/** * Method executed before each action * * @access public */ public function beforeAction($controller, $action) { // Start the session $this->session->open(BASE_URL_DIRECTORY, SESSION_SAVE_PATH); // HTTP secure headers $this->response->csp(array('style-src' => "'self' 'unsafe-inline'")); $this->response->nosniff(); $this->response->xss(); $this->response->hsts(); $this->response->xframe(); // Load translations $language = $this->config->get('language', 'en_US'); if ($language !== 'en_US') { Translator::load($language); } // Set timezone date_default_timezone_set($this->config->get('timezone', 'UTC')); // Authentication if (!$this->authentication->isAuthenticated($controller, $action)) { $this->response->redirect('?controller=user&action=login&redirect_query=' . urlencode($this->request->getQueryString())); } // Check if the user is allowed to see this page if (!$this->acl->isPageAccessAllowed($controller, $action)) { $this->response->redirect('?controller=user&action=forbidden'); } // Attach events $this->attachEvents(); }
/** * Method executed before each action * * @access public */ public function beforeAction($controller, $action) { // Start the session $this->session->open(BASE_URL_DIRECTORY); // HTTP secure headers $this->response->csp(array('style-src' => "'self' 'unsafe-inline'")); $this->response->nosniff(); $this->response->xss(); // Allow the public board iframe inclusion if ($action !== 'readonly') { $this->response->xframe(); } if (ENABLE_HSTS) { $this->response->hsts(); } $this->config->setupTranslations(); $this->config->setupTimezone(); // Authentication if (!$this->authentication->isAuthenticated($controller, $action)) { if ($this->request->isAjax()) { $this->response->text('Not Authorized', 401); } $this->response->redirect('?controller=user&action=login&redirect_query=' . urlencode($this->request->getQueryString())); } // Check if the user is allowed to see this page if (!$this->acl->isPageAccessAllowed($controller, $action)) { $this->response->redirect('?controller=user&action=forbidden'); } // Attach events $this->attachEvents(); }
/** * Check authentication * * @access public */ public function handleAuthentication() { if (!$this->authentication->isAuthenticated()) { if ($this->request->isAjax()) { $this->response->text('Not Authorized', 401); } $this->response->redirect('?controller=user&action=login&redirect_query=' . urlencode($this->request->getQueryString())); } }
/** * Check authentication * * @access public */ public function handleAuthentication() { if (!$this->authentication->isAuthenticated()) { if ($this->request->isAjax()) { $this->response->text('Not Authorized', 401); } $this->response->redirect($this->helper->url->to('auth', 'login', array('redirect_query' => urlencode($this->request->getQueryString())))); } }
/** * Check page access and authentication * * @access public */ public function handleAuthenticatedUser($controller, $action) { if (!$this->authentication->isAuthenticated()) { if ($this->request->isAjax()) { $this->response->text('Not Authorized', 401); } $this->response->redirect('?controller=user&action=login&redirect_query=' . urlencode($this->request->getQueryString())); } if (!$this->acl->isAllowed($controller, $action, $this->request->getIntegerParam('project_id', 0))) { $this->forbidden(); } }