/** * Check user permissions and authentication */ public function checkAuth() { $user = User::getInstance(); $uid = false; if ($user->isAuthorized()) { $uid = $user->id; } if (!$uid) { if (Request::isAjax()) { Response::jsonError($this->_lang->MSG_AUTHORIZE); } else { $this->loginAction(); } } /* * Check CSRF token */ if ($this->_configFrontend->get('use_csrf_token') && Request::hasPost()) { $csrf = new Security_Csrf(); $csrf->setOptions(array('lifetime' => $this->_configFrontend->get('use_csrf_token_lifetime'), 'cleanupLimit' => $this->_configFrontend->get('use_csrf_token_garbage_limit'))); if (!$csrf->checkHeader() && !$csrf->checkPost()) { $this->_errorResponse($this->_lang->MSG_NEED_CSRF_TOKEN); } } $this->_user = $user; }
/** * Check user permissions and authentication */ public function checkAuth() { $user = User::getInstance(); $uid = false; if ($user->isAuthorized()) { $uid = $user->id; } if (!$uid || !$user->isAdmin()) { if (Request::isAjax()) { Response::jsonError($this->_lang->MSG_AUTHORIZE); } else { $this->loginAction(); } } /* * Check CSRF token */ if ($this->_configBackend->get('use_csrf_token') && Request::hasPost()) { $csrf = new Security_Csrf(); $csrf->setOptions(array('lifetime' => $this->_configBackend->get('use_csrf_token_lifetime'), 'cleanupLimit' => $this->_configBackend->get('use_csrf_token_garbage_limit'))); if (!$csrf->checkHeader() && !$csrf->checkPost()) { $this->_errorResponse($this->_lang->MSG_NEED_CSRF_TOKEN); } } $this->_user = $user; $isSysController = in_array(get_called_class(), $this->_configBackend->get('system_controllers'), true); if ($isSysController) { return; } if (!$this->_user->canView($this->_module)) { $this->_errorResponse($this->_lang->CANT_VIEW); } $moduleManager = new Backend_Modules_Manager(); // $modules = Config::factory(Config::File_Array , $this->_configMain['backend_modules']); /* * Redirect for undefined module */ if (!$moduleManager->isValidModule($this->_module)) { $this->_errorResponse($this->_lang->WRONG_REQUEST); } $moduleCfg = $moduleManager->getModuleConfig($this->_module); /* * Redirect for disabled module */ if ($moduleCfg['active'] == false) { $this->_errorResponse($this->_lang->CANT_VIEW); } /* * Redirect for dev module at prouction */ if ($moduleCfg['dev'] && !$this->_configMain['development']) { $this->_errorResponse($this->_lang->CANT_VIEW); } }
<?php if (!defined('DVELUM')) { exit; } $res = Resource::getInstance(); $res->addJs('js/app/system/common.js', -1); $token = ''; if ($this->useCSRFToken) { $csrf = new Security_Csrf(); $token = $csrf->createToken(); } $res->addJs('/js/lib/jquery.js', -2, true, 'head'); if ($this->development) { $res->addJs('/js/lib/extjs4/ext-all-debug.js', -2, true); } else { $res->addJs('/js/lib/extjs4/ext-all.js', -2, true); } $res->addJs('/js/lang/' . $this->lang . '.js', -3, true); $res->addCss('/js/lib/extjs4/resources/css/ext-all-gray.css', 1); $res->addCss('/templates/system/default/css/style.css', 2); ?> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <BASE href="<?php echo Request::baseUrl(); ?> "> <?php if ($this->useCSRFToken) {
public function __construct() { if (!self::$_storage) { self::$_storage = Store::factory(Store::Session, 'security_csrf'); } }