$Cosmo = new Cosmo($pdo, $prefix, $salt); $method = $_SERVER['REQUEST_METHOD']; # GET, POST, PUT, or DELETE $uri = substr($_SERVER['REQUEST_URI'], 5 + strlen(FOLDER)); # remove '/api/' and prefix - (strlen($prefix) +) $uri = explode('?', $uri); // Separate GET parameters $segments = explode('/', $uri[0]); $HTTPHeaderCode = 200; $role = ''; // Check permissions for autorized requests if (isset($_SERVER['HTTP_USERSID']) && $_SERVER['HTTP_USERSID'] && isset($_SERVER['HTTP_TOKEN']) && $_SERVER['HTTP_TOKEN']) { if ($Cosmo->tokensRead($_SERVER['HTTP_USERSID'], $_SERVER['HTTP_TOKEN'])) { $usersID = $_SERVER['HTTP_USERSID']; $username = $_SERVER['HTTP_USERNAME']; $roleRecord = $Cosmo->usersRead($usersID); $role = $roleRecord['role']; } } function checkPermissions($action, $publishedStatus = null, $url = null) { global $Cosmo; global $username; global $role; // Admins can do anything. Skip permission checking if ($role === 'admin') { return true; } switch ($action) { case 'createPage': switch ($role) {
// Initialize variables $angularModules = ''; $directives = array(); $classes = ''; $minifyScripts = 'min/?f='; $minifyCSS = 'min/?f='; $scripts = ''; $CSS = ''; $developerMode = FALSE; // Log user in if they have a cookie if (isset($_COOKIE['usersID']) && $_COOKIE['usersID'] && $_COOKIE['token']) { // Validate token if ($Cosmo->tokensRead($_COOKIE['usersID'], $_COOKIE['token'])) { $usersID = $_COOKIE['usersID']; $username = $_COOKIE['username']; $roleRecord = $Cosmo->usersRead($usersID); $role = $roleRecord['role']; // Delete one-use token, issue a new one // todo: fix this so it doesn't break every refresh //$Cosmo->tokensDelete($username, $_COOKIE['token']); //$token = $Cosmo->tokensCreate($username); $token = $_COOKIE['token']; //setcookie('token', $token, time()+60*60*24*90); // Set cookie to expire in 90 days $minifyScripts .= FOLDER . "core/js/3rd-party/angular-file-upload-shim.min.js,"; // Breaks IE9, so only load it for admins } } // Load official Angular files $minifyScripts .= FOLDER . "core/js/angular/angular.min.js,"; $minifyScripts .= FOLDER . "core/js/angular/angular-animate.min.js,"; $minifyScripts .= FOLDER . "core/js/angular/angular-touch.min.js,";
<?php require_once '../../../core/app/autoload.php'; require_once '../../../core/app/Cosmo.class.php'; $Cosmo = new Cosmo($pdo, $prefix, $salt); if ($_GET['settings']) { echo $Cosmo->miscRead('googleMapsSettings'); } else { if ($_SERVER['HTTP_USERSID'] && $_SERVER['HTTP_TOKEN']) { if ($Cosmo->tokensRead($_SERVER['HTTP_USERSID'], $_SERVER['HTTP_TOKEN'])) { $usersID = $_SERVER['HTTP_USERSID']; $role = $Cosmo->usersRead($usersID)['role']; if ($role === 'admin') { $_POST = json_decode(file_get_contents("php://input"), TRUE); // Update record if it exists already if ($Cosmo->miscRead('googleMapsSettings')) { $Cosmo->miscUpdate('googleMapsSettings', json_encode(array("marker" => $_POST['marker'], "style" => $_POST['style']))); } else { $Cosmo->miscCreate('googleMapsSettings', json_encode(array("marker" => $_POST['marker'], "style" => $_POST['style']))); } $output = array("success" => true); } else { $output = array("success" => false); } } } else { $output = array("success" => false); } } if ($output) { echo json_encode($output);