}
}
$action = "ping";
if (preg_match('/MSIE 7/', $_SERVER['HTTP_USER_AGENT']) || preg_match('/MSIE 8/', $_SERVER['HTTP_USER_AGENT'])) {
$action = "get_boot_gui";
} else {
$action = strpos($_SERVER["HTTP_ACCEPT"], "text/html") !== false ? "get_boot_gui" : "ping";
}
if (isset($_GET["action"]) || isset($_GET["get_action"])) {
$action = isset($_GET["get_action"]) ? $_GET["get_action"] : $_GET["action"];
} else {
if (isset($_POST["action"]) || isset($_POST["get_action"])) {
$action = isset($_POST["get_action"]) ? $_POST["get_action"] : $_POST["action"];
}
}
$pluginsUnSecureActions = ConfService::getDeclaredUnsecureActions();
$unSecureActions = array_merge($pluginsUnSecureActions, array("get_secure_token"));
if (!in_array($action, $unSecureActions) && AuthService::getSecureToken()) {
$token = "";
if (isset($_GET["secure_token"])) {
$token = $_GET["secure_token"];
} else {
if (isset($_POST["secure_token"])) {
$token = $_POST["secure_token"];
}
}
if ($token == "" || !AuthService::checkSecureToken($token)) {
throw new Exception("You are not allowed to access this resource.");
}
}
if (AuthService::usersEnabled()) {