From: Justin J. Novack <jnovack@gmail.com>
Date: Tue, 18 Sep 2012 01:11:58 +0000 (-0400)
Subject: FIX: Revamped security measures
X-Git-Tag: v0.3.0~42^2~23
X-Git-Url: https://git.cweiske.de/phorkie.git/commitdiff_plain/3f0ffc6181c329dd2c1ee05d220b4b82ea907e36?hp=82d22f5e2176392ca2389df0e47a29092cf38089

FIX: Revamped security measures
---

diff --git a/www/delete.php b/www/delete.php
index 6d68ae4..e4ee5e7 100644
--- a/www/delete.php
+++ b/www/delete.php
@@ -3,6 +3,7 @@ namespace phorkie;
 /**
  * Delete paste or ask for deletion
  */
+$pageRequiresLogin = '1';
 require_once 'www-header.php';
 
 $repo = new Repository();
diff --git a/www/display.php b/www/display.php
index 534a119..94b2ef9 100644
--- a/www/display.php
+++ b/www/display.php
@@ -3,7 +3,7 @@ namespace phorkie;
 /**
  * Display paste contents
  */
-$pageRequiresLogin = false;
+$pageRequiresLogin = '0';
 require_once 'www-header.php';
 
 $repo = new Repository();
diff --git a/www/doap.php b/www/doap.php
index f374dba..cc61845 100644
--- a/www/doap.php
+++ b/www/doap.php
@@ -4,7 +4,7 @@ namespace phorkie;
  * Display DOAP of the paste.
  * Contains a machine-readable project description with Git URL.
  */
-$pageRequiresLogin = false;
+$pageRequiresLogin = '0';
 require_once 'www-header.php';
 
 $repo = new Repository();
diff --git a/www/edit.php b/www/edit.php
index 897aada..b925f0b 100644
--- a/www/edit.php
+++ b/www/edit.php
@@ -3,8 +3,8 @@ namespace phorkie;
 /**
  * Edit paste contents
  */
+$pageRequiresLogin = '1';
 require_once 'www-header.php';
-
 $repo = new Repository();
 $repo->loadFromRequest();
 
diff --git a/www/fork.php b/www/fork.php
index 3d1c4b7..2832fe4 100644
--- a/www/fork.php
+++ b/www/fork.php
@@ -3,6 +3,7 @@
  * Fork a repository
  */
 namespace phorkie;
+$pageRequiresLogin = '1';
 require_once 'www-header.php';
 
 if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
diff --git a/www/list.php b/www/list.php
index 721d20c..cc8aa87 100644
--- a/www/list.php
+++ b/www/list.php
@@ -3,7 +3,7 @@
  * List a repository
  */
 namespace phorkie;
-$pageRequiresLogin = false;
+$pageRequiresLogin = '0';
 require_once 'www-header.php';
 $rs = new Repositories();
 
diff --git a/www/login.php b/www/login.php
index 150cf25..a2cf97c 100644
--- a/www/login.php
+++ b/www/login.php
@@ -1,6 +1,5 @@
 <?php
 namespace phorkie;
-$pageRequiresLogin = false;
 $noSecurityCheck = true;
 require_once 'www-header.php';
 
diff --git a/www/new.php b/www/new.php
index 5d370f5..505ca50 100644
--- a/www/new.php
+++ b/www/new.php
@@ -10,7 +10,7 @@ namespace phorkie;
  *
  * Creates and redirects to display page
  */
-$pageRequiresLogin = true;
+$pageRequiresLogin = '1';
 require_once 'www-header.php';
 
 $repopo = new Repository_Post();
diff --git a/www/raw.php b/www/raw.php
index 634576d..bedaa1b 100644
--- a/www/raw.php
+++ b/www/raw.php
@@ -3,7 +3,7 @@ namespace phorkie;
 /**
  * Displays a file
  */
-$pageRequiresLogin = false;
+$pageRequiresLogin = '0';
 require_once 'www-header.php';
 
 $repo = new Repository();
diff --git a/www/revision.php b/www/revision.php
index c4ce9e8..9c2735d 100644
--- a/www/revision.php
+++ b/www/revision.php
@@ -3,7 +3,7 @@ namespace phorkie;
 /**
  * Display historic paste contents
  */
-$pageRequiresLogin = false;
+$pageRequiresLogin = '0';
 require_once 'www-header.php';
 
 $repo = new Repository();
diff --git a/www/search.php b/www/search.php
index 8701911..2621382 100644
--- a/www/search.php
+++ b/www/search.php
@@ -3,7 +3,7 @@ namespace phorkie;
 /**
  * Search for a search term
  */
-$pageRequiresLogin = false;
+$pageRequiresLogin = '0';
 require_once 'www-header.php';
 
 if (!isset($_GET['q']) || $_GET['q'] == '') {
diff --git a/www/www-security.php b/www/www-security.php
index 241f866..47e9a9e 100644
--- a/www/www-security.php
+++ b/www/www-security.php
@@ -26,15 +26,23 @@ if (!isset($_SESSION['identity'])) {
     $logged_in = true;
 }
 
-if ($logged_in) {
-    //logged in? all fine
-    return;
-} else if ($GLOBALS['phorkie']['auth']['secure'] == 2) {
-    //not logged in and security level 2 => error
-    require 'forbidden.php';
-} else if (isset($pageRequiresLogin) && !$pageRequiresLogin) {
+if ($pageRequiresLogin >= $GLOBALS['phorkie']['auth']['secure']) {
+    if ($logged_in) {
+        return;
+    }
+} else {
     return;
 }
 
+// p / G / log_in = disp
+// 0 / 1 / true   = return
+// 0 / 1 / false  = block
+// 0 / 2 / true   = return
+// 0 / 2 / false  = return
+// 1 / 1 / true   = return
+// 1 / 1 / false  = block
+// 1 / 2 / true   = return
+// 1 / 2 / false  = block
+
 require 'forbidden.php';
-?>
\ No newline at end of file
+?>