public static function processAdminPageSecurity($ajaxMode = false) { Security::processLogoutRequest(); if (!isLogged() || isLoggedAsGuest()) { Security::tryRelogin(); } if (IsAdmin()) { return true; } if ($ajaxMode) { Security::sendPermissionError(); return false; } // The user is logged in but lacks necessary permissions // redirect to Menu. if (isLogged() && !isLoggedAsGuest()) { HeaderRedirect("menu"); return false; } // Not logged in // redirect to Login // Save current URL in session Security::saveRedirectURL(); redirectToLogin(); return false; }
function checkAuth() { $user = getUser(); if ($user) { return $user; } redirectToLogin(); }
<?php $timeStart = microtime(true); session_start(); ob_start(); if (empty($_SESSION)) { exit(header("Location: ../../index.php")); } require_once $_SESSION['File_Root'] . '/Kernel/Include.php'; require_once $_SESSION['File_Root'] . '/HTML/Header.php'; require_once 'Functions/SQL.php'; redirectToLogin($accountID, $linkRoot); $battle = findBattle($bdd, $characterID); $magicID = htmlspecialchars(addslashes($_POST['magicID'])); $magic = newMagic($bdd, $magicID); ?> <div class="panel panel-warning"> <div class="panel-heading"> <img src="<?php echo $monsterPicture; ?> " alt=""> </div> <div class="panel-body"> <?php if ($characterMP >= $magic->getMPCost()) { $magicEffect = round($magic->getEffect() + $characterMagic / 100); if ($totalDamageMonster <= 0) { $totalDamageMonster = 0; }
<?php @ini_set("display_errors", "1"); @ini_set("display_startup_errors", "1"); require_once "include/dbcommon.php"; add_nocache_headers(); require_once "include/CompanyMaster_variables.php"; require_once "classes/searchcontrol.php"; require_once "classes/advancedsearchcontrol.php"; require_once "classes/panelsearchcontrol.php"; require_once "classes/searchclause.php"; if (!isLogged()) { Security::saveRedirectURL(); redirectToLogin(); } $cname = postvalue("cname"); $rname = postvalue("rname"); $accessGranted = CheckTablePermissions($strTableName, "S"); if (!$accessGranted) { HeaderRedirect("menu"); } $layout = new TLayout("search5", "CityBlueWave", "MobileBlueWave"); $layout->version = 2; $layout->blocks["top"] = array(); $layout->containers["fields"] = array(); $layout->container_properties["fields"] = array(); $layout->containers["fields"][] = array("name" => "srchheader", "block" => "searchheader", "substyle" => 2); $layout->containers["fields"][] = array("name" => "srchconditions", "block" => "conditions_block", "substyle" => 1); $layout->containers["fields"][] = array("name" => "srchfields", "block" => "", "substyle" => 1); $layout->containers["fields"][] = array("name" => "srchbuttons", "block" => "searchbuttons", "substyle" => 2); $layout->skins["fields"] = "fields";
/** * @param String table */ public static function processAddPageSecurity($table) { // user has necessary permissions if (Security::checkPagePermissions($table, "A")) { return true; } // display entered data. Give the user chance to relogin. Do nothing for now. if (postvalue("a") == "added") { return true; } // page can not be displayed. Redirect or return error // return error if the page is requested by AJAX $pageMode = AddPage::readAddModeFromRequest(); if ($pageMode != ADD_SIMPLE) { Security::sendPermissionError(); return false; } // The user is logged in but lacks necessary permissions // redirect to List page or Menu. if (isLogged() && !isLoggedAsGuest()) { Security::redirectToList($table); return false; } redirectToLogin(); return false; }
if (count($arrayGUIs) == 1) { if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") { $myURL = "Location: https://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']) . "/index.php?" . strip_tags(SID) . "&gui_id=" . $arrayGUIs[0]; } else { $myURL = "Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']) . "/index.php?" . strip_tags(SID) . "&gui_id=" . $arrayGUIs[0]; } # remove name and password from url, because url params are parsed later and written in javascript $cleanUrl = preg_replace("/name=[^&]*&/", "", $_SERVER["QUERY_STRING"]); $cleanUrl = preg_replace("/password=[^&]*&/", "", $cleanUrl); $myURL .= "&" . $cleanUrl; header($myURL); die; } else { require_once dirname(__FILE__) . "/../php/mb_listGUIs.php"; mb_listGUIs($arrayGUIs); } } } else { Mapbender::session()->kill(); $sql_set_cnt = "UPDATE mb_user SET mb_user_login_count = (mb_user_login_count + 1) WHERE mb_user_name = \$1"; $v = array($name); $t = array('s'); db_prep_query($sql_set_cnt, $v, $t); redirectToLogin($name); } } ?> </div> </body> </html>
public static function processEditPageSecurity($table) { // user has necessary permissions if (Security::checkPagePermissions($table, "E")) { return true; } // display entered data. Give the user chance to relogin. Do nothing for now. if (postvalue("a") == "edited") { return true; } // page can not be displayed. Redirect or return error $pageMode = EditPage::readEditModeFromRequest(); // return error if the page is requested by AJAX if ($pageMode != EDIT_SIMPLE) { Security::sendPermissionError(); return false; } // The user is logged in but lacks necessary permissions // redirect to List page or Menu. if (isLogged() && !isLoggedAsGuest()) { Security::redirectToList($table); return false; } // Not logged in // redirect to Login // Save current URL in session $keyParams = array(); $i = 1; while (postvalue("editid" . $i)) { $keyParams[] = "editid" . $i . "=" . rawurlencode(postvalue("editid" . $i)); $i++; } $_SESSION["MyURL"] = $_SERVER["SCRIPT_NAME"] . "?" . implode("&", $keyParams); redirectToLogin(); return false; }
public static function processListPageSecurity($table) { // user has necessary permissions if (Security::checkPagePermissions($table, "S")) { return true; } $mode = ListPage::readListModeFromRequest(); // check special permissions like lookup mode if ($mode == LIST_LOOKUP && ListPage::checkLookupPermissions($table)) { return true; } // page can not be displayed. Redirect or return error // return error if the page is requested by AJAX if ($mode != LIST_SIMPLE) { Security::sendPermissionError(); return false; } // The user is logged in but lacks necessary permissions // redirect to List page or Menu. if (isLogged() && !isLoggedAsGuest()) { HeaderRedirect("menu"); return false; } // Not logged in // redirect to Login // Current URL is already saved in session redirectToLogin(); return false; }
function requireUserAccount() { global $PAGE; if (!isUserLoggedIn()) { logIt($PAGE . " only allows users - force login", "DEBUG"); redirectToLogin(); } elseif (isUserSuspended()) { logIt("Redirecting suspended account to profile.php", "DEBUG"); $msg = "Your account has been suspended. You will be unable to access the site until this is resolved."; logout($msg); } return; }