Hi Axel,
Hello,
I’m developing an own application which uses separate html-files (with css
ans js) from an other project.
So there is no etemplate, because files where loading from local filesystem
by
$file = file_get_contents(’/var/test/’.$_GET[‘page’]);
That looks like a classic arbitrary file inclusion exploidt by using eg.
index.php?page=…/…/usr/share/egroupware/header.inc.php
echo $file;
The ‘page’-parameter is generated by RewriteRules in
/etc/apache2/sites-available/egroupware.conf.
(It’s not possible to request these files directly from docroot.)
Nearly all works very fine.
—>
But how can I check, if a user is logged in EGroupware?
If I use
$GLOBALS[‘egw_info’] = array(
‘flags’ => array(
‘currentapp’ => ‘api’,
‘noheader’ => true,
)
);
include(’…/header.inc.php’);
That will redirect to login.php, if use is not logged in.
the header from the separate html-files will be overwritten. Is there an
alternative?
Something like the following won’t be enough:
$sid = isset($_GET[‘sessionid’]) ? $_GET[‘sessionid’] :
@$_COOKIE[‘sessionid’];
if(!sid || (egw_session::get_sessionid() != $sid)){
This is always true, as egw_session::get_sessionid() returns just
$_COOKIE[‘sessionid’]!
Ralf
echo "Access Denied!";
}
else{
//do my stuff
How can I solve my problem?
(By the way: All logged in user have access to this application.)
Regards, Axel
–
View this message in context: http://egroupware.219119.n3.nabble.com/Check-user-session-without-include-header-inc-php-tp4013864.html
Sent from the egroupware-developers mailing list archive at Nabble.com.
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. http://sdm.link/zohodev2dev
eGroupWare-developers mailing list
eGroupWare-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-developers
–
Ralf Becker
Director Software Development
Stylite AG
Isaac-Fulda-Allee 9 | Tel. +49 6131 32702-0
D-55124 Mainz | Fax. +49 6131 32702-70
Email: rb@stylite.de
www.stylite.de | www.egroupware.org
Managing Directors: Andre Keller | Gudrun Mueller
Chairman of the supervisory board: Prof. Dr. Birger Leon Kropshofer
VAT DE214280951 | Registered HRB 46224 Mainz Germany
