function validateUser() { global $connection, $page; if (isset($_SESSION["notes-user"])) { //control if teachers user exists an has permissions $user = $_SESSION["notes-user"]; $request = "SELECT * FROM teachers_users WHERE user = '******'"; $result = $connection->query($request); $line = $result->fetch_assoc(); if ($line["user"] == $user) { $is_authenticated = true; } else { $is_authenticated = false; } } elseif (isset($_SESSION["user"])) { //control if backend user exists an has permissions $user = $_SESSION["user"]; $request = "SELECT * FROM backend_users WHERE user = '******'"; $result = $connection->query($request); $line = $result->fetch_assoc(); include_once "core/module-loader.php"; //Inlcude functions to check permissions if authenticated in backend mode if ($line["user"] == $user && checkPermissionModules("notes-engine")) { $is_authenticated = true; } else { $is_authenticated = false; } } else { $is_authenticated = false; } return $is_authenticated; }
break; case "ajax-delete-content": $id = $connection->real_escape_string($_POST["id"]); DeleteContent($id); break; case "ajax-new-content": NewContent($connection->real_escape_string($_POST["type"]), uniqid()); break; case "ajax-add-content-dialog": AddContentDialog(); break; case "ajax-add-content-execute": AddContentExecute($connection->real_escape_string($_POST["type"]), $connection->real_escape_string($_POST["id"])); break; case "footer": if (checkPermissionModules("content-footer") === true) { DrawFooterGUI(); } else { ModuleAccessDeniedException("content-footer"); } break; case "ajax-manual-editor-footer": GetFooterEditorContent(); break; case "ajax-save-footer": SaveFooter($_POST["content"]); break; default: ContainerEditMode($connection->real_escape_string($_GET["arg"])); } function DrawContentList($filter)
} include "common/common.php"; //common functions for backend system //initialize HTML page, CSS style and old IE compatibility measures echo "<!DOCTYPE html>\n<html lang='it'>\n<head>\n <meta charset='utf-8'>\n <meta http-equiv='X-UA-Compatible' content='IE=edge'>\n <meta name='viewport' content='width=device-width, initial-scale=1'>\n <title>{$config->website_name} - Vesi Backend</title>\n <link href='../assets/css/jquery-ui.min.css' rel='stylesheet'>\n <link href='../assets/css/jquery-ui.theme.min.css' rel='stylesheet'>\n <link href='../assets/css/bootstrap.min.css' rel='stylesheet'>\n <link href='../assets/css/font-awesome.min.css' rel='stylesheet'>\n <link href='../assets/css/custom-main.css' rel='stylesheet'>\n <!--[if lt IE 9]>\n <script src='../assets/js/html5shiv.min.js'></script>\n <script src='../assets/js/respond.min.js'></script>\n <![endif]-->\n</head>\n<body>\n"; //Include menu system include "common/menusys.php"; echo "<div class='container-fluid'>\n"; //integrate correct module $json = file_get_contents("modules.json"); $module_list = json_decode($json); $i = 0; foreach ($module_list->installed as $module_i) { if ($module_i->name == $module) { if (file_exists("modules/" . $module_i->path)) { if (checkPermissionModules($module) === true) { include "modules/" . $module_i->path; } else { ModuleAccessDeniedException($module); } $i = 1; } else { ModuleNotExistingError($module); } } } if ($i == 0) { ModuleNotExistingError($module); } //load JS scripts echo "</div><script src='../assets/js/jquery-1.11.2.min.js'></script><script src='../assets/js/jquery-ui.min.js'></script>";