WebSVN - taios - Path Comparison - / Rev 466 and / Rev 471

Ignore whitespace Rev 466 → Rev 471

 /blog/add-post.php
 ,7 → 40,7
     }
     else
     {
-        if ($page->getLoggedInUser()->accessID >= 2 && $parentID == -1)
+        if (($page->getLoggedInUser()->accessID >= 2 && $parentID == -1) || $page->getLoggedInUser()->accessID > 2)
         {
             $page->drawError('You do not have permission to access this page.');
         }

 /blog/del-post.php
 ,7 → 7,7
 $id = $_GET['id'];
 if ($id)
 {
-    if ($page->isUserAdmin($page->getLoggedInUser()) || $page->getLoggedInUser()->ID == $page->getBlogPost($id)->author->ID)
+    if ($page->isUserAdmin($page->getLoggedInUser()) || $page->getLoggedInUser()->ID == $page->getBlogPost($id)->author->ID && $page->isUserNormal($page->getLoggedInUser()))
     {
         $page->delBlogPost($id);
     }

 /blog/edit-post.php
 ,7 → 20,7
 $page->checkLoggedIn();
 $post = $page->getBlogPost($id);
-if (!$page->isUserAdmin($page->getLoggedInUser()) && $page->getLoggedInUser()->ID != $post->author->ID)
+if ((!$page->isUserAdmin($page->getLoggedInUser()) && $page->getLoggedInUser()->ID != $post->author->ID) || !$page->isUserNormal($page->getLoggedInUser()))
 {
     $page->drawError('You do not have permission to access this page.');
 }

 /admin/account-do.php
 ,7 → 13,7
 $name = $_POST['name'];
 $user = $page->getUserByID($userID);
-if (($page->getLoggedInUser()->ID == $userID || $page->isUserAdmin($page->getLoggedInUser())) && $user)
+if (($page->getLoggedInUser()->ID == $userID || $page->isUserAdmin($page->getLoggedInUser())) && $user && $page->isUserNormal($page->getLoggedInUser()))
 {
     if (isset($accessID) && $page->isUserAdmin($page->getLoggedInUser()))
     {

 /admin/account.php
 ,7 → 11,7
 $userID = $page->getGetID();
 $user = $page->getUserByID($userID);
-if (($page->getLoggedInUser()->ID == $userID || $page->isUserAdmin($page->getLoggedInUser())) && $user)
+if (($page->getLoggedInUser()->ID == $userID || $page->isUserAdmin($page->getLoggedInUser())) && $user && $page->isUserNormal($page->getLoggedInUser()))
 {
 ?>

 /admin/index.php
 ,7 → 9,14
 $page->checkLoggedIn();
 $user = $page->getLoggedInUser();
-write('<h4><a href="account.php?id=' . $user->ID. '">Manage Account</a></h4>');
+if ($page->isUserNormal($user))
+{
+    write('<h4><a href="account.php?id=' . $user->ID. '">Manage Account</a></h4>');
+}
+else
+{
+    $page->drawError('You do not have permission to access this page.');
+}
 if ($page->isUserAdmin($user))
 {

 /_taios.php
 ,11 → 50,17
             $this->drawMenuItem('Wiki', 'wiki/');
             $this->drawMenuItem('Photos', 'photos/');
             write('<br />');
-            if ($this->isLoggedIn())
+            if ($this->isLoggedIn() && $this->isUserNormal($this->getLoggedInUser()))
             {
                 $this->drawMenuItem('Administration', 'admin/');
                 $this->drawMenuItem('Logout', 'logout-do.php');
             }
+            else if ($this->isLoggedIn())
+            {
+                $this->drawMenuItem('Logout', 'logout-do.php');
+                if ($this->getLoggedInUser()->username != "cake")
+                    $this->drawMenuItem('You are banned', NULL);
+            }
             else
             {
                 $this->drawMenuItem('Login', 'login.php');
 ,7 → 67,6
                 $this->drawMenuItem('Register', 'register.php');
             }
             write('<br />');
             $this->drawnHeader = true;
         }
     }
 ,7 → 73,14
     function drawMenuItem($t, $u)
     {
-        write('<p><a href="' . $this->url . $u . '">' . $t . '</a></p>');
+        if($u == NULL)
+        {
+            write('<p style="color:red">' . $t . '</p>');
+        }
+        else
+        {
+            write('<p><a href="' . $this->url . $u . '">' . $t . '</a></p>');
+        }
     }
     function drawMiddle()
 ,6 → 312,19
         return false;
     }
+    function isUserBanned()
+    {
+        if ($this->isLoggedIn())
+        {
+            if ($this->getLoggedInUser()->accessID >= 3)
+            {
+                return true;
+            }
+        }
+        return false;
+    }
     function checkChallengeStatus($challengeID, $previous, $next)
     {
         $currentChallengeID = $this->getLoggedInUser()->challengeID;

 /forums/add-post-do.php
 ,6 → 20,11
 $title = $_POST['title'];
 $content = $_POST['content'];
+if (!$page->isUserNormal($page->getLoggedInUser()))
+{
+    $page->redirect('add-post.php?error=You do not have permission to access this page');
+}
 if (empty($title))
 {
     $page->redirect('add-post.php?error=No Title Specified');

 /forums/add-post.php
 ,7 → 20,7
     $categoryID = -1;
 }
-if ($page->isLoggedIn())
+if ($page->isLoggedIn() && $page->isUserNormal($page->getLoggedInUser))
 {
 if (isset($_GET['error']))

 /forums/delete-post-do.php
 ,7 → 9,7
 $id = $page->getGetID();
 $post = $page->getForumPost($id);
-if (($page->isUserAdmin($page->getLoggedInUser()) || $post->author->ID == $page->getLoggedInUser()->ID) && $post)
+if (($page->isUserAdmin($page->getLoggedInUser()) || $post->author->ID == $page->getLoggedInUser()->ID) && $post && $page->isUserNormal($page->getLoggedInUser()))
 {
     $page->query('DELETE FROM ForumPosts WHERE ID = ' . $id);
     $page->redirect('index.php');

 /forums/index.php
 ,7 → 24,7
 {
     write('<a href="index.php?parentID=-1">Back to root</a>');
 }
-if ($page->isLoggedIn())
+if ($page->isLoggedIn() && $page->isUserNormal($page->getLoggedInUser()))
 {
     if ($parentID != -1)
     {

/wiki/pages/Index.txt
File deleted

Property changes:
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property

Subversion Repositories taios

Compare Revisions

Ignore whitespace Rev 466 → Rev 471