/** * Do authentication stuff * This method could end the script by throwing an exception */ private function validateLogin() { // check if the user is logged on, if not he shouldn't load any JS-file if (!Authentication::isLoggedIn()) { throw new Exception('Not logged in.'); } // set interface language BackendLanguage::setLocale(Authentication::getUser()->getSetting('interface_language')); }
/** * This function must check the user session to be sure that he/she is * authorized to upload and access files in the File Browser. * * @return boolean */ function CheckAuthentication() { // WARNING : DO NOT simply return "true". By doing so, you are allowing // "anyone" to upload and list the files in your server. You must implement // some kind of session validation here. Even something very simple as... // return isset($_SESSION['IsAuthorized']) && $_SESSION['IsAuthorized']; // ... where $_SESSION['IsAuthorized'] is set to "true" as soon as the // user logs in your system. To be able to use session variables don't // forget to add session_start() at the top of this file. return BackendAuthentication::isLoggedIn(); }
/** * Process a regular request * * @param string $module The requested module. * @param string $action The requested action. * @param string $language The requested language. */ private function processRegularRequest($module, $action, $language) { // the person isn't logged in? or the module doesn't require authentication if (!Authentication::isLoggedIn() && !Authentication::isAllowedModule($module)) { // redirect to login $this->redirect('/' . NAMED_APPLICATION . '/' . $language . '/authentication?querystring=' . rawurlencode('/' . $this->getQueryString())); } elseif (Authentication::isLoggedIn() && !Authentication::isAllowedModule($module)) { // the person is logged in, but doesn't have access to our action // if the module is the dashboard redirect to the first allowed module if ($module == 'Dashboard') { // require navigation-file require_once Navigation::getCacheDirectory() . 'navigation.php'; // loop the navigation to find the first allowed module foreach ($navigation as $value) { // split up chunks list($module, $action) = explode('/', $value['url']); // user allowed? if (Authentication::isAllowedModule($module)) { // redirect to the page $this->redirect('/' . NAMED_APPLICATION . '/' . $language . '/' . $value['url']); } else { if (array_key_exists('children', $value)) { foreach ($value['children'] as $subItem) { // split up chunks list($module, $action) = explode('/', $subItem['url']); // user allowed? if (Authentication::isAllowedModule($module)) { $finder = new Finder(); $files = $finder->files()->name('*.php')->in(BACKEND_MODULES_PATH . '/' . \SpoonFilter::toCamelCase($module) . '/Actions'); foreach ($files as $file) { $moduleAction = mb_substr($file->getFilename(), 0, -4); if (Authentication::isAllowedAction($moduleAction, $module)) { $this->redirect('/' . NAMED_APPLICATION . '/' . $language . '/' . $module . '/' . $moduleAction); } } } } } } } } // the user doesn't have access, redirect to error page $this->redirect('/' . NAMED_APPLICATION . '/' . $language . '/error?type=module-not-allowed&querystring=' . rawurlencode('/' . $this->getQueryString()), 307); } elseif (!Authentication::isAllowedAction($action, $module)) { // the user hasn't access, redirect to error page $this->redirect('/' . NAMED_APPLICATION . '/' . $language . '/error?type=action-not-allowed&querystring=' . rawurlencode('/' . $this->getQueryString()), 307); } else { // set the working language, this is not the interface language BackendLanguage::setWorkingLanguage($language); $this->setLocale(); $this->setModule($module); $this->setAction($action); } }
/** * This function must check the user session to be sure that he/she is * authorized to upload and access files in the File Browser. * * @return boolean */ function CheckAuthentication() { return BackendAuthentication::isLoggedIn(); }