aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrub <rub@piwigo.org>2006-03-09 22:46:28 +0000
committerrub <rub@piwigo.org>2006-03-09 22:46:28 +0000
commit31d9ce16045bf58c0e83ba103c20de9f1e35439e (patch)
treee2fa2d1c95eecadcb4f9f25d64f342c0e2c7a442
parent316d89a90b5cd61f41ea3f35112277608c2e2694 (diff)
Step 2 improvement issue 0000301:
o Add and use Functions Check of status o Restricted Access for user generic git-svn-id: http://piwigo.org/svn/trunk@1072 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--about.php6
-rw-r--r--admin.php8
-rw-r--r--admin/cat_list.php8
-rw-r--r--admin/cat_modify.php9
-rw-r--r--admin/cat_move.php8
-rw-r--r--admin/cat_options.php8
-rw-r--r--admin/cat_perm.php8
-rw-r--r--admin/comments.php8
-rw-r--r--admin/configuration.php10
-rw-r--r--admin/element_set.php8
-rw-r--r--admin/element_set_global.php8
-rw-r--r--admin/element_set_unit.php8
-rw-r--r--admin/group_list.php8
-rw-r--r--admin/group_perm.php8
-rw-r--r--admin/help.php7
-rw-r--r--admin/images/daily_stats.img.php7
-rw-r--r--admin/images/global_stats.img.php7
-rw-r--r--admin/images/monthly_stats.img.php7
-rw-r--r--admin/include/isadmin.inc.php12
-rw-r--r--admin/intro.php8
-rw-r--r--admin/mailtousers.php9
-rw-r--r--admin/maintenance.php8
-rw-r--r--admin/picture_modify.php8
-rw-r--r--admin/rating.php7
-rw-r--r--admin/site_manager.php8
-rw-r--r--admin/site_update.php8
-rw-r--r--admin/stats.php8
-rw-r--r--admin/thumbnail.php9
-rw-r--r--admin/user_list.php8
-rw-r--r--admin/user_perm.php8
-rw-r--r--admin/waiting.php9
-rw-r--r--category.php12
-rw-r--r--comments.php5
-rw-r--r--include/constants.php7
-rw-r--r--include/functions_user.inc.php65
-rw-r--r--notification.php5
-rw-r--r--picture.php5
-rw-r--r--popuphelp.php5
-rw-r--r--profile.php5
-rw-r--r--random.php6
-rw-r--r--search.php6
41 files changed, 333 insertions, 39 deletions
diff --git a/about.php b/about.php
index a2d36854b..5e3102fbf 100644
--- a/about.php
+++ b/about.php
@@ -28,6 +28,12 @@
//----------------------------------------------------------- include
define('PHPWG_ROOT_PATH','./');
include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_GUEST);
+
//----------------------------------------------------- template initialization
//
// Start output of page
diff --git a/admin.php b/admin.php
index 4dece56cb..d15fd1651 100644
--- a/admin.php
+++ b/admin.php
@@ -29,7 +29,13 @@
define('PHPWG_ROOT_PATH','./');
define('IN_ADMIN', true);
include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
-include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' );
+
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
// +-----------------------------------------------------------------------+
// | synchronize user informations |
diff --git a/admin/cat_list.php b/admin/cat_list.php
index bd15c8de7..4abc5b069 100644
--- a/admin/cat_list.php
+++ b/admin/cat_list.php
@@ -29,7 +29,13 @@ if (!defined('PHPWG_ROOT_PATH'))
{
die('Hacking attempt!');
}
-include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
+
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
// +-----------------------------------------------------------------------+
// | functions |
diff --git a/admin/cat_modify.php b/admin/cat_modify.php
index e06e1a8cb..d1aad58c0 100644
--- a/admin/cat_modify.php
+++ b/admin/cat_modify.php
@@ -29,7 +29,14 @@ if (!defined('PHPWG_ROOT_PATH'))
{
die('Hacking attempt!');
}
-include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
+
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
+
//---------------------------------------------------------------- verification
if ( !isset( $_GET['cat_id'] ) || !is_numeric( $_GET['cat_id'] ) )
{
diff --git a/admin/cat_move.php b/admin/cat_move.php
index 0d030dca0..ac99b5d1d 100644
--- a/admin/cat_move.php
+++ b/admin/cat_move.php
@@ -29,7 +29,13 @@ if (!defined('PHPWG_ROOT_PATH'))
{
die('Hacking attempt!');
}
-include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
+
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
// +-----------------------------------------------------------------------+
// | functions |
diff --git a/admin/cat_options.php b/admin/cat_options.php
index a43a4ec61..8aaf4ad14 100644
--- a/admin/cat_options.php
+++ b/admin/cat_options.php
@@ -29,7 +29,13 @@ if (!defined('PHPWG_ROOT_PATH'))
{
die ("Hacking attempt!");
}
-include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
+
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
// +-----------------------------------------------------------------------+
// | modification registration |
diff --git a/admin/cat_perm.php b/admin/cat_perm.php
index 95e9edaa9..671194eb4 100644
--- a/admin/cat_perm.php
+++ b/admin/cat_perm.php
@@ -29,7 +29,13 @@ if (!defined('PHPWG_ROOT_PATH'))
{
die ("Hacking attempt!");
}
-include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
+
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
// +-----------------------------------------------------------------------+
// | variable initialization |
diff --git a/admin/comments.php b/admin/comments.php
index ef366c783..a47da72a1 100644
--- a/admin/comments.php
+++ b/admin/comments.php
@@ -29,7 +29,13 @@ if (!defined('PHPWG_ROOT_PATH'))
{
die ("Hacking attempt!");
}
-include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
+
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
// +-----------------------------------------------------------------------+
// | actions |
diff --git a/admin/configuration.php b/admin/configuration.php
index 4d730b953..86a027dc5 100644
--- a/admin/configuration.php
+++ b/admin/configuration.php
@@ -27,10 +27,16 @@
if( !defined("PHPWG_ROOT_PATH") )
{
- die ("Hacking attempt!");
+ die ("Hacking attempt!");
}
-include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' );
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
+
//-------------------------------------------------------- sections definitions
if (!isset($_GET['section']))
{
diff --git a/admin/element_set.php b/admin/element_set.php
index 83c72c492..583777ae9 100644
--- a/admin/element_set.php
+++ b/admin/element_set.php
@@ -35,7 +35,13 @@ if (!defined('PHPWG_ROOT_PATH'))
{
die('Hacking attempt!');
}
-include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
+
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
// +-----------------------------------------------------------------------+
// | caddie management |
diff --git a/admin/element_set_global.php b/admin/element_set_global.php
index f2b69ca6b..cab192aa0 100644
--- a/admin/element_set_global.php
+++ b/admin/element_set_global.php
@@ -35,7 +35,13 @@ if (!defined('PHPWG_ROOT_PATH'))
{
die('Hacking attempt!');
}
-include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
+
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
// +-----------------------------------------------------------------------+
// | functions |
diff --git a/admin/element_set_unit.php b/admin/element_set_unit.php
index f3bf12bbd..8ffd3142a 100644
--- a/admin/element_set_unit.php
+++ b/admin/element_set_unit.php
@@ -35,7 +35,13 @@ if (!defined('PHPWG_ROOT_PATH'))
{
die('Hacking attempt!');
}
-include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
+
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
// +-----------------------------------------------------------------------+
// | unit mode form submission |
diff --git a/admin/group_list.php b/admin/group_list.php
index 0a9946fe5..0386757dd 100644
--- a/admin/group_list.php
+++ b/admin/group_list.php
@@ -29,7 +29,13 @@ if( !defined("PHPWG_ROOT_PATH") )
{
die ("Hacking attempt!");
}
-include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' );
+
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
// +-----------------------------------------------------------------------+
// | delete a group |
diff --git a/admin/group_perm.php b/admin/group_perm.php
index 2c474eb89..afec1fb09 100644
--- a/admin/group_perm.php
+++ b/admin/group_perm.php
@@ -29,7 +29,13 @@ if( !defined("PHPWG_ROOT_PATH") )
{
die ("Hacking attempt!");
}
-include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' );
+
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
// +-----------------------------------------------------------------------+
// | variables init |
diff --git a/admin/help.php b/admin/help.php
index 32019840a..2d573fd08 100644
--- a/admin/help.php
+++ b/admin/help.php
@@ -25,7 +25,12 @@
// | USA. |
// +-----------------------------------------------------------------------+
-include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' );
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
$template->set_filenames(
array(
diff --git a/admin/images/daily_stats.img.php b/admin/images/daily_stats.img.php
index 66fb2816f..89a28e000 100644
--- a/admin/images/daily_stats.img.php
+++ b/admin/images/daily_stats.img.php
@@ -28,9 +28,14 @@
define('PHPWG_ROOT_PATH','../../');
define('IN_ADMIN', true);
include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
-include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' );
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
include_once( 'phpBarGraph.php' );
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
+
//------------------------------------------------ variable definition
$outputFormat = "png";
$legend = $lang['stats_daily_graph_title'];
diff --git a/admin/images/global_stats.img.php b/admin/images/global_stats.img.php
index 3118ff66f..99124f939 100644
--- a/admin/images/global_stats.img.php
+++ b/admin/images/global_stats.img.php
@@ -28,9 +28,14 @@
define('PHPWG_ROOT_PATH','../../');
define('IN_ADMIN', true);
include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
-include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' );
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
include_once( 'phpBarGraph.php' );
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
+
//------------------------------------------------ variable definition
$outputFormat = "png";
$legend = $lang['stats_global_graph_title'];
diff --git a/admin/images/monthly_stats.img.php b/admin/images/monthly_stats.img.php
index de33aaa44..3a3c0e143 100644
--- a/admin/images/monthly_stats.img.php
+++ b/admin/images/monthly_stats.img.php
@@ -28,9 +28,14 @@
define('PHPWG_ROOT_PATH','../../');
define('IN_ADMIN', true);
include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
-include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' );
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
include_once( 'phpBarGraph.php' );
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
+
//------------------------------------------------ variable definition
$outputFormat = "png";
$legend = $lang['stats_monthly_graph_title'];
diff --git a/admin/include/isadmin.inc.php b/admin/include/isadmin.inc.php
index eac0b295c..7565ac72d 100644
--- a/admin/include/isadmin.inc.php
+++ b/admin/include/isadmin.inc.php
@@ -25,12 +25,18 @@
// | USA. |
// +-----------------------------------------------------------------------+
-include( PHPWG_ROOT_PATH.'admin/include/functions.php' );
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
-if (!is_admin())
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
+
+/*if (!is_admin())
{
echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />';
echo '<a href="'.PHPWG_ROOT_PATH.'identification.php">'.$lang['identification'].'</a></div>';
exit();
-}
+}*/
+
?>
diff --git a/admin/intro.php b/admin/intro.php
index a72171ec0..42e499de4 100644
--- a/admin/intro.php
+++ b/admin/intro.php
@@ -29,7 +29,13 @@ if (!defined('PHPWG_ROOT_PATH'))
{
die ("Hacking attempt!");
}
-include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
+
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
// +-----------------------------------------------------------------------+
// | actions |
diff --git a/admin/mailtousers.php b/admin/mailtousers.php
index 97cb51048..2ed9e3158 100644
--- a/admin/mailtousers.php
+++ b/admin/mailtousers.php
@@ -34,14 +34,19 @@ if (!defined('PHPWG_ROOT_PATH'))
{
die ("Hacking attempt!");
}
-include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
-include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
include_once(PHPWG_ROOT_PATH.'include/functions_notification.inc.php');
include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
+
+// +-----------------------------------------------------------------------+
// | functions
// +-----------------------------------------------------------------------+
/*
diff --git a/admin/maintenance.php b/admin/maintenance.php
index 5653ed4cd..dcda4f401 100644
--- a/admin/maintenance.php
+++ b/admin/maintenance.php
@@ -29,7 +29,13 @@ if (!defined('PHPWG_ROOT_PATH'))
{
die ("Hacking attempt!");
}
-include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
+
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
// +-----------------------------------------------------------------------+
// | actions |
diff --git a/admin/picture_modify.php b/admin/picture_modify.php
index 0840414a6..9e165b96b 100644
--- a/admin/picture_modify.php
+++ b/admin/picture_modify.php
@@ -29,7 +29,13 @@ if(!defined("PHPWG_ROOT_PATH"))
{
die('Hacking attempt!');
}
-include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
+
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
// +-----------------------------------------------------------------------+
// | synchronize metadata |
diff --git a/admin/rating.php b/admin/rating.php
index 38f58f3ff..072a2abdb 100644
--- a/admin/rating.php
+++ b/admin/rating.php
@@ -29,8 +29,13 @@ if (!defined('PHPWG_ROOT_PATH'))
{
die ("Hacking attempt!");
}
-include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
// +-----------------------------------------------------------------------+
// | initialization |
diff --git a/admin/site_manager.php b/admin/site_manager.php
index b6f3b8f24..c12ecdc50 100644
--- a/admin/site_manager.php
+++ b/admin/site_manager.php
@@ -29,7 +29,13 @@ if (!defined('PHPWG_ROOT_PATH'))
{
die ("Hacking attempt!");
}
-include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
+
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
/**
* requests the given $url (a remote create_listing_file.php) and fills a
diff --git a/admin/site_update.php b/admin/site_update.php
index 8c5ecf54c..e422b697c 100644
--- a/admin/site_update.php
+++ b/admin/site_update.php
@@ -29,7 +29,13 @@ if (!defined('PHPWG_ROOT_PATH'))
{
die('Hacking attempt!');
}
-include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
+
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
if (!is_numeric($_GET['site']))
{
diff --git a/admin/stats.php b/admin/stats.php
index ac23c5ea5..081606e17 100644
--- a/admin/stats.php
+++ b/admin/stats.php
@@ -28,7 +28,13 @@ if( !defined("PHPWG_ROOT_PATH") )
{
die ("Hacking attempt!");
}
-include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' );
+
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
$url_img = PHPWG_ROOT_PATH.'admin/images/';
$nls_value_title = $lang['w_month'];
diff --git a/admin/thumbnail.php b/admin/thumbnail.php
index 88ffdc952..d9b01f512 100644
--- a/admin/thumbnail.php
+++ b/admin/thumbnail.php
@@ -24,7 +24,14 @@
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
// | USA. |
// +-----------------------------------------------------------------------+
-include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' );
+
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
+
//------------------------------------------------------------------- functions
// RatioResizeImg creates a new picture (a thumbnail since it is supposed to
// be smaller than original picture !) in the sub directory named
diff --git a/admin/user_list.php b/admin/user_list.php
index 4459955e0..57259ca88 100644
--- a/admin/user_list.php
+++ b/admin/user_list.php
@@ -167,7 +167,13 @@ if (!defined('PHPWG_ROOT_PATH'))
{
die('Hacking attempt!');
}
-include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
+
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
$page['order_by_items'] = array(
'id' => $lang['registration_date'],
diff --git a/admin/user_perm.php b/admin/user_perm.php
index 91ade3618..fdd4be7eb 100644
--- a/admin/user_perm.php
+++ b/admin/user_perm.php
@@ -29,7 +29,13 @@ if (!defined('IN_ADMIN'))
{
die('Hacking attempt!');
}
-include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
+
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
// +-----------------------------------------------------------------------+
// | variables init |
diff --git a/admin/waiting.php b/admin/waiting.php
index 647fcafe2..3408538e2 100644
--- a/admin/waiting.php
+++ b/admin/waiting.php
@@ -28,7 +28,14 @@ if( !defined("PHPWG_ROOT_PATH") )
{
die ("Hacking attempt!");
}
-include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
+
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
+
//--------------------------------------------------------------------- updates
if (isset($_POST))
diff --git a/category.php b/category.php
index c10269bf8..da71dfc7f 100644
--- a/category.php
+++ b/category.php
@@ -28,6 +28,12 @@
//--------------------------------------------------------------------- include
define('PHPWG_ROOT_PATH','./');
include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_GUEST);
+
//---------------------------------------------------------------------- logout
if ( isset( $_GET['act'] )
and $_GET['act'] == 'logout'
@@ -359,7 +365,11 @@ if ($user['is_the_guest'])
else
{
$template->assign_block_vars('hello', array());
- $template->assign_block_vars('profile', array());
+
+ if (is_autorize_status(ACCESS_CLASSIC))
+ {
+ $template->assign_block_vars('profile', array());
+ }
// the logout link has no meaning with Apache authentication : it is not
// possible to logout with this kind of authentication.
diff --git a/comments.php b/comments.php
index f82fa6423..fa18ada15 100644
--- a/comments.php
+++ b/comments.php
@@ -34,6 +34,11 @@ if (!defined('IN_ADMIN'))
include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
}
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_GUEST);
+
$sort_order = array(
'descending' => 'DESC',
'ascending' => 'ASC'
diff --git a/include/constants.php b/include/constants.php
index 24c963d12..089e3b65d 100644
--- a/include/constants.php
+++ b/include/constants.php
@@ -37,6 +37,13 @@ define('GENERAL_ERROR', 202);
define('CRITICAL_MESSAGE', 203);
define('CRITICAL_ERROR', 204);
+// Access codes
+define('ACCESS_NONE', 0);
+define('ACCESS_GUEST', 1);
+define('ACCESS_CLASSIC', 2);
+define('ACCESS_ADMINISTRATOR', 3);
+define('ACCESS_WEBMASTER', 4);
+
// Table names
define('CATEGORIES_TABLE', $prefixeTable.'categories');
define('COMMENTS_TABLE', $prefixeTable.'comments');
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index 64b12dfab..aa60ab64c 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -537,14 +537,71 @@ function log_user($user_id, $remember_me)
}
/*
- * Return if current is an administrator
+ * Return if current user have access to access_type definition
+ * Test does with user status
* @return bool
*/
-function is_admin()
+function is_autorize_status($access_type)
{
global $user;
-
- return ($user['status'] == 'webmaster' or $user['status'] == 'admin') ? true : false;
+
+ $access_type_status = ACCESS_NONE;
+ if (isset($user['status']))
+ {
+ switch ($user['status'])
+ {
+ case 'guest':
+ case 'generic':
+ {
+ $access_type_status = ACCESS_GUEST;
+ break;
+ }
+ case 'normal':
+ {
+ $access_type_status = ACCESS_CLASSIC;
+ break;
+ }
+ case 'admin':
+ {
+ $access_type_status = ACCESS_ADMINISTRATOR;
+ break;
+ }
+ case 'webmaster':
+ {
+ $access_type_status = ACCESS_WEBMASTER;
+ break;
+ }
+ }
+ }
+
+ return ($access_type_status >= $access_type);
+}
+
+/*
+ * Check if current user have access to access_type definition
+ * Stop action if there are not access
+ * Test does with user status
+ * @return none
+*/
+function check_status($access_type)
+{
+ global $lang;
+
+ if (!is_autorize_status($access_type))
+ {
+ echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />';
+ echo '<a href="'.PHPWG_ROOT_PATH.'identification.php">'.$lang['identification'].'</a></div>';
+ exit();
+ }
+}
+
+/*
+ * Return if current user is an administrator
+ * @return bool
+*/
+function is_admin()
+{
+ return is_autorize_status(ACCESS_ADMINISTRATOR);
}
?> \ No newline at end of file
diff --git a/notification.php b/notification.php
index 53950722d..b28472d31 100644
--- a/notification.php
+++ b/notification.php
@@ -33,6 +33,11 @@ define('PHPWG_ROOT_PATH','./');
include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_GUEST);
+
+// +-----------------------------------------------------------------------+
// | new feed creation |
// +-----------------------------------------------------------------------+
diff --git a/picture.php b/picture.php
index 9f2e4a113..75b0c16c4 100644
--- a/picture.php
+++ b/picture.php
@@ -30,6 +30,11 @@ $rate_items = array(0,1,2,3,4,5);
define('PHPWG_ROOT_PATH','./');
include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_GUEST);
+
include(PHPWG_ROOT_PATH.'include/section_init.inc.php');
//-------------------------------------------------- access authorization check
if (isset($page['cat']) and is_numeric($page['cat']))
diff --git a/popuphelp.php b/popuphelp.php
index 888af4258..a66ded4a7 100644
--- a/popuphelp.php
+++ b/popuphelp.php
@@ -32,6 +32,11 @@
define('PHPWG_ROOT_PATH','./');
include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_GUEST);
+
$page['body_id'] = 'thePopuphelpPage';
$title = l10n('PhpWebGallery Help');
$page['page_banner'] = '<h1>'.$title.'</h1>';
diff --git a/profile.php b/profile.php
index a05def74e..805ab753e 100644
--- a/profile.php
+++ b/profile.php
@@ -33,6 +33,11 @@
define('PHPWG_ROOT_PATH','./');
include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_CLASSIC);
+
if ($user['is_the_guest'] and !$guest_allowed)
{
echo '<div style="text-align:center;">'.$lang['only_members'].'<br />';
diff --git a/random.php b/random.php
index 189ac57b1..820eb00f0 100644
--- a/random.php
+++ b/random.php
@@ -30,6 +30,12 @@
// +-----------------------------------------------------------------------+
define('PHPWG_ROOT_PATH','./');
include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_GUEST);
+
// +-----------------------------------------------------------------------+
// | generate random element list |
// +-----------------------------------------------------------------------+
diff --git a/search.php b/search.php
index 587c7f760..5eaeef419 100644
--- a/search.php
+++ b/search.php
@@ -28,6 +28,12 @@
//--------------------------------------------------------------------- include
define('PHPWG_ROOT_PATH','./');
include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_GUEST);
+
//------------------------------------------------------------------ form check
$errors = array();
$search = array();