Sec: More security on public pages

2009-07-15 13:02:51 +00:00 · 2009-07-15 13:02:51 +00:00 · 9b0c6dd059
commit 9b0c6dd059
parent 3431ebf1ae
2 changed files with 24 additions and 15 deletions
--- a/htdocs/lib/functions.lib.php
+++ b/htdocs/lib/functions.lib.php
@ -1584,32 +1584,34 @@ function restrictedArea($user, $feature='societe', $objectid=0, $dbtablename='',
 *	\param		printheader		Affiche avant le header
 *	\remarks    L'appel a cette fonction termine le code.
 */
-function accessforbidden($message='',$printheader=1)
+function accessforbidden($message='',$printheader=1,$printfooter=1,$showonlymessage=0)
 {
 	global $user, $langs;
 	$langs->load("other");

-	if ($printheader && function_exists("llxHeader")) llxHeader();
+	if ($printheader)
+	{
+		if (function_exists("llxHeader")) llxHeader('');
+		else if (function_exists("llxHeaderVierge")) llxHeaderVierge('');
+	}
 	print '<div class="error">';
 	if (! $message) print $langs->trans("ErrorForbidden");
 	else print $message;
 	print '</div>';
 	print '<br>';
-	if ($user->login)
+	if (empty($showonlymessage))
 	{
-		print $langs->trans("CurrentLogin").': <font class="error">'.$user->login.'</font><br>';
-		print $langs->trans("ErrorForbidden2",$langs->trans("Home"),$langs->trans("Users"));
+		if ($user->login)
+		{
+			print $langs->trans("CurrentLogin").': <font class="error">'.$user->login.'</font><br>';
+			print $langs->trans("ErrorForbidden2",$langs->trans("Home"),$langs->trans("Users"));
+		}
+		else
+		{
+			print $langs->trans("ErrorForbidden3");
+		}
 	}
-	elseif (! empty($_SERVER["REMOTE_USER"]))
-	{
-		print $langs->trans("CurrentLogin").': <font class="error">'.$_SERVER["REMOTE_USER"]."</font><br>";
-		print $langs->trans("ErrorForbidden2",$langs->trans("Home"),$langs->trans("Users"));
-	}
-	else
-	{
-		print $langs->trans("ErrorForbidden3");
-	}
-	if (function_exists("llxFooter")) llxFooter();
+	if ($printfooter && function_exists("llxFooter")) llxFooter('');
 	exit(0);
 }

--- a/htdocs/public/demo/index.php
+++ b/htdocs/public/demo/index.php
@ -33,6 +33,12 @@ $langs->setDefaultLang($langcode);
 $langs->load("main");
 $langs->load("other");

+// Security check
+if (! empty($conf->global->MAIN_DEMO))
+{
+	accessforbidden('Constant MAIN_DEMO must be defined in Home->Setup->Misc to enable the demo entry page',1,1,1);
+	exit;
+}

 $demoprofiles=array(
 	array('default'=>'-1', 'key'=>'profdemofun','label'=>'DemoFundation',
@ -83,6 +89,7 @@ function llxHeaderVierge($title, $head = "")

 function llxFooter()
 {
+	print "\n";
 	print "</body>\n";
 	print "</html>\n";
 }