Пример #1
0
function pieRequireSuperuser()
{
    pieRequireUser();
    if (!pieIsSuperuser($GLOBALS['pie']['user'])) {
        header("HTTP/1.0 403 Forbidden");
        pieHead("browse");
        pieError("RequireSuperuser");
    }
}
Пример #2
0
<?php

/*
 *	Display information about a user.
 */
include_once "{$lib}/class/mapfile.php";
include_once "{$lib}/class/session.php";
include_once "{$lib}/class/user.php";
include_once "{$lib}/class/userpref.php";
include_once "{$lib}/share/auth.php";
include_once "{$lib}/share/string.php";
pieLoadLocale();
pieRequireUser();
pieHead("edit");
if (@$_REQUEST['user']) {
    // A user has been specified.
    $_REQUEST['user'] = pieGetOption($_REQUEST['user']);
    $user = new User();
    if (!$user->isValidName($_REQUEST['user'])) {
        pieError("BadUser");
    }
    if (!$user->exists($_REQUEST['user'])) {
        pieError("BadUser");
    }
} elseif ($_SESSION['user']) {
    // No user has been specified:
    // display information about myself.
    $_REQUEST['user'] = $_SESSION['user'];
}
if (!@$_REQUEST['user']) {
    pieError("NoUser");
Пример #3
0
<?php

/*
 *	Display a list dead links.
 */
include_once "{$lib}/class/page.php";
include_once "{$lib}/class/file.php";
include_once "{$lib}/share/link.php";
include_once "{$lib}/share/stdio.php";
include_once "{$lib}/share/string.php";
pieLoadLocale();
pieHead();
if ($GLOBALS['pie']['deny_listing']) {
    pieError("ActionNotPermitted");
}
if (@$_REQUEST['mode'] == "pages") {
    // Walk all pages and examine their links.
    // Collect a list of _pages_, i. e. sources of broken links.
    $page = new Page();
    $file = new File();
    $referers = array();
    for ($name = $page->first(); $name; $name = $page->next()) {
        if (!$page->read($name, 0)) {
            pieError("SourceReadError");
        }
        if ($page->meta['pages']) {
            // There are page links that are to be checked.
            $list = explode(" ", $page->meta['pages']);
            foreach ($list as $i) {
                if (!$page->exists($i)) {
                    $referers[$name]++;
Пример #4
0
    // No action but file specified: download this file.
    $_REQUEST['action'] = 'download';
} elseif (!@$_REQUEST['action'] && !@$_REQUEST['page']) {
    // No input at all: redirect to the default page.
    include_once "{$lib}/share/string.php";
    if ($GLOBALS['pie']['auto_redirect']) {
        header('Location: ' . pieMakeString($GLOBALS['pie']['redirect_page_url'], array('page' => rawurlencode($GLOBALS['pie']['default_page']))));
        exit;
    } else {
        pieHead('browse');
        pieError('AliasRedirect', array('page' => htmlspecialchars($GLOBALS['pie']['default_page'])));
    }
} elseif (!preg_match('/^\\w{2,30}$/', @$_REQUEST['action'])) {
    // Names of actions must consist of word characters only.
    pieHead('browse');
    pieError('ActionInvalid');
}
// Update user session.
include_once "{$lib}/class/session.php";
$GLOBALS['pie']['session'] = new Session();
$GLOBALS['pie']['session']->start();
//basic security enhancement, do not allow arbitrary script locations
if (!preg_match('/[a-zA-Z0-9_-]*/', @$_REQUEST['action'])) {
    die('Unsecure action requested');
}
// Find and run the corresponding script.
if (!file_exists("{$lib}/action/" . @$_REQUEST['action'] . '.php')) {
    pieHead('browse');
    pieError('ActionNotImplemented');
}
include "{$lib}/action/" . @$_REQUEST['action'] . '.php';
Пример #5
0
        if ($pw != crypt($_REQUEST['password'], $salt)) {
            // The entered password is just wrong.
            pieLog("error");
            pieHead("browse");
            pieError("FailureForm");
        }
        // Update user record with new style password.
        $user->write($_REQUEST['username'], $user->encrypt($_REQUEST['password']));
    }
    // The login succeeded.
    $session = new Session();
    if (!$session->start()) {
        pieHead("browse");
        pieError("SessionError");
    }
    $_SESSION['user'] = $_REQUEST['username'];
    $map = new MapFile();
    $lastlogin = $map->read($GLOBALS['pie']['run_path'] . '/user/login.map', $_REQUEST['username']);
    $map->write($GLOBALS['pie']['run_path'] . '/user/login.map', $_REQUEST['username'], time());
    pieLog("user");
    pieHead("browse");
    if (!$_REQUEST['todo']) {
        $_REQUEST['todo'] = 'page';
        $_REQUEST['page'] = $GLOBALS['pie']['default_page'];
    }
    pieError("SuccessForm", array('lastlogin' => date($GLOBALS['pie']['time_format'], $lastlogin)));
} else {
    // Print the login form.
    pieHead("browse");
    pieError("LoginForm");
}