function restrict_access($levels)
{
if (!user_access($levels)) {
// Access forbidden
$user_level = $_SESSION['permissions'];
if ($user_level == 'X') {
alert('You need to log in to do that.', -1);
require_once PATH::root() . '/Account/Signin.php';
die;
} else {
if ($user_level == 'E') {
location('Account/Verify_Email');
} else {
if ($user_level == 'P') {
location('Account/Approve');
} else {
if ($user_level == '+') {
location('Admin/Super_Admin');
} else {
if ($user_level == 'B') {
location('Account/Banned');
} else {
// Go home - e.g. if you're logged in and it's restrict_access('X') on Signin, you shouldn't be signing in again. It'll just bring you back home.
location('Home');
}
}
}
}
}
}
}
public static function pathToRootFromURLRoot()
{
return removeLeadingSlash(subtractURLsEnd(backslashToForward(dirname(parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH))), subtractURLsStart(PATH::dir(), PATH::root())));
}
/*
* recaptcha_get_html_f()
* A laziness function that puts in the $RECAPTCHA_PUBLIC_KEY for me.
*/
function recaptcha_get_html_f()
{
global $RECAPTCHA_PUBLIC_KEY;
return recaptcha_get_html($RECAPTCHA_PUBLIC_KEY);
}
// check IP ban list
if (in_array(strtolower($_SERVER['REMOTE_ADDR']), $BANNED_IPS)) {
session_name('Session');
session_start();
session_destroy();
$_SESSION['permissions'] = 'B';
require_once PATH::root() . '/Account/Banned.php';
}
// hide .PHP extension (/Home.php -> /Home - this works because of a URL Rewrite in the .htaccess file)
@($url_pieces = parse_url($_SERVER['REQUEST_URI']));
if ($url_pieces != false && basename($url_pieces['path']) != basename($url_pieces['path'], '.php')) {
$url = basename($url_pieces['path'], '.php');
if (isset($url_pieces['query'])) {
$url .= '?' . $url_pieces['query'];
}
header('Location: ' . $url);
}
// start a session
session_name('Session');
session_start();
// all sessions have an XSRF-protection token that should be
// submitted with all forms via invisible field.
