function getmodulesmenu($menu) { global $bhcurrent, $bherrors; $modulesarray = bh_listmodulesmenu($menu); foreach ($modulesarray as $module => $modrow) { if (bh_checkmodulepermission($module, $bhcurrent['userobj']->type) == 1) { $menumods[] = array("module" => $module, "icon" => $this->getmoduleicon($module), "title" => bh_moduletitle($module)); } } return $menumods; }
function bh_listmodulesdirectory($filepath) { global $bhcurrent, $bhsession; # Get lists of modules it's allowed $modrows = select_bhdb("modulesdirectory", array("status" => "1"), ""); $userobj = new bhuser($bhsession['username']); # Go through and select those the user is allowed to access foreach ($modrows as $modrow) { if (bh_checkmodulepermission($modrow['module'], $userobj->type) == 1) { if (bh_checkmodulefilepath($modrow['module'], $filepath, $bhsession['username']) == 1) { # Special provision for the deletefolder module if (!($modrow['module'] == "deletefolder" && ($filepath == "/" || $filepath == "" || $filepath == $userobj->homedir))) { $allowedmods[$modrow['module']] = $modrow; } } } } return $allowedmods; }
$bhcurrent['userobj'] = new bhuser($bhsession['username']); # OK, all loaded, check the page they requested. $page = $_GET['page']; if (empty($page)) { $page = $_POST['page']; } if (empty($page)) { $page = "main"; } if (!file_exists("modules/" . $page . ".inc.php")) { bh_log($bhlang['error:page_not_exist'], "BH_NOPAGE"); $page = "error"; } ### OK, now do security checks. # Usertype check if (bh_checkmodulepermission($page, $bhcurrent['userobj']->type) == 0) { bh_log($bhlang['error:access_denied'], "BH_ACCESS_DENIED"); bh_log($bhlang['error:access_denied'], "BH_ERROR"); $page = "error"; } # fileperm check (if needed) if (!empty($_GET['filepath'])) { if (bh_checkmodulefilepath($page, $_GET['filepath'], $bhcurrent['userobj']->username) == 0) { bh_log($bhlang['error:access_denied'], "BH_ACCESS_DENIED"); bh_log($bhlang['error:access_denied'], "BH_ERROR"); $page = "error"; } } # Pass control to the requested page require "modules/" . $page . ".inc.php"; # The End.