www/www-security.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

<?php
namespace phorkie;
/**
 * security levels + login requirement:
 */

if (!isset($GLOBALS['phorkie']['auth']['securityLevel'])) {
    //not set? highest level of security
    $GLOBALS['phorkie']['auth']['securityLevel'] = 2;
}

if ($GLOBALS['phorkie']['auth']['securityLevel'] == 0) {
    //everyone may do everything
    return;
}

$logged_in = false;
if (!isset($_SESSION['identity'])) {
    //not logged in 
} else if ($GLOBALS['phorkie']['auth']['listedUsersOnly']) {
    if (in_array($_SESSION['identity'], $GLOBALS['phorkie']['auth']['users'])) {
        $logged_in = true;
    }
} else {
    //session identity exists, no special checks required
    $logged_in = true;
}

if ($logged_in) {
    //you may do everything if you're logged in
    return;
}

if (!isset($reqWritePermissions)) {
    $reqWritePermissions = true;
}
if ($GLOBALS['phorkie']['auth']['securityLevel'] == 1
    && !$reqWritePermissions
) {
    return;
}

$_SESSION['REQUEST_URI'] = $_SERVER['REQUEST_URI'];
require 'forbidden.php';
?>