}
- function closeConnection() {
- if (isset($GLOBALS["_DB_CONNECTION"])) {
- $GLOBALS["_DB_CONNECTION"]->close();
- unset($GLOBALS["_DB_CONNECTION"]);
- }
- }
-
// time_to_decimal converts a time string such as 1:15 to its decimal representation such as 1.25 or 1,25.
function time_to_decimal($val) {
global $user;
return true;
}
+// ttValidCondition is used to check user input to validate a notification condition.
+function ttValidCondition($val, $emptyValid = true)
+{
+ $val = trim($val);
+ if (strlen($val) == 0)
+ return ($emptyValid ? true : false);
+
+ // String must not be XSS evil (to insert JavaScript).
+ if (stristr($val, '<script>') || stristr($val, '<script '))
+ return false;
+
+ if (!preg_match("/^count\s?>\s?\d+$/", $val))
+ return false;
+
+ return true;
+}
+
// ttAccessCheck is used to check whether user is allowed to proceed. This function is used
// as an initial check on all publicly available pages.
function ttAccessCheck($required_rights)
}
// Check rights.
- if (!($required_rights & $user->rights))
+ if (!($required_rights & $user->rights_mask))
return false;
return true;
}
+
+// ttAccessAllowed checks whether user is allowed access to a particular page.
+// This function is a replacement for ttAccessCheck above as part of roles revamp.
+// To be used as an initial check on all publicly available pages
+// (except login.php and register.php where we don't have to check).
+function ttAccessAllowed($required_right)
+{
+ global $auth;
+ global $user;
+
+ // Redirect to login page if user is not authenticated.
+ if (!$auth->isAuthenticated()) {
+ header('Location: login.php');
+ exit();
+ }
+
+ // Check if user has the right.
+ if (in_array($required_right, $user->rights))
+ return true;
+
+ return false;
+}
projects / timetracker.git / blobdiff