[svn r12218] Updated to api_not_allowed() calls, part 1/2

19 years ago · 14efa1a1c3
parent c677bb79d0
commit 14efa1a1c3
8 changed files with 45 additions and 42 deletions
--- a/main/course_description/index.php
+++ b/main/course_description/index.php
@ -1,4 +1,4 @@
-<?php // $Id: index.php 11249 2007-02-27 10:53:09Z elixir_julian $
+<?php // $Id: index.php 12218 2007-05-01 18:27:14Z yannoo $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@ -66,10 +66,11 @@ if(isset($_GET['description_id']) && $_GET['description_id']==6) $interbreadcrum
 if(isset($_GET['description_id']) && $_GET['description_id']==7) $interbreadcrumb[] = array ("url" => "#", "name" => get_lang('Assessment'));
 if(isset($_GET['description_id']) && $_GET['description_id']==8) $interbreadcrumb[] = array ("url" => "#", "name" => get_lang('NewBloc'));

+api_protect_course_script();
+
 Display :: display_header($nameTools, "Description");
 api_display_tool_title($nameTools);

-api_protect_course_script();


 /*
--- a/main/course_home/course_home.php
+++ b/main/course_home/course_home.php
@ -1,4 +1,4 @@
-<?php // $Id: course_home.php 11855 2007-04-03 15:00:22Z pcool $
+<?php // $Id: course_home.php 12218 2007-05-01 18:27:14Z yannoo $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@ -143,13 +143,6 @@ $_course['official_code'] = $course_code;

 api_session_unregister('toolgroup');

-/*
-----------------------------------------------------------
-	Header
-----------------------------------------------------------
-*/
-Display::display_header($course_title, "Home");
-
 /*
 -----------------------------------------------------------
 	Is the user allowed here?
@ -157,8 +150,16 @@ Display::display_header($course_title, "Home");
 */
 if($is_allowed_in_course == false) 
 {
-	api_not_allowed();
+	api_not_allowed(true);
 }
+/*
+-----------------------------------------------------------
+	Header
+-----------------------------------------------------------
+*/
+Display::display_header($course_title, "Home");
+
+


 /*
--- a/main/document/create_document.php
+++ b/main/document/create_document.php
@ -1,5 +1,5 @@
 <?php
-// $Id: create_document.php 11663 2007-03-22 14:48:23Z elixir_inter $
+// $Id: create_document.php 12218 2007-05-01 18:27:14Z yannoo $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@ -203,18 +203,18 @@ if (isset ($_SESSION['_gid']) && $_SESSION['_gid'] != '')
 	$path = explode('/', $dir);
 	if ('/'.$path[1] != $group['directory'])
 	{
-		api_not_allowed();
+		api_not_allowed(true);
 	}
 }
 $interbreadcrumb[] = array ("url" => "./document.php?curdirpath=".urlencode($_GET['dir']).$req_gid, "name" => get_lang('Documents'));

 if (!$is_allowed_in_course)
-	api_not_allowed();
+	api_not_allowed(true);

 $is_allowedToEdit = api_is_allowed_to_edit();
 if (!($is_allowedToEdit || $_SESSION['group_member_with_upload_rights']))
 {
-	api_not_allowed();
+	api_not_allowed(true);
 }
 /*
 -----------------------------------------------------------
--- a/main/document/download.php
+++ b/main/document/download.php
@ -1,4 +1,4 @@
-<?php // $Id: download.php 9246 2006-09-25 13:24:53Z bmol $
+<?php // $Id: download.php 12218 2007-05-01 18:27:14Z yannoo $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@ -74,7 +74,7 @@ include(api_get_path(LIBRARY_PATH).'events.lib.inc.php');

 if (! isset($_course))
 {
-	api_not_allowed();
+	api_not_allowed(true);
 }


--- a/main/document/edit_document.php
+++ b/main/document/edit_document.php
@ -1,4 +1,4 @@
-<?php // $Id: edit_document.php 11790 2007-03-29 20:58:06Z pcool $
+<?php // $Id: edit_document.php 12218 2007-05-01 18:27:14Z yannoo $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@ -153,7 +153,7 @@ $is_allowedToEdit = is_allowed_to_edit() || $_SESSION['group_member_with_upload_

 if(!$is_allowedToEdit)
 {
-	api_not_allowed();
+	api_not_allowed(true);
 }

 event_access_tool(TOOL_DOCUMENT);
--- a/main/document/upload.php
+++ b/main/document/upload.php
@ -1,4 +1,4 @@
-<?php // $Id: upload.php 11790 2007-03-29 20:58:06Z pcool $
+<?php // $Id: upload.php 12218 2007-05-01 18:27:14Z yannoo $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@ -118,7 +118,7 @@ if(isset($_SESSION['_gid']) && $_SESSION['_gid']!='') //if the group id is set,
 	}
 	else
 	{
-		api_not_allowed();
+		api_not_allowed(true);
 	}
 }
 elseif($is_allowed_to_edit) //admin for "regular" upload, no group documents
@ -128,7 +128,7 @@ elseif($is_allowed_to_edit) //admin for "regular" upload, no group documents
 }
 else  //no course admin and no group member...
 {
-	api_not_allowed();
+	api_not_allowed(true);
 }

 //what's the current path?
--- a/main/dropbox/dropbox_init.inc.php
+++ b/main/dropbox/dropbox_init.inc.php
@ -286,6 +286,23 @@ if ($_POST['actions']=='download' and !$_POST['store_feedback'])
 	}
 }

+/*
+ * ========================================
+ *         AUTHORISATION SECTION
+ * ========================================
+ * Prevents access of all users that are not course members
+ */
+if(! $is_allowed_in_course || ! $is_courseMember)
+{
+	if ($origin != 'learnpath')
+	{
+		api_not_allowed(true);//print headers/footers
+	}else{
+		api_not_allowed();
+	}
+	exit();
+}
+
 /*
 ==============================================================================
 		HEADER & TITLE
@ -305,21 +322,4 @@ else // if we come from the learning path we have to include the stylesheet and
 }

 api_display_tool_title();
-
-
-/*
- * ========================================
- *         AUTHORISATION SECTION
- * ========================================
- * Prevents access of all users that are not course members
- */
-if(! $is_allowed_in_course || ! $is_courseMember)
-{
-	api_not_allowed();
-	if ($origin != 'learnpath')
-	{
-		Display::display_footer();
-	}
-	exit();
-}
 ?>
--- a/main/user/user.php
+++ b/main/user/user.php
@ -248,6 +248,10 @@ function show_users_in_virtual_courses()
 	}
 }

+if(!$is_allowed_in_course){
+	api_not_allowed(true);
+}
+
 /*
 -----------------------------------------------------------
 	Header
@ -285,9 +289,6 @@ if( isset($message))
 		MAIN CODE
 ==============================================================================
 */
-if(!$is_allowed_in_course){
-	api_not_allowed();
-}

 //statistics
 event_access_tool(TOOL_USER);