forked from southern-wind/wind
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main_center.php
94 lines (86 loc) · 3.08 KB
/
main_center.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
<?php
/*
* WiND - Wireless Nodes Database
*
* Copyright (C) 2005-2014 by WiND Contributors (see AUTHORS.txt)
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
include_once(ROOT_PATH."includes/pages/".get('page')."/".get('page').".php");
class center {
var $page;
function center() {
$p = get('page');
$this->page = new $p;
}
function security_check() {
global $main, $db;
if (isset($main->userdata->privileges['admin']) && $main->userdata->privileges['admin'] === TRUE) return TRUE;
switch (get('page')) {
case 'admin':
return ($main->userdata->privileges['admin'] === TRUE);
break;
case 'hostmaster':
return ($main->userdata->privileges['hostmaster'] === TRUE);
break;
case 'node_editor':
if ($main->userdata->logged === TRUE) {
if (get('node') == 'add') return TRUE;
if (get('node') != 'add' && get('action') == 'delete') {
if ($db->cnt('', "users_nodes", "node_id = ".intval(get('node'))." AND user_id = '".$main->userdata->user."' AND owner = 'Y'") > 0) {
return TRUE;
} else {
return FALSE;
}
}
if ($db->cnt('', "users_nodes", "node_id = ".get('node')." AND user_id = '".$main->userdata->user."'") > 0) return TRUE;
if (get('subpage') == 'dnszone' &&
$db->cnt('', "users_nodes, dns_zones", "dns_zones.node_id = users_nodes.node_id AND dns_zones.id = '".get('zone')."' AND users_nodes.user_id = '".$main->userdata->user."'") > 0) return TRUE;
if (get('subpage') == 'dnsnameserver' &&
$db->cnt('', "users_nodes, dns_nameservers", "dns_nameservers.node_id = users_nodes.node_id AND dns_nameservers.id = '".get('nameserver')."' AND users_nodes.user_id = '".$main->userdata->user."'") > 0) return TRUE;
}
break;
case 'nodes':
case 'startup':
case 'ranges':
case 'dnszones':
case 'pickup':
case 'map':
case 'gearth':
case 'services':
case 'search':
return TRUE;
break;
case 'users':
if (get('user') == 'add') return TRUE;
if ($main->userdata->logged === TRUE) {
if (get('action') == 'logout') return TRUE;
if (get('user') === $main->userdata->user) return TRUE;
}
if (get('action') == 'activate') return TRUE;
if (get('action') == 'restore') return TRUE;
if (get('subpage') == 'loginform') return TRUE;
break;
}
return FALSE;
}
function output() {
global $main;
if (!$this->security_check()) {
$main->message->set_fromlang('error', 'no_privilege');
return;
}
return $this->page->output();
}
}
?>