About
News
Downloads
Manual
Support
Examples
Releases
Community
Contact
Blog
Sources for file plugins/class/access.php in version 2.0 Beta 4
Click on a comment to hide it. Click here to show all comments.
<?PHP
/*
* Project: Onyx: PHP Application Backend
* File: plugins/class/access.php
* Access Control functions
*
* Version: 2.0b4
* CVS tag: $Id: access.php,v 1.8 2002/10/28 14:49:52 bok Exp $
* Author: Robert Amos <bok[at]ausmac.net>
* Andrew Wellington <proton[at]wiretapped.net>
* Copyright: 2001,2002 Shiznatz Inc.
*/
class access_plugin {
/*******************************************************\
* Method: sess_check *
* Description: Check for valid session and access. *
* Syntax: $access->sess_check(); *
* Returns: true, or an error *
\*******************************************************/
function sess_check () {
global $onyx_parent;
// if we dont have a location yet we better set one
$_SESSION['location'] = $this->location();
// if we're logged in, do auth stuff
if (!empty($_SESSION['auth']['user'])) {
// there really isnt much to do in here
// check that we havent expired
if (time() > $_SESSION['auth']["expiry"]) {
$this->logout ();
} else {
$_SESSION['auth']["expiry"] = time() + $onyx_parent->session_lifetime;
}
// check their subnet is the same
if ($_SESSION['auth']['subnet'] != $this->subnet()) {
$this->logout();
}
// check browser is the same
if ($_SESSION['auth']['browser'] != $_SERVER['HTTP_USER_AGENT']) {
$this->logout();
}
}
// check location of page
if (isset($onyx_parent->page['location']))
if ($onyx_parent->page['location'] != $_SESSION['location']) {
header("Location: $onyx_parent->location_redirect_url");
exit;
}
// access checking is the only thing left i guess
if (isset($onyx_parent->page["access"])) {
return $this->check($onyx_parent->page["access"]);
} elseif (isset($onyx_parent->page["acl"])) {
return $this->check($onyx_parent->page["acl"]);
}
// we're all done i guess
return true;
}
/***************************************************************\
* Method: logout *
* Description: Logout the current user *
* Syntax: $access->logout (); *
* Returns: true, always *
\***************************************************************/
function logout () {
// first destroy their user data
session_unregister('auth');
// reset location
$_SESSION['location'] = $this->location ();
}
/***************************************************************\
* Method: check *
* Description: return whether the user is allowed to access *
* Syntax: $access->check(mixed groups); *
* Returns: true if access ok, false if not *
\***************************************************************/
function check ($groups=NULL) {
// no groups? bleh, guess they can go in
if (is_null($groups) || empty($groups))
return true;
// a string? split it into the array
if (!is_array($groups))
$groups = explode(",", preg_replace('/\s/', '', $groups));
// If not allowed to be logged in
if (in_array('none', $groups))
if ($this->logged_in())
return false;
else
return true;
// guess we have to be logged in then hey
if (!$this->logged_in())
return false;
// required to be logged in, and they are
if (in_array('required', $groups) || in_array('all', $groups))
return true;
// current location in the list?
if (in_array($_SESSION['location'], $groups))
return true;
// ok, cycle the list
foreach ($groups as $group) {
// if its their username, fire away
if (strtoupper($group) == strtoupper($_SESSION['auth']['user']))
return true;
// make the group into a regexp
$group = preg_replace("/\*/", ".*?", $group);
$group = preg_replace("/([\@\(\)\|\[\]])/", "\\\\\\1",
$group);
// see if our regexp matches a current group
foreach ($_SESSION['auth']['groups'] as $var)
if (preg_match("/$group/i", $var))
return true;
}
// guess they arent allowed in hey
return false;
}
/***************************************************************\
* Method: location *
* Description: Determine the location to display *
* Syntax: $access->location(); *
* Returns: the location *
\***************************************************************/
function location () {
global $onyx_parent;
// check to see if we have any location properties
if (!is_array($onyx_parent->locations)) {
return 'default';
}
// loop through all our configured locations
foreach ($onyx_parent->locations as $key => $var) {
// if its not an array its one of our default ones
if (!is_array($var))
continue;
// see if our subnet is in the list
if ($this->logged_in() || in_array($this->subnet(), $var)) {
// check the host
if ($var['host'] == $_SERVER['HTTP_HOST']) {
// WE HAVE TEH WINNAR
return $key;
}
// check the first short name of the host
$host = explode('.', $_SERVER['HTTP_HOST']);
if ($host[0] == $var['host']) {
return $key;
}
}
}
// guess not
if (!empty($onyx_parent->locations['default'])) {
return $onyx_parent->locations['default'];
}
return 'default';
}
/***************************************************************\
* Method: subnet *
* Description: Create a Class C subnet for the given ip *
* Syntax: $access->subnet ( [ string ip ] ); *
* Returns: the subnet *
\***************************************************************/
function subnet ($ip=NULL) {
// default to REMOTE_ADDR
if (is_null($ip))
$ip = $_SERVER['REMOTE_ADDR'];
// wow hard
$subnet = substr($ip, 0, strrpos($ip, '.')).".0/24";
return $subnet;
}
/***************************************************************\
* Method: logged_in *
* Description: check if a user is logged in *
* Syntax: $access->logged_in(); *
* Returns: true if logged in, false otherwise *
\***************************************************************/
function logged_in () {
if (!empty($_SESSION['auth']['user']))
return true;
else
return false;
}
}