mirror of
https://github.com/Piwigo/Piwigo.git
synced 2025-04-28 04:09:56 +03:00
- change the way conf['guest_access'] is handled so that web services work correctly (and also nbm.php and feed.php)
git-svn-id: http://piwigo.org/svn/trunk@1850 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
rvelices
parent
cea58b64ee
commit
20ba76b753
6 changed files with 32 additions and 36 deletions
|
|
@ -261,11 +261,7 @@ function set_user_on_env_nbm(&$nbm_user, $is_action_send)
|
||||||
{
|
{
|
||||||
global $user, $lang, $lang_info, $env_nbm;
|
global $user, $lang, $lang_info, $env_nbm;
|
||||||
|
|
||||||
$user = array();
|
$user = build_user( $nbm_user['user_id'], true );
|
||||||
$user['id'] = $nbm_user['user_id'];
|
|
||||||
$user = array_merge($user, getuserdata($user['id'], true));
|
|
||||||
|
|
||||||
list($user['template'], $user['theme']) = explode('/', $user['template']);
|
|
||||||
|
|
||||||
if ($env_nbm['last_language'] != $user['language'])
|
if ($env_nbm['last_language'] != $user['language'])
|
||||||
{
|
{
|
||||||
|
|
|
||||||
5
feed.php
5
feed.php
|
|
@ -86,7 +86,6 @@ SELECT user_id,
|
||||||
}
|
}
|
||||||
if ($feed_row['user_id']!=$user['id'])
|
if ($feed_row['user_id']!=$user['id'])
|
||||||
{ // new user
|
{ // new user
|
||||||
$user = array();
|
|
||||||
$user = build_user( $feed_row['user_id'], true );
|
$user = build_user( $feed_row['user_id'], true );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -95,11 +94,13 @@ else
|
||||||
$image_only = true;
|
$image_only = true;
|
||||||
if (!$user['is_the_guest'])
|
if (!$user['is_the_guest'])
|
||||||
{// auto session was created - so switch to guest
|
{// auto session was created - so switch to guest
|
||||||
$user = array();
|
|
||||||
$user = build_user( $conf['guest_id'], true );
|
$user = build_user( $conf['guest_id'], true );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check the status now after the user has been loaded
|
||||||
|
check_status(ACCESS_GUEST);
|
||||||
|
|
||||||
list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();'));
|
list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();'));
|
||||||
|
|
||||||
include_once(PHPWG_ROOT_PATH.'include/feedcreator.class.php');
|
include_once(PHPWG_ROOT_PATH.'include/feedcreator.class.php');
|
||||||
|
|
|
||||||
|
|
@ -185,19 +185,6 @@ if ($conf['gallery_locked'])
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($user['is_the_guest'] and !$conf['guest_access']
|
|
||||||
and !in_array( script_basename(),
|
|
||||||
// Array of basename without file extention
|
|
||||||
array('identification',
|
|
||||||
'password',
|
|
||||||
'register'
|
|
||||||
)
|
|
||||||
)
|
|
||||||
)
|
|
||||||
{
|
|
||||||
redirect (get_absolute_root_url(false).'identification.php');
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($conf['check_upgrade_feed']
|
if ($conf['check_upgrade_feed']
|
||||||
and defined('PHPWG_IN_UPGRADE')
|
and defined('PHPWG_IN_UPGRADE')
|
||||||
and PHPWG_IN_UPGRADE)
|
and PHPWG_IN_UPGRADE)
|
||||||
|
|
|
||||||
|
|
@ -392,8 +392,6 @@ DELETE FROM '.FAVORITES_TABLE.'
|
||||||
*/
|
*/
|
||||||
function calculate_permissions($user_id, $user_status)
|
function calculate_permissions($user_id, $user_status)
|
||||||
{
|
{
|
||||||
global $user;
|
|
||||||
|
|
||||||
$private_array = array();
|
$private_array = array();
|
||||||
$authorized_array = array();
|
$authorized_array = array();
|
||||||
|
|
||||||
|
|
@ -437,7 +435,7 @@ SELECT cat_id
|
||||||
$forbidden_array = array_diff($private_array, $authorized_array);
|
$forbidden_array = array_diff($private_array, $authorized_array);
|
||||||
|
|
||||||
// if user is not an admin, locked categories are forbidden
|
// if user is not an admin, locked categories are forbidden
|
||||||
if (!is_admin($user_status))
|
if ( $user_status!='administrator' and $user_status!='webmaster' )
|
||||||
{
|
{
|
||||||
$query = '
|
$query = '
|
||||||
SELECT id
|
SELECT id
|
||||||
|
|
@ -981,11 +979,11 @@ SELECT '.$conf['user_fields']['id'].' AS id,
|
||||||
* Test does with user status
|
* Test does with user status
|
||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
function get_access_type_status($user_status = '')
|
function get_access_type_status($user_status='')
|
||||||
{
|
{
|
||||||
global $user;
|
global $user;
|
||||||
|
|
||||||
if (($user_status == '') and isset($user['status']))
|
if ($user_status == '' and isset($user['status']) )
|
||||||
{
|
{
|
||||||
$user_status = $user['status'];
|
$user_status = $user['status'];
|
||||||
}
|
}
|
||||||
|
|
@ -1024,9 +1022,18 @@ function get_access_type_status($user_status = '')
|
||||||
* Test does with user status
|
* Test does with user status
|
||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
function is_autorize_status($access_type, $user_status = '')
|
function is_autorize_status($access_type)
|
||||||
{
|
{
|
||||||
return (get_access_type_status($user_status) >= $access_type);
|
global $user, $conf;
|
||||||
|
if (
|
||||||
|
!isset($user) or
|
||||||
|
($user['id']==$conf['guest_id'] and $conf['guest_access']==false)
|
||||||
|
)
|
||||||
|
{
|
||||||
|
return ACCESS_NONE>=$access_type;
|
||||||
|
}
|
||||||
|
|
||||||
|
return (get_access_type_status() >= $access_type);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
@ -1035,9 +1042,9 @@ function is_autorize_status($access_type, $user_status = '')
|
||||||
* Test does with user status
|
* Test does with user status
|
||||||
* @return none
|
* @return none
|
||||||
*/
|
*/
|
||||||
function check_status($access_type, $user_status = '')
|
function check_status( $access_type )
|
||||||
{
|
{
|
||||||
if (!is_autorize_status($access_type, $user_status))
|
if (!is_autorize_status($access_type) )
|
||||||
{
|
{
|
||||||
access_denied();
|
access_denied();
|
||||||
}
|
}
|
||||||
|
|
@ -1047,9 +1054,9 @@ function check_status($access_type, $user_status = '')
|
||||||
* Return if user is an administrator
|
* Return if user is an administrator
|
||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
function is_admin($user_status = '')
|
function is_admin()
|
||||||
{
|
{
|
||||||
return is_autorize_status(ACCESS_ADMINISTRATOR, $user_status);
|
return is_autorize_status(ACCESS_ADMINISTRATOR);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,8 @@
|
||||||
<?php
|
<?php
|
||||||
// +-----------------------------------------------------------------------+
|
// +-----------------------------------------------------------------------+
|
||||||
// | PhpWebGallery - a PHP based picture gallery |
|
// | PhpWebGallery - a PHP based picture gallery |
|
||||||
// | Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net |
|
// | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net |
|
||||||
// +-----------------------------------------------------------------------+
|
// +-----------------------------------------------------------------------+
|
||||||
// | branch : BSF (Best So Far)
|
|
||||||
// | file : $Id$
|
// | file : $Id$
|
||||||
// | last update : $Date$
|
// | last update : $Date$
|
||||||
// | last modifier : $Author$
|
// | last modifier : $Author$
|
||||||
|
|
@ -27,6 +26,11 @@
|
||||||
define('PHPWG_ROOT_PATH','./');
|
define('PHPWG_ROOT_PATH','./');
|
||||||
include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
|
include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
|
||||||
|
|
||||||
|
// +-----------------------------------------------------------------------+
|
||||||
|
// | Check Access and exit when user status is not ok |
|
||||||
|
// +-----------------------------------------------------------------------+
|
||||||
|
check_status(ACCESS_GUEST);
|
||||||
|
|
||||||
if (empty($_GET['q']))
|
if (empty($_GET['q']))
|
||||||
{
|
{
|
||||||
redirect( make_index_url() );
|
redirect( make_index_url() );
|
||||||
|
|
|
||||||
|
|
@ -2,10 +2,9 @@
|
||||||
// +-----------------------------------------------------------------------+
|
// +-----------------------------------------------------------------------+
|
||||||
// | PhpWebGallery - a PHP based picture gallery |
|
// | PhpWebGallery - a PHP based picture gallery |
|
||||||
// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
|
// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
|
||||||
// | Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net |
|
// | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net |
|
||||||
// +-----------------------------------------------------------------------+
|
// +-----------------------------------------------------------------------+
|
||||||
// | branch : BSF (Best So Far)
|
// | file : $Id$
|
||||||
// | file : $RCSfile$
|
|
||||||
// | last update : $Date$
|
// | last update : $Date$
|
||||||
// | last modifier : $Author$
|
// | last modifier : $Author$
|
||||||
// | revision : $Revision$
|
// | revision : $Revision$
|
||||||
|
|
@ -27,6 +26,8 @@
|
||||||
define('PHPWG_ROOT_PATH','./');
|
define('PHPWG_ROOT_PATH','./');
|
||||||
include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
|
include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
|
||||||
|
|
||||||
|
check_status(ACCESS_GUEST);
|
||||||
|
|
||||||
$username = !empty($_POST['username'])?$_POST['username']:$user['username'];
|
$username = !empty($_POST['username'])?$_POST['username']:$user['username'];
|
||||||
$mail_address = !empty($_POST['mail_address'])?$_POST['mail_address']:@$user['mail_address'];
|
$mail_address = !empty($_POST['mail_address'])?$_POST['mail_address']:@$user['mail_address'];
|
||||||
$name = !empty($_POST['name'])?$_POST['name']:'';
|
$name = !empty($_POST['name'])?$_POST['name']:'';
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue