Welcome to Geeklog, Anonymous Thursday, March 28 2024 @ 05:06 pm EDT

Geeklog Forums

Small hack of Static Pages 1.2


Status: offline

jhk

Forum User
Chatty
Registered: 07/13/02
Posts: 57

Sometimes it is nice to allow specific users to edit certain static pages to do simple updates without allowing them full access to all sorts of things they should not mess with. This hack takes care of the problem.

Tony's original Static Pages Plugin is an excellent addition to any site, however I missed a small bit of extra functionality, so I have edited the two index.php files which are part of the Static Pages 1.2 plugin. My changes allow members of the designated Group to edit the page if the Edit checkbox has been checked. This works even if they are not members of the special staticpages.edit subgroup. Thus there are two distinct ways of getting to the Static Pages editor: Being a member of the staticpages.edit group and being a member of the "owning" group.

The editing form has reduced functionality for the group members: They are unable to alter ownership/group and access rights. In other words, they can change the contents and that's it. Also, when they are done editing, they are taken back to the static page and not to the Static Pages Admin list.

You can grab the tarball here. The locations of the files on your own site should be obvious from the directory structure in the tarball.
All the usual caveats apply!

 Quote

Anonymous

Anonymous
Why is this wibsite called geeklog it is weard.....................
 Quote

Status: offline

jhk

Forum User
Chatty
Registered: 07/13/02
Posts: 57
In what way?
 Quote

bedek

Anonymous
Somethin is wrong. I've got 3 users - each belongs to his group, and i've got 3 static pages and each of this static pages belons to one of groups. Whe i add your new index.php files in place of old all seems to work - when i login as user i was able to see "Edit" below the contents of page that belongs to his group and there was no "Edit" below the page that don't belong to his group - so everything looks good. But whet i click on "Edit" i got message "All access to administrative portions of this web site are logged and reviewed. This page is for the use of authorized personnel only." and i couldn't edit my page. None of groups have staticpages.edit rights. Where is the problem ?
 Quote

bedek

Anonymous
I've found that the problem is in auth.inc.php near line ~71 where is "else if (!SEC_hasRights('story.edit,block.edit,topic.edit,li..." i don't understand - maybe you figure out whet is wrong.
 Quote

Status: offline

jhk

Forum User
Chatty
Registered: 07/13/02
Posts: 57
Thanks for testing. I had all of my special editors in an Admin group, which was why it worked for me. auth.inc.php is needed for access to special admin sections of Geeklog. As far as I can tell, the other checks in the modified /admin/plugins/staticpages/index.php should catch other attempts at illegal access but I don't know what might happen if somebody edits his cookie to change his user-id. Rather than getting rid of the auth.inc.php check I would add the user to a "harmless" admin group such as "Link Admin". /Jens
 Quote

All times are EDT. The time is now 05:06 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content