public function init()
{
// initialize the parent controller
parent::init();
$session = SessionWrapper::getInstance();
// check whether the user is logged in
if (isEmptyString($session->getVar('userid'))) {
// clear the session
$this->_helper->redirector->gotoSimpleAndExit("login", "user", $this->getRequest()->getModuleName(), array('redirecturl' => encode(Zend_Controller_Front::getInstance()->getRequest()->getRequestUri())));
}
$cache = Zend_Registry::get('cache');
// load the acl instance
$acl = getACLInstance();
// debugMessage('resource is '.$this->getResourceForACL()." action ".$this->getActionforACL()); exit;
if (!$acl->checkPermission($this->getResourceForACL(), $this->getActionforACL())) {
// debugMessage('resource is '.$this->getResourceForACL()." action ".$this->getActionforACL());
// redirect to the access denied page
$this->_helper->redirector->gotoSimpleAndExit("accessdenied", "index");
}
}
/**
* Init function.
*
* There are only a few actions that a normal user can do requesting the Core controller.
* The function check them, and allow the acction or not,
* if not, the user is redirected to the login form or throws an exception.
*
* @throws Phprojekt_PublishedException If the user is not an admin.
*
* @return void
*/
public function init()
{
parent::init();
if (!Phprojekt_Auth::isAdminUser()) {
$valid = false;
// Add exceptions for public calls into the Core
if ($this->getRequest()->getControllerName() == 'history' && $this->getRequest()->getActionName() == 'jsonList') {
$valid = true;
} else {
if ($this->getRequest()->getControllerName() == 'module' && $this->getRequest()->getActionName() == 'jsonGetGlobalModules') {
$valid = true;
} else {
if ($this->getRequest()->getControllerName() == 'role' && $this->getRequest()->getActionName() == 'jsonGetModulesAccess') {
$valid = true;
} else {
if ($this->getRequest()->getControllerName() == 'user' && $this->getRequest()->getActionName() == 'jsonGetUsers') {
$valid = true;
} else {
if ($this->getRequest()->getControllerName() == 'tab' && $this->getRequest()->getActionName() == 'jsonList') {
$valid = true;
} else {
if ($this->getRequest()->getControllerName() == 'setting') {
$valid = true;
}
}
}
}
}
}
if (!$valid) {
// If is a GET, show the login page
// If is a POST, send message in json format
if (!$this->getFrontController()->getRequest()->isGet()) {
throw new Phprojekt_PublishedException('Admin section is only for admin users', 500);
} else {
$this->_redirect(Phprojekt::getInstance()->getConfig()->webpath . 'index.php/Login/logout');
}
exit;
}
}
}
<?php
ini_set("display_errors", 1);
if (strpos($_SERVER['REQUEST_URI'], "index.php")) {
header("location: " . str_replace("index.php", "", $_SERVER['REQUEST_URI']));
}
$ds = DIRECTORY_SEPARATOR;
require_once '..' . $ds . 'protected' . $ds . 'config' . $ds . 'autoload.php';
$index = new IndexController();
$index->init();
