DAViCal
DAViCalSession.php
1 <?php
17 $session = 1; // Fake initialisation
18 
19 // The Session object uses some (optional) configurable SQL to load
20 // the records related to the logged-on user... (the where clause gets added).
21 // It's very important that someone not be able to externally control this,
22 // so we make it a function rather than a variable.
26 function local_session_sql() {
27  $sql = <<<EOSQL
28 SELECT session.*, usr.*, principal.*
29  FROM session JOIN usr USING(user_no) JOIN principal USING(user_no)
30 EOSQL;
31  return $sql;
32 }
33 
37 require('Session.php');
38 include_once('DAVResource.php');
39 
40 
41 @Session::_CheckLogout();
42 
48 class DAViCalSession extends Session
49 {
50 
51  public $principal_id;
52  private $privilege_resources = array();
53 
62  function __construct( $sid='' ) {
63  $this->principal_id = null;
64  parent::__construct($sid);
65  }
66 
67 
72  function AssignSessionDetails( $u ) {
73  if ( !isset($u->principal_id) ) {
74  // If they don't have a principal_id set then we should re-read from our local database
75  $qry = new AwlQuery('SELECT * FROM dav_principal WHERE username = :username', array(':username' => $u->username) );
76  if ( $qry->Exec() && $qry->rows() == 1 ) {
77  $u = $qry->Fetch();
78  }
79  }
80 
81  parent::AssignSessionDetails( $u );
82  $this->GetRoles();
83  if ( function_exists('awl_set_locale') && isset($this->locale) && $this->locale != '' ) {
84  awl_set_locale($this->locale);
85  }
86  }
87 
88 
92  function GetRoles () {
93  $this->roles = array();
94  $sql = 'SELECT role_name FROM roles JOIN role_member ON roles.role_no=role_member.role_no WHERE user_no = '.$this->user_no;
95  $qry = new AwlQuery( $sql );
96  if ( $qry->Exec('DAViCalSession') && $qry->rows() > 0 ) {
97  while( $role = $qry->Fetch() ) {
98  $this->roles[$role->role_name] = 1;
99  }
100  }
101  // inherit the Admin role
102  $sql = 'SELECT role_name FROM (((group_member JOIN dav_principal first_dav_principal ON group_member.group_id=first_dav_principal.principal_id) JOIN role_member ON first_dav_principal.user_no=role_member.user_no) JOIN roles ON roles.role_no=role_member.role_no) JOIN dav_principal second_dav_principal ON group_member.member_id=second_dav_principal.principal_id WHERE second_dav_principal.user_no = '.$this->user_no;
103  $qry = new AwlQuery( $sql );
104  if ( $qry->Exec('DAViCalSession') && $qry->rows() > 0 ) {
105  while( $role = $qry->Fetch() ) {
106  if($role->role_name=='Admin')
107  $this->roles['Admin'] = 1;
108  }
109  }
110  }
111 
112 
120  function HavePrivilegeTo( $do_what, $path, $any = null ) {
121  if ( $this->AllowedTo('Admin') ) return true;
122  if ( !isset($this->privilege_resources[$path]) ) {
123  $this->privilege_resources[$path] = new DAVResource($path);
124  }
125  $resource = $this->privilege_resources[$path];
126  if ( isset($resource) && $resource->Exists() ) {
127  return $resource->HavePrivilegeTo($do_what,$any);
128  }
129  return false;
130  }
131 
132 
133 
143  function LoginRequired( $roles = '' ) {
144  global $c, $session, $main_menu, $sub_menu, $tab_menu;
145 
146  $current_domain = (isset($_SERVER['SERVER_NAME'])?$_SERVER['SERVER_NAME']:$_SERVER['SERVER_ADDR']);
147  if ( (isset($c->restrict_admin_domain) && $c->restrict_admin_domain != $current_domain)
148  || (isset($c->restrict_admin_port) && $c->restrict_admin_port != $_SERVER['SERVER_PORT'] ) ) {
149  header('Location: caldav.php');
150  dbg_error_log( 'LOG WARNING', 'Access to "%s" via "%s:%d" rejected.', $_SERVER['REQUEST_URI'], $current_domain, $_SERVER['SERVER_PORT'] );
151  @ob_flush(); exit(0);
152  }
153  if ( isset($c->restrict_admin_roles) && $roles == '' ) $roles = $c->restrict_admin_roles;
154  if ( $this->logged_in && $roles == '' ) return;
155 
159  if ( isset($_SERVER['PHP_AUTH_USER']) && !$this->logged_in && $_SERVER['PHP_AUTH_USER'] != "" && $_SERVER['PHP_AUTH_PW'] != "" && ! $_COOKIE['NoAutoLogin'] ) {
160  if ( $this->Login($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW'],false)) {
161  setcookie('NoAutoLogin',1,0);
162  return;
163  }
164  }
165  if ( ! $this->logged_in ) {
166  $c->messages[] = i18n('You must log in to use this system.');
167  include_once('page-header.php');
168  if ( function_exists('local_index_not_logged_in') ) {
169  local_index_not_logged_in();
170  }
171  else {
172  if ( $this->login_failed ) {
173  $c->messages[] = i18n('Invalid user name or password.');
174  }
175  echo '<h1>'.translate('Log On Please')."</h1>\n";
176  echo '<p>'.translate('For access to the')
177  .' '.translate($c->system_name).' '
178  .translate('you should log on with the username and password that have been issued to you.')
179  ."</p>\n";
180  echo '<p>'.translate('If you would like to request access, please e-mail').' '.$c->admin_email."</p>\n";
181  echo $this->RenderLoginPanel();
182  }
183  }
184  else {
185  $valid_roles = explode(',', $roles);
186  foreach( $valid_roles AS $k => $v ) {
187  if ( $this->AllowedTo($v) ) return;
188  }
189  $c->messages[] = i18n('You are not authorised to use this function.');
190  include_once('page-header.php');
191  }
192 
193  include('page-footer.php');
194  @ob_flush(); exit(0);
195  }
196 }
197 
198 $session = new DAViCalSession();
199 $session->_CheckLogin();
200 
__construct( $sid='')
LoginRequired( $roles='')
HavePrivilegeTo( $do_what, $path, $any=null)