[stkaddons] Rewrote "access denied" page to be less annoying to code …

…around
kimden · Sep 26, 2012 · 67bbad8 · 67bbad8
1 parent 7ab29a7
commit 67bbad8
Show file tree

Hide file tree

Showing 27 changed files with 174 additions and 117 deletions.
diff --git a/about.php b/about.php
@@ -28,7 +28,6 @@
 ***************************************************************************/
 
 define('ROOT','./');
-$security ="";
 include('include.php');
 
 Template::setFile('about.tpl');

diff --git a/addons-panel.php b/addons-panel.php
@@ -25,8 +25,7 @@
 Description: page who is called in ajax and who give kart and track informations
 
 ***************************************************************************/
-if (!isset($security))
-    $security ="";
+
 if (!defined('ROOT'))
     define('ROOT','./');
 include_once('include.php');

diff --git a/addons.php b/addons.php
@@ -26,7 +26,7 @@
 Description: index page
 
 ***************************************************************************/
-$security ="";
+
 define('ROOT','./');
 include("include.php");
 $_GET['type'] = (isset($_GET['type'])) ? $_GET['type'] : NULL;

diff --git a/cron/daily.php b/cron/daily.php
@@ -20,7 +20,6 @@
 
 define('ROOT','../');
 define('CRON',1);
-$security = '';
 require (ROOT.'include.php');
 
 File::deleteQueuedFiles();

diff --git a/cron/weekly.php b/cron/weekly.php
@@ -19,7 +19,6 @@
  */
 
 define('ROOT','./web/');
-$security = '';
 require (ROOT.'include.php');
 
 log_email();

diff --git a/error.php b/error.php
@@ -34,7 +34,6 @@
 }
 
 define('ROOT','./');
-$security ="";
 require('include.php');
 include('include/top.php');
 echo '</head><body>';

diff --git a/generate_xml.php b/generate_xml.php
@@ -19,7 +19,6 @@
  */
 
 define('ROOT','./');
-$security = '';
 include_once('include.php');
 
 $xml = writeNewsXML();

diff --git a/image.php b/image.php
@@ -17,7 +17,6 @@
  stkaddons.  If not, see <http://www.gnu.org/licenses/>.   */
 
 define('ROOT','./');
-$security='';
 include('include.php');
 resizeImage($_GET['pic']);
 

diff --git a/include.php b/include.php
@@ -19,25 +19,25 @@
  */
 
 require(ROOT.'config.php');
+require_once(ROOT.'include/AccessControl.class.php');
 require_once(ROOT.'include/Template.class.php');
 require(ROOT.'include/Constants.php');
 require(ROOT.'include/exceptions.php');
 require(ROOT.'include/Log.class.php');
 require(ROOT.'include/Cache.class.php');
 require(ROOT.'include/ConfigManager.php');
 require(ROOT.'include/Validate.class.php');
-require(ROOT.'include/File.class.php');
+require_once(ROOT.'include/File.class.php');
 require(ROOT.'include/SImage.class.php');
 require(ROOT.'include/SMail.class.php');
 require(ROOT.'include/News.class.php');
 require(ROOT.'include/PanelInterface.class.php');
 require(ROOT.'include/Addon.class.php');
 require(ROOT.'include/AddonViewer.class.php');
 require(ROOT.'include/locale.php');
-require(ROOT.'include/sql.php');
-require(ROOT.'include/User.class.php');
+require_once(ROOT.'include/sql.php');
+require_once(ROOT.'include/User.class.php');
 require(ROOT.'include/Ratings.class.php');
-require(ROOT.'include/security.php');
 require(ROOT.'include/coreUser.php');
 require(ROOT.'include/image.php');
 require(ROOT.'include/statistics.php');

diff --git a/include/AccessControl.class.php b/include/AccessControl.class.php
@@ -0,0 +1,101 @@
+<?php
+/**
+ * copyright 2012 Stephen Just <[email protected]>
+ *
+ * This file is part of stkaddons
+ *
+ * stkaddons is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * stkaddons is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with stkaddons.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+require_once(ROOT.'include/sql.php');
+require_once(ROOT.'include/File.class.php');
+require_once(ROOT.'include/User.class.php');
+
+class AccessControl {
+    // Define permission levels
+    private static $permissions = array(
+	'basicUser' => array(
+	    'basicPage' => true,
+            'addAddon' => true,
+            'manageaddons' => false,
+            'managebasicUsers' => false,
+            'managemoderators' => false,
+            'manageadministrators' => false,
+            'manageroots' => false,
+            'managesettings' => false
+	),
+	'moderator' => array(
+	    'basicPage' => true,
+            'addAddon' => true,
+            'manageaddons' => true,
+            'managebasicUsers' => true,
+            'managemoderators' => false,
+            'manageadministrators' => false,
+            'manageroots' => false,
+            'managesettings' => false
+	),
+	'administrator' => array(
+	    'basicPage' => true,
+            'addAddon' => true,
+            'manageaddons' => true,
+            'managebasicUsers' => true,
+            'managemoderators' => true,
+            'manageadministrators' => false,
+            'manageroots' => false,
+            'managesettings' => true
+	),
+	'root' => array(
+	    'basicPage' => true,
+            'addAddon' => true,
+            'manageaddons' => true,
+            'managebasicUsers' => true,
+            'managemoderators' => true,
+            'manageadministrators' => true,
+            'manageroots' => true,
+            'managesettings' => true
+	)
+    );
+
+    public static function setLevel($accessLevel) {
+	$role = User::getRole();
+	if (is_null($accessLevel)) return true;
+
+	$allow = false;
+	if ($role == 'unregistered' && $accessLevel == NULL) {
+	    $allow = true;
+	} elseif ($role == 'unregistered') {
+	    $allow = false;
+	} else
+	    $allow = AccessControl::$permissions[$role][$accessLevel];
+
+	if ($allow === false)
+	    AccessControl::showAccessDeniedPage();
+    }
+
+    public static function showAccessDeniedPage() {
+	header('HTTP/1.0 401 Unauthorized');
+	Template::setFile('access-denied.tpl');
+	$fields = array(
+	    'ad_reason' => htmlspecialchars(_('You do not have permission to access this page.')),
+	    'ad_action' => htmlspecialchars(_('You will be redirected to the home page.')),
+	    'ad_redirect_url' => File::rewrite('index.php')
+	);
+
+	Template::assignments($fields);
+	Template::display();
+
+	exit;
+    }
+}
+?>
diff --git a/include/File.class.php b/include/File.class.php
@@ -701,4 +701,15 @@ public static function link($href, $label) {
     }
 }
 
+function cryptUrl($nbr)
+{
+    $str = "";
+    $chaine = "abcdefghijklmnpqrstuvwxy";
+    srand((double)microtime()*1000000);
+    for($i=0; $i<$nbr; $i++)
+    {
+        $str .= $chaine[rand()%strlen($chaine)];
+    }
+    return $str;
+}
 ?>
diff --git a/include/User.class.php b/include/User.class.php
@@ -263,6 +263,25 @@ public static function register($username, $password, $password_conf, $email, $n
 	}
 	Log::newEvent("Registration submitted for user '$username'");
     }
+
+    /**
+     * Get the role of the current user
+     * @return string Role identifier
+     */
+    public static function getRole() {
+	if (!User::$logged_in) {
+	    return 'unregistered';
+	} else {
+	    $query = 'SELECT `role`
+		FROM `'.DB_PREFIX.'users`
+		WHERE `user` = \''.mysql_real_escape_string($_SESSION['user']).'\'';
+	    $handle = sql_query($query);
+	    if (!$handle) return 'unregistered';
+
+	    $result = mysql_fetch_array($handle);
+	    return $result[0];
+	}
+    }
 }
 User::init();
 

diff --git a/include/addRating.php b/include/addRating.php
@@ -20,8 +20,9 @@
 
 session_start();
 define('ROOT','../');
-$security = "";
 include_once('../include.php');
+AccessControl::setLevel('basicPage');
+
 if (!isset($_GET['addonId']))
     die('No addon.');
 if (!User::$logged_in)

diff --git a/include/security.php b/include/security.php
diff --git a/index.php b/index.php
@@ -27,8 +27,8 @@
 
 ***************************************************************************/
 define('ROOT','./');
-$security ="";
 require('include.php');
+AccessControl::setLevel(NULL);
 
 Template::setFile('index.tpl');
 // I18N: Website meta description

diff --git a/login.php b/login.php
@@ -27,7 +27,6 @@
 
 ***************************************************************************/
 define('ROOT','./');
-$security = "";
 include(ROOT.'include.php');
 
 // define possibly undefined variables

diff --git a/manage-panel.php b/manage-panel.php
@@ -20,9 +20,8 @@
 
 if (!defined('ROOT'))
     define('ROOT','./');
-if (!isset($security))
-    $security = 'manageaddons';
 require_once('include.php');
+AccessControl::setLevel('manageaddons');
 
 if (!isset($_GET['action'])) $_GET['action'] = NULL;
 

diff --git a/manage.php b/manage.php
@@ -19,8 +19,8 @@
  */
 
 define('ROOT','./');
-$security = 'manageaddons';
 require('include.php');
+AccessControl::setLevel('manageaddons');
 
 $title = htmlspecialchars(_('STK Add-ons').' | '._('Manage'));
 

diff --git a/password-reset.php b/password-reset.php
@@ -20,7 +20,6 @@
  */
 
 define('ROOT','./');
-$security ="";
 include('include.php');
 
 Template::setFile('password-reset.tpl');

diff --git a/register.php b/register.php
@@ -20,7 +20,6 @@
  */
 
 define('ROOT','./');
-$security ="";
 include('include.php');
 $title = htmlspecialchars(_('STK Add-ons').' | '._('Register'));
 include(ROOT.'include/top.php');