control.php
2.05 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
<?php
// main library routines and defaults
require_once("./config/dmsDefaults.php");
require_once("$default->owl_fs_root/lib/session/SiteMap.inc");
/**
* $Id$
*
* Controller page -- controls the web application by responding to a set of
* defined actions. The controller performs session handling, page-level
* authentication and forwards the request to the appropriate handling
* page.
*
* Licensed under the GNU GPL. For full terms see the file COPYING.
*
* @version $Revision$
* @author Michael Joseph <michael@jamwarehouse.com>, Jam Warehouse (Pty) Ltd, South Africa
* @package controller
*/
// -------------------------------
// page start
// -------------------------------
// check the session, but don't redirect if the check fails
if (checkSessionAndRedirect(false)) {
// session check succeeds, so default action should be the dashboard if no action was specified
if (!isset($action)) {
$action = "dashboard";
}
} else {
// session check fails, so default action should be the login form if no action was specified
if (!isset($action)) {
$action = "loginForm";
}
}
// (if there is no userID on the session and the action that we're looking up
// from the sitemap requires group access ie. !Anonymous then redirect to no
// permission page)
// check whether the users group has access to the requested page
$page = $default->siteMap->getPage($action, $_SESSION["userID"]);
$default->log->debug("retrieved page=$page from SiteMap");
if (!$page) {
// this user doesn't have permission to access the page
// or there is no page mapping for the requested action
// FIXME: redirect to no permission page
print "you do not have access to view this page! please go away, and come back when you do.<br>";
echo generateLink("logout") . "logout</a>";
exit;
} else {
// set authorised flag and redirect
$_SESSION["pageAccess"][$page] = true;
$default->log->debug("control.php: just set SESSION[\"pageAccess\"][$page]=" . $_SESSION["pageAccess"][$page]);
redirect($page);
}
?>