Changeset 392

Timestamp:

01/25/05 14:25:29 (8 years ago)

Author:

plec_

Message:

Added Rikhardur Egillson patch for mysql and completed requireOwner

Files:

• trunk/wifidog-auth/wifidog/classes/Security.php (modified) (2 diffs)

trunk/wifidog-auth/wifidog/classes/Security.php

@@ -56 +56 @@
     $user = $this->session->get(SESS_USERNAME_VAR);
     $password_hash = $this->session->get(SESS_PASSWORD_HASH_VAR);
-    $db->ExecSqlUniqueRes("SELECT * FROM users NATURAL JOIN administrators WHERE user_id='$user' AND pass='$password_hash'", $user_info, false);
+    
+    $db->ExecSqlUniqueRes("SELECT * FROM users NATURAL JOIN administrators WHERE (users.user_id='$user' OR email='$user') AND pass='$password_hash'", $user_info, false);
     if (empty($user_info)) {
       echo '<p class=error>'._("You do not have administrator privileges")."</p>\n";
@@ -72 +73 @@
     $user = $this->session->get(SESS_USERNAME_VAR);
     $password_hash = $this->session->get(SESS_PASSWORD_HASH_VAR);
-    //$db->ExecSqlUniqueRes("SELECT * FROM users NATURAL JOIN administrators WHERE user_id='$user' AND pass='$password_hash'", $user_info, false);
-    if (empty($user_info)) {
-      echo '<p class=error>'._("NOT IMPLEMENTED YET, ACCESS DENIED")."</p>\n";
-      exit;
+
+    $db->ExecSqlUniqueRes("SELECT * FROM users NATURAL JOIN node_owners WHERE (users.user_id='$user' OR email='$user') AND pass='$password_hash' AND node_owners.node_id='$node_id'", $user_info, false);
+    if(empty($user_info)) {
+        echo '<p class=error>'._("You do not have owner privileges")."</p>\n";
+        exit;
     } else {
       /* Access granted */
-      //echo '<p class=error>'._("Access granted")."</p>\n";
+          //echo '<p class=error>'._("Access granted")."</p>\n";
     }
   }