User validation (manual with db at this point)
This commit is contained in:
parent
9dc40eb62a
commit
19e270b111
|
@ -0,0 +1,2 @@
|
|||
ALTER TABLE `staff`
|
||||
ADD COLUMN `validated` INTEGER NOT NULL DEFAULT 0;
|
|
@ -130,6 +130,7 @@ if (!$cache_loaded) {
|
|||
}
|
||||
$cf['I0_DISABLE_APNG'] = false; // Disable APNG upload if you don't want anyone to abuse CSAM
|
||||
$cf['I0_DISABLE_THREAD_LIMIT'] = false; //Do not delete old posts, essentially an anti-wipe feature
|
||||
$cf['I0_20_STAFF_VALIDATION'] = false; //Set true if you want to prevent unvalidated users from creating 2.0 boards (run upgrade_to_staff_validation.sql)
|
||||
|
||||
|
||||
// --------------------------------------- CSS styles ---------------------------------------
|
||||
|
|
|
@ -223,15 +223,41 @@ class Manage {
|
|||
if ($this->CurrentUserIsAdministrator()) {
|
||||
return true;
|
||||
} else {
|
||||
$results = $tc_db->GetAll("SELECT HIGH_PRIORITY `type` FROM `" . KU_DBPREFIX . "staff` WHERE `username` = '" . $_SESSION['manageusername'] . "' AND `password` = '" . $_SESSION['managepassword'] . "' LIMIT 1");
|
||||
$results = $tc_db->GetAll("SELECT HIGH_PRIORITY `type`, `validated` FROM `" . KU_DBPREFIX . "staff` WHERE `username` = '" . $_SESSION['manageusername'] . "' AND `password` = '" . $_SESSION['managepassword'] . "' LIMIT 1");
|
||||
foreach ($results as $line) {
|
||||
if ($line['type'] != 3) {
|
||||
exitWithErrorPage(_gettext('That page is for custom board owners only.'));
|
||||
}
|
||||
if (I0_20_STAFF_VALIDATION && $line['validated'] != 1) {
|
||||
exitWithErrorPage(_gettext('Only validated users are allowed to create 2.0 boards. Please wait or go whine to /0/ board'));
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function CurrentUserIsValidated()
|
||||
{
|
||||
global $tc_db, $tpl_page;
|
||||
|
||||
if ($_SESSION['manageusername'] == '' || $_SESSION['managepassword'] == '' || $_SESSION['token'] == '') {
|
||||
$_SESSION['manageusername'] = '';
|
||||
$_SESSION['managepassword'] = '';
|
||||
$_SESSION['token'] = '';
|
||||
return false;
|
||||
}
|
||||
$results = $tc_db->GetAll("SELECT HIGH_PRIORITY `validated` FROM `" . KU_DBPREFIX . "staff` WHERE `username` = '" . $_SESSION['manageusername'] . "' AND `password` = '" . $_SESSION['managepassword'] . "' LIMIT 1");
|
||||
foreach ($results as $line) {
|
||||
if ($line['type'] == 1) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/* If the function reaches this point, something is fishy. Kill their session */
|
||||
session_destroy();
|
||||
exitWithErrorPage(_gettext('Invalid session, please log in again.'));
|
||||
}
|
||||
/* See if the user logged in is an admin */
|
||||
function CurrentUserIsAdministrator() {
|
||||
global $tc_db, $tpl_page;
|
||||
|
|
Loading…
Reference in New Issue