forum.coppermine-gallery.net
Dev Board => cpg1.4 Testing/Bugs => cpg1.4 Testing/Bugs: FIXED/CLOSED => Topic started by: Tranz on March 06, 2005, 04:25:04 am
-
If I click the activation link while I am logged in (as admin or regular user), it says:
You don't have permission to access this page.
it's due to this line:
if (!$CONFIG['allow_user_registration'] || USER_ID) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
I changed this to
if (!$CONFIG['allow_user_registration'] || !GALLERY_ADMIN_MODE) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
That caused other issues.
If the account is already active, it shows the header twice (including admin menu) when it shows the error message "Account is already active!".
Then if I try to register, it says I don't have permission. So that admin conditional needs to go elsewhere.
So current issue is the admin can't activate the registration while logged in. However, the link should require an admin being logged in for it to work. Maybe there needs to be another parameter in the URL to indicate that it is an admin activation.
-
I changed this to
if (!$CONFIG['allow_user_registration'] || !GALLERY_ADMIN_MODE) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
By doing this we are denying new registrations. What if we remove the second condition?
If the account is already active, it shows the header twice (including admin menu) when it shows the error message "Account is already active!".
I suggest following code changes to avoid this:
if (isset($_GET['activate'])) {
//$CONFIG['admin_activation'] = FALSE;
//$CONFIG['admin_activation'] = TRUE;
$act_key = addslashes(substr($_GET['activate'], 0 , 32));
if (strlen($act_key) != 32) cpg_die(ERROR, $lang_register_php['acct_act_failed'], __FILE__, __LINE__);
$sql = "SELECT user_active user_active, user_email, user_name, user_password " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_actkey = '$act_key' " . "LIMIT 1";
$result = cpg_db_query($sql);
if (!mysql_num_rows($result)) cpg_die(ERROR, $lang_register_php['acct_act_failed'], __FILE__, __LINE__);
$row = mysql_fetch_array($result);
mysql_free_result($result);
if ($row['user_active'] == 'YES') cpg_die(ERROR, $lang_register_php['acct_already_act'], __FILE__, __LINE__);
pageheader($lang_register_php['page_title']);
$email = $row['user_email'];
$user_name = $row['user_name'];
$password = $row['user_password'];
$sql = "UPDATE {$CONFIG['TABLE_USERS']} " . "SET user_active = 'YES' " . "WHERE user_actkey = '$act_key' " . "LIMIT 1";
$result = cpg_db_query($sql);
if ($CONFIG['admin_activation']==1) { //after admin approves, user receives email notification
msg_box($lang_register_php['information'], $lang_register_php['acct_active_admin_activation'], $lang_continue, 'index.php');
$site_link = $CONFIG['site_url'];
$template_vars = array(
'{SITE_LINK}' => $site_link,
'{USER_NAME}' => $user_name,
'{PASSWORD}' => $password,
'{SITE_NAME}' => $CONFIG['gallery_name'],
);
cpg_mail($email, sprintf($lang_register_php['notify_user_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_activated_email, $template_vars)));
} else { //user self-activated, gets message box that account was activated
msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_continue, 'index.php');
}
} else {
pageheader($lang_register_php['page_title']);
if (isset($_POST['agree'])) {
input_user_info();
} elseif (isset($_POST['submit'])) {
$errors = '';
if (!check_user_info($errors)) {
input_user_info($errors);
}
} else {
display_disclaimer();
}
}
-
Commited the changes to CVS.
-
Great. Thanks, Aditya. :)