From 94c63478e2e66e968a61daedbafc5fbde9442102 Mon Sep 17 00:00:00 2001
From: x2003bruneau <x2003bruneau@839d8a87-29fc-0310-9880-83ba4fa771e5>
Date: Mon, 30 Oct 2006 12:37:25 +0000
Subject: [PATCH] Fix auth issues with Ajax

git-svn-id: svn+ssh://murphy/home/svn/platal/trunk@1040 839d8a87-29fc-0310-9880-83ba4fa771e5
---
 classes/platal.php        | 12 ++++++++----
 classes/plmodule.php      |  2 +-
 htdocs/javascript/ajax.js |  4 +++-
 include/platal.inc.php    |  3 +++
 modules/core.php          |  4 ++--
 modules/lists.php         |  2 +-
 6 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/classes/platal.php b/classes/platal.php
index 5e6374a..e8648ad 100644
--- a/classes/platal.php
+++ b/classes/platal.php
@@ -99,10 +99,14 @@ class Platal
         $args[0] = &$page;
 
         if ($hook['auth'] > S::v('auth', AUTH_PUBLIC)) {
-            global $globals;
-
-            if (!call_user_func(array($globals->session, 'doAuth'))) {
-                $this->force_login($page);
+            if ($hook['type'] == DO_AUTH) {
+                global $globals;
+    
+                if (!call_user_func(array($globals->session, 'doAuth'))) {
+                    $this->force_login($page);
+                }
+            } else {
+                return PL_FORBIDDEN;
             }
         }
 
diff --git a/classes/plmodule.php b/classes/plmodule.php
index ed4b07f..09c7baa 100644
--- a/classes/plmodule.php
+++ b/classes/plmodule.php
@@ -23,7 +23,7 @@ class PLModule
 {
     function handlers()     { die("implement me"); }
 
-    function make_hook($fun, $auth, $perms = '', $type = SKINNED)
+    function make_hook($fun, $auth, $perms = '', $type = DO_AUTH)
     {
         return array('hook'  => array($this, 'handler_'.$fun),
                      'auth'  => $auth,
diff --git a/htdocs/javascript/ajax.js b/htdocs/javascript/ajax.js
index ec485a7..8db2aef 100644
--- a/htdocs/javascript/ajax.js
+++ b/htdocs/javascript/ajax.js
@@ -51,7 +51,9 @@ Ajax = {
             function()
             {
                 if(Ajax.xml_client.readyState == 4) {
-                    document.getElementById(obj).innerHTML = Ajax.xml_client.responseText;
+                    if (Ajax.xml_client.status == 200) {
+                        document.getElementById(obj).innerHTML = Ajax.xml_client.responseText;
+                    }
                 }
             };
         Ajax.xml_client.open ('GET', src, true);
diff --git a/include/platal.inc.php b/include/platal.inc.php
index 3cdd140..b936f32 100644
--- a/include/platal.inc.php
+++ b/include/platal.inc.php
@@ -40,6 +40,9 @@ define('SKINNED', 0);
 define('SIMPLE',  1);
 define('NO_SKIN', 2);
 
+define('NO_AUTH', 0);
+define('DO_AUTH', 1);
+
 function __autoload($cls)
 {
     @include dirname(dirname(__FILE__)).'/classes/'.strtolower($cls).'.php';
diff --git a/modules/core.php b/modules/core.php
index 787e236..27f0c36 100644
--- a/modules/core.php
+++ b/modules/core.php
@@ -40,13 +40,13 @@ class CoreModule extends PLModule
 
     function handler_403(&$page)
     {
-        header('HTTP/1.0 403 Forbidden');
+        header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
         $page->changeTpl('403.tpl');
     }
 
     function handler_404(&$page)
     {
-        header('HTTP/1.0 404 Not Found');
+        header($_SERVER['SERVER_PROTOCOL'] . ' 404 Not Found');
         $page->changeTpl('404.tpl');
     }
 
diff --git a/modules/lists.php b/modules/lists.php
index 6ee2131..b77ec70 100644
--- a/modules/lists.php
+++ b/modules/lists.php
@@ -27,7 +27,7 @@ class ListsModule extends PLModule
     {
         return array(
             'lists'           => $this->make_hook('lists',     AUTH_MDP),
-            'lists/ajax'      => $this->make_hook('ajax',      AUTH_MDP),
+            'lists/ajax'      => $this->make_hook('ajax',      AUTH_MDP, '', NO_AUTH),
             'lists/create'    => $this->make_hook('create',    AUTH_MDP),
 
             'lists/members'   => $this->make_hook('members',   AUTH_COOKIE),
-- 
2.1.4