git.cweiske.de / phorkie.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
rename "secureAtLevel" variable since it does not define a level at all
[phorkie.git] / www / www-security.php
diff --git a/www/www-security.php b/www/www-security.php
index ccbdb9784c6b3e78f1d154363310a7f99591a642..5051b0fea698ebd499231e2a0b06d00c85bd1d9f 100644 (file)
--- a/www/www-security.php
+++ b/www/www-security.php
@@ -26,23 +26,19 @@ if (!isset($_SESSION['identity'])) {
     $logged_in = true;
 }
 
     $logged_in = true;
 }
 
-if ($secureAtLevel >= $GLOBALS['phorkie']['auth']['securityLevel']) {
-    if ($logged_in) {
-        return;
-    }
-} else {
+if ($logged_in) {
+    //you may do everything if you're logged in
     return;
 }
 
     return;
 }
 
-// p / G / log_in = disp
-// 0 / 1 / true   = return
-// 0 / 1 / false  = block
-// 0 / 2 / true   = return
-// 0 / 2 / false  = return
-// 1 / 1 / true   = return
-// 1 / 1 / false  = block
-// 1 / 2 / true   = return
-// 1 / 2 / false  = block
+if (!isset($reqWritePermissions)) {
+    $reqWritePermissions = true;
+}
+if ($GLOBALS['phorkie']['auth']['securityLevel'] == 1
+    && !$reqWritePermissions
+) {
+    return;
+}
 
 $_SESSION['REQUEST_URI'] = $_SERVER['REQUEST_URI'];
 require 'forbidden.php';
 
 $_SESSION['REQUEST_URI'] = $_SERVER['REQUEST_URI'];
 require 'forbidden.php';
Self-hosted pastebin software written in PHP. Pastes are editable, may have multiple files and are stored in git repositories.