diff --git a/admin/addAppNote.php b/admin/addAppNote.php index f9c5c15..449539a 100644 --- a/admin/addAppNote.php +++ b/admin/addAppNote.php @@ -10,7 +10,7 @@ require(BASE."include/"."application.php"); global $apidb_root; //check for admin privs -if(!loggedin() || (!havepriv("admin") && !isMaintainer($appId,$versionId)) ) +if(!loggedin() || (!havepriv("admin") && !$_SESSION['current']->is_maintainer($appId,$versionId)) ) { errorpage("Insufficient Privileges!"); exit; diff --git a/admin/adminAppDataQueue.php b/admin/adminAppDataQueue.php index 9f29b57..f999987 100644 --- a/admin/adminAppDataQueue.php +++ b/admin/adminAppDataQueue.php @@ -61,7 +61,10 @@ if (!$_REQUEST['queueId']) $c = 1; while($ob = mysql_fetch_object($result)) { - if(isMaintainer($ob->queueappId,$ob->queueversionId) || havepriv("admin")) { + if($_SESSION['current']->is_maintainer($ob->queueappId, + $ob->queueversionId) + || havepriv("admin")) + { if ($c % 2 == 1) { $bgcolor = 'color0'; } else { $bgcolor = 'color1'; } echo "\n"; echo " ".date("Y-n-t h:i:sa", $ob->submitTime)."  \n"; @@ -83,7 +86,10 @@ if (!$_REQUEST['queueId']) } else // shows a particular appdata { - if(!(havepriv("admin") || isMaintainer($obj_row->queueAppId,$obj_row->queueVersionId))) { + if(!(havepriv("admin") || + $_SESSION['current']->is_maintainer($obj_row->queueAppId, + $obj_row->queueVersionId))) + { errorpage("You don't have sufficient priviledges to use this page."); exit; } diff --git a/admin/editAppNote.php b/admin/editAppNote.php index 4b7b1e7..863a92e 100644 --- a/admin/editAppNote.php +++ b/admin/editAppNote.php @@ -11,7 +11,7 @@ global $apidb_root; //check for admin privs -if(!loggedin() || (!havepriv("admin") && !isMaintainer($appId,$versionId)) ) +if(!loggedin() || (!havepriv("admin") && !$_SESSION['current']->is_maintainer($appId,$versionId)) ) { errorpage("Insufficient Privileges!"); exit; diff --git a/admin/editAppVersion.php b/admin/editAppVersion.php index 937d4d9..28824fa 100644 --- a/admin/editAppVersion.php +++ b/admin/editAppVersion.php @@ -9,7 +9,7 @@ require(BASE."include/"."application.php"); //check for admin privs -if(!loggedin() || (!havepriv("admin") && !isMaintainer($_REQUEST['appId'], $_REQUEST['versionId'])) ) +if(!loggedin() || (!havepriv("admin") && !$_SESSION['current']->is_maintainer($_REQUEST['appId'], $_REQUEST['versionId'])) ) { errorpage("Insufficient Privileges!"); exit; diff --git a/appview.php b/appview.php index cc688ec..d8ea6bb 100644 --- a/appview.php +++ b/appview.php @@ -180,7 +180,7 @@ function display_notes($appId, $versionId = 0) } // display row - if (havepriv("admin") || isMaintainer($appId,$versionId) ) + if (havepriv("admin") || $_SESSION['current']->is_maintainer($appId,$versionId) ) echo " $c. ".substr(stripslashes($ob->noteTitle),0,30)."
\n"; else echo " $c. ".substr(stripslashes($ob->noteTitle),0,30)."
\n"; @@ -367,7 +367,7 @@ if($appId && !$versionId) if(loggedin()) { /* are we already a maintainer? */ - if(isSuperMaintainer($appId, $versionId)) /* yep */ + if($_SESSION['current']->is_super_maintainer($appId) /* yep */ { echo '
'; } else /* nope */ @@ -505,14 +505,14 @@ else if($appId && $versionId) { /* is this user a maintainer of this version by virtue of being a super maintainer */ /* of this app family? */ - if(isSuperMaintainer($appId) && !isMaintainer($appId, $versionId)) + if($_SESSION['current']->is_super_maintainer($appId) && !$_SESSION['current']->is_maintainer($appId, $versionId)) { echo ''; echo ""; } else { /* are we already a maintainer? */ - if(isMaintainer($appId, $versionId)) /* yep */ + if($_SESSION['current']->is_maintainer($appId, $versionId)) /* yep */ { echo ''; echo ""; @@ -534,7 +534,7 @@ else if($appId && $versionId) echo ""; - if (loggedin() && (havepriv("admin") || isMaintainer($appId, $versionId))) + if (loggedin() && (havepriv("admin") || $_SESSION['current']->is_maintainer($appId, $versionId))) { echo "
"; echo ''; @@ -582,7 +582,7 @@ else if($appId && $versionId) echo add_br(stripslashes($ob->noteDesc)); echo "\n"; - if (loggedin() && (havepriv("admin") || isMaintainer($appId, $versionId))) + if (loggedin() && (havepriv("admin") || $_SESSION['current']->is_maintainer($appId, $versionId))) { echo ""; echo 'noteId.'&appId='.$appId.'&versionId='.$versionId.'>'; @@ -608,7 +608,7 @@ else if($appId && $versionId) echo add_br(stripslashes($ob->noteDesc)); echo "\n"; - if (loggedin() && (havepriv("admin") || isMaintainer($appId, $versionId))) + if (loggedin() && (havepriv("admin") || $_SESSION['current']->is_maintainer($appId, $versionId))) { echo ""; echo 'noteId.'&appId='.$appId.'&versionId='.$versionId.'>'; diff --git a/deletecomment.php b/deletecomment.php index 0d427ea..d37f88c 100644 --- a/deletecomment.php +++ b/deletecomment.php @@ -10,9 +10,17 @@ $_REQUEST['versionId'] = strip_tags($_REQUEST['versionId']); $_REQUEST['commentId'] = strip_tags($_REQUEST['commentId']); $_REQUEST['commentId'] = mysql_escape_string($_REQUEST['commentId']); +if(!loggedin()) +{ + errorpage("You need to be logged in to delete a comment."); + exit; +} + /* if we aren't an admin or the maintainer of this app we shouldn't be */ /* allowed to delete any comments */ -if(!havepriv("admin") && !isMaintainer($_REQUEST['appId'], $_REQUEST['versionId'])) +if(!havepriv("admin") && + !$_SESSION['current']->is_maintainer($_REQUEST['appId'], + $_REQUEST['versionId'])) { errorpage('You don\'t have admin privilages'); exit; diff --git a/include/comments.php b/include/comments.php index f35e532..9b767ae 100644 --- a/include/comments.php +++ b/include/comments.php @@ -64,7 +64,7 @@ function view_app_comment($ob) echo "\n"; // delete message button, for admins - if(havepriv("admin") || isMaintainer($ob->appId, $ob->versionId)) + if(havepriv("admin") || $_SESSION['current']->is_maintainer($ob->appId, $ob->versionId)) { echo ""; echo "\n"; diff --git a/include/user.php b/include/user.php index 8fe4999..6eb7d23 100644 --- a/include/user.php +++ b/include/user.php @@ -217,7 +217,7 @@ class User { */ function is_maintainer($appId, $versionId) { - if(!loggedin() || !$this->userid) + if(!$this->userid) return false; /* if this user is a super maintainer of this appid then they */ @@ -240,7 +240,7 @@ class User { */ function is_super_maintainer($appId) { - if(!loggedin() || !$this->userid) + if(!$this->userid) return false; $query = "SELECT * FROM appMaintainers WHERE userid = '$this->userid' AND appId = '$appId' AND superMaintainer = '1'"; @@ -304,25 +304,6 @@ function havepriv($priv) return $_SESSION['current']->checkpriv($priv); } - -function isMaintainer($appId, $versionId) -{ - if(!loggedin()) - return false; - - return $_SESSION['current']->is_maintainer($appId, $versionId); -} - - -function isSuperMaintainer($appId) -{ - if(!loggedin()) - return false; - - return $_SESSION['current']->is_super_maintainer($appId); -} - - function debugging() { return ((loggedin() && $_SESSION['current']->getpref("debug") == "yes") || APPDB_DEBUG == 1); diff --git a/maintainersubmit.php b/maintainersubmit.php index 81ef713..fcfd766 100644 --- a/maintainersubmit.php +++ b/maintainersubmit.php @@ -39,14 +39,14 @@ $versionId = strip_tags($_POST['versionId']); $superMaintainer = strip_tags($_POST['superMaintainer']); /* if the user is already a maintainer don't add them again */ -if(isMaintainer($appId, $versionId)) +if($_SESSION['current']->is_maintainer($appId, $versionId)) { echo "You are already a maintainer of this app!"; exit; } /* if this user is a super maintainer they maintain all of the versionIds of this appId */ -if(isSuperMaintainer($appId)) +if($_SESSION['current']->is_super_maintainer($appId)) { echo "You are already a supermaintainer of the whole application family!"; exit; diff --git a/screenshots.php b/screenshots.php index 5362837..763bbef 100644 --- a/screenshots.php +++ b/screenshots.php @@ -17,7 +17,9 @@ if($_REQUEST['cmd']) //process screenshot upload if($_REQUEST['cmd'] == "screenshot_upload") { - if(havepriv("admin") || isMaintainer($_REQUEST['appId'], $_REQUEST['versionId'])) + if(havepriv("admin") || + $_SESSION['current']->is_maintainer($_REQUEST['appId'], + $_REQUEST['versionId'])) { if(!copy($_FILES['imagefile']['tmp_name'], "data/screenshots/".$_REQUEST['appId']."-".$_REQUEST['versionId']."-".basename($_FILES['imagefile']['name']))) { @@ -105,7 +107,9 @@ if($_REQUEST['cmd']) } } elseif($_REQUEST['cmd'] == "delete") { - if(havepriv("admin") || isMaintainer($_REQUEST['appId'], $_REQUEST['versionId'])) + if(havepriv("admin") || + $_SESSION['current']->is_maintainer($_REQUEST['appId'], + $_REQUEST['versionId'])) { $result = mysql_query("DELETE FROM appData WHERE id = ".$_REQUEST['imageId']); if($result) @@ -193,7 +197,9 @@ if($result && mysql_num_rows($result)) echo $img; //show admin delete link - if(loggedin() && (havepriv("admin") || isMaintainer($_REQUEST['appId'], $_REQUEST['versionId']))) + if(loggedin() && (havepriv("admin") || + $_SESSION['current']->is_maintainer($_REQUEST['appId'], + $_REQUEST['versionId']))) { echo "
[Delete Image]
"; }