public function init() { // initialize the parent controller parent::init(); $session = SessionWrapper::getInstance(); // check whether the user is logged in if (isEmptyString($session->getVar('userid'))) { // clear the session $this->_helper->redirector->gotoSimpleAndExit("login", "user", $this->getRequest()->getModuleName(), array('redirecturl' => encode(Zend_Controller_Front::getInstance()->getRequest()->getRequestUri()))); } $cache = Zend_Registry::get('cache'); // load the acl instance $acl = getACLInstance(); // debugMessage('resource is '.$this->getResourceForACL()." action ".$this->getActionforACL()); exit; if (!$acl->checkPermission($this->getResourceForACL(), $this->getActionforACL())) { // debugMessage('resource is '.$this->getResourceForACL()." action ".$this->getActionforACL()); // redirect to the access denied page $this->_helper->redirector->gotoSimpleAndExit("accessdenied", "index"); } }
/** * Init function. * * There are only a few actions that a normal user can do requesting the Core controller. * The function check them, and allow the acction or not, * if not, the user is redirected to the login form or throws an exception. * * @throws Phprojekt_PublishedException If the user is not an admin. * * @return void */ public function init() { parent::init(); if (!Phprojekt_Auth::isAdminUser()) { $valid = false; // Add exceptions for public calls into the Core if ($this->getRequest()->getControllerName() == 'history' && $this->getRequest()->getActionName() == 'jsonList') { $valid = true; } else { if ($this->getRequest()->getControllerName() == 'module' && $this->getRequest()->getActionName() == 'jsonGetGlobalModules') { $valid = true; } else { if ($this->getRequest()->getControllerName() == 'role' && $this->getRequest()->getActionName() == 'jsonGetModulesAccess') { $valid = true; } else { if ($this->getRequest()->getControllerName() == 'user' && $this->getRequest()->getActionName() == 'jsonGetUsers') { $valid = true; } else { if ($this->getRequest()->getControllerName() == 'tab' && $this->getRequest()->getActionName() == 'jsonList') { $valid = true; } else { if ($this->getRequest()->getControllerName() == 'setting') { $valid = true; } } } } } } if (!$valid) { // If is a GET, show the login page // If is a POST, send message in json format if (!$this->getFrontController()->getRequest()->isGet()) { throw new Phprojekt_PublishedException('Admin section is only for admin users', 500); } else { $this->_redirect(Phprojekt::getInstance()->getConfig()->webpath . 'index.php/Login/logout'); } exit; } } }
<?php ini_set("display_errors", 1); if (strpos($_SERVER['REQUEST_URI'], "index.php")) { header("location: " . str_replace("index.php", "", $_SERVER['REQUEST_URI'])); } $ds = DIRECTORY_SEPARATOR; require_once '..' . $ds . 'protected' . $ds . 'config' . $ds . 'autoload.php'; $index = new IndexController(); $index->init();