} } $action = "ping"; if (preg_match('/MSIE 7/', $_SERVER['HTTP_USER_AGENT']) || preg_match('/MSIE 8/', $_SERVER['HTTP_USER_AGENT'])) { $action = "get_boot_gui"; } else { $action = strpos($_SERVER["HTTP_ACCEPT"], "text/html") !== false ? "get_boot_gui" : "ping"; } if (isset($_GET["action"]) || isset($_GET["get_action"])) { $action = isset($_GET["get_action"]) ? $_GET["get_action"] : $_GET["action"]; } else { if (isset($_POST["action"]) || isset($_POST["get_action"])) { $action = isset($_POST["get_action"]) ? $_POST["get_action"] : $_POST["action"]; } } $pluginsUnSecureActions = ConfService::getDeclaredUnsecureActions(); $unSecureActions = array_merge($pluginsUnSecureActions, array("get_secure_token")); if (!in_array($action, $unSecureActions) && AuthService::getSecureToken()) { $token = ""; if (isset($_GET["secure_token"])) { $token = $_GET["secure_token"]; } else { if (isset($_POST["secure_token"])) { $token = $_POST["secure_token"]; } } if ($token == "" || !AuthService::checkSecureToken($token)) { throw new Exception("You are not allowed to access this resource."); } } if (AuthService::usersEnabled()) {