"check for a valid eGW session"

This commit is contained in:
Ralf Becker 2008-04-15 08:04:26 +00:00
parent a58cd51617
commit 256163ba98

View File

@ -27,8 +27,22 @@ global $Config ;
// SECURITY: You must explicitly enable this "connector". (Set it to "true"). // SECURITY: You must explicitly enable this "connector". (Set it to "true").
// WARNING: don't just set "$Config['Enabled'] = true ;", you must be sure that only // WARNING: don't just set "$Config['Enabled'] = true ;", you must be sure that only
// authenticated users can access this file or use some kind of session checking. // authenticated users can access this file or use some kind of session checking.
$Config['Enabled'] = true ; //$Config['Enabled'] = false ;
function deny_no_egw_session(&$account)
{
die('Access denied!');
}
$GLOBALS['egw_info'] = array(
'flags' => array(
'currentapp' => 'sitemgr',
'noheader' => true,
'autocreate_session_callback' => 'deny_no_egw_session',
)
);
// will not continue, unless the header get's included, there is a valid eGW session and the user has sitemgr rights
require('../../../../../../../header.inc.php');
$Config['Enabled'] = $GLOBALS['egw']->session->session_flags == 'N'; // disallow anonymous users
// Path to user files relative to the document root. // Path to user files relative to the document root.
//$Config['UserFilesPath'] = '' ; //$Config['UserFilesPath'] = '' ;
@ -51,7 +65,7 @@ $Config['SecureImageUploads'] = true;
$Config['ConfigAllowedCommands'] = array('QuickUpload', 'FileUpload', 'GetFolders', 'GetFoldersAndFiles', 'CreateFolder') ; $Config['ConfigAllowedCommands'] = array('QuickUpload', 'FileUpload', 'GetFolders', 'GetFoldersAndFiles', 'CreateFolder') ;
// Allowed Resource Types // Allowed Resource Types
$Config['ConfigAllowedTypes'] = array('images','File', 'Image', 'Flash', 'Media') ; $Config['ConfigAllowedTypes'] = array('File', 'Image', 'Flash', 'Media') ;
// For security, HTML is allowed in the first Kb of data for files having the // For security, HTML is allowed in the first Kb of data for files having the
// following extensions only. // following extensions only.