diff options
author | rub <rub@piwigo.org> | 2006-03-09 22:46:28 +0000 |
---|---|---|
committer | rub <rub@piwigo.org> | 2006-03-09 22:46:28 +0000 |
commit | 31d9ce16045bf58c0e83ba103c20de9f1e35439e (patch) | |
tree | e2fa2d1c95eecadcb4f9f25d64f342c0e2c7a442 | |
parent | 316d89a90b5cd61f41ea3f35112277608c2e2694 (diff) |
Step 2 improvement issue 0000301:
o Add and use Functions Check of status
o Restricted Access for user generic
git-svn-id: http://piwigo.org/svn/trunk@1072 68402e56-0260-453c-a942-63ccdbb3a9ee
41 files changed, 333 insertions, 39 deletions
@@ -28,6 +28,12 @@ //----------------------------------------------------------- include define('PHPWG_ROOT_PATH','./'); include_once( PHPWG_ROOT_PATH.'include/common.inc.php' ); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_GUEST); + //----------------------------------------------------- template initialization // // Start output of page @@ -29,7 +29,13 @@ define('PHPWG_ROOT_PATH','./'); define('IN_ADMIN', true); include_once( PHPWG_ROOT_PATH.'include/common.inc.php' ); -include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' ); + +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); // +-----------------------------------------------------------------------+ // | synchronize user informations | diff --git a/admin/cat_list.php b/admin/cat_list.php index bd15c8de7..4abc5b069 100644 --- a/admin/cat_list.php +++ b/admin/cat_list.php @@ -29,7 +29,13 @@ if (!defined('PHPWG_ROOT_PATH')) { die('Hacking attempt!'); } -include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php'); + +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); // +-----------------------------------------------------------------------+ // | functions | diff --git a/admin/cat_modify.php b/admin/cat_modify.php index e06e1a8cb..d1aad58c0 100644 --- a/admin/cat_modify.php +++ b/admin/cat_modify.php @@ -29,7 +29,14 @@ if (!defined('PHPWG_ROOT_PATH')) { die('Hacking attempt!'); } -include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php'); + +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); + //---------------------------------------------------------------- verification if ( !isset( $_GET['cat_id'] ) || !is_numeric( $_GET['cat_id'] ) ) { diff --git a/admin/cat_move.php b/admin/cat_move.php index 0d030dca0..ac99b5d1d 100644 --- a/admin/cat_move.php +++ b/admin/cat_move.php @@ -29,7 +29,13 @@ if (!defined('PHPWG_ROOT_PATH')) { die('Hacking attempt!'); } -include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php'); + +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); // +-----------------------------------------------------------------------+ // | functions | diff --git a/admin/cat_options.php b/admin/cat_options.php index a43a4ec61..8aaf4ad14 100644 --- a/admin/cat_options.php +++ b/admin/cat_options.php @@ -29,7 +29,13 @@ if (!defined('PHPWG_ROOT_PATH')) { die ("Hacking attempt!"); } -include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php'); + +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); // +-----------------------------------------------------------------------+ // | modification registration | diff --git a/admin/cat_perm.php b/admin/cat_perm.php index 95e9edaa9..671194eb4 100644 --- a/admin/cat_perm.php +++ b/admin/cat_perm.php @@ -29,7 +29,13 @@ if (!defined('PHPWG_ROOT_PATH')) { die ("Hacking attempt!"); } -include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php'); + +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); // +-----------------------------------------------------------------------+ // | variable initialization | diff --git a/admin/comments.php b/admin/comments.php index ef366c783..a47da72a1 100644 --- a/admin/comments.php +++ b/admin/comments.php @@ -29,7 +29,13 @@ if (!defined('PHPWG_ROOT_PATH')) { die ("Hacking attempt!"); } -include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php'); + +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); // +-----------------------------------------------------------------------+ // | actions | diff --git a/admin/configuration.php b/admin/configuration.php index 4d730b953..86a027dc5 100644 --- a/admin/configuration.php +++ b/admin/configuration.php @@ -27,10 +27,16 @@ if( !defined("PHPWG_ROOT_PATH") ) { - die ("Hacking attempt!"); + die ("Hacking attempt!"); } -include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' ); +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); + //-------------------------------------------------------- sections definitions if (!isset($_GET['section'])) { diff --git a/admin/element_set.php b/admin/element_set.php index 83c72c492..583777ae9 100644 --- a/admin/element_set.php +++ b/admin/element_set.php @@ -35,7 +35,13 @@ if (!defined('PHPWG_ROOT_PATH')) { die('Hacking attempt!'); } -include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php'); + +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); // +-----------------------------------------------------------------------+ // | caddie management | diff --git a/admin/element_set_global.php b/admin/element_set_global.php index f2b69ca6b..cab192aa0 100644 --- a/admin/element_set_global.php +++ b/admin/element_set_global.php @@ -35,7 +35,13 @@ if (!defined('PHPWG_ROOT_PATH')) { die('Hacking attempt!'); } -include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php'); + +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); // +-----------------------------------------------------------------------+ // | functions | diff --git a/admin/element_set_unit.php b/admin/element_set_unit.php index f3bf12bbd..8ffd3142a 100644 --- a/admin/element_set_unit.php +++ b/admin/element_set_unit.php @@ -35,7 +35,13 @@ if (!defined('PHPWG_ROOT_PATH')) { die('Hacking attempt!'); } -include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php'); + +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); // +-----------------------------------------------------------------------+ // | unit mode form submission | diff --git a/admin/group_list.php b/admin/group_list.php index 0a9946fe5..0386757dd 100644 --- a/admin/group_list.php +++ b/admin/group_list.php @@ -29,7 +29,13 @@ if( !defined("PHPWG_ROOT_PATH") ) { die ("Hacking attempt!"); } -include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' ); + +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); // +-----------------------------------------------------------------------+ // | delete a group | diff --git a/admin/group_perm.php b/admin/group_perm.php index 2c474eb89..afec1fb09 100644 --- a/admin/group_perm.php +++ b/admin/group_perm.php @@ -29,7 +29,13 @@ if( !defined("PHPWG_ROOT_PATH") ) { die ("Hacking attempt!"); } -include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' ); + +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); // +-----------------------------------------------------------------------+ // | variables init | diff --git a/admin/help.php b/admin/help.php index 32019840a..2d573fd08 100644 --- a/admin/help.php +++ b/admin/help.php @@ -25,7 +25,12 @@ // | USA. | // +-----------------------------------------------------------------------+ -include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' ); +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); $template->set_filenames( array( diff --git a/admin/images/daily_stats.img.php b/admin/images/daily_stats.img.php index 66fb2816f..89a28e000 100644 --- a/admin/images/daily_stats.img.php +++ b/admin/images/daily_stats.img.php @@ -28,9 +28,14 @@ define('PHPWG_ROOT_PATH','../../'); define('IN_ADMIN', true); include_once( PHPWG_ROOT_PATH.'include/common.inc.php' ); -include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' ); +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); include_once( 'phpBarGraph.php' ); +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); + //------------------------------------------------ variable definition $outputFormat = "png"; $legend = $lang['stats_daily_graph_title']; diff --git a/admin/images/global_stats.img.php b/admin/images/global_stats.img.php index 3118ff66f..99124f939 100644 --- a/admin/images/global_stats.img.php +++ b/admin/images/global_stats.img.php @@ -28,9 +28,14 @@ define('PHPWG_ROOT_PATH','../../'); define('IN_ADMIN', true); include_once( PHPWG_ROOT_PATH.'include/common.inc.php' ); -include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' ); +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); include_once( 'phpBarGraph.php' ); +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); + //------------------------------------------------ variable definition $outputFormat = "png"; $legend = $lang['stats_global_graph_title']; diff --git a/admin/images/monthly_stats.img.php b/admin/images/monthly_stats.img.php index de33aaa44..3a3c0e143 100644 --- a/admin/images/monthly_stats.img.php +++ b/admin/images/monthly_stats.img.php @@ -28,9 +28,14 @@ define('PHPWG_ROOT_PATH','../../'); define('IN_ADMIN', true); include_once( PHPWG_ROOT_PATH.'include/common.inc.php' ); -include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' ); +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); include_once( 'phpBarGraph.php' ); +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); + //------------------------------------------------ variable definition $outputFormat = "png"; $legend = $lang['stats_monthly_graph_title']; diff --git a/admin/include/isadmin.inc.php b/admin/include/isadmin.inc.php index eac0b295c..7565ac72d 100644 --- a/admin/include/isadmin.inc.php +++ b/admin/include/isadmin.inc.php @@ -25,12 +25,18 @@ // | USA. | // +-----------------------------------------------------------------------+ -include( PHPWG_ROOT_PATH.'admin/include/functions.php' ); +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); -if (!is_admin()) +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); + +/*if (!is_admin()) { echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />'; echo '<a href="'.PHPWG_ROOT_PATH.'identification.php">'.$lang['identification'].'</a></div>'; exit(); -} +}*/ + ?> diff --git a/admin/intro.php b/admin/intro.php index a72171ec0..42e499de4 100644 --- a/admin/intro.php +++ b/admin/intro.php @@ -29,7 +29,13 @@ if (!defined('PHPWG_ROOT_PATH')) { die ("Hacking attempt!"); } -include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php'); + +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); // +-----------------------------------------------------------------------+ // | actions | diff --git a/admin/mailtousers.php b/admin/mailtousers.php index 97cb51048..2ed9e3158 100644 --- a/admin/mailtousers.php +++ b/admin/mailtousers.php @@ -34,14 +34,19 @@ if (!defined('PHPWG_ROOT_PATH')) { die ("Hacking attempt!"); } -include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php'); -include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); include_once(PHPWG_ROOT_PATH.'include/common.inc.php'); include_once(PHPWG_ROOT_PATH.'include/functions_notification.inc.php'); include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php'); // +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); + +// +-----------------------------------------------------------------------+ // | functions // +-----------------------------------------------------------------------+ /* diff --git a/admin/maintenance.php b/admin/maintenance.php index 5653ed4cd..dcda4f401 100644 --- a/admin/maintenance.php +++ b/admin/maintenance.php @@ -29,7 +29,13 @@ if (!defined('PHPWG_ROOT_PATH')) { die ("Hacking attempt!"); } -include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php'); + +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); // +-----------------------------------------------------------------------+ // | actions | diff --git a/admin/picture_modify.php b/admin/picture_modify.php index 0840414a6..9e165b96b 100644 --- a/admin/picture_modify.php +++ b/admin/picture_modify.php @@ -29,7 +29,13 @@ if(!defined("PHPWG_ROOT_PATH")) { die('Hacking attempt!'); } -include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php'); + +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); // +-----------------------------------------------------------------------+ // | synchronize metadata | diff --git a/admin/rating.php b/admin/rating.php index 38f58f3ff..072a2abdb 100644 --- a/admin/rating.php +++ b/admin/rating.php @@ -29,8 +29,13 @@ if (!defined('PHPWG_ROOT_PATH')) { die ("Hacking attempt!"); } -include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php'); +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); // +-----------------------------------------------------------------------+ // | initialization | diff --git a/admin/site_manager.php b/admin/site_manager.php index b6f3b8f24..c12ecdc50 100644 --- a/admin/site_manager.php +++ b/admin/site_manager.php @@ -29,7 +29,13 @@ if (!defined('PHPWG_ROOT_PATH')) { die ("Hacking attempt!"); } -include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php'); + +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); /** * requests the given $url (a remote create_listing_file.php) and fills a diff --git a/admin/site_update.php b/admin/site_update.php index 8c5ecf54c..e422b697c 100644 --- a/admin/site_update.php +++ b/admin/site_update.php @@ -29,7 +29,13 @@ if (!defined('PHPWG_ROOT_PATH')) { die('Hacking attempt!'); } -include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php'); + +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); if (!is_numeric($_GET['site'])) { diff --git a/admin/stats.php b/admin/stats.php index ac23c5ea5..081606e17 100644 --- a/admin/stats.php +++ b/admin/stats.php @@ -28,7 +28,13 @@ if( !defined("PHPWG_ROOT_PATH") ) { die ("Hacking attempt!"); } -include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' ); + +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); $url_img = PHPWG_ROOT_PATH.'admin/images/'; $nls_value_title = $lang['w_month']; diff --git a/admin/thumbnail.php b/admin/thumbnail.php index 88ffdc952..d9b01f512 100644 --- a/admin/thumbnail.php +++ b/admin/thumbnail.php @@ -24,7 +24,14 @@ // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | // | USA. | // +-----------------------------------------------------------------------+ -include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' ); + +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); + //------------------------------------------------------------------- functions // RatioResizeImg creates a new picture (a thumbnail since it is supposed to // be smaller than original picture !) in the sub directory named diff --git a/admin/user_list.php b/admin/user_list.php index 4459955e0..57259ca88 100644 --- a/admin/user_list.php +++ b/admin/user_list.php @@ -167,7 +167,13 @@ if (!defined('PHPWG_ROOT_PATH')) { die('Hacking attempt!'); } -include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php'); + +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); $page['order_by_items'] = array( 'id' => $lang['registration_date'], diff --git a/admin/user_perm.php b/admin/user_perm.php index 91ade3618..fdd4be7eb 100644 --- a/admin/user_perm.php +++ b/admin/user_perm.php @@ -29,7 +29,13 @@ if (!defined('IN_ADMIN')) { die('Hacking attempt!'); } -include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php'); + +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); // +-----------------------------------------------------------------------+ // | variables init | diff --git a/admin/waiting.php b/admin/waiting.php index 647fcafe2..3408538e2 100644 --- a/admin/waiting.php +++ b/admin/waiting.php @@ -28,7 +28,14 @@ if( !defined("PHPWG_ROOT_PATH") ) { die ("Hacking attempt!"); } -include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php'); + +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); + //--------------------------------------------------------------------- updates if (isset($_POST)) diff --git a/category.php b/category.php index c10269bf8..da71dfc7f 100644 --- a/category.php +++ b/category.php @@ -28,6 +28,12 @@ //--------------------------------------------------------------------- include define('PHPWG_ROOT_PATH','./'); include_once( PHPWG_ROOT_PATH.'include/common.inc.php' ); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_GUEST); + //---------------------------------------------------------------------- logout if ( isset( $_GET['act'] ) and $_GET['act'] == 'logout' @@ -359,7 +365,11 @@ if ($user['is_the_guest']) else { $template->assign_block_vars('hello', array()); - $template->assign_block_vars('profile', array()); + + if (is_autorize_status(ACCESS_CLASSIC)) + { + $template->assign_block_vars('profile', array()); + } // the logout link has no meaning with Apache authentication : it is not // possible to logout with this kind of authentication. diff --git a/comments.php b/comments.php index f82fa6423..fa18ada15 100644 --- a/comments.php +++ b/comments.php @@ -34,6 +34,11 @@ if (!defined('IN_ADMIN')) include_once(PHPWG_ROOT_PATH.'include/common.inc.php'); } +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_GUEST); + $sort_order = array( 'descending' => 'DESC', 'ascending' => 'ASC' diff --git a/include/constants.php b/include/constants.php index 24c963d12..089e3b65d 100644 --- a/include/constants.php +++ b/include/constants.php @@ -37,6 +37,13 @@ define('GENERAL_ERROR', 202); define('CRITICAL_MESSAGE', 203); define('CRITICAL_ERROR', 204); +// Access codes +define('ACCESS_NONE', 0); +define('ACCESS_GUEST', 1); +define('ACCESS_CLASSIC', 2); +define('ACCESS_ADMINISTRATOR', 3); +define('ACCESS_WEBMASTER', 4); + // Table names define('CATEGORIES_TABLE', $prefixeTable.'categories'); define('COMMENTS_TABLE', $prefixeTable.'comments'); diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index 64b12dfab..aa60ab64c 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -537,14 +537,71 @@ function log_user($user_id, $remember_me) } /* - * Return if current is an administrator + * Return if current user have access to access_type definition + * Test does with user status * @return bool */ -function is_admin() +function is_autorize_status($access_type) { global $user; - - return ($user['status'] == 'webmaster' or $user['status'] == 'admin') ? true : false; + + $access_type_status = ACCESS_NONE; + if (isset($user['status'])) + { + switch ($user['status']) + { + case 'guest': + case 'generic': + { + $access_type_status = ACCESS_GUEST; + break; + } + case 'normal': + { + $access_type_status = ACCESS_CLASSIC; + break; + } + case 'admin': + { + $access_type_status = ACCESS_ADMINISTRATOR; + break; + } + case 'webmaster': + { + $access_type_status = ACCESS_WEBMASTER; + break; + } + } + } + + return ($access_type_status >= $access_type); +} + +/* + * Check if current user have access to access_type definition + * Stop action if there are not access + * Test does with user status + * @return none +*/ +function check_status($access_type) +{ + global $lang; + + if (!is_autorize_status($access_type)) + { + echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />'; + echo '<a href="'.PHPWG_ROOT_PATH.'identification.php">'.$lang['identification'].'</a></div>'; + exit(); + } +} + +/* + * Return if current user is an administrator + * @return bool +*/ +function is_admin() +{ + return is_autorize_status(ACCESS_ADMINISTRATOR); } ?>
\ No newline at end of file diff --git a/notification.php b/notification.php index 53950722d..b28472d31 100644 --- a/notification.php +++ b/notification.php @@ -33,6 +33,11 @@ define('PHPWG_ROOT_PATH','./'); include_once( PHPWG_ROOT_PATH.'include/common.inc.php' ); // +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_GUEST); + +// +-----------------------------------------------------------------------+ // | new feed creation | // +-----------------------------------------------------------------------+ diff --git a/picture.php b/picture.php index 9f2e4a113..75b0c16c4 100644 --- a/picture.php +++ b/picture.php @@ -30,6 +30,11 @@ $rate_items = array(0,1,2,3,4,5); define('PHPWG_ROOT_PATH','./'); include_once(PHPWG_ROOT_PATH.'include/common.inc.php'); +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_GUEST); + include(PHPWG_ROOT_PATH.'include/section_init.inc.php'); //-------------------------------------------------- access authorization check if (isset($page['cat']) and is_numeric($page['cat'])) diff --git a/popuphelp.php b/popuphelp.php index 888af4258..a66ded4a7 100644 --- a/popuphelp.php +++ b/popuphelp.php @@ -32,6 +32,11 @@ define('PHPWG_ROOT_PATH','./'); include_once( PHPWG_ROOT_PATH.'include/common.inc.php' ); +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_GUEST); + $page['body_id'] = 'thePopuphelpPage'; $title = l10n('PhpWebGallery Help'); $page['page_banner'] = '<h1>'.$title.'</h1>'; diff --git a/profile.php b/profile.php index a05def74e..805ab753e 100644 --- a/profile.php +++ b/profile.php @@ -33,6 +33,11 @@ define('PHPWG_ROOT_PATH','./'); include_once(PHPWG_ROOT_PATH.'include/common.inc.php'); +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_CLASSIC); + if ($user['is_the_guest'] and !$guest_allowed) { echo '<div style="text-align:center;">'.$lang['only_members'].'<br />'; diff --git a/random.php b/random.php index 189ac57b1..820eb00f0 100644 --- a/random.php +++ b/random.php @@ -30,6 +30,12 @@ // +-----------------------------------------------------------------------+ define('PHPWG_ROOT_PATH','./'); include_once( PHPWG_ROOT_PATH.'include/common.inc.php' ); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_GUEST); + // +-----------------------------------------------------------------------+ // | generate random element list | // +-----------------------------------------------------------------------+ diff --git a/search.php b/search.php index 587c7f760..5eaeef419 100644 --- a/search.php +++ b/search.php @@ -28,6 +28,12 @@ //--------------------------------------------------------------------- include define('PHPWG_ROOT_PATH','./'); include_once( PHPWG_ROOT_PATH.'include/common.inc.php' ); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_GUEST); + //------------------------------------------------------------------ form check $errors = array(); $search = array(); |