image uploading fixes involving database filepaths, with no filename.
[phpns.git] / inc / auth.php
blob0fef3f21e55f718b508764441a520d2de7fb5fa7
1 <?php
3 /* Copyright (c) 2007-08 Alec Henriksen
4 * phpns is free software; you can redistribute it and/or modify it under the
5 * terms of the GNU General Public Licence (GPL) as published by the Free
6 * Software Foundation; either version 2 of the Licence, or (at your option) any
7 * later version.
8 * Please see the GPL at http://www.gnu.org/copyleft/gpl.html for a complete
9 * understanding of what this license means and how to abide by it.
11 if ($_COOKIE['cookie_auth'] && !$_SESSION['auth']) { //if we detect a cookie, we have to verify that it is valid.
12 $globalvars['cookie_auth'] = clean_data($_COOKIE['cookie_auth']); //clean the data
14 //check and see if there is an entry with that cookie auth code
15 $cookie_check = general_query('SELECT * FROM '.$databaseinfo['prefix'].'cookielog WHERE cookie_id="'.$globalvars['cookie_auth'].'"');
17 if (mysql_num_rows($cookie_check) > 0) {
19 //we need an mysql_fetch_array too... so we can't use the previous one (without annoying while clauses)
20 $cookie_check = general_query('SELECT * FROM '.$databaseinfo['prefix'].'cookielog WHERE cookie_id="'.$globalvars['cookie_auth'].'"', TRUE);
21 $fdata = general_query('SELECT * FROM '.$databaseinfo['prefix'].'users WHERE id="'.$cookie_check['user_id'].'"', TRUE);
22 $rdata = general_query('SELECT * FROM '.$databaseinfo['prefix'].'ranks WHERE id="'.$fdata['rank_id'].'"', TRUE);
24 //IF YOU MODIFY SOMETHING HERE, MODIFY THE LOGIN.PHP TOO!
25 $_SESSION['username'] = $fdata['user_name'];
26 $_SESSION['userID'] = $fdata['id'];
27 $_SESSION['rankID'] = $fdata['rank_id'];
28 $_SESSION['permissions'] = $rdata['permissions'];
29 $_SESSION['category_list'] = $rdata['category_list'];
30 $_SESSION['auth'] = "yes";
31 $_SESSION['path'] = $globalvars['path_to'];
35 if (@$_SESSION['auth'] != "yes") {
36 header("Location: login.php");
37 die();
40 if (@$_SESSION['path'] != $globalvars['path_to']) {
41 header("Location: login.php");
42 die();
45 $globalvars['rank'] = $_SESSION['permissions']; //set new array
47 /* Rank authority
49 ranks are recordered in a session variable, somewhat like this:
50 1,1,1,1,1,1,1,1,1,1,1,1
52 WHICH TRANLATES TO
54 createranks,manageranks,loginrecords,preferences,loggingin,
55 createarticles,approve,editarticles,deletearticles,createusers,
56 editusers,deleteusers
58 So, we can use the following vars to identify each permission #:
60 create ranks = $data['permissions'][0];
61 manage ranks = $data['permissions'][2];
62 view login records = $data['permissions'][4];
63 edit preferences = $data['permissions'][6];
64 logging in = $data['permissions'][8];
65 *create articles = $data['permissions'][10];
66 *approve articles = $data['permissions'][12];
67 edit articles = $data['permissions'][14];
68 delete articles = $data['permissions'][16];
69 create users = $data['permissions'][18];
70 edit users = $data['permissions'][20];
71 delete users = $data['permissions'][22];
74 ====================
75 TEMPLATE FOR DISALLOWING/ALLOWING
76 ====================
78 //quick permission check (redir to error) reference above this
79 if ($globalvars['rank'][#] == 0) {
80 header("Location: index.php?do=permissiondenied");
81 die(); //if header doesn't work, kill the script.