diff options
| author | Justin J. Novack <jnovack@gmail.com> | 2012-09-17 21:11:58 -0400 |
|---|---|---|
| committer | Justin J. Novack <jnovack@gmail.com> | 2012-09-17 21:11:58 -0400 |
| commit | 3f0ffc6181c329dd2c1ee05d220b4b82ea907e36 (patch) | |
| tree | 27a162c7ed52f421b367654646f688bc20f9cd02 | |
| parent | 82d22f5e2176392ca2389df0e47a29092cf38089 (diff) | |
| download | phorkie-3f0ffc6181c329dd2c1ee05d220b4b82ea907e36.tar.gz phorkie-3f0ffc6181c329dd2c1ee05d220b4b82ea907e36.zip | |
FIX: Revamped security measures
| -rw-r--r-- | www/delete.php | 1 | ||||
| -rw-r--r-- | www/display.php | 2 | ||||
| -rw-r--r-- | www/doap.php | 2 | ||||
| -rw-r--r-- | www/edit.php | 2 | ||||
| -rw-r--r-- | www/fork.php | 1 | ||||
| -rw-r--r-- | www/list.php | 2 | ||||
| -rw-r--r-- | www/login.php | 1 | ||||
| -rw-r--r-- | www/new.php | 2 | ||||
| -rw-r--r-- | www/raw.php | 2 | ||||
| -rw-r--r-- | www/revision.php | 2 | ||||
| -rw-r--r-- | www/search.php | 2 | ||||
| -rw-r--r-- | www/www-security.php | 24 |
12 files changed, 26 insertions, 17 deletions
diff --git a/www/delete.php b/www/delete.php index 6d68ae4..e4ee5e7 100644 --- a/www/delete.php +++ b/www/delete.php @@ -3,6 +3,7 @@ namespace phorkie; /** * Delete paste or ask for deletion */ +$pageRequiresLogin = '1'; require_once 'www-header.php'; $repo = new Repository(); diff --git a/www/display.php b/www/display.php index 534a119..94b2ef9 100644 --- a/www/display.php +++ b/www/display.php @@ -3,7 +3,7 @@ namespace phorkie; /** * Display paste contents */ -$pageRequiresLogin = false; +$pageRequiresLogin = '0'; require_once 'www-header.php'; $repo = new Repository(); diff --git a/www/doap.php b/www/doap.php index f374dba..cc61845 100644 --- a/www/doap.php +++ b/www/doap.php @@ -4,7 +4,7 @@ namespace phorkie; * Display DOAP of the paste. * Contains a machine-readable project description with Git URL. */ -$pageRequiresLogin = false; +$pageRequiresLogin = '0'; require_once 'www-header.php'; $repo = new Repository(); diff --git a/www/edit.php b/www/edit.php index 897aada..b925f0b 100644 --- a/www/edit.php +++ b/www/edit.php @@ -3,8 +3,8 @@ namespace phorkie; /** * Edit paste contents */ +$pageRequiresLogin = '1'; require_once 'www-header.php'; - $repo = new Repository(); $repo->loadFromRequest(); diff --git a/www/fork.php b/www/fork.php index 3d1c4b7..2832fe4 100644 --- a/www/fork.php +++ b/www/fork.php @@ -3,6 +3,7 @@ * Fork a repository */ namespace phorkie; +$pageRequiresLogin = '1'; require_once 'www-header.php'; if ($_SERVER['REQUEST_METHOD'] !== 'POST') { diff --git a/www/list.php b/www/list.php index 721d20c..cc8aa87 100644 --- a/www/list.php +++ b/www/list.php @@ -3,7 +3,7 @@ * List a repository */ namespace phorkie; -$pageRequiresLogin = false; +$pageRequiresLogin = '0'; require_once 'www-header.php'; $rs = new Repositories(); diff --git a/www/login.php b/www/login.php index 150cf25..a2cf97c 100644 --- a/www/login.php +++ b/www/login.php @@ -1,6 +1,5 @@ <?php namespace phorkie; -$pageRequiresLogin = false; $noSecurityCheck = true; require_once 'www-header.php'; diff --git a/www/new.php b/www/new.php index 5d370f5..505ca50 100644 --- a/www/new.php +++ b/www/new.php @@ -10,7 +10,7 @@ namespace phorkie; * * Creates and redirects to display page */ -$pageRequiresLogin = true; +$pageRequiresLogin = '1'; require_once 'www-header.php'; $repopo = new Repository_Post(); diff --git a/www/raw.php b/www/raw.php index 634576d..bedaa1b 100644 --- a/www/raw.php +++ b/www/raw.php @@ -3,7 +3,7 @@ namespace phorkie; /** * Displays a file */ -$pageRequiresLogin = false; +$pageRequiresLogin = '0'; require_once 'www-header.php'; $repo = new Repository(); diff --git a/www/revision.php b/www/revision.php index c4ce9e8..9c2735d 100644 --- a/www/revision.php +++ b/www/revision.php @@ -3,7 +3,7 @@ namespace phorkie; /** * Display historic paste contents */ -$pageRequiresLogin = false; +$pageRequiresLogin = '0'; require_once 'www-header.php'; $repo = new Repository(); diff --git a/www/search.php b/www/search.php index 8701911..2621382 100644 --- a/www/search.php +++ b/www/search.php @@ -3,7 +3,7 @@ namespace phorkie; /** * Search for a search term */ -$pageRequiresLogin = false; +$pageRequiresLogin = '0'; require_once 'www-header.php'; if (!isset($_GET['q']) || $_GET['q'] == '') { diff --git a/www/www-security.php b/www/www-security.php index 241f866..47e9a9e 100644 --- a/www/www-security.php +++ b/www/www-security.php @@ -26,15 +26,23 @@ if (!isset($_SESSION['identity'])) { $logged_in = true; } -if ($logged_in) { - //logged in? all fine - return; -} else if ($GLOBALS['phorkie']['auth']['secure'] == 2) { - //not logged in and security level 2 => error - require 'forbidden.php'; -} else if (isset($pageRequiresLogin) && !$pageRequiresLogin) { +if ($pageRequiresLogin >= $GLOBALS['phorkie']['auth']['secure']) { + if ($logged_in) { + return; + } +} else { return; } +// p / G / log_in = disp +// 0 / 1 / true = return +// 0 / 1 / false = block +// 0 / 2 / true = return +// 0 / 2 / false = return +// 1 / 1 / true = return +// 1 / 1 / false = block +// 1 / 2 / true = return +// 1 / 2 / false = block + require 'forbidden.php'; -?>
\ No newline at end of file +?> |