/**
* Check user permissions and authentication
*/
public function checkAuth()
{
$user = User::getInstance();
$uid = false;
if ($user->isAuthorized()) {
$uid = $user->id;
}
if (!$uid) {
if (Request::isAjax()) {
Response::jsonError($this->_lang->MSG_AUTHORIZE);
} else {
$this->loginAction();
}
}
/*
* Check CSRF token
*/
if ($this->_configFrontend->get('use_csrf_token') && Request::hasPost()) {
$csrf = new Security_Csrf();
$csrf->setOptions(array('lifetime' => $this->_configFrontend->get('use_csrf_token_lifetime'), 'cleanupLimit' => $this->_configFrontend->get('use_csrf_token_garbage_limit')));
if (!$csrf->checkHeader() && !$csrf->checkPost()) {
$this->_errorResponse($this->_lang->MSG_NEED_CSRF_TOKEN);
}
}
$this->_user = $user;
}
/**
* Check user permissions and authentication
*/
public function checkAuth()
{
$user = User::getInstance();
$uid = false;
if ($user->isAuthorized()) {
$uid = $user->id;
}
if (!$uid || !$user->isAdmin()) {
if (Request::isAjax()) {
Response::jsonError($this->_lang->MSG_AUTHORIZE);
} else {
$this->loginAction();
}
}
/*
* Check CSRF token
*/
if ($this->_configBackend->get('use_csrf_token') && Request::hasPost()) {
$csrf = new Security_Csrf();
$csrf->setOptions(array('lifetime' => $this->_configBackend->get('use_csrf_token_lifetime'), 'cleanupLimit' => $this->_configBackend->get('use_csrf_token_garbage_limit')));
if (!$csrf->checkHeader() && !$csrf->checkPost()) {
$this->_errorResponse($this->_lang->MSG_NEED_CSRF_TOKEN);
}
}
$this->_user = $user;
$isSysController = in_array(get_called_class(), $this->_configBackend->get('system_controllers'), true);
if ($isSysController) {
return;
}
if (!$this->_user->canView($this->_module)) {
$this->_errorResponse($this->_lang->CANT_VIEW);
}
$moduleManager = new Backend_Modules_Manager();
// $modules = Config::factory(Config::File_Array , $this->_configMain['backend_modules']);
/*
* Redirect for undefined module
*/
if (!$moduleManager->isValidModule($this->_module)) {
$this->_errorResponse($this->_lang->WRONG_REQUEST);
}
$moduleCfg = $moduleManager->getModuleConfig($this->_module);
/*
* Redirect for disabled module
*/
if ($moduleCfg['active'] == false) {
$this->_errorResponse($this->_lang->CANT_VIEW);
}
/*
* Redirect for dev module at prouction
*/
if ($moduleCfg['dev'] && !$this->_configMain['development']) {
$this->_errorResponse($this->_lang->CANT_VIEW);
}
}
<?php
if (!defined('DVELUM')) {
exit;
}
$res = Resource::getInstance();
$res->addJs('js/app/system/common.js', -1);
$token = '';
if ($this->useCSRFToken) {
$csrf = new Security_Csrf();
$token = $csrf->createToken();
}
$res->addJs('/js/lib/jquery.js', -2, true, 'head');
if ($this->development) {
$res->addJs('/js/lib/extjs4/ext-all-debug.js', -2, true);
} else {
$res->addJs('/js/lib/extjs4/ext-all.js', -2, true);
}
$res->addJs('/js/lang/' . $this->lang . '.js', -3, true);
$res->addCss('/js/lib/extjs4/resources/css/ext-all-gray.css', 1);
$res->addCss('/templates/system/default/css/style.css', 2);
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<BASE href="<?php
echo Request::baseUrl();
?>
">
<?php
if ($this->useCSRFToken) {
public function __construct()
{
if (!self::$_storage) {
self::$_storage = Store::factory(Store::Session, 'security_csrf');
}
}
