Website Comments plugin example code

Hi Rez,

Thanks for bringing this to our attention. This is an issue related to recent changes we made to the website membership plugin that allow users to log into the back end and front end of the site at the same time. I've found a solution to this issue, if you navigate to cmsAdmin/plugins/websiteComments/exampleCode/, then open single_page.php, record_list.php and record_detail.php. You'll see this line in all three files:

  // security check - remove this from live pages
  if (!@$CURRENT_USER['isAdmin']) { die("To see this demo page you must be logged in as an Admin user!"); }

If you replace each line with this:

  // security check - remove this from live pages
  $CMS_USER = getCurrentUserFromCMS();
  if (!@$CMS_USER['isAdmin']) { die("To see this demo page you must be logged in as an Admin user!"); }

The old code was checking if the the user was logged in to the front end of the site, and front end users are very unlikely to have admin access, this code checks for a CMS admin user instead.

We'll be pushing this change into the plugin soon.

Thanks again,

Greg

Greg Thomas







PHP Programmer - interactivetools.com