/** * checks that the session varialbe is set and correct * @return void */ function checkAuthorisation($sessionVar) { if (isset($_SESSION[$sessionVar])) { $session_id = stopdirectaccess::makeSessionId(); $error = $_SESSION[$sessionVar] != $session_id; } else { $error = true; } if ($error) { exit("You cant access this page directly"); } }
<?php /* $Id: attributemanagerplaceholder.inc.php,v 1.1.1.1 2006/12/22 13:37:21 gswkaiser Exp $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Released under the GNU General Public License Web Development http://www.kangaroopartners.com */ require_once 'attributemanager/includes/attributemanagerconfig.inc.php'; require_once 'attributemanager/classes/stopdirectaccess.class.php'; stopdirectaccess::authorise(AM_SESSION_VALID_INCLUDE); ?> <div id="attributemanager"></div>
// config require_once $attributemanager_includes_attributemanager . 'config.inc.php'; // misc functions require_once $attributemanager_includes_attributemanager . 'functions.inc.php'; // parent class require_once $attributemanager_classes_dir_attributemanager . $class_php; // db wrapper require_once $attributemanager_classes_dir . 'db' . $class_php; // instant class require_once $attributemanager_classes_dir_attributemanager . 'instant' . $class_php; // atomic class require_once $attributemanager_classes_dir_attributemanager . 'atomic' . $class_php; // security class require_once $attributemanager_classes_dir . 'stopdirectaccess' . $class_php; // check that the file is allowed to be accessed stopdirectaccess::checkAuthorisation(AM_SESSION_VALID_INCLUDE); // construct the attributemanager classess and/or session variable if (!is_numeric($_GET['products_id']) || AM_ATOMIC_PRODUCT_UPDATES) { // first time visiting the page - delete the session var and start again if ('new_product' == $_GET['pageAction'] && !isset($_GET['amAction'])) { if (olc_session_is_registered(AM_SESSION_VAR_NAME)) { olc_session_unregister(AM_SESSION_VAR_NAME); unset(${AM_SESSION_VAR_NAME}); } } // register the session if its not registered if (!olc_session_is_registered(AM_SESSION_VAR_NAME)) { // declare the var (not nessessary) ${AM_SESSION_VAR_NAME} = array(); // start a new session olc_session_register(AM_SESSION_VAR_NAME);