Commit 507b7517 authored by pkdille's avatar pkdille

[MOD] access check: deploy some accesslib check functions to some files.

parent c6ae4336
......@@ -3,13 +3,10 @@
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/tiki-show_user_avatar.php,v 1.10 2007-03-06 19:29:52 sylvieg Exp $
require 'tiki-setup.php';
if ($prefs['feature_userPreferences'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_userPreferences");
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_userPreferences');
global $userprefslib;
include_once ('lib/userprefs/userprefslib.php');
// application to display an image from the database with
......
......@@ -3,15 +3,11 @@
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/tiki-slideshow.php,v 1.27 2007-10-12 07:55:32 nyloth Exp $
$section = 'wiki page';
require_once ('tiki-setup.php');
if ($prefs['feature_wiki'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_wiki");
$smarty->display("error.tpl");
die;
}
//print($GLOBALS["HTTP_REFERER"]);
$access->check_feature('feature_wiki');
// Create the HomePage if it doesn't exist
if (!$tikilib->page_exists($prefs['wikiHomePage'])) {
$tikilib->create_page($prefs['wikiHomePage'], 0, '', $tikilib->now, 'Tiki initialization');
......@@ -33,12 +29,9 @@ if (!($info = $tikilib->get_page_info($page))) {
}
// Now check permissions to access this page
$tikilib->get_perm_object($page, 'wiki page', $info);
if ($tiki_p_view != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied. You cannot view this page."));
$smarty->display("error.tpl");
die;
}
$access->check_permission('tiki_p_view');
// BreadCrumbNavigation here
// Get the number of pages from the default or userPreferences
// Remember to reverse the array when posting the array
......
......@@ -3,16 +3,12 @@
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/tiki-slideshow2.php,v 1.20 2007-10-12 07:55:32 nyloth Exp $
$section = 'wiki page';
require_once ('tiki-setup.php');
include_once ('lib/structures/structlib.php');
include_once ('lib/wiki/wikilib.php');
if ($prefs['feature_wiki'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_wiki");
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_wiki');
$page_ref_id = $_REQUEST['page_ref_id'];
if (!isset($page_ref_id)) {
$smarty->assign('msg', tra("Page must be defined inside a structure to use this feature"));
......@@ -34,12 +30,8 @@ if (!($info = $tikilib->get_page_info($page))) {
}
// Now check permissions to access this page
$tikilib->get_perm_object($page, 'wiki page', $info);
if ($tiki_p_view != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied. You cannot view this page."));
$smarty->display("error.tpl");
die;
}
$access->check_permission('tiki_p_view');
// BreadCrumbNavigation here
// Get the number of pages from the default or userPreferences
// Remember to reverse the array when posting the array
......
......@@ -3,19 +3,16 @@
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/lib/logs/logslib.php,v 1.54.2.5 2008-01-22 16:58:23 sylvieg Exp $
include_once ('tiki-setup.php');
if ($tiki_p_admin != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You do not have permission to use this feature"));
$smarty->display("error.tpl");
die;
}
$access->check_permission('tiki_p_admin');
if ($api_tiki != 'adodb') {
$smarty->assign('msg', tra('This feature is disabled') . ': adodb');
$smarty->display('error.tpl');
die;
}
$query = "show tables like 'adodb_logsql'";
$result = $tikilib->query($query, array());
if (!$result->numRows()) {
......
......@@ -3,20 +3,11 @@
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/tiki-stats.php,v 1.17 2007-10-12 07:55:32 nyloth Exp $
require_once ('tiki-setup.php');
include_once ('lib/stats/statslib.php');
if ($prefs['feature_stats'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_stats");
$smarty->display("error.tpl");
die;
}
if ($tiki_p_view_stats != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You do not have permission to use this feature"));
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_stats');
$access->check_permission('tiki_p_view_stats');
if (isset($_REQUEST['startDate_Year']) || isset($_REQUEST['endDate_Year'])) {
$start_date = $tikilib->make_time(23, 59, 59, $_REQUEST['startDate_Month'], $_REQUEST['startDate_Day'], $_REQUEST['startDate_Year']);
......@@ -106,6 +97,5 @@ $best_objects_stats_between = $statslib->best_overall_object_stats(20, 0, $start
$smarty->assign_by_ref('best_objects_stats_between', $best_objects_stats_between);
}
ask_ticket('stats');
// Display the template
$smarty->assign('mid', 'tiki-stats.tpl');
$smarty->display("tiki.tpl");
......@@ -3,22 +3,14 @@
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/tiki-survey_stats.php,v 1.16 2007-10-12 07:55:32 nyloth Exp $
$section = 'surveys';
require_once ('tiki-setup.php');
include_once ('lib/surveys/surveylib.php');
$auto_query_args = array('sort_mode', 'offset', 'find');
if ($prefs['feature_surveys'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_surveys");
$smarty->display("error.tpl");
die;
}
if ($tiki_p_view_survey_stats != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You do not have permission to use this feature"));
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_surveys');
$access->check_permission('tiki_p_view_survey_stats');
if (!isset($_REQUEST["sort_mode"])) {
$sort_mode = 'created_desc';
} else {
......
......@@ -3,24 +3,16 @@
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/tiki-survey_stats_survey.php,v 1.16 2007-10-12 07:55:32 nyloth Exp $
$section = 'surveys';
require_once ('tiki-setup.php');
include_once ('lib/surveys/surveylib.php');
if ($prefs['feature_surveys'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_surveys");
$smarty->display("error.tpl");
die;
}
$tikilib->get_perm_object($_REQUEST["surveyId"], 'survey');
$access->check_feature('feature_surveys');
$tikilib->get_perm_object($_REQUEST['surveyId'], 'survey');
$access->check_permission('tiki_p_view_survey_stats');
if ($tiki_p_view_survey_stats != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You do not have permission to use this feature"));
$smarty->display("error.tpl");
die;
}
if (!isset($_REQUEST["surveyId"])) {
$smarty->assign('msg', tra("No survey indicated"));
$smarty->display("error.tpl");
......
......@@ -5,11 +5,9 @@
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
require_once ('tiki-setup.php');
if ($prefs['feature_multilingual'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_multilingual");
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_multilingual');
if (isset($_GET['from'])) $orig_url = $_GET['from'];
elseif (isset($_SERVER['HTTP_REFERER'])) $orig_url = $_SERVER['HTTP_REFERER'];
else $orig_url = $prefs['tikiIndex'];
......
......@@ -3,14 +3,10 @@
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/tiki-syslog.php,v 1.8.2.1 2008-02-14 10:25:11 nyloth Exp $
require_once ('tiki-setup.php');
if ($tiki_p_admin != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You do not have permission to use this feature"));
$smarty->display("error.tpl");
die;
}
$access->check_permission('tiki_p_admin');
$auto_query_args = array('offset', 'numrows', 'maxRecords', 'find', 'sort_mode');
if (isset($_REQUEST["clean"])) {
$area = 'cleanlogs';
......
......@@ -3,7 +3,6 @@
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/tiki-take_quiz.php,v 1.25.2.1 2007-12-07 05:56:38 mose Exp $
$section = 'quizzes';
require_once ('tiki-setup.php');
include_once ('lib/quizzes/quizlib.php');
......@@ -13,11 +12,9 @@ if ($prefs['feature_categories'] == 'y') {
include_once ('lib/categories/categlib.php');
}
}
if ($prefs['feature_quizzes'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_quizzes");
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_quizzes');
if (!isset($_REQUEST["quizId"])) {
$smarty->assign('msg', tra("No quiz indicated"));
$smarty->display("error.tpl");
......@@ -27,12 +24,8 @@ $tikilib->get_perm_object( $_REQUEST['quizId'], 'quiz' );
$smarty->assign('quizId', $_REQUEST["quizId"]);
$quiz_info = $quizlib->get_quiz($_REQUEST["quizId"]);
if ($tiki_p_take_quiz != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You do not have permission to use this feature"));
$smarty->display("error.tpl");
die;
}
$access->check_permission('tiki_p_take_quiz');
if ($user) {
// If the quiz cannot be repeated
if ($quiz_info["canRepeat"] == 'n') {
......
......@@ -3,7 +3,6 @@
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/tiki-take_survey.php,v 1.18.2.1 2007-12-07 05:56:38 mose Exp $
$section = 'surveys';
require_once ('tiki-setup.php');
include_once ('lib/surveys/surveylib.php');
......@@ -13,11 +12,9 @@ if ($prefs['feature_categories'] == 'y') {
include_once ('lib/categories/categlib.php');
}
}
if ($prefs['feature_surveys'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_surveys");
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_surveys');
if (!isset($_REQUEST["surveyId"])) {
$smarty->assign('msg', tra("No survey indicated"));
$smarty->display("error.tpl");
......@@ -28,11 +25,8 @@ $tikilib->get_perm_object( $_REQUEST["surveyId"], 'survey' );
$smarty->assign('surveyId', $_REQUEST["surveyId"]);
$survey_info = $srvlib->get_survey($_REQUEST["surveyId"]);
$smarty->assign('survey_info', $survey_info);
if ($tiki_p_take_survey != 'y') {
$smarty->assign('msg', tra("You don't have permission to use this feature"));
$smarty->display("error.tpl");
die;
}
$access->check_permission('tiki_p_take_survey');
// Check if user has taken this survey
if ($tiki_p_admin != 'y') {
if ($tikilib->user_has_voted($user, 'survey' . $_REQUEST["surveyId"])) {
......
......@@ -3,37 +3,21 @@
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/tiki-tell_a_friend.php,v 1.8.2.6 2008-03-15 22:21:48 sylvieg Exp $
require_once ('tiki-setup.php');
// To include a link in your tpl do
//<a href="tiki-tell_a_friend.php?url={$smarty.server.REQUEST_URI|escape:'url'}">{tr}Email this page{/tr}</a>
$smarty->assign('headtitle', tra('Send a link to a friend '));
if (empty($_REQUEST['report'])) {
if ($prefs['feature_tell_a_friend'] != 'y') {
$smarty->assign('msg', tra('This feature is disabled') . ': feature_tell_a_friend');
$smarty->display('error.tpl');
die;
}
if ($tiki_p_tell_a_friend != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra('Permission denied'));
$smarty->display('error.tpl');
die;
}
$access->check_feature('feature_tell_a_friend');
$access->check_permission('tiki_p_tell_a_friend');
}
if (!empty($_REQUEST['report']) && $_REQUEST['report'] == 'y') {
if ($prefs['feature_site_report'] != 'y') {
$smarty->assign('msg', tra('This feature is disabled') . ': feature_site_report');
$smarty->display('error.tpl');
die;
}
if ($tiki_p_site_report != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra('Permission denied'));
$smarty->display('error.tpl');
die;
}
$access->check_feature('feature_site_report', '', 'look');
$access->check_permission('tiki_p_site_report');
}
if (empty($_REQUEST['url']) && !empty($_SERVER['HTTP_REFERER'])) {
$u = parse_url($_SERVER['HTTP_REFERER']);
if ($u['host'] != $_SERVER['SERVER_NAME']) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment