function pieRequireSuperuser()
{
pieRequireUser();
if (!pieIsSuperuser($GLOBALS['pie']['user'])) {
header("HTTP/1.0 403 Forbidden");
pieHead("browse");
pieError("RequireSuperuser");
}
}
<?php
/*
* Display information about a user.
*/
include_once "{$lib}/class/mapfile.php";
include_once "{$lib}/class/session.php";
include_once "{$lib}/class/user.php";
include_once "{$lib}/class/userpref.php";
include_once "{$lib}/share/auth.php";
include_once "{$lib}/share/string.php";
pieLoadLocale();
pieRequireUser();
pieHead("edit");
if (@$_REQUEST['user']) {
// A user has been specified.
$_REQUEST['user'] = pieGetOption($_REQUEST['user']);
$user = new User();
if (!$user->isValidName($_REQUEST['user'])) {
pieError("BadUser");
}
if (!$user->exists($_REQUEST['user'])) {
pieError("BadUser");
}
} elseif ($_SESSION['user']) {
// No user has been specified:
// display information about myself.
$_REQUEST['user'] = $_SESSION['user'];
}
if (!@$_REQUEST['user']) {
pieError("NoUser");
<?php
/*
* Display a list dead links.
*/
include_once "{$lib}/class/page.php";
include_once "{$lib}/class/file.php";
include_once "{$lib}/share/link.php";
include_once "{$lib}/share/stdio.php";
include_once "{$lib}/share/string.php";
pieLoadLocale();
pieHead();
if ($GLOBALS['pie']['deny_listing']) {
pieError("ActionNotPermitted");
}
if (@$_REQUEST['mode'] == "pages") {
// Walk all pages and examine their links.
// Collect a list of _pages_, i. e. sources of broken links.
$page = new Page();
$file = new File();
$referers = array();
for ($name = $page->first(); $name; $name = $page->next()) {
if (!$page->read($name, 0)) {
pieError("SourceReadError");
}
if ($page->meta['pages']) {
// There are page links that are to be checked.
$list = explode(" ", $page->meta['pages']);
foreach ($list as $i) {
if (!$page->exists($i)) {
$referers[$name]++;
// No action but file specified: download this file.
$_REQUEST['action'] = 'download';
} elseif (!@$_REQUEST['action'] && !@$_REQUEST['page']) {
// No input at all: redirect to the default page.
include_once "{$lib}/share/string.php";
if ($GLOBALS['pie']['auto_redirect']) {
header('Location: ' . pieMakeString($GLOBALS['pie']['redirect_page_url'], array('page' => rawurlencode($GLOBALS['pie']['default_page']))));
exit;
} else {
pieHead('browse');
pieError('AliasRedirect', array('page' => htmlspecialchars($GLOBALS['pie']['default_page'])));
}
} elseif (!preg_match('/^\\w{2,30}$/', @$_REQUEST['action'])) {
// Names of actions must consist of word characters only.
pieHead('browse');
pieError('ActionInvalid');
}
// Update user session.
include_once "{$lib}/class/session.php";
$GLOBALS['pie']['session'] = new Session();
$GLOBALS['pie']['session']->start();
//basic security enhancement, do not allow arbitrary script locations
if (!preg_match('/[a-zA-Z0-9_-]*/', @$_REQUEST['action'])) {
die('Unsecure action requested');
}
// Find and run the corresponding script.
if (!file_exists("{$lib}/action/" . @$_REQUEST['action'] . '.php')) {
pieHead('browse');
pieError('ActionNotImplemented');
}
include "{$lib}/action/" . @$_REQUEST['action'] . '.php';
if ($pw != crypt($_REQUEST['password'], $salt)) {
// The entered password is just wrong.
pieLog("error");
pieHead("browse");
pieError("FailureForm");
}
// Update user record with new style password.
$user->write($_REQUEST['username'], $user->encrypt($_REQUEST['password']));
}
// The login succeeded.
$session = new Session();
if (!$session->start()) {
pieHead("browse");
pieError("SessionError");
}
$_SESSION['user'] = $_REQUEST['username'];
$map = new MapFile();
$lastlogin = $map->read($GLOBALS['pie']['run_path'] . '/user/login.map', $_REQUEST['username']);
$map->write($GLOBALS['pie']['run_path'] . '/user/login.map', $_REQUEST['username'], time());
pieLog("user");
pieHead("browse");
if (!$_REQUEST['todo']) {
$_REQUEST['todo'] = 'page';
$_REQUEST['page'] = $GLOBALS['pie']['default_page'];
}
pieError("SuccessForm", array('lastlogin' => date($GLOBALS['pie']['time_format'], $lastlogin)));
} else {
// Print the login form.
pieHead("browse");
pieError("LoginForm");
}