One more. I wasn't done.

[squirrelmail.git] / plugins / administrator / auth.php

diff --git a/plugins/administrator/auth.php b/plugins/administrator/auth.php
index afbd8719e61ede224da6ad5c4d1dc7f7ec2d4890..aad9344131138a660d175359e12f630311c53c1d 100644 (file)
--- a/plugins/administrator/auth.php
+++ b/plugins/administrator/auth.php
@@ -1,37 +1,51 @@
 <?php
 
 /**
- *  This function tell other modules what users have access
- *  to the plugin.
- *  
- *  Philippe Mingo
- *  
- *  $Id$
+ * Administrator plugin - Authentication routines
+ *
+ * This function tell other modules what users have access
+ * to the plugin.
+ *
+ * @author Philippe Mingo
+ * @copyright &copy; 1999-2007 The SquirrelMail Project Team
+ * @license http://opensource.org/licenses/gpl-license.php GNU Public License
+ * @version $Id$
  * @package plugins
  * @subpackage administrator
  */
 
 /**
-*
-*/
+ * Check if user has access to administrative functions
+ *
+ * @return boolean
+ */
 function adm_check_user() {
-    global $PHP_SELF;
-    require_once(SM_PATH . 'functions/global.php');
-    
+    global $plugins;
+
+    /* fail if the plugin is not enabled */
+    if ( !in_array('administrator', $plugins) ) {
+        return FALSE;
+    }
+
     if ( !sqgetGlobalVar('username',$username,SQ_SESSION) ) {
         $username = '';
     }
 
     /* This needs to be first, for all non_options pages */
-    if (strpos('options.php', $PHP_SELF)) {
+    //if (!defined('PAGE_NAME') || strpos(PAGE_NAME, 'options') === FALSE) {
+    if (!defined('PAGE_NAME') 
+     || (PAGE_NAME != 'administrator_options' && PAGE_NAME != 'options')) {
         $auth = FALSE;
     } else if (file_exists(SM_PATH . 'plugins/administrator/admins')) {
         $auths = file(SM_PATH . 'plugins/administrator/admins');
-        $auth = in_array("$username\n", $auths);
+        array_walk($auths, 'adm_array_trim');
+        $auth = in_array($username, $auths);
     } else if (file_exists(SM_PATH . 'config/admins')) {
         $auths = file(SM_PATH . 'config/admins');
-        $auth = in_array("$username\n", $auths);
-    } else if ($adm_id = fileowner(SM_PATH . 'config/config.php')) {
+        array_walk($auths, 'adm_array_trim');
+        $auth = in_array($username, $auths);
+    } else if (($adm_id = fileowner(SM_PATH . 'config/config.php')) &&
+               function_exists('posix_getpwuid')) {
         $adm = posix_getpwuid( $adm_id );
         $auth = ($username == $adm['name']);
     } else {
@@ -41,4 +55,13 @@ function adm_check_user() {
     return ($auth);
 }
 
-?>
+/**
+ * Removes whitespace from array values
+ * @param string $value array value that has to be trimmed
+ * @param string $key array key
+ * @since 1.5.1 and 1.4.5
+ * @access private
+ */
+function adm_array_trim(&$value,$key) {
+    $value=trim($value);
+}