function restrict_access($levels) { if (!user_access($levels)) { // Access forbidden $user_level = $_SESSION['permissions']; if ($user_level == 'X') { alert('You need to log in to do that.', -1); require_once PATH::root() . '/Account/Signin.php'; die; } else { if ($user_level == 'E') { location('Account/Verify_Email'); } else { if ($user_level == 'P') { location('Account/Approve'); } else { if ($user_level == '+') { location('Admin/Super_Admin'); } else { if ($user_level == 'B') { location('Account/Banned'); } else { // Go home - e.g. if you're logged in and it's restrict_access('X') on Signin, you shouldn't be signing in again. It'll just bring you back home. location('Home'); } } } } } } }
public static function pathToRootFromURLRoot() { return removeLeadingSlash(subtractURLsEnd(backslashToForward(dirname(parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH))), subtractURLsStart(PATH::dir(), PATH::root()))); }
/* * recaptcha_get_html_f() * A laziness function that puts in the $RECAPTCHA_PUBLIC_KEY for me. */ function recaptcha_get_html_f() { global $RECAPTCHA_PUBLIC_KEY; return recaptcha_get_html($RECAPTCHA_PUBLIC_KEY); } // check IP ban list if (in_array(strtolower($_SERVER['REMOTE_ADDR']), $BANNED_IPS)) { session_name('Session'); session_start(); session_destroy(); $_SESSION['permissions'] = 'B'; require_once PATH::root() . '/Account/Banned.php'; } // hide .PHP extension (/Home.php -> /Home - this works because of a URL Rewrite in the .htaccess file) @($url_pieces = parse_url($_SERVER['REQUEST_URI'])); if ($url_pieces != false && basename($url_pieces['path']) != basename($url_pieces['path'], '.php')) { $url = basename($url_pieces['path'], '.php'); if (isset($url_pieces['query'])) { $url .= '?' . $url_pieces['query']; } header('Location: ' . $url); } // start a session session_name('Session'); session_start(); // all sessions have an XSRF-protection token that should be // submitted with all forms via invisible field.