public function show($id = NULL, $params = NULL, $fn_argument = NULL)
{
global $auth;
### echo debug output ###
if (isset($auth->cur_user)) {
$user_name = $auth->cur_user->name;
} else {
$user_name = '__not_logged_in__';
}
$crawler = Auth::isCrawler() ? 'crawler' : '';
log_message($user_name . '@' . getServerVar('REMOTE_ADDR', true) . " -> {$id} " . getServerVar('REQUEST_URI') . " (" . getServerVar('HTTP_USER_AGENT') . ") {$crawler}", LOG_MESSAGE_DEBUG);
if (!$id) {
$this->show('home');
exit;
} else {
if ($id != asAlphaNumeric($id)) {
new FeedbackWarning("Ignored invalid page '" . asCleanString($id) . "'");
$this->show('home');
exit;
} else {
if (!isset($this->hash[$id])) {
trigger_error('try to show undefined page-id ' . $id, E_USER_WARNING);
$this->show('error');
return;
}
}
}
$handle = $this->hash[$id];
### not authenticated ###
if (!isset($auth) || !$auth->cur_user) {
if (!$handle->valid_for_anonymous) {
new FeedbackWarning("As an anonymous user you have not enough rights to view page '{$id}'");
$this->show('loginForm');
exit;
}
}
### check sufficient user-rights ###
if ($handle->rights_required && !($handle->rights_required & $auth->cur_user->user_rights)) {
$this->abortWarning("insufficient rights");
}
### hide modification pages from guests ###
/**
* Note: for some reason, this interfers with unit testing. Using the user agent for this
* check here is extremely dirty, because it can be faked from attackers. This will not lead
* to a result, because it switches the database for unit testing, though.
*/
if (getServerVar('HTTP_USER_AGENT') != 'streber_unit_tester') {
if (isset($auth) && $auth->isAnonymousUser() && !$handle->valid_for_anonymous && ($handle->type == 'form' || $handle->type == 'subm' || $handle->type == 'func')) {
$this->abortWarning("insufficient rights");
}
}
require_once $handle->req;
#--- set page-handler-curpage ---
$keep_cur_page_id = $this->cur_page_id;
# show() might be called again, so we have to keep the page_id
$this->cur_page_id = $id;
$keep_cur_page = $this->cur_page;
$this->cur_page = $handle;
### submit ###
if ($handle->type = 'subm') {
$tmp = get('from');
if ($tmp) {
$this->cur_page_md5 = $tmp;
}
}
#--- set params ---
if ($params) {
# global $vars;
# foreach($params as $key=>$value) {
# $vars[$key]=$value;
# }
# $vars['go']=$id;
$params['go'] = $id;
addRequestVars($params);
}
#--- avoid endless traps ---
if (count($this->recursions) > MAX_PAGE_RECURSIONS) {
trigger_error("maximum page recursions reached! (" . implode(",", $this->recursions) . ")", E_USER_ERROR);
return;
}
$this->recursions[] = $id;
#--- use id as function-name ----
if (function_exists($id)) {
if ($fn_argument) {
$id($fn_argument);
# pass additional paramenter (eg. non-db-objects to xxxNew()-functions)
} else {
$id();
}
} else {
$this->abortWarning("page-call to undefined functions '{$id}'", ERROR_FATAL);
}
$this->cur_page_id = $keep_cur_page_id;
$this->cur_page = $keep_cur_page;
}
public static function getByIdentifierString($f_identifier_string)
{
$prefix = confGet('DB_TABLE_PREFIX');
$tmp = self::queryFromDb("SELECT * FROM {$prefix}person WHERE identifier='" . asAlphaNumeric($f_identifier_string) . "'");
if (!$tmp || count($tmp) != 1) {
return false;
}
return $tmp[0];
}
