Peter M. Groen / knowledgetree

control.php 2.08 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 
<?php

/**
 * $Id$ 
 *  
 * Controller page -- controls the web application by responding to a set of
 * defined actions.  The controller performs session handling, page-level
 * authentication and forwards the request to the appropriate handling
 * page.  
 *
 * Licensed under the GNU GPL. For full terms see the file COPYING.
 *
 * @version $Revision$
 * @author <a href="mailto:michael@jamwarehouse.com">Michael Joseph</a>, Jam Warehouse (Pty) Ltd, South Africa
 * @package dmslib
 */

// main library routines and defaults
require_once("./config/dmsDefaults.php");
require_once("$default->owl_fs_root/lib/SiteMap.inc");

// -------------------------------
// page start
// -------------------------------

if (checkSession()) {
    // session check succeeds, so default action should be the dashboard if no action was specified
    if (!isset($action)) {
        $action = "dashboard";
    }
} else {
    // session check fails, so default action should be the login form if no action was specified
    if (!isset($action)) {
        $action = "loginForm";
    }
}

// reset authorisation flag before checking access
$_SESSION["authorised"] = false;

$default->log->info("control.php: checking ($action, " . $_SESSION["userID"] . ")");
// check whether the users group has access to the requested page
$page = $default->siteMap->getPage($action, $_SESSION["userID"]);

$default->log->debug("retrieved page=$page from SiteMap");
if (!$page) {
    $default->log->info("control.php: permission denied for ($action, " . $_SESSION["userID"] . ")");
    // this group doesn't have permission to access the page
    // or there is no page mapping for the requested action
    
    // FIXME: redirect to no permission page
    print "you do not have access to view this page!  please go away, and come back when you do.<br>";
    echo generateLink("logout") . "logout</a>";    

    exit;
} else {
    // set authorised flag and redirect
    $_SESSION["authorised"] = true;
    $default->log->debug("control.php: ($action, " . $_SESSION["userID"] . ")set authorised flag:" . $_SESSION["authorised"]);
    
    redirect($page);
}
?>