Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

better enforcement of the userlogreq option

darcs-hash:20071205102221-6e07b-344b2e45464c03670e7d745b02f2bdb18de76fd6.gz
  • Loading branch information...
commit 957e03f1c6791f6275ecfdc5e954c673c930844e 1 parent 142455a
@splitbrain splitbrain authored
View
7 ajax.php
@@ -2,6 +2,13 @@
require_once('inc/init.php');
ldap_login();
+if ($conf['userlogreq'] && $user == ''){
+ header("HTTP/1.1 401 Access Denied");
+ echo '<h1>Access Denied</h1>';
+ exit();
+}
+
+
$FIELD = preg_replace('/entry\[/','',$_REQUEST['field']);
$FIELD = preg_replace('/\W+/','',$FIELD);
View
5 entry.php
@@ -2,6 +2,11 @@
require_once('inc/init.php');
ldap_login();
+if ($conf['userlogreq'] && $user == ''){
+ header('Location: login.php');
+ exit();
+}
+
$users = get_users();
//select template to use
View
8 img.php
@@ -2,10 +2,18 @@
require_once('inc/init.php');
ldap_login();
+if ($conf['userlogreq'] && $user == ''){
+ header("HTTP/1.0 401 Access Denied");
+ echo '<h1>Access Denied</h1>';
+ exit();
+}
+
$dn = $_REQUEST['dn'];
$sr = ldap_search($LDAP_CON,$dn,'(objectClass=inetOrgPerson)',array($FIELDS['photo']));
if(!ldap_count_entries($LDAP_CON,$sr)){
+ header("HTTP/1.0 404 Not Found");
+ echo '<h1>Not Found</h1>';
exit;
}
$result = ldap_get_binentries($LDAP_CON, $sr);
View
2  import.php
@@ -3,7 +3,7 @@
require_once('inc/Contact_Vcard_Parse.php');
ldap_login();
-if(! $_SESSION['ldapab']['username'] ){
+if(!$user){
header("Location: login.php");
exit;
}
View
5 index.php
@@ -48,8 +48,9 @@
$smarty->assign('org',$_REQUEST['org']);
//display templates
if(!empty($_REQUEST['export'])){
- if ($conf['userlogreq'] == 1 && $user == ''){
- header("HTTP/1.1 401 ACCESS DENIED");
+ if ($conf['userlogreq'] && $user == ''){
+ header("HTTP/1.1 401 Access Denied");
+ echo '<h1>Access Denied</h1>';
exit();
}
View
5 orgs.php
@@ -2,6 +2,11 @@
require_once('inc/init.php');
ldap_login();
+ if ($conf['userlogreq'] && $user == ''){
+ header('Location: login.php');
+ exit();
+ }
+
//prepare templates
tpl_std();
tpl_orgs();
View
5 tags.php
@@ -2,6 +2,11 @@
require_once('inc/init.php');
ldap_login();
+ if ($conf['userlogreq'] && $user == ''){
+ header('Location: login.php');
+ exit();
+ }
+
//prepare templates
tpl_std();
$smarty->assign('tagcloud',tag_cloud());
View
126 templates/toolbar.tpl
@@ -1,83 +1,85 @@
<ul>
+ {if $user or !$conf.userlogreq}
- <!-- company list -->
- <li>
- <a href="orgs.php" class="ed_orgs">{$lang.orgs}</a>
- </li>
-
- <li class="sep">&nbsp;</li>
-
- {if $user} <!-- new contact -->
- <li>
- <a href="entry.php?mode=edit" class="ed_new">{$lang.new}</a>
- </li>
- {/if}
-
- <li class="sep">&nbsp;</li>
-
- {if $dn} <!-- begin contact page functions -->
+ <!-- company list -->
+ <li>
+ <a href="orgs.php" class="ed_orgs">{$lang.orgs}</a>
+ </li>
- {if $user} <!-- begin editing functions -->
+ <li class="sep">&nbsp;</li>
- <!-- edit/show, copy, delete -->
- {if $smarty.request.mode == 'edit'}
+ {if $user} <!-- new contact -->
<li>
- <a href="entry.php?dn={$dn|escape:url}" class="ed_show">{$lang.show}</a>
- </li>
- {elseif $smarty.request.mode != 'copy'}
- <li>
- <a href="entry.php?dn={$dn|escape:url}&amp;mode=edit" class="ed_edit">{$lang.edit}</a>
- </li>
- <li>
- <a href="entry.php?dn={$dn|escape:url}&amp;mode=copy" class="ed_copy">{$lang.copy}</a>
- </li>
- <li>
- <a href="entry.php?dn={$dn|escape:url}&amp;del=1" onclick="return confirm('{$lang.msg_reallydel}');"
- class="ed_delete">{$lang.delete}</a>
+ <a href="entry.php?mode=edit" class="ed_new">{$lang.new}</a>
</li>
{/if}
- {/if} <!-- end editing functions -->
-
- <!-- vcf export -->
- <li>
- <a href="entry.php?dn={$dn|escape:url}&amp;mode=vcf" class="ed_vcfexport">{$lang.vcfexport}</a>
- </li>
-
- <!-- show on map -->
- {if $smarty.request.mode == 'map' && $conf.gmapkey}
+ <li class="sep">&nbsp;</li>
+
+ {if $dn} <!-- begin contact page functions -->
+
+ {if $user} <!-- begin editing functions -->
+
+ <!-- edit/show, copy, delete -->
+ {if $smarty.request.mode == 'edit'}
+ <li>
+ <a href="entry.php?dn={$dn|escape:url}" class="ed_show">{$lang.show}</a>
+ </li>
+ {elseif $smarty.request.mode != 'copy'}
+ <li>
+ <a href="entry.php?dn={$dn|escape:url}&amp;mode=edit" class="ed_edit">{$lang.edit}</a>
+ </li>
+ <li>
+ <a href="entry.php?dn={$dn|escape:url}&amp;mode=copy" class="ed_copy">{$lang.copy}</a>
+ </li>
+ <li>
+ <a href="entry.php?dn={$dn|escape:url}&amp;del=1" onclick="return confirm('{$lang.msg_reallydel}');"
+ class="ed_delete">{$lang.delete}</a>
+ </li>
+ {/if}
+
+ {/if} <!-- end editing functions -->
+
+ <!-- vcf export -->
<li>
- <a href="entry.php?dn={$dn|escape:url}" class="ed_show">{$lang.show}</a>
+ <a href="entry.php?dn={$dn|escape:url}&amp;mode=vcf" class="ed_vcfexport">{$lang.vcfexport}</a>
</li>
- {elseif $conf.gmapkey}
+
+ <!-- show on map -->
+ {if $smarty.request.mode == 'map' && $conf.gmapkey}
+ <li>
+ <a href="entry.php?dn={$dn|escape:url}" class="ed_show">{$lang.show}</a>
+ </li>
+ {elseif $conf.gmapkey}
+ <li>
+ <a href="entry.php?dn={$dn|escape:url}&amp;mode=map" class="ed_map">{$lang.map}</a>
+ </li>
+ {/if}
+
+ <li class="sep">&nbsp;</li>
+ {/if} <!-- end contact page functions -->
+
+
+ {if $list} <!-- export -->
+ {if $smarty.request.export != 'map' && $conf.gmapkey}
+ <li>
+ <a href="index.php?filter={$filter|escape:url}&amp;marker={$marker|escape:url}&amp;search={$search|escape:url}&amp;org={$org|escape:url}&amp;export=map" class="ed_map">{$lang.map}</a>
+ </li>
+ {/if}
<li>
- <a href="entry.php?dn={$dn|escape:url}&amp;mode=map" class="ed_map">{$lang.map}</a>
+ <a href="index.php?filter={$filter|escape:url}&amp;marker={$marker|escape:url}&amp;search={$search|escape:url}&amp;org={$org|escape:url}&amp;export=csv"
+ class="ed_csvexport">{$lang.csvexport}</a>
</li>
- {/if}
-
- <li class="sep">&nbsp;</li>
- {/if} <!-- end contact page functions -->
-
+ {/if}
- {if $list} <!-- export -->
- {if $smarty.request.export != 'map' && $conf.gmapkey}
+ {if $user} <!-- import -->
<li>
- <a href="index.php?filter={$filter|escape:url}&amp;marker={$marker|escape:url}&amp;search={$search|escape:url}&amp;org={$org|escape:url}&amp;export=map" class="ed_map">{$lang.map}</a>
+ <a href="import.php" class="ed_vcfimport">{$lang.vcfimport}</a>
</li>
- {/if}
- <li>
- <a href="index.php?filter={$filter|escape:url}&amp;marker={$marker|escape:url}&amp;search={$search|escape:url}&amp;org={$org|escape:url}&amp;export=csv"
- class="ed_csvexport">{$lang.csvexport}</a>
- </li>
- {/if}
+ {/if}
- {if $user} <!-- import -->
- <li>
- <a href="import.php" class="ed_vcfimport">{$lang.vcfimport}</a>
- </li>
{/if}
-
<!-- help -->
<li class="right">
<a href="help.php" class="ed_help">{$lang.help}</a>
Please sign in to comment.
Something went wrong with that request. Please try again.