diff options
| author | Anika Henke <anika@selfthinker.org> | 2011-02-22 23:04:53 +0000 |
|---|---|---|
| committer | Anika Henke <anika@selfthinker.org> | 2011-02-22 23:04:53 +0000 |
| commit | 3a48618a538412994ec244d5a9fde5c4a6161d10 (patch) | |
| tree | 0ec52d772713d4e5839a2f90b8e5ecf0fa6a37e9 | |
| parent | d012ef7d2a1019a89c7fbd8c2479d7c1ed10b526 (diff) | |
| download | rpg-3a48618a538412994ec244d5a9fde5c4a6161d10.tar.gz rpg-3a48618a538412994ec244d5a9fde5c4a6161d10.tar.bz2 | |
improved actionOK and its use
| -rw-r--r-- | inc/auth.php | 13 | ||||
| -rw-r--r-- | inc/confutils.php | 21 | ||||
| -rw-r--r-- | inc/template.php | 12 |
3 files changed, 21 insertions, 25 deletions
diff --git a/inc/auth.php b/inc/auth.php index 7449fd635..164ad3df9 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -686,9 +686,8 @@ function register(){ global $conf; global $auth; - if (!$auth) return false; if(!$_POST['save']) return false; - if(!$auth->canDo('addUser')) return false; + if(!actionOK('register')) return false; //clean username $_POST['login'] = trim($auth->cleanUser($_POST['login'])); @@ -764,12 +763,10 @@ function updateprofile() { global $lang; global $auth; - if (!$auth) return false; if(empty($_POST['save'])) return false; if(!checkSecurityToken()) return false; - // should not be able to get here without Profile being possible... - if(!$auth->canDo('Profile')) { + if(!actionOK('profile')) { msg($lang['profna'],-1); return false; } @@ -840,11 +837,7 @@ function act_resendpwd(){ global $conf; global $auth; - if(!actionOK('resendpwd')) return false; - if (!$auth) return false; - - // should not be able to get here without modPass being possible... - if(!$auth->canDo('modPass')) { + if(!actionOK('resendpwd')) { msg($lang['resendna'],-1); return false; } diff --git a/inc/confutils.php b/inc/confutils.php index 26ed4f087..b2d25fb65 100644 --- a/inc/confutils.php +++ b/inc/confutils.php @@ -241,17 +241,24 @@ function actionOK($action){ // prepare disabled actions array and handle legacy options $disabled = explode(',',$conf['disableactions']); $disabled = array_map('trim',$disabled); - if(isset($conf['openregister']) && !$conf['openregister']) $disabled[] = 'register'; - if(isset($conf['resendpasswd']) && !$conf['resendpasswd']) $disabled[] = 'resendpwd'; - if(isset($conf['subscribers']) && !$conf['subscribers']) { - $disabled[] = 'subscribe'; - } - if (is_null($auth) || !$auth->canDo('addUser')) { + if(!empty($conf['openregister']) || is_null($auth) || !$auth->canDo('addUser')) { $disabled[] = 'register'; } - if (is_null($auth) || !$auth->canDo('modPass')) { + if(!empty($conf['resendpasswd']) || is_null($auth) || !$auth->canDo('modPass')) { $disabled[] = 'resendpwd'; } + if(!empty($conf['subscribers']) || is_null($auth)) { + $disabled[] = 'subscribe'; + } + if (is_null($auth) || !$auth->canDo('Profile')) { + $disabled[] = 'profile'; + } + if (is_null($auth)) { + $disabled[] = 'login'; + } + if (is_null($auth) || !$auth->canDo('logout')) { + $disabled[] = 'logout'; + } $disabled = array_unique($disabled); } diff --git a/inc/template.php b/inc/template.php index b873d818f..d29e3e779 100644 --- a/inc/template.php +++ b/inc/template.php @@ -581,12 +581,9 @@ function tpl_get_action($type) { $accesskey = 'b'; break; case 'login': - if(!$conf['useacl'] || !$auth){ - return false; - } $params['sectok'] = getSecurityToken(); if(isset($_SERVER['REMOTE_USER'])){ - if (!$auth->canDo('logout')) { + if (!actionOK('logout')) { return false; } $params['do'] = 'logout'; @@ -619,20 +616,19 @@ function tpl_get_action($type) { $type = 'subscribe'; $params['do'] = 'subscribe'; case 'subscribe': - if(!$conf['useacl'] || !$auth || !$conf['subscribers'] || !$_SERVER['REMOTE_USER']){ + if(!$_SERVER['REMOTE_USER']){ return false; } break; case 'backlink': break; case 'profile': - if(!$conf['useacl'] || !$auth || !isset($_SERVER['REMOTE_USER']) || - !$auth->canDo('Profile')){ + if(!isset($_SERVER['REMOTE_USER'])){ return false; } break; case 'subscribens': - // Superseeded by subscribe/subscription + // Superseded by subscribe/subscription return ''; break; default: |