function restrictAccess($minPrivilegeLevel) { global $USER_LOGIN_REQUIRED; if ($minPrivilegeLevel == 'u' && !$USER_LOGIN_REQUIRED) { $minPrivilegeLevel = 'x'; } if (!userAccess($minPrivilegeLevel)) { forceLogin(); } }
function templateify() { global $CANCEL_TEMPLATEIFY; //In case, for example, you want to send an attachment. if (@$CANCEL_TEMPLATEIFY) { return; } global $pagesTitles, $hiddenPagesTitles, $adminPagesTitles; $pagename = basename($_SERVER['REQUEST_URI'], '.php'); //--TODO-- needs to be full relative paths - e.g. "classes/about.php" gets About. //likewise, links in navbar must be absolute or relative to ROOT_PATH if (!val('f', $pagename)) { $pagename = '404'; } //Make this consistent with the _actual_ 404s with htaccess ("foafi/dshiafos.php") if ($pagename == '' || $pagename == 'doeqs_new') { $pagename = 'index'; } //--todo-- hax if (array_key_exists($pagename, $pagesTitles)) { $title = $pagesTitles[$pagename]; $content = ob_get_clean(); } elseif (array_key_exists($pagename, $hiddenPagesTitles)) { $title = $hiddenPagesTitles[$pagename]; $content = ob_get_clean(); } elseif (array_key_exists($pagename, $adminPagesTitles) && userAccess('a')) { $title = $adminPagesTitles[$pagename] . ' <i>[Admin-Only Page]</i>'; $content = ob_get_clean(); } else { $title = 'Error 404 Not Found'; $content = get404(); ob_clean(); } $content = fetch_alerts_html() . $content; $nav = '['; foreach ($pagesTitles as $p => $t) { $nav .= " · <a href='" . ROOT_PATH . "{$p}.php'>{$t}</a>"; } if (userAccess('a')) { $nav .= ' — '; foreach ($adminPagesTitles as $p => $t) { $nav .= "<a href='" . ROOT_PATH . "{$p}.php'>{$t}</a>"; } } $nav .= ' · ]'; if (userAccess('u')) { $nav .= ' <form action="login.php" method="POST" style="display:inline-block;"><input type="hidden" name="ver" value="<?=csrfCode();?>"/><input type="submit" name="logout" value="Log Out" /></form>'; } //tried OB to get file contents which died for some reason... $template = file_get_contents(__DIR__ . '/html_template.html'); //--todo-- don't access files outside of protected object global $VERSION_NUMBER, $TIME_START; echo str_replace(array('%title%', '%content%', '%nav%', '%version%', '%loadtime%', '%root%'), array($title, $content, $nav, $VERSION_NUMBER, substr(1000 * (microtime(true) - $TIME_START), 0, 6), ROOT_PATH), $template); ob_flush(); flush(); }
//What happens when no access to the captcha server? if (!chkCaptcha()) { alert('Invalid reCAPTCHA entry; try again.', -1); } else { $err = newProfileError($_POST['s_email'], $_POST['s_pass'], $_POST['s_confpass']); if ($err === false) { alert('Successfully signed up; you can now log in.', 1); $signup_success = true; reset_attempts('login'); } else { alert(htmlentities($err), -1); } } } } if (userAccess('u')) { echo "Currently logged in as <b>{$_SESSION['email']}</b>."; } else { ?> <table id="loginformtable"><tr> <td> <?php echo generateForm(array('action' => 'login.php', 'method' => 'POST', 'autocomplete' => 'off'), array('<h2>Sign Up</h2>', array('prompt' => 'Email:', 'name' => 's_email', 'value' => isset($signup_success) ? '' : POST('s_email'), 'autofocus' => 'autofocus'), array('prompt' => 'Password:'******'name' => 's_pass', 'type' => 'password'), array('prompt' => 'Again:', 'name' => 's_confpass', 'type' => 'password'), 'Captcha:<br>' . getCaptcha(), array('name' => 'signup', 'type' => 'submit', 'value' => 'Sign Up'))); ?> Register to gain access to all features of the site! To be added soon: question tracking, subjects, common words, etc. </td> <td> <?php echo generateForm(array('action' => 'login.php', 'method' => 'POST'), array('<h2>Log In</h2>', array('prompt' => 'Email:', 'name' => 'email', 'value' => isset($signup_success) ? POST('s_email') : POST('email'), 'autofocus' => 'autofocus'), array('prompt' => 'Password:'******'name' => 'pass', 'type' => 'password'), '', array('name' => 'login', 'type' => 'submit', 'value' => 'Log In'))); ?>
* Select the status of an user */ function userAccess($bdd) { if (!isset($_SESSION)) { session_start(); } if (isset($_SESSION['login'])) { $sql = 'SELECT status FROM users WHERE login= ?'; $sth = $bdd->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY)); $sth->execute(array($_SESSION['login'])); $data = $sth->fetchAll(); return $data[0][0]; } } $status = userAccess($bdd); switch ($_POST['function']) { /* * Change Repository in listRepo */ case 'checkout': $repo = $_POST['repo']; $type = $_POST['type']; if ($repo == 'incoming') { $incoming->displayCategory($type); } else { $master->displayCategory($type); } break; /* * Display the file of a category