From 8b81731846f4778fc176d04259eb6dbb30daa3d5 Mon Sep 17 00:00:00 2001
From: Felix Rabinovich <virshu@users.sourceforge.net>
Date: Sun, 14 Dec 2008 04:39:22 +0000
Subject: clean the links and require authorization before showing admin pages

---
 core/controllers/admin.php                    | 3 +++
 themes/default_admin/views/dashboard.html.php | 4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/core/controllers/admin.php b/core/controllers/admin.php
index 5fadd885..4824ce93 100644
--- a/core/controllers/admin.php
+++ b/core/controllers/admin.php
@@ -19,6 +19,9 @@
  */
 class Admin_Controller extends Controller {
   public function dashboard() {
+    if (!(user::active()->admin)) {
+      throw new Exception("Unauthorized", 401);      
+    }
     // giving default is probably overkill
     $theme_name = module::get_var("core", "active_admin_theme", "default_admin");
     // For now, in order not to duplicate js and css, keep the regular ("item")
diff --git a/themes/default_admin/views/dashboard.html.php b/themes/default_admin/views/dashboard.html.php
index fa831a48..b6da7f6b 100644
--- a/themes/default_admin/views/dashboard.html.php
+++ b/themes/default_admin/views/dashboard.html.php
@@ -65,8 +65,8 @@
       <div id="hd">
         <div id="gHeader">
           <ul id="gLoginMenu">
-            <li><a href="/index.php/album/1">View the Gallery</a></li>
-            <li id="gLoginLink"><a href="/index.php/logout">Logout</a></li>
+            <li><?= html::anchor("albums/1", "Browse Gallery") ?></li>
+            <li id="gLogoutLink"><a href="<?= url::site("logout?continue=albums/1") ?>">Logout</a></li>
           </ul>
           <img src="<?= $item_theme->url("images/logo.png") ?>" id="gLogo" alt="Gallery 3: Your Photos on Your Web Site" />
           <ul id="gSiteAdminMenu" class="sf-menu sf-navbar">
-- 
cgit v1.2.3