From c3145c5e6e77a5cfcb077bba96e375893ad5d272 Mon Sep 17 00:00:00 2001 From: Andre Lorbach Date: Mon, 22 Feb 2010 15:26:10 +0100 Subject: [PATCH] Added Check for Readonly Flag in all Admin panels --- src/admin/charts.php | 17 ++++++++++++++++- src/admin/groups.php | 19 ++++++++++++++++++- src/admin/index.php | 15 +++++++++++++++ src/admin/parsers.php | 19 +++++++++++++++++-- src/admin/reports.php | 19 ++++++++++++++++++- src/admin/searches.php | 16 ++++++++++++++++ src/admin/sources.php | 18 +++++++++++++++++- src/admin/users.php | 25 ++++++++++++++++++++++++- src/admin/views.php | 16 ++++++++++++++++ src/include/functions_users.php | 7 +++++++ src/lang/de/admin.php | 1 + src/lang/en/admin.php | 2 +- src/lang/it_IT/admin.php | 1 + src/lang/pt_BR/admin.php | 1 + 14 files changed, 168 insertions(+), 8 deletions(-) diff --git a/src/admin/charts.php b/src/admin/charts.php index 1900070..a04c407 100644 --- a/src/admin/charts.php +++ b/src/admin/charts.php @@ -52,8 +52,23 @@ InitFilterHelpers(); // Helpers for frontend filtering! IncludeLanguageFile( $gl_root_path . '/lang/' . $LANG . '/admin.php' ); // --- -// --- BEGIN Custom Code +// --- Deny if User is READONLY! +if ( !isset($_SESSION['SESSION_ISREADONLY']) || $_SESSION['SESSION_ISREADONLY'] == 1 ) +{ + if ( isset($_POST['op']) || + ( + isset($_GET['op']) && + ( + $_GET['op'] == "add" || + $_GET['op'] == "delete" + ) + ) + ) + DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_READONLY'] ); +} +// --- +// --- BEGIN Custom Code if ( isset($_GET['op']) ) { if ($_GET['op'] == "add") diff --git a/src/admin/groups.php b/src/admin/groups.php index 7a011e1..d668450 100644 --- a/src/admin/groups.php +++ b/src/admin/groups.php @@ -52,8 +52,25 @@ InitFilterHelpers(); // Helpers for frontend filtering! IncludeLanguageFile( $gl_root_path . '/lang/' . $LANG . '/admin.php' ); // --- -// --- BEGIN Custom Code +// --- Deny if User is READONLY! +if ( !isset($_SESSION['SESSION_ISREADONLY']) || $_SESSION['SESSION_ISREADONLY'] == 1 ) +{ + if ( isset($_POST['op']) || + ( + isset($_GET['op']) && + ( + $_GET['op'] == "add" || + $_GET['op'] == "delete" || + $_GET['op'] == "adduser" || + $_GET['op'] == "removeuser" + ) + ) + ) + DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_READONLY'] ); +} +// --- +// --- BEGIN Custom Code // Only if the user is an admin! if ( !isset($_SESSION['SESSION_ISADMIN']) || $_SESSION['SESSION_ISADMIN'] == 0 ) DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_NOTALLOWED'] ); diff --git a/src/admin/index.php b/src/admin/index.php index bc89371..c2154ad 100644 --- a/src/admin/index.php +++ b/src/admin/index.php @@ -55,6 +55,21 @@ InitFilterHelpers(); // Helpers for frontend filtering! // Init admin langauge file now! IncludeLanguageFile( $gl_root_path . '/lang/' . $LANG . '/admin.php' ); +// --- Deny if User is READONLY! +if ( !isset($_SESSION['SESSION_ISREADONLY']) || $_SESSION['SESSION_ISREADONLY'] == 1 ) +{ + if ( isset($_POST['op']) || + ( + isset($_GET['op']) && + ( + $_GET['op'] == "enableuserops" + ) + ) + ) + DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_READONLY'] ); +} +// --- + // --- BEGIN Custom Code if ( isset($_SESSION['SESSION_ISADMIN']) && $_SESSION['SESSION_ISADMIN'] == 1 ) { diff --git a/src/admin/parsers.php b/src/admin/parsers.php index 6fd35c3..c7f0bda 100644 --- a/src/admin/parsers.php +++ b/src/admin/parsers.php @@ -52,9 +52,24 @@ InitFilterHelpers(); // Helpers for frontend filtering! IncludeLanguageFile( $gl_root_path . '/lang/' . $LANG . '/admin.php' ); // --- -// --- BEGIN Custom Code +// --- Deny if User is READONLY! +if ( !isset($_SESSION['SESSION_ISREADONLY']) || $_SESSION['SESSION_ISREADONLY'] == 1 ) +{ + if ( isset($_POST['op']) || + ( + isset($_GET['op']) && + ( + $_GET['op'] == "initparser" || + $_GET['op'] == "removeparser" + ) + ) + ) + DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_READONLY'] ); +} +// --- -// Firts of all init List of Parsers! +// --- BEGIN Custom Code +// First of all init List of Parsers! InitMessageParsers(); if ( isset($_GET['op']) ) diff --git a/src/admin/reports.php b/src/admin/reports.php index 9d3723c..9281185 100644 --- a/src/admin/reports.php +++ b/src/admin/reports.php @@ -52,8 +52,25 @@ InitFilterHelpers(); // Helpers for frontend filtering! IncludeLanguageFile( $gl_root_path . '/lang/' . $LANG . '/admin.php' ); // --- -// --- BEGIN Custom Code +// --- Deny if User is READONLY! +if ( !isset($_SESSION['SESSION_ISREADONLY']) || $_SESSION['SESSION_ISREADONLY'] == 1 ) +{ + if ( isset($_POST['op']) || + ( + isset($_GET['op']) && + ( + $_GET['op'] == "initreport" || + $_GET['op'] == "removereport" || + $_GET['op'] == "addsavedreport" || + $_GET['op'] == "removesavedreport" + ) + ) + ) + DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_READONLY'] ); +} +// --- +// --- BEGIN Custom Code // Hardcoded settings define('URL_ONLINEREPORTS', 'http://tools.adiscon.net/listreports.php'); $content['OPTIONAL_TITLE'] = ""; diff --git a/src/admin/searches.php b/src/admin/searches.php index 4dec952..ec5b350 100644 --- a/src/admin/searches.php +++ b/src/admin/searches.php @@ -52,6 +52,22 @@ InitFilterHelpers(); // Helpers for frontend filtering! IncludeLanguageFile( $gl_root_path . '/lang/' . $LANG . '/admin.php' ); // --- +// --- Deny if User is READONLY! +if ( !isset($_SESSION['SESSION_ISREADONLY']) || $_SESSION['SESSION_ISREADONLY'] == 1 ) +{ + if ( isset($_POST['op']) || + ( + isset($_GET['op']) && + ( + $_GET['op'] == "add" || + $_GET['op'] == "delete" + ) + ) + ) + DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_READONLY'] ); +} +// --- + // --- BEGIN Custom Code if ( isset($_GET['op']) ) { diff --git a/src/admin/sources.php b/src/admin/sources.php index b761f4c..6ecfbbf 100644 --- a/src/admin/sources.php +++ b/src/admin/sources.php @@ -52,8 +52,24 @@ InitFilterHelpers(); // Helpers for frontend filtering! IncludeLanguageFile( $gl_root_path . '/lang/' . $LANG . '/admin.php' ); // --- -// --- BEGIN Custom Code +// --- Deny if User is READONLY! +if ( !isset($_SESSION['SESSION_ISREADONLY']) || $_SESSION['SESSION_ISREADONLY'] == 1 ) +{ + if ( isset($_POST['op']) || + ( + isset($_GET['op']) && + ( + $_GET['op'] == "add" || + $_GET['op'] == "delete" || + $_GET['op'] == "cleardata" + ) + ) + ) + DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_READONLY'] ); +} +// --- +// --- BEGIN Custom Code if ( isset($_GET['op']) ) { if ($_GET['op'] == "add") diff --git a/src/admin/users.php b/src/admin/users.php index 0ff6b36..b1eb2b9 100644 --- a/src/admin/users.php +++ b/src/admin/users.php @@ -52,8 +52,31 @@ InitFilterHelpers(); // Helpers for frontend filtering! IncludeLanguageFile( $gl_root_path . '/lang/' . $LANG . '/admin.php' ); // --- -// --- BEGIN Custom Code +// --- Deny if User is READONLY! +if ( !isset($_SESSION['SESSION_ISREADONLY']) || $_SESSION['SESSION_ISREADONLY'] == 1 ) +{ + if ( isset($_POST['op']) || + ( + ( isset($_GET['op']) && + ( + $_GET['op'] == "add" || + $_GET['op'] == "delete" + ) + ) + || + ( isset($_GET['miniop']) && + ( + $_GET['miniop'] == "setisadmin" || + $_GET['miniop'] == "setisreadonly" + ) + ) + ) + ) + DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_READONLY'] ); +} +// --- +// --- BEGIN Custom Code // Only if the user is an admin! if ( !isset($_SESSION['SESSION_ISADMIN']) || $_SESSION['SESSION_ISADMIN'] == 0 ) DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_NOTALLOWED'] ); diff --git a/src/admin/views.php b/src/admin/views.php index 8b0de1f..11cd905 100644 --- a/src/admin/views.php +++ b/src/admin/views.php @@ -52,6 +52,22 @@ InitFilterHelpers(); // Helpers for frontend filtering! IncludeLanguageFile( $gl_root_path . '/lang/' . $LANG . '/admin.php' ); // --- +// --- Deny if User is READONLY! +if ( !isset($_SESSION['SESSION_ISREADONLY']) || $_SESSION['SESSION_ISREADONLY'] == 1 ) +{ + if ( isset($_POST['op']) || + ( + isset($_GET['op']) && + ( + $_GET['op'] == "add" || + $_GET['op'] == "delete" + ) + ) + ) + DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_READONLY'] ); +} +// --- + // --- BEGIN Custom Code // Only if the user is an admin! diff --git a/src/include/functions_users.php b/src/include/functions_users.php index dfcf5ac..712a6fd 100644 --- a/src/include/functions_users.php +++ b/src/include/functions_users.php @@ -75,6 +75,7 @@ function InitUserSession() $content['SESSION_USERNAME'] = $_SESSION['SESSION_USERNAME']; $content['SESSION_USERID'] = $_SESSION['SESSION_USERID']; $content['SESSION_ISADMIN'] = $_SESSION['SESSION_ISADMIN']; + $content['SESSION_ISREADONLY'] = $_SESSION['SESSION_ISREADONLY']; if ( isset($_SESSION['SESSION_GROUPIDS']) ) $content['SESSION_GROUPIDS'] = $_SESSION['SESSION_GROUPIDS']; @@ -170,11 +171,17 @@ function CheckUserLogin( $username, $password ) $_SESSION['SESSION_USERNAME'] = $username; $_SESSION['SESSION_USERID'] = $myrow['ID']; $_SESSION['SESSION_ISADMIN'] = $myrow['is_admin']; + // Check Readonly setting + if ( $content['database_installedversion'] > 8 ) + $_SESSION['SESSION_ISREADONLY'] = $myrow['is_readonly']; + else + $_SESSION['SESSION_ISREADONLY'] = false; $content['SESSION_LOGGEDIN'] = $_SESSION['SESSION_LOGGEDIN']; $content['SESSION_USERNAME'] = $_SESSION['SESSION_USERNAME']; $content['SESSION_USERID'] = $_SESSION['SESSION_USERID']; $content['SESSION_ISADMIN'] = $_SESSION['SESSION_ISADMIN']; + $content['SESSION_ISREADONLY'] = $_SESSION['SESSION_ISREADONLY']; // --- Read Groupmember ship for the user! $sqlquery = "SELECT " . diff --git a/src/lang/de/admin.php b/src/lang/de/admin.php index 7b4e0fd..0039c84 100644 --- a/src/lang/de/admin.php +++ b/src/lang/de/admin.php @@ -103,6 +103,7 @@ $content['LN_GEN_INJECTHTMLHEADER'] = "Voranstellen von HTML Code in <head> $content['LN_GEN_INJECTBODYHEADER'] = "Voranstellen von HTML Code am Anfang des <body> Bereichs."; $content['LN_GEN_INJECTBODYFOOTER'] = "Voranstellen von HTML Code Am Ende des <body> Bereichs."; $content['LN_ADMIN_PHPLOGCON_LOGOURL'] = "Optionale LogAnalyzer-Logo-URL. Bitte für das Standard-Logo leer lassen."; +$content['LN_ADMIN_ERROR_READONLY'] = "This is a READONLY User, you are not allowed to perform any change operations."; // User Center $content['LN_USER_CENTER'] = "Benutzer Optionen"; diff --git a/src/lang/en/admin.php b/src/lang/en/admin.php index 5c2f522..695ed24 100644 --- a/src/lang/en/admin.php +++ b/src/lang/en/admin.php @@ -105,6 +105,7 @@ $content['LN_GEN_INJECTHTMLHEADER'] = "Inject this html code into the <head&g $content['LN_GEN_INJECTBODYHEADER'] = "Inject this html code at the beginning of the <body> area."; $content['LN_GEN_INJECTBODYFOOTER'] = "Inject this html code at the end <body> area."; $content['LN_ADMIN_PHPLOGCON_LOGOURL'] = "Optional LogAnalyzer Logo URL. Leave empty to use the default one."; +$content['LN_ADMIN_ERROR_READONLY'] = "This is a READONLY User, you are not allowed to perform any change operations."; // User Center $content['LN_USER_CENTER'] = "User Options"; @@ -134,7 +135,6 @@ $content['LN_USER_ERROR_SETTINGFLAG'] = "Error setting flag, invalid ID or User $content['LN_USER_WARNRADYONLYADMIN'] = "You are about to set your account to readonly! This will prevent you from changing any settings! Are you sure that you want to proceed?"; $content['LN_USER_ISREADONLY'] = "Readonly User?"; $content['LN_USER_'] = ""; -$content['LN_USER_'] = ""; // Group center $content['LN_GROUP_CENTER'] = "Group Center"; diff --git a/src/lang/it_IT/admin.php b/src/lang/it_IT/admin.php index e1b7a92..f742402 100644 --- a/src/lang/it_IT/admin.php +++ b/src/lang/it_IT/admin.php @@ -105,6 +105,7 @@ $content['LN_GEN_INJECTHTMLHEADER'] = "Inject this html code into the <head&g $content['LN_GEN_INJECTBODYHEADER'] = "Inject this html code at the beginning of the <body> area."; $content['LN_GEN_INJECTBODYFOOTER'] = "Inject this html code at the end <body> area."; $content['LN_ADMIN_PHPLOGCON_LOGOURL'] = "Optional LogAnalyzer Logo URL. Leave empty to use the default one."; +$content['LN_ADMIN_ERROR_READONLY'] = "This is a READONLY User, you are not allowed to perform any change operations."; // User Center $content['LN_USER_CENTER'] = "User Options"; diff --git a/src/lang/pt_BR/admin.php b/src/lang/pt_BR/admin.php index 750c295..14f027e 100644 --- a/src/lang/pt_BR/admin.php +++ b/src/lang/pt_BR/admin.php @@ -103,6 +103,7 @@ $content['LN_GEN_INJECTHTMLHEADER'] = "Inject this html code into the <head&g $content['LN_GEN_INJECTBODYHEADER'] = "Inject this html code at the beginning of the <body> area."; $content['LN_GEN_INJECTBODYFOOTER'] = "Inject this html code at the end <body> area."; $content['LN_ADMIN_PHPLOGCON_LOGOURL'] = "Optional LogAnalyzer Logo URL. Leave empty to use the default one."; +$content['LN_ADMIN_ERROR_READONLY'] = "This is a READONLY User, you are not allowed to perform any change operations."; // User Center $content['LN_USER_CENTER'] = "User Options";