function throw_error($message, $backpage) { //redirect to error page $_SESSION['m'] = $message; $_SESSION['bp'] = get_absolute_uri($backpage); header("Location: " . get_absolute_uri("error.php")); }
require_once '../src/authentication/PagePermissions.php'; /* * auth.php * * This script verifies that a user is logged in and, if not, sends them * to the login page. It must be included in every file that should be * protected from unauthorized access (ie, all admin scripts/files) * */ //we need to check the sesssion to ensure that A) it matchees the user id that was signed in with if (session_id() == '') { session_start(); } if (isset($_SESSION['UID']) && isset($_SESSION['USER']) && isUserObjectValid()) { $GLOBALS['BAC_PAGE_PERMISSIONS'] = setPagePermissions(); } else { header("Location: " . get_absolute_uri('login.php')); die; } function setPagePermissions() { $uri = $_SERVER['REQUEST_URI']; $page = strrchr($uri, '/'); $page = substr($page, 1, strrpos($page, '.') - 1); return $_SESSION['USER']->getPagePermission($page); } //TODO: validate the user object held in the session function isUserObjectValid() { return true; }
<?php include 'auth.php'; if (isset($_SESSION['m'])) { $message = $_SESSION['m']; } else { $message = ""; } if (isset($_SESSION['bp'])) { $backpage = $_SESSION['bp']; } else { $backpage = get_absolute_uri("index.php"); } unset($_SESSION['m']); unset($_SESSION['bp']); ?> <?php $BAC_TITLE_TEXT = "BarelyACMS - Error"; include 'header.php'; ?> <p>An error has occured: <?php echo $message; ?> </p> <p><a href='<?php echo $backpage; ?> '> Please click here to return to the previous page, and try your request again. </a></p> <?php
$_SESSION['USER'] = $cuser; header("Location: " . get_absolute_uri('index.php')); } else { $message = "Please try again"; } } else { $message = "Please try again"; } } else { $message = "Please try again"; } } } else { //they're logged in, why are they back at the login page? //get back to home! header("Location: " . get_absolute_uri('index.php')); return; } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <link href="bootstrap/css/bootstrap.min.css" rel="stylesheet" media="screen" /> <script src="js/jquery.min.js" type="text/javascript"></script> <script src="bootstrap/js/bootstrap.min.js" type="text/javascript"></script> <link href="styles/styles.css" rel="stylesheet" media="screen" /> <style type="text/css"> .center { float: none; margin: 0 auto;
<?php /** * This is the settings page for BAC. It allows authorized users to * modify BAC settings such as the sitemap, passwords and permissions. */ include 'auth.php'; include_once '../src/util.php'; require __DIR__ . '/handlers/SettingsHandler.php'; $requestHandler = new SettingsHandler(); $data = $requestHandler->handleRequest($_POST, $_GET); //TODO: Remove this hack, we now use the setup.php script $data['notfirst'] = 'true'; if (isset($data['redirectToLogin']) && $data['redirectToLogin'] == 'true') { header("Location: " . get_absolute_uri("login.php")); die; } $displaymessage = ""; if (!isset($data['message'])) { $data['message'] = ""; } if ($data['message']) { $displaymessage = "block"; } else { $displaymessage = "none"; } $messageclass = 'alert-success'; if (isset($data['settingsSaved'])) { if ($data['settingsSaved'] == 'true') { $messageclass = "alert-success"; } else {