X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=WEB-INF%2Flib%2Fcommon.lib.php;h=3dce388f5193706cbca402054db09678fb2f694b;hb=ecf7d911c95935f8cfb2403f645cd12f93d8c3f5;hp=2f3fd5b263362eb32fab3d7520078fc1a3045a8e;hpb=8079f7eca2e220f5818a77e0cb5043eb5ad0fff4;p=timetracker.git

diff --git a/WEB-INF/lib/common.lib.php b/WEB-INF/lib/common.lib.php
index 2f3fd5b2..3dce388f 100644
--- a/WEB-INF/lib/common.lib.php
+++ b/WEB-INF/lib/common.lib.php
@@ -130,13 +130,6 @@ function import($class_name) {
 	}
 
 
-	function closeConnection() {
-		if (isset($GLOBALS["_DB_CONNECTION"])) {
-			$GLOBALS["_DB_CONNECTION"]->close();
-			unset($GLOBALS["_DB_CONNECTION"]);
-		}
-	}
-
 // time_to_decimal converts a time string such as 1:15 to its decimal representation such as 1.25 or 1,25.
 function time_to_decimal($val) {
   global $user;
@@ -315,22 +308,42 @@ function ttValidCronSpec($val)
   return true;
 }
 
-// ttAccessCheck is used to check whether user is allowed to proceed. This function is used
-// as an initial check on all publicly available pages.
-function ttAccessCheck($required_rights)
+// ttValidCondition is used to check user input to validate a notification condition.
+function ttValidCondition($val, $emptyValid = true)
+{
+  $val = trim($val);
+  if (strlen($val) == 0)
+    return ($emptyValid ? true : false);
+
+  // String must not be XSS evil (to insert JavaScript).
+  if (stristr($val, '<script>') || stristr($val, '<script '))
+    return false;
+
+  if (!preg_match("/^count\s?>\s?\d+$/", $val))
+    return false;
+
+  return true;
+}
+
+// ttAccessAllowed checks whether user is allowed access to a particular page.
+// It is used as an initial check on all publicly available pages
+// (except login.php, register.php, and others where we don't have to check).
+function ttAccessAllowed($required_right)
 {
   global $auth;
   global $user;
-  
+
   // Redirect to login page if user is not authenticated.
   if (!$auth->isAuthenticated()) {
     header('Location: login.php');
     exit();
   }
-  
-  // Check rights.
-  if (!($required_rights & $user->rights))
-    return false;
-    
-  return true;
+
+  // Check if user has the right.
+  if (in_array($required_right, $user->rights)) {
+    ttUserHelper::updateLastAccess();
+    return true;
+  }
+
+  return false;
 }