function get_webpage_access_allowed($page_name)
{
$session_member = SessionLib::get('user_member.member');
$params = ['page_name' => $page_name];
if ($session_member == -1) {
$get_access_query = <<<SQL
select access_allowed_by_default as access_allowed
from tb_webpage
where ?page_name? ilike base_uri_glob
SQL;
} else {
$get_access_query = <<<SQL
select tt.access_allowed
from tb_member_role rm,
fn_get_page_permissions_for_role( rm.role ) tt
join tb_webpage w
using ( webpage )
where rm.member = ?member?
and ?page_name? ilike w.base_uri_glob
SQL;
$params['member'] = $session_member;
}
$result = query_execute($get_access_query, $params);
if (query_success($result)) {
$row = query_fetch_one($result);
return $row['access_allowed'] == 't';
}
return false;
}
public function write($session_id, $data)
{
error_log("SessionHandler::write() called!");
$member_session_columns = ['member' => SessionLib::get('user_member.member'), 'value' => $data, 'accessed' => 'now()'];
$session = create_or_update_member_session_by_key($session_id, $member_session_columns);
return $session !== false;
}
<header>
<h1>Under The Couch</h1>
<nav>
Welcome, <?php
echo SessionLib::get('user_member.name');
?>
!
</nav>
<br />
<nav>
<ul class="mainnav">
<li><a href="/index.php">Home</a></li>
<li><a href="/calendar.php">Calendar</a></li>
<li>
Info
<ul class="subnav">
<li><a href="/info/about.php">About Us</a></li>
<li><a href="/info/capabilities.php">Capabilities</a></li>
<li><a href="/info/mn.php">Musician's Network</a></li>
<li><a href="/info/openmic.php">Open Mic Night</a></li>
</ul>
</li>
<li>
Media
<ul class="subnav">
<li><a href="/media/photos.php">Photos</a></li>
<li><a href="/media/videos.php">Videos</a></li>
</ul>
</li>
<?php
db_include('create_or_update_blog_post');
lib_include('email_lib');
if (!is_admin()) {
header('HTTP/1.0 403 Forbidden');
$display_message = 'Access forbidden!';
$redirect = '/index.php';
} else {
$params = ['title' => $_POST['title'], 'body' => $_POST['body'], 'author' => SessionLib::get('user_member.member')];
$posted = create_or_update_blog_post($params);
if ($posted) {
$display_message = 'Wrote post! <br />';
$redirect = "/blog/blog.php?id={$posted}";
if (isset($_POST['sendemail']) && $_POST['sendemail']) {
$sent_mail = send_html_email('*****@*****.**', $_POST['title'], $_POST['body']);
$display_message .= $sent_email ? 'Sent email!' : 'Failed to send email!';
}
} else {
$display_message = 'Failed to write post!';
$redirect = '/blog/writeblog.php';
$_POST['blog_fail_return'] = true;
}
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Under the Couch - Posting Blog Post...</title>
// Set the webroot
if (isset($_SERVER['CONTEXT_DOCUMENT_ROOT']) && $_SERVER['CONTEXT_DOCUMENT_ROOT']) {
$GLOBALS['webroot'] = $_SERVER['CONTEXT_DOCUMENT_ROOT'];
} else {
if (preg_match('/(\\/var\\/www\\/dev.underthecouch.org\\/[^\\/]+)\\//', __FILE__, $matches) == 1) {
$GLOBALS['webroot'] = $matches[1];
}
}
// Require the necessary includes
require_once 'common/php/constants.php';
require_once 'common/php/include.php';
lib_include('db_lib');
lib_include('session_lib');
db_include('get_webpage_access_allowed');
// Initialize the database connection
get_or_connect_to_db();
// Start a session
set_session_save_handler();
SessionLib::startSession();
SessionLib::registerSession();
// Make sure we can access the page we want
$requested_page = $_REQUEST['file'];
if (!get_webpage_access_allowed($requested_page)) {
require_once '404.php';
} else {
// Finally load the requested page
if (isset($requested_page) && file_exists($requested_page)) {
require_once $requested_page;
}
}
exit;
public static function registerSession()
{
if (self::$sessionStarted) {
error_log("Registering session!");
self::$sessionRegistered = true;
$sessionMember = self::get('user_member');
if ($sessionMember === null) {
error_log("Session member was null - setting guest credentials!");
self::set('user_member.member', -1);
self::set('user_member.name', 'guest');
}
return true;
} else {
error_log("Tried to register the same session twice!");
return false;
}
}
function logout()
{
SessionLib::destroySession();
}
