Restrict access to sensitive www content to authenticated users

dompdf · Dec 7, 2015 · cc06008 · cc06008
1 parent aa3d3a2
commit cc06008
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 3 deletions.
diff --git a/www/debugger.php b/www/debugger.php
@@ -1,6 +1,8 @@
 <?php
+require_once "functions.inc.php";
+
 $allowed_hosts = array("::1", "127.0.0.1");
-if( !in_array($_SERVER['REMOTE_ADDR'], $allowed_hosts) ) {
+if( !auth_ok() || !in_array($_SERVER['REMOTE_ADDR'], $allowed_hosts) ) {
   die("Access denied to host at " . $_SERVER['REMOTE_ADDR']);
 }
 

diff --git a/www/demo.php b/www/demo.php
@@ -6,7 +6,7 @@
 $local = array("::1", "127.0.0.1");
 $is_local = in_array($_SERVER['REMOTE_ADDR'], $local);
 
-if ( isset( $_POST["html"] ) && $is_local ) {
+if ( auth_ok() && $is_local && isset( $_POST["html"] ) ) {
 
   if ( get_magic_quotes_gpc() )
     $_POST["html"] = stripslashes($_POST["html"]);
@@ -27,7 +27,7 @@
 <a name="demo"> </a>
 <h2>Demo</h2>
 
-<?php if ($is_local) { ?>
+<?php if (auth_ok() && $is_local) { ?>
 
 <p>Enter your html snippet in the text box below to see it rendered as a
 PDF: (Note by default, remote stylesheets, images &amp; inline PHP are disabled.)</p>
@@ -79,6 +79,8 @@
     User input has been disabled for remote connections.
   </p>
 
+  <?php echo auth_get_link(); ?>
+
 <?php } ?>
 
 <?php include("foot.inc"); ?>
diff --git a/www/setup.php b/www/setup.php
@@ -1,5 +1,9 @@
 <?php include("head.inc"); ?>
 
+<?php
+if (auth_ok()) {
+?>
+
 <a name="setup"> </a>
 <h2>Setup</h2>
 
@@ -296,5 +300,12 @@
 
 </table>
 
+<?php
+} else {
+  echo auth_get_link();
+}
+?>
+
+
 
 <?php include("foot.inc"); ?>