Stop allowing anonymous test results

2006-07-16 05:39:56 +00:00
parent ed0c692744
commit ed2cbe739d
2 changed files with 16 additions and 4 deletions
--- a/include/version.php
+++ b/include/version.php
@@ -802,10 +802,18 @@ class Version {
            $oTest->ShowVersionsTestingTable($_SERVER['PHP_SELF']."?iVersionId=".$this->iVersionId."&iTestingId=",
                                             5);
        }
+        if($_SESSION['current']->isLoggedIn())
+        {
            echo '<form method=post name=sMessage action=testResults.php?sSub=view&iVersionId='.$this->iVersionId.'>';
            echo '<input type=submit value="Add Testing Data" class="button" />';
            echo '</form>';
-
+        } else
+        {
+            echo '<form method="post" name="sMessage" action="account.php">';
+            echo '<input type="hidden" name="sCmd" value="login">';
+            echo '<input type=submit value="Log in add Testing Data" class="button">';
+            echo '</form>';
+        }
        echo "</td></tr>";
    
        /* close the table */
--- a/testResults.php
+++ b/testResults.php
@@ -18,6 +18,10 @@ $aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']);
 $aClean['iDistributionId'] = makeSafe($_REQUEST['iDistributionId']);
 $aClean['sDistribution'] = makeSafe($_REQUEST['sDistribution']);

+//deny access if not logged on
+if(!$_SESSION['current']->isLoggedIn())
+    util_show_error_page_and_exit("Insufficient privileges to create test results.  Are you sure you are logged in?");
+

 if ($aClean['sSub'])
 {