3 * DAViCal extensions to AWL Session handling
6 * @subpackage DAViCalSession
7 * @author Andrew McMillan <andrew@mcmillan.net.nz>
8 * @copyright Catalyst .Net Ltd, Morphoss Ltd <http://www.morphoss.com/>
9 * @license http://gnu.org/copyleft/gpl.html GNU GPL v2
13 * @global resource $session
15 * The session object is global.
17 $session = 1; // Fake initialisation
19 // The Session object uses some (optional) configurable SQL to load
20 // the records related to the logged-on user... (the where clause gets added).
21 // It's very important that someone not be able to externally control this,
22 // so we make it a function rather than a variable.
24 * @todo Make this a defined constant
26 function local_session_sql() {
28 SELECT session.*, usr.*, principal.*
29 FROM session JOIN usr USING(user_no) JOIN principal USING(user_no)
35 * We extend the AWL Session class.
37 require('Session.php');
40 @Session
::_CheckLogout();
43 * A class for creating and holding session information.
47 class DAViCalSession
extends Session
51 * Create a new DAViCalSession object.
53 * We create a Session and extend it with some additional useful DAViCal
54 * related information.
56 * @param string $sid A session identifier.
58 function __construct( $sid='' ) {
64 * Internal function used to assign the session details to a user's new session.
65 * @param object $u The user+session object we (probably) read from the database.
67 function AssignSessionDetails( $u ) {
68 if ( !isset($u->principal_id
) ) {
69 // If they don't have a principal_id set then we should re-read from our local database
70 $qry = new AwlQuery('SELECT * FROM dav_principal WHERE username = :username', array(':username' => $u->username
) );
71 if ( $qry->Exec() && $qry->rows() == 1 ) {
76 parent
::AssignSessionDetails( $u );
78 if ( function_exists('awl_set_locale') && isset($this->locale
) && $this->locale
!= '' ) {
79 awl_set_locale($this->locale
);
85 * Method used to get the user's roles
87 function GetRoles () {
88 $this->roles
= array();
89 $sql = 'SELECT role_name FROM roles JOIN role_member ON roles.role_no=role_member.role_no WHERE user_no = '.$this->user_no
;
90 $qry = new AwlQuery( $sql );
91 if ( $qry->Exec('DAViCalSession') && $qry->rows() > 0 ) {
92 while( $role = $qry->Fetch() ) {
93 $this->roles
[$role->role_name
] = 1;
100 * Checks that this user is logged in, and presents a login screen if they aren't.
102 * The function can optionally confirm whether they are a member of one of a list
103 * of roles, and deny access if they are not a member of any of them.
105 * @param string $roles The list of roles that the user must be a member of one of to be allowed to proceed.
106 * @return boolean Whether or not the user is logged in and is a member of one of the required roles.
108 function LoginRequired( $roles = '' ) {
109 global $c, $session, $main_menu, $sub_menu, $tab_menu;
111 $current_domain = (isset($_SERVER['SERVER_NAME'])?
$_SERVER['SERVER_NAME']:$_SERVER['SERVER_ADDR']);
112 if ( (isset($c->restrict_admin_domain
) && $c->restrict_admin_domain
!= $current_domain)
113 ||
(isset($c->restrict_admin_port
) && $c->restrict_admin_port
!= $_SERVER['SERVER_PORT'] ) ) {
114 header('Location: caldav.php');
115 dbg_error_log( 'LOG WARNING', 'Access to "%s" via "%s:%d" rejected.', $_SERVER['REQUEST_URI'], $current_domain, $_SERVER['SERVER_PORT'] );
116 @ob_flush
(); exit(0);
118 if ( isset($c->restrict_admin_roles
) && $roles == '' ) $roles = $c->restrict_admin_roles
;
119 if ( $this->logged_in
&& $roles == '' ) return;
122 * We allow basic auth to apply also, if present, though we check everything else first...
124 if ( isset($_SERVER['PHP_AUTH_USER']) && !$this->logged_in
&& $_SERVER['PHP_AUTH_USER'] != "" && $_SERVER['PHP_AUTH_PW'] != "" && ! $_COOKIE['NoAutoLogin'] ) {
125 if ( $this->Login($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW'],true)) {
126 setcookie('NoAutoLogin',1,0);
130 if ( ! $this->logged_in
) {
131 $c->messages
[] = i18n('You must log in to use this system.');
132 include_once('page-header.php');
133 if ( function_exists('local_index_not_logged_in') ) {
134 local_index_not_logged_in();
137 if ( $this->login_failed
) {
138 $c->messages
[] = i18n('Invalid user name or password.');
140 echo '<h1>'.translate('Log On Please')."</h1>\n";
141 echo '<p>'.translate('For access to the')
142 .' '.translate($c->system_name
).' '
143 .translate('you should log on with the username and password that have been issued to you.')
145 echo '<p>'.translate('If you would like to request access, please e-mail').' '.$c->admin_email
."</p>\n";
146 echo $this->RenderLoginPanel();
150 $valid_roles = explode(',', $roles);
151 foreach( $valid_roles AS $k => $v ) {
152 if ( $this->AllowedTo($v) ) return;
154 $c->messages
[] = i18n('You are not authorised to use this function.');
155 include_once('page-header.php');
158 include('page-footer.php');
159 @ob_flush
(); exit(0);
163 $session = new DAViCalSession();
164 $session->_CheckLogin();