コード例 #1
0
 /**
  * Checks if the proper credential has been supplied to access the current post
  **/
 private function is_authorized($post = null, $deny = false)
 {
     $auth = Controller::get_var('sharedraft');
     // if there's no auth key, deny authorization automatically
     if ($auth == null) {
         return false;
     }
     ACL::clear_caches();
     // sadly, caching can't be used with Hisa
     // if someone has an auth token but should be denied, mess them up
     if ($deny == true) {
         // Utils::redirect( Site::get_url() );
         exit;
         return false;
     }
     // we assume the authorization is fine until actually testing the post
     if ($post != null) {
         if ($auth != $this->get_secret_key($post)) {
             return false;
         }
     }
     return true;
 }
コード例 #2
0
ファイル: user.php プロジェクト: anupom/my-blog 
 /**
  * Delete the user id from the session
  */
 public function forget()
 {
     // is this user acting as another user?
     if (isset($_SESSION['sudo'])) {
         // if so, remove the sudo token, but don't log out
         // the user
         unset($_SESSION['sudo']);
         Utils::redirect(Site::get_url('admin'));
     }
     ACL::clear_caches();
     Plugins::act('user_forget', $this);
     Session::clear_userid($_SESSION['user_id']);
     unset($_SESSION['user_id']);
     $home = Options::get('base_url');
     Utils::redirect(Site::get_url('habari'));
 }
コード例 #3
0
ファイル: acl.php プロジェクト: wwxgitcat/habari 
 /**
  * Remove a permission token from the user permissions table
  * @param integer $user_id The user ID
  * @param mixed $token_id The name or ID of the permission token
  * @return the result of the DB query
  */
 public static function revoke_user_token($user_id, $token_id)
 {
     $token_id = self::token_id($token_id);
     $result = DB::delete('{user_token_permissions}', array('user_id' => $user_id, 'token_id' => $token_id));
     ACL::clear_caches();
     return $result;
 }
コード例 #4
0
ファイル: user.php プロジェクト: habari/system 
 /**
  * Delete the user id from the session
  * @param boolean $redirect Redirect the user to base_url after destroying session?
  */
 public function forget($redirect = true)
 {
     // if the user is not actually logged in, just return so we don't throw any errors later
     if ($this->loggedin != true) {
         return;
     }
     // is this user acting as another user?
     if (isset($_SESSION['sudo'])) {
         // if so, remove the sudo token, but don't log out
         // the user
         unset($_SESSION['sudo']);
         if ($redirect) {
             Utils::redirect(Site::get_url('admin'));
         } else {
             // we want to return, not continue processing, or we'd log out the user too
             return;
         }
     }
     ACL::clear_caches();
     Plugins::act('user_forget', $this);
     Session::clear_userid($_SESSION['user_id']);
     // then destroy the entire session
     Session::destroy();
     if ($redirect) {
         Utils::redirect(Site::get_url('site'));
     }
 }