Beispiel #1
0
    }
}
$action = "ping";
if (preg_match('/MSIE 7/', $_SERVER['HTTP_USER_AGENT']) || preg_match('/MSIE 8/', $_SERVER['HTTP_USER_AGENT'])) {
    $action = "get_boot_gui";
} else {
    $action = strpos($_SERVER["HTTP_ACCEPT"], "text/html") !== false ? "get_boot_gui" : "ping";
}
if (isset($_GET["action"]) || isset($_GET["get_action"])) {
    $action = isset($_GET["get_action"]) ? $_GET["get_action"] : $_GET["action"];
} else {
    if (isset($_POST["action"]) || isset($_POST["get_action"])) {
        $action = isset($_POST["get_action"]) ? $_POST["get_action"] : $_POST["action"];
    }
}
$pluginsUnSecureActions = ConfService::getDeclaredUnsecureActions();
$unSecureActions = array_merge($pluginsUnSecureActions, array("get_secure_token"));
if (!in_array($action, $unSecureActions) && AuthService::getSecureToken()) {
    $token = "";
    if (isset($_GET["secure_token"])) {
        $token = $_GET["secure_token"];
    } else {
        if (isset($_POST["secure_token"])) {
            $token = $_POST["secure_token"];
        }
    }
    if ($token == "" || !AuthService::checkSecureToken($token)) {
        throw new Exception("You are not allowed to access this resource.");
    }
}
if (AuthService::usersEnabled()) {