/** * Check user permissions and authentication */ public function checkAuth() { $user = User::getInstance(); $uid = false; if ($user->isAuthorized()) { $uid = $user->id; } if (!$uid) { if (Request::isAjax()) { Response::jsonError($this->_lang->MSG_AUTHORIZE); } else { $this->loginAction(); } } /* * Check CSRF token */ if ($this->_configFrontend->get('use_csrf_token') && Request::hasPost()) { $csrf = new Security_Csrf(); $csrf->setOptions(array('lifetime' => $this->_configFrontend->get('use_csrf_token_lifetime'), 'cleanupLimit' => $this->_configFrontend->get('use_csrf_token_garbage_limit'))); if (!$csrf->checkHeader() && !$csrf->checkPost()) { $this->_errorResponse($this->_lang->MSG_NEED_CSRF_TOKEN); } } $this->_user = $user; }
/** * Check user permissions and authentication */ public function checkAuth() { $user = User::getInstance(); $uid = false; if ($user->isAuthorized()) { $uid = $user->id; } if (!$uid || !$user->isAdmin()) { if (Request::isAjax()) { Response::jsonError($this->_lang->MSG_AUTHORIZE); } else { $this->loginAction(); } } /* * Check CSRF token */ if ($this->_configBackend->get('use_csrf_token') && Request::hasPost()) { $csrf = new Security_Csrf(); $csrf->setOptions(array('lifetime' => $this->_configBackend->get('use_csrf_token_lifetime'), 'cleanupLimit' => $this->_configBackend->get('use_csrf_token_garbage_limit'))); if (!$csrf->checkHeader() && !$csrf->checkPost()) { $this->_errorResponse($this->_lang->MSG_NEED_CSRF_TOKEN); } } $this->_user = $user; $isSysController = in_array(get_called_class(), $this->_configBackend->get('system_controllers'), true); if ($isSysController) { return; } if (!$this->_user->canView($this->_module)) { $this->_errorResponse($this->_lang->CANT_VIEW); } $moduleManager = new Backend_Modules_Manager(); // $modules = Config::factory(Config::File_Array , $this->_configMain['backend_modules']); /* * Redirect for undefined module */ if (!$moduleManager->isValidModule($this->_module)) { $this->_errorResponse($this->_lang->WRONG_REQUEST); } $moduleCfg = $moduleManager->getModuleConfig($this->_module); /* * Redirect for disabled module */ if ($moduleCfg['active'] == false) { $this->_errorResponse($this->_lang->CANT_VIEW); } /* * Redirect for dev module at prouction */ if ($moduleCfg['dev'] && !$this->_configMain['development']) { $this->_errorResponse($this->_lang->CANT_VIEW); } }