X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=plugins%2Fadministrator%2Fauth.php;h=b988bffa2f39cb817a650707684aeb24862b8e5f;hp=a40852dc862dec28595b500f6f52be9c07fc42d2;hb=522a2253780a3f16423368b8908f678aad0ed216;hpb=2d977280b841146cda14191d232ba55ce74ce5fc

diff --git a/plugins/administrator/auth.php b/plugins/administrator/auth.php
index a40852dc..b988bffa 100644
--- a/plugins/administrator/auth.php
+++ b/plugins/administrator/auth.php
@@ -1,29 +1,65 @@
 <?php
 
-/*
- *  This function tell other modules what users have access
- *  to the plugin.
- *  
- *  Philippe Mingo
- *  
- *  $Id$
+/**
+ * Administrator plugin - Authentication routines
+ *
+ * This function tell other modules what users have access
+ * to the plugin.
+ *
+ * @author Philippe Mingo
+ * @copyright &copy; 1999-2006 The SquirrelMail Project Team
+ * @license http://opensource.org/licenses/gpl-license.php GNU Public License
+ * @version $Id$
+ * @package plugins
+ * @subpackage administrator
+ */
+
+/**
+ * Check if user has access to administrative functions
+ *
+ * @return boolean
  */
 function adm_check_user() {
+    global $PHP_SELF, $plugins;
 
-    GLOBAL $username, $PHP_SELF;
+    /* fail if the plugin is not enabled */
+    if ( !in_array('administrator', $plugins) ) {
+        return FALSE;
+    }
 
-    if ( substr( $PHP_SELF, -11 ) <> 'options.php' ) {
-    $auth = FALSE;
-    } else if ( file_exists( '../plugins/administrator/admins' ) ) {
-        $auths = file( '../plugins/administrator/admins' );
-        $auth = in_array( "$username\n", $auths );
-    } else if ( $adm_id = fileowner('../config/config.php') ) {
-        $adm = posix_getpwuid( $adm_id );
-        $auth = ( $username == $adm['name'] );
+    if ( !sqgetGlobalVar('username',$username,SQ_SESSION) ) {
+        $username = '';
     }
 
-    return( $auth );
+    /* This needs to be first, for all non_options pages */
+    if (strpos('options.php', $PHP_SELF)) {
+        $auth = FALSE;
+    } else if (file_exists(SM_PATH . 'plugins/administrator/admins')) {
+        $auths = file(SM_PATH . 'plugins/administrator/admins');
+        array_walk($auths, 'adm_array_trim');
+        $auth = in_array($username, $auths);
+    } else if (file_exists(SM_PATH . 'config/admins')) {
+        $auths = file(SM_PATH . 'config/admins');
+        array_walk($auths, 'adm_array_trim');
+        $auth = in_array($username, $auths);
+    } else if (($adm_id = fileowner(SM_PATH . 'config/config.php')) &&
+               function_exists('posix_getpwuid')) {
+        $adm = posix_getpwuid( $adm_id );
+        $auth = ($username == $adm['name']);
+    } else {
+        $auth = FALSE;
+    }
 
+    return ($auth);
 }
 
-?>
\ No newline at end of file
+/**
+ * Removes whitespace from array values
+ * @param string $value array value that has to be trimmed
+ * @param string $key array key
+ * @since 1.5.1 and 1.4.5
+ * @access private
+ */
+function adm_array_trim(&$value,$key) {
+    $value=trim($value);
+}