[3733] | 1 | <?php |
---|
| 2 | /** |
---|
| 3 | * DAViCal extensions to AWL Session handling |
---|
| 4 | * |
---|
| 5 | * @package davical |
---|
| 6 | * @subpackage DAViCalSession |
---|
| 7 | * @author Andrew McMillan <andrew@mcmillan.net.nz> |
---|
| 8 | * @copyright Catalyst .Net Ltd, Morphoss Ltd <http://www.morphoss.com/> |
---|
| 9 | * @license http://gnu.org/copyleft/gpl.html GNU GPL v2 |
---|
| 10 | */ |
---|
| 11 | |
---|
| 12 | /** |
---|
| 13 | * @global resource $session |
---|
| 14 | * @name $session |
---|
| 15 | * The session object is global. |
---|
| 16 | */ |
---|
| 17 | $session = 1; // Fake initialisation |
---|
| 18 | |
---|
| 19 | // The Session object uses some (optional) configurable SQL to load |
---|
| 20 | // the records related to the logged-on user... (the where clause gets added). |
---|
| 21 | // It's very important that someone not be able to externally control this, |
---|
| 22 | // so we make it a function rather than a variable. |
---|
| 23 | /** |
---|
| 24 | * @todo Make this a defined constant |
---|
| 25 | */ |
---|
| 26 | function local_session_sql() { |
---|
| 27 | $sql = <<<EOSQL |
---|
| 28 | SELECT session.*, usr.*, principal.* |
---|
| 29 | FROM session JOIN usr USING(user_no) JOIN principal USING(user_no) |
---|
| 30 | EOSQL; |
---|
| 31 | return $sql; |
---|
| 32 | } |
---|
| 33 | |
---|
| 34 | /** |
---|
| 35 | * We extend the AWL Session class. |
---|
| 36 | */ |
---|
| 37 | require('Session.php'); |
---|
| 38 | |
---|
| 39 | |
---|
| 40 | @Session::_CheckLogout(); |
---|
| 41 | |
---|
| 42 | /** |
---|
| 43 | * A class for creating and holding session information. |
---|
| 44 | * |
---|
| 45 | * @package davical |
---|
| 46 | */ |
---|
| 47 | class DAViCalSession extends Session |
---|
| 48 | { |
---|
| 49 | |
---|
| 50 | /** |
---|
| 51 | * Create a new DAViCalSession object. |
---|
| 52 | * |
---|
| 53 | * We create a Session and extend it with some additional useful RSCDS |
---|
| 54 | * related information. |
---|
| 55 | * |
---|
| 56 | * @param string $sid A session identifier. |
---|
| 57 | */ |
---|
| 58 | function __construct( $sid='' ) { |
---|
| 59 | $this->Session($sid); |
---|
| 60 | } |
---|
| 61 | |
---|
| 62 | |
---|
| 63 | /** |
---|
| 64 | * Internal function used to assign the session details to a user's new session. |
---|
| 65 | * @param object $u The user+session object we (probably) read from the database. |
---|
| 66 | */ |
---|
| 67 | function AssignSessionDetails( $u ) { |
---|
| 68 | if ( !isset($u->principal_id) ) { |
---|
| 69 | // If they don't have a principal_id set then we should re-read from our local database |
---|
| 70 | $qry = new AwlQuery('SELECT * FROM dav_principal WHERE username = :username', array(':username' => $u->username) ); |
---|
| 71 | if ( $qry->Exec() && $qry->rows() == 1 ) { |
---|
| 72 | $u = $qry->Fetch(); |
---|
| 73 | } |
---|
| 74 | } |
---|
| 75 | |
---|
| 76 | parent::AssignSessionDetails( $u ); |
---|
| 77 | $this->GetRoles(); |
---|
| 78 | if ( function_exists('awl_set_locale') && isset($this->locale) && $this->locale != '' ) { |
---|
| 79 | awl_set_locale($this->locale); |
---|
| 80 | } |
---|
| 81 | } |
---|
| 82 | |
---|
| 83 | |
---|
| 84 | /** |
---|
| 85 | * Method used to get the user's roles |
---|
| 86 | */ |
---|
| 87 | function GetRoles () { |
---|
| 88 | $this->roles = array(); |
---|
| 89 | $sql = 'SELECT role_name FROM roles JOIN role_member ON roles.role_no=role_member.role_no WHERE user_no = '.$this->user_no; |
---|
| 90 | $qry = new AwlQuery( $sql ); |
---|
| 91 | if ( $qry->Exec('DAViCalSession') && $qry->rows() > 0 ) { |
---|
| 92 | while( $role = $qry->Fetch() ) { |
---|
| 93 | $this->roles[$role->role_name] = 1; |
---|
| 94 | } |
---|
| 95 | } |
---|
| 96 | } |
---|
| 97 | |
---|
| 98 | |
---|
| 99 | /** |
---|
| 100 | * Checks that this user is logged in, and presents a login screen if they aren't. |
---|
| 101 | * |
---|
| 102 | * The function can optionally confirm whether they are a member of one of a list |
---|
| 103 | * of roles, and deny access if they are not a member of any of them. |
---|
| 104 | * |
---|
| 105 | * @param string $roles The list of roles that the user must be a member of one of to be allowed to proceed. |
---|
| 106 | * @return boolean Whether or not the user is logged in and is a member of one of the required roles. |
---|
| 107 | */ |
---|
| 108 | function LoginRequired( $roles = '' ) { |
---|
| 109 | global $c, $session, $main_menu, $sub_menu, $tab_menu; |
---|
| 110 | |
---|
| 111 | $current_domain = (isset($_SERVER['SERVER_NAME'])?$_SERVER['SERVER_NAME']:$_SERVER['SERVER_ADDR']); |
---|
| 112 | if ( (isset($c->restrict_admin_domain) && $c->restrict_admin_domain != $current_domain) |
---|
| 113 | || (isset($c->restrict_admin_port) && $c->restrict_admin_port != $_SERVER['SERVER_PORT'] ) ) { |
---|
| 114 | header('Location: caldav.php'); |
---|
| 115 | dbg_error_log( 'LOG WARNING', 'Access to "%s" via "%s:%d" rejected.', $_SERVER['REQUEST_URI'], $current_domain, $_SERVER['SERVER_PORT'] ); |
---|
| 116 | exit(0); |
---|
| 117 | } |
---|
| 118 | if ( isset($c->restrict_admin_roles) && $roles == '' ) $roles = $c->restrict_admin_roles; |
---|
| 119 | if ( $this->logged_in && $roles == '' ) return; |
---|
| 120 | if ( ! $this->logged_in ) { |
---|
| 121 | $c->messages[] = i18n('You must log in to use this system.'); |
---|
| 122 | include_once('page-header.php'); |
---|
| 123 | if ( function_exists('local_index_not_logged_in') ) { |
---|
| 124 | local_index_not_logged_in(); |
---|
| 125 | } |
---|
| 126 | else { |
---|
| 127 | if ( $this->login_failed ) { |
---|
| 128 | $c->messages[] = i18n('Invalid user name or password.'); |
---|
| 129 | } |
---|
| 130 | echo '<h1>'.translate('Log On Please')."</h1>\n"; |
---|
| 131 | echo '<p>'.translate('For access to the') |
---|
| 132 | .' '.translate($c->system_name).' ' |
---|
| 133 | .translate('you should log on with the username and password that have been issued to you.') |
---|
| 134 | ."</p>\n"; |
---|
| 135 | echo '<p>'.translate('If you would like to request access, please e-mail').' '.$c->admin_email."</p>\n"; |
---|
| 136 | echo $this->RenderLoginPanel(); |
---|
| 137 | } |
---|
| 138 | } |
---|
| 139 | else { |
---|
| 140 | $valid_roles = explode(',', $roles); |
---|
| 141 | foreach( $valid_roles AS $k => $v ) { |
---|
| 142 | if ( $this->AllowedTo($v) ) return; |
---|
| 143 | } |
---|
| 144 | $c->messages[] = i18n('You are not authorised to use this function.'); |
---|
| 145 | include_once('page-header.php'); |
---|
| 146 | } |
---|
| 147 | |
---|
| 148 | include('page-footer.php'); |
---|
| 149 | exit; |
---|
| 150 | } |
---|
| 151 | } |
---|
| 152 | |
---|
| 153 | $session = new DAViCalSession(); |
---|
| 154 | $session->_CheckLogin(); |
---|
| 155 | |
---|