projects / platal.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'master' of /home/git/platal into profile_edit
[platal.git] / classes / platal.php
diff --git a/classes/platal.php b/classes/platal.php
index 5716199..46de900 100644 (file)
--- a/classes/platal.php
+++ b/classes/platal.php
@@ -28,6 +28,8 @@ class Platal
     private $__mods;
     private $__hooks;
 
+    protected $https;
+
     public $ns;
     public $path;
     public $argv;
@@ -45,6 +47,7 @@ class Platal
 
         array_unshift($modules, 'core');
         foreach ($modules as $module) {
+            $module = strtolower($module);
             $this->__mods[$module] = $m = PLModule::factory($module);
             $this->__hooks += $m->handlers();
         }
@@ -85,6 +88,7 @@ class Platal
             return null;
         }
 
+        $this->https = ($hook['type'] & NO_HTTPS) ? false : true;
         $this->argv    = explode('/', substr($this->path, strlen($p)));
         $this->argv[0] = $p;
 
@@ -125,7 +129,7 @@ class Platal
         return null;
     }
 
-    protected function near_hook()
+    public function near_hook()
     {
         $hooks = array();
         foreach ($this->__hooks as $hook=>$handler) {
@@ -138,7 +142,7 @@ class Platal
                 if (!isset($place[$part])) {
                     $place[$part] = array();
                 }
-                $place =& $place[$part]; 
+                $place =& $place[$part];
             }
             $place["#final#"] = array();
         }
@@ -175,20 +179,31 @@ class Platal
         return null;
     }
 
+    protected function check_perms($perms)
+    {
+        if (!$perms) { // No perms, no check
+            return true;
+        }
+        $s_perms = S::v('perms');
+        return $s_perms->hasFlagCombination($perms);
+    }
+
     private function call_hook(PlatalPage &$page)
     {
         $hook = $this->find_hook();
         if (empty($hook)) {
             return PL_NOT_FOUND;
         }
+        global $globals;
+        if ($this->https && !$_SERVER['HTTPS'] && $globals->core->secure_domain) {
+            http_redirect('https://' . $globals->core->secure_domain . $_SERVER['REQUEST_URI']);
+        }
 
-        $args    = $this->argv;
-        $args[0] = &$page;
+        $args    =  $this->argv;
+        $args[0] =$page;
 
         if ($hook['auth'] > S::v('auth', AUTH_PUBLIC)) {
-            if ($hook['type'] == DO_AUTH) {
-                global $globals;
-    
+            if ($hook['type'] & DO_AUTH) {
                 if (!call_user_func(array($globals->session, 'doAuth'))) {
                     $this->force_login($page);
                 }
@@ -196,14 +211,12 @@ class Platal
                 return PL_FORBIDDEN;
             }
         }
-
-        if (!empty($hook['perms']) && $hook['perms'] != S::v('perms')) {
+        if ($hook['auth'] != AUTH_PUBLIC && !$this->check_perms($hook['perms'])) {
             return PL_FORBIDDEN;
         }
 
         $val = call_user_func_array($hook['hook'], $args);
-        if ($val == PL_DO_AUTH) {
-            global $globals;
+        if ($val & PL_DO_AUTH) {
             // The handler need a better auth with the current args
             if (!call_user_func(array($globals->session, 'doAuth'))) {
                 $this->force_login($page);
@@ -213,7 +226,7 @@ class Platal
         return $val;
     }
 
-    protected function force_login(PlatalPage &$page)
+    public function force_login(PlatalPage &$page)
     {
         if (S::logged()) {
             $page->changeTpl('core/password_prompt_logged.tpl');
@@ -251,7 +264,7 @@ class Platal
         $page->run();
     }
 
-    private function on_subscribe($forlife, $uid, $promo, $pass)
+    public function on_subscribe($forlife, $uid, $promo, $pass)
     {
         $args = func_get_args();
         foreach ($this->__mods as $mod) {
plat/al