update credential checking and blog id
This commit is contained in:
parent
716e408c79
commit
ae91560676
5 changed files with 12 additions and 9 deletions
|
@ -172,7 +172,7 @@ class Blogpost
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((bool)($_SESSION["current_user"]->permissions & 128)) {
|
if (isset($_COOKIE["PHPSESSID"]) && (bool)($_SESSION["current_user"]->permissions & 128)) {
|
||||||
$topRight = sprintf("<td class=\"blog-publish-date\">
|
$topRight = sprintf("<td class=\"blog-publish-date\">
|
||||||
<a href=\"http://www.zdenekborovec-dev.cz/blog/writearticle/
|
<a href=\"http://www.zdenekborovec-dev.cz/blog/writearticle/
|
||||||
?guid=%s\">Edit</a></td>", $this->blogpost_id);
|
?guid=%s\">Edit</a></td>", $this->blogpost_id);
|
||||||
|
@ -407,17 +407,17 @@ if(isset($_POST["submit"])) {
|
||||||
$blogId."#comment-".$commentId);
|
$blogId."#comment-".$commentId);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get the blog id.
|
|
||||||
$blogId = sanitize_input($_GET["guid"]);
|
|
||||||
|
|
||||||
// If no ID was entered, display warning and die.
|
// If no ID was entered, display warning and die.
|
||||||
if(!$blogId) {
|
if(!isset($_GET["blogpost_id"])) {
|
||||||
header($_SERVER["SERVER_PROTOCOL"]." 404 Not Foud", true, 404);
|
header($_SERVER["SERVER_PROTOCOL"]." 404 Not Foud", true, 404);
|
||||||
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/404.php");
|
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/404.php");
|
||||||
include_once($COMMONS."/footer.php");
|
include_once($COMMONS."/footer.php");
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Get the blog id.
|
||||||
|
$blogId = sanitize_input($_GET["blogpost_id"]);
|
||||||
|
|
||||||
$blogPost = load_blog($conn, $blogId);
|
$blogPost = load_blog($conn, $blogId);
|
||||||
|
|
||||||
// If no ID was entered, display warning and die.
|
// If no ID was entered, display warning and die.
|
||||||
|
|
|
@ -10,7 +10,7 @@ function display_blog_preview($blogpost_id, $title, $abstract,
|
||||||
$date_posted, $tags){
|
$date_posted, $tags){
|
||||||
printf("
|
printf("
|
||||||
<div class=\"blog-preview\">
|
<div class=\"blog-preview\">
|
||||||
<a href=\"http://www.zdenekborovec-dev.cz/blog/article?guid=%s\">
|
<a href=\"http://www.zdenekborovec-dev.cz/blog/article?blogpost_id=%s\">
|
||||||
<h3>
|
<h3>
|
||||||
%s
|
%s
|
||||||
</h3>
|
</h3>
|
||||||
|
|
|
@ -5,7 +5,8 @@ include_once($COMMONS."/header.php");
|
||||||
|
|
||||||
// If the user does not have the 1000 0000 permission,
|
// If the user does not have the 1000 0000 permission,
|
||||||
// throw a 403: Forbidden error.
|
// throw a 403: Forbidden error.
|
||||||
if(!(bool)($_SESSION["current_user"]->permissions & 128)) {
|
if (isset($_COOKIE["PHPSESSID"]) &&
|
||||||
|
(bool)($_SESSION["current_user"]->permissions & 128)) {
|
||||||
header($_SERVER["SERVER_PROTOCOL"]." 403 Forbidden", true, 403);
|
header($_SERVER["SERVER_PROTOCOL"]." 403 Forbidden", true, 403);
|
||||||
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/403.php");
|
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/403.php");
|
||||||
include_once($COMMONS."/footer.php");
|
include_once($COMMONS."/footer.php");
|
||||||
|
|
|
@ -5,7 +5,8 @@ include_once($COMMONS."/header.php");
|
||||||
|
|
||||||
// If the user does not have the 1000 0000 permission,
|
// If the user does not have the 1000 0000 permission,
|
||||||
// throw a 403: Forbidden error.
|
// throw a 403: Forbidden error.
|
||||||
if(!(bool)($_SESSION["current_user"]->permissions & 128)) {
|
if (isset($_COOKIE["PHPSESSID"]) &&
|
||||||
|
(bool)($_SESSION["current_user"]->permissions & 128)) {
|
||||||
header($_SERVER["SERVER_PROTOCOL"]." 403 Forbidden", true, 403);
|
header($_SERVER["SERVER_PROTOCOL"]." 403 Forbidden", true, 403);
|
||||||
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/403.php");
|
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/403.php");
|
||||||
include_once($COMMONS."/footer.php");
|
include_once($COMMONS."/footer.php");
|
||||||
|
|
|
@ -5,7 +5,8 @@ include_once($COMMONS."/header.php");
|
||||||
|
|
||||||
// If the user does not have the 1000 0000 permission,
|
// If the user does not have the 1000 0000 permission,
|
||||||
// throw a 403: Forbidden error.
|
// throw a 403: Forbidden error.
|
||||||
if(!(bool)($_SESSION["current_user"]->permissions & 128)) {
|
if (isset($_COOKIE["PHPSESSID"]) &&
|
||||||
|
(bool)($_SESSION["current_user"]->permissions & 128)) {
|
||||||
header($_SERVER["SERVER_PROTOCOL"]." 403 Forbidden", true, 403);
|
header($_SERVER["SERVER_PROTOCOL"]." 403 Forbidden", true, 403);
|
||||||
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/403.php");
|
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/403.php");
|
||||||
include_once($COMMONS."/footer.php");
|
include_once($COMMONS."/footer.php");
|
||||||
|
|
Loading…
Reference in a new issue