Peter M. Groen / knowledgetree

Commit 40551a3642232a8220195b1fb863d3c98c6dc30f

Authored by Michael Joseph
1 parent 3993dae0

streamlined session handling, and incorporated page level access checking into lib 

updated phpdocs
- @author
- @package
- @params
- GPL


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@369 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 49 additions and 29 deletions
lib/control.inc
  View file @40551a3
... ... @@ -5,17 +5,17 @@
5 5 *
6 6 * Contains the controller helper functions
7 7 *
8   - * Copyright (c) 1999-2002 The Owl Project Team
9 8 * Licensed under the GNU GPL. For full terms see the file COPYING.
  9 + *
10 10 * @version $Revision$
11   - * @author <a href="mailto:michael@jamwarehouse.com">Michael Joseph</a>, Jam Warehouse (Pty) Ltd, South Africa
12   - * @package dmslib
  11 + * @author Michael Joseph <michael@jamwarehouse.com>, Jam Warehouse (Pty) Ltd, South Africa
  12 + * @package lib.session
13 13 */
14 14  
15 15 /**
16 16 * Redirects to the specified URL
17 17 *
18   - * @param $url the URL to forward to
  18 + * @param string the URL to forward to
19 19 */
20 20 function redirect($url) {
21 21 // everything is relative to the root url
... ... @@ -27,8 +27,8 @@ function redirect($url) {
27 27 * Performs a redirect through the controller.
28 28 * Takes a controller action and queryString and builds url.
29 29 *
30   - * @param $action the controller action
31   - * @param $queryString additional querystring vars
  30 + * @param string the controller action
  31 + * @param string additional querystring vars
32 32 */
33 33 function controllerRedirect($action, $queryString) {
34 34 // generate url
... ... @@ -42,9 +42,8 @@ function controllerRedirect($action, $queryString) {
42 42 /**
43 43 * Returns a controller url.
44 44 *
45   - * @param $action the controller action to generate a url for
46   - *
47   - * @return the controller url
  45 + * @param string the controller action to generate a url for
  46 + * @return string the controller url
48 47 */
49 48 function generateControllerUrl($action) {
50 49 return "/control.php?action=$action";
... ... @@ -53,41 +52,62 @@ function generateControllerUrl($action) {
53 52 /**
54 53 * Generates a link via the control page, with the passed action
55 54 *
56   - * @param $action
57   - * the controller action to generate a link for
58   - * @return the generated href
  55 + * @param string the controller action to generate a link for
  56 + * @return string the generated href
59 57 */
60 58 function generateLink($action) {
61 59 return "<a href=\"" . generateControllerUrl($action) . "\">";
62 60 }
63 61  
64 62 /**
65   - * Verifies the current session
66   - * Automatically redirects to
67   - */
68   -function checkSession() {
  63 + * Checks the current session and redirects to the login page
  64 + * if the redirect parameter is true.
  65 + *
  66 + * @param boolean whether to automatically redirect to the login page on session verification failure
  67 + */
  68 +function checkSessionAndRedirect($bRedirect) {
69 69 global $default;
70 70  
71 71 $session = new Session();
72 72 $sessionStatus = $session->verify();
73 73  
74 74 if ($sessionStatus != 1) {
75   - // verification failed, redirect to login with error message
76   - $default->log->debug("checkSession:: session check failed");
77   - $url = $default->owl_root_url . "/login.php?loginAction=loginForm";
78   -
79   - $redirect = $_SERVER[PHP_SELF];
80   - if ((strlen($redirect) > 1) && ($redirect != "/control.php")) {
81   - $default->log->debug("checkSession:: redirect url=$redirect");
82   - // this session verification failure represents either the first visit to
83   - // the site OR a session timeout etc. (in which case we still want to bounce
84   - // the user to the login page, and then back to whatever page they're on now)
85   - $url = $url . "&redirect=" . $redirect;
  75 + if ($bRedirect) {
  76 + // verification failed, redirect to login with error message
  77 + $default->log->debug("checkSession:: session check failed");
  78 + $url = $default->owl_root_url . "/login.php?loginAction=loginForm";
  79 +
  80 + $redirect = $_SERVER[PHP_SELF];
  81 + if ((strlen($redirect) > 1) && ($redirect != "/control.php")) {
  82 + $default->log->debug("checkSession:: redirect url=$redirect");
  83 + // this session verification failure represents either the first visit to
  84 + // the site OR a session timeout etc. (in which case we still want to bounce
  85 + // the user to the login page, and then back to whatever page they're on now)
  86 + $url = $url . "&redirect=" . $redirect;
  87 + }
  88 + $default->log->debug("checkSession:: about to redirect to $url");
  89 + redirect($url);
  90 + } else {
  91 + return false;
86 92 }
87   - $default->log->debug("checkSession:: about to redirect to $url");
88   - redirect($url);
89 93 } else {
90 94 $default->log->debug("checkSession:: returning true");
91 95 return true;
  96 + }
  97 +}
  98 +
  99 +/**
  100 + * Verifies the current session
  101 + * Automatically redirects to the login page on session verification failure
  102 + */
  103 +function checkSession() {
  104 + if (checkSessionAndRedirect(true)) {
  105 + // the session is cool, now check if we access to this page
  106 + if ($_SESSION["pageAccess"][basename($_SERVER['SCRIPT_FILENAME'])]) {
  107 + return true;
  108 + } else {
  109 + return false;
  110 + }
92 111 }
  112 + // if the check session fails, we'll be redirected to the login page
93 113 }
... ...