better enforcement of the userlogreq option

author Andreas Gohr <gohr@cosmocode.de>

Wed, 5 Dec 2007 10:22:21 +0000 (11:22 +0100)

committer Andreas Gohr <gohr@cosmocode.de>

Wed, 5 Dec 2007 10:22:21 +0000 (11:22 +0100)
author Andreas Gohr <gohr@cosmocode.de>
Wed, 5 Dec 2007 10:22:21 +0000 (11:22 +0100)
committer Andreas Gohr <gohr@cosmocode.de>
Wed, 5 Dec 2007 10:22:21 +0000 (11:22 +0100)
diff --git a/ajax.php b/ajax.php

index d6bd6ae9a50c1fb98e768dde449182f5625b1430..2ccb52f95af89019853ffd8e092b80e8ac40d7b0 100644 (file)
--- a/ajax.php
+++ b/ajax.php
@@ -2,6 +2,13 @@
  require_once('inc/init.php');
  ldap_login();
  
+if ($conf['userlogreq'] && $user == ''){
+  header("HTTP/1.1 401 Access Denied");
+  echo '<h1>Access Denied</h1>';
+  exit();
+}
+
+
  $FIELD = preg_replace('/entry\[/','',$_REQUEST['field']);
  $FIELD = preg_replace('/\W+/','',$FIELD);
  
diff --git a/entry.php b/entry.php

index b79bc69680ae49bc1ed2ad62b4e66b856eac25e5..bb207ceb10e62d40a22faade43995ac6e9dfe9dd 100644 (file)
--- a/entry.php
+++ b/entry.php
@@ -2,6 +2,11 @@
  require_once('inc/init.php');
  ldap_login();
  
+if ($conf['userlogreq'] && $user == ''){
+  header('Location: login.php');
+  exit();
+}
+
  $users = get_users();
  
  //select template to use
diff --git a/img.php b/img.php

index 3cdd23dc7d23ace64fb5adbaaf0f74442c5527d8..cb405cda6cba3131e92e2ec15153714518770b2e 100644 (file)
--- a/img.php
+++ b/img.php
@@ -2,10 +2,18 @@
  require_once('inc/init.php');
  ldap_login();
  
+if ($conf['userlogreq'] && $user == ''){
+  header("HTTP/1.0 401 Access Denied");
+  echo '<h1>Access Denied</h1>';
+  exit();
+}
+
  $dn = $_REQUEST['dn'];
  
  $sr = ldap_search($LDAP_CON,$dn,'(objectClass=inetOrgPerson)',array($FIELDS['photo']));
  if(!ldap_count_entries($LDAP_CON,$sr)){
+  header("HTTP/1.0 404 Not Found");
+  echo '<h1>Not Found</h1>';
    exit;
  }
  $result = ldap_get_binentries($LDAP_CON, $sr);
diff --git a/import.php b/import.php

index 5521b4ad1a9717889be1887c9eceaa8aa00d704d..96579ef529e49c9fca3e0b7522eb34648eb77178 100644 (file)
--- a/import.php
+++ b/import.php
@@ -3,7 +3,7 @@ require_once('inc/init.php');
  require_once('inc/Contact_Vcard_Parse.php');
  ldap_login();
  
-if(! $_SESSION['ldapab']['username'] ){
+if(!$user){
    header("Location: login.php");
    exit;
  }
diff --git a/index.php b/index.php

index e41237a56767aaa3517a7df551707844fc55b468..7fcf106a9d1dc464785e6d972cfd26ae3e8d0f0c 100644 (file)
--- a/index.php
+++ b/index.php
@@ -48,8 +48,9 @@
    $smarty->assign('org',$_REQUEST['org']);
    //display templates
    if(!empty($_REQUEST['export'])){
-    if ($conf['userlogreq'] == 1 && $user == ''){
-      header("HTTP/1.1 401 ACCESS DENIED");
+    if ($conf['userlogreq'] && $user == ''){
+      header("HTTP/1.1 401 Access Denied");
+      echo '<h1>Access Denied</h1>';
        exit();
      }
  
diff --git a/orgs.php b/orgs.php

index 7f256b8f2d995b89f739eab541af5e24f2682705..f6ce2889f2d090b29e43d84e5851761f8331aa40 100644 (file)
--- a/orgs.php
+++ b/orgs.php
@@ -2,6 +2,11 @@
    require_once('inc/init.php');
    ldap_login();
  
+  if ($conf['userlogreq'] && $user == ''){
+      header('Location: login.php');
+      exit();
+  }
+
    //prepare templates
    tpl_std();
    tpl_orgs();
diff --git a/tags.php b/tags.php

index 3b06df663b898a4a723dca1d4f69497edce83478..b81e50e2e6c08f1ea58e1d0959098337a9bb5ff1 100644 (file)
--- a/tags.php
+++ b/tags.php
@@ -2,6 +2,11 @@
    require_once('inc/init.php');
    ldap_login();
  
+  if ($conf['userlogreq'] && $user == ''){
+    header('Location: login.php');
+    exit();
+  }
+
    //prepare templates
    tpl_std();
    $smarty->assign('tagcloud',tag_cloud());
diff --git a/templates/toolbar.tpl b/templates/toolbar.tpl

index a44c5e1b0a8b4f63f4aee6ffb6cac81b6affeb8e..014348d1a0166268a7aaa3c4d0e925706a01d3b7 100644 (file)
--- a/templates/toolbar.tpl
+++ b/templates/toolbar.tpl
@@ -1,83 +1,85 @@
  <ul>
+  {if $user or !$conf.userlogreq}
  
-  <!-- company list -->
-  <li>
-    <a href="orgs.php" class="ed_orgs">{$lang.orgs}</a>
-  </li>
-
-  <li class="sep">&nbsp;</li>
-
-  {if $user} <!-- new contact -->
-    <li>
-      <a href="entry.php?mode=edit" class="ed_new">{$lang.new}</a>
-    </li>
-  {/if}
-
-  <li class="sep">&nbsp;</li>
-
-  {if $dn} <!-- begin contact page functions -->
+      <!-- company list -->
+      <li>
+          <a href="orgs.php" class="ed_orgs">{$lang.orgs}</a>
+      </li>
  
-    {if $user} <!-- begin editing functions -->
+      <li class="sep">&nbsp;</li>
  
-      <!-- edit/show, copy, delete -->
-      {if $smarty.request.mode == 'edit'}
+      {if $user} <!-- new contact -->
          <li>
-          <a href="entry.php?dn={$dn|escape:url}" class="ed_show">{$lang.show}</a>
-        </li>
-      {elseif $smarty.request.mode != 'copy'}
-        <li>
-          <a href="entry.php?dn={$dn|escape:url}&amp;mode=edit" class="ed_edit">{$lang.edit}</a>
-        </li>
-        <li>
-          <a href="entry.php?dn={$dn|escape:url}&amp;mode=copy" class="ed_copy">{$lang.copy}</a>
-        </li>
-        <li>
-          <a href="entry.php?dn={$dn|escape:url}&amp;del=1" onclick="return confirm('{$lang.msg_reallydel}');"
-             class="ed_delete">{$lang.delete}</a>
+          <a href="entry.php?mode=edit" class="ed_new">{$lang.new}</a>
          </li>
        {/if}
  
-    {/if} <!-- end editing functions -->
-
-    <!-- vcf export -->
-    <li>
-      <a href="entry.php?dn={$dn|escape:url}&amp;mode=vcf" class="ed_vcfexport">{$lang.vcfexport}</a>
-    </li>
-
-    <!-- show on map -->
-    {if $smarty.request.mode == 'map' && $conf.gmapkey}
+      <li class="sep">&nbsp;</li>
+
+      {if $dn} <!-- begin contact page functions -->
+
+        {if $user} <!-- begin editing functions -->
+
+          <!-- edit/show, copy, delete -->
+          {if $smarty.request.mode == 'edit'}
+            <li>
+              <a href="entry.php?dn={$dn|escape:url}" class="ed_show">{$lang.show}</a>
+            </li>
+          {elseif $smarty.request.mode != 'copy'}
+            <li>
+              <a href="entry.php?dn={$dn|escape:url}&amp;mode=edit" class="ed_edit">{$lang.edit}</a>
+            </li>
+            <li>
+              <a href="entry.php?dn={$dn|escape:url}&amp;mode=copy" class="ed_copy">{$lang.copy}</a>
+            </li>
+            <li>
+              <a href="entry.php?dn={$dn|escape:url}&amp;del=1" onclick="return confirm('{$lang.msg_reallydel}');"
+                 class="ed_delete">{$lang.delete}</a>
+            </li>
+          {/if}
+
+        {/if} <!-- end editing functions -->
+
+        <!-- vcf export -->
          <li>
-          <a href="entry.php?dn={$dn|escape:url}" class="ed_show">{$lang.show}</a>
+          <a href="entry.php?dn={$dn|escape:url}&amp;mode=vcf" class="ed_vcfexport">{$lang.vcfexport}</a>
          </li>
-    {elseif $conf.gmapkey}
+
+        <!-- show on map -->
+        {if $smarty.request.mode == 'map' && $conf.gmapkey}
+            <li>
+              <a href="entry.php?dn={$dn|escape:url}" class="ed_show">{$lang.show}</a>
+            </li>
+        {elseif $conf.gmapkey}
+            <li>
+              <a href="entry.php?dn={$dn|escape:url}&amp;mode=map" class="ed_map">{$lang.map}</a>
+            </li>
+        {/if}
+
+        <li class="sep">&nbsp;</li>
+      {/if} <!-- end contact page functions -->
+
+
+      {if $list} <!-- export -->
+        {if $smarty.request.export != 'map' && $conf.gmapkey}
+            <li>
+              <a href="index.php?filter={$filter|escape:url}&amp;marker={$marker|escape:url}&amp;search={$search|escape:url}&amp;org={$org|escape:url}&amp;export=map" class="ed_map">{$lang.map}</a>
+            </li>
+        {/if}
          <li>
-          <a href="entry.php?dn={$dn|escape:url}&amp;mode=map" class="ed_map">{$lang.map}</a>
+          <a href="index.php?filter={$filter|escape:url}&amp;marker={$marker|escape:url}&amp;search={$search|escape:url}&amp;org={$org|escape:url}&amp;export=csv"
+             class="ed_csvexport">{$lang.csvexport}</a>
          </li>
-    {/if}
-
-    <li class="sep">&nbsp;</li>
-  {/if} <!-- end contact page functions -->
-
+      {/if}
  
-  {if $list} <!-- export -->
-    {if $smarty.request.export != 'map' && $conf.gmapkey}
+      {if $user} <!-- import -->
          <li>
-          <a href="index.php?filter={$filter|escape:url}&amp;marker={$marker|escape:url}&amp;search={$search|escape:url}&amp;org={$org|escape:url}&amp;export=map" class="ed_map">{$lang.map}</a>
+          <a href="import.php" class="ed_vcfimport">{$lang.vcfimport}</a>
          </li>
-    {/if}
-    <li>
-      <a href="index.php?filter={$filter|escape:url}&amp;marker={$marker|escape:url}&amp;search={$search|escape:url}&amp;org={$org|escape:url}&amp;export=csv"
-         class="ed_csvexport">{$lang.csvexport}</a>
-    </li>
-  {/if}
+      {/if}
  
-  {if $user} <!-- import -->
-    <li>
-      <a href="import.php" class="ed_vcfimport">{$lang.vcfimport}</a>
-    </li>
    {/if}
  
-
    <!-- help -->
    <li class="right">
      <a href="help.php" class="ed_help">{$lang.help}</a>
author	Andreas Gohr <gohr@cosmocode.de>
	Wed, 5 Dec 2007 10:22:21 +0000 (11:22 +0100)
committer	Andreas Gohr <gohr@cosmocode.de>
	Wed, 5 Dec 2007 10:22:21 +0000 (11:22 +0100)
ajax.php		patch \| blob \| history
entry.php		patch \| blob \| history
img.php		patch \| blob \| history
import.php		patch \| blob \| history
index.php		patch \| blob \| history
orgs.php		patch \| blob \| history
tags.php		patch \| blob \| history
templates/toolbar.tpl		patch \| blob \| history