Sec: More security on public pages

htdocs/public/bplc/bplc.php

@@ -1,5 +1,6 @@
 <?php
 /* Copyright (C) 2002-2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>
+ * Copyright (C) 2009      Laurent Destailleur  <eldy@users.sourceforge.net>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -17,16 +18,23 @@
  */
 
 /**
+ *	\ingroup    banque
  * 	\brief		Gestion du retour du systeme de Cyberpaiement
- * 				Cette page est appellee par le serveur de la BPLC lors de l'utilisation
- * 				au systeme RSTS
+ * 				Cette page est appellee par le serveur de la BPLC lors de
+ * 				l'utilisation au systeme RSTS.
  * 	\version	$Id$
  */
 
-require("../../main.inc.php");
+require("../../master.inc.php");
 require_once(DOL_DOCUMENT_ROOT."/public/bplc/retourbplc.class.php");
 require_once(DOL_DOCUMENT_ROOT."/don.class.php");
 
+// Define lang object automatically using browser language
+$langs->setDefaultLang('auto');
+
+// Security check
+if (empty($conf->banque->enabled)) accessforbidden('',1,1,1);
+
 
 $retbplc = new Retourbplc($db);
 
@@ -65,14 +73,14 @@ if($return)
        * Validation de la commande
        *
        */
-      
+
       $don = new Don($db);
 
       $don_id = strstr($retbplc->ref_commande, 0, strlen($retbplc->ref_commande) -2);
 
       // 5 correspond au paiement en ligne voir table llx_c_paiement
 
-      $don->set_paye($don_id, 5); 
+      $don->set_paye($don_id, 5);
 
     }
 

htdocs/public/bplc/merci_code.php

@@ -17,13 +17,26 @@
  */
 
 /**
- * 	\version	$Id$
+ *     	\file       htdocs/public/bplc/merci_code.php
+ *		\ingroup    banque
+ *		\brief      File to offer a way to make a payment by BPLC
+ *		\version    $Id$
  */
 
+require("../../master.inc.php");
+require_once(DOL_DOCUMENT_ROOT."/public/bplc/retourbplc.class.php");
+require_once(DOL_DOCUMENT_ROOT."/don.class.php");
+
+// Define lang object automatically using browser language
+$langs->setDefaultLang('auto');
+
+// Security check
+if (empty($conf->banque->enabled)) accessforbidden('',1,1,1);
+
+
 if ($conf->don->onlinepayment)
 {
-
-  require(DOL_DOCUMENT_ROOT."../../cyberpaiement.class.php");
+  require(DOL_DOCUMENT_ROOT."public/bplc/cyberpaiement.class.php");
 
   $cyberp = new Cyberpaiement($conf);
 

htdocs/public/bplc/testretour.php

@@ -17,9 +17,20 @@
  */
 
 /**
- * 	\version	$Id$
+ *     	\file       htdocs/public/bplc/testretour.php
+ *		\ingroup    banque
+ *		\brief      Page to test the back link page bplc.php
+ * 		\version	$Id$
  */
 
+require("../../master.inc.php");
+
+// Define lang object automatically using browser language
+$langs->setDefaultLang('auto');
+
+// Security check
+if (empty($conf->banque->enabled)) accessforbidden('',1,1,1);
+
 ?>
 <form action="bplc.php" method="post">
 

htdocs/public/demo/index.php

@@ -20,7 +20,7 @@
 /**
  *     	\file       htdocs/public/demo/index.php
  *		\ingroup    core
- *		\brief      File to access demo
+ *		\brief      Entry page to access demo
  *		\author	    Laurent Destailleur
  *		\version    $Id$
  */
@@ -34,11 +34,8 @@ $langs->load("main");
 $langs->load("other");
 
 // Security check
-if (! empty($conf->global->MAIN_DEMO))
-{
-	accessforbidden('Constant MAIN_DEMO must be defined in Home->Setup->Misc to enable the demo entry page',1,1,1);
-	exit;
-}
+if (empty($conf->global->MAIN_DEMO)) accessforbidden('Constant MAIN_DEMO must be defined in Home->Setup->Misc to enable the demo entry page',1,1,1);
+
 
 $demoprofiles=array(
 	array('default'=>'-1', 'key'=>'profdemofun','label'=>'DemoFundation',

htdocs/public/donations/donateurs_code.php

@@ -17,16 +17,29 @@
  */
 
 /**
- * 	\version	$Id$
+ *	    \file       htdocs/public/donations/donateurs_code.php
+ *      \ingroup    donation
+ *		\brief      Page to list donators
+ * 		\version	$Id$
  */
 
 require("../../master.inc.php");
 require_once(DOL_DOCUMENT_ROOT ."/don.class.php");
 
+// Define lang object automatically using browser language
 $langs->setDefaultLang('auto');
 
+// Security check
+if (empty($conf->don->enabled)) accessforbidden('',1,1,1);
+
+
 $langs->load("donations");
 
+
+/*
+ * View
+ */
+
 $sql = "SELECT ".$db->pdate("d.datedon")." as datedon, d.nom, d.prenom, d.amount, d.public, d.societe";
 $sql .= " FROM ".MAIN_DB_PREFIX."don as d";
 $sql .= " WHERE d.fk_statut in (2, 3) ORDER BY d.datedon DESC";

htdocs/public/donations/therm.php

@@ -18,22 +18,27 @@
  */
 
 /**
-	    \file       htdocs/public/donations/therm.php
-        \ingroup    donation
-		\brief      Screen with thermometer
-		\version    $Id$
-*/
+ *	    \file       htdocs/public/donations/therm.php
+ *      \ingroup    donation
+ *		\brief      Screen with thermometer
+ *		\version    $Id$
+ */
 
 require("../../master.inc.php");
 require_once(DOL_DOCUMENT_ROOT."/lib/images.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/don.class.php");
 
+// Define lang object automatically using browser language
 $langs->setDefaultLang('auto');
 
+// Security check
+if (empty($conf->don->enabled)) accessforbidden('',1,1,1);
+
+
 
 /*
-* 	View
-*/
+ * 	View
+ */
 $dontherm = new Don($db);
 
 $intentValue  = $dontherm->sum_donations(1);

htdocs/public/members/new.php

@@ -34,6 +34,9 @@ require_once(DOL_DOCUMENT_ROOT."/html.form.class.php");
 // Define lang object automatically using browser language
 $langs->setDefaultLang('auto');
 
+// Security check
+if (empty($conf->adherent->enabled)) accessforbidden('',1,1,1);
+
 // Load translation files
 $langs->load("main");
 $langs->load("members");

htdocs/public/members/public_card.php

@@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2001-2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>
  * Copyright (C) 2002-2003 Jean-Louis Bergamo <jlb@j1b.org>
- * Copyright (C) 2007-2008 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2007-2009 Laurent Destailleur  <eldy@users.sourceforge.net>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -20,7 +20,8 @@
 
 /**
  *	\file       htdocs/public/members/priv_fiche.php
- *	\brief      Fichier de gestion de la popup de selection de date eldy
+ *	\ingroup    adherent
+ * 	\brief      Fichier de gestion de la popup de selection de date eldy
  *	\version    $Id$
  */
 
@@ -29,8 +30,13 @@ require_once(DOL_DOCUMENT_ROOT."/adherents/adherent.class.php");
 require_once(DOL_DOCUMENT_ROOT."/adherents/adherent_type.class.php");
 require_once(DOL_DOCUMENT_ROOT."/adherents/adherent_options.class.php");
 
+// Define lang object automatically using browser language
 $langs->setDefaultLang('auto');
 
+// Security check
+if (empty($conf->adherent->enabled)) accessforbidden('',1,1,1);
+
+
 $langs->load("main");
 $langs->load("members");
 $langs->load("companies");

htdocs/public/members/public_list.php

@@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2001-2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>
  * Copyright (C) 2002-2003 Jean-Louis Bergamo   <jlb@j1b.org>
- * Copyright (C) 2004-2008 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2004-2009 Laurent Destailleur  <eldy@users.sourceforge.net>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -19,15 +19,21 @@
  */
 
 /**
-        \file       htdocs/public/members/priv_liste.php
-        \brief      File sample to list members
-        \version    $Id$
-*/
+ *	\file       htdocs/public/members/priv_liste.php
+ *	\ingroup    adherent
+ *  \brief      File sample to list members
+ *  \version    $Id$
+ */
 
 require("../../master.inc.php");
 
+// Define lang object automatically using browser language
 $langs->setDefaultLang('auto');
 
+// Security check
+if (empty($conf->adherent->enabled)) accessforbidden('',1,1,1);
+
+
 $langs->load("main");
 $langs->load("members");
 $langs->load("companies");

htdocs/public/paybox/newpayment.php

@@ -19,8 +19,8 @@
  */
 
 /**
- *     	\file       htdocs/public/paybox/index.php
- *		\ingroup    core
+ *     	\file       htdocs/public/paybox/newpayment.php
+ *		\ingroup    paybox
  *		\brief      File to offer a way to make a payment for a particular Dolibarr entity
  *		\author	    Laurent Destailleur
  *		\version    $Id$
@@ -57,6 +57,9 @@ require_once(DOL_DOCUMENT_ROOT."/product.class.php");
 $langcode=(empty($_GET["lang"])?'auto':$_GET["lang"]);
 $langs->setDefaultLang($langcode);
 
+// Security check
+if (empty($conf->paybox->enabled)) accessforbidden('',1,1,1);
+
 $langs->load("main");
 $langs->load("other");
 $langs->load("paybox");

htdocs/public/paybox/paymentko.php

@@ -19,7 +19,7 @@
 
 /**
  *     	\file       htdocs/public/paybox/paymentok.php
- *		\ingroup    core
+ *		\ingroup    paybox
  *		\brief      File to offer a way to make a payment for a particular Dolibarr entity
  *		\author	    Laurent Destailleur
  *		\version    $Id$
@@ -32,6 +32,9 @@ require_once(DOL_DOCUMENT_ROOT."/lib/company.lib.php");
 $langcode=(empty($_GET["lang"])?'auto':$_GET["lang"]);
 $langs->setDefaultLang($langcode);
 
+// Security check
+if (empty($conf->paybox->enabled)) accessforbidden('',1,1,1);
+
 $langs->load("main");
 $langs->load("other");
 $langs->load("paybox");

htdocs/public/paybox/paymentok.php

@@ -19,7 +19,7 @@
 
 /**
  *     	\file       htdocs/public/paybox/paymentok.php
- *		\ingroup    core
+ *		\ingroup    paybox
  *		\brief      File to offer a way to make a payment for a particular Dolibarr entity
  *		\author	    Laurent Destailleur
  *		\version    $Id$
@@ -32,6 +32,9 @@ require_once(DOL_DOCUMENT_ROOT."/lib/company.lib.php");
 $langcode=(empty($_GET["lang"])?'auto':$_GET["lang"]);
 $langs->setDefaultLang($langcode);
 
+// Security check
+if (empty($conf->paybox->enabled)) accessforbidden('',1,1,1);
+
 $langs->load("main");
 $langs->load("other");
 $langs->load("paybox");
@@ -41,7 +44,6 @@ $langs->load("companies");
 
 
 
-
 /*
  * Actions
  */