archive/piwigo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

- change the way conf['guest_access'] is handled so that web services work correctly (and also nbm.php and feed.php)

Browse source 
git-svn-id: http://piwigo.org/svn/trunk@1850 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
rvelices 2007-02-22 05:31:08 +00:00
parent cea58b64ee
commit 20ba76b753
6 changed files with 32 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
admin/include/functions_notification_by_mail.inc.php
View file

@ -261,11 +261,7 @@ function set_user_on_env_nbm(&$nbm_user, $is_action_send)
{
global $user, $lang, $lang_info, $env_nbm;
$user = array();
$user['id'] = $nbm_user['user_id'];
$user = array_merge($user, getuserdata($user['id'], true));
list($user['template'], $user['theme']) = explode('/', $user['template']);
$user = build_user( $nbm_user['user_id'], true );
if ($env_nbm['last_language'] != $user['language'])
{

5
feed.php
View file

@ -86,7 +86,6 @@ SELECT user_id,
}
if ($feed_row['user_id']!=$user['id'])
{ // new user
$user = array();
$user = build_user( $feed_row['user_id'], true );
}
}
@ -95,11 +94,13 @@ else
$image_only = true;
if (!$user['is_the_guest'])
{// auto session was created - so switch to guest
$user = array();
$user = build_user( $conf['guest_id'], true );
}
}
// Check the status now after the user has been loaded
check_status(ACCESS_GUEST);
list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();'));
include_once(PHPWG_ROOT_PATH.'include/feedcreator.class.php');

13
include/common.inc.php
View file

@ -185,19 +185,6 @@ if ($conf['gallery_locked'])
}
}
if ($user['is_the_guest'] and !$conf['guest_access']
and !in_array( script_basename(),
// Array of basename without file extention
array('identification',
'password',
'register'
)
)
)
{
redirect (get_absolute_root_url(false).'identification.php');
}
if ($conf['check_upgrade_feed']
and defined('PHPWG_IN_UPGRADE')
and PHPWG_IN_UPGRADE)

29
include/functions_user.inc.php
View file

@ -392,8 +392,6 @@ DELETE FROM '.FAVORITES_TABLE.'
*/
function calculate_permissions($user_id, $user_status)
{
global $user;
$private_array = array();
$authorized_array = array();
@ -437,7 +435,7 @@ SELECT cat_id
$forbidden_array = array_diff($private_array, $authorized_array);
// if user is not an admin, locked categories are forbidden
if (!is_admin($user_status))
if ( $user_status!='administrator' and $user_status!='webmaster' )
{
$query = '
SELECT id
@ -981,11 +979,11 @@ SELECT '.$conf['user_fields']['id'].' AS id,
* Test does with user status
* @return bool
*/
function get_access_type_status($user_status = '')
function get_access_type_status($user_status='')
{
global $user;
if (($user_status == '') and isset($user['status']))
if ($user_status == '' and isset($user['status']) )
{
$user_status = $user['status'];
}
@ -1024,9 +1022,18 @@ function get_access_type_status($user_status = '')
* Test does with user status
* @return bool
*/
function is_autorize_status($access_type, $user_status = '')
function is_autorize_status($access_type)
{
return (get_access_type_status($user_status) >= $access_type);
global $user, $conf;
if (
!isset($user) or
($user['id']==$conf['guest_id'] and $conf['guest_access']==false)
)
{
return ACCESS_NONE>=$access_type;
}
return (get_access_type_status() >= $access_type);
}
/*
@ -1035,9 +1042,9 @@ function is_autorize_status($access_type, $user_status = '')
* Test does with user status
* @return none
*/
function check_status($access_type, $user_status = '')
function check_status( $access_type )
{
if (!is_autorize_status($access_type, $user_status))
if (!is_autorize_status($access_type) )
{
access_denied();
}
@ -1047,9 +1054,9 @@ function check_status($access_type, $user_status = '')
* Return if user is an administrator
* @return bool
*/
function is_admin($user_status = '')
function is_admin()
{
return is_autorize_status(ACCESS_ADMINISTRATOR, $user_status);
return is_autorize_status(ACCESS_ADMINISTRATOR);
}
/*

8
qsearch.php
View file

@ -1,9 +1,8 @@
<?php
// +-----------------------------------------------------------------------+
// | PhpWebGallery - a PHP based picture gallery |
// | Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net |
// | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net |
// +-----------------------------------------------------------------------+
// | branch : BSF (Best So Far)
// | file : $Id$
// | last update : $Date$
// | last modifier : $Author$
@ -27,6 +26,11 @@
define('PHPWG_ROOT_PATH','./');
include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
// +-----------------------------------------------------------------------+
// | Check Access and exit when user status is not ok |
// +-----------------------------------------------------------------------+
check_status(ACCESS_GUEST);
if (empty($_GET['q']))
{
redirect( make_index_url() );

7
upload.php
View file

@ -2,10 +2,9 @@
// +-----------------------------------------------------------------------+
// | PhpWebGallery - a PHP based picture gallery |
// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
// | Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net |
// | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net |
// +-----------------------------------------------------------------------+
// | branch : BSF (Best So Far)
// | file : $RCSfile$
// | file : $Id$
// | last update : $Date$
// | last modifier : $Author$
// | revision : $Revision$
@ -27,6 +26,8 @@
define('PHPWG_ROOT_PATH','./');
include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
check_status(ACCESS_GUEST);
$username = !empty($_POST['username'])?$_POST['username']:$user['username'];
$mail_address = !empty($_POST['mail_address'])?$_POST['mail_address']:@$user['mail_address'];
$name = !empty($_POST['name'])?$_POST['name']:'';