function getAbsoluteDocumentPath($localPath)
{
    return SITE_ROOT . getRelativeDocumentPath($localPath);
}
예제 #2
0
function securePage($file)
{
    global $loggedInUser, $master_account;
    // Separate file path from base website path (case-insensitive)
    $relativeURL = strtolower(getRelativeDocumentPath($file));
    $pageDetails = fetchPageDetailsByName($relativeURL);
    //If page does not exist in DB or page is not permitted for any groups, disallow access		//Modified by Alex 9/18/2013 to NOT allow access by default
    if (empty($pageDetails)) {
        if (LOG_AUTH_FAILURES) {
            error_log("Authorization failed: {$page} not found in DB.");
        }
        return false;
    } elseif ($pageDetails['private'] == 0) {
        return true;
    } elseif (!isUserLoggedIn()) {
        if (LOG_AUTH_FAILURES) {
            error_log("Authorization failed: user is not logged in.");
        }
        return false;
    } else {
        // Automatically grant access if master (root) user
        if ($loggedInUser->user_id == $master_account) {
            return true;
        }
        // Otherwise check if user's permission levels allow access to page
        if (userPageMatchExists($loggedInUser->user_id, $pageDetails['id'])) {
            return true;
        } else {
            if (LOG_AUTH_FAILURES) {
                error_log("Authorization failed: {$loggedInUser->username} does not have permission to access page {$page}.");
            }
            return false;
        }
    }
}
예제 #3
0
function securePage($file)
{
    global $loggedInUser, $master_account;
    // Separate file path from base website path (case-insensitive)
    $relativeURL = strtolower(getRelativeDocumentPath($file));
    $pageDetails = fetchPageDetailsByName($relativeURL);
    //If page does not exist in DB or page is not permitted for any groups, disallow access		//Modified by Alex 9/18/2013 to NOT allow access by default
    if (empty($pageDetails)) {
        //echo "Access denied: " . $page . " not found in DB.";
        return false;
    } elseif ($pageDetails['private'] == 0) {
        return true;
    } elseif (!isUserLoggedIn()) {
        //header("Location: login.php");
        return false;
    } else {
        // Automatically grant access if master (root) user
        if ($loggedInUser->user_id == $master_account) {
            return true;
        }
        // Otherwise check if user's permission levels allow access to page
        if (userPageMatchExists($loggedInUser->user_id, $pageDetails['id'])) {
            return true;
        } else {
            //header("Location: account.php");
            return false;
        }
    }
}