extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-08 17:14:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix for multiple domains via xml-rpc to ensure the correct domain

Browse Source
This commit is contained in:
Miles Lott 2005-08-14 17:01:30 +00:00
parent d61920a22b
commit 08b61a050e
2 changed files with 477 additions and 468 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

851
phpgwapi/inc/class.egw.inc.php
View File

@ -1,471 +1,488 @@
<?php <?php
/**************************************************************************\ /**************************************************************************\
* eGroupWare API loader * * eGroupWare API loader *
* This file was originaly written by Dan Kuykendall and Joseph Engo * * This file was originaly written by Dan Kuykendall and Joseph Engo *
* Copyright (C) 2000, 2001 Dan Kuykendall * * Copyright (C) 2000, 2001 Dan Kuykendall *
* Parts Copyright (C) 2003 Free Software Foundation * * Parts Copyright (C) 2003 Free Software Foundation *
* -------------------------------------------------------------------------* * -------------------------------------------------------------------------*
* Rewritten by RalfBecker@outdoor-training.de to store the eGW enviroment * * Rewritten by RalfBecker@outdoor-training.de to store the eGW enviroment *
* (egw-object and egw_info-array) in a php-session and restore it from * * (egw-object and egw_info-array) in a php-session and restore it from *
* there instead of creating it completly new on each page-request. * * there instead of creating it completly new on each page-request. *
* The enviroment gets now created by the egw-class * * The enviroment gets now created by the egw-class *
* -------------------------------------------------------------------------* * -------------------------------------------------------------------------*
* This library is part of the eGroupWare API http://www.egroupware.org * * This library is part of the eGroupWare API http://www.egroupware.org *
* ------------------------------------------------------------------------ * * ------------------------------------------------------------------------ *
* This program is free software; you can redistribute it and/or modify it * * This program is free software; you can redistribute it and/or modify it *
* under the terms of the GNU General Public License as published by the * * under the terms of the GNU General Public License as published by the *
* Free Software Foundation; either version 2 of the License, or (at your * * Free Software Foundation; either version 2 of the License, or (at your *
* option) any later version. * * option) any later version. *
\**************************************************************************/ \**************************************************************************/
/* $Id$ */ /* $Id$ */
/**
* New written class to create the eGW enviroment AND restore it from a php-session
*
* @author RalfBecker@outdoor-training.de
* @copyright GPL
* @package api
* @access public
*/
class egw
{
/** /**
* Turn on debug mode. Will output additional data for debugging purposes. * New written class to create the eGW enviroment AND restore it from a php-session
* @var string $debug *
* @author RalfBecker@outdoor-training.de
* @copyright GPL
* @package api
* @access public * @access public
*/ */
var $debug = 0; // This will turn on debugging information. class egw
/**
* @var egw_db-object $db instance of the db-object
*/
var $db;
var $config_table = 'phpgw_config';
/**
* Constructor: Instanciates the sub-classes
*
* @author RalfBecker@outdoor-training.de
* @param array $domain_names array with valid egw-domain names
*/
function egw($domain_names=null)
{ {
$GLOBALS['egw'] =& $this; // we need to be imediatly avalilible there for the other classes we instanciate /**
// for the migration: reference us to the old phpgw object * Turn on debug mode. Will output additional data for debugging purposes.
$GLOBALS['phpgw'] =& $this; * @var string $debug
* @access public
*/
var $debug = 0; // This will turn on debugging information.
/**
* @var egw_db-object $db instance of the db-object
*/
var $db;
var $config_table = 'phpgw_config';
// create the DB-object /**
$this->db =& CreateObject('phpgwapi.egw_db'); * Constructor: Instantiates the sub-classes
if ($this->debug) *
* @author RalfBecker@outdoor-training.de
* @param array $domain_names array with valid egw-domain names
*/
function egw($domain_names=null)
{ {
$this->db->Debug = 1; $GLOBALS['egw'] =& $this; // we need to be immediately available there for the other classes we instantiate
// for the migration: reference us to the old phpgw object
$GLOBALS['phpgw'] =& $this;
$this->setup($domain_names,True);
} }
$this->db->set_app('phpgwapi');
$this->db->Halt_On_Error = 'no'; /**
$this->db->connect( * Called every time the constructor is called. Also called by sessions to ensure the correct db,
$GLOBALS['egw_info']['server']['db_name'], * in which case we do not recreate the session object.
$GLOBALS['egw_info']['server']['db_host'], * @author RalfBecker@outdoor-training.de (moved to setup() by milos@groupwhere.org
$GLOBALS['egw_info']['server']['db_port'], * @param array $domain_names array with valid egw-domain names
$GLOBALS['egw_info']['server']['db_user'], * @param boolean $createsessionobject True to create the session object (default=True)
$GLOBALS['egw_info']['server']['db_pass'], */
$GLOBALS['egw_info']['server']['db_type'] function setup($domain_names,$createsessionobject=True)
);
// check if eGW is already setup, if not redirect to setup/
$this->db->select($this->config_table,'COUNT(config_name)',false,__LINE__,__FILE__);
if(!$this->db->next_record())
{ {
$setup_dir = str_replace($_SERVER['PHP_SELF'],'index.php','setup/'); // create the DB-object
echo '<center><b>Fatal Error:</b> It appears that you have not created the database tables for ' $this->db =& CreateObject('phpgwapi.egw_db');
.'eGroupWare. Click <a href="' . $setup_dir . '">here</a> to run setup.</center>'; if ($this->debug)
exit; {
$this->db->Debug = 1;
}
$this->db->set_app('phpgwapi');
$this->db->Halt_On_Error = 'no';
$this->db->connect(
$GLOBALS['egw_info']['server']['db_name'],
$GLOBALS['egw_info']['server']['db_host'],
$GLOBALS['egw_info']['server']['db_port'],
$GLOBALS['egw_info']['server']['db_user'],
$GLOBALS['egw_info']['server']['db_pass'],
$GLOBALS['egw_info']['server']['db_type']
);
// check if eGW is already setup, if not redirect to setup/
$this->db->select($this->config_table,'COUNT(config_name)',false,__LINE__,__FILE__);
if(!$this->db->next_record())
{
$setup_dir = str_replace($_SERVER['PHP_SELF'],'index.php','setup/');
echo '<center><b>Fatal Error:</b> It appears that you have not created the database tables for '
.'eGroupWare. Click <a href="' . $setup_dir . '">here</a> to run setup.</center>';
exit;
}
$this->db->Halt_On_Error = 'yes';
// Set the DB's client charset if a system-charset is set
$this->db->select($this->config_table,'config_value',array(
'config_app' => 'phpgwapi',
'config_name' => 'system_charset',
),__LINE__,__FILE__);
if ($this->db->next_record() && $this->db->f(0))
{
$this->db->Link_ID->SetCharSet($this->db->f(0));
}
// load up the $GLOBALS['egw_info']['server'] array
$this->db->select($this->config_table,'*',array('config_app' => 'phpgwapi'),__LINE__,__FILE__);
while (($row = $this->db->row(true)))
{
$GLOBALS['egw_info']['server'][$row['config_name']] = stripslashes($row['config_value']);
}
// setup the other subclasses
$this->log =& CreateObject('phpgwapi.errorlog');
$this->translation =& CreateObject('phpgwapi.translation');
$this->common =& CreateObject('phpgwapi.common');
$this->hooks =& CreateObject('phpgwapi.hooks');
$this->auth =& CreateObject('phpgwapi.auth');
$this->accounts =& CreateObject('phpgwapi.accounts');
$this->acl =& CreateObject('phpgwapi.acl');
/* Do not create the session object if called by the sessions class. This way
* we ensure the correct db based on the user domain.
*/
if($createsessionobject)
{
$this->session =& CreateObject('phpgwapi.sessions',$domain_names);
}
$this->preferences =& CreateObject('phpgwapi.preferences');
$this->applications =& CreateObject('phpgwapi.applications');
$this->contenthistory =& CreateObject('phpgwapi.contenthistory');
$this->datetime =& CreateObject('phpgwapi.datetime');
include_once(EGW_INCLUDE_ROOT.'/phpgwapi/inc/class.error.inc.php');
register_shutdown_function(array($this->common, 'egw_final'));
if ($GLOBALS['egw_info']['flags']['currentapp'] != 'login' && $GLOBALS['egw_info']['flags']['currentapp'] != 'logout')
{
$this->verify_session();
$this->applications->read_installed_apps(); // to get translated app-titles, has to be after verify_session
$this->define_egw_constants();
$this->load_theme_info();
$this->check_app_rights();
$this->load_optional_classes();
}
else // set the defines for login, in case it's more then just login
{
$this->define_egw_constants();
}
} }
$this->db->Halt_On_Error = 'yes';
// Set the DB's client charset if a system-charset is set
$this->db->select($this->config_table,'config_value',array(
'config_app' => 'phpgwapi',
'config_name' => 'system_charset',
),__LINE__,__FILE__);
if ($this->db->next_record() && $this->db->f(0))
{
$this->db->Link_ID->SetCharSet($this->db->f(0));
}
// load up the $GLOBALS['egw_info']['server'] array
$this->db->select($this->config_table,'*',array('config_app' => 'phpgwapi'),__LINE__,__FILE__);
while (($row = $this->db->row(true)))
{
$GLOBALS['egw_info']['server'][$row['config_name']] = stripslashes($row['config_value']);
}
// setup the other subclasses
$this->log =& CreateObject('phpgwapi.errorlog');
$this->translation =& CreateObject('phpgwapi.translation');
$this->common =& CreateObject('phpgwapi.common');
$this->hooks =& CreateObject('phpgwapi.hooks');
$this->auth =& CreateObject('phpgwapi.auth');
$this->accounts =& CreateObject('phpgwapi.accounts');
$this->acl =& CreateObject('phpgwapi.acl');
$this->session =& CreateObject('phpgwapi.sessions',$domain_names);
$this->preferences =& CreateObject('phpgwapi.preferences');
$this->applications =& CreateObject('phpgwapi.applications');
$this->contenthistory =& CreateObject('phpgwapi.contenthistory');
$this->datetime =& CreateObject('phpgwapi.datetime');
include_once(EGW_INCLUDE_ROOT.'/phpgwapi/inc/class.error.inc.php'); /**
* __wakeup function gets called by php while unserializing the egw-object, eg. reconnects to the DB
register_shutdown_function(array($this->common, 'egw_final')); *
* @author RalfBecker@outdoor-training.de
if ($GLOBALS['egw_info']['flags']['currentapp'] != 'login' && $GLOBALS['egw_info']['flags']['currentapp'] != 'logout') */
function __wakeup()
{ {
$this->verify_session(); $GLOBALS['egw'] =& $this; // we need to be immediately available there for the other classes we instantiate
$this->applications->read_installed_apps(); // to get translated app-titles, has to be after verify_session // for the migration: reference us to the old phpgw object
$GLOBALS['phpgw'] =& $this;
register_shutdown_function(array($this->common, 'egw_final'));
$this->db->connect(); // we need to re-connect
foreach(array('translation','hooks','auth','accounts','acl','session','preferences','applications','contenthistory','contacts') as $class)
{
if (is_object($this->$class->db))
{
$this->$class->db->Link_ID =& $this->db->Link_ID;
}
}
if ($GLOBALS['egw_info']['server']['account_repository'] == 'ldap')
{
// reconnect the LDAP server, unfortunally this does not work via accounts::__wakeup() as the common-object is not yet available
$this->accounts->ds = $this->common->ldapConnect();
}
$this->define_egw_constants(); $this->define_egw_constants();
}
/**
* wakeup2 funcontion needs to be called after unserializing the egw-object
*
* It adapts the restored object/enviroment to the changed (current) application / page-request
*
* @author RalfBecker@outdoor-training.de
*/
function wakeup2()
{
// do some application specific stuff, need to be done as we are different (current) app now
if (is_object($this->template))
{
$this->template->set_root(EGW_APP_TPL);
}
$this->translation->add_app($GLOBALS['egw_info']['flags']['currentapp']);
// verify the session
$GLOBALS['egw']->verify_session();
$GLOBALS['egw']->check_app_rights();
$this->load_theme_info();
$this->check_app_rights();
$this->load_optional_classes(); $this->load_optional_classes();
} }
else // set the defines for login, in case it's more then just login
{
$this->define_egw_constants();
}
}
/**
* __wakeup function gets called by php while unserializing the egw-object, eg. reconnects to the DB
*
* @author RalfBecker@outdoor-training.de
*/
function __wakeup()
{
$GLOBALS['egw'] =& $this; // we need to be imediatly avalilible there for the other classes we instanciate
// for the migration: reference us to the old phpgw object
$GLOBALS['phpgw'] =& $this;
register_shutdown_function(array($this->common, 'egw_final'));
$this->db->connect(); // we need to re-connect /**
foreach(array('translation','hooks','auth','accounts','acl','session','preferences','applications','contenthistory','contacts') as $class) * load optional classes by mentioning them in egw_info[flags][enable_CLASS_class] => true
*
* Also loads the template-class if not egw_info[flags][disable_Template_class] is set
*
* Maybe the whole thing should be depricated ;-)
*/
function load_optional_classes()
{ {
if (is_object($this->$class->db)) // load classes explicitly mentioned
foreach($GLOBALS['egw_info']['flags'] as $enable_class => $enable)
{ {
$this->$class->db->Link_ID =& $this->db->Link_ID; if ($enable && substr($enable_class,0,7) == 'enable_')
{
$enable_class = substr($enable_class,7,-6);
$this->$enable_class =& CreateObject('phpgwapi.'.$enable_class);
}
} }
}
if ($GLOBALS['egw_info']['server']['account_repository'] == 'ldap')
{
// reconnect the LDAP server, unfortunally this does not work via accounts::__wakeup() as the common-object is not yet availible
$this->accounts->ds = $this->common->ldapConnect();
}
$this->define_egw_constants();
}
/**
* wakeup2 funcontion needs to be called after unserializing the egw-object
*
* It adapts the restored object/enviroment to the changed (current) application / page-request
*
* @author RalfBecker@outdoor-training.de
*/
function wakeup2()
{
// do some application specific stuff, need to be done as we are different (current) app now
if (is_object($this->template))
{
$this->template->set_root(EGW_APP_TPL);
}
$this->translation->add_app($GLOBALS['egw_info']['flags']['currentapp']);
// verify the session
$GLOBALS['egw']->verify_session();
$GLOBALS['egw']->check_app_rights();
$this->load_optional_classes(); // load the template class, if not turned off
} if(!$GLOBALS['egw_info']['flags']['disable_Template_class'])
/**
* load optional classes by mentioning them in egw_info[flags][enable_CLASS_class] => true
*
* Also loads the template-class if not egw_info[flags][disable_Template_class] is set
*
* Maybe the whole thing should be depricated ;-)
*/
function load_optional_classes()
{
// load classes explicitly mentioned
foreach($GLOBALS['egw_info']['flags'] as $enable_class => $enable)
{
if ($enable && substr($enable_class,0,7) == 'enable_')
{ {
$enable_class = substr($enable_class,7,-6); $this->template =& CreateObject('phpgwapi.Template',EGW_APP_TPL);
$this->$enable_class =& CreateObject('phpgwapi.'.$enable_class);
} }
}
// load the template class, if not turned off
if(!$GLOBALS['egw_info']['flags']['disable_Template_class'])
{
$this->template =& CreateObject('phpgwapi.Template',EGW_APP_TPL);
}
// output the header unless the developer turned it off // output the header unless the developer turned it off
if (!@$GLOBALS['egw_info']['flags']['noheader']) if (!@$GLOBALS['egw_info']['flags']['noheader'])
{ {
$GLOBALS['egw']->common->egw_header(); $GLOBALS['egw']->common->egw_header();
} }
// Load the (depricated) app include files if they exists // Load the (depricated) app include files if they exists
if (EGW_APP_INC != "" && ! preg_match ('/phpgwapi/i', EGW_APP_INC) && if (EGW_APP_INC != "" && ! preg_match ('/phpgwapi/i', EGW_APP_INC) &&
file_exists(EGW_APP_INC . '/functions.inc.php') && !isset($_GET['menuaction'])) file_exists(EGW_APP_INC . '/functions.inc.php') && !isset($_GET['menuaction']))
{ {
include(EGW_APP_INC . '/functions.inc.php'); include(EGW_APP_INC . '/functions.inc.php');
} }
if (!@$GLOBALS['egw_info']['flags']['noheader'] && !@$GLOBALS['egw_info']['flags']['noappheader'] && if (!@$GLOBALS['egw_info']['flags']['noheader'] && !@$GLOBALS['egw_info']['flags']['noappheader'] &&
file_exists(EGW_APP_INC . '/header.inc.php') && !isset($_GET['menuaction'])) file_exists(EGW_APP_INC . '/header.inc.php') && !isset($_GET['menuaction']))
{ {
include(EGW_APP_INC . '/header.inc.php'); include(EGW_APP_INC . '/header.inc.php');
}
} }
}
/**
* Verfiy there is a valid session
*
* One can specify a callback, which gets called if there's no valid session. If the callback returns true, the parameter
* containst account-details (in keys login, passwd and passwd_type) to automatic create an (anonymous session)
*
* It also checks if enforce_ssl is set in the DB and redirects to the https:// version of the site.
*
* If there is no valid session and none could be automatic created, the function will redirect to login and NOT return
*/
function verify_session()
{
if(isset($GLOBALS['egw_info']['server']['enforce_ssl']) && !$_SERVER['HTTPS'])
{
Header('Location: https://' . $GLOBALS['egw_info']['server']['hostname'] . $GLOBALS['egw_info']['server']['webserver_url'] . $_SERVER['REQUEST_URI']);
exit;
}
$account_callback = $GLOBALS['egw_info']['flags']['autocreate_session_callback'];
// check if we have a session, if not try to automatic create one /**
if (!$this->session->verify() && * Verfiy there is a valid session
!($account_callback && function_exists($account_callback) && $account_callback($account) && *
* One can specify a callback, which gets called if there's no valid session. If the callback returns true, the parameter
* containst account-details (in keys login, passwd and passwd_type) to automatic create an (anonymous session)
*
* It also checks if enforce_ssl is set in the DB and redirects to the https:// version of the site.
*
* If there is no valid session and none could be automatic created, the function will redirect to login and NOT return
*/
function verify_session()
{
if(isset($GLOBALS['egw_info']['server']['enforce_ssl']) && !$_SERVER['HTTPS'])
{
Header('Location: https://' . $GLOBALS['egw_info']['server']['hostname'] . $GLOBALS['egw_info']['server']['webserver_url'] . $_SERVER['REQUEST_URI']);
exit;
}
$account_callback = $GLOBALS['egw_info']['flags']['autocreate_session_callback'];
// check if we have a session, if not try to automatic create one
if (!$this->session->verify() &&
!($account_callback && function_exists($account_callback) && $account_callback($account) &&
($sessionid = $this->session->create($account)))) ($sessionid = $this->session->create($account))))
{
//echo "<p>account_callback='$account_callback', account=".print_r($account,true).", sessionid=$sessionid</p>\n"; exit;
// we forward to the same place after the re-login
if ($GLOBALS['egw_info']['server']['webserver_url'] && $GLOBALS['egw_info']['server']['webserver_url'] != '/')
{ {
list(,$relpath) = explode($GLOBALS['egw_info']['server']['webserver_url'],$_SERVER['PHP_SELF'],2); //echo "<p>account_callback='$account_callback', account=".print_r($account,true).", sessionid=$sessionid</p>\n"; exit;
} // we forward to the same place after the re-login
else // the webserver-url is empty or just a slash '/' (eGW is installed in the docroot and no domain given) if ($GLOBALS['egw_info']['server']['webserver_url'] && $GLOBALS['egw_info']['server']['webserver_url'] != '/')
{
if (preg_match('/^https?:\/\/[^\/]*\/(.*)$/',$relpath=$_SERVER['PHP_SELF'],$matches))
{ {
$relpath = $matches[1]; list(,$relpath) = explode($GLOBALS['egw_info']['server']['webserver_url'],$_SERVER['PHP_SELF'],2);
} }
else // the webserver-url is empty or just a slash '/' (eGW is installed in the docroot and no domain given)
{
if (preg_match('/^https?:\/\/[^\/]*\/(.*)$/',$relpath=$_SERVER['PHP_SELF'],$matches))
{
$relpath = $matches[1];
}
}
// this removes the sessiondata if its saved in the URL
$query = preg_replace('/[&]?sessionid(=|%3D)[^&]+&kp3(=|%3D)[^&]+&domain=.*$/','',$_SERVER['QUERY_STRING']);
Header('Location: '.$GLOBALS['egw_info']['server']['webserver_url'].'/login.php?cd=10&phpgw_forward='.urlencode($relpath.(!empty($query) ? '?'.$query : '')));
exit;
} }
// this removes the sessiondata if its saved in the URL
$query = preg_replace('/[&]?sessionid(=|%3D)[^&]+&kp3(=|%3D)[^&]+&domain=.*$/','',$_SERVER['QUERY_STRING']);
Header('Location: '.$GLOBALS['egw_info']['server']['webserver_url'].'/login.php?cd=10&phpgw_forward='.urlencode($relpath.(!empty($query) ? '?'.$query : '')));
exit;
} }
}
/**
/** * Verify the user has rights for the requested app
* Verfiy the user has rights for the requested app *
* * If the user has no rights for the app (eg. called via URL) he get a permission denied page (this function does NOT return)
* If the user has no rights for the app (eg. called via URL) he get a permission denied page (this function does NOT return) */
*/ function check_app_rights()
function check_app_rights()
{
if ($GLOBALS['egw_info']['flags']['currentapp'] != 'about')
{ {
// This will need to use ACL in the future if ($GLOBALS['egw_info']['flags']['currentapp'] != 'about')
if (!$GLOBALS['egw_info']['user']['apps'][$GLOBALS['egw_info']['flags']['currentapp']] || {
// This will need to use ACL in the future
if (!$GLOBALS['egw_info']['user']['apps'][$GLOBALS['egw_info']['flags']['currentapp']] ||
($GLOBALS['egw_info']['flags']['admin_only'] && !$GLOBALS['egw_info']['user']['apps']['admin'])) ($GLOBALS['egw_info']['flags']['admin_only'] && !$GLOBALS['egw_info']['user']['apps']['admin']))
{
$this->common->egw_header();
if ($GLOBALS['egw_info']['flags']['noheader'])
{ {
echo parse_navbar(); $this->common->egw_header();
if ($GLOBALS['egw_info']['flags']['noheader'])
{
echo parse_navbar();
}
$this->log->write(array('text'=>'W-Permissions, Attempted to access %1','p1'=>$GLOBALS['egw_info']['flags']['currentapp']));
echo '<p><center><b>'.lang('Access not permitted').'</b></center>';
$this->common->egw_exit(True);
} }
$this->log->write(array('text'=>'W-Permissions, Attempted to access %1','p1'=>$GLOBALS['egw_info']['flags']['currentapp']));
echo '<p><center><b>'.lang('Access not permitted').'</b></center>';
$this->common->egw_exit(True);
} }
} }
}
/**
* Load old theme info into egw_info[theme]
*
* @deprecated all theming should be done via CSS files of the template
*/
function load_theme_info()
{
global $phpgw_info; // this is necesary as the included theme-files use $phpgw_info !!!
// at the moment we still need the theme files, hopefully they are gone soon in favor of CSS /**
if(@file_exists(EGW_SERVER_ROOT . '/phpgwapi/themes/' . $GLOBALS['egw_info']['user']['preferences']['common']['theme'] . '.theme')) * Load old theme info into egw_info[theme]
*
* @deprecated all theming should be done via CSS files of the template
*/
function load_theme_info()
{ {
include($file = EGW_SERVER_ROOT . '/phpgwapi/themes/' . $GLOBALS['egw_info']['user']['preferences']['common']['theme'] . '.theme'); global $phpgw_info; // this is necesary as the included theme-files use $phpgw_info !!!
// at the moment we still need the theme files, hopefully they are gone soon in favor of CSS
if(@file_exists(EGW_SERVER_ROOT . '/phpgwapi/themes/' . $GLOBALS['egw_info']['user']['preferences']['common']['theme'] . '.theme'))
{
include($file = EGW_SERVER_ROOT . '/phpgwapi/themes/' . $GLOBALS['egw_info']['user']['preferences']['common']['theme'] . '.theme');
}
elseif(@file_exists(EGW_SERVER_ROOT . '/phpgwapi/themes/default.theme'))
{
include($file = EGW_SERVER_ROOT . '/phpgwapi/themes/default.theme');
}
else
{
// Hope we don't get to this point. Better then the user seeing a
// complety back screen and not know whats going on
echo '<body bgcolor="FFFFFF">';
$this->log->write(array('text'=>'F-Abort, No themes found'));
exit;
}
} }
elseif(@file_exists(EGW_SERVER_ROOT . '/phpgwapi/themes/default.theme'))
/**
* create all the defines / constants of the eGW-environment (plus the deprecated phpgw ones)
*/
function define_egw_constants()
{ {
include($file = EGW_SERVER_ROOT . '/phpgwapi/themes/default.theme'); define('SEP',filesystem_separator());
define('EGW_ACL_READ',1);
define('EGW_ACL_ADD',2);
define('EGW_ACL_EDIT',4);
define('EGW_ACL_DELETE',8);
define('EGW_ACL_PRIVATE',16);
define('EGW_ACL_GROUP_MANAGERS',32);
define('EGW_ACL_CUSTOM_1',64);
define('EGW_ACL_CUSTOM_2',128);
define('EGW_ACL_CUSTOM_3',256);
// and the old ones
define('PHPGW_ACL_READ',1);
define('PHPGW_ACL_ADD',2);
define('PHPGW_ACL_EDIT',4);
define('PHPGW_ACL_DELETE',8);
define('PHPGW_ACL_PRIVATE',16);
define('PHPGW_ACL_GROUP_MANAGERS',32);
define('PHPGW_ACL_CUSTOM_1',64);
define('PHPGW_ACL_CUSTOM_2',128);
define('PHPGW_ACL_CUSTOM_3',256);
// A few hacker resistant constants that will be used throught the program
define('EGW_TEMPLATE_DIR', $this->common->get_tpl_dir('phpgwapi'));
define('EGW_IMAGES_DIR', $this->common->get_image_path('phpgwapi'));
define('EGW_IMAGES_FILEDIR', $this->common->get_image_dir('phpgwapi'));
define('EGW_APP_ROOT', $this->common->get_app_dir());
define('EGW_APP_INC', $this->common->get_inc_dir());
define('EGW_APP_TPL', $this->common->get_tpl_dir());
define('EGW_IMAGES', $this->common->get_image_path());
define('EGW_APP_IMAGES_DIR', $this->common->get_image_dir());
// and the old ones
define('PHPGW_TEMPLATE_DIR',EGW_TEMPLATE_DIR);
define('PHPGW_IMAGES_DIR',EGW_IMAGES_DIR);
define('PHPGW_IMAGES_FILEDIR',EGW_IMAGES_FILEDIR);
define('PHPGW_APP_ROOT',EGW_APP_ROOT);
define('PHPGW_APP_INC',EGW_APP_INC);
define('PHPGW_APP_TPL',EGW_APP_TPL);
define('PHPGW_IMAGES',EGW_IMAGES);
define('PHPGW_APP_IMAGES_DIR',EGW_APP_IMAGES_DIR);
} }
else
/**
* force the session cache to be re-created, because some of it's data changed
*
* Needs to be called if user-preferences, system-config or enabled apps of the current user have been changed and
* the change should have immediate effect
*/
function invalidate_session_cache()
{ {
// Hope we don't get to this point. Better then the user seeing a unset($_SESSION['egw_info_cache']);
// complety back screen and not know whats going on unset($_SESSION['egw_included_files']);
echo '<body bgcolor="FFFFFF">'; unset($_SESSION['egw_object_cache']);
$this->log->write(array('text'=>'F-Abort, No themes found')); }
/**
* run string through htmlspecialchars and stripslashes
*
* @param string $s
* @return string The string with html special characters replaced with entities
*/
function strip_html($s)
{
return htmlspecialchars(stripslashes($s));
}
/**
* Link url generator
*
* Used for backwards compatibility and as a shortcut. If no url is passed, it will use PHP_SELF. Wrapper to session->link()
*
* @param string $string The url the link is for
* @param string/array $extravars Extra params to be passed to the url
* @return string The full url after processing
*/
function link($url = '', $extravars = '')
{
return $this->session->link($url, $extravars);
}
function redirect_link($url = '',$extravars='')
{
$this->redirect($this->session->link($url, $extravars));
}
/**
* Handles redirects under iis and apache, it does NOT return (calls exit)
*
* This function handles redirects under iis and apache it assumes that $phpgw->link() has already been called
*
* @param string The url ro redirect to
*/
function redirect($url = '')
{
/* global $HTTP_ENV_VARS; */
$iis = @strpos($GLOBALS['HTTP_ENV_VARS']['SERVER_SOFTWARE'], 'IIS', 0);
if(!$url)
{
$url = $_SERVER['PHP_SELF'];
}
if($iis)
{
echo "\n<HTML>\n<HEAD>\n<TITLE>Redirecting to $url</TITLE>";
echo "\n<META HTTP-EQUIV=REFRESH CONTENT=\"0; URL=$url\">";
echo "\n</HEAD><BODY>";
echo "<H3>Please continue to <a href=\"$url\">this page</a></H3>";
echo "\n</BODY></HTML>";
}
else
{
Header("Location: $url");
print("\n\n");
}
exit; exit;
} }
}
/** /**
* create all the defines / constants of the eGW-enviroment (plus the depricated phpgw ones) * Shortcut to translation class
*/ *
function define_egw_constants() * This function is a basic wrapper to translation->translate()
{ *
define('SEP',filesystem_separator()); * @deprecated only used in the old timetracker
define('EGW_ACL_READ',1); * @param string The key for the phrase
define('EGW_ACL_ADD',2); * @see translation->translate()
define('EGW_ACL_EDIT',4); */
define('EGW_ACL_DELETE',8); function lang($key,$args=null)
define('EGW_ACL_PRIVATE',16);
define('EGW_ACL_GROUP_MANAGERS',32);
define('EGW_ACL_CUSTOM_1',64);
define('EGW_ACL_CUSTOM_2',128);
define('EGW_ACL_CUSTOM_3',256);
// and the old ones
define('PHPGW_ACL_READ',1);
define('PHPGW_ACL_ADD',2);
define('PHPGW_ACL_EDIT',4);
define('PHPGW_ACL_DELETE',8);
define('PHPGW_ACL_PRIVATE',16);
define('PHPGW_ACL_GROUP_MANAGERS',32);
define('PHPGW_ACL_CUSTOM_1',64);
define('PHPGW_ACL_CUSTOM_2',128);
define('PHPGW_ACL_CUSTOM_3',256);
// A few hacker resistant constants that will be used throught the program
define('EGW_TEMPLATE_DIR', $this->common->get_tpl_dir('phpgwapi'));
define('EGW_IMAGES_DIR', $this->common->get_image_path('phpgwapi'));
define('EGW_IMAGES_FILEDIR', $this->common->get_image_dir('phpgwapi'));
define('EGW_APP_ROOT', $this->common->get_app_dir());
define('EGW_APP_INC', $this->common->get_inc_dir());
define('EGW_APP_TPL', $this->common->get_tpl_dir());
define('EGW_IMAGES', $this->common->get_image_path());
define('EGW_APP_IMAGES_DIR', $this->common->get_image_dir());
// and the old ones
define('PHPGW_TEMPLATE_DIR',EGW_TEMPLATE_DIR);
define('PHPGW_IMAGES_DIR',EGW_IMAGES_DIR);
define('PHPGW_IMAGES_FILEDIR',EGW_IMAGES_FILEDIR);
define('PHPGW_APP_ROOT',EGW_APP_ROOT);
define('PHPGW_APP_INC',EGW_APP_INC);
define('PHPGW_APP_TPL',EGW_APP_TPL);
define('PHPGW_IMAGES',EGW_IMAGES);
define('PHPGW_APP_IMAGES_DIR',EGW_APP_IMAGES_DIR);
}
/**
* force the session cache to be re-created, because some of it's data changed
*
* Needs to be called if user-preferences, system-config or enabled apps of the current user have been changed and
* the change should have immediate effect
*/
function invalidate_session_cache()
{
unset($_SESSION['egw_info_cache']);
unset($_SESSION['egw_included_files']);
unset($_SESSION['egw_object_cache']);
}
/**
* run string through htmlspecialchars and stripslashes
*
* @param string $s
* @return string The string with html special characters replaced with entities
*/
function strip_html($s)
{
return htmlspecialchars(stripslashes($s));
}
/**
* Link url generator
*
* Used for backwards compatibility and as a shortcut. If no url is passed, it will use PHP_SELF. Wrapper to session->link()
*
* @param string $string The url the link is for
* @param string/array $extravars Extra params to be passed to the url
* @return string The full url after processing
*/
function link($url = '', $extravars = '')
{
return $this->session->link($url, $extravars);
}
function redirect_link($url = '',$extravars='')
{
$this->redirect($this->session->link($url, $extravars));
}
/**
* Handles redirects under iis and apache, it does NOT return (calls exit)
*
* This function handles redirects under iis and apache it assumes that $phpgw->link() has already been called
*
* @param string The url ro redirect to
*/
function redirect($url = '')
{
/* global $HTTP_ENV_VARS; */
$iis = @strpos($GLOBALS['HTTP_ENV_VARS']['SERVER_SOFTWARE'], 'IIS', 0);
if(!$url)
{ {
$url = $_SERVER['PHP_SELF']; if (!is_array($args))
{
$args = func_get_args();
array_shift($args);
}
return $this->translation->translate($key,$args);
} }
if($iis)
{
echo "\n<HTML>\n<HEAD>\n<TITLE>Redirecting to $url</TITLE>";
echo "\n<META HTTP-EQUIV=REFRESH CONTENT=\"0; URL=$url\">";
echo "\n</HEAD><BODY>";
echo "<H3>Please continue to <a href=\"$url\">this page</a></H3>";
echo "\n</BODY></HTML>";
}
else
{
Header("Location: $url");
print("\n\n");
}
exit;
} }
/**
* Shortcut to translation class
*
* This function is a basic wrapper to translation->translate()
*
* @deprecated only used in the old timetracker
* @param string The key for the phrase
* @see translation->translate()
*/
function lang($key,$args=null)
{
if (!is_array($args))
{
$args = func_get_args();
array_shift($args);
}
return $this->translation->translate($key,$args);
}
}

94
phpgwapi/inc/class.sessions.inc.php
View File

@ -22,7 +22,7 @@
* along with this library; if not, write to the Free Software Foundation, * * along with this library; if not, write to the Free Software Foundation, *
* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
\**************************************************************************/ \**************************************************************************/
/* $Id$ */ /* $Id$ */
/** /**
@ -206,46 +206,6 @@
} }
} }
/**
* Introspection for XML-RPC/SOAP
* Diabled - why??
*
* @param string $_type tpye of introspection being sought
* @return array available methods and args
*/
function DONTlist_methods($_type)
{
if (is_array($_type))
{
$_type = $_type['type'];
}
switch($_type)
{
case 'xmlrpc':
$xml_functions = array(
'list_methods' => array(
'function' => 'list_methods',
'signature' => array(array(xmlrpcStruct,xmlrpcString)),
'docstring' => lang('Read this list of methods.')
),
'update_dla' => array(
'function' => 'update_dla',
'signature' => array(array(xmlrpcBoolean)),
'docstring' => lang('Returns an array of todo items')
)
);
return $xml_functions;
break;
case 'soap':
return $this->soap_functions;
break;
default:
return array();
break;
}
}
function split_login_domain($both,&$login,&$domain) function split_login_domain($both,&$login,&$domain)
{ {
$parts = explode('@',$both); $parts = explode('@',$both);
@ -309,6 +269,20 @@
$this->split_login_domain($session['session_lid'],$this->account_lid,$this->account_domain); $this->split_login_domain($session['session_lid'],$this->account_lid,$this->account_domain);
/* This is to ensure that we authenticate to the correct domain (might not be default) */
if($this->account_domain != $GLOBALS['egw_info']['user']['domain'])
{
$GLOBALS['egw']->ADOdb = null;
$GLOBALS['egw_info']['user']['domain'] = $this->account_domain;
// reset the db
$GLOBALS['egw_info']['server']['db_host'] = $GLOBALS['egw_domain'][$this->account_domain]['db_host'];
$GLOBALS['egw_info']['server']['db_port'] = $GLOBALS['egw_domain'][$this->account_domain]['db_port'];
$GLOBALS['egw_info']['server']['db_name'] = $GLOBALS['egw_domain'][$this->account_domain]['db_name'];
$GLOBALS['egw_info']['server']['db_user'] = $GLOBALS['egw_domain'][$this->account_domain]['db_user'];
$GLOBALS['egw_info']['server']['db_pass'] = $GLOBALS['egw_domain'][$this->account_domain]['db_pass'];
$GLOBALS['egw_info']['server']['db_type'] = $GLOBALS['egw_domain'][$this->account_domain]['db_type'];
$GLOBALS['egw']->setup('',False);
}
$GLOBALS['egw_info']['user']['kp3'] = $this->kp3; $GLOBALS['egw_info']['user']['kp3'] = $this->kp3;
$this->update_dla(); $this->update_dla();
@ -325,8 +299,11 @@
$this->iv = $GLOBALS['egw_info']['server']['mcrypt_iv']; $this->iv = $GLOBALS['egw_info']['server']['mcrypt_iv'];
$GLOBALS['egw']->crypto->init(array($this->key,$this->iv)); $GLOBALS['egw']->crypto->init(array($this->key,$this->iv));
if ($fill_egw_info_and_repositories) $this->read_repositories(@$GLOBALS['egw_info']['server']['cache_phpgw_info']); if ($fill_egw_info_and_repositories)
{
$this->read_repositories(@$GLOBALS['egw_info']['server']['cache_phpgw_info']);
}
if ($this->user['expires'] != -1 && $this->user['expires'] < time()) if ($this->user['expires'] != -1 && $this->user['expires'] < time())
{ {
if(is_object($GLOBALS['egw']->log)) if(is_object($GLOBALS['egw']->log))
@ -345,7 +322,7 @@
{ {
$GLOBALS['egw_info']['user'] = $this->user; $GLOBALS['egw_info']['user'] = $this->user;
$GLOBALS['egw_info']['hooks'] = $this->hooks; $GLOBALS['egw_info']['hooks'] = $this->hooks;
$GLOBALS['egw_info']['user']['session_ip'] = $session['session_ip']; $GLOBALS['egw_info']['user']['session_ip'] = $session['session_ip'];
$GLOBALS['egw_info']['user']['passwd'] = base64_decode($this->appsession('password','phpgwapi')); $GLOBALS['egw_info']['user']['passwd'] = base64_decode($this->appsession('password','phpgwapi'));
} }
@ -500,9 +477,24 @@
} }
$now = time(); $now = time();
/* This is to ensure that we authenticate to the correct domain (might not be default) */
if($this->account_domain != $GLOBALS['egw_info']['user']['domain'])
{
$GLOBALS['egw']->ADOdb = null;
$GLOBALS['egw_info']['user']['domain'] = $this->account_domain;
// reset the db
$GLOBALS['egw_info']['server']['db_host'] = $GLOBALS['egw_domain'][$this->account_domain]['db_host'];
$GLOBALS['egw_info']['server']['db_port'] = $GLOBALS['egw_domain'][$this->account_domain]['db_port'];
$GLOBALS['egw_info']['server']['db_name'] = $GLOBALS['egw_domain'][$this->account_domain]['db_name'];
$GLOBALS['egw_info']['server']['db_user'] = $GLOBALS['egw_domain'][$this->account_domain]['db_user'];
$GLOBALS['egw_info']['server']['db_pass'] = $GLOBALS['egw_domain'][$this->account_domain]['db_pass'];
$GLOBALS['egw_info']['server']['db_type'] = $GLOBALS['egw_domain'][$this->account_domain]['db_type'];
$GLOBALS['egw']->setup('',False);
}
//echo "<p>session::create(login='$login'): lid='$this->account_lid', domain='$this->account_domain'</p>\n"; //echo "<p>session::create(login='$login'): lid='$this->account_lid', domain='$this->account_domain'</p>\n";
$user_ip = $this->getuser_ip(); $user_ip = $this->getuser_ip();
$this->account_id = $GLOBALS['egw']->accounts->name2id($this->account_lid); $this->account_id = $GLOBALS['egw']->accounts->name2id($this->account_lid);
if (($blocked = $this->login_blocked($login,$user_ip)) || // too many unsuccessful attempts if (($blocked = $this->login_blocked($login,$user_ip)) || // too many unsuccessful attempts
@ -642,7 +634,7 @@
{ {
$blocked = False; $blocked = False;
$block_time = time() - $GLOBALS['egw_info']['server']['block_time'] * 60; $block_time = time() - $GLOBALS['egw_info']['server']['block_time'] * 60;
$ip = $this->db->db_addslashes($ip); $ip = $this->db->db_addslashes($ip);
$this->db->query("SELECT count(*) FROM phpgw_access_log WHERE account_id=0 AND ip='$ip' AND li > $block_time",__LINE__,__FILE__); $this->db->query("SELECT count(*) FROM phpgw_access_log WHERE account_id=0 AND ip='$ip' AND li > $block_time",__LINE__,__FILE__);
$this->db->next_record(); $this->db->next_record();
@ -667,7 +659,7 @@
$from = 'eGroupWare@'.$GLOBALS['egw_info']['server']['mail_suffix']; $from = 'eGroupWare@'.$GLOBALS['egw_info']['server']['mail_suffix'];
$subject = lang("eGroupWare: login blocked for user '%1', IP %2",$login,$ip); $subject = lang("eGroupWare: login blocked for user '%1', IP %2",$login,$ip);
$body = lang("Too many unsucessful attempts to login: %1 for the user '%2', %3 for the IP %4",$false_id,$login,$false_ip,$ip); $body = lang("Too many unsucessful attempts to login: %1 for the user '%2', %3 for the IP %4",$false_id,$login,$false_ip,$ip);
if(!is_object($GLOBALS['egw']->send)) if(!is_object($GLOBALS['egw']->send))
{ {
$GLOBALS['egw']->send = CreateObject('phpgwapi.send'); $GLOBALS['egw']->send = CreateObject('phpgwapi.send');
@ -704,7 +696,7 @@
$this->session_flags = $session['session_flags']; $this->session_flags = $session['session_flags'];
list($this->account_lid,$this->account_domain) = explode('@', $session['session_lid']); list($this->account_lid,$this->account_domain) = explode('@', $session['session_lid']);
if ($this->account_domain == '') if ($this->account_domain == '')
{ {
$this->account_domain = $GLOBALS['egw_info']['server']['default_domain']; $this->account_domain = $GLOBALS['egw_info']['server']['default_domain'];
@ -1057,7 +1049,7 @@
{ {
$this->history_id = md5($this->login . time()); $this->history_id = md5($this->login . time());
$history = $this->appsession($location = 'history', $appname = 'phpgwapi'); $history = $this->appsession($location = 'history', $appname = 'phpgwapi');
if(count($history) >= $GLOBALS['egw_info']['server']['max_history']) if(count($history) >= $GLOBALS['egw_info']['server']['max_history'])
{ {
array_shift($history); array_shift($history);
@ -1066,7 +1058,7 @@
} }
return $this->history_id; return $this->history_id;
} }
/** /**
* Detects if the page has already been called before - good for forms * Detects if the page has already been called before - good for forms
* *
@ -1318,7 +1310,7 @@
*/ */
function list_sessions($start,$order,$sort,$all_no_sort = False) function list_sessions($start,$order,$sort,$all_no_sort = False)
{} {}
/** /**
* Get the number of normal / non-anonymous sessions * Get the number of normal / non-anonymous sessions
* *