Changeset 1850

Timestamp:

Feb 22, 2007, 6:31:08 AM (17 years ago)

Author:

rvelices

Message:

• change the way confguest_access is handled so that web services work correctly (and also nbm.php and feed.php)

Location:

trunk

Files:

• admin/include/functions_notification_by_mail.inc.php (modified) (1 diff)
• feed.php (modified) (2 diffs)
• include/common.inc.php (modified) (1 diff)
• include/functions_user.inc.php (modified) (6 diffs)
• qsearch.php (modified) (2 diffs)
• upload.php (modified) (2 diffs)

trunk/admin/include/functions_notification_by_mail.inc.php

@@ -262 +262 @@
   global $user, $lang, $lang_info, $env_nbm;
 
-  $user = array();
-  $user['id'] = $nbm_user['user_id'];
-  $user = array_merge($user, getuserdata($user['id'], true));
-
-  list($user['template'], $user['theme']) = explode('/', $user['template']);
+  $user = build_user( $nbm_user['user_id'], true );
 
   if ($env_nbm['last_language'] != $user['language'])

trunk/feed.php

@@ -87 +87 @@
   if ($feed_row['user_id']!=$user['id'])
   { // new user
-    $user = array();
     $user = build_user( $feed_row['user_id'], true );
   }
@@ -96 +95 @@
   if (!$user['is_the_guest'])
   {// auto session was created - so switch to guest
-    $user = array();
     $user = build_user( $conf['guest_id'], true );
   }
 }
+
+// Check the status now after the user has been loaded
+check_status(ACCESS_GUEST);
 
 list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();'));

trunk/include/common.inc.php

@@ -186 +186 @@
 }
 
-if ($user['is_the_guest'] and !$conf['guest_access']
-    and !in_array( script_basename(),
-                      // Array of basename without file extention
-                      array('identification',
-                            'password',
-                            'register'
-                        )
-                  )
-    )
-{
-  redirect (get_absolute_root_url(false).'identification.php');
-}
-
 if ($conf['check_upgrade_feed']
     and defined('PHPWG_IN_UPGRADE')

trunk/include/functions_user.inc.php

@@ -393 +393 @@
 function calculate_permissions($user_id, $user_status)
 {
-  global $user;
-
   $private_array = array();
   $authorized_array = array();
@@ -438 +436 @@
 
   // if user is not an admin, locked categories are forbidden
-  if (!is_admin($user_status))
+  if ( $user_status!='administrator' and $user_status!='webmaster' )
   {
     $query = '
@@ -982 +980 @@
  * @return bool
 */
-function get_access_type_status($user_status = '')
+function get_access_type_status($user_status='')
 {
   global $user;
 
-  if (($user_status == '') and isset($user['status']))
+  if ($user_status == '' and isset($user['status']) )
   {
     $user_status = $user['status'];
@@ -1025 +1023 @@
  * @return bool
 */
-function is_autorize_status($access_type, $user_status = '')
-{
-  return (get_access_type_status($user_status) >= $access_type);
+function is_autorize_status($access_type)
+{
+  global $user, $conf;
+  if (
+      !isset($user) or
+      ($user['id']==$conf['guest_id'] and $conf['guest_access']==false)
+    )
+  {
+    return ACCESS_NONE>=$access_type;
+  }
+
+  return (get_access_type_status() >= $access_type);
 }
 
@@ -1036 +1043 @@
  * @return none
 */
-function check_status($access_type, $user_status = '')
-{
-  if (!is_autorize_status($access_type, $user_status))
+function check_status( $access_type )
+{
+  if (!is_autorize_status($access_type) )
   {
     access_denied();
@@ -1048 +1055 @@
  * @return bool
 */
-function is_admin($user_status = '')
-{
-  return is_autorize_status(ACCESS_ADMINISTRATOR, $user_status);
+function is_admin()
+{
+  return is_autorize_status(ACCESS_ADMINISTRATOR);
 }
 

trunk/qsearch.php

@@ -2 +2 @@
 // +-----------------------------------------------------------------------+
 // | PhpWebGallery - a PHP based picture gallery                           |
-// | Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net |
+// | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net |
 // +-----------------------------------------------------------------------+
-// | branch        : BSF (Best So Far)
 // | file          : $Id$
 // | last update   : $Date$
@@ -27 +26 @@
 define('PHPWG_ROOT_PATH','./');
 include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok                      |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_GUEST);
 
 if (empty($_GET['q']))

trunk/upload.php

@@ -3 +3 @@
 // | PhpWebGallery - a PHP based picture gallery                           |
 // | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
-// | Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net |
+// | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net |
 // +-----------------------------------------------------------------------+
-// | branch        : BSF (Best So Far)
-// | file          : $RCSfile$
+// | file          : $Id$
 // | last update   : $Date$
 // | last modifier : $Author$
@@ -27 +26 @@
 define('PHPWG_ROOT_PATH','./');
 include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
+
+check_status(ACCESS_GUEST);
 
 $username = !empty($_POST['username'])?$_POST['username']:$user['username'];