joepie91
/
redonate
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Implement administrator access checks

Browse Source
master
Sven Slootweg 11 years ago
parent d75e9b6920
commit 07ae0efce8
4 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File

9
public_html/classes/campaign.php
Unescape Escape View File

@ -25,7 +25,7 @@ class Campaign extends CPHPDatabaseRecordClass
'UrlName' => "UrlName" 'UrlName' => "UrlName"
), ),
'numeric' => array( 'numeric' => array(
'OwnerId' => "UserId", 'OwnerId' => "OwnerId",
'DonationRate' => "DonationRate", 'DonationRate' => "DonationRate",
'SubscriberCount' => "SubscriberCount", 'SubscriberCount' => "SubscriberCount",
'MonthlyTotal' => "TotalMonthlyDonations", 'MonthlyTotal' => "TotalMonthlyDonations",
@ -39,7 +39,7 @@ class Campaign extends CPHPDatabaseRecordClass
'LastStatisticsUpdate' => "LastStatisticsUpdate" 'LastStatisticsUpdate' => "LastStatisticsUpdate"
), ),
'user' => array( 'user' => array(
'Owner' => "Owner" 'Owner' => "OwnerId"
) )
); );
@ -61,6 +61,11 @@ class Campaign extends CPHPDatabaseRecordClass
return self::CreateFromQuery("SELECT * FROM campaigns WHERE `UrlName` = :UrlName", array(':UrlName' => $urlname), 0, true); return self::CreateFromQuery("SELECT * FROM campaigns WHERE `UrlName` = :UrlName", array(':UrlName' => $urlname), 0, true);
} }
public function VerifyAdministratorAccess($userid)
{
return ($this->sOwnerId == $userid);
}
public function UpdateStatistics() public function UpdateStatistics()
{ {
global $database; global $database;

5
public_html/modules/campaign/addmethod.php
Unescape Escape View File

@ -23,6 +23,11 @@ catch (NotFoundException $e)
throw new RouterException("Campaign does not exist."); throw new RouterException("Campaign does not exist.");
} }
if($sCampaign->VerifyAdministratorAccess($_SESSION['user_id']) === false)
{
throw new RouterException("Not authorized to administrate this campaign.");
}
if(!empty($_POST['submit'])) if(!empty($_POST['submit']))
{ {
if(empty($_POST['address'])) if(empty($_POST['address']))

5
public_html/modules/campaign/dashboard.php
Unescape Escape View File

@ -23,6 +23,11 @@ catch (NotFoundException $e)
throw new RouterException("Campaign does not exist."); throw new RouterException("Campaign does not exist.");
} }
if($sCampaign->VerifyAdministratorAccess($_SESSION['user_id']) === false)
{
throw new RouterException("Not authorized to administrate this campaign.");
}
$sPaymentMethods = array(); $sPaymentMethods = array();
try try

5
public_html/modules/campaign/removemethod.php
Unescape Escape View File

@ -23,6 +23,11 @@ catch (NotFoundException $e)
throw new RouterException("Campaign does not exist."); throw new RouterException("Campaign does not exist.");
} }
if($sCampaign->VerifyAdministratorAccess($_SESSION['user_id']) === false)
{
throw new RouterException("Not authorized to administrate this campaign.");
}
try try
{ {
$sPaymentMethod = new PaymentMethod($router->uParameters[2]); $sPaymentMethod = new PaymentMethod($router->uParameters[2]);

Write Preview
Loading…
Cancel
Save