public function show($id = NULL, $params = NULL, $fn_argument = NULL) { global $auth; ### echo debug output ### if (isset($auth->cur_user)) { $user_name = $auth->cur_user->name; } else { $user_name = '__not_logged_in__'; } $crawler = Auth::isCrawler() ? 'crawler' : ''; log_message($user_name . '@' . getServerVar('REMOTE_ADDR', true) . " -> {$id} " . getServerVar('REQUEST_URI') . " (" . getServerVar('HTTP_USER_AGENT') . ") {$crawler}", LOG_MESSAGE_DEBUG); if (!$id) { $this->show('home'); exit; } else { if ($id != asAlphaNumeric($id)) { new FeedbackWarning("Ignored invalid page '" . asCleanString($id) . "'"); $this->show('home'); exit; } else { if (!isset($this->hash[$id])) { trigger_error('try to show undefined page-id ' . $id, E_USER_WARNING); $this->show('error'); return; } } } $handle = $this->hash[$id]; ### not authenticated ### if (!isset($auth) || !$auth->cur_user) { if (!$handle->valid_for_anonymous) { new FeedbackWarning("As an anonymous user you have not enough rights to view page '{$id}'"); $this->show('loginForm'); exit; } } ### check sufficient user-rights ### if ($handle->rights_required && !($handle->rights_required & $auth->cur_user->user_rights)) { $this->abortWarning("insufficient rights"); } ### hide modification pages from guests ### /** * Note: for some reason, this interfers with unit testing. Using the user agent for this * check here is extremely dirty, because it can be faked from attackers. This will not lead * to a result, because it switches the database for unit testing, though. */ if (getServerVar('HTTP_USER_AGENT') != 'streber_unit_tester') { if (isset($auth) && $auth->isAnonymousUser() && !$handle->valid_for_anonymous && ($handle->type == 'form' || $handle->type == 'subm' || $handle->type == 'func')) { $this->abortWarning("insufficient rights"); } } require_once $handle->req; #--- set page-handler-curpage --- $keep_cur_page_id = $this->cur_page_id; # show() might be called again, so we have to keep the page_id $this->cur_page_id = $id; $keep_cur_page = $this->cur_page; $this->cur_page = $handle; ### submit ### if ($handle->type = 'subm') { $tmp = get('from'); if ($tmp) { $this->cur_page_md5 = $tmp; } } #--- set params --- if ($params) { # global $vars; # foreach($params as $key=>$value) { # $vars[$key]=$value; # } # $vars['go']=$id; $params['go'] = $id; addRequestVars($params); } #--- avoid endless traps --- if (count($this->recursions) > MAX_PAGE_RECURSIONS) { trigger_error("maximum page recursions reached! (" . implode(",", $this->recursions) . ")", E_USER_ERROR); return; } $this->recursions[] = $id; #--- use id as function-name ---- if (function_exists($id)) { if ($fn_argument) { $id($fn_argument); # pass additional paramenter (eg. non-db-objects to xxxNew()-functions) } else { $id(); } } else { $this->abortWarning("page-call to undefined functions '{$id}'", ERROR_FATAL); } $this->cur_page_id = $keep_cur_page_id; $this->cur_page = $keep_cur_page; }
public static function getByIdentifierString($f_identifier_string) { $prefix = confGet('DB_TABLE_PREFIX'); $tmp = self::queryFromDb("SELECT * FROM {$prefix}person WHERE identifier='" . asAlphaNumeric($f_identifier_string) . "'"); if (!$tmp || count($tmp) != 1) { return false; } return $tmp[0]; }