public function password($type, $id) { if ($type != "edit" and $type != "view") { $_SESSION['flash'] = 'Unknown password type "' . htmlspecialchars($type) . '".'; uri::redirect('list/view/' . $id); } $list = Alist::constructByKey($id); if (!is_object($list)) { $this->view->content = new View('list/missing'); //! \todo Ban counter return; } if ('edit' == $type) { if ('' == $list->getEditPassword() or array_key_exists($id, $_SESSION['can_edit'])) { uri::redirect('list/edit/' . $id); } if ($_POST) { if ($_POST['password'] == $list->getEditPassword()) { $_SESSION['can_edit'][$list->getId()] = true; uri::redirect('list/edit/' . $id); } else { $this->view->flash = 'Sorry, that\'s not the password.'; //! \todo Ban counter } } } else { if ('' == $list->getViewPassword() or array_key_exists($id, $_SESSION['can_view'])) { uri::redirect('list/view/' . $id); } if ($_POST) { if ($_POST['password'] == $list->getViewPassword()) { $_SESSION['can_view'][$list->getId()] = true; uri::redirect('list/view/' . $id); } else { $this->view->flash = 'Sorry, that\'s not the password.'; //! \todo Ban counter } } } $this->view->content = new View('list/password'); $this->view->content->type = ucwords($type); }