hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-09 11:03:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
47d2c433cd88525f02d5f08b04887cfcd7d23dd5
Phraseanet/lib/classes/gatekeeper.class.php
Nicolas Le Goff 631c48804c change redirect access_user from index.php to /
2012-02-03 16:14:33 +01:00

329 lines
6.8 KiB
PHP
Raw Blame History

<?php
/*
* This file is part of Phraseanet
*
* (c) 2005-2010 Alchemy
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
/**
*
*
* @license http://opensource.org/licenses/gpl-3.0 GPLv3
* @link www.phraseanet.com
*/
class gatekeeper
{
/**
*
* @var string
*/
protected $_directory;
/**
*
* @var string
*/
protected $_script_name;
/**
*
* @var string
*/
protected $_PHP_SELF;
/**
*
* @var gatekeeper
*/
protected static $_instance;
/**
*
* @return gatekeeper
*/
public static function getInstance()
{
if (!(self::$_instance instanceof self))
self::$_instance = new self();
return self::$_instance;
}
/**
*
* @return gatekeeper
*/
function __construct()
{
return $this;
}
/**
* Check the current sub_directory on the domain name
* Redirect if access is denied
*
* @return Void
*/
function check_directory()
{
$request = http_request::getInstance();
$appbox = appbox::get_instance();
$session = $appbox->get_session();
if (http_request::is_command_line())
return;
if (isset($_SERVER['PHP_SELF']) && trim($_SERVER['PHP_SELF']))
{
$this->_PHP_SELF = $_SERVER['PHP_SELF'];
$php_script = explode('/', $_SERVER['PHP_SELF']);
if (trim($php_script[0]) == 0)
array_shift($php_script);
if (count($php_script) > 1)
$this->_directory = $php_script[0];
else
$this->_directory = '';
$this->_script_name = array_pop($php_script);
}
if (!$session->is_authenticated())
{
try
{
$cookie = Session_Handler::get_cookie('persistent');
$auth = new Session_Authentication_PersistentCookie($appbox, $cookie);
$session->restore($auth->get_user(), $auth->get_ses_id());
}
catch (Exception $e)
{
}
}
if (!$session->is_authenticated())
{
switch ($this->_directory)
{
case 'prod':
case 'client':
$this->give_guest_access();
phrasea::redirect('/login/?redirect=' . $_SERVER['REQUEST_URI']);
break;
case 'thesaurus2':
if ($this->_PHP_SELF == '/thesaurus2/xmlhttp/getterm.x.php'
|| $this->_PHP_SELF == '/thesaurus2/xmlhttp/searchcandidate.x.php'
|| $this->_PHP_SELF == '/thesaurus2/xmlhttp/getsy.x.php')
return;
phrasea::redirect('/login/?redirect=/thesaurus2');
break;
case 'report':
phrasea::redirect('/login/?redirect=' . $_SERVER['REQUEST_URI']);
break;
case 'admin':
if ($this->_script_name === 'runscheduler.php')
return;
phrasea::redirect('/login/?redirect=' . $_SERVER['REQUEST_URI']);
break;
case 'login':
if ($appbox->need_major_upgrade())
{
phrasea::redirect("/setup/");
}
return;
break;
case 'api':
return;
break;
case 'include':
case '':
return;
case 'setup':
if ($appbox->upgradeavailable())
return;
else
phrasea::redirect('/login/');
break;
default:
phrasea::redirect('/login/');
break;
case 'lightbox':
$this->token_access();
if (!$session->is_authenticated())
{
phrasea::redirect('/login/?redirect=' . $_SERVER['REQUEST_URI']);
}
break;
}
}
elseif ($_SERVER['PHP_SELF'] === '/login/logout.php')
{
return;
}
try
{
$session->open_phrasea_session();
}
catch (Exception $e)
{
phrasea::redirect('/login/logout.php?app=' . $this->_directory);
}
$user = User_Adapter::getInstance($session->get_usr_id(), $appbox);
switch ($this->_directory)
{
case 'admin':
case 'taskmanager':
if (!$user->ACL()->has_access_to_module('admin'))
{
phrasea::headers(403);
}
break;
case 'thesaurus2':
if (!$user->ACL()->has_access_to_module('thesaurus'))
{
phrasea::headers(403);
}
break;
case 'client':
case 'prod':
case 'lightbox':
$this->token_access();
break;
case 'upload':
if (!$user->ACL()->has_right('addrecord'))
{
phrasea::headers(403);
}
break;
case 'report':
if (!$user->ACL()->has_right('report'))
{
phrasea::headers(403);
}
break;
default:
break;
}
return;
}
/**
* Redirect to the correct guest location
*
* @return gatekeeper
*/
protected function give_guest_access()
{
$appbox = appbox::get_instance();
$request = http_request::getInstance();
$session = $appbox->get_session();
$parm = $request->get_parms('nolog', 'redirect');
if (!is_null($parm['nolog']) && phrasea::guest_allowed())
{
try
{
$auth = new Session_Authentication_Guest($appbox);
$session->authenticate($auth);
}
catch (Exception $e)
{
$url = '/login/?redirect=' . $parm['redirect']
. '&error=' . urlencode($e->getMessage());
phrasea::redirect($url);
}
phrasea::redirect('/' . $this->_directory . '/');
}
return $this;
}
/**
* If token is present in URL, sign on and redirect
*
* @return gatekeeper
*/
protected function token_access()
{
$appbox = appbox::get_instance();
$request = new http_request();
$session = $appbox->get_session();
$parm = $request->get_parms('LOG');
if (is_null($parm["LOG"]))
return $this;
try
{
if ($session->is_authenticated())
$session->logout();
$auth = new Session_Authentication_Token($appbox, $parm['LOG']);
$session->authenticate($auth);
}
catch (Exception $e)
{
return phrasea::redirect("/login/?error=" . urlencode($e->getMessage()));
}
try
{
$datas = random::helloToken($parm['LOG']);
return phrasea::redirect("/lightbox/validate/" . $datas['datas'] . "/");
}
catch (Exception_NotFound $e)
{
}
return $this;
}
/**
* Checks if session is open
* Redirect if session is missing
*
* @return Void
*/
public function require_session()
{
$appbox = appbox::get_instance();
$session = $appbox->get_session();
if ($session->is_authenticated())
{
try
{
$session->open_phrasea_session();
}
catch (Exception $e)
{
phrasea::redirect('/login/logout.php');
}
return true;
}
phrasea::headers(403);
return;
}
}
Reference in New Issue View Git Blame Copy Permalink