Zeftax/personal-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update credential checking and blog id

Browse source
This commit is contained in:
Zdenek Borovec 2024-05-13 18:54:11 +02:00
parent 716e408c79
commit ae91560676
5 changed files with 12 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
docs/www/blog/article.php
View file

@ -172,7 +172,7 @@ class Blogpost
return; return;
} }
if ((bool)($_SESSION["current_user"]->permissions & 128)) { if (isset($_COOKIE["PHPSESSID"]) && (bool)($_SESSION["current_user"]->permissions & 128)) {
$topRight = sprintf("<td class=\"blog-publish-date\"> $topRight = sprintf("<td class=\"blog-publish-date\">
<a href=\"http://www.zdenekborovec-dev.cz/blog/writearticle/ <a href=\"http://www.zdenekborovec-dev.cz/blog/writearticle/
?guid=%s\">Edit</a></td>", $this->blogpost_id); ?guid=%s\">Edit</a></td>", $this->blogpost_id);
@ -407,17 +407,17 @@ if(isset($_POST["submit"])) {
$blogId."#comment-".$commentId); $blogId."#comment-".$commentId);
} }
// Get the blog id.
$blogId = sanitize_input($_GET["guid"]);
// If no ID was entered, display warning and die. // If no ID was entered, display warning and die.
if(!$blogId) { if(!isset($_GET["blogpost_id"])) {
header($_SERVER["SERVER_PROTOCOL"]." 404 Not Foud", true, 404); header($_SERVER["SERVER_PROTOCOL"]." 404 Not Foud", true, 404);
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/404.php"); include_once($_SERVER["DOCUMENT_ROOT"]."/errors/404.php");
include_once($COMMONS."/footer.php"); include_once($COMMONS."/footer.php");
die(); die();
} }
// Get the blog id.
$blogId = sanitize_input($_GET["blogpost_id"]);
$blogPost = load_blog($conn, $blogId); $blogPost = load_blog($conn, $blogId);
// If no ID was entered, display warning and die. // If no ID was entered, display warning and die.

2
docs/www/blog/index.php
View file

@ -10,7 +10,7 @@ function display_blog_preview($blogpost_id, $title, $abstract,
$date_posted, $tags){ $date_posted, $tags){
printf(" printf("
<div class=\"blog-preview\"> <div class=\"blog-preview\">
<a href=\"http://www.zdenekborovec-dev.cz/blog/article?guid=%s\"> <a href=\"http://www.zdenekborovec-dev.cz/blog/article?blogpost_id=%s\">
<h3> <h3>
%s %s
</h3> </h3>

3
docs/www/blog/tageditor.php
View file

@ -5,7 +5,8 @@ include_once($COMMONS."/header.php");
// If the user does not have the 1000 0000 permission, // If the user does not have the 1000 0000 permission,
// throw a 403: Forbidden error. // throw a 403: Forbidden error.
if(!(bool)($_SESSION["current_user"]->permissions & 128)) { if (isset($_COOKIE["PHPSESSID"]) &&
(bool)($_SESSION["current_user"]->permissions & 128)) {
header($_SERVER["SERVER_PROTOCOL"]." 403 Forbidden", true, 403); header($_SERVER["SERVER_PROTOCOL"]." 403 Forbidden", true, 403);
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/403.php"); include_once($_SERVER["DOCUMENT_ROOT"]."/errors/403.php");
include_once($COMMONS."/footer.php"); include_once($COMMONS."/footer.php");

3
docs/www/blog/writearticle.php
View file

@ -5,7 +5,8 @@ include_once($COMMONS."/header.php");
// If the user does not have the 1000 0000 permission, // If the user does not have the 1000 0000 permission,
// throw a 403: Forbidden error. // throw a 403: Forbidden error.
if(!(bool)($_SESSION["current_user"]->permissions & 128)) { if (isset($_COOKIE["PHPSESSID"]) &&
(bool)($_SESSION["current_user"]->permissions & 128)) {
header($_SERVER["SERVER_PROTOCOL"]." 403 Forbidden", true, 403); header($_SERVER["SERVER_PROTOCOL"]." 403 Forbidden", true, 403);
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/403.php"); include_once($_SERVER["DOCUMENT_ROOT"]."/errors/403.php");
include_once($COMMONS."/footer.php"); include_once($COMMONS."/footer.php");

3
docs/www/fileupload.php
View file

@ -5,7 +5,8 @@ include_once($COMMONS."/header.php");
// If the user does not have the 1000 0000 permission, // If the user does not have the 1000 0000 permission,
// throw a 403: Forbidden error. // throw a 403: Forbidden error.
if(!(bool)($_SESSION["current_user"]->permissions & 128)) { if (isset($_COOKIE["PHPSESSID"]) &&
(bool)($_SESSION["current_user"]->permissions & 128)) {
header($_SERVER["SERVER_PROTOCOL"]." 403 Forbidden", true, 403); header($_SERVER["SERVER_PROTOCOL"]." 403 Forbidden", true, 403);
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/403.php"); include_once($_SERVER["DOCUMENT_ROOT"]."/errors/403.php");
include_once($COMMONS."/footer.php"); include_once($COMMONS."/footer.php");