If user is not, then he will be redirected to login page and the application is hard-stopped via exit().
| public static checkAuthentication ( ) |
/**
* Construct this object by extending the basic Controller class.
*/
public function __construct()
{
parent::__construct();
// VERY IMPORTANT: All controllers/areas that should only be usable by logged-in users
// need this line! Otherwise not-logged in users could do actions.
Auth::checkAuthentication();
}
/**
* Construct this object by extending the basic Controller class
*/
public function __construct()
{
parent::__construct();
// VERY IMPORTANT: All controllers/areas that should only be usable by logged-in users
// need this line! Otherwise not-logged in users could do actions. If all of your pages should only
// be usable by logged-in users: Put this line into libs/Controller->__construct
Auth::checkAuthentication();
}
public static function updateConference(int $confId) : bool
{
Auth::checkAuthentication();
$conferenceTitle = Request::post("conference_title", true);
$conferenceVenueName = Request::post("conference_venue", true);
if (!self::validateConference($conferenceTitle, $conferenceVenueName)) {
return false;
}
$venue = VenueModel::getVenueByName($conferenceVenueName);
return self::updateConferenceInDb($confId, $conferenceTitle, (int) $venue->venue_id, (int) Session::get('user_id'));
}
public static function createLecture(int $confId) : bool
{
Auth::checkAuthentication();
$startTime = Request::post('datetime_start', true);
$endTime = Request::post('datetime_end', true);
$lectureTitle = Request::post('lecture_title', true);
if (!self::validateLecture($lectureTitle, $startTime, $endTime)) {
return false;
}
$must_visit = 0;
if (Request::post('must_visit')) {
$must_visit = 1;
}
$startTimestamp = strtotime($startTime, time());
$endTimestamp = strtotime($endTime, time());
return self::createLectureInDb($confId, $lectureTitle, $startTimestamp, $endTimestamp, $must_visit);
}
/**
* Password Change Page
* Show the password form if user is logged in, otherwise redirect to login page
*/
public function changePassword()
{
Auth::checkAuthentication();
$this->View->render('login/changePassword');
}
/**
* Construct this object by extending the basic Controller class
*/
public function __construct()
{
parent::__construct();
Auth::checkAuthentication();
}
// | it under the terms of the GNU General Public License as published by |
// | the Free Software Foundation; either version 2 of the License, or |
// | (at your option) any later version. |
// | |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to: |
// | |
// | Free Software Foundation, Inc. |
// | 51 Franklin Street, Suite 330 |
// | Boston, MA 02110-1301, USA. |
// +----------------------------------------------------------------------+
// | Authors: João Prado Maia <*****@*****.**> |
// +----------------------------------------------------------------------+
require_once dirname(__FILE__) . '/../init.php';
$tpl = new Template_Helper();
$tpl->setTemplate('removed_emails.tpl.html');
Auth::checkAuthentication(APP_COOKIE, null, true);
if (@$_POST['cat'] == 'restore') {
$res = Support::restoreEmails();
$tpl->assign('result_msg', $res);
} elseif (@$_POST['cat'] == 'remove') {
$res = Support::expungeEmails($_POST['item']);
$tpl->assign('result_msg', $res);
}
$tpl->assign('list', Support::getRemovedList());
$tpl->displayTemplate();
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to: |
// | |
// | Free Software Foundation, Inc. |
// | 59 Temple Place - Suite 330 |
// | Boston, MA 02111-1307, USA. |
// +----------------------------------------------------------------------+
// | Authors: João Prado Maia <*****@*****.**> |
// +----------------------------------------------------------------------+
//
// @(#) $Id: s.removed_emails.php 1.2 03/01/21 04:06:59-00:00 jpm $
//
include_once "config.inc.php";
include_once APP_INC_PATH . "class.template.php";
include_once APP_INC_PATH . "class.auth.php";
include_once APP_INC_PATH . "class.support.php";
include_once APP_INC_PATH . "db_access.php";
$tpl = new Template_API();
$tpl->setTemplate("removed_emails.tpl.html");
Auth::checkAuthentication(APP_COOKIE, NULL, true);
if (@$HTTP_POST_VARS["cat"] == "restore") {
$res = Support::restoreEmails();
$tpl->assign("result_msg", $res);
} elseif (@$HTTP_POST_VARS["cat"] == "remove") {
$res = Support::expungeEmails($HTTP_POST_VARS["item"]);
$tpl->assign("result_msg", $res);
}
$tpl->assign("list", Support::getRemovedList());
$tpl->displayTemplate();
<?php
/*
* This file is part of the Eventum (Issue Tracking System) package.
*
* @copyright (c) Eventum Team
* @license GNU General Public License, version 2 or later (GPL-2+)
*
* For the full copyright and license information,
* please see the COPYING and AUTHORS files
* that were distributed with this source code.
*/
require_once __DIR__ . '/../../init.php';
$tpl = new Template_Helper();
$tpl->setTemplate('manage/email_alias.tpl.html');
Auth::checkAuthentication(null, true);
$role_id = Auth::getCurrentRole();
if ($role_id < User::ROLE_MANAGER) {
$tpl->setTemplate('permission_denied.tpl.html');
$tpl->displayTemplate();
exit;
}
$usr_id = $_REQUEST['id'];
if (@$_POST['cat'] == 'save') {
$res = User::addAlias($usr_id, trim($_POST['alias']));
Misc::mapMessages($res, array(true => array(ev_gettext('Thank you, the alias was added successfully.'), Misc::MSG_INFO), false => array(ev_gettext('An error occurred while trying to add the alias.'), Misc::MSG_ERROR)));
} elseif (@$_POST['cat'] == 'remove') {
foreach ($_POST['item'] as $aliastmp) {
$res = User::removeAlias($usr_id, $aliastmp);
}
Misc::mapMessages($res, array(true => array(ev_gettext('Thank you, the alias was removed successfully.'), Misc::MSG_INFO), false => array(ev_gettext('An error occurred while trying to remove the alias.'), Misc::MSG_ERROR)));
<?php
/*
* This file is part of the Eventum (Issue Tracking System) package.
*
* @copyright (c) Eventum Team
* @license GNU General Public License, version 2 or later (GPL-2+)
*
* For the full copyright and license information,
* please see the COPYING and AUTHORS files
* that were distributed with this source code.
*/
require_once __DIR__ . '/../../init.php';
Auth::checkAuthentication();
if (!empty($_REQUEST['iss_id'])) {
$fields = Custom_Field::getListByIssue(Auth::getCurrentProject(), $_REQUEST['iss_id']);
} else {
$fields = Custom_Field::getListByProject(Auth::getCurrentProject(), $_REQUEST['form_type']);
}
$data = array();
foreach ($fields as $field) {
$backend = Custom_Field::getBackend($field['fld_id']);
if (is_object($backend) && is_subclass_of($backend, 'Dynamic_Custom_Field_Backend')) {
$field['structured_data'] = $backend->getStructuredData();
$data[] = $field;
}
}
header('Content-Type: text/javascript; charset=UTF-8');
$tpl = new Template_Helper();
$tpl->setTemplate('js/dynamic_custom_field.tpl.js');
$tpl->assign('fields', $data);
public function editUserZip_action()
{
Auth::checkAuthentication();
EditModel::editUserZip(Request::post('user_zip'));
Redirect::to('user/index');
}
/**
* Show user profile
* Auth::checkAuthentication() makes sure that only logged in users can use this action and see this page
*/
public function showProfile()
{
Auth::checkAuthentication();
$this->view->render('login/showProfile', array('user_name' => Session::get('user_name'), 'user_email' => Session::get('user_email'), 'user_account_type' => Session::get('user_account_type')));
}
/**
* This method controls what happens when you move to /dashboard/create in your app.
* Creates a new Short. This is usually the target of form submit actions.
* POST request.
*/
public function create()
{
Auth::checkAuthentication();
ShortModel::createShort(Request::post('url'));
Redirect::to('short/index');
}
/**
* Perform the account-type changing
* Auth::checkAuthentication() makes sure that only logged in users can use this action
* POST-request
*/
public function changeUserRole_action()
{
Auth::checkAuthentication();
if (Request::post('user_account_upgrade')) {
// "2" is quick & dirty account type 2, something like "premium user" maybe. you got the idea :)
UserRoleModel::changeUserRole(2);
}
if (Request::post('user_account_downgrade')) {
// "1" is quick & dirty account type 1, something like "basic user" maybe.
UserRoleModel::changeUserRole(1);
}
Redirect::to('login/changeUserRole');
}
// | Boston, MA 02111-1307, USA. |
// +----------------------------------------------------------------------+
// | Authors: João Prado Maia <*****@*****.**> |
// +----------------------------------------------------------------------+
//
// @(#) $Id$
//
include_once "config.inc.php";
include_once APP_INC_PATH . "class.template.php";
include_once APP_INC_PATH . "class.auth.php";
include_once APP_INC_PATH . "class.user.php";
include_once APP_INC_PATH . "class.note.php";
include_once APP_INC_PATH . "db_access.php";
$tpl = new Template_API();
$tpl->setTemplate("post_note.tpl.html");
Auth::checkAuthentication(APP_COOKIE, 'index.php?err=5', true);
$prj_id = Auth::getCurrentProject();
$usr_id = Auth::getUserID();
@($issue_id = $HTTP_GET_VARS["issue_id"] ? $HTTP_GET_VARS["issue_id"] : $HTTP_POST_VARS["issue_id"]);
$details = Issue::getDetails($issue_id);
$tpl->assign("issue_id", $issue_id);
$tpl->assign("issue", $details);
if (!Issue::canAccess($issue_id, $usr_id)) {
$tpl->setTemplate("permission_denied.tpl.html");
$tpl->displayTemplate();
exit;
}
if (@$HTTP_POST_VARS["cat"] == "post_note") {
// change status
if (!@empty($HTTP_POST_VARS['new_status'])) {
$res = Issue::setStatus($issue_id, $HTTP_POST_VARS['new_status']);
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to: |
// | |
// | Free Software Foundation, Inc. |
// | 59 Temple Place - Suite 330 |
// | Boston, MA 02111-1307, USA. |
// +----------------------------------------------------------------------+
// | Authors: João Prado Maia <*****@*****.**> |
// +----------------------------------------------------------------------+
//
// @(#) $Id: s.csv.php 1.4 03/01/16 01:47:31-00:00 jpm $
//
include_once "config.inc.php";
include_once APP_INC_PATH . "class.auth.php";
include_once APP_INC_PATH . "db_access.php";
Auth::checkAuthentication(APP_COOKIE);
$csv = base64_decode($HTTP_POST_VARS["csv_data"]);
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
// Date in the past
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
// always modified
header("Pragma: no-cache");
header("Content-Type: application/vnd.ms-excel");
header("Content-Disposition: attachment; filename=" . uniqid('') . '.xls');
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0,pre-check=0");
header("Content-Type: application/vnd.ms-excel");
header("Content-Disposition: \"inline\"");
header("Content-Length: " . strlen($csv));
echo $csv;
/**
* Delete the current user's avatar
* Auth::checkAuthentication() makes sure that only logged in users can use this action and see this page
*/
public function deleteAvatar_action()
{
Auth::checkAuthentication();
AvatarModel::deleteAvatar(Session::get("user_id"));
Redirect::to('login/editAvatar');
}
/**
* Construct this object by extending the basic Controller class
*/
public function __construct()
{
parent::__construct();
// this entire controller should only be visible/usable by logged in users, so we put authentication-check here
Auth::checkAuthentication();
}
/**
* Construct this object by extending the basic Controller class
*/
public function __construct()
{
parent::__construct();
// special authentication check for the entire controller: Note the check-ADMIN-authentication!
Auth::checkAuthentication();
}
