1 | <?php |
---|
2 | /** |
---|
3 | * DAViCal extensions to AWL Session handling |
---|
4 | * |
---|
5 | * @package davical |
---|
6 | * @subpackage DAViCalSession |
---|
7 | * @author Andrew McMillan <andrew@mcmillan.net.nz> |
---|
8 | * @copyright Catalyst .Net Ltd, Morphoss Ltd <http://www.morphoss.com/> |
---|
9 | * @license http://gnu.org/copyleft/gpl.html GNU GPL v2 |
---|
10 | */ |
---|
11 | |
---|
12 | /** |
---|
13 | * @global resource $session |
---|
14 | * @name $session |
---|
15 | * The session object is global. |
---|
16 | */ |
---|
17 | $session = 1; // Fake initialisation |
---|
18 | |
---|
19 | // The Session object uses some (optional) configurable SQL to load |
---|
20 | // the records related to the logged-on user... (the where clause gets added). |
---|
21 | // It's very important that someone not be able to externally control this, |
---|
22 | // so we make it a function rather than a variable. |
---|
23 | /** |
---|
24 | * @todo Make this a defined constant |
---|
25 | */ |
---|
26 | function local_session_sql() { |
---|
27 | $sql = <<<EOSQL |
---|
28 | SELECT session.*, usr.*, principal.* |
---|
29 | FROM session JOIN usr USING(user_no) JOIN principal USING(user_no) |
---|
30 | EOSQL; |
---|
31 | return $sql; |
---|
32 | } |
---|
33 | |
---|
34 | /** |
---|
35 | * We extend the AWL Session class. |
---|
36 | */ |
---|
37 | require('Session.php'); |
---|
38 | |
---|
39 | |
---|
40 | @Session::_CheckLogout(); |
---|
41 | |
---|
42 | /** |
---|
43 | * A class for creating and holding session information. |
---|
44 | * |
---|
45 | * @package davical |
---|
46 | */ |
---|
47 | class DAViCalSession extends Session |
---|
48 | { |
---|
49 | |
---|
50 | /** |
---|
51 | * Create a new DAViCalSession object. |
---|
52 | * |
---|
53 | * We create a Session and extend it with some additional useful RSCDS |
---|
54 | * related information. |
---|
55 | * |
---|
56 | * @param string $sid A session identifier. |
---|
57 | */ |
---|
58 | function __construct( $sid='' ) { |
---|
59 | $this->Session($sid); |
---|
60 | } |
---|
61 | |
---|
62 | |
---|
63 | /** |
---|
64 | * Internal function used to assign the session details to a user's new session. |
---|
65 | * @param object $u The user+session object we (probably) read from the database. |
---|
66 | */ |
---|
67 | function AssignSessionDetails( $u ) { |
---|
68 | if ( !isset($u->principal_id) ) { |
---|
69 | // If they don't have a principal_id set then we should re-read from our local database |
---|
70 | $qry = new AwlQuery('SELECT * FROM dav_principal WHERE username = :username', array(':username' => $u->username) ); |
---|
71 | if ( $qry->Exec() && $qry->rows() == 1 ) { |
---|
72 | $u = $qry->Fetch(); |
---|
73 | } |
---|
74 | } |
---|
75 | |
---|
76 | parent::AssignSessionDetails( $u ); |
---|
77 | $this->GetRoles(); |
---|
78 | if ( function_exists('awl_set_locale') && isset($this->locale) && $this->locale != '' ) { |
---|
79 | awl_set_locale($this->locale); |
---|
80 | } |
---|
81 | } |
---|
82 | |
---|
83 | |
---|
84 | /** |
---|
85 | * Method used to get the user's roles |
---|
86 | */ |
---|
87 | function GetRoles () { |
---|
88 | $this->roles = array(); |
---|
89 | $sql = 'SELECT role_name FROM roles JOIN role_member ON roles.role_no=role_member.role_no WHERE user_no = '.$this->user_no; |
---|
90 | $qry = new AwlQuery( $sql ); |
---|
91 | if ( $qry->Exec('DAViCalSession') && $qry->rows() > 0 ) { |
---|
92 | while( $role = $qry->Fetch() ) { |
---|
93 | $this->roles[$role->role_name] = 1; |
---|
94 | } |
---|
95 | } |
---|
96 | } |
---|
97 | |
---|
98 | |
---|
99 | /** |
---|
100 | * Checks that this user is logged in, and presents a login screen if they aren't. |
---|
101 | * |
---|
102 | * The function can optionally confirm whether they are a member of one of a list |
---|
103 | * of roles, and deny access if they are not a member of any of them. |
---|
104 | * |
---|
105 | * @param string $roles The list of roles that the user must be a member of one of to be allowed to proceed. |
---|
106 | * @return boolean Whether or not the user is logged in and is a member of one of the required roles. |
---|
107 | */ |
---|
108 | function LoginRequired( $roles = '' ) { |
---|
109 | global $c, $session, $main_menu, $sub_menu, $tab_menu; |
---|
110 | |
---|
111 | $current_domain = (isset($_SERVER['SERVER_NAME'])?$_SERVER['SERVER_NAME']:$_SERVER['SERVER_ADDR']); |
---|
112 | if ( (isset($c->restrict_admin_domain) && $c->restrict_admin_domain != $current_domain) |
---|
113 | || (isset($c->restrict_admin_port) && $c->restrict_admin_port != $_SERVER['SERVER_PORT'] ) ) { |
---|
114 | header('Location: caldav.php'); |
---|
115 | dbg_error_log( 'LOG WARNING', 'Access to "%s" via "%s:%d" rejected.', $_SERVER['REQUEST_URI'], $current_domain, $_SERVER['SERVER_PORT'] ); |
---|
116 | exit(0); |
---|
117 | } |
---|
118 | if ( isset($c->restrict_admin_roles) && $roles == '' ) $roles = $c->restrict_admin_roles; |
---|
119 | if ( $this->logged_in && $roles == '' ) return; |
---|
120 | if ( ! $this->logged_in ) { |
---|
121 | $c->messages[] = i18n('You must log in to use this system.'); |
---|
122 | include_once('page-header.php'); |
---|
123 | if ( function_exists('local_index_not_logged_in') ) { |
---|
124 | local_index_not_logged_in(); |
---|
125 | } |
---|
126 | else { |
---|
127 | if ( $this->login_failed ) { |
---|
128 | $c->messages[] = i18n('Invalid user name or password.'); |
---|
129 | } |
---|
130 | echo '<h1>'.translate('Log On Please')."</h1>\n"; |
---|
131 | echo '<p>'.translate('For access to the') |
---|
132 | .' '.translate($c->system_name).' ' |
---|
133 | .translate('you should log on with the username and password that have been issued to you.') |
---|
134 | ."</p>\n"; |
---|
135 | echo '<p>'.translate('If you would like to request access, please e-mail').' '.$c->admin_email."</p>\n"; |
---|
136 | echo $this->RenderLoginPanel(); |
---|
137 | } |
---|
138 | } |
---|
139 | else { |
---|
140 | $valid_roles = explode(',', $roles); |
---|
141 | foreach( $valid_roles AS $k => $v ) { |
---|
142 | if ( $this->AllowedTo($v) ) return; |
---|
143 | } |
---|
144 | $c->messages[] = i18n('You are not authorised to use this function.'); |
---|
145 | include_once('page-header.php'); |
---|
146 | } |
---|
147 | |
---|
148 | include('page-footer.php'); |
---|
149 | exit; |
---|
150 | } |
---|
151 | } |
---|
152 | |
---|
153 | $session = new DAViCalSession(); |
---|
154 | $session->_CheckLogin(); |
---|
155 | |
---|