Exemple #1
0
 static function buildNavbar()
 {
     $html = '';
     $role = AuthHandler::getRole();
     $acl = $GLOBALS['acl'];
     $logged = $role !== ROLE_GUEST;
     // Put branding bar if we want one
     if (getConfiguration('branding.enable')) {
         $html .= ViewRenderer::renderToString('views/branding.php');
     }
     $html .= '<div id="navbar">';
     if ($logged) {
         $pages =& self::$pagesMember;
         // Put the right ref on the logout link
         $pages[4]['params'] = array('ref' => Utils::getRunningScript());
         // If we have no ride yet, the name of join.php is still "Join"
         if (!AuthHandler::isRideRegistered()) {
             $pages[1]['name'] = 'Join';
         }
     } else {
         $pages =& self::$pagesGuest;
     }
     $str = '<ol>';
     foreach ($pages as $page) {
         if ($acl->isAllowed($role, $page['href'])) {
             $str .= '<li><a href="' . Utils::buildLocalUrl($page['href'], isset($page['params']) ? $page['params'] : null) . '" ';
             if ($page['href'] == Utils::getRunningScript()) {
                 $str .= 'class="selected"';
             }
             $str .= '>' . _($page['name']) . '</a></li>';
         }
     }
     $str .= '</ol>';
     $html .= $str;
     $html .= self::buildLanguageSelector();
     $html .= self::buildRegionSelector();
     $html .= '<div class="clearFloat"></div></div>';
     return $html;
 }
Exemple #2
0
    $acl->addResource(ROLE_GUEST, array('webres.php', 'test.php'));
}
$acl->addResource(ROLE_GUEST, array('auth.php', 'optout.php'));
if (getConfiguration('auth.mode') == AuthHandler::AUTH_MODE_PASS) {
    $acl->addResource(ROLE_GUEST, array('join.php', 'help.php', 'AddRideAll.php', 'GetRegionConfiguration.php'));
} else {
    if (AuthHandler::getAuthMode() == AuthHandler::AUTH_MODE_TOKEN) {
        $acl->addResource(ROLE_GUEST, array('join.php', 'help.php', 'index.php', 'AddRideAll.php', 'feedback.php', 'SearchRides.php', 'GetRegionConfiguration.php'));
    }
}
$acl->addResource(ROLE_IDENTIFIED, array('join.php', 'help.php', 'index.php', 'feedback.php', 'logout.php', 'thanks.php', 'SearchRides.php', 'AddRideAll.php', 'GetRegionConfiguration.php'));
$acl->addResource(ROLE_IDENTIFIED_REGISTERED, array('ActivateToggle.php', 'DeleteRide.php', 'ShowInterest.php'));
// Content management
$acl->addResource(ROLE_ADMINISTRATOR, array('translations.php'));
// Enfore access control
$role = AuthHandler::getRole();
$resource = Utils::getRunningScript();
if (!$acl->isAllowed($role, $resource)) {
    if ($role == ROLE_GUEST && $acl->isAllowed($role, 'auth.php')) {
        // Not allowed: if not logged in and allowed to - redirect to login page
        GlobalMessage::setGlobalMessage(_('Please login to access this page'), GlobalMessage::ERROR);
        Utils::redirect('auth.php', array('ref' => $resource));
    } else {
        if ($acl->isAllowed($role, 'auth.php')) {
            // User is logged in but not permitted to use this page
            header("HTTP/1.1 401 Unauthorized");
            die('<p>' . _('Access Denied') . '</p>');
        } else {
            // User is not logged-in and not allowed to do that - totally forbidden
            header("HTTP/1.1 403 Forbidden");
            die('<p>' . _('Sorry, you are not allowed to use this application.') . '</p>');
Exemple #3
0
             throw new Exception("Could not insert city {$destCity}");
         }
     } else {
         $srcCityId = $destCityId;
     }
 }
 // Update the region
 if (!RegionManager::getInstance()->setRegion($region)) {
     throw new Exception("Failed to update region");
 }
 try {
     if ($isUpdateContact) {
         $updateParams = array('name' => $name, 'phone' => $phone);
         // In some scenarios, contact might exist before having a ride -
         // we need to set their role now
         $currentRole = AuthHandler::getRole();
         if ($currentRole == ROLE_IDENTIFIED) {
             $updateParams['role'] = ROLE_IDENTIFIED_REGISTERED;
             AuthHandler::setRole(ROLE_IDENTIFIED_REGISTERED);
         }
         $updateParams['email'] = $canUpdateEmail ? $email : null;
         $db->updateContact($updateParams, $contactId);
     } else {
         // If it is a new ride - register this contact
         $contactId = $db->addContact($name, $phone, $email, ROLE_IDENTIFIED_REGISTERED, $password);
         AuthHandler::authByContactId($contactId);
         AuthHandler::setRole(ROLE_IDENTIFIED_REGISTERED);
     }
 } catch (PDOException $e) {
     if ($e->getCode() == 23000) {
         $messages[] = _("This email address is already in use");