/**
* Checks that this user is logged in, and presents a login screen if they aren't.
*
* The function can optionally confirm whether they are a member of one of a list
* of roles, and deny access if they are not a member of any of them.
*
* @param string $roles The list of roles that the user must be a member of one of to be allowed to proceed.
* @return boolean Whether or not the user is logged in and is a member of one of the required roles.
*/
function LoginRequired($roles = '')
{
global $c, $session, $main_menu, $sub_menu, $tab_menu;
$current_domain = isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : $_SERVER['SERVER_ADDR'];
if (isset($c->restrict_admin_domain) && $c->restrict_admin_domain != $current_domain || isset($c->restrict_admin_port) && $c->restrict_admin_port != $_SERVER['SERVER_PORT']) {
header('Location: caldav.php');
dbg_error_log('LOG WARNING', 'Access to "%s" via "%s:%d" rejected.', $_SERVER['REQUEST_URI'], $current_domain, $_SERVER['SERVER_PORT']);
@ob_flush();
exit(0);
}
if (isset($c->restrict_admin_roles) && $roles == '') {
$roles = $c->restrict_admin_roles;
}
if ($this->logged_in && $roles == '') {
return;
}
/**
* We allow basic auth to apply also, if present, though we check everything else first...
*/
if (isset($_SERVER['PHP_AUTH_USER']) && !$this->logged_in && $_SERVER['PHP_AUTH_USER'] != "" && $_SERVER['PHP_AUTH_PW'] != "" && !$_COOKIE['NoAutoLogin']) {
if ($this->Login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'], false)) {
setcookie('NoAutoLogin', 1, 0);
return;
}
}
if (!$this->logged_in) {
$c->messages[] = i18n('You must log in to use this system.');
include_once 'page-header.php';
if (function_exists('local_index_not_logged_in')) {
local_index_not_logged_in();
} else {
if ($this->login_failed) {
$c->messages[] = i18n('Invalid user name or password.');
}
echo '<h1>' . translate('Log On Please') . "</h1>\n";
echo '<p>' . translate('For access to the') . ' ' . translate($c->system_name) . ' ' . translate('you should log on with the username and password that have been issued to you.') . "</p>\n";
echo '<p>' . translate('If you would like to request access, please e-mail') . ' ' . $c->admin_email . "</p>\n";
echo $this->RenderLoginPanel();
}
} else {
$valid_roles = explode(',', $roles);
foreach ($valid_roles as $k => $v) {
if ($this->AllowedTo($v)) {
return;
}
}
$c->messages[] = i18n('You are not authorised to use this function.');
include_once 'page-header.php';
}
include 'page-footer.php';
@ob_flush();
exit(0);
}
/**
* Checks that this user is logged in, and presents a login screen if they aren't.
*
* The function can optionally confirm whether they are a member of one of a list
* of groups, and deny access if they are not a member of any of them.
*
* @param string $groups The list of groups that the user must be a member of one of to be allowed to proceed.
* @return boolean Whether or not the user is logged in and is a member of one of the required groups.
*/
function LoginRequired($groups = "")
{
global $c, $session, $main_menu, $sub_menu, $tab_menu;
if ($this->logged_in && $groups == "") {
return;
}
if (!$this->logged_in) {
$c->messages[] = "You must log in to use this system.";
$c->page_title = "Log in please";
include_once "page-header.php";
if (function_exists("local_index_not_logged_in")) {
local_index_not_logged_in();
} else {
echo <<<EOHTML
<h1>Log On Please</h1>
<p>For access to the {$c->system_name} you should log on with
the username and password that have been issued to you.</p>
<p>If you would like to request access, please e-mail {$c->admin_email}.</p>
EOHTML;
echo $this->RenderLoginPanel();
}
} else {
$valid_groups = split(",", $groups);
foreach ($valid_groups as $k => $v) {
if ($this->AllowedTo($v)) {
return;
}
}
$c->messages[] = "You are not authorised to use this function.";
include_once "page-header.php";
}
include "page-footer.php";
exit;
}
if (!isset($maxresults) || intval($maxresults) == 0) {
$maxresults = 200;
}
$search_query .= " LIMIT {$maxresults} ";
include_once "search_listing_functions.php";
include_once "search_list_results.php";
} elseif (is_member_of('Admin', 'Support')) {
include "indexsupport.php";
} elseif ($session->AllowedTo('Contractor')) {
include "indexextsupport.php";
} else {
include "indexclients.php";
}
} else {
if (function_exists("local_index_not_logged_in")) {
local_index_not_logged_in();
} else {
?>
<H4>For access to the <?php
echo $system_name;
?>
you should log on with
the username and password that have been issued to you.</H4>
<h4>If you would like to request access, please e-mail <?php
echo $admin_email;
?>
.</h4>
<p>If you have forgotten your password, you can <a href="/temppass.php">request a temporary one</a>.</p>
/**
* Checks that this user is logged in, and presents a login screen if they aren't.
*
* The function can optionally confirm whether they are a member of one of a list
* of groups, and deny access if they are not a member of any of them.
*
* @param string $groups The list of groups that the user must be a member of one of to be allowed to proceed.
* @return boolean Whether or not the user is logged in and is a member of one of the required groups.
*/
function LoginRequired($groups = "")
{
global $c, $session;
if ($this->logged_in && $groups == "") {
return;
}
if (!$this->logged_in) {
$c->messages[] = i18n("You must log in to use this system.");
if (function_exists("local_index_not_logged_in")) {
local_index_not_logged_in();
} else {
$login_html = translate("<h1>Log On Please</h1><p>For access to the %s you should log on withthe username and password that have been issued to you.</p><p>If you would like to request access, please e-mail %s.</p>");
$page_content = sprintf($login_html, $c->system_name, $c->admin_email);
$page_content .= $this->RenderLoginPanel();
if (isset($page_elements) && gettype($page_elements) == 'array') {
$page_elements[] = $page_content;
@(include "page-renderer.php");
exit(0);
}
@(include "page-header.php");
echo $page_content;
@(include "page-footer.php");
}
} else {
$valid_groups = explode(",", $groups);
foreach ($valid_groups as $k => $v) {
if ($this->AllowedTo($v)) {
return;
}
}
$c->messages[] = i18n("You are not authorised to use this function.");
if (isset($page_elements) && gettype($page_elements) == 'array') {
@(include "page-renderer.php");
exit(0);
}
@(include "page-header.php");
@(include "page-footer.php");
}
exit;
}
