this level.' 'hot_list' => 'May use hot list feature.' );Save the new lang_english.php file. If you open the Membership tool in the admin section, you should see this new option as a checkbox immediately above the "Name:" text field. If this page is already open, then you may need to refresh your browser screen to see the changes.
Ok, last step... open the "nickpage_navi.tpl" template, and move the hot list link to a new {if} statement, like this:
OLD:
NEW:
The new {if} statement checks to ensure that the hot_list option is set to "1" (checked / true) for the current user; otherwise, the "Add to Hot List" option will not be visible.
IMPORTANT: After making any changes to the files in /templates/current/, be sure to copy these changed files to the /templates/default-blue/, OR to the template that you are currently using, if not default-blue. Otherwise, your changes will be overwritten if you change the template in the osDate Global Settings.