aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorrvelices <rv-github@modusoptimus.com>2006-02-23 05:12:32 +0000
committerrvelices <rv-github@modusoptimus.com>2006-02-23 05:12:32 +0000
commit347d2e34b3972ec1d0022b831dd5a1fe13adbaa5 (patch)
tree92cd6cd3e49c50337de07c175c2d9d71291a74f0 /include
parent34538a62f4ac8bc6db41580058fdd040abaa3183 (diff)
fix: permissioning not working (2 bugs)
fix: locked gallery cannot be unlocked (impossible to login) improvement: nicer display in redirect.tpl improvement: when a page is not accessible because of permissions (accessed through bookmark or email), redirect to identification.php and after identification to the initially requested page git-svn-id: http://piwigo.org/svn/trunk@1052 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--include/common.inc.php9
-rw-r--r--include/functions_category.inc.php19
-rw-r--r--include/user.inc.php3
3 files changed, 22 insertions, 9 deletions
diff --git a/include/common.inc.php b/include/common.inc.php
index b89258df1..e0c564033 100644
--- a/include/common.inc.php
+++ b/include/common.inc.php
@@ -200,12 +200,15 @@ if (defined('IN_ADMIN') and IN_ADMIN)
if ($conf['gallery_locked'])
{
+ ob_start(); // make sure we can send cookies
echo
'<div style="text-align:center;">'
- .$lang['gallery_locked_message']
- .'</div>';
+ .$lang['gallery_locked_message'];
+ echo '<a href="'.PHPWG_ROOT_PATH.'identification.php">.</a>';
+ echo '</div>';
- if ($user['status'] != 'admin')
+ if ( basename($_SERVER["PHP_SELF"]) != 'identification.php'
+ and $user['status'] != 'admin' )
{
exit();
}
diff --git a/include/functions_category.inc.php b/include/functions_category.inc.php
index b3abce892..f7c5b926b 100644
--- a/include/functions_category.inc.php
+++ b/include/functions_category.inc.php
@@ -46,10 +46,21 @@ function check_restrictions($category_id)
if (in_array($category_id, explode(',', $user['forbidden_categories'])))
{
- echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />';
- echo '<a href="./category.php">';
- echo $lang['thumbnails'].'</a></div>';
- exit();
+ $login_url = './identification.php?redirect='.
+ htmlentities(htmlentities($_SERVER['REQUEST_URI']));
+ if ( ! $user['is_the_guest'] )
+ {
+ echo '<div style="text-align:center;">';
+ echo $lang['hello'].' '.$user['username'].'! ';
+ echo $lang['access_forbiden'].'<br />';
+ echo '<a href="./category.php">'.$lang['thumbnails'].'</a> ';
+ echo '</div>';
+ exit();
+ }
+ else
+ {
+ redirect($login_url);
+ }
}
}
diff --git a/include/user.inc.php b/include/user.inc.php
index c22f4b369..4b3dd13e8 100644
--- a/include/user.inc.php
+++ b/include/user.inc.php
@@ -58,12 +58,11 @@ if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER']))
$user['is_the_guest'] = false;
}
-
$user = array_merge(
$user,
getuserdata(
$user['id'],
- defined('IN_ADMIN') and IN_ADMIN ? false : true // use cache ?
+ ( defined('IN_ADMIN') and IN_ADMIN ) ? false : true // use cache ?
)
);