get("mb_user_id") || !Mapbender::session()->get("mb_user_ip") || Mapbender::session()->get('mb_user_ip') != $_SERVER['REMOTE_ADDR']) { $e = new mb_exception("mb_validateSession.php: Invalid user: " . Mapbender::session()->get("mb_user_id")); session_write_close(); header("Location: " . LOGIN); die(); } // // set the global var gui_id // if (!isset($gui_id)) { $e = new mb_notice("gui id not set"); if (isset($_REQUEST["guiID"])) { //TODO validate guiID & mb_user_myGui //$gui_id = $_REQUEST["guiID"]; $gui_id = Mapbender::parseGuiRequestParameter($_REQUEST["guiID"]); $e = new mb_notice("gui id set to guiID: " . $gui_id); } //set this to hold the get parameters for login.php in sync elseif (isset($_REQUEST["mb_user_myGui"])) { //TODO validate guiID & mb_user_myGui //$gui_id = $_REQUEST["mb_user_myGui"]; $gui_id = Mapbender::parseGuiRequestParameter($_REQUEST["mb_user_myGui"]); $e = new mb_notice("gui id set to gui_id: " . $gui_id); } elseif (isset($_REQUEST["gui_id"])) { //TODO validate guiID & mb_user_myGui //$gui_id = $_REQUEST["gui_id"]; $gui_id = Mapbender::parseGuiRequestParameter($_REQUEST["gui_id"]); $e = new mb_notice("gui id set to gui_id: " . $gui_id); } elseif (Mapbender::session()->get("mb_user_gui") !== false) { $gui_id = Mapbender::session()->get("mb_user_gui"); $e = new mb_notice("gui id set to gui_id: " . $gui_id); } else { $e = new mb_notice("mb_validateSession.php: gui_id not set in script: " . $_SERVER["SCRIPT_NAME"]); } } // //use lang parameter to set the session var mb_lang if (isset($_REQUEST["lang"]) && $_REQUEST["lang"] != "") { //validate to de, en, fr, ... give a whitelist $testMatch = $_REQUEST["lang"]; if (!($testMatch == 'de' or $testMatch == 'en' or $testMatch == 'fr')){ //echo 'lang: '.$testMatch.' is not valid.
'; echo 'Parameter lang is not valid (de,fr,en).
'; die(); } $lang = $testMatch; //set the Mapbender::session()->set("mb_lang",$lang); $e = new mb_notice("mb_validateSession.php: lang was set by GET to: " .$lang); $testMatch = NULL; } // // set the global var e_id // if (!isset($e_id)) { if (isset($_REQUEST["elementID"])) { $e_id = $_REQUEST["elementID"]; } elseif (isset($_REQUEST["e_id"])) { $e_id = $_REQUEST["e_id"]; } else { $e = new mb_notice("mb_validateSession.php: e_id not set in script: " . $_SERVER["SCRIPT_NAME"]); } } // // set variables used for form targets or links // $urlParameters = SID; if (isset($gui_id)) { $urlParameters .= "&guiID=" . $gui_id; } if (isset($e_id)) { $urlParameters .= "&elementID=" . $e_id; } $self = $_SERVER["SCRIPT_NAME"] . "?" . $urlParameters; $e = new mb_notice("mb_validateSession.php: GUI: " . $gui_id . ", checking file " . $_SERVER["SCRIPT_NAME"] . "...session valid."); ?>