本文整理汇总了PHP中OA_Permission::enforceTrue方法的典型用法代码示例。如果您正苦于以下问题:PHP OA_Permission::enforceTrue方法的具体用法?PHP OA_Permission::enforceTrue怎么用?PHP OA_Permission::enforceTrue使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类OA_Permission
的用法示例。
在下文中一共展示了OA_Permission::enforceTrue方法的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: __wakeup
function __wakeup()
{
$aAccounts[$this->aAccount['account_id']] = true;
if (!empty($this->aUser['is_admin'])) {
$adminAccountId = OA_Dal_ApplicationVariables::get('admin_account_id');
$aAccounts[$adminAccountId] = true;
}
$doAUA = OA_Dal::factoryDO('account_user_assoc');
$doAUA->whereInAdd('account_id', array_keys($aAccounts));
$doAUA->user_id = $this->aUser['user_id'];
$doAUA->find();
while ($doAUA->fetch()) {
unset($aAccounts[$doAUA->account_id]);
}
if (!empty($this->aUser['is_admin']) && isset($aAccounts[$adminAccountId])) {
$this->aUser['is_admin'] = false;
}
OA_Permission::enforceTrue($this->aUser['is_admin'] || !isset($aAccounts[$this->aAccount['account_id']]));
}
示例2: checkSessionToken
/**
* CVE-2013-5954
*
* Helper method which checks if the correct session token is present
* when CRUD actions (generally deletes) are performed using a GET instead
* of a POST (for historical reasons). Allows the CSRF vulnerabilities
* reported in CVE-2013-5954 to be closed off without the required (and
* eventually needed) refactoring of the enture UI to a proper MVC
* framework.
*/
public static function checkSessionToken()
{
$token = isset($_GET['token']) ? $_GET['token'] : false;
OA_Permission::enforceTrue(phpAds_SessionValidateToken($token));
}
示例3: strftime
| along with this program; if not, write to the Free Software |
| Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
+---------------------------------------------------------------------------+
$Id: userlog-details.php 37157 2009-05-28 12:31:10Z andrew.hill $
*/
// Require the initialisation file
require_once '../../init.php';
// Required files
require_once MAX_PATH . '/lib/OA/Dal.php';
require_once MAX_PATH . '/lib/max/language/Loader.php';
require_once MAX_PATH . '/www/admin/config.php';
// Security check
OA_Permission::enforceAccount(OA_ACCOUNT_ADMIN);
// Get userlog data and enforce it exists
$doUserLog = OA_Dal::staticGetDO('userlog', $userlogid);
OA_Permission::enforceTrue($doUserLog);
/*-------------------------------------------------------*/
/* HTML framework */
/*-------------------------------------------------------*/
phpAds_PageHeader('userlog-index');
phpAds_UserlogSelection("maintenance");
// Load the required language files
Language_Loader::load('userlog');
/*-------------------------------------------------------*/
/* Main code */
/*-------------------------------------------------------*/
if ($row = $doUserLog->toArray()) {
echo "<br />";
echo "<table cellpadding='0' cellspacing='0' border='0'>";
echo "<tr height='20'><td><b>" . $strDate . "</b>: </td>";
echo "<td>" . strftime($date_format, $row['timestamp']) . ", " . strftime($minute_format, $row['timestamp']) . "</td></tr>";
示例4: checkSessionToken
/**
* CVE-2013-5954
*
* Helper method which checks if the correct session token is present
* when CRUD actions (generally deletes) are performed using a GET instead
* of a POST (for historical reasons). Allows the CSRF vulnerabilities
* reported in CVE-2013-5954 to be closed off without the required (and
* eventually needed) refactoring of the enture UI to a proper MVC
* framework.
*/
public static function checkSessionToken()
{
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$token = isset($_POST['token']) ? $_POST['token'] : false;
} else {
$token = isset($_GET['token']) ? $_GET['token'] : false;
}
OA_Permission::enforceTrue(phpAds_SessionValidateToken($token));
}
示例5:
/*
+---------------------------------------------------------------------------+
| Revive Adserver |
| http://www.revive-adserver.com |
| |
| Copyright: See the COPYRIGHT.txt file. |
| License: GPLv2 or later, see the LICENSE.txt file. |
+---------------------------------------------------------------------------+
*/
// Require the initialisation file
require_once '../../init.php';
// Required files
require_once MAX_PATH . '/www/admin/config.php';
require_once MAX_PATH . '/lib/max/other/common.php';
// OA-900, hide graph
OA_Permission::enforceTrue(false);
require_once MAX_PATH . '/lib/OA/Admin/Statistics/Factory.php';
// Make data loading depending only on period_start & period_end
$tempPeriodPreset = $_REQUEST['period_preset'];
$_REQUEST['period_preset'] = 'specific';
$period_preset = 'specific';
$session['prefs']['GLOBALS']['period_preset'] = 'specific';
$period_preset = MAX_getStoredValue('period_preset', 'today');
phpAds_registerGlobal('breakdown', 'entity', 'agency_id', 'advertiser_id', 'clientid', 'campaignid', 'placement_id', 'ad_id', 'bannerid', 'publisher_id', 'affiliateid', 'zone_id', 'zoneid', 'start_date', 'end_date', 'sort', 'asc', 'show', 'expand', 'day', 'plugin', 'peroid_preset', 'tempPeriodPreset', 'GraphFile', 'graphFilter', 'graphFields', 'listorder');
if (!isset($listorder)) {
$prm['listorder'] = MAX_getStoredValue('listorder', null, 'stats.php');
}
// Handle filters
if (is_numeric($advertiser_id)) {
$clientid = $advertiser_id;
}
示例6: enforceAccessToObject
/**
* A method to show an error if the current user/account doesn't have access
* to the specified DB_DataObject (defined by table name and entity ID).
*
* @static
* @param string $entityTable The name of the table.
* @param integer $entityId Optional entity ID -- when set, tests if the current
* account has access to the enity, when not set, tests
* if the current account can create a new entity in the
* table.
* @param boolean $allowNewEntity Allow creation of a new entity, defaults to false.
*/
function enforceAccessToObject($entityTable, $entityId = null, $allowNewEntity = false)
{
if (!$allowNewEntity) {
OA_Permission::enforceTrue(!empty($entityId));
}
// Verify that the ID is numeric
OA_Permission::enforceTrue(preg_match('/^\\d*$/D', $entityId));
$entityId = (int) $entityId;
$hasAccess = OA_Permission::hasAccessToObject($entityTable, $entityId);
if (!$hasAccess) {
if (!OA_Permission::isManualAccountSwitch()) {
if (OA_Permission::isUserLinkedToAdmin()) {
// Check object existence
OA_Permission::enforceTrue(OA_Permission::getAccountIdForEntity($entityTable, $entityId));
}
// if has access switch to the manager account that owns this object
if ($hasAccess) {
if (OA_Permission::switchToManagerAccount($entityTable, $entityId)) {
// Now that the admin user is working with the manager
// account that owns the object, show to him the page.
$url = $_SERVER['REQUEST_URI'];
header("Location: {$url}");
exit;
} else {
// If is not possible to switch redirect the admin to his home page
OX_Admin_Redirect::redirect();
}
}
}
}
if (!$hasAccess) {
OA_Permission::redirectIfManualAccountSwitch();
$hasAccess = OA_Permission::attemptToSwitchForAccess($entityTable, $entityId);
}
OA_Permission::enforceTrue($hasAccess);
}