admin approval of registration only works when logged out admin approval of registration only works when logged out
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

admin approval of registration only works when logged out

Started by Tranz, March 06, 2005, 04:25:04 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Tranz

March 06, 2005, 04:25:04 AM Last Edit: March 25, 2005, 09:31:55 AM by TranzNDance
If I click the activation link while I am logged in (as admin or regular user), it says:
QuoteYou don't have permission to access this page.

it's due to this line:
Code Select
if (!$CONFIG['allow_user_registration'] || USER_ID) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);


I changed this to
Code Select
if (!$CONFIG['allow_user_registration'] || !GALLERY_ADMIN_MODE) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);

That caused other issues.

If the account is already active, it shows the header twice (including admin menu) when it shows the error message "Account is already active!".

Then if I try to register, it says I don't have permission. So that admin conditional needs to go elsewhere.

So current issue is the admin can't activate the registration while logged in. However, the link should require an admin being logged in for it to work. Maybe there needs to be another parameter in the URL to indicate that it is an admin activation.

Aditya Mooley

#1
March 22, 2005, 07:56:49 AM
Quote from: TranzNDance on March 06, 2005, 04:25:04 AM
I changed this to
Code Select
if (!$CONFIG['allow_user_registration'] || !GALLERY_ADMIN_MODE) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);


By doing this we are denying new registrations. What if we remove the second condition?

Quote
If the account is already active, it shows the header twice (including admin menu) when it shows the error message "Account is already active!".

I suggest following code changes to avoid this:

Code Select

if (isset($_GET['activate'])) {
                //$CONFIG['admin_activation'] = FALSE;
                //$CONFIG['admin_activation'] = TRUE;

    $act_key = addslashes(substr($_GET['activate'], 0 , 32));
    if (strlen($act_key) != 32) cpg_die(ERROR, $lang_register_php['acct_act_failed'], __FILE__, __LINE__);

    $sql = "SELECT user_active user_active, user_email, user_name, user_password " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_actkey = '$act_key' " . "LIMIT 1";
    $result = cpg_db_query($sql);
    if (!mysql_num_rows($result)) cpg_die(ERROR, $lang_register_php['acct_act_failed'], __FILE__, __LINE__);

    $row = mysql_fetch_array($result);
    mysql_free_result($result);

    if ($row['user_active'] == 'YES') cpg_die(ERROR, $lang_register_php['acct_already_act'], __FILE__, __LINE__);

    pageheader($lang_register_php['page_title']);
    $email = $row['user_email'];
    $user_name = $row['user_name'];
    $password = $row['user_password'];

    $sql = "UPDATE {$CONFIG['TABLE_USERS']} " . "SET user_active = 'YES' " . "WHERE user_actkey = '$act_key' " . "LIMIT 1";
    $result = cpg_db_query($sql);

                if ($CONFIG['admin_activation']==1) { //after admin approves, user receives email notification
                        msg_box($lang_register_php['information'], $lang_register_php['acct_active_admin_activation'], $lang_continue, 'index.php');
                        $site_link = $CONFIG['site_url'];
                        $template_vars = array(
                         '{SITE_LINK}' => $site_link,
                         '{USER_NAME}' => $user_name,
                         '{PASSWORD}' => $password,
                         '{SITE_NAME}' => $CONFIG['gallery_name'],
                                );
                        cpg_mail($email, sprintf($lang_register_php['notify_user_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_activated_email, $template_vars)));
                } else { //user self-activated, gets message box that account was activated
                        msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_continue, 'index.php');
                }
} else {
  pageheader($lang_register_php['page_title']);
  if (isset($_POST['agree'])) {
    input_user_info();
  } elseif (isset($_POST['submit'])) {
    $errors = '';
    if (!check_user_info($errors)) {
      input_user_info($errors);
    }
  } else {
    display_disclaimer();
  }
}
--- "Its Nice 2 BE Important but its more Important 2 Be NICE" ---
Follow Coppermine on Twitter

Aditya Mooley

#2
March 25, 2005, 08:57:06 AM
Commited the changes to CVS.
--- "Its Nice 2 BE Important but its more Important 2 Be NICE" ---
Follow Coppermine on Twitter

Tranz

#3
March 25, 2005, 09:32:13 AM
Great. Thanks, Aditya. :)
Print
Go Up Pages1
User actions