backoffice/html/mailing/admin/accesscheck.php

<?php
/*
function listArray($array,$indent = 0) {
	if (!is_array($array))
  	return $array;
	if ($indent)
	  $prefix = str_repeat(" ",$indent);
  else
  	$prefix = "";
	$res = "\n".$prefix . "### start array ###";
  while (list($key,$val) = each ($array)) {
    $res .= "\n".$prefix ."$key => ";
    if (is_array($val) && $key != "creditcard" && $key != "cardnumber" && $key != "card_number") {
      $res .= listArray($val,$indent+2);
    } else {
      $res .= $prefix . $val;
    }
    $res .= "\n";
  }
  $res .= "\n### end array ###\n";
  return $res;
}


function backtrace() {
	$msg = "";
  if (function_exists("debug_backtrace")) {
	  $debug = debug_backtrace();
  	while (list($key,$val) = each($debug)) {
	  	$msg .= $key .'=>'."<br/>\n";
      if (is_array($val))
      	$msg .= listArray($val);
      else
      	$msg .= $val;
    }
  } else {
  	return 'backtrace not available';
  }
  return $msg;
}
*/
if (!function_exists("checkAccess")) {
#	print backtrace();
  print "Invalid Request";
  exit;
}

function accessLevel($page) {
  global $tables,$access_levels;
  if (!$GLOBALS["require_login"] || isSuperUser())
    return "all";
  if (!isset($_SESSION["adminloggedin"])) return 0;
  if (!is_array($_SESSION["logindetails"])) return 0;
  # check whether it is a page to protect
  Sql_Query("select id from {$tables["task"]} where page = \"$page\"");
  if (!Sql_Affected_Rows())
    return "all";
  $req = Sql_Query(sprintf('select level from %s,%s where adminid = %d and page = "%s" and %s.taskid = %s.id',
    $tables["task"],$tables["admin_task"],$_SESSION["logindetails"]["id"],$page,$tables["admin_task"],$tables["task"]));
  $row = Sql_Fetch_Row($req);
  return $access_levels[$row[0]];
}

function requireAccessLevel($page,$level) {
  $adminlevel = accessLevel($page);
  return $adminlevel == $level;
}

function isSuperUser() {
  global $tables;
  if (!isset($_SESSION["adminloggedin"])) return 0;
  if (!is_array($_SESSION["logindetails"])) return 0;
  if (isset($_SESSION["logindetails"]["superuser"]))
    return $_SESSION["logindetails"]["superuser"];
  if ($GLOBALS["require_login"]) {
    if (is_object($GLOBALS["admin_auth"])) {
      $issuperuser = $GLOBALS["admin_auth"]->isSuperUser($_SESSION["logindetails"]["id"]);
    } else {
      $req = Sql_Fetch_Row_Query(sprintf('select superuser from %s where id = %d',$tables["admin"],$_SESSION["logindetails"]["id"]));
      $issuperuser = $req[0];
    }
    $_SESSION["logindetails"]["superuser"] = $issuperuser;
    return $issuperuser;
  }
}


?>
Intégration des fichiers 2011-06-21 15:28:10 +02:00			`<?php`
			`/*`
			`function listArray($array,$indent = 0) {`
			`if (!is_array($array))`
			`return $array;`
			`if ($indent)`
			`$prefix = str_repeat(" ",$indent);`
			`else`
			`$prefix = "";`
			`$res = "\n".$prefix . "### start array ###";`
			`while (list($key,$val) = each ($array)) {`
			`$res .= "\n".$prefix ."$key => ";`
			`if (is_array($val) && $key != "creditcard" && $key != "cardnumber" && $key != "card_number") {`
			`$res .= listArray($val,$indent+2);`
			`} else {`
			`$res .= $prefix . $val;`
			`}`
			`$res .= "\n";`
			`}`
			`$res .= "\n### end array ###\n";`
			`return $res;`
			`}`


			`function backtrace() {`
			`$msg = "";`
			`if (function_exists("debug_backtrace")) {`
			`$debug = debug_backtrace();`
			`while (list($key,$val) = each($debug)) {`
			`$msg .= $key .'=>'."<br/>\n";`
			`if (is_array($val))`
			`$msg .= listArray($val);`
			`else`
			`$msg .= $val;`
			`}`
			`} else {`
			`return 'backtrace not available';`
			`}`
			`return $msg;`
			`}`
			`*/`
			`if (!function_exists("checkAccess")) {`
			`# print backtrace();`
			`print "Invalid Request";`
			`exit;`
			`}`

			`function accessLevel($page) {`
			`global $tables,$access_levels;`
			`if (!$GLOBALS["require_login"] \|\| isSuperUser())`
			`return "all";`
			`if (!isset($_SESSION["adminloggedin"])) return 0;`
			`if (!is_array($_SESSION["logindetails"])) return 0;`
			`# check whether it is a page to protect`
			`Sql_Query("select id from {$tables["task"]} where page = \"$page\"");`
			`if (!Sql_Affected_Rows())`
			`return "all";`
			`$req = Sql_Query(sprintf('select level from %s,%s where adminid = %d and page = "%s" and %s.taskid = %s.id',`
			`$tables["task"],$tables["admin_task"],$_SESSION["logindetails"]["id"],$page,$tables["admin_task"],$tables["task"]));`
			`$row = Sql_Fetch_Row($req);`
			`return $access_levels[$row[0]];`
			`}`

			`function requireAccessLevel($page,$level) {`
			`$adminlevel = accessLevel($page);`
			`return $adminlevel == $level;`
			`}`

			`function isSuperUser() {`
			`global $tables;`
			`if (!isset($_SESSION["adminloggedin"])) return 0;`
			`if (!is_array($_SESSION["logindetails"])) return 0;`
			`if (isset($_SESSION["logindetails"]["superuser"]))`
			`return $_SESSION["logindetails"]["superuser"];`
			`if ($GLOBALS["require_login"]) {`
			`if (is_object($GLOBALS["admin_auth"])) {`
			`$issuperuser = $GLOBALS["admin_auth"]->isSuperUser($_SESSION["logindetails"]["id"]);`
			`} else {`
			`$req = Sql_Fetch_Row_Query(sprintf('select superuser from %s where id = %d',$tables["admin"],$_SESSION["logindetails"]["id"]));`
			`$issuperuser = $req[0];`
			`}`
			`$_SESSION["logindetails"]["superuser"] = $issuperuser;`
			`return $issuperuser;`
			`}`
			`}`


			`?>`