Fixed error messages shown when admin tool called while not logged in.

WBCE · Jul 27, 2017 · da9d2ff · da9d2ff
1 parent e55191d
commit da9d2ff
Showing 1 changed file with 15 additions and 6 deletions.
diff --git a/wbce/admin/admintools/tool.php b/wbce/admin/admintools/tool.php
@@ -30,12 +30,21 @@
 // test for valid tool name
 if(!preg_match('/^[a-z][a-z_\-0-9]{2,}$/i', $toolDir)) $toolCheck=false;
 
-// Check if tool is installed
-$sql = 'SELECT `name` FROM `'.TABLE_PREFIX.'addons` '.
-       'WHERE `type`=\'module\' AND `function` LIKE \'%tool%\' '.
-       'AND `directory`=\''.$database->escapeString($toolDir).'\' '.
-       'AND `directory` NOT IN(\''.(implode("','",$_SESSION['MODULE_PERMISSIONS'])).'\') ';
-if(!($toolName = $database->get_one($sql)))  $toolCheck=false;
+// Check is user is logged in 
+//if ($wb->is_authenticated() !== true) $toolCheck=false; 
+
+// User has absolutely no permissions , possibly even not logged in :-)?
+if (empty($_SESSION['MODULE_PERMISSIONS'])) $toolCheck=false; 
+
+// Check if tool is installed but only if user is loged in 
+
+if ($toolCheck === true) {
+    $sql = 'SELECT `name` FROM `'.TABLE_PREFIX.'addons` '.
+        'WHERE `type`=\'module\' AND `function` LIKE \'%tool%\' '.
+        'AND `directory`=\''.$database->escapeString($toolDir).'\' '.
+        'AND `directory` NOT IN(\''.(implode("','",$_SESSION['MODULE_PERMISSIONS'])).'\') ';
+    if(!($toolName = $database->get_one($sql)))  $toolCheck=false;
+}
 
 // back button triggered, so go back.
 if (isset ($_POST['admin_tools'])) {$toolCheck=false;}