PHP jr_admin_secure Examples

Example #1

File: pagestart.php Project: ALTUN69/icy_phoenix

include IP_ROOT_PATH . 'common.' . PHP_EXT;
$config['jquery_ui'] = true;
// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();
// End session management
// FORM CLASS - BEGIN
include IP_ROOT_PATH . 'includes/class_form.' . PHP_EXT;
$class_form = new class_form();
// FORM CLASS - END
include_once IP_ROOT_PATH . 'includes/functions_jr_admin.' . PHP_EXT;
if (!$user->data['session_logged_in']) {
    $redirect_append = '?redirect=' . urlencode(ADM . '/' . 'index.' . PHP_EXT) . '&admin=1';
    redirect(append_sid(IP_ROOT_PATH . CMS_PAGE_LOGIN . $redirect_append, true));
} elseif (!jr_admin_secure(basename($_SERVER['REQUEST_URI']))) {
    message_die(GENERAL_ERROR, $lang['Error_Module_ID'], '', __LINE__, __FILE__);
}
$session_id = request_get_var('sid', '');
if ($session_id != $user->data['session_id']) {
    redirect('index.' . PHP_EXT . '?sid=' . $user->data['session_id']);
}
if (empty($user->data['session_admin'])) {
    $redirect_append = '?redirect=' . urlencode(ADM . '/' . 'index.' . PHP_EXT) . '&admin=1';
    redirect(append_sid(IP_ROOT_PATH . CMS_PAGE_LOGIN . $redirect_append, true));
}
include_once IP_ROOT_PATH . 'includes/functions_admin_phpbb3.' . PHP_EXT;
if (empty($no_page_header)) {
    // Not including the pageheader can be neccesarry if META tags are needed in the calling script.
    include 'page_header_admin.' . PHP_EXT;
}

Example #2

File: pagestart.php Project: BackupTheBerlios/phpbbsfp

// End session management
//
// Jnr. Admin
include_once $phpbb_root_path . 'includes/functions_jr_admin.' . $phpEx;
find_lang_file_nivisec('lang_jr_admin');
if (!$userdata['session_logged_in']) {
    redirect(append_sid("login.{$phpEx}?redirect=admin/", true));
} else {
    if (isset($HTTP_GET_VARS['file'])) {
        $file = $HTTP_GET_VARS['file'] . '.' . $phpEx;
    } elseif (isset($HTTP_POST_VARS['file'])) {
        $file = $HTTP_POST_VARS['file'] . '.' . $phpEx;
    } else {
        $file = basename(isset($HTTP_SERVER_VARS['REQUEST_URI']) ? $HTTP_SERVER_VARS['REQUEST_URI'] : $HTTP_SERVER_VARS['PHP_SELF']);
    }
    if (!jr_admin_secure($file)) {
        message_die(GENERAL_ERROR, $lang['Error_Module_ID'], '', __LINE__, __FILE__);
    }
}
// Original
// else if ($userdata['user_level'] != ADMIN)
// {
//     message_die(GENERAL_MESSAGE, $lang['Not_admin']);
// }
if ($HTTP_GET_VARS['sid'] != $userdata['session_id']) {
    $url = str_replace(preg_replace('#^\\/?(.*?)\\/?$#', '\\1', trim($board_config['server_name'])), '', $HTTP_SERVER_VARS['REQUEST_URI']);
    $url = str_replace(preg_replace('#^\\/?(.*?)\\/?$#', '\\1', trim($board_config['script_path'])), '', $url);
    $url = str_replace('//', '/', $url);
    $url = preg_replace('/sid=([^&]*)(&?)/i', '', $url);
    $url = preg_replace('/\\?$/', '', $url);
    $url .= (strpos($url, '?') ? '&' : '?') . 'sid=' . $userdata['session_id'];