function getAbsoluteDocumentPath($localPath) { return SITE_ROOT . getRelativeDocumentPath($localPath); }
function securePage($file) { global $loggedInUser, $master_account; // Separate file path from base website path (case-insensitive) $relativeURL = strtolower(getRelativeDocumentPath($file)); $pageDetails = fetchPageDetailsByName($relativeURL); //If page does not exist in DB or page is not permitted for any groups, disallow access //Modified by Alex 9/18/2013 to NOT allow access by default if (empty($pageDetails)) { if (LOG_AUTH_FAILURES) { error_log("Authorization failed: {$page} not found in DB."); } return false; } elseif ($pageDetails['private'] == 0) { return true; } elseif (!isUserLoggedIn()) { if (LOG_AUTH_FAILURES) { error_log("Authorization failed: user is not logged in."); } return false; } else { // Automatically grant access if master (root) user if ($loggedInUser->user_id == $master_account) { return true; } // Otherwise check if user's permission levels allow access to page if (userPageMatchExists($loggedInUser->user_id, $pageDetails['id'])) { return true; } else { if (LOG_AUTH_FAILURES) { error_log("Authorization failed: {$loggedInUser->username} does not have permission to access page {$page}."); } return false; } } }
function securePage($file) { global $loggedInUser, $master_account; // Separate file path from base website path (case-insensitive) $relativeURL = strtolower(getRelativeDocumentPath($file)); $pageDetails = fetchPageDetailsByName($relativeURL); //If page does not exist in DB or page is not permitted for any groups, disallow access //Modified by Alex 9/18/2013 to NOT allow access by default if (empty($pageDetails)) { //echo "Access denied: " . $page . " not found in DB."; return false; } elseif ($pageDetails['private'] == 0) { return true; } elseif (!isUserLoggedIn()) { //header("Location: login.php"); return false; } else { // Automatically grant access if master (root) user if ($loggedInUser->user_id == $master_account) { return true; } // Otherwise check if user's permission levels allow access to page if (userPageMatchExists($loggedInUser->user_id, $pageDetails['id'])) { return true; } else { //header("Location: account.php"); return false; } } }