added check login, check admin and check site to every page.

If not, it was possible to execute them...!!
2025-08-02 07:39:54 +02:00 · 2003-05-18 17:15:05 +00:00 · 2003-05-18 17:15:05 +00:00 · c563a9a0d1
commit c563a9a0d1
parent cc7fa0dc05
5 changed files with 72 additions and 2 deletions
--- a/backup/backup_check.html
+++ b/backup/backup_check.html
@ -1,6 +1,19 @@
 <?PHP //$Id$
    //This page prints the backup todo list to see everything

+    //Check login   
+    require_login();
+
+    //Check admin
+    if (!isadmin()) {
+        error("You need to be an admin user to use this page.", "$CFG->wwwroot/login/index.php");
+    }
+
+    //Check site
+    if (!$site = get_site()) {
+        error("Site not found!");
+    }
+
   //Checks for the required files/functions to backup every mod
    //And check if there is data about it
    $count = 0;
--- a/backup/backup_execute.html
+++ b/backup/backup_execute.html
@ -1,6 +1,19 @@
 <?PHP //$Id$
    //This page prints the backup todo list to see everything

+    //Check login   
+    require_login();
+
+    //Check admin
+    if (!isadmin()) {
+        error("You need to be an admin user to use this page.", "$CFG->wwwroot/login/index.php");
+    }
+
+    //Check site
+    if (!$site = get_site()) {
+        error("Site not found!");
+    }
+
   //Checks for the required files/functions to backup every mod
    //And check if there is data about it
    $count = 0;
--- a/backup/backup_form.html
+++ b/backup/backup_form.html
@ -1,6 +1,19 @@
 <?PHP //$Id$
    //This page prints the backup form to select everything

+    //Check login   
+    require_login();
+
+    //Check admin
+    if (!isadmin()) {
+        error("You need to be an admin user to use this page.", "$CFG->wwwroot/login/index.php");
+    }
+
+    //Check site
+    if (!$site = get_site()) {
+        error("Site not found!");
+    }
+
   //Checks for the required files/functions to backup every mod
    //And check if there is data about it 
    $count = 0;
--- a/backup/restore.php
+++ b/backup/restore.php
@ -65,8 +65,8 @@
    //Call the form, depending the step we are
    if (!$launch) {
        include_once("restore_precheck.html");
-    } else if ($launch == "check") {
-        include_once("backup_check.html");
+    } else if ($launch == "form") {
+        include_once("restore_form.html");
    } else if ($launch == "execute") {
        include_once("backup_execute.html");
    }
--- a/backup/restore_precheck.html
+++ b/backup/restore_precheck.html
@ -9,6 +9,19 @@
        error ("File not specified");
    }

+    //Check login   
+    require_login();
+
+    //Check admin
+    if (!isadmin()) {
+        error("You need to be an admin user to use this page.", "$CFG->wwwroot/login/index.php");
+    }
+
+    //Check site
+    if (!$site = get_site()) {
+        error("Site not found!");
+    }
+
    //Prepend dataroot to variable to have the absolute path
    $file = $CFG->dataroot."/".$file;

@ -93,7 +106,25 @@
        }
    }

+    //Save course header and info into php session
+    if ($status) {
+        $SESSION->info = $info;
+        $SESSION->course_header = $course_header;
+    }
+
+    //Finally, a little form to continue
+    //with some hidden fields
+    if ($status) {
+        echo "<br><CENTER>";
+        $hidden["backup_unique_code"] = $backup_unique_code;
+        $hidden["launch"]             = "form";
+        $hidden["file"]               =  $file;
+        print_single_button("restore.php", $hidden, get_string("continue"),"post");
+        echo "</CENTER>";
+    }
+  
    if (!$status) {
        error ("An error has ocurred");
    }
+
 ?>