[php-list] Problem needs fixing

Mon, 16 Oct 2006 18:22:42 -0700 

(As a quick side thing - This is DJ Fox. I`m just under a new e-mail
address due to ISP switching.)

I have a serious problem going on with my website. I don`t know what
happened that caused this to thappen nor do I know how to fix it.

I have a site that allows members to submit images to the website
which gets collected into a gallery on their profile. There`s an
option where if the person is logged in, they can edit or delete their
images. But the problem is, somehow, it got changed where anyone can
do this, whether they are logged in or not.

I need this fixed so that the links to edit/delete images are
available & usable only by the logged in person who submitted the
image & the site admins (level 7 & up).

Here is the current code:
//########################################IMAGES in
GALLERY####################################################
//Get each image in the users gallery
$offset = isset($_REQUIRE['offset'])?$_REQUIRE['offset']:0;

  if(!$offset || $offsett<0) $offset=0;
  $recent = 0;
while( $rows = mysql_fetch_row($res) ){
   if( $recent >= $offset && $recent < ($offset + 10 )){
    //Display each image in gallery
    echo "<tr><td><a href='imageview.php?id=$rows[0]&l=$log'><img
src=thumbnail.php?img=$rows[3] border=0></a>";
    echo "<br><b><a
href='imageview.php?id=$rows[0]&l=$log'>$rows[1]</a></b><br> $rows[5]";
   
    //If this is the current users gallery with proper level or an
admin allow edit
    if( $gall==$rows[2] && $rr == $rt && $user[2] > 1 || $lev > 7) {
       echo "<br><a href='imageedit.php?id=$rows[0]'>Edit image.</a>";
    }

    //If this is the current users gallery or an admin allow delete
    if( $rr == $rt || $lev > 7){
      echo "<br><a href='deleteimage.php?id=$rows[0]'>Delete
image.</a><br>";
    }
    
    echo "<tr><td><tr><td><tr><td><tr><td><tr><td>";
  }
  $recent = $recent + 1;
}
//########################################IMAGES in
GALLERY####################################################

How do I fix this exactly?




Community email addresses:
  Post message: php-list@yahoogroups.com
  Subscribe:    [EMAIL PROTECTED]
  Unsubscribe:  [EMAIL PROTECTED]
  List owner:   [EMAIL PROTECTED]

Shortcut URL to this page:
  http://groups.yahoo.com/group/php-list 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/php-list/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/php-list/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:[EMAIL PROTECTED] 
    mailto:[EMAIL PROTECTED]

<*> To unsubscribe from this group, send an email to:
    [EMAIL PROTECTED]

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

Reply via email to