Documentation is available at basic_user.php
1 <?php
2 /**
3 * @author Jan H. Andersen <jha@ipwsystems.dk>
4 * @author Martin R. Larsen <mrl@ipwsystems.dk>
5 * @copyright {@link http://www.ipwsystems.dk/ IPW Systems a.s}
6 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
7 * @package METAjour
8 * @subpackage handler
9 * $Id: basic_user.php,v 1.18 2005/02/16 05:02:53 jan Exp $
10 */
11 require_once('ow.php');
12 require_once('core/basicclass.php'); #we need some defines from basicclass
13 include_once('core/ua/phpsniff.class.php');
14
15 class Basic_user {
16 var $_unlimitedaccess = false;
17 var $_systemaccountid = NULL;
18 var $_anonymousgroupid = NULL;
19 var $_client = NULL;
20 var $_objectidstack = array();
21 var $_headercache = array();
22 var $_stylecache = array();
23
24 function Basic_user() {
25 }
26
27 function addHeaderCache($id, $content) {
28 $this->_headercache[$id] = $content;
29 }
30
31 function addStyleCache($id, $content) {
32 $this->_stylecache[$id] = $content;
33 }
34
35 function getHeaderCache() {
36 return $this->_headercache;
37 }
38
39 function getStyleCache() {
40 return $this->_stylecache;
41 }
42
43 function setObjectIdStack($oid) {
44 if (is_array($oid)) {
45 $this->_objectidstack = $oid;
46 } else {
47 $this->_objectidstack[] = $oid;
48 }
49 }
50
51 function getObjectIdStack() {
52 return $this->_objectidstack;
53 }
54
55 function clearObjectIdStack() {
56 $this->_objectidstack = array();
57 }
58
59 /**
60 * Only for dealing with very special cases, where the current user needs
61 * to be granted unlimited access to all objects
62 * At the moment only used in eventhandler->fireEvent, to allow for retrieval
63 * of data on other users and usergroups.
64 * The value is (of course) not persistent between page impressions
65 * but remember to set the value to false again as soon as possible.
66 * Use with care!
67 */
68 function setUnlimitedAccess($value) {
69 $this->_unlimitedaccess = $value;
70 }
71
72 function getUnlimitedAccess() {
73 return $this->_unlimitedaccess;
74 }
75
76 function loggedIn() {
77 if ($this->getWebuser()) {
78 if ($this->getLevel() >= ACCESS_USER ) {
79 return true;
80 } else {
81 return false;
82 }
83 } else {
84 if ($this->getLevel() >= ACCESS_EDITOR ) {
85 return true;
86 } else {
87 return false;
88 }
89 }
90 }
91
92 function getRevisionControl() {
93 $app = $this->GetAppName();
94 if ($app == 'edocument') return true;
95 return false;
96 }
97
98 function getName() {
99 assert('!empty($_SESSION[\'usr\'][\'validusername\']); //* $_SESSION[\'usr\'][\'validusername\'] must be non-empty');
100 return $_SESSION['usr']['validusername'];
101 }
102
103 function getObjectId() {
104 assert('!empty($_SESSION[\'usr\'][\'validuserid\']) && is_numeric($_SESSION[\'usr\'][\'validuserid\']); //* $_SESSION[\'usr\'][\'validuserid\'] must be set and be an integer');
105 return $_SESSION['usr']['validuserid'];
106 }
107
108 function getLevel() {
109 return (isset($_SESSION['usr']['validuserlevel'])) ?
110 $_SESSION['usr']['validuserlevel'] : ACCESS_ANONYMOUS;
111 }
112
113 function getGroups() {
114 assert('$this->getLevel() >= ACCESS_ANONYMOUS //* $this->getLevel must be at least ACCESS_ANONYMOUS');
115 if ($this->getLevel() == ACCESS_ANONYMOUS)
116 return array($this->getAnonymousGroupId());
117 return $_SESSION['usr']['validusergroups'];
118 }
119
120 function getProfile() {
121 return $_SESSION['usr']['validprofile'];
122 }
123
124 function getSite() {
125 global $site
126 if (!isset($_SESSION['site'])) $_SESSION['site'] = $site;
127 assert('!empty($_SESSION[\'site\']); //* $_SESSION[\'site\'] must be non-empty');
128 return $_SESSION['site'];
129 }
130
131 function getWebuser() {
132 if (isset($_SESSION['usr']['webuser'])) return $_SESSION['usr']['webuser'];
133 return false;
134 }
135
136 function setWebuser($value) {
137 $_SESSION['usr']['webuser'] = $value;
138 }
139
140 function getSystemUrl() {
141 global $system_url
142 /**
143 * $system_url is always set in config.php
144 */
145 assert('!empty($system_url); //* $system_url must be non-empty');
146 return $system_url;
147 }
148
149 function getSystemPath() {
150 /**
151 * $system_path is always set in config.php
152 */
153 global $system_path
154 assert('!empty($system_path); //* $system_path must be non-empty');
155 return $system_path;
156 }
157
158 function getViewerUrl() {
159 global $viewer_url
160 /**
161 * $viewer_url is only set in site.php (and is only accessible in web-mode)
162 */
163 if (!isset($_SESSION['usr']['viewerurl'])) {
164 if (!empty($viewer_url)) {
165 $_SESSION['usr']['viewerurl'] = $viewer_url;
166 }
167 }
168 assert('!empty($_SESSION[\'usr\'][\'viewerurl\']); //* $viewer_url must be non-empty');
169 return $_SESSION['usr']['viewerurl'];
170 }
171
172 function setViewerUrl($url) {
173 $_SESSION['usr']['viewerurl'] = $url;
174 }
175
176 function getViewerPath() {
177 global $viewer_path
178 if (!isset($_SESSION['usr']['viewerpath'])) {
179 if (!empty($viewer_path)) {
180 $_SESSION['usr']['viewerpath'] = $viewer_path;
181 }
182 }
183 assert('!empty($_SESSION[\'usr\'][\'viewerpath\']); //* $viewer_path must be non-empty');
184 return $_SESSION['usr']['viewerpath'];
185 }
186
187 function setViewerPath($path) {
188 $_SESSION['usr']['viewerpath'] = $path;
189 }
190
191 function getProfileView($type,$view) {
192 if ($_SESSION['usr']['validprofile'][$type][$view] == 1) return true;
193 return false;
194 }
195
196 function getCreatedBy() {
197 $obj = owRead($this->getObjectId());
198 return $obj->elements[0]['object']['createdby'];
199 }
200
201
202 function logOut() {
203 unset($_SESSION['usr']);
204 unset($_SESSION['site']);
205 unset($_SESSION['guitemp']);
206 }
207
208 function logOutWebsite() {
209 unset($_SESSION['usr']);
210 }
211
212 function loadUserCfg() {
213 global $system_path
214 $_SESSION['gui'] = array();
215 $filename = $system_path."sites/".$this->getSite()."/usercfg/".$this->getName().".php";
216 if (file_exists($filename)) {
217 include($filename);
218 $_SESSION['gui'] = $USERCFG;
219 }
220 }
221
222 function correctlogIn($lsite, $username, $password) {
223 $db =& getDbConn();
224 /**
225 * @todo Escape the username and password parameters to avoid sql injection
226 */
227 if ($db->getone("select object.objectid from user, object where user.objectid = object.objectid and site= '".$lsite."' and name = '$username' and password = PASSWORD('$password') and deleted=0 and active=1")) {
228 return true;
229 } else {
230 return false;
231 }
232 }
233
234 function logIn($lsite, $username, $password, $website = 0) {
235 $db =& getDbConn();
236 /**
237 * @todo Escape the username and password parameters to avoid sql injection
238 */
239 if ($db->getone("select count(*) from user, object where user.objectid = object.objectid and site= '".$lsite."' and name = '$username' and password = PASSWORD('$password') and deleted=0 and active=1")) {
240 # $this->logOut(); #reset all sessionvariables
241 $uid = $db->getone("select user.objectid as res from user, object where user.objectid = object.objectid and site= '$lsite' and name = '$username' and deleted=0 and active=1");
242 $_SESSION['site'] = $lsite;
243 #######
244 $_SESSION['usr']['validusername'] = $username;
245 $_SESSION['usr']['validuserid'] = $uid;
246 $_SESSION['usr']['validuserlevel'] = $db->getone("select max(ug.level) as max from usergroupmember ugm inner join usergroup ug on ugm.groupid = ug.objectid where userid='$uid'");
247 $_SESSION['usr']['validusergroups'] = $db->getcol("select groupid from usergroupmember where userid='$uid'");
248 $row = $db->getrow("select * from site where site = '".$_SESSION['site']."'");
249 $this->setViewerUrl($row['website_url']);
250 $this->setViewerPath($row['website_path']);
251
252 $_SESSION['usr']['saveduserid'] = $uid;
253 setcookie("saveduserid",$_SESSION['usr']['saveduserid'],time()+31622400);
254
255 $u = owNew('user');
256 $u->setlistaccess(true);
257 $u->readobject($uid);
258 $_SESSION['usr']['restrictlanguage'] = $u->elements[0]['restrictlanguage'];
259 $_SESSION['usr']['objectlanguage'] = $u->elements[0]['objectlanguage'];
260 if ('' == $_SESSION['usr']['objectlanguage']) $_SESSION['usr']['objectlanguage'] = 'EN';
261 $_SESSION['usr']['validrootdir'] = $u->elements[0]['rootdir'];
262 $_SESSION['app'] = $u->elements[0]['app'];
263 $_SESSION['usr']['appavail'] = $u->elements[0]['appavail'];
264 $_SESSION['usr']['guilanguage'] = strtolower($u->elements[0]['guilanguage']);
265 if ('' == $_SESSION['usr']['guilanguage']) $_SESSION['usr']['guilanguage'] = 'en';
266
267 $pobj = owNew('profile');
268 $pobj->setlistaccess(true);
269 if ($u->elements[0]['profileid'] != 0) {
270 $pobj->readobject($u->elements[0]['profileid']);
271 } else {
272 if ($pobj->locatedefault()) $pobj->readobject($pobj->locatedefault());
273 }
274 $_SESSION['usr']['validprofile'] = $pobj->elements[0];
275 $this->loadUserCfg();
276 $db->execute("insert into statistics_login (sessionid, userid, timestamp, site, username, ip, website, failed) values ('".session_id()."','".$this->getObjectId()."',NOW(),'".$lsite."','".$username."','".$this->getIp()."','".$website."',0)");
277 return true;
278 } else {
279 $db->execute("insert into statistics_login (sessionid, userid, timestamp, site, username, ip, website, failed) values ('".session_id()."','0',NOW(),'".$lsite."','".$username."','".$this->getIp()."','".$website."',1)");
280 return false;
281 }
282 }
283
284 /**
285 * Only for use from showpage.php
286 */
287 function recognizeUser($force = false) {
288 if (!isset($_SESSION['usr']['saveduserid']) || $force) {
289 # if not, try to recognize the user from cookie
290 $notfound = false;
291 if ($_COOKIE['saveduserid'] <> '') {
292 $_SESSION['usr']['saveduserid'] = $_COOKIE['saveduserid'];
293 $_SESSION['usr']['validuserid'] = $_COOKIE['saveduserid'];
294 $_SESSION['usr']['validusername'] = 'AutoUser';
295 $u = owRead($_SESSION['usr']['validuserid']);
296 if ($u) {
297 $_SESSION['usr']['validusername'] = $u->elements[0]['name'];
298 } else {
299 $notfound = true;
300 }
301 } else {
302 $notfound = true;
303 }
304 if ($notfound) {
305 # Create temporary settings for usr-array, because we cannot
306 # instantiate a user-object if these variables are not set
307 $_SESSION['usr']['validuserid'] = $this->getSystemAccountId();
308 $_SESSION['usr']['validusername'] = 'AutoUser';
309
310 $u = owNew('user');
311 $u->createObject(array("name" => "AutoUser (¤_¤) ".$this->GetIp()." on ".date('Y-m-d H:i:s'), "objectlanguage" => $this->getPrimaryLanguage()),0);
312 $u->setSysHidden(true);
313 # remove line below, when we have fixed, that the elements-array
314 # is properly set after a createobject call
315 $u->readObject($u->getobjectid());
316 $_SESSION['usr']['validuserid'] = $u->getobjectid();
317 $_SESSION['usr']['validusername'] = $u->getName();
318 $_SESSION['usr']['saveduserid'] = $_SESSION['usr']['validuserid'];
319 setcookie("saveduserid",$_SESSION['usr']['saveduserid'],time()+31622400);
320 unset($u);
321 }
322 }
323 }
324
325 function getLanguage() {
326 return (isset($_SESSION['lang'])) ? $_SESSION['lang'] : $this->getPrimaryLanguage();
327 }
328
329 function setLanguage($lang) {
330 $_SESSION['lang'] = $lang;
331 }
332
333 function getGuiLanguage() {
334 return $_SESSION['usr']['guilanguage'];
335 }
336
337 function setGuiLanguage($lang) {
338 $_SESSION['usr']['guilanguage'] = strtolower($lang);
339 }
340
341 function getPrimaryLanguage() {
342 global $CONFIG
343 return (isset($CONFIG['primary_language'])) ? $CONFIG['primary_language'] : 'EN';
344 }
345
346 function getObjectLanguage() {
347 return (isset($_SESSION['usr']['objectlanguage'])) ? $_SESSION['usr']['objectlanguage'] : $this->getPrimaryLanguage();
348 }
349
350 function getLastVariantLanguage() {
351 return (isset($_SESSION['usr']['variantlanguage'])) ? $_SESSION['usr']['variantlanguage'] : $this->getPrimaryLanguage();
352 }
353
354 function setLastVariantLanguage($lang) {
355 $_SESSION['usr']['variantlanguage'] = $lang;
356 }
357
358 function getRestrictLanguage() {
359 return (isset($_SESSION['usr']['restrictlanguage'])) ? $_SESSION['usr']['restrictlanguage'] : false;
360 }
361
362 function getUserAgent() {
363 if ($this->_client == NULL) {
364 $this->_client = new phpSniff($UA,0);
365 $this->_client->init();
366 }
367 }
368
369 function getIp() {
370 $this->getUserAgent();
371 return ('' != $this->_client->_browser_info['ua']) ?
372 $this->_client->property('ip') : '';
373 }
374
375 function getSmartyVars() {
376 $user['name'] = $this->getName();
377 $user['objectid'] = $this->getObjectId();
378 $user['level'] = $this->getLevel();
379 $user['language'] = $this->getLanguage();
380 $this->getUserAgent();
381 if ('' != $this->_client->_browser_info['ua']) {
382 $user['useragent'] = $this->_client->property('ua');
383 $user['browser'] = $this->_client->property('browser');
384 $user['browserlongname'] = $this->_client->property('browserlongname');
385 $user['browserversion'] = $this->_client->property('version');
386 $user['browsermajversion'] = $this->_client->property('maj_ver');
387 $user['browserminversion'] = $this->_client->property('min_ver');
388 $user['browserletterversion'] = $this->_client->property('letter_ver');
389 $user['javascript'] = $this->_client->property('javascript');
390 $user['platform'] = $this->_client->property('platform');
391 $user['os'] = $this->_client->property('os');
392 $user['ip'] = $this->_client->property('ip');
393 $user['browserlanguage'] = strtoupper($this->_client->property('language'));
394 }
395 return $user;
396 }
397
398 function &getSmarty() {
399 define("SMARTY_DIR" , $this->getSystemPath() . 'core/template/');
400 require_once($this->getSystemPath() . 'core/template/Smarty.class.php');
401 $smarty = new Smarty;
402 $smarty->template_dir = $this->getSystemPath()."sites/".$this->getSite();
403 $smarty->compile_dir = $this->getSystemPath()."sites/".$this->getSite()."/compile";
404 $smarty->config_dir = $this->getSystemPath()."sites/".$this->getSite()."/tplcfg";
405 $smarty->compile_check = true;
406 $smarty->debugging = false;
407 $smarty->plugins_dir = array(SMARTY_DIR.'/plugins/',SMARTY_DIR.'metajour');
408 $smarty->assign("user",$this->getSmartyVars());
409 $system['site'] = $this->getSite();
410 $system['viewer_url'] = $this->getViewerUrl();
411 $system['viewer_path'] = $this->getViewerPath();
412 $system['system_url'] = $this->getSystemUrl();
413 $system['system_path'] = $this->getSystemPath();
414 $smarty->assign("system",$system);
415 $smarty->assign("server",$_SERVER);
416 $smarty->assign("get",$_GET);
417 $smarty->assign("post",$_POST);
418 $smarty->assign("request",$_REQUEST);
419 return $smarty;
420 }
421
422 function getViewCfg($otype, $name) {
423 if (isset($_SESSION['gui'][$otype][$name])) return $_SESSION['gui'][$otype][$name];
424 return false;
425 }
426
427 function isFieldSecret($otype, $fieldname) {
428 if ($_SESSION['gui'][$otype][$fieldname]['_fieldsecret_']) return true;
429 return false;
430 }
431
432 function isFieldHidden($otype, $fieldname) {
433 if ($_SESSION['gui'][$otype][$fieldname]['_fieldhidden_']) return true;
434 return false;
435 }
436
437 function fieldDefault($otype, $fieldname) {
438 if (isset($_SESSION['gui'][$otype][$fieldname]['_fielddefault_'])) return $_SESSION['gui'][$otype][$fieldname]['_fielddefault_'];
439 }
440
441 function getPrgName() {
442 if ($this->getAppName() != '') {
443 $namefile = $this->getSystemPath().'app/'.$this->getAppName().'/lang/appname.da.php';
444 if (file_exists($namefile)) {
445 include($namefile);
446 return $LANG['appname'];
447 }
448 } else {
449 return 'IPW METAjour';
450 }
451 }
452
453 function getAppName() {
454 if ($_SESSION['app'] == 'metajour') return '';
455 if (isset($_SESSION['app'])) return $_SESSION['app'];
456 return '';
457 }
458
459 function setAppName($app) {
460 $_SESSION['app'] = $app;
461 }
462
463 function isAppAvail($value) {
464 if ($this->getLevel() == ACCESS_ADMINISTRATOR) return true;
465 if (in_array($value,$_SESSION['usr']['appavail'])) return true;
466 }
467
468 function getAppAvail() {
469 return $_SESSION['usr']['appavail'];
470 }
471
472 function getVendor() {
473 return "IPW Systems a·s";
474 }
475
476 function getVersion() {
477 return "2.0";
478 }
479
480 function getSystemAccountId() {
481 $db =& getDbConn();
482 if ($this->_systemaccountid == NULL) {
483 $tmp = $db->getone("select user.objectid as res from user, object where user.objectid = object.objectid and site = '".$this->getSite()."' and name = 'SYSTEM' and object.deleted = 0 and object.active = 1");
484 if ($tmp) $this->_systemaccountid = $tmp;
485 }
486 assert('!empty($this->_systemaccountid) && is_numeric($this->_systemaccountid); //* $this->_systemaccountid must be set and be an integer');
487 return $this->_systemaccountid;
488 }
489
490 function getAnonymousGroupId() {
491 $db =& getDbConn();
492 if ($this->_anonymousgroupid == NULL) {
493 $tmp = $db->getone("select usergroup.objectid as res from usergroup, object where usergroup.objectid = object.objectid and site = '".$this->getSite()."' and level = '".ACCESS_ANONYMOUS."' and object.deleted = 0 and object.active = 1");
494 if ($tmp) $this->_anonymousgroupid = $tmp;
495 }
496 assert('!empty($this->_anonymousgroupid) && is_numeric($this->_anonymousgroupid); //* $this->_anonymousgroupid must be set and be an integer');
497 return $this->_anonymousgroupid;
498 }
499
500 function getDirFilter() {
501 return $this->getSystemPath()."sites/".$this->getSite()."/filter/";
502 }
503
504 function getDirFilterUpload() {
505 return $this->getSystemPath()."sites/".$this->getSite()."/filterupload/";
506 }
507
508 function getDirBinfile() {
509 return $this->getSystemPath()."sites/".$this->getSite()."/binfile/";
510 }
511
512 function getDirBinfileCache() {
513 return $this->getSystemPath()."sites/".$this->getSite()."/binfilecache/";
514 }
515
516 function getDirStaticbinfile() {
517 return $this->getSystemPath()."sites/".$this->getSite()."/staticbinfile/";
518 }
519
520 function getDirStimgbinfile() {
521 return $this->getViewerPath()."img/";
522 }
523
524 function getDirStfilebinfile() {
525 return $this->getViewerPath()."files/";
526 }
527
528 function getUrlFile() {
529 return $this->getViewerUrl()."img/";
530 }
531
532 function getUrlImg() {
533 return $this->getViewerUrl()."files/";
534 }
535 }
536
537 function &getUserHandler() {
538 static $_userhandler = null;
539 if (null === $_userhandler) {
540 $_userhandler = new basic_user;
541 }
542 return $_userhandler;
543 }
544
545
546 assert_options( ASSERT_CALLBACK, 'assert_callback');
547 function assert_callback( $script, $line, $message ) {
548 echo 'ASSERT CHECK FAILED: <b>', $script,'</b> on line <b>', $line,'</b> :<br />';
549 echo '<b>Description: ', ereg_replace( '^.*//\*', '', $message ), '</b><br />';
550 exit;
551 }
552
553 ?>
Documentation generated on Thu, 9 Jun 2005 06:51:11 +0200 by phpDocumentor 1.2.3