Overview

Packages

  • awl
    • caldav-client-v2
    • RRule
  • davical
    • authentication
      • drivers
    • caldav
    • DAViCalSession
    • DAVTicket
    • external-bind
    • feed
    • HTTPAuthSession
    • iSchedule
    • iSchedule-POST
    • logging
    • metrics
    • Principal
    • propfind
    • PublicSession
    • Request
    • Resource
    • tzservice
  • None
  • PHP

Classes

  • DAViCalSession
  • Tools

Functions

  • local_session_sql
  • Overview
  • Package
  • Function
  • Tree
  • Deprecated
  • Todo
  1: <?php
  2: /**
  3: * DAViCal extensions to AWL Session handling
  4: *
  5: * @package   davical
  6: * @subpackage   DAViCalSession
  7: * @author Andrew McMillan <andrew@mcmillan.net.nz>
  8: * @copyright Catalyst .Net Ltd, Morphoss Ltd <http://www.morphoss.com/>
  9: * @license   http://gnu.org/copyleft/gpl.html GNU GPL v2
 10: */
 11: 
 12: /**
 13: * @global resource $session
 14: * @name $session
 15: * The session object is global.
 16: */
 17: $session = 1;  // Fake initialisation
 18: 
 19: // The Session object uses some (optional) configurable SQL to load
 20: // the records related to the logged-on user...  (the where clause gets added).
 21: // It's very important that someone not be able to externally control this,
 22: // so we make it a function rather than a variable.
 23: /**
 24: * @todo Make this a defined constant
 25: */
 26: function local_session_sql() {
 27:   $sql = <<<EOSQL
 28: SELECT session.*, usr.*, principal.*
 29:         FROM session JOIN usr USING(user_no) JOIN principal USING(user_no)
 30: EOSQL;
 31:   return $sql;
 32: }
 33: 
 34: /**
 35: * We extend the AWL Session class.
 36: */
 37: require('Session.php');
 38: include_once('DAVResource.php');
 39: 
 40: 
 41: @Session::_CheckLogout();
 42: 
 43: /**
 44: * A class for creating and holding session information.
 45: *
 46: * @package   davical
 47: */
 48: class DAViCalSession extends Session
 49: {
 50: 
 51:   public $principal_id;
 52:   private $privilege_resources = array();
 53: 
 54:   /**
 55:   * Create a new DAViCalSession object.
 56:   *
 57:   * We create a Session and extend it with some additional useful DAViCal
 58:   * related information.
 59:   *
 60:   * @param string $sid A session identifier.
 61:   */
 62:   function __construct( $sid='' ) {
 63:     $this->principal_id = null;
 64:     $this->Session($sid);
 65:   }
 66: 
 67: 
 68:   /**
 69:   * Internal function used to assign the session details to a user's new session.
 70:   * @param object $u The user+session object we (probably) read from the database.
 71:   */
 72:   function AssignSessionDetails( $u ) {
 73:     if ( !isset($u->principal_id) ) {
 74:       // If they don't have a principal_id set then we should re-read from our local database
 75:       $qry = new AwlQuery('SELECT * FROM dav_principal WHERE username = :username', array(':username' => $u->username) );
 76:       if ( $qry->Exec() && $qry->rows() == 1 ) {
 77:         $u = $qry->Fetch();
 78:       }
 79:     }
 80: 
 81:     parent::AssignSessionDetails( $u );
 82:     $this->GetRoles();
 83:     if ( function_exists('awl_set_locale') && isset($this->locale) && $this->locale != '' ) {
 84:       awl_set_locale($this->locale);
 85:     }
 86:   }
 87: 
 88: 
 89:   /**
 90:   * Method used to get the user's roles
 91:   */
 92:   function GetRoles () {
 93:     $this->roles = array();
 94:     $sql = 'SELECT role_name FROM roles JOIN role_member ON roles.role_no=role_member.role_no WHERE user_no = '.$this->user_no;
 95:     $qry = new AwlQuery( $sql );
 96:     if ( $qry->Exec('DAViCalSession') && $qry->rows() > 0 ) {
 97:       while( $role = $qry->Fetch() ) {
 98:         $this->roles[$role->role_name] = 1;
 99:       }
100:     }
101:   }
102: 
103: 
104:   /**
105:    * Does the user have the privileges to do what is requested.
106:    * @param $do_what mixed The request privilege name, or array of privilege names, to be checked.
107:    * @param $path string The path we want that permission for
108:    * @param $any boolean Whether we accept any of the privileges. The default is true, unless the requested privilege is 'all', when it is false.
109:    * @return boolean Whether they do have one of those privileges against the specified path.
110:    */
111:   function HavePrivilegeTo( $do_what, $path, $any = null ) {
112:     if ( $this->AllowedTo('Admin') ) return true;
113:     if ( !isset($this->privilege_resources[$path]) ) {
114:       $this->privilege_resources[$path] = new DAVResource($path);
115:     }
116:     $resource = $this->privilege_resources[$path];
117:     if ( isset($resource) && $resource->Exists() ) {
118:       return $resource->HavePrivilegeTo($do_what,$any);
119:     }
120:     return false;
121:   }
122: 
123: 
124: 
125:   /**
126:   * Checks that this user is logged in, and presents a login screen if they aren't.
127:   *
128:   * The function can optionally confirm whether they are a member of one of a list
129:   * of roles, and deny access if they are not a member of any of them.
130:   *
131:   * @param string $roles The list of roles that the user must be a member of one of to be allowed to proceed.
132:   * @return boolean Whether or not the user is logged in and is a member of one of the required roles.
133:   */
134:   function LoginRequired( $roles = '' ) {
135:     global $c, $session, $main_menu, $sub_menu, $tab_menu;
136: 
137:     $current_domain = (isset($_SERVER['SERVER_NAME'])?$_SERVER['SERVER_NAME']:$_SERVER['SERVER_ADDR']);
138:     if ( (isset($c->restrict_admin_domain) && $c->restrict_admin_domain != $current_domain)
139:       || (isset($c->restrict_admin_port) && $c->restrict_admin_port != $_SERVER['SERVER_PORT'] ) ) {
140:       header('Location: caldav.php');
141:       dbg_error_log( 'LOG WARNING', 'Access to "%s" via "%s:%d" rejected.', $_SERVER['REQUEST_URI'], $current_domain, $_SERVER['SERVER_PORT'] );
142:       @ob_flush(); exit(0);
143:     }
144:     if ( isset($c->restrict_admin_roles) && $roles == '' ) $roles = $c->restrict_admin_roles;
145:     if ( $this->logged_in && $roles == '' ) return;
146: 
147:     /**
148:      * We allow basic auth to apply also, if present, though we check everything else first...
149:      */
150:     if ( isset($_SERVER['PHP_AUTH_USER']) && !$this->logged_in && $_SERVER['PHP_AUTH_USER'] != "" && $_SERVER['PHP_AUTH_PW'] != "" && ! $_COOKIE['NoAutoLogin'] ) {
151:       if ( $this->Login($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW'],false)) {
152:         setcookie('NoAutoLogin',1,0);
153:         return;
154:       }
155:     }
156:     if ( ! $this->logged_in ) {
157:       $c->messages[] = i18n('You must log in to use this system.');
158:       include_once('page-header.php');
159:       if ( function_exists('local_index_not_logged_in') ) {
160:         local_index_not_logged_in();
161:       }
162:       else {
163:         if ( $this->login_failed ) {
164:           $c->messages[] = i18n('Invalid user name or password.');
165:         }
166:         echo '<h1>'.translate('Log On Please')."</h1>\n";
167:         echo '<p>'.translate('For access to the')
168:                   .' '.translate($c->system_name).' '
169:                   .translate('you should log on with the username and password that have been issued to you.')
170:             ."</p>\n";
171:         echo '<p>'.translate('If you would like to request access, please e-mail').' '.$c->admin_email."</p>\n";
172:         echo $this->RenderLoginPanel();
173:       }
174:     }
175:     else {
176:       $valid_roles = explode(',', $roles);
177:       foreach( $valid_roles AS $k => $v ) {
178:         if ( $this->AllowedTo($v) ) return;
179:       }
180:       $c->messages[] = i18n('You are not authorised to use this function.');
181:       include_once('page-header.php');
182:     }
183: 
184:     include('page-footer.php');
185:     @ob_flush(); exit(0);
186:   }
187: }
188: 
189: $session = new DAViCalSession();
190: $session->_CheckLogin();
191: 
192: 
DAViCal API documentation generated by ApiGen 2.8.0