From 621fc2f9638a1a92aa8535310e7852de5542f11e Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY '.$html.'';
}
$html = "";
diff --git a/login/admin/index.php b/login/admin/index.php
index eb8a877..0688f17 100644
--- a/login/admin/index.php
+++ b/login/admin/index.php
@@ -1,5 +1,5 @@
admin('site')) {
+if (!$User->admin('site')) {
http_response_code(403);
?>
Verboden toegang
diff --git a/login/index.php b/login/index.php
index c69ec3c..6783a47 100644
--- a/login/index.php
+++ b/login/index.php
@@ -35,7 +35,7 @@ elseif (isset($_GET['logout'])) {
$message = "Je bent uitgelogd. Graag tot ziens!";
}
-if (empty($User)) {
+if (!$User or !$User->login) {
$Article->title = 'Inloggen';
if (isset($_REQUEST['goto'])) {
$target = ltrim($_REQUEST['goto'], '/');
@@ -75,7 +75,7 @@ if (isset($_REQUEST['goto'])) {
if (isset($Article->raw)) {
print $Article->raw;
}
-if (empty($Args) and $User and $User->admin) {
+if (empty($Args) and $User->admin) {
include_once 'login/admin.html';
}
diff --git a/login/pass/index.php b/login/pass/index.php
index 735770a..cd65186 100644
--- a/login/pass/index.php
+++ b/login/pass/index.php
@@ -13,7 +13,7 @@ if (isset($_GET['token'])) {
return TRUE;
}
}
-elseif (!$User) {
+elseif (!$User->login) {
http_response_code(303);
$target = urlencode($_SERVER['REQUEST_URI']);
header("Location: /login?goto=$target");
@@ -38,7 +38,7 @@ Hier kun je een nieuwe inlogcode instellen voor = htmlspecialchars($User->
Dit zal de huidige code vervangen.
-pass)) { ?> +login and strlen($User->pass)) { ?> diff --git a/login/post/index.php b/login/post/index.php index 9621978..0beb42f 100644 --- a/login/post/index.php +++ b/login/post/index.php @@ -1,5 +1,5 @@ login) { http_response_code(303); $target = urlencode($_SERVER['REQUEST_URI']); header("Location: /login?goto=$target"); diff --git a/nieuws/index.php b/nieuws/index.php index 392a10f..f74c632 100644 --- a/nieuws/index.php +++ b/nieuws/index.php @@ -1,14 +1,14 @@ login; @list ($year, $page) = explode('/', trim($Args, '/')); -if ($User and $User->admin("edit $Page")) { +if ($User->admin("edit $Page")) { print ''."\n"; } if ($page and !is_numeric($page)) { $Article->meta['og:type'] = 'article'; - $edit = $User && $User->admin("edit $Page$Args") ? htmlspecialchars(@$_GET['edit']) : NULL; + $edit = $User->admin("edit $Page$Args") ? htmlspecialchars(@$_GET['edit']) : NULL; if ($edit) { $Article->title = $edit; } @@ -16,7 +16,7 @@ if ($page and !is_numeric($page)) { $Place[1] = ' '.$Article->date.''; } print preg_replace('{(?<=
'; printf('Ingelogd: %s', '/login', $User->login); if ($User->admin("edit $Page$Args")) { @@ -44,7 +44,7 @@ register_shutdown_function(function () { print "\n"; global $User, $Page, $Args; - if (!empty($User) and $User->admin("edit $Page$Args")) { + if ($User and $User->admin("edit $Page$Args")) { $ckesrc = '/lib/ckeditor'; # local install if (!file_exists(DOCROOT . $ckesrc)) { $ckesrc = '//cdn.ckeditor.com/4.7.3/full-all'; # remote fallback diff --git a/page.php b/page.php index 93b705f..bb2de0b 100644 --- a/page.php +++ b/page.php @@ -54,7 +54,7 @@ function getoutput($blocks = []) # keep either login or logout parts depending on user level global $User; - $hideclass = empty($User) ? 'login' : 'logout'; + $hideclass = $User && $User->login ? 'logout' : 'login'; $doc = preg_replace('{\s*<([a-z]+) class="'.$hideclass.'">.*?\1>}s', '', $doc); return preg_replace_callback( @@ -118,8 +118,7 @@ error_reporting(error_reporting() & ~E_FATAL); # user login and control -$User = NULL; -include_once 'auth.inc.php'; +include_once 'auth.inc.php'; // sets global $User $Edit = isset($_GET['edit']); # setup requested page @@ -149,7 +148,7 @@ $Args = $Article->path; if ($PageAccess = $Article->restricted) { # access restriction - if (empty($User)) { + if (!$User->login) { http_response_code(303); $target = urlencode($Article->link); header("Location: /login?goto=$target"); @@ -168,12 +167,12 @@ header(sprintf('Content-Security-Policy: %s', implode('; ', [ ob_start(); # page body $Place = [ - 'user' => $User ? $User->login : '', + 'user' => $User->login ?: '', 'url' => htmlspecialchars($_SERVER['REQUEST_URI']), ]; if (isset($Article->raw)) { - if ($User and $User->admin("edit $Page$Args")) { + if ($User->admin("edit $Page$Args")) { # restore meta tags in static contents for editing foreach (array_reverse($Article->meta) as $metaprop => $val) { $Article->raw = sprintf( @@ -183,7 +182,7 @@ if (isset($Article->raw)) { } } } -elseif ($User and $User->admin("edit {$Article->link}")) { +elseif ($User->admin("edit {$Article->link}")) { $Article->raw(file_exists("$Page/template.inc.html") ? "$Page/template.inc.html" : 'template.inc.html'); } if (isset($Article->raw)) { diff --git a/upload.inc.php b/upload.inc.php index 74219ed..6175fe2 100644 --- a/upload.inc.php +++ b/upload.inc.php @@ -45,7 +45,7 @@ function messagehtml($input) if (empty($input)) { return; } - if ($User and $User->admin and preg_match('/\A<[a-z][^>]*>/', $input)) { + if ($User->admin and preg_match('/\A<[a-z][^>]*>/', $input)) { return $input; # allow html input as is if privileged } $html = preg_replace( diff --git a/widget/contact.php b/widget/contact.php index 6e04005..b7e073f 100644 --- a/widget/contact.php +++ b/widget/contact.php @@ -2,7 +2,7 @@ $error = NULL; if ($_POST) { global $User; - if ($User) { + if ($User->login) { $_REQUEST['login'] = $User->login; $_REQUEST['email'] = $_REQUEST['email'] ?: $User->email; } diff --git a/widget/login/name.php b/widget/login/name.php index df934a5..6c15196 100644 --- a/widget/login/name.php +++ b/widget/login/name.php @@ -1,6 +1,6 @@ login) { print 'niet ingelogd'; return; } diff --git a/widget/reply.php b/widget/reply.php index 7e0ec1e..edffaa7 100644 --- a/widget/reply.php +++ b/widget/reply.php @@ -103,7 +103,7 @@ while ($row = $query->fetch()) { print "\n"; } -if ($User) { +if ($User->login) { print '