About
News
Downloads
Manual
Support
Examples
Releases
Community
Contact
Blog
Sources for file plugins/class/access.php in version 2.0
Click on a comment to hide it. Click here to show all comments.
<?PHP
/*
* Project: Onyx: PHP Application Backend
* File: plugins/class/access.php
* Access Control functions
*
* Version: 2.0
* CVS tag: $Id: access.php,v 1.23 2003/05/31 08:29:39 bok Exp $
* Author: Robert Amos <bok[at]ausmac.net>
* Andrew Wellington <proton[at]wiretapped.net>
* Copyright: 2001,2002,2003 odynia.org.
*/
class access_plugin {
/**
* Method: sess_check
* Description: Check for a valid session and access.
* Arguments: none
* Returns: true/false
**/
function sess_check () {
global $onyx_parent;
// if we dont have a location yet we better set one
if ($onyx_parent->set_location)
$_SESSION['location'] = $this->location();
// if we're logged in, do auth stuff
if (!empty($_SESSION['auth']['user']))
{
// there really isnt much to do in here
// check that we havent expired
if ($_SESSION['auth']['expiry'] !== 0)
{
if (time() > $_SESSION['auth']['expiry'])
{
$time = time() - $_SESSION['auth']['expiry'];
$errmsg = "Session time expired ($time seconds). Logging out user (" . $this->user() . ")";
$onyx_parent->trigger_error($errmsg, NOTICE);
$this->logout ();
} else {
// update session times
$_SESSION['auth']["expiry"] = time() + $onyx_parent->session_lifetime;
}
}
// check their subnet is the same
if ($_SESSION['auth']['subnet'] != $this->subnet())
{
$errmsg = "Session moved subnet (" . $_SESSION['auth']['subnet'] . " => " . $this->subnet() .
"). Logging out user (" . $this->user() . ")";
$onyx_parent->trigger_error($errmsg, NOTICE);
$this->logout();
}
// check browser is the same
if ($_SESSION['auth']['browser'] != $_SERVER['HTTP_USER_AGENT'])
{
$errmsg = "User changed browsers (" . $_SESSION['auth']['browser'] . " => " .
$_SERVER['HTTP_USER_AGENT'] . "). Logging out user (" . $this->user() . ")";
$onyx_parent->trigger_error($errmsg, NOTICE);
$this->logout();
}
}
// check location of page
if (isset($onyx_parent->page['location']) && $onyx_parent->set_location)
if ($onyx_parent->page['location'] != $_SESSION['location'])
{
$errmsg = "User (".$this->user().") not allowed to view session, not in correct location.
(Currently: ".$_SESSION['location'].", required: ".$onyx_parent->page['location'].")";
$onyx_parent->trigger_error($errmsg, NOTICE);
header("Location: $onyx_parent->location_redirect_url");
exit;
}
// access checking is the only thing left i guess
// if theres no access level specified, just let them through
if (empty($onyx_parent->page['acl']) && !empty($onyx_parent->page['access']))
$onyx_parent->page['acl'] = $onyx_parent->page['access'];
// use the overall one if we have one
if (empty($onyx_parent->page['acl']) && !empty($onyx_parent->access))
$onyx_parent->page['acl'] = $onyx_parent->access;
if (!empty($onyx_parent->page['acl']) && !$this->check($onyx_parent->page['acl']))
{
// tailor error messages to cater for logged in status
if (!$this->user())
$errmsg = "Unauthenticated user";
else
$errmsg = "User (".$this->user().")";
$errmsg .= " attempted to access page requiring the following access:
".$onyx_parent->page['acl'];
// trigger the error
$onyx_parent->trigger_error($errmsg, NOTICE);
return false;
}
// we're all done i guess
return true;
}
/**
* Method: logout
* Description: Logout the current user
* Arguments: none
* Returns: true
**/
function logout () {
// first destroy their user data
session_unregister('auth');
// reset location
if ($GLOBAL['onyx_parent']->set_location) $_SESSION['location'] = $this->location ();
}
/**
* Method: check
* Description: Check whether a user is logged in or not
* Arguments: mixed - array of groups or comma delimited list
* Returns: true/false
**/
function check ($groups=NULL) {
// no groups? bleh, guess they can go in
if (is_null($groups) || empty($groups))
return true;
// a string? split it into the array
if (!is_array($groups))
$groups = explode(",", preg_replace('/\s/', '', $groups));
// If not allowed to be logged in
if (in_array('none', $groups))
if ($this->user())
return false;
else
return true;
// guess we have to be logged in then hey
if (!$this->user())
return false;
// required to be logged in, and they are
if (in_array('required', $groups) || in_array('all', $groups))
return true;
// current location in the list?
if (in_array($_SESSION['location'], $groups))
return true;
// ok, cycle the list
foreach ($groups as $group) {
// if its their username, fire away
if (strtoupper($group) == strtoupper($_SESSION['auth']['user']))
return true;
if (is_array($_SESSION['auth']['groups']))
{
// make the group into a regexp
$group = preg_replace("/\*/", ".*?", $group);
$group = preg_replace("/([\@\(\)\|\[\]])/", "\\\\\\1",
$group);
// see if our regexp matches a current group
foreach ($_SESSION['auth']['groups'] as $var)
if (preg_match("/$group/i", $var))
return true;
}
}
// guess they arent allowed in hey
return false;
}
/**
* Method: location
* Description: Determine the users location
* Arguments: none
* Returns: their location
**/
function location () {
global $onyx_parent;
// check to see if we have any location properties
if (!is_array($onyx_parent->locations)) {
return 'default';
}
// loop through each location
foreach ($onyx_parent->locations as $key => $var)
{
// if its not an array we cant do shit
if (!is_array($var['vars']))
continue;
// check for any specified variables
foreach ($var['vars'] as $k => $v)
{
if (isset($_GET[$k]))
{
global $input;
if ($input->text($_GET[$k]) == $v)
return $key;
}
}
}
// loop through each location, doing $_REQUEST this time
foreach ($onyx_parent->locations as $key => $var)
{
// if its not an array we cant do shit
if (!is_array($var['vars']))
continue;
// check for any specified variables
foreach ($var['vars'] as $k => $v)
{
if (isset($_REQUEST[$k]))
{
global $input;
if ($input->text($_REQUEST[$k]) == $v)
return $key;
}
}
} // again, this time doing subnets
foreach ($onyx_parent->locations as $key => $var)
{
if (!is_array($var['subnets']))
continue;
foreach ($var['subnets'] as $v)
{
if ($this->subnet(NULL, $v))
{
// set session cookies if we have any
if (is_array($var['setcookie']))
{
foreach ($var['setcookie'] as $k => $v)
{
setcookie($k, $v, time() + 30900150);
}
}
return $key;
}
}
}
// guess not
if (!empty($onyx_parent->locations['default'])) {
return $onyx_parent->locations['default'];
}
return 'default';
}
/**
* Method: subnet
* Description: Create a Class C subnet for the given IP (xxx.xxx.xxx.0/24)
* Arguments: string - IP Address
* Returns: subnet mask
**/
function subnet ($ip=NULL, $subnet=NULL) {
// assign defaults
if (is_null($ip))
$ip = $_SERVER['REMOTE_ADDR'];
// default to REMOTE_ADDR
if (!is_null($subnet))
{
$explodeip = explode('.', $ip);
$subnetip = explode('.', substr($subnet, 0, strpos($subnet, '/')));
$subnetmask = substr($subnet, strpos($subnet, '/') + 1);
if ($subnetmask == 32)
{
if (substr($subnet, 0, strpos($subnet, '/')) == $ip)
{
return true;
} else {
return false;
}
} elseif ($subnetmask < 32 && $subnetmask >= 24)
{
$start = $subnetip[3];
$check = 32;
$top = 254;
$checkip = $explodeip[3];
} elseif ($subnetmask < 24 && $subnetmask >= 16)
{
$start = $subnetip[2];
$check = 24;
$top = 255;
$checkip = $explodeip[2];
} elseif ($subnetmask < 16 && $subnetmask >= 8)
{
$start = $subnetip[1];
$check = 16;
$top = 255;
$checkip = $explodeip[1];
} elseif ($subnetmask < 8)
{
$start = $subnetip[0];
$check = 8;
$top = 254;
$checkip = $explodeip[0];
}
$end = $start + pow(2, ($check - $subnetmask));
if ($end > $top) $end = $top;
if ($checkip >= $start && $checkip <= $end)
return true;
else
return false;
} else {
// wow hard
$subnet = substr($ip, 0, strrpos($ip, '.')).".0/24";
return $subnet;
}
}
/**
* Method: user
* Description: Get the username of the logged in user
* Arguments: none
* Returns: the username, or false if not logged in
**/
function user () {
if (!empty($_SESSION['auth']['user']))
return $_SESSION['auth']['user'];
else
return false;
}
}