clean the links and require authorization before showing admin pages

core/controllers/admin.php

@@ -19,6 +19,9 @@
  */
 class Admin_Controller extends Controller {
   public function dashboard() {
+    if (!(user::active()->admin)) {
+      throw new Exception("Unauthorized", 401);      
+    }
     // giving default is probably overkill
     $theme_name = module::get_var("core", "active_admin_theme", "default_admin");
     // For now, in order not to duplicate js and css, keep the regular ("item")

themes/default_admin/views/dashboard.html.php

@@ -65,8 +65,8 @@
       <div id="hd">
         <div id="gHeader">
           <ul id="gLoginMenu">
-            <li><a href="/index.php/album/1">View the Gallery</a></li>
-            <li id="gLoginLink"><a href="/index.php/logout">Logout</a></li>
+            <li><?= html::anchor("albums/1", "Browse Gallery") ?></li>
+            <li id="gLogoutLink"><a href="<?= url::site("logout?continue=albums/1") ?>">Logout</a></li>
           </ul>
           <img src="<?= $item_theme->url("images/logo.png") ?>" id="gLogo" alt="Gallery 3: Your Photos on Your Web Site" />
           <ul id="gSiteAdminMenu" class="sf-menu sf-navbar">