[Weberp-svn] SF.net SVN: weberp:[5173] trunk

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 5173
          http://weberp.svn.sourceforge.net/weberp/?rev=5173&view=rev
Author:   tim_schofield
Date:     2011-04-12 10:54:58 +0000 (Tue, 12 Apr 2011)

Log Message:
-----------
Change security level of main menu to 0 and improve the way that supplier logins are dealt with

Modified Paths:
--------------
    trunk/CustLoginSetup.php
    trunk/SuppLoginSetup.php
    trunk/includes/session.inc

Added Paths:
-----------
    trunk/sql/mysql/updates/80.php

Modified: trunk/CustLoginSetup.php
===================================================================

--- trunk/CustLoginSetup.php	2011-04-11 16:32:38 UTC (rev 5172)
+++ trunk/CustLoginSetup.php	2011-04-12 10:54:58 UTC (rev 5173)
@@ -43,32 +43,14 @@
 //- Only one entry in securitygroups AND the tokenid of this entry == 1
 
 //First get all available security role ID's'
-$query_roles = "SELECT secroleid FROM securityroles";
-$result_roles = DB_query($query_roles, $db);
-
-//Check for every security role if they have only one entry in securitygroups, if so check if the tokenid == 1, then store in selection box
-//Then they can be put in the $SecurityRoles array for the selection box;
-$SecurityRoles = array();
-while ($myroles = DB_fetch_array($result_roles)){
-
-	$sqltoken = "SELECT tokenid FROM securitygroups WHERE secroleid = '" . $myroles['secroleid'] ."'";
-	$result = DB_query($sqltoken,$db);
-	$Number_roles = DB_num_rows($result);
-	$myrow=DB_fetch_array($result);
-
-	if ($Number_roles == 1 && $myrow['tokenid']==1 ) {
-
-		$sql = "SELECT secroleid, secrolename FROM securityroles WHERE secroleid = '" . $myroles['secroleid'] ."'";
-		$Sec_Result = DB_query($sql, $db);
-		// Now load it into an aray using Key/Value pairs
-		while( $Sec_row = DB_fetch_row($Sec_Result) ) {
-		$SecurityRoles[$Sec_row[0]] = $Sec_row[1];
-		}
-		DB_free_result($Sec_Result);
-
-	}
-
+//First get all available security role ID's'
+$sql = "SELECT secroleid, secrolename FROM securityroles WHERE secrolename = 'Customer Log On Only'";
+$Sec_Result = DB_query($sql, $db);
+// Now load it into an aray using Key/Value pairs
+while( $Sec_row = DB_fetch_row($Sec_Result) ) {
+	$SecurityRoles[$Sec_row[0]] = $Sec_row[1];
 }
+DB_free_result($Sec_Result);
 
 if (isset($_GET['SelectedUser'])){
 	$SelectedUser = $_GET['SelectedUser'];

Modified: trunk/SuppLoginSetup.php
===================================================================
--- trunk/SuppLoginSetup.php	2011-04-11 16:32:38 UTC (rev 5172)
+++ trunk/SuppLoginSetup.php	2011-04-12 10:54:58 UTC (rev 5173)
@@ -32,32 +32,13 @@
 //- Only one entry in securitygroups AND the tokenid of this entry == 1
 
 //First get all available security role ID's'
-$query_roles = "SELECT secroleid FROM securityroles";
-$result_roles = DB_query($query_roles, $db);
-
-//Check for every security role if they have only one entry in securitygroups, if so check if the tokenid == 1, then store in selection box
-//Then they can be put in the $SecurityRoles array for the selection box;
-$SecurityRoles = array();
-while ($myroles = DB_fetch_array($result_roles)){
-
-	$sqltoken = "SELECT tokenid FROM securitygroups WHERE secroleid = '" . $myroles['secroleid'] ."'";
-	$result = DB_query($sqltoken,$db);
-	$Number_roles = DB_num_rows($result);
-	$myrow=DB_fetch_array($result);
-
-	if ($Number_roles == 1 && $myrow['tokenid']==9 ) {
-
-		$sql = "SELECT secroleid, secrolename FROM securityroles WHERE secroleid = '" . $myroles['secroleid'] ."'";
-		$Sec_Result = DB_query($sql, $db);
-		// Now load it into an aray using Key/Value pairs
-		while( $Sec_row = DB_fetch_row($Sec_Result) ) {
-		$SecurityRoles[$Sec_row[0]] = $Sec_row[1];
-		}
-		DB_free_result($Sec_Result);
-
-	}
-
+$sql = "SELECT secroleid, secrolename FROM securityroles WHERE secrolename = 'Supplier Log On Only'";
+$Sec_Result = DB_query($sql, $db);
+// Now load it into an aray using Key/Value pairs
+while( $Sec_row = DB_fetch_row($Sec_Result) ) {
+	$SecurityRoles[$Sec_row[0]] = $Sec_row[1];
 }
+DB_free_result($Sec_Result);
 
 if (isset($_GET['SelectedUser'])){
 	$SelectedUser = $_GET['SelectedUser'];
@@ -284,7 +265,7 @@
 	echo '<div class="centre"><a href="' . $_SERVER['PHP_SELF'] .'">' . _('Review Existing Users') . '</a></div><br>';
 }
 
-echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '>';
+echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '">';
 echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
 
 if (isset($SelectedUser)) {

Modified: trunk/includes/session.inc
===================================================================
--- trunk/includes/session.inc	2011-04-11 16:32:38 UTC (rev 5172)
+++ trunk/includes/session.inc	2011-04-12 10:54:58 UTC (rev 5173)
@@ -13,7 +13,7 @@
 	header('Location:' . $rootpath . '/install/index.php');
 }
 include($PathPrefix . 'config.php');
-$DBVersion=79;
+$DBVersion=80;
 if (isset($SessionSavePath)){
 	session_save_path($SessionSavePath);
 }
@@ -264,15 +264,12 @@
 	exit;
 }
 
-/* Nasty kludge to allow Supplier only logins as well as Customer logins */
-if (count($_SESSION['AllowedPageSecurityTokens'])==1 and $_SESSION['AllowedPageSecurityTokens'][0]==9 and $PageSecurity==1){
-	$_SESSION['AllowedPageSecurityTokens'][0]=1;
+if (in_array(9,$_SESSION['AllowedPageSecurityTokens']) and $PageSecurity==0 and count($_SESSION['AllowedPageSecurityTokens'])==2){
 	$SupplierLogin=1;
 } else {
 	$SupplierLogin=0;
 }
 
-
 if (!isset($AllowAnyone)){
 	if ((!in_array($PageSecurity, $_SESSION['AllowedPageSecurityTokens']) OR !isset($PageSecurity))) {
 		$title = _('Security Permissions Problem');
@@ -292,10 +289,6 @@
 		exit;
 	}
  }
-/* Nasty kludge to allow Supplier only logins as well as Customer logins  - .... hmmmmm some work to do here then! */
-if ($SupplierLogin==1) {
-	$_SESSION['AllowedPageSecurityTokens'][0]=9;
-}
 
 
 if (in_array(15, $_SESSION['AllowedPageSecurityTokens'])) { /*System administrator login */

Added: trunk/sql/mysql/updates/80.php
===================================================================
--- trunk/sql/mysql/updates/80.php	                        (rev 0)
+++ trunk/sql/mysql/updates/80.php	2011-04-12 10:54:58 UTC (rev 5173)
@@ -0,0 +1,15 @@
+<?php
+
+InsertRecord('securitytokens',array('tokenid'),array('0'),array('tokenid, tokenname'), array('0', 'Main Index Page'), $db);
+
+$result=DB_query("SELECT * FROM securitygroups WHERE tokenid='0'", $db);
+
+if (DB_num_rows($result)==0) {
+	DB_query("INSERT INTO securitygroups (SELECT secroleid, '0' FROM securityroles)" , $db);
+}
+
+UpdateField('pagesecurity', 'security', 0, "script='Index.php'", $db);
+
+UpdateDBNo(80, $db);
+
+?>
\ No newline at end of file


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.


