diff options
Diffstat (limited to '')
-rw-r--r-- | admin/include/functions_notification_by_mail.inc.php | 6 | ||||
-rw-r--r-- | feed.php | 5 | ||||
-rw-r--r-- | include/common.inc.php | 13 | ||||
-rw-r--r-- | include/functions_user.inc.php | 29 | ||||
-rw-r--r-- | qsearch.php | 8 | ||||
-rw-r--r-- | upload.php | 7 |
6 files changed, 32 insertions, 36 deletions
diff --git a/admin/include/functions_notification_by_mail.inc.php b/admin/include/functions_notification_by_mail.inc.php index 10ffd15ae..d98c5a997 100644 --- a/admin/include/functions_notification_by_mail.inc.php +++ b/admin/include/functions_notification_by_mail.inc.php @@ -261,11 +261,7 @@ function set_user_on_env_nbm(&$nbm_user, $is_action_send) {
global $user, $lang, $lang_info, $env_nbm;
- $user = array();
- $user['id'] = $nbm_user['user_id'];
- $user = array_merge($user, getuserdata($user['id'], true));
-
- list($user['template'], $user['theme']) = explode('/', $user['template']);
+ $user = build_user( $nbm_user['user_id'], true );
if ($env_nbm['last_language'] != $user['language'])
{
@@ -86,7 +86,6 @@ SELECT user_id, } if ($feed_row['user_id']!=$user['id']) { // new user - $user = array(); $user = build_user( $feed_row['user_id'], true ); } } @@ -95,11 +94,13 @@ else $image_only = true; if (!$user['is_the_guest']) {// auto session was created - so switch to guest - $user = array(); $user = build_user( $conf['guest_id'], true ); } } +// Check the status now after the user has been loaded +check_status(ACCESS_GUEST); + list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();')); include_once(PHPWG_ROOT_PATH.'include/feedcreator.class.php'); diff --git a/include/common.inc.php b/include/common.inc.php index a691f6cb5..bc24905bc 100644 --- a/include/common.inc.php +++ b/include/common.inc.php @@ -185,19 +185,6 @@ if ($conf['gallery_locked']) } } -if ($user['is_the_guest'] and !$conf['guest_access'] - and !in_array( script_basename(), - // Array of basename without file extention - array('identification', - 'password', - 'register' - ) - ) - ) -{ - redirect (get_absolute_root_url(false).'identification.php'); -} - if ($conf['check_upgrade_feed'] and defined('PHPWG_IN_UPGRADE') and PHPWG_IN_UPGRADE) diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index b1ddddf0f..57e609eab 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -392,8 +392,6 @@ DELETE FROM '.FAVORITES_TABLE.' */ function calculate_permissions($user_id, $user_status) { - global $user; - $private_array = array(); $authorized_array = array(); @@ -437,7 +435,7 @@ SELECT cat_id $forbidden_array = array_diff($private_array, $authorized_array); // if user is not an admin, locked categories are forbidden - if (!is_admin($user_status)) + if ( $user_status!='administrator' and $user_status!='webmaster' ) { $query = ' SELECT id @@ -981,11 +979,11 @@ SELECT '.$conf['user_fields']['id'].' AS id, * Test does with user status * @return bool */ -function get_access_type_status($user_status = '') +function get_access_type_status($user_status='') { global $user; - if (($user_status == '') and isset($user['status'])) + if ($user_status == '' and isset($user['status']) ) { $user_status = $user['status']; } @@ -1024,9 +1022,18 @@ function get_access_type_status($user_status = '') * Test does with user status * @return bool */ -function is_autorize_status($access_type, $user_status = '') +function is_autorize_status($access_type) { - return (get_access_type_status($user_status) >= $access_type); + global $user, $conf; + if ( + !isset($user) or + ($user['id']==$conf['guest_id'] and $conf['guest_access']==false) + ) + { + return ACCESS_NONE>=$access_type; + } + + return (get_access_type_status() >= $access_type); } /* @@ -1035,9 +1042,9 @@ function is_autorize_status($access_type, $user_status = '') * Test does with user status * @return none */ -function check_status($access_type, $user_status = '') +function check_status( $access_type ) { - if (!is_autorize_status($access_type, $user_status)) + if (!is_autorize_status($access_type) ) { access_denied(); } @@ -1047,9 +1054,9 @@ function check_status($access_type, $user_status = '') * Return if user is an administrator * @return bool */ -function is_admin($user_status = '') +function is_admin() { - return is_autorize_status(ACCESS_ADMINISTRATOR, $user_status); + return is_autorize_status(ACCESS_ADMINISTRATOR); } /* diff --git a/qsearch.php b/qsearch.php index da5188196..a7fc1d956 100644 --- a/qsearch.php +++ b/qsearch.php @@ -1,9 +1,8 @@ <?php // +-----------------------------------------------------------------------+ // | PhpWebGallery - a PHP based picture gallery | -// | Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net | +// | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net | // +-----------------------------------------------------------------------+ -// | branch : BSF (Best So Far) // | file : $Id$ // | last update : $Date$ // | last modifier : $Author$ @@ -27,6 +26,11 @@ define('PHPWG_ROOT_PATH','./'); include_once( PHPWG_ROOT_PATH.'include/common.inc.php' ); +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_GUEST); + if (empty($_GET['q'])) { redirect( make_index_url() ); diff --git a/upload.php b/upload.php index 8ae21a104..16dba838b 100644 --- a/upload.php +++ b/upload.php @@ -2,10 +2,9 @@ // +-----------------------------------------------------------------------+ // | PhpWebGallery - a PHP based picture gallery | // | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net | -// | Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net | +// | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net | // +-----------------------------------------------------------------------+ -// | branch : BSF (Best So Far) -// | file : $RCSfile$ +// | file : $Id$ // | last update : $Date$ // | last modifier : $Author$ // | revision : $Revision$ @@ -27,6 +26,8 @@ define('PHPWG_ROOT_PATH','./'); include_once( PHPWG_ROOT_PATH.'include/common.inc.php' ); +check_status(ACCESS_GUEST); + $username = !empty($_POST['username'])?$_POST['username']:$user['username']; $mail_address = !empty($_POST['mail_address'])?$_POST['mail_address']:@$user['mail_address']; $name = !empty($_POST['name'])?$_POST['name']:''; |