Make sure properties work as admin

Do not check $_SESSION['toolkits_logon_username'] but $_SESSION['toolkits_logon_id']
thexerteproject · Jul 12, 2022 · ac1a138 · ac1a138
1 parent bb9ca16
commit ac1a138
Show file tree

Hide file tree

Showing 19 changed files with 19 additions and 25 deletions.
diff --git a/website_code/php/folderproperties/share_this_folder.php b/website_code/php/folderproperties/share_this_folder.php
@@ -29,7 +29,7 @@
 require_once("../../../config.php");
 _load_language_file("/website_code/php/folderproperties/share_this_folder.inc");
 
-if (!isset($_SESSION['toolkits_logon_username']))
+if (!isset($_SESSION['toolkits_logon_id']))
 {
     _debug("Session is invalid or expired");
     die("Session is invalid or expired");

diff --git a/website_code/php/folders/copy_to_new_folder.php b/website_code/php/folders/copy_to_new_folder.php
@@ -30,7 +30,7 @@
 require_once('../../../config.php');
 include '../folder_library.php';
 
-if (!isset($_SESSION['toolkits_logon_username']))
+if (!isset($_SESSION['toolkits_logon_id']))
 {
     _debug("Session is invalid or expired");
     die("Session is invalid or expired");

diff --git a/website_code/php/folders/delete_folder.php b/website_code/php/folders/delete_folder.php
@@ -30,7 +30,7 @@
 require_once('../../../config.php');
 include "../folder_library.php";
 
-if (!isset($_SESSION['toolkits_logon_username']))
+if (!isset($_SESSION['toolkits_logon_id']))
 {
     _debug("Session is invalid or expired");
     die("Session is invalid or expired");

diff --git a/website_code/php/folders/make_new_folder.php b/website_code/php/folders/make_new_folder.php
@@ -30,7 +30,7 @@
 require_once("../../../config.php");
 include '../folder_library.php';
 
-if (!isset($_SESSION['toolkits_logon_username']))
+if (!isset($_SESSION['toolkits_logon_id']))
 {
     _debug("Session is invalid or expired");
     die("Session is invalid or expired");

diff --git a/website_code/php/import/fileupload.php b/website_code/php/import/fileupload.php
@@ -51,7 +51,7 @@ function convertToBytes(string $from): ?int {
 }
 
 
-if (!isset($_SESSION['toolkits_logon_username']))
+if (!isset($_SESSION['toolkits_logon_id']))
 {
     _debug("Session is invalid or expired");
     die("Session is invalid or expired");

diff --git a/website_code/php/properties/delete_file_template.php b/website_code/php/properties/delete_file_template.php
@@ -31,7 +31,7 @@
 include "../error_library.php";
 include "../../../config.php";
 
-if (!isset($_SESSION['toolkits_logon_username']))
+if (!isset($_SESSION['toolkits_logon_id']))
 {
     _debug("Session is invalid or expired");
     die("Session is invalid or expired");

diff --git a/website_code/php/properties/gift_this_template.php b/website_code/php/properties/gift_this_template.php
@@ -88,7 +88,7 @@ function copy_loop($start_path, $final_path){
 include "../template_status.php";
 
 
-if (!isset($_SESSION['toolkits_logon_username']))
+if (!isset($_SESSION['toolkits_logon_id']))
 {
     _debug("Session is invalid or expired");
     die("Session is invalid or expired");

diff --git a/website_code/php/properties/lti_update.php b/website_code/php/properties/lti_update.php
@@ -7,7 +7,7 @@
 
 global $xerte_toolkits_site;
 
-if (!isset($_SESSION['toolkits_logon_username']))
+if (!isset($_SESSION['toolkits_logon_id']))
 {
     _debug("Session is invalid or expired");
     die("Session is invalid or expired");

diff --git a/website_code/php/properties/name_select_template.php b/website_code/php/properties/name_select_template.php
@@ -34,13 +34,13 @@
 _load_language_file("/website_code/php/properties/name_select_template.inc");
 $prefix = $xerte_toolkits_site->database_table_prefix;
 
-if (!isset($_SESSION['toolkits_logon_username']))
+if (!isset($_SESSION['toolkits_logon_id']))
 {
     _debug("Session is invalid or expired");
     die("Session is invalid or expired");
 }
 
-if(is_numeric($_POST['template_id'])||is_user_admin()){
+if(is_numeric($_POST['template_id'])){
     if(is_user_creator_or_coauthor($_POST['template_id'])||is_user_admin()){
         $search = $_POST['search_string'];
 

diff --git a/website_code/php/properties/notes_change_template.php b/website_code/php/properties/notes_change_template.php
@@ -32,7 +32,7 @@
 include "../user_library.php";
 
 include "properties_library.php";
-if (!isset($_SESSION['toolkits_logon_username']))
+if (!isset($_SESSION['toolkits_logon_id']))
 {
     _debug("Session is invalid or expired");
     die("Session is invalid or expired");

diff --git a/website_code/php/properties/peer_template.php b/website_code/php/properties/peer_template.php
@@ -37,7 +37,7 @@
 
 include "properties_library.php";
 
-if (!isset($_SESSION['toolkits_logon_username']))
+if (!isset($_SESSION['toolkits_logon_id']))
 {
     _debug("Session is invalid or expired");
     die("Session is invalid or expired");

diff --git a/website_code/php/properties/properties_default_engine.php b/website_code/php/properties/properties_default_engine.php
@@ -35,7 +35,7 @@
 include "../user_library.php";
 include "properties_library.php";
 
-if (!isset($_SESSION['toolkits_logon_username']))
+if (!isset($_SESSION['toolkits_logon_id']))
 {
     _debug("Session is invalid or expired");
     die("Session is invalid or expired");

diff --git a/website_code/php/properties/publish.php b/website_code/php/properties/publish.php
@@ -36,7 +36,7 @@
 include "../user_library.php";
 include "properties_library.php";
 
-if (!isset($_SESSION['toolkits_logon_username']))
+if (!isset($_SESSION['toolkits_logon_ide']))
 {
     _debug("Session is invalid or expired");
     die("Session is invalid or expired");

diff --git a/website_code/php/properties/remove_sharing_template.php b/website_code/php/properties/remove_sharing_template.php
@@ -31,7 +31,7 @@
 include "../template_status.php";
 include "../user_library.php";
 
-if (!isset($_SESSION['toolkits_logon_username']))
+if (!isset($_SESSION['toolkits_logon_id']))
 {
     _debug("Session is invalid or expired");
     die("Session is invalid or expired");

diff --git a/website_code/php/properties/rename_template.php b/website_code/php/properties/rename_template.php
@@ -35,7 +35,7 @@
 include "properties_library.php";
 include "../user_library.php";
 
-if (!isset($_SESSION['toolkits_logon_username']))
+if (!isset($_SESSION['toolkits_logon_id']))
 {
     _debug("Session is invalid or expired");
     die("Session is invalid or expired");

diff --git a/website_code/php/properties/set_sharing_rights_template.php b/website_code/php/properties/set_sharing_rights_template.php
@@ -32,7 +32,7 @@
 include "../user_library.php";
 
 $prefix = $xerte_toolkits_site->database_table_prefix;
-if(is_numeric($_POST['id'])&&is_numeric($_POST['template_id'])||is_user_admin()){
+if(is_numeric($_POST['id'])&&is_numeric($_POST['template_id'])){
 
     if(is_user_creator_or_coauthor($_POST['template_id'])||is_user_admin()) {
         $new_role = $_POST['role'];

diff --git a/website_code/php/properties/share_this_template.php b/website_code/php/properties/share_this_template.php
@@ -33,7 +33,7 @@
 
 
 $prefix = $xerte_toolkits_site->database_table_prefix;
-if(is_numeric($_POST['id'])&&is_numeric($_POST['template_id'])||is_user_admin()){
+if(is_numeric($_POST['id'])&&is_numeric($_POST['template_id'])){
 
     if(is_user_creator_or_coauthor($_POST['template_id'])||is_user_admin()) {
         $id = $_POST['id'];

diff --git a/website_code/php/templates/duplicate_folder.php b/website_code/php/templates/duplicate_folder.php
@@ -50,12 +50,6 @@
 
 $prefix = $xerte_toolkits_site->database_table_prefix;
 
-if (!isset($_SESSION['toolkits_logon_username']))
-{
-    _debug("Session is invalid or expired");
-    die("Session is invalid or expired");
-}
-
 if(is_numeric($_POST['folder_id'])){
     $folder_id = $_POST['folder_id'];
 

diff --git a/website_code/php/templates/general_templates.php b/website_code/php/templates/general_templates.php
@@ -31,7 +31,7 @@
 require_once("../../../config.php");
 include "../display_library.php";
 
-if (!isset($_SESSION['toolkits_logon_username']))
+if (!isset($_SESSION['toolkits_logon_id']))
 {
     _debug("Session is invalid or expired");
     die("Session is invalid or expired");