Changeset 585


Ignore:
Timestamp:
Sep 13, 2013, 9:26:31 PM (11 years ago)
Author:
chronos
Message:
  • Added: Access to RSS channels restricted to higher level user with API token.
Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/Modules/News/RSS.php

    r581 r585  
    3535          $this->RawPage = true;
    3636         
    37           if(array_key_exists($_GET['channel'], $this->System->ModuleManager->Modules['News']->RSSChannels))
     37          if(array_key_exists('channel', $_GET)) $ChannelName = $_GET['channel'];
     38            else $ChannelName = '';
     39          if(array_key_exists('token', $_GET)) $Token = $_GET['token'];
     40            else $Token = '';
     41          if(array_key_exists($ChannelName, $this->System->ModuleManager->Modules['News']->RSSChannels))
    3842          {
    39             $Channel = $this->System->ModuleManager->Modules['News']->RSSChannels[$_GET['channel']];
    40             if($this->System->User->Licence($Channel['Permission']))
     43            $Channel = $this->System->ModuleManager->Modules['News']->RSSChannels[$ChannelName];           
     44            if($this->System->User->Licence($Channel['Permission']) or
     45            $this->System->User->CheckToken($Channel['Permission'], $Token))
    4146            {
    4247            if(is_string($Channel['Callback'][0]))

  • trunk/Modules/User/User.php

    r579 r585  
    153153    else return($this->Role >= $Licence);   
    154154  }
     155 
     156  function CheckToken($Licence, $Token)
     157  {
     158    $DbResult = $this->System->Database->select('APIToken', 'User', '`Token`="'.$Token.'"');
     159    if($DbResult->num_rows > 0)
     160    {
     161      $DbRow = $DbResult->fetch_assoc();
     162      $DbResult2 = $this->System->Database->select('User', 'GM', '`ID`="'.$DbRow['User'].'"');
     163      $DbRow2 = $DbResult2->fetch_assoc();
     164      return($DbRow2['GM'] >= $Licence);
     165    } else return(false);   
     166  }
    155167
    156168  function GetPasswordSalt()

  • trunk/admin/UpdateTrace.php

    r574 r585  
    26002600}
    26012601
     2602function UpdateTo585($Manager)
     2603{
     2604  $Manager->Execute('CREATE TABLE IF NOT EXISTS `APIToken` (
     2605    `Id` int(11) NOT NULL AUTO_INCREMENT,
     2606    `User` int(11) NOT NULL,
     2607    `Token` varchar(255) NOT NULL,
     2608    PRIMARY KEY (`Id`),
     2609    KEY `User` (`User`)
     2610) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;');
     2611  $Manager->Execute('ALTER TABLE `APIToken`
     2612  ADD CONSTRAINT `APIToken_ibfk_1` FOREIGN KEY (`User`) REFERENCES `User` (`ID`);');
     2613}
    26022614
    26032615$Updates = array(
     
    26102622        543 => array('Revision' => 567, 'Function' => 'UpdateTo567'),
    26112623        567 => array('Revision' => 574, 'Function' => 'UpdateTo574'),
     2624        574 => array('Revision' => 585, 'Function' => 'UpdateTo585'),
    26122625);

  • trunk/includes/Version.php

    r584 r585  
    11<?php
    22
    3 $Revision = 584; // Subversion revision
    4 $DatabaseRevision = 574; // Database structure revision
    5 $ReleaseTime = '2013-09-12';
     3$Revision = 585; // Subversion revision
     4$DatabaseRevision = 585; // Database structure revision
     5$ReleaseTime = '2013-09-13';
Note: See TracChangeset for help on using the changeset viewer.