Changeset 585 for trunk/Modules

Timestamp:

Sep 13, 2013, 9:26:31 PM (12 years ago)

Author:

chronos

Message:

• Added: Access to RSS channels restricted to higher level user with API token.

Location:

trunk/Modules

Files:

• News/RSS.php (modified) (1 diff)
• User/User.php (modified) (1 diff)

trunk/Modules/News/RSS.php

@@ -35 +35 @@
           $this->RawPage = true;
           
-          if(array_key_exists($_GET['channel'], $this->System->ModuleManager->Modules['News']->RSSChannels))
+          if(array_key_exists('channel', $_GET)) $ChannelName = $_GET['channel'];
+            else $ChannelName = '';
+          if(array_key_exists('token', $_GET)) $Token = $_GET['token'];
+            else $Token = '';
+          if(array_key_exists($ChannelName, $this->System->ModuleManager->Modules['News']->RSSChannels))
           {
-            $Channel = $this->System->ModuleManager->Modules['News']->RSSChannels[$_GET['channel']];
-            if($this->System->User->Licence($Channel['Permission']))
+            $Channel = $this->System->ModuleManager->Modules['News']->RSSChannels[$ChannelName];            
+            if($this->System->User->Licence($Channel['Permission']) or 
+            $this->System->User->CheckToken($Channel['Permission'], $Token))
             {
             if(is_string($Channel['Callback'][0]))

trunk/Modules/User/User.php

@@ -153 +153 @@
     else return($this->Role >= $Licence);    
   }
+  
+  function CheckToken($Licence, $Token)
+  {
+    $DbResult = $this->System->Database->select('APIToken', 'User', '`Token`="'.$Token.'"');
+    if($DbResult->num_rows > 0)
+    {
+      $DbRow = $DbResult->fetch_assoc();
+      $DbResult2 = $this->System->Database->select('User', 'GM', '`ID`="'.$DbRow['User'].'"');
+      $DbRow2 = $DbResult2->fetch_assoc();
+      return($DbRow2['GM'] >= $Licence);
+    } else return(false);    
+  }
 
   function GetPasswordSalt()