Commit 40551a3642232a8220195b1fb863d3c98c6dc30f
1 parent
3993dae0
streamlined session handling, and incorporated page level access checking into lib
updated phpdocs - @author - @package - @params - GPL git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@369 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
49 additions
and
29 deletions
lib/control.inc
| @@ -5,17 +5,17 @@ | @@ -5,17 +5,17 @@ | ||
| 5 | * | 5 | * |
| 6 | * Contains the controller helper functions | 6 | * Contains the controller helper functions |
| 7 | * | 7 | * |
| 8 | - * Copyright (c) 1999-2002 The Owl Project Team | ||
| 9 | * Licensed under the GNU GPL. For full terms see the file COPYING. | 8 | * Licensed under the GNU GPL. For full terms see the file COPYING. |
| 9 | + * | ||
| 10 | * @version $Revision$ | 10 | * @version $Revision$ |
| 11 | - * @author <a href="mailto:michael@jamwarehouse.com">Michael Joseph</a>, Jam Warehouse (Pty) Ltd, South Africa | ||
| 12 | - * @package dmslib | 11 | + * @author Michael Joseph <michael@jamwarehouse.com>, Jam Warehouse (Pty) Ltd, South Africa |
| 12 | + * @package lib.session | ||
| 13 | */ | 13 | */ |
| 14 | 14 | ||
| 15 | /** | 15 | /** |
| 16 | * Redirects to the specified URL | 16 | * Redirects to the specified URL |
| 17 | * | 17 | * |
| 18 | - * @param $url the URL to forward to | 18 | + * @param string the URL to forward to |
| 19 | */ | 19 | */ |
| 20 | function redirect($url) { | 20 | function redirect($url) { |
| 21 | // everything is relative to the root url | 21 | // everything is relative to the root url |
| @@ -27,8 +27,8 @@ function redirect($url) { | @@ -27,8 +27,8 @@ function redirect($url) { | ||
| 27 | * Performs a redirect through the controller. | 27 | * Performs a redirect through the controller. |
| 28 | * Takes a controller action and queryString and builds url. | 28 | * Takes a controller action and queryString and builds url. |
| 29 | * | 29 | * |
| 30 | - * @param $action the controller action | ||
| 31 | - * @param $queryString additional querystring vars | 30 | + * @param string the controller action |
| 31 | + * @param string additional querystring vars | ||
| 32 | */ | 32 | */ |
| 33 | function controllerRedirect($action, $queryString) { | 33 | function controllerRedirect($action, $queryString) { |
| 34 | // generate url | 34 | // generate url |
| @@ -42,9 +42,8 @@ function controllerRedirect($action, $queryString) { | @@ -42,9 +42,8 @@ function controllerRedirect($action, $queryString) { | ||
| 42 | /** | 42 | /** |
| 43 | * Returns a controller url. | 43 | * Returns a controller url. |
| 44 | * | 44 | * |
| 45 | - * @param $action the controller action to generate a url for | ||
| 46 | - * | ||
| 47 | - * @return the controller url | 45 | + * @param string the controller action to generate a url for |
| 46 | + * @return string the controller url | ||
| 48 | */ | 47 | */ |
| 49 | function generateControllerUrl($action) { | 48 | function generateControllerUrl($action) { |
| 50 | return "/control.php?action=$action"; | 49 | return "/control.php?action=$action"; |
| @@ -53,41 +52,62 @@ function generateControllerUrl($action) { | @@ -53,41 +52,62 @@ function generateControllerUrl($action) { | ||
| 53 | /** | 52 | /** |
| 54 | * Generates a link via the control page, with the passed action | 53 | * Generates a link via the control page, with the passed action |
| 55 | * | 54 | * |
| 56 | - * @param $action | ||
| 57 | - * the controller action to generate a link for | ||
| 58 | - * @return the generated href | 55 | + * @param string the controller action to generate a link for |
| 56 | + * @return string the generated href | ||
| 59 | */ | 57 | */ |
| 60 | function generateLink($action) { | 58 | function generateLink($action) { |
| 61 | return "<a href=\"" . generateControllerUrl($action) . "\">"; | 59 | return "<a href=\"" . generateControllerUrl($action) . "\">"; |
| 62 | } | 60 | } |
| 63 | 61 | ||
| 64 | /** | 62 | /** |
| 65 | - * Verifies the current session | ||
| 66 | - * Automatically redirects to | ||
| 67 | - */ | ||
| 68 | -function checkSession() { | 63 | + * Checks the current session and redirects to the login page |
| 64 | + * if the redirect parameter is true. | ||
| 65 | + * | ||
| 66 | + * @param boolean whether to automatically redirect to the login page on session verification failure | ||
| 67 | + */ | ||
| 68 | +function checkSessionAndRedirect($bRedirect) { | ||
| 69 | global $default; | 69 | global $default; |
| 70 | 70 | ||
| 71 | $session = new Session(); | 71 | $session = new Session(); |
| 72 | $sessionStatus = $session->verify(); | 72 | $sessionStatus = $session->verify(); |
| 73 | 73 | ||
| 74 | if ($sessionStatus != 1) { | 74 | if ($sessionStatus != 1) { |
| 75 | - // verification failed, redirect to login with error message | ||
| 76 | - $default->log->debug("checkSession:: session check failed"); | ||
| 77 | - $url = $default->owl_root_url . "/login.php?loginAction=loginForm"; | ||
| 78 | - | ||
| 79 | - $redirect = $_SERVER[PHP_SELF]; | ||
| 80 | - if ((strlen($redirect) > 1) && ($redirect != "/control.php")) { | ||
| 81 | - $default->log->debug("checkSession:: redirect url=$redirect"); | ||
| 82 | - // this session verification failure represents either the first visit to | ||
| 83 | - // the site OR a session timeout etc. (in which case we still want to bounce | ||
| 84 | - // the user to the login page, and then back to whatever page they're on now) | ||
| 85 | - $url = $url . "&redirect=" . $redirect; | 75 | + if ($bRedirect) { |
| 76 | + // verification failed, redirect to login with error message | ||
| 77 | + $default->log->debug("checkSession:: session check failed"); | ||
| 78 | + $url = $default->owl_root_url . "/login.php?loginAction=loginForm"; | ||
| 79 | + | ||
| 80 | + $redirect = $_SERVER[PHP_SELF]; | ||
| 81 | + if ((strlen($redirect) > 1) && ($redirect != "/control.php")) { | ||
| 82 | + $default->log->debug("checkSession:: redirect url=$redirect"); | ||
| 83 | + // this session verification failure represents either the first visit to | ||
| 84 | + // the site OR a session timeout etc. (in which case we still want to bounce | ||
| 85 | + // the user to the login page, and then back to whatever page they're on now) | ||
| 86 | + $url = $url . "&redirect=" . $redirect; | ||
| 87 | + } | ||
| 88 | + $default->log->debug("checkSession:: about to redirect to $url"); | ||
| 89 | + redirect($url); | ||
| 90 | + } else { | ||
| 91 | + return false; | ||
| 86 | } | 92 | } |
| 87 | - $default->log->debug("checkSession:: about to redirect to $url"); | ||
| 88 | - redirect($url); | ||
| 89 | } else { | 93 | } else { |
| 90 | $default->log->debug("checkSession:: returning true"); | 94 | $default->log->debug("checkSession:: returning true"); |
| 91 | return true; | 95 | return true; |
| 96 | + } | ||
| 97 | +} | ||
| 98 | + | ||
| 99 | +/** | ||
| 100 | + * Verifies the current session | ||
| 101 | + * Automatically redirects to the login page on session verification failure | ||
| 102 | + */ | ||
| 103 | +function checkSession() { | ||
| 104 | + if (checkSessionAndRedirect(true)) { | ||
| 105 | + // the session is cool, now check if we access to this page | ||
| 106 | + if ($_SESSION["pageAccess"][basename($_SERVER['SCRIPT_FILENAME'])]) { | ||
| 107 | + return true; | ||
| 108 | + } else { | ||
| 109 | + return false; | ||
| 110 | + } | ||
| 92 | } | 111 | } |
| 112 | + // if the check session fails, we'll be redirected to the login page | ||
| 93 | } | 113 | } |