function checkAccess($_POST) { if ($query = trim($_POST['query'])) { // update to regexp $action = substr_count($query, 'LOAD'); if (!$action) { $action = substr_count($query, 'DELETE FROM'); } $first = substr_count($query, '<'); $last = substr_count($query, '>'); if ($action == 1 && $first == 1 && $last == 1) { preg_match('/<(.*)>/', $query, $matches); $uri = $matches[1]; $followers = SMOBTools::followings(); if ($followers) { foreach ($followers as $f) { $f = $f['uri']; if (strpos($f, $uri) == 0) { return true; } } } } } print "Operation not allowed"; die; }
private function followings() { return SMOBTemplate::users($this->type, SMOBTools::followings()); }