better tool protection

This commit is contained in:
Roland Gruber 2012-07-22 10:37:01 +00:00
parent c2243010a2
commit 79fcf4ca0e
11 changed files with 46 additions and 8 deletions

View File

@ -1,4 +1,9 @@
July 2012 September 2012 3.9
- fixed bugs
-> Hidden tools are still shown in the "Tools" page (3546092)
19.07.2012 3.8
- quick (un)lock for users - quick (un)lock for users
- allow to disable tools - allow to disable tools
- LAM Pro: - LAM Pro:

View File

@ -3,7 +3,7 @@
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2006 - 2010 Roland Gruber Copyright (C) 2006 - 2012 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -291,4 +291,19 @@ function checkPasswordStrength($password) {
return true; return true;
} }
/**
* Checks if the given tool is active.
* Otherwise, an error message is logged and the execution is stopped (die()).
*
* @param String $tool tool class name (e.g. toolFileUpload)
*/
function checkIfToolIsActive($tool) {
$toolSettings = $_SESSION['config']->getToolSettings();
// check if hidden by config
if (isset($toolSettings['tool_hide_' . $tool]) && ($toolSettings['tool_hide_' . $tool] == 'true')) {
logNewMessage(LOG_ERR, 'Unauthorized access to tool ' . $tool . ' denied.');
die();
}
}
?> ?>

View File

@ -46,6 +46,8 @@ startSecureSession();
// die if no write access // die if no write access
if (!checkIfWriteAccessIsAllowed()) die(); if (!checkIfWriteAccessIsAllowed()) die();
checkIfToolIsActive('toolFileUpload');
// Redirect to startpage if user is not loged in // Redirect to startpage if user is not loged in
if (!isset($_SESSION['loggedIn']) || ($_SESSION['loggedIn'] !== true)) { if (!isset($_SESSION['loggedIn']) || ($_SESSION['loggedIn'] !== true)) {
metaRefresh("login.php"); metaRefresh("login.php");

View File

@ -43,6 +43,8 @@ startSecureSession();
// die if no write access // die if no write access
if (!checkIfWriteAccessIsAllowed()) die(); if (!checkIfWriteAccessIsAllowed()) die();
checkIfToolIsActive('toolOUEditor');
setlanguage(); setlanguage();
$types = $_SESSION['config']->get_ActiveTypes(); $types = $_SESSION['config']->get_ActiveTypes();

View File

@ -4,7 +4,7 @@ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2006 Michael Duergner Copyright (C) 2003 - 2006 Michael Duergner
2005 - 2011 Roland Gruber 2005 - 2012 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -47,6 +47,8 @@ startSecureSession();
// die if no write access // die if no write access
if (!checkIfWriteAccessIsAllowed()) die(); if (!checkIfWriteAccessIsAllowed()) die();
checkIfToolIsActive('toolPDFEditor');
setlanguage(); setlanguage();
// Unset pdf structure definitions in session if set // Unset pdf structure definitions in session if set

View File

@ -3,7 +3,7 @@
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2011 Roland Gruber Copyright (C) 2003 - 2012 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -43,6 +43,8 @@ startSecureSession();
// die if no write access // die if no write access
if (!checkIfWriteAccessIsAllowed()) die(); if (!checkIfWriteAccessIsAllowed()) die();
checkIfToolIsActive('toolProfileEditor');
setlanguage(); setlanguage();
$types = $_SESSION['config']->get_ActiveTypes(); $types = $_SESSION['config']->get_ActiveTypes();

View File

@ -3,7 +3,7 @@
$Id$ $Id$
Copyright (C) 2004 David Smith Copyright (C) 2004 David Smith
modified to fit for LDAP Account Manager 2005 - 2010 Roland Gruber modified to fit for LDAP Account Manager 2005 - 2012 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -43,6 +43,8 @@ require_once("../../lib/schema.inc");
// start session // start session
startSecureSession(); startSecureSession();
checkIfToolIsActive('toolSchemaBrowser');
setlanguage(); setlanguage();
include '../main_header.php'; include '../main_header.php';

View File

@ -3,7 +3,7 @@
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2009 - 2011 Roland Gruber Copyright (C) 2009 - 2012 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -36,6 +36,8 @@ include_once("../lib/config.inc");
// start session // start session
startSecureSession(); startSecureSession();
checkIfToolIsActive('toolServerInformation');
setlanguage(); setlanguage();
$namingContexts = ''; $namingContexts = '';

View File

@ -3,7 +3,7 @@
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2006 - 2010 Roland Gruber Copyright (C) 2006 - 2012 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -39,6 +39,8 @@ startSecureSession();
// die if no write access // die if no write access
if (!checkIfWriteAccessIsAllowed()) die(); if (!checkIfWriteAccessIsAllowed()) die();
checkIfToolIsActive('toolTests');
setlanguage(); setlanguage();
include '../main_header.php'; include '../main_header.php';

View File

@ -3,7 +3,7 @@
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2006 - 2010 Roland Gruber Copyright (C) 2006 - 2012 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -40,6 +40,8 @@ startSecureSession();
// die if no write access // die if no write access
if (!checkIfWriteAccessIsAllowed()) die(); if (!checkIfWriteAccessIsAllowed()) die();
checkIfToolIsActive('toolTests');
setlanguage(); setlanguage();
include '../main_header.php'; include '../main_header.php';

View File

@ -43,6 +43,8 @@ startSecureSession();
// die if no write access // die if no write access
if (!checkIfWriteAccessIsAllowed()) die(); if (!checkIfWriteAccessIsAllowed()) die();
checkIfToolIsActive('toolTests');
setlanguage(); setlanguage();
include '../main_header.php'; include '../main_header.php';