function restrictAccess($minPrivilegeLevel)
{
global $USER_LOGIN_REQUIRED;
if ($minPrivilegeLevel == 'u' && !$USER_LOGIN_REQUIRED) {
$minPrivilegeLevel = 'x';
}
if (!userAccess($minPrivilegeLevel)) {
forceLogin();
}
}
function templateify()
{
global $CANCEL_TEMPLATEIFY;
//In case, for example, you want to send an attachment.
if (@$CANCEL_TEMPLATEIFY) {
return;
}
global $pagesTitles, $hiddenPagesTitles, $adminPagesTitles;
$pagename = basename($_SERVER['REQUEST_URI'], '.php');
//--TODO-- needs to be full relative paths - e.g. "classes/about.php" gets About.
//likewise, links in navbar must be absolute or relative to ROOT_PATH
if (!val('f', $pagename)) {
$pagename = '404';
}
//Make this consistent with the _actual_ 404s with htaccess ("foafi/dshiafos.php")
if ($pagename == '' || $pagename == 'doeqs_new') {
$pagename = 'index';
}
//--todo-- hax
if (array_key_exists($pagename, $pagesTitles)) {
$title = $pagesTitles[$pagename];
$content = ob_get_clean();
} elseif (array_key_exists($pagename, $hiddenPagesTitles)) {
$title = $hiddenPagesTitles[$pagename];
$content = ob_get_clean();
} elseif (array_key_exists($pagename, $adminPagesTitles) && userAccess('a')) {
$title = $adminPagesTitles[$pagename] . ' <i>[Admin-Only Page]</i>';
$content = ob_get_clean();
} else {
$title = 'Error 404 Not Found';
$content = get404();
ob_clean();
}
$content = fetch_alerts_html() . $content;
$nav = '[';
foreach ($pagesTitles as $p => $t) {
$nav .= " · <a href='" . ROOT_PATH . "{$p}.php'>{$t}</a>";
}
if (userAccess('a')) {
$nav .= ' — ';
foreach ($adminPagesTitles as $p => $t) {
$nav .= "<a href='" . ROOT_PATH . "{$p}.php'>{$t}</a>";
}
}
$nav .= ' · ]';
if (userAccess('u')) {
$nav .= ' <form action="login.php" method="POST" style="display:inline-block;"><input type="hidden" name="ver" value="<?=csrfCode();?>"/><input type="submit" name="logout" value="Log Out" /></form>';
}
//tried OB to get file contents which died for some reason...
$template = file_get_contents(__DIR__ . '/html_template.html');
//--todo-- don't access files outside of protected object
global $VERSION_NUMBER, $TIME_START;
echo str_replace(array('%title%', '%content%', '%nav%', '%version%', '%loadtime%', '%root%'), array($title, $content, $nav, $VERSION_NUMBER, substr(1000 * (microtime(true) - $TIME_START), 0, 6), ROOT_PATH), $template);
ob_flush();
flush();
}
//What happens when no access to the captcha server?
if (!chkCaptcha()) {
alert('Invalid reCAPTCHA entry; try again.', -1);
} else {
$err = newProfileError($_POST['s_email'], $_POST['s_pass'], $_POST['s_confpass']);
if ($err === false) {
alert('Successfully signed up; you can now log in.', 1);
$signup_success = true;
reset_attempts('login');
} else {
alert(htmlentities($err), -1);
}
}
}
}
if (userAccess('u')) {
echo "Currently logged in as <b>{$_SESSION['email']}</b>.";
} else {
?>
<table id="loginformtable"><tr>
<td>
<?php
echo generateForm(array('action' => 'login.php', 'method' => 'POST', 'autocomplete' => 'off'), array('<h2>Sign Up</h2>', array('prompt' => 'Email:', 'name' => 's_email', 'value' => isset($signup_success) ? '' : POST('s_email'), 'autofocus' => 'autofocus'), array('prompt' => 'Password:'******'name' => 's_pass', 'type' => 'password'), array('prompt' => 'Again:', 'name' => 's_confpass', 'type' => 'password'), 'Captcha:<br>' . getCaptcha(), array('name' => 'signup', 'type' => 'submit', 'value' => 'Sign Up')));
?>
Register to gain access to all features of the site! To be added soon: question tracking, subjects, common words, etc.
</td>
<td>
<?php
echo generateForm(array('action' => 'login.php', 'method' => 'POST'), array('<h2>Log In</h2>', array('prompt' => 'Email:', 'name' => 'email', 'value' => isset($signup_success) ? POST('s_email') : POST('email'), 'autofocus' => 'autofocus'), array('prompt' => 'Password:'******'name' => 'pass', 'type' => 'password'), '', array('name' => 'login', 'type' => 'submit', 'value' => 'Log In')));
?>
* Select the status of an user
*/
function userAccess($bdd)
{
if (!isset($_SESSION)) {
session_start();
}
if (isset($_SESSION['login'])) {
$sql = 'SELECT status FROM users WHERE login= ?';
$sth = $bdd->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
$sth->execute(array($_SESSION['login']));
$data = $sth->fetchAll();
return $data[0][0];
}
}
$status = userAccess($bdd);
switch ($_POST['function']) {
/*
* Change Repository in listRepo
*/
case 'checkout':
$repo = $_POST['repo'];
$type = $_POST['type'];
if ($repo == 'incoming') {
$incoming->displayCategory($type);
} else {
$master->displayCategory($type);
}
break;
/*
* Display the file of a category
