gatekeeper
[ class tree: gatekeeper ] [ index: gatekeeper ] [ all elements ]
Packages:
bitweaver
article
blogs
boards
calendar
categories
chatterbox
fisheye
gatekeeper
hotwords
install
kernel
languages
liberty
messages
multisites
newsletters
nexus
pdf
PHPMailer
pigeonholes
protector
quicktags
quota
rss
search
shoutbox
Smarty
stars
stats
stickies
treasury
TreeMaker
users
wiki

Source for file LibertyGatekeeper.php

Documentation is available at LibertyGatekeeper.php

  1. <?php
  2. /**
  3.  * @version $Header: /cvsroot/bitweaver/_bit_gatekeeper/LibertyGatekeeper.php,v 1.18 2006/11/16 23:15:01 spiderr Exp $
  4.  *
  5.  *  Copyright (c) 2004 bitweaver.org
  6.  *  Copyright (c) 2003 tikwiki.org
  7.  *  Copyright (c) 2002-2003, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
  8.  *  All Rights Reserved. See copyright.txt for details and a complete list of authors.
  9.  *  Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details
  10.  *
  11.  *  $Id: LibertyGatekeeper.php,v 1.18 2006/11/16 23:15:01 spiderr Exp $
  12.  * @package gatekeeper
  13.  */
  14.  
  15. /**
  16.  * required setup
  17.  */
  18. require_onceLIBERTY_PKG_PATH.'LibertyBase.php' );
  19.  
  20. /**
  21.  * Gatekeeper class to illustrate best practices when creating a new bitweaver package that
  22.  * builds on core bitweaver functionality, such as the Liberty CMS engine
  23.  *
  24.  * @package gatekeeper
  25.  * @subpackage LibertyGatekeeper
  26.  *
  27.  *  created 2004/8/15
  28.  *
  29.  * @author spider <spider@steelsun.com>
  30.  *
  31.  * @version $Revision: 1.18 $ $Date: 2006/11/16 23:15:01 $ $Author: spiderr $
  32.  */
  33. class LibertyGatekeeper extends LibertyBase {
  34.     /**
  35.     * During initialisation, be sure to call our base constructors
  36.     **/
  37.  
  38.     function LibertyGatekeeper$pContentId=NULL {
  39.         $this->mContentId $pContentId;
  40.         LibertyBase::LibertyBase();
  41.     }
  42.  
  43.     function isValid({
  44.         return$this->verifyId$this->mContentId ) );
  45.     }
  46.  
  47.     function verifySecurity&$pParamHash {
  48.         if( ($pParamHash['security_id'!= 'public'&& !empty$pParamHash['access_level') ) {
  49.             // if we have an access level, we know we are trying to save/update,
  50.             // else perhaps we are just assigning security_id to content_id
  51.             ifempty$pParamHash['security_description'&& empty$pParamHash['security_id'|| $pParamHash['security_id'== 'new' ) ) {
  52.                 // default name to security access level instead of throwing an error
  53.                 $pParamHash['security_store']['security_description'$pParamHash['access_level'];
  54.             elseif!empty$pParamHash['security_description') ) {
  55.                 // we need to load the existing security_id to verify we user owns the security_id & if anything has changed
  56.                 $pParamHash['security_store']['security_description'substr$pParamHash['security_description']0160 );
  57.             }
  58.             if!empty$pParamHash['access_level') ) {
  59.                 $pParamHash['security_store']['is_hidden'($pParamHash['access_level'== 'hidden' 'y' NULL);
  60.                 $pParamHash['security_store']['is_private'($pParamHash['access_level'== 'private' 'y' NULL);
  61.                 // If we have an answer, store the question.
  62.                 if$pParamHash['access_level'== 'protected' && empty$pParamHash['access_answer') ) {
  63.                     $this->mErrors['security'tra"You must enter an answer for your security question." );
  64.                 else {
  65.                     $pParamHash['security_store']['access_question'!empty$pParamHash['access_answer'$pParamHash['access_question'NULL;
  66.                     $pParamHash['security_store']['access_answer'!empty$pParamHash['access_answer'trim$pParamHash['access_answer'NULL;
  67.                 }
  68.     //                $pParamHash['security_store']['group_id'] = !empty( $pParamHash['access_group_id'] ) ? $pParamHash['access_group_id'] : NULL;
  69.             }
  70.         }
  71.         returncount$this->mErrors == );
  72.     }
  73.  
  74.     function storeSecurity&$pParamHash {
  75.         if@$this->verifyId$pParamHash['content_id') ) {
  76.             // We'll first nuke any security mappings for this content_id
  77.             $sql "DELETE FROM `".BIT_DB_PREFIX."gatekeeper_security_map`
  78.                     WHERE `content_id` = ?";
  79.             $rs $this->mDb->query$sqlarray$pParamHash['content_id') );
  80.         }
  81.         if!empty$pParamHash['access_level'|| @$this->verifyId$pParamHash['security_id'&& $pParamHash['security_id'!= 'public') ) {
  82.             if$this->verifySecurity$pParamHash && !empty$pParamHash['security_store') ) {
  83.                 trim_array$pParamHash );
  84.                 if!empty$pParamHash['security_store') ) {
  85.                     global $gBitUser;
  86.                     $table BIT_DB_PREFIX."gatekeeper_security";
  87.                     if!(@$this->verifyId$pParamHash['security_id')) ) {
  88.                         $pParamHash['security_store']['user_id'$gBitUser->mUserId;
  89.                         $pParamHash['security_id'$this->mDb->GenID'gatekeeper_security_id_seq' );
  90.                         $pParamHash['security_store']['security_id'$pParamHash['security_id'];
  91.                         $result $this->mDb->associateInsert$table$pParamHash['security_store');
  92.                     else {
  93.                         $result $this->mDb->associateUpdate$table$pParamHash['security_store']array"security_id" => $pParamHash['security_id']) );
  94.                     }
  95.                 }
  96.             }
  97.  
  98.             if@$this->verifyId$pParamHash['content_id'&& @$this->verifyId$pParamHash['security_id') ) {
  99.                 $sql "INSERT INTO `".BIT_DB_PREFIX."gatekeeper_security_map` ( `content_id`, `security_id` ) VALUES (?,?)";
  100.                 $rs $this->mDb->query$sqlarray$pParamHash['content_id']$pParamHash['security_id') );
  101.             }
  102.         }
  103.         returncount$this->mErrors == );
  104.     }
  105.  
  106.     function getSecurityList$pUserId=NULL$pSecurityId=NULL$pSecurityDesc=NULL {
  107.         ifempty$pUserId ) ) {
  108.             global $gBitUser;
  109.             $pUserId $gBitUser->mUserId;
  110.         }
  111.         $whereSql NULL;
  112.         $bindVars array$pUserId );
  113.         if@$this->verifyId$pSecurityId ) ) {
  114.             $whereSql ' AND `security_id`=? ';
  115.             array_push$bindVars$pSecurityId );
  116.         }
  117.  
  118.         if$pSecurityDesc {
  119.             $whereSql .= ' AND `security_description`=? ';
  120.             array_push$bindVars$pSecurityDesc );
  121.         }
  122.  
  123.         $query "SELECT `security_id` AS `hash_id`, `security_id`, `user_id`, `security_description`, `is_private`, `is_hidden`, `access_question`, `access_answer` FROM `".BIT_DB_PREFIX."gatekeeper_securityWHERE `user_id`=? $whereSql";
  124.         return $this->mDb->getAssoc$query$bindVars );
  125.     }
  126.  
  127.     // guaranteeing pSecurityId is owned by someone else better happen upstream!
  128.     
  129.     function expungeSecurity$pSecurityId {
  130.         $ret FALSE;
  131.         if@$this->verifyId$pSecurityId ) ) {
  132.             $this->mDb->StartTrans();
  133.  
  134.             $sql "DELETE FROM `".BIT_DB_PREFIX."gatekeeper_security_map` WHERE security_id=?";
  135.             $rs $this->mDb->query$sqlarray$pSecurityId ) );
  136.  
  137.             $sql "DELETE FROM `".BIT_DB_PREFIX."gatekeeper_security` WHERE security_id=?";
  138.             $rs $this->mDb->query$sqlarray$pSecurityId ) );
  139.  
  140.             $this->mDb->CompleteTrans();
  141.             $ret TRUE;
  142.         }
  143.         return $ret;
  144.     }
  145. }
  146.  
  147. function gatekeeper_content_load({
  148.     $ret array(
  149.         'select_sql' => ' ,gs.`security_id` AS `has_access_control`, gs.`security_id`, gs.`security_description`, gs.`is_private`, gs.`is_hidden`, gs.`access_question`, gs.`access_answer`  ',
  150.         'join_sql' => " LEFT OUTER JOIN `".BIT_DB_PREFIX."gatekeeper_security_map` gsm ON ( lc.`content_id`=gsm.`content_id` )  LEFT OUTER JOIN `".BIT_DB_PREFIX."gatekeeper_security` gs ON ( gsm.`security_id`=gs.`security_id` ) ",
  151.     );
  152.     return $ret;
  153. }
  154.  
  155. function gatekeeper_content_store&$pObject&$pParamHash {
  156.     global $gBitSystem$gGatekeeper;
  157.     $errors NULL;
  158.     // If a content access system is active, let's call it
  159.     if$gBitSystem->isPackageActive'gatekeeper' ) ) {
  160.         if!$gGatekeeper->storeSecurity$pParamHash ) ) {
  161.             $errors['security'$gGatekeeper->mErrors['security'];
  162.         }
  163.     }
  164.     return$errors );
  165. }
  166.  
  167. function gatekeeper_content_display&$pContent&$pParamHash {
  168.     global $gBitSystem$gBitSmarty;
  169.     $pContent->hasUserPermission$pParamHash['perm_name');
  170. }
  171.  
  172. function gatekeeper_content_verify_access&$pContent&$pHash {
  173.     global $gBitUser$gBitSystem;
  174.  
  175.     if!count$pHash ) ) {
  176.         $pHash &$pContent->mInfo;
  177.     }
  178.     $error NULL;
  179.     if!$gBitUser->isRegistered(|| !($pHash['user_id'== $gBitUser->mUserId) ) {
  180.         if!($gBitUser->isAdmin()) ) {
  181.             if$pContent->mDb->isAdvancedPostgresEnabled() ) {
  182.                 global $gBitDb$gBitSmarty;
  183.                 // This code makes use of the badass /usr/share/pgsql/contrib/tablefunc.sql
  184.                 // contribution that you have to install like: psql foo < /usr/share/pgsql/contrib/tablefunc.sql
  185.                 // This code pulls all branches for the current node and determines if there is a path from this content to the root
  186.                 // without hitting a security_id. If there is clear path it returns TRUE. If there is a security_id, then
  187.                 // it determines if the current user has permission
  188.                 $query "SELECT branch,level,cb_item_content_id,cb_gallery_content_id,gs.*
  189.                         FROM connectby('`".BIT_DB_PREFIX."fisheye_gallery_image_map`', '`gallery_content_id`', '`item_content_id`', ?, 0, '/') AS t(`cb_gallery_content_id` int,`cb_item_content_id` int, `level` int, `branch` text)
  190.                             LEFT OUTER JOIN `".BIT_DB_PREFIX."gatekeeper_security_map` gsm ON (`cb_gallery_content_id`=gsm.`content_id`)
  191.                             LEFT OUTER JOIN `".BIT_DB_PREFIX."gatekeeper_security` gs ON (gs.`security_id`=gsm.`security_id`)
  192.                         ORDER BY branch
  193.                         ";
  194.         $gBitDb->setFatalActiveFALSE );
  195.                 $tree $pContent->mDb->getAssoc$queryarray$pHash['content_id') );
  196.         $gBitDb->setFatalActiveTRUE );
  197.                 if$tree {
  198.                     // we will assume true here since the prevention cases can repeatedly flag FALSE
  199.                     $lastLevel = -1;
  200.                     foreach$tree AS $branch => $node {
  201.                         if$node['level'<= $lastLevel {
  202.                             // we have moved followed a branch to the end and there is no security!
  203.                             unset$errorMessage );
  204.                             break;
  205.                         }
  206.                         if$node['security_id'{
  207.                             $ret FALSE;
  208.                             if$node['is_hidden'{
  209.                                 if!empty$pHash['no_fatal') ) {
  210.                                     // We are on a listing, so we should hide this with an empty error message
  211.                                     $errorMessage '';
  212.                                 }
  213.                             }
  214.                             if$node['is_private'{
  215.                                 if!empty$pHash['no_fatal') ) {
  216.                                     // We are on a listing, so we should hide this with an empty error message
  217.                                     $errorMessage '';
  218.                                 else {
  219.                                     $errorMessage tra'You cannot view this' ).' '.strtolowertra$pHash['content_type']['content_description') );
  220.                                 }
  221.                             }
  222.                             if!empty$node['access_answer') ) {
  223.                                 $pContent->mInfo array_merge$pHash$node );
  224.                                 if$valError gatekeeper_authenticate$nodeempty$pHash['no_fatal') ) ) {
  225.                                     $errorMessage $valError;
  226.                                 }
  227.                             }
  228.                         }
  229.                         $lastLevel $node['level'];
  230.                     }
  231.  
  232.                     ifisset$errorMessage ) ) {
  233.                         ifempty$pHash['no_fatal') ) {
  234.                             $gBitSystem->fatalError$errorMessage );
  235.                         else {
  236.                             $error['access_control'$errorMessage;
  237.                         }
  238.                     }
  239.  
  240.                 elseif!empty$gBitDb->mDb->_errorMsg ) ) {
  241.                     if$gBitUser->isOwner() ) {
  242.                         $gBitSmarty->assign'feedback'array'warning' => $gBitDb->mDb->_errorMsg.'<br/>'.tra'Please check the galleries to which this '.$pHash['content_description'].' belongs' ) ) );
  243.                     }
  244.                 }
  245.             elseif!empty$pHash['security_id') ) {
  246.                 // order matters here!
  247.                 if$pHash['is_hidden'== 'y' {
  248.                     $ret TRUE;
  249.                 }
  250.                 if$pHash['is_private'== 'y' {
  251.                     $errorMessage tra'You cannot view this' ).' '.strtolowertra$pHash['content_type']['content_description') );
  252.                     ifempty$pHash['no_fatal') ) {
  253.                         $gBitSystem->fatalError$errorMessage );
  254.                     else {
  255.                         $error['access_control'$errorMessage;
  256.                     }
  257.                 }
  258.                 if!empty$pHash['access_answer') ) {
  259.                     if!($valError gatekeeper_authenticate$pHashempty$pHash['no_fatal') ) ) ) {
  260.                         $error['access_control'$valError;
  261.                     }
  262.                 }
  263.             }
  264.         }
  265.     }
  266.     return $error;
  267. }
  268.  
  269.  
  270. function gatekeeper_authenticate&$pInfo$pFatalOnError TRUE {
  271.     global $gBitSystem$gBitSmarty;
  272.     $ret FALSE;
  273.  
  274.     ifempty$_SESSION['gatekeeper_security'][$pInfo['security_id']] || $_SESSION['gatekeeper_security'][$pInfo['security_id']] != md5$pInfo['access_answer') ) ) {
  275.         if!empty$_REQUEST['try_access_answer'&& strtouppertrim$_REQUEST['try_access_answer') ) == strtouppertrim($pInfo['access_answer']) ) ) {
  276.             // we have a successful password entry. Set the session so we don't ask for it again
  277.             $_SESSION['gatekeeper_security'][$pInfo['security_id']] md5$pInfo['access_answer');
  278.         else {
  279.             if$pFatalOnError {
  280.                 $gBitSystem->display("bitpackage:gatekeeper/authenticate.tpl""Password Required" );
  281.                 die;
  282.             else {
  283.                 $ret '<h2>'.tra"Password Required" ).'</h2>'.$gBitSmarty->fetch"bitpackage:gatekeeper/authenticate.tpl" );
  284.             }
  285.         }
  286.     }
  287.     return $ret;
  288. }
  289.  
  290.  
  291.  
  292.  
  293. function gatekeeper_content_edit&$pContent {
  294.     global $gGatekeeper$gBitUser$gBitSmarty;
  295.     $gBitSmarty->assign'securities'$gGatekeeper->getSecurityList$gBitUser->mUserId ) );
  296. }
  297.  
  298. global $gGatekeeper;
  299. $gGatekeeper new LibertyGatekeeper();
  300.  
  301. ?>
Documentation generated on Thu, 15 Feb 2007 20:42:26 +0000 by phpDocumentor 1.3.0