User Rights Management and Frontend Editing

Post custom hacks and enhancements for phpwcms here only. Maybe some of these things will be included in official release later.
aerkanc
Posts: 2
Joined: Fri 26. May 2006, 10:35
Contact:

URL prefix bugs

Post by aerkanc »

this script very useful :lol: but hacked with URL Previx.

if user1 user without permission http://localhost/saray/phpwcms.php?do=a ... 1&struct=1 then user1 accessed this page.

i write this code. :idea:
search " switch ($do) {
case "articles": " in phpwcms.php

Code: Select all

	case "articles":////////////////////////////////////////code added by aerkanc /////////////////////////////////////////////////
							if( !$_SESSION["wcs_user_admin"]&& ( isset ( $_GET["id"] ) || isset ( $_GET["struct"] ) ) ){
							if ( isset ( $_GET["id"] ) ){
								$aerkanc_aid = intval ( $_GET["id"] );
								$sql="SELECT `acat_permit` FROM `phpwcms_article` INNER JOIN `phpwcms_articlecat` ON `acat_id` = `article_cid` WHERE `article_id` = ".$aerkanc_aid;
								}
							else{
							 	$aerkanc_aid = intval ( $_GET["struct"] );
								$sql="SELECT `acat_permit` FROM `phpwcms_articlecat` WHERE `acat_id` = ".$aerkanc_aid;
								}
							if($result = mysql_query($sql, $GLOBALS['db']) or die (mysql_error())) {
  								$has_permission=false;
								$row_result = mysql_fetch_assoc($result);
								$permit=$row_result["acat_permit"];					
								if(strlen($permit)==0) $has_permission=true;
								else{
									$puid=split(",",$permit);
									foreach($puid as $echop){
										if(intval($echop)==intval($_SESSION["wcs_user_id"])) $has_permission=true;
										}
									}
								if(!$has_permission)die("access denied");									
								mysql_free_result($result);
								}
							}			
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
phalancs
Posts: 793
Joined: Thu 19. Feb 2004, 05:09
Location: Germany

Post by phalancs »

I will test if it works together with the userpanel. if it does this is a relly MUST for phpwcms :):):)
2008
Post Reply