/** * A private method that can be inherited and used by children classes * to check if the user has the required access level to view the * statistics page. If not, the method will display the error message * to the user, and terminate execution of the program. * * @access private * @param array $aParams An array, indexed by types, of the entity IDs * the statistics page is using, that the user * must have access to. For example: * array( * 'advertiser' => 5, * 'placement' => 12 * ) */ function _checkAccess($aParams) { $access = false; if (count($aParams) == 1) { if (array_key_exists('advertiser', $aParams)) { $access = MAX_checkAdvertiser($aParams['advertiser'], $aParams + $this->coreParams); } else { if (array_key_exists('publisher', $aParams)) { $access = MAX_checkPublisher($aParams['publisher']); } } } else { if (count($aParams) == 2) { if (array_key_exists('advertiser', $aParams) && array_key_exists('placement', $aParams)) { $access = MAX_checkPlacement($aParams['advertiser'], $aParams['placement'], $aParams + $this->coreParams); } else { if (array_key_exists('publisher', $aParams) && array_key_exists('zone', $aParams)) { $access = MAX_checkZone($aParams['publisher'], $aParams['zone']); } } } else { if (count($aParams) == 3) { if (array_key_exists('advertiser', $aParams) && array_key_exists('placement', $aParams) && array_key_exists('ad', $aParams)) { $access = MAX_checkAd($aParams['advertiser'], $aParams['placement'], $aParams['ad']); } } } } if (!$access) { // Before blatting out an error, has the access failure come about from // a manually generated account switch process? if (OA_Permission::isManualAccountSwitch()) { // Yup! Re-direct to the main stats page OX_Admin_Redirect::redirect('stats.php', true); } // Not a manual account switch, just deny access for now... if (OA_Permission::isAccount(OA_ACCOUNT_ADMIN) || OA_Permission::isAccount(OA_ACCOUNT_MANAGER)) { phpAds_PageHeader('2'); } if (OA_Permission::isAccount(OA_ACCOUNT_ADVERTISER) || OA_Permission::isAccount(OA_ACCOUNT_TRAFFICKER)) { phpAds_PageHeader('1'); } phpAds_Die($GLOBALS['strAccessDenied'], $GLOBALS['strNotAdmin']); } }
// Required files require_once MAX_PATH . '/www/admin/config.php'; require_once MAX_PATH . '/www/admin/lib-statistics.inc.php'; require_once MAX_PATH . '/lib/max/other/html.php'; require_once MAX_PATH . '/lib/OA/Dal.php'; // Register input variables phpAds_registerGlobal('acl', 'action', 'submit'); // Security check OA_Permission::enforceAccount(OA_ACCOUNT_MANAGER, OA_ACCOUNT_TRAFFICKER); OA_Permission::enforceAccessToObject('affiliates', $affiliateid); // Initialise some parameters $pageName = basename($_SERVER['SCRIPT_NAME']); $tabindex = 1; $agencyId = OA_Permission::getAgencyId(); $aEntities = array('affiliateid' => $affiliateid); if (!MAX_checkPublisher($affiliateid)) { phpAds_Die($strAccessDenied, $strNotAdmin); } $doAffiliates = OA_Dal::factoryDO('affiliates'); $doAffiliates->get($affiliateid); $anWebsiteId = $doAffiliates->as_website_id; $oacXmlRpcUrl = $conf['oacXmlRpc']['protocol'] . '://' . $conf['oacXmlRpc']['host'] . ':' . $conf['oacXmlRpc']['port']; $publisherCentralLink = $oacXmlRpcUrl . $conf['oacXmlRpc']['publihserUrl'] . '?site=' . $anWebsiteId; $advertiserSignUpLink = $oacXmlRpcUrl . $conf['oacXmlRpc']['signUpUrl'] . '?site=' . $anWebsiteId; $advertiserSignUpHTML = '<a href="' . $advertiserSignUpLink . '">' . $advertiserSignUpLink . '</a>'; /*-------------------------------------------------------*/ /* HTML framework */ /*-------------------------------------------------------*/ // Display navigation $aOtherPublishers = Admin_DA::getPublishers(array('agency_id' => $agencyId)); MAX_displayNavigationPublisher($pageName, $aOtherPublishers, $aEntities);