function throw_error($message, $backpage)
{
//redirect to error page
$_SESSION['m'] = $message;
$_SESSION['bp'] = get_absolute_uri($backpage);
header("Location: " . get_absolute_uri("error.php"));
}
require_once '../src/authentication/PagePermissions.php';
/*
* auth.php
*
* This script verifies that a user is logged in and, if not, sends them
* to the login page. It must be included in every file that should be
* protected from unauthorized access (ie, all admin scripts/files)
*
*/
//we need to check the sesssion to ensure that A) it matchees the user id that was signed in with
if (session_id() == '') {
session_start();
}
if (isset($_SESSION['UID']) && isset($_SESSION['USER']) && isUserObjectValid()) {
$GLOBALS['BAC_PAGE_PERMISSIONS'] = setPagePermissions();
} else {
header("Location: " . get_absolute_uri('login.php'));
die;
}
function setPagePermissions()
{
$uri = $_SERVER['REQUEST_URI'];
$page = strrchr($uri, '/');
$page = substr($page, 1, strrpos($page, '.') - 1);
return $_SESSION['USER']->getPagePermission($page);
}
//TODO: validate the user object held in the session
function isUserObjectValid()
{
return true;
}
<?php
include 'auth.php';
if (isset($_SESSION['m'])) {
$message = $_SESSION['m'];
} else {
$message = "";
}
if (isset($_SESSION['bp'])) {
$backpage = $_SESSION['bp'];
} else {
$backpage = get_absolute_uri("index.php");
}
unset($_SESSION['m']);
unset($_SESSION['bp']);
?>
<?php
$BAC_TITLE_TEXT = "BarelyACMS - Error";
include 'header.php';
?>
<p>An error has occured: <?php
echo $message;
?>
</p>
<p><a href='<?php
echo $backpage;
?>
'> Please click here to return to the previous page, and try your request again. </a></p>
<?php
$_SESSION['USER'] = $cuser;
header("Location: " . get_absolute_uri('index.php'));
} else {
$message = "Please try again";
}
} else {
$message = "Please try again";
}
} else {
$message = "Please try again";
}
}
} else {
//they're logged in, why are they back at the login page?
//get back to home!
header("Location: " . get_absolute_uri('index.php'));
return;
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="bootstrap/css/bootstrap.min.css" rel="stylesheet" media="screen" />
<script src="js/jquery.min.js" type="text/javascript"></script>
<script src="bootstrap/js/bootstrap.min.js" type="text/javascript"></script>
<link href="styles/styles.css" rel="stylesheet" media="screen" />
<style type="text/css">
.center {
float: none;
margin: 0 auto;
<?php
/**
* This is the settings page for BAC. It allows authorized users to
* modify BAC settings such as the sitemap, passwords and permissions.
*/
include 'auth.php';
include_once '../src/util.php';
require __DIR__ . '/handlers/SettingsHandler.php';
$requestHandler = new SettingsHandler();
$data = $requestHandler->handleRequest($_POST, $_GET);
//TODO: Remove this hack, we now use the setup.php script
$data['notfirst'] = 'true';
if (isset($data['redirectToLogin']) && $data['redirectToLogin'] == 'true') {
header("Location: " . get_absolute_uri("login.php"));
die;
}
$displaymessage = "";
if (!isset($data['message'])) {
$data['message'] = "";
}
if ($data['message']) {
$displaymessage = "block";
} else {
$displaymessage = "none";
}
$messageclass = 'alert-success';
if (isset($data['settingsSaved'])) {
if ($data['settingsSaved'] == 'true') {
$messageclass = "alert-success";
} else {
