rename "secureAtLevel" variable since it does not define a level at all

[phorkie.git] / www / www-security.php

diff --git a/www/www-security.php b/www/www-security.php
index 241f866f03c12fd6071db452e94de7242b8b3420..5051b0fea698ebd499231e2a0b06d00c85bd1d9f 100644 (file)
--- a/www/www-security.php
+++ b/www/www-security.php
@@ -4,12 +4,12 @@ namespace phorkie;
  * security levels + login requirement:
  */
 
-if (!isset($GLOBALS['phorkie']['auth']['secure'])) {
+if (!isset($GLOBALS['phorkie']['auth']['securityLevel'])) {
     //not set? highest level of security
-    $GLOBALS['phorkie']['auth']['secure'] = 2;
+    $GLOBALS['phorkie']['auth']['securityLevel'] = 2;
 }
 
-if ($GLOBALS['phorkie']['auth']['secure'] == 0) {
+if ($GLOBALS['phorkie']['auth']['securityLevel'] == 0) {
     //everyone may do everything
     return;
 }
@@ -17,8 +17,8 @@ if ($GLOBALS['phorkie']['auth']['secure'] == 0) {
 $logged_in = false;
 if (!isset($_SESSION['identity'])) {
     //not logged in 
-} else if ($GLOBALS['phorkie']['auth']['userlist']) {
-    if (in_array($_SESSION['identity'], $GLOBALS['phorkie']['users'])) {
+} else if ($GLOBALS['phorkie']['auth']['listedUsersOnly']) {
+    if (in_array($_SESSION['identity'], $GLOBALS['phorkie']['auth']['users'])) {
         $logged_in = true;
     }
 } else {
@@ -27,14 +27,19 @@ if (!isset($_SESSION['identity'])) {
 }
 
 if ($logged_in) {
-    //logged in? all fine
+    //you may do everything if you're logged in
     return;
-} else if ($GLOBALS['phorkie']['auth']['secure'] == 2) {
-    //not logged in and security level 2 => error
-    require 'forbidden.php';
-} else if (isset($pageRequiresLogin) && !$pageRequiresLogin) {
+}
+
+if (!isset($reqWritePermissions)) {
+    $reqWritePermissions = true;
+}
+if ($GLOBALS['phorkie']['auth']['securityLevel'] == 1
+    && !$reqWritePermissions
+) {
     return;
 }
 
+$_SESSION['REQUEST_URI'] = $_SERVER['REQUEST_URI'];
 require 'forbidden.php';
-?>
\ No newline at end of file
+?>