Added Check for Readonly Flag in all Admin panels

2025-09-25 18:59:12 +02:00 · 2010-02-22 15:26:10 +01:00 · 2010-02-22 15:26:10 +01:00 · c3145c5e6e
commit c3145c5e6e
parent a03bbb9236
14 changed files with 168 additions and 8 deletions
--- a/src/admin/charts.php
+++ b/src/admin/charts.php
@ -52,8 +52,23 @@ InitFilterHelpers();	// Helpers for frontend filtering!
 IncludeLanguageFile( $gl_root_path . '/lang/' . $LANG . '/admin.php' );
 // --- 
-// --- BEGIN Custom Code
+// --- Deny if User is READONLY!
 if ( !isset($_SESSION['SESSION_ISREADONLY']) || $_SESSION['SESSION_ISREADONLY'] == 1 )
 {
 	if (	isset($_POST['op']) ||
 			(
 				isset($_GET['op']) && 
 				(
 					$_GET['op'] == "add" || 
 					$_GET['op'] == "delete" 
 				)
 			)	
 		)
 		DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_READONLY'] );
 }
 // --- 
 // --- BEGIN Custom Code
 if ( isset($_GET['op']) )
 {
 	if ($_GET['op'] == "add") 
--- a/src/admin/groups.php
+++ b/src/admin/groups.php
@ -52,8 +52,25 @@ InitFilterHelpers();	// Helpers for frontend filtering!
 IncludeLanguageFile( $gl_root_path . '/lang/' . $LANG . '/admin.php' );
 // --- 
-// --- BEGIN Custom Code
+// --- Deny if User is READONLY!
 if ( !isset($_SESSION['SESSION_ISREADONLY']) || $_SESSION['SESSION_ISREADONLY'] == 1 )
 {
 	if (	isset($_POST['op']) ||
 			(
 				isset($_GET['op']) && 
 				(
 					$_GET['op'] == "add" || 
 					$_GET['op'] == "delete" || 
 					$_GET['op'] == "adduser" ||
 					$_GET['op'] == "removeuser"
 				)
 			)	
 		)
 		DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_READONLY'] );
 }
 // --- 
 // --- BEGIN Custom Code
 // Only if the user is an admin!
 if ( !isset($_SESSION['SESSION_ISADMIN']) || $_SESSION['SESSION_ISADMIN'] == 0 ) 
 	DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_NOTALLOWED'] );
--- a/src/admin/index.php
+++ b/src/admin/index.php
@ -55,6 +55,21 @@ InitFilterHelpers();	// Helpers for frontend filtering!
 // Init admin langauge file now!
 IncludeLanguageFile( $gl_root_path . '/lang/' . $LANG . '/admin.php' );
 // --- Deny if User is READONLY!
 if ( !isset($_SESSION['SESSION_ISREADONLY']) || $_SESSION['SESSION_ISREADONLY'] == 1 )
 {
 	if (	isset($_POST['op']) ||
 			(
 				isset($_GET['op']) && 
 				(
 					$_GET['op'] == "enableuserops"
 				)
 			)	
 		)
 		DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_READONLY'] );
 }
 // --- 
 // --- BEGIN Custom Code
 if ( isset($_SESSION['SESSION_ISADMIN']) && $_SESSION['SESSION_ISADMIN'] == 1 ) 
 {
--- a/src/admin/parsers.php
+++ b/src/admin/parsers.php
@ -52,9 +52,24 @@ InitFilterHelpers();	// Helpers for frontend filtering!
 IncludeLanguageFile( $gl_root_path . '/lang/' . $LANG . '/admin.php' );
 // --- 
-// --- BEGIN Custom Code
+// --- Deny if User is READONLY!
 if ( !isset($_SESSION['SESSION_ISREADONLY']) || $_SESSION['SESSION_ISREADONLY'] == 1 )
 {
 	if (	isset($_POST['op']) ||
 			(
 				isset($_GET['op']) && 
 				(
 					$_GET['op'] == "initparser" || 
 					$_GET['op'] == "removeparser" 
 				)
 			)	
 		)
 		DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_READONLY'] );
 }
 // --- 
-// Firts of all init List of Parsers!
+// --- BEGIN Custom Code
 // First of all init List of Parsers!
 InitMessageParsers();
 if ( isset($_GET['op']) )
--- a/src/admin/reports.php
+++ b/src/admin/reports.php
@ -52,8 +52,25 @@ InitFilterHelpers();	// Helpers for frontend filtering!
 IncludeLanguageFile( $gl_root_path . '/lang/' . $LANG . '/admin.php' );
 // --- 
-// --- BEGIN Custom Code
+// --- Deny if User is READONLY!
 if ( !isset($_SESSION['SESSION_ISREADONLY']) || $_SESSION['SESSION_ISREADONLY'] == 1 )
 {
 	if (	isset($_POST['op']) ||
 			(
 				isset($_GET['op']) && 
 				(
 					$_GET['op'] == "initreport" || 
 					$_GET['op'] == "removereport" ||
 					$_GET['op'] == "addsavedreport" ||
 					$_GET['op'] == "removesavedreport"
 				)
 			)	
 		)
 		DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_READONLY'] );
 }
 // --- 
 // --- BEGIN Custom Code
 // Hardcoded settings
 define('URL_ONLINEREPORTS', 'http://tools.adiscon.net/listreports.php');
 $content['OPTIONAL_TITLE'] = "";
--- a/src/admin/searches.php
+++ b/src/admin/searches.php
@ -52,6 +52,22 @@ InitFilterHelpers();	// Helpers for frontend filtering!
 IncludeLanguageFile( $gl_root_path . '/lang/' . $LANG . '/admin.php' );
 // --- 
 // --- Deny if User is READONLY!
 if ( !isset($_SESSION['SESSION_ISREADONLY']) || $_SESSION['SESSION_ISREADONLY'] == 1 )
 {
 	if (	isset($_POST['op']) ||
 			(
 				isset($_GET['op']) && 
 				(
 					$_GET['op'] == "add" || 
 					$_GET['op'] == "delete" 
 				)
 			)	
 		)
 		DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_READONLY'] );
 }
 // --- 
 // --- BEGIN Custom Code
 if ( isset($_GET['op']) )
 {
--- a/src/admin/sources.php
+++ b/src/admin/sources.php
@ -52,8 +52,24 @@ InitFilterHelpers();	// Helpers for frontend filtering!
 IncludeLanguageFile( $gl_root_path . '/lang/' . $LANG . '/admin.php' );
 // --- 
-// --- BEGIN Custom Code
+// --- Deny if User is READONLY!
 if ( !isset($_SESSION['SESSION_ISREADONLY']) || $_SESSION['SESSION_ISREADONLY'] == 1 )
 {
 	if (	isset($_POST['op']) ||
 			(
 				isset($_GET['op']) && 
 				(
 					$_GET['op'] == "add" || 
 					$_GET['op'] == "delete" || 
 					$_GET['op'] == "cleardata"
 				)
 			)	
 		)
 		DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_READONLY'] );
 }
 // --- 
 // --- BEGIN Custom Code
 if ( isset($_GET['op']) )
 {
 	if ($_GET['op'] == "add") 
--- a/src/admin/users.php
+++ b/src/admin/users.php
@ -52,8 +52,31 @@ InitFilterHelpers();	// Helpers for frontend filtering!
 IncludeLanguageFile( $gl_root_path . '/lang/' . $LANG . '/admin.php' );
 // --- 
-// --- BEGIN Custom Code
+// --- Deny if User is READONLY!
 if ( !isset($_SESSION['SESSION_ISREADONLY']) || $_SESSION['SESSION_ISREADONLY'] == 1 )
 {
 	if (	isset($_POST['op']) ||
 			(
 				(	isset($_GET['op']) && 
 					(
 						$_GET['op'] == "add" || 
 						$_GET['op'] == "delete" 
 					)
 				)	
 				||
 				(	isset($_GET['miniop']) && 
 					(
 						$_GET['miniop'] == "setisadmin" ||
 						$_GET['miniop'] == "setisreadonly"
 					)
 				)
 			)	
 		)
 		DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_READONLY'] );
 }
 // --- 
 // --- BEGIN Custom Code
 // Only if the user is an admin!
 if ( !isset($_SESSION['SESSION_ISADMIN']) || $_SESSION['SESSION_ISADMIN'] == 0 ) 
 	DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_NOTALLOWED'] );
--- a/src/admin/views.php
+++ b/src/admin/views.php
@ -52,6 +52,22 @@ InitFilterHelpers();	// Helpers for frontend filtering!
 IncludeLanguageFile( $gl_root_path . '/lang/' . $LANG . '/admin.php' );
 // --- 
 // --- Deny if User is READONLY!
 if ( !isset($_SESSION['SESSION_ISREADONLY']) || $_SESSION['SESSION_ISREADONLY'] == 1 )
 {
 	if (	isset($_POST['op']) ||
 			(
 				isset($_GET['op']) && 
 				(
 					$_GET['op'] == "add" || 
 					$_GET['op'] == "delete" 
 				)
 			)	
 		)
 		DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_READONLY'] );
 }
 // --- 
 // --- BEGIN Custom Code
 // Only if the user is an admin!
--- a/src/include/functions_users.php
+++ b/src/include/functions_users.php
@ -75,6 +75,7 @@ function InitUserSession()
 			$content['SESSION_USERNAME'] = $_SESSION['SESSION_USERNAME'];
 			$content['SESSION_USERID'] = $_SESSION['SESSION_USERID'];
 			$content['SESSION_ISADMIN'] = $_SESSION['SESSION_ISADMIN'];
 			$content['SESSION_ISREADONLY'] = $_SESSION['SESSION_ISREADONLY'];
 			if ( isset($_SESSION['SESSION_GROUPIDS']) )
 				$content['SESSION_GROUPIDS'] = $_SESSION['SESSION_GROUPIDS'];
@ -170,11 +171,17 @@ function CheckUserLogin( $username, $password )
 		$_SESSION['SESSION_USERNAME'] = $username;
 		$_SESSION['SESSION_USERID'] = $myrow['ID'];
 		$_SESSION['SESSION_ISADMIN'] = $myrow['is_admin'];
 		// Check Readonly setting
 		if ( $content['database_installedversion'] > 8 )
 			$_SESSION['SESSION_ISREADONLY'] = $myrow['is_readonly'];
 		else
 			$_SESSION['SESSION_ISREADONLY'] = false; 
 		$content['SESSION_LOGGEDIN'] = $_SESSION['SESSION_LOGGEDIN'];
 		$content['SESSION_USERNAME'] = $_SESSION['SESSION_USERNAME'];
 		$content['SESSION_USERID'] = $_SESSION['SESSION_USERID'];
 		$content['SESSION_ISADMIN'] = $_SESSION['SESSION_ISADMIN'];
 		$content['SESSION_ISREADONLY'] = $_SESSION['SESSION_ISREADONLY'];
 		// --- Read Groupmember ship for the user!
 		$sqlquery = "SELECT " . 
--- a/src/lang/de/admin.php
+++ b/src/lang/de/admin.php
@ -103,6 +103,7 @@ $content['LN_GEN_INJECTHTMLHEADER'] = "Voranstellen von HTML Code in &lt;head&gt
 $content['LN_GEN_INJECTBODYHEADER'] = "Voranstellen von HTML Code am Anfang des &lt;body&gt; Bereichs.";
 $content['LN_GEN_INJECTBODYFOOTER'] = "Voranstellen von HTML Code Am Ende des &lt;body&gt; Bereichs.";
 $content['LN_ADMIN_PHPLOGCON_LOGOURL'] = "Optionale LogAnalyzer-Logo-URL. Bitte f&uuml;r das Standard-Logo leer lassen.";
 $content['LN_ADMIN_ERROR_READONLY'] = "This is a READONLY User, you are not allowed to perform any change operations.";
 // User Center
 $content['LN_USER_CENTER'] = "Benutzer Optionen";
--- a/src/lang/en/admin.php
+++ b/src/lang/en/admin.php
@ -105,6 +105,7 @@ $content['LN_GEN_INJECTHTMLHEADER'] = "Inject this html code into the &lt;head&g
 $content['LN_GEN_INJECTBODYHEADER'] = "Inject this html code at the beginning of the &lt;body&gt; area.";
 $content['LN_GEN_INJECTBODYFOOTER'] = "Inject this html code at the end &lt;body&gt; area.";
 $content['LN_ADMIN_PHPLOGCON_LOGOURL'] = "Optional LogAnalyzer Logo URL. Leave empty to use the default one.";
 $content['LN_ADMIN_ERROR_READONLY'] = "This is a READONLY User, you are not allowed to perform any change operations.";
 // User Center
 $content['LN_USER_CENTER'] = "User Options";
@ -134,7 +135,6 @@ $content['LN_USER_ERROR_SETTINGFLAG'] = "Error setting flag, invalid ID or User
 $content['LN_USER_WARNRADYONLYADMIN'] = "You are about to set your account to readonly! This will prevent you from changing any settings! Are you sure that you want to proceed?";
 $content['LN_USER_ISREADONLY'] = "Readonly User?";
 $content['LN_USER_'] = "";
 $content['LN_USER_'] = "";
 // Group center
 $content['LN_GROUP_CENTER'] = "Group Center";
--- a/src/lang/it_IT/admin.php
+++ b/src/lang/it_IT/admin.php
@ -105,6 +105,7 @@ $content['LN_GEN_INJECTHTMLHEADER'] = "Inject this html code into the &lt;head&g
 $content['LN_GEN_INJECTBODYHEADER'] = "Inject this html code at the beginning of the &lt;body&gt; area.";
 $content['LN_GEN_INJECTBODYFOOTER'] = "Inject this html code at the end &lt;body&gt; area.";
 $content['LN_ADMIN_PHPLOGCON_LOGOURL'] = "Optional LogAnalyzer Logo URL. Leave empty to use the default one.";
 $content['LN_ADMIN_ERROR_READONLY'] = "This is a READONLY User, you are not allowed to perform any change operations.";
 // User Center
 $content['LN_USER_CENTER'] = "User Options";
--- a/src/lang/pt_BR/admin.php
+++ b/src/lang/pt_BR/admin.php
@ -103,6 +103,7 @@ $content['LN_GEN_INJECTHTMLHEADER'] = "Inject this html code into the &lt;head&g
 $content['LN_GEN_INJECTBODYHEADER'] = "Inject this html code at the beginning of the &lt;body&gt; area.";
 $content['LN_GEN_INJECTBODYFOOTER'] = "Inject this html code at the end &lt;body&gt; area.";
 $content['LN_ADMIN_PHPLOGCON_LOGOURL'] = "Optional LogAnalyzer Logo URL. Leave empty to use the default one.";
 $content['LN_ADMIN_ERROR_READONLY'] = "This is a READONLY User, you are not allowed to perform any change operations.";
 // User Center
 $content['LN_USER_CENTER'] = "User Options";