PHP restrict_access函数代码示例

function autocomplete_users_data($where = NULL)
{
    restrict_access('A');
    //Because that's a lot of names you're dumping to the browser.
    $search = call_user_func_array('user_data', func_get_args());
    $result = array();
    foreach ($search as $user) {
        $result[] = array('label' => $user['name'] . ' (' . $user['id'] . ')', 'category' => $user['category']);
    }
    return $result;
}

<?php

/*
 * Admin/User_List.php
 * LHS Math Club Website
 *
 * Shows a list of users
 */
require_once '../.lib/functions.php';
restrict_access('A');
show_page();
function show_page()
{
    global $use_rel_external_script;
    // direct page_header to include some javascript that will make links
    $use_rel_external_script = true;
    // marked as rel="external" open in a new tab while remaining XHTML-valid
    page_header('User List');
    // Generate code for the different tables of users included in the body
    $captains_table = generate_user_table('SELECT id, name, email, yog FROM users WHERE permissions="C" ORDER BY yog ASC, name');
    $other_admins_table = generate_user_table('SELECT id, name, email, yog FROM users WHERE permissions="A" ORDER BY yog ASC, name');
    $members_table = generate_user_table('SELECT id, name, email, yog FROM users WHERE permissions="R" AND approved="1" ORDER BY yog ASC, name');
    $alumni_table = generate_user_table('SELECT id, name, email, yog FROM users WHERE permissions="L" ORDER BY yog DESC, name');
    $banned_users_table = generate_user_table('SELECT id, name, email, yog, creation_date, DATE_FORMAT(creation_date, "%M %e, %Y") AS formatted_creation FROM users WHERE approved="-1" ORDER BY creation_date DESC');
    // The Pending Approval Table is different
    $pending_approval_table = <<<HEREDOC
      <table class="contrasting">
        <tr>
          <th>Name</th>
          <th>Email Address</th>
          <th>YOG</th>

<?php

/*
 * My_Scores.php
 * LHS Math Club Website
 *
 * Displays the user's contest scores
 */
require_once '.lib/functions.php';
restrict_access('RA');
show_page();
function show_page()
{
    page_header('My Scores');
    echo <<<HEREDOC
      <h1>My Scores</h1>
      
HEREDOC;
    $query = 'SELECT test_scores.score AS score, tests.name AS name, tests.total_points AS total, DATE_FORMAT(tests.date, "%M %e, %Y") AS formatted_date' . ' FROM test_scores' . ' INNER JOIN tests ON tests.test_id=test_scores.test_id' . ' WHERE test_scores.user_id="' . mysqli_real_escape_string(DB::get(), $_SESSION['user_id']) . '" AND archived="0"' . ' ORDER BY tests.date DESC';
    $result = DB::queryRaw($query);
    if (mysqli_num_rows($result) > 0) {
        echo <<<HEREDOC
      <h4>Recent Tests</h4>
      <table class="contrasting">
        <tr>
          <th>Test</th>
          <th>Score</th>
          <th>Date</th>
        </tr>

HEREDOC;

<?php

/*
 * Account/Register.php
 * LHS Math Club Website
 *
 * Allows users to create an account on the website.
 */
require_once '../.lib/functions.php';
restrict_access('X');
// only for logged-out users
//Expire any pre-approved-email invitation if it's past the expiration (15 min).
if (isset($_SESSION['PREAPPROVED_expiry']) && $_SESSION['PREAPPROVED_expiry'] < time()) {
    header('Location: Signout');
}
if (isset($_POST['do_register'])) {
    process_form();
} else {
    show_form();
}
/*
 * show_form($err, $selected_field)
 *
 * Shows the registration form, with optional error message.
 *
 * $selected_field is the name of the field to put the cursor into; if the
 * form was already submitted but had errors, the cursor goes into the
 * problematic field, for convenience.
 */
function show_form()
{

<?php

/*
 * Account/My_Profile.php
 * LHS Math Club Website
 *
 * Allows users to view and change their stored personal information
 */
require_once '../.lib/functions.php';
restrict_access('RLA');
set_login_data($_SESSION['user_id']);
// visiting this page will cause your cached data to reload
if (isset($_POST['do_change_email'])) {
    change_email();
} else {
    if (isset($_POST['do_change_cell'])) {
        change_cell();
    } else {
        if (isset($_POST['do_change_password'])) {
            change_password();
        } else {
            if (isset($_GET['Email'])) {
                show_change_email_page('', 'email');
            } else {
                if (isset($_GET['Cell'])) {
                    show_change_cell_page('', 'cell');
                } else {
                    if (isset($_GET['Password'])) {
                        show_change_password_page('');
                    } else {
                        if (isset($_GET['Mailings'])) {

<?php

/*
 * About.php
 * LHS Math Club Website
 */
require_once '.lib/functions.php';
restrict_access('XRLA');
//Privacy control.
$benjamin_tidor = 'Benjamin T.';
if (isset($_SESSION['user_id'])) {
    $benjamin_tidor = '<a href="http://tidor.net" rel="external">Benjamin Tidor</a>';
}
page_title('About');
?>
<h1>About</h1>

<h3>LHS Math Club Website</h3>
Written in <a href="http://www.php.net/" rel="external">PHP</a> 2008-2012 by <?php 
echo $benjamin_tidor;
?>
<br />
With design assistance from <a href="http://teddomain.zzl.org/" rel="external">Ted Zhu</a><br />
Heavily revised and updated by <a href="http://clive.io" rel="external">Clive Chan</a> 2013-present<br />
and well-maintained by all LHSMATH webmasters.<br />

<br />
All pages consist of <a href="http://validator.w3.org/check?uri=referer" rel="external">valid XHTML 1.0</a>
and <a href="http://jigsaw.w3.org/css-validator/check/referer?profile=css3" rel="external">CSS 3</a><br />

<br /><br />

<?php

/*
 * Account/Approve.php
 * LHS Math Club Website
 *
 * When a user has completed registration, this page prompts them to print
 * out an information page and give it to a captain to approve their
 * account.
 */
require_once '../.lib/functions.php';
restrict_access('P');
show_page();
function show_page()
{
    $query = 'SELECT * FROM users WHERE id="' . $_SESSION['user_id'] . '" LIMIT 1';
    $result = DB::queryRaw($query);
    $row = mysqli_fetch_assoc($result);
    $cell = format_phone_number($row['cell']);
    if ($cell == '') {
        $cell = 'None';
    }
    page_title('Approve');
    ?>
<h1>Account Approval</h1>

Your account has been verified, but it must be approved by a captain. Please print this page and bring it to practice.<br />
<br />
<div class="scrhide">
	<span class="b">ID: </span><?php 
    echo $row['id'];

<?php

/*
 * Account/Verify_Email.php
 * LHS Math Club Website
 *
 * After users register, they must click a link in a verification email in
 * order to activate their account. This page sends that email and gives
 * users the option of resending it.
 */
require_once '../.lib/functions.php';
restrict_access('E');
if (isset($_GET['code'])) {
    verify_code();
} else {
    if (isset($_SESSION['ACCOUNT_do_send_verification_email'])) {
        send_verification_email();
    } else {
        if (isset($_POST['do_resend_verification_email']) && $_POST['xsrf_token'] == $_SESSION['xsrf_token']) {
            send_verification_email();
        } else {
            show_page();
        }
    }
}
/*
 * show_page($re_sent)
 *  - $re_sent: if the message has just been resent
 *
 *  Shows a message to users who have not yet verified their email address.
 */

function show_email_sent_page()
{
    restrict_access('X');
    if (time() >= $_SESSION['ACCOUNT_password_reset_time'] + 300) {
        // that page stops being displayed after 5 minutes.
        unset($_SESSION['ACCOUNT_sent_password_reset']);
        // On a public computer, you wouldn't want your email address
        unset($_SESSION['ACCOUNT_password_reset_time']);
        // hanging around indefinitely.
        unset($_SESSION['ACCOUNT_password_reset_email']);
        show_request_page('', 'email');
        return;
    }
    page_header('Password Reset');
    echo <<<HEREDOC
      <h1>Password Reset</h1>
      
      A confirmation message has been sent to <span class="b">{$_SESSION['ACCOUNT_password_reset_email']}</span>.
      Please click on the link in the message to continue.
HEREDOC;
}

<?php

/*
 * Admin/Super_Admin.php
 * LHS Math Club Website
 */
require_once '../.lib/functions.php';
restrict_access('+');
if (isset($_POST['do_superadmin_elevate'])) {
    process_form();
} else {
    show_page('');
}
function show_page($err)
{
    // If an error message is given, put it inside this div
    if ($err != '') {
        $err = "\n        <div class=\"error\">{$err}</div><br />\n";
    }
    page_header('Super-Admin');
    echo <<<HEREDOC
      <h1>Super-Admin</h1>
      
      If you accidentally lose access to all the Admin accounts, create a new account,
      log in as LHSMATH, and make the new account an Admin (you'll need the ID from
      the page that you're supposed to print).<br />
      <br />{$err}
      <span class="b">Elevate Account</span>
      <form method="post" action="{$_SERVER['REQUEST_URI']}">
        <table>
          <tr>

function do_download()
{
    if (isset($_GET['Backup'])) {
        restrict_access('A');
        $time = (int) $_GET['Backup'];
        $code = $_GET['Code'];
        if (!preg_match('#[a-z0-9]{4}#', $code)) {
            trigger_error('Invalid backup', E_USER_ERROR);
        }
        $name = 'db-backup-' . $time . '-' . $code . '.sql';
        $file = './.content/backups/' . $name;
    } else {
        $query = 'SELECT filename, permissions FROM files WHERE file_id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '"';
        $result = DB::queryRaw($query);
        if (mysqli_num_rows($result) != 1) {
            trigger_error('Incorrect number of categories match ID', E_USER_ERROR);
        }
        $row = mysqli_fetch_assoc($result);
        if ($row['permissions'] == 'P') {
            restrict_access('XLRA');
        } else {
            if ($row['permissions'] == 'M') {
                restrict_access('LRA');
            } else {
                // 'A'
                restrict_access('A');
            }
        }
        if ($row['permissions'] == 'C' && !isset($_SESSION['is_captain'])) {
            page_header('Download');
            echo <<<HEREDOC
      <h1>Access Blocked</h1>
      
      <div>The captains have requested that you not view this file.</div>
HEREDOC;
            die;
        }
        $name = $row['filename'];
        $file = './.content/uploads/' . $name;
    }
    if (file_exists($file)) {
        $encoding = 'application/octet-stream';
        if (preg_match('#\\.pdf$#', $name)) {
            $encoding = 'application/pdf';
        }
        header('Content-Description: File Transfer');
        header('Content-Type: ' . $encoding);
        header('Content-Disposition: inline; filename="' . $name . '"');
        header('Content-Transfer-Encoding: binary');
        header('Expires: 0');
        header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
        header('Pragma: public');
        header('Content-Length: ' . filesize($file));
        cancel_templateify();
        ob_clean();
        readfile($file);
        flush();
    } else {
        trigger_error('File does not exist', E_USER_ERROR);
    }
}

function backstage_access()
{
    if (backstage_is_open()) {
        restrict_access('RLA');
    } else {
        restrict_access('A');
    }
}

<?php

/*
 * Account/Banned.php
 * LHS Math Club Website
 *
 * Displays a message to banned users.
 */
if (!defined('FUNCTIONSPHP')) {
    require_once '../.lib/functions.php';
}
//If functions hasn't been included, get functions.
//(if it has been, that means someone's including this file, so rootpath may be messed up and the require will fail)
restrict_access('B');
page_title('Banned');
?>
<h1>Banned</h1>
You have been banned from the Math Club system.