diff options
author | rvelices <rv-github@modusoptimus.com> | 2006-02-23 05:12:32 +0000 |
---|---|---|
committer | rvelices <rv-github@modusoptimus.com> | 2006-02-23 05:12:32 +0000 |
commit | 347d2e34b3972ec1d0022b831dd5a1fe13adbaa5 (patch) | |
tree | 92cd6cd3e49c50337de07c175c2d9d71291a74f0 | |
parent | 34538a62f4ac8bc6db41580058fdd040abaa3183 (diff) |
fix: permissioning not working (2 bugs)
fix: locked gallery cannot be unlocked (impossible to login)
improvement: nicer display in redirect.tpl
improvement: when a page is not accessible because of permissions (accessed
through bookmark or email), redirect to identification.php and after
identification to the initially requested page
git-svn-id: http://piwigo.org/svn/trunk@1052 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r-- | identification.php | 15 | ||||
-rw-r--r-- | include/common.inc.php | 9 | ||||
-rw-r--r-- | include/functions_category.inc.php | 19 | ||||
-rw-r--r-- | include/user.inc.php | 3 | ||||
-rw-r--r-- | language/en_UK.iso-8859-1/common.lang.php | 3 | ||||
-rw-r--r-- | language/fr_FR.iso-8859-1/common.lang.php | 3 | ||||
-rw-r--r-- | picture.php | 4 | ||||
-rw-r--r-- | template/yoga/identification.tpl | 2 | ||||
-rw-r--r-- | template/yoga/redirect.tpl | 4 |
9 files changed, 45 insertions, 17 deletions
diff --git a/identification.php b/identification.php index 3ff9d468d..5cf65b5a2 100644 --- a/identification.php +++ b/identification.php @@ -31,8 +31,20 @@ include_once( PHPWG_ROOT_PATH.'include/common.inc.php' ); //-------------------------------------------------------------- identification $errors = array(); + +$redirect_to = ''; +if ( !empty($_GET['redirect']) ) +{ + $redirect_to = $_GET['redirect']; + if ( $user['is_the_guest'] ) + { + array_push($errors, $lang['access_forbiden']); + } +} + if (isset($_POST['login'])) { + $redirect_to = $_POST['redirect']; $username = mysql_escape_string($_POST['username']); // retrieving the encrypted password of the login submitted $query = ' @@ -54,7 +66,7 @@ SELECT '.$conf['user_fields']['id'].' AS id, session_set_cookie_params($session_length); session_start(); $_SESSION['id'] = $row['id']; - redirect('category.php'); + redirect(empty($redirect_to) ? 'category.php' : $redirect_to); } else { @@ -85,6 +97,7 @@ $template->assign_vars( 'U_REGISTER' => PHPWG_ROOT_PATH.'register.php', 'U_LOST_PASSWORD' => PHPWG_ROOT_PATH.'password.php', 'U_HOME' => PHPWG_ROOT_PATH.'category.php', + 'U_REDIRECT' => $redirect_to, 'F_LOGIN_ACTION' => PHPWG_ROOT_PATH.'identification.php' )); diff --git a/include/common.inc.php b/include/common.inc.php index b89258df1..e0c564033 100644 --- a/include/common.inc.php +++ b/include/common.inc.php @@ -200,12 +200,15 @@ if (defined('IN_ADMIN') and IN_ADMIN) if ($conf['gallery_locked']) { + ob_start(); // make sure we can send cookies echo '<div style="text-align:center;">' - .$lang['gallery_locked_message'] - .'</div>'; + .$lang['gallery_locked_message']; + echo '<a href="'.PHPWG_ROOT_PATH.'identification.php">.</a>'; + echo '</div>'; - if ($user['status'] != 'admin') + if ( basename($_SERVER["PHP_SELF"]) != 'identification.php' + and $user['status'] != 'admin' ) { exit(); } diff --git a/include/functions_category.inc.php b/include/functions_category.inc.php index b3abce892..f7c5b926b 100644 --- a/include/functions_category.inc.php +++ b/include/functions_category.inc.php @@ -46,10 +46,21 @@ function check_restrictions($category_id) if (in_array($category_id, explode(',', $user['forbidden_categories']))) { - echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />'; - echo '<a href="./category.php">'; - echo $lang['thumbnails'].'</a></div>'; - exit(); + $login_url = './identification.php?redirect='. + htmlentities(htmlentities($_SERVER['REQUEST_URI'])); + if ( ! $user['is_the_guest'] ) + { + echo '<div style="text-align:center;">'; + echo $lang['hello'].' '.$user['username'].'! '; + echo $lang['access_forbiden'].'<br />'; + echo '<a href="./category.php">'.$lang['thumbnails'].'</a> '; + echo '</div>'; + exit(); + } + else + { + redirect($login_url); + } } } diff --git a/include/user.inc.php b/include/user.inc.php index c22f4b369..4b3dd13e8 100644 --- a/include/user.inc.php +++ b/include/user.inc.php @@ -58,12 +58,11 @@ if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER'])) $user['is_the_guest'] = false; } - $user = array_merge( $user, getuserdata( $user['id'], - defined('IN_ADMIN') and IN_ADMIN ? false : true // use cache ? + ( defined('IN_ADMIN') and IN_ADMIN ) ? false : true // use cache ? ) ); diff --git a/language/en_UK.iso-8859-1/common.lang.php b/language/en_UK.iso-8859-1/common.lang.php index 045b5ad65..3634797bd 100644 --- a/language/en_UK.iso-8859-1/common.lang.php +++ b/language/en_UK.iso-8859-1/common.lang.php @@ -113,7 +113,7 @@ $lang['Visits'] = 'Visits'; $lang['Webmaster'] = 'Webmaster'; $lang['Weekly'] = 'Weekly'; $lang['about_page_title'] = 'About PhpWebGallery'; -$lang['access_forbiden'] = 'You are not authorized to access this page'; +$lang['access_forbiden'] = 'You are not authorized to access the requested page'; $lang['add to caddie'] = 'add to caddie'; $lang['add_favorites_alt'] = 'Add to favorites'; $lang['add_favorites_hint'] = 'Add this picture to your favorites'; @@ -136,6 +136,7 @@ $lang['calendar_any'] = 'All'; $lang['calendar_hint'] = 'displays each day with pictures, month per month'; $lang['calendar_picture_hint'] = 'displays pictures added on '; $lang['categories'] = 'Categories'; +$lang['click_to_redirect'] = 'Click here if your browser does not automatically forward you'; $lang['comment date'] = 'comment date'; $lang['comment'] = 'Comment'; $lang['comment_added'] = 'Your comment has been registered'; diff --git a/language/fr_FR.iso-8859-1/common.lang.php b/language/fr_FR.iso-8859-1/common.lang.php index 0c2d9e09f..5d9cf5fdc 100644 --- a/language/fr_FR.iso-8859-1/common.lang.php +++ b/language/fr_FR.iso-8859-1/common.lang.php @@ -112,7 +112,7 @@ $lang['Visits'] = 'Visites'; $lang['Webmaster'] = 'Webmestre'; $lang['Weekly'] = 'Hebdomadaire'; $lang['about_page_title'] = 'À propos de PhpWebGallery'; -$lang['access_forbiden'] = 'Vous n\'êtes pas autorisé sur cette page'; +$lang['access_forbiden'] = 'Vous n\'êtes pas autorisé sur la page demandée'; $lang['add to caddie'] = 'ajouter au panier'; $lang['add_favorites_alt'] = 'Ajouter aux favoris'; $lang['add_favorites_hint'] = 'Ajouter cette image à vos favoris'; @@ -135,6 +135,7 @@ $lang['calendar_any'] = 'Tout'; $lang['calendar_hint'] = 'affichage année par année, mois par mois, jour par jour'; $lang['calendar_picture_hint'] = 'affiche les images du '; $lang['categories'] = 'Catégories'; +$lang['click_to_redirect'] = 'Cliquez ici si votre navigateur ne vous redirige pas.'; $lang['comment date'] = 'date du commentaire'; $lang['comment'] = 'Commentaire'; $lang['comment_added'] = 'Votre commentaire a été enregistré'; diff --git a/picture.php b/picture.php index 18133095a..d9b633f18 100644 --- a/picture.php +++ b/picture.php @@ -29,14 +29,14 @@ $rate_items = array(0,1,2,3,4,5); //--------------------------------------------------------------------- include define('PHPWG_ROOT_PATH','./'); include_once(PHPWG_ROOT_PATH.'include/common.inc.php'); + +include(PHPWG_ROOT_PATH.'include/section_init.inc.php'); //-------------------------------------------------- access authorization check if (isset($page['cat']) and is_numeric($page['cat'])) { check_restrictions($page['cat']); } //-------------------------------------------------------------- initialization -include(PHPWG_ROOT_PATH.'include/section_init.inc.php'); - // if this image_id doesn't correspond to this category, an error message is // displayed, and execution is stopped if (!in_array($_GET['image_id'], $page['items'])) diff --git a/template/yoga/identification.tpl b/template/yoga/identification.tpl index f5195e011..7ff80a01c 100644 --- a/template/yoga/identification.tpl +++ b/template/yoga/identification.tpl @@ -23,7 +23,7 @@ <form action="{F_LOGIN_ACTION}" method="post" class="properties"> <fieldset> <legend>{lang:Connection settings}</legend> - + <input type="hidden" name="redirect" value="{U_REDIRECT}"> <ul> <li> <label for="username">{L_USERNAME}</label> diff --git a/template/yoga/redirect.tpl b/template/yoga/redirect.tpl index 9742452a7..6d85d3afc 100644 --- a/template/yoga/redirect.tpl +++ b/template/yoga/redirect.tpl @@ -1,2 +1,2 @@ -redirection<br/> -<a href="{U_REFRESH}">{U_REFRESH}</a>
\ No newline at end of file +<p>Redirection...</p> +<p><a href="{U_REFRESH}">{lang:click_to_redirect}</a></p> |