|
1
|
|
|
<?php |
|
2
|
|
|
// |
|
3
|
|
|
// SourceForge: Breaking Down the Barriers to Open Source Development |
|
4
|
|
|
// Copyright 1999-2000 (c) The SourceForge Crew |
|
5
|
|
|
// http://sourceforge.net |
|
6
|
|
|
// |
|
7
|
|
|
// |
|
8
|
|
|
// |
|
9
|
|
|
|
|
10
|
|
|
|
|
11
|
|
|
$G_SESSION=array(); |
|
12
|
|
|
|
|
13
|
|
|
function session_issecure() { |
|
14
|
|
|
return HTTPRequest::instance()->isSSL(); |
|
15
|
|
|
} |
|
16
|
|
|
|
|
17
|
|
|
function session_make_url($loc) { |
|
18
|
|
|
return get_server_url(). $loc; |
|
19
|
|
|
} |
|
20
|
|
|
|
|
21
|
|
|
function session_redirect($loc) { |
|
22
|
|
|
$GLOBALS['Response']->redirect($loc); |
|
23
|
|
|
print("\n\n"); |
|
24
|
|
|
exit; |
|
|
|
|
|
|
25
|
|
|
} |
|
26
|
|
|
|
|
27
|
|
|
function session_require($req) { |
|
28
|
|
|
global $Language; |
|
29
|
|
|
/* |
|
30
|
|
|
Codendi admins always return true |
|
31
|
|
|
*/ |
|
32
|
|
|
if (user_is_super_user()) { |
|
33
|
|
|
return true; |
|
34
|
|
|
} |
|
35
|
|
|
|
|
36
|
|
|
if (isset($req['group']) && $req['group']) { |
|
37
|
|
|
$query = "SELECT user_id FROM user_group WHERE user_id=" . user_getid() |
|
38
|
|
|
. " AND group_id=".db_ei($req['group']); |
|
39
|
|
|
if (isset($req['admin_flags']) && $req['admin_flags']) { |
|
40
|
|
|
$query .= " AND admin_flags = '".db_escape_string($req['admin_flags'])."'"; |
|
41
|
|
|
} |
|
42
|
|
|
|
|
43
|
|
|
if ((db_numrows(db_query($query)) < 1) || !$req['group']) { |
|
44
|
|
|
exit_error($Language->getText('include_session','insufficient_g_access'),$Language->getText('include_session','no_perm_to_view')); |
|
45
|
|
|
} |
|
46
|
|
|
} |
|
47
|
|
|
elseif (isset($req['user']) && $req['user']) { |
|
48
|
|
|
if (user_getid() != $req['user']) { |
|
49
|
|
|
exit_error($Language->getText('include_session','insufficient_u_access'),$Language->getText('include_session','no_perm_to_view')); |
|
50
|
|
|
} |
|
51
|
|
|
} |
|
52
|
|
|
elseif (isset($req['isloggedin']) && $req['isloggedin']) { |
|
53
|
|
|
if (!user_isloggedin()) { |
|
54
|
|
|
exit_error($Language->getText('include_session','required_login'),$Language->getText('include_session','login')); |
|
55
|
|
|
} |
|
56
|
|
|
} else { |
|
57
|
|
|
exit_error($Language->getText('include_session','insufficient_access'),$Language->getText('include_session','no_access')); |
|
58
|
|
|
} |
|
59
|
|
|
} |
|
60
|
|
|
|
|
61
|
|
|
/** |
|
62
|
|
|
* Mandate current session to be site admin otherwise redirect to an error page |
|
63
|
|
|
*/ |
|
64
|
|
|
function session_require_site_admin() { |
|
65
|
|
|
session_require(array('group' => '1', 'admin_flags' => 'A')); |
|
66
|
|
|
} |
|
67
|
|
|
|
|
68
|
|
|
/** |
|
69
|
|
|
* session_continue - A utility method to carry on with an already established session with |
|
70
|
|
|
* sessionKey |
|
71
|
|
|
* |
|
72
|
|
|
* @param string The session key |
|
73
|
|
|
*/ |
|
74
|
|
|
function session_continue($sessionKey) { |
|
75
|
|
|
$user = UserManager::instance()->getCurrentUser($sessionKey); |
|
76
|
|
|
return $user->isLoggedIn(); |
|
77
|
|
|
} |
|
78
|
|
|
|
|
79
|
|
|
function session_hash() { |
|
80
|
|
|
return UserManager::instance()->getCurrentUser()->getSessionHash(); |
|
81
|
|
|
} |
|
82
|
|
|
|
|
83
|
|
|
?> |
|
84
|
|
|
|
Enalean /
tuleap
root
An exit expression should only be used in rare cases. For example, if you write a short command line script.
In most cases however, using an
exitexpression makes the code untestable and often causes incompatibilities with other libraries. Thus, unless you are absolutely sure it is required here, we recommend to refactor your code to avoid its usage.