function get_webpage_access_allowed($page_name) { $session_member = SessionLib::get('user_member.member'); $params = ['page_name' => $page_name]; if ($session_member == -1) { $get_access_query = <<<SQL select access_allowed_by_default as access_allowed from tb_webpage where ?page_name? ilike base_uri_glob SQL; } else { $get_access_query = <<<SQL select tt.access_allowed from tb_member_role rm, fn_get_page_permissions_for_role( rm.role ) tt join tb_webpage w using ( webpage ) where rm.member = ?member? and ?page_name? ilike w.base_uri_glob SQL; $params['member'] = $session_member; } $result = query_execute($get_access_query, $params); if (query_success($result)) { $row = query_fetch_one($result); return $row['access_allowed'] == 't'; } return false; }
public function write($session_id, $data) { error_log("SessionHandler::write() called!"); $member_session_columns = ['member' => SessionLib::get('user_member.member'), 'value' => $data, 'accessed' => 'now()']; $session = create_or_update_member_session_by_key($session_id, $member_session_columns); return $session !== false; }
<header> <h1>Under The Couch</h1> <nav> Welcome, <?php echo SessionLib::get('user_member.name'); ?> ! </nav> <br /> <nav> <ul class="mainnav"> <li><a href="/index.php">Home</a></li> <li><a href="/calendar.php">Calendar</a></li> <li> Info <ul class="subnav"> <li><a href="/info/about.php">About Us</a></li> <li><a href="/info/capabilities.php">Capabilities</a></li> <li><a href="/info/mn.php">Musician's Network</a></li> <li><a href="/info/openmic.php">Open Mic Night</a></li> </ul> </li> <li> Media <ul class="subnav"> <li><a href="/media/photos.php">Photos</a></li> <li><a href="/media/videos.php">Videos</a></li> </ul> </li>
<?php db_include('create_or_update_blog_post'); lib_include('email_lib'); if (!is_admin()) { header('HTTP/1.0 403 Forbidden'); $display_message = 'Access forbidden!'; $redirect = '/index.php'; } else { $params = ['title' => $_POST['title'], 'body' => $_POST['body'], 'author' => SessionLib::get('user_member.member')]; $posted = create_or_update_blog_post($params); if ($posted) { $display_message = 'Wrote post! <br />'; $redirect = "/blog/blog.php?id={$posted}"; if (isset($_POST['sendemail']) && $_POST['sendemail']) { $sent_mail = send_html_email('*****@*****.**', $_POST['title'], $_POST['body']); $display_message .= $sent_email ? 'Sent email!' : 'Failed to send email!'; } } else { $display_message = 'Failed to write post!'; $redirect = '/blog/writeblog.php'; $_POST['blog_fail_return'] = true; } } ?> <!doctype html> <html> <head> <meta charset="utf-8"> <title>Under the Couch - Posting Blog Post...</title>
// Set the webroot if (isset($_SERVER['CONTEXT_DOCUMENT_ROOT']) && $_SERVER['CONTEXT_DOCUMENT_ROOT']) { $GLOBALS['webroot'] = $_SERVER['CONTEXT_DOCUMENT_ROOT']; } else { if (preg_match('/(\\/var\\/www\\/dev.underthecouch.org\\/[^\\/]+)\\//', __FILE__, $matches) == 1) { $GLOBALS['webroot'] = $matches[1]; } } // Require the necessary includes require_once 'common/php/constants.php'; require_once 'common/php/include.php'; lib_include('db_lib'); lib_include('session_lib'); db_include('get_webpage_access_allowed'); // Initialize the database connection get_or_connect_to_db(); // Start a session set_session_save_handler(); SessionLib::startSession(); SessionLib::registerSession(); // Make sure we can access the page we want $requested_page = $_REQUEST['file']; if (!get_webpage_access_allowed($requested_page)) { require_once '404.php'; } else { // Finally load the requested page if (isset($requested_page) && file_exists($requested_page)) { require_once $requested_page; } } exit;
public static function registerSession() { if (self::$sessionStarted) { error_log("Registering session!"); self::$sessionRegistered = true; $sessionMember = self::get('user_member'); if ($sessionMember === null) { error_log("Session member was null - setting guest credentials!"); self::set('user_member.member', -1); self::set('user_member.name', 'guest'); } return true; } else { error_log("Tried to register the same session twice!"); return false; } }
function logout() { SessionLib::destroySession(); }