aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrvelices <rv-github@modusoptimus.com>2006-02-23 05:12:32 +0000
committerrvelices <rv-github@modusoptimus.com>2006-02-23 05:12:32 +0000
commit347d2e34b3972ec1d0022b831dd5a1fe13adbaa5 (patch)
tree92cd6cd3e49c50337de07c175c2d9d71291a74f0
parent34538a62f4ac8bc6db41580058fdd040abaa3183 (diff)
fix: permissioning not working (2 bugs)
fix: locked gallery cannot be unlocked (impossible to login) improvement: nicer display in redirect.tpl improvement: when a page is not accessible because of permissions (accessed through bookmark or email), redirect to identification.php and after identification to the initially requested page git-svn-id: http://piwigo.org/svn/trunk@1052 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--identification.php15
-rw-r--r--include/common.inc.php9
-rw-r--r--include/functions_category.inc.php19
-rw-r--r--include/user.inc.php3
-rw-r--r--language/en_UK.iso-8859-1/common.lang.php3
-rw-r--r--language/fr_FR.iso-8859-1/common.lang.php3
-rw-r--r--picture.php4
-rw-r--r--template/yoga/identification.tpl2
-rw-r--r--template/yoga/redirect.tpl4
9 files changed, 45 insertions, 17 deletions
diff --git a/identification.php b/identification.php
index 3ff9d468d..5cf65b5a2 100644
--- a/identification.php
+++ b/identification.php
@@ -31,8 +31,20 @@ include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
//-------------------------------------------------------------- identification
$errors = array();
+
+$redirect_to = '';
+if ( !empty($_GET['redirect']) )
+{
+ $redirect_to = $_GET['redirect'];
+ if ( $user['is_the_guest'] )
+ {
+ array_push($errors, $lang['access_forbiden']);
+ }
+}
+
if (isset($_POST['login']))
{
+ $redirect_to = $_POST['redirect'];
$username = mysql_escape_string($_POST['username']);
// retrieving the encrypted password of the login submitted
$query = '
@@ -54,7 +66,7 @@ SELECT '.$conf['user_fields']['id'].' AS id,
session_set_cookie_params($session_length);
session_start();
$_SESSION['id'] = $row['id'];
- redirect('category.php');
+ redirect(empty($redirect_to) ? 'category.php' : $redirect_to);
}
else
{
@@ -85,6 +97,7 @@ $template->assign_vars(
'U_REGISTER' => PHPWG_ROOT_PATH.'register.php',
'U_LOST_PASSWORD' => PHPWG_ROOT_PATH.'password.php',
'U_HOME' => PHPWG_ROOT_PATH.'category.php',
+ 'U_REDIRECT' => $redirect_to,
'F_LOGIN_ACTION' => PHPWG_ROOT_PATH.'identification.php'
));
diff --git a/include/common.inc.php b/include/common.inc.php
index b89258df1..e0c564033 100644
--- a/include/common.inc.php
+++ b/include/common.inc.php
@@ -200,12 +200,15 @@ if (defined('IN_ADMIN') and IN_ADMIN)
if ($conf['gallery_locked'])
{
+ ob_start(); // make sure we can send cookies
echo
'<div style="text-align:center;">'
- .$lang['gallery_locked_message']
- .'</div>';
+ .$lang['gallery_locked_message'];
+ echo '<a href="'.PHPWG_ROOT_PATH.'identification.php">.</a>';
+ echo '</div>';
- if ($user['status'] != 'admin')
+ if ( basename($_SERVER["PHP_SELF"]) != 'identification.php'
+ and $user['status'] != 'admin' )
{
exit();
}
diff --git a/include/functions_category.inc.php b/include/functions_category.inc.php
index b3abce892..f7c5b926b 100644
--- a/include/functions_category.inc.php
+++ b/include/functions_category.inc.php
@@ -46,10 +46,21 @@ function check_restrictions($category_id)
if (in_array($category_id, explode(',', $user['forbidden_categories'])))
{
- echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />';
- echo '<a href="./category.php">';
- echo $lang['thumbnails'].'</a></div>';
- exit();
+ $login_url = './identification.php?redirect='.
+ htmlentities(htmlentities($_SERVER['REQUEST_URI']));
+ if ( ! $user['is_the_guest'] )
+ {
+ echo '<div style="text-align:center;">';
+ echo $lang['hello'].' '.$user['username'].'! ';
+ echo $lang['access_forbiden'].'<br />';
+ echo '<a href="./category.php">'.$lang['thumbnails'].'</a> ';
+ echo '</div>';
+ exit();
+ }
+ else
+ {
+ redirect($login_url);
+ }
}
}
diff --git a/include/user.inc.php b/include/user.inc.php
index c22f4b369..4b3dd13e8 100644
--- a/include/user.inc.php
+++ b/include/user.inc.php
@@ -58,12 +58,11 @@ if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER']))
$user['is_the_guest'] = false;
}
-
$user = array_merge(
$user,
getuserdata(
$user['id'],
- defined('IN_ADMIN') and IN_ADMIN ? false : true // use cache ?
+ ( defined('IN_ADMIN') and IN_ADMIN ) ? false : true // use cache ?
)
);
diff --git a/language/en_UK.iso-8859-1/common.lang.php b/language/en_UK.iso-8859-1/common.lang.php
index 045b5ad65..3634797bd 100644
--- a/language/en_UK.iso-8859-1/common.lang.php
+++ b/language/en_UK.iso-8859-1/common.lang.php
@@ -113,7 +113,7 @@ $lang['Visits'] = 'Visits';
$lang['Webmaster'] = 'Webmaster';
$lang['Weekly'] = 'Weekly';
$lang['about_page_title'] = 'About PhpWebGallery';
-$lang['access_forbiden'] = 'You are not authorized to access this page';
+$lang['access_forbiden'] = 'You are not authorized to access the requested page';
$lang['add to caddie'] = 'add to caddie';
$lang['add_favorites_alt'] = 'Add to favorites';
$lang['add_favorites_hint'] = 'Add this picture to your favorites';
@@ -136,6 +136,7 @@ $lang['calendar_any'] = 'All';
$lang['calendar_hint'] = 'displays each day with pictures, month per month';
$lang['calendar_picture_hint'] = 'displays pictures added on ';
$lang['categories'] = 'Categories';
+$lang['click_to_redirect'] = 'Click here if your browser does not automatically forward you';
$lang['comment date'] = 'comment date';
$lang['comment'] = 'Comment';
$lang['comment_added'] = 'Your comment has been registered';
diff --git a/language/fr_FR.iso-8859-1/common.lang.php b/language/fr_FR.iso-8859-1/common.lang.php
index 0c2d9e09f..5d9cf5fdc 100644
--- a/language/fr_FR.iso-8859-1/common.lang.php
+++ b/language/fr_FR.iso-8859-1/common.lang.php
@@ -112,7 +112,7 @@ $lang['Visits'] = 'Visites';
$lang['Webmaster'] = 'Webmestre';
$lang['Weekly'] = 'Hebdomadaire';
$lang['about_page_title'] = 'À propos de PhpWebGallery';
-$lang['access_forbiden'] = 'Vous n\'êtes pas autorisé sur cette page';
+$lang['access_forbiden'] = 'Vous n\'êtes pas autorisé sur la page demandée';
$lang['add to caddie'] = 'ajouter au panier';
$lang['add_favorites_alt'] = 'Ajouter aux favoris';
$lang['add_favorites_hint'] = 'Ajouter cette image à vos favoris';
@@ -135,6 +135,7 @@ $lang['calendar_any'] = 'Tout';
$lang['calendar_hint'] = 'affichage année par année, mois par mois, jour par jour';
$lang['calendar_picture_hint'] = 'affiche les images du ';
$lang['categories'] = 'Catégories';
+$lang['click_to_redirect'] = 'Cliquez ici si votre navigateur ne vous redirige pas.';
$lang['comment date'] = 'date du commentaire';
$lang['comment'] = 'Commentaire';
$lang['comment_added'] = 'Votre commentaire a été enregistré';
diff --git a/picture.php b/picture.php
index 18133095a..d9b633f18 100644
--- a/picture.php
+++ b/picture.php
@@ -29,14 +29,14 @@ $rate_items = array(0,1,2,3,4,5);
//--------------------------------------------------------------------- include
define('PHPWG_ROOT_PATH','./');
include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
+
+include(PHPWG_ROOT_PATH.'include/section_init.inc.php');
//-------------------------------------------------- access authorization check
if (isset($page['cat']) and is_numeric($page['cat']))
{
check_restrictions($page['cat']);
}
//-------------------------------------------------------------- initialization
-include(PHPWG_ROOT_PATH.'include/section_init.inc.php');
-
// if this image_id doesn't correspond to this category, an error message is
// displayed, and execution is stopped
if (!in_array($_GET['image_id'], $page['items']))
diff --git a/template/yoga/identification.tpl b/template/yoga/identification.tpl
index f5195e011..7ff80a01c 100644
--- a/template/yoga/identification.tpl
+++ b/template/yoga/identification.tpl
@@ -23,7 +23,7 @@
<form action="{F_LOGIN_ACTION}" method="post" class="properties">
<fieldset>
<legend>{lang:Connection settings}</legend>
-
+ <input type="hidden" name="redirect" value="{U_REDIRECT}">
<ul>
<li>
<label for="username">{L_USERNAME}</label>
diff --git a/template/yoga/redirect.tpl b/template/yoga/redirect.tpl
index 9742452a7..6d85d3afc 100644
--- a/template/yoga/redirect.tpl
+++ b/template/yoga/redirect.tpl
@@ -1,2 +1,2 @@
-redirection<br/>
-<a href="{U_REFRESH}">{U_REFRESH}</a> \ No newline at end of file
+<p>Redirection...</p>
+<p><a href="{U_REFRESH}">{lang:click_to_redirect}</a></p>