includes/sessions.php
changeset 72 bda11e521e8a
parent 57 b354deeaa4c4
child 73 0a74676a2f2f
equal deleted inserted replaced
71:21770a1a5213 72:bda11e521e8a
  2050         $is_everyone = ( $row['target_type'] == ACL_TYPE_GROUP && $row['target_id'] == 1 );
  2050         $is_everyone = ( $row['target_type'] == ACL_TYPE_GROUP && $row['target_id'] == 1 );
  2051         $this->acl_merge_with_current($rules, $is_everyone);
  2051         $this->acl_merge_with_current($rules, $is_everyone);
  2052       } while ( $row = $db->fetchrow() );
  2052       } while ( $row = $db->fetchrow() );
  2053     }
  2053     }
  2054     
  2054     
       
  2055     // Cache the sitewide permissions for later use
       
  2056     $this->acl_base_cache = $this->perms;
       
  2057     
  2055     // Eliminate types that don't apply to this namespace
  2058     // Eliminate types that don't apply to this namespace
  2056     foreach ( $this->perms AS $i => $perm )
  2059     foreach ( $this->perms AS $i => $perm )
  2057     {
  2060     {
  2058       if ( !in_array ( $paths->namespace, $this->acl_scope[$i] ) && !in_array('All', $this->acl_scope[$i]) )
  2061       if ( !in_array ( $paths->namespace, $this->acl_scope[$i] ) && !in_array('All', $this->acl_scope[$i]) )
  2059       {
  2062       {
  2060         unset($this->perms[$i]);
  2063         unset($this->perms[$i]);
  2061       }
  2064       }
  2062     }
  2065     }
  2063     
       
  2064     // Cache the sitewide permissions for later use
       
  2065     $this->acl_base_cache = $this->perms;
       
  2066     
  2066     
  2067     // Build a query to grab ACL info
  2067     // Build a query to grab ACL info
  2068     $bs = 'SELECT rules,target_type,target_id FROM '.table_prefix.'acl WHERE ( ';
  2068     $bs = 'SELECT rules,target_type,target_id FROM '.table_prefix.'acl WHERE ( ';
  2069     $q = Array();
  2069     $q = Array();
  2070     $q[] = '( target_type='.ACL_TYPE_USER.' AND target_id='.$this->user_id.' )';
  2070     $q[] = '( target_type='.ACL_TYPE_USER.' AND target_id='.$this->user_id.' )';
  2366               v = \'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087\';
  2366               v = \'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087\';
  2367               break;
  2367               break;
  2368           }
  2368           }
  2369           var testpassed = ' . ( ( isset($_GET['use_crypt']) && $_GET['use_crypt']=='0') ? 'false; // CRYPTO-AUTH DISABLED ON USER REQUEST // ' : '' ) . '( ct == v && md5_vm_test() );
  2369           var testpassed = ' . ( ( isset($_GET['use_crypt']) && $_GET['use_crypt']=='0') ? 'false; // CRYPTO-AUTH DISABLED ON USER REQUEST // ' : '' ) . '( ct == v && md5_vm_test() );
  2370           var frm = document.forms.'.$form_name.';
  2370           var frm = document.forms.'.$form_name.';
  2371           if(testpassed)
       
  2372           {
       
  2373             frm.'.$use_crypt.'.value = \'yes\';
       
  2374             var cryptkey = frm.'.$crypt_key.'.value;
       
  2375             frm.'.$crypt_key.'.value = hex_md5(cryptkey);
       
  2376             cryptkey = hexToByteArray(cryptkey);
       
  2377             if(!cryptkey || ( ( typeof cryptkey == \'string\' || typeof cryptkey == \'object\' ) ) && cryptkey.length != keySizeInBits / 8 )
       
  2378             {
       
  2379               if ( frm._login ) frm._login.disabled = true;
       
  2380               len = ( typeof cryptkey == \'string\' || typeof cryptkey == \'object\' ) ? \'\\nLen: \'+cryptkey.length : \'\';
       
  2381               alert(\'The key is messed up\\nType: \'+typeof(cryptkey)+len);
       
  2382             }
       
  2383           }
       
  2384           function runEncryption()
  2371           function runEncryption()
  2385           {
  2372           {
       
  2373             var frm = document.forms.'.$form_name.';
  2386             if(testpassed)
  2374             if(testpassed)
  2387             {
  2375             {
  2388               var frm = document.forms.'.$form_name.';
  2376               frm.'.$use_crypt.'.value = \'yes\';
       
  2377               var cryptkey = frm.'.$crypt_key.'.value;
       
  2378               frm.'.$crypt_key.'.value = hex_md5(cryptkey);
       
  2379               cryptkey = hexToByteArray(cryptkey);
       
  2380               if(!cryptkey || ( ( typeof cryptkey == \'string\' || typeof cryptkey == \'object\' ) ) && cryptkey.length != keySizeInBits / 8 )
       
  2381               {
       
  2382                 if ( frm._login ) frm._login.disabled = true;
       
  2383                 len = ( typeof cryptkey == \'string\' || typeof cryptkey == \'object\' ) ? \'\\nLen: \'+cryptkey.length : \'\';
       
  2384                 alert(\'The key is messed up\\nType: \'+typeof(cryptkey)+len);
       
  2385               }
  2389               pass = frm.'.$pw_field.'.value;
  2386               pass = frm.'.$pw_field.'.value;
  2390               chal = frm.'.$challenge.'.value;
  2387               chal = frm.'.$challenge.'.value;
  2391               challenge = hex_md5(pass + chal) + chal;
  2388               challenge = hex_md5(pass + chal) + chal;
  2392               frm.'.$challenge.'.value = challenge;
  2389               frm.'.$challenge.'.value = challenge;
  2393               pass = stringToByteArray(pass);
  2390               pass = stringToByteArray(pass);
  2462    */
  2459    */
  2463    
  2460    
  2464   var $perms = Array();
  2461   var $perms = Array();
  2465   
  2462   
  2466   /**
  2463   /**
       
  2464    * Array to track which default permissions are being used
       
  2465    * @var array
       
  2466    * @access private
       
  2467    */
       
  2468    
       
  2469   var $acl_defaults_used = Array();
       
  2470   
       
  2471   /**
  2467    * Constructor.
  2472    * Constructor.
  2468    * @param string $page_id The ID of the page to check
  2473    * @param string $page_id The ID of the page to check
  2469    * @param string $namespace The namespace of the page to check.
  2474    * @param string $namespace The namespace of the page to check.
  2470    * @param array $acl_types List of ACL types
  2475    * @param array $acl_types List of ACL types
  2471    * @param array $acl_descs List of human-readable descriptions for permissions (associative)
  2476    * @param array $acl_descs List of human-readable descriptions for permissions (associative)
  2475    
  2480    
  2476   function Session_ACLPageInfo($page_id, $namespace, $acl_types, $acl_descs, $acl_deps, $base)
  2481   function Session_ACLPageInfo($page_id, $namespace, $acl_types, $acl_descs, $acl_deps, $base)
  2477   {
  2482   {
  2478     global $db, $session, $paths, $template, $plugins; // Common objects
  2483     global $db, $session, $paths, $template, $plugins; // Common objects
  2479     
  2484     
  2480     $this->perms = $session->acl_merge_complete($acl_types, $base);
       
  2481     $this->acl_deps = $acl_deps;
  2485     $this->acl_deps = $acl_deps;
  2482     $this->acl_types = $acl_types;
  2486     $this->acl_types = $acl_types;
  2483     $this->acl_descs = $acl_descs;
  2487     $this->acl_descs = $acl_descs;
       
  2488     
       
  2489     $this->perms = $acl_types;
       
  2490     $this->perms = $session->acl_merge_complete($this->perms, $base);
  2484     
  2491     
  2485     // Build a query to grab ACL info
  2492     // Build a query to grab ACL info
  2486     $bs = 'SELECT rules FROM '.table_prefix.'acl WHERE ( ';
  2493     $bs = 'SELECT rules FROM '.table_prefix.'acl WHERE ( ';
  2487     $q = Array();
  2494     $q = Array();
  2488     $q[] = '( target_type='.ACL_TYPE_USER.' AND target_id='.$session->user_id.' )';
  2495     $q[] = '( target_type='.ACL_TYPE_USER.' AND target_id='.$session->user_id.' )';
  2500     $q = $session->sql($bs);
  2507     $q = $session->sql($bs);
  2501     if ( $row = $db->fetchrow() )
  2508     if ( $row = $db->fetchrow() )
  2502     {
  2509     {
  2503       do {
  2510       do {
  2504         $rules = $session->string_to_perm($row['rules']);
  2511         $rules = $session->string_to_perm($row['rules']);
  2505         $this->perms = $session->acl_merge($this->perms, $rules);
  2512         $is_everyone = ( $row['target_type'] == ACL_TYPE_GROUP && $row['target_id'] == 1 );
       
  2513         $this->acl_merge_with_current($rules, $is_everyone);
  2506       } while ( $row = $db->fetchrow() );
  2514       } while ( $row = $db->fetchrow() );
  2507     }
  2515     }
  2508     
  2516     
  2509     $this->page_id = $page_id;
  2517     $this->page_id = $page_id;
  2510     $this->namespace = $namespace;
  2518     $this->namespace = $namespace;
  2517    * @return bool True if allowed, false if denied or if an error occured
  2525    * @return bool True if allowed, false if denied or if an error occured
  2518    */
  2526    */
  2519    
  2527    
  2520   function get_permissions($type, $no_deps = false)
  2528   function get_permissions($type, $no_deps = false)
  2521   {
  2529   {
       
  2530     // echo '<pre>' . print_r($this->perms, true) . '</pre>';
  2522     global $db, $session, $paths, $template, $plugins; // Common objects
  2531     global $db, $session, $paths, $template, $plugins; // Common objects
  2523     if ( isset( $this->perms[$type] ) )
  2532     if ( isset( $this->perms[$type] ) )
  2524     {
  2533     {
  2525       if ( $this->perms[$type] == AUTH_DENY )
  2534       if ( $this->perms[$type] == AUTH_DENY )
  2526         $ret = false;
  2535         $ret = false;
  2609       }
  2618       }
  2610     }
  2619     }
  2611     return true;
  2620     return true;
  2612   }
  2621   }
  2613   
  2622   
       
  2623   /**
       
  2624    * Merges the ACL array sent with the current permissions table, deciding precedence based on whether defaults are in effect or not.
       
  2625    * @param array The array to merge into the master ACL list
       
  2626    * @param bool If true, $perm is treated as the "new default"
       
  2627    * @param int 1 if this is a site-wide ACL, 2 if page-specific. Defaults to 2.
       
  2628    */
       
  2629   
       
  2630   function acl_merge_with_current($perm, $is_everyone = false, $scope = 2)
       
  2631   {
       
  2632     foreach ( $this->perms as $i => $p )
       
  2633     {
       
  2634       if ( isset($perm[$i]) )
       
  2635       {
       
  2636         if ( $is_everyone && !$this->acl_defaults_used[$i] )
       
  2637           continue;
       
  2638         // Decide precedence
       
  2639         if ( isset($this->acl_defaults_used[$i]) )
       
  2640         {
       
  2641           //echo "$i: default in use, overriding to: {$perm[$i]}<br />";
       
  2642           // Defaults are in use, override
       
  2643           $this->perms[$i] = $perm[$i];
       
  2644           $this->acl_defaults_used[$i] = ( $is_everyone );
       
  2645         }
       
  2646         else
       
  2647         {
       
  2648           //echo "$i: default NOT in use";
       
  2649           // Defaults are not in use, merge as normal
       
  2650           if ( $this->perms[$i] != AUTH_DENY )
       
  2651           {
       
  2652             //echo ", but overriding";
       
  2653             $this->perms[$i] = $perm[$i];
       
  2654           }
       
  2655           //echo "<br />";
       
  2656         }
       
  2657       }
       
  2658     }
       
  2659   }
       
  2660   
  2614 }
  2661 }
  2615 
  2662 
  2616 ?>
  2663 ?>