DAViCal
Loading...
Searching...
No Matches
DAViCalSession.php
1<?php
17$session = 1; // Fake initialisation
18
19// The Session object uses some (optional) configurable SQL to load
20// the records related to the logged-on user... (the where clause gets added).
21// It's very important that someone not be able to externally control this,
22// so we make it a function rather than a variable.
26function local_session_sql() {
27 $sql = <<<EOSQL
28SELECT session.*, usr.*, principal.*
29 FROM session JOIN usr USING(user_no) JOIN principal USING(user_no)
30EOSQL;
31 return $sql;
32}
33
37require('Session.php');
38include_once('DAVResource.php');
39
40
41@Session::_CheckLogout();
42
48class DAViCalSession extends Session
49{
50
51 public $principal_id;
52 private $privilege_resources = array();
53
62 function __construct( $sid='' ) {
63 $this->principal_id = null;
64 parent::__construct($sid);
65 }
66
67
72 function AssignSessionDetails( $u ) {
73 if ( !isset($u->principal_id) ) {
74 // If they don't have a principal_id set then we should re-read from our local database
75 $qry = new AwlQuery('SELECT * FROM dav_principal WHERE username = :username', array(':username' => $u->username) );
76 if ( $qry->Exec() && $qry->rows() == 1 ) {
77 $u = $qry->Fetch();
78 }
79 }
80
81 parent::AssignSessionDetails( $u );
82 $this->GetRoles();
83 if ( function_exists('awl_set_locale') && isset($this->locale) && $this->locale != '' ) {
84 awl_set_locale($this->locale);
85 }
86 }
87
88
92 function GetRoles () {
93 $this->roles = array();
94 $sql = 'SELECT role_name FROM roles JOIN role_member ON roles.role_no=role_member.role_no WHERE user_no = '.$this->user_no;
95 $qry = new AwlQuery( $sql );
96 if ( $qry->Exec('DAViCalSession') && $qry->rows() > 0 ) {
97 while( $role = $qry->Fetch() ) {
98 $this->roles[$role->role_name] = 1;
99 }
100 }
101 // inherit the Admin role
102 $sql = 'SELECT role_name FROM (((group_member JOIN dav_principal first_dav_principal ON group_member.group_id=first_dav_principal.principal_id) JOIN role_member ON first_dav_principal.user_no=role_member.user_no) JOIN roles ON roles.role_no=role_member.role_no) JOIN dav_principal second_dav_principal ON group_member.member_id=second_dav_principal.principal_id WHERE second_dav_principal.user_no = '.$this->user_no;
103 $qry = new AwlQuery( $sql );
104 if ( $qry->Exec('DAViCalSession') && $qry->rows() > 0 ) {
105 while( $role = $qry->Fetch() ) {
106 if($role->role_name=='Admin')
107 $this->roles['Admin'] = 1;
108 }
109 }
110 }
111
112
120 function HavePrivilegeTo( $do_what, $path, $any = null ) {
121 if ( $this->AllowedTo('Admin') ) return true;
122 if ( !isset($this->privilege_resources[$path]) ) {
123 $this->privilege_resources[$path] = new DAVResource($path);
124 }
125 $resource = $this->privilege_resources[$path];
126 if ( isset($resource) && $resource->Exists() ) {
127 return $resource->HavePrivilegeTo($do_what,$any);
128 }
129 return false;
130 }
131
132
138 function RenderLoginPanel() {
139 global $c;
140 $action_target = htmlspecialchars(preg_replace('/\?logout.*$/','',$_SERVER['REQUEST_URI']));
141 dbg_error_log( "Login", " RenderLoginPanel: action_target='%s'", $action_target );
142 $userprompt = translate("User Name");
143 $pwprompt = translate("Password");
144 $gobutton = htmlspecialchars(translate("GO!"));
145 $gotitle = htmlspecialchars(translate("Enter your username and password then click here to log in."));
146 $temppwprompt = translate("If you have forgotten your password then");
147 $temppwbutton = htmlspecialchars(translate("Help! I've forgotten my password!"));
148 if (isset($c->password_change_override) ) {
149 $temppw_html = '<a href="' . $c->password_change_override['href'] . '">' . $c->password_change_override['label'] . '</a>';
150 } else {
151 $temppwtitle = htmlspecialchars(translate("Enter a username, if you know it, and click here, to be e-mailed a temporary password."));
152 $temppw_html = '<input type="submit" value="' . $temppwbutton . '" title="' . $temppwtitle . '" name="lostpass" class="submit" />';
153 }
154 $html = <<<EOTEXT
155<div id="logon">
156<form action="$action_target" method="post">
157<table>
158<tr>
159<th class="prompt">$userprompt:</th>
160<td class="entry">
161<input class="text" type="text" name="username" size="12" /></td>
162</tr>
163<tr>
164<th class="prompt">$pwprompt:</th>
165<td class="entry">
166<input class="password" type="password" name="password" size="12" />
167</td>
168</tr>
169<tr>
170<th class="prompt">&nbsp;</th>
171<td class="entry">
172<input type="submit" value="$gobutton" title="$gotitle" name="submit" class="submit" />
173</td>
174</tr>
175</table>
176<p>
177$temppwprompt: $temppw_html
178</p>
179</form>
180</div>
181
182EOTEXT;
183 return $html;
184 }
185
186
196 function LoginRequired( $roles = '' ) {
197 global $c, $session, $main_menu, $sub_menu, $tab_menu;
198
199 $current_domain = (isset($_SERVER['SERVER_NAME'])?$_SERVER['SERVER_NAME']:$_SERVER['SERVER_ADDR']);
200 if ( (isset($c->restrict_admin_domain) && $c->restrict_admin_domain != $current_domain)
201 || (isset($c->restrict_admin_port) && $c->restrict_admin_port != $_SERVER['SERVER_PORT'] ) ) {
202 header('Location: caldav.php');
203 dbg_error_log( 'LOG WARNING', 'Access to "%s" via "%s:%d" rejected.', $_SERVER['REQUEST_URI'], $current_domain, $_SERVER['SERVER_PORT'] );
204 @ob_flush(); exit(0);
205 }
206 if ( isset($c->restrict_admin_roles) && $roles == '' ) $roles = $c->restrict_admin_roles;
207 if ( $this->logged_in && $roles == '' ) return;
208
212 if ( isset($_SERVER['PHP_AUTH_USER']) && !$this->logged_in && $_SERVER['PHP_AUTH_USER'] != "" && $_SERVER['PHP_AUTH_PW'] != "" && ! $_COOKIE['NoAutoLogin'] ) {
213 if ( $this->Login($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW'],false)) {
214 setcookie('NoAutoLogin',1,0);
215 return;
216 }
217 }
218 if ( ! $this->logged_in ) {
219 $c->messages[] = i18n('You must log in to use this system.');
220 include_once('page-header.php');
221 if ( function_exists('local_index_not_logged_in') ) {
222 local_index_not_logged_in();
223 }
224 else {
225 if ( $this->login_failed ) {
226 $c->messages[] = i18n('Invalid user name or password.');
227 }
228 echo '<h1>'.translate('Log On Please')."</h1>\n";
229 echo '<p>'.translate('For access to the')
230 .' '.translate($c->system_name).' '
231 .translate('you should log on with the username and password that have been issued to you.')
232 ."</p>\n";
233 echo '<p>'.translate('If you would like to request access, please e-mail').' '.$c->admin_email."</p>\n";
234 echo $this->RenderLoginPanel();
235 }
236 }
237 else {
238 $valid_roles = explode(',', $roles);
239 foreach( $valid_roles AS $k => $v ) {
240 if ( $this->AllowedTo($v) ) return;
241 }
242 $c->messages[] = i18n('You are not authorised to use this function.');
243 include_once('page-header.php');
244 }
245
246 include('page-footer.php');
247 @ob_flush(); exit(0);
248 }
249}
250
251$session = new DAViCalSession();
252$session->_CheckLogin();
253
__construct( $sid='')
LoginRequired( $roles='')
HavePrivilegeTo( $do_what, $path, $any=null)