From 2b4044a26a9b2375acef6db9422461b29a4af126 Mon Sep 17 00:00:00 2001
From: yohan <783b8c87@scimetis.net>
Date: Tue, 15 Sep 2015 02:35:06 +0200
Subject: [PATCH] Block everything if global private mode enabled and user not
 logged on.

---
 data/config.default.php        |  9 ++++++---
 src/SemanticScuttle/header.php | 25 +++++++++++++++++++++++++
 2 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/data/config.default.php b/data/config.default.php
index 5e560a7..0ec8b93 100644
--- a/data/config.default.php
+++ b/data/config.default.php
@@ -253,10 +253,13 @@ $adminsAreAdvisedTagsFromOtherAdmins = false;
  *
  * @var array
  */
-$reservedusers  = array('all', 'watchlist');
-
-
+$reservedusers = array('all', 'watchlist');
 
+/**
+ * If global private mode is enabled (everything will be blocked for unlogged users). 
+ * @var boolean
+ */
+$privatemode = false;
 
 /***************************************************
  * Anti SPAM measures
diff --git a/src/SemanticScuttle/header.php b/src/SemanticScuttle/header.php
index 1f2f12c..e89f613 100644
--- a/src/SemanticScuttle/header.php
+++ b/src/SemanticScuttle/header.php
@@ -171,4 +171,29 @@ if (!defined('UNIT_TEST_MODE') || defined('HTTP_UNIT_TEST_MODE')) {
         header('Content-Type: ' . $httpContentType . '; charset=utf-8');
     }
 }
+// 7 // Block everything if global private mode enabled and user not logged on
+
+// This is required to prevent breaking the API. Some API PHP source files include httpauth.inc.php
+// which already check if the user is logged on and include www-header.php.
+// We also allow password.php so users can reset their password and login.php so they can log in.
+if (isset($GLOBALS['privatemode'])) {
+        if ($GLOBALS['privatemode'] && ! $userservice->isLoggedOn()) {
+                $flag = 1;
+                $included_files = get_included_files();
+                foreach ($included_files as $filename) {
+                        if (strpos($filename,'httpauth.inc.php') !== false || strpos($filename,'password.php') !== false || strpos($filename,'login.php') !== false) {
+                                $flag = 0;
+                                break;
+                        }
+                }
+                if ($flag) {
+                                $tplVars['error'] = T_('You must log in.');
+                                $tplVars['subtitle']    = T_('Log In');
+                                $tplVars['formaction']  = createURL('login');
+                                $tplVars['querystring'] = filter($_SERVER['QUERY_STRING']);
+                                $templateservice->loadTemplate('login.tpl', $tplVars);
+                                die();
+                }
+        }
+}
 ?>