Author Topic: [1.7 / 1.7.1] Download images that not allowed to be viewed  (Read 21915 times)

0 Members and 1 Guest are viewing this topic.

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Administrator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
[1.7 / 1.7.1] Download images that not allowed to be viewed
« on: November 12, 2005, 08:43:39 PM »
This fix will fix a bug that allow visitors download images even these which they are not allowed to view. Also will fix proper redirection to the details page for the clients with blocked referer page.

In download.php find:
Code: [Select]
          WHERE image_active = 1 AND image_id IN ($image_id_sql) AND cat_id NOT IN (".get_auth_cat_sql("auth_download", "NOTIN").")";
Replace it with:
Code: [Select]
          WHERE image_active = 1 AND image_id IN ($image_id_sql) AND cat_id NOT IN (".get_auth_cat_sql("auth_viewimage", "NOTIN").", ".get_auth_cat_sql("auth_viewcat", "NOTIN").get_auth_cat_sql("auth_download", "NOTIN").")";
Then find:
Code: [Select]
  if (!check_permission("auth_download", $image_row['cat_id']) || !$image_row) {
    header("Location: ".$site_sess->url($url, "&"));
    exit;
  }

Replace it with:
Code: [Select]
  if (!$image_row || !check_permission("auth_viewcat", $image_row['cat_id']) || !check_permission("auth_viewimage", $image_row['cat_id'])) {
    header("Location: ".$site_sess->url($url, "&"));
    exit;
  }
  else
  {
    if (!check_permission("auth_download", $image_row['cat_id']))
    {
//      header("Location: ".$site_sess->url($url, "&"));
      header("Location: ".$site_sess->url(ROOT_PATH."details.php?image_id=".$image_id, "&"));
      exit;
    }
  }
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline 8o8o8.com

  • Newbie
  • *
  • Posts: 10
    • View Profile
Re: [1.7 / 1.7.1] Download images that not allowed to be viewed
« Reply #1 on: June 20, 2006, 09:52:38 AM »
thankx