From 957e03f1c6791f6275ecfdc5e954c673c930844e Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Wed, 5 Dec 2007 11:22:21 +0100 Subject: [PATCH] better enforcement of the userlogreq option darcs-hash:20071205102221-6e07b-344b2e45464c03670e7d745b02f2bdb18de76fd6.gz --- ajax.php | 7 +++ entry.php | 5 ++ img.php | 8 +++ import.php | 2 +- index.php | 5 +- orgs.php | 5 ++ tags.php | 5 ++ templates/toolbar.tpl | 126 +++++++++++++++++++++--------------------- 8 files changed, 98 insertions(+), 65 deletions(-) diff --git a/ajax.php b/ajax.php index d6bd6ae..2ccb52f 100644 --- a/ajax.php +++ b/ajax.php @@ -2,6 +2,13 @@ require_once('inc/init.php'); ldap_login(); +if ($conf['userlogreq'] && $user == ''){ + header("HTTP/1.1 401 Access Denied"); + echo '

Access Denied

'; + exit(); +} + + $FIELD = preg_replace('/entry\[/','',$_REQUEST['field']); $FIELD = preg_replace('/\W+/','',$FIELD); diff --git a/entry.php b/entry.php index b79bc69..bb207ce 100644 --- a/entry.php +++ b/entry.php @@ -2,6 +2,11 @@ require_once('inc/init.php'); ldap_login(); +if ($conf['userlogreq'] && $user == ''){ + header('Location: login.php'); + exit(); +} + $users = get_users(); //select template to use diff --git a/img.php b/img.php index 3cdd23d..cb405cd 100644 --- a/img.php +++ b/img.php @@ -2,10 +2,18 @@ require_once('inc/init.php'); ldap_login(); +if ($conf['userlogreq'] && $user == ''){ + header("HTTP/1.0 401 Access Denied"); + echo '

Access Denied

'; + exit(); +} + $dn = $_REQUEST['dn']; $sr = ldap_search($LDAP_CON,$dn,'(objectClass=inetOrgPerson)',array($FIELDS['photo'])); if(!ldap_count_entries($LDAP_CON,$sr)){ + header("HTTP/1.0 404 Not Found"); + echo '

Not Found

'; exit; } $result = ldap_get_binentries($LDAP_CON, $sr); diff --git a/import.php b/import.php index 5521b4a..96579ef 100644 --- a/import.php +++ b/import.php @@ -3,7 +3,7 @@ require_once('inc/init.php'); require_once('inc/Contact_Vcard_Parse.php'); ldap_login(); -if(! $_SESSION['ldapab']['username'] ){ +if(!$user){ header("Location: login.php"); exit; } diff --git a/index.php b/index.php index e41237a..7fcf106 100644 --- a/index.php +++ b/index.php @@ -48,8 +48,9 @@ $smarty->assign('org',$_REQUEST['org']); //display templates if(!empty($_REQUEST['export'])){ - if ($conf['userlogreq'] == 1 && $user == ''){ - header("HTTP/1.1 401 ACCESS DENIED"); + if ($conf['userlogreq'] && $user == ''){ + header("HTTP/1.1 401 Access Denied"); + echo '

Access Denied

'; exit(); } diff --git a/orgs.php b/orgs.php index 7f256b8..f6ce288 100644 --- a/orgs.php +++ b/orgs.php @@ -2,6 +2,11 @@ require_once('inc/init.php'); ldap_login(); + if ($conf['userlogreq'] && $user == ''){ + header('Location: login.php'); + exit(); + } + //prepare templates tpl_std(); tpl_orgs(); diff --git a/tags.php b/tags.php index 3b06df6..b81e50e 100644 --- a/tags.php +++ b/tags.php @@ -2,6 +2,11 @@ require_once('inc/init.php'); ldap_login(); + if ($conf['userlogreq'] && $user == ''){ + header('Location: login.php'); + exit(); + } + //prepare templates tpl_std(); $smarty->assign('tagcloud',tag_cloud()); diff --git a/templates/toolbar.tpl b/templates/toolbar.tpl index a44c5e1..014348d 100644 --- a/templates/toolbar.tpl +++ b/templates/toolbar.tpl @@ -1,83 +1,85 @@